在debian 12上安装shadowsocks

Index

1. 1. 1、服务端安装配置
   1. 1.1. 1.1、安装配置shadowsocks-libev
   2. 1.2. 1.2、安装v2ray-plugin插件
2. 2. 2、PC端安装配置
   1. 2.1. 2.1、配置ShadowsocksX-NG

1、服务端安装配置

1.1、安装配置shadowsocks-libev

cd /usr/local/src
wget https://github.com/shadowsocks/shadowsocks-libev/releases/download/v3.3.5/shadowsocks-libev-3.3.5.tar.gz
ll
tar xf shadowsocks-libev-3.3.5.tar.gz
ll
cd shadowsocks-libev-3.3.5
ll
apt install libpcre3 libpcre3-dev libmbedtls-dev libsodium-dev cmake libc-ares2 libc-ares-dev libev-dev
./configure --disable-documentation
make && make install

文件默认安装在/usr/local目录下。按照如下方法为shadowsocks-libev创建systemd服务。
编辑/usr/local/src/shadowsocks-libev-3.3.5/debian/shadowsocks-libev.service文件，改成如下

Text

#  This file is part of shadowsocks-libev.
#
#  Shadowsocks-libev is free software; you can redistribute it and/or modify
#  it under the terms of the GNU General Public License as published by
#  the Free Software Foundation; either version 3 of the License, or
#  (at your option) any later version.
#
#  This file is default for Debian packaging. See also
#  /etc/default/shadowsocks-libev for environment variables.

[Unit]
Description=Shadowsocks-libev Default Server Service
Documentation=man:shadowsocks-libev(8)
After=network-online.target

[Service]
Type=simple
CapabilityBoundingSet=CAP_NET_BIND_SERVICE
AmbientCapabilities=CAP_NET_BIND_SERVICE
DynamicUser=true
EnvironmentFile=/etc/default/shadowsocks-libev
LimitNOFILE=32768
ExecStart=/usr/local/bin/ss-server -c $CONFFILE $DAEMON_ARGS

[Install]
WantedBy=multi-user.target

编辑/usr/local/src/shadowsocks-libev-3.3.5/debian/shadowsocks-libev.default文件，把

DAEMON_ARGS=

改成

DAEMON_ARGS="-d 8.8.8.8 -d 8.8.4.4 -u"

然后将相应文件cp到对应目录

cp /usr/local/src/shadowsocks-libev-3.3.5/debian/shadowsocks-libev.service /usr/lib/systemd/system
cp /usr/local/src/shadowsocks-libev-3.3.5/debian/shadowsocks-libev.default /etc/default/shadowsocks-libev

为shadowsocks-libev配置证书：

mkdir -p /etc/certs

将申请的RSA证书（以域名dmit.example.com为例）放置至/etc/certs目录，并配置权限为644。其中example.com.pem为公钥，example.com.key为私钥。
为shadowsocks-libev创建主配置文件：

mkdir -p /etc/shadowsocks-libev
cat  > /etc/shadowsocks-libev/config.json  < EOF
{
    "server": ["::", "0.0.0.0"],
    "mode": "tcp_and_udp",
    "server_port": 443,
    "local_port": 1080,
    "password": "Gpb2xUPArG82bExG",
    "timeout": 300,
    "reuse-port": true,
    "method": "chacha20-ietf-poly1305",
    "plugin": "/usr/local/bin/v2ray-plugin",
    "plugin_opts": "server;tls;host=dmit.example.com;cert=/etc/certs/example.com.pem;key=/etc/certs/example.com.key;loglevel=none"
}
EOF

因为启动用户为nobody，启动端口为小于1024的443端口，所以需要为ss-server赋予以下权限：

setcap CAP_NET_BIND_SERVICE=+eip /usr/local/bin/ss-server

将shadowsocks-libev服务设置开机自启并启动：

systemctl enable shadowsocks-libev.service
systemctl start shadowsocks-libev.service
systemctl status shadowsocks-libev.service

查看状态当然是失败的，因为缺少v2ray-plugin插件。

1.2、安装v2ray-plugin插件

cd /usr/local/src
wget https://github.com/shadowsocks/v2ray-plugin/releases/download/v1.3.2/v2ray-plugin-linux-amd64-v1.3.2.tar.gz
# wget https://github.com/teddysun/v2ray-plugin/releases/download/v5.17.0/v2ray-plugin-linux-amd64-v5.17.0.tar.gz
tar xf v2ray-plugin-linux-amd64-v1.3.2.tar.gz
cp v2ray-plugin_linux_amd64 /usr/local/bin/v2ray-plugin
setcap CAP_NET_BIND_SERVICE=+eip /usr/local/bin/v2ray-plugin

再次启动shadowsocks-libev：

systemctl start shadowsocks-libev.service
systemctl status shadowsocks-libev.service

发现已经正常启动。

2、PC端安装配置

2.1、配置ShadowsocksX-NG

下载以下版本的ShadowsocksX-NG及最新版的v2ray-plugin
MacOS版：https://github.com/shadowsocks/ShadowsocksX-NG/releases/download/v1.9.4/ShadowsocksX-NG.1.9.4.zip （最新版的配置完成后始终不能正常使用）
https://github.com/teddysun/v2ray-plugin/releases/download/v5.17.0/v2ray-plugin-darwin-amd64-v5.17.0.tar.gz （插件版本号同服务端）
如果MacOS在启动Shadowsocks时提示未验证的发布者请在终端执行sudo spctl --master-disable即可正常运行。

主机名： dmit.example.com
端口： 443
加密方法： chacha20-ietf-poly1305
密码： Gpb2xUPArG82bExG [ 你的密码，配置同服务端 ]
插件： v2ray-plugin
插件选项： tls;host=dmit.example.com

赏

谢谢您的支持

支付宝

微信