ss客户端以及tcp,udp,dns代理ss-tproxy在线安装版--centos7.3 x64以上(7.3-7.6x64测试通过)

时间:2023-03-08 17:32:17
#!/bin/sh
#
# Script for automatic setup of an SS-TPROXY server on CentOS 7.3 Minimal.
#

export PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"

exiterr()  { ; exit ; }
exiterr2() { exiterr "'yum install' failed."; }
bigecho()  { echo; echo -e "\033[36m $1 \033[0m"; }

# Disable FireWall
bigecho "Disable Firewall..."
systemctl stop firewalld.service
systemctl disable firewalld.service

# Install Lib
bigecho "Install Library, Pleast wait..."
yum -y install git gettext gcc autoconf libtool make asciidoc xmlto c-ares-devel libev-devel \
  openssl-devel net-tools curl ipset iproute perl wget gcc bind-utils vim || exiterr2

# Install haveged
>/dev/null; then
    bigecho "Install Haveged, Pleast wait..."
    HAVEGED_VER=-
    HAVEGED_URL="http://dl.fedoraproject.org/pub/epel/7/x86_64/Packages/h/haveged-$HAVEGED_VER.el7.x86_64.rpm"
    yum -y install "$HAVEGED_URL" || exiterr2
    systemctl start haveged
    systemctl enable haveged
fi

# Install pdnsd
>/dev/null; then
    bigecho "Install Pdnsd, Pleast wait..."
    PDNSD_VER=1.2.9a
    PDNSD_URL="http://members.home.nl/p.a.rombouts/pdnsd/releases/pdnsd-$PDNSD_VER-par_sl6.x86_64.rpm"
    yum -y install "$PDNSD_URL" || exiterr2
fi

# Build aclocal-1.15, it's needed by dnsforwarder
>/dev/null; then
    bigecho "Build aclocal-1.15, Pleast wait..."
    AUTOMAKE_VER=1.15
    AUTOMAKE_FILE="automake-$AUTOMAKE_VER"
    AUTOMAKE_URL="https://ftp.gnu.org/gnu/automake/$AUTOMAKE_FILE.tar.gz"
    if ! wget --no-check-certificate -O $AUTOMAKE_FILE.tar.gz $AUTOMAKE_URL; then
        bigecho "Failed to download file!"
        exit
    fi
    tar xf $AUTOMAKE_FILE.tar.gz
    pushd $AUTOMAKE_FILE
    ./configure
    make && make install
    popd
fi

# Build dnsforwarder
>/dev/null; then
    bigecho "Build dnsforwarder, Pleast wait..."
    git clone https://github.com/holmium/dnsforwarder.git
    pushd dnsforwarder
    ./configure --enable-downloader=no
    make && make install
    popd
fi

# Build chinadns
>/dev/null; then
    bigecho "Build chinadns, Pleast wait..."
    CHINADNS_VER=
    CHINADNS_FILE="chinadns-$CHINADNS_VER"
    CHINADNS_URL="https://github.com/*/ChinaDNS/releases/download/$CHINADNS_VER/$CHINADNS_FILE.tar.gz"
    if ! wget --no-check-certificate -O $CHINADNS_FILE.tar.gz $CHINADNS_URL; then
        bigecho "Failed to download file!"
        exit
    fi
    tar xf $CHINADNS_FILE.tar.gz
    pushd $CHINADNS_FILE
    ./configure
    make && make install
    popd
fi

# Build Libsodium
if [ ! -f "/usr/lib/libsodium.so" ]; then
    bigecho "Build Libsodium, Pleast wait..."
    LIBSODIUM_VER=
    LIBSODIUM_FILE="libsodium-$LIBSODIUM_VER"
    LIBSODIUM_URL="https://download.libsodium.org/libsodium/releases/$LIBSODIUM_FILE.tar.gz"
    if ! wget --no-check-certificate -O $LIBSODIUM_FILE.tar.gz $LIBSODIUM_URL; then
        bigecho "Failed to download file!"
        exit
    fi
    tar xf $LIBSODIUM_FILE.tar.gz
    pushd $LIBSODIUM_FILE
    ./configure --prefix=/usr && make
    make install
    popd
    ldconfig
fi

# Build MbedTLS
if [ ! -f "/usr/lib/libmbedtls.so" ]; then
    bigecho "Build MbedTLS, Pleast wait..."
    MBEDTLS_VER=
    MBEDTLS_FILE="mbedtls-$MBEDTLS_VER"
    MBEDTLS_URL="https://tls.mbed.org/code/releases/$MBEDTLS_FILE-gpl.tgz"
    if ! wget --no-check-certificate -O $MBEDTLS_FILE-gpl.tgz $MBEDTLS_URL; then
        bigecho "Failed to download file!"
        exit
    fi
    tar xf $MBEDTLS_FILE-gpl.tgz
    pushd $MBEDTLS_FILE
     CFLAGS=-fPIC
    make DESTDIR=/usr install
    popd
    ldconfig
fi

#Build *r-libev
>/dev/null; then
    bigecho "Build *r-libev, Pleast wait..."
    git clone https://github.com/*r-backup/*r-libev.git
    pushd *r-libev
    ./configure --prefix=/usr/local/ssr-libev
    make && make install
    popd
    pushd /usr/local/ssr-libev/bin
    mv ss-redir ssr-redir
    mv ss-local ssr-local
    ln -sf ssr-local ssr-tunnel
    mv ssr-* /usr/local/bin/
    popd
    rm -fr /usr/local/ssr-libev
fi

# Install SS-TPROXY
>/dev/null; then
    bigecho "Install SS-TProxy, Pleast wait..."
    git clone https://github.com/zfl9/ss-tproxy.git
    pushd ss-tproxy
    git checkout v1-tcponly
    cp -af ss-tproxy /usr/local/bin/
    cp -af ss-switch /usr/local/bin/
    chown root:root /usr/local/bin/ss-tproxy /usr/local/bin/ss-switch
    chmod +x /usr/local/bin/ss-tproxy /usr/local/bin/ss-switch
     -p /etc/tproxy
    cp -af pdnsd.conf /etc/tproxy/
    cp -af chnroute.txt /etc/tproxy/
    cp -af chnroute.ipset /etc/tproxy/
    cp -af ss-tproxy.conf /etc/tproxy/
    cp -af dnsforwarder.conf /etc/tproxy/
    chown -R root:root /etc/tproxy
     /etc/tproxy/*
    popd

    # Systemctl
    pushd ss-tproxy
    cp -af ss-tproxy.service /etc/systemd/system/
    popd
    systemctl daemon-reload
    systemctl enable ss-tproxy.service
fi

# Display info
bigecho "#######################################################"
bigecho "Please modify /etc/tproxy/ss-tproxy.conf before start."
bigecho "#ss-tproxy update_chnip"
bigecho "#ss-tproxy start"
bigecho "#######################################################"

exit 0

原文:

https://gist.github.com/YahuiWong/c5f47f9f13dfd2cb560046f28c7aecd0

记得在最后设置允许访问的局域网IP段

## iptables 配置
iptables_intranet=(0.0.0.0/0) # 内网网段,多个空格隔开

目前软件的机制是:

cat /etc/tproxy/chnroute.txt,这个IP表里都是cnip,如果满足这里的就走默认的操作系统本身网关出去上网,

否则就走代理网关出去。所以你如果想全局走代理网关出去,那么可以把chnroute.txt里的IP清空,那么就全局走代理了。