Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/HirbodBehnam/Shadowsocks-Cloak-Installer

A one-key script to setup Cloak plugin with Shadowsocks on your server
https://github.com/HirbodBehnam/Shadowsocks-Cloak-Installer

bash censorship-circumvention cloak cloak-installer cloak-server installer plugin proxy proxy-server shadowsocks

Last synced: 1 day ago
JSON representation

A one-key script to setup Cloak plugin with Shadowsocks on your server

Awesome Lists containing this project

README

        

# Cloak Installer With Shadowsocks
A script to install Cloak in your server with or without shadowsocks.

## Why this installer?
* Install with some simple copy and pasting
* Install Shadowsocks if you want it
* Show QRCode and `ss://` link at the end (Only for shadowsocks)
* User Management
* Automatic service configuration
* Automatically setup firewall
* Support Debian, Ubuntu, CentOS and Raspbian Buster
## What is [Cloak](https://github.com/cbeuw/Cloak)?
Cloak is a universal pluggable transport that cryptographically obfuscates proxy traffic as legitimate HTTPS traffic, disguises the proxy server as a normal web server, multiplexes traffic through multiple TCP connections and provides multi-user usage control.

Cloak eliminates any "fingerprints" exposed by traditional proxy protocol designs which can be identified by adversaries through deep packet inspection. If a non-Cloak program or an unauthorized Cloak user (such as an adversary's prober) attempts to connect to Cloak server, it will serve as a transparent proxy between said machine and an ordinary website, so that to any unauthorized third party, a host running Cloak server is indistinguishable from an innocent web server. This is achieved through the use a series of [cryptographic steganography techniques](https://github.com/cbeuw/Cloak/wiki/Steganography-and-encryption).

Since Cloak is transparent, it can be used in conjunction with any proxy software that tunnels traffic through TCP, such as Shadowsocks, OpenVPN and Tor. Multiple proxy servers can be running on the same server host machine and Cloak server will act as a reverse proxy, bridging clients with their desired proxy end.

Cloak multiplexes traffic through multiple underlying TCP connections which reduces head-of-line blocking and eliminates TCP handshake overhead.

Cloak provides multi-user support, allowing multiple clients to connect to the proxy server on the same port (443 by default). It also provides QoS controls for individual users such as data usage limit and bandwidth control. [source](https://github.com/cbeuw/Cloak#cloak)
## The Script
### Compatibility
The script should work with these operating systems:
* CentOS 7 / 8
* Debian 8 / 9 / 10 / 11 (Thanks to [@xiamaz](https://github.com/xiamaz))
* Ubuntu 16 / 18 / 20
* Raspbian Buster (Thanks to Raphael)

arm, arm64, amd64 and i386 architectures are supported.
#### Tested On (I will test others too)
* Ubuntu 20.04 LTS Server amd64
* Debian 11 amd64
* Centos 7 amd64
* Raspbian Buster
### Installing Cloak 2 Plugin
Copy and execute this command:
```bash
curl -o Cloak-Installer.sh -L https://git.io/fj5mh && bash Cloak-Installer.sh
```
Answer questions and wait until the setup finishes installing. Installing the shadowsocks is optional.
#### Install Openvpn or Tor with Cloak
Please read [here](https://github.com/cbeuw/Cloak/wiki/Underlying-proxy-configuration-guides). The tutorial is just fine! It is recommended to install the openvpn or tor before installing my script.

Also [here](https://github.com/angristan/openvpn-install) is an script to install openvpn.

After you set up the openvpn or tor, re-run the script. If you had the Cloak installed, you can use `Change Forwarding Rules` to add the address to proxy. If you are installing, when the script asks for custom rule, select yes and define it there.
#### Post-Install
After installing, re-run the script to either uninstall the proxy, add or delete users, generate QR codes for shadowsocks, or change the forwarding rules.

Also script creates a service named `cloak-server`.
### Installing Shadowsocks With Cloak 1 Plugin
Copy and execute this command:
```bash
curl -o Shadowsocks-Cloak-Installer.sh -L https://git.io/fjECg && bash Shadowsocks-Cloak-Installer.sh
```
Answer questions and wait until the setup finishes installing. You can scan the QR Code after or use `ss://` link or even enter server config manually.
#### Post-Install
After installing, re-run the script to either uninstall the proxy or regenerate QR code and `ss://` link and configs.

Also script creates a service named `shadowsocks-server`. **DO NOT USE shadowsocks-libev service.**
## Shadowsocks Client Setup
### Android
On Android at first download shadowsocks client from [Google Play](https://play.google.com/store/apps/details?id=com.github.shadowsocks). Then download and install Cloak APK from [here](https://github.com/cbeuw/Cloak-android/releases). Then simply scan the QR Code generated by script.
### Linux
At first install shadowsocks-libev. [More Info](https://github.com/shadowsocks/shadowsocks-libev#installation). Download [this](https://raw.githubusercontent.com/cbeuw/Cloak/master/example_config/ckclient.json) file and edit it with your server arguments. Then download one of the clients suitable for your linux from [here](https://github.com/cbeuw/Cloak/releases) (You may need to run `chmod +x ck-client-linux-XXX` to make it executable). Run client like this:
```bash
ss-local -s -p -l 1080 -k -m --plugin path/to/ck-client-linux-XXX --plugin-opts path/to/ckclient.json
```
You can connect to your shadowsocks with socks or http proxy set on localhost and 1080 port.
### iOS
It looks like that [this](https://apps.apple.com/us/app/shadowrocket/id932747118) app does support cloak but I haven't tested it.
### Windows
At first install [shadowsocks windows](https://github.com/shadowsocks/shadowsocks-windows/releases). Then download cloak for windows from [here](https://github.com/cbeuw/Cloak/releases). If you are using a 32-bit system, download `ck-client-windows-386-X.exe
` if your system is 64-bit use `ck-client-windows-amd64-X.exe`. Then use the QR Code or `ss://` link to import the server.

The program will give you an error that shadowsocks cannot find `ck-client` or something like this. Click OK and go to Edit Servers. Then write the absolute path to ck-client file in Plugin Program. Example of path: `C:\Users\Hirbod\Downloads\Programs\ck-client-windows-amd64-2.1.3.exe`
## Non-Shadowsocks Client Setup
At first download the suitable plugin from [here](https://github.com/cbeuw/Cloak/releases). Then download the `ckclient.json` and change it as you need it. [link](https://github.com/cbeuw/Cloak/blob/master/example_config/ckclient.json). Then run the ck-client like this:
```bash
./ck-client -s -p -l -c
```

If you need to setup Tor or Openvpn with Cloak read [here](https://github.com/cbeuw/Cloak/wiki/Underlying-puration-guides)
## Next Steps
### FAQ
[Cloak V1 FAQ](https://github.com/HirbodBehnam/Shadowsocks-Cloak-Installer/wiki/FAQ)

Cloak V2 FAQ (Soon...)
### BBR
At first what is BBR?

**TL;DR: It speeds up TCP connections = Faster Server**

BBR or Bottleneck Bandwidth and Round-trip propagation time (BBR) is a TCP congestion control algorithm developed at Google in 2016. While most congestion control algorithms are loss-based, in that they rely on packet loss as a signal to lower rates of transmission, BBR is model-based. The algorithm uses the maximum bandwidth and round-trip time at which the network delivered the most recent flight of outbound data packets to build an explicit model of the network. Each cumulative or selective acknowledgment of packet delivery produces a rate sample which records the amount of data delivered over the time interval between the transmission of a data packet and the acknowledgment of that packet. As network interface controllers evolve from megabit per second to gigabit per second performance, packet loss should no longer be considered the primary determining factor in identifying congestion, making model-based congestion control algorithms which provide higher throughput and lower latency, such as BBR, a more reliable alternative to more popular algorithms like CUBIC. [Source](https://en.wikipedia.org/wiki/TCP_congestion_control#TCP_BBR)
#### How to setup BBR?
The requirement to enable BBR is to have Linux Kernel 4.9 or higher. If you do, you can enable BBR like this:
```bash
echo 'net.core.default_qdisc=fq' | sudo tee -a /etc/sysctl.conf
echo 'net.ipv4.tcp_congestion_control=bbr' | sudo tee -a /etc/sysctl.conf
sysctl -p
```
To check if it is enabled:
```bash
sysctl net.ipv4.tcp_available_congestion_control
# This should include bbr in it
sysctl -n net.ipv4.tcp_congestion_control
# This one should be bbr
lsmod | grep bbr
# The output will be similar to "tcp_bbr 16384 0"
```
If your kernel is not 4.9 or higher just search how to upgrade it.

Here are some handy links to install BBR and upgrade kernel:

[CentOS](https://www.vultr.com/docs/how-to-deploy-google-bbr-on-centos-7)

[Ubuntu 16 and 17](https://www.linuxbabe.com/ubuntu/enable-google-tcp-bbr-ubuntu)
### Whole System Tunnel VPN
Shadowsocks cannot natively route all traffic. You can use some apps like SocksCap or other stuff to route applications through shadowsocks.

If you want a VPN you can use [wireguard](https://github.com/l-n-s/wireguard-install) or [openvpn](https://github.com/angristan/openvpn-install).
### Server
You can use any VPS or Dedicated Server. If you want a cheap and low-end server, I personally recommend to buy one at [Virmach](https://virmach.com/); They also accept cryptos!
### Donations
You can donate to me through bitcoin at `1XDgEkpnkJ7hC8Kwv5adfaDC1Z3FrkwsK`, Ethereum at `0xbb527a28B76235E1C125206B7CcFF944459b4894`, ZCash at `t1ZKYrYZCjxDYvo6mQaLZi3gNe2a6MydUo3` and Bitcoin Gold at `GcNgxfyR3nnAsD3Nhuckvq14sXYuDFkK9P`