Setup shadowsocks server with obfuscation, SSR [Ubuntu]

What is Shadowsocks

Shadowsocks is an opensource proxy created by a Chinese programmer on github by the profile name ‘Clowwindy’. It is widely used in China to bypass China’s Great Firewall. The traffic looks like normal https traffic and thus it is harder to block. It was initially released in 2012. The programmer was reportedly forced to let go of the project by the authorities in China but since then many individuals have picked up the project and various shadowsocks versions have been released. I observe a significant bandwidth increase for the upload than the limit my ISP has assigned me, so sometimes you can use it to increase your bandwidth.

Setting up your own shadowsocks Server

First you need a virtual private server(VPS), you can easily buy it from vultr or digitalocean, both offer inexpensive VPS servers starting from $3.50 and $5.00 respectively. Choose a server that is closer to you, for instance users in Asia can select Singapore or servers in Tokyo, servers located on West coast of USA also offers low latency which means better speed and stable connectivity. If you have never setup a server, steps for setting a server on digital ocean are covered in a post on our site.

After you have successfully created your VPS instance you need SSH access to the server. For this purpose windows users can use PuTTY. It is an SSH client for windows. Your VPS credentials will be given on the creation page and emailed to you. Find them and also note down your server IP. Launch PuTTY and enter your server IP and user credentials when prompted in the console. Linux and mac users can access ssh using console or terminal.

Command for linux and mac: ssh remote_host

Replace remote_host with the IP of your Server.

Update the packages list

apt-get update

Create a new user

Add new user by following command in the console.

adduser anyName

You will be asked to enter few details about the new user including the password. After entering the password just skip other prompts by repeatedly pressing enter.

We need to give our new user root privileges.

usermod -aG sudo anyName

Disable Root Login

Login as the new user

su - anyName

sudo nano /etc/ssh/sshd_config

nano is a command line text editor. It is pretty old school so use your arrow keys to move around. If the the server cannot recognize nano that means it is not installed. Install it with ( sudo apt-get install nano ).

Disable root ssh access by changing  PermitRootLogin Yes to as follows:

PermitRootLogin no

After you are done, Save the file with CTRL+O, then close it with CTRL+X.

Then reload the ssh service.

sudo systemctl reload sshd

Installing Shadowsocks

The above steps were optional but are considered a good practice. Now First get the installation script written by Teddysun.

wget --no-check-certificate https://raw.githubusercontent.com/teddysun/shadowsocks_install/master/shadowsocksR.sh

Now we need to make the script file executable

chmod +x shadowsocksR.sh

Run the Script with sudo

sudo ./shadowsocksR.sh

Now the script will ask you couple of questions related to the setup of shadowsocks server and configuration. Some of the server configuration are entirely up to your need or specification. You can select the following details one by one as prompted starting with password.

Password: HereGivePassword
Port: 443
cipher: chacha20
protocol: origin
obfs: http_simple_compatible

Press Enter and the installation will start. After the installation open the configuration file.

sudo nano /etc/shadowsocks.json

You can change the different parameters here.

But I usually replace “obfs_param”: ” ” with

"obfs_param":"microsoft.com"

Its up to you what accessible URL you want to enter here. It will act as a camouflage for our web traffic. When you are done save the file as we did before. CTRL+O, Then close with CTRL+X.

Restart the shadowsocks daemon.

sudo /etc/init.d/shadowsocks restart

Next step is downloading the Shadowsocks client for your device from the following links.

For Windows

Download the latest version of shadowsocksr client. Unzip it and run the executable file. It will start and will be in the system tray down below.

Right click the client icon and go to servers > edit servers…

Enter the details as follows:

Close the Pop-up by clicking OK. That’s it you are ready to use the SSR server as proxy.

Making some configurations as below if they are not already selected as default.

Right click the client icon and go to Mode > Global

Right click the client icon and go to Proxy Rule > Bypass Lan

Bypassing Lan means that you will be able to access any other resources present in your local network directly without proxy. For example lets say you want to access your home router’s web portal then you don’t require it to go through the proxy.

Enter the exact details in your mobile client and you are good to go.