s*s*-libev配置多端口的最优方法
来源:互联网 发布:随机算法软件 编辑:程序博客网 时间:2024/05/11 13:53
s*s*在网上介绍最多的要数其python实现的版本了,但如果论性能,非s*s*-libev莫属了,随便搜一下,这些版本都有“一键安装脚本”,安装是不成问题了,也有很多文章讨论怎么配置多端口的,本文讨论一种最优的方法。
首先,确认一下所安装的版本:
which ss-manager
如果能找到,证明你安装的版本适用本配置方法,那就继续以下的步骤吧。
本文是在CentOS 7系统上操作的步骤记录,仅供参考,其中的操作风格可能因操作系统而异,请自行调整:
1.安装NetCat:
yum install nmap-ncat
如果已有,本步骤可免。
2.安装redhat-lsb:
yum install redhat-lsb
如果已有,本步骤可免。
3.下载编译start-stop-daemon:
which start-stop-daemon
如果已有,直接进行步骤4.
搜索 start-stop-daemon-IR1_9_18 得到链接并下载、解压;
cd 进入其 scr 路径;
gcc start-stop-daemon.c -o start-stop-daemon
chmod 755 start-stop-daemon
mv start-stop-daemon /usr/bin/
4.配置文件
mkdir /etc/ss-libev
4.1
vi /etc/default/ss-libev
# Enable during startup?
START=yes
# Configuration file
CONFFILE=/etc/ss-libev/config.json
# Extra command line arguments
DAEMON_ARGS="-u"
# User and group to run the server as
USER=root
GROUP=root
# Number of maximum file descriptors
MAXFD=32768
4.2
vi /etc/ss-libev/config.json
{
"server":["0.0.0.0"],
"timeout":60,
"method":"aes-256-cfb"
}
4.3
vi /etc/ss-libev/ports
# port,"password"
# You can set as many lines as you need.
8388,"yXbl2IBe"
8389,"EiZ1Ml2b"
4.服务脚本:
4.1
vi /usr/local/bin/ss-libev
#!/bin/bash
### BEGIN INIT INFO
# Provides: ss-libev
# Required-Start: $network $local_fs $remote_fs
# Required-Stop: $remote_fs
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: lightweight secured socks5 proxy
# Description: Shadowsocks-libev is a lightweight secured
# socks5 proxy for embedded devices and low end boxes.
# File: /etc/init.d/ss-libev
### END INIT INFO
# Author: Suntongo <suntongo@hotmail.com>
# PATH should only include /usr/ if it runs after the mountnfs.sh script
PATH=/sbin:/usr/sbin:/bin:/usr/bin
DESC=ss-libev # Introduce a short description here
NAME=ss-libev # Introduce the short server's name here
MANAGER=/usr/bin/ss-manager # Introduce the manager's location here
DAEMONNM=ss-server
DAEMON=/usr/bin/$DAEMONNM # Introduce the server's location here
DAEMONCTL=/usr/bin/start-stop-daemon
PIDFILE=/var/run/$NAME.pid
SCRIPTNAME=/etc/init.d/$NAME
UNXSOCK=/tmp/$NAME.sock
NETCAT="/usr/bin/nc -Uu $UNXSOCK"
# Exit if the package is not installed
[ -x $MANAGER ] || exit 2
[ -x $DAEMON ] || exit 2
[ -x $DAEMONCTL ] || exit 2
# Read configuration variable file if it is present
[ -r /etc/default/$NAME ] && . /etc/default/$NAME
: ${START:="yes"}
: ${CONFFILE:=/etc/$NAME/config.json}
: ${PORTFILE:=/etc/$NAME/ports}
: ${DAEMON_ARGS:="-u"}
: ${USER:="root"}
: ${GROUP:="root"}
: ${MAXFD:=32768}
# Load the VERBOSE setting and other rcS variables
#. /lib/init/vars.sh
: ${VERBOSE:="yes"}
# Define LSB log_* functions.
# Depend on lsb-base (>= 3.0-6) to ensure that this file is present.
. /lib/lsb/init-functions
PORTS=""
#
# Function that adds PORTs
#
add_ports()
{
grep -Ev "^[[:blank:]]*(#|$)" $PORTFILE | \
while read PORT
do
PORT_num=$(echo $PORT|cut -d \, -f 1)
PORT_pswd=$(echo $PORT|cut -d \, -f 2)
echo -e 'add: {"server_port": '$PORT_num', "password": '$PORT_pswd'}\n'|$NETCAT
[ "$VERBOSE" != no ] && echo -e '+"server_port": '$PORT_num
done
}
#
# Function that starts the daemon/service
#
do_start()
{
[ "$START" = "yes" ] || return 2
[ -r $PORTFILE ] || return 2
[ -r $CONFFILE ] || return 2
# Modify the file descriptor limit
ulimit -n ${MAXFD}
# Take care of pidfile permissions
#mkdir /var/run/$DESC 2>/dev/null || true
#chown "$USER:$GROUP" /var/run/$DESC
# Return
# 0 if daemon has been started
# 1 if daemon was already running
# 2 if daemon could not be started
$DAEMONCTL --start --quiet --pidfile $PIDFILE --chuid $USER:$GROUP --exec $MANAGER --test > /dev/null
case "$?" in
0)
$MANAGER --manager-address $UNXSOCK -f $PIDFILE --executable $DAEMON -c $CONFFILE -a $USER $DAEMON_ARGS
add_ports ;;
1)
add_ports ;;
2)
return 2 ;;
esac
return 0
}
#
# Function that lists PORTs
#
list_ports()
{
$DAEMONCTL --start --quiet --pidfile $PIDFILE --chuid $USER:$GROUP --exec $MANAGER --test > /dev/null
[ "$?" != 1 ] && return "$?"
coproc $NETCAT -i 0.3
echo -e 'ping\n\'>&${COPROC[1]}
read -t 0.1 -d '{' -u ${COPROC[0]}
read -t 0.1 -d '}' -u ${COPROC[0]} PORTS
#echo -e $COPROC_PID
Fd0=${COPROC[0]}
Fd1=${COPROC[1]}
exec {Fd0}>&-
exec {Fd1}>&-
wait $COPROC_PID
[ -n "$PORTS" ] && PORTS=$(echo -n "$PORTS,"|tr -d \")
return 1
}
#
# Function that stops the daemon/service
#
do_stop()
{
# Return
# 0 if daemon has been stopped
# 1 if daemon was already stopped
# 2 if daemon could not be stopped
# other if a failure occurred
list_ports
[ "$?" != 1 ] && return "$?"
if [ -n "$PORTS" ]; then
echo $PORTS| \
while read -d ',' PORT
do
echo -e 'remove: {"server_port": '${PORT%:*}'}\n'|$NETCAT
[ "$VERBOSE" != no ] && echo -e '-"server_port": '$PORT
done
else
[ "$VERBOSE" != no ] && echo -n "Already stoped."
fi
return 1
}
case "$1" in
start)
[ "$VERBOSE" != no ] && echo "Starting $DESC"
do_start
case "$?" in 0|1)
[ "$VERBOSE" != no ] && log_success_msg ;;
2)
[ "$VERBOSE" != no ] && log_failure_msg ;;
esac ;;
stop)
[ "$VERBOSE" != no ] && echo "Stopping $DESC"
do_stop
case "$?" in 0|1)
[ "$VERBOSE" != no ] && log_success_msg ;;
2)
[ "$VERBOSE" != no ] && log_failure_msg ;;
esac ;;
status)
echo -n "Status of $DESC ----- "
list_ports
case "$?" in
0)
echo "Not run."
exit 0 ;;
1)
if [ -z "$PORTS" ]; then
echo "No port."
else
echo "Found server ports:"
echo $PORTS| \
while read -d ',' PORT
do
echo ${PORT%:*}
done
fi
exit 1;;
*)
exit 2 ;;
esac ;;
clear)
[ "$VERBOSE" != no ] && echo "Clearing $DESC"
do_stop
case "$?" in
0)
[ "$VERBOSE" != no ] && log_success_msg ;;
1)
$DAEMONCTL --stop --quiet --chuid $USER:$GROUP --retry=KILL/5 --pidfile $PIDFILE --exec $MANAGER
[ "$VERBOSE" != no ] && log_success_msg ;;
*)
[ "$VERBOSE" != no ] && log_failure_msg ;;
esac;;
restart|force-reload)
echo "Restarting $DESC"
do_stop
case "$?" in
0|1)
do_start
case "$?" in
0)
log_success_msg ;;
1)
log_failure_msg ;;
# Old process is still running
*)
log_failure_msg ;;
# Failed to start
esac ;;
*)
# Failed to stop
log_failure_msg ;;
esac ;;
*)
echo "Usage: $SCRIPTNAME {start|stop|status|restart|force-reload|clear}" >&2 exit 3 ;;
esac
4.2赋予脚本可执行权限:
chmod 755 /usr/local/bin/ss-libev
4.3 (CentOS 6)
cd /etc/init.d/
ln -s /usr/local/bin/ss-libev ss-libev
4.3 (CentOS 7)
vi /usr/lib/systemd/system/ss-libev.service
[Unit]
Description=The ShadowSocks Server
After=network.target
[Service]
Type=oneshot
RemainAfterExit=yes
ExecStart=/usr/local/bin/ss-libev start
ExecReload=/usr/local/bin/ss-libev force-reload
ExecStop=/usr/local/bin/ss-libev stop
Restart=/usr/local/bin/ss-libev restart
[Install]
WantedBy=multi-user.target
使服务生效:
systemctl enable ss-libev.service
4.4
service ss-libev start
5.防火墙设置
iptables:
-I INPUT -p tcp -m tcp --dport 8384:8389 -j ACCEPT
-I INPUT -p udp -m udp --dport 8384:8389 -j ACCEPT
service iptables save
firewalld:
firewall-cmd --permanent --new-service=ss-libev
firewall-cmd --permanent --service=ss-libev --add-port=8384-8389/tcp
firewall-cmd --permanent --service=ss-libev --add-port=8384-8389/udp
firewall-cmd --zone=public --add-service=ss-libev
6.更改端口的方法:
1)如打算让开机启动也生效,编辑/etc/ss-libev/ports,然后:
/usr/local/bin/ss-libev restart
2)如果仅打算临时添加、移除或更改端口密码,可用netcat向ss-manager发送指令:
添加:
echo -e 'add: {"server_port": 8387, "password":"teddy.com!"}\n'|nc -Uu /tmp/ss-libev.sock
移除:
echo -e 'remove: {"server_port": 8388}\n\n'|nc -Uu /tmp/ss-libev.sock
改密码:(先移除,再添加)
echo -e 'remove: {"server_port": 8389}\n\n'|nc -Uu /tmp/ss-libev.sock
echo -e 'add: {"server_port": 8389, "password":"kitty.net!"}\n\n'|nc -Uu /tmp/ss-libev.sock
首先,确认一下所安装的版本:
which ss-manager
如果能找到,证明你安装的版本适用本配置方法,那就继续以下的步骤吧。
本文是在CentOS 7系统上操作的步骤记录,仅供参考,其中的操作风格可能因操作系统而异,请自行调整:
1.安装NetCat:
yum install nmap-ncat
如果已有,本步骤可免。
2.安装redhat-lsb:
yum install redhat-lsb
如果已有,本步骤可免。
3.下载编译start-stop-daemon:
which start-stop-daemon
如果已有,直接进行步骤4.
搜索 start-stop-daemon-IR1_9_18 得到链接并下载、解压;
cd 进入其 scr 路径;
gcc start-stop-daemon.c -o start-stop-daemon
chmod 755 start-stop-daemon
mv start-stop-daemon /usr/bin/
4.配置文件
mkdir /etc/ss-libev
4.1
vi /etc/default/ss-libev
# Enable during startup?
START=yes
# Configuration file
CONFFILE=/etc/ss-libev/config.json
# Extra command line arguments
DAEMON_ARGS="-u"
# User and group to run the server as
USER=root
GROUP=root
# Number of maximum file descriptors
MAXFD=32768
4.2
vi /etc/ss-libev/config.json
{
"server":["0.0.0.0"],
"timeout":60,
"method":"aes-256-cfb"
}
4.3
vi /etc/ss-libev/ports
# port,"password"
# You can set as many lines as you need.
8388,"yXbl2IBe"
8389,"EiZ1Ml2b"
4.服务脚本:
4.1
vi /usr/local/bin/ss-libev
#!/bin/bash
### BEGIN INIT INFO
# Provides: ss-libev
# Required-Start: $network $local_fs $remote_fs
# Required-Stop: $remote_fs
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: lightweight secured socks5 proxy
# Description: Shadowsocks-libev is a lightweight secured
# socks5 proxy for embedded devices and low end boxes.
# File: /etc/init.d/ss-libev
### END INIT INFO
# Author: Suntongo <suntongo@hotmail.com>
# PATH should only include /usr/ if it runs after the mountnfs.sh script
PATH=/sbin:/usr/sbin:/bin:/usr/bin
DESC=ss-libev # Introduce a short description here
NAME=ss-libev # Introduce the short server's name here
MANAGER=/usr/bin/ss-manager # Introduce the manager's location here
DAEMONNM=ss-server
DAEMON=/usr/bin/$DAEMONNM # Introduce the server's location here
DAEMONCTL=/usr/bin/start-stop-daemon
PIDFILE=/var/run/$NAME.pid
SCRIPTNAME=/etc/init.d/$NAME
UNXSOCK=/tmp/$NAME.sock
NETCAT="/usr/bin/nc -Uu $UNXSOCK"
# Exit if the package is not installed
[ -x $MANAGER ] || exit 2
[ -x $DAEMON ] || exit 2
[ -x $DAEMONCTL ] || exit 2
# Read configuration variable file if it is present
[ -r /etc/default/$NAME ] && . /etc/default/$NAME
: ${START:="yes"}
: ${CONFFILE:=/etc/$NAME/config.json}
: ${PORTFILE:=/etc/$NAME/ports}
: ${DAEMON_ARGS:="-u"}
: ${USER:="root"}
: ${GROUP:="root"}
: ${MAXFD:=32768}
# Load the VERBOSE setting and other rcS variables
#. /lib/init/vars.sh
: ${VERBOSE:="yes"}
# Define LSB log_* functions.
# Depend on lsb-base (>= 3.0-6) to ensure that this file is present.
. /lib/lsb/init-functions
PORTS=""
#
# Function that adds PORTs
#
add_ports()
{
grep -Ev "^[[:blank:]]*(#|$)" $PORTFILE | \
while read PORT
do
PORT_num=$(echo $PORT|cut -d \, -f 1)
PORT_pswd=$(echo $PORT|cut -d \, -f 2)
echo -e 'add: {"server_port": '$PORT_num', "password": '$PORT_pswd'}\n'|$NETCAT
[ "$VERBOSE" != no ] && echo -e '+"server_port": '$PORT_num
done
}
#
# Function that starts the daemon/service
#
do_start()
{
[ "$START" = "yes" ] || return 2
[ -r $PORTFILE ] || return 2
[ -r $CONFFILE ] || return 2
# Modify the file descriptor limit
ulimit -n ${MAXFD}
# Take care of pidfile permissions
#mkdir /var/run/$DESC 2>/dev/null || true
#chown "$USER:$GROUP" /var/run/$DESC
# Return
# 0 if daemon has been started
# 1 if daemon was already running
# 2 if daemon could not be started
$DAEMONCTL --start --quiet --pidfile $PIDFILE --chuid $USER:$GROUP --exec $MANAGER --test > /dev/null
case "$?" in
0)
$MANAGER --manager-address $UNXSOCK -f $PIDFILE --executable $DAEMON -c $CONFFILE -a $USER $DAEMON_ARGS
add_ports ;;
1)
add_ports ;;
2)
return 2 ;;
esac
return 0
}
#
# Function that lists PORTs
#
list_ports()
{
$DAEMONCTL --start --quiet --pidfile $PIDFILE --chuid $USER:$GROUP --exec $MANAGER --test > /dev/null
[ "$?" != 1 ] && return "$?"
coproc $NETCAT -i 0.3
echo -e 'ping\n\'>&${COPROC[1]}
read -t 0.1 -d '{' -u ${COPROC[0]}
read -t 0.1 -d '}' -u ${COPROC[0]} PORTS
#echo -e $COPROC_PID
Fd0=${COPROC[0]}
Fd1=${COPROC[1]}
exec {Fd0}>&-
exec {Fd1}>&-
wait $COPROC_PID
[ -n "$PORTS" ] && PORTS=$(echo -n "$PORTS,"|tr -d \")
return 1
}
#
# Function that stops the daemon/service
#
do_stop()
{
# Return
# 0 if daemon has been stopped
# 1 if daemon was already stopped
# 2 if daemon could not be stopped
# other if a failure occurred
list_ports
[ "$?" != 1 ] && return "$?"
if [ -n "$PORTS" ]; then
echo $PORTS| \
while read -d ',' PORT
do
echo -e 'remove: {"server_port": '${PORT%:*}'}\n'|$NETCAT
[ "$VERBOSE" != no ] && echo -e '-"server_port": '$PORT
done
else
[ "$VERBOSE" != no ] && echo -n "Already stoped."
fi
return 1
}
case "$1" in
start)
[ "$VERBOSE" != no ] && echo "Starting $DESC"
do_start
case "$?" in 0|1)
[ "$VERBOSE" != no ] && log_success_msg ;;
2)
[ "$VERBOSE" != no ] && log_failure_msg ;;
esac ;;
stop)
[ "$VERBOSE" != no ] && echo "Stopping $DESC"
do_stop
case "$?" in 0|1)
[ "$VERBOSE" != no ] && log_success_msg ;;
2)
[ "$VERBOSE" != no ] && log_failure_msg ;;
esac ;;
status)
echo -n "Status of $DESC ----- "
list_ports
case "$?" in
0)
echo "Not run."
exit 0 ;;
1)
if [ -z "$PORTS" ]; then
echo "No port."
else
echo "Found server ports:"
echo $PORTS| \
while read -d ',' PORT
do
echo ${PORT%:*}
done
fi
exit 1;;
*)
exit 2 ;;
esac ;;
clear)
[ "$VERBOSE" != no ] && echo "Clearing $DESC"
do_stop
case "$?" in
0)
[ "$VERBOSE" != no ] && log_success_msg ;;
1)
$DAEMONCTL --stop --quiet --chuid $USER:$GROUP --retry=KILL/5 --pidfile $PIDFILE --exec $MANAGER
[ "$VERBOSE" != no ] && log_success_msg ;;
*)
[ "$VERBOSE" != no ] && log_failure_msg ;;
esac;;
restart|force-reload)
echo "Restarting $DESC"
do_stop
case "$?" in
0|1)
do_start
case "$?" in
0)
log_success_msg ;;
1)
log_failure_msg ;;
# Old process is still running
*)
log_failure_msg ;;
# Failed to start
esac ;;
*)
# Failed to stop
log_failure_msg ;;
esac ;;
*)
echo "Usage: $SCRIPTNAME {start|stop|status|restart|force-reload|clear}" >&2 exit 3 ;;
esac
4.2赋予脚本可执行权限:
chmod 755 /usr/local/bin/ss-libev
4.3 (CentOS 6)
cd /etc/init.d/
ln -s /usr/local/bin/ss-libev ss-libev
4.3 (CentOS 7)
vi /usr/lib/systemd/system/ss-libev.service
[Unit]
Description=The ShadowSocks Server
After=network.target
[Service]
Type=oneshot
RemainAfterExit=yes
ExecStart=/usr/local/bin/ss-libev start
ExecReload=/usr/local/bin/ss-libev force-reload
ExecStop=/usr/local/bin/ss-libev stop
Restart=/usr/local/bin/ss-libev restart
[Install]
WantedBy=multi-user.target
使服务生效:
systemctl enable ss-libev.service
4.4
service ss-libev start
5.防火墙设置
iptables:
-I INPUT -p tcp -m tcp --dport 8384:8389 -j ACCEPT
-I INPUT -p udp -m udp --dport 8384:8389 -j ACCEPT
service iptables save
firewalld:
firewall-cmd --permanent --new-service=ss-libev
firewall-cmd --permanent --service=ss-libev --add-port=8384-8389/tcp
firewall-cmd --permanent --service=ss-libev --add-port=8384-8389/udp
firewall-cmd --zone=public --add-service=ss-libev
6.更改端口的方法:
1)如打算让开机启动也生效,编辑/etc/ss-libev/ports,然后:
/usr/local/bin/ss-libev restart
2)如果仅打算临时添加、移除或更改端口密码,可用netcat向ss-manager发送指令:
添加:
echo -e 'add: {"server_port": 8387, "password":"teddy.com!"}\n'|nc -Uu /tmp/ss-libev.sock
移除:
echo -e 'remove: {"server_port": 8388}\n\n'|nc -Uu /tmp/ss-libev.sock
改密码:(先移除,再添加)
echo -e 'remove: {"server_port": 8389}\n\n'|nc -Uu /tmp/ss-libev.sock
echo -e 'add: {"server_port": 8389, "password":"kitty.net!"}\n\n'|nc -Uu /tmp/ss-libev.sock
7.查看正在使用的端口
/usr/local/bin/ss-libev status
或者:
lsof -i -ac ss-server 0 0
- s*s*-libev配置多端口的最优方法
- debian 8 (systemd) 上 Shadowsocks-libev 的安装与多端口配置
- Ubuntu上apache多端口配置虚拟主机的方法
- 虚拟主机多端口的配置
- Tomcat 多端口,多虚拟主机配置方法
- tomcat多端口,多虚拟主机配置方法
- Tomcat 多端口,多虚拟主机配置方法
- Tomcat 多端口,多虚拟主机配置方法
- Apache多端口多目录配置方法
- Thinkphp S方法的redis配置
- Windows下配置多端口的Mysql
- oracle多端口监听的配置
- apache 配置多端口
- apache配置多端口
- tomcat多端口配置
- apache配置多端口
- 配置 apache 多端口
- apache 多端口配置
- 【LeetCode】 223. Rectangle Area
- win版git的安装及获取源码踩过的坑(超清晰)
- 【LeetCode】 225. Implement Stack using Queues
- 基础1
- 【LeetCode】 226. Invert Binary Tree
- s*s*-libev配置多端口的最优方法
- 【LeetCode】 231. Power of Two
- 手机抓取数据学习笔记
- Git使用积累
- 求某一天星期几。(基姆拉尔森计算公式)
- new/delete用法
- Longest Common Prefix
- CentOS6.5下MariaDB日志及事物详解和基本操作语句
- LA4258 Metal