阿里云centos7基于搭建VPN
本文参考自:http://www.xxkwz.cn/1495.html
前段时间使用pptp搭建了一个VPN,速度很快,但是用了大概一个月挂了,估计是被墙了吧,于是,用shadowsocks重新搭建了一个,
参考了网友教程,结合自己的一些运维经验,终于搭建成功,先记录一下,希望可以帮助有需要的朋友。
一、服务器端配置
1、安装采用的是teddysun(github上可以搜索到)写的一键安装脚本,具体地址如下:
https://raw.githubusercontent.com/teddysun/shadowsocks_install/master/shadowsocks.sh
或者:
https://github.com/teddysun/shadowsocks_install.git
下载后,使用root执行就OK,不再赘述。为防止链接失效,完整的脚本也可在本文末尾附录中看到。
2、修改默认配置
配置文件路径:/etc/shadowsocks.json
内容:
{ "server":"your_server_ip", "server_port":8989, "local_address":"127.0.0.1", "local_port":1080, "password":"yourpassword", "timeout":300, "method":"rc4-md5", "fast_open": false }
加密方式改为:rc4-md5
3、修改防火墙
如果开启了iptables防火墙,需要开放上面的server_port端口
方法:
vi /etc/systemconfig/iptables
-A INPUT -m state --state NEW -m tcp -p tcp --dport 8989 -j ACCEPT
4、重启服务
systemctl restart shadowsocks
二、客户端配置
参考自:https://ttt.tt/150/
下载地址:
Win:
适合 Windows 7 用户,链接: http://pan.baidu.com/s/1ntoPuI1 密码: vrqh
适合 Windows 8.1 用户,链接: http://pan.baidu.com/s/1hq6A1yG 密码: 6oe9
OS X:http://pan.baidu.com/s/1i39qr8D 密码: pv6d
客户端配置界面如下:
注:其中的加密方式要改成 rc4-md5
客户端配置好后,需要设置浏览器的代理信息,以chrome为例:
1、进入chrome://settings/的高级设置
2、网络=》更改代理服务器设置
3、进入其中的局域网设置,截图如下:
以上就是配置的全过程,欢迎提问探讨。
附录:
#!/usr/bin/env bash PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:~/bin export PATH #=================================================================# # System Required: CentOS 6+, Debian 7+, Ubuntu 12+ # # Description: One click Install Shadowsocks-Python server # # Author: Teddysun <i@teddysun.com> # # Thanks: @clowwindy <https://twitter.com/clowwindy> # # Intro: https://teddysun.com/342.html # #=================================================================# clear echo echo "#############################################################" echo "# One click Install Shadowsocks-Python server #" echo "# Intro: https://teddysun.com/342.html #" echo "# Author: Teddysun <i@teddysun.com> #" echo "# Github: https://github.com/shadowsocks/shadowsocks #" echo "#############################################################" echo #Current folder cur_dir=`pwd` # Make sure only root can run our script rootness(){ if [[ $EUID -ne 0 ]]; then echo "Error:This script must be run as root!" 1>&2 exit 1 fi } # Disable selinux disable_selinux(){ if [ -s /etc/selinux/config ] && grep 'SELINUX=enforcing' /etc/selinux/config; then sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config setenforce 0 fi } #Check system check_sys(){ local checkType=$1 local value=$2 local release='' local systemPackage='' if [[ -f /etc/redhat-release ]]; then release="centos" systemPackage="yum" elif cat /etc/issue | grep -Eqi "debian"; then release="debian" systemPackage="apt" elif cat /etc/issue | grep -Eqi "ubuntu"; then release="ubuntu" systemPackage="apt" elif cat /etc/issue | grep -Eqi "centos|red hat|redhat"; then release="centos" systemPackage="yum" elif cat /proc/version | grep -Eqi "debian"; then release="debian" systemPackage="apt" elif cat /proc/version | grep -Eqi "ubuntu"; then release="ubuntu" systemPackage="apt" elif cat /proc/version | grep -Eqi "centos|red hat|redhat"; then release="centos" systemPackage="yum" fi if [[ ${checkType} == "sysRelease" ]]; then if [ "$value" == "$release" ]; then return 0 else return 1 fi elif [[ ${checkType} == "packageManager" ]]; then if [ "$value" == "$systemPackage" ]; then return 0 else return 1 fi fi } # Get version getversion(){ if [[ -s /etc/redhat-release ]]; then grep -oE "[0-9.]+" /etc/redhat-release else grep -oE "[0-9.]+" /etc/issue fi } # CentOS version centosversion(){ if check_sys sysRelease centos; then local code=$1 local version="$(getversion)" local main_ver=${version%%.*} if [ "$main_ver" == "$code" ]; then return 0 else return 1 fi else return 1 fi } # Get public IP address get_ip(){ local IP=$( ip addr | egrep -o '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' | egrep -v "^192\.168|^172\.1[6-9]\.|^172\.2[0-9]\.|^172\.3[0-2]\.|^10\.|^127\.|^255\.|^0\." | head -n 1 ) [ -z ${IP} ] && IP=$( wget -qO- -t1 -T2 ipv4.icanhazip.com ) [ -z ${IP} ] && IP=$( wget -qO- -t1 -T2 ipinfo.io/ip ) [ ! -z ${IP} ] && echo ${IP} || echo } # Pre-installation settings pre_install(){ if check_sys packageManager yum || check_sys packageManager apt; then # Not support CentOS 5 if centosversion 5; then echo "Error: Not supported CentOS 5, please change to CentOS 6+/Debian 7+/Ubuntu 12+ and try again." exit 1 fi else echo "Error: Your OS is not supported. please change OS to CentOS/Debian/Ubuntu and try again." exit 1 fi # Set shadowsocks config password echo "Please input password for shadowsocks-python:" read -p "(Default password: teddysun.com):" shadowsockspwd [ -z "${shadowsockspwd}" ] && shadowsockspwd="teddysun.com" echo echo "---------------------------" echo "password = ${shadowsockspwd}" echo "---------------------------" echo # Set shadowsocks config port while true do echo -e "Please input port for shadowsocks-python [1-65535]:" read -p "(Default port: 8989):" shadowsocksport [ -z "$shadowsocksport" ] && shadowsocksport="8989" expr ${shadowsocksport} + 0 &>/dev/null if [ $? -eq 0 ]; then if [ ${shadowsocksport} -ge 1 ] && [ ${shadowsocksport} -le 65535 ]; then echo echo "---------------------------" echo "port = ${shadowsocksport}" echo "---------------------------" echo break else echo "Input error, please input correct number" fi else echo "Input error, please input correct number" fi done get_char(){ SAVEDSTTY=`stty -g` stty -echo stty cbreak dd if=/dev/tty bs=1 count=1 2> /dev/null stty -raw stty echo stty $SAVEDSTTY } echo echo "Press any key to start...or Press Ctrl+C to cancel" char=`get_char` #Install necessary dependencies if check_sys packageManager yum; then yum install -y unzip openssl-devel gcc swig python python-devel python-setuptools autoconf libtool libevent automake make curl curl-devel zlib-devel perl perl-devel cpio expat-devel gettext-devel elif check_sys packageManager apt; then apt-get -y update apt-get -y install python python-dev python-pip python-setuptools python-m2crypto curl wget unzip gcc swig automake make perl cpio build-essential fi cd ${cur_dir} } # Download files download_files(){ # Download libsodium file if ! wget --no-check-certificate -O libsodium-1.0.11.tar.gz https://github.com/jedisct1/libsodium/releases/download/1.0.11/libsodium-1.0.11.tar.gz; then echo "Failed to download libsodium-1.0.11.tar.gz!" exit 1 fi # Download Shadowsocks file if ! wget --no-check-certificate -O shadowsocks-master.zip https://github.com/shadowsocks/shadowsocks/archive/master.zip; then echo "Failed to download shadowsocks python file!" exit 1 fi # Download Shadowsocks init script if check_sys packageManager yum; then if ! wget --no-check-certificate https://raw.githubusercontent.com/teddysun/shadowsocks_install/master/shadowsocks -O /etc/init.d/shadowsocks; then echo "Failed to download shadowsocks chkconfig file!" exit 1 fi elif check_sys packageManager apt; then if ! wget --no-check-certificate https://raw.githubusercontent.com/teddysun/shadowsocks_install/master/shadowsocks-debian -O /etc/init.d/shadowsocks; then echo "Failed to download shadowsocks chkconfig file!" exit 1 fi fi } # Config shadowsocks config_shadowsocks(){ cat > /etc/shadowsocks.json<<-EOF { "server":"0.0.0.0", "server_port":${shadowsocksport}, "local_address":"127.0.0.1", "local_port":1080, "password":"${shadowsockspwd}", "timeout":300, "method":"aes-256-cfb", "fast_open":false } EOF } # Firewall set firewall_set(){ echo "firewall set start..." if centosversion 6; then /etc/init.d/iptables status > /dev/null 2>&1 if [ $? -eq 0 ]; then iptables -L -n | grep -i ${shadowsocksport} > /dev/null 2>&1 if [ $? -ne 0 ]; then iptables -I INPUT -m state --state NEW -m tcp -p tcp --dport ${shadowsocksport} -j ACCEPT iptables -I INPUT -m state --state NEW -m udp -p udp --dport ${shadowsocksport} -j ACCEPT /etc/init.d/iptables save /etc/init.d/iptables restart else echo "port ${shadowsocksport} has been set up." fi else echo "WARNING: iptables looks like shutdown or not installed, please manually set it if necessary." fi elif centosversion 7; then systemctl status firewalld > /dev/null 2>&1 if [ $? -eq 0 ]; then firewall-cmd --permanent --zone=public --add-port=${shadowsocksport}/tcp firewall-cmd --permanent --zone=public --add-port=${shadowsocksport}/udp firewall-cmd --reload else echo "Firewalld looks like not running, try to start..." systemctl start firewalld if [ $? -eq 0 ]; then firewall-cmd --permanent --zone=public --add-port=${shadowsocksport}/tcp firewall-cmd --permanent --zone=public --add-port=${shadowsocksport}/udp firewall-cmd --reload else echo "WARNING: Try to start firewalld failed. please enable port ${shadowsocksport} manually if necessary." fi fi fi echo "firewall set completed..." } # Install Shadowsocks install(){ # Install libsodium tar zxf libsodium-1.0.11.tar.gz cd libsodium-1.0.11 ./configure && make && make install if [ $? -ne 0 ]; then echo "libsodium install failed!" install_cleanup exit 1 fi echo "/usr/local/lib" > /etc/ld.so.conf.d/local.conf ldconfig # Install Shadowsocks cd ${cur_dir} unzip -q shadowsocks-master.zip if [ $? -ne 0 ];then echo "unzip shadowsocks-master.zip failed! please check unzip command." install_cleanup exit 1 fi cd ${cur_dir}/shadowsocks-master python setup.py install --record /usr/local/shadowsocks_install.log if [ -f /usr/bin/ssserver ] || [ -f /usr/local/bin/ssserver ]; then chmod +x /etc/init.d/shadowsocks if check_sys packageManager yum; then chkconfig --add shadowsocks chkconfig shadowsocks on elif check_sys packageManager apt; then update-rc.d -f shadowsocks defaults fi /etc/init.d/shadowsocks start else echo echo "Shadowsocks install failed! please visit https://teddysun.com/342.html and contact." install_cleanup exit 1 fi clear echo echo "Congratulations, shadowsocks server install completed!" echo -e "Your Server IP: \033[41;37m $(get_ip) \033[0m" echo -e "Your Server Port: \033[41;37m ${shadowsocksport} \033[0m" echo -e "Your Password: \033[41;37m ${shadowsockspwd} \033[0m" echo -e "Your Local IP: \033[41;37m 127.0.0.1 \033[0m" echo -e "Your Local Port: \033[41;37m 1080 \033[0m" echo -e "Your Encryption Method: \033[41;37m aes-256-cfb \033[0m" echo echo "Welcome to visit:https://teddysun.com/342.html" echo "Enjoy it!" echo } # Install cleanup install_cleanup(){ cd ${cur_dir} rm -rf shadowsocks-master.zip shadowsocks-master libsodium-1.0.11.tar.gz libsodium-1.0.11 } # Uninstall Shadowsocks uninstall_shadowsocks(){ printf "Are you sure uninstall Shadowsocks? (y/n) " printf "\n" read -p "(Default: n):" answer [ -z ${answer} ] && answer="n" if [ "${answer}" == "y" ] || [ "${answer}" == "Y" ]; then ps -ef | grep -v grep | grep -i "ssserver" > /dev/null 2>&1 if [ $? -eq 0 ]; then /etc/init.d/shadowsocks stop fi if check_sys packageManager yum; then chkconfig --del shadowsocks elif check_sys packageManager apt; then update-rc.d -f shadowsocks remove fi # delete config file rm -f /etc/shadowsocks.json rm -f /var/run/shadowsocks.pid rm -f /etc/init.d/shadowsocks rm -f /var/log/shadowsocks.log if [ -f /usr/local/shadowsocks_install.log ]; then cat /usr/local/shadowsocks_install.log | xargs rm -rf fi echo "Shadowsocks uninstall success!" else echo echo "uninstall cancelled, nothing to do..." echo fi } # Install Shadowsocks-python install_shadowsocks(){ rootness disable_selinux pre_install download_files config_shadowsocks if check_sys packageManager yum; then firewall_set fi install install_cleanup } # Initialization step action=$1 [ -z $1 ] && action=install case "$action" in install|uninstall) ${action}_shadowsocks ;; *) echo "Arguments error! [${action}]" echo "Usage: `basename $0` {install|uninstall}" ;; esac
阿里云centos7基于搭建VPN的更多相关文章
- 阿里云 CentOS7中搭建FTP服务器
1配置 vsftpd-3.0.2-27.el7.x86_64 阿里云 centos 7.0 2 ftp工作模式 2.1 ftp通道 ftp工作会启动两个通道: 控制通道,数据通道 在ftp协议中,控制 ...
- 阿里云CentOS7.3搭建多用户私有git服务器(从安装git开始)
起因 自己会有练手的不敢公开的项目,就自己搭建个服务器放自己的渣代码了. 在经历了连不上服务器.没有访问权限.没法提交以后,我打通了任督二脉. 我这个git服务器适合条件:1.就那么几个人小项目,不是 ...
- 阿里云CentOS7系统搭建JavaWeb环境
一,准备工作 1,安装目录 我们创建如下路径/usr/develop,然后在develop目录下面创建java,tomcat和mysql三个目录即可. 二,配置JDK 1.理解wget命令 wget命 ...
- 阿里云centos7搭建php+nginx环境
阿里云Centos搭建lnmp(php7.1+nginx+mysql5.7) https://jingyan.baidu.com/article/215817f7a10bfb1eda14238b.ht ...
- 阿里云Centos7使用yum安装MySQL5.6的正确姿势
阿里云Centos7使用yum安装MySQL5.6 阿里云Centos7使用yum安装MySQL5.6 前言:由于某些不可抗力,我要在自己的阿里云服务器上搭建hadoop+hive+mysql+tom ...
- 阿里云centos7成功安装和启动nginx,但是外网访问不了的解决方案
问题环境: 阿里云centos7.4.1708 问题描述:成功配置,启动成功,外网访问不了 解决方案: 经过查阅文档,去阿里云后台查看,原来是新购的服务器都加入和实例安全组. (OMG)立即去配置.加 ...
- 阿里云学生服务器搭建网站-Ubuntu16.04安装php开发环境
阿里云学生服务器搭建网站(2)-Ubuntu16.04安装php开发环境 优秀博文:https://www.linuxidc.com/Linux/2016-10/136327.htm https:/ ...
- 阿里云centos7.4下tomcat8.5配置ssl证书
环境 阿里云centos7.4 域名也是阿里申请的 jdk1.8 tomcat8.5 1.申请证书 登录到阿里云的域名管理,可以看到已经申请过得域名,我这里第一个已经配置了ssl,第二个未配置,点击更 ...
- 阿里云centos7.x 打开80端口(转)
本文转自:https://blog.csdn.net/tengqingyong/article/details/82805053 一 :阿里云centos7.x用iptables打开80端口 1.安装 ...
随机推荐
- Android源码——Activity组件的启动过程
根Activity启动过程 Launcher启动MainActivity的过程主要分为6个步骤: 一.Launcher向ActivityManagerService发送一个启动MainActivity ...
- Mac OS使用brew安装Nginx、MySQL、PHP-FPM的LAMP开发环境
准备工作 新版的 Mac OS 内置了Apache 和 PHP,我的系统版本是OS X 10.9.3,可以通过以下命令查看Apache和PHP的版本号: httpd -v Server version ...
- 2 云计算系列之KVM的安装与使用
preface 在上篇博客中,我们讲了云的概念,分类,以及虚拟化技术.我们知道Openstack的虚拟化技术是基于KVM的,所以下面就开始说说如何部署和使用KVM. 下面的讲解包含以下知识点: 安装K ...
- js cookie
cookie:cookis:储存数据,当用户访问了某个网站的时候,我们就可以通过cookie来向访问者电脑上储存数据1)不同浏览器的存放cookie位置不一样,也是不能通用的2)cookie的存储是以 ...
- [asp.net core] Tag Helpers 简介(转)
原文地址 https://docs.microsoft.com/en-us/aspnet/core/mvc/views/tag-helpers/intro What are Tag Helpers? ...
- linux下如何关闭防火墙?如何查看防火墙当前的状态
从配置菜单关闭防火墙是不起作用的,索性在安装的时候就不要装防火墙查看防火墙状态:/etc/init.d/iptables status暂时关闭防火墙:/etc/init.d/iptables stop ...
- oracle DDL(数据定义语言)基本语句
--创建表格 create table production( ProductIdvarchar2(10), ProductNamevarchar2(20), ProductPricenumber( ...
- nyoj 473 A^B Problem
A^B Problem 时间限制:1000 ms | 内存限制:65535 KB 难度:2 描述 Give you two numbers a and b,how to know the a^ ...
- [Algorithm] 局部敏感哈希算法(Locality Sensitive Hashing)
局部敏感哈希(Locality Sensitive Hashing,LSH)算法是我在前一段时间找工作时接触到的一种衡量文本相似度的算法.局部敏感哈希是近似最近邻搜索算法中最流行的一种,它有坚实的理论 ...
- FTP下载文件失败
这几天的定时任务下载文件的脚本失败了. 于是手工执行测试,发现报550 Permission denied. Passive mode refused. 意思就是被动模式下,没有权限获取文件. 解决方 ...