原创文章,欢迎转载。转载请注明:转载自 祥的博客
原文链接:https://blog.csdn.net/humanking7/article/details/84401387
文章目录
环境及其声明
本文以探索电脑知识的精神为目的,进行学习分享,切勿用于不法途径。
-
配置环境:
ubuntu 16.04
-
python
版本:python 2.7.12
-
pip
版本:pip 18.1
1.基础教程
1.1.预备工作
- 租
服务器
服务器
与本地Xshell
连接
这工作资料比较多,大家就自行百度吧。
1.2.安装pip
见博文:Ubuntu安装pip及其各种bug解决方案 https://blog.csdn.net/humanking7/article/details/84392790
1.3. 安装
- 安装命令
pip install shadowsocks
- 安装过程显示
出现Successfully installed shadowsocks-2.8.2
,就算成功了,版本是2.8.2
,也可以用源码安装,不过这个是最简单的版本。
root@qfx-HP-xw4600-Workstation:~/pipDir/pip-18.1# pip install shadowsocks
Collecting shadowsocks
Downloading https://files.pythonhosted.org/packages/02/1e/e3a5135255d06813aca6631da31768d44f63692480af3a1621818008eb4a/shadowsocks-2.8.2.tar.gz
Building wheels for collected packages: shadowsocks
Running setup.py bdist_wheel for shadowsocks ... done
Stored in directory: /root/.cache/pip/wheels/5e/8d/b6/3e2243a7e116984b2c3597c122c29abcfeac77daa260079e88
Successfully built shadowsocks
Installing collected packages: shadowsocks
Successfully installed shadowsocks-2.8.2
- 查看软件版本
# 命令
ssserver --version
# 测试结果
root@qfx-HP-xw4600-Workstation:~/pipDir/pip-18.1# ssserver --version
Shadowsocks 2.8.2
- 如果出现问题,看看是不是
pip
或者依赖包没有安装。
apt-get install python-pip python-gevent python-m2crypto
pip install --upgrade setuptools
1.4. 配置
在/etc/
目录下新建一个shadowsocks
的目录,在里面新建一个配置文件config.json
- 设置
root@qfx-HP-xw4600-Workstation:~/pipDir/pip-18.1# mkdir /etc/shadowsocks
root@qfx-HP-xw4600-Workstation:~/pipDir/pip-18.1# vim /etc/shadowsocks/config.json
- 配置文件
config.json
文件
{
"server":"123.231.132.213",
"server_port":2333,
"password":"your_password",
"timeout":600,
"method":"aes-256-cfb",
"fast_open": false
}
"server"
:是你租服务器
的IP地址
(文中我是乱设置的)"server_port"
:设置端口,自己自定义(注意,不要和系统端口发生冲突)"password"
:设置密码,自己定义"method"
:加密方式
注意逗号的位置,而且都是英文半角。
如果需要同时开多个端口,config.json
的内容可以设置如下:
{
"server":"123.231.132.213",
"port_password": {
"2333": "your_password1",
"2334": "your_password2"
},
"timeout":600,
"method":"aes-256-cfb",
"fast_open": false
}
1.5. 使用
# 启动
ssserver -c /etc/shadowsocks/config.json -d start
# 停止
ssserver -c /etc/shadowsocks/config.json -d stop
# 重启
ssserver -c /etc/shadowsocks/config.json -d restart
启动后,就可以在客户端设置,然后使用了,其中的IP
、端口
、密码
、加密方式
和配置中的config.json
一样。
各种花式使用和骚操作教程,网上铺天盖地,大家自行度娘吧,本文的重点也不再此。
1.6. 设置开机启动
在/etc/systemd/system/
中创建shadowsocks.servic
文件
vim /etc/systemd/system/shadowsocks.service
编辑shadowsocks.servic
文件
[Unit]
Description=Shadowsocks
After=network.target
[Service]
Type=forking
PIDFile=/run/shadowsocks/server.pid
PermissionsStartOnly=true
ExecStartPre=/bin/mkdir -p /run/shadowsocks
ExecStartPre=/bin/chown root:root /run/shadowsocks
ExecStart=/usr/local/bin/ssserver --pid-file /var/run/shadowsocks/server.pid -c /etc/shadowsocks/config.json -d start
Restart=on-abort
User=root
Group=root
UMask=0027
[Install]
WantedBy=multi-user.target
设置文件权限:
chmod 755 /etc/systemd/system/shadowsocks.service
启动服务:
systemctl start shadowsocks
systemctl enable shadowsocks
2. 进阶教程
2.1. 安装BBR
安装Google TCP BBR
拥塞控制算法,用以加快服务器网速。
自己装太麻烦了,还是用别人的教程脚本爽啊,网友teddysun
的脚本:
# 获取脚本
wget --no-check-certificate https://github.com/teddysun/across/raw/master/bbr.sh
# 提权脚本
chmod +x bbr.sh
#运行脚本
./bbr.sh
当看到提示“Press any key…”
时,按回车键开始安装。
安装过程中如果出现选项,按回车键选缺省选项即可。最后需要重启服务器主机。
bbr.sh
文件,见 附录 3
2.2. 增大服务器可以同时处理的连接数量
编辑“/etc/security/limits.conf”
文件:
vim /etc/security/limits.conf
在文件末尾增加以下两行(注意:*
符号也要包括):
* soft nofile 51200
* hard nofile 51200
退出文件后,运行以下命令行:
ulimit -n 51200
2.3. 优化内核参数:
编辑“/etc/sysctl.conf”
文件:
vim /etc/sysctl.conf
在文件末尾添加下面几行:
fs.file-max = 51200
net.core.rmem_max = 67108864
net.core.wmem_max = 67108864
net.core.netdev_max_backlog = 250000
net.core.somaxconn = 4096
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_tw_recycle = 0
net.ipv4.tcp_fin_timeout = 30
net.ipv4.tcp_keepalive_time = 1200
net.ipv4.ip_local_port_range = 10000 65000
net.ipv4.tcp_max_syn_backlog = 8192
net.ipv4.tcp_max_tw_buckets = 5000
net.ipv4.tcp_fastopen = 3
net.ipv4.tcp_mem = 25600 51200 102400
net.ipv4.tcp_rmem = 4096 87380 67108864
net.ipv4.tcp_wmem = 4096 65536 67108864
net.ipv4.tcp_mtu_probing = 1
退出文件编辑后,运行以下命令:
sysctl -p
然后重启ss
:
ssserver -c /etc/shadowsocks/config.json -d restart
OK,优化提速完成。
OK!
以上,Enjoy~
3. 附录
bbr.sh
文件如下:
#!/usr/bin/env bash
#
# Auto install latest kernel for TCP BBR
#
# System Required: CentOS 6+, Debian7+, Ubuntu12+
#
# Copyright (C) 2016-2018 Teddysun <[email protected]>
#
# URL: https://teddysun.com/489.html
#
red='\033[0;31m'
green='\033[0;32m'
yellow='\033[0;33m'
plain='\033[0m'
cur_dir=$(pwd)
[[ $EUID -ne 0 ]] && echo -e "${red}Error:${plain} This script must be run as root!" && exit 1
[[ -d "/proc/vz" ]] && echo -e "${red}Error:${plain} Your VPS is based on OpenVZ, which is not supported." && exit 1
if [ -f /etc/redhat-release ]; then
release="centos"
elif cat /etc/issue | grep -Eqi "debian"; then
release="debian"
elif cat /etc/issue | grep -Eqi "ubuntu"; then
release="ubuntu"
elif cat /etc/issue | grep -Eqi "centos|red hat|redhat"; then
release="centos"
elif cat /proc/version | grep -Eqi "debian"; then
release="debian"
elif cat /proc/version | grep -Eqi "ubuntu"; then
release="ubuntu"
elif cat /proc/version | grep -Eqi "centos|red hat|redhat"; then
release="centos"
else
release=""
fi
is_digit(){
local input=${1}
if [[ "$input" =~ ^[0-9]+$ ]]; then
return 0
else
return 1
fi
}
get_valid_valname(){
local val=${1}
local new_val=$(eval echo $val | sed 's/[-.]/_/g')
echo ${new_val}
}
get_hint(){
local val=${1}
local new_val=$(get_valid_valname $val)
eval echo "\$hint_${new_val}"
}
#Display Memu
display_menu(){
local soft=${1}
local default=${2}
eval local arr=(\${${soft}_arr[@]})
local default_prompt
if [[ "$default" != "" ]]; then
if [[ "$default" == "last" ]]; then
default=${#arr[@]}
fi
default_prompt="(default ${arr[$default-1]})"
fi
local pick
local hint
local vname
local prompt="which ${soft} you'd select ${default_prompt}: "
while :
do
echo -e "\n------------ ${soft} setting ------------\n"
for ((i=1;i<=${#arr[@]};i++ )); do
vname="$(get_valid_valname ${arr[$i-1]})"
hint="$(get_hint $vname)"
[[ "$hint" == "" ]] && hint="${arr[$i-1]}"
echo -e "${green}${i}${plain}) $hint"
done
echo
read -p "${prompt}" pick
if [[ "$pick" == "" && "$default" != "" ]]; then
pick=${default}
break
fi
if ! is_digit "$pick"; then
prompt="Input error, please input a number"
continue
fi
if [[ "$pick" -lt 1 || "$pick" -gt ${#arr[@]} ]]; then
prompt="Input error, please input a number between 1 and ${#arr[@]}: "
continue
fi
break
done
eval ${soft}=${arr[$pick-1]}
vname="$(get_valid_valname ${arr[$pick-1]})"
hint="$(get_hint $vname)"
[[ "$hint" == "" ]] && hint="${arr[$pick-1]}"
echo -e "\nyour selection: $hint\n"
}
version_ge(){
test "$(echo "$@" | tr " " "\n" | sort -rV | head -n 1)" == "$1"
}
get_latest_version() {
latest_version=($(wget -qO- http://kernel.ubuntu.com/~kernel-ppa/mainline/ | awk -F'\"v' '/v[4-9]./{print $2}' | cut -d/ -f1 | grep -v - | sort -V))
[ ${#latest_version[@]} -eq 0 ] && echo -e "${red}Error:${plain} Get latest kernel version failed." && exit 1
kernel_arr=()
for i in ${latest_version[@]}; do
if version_ge $i 4.14; then
kernel_arr+=($i);
fi
done
display_menu kernel last
if [[ `getconf WORD_BIT` == "32" && `getconf LONG_BIT` == "64" ]]; then
deb_name=$(wget -qO- http://kernel.ubuntu.com/~kernel-ppa/mainline/v${kernel}/ | grep "linux-image" | grep "generic" | awk -F'\">' '/amd64.deb/{print $2}' | cut -d'<' -f1 | head -1)
deb_kernel_url="http://kernel.ubuntu.com/~kernel-ppa/mainline/v${kernel}/${deb_name}"
deb_kernel_name="linux-image-${kernel}-amd64.deb"
modules_deb_name=$(wget -qO- http://kernel.ubuntu.com/~kernel-ppa/mainline/v${kernel}/ | grep "linux-modules" | grep "generic" | awk -F'\">' '/amd64.deb/{print $2}' | cut -d'<' -f1 | head -1)
deb_kernel_modules_url="http://kernel.ubuntu.com/~kernel-ppa/mainline/v${kernel}/${modules_deb_name}"
deb_kernel_modules_name="linux-modules-${kernel}-amd64.deb"
else
deb_name=$(wget -qO- http://kernel.ubuntu.com/~kernel-ppa/mainline/v${kernel}/ | grep "linux-image" | grep "generic" | awk -F'\">' '/i386.deb/{print $2}' | cut -d'<' -f1 | head -1)
deb_kernel_url="http://kernel.ubuntu.com/~kernel-ppa/mainline/v${kernel}/${deb_name}"
deb_kernel_name="linux-image-${kernel}-i386.deb"
modules_deb_name=$(wget -qO- http://kernel.ubuntu.com/~kernel-ppa/mainline/v${kernel}/ | grep "linux-modules" | grep "generic" | awk -F'\">' '/i386.deb/{print $2}' | cut -d'<' -f1 | head -1)
deb_kernel_modules_url="http://kernel.ubuntu.com/~kernel-ppa/mainline/v${kernel}/${modules_deb_name}"
deb_kernel_modules_name="linux-modules-${kernel}-i386.deb"
fi
[ -z ${deb_name} ] && echo -e "${red}Error:${plain} Getting Linux kernel binary package name failed, maybe kernel build failed. Please choose other one and try again." && exit 1
}
get_opsy() {
[ -f /etc/redhat-release ] && awk '{print ($1,$3~/^[0-9]/?$3:$4)}' /etc/redhat-release && return
[ -f /etc/os-release ] && awk -F'[= "]' '/PRETTY_NAME/{print $3,$4,$5}' /etc/os-release && return
[ -f /etc/lsb-release ] && awk -F'[="]+' '/DESCRIPTION/{print $2}' /etc/lsb-release && return
}
opsy=$( get_opsy )
arch=$( uname -m )
lbit=$( getconf LONG_BIT )
kern=$( uname -r )
get_char() {
SAVEDSTTY=`stty -g`
stty -echo
stty cbreak
dd if=/dev/tty bs=1 count=1 2> /dev/null
stty -raw
stty echo
stty $SAVEDSTTY
}
getversion() {
if [[ -s /etc/redhat-release ]]; then
grep -oE "[0-9.]+" /etc/redhat-release
else
grep -oE "[0-9.]+" /etc/issue
fi
}
centosversion() {
if [ x"${release}" == x"centos" ]; then
local code=$1
local version="$(getversion)"
local main_ver=${version%%.*}
if [ "$main_ver" == "$code" ]; then
return 0
else
return 1
fi
else
return 1
fi
}
check_bbr_status() {
local param=$(sysctl net.ipv4.tcp_congestion_control | awk '{print $3}')
if [[ x"${param}" == x"bbr" ]]; then
return 0
else
return 1
fi
}
check_kernel_version() {
local kernel_version=$(uname -r | cut -d- -f1)
if version_ge ${kernel_version} 4.9; then
return 0
else
return 1
fi
}
install_elrepo() {
if centosversion 5; then
echo -e "${red}Error:${plain} not supported CentOS 5."
exit 1
fi
rpm --import https://www.elrepo.org/RPM-GPG-KEY-elrepo.org
if centosversion 6; then
rpm -Uvh http://www.elrepo.org/elrepo-release-6-8.el6.elrepo.noarch.rpm
elif centosversion 7; then
rpm -Uvh http://www.elrepo.org/elrepo-release-7.0-3.el7.elrepo.noarch.rpm
fi
if [ ! -f /etc/yum.repos.d/elrepo.repo ]; then
echo -e "${red}Error:${plain} Install elrepo failed, please check it."
exit 1
fi
}
sysctl_config() {
sed -i '/net.core.default_qdisc/d' /etc/sysctl.conf
sed -i '/net.ipv4.tcp_congestion_control/d' /etc/sysctl.conf
echo "net.core.default_qdisc = fq" >> /etc/sysctl.conf
echo "net.ipv4.tcp_congestion_control = bbr" >> /etc/sysctl.conf
sysctl -p >/dev/null 2>&1
}
install_config() {
if [[ x"${release}" == x"centos" ]]; then
if centosversion 6; then
if [ ! -f "/boot/grub/grub.conf" ]; then
echo -e "${red}Error:${plain} /boot/grub/grub.conf not found, please check it."
exit 1
fi
sed -i 's/^default=.*/default=0/g' /boot/grub/grub.conf
elif centosversion 7; then
if [ ! -f "/boot/grub2/grub.cfg" ]; then
echo -e "${red}Error:${plain} /boot/grub2/grub.cfg not found, please check it."
exit 1
fi
grub2-set-default 0
fi
elif [[ x"${release}" == x"debian" || x"${release}" == x"ubuntu" ]]; then
/usr/sbin/update-grub
fi
}
reboot_os() {
echo
echo -e "${green}Info:${plain} The system needs to reboot."
read -p "Do you want to restart system? [y/n]" is_reboot
if [[ ${is_reboot} == "y" || ${is_reboot} == "Y" ]]; then
reboot
else
echo -e "${green}Info:${plain} Reboot has been canceled..."
exit 0
fi
}
install_bbr() {
check_bbr_status
if [ $? -eq 0 ]; then
echo
echo -e "${green}Info:${plain} TCP BBR has already been installed. nothing to do..."
exit 0
fi
check_kernel_version
if [ $? -eq 0 ]; then
echo
echo -e "${green}Info:${plain} Your kernel version is greater than 4.9, directly setting TCP BBR..."
sysctl_config
echo -e "${green}Info:${plain} Setting TCP BBR completed..."
exit 0
fi
if [[ x"${release}" == x"centos" ]]; then
install_elrepo
[ ! "$(command -v yum-config-manager)" ] && yum install -y yum-utils > /dev/null 2>&1
[ x"$(yum-config-manager elrepo-kernel | grep -w enabled | awk '{print $3}')" != x"True" ] && yum-config-manager --enable elrepo-kernel > /dev/null 2>&1
yum -y install kernel-ml kernel-ml-devel
if [ $? -ne 0 ]; then
echo -e "${red}Error:${plain} Install latest kernel failed, please check it."
exit 1
fi
elif [[ x"${release}" == x"debian" || x"${release}" == x"ubuntu" ]]; then
[[ ! -e "/usr/bin/wget" ]] && apt-get -y update && apt-get -y install wget
echo -e "${green}Info:${plain} Getting latest kernel version..."
get_latest_version
if [ -n ${modules_deb_name} ]; then
wget -c -t3 -T60 -O ${deb_kernel_modules_name} ${deb_kernel_modules_url}
if [ $? -ne 0 ]; then
echo -e "${red}Error:${plain} Download ${deb_kernel_modules_name} failed, please check it."
exit 1
fi
fi
wget -c -t3 -T60 -O ${deb_kernel_name} ${deb_kernel_url}
if [ $? -ne 0 ]; then
echo -e "${red}Error:${plain} Download ${deb_kernel_name} failed, please check it."
exit 1
fi
[ -f ${deb_kernel_modules_name} ] && dpkg -i ${deb_kernel_modules_name}
dpkg -i ${deb_kernel_name}
rm -f ${deb_kernel_name} ${deb_kernel_modules_name}
else
echo -e "${red}Error:${plain} OS is not be supported, please change to CentOS/Debian/Ubuntu and try again."
exit 1
fi
install_config
sysctl_config
reboot_os
}
clear
echo "---------- System Information ----------"
echo " OS : $opsy"
echo " Arch : $arch ($lbit Bit)"
echo " Kernel : $kern"
echo "----------------------------------------"
echo " Auto install latest kernel for TCP BBR"
echo
echo " URL: https://teddysun.com/489.html"
echo "----------------------------------------"
echo
echo "Press any key to start...or Press Ctrl+C to cancel"
char=`get_char`
install_bbr 2>&1 | tee ${cur_dir}/install_bbr.log