diff --git a/README.md b/README.md index 8f56c04..4bfacc9 100644 --- a/README.md +++ b/README.md @@ -1,3 +1,20 @@ +## 更新和优化(相对于崔大神原脚本) +1. 增加邮件提醒 +2. 修正拨号间隔错误,原脚本的小bug,拨号间隔会是settings中的两倍 +3. 增加拨号统计:每次拨出的IP放入redis,每拨一次value +1,如果是2会重新拨号,防止重复IP出现.如果需要可以重置下这个频次的值,参考proxy_reset.py.这个考虑到平台对IP的封禁并非长期,通常24小时后能解封 +4. 增加拨号日志可视化监控,在本地运行proxy_stats.py读取远程拨号服务器日志并可视化展示拨号状态,比如这里的adsl1_proxy_quality_monitor.jpg +![image](https://raw.githubusercontent.com/chenxuzhen/AdslProxy/master/adsl1_proxy_quality_monitor.jpg) +5. 连续三次拨号无效IP系统会重启,因为这时候服务器已经不能继续拨号了 +6. 从redis删除IP失败系统会重启,这个时候一般都是无法拨号了 +7. 更新proxy检测方式为ping,拨号一次只需要6-7秒(当然和代理商有关系).这个针对单地区adsl vps特别有效,因为单地区拨号服务器带宽都没问题,拨出的IP都很稳定,只要能ping通都是高速可用的.个人建议 +抛弃混拨服务器,带宽低而且拨号慢,不如多个地区的组合.本人测试过三家的拨号服务器,如有需要可提供免费建议. +8. service.sh放到/etc/init.d目录下, /bin/bash /etc/init.d/service.sh放在/etc/rc.local最后,系统重启后会自动运行拨号脚本. +9. 增加了拨号服务器一键部署,用squid作代理服务器,中间只需要输入一次密码,参考vpsadsl.sh,用户名默认czhen可以自己修改.另外,如果没有需要,hash掉那段关于修改sshd端口的脚本 +10. 基于以上更新,脚本可以长期运行 + +Field Value +czhen:proxy_password@125.121.137.70:3389 1 + ## 拨号主机设置 首先配置好代理,如使用 Squid,运行在 3128 端口,并设置好用户名和密码。 diff --git a/adsl1_proxy_quality_monitor.jpg b/adsl1_proxy_quality_monitor.jpg new file mode 100644 index 0000000..247f9ea Binary files /dev/null and b/adsl1_proxy_quality_monitor.jpg differ diff --git a/adslproxy/db.py b/adslproxy/db.py index 54fe996..c97aba5 100644 --- a/adslproxy/db.py +++ b/adslproxy/db.py @@ -1,8 +1,9 @@ # coding=utf-8 +# 放入Redis之前加了一个时间戳,方便判断IP存活时间 import redis import random from adslproxy.settings import * - +import time class RedisClient(object): def __init__(self, host=REDIS_HOST, port=REDIS_PORT, password=REDIS_PASSWORD, redis_key=REDIS_KEY): @@ -23,7 +24,7 @@ def set(self, name, proxy): :param proxy: 代理 :return: 设置结果 """ - return self.db.hset(self.redis_key, name, proxy) + return self.db.hset(self.redis_key, name, proxy + '_' + str(int(time.time()))) def get(self, name): """ diff --git a/adslproxy/sender/sender.py b/adslproxy/sender/sender.py index afa944a..4ad4447 100644 --- a/adslproxy/sender/sender.py +++ b/adslproxy/sender/sender.py @@ -1,14 +1,26 @@ # coding=utf-8 +# 采用了新的proxy验证方式,ping一次速度更快 +# 修正了原来版本的几个小bug,比如拨号间隔原来实际上是设定值的两倍,如果proxy无效等待时间太长(改成6秒或者其他最低拨号间隔即可) +# IP与上次的相同会自动会重新拨号 +# 连续三次拨号失败自动重启(ADSL VPS这种情况下基本上等于无法继续拨号了) +# 增加邮件提醒 +# 每次拨出的IP存入redis,方便统计和去重.IP出现2次以上会重新拨号 +# 从redis移除移除IP失败立即重启,这个情况下VPS通常已经无法拨号了 + import re import time import requests from requests.exceptions import ConnectionError, ReadTimeout from adslproxy.db import RedisClient from adslproxy.settings import * +from adslproxy.sendemail import EmailClient import platform from loguru import logger from retrying import retry, RetryError import redis +import datetime +import os +import random if platform.python_version().startswith('2.'): import commands as subprocess @@ -22,7 +34,8 @@ class Sender(object): """ 拨号并发送到 Redis """ - + ip_pre = '' + invalid_ip_list = [] def extract_ip(self): """ 获取本机IP @@ -42,15 +55,23 @@ def test_proxy(self, proxy): 测试代理,返回测试结果 :param proxy: 代理 :return: 测试结果 + :ping一次测试速度更快,只需要几十毫秒 """ - try: - response = requests.get(TEST_URL, proxies={ - 'http': 'http://' + proxy, - 'https': 'https://' + proxy - }, timeout=TEST_TIMEOUT) - if response.status_code == 200: - return True - except (ConnectionError, ReadTimeout): + # try: + # response = requests.get(TEST_URL, proxies={ + # 'http': 'http://' + proxy, + # 'https': 'https://' + proxy + # }, timeout=TEST_TIMEOUT) + # if response.status_code == 200: + # logger.info(f'proxy: {proxy}') + # return True + #except (ConnectionError, ReadTimeout): + # return False + con = os.system('ping -c 1 www.baidu.com') + print(con) + if con==0: + return True + else: return False @retry(retry_on_result=lambda x: x is not True, stop_max_attempt_number=10) @@ -58,6 +79,7 @@ def remove_proxy(self): """ 移除代理 :return: None + 通常情况下,连续拨号失败几次就需要重启机器了,这时候VPS已经无法成功拨号连接互联网了 """ logger.info(f'Removing {CLIENT_NAME}...') try: @@ -70,7 +92,8 @@ def remove_proxy(self): return True except redis.ConnectionError: logger.info(f'Remove {CLIENT_NAME} failed') - + logger.error('删除IP失败!从代理池删除IP并重启系统.......') + os.system('/usr/sbin/shutdown -r now') def set_proxy(self, proxy): """ 设置代理 @@ -78,8 +101,26 @@ def set_proxy(self, proxy): :return: None """ self.redis = RedisClient() - if self.redis.set(CLIENT_NAME, proxy): - logger.info(f'Successfully set proxy {proxy}') + self.db = RedisClient().db + # 哈希表来统计拨号VPS的IP + if not self.db.hexists('dialed_IPs', proxy): + self.db.hset('dialed_IPs', proxy, 1) + # 往IP池里插入数据 + if self.redis.set(CLIENT_NAME, proxy): + logger.info(f'Successfully set proxy {proxy}') + return True + else: + num = int(self.db.hget('dialed_IPs', proxy)) + logger.info(f'{proxy} in proxy pools {num} times already') + if num <2: + self.db.hset('dialed_IPs', proxy, num+1) + # 往IP池里插入数据 + if self.redis.set(CLIENT_NAME, proxy): + logger.info(f'Successfully set proxy {proxy}') + return True + else: + + return False def loop(self): """ @@ -88,23 +129,44 @@ def loop(self): """ while True: logger.info('Starting dial...') - self.run() - time.sleep(DIAL_CYCLE) + now = datetime.datetime.now() + if now.minute%5==0 and now.second==0: + logger.info('dial time: %s', now.strftime('%Y-%m-%d %H:%M:%S')) + + new_ip = self.run() + if new_ip != self.ip_pre: + + self.ip_pre = new_ip + else: + logger.info('IP和上次相同,等待重播......') + self.run() def run(self): """ 拨号主进程 :return: None """ + #time.sleep(10) #给正在运行的作业留出时间结束 logger.info('Dial started, remove proxy') try: self.remove_proxy() except RetryError: logger.error('Retried for max times, continue') - # 拨号 - (status, output) = subprocess.getstatusoutput(DIAL_BASH) + self.emailclient = EmailClient() + self.emailclient.notification(f'failed too many times {datetime.datetime.now().strftime("%m-%d-%H-%M")}', f'Warning{random.randint(1000,299999)}: 22457 retry error {datetime.datetime.now().strftime("%m-%d-%H-%M")}') + + for i in range(3): + # 拨号 + (status, output) = subprocess.getstatusoutput('adsl-stop;adsl-start') + if not status == 0: + logger.error('Dial failed') + time.sleep(20) + else: + break if not status == 0: - logger.error('Dial failed') + print('连续三次拨号失败,系统重启......') + os.system('sudo reboot') + # 获取拨号 IP ip = self.extract_ip() if ip: @@ -115,24 +177,56 @@ def run(self): ip=ip, port=PROXY_PORT) else: proxy = '{ip}:{port}'.format(ip=ip, port=PROXY_PORT) - time.sleep(10) + # time.sleep(1) if self.test_proxy(proxy): logger.info(f'Valid proxy {proxy}') + self.ip_validity_statistics('valid') # 将代理放入数据库 - self.set_proxy(proxy) - time.sleep(DIAL_CYCLE) + if self.set_proxy(proxy): + time.sleep(DIAL_CYCLE) else: logger.error(f'Proxy invalid {proxy}') + # 连续三次拨号无效 + self.ip_validity_statistics('invalid') + if len(self.invalid_ip_list) > 0: + if self.invalid_ip_list.count('invalid') == 3: + logger.error('连续三次拨号失败!从代理池删除IP并重启系统.......') + self.remove_proxy() + os.system('/usr/sbin/shutdown -r now') + time.sleep(DIAL_ERROR_CYCLE) else: # 获取 IP 失败,重新拨号 logger.error('Get IP failed, re-dialing') + ip = '' + time.sleep(DIAL_ERROR_CYCLE) self.run() - - + return ip + def ip_validity_statistics(self, ele): + if len(self.invalid_ip_list) < 3: + self.invalid_ip_list.append(ele) + else: + self.invalid_ip_list.pop(0) + self.invalid_ip_list.append(ele) + def send(loop=True): sender = Sender() sender.loop() if loop else sender.run() if __name__ == '__main__': - send() + try: + emailclient = EmailClient() + emailclient.notification(f'{datetime.datetime.now().strftime("%m-%d-%H:%M")} {random.randint(300, 9999)} proxy restarted', f'{datetime.datetime.now().strftime("%m-%d-%H:%M")} 22457 proxyserver is back {random.randint(300, 9999)}') + print('email test success') + except Exception as e: + print(e) + while True: + con = os.system('ping -c 1 www.baidu.com') + print(con) + if con==0: + time.sleep(6) + send() + break + else: + time.sleep(1) + diff --git a/adslproxy/sendmail.py b/adslproxy/sendmail.py new file mode 100644 index 0000000..51ab403 --- /dev/null +++ b/adslproxy/sendmail.py @@ -0,0 +1,43 @@ + +# -*- coding: utf-8 -*- +import time +# from playsound import playsound +from datetime import datetime +import smtplib +from email.mime.text import MIMEText +from email.header import Header + +class EmailClient(object): + def __init__(self): + """ + 初始化邮件列表 + + """ + self.to_list = [SENDER_EMAIL, RECEIVER_EMAIL] + def notification(self, body, subj): + sender = SENDER_EMAIL # 邮件发送人 + receiver = RECEIVER_EMAIL # 邮件收件人 + subject = 'adslproxy notification: ' + subj + ' ' + str(datetime.today())[:16] # 主题 + smtpserver = 'smtp.163.com' # 网易的STMP地址 默认端口号为25 + username = EMAIL # 发送邮件的人 + password = PASS # 你所设置的密码.网易在开通SMTP服务后会有个密码设置 + + # 中文需参数‘utf-8',单字节字符不需要 + msg = MIMEText(body, 'plain', 'utf-8') + msg['Subject'] = Header(subject, 'utf-8') # 头部信息:标题 + msg['From'] = 'user' # 头部信息:名称<发件人的地址> + msg['To'] = ",".join(self.to_list) # 头部信息:收件人地址 + m = 0 + while m < 3: + try: + smtp = smtplib.SMTP_SSL('smtp.163.com', 465) + smtp.login(username, password) + smtp.sendmail(sender, receiver, msg.as_string()) + smtp.quit() + print('success') + m += 1 + break + except smtplib.SMTPException as e: + print('Error: ', e) + m += 1 + time.sleep(25) diff --git a/hosts b/hosts new file mode 100644 index 0000000..54f60d9 --- /dev/null +++ b/hosts @@ -0,0 +1,24 @@ +127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 +::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 + +# GitHub Start +140.82.113.4 github.com +140.82.113.4 gist.github.com +140.82.114.5 api.github.com +185.199.111.153 assets-cdn.github.com +199.232.96.133 raw.githubusercontent.com +199.232.96.133 raw.github.com +199.232.96.133 gist.githubusercontent.com +199.232.96.133 cloud.githubusercontent.com +199.232.96.133 camo.githubusercontent.com +199.232.96.133 avatars0.githubusercontent.com +199.232.96.133 avatars1.githubusercontent.com +199.232.96.133 avatars2.githubusercontent.com +199.232.96.133 avatars3.githubusercontent.com +199.232.96.133 avatars4.githubusercontent.com +199.232.96.133 avatars5.githubusercontent.com +199.232.96.133 avatars6.githubusercontent.com +199.232.96.133 avatars7.githubusercontent.com +199.232.96.133 avatars8.githubusercontent.com +# GitHub End + diff --git a/proxy_reset.py b/proxy_reset.py new file mode 100644 index 0000000..39cd62a --- /dev/null +++ b/proxy_reset.py @@ -0,0 +1,15 @@ +# coding=utf-8 +# 因为网站封禁IP并非长期,24小时后可以运行该脚本减小拨号出现次数的值,提高IP利用率 +import redis +import random +import time +import redis +import re + +client = redis.Redis(host=REDIS_HOST, port=7379, db=0, password=REDIS_PASSORD) +client.hvals('dialed_IPs') +client.hkeys('dialed_IPs') +for i in client.hkeys('dialed_IPs'): + num = int(client.hget('dialed_IPs', i)) + if num >=1: + client.hset('dialed_IPs', i, num-1) diff --git a/proxy_stats.py b/proxy_stats.py new file mode 100644 index 0000000..799f65e --- /dev/null +++ b/proxy_stats.py @@ -0,0 +1,118 @@ +%matplotlib qt +import os +import re +import pymysql +import seaborn as sns +import matplotlib.pyplot as plt +import pandas as pd +import paramiko +import time +import numpy as np + +# %matplotlib notebook + +# log_file = r'E:\splash\AdslProxy\proxy_reboot.log' +log_file = '/root/proxy_reboot.log' +class PROXY_MON(object): + def __init__(self, hostname, port, username, password, adsl_num): + #服务器信息,主机名(IP地址)、端口号、用户名及密码 + self.adsl=adsl_num + client = paramiko.SSHClient() + client.set_missing_host_key_policy(paramiko.AutoAddPolicy()) + client.connect(hostname, port, username, password, compress=True, timeout=10) + self.sftp_client = client.open_sftp() + def log_check(self): + try: + with self.sftp_client.open(log_file, 'r') as file: + contents = file.read().decode() + print(contents[-200:]) + dial_times = re.findall('Dial started', contents) + print(f'total IPs dialed: {len(dial_times)}') + repeat_ips = re.findall('2 times', contents) + print(f'num of repeat IPs: {len(repeat_ips)}') + success_ips = re.findall('Successfully set', contents) + print(f'num of successful IPs set to redis: {len(success_ips)}') + dial_failed = re.findall('Get IP failed', contents) + print(f'num of failed dialing: {len(dial_failed)}') + valid_ip = re.findall('Valid proxy', contents) + print(f'num of Valid proxy IPs: {len(valid_ip)}') + invalid_ip = re.findall('Proxy invalid', contents) + print(f'num of invalid proxy IPs: {len(invalid_ip)}') + consec_ip_repeat = re.findall('IP和上次相同', contents) + print(f'num of consecutive repeat IP dialed: {len(consec_ip_repeat)}') + reboot_ip_del_failure = re.findall('删除IP失败!从代理池删除IP并重启系统', contents) + print(f'num of reboot due to deleltion failure from redis: {len(reboot_ip_del_failure)}') + reboot_ip_3dial_failure = re.findall('连续三次拨号失败!从代理池删除IP并重启系统', contents) + print(f'num of reboot due to 3 consecutive dial failures: {len(reboot_ip_3dial_failure)}') + except Exception as e: + print(e) + finally: + file.close() + + proxy_stats = [len(dial_times), len(repeat_ips), len(success_ips), len(dial_failed), len(valid_ip), len(invalid_ip), len(consec_ip_repeat), len(reboot_ip_del_failure), len(reboot_ip_3dial_failure)] + column_names = ['dial_times', 'repeat_ips', 'success_ips', 'dial_failed', 'valid_ip', 'invalid_ip', 'consec_ip_repeat', 'reboot_ip_del_failure', 'reboot_ip_3dial_failure'] + data_list = [proxy_stats, column_names] + df = pd.DataFrame (data_list).transpose() + df.columns = ['proxy_stats', 'stats_names'] + df + proxy_stats2 = [('server', self.adsl), ('dial_times',len(dial_times)), ('repeat_ips',len(repeat_ips)), + ('success_ips',len(success_ips)), ('dial_failed',len(dial_failed)), ('valid_ip',len(valid_ip)), + ('invalid_ip',len(invalid_ip)), ('consec_ip_repeat',len(consec_ip_repeat)), + ('reboot_ip_del_failure',len(reboot_ip_del_failure)), ('reboot_ip_3dial_failure',len(reboot_ip_3dial_failure)), ('reg_date','2020')] + proxy_stats3 = list(tuple((self.adsl,len(dial_times), len(repeat_ips), len(success_ips), len(dial_failed), len(valid_ip), len(invalid_ip), len(consec_ip_repeat), len(reboot_ip_del_failure), len(reboot_ip_3dial_failure), '2020'))) + + proxy_stats = [self.adsl, len(dial_times), len(repeat_ips), len(success_ips), len(dial_failed), len(valid_ip), len(invalid_ip), len(consec_ip_repeat), len(reboot_ip_del_failure), len(reboot_ip_3dial_failure)] + + # 日志数据总结写入mysql,可以在本地或者远程服务器运行 + db_conn=pymysql.connect(host='IP',port=3306,user='root',passwd='MYSQL_PASSWD',db='proxy',charset='utf8mb4') + cur = db_conn.cursor() + insert_sql="""INSERT IGNORE INTO stats(server, dial_times, repeat_ips, success_ips, dial_failed, valid_ip, invalid_ip,\ + consec_ip_repeat, reboot_ip_del_failure, reboot_ip_3dial_failure) \ + VALUES (%s,%s,%s,%s,%s,%s,%s,%s,%s,%s) AS new \ + ON DUPLICATE KEY UPDATE \ + dial_times=new.dial_times, repeat_ips=new.repeat_ips, success_ips=new.success_ips,\ + dial_failed=new.dial_failed, valid_ip=new.valid_ip, invalid_ip=new.invalid_ip,\ + consec_ip_repeat=new.consec_ip_repeat, reboot_ip_del_failure=new.reboot_ip_del_failure,\ + reboot_ip_3dial_failure=new.reboot_ip_3dial_failure""" + cur.executemany(insert_sql, [proxy_stats]) + db_conn.commit() +# figure = plt.figure(self.adsl, figsize=(16, 8)) + figure, ax = plt.subplots(1, 1, figsize=(16, 8)) + plt.ion() + sns.barplot(x = 'stats_names', + y = 'proxy_stats', + data = df).set_title(self.adsl + '_proxy_quality_monitor') + + plt.xticks(rotation=30) + plt.tight_layout() + self.show_values_on_bars(ax) + # Show the plot + figure.show() + plt.pause(10) + figure.savefig('E:/splash/AdslProxy/' + self.adsl + '_proxy_quality_monitor' + '.jpg') + figure.clf() + plt.close() + def show_values_on_bars(self, axs): + def _show_on_single_plot(ax): + for p in ax.patches: + _x = p.get_x() + p.get_width() / 2 + _y = p.get_y() + p.get_height() + value = '{:.0f}'.format(p.get_height()) + ax.text(_x, _y, value, ha="center") + + if isinstance(axs, np.ndarray): + for idx, ax in np.ndenumerate(axs): + _show_on_single_plot(ax) + else: + _show_on_single_plot(axs) + + +if __name__ == "__main__": + # 这里是需要监控的拨号服务器ip, port, user, password, adsl_name(给每个服务器取得名字) + servers = [('192.168.1.1', 22222, 'root', '88888', 'adsl1'), + ('192.168.1.2', 22222, 'root', '88888', 'adsl2'), + ] +# while True: + for server in servers: + proxy_monitor = PROXY_MON(*server) + proxy_monitor.log_check() diff --git a/service.sh b/service.sh new file mode 100644 index 0000000..a258f64 --- /dev/null +++ b/service.sh @@ -0,0 +1,11 @@ + +# coding=utf-8 +#!/bin/bash +# service.sh文件放在/etc/init.d目录下并且在/etc/rc.local最后添加bash /etc/init.d/service.sh,系统重启后会自动运行拨号脚本. +while ! ping -c1 www.baidu.com &>/dev/null + do echo "Ping Fail - `date`" + sleep 6 + adsl-start +done +export PATH="$PATH:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/root/bin" +nohup /usr/bin/python3 /root/AdslProxy/adslproxy/sender/sender.py >> /root/proxy_reboot.log 2>&1 & diff --git a/setup.cfg b/setup.cfg new file mode 100644 index 0000000..e93c707 --- /dev/null +++ b/setup.cfg @@ -0,0 +1,5 @@ + +[easy_install] + +index_url = http://mirrors.aliyun.com/pypi/simple/ + diff --git a/vpsadsl.sh b/vpsadsl.sh new file mode 100644 index 0000000..6e7fcda --- /dev/null +++ b/vpsadsl.sh @@ -0,0 +1,191 @@ + +#/usr/bin/bash +sed -i "s/Port 3389/#Port 3389/" /etc/ssh/sshd_config +service sshd restart + +# 时间同步很重要,不然没法判断代理IP存活时间 +cd /etc/yum.repos.d/ + +mv /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo.backup +mv /etc/yum.repos.d/epel.repo /etc/yum.repos.d/epel.repo.backup +# wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo +curl -o /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-7.repo +curl -O http://mirrors.aliyun.com/repo/epel-7.repo +sed -i -e '/mirrors.cloud.aliyuncs.com/d' -e '/mirrors.aliyuncs.com/d' /etc/yum.repos.d/CentOS-Base.repo + +yum clean all +yum makecache +cd ~/ +yum install -y ntpdate +yum -y install wget +cp /usr/share/zoneinfo/Asia/Shanghai /etc/localtime +yes | cp -f /usr/share/zoneinfo/Asia/Shanghai /etc/localtime +ntpdate cn.pool.ntp.org +crontab -l >/tmp/crontab.bak +echo "*/10 * * * * /usr/sbin/ntpdate cn.pool.ntp.org | logger -t NTP" >> /tmp/crontab.bak +crontab /tmp/crontab.bak + +yum update -y +yum install epel-release -y +yum install --enablerepo="epel" ufw -y +yum install python3 -y + +# 配置pip国内源 +mkdir ~/.pip && cd .pip && touch pip.conf +echo " +[global] +index-url = https://mirrors.aliyun.com/pypi/simple +" > ~/.pip/pip.conf +cd ~/ + +# 安装denyhosts +wget http://soft.vpser.net/lnmp/lnmp1.4beta.tar.gz && tar zxf lnmp1.4beta.tar.gz && cd lnmp1.4/tools/ && bash denyhosts.sh + +# 安装squid +yum install squid httpd -y +echo " +# +# Recommended minimum configuration: +# + +# Example rule allowing access from your local networks. +# Adapt to list your (internal) IP networks from where browsing +# should be allowed +acl localnet src 10.0.0.0/8 # RFC1918 possible internal network +acl localnet src 172.16.0.0/12 # RFC1918 possible internal network +acl localnet src 192.168.0.0/16 # RFC1918 possible internal network +acl localnet src fc00::/7 # RFC 4193 local private network range +acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines + +acl SSL_ports port 443 +acl Safe_ports port 80 # http +acl Safe_ports port 21 # ftp +acl Safe_ports port 443 # https +acl Safe_ports port 70 # gopher +acl Safe_ports port 210 # wais +acl Safe_ports port 1025-65535 # unregistered ports +acl Safe_ports port 280 # http-mgmt +acl Safe_ports port 488 # gss-http +acl Safe_ports port 591 # filemaker +acl Safe_ports port 777 # multiling http +acl CONNECT method CONNECT + +# +# Recommended minimum Access Permission configuration: +# +# Deny requests to certain unsafe ports +http_access allow !Safe_ports + +# Deny CONNECT to other than secure SSL ports +http_access allow CONNECT !SSL_ports + +# Only allow cachemgr access from localhost +http_access allow localhost manager +http_access deny manager + +# We strongly recommend the following be uncommented to protect innocent +# web applications running on the proxy server who think the only +# one who can access services on "localhost" is a local user +#http_access deny to_localhost + +# +# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS +# + +# Example rule allowing access from your local networks. +# Adapt localnet in the ACL section to list your (internal) IP networks +# from where browsing should be allowed +http_access allow localnet +http_access allow localhost + +# And finally deny all other access to this proxy +# http_access allow all +auth_param basic program /usr/lib64/squid/basic_ncsa_auth /etc/squid/passwd +auth_param basic children 5 +auth_param basic realm czhen's squid server +auth_param basic credentialsttl 2 hours +acl czhen proxy_auth REQUIRED +http_access allow czhen +#http_access deny all + +# Squid normally listens to port 3128 +http_port 3389 + +# Uncomment and adjust the following to add a disk cache directory. +#cache_dir ufs /var/spool/squid 100 16 256 + +# Leave coredumps in the first cache dir +coredump_dir /var/spool/squid + +# +# Add any of your own refresh_pattern entries above these. +# +refresh_pattern ^ftp: 1440 20% 10080 +refresh_pattern ^gopher: 1440 0% 1440 +refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 +refresh_pattern . 0 20% 4320 + +#include /etc/squid/peers.conf + +# 配置高匿,不允许设置任何多余头信息,保持原请求header,可在最后加上此两句 +request_header_access Via deny all +request_header_access X-Forwarded-For deny all +" > /etc/squid/squid.conf +sudo systemctl enable squid +service squid start + +# 配置ufw +# yes | ufw enable +# ufw default allow outgoing +# ufw default deny incoming +# ufw allow http +# ufw allow 22 +# ufw allow 5900 +# ufw allow 3389 +# ufw allow from +# ufw status + +# 配置github访问 +# set up hosts for github visit. GFW blocked the parsing of these DNS +echo " +# GitHub Start +140.82.113.4 github.com +140.82.113.4 gist.github.com +140.82.114.5 api.github.com +185.199.111.153 assets-cdn.github.com +199.232.96.133 raw.githubusercontent.com +199.232.96.133 gist.githubusercontent.com +199.232.96.133 cloud.githubusercontent.com +199.232.96.133 camo.githubusercontent.com +199.232.96.133 avatars0.githubusercontent.com +199.232.96.133 avatars1.githubusercontent.com +199.232.96.133 avatars2.githubusercontent.com +199.232.96.133 avatars3.githubusercontent.com +199.232.96.133 avatars4.githubusercontent.com +199.232.96.133 avatars5.githubusercontent.com +199.232.96.133 avatars6.githubusercontent.com +199.232.96.133 avatars7.githubusercontent.com +199.232.96.133 avatars8.githubusercontent.com +# GitHub End +" >> /etc/hosts +cd /root/AdslProxy/ +read -p "Enter adsl client name. eg. adsl1 or adsl2: " adsl +sudo sed -i "s/adsl1/"$adsl"/" /root/AdslProxy/adslproxy/settings.py +sudo sed -i "s/22457/"$adsl"/" /root/AdslProxy/adslproxy/sender/sender.py +yes | python3 /root/AdslProxy/setup.py install +echo 'copy service.sh to /etc/init.d' +cp /root/AdslProxy/service.sh /etc/init.d/ && chmod 777 /etc/init.d/service.sh +echo 'bash /etc/init.d/service.sh' >> /etc/rc.local +sudo service firewalld start +sudo firewall-cmd --permanent --add-port=3128/tcp +firewall-cmd --zone=public --add-port=22/tcp --permanent +firewall-cmd --zone=public --add-port=30050/tcp --permanent + +firewall-cmd --reload +sudo service firewalld restart +sudo service squid restart +sudo systemctl enable firewalld +echo 'you need to RUN htpasswd -c /etc/squid/passwd czhen to set passwd for squid' +echo 'check if squid proxy works and start adslproxy send.' +htpasswd -c /etc/squid/passwd czhen +echo 'double check adslproxy settings.py. make sure adsl client name is setup as expected'