A cikin wannan labarin za mu nuna saitin wakili na 3 akan sabar da aka keɓe ta hanyar ArchLinux/CentOS tsarin aiki. 3proxy yana ɗaya daga cikin mafi dacewa kuma kayan aikin aiki. Yana goyan bayan nau'ikan ladabi daban-daban: HTTP, HTTPS, FTP, SOCKS, da sauransu. Zai taimake ka ka saita sabar wakili naka a cikin minti kaɗan.
Labarin ya ƙunshi jagorar mataki-mataki akan shigarwar kayan aiki da ƙarin daidaitawa. Batutuwa kamar shigarwa daga tushen hukuma, saita fayilolin daidaitawa, buɗe tashoshin jiragen ruwa marasa daidaituwa ana la'akari da su, da kuma an bayyana kurakuran gama gari kuma ana ba da shawarwari masu amfani don warware su. Kafin kaddamar da, dole ne ka yi oda a VPS or sadarwar sadarwar An ƙarfafa ta ta hanyar CentOS ko ArchLinux tsarin aiki. Duk ayyukan da ke cikin misalin za a yi su a kan keɓaɓɓen uwar garken da tsarin aiki na CentOS7 ke ƙarfafa tare da keɓaɓɓen adireshin IP na jama'a guda ɗaya.
Installation
mataki 1
An shigar da 3proxy kai tsaye daga tushe. gcc za a yi amfani da shi azaman mai tarawa. Muna haɗi zuwa uwar garken azaman tushen (superuser) kuma muna shigar da mai tarawa.
yum install gccmataki 2
Yanzu ya zama dole don sauke fayilolin tushen 3proxy. Kuna iya yin hakan ta hanyar zuwa shafin official website da kwafi hanyar haɗin zuwa sigar yanzu:
Idan ana buƙatar sigar da aka adana, zaku iya zazzage hanyar haɗin kai tsaye daga GitHub:
A lokacin rubuta wannan labarin, sigar yanzu shine 0.9.3. Zazzage shi kuma nan da nan zazzage shi:
wget https://github.com/z3APA3A/3proxy/archive/0.9.3.tar.gz
tar -xvzf 0.9.3.tar.gzmataki 3
Je zuwa kundin adireshi tare da aikin da ba a shirya ba kuma a haɗa:
cd 3proxy-0.9.3/
make -f Makefile.Linux
mataki 4
Mun ƙirƙira kundayen adireshi kuma muna kwafi fayil ɗin wakili na 3 zuwa /usr/bin:
mkdir -p /var/log/3proxy
mkdir /etc/3proxy
cp bin/3proxy /usr/bin/
mataki 5
Mun ƙirƙiri mai amfani don yin aiki tare da kasida. A wannan yanayin sunan mai amfani shine 3 proxyuser:
useradd -s /usr/sbin/nologin -U -M -r 3proxyuserMuna ba da haƙƙin yin aiki tare da kundayen adireshi ga mai amfani da aka ƙirƙira:
chown -R 3proxyuser:3proxyuser /etc/3proxy
chown -R 3proxyuser:3proxyuser /var/log/3proxy
chown -R 3proxyuser:3proxyuser /usr/bin/3proxy
Yanzu bari mu ƙirƙiri fayil ɗin sanyi ta amfani da umarnin:
touch /etc/3proxy/3proxy.cfgIdan ya cancanta, zaku iya saita izini akan fayil ɗin sanyi don tushen mai amfani. Wannan matakin bai zama wajibi ba. amma zai ƙara kariya:
chmod 600 /etc/3proxy/3proxy.cfgTsarin wakili na 3
mataki 6
Wajibi ne don cika daidaitaccen fayil ɗin sanyi wanda aka ƙirƙira a baya. Da farko, gano uid da gid na mai amfani ta hanyar umarni:
id 3proxyuserA cikin yanayinmu waɗannan sune dabi'u masu zuwa:
Don cike fayil ɗin daidaitawa, kuna iya ɗaukar shirye-shiryen da aka ƙera ko amfani da takardun a kan official website. Hakanan an riga an riga an shigar da fayil tare da misali ta tsohuwa; za ku iya samun ta ta hanyar: /cfg/3proxy.cfg.sample
A matsayin misali, zamu yi la'akari da nau'ikan sanyi guda 2: tare da ba tare da shiga ba. Kowane layi zai kasance tare da sharhi (an yi musu alama da alamar "#").
Wannan misali ne na tsarin saiti ba tare da shiga ba:
# We specify the user's data that we found out in the previous command
setgid 995
setuid 997
# Type the NS-servers. It is possible to clarify your own servers at /etc/resolv.conf
nserver 1.1.1.1
nserver 8.8.8.8
# Cache size
nscache 65536
# Timeouts
timeouts 1 5 30 60 180 1800 15 60
# Authorization of users by login/password (if required). You may not to use it or specify the path to the file in which authorization data is stored, for example, users $/etc/3proxy/.authfile
# If you insert a password in md5 format, replace “CL” with “CR”, as indicated in the example. You can use 2 methods at the same time.
auth cache strong
users "userproxy:CL:passwordproxy"
users "userproxy2:CR:b89097a7ad0b94f13b3c313ae76699d4 "
# Launch mode. Daemon only.
Daemon
# We write the port through which the http connection will take place. The example shows the standard one. To establish a socks connection, use the command specified in the second line, the port is also standard.
proxy -p3128
socks -p1080
Mun yi la'akari da zaɓin fayil ɗin sanyi ba tare da shiga ba. Yanzu za mu ƙirƙiri fayil ɗin sanyi tare da shiga da izinin mai amfani; za a yi amfani da shi daga baya yayin saitin uwar garken.
Tabbatar cewa kun samar da bayanin izini, saboda ana iya gano uwar garken koda akan tashoshin jiragen ruwa mara kyau.
# Configuring the server to launch from the userproxy user and the passwordproxy password.
users userproxy:CL:passwordproxy
# Specify the user's uid and gid
setgid 995
setuid 997
# Nameservers (NS-servers)
nserver 1.1.1.1
nserver 8.8.8.8
# Timeouts
timeouts 1 5 30 60 180 1800 15 60
# Cache size (standard)
nscache 65536
# Indicate the launch mode
daemon
# We install http proxy on a non-standard 50001 port. If there are several IP addresses on the server, be sure to specify a specific address for connecting the network. For example, "-e91.150.32.146". The argument "i" is a local address.
proxy –p50001
# In a same way as socks proxy, we conduct the installation on a 50002 port.
socks –p50002
# Path to the directory with logs, logs format and proxy rotation
Log /var/log/3proxy/3proxy.log D
logformat "- +_L%t.%. %N.%p %E %U %C:%c %R:%r %O %I %h %T"
rotate 30
Wannan yana kammala saitin babban fayil ɗin sanyi. Mu matsa zuwa mataki na ƙarshe da ƙaddamarwa.
mataki 7
Ƙirƙiri fayil ɗin farawa don systemd:
touch /etc/systemd/system/3proxy.serviceBayar da haƙƙoƙin da suka dace:
chmod 664 /etc/systemd/system/3proxy.serviceKwafi da liƙa waɗannan dabi'u masu zuwa cikin fayil ɗin kuma adana:
[Unit]
Description=3proxy Proxy Server
After=network.target
[Service]
Type=simple
ExecStart=/usr/bin/3proxy /etc/3proxy/3proxy.cfg
ExecStop=/bin/kill `/usr/bin/pgrep 3proxyuser`
RemainAfterExit=yes
Restart=on-failure
[Install]
WantedBy=multi-user.target»Lura: a cikin ƙimar "ExecStop" dole ne ka saka sunan mai amfani wanda aka ƙirƙira a mataki na 5.
Bayan haka kuna buƙatar sabunta tsarin Daemon tare da umarnin:
systemctl daemon-reloadmataki 8
Abinda kawai muke buƙata shine ƙaddamar da 3proxy da aka tsara, ƙara shi zuwa autostart, da kuma buɗe tashoshin jiragen ruwa a cikin Tacewar zaɓi.
Ƙara shi zuwa farawa ta atomatik, ƙaddamar da duba matsayi:
systemctl enable 3proxy
systemctl start 3proxy
systemctl status 3proxyBayan duba matsayin, mun ga bayanin cewa an ƙaddamar da 3proxy cikin nasara:
Abinda ya rage shine bude tashoshin jiragen ruwa:
firewall-cmd --zone=public --add-port=50001/tcp
firewall-cmd --zone=public --add-port=50002/tcp
firewall-cmd –reloadIdan ya cancanta, sake kunna uwar garken. Yana yiwuwa a bincika ko tashoshin jiragen ruwa a buɗe suke tare da umarnin:
firewall-cmd --list-allAbin da ya kamata ya zama:
Kamar yadda muke iya gani, an yi nasarar buɗe dukkan tashoshin jiragen ruwa kuma ana sauraren su. Haɗin http yana kan tashar farko, safa yana kan tashar jiragen ruwa na biyu.
Bincika haɗin kai ta kowane sabis mai dacewa:
Komai yana aiki. A namu bangaren, ba mu ba da shawarar yin amfani da haɗin da ba amintacce ba tare da izinin shiga/kalmar sirri ba, haka kuma tare da daidaitattun saitin tashoshin jiragen ruwa.. Yayin saita fayil ɗin sanyi, tabbatar da saka hanyar shiga da ƙirƙirar kalmar sirri mai rikitarwa, sannan kuma canza tashar jiragen ruwa zuwa waɗanda ba daidai ba.. A cikin yanayi na musamman, yana yiwuwa a yi amfani da izinin adireshin IP
Matsaloli gama gari
Wani abu ya faru kuma wakili baya aiki? Wataƙila tsarin 3proxy ɗin an yi shi ba daidai ba. Bari mu yi la'akari da matsalolin da suka fi kowa da kuma hanyoyin magance su yayin shigarwa da daidaita kayan aiki.
Babu haɗi
Matsalar gama gari ga masu amfani da yawa ita ce haɗin da ba za a iya shiga ba lokacin da fayilolin sanyi suke da alama an daidaita su daidai. Idan kun tabbata cewa duk saitunan an daidaita su daidai, mai ba da sabis ɗin ba ya iyakance tashar da aka zaɓa kuma duk bayanan suna nuna sabis ɗin aiki, matsalar na iya kasancewa a cikin Firewall, ko, mafi daidai, daidaitaccen tsarin sa. Misali, ana iya shigar da shirye-shirye sama da biyu akan tsarin da zasu yi karo da juna. Don magance matsalar, ya isa a yi amfani da takamaiman Firewall ɗaya. Muna ba ku shawara ku zaɓi kawai iptables ko Firewall-cmd.
Sabis ɗin baya ƙaddamarwa
Sabis ɗin baya farawa bayan saita duk mahimman fayilolin sanyi. Wannan yana faruwa lokacin da aka rasa matakin daidaitawa, ba a ba da haƙƙin da suka dace ba, ko kuma an yi ƙaramin kuskure a cikin fayilolin daidaitawa. Muna ba ku shawarar ku sake nazarin umarnin mataki-mataki, watakila kun rasa ɗaya daga cikin matakan. Idan babu abin da zai taimaka, zai zama kyakkyawan ra'ayi don sake shigar da OS kuma bi duk matakai daga farkon. Muna ba da shawarar amfani samfurin yana a /cfg/3proxy.cfg.sample, azaman tsarin gwaji, kuma an riga an shigar dashi firewall-cmd a matsayin Tacewar zaɓi.
shiga
Ƙarshe, amma ba ƙaramin mahimmanci ba ya shafi ajiyar fayil. 3proxy yana ɗaukar mb da yawa yayin shigarwa, amma ana iya ƙara girman girman kawai ta hanyar shiga tare da wucewar lokaci. Gaskiyar ita ce yawancin masu amfani suna ba da damar yin rikodin log a cikin wani fayil daban, amma kada ku saita juyi kuma kada ku share rajistan ayyukan da ba su da mahimmanci. Ana iya amfani da zaɓuɓɓuka guda uku don magance wannan matsala:
- Kunna shiga;
- lokaci-lokaci share rajistan ayyukan da ba su da mahimmanci;
- Kunna juyawa, kamar yadda aka yi a cikin tsarin da ke sama. Misali, "juya 30" a cikin fayil ɗin daidaitawa yana nufin cewa 3proxy zai adana sabbin fayiloli 30 ne kawai.
Kammalawa
Shigarwa da daidaita 3proxy akan CentOS da ArchLinux tsarin aiki abu ne mai sauƙi, amma a lokaci guda ingantaccen aiki. Labarin ya ƙunshi matakai don shigar da fakitin da suka dace, daidaita fayilolin daidaitawa, da ƙaddamar da sabis ɗin. Ilimin da aka samu zai ba ka damar shigar da daidaita uwar garken wakili da kanka ba tare da wata wahala ba.
