1
+ #! /usr/bin/env bash
2
+ sudo apt update && sudo apt upgrade -yuf
3
+ sudo apt-get install -y --no-install-recommends gettext build-essential autoconf libtool libpcre3-dev asciidoc xmlto libev-dev libudns-dev automake libmbedtls-dev libsodium-dev git python-m2crypto libc-ares-dev
4
+ cd /opt
5
+ sudo git clone https://github.com/shadowsocks/shadowsocks-libev.git
6
+ cd shadowsocks-libev
7
+ sudo git submodule update --init --recursive
8
+ sudo ./autogen.sh
9
+ sudo ./configure
10
+ sudo make && sudo make install
11
+ sudo adduser --system --no-create-home --group shadowsocks
12
+ sudo mkdir -m 755 /etc/shadowsocks
13
+ ip=` ifconfig | grep -Eo ' inet (addr:)?([0-9]*\.){3}[0-9]*' | grep -Eo ' ([0-9]*\.){3}[0-9]*' | grep -v ' 127.0.0.1' `
14
+
15
+ printf " {\n\
16
+ \" server\" :\" $ip \" ,\n\
17
+ \" server_port\" :443,\n\
18
+ \" password\" :\" holymoly\" ,\n\
19
+ \" timeout\" :300,\n\
20
+ \" method\" :\" aes-256-gcm\" ,\n\
21
+ \" fast_open\" : true\n}\n" | sudo tee /etc/shadowsocks/shadowsocks.json
22
+
23
+ sudo bash -c ' cat >/etc/sysctl.d/local.conf <<EOL
24
+ # max open files
25
+ fs.file-max = 51200
26
+ # max read buffer
27
+ net.core.rmem_max = 67108864
28
+ # max write buffer
29
+ net.core.wmem_max = 67108864
30
+ # default read buffer
31
+ net.core.rmem_default = 65536
32
+ # default write buffer
33
+ net.core.wmem_default = 65536
34
+ # max processor input queue
35
+ net.core.netdev_max_backlog = 4096
36
+ # max backlog
37
+ net.core.somaxconn = 4096
38
+ # resist SYN flood attacks
39
+ net.ipv4.tcp_syncookies = 1
40
+ # reuse timewait sockets when safe
41
+ net.ipv4.tcp_tw_reuse = 1
42
+ # turn off fast timewait sockets recycling
43
+ net.ipv4.tcp_tw_recycle = 0
44
+ # short FIN timeout
45
+ net.ipv4.tcp_fin_timeout = 30
46
+ # short keepalive time
47
+ net.ipv4.tcp_keepalive_time = 1200
48
+ # outbound port range
49
+ net.ipv4.ip_local_port_range = 10000 65000
50
+ # max SYN backlog
51
+ net.ipv4.tcp_max_syn_backlog = 4096
52
+ # max timewait sockets held by system simultaneously
53
+ net.ipv4.tcp_max_tw_buckets = 5000
54
+ # turn on TCP Fast Open on both client and server side
55
+ net.ipv4.tcp_fastopen = 3
56
+ # TCP receive buffer
57
+ net.ipv4.tcp_rmem = 4096 87380 67108864
58
+ # TCP write buffer
59
+ net.ipv4.tcp_wmem = 4096 65536 67108864
60
+ # turn on path MTU discovery
61
+ net.ipv4.tcp_mtu_probing = 1
62
+ # for high-latency network
63
+ net.ipv4.tcp_congestion_control = hybla
64
+ # for low-latency network, use cubic instead
65
+ net.ipv4.tcp_congestion_control = cubic
66
+ EOL'
67
+
68
+ sudo sysctl --system
69
+
70
+ sudo bash -c ' cat >/etc/systemd/system/shadowsocks.service <<EOL
71
+ [Unit]
72
+ Description=Shadowsocks proxy server
73
+
74
+ [Service]
75
+ User=root
76
+ Group=root
77
+ Type=simple
78
+ ExecStart=/usr/local/bin/ss-server -c /etc/shadowsocks/shadowsocks.json -a shadowsocks -v start
79
+ ExecStop=/usr/local/bin/ss-server -c /etc/shadowsocks/shadowsocks.json -a shadowsocks -v stop
80
+
81
+ [Install]
82
+ WantedBy=multi-user.target
83
+ EOL'
84
+
85
+ sudo systemctl daemon-reload
86
+ sudo systemctl enable shadowsocks
87
+ sudo systemctl start shadowsocks
0 commit comments