Shadowsocks Server Setup
How to install and configure Shadowsocks server – Hostens
Shadowsocks is a free and light socks5 web proxy. It is mostly used to bypass some network censorship and restrictions on the Internet.
Installation
Preparation for the install, generally updating the system and installing epel release. Afterward, we install additional tools that will be necessary for socks5:
yum update -y
yum install epel-release -y
yum install -y gcc gettext autoconf libtool automake make pcre-devel asciidoc xmlto udns-devel libev-devel libsodium-devel mbedtls-devel git m2crypto c-ares-devel
We download the Shadowsocks from GIT and install it:
/opt
git clone git submodule update –init –recursive. /. /configure
make && make install
Configuring the Shadowsocks
Adding a new system user for Shadowsocks.
adduser –system –no-create-home -s /bin/false shadowsocks
Creating a directory and configuration file.
mkdir -m 755 /etc/shadowsocks
touch & nano /etc/shadowsocks/
Configuration file content should consist of the following lines, while values are adjusted to your situation:
{
“server”:”your_server_IP”,
“server_port”:8388,
“password”:”your_password”,
“timeout”:300,
“method”:”aes-256-gcm”,
“fast_open”: true}
A short explanation of the options for your config file:
server – enter your server’s public IP;
server port– enter any available port that you will be using to connect to Shadowsocks proxy at your server;
password – a password that you will use to connect to the Shadowsocks server from your device;
timeout – a value that determines when to close the session when inactive;
method – an encryption method. AEAD cipher seems to be the most secure option, like “aes-256-gcm“, but you can browse other stream ciphers here;
fast_open – it can be “true” or “false” values. If you are using a kernel higher than 3. 7. 1 (Linux VPS), it reduces latency when “true“. Otherwise, not necessary.
Once you configured the Shadowsocks, it’s convenient to create it as Systemd service:
touch & nano /etc/systemd/system/rvice
Configuration file content is below, just copy it:
[Unit]
Description=Shadowsocks proxy server
[Service]
User=root
Group=root
Type=simple
ExecStart=/usr/local/bin/ss-server -c /etc/shadowsocks/ -a shadowsocks -v start
ExecStop=/usr/local/bin/ss-server -c /etc/shadowsocks/ -a shadowsocks -v stop
[Install]
Start the service:
systemctl daemon-reload
systemctl enable shadowsocks
systemctl start shadowsocks
Alternatively you can use “stop“, “restart” or “status” options as well.
All of our VPS servers use iptables, so you will have to adjust iptables settings to allow traffic via your Shadowsocks port:
iptables -4 -A INPUT -p tcp –dport 8388 -m comment –comment “Shadowsocks” -j ACCEPT
That is it. Shadowsocks is installed, configured, and hopefully running on your server. In order to connect to it, you will need a Shadowsocks client on your device. You can find a client for almost any device here. Install it and connect to your Shadowsocks server. You will need the server details that are configured on file “/etc/shadowsocks/“.
More information can be found below:
Official site
Github
Set up Your Own Shadowsocks Server On Debian, Ubuntu …
Shadowsocks is an open source socks5 proxy that can be used to bypass firewall and unblock websites. Originally developed by a Chinese called clowwindy on Github, now the application has been implemented in all kinds of programming languages such as C, C++, Go, Python and the like. This Tutorial will guide you through setting up your own Shadowsocks server and how to use it on your desktop computer, android and iOS. I assume you already have access to a VPS or dedicated server.
Shadowsocks VS VPN
As you may already know, you can use VPN (Virtual Private Network) to bypass firewall and protect your anonymity on the web. Do you need another software like shadowsocks to do the same? One thing you can find is that When you are using VPN, all your Internet traffic is routed through VPN. Because VPN servers are usually located outside your country, this can slow down your Internet speed especially when you are visiting websites inside your country.
Shadowsocks comes to the rescue! Besides a global proxy setting, shadowsocks can also be setup in a way that some of your applications go through shadowsocks and other applications go through normal traffic. For example, you can use Google Chrome to bypass firewall, visit Google, Facebook, YouTube and use Firefox to visit sites that isn’t blocked in your area.
By the way, shadowsocks client will automatically reconnect to shadowsocks server if there’s a disconnect. Although you can configure VPN client to do the same, but that will take extra work.
Setting Up Shadowsocks on Your Server
There are many ways to install shadowsocks on Linux server, but I will show you the easiest way. First, install python pip and then use pip to install shadowsocks. m2crypto will make encryption a little faster.
Debian /Ubuntu
sudo apt-get install python-pip python-m2crypto
sudo pip install shadowsocks
CentOS/RHEL
sudo yum install m2crypto python-setuptools
sudo easy_install pip
Create a configuration file with a command line text editor like nano.
sudo nano /etc/
Put the following text into the file.
{
“server”:”your_server_ip”,
“server_port”:8000,
“local_port”:1080,
“password”:”your_passwd”,
“timeout”:600,
“method”:”aes-256-cfb”}
Explanation of each field:
server: your hostname or server IP (IPv4/IPv6).
server_port: server port number.
local_port: local port number.
password: a password used to encrypt transfer.
timeout: connections timeout in seconds.
method: encryption method, “bf-cfb”, “aes-256-cfb”, “des-cfb”, “rc4”, etc. Default is table, which is not secure. “aes-256-cfb” is recommended.
Replace the green text with your info. Save and close the file, then start shadowsocks server.
sudo ssserver -c /etc/ -d start
To stop shadowsocks server:
sudo ssserver -d stop
Restart Shadowsocks server:
sudo ssserver -c /etc/ -d restart
Check Shadowsocks log
less /var/log/
If necessary, you can always manually download the python version from
You may need to allow traffic through your Shadowsocks server port in iptables firewall by running command: sudo iptables -I INPUT -p tcp –dport 8000 -j ACCEPT
Auto Start on System Boot
If you want shadowsocks server to automatically start on system boot, then edit /etc/ file
sudo vi /etc/
Add the following line to the file above exit 0 line
/usr/bin/python /usr/local/bin/ssserver -c /etc/ -d start
Install and Configure Shadowsocks Client on Desktop Linux
Ubuntu users install it from PPA
sudo add-apt-repository ppa:hzwhuang/ss-qt5
sudo apt-get update
sudo apt-get install shadowsocks-qt5
Fedora/RHEL users can install it from Copr Repository
sudo dnf copr enable librehat/shadowsocks
sudo dnf update
sudo dnf install shadowsocks-qt5
There’s a shadowsocks-qt5 package in AUR repository, so Arch users can use yaourt package manager to install it.
sudo yaourt -S shadowsocks-qt5
Mac and Windows users refer to this page for downloading shadowsocks client.
Configure Shadowsocks Client
Once downloaded and installed on your computer, open it. And right click on the blank background, choose add and then manually to manually add a profile.
In the Profile Editor Window, give your profile a name. Then enter the following information as specified in the /etc/ file on your server. Once it’s done, click OK button to save the profile.
Back in the connection manager window, choose you newly added profile and click connect on the upper-left corner.
Now your shadowsocks client is connected to your server. Next we will tell Firefox and chrome to use your shadowsocks client.
Configure Firefox And Google Chrome to Use Shadowsocks
Open up Firefox, and in the menu bar, choose Edit and then Preferences. And then click the Advanced tab. choose network and then settings.
In the connection settings window, choose manual proxy configuration and then on the socks host field enter 127. 0. 1, enter 1080 in the port field. Be sure to choose socks v5 as the socks type. And finally click the OK button.
Now your firefox can visit google, youtube and other blocked sites!
For Google Chrome users, there’s a plugin called SwitchyOmega that you can install on Chrome. Once installed the plugin, open its options page, add a profile. Then edit your profile as follows. Save the profile and you are done. Now you can visit those blocked sites!
Install Shadowsocks on Android and iOS
Android client download
Goolge Play
Github
Dropbox
iOS client download link
Speed Optimization
The most important factor here is your server location and Internet speed of your ISP. For example, I live in China and have shadowsocks server located in the United States. Although my server has fast connection to, but because the speed between me and my server is slow, so the overall speed between me and is slow.
The solution is that I rented another VPS located in Hong Kong and built a shadowsocks server on it. The speed between me and the server in HK is fast and HK server has fast connection to, so I can now view Youtube videos in 720p without hiccups.
How to Create a SOCKS5 Proxy Server with Shadowsocks
This guide shows you how to create a SOCKS5 proxy server with Shadowsocks on Ubuntu and CentOS. Shadowsocks is a lightweight SOCKS5 web proxy tool primarily utilized to bypass network censorship and block certain websites and web protocols. A full setup requires a Linode server to host the Shadowsocks daemon, and a client installed on PC, Mac, Linux, or a mobile other proxy software, Shadowsocks traffic is designed to be both indiscernible from other traffic to third-party monitoring tools, and also able to disguise as a normal direct connection. Data passing through Shadowsocks is encrypted for additional security and cause currently, there is no Shadowsocks package available for Ubuntu or CentOS, this guide shows how to build Shadowsocks from the You BeginThe commands in this guide require root privileges. To run the steps as an elevated user with sudo privileges, prepend each command with sudo. If two commands are presented in the same instance (separated by &&), remember to use sudo after the && (ex. sudo [command] && sudo [command]). To create a standard user account with sudo privileges, complete the
Add a Limited User Account section of our Securing your Server guide. A working firewall is a necessary security measure. Firewall instructions
are provided for UFW, FirewallD, and Iptables. To configure a firewall on a Linode, visit one of the following guides:How to Configure a Firewall with UFWIntroduction to FirewallD on CentOSWhat Is SOCKS5 Proxy Service? SOCKS5 is an internet protocol of SOCKS that helps to route packets through a proxy between a client and a server. To carry out a secure communication, SOCKS5 uses three different modes of authentication: Null authentication, GSS-API based authentication, and a username-password based SOCKS5 uses a NULL authentication, any request between client and server connects to the set proxy without requiring any authentication. With GSS API authentication, a client’s or server’s identity is verified at the OS level to authenticate. A username and password-based authentication uses credentials to connect to the Is Shadowsocks? Shadowsocks is an open source, free encryption protocol client designed to securely transmit information between clients and servers. It uses asynchronous input-output and is event-driven to deliver speed. Shadowsocks isn’t a proxy, but it enables connecting to 3rd party SOCKS5 proxy connections. It also supports UDP stall the Shadowsocks ServerHow Do You Run ShadowSocks On Ubuntu? To run and install Shadowsocks on Ubuntu Server follow these steps:Download and update the packages to the newest versions on Ubuntu apt update && apt upgrade -yuf
Install dependencies on the Ubuntu server by running the following command: apt install -y –no-install-recommends gettext build-essential autoconf libtool libpcre3-dev
asciidoc xmlto libev-dev libudns-dev automake libmbedtls-dev
libsodium-dev git python-m2crypto libc-ares-dev
Navigate to the /opt directory on Ubuntu and download the Shadowsocks Git module: cd /opt
git clone cd shadowsocks-libev
git submodule update –init –recursive
Install Shadowsocks-libev:. /. /configure
make && make install
How Do You Run ShadowSocks On CentOS 7? To run and install Shadowsocks on CentOS7 follow these steps:Download and update the packages to the newest versions yum update && yum upgrade -y
yum install epel-release -y
Install dependencies on CentOS7 yum install -y gcc gettext autoconf libtool automake make pcre-devel asciidoc xmlto udns-devel
libev-devel libsodium-devel mbedtls-devel git m2crypto c-ares-devel
Navigate to the /opt directory on CentOS7 and download the Shadowsocks Git module: cd /opt
git submodule update –init –recursive
How Do You Use Shadowsocks Libev? Shadowsocks libev is a lightweight, purely C-based proxy implementation for embedded devices. To use Shadowsocks libev after its installation, simply add a system user to Shadowsocks, create a directory with its configuration nfigure the Shadowsocks ServerCreate a new system user for Shadowsocks:Ubuntu 16. 04 adduser –system –no-create-home –group shadowsocks
CentOS 7 adduser –system –no-create-home -s /bin/false shadowsocks
Create a new directory for the configuration file: mkdir -m 755 /etc/shadowsocks
Create the Shadowsocks configuration file located at /etc/shadowsocks/ Paste the contents listed below into the file, noting the instructions in the
Breakdown table for each property. Follow these instructions to determine the value you should set for each /etc/shadowsocks/shadowsocks. json1
2
3
4
5
6
7
8
{
“server”:”your_public_IP_address”,
“server_port”:8388,
“password”:”your_password”,
“timeout”:300,
“method”:”aes-256-gcm”,
“fast_open”: true} BreakdownPropertyDescriptionPossible ValuesserverEnter the server’s public IP determinedserver_portShadowsocks listens on this port. Use the default value of determinedpasswordConnection password. Set a strong determinedtimeoutConnection timeout in seconds. The default value should be sufficient determinedmethodEncryption method. Using AEAD algorithms is
Stream Ciphers and
AEAD Ciphersfast_openReduces latency when turned on. Can only be used with kernel versions 3. 7. 1 or higher. Check the kernel version with uname, falsenameserverName servers for internal DNS determinedOptimize ShadowsocksApply the following optimizations to the system kernel to provide for a smooth running Shadowsocks the /etc/sysctl. d/ system optimization file and paste the contents shown below into the file:CautionThese settings provide the optimal kernel configuration for Shadowsocks. If you have previously configured the system kernel settings for any reason, make sure no conflicts /etc/sysctl. d/ 1
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
# max open files
= 51200
# max read buffer
= 67108864
# max write buffer
# default read buffer
= 65536
# default write buffer
# max processor input queue
= 4096
# max backlog
# resist SYN flood attacks
p_syncookies = 1
# reuse timewait sockets when safe
p_tw_reuse = 1
# turn off fast timewait sockets recycling
p_tw_recycle = 0
# short FIN timeout
p_fin_timeout = 30
# short keepalive time
p_keepalive_time = 1200
# outbound port range
net. ipv4. ip_local_port_range = 10000 65000
# max SYN backlog
p_max_syn_backlog = 4096
# max timewait sockets held by system simultaneously
p_max_tw_buckets = 5000
# turn on TCP Fast Open on both client and server side
p_fastopen = 3
# TCP receive buffer
p_rmem = 4096 87380 67108864
# TCP write buffer
p_wmem = 4096 65536 67108864
# turn on path MTU discovery
p_mtu_probing = 1
# for high-latency network
p_congestion_control = hybla
# for low-latency network, use cubic instead
p_congestion_control = cubicApply optimizations:sysctl –system
Create a Shadowsocks Systemd ServiceThe Shadowsocks systemd service allows the daemon to automatically start on system boot and run in the a systemd file with the following content:File: /etc/systemd/system/rvice 1
[Unit]
Description=Shadowsocks proxy server
[Service]
User=root
Group=root
Type=simple
ExecStart=/usr/local/bin/ss-server -c /etc/shadowsocks/ -a shadowsocks -v start
ExecStop=/usr/local/bin/ss-server -c /etc/shadowsocks/ -a shadowsocks -v stop
[Install]
Enable and start rvice:systemctl daemon-reload
systemctl enable shadowsocks
systemctl start shadowsocks
Open Firewall Port for Shadowsocks ClientDepending on your preference, you may use either the iptables, UFW, or firewalld (CentOS 7 only) commands to complete this port 8388 for the Shadowsocks Client:Iptablesiptables -4 -A INPUT -p tcp –dport 8388 -m comment –comment “Shadowsocks server listen port” -j ACCEPT
UFWufw allow proto tcp to 0. 0. 0/0 port 8388 comment “Shadowsocks server listen port”
FirewallDfirewall-cmd –permanent –zone=public –add-rich-rule=’
rule family=”ipv4″
port protocol=”tcp” port=”8388″ accept’
firewall-cmd –reload
Install a Shadowsocks ClientThe second stage to a Shadowsocks setup is to install a client on the user’s device. This could include a computer, mobile device, tablet, and even home network router. Supported operating systems include Windows, macOS, iOS, Linux, Android, and Shadowsocks ClientDownload the
ShadowsocksX-NG GUI Client for macOS:Launch the application on your Mac. The app preferences is available from a new status menu bar icon. Select the Server Preferences menu item:In the Server Preferences window, click the + (plus-sign) button in the lower left. Enter the details for your Shadowsocks Linode. Be sure to select the same port and encryption scheme that you listed in your Linode’s file. Afterwards, close the window:In the Shadowsocks menu, make sure that Shadowsocks is turned on and that the Global Mode item is selected:Verify that the Shadowsocks connection is active by visiting an IP address lookup website like
When the connection is working as expected, the website lists the Shadowsocks Linode’s public dows Shadowsocks ClientNavigate to the
Windows Shadowsocks page. Click on under Downloads. Extract the contents of the file into any folder and run Shadowsocks runs as a background process. Locate the Shadowsocks icon in the taskbar (it may be in the Hidden Icons taskbar menu), right-click on the Shadowsocks icon, then click on Edit Servers. Enter the information that you saved in the file:Right-click on the Shadowsocks icon again. Mouse over PAC and select both Local PAC and Secure Local confirm that the Linode’s IP address is selected, mouse over that the Shadowsocks connection is active by visiting an IP address lookup website like
When the connection is working as expected, the website lists the Shadowsocks Linode’s public Do You Know If SOCKS5 Proxy Is Working? To check if the SOCKS5 proxy is working, open the terminal and run the netstat command to see if there is an open port:netstat -tlnp
If the SOCKS5 proxy is working, you should see an output similar to below in the terminal:tcp 0 0 232. 222. 333. 414:8888 0. 0:* LISTEN
Another way to test whether SOCKS5 proxy is working is by using the curl command on the right port of the proxy. For a SOCKS5 proxy hosted at 232. 414 listening at port 8080, run the following command in the terminal:timeout 5 curl -x socks5232. 414:8080 If the SOCKS5 proxy isn’t working properly on a proxy hosted at 232. 414, it returns a timeout on our to Go from HereAfter the Shadowsocks server is online, configure a client on your mobile phone, tablet, or any other devices you use. The
Shadowsocks client download page supports all mainstream InformationYou may wish to consult the following resources for additional information on this topic. While these are provided in the hope that they will be useful, please note that we cannot vouch for the accuracy or timeliness of externally hosted adowsocks officialShadowsocks-libev GitHubThis page was originally published on
Thursday, December 7, 2017.
Frequently Asked Questions about shadowsocks server setup
How do you make a Shadowsocks server?
Configure the Shadowsocks ServerCreate a new system user for Shadowsocks: Ubuntu 16.04 adduser –system –no-create-home –group shadowsocks. … Create a new directory for the configuration file: mkdir -m 755 /etc/shadowsocks.Create the Shadowsocks configuration file located at /etc/shadowsocks/shadowsocks. json .Dec 7, 2017
How do I setup a SOCKS5 proxy?
uTorrentDownload uTorrent on your Windows PC.Install the torrent client and launch it.Open the Options menu and select Preferences.Go to Connection.Set Proxy Server Type to Socks5.Set Proxy and Port to the server address and port of the SOCKS5 proxy.Click Apply.Aug 18, 2020
How do I connect Shadowsocks to Linux?
Shadowsocks Setup Guide for LinuxAfter the installation is complete, click on the Menu button and type in ‘Shadowsocks’ in the search bar. … On the Menu Bar, click on Connection -> Add -> URL. … Click on OK. … Right-click on the server that you have just added and select Connect.More items…
