0%

Ubuntu 终端使用shadowsocks全局代理

发表于 更新于 分类于
本文字数: 4.4k 阅读时长 ≈ 4 分钟

Ubuntu 终端使用shadowsocks全局代理

配置 ShadowSocks 客户端

1
2
3
sudo apt-get install python-pip
sudo pip install shadowsocks
sudo vim /etc/ssclient.conf

配置文件如下:

1
2
3
4
5
6
7
8
9
10
11
{
    "server":"serverip",
    "server_port":12345,
    "local_address": "127.0.0.1",
    "local_port":1080,
    "password":"ss密码",
    "timeout":300,
    "method":"aes-256-cfb",
    "fast_open": true,
    "workers": 1
}

配置说明:

  • “server”
    • 服务端ip
  • “method”
    • 加密方式
  • “password”
    • 服务端密码
  • “fast_open”
    • 可选 true 或 false。如果你的服务器 Linux 内核在3.7+,可以开启 fast_open 以降低延迟。开启方法: echo 3 > /proc/sys/net/ipv4/tcp_fastopen 开启之后,将 fast_open 的配置设置为 true 即可

开启shadowsocks:

1
2
3
4
5
6
7
8
9
tmux

# 启动 SS
sudo nohup sslocal -c /etc/ssclient.conf >/dev/null 2>&1 &
# 查看进程
sudo ps aux |grep sslocal |grep -v "grep"

# 添加开启启动
echo "nohup /usr/local/bin/sslocal -c /etc/ssclient.conf /dev/null 2>&1 &" >> /etc/rc.local

如果启动sslocal出现错误:

1
AttributeError: /usr/lib/x86_64-linux-gnu/libcrypto.so.1.1: undefined symbol: EVP_CIPHER_CTX_cleanup

参考解决方法: run sslocal raise error:

1
pip install -U git+https://github.com/shadowsocks/shadowsocks.git@master

使用 privoxy 将Sock5代理转化为Http代理

1
sudo apt-get install privoxy -y

修改配置文件:

1
2
3
sudo cp /etc/privoxy/config /etc/privoxy/config.bak     # 备份配置文件
sed -i '/^#/d' /etc/privoxy/config                      # 删除#开头的注释行(太多了,看着累)
sudo vim /etc/privoxy/config                            # 修改配置文件

找到 listen-address 确保有这行代码 listen-address 127.0.0.1:8118
找到 forward-socks5 确保有这行代码(没有自己加) forward-socks5 / 127.0.0.1:1080 .

配置文件如下:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
user-manual /usr/share/doc/privoxy/user-manual
confdir /etc/privoxy
logdir /var/log/privoxy
actionsfile match-all.action # Actions that are applied to all sites and maybe overruled later on.
actionsfile default.action   # Main actions file
actionsfile user.action      # User customizations
filterfile default.filter
filterfile user.filter      # User customizations
logfile logfile
listen-address  127.0.0.1:8118
listen-address  [::1]:8118
toggle  1
enable-remote-toggle  0
enable-remote-http-toggle  0
enable-edit-actions 0
enforce-blocks 0
buffer-limit 4096
enable-proxy-authentication-forwarding 0
forwarded-connect-retries  0
accept-intercepted-requests 0
allow-cgi-request-crunching 0
split-large-forms 0
keep-alive-timeout 5
tolerate-pipelining 1
socket-timeout 300
forward-socks5 / 127.0.0.1:1080 .

启动privoxy

1
2
sudo service privoxy start
sudo service privoxy status

配置转发

1
2
export http_proxy="http://127.0.0.1:8118"
export https_proxy="http://127.0.0.1:8118"

测试

1
2
root@kali:~# curl 4.icanhazip.com
35.201.129.180

也可以使用 Polipo 代替 Privoxy

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
sudo apt-get install polipo -y

cp /etc/polipo/config /etc/polipo/config.bak

cat > /etc/polipo/config<<EOF
logSyslog = true
logFile = /var/log/polipo/polipo.log
proxyAddress = "0.0.0.0"
socksParentProxy = "127.0.0.1:1080"
socksProxyType = socks5
chunkHighMark = 50331648
objectHighMark = 16384
serverMaxSlots = 64
serverSlots = 16
serverSlots1 = 32
EOF
sudo /etc/init.d/polipo restart
export http_proxy="http://127.0.0.1:8123/"
export https_proxy="http://127.0.0.1:8123/"


服务器重启后,下面两句需要重新执行:

1
2
3
4
sudo sslocal -c /etc/ssclient.conf -d start

export http_proxy="http://127.0.0.1:8123/"
export https_proxy="http://127.0.0.1:8123/"

取消代理:

1
2
unset http_proxy
unset https_proxy

参考链接:

使用supervisor管理shadowsocks进程

安装supervisor

1
sudo apt-get install supervisor

添加ss配置文件

vim /etc/supervisor/conf.d/ss.conf

1
2
3
4
5
6
7
8
[program:ss]
command=/usr/local/bin/sslocal -c /etc/ssclient.conf
user=root
directory=/root
stdout_logfile=/var/log/supervisor/%(program_name)s-stdout.log
stderr_logfile=/var/log/supervisor/%(program_name)s-stderr.log
killasgroup=true
stopasgroup=true

使用supervisor启动ss:

1
2
3
4
5
6
7
sudo service supervisor restart
sudo supervisorctl restart ss

root@huang:~# lsof -i :1080
COMMAND  PID USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
sslocal 3148 root    3u  IPv4  33691      0t0  TCP localhost:socks (LISTEN)
sslocal 3148 root    4u  IPv4  33692      0t0  UDP localhost:socks

为git协议设置代理

使用ProxyChains-NG

1
2
3
4
git clone https://github.com/rofl0r/proxychains-ng.git
cd proxychains-ng
sudo ./configure
sudo make && make install

sudo vim /etc/proxychains.conf

添加如下配置:

1
2
3
4
5
6
7
8
9
10
strict_chain
proxy_dns 
remote_dns_subnet 224
tcp_read_time_out 15000
tcp_connect_time_out 8000
localnet 127.0.0.0/255.0.0.0
quiet_mode

[ProxyList]
socks5  127.0.0.1 1080

在需要代理的命令前加上 proxychains4 ,如:

1
2
3
proxychains4 curl ip.sb

proxychains4 git clone git://github.com/WordPress/WordPress.git

使用tsocks

1
2
apt-get install tsocks
vim /etc/tsocks.conf

配置如下:

1
2
3
4
5
6
7
8
9
10
11
12
13
local = 192.168.0.0/255.255.255.0
local = 10.0.0.0/255.0.0.0
path {
	reaches = 150.0.0.0/255.255.0.0
	reaches = 150.1.0.0:80/255.255.0.0
	server = 10.1.7.25
	server_type = 5
	default_user = delius
	default_pass = hello
}
server = 127.0.0.1
server_type = 5
server_port = 1080

使用:

1
tsocks curl ip.sb