通過本文,可實現CentOS下shadowsock服務端及客戶端的搭建,並把代理的socket5轉爲http、https。可實現linux主機的全局代理
1. 服務端:
1.1 下載shadowsock一鍵腳本並賦予執行權限
[root@nginx-m ~]# wget --no-check-certificate -O shadowsocks-all.sh https://raw.githubusercontent.com/teddysun/shadowsocks_install/master/shadowsocks-all.sh
--2018-10-23 14:02:16-- https://raw.githubusercontent.com/teddysun/shadowsocks_install/master/shadowsocks-all.sh
Resolving raw.githubusercontent.com (raw.githubusercontent.com)... 151.101.76.133
Connecting to raw.githubusercontent.com (raw.githubusercontent.com)|151.101.76.133|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 46141 (45K) [text/plain]
Saving to: ‘shadowsocks-all.sh’
100%[=====================================================================>] 46,141 --.-K/s in 0.004s
2018-10-23 14:02:16 (11.8 MB/s) - ‘shadowsocks-all.sh’ saved [46141/46141]
[root@nginx-m ~]# chmod +x shadowsocks-all.sh1.2. 執行安裝
[root@nginx-m ~]# ./shadowsocks-all.sh 2>&1 | tee shadowsocks-all.log
Which Shadowsocks server you'd select: #選擇安裝的版本
1) Shadowsocks-Python
2) ShadowsocksR
3) Shadowsocks-Go
4) Shadowsocks-libev
Please enter a number (Default Shadowsocks-Python):1 #默認1) Shadowsocks-Python
You choose = Shadowsocks-Python
Please enter password for Shadowsocks-Python #shadowsock客戶端使用的密碼
(Default password: teddysun.com):centos
password = centos
Please enter a port for Shadowsocks-Python [1-65535] #服務端監聽的端口
(Default port: 17392):10086
port = 10086
Please select stream cipher for Shadowsocks-Python: #選擇加密算法
1) aes-256-gcm
2) aes-192-gcm
3) aes-128-gcm
4) aes-256-ctr
5) aes-192-ctr
6) aes-128-ctr
7) aes-256-cfb
8) aes-192-cfb
9) aes-128-cfb
10) camellia-128-cfb
11) camellia-192-cfb
12) camellia-256-cfb
13) xchacha20-ietf-poly1305
14) chacha20-ietf-poly1305
15) chacha20-ietf
16) chacha20
17) salsa20
18) rc4-md5
Which cipher you'd select(Default: aes-256-gcm):12
cipher = aes-256-cfb
Press any key to start...or Press Ctrl+C to cancel #按任意鍵繼續,Ctrl+C取消
1.3. 安裝完成
INFO: loading config from /etc/shadowsocks-python/config.json
2018-10-23 14:05:43 INFO loading libcrypto from libcrypto.so.10
2018-10-23 14:05:43 INFO loading libsodium from libsodium.so.23
Starting Shadowsocks success
Congratulations, Shadowsocks-Python server install completed!
Your Server IP : XX.XX.XXX.XX #服務端地址
Your Server Port : 10086 #服務端監聽端口
Your Password : centos #客戶端訪問該服務時使用的密碼
Your Encryption Method: aes-256-cfb #加密算法
Your QR Code: (For Shadowsocks Windows, OSX, Android and iOS clients)
ss://YWVzLTI1Ni1nY206Y2VudG9zQDQ3Ljc1LjEyOS43OToxMDA4Ng==
Your QR Code has been saved as a PNG file path:
/root/shadowsocks_python_qr.png
Welcome to visit: https://teddysun.com/486.html
Enjoy it!1.4. 啓動:
- 啓動腳本可用命令:
/etc/init.d/shadowsocks-python start | stop | restart | status- 默認啓動腳本讀取/etc/shadowsocks-python/config.json
[root@nginx-m ~]# /etc/init.d/shadowsocks-python start
INFO: loading config from /etc/shadowsocks-python/config.json
2018-10-23 14:34:09 INFO loading libcrypto from libcrypto.so.10
2018-10-23 14:34:09 INFO loading libsodium from libsodium.so.23
started
Starting Shadowsocks success- 手動指定配置文件():
[root@nginx-m ~]# /bin/python /usr/bin/ssserver -c /etc/shadowsocks.json -d start
INFO: loading config from /etc/shadowsocks.json
2018-10-23 14:43:06 INFO loading libcrypto from libcrypto.so.10
2018-10-23 14:43:06 INFO loading libsodium from libsodium.so.23
started
[root@nginx-m ~]# ss -tnl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 *:9001 *:*
LISTEN 0 128 *:9002 *:*
LISTEN 0 128 *:9003 *:*
LISTEN 0 128 *:9004 *:*
LISTEN 0 128 *:22 *:*
LISTEN 0 128 *:8989 *:*
LISTEN 0 1 127.0.0.1:32000 *:* 1.5. 配置文件:
- /etc/init.d/shadowsocks-python啓動時默認讀取/etc/shadowsocks-python/config.json,該文件不存在時,會讀取/etc/shadowsocks.json
- 單用戶配置文件:
{
"server":"0.0.0.0", #監聽地址
"server_port":10086, #對外服務的端口
"local_address":"127.0.0.1",
"local_port":1080, #本地端口
"password":"centos", #對外服務密碼
"timeout":300,
"method":"aes-256-cfb", #加密算法
"fast_open":true
}- 多用戶配置文件:
{
"server":"0.0.0.0",
"local_address":"127.0.0.1",
"local_port":1080,
"port_password":{
"8989":"centos",
"9001":"centos",
"9002":"centos",
"9003":"centos",
"9004":"centos"
},
"timeout":300,
"method":"aes-256-cfb",
"fast_open": false
}2. 客戶端:
2.1. 安裝shadowsock客戶端
[root@testweb ~]# pip install --upgrade pip #升級pip包管理器
Collecting pip
Downloading http://mirrors.aliyun.com/pypi/packages/c2/d7/90f34cb0d83a6c5631cf71dfe64cc1054598c843a92b400e55675cc2ac37/pip-18.1-py2.py3-none-any.whl (1.3MB)
100% |████████████████████████████████| 1.3MB 88.6MB/s
Installing collected packages: pip
Found existing installation: pip 8.1.2
Uninstalling pip-8.1.2:
Successfully uninstalled pip-8.1.2
Successfully installed pip-18.1 #成功升級pip
[root@testweb ~]# pip install shadowsocks
Looking in indexes: http://mirrors.aliyun.com/pypi/simple/
Collecting shadowsocks
Downloading http://mirrors.aliyun.com/pypi/packages/02/1e/e3a5135255d06813aca6631da31768d44f63692480af3a1621818008eb4a/shadowsocks-2.8.2.tar.gz
Installing collected packages: shadowsocks
Running setup.py install for shadowsocks ... done
Successfully installed shadowsocks-2.8.22.2. 爲shadowsock增加配置文件
vim /etc/shadowsocks.json 增加以下內容:
{
"server":"47.52.41.160",
"server_port":10086,
"local_port":1080,
"password":"centos",
"timeout":600,
"method":"aes-256-cfb"
}2.3. 啓動shadowsock客戶端:
[root@testweb ~]# nohup sslocal -c /etc/shadowsocks.json /dev/null 2>&1 &
[1] 22692
[root@testweb ~]# nohup: ignoring input and appending output to ‘nohup.out’ #程序啓動時的輸出重定向至nohup.out文件
echo " nohup sslocal -c /etc/shadowsocks.json /dev/null 2>&1 &" /etc/rc.local #設置開機自啓動2.4. 測試shadowsock服務是否正常連接
[root@testweb ~]# curl --socks5 127.0.0.1:1080 http://httpbin.org/ip
{
"origin": "X.X.X.X" #此處顯示shadowsock服務器外網地址即爲正常
}2.5. 安裝Privoxy
- Shadowsocks 是一個 socket5 服務,我們需要使用 Privoxy 把流量轉到 http/https 上。
[root@testweb ~]# yum -y install privoxy
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
Resolving Dependencies
--> Running transaction check
---> Package privoxy.x86_64 0:3.0.26-1.el7 will be installed
--> Finished Dependency Resolution
Dependencies Resolved
===============================================================================================================================================
Package Arch Version Repository Size
===============================================================================================================================================
Installing:
privoxy x86_64 3.0.26-1.el7 epel 936 k
Transaction Summary
===============================================================================================================================================
Install 1 Package
Total download size: 936 k
Installed size: 3.1 M
Downloading packages:
privoxy-3.0.26-1.el7.x86_64.rpm | 936 kB 00:00:00
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Installing : privoxy-3.0.26-1.el7.x86_64 1/1
Verifying : privoxy-3.0.26-1.el7.x86_64 1/1
Installed:
privoxy.x86_64 0:3.0.26-1.el7
Complete!2.6. 配置privoxy
- 配置文件路徑:/etc/privoxy/config
- 確保以下兩行未被註釋,且forward-socks5t的端口號與shadowsock的local端口一致
listen-address 127.0.0.1:8118
forward-socks5t / 127.0.0.1:1080 .2.7. 添加環境變量
- 新建/etc/profile.d/privoxy.sh,添加以下內容並加載
export http_proxy=http://127.0.0.1:8118
export https_proxy=http://127.0.0.1:8118- 加載/etc/profile.d/privoxy.sh
source /etc/profile.d/privoxy.sh2.8. 測試
- curl命令測試:若返回一大堆HTML,則工作正常。
curl www.google.com.hk- 也可用elinks測試,若正常,會顯示谷歌文本格式界面
2.9. 注意:
- 若不需使用代理時,把/etc/profile.d/privoxy.sh的內容註釋掉
3. 阿里雲服務器配置
- 若shadowsock服務器爲阿里雲服務器
- 有外網地址時:在安全組規則中開放10086端口
- 無外網地址時:需購買EIP,配置DNAT規則