gongdear

gongdear的技术博客

欢迎大家参观我的博客
  menu
91 文章
89355 浏览
ღゝ◡╹)ノ❤️
/    

在Debian 9上部署ss并开启混淆和bbr

就个人看法来说,如果操作系统采用 Debian,无论是作为客户端还是服务端,使用 shadowsocks-libev 都是一种非常舒适流畅的体验。本文介绍如何在 Debian 系统中搭建 ss-libev 服务端。

注:以下的所有命令,都是针对 Debian 9 Stretch,并在 root 用户下执行的。

安装

添加stretch-backports

1
2
sh -c 'printf "deb http://deb.debian.org/debian stretch-backports main" > /etc/apt/sources.list.d/stretch-backports.list'
apt update

安装shadowsocks-libevsimple-obfs

1
apt -t stretch-backports install shadowsocks-libev simple-obfs -y

配置

编辑配置文件:

1
vim /etc/shadowsocks-libev/config-obfs.json

/etc/shadowsocks-libev/config-obfs.json

1
2
3
4
5
6
7
8
9
10
11
12
{
    "server":["::0","0.0.0.0"],
    "server_port":端口,
    "local_port":1080,
    "password":"密码",
    "timeout":60,
    "method":"aes-256-gcm",
    "mode":"tcp_and_udp",
    "fast_open":false,
    "plugin":"obfs-server",
    "plugin_opts":"obfs=http"
}

接下来,编辑/etc/default/shadowsocks-libev指定使用哪个配置文件,如下所示,更改了文件中CONFFILE的值(改成了config-obfs.json):

1
vim /etc/default/shadowsocks-libev

/etc/default/shadowsocks-libev

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
# Defaults for shadowsocks initscript
# sourced by /etc/init.d/shadowsocks-libev
# installed at /etc/default/shadowsocks-libev by the maintainer scripts

#
# This is a POSIX shell fragment
#
# Note: `START', `GROUP' and `MAXFD' options are not recognized by systemd.
# Please change those settings in the corresponding systemd unit file.

# Enable during startup?
START=yes

# Configuration file
CONFFILE="/etc/shadowsocks-libev/config-obfs.json"

# Extra command line arguments
DAEMON_ARGS="-u"

# User and group to run the server as
USER=nobody
GROUP=nogroup

# Number of maximum file descriptors
MAXFD=32768

启动并检查

激活服务,以便开机自动启动:

1
systemctl enable shadowsocks-libev

启动服务:

1
systemctl start shadowsocks-libev

查看服务状态:

1
systemctl status shadowsocks-libev

至此,对服务端的部署配置愉快完成。

开启BBR

先检查 kernel 是否支持 BBR:

1
uname -r    # kernel >= 4.9

然后执行 lsmod | grep bbr测试一下输出结果是否有bbr “bbr”.

1
2
modprobe tcp_bbr
echo "tcp_bbr" >> /etc/modules-load.d/modules.conf

最后执行

1
2
3
echo "net.core.default_qdisc=fq" >> /etc/sysctl.conf
echo "net.ipv4.tcp_congestion_control=bbr" >> /etc/sysctl.conf
sysctl -p

centos7客户端的配置

cd /etc/yum.repos.d/
curl -O https://copr.fedorainfracloud.org/coprs/librehat/shadowsocks/repo/epel-7/librehat-shadowsocks-epel-7.repo
yum install -y shadowsocks-libev

配置文件 cat /etc/shadowsocks-libev/config.json
{
"server":"0.0.0.0",
"server_port":port,
"local_port":1080,
"password":"password",
"timeout":60,
"method":"aes-256-gcm",
"mode":"tcp_and_udp"
}
对于配置客户端,完成以上几项配置就足够了。

如果想要变更默认的配置文件,或者提供其他命令行参数,我们可以修改/etc/sysconfig/shadowsocks-libev

# Configuration file
CONFFILE="/etc/shadowsocks-libev/config.json"

# Extra command line arguments
DAEMON_ARGS="-u"

其中CONFFILE指定了_shadowsocks-libev_所读取的配置文件;DAEMON_ARGS则指定了额外的命令行参数,此处的"-u"表示启用 UDP 协议。

需要注意的是,命令行参数DAEMON_ARGS比配置文件CONFFILE中指定的选项优先级要更高一些。

启动 Shadowsocks 服务

有了 Shadowsocks 客户端的配置文件后,我们通过 systemd 启动 Shadowsocks 的客户端服务:
systemctl enable --now shadowsocks-libev-local
systemctl status shadowsocks-libev-local

宝剑锋从磨砺出,梅花香自苦寒来.