Cloak Installer With Shadowsocks
A script to install Cloak in your server with or without shadowsocks.
Why this installer?
- Install with some simple copy and pasting
- Install Shadowsocks if you want it
- Show QRCode and
ss://link at the end (Only for shadowsocks) - User Management
- Automatic service configuration
- Automatically setup firewall
- Support Debian, Ubuntu, CentOS and Raspbian Buster
What is Cloak?
Cloak is a universal pluggable transport that cryptographically obfuscates proxy traffic as legitimate HTTPS traffic, disguises the proxy server as a normal web server, multiplexes traffic through multiple TCP connections and provides multi-user usage control.
Cloak eliminates any "fingerprints" exposed by traditional proxy protocol designs which can be identified by adversaries through deep packet inspection. If a non-Cloak program or an unauthorized Cloak user (such as an adversary's prober) attempts to connect to Cloak server, it will serve as a transparent proxy between said machine and an ordinary website, so that to any unauthorized third party, a host running Cloak server is indistinguishable from an innocent web server. This is achieved through the use a series of cryptographic steganography techniques.
Since Cloak is transparent, it can be used in conjunction with any proxy software that tunnels traffic through TCP, such as Shadowsocks, OpenVPN and Tor. Multiple proxy servers can be running on the same server host machine and Cloak server will act as a reverse proxy, bridging clients with their desired proxy end.
Cloak multiplexes traffic through multiple underlying TCP connections which reduces head-of-line blocking and eliminates TCP handshake overhead.
Cloak provides multi-user support, allowing multiple clients to connect to the proxy server on the same port (443 by default). It also provides QoS controls for individual users such as data usage limit and bandwidth control. source
The Script
Compatibility
The script should work with these operating systems:
- CentOS 7 / 8
- Debian 8 / 9 / 10 / 11 (Thanks to @xiamaz)
- Ubuntu 16 / 18 / 20
- Raspbian Buster (Thanks to Raphael)
arm, arm64, amd64 and i386 architectures are supported.
Tested On (I will test others too)
- Ubuntu 20.04 LTS Server amd64
- Debian 11 amd64
- Centos 7 amd64
- Raspbian Buster
Installing Cloak 2 Plugin
Copy and execute this command:
curl -o Cloak-Installer.sh -L https://git.io/fj5mh && bash Cloak-Installer.shAnswer questions and wait until the setup finishes installing. Installing the shadowsocks is optional.
Install Openvpn or Tor with Cloak
Please read here. The tutorial is just fine! It is recommended to install the openvpn or tor before installing my script.
Also here is an script to install openvpn.
After you set up the openvpn or tor, re-run the script. If you had the Cloak installed, you can use Change Forwarding Rules to add the address to proxy. If you are installing, when the script asks for custom rule, select yes and define it there.
Post-Install
After installing, re-run the script to either uninstall the proxy, add or delete users, generate QR codes for shadowsocks, or change the forwarding rules.
Also script creates a service named cloak-server.
Installing Shadowsocks With Cloak 1 Plugin
Copy and execute this command:
curl -o Shadowsocks-Cloak-Installer.sh -L https://git.io/fjECg && bash Shadowsocks-Cloak-Installer.shAnswer questions and wait until the setup finishes installing. You can scan the QR Code after or use ss:// link or even enter server config manually.
Post-Install
After installing, re-run the script to either uninstall the proxy or regenerate QR code and ss:// link and configs.
Also script creates a service named shadowsocks-server. DO NOT USE shadowsocks-libev service.
Shadowsocks Client Setup
Android
On Android at first download shadowsocks client from Google Play. Then download and install Cloak APK from here. Then simply scan the QR Code generated by script.
Linux
At first install shadowsocks-libev. More Info. Download this file and edit it with your server arguments. Then download one of the clients suitable for your linux from here (You may need to run chmod +x ck-client-linux-XXX to make it executable). Run client like this:
ss-local -s <SERVER_IP> -p <SERVER_PORT> -l 1080 -k <SERVER_PASSWORD> -m <ENCRYPTION_METHOD> --plugin path/to/ck-client-linux-XXX --plugin-opts path/to/ckclient.jsonYou can connect to your shadowsocks with socks or http proxy set on localhost and 1080 port.
iOS
It looks like that this app does support cloak but I haven't tested it.
Windows
At first install shadowsocks windows. Then download cloak for windows from here. If you are using a 32-bit system, download ck-client-windows-386-X.exe if your system is 64-bit use ck-client-windows-amd64-X.exe. Then use the QR Code or ss:// link to import the server.
The program will give you an error that shadowsocks cannot find ck-client or something like this. Click OK and go to Edit Servers. Then write the absolute path to ck-client file in Plugin Program. Example of path: C:\Users\Hirbod\Downloads\Programs\ck-client-windows-amd64-2.1.3.exe
Non-Shadowsocks Client Setup
At first download the suitable plugin from here. Then download the ckclient.json and change it as you need it. link. Then run the ck-client like this:
./ck-client -s <YOUR_SERVER_IP> -p <CLOAK_PORT> -l <LOCAL_PORT> -c <PATH_TO_ckclient_json>If you need to setup Tor or Openvpn with Cloak read here
Next Steps
FAQ
Cloak V2 FAQ (Soon...)
BBR
At first what is BBR?
TL;DR: It speeds up TCP connections = Faster Server
BBR or Bottleneck Bandwidth and Round-trip propagation time (BBR) is a TCP congestion control algorithm developed at Google in 2016. While most congestion control algorithms are loss-based, in that they rely on packet loss as a signal to lower rates of transmission, BBR is model-based. The algorithm uses the maximum bandwidth and round-trip time at which the network delivered the most recent flight of outbound data packets to build an explicit model of the network. Each cumulative or selective acknowledgment of packet delivery produces a rate sample which records the amount of data delivered over the time interval between the transmission of a data packet and the acknowledgment of that packet. As network interface controllers evolve from megabit per second to gigabit per second performance, packet loss should no longer be considered the primary determining factor in identifying congestion, making model-based congestion control algorithms which provide higher throughput and lower latency, such as BBR, a more reliable alternative to more popular algorithms like CUBIC. Source
How to setup BBR?
The requirement to enable BBR is to have Linux Kernel 4.9 or higher. If you do, you can enable BBR like this:
echo 'net.core.default_qdisc=fq' | sudo tee -a /etc/sysctl.conf
echo 'net.ipv4.tcp_congestion_control=bbr' | sudo tee -a /etc/sysctl.conf
sysctl -pTo check if it is enabled:
sysctl net.ipv4.tcp_available_congestion_control
# This should include bbr in it
sysctl -n net.ipv4.tcp_congestion_control
# This one should be bbr
lsmod | grep bbr
# The output will be similar to "tcp_bbr 16384 0"If your kernel is not 4.9 or higher just search how to upgrade it.
Here are some handy links to install BBR and upgrade kernel:
Whole System Tunnel VPN
Shadowsocks cannot natively route all traffic. You can use some apps like SocksCap or other stuff to route applications through shadowsocks.
If you want a VPN you can use wireguard or openvpn.
Server
You can use any VPS or Dedicated Server. If you want a cheap and low-end server, I personally recommend to buy one at Virmach; They also accept cryptos!
Donations
You can donate to me through bitcoin at 1XDgEkpnkJ7hC8Kwv5adfaDC1Z3FrkwsK, Ethereum at 0xbb527a28B76235E1C125206B7CcFF944459b4894, ZCash at t1ZKYrYZCjxDYvo6mQaLZi3gNe2a6MydUo3 and Bitcoin Gold at GcNgxfyR3nnAsD3Nhuckvq14sXYuDFkK9P