All notes
Shadowsocks

Install on CentOS

Ref.

git clone https://github.com/madeye/shadowsocks-libev.git
cd shadowsocks-libev
# The shadowsocks website lists: libssl-dev, but we need openssl-devel instead.
sudo apt-get install build-essential autoconf libtool openssl-devel
./configure && make -j4
make install
The shadowsocks libs and bins are installed under /usr/local/. To run the server: nohup /usr/local/bin/ss-server -c ~/shadowsocks.cfg &>/dev/null &

{
	"server":"my_server_ip",
	"server_port":8388,
	"local_port":1080,
	"password":"barfoo!",
	"timeout":60,
	"method":"aes-256-cfb"
}
Explanation of each field:

Enhancement

Increase maximum number of open file descriptors

# vi /etc/security/limits.conf, Add these two lines
* soft nofile 51200
* hard nofile 51200

# Then, before you start the shadowsocks server, set the ulimit first
ulimit -n 51200

Tune the kernel parameters

The priciples of tuning parameters for shadowsocks are

Here is an example /etc/sysctl.conf of our production servers:
fs.file-max = 51200

net.core.rmem_max = 67108864
net.core.wmem_max = 67108864
net.core.netdev_max_backlog = 250000
net.core.somaxconn = 3240000

net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_tw_recycle = 0
net.ipv4.tcp_fin_timeout = 30
net.ipv4.tcp_keepalive_time = 1200
net.ipv4.ip_local_port_range = 10000 65000
net.ipv4.tcp_max_syn_backlog = 8192
net.ipv4.tcp_max_tw_buckets = 5000
net.ipv4.tcp_fastopen = 3
net.ipv4.tcp_rmem = 4096 87380 67108864
net.ipv4.tcp_wmem = 4096 65536 67108864
net.ipv4.tcp_mtu_probing = 1
net.ipv4.tcp_congestion_control = hybla
Of course, remember to execute sysctl -p to reload the config at runtime.

Fanqiang, fq

gfwlist.

Install on EC2

  1. Use the installation script from http://teddysun.com/342.html to install the server.
  2. A bug fix by this page: http://www.zouyaxiong.com/blog/posts/aws-ec2-shadowsocks. That says, at the conf file /etc/shadowsocks.jsonon the server, the server ip should not be the Elastic/public IP, but the IP shown in the result of ifconfig eth0. While on the client side the server IP should be the Elastic/Public IP.

After modifying the json configure file, use this to restart service:

sudo /etc/init.d/shadowsocks restart

Autoproxy GFW-list

http://54.169.32.81/gfwlist/gfwlist.txt. Remember to use "svn update" to refresh it.