fbpx

Server Setup

Install ShadowSocks server

by ,


We have by far the largest RPM repository with NGINX module packages and VMODs for Varnish. If you want to install NGINX, Varnish, and lots of useful performance/security software with smooth yum upgrades for production use, this is the repository for you.
Active subscription is required.

We review installation of ShadowSocks server on a Rocky Linux 9 instance.
As the first step, install our repository configuration and be sure to activate your subscription:

sudo dnf -y install https://extras.getpagespeed.com/release-latest.rpm

Then you can install the package:

sudo dnf -y install shadowsocks-libev

The configuration file path is /etc/shadowsocks/shadowsocks-libev-config.json and its contents are:

{
        "server":"0.0.0.0",
        "server_port":8609,
        "local_port":2046,
        "password":"wkZjgeTE2OP8AxjV",
        "timeout":"600",
        "method":"aes-256-cfb"
}

You must edit it so that the server is accessible from the Internet, by setting server field to 0.0.0.0.
Also, you must set up the password field with a unique password value.

Since the configuration file is JSON, you can use some CLI tools to edit the configuration quickly:

sudo dnf -y install sde pwgen

Now you can generate the password, set it up with the configuration file and print it for copying to your client:

SHADOWSOCKS_CONFIG="/etc/shadowsocks/shadowsocks-libev-config.json"
# We generate password without double quotes as this is used in JSON to specify strings
SHADOWSOCKS_PASS=$(pwgen --num-passwords=1 --secure --symbols --remove-chars='"' 16)
sde server 0.0.0.0 $SHADOWSOCKS_CONFIG
sde password $SHADOWSOCKS_PASS $SHADOWSOCKS_CONFIG
echo "Your ShadowSocks password is: ${SHADOWSOCKS_PASS}"

Copy the password to your password manager for pasting later to your client.

Adjust firewall

By default, the ShadowSocks server listens at the port 8609 and accepts both TCP and UDP traffic.
You may, likewise adjust the port, especially if you dedicate the server to this service and don’t intent to run anything else there.
In that case, we do recommend the HTTPS port:

firewall-cmd --permanent --add-port=443/tcp
firewall-cmd --permanent --add-port=443/udp
firewall-cmd --reload

Otherwise, adjust the firewall to allow external connections to the 8609 port:

firewall-cmd --permanent --add-port=8609/tcp
firewall-cmd --permanent --add-port=8609/udp
firewall-cmd --reload

Enable the service

Finally, you can run the service and enable it after boot in one command:

systemctl enable --now shadowsocks-libev-server.service

Configure your client

RHEL 8 client

The client program ss-local can be installed likewise from the GetPageSpeed repositories:

sudo dnf -y install https://extras.getpagespeed.com/release-latest.rpm
sudo dnf -y install shadowsocks-libev sde

It allows parameterized multiple instances, so you can set up a local proxy for each ShadowSocks server you have configured earlier.

So let’s create a config specific to our server. First, copy the stock configuration like this:

cp -p /etc/shadowsocks/shadowsocks-libev-config.json cp -p /etc/shadowsocks/example.com.json

Where example.com is the FQDN of the machine where ShadowSocks server resides.

Now edit this file, taking into consideration that we are about setting server field as the remote machine this time.
And local_part will decide the SOCKS5 port that will be set up on this machine for proxying.
The default local port is 2046.

sde server example.com /etc/shadowsocks/example.com.json
sde password '<your server password from earlier>' /etc/shadowsocks/example.com.json

Now let’s enable and run our client service:

systemctl enable --now shadowsocks-libev-client@example.com

Now if you run systemctl status on that unit name, the output will include that the service is listening on the configured local port:

/usr/bin/ss-local[284473]: listening at 127.0.0.1:2046

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes:

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

This site uses Akismet to reduce spam. Learn how your comment data is processed.