We review installation of ShadowSocks server on a Rocky Linux 9 instance.
As the first step, install our repository configuration and be sure to activate your subscription:
sudo dnf -y install https://extras.getpagespeed.com/release-latest.rpm
Then you can install the package:
sudo dnf -y install shadowsocks-libev
The configuration file path is /etc/shadowsocks/shadowsocks-libev-config.json and its contents are:
{
"server":"0.0.0.0",
"server_port":8609,
"local_port":2046,
"password":"wkZjgeTE2OP8AxjV",
"timeout":"600",
"method":"aes-256-cfb"
}
You must edit it so that the server is accessible from the Internet, by setting server field to 0.0.0.0.
Also, you must set up the password field with a unique password value.
Since the configuration file is JSON, you can use some CLI tools to edit the configuration quickly:
sudo dnf -y install sde pwgen
Now you can generate the password, set it up with the configuration file and print it for copying to your client:
SHADOWSOCKS_CONFIG="/etc/shadowsocks/shadowsocks-libev-config.json"
# We generate password without double quotes as this is used in JSON to specify strings
SHADOWSOCKS_PASS=$(pwgen --num-passwords=1 --secure --symbols --remove-chars='"' 16)
sde server 0.0.0.0 $SHADOWSOCKS_CONFIG
sde password $SHADOWSOCKS_PASS $SHADOWSOCKS_CONFIG
echo "Your ShadowSocks password is: ${SHADOWSOCKS_PASS}"
Copy the password to your password manager for pasting later to your client.
Adjust firewall
By default, the ShadowSocks server listens at the port 8609 and accepts both TCP and UDP traffic.
You may, likewise adjust the port, especially if you dedicate the server to this service and don’t intent to run anything else there.
In that case, we do recommend the HTTPS port:
firewall-cmd --permanent --add-port=443/tcp
firewall-cmd --permanent --add-port=443/udp
firewall-cmd --reload
Otherwise, adjust the firewall to allow external connections to the 8609 port:
firewall-cmd --permanent --add-port=8609/tcp
firewall-cmd --permanent --add-port=8609/udp
firewall-cmd --reload
Enable the service
Finally, you can run the service and enable it after boot in one command:
systemctl enable --now shadowsocks-libev-server.service
Configure your client
RHEL 8 client
The client program ss-local can be installed likewise from the GetPageSpeed repositories:
sudo dnf -y install https://extras.getpagespeed.com/release-latest.rpm
sudo dnf -y install shadowsocks-libev sde
It allows parameterized multiple instances, so you can set up a local proxy for each ShadowSocks server you have configured earlier.
So let’s create a config specific to our server. First, copy the stock configuration like this:
cp -p /etc/shadowsocks/shadowsocks-libev-config.json cp -p /etc/shadowsocks/example.com.json
Where example.com is the FQDN of the machine where ShadowSocks server resides.
Now edit this file, taking into consideration that we are about setting server field as the remote machine this time.
And local_part will decide the SOCKS5 port that will be set up on this machine for proxying.
The default local port is 2046.
sde server example.com /etc/shadowsocks/example.com.json
sde password '<your server password from earlier>' /etc/shadowsocks/example.com.json
Now let’s enable and run our client service:
systemctl enable --now shadowsocks-libev-client@example.com
Now if you run systemctl status on that unit name, the output will include that the service is listening on the configured local port:
/usr/bin/ss-local[284473]: listening at 127.0.0.1:2046