Example of configuring the Shadowsocks proxy server in CentOS to browse foreign websites

Source: Internet
Author: User
Tags chmod openssl touch centos vps iptables server port git clone

Note:

Shadowsocks is a lightweight socks5 proxy software,

Hadowsocks-libev is a socks5 proxy software based on the shadowsocks protocol,
Compared with the original version, the hadowsocks-libev program is small in size, highly concurrent, less resource occupation, cross-platform, and fully compatible with the shadowsocks protocol.
Hadowsocks-libev consists of three modules:
Ss-server: deployed on a remote server and provides the shadowsocks service.
Ss-local: client that provides local socks5 protocol proxy.
Ss-redir: client that provides local transparent proxy.

Purpose:

Install and deploy the hadowsocks-libev agent software on a foreign VPS server to allow domestic users to access foreign websites through this VPS server.

Specific operations:

Note: The server first installs the git software, then downloads the hadowsocks-libev software online through the git software, and finally compiles and installs hadowsocks-libev.

VPS server operating system: CentOS
VPS server ip address: 192.168.1.161
1. Disable SELINUX

Vi/etc/selinux/config

# SELINUX = enforcing # Comment out

# SELINUXTYPE = targeted # Comment out
SELINUX = disabled # Add
: Wq! # Save and exit
Setenforce 0 # Make the configuration take effect immediately

2. Enable the firewall port (TCP port 8388 is the default port of hadowsocks-libev server)

Vi/etc/sysconfig/iptables # Edit the firewall configuration file

# Firewall configuration written by system-config-securitylevel
# Manual customization of this file is not recommended.
* Filter
: Input accept [0: 0]
: Forward accept [0: 0]
: Output accept [0: 0]
: RH-Firewall-1-INPUT-[0: 0]
-A input-j RH-Firewall-1-INPUT
-A forward-j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT-I lo-j ACCEPT
-A RH-Firewall-1-INPUT-p icmp -- icmp-type any-j ACCEPT
-An RH-Firewall-1-INPUT-p 50-j ACCEPT
-An RH-Firewall-1-INPUT-p 51-j ACCEPT
-A RH-Firewall-1-INPUT-p udp -- dport 5353-d 224.0.0.20.- j ACCEPT
-A RH-Firewall-1-INPUT-p udp-m udp -- dport 631-j ACCEPT
-A RH-Firewall-1-INPUT-p tcp-m tcp -- dport 631-j ACCEPT
-A RH-Firewall-1-INPUT-m state -- state ESTABLISHED, RELATED-j ACCEPT
-A RH-Firewall-1-INPUT-m state -- state NEW-m tcp-p tcp -- dport 22-j ACCEPT
-A RH-Firewall-1-INPUT-m state -- state NEW-m tcp-p tcp -- dport 8388-j ACCEPT
-A RH-Firewall-1-INPUT-j REJECT -- reject-with icmp-host-prohibited
COMMIT
: Wq! # Save and exit
Service iptables restart # restart the firewall to make the configuration take effect.

3. Install and edit the toolkit

1. Compile and install the git package in CentOS 5.x (no git in CentOS 5.x yum by default)

Yum install wget curl-devel zlib-devel openssl-devel perl-devel cpio expat-devel gettext-devel
2. Install the package required by the shadowsocks-libev.git
Yum install autoconf libtool openssl-devel gcc swig python-devel

4. Install git

1. Install CentOS 5.x

Cd/usr/local/src
Wget https://git-core.googlecode.com/files/git-1.9.0.tar.gz # This address needs to flip the wall, you can download the software first, then upload to the server
Tar xzvf git-1.9.0.tar.gz # extract
Cd git-1.9.0 # enter the installation directory
Autoconf
./Configure # configuration
Make # compile
Make install # install
Git -- version # view the version
2. Install CentOS 6. x
Yum install git # The yum source in CentOS6 already has the git version. install yum directly.

5. Install shadowsocks-libev

Cd/usr/local/src

Git clone https://github.com/madeye/shadowsocks-libev.git # use git to download
Cd shadowsocks-libev # enter the installation directory
./Configure # configuration
Make # compile
Make install # install
After cd/usr/local/bin/# is installed, the following files are generated in this directory:
Ss-server
Ss-local
Ss-redir

6. Configure the shadowsocks-libev server

System O & M www.osyunwei.com reminder: qihang01 original content © copyright © reprinted please indicate the source and original link

1. Create a configuration file
Mkdir/etc/shadowsocks-libev # Create a configuration file storage directory
Vi/etc/shadowsocks-libev/config. json # edit and add the following content
{
"Server": "192.168.1.161", # IP address monitored by the server
"Server_port": 8388, # server port
"Local_address": "127.0.0.1", # IP address of the local listener
"Local_port": 1080, # Local port
"Password": "123456", # password used for encryption
"Timeout": 60, # timeout (seconds)
"Method": "aes-256-cfb", # encryption method, "aes-256-cfb" is recommended"
}
: Wq! # Save and exit
2. Run the shadowsocks-libev server.
Nohup/usr/local/bin/ss-server-u-c/etc/shadowsocks-libev/config. json-f/var/run/shadowsocks-server/pid &
3. Disable the shadowsocks-libev server.
Ps-ef | grep ss-server # View process ID
Kill-9 process ID # end shadowsocks-libev server
4. Set the shadowsocks-libev server to start up
Vi/etc/init. d/ss-server # edit and add the following code
#! /Bin/bash
# Run level information:
# Chkconfig: 2345 99
# Description: lightweight secured socks5 proxy
# Processname: ss-server
# Paths and variables and system checks.
# Source function library
./Etc/rc. d/init. d/functions
# Check that networking is up.
#
[$ {NETWORKING} = "yes"] | exit 0
# Daemon
NAME = shadowsocks-server
DAEMON =/usr/local/bin/ss-server
# Path to the configuration file.
#
CONF =/etc/shadowsocks-libev/config. json
# USER = "nobody"
# GROUP = "nobody"
# Take care of pidfile permissions
Mkdir/var/run/$ NAME 2>/dev/null | true
# Chown "$ USER: $ GROUP"/var/run/$ NAME
# Check the configuration file exists.
#
If [! -F $ CONF]; then
Echo "The configuration file cannot be found! "
Exit 0
Fi
# Path to the lock file.
#
LOCK_FILE =/var/lock/subsys/shadowsocks
# Path to the pid file.
#
PID =/var/run/$ NAME/pid
#===================================================== ==================================
#===================================================== ==================================
# Run controls:
RETVAL = 0
# Start shadowsocks as daemon.
#
Start (){
If [-f $ LOCK_FILE]; then
Echo "$ NAME is already running! "
Exit 0
Else
Echo-n $ "Starting $ {NAME }:"
# Daemon -- check $ DAEMON -- user $ USER "$ DAEMON-f $ PID-c $ CONF>/dev/null"
Daemon $ DAEMON-u-c $ CONF-f $ PID
Fi
RETVAL =$?
[$ RETVAL-eq 0] & success
Echo
[$ RETVAL-eq 0] & touch $ LOCK_FILE
Return $ RETVAL
}
# Stop shadowsocks.
#
Stop (){
Echo-n $ "Shutting down $ {NAME }:"
Killproc-p $ {PID}
RETVAL =$?
[$ RETVAL-eq 0]
Rm-f $ LOCK_FILE
Rm-f $ {PID}
Echo
Return $ RETVAL
}
# See how we were called.
Case "$1" in
Start)
Start
;;
Stop)
Stop
;;
Restart)
Stop
Start
;;
Condrestart)
If [-f $ LOCK_FILE]; then
Stop
Start
RETVAL =$?
Fi
;;
Status)
Status $ DAEMON
RETVAL =$?
;;
*)
Echo $ "Usage: $0 {start | stop | restart | condrestart | status }"
RETVAL = 1
Esac
Exit $ RETVAL
: Wq! # Save and exit
Chmod + x/etc/init. d/ss-server # add the script execution permission
Chkconfig -- add ss-server # add to startup
Chkconfig ss-server on # set startup
Related commands:
Start:/etc/init. d/ss-server start
Stop:/etc/init. d/ss-server stop
Restart:/etc/init. d/ss-server restart
View status:/etc/init. d/ss-server status

7. Configure the shadowsocks-libev client

1. Install the Shadowsocks client in Windows

Download address:
Http://sourceforge.net/projects/shadowsocksgui/files/dist/Shadowsocks-win-2.3.1.zip

After the download, open and run, as shown in the following figure:

Server IP address: 192.168.1.161
Server Port 8388
Password 123456
Encryption: aes-256-cfb
Note:
Proxy port 1080
Click OK

Note: This step is only used to connect the Shadowsocks client to the server. You must set a proxy in the browser before accessing the Internet.

2. Open the browser settings proxy (Google and Firefox browsers are recommended)
The following uses Firefox as an example:

Open Firefox

Option-advanced-network-settings-connection settings-manual proxy configuration

SOCKS host: 192.168.1.161

Port 1080
Select SOCKS v5

After setting, click OK.

Now, google and other foreign websites can be opened normally!

8. Configure the Shadowsocks client on the Shadowsocks server so that you do not need to install the Shadowsocks client. Directly set a browser proxy to access a foreign website.

The following operations are performed on the Shadowsocks server:

In this case, you need to open the Shadowsocks client Port TCP 1080 on the server (the open port method is the same as above)
1. Set the configuration file
Vi/etc/shadowsocks-libev/shadowsocks. json # edit and add the following code:
{
"Server": "58.68.250.161 ",
"Server_port": 8989,
"Local_address": "127.0.0.1 ",
"Local_port": 1080,
"Password": "123456 ",
"Timeout": 60,
"Method": "aes-256-cfb ",
}
: Wq! # Save and exit
2. Start the Shadowsocks client
Nohup/usr/local/bin/ss-local-u-c/etc/shadowsocks-libev/shadowsocks. json-f/var/run/shadowsocks-local/pid-B 0.0.0.0 &
3. Disable the shadowsocks-libev client.
Ps-ef | grep ss-local # View process ID
Kill-9 process ID # end the shadowsocks-libev client
4. Set the shadowsocks-libev client to start up
Vi/etc/init. d/ss-local # edit and add the following files
#! /Bin/bash
# Run level information:
# Chkconfig: 2345 88 88
# Description: lightweight secured socks5 proxy
# Processname: ss-local
# Paths and variables and system checks.
# Source function library
./Etc/rc. d/init. d/functions
# Check that networking is up.
#
[$ {NETWORKING} = "yes"] | exit 0
# Daemon
NAME = shadowsocks-local
DAEMON =/usr/local/bin/ss-local
# Path to the configuration file.
#
CONF =/etc/shadowsocks-libev/shadowsocks. json
# USER = "nobody"
# GROUP = "nobody"
# Take care of pidfile permissions
Mkdir/var/run/$ NAME 2>/dev/null | true
# Chown "$ USER: $ GROUP"/var/run/$ NAME
# Check the configuration file exists.
#
If [! -F $ CONF]; then
Echo "The configuration file cannot be found! "
Exit 0
Fi
# Path to the lock file.
#
LOCK_FILE =/var/lock/subsys/shadowsocks
# Path to the pid file.
#
PID =/var/run/$ NAME/pid
#===================================================== ==================================
#===================================================== ==================================
# Run controls:
RETVAL = 0
# Start shadowsocks as daemon.
#
Start (){
If [-f $ LOCK_FILE]; then
Echo "$ NAME is already running! "
Exit 0
Else
Echo-n $ "Starting $ {NAME }:"
# Daemon -- check $ DAEMON -- user $ USER "$ DAEMON-f $ PID-c $ CONF>/dev/null"
Daemon $ DAEMON-u-c $ CONF-f $ PID-B 0.0.0.0
Fi
RETVAL =$?
[$ RETVAL-eq 0] & success
Echo
[$ RETVAL-eq 0] & touch $ LOCK_FILE
Return $ RETVAL
}
# Stop shadowsocks.
#
Stop (){
Echo-n $ "Shutting down $ {NAME }:"
Killproc-p $ {PID}
RETVAL =$?
[$ RETVAL-eq 0]
Rm-f $ LOCK_FILE
Rm-f $ {PID}
Echo
Return $ RETVAL
}
# See how we were called.
Case "$1" in
Start)
Start
;;
Stop)
Stop
;;
Restart)
Stop
Start
;;
Condrestart)
If [-f $ LOCK_FILE]; then
Stop
Start
RETVAL =$?
Fi
;;
Status)
Status $ DAEMON
RETVAL =$?
;;
*)
Echo $ "Usage: $0 {start | stop | restart | condrestart | status }"
RETVAL = 1
Esac
Exit $ RETVAL
: Wq! # Save and exit
Chmod + x/etc/init. d/ss-local # add the script execution permission
Chkconfig -- add ss-local # add startup
Chkconfig ss-local on # set startup
Start:/etc/init. d/ss-local start
Stop:/etc/init. d/ss-local stop
Restart:/etc/init. d/ss-local restart
View status:/etc/init. d/ss-local status
After the configuration is complete, you can directly set a proxy in the browser (the steps are the same as above) to access a foreign website.

Additional reading:

1. A Chinese server can be used as the Shadowsocks client server to connect to foreign Shadowsocks Servers. Then, the domestic server is directly set as the proxy IP address in the user's browser.

2. The user's browser can also set automatic proxy configuration. In the google browser, export the configured file. pac, and then put this. put the pac file on the website, and finally provide the user with. the url of the pac. You only need to enter this url in the automatic proxy configuration in the browser.
Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.