Forked from vincentbel/setup-shadowsocks-on-debian.sh
Last active
August 4, 2017 19:46
-
-
Save mpalet/e54fd390121502c691560f052581eee2 to your computer and use it in GitHub Desktop.
Setup shadowsocks on debian
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| ########## Install Shadowsocks ########## | |
| # https://github.com/shadowsocks/shadowsocks-libev#debian--ubuntu | |
| sh -c 'printf "deb http://httpredir.debian.org/debian jessie-backports main" > /etc/apt/sources.list.d/jessie-backports.list' | |
| apt update | |
| apt -t jessie-backports install shadowsocks-libev | |
| ########## Setup Shadowsocks ########## | |
| # How to generate random string: <https://gist.github.com/earthgecko/3089509> | |
| # And the `tr: Illegal byte sequence` issue: | |
| # <http://unix.stackexchange.com/questions/45404/why-cant-tr-read-from-dev-urandom-on-osx> | |
| random_pass=$(LC_CTYPE=C tr -dc 'a-zA-Z0-9' < /dev/urandom | fold -w 16 | head -n 1) | |
| ss_config="{ | |
| \"server\":\"0.0.0.0\", | |
| \"server_port\":8388, | |
| \"local_port\":1080, | |
| \"password\":\"$random_pass\", | |
| \"timeout\":300, | |
| \"method\":\"aes-256-cfb\" | |
| } | |
| " | |
| # Remember to add the quotes around the variable otherwise | |
| # you won't see the newline characters. | |
| echo "$ss_config" > /etc/shadowsocks-libev/config.json | |
| ########## Optimizing Shadowsocks ########## | |
| # <https://github.com/shadowsocks/shadowsocks/wiki/Optimizing-Shadowsocks> | |
| cat <<EOT > /etc/sysctl.d/local.conf | |
| # max open files | |
| fs.file-max = 51200 | |
| # max read buffer | |
| net.core.rmem_max = 67108864 | |
| # max write buffer | |
| net.core.wmem_max = 67108864 | |
| # default read buffer | |
| net.core.rmem_default = 65536 | |
| # default write buffer | |
| net.core.wmem_default = 65536 | |
| # max processor input queue | |
| net.core.netdev_max_backlog = 4096 | |
| # max backlog | |
| net.core.somaxconn = 4096 | |
| # resist SYN flood attacks | |
| net.ipv4.tcp_syncookies = 1 | |
| # reuse timewait sockets when safe | |
| net.ipv4.tcp_tw_reuse = 1 | |
| # turn off fast timewait sockets recycling | |
| net.ipv4.tcp_tw_recycle = 0 | |
| # short FIN timeout | |
| net.ipv4.tcp_fin_timeout = 30 | |
| # short keepalive time | |
| net.ipv4.tcp_keepalive_time = 1200 | |
| # outbound port range | |
| net.ipv4.ip_local_port_range = 10000 65000 | |
| # max SYN backlog | |
| net.ipv4.tcp_max_syn_backlog = 4096 | |
| # max timewait sockets held by system simultaneously | |
| net.ipv4.tcp_max_tw_buckets = 5000 | |
| # turn on TCP Fast Open on both client and server side | |
| net.ipv4.tcp_fastopen = 3 | |
| # TCP receive buffer | |
| net.ipv4.tcp_rmem = 4096 87380 67108864 | |
| # TCP write buffer | |
| net.ipv4.tcp_wmem = 4096 65536 67108864 | |
| # turn on path MTU discovery | |
| net.ipv4.tcp_mtu_probing = 1 | |
| # for high-latency network | |
| net.ipv4.tcp_congestion_control = hybla | |
| # for low-latency network, use cubic instead | |
| # net.ipv4.tcp_congestion_control = cubic | |
| EOT | |
| sysctl --system | |
| #instead of ulimit -n 51200 | |
| #we modify the environment var of the service unit | |
| sed -i "s/MAXFD=.*/MAXFD=51200/g" /etc/default/shadowsocks-libev | |
| # Restart shadowsocks server service | |
| systemctl restart shadowsocks-libev | |
| echo | |
| echo -e "Your shadowsocks config file is at: '/etc/shadowsocks-libev/config.json', and your config is: \n$ss_config" | |
| echo -e "Modify firewall rules, if necessary, using the following commands:" | |
| echo -e " iptables -I INPUT -p tcp --dport 8388 -j ACCEPT" | |
| echo -e " iptables -I INPUT -p udp --dport 8388 -j ACCEPT" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment