Detailed steps for configuring Shadowsocks server under Linux

Description

Shadowsocks is a lightweight SOCKS5 agent software,

And Hadowsocks-libev is a SOCKS5 agent software based on Shadowsocks protocol,

Compared with the original, Hadowsocks-libev program is small, high concurrency, less resource occupancy, cross-platform, fully compatible Shadowsocks protocol.

Hadowsocks-libev consists of three modules:

Ss-server: Server-side, deployed on remote servers, providing shadowsocks services.

Ss-local: Client, providing local SOCKS5 protocol agent.

Ss-redir: Client, providing local transparent proxy.

To achieve the purpose:

With a foreign VPS server, install the deployment of Hadowsocks-libev agent software, so that domestic users through this VPS server can visit foreign websites.

Specific actions:

Note: The server installs the GIT software first, then downloads the Hadowsocks-libev software online via git software, and finally compiles the installation Hadowsocks-libev.

VPS Server operating system: CentOS

VPS Server ip:192.168.1.161

First, close SELinux

Vi/etc/selinux/config

#SELINUX =enforcing #注释掉

#SELINUXTYPE =targeted #注释掉

Selinux=disabled #增加

: wq! #保存退出

Setenforce 0 #使配置立即生效

Second, open the firewall port (TCP 8388 Port is the Hadowsocks-libev server-side default port)

Vi/etc/sysconfig/iptables #编辑防火墙配置文件

# Firewall configuration written by System-config-securitylevel

# Manual Customization of this file is not recommended.

*filter

: INPUT ACCEPT [0:0]

: FORWARD ACCEPT [0:0]

: OUTPUT ACCEPT [0:0]

: Rh-firewall-1-input-[0:0]

-A input-j Rh-firewall-1-input

-A forward-j Rh-firewall-1-input

-A rh-firewall-1-input-i lo-j ACCEPT

-A rh-firewall-1-input-p ICMP--icmp-type any-j ACCEPT

-A rh-firewall-1-input-p 50-j ACCEPT

-A rh-firewall-1-input-p 51-j ACCEPT

-A rh-firewall-1-input-p UDP--dport 5353-d 224.0.0.251-j ACCEPT

-A rh-firewall-1-input-p udp-m UDP--dport 631-j ACCEPT

-A rh-firewall-1-input-p tcp-m tcp--dport 631-j ACCEPT

-A rh-firewall-1-input-m state--state established,related-j ACCEPT

-A rh-firewall-1-input-m state--state new-m tcp-p TCP--dport 22-j ACCEPT

-A rh-firewall-1-input-m state--state new-m tcp-p TCP--dport 8388-j ACCEPT

-A rh-firewall-1-input-j REJECT--reject-with icmp-host-prohibited

COMMIT

: wq! #保存退出

Service iptables Restart #最后重启防火墙使配置生效

Third, the installation of the Editing Tool kit

1, CentOS 5.x compile the package to install git (default CentOS 5.x yum source without git)

Yum Install wget Curl curl-devel zlib-devel openssl-devel perl perl-devel cpio expat-devel

2, the installation of shadowsocks-libev.git needs of the package

Yum install autoconf libtool openssl-devel gcc Swig python-devel

Four, install Git

1, CentOS 5.x installation

Cd/usr/local/src

wget https://git-core.googlecode.com/files/git-1.9.0.tar.gz #此地址需要翻墙, you can download the software first, then upload to the server

Tar xzvf git-1.9.0.tar.gz #解压

CD git-1.9.0 #进入安装目录

Autoconf

./configure #配置

Make #编译

Make install #安装

Git--version #查看版本

2, CentOS 6.x installation

Yum install git #CentOS6中yum源中已经有git的版本, direct yum installation

V. Installation of Shadowsocks-libev

Cd/usr/local/src

git clone https://github.com/madeye/shadowsocks-libev.git #使用git下载

CD Shadowsocks-libev #进入安装目录

./configure #配置

Make #编译

Make install #安装

Cd/usr/local/bin/#安装好之后, the following files are generated in this directory

Ss-server

Ss-local

Ss-redir

Six, configure Shadowsocks-libev service end

System Yun-wei www.osyunwei.com warm reminder: qihang01 original Content © Copyright, reproduced please specify the source and the original link

1. Create configuration file

Mkdir/etc/shadowsocks-libev #创建配置文件存放目录

Vi/etc/shadowsocks-libev/config.json #编辑, add the following

{

"Server": "192.168.1.161", #服务端监听的IP地址

"Server_port": 8388, #服务端端口

"Local_address": "127.0.0.1", #本地监听的IP地址

"Local_port": 1080, #本地端端口

"Password": "123456", #用来加密的密码

"Timeout": #超时时间 (sec)

"Method": "AES-256-CFB", #加密方法, recommended "AES-256-CFB"

}

: wq! #保存退出

2, Operation Shadowsocks-libev Service end

Nohup/usr/local/bin/ss-server-u-c/etc/shadowsocks-libev/config.json-f/var/run/shadowsocks-server/pid &

3, close the Shadowsocks-libev service end

Ps-ef|grep Ss-server #查看进程ID

Kill-9 Process ID #结束shadowsocks-libev service side

4, set up Shadowsocks-libev server boot

Vi/etc/init.d/ss-server #编辑, add the following code

#!/bin/bash

# Run Level information:

# chkconfig:2345 99 99

# Description:lightweight secured SOCKS5 Proxy

# Processname:ss-server

# Paths and variables and system checks.

# Source Function Library

. /etc/rc.d/init.d/functions

# Check that networking are up.

#

[${networking} = ' yes '] | | Exit 0

# Daemon

Name=shadowsocks-server

Daemon=/usr/local/bin/ss-server

# Path to the configuration file.

#

Conf=/etc/shadowsocks-libev/config.json

#USER = "Nobody"

#GROUP = "Nobody"

# Take Care of Pidfile permissions

mkdir/var/run/$NAME 2>/dev/null | | True

#chown "$USER: $GROUP"/var/run/$NAME

# Check the configuration file exists.

#

if [!-f $CONF]; Then

echo "The configuration file cannot be found!"

Exit 0

Fi

# Path to the lock file.

#

Lock_file=/var/lock/subsys/shadowsocks

# Path to the PID file.

#

pid=/var/run/$NAME/pid

#====================================================================

#====================================================================

# Run CONTROLS:

Retval=0

# Start Shadowsocks as daemon.

#

Start () {

If [f $LOCK _file]; Then

echo "$NAME is already running!"

Exit 0

Else

Echo-n $ "Starting ${name}:"

#daemon--check $DAEMON--user $USER "$DAEMON-F $PID-C $CONF >/dev/null"

Daemon $DAEMON-U-C $CONF-F $PID

Fi

Retval=$?

[$RETVAL-eq 0] && success

Echo

[$RETVAL-eq 0] && touch $LOCK _file

Return $RETVAL

}

# Stop Shadowsocks.

#

Stop () {

Echo-n $ "Shutting down ${name}:"

Killproc-p ${pid}

Retval=$?

[$RETVAL-eq 0]

Rm-f $LOCK _file

Rm-f ${pid}

Echo

Return $RETVAL

}

# How we were called.

Case "$" in

Start

Start

;;

Stop

Stop

;;

Restart)

Stop

Start

;;

Condrestart)

If [f $LOCK _file]; Then

Stop

Start

Retval=$?

Fi

;;

Status

Status $DAEMON

Retval=$?

;;

*)

echo $ "Usage: $ {Start|stop|restart|condrestart|status}"

Retval=1

Esac

Exit $RETVAL

: wq! #保存退出

chmod +x/etc/init.d/ss-server #添加脚本执行权限

Chkconfig--add Ss-server #添加到开机启动

Chkconfig Ss-server on #设置开机启动

Related commands:

Start:/etc/init.d/ss-server start

Stop:/etc/init.d/ss-server stop

Reboot:/etc/init.d/ss-server Restart

View Status:/etc/init.d/ss-server status

Vii. Configuring Shadowsocks-libev Clients

1. Install Shadowsocks Client under Windows

Download Address:

Http://sourceforge.net/projects/shadowsocksgui/files/dist/Shadowsocks-win-2.3.1.zip

After downloading, open the run, as shown in the following illustration:

Server ip:192.168.1.161

Server port: 8388

Password: 123456

Encryption: AES-256-CFB

Note:

Agent Port: 1080

Click OK

Note: This step is only to use the Shadowsocks client connected to the server, but also need to set up in the browser agent, before the Internet.

2, open the browser settings agent (recommended use of Google and Firefox browser)

Here's how to use Firefox as an example:

Open Firefox browser

Options-Advanced-Network-settings-connection settings-manually configure the agent

Socks Host: 192.168.1.161

Port: 1080

Select Socks V5

After setting, click OK.

Now, you can open the normal Google and other foreign websites!

Eight, the Shadowsocks client configuration on the Shadowsocks server, so that users do not need to install the Shadowsocks client, directly set up a browser agent can visit foreign websites.

The following actions are on the Shadowsocks server

At this point, you need to open the Shadowsocks client port TCP 1080 on the server (the open port method is the same as above)

1, set the configuration file

Vi/etc/shadowsocks-libev/shadowsocks.json #编辑, add the following code

{

"Server": "192.168.1.161",

"Server_port": 8388,

"Local_address": "127.0.0.1",

"Local_port": 1080,

"Password": "123456",

"Timeout": 60,

"Method": "AES-256-CFB",

}

: wq! #保存退出

2, Start Shadowsocks client

Nohup/usr/local/bin/ss-local-u-c/etc/shadowsocks-libev/shadowsocks.json-f/var/run/shadowsocks-local/pid-b 0.0.0.0 &

3. Close Shadowsocks-libev Client

Ps-ef|grep ss-local #查看进程ID

Kill-9 Process ID #结束shadowsocks-libev Client

4, set up Shadowsocks-libev client boot

Vi/etc/init.d/ss-local #编辑, add the following file

#!/bin/bash

# Run Level information:

# chkconfig:2345 88 88

# Description:lightweight secured SOCKS5 Proxy

# processname:ss-local

# Paths and variables and system checks.

# Source Function Library

. /etc/rc.d/init.d/functions

# Check that networking are up.

#

[${networking} = ' yes '] | | Exit 0

# Daemon

Name=shadowsocks-local

Daemon=/usr/local/bin/ss-local

# Path to the configuration file.

#

Conf=/etc/shadowsocks-libev/shadowsocks.json

#USER = "Nobody"

#GROUP = "Nobody"

# Take Care of Pidfile permissions

mkdir/var/run/$NAME 2>/dev/null | | True

#chown "$USER: $GROUP"/var/run/$NAME

# Check the configuration file exists.

#

if [!-f $CONF]; Then

echo "The configuration file cannot be found!"

Exit 0

Fi

# Path to the lock file.

#

Lock_file=/var/lock/subsys/shadowsocks

# Path to the PID file.

#

pid=/var/run/$NAME/pid

#====================================================================

#====================================================================

# Run CONTROLS:

Retval=0

# Start Shadowsocks as daemon.

#

Start () {

If [f $LOCK _file]; Then

echo "$NAME is already running!"

Exit 0

Else

Echo-n $ "Starting ${name}:"

#daemon--check $DAEMON--user $USER "$DAEMON-F $PID-C $CONF >/dev/null"

Daemon $DAEMON-U-C $CONF-F $PID-B 0.0.0.0

Fi

Retval=$?

[$RETVAL-eq 0] && success

Echo

[$RETVAL-eq 0] && touch $LOCK _file

Return $RETVAL

}

# Stop Shadowsocks.

#

Stop () {

Echo-n $ "Shutting down ${name}:"

Killproc-p ${pid}

Retval=$?

[$RETVAL-eq 0]

Rm-f $LOCK _file

Rm-f ${pid}

Echo

Return $RETVAL

}

# How we were called.

Case "$" in

Start

Start

;;

Stop

Stop

;;

Restart)

Stop

Start

;;

Condrestart)

If [f $LOCK _file]; Then

Stop

Start

Retval=$?

Fi

;;

Status

Status $DAEMON

Retval=$?

;;

*)

echo $ "Usage: $ {Start|stop|restart|condrestart|status}"

Retval=1

Esac

Exit $RETVAL

: wq! #保存退出

chmod +x/etc/init.d/ss-local #添加脚本执行权限

Chkconfig--add ss-local #添加开机启动

Chkconfig ss-local on #设置开机启动

Start:/etc/init.d/ss-local start

Stop:/etc/init.d/ss-local stop

Reboot:/etc/init.d/ss-local Restart

View Status:/etc/init.d/ss-local status

After the setup is complete, the user sets up the proxy directly in the browser (the steps are the same as above) to visit the foreign website.

Extended reading:

1, can be dedicated to a domestic server as a Shadowsocks client server, used to connect foreign shadowsocks server, and then, the user's browser directly set domestic server for the proxy IP.

2, user browser can also set up automatic proxy configuration, In Google Browser, the configured file is exported to a. PAC, and then the. pac file is placed on the Web site, and the user is given a. PAC URL address, the user in the browser only need to fill in the URL address to the automatic proxy configuration can be.

At this point, Linux configuration Shadowsocks Proxy Server Browsing foreign Web site tutorial completed.