shadowsocks代理(vpn)

shadowsocks中文名为影梭,是一个有名的加密socks5代理。

官网称:A secure socks5 proxy, designed to protect your Internet traffic.

目前官方客户端支持Windows、Mac OS X、Linux、Android、ios、OpenWRT。

官方服务端支持Python语言、Go语言、C with libev、C++ with Qt。

官方提供了各种版本的安装包方便部署:pip包(Python)、npm包(nodejs)、aur包(Arch Linux)、freshports包(FreeBSD)

Nodejs是基于Javascript实现的一款后台程序开发平台,所以在windows下也能够很方便的安装npm包

一、nodejs安装

下载node.js

百度下载就行

安装shadowsocks

打开Windows PowerShell,输入以下命令安装shadowsocks

1
npm install -g shadowsocks

进入NodeJS安装目录

C:\Users[当前用户名]\AppData\Roaming\npm\node_modules\shadowsocks

找到config.json,用文本编辑器打开,更改为如下形式后保存

1
2
3
4
5
6
7
8
9
{
    "server":"127.0.0.1",#更改为你的服务器IP
    "server_port":9999,
    "local_address":"127.0.0.1",
    "local_port":1080,
    "password":"barfoo!",#更改为你的密码
    "timeout":600,
    "method":"aes-256-cfb"
}

运行shadowsocks

打开Windows PowerShell输入一下命令

1
ssserver

运行期间请不要关闭该窗口,到此服务端基本配置完成。

二、docker 安装

执行命令:

1
sudo docker run -d -p 9999:9999/tcp -p 9999:9999/udp -e PASSWORD=xxxxx --name my_ss shadowsocks/shadowsocks-libev ss-server -p 9999 -k your_password -m aes-256-gcm

参数解释:

1
2
3
4
5
6
7
8
9
10
确保将your_password替换为实际的密码,而aes-256-gcm则是加密方式,您也可以根据自己的需要更改它。注意密码设置最好只包括数字和字母,不然 shadowsocks客户端连接时可能失败(亲试)

该命令使用 Docker 运行 Shadowsocks 服务,并将本地端口 8388 映射到容器内部的 8388 端口。具体参数的含义如下:
sudo docker run:使用 Docker 启动一个新的容器。
-d:表示以守护进程方式运行容器。
-p 8388:8388/tcp -p 8388:8388/udp:将本地与容器的端口进行映射,使得本机可以通过 8388 端口访问容器内部的 8388 端口,并支持 TCP 和 UDP 协议。
-e PASSWORD=your_password:设置环境变量 PASSWORD 的值为 your_password,这是 Shadowsocks 服务的密码,用于加密和解密数据流。
--name my_ss:为容器设置名称为 my_ss。
shadowsocks/shadowsocks-libev:指定该容器镜像的名称和版本,即 Shadowsocks-Libev 版本的镜像。
ss-server -p 8388 -k your_password -m aes-256-gcm:在容器中执行的命令,启动 Shadowsocks 服务并设置监听的端口、密码和加密方式。

完整命令

shadowsocks/shadowsocks-libev - Docker Image | Docker Hub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
docker run -e PASSWORD=<password> -p<server-port>:8388 -p<server-port>:8388/udp -d shadowsocks/shadowsocks-libev

ss-[local|redir|server|tunnel|manager]

   -s <server_host>           Host name or IP address of your remote server.

   -p <server_port>           Port number of your remote server.

   -l <local_port>            Port number of your local server.

   -k <password>              Password of your remote server.

   -m <encrypt_method>        Encrypt method: rc4-md5,
                              aes-128-gcm, aes-192-gcm, aes-256-gcm,
                              aes-128-cfb, aes-192-cfb, aes-256-cfb,
                              aes-128-ctr, aes-192-ctr, aes-256-ctr,
                              camellia-128-cfb, camellia-192-cfb,
                              camellia-256-cfb, bf-cfb,
                              chacha20-ietf-poly1305,
                              xchacha20-ietf-poly1305,
                              salsa20, chacha20 and chacha20-ietf.
                              The default cipher is chacha20-ietf-poly1305.

   [-a <user>]                Run as another user.

   [-f <pid_file>]            The file path to store pid.

   [-t <timeout>]             Socket timeout in seconds.

   [-c <config_file>]         The path to config file.

   [-n <number>]              Max number of open files.

   [-i <interface>]           Network interface to bind.
                              (not available in redir mode)

   [-b <local_address>]       Local address to bind.
                              For servers: Specify the local address to use 
                              while this server is making outbound 
                              connections to remote servers on behalf of the
                              clients.
                              For clients: Specify the local address to use 
                              while this client is making outbound 
                              connections to the server.

   [-u]                       Enable UDP relay.
                              (TPROXY is required in redir mode)

   [-U]                       Enable UDP relay and disable TCP relay.
                              (not available in local mode)

   [-L <addr>:<port>]         Destination server address and port
                              for local port forwarding.
                              (only available in tunnel mode)

   [-6]                       Resolve hostname to IPv6 address first.

   [-d <addr>]                Name servers for internal DNS resolver.
                              (only available in server mode)

   [--reuse-port]             Enable port reuse.

   [--fast-open]              Enable TCP fast open.
                              with Linux kernel > 3.7.0.
                              (only available in local and server mode)

   [--acl <acl_file>]         Path to ACL (Access Control List).
                              (only available in local and server mode)

   [--manager-address <addr>] UNIX domain socket address.
                              (only available in server and manager mode)

   [--mtu <MTU>]              MTU of your network interface.

   [--mptcp]                  Enable Multipath TCP on MPTCP Kernel.

   [--no-delay]               Enable TCP_NODELAY.

   [--executable <path>]      Path to the executable of ss-server.
                              (only available in manager mode)

   [-D <path>]                Path to the working directory of ss-manager.
                              (only available in manager mode)

   [--key <key_in_base64>]    Key of your remote server.

   [--plugin <name>]          Enable SIP003 plugin. (Experimental)

   [--plugin-opts <options>]  Set SIP003 plugin options. (Experimental)

   [-v]                       Verbose mode.