分类目录归档:Linux

搭建 Trojan-Go 服务

发表评论

一、简介

熟悉的筒子们可以直接跳过第一部分

Trojan-Go 使用 Go 实现的完整 Trojan 代理,与 Trojan 协议以及 Trojan 版本的配置文件格式兼容。安全,高效,轻巧,易用。

支持使用多路复用提升并发性能,使用路由模块实现国内直连。

支持 CDN 流量中转(基于 WebSocket over TLS/SSL)

支持使用 AEAD 对 Trojan 流量二次加密(基于Shadowsocks AEAD)。

支持可插拔的传输层插件,允许替换 TLS,使用其他加密隧道传输 Trojan 协议流量。

完整配置教程和配置介绍参见 Trojan-Go文档

Trojan-Go 官方发行包

下载 Trojan-Go 二进制包,以 CentOS 为例

二、安装环境

  • 服务器一台(本文以 CentOS 7 为例)
  • 域名一个(本文以 trojan-go.domain.com 为例)
  • 域名对应的 SSL 证书(如何获取 SSL 证书,请点击这里
  • Trojan-Go 官方发行包 (本文以 v0.10.6 为例)

三、开始吧

# 下载依赖包
yum install vim wget curl unzip -y

# 创建安装目录
mkdir -p /usr/local/trojan-go && cd /usr/local/trojan-go

# 下载二进制包
curl -LO https://github.com/p4gefau1t/trojan-go/releases/download/v0.10.6/trojan-go-linux-amd64.zip

# 解压安装包
unzip trojan-go-linux-amd64.zip

编辑 Trojan-go 服务端主配置文件
vim /usr/local/trojan-go/config.json

{
    "run_type": "server",
    "local_addr": "::",
    "local_port": 443,
    "remote_addr": "127.0.0.1",
    "remote_port": 80,
    "password": [
        "rfha9342@#30ds",
        "-adA5^s23ej",
        "sc8)-1e%ER.PscU"
    ],
    "ssl": {
        "cert": "/root/.acme.sh/trojan-go.domain.com/fullchain.cer",
        "key": "/root/.acme.sh/trojan-go.domain.com/trojan-go.domain.com.key",
        "sni": "trojan-go.domain.com",
        "alpn": [
            "http/1.1"
        ],
        "session_ticket": true,
        "reuse_session": true,
        "fallback_addr": "127.0.0.1",
        "fallback_port": 80
    },
    "tcp": {
        "no_delay": true,
        "keep_alive": true,
        "prefer_ipv4": false
    },
    "mux": {
        "enabled": false,
        "concurrency": 8,
        "idle_timeout": 60
    },
    "websocket": {
        "enabled": true,
        "path": "/dHs7P",
        "host": "trojan-go.domain.com"
    },
    "mysql": {
        "enabled": false,
        "server_addr": "localhost",
        "server_port": 3306,
        "database": "",
        "username": "",
        "password": "",
        "check_rate": 60
    }
}

守护进程脚本 /etc/systemd/system/trojan-go.service

[Unit]
Description=Trojan-Go - An unidentifiable mechanism that helps you bypass GFW
Documentation=https://p4gefau1t.github.io/trojan-go/
After=network.target nss-lookup.target

[Service]
CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE
AmbientCapabilities=CAP_NET_ADMIN CAP_NET_BIND_SERVICE
NoNewPrivileges=true
ExecStart=/usr/local/trojan-go/trojan-go -config /usr/local/trojan-go/config.json
Restart=on-failure
RestartSec=10s
LimitNOFILE=infinity

[Install]
WantedBy=multi-user.target

重载脚本,并将脚本添加至开机启动

systemctl daemon-reload
systemctl start trojan-go.service
systemctl enable trojan-go.service
systemctl status trojan-go.service

CentOS 安装 python3

发表评论

CentOS 安装 python3 是一篇基础环境架设的日志记录

一、安装记录

# 安装依赖包
sudo yum install gcc gcc-c++ cmake pcre pcre-devel \
autoconf libtool zlib zlib-devel bzip2 bzip2-devel \
ncurses ncurses-devel readline readline-devel \
openssl openssl-devel xz lzma xz-devel \
sqlite sqlite-devel tk tk-devel \
libffi libffi-devel openssl-static -y

# 1.从官网下载Python 3.10.5 - 06-Jun-2022 12:08 [stable version]
sudo curl -LO https://www.python.org/ftp/python/3.10.5/Python-3.10.5.tgz

# 2.解压至/usr/local
sudo tar -xvf Python-3.10.5.tgz -C /usr/local

# 3.生成Makefile
cd /usr/local/Python-3.10.5
sudo ./configure

# 4.编译解压
sudo make -j 8 && sudo make install

# 5.验证 python3 和 pip 安装成功
python3 --version
pip3 --version

二、特别说明

  • 在安装 python3 的时候,已经将 pip 功能安装好了
  • pip install 的时候,如果在中国,建议指定中国清华大学源,e.g
pip install example -i https://pypi.tuna.tsinghua.edu.cn/simple

CentOS新装系统的后续工作

发表评论

对于新装 CentOS 系统,我个人会通常做以下工作

1.换源

我一般换 中国科学技术大学镜像源 ,因为阿里源、华为源都放过我鸽子XDDD

2.基础环境

sudo yum install gcc gcc-c++ pcre openssh openssh-devel openssl openssl-devel libtools cmake autoconf tcl ntpdate -y

# 升级内核和所有软体
sudo yum update -y

3.同步时间服务器(server time.ustc.edu.cn)

[root@basic-platform ~]# cat /etc/ntp.conf | grep -v "^#" | grep -v "^$"
driftfile /var/lib/ntp/drift
restrict default nomodify notrap nopeer noquery
restrict 127.0.0.1
restrict ::1
server time.ustc.edu.cn
includefile /etc/ntp/crypto/pw
keys /etc/ntp/keys
disable monitor

[root@basic-platform ~]# systemctl start ntpdate.service

CentOS安裝squid服務并配置http和yum代理

发表评论

安裝squid服務

找一台可以訪問外網的服務器

# 安裝squid
yum install squid -y

修改配置文件 /etc/squid/squid.conf (重點是 http_access

[root@linux-host1 local]#  cat /etc/squid/squid.conf | grep -v "^$" | grep -v "^#"
acl localnet src 10.0.0.0/8     # RFC1918 possible internal network
acl localnet src 172.16.0.0/12  # RFC1918 possible internal network
acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
acl localnet src fc00::/7       # RFC 4193 local private network range
acl localnet src fe80::/10      # RFC 4291 link-local (directly plugged) machines
acl SSL_ports port 443
acl Safe_ports port 80          # http
acl Safe_ports port 21          # ftp
acl Safe_ports port 443         # https
acl Safe_ports port 70          # gopher
acl Safe_ports port 210         # wais
acl Safe_ports port 1025-65535  # unregistered ports
acl Safe_ports port 280         # http-mgmt
acl Safe_ports port 488         # gss-http
acl Safe_ports port 591         # filemaker
acl Safe_ports port 777         # multiling http
acl CONNECT method CONNECT
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost manager
http_access deny manager
http_access allow localnet
http_access allow localhost
http_access allow all
http_port 3128
coredump_dir /var/spool/squid
refresh_pattern ^ftp:           1440    20%     10080
refresh_pattern ^gopher:        1440    0%      1440
refresh_pattern -i (/cgi-bin/|\?) 0     0%      0
refresh_pattern .               0       20%     4320

# 啓動squid服務
systemctl start squid

# 加入開機自啓
systemctl enable squid

yum代理配置

# 在/etc/yum.conf配置文件[main]節點下追增以下配置

# squid代理服務
proxy=http://172.50.1.119:3128 

# 服務器賬號
proxy_name=root 

# 服務器密碼
proxy_password=2am#ue9P&.aqb*14

http代理配置

# 創建配置文件
touch /etc/profile.d/proxy.sh

# 在 /etc/profile.d/proxy.sh 添加以下配置
# 格式: export http_proxy="http://user_name:password@IP:PORT" username是squid服務器的賬號密碼,這裏沒有給squid服務配置賬號密碼認證
export http_proxy="http://root:2am#ue9P&.aqb*14@172.50.1.119:3128" 
export https_proxy="http://root:2am#ue9P&.aqb*14@172.50.1.119:3128"

# 刷新配置生效
source /etc/profile.d/proxy.sh

CentOS部署samba服務

发表评论

服務端

# yum 安裝
[root@localhost ~]# yum install samba samba-client samba-swat -y

# 配置文件
[root@localhost ~]# cat /etc/samba/smb.conf

###########################################
[global]
        workgroup = MYGROUP
        server string = Samba Server Version %v
        hosts allow = 10.0.8.0/24 
        log file = /var/log/samba/log.%m
        max log size = 50
        security = share
        passdb backend = tdbsam
        load printers = yes
        cups options = raw

[share]
comment = share
path = /project/tools
browseable = yes
guest ok = yes
writable = yes


[homes]
        comment = Home Directories
        browseable = no
        writable = yes

[printers]
        comment = All Printers
        path = /var/spool/samba
        browseable = no
        guest ok = no
        writable = no
        printable = yes
###########################################

訪問

[root@localhost ~]# yum install cifs-utils -y

# 挂載
[root@localhost ~]# mkdir -p /samba_share
[root@localhost ~]# mount -t cifs //xxx.xxx.xxx.xx/share /samba_share

CentOS7根目录磁盘扩容(/dev/mapper/centos-root 空间不足)

发表评论

0.查看根分区大小

[root@master ~]# df -h
Filesystem                      Size  Used Avail Use% Mounted on
devtmpfs                         63G     0   63G   0% /dev
tmpfs                            63G     0   63G   0% /dev/shm
tmpfs                            63G  1.3G   62G   2% /run
tmpfs                            63G     0   63G   0% /sys/fs/cgroup
/dev/mapper/cl_geekthings-root   50G   38G   13G  76% /
/dev/sda1                      1014M  311M  704M  31% /boot
/dev/mapper/cl_geekthings-home  918G   12G  906G   2% /home
tmpfs                            13G   12K   13G   1% /run/user/42
tmpfs                            13G     0   13G   0% /run/user/0
overlay                          50G   38G   13G  76% /var/lib/docker/overlay2/70dffe831895bb55d79b4a8f483364a4f736637ccb2f6694f1cf82ba7ff1743d/merged

1.查看磁盘编号

[root@master ~]# ls /dev/sd*
/dev/sda  /dev/sda1  /dev/sda2

2.这里在vMware vCenter中新增一块硬盘(编辑->新增设备) 再次查看磁盘

[root@master ~]# ls /dev/sd*
/dev/sda  /dev/sda1  /dev/sda2  /dev/sdb

3.对新增硬盘进行分区, 这里新增的磁盘名称叫 /dev/sdb

[root@localhost ~]# fdisk /dev/sdb

# 输入 m, 得到帮助,可以按照提示操作进行分区了
# 因为这块硬盘只有 100G,所以我只打算分一个区,这里是需要输入 n,然后接下来都按 Enter 键,默认即可,最后输入 w 保存退出
[root@localhost ~]# fdisk /dev/sdb
Welcome to fdisk (util-linux 2.23.2).

Changes will remain in memory only, until you decide to write them.
Be careful before using the write command.

Command (m for help): m
Command action
   a   toggle a bootable flag
   b   edit bsd disklabel
   c   toggle the dos compatibility flag
   d   delete a partition
   g   create a new empty GPT partition table
   G   create an IRIX (SGI) partition table
   l   list known partition types
   m   print this menu
   n   add a new partition
   o   create a new empty DOS partition table
   p   print the partition table
   q   quit without saving changes
   s   create a new empty Sun disklabel
   t   change a partition's system id
   u   change display/entry units
   v   verify the partition table
   w   write table to disk and exit
   x   extra functionality (experts only)

4.将分区后的磁盘格式化成xfs类型

[root@localhost ~]# mkfs.xfs /dev/sdb1

5.创建pv

[root@master ~]# pvcreate /dev/sdb1
  Physical volume "/dev/sdb1" successfully created.

6.查看vg组

[root@master ~]# vgs
  VG            #PV #LV #SN Attr   VSize    VFree
  cl_geekthings   1   3   0 wz--n- <999.00g 4.00m

7.扩展vg

[root@master ~]# vgextend cl_geekthings /dev/sdb1
  Volume group "cl_geekthings" successfully extended

[root@master ~]# vgs
  VG            #PV #LV #SN Attr   VSize VFree  
  cl_geekthings   2   3   0 wz--n- 1.17t 200.00g

8.扩展lv

[root@master ~]# lvextend -L +200G /dev/mapper/cl_geekthings-root
  Size of logical volume cl_geekthings/root changed from 50.00 GiB (12800 extents) to 250.00 GiB (64000 extents).
  Logical volume cl_geekthings/root successfully resized.

9.系统重新读取大小

[root@master ~]# xfs_growfs /dev/mapper/cl_geekthings-root
meta-data=/dev/mapper/cl_geekthings-root isize=512    agcount=4, agsize=3276800 blks
         =                       sectsz=512   attr=2, projid32bit=1
         =                       crc=1        finobt=0 spinodes=0
data     =                       bsize=4096   blocks=13107200, imaxpct=25
         =                       sunit=0      swidth=0 blks
naming   =version 2              bsize=4096   ascii-ci=0 ftype=1
log      =internal               bsize=4096   blocks=6400, version=2
         =                       sectsz=512   sunit=0 blks, lazy-count=1
realtime =none                   extsz=4096   blocks=0, rtextents=0
data blocks changed from 13107200 to 65536000

10.查看扩容是否成功

[root@master ~]# df -h
Filesystem                      Size  Used Avail Use% Mounted on
devtmpfs                         63G     0   63G   0% /dev
tmpfs                            63G     0   63G   0% /dev/shm
tmpfs                            63G  1.3G   62G   2% /run
tmpfs                            63G     0   63G   0% /sys/fs/cgroup
/dev/mapper/cl_geekthings-root  250G   38G  213G  16% /
/dev/sda1                      1014M  311M  704M  31% /boot
/dev/mapper/cl_geekthings-home  918G   12G  906G   2% /home
tmpfs                            13G   12K   13G   1% /run/user/42
tmpfs                            13G     0   13G   0% /run/user/0
overlay                         250G   38G  213G  16% /var/lib/docker/overlay2/70dffe831895bb55d79b4a8f483364a4f736637ccb2f6694f1cf82ba7ff1743d/merged
[root@master ~]# lsblk
NAME                   MAJ:MIN RM   SIZE RO TYPE MOUNTPOINT
sda                      8:0    0  1000G  0 disk 
├─sda1                   8:1    0     1G  0 part /boot
└─sda2                   8:2    0   999G  0 part 
  ├─cl_geekthings-root 253:0    0   250G  0 lvm  /
  ├─cl_geekthings-swap 253:1    0  31.5G  0 lvm  
  └─cl_geekthings-home 253:2    0 917.5G  0 lvm  /home
sdb                      8:16   0   200G  0 disk 
└─cl_geekthings-root   253:0    0   250G  0 lvm  /
sr0                     11:0    1   4.1G  0 rom

CentOS記錄所有用戶登陸操作詳細日志

发表评论

setp1 : 在 /etc/profile 末尾追增以下代碼

############################ 用戶登陸操作歷史脚本 ############################

USER_IP=`who -u am i 2>/dev/null| awk '{print $NF}'|sed -e 's/[()]//g'`
HISTDIR=/tmp/log/history
DT=`date +%Y-%m-%d`

if [ -z $USER_IP ]; then
    USER_IP=`hostname`
fi

pdf="."
if [[ ! $USER_IP == *${pdf}* ]]; then
    USER_IP=`hostname`
fi

if [ ! -d $HISTDIR ]; then
    mkdir -p $HISTDIR
    chmod 300 $HISTDIR
fi

if [ ! -d $HISTDIR/${DT} ]; then
    mkdir -p $HISTDIR/${DT}
    chmod 300 $HISTDIR/${DT}
fi

export HISTFILESIZE=10000 # 定義文件中最多的只有HISTFILESIZE行
export HISTSIZE=10000 # 定義history命令輸出的記錄數
DT2=`date +%Y-%m-%d_%H:%M:%S`
export HISTFILE="$HISTDIR/${DT}/${LOGNAME}@${USER_IP}_$DT2"
export HISTTIMEFORMAT="%Y-%m-%-d_%H:%M:%S # "
chmod 600 $HISTDIR/${DT}/*_* 2>/dev/null

##############################################################################

step2: 刷新生效

[root@localhost ~]# source /etc/profile

CentOS两种方式安装7z命令

发表评论

一、安装(以CentOS为例)

1.yum安装(能访问互联网的,用此方式)

建议更换国内源 :中国科学技术大学镜像源

  • 安装epel源 
    [root@linux-host1 opt]# sudo yum install epel-release -y
  • yum安装 
    [root@linux-host1 opt]# sudo yum install p7zip -y
2.二进制安装

7z 最新版本链接
7z 官网

  • 下载到/usr/local 
    [root@linux-host1 ~]# cd /usr/local && wget https://nchc.dl.sourceforge.net/project/p7zip/p7zip/16.02/p7zip_16.02_src_all.tar.bz2
  • 解压 
    [root@linux-host1 local]# sudo tar xjvf p7zip_16.02_src_all.tar.bz2
  • 安装 
    [root@linux-host1 local]# cd p7zip_16.02 && sh install.sh

二、命令

[root@linux-host1 opt]# 7za x frontend_7_06_JsTest_0303.7z  -r -o./
# 参数含义:
# x  代表解压缩文件,并且是按原始目录树解压(还有个参数 e 也是解压缩文件,但其会将所有文件都解压到根下,而不是自己原有的文件夹下)
# frontend_7_06_JsTest_0303.7z是压缩文件,这里我用phpadmin做测试。这里默认使用当前目录下的phpMyAdmin-3.3.8.1-all-languages.7z
# -r 表示递归解压缩所有的子文件夹
# -o 是指定解压到的目录,-o后是没有空格的,直接接目录。

[root@linux-host1 opt]# 7za a -t7z -r frontend_7_06_JsTest_0303.7z /opt/frontend_7_06_JsTest_0303/*
# 参数含义:
# a  代表添加文件/文件夹到压缩包
# -t 是指定压缩类型,这里定为7z,可不指定,因为7za默认压缩类型就是7z
# -r 表示递归所有的子文件夹
# frontend_7_06_JsTest_0303.7z 是压缩好后的压缩包名
# /opt/frontend_7_06_JsTest_0303/*   :是压缩目标。
# 7za不仅仅支持.7z压缩格式,还支持.tar.bz2等压缩类型的。如上所述,用-t指定即可。