如果不追求性能,参考之前写的《CentOS7下安装配置shadowsocks》会相对容易一些。本文主要是加入了BBR与TFO优化,并使用了shadowsocks-libev版本提升性能。
一、升级系统内核
yum update wget http://mirror.apad.pro/centos7/elrepo/kernel/el7/x86_64/RPMS/kernel-ml-4.19.12-1.el7.elrepo.x86_64.rpm wget http://mirror.apad.pro/centos7/elrepo/kernel/el7/x86_64/RPMS/kernel-ml-headers-4.19.12-1.el7.elrepo.x86_64.rpm wget http://mirror.apad.pro/centos7/elrepo/kernel/el7/x86_64/RPMS/kernel-ml-devel-4.19.12-1.el7.elrepo.x86_64.rpm yum install kernel-ml-4.19.12-1.el7.elrepo.x86_64.rpm -y yum install kernel-ml-headers-4.19.12-1.el7.elrepo.x86_64.rpm -y yum install kernel-ml-devel-4.19.12-1.el7.elrepo.x86_64.rpm -y egrep ^menuentry /etc/grub2.cfg | cut -f 2 -d \' grub2-set-default 0
然后reboot重启,查看内核版本是否更新至4.19
uname -r 4.19.12-1.el7.elrepo.x86_64
二、开启BBR与TFO
增加系统文件描述符的最大限数优化
ulimit -SHn 51200
vi /etc/profile 在最下方添加
ulimit -SHn 51200
vi /etc/security/limits.conf 在最下方添加
* soft nofile 51200 * hard nofile 51200
vi /etc/sysctl.conf 添加以下内容开启BBR与TFO
# TFO fs.file-max = 51200 net.core.rmem_max = 67108864 net.core.wmem_max = 67108864 net.core.netdev_max_backlog = 250000 net.core.somaxconn = 4096 net.ipv4.tcp_syncookies = 1 net.ipv4.tcp_tw_reuse = 0 net.ipv4.tcp_fin_timeout = 30 net.ipv4.tcp_keepalive_time = 1200 net.ipv4.ip_local_port_range = 10000 65000 net.ipv4.tcp_max_syn_backlog = 8192 net.ipv4.tcp_max_tw_buckets = 5000 net.ipv4.tcp_fastopen = 3 net.ipv4.tcp_mem = 25600 51200 102400 net.ipv4.tcp_rmem = 4096 87380 67108864 net.ipv4.tcp_wmem = 4096 65536 67108864 net.ipv4.tcp_mtu_probing = 1 # BBR net.core.default_qdisc = fq net.ipv4.tcp_congestion_control = bbr
使配置立即生效
sysctl -p
三、安装shadowsocks-libev
yum install epel-release -y yum install gcc gettext autoconf libtool automake make pcre-devel asciidoc xmlto udns-devel libev-devel libsodium-devel mbedtls-devel git m2crypto c-ares-devel -y
编译安装
git clone https://github.com/shadowsocks/shadowsocks-libev.git cd shadowsocks-libev git submodule init && git submodule update ./autogen.sh ./configure make make install mkdir -p /etc/shadowsocks-libev
创建配置文件 vi /etc/shadowsocks-libev/config.json 并输入内容如下:
{ "server": "0.0.0.0", "server_port": 443, "password": "mima", "timeout":600, "method": "aes-256-gcm", "fast_open": true }
CentOS 7默认使用的是firewall作为防火墙,输入以下指令放行ss端口
firewall-cmd --permanent --add-port=443/tcp firewall-cmd --permanent --add-port=443/udp firewall-cmd --reload
四、配置开机启动
创建启动脚本文件 vi /etc/systemd/system/shadowsocks.service 并输入内容如下:
[Unit] Description=Shadowsocks Server After=network.target [Service] ExecStart=/usr/local/bin/ss-server -c /etc/shadowsocks-libev/config.json -u Restart=on-abort [Install] WantedBy=multi-user.target
启动 shadowsocks 服务
systemctl enable shadowsocks systemctl start shadowsocks