系统环境
系统:Rocky Linux 9.3
背景
在一些软件的安装过程中,存在部分安装包和依赖在国外,又由于长城防火墙的拦截,导致下载非常缓慢,经常出现由于网络的原因导致安装失败的情况。为此可以借助一些科学上网的工具,使得服务器可以突破网络限制,实现流畅的访问外网,让服务器软件安装过程更加顺利。
我这里是通过安装 Shadowsocks,并设置可访问外网的服务器配置(需提前购买外网云服务,即:梯子,注册链接: https://azabudai.org/auth/register?code=tGfK 邀请码:tGfK ),再安装Privoxy,设置系统代理实现外网访问。
安装 PIP
更新系统软件包
dnf update -y
安装python
dnf install python39 -y
查看python安装版本
python3.9 --version
安装pip
dnf install python3.9-pip
查看pip3版本
pip3 --version
更新pip3安装版本
pip3 install --upgrade pip
查看pip3版本
pip3 --version
查看pip3帮助信息
pip3 --help安装和配置 Shadowsocks
使用 pip3 安装 Shadowsocks
sudo pip3 install -y shadowsocks配置 shadowsocks
新建配置文件夹和文件
sudo mkdir /etc/shadowsocks sudo vim /etc/shadowsocks/shadowsocks.json
配置内容如下:
{ "server": "替换成自己的服务器ip或域名", "local_address": "127.0.0.1", "local_port": 1080, "timeout": 300, "workers": 1, "server_port": 31558, "password": "替换成自己的服务器密码", "method": "rc4-md5", "plugin": "" }配置解析
server:Shadowsocks 服务器地址 server_port:Shadowsocks 服务器端口 local_address:本地 Sock5 代理地址 local_port:本地 Sock5 代理端口 password:Shadowsocks 连接密码 timeout:超时等待时间(秒) method:加密方式 workers:工作线程数
启动脚本
创建启动脚本 /etc/systemd/system/shadowsocks.service
这里请确认你的 sslocal 的所在位置,自行修改脚本文件中的 /usr/local/bin/sslocal,位置不对启动服务时会报 203 错误
确认 sslocal 所在路径
[root@localhost ~]# ls /usr/local/bin/sslocal /usr/local/bin/sslocal
创建Shadowsocks启动脚本
sudo vim /etc/systemd/system/shadowsocks.service
内容如下:
[Unit] Description=Shadowsocks [Service] TimeoutStartSec=0 ExecStart=/usr/local/bin/sslocal -c /etc/shadowsocks/shadowsocks.json [Install] WantedBy=multi-user.target
启动脚本授权
chmod 755 /usr/local/bin/sslocal
shadowsocks 启动命令
开机自启动
sudo systemctl enable shadowsocks.service
启动服务
sudo systemctl start shadowsocks.service
查看状态
sudo systemctl status shadowsocks.service
停止服务
sudo systemctl stop shadowsocks.service启动 shadowsocks 发现错误
执行 sudo systemctl status shadowsocks.service 出现报错:
× shadowsocks.service - Shadowsocks
Loaded: loaded (/etc/systemd/system/shadowsocks.service; enabled; preset: disabled)
Active: failed (Result: exit-code) since Wed 2025-01-08 09:58:27 CST; 5s ago
Duration: 70ms
Process: 4756 ExecStart=/usr/local/bin/sslocal -c /etc/shadowsocks/shadowsocks.json (code=exited, status=1/FAILURE)
Main PID: 4756 (code=exited, status=1/FAILURE)
CPU: 66ms
Jan 08 09:58:27 localhost.localdomain sslocal[4756]: load_openssl()
Jan 08 09:58:27 localhost.localdomain sslocal[4756]: File "/usr/local/lib/python3.9/site-packages/shadowsocks/crypto/openssl.py", line 52, in load_openssl
Jan 08 09:58:27 localhost.localdomain sslocal[4756]: libcrypto.EVP_CIPHER_CTX_cleanup.argtypes = (c_void_p,)
Jan 08 09:58:27 localhost.localdomain sslocal[4756]: File "/usr/lib64/python3.9/ctypes/__init__.py", line 387, in __getattr__
Jan 08 09:58:27 localhost.localdomain sslocal[4756]: func = self.__getitem__(name)
Jan 08 09:58:27 localhost.localdomain sslocal[4756]: File "/usr/lib64/python3.9/ctypes/__init__.py", line 392, in __getitem__
Jan 08 09:58:27 localhost.localdomain sslocal[4756]: func = self._FuncPtr((name_or_ordinal, self))
Jan 08 09:58:27 localhost.localdomain sslocal[4756]: AttributeError: /lib64/libcrypto.so.3: undefined symbol: EVP_CIPHER_CTX_cleanup
Jan 08 09:58:27 localhost.localdomain systemd[1]: shadowsocks.service: Main process exited, code=exited, status=1/FAILURE
Jan 08 09:58:27 localhost.localdomain systemd[1]: shadowsocks.service: Failed with result 'exit-code'.
[root@localhost ~]# vim /usr/local/lib/python3.9/site-packages/shadowsocks/crypto/openssl.py解决方式: 把所有的
EVP_CIPHER_CTX_cleanup都改成EVP_CIPHER_CTX_reset就行。替换文本内容 sudo sed -i 's/EVP_CIPHER_CTX_cleanup/EVP_CIPHER_CTX_reset/g' /usr/local/lib/python3.9/site-packages/shadowsocks/crypto/openssl.py 重启 shadowsockts sudo systemctl restart shadowsocks.service参考:https://www.yangyang.cloud/blog/2020/09/23/solved-shadowsocks-undefined-symbol/
修改完之后,发现依然报错:
报错内容:
INFO: loading config from /etc/shadowsocks/shadowsocks.json 2025-01-08 10:18:44 INFO loading libcrypto from libcrypto.so.3 Traceback (most recent call last): File "/usr/local/bin/sslocal", line 8, in <module> sys.exit(main()) File "/usr/local/lib/python3.9/site-packages/shadowsocks/local.py", line 39, in main config = shell.get_config(True) File "/usr/local/lib/python3.9/site-packages/shadowsocks/shell.py", line 262, in get_config check_config(config, is_local) File "/usr/local/lib/python3.9/site-packages/shadowsocks/shell.py", line 124, in check_config encrypt.try_cipher(config['password'], config['method']) File "/usr/local/lib/python3.9/site-packages/shadowsocks/encrypt.py", line 44, in try_cipher Encryptor(key, method) File "/usr/local/lib/python3.9/site-packages/shadowsocks/encrypt.py", line 82, in __init__ self.cipher = self.get_cipher(key, method, 1, File "/usr/local/lib/python3.9/site-packages/shadowsocks/encrypt.py", line 109, in get_cipher return m[2](method, key, iv, op) File "/usr/local/lib/python3.9/site-packages/shadowsocks/crypto/rc4_md5.py", line 33, in create_cipher return openssl.OpenSSLCrypto(b'rc4', rc4_key, b'', op) File "/usr/local/lib/python3.9/site-packages/shadowsocks/crypto/openssl.py", line 92, in __init__ raise Exception('can not initialize cipher context') Exception: can not initialize cipher context Segmentation fault (core dumped)
解决方式:开启 RC4-MD5 支持
编辑 openssl.cnf
vi /etc/ssl/openssl.cnf在 provider_sect 下添加 legacy = legacy_sect
[provider_sect] legacy = legacy_sect然后,将
[default_sect] activate = 1替换为
[default_sect] activate = 1 [legacy_sect] activate = 1重新启动程序测试
[root@localhost ~]# /usr/local/bin/sslocal -c /etc/shadowsocks/shadowsocks.json INFO: loading config from /etc/shadowsocks/shadowsocks.json 2025-01-08 10:26:30 INFO loading libcrypto from libcrypto.so.3 2025-01-08 10:26:30 INFO starting local at 127.0.0.1:1080启动 shadowsockts
重启 shadowsockts sudo systemctl restart shadowsocks.service
安装和配置 Privoxy
安装 Privoxy
dnf install -y privoxy修改 privoxy 配置
修改配置
vim /etc/privoxy/config
搜索 forward-socks5t,将 forward-socks5t / 127.0.0.1:9050 . 取消注释并修改为
forward-socks5t / 127.0.0.1:1080 . # 注意最后有个点
然后取消以下几行代码注释,本地网络不翻墙
forward 192.168.*.*/ .
forward 10.*.*.*/ .
forward 127.*.*.*/ .
forward localhost/ .启动 privoxy
设置开机自启
systemctl enable privoxy
启动privoxy(这一步需要在读取配置文件之前执行))
systemctl start privoxy
查看privoxy状态
systemctl status privoxy
停止
systemctl stop privoxyprivoxy 读取配置
privoxy /etc/privoxy/config配置系统环境变量
修改 /etc/profile
vim /etc/profile
添加如下内容:
export http_proxy=http://127.0.0.1:8118
export https_proxy=http://127.0.0.1:8118
export all_proxy=http://127.0.0.1:8118使配置生效
source /etc/profile测试网络代理
测试wget下载谷歌首页
wget www.google.com
测试 curl
curl https://www.google.com停止网络代理
不需要使用代理时停止网络代理,节约流量。
注释掉网络代理设置,并使环境变量生效
vim /etc/profile
注释掉网络代理环境变量
export http_proxy=http://127.0.0.1:8118
export https_proxy=http://127.0.0.1:8118
export all_proxy=http://127.0.0.1:8118
使配置生效
source /etc/profile
unset http_proxy
unset https_proxy
unset all_proxy参考
- https://ry.huaji.store/2020/08/Linux-magic-network/
- https://andblog.cn/2587
- https://witee.github.io/2019/02/19/centos7%E4%BD%BF%E7%94%A8privoxy%E9%85%8D%E5%90%88shadowsocks%E7%BF%BB%E5%A2%99/
转载请注明来源,欢迎对文章中的引用来源进行考证,欢迎指出任何有错误或不够清晰的表达。可以在下面评论区评论,也可以邮件至 george_95@126.com