安装shadowsocks

shadowsocks是用python写的,直接使用pip install 安装即可

1
pip install shadowsocks

优化Shadowsocks性能

创建 local.conf 配置文件:vim /etc/sysctl.d/local.conf

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
# max open files
fs.file-max = 51200
# max read buffer
net.core.rmem_max = 67108864
# max write buffer
net.core.wmem_max = 67108864
# default read buffer
net.core.rmem_default = 65536
# default write buffer
net.core.wmem_default = 65536
# max processor input queue
net.core.netdev_max_backlog = 4096
# max backlog
net.core.somaxconn = 4096

# resist SYN flood attacks
net.ipv4.tcp_syncookies = 1
# reuse timewait sockets when safe
net.ipv4.tcp_tw_reuse = 1
# turn off fast timewait sockets recycling
net.ipv4.tcp_tw_recycle = 0
# short FIN timeout
net.ipv4.tcp_fin_timeout = 30
# short keepalive time
net.ipv4.tcp_keepalive_time = 1200
# outbound port range
net.ipv4.ip_local_port_range = 10000 65000
# max SYN backlog
net.ipv4.tcp_max_syn_backlog = 4096
# max timewait sockets held by system simultaneously
net.ipv4.tcp_max_tw_buckets = 5000
# turn on TCP Fast Open on both client and server side
net.ipv4.tcp_fastopen = 3
# TCP receive buffer
net.ipv4.tcp_rmem = 4096 87380 67108864
# TCP write buffer
net.ipv4.tcp_wmem = 4096 65536 67108864
# turn on path MTU discovery
net.ipv4.tcp_mtu_probing = 1

# for high-latency network
net.ipv4.tcp_congestion_control = hybla

# for low-latency network, use cubic instead
# net.ipv4.tcp_congestion_control = cubic

保存配置,sysctl –system 使配置生效。

配置 shadowsocks

建议把配置文件放在当前用户主目录下 ss.

1
2
mkdir ~/ss  //创建 ss 目录
vim ~/ss/ssserver.json //创建配置文件

编辑配置文件

1
2
3
4
5
6
7
8
9
10
11
{
"server":"my_server_ip", // 本机的 IP 地址
"server_port":8388,
"local_address": "127.0.0.1",
"local_port":1080,
"password":"***********", //密码
"timeout":300,
"method":"aes-256-cfb",
"fast_open":false, //使用TCP_FASTOPEN降低延迟
"workers":1 //默认为1,修改后会启用多个进程
}

保存并退出,需要注意的是:该 json 文件 写入 “//注释” 易导致无法启动ss.

启动 ss 并永久运行 Shadowsocks

1
nohup ssserver -c /root/ss/ssserver.json -d start &

ssserver 是 SS 的服务端命令。-c 表示以配置文件的方式运行 SS.
-d 表示在后台运行,这样允许用户进行其他操作。start 就是启动。(注:防火墙应将流量放行)
nohup 以及最后的 & 是让 SS 服务端一直运行,并把运行日志输出到当前用户主目录下的 nohup.out 文件中。