Build Proxy Server Shadowsocks on Centos7

Build Proxy Server Shadowsocks on Centos7
Install Shadowsocks

We installed shadowsocks-libev, which is developed based on C language. The speed and performance should be good.
The procedure is as follows:

Install dependency Library

yum install epel-release -yyum install gcc gettext autoconf libtool automake make openssl-devel pcre-devel asciidoc xmlto zlib-devel openssl-devel libsodium-devel udns-devel libev-devel -y

Update repo

Add a yum repository to download Shadowsocks

wget https://copr.fedorainfracloud.org/coprs/librehat/shadowsocks/repo/epel-7/librehat-shadowsocks-epel-7.repo

To avoid link failure, the repo file content is as follows:

[librehat-shadowsocks]name=Copr repo for shadowsocks owned by librehatbaseurl=https://copr-be.cloud.fedoraproject.org/results/librehat/shadowsocks/epel-7-$basearch/type=rpm-mdskip_if_unavailable=Truegpgcheck=1gpgkey=https://copr-be.cloud.fedoraproject.org/results/librehat/shadowsocks/pubkey.gpgrepo_gpgcheck=0enabled=1enabled_metadata=1

After the download is complete, copy the file to the/etc/yum. repos. d/directory.

cp librehat-shadowsocks-epel-7.repo /etc/yum.repos.d/

Update yum source and install Shadowsocks

yum updateyum install shadowsocks-libev

Configure Shadowsocks

The configuration file path is/etc/shadowsocks-libev/config. json.

vi /etc/shadowsocks-libev/config.json

Refer to the configuration file below

{    "server":"0.0.0.0",    "server_port":8388,    "password":"password",    "method":"aes-256-cfb",    "mode":"tcp_and_udp"}

Roles

FieldField descriptionServer listening Address [^ 1] server_port server listening port, default 8388local_address local listening port local_port local listening port password used to encrypt the key, the connection uses timeout time (seconds) method encryption method, whether the aes-256-cfbfast_open we are using enables the number of TCP_Fast_Openworkersworker

After the configuration is complete, run the command line to start Shadowsocks.

/usr/bin/ss-server -c /etc/shadowsocks-libev/config.json

Add as System Service

If you do not want to use the command line to start it every time, you can consider adding it to the system service and adding it to the self-starting

vi /usr/lib/systemd/system/shadowsocks.service[Unit]Description=Shadowsocks ServerDocumentation=https://github.com/shadowsocks/shadowsocksAfter=network.target[Service]Type=simpleUser=nobodyExecStart=/usr/bin/ss-server -c /etc/shadowsocks-libev/config.jsonExecReload=/bin/kill -HUP $MAINPIDExecStop=/bin/kill -s QUIT $MAINPIDPrivateTmp=trueKillMode=process[Install]WantedBy=multi-user.target

Then you can manage the service.

systemctl start shadowsockssystemctl enable shadowsockssystemctl stop shadowsocks

Enable Firewall

Check what firewall is used by the system. firewall is used in my system.

firewall-cmd --zone=public --add-port=8388/tcp --permanentfirewall-cmd --zone=public --add-port=8388/udp --permanentfirewall-cmd --reload

View logs

journalctl | grep ss-server

See more https://github.com/shadowsocks/shadowsocks/wiki/Optimizing-Shadowsocks