ss-panel v3前端与ss-manyuser后端配置sup

2018-10-31 本文已影响15人此十八

前一段时间帮别人配置ss panel，收获不少截图（笑）

2016.8.17(今天好像是某蛤90大寿)更新:

由于最近几版SS-PANEL变化挺大，所以更新这文章。

这是一个sspanel v3 配置的完整教程，我用的是lnmp框架，当然lamp也是可以的，安装lnmp的过程我就不说了。

一，安装ss-panel

首先我们进入网站目录
cd /home/wwwroot/ss.iforday.com

image
Centos:
yum install git -y
Debian/Ubuntu
apt-get install git -y
下载SS-Panel源码
git clone https://github.com/orvice/ss-panel.git

image
cp -R ss-panel/. ./

cp .env.example .env
vim .env

image

按照提示输入你数据库信息和站点信息，保存
如果你启用了redis,那么要安装redis
Centos:

<pre style="text-shadow: rgba(0, 0, 0, 0.08) 0px 0px 1px; -webkit-font-smoothing: antialiased !important; border: 1px dashed rgba(0, 0, 0, 0.1); font-family: monospace, serif; font-size: 15px; font-style: normal; font-weight: 400; margin: 0px 0px 21px; outline: 0px; padding: 12px; vertical-align: baseline; hyphens: none; line-height: 1.6; max-width: 100%; overflow: auto; white-space: pre-wrap; word-wrap: break-word; color: rgb(85, 89, 94); font-variant-ligatures: normal; font-variant-caps: normal; letter-spacing: normal; orphans: 2; text-align: start; text-indent: 0px; text-transform: none; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; background-color: rgb(255, 255, 255); text-decoration-style: initial; text-decoration-color: initial;">yum install epel-release -y
yum install redis -y</pre>

Debian/Ubuntu:
apt-get install redis-server -y
然后启动redis
systemctl start redis.service
测试redis
redis-cli ping
看到PONG就是测试通过
安装composer

<pre style="text-shadow: rgba(0, 0, 0, 0.08) 0px 0px 1px; -webkit-font-smoothing: antialiased !important; border: 1px dashed rgba(0, 0, 0, 0.1); font-family: monospace, serif; font-size: 15px; font-style: normal; font-weight: 400; margin: 0px 0px 21px; outline: 0px; padding: 12px; vertical-align: baseline; hyphens: none; line-height: 1.6; max-width: 100%; overflow: auto; white-space: pre-wrap; word-wrap: break-word; color: rgb(85, 89, 94); font-variant-ligatures: normal; font-variant-caps: normal; letter-spacing: normal; orphans: 2; text-align: start; text-indent: 0px; text-transform: none; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; background-color: rgb(255, 255, 255); text-decoration-style: initial; text-decoration-color: initial;">curl -sS https://getcomposer.org/installer | php
php composer.phar install</pre>

如果像这样报错

image
可以试试使用php composer.phar update
把目录下的db-160305.sql(文件名不一定，大致这样)导入数据库
可以通过phpmyadmin实现
添加管理员账号:
php xcat createAdmin
按提示填写信息即可

然后给文件权限:
chmod -R 777 storage
lnmp需要给www用户访问目录权限:
chown -R www /home/wwwroot/ss.iforday.com/
到这里我们对网站目录下的配置就完成了
下面我们对nginx的配置进行修改
我们进入nginx的conf目录，修改网站的配置文件
在root /home/wwwroot/ss.iforday.com后面加入/pubilc
在下面加入

<pre style="text-shadow: rgba(0, 0, 0, 0.08) 0px 0px 1px; -webkit-font-smoothing: antialiased !important; border: 1px dashed rgba(0, 0, 0, 0.1); font-family: monospace, serif; font-size: 15px; font-style: normal; font-weight: 400; margin: 0px 0px 21px; outline: 0px; padding: 12px; vertical-align: baseline; hyphens: none; line-height: 1.6; max-width: 100%; overflow: auto; white-space: pre-wrap; word-wrap: break-word; color: rgb(85, 89, 94); font-variant-ligatures: normal; font-variant-caps: normal; letter-spacing: normal; orphans: 2; text-align: start; text-indent: 0px; text-transform: none; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; background-color: rgb(255, 255, 255); text-decoration-style: initial; text-decoration-color: initial;">location / {
try_files $uri$ uri/ /index.php $is_args$ args;
}</pre>

image
保存退出，重启nginx:

这时候前端已经搭好，你的网站已经可以正常访问，下面我们进行后端(manyuser)的配置

二，安装shadowsocks manyuser

首先要授权远程访问mysql:
在数据库所在的机器执行mysql -uroot -p
输入你的数据库密码，执行use mysql;
再输入:

<pre style="text-shadow: rgba(0, 0, 0, 0.08) 0px 0px 1px; -webkit-font-smoothing: antialiased !important; border: 1px dashed rgba(0, 0, 0, 0.1); font-family: monospace, serif; font-size: 15px; font-style: normal; font-weight: 400; margin: 0px 0px 21px; outline: 0px; padding: 12px; vertical-align: baseline; hyphens: none; line-height: 1.6; max-width: 100%; overflow: auto; white-space: pre-wrap; word-wrap: break-word; color: rgb(85, 89, 94); font-variant-ligatures: normal; font-variant-caps: normal; letter-spacing: normal; orphans: 2; text-align: start; text-indent: 0px; text-transform: none; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; background-color: rgb(255, 255, 255); text-decoration-style: initial; text-decoration-color: initial;">grant all privileges on . to '数据库名'@'manyuser所在ip'identified by '密码' with grant option;</pre>

按Ctrl + C 退出mysql控制台
shadowsocks-manyuser有许多版本:

ssr版:
git clone -b manyuser https://github.com/breakwa11/shadowsocks.git
rm版:
git clone -b manyuser https://github.com/mengskysama/shadowsocks-rm.git
普通版:
git clone -b manyuser https://github.com/mengskysama/shadowsocks.git
我推荐使用shadowsocks-rm

我们下载shadowsocks-rm的源码
git clone -b manyuser https://github.com/mengskysama/shadowsocks-rm.git
安装pip包管理器

Centos：

Debian/Ubuntu：

<pre style="text-shadow: rgba(0, 0, 0, 0.08) 0px 0px 1px; -webkit-font-smoothing: antialiased !important; border: 1px dashed rgba(0, 0, 0, 0.1); font-family: monospace, serif; font-size: 15px; font-style: normal; font-weight: 400; margin: 0px 0px 21px; outline: 0px; padding: 12px; vertical-align: baseline; hyphens: none; line-height: 1.6; max-width: 100%; overflow: auto; white-space: pre-wrap; word-wrap: break-word; color: rgb(85, 89, 94); font-variant-ligatures: normal; font-variant-caps: normal; letter-spacing: normal; orphans: 2; text-align: start; text-indent: 0px; text-transform: none; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; background-color: rgb(255, 255, 255); text-decoration-style: initial; text-decoration-color: initial;">apt-get install python-pip -y
apt-get install git -y</pre>

安装cysql:
pip install cymysql
进入文件夹:

修改config:
vim config.py

image
将刚才在sspanel配置文件中填的数据库地址填到这，下面的SS_METHOD是加密方式，可以自行修改
然后执行python servers.py

image
像这样就是成功了，如果不行，多半是端口没开或者sspanel中没给流量...

如果你感觉 root:db loop 看起来不爽，你可以在config.py下面找到LOG_ENABLE,改成True就不会出现了

然后你会发现ssh一断开，服务端也就关闭了，所以我们通过screen保持他在后台运行

在这里我们还需要打开iptables的防火墙:
举个栗子，通过下面的代码可以打开10000到20000之间的所有端口

<pre style="text-shadow: rgba(0, 0, 0, 0.08) 0px 0px 1px; -webkit-font-smoothing: antialiased !important; border: 1px dashed rgba(0, 0, 0, 0.1); font-family: monospace, serif; font-size: 15px; font-style: normal; font-weight: 400; margin: 0px 0px 21px; outline: 0px; padding: 12px; vertical-align: baseline; hyphens: none; line-height: 1.6; max-width: 100%; overflow: auto; white-space: pre-wrap; word-wrap: break-word; color: rgb(85, 89, 94); font-variant-ligatures: normal; font-variant-caps: normal; letter-spacing: normal; orphans: 2; text-align: start; text-indent: 0px; text-transform: none; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; background-color: rgb(255, 255, 255); text-decoration-style: initial; text-decoration-color: initial;">iptables -I INPUT -p tcp -m tcp --dport 10000:20000 -j ACCEPT
iptables -I INPUT -p udp -m udp --dport 10000:20000 -j ACCEPT</pre>

然后别忘了保存和重启iptables
service iptables save
service iptables restart

ssr版的manyuser在第一层文件夹下，其他版本都在第二层下，配置过程大同小异，我就不写了

如果需要salsa20 或 chacha20 或 chacha20-ietf 算法，需要安装libsodium
Centos:

Debian/Ubuntu:

<pre style="text-shadow: rgba(0, 0, 0, 0.08) 0px 0px 1px; -webkit-font-smoothing: antialiased !important; border: 1px dashed rgba(0, 0, 0, 0.1); font-family: monospace, serif; font-size: 15px; font-style: normal; font-weight: 400; margin: 0px 0px 21px; outline: 0px; padding: 12px; vertical-align: baseline; hyphens: none; line-height: 1.6; max-width: 100%; overflow: auto; white-space: pre-wrap; word-wrap: break-word; color: rgb(85, 89, 94); font-variant-ligatures: normal; font-variant-caps: normal; letter-spacing: normal; orphans: 2; text-align: start; text-indent: 0px; text-transform: none; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; background-color: rgb(255, 255, 255); text-decoration-style: initial; text-decoration-color: initial;">apt-get install build-essential -y
wget https://github.com/jedisct1/libsodium/releases/download/1.0.10/libsodium-1.0.10.tar.gz
tar xf libsodium-1.0.10.tar.gz && cd libsodium-1.0.10
./configure && make -j2 && make install
ldconfig</pre>

shadowsocks-rm和ssr默认是支持UDP的，普通的manyuser对UDP支持不好，属于NAT3，并且需要手动开启，不推荐使用...

三，用Supervisor守护ss-manyuser进程

1.先安装supervisor

由于前面配置ss-manyuser已经安装了epel和python-pip,所以这里就不安装了

pip install supervisor

2.创建配置文件:

<pre style="text-shadow: rgba(0, 0, 0, 0.08) 0px 0px 1px; -webkit-font-smoothing: antialiased !important; border: 1px dashed rgba(0, 0, 0, 0.1); font-family: monospace, serif; font-size: 15px; font-style: normal; font-weight: 400; margin: 0px 0px 21px; outline: 0px; padding: 12px; vertical-align: baseline; hyphens: none; line-height: 1.6; max-width: 100%; overflow: auto; white-space: pre-wrap; word-wrap: break-word; color: rgb(85, 89, 94); font-variant-ligatures: normal; font-variant-caps: normal; letter-spacing: normal; orphans: 2; text-align: start; text-indent: 0px; text-transform: none; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; background-color: rgb(255, 255, 255); text-decoration-style: initial; text-decoration-color: initial;">echo_supervisord_conf > /etc/supervisord.conf</pre>

如果遇到下面这样的问题，可以手动安装meld3

image

方法如下:

<pre style="text-shadow: rgba(0, 0, 0, 0.08) 0px 0px 1px; -webkit-font-smoothing: antialiased !important; border: 1px dashed rgba(0, 0, 0, 0.1); font-family: monospace, serif; font-size: 15px; font-style: normal; font-weight: 400; margin: 0px 0px 21px; outline: 0px; padding: 12px; vertical-align: baseline; hyphens: none; line-height: 1.6; max-width: 100%; overflow: auto; white-space: pre-wrap; word-wrap: break-word; color: rgb(85, 89, 94); font-variant-ligatures: normal; font-variant-caps: normal; letter-spacing: normal; orphans: 2; text-align: start; text-indent: 0px; text-transform: none; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; background-color: rgb(255, 255, 255); text-decoration-style: initial; text-decoration-color: initial;">git clone https://github.com/Supervisor/meld3
cd meld3
python setup.py install</pre>

然后再执行echo_supervisord_conf > /etc/supervisord.conf就行了
3.修改配置文件
vim /etc/supervisord.conf
在最后面加入

<pre style="text-shadow: rgba(0, 0, 0, 0.08) 0px 0px 1px; -webkit-font-smoothing: antialiased !important; border: 1px dashed rgba(0, 0, 0, 0.1); font-family: monospace, serif; font-size: 15px; font-style: normal; font-weight: 400; margin: 0px 0px 21px; outline: 0px; padding: 12px; vertical-align: baseline; hyphens: none; line-height: 1.6; max-width: 100%; overflow: auto; white-space: pre-wrap; word-wrap: break-word; color: rgb(85, 89, 94); font-variant-ligatures: normal; font-variant-caps: normal; letter-spacing: normal; orphans: 2; text-align: start; text-indent: 0px; text-transform: none; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; background-color: rgb(255, 255, 255); text-decoration-style: initial; text-decoration-color: initial;">[program:ss]
command = python /root/shadowsocks-rm/shadowsocks/servers.py
user = root
autostart = true
autorestart = true</pre>

注意把python /root/shadowsocks-rm/shadowsocks/servers.py改成你manyuser所在的路径

image

4.为了方便管理，我们可以添加到添加自动启动服务：
vim /etc/init.d/supervisord

supervisord This scripts turns supervisord on

Author: Mike McGrath mmcgrath@redhat.com (based off yumupdatesd)

chkconfig: - 95 04

description: supervisor is a process control utility. It has a web based

xmlrpc interface as well as a few other nifty features.

processname: supervisord

config: /etc/supervisord.conf

pidfile: /var/run/supervisord.pid

source function library

. /etc/rc.d/init.d/functions
RETVAL=0
start() {
echo -n $"Starting supervisord: " daemon supervisord RETVAL=$ ?
echo
[ $RETVAL -eq 0 ] && touch /var/lock/subsys/supervisord } stop() { echo -n$ "Stopping supervisord: "
killproc supervisord
echo
[ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/supervisord } restart() { stop start } case "$ 1" in
start)
start
;;
stop)
stop
;;
restart|force-reload|reload)
restart
;;
condrestart)
[ -f /var/lock/subsys/supervisord ] && restart
;;
status)
status supervisord
RETVAL= $? ;; *) echo$ "Usage: $0 {start|stop|status|restart|reload|force-reload|condrestart}" exit 1 esac exit$ RETVAL</pre>