习惯使用Google,就不想用用百度了,fck the fw,走清末闭关政策,买的付费tunnel又不靠谱,而且还有隐私/安全问题,无奈只能自己搭一个了

1 服务器

2 服务端

3 客户端

1 服务器

服务器可以选择AWS,阿里云,或者国外的一些VPS,只要买国外区域的,配置1c1g,加一个公网IP(EIP) 就好了,然后登录方式选择密钥登录,取消密码登录

#####1.1 配置系统参数

Create /etc/sysctl.d/local.conf with the following content:

# max open files
fs.file-max = 51200
# max read buffer
net.core.rmem_max = 67108864
# max write buffer
net.core.wmem_max = 67108864
# default read buffer
net.core.rmem_default = 65536
# default write buffer
net.core.wmem_default = 65536
# max processor input queue
net.core.netdev_max_backlog = 4096
# max backlog
net.core.somaxconn = 4096

# resist SYN flood attacks
net.ipv4.tcp_syncookies = 1
# reuse timewait sockets when safe
net.ipv4.tcp_tw_reuse = 1
# turn off fast timewait sockets recycling
net.ipv4.tcp_tw_recycle = 0
# short FIN timeout
net.ipv4.tcp_fin_timeout = 30
# short keepalive time
net.ipv4.tcp_keepalive_time = 1200
# outbound port range
net.ipv4.ip_local_port_range = 10000 65000
# max SYN backlog
net.ipv4.tcp_max_syn_backlog = 4096
# max timewait sockets held by system simultaneously
net.ipv4.tcp_max_tw_buckets = 5000
# turn on TCP Fast Open on both client and server side
net.ipv4.tcp_fastopen = 3
# TCP receive buffer
net.ipv4.tcp_rmem = 4096 87380 67108864
# TCP write buffer
net.ipv4.tcp_wmem = 4096 65536 67108864
# turn on path MTU discovery
net.ipv4.tcp_mtu_probing = 1

# for high-latency network
net.ipv4.tcp_congestion_control = hybla

# for low-latency network, use cubic instead
# net.ipv4.tcp_congestion_control = cubic

Then:

sysctl --system

Older system:

sysctl -p /etc/sysctl.d/local.conf

2 服务端

ssh登录到远端服务器

#####2.1 安装shadowsocks

pip install shadowsocks

#####2.2 编辑/etc/shadowsocks.json

{
    "server":"my_server_ip",
    "server_port":8388,
    "local_address": "127.0.0.1",
    "local_port":1080,
    "password":"mypassword",
    "timeout":300,
    "method":"aes-256-cfb",
    "fast_open": false
}

Explanation of the fields:

NameExplanation
serverthe address your server listens
server_portserver port
local_addressthe address your local listens
local_portlocal port
passwordpassword used for encryption
timeoutin seconds
methoddefault: “aes-256-cfb”, see Encryption
fast_openuse TCP_FASTOPEN, true / false
workersnumber of workers, available on Unix/Linux
2.3 启动server
ssserver -c /etc/shadowsocks.json -d start

日志默认在/var/log/shadowsocks.log

3 客户端(mac)

3.1 下载ShadowsocksX-NG

https://github.com/shadowsocks/ShadowsocksX-NG

输入服务端IP及配置的密码,即可连接

3.2 终端配置

编辑配置文件/etc/profile

function proxy_off(){
    unset http_proxy
    unset https_proxy
    git config --global unset http.proxy 
    git config --global unset https.proxy 
    echo -e "已关闭代理"
}

function proxy_on() {
    git config --global http.proxy 'socks5://127.0.0.1:1080'
    git config --global https.proxy 'socks5://127.0.0.1:1080'
    export no_proxy="localhost,127.0.0.1,localaddress,.localdomain.com"
    export http_proxy="http://127.0.0.1:1080"
    export https_proxy=$http_proxy
    echo -e "已开启代理"
}
proxy_on

source /etc/profile

p.s. git的配置对于http协议的git clone是有效的,而且速度受限于购买的机器的带宽,如果带宽只有1m的话,建议还是不要加这个选项了

⤧  Next post nginx-判断header是否存在&&增加header ⤧  Previous post web应用问题排查tips