The SSR server requires Centos 6 (64-bit recommended);
Install the basic components and the SSR backend
yum -y install python-setuptools && easy_install pip easy_install pip==9.0.3 pip install cymysql speedtest-cli yum install git
yum -y install python-setuptools && easy_install pip && pip install cymysql speedtest-cli && yum install git
Support for the CHACHA20 encryption method:
If you want to use the standard salsa20, chacha20, or chacha20 IETF algorithms, please install libsodium:
yum -y groupinstall "Development Tools" wget https://github.com/jedisct1/libsodium/releases/download/1.0.13/libsodium-1.0.13.tar.gz tar xf libsodium-1.0.13.tar.gz && cd libsodium-1.0.13 ./configure && make -j2 && make install echo /usr/local/lib > /etc/ld.so.conf.d/usr_local_lib.conf ldconfig rm -rf /root/libsodium-1.0.13.tar.gz cd /root
yum -y groupinstall "Development Tools" && wget https://github.com/jedisct1/libsodium/releases/download/1.0.13/libsodium-1.0.13.tar.gz && tar xf libsodium-1.0.13.tar.gz && cd libsodium-1.0.13 && ./configure && make -j2 && make install && echo /usr/local/lib > /etc/ld.so.conf.d/usr_local_lib.conf && ldconfig && rm -rf /root/libsodium-1.0.13.tar.gz && cd /root
(If it prompts cannot import name
OrderedDict, you may need to patch the server: third-party plugin
ordereddict easy_install ordereddict )
Download the program source code
git clone -b manyuser https://github.com/glzjin/shadowsocks.git
Enter the Shadowsocks directory and install the dependencies
yum -y install python-devel yum -y install libffi-devel yum -y install openssl-devel
For Debian, do not run the command below; just run pip install cymysql
pip install -r requirements.txt
Configure the program
First get your configuration files
cd shadowsocks cp apiconfig.py userapiconfig.py cp config.json user-config.json
Edit parameters
Then mainly edit userapiconfig.py; you only need to modify the following 2
major categories
#The node ID must match the ID assigned to the node you added on your website! NODE_ID = 1 #You must fill this in here: either choose the database or choose httpapi (most people use the database; not sure how to set up httpapi, lol) API_INTERFACE = 'glzjinmod' #glzjinmod (connect via database), modwebapi (http api) #MySQL database connection information MYSQL_HOST = '127.0.0.1' MYSQL_PORT = 3306 MYSQL_USER = 'ss' MYSQL_PASS = 'ss' MYSQL_DB = 'shadowsocks' MYSQL_UPDATE_TIME = 60 #Although this is optional, it is still recommended to change 127.0.0.1 to this server's IP address # Manager (ignore this) MANAGE_PASS = 'ss233333333' #if you want manage in other server you should set this value to global ip MANAGE_BIND_IP = '127.0.0.1' #make sure this port is idle MANAGE_PORT = 23333
Start Running
Test whether there are any errors on the server side
cd /root/shadowsocks python server.py
If an error is reported, then take another careful look to see exactly where the problem is.
If the error (1042, u”Can’t get hostname for your address”) appears
In my.cnf, under the [mysqld] section
add
skip-name-resolve
#Access by ignoring the hostname
If after adding it and restarting you still get the prompt 1042, u”Can’t get hostname for your address”, then directly modify hosts, delete everything in hosts, and then enter
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
Let’s optimize it
Edit /etc/security/limits.conf
Add the following at the end
* soft nofile 51200 * hard nofile 51200
Then run the following before starting
ulimit -n 51200
Then edit /etc/sysctl.conf
fs.file-max = 51200 net.core.rmem_max = 67108864 net.core.wmem_max = 67108864 net.core.netdev_max_backlog = 250000 net.core.somaxconn = 4096 net.ipv4.tcp_syncookies = 1 net.ipv4.tcp_tw_reuse = 1 net.ipv4.tcp_tw_recycle = 0 net.ipv4.tcp_fin_timeout = 30 net.ipv4.tcp_keepalive_time = 1200 net.ipv4.ip_local_port_range = 10000 65000 net.ipv4.tcp_max_syn_backlog = 8192 net.ipv4.tcp_max_tw_buckets = 5000 net.ipv4.tcp_fastopen = 3 net.ipv4.tcp_rmem = 4096 87380 67108864 net.ipv4.tcp_wmem = 4096 65536 67108864 net.ipv4.tcp_mtu_probing = 1
Run sysctl -p to make it take effect.
Here, the configuration of supervisord under centos 6 x64 is used as an example.
rpm -Uvh http://download.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm --quiet yum install supervisor python-pip -y pip install supervisor==3.1 chkconfig supervisord on wget https://github.com/glzjin/ssshell-jar/raw/master/supervisord.conf -O /etc/supervisord.conf wget https://github.com/glzjin/ssshell-jar/raw/master/supervisord -O /etc/init.d/supervisord
Edit the last section of /etc/supervisord.conf and change it to the following, using /root/shadowsocks/ as an example
[program:mu] command=python /root/shadowsocks/server.py directory=/root/shadowsocks autorestart=true startsecs=10 startretries=36 redirect_stderr=true user=root ; setuid to this UNIX account to run the program log_stdout=true ; if true, log program stdout (default true) log_stderr=true ; if true, log program stderr (def false) logfile=/var/log/mu.log ; child log path, use NONE for none; default AUTO ;logfile_maxbytes=1MB ; max # logfile bytes b4 rotation (default 50MB) ;logfile_backups=10 ; # of logfile backups (default 10)
Edit /etc/init.d/supervisord and add ulimit -n 51200 between these two lines
echo -n $"Starting supervisord: " ulimit -n 51200 daemon supervisord -c /etc/supervisord.conf
Then
service supervisord start #start the daemon
Other commands
Speed test
speedtest-cli
Disable the firewall
chkconfig iptables off
service iptables stop
About upgrading
cd shadowsocks
git pull
Supplement:
userapiconfig.py, an explanation of what each configuration item means
# Config
#Node ID
NODE_ID = 1
#Automatic speed testing; set to 0 to disable testing. The unit here is hours, and it should match the number of hours set in ss-panel
SPEEDTEST = 6
#Cloud security; automatically reports and downloads banned IPs. 1 to enable, 0 to disable
CLOUDSAFE = 1
#Automatically ban IPs with incorrect SS passwords or encryption methods. 1 to enable, 0 to disable
ANTISSATTACK = 0
#Whether to accept commands issued by the upstream. If you want to use this command, please refer to what I wrote before. Put the public key in
ssshell.asc
under the directoryAUTOEXEC = 1
Multi-port single-user setting; see the major update notes.
MU_SUFFIX = ‘zhaoj.in’
Multi-port single-user setting; see the major update notes.
MU_REGEX = ‘%5m%id.%suffix’
#Sounds impressive, but unclear
SERVER_PUB_ADDR = ‘127.0.0.1’ # mujson_mgr need this to
generate ssr link#How to access the panel
API_INTERFACE = ‘glzjinmod’ #glzjinmod
(connect via database), modwebapi (http api)#mudb, ignore it
MUDB_FILE = ‘mudb.json’
# Information related to the HTTP API, see the major update notes.
WEBAPI_URL = ‘https://zhaoj.in’
WEBAPI_TOKEN = ‘glzjin’
# MySQL database connection information
MYSQL_HOST = ‘127.0.0.1’
MYSQL_PORT = 3306
MYSQL_USER = ‘ss’
MYSQL_PASS = ‘ss’
MYSQL_DB = ‘shadowsocks’
# Whether to enable SSL connection, 0 for off, 1 for on
MYSQL_SSL_ENABLE = 0
# Client certificate directory, see https://github.com/glzjin/shadowsocks/wiki/Mysql-SSL%E9%85%8D%E7%BD%AE
MYSQL_SSL_CERT = ‘/root/shadowsocks/client-cert.pem’
MYSQL_SSL_KEY = ‘/root/shadowsocks/client-key.pem’
MYSQL_SSL_CA = ‘/root/shadowsocks/ca.pem’
# API, ignore it
API_HOST = ‘127.0.0.1’
API_PORT = 80
API_PATH = ‘/mu/v2/’
API_TOKEN = ‘abcdef’
API_UPDATE_TIME = 60
# Manager, ignore it
MANAGE_PASS = ‘ss233333333’
#if you want manage in other server you should set this
value to global ipMANAGE_BIND_IP = ‘127.0.0.1’
#make sure this port is idle
MANAGE_PORT = 23333
#Security setting, required to limit the number of online IPs.
Set the parameter below randomly, and keep it consistent across all nodes.IP_MD5_SALT = ‘randomforsafety’