在阿里云大陆 ECS 的 CentOS 7.x 中安装 V2Ray 后 HTTP 请求 Google、YouTube 的实现
1、列出所有版本信息,执行命令:lsb_release -a。版本:CentOS 7.7。如图1
[root@iZ23wv7v5ggZ ~]# lsb_release -a LSB Version: :core-4.1-amd64:core-4.1-noarch Distributor ID: CentOS Description: CentOS Linux release 7.7.1908 (Core) Release: 7.7.1908 Codename: Core [root@iZ23wv7v5ggZ ~]#
2、查看 bash 版本:4.2.46。如图2
[root@iZ23wv7v5ggZ bin]# bash --version GNU bash, version 4.2.46(2)-release (x86_64-redhat-linux-gnu) Copyright (C) 2011 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html> This is free software; you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. [root@iZ23wv7v5ggZ bin]# ^C [root@iZ23wv7v5ggZ bin]#
3、安装和更新 V2Ray,参考网址:https://github.com/v2fly/fhs-install-v2ray/blob/master/README.zh-Hans-CN.md 。如图3
[root@iZ23wv7v5ggZ ~]# bash <(curl -L https://raw.githubusercontent.com/v2fly/fhs-install-v2ray/master/install-release.sh) % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 21613 100 21613 0 0 21964 0 --:--:-- --:--:-- --:--:-- 21964 info: Installing V2Ray v4.40.1 for x86_64 Downloading V2Ray archive: https://github.com/v2fly/v2ray-core/releases/download/v4.40.1/v2ray-linux-64.zip % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 626 100 626 0 0 734 0 --:--:-- --:--:-- --:--:-- 733 100 12.3M 100 12.3M 0 0 2996k 0 0:00:04 0:00:04 --:--:-- 4167k Downloading verification file for V2Ray archive: https://github.com/v2fly/v2ray-core/releases/download/v4.40.1/v2ray-linux-64.zip.dgst info: Extract the V2Ray package to /tmp/tmp.Kbb2Sg6CcW and prepare it for installation. rm: cannot remove ‘/etc/systemd/system/v2ray.service.d/10-donot_touch_multi_conf.conf’: No such file or directory rm: cannot remove ‘/etc/systemd/system/v2ray@.service.d/10-donot_touch_multi_conf.conf’: No such file or directory info: Systemd service files have been installed successfully! warning: The following are the actual parameters for the v2ray service startup. warning: Please make sure the configuration file path is correctly set. ~~~~~~~~~~~~~~~~ [Unit] Description=V2Ray Service Documentation=https://www.v2fly.org/ After=network.target nss-lookup.target [Service] User=nobody CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE AmbientCapabilities=CAP_NET_ADMIN CAP_NET_BIND_SERVICE NoNewPrivileges=true ExecStart=/usr/local/bin/v2ray -config /usr/local/etc/v2ray/config.json Restart=on-failure RestartPreventExitStatus=23 [Install] WantedBy=multi-user.target # In case you have a good reason to do so, duplicate this file in the same directory and make your customizes there. # Or all changes you made will be lost! # Refer: https://www.freedesktop.org/software/systemd/man/systemd.unit.html [Service] ExecStart= ExecStart=/usr/local/bin/v2ray -config /usr/local/etc/v2ray/config.json ~~~~~~~~~~~~~~~~ warning: The systemd version on the current operating system is too low. warning: Please consider to upgrade the systemd or the operating system. installed: /usr/local/bin/v2ray installed: /usr/local/bin/v2ctl installed: /usr/local/share/v2ray/geoip.dat installed: /usr/local/share/v2ray/geosite.dat installed: /usr/local/etc/v2ray/config.json installed: /var/log/v2ray/ installed: /var/log/v2ray/access.log installed: /var/log/v2ray/error.log installed: /etc/systemd/system/v2ray.service installed: /etc/systemd/system/v2ray@.service removed: /tmp/tmp.Kbb2Sg6CcW info: V2Ray v4.40.1 is installed. You may need to execute a command to remove dependent software: yum remove curl unzip Please execute the command: systemctl enable v2ray; systemctl start v2ray [root@iZ23wv7v5ggZ ~]# systemctl enable v2ray Created symlink from /etc/systemd/system/multi-user.target.wants/v2ray.service to /etc/systemd/system/v2ray.service. [root@iZ23wv7v5ggZ ~]# systemctl start v2ray [root@iZ23wv7v5ggZ ~]#
4、我购买了一个商业版本的 V2RAY 服务端 GetSS,选择香港的 Azure 服务器,复制 URL。其值已不可用,我做了修改。如图4
vmess://eyJhZGQiOiJoazAxLmdldHNzLnRvcCIsImhvc3QiOiIiLCJpZCI6IjRBNjMzOEU0LTI3RDItQkQ5My01MUI1LUIzQjIxRUEwM0JFMiIsIm5ldCI6InRjcCIsInBhdGgiOiIiLCJwb3J0IjoiMjM0NTYiLCJ5wcyI6IkhLLUhLVC14MCIsInRscy66I6IiIsInYiOjIsImFpZCI6MCwidHlwZSI6Im5vbmUifQ==
5、将 vmess:// 后面的值 base64 解码后。json 格式化,其值如下。后续用于配置阿里云服务器上的 V2RAY 客户端。其值已不可用,我做了修改。如图5
{ "add": "hk01.getss.top", "host": "", "id": "4A6338E4-27D2-BD93-515B5-B3B21EA6603BE2", "net": "tcp", "path": "", "port": "23456", "ps": "HK-HKT-x0", "tls": "", "v": 2, "aid": 0, "type": "none" }
6、查看文件 /usr/local/etc/v2ray/config.json,其值为空对象
[root@iZ23wv7v5ggZ ~]# cat /usr/local/etc/v2ray/config.json {} [root@iZ23wv7v5ggZ ~]#
7、V2Ray 没有使用常规代理软件的 C/S(即客户端/服务器)结构,它既可以当做服务器也可以作为客户端。配置客户端,参考文件:C:\Users\Administrator\AppData\Roaming\GetSS\config.json。GetSS 为 Windows 客户端。编辑 /usr/local/etc/v2ray/config.json。如图6
{ "policy": { "levels": { "0": { "uplinkOnly": 0 } } }, "inbound": { "listen": "127.0.0.1", "port": 1081, "protocol": "socks", "settings": { "auth": "noauth", "udp": false, "ip": "127.0.0.1" } }, "inboundDetour": [ { "listen": "127.0.0.1", "allocate": { "strategy": "always", "refresh": 5, "concurrency": 3 }, "port": 8001, "protocol": "http", "tag": "httpDetour", "domainOverride": [ "http", "tls" ], "streamSettings": {}, "settings": { "timeout": 0 } } ], "log": { "loglevel": "warning" }, "dns": { "servers": [ "223.5.5.5" ] }, "outboundDetour": [ { "protocol": "freedom", "tag": "direct", "settings": {} } ], "outbound": { "sendThrough": "0.0.0.0", "mux": { "enabled": false, "concurrency": 8 }, "protocol": "vmess", "settings": { "vnext": [ { "address": "hk01.getss.top", "port": 23456, "users": [ { "id": "4A6338E4-27D2-BD5593-51B5-B3B21EA03BE2", "alterId": 0, "security": "auto", "level": 0 } ], "remark": "HK-HKT-x0" } ] }, "streamSettings": { "wsSettings": { "path": "", "headers": { "Host": "" } }, "tcpSettings": { "header": { "type": "none" } }, "security": "", "tlsSettings": { "serverName": "", "allowInsecure": false }, "httpSettings": { "path": "", "host": [ "" ] }, "kcpSettings": { "header": { "type": "none" }, "mtu": 1350, "congestion": false, "tti": 20, "uplinkCapacity": 5, "writeBufferSize": 1, "readBufferSize": 1, "downlinkCapacity": 20 }, "network": "tcp" } } }
8、使用 V2Ray 提供的配置检查功能(test 选项),因为可以检查 JSON 语法错误外的问题,比如说突然间手抖把 vmess 写成了 vmss,一下子就检查出来了。如果是配置文件没问题,则是这样的。
[root@iZ23wv7v5ggZ ~]# /usr/local/bin/v2ray -test -config /usr/local/etc/v2ray/config.json V2Ray 4.40.1 (V2Fly, a community-driven edition of V2Ray.) Custom (go1.16.5 linux/amd64) A unified platform for anti-censorship. Configuration OK. [root@iZ23wv7v5ggZ ~]#
9、VMess 协议的认证基于时间,一定要保证服务器和客户端的系统时间相差要在90秒以内。查看阿里云服务器的系统时间。
[root@iZ23wv7v5ggZ ~]# date Thu Jun 24 16:50:13 CST 2021 [root@iZ23wv7v5ggZ ~]#
10、实际上数据包的流向:{浏览器} <–(socks)–> {V2Ray 客户端 inbound <-> V2Ray 客户端 outbound} <–(VMess)–> {V2Ray 服务器 inbound <-> V2Ray 服务器 outbound} <–(Freedom)–> {目标网站}。
11、查看与代理端口 1081 相链接的端口。显示所有连线中的 Socket。
[root@iZ23wv7v5ggZ ~]# netstat -nat | grep 1081 -a tcp6 0 0 :::1080 :::* LISTEN [root@iZ23wv7v5ggZ ~]#
12、测试阿里云服务器基于 socks 请求 http://httpbin.org/ip、https://www.google.com、https://www.youtube.com。连接成功。如图7
[root@iZ23wv7v5ggZ v2ray]# curl --socks5 127.0.0.1:1081 http://httpbin.org/ip { "origin": "14.192.49.13" } [root@iZ23wv7v5ggZ v2ray]# curl --socks5 127.0.0.1:1081 http://www.google.com curl: (52) Empty reply from server [root@iZ23wv7v5ggZ v2ray]# curl --socks5 127.0.0.1:1081 https://www.google.com curl: (51) Unable to communicate securely with peer: requested domain name does not match the server's certificate. [root@iZ23wv7v5ggZ v2ray]# curl -v --socks5 127.0.0.1:1081 https://sitekit.withgoogle.com * About to connect() to proxy 127.0.0.1 port 1081 (#0) * Trying 127.0.0.1... * 216 * 58 * 200 * 49 * Connected to 127.0.0.1 (127.0.0.1) port 1081 (#0) * Initializing NSS with certpath: sql:/etc/pki/nssdb * CAfile: /etc/pki/tls/certs/ca-bundle.crt CApath: none * SSL connection using TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 * Server certificate: * subject: CN=*.appspot.com,O=Google LLC,L=Mountain View,ST=California,C=US * start date: May 31 01:07:40 2021 GMT * expire date: Aug 23 01:07:39 2021 GMT * common name: *.appspot.com * issuer: CN=GTS CA 1O1,O=Google Trust Services,C=US > GET / HTTP/1.1 > User-Agent: curl/7.29.0 > Host: sitekit.withgoogle.com > Accept: */* > < HTTP/1.1 200 OK < Content-Type: text/html; charset=utf-8 < Vary: Accept-Encoding < X-Cloud-Trace-Context: f0ad2afe1e1be1a7fd9d592b1b2e4c62 < Date: Fri, 25 Jun 2021 09:35:19 GMT < Server: Google Frontend < Content-Length: 89089 < Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" < <!DOCTYPE html> [root@iZ23wv7v5ggZ ~]# curl -v --socks5 127.0.0.1:1081 https://www.youtube.com * About to connect() to proxy 127.0.0.1 port 1081 (#0) * Trying 127.0.0.1... * 172 * 217 * 160 * 110 * Connected to 127.0.0.1 (127.0.0.1) port 1081 (#0) * Initializing NSS with certpath: sql:/etc/pki/nssdb * CAfile: /etc/pki/tls/certs/ca-bundle.crt CApath: none * SSL connection using TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 * Server certificate: * subject: CN=*.google.com,O=Google LLC,L=Mountain View,ST=California,C=US * start date: May 31 01:35:44 2021 GMT * expire date: Aug 23 01:35:43 2021 GMT * common name: *.google.com * issuer: CN=GTS CA 1O1,O=Google Trust Services,C=US > GET / HTTP/1.1 > User-Agent: curl/7.29.0 > Host: www.youtube.com > Accept: */* > < HTTP/1.1 200 OK < Content-Type: text/html; charset=utf-8 < X-Content-Type-Options: nosniff < Cache-Control: no-cache, no-store, max-age=0, must-revalidate < Pragma: no-cache < Expires: Mon, 01 Jan 1990 00:00:00 GMT < Date: Mon, 28 Jun 2021 11:09:13 GMT < X-Frame-Options: SAMEORIGIN < Strict-Transport-Security: max-age=31536000 < permissions-policy: ch-ua-full-version=*, ch-ua-platform=*, ch-ua-platform-version=*, ch-ua-arch=*, ch-ua-model=* < P3P: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=en for more info." < Server: ESF < X-XSS-Protection: 0 < Set-Cookie: GPS=1; Domain=.youtube.com; Expires=Mon, 28-Jun-2021 11:39:13 GMT; Path=/; Secure; HttpOnly < Set-Cookie: YSC=Mpx-P60pfFM; Domain=.youtube.com; Path=/; Secure; HttpOnly; SameSite=none < Set-Cookie: VISITOR_INFO1_LIVE=I25nZHCzTQA; Domain=.youtube.com; Expires=Sat, 25-Dec-2021 11:09:13 GMT; Path=/; Secure; HttpOnly; SameSite=none < Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" < Accept-Ranges: none < Vary: Accept-Encoding < Transfer-Encoding: chunked < <!DOCTYPE html><html style="font-size: 10px;font-family: Roboto, Arial, sans-serif;" lang="en" typography typography-spacing><head><meta http-equiv="X-UA-Compatible" content="IE=edge"/><script nonce="m6im/2YfcUAbOVHb8ZzpHQ">var ytcfg={d:function(){return window.yt&&yt.config_||ytcfg.data_||(ytcfg.data_={})},get:function(k,o){return k in ytcfg.d()?ytcfg.d()[k]:o},set:function(){var a=arguments;if(a.length>1)ytcfg.d()[a[0]]=a[1];else for(var k in a[0])ytcfg.d()[k]=a[0][k]}};
13、阿里云服务器开放的端口 1081、8118 需要 运行命令开放。打开防火墙 iptables。如图8
[root@iZ23wv7v5ggZ ~]# cat /etc/sysconfig/iptables # Generated by iptables-save v1.4.21 on Mon Jun 28 19:53:18 2021 *filter :INPUT DROP [2:80] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [247:63813] :syn-flood - [0:0] -A INPUT -p tcp -m tcp --dport 8118 -m state --state NEW -j ACCEPT -A INPUT -p tcp -m tcp --dport 1081 -m state --state NEW -j ACCEPT -A INPUT -p tcp -m tcp --dport 1080 -m state --state NEW -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT -A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT -A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT -A INPUT -p tcp -m state --state NEW -m tcp --dport 21 -j ACCEPT -A INPUT -p tcp -m state --state NEW -m tcp --dport 20000:30000 -j ACCEPT -A INPUT -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT -A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT COMMIT # Completed on Mon Jun 28 19:53:18 2021 [root@iZ23wv7v5ggZ v2ray]# iptables -I INPUT -p tcp --dport 1081 -m state --state NEW -j ACCEPT [root@iZ23wv7v5ggZ v2ray]# service iptables save iptables: Saving firewall rules to /etc/sysconfig/iptables:[ OK ] [root@iZ23wv7v5ggZ v2ray]# cat /etc/sysconfig/iptables # Generated by iptables-save v1.4.21 on Fri Jun 25 17:19:08 2021 *filter :INPUT DROP [2:80] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [580:261280] :syn-flood - [0:0] -A INPUT -p tcp -m tcp --dport 1081 -m state --state NEW -j ACCEPT -A INPUT -p tcp -m tcp --dport 1080 -m state --state NEW -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT -A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT -A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT -A INPUT -p tcp -m state --state NEW -m tcp --dport 21 -j ACCEPT -A INPUT -p tcp -m state --state NEW -m tcp --dport 20000:30000 -j ACCEPT -A INPUT -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT -A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT COMMIT # Completed on Fri Jun 25 17:19:08 2021 [root@iZ23wv7v5ggZ v2ray]#
14、安装配置 Privoxy,修改配置文件 /etc/privoxy/config。如图9
/usr/local/bin/v2ray -test -config /usr/local/etc/v2ray/config.json [root@iZ23wv7v5ggZ ~]# yum -y install privoxy Loaded plugins: fastestmirror Determining fastest mirrors base | 3.6 kB 00:00 epel | 4.7 kB 00:00 extras | 2.9 kB 00:00 updates | 2.9 kB 00:00 (1/7): base/7/x86_64/group_gz | 153 kB 00:00 (2/7): epel/x86_64/group_gz | 96 kB 00:00 (3/7): epel/x86_64/updateinfo | 1.0 MB 00:00 (4/7): extras/7/x86_64/primary_db | 242 kB 00:00 (5/7): base/7/x86_64/primary_db | 6.1 MB 00:00 (6/7): epel/x86_64/primary_db | 6.9 MB 00:00 (7/7): updates/7/x86_64/primary_db | 8.8 MB 00:00 Resolving Dependencies --> Running transaction check ---> Package privoxy.x86_64 0:3.0.32-1.el7 will be installed --> Finished Dependency Resolution Dependencies Resolved ================================================================================ Package Arch Version Repository Size ================================================================================ Installing: privoxy x86_64 3.0.32-1.el7 epel 998 k Transaction Summary ================================================================================ Install 1 Package Total download size: 998 k Installed size: 3.1 M Downloading packages: privoxy-3.0.32-1.el7.x86_64.rpm | 998 kB 00:00 Running transaction check Running transaction test Transaction test succeeded Running transaction Installing : privoxy-3.0.32-1.el7.x86_64 1/1 Verifying : privoxy-3.0.32-1.el7.x86_64 1/1 Installed: privoxy.x86_64 0:3.0.32-1.el7 Complete! [root@iZ23wv7v5ggZ ~]# systemctl enable privoxy Created symlink from /etc/systemd/system/multi-user.target.wants/privoxy.service to /usr/lib/systemd/system/privoxy.service. [root@iZ23wv7v5ggZ ~]# systemctl start privoxy [root@iZ23wv7v5ggZ ~]# systemctl status privoxy ● privoxy.service - Privoxy Web Proxy With Advanced Filtering Capabilities Loaded: loaded (/usr/lib/systemd/system/privoxy.service; enabled; vendor preset: disabled) Active: active (running) since Thu 2021-06-24 11:08:07 CST; 5s ago Process: 6845 ExecStart=/usr/sbin/privoxy --pidfile /run/privoxy.pid --user privoxy /etc/privoxy/config (code=exited, status=0/SUCCESS) Main PID: 6846 (privoxy) CGroup: /system.slice/privoxy.service └─6846 /usr/sbin/privoxy --pidfile /run/privoxy.pid --user privoxy... Jun 24 11:08:06 iZ23wv7v5ggZ systemd[1]: Starting Privoxy Web Proxy With Adv.... Jun 24 11:08:07 iZ23wv7v5ggZ systemd[1]: Started Privoxy Web Proxy With Adva.... Hint: Some lines were ellipsized, use -l to show in full. [root@iZ23wv7v5ggZ ~]# yum install w3m -y Loaded plugins: fastestmirror Loading mirror speeds from cached hostfile Resolving Dependencies --> Running transaction check ---> Package w3m.x86_64 0:0.5.3-50.git20210102.el7 will be installed --> Processing Dependency: libcrypto.so.1.1(OPENSSL_1_1_0)(64bit) for package: w3m-0.5.3-50.git20210102.el7.x86_64 --> Processing Dependency: libssl.so.1.1(OPENSSL_1_1_0)(64bit) for package: w3m-0.5.3-50.git20210102.el7.x86_64 --> Processing Dependency: perl(NKF) for package: w3m-0.5.3-50.git20210102.el7.x86_64 --> Processing Dependency: libcrypto.so.1.1()(64bit) for package: w3m-0.5.3-50.git20210102.el7.x86_64 --> Processing Dependency: libgc.so.1()(64bit) for package: w3m-0.5.3-50.git20210102.el7.x86_64 --> Processing Dependency: libssl.so.1.1()(64bit) for package: w3m-0.5.3-50.git20210102.el7.x86_64 --> Running transaction check ---> Package gc.x86_64 0:7.2d-7.el7 will be installed ---> Package openssl11-libs.x86_64 1:1.1.1g-3.el7 will be installed ---> Package perl-NKF.x86_64 1:2.1.3-5.el7 will be installed --> Finished Dependency Resolution Dependencies Resolved ================================================================================ Package Arch Version Repository Size ================================================================================ Installing: w3m x86_64 0.5.3-50.git20210102.el7 epel 980 k Installing for dependencies: gc x86_64 7.2d-7.el7 base 158 k openssl11-libs x86_64 1:1.1.1g-3.el7 epel 1.5 M perl-NKF x86_64 1:2.1.3-5.el7 epel 131 k Transaction Summary ================================================================================ Install 1 Package (+3 Dependent packages) Total download size: 2.7 M Installed size: 6.5 M Downloading packages: (1/4): gc-7.2d-7.el7.x86_64.rpm | 158 kB 00:00 (2/4): perl-NKF-2.1.3-5.el7.x86_64.rpm | 131 kB 00:00 (3/4): openssl11-libs-1.1.1g-3.el7.x86_64.rpm | 1.5 MB 00:00 (4/4): w3m-0.5.3-50.git20210102.el7.x86_64.rpm | 980 kB 00:00 -------------------------------------------------------------------------------- Total 5.0 MB/s | 2.7 MB 00:00 Running transaction check Running transaction test Transaction test succeeded Running transaction Installing : 1:openssl11-libs-1.1.1g-3.el7.x86_64 1/4 Installing : gc-7.2d-7.el7.x86_64 2/4 Installing : 1:perl-NKF-2.1.3-5.el7.x86_64 3/4 Installing : w3m-0.5.3-50.git20210102.el7.x86_64 4/4 Verifying : 1:perl-NKF-2.1.3-5.el7.x86_64 1/4 Verifying : gc-7.2d-7.el7.x86_64 2/4 Verifying : w3m-0.5.3-50.git20210102.el7.x86_64 3/4 Verifying : 1:openssl11-libs-1.1.1g-3.el7.x86_64 4/4 Installed: w3m.x86_64 0:0.5.3-50.git20210102.el7 Dependency Installed: gc.x86_64 0:7.2d-7.el7 openssl11-libs.x86_64 1:1.1.1g-3.el7 perl-NKF.x86_64 1:2.1.3-5.el7 Complete! [root@iZ23wv7v5ggZ ~]# vi /etc/privoxy/config [root@iZ23wv7v5ggZ ~]#
listen-address 127.0.0.1:8118 forward-socks5t / 127.0.0.1:1081 .
15、设置 http/https 代理,修改配置文件 /etc/profile。172.16.6.176 为服务器内网IP,表示不用代理。如图10
[root@iZ23wv7v5ggZ ~]# vi /etc/profile [root@iZ23wv7v5ggZ ~]# systemctl stop privoxy [root@iZ23wv7v5ggZ ~]# systemctl start privoxy [root@iZ23wv7v5ggZ ~]# systemctl status privoxy ● privoxy.service - Privoxy Web Proxy With Advanced Filtering Capabilities Loaded: loaded (/usr/lib/systemd/system/privoxy.service; enabled; vendor preset: disabled) Active: active (running) since Fri 2021-06-25 19:17:34 CST; 10s ago Process: 10823 ExecStart=/usr/sbin/privoxy --pidfile /run/privoxy.pid --user privoxy /etc/privoxy/config (code=exited, status=0/SUCCESS) Main PID: 10824 (privoxy) CGroup: /system.slice/privoxy.service └─10824 /usr/sbin/privoxy --pidfile /run/privoxy.pid --user privoxy /etc/privoxy/config Jun 25 19:17:33 iZ23wv7v5ggZ systemd[1]: Starting Privoxy Web Proxy With Advanced Filtering Capabilities... Jun 25 19:17:34 iZ23wv7v5ggZ systemd[1]: Started Privoxy Web Proxy With Advanced Filtering Capabilities. [root@iZ23wv7v5ggZ ~]#
export http_proxy=http://127.0.0.1:8118 export https_proxy=http://127.0.0.1:8118 export ftp_proxy=http://127.0.0.1:8118 export no_proxy="172.16.6.176"
16、测试阿里云服务器基于 curl http 请求 http://httpbin.org/ip、https://www.google.com、https://www.youtube.com。连接成功。如图11
[root@iZ23wv7v5ggZ ~]# curl -v http://httpbin.org/ip * About to connect() to proxy 127.0.0.1 port 8118 (#0) * Trying 127.0.0.1... * Connected to 127.0.0.1 (127.0.0.1) port 8118 (#0) > GET http://httpbin.org/ip HTTP/1.1 > User-Agent: curl/7.29.0 > Host: httpbin.org > Accept: */* > Proxy-Connection: Keep-Alive > < HTTP/1.1 200 OK < Date: Tue, 29 Jun 2021 11:28:55 GMT < Content-Type: application/json < Content-Length: 31 < Connection: keep-alive < Server: gunicorn/19.9.0 < Access-Control-Allow-Origin: * < Access-Control-Allow-Credentials: true < Proxy-Connection: keep-alive < { "origin": "14.192.49.13" } * Connection #0 to host 127.0.0.1 left intact [root@iZ23wv7v5ggZ ~]# curl -v http://www.google.com * About to connect() to proxy 127.0.0.1 port 8118 (#0) * Trying 127.0.0.1... * Connected to 127.0.0.1 (127.0.0.1) port 8118 (#0) > GET http://www.google.com/ HTTP/1.1 > User-Agent: curl/7.29.0 > Host: www.google.com > Accept: */* > Proxy-Connection: Keep-Alive > < HTTP/1.1 302 Found < Location: http://www.google.com.hk/url?sa=p&hl=zh-CN&pref=hkredirect&pval=yes&q=http://www.google.com.hk/&ust=1624966178742441&usg=AOvVaw2QC6Lusz__XY4CV4128vDo < Cache-Control: private < Content-Type: text/html; charset=UTF-8 < P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info." < Date: Tue, 29 Jun 2021 11:29:08 GMT < Server: gws < Content-Length: 370 < X-XSS-Protection: 0 < X-Frame-Options: SAMEORIGIN < Set-Cookie: 1P_JAR=2021-06-29-11; expires=Thu, 29-Jul-2021 11:29:08 GMT; path=/; domain=.google.com; Secure < Set-Cookie: NID=218=mAQ-WwaoohthEWglgFX6uc1oS1THml90khjAACvGj_9OGJ73I3SvN6kwGB4ahRX3uZh5Sw0__Q-y5ahjTAvJtItGntahKmj_d4ESUipCEyIjCRsskk88MU_sF6xOPwhvpqQdY3Zs5ZdscNbvbvB5Z0n0iVnRtGayv2Is44Z8phc; expires=Wed, 29-Dec-2021 11:29:08 GMT; path=/; domain=.google.com; HttpOnly < Proxy-Connection: keep-alive < <HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8"> <TITLE>302 Moved</TITLE></HEAD><BODY> <H1>302 Moved</H1> The document has moved <A HREF="http://www.google.com.hk/url?sa=p&hl=zh-CN&pref=hkredirect&pval=yes&q=http://www.google.com.hk/&ust=1624966178742441&usg=AOvVaw2QC6Lusz__XY4CV4128vDo">here</A>. </BODY></HTML> * Connection #0 to host 127.0.0.1 left intact [root@iZ23wv7v5ggZ ~]# curl -v https://www.google.com * About to connect() to proxy 127.0.0.1 port 8118 (#0) * Trying 127.0.0.1... * Connected to 127.0.0.1 (127.0.0.1) port 8118 (#0) * Establish HTTP proxy tunnel to www.google.com:443 > CONNECT www.google.com:443 HTTP/1.1 > Host: www.google.com:443 > User-Agent: curl/7.29.0 > Proxy-Connection: Keep-Alive > < HTTP/1.1 200 Connection established < * Proxy replied OK to CONNECT request * Initializing NSS with certpath: sql:/etc/pki/nssdb * CAfile: /etc/pki/tls/certs/ca-bundle.crt CApath: none * SSL connection using TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 * Server certificate: * subject: CN=www.google.com,O=Google LLC,L=Mountain View,ST=California,C=US * start date: May 31 03:52:12 2021 GMT * expire date: Aug 23 03:52:11 2021 GMT * common name: www.google.com * issuer: CN=GTS CA 1O1,O=Google Trust Services,C=US > GET / HTTP/1.1 > User-Agent: curl/7.29.0 > Host: www.google.com > Accept: */* > < HTTP/1.1 302 Found < Location: https://www.google.com.hk/url?sa=p&hl=zh-CN&pref=hkredirect&pval=yes&q=https://www.google.com.hk/&ust=1624966197905473&usg=AOvVaw3rpxJ3M42WvO-874oCUUAA < Cache-Control: private < Content-Type: text/html; charset=UTF-8 < P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info." < Date: Tue, 29 Jun 2021 11:29:27 GMT < Server: gws < Content-Length: 372 < X-XSS-Protection: 0 < X-Frame-Options: SAMEORIGIN < Set-Cookie: 1P_JAR=2021-06-29-11; expires=Thu, 29-Jul-2021 11:29:27 GMT; path=/; domain=.google.com; Secure < Set-Cookie: NID=218=Oer550Xi5XY2PWWVqYODOuO0eo3bDFJv7wRpooU1FMnNvfWZSI9azb4-oPY_CIbBjn1Wyt4ycJYne9IHTdySDugiDbXhZeEnWSt66bpphBWLPcNyQyEqIS1ltdCHGJw_C8XV3LSlF2NSUbtI825BQGha3baM6qJVvQI2x2Pj-XU; expires=Wed, 29-Dec-2021 11:29:27 GMT; path=/; domain=.google.com; HttpOnly < Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" < <HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8"> <TITLE>302 Moved</TITLE></HEAD><BODY> <H1>302 Moved</H1> The document has moved <A HREF="https://www.google.com.hk/url?sa=p&hl=zh-CN&pref=hkredirect&pval=yes&q=https://www.google.com.hk/&ust=1624966197905473&usg=AOvVaw3rpxJ3M42WvO-874oCUUAA">here</A>. </BODY></HTML> * Connection #0 to host 127.0.0.1 left intact [root@iZ23wv7v5ggZ ~]# curl -v https://sitekit.withgoogle.com * About to connect() to proxy 127.0.0.1 port 8118 (#0) * Trying 127.0.0.1... * Connected to 127.0.0.1 (127.0.0.1) port 8118 (#0) * Establish HTTP proxy tunnel to sitekit.withgoogle.com:443 > CONNECT sitekit.withgoogle.com:443 HTTP/1.1 > Host: sitekit.withgoogle.com:443 > User-Agent: curl/7.29.0 > Proxy-Connection: Keep-Alive > < HTTP/1.1 200 Connection established < * Proxy replied OK to CONNECT request * Initializing NSS with certpath: sql:/etc/pki/nssdb * CAfile: /etc/pki/tls/certs/ca-bundle.crt CApath: none * SSL connection using TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 * Server certificate: * subject: CN=*.appspot.com,O=Google LLC,L=Mountain View,ST=California,C=US * start date: Jun 07 01:07:29 2021 GMT * expire date: Aug 30 01:07:28 2021 GMT * common name: *.appspot.com * issuer: CN=GTS CA 1O1,O=Google Trust Services,C=US > GET / HTTP/1.1 > User-Agent: curl/7.29.0 > Host: sitekit.withgoogle.com > Accept: */* > < HTTP/1.1 200 OK < Content-Type: text/html; charset=utf-8 < Vary: Accept-Encoding < X-Cloud-Trace-Context: 803be8061a081faa119115967f932ca2 < Date: Tue, 29 Jun 2021 11:29:47 GMT < Server: Google Frontend < Content-Length: 89089 < Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" < <!DOCTYPE html> <html lang="en-US" class="no-js glue-flexbox glue-app-ready" amp="" i-amphtml-layout="" i-amphtml-no-boilerplate="" transformed="self;v=1">^C [root@iZ23wv7v5ggZ ~]# curl -v https://www.youtube.com * About to connect() to proxy 127.0.0.1 port 8118 (#0) * Trying 127.0.0.1... * Connected to 127.0.0.1 (127.0.0.1) port 8118 (#0) * Establish HTTP proxy tunnel to www.youtube.com:443 > CONNECT www.youtube.com:443 HTTP/1.1 > Host: www.youtube.com:443 > User-Agent: curl/7.29.0 > Proxy-Connection: Keep-Alive > < HTTP/1.1 200 Connection established < * Proxy replied OK to CONNECT request * Initializing NSS with certpath: sql:/etc/pki/nssdb * CAfile: /etc/pki/tls/certs/ca-bundle.crt CApath: none * SSL connection using TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 * Server certificate: * subject: CN=*.google.com,O=Google LLC,L=Mountain View,ST=California,C=US * start date: May 31 01:35:44 2021 GMT * expire date: Aug 23 01:35:43 2021 GMT * common name: *.google.com * issuer: CN=GTS CA 1O1,O=Google Trust Services,C=US > GET / HTTP/1.1 > User-Agent: curl/7.29.0 > Host: www.youtube.com > Accept: */* > < HTTP/1.1 200 OK < Content-Type: text/html; charset=utf-8 < X-Content-Type-Options: nosniff < Cache-Control: no-cache, no-store, max-age=0, must-revalidate < Pragma: no-cache < Expires: Mon, 01 Jan 1990 00:00:00 GMT < Date: Tue, 29 Jun 2021 11:30:03 GMT < X-Frame-Options: SAMEORIGIN < Strict-Transport-Security: max-age=31536000 < permissions-policy: ch-ua-full-version=*, ch-ua-platform=*, ch-ua-platform-version=*, ch-ua-arch=*, ch-ua-model=* < P3P: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=en for more info." < Server: ESF < X-XSS-Protection: 0 < Set-Cookie: GPS=1; Domain=.youtube.com; Expires=Tue, 29-Jun-2021 12:00:03 GMT; Path=/; Secure; HttpOnly < Set-Cookie: YSC=qYlVjgY4Muk; Domain=.youtube.com; Path=/; Secure; HttpOnly; SameSite=none < Set-Cookie: VISITOR_INFO1_LIVE=kVRgqbeY_lI; Domain=.youtube.com; Expires=Sun, 26-Dec-2021 11:30:03 GMT; Path=/; Secure; HttpOnly; SameSite=none < Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" < Accept-Ranges: none < Vary: Accept-Encoding < Transfer-Encoding: chunked < <!DOCTYPE html>^C [root@iZ23wv7v5ggZ ~]#
近期评论