Linux 部署 shadowsocks-libev 服务端

部署 shadowsocks-libev 服务端

特性

  • 内存占用极低 < 64 M (可用于 Linux 路由器)
  • 支持插件
  • 可使用 AEAD 系列加密

点击进入 GitHub 官方项目地址

先决条件

获取最新源码

使用以下命令获取最新源码,并更新其子模块:

git clone https://github.com/shadowsocks/shadowsocks-libev.git
cd shadowsocks-libev
git submodule update --init --recursive

编译安装 libsodium 加密支持库

最低需要 libsodium 1.0.8,但是强烈推荐使用最新版本进行编译安装。详情请看 在 UNIX-like 系统上进行直接安装.

安装过程

快速链接指南


预备编译的配置工作

其他可用配置选项的完整列表,请尝试使用configure --help命令。

Debian & Ubuntu

从仓库安装官方构建版

Shadowsocks-libev 现在可在官方仓库中安装

  • Debian 8 or higher, including oldstable (jessie), stable (stretch), testing (buster) and unstable (sid)
  • Ubuntu 16.10 or higher
sudo apt update
sudo apt install shadowsocks-libev


对于 Debian 8 (Jessie) 用户,请从jessie-backports-sloppy源安装:
强烈推荐从jessie-backports-sloppy安装shadowsocks-libev
注意:关于 backports 更多信息,请点击Debian Backports查看。

sudo sh -c 'printf "deb http://deb.debian.org/debian jessie-backports main\n" > /etc/apt/sources.list.d/jessie-backports.list'
sudo sh -c 'printf "deb http://deb.debian.org/debian jessie-backports-sloppy main" >> /etc/apt/sources.list.d/jessie-backports.list'
sudo apt update
sudo apt -t jessie-backports-sloppy install shadowsocks-libev

对于 Debian 9 (Stretch) 用户,请从stretch-backports源安装:
强烈推荐从stretch-backports安装shadowsocks-libev

sudo sh -c 'printf "deb http://deb.debian.org/debian stretch-backports main" > /etc/apt/sources.list.d/stretch-backports.list'
sudo apt update
sudo apt -t stretch-backports install shadowsocks-libev


对于 Ubuntu 14.04 and 16.04 请添加PPA源后安装:

sudo apt-get install software-properties-common -y
sudo add-apt-repository ppa:max-c-lv/shadowsocks-libev
sudo apt-get update
sudo apt install shadowsocks-libev

从源码自行构建 DEB 安装包

支持的发行版:

  • Debian 8, 9 及后续版本
  • Ubuntu 14.04 LTS, 16.04 LTS, 16.10 及后续版本

你可以使用以下脚本构建 shadowsocks-libev 和其全部所需依赖:

mkdir -p ~/build-area/
cp ./scripts/build_deb.sh ~/build-area/
cd ~/build-area
./build_deb.sh

注意:对于更加古老的版本,不支持构建 .deb 包。

Debian 8 (Jessie) 系统用户编译时注意事项:

强烈建议您使用上述方法从仓库安装,如果坚持使用源代码编译构建,则需要从jessie-backports-sloppy仓库安装libsodium不要从主仓库中安装

cd shadowsocks-libev
sudo sh -c 'printf "deb http://deb.debian.org/debian jessie-backports main" > /etc/apt/sources.list.d/jessie-backports.list'
sudo sh -c 'printf "deb http://deb.debian.org/debian jessie-backports-sloppy main" >> /etc/apt/sources.list.d/jessie-backports.list'
sudo apt-get install --no-install-recommends devscripts equivs asciidoc apg
mk-build-deps --root-cmd sudo --install --tool "apt-get -o Debug::pkgProblemResolver=yes --no-install-recommends -y"
./autogen.sh && dpkg-buildpackage -b -us -uc
cd ..
sudo dpkg -i shadowsocks-libev*.deb

Debian 9 (Stretch) 系统用户编译时注意事项:

强烈建议您使用上述方法从仓库安装,如果坚持使用源代码编译构建,则需要从stretch-backports仓库安装libsodium不要从主仓库中安装

cd shadowsocks-libev
sudo sh -c 'printf "deb http://deb.debian.org/debian stretch-backports main" > /etc/apt/sources.list.d/stretch-backports.list'
sudo apt-get install --no-install-recommends devscripts equivs asciidoc apg
mk-build-deps --root-cmd sudo --install --tool "apt-get -o Debug::pkgProblemResolver=yes --no-install-recommends -y"
./autogen.sh && dpkg-buildpackage -b -us -uc
cd ..
sudo dpkg -i shadowsocks-libev*.deb

配置并启动服务

# 修改配置文件
sudo vim /etc/shadowsocks-libev/config.json

# 修改默认配置
sudo vim /etc/default/shadowsocks-libev

# 启动服务进程
sudo /etc/init.d/shadowsocks-libev start    # for sysvinit, or
sudo systemctl start shadowsocks-libev      # for systemd

Fedora & RHEL & CentOS

支持的发行版:

  • Fedora 近期版本 (until EOL)
  • RHEL 6, 7 及其衍生版 (包括 CentOS, Scientific Linux)

从仓库中安装

启用仓库dnf,然后通过dnf安装 shadowsocks-libev

su -c 'dnf copr enable librehat/shadowsocks'
su -c 'dnf update'
su -c 'dnf install shadowsocks-libev'

或从 Fedora Copr 下载放置到/etc/yum.repos.d/。然后从yum安装:

su -c 'yum update'
su -c 'yum install shadowsocks-libev'

此仓库由 @librehat 维护,问题请点击此处反馈。

CentOS 上的编译安装

如果使用 CentOS 7,则需要安装以下所需依赖。

yum install epel-release -y
yum install gcc gettext autoconf libtool automake make pcre-devel asciidoc xmlto c-ares-devel libev-devel libsodium-devel mbedtls-devel -y

ArchLinux

sudo pacman -S shadowsocks-libev

请参考下游 PKGBUILD

Linux

默认需要以下依赖:

  • autotools (autoconf, automake, libtool)
  • gettext
  • pkg-config
  • libmbedtls
  • libsodium
  • libpcre3 (old pcre library)
  • libev
  • libc-ares
  • asciidoc (for documentation only)
  • xmlto (for documentation only)

注意:Fedora 26 libsodium 版本 >= 1.0.12,所以需要通过dnf安装libsodium而不是从源码编译安装。

对于部分旧版本系统,请使用以下命令安装依赖:

# Installation of basic build dependencies
## Debian / Ubuntu
sudo apt-get install --no-install-recommends gettext build-essential autoconf libtool libpcre3-dev asciidoc xmlto libev-dev libc-ares-dev automake libmbedtls-dev libsodium-dev
## CentOS / Fedora / RHEL
sudo yum install gettext gcc autoconf libtool automake make asciidoc xmlto c-ares-devel libev-devel
## Arch
sudo pacman -S gettext gcc autoconf libtool automake make asciidoc xmlto c-ares libev

# Installation of Libsodium
export LIBSODIUM_VER=1.0.13
wget https://download.libsodium.org/libsodium/releases/libsodium-$LIBSODIUM_VER.tar.gz
tar xvf libsodium-$LIBSODIUM_VER.tar.gz
pushd libsodium-$LIBSODIUM_VER
./configure --prefix=/usr && make
sudo make install
popd
sudo ldconfig

# Installation of MbedTLS
export MBEDTLS_VER=2.6.0
wget https://tls.mbed.org/download/mbedtls-$MBEDTLS_VER-gpl.tgz
tar xvf mbedtls-$MBEDTLS_VER-gpl.tgz
pushd mbedtls-$MBEDTLS_VER
make SHARED=1 CFLAGS=-fPIC
sudo make DESTDIR=/usr install
popd
sudo ldconfig

# Start building
./autogen.sh && ./configure && make
sudo make install

FreeBSD

su
cd /usr/ports/net/shadowsocks-libev
make install

Edit your config.json file. By default, it's located in /usr/local/etc/shadowsocks-libev.

To enable shadowsocks-libev, add the following rc variable to your /etc/rc.conf file:

shadowsocks_libev_enable="YES"

Start the Shadowsocks server:

service shadowsocks_libev start

OpenWRT

The OpenWRT project is maintained here:
openwrt-shadowsocks.

用法

有关所有支持参数的详细、完整列表,
您可以分别参考应用程序的手册页。

    ss-[local|redir|server|tunnel|manager]

       -s <server_host>           host name or ip address of your remote server

       -p <server_port>           port number of your remote server

       -l <local_port>            port number of your local server

       -k <password>              password of your remote server

       -m <encrypt_method>        Encrypt method: rc4-md5,
                                  aes-128-gcm, aes-192-gcm, aes-256-gcm,
                                  aes-128-cfb, aes-192-cfb, aes-256-cfb,
                                  aes-128-ctr, aes-192-ctr, aes-256-ctr,
                                  camellia-128-cfb, camellia-192-cfb,
                                  camellia-256-cfb, bf-cfb,
                                  chacha20-poly1305, chacha20-ietf-poly1305
                                  salsa20, chacha20 and chacha20-ietf.

       [-f <pid_file>]            the file path to store pid

       [-t <timeout>]             socket timeout in seconds

       [-c <config_file>]         the path to config file

       [-i <interface>]           network interface to bind,
                                  not available in redir mode

       [-b <local_address>]       local address to bind

       [-u]                       enable udprelay mode,
                                  TPROXY is required in redir mode

       [-U]                       enable UDP relay and disable TCP relay,
                                  not available in local mode

       [-L <addr>:<port>]         specify destination server address and port
                                  for local port forwarding,
                                  only available in tunnel mode

       [-d <addr>]                setup name servers for internal DNS resolver,
                                  only available in server mode

       [--fast-open]              enable TCP fast open,
                                  only available in local and server mode,
                                  with Linux kernel > 3.7.0

       [--acl <acl_file>]         config file of ACL (Access Control List)
                                  only available in local and server mode

       [--manager-address <addr>] UNIX domain socket address
                                  only available in server and manager mode

       [--executable <path>]      path to the executable of ss-server
                                  only available in manager mode

       [--plugin <name>]          Enable SIP003 plugin. (Experimental)
       [--plugin-opts <options>]  Set SIP003 plugin options. (Experimental)

       [-v]                       verbose mode

注意:

    ss-redir 提供透明代理功能,仅可用于
    Linux 发行版 with iptables.

先决条件

获取最新源码

使用以下命令获取最新源码,并更新其子模块:

git clone https://github.com/shadowsocks/simple-obfs.git
cd simple-obfs
git submodule update --init --recursive

安装所需依赖

部分依赖在上面教程已经安装,因此只需补充以下额外依赖:

sudo apt-get install libcork-dev apg libcap2-bin libpam-cap libssl-dev -y

安装过程

快速链接指南


simple-obfs

预备编译的配置工作

其他可用配置选项的完整列表,请尝试使用configure --help命令。

Debian & Ubuntu

从源码自行构建 DEB 安装包

支持的发行版:

  • Debian 8, 9 及后续版本
  • Ubuntu 14.04 LTS, 16.04 LTS, 16.10 及后续版本

部分依赖在上面教程已经安装,因此只需补充以下额外依赖:

sudo apt-get install libcork-dev apg libcap2-bin libpam-cap libssl-dev -y
./autogen.sh && dpkg-buildpackage -b -us -uc

注意:对于更加古老的版本,不支持构建 .deb 包。

Other Linux

对于 Unix-like 系统,特别是 Debian-based systems, e.g. Ubuntu, Debian or Linux Mint,可以按以下进行编译:

# Debian / Ubuntu
sudo apt-get install --no-install-recommends build-essential autoconf libtool libssl-dev libpcre3-dev libc-ares-dev libev-dev asciidoc xmlto automake
# CentOS / Fedora / RHEL
sudo yum install gcc autoconf libtool automake make zlib-devel openssl-devel asciidoc xmlto c-ares-devel
# Arch
sudo pacman -Syu gcc autoconf libtool automake make zlib openssl asciidoc xmlto

git clone https://github.com/shadowsocks/simple-obfs.git
cd simple-obfs
git submodule update --init --recursive
./autogen.sh
./configure && make
sudo make install

用法

有关所有支持的参数的详细和完整的列表,可分别参考应用程序的手册页。

插件模式工作

Add respective item to --plugin and --plugin-opts arg or as value of plugin and plugin_opts in JSON.

客户端:
ss-local -c config.json --plugin obfs-local --plugin-opts "obfs=http;obfs-host=www.bing.com"
服务端:
ss-server -c config.json --plugin obfs-server --plugin-opts "obfs=http"

独立模式工作

客户端:
obfs-local -s server_ip -p 8139 -l 1984 --obfs http --obfs-host www.bing.com
ss-local -c config.json -s 127.0.0.1 -p 1984 -l 1080
服务端:
obfs-server -s server_ip -p 8139 --obfs http -r 127.0.0.1:8388
ss-server -c config.json -s 127.0.0.1 -p 8388

与 Web server 共存

仅适用于服务端:
# HTTP only with plugin mode
ss-server -c config.json --plugin obfs-server --plugin-opts "obfs=http;failover=example.com"

# Both HTTP and HTTPS with standalone mode
obfs-server -s server_ip -p 80 --obfs http -r 127.0.0.1:8388 --failover example.com
obfs-server -s server_ip -p 443 --obfs tls -r 127.0.0.1:8388 --failover example.com

# suppose you have an HTTP webserver (apache/nginx/whatever) listening on localhost:8080 and HTTPS on 8443
# (you probably shouldn't expose these ports)
obfs-server -s server_ip -p 80 --obfs http -r 127.0.0.1:8388 --failover 127.0.0.1:8080
obfs-server -s server_ip -p 443 --obfs tls -r 127.0.0.1:8388 --failover 127.0.0.1:8443

标签:linux

添加新评论