Proxy
1. SSR¶
# 1. Create a droplet on digitalocean
# 2. Deploy ssr
wget --no-check-certificate https://raw.githubusercontent.com/teddysun/shadowsocks_install/master/shadowsocksR.sh
chmod +x shadowsocksR.sh
./shadowsocksR.sh 2>&1 | tee shadowsocksR.log
# rc4-md5 auth_sha1_v4 plain
2. V2ray¶
To install V2Ray on the server, run
wget https://install.direct/go.sh
chmod +x go.sh
sudo ./go.sh
V2ray locates at /etc/v2ray
, the configuration is saved at /etc/v2ray/config.json
, including id
, port
, alterId
, etc.
sudo vim /etc/v2ray/config.json
V2ray needs to be started manually, run
sudo systemctl start v2ray
sudo systemctl restart v2ray
sudo systemctl enable v2ray
sudo systemctl stop v2ray
Available V2ray clients:
- MacOSX: V2rayU
- iOS: Shadowrocket
3. ss+v2ray-plugin¶
3.1 安装shadowsocks-libev¶
sudo apt install shadowsocks-libev
sudo vim /lib/systemd/system/shadowsocks-libev.service
在shadowsocks-libev.service
中设置用户和group
User=root
Group=root
检查是否开启了防火墙,关闭防火墙,或者开启端口号
sudo ufw disable
3.2 下载v2ray-plugin¶
wget https://github.com/shadowsocks/v2ray-plugin/releases/download/v1.3.1/v2ray-plugin-linux-amd64-v1.3.1.tar.gz
tar -zxvf v2ray-plugin-linux-amd64-v1.3.1.tar.gz
sudo mv v2ray-plugin_linux_amd64 /usr/bin/v2ray-plugin
3.3 准备域名和dns¶
准备域名,解析到主机ip
namesilo买域名,然后设置dns
3.4 配置证书¶
acme.sh配置证书
curl https://get.acme.sh | sh
sudo apt install socat
acme.sh --register-account -m $EMAIL
acme.sh --issue -d $HOST --standalone -k ec-256
mkdir $CERT_ROOT
# 这个是为了自动更新证书,之前设置没有成功,因为需要fullchain.cer
acme.sh --install-cert -d $HOST --key-file $CERT_ROOT/$HOST.key --cert-file $CERT_ROOT/$HOST.cer --ecc --reloadcmd "sudo systemctl restart shadowsocks-libev"
3.5 设置ss¶
sudo vim /etc/shadowsocks-libev/config.json
配置如下
{
"server":"0.0.0.0",
"server_port":$PORT,
"local_port":$LOCAL_PORT,
"password":$PASSWORD,
"timeout":60,
"method":"chacha20-ietf-poly1305",
"mode":"tcp_and_udp",
"plugin":"v2ray-plugin",
"plugin_opts":"server;tls;host=$HOST;cert=$CERT_ROOT/fullchain.cer;key=$CERT_ROOT/$HOST.key;loglevel=none"
}
3.6 更新证书¶
一定时间后,遇到了不能使用的情况,更新证书后恢复,流程如下
# 因为acme.sh standalone需要在80端口启动一个server,而nginx也占用了80端口,所以要停掉nginx
sudo systemctl stop nginx
# 重新生成证书,验证生成路径和 /etc/shadowsocks-libev/config.json 一样
acme.sh --issue -d $HOST --standalone -k ec-256
# 重启ss即可
systemctl stop shadowsocks-libev.service
systemctl start shadowsocks-libev.service