Example of configuring the Shadowsocks proxy server in CentOS to browse foreign websites

Note:

Shadowsocks is a lightweight socks5 proxy software,

Hadowsocks-libev is a socks5 proxy software based on the shadowsocks protocol,

Compared with the original version, the hadowsocks-libev program is small in size, highly concurrent, less resource occupation, cross-platform, and fully compatible with the shadowsocks protocol.

Hadowsocks-libev consists of three modules:

Ss-server: deployed on a remote server and provides the shadowsocks service.

Ss-local: client that provides local socks5 protocol proxy.

Ss-redir: client that provides local transparent proxy.

Purpose:

Install and deploy the hadowsocks-libev agent software on a foreign VPS server to allow domestic users to access foreign websites through this VPS server.

Specific operations:

Note: The server first installs the git software, then downloads the hadowsocks-libev software online through the git software, and finally compiles and installs hadowsocks-libev.

VPS server operating system: CentOS

VPS server ip address: 192.168.1.161

1. Disable SELINUX

Vi/etc/selinux/config

# SELINUX = enforcing # Comment out

# SELINUXTYPE = targeted # Comment out

SELINUX = disabled # Add

: Wq! # Save and exit

Setenforce 0 # Make the configuration take effect immediately

2. Enable the firewall port (TCP port 8388 is the default port of hadowsocks-libev server)

Vi/etc/sysconfig/iptables # Edit the firewall configuration file

# Firewall configuration written by system-config-securitylevel

# Manual customization of this file is not recommended.

* Filter

: Input accept [0: 0]

: Forward accept [0: 0]

: Output accept [0: 0]

: RH-Firewall-1-INPUT-[0: 0]

-A input-j RH-Firewall-1-INPUT

-A forward-j RH-Firewall-1-INPUT

-A RH-Firewall-1-INPUT-I lo-j ACCEPT

-A RH-Firewall-1-INPUT-p icmp -- icmp-type any-j ACCEPT

-An RH-Firewall-1-INPUT-p 50-j ACCEPT

-An RH-Firewall-1-INPUT-p 51-j ACCEPT

-A RH-Firewall-1-INPUT-p udp -- dport 5353-d 224.0.0.20.- j ACCEPT

-A RH-Firewall-1-INPUT-p udp-m udp -- dport 631-j ACCEPT

-A RH-Firewall-1-INPUT-p tcp-m tcp -- dport 631-j ACCEPT

-A RH-Firewall-1-INPUT-m state -- state ESTABLISHED, RELATED-j ACCEPT

-A RH-Firewall-1-INPUT-m state -- state NEW-m tcp-p tcp -- dport 22-j ACCEPT

-A RH-Firewall-1-INPUT-m state -- state NEW-m tcp-p tcp -- dport 8388-j ACCEPT

-A RH-Firewall-1-INPUT-j REJECT -- reject-with icmp-host-prohibited

COMMIT

: Wq! # Save and exit

Service iptables restart # restart the firewall to make the configuration take effect.

3. Install and edit the toolkit

1. Compile and install the git package in CentOS 5.x (no git in CentOS 5.x yum by default)

Yum install wget curl-devel zlib-devel openssl-devel perl-devel cpio expat-devel gettext-devel

2. Install the package required by the shadowsocks-libev.git

Yum install autoconf libtool openssl-devel gcc swig python-devel

4. Install git

1. Install CentOS 5.x

Cd/usr/local/src

Wget https://git-core.googlecode.com/files/git-1.9.0.tar.gz # This address needs to flip the wall, you can download the software first, then upload to the server

Tar xzvf git-1.9.0.tar.gz # extract

Cd git-1.9.0 # enter the installation directory

Autoconf

./Configure # configuration

Make # compile

Make install # install

Git -- version # view the version

2. Install CentOS 6. x

Yum install git # The yum source in CentOS6 already has the git version. install yum directly.

5. Install shadowsocks-libev

Cd/usr/local/src

Git clone https://github.com/madeye/shadowsocks-libev.git # use git to download

Cd shadowsocks-libev # enter the installation directory

./Configure # configuration

Make # compile

Make install # install

After cd/usr/local/bin/# is installed, the following files are generated in this directory:

Ss-server

Ss-local

Ss-redir

6. Configure the shadowsocks-libev server

System O & M www.osyunwei.com reminder: qihang01 original content © copyright © reprinted please indicate the source and original link

1. Create a configuration file

Mkdir/etc/shadowsocks-libev # Create a configuration file storage directory

Vi/etc/shadowsocks-libev/config. json # edit and add the following content

{

"Server": "192.168.1.161", # IP address monitored by the server

"Server_port": 8388, # server port

"Local_address": "127.0.0.1", # IP address of the local listener

"Local_port": 1080, # Local port

"Password": "123456", # password used for encryption

"Timeout": 60, # timeout (seconds)

"Method": "aes-256-cfb", # encryption method, "aes-256-cfb" is recommended"

}

: Wq! # Save and exit

2. Run the shadowsocks-libev server.

Nohup/usr/local/bin/ss-server-u-c/etc/shadowsocks-libev/config. json-f/var/run/shadowsocks-server/pid &

3. Disable the shadowsocks-libev server.

Ps-ef | grep ss-server # View process ID

Kill-9 process ID # end shadowsocks-libev server

4. Set the shadowsocks-libev server to start up

Vi/etc/init. d/ss-server # edit and add the following code

#! /Bin/bash

# Run level information:

# Chkconfig: 2345 99

# Description: lightweight secured socks5 proxy

# Processname: ss-server

# Paths and variables and system checks.

# Source function library

./Etc/rc. d/init. d/functions

# Check that networking is up.

#

[$ {NETWORKING} = "yes"] | exit 0

# Daemon

NAME = shadowsocks-server

DAEMON =/usr/local/bin/ss-server

# Path to the configuration file.

#

CONF =/etc/shadowsocks-libev/config. json

# USER = "nobody"

# GROUP = "nobody"

# Take care of pidfile permissions

Mkdir/var/run/$ NAME 2>/dev/null | true

# Chown "$ USER: $ GROUP"/var/run/$ NAME

# Check the configuration file exists.

#

If [! -F $ CONF]; then

Echo "The configuration file cannot be found! "

Exit 0

Fi

# Path to the lock file.

#

LOCK_FILE =/var/lock/subsys/shadowsocks

# Path to the pid file.

#

PID =/var/run/$ NAME/pid

#===================================================== ==================================

#===================================================== ==================================

# Run controls:

RETVAL = 0

# Start shadowsocks as daemon.

#

Start (){

If [-f $ LOCK_FILE]; then

Echo "$ NAME is already running! "

Exit 0

Else

Echo-n $ "Starting $ {NAME }:"

# Daemon -- check $ DAEMON -- user $ USER "$ DAEMON-f $ PID-c $ CONF>/dev/null"

Daemon $ DAEMON-u-c $ CONF-f $ PID

Fi

RETVAL =$?

[$ RETVAL-eq 0] & success

Echo

[$ RETVAL-eq 0] & touch $ LOCK_FILE

Return $ RETVAL

}

# Stop shadowsocks.

#

Stop (){

Echo-n $ "Shutting down $ {NAME }:"

Killproc-p $ {PID}

RETVAL =$?

[$ RETVAL-eq 0]

Rm-f $ LOCK_FILE

Rm-f $ {PID}

Echo

Return $ RETVAL

}

# See how we were called.

Case "$1" in

Start)

Start

;;

Stop)

Stop

;;

Restart)

Stop

Start

;;

Condrestart)

If [-f $ LOCK_FILE]; then

Stop

Start

RETVAL =$?

Fi

;;

Status)

Status $ DAEMON

RETVAL =$?

;;

*)

Echo $ "Usage: $0 {start | stop | restart | condrestart | status }"

RETVAL = 1

Esac

Exit $ RETVAL

: Wq! # Save and exit

Chmod + x/etc/init. d/ss-server # add the script execution permission

Chkconfig -- add ss-server # add to startup

Chkconfig ss-server on # set startup

Related commands:

Start:/etc/init. d/ss-server start

Stop:/etc/init. d/ss-server stop

Restart:/etc/init. d/ss-server restart

View status:/etc/init. d/ss-server status

7. Configure the shadowsocks-libev client

1. Install the Shadowsocks client in Windows

Download address:

Http://sourceforge.net/projects/shadowsocksgui/files/dist/Shadowsocks-win-2.3.1.zip

After the download, open and run, as shown in the following figure:

Server IP address: 192.168.1.161

Server Port 8388

Password 123456

Encryption: aes-256-cfb

Note:

Proxy port 1080

Click OK

Note: This step is only used to connect the Shadowsocks client to the server. You must set a proxy in the browser before accessing the Internet.

2. Open the browser settings proxy (Google and Firefox browsers are recommended)

The following uses Firefox as an example:

Open Firefox

Option-advanced-network-settings-connection settings-manual proxy configuration

SOCKS host: 192.168.1.161

Port 1080

Select SOCKS v5

After setting, click OK.

Now, google and other foreign websites can be opened normally!

8. Configure the Shadowsocks client on the Shadowsocks server so that you do not need to install the Shadowsocks client. Directly set a browser proxy to access a foreign website.

The following operations are performed on the Shadowsocks server:

In this case, you need to open the Shadowsocks client Port TCP 1080 on the server (the open port method is the same as above)

1. Set the configuration file

Vi/etc/shadowsocks-libev/shadowsocks. json # edit and add the following code:

{

"Server": "58.68.250.161 ",

"Server_port": 8989,

"Local_address": "127.0.0.1 ",

"Local_port": 1080,

"Password": "123456 ",

"Timeout": 60,

"Method": "aes-256-cfb ",

}

: Wq! # Save and exit

2. Start the Shadowsocks client

Nohup/usr/local/bin/ss-local-u-c/etc/shadowsocks-libev/shadowsocks. json-f/var/run/shadowsocks-local/pid-B 0.0.0.0 &

3. Disable the shadowsocks-libev client.

Ps-ef | grep ss-local # View process ID

Kill-9 process ID # end the shadowsocks-libev client

4. Set the shadowsocks-libev client to start up

Vi/etc/init. d/ss-local # edit and add the following files

#! /Bin/bash

# Run level information:

# Chkconfig: 2345 88 88

# Description: lightweight secured socks5 proxy

# Processname: ss-local

# Paths and variables and system checks.

# Source function library

./Etc/rc. d/init. d/functions

# Check that networking is up.

#

[$ {NETWORKING} = "yes"] | exit 0

# Daemon

NAME = shadowsocks-local

DAEMON =/usr/local/bin/ss-local

# Path to the configuration file.

#

CONF =/etc/shadowsocks-libev/shadowsocks. json

# USER = "nobody"

# GROUP = "nobody"

# Take care of pidfile permissions

Mkdir/var/run/$ NAME 2>/dev/null | true

# Chown "$ USER: $ GROUP"/var/run/$ NAME

# Check the configuration file exists.

#

If [! -F $ CONF]; then

Echo "The configuration file cannot be found! "

Exit 0

Fi

# Path to the lock file.

#

LOCK_FILE =/var/lock/subsys/shadowsocks

# Path to the pid file.

#

PID =/var/run/$ NAME/pid

#===================================================== ==================================

#===================================================== ==================================

# Run controls:

RETVAL = 0

# Start shadowsocks as daemon.

#

Start (){

If [-f $ LOCK_FILE]; then

Echo "$ NAME is already running! "

Exit 0

Else

Echo-n $ "Starting $ {NAME }:"

# Daemon -- check $ DAEMON -- user $ USER "$ DAEMON-f $ PID-c $ CONF>/dev/null"

Daemon $ DAEMON-u-c $ CONF-f $ PID-B 0.0.0.0

Fi

RETVAL =$?

[$ RETVAL-eq 0] & success

Echo

[$ RETVAL-eq 0] & touch $ LOCK_FILE

Return $ RETVAL

}

# Stop shadowsocks.

#

Stop (){

Echo-n $ "Shutting down $ {NAME }:"

Killproc-p $ {PID}

RETVAL =$?

[$ RETVAL-eq 0]

Rm-f $ LOCK_FILE

Rm-f $ {PID}

Echo

Return $ RETVAL

}

# See how we were called.

Case "$1" in

Start)

Start

;;

Stop)

Stop

;;

Restart)

Stop

Start

;;

Condrestart)

If [-f $ LOCK_FILE]; then

Stop

Start

RETVAL =$?

Fi

;;

Status)

Status $ DAEMON

RETVAL =$?

;;

*)

Echo $ "Usage: $0 {start | stop | restart | condrestart | status }"

RETVAL = 1

Esac

Exit $ RETVAL

: Wq! # Save and exit

Chmod + x/etc/init. d/ss-local # add the script execution permission

Chkconfig -- add ss-local # add startup

Chkconfig ss-local on # set startup

Start:/etc/init. d/ss-local start

Stop:/etc/init. d/ss-local stop

Restart:/etc/init. d/ss-local restart

View status:/etc/init. d/ss-local status

After the configuration is complete, you can directly set a proxy in the browser (the steps are the same as above) to access a foreign website.

Additional reading:

1. A Chinese server can be used as the Shadowsocks client server to connect to foreign Shadowsocks Servers. Then, the domestic server is directly set as the proxy IP address in the user's browser.

2. The user's browser can also set automatic proxy configuration. In the google browser, export the configured file. pac, and then put this. put the pac file on the website, and finally provide the user with. the url of the pac. You only need to enter this url in the automatic proxy configuration in the browser.