'/%3e%3c/g%3e%3cdefs%3e%3clinearGradient%20id='paint0_linear_91_7909'%20x1='2.80579'%20y1='2.93848'%20x2='14.3838'%20y2='4.55824'%20gradientUnits='userSpaceOnUse'%3e%3cstop%20stop-color='%231198B9'/%3e%3cstop%20offset='0.0001'%20stop-color='%230F9DB8'/%3e%3cstop%20offset='1'%20stop-color='%232468C0'/%3e%3c/linearGradient%3e%3c/defs%3e%3c/svg%3e)
'/%3e%3c/g%3e%3cdefs%3e%3clinearGradient%20id='paint0_linear_91_7889'%20x1='4.20874'%20y1='4.40771'%20x2='21.5757'%20y2='6.83736'%20gradientUnits='userSpaceOnUse'%3e%3cstop%20stop-color='%231198B9'/%3e%3cstop%20offset='0.0001'%20stop-color='%230F9DB8'/%3e%3cstop%20offset='1'%20stop-color='%232468C0'/%3e%3c/linearGradient%3e%3c/defs%3e%3c/svg%3e)
Back
How to Install Shadowsocks-Rust on an Ubuntu, Debian
Today, we're walking you through installing Shadowsocks-Rust, a fast and lightweight encrypted proxy that's perfect for securing your traffic and bypassing network restrictions and censorship.
What is Shadowsocks-Rust?
Shadowsocks-Rust is a high-performance reimplementation of the original Shadowsocks protocol, written in Rust instead of Python. It works as an encrypted SOCKS5 proxy: traffic between your device and your VPS is wrapped in a lightweight cipher, which makes it much harder to fingerprint compared to a plain proxy or a traditional VPN tunnel. Because it's written in Rust, it uses very little RAM and CPU, making it an ideal fit for even the smallest CloudBlast VPS plans.
In this tutorial, we'll walk you through setting up a Shadowsocks-Rust server on your CloudBlast VPS, securing it with a modern cipher, and optionally enabling TCP BBR for better throughput. Let's get started!
Prerequisites
Before we begin, ensure you have the following:
- VPS running Ubuntu 22.04 or 24.04.
- Root or sudo SSH access to your VPS.
- Basic familiarity with the Linux terminal.
Step 1: Update Your Server
Connect to your VPS via SSH and make sure all packages are current:
sudo apt update sudo apt upgrade -y
Step 2: Install Shadowsocks-Rust via Snap
The easiest and most reliably maintained way to install Shadowsocks-Rust on Ubuntu is through Snap, which ships the latest stable release directly from the project's official channel.
If Snap isn't already installed on your system, install it first:
sudo apt install -y snapd
Then install Shadowsocks-Rust:
sudo snap install shadowsocks-rust
This pulls in ssserver, sslocal, and the related binaries, and registers them as Snap-managed system services.
Step 3: Locate the Configuration File
When installed via Snap, the configuration file lives in a slightly different location than a manual install. You'll find it at:
/var/snap/shadowsocks-rust/common/etc/shadowsocks-rust/config.json
Open it with your preferred editor:
sudo nano /var/snap/shadowsocks-rust/common/etc/shadowsocks-rust/config.json
Replace its contents with a server configuration like this:
{ "server": "0.0.0.0", "server_port": 8388, "password": "choose-a-strong-password-here", "method": "2022-blake3-aes-256-gcm", "mode": "tcp_and_udp", "fast_open": true }
A few notes on this configuration:
- server_port: pick any free port above 1024. Avoid common ports like 443 or 8080 if you're also running other services on the same VPS.
- password: generate something long and random. For the AEAD-2022 cipher family, a base64-encoded 32-byte key is recommended rather than a plain word.
- method:
2022-blake3-aes-256-gcmis the modern AEAD-2022 cipher, offering both stronger security guarantees and noticeably better performance than the olderaes-256-gcmorchacha20-ietf-poly1305ciphers used in older Shadowsocks tutorials. - mode:
tcp_and_udplets the proxy handle both TCP and UDP traffic, which is useful if your client applications rely on UDP (such as DNS lookups or some VoIP/gaming traffic).
Step 4: Open the Firewall Port
If you're using UFW, allow the port you chose in Step 3:
sudo ufw allow 8388/tcp sudo ufw allow 8388/udp
If your CloudBlast VPS has an external firewall configured through the control panel, make sure the same port is opened there as well.
Step 5: Enable and Start the Service
List the available Snap-managed services:
snap services shadowsocks-rust
Enable and start the server daemon:
sudo snap start --enable shadowsocks-rust.ssserver-daemon
Check that it's running correctly:
systemctl status snap.shadowsocks-rust.ssserver-daemon.service
If you ever need to change startup arguments, you can override the generated systemd unit with:
sudo systemctl edit snap.shadowsocks-rust.ssserver-daemon.service
Step 6: (Optional) Enable TCP BBR for Better Throughput
TCP BBR is a congestion control algorithm that can noticeably improve throughput on long-distance connections, which is especially useful if your Shadowsocks clients are connecting from far away. Modern Ubuntu releases (22.04 and 24.04) already ship with BBR support built into the kernel, so you only need to enable it:
echo "net.core.default_qdisc=fq" | sudo tee /etc/sysctl.d/60-tcp-bbr.conf echo "net.ipv4.tcp_congestion_control=bbr" | sudo tee -a /etc/sysctl.d/60-tcp-bbr.conf sudo sysctl -p /etc/sysctl.d/60-tcp-bbr.conf
Confirm BBR is active:
sysctl net.ipv4.tcp_congestion_control
The output should show bbr.
Step 7: Connect From Your Client
With the server running, you can connect using any Shadowsocks-compatible client (desktop, mobile, or browser extension). You'll need to enter:
- Server address: your VPS IP address
- Server port: the port you set in Step 3 (e.g. 8388)
- Password: the password you set in Step 3
- Encryption method:
2022-blake3-aes-256-gcm
Once connected, the client will expose a local SOCKS5 proxy on your device that routes traffic through your CloudBlast VPS, encrypted end to end.
Conclusion
It's done! You now have a fast and lightweight Shadowsocks-Rust proxy server running on your VPS. Thanks to Rust's efficiency, this setup uses minimal resources while giving you a private, encrypted SOCKS5 proxy you can rely on across all your devices.
At CloudBlast, we're committed to providing you with the best hosting solutions for projects like this. If you have any questions or need further assistance, feel free to contact our support team.
Happy proxying!
