搭建Shadowsocks多用户多节点环境

安装依赖

apt-get update -y && apt-get upgrade -y 
apt-get install screen vim zip unzip iftop -y
apt-get install python-pip git python-m2crypto libnet1 libpcap0.8 libnet1-dev libpcap0.8-dev -y
pip install cymysql  

安装net-speeder

git clone https://github.com/snooda/net-speeder.git
cd net-speeder
sh build.sh -DCOOKED

./net_speeder venet0 “ip”

安装锐速和tcp_hubla模块

/sbin/modprobe tcp_hybla

lsmod |grep hybla

vim /etc/sysctl.conf 

net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_tw_recycle = 1
net.ipv4.tcp_fin_timeout = 30
net.ipv4.tcp_keepalive_time = 1200
net.ipv4.ip_local_port_range = 10000 65000
net.ipv4.tcp_max_syn_backlog = 8192
net.ipv4.tcp_max_tw_buckets = 5000
net.core.rmem_max = 67108864
net.core.wmem_max = 67108864
net.ipv4.tcp_rmem = 4096 87380 67108864
net.ipv4.tcp_wmem = 4096 65536 67108864
net.core.netdev_max_backlog = 250000
net.ipv4.tcp_mtu_probing=1
net.ipv4.tcp_congestion_control=hybla

sysctl -p


tar xzvf serverSpeederInstaller.tar.gz

bash serverSpeederInstaller.sh

service serverSpeeder start

生成配置文件

# 编辑文件
vim /root/ss.sh
#!/bin/bash
ulimit -n 51200
python /root/shadowsocks/shadowsocks/server.py -c /root/shadowsocks/shadowsocks/config.json
# 编辑文件
vim /root/net.sh
#!/bin/bash
cd /root/net-speeder

./net_speeder venet0 “ip”

 # 编辑文件
vim /root/hybla.sh
#!/bin/sh
/sbin/modprobe tcp_hybla
 # 编辑文件
vim /root/rs.sh
#!/bin/bash
service serverSpeeder start

 # 编辑文件
vim /root/reboot.sh
#!/bin/bash
shutdown -r +360

安装Shadowsocks

git clone -b master https://github.com/Facebooksx/shadowsocks.git
cd /root/shadowsocks/shadowsocks
# 修改数据库信息
vim Config.py
vim /root/shadowsocks/shadowsocks/config.json
{
     “server”:”::”,
     “server_port:8388,
     local_address: 127.0.0.1
     local_port:1080,
     password:m
     timeout:300,
     method:aes-256-cfb,
     fast_open: false,
     workers: 1
}
# 跑看看 

python server.py

必要的安全措施:

vim /root/ip.sh
#!/bin/bash
#input rules
iptables -I FORWARD -p tcp –dport 25 -j DROP
iptables -I FORWARD -p tcp dport 465 -j DROP
iptables -I FORWARD -p tcp dport 995 -j DROP
iptables -I FORWARD -p tcp dport 110 -j DROP
iptables -A OUTPUT -p tcp dport 80 -j ACCEPT
iptables -A OUTPUT -p tcp dport 443 -j ACCEPT
iptables -A OUTPUT -p tcp dport 53 -j ACCEPT
iptables -A OUTPUT -p udp dport 53 -j ACCEPT
iptables -A OUTPUT -p tcp -m multiport dports 25,26,109,110,143,220,366,465,587,691,993,995,2710,6881 -j REJECT reject-with tcp-reset
iptables -A OUTPUT -p udp -m multiport dports 25,26,109,110,143,220,366,465,587,691,993,995,2710,6881 -j DROP
iptables -A OUTPUT -m string algo bm string “HELO” -j DROP
#save
iptables-save > /etc/iptables
# 创建自启动配置文件,并授于可执行权限
touch /etc/network/if-pre-up.d/iptables
chmod +x /etc/network/if-pre-up.d/iptables
# 编辑该自启动配置文件,内容为启动网络时恢复iptables配置
echo “#!/bin/sh” >> /etc/network/if-pre-up.d/iptables
echo “/sbin/iptables-restore < /etc/iptables” >> /etc/network/if-pre-up.d/iptables
iptables-save > /etc/iptables
iptables -L
iptables -L -n

iptables -F(清除规则)

使用supervisor进程守护

# 安装supervisor
apt-get install python-pip python-m2crypto supervisor -y
# 编辑文件
vim /etc/supervisor/conf.d/shadowsocks.conf
输入(dir路径记得修改)
[program:shadowsocks]
command=bash /root/ss.sh
autorestart=true
user=root
# 编辑文件
vim /etc/supervisor/conf.d/net-speeder.conf
输入(dir路径记得修改)
[program:net-speeder]
command=bash /root/net.sh
autorestart=true
user=root
# 编辑文件
vim /etc/supervisor/conf.d/hybla.conf
输入(dir路径记得修改)
[program:hybla]
command=bash /root/hybla.sh
autorestart=true

user=root

# 编辑文件
vim /etc/supervisor/conf.d/rs.conf
输入(dir路径记得修改)
[program:rs]
command=bash /root/rs.sh
autorestart=true
user=root

# 编辑文件
vim /etc/supervisor/conf.d/ip.conf
输入(dir路径记得修改)
[program:ip]
command=bash /root/ip.sh
autorestart=true
user=root

# 编辑文件
vim /etc/supervisor/conf.d/reboot.conf
输入(dir路径记得修改)
[program:reboot]
command=bash /root/reboot.sh
autorestart=true
user=root

启动
service supervisor start 
supervisorctl reload 
debug查看日志
supervisorctl tail -f shadowsocks stderr
启动/重启/停止
supervisorctl start shadowsocks
supervisorctl restart shadowsocks
supervisorctl stop shadowsocks 

卸载Apache2命令 

apt-get remove apache2 -y 

apt-get remove apache2.2-common -y

分享到:

0 条评论

*

昵称

一张舒适的沙发在等着你Y(^o^)Y