安装基本组件和 SSR 后端
yum -y install python-setuptools && easy_install pip
pip install cymysql speedtest-cli
yum install git
or
yum -y install python-setuptools && easy_install pip && pip install cymysql speedtest-cli && yum install git
CHACHA20 加密方式支持:
如果要使用salsa20或chacha20或chacha20 IETF标准的算法,请安装libsodium:
libsodium是给SS提供chacha20、salsa20、chacha20-ietf等高级加密所必须的扩展库,因为chacha20加密,安全性与aes-256-cfb相近,但效率比aes-256-cfb高,所以推荐启用chacha20加密.为了启用chacha20加密,我们先安装libsodium。
yum -y groupinstall "Development Tools"
#下载最新稳定版本
wget https://download.libsodium.org/libsodium/releases/LATEST.tar.gz
tar xf libsodium-1.0.13.tar.gz && cd libsodium-1.0.13
./configure && make -j2 && make install
echo /usr/local/lib > /etc/ld.so.conf.d/usr_local_lib.conf
ldconfig
rm -rf /root/libsodium-1.0.13.tar.gz
cd /root
ubuntu/debian下安装:
apt-get install build-essential
wget https://download.libsodium.org/libsodium/releases/LATEST.tar.gz
tar xf libsodium-1.0.10.tar.gz && cd libsodium-1.0.10
./configure && make -j4 && make install
ldconfig
(如果提示 cannot import name OrderedDict,可能需要给服务器打补丁:第三方插件 ordereddict easy_install ordereddict )
下载程序源代码
git clone -b manyuser https://github.com/glzjin/shadowsocks.git
进入 Shadowsocks 这个目录,安装依赖
yum -y install python-devel
yum -y install libffi-devel
yum -y install openssl-devel
Debian 请勿执行下面这个命令,直接 pip install cymysql
pip install -r requirements.txt
配置程序
先得到你的配置文件
cd shadowsocks
cp apiconfig.py userapiconfig.py
cp config.json user-config.json
编辑参数
然后主要编辑userapiconfig.py,只需要修改以下 2 个大类
#节点 ID-和你网站添加的节点分配的 ID 一致!
NODE_ID = 1
#这里必须填,要么选择数据库要么选择 httpapi(大多数使用的是数据库,httpapi 不知怎么弄,2333)
API_INTERFACE = 'glzjinmod' #glzjinmod (数据库方式连接),modwebapi (http api)
# Mysql 数据库连接信息
MYSQL_HOST = '127.0.0.1'
MYSQL_PORT = 3306
MYSQL_USER = 'ss'
MYSQL_PASS = 'ss'
MYSQL_DB = 'shadowsocks'
MYSQL_UPDATE_TIME = 60
#这个虽然可填可不填,但是还是建议把 127.0.0.1 改成你这台服务器的 IP 地址
# Manager (ignore this)
MANAGE_PASS = 'ss233333333'
#if you want manage in other server you should set this value to global ip
MANAGE_BIND_IP = '127.0.0.1'
#make sure this port is idle
MANAGE_PORT = 23333
开始运行
测试服务端是否有错误
cd /root/shadowsocks
python server.py
如果报错,那就再仔细看看到底是哪里的问题。
出现(1042, u”Can’t get hostname for your address”)错误
my.cnf里,[mysqld]项目下
添加
skip-name-resolve
忽略主机名的方式访问
如果添加了之后且重启之后同样提示1042, u”Can’t get hostname for your address”那么就直接修改 hosts,把 hosts 中全部删除,然后输入
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
优化下
编辑 /etc/security/limits.conf
最后添加
* soft nofile 51200
* hard nofile 51200
然后在运行之前执行
ulimit -n 51200
然后编辑 /etc/sysctl.conf
fs.file-max = 51200
net.core.rmem_max = 67108864
net.core.wmem_max = 67108864
net.core.netdev_max_backlog = 250000
net.core.somaxconn = 4096
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_tw_recycle = 0
net.ipv4.tcp_fin_timeout = 30
net.ipv4.tcp_keepalive_time = 1200
net.ipv4.ip_local_port_range = 10000 65000
net.ipv4.tcp_max_syn_backlog = 8192
net.ipv4.tcp_max_tw_buckets = 5000
net.ipv4.tcp_fastopen = 3
net.ipv4.tcp_rmem = 4096 87380 67108864
net.ipv4.tcp_wmem = 4096 65536 67108864
net.ipv4.tcp_mtu_probing = 1
sysctl -p 来使其生效。
此处以 centos 6 x64 下配置 supervisord 为例。
rpm -Uvh http://download.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm --quiet
yum install supervisor python-pip -y
pip install supervisor==3.1
chkconfig supervisord on
wget https://github.com/glzjin/ssshell-jar/raw/master/supervisord.conf -O /etc/supervisord.conf
wget https://github.com/glzjin/ssshell-jar/raw/master/supervisord -O /etc/init.d/supervisord
编辑 /etc/supervisord.conf 最后一段改成如下的,以 /root/shadowsocks/ 为例
[program:mu]
command=python /root/shadowsocks/server.py
directory=/root/shadowsocks
autorestart=true
startsecs=10
startretries=36
redirect_stderr=true
user=root ; setuid to this UNIX account to run the program
log_stdout=true ; if true, log program stdout (default true)
log_stderr=true ; if true, log program stderr (def false)
logfile=/var/log/mu.log ; child log path, use NONE for none; default AUTO
;logfile_maxbytes=1MB ; max # logfile bytes b4 rotation (default 50MB)
;logfile_backups=10 ; # of logfile backups (default 10)
编辑 /etc/init.d/supervisord 在这两行之间添加 ulimit -n 51200
echo -n $"Starting supervisord: "
ulimit -n 51200
daemon supervisord -c /etc/supervisord.conf
然后
service supervisord start #开始运行守护程序
其他指令
测速
speedtest-cli
关闭防火墙
chkconfig iptables off
service iptables stop
补充:
userapiconfig.py,解释下里面各项配置的意思
# Config
#节点 ID
NODE_ID = 1
#自动化测速,为 0 不测试,此处以小时为单位,要和 ss-panel 设置的小时数一致
SPEEDTEST = 6
#云安全,自动上报与下载封禁 IP,1 为开启,0 为关闭
CLOUDSAFE = 1
#自动封禁 SS 密码和加密方式错误的 IP,1 为开启,0 为关闭
ANTISSATTACK = 0
#是否接受上级下发的命令,如果你要用这个命令,请参考我之前写的东西,公钥放在目录下的 ssshell.asc
AUTOEXEC = 1
多端口单用户设置,看重大更新说明。
MU_SUFFIX = ‘zhaoj.in’
多端口单用户设置,看重大更新说明。
MU_REGEX = ‘%5m%id.%suffix’
#不明觉厉
SERVER_PUB_ADDR = ‘127.0.0.1’ # mujson_mgr need this to generate ssr link
#访问面板方式
API_INTERFACE = ‘glzjinmod’ #glzjinmod (数据库方式连接),modwebapi (http api)
#mudb,不要管
MUDB_FILE = ‘mudb.json’
# HTTP API 的相关信息,看重大更新说明。
WEBAPI_URL = ‘https://zhaoj.in’
WEBAPI_TOKEN = ‘glzjin’
# Mysql 数据库连接信息
MYSQL_HOST = ‘127.0.0.1’
MYSQL_PORT = 3306
MYSQL_USER = ‘ss’
MYSQL_PASS = ‘ss’
MYSQL_DB = ‘shadowsocks’
# 是否启用 SSL 连接,0 为关,1 为开
MYSQL_SSL_ENABLE = 0
# 客户端证书目录,请看 https://github.com/glzjin/shadowsocks/wiki/Mysql-SSL%E9%85%8D%E7%BD%AE
MYSQL_SSL_CERT = ‘/root/shadowsocks/client-cert.pem’
MYSQL_SSL_KEY = ‘/root/shadowsocks/client-key.pem’
MYSQL_SSL_CA = ‘/root/shadowsocks/ca.pem’
# API,不用管
API_HOST = ‘127.0.0.1’
API_PORT = 80
API_PATH = ‘/mu/v2/’
API_TOKEN = ‘abcdef’
API_UPDATE_TIME = 60
# Manager 不用管
MANAGE_PASS = ‘ss233333333’
#if you want manage in other server you should set this value to global ip
MANAGE_BIND_IP = ‘127.0.0.1’
#make sure this port is idle
MANAGE_PORT = 23333
#安全设置,限制在线 IP 数所需,下面这个参数随机设置,并且所有节点需要保持一致。
IP_MD5_SALT = ‘randomforsafety’