看到CTO 写的SS的插件。发现不错。py写的。很强,很强。
支持系统:Centos6/7 乌班图
安装
sh install.sh
卸载:
sh install.sh uninstall
我就随便改了一下,脚本如下:
install.sh
#!/bin/bash PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:~/bin export PATH # ss 安装的位置 pluginPath=/etc/ss # 安装ss Install_ss() { #pip 安装shadowscks m2crypto pip install shadowsocks m2crypto # 创建一个目录/www/server/panel/plugin/ss mkdir -p $pluginPath # 复制当前文件的所有东西过去 \cp -a -r install.sh ss.init $pluginPath/ #复制启动脚本过去 \cp -a -r ss.init /etc/init.d/ss # 给脚本加权限 chmod +x /etc/init.d/ss # 加入到系统启动项中 chkconfig --add ss chkconfig --level 2345 ss on # 随机md5 的密码 password=`cat /dev/urandom | head -n 16 | md5sum | head -c 16` #建立一个json文件 cat > $pluginPath/config.json <<EOF { "server":"0.0.0.0", "local_address":"127.0.0.1", "local_port":1080, "port_password":{ "62443":"$password" }, "timeout":300, "method":"aes-256-cfb", "fast_open":false } EOF # 新建一个ss用户 groupadd ssuser useradd -s /sbin/nologin -M -g ssuser ssuser # 给json文件权限 chown ssuser:ssuser $pluginPath/config.json # 开放端口 Set_port 62443 /etc/init.d/ss start echo "this is ip:" curl icanhazip.com echo "this is post:62443" echo "this is password: $$password" } Set_port() { # 乌班图的开放端口 if [ -f "/usr/sbin/ufw" ];then ufw allow $1/tcp ufw allow $1/udp ufw reload fi # Centos7 的开放防火墙的方式 if [ -f "/etc/sysconfig/firewalld" ];then firewall-cmd --permanent --zone=public --add-port=$1/tcp firewall-cmd --permanent --zone=public --add-port=$1/udp firewall-cmd --reload fi #Centos6 的防火墙开放方式 if [ -f "/etc/init.d/iptables" ];then iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport $1 -j ACCEPT iptables -I INPUT -p udp -m state --state NEW -m udp --dport $1 -j ACCEPT /etc/init.d/iptables save fi } # 删除端口方式的 Remove_port() { #乌班图方式 if [ -f "/usr/sbin/ufw" ];then ufw delete allow $1/tcp ufw delete allow $1/udp ufw reload fi #Centos7 if [ -f "/etc/sysconfig/firewalld" ];then firewall-cmd --permanent --zone=public --remove-port=$1/tcp firewall-cmd --permanent --zone=public --remove-port=$1/udp firewall-cmd --reload fi #Centos6 if [ -f "/etc/init.d/iptables" ];then iptables -D INPUT -p tcp -m state --state NEW -m tcp --dport $1 -j ACCEPT iptables -D INPUT -p udp -m state --state NEW -m udp --dport $1 -j ACCEPT /etc/init.d/iptables save fi } #卸载ss Uninstall_ss() { #关闭 /etc/init.d/ss stop # 删除启动项 chkconfig --del ss #删除 rm -f /etc/init.d/ss rm -rf $pluginPath pip uninstall shadowsocks -y userdel ssuser groupdel ssuser } #判断输入的是否是install 如果是就安装ss if [ "${1}" == 'install' ];then Install_ss #判断是否是卸载 elif [ "${1}" == 'uninstall' ];then Uninstall_ss # 开放端口 elif [ "${1}" == 'port' ];then Set_port $2 #删除端口就是删除添加的这个端口 elif [ "${1}" == 'rmport' ];then Remove_port $2 else while [ "$isInstall" != 'y' ] && [ "$isInstall" != 'n' ] do read -p "Do you really want to install ss " isInstall; done if [ "$isInstall" = 'y' ] || [ "$isInstall" = 'Y' ];then Install_ss fi fi
ss.init
#!/bin/bash # chkconfig: 2345 55 25 # description: baota - ss-plugin ### BEGIN INIT INFO # Provides: ss # Required-Start: $all # Required-Stop: $all # Default-Start: 2 3 4 5 # Default-Stop: 0 1 6 # Short-Description: starts ss # Description: starts the ss ### END INIT INFO configFile=/etc/ss/config.json if [ ! -f $configFile ];then echo 'Ss-plugin plug-in is not installed.' exit; fi case "$1" in 'start') ssserver -c $configFile -d start --user ssuser ;; 'stop') ssserver -c $configFile -d stop --user ssuser ;; 'restart') ssserver -c $configFile -d restart --user ssuser ;; *) echo "Usage: /etc/init.d/ss {start|stop|restart}" ;; esac
测试:
Centos7