RHEL BasedRocky Linux

How To Install Shadowsocks on Rocky Linux 9

Install Shadowsocks on Rocky Linux 9

In this tutorial, we will show you how to install Shadowsocks on Rocky Linux 9. Shadowsocks, a powerful and versatile proxy tool, offers a solution for bypassing internet censorship and enhancing your online security. This guide will walk you through the process of installing Shadowsocks on Rocky Linux 9, providing you with a robust platform for secure and unrestricted internet access.

Prerequisites

Before we dive into the installation process, ensure that you have the following:

  • A virtual machine or server running Rocky Linux 9
  • SSH access to your server with sudo privileges
  • Basic knowledge of Linux command-line operations

It’s crucial to have a system with adequate resources. While Shadowsocks is relatively lightweight, we recommend the following minimum specifications:

  • 1 CPU core
  • 1 GB RAM
  • 10 GB disk space

Step 1: Update and Prepare the System

To ensure a smooth installation process, we’ll start by updating the system and installing necessary utilities. Open your terminal and execute the following commands:

sudo dnf update -y
sudo dnf upgrade -y
sudo dnf install wget curl vim epel-release -y

These commands will update your system packages, install essential tools like wget, curl, and vim, and enable the EPEL repository, which provides additional packages that we’ll need later in the installation process.

Step 2: Install Shadowsocks-libev

Shadowsocks-libev is a lightweight and efficient implementation of the Shadowsocks protocol. We’ll use the GetPageSpeed repository to install it on Rocky Linux 9. Follow these steps:

sudo dnf -y install https://extras.getpagespeed.com/release-latest.rpm
sudo dnf -y install shadowsocks-libev

After the installation is complete, verify that Shadowsocks-libev has been installed correctly by checking its version:

ss-server --version

You should see output displaying the version information of Shadowsocks-libev.

Step 3: Configure Shadowsocks Server

Now that we have Shadowsocks-libev installed, we need to configure it. The configuration file is located at /etc/shadowsocks/shadowsocks-libev-config.json. Let’s edit this file using vim:

sudo vim /etc/shadowsocks/shadowsocks-libev-config.json

Replace the contents of the file with the following configuration, making sure to replace the placeholder values with your own:

{
    "server":"0.0.0.0",
    "server_port":8388,
    "password":"your_secure_password",
    "timeout":300,
    "method":"aes-256-gcm",
    "fast_open":false,
    "workers":1
}

Let’s break down the key parameters:

  • server: Set to “0.0.0.0” to listen on all network interfaces.
  • server_port: The port number for client connections. You can change this to any unused port.
  • password: Replace with a strong, unique password for client authentication.
  • method: The encryption method. AES-256-GCM is a secure choice.

After making these changes, save and exit the file (in vim, press Esc, then type :wq and press Enter).

Step 4: Adjust Firewall Rules

To allow incoming connections to your Shadowsocks server, we need to open the appropriate port in the firewall. Rocky Linux 9 uses firewalld by default. Execute the following commands to open the port and reload the firewall:

sudo firewall-cmd --permanent --add-port=8388/tcp
sudo firewall-cmd --permanent --add-port=8388/udp
sudo firewall-cmd --reload

Verify that the port has been opened successfully:

sudo firewall-cmd --list-all

You should see port 8388 listed under the “ports” section for both TCP and UDP.

Step 5: Start and Enable Shadowsocks Service

Now that we have configured Shadowsocks and opened the necessary port, let’s start the Shadowsocks service and enable it to start automatically on system boot:

sudo systemctl start shadowsocks-libev-server.service
sudo systemctl enable shadowsocks-libev-server.service

To ensure that the service is running correctly, check its status:

sudo systemctl status shadowsocks-libev-server.service

You should see output indicating that the service is active and running.

Step 6: Test the Shadowsocks Server

With the server set up and running, it’s time to test the connection. You’ll need a Shadowsocks client on your local device. There are clients available for various platforms:

  • Windows: Shadowsocks-Windows
  • macOS: ShadowsocksX-NG
  • Android: Shadowsocks for Android
  • iOS: Shadowrocket (paid app)

Install the appropriate client for your device and configure it with the following details:

  • Server Address: Your server’s IP address
  • Server Port: 8388 (or the port you specified in the configuration)
  • Password: The password you set in the configuration file
  • Encryption Method: aes-256-gcm

Once connected, try accessing a website or running a speed test to verify that your traffic is being routed through the Shadowsocks proxy.

Troubleshooting Common Issues

Even with careful setup, you might encounter some issues. Here are some common problems and their solutions:

1. Service Not Starting

If the Shadowsocks service fails to start, check the logs for error messages:

journalctl -u shadowsocks-libev-server.service

Look for any error messages that might indicate configuration problems or conflicts with other services.

2. Connection Issues

If you’re unable to connect to your Shadowsocks server, verify the following:

  • Ensure that the firewall rules are correctly applied.
  • Check that the server_port in your configuration matches the opened port in the firewall.
  • Verify that your server’s IP address is correct in your client configuration.

3. Slow Speeds

If you’re experiencing slow connection speeds, try the following:

  • Switch to a different encryption method (e.g., chacha20-ietf-poly1305).
  • Adjust the MTU settings in your client.
  • Consider using a different port, as some ISPs may throttle certain port numbers.

Optimizing Your Shadowsocks Setup

To get the most out of your Shadowsocks installation, consider implementing these optimizations:

1. Use TCP Fast Open

TCP Fast Open can improve connection speeds. To enable it, add the following line to your configuration file:

"fast_open": true

Note that this requires kernel support and may not work on all systems.

2. Implement Simple-Obfs

Simple-Obfs is a plugin that can help obfuscate Shadowsocks traffic, making it harder to detect. Install it with:

sudo dnf install simple-obfs

Then, add the following to your Shadowsocks configuration:

"plugin":"obfs-server",
"plugin_opts":"obfs=http"

3. Use Multi-User Mode

If you need to support multiple users, you can configure Shadowsocks to use different ports and passwords for each user. Create a configuration file like this:

{
    "server":"0.0.0.0",
    "port_password":{
        "8388":"password1",
        "8389":"password2"
    },
    "timeout":300,
    "method":"aes-256-gcm"
}

This setup allows different users to connect using different ports and passwords.

Maintaining Your Shadowsocks Server

Regular maintenance is crucial for keeping your Shadowsocks server secure and efficient:

  • Update your system regularly: sudo dnf update -y
  • Monitor server logs for any unusual activity: journalctl -u shadowsocks-libev-server.service
  • Rotate passwords periodically to enhance security
  • Keep an eye on server resource usage and upgrade if necessary

Congratulations! You have successfully installed Shadowsocks. Thanks for using this tutorial for installing the Shadowsocks on Rocky Linux 9 system. For additional help or useful information, we recommend you check the official Shadowsocks website.

VPS Manage Service Offer
If you don’t have time to do all of this stuff, or if this is not your area of expertise, we offer a service to do “VPS Manage Service Offer”, starting from $10 (Paypal payment). Please contact us to get the best deal!

r00t

r00t is an experienced Linux enthusiast and technical writer with a passion for open-source software. With years of hands-on experience in various Linux distributions, r00t has developed a deep understanding of the Linux ecosystem and its powerful tools. He holds certifications in SCE and has contributed to several open-source projects. r00t is dedicated to sharing her knowledge and expertise through well-researched and informative articles, helping others navigate the world of Linux with confidence.
Back to top button