【www.bbyears.com--安装和部署】
镜像获取
[root@docker-node01 ~]# docker search shadowsocksr_manyuser
NAME DESCRIPTION STARS OFFICIAL AUTOMATED
benyoo/shadowsocksr_manyuser 基于ShadowSocksR版的manyuser封装 0
[root@docker-node01 ~]# docker run -d --name=ShadowSocks \
-p 10000-10010:10000-10010 \
-p 10000-10010:10000-10010/udp \
-e MANYUSER=R \
-e MYSQL_HOST=1.2.3.4 \
-e MYSQL_PORT=3306 \
-e MYSQL_USER=mysqlroot \
-e MYSQL_DBNAME=shadowsocks \
-e MYSQL_PASSWORD=********* \
-e METHOD=rc4-md5 \
-e PROTOCOL=auth_simple \
-e OBFS=http_simple_compatible \
-e OBFS_PARAM="youku.com" \
benyoo/shadowsocksr_manyuser:latest
67d941fa8c96bc44a5fd5e3e49776928d66e45c58705f056500dd9f88caf3931
[root@docker-node01 ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
67d941fa8c96 benyoo/shadowsocksr_manyuser:latest "/run.sh server.py" 7 seconds ago Up 4 seconds 0.0.0.0:10000-10010->10000-10010/tcp, 0.0.0.0:10000-10010->10000-10010/udp, 10011-20000/tcp ShadowSocks
镜像使用说明
MANYUSER
可用参数有:R|On
当参数是R的时候则使用ShadowSocksR模式的多用户版本,
否则用ShadowSocks原版的多用户模式。
MYSQL_HOST
当MANYUSER变量有参数时,才会启用。
数据库地址
MYSQL_PORT
当MANYUSER变量有参数时,才会启用。
数据库端口
MYSQL_USER
当MANYUSER变量有参数时,才会启用。
数据库用户名
MYSQL_DBNAME
当MANYUSER变量有参数时,才会启用。
数据库库名
MYSQL_PASSWORD
当MANYUSER变量有参数时,才会启用。
数据库密码
METHOD
aes-256-cfb
可用选项有:
aes-256-cfb|aes-192-cfb|aes-128-cfb|chacha20|salsa20|rc4-md5
PROTOCOL
origin
可用参数有:
origin|verify_simple|verify_deflate|auth_simple
OBFS
http_simple_compatible
可用参数有:
plain|http_simple|http_simple_compatible
|tls_simple|tls_simple_compatible|random_head
|random_head_compatible
OBFS_PARAM
DNS_IPV6
false
可用参数有:false|true
FROM centos:6.7 MAINTAINER from www.dwhd.org by lookback (mondeolove@gmail.com) RUN yum clean all && \\ rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-* && \\ yum install -y m2crypto python-setuptools git curl iptables-devel && \\ easy_install pip && pip install cymysql RUN git clone -b manyuser https://github.com/breakwa11/shadowsocks.git #RUN git clone -b manyuser https://github.com/mengskysama/shadowsocks.git ADD run.sh /run.sh RUN chmod +x /run.sh EXPOSE 10000-20000 ENTRYPOINT ["/run.sh"] CMD ["server.py"]
#!/bin/sh ######################################################################### # File Name: run.sh # Author: LookBack # Email: admin#dwhd.org # Version: # Created Time: 2015年11月18日 星期三 02时49分12秒 ######################################################################### PATH=/bin:/sbin:$PATH set -e if [ "${1:0:1}" = \"-\" ]; then set -- python "$@" fi if [ -n "$MANYUSER" ]; then if [ -z "$MYSQL_PASSWORD" ]; then echo >&2 \"error: missing MYSQL_PASSWORD\" echo >&2 \" Did you forget to add -e MYSQL_PASSWORD=... ?\" exit 1 fi if [ -z "$MYSQL_USER" ]; then echo >&2 \"error: missing MYSQL_USER\" echo >&2 \" Did you forget to add -e MYSQL_USER=... ?\" exit 1 fi if [ -z "$MYSQL_PORT" ]; then echo >&2 \"error: missing MYSQL_PORT\" echo >&2 \" Did you forget to add -e MYSQL_PORT=... ?\" exit 1 fi if [ -z "$MYSQL_HOST" ]; then echo >&2 \"error: missing MYSQL_HOST\" echo >&2 \" Did you forget to add -e MYSQL_HOST=... ?\" exit 1 fi if [ -z "$MYSQL_DBNAME" ]; then echo >&2 \"error: missing MYSQL_DBNAME\" echo >&2 \" Did you forget to add -e MYSQL_DBNAME=... ?\" exit 1 fi for i in $MYSQL_USER $MYSQL_PORT $MYSQL_HOST $MYSQL_DBNAME $MYSQL_PASSWORD; do if grep \"@\" <<<"$i" >/dev/null 2>&1; then echo >&2 "error: missing -e $i" echo >&2 " You can\"t special characters \"@\"" exit 1 fi done sed -ri "s@^(MYSQL_HOST = ).*@\\1\"$MYSQL_HOST\"@" /shadowsocks/Config.py sed -ri "s@^(MYSQL_PORT = ).*@\\1$MYSQL_PORT@" /shadowsocks/Config.py sed -ri "s@^(MYSQL_USER = ).*@\\1\"$MYSQL_USER\"@" /shadowsocks/Config.py sed -ri "s@^(MYSQL_PASS = ).*@\\1\"$MYSQL_PASSWORD\"@" /shadowsocks/Config.py sed -ri "s@^(MYSQL_DB = ).*@\\1\"$MYSQL_DBNAME\"@" /shadowsocks/Config.py else echo >&2 \"error: missing MANYUSER\" echo >&2 \" Did you forget to add -e MANYUSER=... ?\" exit 1 fi if [ "$MANYUSER" = "R" ]; then if [ -z "$PROTOCOL" ]; then echo >&2 \"error: missing PROTOCOL\" echo >&2 \" Did you forget to add -e PROTOCOL=... ?\" exit 1 elif [[ ! "$PROTOCOL" =~ ^(origin|verify_simple|verify_deflate|auth_simple)$ ]]; then echo >&2 \"error : missing PROTOCOL\" echo >&2 \" You must be used -e PROTOCOL=[origin|verify_simple|verify_deflate|auth_simple]\" exit 1 fi if [ -z "$OBFS" ]; then echo >&2 \"error: missing OBFS\" echo >&2 \" Did you forget to add -e OBFS=... ?\" exit 1 elif [[ ! "$OBFS" =~ ^(plain|http_simple|http_simple_compatible|tls_simple|tls_simple_compatible|random_head|random_head_compatible)$ ]]; then echo >&2 \"error: missing OBFS\" echo >&2 \" You must be used -e OBFS=[http_simple|plain|http_simple_compatible|tls_simple|tls_simple_compatible|random_head|random_head_compatible]\" exit 1 fi if [ -z "$OBFS_PARAM" ]; then echo >&2 \"error: missing OBFS_PARAM\" echo >&2 \" Did you forget to add -e OBFS_PARAM=... ?\" exit 1 fi if [ -n "$METHOD" ]; then if [[ ! "$METHOD" =~ ^(aes-(256|192|128)-cfb|(chacha|salsa)20|rc4-md5)$ ]]; then echo >&2 \"error: missing METHOD\" echo >&2 \" You must be used -e METHOD=[aes-256-cfb|aes-192-cfb|aes-128-cfb|chacha20|salsa20|rc4-md5]\" exit 1 else sed -ri "s@^(.*\\"method\\": ).*@\\1\\"$METHOD\\",@" /shadowsocks/config.json fi fi if [ -n "$DNS_IPV6" ]; then if [[ ! "$DNS_IPV6" =~ ^(false|true)$ ]]; then echo >&2 \"error: missing DNS_IPV6\" echo >&2 \" You must be used -e DNS_IPV6=[false|true]\" exit 1 else sed -ri "s@^(.*\\"dns_ipv6\\": ).*@\\1\\"$DNS_IPV6\\",@" /shadowsocks/config.json fi fi sed -ri "s@^(.*\\"protocol\\": ).*@\\1\\"$PROTOCOL\\",@" /shadowsocks/config.json sed -ri "s@^(.*\\"obfs\\": ).*@\\1\\"$OBFS\\",@" /shadowsocks/config.json sed -ri "s@^(.*\\"obfs_param\\": ).*@\\1\\"$OBFS_PARAM\\",@" /shadowsocks/config.json fi if [ -n "$SPAM" ]; then if [ "$SPAM" = "On" ]; then iptables -t mangle -A OUTPUT -m string --string "Subject" --algo bm --to 65535 -j DROP iptables -t mangle -A OUTPUT -m string --string "HELO" --algo bm --to 65535 -j DROP iptables -t mangle -A OUTPUT -m string --string "SMTP" --algo bm --to 65535 -j DROP iptables -t mangle -A OUTPUT -m string --string "torrent" --algo bm --to 65535 -j DROP iptables -t mangle -A OUTPUT -m string --string ".torrent" --algo bm --to 65535 -j DROP iptables -t mangle -A OUTPUT -m string --string "peer_id=" --algo bm --to 65535 -j DROP iptables -t mangle -A OUTPUT -m string --string "announce" --algo bm --to 65535 -j DROP iptables -t mangle -A OUTPUT -m string --string "info_hash" --algo bm --to 65535 -j DROP iptables -t mangle -A OUTPUT -m string --string "get_peers" --algo bm --to 65535 -j DROP iptables -t mangle -A OUTPUT -m string --string "find_node" --algo bm --to 65535 -j DROP iptables -t mangle -A OUTPUT -m string --string "BitTorrent" --algo bm --to 65535 -j DROP iptables -t mangle -A OUTPUT -m string --string "announce_peer" --algo bm --to 65535 -j DROP iptables -t mangle -A OUTPUT -m string --string "BitTorrent" --algo bm --to 65535 -j DROP iptables -t mangle -A OUTPUT -m string --string "protocol" --algo bm --to 65535 -j DROP iptables -t mangle -A OUTPUT -m string --string "announce.php?passkey=" --algo bm --to 65535 -j DROP iptables -t filter -A OUTPUT -p tcp -m multiport --dports 25,26,465 -m state --state NEW,ESTABLISHED -j REJECT --reject-with icmp-port-unreachable iptables -t filter -A OUTPUT -p tcp -m multiport --dports 109,110,995 -m state --state NEW,ESTABLISHED -j REJECT --reject-with icmp-port-unreachable iptables -t filter -A OUTPUT -p tcp -m multiport --dports 143,218,220,993 -m state --state NEW,ESTABLISHED -j REJECT --reject-with icmp-port-unreachable iptables -t filter -A OUTPUT -p tcp -m multiport --dports 24,50,57,105,106,158,209,587,1109,24554,60177,60179 -m state --state NEW,ESTABLISHED -j REJECT --reject-with icmp-port-unreachable iptables -t mangle -L -nvx --lin iptables -t filter -L -nvx --lin fi else echo >&2 \"error: missing SPAM\" echo >&2 \" You must be used -e SPAM=[On|Off]\" fi exec python /shadowsocks/server.py