shadowsocks-libev

CentOS 7 服务端

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
# 开发工具
yum -y groupinstall "Development tools"

# shadowsocks-libev 编译依赖
yum -y install gcc gettext autoconf libtool automake make pcre-devel asciidoc xmlto c-ares-devel libev-devel libsodium-devel mbedtls-devel

# 编译安装 shadowsocks-libev
git clone https://github.com/shadowsocks/shadowsocks-libev.git
git submodule update --init --recursive
./autogen.sh && ./configure && make
make install

# ss-server 配置文件
nano /usr/local/etc/ss-server-config.json

# 文本内容
{
"server":"0.0.0.0",
"server_port":8080,
"password":"", # 密码
"timeout":300,
"user":"nobody",
"method":"xchacha20-ietf-poly1305",
"fast_open":true,
"nameserver":"8.8.8.8",
}

# ss-server 服务 systemctl 启动脚本
nano /etc/systemd/system/ss-server.service

# 文本内容
[Unit]
Description=ss-server-systemctl
After=network.target

[Service]
ExecStart=/usr/local/bin/ss-server -c /usr/local/etc/ss-server-config.json
Restart=on-abort

[Install]
WantedBy=multi-user.target

# ss-server 服务启动并设置自启
systemctl start ss-server.service
systemctl enable ss-server.service

# 查看 ss-server 当前状态
systemctl status ss-server.service

Arch Linux 客户端

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
# 安装 shadowsocks-libev
pacman -S shadowsocks-libev

# ss-local 配置文件
nano /usr/local/etc/ss-conf.json

# 文本内容
{
"server":"", # vps ip 或指向该 ip 的域名
"server_port":8080,
"local_address":"127.0.0.1",
"local_port":1080,
"password":"", # 密码
"timeout":300,
"method":"xchacha20-ietf-poly1305",
"fast_open":true,
"workers":1,
}

# ss-local 服务 systemctl 启动脚本
nano /etc/systemd/system/ss-local.service

# 文本内容
[Unit]
Description=ss-local-systemctl
After=network.target

[Service]
ExecStart=/usr/bin/ss-local -c /usr/local/etc/ss-conf.json
Restart=on-abort

[Install]
WantedBy=multi-user.target

# ss-local 服务启动并设置自启
systemctl start ss-local
systemctl enable ss-local

# 检查 ss-local 服务当前状态
systemctl status ss-local

其他客户端

shadowsocks-android
shadowsocks-windows

simple-obfs [1] [2] [3]

ss速度用 4G 流量很快,用宽带很慢,速度差距十分之大,可以试试混淆。
混淆对于提速不能说没有效果,鸡肋吧,食之无味。
愿意花钱的推荐购买国内云服务器做中转。

simple-obfs 安装

1
2
3
4
5
6
7
8
# Centos 7 simple-obfs 编译安装依赖
yum install gcc autoconf libtool automake make zlib-devel openssl-devel asciidoc xmlto

# 拉取源代码编译安装
git clone https://github.com/shadowsocks/simple-obfs
git submodule update --init --recursive
./autogen.sh && ./configure && make
make install

CentOS 7 服务端配置

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
nano /usr/local/etc/ss-server-config.json

# 文本内容
{
"server":"", # vps ip 或指向该 ip 的域名
"server_port":8080,
"local_address":"127.0.0.1",
"local_port":1080,
"password":"", # 密码
"timeout":300,
"method":"xchacha20-ietf-poly1305",
"fast_open":true,
"workers":1,
"plugin": "obfs-server",
"plugin_opts": "obfs=http"
}

# ss-server 服务重启并检查状态
systemctl restart ss-server.service
systemctl status ss-server.service

Arch Linux 客户端配置

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
# 文本内容
{
"server":"", # vps ip 或指向该 ip 的域名
"server_port":8080,
"local_address":"127.0.0.1",
"local_port":1080,
"password":"", # 密码
"timeout":300,
"method":"xchacha20-ietf-poly1305",
"fast_open":true,
"workers":1,
"plugin": "obfs-local", # simple-obfs 混淆配置
"plugin_opts": "obfs=http;cloudfront.net" # simple-obfs 混淆配置
}

# ss-local 服务重启并检查状态
systemctl restart ss-local
systemctl status ss-local

simple-obfs 其他客户端

windows simple-obfs

1 下载 obfs-local.zip
2 解压至 shadowsocks-windows 运行文件同一目录
3 编辑服务器配置,插件程序 obfs-local 插件选项 obfs=http 插件参数 obfs-host=cloudfront.net

simple-obfs-android
shadowsocks-android 配置文件设置,下拉至插件选项,选择 Simple Obfuscation 默认配置即可。

国内云服务中转 [4]

ss 的 vps 是搬瓦工的 cn2gia,用移动的宽带,卡上天,联通 4g 流量又是丝滑般流畅。
解决方案是用阿里云服务器做中转

Nginx 转发提速

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
yum install nginx
nano /etc/nginx/nginx.conf
# 去掉里面 server 配置
# 添加如下配置

stream {
upstream group1 {
hash $remote_addr consistent;
server xxx.xxx.xxx.xxx:xxx; # ss ip:port
}

server {
listen 443;
listen 443 udp;
proxy_pass group1;
}
}

# nginx 重启并设置自动启动
systemctl restart nginx
systemctl enable nginx

开启 BBR [5]

BBR 是来自于 Google 的黑科技,目的是通过优化和控制TCP的拥塞,充分利用带宽并降低延迟。
开启 BBR,需要内核版本在 Linux kernel 4.9 以上。

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
# CenOS 7
# 安装最新内核
rpm --import https://www.elrepo.org/RPM-GPG-KEY-elrepo.org
rpm -Uvh https://www.elrepo.org/elrepo-release-7.0-3.el7.elrepo.noarch.rpm
yum --enablerepo=elrepo-kernel install kernel-ml -y

# 查看内核列表
egrep ^menuentry /etc/grub2.cfg | cut -f 2 -d \'

# 设置默认启动内核
# 索引从 0 开始
# 下面数字设置新安装内核顺序
grub2-set-default 1

# 重启
reboot

# 查看内核版本
uname -a

# 删除久内核
yum -y remove kernel kernel-tools

# 开启 BBR
nano /etc/sysctl.conf
# 添加如下配置
net.core.default_qdisc = fq
net.ipv4.tcp_congestion_control = bbr

# 加载新配置
sysctl -p

# 验证 BBR 是否开启
sysctl net.ipv4.tcp_available_congestion_control
# 返回结果中包含 bbr 则开启成功

终端代理 Privoxy

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
# Arch Linux 为例
pacman -S privoxy

# 配置
echo 'forward-socks5 / 127.0.0.1:1080 .' >> /etc/privoxy/config

# 添加别名
# zsh 是 .zshrc
# bash 是 .bashrc
echo 'alias vpn="export http_proxy=http://127.0.0.1:8118
export https_proxy=http://127.0.0.1:8118
export no_proxy=localhost"'>~/.zshrc
source ~/.zshrc

# 需要使用终端代理时
# 输入 vpn 就行

# 启动设置自启
systemctl start privoxy.service
systemctl enable privoxy.service

更新记录

2019-03-24 拆分出 haproxy
2019-02-27 添加终端代理 Privoxy
2019-02-22 添加国内 vps Nginx 转发提速
2019-02-01 创建 shadowsocks 服务器、客户端、混淆相关内容

参考拓展

1 Shadowsocks 流量混淆
2 网站共用端口Shadowsocks-obfs的安装 更新Nginx>Obfs方法
3 给你的 shadowsocks+obfs 套上一层 cloudflare
4 Nginx中转Shadowsocks与负载均衡
5 CentOS 7安装bbr教程