1. CentOS 7 安裝使用Shadowsocks客戶端
yum -y install epel-release
yum install python-pip
pip install --upgrade pip
- 下載Shadowsocks客戶端,並使用pip工具安裝
pip install shadowsocks-3.0.0.zip
[root@harbor shadowsocks]# mkdir /etc/shadowsocks
[root@harbor shadowsocks]# vim /etc/shadowsocks/shadowsocks.json
{
"server":"xxxxxx", # Shadowsocks服務器地址
"server_port":6688, # Shadowsocks服務器端口
"local_address": "192.168.16.221", # 本地ip
"local_port":1080, # 本地端口
"password":"xxxxxx", # Shadowsocks服務器連接密碼
"timeout":300, # 等待超時時間
"method":"aes-256-gcm" # Shadowsocks服務器加密方式
}
[root@harbor shadowsocks]# vim /etc/systemd/system/shadowsocks.service
Unit]
Description=Shadowsocks
[Service]
TimeoutStartSec=0
ExecStart=/usr/bin/sslocal -c /etc/shadowsocks/shadowsocks.json
[Install]
WantedBy=multi-user.target
[root@harbor shadowsocks]# systemctl enable shadowsocks.service
[root@harbor shadowsocks]# systemctl start shadowsocks.service
[root@harbor shadowsocks]# systemctl status shadowsocks.service
● shadowsocks.service - Shadowsocks
Loaded: loaded (/etc/systemd/system/shadowsocks.service; enabled; vendor preset: disabled)
Active: active (running) since 六 2018-09-08 15:09:41 CST; 25min ago
Main PID: 1388 (sslocal)
CGroup: /system.slice/shadowsocks.service
└─1388 /usr/bin/python2 /usr/bin/sslocal -c /etc/shadowsocks/shadowsocks.json
9月 08 15:09:41 harbor systemd[1]: Started Shadowsocks.
9月 08 15:09:41 harbor systemd[1]: Starting Shadowsocks...
9月 08 15:09:41 harbor sslocal[1388]: INFO: loading config from /etc/shadowsocks/shadowsocks.json
9月 08 15:09:41 harbor sslocal[1388]: 2018-09-08 15:09:41 INFO loading libcrypto from libcrypto.so.10
9月 08 15:09:41 harbor sslocal[1388]: 2018-09-08 15:09:41 INFO starting local at 192.168.16.221:1080
9月 08 15:11:18 harbor sslocal[1388]: 2018-09-08 15:11:18 INFO connecting www.google.com:80 from 192.168.16.221:40816
9月 08 15:11:21 harbor sslocal[1388]: 2018-09-08 15:11:21 INFO connecting www.google.com:80 from 192.168.16.221:40822
9月 08 15:12:29 harbor sslocal[1388]: 2018-09-08 15:12:29 INFO connecting www.google.com:80 from 192.168.16.221:40828
9月 08 15:14:35 harbor sslocal[1388]: 2018-09-08 15:14:35 INFO connecting www.google.com:80 from 192.168.16.221:40832
9月 08 15:15:02 harbor sslocal[1388]: 2018-09-08 15:15:02 INFO connecting www.baidu.com:80 from 192.168.16.221:40838
[root@harbor shadowsocks]# curl --socks5 192.168.16.221:1080 http://httpbin.org/ip
{
"origin": "140.82.19.104" # 打印ss服務器地址表示正常運行
}
2. CentOS 7安裝配置privoxy
安好了shadowsocks後, 但它是socks5代理,我門在shell裏執行的命令,發起的網絡請求現在還不支持socks5代理,只支持http/https代理。所以還需要安裝privoxy代理,它能把電腦上所有http請求轉發給shadowsocks。
yum install privoxy -y
systemctl enable privoxy
systemctl start privoxy
systemctl status privoxy
vim /etc/privoxy/config
修改如下:
listen-address 192.168.16.221:8118 # 配置privoxy監聽的端口, 默認8118
forward-socks5t / 192.168.16.221:1080 . # 配置privoxy轉發到的地址和端口,這是前面Shadowsocks配置監聽的端口,注意最後有個點
設置http_proxy和https_proxy
[root@k8s-master-practice ~]# export http_proxy=http://192.168.16.221:8118
[root@k8s-master-practice ~]# export https_proxy=https://192.168.16.221:8118
[root@k8s-master-practice ~]# curl -I www.google.com
HTTP/1.1 200 OK
Date: Sat, 08 Sep 2018 07:46:56 GMT
Expires: -1
Cache-Control: private, max-age=0
Content-Type: text/html; charset=ISO-8859-1
P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
Server: gws
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Set-Cookie: 1P_JAR=2018-09-08-07; expires=Mon, 08-Oct-2018 07:46:56 GMT; path=/; domain=.google.com
Set-Cookie: NID=138=pRzc8ONW5HN0VKbzaMRzNYTSVMs_Oru2IEmyS6GH6wmIllc0T219VKaf5yvrrfMZRmyUoPxzR7SIJb47e1XuBv1kwqa93I8nsCQUUqlRAHM_F1uEJmqi0B7R9YsimCa3; expires=Sun, 10-Mar-2019 07:46:56 GMT; path=/; domain=.google.com; HttpOnly
Transfer-Encoding: chunked
Accept-Ranges: none
Vary: Accept-Encoding
Proxy-Connection: keep-alive
3. docker代理設置
mkdir /etc/systemd/system/docker.service.d/
cat << EOF > /etc/systemd/system/docker.service.d/http-proxy.conf
[Service]
Environment="HTTP_PROXY=http://192.168.16.221:8118" "HTTPS_PROXY=http://192.168.16.221:8118" "NO_PROXY=localhost,127.0.0.1,10.10.40.30,10.10.40.22"
EOF
systemctl daemon-reload
systemctl restart docker