2017年10月

shadowsocks-libev常见问题

一、shadowsocks-libev输出的日志在哪里
实际上目前我还没有找到相关的错误日志的记录地方,但是在/var/log/syslog能看到一些日志,或者把-f参数去掉,用nohup启动,重定向日志

二、shadowsocks-libev配置多用户模式
shadowsocks-libev不支持多用户模式,python支持

三、shadowsocks-libev能开启多少端口
shadowsocks-libev通过ss-manager可以开启多端口,但是最多只能是1024个,在代码里面写死了

四、开启vpn后,有一些域名解析报错
报错类似为:

unable to resolve stats.appsflyer.com
unable to resolve gj.applog.uc.cn
unable to resolve dsp.batmobil.net
unable to resolve android.clients.google.com
unable to resolve android.clients.google.com
unable to resolve dsp.batmobil.net
unable to resolve www.facebook.com
unable to resolve portal.fb.com
unable to resolve tpc.googlesyndication.com
unable to resolve imasdk.googleapis.com
unable to resolve ad.api.kaffnet.com
unable to resolve android.clients.google.com
unable to resolve lh3.googleusercontent.com
unable to resolve lh3.googleusercontent.com
unable to resolve gj.applog.uc.cn
unable to resolve lh3.googleusercontent.com
unable to resolve lh3.googleusercontent.com
unable to resolve api5.batmobil.net
unable to resolve cdn.batmobi.net
unable to resolve tpc.googlesyndication.com
unable to resolve gj.applog.uc.cn
unable to resolve api5.batmobil.net
unable to resolve stats.appsflyer.com
unable to resolve gj.applog.uc.cn
unable to resolve cdn.batmobi.net
unable to resolve ad.api.kaffnet.com
unable to resolve www.facebook.com
unable to resolve imasdk.googleapis.com
unable to resolve cdn.avazutracking.net
unable to resolve cdn.avazutracking.net
unable to resolve gj.applog.uc.cn
unable to resolve gj.applog.uc.cn
unable to resolve cdn.batmobi.net
unable to resolve android.clients.google.com

这个我测试过,打开防火墙的53端口后,此类错误减少了很多

其它异常:
getpeername: Transport endpoint is not connected,偶尔会有这样的错误,但是VPN能正常连接

nginx打印响应内容(reponse body)

oprenresty打印proxy后的响应内容,在默认的log_format并没有提供,只能借助lua来做,定义一个变量,然后再日志里面打印即可。

http {
    log_format accessupdate '$remote_addr [$time_local] $request $status $body_bytes_sent $request_body $resp_body';

    server {
        listen 80;
        location / {
            access_log logs/access.log accessupdate;
            lua_need_request_body on;
            set $resp_body "";
            body_filter_by_lua '
                local resp_body = string.sub(ngx.arg[1], 1, 1000)
                ngx.ctx.buffered = (ngx.ctx.buffered or "") .. resp_body
                if ngx.arg[2] then
                    ngx.var.resp_body = ngx.ctx.buffered
                end
            ';
        }
    }
}

网上有更简单的方案,打印到错误日志里面,但是这种会失去其它log_format的指导作用,这个方式我没有尝试过。

error_log /tmp/nginx.resp.info.log info;

location / {
    proxy_pass http://vpsea.flvcd.com/;
    body_filter_by_lua 'ngx.log(ngx.INFO, ngx.arg[1])';
}

ubuntu16.04修改limits.conf后链接限制仍然不生效

平时用centos比较多,由于aws的lightsail没有centos版本,只能选择ubuntu16.04的版本,拿到一台服务器后,首先得修改连接限制,修改/etc/security/limits.conf后发现根本不起作用,重启后依然不行,结果一番尝试后,解决方案如下:
一、保证session required pam_limits.so被打开
编辑/etc/pam.d/su,找到下列行

# Sets up user limits, please uncomment and read /etc/security/limits.conf
# to enable this functionality.
# (Replaces the use of /etc/limits in old login)
#下面这一行一定要打开
session required pam_limits.so

二、再次修改limits.conf
vim /etc/security/limits.conf

* soft nofile 65534
* hard nofile 65534
root soft nofile 65534
root hard nofile 65534

这样重启后就能生效,ubuntu的root用户必须注明用户

centos6安装shadowsocks-manager和shadowsocks-libev

一、安装nodejs
#要求在root下执行
curl -sL https://rpm.nodesource.com/setup_6.x | bash -
yum install -y nodejs
查看版本
node -v
v6.11.3

二、shadowsocks-manager使用npm安装
npm i -g shadowsocks-manager
use ssmgr to run this program.
如果安装报错为:
node: relocation error: node: symbol SSL_set_cert_cb, version libssl.so.10 not defined in file libssl.so.10 with link time reference
yum update openssl
npm rebuild
在执行上面的安装,问题解决

三、安装 shadowsocks-libev
在centos里面安装这个还是比较费力,我在centos6是可以正常安装成功
CentOS 6:
wget http://copr.fedoraproject.org/coprs/librehat/shadowsocks/repo/epel-6/librehat-shadowsocks-epel-6.repo
CentOS 7:
wget http://copr.fedoraproject.org/coprs/librehat/shadowsocks/repo/epel-7/librehat-shadowsocks-epel-7.repo

mv librehat-shadowsocks-epel-6.repo /etc/yum.repos.d/librehat-shadowsocks-epel-6.repo

yum -y install shadowsocks-libev
修改默认配置
vim /etc/shadowsocks-libev/config.json

{
"server":"127.0.0.1",
"server_port":4000,
"local_port":1080,
"password":"123456",
"timeout":60,
"method":"aes-256-cfb"
}

(一般不启动)启动方式为:/etc/init.d/shadowsocks-libev start
运行命令启动 shadowsocks-libev 的 manager API 服务
ss-manager -m aes-256-cfb -u --manager-address 127.0.0.1:4000
修改配置文件
在 ~/.ssmgr 下建立 ss.yml 作为 type s 的配置文件:
mkdir ~/.ssmgr
vim ~/.ssmgr/ss.yml
配置内容如下:

type: s
    empty: false

shadowsocks:
    address: 127.0.0.1:4000

manager:
    address: 0.0.0.0:4001
    password: '123456'

db: 'ss.sqlite'

ssmgr -c ss.yml(如果启动失败,可以写ss.yml全路径)
配置前端 webgui 服务

在 ~/.ssmgr 下建立 webgui.yml 作为 type m 的配置文件:

mkdir ~/.ssmgr
vim ~/.ssmgr/webgui.yml

type: m
empty: false

manager:
    address: 52.8.73.127:4001
    password: '123456'

plugins:
    flowSaver:
        use: true
    user:
        use: true
    account:
        use: true
        pay:
            hour:
                price: 0.03
                flow: 500000000
            day:
                price: 0.5
                flow: 7000000000
            week:
                price: 3
                flow: 50000000000
            month:
                price: 10
                flow: 200000000000
            season:
                price: 30
                flow: 200000000000
            year:
                price: 120
                flow: 200000000000
    email:
        use: true
        username: 'username'
        password: 'password'
        host: 'smtp.your-email.com'
    webgui:
        use: true
        host: '0.0.0.0'
        port: '7001'
        site: '52.8.1.1'
        gcmSenderId: '456102641793'
        gcmAPIKey: 'AAAAGzzdqrE:XXXXXXXXXXXXXX'
    alipay:
        use: true
        appid: 1
        notifyUrl: ''
        merchantPrivateKey: '1'
        alipayPublicKey: '1'
        gatewayUrl: 'https://openapi.alipay.com/gateway.do'

db: 'webgui.sqlite'

其中email 负责发送验证及密码找回邮件,非常重要,注册后,第一个账户就是管理员账户

上面全部做好后,就可以登陆控制台了,注册用户可以获得服务器IP、密码、端口号从而进行VPN了,别忘记在服务端要开端口号,不然访问不了

参考:
https://code.momok.xyz/server/deploy-ss-manager.html
https://github.com/shadowsocks/shadowsocks-manager

centos6.6安装docker和docker-compose

首先查看自己操作系统的信息

[ops@awsciika ~]# uname -a
Linux aws-ciika 2.6.32-573.22.1.el6.x86_64 #1 SMP Wed Mar 23 03:35:39 UTC 2016 x86_64 x86_64 x86_64                 GNU/Linux
[ops@awsciika ~]# cat /etc/redhat-release
CentOS release 6.6 (Final)

可以看到操作系统是centos6.6的,那会是2.6.32,而docker官方要求是:
Docker requires a 64-bit installation regardless of your CentOS version. Also, your kernel must be 3.10 at minimum, which CentOS 7 runs.
centos6.6,6.8只能安装到docker最新版为docker1.7.1,我查看了他们官方的release的rpm包,centos/6也只有这个版本的rpm包,docker ce只能安装在centos7的版本上。
安装docker

[ops@awsciika ~]$ yum list |grep docker
docker-io.x86_64                            1.7.1-2.el6                  @epel  
docker.x86_64                               1.5-5.el6                    epel   
docker-engine.x86_64                        1.7.1-1.el6                  docker-main-repo
docker-io-devel.x86_64                      1.7.1-2.el6                  epel   
docker-io-fish-completion.x86_64            1.7.1-2.el6                  epel   
docker-io-logrotate.x86_64                  1.7.1-2.el6                  epel   
docker-io-vim.x86_64                        1.7.1-2.el6                  epel   
docker-io-zsh-completion.x86_64             1.7.1-2.el6                  epel   

如果没有epel源,就先安装下epel源
现在让我们通过安装 docker-io 软件包来安装 Docker:
yum -y install docker-io
启动并设置为启动项
service docker start && chkconfig docker on

安装docker compose
由于docker-compose严格的对应docker引擎的版本,docker1.7.1只能安装docker-compose 1.5.2的版本,否则会报错:
ERROR: The Docker Engine version is less than the minimum required by Compose. Your current project requires a Docker Engine of version 1.10.0 or greater.
具体的版本可参看:
https://github.com/docker/compose/releases
比喻我安装docker-compose1.5.2:

curl -L https://github.com/docker/compose/releases/download/1.5.2/docker-compose-`uname -s`-`uname -m` > /usr/local/bin/docker-compose
chmod +x /usr/local/bin/docker-compose

注意:如果/usr/local/bin不在环境变量里面,就把docker-compose安装到/usr/bin下面
docker-compose.yml版本问题:https://docs.docker.com/compose/compose-file/compose-versioning/#version-1
docker-compose 1.5.2 只支持 V1 版本的 docker-compose.yml ,把现在 V2 版本的 docker-compose.yml 改成 V1 版本的格式。
V1 版本的 docker-compose.yml 文件格式主要区别就是:

  • 没有开头的 version 声明
  • 没有 services 声明
  • 不支持 depends_on

具体请看官方的,介绍的比较详细,结果这样修改后可以启动成功
v2版本的yml在1.5.2里面会报错,错误如下:
ERROR: In file './docker-compose.yml' service 'version' doesn't have any configuration options. All top level keys in your docker-compose.yml must map to a dictionary of configuration options.