0%

VPS 配置

vps 配置

安装shadowsocks

安装编译依赖

1
yum install gcc gettext autoconf libtool automake make pcre-devel asciidoc xmlto c-ares-devel libev-devel libsodium-devel mbedtls-devel -y

clone 代码

1
git clone https://github.com/shadowsocks/shadowsocks-libev.git

编译安装

1
cd shadowsocks-libev/
2
it submodule update --init
3
./autogen.sh && ./configure && make
4
make install

配置文件

1
{
2
    "server": "0.0.0.0",
3
    "server_port": port,
4
    "local_port": 1086,
5
    "password": "password",
6
    "timeout": 300,
7
    "method": "chacha20-ietf-poly1305"
8
}

优化

编辑文件
/etc/sysctl.conf

1
net.core.default_qdisc=fq
2
net.ipv4.tcp_congestion_control=bbr
3
4
net.ipv4.neigh.default.base_reachable_time_ms = 600000
5
net.ipv4.neigh.default.mcast_solicit = 20
6
net.ipv4.neigh.default.retrans_time_ms = 250
7
net.ipv4.conf.all.rp_filter=0
8
net.ipv4.conf.eth0.rp_filter=0
9
net.ipv4.conf.eth1.rp_filter=0
10
net.core.default_qdisc=fq
11
net.ipv4.tcp_congestion_control=bbr
12
net.ipv4.tcp_fastopen=3
13
14
fs.file-max = 51200
15
16
net.core.rmem_max = 67108864
17
net.core.wmem_max = 67108864
18
net.core.netdev_max_backlog = 250000
19
net.core.somaxconn = 4096
20
21
net.ipv4.tcp_syncookies = 1
22
net.ipv4.tcp_tw_reuse = 1
23
net.ipv4.tcp_tw_recycle = 0
24
net.ipv4.tcp_fin_timeout = 30
25
net.ipv4.tcp_keepalive_time = 1200
26
net.ipv4.ip_local_port_range = 10000 65000
27
net.ipv4.tcp_max_syn_backlog = 8192
28
net.ipv4.tcp_max_tw_buckets = 5000
29
net.ipv4.tcp_fastopen = 3
30
net.ipv4.tcp_mem = 25600 51200 102400
31
net.ipv4.tcp_rmem = 4096 87380 67108864
32
net.ipv4.tcp_wmem = 4096 65536 67108864
33
net.ipv4.tcp_mtu_probing = 1
34
net.ipv4.tcp_congestion_control = bbr

使生效
sysctl -p

编辑文件
/etc/security/limits.conf

1
* soft nofile 51200
2
* hard nofile 51200

ulimit -n 51200

防火墙设置

需要加入 shadowsocks, ssh 的端口

1
systemctl enable firewalld --now
2
firewall-cmd --add-port=shadowsocks-port/tcp --permanent
3
firewall-cmd --add-port=ssh-port/tcp --permanent
4
systemctl restart firewalld

autossh 反向代理

编辑文件
/etc/ssh/sshd_config

1
GatewayPorts yes

防火墙设置

firewall-cmd --add-port=autossh-port/tcp --permanent

内网机器启动反向代理

autossh -p vps-ssh-ip -M monitor-ip -o "PasswordAuthentication=no" -NfR map-ip:127.0.0.1:22 root@vps-ip