1、查看系统
|
1
2
3
4
|
[root@localhost ~]
# cat /etc/issue
CentOS release
6.6
(Final)
[root@localhost ~]
# uname -a
Linux localhost.localdomain
2.6
.
32
-
042stab106
.
6
#1 SMP Mon Apr 20 14:48:47 MSK 2015 x86_64 x86_64 x86_64 GNU/Linux
|
2、安装ShadowSocks
|
1
2
|
# yum install python-setuptools && easy_install pip
# pip install shadowsocks
|
3、创建配置文件/etc/shadowsocks.json
|
1
2
3
4
5
6
7
8
9
10
11
|
[root@localhost
/
]
# touch /etc/shadowsocks.json
[root@localhost
/
]
# vi /etc/shadowsocks.json
{
"server"
:
"138.128.208.158"
,
"server_port"
:
443
,
"local_address"
:
"127.0.0.1"
,
"local_port"
:
1080
,
"password"
:
"MyPass"
,
"timeout"
:
300
,
"method"
:
"rc4-md5"
}
|
备注:加密方式官方默认使用aes-256-cfb,推荐使用rc4-md5,因为 RC4比AES速度快好几倍。
各字段说明:
server:服务器IP
server_port:服务器端口
local_port:本地端端口
password:用来加密的密码
timeout:超时时间(秒)
method:加密方法,可选择 “bf-cfb”, “aes-256-cfb”, “des-cfb”, “rc4″等
4、使用配置文件在后台运行shadowsocks服务
|
1
|
[root@localhost
/
]
# ssserver -c /etc/shadowsocks.json -d start
|
备注:若无配置文件,在后台可以使用一下命令运行:
[root@localhost /]# ssserver -p 443 -k MyPass -m rc4-md5 -d start
5、停止服务
|
1
|
[root@localhost
/
]
# ssserver -c /etc/shadowsocks.json -d stop
|
6、添加开机自启动服务
|
1
|
[root@localhost opt]
# vi /etc/init.d/shadowsocks
|
添加如下内容:
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
|
#!/bin/sh
# chkconfig: 2345 90 10
# description: Start or stop the Shadowsocks server
#
### BEGIN INIT INFO
# Provides: Shadowsocks
# Required-Start: $network $syslog
# Required-Stop: $network
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Description: Start or stop the Shadowsocks server
### END INIT INFO
# Author: xju <qing0991@163.com>
name=shadowsocks
BIN=
/usr/bin/ssserver
conf=
/etc/shadowsocks
.json
start(){
$BIN -c $conf -d start
RETVAL=$?
if
[
"$RETVAL"
=
"0"
];
then
echo
"$name start success"
else
echo
"$name start failed"
fi
}
stop(){
pid=`
ps
-ef |
grep
-
v
grep
|
grep
-
v
ps
|
grep
-i
"${BIN}"
|
awk
'{print $2}'
`
if
[ ! -z $pid ];
then
$BIN -c $conf -d stop
RETVAL=$?
if
[
"$RETVAL"
=
"0"
];
then
echo
"$name stop success"
else
echo
"$name stop failed"
fi
else
echo
"$name is not running"
RETVAL=1
fi
}
status(){
pid=`
ps
-ef |
grep
-
v
grep
|
grep
-
v
ps
|
grep
-i
"${BIN}"
|
awk
'{print $2}'
`
if
[ -z $pid ];
then
echo
"$name is not running"
RETVAL=1
else
echo
"$name is running with PID $pid"
RETVAL=0
fi
}
case
"$1"
in
'start'
)
start
;;
'stop'
)
stop
;;
'status'
)
status
;;
'restart'
)
stop
start
RETVAL=$?
;;
*)
echo
"Usage: $0 { start | stop | restart | status }"
RETVAL=1
;;
esac
exit
$RETVAL
|
添加执行权限:
|
1
|
[root@localhost ~]
# chmod a+x /etc/init.d/shadowsocks
|
添加开机自动服务:
|
1
2
3
4
5
6
7
8
9
|
[root@localhost ~]
# chkconfig --add shadowsocks
[root@localhost ~]
# chkconfig --list shadowsocks
Note: This output shows SysV services only and does not include native
systemd services. SysV configuration data might be overridden by native
systemd configuration.
If you want to list systemd services use
'systemctl list-unit-files'
.
To see services enabled on particular target use
'systemctl list-dependencies [target]'
.
shadowsocks 0:off1:off2:on3:on4:on5:on6:off
|
启动停止服务:
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
|
[root@localhost ~]
# service shadowsocks status
shadowsocks is running with PID 507
[root@localhost ~]
# shadowsocks stop
-
bash
: shadowsocks:
command
not found
[root@localhost ~]
# service shadowsocks status
shadowsocks is running with PID 507
[root@localhost ~]
# service shadowsocks stop
INFO: loading config from
/etc/shadowsocks
.json
stopped
shadowsocks stop success
[root@localhost ~]
# service shadowsocks start
INFO: loading config from
/etc/shadowsocks
.json
2015-10-01 03:50:54 INFO loading libcrypto from libcrypto.so.10
started
shadowsocks start success
[root@localhost ~]
# service shadowsocks restart
INFO: loading config from
/etc/shadowsocks
.json
stopped
shadowsocks stop success
INFO: loading config from
/etc/shadowsocks
.json
2015-10-01 03:51:04 INFO loading libcrypto from libcrypto.so.10
started
shadowsocks start success
|
备注:(1)开机自启动服务可以简单设置:
# vi /etc/rc.local
ssserver -c /etc/shadowsocks.json -d start
(2)若要配置多个用户,可以添加配置文件如/etc/shadowsocks1.json,设置不同的端口号(如:444)就行。
7、优化服务
7.1 increase the maximum number of open file descriptors
# vi /etc/security/limits.conf
* soft nofile 51200 * hard nofile 51200
执行:
|
1
|
# ulimit -n 51200
|
7.2 Tune the kernel parameters
|
1
|
# vi /etc/sysctl.conf
|
fs.file-max = 51200
net.core.rmem_max = 67108864
net.core.wmem_max = 67108864
net.core.netdev_max_backlog = 250000
net.core.somaxconn = 4096
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_tw_recycle = 0
net.ipv4.tcp_fin_timeout = 30
net.ipv4.tcp_keepalive_time = 1200
net.ipv4.ip_local_port_range = 10000 65000
net.ipv4.tcp_max_syn_backlog = 8192
net.ipv4.tcp_max_tw_buckets = 5000
net.ipv4.tcp_fastopen = 3
net.ipv4.tcp_mem = 25600 51200 102400
net.ipv4.tcp_rmem = 4096 87380 67108864
net.ipv4.tcp_wmem = 4096 65536 67108864
net.ipv4.tcp_mtu_probing = 1
net.ipv4.tcp_congestion_control = hybla
执行:
|
1
|
# sysctl -p
|
重启shadowsocks服务:
|
1
|
# servie shadowsocks restart
|
备注:若要配置多用户模式,只需修改配置文件:
|
1
2
3
4
5
6
7
8
9
10
11
12
13
|
[root@localhost ~]
# cat /etc/shadowsocks.json
{
"server"
:
"145.78.20.216"
,
"port_password"
:{
"9000"
:
"MyPass1"
,
"9001"
:
"MyPass2"
,
"9002"
:
"MyPass3"
},
"local_address"
:
"127.0.0.1"
,
"local_port"
:1080,
"timeout"
:300,
"method"
:
"rc4-md5"
}
|
说明:
中美之间的线路质量不是很好,rtt较长且时常丢包。TCP的设计目的是解决不可靠线路上可靠传输的问题,即为了解决丢包,但丢包却使TCP传输速度大幅下降。HTTP协议在传输层使用的是TCP协议,所以网页下载的速度就取决于TCP单线程下载的速度(因为网页就是单线程下载的)。丢包使得TCP传输速度大幅下降的主要原因是丢包重传机制,控制这一机制的就是TCP拥塞控制算法。
Linux内核中提供了若干套TCP拥塞控制算法,这些算法各自适用于不同的环境。
1)reno是最基本的拥塞控制算法,也是TCP协议的实验原型。
2)bic适用于rtt较高但丢包极为罕见的情况,比如北美和欧洲之间的线路,这是2.6.8到2.6.18之间的Linux内核的默认算法。
3)cubic是修改版的bic,适用环境比bic广泛一点,它是2.6.19之后的linux内核的默认算法。
4)hybla适用于高延时、高丢包率的网络,比如卫星链路——同样适用于中美之间的链路。
我们需要做的工作就是将TCP拥塞控制算法改为hybla算法,并且优化TCP参数。
运行
sysctl net.ipv4.tcp_available_congestion_control
可以得到:
net.ipv4.tcp_available_congestion_control = cubic reno bbr bic westwood htcp
参考文献:
http://shadowsocks.org/en/index.html
https://github.com/shadowsocks/shadowsocks/wiki/Shadowsocks-使用说明
http://wuchong.me/blog/2015/02/02/shadowsocks-install-and-optimize/
http://shadowsocks.org/en/config/advanced.html
本文转自stock0991 51CTO博客,原文链接:http://blog.51cto.com/qing0991/1649922,如需转载请自行联系原作者
