shadowsocks libev - xxooxxooxx/xxooxxooxx.github.io GitHub Wiki

Debian 8+

outdate

enable bbr?

apt-get update
apt-get install --no-install-recommends gettext build-essential autoconf libtool libpcre3-dev asciidoc xmlto libev-dev automake libmbedtls-dev libc-ares-dev haveged
systemctl enable haveged
systemctl start haveged

git clone https://github.com/jedisct1/libsodium
cd libsodium
./autogen.sh
./configure
make && make check
make install
ldconfig

git clone https://github.com/shadowsocks/shadowsocks-libev.git
cd shadowsocks-libev
git submodule update --init --recursive
./autogen.sh && ./configure && make
make install

cat >/etc/shadowsocks/config.json<<'EOF'
{
"server":"1.1.1.1",
"server_port":"8080",
"local_address":"0.0.0.0",
"local_port":1080,
"password":"pssswd",
"timeout":60,
"mode":"tcp_and_udp",
"fast_open":true,
"method":"xchacha20-ietf-poly1305"
}
EOF

vi /etc/sysctl.conf
net.ipv4.tcp_fastopen = 3
sysctl -p

//update
cd shadowsocks-libev
git pull origin master
git submodule update --init --recursive
make clean
./autogen.sh && ./configure && make make install
systemctl restart shadowsocks

apt-get install libcap2-bin
vi /lib/systemd/system/shadowsocks.service

[Unit]
Description=Shadowsocks Daemon
After=syslog.target network.target
Wants=network.target

[Service]
User=proxy
Group=proxy
Type=simple
AmbientCapabilities=CAP_NET_BIND_SERVICE
ExecStart=/usr/local/bin/ss-server -c /etc/shadowsocks/config.json
LimitNOFILE=1048576
Restart=on-failure

[Install]
WantedBy=multi-user.target

sbin/setcap CAP_NET_BIND_SERVICE
man 7 capabilities

systemctl daemon-reload
systemctl enable shadowsocks
systemctl restart shadowsocks
systemctl status shadowsocks

apt-get install fail2ban
vi /etc/fail2ban/filter.d/shadowsocks.conf

[INCLUDES]

before = common.conf

[Definition]

_daemon = ss-server

failregex = ^%(__prefix_line)s.*ERROR: failed to handshake with <HOST>: (:?authentication error$|malicious fragmentation$)

ignoreregex =

vi /etc/fail2ban/jail.local

[shadowsocks]
enabled = true
port    = 8080
logpath  = /var/log/syslog
maxretry = 3
bantime = -1
findtime = 5

systemctl restart fail2ban

simple-obfs

simple-obfs

  • server
"plugin":"obfs-server",
"plugin_opts":"obfs=http;t=60;fast-open"
  • client
"plugin":"obfs-local",
"plugin_opts":"obfs=http;t=60;fast-open;obfs-host=www.cloudflare.com"

过时且不安全,推荐下面的工具
noisy-shuttle
trojan

⚠️ **GitHub.com Fallback** ⚠️