创建商业SSH代理翻墙服务器方案教程——create SSH GFW proxy

小方刚成功搭建了可商业化销售的SSH翻墙代理(原来的目的不是为了销售,而为了教会的弟兄姊妹可以便宜和迅速的翻墙)

I just created a SSH Proxy server with business retail solution. Here it is.

1. 购买Linode服务器: 512套餐即可,200G的流量如果不够,可以再加。如果内存不够,就直接无缝升级Linode到更高的套餐。

1. Get a Linode server. 512MB option is enough. If 200G data transfer is not enough, you can upgrade to higher one seamlessly.

2. 登录Linode控制台,在东京建立一个服务器(东京快,我测试了,使用迅雷,在翻墙状态下,可以达到4MB/秒的速度)。SSH连接服务器,后,创建翻墙服务器路径:

2. Go to console of Linode and place a new server node. In China mainland, TOKYO branch is recommended. And make a new path in your node with:

mkdir -p /opt/gfw

3. 在/opt/gfw里面下载本文需要使用到的文件,我上传在 这里 了。备注:这些文件有的是我自己写的,有的是我参考别人并做修改的。

3. Download the folder of files to /opt/gfw.

4. 解压缩下载下来的文件

4. Exact the files

tar zxf sshserver.tar.gz

文件说明:

File structure:

limit.pl: 这个是用来限制同一时间,只能有一个SSH用户登录,并且后来登录的会强制迫使之前登录的退出。这样可以有效防止一号多用,显失公平。

limit.pl: This file enable Linux to force only one session allowed for an account login.  By this file, to share/spread the SSH account is limited.

createUser.sh: 这个是用来初次创建用户的。如果用户已经存在,则会弹出警告,并退出程序。使用方法下面详解

createUser.sh: This is a file for create a new user. Say there is a new user purchase the account, you should run this file to create a new account for him. The manual will be listed below.

updateUser.sh: 这个是用来更新用户的过期时间,在用户续费的时候会用到。

updateUser.sh: This is for updating user expired date while user renews his account.

tcBandwidth.sh 这个是使用Linux TC来控制单用户的单线程连接速度,防止个别用户占用太多速度(默认限速为200Kb=25KB/线程,需要手工修改配置)

tcBandwidth.sh: This is a Linux TC program which is limit the connection bandwidth (download/upload). We use this program to prevent single user from occupying too much bandwidth.

5. 配置具体文件

5. Configurations

5.1 编辑开机启动文件

5.1 Edit Linux RC (system auto start configurations)

vim /etc/rc.d/rc.local

(Ubuntu: /etc/rc.local)
添加以下文本

Add the following text

/opt/gfw/limit.pl &
/opt/gfw/tcBandwidth.sh start

5.2 修改单用户限速配置 (当前目录为/opt/gfw/)

5.2 Change bandwidth limitation (Assume current work directory is /opt/gfw/)

vim tcBandwidth.sh

* 将IP修改成你的Linode服务器的公网IP,这个必须改哦。

* Change IP as your public Linode IP

* DNLD是下载限制,UPLD是上传限制,默认单线程200Kb=25KB。在SSH代理客户端里,我猜测其道理刚好是相好的。也就是要限制下载速度,应该是修改UPLD,反之亦然。

* DNLD is for download bandwidth limitation, UPLD is for uploading. The default value is 200KB/s=25KB/s. Within SSH proxy, as we are using port forwarding mechanism, I guess DNLD may be uploading bandwidth, and vice-versa (Sorry, I don't know TC well)
5.3 首次启动服务

5.3 Start service

yum groupinstall "Development Tools" "Development Libraries"

(Ubuntu: apt-get install perl)
chmod +x /opt/gfw/*

/opt/gfw/limit.pl &  /opt/gfw/tcBandwidth.sh start

6. 创建用户 (参数)

./createUser 用户名 密码 过期时间
6. Create user (parameter)
./createUser.sh username password expired_date

其中,过期时间以月为单位,如果不填写,默认是3个月。

By default, expired date is 3 month.

如要创建一个叫xiaofang的用户,密码高为11111, 4个月后账户到期:

For instance, to create a user with password 11111 and being expired in 4 month:

./createUser.sh xiaofang 11111 4

7. 用户续费

7. Account expired date renew

./updateUser.sh 用户名 过期时间
./updateUser.sh username new_expired_date

参数含义与创建用户相同

The parameter description is the same as createUser

8. 客户端设置——小方版,请点击这里

8. Client settings — by Paul Lan, click Here.


原文:
http://www.xiaofang.me
发表评论