【备忘】 SS代理服务器配置及优化

发表于 | 分类于 | 评论数: | 阅读次数:

  由于Vultr日本节点大量被墙,所以被迫转投DigitalOcean,最便宜的是5刀一个月,但首充5刀后会送50刀,再加上Github教育礼包里包含的50刀优惠(需要验证教育邮箱、上传学生证照片),所以算下来几乎可以白嫖两年,岂不美滋滋。美中不足是DigitalOcean的系统快照占用的存储空间是要另付费的,所以每次换IP开新机就需要重新配置代理服务器,这里简单记录一下流程和命令,方便以后复制。

以Ubuntu 18.04搭建SS服务为例,如果今后SS情势不好可能会换用V2Ray

安装及配置

项目地址:https://github.com/shadowsocks/shadowsocks/tree/master

1
2
3
4
5
6
# 从源更新软件列表
apt-get update
# 安装pip
apt-get install python-pip
# pip安装SS
pip install git+https://github.com/shadowsocks/shadowsocks.git@master

安装完成后可以建两个脚本start.shstop.sh方便控制服务开关(或编写json配置文件,反而麻烦)
start.sh:

1
sudo ssserver -p 端口 -k 密码 -m aes-256-cfb --user nobody -d start

stop.sh:

1
sudo ssserver -d stop

最后还要给这两个脚本赋予执行权限

1
chmod +x start.sh stop.sh    # 或直接chmod 777

开启服务之前可以做以下优化,提高带宽利用率

优化

首先按照官方Wiki上的教程进行优化,地址:https://github.com/shadowsocks/shadowsocks/wiki/Optimizing-Shadowsocks
创建/etc/sysctl.d/local.conf并写入以下配置:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
# max open files
fs.file-max = 51200
# max read buffer
net.core.rmem_max = 67108864
# max write buffer
net.core.wmem_max = 67108864
# default read buffer
net.core.rmem_default = 65536
# default write buffer
net.core.wmem_default = 65536
# max processor input queue
net.core.netdev_max_backlog = 4096
# max backlog
net.core.somaxconn = 4096

# resist SYN flood attacks
net.ipv4.tcp_syncookies = 1
# reuse timewait sockets when safe
net.ipv4.tcp_tw_reuse = 1
# turn off fast timewait sockets recycling
net.ipv4.tcp_tw_recycle = 0
# short FIN timeout
net.ipv4.tcp_fin_timeout = 30
# short keepalive time
net.ipv4.tcp_keepalive_time = 1200
# outbound port range
net.ipv4.ip_local_port_range = 10000 65000
# max SYN backlog
net.ipv4.tcp_max_syn_backlog = 4096
# max timewait sockets held by system simultaneously
net.ipv4.tcp_max_tw_buckets = 5000
# turn on TCP Fast Open on both client and server side
net.ipv4.tcp_fastopen = 3
# TCP receive buffer
net.ipv4.tcp_rmem = 4096 87380 67108864
# TCP write buffer
net.ipv4.tcp_wmem = 4096 65536 67108864
# turn on path MTU discovery
net.ipv4.tcp_mtu_probing = 1

# for high-latency network
net.ipv4.tcp_congestion_control = hybla

# for low-latency network, use cubic instead
# net.ipv4.tcp_congestion_control = cubic

最后的net.ipv4.tcp_congestion_control选择hybla还是cubic取决于服务器延迟的高低
然后加载我们写好的配置文件:

1
sysctl --system

接下来是启用TCP BBR拥塞控制算法,可以用来取代ServerSpeeder
已经有人做好了傻瓜式脚本,我们只需要根据提示操作:

1
wget --no-check-certificate https://github.com/teddysun/across/raw/master/bbr.sh && chmod +x bbr.sh && ./bbr.sh

使用lsmod | grep bbr查看系统模块,若返回tcp_bbr说明BBR已启动

这时我们就可以运行start.sh,开启代理服务,进行科学上网了