分类目录归档:Linux

How to set limits for services in RHEL and systemd

发表评论

Environment

  • Red Hat Enterprise Linux (RHEL) 7, 8, 9
  • systemd

Issue

How can I set the limits for services started at boot time via systemd?

Limits set in /etc/security/limits.conf or /etc/security/limits.d/*.conf are ignored.

Resolution

A service definition can be extended as described in the systemd.unit(5) man page in the section “Example 2. Overriding vendor settings”, and in the Red Hat Enterprise Linux 7 System Administrator’s Guide, Section 8.6. Creating and Modifying systemd Unit Files

To change a single service:

Using tftp.service as an example, create a new tftp.service.d directory under /etc/systemd/system, and then create a conf file in that directory which extends (or overrides) the settings for the service. In this example, the number of open file descriptors is limited to 500,000.

# mkdir -p /etc/systemd/system/tftp.service.d/
# cat >/etc/systemd/system/tftp.service.d/filelimit.conf <<EOF
[Service]
LimitNOFILE=500000
EOF

The change is applied after reloading the daemon configuration and restarting the service.

# systemctl daemon-reload
# systemctl restart tftp.service

The systemd-delta and systemctl status tftp.service commands both show that the service definition has been extended.

# systemd-delta --type=extended
[EXTENDED]   /usr/lib/systemd/system/tftp.service → /etc/systemd/system/tftp.service.d/filelimit.conf

1 overridden configuration file found.

# systemctl status tftp.service
● tftp.service - Tftp Server
   Loaded: loaded (/usr/lib/systemd/system/tftp.service; indirect; vendor preset: disabled)
  Drop-In: /etc/systemd/system/tftp.service.d
           └─filelimit.conf
  ...

The available limits are described in the following section from the systemd.exec(5) man page:

LimitCPU=, LimitFSIZE=, LimitDATA=, LimitSTACK=, LimitCORE=, LimitRSS=,
       LimitNOFILE=, LimitAS=, LimitNPROC=, LimitMEMLOCK=, LimitLOCKS=,
       LimitSIGPENDING=, LimitMSGQUEUE=, LimitNICE=, LimitRTPRIO=,
       LimitRTTIME=
           These settings control various resource limits for executed
           processes. See setrlimit(2) for details. Use the string infinity to
           configure no limit on a specific resource.

Note: Most process resource limits configured with these options are per-process, and processes may fork in order to acquire a new set of resources that are accounted independently of the original process, and may thus escape limits set. Also note that LimitRSS= is not implemented on Linux, and setting it has no effect. Often it is advisable to prefer the resource controls listed in systemd.resource-control(5) over these per-process limits, as they apply to services as a whole, may be altered dynamically at runtime, and are generally more expressive. For example, MemoryMax= is a more powerful (and working) replacement for LimitRSS=.

To set a limit for all services

Instead create a drop in file in /etc/systemd/system.conf.d/ and use the Default version of the limit:

# mkdir -p /etc/systemd/system.conf.d/
# cat >/etc/systemd/system.conf.d/10-filelimit.conf <<EOF
[Manager]
DefaultLimitNOFILE=500000
EOF

Important: Some services may have resource limits that cannot be changed in this way. One such example is sendmail which changes the resource limit for the maximum number of open files to 1024 (and can modify other resource limits). It is not possible to change these resource limits for sendmail – they are set explicitly and are not changable via sendmail configuration. This behaviour is not a defect, it is the expected behaviour for programs that manage and set their own resource limits.

Root Cause

Limits defined in /etc/security/limits.conf or /etc/security/limits.d/*.conf are set by pam when starting login session. This is configured by following line from /etc/pam.d/system-auth-ac:

session     required      pam_limits.so

Since daemons started by systemd don’t employ pam login session, the limits can be set only in the service unit file.

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.

Debian 11 默认官方源//中科大源/sources.list

发表评论

一、备份现有apt源配置

mv /etc/apt/sources.list /etc/apt/sources.list.old

二、替换为其他apt源

1、替换为默认官方源

cat > /etc/apt/sources.list << EOF
deb https://deb.debian.org/debian/ bullseye main contrib non-free
deb-src https://deb.debian.org/debian/ bullseye main contrib non-free

deb https://deb.debian.org/debian/ bullseye-updates main contrib non-free
deb-src https://deb.debian.org/debian/ bullseye-updates main contrib non-free

deb https://deb.debian.org/debian/ bullseye-backports main contrib non-free
deb-src https://deb.debian.org/debian/ bullseye-backports main contrib non-free

deb https://deb.debian.org/debian-security/ bullseye-security main contrib non-free
deb-src https://deb.debian.org/debian-security/ bullseye-security main contrib non-free
EOF

2、替换为中科大源

cat > /etc/apt/sources.list << EOF
deb https://mirrors.ustc.edu.cn/debian/ bullseye main contrib non-free
deb-src https://mirrors.ustc.edu.cn/debian/ bullseye main contrib non-free

deb https://mirrors.ustc.edu.cn/debian/ bullseye-updates main contrib non-free
deb-src https://mirrors.ustc.edu.cn/debian/ bullseye-updates main contrib non-free

deb https://mirrors.ustc.edu.cn/debian/ bullseye-backports main contrib non-free
deb-src https://mirrors.ustc.edu.cn/debian/ bullseye-backports main contrib non-free

deb https://mirrors.ustc.edu.cn/debian-security/ bullseye-security main contrib non-free
deb-src https://mirrors.ustc.edu.cn/debian-security/ bullseye-security main contrib non-free
EOF

三、更新apt索引

apt update

Linux 端口转发

发表评论

什么是端口转发?

准确来讲叫流量转发,因为流量是基于端口的,所以一般称为端口转发。

比如我有一台香港小鸡,去程回程仅对移动线路(CMI),电信联通均绕道日本NTT线路,我买了一台广州移动 NAT 机做中转,那么就是访问路径就是:本地电信 -> 广州移动IP:50001 -> 香港小鸡IP:49001,换言之,我本地电信访问广州移动IP:50001,就等于访问香港小鸡IP:49001。

为什么要转发?

有些小鸡,对你所在的运营商网络线路不太友好,造成晚高峰看 YouTube 卡顿,通过国内机房、数据中心中转,网速会有质的飞跃。比如电信CN2 GIA、联通9929、移动CMI等国际出口,都是极品线路,有关三大运营商国际出口线路的介绍,可点击这里。

其次,由于服务器上跑了web服务,443和80端口不能被某些不可描述的力量给和谐掉,故而可在本机另启一个端口,转发至本机的443上。

用什么转发?

推荐 iptables 或者 firewalld,都是内核级别的转发,性能损耗极少。
如果用 gost/brook 等第三方工具转发,流量大或者连接数过多的时候 cpu 和负载压力变大,对于 nat 小鸡特别不友好。

基于 firewalld 转发

CentOS 7 开始,系统默认防火墙工具为 firewalld,当然 Debian 也是可以安装 firewalld,firewalld 和 iptables 本质上都是用户空间中管理防火墙的工具,最终还是调用内核空间的 netfilter,firewalld 是没有“四表五链”的概念的。

以下为实验环境

服务器公网 IP私网 IP端口用途
广州移动1.1.1.1192.168.100.150001中转
香港小鸡2.2.2.2192.168.100.249001404

以下在 广州移动中转 NAT 机 上进行

安装 firewalld 

# Debian 11
apt install firewalld -y

查看 firewalld 运行状态,显示绿色 active 说明服务运行正常

systemctl status firewalld

查看当前使用区域是否为 public

firewall-cmd --get-default-zone

开启内核转发

echo "net.ipv4.ip_forward = 1" >> /etc/sysctl.conf
echo "net.core.default_qdisc = fq" >> /etc/sysctl.conf
echo "net.ipv4.tcp_congestion_control = bbr" >> /etc/sysctl.conf
sysctl -p

开启 public 区域中 ip 伪装,不开启 ip 伪装是不能设置端口转发的

firewall-cmd --zone=public --add-masquerade --permanent

将 广州移动 50001 端口 的流量转发至 香港小鸡 49001 上

firewall-cmd --zone=public --add-forward-port=port=50001:proto=tcp:toport=49001:toaddr=2.2.2.2 --permanent

允许 50001 端口被外部访问

firewall-cmd --zone=public --add-port=50001/tcp --permanent
firewall-cmd --zone=public --add-port=50001/udp --permanent

重载防火墙服务,使之生效

firewall-cmd --reload

以上 广州移动 NAT 中转机 就已经设置好了,如果你的 v2ray/trojan/ssr/web 服务均运行在 香港小鸡 443 端口上,接下来还要把 香港小鸡 49001 端口 流量转发至 本机 443 上,也就是本机内部的端口。

以下在 香港小鸡 上进行

firewall-cmd --zone=public --add-forward-port=port=49001:proto=tcp:toport=443 --permanent

同理,重载防火墙

firewall-cmd --reload

查询防火墙端口转发配置

firewall-cmd --zone=public --list-forward-ports

删除防火墙端口转发配置

firewall-cmd --zone=public --remove-forward-port=port=50001:proto=tcp:toport=49001:toaddr=2.2.2.2

基于 iptables 转发

iptables 是 CentOS 6 系统默认防火墙工具,CentOS 7 也可以使用,实验环境与上述一样。【注意:同一套环境,iptables 和 firewalld 二选一】

以下在 广州移动 上进行

开启内核转发

echo "net.ipv4.ip_forward = 1" >> /etc/sysctl.conf
sysctl -p

将 广州移动 50001 端口 的流量转发至 香港小鸡 49001 上

iptables -t nat -A PREROUTING -p tcp --dport 50001 -j DNAT --to-destination 2.2.2.2:49001
iptables -t nat -A POSTROUTING -p tcp -d 2.2.2.2 --dport 49001 -j SNAT --to-source 192.168.100.1

保存配置

iptables-save

下面设置 香港小鸡 内部端口转发,将 49001 端口流量转发至本机 443 上,在 香港小鸡 上进行

iptables -t nat -A PREROUTING -p tcp --dport 49001 -j REDIRECT --to-port 443

如果想删除本机端口转发,命令如下

iptables -t nat -D PREROUTING -p tcp --dport 49001 -j REDIRECT --to-port 443

查看 iptables 转发配置

iptables -t nat -nL --line

注意事项:

以上 广州移动 50001 端口 转发至 香港小鸡 49001 端口,是跨机房,没有专线联络的情况下进行的。如果同机房,不同机器的转发,命令需要用 内网 IP,比如

iptables -t nat -A PREROUTING -p tcp --dport 50001 -j DNAT --to-destination 192.168.100.2:49001
iptables -t nat -A POSTROUTING -p tcp -d 192.168.100.2 --dport 49001 -j SNAT --to-source 192.168.100.1

一些建议

个人不推荐什么一键脚本、面板什么的,虽然便捷,对小白很友好,但显得很冗余,小鸡配置都比较低,甚至有 1C + 387M + 10G HDD 的配置,跑个 CentOS 操作系统已经很不容易。当然如果是大盘鸡,当我没说XDD

CentOS 离线安装 docker

发表评论

一、引言

生产环境中,很多时候都无法访问互联网,如何安装 docker 服务,官方推荐使用编译好的二进制包方案。本文以 CentOS 7 为例

二、先决条件

  • 64 位安装
  • 版本 3.10 或更高版本的 Linux 内核, 建议使用适用于您的平台的最新版本的内核
  • iptables 1.4 或更高版本
  • git 版本 1.7 或更高版本
  • ps 可执行文件,通常由 procps 或类似包提供
  • XZ Utils 4.9 或更高版本
  • 正确安装的 cgroupfs 层次结构

三、让我们开始吧

1.下载(官方安装包在这里
$ curl -LO https://download.docker.com/linux/static/stable/x86_64/docker-20.10.17.tgz
2.解压
$ tar -zxvf docker-20.10.17.tgz
3.移动二进制可执行文件至 /usr/bin 【官方推荐的 executable path, 一定要在这里,否则可能在 systemd 执行中有些问题】
$ sudo cp docker/* /usr/bin
4.编辑守护进程启动文件 /etc/systemd/system/docker.service
[Unit]
Description=Docker Application Container Engine
Documentation=https://docs.docker.com
After=network-online.target firewalld.service
Wants=network-online.target
  
[Service]
Type=notify
# the default is not to use systemd for cgroups because the delegate issues still
# exists and systemd currently does not support the cgroup feature set required
# for containers run by docker
ExecStart=/usr/bin/docker/dockerd -H tcp://0.0.0.0:2375 -H unix://var/run/docker.sock
ExecReload=/bin/kill -s HUP $MAINPID
# Having non-zero Limit*s causes performance problems due to accounting overhead
# in the kernel. We recommend using cgroups to do container-local accounting.
LimitNOFILE=infinity
LimitNPROC=infinity
LimitCORE=infinity
# Uncomment TasksMax if your systemd version supports it.
# Only systemd 226 and above support this version.
#TasksMax=infinity
TimeoutStartSec=0
# set delegate yes so that systemd does not reset the cgroups of docker containers
Delegate=yes
# kill only the docker process, not all processes in the cgroup
KillMode=process
# restart the docker process if it exits prematurely
Restart=on-failure
StartLimitBurst=3
StartLimitInterval=60s
  
[Install]
WantedBy=multi-user.target
5.重载守护进程文件
$ systemctl daemon-reload
6.加入开机自启
$ systemctl enable docker.service

Xray 教程

发表评论

什么是 Xray ?

简单粗暴来说,Xray 是用来魔法上网的。

它与大名鼎鼎的 V2ray 有什么区别呢?

介绍个故事。一个 Debian 包维护者发现 XTLS库 的 LICENSE 不是 BSD 许可,提了一个 issue 希望作者 @rprx 能修改方便打包,详见点击 这里。由这个 issue 引发了广泛讨论,rprx 认为目前许可不是问题,也有不少人认为协议是立场的体现,各执一词。

最终 V2ray (V2fly 社区) 维护者经过投票确认 XTLS 不符合 V2ray 的 MIT 协议,并在 V2ray-core 4.33.0版本移除了XTLS。rprx 和其拥护者行动起来,很快就创建了 Project X项目Xray子项目(Xray 取名来自 XTLS和 V2ray 的结合),并发布了 Xray-core 的多个版本,这便是 Xray 的大致由来。

为什么使用 Xray ?

Xray 项目创建以来,V2ray 没再发布新版本,反而 Xray 热火朝天,不断出新版和新功能。

Xray + XTLS 组合号称是黑科技,在性能不佳的小鸡身上,有着明显的速度提升。【我也是听说的,没测过】

喜欢折腾。

安装 Xray 服务

实验环境如下

操作系统CentOS 7.9
服务器位置Dallas, Texas, U.S
公网 IP192.227.193.111

通过 官方脚本 安装,首次安装,需要安装 Xray-core 和 geodata。打开 Xshell,使用 root 用户登陆服务器,执行以下命令。

# bash -c "$(curl -L https://github.com/XTLS/Xray-install/raw/main/install-release.sh)" @ install -u root

配置文件

官方脚本安装的配置文件(路径:/usr/local/etc/xray/config.json)内容为空,可参考 Xray-examples 中提供的模板编辑配置文件。例如使用 VLESS+TCP+XTLS 的配置文件为:

{
  "inbounds": [{
    "port": 443,
    "protocol": "vless",
    "settings": {
      "clients": [
        {
          "id": "28b01209-da52-48e1-ba69-23b6b156046e",
          "flow": "xtls-rprx-direct",
          "level": 0
        }
      ],
      "decryption": "none",
      "fallbacks": [
          {
              "alpn": "http/1.1",
              "dest": 80
          },
          {
              "alpn": "h2",
              "dest": 81
          }
      ]
    },
    "streamSettings": {
        "network": "tcp",
        "security": "xtls",
        "xtlsSettings": {
            "serverName": "xray.domain.com",
            "alpn": ["http/1.1", "h2"],
            "certificates": [
                {
                    "certificateFile": "/usr/local/etc/xray/xray.domain.com.pem",
                    "keyFile": "/usr/local/etc/xray/xray.domain.com.key"
                }
            ]
        }
    }
  }],
  "outbounds": [{
    "protocol": "freedom",
    "settings": {}
  },{
    "protocol": "blackhole",
    "settings": {},
    "tag": "blocked"
  }]
}

上述配置文件中,certificateFile 和 keyFile 涉及到 https 域名证书注册问题,点击 这里 参考教程。

守护进程脚本

vim /etc/systemd/system/xray.service

[Unit]
Description=Xray Service
Documentation=https://github.com/xtls
After=network.target nss-lookup.target

[Service]
User=root
#User=nobody
#CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE
#AmbientCapabilities=CAP_NET_ADMIN CAP_NET_BIND_SERVICE
NoNewPrivileges=true
ExecStart=/usr/local/bin/xray run -config /usr/local/etc/xray/config.json
Restart=on-failure
RestartPreventExitStatus=23

[Install]
WantedBy=multi-user.target

重载 Xray 服务并将其加入开机自启

systemctl daemon-reload && systemctl enable xray

启动 Xray 服务

systemctl start xray

客户端配置

服务端配置好后,接下来是配置客户端。目前有如下客户端支持Xray:

v2rayN – 适用于 Windows 平台

请从它的 GitHub 仓库 Release 页面open in new window 获取最新版

请根据该客户端的说明进行设置

v2rayNG – 适用于 Android 平台

请从它的 GitHub 仓库 Release 页面open in new window 获取最新版

请根据该客户端的说明进行设置

Shadowrocket – 适用于 iOS, 基于苹果 M 芯片的 macOS

你需要注册一个【非中国区】的 iCloud 账户

你需要通过 App Store 搜索并购买

请根据该客户端的说明进行设置

V2RayXS – 基于 V2RayX 开发的一款使用 xray-core 的 macOS 客户端

请从它的 GitHub 仓库 Release 页面open in new window 获取最新版

支持一键导入 VMessAEAD / VLESS 分享链接标准提案open in new window 为标准的分享链接

请根据该客户端的说明进行设置

Linux 编译安装 Nginx

发表评论

引言

在生产环境中,Nginx 通常以源码编译的方式来安装,一则生产环境网络要求苛刻,二则可以自选模块,比如在 复用 443 端口时候,需要用到 stream_ssl_module 模块。

本文以 CentOS 7 和 Debian 11 操作系统为例,文中第四部分是如何新增模块,重新编译已经安装好的 Nginx 服务。

安装

安装依赖包

以下适用于 CentOS 7 | RadHat 7

yum install -y libtool autoconf cmake curl vim \
gcc gcc-c++ \
openssl openssl-devel \
pcre pcre-devel \
zlib zlib-devel \
libxml2 libxml2-devel \
libxslt libxslt-devel \
gd gd-devel \
GeoIP GeoIP-devel GeoIP-data \
gperftools

以下适用于 Debian 11

apt-get install gcc build-essential manpages-dev \
libpcre3 libpcre3-dev libxslt-dev \
libgeoip-dev google-perftools \
libgoogle-perftools4 libgoogle-perftools-dev \
libtcmalloc-minimal4 libgdchart-gd2-noxpm \
libgdchart-gd2-noxpm-dev -y

下载 Nginx | openssl 包

curl -LO https://nginx.org/download/nginx-1.23.3.tar.gz
curl -LO https://ftp.openssl.org/source/old/1.1.1/openssl-1.1.1k.tar.gz

解压

tar -zxvf nginx-1.23.3.tar.gz -C /usr/local/src
tar -zxvf openssl-1.1.1k.tar.gz -C /usr/local/src

cd /usr/local/src/nginx-1.23.3

useradd www

生成侦测文件

./configure \
--prefix=/usr/local/nginx \
--user=www \
--group=www \
--with-poll_module \
--with-threads \
--with-file-aio \
--with-http_ssl_module \
--with-http_v2_module \
--with-http_realip_module \
--with-http_xslt_module \
--with-http_image_filter_module \
--with-http_geoip_module \
--with-http_sub_module \
--with-http_dav_module \
--with-http_flv_module \
--with-http_mp4_module \
--with-http_gunzip_module \
--with-http_gzip_static_module \
--with-http_auth_request_module \
--with-http_random_index_module \
--with-http_secure_link_module \
--with-http_degradation_module \
--with-http_slice_module \
--with-http_stub_status_module \
--with-mail --with-stream \
--with-stream_ssl_module \
--with-stream_ssl_preread_module \
--with-stream_realip_module \
--with-stream_geoip_module \
--with-stream_ssl_preread_module \
--with-google_perftools_module \
--with-pcre \
--with-openssl=/usr/local/src/openssl-1.1.1k \
--with-openssl-opt=enable-weak-ssl-ciphers

编译并安装

make && make install

守护进程脚本

vim /etc/systemd/system/nginx.service
[Unit]
Description=nginx - high performance web server
Documentation=http://nginx.org/en/docs/
After=network-online.target remote-fs.target nss-lookup.target
Wants=network-online.target

[Service]
Type=forking
PIDFile=/usr/local/nginx/logs/nginx.pid
ExecStart=/usr/local/nginx/sbin/nginx -c /usr/local/nginx/conf/nginx.conf
ExecReload=/bin/sh -c "/bin/kill -s HUP $(/bin/cat /usr/local/nginx/logs/nginx.pid)"
ExecStop=/bin/sh -c "/bin/kill -s TERM $(/bin/cat /usr/local/nginx/logs/nginx.pid)"

[Install]
WantedBy=multi-user.target
systemctl daemon-reload
systemctl start nginx.service

重新编译已存在的 nginx

下载 Nginx

解压

生成侦测文件

在这里添加你想要添加的模块,比如 –with-stream_ssl_module,根据需求来

编译这里千万不要 make install

make

备份并复制

# 备份原有的 nginx 可执行文件
mv /usr/local/nginx/sbin/nginx /usr/local/nginx/sbin/nginx.default.bak

# 复制全新编译的 nginx
cp /usr/local/src/nginx-1.20.2/objs/nginx /usr/local/nginx/sbin/nginx

重新启动 Nginx

systemctl restart nginx

搭建 v2ray 服務

发表评论

一、Environment

Operating System: CentOS 7
Server Location: San Jose

二、Let’s Start

1. 安裝和更新 V2Ray (安裝執行檔和 .dat 資料檔)

# bash <(curl -L https://raw.githubusercontent.com/v2fly/fhs-install-v2ray/master/install-release.sh)

1.1 安裝最新發行的 geoip.dat 和 geosite.dat (只更新 .dat 資料檔)(首次安裝,無需執行)

# bash <(curl -L https://raw.githubusercontent.com/v2fly/fhs-install-v2ray/master/install-dat-release.sh)

1.2 移除 V2Ray

# bash <(curl -L https://raw.githubusercontent.com/v2fly/fhs-install-v2ray/master/install-release.sh) --remove

2. 配置文件 /usr/local/etc/v2ray/config.json

{
    "log": {
        "access": "/var/log/v2ray/access.log",
        "error": "/var/log/v2ray/error.log",
        "loglevel": "warning"
    },
    
    "inbounds": [
    {
        "port": 33689,
        "listen": "127.0.0.1",
        "protocol": "vmess",
        "settings": {
            "clients": [
            {
                "id": "89e2d792-1d03-46ec-9210-23c52d9d4a2f",
                "alterId": 0
            }
            ]
        },
        
        "sniffing": {
            "enabled": true, 
            "destOverride": ["http", "tls"]
        },
        
        "streamSettings": {
            "network": "ws",
            "wsSettings": {
                "path": "/wYof60qQ"
            }
        }
    }
    ],

    "outbounds": [
    {
        "tag": "direct",
        "protocol": "freedom",
        "settings": {}
    },
    
    {
        "tag": "blocked",
        "protocol": "blackhole",
        "settings": {}
    }
    
    ],
    
    "routing": {
        "strategy": "rules",
        "settings": {
            "domainStrategy": "AsIs",
            "rules": [
            {
                "type": "field",
                "ip": ["geoip:private"],
                "outboundTag": "blocked"
            }
            ]
        }
    }
}

3. 守護進程脚本 /etc/systemd/system/v2ray.service

[Unit]
Description=V2Ray Service
Documentation=https://www.v2fly.org/
After=network.target nss-lookup.target

[Service]
User=nobody
CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE
AmbientCapabilities=CAP_NET_ADMIN CAP_NET_BIND_SERVICE
NoNewPrivileges=true
ExecStart=/usr/bin/env v2ray.vmess.aead.forced=false /usr/local/bin/v2ray -config /usr/local/etc/v2ray/config.json
Restart=on-failure
RestartPreventExitStatus=23

[Install]
WantedBy=multi-user.targe

4. 重載、啓動、添加開機自啓、查詢狀態

systemctl daemon-reload
systemctl start v2ray.service
systemctl enable v2ray.service
systemctl status v2ray.service

三、參考文章

  • https://github.com/v2fly/fhs-install-v2ray
  • https://github.com/v2fly/fhs-install-v2ray/wiki/Migrate-from-the-old-script-to-this
  • https://www.v2ray.com/