系统:centos、archlinux 平台:搬瓦工、conoha User:root 搬瓦工 centos C-P 流程(copy-past+回车即可)
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58
| yum install epel-release yum install python-setuptools && easy_install pip yum install m2crypto git libsodium nano pip install cymysql
git clone -b manyuser https://github.com/shadowsocksr/shadowsocksr
nano /etc/shadowsocks.json
{ "server":"0.0.0.0", "server_ipv6": "::", "local_address":"127.0.0.1", "local_port":1080, "port_password":{ "1234":"password1", "5678":"password2" }, "timeout":300, "method":"aes-256-cfb", "fast_open": false }
nano /etc/init.d/shadowsocks
#!/bin/sh #chkconfig: 2345 85 15 #description: some desc here #processname: the_process_name case "$1" in start) nohup python /root/shadowsocks/shadowsocks/server.py -c /etc/shadowsocks.json;; stop) ;; restart) ;; *) echo "Usage: #0 {start|stop|restart}";; esac
chmod +x /etc/init.d/shadowsocks
chkconfig --add shadowsocks
chkconfig shadowsocks on
|
conoha archlinux C-P 流程
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68
| pacman -S python-setuptools python-pip python2-m2crypto git libsodium
pip install cymysql
git clone -b akkariiin/master https://github.com/shadowsocksrr/shadowsocksr
nano /etc/shadowsocks.json
{ "server":"0.0.0.0", "server_ipv6": "::", "local_address":"127.0.0.1", "local_port":1080, "port_password":{ "1234":"password1", "5678":"password2" }, "timeout":300, "method":"aes-256-cfb", "fast_open": false }
mv shadowsocksr/ /usr/bin/shadowsocksr/
nano /etc/systemd/system/shadowsocksR.service
[Unit] Description=ShadowsocksR Server Service Requires=network.target After=network.target
[Service] Type=simple User=nobody Restart=always # way 1 AmbientCapabilities=CAP_NET_BIND_SERVICE # way 2 #PermissionsStartOnly=true #ExecStartPre=-/bin/setcap 'cap_net_bind_service=+eip' /bin/python2.7 #ExecStartPre=-/bin/setcap 'cap_net_bind_service=+eip' /bin/python3.6 #ExecStartPre=-/bin/setcap 'cap_net_bind_service=+eip' /bin/python3.7 #ExecStartPre=-/usr/sbin/setcap 'cap_net_bind_service=+eip' /bin/python2.7 #ExecStartPre=-/usr/sbin/setcap 'cap_net_bind_service=+eip' /bin/python3.6 #ExecStartPre=-/usr/sbin/setcap 'cap_net_bind_service=+eip' /bin/python3.7 ExecStart=/usr/bin/python /usr/bin/shadowsocksr/shadowsocks/server.py -c /etc/shadowsocks.json
[Install] WantedBy=multi-user.target
systemctl start shadowsocksR.service
systemctl status shadowsocksR.service
systemctl enable shadowsocksR.service
|
archlinux修改服务配置文件后需要重载并重启服务才能有效
P: archlinux默认的python是python3,SSR的开发是针对python2的,所以在作者收到bug反馈并修复之前会有各种奇怪bug,所以需要指定archlinux使用python2
P2: 上述的systemd配置文件中ExecStartPre部分和PermissionsStartOnly=true配合,完成在服务启动前以root权限赋予监听特权端口(0~1024)的能力,且在/bin/setcap前添加-号忽略执行失败,以完成无需服务本身使用root即可监听80及443端口的能力。 详见: https://bugzilla.redhat.com/show_bug.cgi?id=651797 https://unix.stackexchange.com/questions/207469/systemd-permission-issue-with-mkdir-execstartpre
1
| journalctl -xeu shadowsocksR
|
可以查看系统服务日志 授权可执行文件绑定特权端口
1
| setcap 'cap_net_bind_service=+eip' /bin/python2.7
|
系统更新后使用的脚本
1 2 3 4 5 6 7 8 9
| nano after-update.sh
setcap 'cap_net_bind_service=+eip' /bin/python2.7 setcap 'cap_net_bind_service=+eip' /bin/python3.6 setcap 'cap_net_bind_service=+eip' /bin/python3.7
chmod +x after-update.sh ./after-update.sh
|