In this tutorial, we'll learn how to install Shadowsocks Proxy Server on AlmaLinux 10.
What is Shadowsocks Proxy?
Shadowsocks is a secure, high-performance proxy protocol that encrypts and tunnels internet traffic through a remote server. It was built to bypass censorship, avoid traffic filtering, and protect online privacy. Because it uses modern encryption and minimal overhead, it delivers fast, stable, and reliable connections across both desktop and mobile devices.
On AlmaLinux 10 the most reliable deployment is via Docker with environment variables, the official Alpine-based image is built to accept config through env vars.
Prerequisites
Before we begin, ensure we have the following:
- An AlmaLinux 10 on dedicated server or KVM VPS.
- Basic Linux Command Line Knowledge.
How to Install Shadowsocks Proxy Server on AlmaLinux 10
Step 1: Update the System
A fully updated system prevents dependency issues.
sudo dnf update -y
sudo dnf install -y dnf-plugins-core
Step 2: Install Docker (if not already installed)
Add the Docker repo and install Docker CE.
sudo dnf config-manager --add-repo=https://download.docker.com/linux/centos/docker-ce.repo
sudo dnf install -y docker-ce
Start and enable Docker service:
sudo systemctl enable --now docker
Verify version:
docker --version
Step 3: Run Shadowsocks container (env-var configuration)
This is the exact command we will use. It configures server port, password, and cipher via environment variables.
sudo docker run -d \
--name shadowsocks \
-p 8388:8388/tcp \
-p 8388:8388/udp \
-e PASSWORD='StrongPasswordHere' \
-e METHOD='chacha20-ietf-poly1305' \
--restart unless-stopped \
shadowsocks/shadowsocks-libev:latest
Notes:
- Use a strong, random password instead of StrongPasswordHere.
- METHOD must match the client exactly (case-sensitive).
- --restart unless-stopped keeps the container running after reboots.
Verify container started
sudo docker ps
sudo docker logs shadowsocks
Output:
initializing ciphers... chacha20-ietf-poly1305
tcp server listening at 0.0.0.0:8388
udp server listening at 0.0.0.0:8388
Step 4: Open firewall ports
sudo firewall-cmd --permanent --add-port=8388/tcp
sudo firewall-cmd --permanent --add-port=8388/udp
sudo firewall-cmd --reload
Step 5: Connect Using Shadowsocks Client
Here we are using AlmaLinux 10 server for client side testing.
Install the client:
sudo dnf install shadowsocks-libev -y
Create a client config:
nano ~/client.json
Add:
{
"server": "SERVER_IP",
"server_port": 8388,
"local_address": "127.0.0.1",
"local_port": 1080,
"password": "StrongPasswordHere",
"timeout": 300,
"method": "aes-256-gcm"
}
Start client:
ss-local -c ~/client.json
This creates a local SOCKS5 proxy at 127.0.0.1:1080.
To test, open another terminal ssh to server and execute following command:
curl --socks5 127.0.0.1:1080 https://ifconfig.me
If it shows the server’s IP, everything works.
Step 6: Security Best Practices
To keep the server healthy and protected:
Use strong, long passwords
Avoid simple or predictable keys.
Install Fail2Ban (optional)
sudo dnf install fail2ban -y
Monitor Logs
sudo docker logs shadowsocks
This helps us identify errors, abuse, or unusual activities.
Conclusion
Shadowsocks provides high-speed encrypted proxy capabilities, and AlmaLinux 10 offers a stable foundation to run it efficiently. By following this guide, our server is properly configured with secure encryption, an optimized system, and a clean firewall setup. This setup works well for privacy-focused browsing, secure access, and reliable performance under real-world usage.
