說明:
Shadowsocks是一個輕量級的socks5代理軟體,
而hadowsocks-libev是一個基於shadowsocks 協議的socks5代理軟體,
相比原版,hadowsocks-libev程式體積小、高並發、資源佔用更少、跨平台、完全相容shadowsocks協議。
hadowsocks-libev包括三個模組:
ss-server:伺服器端,部署在遠程伺服器,提供shadowsocks服務。
ss-local:用戶端,提供本地socks5協議代理。
ss-redir:用戶端,提供本地透明代理。
實現目的:
用一台國外VPS伺服器,安裝部署hadowsocks-libev代理軟體,讓國內使用者通過這台VPS伺服器能夠訪問國外網站。
具體操作:
注意:伺服器先安裝git軟體,然後通過git軟體線上下載hadowsocks-libev軟體,最後,再編譯安裝hadowsocks-libev。
VPS伺服器作業系統:CentOS
VPS伺服器ip:192.168.1.161
一、關閉SELINUX
vi /etc/selinux/config
#SELINUX=enforcing #注釋掉
#SELINUXTYPE=targeted #注釋掉
SELINUX=disabled #增加
:wq! #儲存退出
setenforce 0 #使配置立即生效
二、開啟防火牆連接埠(TCP 8388連接埠為hadowsocks-libev服務端預設連接埠)
vi /etc/sysconfig/iptables #編輯防火牆設定檔
# Firewall configuration written by system-config-securitylevel
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -p 50 -j ACCEPT
-A RH-Firewall-1-INPUT -p 51 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 8388 -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
COMMIT
:wq! #儲存退出
service iptables restart #最後重啟防火牆使配置生效
三、安裝編輯工具包
1、CentOS 5.x下編譯安裝git需要的包(預設CentOS 5.x yum源中沒有git)
yum install wget curl curl-devel zlib-devel openssl-devel perl perl-devel cpio expat-devel gettext-devel
2、安裝shadowsocks-libev.git需要的包
yum install autoconf libtool openssl-devel gcc swig python-devel
cd /usr/local/src
wget https://git-core.googlecode.com/files/git-1.9.0.tar.gz #此地址需要翻牆,可以先下載好軟體之後,再上傳到伺服器
tar xzvf git-1.9.0.tar.gz #解壓
cd git-1.9.0 #進入安裝目錄
autoconf
./configure #配置
make #編譯
make install #安裝
git --version #查看版本
2、CentOS 6.x下安裝
yum install git #CentOS6中yum源中已經有git的版本,直接yum安裝
五、安裝shadowsocks-libev
cd /usr/local/src
git clone https://github.com/madeye/shadowsocks-libev.git #使用git下載
cd shadowsocks-libev #進入安裝目錄
./configure #配置
make #編譯
make install #安裝
cd /usr/local/bin/ #安裝好之後,會在此目錄產生以下檔案
ss-server
ss-local
ss-redir
六、配置shadowsocks-libev服務端
系統營運 www.osyunwei.com 溫馨提醒:qihang01原創內容©著作權,轉載請註明出處及原文連結
1、建立設定檔
mkdir /etc/shadowsocks-libev #建立設定檔存放目錄
vi /etc/shadowsocks-libev/config.json #編輯,添加以下內容
{
"server":"192.168.1.161", #服務端監聽的IP地址
"server_port":8388, #服務端連接埠
"local_address":"127.0.0.1", #本地監聽的IP地址
"local_port":1080, #本地端連接埠
"password":"123456", #用來加密的密碼
"timeout":60, #逾時時間(秒)
"method":"aes-256-cfb", #加密方法,推薦用 “aes-256-cfb”
}
:wq! #儲存退出
2、運行shadowsocks-libev服務端
nohup /usr/local/bin/ss-server -u -c /etc/shadowsocks-libev/config.json -f /var/run/shadowsocks-server/pid &
3、關閉shadowsocks-libev服務端
ps -ef|grep ss-server #查看進程ID
kill -9 進程ID #結束shadowsocks-libev服務端
4、設定shadowsocks-libev服務端開機啟動
vi /etc/init.d/ss-server #編輯,添加以下代碼
#!/bin/bash
# Run level information:
# chkconfig: 2345 99 99
# Description: lightweight secured socks5 proxy
# processname: ss-server
# Paths and variables and system checks.
# Source function library
. /etc/rc.d/init.d/functions
# Check that networking is up.
#
[ ${NETWORKING} ="yes" ] || exit 0
# Daemon
NAME=shadowsocks-server
DAEMON=/usr/local/bin/ss-server
# Path to the configuration file.
#
CONF=/etc/shadowsocks-libev/config.json
#USER="nobody"
#GROUP="nobody"
# Take care of pidfile permissions
mkdir /var/run/$NAME 2>/dev/null || true
#chown "$USER:$GROUP" /var/run/$NAME
# Check the configuration file exists.
#
if [ ! -f $CONF ] ; then
echo "The configuration file cannot be found!"
exit 0
fi
# Path to the lock file.
#
LOCK_FILE=/var/lock/subsys/shadowsocks
# Path to the pid file.
#
PID=/var/run/$NAME/pid
#====================================================================
#====================================================================
# Run controls:
RETVAL=0
# Start shadowsocks as daemon.
#
start() {
if [ -f $LOCK_FILE ]; then
echo "$NAME is already running!"
exit 0
else
echo -n $"Starting ${NAME}: "
#daemon --check $DAEMON --user $USER "$DAEMON -f $PID -c $CONF > /dev/null"
daemon $DAEMON -u -c $CONF -f $PID
fi
RETVAL=$?
[ $RETVAL -eq 0 ] && success
echo
[ $RETVAL -eq 0 ] && touch $LOCK_FILE
return $RETVAL
}
# Stop shadowsocks.
#
stop() {
echo -n $"Shutting down ${NAME}: "
killproc -p ${PID}
RETVAL=$?
[ $RETVAL -eq 0 ]
rm -f $LOCK_FILE
rm -f ${PID}
echo
return $RETVAL
}
# See how we were called.
case "$1" in
start)
start
;;
stop)
stop
;;
restart)
stop
start
;;
condrestart)
if [ -f $LOCK_FILE ]; then
stop
start
RETVAL=$?
fi
;;
status)
status $DAEMON
RETVAL=$?
;;
*)
echo $"Usage: $0 {start|stop|restart|condrestart|status}"
RETVAL=1
esac
exit $RETVAL
:wq! #儲存退出
chmod +x /etc/init.d/ss-server #添加指令碼執行許可權
chkconfig --add ss-server #添加到開機啟動
chkconfig ss-server on #設定開機啟動
相關命令:
啟動:/etc/init.d/ss-server start
停止:/etc/init.d/ss-server stop
重啟:/etc/init.d/ss-server restart
查看狀態:/etc/init.d/ss-server status
七、配置shadowsocks-libev用戶端
1、Windows下安裝Shadowsocks用戶端
下載地址:
http://sourceforge.net/projects/shadowsocksgui/files/dist/Shadowsocks-win-2.3.1.zip
伺服器IP:192.168.1.161
伺服器連接埠:8388
密碼:123456
加密:aes-256-cfb
備忘:
代理連接埠:1080
點擊確定
注意:這一步只是用Shadowsocks用戶端串連上了伺服器,還需要在瀏覽器裡面設定代理之後,才能上網。
2、開啟瀏覽器設定代理(推薦使用Google和Firefox瀏覽器)
下面以Firefox瀏覽器為例:
選項-進階-網路-設定-串連設定-手動設定代理
SOCKS主機:192.168.1.161
連接埠:1080
選擇SOCKS v5
現在,已經可以正常開啟google等國外網站了!
八、把Shadowsocks用戶端配置在Shadowsocks伺服器上面,讓使用者不需要安裝Shadowsocks用戶端,直接設定瀏覽器代理就能訪問國外網站。
以下在Shadowsocks伺服器上操作
此時,需要在伺服器上開放Shadowsocks用戶端連接埠TCP 1080(開放連接埠方法同上面一樣)
1、設定設定檔
vi /etc/shadowsocks-libev/shadowsocks.json #編輯,添加以下代碼
{
"server":"58.68.250.161",
"server_port":8989,
"local_address":"127.0.0.1",
"local_port":1080,
"password":"123456",
"timeout":60,
"method":"aes-256-cfb",
}
:wq! #儲存退出
2、啟動Shadowsocks用戶端
nohup /usr/local/bin/ss-local -u -c /etc/shadowsocks-libev/shadowsocks.json -f /var/run/shadowsocks-local/pid -b 0.0.0.0 &
3、關閉shadowsocks-libev用戶端
ps -ef|grep ss-local #查看進程ID
kill -9 進程ID #結束shadowsocks-libev用戶端
4、設定shadowsocks-libev用戶端開機啟動
vi /etc/init.d/ss-local #編輯,添加以下檔案
#!/bin/bash
# Run level information:
# chkconfig: 2345 88 88
# Description: lightweight secured socks5 proxy
# processname: ss-local
# Paths and variables and system checks.
# Source function library
. /etc/rc.d/init.d/functions
# Check that networking is up.
#
[ ${NETWORKING} ="yes" ] || exit 0
# Daemon
NAME=shadowsocks-local
DAEMON=/usr/local/bin/ss-local
# Path to the configuration file.
#
CONF=/etc/shadowsocks-libev/shadowsocks.json
#USER="nobody"
#GROUP="nobody"
# Take care of pidfile permissions
mkdir /var/run/$NAME 2>/dev/null || true
#chown "$USER:$GROUP" /var/run/$NAME
# Check the configuration file exists.
#
if [ ! -f $CONF ] ; then
echo "The configuration file cannot be found!"
exit 0
fi
# Path to the lock file.
#
LOCK_FILE=/var/lock/subsys/shadowsocks
# Path to the pid file.
#
PID=/var/run/$NAME/pid
#====================================================================
#====================================================================
# Run controls:
RETVAL=0
# Start shadowsocks as daemon.
#
start() {
if [ -f $LOCK_FILE ]; then
echo "$NAME is already running!"
exit 0
else
echo -n $"Starting ${NAME}: "
#daemon --check $DAEMON --user $USER "$DAEMON -f $PID -c $CONF > /dev/null"
daemon $DAEMON -u -c $CONF -f $PID -b 0.0.0.0
fi
RETVAL=$?
[ $RETVAL -eq 0 ] && success
echo
[ $RETVAL -eq 0 ] && touch $LOCK_FILE
return $RETVAL
}
# Stop shadowsocks.
#
stop() {
echo -n $"Shutting down ${NAME}: "
killproc -p ${PID}
RETVAL=$?
[ $RETVAL -eq 0 ]
rm -f $LOCK_FILE
rm -f ${PID}
echo
return $RETVAL
}
# See how we were called.
case "$1" in
start)
start
;;
stop)
stop
;;
restart)
stop
start
;;
condrestart)
if [ -f $LOCK_FILE ]; then
stop
start
RETVAL=$?
fi
;;
status)
status $DAEMON
RETVAL=$?
;;
*)
echo $"Usage: $0 {start|stop|restart|condrestart|status}"
RETVAL=1
esac
exit $RETVAL
:wq! #儲存退出
chmod +x /etc/init.d/ss-local #添加指令碼執行許可權
chkconfig --add ss-local #添加開機啟動
chkconfig ss-local on #設定開機啟動
啟動:/etc/init.d/ss-local start
停止:/etc/init.d/ss-local stop
重啟:/etc/init.d/ss-local restart
查看狀態:/etc/init.d/ss-local status
設定完成之後,使用者直接在瀏覽器裡面設定代理(步驟同上面一樣)即可訪問國外網站。
擴充閱讀:
1、可以專門用一台國內伺服器當做Shadowsocks用戶端伺服器,用來串連國外的Shadowsocks伺服器,然後,使用者瀏覽器裡面直接設定國內伺服器為代理IP。
2、使用者瀏覽器端還能設定自動代理配置,在google瀏覽器裡面先把配置好的檔案匯出為.pac,然後把這個.pac檔案放到網站上,最後給使用者提供一個.pac的url地址,使用者在瀏覽器中只需要把這個url地址填寫到自動代理配置中即可。