#!/bin/sh
#
# Script for automatic setup of an SS-TPROXY server on CentOS 7.3 Minimal.
#
export PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
exiterr() { ; exit ; }
exiterr2() { exiterr "'yum install' failed."; }
bigecho() { echo; echo -e "\033[36m $1 \033[0m"; }
# Disable FireWall
bigecho "Disable Firewall..."
systemctl stop firewalld.service
systemctl disable firewalld.service
# Install Lib
bigecho "Install Library, Pleast wait..."
yum -y install git gettext gcc autoconf libtool make asciidoc xmlto c-ares-devel libev-devel \
openssl-devel net-tools curl ipset iproute perl wget gcc bind-utils vim || exiterr2
# Install haveged
>/dev/null; then
bigecho "Install Haveged, Pleast wait..."
HAVEGED_VER=-
HAVEGED_URL="http://dl.fedoraproject.org/pub/epel/7/x86_64/Packages/h/haveged-$HAVEGED_VER.el7.x86_64.rpm"
yum -y install "$HAVEGED_URL" || exiterr2
systemctl start haveged
systemctl enable haveged
fi
# Install pdnsd
>/dev/null; then
bigecho "Install Pdnsd, Pleast wait..."
PDNSD_VER=1.2.9a
PDNSD_URL="http://members.home.nl/p.a.rombouts/pdnsd/releases/pdnsd-$PDNSD_VER-par_sl6.x86_64.rpm"
yum -y install "$PDNSD_URL" || exiterr2
fi
# Build aclocal-1.15, it's needed by dnsforwarder
>/dev/null; then
bigecho "Build aclocal-1.15, Pleast wait..."
AUTOMAKE_VER=1.15
AUTOMAKE_FILE="automake-$AUTOMAKE_VER"
AUTOMAKE_URL="https://ftp.gnu.org/gnu/automake/$AUTOMAKE_FILE.tar.gz"
if ! wget --no-check-certificate -O $AUTOMAKE_FILE.tar.gz $AUTOMAKE_URL; then
bigecho "Failed to download file!"
exit
fi
tar xf $AUTOMAKE_FILE.tar.gz
pushd $AUTOMAKE_FILE
./configure
make && make install
popd
fi
# Build dnsforwarder
>/dev/null; then
bigecho "Build dnsforwarder, Pleast wait..."
git clone https://github.com/holmium/dnsforwarder.git
pushd dnsforwarder
./configure --enable-downloader=no
make && make install
popd
fi
# Build chinadns
>/dev/null; then
bigecho "Build chinadns, Pleast wait..."
CHINADNS_VER=
CHINADNS_FILE="chinadns-$CHINADNS_VER"
CHINADNS_URL="https://github.com/*/ChinaDNS/releases/download/$CHINADNS_VER/$CHINADNS_FILE.tar.gz"
if ! wget --no-check-certificate -O $CHINADNS_FILE.tar.gz $CHINADNS_URL; then
bigecho "Failed to download file!"
exit
fi
tar xf $CHINADNS_FILE.tar.gz
pushd $CHINADNS_FILE
./configure
make && make install
popd
fi
# Build Libsodium
if [ ! -f "/usr/lib/libsodium.so" ]; then
bigecho "Build Libsodium, Pleast wait..."
LIBSODIUM_VER=
LIBSODIUM_FILE="libsodium-$LIBSODIUM_VER"
LIBSODIUM_URL="https://download.libsodium.org/libsodium/releases/$LIBSODIUM_FILE.tar.gz"
if ! wget --no-check-certificate -O $LIBSODIUM_FILE.tar.gz $LIBSODIUM_URL; then
bigecho "Failed to download file!"
exit
fi
tar xf $LIBSODIUM_FILE.tar.gz
pushd $LIBSODIUM_FILE
./configure --prefix=/usr && make
make install
popd
ldconfig
fi
# Build MbedTLS
if [ ! -f "/usr/lib/libmbedtls.so" ]; then
bigecho "Build MbedTLS, Pleast wait..."
MBEDTLS_VER=
MBEDTLS_FILE="mbedtls-$MBEDTLS_VER"
MBEDTLS_URL="https://tls.mbed.org/code/releases/$MBEDTLS_FILE-gpl.tgz"
if ! wget --no-check-certificate -O $MBEDTLS_FILE-gpl.tgz $MBEDTLS_URL; then
bigecho "Failed to download file!"
exit
fi
tar xf $MBEDTLS_FILE-gpl.tgz
pushd $MBEDTLS_FILE
CFLAGS=-fPIC
make DESTDIR=/usr install
popd
ldconfig
fi
#Build *r-libev
>/dev/null; then
bigecho "Build *r-libev, Pleast wait..."
git clone https://github.com/*r-backup/*r-libev.git
pushd *r-libev
./configure --prefix=/usr/local/ssr-libev
make && make install
popd
pushd /usr/local/ssr-libev/bin
mv ss-redir ssr-redir
mv ss-local ssr-local
ln -sf ssr-local ssr-tunnel
mv ssr-* /usr/local/bin/
popd
rm -fr /usr/local/ssr-libev
fi
# Install SS-TPROXY
>/dev/null; then
bigecho "Install SS-TProxy, Pleast wait..."
git clone https://github.com/zfl9/ss-tproxy.git
pushd ss-tproxy
git checkout v1-tcponly
cp -af ss-tproxy /usr/local/bin/
cp -af ss-switch /usr/local/bin/
chown root:root /usr/local/bin/ss-tproxy /usr/local/bin/ss-switch
chmod +x /usr/local/bin/ss-tproxy /usr/local/bin/ss-switch
-p /etc/tproxy
cp -af pdnsd.conf /etc/tproxy/
cp -af chnroute.txt /etc/tproxy/
cp -af chnroute.ipset /etc/tproxy/
cp -af ss-tproxy.conf /etc/tproxy/
cp -af dnsforwarder.conf /etc/tproxy/
chown -R root:root /etc/tproxy
/etc/tproxy/*
popd
# Systemctl
pushd ss-tproxy
cp -af ss-tproxy.service /etc/systemd/system/
popd
systemctl daemon-reload
systemctl enable ss-tproxy.service
fi
# Display info
bigecho "#######################################################"
bigecho "Please modify /etc/tproxy/ss-tproxy.conf before start."
bigecho "#ss-tproxy update_chnip"
bigecho "#ss-tproxy start"
bigecho "#######################################################"
exit 0
原文:
https://gist.github.com/YahuiWong/c5f47f9f13dfd2cb560046f28c7aecd0
记得在最后设置允许访问的局域网IP段
## iptables 配置
iptables_intranet=(0.0.0.0/0) # 内网网段,多个空格隔开
目前软件的机制是:
cat /etc/tproxy/chnroute.txt,这个IP表里都是cnip,如果满足这里的就走默认的操作系统本身网关出去上网,
否则就走代理网关出去。所以你如果想全局走代理网关出去,那么可以把chnroute.txt里的IP清空,那么就全局走代理了。