Closed How to setup shadowsocks-libev(lightweight) server on digital ocean vps!

[iSync]

How to Setup Shadowsocks-libev(most latest updated and light) on Digital Ocean VPS!

Yeah i know there are some other shadowsocks install tutorial around here and they didn't even cover optimization etc and fast open. But did you know that there’s also another software called Shadowsocks-libev?

Shadowsocks-libev, on the other hand, is written in C programming language and thus it consumes little RAM and is a very good fit for low-end device such as routers. The latest stable version is v3.0.8 which was released on July 27, 2017.

yes we can also install shadowsocks libev as client on routers but well cover that another time

But 1st You need a VPS so if you have some extra cash to spare follow instrcutions below

Save $25 for your Cloud Computing Solution with Digital Ocean.

Use this link to You do not have permission to view the full content of this post. Log in or register now. and save your first $10.

Enter the Promocode LOWENDBOX when you choose your payment method and get another $15 discount.

Need To pay atleast 5$ via Paypal or atleast provide legit creditcard details to unlock deploying a vps

Apply LOWENDBOX first before doing so.

if you used paypal to pay and the extra 15$ didnt apply just contact support that you didnt get a additional 15$ discount by using the lowendbox code

Starting with a $25 discount is not bad for a service which only coast $5 per month

Now to Deploy our VPS

1. Press Create then click droplets

2.Click Distribution and Select Ubuntu 16.04 64

3.Choose size Click Standard and Select 5$ one

4.Choose a datacenter region of your choice

5.check monitoring

6.Finalize and create

Check email for SSH root password log in via putty
then you will be prompt to change password
log in again to log in into ROOT terminal via SSH

How to use:
Use the root user to log in and run the following command:

sudo wget --no-check-certificate -O https://pastebin.com/raw/wQM2YZj1 shadowsocks-libev-debian.sh

chmod +x shadowsocks-libev-debian.sh

./shadowsocks-libev-debian.sh 2>&1 | tee shadowsocks-libev-debian.log

After the installation is complete, the script prompts as follows:

Congratulations, Shadowsocks-libev server install completed!
Your Server IP        :your_server_ip
Your Server Port      :your_server_port
Your Password         :your_password
Your Encryption Method:your_encryption_method


Enjoy it!

Uninstall method:
use the root user login, run the following command:

./shadowsocks-libev-debian.sh uninstall

commands:
start: /etc/init.d/shadowsocks start
stop: /etc/init.d/shadowsocks stop
restart: /etc/init.d/shadowsocks restart
View Status: /etc/init.d/shadowsocks status

Want to modify Shadowsocks details like port and password?
check this out

1st
open SSH like what you did to install the server
type

sudo nano /etc/shadowsocks-libev/config.json

and something like this will appear

{
   "server":["[::0]","0.0.0.0"],
   "server_port":your_server_port,
   "local_address":"127.0.0.1",
   "local_port":1080,
   "password":"your_password",
   "timeout":600,
   "method":"aes-128-cfb"
}

now we edit like we do in notepad
p.s. you cannot use numpad and can only use the numbers below the f1-f8 keys

{
   "server":["[::0]","0.0.0.0"],
   "server_port":443,
   "local_address":"127.0.0.1",
   "local_port":1080,
   "password":"PeenoiseSync",
   "timeout":600,
   "method":"aes-256-cfb"
}

after editing press and hold ctrl then press o
press enter to save
then press and hold ctrl then x to close
after that you may want to restart your shadowsocks server so use our command

/etc/init.d/shadowsocks restart

to restart

then you may now use your new shadowsocks settings


So you dont trust the 1 click install script eh? feeling geeky and want to do it manually?
so heres an alternative P.S this is the advanced way
bale mano mano and has new AEAD ciphers
You do not have permission to view the full content of this post. Log in or register now. only supported by shadowsocks csharp and shadowsocks android as far as i know not supprted by sscap and also sscap ended support/development so no more updates

1. SSH into You do not have permission to view the full content of this post. Log in or register now. and install git version control tool.

sudo apt install git

2. Clone the source repository from Github.

git clone https://github.com/shadowsocks/shadowsocks-libev.git

cd shadowsocks-libev

3. Install build dependencies

sudo apt install build-essential autoconf libtool libssl-dev asciidoc

4. Configure build environment and compile it.

./configure && make

5. Install shadowsocks-libev

sudo make install

Before we can start the shadowsock-libev service, we need to configure the socket, password, encryption method and thing like that. So execute the following command to create a configuration file.

sudo nano /etc/sslibevconfig.json

Paste the code below
pres ctrl+ letter o to save
press ctrl + x to close

{
"server":"your_server_ip",
"server_port":443,
"local_address": "127.0.0.1",
"local_port":1080,
"password":"your_passwd",
"timeout":600,
"method":"chacha20-ietf"
}

Replace the red-colored text with your info. In nano text editor, press CTRL+O to save the file, CTRL+X to exit. Then start shadowsocks server with the below command

ss-server -c /etc/sslibevconfig.json

To let it automatically start when Ubuntu 16.04 server is booted, we can put this command into /etc/rc.local file. edit natin yung rc.local file at insert yung command para everytime na restart mo server auto start na shadowsocks mo

sudo nano /etc/rc.local

Add the ss-server command above exit 0. Save and close the file.


Explanation of each field:

server: your hostname or server IP.
server_port: server port number.
local_port: local port number.
password: a password used to encrypt transfer.
timeout: connections timeout in seconds.
method: Available encryption method are, “bf-cfb”, “aes-256-cfb”, “des-cfb”, “rc4”, etc. Default is table, which is not secure. The following AEAD ciphers are recommended. Compliant Shadowsocks implementations must support AEAD_CHACHA20_POLY1305. Implementations for devices with hardware AES acceleration should also implement AEAD_AES_128_GCM, AEAD_AES_192_GCM, and AEAD_AES_256_GCM.

[B]Name                            Alias
AEAD_CHACHA20_POLY1305          chacha20-ietf-poly1305
AEAD_AES_256_GCM                aes-256-gcm
AEAD_AES_192_GCM                aes-192-gcm
AEAD_AES_128_GCM                aes-128-gcm[/B]

More Misc info if gusto mo magexperiment

NAME
shadowsocks-libev - a lightweight and secure socks5 proxy
SYNOPSIS
ss-local|ss-redir|ss-server|ss-tunnel|ss-manager [-s <server_host>] [-p <server_port>] [-l <local_port>] [-k <password>] [-m <encrypt_method>] [-f <pid_file>] [-t <timeout>] [-c <config_file>]
DESCRIPTION
Shadowsocks-libev is a lightweight and secure socks5 proxy. It is a port of the original shadowsocks created by clowwindy. Shadowsocks-libev is written in pure C and takes advantage of libev to achieve both high performance and low resource consumption.

Shadowsocks-libev consists of five components. One is ss-server(1) that runs on a remote server to provide secured tunnel service.ss-local(1) and ss-redir(1) are clients on your local machines to proxy traffic(TCP/UDP or both). ss-tunnel(1) is a tool for local port forwarding.

While ss-local(1) works as a standard socks5 proxy, ss-redir(1) works as a transparent proxy and requires netfilter’s NAT module. For more information, check out the EXAMPLE section.

ss-manager(1) is a controller for multi-user management and traffic statistics, using UNIX domain socket to talk with ss-server(1). Also, it provides a UNIX domain socket or IP based API for other software. About the details of this API, please refer to the PROTOCOL section.
OPTIONS
-s <server_host>
Set the server’s hostname or IP.

-l <local_port>
Set the local port number.

Not available in server nor manager mode.

-k <password>, --password <password>
Set the password. The server and the client should use the same password.

--key <key_in_base64>
Set the key directly. The key should be encoded with URL-safe Base64.

Not available in manager mode.

-m <encrypt_method>
Set the cipher.

Shadowsocks-libev accepts 18 different ciphers:

aes-128-gcm, aes-192-gcm, aes-256-gcm, rc4-md5, aes-128-cfb, aes-192-cfb, aes-256-cfb, aes-128-ctr, aes-192-ctr, aes-256-ctr, bf-cfb, camellia-128-cfb, camellia-192-cfb, camellia-256-cfb, chacha20-ietf-poly1305, salsa20, chacha20 and chacha20-ietf.

The default cipher is rc4-md5.

If built with PolarSSL or custom OpenSSL libraries, some of these ciphers may not work.

-a <user_name>
Run as a specific user.

-f <pid_file>
Start shadowsocks as a daemon with specific pid file.

-t <timeout>
Set the socket timeout in seconds. The default value is 60.

-c <config_file>
Use a configuration file.

-n <number>
Specify max number of open files.

Not available in manager mode.

Only available on Linux.

-i <interface>
Send traffic through specific network interface.

For example, there are three interfaces in your device, which is lo (127.0.0.1), eth0 (192.168.0.1) and eth1 (192.168.0.2). Meanwhile, you configure shadowsocks-libev to listen on 0.0.0.0:8388 and bind to eth1. That results the traffic go out through eth1, but not lo nor eth0. This option is useful to control traffic in multi-interface environment.

Not available in redir mode.

-b <local_address>
Specify local address to bind.

Not available in server nor manager mode.

-u
Enable UDP relay.

TPROXY is required in redir mode. You may need root permission.

-U
Enable UDP relay and disable TCP relay.

Not available in local mode.

-L <addr:port>
Specify destination server address and port for local port forwarding.

Only available in tunnel mode.

-d <addr>
Setup name servers for internal DNS resolver (libudns). The default server is fetched from /etc/resolv.conf.

Only available in server and manager mode.

--fast-open
Enable TCP fast open.

Not available in redir nor tunnel mode, with Linux kernel > 3.7.0.

--reuse-port
Enable port reuse.

Only available with Linux kernel > 3.9.0.

--acl <acl_config>
Enable ACL (Access Control List) and specify config file.

Not available in redir nor tunnel mode.

--manager-address <path_to_unix_domain>
Specify UNIX domain socket address.

Only available in server and manager mode.

--executable <path_to_server_executable>
Specify the executable path of ss-server.

Only available in manager mode.

-v
Enable verbose mode.

-h|--help
Print help message.
CONFIG FILE
The config file is written in JSON and easy to edit.

The config file equivalent of command line options is listed as example below.
Command line JSON
-s some.server.net "server": "some.server.net"
-s some.server.net -p 1234 (client) "server": "some.server.net:1234"
-p 1234 "server_port": "1234"
-b 0.0.0.0 "local_address": "0.0.0.0"
-l 4321 "local_port": "4321"
-k "PasSworD" "password": "PasSworD"
-m "aes-256-cfb" "method": "aes-256-cfb"
-t 60 "timeout": 60
-a nobody "user": "nobody"
--fast-open "fast_open": true
--reuse-port "reuse_port": true
--plugin "obfs-server" "plugin": "obfs-server"
--plugin-opts "obfs=http" "plugin_opts": "obfs=http"
-6 "ipv6_first": true
-n "/etc/nofile" "nofile": "/etc/nofile"
-d "8.8.8.8" "nameserver": "8.8.8.8"
-L "somedns.net:53" "tunnel_address": "somedns.net:53"
-u "mode": "tcp_and_udp"
-U "mode": "udp_only"
no "-u" nor "-U" options (default) "mode": "tcp_only"
(only in ss-manager’s config) "port_password": {"1234":"PasSworD"}

EXAMPLE
ss-redir requires netfilter’s NAT function. Here is an example:

# Create new chain
root@Wrt:~# iptables -t nat -N SHADOWSOCKS
root@Wrt:~# iptables -t mangle -N SHADOWSOCKS

# Ignore your shadowsocks server's addresses
# It's very IMPORTANT, just be careful.
root@Wrt:~# iptables -t nat -A SHADOWSOCKS -d 123.123.123.123 -j RETURN

# Ignore LANs and any other addresses you'd like to bypass the proxy
# See Wikipedia and RFC5735 for full list of reserved networks.
# See ashi009/bestroutetb for a highly optimized CHN route list.
root@Wrt:~# iptables -t nat -A SHADOWSOCKS -d 0.0.0.0/8 -j RETURN
root@Wrt:~# iptables -t nat -A SHADOWSOCKS -d 10.0.0.0/8 -j RETURN
root@Wrt:~# iptables -t nat -A SHADOWSOCKS -d 127.0.0.0/8 -j RETURN
root@Wrt:~# iptables -t nat -A SHADOWSOCKS -d 169.254.0.0/16 -j RETURN
root@Wrt:~# iptables -t nat -A SHADOWSOCKS -d 172.16.0.0/12 -j RETURN
root@Wrt:~# iptables -t nat -A SHADOWSOCKS -d 192.168.0.0/16 -j RETURN
root@Wrt:~# iptables -t nat -A SHADOWSOCKS -d 224.0.0.0/4 -j RETURN
root@Wrt:~# iptables -t nat -A SHADOWSOCKS -d 240.0.0.0/4 -j RETURN

# Anything else should be redirected to shadowsocks's local port
root@Wrt:~# iptables -t nat -A SHADOWSOCKS -p tcp -j REDIRECT --to-ports 12345

# Add any UDP rules
root@Wrt:~# ip rule add fwmark 0x01/0x01 table 100
root@Wrt:~# ip route add local 0.0.0.0/0 dev lo table 100
root@Wrt:~# iptables -t mangle -A SHADOWSOCKS -p udp --dport 53 -j TPROXY --on-port 12345 --tproxy-mark 0x01/0x01

# Apply the rules
root@Wrt:~# iptables -t nat -A PREROUTING -p tcp -j SHADOWSOCKS
root@Wrt:~# iptables -t mangle -A PREROUTING -j SHADOWSOCKS

# Start the shadowsocks-redir
root@Wrt:~# ss-redir -u -c /etc/config/shadowsocks.json -f /var/run/shadowsocks.pid

PROTOCOL
ss-manager(1) provides several APIs through UDP protocol

Send UDP commands in the following format to the manager-address provided to ss-manager(1):
command: [JSON data]

To add a port:
add: {"server_port": 8001, "password":"7cd308cc059"}

To remove a port:
remove: {"server_port": 8001}

To receive a pong:
ping

Then ss-manager(1) will send back the traffic statistics:
stat: {"8001":11370}

 

[JomarCabasag]

Wow Informative Nice Joob!!!

 

[iSync]

Wow Informative Nice Joob!!!

No problem paps, enjoy!

 

[Just You]

Good share.

This is what I used everytime I setup my shadowsock server in my Digital Ocean VPS because it's short and simple.

Thank you for posting this so that others will know.

God bless.

 

[Darksilenze]

Question pohh.. ung bandwith po ba or data allocation ng VPS un lang din ang pwede ma recieve na data allocation ng client sa shadowsocks.? Salamat po sa zasagot.

 

[Ed Von D]

wow thanks for sharing mate \m/

 

[iSync]

Question pohh.. ung bandwith po ba or data allocation ng VPS un lang din ang pwede ma recieve na data allocation ng client sa shadowsocks.? Salamat po sa zasagot.

Oo. walang unlimited.

 

[Darksilenze]

Oo. walang unlimited.

Ahhh ganun pala un tnx poh newbie here hehhe..

 

[PHC-Kazot45]

Bookmark ko nato ts! keep sharing

 

[iSync]

Enjoy lang mga bes.

 

[Kazaboo]

So libre to bakit magbabayad ng dollars?

 

[Just You]

So libre to bakit magbabayad ng dollars?

Ang server ang binabayaran mo ng dollars papz..Ang paggawa ng Shadowsocks server ay libre lang basta may VPS ka na binibili through Digital Ocean, Vultr, at iba pang VPS hosting sites..

 

[iSync]

So libre to bakit magbabayad ng dollars?

Parang downpayment lang yung $5 pero may free $25 credit ka pag sinundan mo ung mga nasa instructions. So total $30 credit mo which is good for 6months. dahil $5/month

 

[DeFcOn]

paps.. QUESTION: pag nakapag creat kana ng shadowsocks account .. pwede ka pa bang gumawa ng gumawa ng marami?? kung pwede po sya gumawa ng amrami .. up to ilan po mkakaconnect sa shadowsocks account na ginawa mu po? ?

 

[Just You]

paps.. QUESTION: pag nakapag creat kana ng shadowsocks account .. pwede ka pa bang gumawa ng gumawa ng marami?? kung pwede po sya gumawa ng amrami .. up to ilan po mkakaconnect sa shadowsocks account na ginawa mu po? ?

Pwede..Add ka lang ulit ng droplet sa VPS mo..

 

[iSync]

paps.. QUESTION: pag nakapag creat kana ng shadowsocks account .. pwede ka pa bang gumawa ng gumawa ng marami?? kung pwede po sya gumawa ng amrami .. up to ilan po mkakaconnect sa shadowsocks account na ginawa mu po? ?

Google ka nalang advanced tutorial para sa madaming accounts.

 

[samsunggon]

thanks po dito
meron po kayo tutorial for windows VPS

 

[iSync]

thanks po dito
meron po kayo tutorial for windows VPS

Wala.

 

[jknee00]

already made my shadowsocks -libev by bettermanbao on openwrt routers..but still need some optimazation can u pls lend me a help here

 

[Shambles]

Nice , thankyou