背景:前段時間公司拓展海外業務,由於當時一些資源(數據庫,緩存)是和國內業務共用的,所以承載海外業務的服務器也選在了國內。項目上線期間,開發給提出要調用facebook和twitter接口的需求,要讓系統×××訪問https://graph.facebook.com
過程:1、搭建shadowsocks服務
先在香港買了一臺低配(1核1G,centos 6.8系統)阿里雲服務器A做爲跳板。
在A機器上安裝ss服務端:
1>yum install -y python-pip
2>pip install shadowsocks
直接命令行啓動服務:ssserver -p 4438 -k 51cto -m rc4-md5 --user nobody -d start
監聽4438端口,密碼51cto,加密方法rc4-md5
2、搭建ss客戶端和privoxy
由於shadowsocks不支持http和https協議,而要訪問的接口都是https協議,所以很顯然只用ss服務是達不到目的的。這裏結合privoxy代理共同轉發請求:先將https請求轉發到privoxy,在由privoxy轉發給shadowsocks,最後由在香港的shadowsocks服務端代理出去。
在需要×××調用海外接口的服務器上安裝ss客戶端和privoxy,見下方腳本:cat proxy_php.sh
#!/bin/bash
#proxy for haiwaiapp
#written by xjm
PATH="/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin"
export PATH
WORKSPACE=/workspace/conf
PRIVOXY=/etc/privoxy
PROFILE=/etc/profile
install_ss(){
yum install -y python-pip
pip install shadowsocks
if [ $? -nt 0 ]
then
echo "ss install failed!"
exit "101"
fi
echo '{
"server":"A ip",
"server_port":4438,
"local_address":"127.0.0.1",
"local_port":1080,
"password":"51ct0",
"timeout":300,
"method":"rc4-md5",
"fast_open": false,
"workers": 1
}' >>/etc/shadowsocks.json
}
install_privoxy(){
yum install -y privoxy
if [ $? -nt 0 ]
then
echo "privoxy install failed!"
exit "201"
fi
echo "actionsfile pac.action
forward-socks5 / 127.0.0.1:1080 ." >> $PRIVOXY/config
echo "{{alias}}
direct = +forward-override{forward .}
shadowsocks = +forward-override{forward-socks5 127.0.0.1:1080 .}
#default
{direct}
/
#shadowsocks
{shadowsocks}
.twitter.com
.facebook.com" > $PRIVOXY/pac.action
}
php_conf(){
echo "export https_proxy=http://127.0.0.1:8118" >>${PROFILE}
chmod 777 ${PROFILE}
source ${PROFILE}
echo "env[https_proxy] = \$https_proxy" >> ${WORKSPACE}/php-fpm.conf
sed -i "27i . /etc/profile" /etc/init.d/php56-php-fpm
sed -i '/variables_order =/s/GPCS/EGPCS/g' ${WORKSPACE}/php.ini
service php56-php-fpm restart
if [ $? -nt 0 ]
then
echo "php config failed!"
exit "301"
fi
}
grep privoxy /etc/passwd
if [ $? -nt 0 ]
then
useradd privoxy
fi
install_ss
nohup sslocal -c /etc/shadowsocks.json /dev/null 2>&1 &
sleep 5
tmp=ps -ef |grep sslocal |grep -v "grep" |wc -l
[ ${tmp} -eq 1 ] && echo "sslocal start success" || echo "sslocal start failedplease check"
install_privoxy
php_conf
privoxy --user privoxy /etc/privoxy/config &
sleep 5
tmp=ps -ef |grep privoxy |grep -v "grep" |wc -l
[ ${tmp} -eq 1 ] && echo "privoxy start success" || echo "privoxy start failedplease check"
3、配置說明
/etc/shadowsocks.json裏的配置爲需要訪問的服務端的配置
/etc/privoxy/pac.action是智能分流功能,只轉發{shadowsocks}裏配置的域名
腳本里關於php配置的部分是由於業務代碼是php寫的,需要在php-fpm啓動的時候加載https_proxy以控制調用接口的代碼走本機的8118端口
最後是ss客戶端和privoxy的啓動
其中ss客戶端sslocal監聽127.0.0.1:1080,privoxy監聽127.0.0.1:8118
4、測試
部署前
部署後