Content Debian Debian Server Linux proxy server shadowsocks-libev

How to Install Shadowsocks-Libev Proxy Server on Debian 9 Stretch VPS

install shadowsocks-libev on debian 9 server

This tutorial will probably be displaying you ways to set up Shadowsocks proxy server on a Debian 9 VPS (Digital Personal Server). Shadowsocks is a light-weight , tremendous quick and safe Socks5 proxy that can be utilized to bypass Web censorship. Additionally, you will find out how to arrange Shadosocks-libev shopper on Debian 9 desktop.

There are numerous implementations of Shadowsocks, this tutorial exhibits you ways to use Shadowsocks-libev, as a result of

  • It’s written in C, very quick even on low-end machine.
  • It’s well-maintained.
  • It’s probably the most feature-rich implementation. TCP quick open, multiuser, administration API, redirect mode, tunnel mode, UDP relay, AEAD ciphers and plugins are all supported.


To finish this tutorial, you’ll need:

How to Install Shadowsocks-libev Server on Debian 9 VPS

Upon getting put in Debian 9 on your VPS. Log into your server by way of SSH. Shadowsocks-libev is included within the default Debian 9 repository, nevertheless it’s outdated. As a matter of reality, the outdated model doesn’t work on my server anymore. I advisable putting in it from Debian 9 stretch-backports repository, which accommodates the newest model of Shadowsocks-libev, so that you simply get safety updates and bug fixes.

To allow stretch-backports repository, you want to edit sources.listing file.

sudo nano /and so forth/apt/sources.listing

Add the next line on the backside of this file.

deb stretch-backports major

Save and shut the file. Then replace native package deal index.

sudo apt replace

After that, set up Shadowsocks-libev from stretch-backports repository.

sudo apt -t stretch-backports set up shadowsocks-libev

To examine the model quantity, run

ss-server -v

Pattern output:

shadowsocks-libev three.1.three

The sodium crypto library (libsodium) can be put in together with shadowsocks-libev. It’s a requirement if you need to use the safe and quick ChaCha20-Poly1305 encryption technique. As soon as it’s put in, Shadowsocks-libev will routinely begin with the default configuration file. You possibly can examine its standing with:

systemctl standing shadowsocks-libev


● shadowsocks-libev.service – Shadowsocks-libev Default Server Service
Loaded: loaded (/lib/systemd/system/shadowsocks-libev.service; enabled; vendor preset: enabled
Lively: lively (operating) since Wed 2018-04-25 06:18:55 UTC; 3min 47s in the past
Docs: man:shadowsocks-libev(eight)
Primary PID: 28728 (ss-server)
CGroup: /system.slice/shadowsocks-libev.service
└─28728 /usr/bin/ss-server -c /and so forth/shadowsocks-libev/config.json -u

As you’ll be able to see, it’s operating and auto-start at boot time is enabled. If it’s not operating, you can begin it with:

sudo systemctl begin shadowsocks-libev

To enabled auto-start at boot time, run:

sudo systemctl allow shadowsocks-libev

Now we’d like to edit the default configuration file.

sudo nano /and so forth/shadowsocks-libev/config.json

Default contents of the file are as follows.


Substitute together with your Debian server’s public IP tackle. You’ll be able to change server_port to different port quantity, however don’t use port 8388. Then set your most popular password, which is used to encrypt visitors. It is suggested that you simply substitute null with chacha20-ietf-poly1305 because the encryption technique. Right here’s an instance of my configuration.

install shadowsocks-libev on debian 9 server

Save and shut the file. Then restart Shadowsocks-libev for the modifications to take impact.

sudo systemctl restart shadowsocks-libev

Install and Configure Shadowsocks-libev Shopper on Debian 9 Desktop

The shadowsocks-libev package deal incorporates each the server software program and shopper software program. So simply use the tactic talked about above to set up Shadowsocks-libev on Debian 9 desktop.

Observe: On Debian 9, Shadowsocks-libev (the server) will mechanically begin after being put in. You want to cease Shadowsocks server on Debian 9 desktop.

sudo systemctl cease shadowsocks-libev

Additionally disable auto-start at boot time.

sudo systemctl disable shadowsocks-libev

The Shadowsocks shopper binary is known as ss-local. There’s a template systemd service unit for it: /lib/systemd/system/[email protected]. Earlier than beginning the shopper, we’d like to create the shopper aspect configuration file.

sudo nano /and so on/shadowsocks-libev/location-of-your-server.json

You possibly can exchange location-of-your-server with one thing like SFO, LAX. Copy the Shadowsocks-libev server config to the shopper config file, then add the next line to inform the shopper to pay attention on


So the shopper config file will appear to be this:


Save and shut the file. Then we will begin the shopper with:

sudo systemctl begin [email protected]location-of-your-server.service

And allow auto-start at boot time.

sudo systemctl allow [email protected]location-of-your-server.service

Examine its standing. Make certain it’s operating.

systemctl standing [email protected]location-of-your-server.service

Now the ss-local course of listens on on your Ubuntu desktop and it’s related to your Shadowsocks server.

Configure Net Browser to Use the Socks Proxy

To let your program use a socks proxy, this system should help socks proxy. Packages like Firefox quantum, Google Chrome and Dropbox permits customers to use proxy. I’ll present you ways to configure Firefox and Google Chrome.


In Firefox, go to Edit > Preferences > Basic. Then scroll down to the underside and click on Settings in Community Proxy. Within the Connection Settings window, choose guide proxy configuration. Then choose SOCKS v5 as a result of Shadowsocks is a Socks5 proxy. Enter within the SOCKS Host subject and 1080 within the port area. Make sure that Proxy DNS when utilizing SOCKS v5 is enabled. Click on OK to apply these modifications.


Google Chrome

Google Chrome and Chromium Linux model don’t have a GUI to configure proxy, however you should use command line choices like under.

google-chrome –proxy-server=”socks5://″


chromium-browser –proxy-server=”socks5://″

You can too set up and use the SwitchOmega extension configure proxy so that you don’t have to sort command within the terminal window.

DNS Leak Check

Go to You will notice your Shadowsocks server’s IP handle, which signifies that your proxy is working.


Click on Standardard check. Be certain that your native ISP isn’t within the check outcomes.



TCP BBR is a TCP congestion management algorithm that may drastically enhance connection velocity. Comply with the tutorial under to allow TCP BBR on Debian 9 server. You don’t have to allow it on Debian 9 desktop. The tutorial linked under is for Ubuntu, but in addition applies to Debian.

Allow TCP Quick Open

You possibly can velocity up Shadowsocks a bit bit extra by enabling TCP quick open. TCP is connection-oriented protocol, which suggests knowledge can solely be exchanged after a connection is established, which is completed by way of the three-way handshake. In different phrases, historically, knowledge can solely be exchanged after the three-way handshake is full. TCP quick open (TFO) is a mechanism that permits knowledge to be exchanged earlier than three-way handshake is full, saving up to 1 round-trip time (RTT).

TCP quick open help is merged to Linux kernel since model three.7 and enabled by default since model three.13. You possibly can examine your kernel model by operating:

uname -r

To verify TCP quick open configuration on your Debian server, run

cat /proc/sys/internet/ipv4/tcp_fastopen

It will possibly return four values.

  • zero means disabled.
  • 1 means it’s enabled for outgoing connection (as a shopper).
  • 2 means it’s enabled for incoming connection (as a server).
  • three means it’s enabled for each outgoing and incoming connection.

All my debian servers returned 1 after operating the above command. We would like tcp_fastopen set to three on our server. To realize that, we will edit the sysctl configuration file.

sudo nano /and so on/sysctl.conf

Then paste the next line on the finish of the file.


Reload sysctl settings for the change to take impact.

sudo sysctl -p

Then additionally, you will want to allow TCP quick open in Shadowsocks configuration file.

sudo nano /and so on/shadowsocks-libev/config.json

Add the next line.

“fast_open”: true

So your Shadowsocks server configuration file will seem like this:

“fast_open”: true

Word that final config line has not comma. Save and shut the file. Then restart Shadowsocks server.

sudo systemctl restart shadowsocks-libev

Examine if it’s operating. (An error in configuration file can forestall it from restarting.)

systemctl standing shadowsocks-libev

You additionally want to edit the Shadowsocks shopper configuration file and restart it to allow TCP quick open on Debian 9 desktop.

For extra utilization on Shadowsocks, examine the guide.

man shadowsocks-libev

That’s it! I hope this tutorial helped you put in Shadowsocks-libev proxy on Debian 9 server and desktop. As all the time, in case you discovered this publish helpful, then subscribe to our free publication to get extra ideas and tips. Take care.

Price this tutorial

[Total: 6 Average: 4.3]

(perform(d, s, id)
var js, fjs = d.getElementsByTagName(s)[0];
if (d.getElementById(id)) return;
js = d.createElement(s); = id;
js.src = “//”;
fjs.parentNode.insertBefore(js, fjs);
(doc, ‘script’, ‘facebook-jssdk’));