CentOS Shadowsocks 服务端安装配置

  • 内容
  • 评论
  • 相关

yum install m2crypto epel-release.noarch -y
yum install python2-pip -y

--Python
# First, make sure you have Python 2.6 or 2.7.

python --version

Python 2.6.8
# Then install from PIP

pip install git+https://github.com/shadowsocks/shadowsocks.git@master

安装 libsodium

wget https://download.libsodium.org/libsodium/releases/LATEST.tar.gz
tar zxf LATEST.tar.gz
cd libsodium*
./configure
make && make install

# 修复关联

echo /usr/local/lib > /etc/ld.so.conf.d/usr_local_lib.conf

ldconfig

# 创建配置文件

mkdir /etc/shadowsocks
vim /etc/shadowsocks/config.json

--单端口

{
    "server":"0.0.0.0",
    "server_port":8388, //端口可以是任意不被占用的值
    "password":"barfoo!",
    "timeout":600,
    "method":"chacha20-ietf-poly1305"
}

--多端口

{
    "server":"0.0.0.0",
    "port_password": {
                "8388": "barfoo!",
                "8399": "barfoo!"
    },
    "timeout":600,
    "method":"chacha20"
}

--优化
编辑/etc/security/limits.conf文件,添加以下两行:

vim /etc/security/limits.conf
* soft nofile 65535
* hard nofile 65535

然后,在启动shadowsocks服务器之前,先设置一下ulimit:

ulimit -n 65535

调整内核参数

调整内核参数的目标是:

尽可能重用连接和端口号
尽可能增大队列和缓冲区
为高延迟和高流量选择合适的TCP拥塞算法
下面是一个生产服务器的配置(/etc/sysctl.conf),在我的搬瓦工服务器上有些不能使用,可能需要自己编译内核模块。

vim /etc/sysctl.conf
fs.file-max=65535

net.core.wmem_default = 8388608
net.core.rmem_default = 8388608
net.core.rmem_max = 67108864
net.core.wmem_max = 67108864
net.core.netdev_max_backlog = 250000
net.core.somaxconn = 32768

net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_tw_recycle = 0
net.ipv4.tcp_fin_timeout = 20
net.ipv4.tcp_keepalive_time = 1200
net.ipv4.ip_local_port_range = 10000 65000
net.ipv4.tcp_max_syn_backlog = 65536
net.ipv4.tcp_max_tw_buckets = 60000
net.ipv4.tcp_fastopen = 3
net.ipv4.tcp_mem = 94500000 915000000 927000000
net.ipv4.tcp_rmem = 4096 87380 67108864
net.ipv4.tcp_wmem = 4096 65536 67108864
net.ipv4.tcp_mtu_probing = 1
# for high-latency network
net.ipv4.tcp_congestion_control = hybla

# for low-latency network, use cubic instead
# net.ipv4.tcp_congestion_control = cubic

net.ipv4.tcp_sack = 1
net.ipv4.tcp_window_scaling = 1
net.ipv4.tcp_timestamps = 1 
net.ipv4.tcp_synack_retries = 2
net.ipv4.tcp_syn_retries = 2
#net.ipv4.tcp_tw_len = 1
net.ipv4.tcp_max_orphans = 3276800
net.nf_conntrack_max = 6553500
net.netfilter.nf_conntrack_max = 6553500
net.netfilter.nf_conntrack_tcp_timeout_close_wait = 60
net.netfilter.nf_conntrack_tcp_timeout_fin_wait = 120
net.netfilter.nf_conntrack_tcp_timeout_time_wait = 120
net.netfilter.nf_conntrack_tcp_timeout_established = 3600

修改之后需要运行sysctl -p来重载配置。
sysctl -p

--防火墙添加端口

vim /lib/firewalld/services/ss.xml
<?xml version="1.0" encoding="utf-8"?>
<service>
  <short>Shadowsocks (SS)</short>
  <description>A secure socks5 proxy, designed to protect your Internet traffic.</description>
  <port protocol="tcp" port="8388"/> //端口根据配置文件设置
  <port protocol="udp" port="8388"/> 
  <port protocol="tcp" port="8399"/>
  <port protocol="udp" port="8399"/> 
</service>
firewall-cmd --rel
firewall-cmd --permanent --add-service=ss
firewall-cmd --rel

启动ss

/usr/bin/python2 /bin/ssserver -c /etc/shadowsocks/config.json -d start

--添加开机启动

vim /etc/rc.local

在文件最后添加

/usr/bin/python2 /bin/ssserver -c /etc/shadowsocks/config.json -d start

客户端下载

温馨提示:此处内容需要评论本文后才能查看!(评论后请刷新页面)

评论

0条评论

发表评论

电子邮件地址不会被公开。 必填项已用*标注