1、列出所有版本信息,执行命令:lsb_release -a。版本:CentOS 7.7。如图1
图1
[root@iZ23wv7v5ggZ ~]# lsb_release -a LSB Version: :core-4.1-amd64:core-4.1-noarch Distributor ID: CentOS Description: CentOS Linux release 7.7.1908 (Core) Release: 7.7.1908 Codename: Core [root@iZ23wv7v5ggZ ~]#
2、查看 bash 版本:4.2.46。如图2
图2
[root@iZ23wv7v5ggZ bin]# bash --version GNU bash, version 4.2.46(2)-release (x86_64-redhat-linux-gnu) Copyright (C) 2011 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html> This is free software; you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. [root@iZ23wv7v5ggZ bin]# ^C [root@iZ23wv7v5ggZ bin]#
3、安装和更新 V2Ray,参考网址:https://github.com/v2fly/fhs-install-v2ray/blob/master/README.zh-Hans-CN.md 。如图3
图3
[root@iZ23wv7v5ggZ ~]# bash <(curl -L https://raw.githubusercontent.com/v2fly/fhs-install-v2ray/master/install-release.sh)
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 21613 100 21613 0 0 21964 0 --:--:-- --:--:-- --:--:-- 21964
info: Installing V2Ray v4.40.1 for x86_64
Downloading V2Ray archive: https://github.com/v2fly/v2ray-core/releases/download/v4.40.1/v2ray-linux-64.zip
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 626 100 626 0 0 734 0 --:--:-- --:--:-- --:--:-- 733
100 12.3M 100 12.3M 0 0 2996k 0 0:00:04 0:00:04 --:--:-- 4167k
Downloading verification file for V2Ray archive: https://github.com/v2fly/v2ray-core/releases/download/v4.40.1/v2ray-linux-64.zip.dgst
info: Extract the V2Ray package to /tmp/tmp.Kbb2Sg6CcW and prepare it for installation.
rm: cannot remove ‘/etc/systemd/system/v2ray.service.d/10-donot_touch_multi_conf.conf’: No such file or directory
rm: cannot remove ‘/etc/systemd/system/v2ray@.service.d/10-donot_touch_multi_conf.conf’: No such file or directory
info: Systemd service files have been installed successfully!
warning: The following are the actual parameters for the v2ray service startup.
warning: Please make sure the configuration file path is correctly set.
~~~~~~~~~~~~~~~~
[Unit]
Description=V2Ray Service
Documentation=https://www.v2fly.org/
After=network.target nss-lookup.target
[Service]
User=nobody
CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE
AmbientCapabilities=CAP_NET_ADMIN CAP_NET_BIND_SERVICE
NoNewPrivileges=true
ExecStart=/usr/local/bin/v2ray -config /usr/local/etc/v2ray/config.json
Restart=on-failure
RestartPreventExitStatus=23
[Install]
WantedBy=multi-user.target
# In case you have a good reason to do so, duplicate this file in the same directory and make your customizes there.
# Or all changes you made will be lost! # Refer: https://www.freedesktop.org/software/systemd/man/systemd.unit.html
[Service]
ExecStart=
ExecStart=/usr/local/bin/v2ray -config /usr/local/etc/v2ray/config.json
~~~~~~~~~~~~~~~~
warning: The systemd version on the current operating system is too low.
warning: Please consider to upgrade the systemd or the operating system.
installed: /usr/local/bin/v2ray
installed: /usr/local/bin/v2ctl
installed: /usr/local/share/v2ray/geoip.dat
installed: /usr/local/share/v2ray/geosite.dat
installed: /usr/local/etc/v2ray/config.json
installed: /var/log/v2ray/
installed: /var/log/v2ray/access.log
installed: /var/log/v2ray/error.log
installed: /etc/systemd/system/v2ray.service
installed: /etc/systemd/system/v2ray@.service
removed: /tmp/tmp.Kbb2Sg6CcW
info: V2Ray v4.40.1 is installed.
You may need to execute a command to remove dependent software: yum remove curl unzip
Please execute the command: systemctl enable v2ray; systemctl start v2ray
[root@iZ23wv7v5ggZ ~]# systemctl enable v2ray
Created symlink from /etc/systemd/system/multi-user.target.wants/v2ray.service to /etc/systemd/system/v2ray.service.
[root@iZ23wv7v5ggZ ~]# systemctl start v2ray
[root@iZ23wv7v5ggZ ~]#
4、我购买了一个商业版本的 V2RAY 服务端 GetSS,选择香港的 Azure 服务器,复制 URL。其值已不可用,我做了修改。如图4
图4
vmess://eyJhZGQiOiJoazAxLmdldHNzLnRvcCIsImhvc3QiOiIiLCJpZCI6IjRBNjMzOEU0LTI3RDItQkQ5My01MUI1LUIzQjIxRUEwM0JFMiIsIm5ldCI6InRjcCIsInBhdGgiOiIiLCJwb3J0IjoiMjM0NTYiLCJ5wcyI6IkhLLUhLVC14MCIsInRscy66I6IiIsInYiOjIsImFpZCI6MCwidHlwZSI6Im5vbmUifQ==
5、将 vmess:// 后面的值 base64 解码后。json 格式化,其值如下。后续用于配置阿里云服务器上的 V2RAY 客户端。其值已不可用,我做了修改。如图5
图5
{
"add": "hk01.getss.top",
"host": "",
"id": "4A6338E4-27D2-BD93-515B5-B3B21EA6603BE2",
"net": "tcp",
"path": "",
"port": "23456",
"ps": "HK-HKT-x0",
"tls": "",
"v": 2,
"aid": 0,
"type": "none"
}
6、查看文件 /usr/local/etc/v2ray/config.json,其值为空对象
[root@iZ23wv7v5ggZ ~]# cat /usr/local/etc/v2ray/config.json
{}
[root@iZ23wv7v5ggZ ~]#
7、V2Ray 没有使用常规代理软件的 C/S(即客户端/服务器)结构,它既可以当做服务器也可以作为客户端。配置客户端,参考文件:C:/Users/Administrator/AppData/Roaming/GetSS/config.json。GetSS 为 Windows 客户端。编辑 /usr/local/etc/v2ray/config.json。如图6
图6
{
"policy": {
"levels": {
"0": {
"uplinkOnly": 0
}
}
},
"inbound": {
"listen": "127.0.0.1",
"port": 1081,
"protocol": "socks",
"settings": {
"auth": "noauth",
"udp": false,
"ip": "127.0.0.1"
}
},
"inboundDetour": [
{
"listen": "127.0.0.1",
"allocate": {
"strategy": "always",
"refresh": 5,
"concurrency": 3
},
"port": 8001,
"protocol": "http",
"tag": "httpDetour",
"domainOverride": [
"http",
"tls"
],
"streamSettings": {},
"settings": {
"timeout": 0
}
}
],
"log": {
"loglevel": "warning"
},
"dns": {
"servers": [
"223.5.5.5"
]
},
"outboundDetour": [
{
"protocol": "freedom",
"tag": "direct",
"settings": {}
}
],
"outbound": {
"sendThrough": "0.0.0.0",
"mux": {
"enabled": false,
"concurrency": 8
},
"protocol": "vmess",
"settings": {
"vnext": [
{
"address": "hk01.getss.top",
"port": 23456,
"users": [
{
"id": "4A6338E4-27D2-BD5593-51B5-B3B21EA03BE2",
"alterId": 0,
"security": "auto",
"level": 0
}
],
"remark": "HK-HKT-x0"
}
]
},
"streamSettings": {
"wsSettings": {
"path": "",
"headers": {
"Host": ""
}
},
"tcpSettings": {
"header": {
"type": "none"
}
},
"security": "",
"tlsSettings": {
"serverName": "",
"allowInsecure": false
},
"httpSettings": {
"path": "",
"host": [
""
]
},
"kcpSettings": {
"header": {
"type": "none"
},
"mtu": 1350,
"congestion": false,
"tti": 20,
"uplinkCapacity": 5,
"writeBufferSize": 1,
"readBufferSize": 1,
"downlinkCapacity": 20
},
"network": "tcp"
}
}
}
8、使用 V2Ray 提供的配置检查功能(test 选项),因为可以检查 JSON 语法错误外的问题,比如说突然间手抖把 vmess 写成了 vmss,一下子就检查出来了。如果是配置文件没问题,则是这样的。
[root@iZ23wv7v5ggZ ~]# /usr/local/bin/v2ray -test -config /usr/local/etc/v2ray/config.json V2Ray 4.40.1 (V2Fly, a community-driven edition of V2Ray.) Custom (go1.16.5 linux/amd64) A unified platform for anti-censorship. Configuration OK. [root@iZ23wv7v5ggZ ~]#
9、VMess 协议的认证基于时间,一定要保证服务器和客户端的系统时间相差要在90秒以内。查看阿里云服务器的系统时间。
[root@iZ23wv7v5ggZ ~]# date Thu Jun 24 16:50:13 CST 2021 [root@iZ23wv7v5ggZ ~]#
10、实际上数据包的流向:{浏览器} <–(socks)–> {V2Ray 客户端 inbound <-> V2Ray 客户端 outbound} <–(VMess)–> {V2Ray 服务器 inbound <-> V2Ray 服务器 outbound} <–(Freedom)–> {目标网站}。
11、查看与代理端口 1081 相链接的端口。显示所有连线中的 Socket。
[root@iZ23wv7v5ggZ ~]# netstat -nat | grep 1081 -a tcp6 0 0 :::1080 :::* LISTEN [root@iZ23wv7v5ggZ ~]#
12、测试阿里云服务器基于 socks 请求 http://httpbin.org/ip、https://www.google.com、https://www.youtube.com。连接成功。如图7
图7
[root@iZ23wv7v5ggZ v2ray]# curl --socks5 127.0.0.1:1081 http://httpbin.org/ip
{
"origin": "14.192.49.13"
}
[root@iZ23wv7v5ggZ v2ray]# curl --socks5 127.0.0.1:1081 http://www.google.com
curl: (52) Empty reply from server
[root@iZ23wv7v5ggZ v2ray]# curl --socks5 127.0.0.1:1081 https://www.google.com
curl: (51) Unable to communicate securely with peer: requested domain name does not match the server's certificate.
[root@iZ23wv7v5ggZ v2ray]# curl -v --socks5 127.0.0.1:1081 https://sitekit.withgoogle.com
* About to connect() to proxy 127.0.0.1 port 1081 (#0)
* Trying 127.0.0.1...
* 216
* 58
* 200
* 49
* Connected to 127.0.0.1 (127.0.0.1) port 1081 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
* CAfile: /etc/pki/tls/certs/ca-bundle.crt
CApath: none
* SSL connection using TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
* Server certificate:
* subject: CN=*.appspot.com,O=Google LLC,L=Mountain View,ST=California,C=US
* start date: May 31 01:07:40 2021 GMT
* expire date: Aug 23 01:07:39 2021 GMT
* common name: *.appspot.com
* issuer: CN=GTS CA 1O1,O=Google Trust Services,C=US
> GET / HTTP/1.1
> User-Agent: curl/7.29.0
> Host: sitekit.withgoogle.com
> Accept: */*
>
< HTTP/1.1 200 OK
< Content-Type: text/html; charset=utf-8
< Vary: Accept-Encoding
< X-Cloud-Trace-Context: f0ad2afe1e1be1a7fd9d592b1b2e4c62
< Date: Fri, 25 Jun 2021 09:35:19 GMT
< Server: Google Frontend
< Content-Length: 89089
< Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
<
<!DOCTYPE html>
[root@iZ23wv7v5ggZ ~]# curl -v --socks5 127.0.0.1:1081 https://www.youtube.com
* About to connect() to proxy 127.0.0.1 port 1081 (#0)
* Trying 127.0.0.1...
* 172
* 217
* 160
* 110
* Connected to 127.0.0.1 (127.0.0.1) port 1081 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
* CAfile: /etc/pki/tls/certs/ca-bundle.crt
CApath: none
* SSL connection using TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
* Server certificate:
* subject: CN=*.google.com,O=Google LLC,L=Mountain View,ST=California,C=US
* start date: May 31 01:35:44 2021 GMT
* expire date: Aug 23 01:35:43 2021 GMT
* common name: *.google.com
* issuer: CN=GTS CA 1O1,O=Google Trust Services,C=US
> GET / HTTP/1.1
> User-Agent: curl/7.29.0
> Host: www.youtube.com
> Accept: */*
>
< HTTP/1.1 200 OK
< Content-Type: text/html; charset=utf-8
< X-Content-Type-Options: nosniff
< Cache-Control: no-cache, no-store, max-age=0, must-revalidate
< Pragma: no-cache
< Expires: Mon, 01 Jan 1990 00:00:00 GMT
< Date: Mon, 28 Jun 2021 11:09:13 GMT
< X-Frame-Options: SAMEORIGIN
< Strict-Transport-Security: max-age=31536000
< permissions-policy: ch-ua-full-version=*, ch-ua-platform=*, ch-ua-platform-version=*, ch-ua-arch=*, ch-ua-model=*
< P3P: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=en for more info."
< Server: ESF
< X-XSS-Protection: 0
< Set-Cookie: GPS=1; Domain=.youtube.com; Expires=Mon, 28-Jun-2021 11:39:13 GMT; Path=/; Secure; HttpOnly
< Set-Cookie: YSC=Mpx-P60pfFM; Domain=.youtube.com; Path=/; Secure; HttpOnly; SameSite=none
< Set-Cookie: VISITOR_INFO1_LIVE=I25nZHCzTQA; Domain=.youtube.com; Expires=Sat, 25-Dec-2021 11:09:13 GMT; Path=/; Secure; HttpOnly; SameSite=none
< Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
< Accept-Ranges: none
< Vary: Accept-Encoding
< Transfer-Encoding: chunked
<
<!DOCTYPE html><html style="font-size: 10px;font-family: Roboto, Arial, sans-serif;" lang="en" typography typography-spacing><head><meta http-equiv="X-UA-Compatible" content="IE=edge"/><script nonce="m6im/2YfcUAbOVHb8ZzpHQ">var ytcfg={d:function(){return window.yt&&yt.config_||ytcfg.data_||(ytcfg.data_={})},get:function(k,o){return k in ytcfg.d()?ytcfg.d()[k]:o},set:function(){var a=arguments;if(a.length>1)ytcfg.d()[a[0]]=a[1];else for(var k in a[0])ytcfg.d()[k]=a[0][k]}};
13、阿里云服务器开放的端口 1081、8118 需要 运行命令开放。打开防火墙 iptables。如图8
图8
[root@iZ23wv7v5ggZ ~]# cat /etc/sysconfig/iptables # Generated by iptables-save v1.4.21 on Mon Jun 28 19:53:18 2021 *filter :INPUT DROP [2:80] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [247:63813] :syn-flood - [0:0] -A INPUT -p tcp -m tcp --dport 8118 -m state --state NEW -j ACCEPT -A INPUT -p tcp -m tcp --dport 1081 -m state --state NEW -j ACCEPT -A INPUT -p tcp -m tcp --dport 1080 -m state --state NEW -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT -A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT -A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT -A INPUT -p tcp -m state --state NEW -m tcp --dport 21 -j ACCEPT -A INPUT -p tcp -m state --state NEW -m tcp --dport 20000:30000 -j ACCEPT -A INPUT -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT -A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT COMMIT # Completed on Mon Jun 28 19:53:18 2021 [root@iZ23wv7v5ggZ v2ray]# iptables -I INPUT -p tcp --dport 1081 -m state --state NEW -j ACCEPT [root@iZ23wv7v5ggZ v2ray]# service iptables save iptables: Saving firewall rules to /etc/sysconfig/iptables:[ OK ] [root@iZ23wv7v5ggZ v2ray]# cat /etc/sysconfig/iptables # Generated by iptables-save v1.4.21 on Fri Jun 25 17:19:08 2021 *filter :INPUT DROP [2:80] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [580:261280] :syn-flood - [0:0] -A INPUT -p tcp -m tcp --dport 1081 -m state --state NEW -j ACCEPT -A INPUT -p tcp -m tcp --dport 1080 -m state --state NEW -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT -A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT -A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT -A INPUT -p tcp -m state --state NEW -m tcp --dport 21 -j ACCEPT -A INPUT -p tcp -m state --state NEW -m tcp --dport 20000:30000 -j ACCEPT -A INPUT -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT -A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT COMMIT # Completed on Fri Jun 25 17:19:08 2021 [root@iZ23wv7v5ggZ v2ray]#
14、安装配置 Privoxy,修改配置文件 /etc/privoxy/config。如图9
图9
/usr/local/bin/v2ray -test -config /usr/local/etc/v2ray/config.json
[root@iZ23wv7v5ggZ ~]# yum -y install privoxy
Loaded plugins: fastestmirror
Determining fastest mirrors
base | 3.6 kB 00:00
epel | 4.7 kB 00:00
extras | 2.9 kB 00:00
updates | 2.9 kB 00:00
(1/7): base/7/x86_64/group_gz | 153 kB 00:00
(2/7): epel/x86_64/group_gz | 96 kB 00:00
(3/7): epel/x86_64/updateinfo | 1.0 MB 00:00
(4/7): extras/7/x86_64/primary_db | 242 kB 00:00
(5/7): base/7/x86_64/primary_db | 6.1 MB 00:00
(6/7): epel/x86_64/primary_db | 6.9 MB 00:00
(7/7): updates/7/x86_64/primary_db | 8.8 MB 00:00
Resolving Dependencies
--> Running transaction check
---> Package privoxy.x86_64 0:3.0.32-1.el7 will be installed
--> Finished Dependency Resolution
Dependencies Resolved
================================================================================
Package Arch Version Repository Size
================================================================================
Installing:
privoxy x86_64 3.0.32-1.el7 epel 998 k
Transaction Summary
================================================================================
Install 1 Package
Total download size: 998 k
Installed size: 3.1 M
Downloading packages:
privoxy-3.0.32-1.el7.x86_64.rpm | 998 kB 00:00
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Installing : privoxy-3.0.32-1.el7.x86_64 1/1
Verifying : privoxy-3.0.32-1.el7.x86_64 1/1
Installed:
privoxy.x86_64 0:3.0.32-1.el7
Complete!
[root@iZ23wv7v5ggZ ~]# systemctl enable privoxy
Created symlink from /etc/systemd/system/multi-user.target.wants/privoxy.service to /usr/lib/systemd/system/privoxy.service.
[root@iZ23wv7v5ggZ ~]# systemctl start privoxy
[root@iZ23wv7v5ggZ ~]# systemctl status privoxy
● privoxy.service - Privoxy Web Proxy With Advanced Filtering Capabilities
Loaded: loaded (/usr/lib/systemd/system/privoxy.service; enabled; vendor preset: disabled)
Active: active (running) since Thu 2021-06-24 11:08:07 CST; 5s ago
Process: 6845 ExecStart=/usr/sbin/privoxy --pidfile /run/privoxy.pid --user privoxy /etc/privoxy/config (code=exited, status=0/SUCCESS)
Main PID: 6846 (privoxy)
CGroup: /system.slice/privoxy.service
└─6846 /usr/sbin/privoxy --pidfile /run/privoxy.pid --user privoxy...
Jun 24 11:08:06 iZ23wv7v5ggZ systemd[1]: Starting Privoxy Web Proxy With Adv....
Jun 24 11:08:07 iZ23wv7v5ggZ systemd[1]: Started Privoxy Web Proxy With Adva....
Hint: Some lines were ellipsized, use -l to show in full.
[root@iZ23wv7v5ggZ ~]# yum install w3m -y
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
Resolving Dependencies
--> Running transaction check
---> Package w3m.x86_64 0:0.5.3-50.git20210102.el7 will be installed
--> Processing Dependency: libcrypto.so.1.1(OPENSSL_1_1_0)(64bit) for package: w3m-0.5.3-50.git20210102.el7.x86_64
--> Processing Dependency: libssl.so.1.1(OPENSSL_1_1_0)(64bit) for package: w3m-0.5.3-50.git20210102.el7.x86_64
--> Processing Dependency: perl(NKF) for package: w3m-0.5.3-50.git20210102.el7.x86_64
--> Processing Dependency: libcrypto.so.1.1()(64bit) for package: w3m-0.5.3-50.git20210102.el7.x86_64
--> Processing Dependency: libgc.so.1()(64bit) for package: w3m-0.5.3-50.git20210102.el7.x86_64
--> Processing Dependency: libssl.so.1.1()(64bit) for package: w3m-0.5.3-50.git20210102.el7.x86_64
--> Running transaction check
---> Package gc.x86_64 0:7.2d-7.el7 will be installed
---> Package openssl11-libs.x86_64 1:1.1.1g-3.el7 will be installed
---> Package perl-NKF.x86_64 1:2.1.3-5.el7 will be installed
--> Finished Dependency Resolution
Dependencies Resolved
================================================================================
Package Arch Version Repository
Size
================================================================================
Installing:
w3m x86_64 0.5.3-50.git20210102.el7 epel 980 k
Installing for dependencies:
gc x86_64 7.2d-7.el7 base 158 k
openssl11-libs x86_64 1:1.1.1g-3.el7 epel 1.5 M
perl-NKF x86_64 1:2.1.3-5.el7 epel 131 k
Transaction Summary
================================================================================
Install 1 Package (+3 Dependent packages)
Total download size: 2.7 M
Installed size: 6.5 M
Downloading packages:
(1/4): gc-7.2d-7.el7.x86_64.rpm | 158 kB 00:00
(2/4): perl-NKF-2.1.3-5.el7.x86_64.rpm | 131 kB 00:00
(3/4): openssl11-libs-1.1.1g-3.el7.x86_64.rpm | 1.5 MB 00:00
(4/4): w3m-0.5.3-50.git20210102.el7.x86_64.rpm | 980 kB 00:00
--------------------------------------------------------------------------------
Total 5.0 MB/s | 2.7 MB 00:00
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Installing : 1:openssl11-libs-1.1.1g-3.el7.x86_64 1/4
Installing : gc-7.2d-7.el7.x86_64 2/4
Installing : 1:perl-NKF-2.1.3-5.el7.x86_64 3/4
Installing : w3m-0.5.3-50.git20210102.el7.x86_64 4/4
Verifying : 1:perl-NKF-2.1.3-5.el7.x86_64 1/4
Verifying : gc-7.2d-7.el7.x86_64 2/4
Verifying : w3m-0.5.3-50.git20210102.el7.x86_64 3/4
Verifying : 1:openssl11-libs-1.1.1g-3.el7.x86_64 4/4
Installed:
w3m.x86_64 0:0.5.3-50.git20210102.el7
Dependency Installed:
gc.x86_64 0:7.2d-7.el7 openssl11-libs.x86_64 1:1.1.1g-3.el7
perl-NKF.x86_64 1:2.1.3-5.el7
Complete!
[root@iZ23wv7v5ggZ ~]# vi /etc/privoxy/config
[root@iZ23wv7v5ggZ ~]#
listen-address 127.0.0.1:8118 forward-socks5t / 127.0.0.1:1081 .
15、设置 http/https 代理,修改配置文件 /etc/profile。172.16.6.176 为服务器内网IP,表示不用代理。如图10
图10
[root@iZ23wv7v5ggZ ~]# vi /etc/profile
[root@iZ23wv7v5ggZ ~]# systemctl stop privoxy
[root@iZ23wv7v5ggZ ~]# systemctl start privoxy
[root@iZ23wv7v5ggZ ~]# systemctl status privoxy
● privoxy.service - Privoxy Web Proxy With Advanced Filtering Capabilities
Loaded: loaded (/usr/lib/systemd/system/privoxy.service; enabled; vendor preset: disabled)
Active: active (running) since Fri 2021-06-25 19:17:34 CST; 10s ago
Process: 10823 ExecStart=/usr/sbin/privoxy --pidfile /run/privoxy.pid --user privoxy /etc/privoxy/config (code=exited, status=0/SUCCESS)
Main PID: 10824 (privoxy)
CGroup: /system.slice/privoxy.service
└─10824 /usr/sbin/privoxy --pidfile /run/privoxy.pid --user privoxy /etc/privoxy/config
Jun 25 19:17:33 iZ23wv7v5ggZ systemd[1]: Starting Privoxy Web Proxy With Advanced Filtering Capabilities...
Jun 25 19:17:34 iZ23wv7v5ggZ systemd[1]: Started Privoxy Web Proxy With Advanced Filtering Capabilities.
[root@iZ23wv7v5ggZ ~]#
export http_proxy=http://127.0.0.1:8118 export https_proxy=http://127.0.0.1:8118 export ftp_proxy=http://127.0.0.1:8118 export no_proxy="172.16.6.176"
16、测试阿里云服务器基于 curl http 请求 http://httpbin.org/ip、https://www.google.com、https://www.youtube.com。连接成功。如图11
图11
[root@iZ23wv7v5ggZ ~]# curl -v http://httpbin.org/ip
* About to connect() to proxy 127.0.0.1 port 8118 (#0)
* Trying 127.0.0.1...
* Connected to 127.0.0.1 (127.0.0.1) port 8118 (#0)
> GET http://httpbin.org/ip HTTP/1.1
> User-Agent: curl/7.29.0
> Host: httpbin.org
> Accept: */*
> Proxy-Connection: Keep-Alive
>
< HTTP/1.1 200 OK
< Date: Tue, 29 Jun 2021 11:28:55 GMT
< Content-Type: application/json
< Content-Length: 31
< Connection: keep-alive
< Server: gunicorn/19.9.0
< Access-Control-Allow-Origin: *
< Access-Control-Allow-Credentials: true
< Proxy-Connection: keep-alive
<
{
"origin": "14.192.49.13"
}
* Connection #0 to host 127.0.0.1 left intact
[root@iZ23wv7v5ggZ ~]# curl -v http://www.google.com
* About to connect() to proxy 127.0.0.1 port 8118 (#0)
* Trying 127.0.0.1...
* Connected to 127.0.0.1 (127.0.0.1) port 8118 (#0)
> GET http://www.google.com/ HTTP/1.1
> User-Agent: curl/7.29.0
> Host: www.google.com
> Accept: */*
> Proxy-Connection: Keep-Alive
>
< HTTP/1.1 302 Found
< Location: http://www.google.com.hk/url?sa=p&hl=zh-CN&pref=hkredirect&pval=yes&q=http://www.google.com.hk/&ust=1624966178742441&usg=AOvVaw2QC6Lusz__XY4CV4128vDo
< Cache-Control: private
< Content-Type: text/html; charset=UTF-8
< P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
< Date: Tue, 29 Jun 2021 11:29:08 GMT
< Server: gws
< Content-Length: 370
< X-XSS-Protection: 0
< X-Frame-Options: SAMEORIGIN
< Set-Cookie: 1P_JAR=2021-06-29-11; expires=Thu, 29-Jul-2021 11:29:08 GMT; path=/; domain=.google.com; Secure
< Set-Cookie: NID=218=mAQ-WwaoohthEWglgFX6uc1oS1THml90khjAACvGj_9OGJ73I3SvN6kwGB4ahRX3uZh5Sw0__Q-y5ahjTAvJtItGntahKmj_d4ESUipCEyIjCRsskk88MU_sF6xOPwhvpqQdY3Zs5ZdscNbvbvB5Z0n0iVnRtGayv2Is44Z8phc; expires=Wed, 29-Dec-2021 11:29:08 GMT; path=/; domain=.google.com; HttpOnly
< Proxy-Connection: keep-alive
<
<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
<TITLE>302 Moved</TITLE></HEAD><BODY>
<H1>302 Moved</H1>
The document has moved
<A HREF="http://www.google.com.hk/url?sa=p&hl=zh-CN&pref=hkredirect&pval=yes&q=http://www.google.com.hk/&ust=1624966178742441&usg=AOvVaw2QC6Lusz__XY4CV4128vDo">here</A>.
</BODY></HTML>
* Connection #0 to host 127.0.0.1 left intact
[root@iZ23wv7v5ggZ ~]# curl -v https://www.google.com
* About to connect() to proxy 127.0.0.1 port 8118 (#0)
* Trying 127.0.0.1...
* Connected to 127.0.0.1 (127.0.0.1) port 8118 (#0)
* Establish HTTP proxy tunnel to www.google.com:443
> CONNECT www.google.com:443 HTTP/1.1
> Host: www.google.com:443
> User-Agent: curl/7.29.0
> Proxy-Connection: Keep-Alive
>
< HTTP/1.1 200 Connection established
<
* Proxy replied OK to CONNECT request
* Initializing NSS with certpath: sql:/etc/pki/nssdb
* CAfile: /etc/pki/tls/certs/ca-bundle.crt
CApath: none
* SSL connection using TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
* Server certificate:
* subject: CN=www.google.com,O=Google LLC,L=Mountain View,ST=California,C=US
* start date: May 31 03:52:12 2021 GMT
* expire date: Aug 23 03:52:11 2021 GMT
* common name: www.google.com
* issuer: CN=GTS CA 1O1,O=Google Trust Services,C=US
> GET / HTTP/1.1
> User-Agent: curl/7.29.0
> Host: www.google.com
> Accept: */*
>
< HTTP/1.1 302 Found
< Location: https://www.google.com.hk/url?sa=p&hl=zh-CN&pref=hkredirect&pval=yes&q=https://www.google.com.hk/&ust=1624966197905473&usg=AOvVaw3rpxJ3M42WvO-874oCUUAA
< Cache-Control: private
< Content-Type: text/html; charset=UTF-8
< P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
< Date: Tue, 29 Jun 2021 11:29:27 GMT
< Server: gws
< Content-Length: 372
< X-XSS-Protection: 0
< X-Frame-Options: SAMEORIGIN
< Set-Cookie: 1P_JAR=2021-06-29-11; expires=Thu, 29-Jul-2021 11:29:27 GMT; path=/; domain=.google.com; Secure
< Set-Cookie: NID=218=Oer550Xi5XY2PWWVqYODOuO0eo3bDFJv7wRpooU1FMnNvfWZSI9azb4-oPY_CIbBjn1Wyt4ycJYne9IHTdySDugiDbXhZeEnWSt66bpphBWLPcNyQyEqIS1ltdCHGJw_C8XV3LSlF2NSUbtI825BQGha3baM6qJVvQI2x2Pj-XU; expires=Wed, 29-Dec-2021 11:29:27 GMT; path=/; domain=.google.com; HttpOnly
< Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
<
<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
<TITLE>302 Moved</TITLE></HEAD><BODY>
<H1>302 Moved</H1>
The document has moved
<A HREF="https://www.google.com.hk/url?sa=p&hl=zh-CN&pref=hkredirect&pval=yes&q=https://www.google.com.hk/&ust=1624966197905473&usg=AOvVaw3rpxJ3M42WvO-874oCUUAA">here</A>.
</BODY></HTML>
* Connection #0 to host 127.0.0.1 left intact
[root@iZ23wv7v5ggZ ~]# curl -v https://sitekit.withgoogle.com
* About to connect() to proxy 127.0.0.1 port 8118 (#0)
* Trying 127.0.0.1...
* Connected to 127.0.0.1 (127.0.0.1) port 8118 (#0)
* Establish HTTP proxy tunnel to sitekit.withgoogle.com:443
> CONNECT sitekit.withgoogle.com:443 HTTP/1.1
> Host: sitekit.withgoogle.com:443
> User-Agent: curl/7.29.0
> Proxy-Connection: Keep-Alive
>
< HTTP/1.1 200 Connection established
<
* Proxy replied OK to CONNECT request
* Initializing NSS with certpath: sql:/etc/pki/nssdb
* CAfile: /etc/pki/tls/certs/ca-bundle.crt
CApath: none
* SSL connection using TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
* Server certificate:
* subject: CN=*.appspot.com,O=Google LLC,L=Mountain View,ST=California,C=US
* start date: Jun 07 01:07:29 2021 GMT
* expire date: Aug 30 01:07:28 2021 GMT
* common name: *.appspot.com
* issuer: CN=GTS CA 1O1,O=Google Trust Services,C=US
> GET / HTTP/1.1
> User-Agent: curl/7.29.0
> Host: sitekit.withgoogle.com
> Accept: */*
>
< HTTP/1.1 200 OK
< Content-Type: text/html; charset=utf-8
< Vary: Accept-Encoding
< X-Cloud-Trace-Context: 803be8061a081faa119115967f932ca2
< Date: Tue, 29 Jun 2021 11:29:47 GMT
< Server: Google Frontend
< Content-Length: 89089
< Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
<
<!DOCTYPE html>
<html lang="en-US" class="no-js glue-flexbox glue-app-ready" amp="" i-amphtml-layout="" i-amphtml-no-boilerplate="" transformed="self;v=1">^C
[root@iZ23wv7v5ggZ ~]# curl -v https://www.youtube.com
* About to connect() to proxy 127.0.0.1 port 8118 (#0)
* Trying 127.0.0.1...
* Connected to 127.0.0.1 (127.0.0.1) port 8118 (#0)
* Establish HTTP proxy tunnel to www.youtube.com:443
> CONNECT www.youtube.com:443 HTTP/1.1
> Host: www.youtube.com:443
> User-Agent: curl/7.29.0
> Proxy-Connection: Keep-Alive
>
< HTTP/1.1 200 Connection established
<
* Proxy replied OK to CONNECT request
* Initializing NSS with certpath: sql:/etc/pki/nssdb
* CAfile: /etc/pki/tls/certs/ca-bundle.crt
CApath: none
* SSL connection using TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
* Server certificate:
* subject: CN=*.google.com,O=Google LLC,L=Mountain View,ST=California,C=US
* start date: May 31 01:35:44 2021 GMT
* expire date: Aug 23 01:35:43 2021 GMT
* common name: *.google.com
* issuer: CN=GTS CA 1O1,O=Google Trust Services,C=US
> GET / HTTP/1.1
> User-Agent: curl/7.29.0
> Host: www.youtube.com
> Accept: */*
>
< HTTP/1.1 200 OK
< Content-Type: text/html; charset=utf-8
< X-Content-Type-Options: nosniff
< Cache-Control: no-cache, no-store, max-age=0, must-revalidate
< Pragma: no-cache
< Expires: Mon, 01 Jan 1990 00:00:00 GMT
< Date: Tue, 29 Jun 2021 11:30:03 GMT
< X-Frame-Options: SAMEORIGIN
< Strict-Transport-Security: max-age=31536000
< permissions-policy: ch-ua-full-version=*, ch-ua-platform=*, ch-ua-platform-version=*, ch-ua-arch=*, ch-ua-model=*
< P3P: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=en for more info."
< Server: ESF
< X-XSS-Protection: 0
< Set-Cookie: GPS=1; Domain=.youtube.com; Expires=Tue, 29-Jun-2021 12:00:03 GMT; Path=/; Secure; HttpOnly
< Set-Cookie: YSC=qYlVjgY4Muk; Domain=.youtube.com; Path=/; Secure; HttpOnly; SameSite=none
< Set-Cookie: VISITOR_INFO1_LIVE=kVRgqbeY_lI; Domain=.youtube.com; Expires=Sun, 26-Dec-2021 11:30:03 GMT; Path=/; Secure; HttpOnly; SameSite=none
< Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
< Accept-Ranges: none
< Vary: Accept-Encoding
< Transfer-Encoding: chunked
<
<!DOCTYPE html>^C
[root@iZ23wv7v5ggZ ~]#
原创文章,作者:ItWorker,如若转载,请注明出处:https://blog.ytso.com/tech/pnotes/250582.html