0. 前言

GreenVPN本周挂了,噩耗啊。服务时间最长,我觉得应该是一辈子不会挂的最后防线居然就这么轻易挂了。看来还是得自己搭VPS作为自己的最后防线。否则第三方的服务哪天挂了,我真的就闭耳塞听了。

1. VPS

名字就不提了,反正越少人知道越好。本来想用$2.5的Instance,卖完了。接着想索性换一样价格的Linode,结果Linode的$5也卖完了。最后还是用了$5的Instance,等有$2.5的时候再换下来。

2. 安装

2.0 系统

操作系统选的是最新的ubuntu,17.04

cat /etc/issue
# Ubuntu 17.04 \n \l
sudo lsb_release -a
# No LSB modules are available.
# Distributor ID:	Ubuntu
# Description:	Ubuntu 17.04
# Release:	17.04
# Codename:	zesty
uname -r
# 4.10.0-20-generic

2.1 启用BBR

echo "net.core.default_qdisc=fq" >> /etc/sysctl.conf
echo "net.ipv4.tcp_congestion_control=bbr" >> /etc/sysctl.conf
sysctl -p /etc/sysctl.conf
# net.ipv6.conf.all.accept_ra = 2
# net.core.default_qdisc = fq
# net.ipv4.tcp_congestion_control = bbr
sysctl net.ipv4.tcp_available_congestion_control
# net.ipv4.tcp_available_congestion_control = bbr cubic reno
lsmod | grep bbr
# tcp_bbr                20480  0

2.1 安装libsodium

详见:Link

apt-get install build-essential
wget https://github.com/jedisct1/libsodium/releases/download/1.0.12/libsodium-1.0.12.tar.gz
tar xf libsodium-1.0.12.tar.gz && cd libsodium-1.0.12
./configure && make -j2 && make install
ldconfig

2.2 安装SS

详见:Link

git clone -b manyuser https://github.com/shadowsocksr/shadowsocksr.git
cd shadowsocksr
bash initcfg.sh

2.3 安装python

apt-get install checkinstall
apt-get install libreadline-gplv2-dev libncursesw5-dev libssl-dev libsqlite3-dev tk-dev libgdbm-dev libc6-dev libbz2-dev

wget https://www.python.org/ftp/python/2.7.13/Python-2.7.13.tgz
tar xzf Python-2.7.13.tgz
cd Python-2.7.13
./configure
make install

2.4 创建命令脚本和运维环境

修改文件limit

echo "fs.file-max=1024000" >> /etc/sysctl.conf
sysctl -p /etc/sysctl.conf
echo "*               soft    nofile           512000" >> /etc/security/limits.conf
echo "*               hard    nofile          1024000" >> /etc/security/limits.conf

日志和启动文件

touch shadowsocks.sh
chmod +x ./shadowsocks.sh
ln -s /var/log/shadowsocksr.log ./shadowsocksr.log

vim shadowsocks.sh

#!/bin/bash
BASEDIR=$(dirname "$0")
CMD=${BASEDIR}/shadowsocksr/shadowsocks/server.py
CONF=${BASEDIR}/shadowsocksr/user-config.json

cd ${BASEDIR}

if [ "$1" == "start" ];then
    ulimit -n 512000
    python ${CMD} -c ${CONF} -d start
elif [ "$1" == "restart" ];then
    ulimit -n 512000
    python ${CMD} -c ${CONF} -d restart
elif [ "$1" == "stop" ];then
    ulimit -n 512000
    python ${CMD} -c ${CONF} -d stop
else
    echo "Usage: ./shadowsocks.sh start|stop|restart"
fi

vim shadowsocksr/user-config.json

{
    "server": "0.0.0.0",
    "server_ipv6": "::",
    "server_port": 8038,
    "local_address": "127.0.0.1",
    "local_port": 1080,

    "password": "$URPWD",
    "method": "aes-256-cfb",
    "protocol": "auth_aes128_md5",
    "protocol_param": "",
    "obfs": "http_simple",
    "obfs_param": "",
    "speed_limit_per_con": 0,
    "speed_limit_per_user": 0,

    "additional_ports" : {},
    "additional_ports_only" : false,
    "timeout": 120,
    "udp_timeout": 60,
    "dns_ipv6": false,
    "connect_verbose_info": 0,
    "redirect": ["bing.com", "cloudflare.com:443"],
    "fast_open": false
}

MAC客户端安装基本上和服务器差不多,git clone下来,bash生成config json,从服务器拷贝一份也行。然后只要把客户端的port和服务端的ip配下,就好了。
MAC自启动脚本
vim org.shadowsocks.macos.plist

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>GroupName</key>
    <string>wheel</string>
    <key>KeepAlive</key>
    <dict>
        <key>SuccessfulExit</key>
        <false/>
    </dict>
    <key>Label</key>
    <string>org.shadowsocksr.macos</string>
    <key>WorkingDirectory</key>
    <string>$PATH_TO_shadowsocksr</string>
    <key>ProgramArguments</key>
    <array>
        <string>/usr/bin/python</string>
            <string>shadowsocks/local.py</string>
            <string>-c</string>
            <string>user-config.json</string>
            <string>-d</string>
            <string>start</string>
    </array>
    <key>RunAtLoad</key>
    <true/>
    <key>StandardErrorPath</key>
    <string>/var/log/shadowsocksr.log</string>
    <key>StandardOutPath</key>
    <string>/var/log/shadowsocksr.log</string>
    <key>UserName</key>
    <string>root</string>
</dict>
</plist>

MAC启动

vim /Library/LaunchDaemons/org.shadowsocks.macos.plist
sudo launchctl load ./org.shadowsocks.macos.plist

观察日志

tail -f ./shadowsocksr.log