Menu
in , , ,

Install Shadowsocks Python Server With Enable BBR On Ubuntu 20.04 LTS

shadowsocks

We will try to install the tunnel proxy Shadowsocks Python Server on our Ubuntu 20.04 LTS, and enable BBR (Bottleneck Bandwidth and RTT) to improve the Linux response time, network speed, and performance, by setting up the system config TCP congestion control to BBR.

we will need to:

  1. Update our Ubuntu Server
  2. Install Python 2.7 and PIP2
  3. Install Shadowsocks-Python Server
  4. Enable BBR
  5. Set Our Server QR Code And Base64 Encoded URI

Update Ubuntu

# apt update
# apt upgrade

Install Python 2.7 And PIP For Ubuntu 20.04

We need to install Python 2.7 and PIP as it’s a Shadowsocks requirement.

1- Installing Python

#apt install python2 python python2-dev libsodium-dev libssl-dev net-tools

Check the active python version

# python --version
Python 2.7.18

2- Installing PIP For Python 2

# curl https://bootstrap.pypa.io/pip/2.7/get-pip.py --output get-pip.py
# python get-pip.py

Switching between Python Versions

The current default version on Ubuntu 20.04 is Python 3.8, but anyway, If you have multiple Python versions, and the default version is not Python 2, you can switch between them using the following technique

1- list your installed python versions

list the available Python binaries using ls /usr/bin/python* or use ll alias

# ll /usr/bin/python*
lrwxrwxrwx 1 root root       7 Apr 15  2020 /usr/bin/python -> python2*
lrwxrwxrwx 1 root root       9 Mar 13  2020 /usr/bin/python2 -> python2.7*
-rwxr-xr-x 1 root root 3674216 Mar  8  2021 /usr/bin/python2.7*
lrwxrwxrwx 1 root root       9 Mar 13  2020 /usr/bin/python3 -> python3.8*
-rwxr-xr-x 1 root root 5490488 Nov 26 20:14 /usr/bin/python3.8*

2- Define a group name python, and priority for all installed versions

# update-alternatives --install /usr/bin/python python /usr/bin/python2 1
# update-alternatives --install /usr/bin/python python /usr/bin/python3 2

3- Switch between Python versions and check your default

use update-alternatives command and select Python 2 as the default version

root@localhost:~# update-alternatives --config python
There are 2 choices for the alternative python (providing /usr/bin/python).

  Selection    Path              Priority   Status
------------------------------------------------------------
* 0            /usr/bin/python3   2         auto mode
  1            /usr/bin/python2   1         manual mode
  2            /usr/bin/python3   2         manual mode

Press  to keep the current choice[*], or type selection number: 1
update-alternatives: using /usr/bin/python2 to provide /usr/bin/python (python) in manual mode

Now check the default version of Python

# python --version
Python 2.7.18

Installing And Configure Shadowsocks Python Server

1- Installing Shadowsocks

To Install the latest Shadowsocks using PIP, run the following PIP command

# pip install https://github.com/shadowsocks/shadowsocks/archive/master.zip
DEPRECATION: Python 2.7 reached the end of its life on January 1st, 2020. Please upgrade your Python as Python 2.7 is no longer maintained. pip 21.0 will drop support for Python 2.7 in January 2021. More details about Python 2 support in pip can be found at https://pip.pypa.io/en/latest/development/release-process/#python-2-support pip 21.0 will remove support for this functionality.
Collecting https://github.com/shadowsocks/shadowsocks/archive/master.zip
  Downloading https://github.com/shadowsocks/shadowsocks/archive/master.zip (115 kB)
     |████████████████████████████████| 115 kB 4.1 MB/s
Building wheels for collected packages: shadowsocks
  Building wheel for shadowsocks (setup.py) ... done
  Created wheel for shadowsocks: filename=shadowsocks-3.0.0-py2-none-any.whl size=67284 sha256=a7ad0620f56ce6c663316faf2c4bc7ad080b192ee23a1a28dac7dc978ac7d863
  Stored in directory: /tmp/pip-ephem-wheel-cache-Bh7iwk/wheels/3e/b4/13/39fedee447fb3aaca097de1ca5ae61477136e1a8ead90ce0aa
Successfully built shadowsocks
Installing collected packages: shadowsocks
  Attempting uninstall: shadowsocks
    Found existing installation: shadowsocks 2.8.2
    Uninstalling shadowsocks-2.8.2:
      Successfully uninstalled shadowsocks-2.8.2
Successfully installed shadowsocks-3.0.0

2- Configuration File

Configure Shadowsocks Server by creating the file /etc/shadowsocks.json in the JSON format and appending the following config into it.

{
    "server":"0.0.0.0",
    "server_port":8388,
    "local_port":1080,
    "password":"barfoo!",
    "method":"chacha20-ietf-poly1305"
}

We set up the server to listen to all networks “0.0.0.0” of your server, with server port 8388, and password “barfoo!“, with encryption method:”chacha20-ietf-poly1305“.

3- Increase Open File Descriptors

To increase the maximum number of the open file descriptors we will need to edit the file /etc/security/limits.conf, and append the following 2 lines

# vim /etc/security/limits.conf
~~~~~~~~~~~~~~
~~~~~~~~~~~~~~

# for server running in root:
root soft nofile 51200
root hard nofile 51200

~~~~~~~~~~~~~~
~~~~~~~~~~~~~~

And apply the new value

# ulimit -n 51200

Set BBR tcp_congestion_control And Tunning The Kernel For Shadowsocks

Create the file local.conf into the sysctl configuration path /etc/sysctl.d/local.conf and insert the following configs

fs.file-max = 51200

net.core.rmem_max = 67108864
net.core.wmem_max = 67108864
net.core.rmem_default=65536
net.core.wmem_default=65536
net.core.netdev_max_backlog = 4096
net.core.somaxconn = 4096

net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_tw_recycle = 0
net.ipv4.tcp_fin_timeout = 30
net.ipv4.tcp_keepalive_time = 1200
net.ipv4.ip_local_port_range = 10000 65000
net.ipv4.tcp_max_syn_backlog = 4096
net.ipv4.tcp_max_tw_buckets = 5000
net.ipv4.tcp_fastopen = 3
net.ipv4.tcp_rmem = 4096 87380 67108864
net.ipv4.tcp_wmem = 4096 65536 67108864
net.ipv4.tcp_mtu_probing = 1
net.core.default_qdisc=fq
net.ipv4.tcp_congestion_control=bbr

Enable the configuration at the run time

# sysctl -p

PS: If you get an issue with OpenSSL “EVP_CIPHER_CTX_cleanup” cipher context-free allocation memory and clean up method, you can apply the following change to use EVP_CIPHER_CTX_reset OpenSSL reset method.

But anyway I think this issue is solved with the latest Shadowsocks Version, and they mitigate the errors with exceptions.

# sed -i 's/EVP_CIPHER_CTX_cleanup/EVP_CIPHER_CTX_reset/g' /usr/local/lib/python2.7/dist-packages/shadowsocks/crypto/openssl.py

Run And Autostart Shadowsocks

To start our Server we just need to fire the command ssserver pointing to the server JSON configuration file.

# ssserver -c /etc/shadowsocks.json

And to autostart Shadowsocks server after reboot, edit the crontab and append the following line

# crontab -e
~~~~
~~~~

@reboot /usr/local/bin/ssserver -c /etc/shadowsocks.json >/dev/null 2>&1

~~~~

Generate Client Base64 Encoding URI And QR Code

The Shadowsocks URI format is: ss://EcnryptionMethod:Password@Hostname:Port and from our configuration credential, our Server URI is: ss://chacha20-ietf-poly1305:barfoo!@69.164.208.30:8388, but don’t forget to replace the IP Address 69.164.208.30 with your public server IP-Address

After forming the server URI, we will need to convert it into Base64 Encoding URI format, and we can use the Try It Yourself converter at the Shadowsocks support Page Here

So we can scan QR Code or use the encoded URI for our clients, and we can download a suitable client form here.

Leave a Reply

Exit mobile version