linux -- 科学上网


“人要是死了,就看不见这么美的天空了。”湫望着漫天的星星自言自语。 -- 《大鱼·海棠》


购买服务器

www.vultr.com


ss 步骤

连接 vps

使用 putty 或者 Xshell 连接

安装

$ apt-get update
$ apt-get install python-pip
$ apt-get install python-setuptools m2crypto
$ apt-get install vim

安装 shadowsocks

$ pip install shadowsocks

配置服务信息

$ vim /etc/shadowsocks.json

{
    "server":"0.0.0.0",
    "server_port":8388,"
    local_port":1080,
    "password":"yourpassword",
    "timeout":600,
    "method":"aes-256-cfb"
}
  1. 设置进程维护,开机启动
$ apt-get install supervisor
$ echo_supervisord_conf > /etc/supervisor/supervisord.conf
$ vim /etc/supervisor/supervisord.conf

[program:shadowsocks]
command=ssserver -c /etc/shadowsocks.json
autostart=trueautorestart=true
user=root
log_stderr=true
logfile=/var/log/shadowsocks.log
vim /etc/rc.local
service supervisord start
# exit 0

加速

$ wget --no-check-certificate https://github.com/teddysun/across/raw/master/bbr.sh
$ chmod +x bbr.sh
$ ./bbr.sh

使用 ssr

下载

$ wget --no-check-certificate https://raw.githubusercontent.com/teddysun/shadowsocks_install/master/shadowsocksR.sh

权限

$ chmod +x shadowsocksR.sh

执行

$ ./shadowsocksR.sh 2>&1 | tee shadowsocksR.log

输入端口、密码、加密方式等,可以多数采用默认方式生成的信息会放到 /etc/shadowsocks.json 文件中

{
    "server":"0.0.0.0",
    "server_ipv6":"[::]",
    "server_port":8388,
    "local_address":"127.0.0.1",
    "local_port":1080,
    "password":"mima",
    "timeout":120,
    "method":"aes-256-cfb",
    "protocol":"origin",
    "protocol_param":"",
    "obfs":"plain",
    "obfs_param":"",
    "redirect":"",
    "dns_ipv6":true,
    "fast_open":true,
    "workers":1
}

带注释的

{
    "server":"0.0.0.0",
    "server_ipv6":"::",
    "local_address":"127.0.0.1",
    "local_port":1080,
        "port_password":{
        #纯 SS 不带混淆 端口25 密码为123456.
        "25":"123456",
        #端口443,密码123456 ,protocol选择auth_chain_a。obfs选择tls1.2_ticket_auth,具体插件的介绍如下参考资料中
        "443":{
        "protocol":"auth_chain_a", 
        "password":"123456", 
        "obfs":"tls1.2_ticket_auth", 
        "obfs_param":""
    },
    #注意无论怎么变化,最后一个端口设置,不带逗号!
    "3389":{
        "protocol":"auth_aes128_md5", 
        "password":"123456", 
        "obfs":"tls1.2_ticket_auth", 
        "obfs_param":""
        }
        #此处没有逗号!
    },

    "timeout":400,
    # 默认全局的加密方式,即上边各个端口的默认加密方式。一般为aes-256-cfb,此处,选择为chacha20,移动设备性能较好。
    "method":"chacha20",

    #protocol.协议定义插件的默认值,origin即使用原版SS协议,不混淆。即上面端口配置中,你没有设置 protocol 和 obfs 情况下,使用的默认值。
    "protocol": "origin",
    "protocol_param": "",

    #protocol.协议定义插件的默认值,plain即使用原协议,不混淆。
    "obfs": "plain",
    "obfs_param": "",
    "redirect": "",
    "dns_ipv6": true,
    #TCP FAST OPEN ,打开
    "fast_open": true,
    "workers": 1
}

启动

$ /etc/init.d/shadowsocks restart

可能需要开放端口

$ ufw allow 8388

supervisor 进程管理

$ apt-get install -y supervisor
$ echo_supervisord_conf > /etc/supervisor/supervisord.conf
$ vim /etc/supervisor/supervisord.conf

[program:shadowsocks]command=/etc/init.d/shadowsocks restartautostart=true
autorestart=true
user=root
log_stderr=true
logfile=/var/log/shadowsocks.log

bbr 加速

$ wget --no-check-certificate https://github.com/teddysun/across/raw/master/bbr.sh
$ chmod +x bbr.sh
$ ./bbr.sh

haproxy 实现中转

安装

apt-get install haproxy

卸载

apt-get --purge remove haproxy

配置

vim /etc/haproxy/haproxy.cfg

覆盖

global
ulimit-n 51200
defaults
log global
mode tcp
option dontlognull
contimeout 1000
clitimeout 150000
srvtimeout 150000
frontend ss-in
bind *:8388
default_backend ss-out
backend ss-out
server server1 207.148.27.226:8388 maxconn 20480

需修改部分

bind *:8388

server server1 207.148.27.226:8388 maxconn 20480

测试

haproxy -f /etc/haproxy/haproxy.cfg

supervisor 进程管理

$ vim /etc/supervisord.conf

[program:haproxy]
command=haproxy -f /etc/haproxy/haproxy.cfg
autostart=true
autorestart=true
user=root
log_stderr=true
logfile=/var/log/haproxy.log