服务器架设 ss-server

来来回回折腾了好多次 ss-server,却没有记录下来搭设过程,特写此文……

编译 ss-libev

系统环境为 Ubuntu 17.10
比起从 apt 源安装 shadowsocks,我更倾向于选择本地编译 ss-libev 运行

1. 首先安装依赖

1
# apt-get install --no-install-recommends gettext build-essential autoconf libtool libssl-dev libpcre3-dev asciidoc xmlto libev-dev libc-ares-dev automake

2. 从 github 上克隆源代码

1
2
3
# git clone https://github.com/shadowsocks/shadowsocks-libev.git
# cd shadowsocks-libev
# git submodule update --init --recursive

3. 编译 libsodium 与 mbedtls 两个库

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
# export LIBSODIUM_VER=1.0.16
# wget https://download.libsodium.org/libsodium/releases/libsodium-$LIBSODIUM_VER.tar.gz
# tar xf libsodium-$LIBSODIUM_VER.tar.gz
# pushd libsodium-$LIBSODIUM_VER
# ./configure && make
# make install
# popd
# ldconfig

# export MBEDTLS_VER=2.6.0
# wget https://tls.mbed.org/download/mbedtls-$MBEDTLS_VER-gpl.tgz
# tar xf mbedtls-$MBEDTLS_VER-gpl.tgz
# pushd mbedtls-$MBEDTLS_VER
# make SHARED=1 CFLAGS=-fPIC
# make install
# popd
# ldconfig

4. 编译并安装 ss-libev

1
2
# ./autogen.sh && ./configure && make
# make install

为 systemd 添加自定义服务

添加名叫 ss-libev 的服务,并设置为开机启动

  • 新建 /lib/systemd/system/ss-libev.service 文件
1
2
3
4
5
6
7
8
9
10
11
12
13
14
[Unit]
Description=Shadowsocks-libev Default Server Service
Documentation=man:shadowsocks-libev(8)
After=network.target

[Service]
Type=simple
EnvironmentFile=/etc/default/shadowsocks-libev
User=root
LimitNOFILE=32768
ExecStart=/usr/local/bin/ss-server -a $USER -c $CONFFILE $DAEMON_ARGS

[Install]
WantedBy=multi-user.target
  • 新建 /etc/default/shadowsocks-libev 文件
1
2
3
4
5
6
7
8
# Configuration file
CONFFILE="/root/ss/config.json"

# User and group to run the server as
USER=root

# Extra command line arguments
DAEMON_ARGS=""
  • 新建 /root/ss/config.json 文件
1
2
3
4
5
6
7
8
9
10
11
{
"server": "0.0.0.0",
"server_port": 1088,
"password": "<this is your password>",
"method": "chacha20-ietf-poly1305",
"timeout": 60,
"fast_open": true,
"mode": "tcp_and_udp",
"mtu": 1200,
"no_delay": true
}
  • 万事俱备,接下来运行 systemctl daemon-reloadsystemctl enable ss-libev 刷新并把 ss-libev 添加到开机启动
  • 执行 systemctl start ss-libev 启动该服务

下一步?

如果你的服务器上有 nginx 等 web server,最好的选择是再上一个 obfs-tls 来进一步混淆 ss-server。

1. 获取 simple-obfs 源码并编译

1
2
3
4
5
6
7
# git clone https://github.com/shadowsocks/simple-obfs.git
# cd simple-obfs
# git submodule update --init --recursive

# ./autogen.sh
# ./configure && make
# make install

2. 为 simple-obfs 添加自定义服务

  • 新建 /lib/systemd/system/obfs.service 文件
1
2
3
4
5
6
7
8
9
10
11
12
13
14
[Unit]
Description=Obfs Service
Documentation=man:obfs-server(8)
After=network.target

[Service]
Type=simple
EnvironmentFile=/etc/default/obfs
User=root
LimitNOFILE=32768
ExecStart=/usr/local/bin/obfs-server -c $CONFFILE $DAEMON_ARGS

[Install]
WantedBy=multi-user.target
  • 新建 /etc/default/obfs 文件
1
2
3
4
5
6
7
8
# Configuration file
CONFFILE="/root/ss/obfs.json"

# Extra command line arguments
DAEMON_ARGS=""

# User and group to run the server as
USER=root
  • 新建 /root/ss/obfs.json 文件
1
2
3
4
5
6
7
8
9
10
{
"server": "0.0.0.0",
"server_port": 443,
"dst_addr": "127.0.0.1:1088",
"timeout": 60,
"obfs": "tls",
"failover": "127.0.0.1:8443",
"reuse_port": true,
"fast_open": true
}
  • 执行 systemctl daemon-reloadsystemctl enable obfs 刷新并把 obfs 添加到开机启动
  • 执行 systemctl start obfs 启动该服务

完成

到此为止,一个基于 obfs-tls 混淆的 ss-server 就搭建完成了。