CentOS7 搭建高性能 shadowsocks

如果不追求性能，参考之前写的《CentOS7下安装配置shadowsocks》会相对容易一些。本文主要是加入了BBR与TFO优化，并使用了shadowsocks-libev版本提升性能。

---

一、升级系统内核

yum update
wget http://mirror.apad.pro/centos7/elrepo/kernel/el7/x86_64/RPMS/kernel-ml-4.19.12-1.el7.elrepo.x86_64.rpm
wget http://mirror.apad.pro/centos7/elrepo/kernel/el7/x86_64/RPMS/kernel-ml-headers-4.19.12-1.el7.elrepo.x86_64.rpm
wget http://mirror.apad.pro/centos7/elrepo/kernel/el7/x86_64/RPMS/kernel-ml-devel-4.19.12-1.el7.elrepo.x86_64.rpm
yum install kernel-ml-4.19.12-1.el7.elrepo.x86_64.rpm -y
yum install kernel-ml-headers-4.19.12-1.el7.elrepo.x86_64.rpm -y
yum install kernel-ml-devel-4.19.12-1.el7.elrepo.x86_64.rpm -y
egrep ^menuentry /etc/grub2.cfg | cut -f 2 -d \'
grub2-set-default 0

然后reboot重启，查看内核版本是否更新至4.19

uname -r
4.19.12-1.el7.elrepo.x86_64

 

二、开启BBR与TFO

增加系统文件描述符的最大限数优化

ulimit -SHn 51200

vi /etc/profile 在最下方添加

ulimit -SHn 51200

vi /etc/security/limits.conf 在最下方添加

* soft nofile 65535
* hard nofile 65535
* soft nproc 65535
* hard nproc 65535

vi /etc/sysctl.conf 添加以下内容开启BBR与TFO

# TFO
fs.file-max = 51200
net.core.rmem_max = 67108864
net.core.wmem_max = 67108864
net.core.netdev_max_backlog = 250000
net.core.somaxconn = 4096
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_tw_reuse = 0
net.ipv4.tcp_fin_timeout = 30
net.ipv4.tcp_keepalive_time = 1200
net.ipv4.ip_local_port_range = 10000 65000
net.ipv4.tcp_max_syn_backlog = 8192
net.ipv4.tcp_max_tw_buckets = 5000
net.ipv4.tcp_fastopen = 3
net.ipv4.tcp_mem = 25600 51200 102400
net.ipv4.tcp_rmem = 4096 87380 67108864
net.ipv4.tcp_wmem = 4096 65536 67108864
net.ipv4.tcp_mtu_probing = 1

# BBR
net.core.default_qdisc = fq
net.ipv4.tcp_congestion_control = bbr

使配置立即生效

sysctl -p

 

三、安装shadowsocks-libev

yum install epel-release -y
yum install gcc gettext autoconf libtool automake make pcre-devel asciidoc xmlto udns-devel libev-devel libsodium-devel mbedtls-devel git m2crypto c-ares-devel -y

编译安装

git clone https://github.com/shadowsocks/shadowsocks-libev.git
cd shadowsocks-libev
git submodule init && git submodule update
./autogen.sh
./configure
make
make install
mkdir -p /etc/shadowsocks-libev

创建配置文件 vi /etc/shadowsocks-libev/config.json 并输入内容如下：

{
  "server": "0.0.0.0",
  "server_port": 443,
  "password": "mima",
  "timeout":600,
  "method": "aes-256-gcm",
  "fast_open": true
}

CentOS 7默认使用的是firewall作为防火墙，输入以下指令放行ss端口

firewall-cmd --permanent --add-port=443/tcp
firewall-cmd --permanent --add-port=443/udp
firewall-cmd --reload

 

四、配置开机启动

创建启动脚本文件 vi /etc/systemd/system/shadowsocks.service 并输入内容如下：

[Unit]
Description=Shadowsocks Server
After=network.target
[Service]
ExecStart=/usr/local/bin/ss-server -c /etc/shadowsocks-libev/config.json -u -d 8.8.8.8
Restart=on-abort
[Install]
WantedBy=multi-user.target

启动 shadowsocks 服务

systemctl enable shadowsocks
systemctl start shadowsocks