f0r34chb3t4 · September 6, 2017 16:59
diff --git a/install-tor-haproxy-only-centos7.sh b/install-tor-haproxy-only-centos7.sh
 #!/bin/bash
 #
 # by f0r34chb3t4 on Centos 7 - OpenStack
 #
 # 
 # Sistema simples para automatizar a instalacao e configuracao do haproxy e tor cliente com multiplas portas.
 #
 # O sera configurado para servir conexao de proxy nas portas 59050 a 59074 na rede loopback.
 # O haproxy ira servir na porta 51080 em toda a redes disponiveis.
 # Em teoria, tomos o haproxy realizando balanceamento de conexoes distribuido em 20 portas servidas pelo tor. 
 # Cada porta servida pelo tor deve ter um ip de saida diferente dos demais, logo temos 20 ips de saida.
 #
 # obs: para ajudar a rede o tor tambem ira atuar como relay ( ira usar a maquina configurada como um Retransmissor de pacotes e nao como ponto final. )
 #
 # curl --socks5 192.168.1.66 ipinfo.io
 #
 #

 yum -y install epel-release
 yum -y update
 yum -y install haproxy tor unzip wget nano

 mv /etc/haproxy/haproxy.cfg /etc/haproxy/haproxy.cfg-bak


 IP_LOCAL=$( ifconfig | grep -F 172.22.11 | awk '{print $2}' )

 cat <<'EOF' > /etc/haproxy/haproxy.cfg
 global

    log         127.0.0.1 local2
    chroot      /var/lib/haproxy
    pidfile     /var/run/haproxy.pid
    maxconn     1000000
    user        haproxy
    group       haproxy
    daemon

 defaults
    mode                    tcp
    log                     global
    option                  dontlognull
    option					redispatch
    retries                 3
    timeout queue           15s
    timeout connect         15s
    timeout client          15s
    timeout server          15s
    timeout check           15s
    maxconn                 1000000


 listen tor
 	mode tcp
 	option tcpka
 	bind 127.3.2.1:51080 
 	balance roundrobin
 	server tor100 127.0.0.1:59050 check fall 2 rise 2
 	server tor102 127.0.0.1:59051 check fall 2 rise 2
 	server tor103 127.0.0.1:59052 check fall 2 rise 2
 	server tor104 127.0.0.1:59053 check fall 2 rise 2
 	server tor105 127.0.0.1:59054 check fall 2 rise 2
 	server tor106 127.0.0.1:59055 check fall 2 rise 2
 	server tor107 127.0.0.1:59056 check fall 2 rise 2
 	server tor108 127.0.0.1:59057 check fall 2 rise 2
 	server tor109 127.0.0.1:59058 check fall 2 rise 2
 	server tor110 127.0.0.1:59059 check fall 2 rise 2
 	server tor111 127.0.0.1:59060 check fall 2 rise 2
 	server tor112 127.0.0.1:59061 check fall 2 rise 2
 	server tor113 127.0.0.1:59062 check fall 2 rise 2
 	server tor114 127.0.0.1:59063 check fall 2 rise 2
 	server tor115 127.0.0.1:59064 check fall 2 rise 2
 	server tor116 127.0.0.1:59065 check fall 2 rise 2
 	server tor117 127.0.0.1:59066 check fall 2 rise 2
 	server tor118 127.0.0.1:59067 check fall 2 rise 2
 	server tor119 127.0.0.1:59068 check fall 2 rise 2
 	server tor120 127.0.0.1:59069 check fall 2 rise 2
 EOF


 sed -i 's|127.3.2.1|'${IP_LOCAL}'|' /etc/haproxy/haproxy.cfg


 cat <<'EOF' > /etc/tor/torrc
 ControlSocket /run/tor/control
 ControlSocketsGroupWritable 1
 CookieAuthentication 1
 CookieAuthFile /run/tor/control.authcookie
 CookieAuthFileGroupReadable 1

 ORPort 443 NoListen
 ORPort 127.0.0.1:9090 NoAdvertise

 DirPort 80 NoListen
 DirPort 127.0.0.1:9091 NoAdvertise

 ExitPolicy reject *:*

 Nickname f0r34chb3t4
 ContactInfo [email protected]

 DisableDebuggerAttachment 0

 ExcludeSingleHopRelays 0

 NewCircuitPeriod 600

 SOCKSPort 59050
 SOCKSPort 59051
 SOCKSPort 59052
 SOCKSPort 59053
 SOCKSPort 59054
 SOCKSPort 59055
 SOCKSPort 59056
 SOCKSPort 59057
 SOCKSPort 59058
 SOCKSPort 59059
 SOCKSPort 59060
 SOCKSPort 59061
 SOCKSPort 59062
 SOCKSPort 59063
 SOCKSPort 59064
 SOCKSPort 59065
 SOCKSPort 59066
 SOCKSPort 59067
 SOCKSPort 59068
 SOCKSPort 59069
 EOF


 systemctl enable tor
 systemctl restart tor

 systemctl enable haproxy
 systemctl restart haproxy


 cat <<'EOF' >> /etc/security/limits.conf
 *         hard    nofile      1000000
 *         soft    nofile      1000000
 root      hard    nofile      1000000
 root      soft    nofile      1000000
 EOF



 echo 30 > /proc/sys/net/ipv4/tcp_fin_timeout
 echo 30 > /proc/sys/net/ipv4/tcp_keepalive_intvl
 echo 5 > /proc/sys/net/ipv4/tcp_keepalive_probes
 echo 1 > /proc/sys/net/ipv4/tcp_tw_recycle
 echo 1 > /proc/sys/net/ipv4/tcp_tw_reuse
 echo 9000 65500 > /proc/sys/net/ipv4/ip_local_port_range

 echo 1000000 > /proc/sys/fs/file-max

 setenforce 0

 exit 0
	#!/bin/bash
	#
	# by f0r34chb3t4 on Centos 7 - OpenStack
	#
	#
	# Sistema simples para automatizar a instalacao e configuracao do haproxy e tor cliente com multiplas portas.
	#
	# O sera configurado para servir conexao de proxy nas portas 59050 a 59074 na rede loopback.
	# O haproxy ira servir na porta 51080 em toda a redes disponiveis.
	# Em teoria, tomos o haproxy realizando balanceamento de conexoes distribuido em 20 portas servidas pelo tor.
	# Cada porta servida pelo tor deve ter um ip de saida diferente dos demais, logo temos 20 ips de saida.
	#
	# obs: para ajudar a rede o tor tambem ira atuar como relay ( ira usar a maquina configurada como um Retransmissor de pacotes e nao como ponto final. )
	#
	# curl --socks5 192.168.1.66 ipinfo.io
	#
	#

	yum -y install epel-release
	yum -y update
	yum -y install haproxy tor unzip wget nano

	mv /etc/haproxy/haproxy.cfg /etc/haproxy/haproxy.cfg-bak


	IP_LOCAL=$( ifconfig \| grep -F 172.22.11 \| awk '{print $2}' )

	cat <<'EOF' > /etc/haproxy/haproxy.cfg
	global

	log 127.0.0.1 local2
	chroot /var/lib/haproxy
	pidfile /var/run/haproxy.pid
	maxconn 1000000
	user haproxy
	group haproxy
	daemon

	defaults
	mode tcp
	log global
	option dontlognull
	option redispatch
	retries 3
	timeout queue 15s
	timeout connect 15s
	timeout client 15s
	timeout server 15s
	timeout check 15s
	maxconn 1000000


	listen tor
	mode tcp
	option tcpka
	bind 127.3.2.1:51080
	balance roundrobin
	server tor100 127.0.0.1:59050 check fall 2 rise 2
	server tor102 127.0.0.1:59051 check fall 2 rise 2
	server tor103 127.0.0.1:59052 check fall 2 rise 2
	server tor104 127.0.0.1:59053 check fall 2 rise 2
	server tor105 127.0.0.1:59054 check fall 2 rise 2
	server tor106 127.0.0.1:59055 check fall 2 rise 2
	server tor107 127.0.0.1:59056 check fall 2 rise 2
	server tor108 127.0.0.1:59057 check fall 2 rise 2
	server tor109 127.0.0.1:59058 check fall 2 rise 2
	server tor110 127.0.0.1:59059 check fall 2 rise 2
	server tor111 127.0.0.1:59060 check fall 2 rise 2
	server tor112 127.0.0.1:59061 check fall 2 rise 2
	server tor113 127.0.0.1:59062 check fall 2 rise 2
	server tor114 127.0.0.1:59063 check fall 2 rise 2
	server tor115 127.0.0.1:59064 check fall 2 rise 2
	server tor116 127.0.0.1:59065 check fall 2 rise 2
	server tor117 127.0.0.1:59066 check fall 2 rise 2
	server tor118 127.0.0.1:59067 check fall 2 rise 2
	server tor119 127.0.0.1:59068 check fall 2 rise 2
	server tor120 127.0.0.1:59069 check fall 2 rise 2
	EOF


	sed -i 's\|127.3.2.1\|'${IP_LOCAL}'\|' /etc/haproxy/haproxy.cfg


	cat <<'EOF' > /etc/tor/torrc
	ControlSocket /run/tor/control
	ControlSocketsGroupWritable 1
	CookieAuthentication 1
	CookieAuthFile /run/tor/control.authcookie
	CookieAuthFileGroupReadable 1

	ORPort 443 NoListen
	ORPort 127.0.0.1:9090 NoAdvertise

	DirPort 80 NoListen
	DirPort 127.0.0.1:9091 NoAdvertise

	ExitPolicy reject :

	Nickname f0r34chb3t4
	ContactInfo [email protected]

	DisableDebuggerAttachment 0

	ExcludeSingleHopRelays 0

	NewCircuitPeriod 600

	SOCKSPort 59050
	SOCKSPort 59051
	SOCKSPort 59052
	SOCKSPort 59053
	SOCKSPort 59054
	SOCKSPort 59055
	SOCKSPort 59056
	SOCKSPort 59057
	SOCKSPort 59058
	SOCKSPort 59059
	SOCKSPort 59060
	SOCKSPort 59061
	SOCKSPort 59062
	SOCKSPort 59063
	SOCKSPort 59064
	SOCKSPort 59065
	SOCKSPort 59066
	SOCKSPort 59067
	SOCKSPort 59068
	SOCKSPort 59069
	EOF


	systemctl enable tor
	systemctl restart tor

	systemctl enable haproxy
	systemctl restart haproxy


	cat <<'EOF' >> /etc/security/limits.conf
	* hard nofile 1000000
	* soft nofile 1000000
	root hard nofile 1000000
	root soft nofile 1000000
	EOF



	echo 30 > /proc/sys/net/ipv4/tcp_fin_timeout
	echo 30 > /proc/sys/net/ipv4/tcp_keepalive_intvl
	echo 5 > /proc/sys/net/ipv4/tcp_keepalive_probes
	echo 1 > /proc/sys/net/ipv4/tcp_tw_recycle
	echo 1 > /proc/sys/net/ipv4/tcp_tw_reuse
	echo 9000 65500 > /proc/sys/net/ipv4/ip_local_port_range

	echo 1000000 > /proc/sys/fs/file-max

	setenforce 0

	exit 0