优化 CentOS 7 或者 Ubuntu 16.04 以上版本下的 shadowsocks-libev 网络速度,让 shadowsocks-libev 轻松跑满宽带。同样适用于老版本 3.0 的 shadowsocks 优化。

如未安装 shadowsocks-libev 的可乘坐直达航班: CentOS 安装    Ubuntu 安装

一、优化吞吐量

1、新建配置文件:

sudo vi /etc/sysctl.d/local.conf

复制粘贴:

#max open files
fs.file-max = 51200
#max read buffer
net.core.rmem_max = 67108864
#max write buffer
net.core.wmem_max = 67108864
#default read buffer
net.core.rmem_default = 65536
#default write buffer
net.core.wmem_default = 65536
#max processor input queue
net.core.netdev_max_backlog = 4096
#max backlog
net.core.somaxconn = 4096
#resist SYN flood attacks
net.ipv4.tcp_syncookies = 1
#reuse timewait sockets when safe
net.ipv4.tcp_tw_reuse = 1
#turn off fast timewait sockets recycling
net.ipv4.tcp_tw_recycle = 0
#short FIN timeout
net.ipv4.tcp_fin_timeout = 30
#short keepalive time
net.ipv4.tcp_keepalive_time = 1200
#outbound port range
net.ipv4.ip_local_port_range = 10000 65000
#max SYN backlog
net.ipv4.tcp_max_syn_backlog = 4096
#max timewait sockets held by system simultaneously
net.ipv4.tcp_max_tw_buckets = 5000
#turn on TCP Fast Open on both client and server side
net.ipv4.tcp_fastopen = 3
#TCP receive buffer
net.ipv4.tcp_rmem = 4096 87380 67108864
#TCP write buffer
net.ipv4.tcp_wmem = 4096 65536 67108864
#turn on path MTU discovery
net.ipv4.tcp_mtu_probing = 1

net.ipv4.tcp_congestion_control = bbr

2、运行:

sysctl --system

3、编辑配置文件limits.conf

sudo vi /etc/security/limits.conf

在文件结尾添加两行:

* soft nofile 51200
* hard nofile 51200

4、编辑 shadowsocks-libev 服务

# 服务配置文件名称视具体而定
sudo vi /etc/systemd/system/shadowsocks-libev.service

在[Service]之后加入 ExecStartPre=/bin/sh -c ‘ulimit -n 51200’

[Unit]
Description=Shadowsocks-libev Server
After=network.target

[Service]
Type=simple
# 服务配置可能有所不一样,视实际而定
# 在这里加入 ExecStartPre=/bin/sh -c 'ulimit -n 51200'
ExecStartPre=/bin/sh -c 'ulimit -n 51200'
ExecStart=/usr/local/bin/ss-server -c /etc/shadowsocks-libev/config.json -u
Restart=on-abort

[Install]
WantedBy=multi-user.target

5、重新加载 shadowsocks-libev 服务配置

sudo systemctl daemon-reload

6、重启 Shadowsocks-libev 服务

sudo systemctl restart shadowsocks-libev

二、开启TCP Fast Open

TCP Fast Open可以降低Shadowsocks服务器和客户端的延迟。实际上在上一步已经开启了TCP Fast Open,现在只需要在Shadowsocks配置中启用TCP Fast Open。

1、编辑config.json:

sudo vi /etc/shadowsocks-libev/config.json

将 fast_open 的值由 false 修改为 true

{
     "server":"0.0.0.0",
     "server_port":8388,
     "local_port":1080,
     "password":"password",
     "timeout":600,
     "method":"aes-256-cfb",
     /*这里设置 fast_open:true,如果没有则加入*/
     "fast_open": true
 } 

2、重启 shadowsocks-libev 服务:

sudo systemctl restart shadowsocks-libev

三、最后开启 Google BBR

优化到此基本完成。

CentOS 安装 shadowsocks-libev, 本教程仅提供学习,请勿用于商业用途和不法行为。

如果你觉得安装步骤繁杂,可以试试 一键安装 shadowsocks-libev

1、准备编译环境

CentOS 7

yum install gcc gettext autoconf libtool automake make pcre-devel asciidoc xmlto c-ares-devel libev-devel libsodium-devel mbedtls-devel -y

CentOS 8

yum install gcc gettext autoconf libtool automake make pcre-devel asciidoc xmlto c-ares-devel libev-devel -y

2、获取shadowsocks-libev源码, 并安装

yum install git
git clone https://github.com/shadowsocks/shadowsocks-libev.git
cd shadowsocks-libev
git submodule update --init
./autogen.sh && ./configure --disable-documentation && make
sudo make install

如果出现 error: The Sodium crypto library libraries not found 错误,安装 libsodium

如果出现 error: mbed TLS libraries not found. 错误,安装 mbedtls

3、 创建配置文件

sudo mkdir /etc/shadowsocks-libev
sudo vi /etc/shadowsocks-libev/config.json

复制粘贴如下内容(注意修改密码“password”):

{
     "server":"0.0.0.0",
     "server_port":8388,
     "local_port":1080,
     "password":"password",
     "timeout":600,
     "method":"aes-256-cfb" ,
     "fast_open": false
 }

4、创建Shadowsocks-libev.service配置文件

sudo vi /etc/systemd/system/shadowsocks-libev.service

复制粘贴:

[Unit]
Description=Shadowsocks-libev Server
Documentation=https://shadowsocks.org/en/
After=network.target

[Service]
Type=simple
ExecStart=/usr/local/bin/ss-server -c /etc/shadowsocks-libev/config.json -u
Restart=on-abort

[Install]
WantedBy=multi-user.target

5、启动 Shadowsocks-libev 服务

sudo systemctl start shadowsocks-libev

6、设置开机启动

sudo systemctl enable shadowsocks-libev

至此, Shadowsocks-libev服务器端的基本配置已经全部完成了!

设置防火墙开放端口

开放 tcp/udp 8388 端口

firewall-cmd --zone=public --add-port=8388/tcp --permanent
firewall-cmd --zone=public --add-port=8388/udp --permanent

重新载入防火墙配置,使规则生效

sudo systemctl restart firewalld

优化 Shadowsocks-libev 直达航班: 优化 shadowsocks-libev 网络

最后送上Windows 客户端 Shadowsocks-4.1.7.1.zip

Shadowsocks

Shadowsocks是一个轻量级socks5代理,最初用 Python 编写。

源码安装

1、准备编译环境

sudo apt install --no-install-recommends build-essential autoconf libtool \
libssl-dev gawk debhelper dh-systemd init-system-helpers pkg-config asciidoc \
xmlto apg libpcre3-dev zlib1g-dev libev-dev libudns-dev libsodium-dev \
libmbedtls-dev libc-ares-dev automake

2、获取shadowsocks-libev源码, 并安装

sudo apt install git
git clone https://github.com/shadowsocks/shadowsocks-libev.git
cd shadowsocks-libev
git submodule update --init
./autogen.sh && ./configure --disable-documentation && make
sudo make install

3、 创建配置文件:

sudo mkdir /etc/shadowsocks-libev
sudo vi /etc/shadowsocks-libev/config.json

复制粘贴如下内容(注意修改密码“password”):

{
"server":"0.0.0.0",
"server_port":8388,
"local_port":1080,
"password":"password",
"timeout":600,
"method":"aes-256-cfb" ,
"fast_open": false
}

4、创建Shadowsocks-libev.service配置文件

sudo vi /etc/systemd/system/shadowsocks-libev.service

复制粘贴:

[Unit]
Description=Shadowsocks-libev Server
After=network.target

[Service]
Type=simple
ExecStart=/usr/local/bin/ss-server -c /etc/shadowsocks-libev/config.json -u
Restart=on-abort

[Install]
WantedBy=multi-user.target

5、启动Shadowsocks:

sudo systemctl start shadowsocks-libev

6、设置开机启动

sudo systemctl enable shadowsocks-libev

至此, Shadowsocks-libev服务器端的基本配置已经全部完成了!

优化 shadowsocks-libev 网络

开启 Google BBR

最后送上Windows 客户端 Shadowsocks-4.1.7.1.zip