ShadowSocks

ShadowSocks copied to clipboard

Pre Installation

Change Server's Password

passwd root

OS Update

yum update && yum upgrade -y

Optional

yum install epel-release -y
yum install htop -y

Install Sahdowsocks

yum install m2crypto python-setuptools -y

easy_install pip

pip install shadowsocks

Configuration

yum install vim

vim /etc/shadowsocks.json

{
"server":"YOUR_SERVER_IP",

"server_port":8000,
"local_port":1080,
"password":"YOUR_PASSWORD",
"timeout":600,
"method":"aes-256-cfb"
}

Add ShadowSocksss User

adduser --system --no-create-home -s /bin/false shadowsocksss

Create Stratup Service

Create shadowsocks.service File

vim /etc/systemd/system/shadowsocks.service

[Unit]
Description=ShadowsocksProxy
After=network.target

[Service]
User=shadowsocksss
Type=simple
ExecStart=/usr/bin/ssserver -c /etc/shadowsocks.json  -v start
Restart=on-abort

[Install]
WantedBy=multi-user.target

Enable and start shadowsocks service

systemctl daemon-reload
systemctl start shadowsocks
systemctl enable shadowsocks

Install & Configuration (Iptables)

yum install iptables-services -y
iptables -I INPUT -p tcp --dport 8000 -j ACCEPT
systemctl enable iptables   
service iptables save

If iptables rule doesn't save disable firewalld by the following command:

systemctl disable firewalld

Logs

less /var/log/shadowsocks.log

References:

https://www.linuxbabe.com/linux-server/setup-your-own-shadowsocks-server-on-debian-ubuntu-centos https://www.linode.com/docs/networking/vpn/create-a-socks5-proxy-server-with-shadowsocks-on-ubuntu-and-centos7/

Hardening (Optional)

Install & Config fail2ban

yum install fail2ban

Enable

systemctl enable fail2ban

Configuration

⛔ Don't edit jail.conf ⛔

Create jail.local

👉 Any values defined in jail.local will override those in jail.conf.

vim /etc/fail2ban/jail.local

[DEFAULT]
# Ban hosts permanent:
maxretry = 3
bantime = -1
# Override /etc/fail2ban/jail.d/00-firewalld.conf:
banaction = iptables-multiport
[sshd]
enabled = true

systemctl restart fail2ban

Check Status

fail2ban-client status
fail2ban-client status sshd
iptables -L

Create Fail2Ban Service

vim /etc/systemd/system/myfail2ban.service

[Unit]
Description=Fail2BanService
After=network.target

[Service]
User=root
Type=simple
ExecStart=/bin/systemctl start fail2ban
Restart=on-abort

[Install]
WantedBy=multi-user.target

Enable & Start Service

systemctl daemon-reload
systemctl start fail2ban
systemctl enable fail2ban

Clear Fail2Ban log file

service fail2ban stop

truncate -s 0 /var/log/fail2ban.log

rm /var/lib/fail2ban/fail2ban.sqlite3

service fail2ban restart

You can save all of them in a .sh file and run it from crontab weekly(Sunday at 4:05AM)

5 4 * * sun /root/clear_fail2ban_log.sh

Reference:

https://www.digitalocean.com/community/tutorials/how-to-protect-ssh-with-fail2ban-on-centos-7

Install Client on Windows/Linux/Android

Windows Client: https://github.com/shadowsocks/shadowsocks-windows/releases

Linux Client : https://github.com/shadowsocks/shadowsocks-qt5/releases

After download file run the following command:

chmod a+x Shadowsocks-Qt5-x86_64.AppImage

Android Client: https://play.google.com/store/apps/details?id=com.github.shadowsocks

Reference:

https://shadowsocks.org/en/download/clients.html