—-Salvation lies within.—-

GoAgent

Download GoAgent which has been employed.(Your own cloud space)

Setting

Chrome on Windows

1. Download xx-net
2. Upload goagent account to xx-net on chrome
3. Use it

Firefox on ubuntu with foxproxy

1. Download foxproxy
2. Add new pattern to foxproxy
   • Manually add 127.0.0.1:8087 to the pattern
   • Do not use this proxy for internal IP addresses
3. Pattern Subscription
   • Subscription URL: https://raw.githubusercontent.com/gfwlist/gfwlist/master/gfwlist.txt
   • Proxies: add proxies with GoAgent of process 2
   • Format: Autoproxy obfuscation: base64
4. Quick add
   • enabled

Terminal use

1. Directly use the commands in terminal or add them to bashrc, as follow.

     export https_proxy="127.0.0.1:8087"
     export http_proxy="127.0.0.1:8087"
   

   The above lines have default protocol (http). It is the same with https://127.0.0.1:8087.
   The following processes are optional: git config --global http.sslVerify false. Then git config uses proxy agent. Or use the following to open http channel:

   git config --global http.proxy 'socks5://127.0.0.1:1080' 
   git config --global https.proxy 'socks5://127.0.0.1:1080'
   

   When you use export, you could use curl ip.gs to check the ip address.
   Of course, you should install curl with sudo apt-get install curl.

2. Use alias in terminal, add the following to bashrc.

# another way to add proxy for ss proxy
alias setproxy="export ALL_PROXY=socks5://127.0.0.1:1080"
alias unsetproxy="unset ALL_PROXY"

Release busy port with GoAgent

Because GoAgent is busy with port 8087

inin@inin-pc:~$ sudo lsof -i:8087
COMMAND  PID USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
python  2274 root    6u  IPv4  16595      0t0  TCP localhost:8087 (LISTEN)
inin@inin-pc:~$ kill 2274

xx-net

Log in xx-net and download source code. And no need to download GoAgent in Baidu cloud.

1. Install the following software

   sudo apt-get install python-openssl
   sudo apt-get install libffi-dev
   sudo apt-get install python-gtk2
   sudo apt-get install python-appindicator
   sudo apt-get install libnss3-tools
   

2. Run background: carry out the command:

   xx_net.sh start/stop/restart
   

   At this time, input 127.0.0.1:8085 to browser. Adopt the way of “Firefox on ubuntu with foxproxy” to employ brower setting.

3. AutoBoot when start PC(optional): add the following content to /etc/rc.local:

   sudo /home/username/xxnet/xx_net.sh start
   

   vps配置

http://blog.csdn.net/boxuerixin/article/details/72393518
http://www.cnvultr.com/416.html

我还没有试试上面教程，只是我的同学试过，可以使用。

Shadownsocks setting

Shadowsocks on ubuntu

1. Install ss-qt5

sudo add-apt-repository ppa:hzwhuang/ss-qt5
sudo apt-get update
sudo apt-get install shadowsocks-qt5

You can also go to launchpad and search .deb file and install it.

1. Renew gui-config.json at any place.

2. Open terminal and input ss-qt5

3. In pop out gui named connection Manager, file -> import Connections from gui-config.json(choose gui-config.json renewed in the second process)

4. Config brower proxy setting

Shadowsocks on macOS

refer to the link and download shadowsocks.

Google cloud platform or Amazon cloud

GCP is far more expensive than other agencies like bandwagonHost(搬瓦工), vultr.

Register account for Google cloud

Register Google cloud platform, renew a project and renew a vm instance in the project, choose asia area, choose single cpu, and choose system as

Debian GNU/Linux 10 (jessie)
amd64 built on 20180611

check allow HTTP and HTTPS data.

Operation for Amazon cloud

Connect VPS with ssh with command ssh -i mykeys.pem ec2-user@instance-IP-addr. And pem is the publickey.

Install BBR and shadowsocks

Use ssh to log in the VM instance:

sudo -i
wget -N --no-check-certificate https://raw.githubusercontent.com/FunctionClub/YankeeBBR/master/bbr.sh && bash bbr.sh install
wget -N --no-check-certificate https://raw.githubusercontent.com/teddysun/across/master/bbr.sh && bash bbr.sh install

Abort kernel removal? Choose No. Then we reboot the system. Log the system with ssh another time. BBR is abbreviation of “Bottleneck Bandwidth and RTT” which optimize and control packages of TCP. BBR is supported above linux kernel 4.9.

sudo -i
bash bbr.sh start
wget --no-check-certificate https://raw.githubusercontent.com/teddysun/shadowsocks_install/master/shadowsocksR.sh && chmod +x shadowsocksR.sh
./shadowsocksR.sh

Input the password and port ID. And then input “enter” all the time.

The ports of TCP and UDP In firewall pattern: default-allow-http and default-allow-https need to be changed to the ports set above just now.

One of firewall setting (such as default-allow-https and the other is default-allow-http) is displayed in detail as:

The complete setting of firewall is shown:

From the above, we can see that the firewall rule is applied to all of VM instances. Add TCP ports of all of VM instances to default-allow-https and default-allow-https. In face, we can add different rules to difference instances, we can edit each instance to different web sign(网络标记)，namely, the red squre shows.

Enjoy!

You can also refer to the link.

V2ray tutorial

Refer to the githubBlog, of course, you need to cross over the gfw. The simple process can be concluded as following:

wget https://raw.githubusercontent.com/v2fly/fhs-install-v2ray/master/install-release.sh 
sudo bash install-release.sh 
#add config.json to /usr/local/etc/v2ray and modify port and id
sudo systemctl start v2ray

And the template of config.json can be found from github

Set Vmess + TLS (tcp + tls)

You can install v2ray from the above. And v2ray has different setting, such as websocket, vmess, vless and so on. They are different dependent on different content of config.json in /usr/local/etc/v2ray.

register a domain

I recommand you to register a domain from freenom and do not forget add a record which makes your domain to point to VPS public IP with default DNS server. Maybe you should wait for a minute until the address can ping.

Generate Certificate

By running curl https://get.acme.sh | sh, acme.sh will be installed into ~/.acme.sh.

$ curl  https://get.acme.sh | sh
% Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                               Dload  Upload   Total   Spent    Left  Speed
100   671  100   671    0     0    680      0 --:--:-- --:--:-- --:--:--   679
% Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                               Dload  Upload   Total   Spent    Left  Speed
100  112k  100  112k    0     0   690k      0 --:--:-- --:--:-- --:--:--  693k
[Fri 30 Dec 01:03:32 GMT 2016] Installing from online archive.
[Fri 30 Dec 01:03:32 GMT 2016] Downloading https://github.com/Neilpang/acme.sh/archive/master.tar.gz
[Fri 30 Dec 01:03:33 GMT 2016] Extracting master.tar.gz
[Fri 30 Dec 01:03:33 GMT 2016] Installing to /home/user/.acme.sh
[Fri 30 Dec 01:03:33 GMT 2016] Installed to /home/user/.acme.sh/acme.sh
[Fri 30 Dec 01:03:33 GMT 2016] Installing alias to '/home/user/.profile'
[Fri 30 Dec 01:03:33 GMT 2016] OK, Close and reopen your terminal to start using acme.sh
[Fri 30 Dec 01:03:33 GMT 2016] Installing cron job
no crontab for user
no crontab for user
[Fri 30 Dec 01:03:33 GMT 2016] Good, bash is found, so change the shebang to use bash as preferred.
[Fri 30 Dec 01:03:33 GMT 2016] OK
[Fri 30 Dec 01:03:33 GMT 2016] Install success!

Note that the following reminder: close and reopen your terminal. Of course, you can use source ~/.bashrc to read variable instead.

Generate certificate with acme.sh

The following command will listen on port 80, so make sure it is not occupied by other processes. And if sudo is not recommand by acme, you can choose use sudo su first and then use the following command without sudo.

$ sudo ~/.acme.sh/acme.sh --issue -d mydomain.me --standalone -k ec-256
[Fri Dec 30 08:59:12 HKT 2016] Standalone mode.
[Fri Dec 30 08:59:12 HKT 2016] Single domain='mydomain.me'
[Fri Dec 30 08:59:12 HKT 2016] Getting domain auth token for each domain
[Fri Dec 30 08:59:12 HKT 2016] Getting webroot for domain='mydomain.me'
[Fri Dec 30 08:59:12 HKT 2016] _w='no'
[Fri Dec 30 08:59:12 HKT 2016] Getting new-authz for domain='mydomain.me'
[Fri Dec 30 08:59:14 HKT 2016] The new-authz request is ok.
[Fri Dec 30 08:59:14 HKT 2016] mydomain.me is already verified, skip.
[Fri Dec 30 08:59:14 HKT 2016] mydomain.me is already verified, skip http-01.
[Fri Dec 30 08:59:14 HKT 2016] mydomain.me is already verified, skip http-01.
[Fri Dec 30 08:59:14 HKT 2016] Verify finished, start to sign.
[Fri Dec 30 08:59:16 HKT 2016] Cert success.
-----BEGIN CERTIFICATE-----
MIIEMTCCAxmgAwIBAgISA1+gJF5zwUDjNX/6Xzz5fo3lMA0GCSqGSIb3DQEBCwUA
MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD
ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzAeFw0xNjEyMjkyMzU5MDBaFw0x
NzAzMjkyMzU5MDBaMBcxFTATBgNVBAMTDHdlYWtzYW5kLmNvbTBZMBMGByqGSM49
****************************************************************
4p40tm0aMB837XQ9jeAXvXulhVH/7/wWZ8/vkUUvuHSCYHagENiq/3DYj4a85Iw9
+6u1r7atYHJ2VwqSamiyTGDQuhc5wdXIQxY/YQQqkAmn5tLsTZnnOavc4plANT40
zweiG8vcIvMVnnkM0TSz8G1yzv1nOkruN3ozQkLMu6YS7lk/ENBN7DBtYVSmJeU2
VAXE+zgRaP7JFOqK6DrOwhyE2LSgae83Wq/XgXxjfIo1Zmn2UmlE0sbdNKBasnf9
gPUI45eltrjcv8FCSTOUcT7PWCa3
-----END CERTIFICATE-----
[Fri Dec 30 08:59:16 HKT 2016] Your cert is in  /root/.acme.sh/mydomain.me_ecc/mydomain.me.cer
[Fri Dec 30 08:59:16 HKT 2016] Your cert key is in  /root/.acme.sh/mydomain.me_ecc/mydomain.me.key
[Fri Dec 30 08:59:16 HKT 2016] The intermediate CA cert is in  /root/.acme.sh/mydomain.me_ecc/ca.cer
[Fri Dec 30 08:59:16 HKT 2016] And the full chain certs is there:  /root/.acme.sh/mydomain.me_ecc/fullchain.cer

Renew Certificate

As the free Let’s Encrypt certificate expires every 90 days, at least one renewal is required per 90 days. By default, acme.sh will set up an auto renewal which runs every 60 days. You can also renew certificates manually. To manually renew an ECC certificate(I choose this not RSA), compared to RSA certificate run:

$ sudo ~/.acme.sh/acme.sh --renew -d mydomain.com --force --ecc

Install Certificate and Private Key

For ECC Certificate, place certificate and private key into /usr/local/etc/v2ray folder(You can define the path by yourself and remember change mydomain.me):

$ sudo ~/.acme.sh/acme.sh --installcert -d mydomain.me --fullchainpath /usr/local/etc/v2ray/v2ray.crt --keypath /usr/local/etc/v2ray/v2ray.key --ecc

Configure config.json file

Refer to github.
If you have installed v2ray, generate key, install certificate and configure config.json correctly. Use sudo systemctl enable/start v2ray to start v2ray. Use ps -e| grep v2ray to make sure its booting is OK.

1. If not, and error shows Failed to build TLS config. Maybe there are insufficient permissions when using certificates.

   /srv/http/ default permission is 755；
   /srv/http/example.com.pem default permission is 644。
   /srv/http/example.com.key default permission is 600；
   

   modify /srv/http/example.com.key to 644 with chmod 644 /srv/http/example.com.key.

2. If not, check the generated key and crt file have 777 permissions.

   sudo chmod 777 /usr/local/etc/v2ray/v2ray.key
   sudo chmod 777 /usr/local/etc/v2ray/v2ray.crt
   

创建机器映像的方式将一个GCP虚拟机迁移到另一个IP地址的虚拟机

有时候你的IP会被blocked，这时通过点击被blocked的虚拟机选项，选择新建机器映像，填写名称保存，这样就可以保存一个虚拟机所有内容；然后点击创建虚拟机实例，选择从机器映像中还原即可；在新建的虚拟机实例中，使用ssh登录，执行上面的Renew Certificate步骤，更新证书即可。最后记得删除机器映像，否则会被收费。

BBR

TCP BBR is defaulted supported by Linux since kernel version 4.9. Use uname -r to check your Linux kernel version.
It’s very easy to install Linux kernel 4.10 on Ubuntu 16.04. You don’t have to manually download the kernel from Ubuntu website. Simply install the Hardware Enablement Stack (HWE)(https://askubuntu.com/questions/248914/what-is-hardware-enablement-hwe)(which is comparable to General Availability kernel), which provides newer kernel for Ubuntu LTS releases.

sudo apt update
sudo apt install --install-recommends linux-generic-hwe-16.04

Then how to check the server tcp condition?
To check available congestion control algorithms, run the following command

sysctl net.ipv4.tcp_available_congestion_control

Output:

net.ipv4.tcp_available_congestion_control = cubic reno

To check the current congestion control algorithm in use, run

sysctl net.ipv4.tcp_congestion_control

Output:

net.ipv4.tcp_congestion_control = cubic

The point is how to turn on defaulted bbr algorithm on Linux whose kernel version is bigger then 4.9?
Add the following two line at the end of the file called /etc/sysctl.conf

net.core.default_qdisc=fq
net.ipv4.tcp_congestion_control=bbr

And then reload sysctl configurations wihe command sudo sysctl -p.
Now check the congestion control algorithm in use with sysctl net.ipv4.tcp_congestion_control. The output should be net.ipv4.tcp_congestion_control = bbr, which prove you have turned on bbr successfully.

Donation

If you think this useful for you, you can donate for me. Thank you for your support!

• ← Previous Post
• Next Post →