反代谷歌
这里采取的方案是Nginx前端(cache+http2+chacha20)+ezgoo后端。
前提依旧是,我们已经把域名指向了服务器并且为该域名申请了一份ssl证书(或自签)。
一,编译配置Nginx
这里顺便也把ngx_http_google_filter_module模块一并编入,使用libressl替代openssl。
1,安装依赖
apt-get update apt-get install -y tar unzip build-essential supervisor git ca-certificates bash-completion apt-get install -y zlib1g-dev libbz2-dev libpcre3 libpcre3-dev libssl-dev libperl-dev libxslt1-dev libgd2-xpm-dev libgeoip-dev libpam0g-dev libc6-dev apt-get clean
2,创建相关文件夹
mkdir -p /var/www/html > /dev/null 2>&1 mkdir -p /var/{lib,log}/nginx > /dev/null 2>&1 mkdir -p /etc/nginx/{conf.d,sites-enabled} > /dev/null 2>&1 mkdir -p /home/cache/{temp,path} > /dev/null 2>&1
3,编译
configure选项参考包安装的Nginx。执行下面的命令
LibreSSL_V=2.2.5 Nginx_V=1.9.9 mkdir -p NGINX/{libressl,Nginx} cd NGINX wget -c http://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-${LibreSSL_V}.tar.gz wget -c http://nginx.org/download/nginx-${Nginx_V}.tar.gz tar xf libressl-${LibreSSL_V}.tar.gz -C libressl --strip-components=1 tar xf nginx-${Nginx_V}.tar.gz -C Nginx --strip-components=1 git clone https://github.com/stogh/ngx_http_auth_pam_module.git git clone https://github.com/gnosek/nginx-upstream-fair.git git clone https://github.com/cuber/ngx_http_google_filter_module.git git clone https://github.com/arut/nginx-dav-ext-module.git git clone https://github.com/yaoweibin/ngx_http_substitutions_filter_module.git cd Nginx ./configure --user=www-data --group=www-data --prefix=/usr/share/nginx --sbin-path=/usr/sbin/nginx --conf-path=/etc/nginx/nginx.conf --http-log-path=/var/log/nginx/access.log --error-log-path=/var/log/nginx/error.log --lock-path=/var/lock/nginx.lock --pid-path=/run/nginx.pid --http-client-body-temp-path=/var/lib/nginx/body --http-fastcgi-temp-path=/var/lib/nginx/fastcgi --http-proxy-temp-path=/var/lib/nginx/proxy --http-scgi-temp-path=/var/lib/nginx/scgi --http-uwsgi-temp-path=/var/lib/nginx/uwsgi --with-debug --with-pcre-jit --with-ipv6 --with-http_ssl_module --with-http_stub_status_module --with-http_realip_module --with-http_auth_request_module --with-http_gunzip_module --with-file-aio --with-threads --with-http_v2_module --with-http_addition_module --with-http_dav_module --with-http_geoip_module --with-http_gzip_static_module --with-http_image_filter_module --with-http_secure_link_module --with-http_sub_module --with-http_xslt_module --with-mail --with-mail_ssl_module \ --add-module=../ngx_http_google_filter_module \ --add-module=../ngx_http_substitutions_filter_module \ --add-module=../ngx_http_auth_pam_module \ --add-module=../nginx-upstream-fair \ --add-module=../nginx-dav-ext-module \ --with-openssl=../libressl \ --with-ld-opt="-lrt" make -j"$(nproc)" strip -s objs/nginx
4,安装
首先查看是否存在www-data用户
cat /etc/shadow|grep -E '^www-data:'
a,如果曾经用apt安装了Nginx,这个用户一般是存在的,只需先停止Nginx进程
/etc/init.d/nginx stop
覆盖原来的Nginx可执行文件
cp -f objs/nginx /usr/sbin/nginx
需要注意的是Nginx自从1.9.5版本之后,原来配置文件中的spdy参数务必修改为http2。
修改完成配置后,可以测试原来的配置文件
nginx -t
b,如果没有安装过Nginx,首先加个启动文件,开机自启
wget -c --no-check-certificate https://raw.githubusercontent.com/fanyueciyuan/eazy-for-ss/master/nginx/nginx -O /etc/init.d/nginx chmod 755 /etc/init.d/nginx update-rc.d nginx defaults
添加用户和组,把相应文件权限处理一下
groupadd www-data useradd -s /sbin/nologin -g www-data www-data chown -R www-data:www-data /home/cache chown -R www-data:www-data /var/www
最后进行安装
make install
5,配置
关于nginx.conf参考配置
user www-data; worker_processes auto; pid /run/nginx.pid; worker_rlimit_nofile 51200; events { use epoll; worker_connections 51200; multi_accept on; } http { ## # Basic Settings ## sendfile on; tcp_nopush on; tcp_nodelay on; keepalive_timeout 60; types_hash_max_size 2048; server_tokens off; proxy_hide_header X-Powered-By; include /etc/nginx/mime.types; default_type application/octet-stream; ## # Logging Settings ## access_log /var/log/nginx/access.log; error_log /var/log/nginx/error.log; ## # Gzip Settings ## gzip on; gzip_disable "msie6"; gzip_vary on; gzip_proxied any; gzip_comp_level 6; gzip_min_length 1000; gzip_buffers 16 8k; gzip_http_version 1.1; gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript; ## # nginx-naxsi config ## # Uncomment it if you installed nginx-naxsi ## #include /etc/nginx/naxsi_core.rules; ## # Cache Settings ## client_body_buffer_size 512k; proxy_connect_timeout 5; proxy_read_timeout 60; proxy_send_timeout 5; proxy_buffer_size 16k; proxy_buffers 4 64k; proxy_busy_buffers_size 128k; proxy_temp_file_write_size 128k; proxy_temp_path /home/cache/temp; proxy_cache_path /home/cache/path levels=1:2 keys_zone=cache_one:10m inactive=7d max_size=1g; ## # TLS Settings ## ssl_session_cache shared:SSL:10m; ssl_session_timeout 10m; ssl_session_tickets on; add_header Strict-Transport-Security "max-age=63072000; preload"; ssl_stapling on; ssl_stapling_verify on; resolver 8.8.4.4 8.8.8.8 valid=300s; resolver_timeout 10s; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5; ssl_ecdh_curve secp384r1; ssl_prefer_server_ciphers on; ## # Virtual Host Configs ## include /etc/nginx/conf.d/*.conf; include /etc/nginx/sites-enabled/*; }
在/etc/nginx/conf.d/文件夹下添加ezgoo.conf配置
server { listen 80; server_name gg.xxx.xxx; rewrite ^(.*) https://gg.xxx.xxx$1 permanent; } server { listen 443 ssl http2; server_name gg.xxx.xxx; ssl_certificate /etc/nginx/gg.xxx.xxx.crt; ssl_certificate_key /etc/nginx/gg.xxx.xxx.key; location / { # using cache proxy_cache cache_one; # 前面定义的key_zone name proxy_cache_lock on; proxy_cache_key $host$uri$is_args$args; proxy_cache_valid 200 3d; proxy_cache_use_stale error timeout updating; # add cache status header add_header X-Cache $upstream_cache_status; # back-end # 下面的三个header非常重要 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto https; proxy_set_header X-Forwarded-Host $http_host; proxy_http_version 1.1; proxy_redirect off; # Your address:port proxy_pass http://localhost:8080; } }
由于在编译Nginx的时候,已经把ngx_http_google_filter_module模块编译进去了,可以直接在/etc/nginx/conf.d/文件夹下添加google-nginx.conf的配置,不依赖ezgoo,这样直接启动Nginx即可,后面的步骤略掉。
server { listen 80; server_name gg.xxxx.xx; rewrite ^(.*) https://gg.xxxx.xx$1 permanent; } server { listen 443 ssl http2; server_name gg.xxxx.xx; ssl_certificate /etc/nginx/gg.xxxx.xx.crt; ssl_certificate_key /etc/nginx/gg.xxxx.xx.key; resolver 8.8.4.4; location / { google on; google_scholar on; google_language zh-TW; } }
二,搭建Golang环境
可以在https://golang.org/dl/(被墙)找到最新Golang对应版本下载地址。
cd /mnt wget -c https://storage.googleapis.com/golang/go1.5.2.linux-amd64.tar.gz tar xf go1.5.2.linux-amd64.tar.gz cd ~
修改.profile文件,添加下面几行
export GOROOT=/mnt/go export GOPATH=/mnt/go/user export PATH=$PATH:$GOROOT/bin:$GOPATH/bin
然后当前shell载入配置
. .profile
到此go环境搭建完毕。还可以安装上个跨平台编译工具gox
go get github.com/mitchellh/gox
三,安装配置ezgoo
1,安装或者更新
go get github.com/Lafeng/ezgoo
2,配置测试
按照惯例把配置文件复制到/etc/ezgoo文件夹
mkdir /etc/ezgoo cp -R /mnt/go/user/src/github.com/Lafeng/ezgoo/dist /etc/ezgoo/
修改config.ini,让它监听本地位置
... [HTTP.Server] # listen [address]:port Listen = 127.0.0.1:8080 ...
把[ClientRestriction]下面的项目都注释掉,取消各种限制。
然后运行测试
ezgoo -dir /etc/ezgoo/dist
3,进程守护
使用supervisor来守护进程。
写入/etc/supervisor/conf.d/ezgoo.conf如下内容
[program:ezgoo] command=/mnt/go/user/bin/ezgoo -dir /etc/ezgoo/dist user=www-data autostart=true autorestart=true
然后重新载入一下
supervisorctl reload
上一篇 : waifu2x-caffe扩图 下一篇 : 通过goproxy(phuslu)实现HTTP/2代理
仅有 1 条评论
[...]上一篇 : 反代谷歌 下一篇 : 编译客户端备忘[...]