Centos7配置Shadowsocks5 代理服务器
时间:2017-02-05 18:16 来源:51cto.com 作者:IT
Shadowsocks是一个轻量级的SOCK5代理软件,而Shadowsocks-libev是基于Shadowsocks的代理软件,他包括三部分:
ss-server:服务器端,部署在远程服务器,提供shadowsocks服务。
ss-local:客户端,提供本地socks5协议代理。
ss-redir:客户端,提供本地透明代理。
实现原理,通过一台国外的服务器安装代理软件来实现代理,这里使用的IBM的免费云服务器,我使用的CentOS7系统,操作防火墙的时候与6稍微有点不同,期间还遇到一点小问题,下面看操作步骤。
一,关闭selinux(这个就不用说了吧)
二,开启防火墙TCP8388端口(软件默认端口)
[root@/etc/shadowsocks-libev06:43]#cat /etc/sysconfig/iptables
# Generated by iptables-save v1.4.21 on Wed Dec 2 06:06:07 2015
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [60067:58278958]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp -m icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -p esp -j ACCEPT
-A RH-Firewall-1-INPUT -p ah -j ACCEPT
-A RH-Firewall-1-INPUT -d Your_Internet_Ipaddress/32 -p udp -m udp --dport 5353 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 8388 -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
COMMIT
# Completed on Wed Dec 2 06:06:07 2015
上面的一条语句要使用你自己服务器的公网ip。
因为CentOS7默认没有安装iptables的service,而使用的firewalld,并且用systemctl来控制,下面我要做的是禁用firewalld开启iptables服务。
systemctl stop firewalld
systemctl mask firewalld
yum -y install iptables-services
systemctl enable iptables
systemctl start iptables.services
iptables-restore /etc/sysconfig/iptables
三,安装编辑包和shadowsocks-libev.git需要的包
yum -y install wget curl curl-devel zlib-devel openssl-devel perl perl-devel cpio expat-devel gettext-devel
yum -y install autoconf libtool openssl-devel gcc swig python-devel
四,git安装shadowsocks-livev
cd /usr/local/src
git clone https://github.com/madeye/shadowsocks-libev.git
cd /shadowsocks-libev
./configure
make && make install
五,配置服务端
mkdir /etc/shadowsocks-libev
vi /etc/shadowsocks-libev/config.json
[root@/etc/shadowsocks-libev07:10]#cat /etc/shadowsocks-libev/config.json
{
"server":"192.168.0.18",
"server_port":8388,
"local_address":"127.0.0.1",
"local_port":1080,
"password":"*******",
"method":"aes-256-cfb",
"timeout":60,
}
server ip 是你服务器的内网ip。
设置ss-server开机自启动
vi /etc/init.d/ss-server
[root@/etc/shadowsocks-libev07:10]#cat /etc/init.d/ss-server
#!/bin/bash
# Description: lightweight secured socks5 proxy
# processname: ss-server
# Source function library
. /etc/rc.d/init.d/functions
# Check that networking is up.
#
[ ${NETWORKING} ="yes" ] || exit 0
# Daemon
NAME=shadowsocks-server
DAEMON=/usr/local/bin/ss-server
# Path to the configuration file.
#
CONF=/etc/shadowsocks-libev/config.json
#USER="nobody"
#GROUP="nobody"
# Take care of pidfile permissions
mkdir /var/run/$NAME 2>/dev/null || true
#chown "$USER:$GROUP" /var/run/$NAME
# Check the configuration file exists.
#
if [ ! -f $CONF ] ; then
echo "The configuration file cannot be found!"
exit 0
fi
# Path to the lock file.
#
LOCK_FILE=/var/lock/subsys/shadowsocks
# Path to the pid file.
#
PID=/var/run/$NAME/pid
#====================================================================
#====================================================================
# Run controls:
RETVAL=0
# Start shadowsocks as daemon.
#
start() {
if [ -f $LOCK_FILE ]; then
echo "$NAME is already running!"
exit 0
else
echo -n $"Starting ${NAME}: "
#daemon --check $DAEMON --user $USER "$DAEMON -f $PID -c $CONF > /dev/null"
daemon $DAEMON -u -c $CONF -f $PID
fi
RETVAL=$?
[ $RETVAL -eq 0 ] && success
echo
[ $RETVAL -eq 0 ] && touch $LOCK_FILE
return $RETVAL
}
# Stop shadowsocks.
#
stop() {
echo -n $"Shutting down ${NAME}: "
killproc -p ${PID}
RETVAL=$?
[ $RETVAL -eq 0 ]
rm -f $LOCK_FILE
rm -f ${PID}
echo
return $RETVAL
}
# See how we were called.
case "$1" in
start)
start
;;
stop)
stop
;;
restart)
stop
start
;;
condrestart)
if [ -f $LOCK_FILE ]; then
stop
start
RETVAL=$?
fi
;;
status)
status $DAEMON
RETVAL=$?
;;
*)
echo $"Usage: $0 {start|stop|restart|condrestart|status}"
RETVAL=1
esac
exit $RETVAL
chmod a+x ss-server
chkconfig --add ss-server
chkconfig ss-server on
七,配置客户端
下载地址: http://nchc.dl.sourceforge.net/project/shadowsocksgui/dist/Shadowsocks-win-2.5.2.zip
使用shadowsocks的客户端实现pac自动代理,点击右键,选择“系统代理”,然后更新GFWList 的pac文件,之后打开ie代理就会发现已经设置好自动使用pac文件实现代理功能了。
本文出自 “天涯海阁” 博客,请务必保留此出处http://shanker.blog.51cto.com/1189689/1718868
(责任编辑:IT)
Shadowsocks是一个轻量级的SOCK5代理软件,而Shadowsocks-libev是基于Shadowsocks的代理软件,他包括三部分: ss-server:服务器端,部署在远程服务器,提供shadowsocks服务。 ss-local:客户端,提供本地socks5协议代理。 ss-redir:客户端,提供本地透明代理。 实现原理,通过一台国外的服务器安装代理软件来实现代理,这里使用的IBM的免费云服务器,我使用的CentOS7系统,操作防火墙的时候与6稍微有点不同,期间还遇到一点小问题,下面看操作步骤。 一,关闭selinux(这个就不用说了吧) 二,开启防火墙TCP8388端口(软件默认端口)
[root@/etc/shadowsocks-libev06:43]#cat /etc/sysconfig/iptables # Generated by iptables-save v1.4.21 on Wed Dec 2 06:06:07 2015 *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [60067:58278958] :RH-Firewall-1-INPUT - [0:0] -A INPUT -j RH-Firewall-1-INPUT -A FORWARD -j RH-Firewall-1-INPUT -A RH-Firewall-1-INPUT -i lo -j ACCEPT -A RH-Firewall-1-INPUT -p icmp -m icmp --icmp-type any -j ACCEPT -A RH-Firewall-1-INPUT -p esp -j ACCEPT -A RH-Firewall-1-INPUT -p ah -j ACCEPT -A RH-Firewall-1-INPUT -d Your_Internet_Ipaddress/32 -p udp -m udp --dport 5353 -j ACCEPT -A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT -A RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT -A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT -A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 8388 -j ACCEPT -A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited COMMIT # Completed on Wed Dec 2 06:06:07 2015
因为CentOS7默认没有安装iptables的service,而使用的firewalld,并且用systemctl来控制,下面我要做的是禁用firewalld开启iptables服务。 systemctl stop firewalld systemctl mask firewalld yum -y install iptables-services systemctl enable iptables systemctl start iptables.services iptables-restore /etc/sysconfig/iptables 三,安装编辑包和shadowsocks-libev.git需要的包 yum -y install wget curl curl-devel zlib-devel openssl-devel perl perl-devel cpio expat-devel gettext-devel yum -y install autoconf libtool openssl-devel gcc swig python-devel 四,git安装shadowsocks-livev cd /usr/local/src git clone https://github.com/madeye/shadowsocks-libev.git cd /shadowsocks-libev ./configure make && make install 五,配置服务端
mkdir /etc/shadowsocks-libev
vi /etc/shadowsocks-libev/config.json
[root@/etc/shadowsocks-libev07:10]#cat /etc/shadowsocks-libev/config.json
{
"server":"192.168.0.18",
"server_port":8388,
"local_address":"127.0.0.1",
"local_port":1080,
"password":"*******",
"method":"aes-256-cfb",
"timeout":60,
}
server ip 是你服务器的内网ip。 设置ss-server开机自启动
vi /etc/init.d/ss-server
[root@/etc/shadowsocks-libev07:10]#cat /etc/init.d/ss-server
#!/bin/bash
# Description: lightweight secured socks5 proxy
# processname: ss-server
# Source function library
. /etc/rc.d/init.d/functions
# Check that networking is up.
#
[ ${NETWORKING} ="yes" ] || exit 0
# Daemon
NAME=shadowsocks-server
DAEMON=/usr/local/bin/ss-server
# Path to the configuration file.
#
CONF=/etc/shadowsocks-libev/config.json
#USER="nobody"
#GROUP="nobody"
# Take care of pidfile permissions
mkdir /var/run/$NAME 2>/dev/null || true
#chown "$USER:$GROUP" /var/run/$NAME
# Check the configuration file exists.
#
if [ ! -f $CONF ] ; then
echo "The configuration file cannot be found!"
exit 0
fi
# Path to the lock file.
#
LOCK_FILE=/var/lock/subsys/shadowsocks
# Path to the pid file.
#
PID=/var/run/$NAME/pid
#====================================================================
#====================================================================
# Run controls:
RETVAL=0
# Start shadowsocks as daemon.
#
start() {
if [ -f $LOCK_FILE ]; then
echo "$NAME is already running!"
exit 0
else
echo -n $"Starting ${NAME}: "
#daemon --check $DAEMON --user $USER "$DAEMON -f $PID -c $CONF > /dev/null"
daemon $DAEMON -u -c $CONF -f $PID
fi
RETVAL=$?
[ $RETVAL -eq 0 ] && success
echo
[ $RETVAL -eq 0 ] && touch $LOCK_FILE
return $RETVAL
}
# Stop shadowsocks.
#
stop() {
echo -n $"Shutting down ${NAME}: "
killproc -p ${PID}
RETVAL=$?
[ $RETVAL -eq 0 ]
rm -f $LOCK_FILE
rm -f ${PID}
echo
return $RETVAL
}
# See how we were called.
case "$1" in
start)
start
;;
stop)
stop
;;
restart)
stop
start
;;
condrestart)
if [ -f $LOCK_FILE ]; then
stop
start
RETVAL=$?
fi
;;
status)
status $DAEMON
RETVAL=$?
;;
*)
echo $"Usage: $0 {start|stop|restart|condrestart|status}"
RETVAL=1
esac
exit $RETVAL
chmod a+x ss-server chkconfig --add ss-server chkconfig ss-server on
七,配置客户端 下载地址: http://nchc.dl.sourceforge.net/project/shadowsocksgui/dist/Shadowsocks-win-2.5.2.zip
使用shadowsocks的客户端实现pac自动代理,点击右键,选择“系统代理”,然后更新GFWList 的pac文件,之后打开ie代理就会发现已经设置好自动使用pac文件实现代理功能了。
本文出自 “天涯海阁” 博客,请务必保留此出处http://shanker.blog.51cto.com/1189689/1718868 (责任编辑:IT) |
