VPS下搭建ShadowSocks及Nginx实战
使用CN2/CN2GIA顶级线路,支持Shadowsocks/V2ray科学上网,支持支付宝付款,每月仅需 5 美元
## 加入品葱精选 Telegram Channel ##
最近入手了一美国VPS,128M内存,4G硬盘,年付6刀。。。白菜价。系统装的是CentOS 7,除了做ShadowSocks之外,还在上面搭建Nginx,记录下折腾的历程。
1、ShadowSocks的搭建已经很顺利了。。。
使用root用户登录,运行以下命令(这是三行。。。不要一次性复制执行,要运行三次):
wget --no-check-certificate https://raw.githubusercontent.com/ElvizLai/ShadowSocks/master/shadowsocks.sh
chmod +x shadowsocks.sh
./shadowsocks.sh 2>&1 | tee shadowsocks.log
完成后会有以下提示:
Congratulations, shadowsocks install completed!
Your Server IP:your_server_ip
Your Server Port:8989
Your Password:your_password
Your Local IP:127.0.0.1
Your Local Port:1080
Your Encryption Method:aes-256-cfb
Welcome to visit:http://teddysun.com/342.html
Enjoy it!
配置文件路径:/etc/shadowsocks.json
,使用vi打开,改成这样:
{
"server":"your_server_ip",
"local_address": "127.0.0.1",
"local_port":1080,
"port_password":{
"8989":"password0",
"9001":"password1",
"9002":"password2",
"9003":"password3",
"9004":"password4"
},
"timeout":60,
"method":"aes-256-cfb",
"fast_open": false,
"workers": 1
}
很明显了吧。。。其中method部分要跟ss客户端部分一致,从安全角度上将选256,但是从效率角度上,我个人换成了128
查看服务器状态的指令:
启动:/etc/init.d/shadowsocks start
停止:/etc/init.d/shadowsocks stop
重启:/etc/init.d/shadowsocks restart
查看状态:/etc/init.d/shadowsocks status
另外还提供一个低内存版本的服务端,libev版,安装方法跟上面一样,只需要将地址改为:
https://raw.githubusercontent.com/ElvizLai/ShadowSocks/master/shadowsocks-libev.sh
可能用的到的指令:
卸载 ./shadowsocks-libev.sh uninstall
升级 pip install -U shadowsocks
好了,ShadowSocks的服务端安装就到此结束了!
-————————–灰机——————-分割线————————–
2、Nginx服务器反向代理搭建。。。嗯,各种不顺
Step1、升级库:yum update
Step2、 安装make:yum -y install gcc automake autoconf libtool make gcc-c++
For Ubuntu:apt-get install build-essential
Setp3、 安装PCRE库
cd /usr/local/src
wget ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/pcre-8.38.tar.gz
tar -zxvf pcre-8.38.tar.gz
cd pcre-8.38
./configure
make
make install
Step4、安装zlib库
cd /usr/local/src
wget http://zlib.net/zlib-1.2.8.tar.gz
tar -zxvf zlib-1.2.8.tar.gz
cd zlib-1.2.8
./configure
make
make install
Step5、安装ssl,为了让网站显的正式一点,可以去startssl申请证书(但这样就要求自己必须有域名)。
cd /usr/local/src
wget http://www.openssl.org/source/openssl-1.0.2f.tar.gz
tar -zxvf openssl-1.0.2f.tar.gz
Step6、 由于反向代理是需要http_sub_module模块的,所以安装该模块:
cd /usr/local/src
git clone git://github.com/yaoweibin/ngx_http_substitutions_filter_module.git
#google模块,你懂
git clone git://github.com/cuber/ngx_http_google_filter_module
#加一份echo模块,用于调试
git clone git://github.com/openresty/echo-nginx-module
#fair负载均衡模块
git clone git://github.com/gnosek/nginx-upstream-fair
Step7、安装Nginx
cd /usr/local/src
wget http://nginx.org/download/nginx-1.9.9.tar.gz
tar -zxvf nginx-1.9.9.tar.gz
cd nginx-1.9.9
./configure --sbin-path=/usr/local/nginx/nginx \
--conf-path=/usr/local/nginx/nginx.conf \
--pid-path=/usr/local/nginx/nginx.pid \
--with-http_ssl_module \
--with-http_v2_module \
--with-pcre=/usr/local/src/pcre-8.38 \
--with-zlib=/usr/local/src/zlib-1.2.8 \
--with-openssl=/usr/local/src/openssl-1.0.2f \
--with-http_sub_module \
--add-module=/usr/local/src/ngx_http_substitutions_filter_module \
--add-module=/usr/local/src/echo-nginx-module \
--add-module=/usr/local/src/ngx_http_google_filter_module \
--add-module=/usr/local/src/nginx-upstream-fair
make
make install
不出意外的话,一定在make结束后会提示错误「xx pod2man xx」。。。。都是pod2man惹的祸,简单粗暴的解决方案:
rm /usr/bin/pod2man
make clean
./configure
make
make install
20141211添加-也可以试试阿里的Tengine
wget -c http://tengine.taobao.org/download/tengine-2.1.2.tar.gz
tar zxvf tengine-2.1.2.tar.gz
cd tengine-2.1.2
//后面参照nginx部分
Step8、还差临门一脚,配置conf文件,达到反向代理的目的:
自签发证书,或者使用startssl提供的证书
cd /usr/local/nginx/conf
openssl genrsa -out server.key 1024
openssl req -new -key server.key -out server.csr
openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
openssl dhparam -out dhparams.pem 4096
做个缓存
mkdir -p /var/nginx/cache
chown -R root /var/nginx
编辑nginx.conf文件
worker_processes 2;
pid nginx.pid;
events {
worker_connections 1024;
multi_accept on;
}
http {
include mime.types;
default_type application/octet-stream;
server_tokens off;
sendfile on;
tcp_nopush on;
keepalive_timeout 60;
gzip on;
gzip_disable "msie6";
gzip_proxied any;
gzip_min_length 1000;
proxy_cache_path /var/nginx/cache levels=1:2 keys_zone=cache:30m max_size=2g;
proxy_cache_key "$host$request_uri";
upstream google {
server 74.125.224.144 max_fails=3;
server 74.125.224.145 max_fails=3;
server 74.125.224.146 max_fails=3;
server 74.125.224.147 max_fails=3;
server 74.125.224.148 max_fails=3;
}
server {
listen 80;
add_header Strict-Transport-Security max-age=16070400;
server_name 你的域名;
rewrite ^(.*) https://$server_name$1 permanent;
}
# HTTPS server
server {
listen 443 ssl spdy;
server_name 你的域名;
ssl_certificate /usr/local/nginx/conf/ssl.crt;
ssl_certificate_key /usr/local/nginx/conf/ssl.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDHE-RSA-AES256-SHA384:AES256-SHA256:RC4:HIGH:!MD5:!aNULL:!eNULL:!NULL:!DH:!EDH:!AESGCM;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:5m;
ssl_session_timeout 10m;
location / {
proxy_cache cache;
proxy_cache_valid 200 302 1h;
proxy_cache_valid 404 1m;
proxy_redirect https://www.google.com/ /;
proxy_cookie_domain google.com $server_name;
proxy_pass http://google;
proxy_set_header Host "www.google.com";
proxy_set_header Accept-Encoding "";
proxy_set_header User-Agent $http_user_agent;
proxy_set_header Accept-Language "zh-CN";
proxy_set_header Cookie "PREF=ID=047808f19f6de346:U=0f62f33dd8549d11:FF=2:LD=zh-CN:NW=1:TM=1325338577:LM=1332142444:GM=1:SG=2:S=rE0SyJh2w1IQ-Maw";
sub_filter www.google.com $server_name;
sub_filter_once off;
}
}
}
可能用到的命令:
检查配置文件是否ok:/usr/local/nginx/nginx -t
已某配置文件开启nginx:/usr/local/nginx/nginx -c path/nginx.conf
Step9、虽说服务器稳定性较高,但也不是万能的。。。服务器宕机怎么办?每次都要人工去维护?
添加开机启动vi /etc/init.d/nginx
,然后输入以下内容并保存:
#!/bin/bash
#
# chkconfig: - 85 15
# description: Nginx is a World Wide Web server.
# processname: nginx
nginx=/usr/local/nginx/nginx
conf=/usr/local/nginx/nginx.conf
nginx_pid=/usr/local/nginx/nginx.pid
case $1 in
start)
echo -n "Starting Nginx"
$nginx -c $conf
echo " done"
;;
stop)
echo -n "Stopping Nginx"
kill -TERM `cat $nginx_pid`
echo " done"
;;
test)
$nginx -t -c $conf
;;
reload)
echo -n "Reloading Nginx"
ps auxww | grep nginx | grep master | awk '{print $2}' | xargs kill -HUP
echo " done"
;;
restart)
$0 stop
sleep 1
$0 start
;;
status)
ps -aux|grep nginx
;;
*)
echo -n "Usage: $0 {start|restart|reload|stop|test|status}"
;;
esac
更改权限chmod 755 /etc/init.d/nginx
,添加到开机启动项chkconfig nginx on
可能用到的命令
查看开机启动项:chkconfig --list
启动服务:service nginx start
停止服务:service nginx stop
重启服务:service nginx restart
重新加载:service nginx reload
显示状态:service nginx show
上述命令也可以用 /etc/init.d/nginx command 替换
强暴的杀掉nginx:pkill -9 nginx
最后的最后,可能用到的命令:
登录到远程主机:ssh [email protected] -p port
复制本地文件到vps:scp -P port /path/file [email protected]:/path
引用参考:
1、http://teddysun.com/342.html
3、http://rmingwang.com/install-nginx-third-modules-http_sub_module.html