Configure the Shadowsocks5 proxy server on Centos7
Shadowsocks is a lightweight SOCK5 proxy software, while Shadowsocks-libev is a proxy software based on Shadowsocks. It consists of three parts:
Ss-server: deployed on a remote server and provides the shadowsocks service.
Ss-local: client that provides local socks5 protocol proxy.
Ss-redir: client that provides local transparent proxy.
The principle of implementation is to install proxy software on a foreign server to implement proxy. Here, the free IBM cloud server is used. The CentOS7 system I use is slightly different from 6 when operating the firewall, during this period, I encountered a small problem. Next, let's take a look at the operation steps.
1. Disable selinux (needless to say)
2. enable port TCP8388 of the firewall (default software port)
[root@
/etc/shadowsocks-libev06
:43]
#cat/etc/sysconfig/iptables
#Generatedbyiptables-savev1.4.21onWedDec206:06:072015
*filter
:INPUTACCEPT[0:0]
:FORWARDACCEPT[0:0]
:OUTPUTACCEPT[60067:58278958]
:RH-Firewall-1-INPUT-[0:0]
-AINPUT-jRH-Firewall-1-INPUT
-AFORWARD-jRH-Firewall-1-INPUT
-ARH-Firewall-1-INPUT-ilo-jACCEPT
-ARH-Firewall-1-INPUT-picmp-micmp--icmp-
type
any-jACCEPT
-ARH-Firewall-1-INPUT-pesp-jACCEPT
-ARH-Firewall-1-INPUT-pah-jACCEPT
-ARH-Firewall-1-INPUT-dYour_Internet_Ipaddress
/32
-pudp-mudp--dport5353-jACCEPT
-ARH-Firewall-1-INPUT-pudp-mudp--dport631-jACCEPT
-ARH-Firewall-1-INPUT-ptcp-mtcp--dport631-jACCEPT
-ARH-Firewall-1-INPUT-mstate--stateRELATED,ESTABLISHED-jACCEPT
-ARH-Firewall-1-INPUT-ptcp-mstate--stateNEW-mtcp--dport22-jACCEPT
-ARH-Firewall-1-INPUT-ptcp-mstate--stateNEW-mtcp--dport8388-jACCEPT
-ARH-Firewall-1-INPUT-jREJECT--reject-withicmp-host-prohibited
COMMIT
#CompletedonWedDec206:06:072015
The preceding statement uses the public ip address of your server.
Because CentOS7 does not install the iptables service by default, and uses firewalld and systemctl for control, what I need to do is disable firewalld to enable iptables service.
systemctlstopfirewalld
systemctlmaskfirewalld
yum-y
install
iptables-services
systemctl
enable
iptables
systemctlstartiptables.services
iptables-restore
/etc/sysconfig/iptables
3. Install the package required by the edit package and shadowsocks-libev.git
yum-y
install
wgetcurlcurl-develzlib-developenssl-develperlperl-develcpioexpat-develgettext-devel
yum-y
install
autoconflibtoolopenssl-develgccswigpython-devel
4. Install shadowsocks-livev in git
cd
/usr/local/src
gitclonehttps:
//github
.com
/madeye/shadowsocks-libev
.git
cd
/shadowsocks-libev
.
/configure
make
&&
make
install
5. Configure the server
mkdir
/etc/shadowsocks-libev
vi
/etc/shadowsocks-libev/config
.json
[root@
/etc/shadowsocks-libev07
:10]
#cat/etc/shadowsocks-libev/config.json
{
"server"
:
"192.168.0.18"
,
"server_port"
:8388,
"local_address"
:
"127.0.0.1"
,
"local_port"
:1080,
"password"
:
"*******"
,
"method"
:
"aes-256-cfb"
,
"timeout"
:60,
}
The server ip address is the Intranet ip address of your server.
Set ss-server to boot automatically
vi
/etc/init
.d
/ss-server
[root@
/etc/shadowsocks-libev07
:10]
#cat/etc/init.d/ss-server
#!/bin/bash
#Description:lightweightsecuredsocks5proxy
#processname:ss-server
#Sourcefunctionlibrary
.
/etc/rc
.d
/init
.d
/functions
#Checkthatnetworkingisup.
#
[${NETWORKING}=
"yes"
]||
exit
0
#Daemon
NAME=shadowsocks-server
DAEMON=
/usr/local/bin/ss-server
#Pathtotheconfigurationfile.
#
CONF=
/etc/shadowsocks-libev/config
.json
#USER="nobody"
#GROUP="nobody"
#Takecareofpidfilepermissions
mkdir
/var/run/
$NAME2>
/dev/null
||
true
#chown"$USER:$GROUP"/var/run/$NAME
#Checktheconfigurationfileexists.
#
if
[!-f$CONF];
then
echo
"Theconfigurationfilecannotbefound!"
exit
0
fi
#Pathtothelockfile.
#
LOCK_FILE=
/var/lock/subsys/shadowsocks
#Pathtothepidfile.
#
PID=
/var/run/
$NAME
/pid
#====================================================================
#====================================================================
#Runcontrols:
RETVAL=0
#Startshadowsocksasdaemon.
#
start(){
if
[-f$LOCK_FILE];
then
echo
"$NAMEisalreadyrunning!"
exit
0
else
echo
-n$
"Starting${NAME}:"
#daemon--check$DAEMON--user$USER"$DAEMON-f$PID-c$CONF>/dev/null"
daemon$DAEMON-u-c$CONF-f$PID
fi
RETVAL=$?
[$RETVAL-
eq
0]&&success
echo
[$RETVAL-
eq
0]&&
touch
$LOCK_FILE
return
$RETVAL
}
#Stopshadowsocks.
#
stop(){
echo
-n$
"Shuttingdown${NAME}:"
killproc-p${PID}
RETVAL=$?
[$RETVAL-
eq
0]
rm
-f$LOCK_FILE
rm
-f${PID}
echo
return
$RETVAL
}
#Seehowwewerecalled.
case
"$1"
in
start)
start
;;
stop)
stop
;;
restart)
stop
start
;;
condrestart)
if
[-f$LOCK_FILE];
then
stop
start
RETVAL=$?
fi
;;
status)
status$DAEMON
RETVAL=$?
;;
*)
echo
$
"Usage:$0{start|stop|restart|condrestart|status}"
RETVAL=1
esac
exit
$RETVAL
chmod
a+xss-server
chkconfig--addss-server
chkconfigss-serveron
7. Configure the client
: Http://nchc.dl.sourceforge.net/project/shadowsocksgui/dist/Shadowsocks-win-2.5.2.zip
Use the shadowsocks client to implement automatic pac proxy. Right-click and select "system proxy". Then, update the GFWList pac file, then open the ie proxy and you will find that you have configured the proxy function to automatically use the pac file.