How To Install Shadowsocks on Rocky Linux 9
In this tutorial, we will show you how to install Shadowsocks on Rocky Linux 9. Shadowsocks, a powerful and versatile proxy tool, offers a solution for bypassing internet censorship and enhancing your online security. This guide will walk you through the process of installing Shadowsocks on Rocky Linux 9, providing you with a robust platform for secure and unrestricted internet access.
Prerequisites
Before we dive into the installation process, ensure that you have the following:
- A virtual machine or server running Rocky Linux 9
- SSH access to your server with sudo privileges
- Basic knowledge of Linux command-line operations
It’s crucial to have a system with adequate resources. While Shadowsocks is relatively lightweight, we recommend the following minimum specifications:
- 1 CPU core
- 1 GB RAM
- 10 GB disk space
Step 1: Update and Prepare the System
To ensure a smooth installation process, we’ll start by updating the system and installing necessary utilities. Open your terminal and execute the following commands:
sudo dnf update -y
sudo dnf upgrade -y
sudo dnf install wget curl vim epel-release -y
These commands will update your system packages, install essential tools like wget, curl, and vim, and enable the EPEL repository, which provides additional packages that we’ll need later in the installation process.
Step 2: Install Shadowsocks-libev
Shadowsocks-libev is a lightweight and efficient implementation of the Shadowsocks protocol. We’ll use the GetPageSpeed repository to install it on Rocky Linux 9. Follow these steps:
sudo dnf -y install https://extras.getpagespeed.com/release-latest.rpm
sudo dnf -y install shadowsocks-libev
After the installation is complete, verify that Shadowsocks-libev has been installed correctly by checking its version:
ss-server --version
You should see output displaying the version information of Shadowsocks-libev.
Step 3: Configure Shadowsocks Server
Now that we have Shadowsocks-libev installed, we need to configure it. The configuration file is located at /etc/shadowsocks/shadowsocks-libev-config.json
. Let’s edit this file using vim:
sudo vim /etc/shadowsocks/shadowsocks-libev-config.json
Replace the contents of the file with the following configuration, making sure to replace the placeholder values with your own:
{
"server":"0.0.0.0",
"server_port":8388,
"password":"your_secure_password",
"timeout":300,
"method":"aes-256-gcm",
"fast_open":false,
"workers":1
}
Let’s break down the key parameters:
- server: Set to “0.0.0.0” to listen on all network interfaces.
- server_port: The port number for client connections. You can change this to any unused port.
- password: Replace with a strong, unique password for client authentication.
- method: The encryption method. AES-256-GCM is a secure choice.
After making these changes, save and exit the file (in vim, press Esc, then type :wq and press Enter).
Step 4: Adjust Firewall Rules
To allow incoming connections to your Shadowsocks server, we need to open the appropriate port in the firewall. Rocky Linux 9 uses firewalld by default. Execute the following commands to open the port and reload the firewall:
sudo firewall-cmd --permanent --add-port=8388/tcp
sudo firewall-cmd --permanent --add-port=8388/udp
sudo firewall-cmd --reload
Verify that the port has been opened successfully:
sudo firewall-cmd --list-all
You should see port 8388 listed under the “ports” section for both TCP and UDP.
Step 5: Start and Enable Shadowsocks Service
Now that we have configured Shadowsocks and opened the necessary port, let’s start the Shadowsocks service and enable it to start automatically on system boot:
sudo systemctl start shadowsocks-libev-server.service
sudo systemctl enable shadowsocks-libev-server.service
To ensure that the service is running correctly, check its status:
sudo systemctl status shadowsocks-libev-server.service
You should see output indicating that the service is active and running.
Step 6: Test the Shadowsocks Server
With the server set up and running, it’s time to test the connection. You’ll need a Shadowsocks client on your local device. There are clients available for various platforms:
- Windows: Shadowsocks-Windows
- macOS: ShadowsocksX-NG
- Android: Shadowsocks for Android
- iOS: Shadowrocket (paid app)
Install the appropriate client for your device and configure it with the following details:
- Server Address: Your server’s IP address
- Server Port: 8388 (or the port you specified in the configuration)
- Password: The password you set in the configuration file
- Encryption Method: aes-256-gcm
Once connected, try accessing a website or running a speed test to verify that your traffic is being routed through the Shadowsocks proxy.
Troubleshooting Common Issues
Even with careful setup, you might encounter some issues. Here are some common problems and their solutions:
1. Service Not Starting
If the Shadowsocks service fails to start, check the logs for error messages:
journalctl -u shadowsocks-libev-server.service
Look for any error messages that might indicate configuration problems or conflicts with other services.
2. Connection Issues
If you’re unable to connect to your Shadowsocks server, verify the following:
- Ensure that the firewall rules are correctly applied.
- Check that the server_port in your configuration matches the opened port in the firewall.
- Verify that your server’s IP address is correct in your client configuration.
3. Slow Speeds
If you’re experiencing slow connection speeds, try the following:
- Switch to a different encryption method (e.g., chacha20-ietf-poly1305).
- Adjust the MTU settings in your client.
- Consider using a different port, as some ISPs may throttle certain port numbers.
Optimizing Your Shadowsocks Setup
To get the most out of your Shadowsocks installation, consider implementing these optimizations:
1. Use TCP Fast Open
TCP Fast Open can improve connection speeds. To enable it, add the following line to your configuration file:
"fast_open": true
Note that this requires kernel support and may not work on all systems.
2. Implement Simple-Obfs
Simple-Obfs is a plugin that can help obfuscate Shadowsocks traffic, making it harder to detect. Install it with:
sudo dnf install simple-obfs
Then, add the following to your Shadowsocks configuration:
"plugin":"obfs-server",
"plugin_opts":"obfs=http"
3. Use Multi-User Mode
If you need to support multiple users, you can configure Shadowsocks to use different ports and passwords for each user. Create a configuration file like this:
{
"server":"0.0.0.0",
"port_password":{
"8388":"password1",
"8389":"password2"
},
"timeout":300,
"method":"aes-256-gcm"
}
This setup allows different users to connect using different ports and passwords.
Maintaining Your Shadowsocks Server
Regular maintenance is crucial for keeping your Shadowsocks server secure and efficient:
- Update your system regularly:
sudo dnf update -y
- Monitor server logs for any unusual activity:
journalctl -u shadowsocks-libev-server.service
- Rotate passwords periodically to enhance security
- Keep an eye on server resource usage and upgrade if necessary
Congratulations! You have successfully installed Shadowsocks. Thanks for using this tutorial for installing the Shadowsocks on Rocky Linux 9 system. For additional help or useful information, we recommend you check the official Shadowsocks website.