[Shadowsocks] How to install and configure Shadowsocks server

Giedrius

Shadowsocks is a free and light socks5 web proxy. It is mostly used to bypass some network censorship and restrictions on the Internet.

Installation

Preparation for the install, generally updating the system and installing epel release. Afterward, we install additional tools that will be necessary for socks5:

yum update -y
yum install epel-release -y
yum install -y gcc gettext autoconf libtool automake make pcre-devel asciidoc xmlto udns-devel \ libev-devel libsodium-devel mbedtls-devel git m2crypto c-ares-devel

We download the Shadowsocks from GIT and install it:

/opt
git clone https://github.com/shadowsocks/shadowsocks-libev.git
git submodule update --init --recursive

./autogen.sh
./configure
make && make install

Configuring the Shadowsocks

Adding a new system user for Shadowsocks.

adduser --system --no-create-home -s /bin/false shadowsocks

Creating a directory and configuration file.

mkdir -m 755 /etc/shadowsocks
touch & nano /etc/shadowsocks/shadowsocks.json

Configuration file content should consist of the following lines, while values are adjusted to your situation:

{
"server":"your_server_IP",
"server_port":8388,
"password":"your_password",
"timeout":300,
"method":"aes-256-gcm",
"fast_open": true
}

A short explanation of the options for your config file:

server - enter your server's public IP;
server port- enter any available port that you will be using to connect to Shadowsocks proxy at your server;
password - a password that you will use to connect to the Shadowsocks server from your device;
timeout - a value that determines when to close the session when inactive;
method - an encryption method. AEAD cipher seems to be the most secure option, like "aes-256-gcm", but you can browse other stream ciphers here;
fast_open - it can be "true" or "false" values. If you are using kernel higher than 3.7.1 (https://www.time4vps.com/linux-vps/Linux VPS), it reduces latency when "true". Otherwise, not necessary.

Once you configured the Shadowsocks, it's convenient to create it as Systemd service:

touch & nano /etc/systemd/system/shadowsocks.service

Configuration file content is below, just copy it:

[Unit]
Description=Shadowsocks proxy server

[Service]
User=root
Group=root
Type=simple
ExecStart=/usr/local/bin/ss-server -c /etc/shadowsocks/shadowsocks.json -a shadowsocks -v start
ExecStop=/usr/local/bin/ss-server -c /etc/shadowsocks/shadowsocks.json -a shadowsocks -v stop

[Install]
WantedBy=multi-user.target

Start the service:

systemctl daemon-reload
systemctl enable shadowsocks
systemctl start shadowsocks

Alternatively you can use "stop", "restart" or "status" options as well.

All of our VPS servers use iptables, so you will have to adjust iptables settings to allow traffic via your Shadowsocks port:

iptables -4 -A INPUT -p tcp --dport 8388 -m comment --comment "Shadowsocks" -j ACCEPT

That is it. Shadowsocks is installed, configured, and hopefully running on your server. In order to connect to it, you will need a Shadowsocks client on your device. You can find a client for almost any device here. Install it and connect to your Shadowsocks server. You will need the server details that are configured on file "/etc/shadowsocks/shadowsocks.json".

More information can be found below:

Official site
Github