#!/bin/bash
# Install Shadowsocks on CentOS 7

echo "Installing Shadowsocks..."

random-string()
{
    cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w ${1:-32} | head -n 1
}

SS_IP=`ip route get 1 | awk '{print $NF;exit}'`
SS_PORT=8050
SS_PASSWORD=$(random-string 32)
SS_METHOD=camellia-256-cfb #or camellia-256-cfb

# Install deps
echo "\nInstalling Dependencies"
yum install epel-release -y
yum install gcc gettext autoconf libtool automake make pcre-devel asciidoc xmlto udns-devel libev-devel -y

## Install shadowsocks-libev
echo "\nInstalling shadowsocks-libev"
wget -N --no-check-certificate  https://copr.fedorainfracloud.org/coprs/librehat/shadowsocks/repo/epel-7/librehat-shadowsocks-epel-7.repo
cp librehat-shadowsocks-epel-7.repo /etc/yum.repos.d/
yum update
yum install shadowsocks-libev

# Create shadowsocks config file
echo "\nCreating shadowsocks config file"
cat <<EOF > /etc/shadowsocks.json
{
  "server": "0.0.0.0",
  "server_port": ${SS_PORT},
  "password": "${SS_PASSWORD}",
  "method": "${SS_METHOD}",
  "local_address": "127.0.0.1",
  "local_port":1080,
  "timeout":300,
  "fast_open": false,
  "workers": 1
}
EOF

## Add system service on CentOS7
echo "\nCreating system service"
cat <<EOF > /etc/systemd/system/shadowsocks.service
[Unit]
Description=Shadowsocks Server Service
After=syslog.target network.target auditd.service

[Service]
Type=simple
User=nobody
TimeoutStartSec=0
ExecStart=/usr/bin/ss-server -c /etc/shadowsocks.json

[Install]
WantedBy=multi-user.target
EOF
systemctl enable shadowsocks

## Start service
echo "\nStarting shadowsock system service"
systemctl stop shadowsocks
systemctl start shadowsocks

# View service status
echo "\nChecking shadowsock system service status"
sleep 5
systemctl status shadowsocks -l

## Add service on CentOS7 firewall
echo "\nCreating shadowsock firewalld service"
cat <<EOF > /etc/firewalld/services/shadowsocks.xml
<?xml version="1.0" encoding="utf-8"?>
<service>
  <short>shadowsocks</short>
  <description>Enable Shadowsocks on ${SS_PORT}/tcp.</description>
  <port protocol="tcp" port="${SS_PORT}"/>
</service>
EOF
firewall-cmd --permanent --zone=public --add-service=shadowsocks

# or if you don't want to use service, try:
# firewall-cmd --zone=public --add-port=${SS_PORT}/tcp --permanent

## Reload firewall to apply
firewall-cmd --reload

echo "\n================================"
echo ""
echo "Congratulations! Shadowsocks has been installed on your system."
echo "Your shadowsocks connection info:"
echo "--------------------------------"
echo "server:      ${SS_IP}"
echo "server_port: ${SS_PORT}"
echo "password:    ${SS_PASSWORD}"
echo "method:      ${SS_METHOD}"
echo "--------------------------------"