The complete guide on how to set up your own personal Shadowsocks server in under 30 minutes!

Perfect for bypassing the Great Firewall of China

All you need is access to a desktop or laptop computer, VPS hosting, and if you’re already in China a VPN. Total time commitment is around 30 minutes.

This requires familiarity with Linux commands and website or server hosting. But, it is also possible for people with no experience to set up a Shadowsocks server, although it might take more than one try and will most likely take longer than 30 minutes.

As long as you follow the guide exactly you should be able to successfully set up the Shadowsocks sever for use in China.

Personal Shadowsocks server via Outline client

So lets begin!

Prerequisites:

1.) Laptop or desktop computer

2.) VPS Hosting

  • DigitalOcean is also a good choice with plans starting at $5.00 per month for 1 GB Memory and 1TB Bandwidth. There is also a special offer for DigitalOcean where you can redeem $10 dollars of free credit!
  • Vultr is also another good choice offering plans starting at $3.50 per month for 512 MB Memory and 500 GB Bandwidth.

3.) SSH access

  • Mac users: Terminal command
  • Windows users: PuTTY
  • Download PuTTy here
  • (Choose the first option at the top labelled “Download PuTTY”)

4.) A VPN if you are already inside China, if outside of China you will be fine without.

We need to access the official Shadowsocks website to download the client and decode our secret, which is need to add our server details to the Shadowsocks client.

Step 1: Set up VPS Hosting

Option 1: DigitalOcean 

1.) Sign up for an account here and log into your new account.

Currently DigitalOcean is doing a promotion where new users can redeem 10 dollars of free credit.

2.) After logging in you will be at this screen and we will need to create a “Droplet”. At the top right, locate the green bar “Create” and click on the “Droplet” option.

2.) At the next screen choose the Ubuntu 16.04.4 x64 and the cheapest plan “1GB 1vCPU 25GB 1TB” $5/mo

3.) Next, you can choose the server location. I prefer Singapore because it is located closest to China and will generally report back a lower ping.

4.) After that, scroll to the bottom and click the large green bar “Create”.

5.) You will then be directed back to the homepage and presented with a new “droplet” with a progress bar. After you see a green light on the left side, you will be ready to move on to the next step.

6.) Check your email for the confirmation of droplet creation and the password to access the VPS server. Make note of the IP address, username, and password as we will need it for the next step.


Option 2: Vultr (Cheapest Option)

1.) Sign up for an account here and log into your new account.

2.) After signing up, you will be directed to the homepage. On the top right side there will be a large blue circle with a + symbol in it. Click that to deploy a server.

3.) Then we will have to choose the options for our server to host Shadowsocks. For “Server Location” you can choose any location, but locations that are closer to China will report a lower latency. Recommend locations are Singapore, Japan, USA – Los Angeles / Seattle, and Sydney. 

4.) Next we need to choose the “Server Type”. Choose Ubuntu 16.04.

5.) And then we need to choose the “Sever Size”. The cheapest plan at $2.50/mo does not work for what we need it for as it does not give us a public IPv4 address. So at minimum we need to choose the $3.50/mo plan. 

6.) Scroll down to the bottom and there is an option to name our “Server Hostname & Label”

I choose to label it ShadowsocksJP

When you are ready, click on the blue “Deploy Now” bar located at the bottom.

7.) After the server is set up and there is the green “Running” text, click on the three dots on the right of the green text. Then click on server details.

Take note of the IP address, username, and password as we will need to input it into Putty to access our server.

Step 2: Login to VPS with SSH

I am using Windows so I’ve chosen Putty as the program to do it. Mac users can use the terminal

1.)  Download PuttY from the official website. Choose the first option at the top labelled “Download PuTTY

2.) Open the program after downloading (no installation necessary), and enter your VPS credentials.

  • IP address of our VPS into “Host Name (or IP address)
  • 22 into “Port”
  • SSH for “Connection Type”
  • We can label our settings so it can be saved. I choose “SG VPN DIGITAL OCEAN”.
  • Click on “Save” to save settings

3.) Press “Open” to connect, and the screen will turn black with a popup. Click yes to the popup.

4.) For “Login as” enter “root” and press enter. For “password” copy the default password provided (for DigitalOcean it is in the email, for Vultr it is in the server detail page), and then right click to paste, and hit enter.

5.) If successful, you will see this screen and at the bottom it will ask you for the same password again. Right click to paste and hit enter. Then you can “enter new password”, choose a new strong password. 

If all goes well you should see this:

Great! Now we are ready to install Shadowsocks onto our VPS!

Step 3: Install Shadowsocks onto VPS

The following steps require some familiarity with Linux commands. If you get the following comic you are good to go.

If you have no idea what the comic means, do not fear. It is simple, all you have to do is follow along and copy and paste each line into Putty! Just copy everything to the right of the $, like the picture below.

Example:

Copy the following text (everything to the right of $ ) and paste it into PuttY by click on the “right” button on your mouse or trackpad

$ sudo apt-get update

After you paste the text, hit enter and you should see something happen and eventually it will finish up and look something similar to this:

Great! It is really that simple!

Now we are ready to move onto the real stuff.

1.) Update everything.

$ sudo apt-get update

2.) Install Shadowsocks with two commands.

$ sudo apt-get install python-pip

You will be presented with “Do you want to continue? [Y/n]”

Type capital Y and click enter.

$ sudo pip install shadowsocks

But wait, it wants me to update to pip 10, that’s fine just follow the recommended output.

3.) Shadowsocks supports a number of encryption methods. For optimized performance, we suggest using the ChaCha20 encryption method. However, we need to install it first. Below are the commands to setup the ChaCha20 encryption. 

Enter the following commands one at a time, and make sure to wait until the command finishes before entering the next time.

$ apt-get install python-m2crypto

$ apt-get install build-essential

$ wget https://github.com/jedisct1/libsodium/releases/download/1.0.16/libsodium-1.0.16.tar.gz

$ tar xf libsodium-1.0.16.tar.gz && cd libsodium-1.0.16

$ ./configure && make -j2

$ make install

$ sudo ldconfig

If you are presented with the following screen, you have succeeded and are you are ready to proceed to the next step.

4.) Now let’s create a config file for Shadowsocks, which should be created as “/etc/shadowsocks.json”. Let’s use the nano editor to do so.

$ nano /etc/shadowsocks.json

A black screen will show up and we need to paste the following information into the blank area.

NOTE: Replace the “your_droplet’s_IP_address“, with your own droplet IP, and “your_password” with the new password you of your choice. Make sure the information is inside the quotations. Also we will use “aes-256-cfb” for method, as it offers reasonable confidentiality when using. We can always change to another method later on if you need to troubleshoot or adjust the level of security/ speed. For further reading about methods visit: https://shadowsocks.org/en/spec/Stream-Ciphers.html

{
    "server":"your_droplet's_IP_address",
    "server_port":8000,
    "local_port":1080,
    "password":"your_password",
    "timeout":600,
    "method":"aes-256-cfb"
}

It should look something like this, but with your own IP address and password.

If yours look like the same, you can save the file. Enter following three commands in order one by one:

 Ctrl+x

Y

Enter

5.) Next we need to configure the firewall to allow the port number 8000 to be used.

$ ufw allow 8000

$ ufw allow 22

Then enable the firewall

$ ufw enable

“Command may disrupt existing ssh connections. Proceed with operation (y|n)?” will appear. Click “Y + Enter” to accept.

Now we can check if the firewall allows port 8000

$ ufw status verbose

If you see the same thing as what is stated in the picture, your firewall is set up.

6.) Now we need to start our shadowsocks sever with this command.

$ ssserver -c /etc/shadowsocks.json -d start

If you see this message then it means you have succeeded.

In the future, if you want to stop the Shadowsocks server, use this command:

$ ssserver -c /etc/shadowsocks.json -d stop

If you want to restart the Shadowsocks server, use this command:

$ ssserver -c /etc/shadowsocks.json -d restart

7.) There’s one more thing we need to set up. We need to make sure every time the server reboots our Shadowsocks server will be started automatically. To do so, let’s use nano to edit the following file:

$ nano /etc/rc.local

In the file opened, add the following line to the bottom, before “exit 0”:

/usr/bin/python /usr/local/bin/ssserver -c /etc/shadowsocks.json -d start

Like this:

Then save and exit with the Ctrl+x, y, Enter combo.

 Ctrl+x

Y

Enter

And that is it. Everything is completed.

So everything we’ve done up to here is the bare minimum to get a Shadowsock server running. If that is all you want then you can move on to the next part. 

If you would like to optimize your Shadowsocks server, follow along. If not move on to Step 4.

Optional: Shadowsocks Server Optimization

1.) By default, our Shadowsocks server might not be able handle a lot of traffic. If you want it to be able to handle a large amount of concurrent connections, you need to increase the max number of open file descriptors. 

$ nano /etc/security/limits.conf

And add the following lines to the bottom, before the # End of file

* soft nofile 51200
* hard nofile 51200

Note: Don’t skip the “*” symbols as they are parts of the lines.

Then save and exit with the Ctrl+x, y, Enter, combo.

Ctrl+x

Y

Enter

Then we need to temporarily stop the Shadowsocks server:

$ ssserver -c /etc/shadowsocks.json -d stop

And then set the ulimit:

$ ulimit -n 51200

Then let’s tune the kernel parameters by editing the /etc/sysctl.conf file:

$ nano /etc/sysctl.conf

And add the following info to the end of the file:

fs.file-max = 51200

net.core.rmem_max = 67108864
net.core.wmem_max = 67108864
net.core.netdev_max_backlog = 250000
net.core.somaxconn = 4096

net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_tw_recycle = 0
net.ipv4.tcp_fin_timeout = 30
net.ipv4.tcp_keepalive_time = 1200
net.ipv4.ip_local_port_range = 10000 65000
net.ipv4.tcp_max_syn_backlog = 8192
net.ipv4.tcp_max_tw_buckets = 5000
net.ipv4.tcp_fastopen = 3
net.ipv4.tcp_mem = 25600 51200 102400
net.ipv4.tcp_rmem = 4096 87380 67108864
net.ipv4.tcp_wmem = 4096 65536 67108864
net.ipv4.tcp_mtu_probing = 1
net.ipv4.tcp_congestion_control = cubic

Like so:

Then save and exit with the Ctrl+x, y, Enter combo.

 Ctrl+x

Y

Enter

To make our changes take effect, run this command:

$ sysctl -p

And then restart the Shadowsocks server:

$ ssserver -c /etc/shadowsocks.json -d start

If you see this, you have succeeded and are finished!

Step 4: Download Shadowsocks client for devices

Visit the official Shadowsocks website and download the client that corresponds with your device.

https://shadowsocks.org/en/download/clients.html

Step 5: Enter server credentials into Shadowsocks client

1.) In order to import the profile with the server information and password we need to encrypt the server information. We do this by entering our credentials to the official Shadowsocks URL and QR code section:

https://shadowsocks.org/en/config/quick-guide.html

So the formula is this:

Plain URL

ss://method:[email protected]:port

And we fill out the above info with our respective method, password, server IP address, and port into the input box at “Try it yourself” section at the bottom.

So for example, I will show you the info for the server I set up in step 3 in the shadowsocks.json file.

And the output is this:

2.) Copy the encoded text that is generated for you and paste it into the Shadowsocks client, or if you are using a mobile phone, scan the QR Code. 

Then you should see this if the code is correct.

If you see this, then something went wrong.

***3.) If you get the “Invalid Access Key” message, you need to go back and check the info.
It should correspond with your shadowsocks.json file. You can access it by typing this into Putty:

$ nano /etc/shadowsocks.json

And that is it! 

Step 6: Connect to Shadowsocks server

It is very easy to use the Shadowsocks client. After you load your secret into the client, or scanned the QR code with your mobile phone via Shadowsocks APP, you just click on Connect. I have noticed that on average connections are established much more quickly than VPNs using the OpenVPN protocol. 

Windows Outline client before connecting:

Windows Outline client after connecting:

Android Shadowsocks client before connecting:

Android Shadowsocks client after connecting: