Major Updates: December 18, 2018.
- Reliable Proxy5 service provider: SocketPro is dirt cheap ($2.41/mo if annual, only applicable to people with Alipay/WeChat payment options) if you prefer to rely on a service provider. This option is cheaper comparing to DigitalOcean servers. Their services are top-notch and I’ve been using it for almost two years alongside my DIY servers. A handful of their servers are optimized for Netflix and other streaming sites also. email me if you don't have an Alipay account.
- Setup A ShadowsocksR Server On Amazon EC2 (Free Tier): Comes with an auto-install script. The external link is safe, it’s my personal website. ShadowsocksR is a fork of the original Shadowsocks project, claimed to be superior regarding security and stability. So I highly recommend you to install SSR instead of Shadowsocks. You can adapt the EC2 guide and apply it to any Ubuntu/CentOS or Debian flavors.
Originally posted on deadauthor.me (website no longer maintained). The same article is available on mighil.com.
Shadowsocks is an open source SOCKS5 proxy which, according to their official site, is designed to protect your internet traffic. As an expat in China, I have tried a few VPN services. The major downside of well-known providers is that their VPNs create one connection for all traffic (which is easier for China’s GFW to detect/block/slow down).
Recently, I tested Shadowsocks on an Ubuntu server based in Singapore and I must say I’m quite happy with SOCKS5 rather than the paid services. I know there are a bunch of tutorials out there on how to configure Shadowsocks. But, I’d like to be more precise about providing the best tips and workarounds.
In this tutorial, you’ll learn how to install Shadowsocks and related packages on an Ubuntu server and bypass the Great Firewall of China.
- A DigitalOcean droplet (preferably > Ubuntu 14.04.5 x64 or CentOS 7.2 x64 server) / Cost: starts from $5 per month. Feel free to sign-up with my referral link if you’re interested.
- Notepad++ or Sublime Text if you don’t prefer UNIX vi editor.
- SFTP/FTP client like WinSCP on Windows if you prefer a GUI or Transmit/Cyberduck if you’re using MacOS.
- Switch to root or use sudo.
How To Create A New Droplet In DigitalOcean
Note: I highly recommend new users to generate/set-up SSH keys while creating a droplet as they provide a more secure way of logging into a virtual private server with SSH than using a password alone.
How To Install Shadowsocks on Ubuntu 16.04
Let’s fire up putty or any other SSH client and log in to your server as root user.
Once you have logged in to the server, run the following command to update the packages:
$ apt-get update
Now, run the following commands to install Python then Shadowsocks:
$ apt-get install python-pip
$ pip install shadowsocks
Now it’s time to install M2Crypto, which is the most complete Python wrapper for OpenSSL featuring RSA, DSA, DH, EC, HMACs, message digests, symmetric ciphers (including AES). Run the following commands to install M2Crypto:
$ apt-get install python-m2crypto
$ apt-get install build-essential
Since salsa20 and chacha20 are fast stream ciphers. Optimized salsa20/chacha20 implementation on x86_64 is even 2x faster than rc4 (but slightly slower on ARM). You must install libsodium to use them:
$ wget https://github.com/jedisct1/libsodium/releases/download/1.0.10/libsodium-1.0.10.tar.gz
$ tar xf libsodium-1.0.10.tar.gz && cd libsodium-1.0.10
$ ./configure && make && make install
After finishing up the steps above, we must create a .json file/config file for Shadowsocks. In order to do this, fire up Vi editor or open up Notepad++ and create a new file. Add these data to the file:
You can choose any encryption method from here.
Save the file as shadowsocks.json and copy it to the /etc folder.
Now it’s about time to start your Shadowsocks server. Run the following command to do so:
$ ssserver -c /etc/shadowsocks.json -d start
You can check the Shadowsocks log file, which is located in /var/log/shadowsocks.log to make sure everything is okay.
Now that you are almost done, we need to make sure Shadowsocks server will be started automatically during system reboots. Edit the file named /etc/rc.local to do so.
Open up /etc/rc.local and add the following content before the exit 0 line.
/usr/bin/python /usr/local/bin/ssserver -c /etc/shadowsocks.json -d start
Now you’re ready to roll.
Note: In the future, use this command: “ssserver -c /etc/shadowsocks.json -d stop” to stop the Shadowsocks server. and “ssserver -c /etc/shadowsocks.json -d restart” to restart.
There are many ways to optimize your server, here are the best ones.
To increase the maximum number of file descriptors:
Edit the limits.conf file located in /etc/security/limits.conf and add the following two lines:
* soft nofile 51200
* hard nofile 51200
Now, temporarily stop the Shadowsocks server to set the ulimit.
$ ssserver -c /etc/shadowsocks.json -d stop
Now set the ulimit:
$ ulimit -n 51200
To optimize the kernels:
We can optimize the kernel parameters by editing the /etc/sysctl.conf file. Open up the file and add the following lines to the end of the document:
fs.file-max = 51200net.core.rmem_max = 67108864
net.core.wmem_max = 67108864
net.core.netdev_max_backlog = 250000
net.core.somaxconn = 4096net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_tw_recycle = 0
net.ipv4.tcp_fin_timeout = 30
net.ipv4.tcp_keepalive_time = 1200
net.ipv4.ip_local_port_range = 10000 65000
net.ipv4.tcp_max_syn_backlog = 8192
net.ipv4.tcp_max_tw_buckets = 5000
net.ipv4.tcp_fastopen = 3
net.ipv4.tcp_mem = 25600 51200 102400
net.ipv4.tcp_rmem = 4096 87380 67108864
net.ipv4.tcp_wmem = 4096 65536 67108864
net.ipv4.tcp_mtu_probing = 1
net.ipv4.tcp_congestion_control = cubic
Save it and run this command:
$ sysctl -p
Now that you finished optimizing, start the server!
$ ssserver -c /etc/shadowsocks.json -d start
Check out clients for different platforms on Shadowsock’s official website.