Shadowsocks is a free and lightweight SOCKS5 web proxy. It is mainly used to bypass network censorship and restrictions on the Internet.
1. Installation
Update your system and install required dependencies:
dnf update -y
dnf install epel-release -y
dnf config-manager --set-enabled crb
dnf install -y gcc gettext autoconf libtool automake make pcre-devel asciidoc xmlto udns-devel \
libev-devel libsodium-devel mbedtls-devel git c-ares-devel
Download and build Shadowsocks:
cd /opt
git clone https://github.com/shadowsocks/shadowsocks-libev.git
cd shadowsocks-libev
git submodule update --init --recursive
./autogen.sh
./configure
make && make install
2. Configuration
Create Shadowsocks user:
adduser --system --no-create-home --shell /usr/sbin/nologin shadowsocks
Create config directory and file:
mkdir -m 755 /etc/shadowsocks nano /etc/shadowsocks/shadowsocks.json
Example config (/etc/shadowsocks/shadowsocks.json):
{
"server": "your_server_IP",
"server_port": 8388,
"password": "your_password",
"timeout": 300,
"method": "chacha20-ietf-poly1305",
"fast_open": true,
"mode": "tcp_and_udp",
"nameserver": "1.1.1.1"
}Key options explained:
server- your server IPserver_port- port Shadowsocks listens on (e.g., 8388).password- password used by clients.timeout- inactivity timeout.method- modern AEAD cipher (recommended:chacha20-ietf-poly1305oraes-256-gcm).fast_open- enables TCP Fast Open if supported by the kernel.mode- proxy both TCP and UDP traffic.nameserver- DNS resolver (e.g.,1.1.1.1).
3. Create systemd service
Once you configured the Shadowsocks, it's convenient to create it as Systemd service:
nano /etc/systemd/system/shadowsocks.service
Service file content:
[Unit]
Description=Shadowsocks-libev proxy server
After=network-online.target
[Service]
User=shadowsocks
Group=shadowsocks
Type=simple
ExecStart=/usr/local/bin/ss-server -c /etc/shadowsocks/shadowsocks.json
Restart=on-failure
RestartSec=5
[Install]
WantedBy=multi-user.target
4. Start and manage service
Once you configured the Shadowsocks, it's convenient to create it as Systemd service:
systemctl daemon-reload
systemctl enable shadowsocks
systemctl start shadowsocks
Other useful commands:
systemctl stop shadowsocks
systemctl restart shadowsocks
systemctl status shadowsocks
5. Firewall configuration
Open your Shadowsocks port (example uses 8388):
iptables -A INPUT -p tcp --dport 8388 -m comment --comment "Shadowsocks TCP" -j ACCEPT
iptables -A INPUT -p udp --dport 8388 -m comment --comment "Shadowsocks UDP" -j ACCEPT
Save current rules:
sudo dnf install iptables-services -y
sudo service iptables save
(Or configure rules in firewalld or nftables if that’s what you use.)
Final Notes
Shadowsocks should now be installed, configured, and running on your VPS.
To connect, install a Shadowsocks client on your device (Android, iOS, Windows, macOS, Linux). Use the connection details from your /etc/shadowsocks/shadowsocks.json.