首先,linux shell下默认变量的计算小数都省略掉了,也就是0.99999其实就是0,这个很不好,有时候我们需要统计小数的。
好了,用echo + bc的组合可以实现。
- echo "scale=4; $BYTES_SENT/1024/1024"|bc
scale可以设置小数点后保留4位。
但是问题又出来了,如果是0.9999则显示的是.9999,小数点前面的0又不显示了,bc也是够了逗比了,好吧,继续折腾。
- echo "scale=4; $BYTES_SENT/1024/1024"|bc|awk '{printf "%.4f", $0}'
这样子下来,用awk再来格式化下,只怪奶牛shell学得很渣,但是很多东西查到了还是很好学习的,记录下。
autoproxy在firefox新版本中很多无法使用订阅功能,用这个改版还是比较好的选择。
下载地址:http://www.400gb.com/file/114503453
使用方法:下载后直接拖动文件到firefox的地址栏即可安装。
在Nginx的nginx.conf里面有如下的字段
如果我们想在默认的目录添加密码保护,只保护对目录的访问,也就是登陆这个目录就会输入密码,则我们这样设置
其中pass_file是密码文件的绝对路径,密码文件是由用户名和函数 crypt加密的密码组成,可以使用 htpasswd -c -d pass_file username 来生成。
好吧,很多东西还是有个前端管理起来比较方便,奶牛今天也配了个,写下过程记录下。
安装shadowsocks支持
- apt-get install python-pip python-m2crypto
- pip install cymysql
安装LNMP
- wget -c http://soft.vpser.net/lnmp/lnmp1.2-full.tar.gz && tar zxf lnmp1.2-full.tar.gz && cd lnmp1.2-full && ./install.sh lnmp
后端安装配置
- git clone -b manyuser https://github.com/mengskysama/shadowsocks.git
- cd ./shadowsocks/shadowsocks
- vim Config.py
- #Config
- MYSQL_HOST = 'localhost' #这一行是服务器IP,127.0.0.1表示本机
- MYSQL_PORT = 3306 #数据库端口号
- MYSQL_USER = 'nenew' #数据库用户名
- MYSQL_PASS = 'nenew' #数据库密码
- MYSQL_DB = 'shadowsocks' #数据库名称
- MANAGE_PASS = 'ss233333333'
- #if you want manage in other server you should set this value to global ip
- MANAGE_BIND_IP = '127.0.0.1'
- #make sure this port is idle
- MANAGE_PORT = 23333
- python server.py
在mysql数据库中新建数据库shadowsocks,并添加用户nenew,导入manyuser中的sql文件,然后执行python server.py。如果没有异常,则表示已经安装成功后端。
前端安装:
- lnmp vhost add
添加虚拟主机,然后进入虚拟主机目录
- wget https://github.com/orvice/ss-panel/archive/master.zip
- unzip master.zip
- rm master.zip
- mv -f ss-panel-master/* ./
- mv lib/config-simple.php lib/config.php
- vim lib/config.php
编辑配置信息,然后将lib文件夹下的sql文件都导入到nenew数据库中。
添加守护进程supervisor:
- apt-get install supervisor
- echo_supervisord_conf > /etc/supervisor/supervisord.conf
- vim /etc/supervisor/supervisord.conf
将文件最后添加
- [program:shadowsocks]
- command=python /root/shadowsocks/shadowsocks/server.py -c /root/shadowsocks/shadowsocks/config.json
- autorestart=true
- user=root
其中的目录自己根据实际情况设置,重启即可。
前端github:https://github.com/orvice/ss-panel
后端github:https://github.com/mengskysama/shadowsocks
顺带广告,ss服务器150元每年,需要者联系,联系方式见杂货铺。
其实以前也搞过PPTP VPN的配置,但是当时都是存在于建立,很多细节的方面并没有做好。今天来搞下这个日志系统吧,主要实现是通过ip-up 和ip-down两个脚本来实现的。这里说下原理吧,原理是通过pptp建立连接的时候都会执行ip-up,然后断线会执行ip-down。首先看看man pppd里面的一些内容:
- SCRIPTS
- Pppd invokes scripts at various stages in its processing which can be
- used to perform site-specific ancillary processing. These scripts are
- usually shell scripts, but could be executable code files instead.
- Pppd does not wait for the scripts to finish (except for the ip-pre-up
- script). The scripts are executed as root (with the real and effective
- user-id set to 0), so that they can do things such as update routing
- tables or run privileged daemons. Be careful that the contents of
- these scripts do not compromise your system's security. Pppd runs the
- scripts with standard input, output and error redirected to /dev/null,
- and with an environment that is empty except for some environment vari-
- ables that give information about the link. The environment variables
- that pppd sets are:
- DEVICE The name of the serial tty device being used.
- IFNAME The name of the network interface being used.
- IPLOCAL
- The IP address for the local end of the link. This is only set
- when IPCP has come up.
- IPREMOTE
- The IP address for the remote end of the link. This is only set
- when IPCP has come up.
- PEERNAME
- The authenticated name of the peer. This is only set if the
- peer authenticates itself.
- SPEED The baud rate of the tty device.
- ORIG_UID
- The real user-id of the user who invoked pppd.
- PPPLOGNAME
- The username of the real user-id that invoked pppd. This is
- always set.
- For the ip-down and auth-down scripts, pppd also sets the following
- variables giving statistics for the connection:
- CONNECT_TIME
- The number of seconds from when the PPP negotiation started
- until the connection was terminated.
- BYTES_SENT
- The number of bytes sent (at the level of the serial port) dur-
- ing the connection.
- BYTES_RCVD
- The number of bytes received (at the level of the serial port)
- during the connection.
- LINKNAME
- The logical name of the link, set with the linkname option.
- CALL_FILE
- The value of the call option.
- DNS1 If the peer supplies DNS server addresses, this variable is set
- to the first DNS server address supplied.
- DNS2 If the peer supplies DNS server addresses, this variable is set
- to the second DNS server address supplied.
- Pppd invokes the following scripts, if they exist. It is not an error
- if they don't exist.
- /etc/ppp/auth-up
- A program or script which is executed after the remote system
- successfully authenticates itself. It is executed with the
- parameters
- interface-name peer-name user-name tty-device speed
- Note that this script is not executed if the peer doesn't
- authenticate itself, for example when the noauth option is used.
- /etc/ppp/auth-down
- A program or script which is executed when the link goes down,
- if /etc/ppp/auth-up was previously executed. It is executed in
- the same manner with the same parameters as /etc/ppp/auth-up.
- /etc/ppp/ip-pre-up
- A program or script which is executed just before the ppp net-
- work interface is brought up. It is executed with the same
- parameters as the ip-up script (below). At this point the
- interface exists and has IP addresses assigned but is still
- down. This can be used to add firewall rules before any IP
- traffic can pass through the interface. Pppd will wait for this
- script to finish before bringing the interface up, so this
- script should run quickly.
- /etc/ppp/ip-up
- A program or script which is executed when the link is available
- for sending and receiving IP packets (that is, IPCP has come
- up). It is executed with the parameters
- interface-name tty-device speed local-IP-address
- remote-IP-address ipparam
- /etc/ppp/ip-down
- A program or script which is executed when the link is no longer
- available for sending and receiving IP packets. This script can
- be used for undoing the effects of the /etc/ppp/ip-up and
- /etc/ppp/ip-pre-up scripts. It is invoked in the same manner
- and with the same parameters as the ip-up script.
- /etc/ppp/ipv6-up
- Like /etc/ppp/ip-up, except that it is executed when the link is
- available for sending and receiving IPv6 packets. It is executed
- with the parameters
- interface-name tty-device speed local-link-local-address
- remote-link-local-address ipparam
- /etc/ppp/ipv6-down
- Similar to /etc/ppp/ip-down, but it is executed when IPv6 pack-
- ets can no longer be transmitted on the link. It is executed
- with the same parameters as the ipv6-up script.
- /etc/ppp/ipx-up
- A program or script which is executed when the link is available
- for sending and receiving IPX packets (that is, IPXCP has come
- up). It is executed with the parameters
- interface-name tty-device speed network-number
- local-IPX-node-address remote-IPX-node-address local-IPX-rout-
- ing-protocol remote-IPX-routing-protocol local-IPX-router-name
- remote-IPX-router-name ipparam pppd-pid
- The local-IPX-routing-protocol and remote-IPX-routing-protocol
- field may be one of the following:
- NONE to indicate that there is no routing protocol
- RIP to indicate that RIP/SAP should be used
- NLSP to indicate that Novell NLSP should be used
- RIP NLSP to indicate that both RIP/SAP and NLSP should be used
- /etc/ppp/ipx-down
- A program or script which is executed when the link is no longer
- available for sending and receiving IPX packets. This script
- can be used for undoing the effects of the /etc/ppp/ipx-up
- script. It is invoked in the same manner and with the same
- parameters as the ipx-up script.
这就是ppp的脚本内容,里面当然有变量咯,这些变量就是我们需要的。
好了,那么开始进行日志整理吧,首先是ip-up
- vim /etc/ppp/ip-up
- #!/bin/sh
- #
- # This script is run by the pppd after the link is established.
- # It uses run-parts to run scripts in /etc/ppp/ip-up.d, so to add routes,
- # set IP address, run the mailq etc. you should create script(s) there.
- #
- # Be aware that other packages may include /etc/ppp/ip-up.d scripts (named
- # after that package), so choose local script names with that in mind.
- #
- # This script is called with the following arguments:
- # Arg Name Example
- # $1 Interface name ppp0
- # $2 The tty ttyS1
- # $3 The link speed 38400
- # $4 Local IP number 12.34.56.78
- # $5 Peer IP number 12.34.56.99
- # $6 Optional ``ipparam'' value foo
- # The environment is cleared before executing this script
- # so the path must be reset
- PATH=/usr/local/sbin:/usr/sbin:/sbin:/usr/local/bin:/usr/bin:/bin
- export PATH
- # These variables are for the use of the scripts run by run-parts
- PPP_IFACE="$1"
- PPP_TTY="$2"
- PPP_SPEED="$3"
- PPP_LOCAL="$4"
- PPP_REMOTE="$5"
- PPP_IPPARAM="$6"
- export PPP_IFACE PPP_TTY PPP_SPEED PPP_LOCAL PPP_REMOTE PPP_IPPARAM
- # as an additional convenience, $PPP_TTYNAME is set to the tty name,
- # stripped of /dev/ (if present) for easier matching.
- PPP_TTYNAME=`/usr/bin/basename "$2"`
- export PPP_TTYNAME
- # If /var/log/ppp-ipupdown.log exists use it for logging.
- if [ -e /var/log/ppp-ipupdown.log ]; then
- exec > /var/log/ppp-ipupdown.log 2>&1
- echo $0 $@
- echo
- fi
- # This script can be used to override the .d files supplied by other packages.
- if [ -x /etc/ppp/ip-up.local ]; then
- exec /etc/ppp/ip-up.local "$@"
- fi
- run-parts /etc/ppp/ip-up.d \
- --arg="$1" --arg="$2" --arg="$3" --arg="$4" --arg="$5" --arg="$6"
- # if pon was called with the "quick" argument, stop pppd
- if [ -e /var/run/ppp-quick ]; then
- rm /var/run/ppp-quick
- wait
- kill $PPPD_PID
- fi
- /sbin/iptables -t nat -A POSTROUTING -s 172.16.36.0/24 -j SNAT --to-source "serverip" 这里设置每次登陆时候都设定一次路由转发,避免失效。
- echo "****************************************************" > /var/log/pptpd-${1}.log 将所有内容导入到pptpd-${1}.log,以防多用户登陆时候造成日志混乱
- echo "username: $PEERNAME" >> /var/log/pptpd-${1}.log
- echo "clientIP: $6" >> /var/log/pptpd-${1}.log
- echo "device: $1" >> /var/log/pptpd-${1}.log
- echo "vpnIP: $4" >> /var/log/pptpd-${1}.log
- echo "assignIP: $5" >> /var/log/pptpd-${1}.log
- echo "logintime: `date -d today +%F_%T`" >> /var/log/pptpd-${1}.log
然后是ip-up的处理:
- vim /etc/ppp/ip-down
- #!/bin/sh
- #
- # This script is run by the pppd _after_ the link is brought down.
- # It uses run-parts to run scripts in /etc/ppp/ip-down.d, so to delete
- # routes, unset IP addresses etc. you should create script(s) there.
- #
- # Be aware that other packages may include /etc/ppp/ip-down.d scripts (named
- # after that package), so choose local script names with that in mind.
- #
- # This script is called with the following arguments:
- # Arg Name Example
- # $1 Interface name ppp0
- # $2 The tty ttyS1
- # $3 The link speed 38400
- # $4 Local IP number 12.34.56.78
- # $5 Peer IP number 12.34.56.99
- # $6 Optional ``ipparam'' value foo
- # The environment is cleared before executing this script
- # so the path must be reset
- PATH=/usr/local/sbin:/usr/sbin:/sbin:/usr/local/bin:/usr/bin:/bin
- export PATH
- # These variables are for the use of the scripts run by run-parts
- PPP_IFACE="$1"
- PPP_TTY="$2"
- PPP_SPEED="$3"
- PPP_LOCAL="$4"
- PPP_REMOTE="$5"
- PPP_IPPARAM="$6"
- export PPP_IFACE PPP_TTY PPP_SPEED PPP_LOCAL PPP_REMOTE PPP_IPPARAM
- # as an additional convenience, $PPP_TTYNAME is set to the tty name,
- # stripped of /dev/ (if present) for easier matching.
- PPP_TTYNAME=`/usr/bin/basename "$2"`
- export PPP_TTYNAME
- # If /var/log/ppp-ipupdown.log exists use it for logging.
- if [ -e /var/log/ppp-ipupdown.log ]; then
- exec >> /var/log/ppp-ipupdown.log 2>&1
- echo $0 $@
- echo
- fi
- echo "downtime: `date -d today +%F_%T`" >> /var/log/pptpd-${1}.log
- echo "bytes sent: $BYTES_SENT" >> /var/log/pptpd-${1}.log
- echo "bytes received: $BYTES_RCVD" >> /var/log/pptpd-${1}.log
- echo "connect time: $CONNECT_TIME" >> /var/log/pptpd-${1}.log
- echo "****************************************************" >> /var/log/pptpd-${1}.log
- cat /var/log/pptpd-${1}.log >> /var/log/pptpd.log
- # This script can be used to override the .d files supplied by other packages.
- if [ -x /etc/ppp/ip-down.local ]; then
- exec /etc/ppp/ip-down.local "$@"
- fi
- run-parts /etc/ppp/ip-down.d \
- --arg="$1" --arg="$2" --arg="$3" --arg="$4" --arg="$5" --arg="$6"
最后就可以通过/var/log/pptpd.log文件进行查看PPTP VPN日志了。日志形式如下,需要更美观的自行修改代码:
- ****************************************************
- username: nenew
- clientIP: XXX.XXX.XXX.XXX
- device: ppp0
- vpnIP: 172.16.36.1
- assignIP: 172.16.36.2
- logintime: 2015-08-03_17:06:05
- downtime: 2015-08-03_17:06:23
- bytes sent: 164143
- bytes received: 51606
- connect time: 18
- ****************************************************
iptables -t nat -A POSTROUTING -s 172.16.36.0/24 -j SNAT –to-source vps网关这句话最好加到/etc/rc.local中,否则可能无法转发,及时iptables-rules里面有。
- cat /dev/ppp
- cat: /dev/ppp: No such device or address
- cat /dev/net/tun
- cat: /dev/net/tun: File descriptor in bad state
是需要检查的。
网卡可能不是eth0,可能是venet0,而且还可能是venet0:0,看好,看好。
安装脚步for ubuntu pptp vpn
- #!/bin/bash
- if [ $(id -u) != "0" ]; then
- printf "Error: You must be root to run this tool!\n"
- exit 1
- fi
- clear
- printf "
- ####################################################
- # #
- # This is a Shell-Based tool of pptp installation #
- # Version: 0.1 #
- # Author: Bruce Ku #
- # For Debian/Ubuntu 32bit and 64bit #
- # #
- ####################################################
- "
- vpsip=`ifconfig | grep 'inet addr:'| grep -v '127.0.0.1' | cut -d: -f2 | awk 'NR==1 { print $1}'`
- apt-get update
- apt-get --purge remove pptpd ppp
- rm -rf /etc/pptpd.conf
- rm -rf /etc/ppp
- apt-get install -y ppp
- apt-get install -y pptpd
- apt-get install -y iptables logrotate tar cpio perl
- rm -r /dev/ppp
- mknod /dev/ppp c 108 0
- echo 1 > /proc/sys/net/ipv4/ip_forward
- echo "mknod /dev/ppp c 108 0" >> /etc/rc.local
- echo "echo 1 > /proc/sys/net/ipv4/ip_forward" >> /etc/rc.local
- echo "net.ipv4.ip_forward = 1" >> /etc/sysctl.conf
- echo "localip 172.16.36.1" >> /etc/pptpd.conf
- echo "remoteip 172.16.36.2-254" >> /etc/pptpd.conf
- echo "ms-dns 8.8.8.8" >> /etc/ppp/options
- echo "ms-dns 8.8.4.4" >> /etc/ppp/options
- echo "vpn pptpd 123456 *" >> /etc/ppp/chap-secrets
- iptables -t nat -A POSTROUTING -s 172.16.36.0/24 -j SNAT --to-source `ifconfig | grep 'inet addr:'| grep -v '127.0.0.1' | cut -d: -f2 | awk 'NR==1 { print $1}'`
- iptables -A FORWARD -p tcp --syn -s 172.16.36.0/24 -j TCPMSS --set-mss 1356
- iptables -t nat -A POSTROUTING -s 172.16.36.0/24 -j SNAT --to-source "$vpsip"
- iptables-save > /etc/iptables-rules
- printf "
- ####################################################
- add my Yu
- ####################################################
- "
- echo "pre-up iptables-restore < /etc/iptables-rules" >> /etc/network/interfaces
- printf "
- ####################################################
- add my Yu
- ####################################################
- "
- /etc/init.d/pptpd restart
- printf "
- ####################################################
- # #
- # This is a Shell-Based tool of pptp installation #
- # Version: 0.1 #
- # Author: Bruce Ku #
- # For Debian/Ubuntu 32bit and 64bit #
- # #
- ####################################################
- ServerIP:$vpsip
- username:vpn
- password:123456
- "
安装完成重启
奶牛最近在找一个好用的代理程序,支持socks5的tcp和udp两种协议,并且支持64位win8系统,终于最后找到了这个sockscap64.
首先很难的,作者是国人,并且提倡软件免费,并打算一直免费提供sockscap64这软件。sockscap64目前支持socks代理和http代理,并且支持tcp和udp,Sockscap64是基于远程DLL注入技术, 通过修改系统Winsock的API后从而使运行于Sockscap64的网络软件通过SOCKS代理访问网络; 从而实现网络加速或突破局域网限制的功能。经过测试udp功能也比较稳定。
特此推荐,下载http://www.sockscap64.com/software/SocksCap64-setup-2.6.exe