ubuntu(linux) 代理服务部署
2024年5月10日大约 5 分钟约 1515 字
frp 内网穿透服务
将内网主机服务通过一台外网主机将服务暴露在外网。
frp 安装
# 安装 frp
cd ~
wget -O - https://github.com/fatedier/frp/releases/download/v0.58.0/frp_0.58.0_linux_amd64.tar.gz | tar zxvf -
cd frp_0.58.0_linux_amd64
mv frps frpc /usr/local/bin/
mkdir /etc/frp && mv frps.toml frpc.toml /etc/frp/
chmod +x /usr/local/bin/frps /usr/local/bin/frpc
frps -v && frpc -vfrp官方软件列表:github frp
/usr/local/通常存放管理员自行安装的软件,所以将执行文件放到/usr/local/bin/,而不是/usr/bin/
frps 配置文件
(frps是在外网服务器上部署的)
vim /etc/frp/frps.toml
bindPort = 19700
auth.token = "password"测试:
frps -c /etc/frp/frps.toml
frps 服务管理
vim /etc/systemd/system/frps.service
[Unit]
Description=frp server
After=network.target syslog.target
Wants=network.target
[Service]
ExecStart=frps -c /etc/frp/frps.toml
[Install]
WantedBy=multi-user.target启动服务:
systemctl daemon-reload && systemctl start frps && systemctl enable frps服务安装官方文档:frps systemd
frpc 客户端访问
(frpc是在需要暴露的内网服务器上配置)
frpc.toml
serverAddr = "118.31.33.21"
serverPort = 7000
auth.token = "password"
[[proxies]]
name = "test-tcp"
type = "tcp"
localIP = "127.0.0.1"
localPort = 8080
remotePort = 8080
[[proxies]]
name = "sshd-tcp"
type = "tcp"
localIP = "127.0.0.1"
localPort = 22
remotePort = 8022启动服务:
./frpc.exe -c frpc.toml
Windows系统请在官网下载darwin_amd64版本
pproxy http代理转发ss服务
相关文档:
安装pproxy
pip3 install pproxy --break-system-packages
pip3 install pproxy[accelerated] --break-system-packages # 可选(性能更好)
pip3 install python-daemon --break-system-packages # 可选(--daemon运行依赖)
pproxy --version命令启动方式
# ss协议转发
pproxy -l http+socks4+socks5://:8080#123456:123456 -vv \
-r ss://aes-128-gcm:password@11.18.128.112:7511 \
-r ss://aes-128-gcm:password@71.12.28.111:7511
# ss协议转发(后台运行)
pproxy -l http+socks4+socks5://:8080#123456:123456 -a 60 --daemon \
-r ss://aes-128-gcm:password@11.18.128.112:7511 \
-r ss://aes-128-gcm:password@71.12.28.111:7511
# 关闭后台运行的pproxy
ps aux | grep pproxy
pkill -f pproxy
-l: 本地监听的端口和访问本服务的账号密码-r: tpc协议转发的远程服务器地址-a 60: 每60秒进行服务器活跃心跳检查--daemon: 后台运行-vv: 显示详细日志-s: 调度算法,first_available (fa) 按顺序优先第一个、 round_robin (rr) 按顺序轮流分配、 random_choice (rc) 随机选择、 least_connection (lc) 负载均衡
服务启动方式
/etc/pproxy.conf
-l http+socks4+socks5://:8080#123456:123456
-r ss://aes-128-gcm:password@11.18.128.112:7511
-r ss://aes-128-gcm:password@71.12.28.111:7511
-a 60注意:不可以在配置文件中加
-vv参数,因为会读取标准输入的数据导致systemd启动服务失败
启动测试:pproxy $(cat /etc/pproxy.conf) -vv
网页测试:curl -x proxy.example.com:8080 --proxy-user user:password --retry 10000 http://www.google.com
/etc/systemd/system/pproxy.service
[Unit]
Description=PProxy Service
After=network.target
[Service]
Type=simple
User=root
Group=root
ExecStart=/bin/sh -c '/usr/local/bin/pproxy $$(cat /etc/pproxy.conf)'
Restart=always
RestartSec=3
StandardInput=null
[Install]
WantedBy=multi-user.target注意:双$$符号为转义,让 $ 字符在 systemd 解析过程中被保留下来,以便 shell 能正确地执行命令替换。
启动服务:systemctl daemon-reload && systemctl start pproxy
查看日志:journalctl --unit pproxy.service -f
源码使用方式
"""
ss直接代理
依赖:pproxy
"""
import base64
import requests as origin_requests
from typing import Dict, List
import urllib3
import asyncio
from types import SimpleNamespace
import pproxy
urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)
# 解析 SSR 链接的函数
def parse_ssr_link(ssr_link: str) -> Dict[str, str]:
ssr_link = ssr_link[6:] # 去掉 'ssr://'
decoded_link = base64.urlsafe_b64decode(ssr_link + '=' * (4 - len(ssr_link) % 4)).decode('utf-8')
parts = decoded_link.split(':')
server = parts[0]
port = parts[1]
protocol = parts[2] # 协议类型
method = parts[3] # 加密方式
obfs = parts[4] # 混淆方式
password_and_params = parts[5].split("/?")
password_base64 = password_and_params[0]
password = base64.urlsafe_b64decode(password_base64 + '=' * (4 - len(password_base64) % 4)).decode('utf-8')
# 提取参数部分
params = password_and_params[1]
param_dict = {}
for param in params.split("&"):
key, value = param.split("=")
param_dict[key] = base64.urlsafe_b64decode(value + '=' * (4 - len(value) % 4)).decode('utf-8') if value else value
# 构建解析后的字典
result = {
"server": server,
"port": port,
"protocol": protocol,
"method": method,
"obfs": obfs,
"password": password,
"obfs_param": param_dict.get("obfsparam", ""),
"protocol_param": param_dict.get("protoparam", ""),
"remarks": param_dict.get("remarks", ""),
"group": param_dict.get("group", "")
}
return result
# 解析 SSR 订阅链接的函数
def get_ssr_list(ssr_subscribe_url) -> list:
result = []
response = requests.get(ssr_subscribe_url)
decoded_data = base64.b64decode(response.content).decode('utf-8')
# 逐行解析 SSR 链接
ssr_links = decoded_data.splitlines()
for ssr_link in ssr_links:
if ssr_link.startswith('ssr://'):
parsed_data = parse_ssr_link(ssr_link)
result.append(parsed_data)
return result
def get_ss_server_list_by_sip008(ss_subscribe_url) -> list:
response = origin_requests.get(ss_subscribe_url)
return response.json()
class requests:
@classmethod
def get(cls, url=''):
async def test_tcp():
ssr_proxy_uri = 'ss://aes-128-gcm:password@cname02-a56xgycr7j4km32e.brahmin12.com:7511'
conn = pproxy.Connection(ssr_proxy_uri)
reader, writer = await conn.tcp_connect('google.com', 80)
writer.write(b'GET / HTTP/1.1\r\n\r\n')
data = await reader.read(1024 * 16)
data = data.decode() # 解码为字符串
# http解析
header_body_split = data.split('\r\n\r\n', 1)
header_lines = header_body_split[0].splitlines()
body = header_body_split[1] if len(header_body_split) > 1 else ""
status_line = header_lines[0]
status_code = int(status_line.split()[1])
headers = {}
# 解析头部
for header_line in header_lines[1:]:
key, value = header_line.split(": ", 1)
headers[key] = value
# 获取响应状态码、头部信息和正文
response = SimpleNamespace(status_code=status_code, headers=headers, body=body)
return response
return asyncio.run(test_tcp())
# 调用解析函数并打印结果
result = requests.get()
print(result)tinyproxy 简易轻量http代理服务
apt install tinyproxy
vim /etc/tinyproxy/tinyproxy.conf
Allow 0.0.0.0/0
BasicAuth 123456 123456
DisableViaHeader Yes
systemctl start tinyproxy
systemctl enable tinyproxy
curl -x http://123456:123456@127.0.0.1:8888 https://www.baidu.com配置上游代理
vim /etc/tinyproxy/tinyproxy.conf
# socks5
upstream socks5 11.18.128.211:8080
# http
upstream http 123456:123456@11.18.128.211:8080ngrok 超级简易局域网服务访问工具
通过外网电脑可以访问某个局域网中某个主机的http服务。
ngrok 官网 | ngrok 登录 (可使用google邮箱登录) | ngrok 安装教程
# 启动(后面的http地址不一定是本机地址,也可以是局域网内的ip地址,是本局域网内可访问的http服务)
ngrok http http://10.10.0.100:5000ss代理服务部署
安装基础软件
apt install curl wget vim -y安装服务
# BBR是Google的一套网络拥塞控制算法,可以有效减少拥堵丢包,大幅提高网络连接
wget https://raw.githubusercontent.com/bannedbook/fanqiang/master/v2ss/server-cfg/sysctl.conf -O -> /etc/sysctl.conf
sysctl -p
# 安装V2ray服务
bash <(curl -L https://raw.githubusercontent.com/v2fly/fhs-install-v2ray/master/install-release.sh)编辑配置文件
/usr/local/etc/v2ray/config.json
{
"log": {
"loglevel": "warning",
"access": "/dev/null",
"error": "/dev/null"
},
"inbounds": [
{
"port": 51888,
"protocol": "shadowsocks",
"settings": {
"method": "aes-256-gcm",
"password": "这里需要替换",
"network": "tcp,udp",
"level": 0
}
}
],
"outbounds": [
{
"protocol": "freedom",
"settings": {},
"tag": "allowed"
},
{
"protocol": "blackhole",
"settings": {},
"tag": "blocked"
}
],
"routing": {
"rules": [
{
"domain": [
"google.com",
"apple.com",
"oppomobile.com"
],
"type": "field",
"outboundTag": "allowed"
},
{
"type": "field",
"ip": [
"geoip:private"
],
"outboundTag": "blocked"
}
]
}
}配置文件中需要自定义调整端口和访问密码
启动服务
# 测试配置文件
/usr/local/bin/v2ray test -config /usr/local/etc/v2ray/config.json
# 启动服务
service v2ray restart