Proxy

1. SSR¶

# 1. Create a droplet on digitalocean
# 2. Deploy ssr
wget --no-check-certificate  https://raw.githubusercontent.com/teddysun/shadowsocks_install/master/shadowsocksR.sh
chmod +x shadowsocksR.sh
 ./shadowsocksR.sh 2>&1 | tee shadowsocksR.log
# rc4-md5 auth_sha1_v4 plain

2. V2ray¶

Reference

To install V2Ray on the server, run

wget https://install.direct/go.sh
chmod +x go.sh
sudo ./go.sh

V2ray locates at /etc/v2ray, the configuration is saved at /etc/v2ray/config.json, including id, port, alterId, etc.

sudo vim /etc/v2ray/config.json

V2ray needs to be started manually, run

sudo systemctl start v2ray
sudo systemctl restart v2ray
sudo systemctl enable v2ray
sudo systemctl stop v2ray

Available V2ray clients:

MacOSX: V2rayU
iOS: Shadowrocket

3. ss+v2ray-plugin¶

3.1 安装shadowsocks-libev¶

sudo apt install shadowsocks-libev
sudo vim /lib/systemd/system/shadowsocks-libev.service

在shadowsocks-libev.service中设置用户和group

User=root
Group=root

检查是否开启了防火墙，关闭防火墙，或者开启端口号

sudo ufw disable

3.2 下载v2ray-plugin¶

wget https://github.com/shadowsocks/v2ray-plugin/releases/download/v1.3.1/v2ray-plugin-linux-amd64-v1.3.1.tar.gz
tar -zxvf v2ray-plugin-linux-amd64-v1.3.1.tar.gz
sudo mv v2ray-plugin_linux_amd64 /usr/bin/v2ray-plugin

3.3 准备域名和dns¶

准备域名，解析到主机ip

namesilo买域名，然后设置dns

3.4 配置证书¶

acme.sh配置证书

curl https://get.acme.sh | sh
sudo apt install socat
acme.sh --register-account -m $EMAIL
acme.sh --issue -d $HOST --standalone -k ec-256
mkdir $CERT_ROOT
# 这个是为了自动更新证书，之前设置没有成功，因为需要fullchain.cer
acme.sh --install-cert -d $HOST --key-file $CERT_ROOT/$HOST.key --cert-file $CERT_ROOT/$HOST.cer --ecc --reloadcmd "sudo systemctl restart shadowsocks-libev"

3.5 设置ss¶

sudo vim /etc/shadowsocks-libev/config.json

配置如下

{
    "server":"0.0.0.0",
    "server_port":$PORT,
    "local_port":$LOCAL_PORT,
    "password":$PASSWORD,
    "timeout":60,
    "method":"chacha20-ietf-poly1305",
    "mode":"tcp_and_udp",
    "plugin":"v2ray-plugin",
    "plugin_opts":"server;tls;host=$HOST;cert=$CERT_ROOT/fullchain.cer;key=$CERT_ROOT/$HOST.key;loglevel=none"
}

3.6 更新证书¶

一定时间后，遇到了不能使用的情况，更新证书后恢复，流程如下

# 因为acme.sh standalone需要在80端口启动一个server，而nginx也占用了80端口，所以要停掉nginx
sudo systemctl stop nginx
# 重新生成证书，验证生成路径和 /etc/shadowsocks-libev/config.json 一样
acme.sh --issue -d $HOST --standalone -k ec-256
# 重启ss即可
systemctl stop shadowsocks-libev.service
systemctl start shadowsocks-libev.service