Shulou(Shulou.com)06/02 Report--

I bought Aliyun's ECS server two days ago. I want to build a * *. I found a lot of blogs that install and configure shadowsocks on the Internet. The basic routines are similar. You can find more detailed configurations.

Here I want to talk about the pit I encountered when installing ss:

1. I bought a CVM from Ali Hong Kong, which defaults to the latest Ubuntu system. Install the python-pip package according to the online tutorials and then start the service with ssserver. The service runs normally, but the client has been running all the time.

The timeout cannot be connected. At that time, I was in a bit of a hurry, so I didn't analyze the problem. I kept asking for help online, and I didn't know how many blogs I read.

The client configuration is actually very simple, that is, the server ip, port, and encryption root services are consistent in the shadowsocks software. The problem still lies in the server, the running status of the service is normal, and my public network ip is also accessible, which is puzzling. Finally. Change the system, from Ubuntu to CentOOS 7.4.

2. However, if the fundamental problem is not solved, it is useless to change the system. Sure enough, changing the system still didn't work, and I looked all over the information about installing ss on CentOS, including modifying the extension of the chrome browser, upgrading the pip program from 8.1.2 to 9.0.1 (although the upgrade failed), and after so many attempts, the log showed that the request timed out, but I ignored the problem I should have thought of.

3. Then, I changed the system, from CentOS7.4 to CentOS7.3, because I used 7.3myself. I'm not reconciled to the prospect of wasting the whole morning. So, I calmed down and analyzed the log carefully, then logged in to my web console, and finally found:

The ECS server has a "security group rule", its function is to achieve traffic control, similar to the blacklist and whitelist, but the port opened by the ss server is not allowed, so add a permit rule in the entry direction to ok.

In fact, I just started to think about this problem, I thought the server iptables would do something wrong, so I shut it down at the beginning, but I didn't expect that there was another layer of security protection. The holes were dug by myself, and the system already had the information prompted by the security rules when logging in to the web console, but I didn't look at it carefully, so it led to a series of subsequent "tragedies".

To sum up:

Read the tips carefully and keep in mind that sharpening the knife will not miss the firewood.

If there is a problem, read the log, the most direct and effective way to locate the problem.

Think independently, there are many miscellaneous articles on the Internet, so we should absorb information according to our own actual situation.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.