系统:centos、archlinux 平台:搬瓦工、conoha User:root 搬瓦工 centos C-P 流程(copy-past+回车即可)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
|
yum install epel-release
yum install python-setuptools && easy_install pip
yum install m2crypto git libsodium nano
pip install cymysql
git clone -b manyuser https://github.com/shadowsocksr/shadowsocksr
nano /etc/shadowsocks.json
{
"server":"0.0.0.0",
"server_ipv6": "::",
"local_address":"127.0.0.1",
"local_port":1080,
"port_password":{
"1234":"password1",
"5678":"password2"
},
"timeout":300,
"method":"aes-256-cfb",
"fast_open": false
}
nano /etc/init.d/shadowsocks
#!/bin/sh
#chkconfig: 2345 85 15
#description: some desc here
#processname: the_process_name
case "$1" in
start)
nohup python /root/shadowsocks/shadowsocks/server.py -c /etc/shadowsocks.json;;
stop)
;;
restart)
;;
*)
echo "Usage: #0 {start|stop|restart}";;
esac
chmod +x /etc/init.d/shadowsocks
chkconfig --add shadowsocks
chkconfig shadowsocks on
|
conoha archlinux C-P 流程
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
|
pacman -S python-setuptools python-pip python2-m2crypto git libsodium
pip install cymysql
git clone -b akkariiin/master https://github.com/shadowsocksrr/shadowsocksr
nano /etc/shadowsocks.json
{
"server":"0.0.0.0",
"server_ipv6": "::",
"local_address":"127.0.0.1",
"local_port":1080,
"port_password":{
"1234":"password1",
"5678":"password2"
},
"timeout":300,
"method":"aes-256-cfb",
"fast_open": false
}
mv shadowsocksr/ /usr/bin/shadowsocksr/
nano /etc/systemd/system/shadowsocksR.service
[Unit]
Description=ShadowsocksR Server Service
Requires=network.target
After=network.target
[Service]
Type=simple
User=nobody
Restart=always
# way 1
AmbientCapabilities=CAP_NET_BIND_SERVICE
# way 2
#PermissionsStartOnly=true
#ExecStartPre=-/bin/setcap 'cap_net_bind_service=+eip' /bin/python2.7
#ExecStartPre=-/bin/setcap 'cap_net_bind_service=+eip' /bin/python3.6
#ExecStartPre=-/bin/setcap 'cap_net_bind_service=+eip' /bin/python3.7
#ExecStartPre=-/usr/sbin/setcap 'cap_net_bind_service=+eip' /bin/python2.7
#ExecStartPre=-/usr/sbin/setcap 'cap_net_bind_service=+eip' /bin/python3.6
#ExecStartPre=-/usr/sbin/setcap 'cap_net_bind_service=+eip' /bin/python3.7
ExecStart=/usr/bin/python /usr/bin/shadowsocksr/shadowsocks/server.py -c /etc/shadowsocks.json
[Install]
WantedBy=multi-user.target
systemctl start shadowsocksR.service
systemctl status shadowsocksR.service
systemctl enable shadowsocksR.service
|
archlinux修改服务配置文件后需要重载并重启服务才能有效
P: archlinux默认的python是python3,SSR的开发是针对python2的,所以在作者收到bug反馈并修复之前会有各种奇怪bug,所以需要指定archlinux使用python2
P2: 上述的systemd配置文件中ExecStartPre部分和PermissionsStartOnly=true配合,完成在服务启动前以root权限赋予监听特权端口(0~1024)的能力,且在/bin/setcap前添加-号忽略执行失败,以完成无需服务本身使用root即可监听80及443端口的能力。 详见: https://bugzilla.redhat.com/show_bug.cgi?id=651797 https://unix.stackexchange.com/questions/207469/systemd-permission-issue-with-mkdir-execstartpre
1
| journalctl -xeu shadowsocksR
|
可以查看系统服务日志 授权可执行文件绑定特权端口
1
| setcap 'cap_net_bind_service=+eip' /bin/python2.7
|
系统更新后使用的脚本
1
2
3
4
5
6
7
8
9
| nano after-update.sh
setcap 'cap_net_bind_service=+eip' /bin/python2.7
setcap 'cap_net_bind_service=+eip' /bin/python3.6
setcap 'cap_net_bind_service=+eip' /bin/python3.7
chmod +x after-update.sh
./after-update.sh
|