How To Install ShadowSocks Server On Amazon EC2 Linux

In article How To Install ShadowSocks On Google Cloud Linux, we have learnt how to setup and configure ShadowSocks server on google cloud linux, but how about amazon EC2 instance, this article will tell you how to do it in amazon EC2 Ubuntu linux with some tricks.

1. Launch Amazon EC2 Linux Instance.

  1. Login to https://aws.amazon.com with your amazon aws account.
  2. Go to amazon aws management console. Click EC2 link to go to amazon EC2 dashboard.
  3. Click Instances link in left panel. Then click Launch Instance button menu in right panel to create a new instance.
    launch a new amazon ec2 instance
  4. Select Ubuntu OS in next wizard.
    amazon instance type is ubuntu
  5. Choose one EC2 instance type such as t2.nano is enough for our use. And then click Review and Launch button to launch the instance.
  6. Please save the generated private key file ( .pem file ) carefully, this is useful when you use ssh client to connect to the Ubuntu linux server later.

2. How To Regenerate Amazon EC2 Instance Private Key File.

Some time you may lost the EC2 instance private key file, but you can not regenerate the private key file again to assign it to the original EC2 instance. In this case you should follow below steps to resolve this issue.

  1. Stop the original EC2 instance.
  2. Create one snapshot of original instance.
  3. Use the snapshot to duplicate a new server and then you can create a new private key file during the process.

3. Use SSH Client To Connect To The EC2 Ubuntu Linux Instance.

Now the Ubuntu server has been created and started, we should use SSH client to connect to it.

  1. In the EC2 instances list page, right click the new instance, then click Connect menu item in the popup menu list to open the connect dialog.
    connect to ec2 linux instance
  2. You have two method to connect to the Ubuntu instance, use ssh client or java ssh.
  3. We will tell you how to use ssh client to connect to the EC2 Linux server.
  4. Open a terminal and run below command in it.
    $ ssh -i "ec2 instance private key file (.pem file) save path " [email protected] DNS(PIv4)
  5. Below is an ssh connect string example.
    $ ssh -i "/Users/.../amazon-proxy-server-japan.pem" [email protected]
  6. But you may encounter error like below during the connect process.
    @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
    @         WARNING: UNPROTECTED PRIVATE KEY FILE!          @
    @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
    Permissions 0644 for '/home/.../privatekey/abc.pem' are too open.
    It is recommended that your private key files are NOT accessible by others.
    This private key will be ignored.
    bad permissions: ignore key: /home/xxx/Documents/CloudFloorWestPem/cloudfloor-west.pem
    Permission denied (publickey).
  7. This is because the private key file (.pem)’s permission is not correct, you should remove other group/users permission from the .pem file, so run below command to change the .pem file permission.
    chmod og-r /home/.../privatekey/abc.pem
  8. Now run the ssh command again, you can login to amazon EC2 Ubuntu Linux server successfully.
READ :   How To Install ShadowSocks On Google Cloud Linux

4. Install ShadowSocks Server And Start It In Amazon EC2 Ubuntu Linux Successfully.

  1. Install ShadowSocks server follow article How To Setup ShadowSocks VPN On Mac, Windows And Linux Linux section.
  2. When you start the ShadowSocks server with below command.
    $ ssserver -c /etc/shadowsocks/config.json start
  3. You may encounter error message socket.error: [Errno 99] Cannot assign requested address.
    [email protected]:~# ssserver -c /etc/shadowsocks/config.json start
    INFO: loading config from /etc/shadowsocks/config.json
    2018-11-30 11:45:00 INFO     loading libcrypto from libcrypto.so.1.1
    2018-11-30 11:45:00 INFO     starting server at 54.199.236.197:9090
    Traceback (most recent call last):
      File "/usr/bin/ssserver", line 11, in <module>
        load_entry_point('shadowsocks==2.9.0', 'console_scripts', 'ssserver')()
      File "/usr/lib/python2.7/dist-packages/shadowsocks/server.py", line 74, in main
        tcp_servers.append(tcprelay.TCPRelay(a_config, dns_resolver, False))
      File "/usr/lib/python2.7/dist-packages/shadowsocks/tcprelay.py", line 733, in __init__
        server_socket.bind(sa)
      File "/usr/lib/python2.7/socket.py", line 228, in meth
        return getattr(self._sock,name)(*args)
    socket.error: [Errno 99] Cannot assign requested address
  4. This is because your ShadowSocks server ip configuration value is not correct.
  5. Open /etc/shadowsocks/confg.json file with vim.
    $ vim /etc/shadowsocks/confg.json
  6. Update the server ip address value to 0.0.0.0 in config.json file, then the ShadowSocks server can be started successfully.

5. Edit EC2 Linux Instance Used Security Group.

Now you have installed ShadowSocks server in amazon EC2 Ubuntu Linux instance successfully. Next you need to configure a security rule for the EC2 instance to enable client to access the ShadowSocks server.

  1. Click your EC2 instance’s security group link at the end of the instance list page instance row. In this example the ShadowSocks server instance’s security group link name is launch-wizard-3.
    amazon ec2 instance security group link
  2. Click Inbound tab in the open page, then click the Edit button. Click Add Rule button to add new rules. Select Custom TCP in the Type list, select TCP protocol, and input the ShadowSocks server listening port number in the Port Range input box. Select Anywhere in the Source dropdown list, this allow you to use the ShadowSocks server from any ip address. Click Save button to save the changes.
    edit amazon ec2 inbound rules
  3. Now you can use a ShadowSocks client tool to connect to the ShadowSocks server, if you want to test the connection, i recommend you to use an android phone with the ShadowSocks android client tool to test the connection. You can refer article How To Setup ShadowSocks VPN On Mac, Windows And Linux android section. The ICMP rule in above picture can let you ping the EC2 server successfully.
(Visited 36 times, 1 visits today)

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.