sudo systemctl reload nginx | Action | Command | |--------|---------| | Firewall (UFW) | sudo ufw allow 8388/tcp && sudo ufw allow 8388/udp && sudo ufw enable | | Fail2Ban (protect SSH) | sudo apt install -y fail2ban (default config works) | | Disable Root SSH | Edit /etc/ssh/sshd_config → PermitRootLogin no and restart ssh | | Log Rotation | Ensure /etc/logrotate.d/shadowsocks-libev exists (installed by package) | 5. Using Third‑Party Proxy Services Safely If you don’t want to manage a server, reputable VPN or proxy providers can do the heavy lifting. Here’s how to pick a trustworthy one:
ssl_certificate /etc/letsencrypt/live/proxy.mydomain.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/proxy.mydomain.com/privkey.pem; xham proxy
sudo nano /etc/shadowsocks-libev/config.json Paste the following (replace YOUR_PASSWORD with a strong, random passphrase): sudo systemctl reload nginx | Action | Command
location / proxy_pass http://127.0.0.1:8388; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $host
sudo ss -tulnp | grep 8388 You should see something like: