Mean Machine meanevo

## check_shadowsocks.sh
# FILE_LOCATION: /usr/bin/check_shadowsocks.sh
# DESCRIPTION: Script for checking whether shadowsocks-libev is running, and if not, restart it.
# <!-- ORIGINAL_CONTENTS_BELOW -->

#!/bin/sh
ss_pid_path="/var/run/ss-redir.pid"
ss_port={SS1_PORT}
ss2_pid_path="/var/run/ss-redir-whitelist.pid"
ss2_port={SS2_PORT}
if [ -f $ss_pid_path ] && [ -f $ss2_pid_path ]; then

## ipset.service
#
# reference: http://namsep.blogspot.com/2015/12/yad-centos-7-iptables-ipset-and-fail2ban.html
# reference: http://pkgs.fedoraproject.org/cgit/ipset.git/tree/ipset.service
# file location: /etc/systemd/system/ipset.service
#
# systemctl enable ipset.service
# mkdir /etc/ipset
# touch /etc/ipset/ipset
# ...do something with ipset...
# ipset save > /etc/ipset/ipset

## nginx.conf
server {

    listen 0.0.0.0:80 default_server;
    listen [::]:80 default_server;
    server_name _;
    server_tokens off;

    ## Document root
    set $base_path "/usr/share/nginx";
    set $domain_path "${host}";

## haproxy.cfg
#---------------------------------------------------------------------
# Global settings
#---------------------------------------------------------------------
global
    log         127.0.0.1 local2

    chroot      /var/lib/haproxy
    pidfile     /var/run/haproxy.pid
    maxconn     2048
    user        haproxy

## haproxy.cfg
#---------------------------------------------------------------------
# Global settings
#---------------------------------------------------------------------
global
    daemon
    chroot /var/lib/haproxy
    pidfile /var/run/haproxy.pid
    maxconn 2048
    user haproxy
    group haproxy

## compile-openssl_102.sh
# Make sure you have these installed
yum install -y make gcc perl pcre-devel zlib-devel
# Download/Extract source
wget -O /tmp/openssl.tgz https://www.openssl.org/source/openssl-1.0.2-latest.tar.gz
tar -zxf /tmp/openssl.tgz -C /tmp
cd /tmp/openssl-*
# Optional: Patch chacha20
# https://github.com/cloudflare/sslconfig/tree/master/patches
wget https://raw.githubusercontent.com/cloudflare/sslconfig/master/patches/openssl__chacha20_poly1305_draft_and_rfc_ossl102j.patch
patch -p1 < openssl__chacha20_poly1305_draft_and_rfc_ossl102j.patch

## compile-haproxy.sh
# Make sure you have these installed
yum install -y make gcc perl pcre-devel zlib-devel
# Download/Extract source
wget -O /tmp/haproxy.tgz http://www.haproxy.org/download/1.7/src/haproxy-1.7.2.tar.gz
tar -zxvf /tmp/haproxy.tgz -C /tmp
cd /tmp/haproxy-*
# Compile HAProxy
# https://github.com/haproxy/haproxy/blob/master/README
make \
    TARGET=linux2628 USE_LINUX_TPROXY=1 USE_ZLIB=1 USE_REGPARM=1 USE_PCRE=1 USE_PCRE_JIT=1 \

## nginx.conf
server {

    listen 127.0.0.1:5002;
    listen [::1]:5002;
    server_name .dev;

    ## Set dev's base path in order to appending L1 name
    set $base_path "/Library/WebServer/Documents";
    ## Start domain regex match
    set $domain $host;
	# FILE_LOCATION: /usr/bin/check_shadowsocks.sh
	# DESCRIPTION: Script for checking whether shadowsocks-libev is running, and if not, restart it.
	# <!-- ORIGINAL_CONTENTS_BELOW -->

	#!/bin/sh
	ss_pid_path="/var/run/ss-redir.pid"
	ss_port={SS1_PORT}
	ss2_pid_path="/var/run/ss-redir-whitelist.pid"
	ss2_port={SS2_PORT}
	if [ -f $ss_pid_path ] && [ -f $ss2_pid_path ]; then
	#
	# reference: http://namsep.blogspot.com/2015/12/yad-centos-7-iptables-ipset-and-fail2ban.html
	# reference: http://pkgs.fedoraproject.org/cgit/ipset.git/tree/ipset.service
	# file location: /etc/systemd/system/ipset.service
	#
	# systemctl enable ipset.service
	# mkdir /etc/ipset
	# touch /etc/ipset/ipset
	# ...do something with ipset...
	# ipset save > /etc/ipset/ipset
	server {

	listen 0.0.0.0:80 default_server;
	listen [::]:80 default_server;
	server_name _;
	server_tokens off;

	## Document root
	set $base_path "/usr/share/nginx";
	set $domain_path "${host}";
	#---------------------------------------------------------------------
	# Global settings
	#---------------------------------------------------------------------
	global
	log 127.0.0.1 local2

	chroot /var/lib/haproxy
	pidfile /var/run/haproxy.pid
	maxconn 2048
	user haproxy
	# Make sure you have these installed
	yum install -y make gcc perl pcre-devel zlib-devel
	# Download/Extract source
	wget -O /tmp/openssl.tgz https://www.openssl.org/source/openssl-1.0.2-latest.tar.gz
	tar -zxf /tmp/openssl.tgz -C /tmp
	cd /tmp/openssl-*
	# Optional: Patch chacha20
	# https://github.com/cloudflare/sslconfig/tree/master/patches
	wget https://raw.githubusercontent.com/cloudflare/sslconfig/master/patches/openssl__chacha20_poly1305_draft_and_rfc_ossl102j.patch
	patch -p1 < openssl__chacha20_poly1305_draft_and_rfc_ossl102j.patch
	server {

	listen 127.0.0.1:5002;
	listen [::1]:5002;
	server_name .dev;

	## Set dev's base path in order to appending L1 name
	set $base_path "/Library/WebServer/Documents";
	## Start domain regex match
	set $domain $host;