Hysteria UDP Proxy Server
This post is about how to install the current version of Hysteria, whose GitHub repo is at https://github.com/apernet/hysteria. For a preview of Hysteria 2, see https://github.com/chika0801/hysteria-install.
Server
Domain name
You need to purchase a domain name (e.g. example.com).
Point the hostname (e.g. vps.example.com) to your VPS IP address. Wait about 2-5 minutes for DNS resolution to take effect. You can check whether the returned IP address is correct by pinging the hostname you set. For example:
1 | ping vps.example.com |
Firewall
Open ports in your server firewall:
tcp/80for ACME to use to apply for or renew your SSL certificateudp/36712for Hysteria (change the port number from this default, of course)
SSL certificate and key
When using standalone mode to apply for or renew a certificate, the script will listen on port tcp/80. If port tcp/80 is occupied, the script will fail. Therefore nothing else should be listening on port tcp/80.
In the sample commands below
Install the ACME shell script:
1 | apt install -y socat |
1 | curl https://get.acme.sh | sh |
Set a shorter alias for the ACME shell script:
1 | alias acme.sh=~/.acme.sh/acme.sh |
Set up ACME shell script auto-update:
1 | acme.sh --upgrade --auto-upgrade |
Change the default Certificate Authority to Let’s Encrypt:
1 | acme.sh --set-default-ca --server letsencrypt |
Apply for an Elliptic Curve Cryptography certificate for vps.example.com in standalone mode:
1 | acme.sh --issue -d vps.example.com --standalone --keylength ec-256 |
Install the vps.example.com certificate to the /etc/ssl/private directory:
1 | acme.sh --install-cert -d vps.example.com --ecc --fullchain-file /etc/ssl/private/fullchain.cer --key-file /etc/ssl/private/private.key |
Force certificate renewal:
1 | acme.sh --renew -d vps.example.com --force --ecc |
Program
Download the latest release of program hysteria-linux-amd64 from https://github.com/apernet/hysteria/releases, e.g. for v1.3.5:
1 | wget https://github.com/apernet/hysteria/releases/download/v1.3.5/hysteria-linux-amd64 |
Copy hysteria-linux-amd64 under the name hysteria into the /usr/local/bin directory:
1 | cp hysteria-linux-amd64 /usr/local/bin/hysteria |
Assign execute permission:
1 | chmod +x /usr/local/bin/hysteria |
Configuration
Generate a strong password from https://passwordsgenerator.net, e.g. 46D3SMTTbUkGNMTYbpZ3tzTE.
Create a new file config.json like this:
1 | { |
The documentation for Hysteria configuration is at https://hysteria.network
Service
Create a new file /etc/systemd/system/hysteria.service.
Model your systemd service file on the example at https://raw.githubusercontent.com/chika0801/hysteria-install/main/hysteria.service
1 | [Unit] |
Reload the systemd daemon:
1 | systemctl daemon-reload |
Start the service:
1 | systemctl enable hysteria |
1 | systemctl start hysteria |
Client
Our client here is Windows.
Download the latest release of program hysteria-windows-amd64.exe from https://github.com/apernet/hysteria/releases.
Create a configuration file Downloads\config.json that looks like this:
1 | { |
up_mbps and down_mbps are mandatory on the client side. They should reflect the bandwidth of your current network as accurately as possible.
Save the file.
Open a Command Prompt window and start the program running:
1 | cd Downloads |
1 | .\hysteria-windows-amd64.exe |
The messages should include something like this:
1 | Client configuration loaded |
Leave the Command Prompt window open with the program running in it.
If you have not already done so, install Mozilla Firefox.
From the Firefox hamburger menu, select Settings. On the General page, scroll down to where it says Network Settings. Click the Settings button.
- Select Manual proxy configuration
- Set SOCKS Host to
127.0.0.1 - Set Port to
10808 - Select SOCKS v5
- Select Proxy DNS when using SOCKS v5
Click OK.
Test your set-up by visiting websites in Firefox.