Linux Technology

Snell — An Encrypted Proxy Service Program

If you have heard of Surge app, which is an ‘Advanced Network Toolbox for Mac & iOS’, you probably also know Snell protocol. It is a proxy service to encrypt your network transmission (Maybe some other usages too). You must have Surge iOS or Surge Mac and a VPS to use the Snell proxy service.

It’s not an open-sourced project, so we can’ know the technical details behind it. It has the following advantages stated by the developer:

  • Extreme performance.
  • Traffic obfuscating is embedded (HTTP & TLS).
  • The proxy server will report remote errors to the client if encounters. Clients may choose countermeasures for different scenarios.


Quick start
  1. Download the binary from the Release page.
  2. Decompress and execute the binary. A wizard will guide you to generate a new config.
  3. Re-execute the binary to start service.
  4. Add a proxy line in Surge iOS or Surge Mac (The latest beta version is required)
Proxy = snell, [SERVER ADDRESS], [GENERATED PORT], psk=[GENERATED PSK], obfs=http
Manual Installation

The tutorial is inspired by Leo and You’s post. Before start, you need to have wget and unzip to help the installation (Search on Google, there are lots of ways to install those two packages).

Firstly, download the latest release from the official page.


Unzip the downloaded file:


Move the binary:

mv snell-server /usr/local/bin/

Write system service:

# if you don't have this path, create first
mkdir -r /usr/lib/systemd/system/
# create service
touch /usr/lib/systemd/system/snell.service

# file content, tested on Debian 8 with Linux kernel 4.9
Description=Snell Proxy Service

ExecStart=/usr/local/bin/snell-server -c /etc/snell-server.conf


Create the configuration file (you may change the listen port, the password, and the obfuscating method):

touch /etc/snell-server.conf

# content of the configuration
listen =
psk = password
obfs = http

Finally, start the Snell service:

systemctl daemon-reload
systemctl start snell

Client Configuration

There are two ways to configure the client. The first one is to use the GUI provided by the client. Choose the correct protocol, VPS address, port, PSK password, and obfuscating method in Surge iOS and Surge Mac. You can change the obfuscating host as you wish.

Another way is to write directly to the Surge client’s configuration file according to your Snell service set up:

Proxy = snell, [SERVER ADDRESS], [GENERATED PORT], psk=[GENERATED PSK], obfs=http


systemctl start snellStart service
systemctl restart snellRestart service
systemctl status snellCheck service status

By 533

♥️•🏊•💪🏻 •🐈•📷
•IG: @53333_ @xᴜɴxᴜɴ_ɢʀᴀᴄᴇ
•TW: @SimonNg533

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.