首先校对时区
这个非常重要,如果s端和m端的时间不同,在添加节点的时候会报错。dpkg-reconfigure tzdata
更新以及安装依赖
apt-get update && apt-get install vim git curl supervisor build-essential -y
修改源
curl -sL https://deb.nodesource.com/setup_10.x | bash - && curl -L http://nginx.org/keys/nginx_signing.key | apt-key add - && vim /etc/apt/sources.list
添加以下源
deb http://httpredir.debian.org/debian jessie-backports main
deb http://nginx.org/packages/mainline/debian/ jessie nginx
deb-src http://nginx.org/packages/mainline/debian/ jessie nginx 安装Nginx、nodejs、ss等组件
apt-get update && apt-get install nginx nodejs -y && apt-get install python-pip && pip install git+https://github.com/shadowsocks/shadowsocks.git@master && npm i -g pm2 && git clone https://github.com/shadowsocks/shadowsocks-manager ssm && cd ssm && npm i
编辑supervisor
vim /etc/supervisor/conf.d/ss-manager.conf
给ss增加守护进程
[program:ss-manager]
command=ssserver -m rc4-md5 -p 12345 -k abcedf --manager-address 127.0.0.1:2397
autorestart=true
user=root 重启supervisor以生效配置
supervisorctl reload
添加s端的配置文件
mkdir ~/.ssmgr && vim ~/.ssmgr/ss.yml
编辑配置文件
type: s
empty: false
shadowsocks:
address: 127.0.0.1:2397
manager:
address: 0.0.0.0:2398
password: 'passwd'
db: 'ss.sqlite' 保存
pm2 --name "ssm" -f start /root/ssm/server.js -x -- -c ss.yml
编辑m端文件
type: m
empty: false
manager:
address: 127.0.0.1:2398
password: 'passwd'
# 这部分的端口和密码需要跟上一步 manager 参数里的保持一致
plugins:
flowSaver:
use: true
user:
use: true
account:
use: true
pay:
hour:
price: 0.03
flow: 500000000
day:
price: 0.5
flow: 7000000000
week:
price: 3
flow: 50000000000
month:
price: 10
flow: 200000000000
season:
price: 30
flow: 200000000000
year:
price: 120
flow: 200000000000
email:
use: true
username: '233@mailgun.org'
password: 'passwd'
host: 'smtp.mailgun.org'
# 这部分的邮箱和密码是用于发送注册验证邮件,重置密码邮件使用的,推荐使用 Mailgun.com
webgui:
use: true
host: '0.0.0.0'
port: '8088'
site: 'https://233.al'
# 改成你自己的域名
gcmSenderId: '456102641793'
gcmAPIKey: 'AAAAGzzdqrE:XXXXXXXXXXXXXX'
alipay:
use: false
# 若要使用支付宝收款,请自己研究
appid: 2015012108272442
notifyUrl: ''
merchantPrivateKey: 'xxxxxxxxxxxx'
alipayPublicKey: 'xxxxxxxxxxx'
gatewayUrl: 'https://openapi.alipay.com/gateway.do'
db: 'webgui.sqlite' 保存设置
pm2 --name "webgui" -f start /root/ssm/server.js -x -- -c webgui.yml
设置开机启动
pm2 save && pm2 startup
安装acme.sh以获取免费SSL证书
curl -L get.acme.sh | bash -
签发证书
service nginx stop && /root/.acme.sh/acme.sh --issue --standalone -d 233.al
得到以下证书文件
[Mon Mar 27 13:16:31 UTC 2017] Your cert is in /root/.acme.sh/233.al/233.al.cer
[Mon Mar 27 13:16:31 UTC 2017] Your cert key is in /root/.acme.sh/233.al/233.al.key
[Mon Mar 27 13:16:31 UTC 2017] The intermediate CA cert is in /root/.acme.sh/233.al/ca.cer
[Mon Mar 27 13:16:31 UTC 2017] And the full chain certs is there: /root/.acme.sh/233.al/fullchain.cer找到
/root/.acme.sh/233.al/233.al.key
是你的密钥
/root/.acme.sh/233.al/fullchain.cer
是你的全证书链,这两个是我们需要的更新证书的话可以用以下命令
acme.sh --renew -d mydomain.com --force编辑nginx配置
vim /etc/nginx/conf.d/ss.conf
复制一下内容
server {
listen 80;
server_name cat.con.sh;
rewrite ^ https://$server_name$request_uri? permanent;
}
server {
listen 443 ssl http2;
server_name 233.al;
ssl on;
ssl_certificate /root/.acme.sh/233.al/fullchain.cer;
ssl_certificate_key /root/.acme.sh/233.al/233.al.key;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $http_host;
proxy_pass http://127.0.0.1:8088;
}
}重启nginx
service nginx start
自动同步时间
为了防止系统时间会越走越慢导致的各种问题,我们设置每天定时向服务器对时
apt-get install ntpdate
ntpdate time.windows.com编辑脚本crontab -e
设置定时重启0 1 * * * ntpdate time.windows.com
重启cron/etc/init.d/cron restart