惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

S
SegmentFault 最新的问题
The Last Watchdog
The Last Watchdog
C
Cisco Blogs
L
LINUX DO - 热门话题
T
Tenable Blog
D
Darknet – Hacking Tools, Hacker News & Cyber Security
Cyberwarzone
Cyberwarzone
O
OpenAI News
The Hacker News
The Hacker News
V
Vulnerabilities – Threatpost
A
Arctic Wolf
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
Vercel News
Vercel News
量子位
V2EX - 技术
V2EX - 技术
GbyAI
GbyAI
W
WeLiveSecurity
Recorded Future
Recorded Future
P
Proofpoint News Feed
Project Zero
Project Zero
P
Palo Alto Networks Blog
Microsoft Security Blog
Microsoft Security Blog
S
Security Affairs
Stack Overflow Blog
Stack Overflow Blog
B
Blog
Y
Y Combinator Blog
月光博客
月光博客
K
Kaspersky official blog
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
Latest news
Latest news
Forbes - Security
Forbes - Security
T
Troy Hunt's Blog
T
The Blog of Author Tim Ferriss
C
Check Point Blog
D
DataBreaches.Net
MyScale Blog
MyScale Blog
博客园 - 三生石上(FineUI控件)
博客园 - 聂微东
D
Docker
P
Privacy International News Feed
C
Cybersecurity and Infrastructure Security Agency CISA
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
C
Cyber Attacks, Cyber Crime and Cyber Security
S
Securelist
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
雷峰网
雷峰网
SecWiki News
SecWiki News
腾讯CDC
博客园 - Franky

Frost's Blog

The French Laundry Jo 白日梦 Tonchin 体验一次暮光麻醉 关于生死,连接,以及无尽的苔原 ad hoc 当它不再是一座博物馆 一个实习生的来信 回望慕尼黑 聊一聊 2021 年的申请季 On-Device Semantic Segmentation with Core ML Python Interpreter on macOS 《由加利福尼亚州 Apple 公司设计》序言 最长的一天 A Memo for Time Series Analysis Capture Rectilinear RGBD Data with iPhone 离别的维也纳没有钢琴 敬冰冷宇宙中的意识光辉
Setting Up Shadowsocks Service on an Ubuntu Server
Frost Lee · 2020-01-26 · via Frost's Blog

This tutorial illustrates steps for setting up a Shadowsocks server on Ubuntu system. Time to embrace a bigger world! Shadowsocks is a secure socks5 proxy and was designed to protect your internet traffic. Well, what does "protect" mean here? If you are among its target users, you would know.

Installing Shadowsocks and Get it Running

There are multiple versions of Shadowsocks available, including the original Python based Shadowsocks, the Shadowsocks-libev, and ShadowsocksR. For the purpose of installing plugins for obfuscation (in the following section), the Shadowsocks-libev is chosen here. By following its README file, Shadowsocks-libev could be installed with the following two commands.

1
2
sudo apt update
sudo apt install shadowsocks-libev

By entering ss-server -h in the console, all the parameters of the command ss-server are given. You could definitely start a shadowsocks server via a single command by attaching all parameters to it, but it is also good to create a configuration file which helps you no longer need to enter the long parameter list manually. A configuration file looks like this.

1
2
3
4
5
6
7
{
"server_port":443,
"local_port":443,
"password":"yourpassword",
"timeout":600,
"method":"aes-256-gcm"
}

Once you've finished editing the config file (suppose the file name is config.json), you can start the shadowsocks server by executing the following command.

1
ss-server -c /path/to/config.json

Or, if you want the shadowsocks server run as a background process (as most people do), execute the following command instead.

1
nohup ss-server -c /path/to/config.json >> /path/to/log.txt &

If you would like to shut down the server, use ps -ef | grep ss-server to get the pid of your shadowsocks server, and then kill the process using kill.

Before this section is finished, I would like to talk more about some details about the configuration.

Port Choosing

By deploying the Shadowsocks server in 443 port, your Shadowsocks data stream looks more like a data stream for web browsing via HTTPS. It's also worth mentioning that some Wi-Fi networks have firewalls that stop connections to other ports except for normal ports such as 443, 80, 22, etc. But of course, you can select your favorite port from 0 to 65535, as long as they are not occupied by other services.

Encryption Method Choosing

This article discusses the details of why AEAD based encryption algorithms are safer than stream encryption + OTA algorithms. The available AEAD algorithms that Shadowsocks-libev currently supports includes the following.

  • aes-128-gcm
  • aes-192-gcm
  • aes-256-gcm
  • chacha20-ietf-poly1305
  • xchacha20-ietf-poly1305

Besides, this gist suggests AES based algorithm performs badly on ARM processors. Thus, it has been suggested that AES based algorithms shall be used for desktop clients, while chacha based algorithms shall be used for mobile clients.

Using Obfuscation

Obfuscation is another method that reduces the feature of your data stream, thus making it harder for GFW to determine whether your data stream is sent to a shadowsocks server. It pretends your data stream as you are accessing a normal website now. However, using obfuscation will reduce the speed of your shadowsocks. If you care about the speed a lot while feeling it's okay to change your server's IP some times when they are unluckily blocked, you don't need obfuscation.

In this section, the obfuscation configuration using v2ray-plugin will be introduced. First, you need to make sure you have go-lang on your server. If not, you can install it by following this instruction.

The following commands will help you to get v2ray ready on your server.

1
2
3
4
5
git clone git@github.com:shadowsocks/v2ray-plugin.git
cd v2ray-plugin
go build
cp v2ray-plugin /usr/bin/v2ray-plugin
setcap cap_net_bind_service+ep /usr/bin/v2ray-plugin

Now use the following command to start v2ray serving in a background process.

1
v2ray-plugin &

Then attach the following lines to your configuration file so that Shadowsocks-libev uses v2ray-plugin to obfuscate its data stream.

1
2
3
4
5
6
7
8
9
{
"server_port":443,
"local_port":443,
"password":"yourpassword",
"timeout":600,
"method":"aes-256-gcm",
"plugin":"v2ray-plugin",
"plugin_opts":"server"
}

Finally, the shadowsocks server can be started as the previous section mentioned. Note that you would need extra configuration on your client shadowsocks application so that obfuscation works. By assigning an URL to obfs-host parameter on the client, your data stream will look like data accessing the URL you defined.