Shadowsocks is a lightweight and secure proxy tool designed to protect your internet privacy while bypassing censorship. Unlike traditional VPNs, Shadowsocks operates as a SOCKS5 proxy, making it faster and harder to detect. Here’s how to set it up on your VPS to secure your connection.
Why Use Shadowsocks on Your VPS?
- Lightweight: Minimal resource usage compared to full-fledged VPNs.
- Faster Connections: Optimized for speed with fewer overheads.
- Circumvents Censorship: Effective against DPI (Deep Packet Inspection).
- Secure: Uses robust encryption methods to protect your data.
Prerequisites
- VPS: A Linux-based VPS (Ubuntu/Debian/CentOS recommended).
- Root Access: Required to install and configure software.
- Domain or Public IP: To connect to your VPS.
Step 1: Update Your VPS
Ensure your VPS is up to date to avoid compatibility issues:
sudo apt update && sudo apt upgrade -y
Step 2: Install Shadowsocks
You can install Shadowsocks using a pre-built package or set it up manually.
Option 1: Install via Package Manager
On Ubuntu/Debian:
sudo apt install shadowsocks-libev -y
On CentOS:
sudo yum install epel-release -y
sudo yum install shadowsocks-libev -y
Option 2: Install via pip (Python-based Shadowsocks)
Install Python and pip:
sudo apt install python3 python3-pip -y
Install Shadowsocks:
pip3 install shadowsocks
Step 3: Configure Shadowsocks
Create a configuration file:
sudo nano /etc/shadowsocks.json
Add the following configuration:
{
"server": "0.0.0.0",
"server_port": 8388,
"local_address": "127.0.0.1",
"local_port": 1080,
"password": "your_secure_password",
"timeout": 300,
"method": "aes-256-gcm"
}
- server: Set to
0.0.0.0
to allow external connections. - server_port: Port for Shadowsocks to listen on (e.g.,
8388
). - password: A strong password to secure your connection.
- method: Encryption method (e.g.,
aes-256-gcm
is highly recommended).
Save and exit the file (CTRL + X, then Y, then ENTER).
Step 4: Start Shadowsocks
Run Shadowsocks using the configuration file:
ss-server -c /etc/shadowsocks.json -d start
To enable it on system boot, use:
sudo systemctl enable shadowsocks-libev
sudo systemctl start shadowsocks-libev
Step 5: Configure Firewall
Ensure the port you specified (e.g., 8388
) is open:
For ufw (Ubuntu/Debian):
sudo ufw allow 8388/tcp
sudo ufw allow 8388/udp
sudo ufw reload
For firewalld (CentOS):
sudo firewall-cmd --permanent --add-port=8388/tcp
sudo firewall-cmd --permanent --add-port=8388/udp
sudo firewall-cmd --reload
Step 6: Connect to Shadowsocks
Download a Shadowsocks client for your device:
- Windows: Shadowsocks-Windows
- Mac: ShadowsocksX-NG
- Android: Shadowsocks (available on F-Droid or Google Play)
- iOS: Potatso Lite (from the App Store)
Client Configuration
- Open the client and create a new connection.
- Enter your VPS details:
- Server IP: Your VPS’s IP address.
- Server Port: The port specified in the configuration (
8388
). - Password: The same password in the configuration file.
- Encryption Method: Match the method (e.g.,
aes-256-gcm
).
- Save the configuration and connect.
Optional Enhancements
- Enable Obfuscation: Use plugins like v2ray-plugin to make Shadowsocks harder to detect.
- Install the plugin:
sudo apt install shadowsocks-v2ray-plugin
- Modify the config to include:
json
"plugin": "v2ray-plugin", "plugin_opts": "obfs=tls;obfs-host=www.example.com"
- Install the plugin:
- Add a Domain: Use a domain name instead of an IP for better usability.
- Enable Logging: Track usage or debug issues by enabling logs in your configuration.
Step 7: Verify Your Connection
Check your IP address after connecting to ensure traffic is routed through the VPS:
- Visit https://whatismyipaddress.com/.
- Verify the IP matches your VPS’s IP.
Conclusion
With Shadowsocks, you now have a secure and private connection tailored to your needs. Whether you’re bypassing censorship or securing your internet traffic, Shadowsocks offers a lightweight and effective solution for your VPS. For enhanced privacy, consider pairing it with additional tools like DNS encryption or a CDN.