Prerequisites

Build and install with recent mbedTLS and libsodium

1
2
3
4
5
6
7
8
9
10
11
12
13
14
export LIBSODIUM_VER=1.0.11
export MBEDTLS_VER=2.4.0
wget https://github.com/jedisct1/libsodium/releases/download/1.0.11/libsodium-$LIBSODIUM_VER.tar.gz
tar xvf libsodium-$LIBSODIUM_VER.tar.gz
pushd libsodium-$LIBSODIUM_VER
./configure --prefix=/usr && make
sudo make install
popd
wget https://tls.mbed.org/download/mbedtls-$MBEDTLS_VER-gpl.tgz
tar xvf mbedtls-$MBEDTLS_VER-gpl.tgz
pushd mbedtls-$MBEDTLS_VER
make SHARED=1 CFLAGS=-fPIC
sudo make DESTDIR=/usr install
popd

Other

1
2
yum install epel-release -y
yum install gcc gettext autoconf libtool automake make pcre-devel asciidoc xmlto udns-devel libev-devel -y

Get the latest source code

1
2
3
git clone https://github.com/shadowsocks/shadowsocks-libev.git
cd shadowsocks-libev
git submodule update --init --recursive

Installation

1
2
./autogen.sh && ./configure && make
sudo make install

Configuration

Create the configuration file

1
2
mkdir -p /etc/shadowsocks
vi /etc/shadowsocks/config.json

Put the following text into the file:

1
2
3
4
5
6
7
8
9
{
 "server":"0.0.0.0",
 "server_port":40002,
 "local_address": "127.0.0.1",
 "local_port":1080,
 "password":"mypassword",
 "timeout":300,
 "method":"chacha20",
}

To run with deamon in CentOS7

Create and edit a file:

1
vi /etc/systemd/system/shadowsocks.service

Add the following text to the file shadowsocks.service :

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
[Unit]
Description=Shadowsocks
After=network.target
[Service]
Type=forking
PIDFile=/run/shadowsocks/ss.pid
PermissionsStartOnly=true
ExecStartPre=/bin/mkdir -p /run/shadowsocks
ExecStartPre=/bin/chown nobody:nobody /run/shadowsocks
ExecStart=/usr/local/bin/ss-server -u -c /etc/shadowsocks/config.json -v -f /var/run/shadowsocks/ss.pid
Restart=on-abort
User=nobody
Group=nobody
UMask=0027
[Install]
WantedBy=multi-user.target

To run

1
2
systemctl start shadowsocks
systemctl enable shadowsocks

To stop

1
systemctl stop shadowsocks

Check the log

1
less /var/log/messages

You can also use the following command:

1
journalctl | grep ss-server

or

1
journalctl -u shadowsocks.service

More usage about journalctl

Firewalld

1
vi /etc/firewalld/services/shadowsocks.xml

Add the following text:

1
2
3
4
5
6
7
<?xml version="1.0" encoding="utf-8"?>
<service>
  <short>shadowsocks</short>
  <description>enable shadowsocks.</description>
  <port protocol="tcp" port="39999"/>
  <port protocol="udp" port="39999"/>
</service>

Add a firewall policy use the command firewall-cmd

1
2
firewall-cmd --permanent --zone=public --add-service=shadowsocks
firewall-cmd --reload

Reference material

Last updated: 2017/02/19