1. 原因和收益

  • 资源开销小,同Ubuntu相比差异还是挺明显的

2. 过程和资源

2.1 安装系统

按照提示一步步来

https://zhuanlan.zhihu.com/p/107963371

2.2 安装和配置shadowsocks

apk add shadowsocks-libev

apline使用openrc管理系统服务,但shadowsocks-libev并没有提供相应的脚本,临时手动处理

mkdir -p /etc/shadowsocks/

/etc/shadowsocks/server.json

{
    "server":["::0","0.0.0.0"],
    "server_port":8388,
    "method":"chacha20-ietf-poly1305",
    "password":"ExamplePassword",
    "mode":"tcp_and_udp",
    "fast_open":false
}

/etc/local.d/ss-server.start

nohup ss-server -c /etc/shadowsocks/server.json &
chmod +x socat.start
rc-update add local

2.2.1 备用端口

在服务器上使用以下命令来将服务器从1000010010端口接收到的TCP和UDP流量全部转发到8388端口:

iptables -t nat -A PREROUTING -p tcp --dport 10000:10010 -j REDIRECT --to-port 8388
iptables -t nat -A PREROUTING -p udp --dport 10000:10010 -j REDIRECT --to-port 8388

这样一来,如果你使用的10000端口遭到了封锁,那么你无须更换IP,或者登录服务器修改配置文件。而是只需要在客户端(电脑或者手机上)将端口从10000改为10010就可以继续使用了。

另外,也避免了服务器端口8388的直接外露。

https://gfw.report/blog/ss_tutorial/zh/

https://www.kryii.com/44.html

2.2.2 ss-server openrc

/etc/init.d/ss-server

#!/sbin/openrc-run

description="Shadowsocks server"

depend() {
    need net
}

NAME=shadowsocks-server
PIDFILE=/var/run/${NAME}.pid
CONFFILE=/etc/shadowsocks/server.json
DAEMON="/usr/bin/ss-server -c ${CONFFILE} "

start() {
    ebegin "Starting ${NAME}"
    start-stop-daemon --start --pidfile ${PIDFILE} -- ${DAEMON} -u -f ${PIDFILE}
    eend $?
}

stop() {
    ebegin "Stopping ${NAME}"
    start-stop-daemon --stop --pidfile ${PIDFILE} --retry 30 --name ${NAME}
    eend $?
}

/etc/init.d/ss-local

#!/sbin/openrc-run

description="Shadowsocks client"

depend() {
    need net
}

NAME=shadowsocks-client
PIDFILE=/var/run/${NAME}.pid
CONFFILE=/etc/shadowsocks/local.json
DAEMON="/usr/bin/ss-local -c ${CONFFILE}"

start() {
    ebegin "Starting ${NAME}"
    start-stop-daemon --start --pidfile ${PIDFILE} -- ${DAEMON} -u -f ${PIDFILE}
    eend $?
}

stop() {
    ebegin "Stopping ${NAME}"
    start-stop-daemon --stop --pidfile ${PIDFILE} --retry 30 -- ${DAEMON} stop
    eend $?
}

https://blog.csdn.net/q1009020096/article/details/120703910

https://wiki.alpinelinux.org/wiki/Writing_Init_Scripts

https://www.bspu.by/gentoo-portage/net-proxy/shadowsocks-libev/files/shadowsocks.initd

https://github.com/figofuture/shadowsocks-libev-gentoo/blob/master/shadowsocks-libev

2.3 安装和配置fail2ban

apk add fail2ban fail2ban-openrc
rc-service fail2ban start
rc-update add fail2ban

2.4 安装和配置nginx、php和mysql

按官方文档安装和配置

https://wiki.alpinelinux.org/wiki/Nginx_with_PHP#Configuration_of_PHP7

2.4.1 php使用sock通信方式

/etc/php7/php-fpm.d/www.conf

listen = /run/php-fpm7/php7.sock
listen.mode = 0666

/etc/nginx/nginx.conf

location ~ \.php$ {
    #fastcgi_pass   127.0.0.1:9000;
    fastcgi_pass    unix:/run/php-fpm7/php7.sock;
    fastcgi_index   index.php;
    include         fastcgi.conf;
}

https://www.cnblogs.com/php48/p/8763550.html

https://www.php.cn/php-weizijiaocheng-440257.html

3. 待解决问题

3.1 shadowsocks log

openrc的状态输出比较简单,只有简单的startedstopped,没有日志记录。

标签: none

添加新评论