通过本文,可实现CentOS下shadowsock服务端及客户端的搭建,并把代理的socket5转为http、https。可实现linux主机的全局代理


1. 服务端:


1.1 下载shadowsock一键脚本并赋予执行权限

[root@nginx-m ~]# wget --no-check-certificate -O shadowsocks-all.sh https://raw.githubusercontent.com/teddysun/shadowsocks_install/master/shadowsocks-all.sh
--2018-10-23 14:02:16--  https://raw.githubusercontent.com/teddysun/shadowsocks_install/master/shadowsocks-all.sh
Resolving raw.githubusercontent.com (raw.githubusercontent.com)... 151.101.76.133
Connecting to raw.githubusercontent.com (raw.githubusercontent.com)|151.101.76.133|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 46141 (45K) [text/plain]
Saving to: ‘shadowsocks-all.sh’

100%[=====================================================================>] 46,141      --.-K/s   in 0.004s  

2018-10-23 14:02:16 (11.8 MB/s) - ‘shadowsocks-all.sh’ saved [46141/46141]

[root@nginx-m ~]# chmod +x shadowsocks-all.sh

1.2. 执行安装

[root@nginx-m ~]# ./shadowsocks-all.sh 2>&1 | tee shadowsocks-all.log
Which Shadowsocks server you'd select:  #选择安装的版本
1) Shadowsocks-Python
2) ShadowsocksR
3) Shadowsocks-Go
4) Shadowsocks-libev
Please enter a number (Default Shadowsocks-Python):1    #默认1) Shadowsocks-Python

You choose = Shadowsocks-Python

Please enter password for Shadowsocks-Python        #shadowsock客户端使用的密码
(Default password: teddysun.com):centos

password = centos

Please enter a port for Shadowsocks-Python [1-65535]    #服务端监听的端口
(Default port: 17392):10086

port = 10086

Please select stream cipher for Shadowsocks-Python:     #选择加密算法
1) aes-256-gcm
2) aes-192-gcm
3) aes-128-gcm
4) aes-256-ctr
5) aes-192-ctr
6) aes-128-ctr
7) aes-256-cfb
8) aes-192-cfb
9) aes-128-cfb
10) camellia-128-cfb
11) camellia-192-cfb
12) camellia-256-cfb
13) xchacha20-ietf-poly1305
14) chacha20-ietf-poly1305
15) chacha20-ietf
16) chacha20
17) salsa20
18) rc4-md5
Which cipher you'd select(Default: aes-256-gcm):12

cipher = aes-256-cfb

Press any key to start...or Press Ctrl+C to cancel      #按任意键继续,Ctrl+C取消

1.3. 安装完成

INFO: loading config from /etc/shadowsocks-python/config.json
2018-10-23 14:05:43 INFO     loading libcrypto from libcrypto.so.10
2018-10-23 14:05:43 INFO     loading libsodium from libsodium.so.23
Starting Shadowsocks success

Congratulations, Shadowsocks-Python server install completed!
Your Server IP        :  XX.XX.XXX.XX       #服务端地址
Your Server Port      :  10086              #服务端监听端口
Your Password         :  centos             #客户端访问该服务时使用的密码
Your Encryption Method:  aes-256-cfb        #加密算法

Your QR Code: (For Shadowsocks Windows, OSX, Android and iOS clients)
 ss://YWVzLTI1Ni1nY206Y2VudG9zQDQ3Ljc1LjEyOS43OToxMDA4Ng== 
Your QR Code has been saved as a PNG file path:
 /root/shadowsocks_python_qr.png 

Welcome to visit: https://teddysun.com/486.html
Enjoy it!

1.4. 启动:

  • 启动脚本可用命令:
/etc/init.d/shadowsocks-python start | stop | restart | status
  • 默认启动脚本读取/etc/shadowsocks-python/config.json
[root@nginx-m ~]# /etc/init.d/shadowsocks-python start
INFO: loading config from /etc/shadowsocks-python/config.json
2018-10-23 14:34:09 INFO     loading libcrypto from libcrypto.so.10
2018-10-23 14:34:09 INFO     loading libsodium from libsodium.so.23
started
Starting Shadowsocks success
  • 手动指定配置文件():
[root@nginx-m ~]# /bin/python /usr/bin/ssserver -c /etc/shadowsocks.json -d start
INFO: loading config from /etc/shadowsocks.json
2018-10-23 14:43:06 INFO     loading libcrypto from libcrypto.so.10
2018-10-23 14:43:06 INFO     loading libsodium from libsodium.so.23
started
[root@nginx-m ~]# ss -tnl
State       Recv-Q Send-Q          Local Address:Port                         Peer Address:Port              
LISTEN      0      128                         *:9001                                    *:*                  
LISTEN      0      128                         *:9002                                    *:*                  
LISTEN      0      128                         *:9003                                    *:*                  
LISTEN      0      128                         *:9004                                    *:*                  
LISTEN      0      128                         *:22                                      *:*                  
LISTEN      0      128                         *:8989                                    *:*                  
LISTEN      0      1                   127.0.0.1:32000                                   *:*   

1.5. 配置文件:

  • /etc/init.d/shadowsocks-python启动时默认读取/etc/shadowsocks-python/config.json,该文件不存在时,会读取/etc/shadowsocks.json
  • 单用户配置文件:
{
    "server":"0.0.0.0",             #监听地址
    "server_port":10086,            #对外服务的端口
    "local_address":"127.0.0.1",    
    "local_port":1080,              #本地端口
    "password":"centos",            #对外服务密码
    "timeout":300,                  
    "method":"aes-256-cfb",         #加密算法
    "fast_open":true
}
  • 多用户配置文件:
{
    "server":"0.0.0.0",
    "local_address":"127.0.0.1",
    "local_port":1080,
    "port_password":{
         "8989":"centos",
         "9001":"centos",
         "9002":"centos",
         "9003":"centos",
         "9004":"centos"
    },
    "timeout":300,
    "method":"aes-256-cfb",
    "fast_open": false
}

2. 客户端:

2.1. 安装shadowsock客户端

[root@testweb ~]# pip install --upgrade pip     #升级pip包管理器
Collecting pip
  Downloading http://mirrors.aliyun.com/pypi/packages/c2/d7/90f34cb0d83a6c5631cf71dfe64cc1054598c843a92b400e55675cc2ac37/pip-18.1-py2.py3-none-any.whl (1.3MB)
    100% |████████████████████████████████| 1.3MB 88.6MB/s 
Installing collected packages: pip
  Found existing installation: pip 8.1.2
    Uninstalling pip-8.1.2:
      Successfully uninstalled pip-8.1.2
Successfully installed pip-18.1         #成功升级pip

[root@testweb ~]# pip install shadowsocks
Looking in indexes: http://mirrors.aliyun.com/pypi/simple/
Collecting shadowsocks
  Downloading http://mirrors.aliyun.com/pypi/packages/02/1e/e3a5135255d06813aca6631da31768d44f63692480af3a1621818008eb4a/shadowsocks-2.8.2.tar.gz
Installing collected packages: shadowsocks
  Running setup.py install for shadowsocks ... done
Successfully installed shadowsocks-2.8.2

2.2. 为shadowsock增加配置文件

vim /etc/shadowsocks.json  增加以下内容:
{
"server":"XX.XX.XX.XX",
"server_port":10086,
"local_port":1080,
"password":"centos",
"timeout":600,
"method":"aes-256-cfb"
}

2.3. 启动shadowsock客户端:

[root@testweb ~]# nohup sslocal -c /etc/shadowsocks.json /dev/null 2>&1 &
[1] 22692
[root@testweb ~]# nohup: ignoring input and appending output to ‘nohup.out’     #程序启动时的输出重定向至nohup.out文件

echo " nohup sslocal -c /etc/shadowsocks.json /dev/null 2>&1 &" /etc/rc.local #设置开机自启动

2.4. 测试shadowsock服务是否正常连接

[root@testweb ~]# curl --socks5 127.0.0.1:1080 http://httpbin.org/ip
{
  "origin": "X.X.X.X"   #此处显示shadowsock服务器外网地址即为正常
}

2.5. 安装Privoxy

  • Shadowsocks 是一个 socket5 服务,我们需要使用 Privoxy 把流量转到 http/https 上。
[root@testweb ~]# yum -y install privoxy
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
Resolving Dependencies
--> Running transaction check
---> Package privoxy.x86_64 0:3.0.26-1.el7 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

===============================================================================================================================================
 Package                          Arch                            Version                                  Repository                     Size
===============================================================================================================================================
Installing:
 privoxy                          x86_64                          3.0.26-1.el7                             epel                          936 k

Transaction Summary
===============================================================================================================================================
Install  1 Package

Total download size: 936 k
Installed size: 3.1 M
Downloading packages:
privoxy-3.0.26-1.el7.x86_64.rpm                                                                                         | 936 kB  00:00:00     
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
  Installing : privoxy-3.0.26-1.el7.x86_64                                                                                                 1/1 
  Verifying  : privoxy-3.0.26-1.el7.x86_64                                                                                                 1/1 

Installed:
  privoxy.x86_64 0:3.0.26-1.el7                                                                                                                

Complete!

2.6. 配置privoxy

  • 配置文件路径:/etc/privoxy/config
  • 确保以下两行未被注释,且forward-socks5t的端口号与shadowsock的local端口一致
listen-address 127.0.0.1:8118   
forward-socks5t / 127.0.0.1:1080 .

2.7. 添加环境变量

  • 新建/etc/profile.d/privoxy.sh,添加以下内容并加载
export http_proxy=http://127.0.0.1:8118
export https_proxy=http://127.0.0.1:8118
  • 加载/etc/profile.d/privoxy.sh
source /etc/profile.d/privoxy.sh

2.8. 启动privoxy

[root@lxk ~]# systemctl start privoxy

2.9. 测试

  • curl命令测试:若返回一大堆HTML,则工作正常。
curl www.google.com.hk
  • 也可用elinks测试,若正常,会显示谷歌文本格式界面

2.10. 注意:

  • 若不需使用代理时,把/etc/profile.d/privoxy.sh的内容注释掉

3. 阿里云服务器配置

  • 若shadowsock服务器为阿里云服务器
    • 有外网地址时:在安全组规则中开放10086端口
    • 无外网地址时:需购买EIP,配置DNAT规则

规则实例