mac配置ss记录
习惯使用Google,就不想用用百度了,fck the fw,走清末闭关政策,买的付费tunnel又不靠谱,而且还有隐私/安全问题,无奈只能自己搭一个了
1 服务器
服务器可以选择AWS,阿里云,或者国外的一些VPS,只要买国外区域的,配置1c1g,加一个公网IP(EIP) 就好了,然后登录方式选择密钥登录,取消密码登录
#####1.1 配置系统参数
Create /etc/sysctl.d/local.conf with the following content:
# max open files
fs.file-max = 51200
# max read buffer
net.core.rmem_max = 67108864
# max write buffer
net.core.wmem_max = 67108864
# default read buffer
net.core.rmem_default = 65536
# default write buffer
net.core.wmem_default = 65536
# max processor input queue
net.core.netdev_max_backlog = 4096
# max backlog
net.core.somaxconn = 4096
# resist SYN flood attacks
net.ipv4.tcp_syncookies = 1
# reuse timewait sockets when safe
net.ipv4.tcp_tw_reuse = 1
# turn off fast timewait sockets recycling
net.ipv4.tcp_tw_recycle = 0
# short FIN timeout
net.ipv4.tcp_fin_timeout = 30
# short keepalive time
net.ipv4.tcp_keepalive_time = 1200
# outbound port range
net.ipv4.ip_local_port_range = 10000 65000
# max SYN backlog
net.ipv4.tcp_max_syn_backlog = 4096
# max timewait sockets held by system simultaneously
net.ipv4.tcp_max_tw_buckets = 5000
# turn on TCP Fast Open on both client and server side
net.ipv4.tcp_fastopen = 3
# TCP receive buffer
net.ipv4.tcp_rmem = 4096 87380 67108864
# TCP write buffer
net.ipv4.tcp_wmem = 4096 65536 67108864
# turn on path MTU discovery
net.ipv4.tcp_mtu_probing = 1
# for high-latency network
net.ipv4.tcp_congestion_control = hybla
# for low-latency network, use cubic instead
# net.ipv4.tcp_congestion_control = cubic
Then:
sysctl --system
Older system:
sysctl -p /etc/sysctl.d/local.conf
2 服务端
ssh登录到远端服务器
#####2.1 安装shadowsocks
pip install shadowsocks
#####2.2 编辑/etc/shadowsocks.json
{
"server":"my_server_ip",
"server_port":8388,
"local_address": "127.0.0.1",
"local_port":1080,
"password":"mypassword",
"timeout":300,
"method":"aes-256-cfb",
"fast_open": false
}
Explanation of the fields:
| Name | Explanation |
|---|---|
| server | the address your server listens |
| server_port | server port |
| local_address | the address your local listens |
| local_port | local port |
| password | password used for encryption |
| timeout | in seconds |
| method | default: “aes-256-cfb”, see Encryption |
| fast_open | use TCP_FASTOPEN, true / false |
| workers | number of workers, available on Unix/Linux |
2.3 启动server
ssserver -c /etc/shadowsocks.json -d start
日志默认在/var/log/shadowsocks.log
3 客户端(mac)
3.1 下载ShadowsocksX-NG
https://github.com/shadowsocks/ShadowsocksX-NG
输入服务端IP及配置的密码,即可连接
3.2 终端配置
编辑配置文件/etc/profile
function proxy_off(){
unset http_proxy
unset https_proxy
git config --global unset http.proxy
git config --global unset https.proxy
echo -e "已关闭代理"
}
function proxy_on() {
git config --global http.proxy 'socks5://127.0.0.1:1080'
git config --global https.proxy 'socks5://127.0.0.1:1080'
export no_proxy="localhost,127.0.0.1,localaddress,.localdomain.com"
export http_proxy="http://127.0.0.1:1080"
export https_proxy=$http_proxy
echo -e "已开启代理"
}
proxy_on
source /etc/profile
p.s. git的配置对于http协议的git clone是有效的,而且速度受限于购买的机器的带宽,如果带宽只有1m的话,建议还是不要加这个选项了