从零开始的VPS生活 Vol2-1：科学上网——轻松搭建Shadowsocks服务端

shadowsocks大名鼎鼎，是什么、怎么用我就不说了，外事用Google。

一键包很多，但是我个人很喜欢用官方的方法安装，这样更容易更新。

librehat的copr很久没有更新了，这里暂时改为源码编译安装，如果后续还有更新的话，再换回来

# 需要git来获取源码
sudo yum install git -y
# 以下是官网要求安装的包
sudo yum install epel-release -y
sudo yum install gcc gettext autoconf libtool automake make pcre-devel asciidoc xmlto c-ares-devel libev-devel libsodium-devel mbedtls-devel -y
# 获取源码
git clone https://github.com/shadowsocks/shadowsocks-libev.git
cd shadowsocks-libev
git submodule update --init --recursive
# 编译安装
./autogen.sh && ./configure && make
sudo make install

如果是更新的话：

cd shadowsocks-libev
git pull
git submodule update --init --recursive
./autogen.sh && ./configure && make
sudo make install

这里参考debian的配置文件，为其配置默认值和系统服务，详情可以阅读源码的debain目录

为了适配CentOS，要将Group改为nobody，代替debain配置文件中的nogroup

因为是编译安装，所以要将ExecStart中的可执行文件位置改为/usr/local/bin/ss-server

创建文件：/etc/default/shadowsocks-libev

# Defaults for shadowsocks initscript
# sourced by /etc/init.d/shadowsocks-libev
# installed at /etc/default/shadowsocks-libev by the maintainer scripts

#
# This is a POSIX shell fragment
#
# Note: `START', `GROUP' and `MAXFD' options are not recognized by systemd.
# Please change those settings in the corresponding systemd unit file.

# Enable during startup?
START=yes

# Configuration file
CONFFILE="/etc/shadowsocks-libev/config.json"

# Extra command line arguments
DAEMON_ARGS="-u"

# User and group to run the server as
USER=nobody
GROUP=nobody

# Number of maximum file descriptors
MAXFD=32768

创建文件：/lib/systemd/system/shadowsocks-libev.service

#  This file is part of shadowsocks-libev.
#
#  Shadowsocks-libev is free software; you can redistribute it and/or modify
#  it under the terms of the GNU General Public License as published by
#  the Free Software Foundation; either version 3 of the License, or
#  (at your option) any later version.
#
#  This file is default for Debian packaging. See also
#  /etc/default/shadowsocks-libev for environment variables.

[Unit]
Description=Shadowsocks-libev Default Server Service
Documentation=man:shadowsocks-libev(8)
After=network.target

[Service]
Type=simple
CapabilityBoundingSet=CAP_NET_BIND_SERVICE
AmbientCapabilities=CAP_NET_BIND_SERVICE
EnvironmentFile=/etc/default/shadowsocks-libev
User=nobody
Group=nobody
LimitNOFILE=32768
ExecStart=/usr/local/bin/ss-server -c $CONFFILE $DAEMON_ARGS

[Install]
WantedBy=multi-user.target

修改配置文件/etc/shadowsocks-libev/config.json

{
    "server": ["0.0.0.0","[::]"],
    "server_port":888,
    "password":"password",
    "timeout": 60,
    "method": "chacha20-ietf-poly1305",
    "fast_open": false
}

这个地方增加了一个IPv6访问的功能，理论上也能实现6in4，但是实际操作中浏览器不一定会支持。主要的作用还是可以用IPv6链接服务器。

端口和密码请按照需求修改。随后执行以下命令。

# 开放tcp代理端口
sudo firewall-cmd --permanent --add-port=888/tcp
# 开放udp代理端口
sudo firewall-cmd --permanent --add-port=888/udp
# 防火墙生效
sudo firewall-cmd --reload
# 启动ss服务
sudo systemctl enable shadowsocks-libev
# 启动ss
sudo systemctl start shadowsocks-libev

Enjoy it~