在阿里云大陆 ECS 的 CentOS 7.x 中安装 V2Ray 后 HTTP 请求 Google、YouTube 的实现
1、列出所有版本信息,执行命令:lsb_release -a。版本:CentOS 7.7。如图1
1 2 3 4 5 6 7 | [root@iZ23wv7v5ggZ ~]# lsb_release -a LSB Version: :core-4.1-amd64:core-4.1-noarch Distributor ID: CentOS Description: CentOS Linux release 7.7.1908 (Core) Release: 7.7.1908 Codename: Core [root@iZ23wv7v5ggZ ~]# |
2、查看 bash 版本:4.2.46。如图2
1 2 3 4 5 6 7 8 9 | [root@iZ23wv7v5ggZ bin]# bash --version GNU bash, version 4.2.46(2)-release (x86_64-redhat-linux-gnu) Copyright (C) 2011 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html> This is free software; you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. [root@iZ23wv7v5ggZ bin]# ^C [root@iZ23wv7v5ggZ bin]# |
3、安装和更新 V2Ray,参考网址:https://github.com/v2fly/fhs-install-v2ray/blob/master/README.zh-Hans-CN.md 。如图3
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 | [root@iZ23wv7v5ggZ ~]# bash <(curl -L https://raw.githubusercontent.com/v2fly/fhs-install-v2ray/master/install-release.sh) % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 21613 100 21613 0 0 21964 0 --:--:-- --:--:-- --:--:-- 21964 info: Installing V2Ray v4.40.1 for x86_64 Downloading V2Ray archive: https://github.com/v2fly/v2ray-core/releases/download/v4.40.1/v2ray-linux-64.zip % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 626 100 626 0 0 734 0 --:--:-- --:--:-- --:--:-- 733 100 12.3M 100 12.3M 0 0 2996k 0 0:00:04 0:00:04 --:--:-- 4167k Downloading verification file for V2Ray archive: https://github.com/v2fly/v2ray-core/releases/download/v4.40.1/v2ray-linux-64.zip.dgst info: Extract the V2Ray package to /tmp/tmp.Kbb2Sg6CcW and prepare it for installation. rm: cannot remove ‘/etc/systemd/system/v2ray.service.d/10-donot_touch_multi_conf.conf’: No such file or directory rm: cannot remove ‘/etc/systemd/system/v2ray@.service.d/10-donot_touch_multi_conf.conf’: No such file or directory info: Systemd service files have been installed successfully! warning: The following are the actual parameters for the v2ray service startup. warning: Please make sure the configuration file path is correctly set. ~~~~~~~~~~~~~~~~ [Unit] Description=V2Ray Service Documentation=https://www.v2fly.org/ After=network.target nss-lookup.target [Service] User=nobody CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE AmbientCapabilities=CAP_NET_ADMIN CAP_NET_BIND_SERVICE NoNewPrivileges=true ExecStart=/usr/local/bin/v2ray -config /usr/local/etc/v2ray/config.json Restart=on-failure RestartPreventExitStatus=23 [Install] WantedBy=multi-user.target # In case you have a good reason to do so, duplicate this file in the same directory and make your customizes there. # Or all changes you made will be lost! # Refer: https://www.freedesktop.org/software/systemd/man/systemd.unit.html [Service] ExecStart= ExecStart=/usr/local/bin/v2ray -config /usr/local/etc/v2ray/config.json ~~~~~~~~~~~~~~~~ warning: The systemd version on the current operating system is too low. warning: Please consider to upgrade the systemd or the operating system. installed: /usr/local/bin/v2ray installed: /usr/local/bin/v2ctl installed: /usr/local/share/v2ray/geoip.dat installed: /usr/local/share/v2ray/geosite.dat installed: /usr/local/etc/v2ray/config.json installed: /var/log/v2ray/ installed: /var/log/v2ray/access.log installed: /var/log/v2ray/error.log installed: /etc/systemd/system/v2ray.service installed: /etc/systemd/system/v2ray@.service removed: /tmp/tmp.Kbb2Sg6CcW info: V2Ray v4.40.1 is installed. You may need to execute a command to remove dependent software: yum remove curl unzip Please execute the command: systemctl enable v2ray; systemctl start v2ray [root@iZ23wv7v5ggZ ~]# systemctl enable v2ray Created symlink from /etc/systemd/system/multi-user.target.wants/v2ray.service to /etc/systemd/system/v2ray.service. [root@iZ23wv7v5ggZ ~]# systemctl start v2ray [root@iZ23wv7v5ggZ ~]# |
4、我购买了一个商业版本的 V2RAY 服务端 GetSS,选择香港的 Azure 服务器,复制 URL。其值已不可用,我做了修改。如图4
1 | vmess://eyJhZGQiOiJoazAxLmdldHNzLnRvcCIsImhvc3QiOiIiLCJpZCI6IjRBNjMzOEU0LTI3RDItQkQ5My01MUI1LUIzQjIxRUEwM0JFMiIsIm5ldCI6InRjcCIsInBhdGgiOiIiLCJwb3J0IjoiMjM0NTYiLCJ5wcyI6IkhLLUhLVC14MCIsInRscy66I6IiIsInYiOjIsImFpZCI6MCwidHlwZSI6Im5vbmUifQ== |
5、将 vmess:// 后面的值 base64 解码后。json 格式化,其值如下。后续用于配置阿里云服务器上的 V2RAY 客户端。其值已不可用,我做了修改。如图5
1 2 3 4 5 6 7 8 9 10 11 12 13 | { "add": "hk01.getss.top", "host": "", "id": "4A6338E4-27D2-BD93-515B5-B3B21EA6603BE2", "net": "tcp", "path": "", "port": "23456", "ps": "HK-HKT-x0", "tls": "", "v": 2, "aid": 0, "type": "none" } |
6、查看文件 /usr/local/etc/v2ray/config.json,其值为空对象
1 2 3 | [root@iZ23wv7v5ggZ ~]# cat /usr/local/etc/v2ray/config.json {} [root@iZ23wv7v5ggZ ~]# |
7、V2Ray 没有使用常规代理软件的 C/S(即客户端/服务器)结构,它既可以当做服务器也可以作为客户端。配置客户端,参考文件:C:\Users\Administrator\AppData\Roaming\GetSS\config.json。GetSS 为 Windows 客户端。编辑 /usr/local/etc/v2ray/config.json。如图6
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 | { "policy": { "levels": { "0": { "uplinkOnly": 0 } } }, "inbound": { "listen": "127.0.0.1", "port": 1081, "protocol": "socks", "settings": { "auth": "noauth", "udp": false, "ip": "127.0.0.1" } }, "inboundDetour": [ { "listen": "127.0.0.1", "allocate": { "strategy": "always", "refresh": 5, "concurrency": 3 }, "port": 8001, "protocol": "http", "tag": "httpDetour", "domainOverride": [ "http", "tls" ], "streamSettings": {}, "settings": { "timeout": 0 } } ], "log": { "loglevel": "warning" }, "dns": { "servers": [ "223.5.5.5" ] }, "outboundDetour": [ { "protocol": "freedom", "tag": "direct", "settings": {} } ], "outbound": { "sendThrough": "0.0.0.0", "mux": { "enabled": false, "concurrency": 8 }, "protocol": "vmess", "settings": { "vnext": [ { "address": "hk01.getss.top", "port": 23456, "users": [ { "id": "4A6338E4-27D2-BD5593-51B5-B3B21EA03BE2", "alterId": 0, "security": "auto", "level": 0 } ], "remark": "HK-HKT-x0" } ] }, "streamSettings": { "wsSettings": { "path": "", "headers": { "Host": "" } }, "tcpSettings": { "header": { "type": "none" } }, "security": "", "tlsSettings": { "serverName": "", "allowInsecure": false }, "httpSettings": { "path": "", "host": [ "" ] }, "kcpSettings": { "header": { "type": "none" }, "mtu": 1350, "congestion": false, "tti": 20, "uplinkCapacity": 5, "writeBufferSize": 1, "readBufferSize": 1, "downlinkCapacity": 20 }, "network": "tcp" } } } |
8、使用 V2Ray 提供的配置检查功能(test 选项),因为可以检查 JSON 语法错误外的问题,比如说突然间手抖把 vmess 写成了 vmss,一下子就检查出来了。如果是配置文件没问题,则是这样的。
1 2 3 4 5 | [root@iZ23wv7v5ggZ ~]# /usr/local/bin/v2ray -test -config /usr/local/etc/v2ray/config.json V2Ray 4.40.1 (V2Fly, a community-driven edition of V2Ray.) Custom (go1.16.5 linux/amd64) A unified platform for anti-censorship. Configuration OK. [root@iZ23wv7v5ggZ ~]# |
9、VMess 协议的认证基于时间,一定要保证服务器和客户端的系统时间相差要在90秒以内。查看阿里云服务器的系统时间。
1 2 3 | [root@iZ23wv7v5ggZ ~]# date Thu Jun 24 16:50:13 CST 2021 [root@iZ23wv7v5ggZ ~]# |
10、实际上数据包的流向:{浏览器} <–(socks)–> {V2Ray 客户端 inbound <-> V2Ray 客户端 outbound} <–(VMess)–> {V2Ray 服务器 inbound <-> V2Ray 服务器 outbound} <–(Freedom)–> {目标网站}。
11、查看与代理端口 1081 相链接的端口。显示所有连线中的 Socket。
1 2 3 | [root@iZ23wv7v5ggZ ~]# netstat -nat | grep 1081 -a tcp6 0 0 :::1080 :::* LISTEN [root@iZ23wv7v5ggZ ~]# |
12、测试阿里云服务器基于 socks 请求 http://httpbin.org/ip、https://www.google.com、https://www.youtube.com。连接成功。如图7
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 | [root@iZ23wv7v5ggZ v2ray]# curl --socks5 127.0.0.1:1081 http://httpbin.org/ip { "origin": "14.192.49.13" } [root@iZ23wv7v5ggZ v2ray]# curl --socks5 127.0.0.1:1081 http://www.google.com curl: (52) Empty reply from server [root@iZ23wv7v5ggZ v2ray]# curl --socks5 127.0.0.1:1081 https://www.google.com curl: (51) Unable to communicate securely with peer: requested domain name does not match the server's certificate. [root@iZ23wv7v5ggZ v2ray]# curl -v --socks5 127.0.0.1:1081 https://sitekit.withgoogle.com * About to connect() to proxy 127.0.0.1 port 1081 (#0) * Trying 127.0.0.1... * 216 * 58 * 200 * 49 * Connected to 127.0.0.1 (127.0.0.1) port 1081 (#0) * Initializing NSS with certpath: sql:/etc/pki/nssdb * CAfile: /etc/pki/tls/certs/ca-bundle.crt CApath: none * SSL connection using TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 * Server certificate: * subject: CN=*.appspot.com,O=Google LLC,L=Mountain View,ST=California,C=US * start date: May 31 01:07:40 2021 GMT * expire date: Aug 23 01:07:39 2021 GMT * common name: *.appspot.com * issuer: CN=GTS CA 1O1,O=Google Trust Services,C=US > GET / HTTP/1.1 > User-Agent: curl/7.29.0 > Host: sitekit.withgoogle.com > Accept: */* > < HTTP/1.1 200 OK < Content-Type: text/html; charset=utf-8 < Vary: Accept-Encoding < X-Cloud-Trace-Context: f0ad2afe1e1be1a7fd9d592b1b2e4c62 < Date: Fri, 25 Jun 2021 09:35:19 GMT < Server: Google Frontend < Content-Length: 89089 < Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" < <!DOCTYPE html> [root@iZ23wv7v5ggZ ~]# curl -v --socks5 127.0.0.1:1081 https://www.youtube.com * About to connect() to proxy 127.0.0.1 port 1081 (#0) * Trying 127.0.0.1... * 172 * 217 * 160 * 110 * Connected to 127.0.0.1 (127.0.0.1) port 1081 (#0) * Initializing NSS with certpath: sql:/etc/pki/nssdb * CAfile: /etc/pki/tls/certs/ca-bundle.crt CApath: none * SSL connection using TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 * Server certificate: * subject: CN=*.google.com,O=Google LLC,L=Mountain View,ST=California,C=US * start date: May 31 01:35:44 2021 GMT * expire date: Aug 23 01:35:43 2021 GMT * common name: *.google.com * issuer: CN=GTS CA 1O1,O=Google Trust Services,C=US > GET / HTTP/1.1 > User-Agent: curl/7.29.0 > Host: www.youtube.com > Accept: */* > < HTTP/1.1 200 OK < Content-Type: text/html; charset=utf-8 < X-Content-Type-Options: nosniff < Cache-Control: no-cache, no-store, max-age=0, must-revalidate < Pragma: no-cache < Expires: Mon, 01 Jan 1990 00:00:00 GMT < Date: Mon, 28 Jun 2021 11:09:13 GMT < X-Frame-Options: SAMEORIGIN < Strict-Transport-Security: max-age=31536000 < permissions-policy: ch-ua-full-version=*, ch-ua-platform=*, ch-ua-platform-version=*, ch-ua-arch=*, ch-ua-model=* < P3P: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=en for more info." < Server: ESF < X-XSS-Protection: 0 < Set-Cookie: GPS=1; Domain=.youtube.com; Expires=Mon, 28-Jun-2021 11:39:13 GMT; Path=/; Secure; HttpOnly < Set-Cookie: YSC=Mpx-P60pfFM; Domain=.youtube.com; Path=/; Secure; HttpOnly; SameSite=none < Set-Cookie: VISITOR_INFO1_LIVE=I25nZHCzTQA; Domain=.youtube.com; Expires=Sat, 25-Dec-2021 11:09:13 GMT; Path=/; Secure; HttpOnly; SameSite=none < Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" < Accept-Ranges: none < Vary: Accept-Encoding < Transfer-Encoding: chunked < <!DOCTYPE html><html style="font-size: 10px;font-family: Roboto, Arial, sans-serif;" lang="en" typography typography-spacing><head><meta http-equiv="X-UA-Compatible" content="IE=edge"/><script nonce="m6im/2YfcUAbOVHb8ZzpHQ">var ytcfg={d:function(){return window.yt&&yt.config_||ytcfg.data_||(ytcfg.data_={})},get:function(k,o){return k in ytcfg.d()?ytcfg.d()[k]:o},set:function(){var a=arguments;if(a.length>1)ytcfg.d()[a[0]]=a[1];else for(var k in a[0])ytcfg.d()[k]=a[0][k]}}; |
13、阿里云服务器开放的端口 1081、8118 需要 运行命令开放。打开防火墙 iptables。如图8
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 | [root@iZ23wv7v5ggZ ~]# cat /etc/sysconfig/iptables # Generated by iptables-save v1.4.21 on Mon Jun 28 19:53:18 2021 *filter :INPUT DROP [2:80] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [247:63813] :syn-flood - [0:0] -A INPUT -p tcp -m tcp --dport 8118 -m state --state NEW -j ACCEPT -A INPUT -p tcp -m tcp --dport 1081 -m state --state NEW -j ACCEPT -A INPUT -p tcp -m tcp --dport 1080 -m state --state NEW -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT -A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT -A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT -A INPUT -p tcp -m state --state NEW -m tcp --dport 21 -j ACCEPT -A INPUT -p tcp -m state --state NEW -m tcp --dport 20000:30000 -j ACCEPT -A INPUT -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT -A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT COMMIT # Completed on Mon Jun 28 19:53:18 2021 [root@iZ23wv7v5ggZ v2ray]# iptables -I INPUT -p tcp --dport 1081 -m state --state NEW -j ACCEPT [root@iZ23wv7v5ggZ v2ray]# service iptables save iptables: Saving firewall rules to /etc/sysconfig/iptables:[ OK ] [root@iZ23wv7v5ggZ v2ray]# cat /etc/sysconfig/iptables # Generated by iptables-save v1.4.21 on Fri Jun 25 17:19:08 2021 *filter :INPUT DROP [2:80] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [580:261280] :syn-flood - [0:0] -A INPUT -p tcp -m tcp --dport 1081 -m state --state NEW -j ACCEPT -A INPUT -p tcp -m tcp --dport 1080 -m state --state NEW -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT -A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT -A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT -A INPUT -p tcp -m state --state NEW -m tcp --dport 21 -j ACCEPT -A INPUT -p tcp -m state --state NEW -m tcp --dport 20000:30000 -j ACCEPT -A INPUT -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT -A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT COMMIT # Completed on Fri Jun 25 17:19:08 2021 [root@iZ23wv7v5ggZ v2ray]# |
14、安装配置 Privoxy,修改配置文件 /etc/privoxy/config。如图9
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 | /usr/local/bin/v2ray -test -config /usr/local/etc/v2ray/config.json [root@iZ23wv7v5ggZ ~]# yum -y install privoxy Loaded plugins: fastestmirror Determining fastest mirrors base | 3.6 kB 00:00 epel | 4.7 kB 00:00 extras | 2.9 kB 00:00 updates | 2.9 kB 00:00 (1/7): base/7/x86_64/group_gz | 153 kB 00:00 (2/7): epel/x86_64/group_gz | 96 kB 00:00 (3/7): epel/x86_64/updateinfo | 1.0 MB 00:00 (4/7): extras/7/x86_64/primary_db | 242 kB 00:00 (5/7): base/7/x86_64/primary_db | 6.1 MB 00:00 (6/7): epel/x86_64/primary_db | 6.9 MB 00:00 (7/7): updates/7/x86_64/primary_db | 8.8 MB 00:00 Resolving Dependencies --> Running transaction check ---> Package privoxy.x86_64 0:3.0.32-1.el7 will be installed --> Finished Dependency Resolution Dependencies Resolved ================================================================================ Package Arch Version Repository Size ================================================================================ Installing: privoxy x86_64 3.0.32-1.el7 epel 998 k Transaction Summary ================================================================================ Install 1 Package Total download size: 998 k Installed size: 3.1 M Downloading packages: privoxy-3.0.32-1.el7.x86_64.rpm | 998 kB 00:00 Running transaction check Running transaction test Transaction test succeeded Running transaction Installing : privoxy-3.0.32-1.el7.x86_64 1/1 Verifying : privoxy-3.0.32-1.el7.x86_64 1/1 Installed: privoxy.x86_64 0:3.0.32-1.el7 Complete! [root@iZ23wv7v5ggZ ~]# systemctl enable privoxy Created symlink from /etc/systemd/system/multi-user.target.wants/privoxy.service to /usr/lib/systemd/system/privoxy.service. [root@iZ23wv7v5ggZ ~]# systemctl start privoxy [root@iZ23wv7v5ggZ ~]# systemctl status privoxy ● privoxy.service - Privoxy Web Proxy With Advanced Filtering Capabilities Loaded: loaded (/usr/lib/systemd/system/privoxy.service; enabled; vendor preset: disabled) Active: active (running) since Thu 2021-06-24 11:08:07 CST; 5s ago Process: 6845 ExecStart=/usr/sbin/privoxy --pidfile /run/privoxy.pid --user privoxy /etc/privoxy/config (code=exited, status=0/SUCCESS) Main PID: 6846 (privoxy) CGroup: /system.slice/privoxy.service └─6846 /usr/sbin/privoxy --pidfile /run/privoxy.pid --user privoxy... Jun 24 11:08:06 iZ23wv7v5ggZ systemd[1]: Starting Privoxy Web Proxy With Adv.... Jun 24 11:08:07 iZ23wv7v5ggZ systemd[1]: Started Privoxy Web Proxy With Adva.... Hint: Some lines were ellipsized, use -l to show in full. [root@iZ23wv7v5ggZ ~]# yum install w3m -y Loaded plugins: fastestmirror Loading mirror speeds from cached hostfile Resolving Dependencies --> Running transaction check ---> Package w3m.x86_64 0:0.5.3-50.git20210102.el7 will be installed --> Processing Dependency: libcrypto.so.1.1(OPENSSL_1_1_0)(64bit) for package: w3m-0.5.3-50.git20210102.el7.x86_64 --> Processing Dependency: libssl.so.1.1(OPENSSL_1_1_0)(64bit) for package: w3m-0.5.3-50.git20210102.el7.x86_64 --> Processing Dependency: perl(NKF) for package: w3m-0.5.3-50.git20210102.el7.x86_64 --> Processing Dependency: libcrypto.so.1.1()(64bit) for package: w3m-0.5.3-50.git20210102.el7.x86_64 --> Processing Dependency: libgc.so.1()(64bit) for package: w3m-0.5.3-50.git20210102.el7.x86_64 --> Processing Dependency: libssl.so.1.1()(64bit) for package: w3m-0.5.3-50.git20210102.el7.x86_64 --> Running transaction check ---> Package gc.x86_64 0:7.2d-7.el7 will be installed ---> Package openssl11-libs.x86_64 1:1.1.1g-3.el7 will be installed ---> Package perl-NKF.x86_64 1:2.1.3-5.el7 will be installed --> Finished Dependency Resolution Dependencies Resolved ================================================================================ Package Arch Version Repository Size ================================================================================ Installing: w3m x86_64 0.5.3-50.git20210102.el7 epel 980 k Installing for dependencies: gc x86_64 7.2d-7.el7 base 158 k openssl11-libs x86_64 1:1.1.1g-3.el7 epel 1.5 M perl-NKF x86_64 1:2.1.3-5.el7 epel 131 k Transaction Summary ================================================================================ Install 1 Package (+3 Dependent packages) Total download size: 2.7 M Installed size: 6.5 M Downloading packages: (1/4): gc-7.2d-7.el7.x86_64.rpm | 158 kB 00:00 (2/4): perl-NKF-2.1.3-5.el7.x86_64.rpm | 131 kB 00:00 (3/4): openssl11-libs-1.1.1g-3.el7.x86_64.rpm | 1.5 MB 00:00 (4/4): w3m-0.5.3-50.git20210102.el7.x86_64.rpm | 980 kB 00:00 -------------------------------------------------------------------------------- Total 5.0 MB/s | 2.7 MB 00:00 Running transaction check Running transaction test Transaction test succeeded Running transaction Installing : 1:openssl11-libs-1.1.1g-3.el7.x86_64 1/4 Installing : gc-7.2d-7.el7.x86_64 2/4 Installing : 1:perl-NKF-2.1.3-5.el7.x86_64 3/4 Installing : w3m-0.5.3-50.git20210102.el7.x86_64 4/4 Verifying : 1:perl-NKF-2.1.3-5.el7.x86_64 1/4 Verifying : gc-7.2d-7.el7.x86_64 2/4 Verifying : w3m-0.5.3-50.git20210102.el7.x86_64 3/4 Verifying : 1:openssl11-libs-1.1.1g-3.el7.x86_64 4/4 Installed: w3m.x86_64 0:0.5.3-50.git20210102.el7 Dependency Installed: gc.x86_64 0:7.2d-7.el7 openssl11-libs.x86_64 1:1.1.1g-3.el7 perl-NKF.x86_64 1:2.1.3-5.el7 Complete! [root@iZ23wv7v5ggZ ~]# vi /etc/privoxy/config [root@iZ23wv7v5ggZ ~]# |
1 2 | listen-address 127.0.0.1:8118 forward-socks5t / 127.0.0.1:1081 . |
15、设置 http/https 代理,修改配置文件 /etc/profile。172.16.6.176 为服务器内网IP,表示不用代理。如图10
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 | [root@iZ23wv7v5ggZ ~]# vi /etc/profile [root@iZ23wv7v5ggZ ~]# systemctl stop privoxy [root@iZ23wv7v5ggZ ~]# systemctl start privoxy [root@iZ23wv7v5ggZ ~]# systemctl status privoxy ● privoxy.service - Privoxy Web Proxy With Advanced Filtering Capabilities Loaded: loaded (/usr/lib/systemd/system/privoxy.service; enabled; vendor preset: disabled) Active: active (running) since Fri 2021-06-25 19:17:34 CST; 10s ago Process: 10823 ExecStart=/usr/sbin/privoxy --pidfile /run/privoxy.pid --user privoxy /etc/privoxy/config (code=exited, status=0/SUCCESS) Main PID: 10824 (privoxy) CGroup: /system.slice/privoxy.service └─10824 /usr/sbin/privoxy --pidfile /run/privoxy.pid --user privoxy /etc/privoxy/config Jun 25 19:17:33 iZ23wv7v5ggZ systemd[1]: Starting Privoxy Web Proxy With Advanced Filtering Capabilities... Jun 25 19:17:34 iZ23wv7v5ggZ systemd[1]: Started Privoxy Web Proxy With Advanced Filtering Capabilities. [root@iZ23wv7v5ggZ ~]# |
1 2 3 4 | export http_proxy=http://127.0.0.1:8118 export https_proxy=http://127.0.0.1:8118 export ftp_proxy=http://127.0.0.1:8118 export no_proxy="172.16.6.176" |
16、测试阿里云服务器基于 curl http 请求 http://httpbin.org/ip、https://www.google.com、https://www.youtube.com。连接成功。如图11
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 | [root@iZ23wv7v5ggZ ~]# curl -v http://httpbin.org/ip * About to connect() to proxy 127.0.0.1 port 8118 (#0) * Trying 127.0.0.1... * Connected to 127.0.0.1 (127.0.0.1) port 8118 (#0) > GET http://httpbin.org/ip HTTP/1.1 > User-Agent: curl/7.29.0 > Host: httpbin.org > Accept: */* > Proxy-Connection: Keep-Alive > < HTTP/1.1 200 OK < Date: Tue, 29 Jun 2021 11:28:55 GMT < Content-Type: application/json < Content-Length: 31 < Connection: keep-alive < Server: gunicorn/19.9.0 < Access-Control-Allow-Origin: * < Access-Control-Allow-Credentials: true < Proxy-Connection: keep-alive < { "origin": "14.192.49.13" } * Connection #0 to host 127.0.0.1 left intact [root@iZ23wv7v5ggZ ~]# curl -v http://www.google.com * About to connect() to proxy 127.0.0.1 port 8118 (#0) * Trying 127.0.0.1... * Connected to 127.0.0.1 (127.0.0.1) port 8118 (#0) > GET http://www.google.com/ HTTP/1.1 > User-Agent: curl/7.29.0 > Host: www.google.com > Accept: */* > Proxy-Connection: Keep-Alive > < HTTP/1.1 302 Found < Cache-Control: private < Content-Type: text/html; charset=UTF-8 < P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info." < Date: Tue, 29 Jun 2021 11:29:08 GMT < Server: gws < Content-Length: 370 < X-XSS-Protection: 0 < X-Frame-Options: SAMEORIGIN < Set-Cookie: 1P_JAR=2021-06-29-11; expires=Thu, 29-Jul-2021 11:29:08 GMT; path=/; domain=.google.com; Secure < Set-Cookie: NID=218=mAQ-WwaoohthEWglgFX6uc1oS1THml90khjAACvGj_9OGJ73I3SvN6kwGB4ahRX3uZh5Sw0__Q-y5ahjTAvJtItGntahKmj_d4ESUipCEyIjCRsskk88MU_sF6xOPwhvpqQdY3Zs5ZdscNbvbvB5Z0n0iVnRtGayv2Is44Z8phc; expires=Wed, 29-Dec-2021 11:29:08 GMT; path=/; domain=.google.com; HttpOnly < Proxy-Connection: keep-alive < <HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8"> <TITLE>302 Moved</TITLE></HEAD><BODY> <H1>302 Moved</H1> The document has moved <A HREF="http://www.google.com.hk/url?sa=p&hl=zh-CN&pref=hkredirect&pval=yes&q=http://www.google.com.hk/&ust=1624966178742441&usg=AOvVaw2QC6Lusz__XY4CV4128vDo">here</A>. </BODY></HTML> * Connection #0 to host 127.0.0.1 left intact [root@iZ23wv7v5ggZ ~]# curl -v https://www.google.com * About to connect() to proxy 127.0.0.1 port 8118 (#0) * Trying 127.0.0.1... * Connected to 127.0.0.1 (127.0.0.1) port 8118 (#0) * Establish HTTP proxy tunnel to www.google.com:443 > CONNECT www.google.com:443 HTTP/1.1 > Host: www.google.com:443 > User-Agent: curl/7.29.0 > Proxy-Connection: Keep-Alive > < HTTP/1.1 200 Connection established < * Proxy replied OK to CONNECT request * Initializing NSS with certpath: sql:/etc/pki/nssdb * CAfile: /etc/pki/tls/certs/ca-bundle.crt CApath: none * SSL connection using TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 * Server certificate: * subject: CN=www.google.com,O=Google LLC,L=Mountain View,ST=California,C=US * start date: May 31 03:52:12 2021 GMT * expire date: Aug 23 03:52:11 2021 GMT * common name: www.google.com * issuer: CN=GTS CA 1O1,O=Google Trust Services,C=US > GET / HTTP/1.1 > User-Agent: curl/7.29.0 > Host: www.google.com > Accept: */* > < HTTP/1.1 302 Found < Cache-Control: private < Content-Type: text/html; charset=UTF-8 < P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info." < Date: Tue, 29 Jun 2021 11:29:27 GMT < Server: gws < Content-Length: 372 < X-XSS-Protection: 0 < X-Frame-Options: SAMEORIGIN < Set-Cookie: 1P_JAR=2021-06-29-11; expires=Thu, 29-Jul-2021 11:29:27 GMT; path=/; domain=.google.com; Secure < Set-Cookie: NID=218=Oer550Xi5XY2PWWVqYODOuO0eo3bDFJv7wRpooU1FMnNvfWZSI9azb4-oPY_CIbBjn1Wyt4ycJYne9IHTdySDugiDbXhZeEnWSt66bpphBWLPcNyQyEqIS1ltdCHGJw_C8XV3LSlF2NSUbtI825BQGha3baM6qJVvQI2x2Pj-XU; expires=Wed, 29-Dec-2021 11:29:27 GMT; path=/; domain=.google.com; HttpOnly < Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" < <HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8"> <TITLE>302 Moved</TITLE></HEAD><BODY> <H1>302 Moved</H1> The document has moved <A HREF="https://www.google.com.hk/url?sa=p&hl=zh-CN&pref=hkredirect&pval=yes&q=https://www.google.com.hk/&ust=1624966197905473&usg=AOvVaw3rpxJ3M42WvO-874oCUUAA">here</A>. </BODY></HTML> * Connection #0 to host 127.0.0.1 left intact [root@iZ23wv7v5ggZ ~]# curl -v https://sitekit.withgoogle.com * About to connect() to proxy 127.0.0.1 port 8118 (#0) * Trying 127.0.0.1... * Connected to 127.0.0.1 (127.0.0.1) port 8118 (#0) * Establish HTTP proxy tunnel to sitekit.withgoogle.com:443 > CONNECT sitekit.withgoogle.com:443 HTTP/1.1 > Host: sitekit.withgoogle.com:443 > User-Agent: curl/7.29.0 > Proxy-Connection: Keep-Alive > < HTTP/1.1 200 Connection established < * Proxy replied OK to CONNECT request * Initializing NSS with certpath: sql:/etc/pki/nssdb * CAfile: /etc/pki/tls/certs/ca-bundle.crt CApath: none * SSL connection using TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 * Server certificate: * subject: CN=*.appspot.com,O=Google LLC,L=Mountain View,ST=California,C=US * start date: Jun 07 01:07:29 2021 GMT * expire date: Aug 30 01:07:28 2021 GMT * common name: *.appspot.com * issuer: CN=GTS CA 1O1,O=Google Trust Services,C=US > GET / HTTP/1.1 > User-Agent: curl/7.29.0 > Host: sitekit.withgoogle.com > Accept: */* > < HTTP/1.1 200 OK < Content-Type: text/html; charset=utf-8 < Vary: Accept-Encoding < X-Cloud-Trace-Context: 803be8061a081faa119115967f932ca2 < Date: Tue, 29 Jun 2021 11:29:47 GMT < Server: Google Frontend < Content-Length: 89089 < Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" < <!DOCTYPE html> <html lang="en-US" class="no-js glue-flexbox glue-app-ready" amp="" i-amphtml-layout="" i-amphtml-no-boilerplate="" transformed="self;v=1">^C [root@iZ23wv7v5ggZ ~]# curl -v https://www.youtube.com * About to connect() to proxy 127.0.0.1 port 8118 (#0) * Trying 127.0.0.1... * Connected to 127.0.0.1 (127.0.0.1) port 8118 (#0) * Establish HTTP proxy tunnel to www.youtube.com:443 > CONNECT www.youtube.com:443 HTTP/1.1 > Host: www.youtube.com:443 > User-Agent: curl/7.29.0 > Proxy-Connection: Keep-Alive > < HTTP/1.1 200 Connection established < * Proxy replied OK to CONNECT request * Initializing NSS with certpath: sql:/etc/pki/nssdb * CAfile: /etc/pki/tls/certs/ca-bundle.crt CApath: none * SSL connection using TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 * Server certificate: * subject: CN=*.google.com,O=Google LLC,L=Mountain View,ST=California,C=US * start date: May 31 01:35:44 2021 GMT * expire date: Aug 23 01:35:43 2021 GMT * common name: *.google.com * issuer: CN=GTS CA 1O1,O=Google Trust Services,C=US > GET / HTTP/1.1 > User-Agent: curl/7.29.0 > Host: www.youtube.com > Accept: */* > < HTTP/1.1 200 OK < Content-Type: text/html; charset=utf-8 < X-Content-Type-Options: nosniff < Cache-Control: no-cache, no-store, max-age=0, must-revalidate < Pragma: no-cache < Expires: Mon, 01 Jan 1990 00:00:00 GMT < Date: Tue, 29 Jun 2021 11:30:03 GMT < X-Frame-Options: SAMEORIGIN < Strict-Transport-Security: max-age=31536000 < permissions-policy: ch-ua-full-version=*, ch-ua-platform=*, ch-ua-platform-version=*, ch-ua-arch=*, ch-ua-model=* < P3P: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=en for more info." < Server: ESF < X-XSS-Protection: 0 < Set-Cookie: GPS=1; Domain=.youtube.com; Expires=Tue, 29-Jun-2021 12:00:03 GMT; Path=/; Secure; HttpOnly < Set-Cookie: YSC=qYlVjgY4Muk; Domain=.youtube.com; Path=/; Secure; HttpOnly; SameSite=none < Set-Cookie: VISITOR_INFO1_LIVE=kVRgqbeY_lI; Domain=.youtube.com; Expires=Sun, 26-Dec-2021 11:30:03 GMT; Path=/; Secure; HttpOnly; SameSite=none < Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" < Accept-Ranges: none < Vary: Accept-Encoding < Transfer-Encoding: chunked < <!DOCTYPE html>^C [root@iZ23wv7v5ggZ ~]# |
近期评论