Detailed steps for configuring Shadowsocks server under Linux

Source: Internet
Author: User
Tags chmod curl json openssl vps iptables server port git clone
Description
Shadowsocks is a lightweight SOCKS5 agent software,
And Hadowsocks-libev is a SOCKS5 agent software based on Shadowsocks protocol,
Compared with the original, Hadowsocks-libev program is small, high concurrency, less resource occupancy, cross-platform, fully compatible Shadowsocks protocol.
Hadowsocks-libev consists of three modules:
Ss-server: Server-side, deployed on remote servers, providing shadowsocks services.
Ss-local: Client, providing local SOCKS5 protocol agent.
Ss-redir: Client, providing local transparent proxy.
To achieve the purpose:
With a foreign VPS server, install the deployment of Hadowsocks-libev agent software, so that domestic users through this VPS server can visit foreign websites.
Specific actions:
Note: The server installs the GIT software first, then downloads the Hadowsocks-libev software online via git software, and finally compiles the installation Hadowsocks-libev.
VPS Server operating system: CentOS
VPS Server ip:192.168.1.161
First, close SELinux
Vi/etc/selinux/config
#SELINUX =enforcing #注释掉
#SELINUXTYPE =targeted #注释掉
Selinux=disabled #增加
: wq! #保存退出
Setenforce 0 #使配置立即生效
Second, open the firewall port (TCP 8388 Port is the Hadowsocks-libev server-side default port)
Vi/etc/sysconfig/iptables #编辑防火墙配置文件
# Firewall configuration written by System-config-securitylevel
# Manual Customization of this file is not recommended.
*filter
: INPUT ACCEPT [0:0]
: FORWARD ACCEPT [0:0]
: OUTPUT ACCEPT [0:0]
: Rh-firewall-1-input-[0:0]
-A input-j Rh-firewall-1-input
-A forward-j Rh-firewall-1-input
-A rh-firewall-1-input-i lo-j ACCEPT
-A rh-firewall-1-input-p ICMP--icmp-type any-j ACCEPT
-A rh-firewall-1-input-p 50-j ACCEPT
-A rh-firewall-1-input-p 51-j ACCEPT
-A rh-firewall-1-input-p UDP--dport 5353-d 224.0.0.251-j ACCEPT
-A rh-firewall-1-input-p udp-m UDP--dport 631-j ACCEPT
-A rh-firewall-1-input-p tcp-m tcp--dport 631-j ACCEPT
-A rh-firewall-1-input-m state--state established,related-j ACCEPT
-A rh-firewall-1-input-m state--state new-m tcp-p TCP--dport 22-j ACCEPT
-A rh-firewall-1-input-m state--state new-m tcp-p TCP--dport 8388-j ACCEPT
-A rh-firewall-1-input-j REJECT--reject-with icmp-host-prohibited
COMMIT
: wq! #保存退出
Service iptables Restart #最后重启防火墙使配置生效
Third, the installation of the Editing Tool kit
1, CentOS 5.x compile the package to install git (default CentOS 5.x yum source without git)
Yum Install wget Curl curl-devel zlib-devel openssl-devel perl perl-devel cpio expat-devel
2, the installation of shadowsocks-libev.git needs of the package
Yum install autoconf libtool openssl-devel gcc Swig python-devel
Four, install Git
1, CentOS 5.x installation
Cd/usr/local/src
wget https://git-core.googlecode.com/files/git-1.9.0.tar.gz #此地址需要翻墙, you can download the software first, then upload to the server
Tar xzvf git-1.9.0.tar.gz #解压
CD git-1.9.0 #进入安装目录
Autoconf
./configure #配置
Make #编译
Make install #安装
Git--version #查看版本
2, CentOS 6.x installation
Yum install git #CentOS6中yum源中已经有git的版本, direct yum installation
V. Installation of Shadowsocks-libev
Cd/usr/local/src
git clone https://github.com/madeye/shadowsocks-libev.git #使用git下载
CD Shadowsocks-libev #进入安装目录
./configure #配置
Make #编译
Make install #安装
Cd/usr/local/bin/#安装好之后, the following files are generated in this directory
Ss-server
Ss-local
Ss-redir
Six, configure Shadowsocks-libev service end
System Yun-wei www.osyunwei.com warm reminder: qihang01 original Content © Copyright, reproduced please specify the source and the original link
1. Create configuration file
Mkdir/etc/shadowsocks-libev #创建配置文件存放目录
Vi/etc/shadowsocks-libev/config.json #编辑, add the following
{
"Server": "192.168.1.161", #服务端监听的IP地址
"Server_port": 8388, #服务端端口
"Local_address": "127.0.0.1", #本地监听的IP地址
"Local_port": 1080, #本地端端口
"Password": "123456", #用来加密的密码
"Timeout": #超时时间 (sec)
"Method": "AES-256-CFB", #加密方法, recommended "AES-256-CFB"
}
: wq! #保存退出
2, Operation Shadowsocks-libev Service end
Nohup/usr/local/bin/ss-server-u-c/etc/shadowsocks-libev/config.json-f/var/run/shadowsocks-server/pid &
3, close the Shadowsocks-libev service end
Ps-ef|grep Ss-server #查看进程ID
Kill-9 Process ID #结束shadowsocks-libev service side
4, set up Shadowsocks-libev server boot
Vi/etc/init.d/ss-server #编辑, add the following code
#!/bin/bash
# Run Level information:
# chkconfig:2345 99 99
# Description:lightweight secured SOCKS5 Proxy
# Processname:ss-server
# Paths and variables and system checks.
# Source Function Library
. /etc/rc.d/init.d/functions
# Check that networking are up.
#
[${networking} = ' yes '] | | Exit 0
# Daemon
Name=shadowsocks-server
Daemon=/usr/local/bin/ss-server
# Path to the configuration file.
#
Conf=/etc/shadowsocks-libev/config.json
#USER = "Nobody"
#GROUP = "Nobody"
# Take Care of Pidfile permissions
mkdir/var/run/$NAME 2>/dev/null | | True
#chown "$USER: $GROUP"/var/run/$NAME
# Check the configuration file exists.
#
if [!-f $CONF]; Then
echo "The configuration file cannot be found!"
Exit 0
Fi
# Path to the lock file.
#
Lock_file=/var/lock/subsys/shadowsocks
# Path to the PID file.
#
pid=/var/run/$NAME/pid
#====================================================================
#====================================================================
# Run CONTROLS:
Retval=0
# Start Shadowsocks as daemon.
#
Start () {
If [f $LOCK _file]; Then
echo "$NAME is already running!"
Exit 0
Else
Echo-n $ "Starting ${name}:"
#daemon--check $DAEMON--user $USER "$DAEMON-F $PID-C $CONF >/dev/null"
Daemon $DAEMON-U-C $CONF-F $PID
Fi
Retval=$?
[$RETVAL-eq 0] && success
Echo
[$RETVAL-eq 0] && touch $LOCK _file
Return $RETVAL
}
# Stop Shadowsocks.
#
Stop () {
Echo-n $ "Shutting down ${name}:"
Killproc-p ${pid}
Retval=$?
[$RETVAL-eq 0]
Rm-f $LOCK _file
Rm-f ${pid}
Echo
Return $RETVAL
}
# How we were called.
Case "$" in
Start
Start
;;
Stop
Stop
;;
Restart)
Stop
Start
;;
Condrestart)
If [f $LOCK _file]; Then
Stop
Start
Retval=$?
Fi
;;
Status
Status $DAEMON
Retval=$?
;;
*)
echo $ "Usage: $ {Start|stop|restart|condrestart|status}"
Retval=1
Esac
Exit $RETVAL
: wq! #保存退出
chmod +x/etc/init.d/ss-server #添加脚本执行权限
Chkconfig--add Ss-server #添加到开机启动
Chkconfig Ss-server on #设置开机启动
Related commands:
Start:/etc/init.d/ss-server start
Stop:/etc/init.d/ss-server stop
Reboot:/etc/init.d/ss-server Restart
View Status:/etc/init.d/ss-server status
Vii. Configuring Shadowsocks-libev Clients
1. Install Shadowsocks Client under Windows
Download Address:
Http://sourceforge.net/projects/shadowsocksgui/files/dist/Shadowsocks-win-2.3.1.zip
After downloading, open the run, as shown in the following illustration:
Server ip:192.168.1.161
Server port: 8388
Password: 123456
Encryption: AES-256-CFB
Note:
Agent Port: 1080
Click OK
Note: This step is only to use the Shadowsocks client connected to the server, but also need to set up in the browser agent, before the Internet.
2, open the browser settings agent (recommended use of Google and Firefox browser)
Here's how to use Firefox as an example:
Open Firefox browser
Options-Advanced-Network-settings-connection settings-manually configure the agent
Socks Host: 192.168.1.161
Port: 1080
Select Socks V5
After setting, click OK.
Now, you can open the normal Google and other foreign websites!
Eight, the Shadowsocks client configuration on the Shadowsocks server, so that users do not need to install the Shadowsocks client, directly set up a browser agent can visit foreign websites.
The following actions are on the Shadowsocks server
At this point, you need to open the Shadowsocks client port TCP 1080 on the server (the open port method is the same as above)
1, set the configuration file
Vi/etc/shadowsocks-libev/shadowsocks.json #编辑, add the following code
{
"Server": "192.168.1.161",
"Server_port": 8388,
"Local_address": "127.0.0.1",
"Local_port": 1080,
"Password": "123456",
"Timeout": 60,
"Method": "AES-256-CFB",
}
: wq! #保存退出
2, Start Shadowsocks client
Nohup/usr/local/bin/ss-local-u-c/etc/shadowsocks-libev/shadowsocks.json-f/var/run/shadowsocks-local/pid-b 0.0.0.0 &
3. Close Shadowsocks-libev Client
Ps-ef|grep ss-local #查看进程ID
Kill-9 Process ID #结束shadowsocks-libev Client
4, set up Shadowsocks-libev client boot
Vi/etc/init.d/ss-local #编辑, add the following file
#!/bin/bash
# Run Level information:
# chkconfig:2345 88 88
# Description:lightweight secured SOCKS5 Proxy
# processname:ss-local
# Paths and variables and system checks.
# Source Function Library
. /etc/rc.d/init.d/functions
# Check that networking are up.
#
[${networking} = ' yes '] | | Exit 0
# Daemon
Name=shadowsocks-local
Daemon=/usr/local/bin/ss-local
# Path to the configuration file.
#
Conf=/etc/shadowsocks-libev/shadowsocks.json
#USER = "Nobody"
#GROUP = "Nobody"
# Take Care of Pidfile permissions
mkdir/var/run/$NAME 2>/dev/null | | True
#chown "$USER: $GROUP"/var/run/$NAME
# Check the configuration file exists.
#
if [!-f $CONF]; Then
echo "The configuration file cannot be found!"
Exit 0
Fi
# Path to the lock file.
#
Lock_file=/var/lock/subsys/shadowsocks
# Path to the PID file.
#
pid=/var/run/$NAME/pid
#====================================================================
#====================================================================
# Run CONTROLS:
Retval=0
# Start Shadowsocks as daemon.
#
Start () {
If [f $LOCK _file]; Then
echo "$NAME is already running!"
Exit 0
Else
Echo-n $ "Starting ${name}:"
#daemon--check $DAEMON--user $USER "$DAEMON-F $PID-C $CONF >/dev/null"
Daemon $DAEMON-U-C $CONF-F $PID-B 0.0.0.0
Fi
Retval=$?
[$RETVAL-eq 0] && success
Echo
[$RETVAL-eq 0] && touch $LOCK _file
Return $RETVAL
}
# Stop Shadowsocks.
#
Stop () {
Echo-n $ "Shutting down ${name}:"
Killproc-p ${pid}
Retval=$?
[$RETVAL-eq 0]
Rm-f $LOCK _file
Rm-f ${pid}
Echo
Return $RETVAL
}
# How we were called.
Case "$" in
Start
Start
;;
Stop
Stop
;;
Restart)
Stop
Start
;;
Condrestart)
If [f $LOCK _file]; Then
Stop
Start
Retval=$?
Fi
;;
Status
Status $DAEMON
Retval=$?
;;
*)
echo $ "Usage: $ {Start|stop|restart|condrestart|status}"
Retval=1
Esac
Exit $RETVAL
: wq! #保存退出
chmod +x/etc/init.d/ss-local #添加脚本执行权限
Chkconfig--add ss-local #添加开机启动
Chkconfig ss-local on #设置开机启动
Start:/etc/init.d/ss-local start
Stop:/etc/init.d/ss-local stop
Reboot:/etc/init.d/ss-local Restart
View Status:/etc/init.d/ss-local status
After the setup is complete, the user sets up the proxy directly in the browser (the steps are the same as above) to visit the foreign website.
Extended reading:
1, can be dedicated to a domestic server as a Shadowsocks client server, used to connect foreign shadowsocks server, and then, the user's browser directly set domestic server for the proxy IP.
2, user browser can also set up automatic proxy configuration, In Google Browser, the configured file is exported to a. PAC, and then the. pac file is placed on the Web site, and the user is given a. PAC URL address, the user in the browser only need to fill in the URL address to the automatic proxy configuration can be.
At this point, Linux configuration Shadowsocks Proxy Server Browsing foreign Web site tutorial completed.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.