这部分属于进阶操作,在你使用Shadowsocks时感觉到延迟较大,或吞吐量较低时,可以考虑对服务器端进行优化。
开启BBR
BBR系Google最新开发的TCP拥塞控制算法,目前有着较好的带宽提升效果,甚至不比老牌的锐速差。
升级Linux内核
BBR在Linux kernel 4.9引入。首先检查服务器kernel版本:Bash
uname -r
如果其显示版本在4.9.0之下,则需要升级Linux内核,否则请忽略下文。
更新包管理器:Bash
sudo apt update
查看可用的Linux内核版本:Bash
sudo apt-cache showpkg linux-image
找到一个你想要升级的Linux内核版本,如“linux-image-4.10.0-22-generic”:Bash
sudo apt install linux-image-4.10.0-22-generic
等待安装完成后重启服务器:Bash
sudo reboot
删除老的Linux内核:Bash
sudo purge-old-kernels
开启BBR
运行lsmod | grep bbr
,如果结果中没有tcp_bbr
,则先运行:Bash
modprobe tcp_bbr
echo "tcp_bbr" >> /etc/modules-load.d/modules.conf
运行:Bash
echo "net.core.default_qdisc=fq" >> /etc/sysctl.conf
echo "net.ipv4.tcp_congestion_control=bbr" >> /etc/sysctl.conf
运行:Bash
sysctl -p
保存生效。运行:Bash
sysctl net.ipv4.tcp_available_congestion_control
sysctl net.ipv4.tcp_congestion_control
若均有bbr
,则开启BBR成功。
优化吞吐量
新建配置文件:Bash
sudo nano /etc/sysctl.d/local.conf
复制粘贴:
# max open files
fs.file-max = 51200
# max read buffer
net.core.rmem_max = 67108864
# max write buffer
net.core.wmem_max = 67108864
# default read buffer
net.core.rmem_default = 65536
# default write buffer
net.core.wmem_default = 65536
# max processor input queue
net.core.netdev_max_backlog = 4096
# max backlog
net.core.somaxconn = 4096
# resist SYN flood attacks
net.ipv4.tcp_syncookies = 1
# reuse timewait sockets when safe
net.ipv4.tcp_tw_reuse = 1
# turn off fast timewait sockets recycling
net.ipv4.tcp_tw_recycle = 0
# short FIN timeout
net.ipv4.tcp_fin_timeout = 30
# short keepalive time
net.ipv4.tcp_keepalive_time = 1200
# outbound port range
net.ipv4.ip_local_port_range = 10000 65000
# max SYN backlog
net.ipv4.tcp_max_syn_backlog = 4096
# max timewait sockets held by system simultaneously
net.ipv4.tcp_max_tw_buckets = 5000
# turn on TCP Fast Open on both client and server side
net.ipv4.tcp_fastopen = 3
# TCP receive buffer
net.ipv4.tcp_rmem = 4096 87380 67108864
# TCP write buffer
net.ipv4.tcp_wmem = 4096 65536 67108864
# turn on path MTU discovery
net.ipv4.tcp_mtu_probing = 1
net.ipv4.tcp_congestion_control = bbr
运行:Bash
sysctl --system
编辑之前的shadowsocks-server.service文件:Bash
sudo nano /etc/systemd/system/shadowsocks-server.service
在ExecStart
前插入一行,内容为:
ExecStartPre=/bin/sh -c 'ulimit -n 51200'
即修改后的shadowsocks-server.service内容为:
[Unit]
Description=Shadowsocks Server
After=network.target
[Service]
ExecStartPre=/bin/sh -c 'ulimit -n 51200'
ExecStart=/usr/local/bin/ssserver -c /etc/shadowsocks/config.json
Restart=on-abort
[Install]
WantedBy=multi-user.target
Ctrl + O
保存文件,Ctrl + X
退出。
重载shadowsocks-server.service:Bash
sudo systemctl daemon-reload
重启Shadowsocks:Bash
sudo systemctl restart shadowsocks-server
开启TCP Fast Open
TCP Fast Open可以降低Shadowsocks服务器和客户端的延迟。实际上在上一步已经开启了TCP Fast Open,现在只需要在Shadowsocks配置中启用TCP Fast Open。
编辑config.json:Bash
sudo nano /etc/shadowsocks/config.json
将fast_open
的值由false
修改为true
。Ctrl + O
保存文件,Ctrl + X
退出。
重启Shadowsocks:Bash
sudo systemctl restart shadowsocks-server
注意:TCP Fast Open同时需要客户端的支持,即客户端Linux内核版本为3.7.1及以上;你可以在Shadowsocks客户端中启用TCP Fast Open。
至此,Shadowsock服务器端的优化已经全部完成了!