请叫我峰子:
感受VPS建站的乐趣。

几种vps(OpenVZ、Xen、KVM)快速一键搭建SHADOWSOCKS及SS优化总结

本文主要列举了几种vps(OpenVZ、Xen、KVM)一键搭建shadowsocks服务端,优化TCP,优化内核中的拥塞算法以提升shadowsocks效率和速度的方法.

一键安装

一键安装脚本这里参照的是”秋水逸冰”的博文及脚本,出于低内存占用考虑,均为shadowsocks-libev.这里以操作系统的版本为分类进行阐述:

Debian或Ubuntu下:

安装方法:

1 wget --no-check-certificate https://raw.githubusercontent.com/teddysun/shadowsocks_install/master/shadowsocks-libev-debian.sh
2 chmod +x shadowsocks-libev-debian.sh
3 ./shadowsocks-libev-debian.sh 2>&1 | tee shadowsocks-libev-debian.log

脚本备份(点击展开):

卸载方法:

1 ./shadowsocks-libev.sh uninstall

配置文件路径:
/etc/shadowsocks/config.json

启动(安装完成后已设置开机自启动):

1 nohup /usr/local/bin/ss-server -c /etc/shadowsocks/config.json > /dev/null 2>&1 &

停止:

1 ps -ef | grep -v grep | grep -v ps | grep -i '/usr/local/bin/ss-server' | awk'{print $2}'

上面的命令获得一个数字(pid),然后再使用kill+空格+这个数字 即可.

CentOS下:

安装方法:

1 wget --no-check-certificate https://raw.githubusercontent.com/teddysun/shadowsocks_install/master/shadowsocks-libev.sh
2 chmod +x shadowsocks-libev.sh
3 ./shadowsocks-libev.sh 2>&1 | tee shadowsocks-libev.log

脚本备份(点击展开):

1 #! /bin/bash
2 PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:~/bin
3 export PATH
4 #===============================================================================================
5 #   System Required:  CentOS6.x (32bit/64bit)
6 #   Description:  Install Shadowsocks(libev) for CentOS
7 #   Author: Teddysun <[email protected]>
8 #   Intro:  http://teddysun.com/357.html
9 #===============================================================================================
10
11 clear
12 echo "#############################################################"
13 echo "# Install Shadowsocks(libev) for CentOS6.x (32bit/64bit)"
14 echo "# Intro: http://teddysun.com/357.html"
15 echo "#"
16 echo "# Author: Teddysun <[email protected]>"
17 echo "#"
18 echo "#############################################################"
19 echo ""
20
21 # Install Shadowsocks-libev
22 function install_shadowsocks_libev(){
23     rootness
24     disable_selinux
25     pre_install
26     download_files
27     config_shadowsocks
28     iptables_set
29     install
30 }
31
32 # Make sure only root can run our script
33 function rootness(){
34 if [[ $EUID -ne 0 ]]; then
35    echo "Error:This script must be run as root!" 1>&2
36    exit 1
37 fi
38 }
39
40 # Disable selinux
41 function disable_selinux(){
42 if [ -s /etc/selinux/config ] && grep 'SELINUX=enforcing' /etc/selinux/config; then
43     sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config
44     setenforce 0
45 fi
46 }
47
48 # Pre-installation settings
49 function pre_install(){
50     #Set shadowsocks-libev config password
51     echo "Please input password for shadowsocks-libev:"
52     read -p "(Default password: teddysun.com):" shadowsockspwd
53     if [ "$shadowsockspwd" = "" ]; then
54         shadowsockspwd="teddysun.com"
55     fi
56     echo "password:$shadowsockspwd"
57     echo "####################################"
58     get_char(){
59         SAVEDSTTY=`stty -g`
60         stty -echo
61         stty cbreak
62         dd if=/dev/tty bs=1 count=1 2> /dev/null
63         stty -raw
64         stty echo
65         stty $SAVEDSTTY
66     }
67     echo ""
68     echo "Press any key to start...or Press Ctrl+C to cancel"
69     char=`get_char`
70     #Install necessary dependencies
71     yum install -y wget unzip openssl-devel gcc swig python python-devel python-setuptools autoconf libtool libevent
72     yum install -y automake make curl curl-devel zlib-devel openssl-devel perl perl-devel cpio expat-devel gettext-devel
73     # Get IP address
74     echo "Getting Public IP address, Please wait a moment..."
75     IP=`curl -s checkip.dyndns.com | cut -d' ' -f 6  | cut -d'<' -f 1`
76     if [ -z $IP ]; then
77         IP=`curl -s ifconfig.me/ip`
78     fi
79     #Current folder
80     cur_dir=`pwd`
81     cd $cur_dir
82 }
83
84 # Download latest shadowsocks-libev
85 function download_files(){
86     if [ -f shadowsocks-libev.zip ];then
87         echo "shadowsocks-libev.zip [found]"
88     else
89         if ! wget --no-check-certificate https://github.com/madeye/shadowsocks-libev/archive/master.zip -O shadowsocks-libev.zip;then
90             echo "Failed to download shadowsocks-libev.zip"
91             exit 1
92         fi
93     fi
94     unzip shadowsocks-libev.zip
95     if [ $? -eq 0 ];then
96         cd $cur_dir/shadowsocks-libev-master/
97     else
98         echo ""
99         echo "Unzip shadowsocks-libev failed! Please visit http://teddysun.com/357.html and contact."
100         exit 1
101     fi
102     # Download start script
103     if ! wget --no-check-certificate https://raw.githubusercontent.com/teddysun/shadowsocks_install/master/shadowsocks-libev; then
104         echo "Failed to download shadowsocks-libev start script!"
105         exit 1
106     fi
107 }
108
109 # Config shadowsocks
110 function config_shadowsocks(){
111     if [ ! -d /etc/shadowsocks-libev ];then
112         mkdir /etc/shadowsocks-libev
113     fi
114     cat > /etc/shadowsocks-libev/config.json<<-EOF
115 {
116     "server":"${IP}",
117     "server_port":8989,
118     "local_address":"127.0.0.1",
119     "local_port":1080,
120     "password":"${shadowsockspwd}",
121     "timeout":600,
122     "method":"aes-256-cfb"
123 }
124 EOF
125 }
126
127 # iptables set
128 function iptables_set(){
129     /sbin/service iptables status 1>/dev/null 2>&1
130     if [ $? -eq 0 ]; then
131         /etc/init.d/iptables status | grep '8989' | grep 'ACCEPT' >/dev/null 2>&1
132         if [ $? -ne 0 ]; then
133             /sbin/iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 8989 -j ACCEPT
134             /etc/init.d/iptables save
135             /etc/init.d/iptables restart
136         fi
137     fi
138 }
139
140
141 # Install
142 function install(){
143     # Build and Install shadowsocks-libev
144     if [ -s /usr/local/bin/ss-server ];then
145         echo "shadowsocks-libev has been installed!"
146         exit 0
147     else
148         ./configure
149         make && make install
150         if [ $? -eq 0 ]; then
151             mv $cur_dir/shadowsocks-libev-master/shadowsocks-libev /etc/init.d/shadowsocks
152             chmod +x /etc/init.d/shadowsocks
153             # Add run on system start up
154             chkconfig --add shadowsocks
155             chkconfig shadowsocks on
156             # Start shadowsocks
157             /etc/init.d/shadowsocks start
158             if [ $? -eq 0 ]; then
159                 echo "Shadowsocks-libev start success!"
160             else
161                 echo "Shadowsocks-libev start failure!"
162             fi
163         else
164             echo ""
165             echo "Shadowsocks-libev install failed! Please visit http://teddysun.com/357.html and contact."
166             exit 1
167         fi
168     fi
169     cd $cur_dir
170     # Delete shadowsocks-libev floder
171     rm -rf $cur_dir/shadowsocks-libev-master/
172     # Delete shadowsocks-libev zip file
173     rm -f shadowsocks-libev.zip
174     clear
175     echo ""
176     echo "Congratulations, shadowsocks-libev install completed!"
177     echo -e "Your Server IP: 33[41;37m ${IP} 33[0m"
178     echo -e "Your Server Port: 33[41;37m 8989 33[0m"
179     echo -e "Your Password: 33[41;37m ${shadowsockspwd} 33[0m"
180     echo -e "Your Local IP: 33[41;37m 127.0.0.1 33[0m"
181     echo -e "Your Local Port: 33[41;37m 1080 33[0m"
182     echo -e "Your Encryption Method: 33[41;37m aes-256-cfb 33[0m"
183     echo ""
184     echo "Welcome to visit:http://teddysun.com/357.html"
185     echo "Enjoy it!"
186     echo ""
187 }
188
189 # Uninstall Shadowsocks-libev
190 function uninstall_shadowsocks_libev(){
191     printf "Are you sure uninstall shadowsocks_libev? (y/n) "
192     printf "n"
193     read -p "(Default: n):" answer
194     if [ -z $answer ]; then
195         answer="n"
196     fi
197     if [ "$answer" = "y" ]; then
198         ps -ef | grep -v grep | grep -v ps | grep -i "ss-server" > /dev/null 2>&1
199         if [ $? -eq 0 ]; then
200             /etc/init.d/shadowsocks stop
201         fi
202         chkconfig --del shadowsocks
203         # delete config file
204         rm -rf /etc/shadowsocks-libev
205         # delete shadowsocks
206         rm -f /usr/local/bin/ss-local
207         rm -f /usr/local/bin/ss-tunnel
208         rm -f /usr/local/bin/ss-server
209         rm -f /usr/local/bin/ss-redir
210         rm -f /usr/local/share/man/man8/shadowsocks.8
211         rm -f /etc/init.d/shadowsocks
212         echo "Shadowsocks-libev uninstall success!"
213     else
214         echo "uninstall cancelled, Nothing to do"
215     fi
216 }
217
218 # Initialization step
219 action=$1
220 [  -z $1 ] && action=install
221 case "$action" in
222 install)
223     install_shadowsocks_libev
224     ;;
225 uninstall)
226     uninstall_shadowsocks_libev
227     ;;
228 *)
229     echo "Arguments error! [${action} ]"
230     echo "Usage: `basename $0` {install|uninstall}"
231     ;;
232 esac

卸载方法:

1 ./shadowsocks-libev.sh uninstall

配置文件路径:

1 /etc/shadowsocks-libev/config.json

常用指令:

1 #启动:
2 /etc/init.d/shadowsocks start
3 #停止:
4 /etc/init.d/shadowsocks stop
5 #重启:
6 /etc/init.d/shadowsocks restart
7 #查看状态:
8 /etc/init.d/shadowsocks status
TCP性能优化:

这里参照北落师门的方案,按VPS的技术类型对Xen、KVM和OpenVZ分开阐述:

Xen、KVM:

修改/etc/sysctl.conf文件,增加以下项目:

1 fs.file-max = 51200
2 #提高整个系统的文件限制
3 net.ipv4.tcp_syncookies = 1
4 #表示开启SYN Cookies。当出现SYN等待队列溢出时,启用cookies来处理,可防范少量SYN攻击,默认为0,表示关闭;
5 net.ipv4.tcp_tw_reuse = 1
6 #表示开启重用。允许将TIME-WAIT sockets重新用于新的TCP连接,默认为0,表示关闭;
7 net.ipv4.tcp_tw_recycle = 0
8 #表示开启TCP连接中TIME-WAIT sockets的快速回收,默认为0,表示关闭;
9 #为了对NAT设备更友好,建议设置为0。
10 net.ipv4.tcp_fin_timeout = 30
11 #修改系統默认的 TIMEOUT 时间。
12 net.ipv4.tcp_keepalive_time = 1200
13 #表示当keepalive起用的时候,TCP发送keepalive消息的频度。缺省是2小时,改为20分钟。
14 net.ipv4.ip_local_port_range = 10000 65000 #表示用于向外连接的端口范围。缺省情况下很小:32768到61000,改为10000到65000。(注意:这里不要将最低值设的太低,否则可能会占用掉正常的端口!)
15 net.ipv4.tcp_max_syn_backlog = 8192
16 #表示SYN队列的长度,默认为1024,加大队列长度为8192,可以容纳更多等待连接的网络连接数。
17 net.ipv4.tcp_max_tw_buckets = 5000
18 #表示系统同时保持TIME_WAIT的最大数量,如果超过这个数字,TIME_WAIT将立刻被清除并打印警告信息。
19 #额外的,对于内核版本新于**3.7.1**的,我们可以开启tcp_fastopen:
20 net.ipv4.tcp_fastopen = 3
21
22 # increase TCP max buffer size settable using setsockopt()
23 net.core.rmem_max = 67108864
24 net.core.wmem_max = 67108864
25 # increase Linux autotuning TCP buffer limit
26 net.ipv4.tcp_rmem = 4096 87380 67108864
27 net.ipv4.tcp_wmem = 4096 65536 67108864
28 # increase the length of the processor input queue
29 net.core.netdev_max_backlog = 250000
30 # recommended for hosts with jumbo frames enabled
31 net.ipv4.tcp_mtu_probing=1

保存并退出该文件,然后使用以下指令使配置生效:

1 sysctl -p

如果显示出了生效信息且没有显示出错信息,则优化完成.

OpenVZ:

对于OpenVZ,如果直接使用以上方法修改,当sysctl -p会发现一堆的permission denied出错信息.
谷歌了下,据说是因为OpenVZ模版的限制比较多直接修改sysctl会被拒绝,(网上有部分文章有关于openvz去除sysctl.conf报错的文章,其实只是自我安慰的疗法)因此以上优化方案在OpenVZ下不可用.

使用锐速对ss进行显著提速

详情请见本人的另外一篇文章:更换Linux内核优化锐速,为shadowsocks和IkeV2加速

优化拥塞算法Hybla :

这部分参照了V2EX上的tcp_hybla 编译内核模块的教程.
这一步本人在Linode上实验成功.(Linode是Xen的),系统为Ubuntu,其他系统没有尝试.当然据说Digital Ocean (DO是KVM模板)上的ubuntu官方内核自带了,可略去编译部分,直接调用hybla算法.(补充:经本人测试,Digital Ocan上,直接在/etc/sysctl.conf文件中加入hybla参数就可以直接调用了.如果你是Digital Ocan的话,恭喜你,直接跳到下面方法的第九步)

由于本人对此部分了解有限,完全是照着原文操作成功的,现转载此部分内容,以作备用:

1. 查看你的机器内核版本:

1 uname -r

显示结果如: 3.11.6-x86_64-linode35

2. 去 https://www.kernel.org/pub/linux/kernel/v3.0/ 下载相同版本的源码到任意目录,解压

1 mkdir /root/mykernel
2 cd /root/mykernel
3 wget https://www.kernel.org/pub/linux/kernel/v3.0/linux-3.11.6.tar.gz
4 tar xzvf linux-3.11.6.tar.gz

3. 安装内核编译工具

1 apt-get update && apt-get install -y build-essential libncurses5-dev

4. 复制Linode原来的内核编译配置文件到源码根目录,在CONFIG_TCP_CONG_CUBIC=y下面增加一行 CONFIG_TCP_CONG_HYBLA=y,再生成编译模块需要的内核

1 cd linux-3.11.6
2 zcat /proc/config.gz > .config
3 vi .config

查找CONFIG_TCP_CONG_CUBIC=y,在下面增加一行 CONFIG_TCP_CONG_HYBLA=y,保存

1 make

5. 耐心等待编译内核完成,单核编译大约需15分钟,完成后,进入模块所在的目录,编写Makefile

1 cd net/ipv4/
2 mv Makefile Makefile.old
3 vi Makefile

以下是Makefle的内容,注意要把KDIR修改为你自己的源码路径,其他则照抄就可以了

1 Makefile for tcp_hybla.ko
2 obj-m := tcp_hybla.o
3 KDIR := /root/mykernel/linux-3.11.6
4 PWD := $(shell pwd)
5 default:
6 $(MAKE) -C $(KDIR) SUBDIRS=$(PWD) modules

6.进入源码根目录,编译模块

1 cd /root/mykernel/linux-3.11.6/
2 make modules

7.进入到模块所在目录,复制生成的 tcp_hybla.ko 到加载目录,测试加载模块

1 cd /root/mykernel/linux-3.11.6/net/ipv4
2 cp tcp_hybla.ko /root/mykernel/
3 cd /root/mykernel/

加载前

1 sysctl net.ipv4.tcp_available_congestion_control
2 net.ipv4.tcp_available_congestion_control = cubic reno
3 insmod tcp_hybla.ko

加载后

1 sysctl net.ipv4.tcp_available_congestion_control
2 net.ipv4.tcp_available_congestion_control = cubic reno hybla

设置hybal为优先

1 sysctl net.ipv4.tcp_congestion_control=hybla

8.设置开机自动加载模块,把tcp_hybla.ko 复制到 /lib/modules/3.11.6-x86_64-linode35/kernel/net/ipv4

1 cd /lib/modules/3.11.6-x86_64-linode35
2 mkdir -p kernel/net/ipv4
3 cd kernel/net/ipv4
4 cp /root/mykernel/tcp_hybla.ko ./
5 cd /lib/modules/3.11.6-x86_64-linode35
6 depmod -a

9.修改/etc/sysctl.conf 开机自动设置hybal为优先

1 vim /etc/sysctl.conf
2 net.ipv4.tcp_congestion_control = hybla

保存并退出该文件,然后使用以下指令使配置生效:

1 sysctl -p

参考链接:
Debian下shadowsocks-libev一键安装脚本

CentOS下shadowsocks-libev一键安装脚本

OpenVZ VPS搭建shadowsocks及优化

高流量大并发Linux TCP 性能调优

编译 Linode 内核模块小白教程,以 tcp_hybla 为例

赞(0) 打赏
转载请注明:峰网博客 » 几种vps(OpenVZ、Xen、KVM)快速一键搭建SHADOWSOCKS及SS优化总结

评论 抢沙发

评论前必须登录!

 

中山网站建设

企业专线联系我们

觉得文章有用就打赏一下文章作者

支付宝扫一扫打赏

微信扫一扫打赏