GreenVPN本周挂了,噩耗啊。服务时间最长,我觉得应该是一辈子不会挂的最后防线居然就这么轻易挂了。看来还是得自己搭VPS作为自己的最后防线。否则第三方的服务哪天挂了,我真的就闭耳塞听了。
名字就不提了,反正越少人知道越好。本来想用$2.5的Instance,卖完了。接着想索性换一样价格的Linode,结果Linode的$5也卖完了。最后还是用了$5的Instance,等有$2.5的时候再换下来。
操作系统选的是最新的ubuntu,17.04
cat /etc/issue
# Ubuntu 17.04 \n \l
sudo lsb_release -a
# No LSB modules are available.
# Distributor ID: Ubuntu
# Description: Ubuntu 17.04
# Release: 17.04
# Codename: zesty
uname -r
# 4.10.0-20-genericecho "net.core.default_qdisc=fq" >> /etc/sysctl.conf
echo "net.ipv4.tcp_congestion_control=bbr" >> /etc/sysctl.conf
sysctl -p /etc/sysctl.conf
# net.ipv6.conf.all.accept_ra = 2
# net.core.default_qdisc = fq
# net.ipv4.tcp_congestion_control = bbr
sysctl net.ipv4.tcp_available_congestion_control
# net.ipv4.tcp_available_congestion_control = bbr cubic reno
lsmod | grep bbr
# tcp_bbr 20480 0详见:Link
apt-get install build-essential
wget https://github.com/jedisct1/libsodium/releases/download/1.0.12/libsodium-1.0.12.tar.gz
tar xf libsodium-1.0.12.tar.gz && cd libsodium-1.0.12
./configure && make -j2 && make install
ldconfig详见:Link
git clone -b manyuser https://github.com/shadowsocksr/shadowsocksr.git
cd shadowsocksr
bash initcfg.shapt-get install checkinstall
apt-get install libreadline-gplv2-dev libncursesw5-dev libssl-dev libsqlite3-dev tk-dev libgdbm-dev libc6-dev libbz2-dev
wget https://www.python.org/ftp/python/2.7.13/Python-2.7.13.tgz
tar xzf Python-2.7.13.tgz
cd Python-2.7.13
./configure
make install修改文件limit
echo "fs.file-max=1024000" >> /etc/sysctl.conf
sysctl -p /etc/sysctl.conf
echo "* soft nofile 512000" >> /etc/security/limits.conf
echo "* hard nofile 1024000" >> /etc/security/limits.conf日志和启动文件
touch shadowsocks.sh
chmod +x ./shadowsocks.sh
ln -s /var/log/shadowsocksr.log ./shadowsocksr.logvim shadowsocks.sh
#!/bin/bash
BASEDIR=$(dirname "$0")
CMD=${BASEDIR}/shadowsocksr/shadowsocks/server.py
CONF=${BASEDIR}/shadowsocksr/user-config.json
cd ${BASEDIR}
if [ "$1" == "start" ];then
ulimit -n 512000
python ${CMD} -c ${CONF} -d start
elif [ "$1" == "restart" ];then
ulimit -n 512000
python ${CMD} -c ${CONF} -d restart
elif [ "$1" == "stop" ];then
ulimit -n 512000
python ${CMD} -c ${CONF} -d stop
else
echo "Usage: ./shadowsocks.sh start|stop|restart"
fivim shadowsocksr/user-config.json
{
"server": "0.0.0.0",
"server_ipv6": "::",
"server_port": 8038,
"local_address": "127.0.0.1",
"local_port": 1080,
"password": "$URPWD",
"method": "aes-256-cfb",
"protocol": "auth_aes128_md5",
"protocol_param": "",
"obfs": "http_simple",
"obfs_param": "",
"speed_limit_per_con": 0,
"speed_limit_per_user": 0,
"additional_ports" : {},
"additional_ports_only" : false,
"timeout": 120,
"udp_timeout": 60,
"dns_ipv6": false,
"connect_verbose_info": 0,
"redirect": ["bing.com", "cloudflare.com:443"],
"fast_open": false
}MAC客户端安装基本上和服务器差不多,git clone下来,bash生成config json,从服务器拷贝一份也行。然后只要把客户端的port和服务端的ip配下,就好了。
MAC自启动脚本
vim org.shadowsocks.macos.plist
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>GroupName</key>
<string>wheel</string>
<key>KeepAlive</key>
<dict>
<key>SuccessfulExit</key>
<false/>
</dict>
<key>Label</key>
<string>org.shadowsocksr.macos</string>
<key>WorkingDirectory</key>
<string>$PATH_TO_shadowsocksr</string>
<key>ProgramArguments</key>
<array>
<string>/usr/bin/python</string>
<string>shadowsocks/local.py</string>
<string>-c</string>
<string>user-config.json</string>
<string>-d</string>
<string>start</string>
</array>
<key>RunAtLoad</key>
<true/>
<key>StandardErrorPath</key>
<string>/var/log/shadowsocksr.log</string>
<key>StandardOutPath</key>
<string>/var/log/shadowsocksr.log</string>
<key>UserName</key>
<string>root</string>
</dict>
</plist>MAC启动
vim /Library/LaunchDaemons/org.shadowsocks.macos.plist
sudo launchctl load ./org.shadowsocks.macos.plist观察日志
tail -f ./shadowsocksr.logEOF