Technical Tutorial for Setting Up an SSR Server on a Hong Kong Cloud Server

This tutorial provides a detailed technical guide on how to set up a ShadowsocksR (SSR) server on a Hong Kong server. By leveraging the low latency and high bandwidth of Hong Kong servers, you can build an efficient and stable proxy server. This article covers system selection, script installation and deployment, and SSR configuration steps.

1. Cloud Server System Selection

Choosing the appropriate operating system for your Hong Kong VPS is critical for SSR server compatibility and performance. Below are the recommended system options and their analysis:

• Ubuntu 20.04 LTS or 22.04 LTS:
  • Advantages: Ubuntu has extensive community support and comprehensive documentation, compatible with most SSR scripts. LTS versions provide long-term stability and security updates.
  • Disadvantages: Compared to lightweight systems, it may require more manual configuration.
  • Recommended Use Case: Ideal for beginners and users needing a robust ecosystem.
• Debian 10 or 11:
  • Advantages: Lightweight, stable, and secure, suitable for resource-constrained server environments.
  • Disadvantages: Documentation and community support are slightly less extensive than Ubuntu, potentially requiring more technical expertise.
  • Recommended Use Case: Suitable for advanced users seeking performance optimization.
• CentOS Stream 8 or 9:
  • Advantages: Enterprise-grade stability, ideal for long-running services.
  • Disadvantages: SSR script compatibility may be inferior to Ubuntu/Debian, with more complex configuration.
  • Recommended Use Case: Suitable for users familiar with Red Hat-based systems.

Recommendation: Choose Ubuntu 20.04 LTS for its strong compatibility, simple configuration, and suitability for most SSR deployment scenarios. Ensure your Hong Kong server provides at least 1 CPU core, 1GB RAM, and 10GB SSD storage to meet SSR operational requirements.

2. Script Installation and Deployment Tutorial

The following are detailed steps for installing SSR on a Hong Kong VPS using the popular ShadowsocksR one-click installation script.

2.1 Preparation

1. Log in to the Server:
   • Use an SSH client (e.g., PuTTY or terminal) to log in to your Hong Kong server.
   • Example command:

     ssh root@<server_IP_address>
     

2. Update the System:
   • Ensure system packages are up-to-date to avoid compatibility issues.
   • Run the following command:

     apt update && apt upgrade -y
     

2.2 Download and Run the SSR One-Click Installation Script

1. Download the Script:
   • Use an official or trusted ShadowsocksR script (e.g., Teddysun’s script).
   • Run the following command to download the script:

     wget --no-check-certificate https://raw.githubusercontent.com/teddysun/shadowsocks_install/master/shadowsocksR.sh
     

2. Grant Execution Permissions:

   chmod +x shadowsocksR.sh
   

3. Run the Installation Script:

   ./shadowsocksR.sh
   

   • The script will prompt you to enter configuration parameters (e.g., port, password, encryption method). Recommended settings:
     • Port: Use a non-standard port (e.g., 443 or 8443) to avoid blocking.
     • Password: Set a complex password (at least 12 characters, including letters, numbers, and symbols).
     • Encryption Method: Recommend chacha20-ietf-poly1305 for a balance of speed and security.
     • Protocol: Select auth_chain_a to enhance anti-blocking capabilities.
     • Obfuscation: Choose tls1.2_ticket_auth to simulate TLS traffic.
4. Verify Installation:
   • After installation, the script will output SSR connection details (e.g., IP, port, password). Save this information.
   • Check the SSR service status:

     systemctl status shadowsocks
     

   • If the service is not running, start it manually:

     systemctl start shadowsocks
     

2.3 Firewall Configuration

To ensure the SSR port is accessible, configure the firewall rules on your Hong Kong server:

• Use ufw to configure the firewall:

  ufw allow <SSR_port_number>/tcp
  ufw enable
  

• If using a cloud provider’s firewall panel (e.g., Alibaba Cloud, Tencent Cloud), add the corresponding port’s inbound rule in the console.

3. SSR Configuration Tutorial

After installation, configure the SSR client to connect to your Hong Kong server. Below are the configuration steps:

3.1 Client Software Preparation

• Windows: Recommend using the ShadowsocksR client (e.g., SSR-Win).
• macOS: Recommend ShadowsocksX-NG.
• Android/iOS: Download the official ShadowsocksR client or a third-party client supporting SSR (e.g., Clash).
• Linux: Use the ssr-local command-line tool.

3.2 Configure the Client

1. Obtain Server Information:
   • Retrieve the following details from the installation script’s output:
     • Server IP: Your Hong Kong VPS public IP.
     • Port: The port number set during installation (e.g., 8443).
     • Password: The password set during installation.
     • Encryption Method: e.g., chacha20-ietf-poly1305.
     • Protocol: e.g., auth_chain_a.
     • Obfuscation: e.g., tls1.2_ticket_auth.
2. Enter Configuration:
   • Open the SSR client and add a new server.
   • Input the above details and save the configuration.
   • Example (Windows SSR client):
     • Server IP: <Your_Hong_Kong_server_IP>
     • Port: 8443
     • Password: Your_password
     • Encryption: chacha20-ietf-poly1305
     • Protocol: auth_chain_a
     • Obfuscation: tls1.2_ticket_auth
3. Test the Connection:
   • Enable the client and attempt to access restricted websites (e.g., Google).
   • If the connection fails, verify that the server port is open or try changing the obfuscation method (e.g., http_simple).

3.3 Optimization and Maintenance

• Performance Optimization:
  • Enable BBR to enhance the network performance of your Hong Kong server:

    echo "net.core.default_qdisc=fq" >> /etc/sysctl.conf
    echo "net.ipv4.tcp_congestion_control=bbr" >> /etc/sysctl.conf
    sysctl -p
    

  • Verify BBR activation:

    sysctl net.ipv4.tcp_available_congestion_control
    

• Regular Maintenance:
  • Periodically update the SSR script to obtain the latest security patches.
  • Monitor server traffic to prevent exceeding limits.
  • Back up the configuration file (typically located at /etc/shadowsocks-r/config.json).

4. Notes

• Security: Avoid using default ports (e.g., 8388) or weak passwords to prevent scanning and attacks.
• Compliance: Ensure your Hong Kong  server usage complies with local laws and regulations.
• Performance Monitoring: Regularly check server CPU and memory usage to ensure stable SSR operation.

By following these steps, you can successfully deploy and configure an SSR server on your Hong Kong VPS, enjoying an efficient and secure proxy service.