github twitter email rss
archlinux上架设goagent
Aug 29, 2014
2 minutes read
  • 安装准备 需要安装的包
pacman -S wget 
pacman -S  python2-crypto python2-pyopenssl  python2-gevent python2-greenlet nss
  • 获取安装包
cd ~
wget https://nodeload.github.com/goagent/goagent/legacy.zip/3.0
mv goagent* goagent
  • goagent配置
cd ~/goagent/local
cat > proxy.user.ini << EOF
[listen]
ip = 0.0.0.0
username = *proxy*
password = *goagent*
visible = 0

[gae]
appid = <goagent>
password = <password>
window = 6
keepalive = 1
obfuscate = 1

[pac]
enable = 0

[iplist]
google_cn = <iplist>
google_hk = <iplist>
EOF
  • 配置nss(libnss3-tool)
mkdir -p ~/.pki/nssdb
chmod 700 ~/.pki/nssdb
certutil -d ~/.pki/nssdb -N --empty-passwod
certutil -d sql:$HOME/.pki/nssdb -A -t "C,," -n GoAgent -i ~/programs/goagent/local/CA.crt

按提示设置nssdb的密码。 手工运行python2 proxy.py, 并输入上面设置的nssdb的密码

  • 建立daemon开机自启
ln -s /bin/python2.7 /bin/python
cat > /lib/systemd/system/goagent.service <<EOF
[Unit]
Description=Goagent Proxy
After=syslog.target network.target

[Service]
User=root
Group=root
Type=oneshot
RemainAfterExit=yes
ExecStart=/bin/bash /root/goagent/local/proxy.sh start
ExecStop=/bin/bash /root/goagent/local/proxy.sh stop

[Install]
WantedBy=multi-user.target
EOF

ln -s /lib/systemd/system/goagent.service /etc/systemd/system/goagent.service
systemctl daemon-reload
systemctl enable goagent.service
systemctl start goagent.service

查看日志命令journalctl -u goagent

补充说明: 遇到问题error[24]: too many open files

问题是由于ulimit和/etc/security/limits.conf中的设置造成的 出于对资源以及安全的考虑,我们不修改这两个配置,而采用重启的方法解决。当然此处也列出这两个配置的修改方法:不建议采用

ulimit -a #查看配置
ulimit -u 65536
ulimit -n 65536

在limits.conf末尾加上
*soft nofile 65536
*hard nofile 65536

我们采用定时重启的方法,配置如下:

写个重启goagent.service的脚本

cat > /root/goagent_restart.sh <<EOF
#!bin/sh
#restart goagent.
systemctl restart goagent.service

新建个service和timer用来定时执行上面的脚本

cat > /lib/systemd/system/goagent_restart.service <<EOF
[Unit]
Description=Goagent Proxy

[Service]
User=root
Group=root
Type=simple
ExecStart=/bin/sh /root/goagent_restart.sh

[Install]
WantedBy=multi-user.target
EOF

cat > /lib/systemd/system/goagent_restart.timer <<EOF
[Unit]
Description=restart goagent every 12h

[Timer]
# Time to wait after booting before we run first time
OnBootSec=10min
# Time between running each consecutive time
OnUnitActiveSec=12h
Unit=goagent_restart.service

[Install]
WantedBy=multi-user.target
EOF

ln -s /lib/systemd/system/goagent_restart.* /etc/systemd/system/
systemctl daemon-reload
systemctl enable goagent_restart.*
systemctl start goagent_restart.*

Back to posts


comments powered by Disqus