Last active
September 24, 2017 03:23
-
-
Save kmahyyg/b30e367c35dd14893d78d0d6596ff0b2 to your computer and use it in GitHub Desktop.
new-install-of-ssr-debian8
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# initialized | |
ps aux | |
cd /etc/ssh | |
vi ./sshd_config | |
service sshd restart | |
apt-get update -y | |
apt-get upgrade -y | |
apt-get install python3 python python-pip python3-pip unzip cmake make gcc build-essential -y | |
apt-get install ca-certificates -y | |
clear | |
mkdir ./tempins | |
cd ./tempins | |
wget https://github.com/jedisct1/libsodium/releases/download/1.0.14/libsodium-1.0.14.tar.gz | |
wget https://github.com/ARMmbed/mbedtls/archive/mbedtls-2.6.0.tar.gz | |
wget https://www.openssl.org/source/openssl-1.0.2l.tar.gz | |
tar zxvf ./mbedtls-2.6.0.tar.gz | |
tar zxvf ./openssl-1.0.2l.tar.gz | |
tar zxf ./libsodium-1.0.14.tar.gz | |
# mbedtls installation | |
make | |
make test | |
make install | |
cd .. | |
# libsodium installation | |
cd ./libsodium-1.0.14/ | |
apt-get install libtool autoconf -y | |
./autogen.sh | |
./configure | |
make | |
make install | |
popd | |
ldconfig | |
cd .. | |
# openssl configure and install | |
cd ./openssl-1.0.2l/ | |
apt-get install python-m2crypto -y | |
./config --openssldir=/usr/local/ssl | |
make | |
make test && make install | |
# git clone repo | |
cd /root | |
apt-get install git vim -y | |
git clone https://github.com/fuckwall-bak/shadowsocksr ./ssr | |
ifconfig -a | |
./initmudbjson.sh | |
cat ./mudb.json | |
vi /etc/sysctl.conf | |
sysctl -p | |
systemctl status rc.local | |
# make it bootloaded | |
cd /etc | |
vi ./rc.local | |
# don't forget to setup iptables | |
# Generated by iptables-save v1.4.21 on Sun Sep 24 10:40:01 2017 | |
*filter | |
:INPUT ACCEPT [227:16048] | |
:FORWARD ACCEPT [0:0] | |
:OUTPUT ACCEPT [151:15188] | |
-A INPUT -p tcp -m multiport --dports 24,22,50,57,105,106,158,209,1109,24554,60177,60179 -m state --state NEW,ESTABLISHED -j DROP | |
-A OUTPUT -p tcp -m multiport --dports 25,26,465,587 -m state --state NEW,ESTABLISHED -j REJECT --reject-with icmp-port-unreachable | |
-A OUTPUT -p tcp -m multiport --dports 109,110,995 -m state --state NEW,ESTABLISHED -j REJECT --reject-with icmp-port-unreachable | |
-A OUTPUT -p tcp -m multiport --dports 143,218,220,993 -m state --state NEW,ESTABLISHED -j REJECT --reject-with icmp-port-unreachable | |
-A OUTPUT -p tcp -m multiport --dports 24,22,50,57,105,106,158,209,1109,24554,60177,60179 -m state --state NEW,ESTABLISHED -j REJECT --reject-with icmp-port-unreachable | |
COMMIT``` | |
# Completed on Sun Sep 24 10:40:01 2017 | |
# Generated by iptables-save v1.4.21 on Sun Sep 24 10:40:01 2017 | |
*mangle | |
:PREROUTING ACCEPT [1098:82136] | |
:INPUT ACCEPT [1098:82136] | |
:FORWARD ACCEPT [0:0] | |
:OUTPUT ACCEPT [866:110116] | |
:POSTROUTING ACCEPT [866:110116] | |
-A OUTPUT -m string --string "torrent" --algo bm --to 65535 -j DROP | |
-A OUTPUT -m string --string ".torrent" --algo bm --to 65535 -j DROP | |
-A OUTPUT -m string --string "peer_id=" --algo bm --to 65535 -j DROP | |
-A OUTPUT -m string --string "announce" --algo bm --to 65535 -j DROP | |
-A OUTPUT -m string --string "info_hash" --algo bm --to 65535 -j DROP | |
-A OUTPUT -m string --string "get_peers" --algo bm --to 65535 -j DROP | |
-A OUTPUT -m string --string "find_node" --algo bm --to 65535 -j DROP | |
-A OUTPUT -m string --string "BitTorrent" --algo bm --to 65535 -j DROP | |
-A OUTPUT -m string --string "announce_peer" --algo bm --to 65535 -j DROP | |
-A OUTPUT -m string --string "BitTorrent protocol" --algo bm --to 65535 -j DROP | |
-A OUTPUT -m string --string "announce.php?passkey=" --algo bm --to 65535 -j DROP | |
-A OUTPUT -m string --string "magnet:" --algo bm --to 65535 -j DROP | |
COMMIT | |
# Completed on Sun Sep 24 10:40:01 2017 | |
# don't forget to optimize kernal args | |
net.ipv4.tcp_fastopen = 3 | |
net.ipv4.ip_forward = 1 | |
net.ipv4.conf.all.accept_redirects = 0 | |
net.ipv6.conf.all.accept_redirects = 0 | |
net.ipv4.conf.all.send_redirects = 0 | |
net.ipv4.conf.all.accept_source_route = 0 | |
vm.swappiness = 0 | |
net.ipv4.neigh.default.gc_stale_time = 120 | |
net.ipv4.conf.all.rp_filter = 0 | |
net.ipv4.conf.default.rp_filter = 0 | |
net.ipv4.conf.default.arp_announce = 2 | |
net.ipv4.conf.lo.arp_announce = 2 | |
net.ipv4.conf.all.arp_announce = 2 | |
net.ipv4.tcp_max_tw_buckets = 5000 | |
fs.file-max = 51200 | |
net.core.rmem_max = 67108864 | |
net.core.wmem_max = 67108864 | |
net.core.rmem_default = 65536 | |
net.core.wmem_default = 65536 | |
net.core.netdev_max_backlog = 4096 | |
net.core.somaxconn = 4096 | |
net.ipv4.tcp_tw_reuse = 1 | |
net.ipv4.tcp_mtu_probing = 1 | |
net.ipv4.tcp_max_tw_buckets = 5000 | |
net.ipv4.tcp_fin_timeout = 30 | |
net.ipv4.tcp_keepalive_time = 1200 | |
net.ipv4.tcp_syncookies = 1 | |
net.ipv4.tcp_max_syn_backlog = 4096 | |
net.ipv4.tcp_synack_retries = 2 | |
net.ipv6.conf.all.disable_ipv6 = 1 | |
net.ipv6.conf.default.disable_ipv6 = 1 | |
net.ipv6.conf.lo.disable_ipv6 = 1 | |
net.core.default_qdisc = fq | |
net.ipv4.tcp_congestion_control = bbr | |
# don't forget install bbr and the latest kernel | |
wget --no-check-certificate https://github.com/teddysun/across/raw/master/bbr.sh | |
chmod +x bbr.sh | |
./bbr.sh | |
# after that , upload my own mudb.json |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment