HirbodBehnam/ Shadowsocks-Cloak-Installer
About the developer
154 Stars 
58 Forks 
GNU General Public License v3.0 
75 Commits 
0 Opened issues 
Description
A one-key script to setup Cloak plugin with Shadowsocks on your server
Services available
Contributors list
Cloak Installer With Shadowsocks
A script to install Cloak in your server with or without shadowsocks.
Why this installer?
- Install with some simple copy and pasting
- Install Shadowsocks if you want it
- Show QRCode and
ss://
link at the end (Only for shadowsocks) - User Management
- Automatic service configuration
- Automatically setup firewall
- Support Debian, Ubuntu, CentOS and Raspbian Buster ## What is Cloak? Cloak is a universal pluggable transport that cryptographically obfuscates proxy traffic as legitimate HTTPS traffic, disguises the proxy server as a normal web server, multiplexes traffic through multiple TCP connections and provides multi-user usage control.
Cloak eliminates any "fingerprints" exposed by traditional proxy protocol designs which can be identified by adversaries through deep packet inspection. If a non-Cloak program or an unauthorized Cloak user (such as an adversary's prober) attempts to connect to Cloak server, it will serve as a transparent proxy between said machine and an ordinary website, so that to any unauthorized third party, a host running Cloak server is indistinguishable from an innocent web server. This is achieved through the use a series of cryptographic steganography techniques.
Since Cloak is transparent, it can be used in conjunction with any proxy software that tunnels traffic through TCP, such as Shadowsocks, OpenVPN and Tor. Multiple proxy servers can be running on the same server host machine and Cloak server will act as a reverse proxy, bridging clients with their desired proxy end.
Cloak multiplexes traffic through multiple underlying TCP connections which reduces head-of-line blocking and eliminates TCP handshake overhead.
Cloak provides multi-user support, allowing multiple clients to connect to the proxy server on the same port (443 by default). It also provides QoS controls for individual users such as data usage limit and bandwidth control. source
The Script
Compatibility
The script should work with these operating systems: * CentOS 7 * Debian 8 / 9 / 10 (Thanks to @xiamaz) * Ubuntu 16 / 18 / 19 * Raspbian Buster (Thanks to Raphael)
arm, arm64, amd64 and i386 are supported.
Tested On (I will test others too)
- Ubuntu 18.04 LTS Server amd64
- Debian 8 / 9 / 10 amd64
- Centos 7 amd64
- Raspbian Buster
### Installing Cloak 2 Plugin
Copy and execute this command:
bash curl -o Cloak-Installer.sh -L https://git.io/fj5mh && bash Cloak-Installer.sh
Answer questions and wait until the setup finishes installing. Installing the shadowsocks is optional. #### Install Openvpn or Tor with Cloak Please read here. The tutorial is just fine! It is recommended to install the openvpn or tor before installing my script.
Also here is an script to install openvpn.
After you set up the openvpn or tor, re-run the script. If you had the Cloak installed, you can use
Change Forwarding Rulesto add the address to proxy. If you are installing, when the script asks for custom rule, select yes and define it there.
Post-Install
After installing, re-run the script to either uninstall the proxy, add or delete users, generate QR codes for shadowsocks, or change the forwarding rules.
Also script creates a service named
cloak-server.
Installing Shadowsocks With Cloak 1 Plugin
Copy and execute this command:
bash curl -o Shadowsocks-Cloak-Installer.sh -L https://git.io/fjECg && bash Shadowsocks-Cloak-Installer.shAnswer questions and wait until the setup finishes installing. You can scan the QR Code after or use
ss://link or even enter server config manually.
Post-Install
After installing, re-run the script to either uninstall the proxy or regenerate QR code and
ss://link and configs.
Also script creates a service named
shadowsocks-server. DO NOT USE shadowsocks-libev service.
Shadowsocks Client Setup
Android
On Android at first download shadowsocks client from Google Play. Then download and install Cloak APK from here. Then simply scan the QR Code generated by script.
Linux
At first install shadowsocks-libev. More Info. Download this file and edit it with your server arguments. Then download one of the clients suitable for your linux from here (You may need to run
chmod +x ck-client-linux-XXXto make it executable). Run client like this:
bash ss-local -s -p -l 1080 -k -m --plugin path/to/ck-client-linux-XXX --plugin-opts path/to/ckclient.jsonYou can connect to your shadowsocks with socks or http proxy set on localhost and 1080 port.
iOS
It looks like that this app does support cloak but I haven't tested it.
Windows
At first install shadowsocks windows. Then download cloak for windows from here. If you are using a 32-bit system, download
ck-client-windows-386-X.exeif your system is 64-bit use
ck-client-windows-amd64-X.exe. Then use the QR Code or
ss://link to import the server.
The program will give you an error that shadowsocks cannot find
ck-clientor something like this. Click OK and go to Edit Servers. Then write the absolute path to ck-client file in Plugin Program. Example of path:
C:\Users\Hirbod\Downloads\Programs\ck-client-windows-amd64-2.1.3.exe
Non-Shadowsocks Client Setup
At first download the suitable plugin from here. Then download the
ckclient.jsonand change it as you need it. link. Then run the ck-client like this:
bash ./ck-client -s -p -l -c
If you need to setup Tor or Openvpn with Cloak read here
Next Steps
FAQ
Cloak V2 FAQ (Soon...)
BBR
At first what is BBR?
TL;DR: It speeds up TCP connections = Faster Server
BBR or Bottleneck Bandwidth and Round-trip propagation time (BBR) is a TCP congestion control algorithm developed at Google in 2016. While most congestion control algorithms are loss-based, in that they rely on packet loss as a signal to lower rates of transmission, BBR is model-based. The algorithm uses the maximum bandwidth and round-trip time at which the network delivered the most recent flight of outbound data packets to build an explicit model of the network. Each cumulative or selective acknowledgment of packet delivery produces a rate sample which records the amount of data delivered over the time interval between the transmission of a data packet and the acknowledgment of that packet. As network interface controllers evolve from megabit per second to gigabit per second performance, packet loss should no longer be considered the primary determining factor in identifying congestion, making model-based congestion control algorithms which provide higher throughput and lower latency, such as BBR, a more reliable alternative to more popular algorithms like CUBIC. Source
How to setup BBR?
The requirement to enable BBR is to have Linux Kernel 4.9 or higher. If you do, you can enable BBR like this:
bash echo 'net.core.default_qdisc=fq' | sudo tee -a /etc/sysctl.conf echo 'net.ipv4.tcp_congestion_control=bbr' | sudo tee -a /etc/sysctl.conf sysctl -pTo check if it is enabled: ```bash sysctl net.ipv4.tcpavailablecongestion_control
This should include bbr in it
sysctl -n net.ipv4.tcpcongestioncontrol
This one should be bbr
lsmod | grep bbr
The output will be similar to "tcp_bbr 16384 0"
If your kernel is not 4.9 or higher just search how to upgrade it.Here are some handy links to install BBR and upgrade kernel:
Whole System Tunnel VPN
Shadowsocks cannot natively route all traffic. You can use some apps like SocksCap or other stuff to route applications through shadowsocks.
If you want a VPN you can use wireguard or openvpn.
Server
You can use any VPS or Dedicated Server. If you want a cheap and low-end server, I personally recommend to buy one at Virmach; They also accept cryptos!
Donations
You can donate to me through bitcoin at
1XDgEkpnkJ7hC8Kwv5adfaDC1Z3FrkwsK, Ethereum at0xbb527a28B76235E1C125206B7CcFF944459b4894, ZCash att1ZKYrYZCjxDYvo6mQaLZi3gNe2a6MydUo3and Bitcoin Gold atGcNgxfyR3nnAsD3Nhuckvq14sXYuDFkK9P