Skip to content
Indus LeveL
shadowsocks docker vpn v2ray proxy

Bulletproof Shadowsocks Proxy with Docker & v2ray Obfuscation

Commercial VPNs are increasingly being targeted and throttled. Here is how I built an automated, self-hosted Shadowsocks proxy deployment with HTTP obfuscation to bypass strict network firewalls.

3 min read
Image describing Shadowsocks Docker deployment

Recently, relying on commercial VPNs has become a massive headache in regions with strict network censorship. Protocols like OpenVPN and WireGuard are incredibly secure, but their packet signatures are easy for Deep Packet Inspection (DPI) firewalls to detect and block.

To maintain a reliable connection, I moved away from commercial VPNs and decided to build my own proxy server using Shadowsocks.

Shadowsocks is fantastic because it is lightweight and specifically designed to bypass firewalls. However, getting it configured correctly—especially when adding obfuscation plugins, handling Docker networking, and generating the correct Base64 client strings—can be an error-prone nightmare.

I needed a way to deploy this instantly, securely, and without fumbling through manual configuration files every time I spun up a new server. So, I wrote a bulletproof deployment script to automate the entire process.

The Solution: Automated, Obfuscated Shadowsocks

I engineered a bash script that handles the entire lifecycle of a Shadowsocks Docker deployment. It completely eliminates manual configuration errors and ensures the server boots correctly the first time.

Here is what the script handles under the hood:

  • Pre-Flight Network Checks: Before touching Docker, the script scans the host machine to ensure your chosen port isn't already occupied by another service like Nginx or Apache.
  • Auto-Obfuscation: With a single keystroke, the script configures the teddysun/shadowsocks-libev image to route traffic through the v2ray-plugin, disguising your proxy traffic as standard HTTP web traffic to fool DPI firewalls.
  • Container Cleanup: It automatically detects and removes lingering containers from previous failed deployments, preventing the dreaded Docker "Name Conflict" error.
  • Dynamic Link Generation: Once booted, an Alpine Linux sidecar container automatically detects your server's public IP, verifies that the port is externally reachable, and generates the exact ss:// URI needed for client apps.

⚠️ Prerequisites Before You Start

To deploy this on your own infrastructure, you just need a standard Linux machine.

  1. A Cloud Server: Any basic Linux VPS (Ubuntu, Debian, CentOS).
  2. Docker Installed: Ensure you have Docker Engine and Docker Compose installed.
  3. Firewall Access: Ensure your cloud provider's firewall allows incoming TCP/UDP traffic on the port you plan to use (e.g., port 80 or 443).

How to Deploy Your Own Proxy Server

I have open-sourced the deployment script. You can drop it onto any server and have an obfuscated proxy running in under 60 seconds.

Step 1: Download the Script Clone the repository and make the script executable.

git clone https://github.com/induslevel/shadowsocks-docker-deploy.git /opt/shadowsocks
cd /opt/shadowsocks
chmod +x deploy.sh

Step 2: Run the Deployment Execute the script. It will ask if you want to enable obfuscation, prompt you for a port, and ask for a password.

./deploy.sh

(Pro tip: You can also deploy it headlessly by passing flags: ./deploy.sh -p 443 -s "SecurePassword!")

Step 3: Grab Your Link Once the containers start, check the logs of the link-generator container to get your ready-to-share connection string:

docker logs -f ss-link-generator

Client Instructions: How to Connect

If you are sharing access to this server with a friend or a client, they need to know how to properly input the connection string you generated.

Because we are utilizing the v2ray-plugin for maximum stealth, standard Shadowsocks apps require a small add-on to understand the traffic. Pass these instructions to your users:

For Android Users:

  1. Download Shadowsocks from the Google Play Store.
  2. Download the v2ray plugin app from the Google Play Store.
  3. Open the main Shadowsocks app, tap the + icon, and select "Import from Clipboard" (ensure you have copied the ss:// link).
  4. Tap the paper airplane icon to connect. The app will automatically utilize the v2ray plugin in the background.

For Windows Users:

  1. Download the Shadowsocks Windows client.
  2. Download the v2ray-plugin Windows release from GitHub.
  3. Extract the v2ray-plugin.exe file and place it in the exact same folder as your Shadowsocks.exe file.
  4. Open Shadowsocks, copy the ss:// link, right-click the system tray icon, and select "Import URL from Clipboard."

For iOS / Mac Users:

  1. Download an app like Shadowrocket from the App Store.
  2. Copy the ss:// link to your clipboard.
  3. Open Shadowrocket; it will usually detect the link on your clipboard automatically and prompt you to save it.
  4. (Note: Shadowrocket has the v2ray-plugin functionality built directly into the app, so no secondary downloads are required).

Get the Code

You no longer need to manually wrestle with configuration files or Base64 encoding. You can grab the full deployment script over on the IndusLevel GitHub repository. 👉 [Link to the GitHub Repository: View Shadowsocks-Docker on GitHub]

Back to Blog
Share:

Follow along

Stay in the loop — new articles, thoughts, and updates.