background
For some reason, the server installation software, plug-ins, or scripts, etc., has been disconnected due to a network problem. You need to install the Shadowsock (SS) client on the server to build the “ladder”.
It is easy to install the Shadowsocks client under CentOS 7 or RHEL (Red Hat Enterprise Linux) 7. Since Shadowsocks -libev is already packaged in COPR (Cool Other Package Repo), we only need a few commands to complete the installation.
Install ShadowSocks
Log on to the server as root, or switch to root by using the command sudo su – to enter the password. If you use regular users, you also need regular users to join the root group and add sudo before each command.
Install shadowsocks – libev:
cd /etc/yum.repos.d/ curl -O https://copr.fedorainfracloud.org/coprs/librehat/shadowsocks/repo/epel-7/librehat-shadowsocks-epel-7.repo yum install -y shadowsocks-libevAfter the installation, there will be ss-local, ss-manager, ss-nat, ss-redir, ss-server, and ss-tunnel commands available.
As a client, we need ss-local, but we will start Shadowsocks from a service file later in the article, rather than dealing directly with ss-local commands.
Note: if the installation report similar to the following error
Error: Package: Shadowsocks -Libev-3.1.3-1.el7. CENTOS.x86_64 (Librehat-Shadowsocks) Requires: Libsodium >= 1.0.4 Error: Package: Shadowsocks -Libev-3.1.3-1.el7. CENTOS.x86_64 (Librehat-Shadowsocks) Requires: Libsodium >= 1.0.4 Error: Package: Shadowsocks -Libev-3.1.3-1.el7. Centos.x86_64 (Librehat-Shadowsocks) Requires: MBEDTLSEPEL (Extra Packages for Entreprise Linux) is not enabled. Then we need to enable EPEL first and install Shadowsocks -libev:
yum install -y https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
yum install -y shadowsocks-libevVerify the installation
Before proceeding with the configuration in the following section, we will run the ss-local command once on the command line to verify that Shadowsocks and its dependencies are installed correctly.
If it is working well, skip the common problems and continue to add configuration files.
Q&A
Ss-local: error while loading shared libraries: libmbedcrypto.so.0: cannot open shared object file: No such file or directory
Use root to execute the following command:
cd /usr/lib64
ln -s libmbedcrypto.so.1 libmbedcrypto.so.0Add configuration file
By default, shadowsocks-libev in COPR reads the configuration file located in /etc/shadowsocks-libev/config.json. We can modify it according to the following configuration file:
{"server": "10.10.10.10", "server_port": 9999, "local_port": 1080, "password": "ss-password", "method": "aes-256-cfb", "mode": "tcp_and_udp", "timeout": 600 }"server": Required. Enter the Shadowsocks server domain name or IP to connect to."server_port": Required. Fill in the port shadowsocks are listening on on the server."local_port": Required. Fill in the port on which the local Shadowsocks client SOCKS5 agent will listen."password": Required. Password must be consistent with Shadowsocks server-side configuration."method": Required. Encryption method must be consistent with Shadowsocks server-side configuration."mode": Optional, default"tcp_only". Can fill"tcp_only"."udp_only"和"tcp_and_udp"."timeout": Optional, inactive connection retention time. The default time is 60 seconds, and setting it to a longer time helps keep HTTP connections long, etc. Setting too long can cause unnecessarily excessive Shadowsocks server resources to be consumed.
If you want to change the default configuration file, or to provide other command line parameters, we can modify the/etc/sysconfig/shadowsocks – libev:
# Configuration file
CONFFILE="/etc/shadowsocks-libev/config.json"
# Extra command line arguments
DAEMON_ARGS="-u"The CONFFILE specifies the configuration file that shadowsocks-libev reads; DAEMON_ARGS specifies additional command-line arguments, where “-u” indicates UDP protocol enabled.
Note that the command-line parameter DAEMON_ARGS has a higher priority than the options specified in the configuration file CONFFILE.
Start the service
Start the Shadowsocks client service via systemd:
systemctl enable --now shadowsocks-libev-localThe above command also configures the Shadowsocks client service to boot automatically.
Checking service status
To verify the health of the Shadowsocks service and the latest logs, we can execute the command:
systemctl status shadowsocks-libev-localTo view the full log of the Shadowsocks service, we can execute the command:
journalctl -u shadowsocks-libev-localTesting:
Curl --socks5 127.0.0.1:1080 http://httpbin.org/ip # return your SS server IP to test success {"origin": "10.10.10.10" # Shadowsocks server IP}Configure the agent
Install privoxy
yum install privoxyModify the privoxy configuration file /etc/privox/config
Listen -address 127.0.0.1:8118 forward-socks5t / 127.0.0.1:1080.Start the Privoxy service
systemctl enable privoxy
systemctl start privoxy
systemctl status privoxySet the agent environment variables
Echo -e "export http_proxy=http://127.0.0.1:8118" >> /etc/profile echo -e "export https_proxy= null ">> /etc/profile source /etc/profiletest
curl www.google.comReturning a bunch of HTML indicates that Shadowsocks is working properly.
Note: If you don’t need to use the proxy, comment the configuration in /etc/profile.
Configure the YUM agent
/etc/yum.conf # and add a line of proxy=https://127.0.0.1:8118 # to it to save and exitConfigure the wget agent
/etc/wgetrc = /etc/wgetrc = /etc/wgetrc = /etc/wgetrc Use_proxy = on https_proxy=https://127.0.0.1:8118 http_proxy= null ftp_proxy= # Save and exit