SSR-Bash-Final
One-click installation for SSR multi-user management, with a web query panel and support for traffic/speed limits
Features
One-click start and stop of the SSR service.
Add, delete, and modify user ports and passwords.
Freely limit traffic usage for user ports.
Automatically modify firewall rules.
Self-service modification of SSR encryption methods, protocols, obfuscation, and other parameters.
Automatic statistics for convenient checking of traffic usage on each user port.
Automatically installs the Libsodium library to support encryption methods such as Chacha20.
Installation
System requirements:
CentOS 6+, Debian 6+, Ubuntu 14.04+.
Installation commands:
yum install unzip wget #For Centos
apt-get install unzip #For Debian and Ubuntu
Install multi-user version:
wget -N --no-check-certificate https://raw.githubusercontent.com/szadamlee/SSR-Bash-Final/master/ssr.zip && unzip ssr.zip && cd SSR* && bash install.sh
After installation is complete, enter the ssr command for management.
Remember to enable the WEB panel, then enter http://ip:port in your browser to perform related queries.
If you want to limit the number of users on a port, you can install iptables and then use it
Limit the number of port connections
- First enter the command service iptables stop to disable iptables
-
Limiting port concurrency is very simple—IPTABLES can handle it. For example, if you want to limit the maximum number of IP connections on port
8388to 5, use these two commands:
iptables -I INPUT -p tcp --dport 8388 -m connlimit --connlimit-above 5 -j DROP
iptables -I OUTPUT -p tcp --dport 8388 -m connlimit --connlimit-above 5 -j DROP
1024-10240
iptables -I INPUT -p tcp --dport 1024:10240 -m connlimit --connlimit-above 5 -j DROP
iptables -I OUTPUT -p tcp --dport 1024:10240 -m connlimit --connlimit-above 5 -j DROP
-
Just save the IPTABLES rules (
service iptables save); other ports can be handled in the same way. - Enter the command
service iptables startto start it - Finally, use the command to check whether it has taken effect
iptables -L -n -v
Limit Port Speed
- First, enter the command service iptables stop to disable iptables
-
Limiting port concurrency is very simple; IPTABLES can handle it. Suppose you want to limit the maximum connection rate of port
5037to 60 packets per second. Just use these two commands:
iptables -A INPUT -p tcp --sport 5037 -m limit --limit 60/s -j ACCEPT
iptables -A INPUT -p tcp --sport 5037 -j DROP
64—1518 bytes (Byte) in size.
Limit the Access Speed of a Specific IP
Principle: control the rate of a specific port per second. For example, if it exceeds 10 packets per second, DROP them directly, thereby limiting the speed of that specific port.
iptables -A FORWARD -m limit -d 208.8.14.53 --limit 700/s --limit-burst 100 -j ACCEPT
iptables -A FORWARD -d 208.8.14.53 -j DROP
Finally, let’s talk about how to fix the issue of the firewall failing after a reboot
iptables-save >/etc/sysconfig/iptables
echo 'iptables-restore /etc/sysconfig/iptables' >> /etc/rc.local
chmod +x /etc/rc.d/rc.local
For the SSR client
Limit the number of device connections
/root folder, it would be:
vi /root/shadowsocksr/user-config.json
64 devices)
"protocol_param": "",
each port in the protocol parameter (a minimum of 2 is recommended). For example, to limit it to a maximum of
5 devices connected at the same time, change it to:
"protocol_param": "5",

