Installing Shadowsocks Python Server On Centos Stream 9

This tutorial will install the tunnel proxy Shadowsocks Python Server on CentOS Stream 9 and enable BBR (Bottleneck Bandwidth and RTT) to improve the Linux response time, network speed, and performance by setting up the system config TCP congestion control to BBR.

For The Ubuntu version, you can visit the previous tutorial Install Shadowsocks Python Server With Enable BBR On Ubuntu 20.04 LTS.

We need to:

1. Update our Centos Stream 9 Server
2. Install Prerequisites and PIP Packages
3. Install Shadowsocks-Python Server
4. Enable BBR and tunning Kernel Configs
5. Set Our Server QR Code And Base64 Encoded URI For Clients

Update CentOS Stram 9 And Prerequisites

Step1: Install updates

# dnf update
# dnf groupinstall 'development tools'
# dnf install bzip2-devel libffi-devel

Step2: Install EPEL Release And libsodium Package

# dnf install epel-release
# dnf install libsodium

Step3: Disable SELinux

We need to disable SELinux by editing the file /etc/selinux/config and setting SELINUX=disabled.

# vim /etc/selinux/config
~~~~~
~~~~~
# To revert back to SELinux enabled:
#
# grubby --update-kernel ALL --remove-args selinux
#
SELINUX=disabled
# SELINUXTYPE= can take one of these three values:
# targeted - Targeted processes are protected,
# minimum - Modification of targeted policy. Only selected processes are protected.
# mls - Multi Level Security protection.
SELINUXTYPE=targeted
~~~~
~~~~

Reboot your Server after disabling the SELinux.

Installing Shadowsocks Python Server Using PIP

Step4: Installing PIP

Python installed by default, and we need to install the PIP Package

# dnf install pip

Step5: Installing Shadowsocks Server

To Install the latest Shadowsocks Python Server using PIP, run the following PIP command

# pip install https://github.com/shadowsocks/shadowsocks/archive/master.zip

Configure Shdowsocks Server

Step6: Create The Config File

We can configure Shadowsocks Server by creating the file /etc/shadowsocks.json in the JSON format and appending the following config into it.

{
    "server":"0.0.0.0",
    "server_port":8388,
    "local_port":1080,
    "password":"barfoo!",
    "method":"chacha20-ietf-poly1305"
}

So we set up the Server to listen to all networks “0.0.0.0” of your Server, with server port 8388 and password “barfoo!“, with encryption method:”chacha20-ietf-poly1305“.

Step7: Increase Open File Descriptors

To increase the maximum number of the open file descriptors, we will need to edit the file /etc/security/limits.conf, and append the following two lines.

# vim /etc/security/limits.conf
~~~~~~~~~~~~~~
~~~~~~~~~~~~~~

# for server running in root:
root soft nofile 51200
root hard nofile 51200

~~~~~~~~~~~~~~
~~~~~~~~~~~~~~

# ulimit -n 51200

fs.file-max = 51200

net.core.rmem_max = 67108864
net.core.wmem_max = 67108864
net.core.rmem_default=65536
net.core.wmem_default=65536
net.core.netdev_max_backlog = 4096
net.core.somaxconn = 4096

net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_tw_recycle = 0
net.ipv4.tcp_fin_timeout = 30
net.ipv4.tcp_keepalive_time = 1200
net.ipv4.ip_local_port_range = 10000 65000
net.ipv4.tcp_max_syn_backlog = 4096
net.ipv4.tcp_max_tw_buckets = 5000
net.ipv4.tcp_fastopen = 3
net.ipv4.tcp_rmem = 4096 87380 67108864
net.ipv4.tcp_wmem = 4096 65536 67108864
net.ipv4.tcp_mtu_probing = 1

net.core.default_qdisc=fq 
net.ipv4.tcp_congestion_control=bbr

# sysctl -p

# ssserver -c /etc/shadowsocks.json

# crontab -e
~~~~
~~~~

@reboot /usr/local/bin/ssserver -c /etc/shadowsocks.json >/dev/null 2>&1

~~~~