0. 前言

GreenVPN本周挂了,噩耗啊。服务时间最长,我觉得应该是一辈子不会挂的最后防线居然就这么轻易挂了。看来还是得自己搭VPS作为自己的最后防线。否则第三方的服务哪天挂了,我真的就闭耳塞听了。

1. VPS

名字就不提了,反正越少人知道越好。本来想用$2.5的Instance,卖完了。接着想索性换一样价格的Linode,结果Linode的$5也卖完了。最后还是用了$5的Instance,等有$2.5的时候再换下来。

2. 安装

2.0 系统

操作系统选的是最新的ubuntu,17.04

 1 cat /etc/issue
 2 # Ubuntu 17.04 \n \l
 3 sudo lsb_release -a
 4 # No LSB modules are available.
 5 # Distributor ID:	Ubuntu
 6 # Description:	Ubuntu 17.04
 7 # Release:	17.04
 8 # Codename:	zesty
 9 uname -r
10 # 4.10.0-20-generic

2.1 启用BBR

 1 echo "net.core.default_qdisc=fq" >> /etc/sysctl.conf
 2 echo "net.ipv4.tcp_congestion_control=bbr" >> /etc/sysctl.conf
 3 sysctl -p /etc/sysctl.conf
 4 # net.ipv6.conf.all.accept_ra = 2
 5 # net.core.default_qdisc = fq
 6 # net.ipv4.tcp_congestion_control = bbr
 7 sysctl net.ipv4.tcp_available_congestion_control
 8 # net.ipv4.tcp_available_congestion_control = bbr cubic reno
 9 lsmod | grep bbr
10 # tcp_bbr                20480  0

2.1 安装libsodium

详见:Link

1 apt-get install build-essential
2 wget https://github.com/jedisct1/libsodium/releases/download/1.0.12/libsodium-1.0.12.tar.gz
3 tar xf libsodium-1.0.12.tar.gz && cd libsodium-1.0.12
4 ./configure && make -j2 && make install
5 ldconfig

2.2 安装SS

详见:Link

1 git clone -b manyuser https://github.com/shadowsocksr/shadowsocksr.git
2 cd shadowsocksr
3 bash initcfg.sh

2.3 安装python

1 apt-get install checkinstall
2 apt-get install libreadline-gplv2-dev libncursesw5-dev libssl-dev libsqlite3-dev tk-dev libgdbm-dev libc6-dev libbz2-dev
3 
4 wget https://www.python.org/ftp/python/2.7.13/Python-2.7.13.tgz
5 tar xzf Python-2.7.13.tgz
6 cd Python-2.7.13
7 ./configure
8 make install

2.4 创建命令脚本和运维环境

修改文件limit

1 echo "fs.file-max=1024000" >> /etc/sysctl.conf
2 sysctl -p /etc/sysctl.conf
3 echo "*               soft    nofile           512000" >> /etc/security/limits.conf
4 echo "*               hard    nofile          1024000" >> /etc/security/limits.conf

日志和启动文件

1 touch shadowsocks.sh
2 chmod +x ./shadowsocks.sh
3 ln -s /var/log/shadowsocksr.log ./shadowsocksr.log

vim shadowsocks.sh

 1 #!/bin/bash
 2 BASEDIR=$(dirname "$0")
 3 CMD=${BASEDIR}/shadowsocksr/shadowsocks/server.py
 4 CONF=${BASEDIR}/shadowsocksr/user-config.json
 5 
 6 cd ${BASEDIR}
 7 
 8 if [ "$1" == "start" ];then
 9     ulimit -n 512000
10     python ${CMD} -c ${CONF} -d start
11 elif [ "$1" == "restart" ];then
12     ulimit -n 512000
13     python ${CMD} -c ${CONF} -d restart
14 elif [ "$1" == "stop" ];then
15     ulimit -n 512000
16     python ${CMD} -c ${CONF} -d stop
17 else
18     echo "Usage: ./shadowsocks.sh start|stop|restart"
19 fi

vim shadowsocksr/user-config.json

 1 {
 2     "server": "0.0.0.0",
 3     "server_ipv6": "::",
 4     "server_port": 8038,
 5     "local_address": "127.0.0.1",
 6     "local_port": 1080,
 7 
 8     "password": "$URPWD",
 9     "method": "aes-256-cfb",
10     "protocol": "auth_aes128_md5",
11     "protocol_param": "",
12     "obfs": "http_simple",
13     "obfs_param": "",
14     "speed_limit_per_con": 0,
15     "speed_limit_per_user": 0,
16 
17     "additional_ports" : {},
18     "additional_ports_only" : false,
19     "timeout": 120,
20     "udp_timeout": 60,
21     "dns_ipv6": false,
22     "connect_verbose_info": 0,
23     "redirect": ["bing.com", "cloudflare.com:443"],
24     "fast_open": false
25 }

MAC客户端安装基本上和服务器差不多,git clone下来,bash生成config json,从服务器拷贝一份也行。然后只要把客户端的port和服务端的ip配下,就好了。
MAC自启动脚本
vim org.shadowsocks.macos.plist

 1 <?xml version="1.0" encoding="UTF-8"?>
 2 <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
 3 <plist version="1.0">
 4 <dict>
 5     <key>GroupName</key>
 6     <string>wheel</string>
 7     <key>KeepAlive</key>
 8     <dict>
 9         <key>SuccessfulExit</key>
10         <false/>
11     </dict>
12     <key>Label</key>
13     <string>org.shadowsocksr.macos</string>
14     <key>WorkingDirectory</key>
15     <string>$PATH_TO_shadowsocksr</string>
16     <key>ProgramArguments</key>
17     <array>
18         <string>/usr/bin/python</string>
19             <string>shadowsocks/local.py</string>
20             <string>-c</string>
21             <string>user-config.json</string>
22             <string>-d</string>
23             <string>start</string>
24     </array>
25     <key>RunAtLoad</key>
26     <true/>
27     <key>StandardErrorPath</key>
28     <string>/var/log/shadowsocksr.log</string>
29     <key>StandardOutPath</key>
30     <string>/var/log/shadowsocksr.log</string>
31     <key>UserName</key>
32     <string>root</string>
33 </dict>
34 </plist>

MAC启动

1 vim /Library/LaunchDaemons/org.shadowsocks.macos.plist
2 sudo launchctl load ./org.shadowsocks.macos.plist

观察日志

1 tail -f ./shadowsocksr.log