Deploying the Modified Backend on CENTOS7
1. Update the yum repositoryyum update
2. Add the epel repositoryyum install -y epel-release
3. Install git and other toolsyum install -y gityum install -y wgetyum install python-setuptools && easy_install
pip
4. Install libsodium _Note: if you are not using the chacha20
method, you can skip this step
yum -y groupinstall "Development Tools"
wget https://github.com/jedisct1/libsodium/releases/download/1.0.13/libsodium-1.0.13.tar.gz
tar xf libsodium-1.0.13.tar.gz && cd libsodium-1.0.13
./configure && make -j2 && make install
echo /usr/local/lib > /etc/ld.so.conf.d/usr_local_lib.conf
ldconfig
Download the program source code and install dependencies
git clone https://github.com/wggwcn/ssr_manyu.git
cd ssr_manyu
yum -y install python-devel
yum -y install libffi-devel
yum -y install openssl-devel
pip install -r requirements.txt
Mainly edit userapiconfig.py
, and let me explain the meaning of each configuration item inside
# Config
# Node ID
NODE_ID = 1
# Automatic speed test; set to 0 to disable. The unit here is hours, and it should match the number of hours set in ss-panel
SPEEDTEST = 6
# Cloud security; automatically report and download banned IPs. 1 to enable, 0 to disable
CLOUDSAFE = 1
# Automatically ban IPs with incorrect SS passwords or encryption methods. 1 to enable, 0 to disable
ANTISSATTACK = 0
# Whether to accept commands issued by the upstream. If you want to use this command, please refer to what I wrote earlier. Place the public key ssshell.asc in the directory
AUTOEXEC = 1
Multi-port single-user settings; see the major update notes.
MU_SUFFIX = 'zhaoj.in'
Multi-port single-user settings; see the major update notes.
MU_REGEX = '%5m%id.%suffix'
# Sounds impressive but unclear
SERVER_PUB_ADDR = '127.0.0.1' # mujson_mgr need this to generate ssr link
# How to access the panel
`API_INTERFACE = 'glzjinmod' #glzjinmod (connect via database), modwebapi (http api)
# mudb, ignore this
MUDB_FILE = 'mudb.json'
# HTTP API information; see the major update notes.
WEBAPI_URL = 'https://zhaoj.in'
WEBAPI_TOKEN = 'glzjin'
# Mysql database connection information
MYSQL_HOST = '127.0.0.1'
MYSQL_PORT = 3306
MYSQL_USER = 'ss'
MYSQL_PASS = 'ss'
MYSQL_DB = 'shadowsocks'
# Whether to enable SSL connection; 0 for off, 1 for on
MYSQL_SSL_ENABLE = 0
# Client certificate directory; see https://github.com/glzjin/shadowsocks/wiki/Mysql-SSL%E9%85%8D%E7%BD%AE
MYSQL_SSL_CERT = '/root/shadowsocks/client-cert.pem'
MYSQL_SSL_KEY = '/root/shadowsocks/client-key.pem'
MYSQL_SSL_CA = '/root/shadowsocks/ca.pem'
# API, ignore this
API_HOST = '127.0.0.1'
API_PORT = 80
API_PATH = '/mu/v2/'
API_TOKEN = 'abcdef'
API_UPDATE_TIME = 60
# Manager, ignore this
MANAGE_PASS = 'ss233333333'
#if you want manage in other server you should set this value to global ip
MANAGE_BIND_IP = '127.0.0.1'
#make sure this port is idle
MANAGE_PORT = 23333
# Security setting, required to limit the number of online IPs. Set the parameter below randomly, and keep it consistent across all nodes.
IP_MD5_SALT = 'randomforsafety'
There are several ways to run it.
- python server.py for debugging
- /run.sh run in the background without logs
- /logrun.sh run in the background with logs
- supervisord
Optimization
wget https://raw.githubusercontent.com/wggwcn/ssr_manyu/master/centos7/limits.conf -O /etc/security/limits.conf && ulimit -n 51200
wget https://raw.githubusercontent.com/wggwcn/ssr_manyu/master/centos7/sysctl.conf -O /etc/sysctl.conf && sysctl -p
wget https://raw.githubusercontent.com/wggwcn/ssr_manyu/master/centos7/systemd-supervisor.service -O /usr/lib/systemd/system/systemd-supervisor.service
Edit the supervisord configuration file
Install supervisor
yum install supervisor python-pip -y
pip install supervisor==3.1
Edit the last section of /etc/supervisord.conf as follows, using
/root/shadowsocks/ as an example
[program:mu]
command=python /root/ssr_manyu/server.py
directory=/root/ssr_manyu
autorestart=true
startsecs=10
startretries=36
redirect_stderr=true
user=root ; setuid to this UNIX account to run the program
log_stdout=true ; if true, log program stdout (default true)
log_stderr=true ; if true, log program stderr (def false)
logfile=/var/log/mu.log ; child log path, use NONE for none; default AUTO
;logfile_maxbytes=1MB ; max # logfile bytes b4 rotation (default 50MB)
;logfile_backups=10 ; # of logfile backups (default 10)
Save
If you want to directly download this supervisor configuration file and overwrite it
wget https://raw.githubusercontent.com/wggwcn/ssr_manyu/master/centos7/supervisord.conf -O /etc/supervisord.conf
supervisor
start, stop, and boot auto-start commands
Enable auto-start on bootsystemctl enable systemd-supervisor
Start supervisordsystemctl start systemd-supervisor
Check supervisord statussystemctl status systemd-supervisor
Install BBR acceleration
wget --no-check-certificate https://github.com/teddysun/across/raw/master/bbr.sh
chmod +x bbr.sh
./bbr.sh
Install ServerSpeeder
Step 1: Install the multi-kernel environment packages
yum install kernel-firmware grubby dracut-kernel
Step 2: Reboot and install the new kernel
rpm -ivh http://soft.91yun.org/ISO/Linux/CentOS/kernel/kernel-3.10.0-229.1.2.el7.x86_64.rpm --force
Reboot the server reboot
Step 3: Install ServerSpeeder
wget -N --no-check-certificate https://github.com/91yun/serverspeeder/raw/master/serverspeeder.sh && bash serverspeeder.sh
ServerSpeeder commands
service serverSpeeder stats ServerSpeeder status
service serverSpeeder start Start ServerSpeeder
service serverSpeeder stop Stop ServerSpeeder
service serverSpeeder restart Restart ServerSpeeder