Created
August 23, 2018 07:30
-
-
Save edxi/819e0fb075a1a666d16cd18f3328166d to your computer and use it in GitHub Desktop.
cloudformation template to create shadowsocks ec2 instance
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "AWSTemplateFormatVersion" : "2010-09-09", | |
| "Description" : "AWS CloudFormation Template ShadowSocks_Single_Instance: Create a ShadowSocks server using a single EC2 instance.", | |
| "Parameters" : { | |
| "KeyName": { | |
| "Description" : "Name of an existing EC2 KeyPair to enable SSH access to the instance", | |
| "Type": "AWS::EC2::KeyPair::KeyName", | |
| "ConstraintDescription" : "must be the name of an existing EC2 KeyPair." | |
| }, | |
| "ShadowSocksPassword" : { | |
| "Description" : "Password for ShadowSocks. Must be at least 8 printable characters except double quoutes and backslash.", | |
| "Type" : "String", | |
| "NoEcho": "true", | |
| "MinLength" : "8", | |
| "MaxLength" : "50", | |
| "ConstraintDescription" : "must be at least 8 printable characters except double quoutes and backslash.", | |
| "AllowedPattern" : "^(?=.*\\p{Print})(?!.*[\\x5C\\x22]).{8,50}$" | |
| }, | |
| "ShadowSocksServerPort": { | |
| "Description" : "ShadowSocks Server TCP Port", | |
| "Type": "Number", | |
| "Default" : "8388", | |
| "MinValue": "1150", | |
| "MaxValue": "65535" | |
| }, | |
| "InstanceType" : { | |
| "Description" : "WebServer EC2 instance type", | |
| "Type" : "String", | |
| "Default" : "t2.micro", | |
| "AllowedValues" : [ "t1.micro", "t2.nano", "t2.micro", "t2.small", "t2.medium", "t2.large", "m1.small", "m1.medium", "m1.large", "m1.xlarge", "m2.xlarge", "m2.2xlarge", "m2.4xlarge", "m3.medium", "m3.large", "m3.xlarge", "m3.2xlarge", "m4.large", "m4.xlarge", "m4.2xlarge", "m4.4xlarge", "m4.10xlarge", "c1.medium", "c1.xlarge", "c3.large", "c3.xlarge", "c3.2xlarge", "c3.4xlarge", "c3.8xlarge", "c4.large", "c4.xlarge", "c4.2xlarge", "c4.4xlarge", "c4.8xlarge", "g2.2xlarge", "g2.8xlarge", "r3.large", "r3.xlarge", "r3.2xlarge", "r3.4xlarge", "r3.8xlarge", "i2.xlarge", "i2.2xlarge", "i2.4xlarge", "i2.8xlarge", "d2.xlarge", "d2.2xlarge", "d2.4xlarge", "d2.8xlarge", "hi1.4xlarge", "hs1.8xlarge", "cr1.8xlarge", "cc2.8xlarge", "cg1.4xlarge"], | |
| "ConstraintDescription" : "must be a valid EC2 instance type." | |
| }, | |
| "SSHLocation" : { | |
| "Description" : " The IP address range that can be used to SSH to the EC2 instances", | |
| "Type": "String", | |
| "MinLength": "9", | |
| "MaxLength": "18", | |
| "Default": "0.0.0.0/0", | |
| "AllowedPattern": "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/(\\d{1,2})", | |
| "ConstraintDescription": "must be a valid IP CIDR range of the form x.x.x.x/x." | |
| } | |
| }, | |
| "Mappings" : { | |
| "AWSInstanceType2Arch" : { | |
| "t1.micro" : { "Arch" : "PV64" }, | |
| "t2.nano" : { "Arch" : "HVM64" }, | |
| "t2.micro" : { "Arch" : "HVM64" }, | |
| "t2.small" : { "Arch" : "HVM64" }, | |
| "t2.medium" : { "Arch" : "HVM64" }, | |
| "t2.large" : { "Arch" : "HVM64" }, | |
| "m1.small" : { "Arch" : "PV64" }, | |
| "m1.medium" : { "Arch" : "PV64" }, | |
| "m1.large" : { "Arch" : "PV64" }, | |
| "m1.xlarge" : { "Arch" : "PV64" }, | |
| "m2.xlarge" : { "Arch" : "PV64" }, | |
| "m2.2xlarge" : { "Arch" : "PV64" }, | |
| "m2.4xlarge" : { "Arch" : "PV64" }, | |
| "m3.medium" : { "Arch" : "HVM64" }, | |
| "m3.large" : { "Arch" : "HVM64" }, | |
| "m3.xlarge" : { "Arch" : "HVM64" }, | |
| "m3.2xlarge" : { "Arch" : "HVM64" }, | |
| "m4.large" : { "Arch" : "HVM64" }, | |
| "m4.xlarge" : { "Arch" : "HVM64" }, | |
| "m4.2xlarge" : { "Arch" : "HVM64" }, | |
| "m4.4xlarge" : { "Arch" : "HVM64" }, | |
| "m4.10xlarge" : { "Arch" : "HVM64" }, | |
| "c1.medium" : { "Arch" : "PV64" }, | |
| "c1.xlarge" : { "Arch" : "PV64" }, | |
| "c3.large" : { "Arch" : "HVM64" }, | |
| "c3.xlarge" : { "Arch" : "HVM64" }, | |
| "c3.2xlarge" : { "Arch" : "HVM64" }, | |
| "c3.4xlarge" : { "Arch" : "HVM64" }, | |
| "c3.8xlarge" : { "Arch" : "HVM64" }, | |
| "c4.large" : { "Arch" : "HVM64" }, | |
| "c4.xlarge" : { "Arch" : "HVM64" }, | |
| "c4.2xlarge" : { "Arch" : "HVM64" }, | |
| "c4.4xlarge" : { "Arch" : "HVM64" }, | |
| "c4.8xlarge" : { "Arch" : "HVM64" }, | |
| "g2.2xlarge" : { "Arch" : "HVMG2" }, | |
| "g2.8xlarge" : { "Arch" : "HVMG2" }, | |
| "r3.large" : { "Arch" : "HVM64" }, | |
| "r3.xlarge" : { "Arch" : "HVM64" }, | |
| "r3.2xlarge" : { "Arch" : "HVM64" }, | |
| "r3.4xlarge" : { "Arch" : "HVM64" }, | |
| "r3.8xlarge" : { "Arch" : "HVM64" }, | |
| "i2.xlarge" : { "Arch" : "HVM64" }, | |
| "i2.2xlarge" : { "Arch" : "HVM64" }, | |
| "i2.4xlarge" : { "Arch" : "HVM64" }, | |
| "i2.8xlarge" : { "Arch" : "HVM64" }, | |
| "d2.xlarge" : { "Arch" : "HVM64" }, | |
| "d2.2xlarge" : { "Arch" : "HVM64" }, | |
| "d2.4xlarge" : { "Arch" : "HVM64" }, | |
| "d2.8xlarge" : { "Arch" : "HVM64" }, | |
| "hi1.4xlarge" : { "Arch" : "HVM64" }, | |
| "hs1.8xlarge" : { "Arch" : "HVM64" }, | |
| "cr1.8xlarge" : { "Arch" : "HVM64" }, | |
| "cc2.8xlarge" : { "Arch" : "HVM64" } | |
| }, | |
| "AWSInstanceType2NATArch" : { | |
| "t1.micro" : { "Arch" : "NATPV64" }, | |
| "t2.nano" : { "Arch" : "NATHVM64" }, | |
| "t2.micro" : { "Arch" : "NATHVM64" }, | |
| "t2.small" : { "Arch" : "NATHVM64" }, | |
| "t2.medium" : { "Arch" : "NATHVM64" }, | |
| "t2.large" : { "Arch" : "NATHVM64" }, | |
| "m1.small" : { "Arch" : "NATPV64" }, | |
| "m1.medium" : { "Arch" : "NATPV64" }, | |
| "m1.large" : { "Arch" : "NATPV64" }, | |
| "m1.xlarge" : { "Arch" : "NATPV64" }, | |
| "m2.xlarge" : { "Arch" : "NATPV64" }, | |
| "m2.2xlarge" : { "Arch" : "NATPV64" }, | |
| "m2.4xlarge" : { "Arch" : "NATPV64" }, | |
| "m3.medium" : { "Arch" : "NATHVM64" }, | |
| "m3.large" : { "Arch" : "NATHVM64" }, | |
| "m3.xlarge" : { "Arch" : "NATHVM64" }, | |
| "m3.2xlarge" : { "Arch" : "NATHVM64" }, | |
| "m4.large" : { "Arch" : "NATHVM64" }, | |
| "m4.xlarge" : { "Arch" : "NATHVM64" }, | |
| "m4.2xlarge" : { "Arch" : "NATHVM64" }, | |
| "m4.4xlarge" : { "Arch" : "NATHVM64" }, | |
| "m4.10xlarge" : { "Arch" : "NATHVM64" }, | |
| "c1.medium" : { "Arch" : "NATPV64" }, | |
| "c1.xlarge" : { "Arch" : "NATPV64" }, | |
| "c3.large" : { "Arch" : "NATHVM64" }, | |
| "c3.xlarge" : { "Arch" : "NATHVM64" }, | |
| "c3.2xlarge" : { "Arch" : "NATHVM64" }, | |
| "c3.4xlarge" : { "Arch" : "NATHVM64" }, | |
| "c3.8xlarge" : { "Arch" : "NATHVM64" }, | |
| "c4.large" : { "Arch" : "NATHVM64" }, | |
| "c4.xlarge" : { "Arch" : "NATHVM64" }, | |
| "c4.2xlarge" : { "Arch" : "NATHVM64" }, | |
| "c4.4xlarge" : { "Arch" : "NATHVM64" }, | |
| "c4.8xlarge" : { "Arch" : "NATHVM64" }, | |
| "g2.2xlarge" : { "Arch" : "NATHVMG2" }, | |
| "g2.8xlarge" : { "Arch" : "NATHVMG2" }, | |
| "r3.large" : { "Arch" : "NATHVM64" }, | |
| "r3.xlarge" : { "Arch" : "NATHVM64" }, | |
| "r3.2xlarge" : { "Arch" : "NATHVM64" }, | |
| "r3.4xlarge" : { "Arch" : "NATHVM64" }, | |
| "r3.8xlarge" : { "Arch" : "NATHVM64" }, | |
| "i2.xlarge" : { "Arch" : "NATHVM64" }, | |
| "i2.2xlarge" : { "Arch" : "NATHVM64" }, | |
| "i2.4xlarge" : { "Arch" : "NATHVM64" }, | |
| "i2.8xlarge" : { "Arch" : "NATHVM64" }, | |
| "d2.xlarge" : { "Arch" : "NATHVM64" }, | |
| "d2.2xlarge" : { "Arch" : "NATHVM64" }, | |
| "d2.4xlarge" : { "Arch" : "NATHVM64" }, | |
| "d2.8xlarge" : { "Arch" : "NATHVM64" }, | |
| "hi1.4xlarge" : { "Arch" : "NATHVM64" }, | |
| "hs1.8xlarge" : { "Arch" : "NATHVM64" }, | |
| "cr1.8xlarge" : { "Arch" : "NATHVM64" }, | |
| "cc2.8xlarge" : { "Arch" : "NATHVM64" } | |
| }, | |
| "AWSRegionArch2AMI" : { | |
| "us-east-1" : {"PV64" : "ami-2a69aa47", "HVM64" : "ami-97785bed", "HVMG2" : "ami-0a6e3770"}, | |
| "us-west-2" : {"PV64" : "ami-7f77b31f", "HVM64" : "ami-f2d3638a", "HVMG2" : "ami-ee15a196"}, | |
| "us-west-1" : {"PV64" : "ami-a2490dc2", "HVM64" : "ami-824c4ee2", "HVMG2" : "ami-0da4a46d"}, | |
| "eu-west-1" : {"PV64" : "ami-4cdd453f", "HVM64" : "ami-d834aba1", "HVMG2" : "ami-af8013d6"}, | |
| "eu-west-2" : {"PV64" : "NOT_SUPPORTED", "HVM64" : "ami-403e2524", "HVMG2" : "NOT_SUPPORTED"}, | |
| "eu-west-3" : {"PV64" : "NOT_SUPPORTED", "HVM64" : "ami-8ee056f3", "HVMG2" : "NOT_SUPPORTED"}, | |
| "eu-central-1" : {"PV64" : "ami-6527cf0a", "HVM64" : "ami-5652ce39", "HVMG2" : "ami-1d58ca72"}, | |
| "ap-northeast-1" : {"PV64" : "ami-3e42b65f", "HVM64" : "ami-ceafcba8", "HVMG2" : "ami-edfd658b"}, | |
| "ap-northeast-2" : {"PV64" : "NOT_SUPPORTED", "HVM64" : "ami-863090e8", "HVMG2" : "NOT_SUPPORTED"}, | |
| "ap-northeast-3" : {"PV64" : "NOT_SUPPORTED", "HVM64" : "ami-83444afe", "HVMG2" : "NOT_SUPPORTED"}, | |
| "ap-southeast-1" : {"PV64" : "ami-df9e4cbc", "HVM64" : "ami-68097514", "HVMG2" : "ami-c06013bc"}, | |
| "ap-southeast-2" : {"PV64" : "ami-63351d00", "HVM64" : "ami-942dd1f6", "HVMG2" : "ami-85ef12e7"}, | |
| "ap-south-1" : {"PV64" : "NOT_SUPPORTED", "HVM64" : "ami-531a4c3c", "HVMG2" : "ami-411e492e"}, | |
| "us-east-2" : {"PV64" : "NOT_SUPPORTED", "HVM64" : "ami-f63b1193", "HVMG2" : "NOT_SUPPORTED"}, | |
| "ca-central-1" : {"PV64" : "NOT_SUPPORTED", "HVM64" : "ami-a954d1cd", "HVMG2" : "NOT_SUPPORTED"}, | |
| "sa-east-1" : {"PV64" : "ami-1ad34676", "HVM64" : "ami-84175ae8", "HVMG2" : "NOT_SUPPORTED"}, | |
| "cn-north-1" : {"PV64" : "ami-77559f1a", "HVM64" : "ami-cb19c4a6", "HVMG2" : "NOT_SUPPORTED"}, | |
| "cn-northwest-1" : {"PV64" : "ami-80707be2", "HVM64" : "ami-3e60745c", "HVMG2" : "NOT_SUPPORTED"} | |
| } | |
| }, | |
| "Resources" : { | |
| "ShadowSocksServerInstance": { | |
| "Type": "AWS::EC2::Instance", | |
| "Metadata" : { | |
| "AWS::CloudFormation::Init" : { | |
| "config" : { | |
| "packages" : { | |
| "yum" : { | |
| "git" : [], | |
| "gcc" : [] | |
| } | |
| }, | |
| "files" : { | |
| "/etc/shadowsocks.json" : { | |
| "content" : { "Fn::Join" : [ "", [ | |
| "{\n", | |
| " \"server\":\"0.0.0.0\",\n", | |
| " \"server_port\":", { "Ref" : "ShadowSocksServerPort" }, ",\n", | |
| " \"local_port\":1080,\n", | |
| " \"password\":\"", { "Ref" : "ShadowSocksPassword" }, "\",\n", | |
| " \"timeout\":600,\n", | |
| " \"method\":\"xchacha20-ietf-poly1305\",\n", | |
| " \"fast_open\": true\n", | |
| "}\n" | |
| ]]}, | |
| "mode" : "000644", | |
| "owner" : "root", | |
| "group" : "root" | |
| }, | |
| "/etc/init.d/shadowsocks" : { | |
| "content" : { "Fn::Join" : [ "", [ | |
| "#!/bin/sh\n", | |
| "### BEGIN INIT INFO\n", | |
| "# Provides: shadowsocks\n", | |
| "# Required-Start: $remote_fs $syslog\n", | |
| "# Required-Stop: $remote_fs $syslog\n", | |
| "# Default-Start: 2 3 4 5\n", | |
| "# Default-Stop: 0 1 6\n", | |
| "# Short-Description: start shadowsocks\n", | |
| "# Description: start shadowsocks\n", | |
| "### END INIT INFO\n", | |
| "\n", | |
| "start(){\n", | |
| " /usr/local/bin/ssserver -c /etc/shadowsocks.json -d start\n", | |
| "}\n", | |
| "\n", | |
| "stop(){\n", | |
| " /usr/local/bin/ssserver -c /etc/shadowsocks.json -d stop\n", | |
| "}\n", | |
| "\n", | |
| "case \"$1\" in\n", | |
| "start)\n", | |
| " start", | |
| "\n", | |
| " ;;\n", | |
| "stop)\n", | |
| " stop\n", | |
| " ;;\n", | |
| "restart)\n", | |
| " stop\n", | |
| " start\n", | |
| " ;;\n", | |
| "*)\n", | |
| " echo \"Usage: $0 {start|restart|stop}\"\n", | |
| " exit 1\n", | |
| " ;;\n", | |
| "esac\n" | |
| ]]}, | |
| "mode" : "000755", | |
| "owner" : "root", | |
| "group" : "root" | |
| }, | |
| "/etc/cfn/cfn-hup.conf" : { | |
| "content" : { "Fn::Join" : ["", [ | |
| "[main]\n", | |
| "stack=", { "Ref" : "AWS::StackId" }, "\n", | |
| "region=", { "Ref" : "AWS::Region" }, "\n" | |
| ]]}, | |
| "mode" : "000400", | |
| "owner" : "root", | |
| "group" : "root" | |
| }, | |
| "/etc/cfn/hooks.d/cfn-auto-reloader.conf" : { | |
| "content": { "Fn::Join" : ["", [ | |
| "[cfn-auto-reloader-hook]\n", | |
| "triggers=post.update\n", | |
| "path=Resources.ShadowSocksServerInstance.Metadata.AWS::CloudFormation::Init\n", | |
| "action=/opt/aws/bin/cfn-init -v ", | |
| " --stack ", { "Ref" : "AWS::StackName" }, | |
| " --resource ShadowSocksServerInstance ", | |
| " --configsets InstallAndRun ", | |
| " --region ", { "Ref" : "AWS::Region" }, "\n", | |
| "runas=root\n" | |
| ]]}, | |
| "mode" : "000400", | |
| "owner" : "root", | |
| "group" : "root" | |
| } | |
| }, | |
| "commands" : { | |
| "01_install_shadowsocks" : { | |
| "command" : { "Fn::Join" : ["", ["pip install --upgrade git+https://github.com/shadowsocks/shadowsocks.git@master"]]} | |
| }, | |
| "02_optimize_shadowsocks" : { | |
| "command" : { "Fn::Join" : ["", [ | |
| "echo -e \"* soft nofile 51200\\n* hard nofile 51200\" >> /etc/security/limits.conf\n", | |
| "ulimit -n 51200", | |
| "echo -e \"fs.file-max = 51200\\nnet.core.rmem_max = 67108864\\nnet.core.wmem_max = 67108864\\nnet.core.netdev_max_backlog = 250000\\nnet.core.somaxconn = 4096\\nnet.ipv4.tcp_syncookies = 1\\nnet.ipv4.tcp_tw_reuse = 1\\nnet.ipv4.tcp_tw_recycle = 0\\nnet.ipv4.tcp_fin_timeout = 30\\nnet.ipv4.tcp_keepalive_time = 1200\\nnet.ipv4.ip_local_port_range = 10000 65000\\nnet.ipv4.tcp_max_syn_backlog = 8192\\nnet.ipv4.tcp_max_tw_buckets = 5000\\nnet.ipv4.tcp_fastopen = 3\\nnet.ipv4.tcp_mem = 25600 51200 102400\\nnet.ipv4.tcp_rmem = 4096 87380 67108864\\nnet.ipv4.tcp_wmem = 4096 65536 67108864\\nnet.ipv4.tcp_mtu_probing = 1\\nnet.ipv4.tcp_congestion_control = hybla\" >> /etc/sysctl.conf\n", | |
| "sysctl -p\n" | |
| ]]} | |
| }, | |
| "03_install_libsodium" : { | |
| "command" : { "Fn::Join" : ["", [ | |
| "git clone https://github.com/jedisct1/libsodium --branch stable\n", | |
| "cd libsodium\n", | |
| "./configure\n", | |
| "make\n", | |
| "make install\n", | |
| "echo -e \"/usr/local/lib\n\" >> /etc/ld.so.conf\n", | |
| "ldconfig\n" | |
| ]]} | |
| } | |
| }, | |
| "services" : { | |
| "sysvinit" : { | |
| "shadowsocks" : { "enabled" : "true", "ensureRunning" : "true", | |
| "files" : ["/etc/shadowsocks.json", "/usr/local/lib/libsodium.so"]}, | |
| "cfn-hup" : { "enabled" : "true", "ensureRunning" : "true", | |
| "files" : ["/etc/cfn/cfn-hup.conf", "/etc/cfn/hooks.d/cfn-auto-reloader.conf"]} | |
| } | |
| } | |
| } | |
| } | |
| }, | |
| "Properties": { | |
| "ImageId" : { "Fn::FindInMap" : [ "AWSRegionArch2AMI", { "Ref" : "AWS::Region" }, | |
| { "Fn::FindInMap" : [ "AWSInstanceType2Arch", { "Ref" : "InstanceType" }, "Arch" ] } ] }, | |
| "InstanceType" : { "Ref" : "InstanceType" }, | |
| "SecurityGroups" : [ {"Ref" : "ShadowSocksServerSecurityGroup"} ], | |
| "KeyName" : { "Ref" : "KeyName" }, | |
| "UserData" : { "Fn::Base64" : { "Fn::Join" : ["", [ | |
| "#!/bin/bash -xe\n", | |
| "yum update -y aws-cfn-bootstrap\n", | |
| "# Install the files and packages from the metadata\n", | |
| "/opt/aws/bin/cfn-init -v ", | |
| " --stack ", { "Ref" : "AWS::StackName" }, | |
| " --resource ShadowSocksServerInstance ", | |
| " --region ", { "Ref" : "AWS::Region" }, "\n", | |
| "# Signal the status from cfn-init\n", | |
| "/opt/aws/bin/cfn-signal -e $? ", | |
| " --stack ", { "Ref" : "AWS::StackName" }, | |
| " --resource ShadowSocksServerInstance ", | |
| " --region ", { "Ref" : "AWS::Region" }, "\n" | |
| ]]}} | |
| }, | |
| "CreationPolicy" : { | |
| "ResourceSignal" : { | |
| "Timeout" : "PT5M" | |
| } | |
| } | |
| }, | |
| "ShadowSocksServerSecurityGroup" : { | |
| "Type" : "AWS::EC2::SecurityGroup", | |
| "Properties" : { | |
| "GroupDescription" : "Enable ShadowSocks access port", | |
| "SecurityGroupIngress" : [ | |
| {"IpProtocol" : "tcp", "FromPort" : { "Ref" : "ShadowSocksServerPort"}, "ToPort" : { "Ref" : "ShadowSocksServerPort"}, "CidrIp" : "0.0.0.0/0"}, | |
| {"IpProtocol" : "tcp", "FromPort" : "22", "ToPort" : "22", "CidrIp" : { "Ref" : "SSHLocation"}} | |
| ] | |
| } | |
| } | |
| }, | |
| "Outputs" : { | |
| "ShadowSocksURI" : { | |
| "Description" : "URI for newly created ShadowSocks stack", | |
| "Value" : { "Fn::Join" : ["", ["ss://xchacha20-ietf-poly1305:", {"Ref": "ShadowSocksPassword"}, "@", { "Fn::GetAtt" : [ "ShadowSocksServerInstance", "PublicDnsName" ]}, ":", {"Ref": "ShadowSocksServerPort"}]] } | |
| } | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment