Shadowsocks is a free and light socks5 web proxy. It is mostly used to bypass some network censorship and restrictions on the Internet.
Installation
Preparation for the install, generally updating the system and installing epel release. Afterward, we install additional tools that will be necessary for socks5:
yum update -y
yum install epel-release -y
yum install -y gcc gettext autoconf libtool automake make pcre-devel asciidoc xmlto udns-devel \ libev-devel libsodium-devel mbedtls-devel git m2crypto c-ares-devel
We download the Shadowsocks from GIT and install it:
/opt
git clone https://github.com/shadowsocks/shadowsocks-libev.git
git submodule update --init --recursive
./autogen.sh
./configure
make && make install
Configuring the Shadowsocks
Adding a new system user for Shadowsocks.
adduser --system --no-create-home -s /bin/false shadowsocks
Creating a directory and configuration file.
mkdir -m 755 /etc/shadowsocks
touch & nano /etc/shadowsocks/shadowsocks.json
Configuration file content should consist of the following lines, while values are adjusted to your situation:
{
"server":"your_server_IP",
"server_port":8388,
"password":"your_password",
"timeout":300,
"method":"aes-256-gcm",
"fast_open": true
}
A short explanation of the options for your config file:
server – enter your server’s public IP;
server port– enter any available port that you will be using to connect to Shadowsocks proxy at your server;
password – a password that you will use to connect to the Shadowsocks server from your device;
timeout – a value that determines when to close the session when inactive;
method – an encryption method. AEAD cipher seems to be the most secure option, like “aes-256-gcm“, but you can browse other stream ciphers here;
fast_open – it can be “true” or “false” values. If you are using a kernel higher than 3.7.1 (Linux VPS), it reduces latency when “true“. Otherwise, not necessary.
Once you configured the Shadowsocks, it’s convenient to create it as Systemd service:
touch & nano /etc/systemd/system/shadowsocks.service
Configuration file content is below, just copy it:
[Unit]
Description=Shadowsocks proxy server
[Service]
User=root
Group=root
Type=simple
ExecStart=/usr/local/bin/ss-server -c /etc/shadowsocks/shadowsocks.json -a shadowsocks -v start
ExecStop=/usr/local/bin/ss-server -c /etc/shadowsocks/shadowsocks.json -a shadowsocks -v stop
[Install]
WantedBy=multi-user.target
Start the service:
systemctl daemon-reload
systemctl enable shadowsocks
systemctl start shadowsocks
Alternatively you can use “stop“, “restart” or “status” options as well.
All of our VPS servers use iptables, so you will have to adjust iptables settings to allow traffic via your Shadowsocks port:
iptables -4 -A INPUT -p tcp --dport 8388 -m comment --comment "Shadowsocks" -j ACCEPT
That is it. Shadowsocks is installed, configured, and hopefully running on your server. In order to connect to it, you will need a Shadowsocks client on your device. You can find a client for almost any device here. Install it and connect to your Shadowsocks server. You will need the server details that are configured on file “/etc/shadowsocks/shadowsocks.json“.
More information can be found below: