阿里云centos7基于搭建VPN
本文参考自:http://www.xxkwz.cn/1495.html
前段时间使用pptp搭建了一个VPN,速度很快,但是用了大概一个月挂了,估计是被墙了吧,于是,用shadowsocks重新搭建了一个,
参考了网友教程,结合自己的一些运维经验,终于搭建成功,先记录一下,希望可以帮助有需要的朋友。
一、服务器端配置
1、安装采用的是teddysun(github上可以搜索到)写的一键安装脚本,具体地址如下:
https://raw.githubusercontent.com/teddysun/shadowsocks_install/master/shadowsocks.sh
或者:
https://github.com/teddysun/shadowsocks_install.git
下载后,使用root执行就OK,不再赘述。为防止链接失效,完整的脚本也可在本文末尾附录中看到。
2、修改默认配置
配置文件路径:/etc/shadowsocks.json
内容:
{
"server":"your_server_ip",
"server_port":8989,
"local_address":"127.0.0.1",
"local_port":1080,
"password":"yourpassword",
"timeout":300,
"method":"rc4-md5", "fast_open": false }
加密方式改为:rc4-md5
3、修改防火墙
如果开启了iptables防火墙,需要开放上面的server_port端口
方法:
vi /etc/systemconfig/iptables
-A INPUT -m state --state NEW -m tcp -p tcp --dport 8989 -j ACCEPT
4、重启服务
systemctl restart shadowsocks
二、客户端配置
参考自:https://ttt.tt/150/
下载地址:
Win:
适合 Windows 7 用户,链接: http://pan.baidu.com/s/1ntoPuI1 密码: vrqh
适合 Windows 8.1 用户,链接: http://pan.baidu.com/s/1hq6A1yG 密码: 6oe9
OS X:http://pan.baidu.com/s/1i39qr8D 密码: pv6d
客户端配置界面如下:
注:其中的加密方式要改成 rc4-md5
客户端配置好后,需要设置浏览器的代理信息,以chrome为例:
1、进入chrome://settings/的高级设置
2、网络=》更改代理服务器设置
3、进入其中的局域网设置,截图如下:
以上就是配置的全过程,欢迎提问探讨。
附录:
#!/usr/bin/env bash
PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:~/bin
export PATH
#=================================================================#
# System Required: CentOS 6+, Debian 7+, Ubuntu 12+ #
# Description: One click Install Shadowsocks-Python server #
# Author: Teddysun <i@teddysun.com> #
# Thanks: @clowwindy <https://twitter.com/clowwindy> #
# Intro: https://teddysun.com/342.html #
#=================================================================#
clear
echo
echo "#############################################################"
echo "# One click Install Shadowsocks-Python server #"
echo "# Intro: https://teddysun.com/342.html #"
echo "# Author: Teddysun <i@teddysun.com> #"
echo "# Github: https://github.com/shadowsocks/shadowsocks #"
echo "#############################################################"
echo
#Current folder
cur_dir=`pwd`
# Make sure only root can run our script
rootness(){
if [[ $EUID -ne 0 ]]; then
echo "Error:This script must be run as root!" 1>&2
exit 1
fi
}
# Disable selinux
disable_selinux(){
if [ -s /etc/selinux/config ] && grep 'SELINUX=enforcing' /etc/selinux/config; then
sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config
setenforce 0
fi
}
#Check system
check_sys(){
local checkType=$1
local value=$2
local release=''
local systemPackage=''
if [[ -f /etc/redhat-release ]]; then
release="centos"
systemPackage="yum"
elif cat /etc/issue | grep -Eqi "debian"; then
release="debian"
systemPackage="apt"
elif cat /etc/issue | grep -Eqi "ubuntu"; then
release="ubuntu"
systemPackage="apt"
elif cat /etc/issue | grep -Eqi "centos|red hat|redhat"; then
release="centos"
systemPackage="yum"
elif cat /proc/version | grep -Eqi "debian"; then
release="debian"
systemPackage="apt"
elif cat /proc/version | grep -Eqi "ubuntu"; then
release="ubuntu"
systemPackage="apt"
elif cat /proc/version | grep -Eqi "centos|red hat|redhat"; then
release="centos"
systemPackage="yum"
fi
if [[ ${checkType} == "sysRelease" ]]; then
if [ "$value" == "$release" ]; then
return 0
else
return 1
fi
elif [[ ${checkType} == "packageManager" ]]; then
if [ "$value" == "$systemPackage" ]; then
return 0
else
return 1
fi
fi
}
# Get version
getversion(){
if [[ -s /etc/redhat-release ]]; then
grep -oE "[0-9.]+" /etc/redhat-release
else
grep -oE "[0-9.]+" /etc/issue
fi
}
# CentOS version
centosversion(){
if check_sys sysRelease centos; then
local code=$1
local version="$(getversion)"
local main_ver=${version%%.*}
if [ "$main_ver" == "$code" ]; then
return 0
else
return 1
fi
else
return 1
fi
}
# Get public IP address
get_ip(){
local IP=$( ip addr | egrep -o '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' | egrep -v "^192\.168|^172\.1[6-9]\.|^172\.2[0-9]\.|^172\.3[0-2]\.|^10\.|^127\.|^255\.|^0\." | head -n 1 )
[ -z ${IP} ] && IP=$( wget -qO- -t1 -T2 ipv4.icanhazip.com )
[ -z ${IP} ] && IP=$( wget -qO- -t1 -T2 ipinfo.io/ip )
[ ! -z ${IP} ] && echo ${IP} || echo
}
# Pre-installation settings
pre_install(){
if check_sys packageManager yum || check_sys packageManager apt; then
# Not support CentOS 5
if centosversion 5; then
echo "Error: Not supported CentOS 5, please change to CentOS 6+/Debian 7+/Ubuntu 12+ and try again."
exit 1
fi
else
echo "Error: Your OS is not supported. please change OS to CentOS/Debian/Ubuntu and try again."
exit 1
fi
# Set shadowsocks config password
echo "Please input password for shadowsocks-python:"
read -p "(Default password: teddysun.com):" shadowsockspwd
[ -z "${shadowsockspwd}" ] && shadowsockspwd="teddysun.com"
echo
echo "---------------------------"
echo "password = ${shadowsockspwd}"
echo "---------------------------"
echo
# Set shadowsocks config port
while true
do
echo -e "Please input port for shadowsocks-python [1-65535]:"
read -p "(Default port: 8989):" shadowsocksport
[ -z "$shadowsocksport" ] && shadowsocksport="8989"
expr ${shadowsocksport} + 0 &>/dev/null
if [ $? -eq 0 ]; then
if [ ${shadowsocksport} -ge 1 ] && [ ${shadowsocksport} -le 65535 ]; then
echo
echo "---------------------------"
echo "port = ${shadowsocksport}"
echo "---------------------------"
echo
break
else
echo "Input error, please input correct number"
fi
else
echo "Input error, please input correct number"
fi
done
get_char(){
SAVEDSTTY=`stty -g`
stty -echo
stty cbreak
dd if=/dev/tty bs=1 count=1 2> /dev/null
stty -raw
stty echo
stty $SAVEDSTTY
}
echo
echo "Press any key to start...or Press Ctrl+C to cancel"
char=`get_char`
#Install necessary dependencies
if check_sys packageManager yum; then
yum install -y unzip openssl-devel gcc swig python python-devel python-setuptools autoconf libtool libevent automake make curl curl-devel zlib-devel perl perl-devel cpio expat-devel gettext-devel
elif check_sys packageManager apt; then
apt-get -y update
apt-get -y install python python-dev python-pip python-setuptools python-m2crypto curl wget unzip gcc swig automake make perl cpio build-essential
fi
cd ${cur_dir}
}
# Download files
download_files(){
# Download libsodium file
if ! wget --no-check-certificate -O libsodium-1.0.11.tar.gz https://github.com/jedisct1/libsodium/releases/download/1.0.11/libsodium-1.0.11.tar.gz; then
echo "Failed to download libsodium-1.0.11.tar.gz!"
exit 1
fi
# Download Shadowsocks file
if ! wget --no-check-certificate -O shadowsocks-master.zip https://github.com/shadowsocks/shadowsocks/archive/master.zip; then
echo "Failed to download shadowsocks python file!"
exit 1
fi
# Download Shadowsocks init script
if check_sys packageManager yum; then
if ! wget --no-check-certificate https://raw.githubusercontent.com/teddysun/shadowsocks_install/master/shadowsocks -O /etc/init.d/shadowsocks; then
echo "Failed to download shadowsocks chkconfig file!"
exit 1
fi
elif check_sys packageManager apt; then
if ! wget --no-check-certificate https://raw.githubusercontent.com/teddysun/shadowsocks_install/master/shadowsocks-debian -O /etc/init.d/shadowsocks; then
echo "Failed to download shadowsocks chkconfig file!"
exit 1
fi
fi
}
# Config shadowsocks
config_shadowsocks(){
cat > /etc/shadowsocks.json<<-EOF
{
"server":"0.0.0.0",
"server_port":${shadowsocksport},
"local_address":"127.0.0.1",
"local_port":1080,
"password":"${shadowsockspwd}",
"timeout":300,
"method":"aes-256-cfb",
"fast_open":false
}
EOF
}
# Firewall set
firewall_set(){
echo "firewall set start..."
if centosversion 6; then
/etc/init.d/iptables status > /dev/null 2>&1
if [ $? -eq 0 ]; then
iptables -L -n | grep -i ${shadowsocksport} > /dev/null 2>&1
if [ $? -ne 0 ]; then
iptables -I INPUT -m state --state NEW -m tcp -p tcp --dport ${shadowsocksport} -j ACCEPT
iptables -I INPUT -m state --state NEW -m udp -p udp --dport ${shadowsocksport} -j ACCEPT
/etc/init.d/iptables save
/etc/init.d/iptables restart
else
echo "port ${shadowsocksport} has been set up."
fi
else
echo "WARNING: iptables looks like shutdown or not installed, please manually set it if necessary."
fi
elif centosversion 7; then
systemctl status firewalld > /dev/null 2>&1
if [ $? -eq 0 ]; then
firewall-cmd --permanent --zone=public --add-port=${shadowsocksport}/tcp
firewall-cmd --permanent --zone=public --add-port=${shadowsocksport}/udp
firewall-cmd --reload
else
echo "Firewalld looks like not running, try to start..."
systemctl start firewalld
if [ $? -eq 0 ]; then
firewall-cmd --permanent --zone=public --add-port=${shadowsocksport}/tcp
firewall-cmd --permanent --zone=public --add-port=${shadowsocksport}/udp
firewall-cmd --reload
else
echo "WARNING: Try to start firewalld failed. please enable port ${shadowsocksport} manually if necessary."
fi
fi
fi
echo "firewall set completed..."
}
# Install Shadowsocks
install(){
# Install libsodium
tar zxf libsodium-1.0.11.tar.gz
cd libsodium-1.0.11
./configure && make && make install
if [ $? -ne 0 ]; then
echo "libsodium install failed!"
install_cleanup
exit 1
fi
echo "/usr/local/lib" > /etc/ld.so.conf.d/local.conf
ldconfig
# Install Shadowsocks
cd ${cur_dir}
unzip -q shadowsocks-master.zip
if [ $? -ne 0 ];then
echo "unzip shadowsocks-master.zip failed! please check unzip command."
install_cleanup
exit 1
fi
cd ${cur_dir}/shadowsocks-master
python setup.py install --record /usr/local/shadowsocks_install.log
if [ -f /usr/bin/ssserver ] || [ -f /usr/local/bin/ssserver ]; then
chmod +x /etc/init.d/shadowsocks
if check_sys packageManager yum; then
chkconfig --add shadowsocks
chkconfig shadowsocks on
elif check_sys packageManager apt; then
update-rc.d -f shadowsocks defaults
fi
/etc/init.d/shadowsocks start
else
echo
echo "Shadowsocks install failed! please visit https://teddysun.com/342.html and contact."
install_cleanup
exit 1
fi
clear
echo
echo "Congratulations, shadowsocks server install completed!"
echo -e "Your Server IP: \033[41;37m $(get_ip) \033[0m"
echo -e "Your Server Port: \033[41;37m ${shadowsocksport} \033[0m"
echo -e "Your Password: \033[41;37m ${shadowsockspwd} \033[0m"
echo -e "Your Local IP: \033[41;37m 127.0.0.1 \033[0m"
echo -e "Your Local Port: \033[41;37m 1080 \033[0m"
echo -e "Your Encryption Method: \033[41;37m aes-256-cfb \033[0m"
echo
echo "Welcome to visit:https://teddysun.com/342.html"
echo "Enjoy it!"
echo
}
# Install cleanup
install_cleanup(){
cd ${cur_dir}
rm -rf shadowsocks-master.zip shadowsocks-master libsodium-1.0.11.tar.gz libsodium-1.0.11
}
# Uninstall Shadowsocks
uninstall_shadowsocks(){
printf "Are you sure uninstall Shadowsocks? (y/n) "
printf "\n"
read -p "(Default: n):" answer
[ -z ${answer} ] && answer="n"
if [ "${answer}" == "y" ] || [ "${answer}" == "Y" ]; then
ps -ef | grep -v grep | grep -i "ssserver" > /dev/null 2>&1
if [ $? -eq 0 ]; then
/etc/init.d/shadowsocks stop
fi
if check_sys packageManager yum; then
chkconfig --del shadowsocks
elif check_sys packageManager apt; then
update-rc.d -f shadowsocks remove
fi
# delete config file
rm -f /etc/shadowsocks.json
rm -f /var/run/shadowsocks.pid
rm -f /etc/init.d/shadowsocks
rm -f /var/log/shadowsocks.log
if [ -f /usr/local/shadowsocks_install.log ]; then
cat /usr/local/shadowsocks_install.log | xargs rm -rf
fi
echo "Shadowsocks uninstall success!"
else
echo
echo "uninstall cancelled, nothing to do..."
echo
fi
}
# Install Shadowsocks-python
install_shadowsocks(){
rootness
disable_selinux
pre_install
download_files
config_shadowsocks
if check_sys packageManager yum; then
firewall_set
fi
install
install_cleanup
}
# Initialization step
action=$1
[ -z $1 ] && action=install
case "$action" in
install|uninstall)
${action}_shadowsocks
;;
*)
echo "Arguments error! [${action}]"
echo "Usage: `basename $0` {install|uninstall}"
;;
esac
阿里云centos7基于搭建VPN的更多相关文章
- 阿里云 CentOS7中搭建FTP服务器
1配置 vsftpd-3.0.2-27.el7.x86_64 阿里云 centos 7.0 2 ftp工作模式 2.1 ftp通道 ftp工作会启动两个通道: 控制通道,数据通道 在ftp协议中,控制 ...
- 阿里云CentOS7.3搭建多用户私有git服务器(从安装git开始)
起因 自己会有练手的不敢公开的项目,就自己搭建个服务器放自己的渣代码了. 在经历了连不上服务器.没有访问权限.没法提交以后,我打通了任督二脉. 我这个git服务器适合条件:1.就那么几个人小项目,不是 ...
- 阿里云CentOS7系统搭建JavaWeb环境
一,准备工作 1,安装目录 我们创建如下路径/usr/develop,然后在develop目录下面创建java,tomcat和mysql三个目录即可. 二,配置JDK 1.理解wget命令 wget命 ...
- 阿里云centos7搭建php+nginx环境
阿里云Centos搭建lnmp(php7.1+nginx+mysql5.7) https://jingyan.baidu.com/article/215817f7a10bfb1eda14238b.ht ...
- 阿里云Centos7使用yum安装MySQL5.6的正确姿势
阿里云Centos7使用yum安装MySQL5.6 阿里云Centos7使用yum安装MySQL5.6 前言:由于某些不可抗力,我要在自己的阿里云服务器上搭建hadoop+hive+mysql+tom ...
- 阿里云centos7成功安装和启动nginx,但是外网访问不了的解决方案
问题环境: 阿里云centos7.4.1708 问题描述:成功配置,启动成功,外网访问不了 解决方案: 经过查阅文档,去阿里云后台查看,原来是新购的服务器都加入和实例安全组. (OMG)立即去配置.加 ...
- 阿里云学生服务器搭建网站-Ubuntu16.04安装php开发环境
阿里云学生服务器搭建网站(2)-Ubuntu16.04安装php开发环境 优秀博文:https://www.linuxidc.com/Linux/2016-10/136327.htm https:/ ...
- 阿里云centos7.4下tomcat8.5配置ssl证书
环境 阿里云centos7.4 域名也是阿里申请的 jdk1.8 tomcat8.5 1.申请证书 登录到阿里云的域名管理,可以看到已经申请过得域名,我这里第一个已经配置了ssl,第二个未配置,点击更 ...
- 阿里云centos7.x 打开80端口(转)
本文转自:https://blog.csdn.net/tengqingyong/article/details/82805053 一 :阿里云centos7.x用iptables打开80端口 1.安装 ...
随机推荐
- 纪念BLives 1.0版本发布
历时两个多月的时间,BLives程序1.0发布,在开发程序期间自己经历了很多,考试,恋爱,学业,自己很纠结 很伤心,有时候很无助,为了让自己有事干,我在考试备考期间去设计程序- -#,虽然程序设计的一 ...
- 【JavaWeb】Spring+SpringMVC+MyBatis+SpringSecurity+EhCache+JCaptcha 完整Web基础框架(四)
SpringSecurity(1) 其实啊,这部分我是最不想写的,因为最麻烦的也是这部分,真的是非常非常的麻烦.关于SpringSecurity的配置,让我折腾了好半天,网上的配置方式一大把,但总有一 ...
- CSS-用伪类制作小箭头(轮播图的左右切换btn)
先上学习地址:http://www.htmleaf.com/Demo/201610234136.html 作者对轮播图左右按钮的处理方法一改往常,不是简单地用btn.prev+btn.next的图片代 ...
- Python 编码简单说
先说说什么是编码. 编码(encoding)就是把一个字符映射到计算机底层使用的二进制码.编码方案(encoding scheme)规定了字符串是如何编码的. python编码,其实就是对python ...
- 什么是License
许多混乱就始于你不知道License到底是什么,到底有什么含义.当你对你的产品使用License时,并不意味着你放弃了任何权利,你依然对其拥有原著作权.License只是授予他们于特定权利来使用你的产 ...
- 【Java之对象清理】finalize()的用途
Java允许在类中定义一个名为finalize()的方法.它的工作原理是:一旦垃圾回收器准备好释放对象占用的存储空间,将首先调用其finalize()方法.并且在下一次垃圾回收动作发生时,才会真正回收 ...
- shell test用法
1)判断表达式 if test (表达式为真) if test !表达式为假 test 表达式1 –a 表达式2 两个表达式都为真 test 表达式1 –o 表达式 ...
- [转]socket 通俗解释
socket是网络编程的基础,本文用打电话来类比socket通信中建立TCP连接的过程. socket函数,表示你买了或者借了一部手机. bind函数,告诉别人你的手机号码,让他们给你打电 ...
- nginx使用ngx_lua访问后端Thrift-Server实现和介绍
背景 随着openresty的出现,让nginx使用lua解决一些业务的能力大幅度提高,ngx_lua可以使用nginx自生的基于事件驱动的IO模型,和后端的存储,业务等系统实现非阻塞的连接交互. 如 ...
- C# socket send方法
转 http://msdn.microsoft.com/zh-cn/library/d318fkch(v=vs.80).aspx