We will try to install the tunnel proxy Shadowsocks Python Server on our Ubuntu 20.04 LTS, and enable BBR (Bottleneck Bandwidth and RTT) to improve the Linux response time, network speed, and performance, by setting up the system config TCP congestion control to BBR.
we will need to:
- Update our Ubuntu Server
- Install Python 2.7 and PIP2
- Install Shadowsocks-Python Server
- Enable BBR
- Set Our Server QR Code And Base64 Encoded URI
Update Ubuntu
# apt update # apt upgrade
Install Python 2.7 And PIP For Ubuntu 20.04
We need to install Python 2.7 and PIP as it's a Shadowsocks requirement.
1- Installing Python
#apt install python2 python python2-dev libsodium-dev libssl-dev net-tools
Check the active python version
# python --version Python 2.7.18
2- Installing PIP For Python 2
# curl https://bootstrap.pypa.io/pip/2.7/get-pip.py --output get-pip.py # python get-pip.py
Switching between Python Versions
The current default version on Ubuntu 20.04 is Python 3.8, but anyway, If you have multiple Python versions, and the default version is not Python 2, you can switch between them using the following technique
1- list your installed python versions
list the available Python binaries using ls /usr/bin/python*
or use ll
alias
# ll /usr/bin/python* lrwxrwxrwx 1 root root 7 Apr 15 2020 /usr/bin/python -> python2* lrwxrwxrwx 1 root root 9 Mar 13 2020 /usr/bin/python2 -> python2.7* -rwxr-xr-x 1 root root 3674216 Mar 8 2021 /usr/bin/python2.7* lrwxrwxrwx 1 root root 9 Mar 13 2020 /usr/bin/python3 -> python3.8* -rwxr-xr-x 1 root root 5490488 Nov 26 20:14 /usr/bin/python3.8*
2- Define a group name python, and priority for all installed versions
# update-alternatives --install /usr/bin/python python /usr/bin/python2 1 # update-alternatives --install /usr/bin/python python /usr/bin/python3 2
3- Switch between Python versions and check your default
use update-alternatives command and select Python 2 as the default version
root@localhost:~# update-alternatives --config python There are 2 choices for the alternative python (providing /usr/bin/python). Selection Path Priority Status ------------------------------------------------------------ * 0 /usr/bin/python3 2 auto mode 1 /usr/bin/python2 1 manual mode 2 /usr/bin/python3 2 manual mode Press to keep the current choice[*], or type selection number: 1 update-alternatives: using /usr/bin/python2 to provide /usr/bin/python (python) in manual mode
Now check the default version of Python
# python --version Python 2.7.18
Installing And Configure Shadowsocks Python Server
1- Installing Shadowsocks
To Install the latest Shadowsocks using PIP, run the following PIP command
# pip install https://github.com/shadowsocks/shadowsocks/archive/master.zip
DEPRECATION: Python 2.7 reached the end of its life on January 1st, 2020. Please upgrade your Python as Python 2.7 is no longer maintained. pip 21.0 will drop support for Python 2.7 in January 2021. More details about Python 2 support in pip can be found at https://pip.pypa.io/en/latest/development/release-process/#python-2-support pip 21.0 will remove support for this functionality.
Collecting https://github.com/shadowsocks/shadowsocks/archive/master.zip
Downloading https://github.com/shadowsocks/shadowsocks/archive/master.zip (115 kB)
|████████████████████████████████| 115 kB 4.1 MB/s
Building wheels for collected packages: shadowsocks
Building wheel for shadowsocks (setup.py) ... done
Created wheel for shadowsocks: filename=shadowsocks-3.0.0-py2-none-any.whl size=67284 sha256=a7ad0620f56ce6c663316faf2c4bc7ad080b192ee23a1a28dac7dc978ac7d863
Stored in directory: /tmp/pip-ephem-wheel-cache-Bh7iwk/wheels/3e/b4/13/39fedee447fb3aaca097de1ca5ae61477136e1a8ead90ce0aa
Successfully built shadowsocks
Installing collected packages: shadowsocks
Attempting uninstall: shadowsocks
Found existing installation: shadowsocks 2.8.2
Uninstalling shadowsocks-2.8.2:
Successfully uninstalled shadowsocks-2.8.2
Successfully installed shadowsocks-3.0.0
2- Configuration File
Configure Shadowsocks Server by creating the file /etc/shadowsocks.json in the JSON format and appending the following config into it.
{ "server":"0.0.0.0", "server_port":8388, "local_port":1080, "password":"barfoo!", "method":"chacha20-ietf-poly1305" }
We set up the server to listen to all networks “0.0.0.0” of your server, with server port 8388, and password “barfoo!“, with encryption method:”chacha20-ietf-poly1305“.
3- Increase Open File Descriptors
To increase the maximum number of the open file descriptors we will need to edit the file /etc/security/limits.conf, and append the following 2 lines
# vim /etc/security/limits.conf
~~~~~~~~~~~~~~
~~~~~~~~~~~~~~
# for server running in root:
root soft nofile 51200
root hard nofile 51200
~~~~~~~~~~~~~~
~~~~~~~~~~~~~~
And apply the new value
# ulimit -n 51200
Set BBR tcp_congestion_control And Tunning The Kernel For Shadowsocks
Create the file local.conf into the sysctl configuration path /etc/sysctl.d/local.conf and insert the following configs
fs.file-max = 51200 net.core.rmem_max = 67108864 net.core.wmem_max = 67108864 net.core.rmem_default=65536 net.core.wmem_default=65536 net.core.netdev_max_backlog = 4096 net.core.somaxconn = 4096 net.ipv4.tcp_syncookies = 1 net.ipv4.tcp_tw_reuse = 1 net.ipv4.tcp_tw_recycle = 0 net.ipv4.tcp_fin_timeout = 30 net.ipv4.tcp_keepalive_time = 1200 net.ipv4.ip_local_port_range = 10000 65000 net.ipv4.tcp_max_syn_backlog = 4096 net.ipv4.tcp_max_tw_buckets = 5000 net.ipv4.tcp_fastopen = 3 net.ipv4.tcp_rmem = 4096 87380 67108864 net.ipv4.tcp_wmem = 4096 65536 67108864 net.ipv4.tcp_mtu_probing = 1 net.core.default_qdisc=fq net.ipv4.tcp_congestion_control=bbr
Enable the configuration at the run time
# sysctl -p
PS: If you get an issue with OpenSSL “EVP_CIPHER_CTX_cleanup” cipher context-free allocation memory and clean up method, you can apply the following change to use EVP_CIPHER_CTX_reset OpenSSL reset method.
But anyway I think this issue is solved with the latest Shadowsocks Version, and they mitigate the errors with exceptions.
# sed -i 's/EVP_CIPHER_CTX_cleanup/EVP_CIPHER_CTX_reset/g' /usr/local/lib/python2.7/dist-packages/shadowsocks/crypto/openssl.py
Run And Autostart Shadowsocks
To start our Server we just need to fire the command ssserver pointing to the server JSON configuration file.
# ssserver -c /etc/shadowsocks.json
And to autostart Shadowsocks server after reboot, edit the crontab and append the following line
# crontab -e ~~~~ ~~~~ @reboot /usr/local/bin/ssserver -c /etc/shadowsocks.json >/dev/null 2>&1 ~~~~
Generate Client Base64 Encoding URI And QR Code
The Shadowsocks URI format is: ss://EcnryptionMethod:Password@Hostname:Port and from our configuration credential, our Server URI is: ss://chacha20-ietf-poly1305:barfoo!@69.164.208.30:8388, but don't forget to replace the IP Address 69.164.208.30 with your public server IP-Address
After forming the server URI, we will need to convert it into Base64 Encoding URI format, and we can use the Try It Yourself converter at the Shadowsocks support Page Here
So we can scan QR Code or use the encoded URI for our clients, and we can download a suitable client form here.