所需工具
- 1.SmsForwarder-短信转发器
- 2.sock代理
- 3.Squid
一、下载短信转发器进行推送通道设置
1.所需主要参数
名称:微信转发
企业id:*****
AgentID:1000002
secret:*****
指定成员:admin二、Socks5搭建
1.一键搭建脚本
wget --no-check-certificate https://raw.github.com/Lozy/danted/master/install.sh -O install.sh
bash install.sh2.添加用户名和密码
/etc/init.d/sockd adduser 用户名 密码3.更改端口
修改/etc/danted/sockd.conf配置文件4.重启服务
service sockd restart5.使用QQ客服端测试通断
6.卸载命令
bash install.sh --uninstall三、命令大全
| command | option | description |
|---|---|---|
| service sockd start | /etc/init.d/sockd start | start socks5 server daemon |
| service sockd stop | /etc/init.d/sockd stop | stop socks5 server daemon |
| service sockd restart | /etc/init.d/sockd restart | restart socks5 server daemon |
| service sockd reload | /etc/init.d/sockd reload | reload socks5 server daemon |
| service sockd status | systemd process status | |
| service sockd state | /etc/init.d/sockd state | running state |
| service sockd tail | /etc/init.d/sockd tail | sock log tail |
| service sockd adduser | /etc/init.d/sockd adduser | add pam-auth user: service sockd adduser NAME PASSWORD |
| service sockd deluser | /etc/init.d/sockd deluser | delete pam-auth user: service sockd deluser NAME |
四、补充http代理搭建
一、Docker搭建Squid
- 安装 Docker
systemctl stop firewalld #禁用防火墙Centos
yum install -y yum-utils
yum-config-manager \
--add-repo \
https://download.docker.com/linux/centos/docker-ce.repo
yum install docker-ce docker-ce-cli containerd.io -y
systemctl start docker
systemctl enable docker
Debian / Ubuntu
sudo apt-get update
sudo apt-get install \
apt-transport-https \
ca-certificates \
curl \
gnupg-agent \
software-properties-common -y
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
sudo add-apt-repository \
"deb [arch=amd64] https://download.docker.com/linux/ubuntu \
$(lsb_release -cs) \
stable"
sudo apt-get install docker-ce docker-ce-cli containerd.io -y
systemctl start docker
systemctl enable docker- 安装Docker-compose
curl -fsSL https://get.docker.com | bash -s docker
curl -L "https://github.com/docker/compose/releases/download/1.26.1/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
chmod +x /usr/local/bin/docker-compose二、启动HTTP代理服务器
在服务器上创建docker-compose.yml,内容如下:
version: '3.4'
services:
squid:
image: b4tman/squid
container_name: squid
ports:
- "6666:3128" # 注意此处端口6666
volumes:
- ./cache:/var/spool/squid
- ./squid.conf:/etc/squid/squid.conf
然后建立squid.conf文件:
http_access allow all
http_port 3128
启动squid:
docker-compose up -d
- 如果报错 执行以下命令重启docker service docker restart
在本机测试(假设服务器域名为cent.net):
curl -x 127.0.0.1:6666 www.baidu.com
三、添加HTTPS支持
首先需要准备证书,有三种方式:
- 自己签名
- 找机构购买(如阿里云腾讯云)
- 使用acme.sh免费生成
我用的第三种,操作官网上写着,这里不多说了。
生成出来的证书文件有两个,分别是:
- 公钥文件
cent.net.crt - 私钥文件
cent.net.key
但squid只认pem标准格式,所以我们做一个pem证书出来:
cat cent.net.crt cent.net.key > cent.net.pem
然后修改docker-compose.yaml,将证书映射进容器,同时将HTTPS端口暴露出来:
version: '3.4'
services:
squid:
image: b4tman/squid
container_name: squid
ports:
- "6666:3128"
- "3333:3127" # 将宿主机的3333映射到容器内部的HTTPS端口3127
volumes:
- ./cache:/var/spool/squid
- ./squid.conf:/etc/squid/squid.conf
- /home/work/.certs:/certs:ro # 将证书存放目录~/.certs映射到容器中的/certs目录
修改squid.conf:
http_access allow all
http_port 3128
https_port 3127 \ # HTTPS端口
cert=/certs/cent.net.crt \ # 公钥,注意要填写容器内部路径,而非宿主机路径
key=/certs/cent.net.pem # 私钥
重启容器:
docker-compose down
docker-compose up -d测试:
curl -x *******:3333 -I https://www.google.com四、添加Basic认证
首先生成一个账号密码文件(假设cooolin是用户名,c000lin是密码):
docker run --rm xmartlabs/htpasswd cooolin c000lin > htpasswd
修改docker-compose.yml,将密码文件映射到容器中:
version: '3.4'
services:
squid:
image: b4tman/squid
container_name: squid
ports:
- "3332:3128"
- "3333:3127"
volumes:
- ./cache:/var/spool/squid
- ./squid.conf:/etc/squid/squid.conf
- /home/work/apps/trojan/certs:/certs:ro
- ./htpasswd:/etc/squid/passwords # 将密码文件映射到容器内部
修改squid.conf:
auth_param basic program /usr/lib/squid/basic_ncsa_auth /etc/squid/passwords # 映射进来的密码文件
auth_param basic realm proxy
acl authenticated proxy_auth REQUIRED
http_access allow authenticated
# http_access allow all # 这句要删除,改为上面那句,即认证后方可访问
http_port 3128
https_port 3127 cert=/certs/cent.net.crt key=/certs/cent.net.pem
重启容器
docker-compose down
docker-compose up -d
测试
curl -x *******:3333 -I https://www.google.com
会收到407 Proxy Authentication Require响应:
HTTP/1.1 407 Proxy Authentication Required
Server: squid/4.12
Content-Type: text/html;charset=utf-8
Content-Length: 3524
X-Squid-Error: ERR_CACHE_ACCESS_DENIED 0
Proxy-Authenticate: Basic realm="proxy"
Connection: keep-alive
...
此时我们添加认证信息再访问:
curl -x https://cooolin:c000lin@****.com:3333 -I https://www.google.com
得到200响应,认证完成。
五、乌班图搭建
一、安装squid
apt install squid
二、修改配置 文件
vim /etc/squid/squid.conf
http_access deny all 改为
http_access allow all六、CentOS7搭建Squid
CentOS7搭建Squid
一、安装软件
yum install openssl
yum install squid -y
yum install httpd-tools -y二、生成密码文件
mkdir /etc/squid3/
htpasswd -cd /etc/squid3/passwords xiyi #为用户xiyi创建密码
#提示输入密码,比如输入123456三、测试密码文件
/usr/lib64/squid/basic_ncsa_auth /etc/squid3/passwords
#输入用户名 密码
xiyi 123456
#提示ok说明成功
ok
#ctrl+c退出四、配置squid.conf文件
vi /etc/squid/squid.conf
#添加验证账号密码
auth_param basic program /usr/lib64/squid/basic_ncsa_auth /etc/squid3/passwords
auth_param basic realm proxy
acl authenticated proxy_auth REQUIRED
http_access allow authenticated
# And finally deny all other access to this proxy
http_access allow all
#这里是端口号,可以按需修改
#http_port 3128 这样写会同时监听ipv6和ipv4的端口,推荐适应下面的配置方法。
http_port 0.0.0.0:3128将 http_access deny CONNECT !SSL_ports改为http_access allow CONNECT !SSL_ports
squid的日志位于/var/log/squid/目录下。
启动,停止,重启等
#启动start
systemctl start squid.service
#停止stop
systemctl stop squid.service
#重启stop
systemctl restart squid.service
#配置开机自启动
systemctl enable squid.service
#关闭开机自启动
systemctl disable squid.service
#查看运行状态
systemctl status squid.service