您的位置: 首页 » 翻越奥义 » 反代谷歌

反代谷歌

作者:liyangyijie / 时间:January 7, 2016 /分类:翻越奥义 / 标签:none /阅览次数:6,408

这里采取的方案是Nginx前端(cache+http2+chacha20)+ezgoo后端。

前提依旧是,我们已经把域名指向了服务器并且为该域名申请了一份ssl证书(或自签)。

一,编译配置Nginx

这里顺便也把ngx_http_google_filter_module模块一并编入,使用libressl替代openssl。

1,安装依赖

apt-get update
apt-get install -y tar unzip build-essential supervisor git ca-certificates bash-completion
apt-get install -y zlib1g-dev libbz2-dev libpcre3 libpcre3-dev libssl-dev libperl-dev libxslt1-dev libgd2-xpm-dev libgeoip-dev libpam0g-dev libc6-dev
apt-get clean

2,创建相关文件夹

mkdir -p /var/www/html > /dev/null 2>&1
mkdir -p /var/{lib,log}/nginx > /dev/null 2>&1
mkdir -p /etc/nginx/{conf.d,sites-enabled} > /dev/null 2>&1
mkdir -p /home/cache/{temp,path} > /dev/null 2>&1

3,编译

configure选项参考包安装的Nginx。执行下面的命令

LibreSSL_V=2.2.5
Nginx_V=1.9.9
mkdir -p NGINX/{libressl,Nginx}
cd NGINX
wget -c http://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-${LibreSSL_V}.tar.gz
wget -c http://nginx.org/download/nginx-${Nginx_V}.tar.gz
tar xf libressl-${LibreSSL_V}.tar.gz -C libressl --strip-components=1
tar xf nginx-${Nginx_V}.tar.gz -C Nginx --strip-components=1
git clone https://github.com/stogh/ngx_http_auth_pam_module.git
git clone https://github.com/gnosek/nginx-upstream-fair.git
git clone https://github.com/cuber/ngx_http_google_filter_module.git
git clone https://github.com/arut/nginx-dav-ext-module.git
git clone https://github.com/yaoweibin/ngx_http_substitutions_filter_module.git
cd Nginx
./configure --user=www-data --group=www-data --prefix=/usr/share/nginx --sbin-path=/usr/sbin/nginx --conf-path=/etc/nginx/nginx.conf --http-log-path=/var/log/nginx/access.log --error-log-path=/var/log/nginx/error.log --lock-path=/var/lock/nginx.lock --pid-path=/run/nginx.pid --http-client-body-temp-path=/var/lib/nginx/body --http-fastcgi-temp-path=/var/lib/nginx/fastcgi --http-proxy-temp-path=/var/lib/nginx/proxy --http-scgi-temp-path=/var/lib/nginx/scgi --http-uwsgi-temp-path=/var/lib/nginx/uwsgi --with-debug --with-pcre-jit --with-ipv6 --with-http_ssl_module --with-http_stub_status_module --with-http_realip_module --with-http_auth_request_module --with-http_gunzip_module --with-file-aio --with-threads --with-http_v2_module --with-http_addition_module --with-http_dav_module --with-http_geoip_module --with-http_gzip_static_module --with-http_image_filter_module --with-http_secure_link_module --with-http_sub_module --with-http_xslt_module --with-mail --with-mail_ssl_module \
--add-module=../ngx_http_google_filter_module \
--add-module=../ngx_http_substitutions_filter_module \
--add-module=../ngx_http_auth_pam_module \
--add-module=../nginx-upstream-fair \
--add-module=../nginx-dav-ext-module \
--with-openssl=../libressl \
--with-ld-opt="-lrt"
make -j"$(nproc)"
strip -s objs/nginx

4,安装

首先查看是否存在www-data用户

cat /etc/shadow|grep -E '^www-data:'

a,如果曾经用apt安装了Nginx,这个用户一般是存在的,只需先停止Nginx进程

/etc/init.d/nginx stop

覆盖原来的Nginx可执行文件

cp -f objs/nginx /usr/sbin/nginx

需要注意的是Nginx自从1.9.5版本之后,原来配置文件中的spdy参数务必修改为http2。
修改完成配置后,可以测试原来的配置文件

nginx -t

b,如果没有安装过Nginx,首先加个启动文件,开机自启

wget -c --no-check-certificate https://raw.githubusercontent.com/fanyueciyuan/eazy-for-ss/master/nginx/nginx -O /etc/init.d/nginx
chmod 755 /etc/init.d/nginx
update-rc.d nginx defaults

添加用户和组,把相应文件权限处理一下

groupadd www-data
useradd -s /sbin/nologin -g www-data www-data
chown -R www-data:www-data /home/cache
chown -R www-data:www-data /var/www

最后进行安装

make install

5,配置
关于nginx.conf参考配置

user www-data;
worker_processes auto;
pid /run/nginx.pid;
worker_rlimit_nofile 51200;
events {
    use epoll;
    worker_connections 51200;
    multi_accept on;
}
http {
    ##
    # Basic Settings
    ##
    sendfile on;
    tcp_nopush on;
    tcp_nodelay on;
    keepalive_timeout 60;
    types_hash_max_size 2048;
    server_tokens off;
    proxy_hide_header X-Powered-By;
    include /etc/nginx/mime.types;
    default_type application/octet-stream;
    ##
    # Logging Settings
    ##
    access_log /var/log/nginx/access.log;
    error_log /var/log/nginx/error.log;
    ##
    # Gzip Settings
    ##
    gzip on;
    gzip_disable "msie6";
    gzip_vary on;
    gzip_proxied any;
    gzip_comp_level 6;
    gzip_min_length  1000;
    gzip_buffers 16 8k;
    gzip_http_version 1.1;
    gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;
    ##
    # nginx-naxsi config
    ##
    # Uncomment it if you installed nginx-naxsi
    ##
    #include /etc/nginx/naxsi_core.rules;
    ##
    # Cache Settings
    ##
    client_body_buffer_size  512k;
    proxy_connect_timeout    5;
    proxy_read_timeout       60;
    proxy_send_timeout       5;
    proxy_buffer_size        16k;
    proxy_buffers            4 64k;
    proxy_busy_buffers_size 128k;
    proxy_temp_file_write_size 128k;
    proxy_temp_path   /home/cache/temp;
    proxy_cache_path  /home/cache/path levels=1:2 keys_zone=cache_one:10m inactive=7d max_size=1g;
    ##
    # TLS Settings
    ##
    ssl_session_cache shared:SSL:10m;
    ssl_session_timeout 10m;
    ssl_session_tickets  on;
    add_header Strict-Transport-Security "max-age=63072000; preload";
    ssl_stapling         on;
    ssl_stapling_verify  on;
    resolver             8.8.4.4 8.8.8.8  valid=300s;
    resolver_timeout     10s;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
    ssl_ecdh_curve secp384r1;
    ssl_prefer_server_ciphers on;
    ##
    # Virtual Host Configs
    ##
    include /etc/nginx/conf.d/*.conf;
    include /etc/nginx/sites-enabled/*;
}

在/etc/nginx/conf.d/文件夹下添加ezgoo.conf配置

server {
listen 80;
server_name gg.xxx.xxx;
rewrite ^(.*) https://gg.xxx.xxx$1 permanent;
}
server {
listen 443 ssl http2;
server_name gg.xxx.xxx;
ssl_certificate /etc/nginx/gg.xxx.xxx.crt;
ssl_certificate_key /etc/nginx/gg.xxx.xxx.key;
    location / {
        # using cache
        proxy_cache             cache_one;   # 前面定义的key_zone name
        proxy_cache_lock        on;
        proxy_cache_key         $host$uri$is_args$args;
        proxy_cache_valid       200 3d;
        proxy_cache_use_stale   error timeout updating;
        # add cache status header
        add_header          X-Cache $upstream_cache_status;
        # back-end
        # 下面的三个header非常重要
        proxy_set_header    X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header    X-Forwarded-Proto https;
        proxy_set_header    X-Forwarded-Host $http_host;
        proxy_http_version  1.1;
        proxy_redirect      off;
                            # Your address:port
        proxy_pass          http://localhost:8080;
    }
}

由于在编译Nginx的时候,已经把ngx_http_google_filter_module模块编译进去了,可以直接在/etc/nginx/conf.d/文件夹下添加google-nginx.conf的配置,不依赖ezgoo,这样直接启动Nginx即可,后面的步骤略掉。

server {
    listen 80;
    server_name gg.xxxx.xx;
    rewrite ^(.*) https://gg.xxxx.xx$1 permanent;
}
server {
    listen 443 ssl http2;
    server_name gg.xxxx.xx;
    ssl_certificate /etc/nginx/gg.xxxx.xx.crt;
    ssl_certificate_key /etc/nginx/gg.xxxx.xx.key;
    resolver 8.8.4.4;
    location / {
        google on;
        google_scholar on;
        google_language zh-TW;
    }
}

二,搭建Golang环境

可以在https://golang.org/dl/(被墙)找到最新Golang对应版本下载地址。

cd /mnt
wget -c https://storage.googleapis.com/golang/go1.5.2.linux-amd64.tar.gz
tar xf go1.5.2.linux-amd64.tar.gz
cd ~

修改.profile文件,添加下面几行

export GOROOT=/mnt/go
export GOPATH=/mnt/go/user
export PATH=$PATH:$GOROOT/bin:$GOPATH/bin

然后当前shell载入配置

. .profile

到此go环境搭建完毕。还可以安装上个跨平台编译工具gox

go get github.com/mitchellh/gox

三,安装配置ezgoo

1,安装或者更新

go get github.com/Lafeng/ezgoo

2,配置测试

按照惯例把配置文件复制到/etc/ezgoo文件夹

mkdir /etc/ezgoo
cp -R /mnt/go/user/src/github.com/Lafeng/ezgoo/dist /etc/ezgoo/

修改config.ini,让它监听本地位置

...
[HTTP.Server]
# listen [address]:port
Listen = 127.0.0.1:8080
...

把[ClientRestriction]下面的项目都注释掉,取消各种限制。

然后运行测试

ezgoo -dir /etc/ezgoo/dist

3,进程守护

使用supervisor来守护进程。

写入/etc/supervisor/conf.d/ezgoo.conf如下内容

[program:ezgoo]
command=/mnt/go/user/bin/ezgoo -dir /etc/ezgoo/dist
user=www-data
autostart=true
autorestart=true

然后重新载入一下

supervisorctl reload


上一篇 : waifu2x-caffe扩图 下一篇 : 通过goproxy(phuslu)实现HTTP/2代理

仅有 1 条评论

  1. [...]上一篇 : 反代谷歌 下一篇 : 编译客户端备忘[...]

添加新评论