Skip to content

Instantly share code, notes, and snippets.

@zxkane

zxkane/.gitignore

Last active April 11, 2017 07:21
Show Gist options
  • Save zxkane/a2a6d5ddee24f0145e12149b814cc3b9 to your computer and use it in GitHub Desktop.
Save zxkane/a2a6d5ddee24f0145e12149b814cc3b9 to your computer and use it in GitHub Desktop.
Download ZIP
deploy ss with mgr in swarm
Raw
dhparam.pem
-----BEGIN DH PARAMETERS-----
MIICCAKCAgEA1I5RN3W99uwMjTUM68oes8Zs82nqLINErNCdGtZIV8uJm2ykktRD
L3syAC1BtLZb/WN1rgMmzksQ33wyvAWy1n9kWSl7WOAZ75diprxE/S4vDeJzCumF
qlVb/oD/QpLpHt+bE1V3LcYE/c9kblBc/4mZ0tzrIz6lxpQhFCfGHy6Lkss9M9ei
DaRKbYMzl4QfPjWWbS061UjOHBzTQw9dDZLVtcLFruBPaw17jvXjPCJBHMdtzNMO
oJs68TWKmtkh2fP3NVZi3Erin2rqusr2mAZMBZj5lpb+n56bJY5KnvO1VzW/zhmp
MZ6M8HSTdiNIvwXs6UBcAOeQU8apmNdkxp8oxlPbO6XC/hL6geV9nqzQeJRsqyNx
9skleeL3hfN9KHv/zDdC4F4351/MZbnI1fBbCjtdPbseqYSTismy12CetTMdZuXt
Q75EEO+PeInKLgZVQ3PEDi1ABVyMQbWljUcHtaM82HUscGGkLnpSalbwiXxgLvVx
AecW+V0pXmcHsw91Gro1QivVEB2wxUxQYi+REw1TlzsHaLnT/fWqyydFVUOHMRgM
qqIUfDejcbHxkY4lqApED91NWkCFaskwaRBymyLOwn/SNHZTDZeOexUeu257d6cf
9IoLYqYqKlnn014v0uPwRd7p7mCkSlZ71uBDXJzhTftd8ck0vymDRyMCAQI=
-----END DH PARAMETERS-----
Raw
docker-compose.yml
version: "3.1"
services:
ss-manager:
image: mritd/shadowsocks
env_file:
- ./ss-manager.env
ports:
- "7001:7001"
- "7002-7100:7002-7100"
networks:
- ss-network
ssmgr-type-s:
image: gyteng/ssmgr
volumes:
- ./ssmgr.yml:/root/.ssmgr/default.yml
- ./db/ss.sqlite:/root/.ssmgr/ss.sqlite
command: -c /root/.ssmgr/default.yml
depends_on:
- "ss-manager"
networks:
- ss-network
ssmgr-type-m:
image: gyteng/ssmgr
volumes:
- ./webui.yml:/root/.ssmgr/webui.yml
- ./ssmgr.yml:/root/.ssmgr/default.yml
- ./db/webgui.sqlite:/root/.ssmgr/webgui.sqlite
command: -c /root/.ssmgr/webui.yml
depends_on:
- "ss-manager"
- "ssmgr-type-s"
networks:
- ss-network
nginx:
image: nginx:1.11-alpine
volumes:
- ./nginx.conf:/etc/nginx/nginx.conf
- ./site-ssl.conf:/etc/nginx/site-ssl.conf
- ./proxy.conf:/etc/nginx/proxy.conf
- ./proxy.basic.conf:/etc/nginx/proxy.basic.conf
- ./nginx/site-server.key:/etc/nginx/site-server.key
- ./nginx/site-server.pem:/etc/nginx/site-server.pem
- ./dhparam.pem:/etc/ssl/certs/dhparam.pem
ports:
- "443:443"
networks:
- ss-network
networks:
ss-network:
driver: overlay
# external: true
Raw
nginx.conf
worker_processes auto;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections 16384;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] '
'"$request_method $scheme://$host$request_uri $server_protocol" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
tcp_nopush on;
keepalive_timeout 90;
gzip on;
server_tokens off;
ignore_invalid_headers off;
server {
listen 80;
listen 443;
return 444;
}
upstream ssmgr {
server ssmgr-type-m:80 max_fails=10;
}
server {
listen 443 backlog=2048 reuseport default_server http2 ssl;
server_name pp.yourserver.com;
root html;
error_page 500 502 503 504 /50x.html;
ssl on;
include site-ssl.conf;
location / {
try_files maintenance.html @ssmgr;
}
location @ssmgr {
proxy_max_temp_file_size 0;
include proxy.conf;
proxy_pass http://ssmgr;
}
location = /50x.html {
root /usr/share/nginx/html;
}
}
}
Raw
proxy.basic.conf
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_http_version 1.1;
proxy_set_header Connection "";
Raw
proxy.conf
include proxy.basic.conf;
proxy_connect_timeout 2s;
proxy_send_timeout 10s;
proxy_read_timeout 30s;
Raw
site-ssl.conf
ssl_certificate /etc/nginx/site-server.pem;
ssl_certificate_key /etc/nginx/site-server.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:ECDHE-RSA-AES128-GCM-SHA256:AES256+EECDH:DHE-RSA-AES128-GCM-SHA256:AES256+EDH:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_dhparam /etc/ssl/certs/dhparam.pem;
ssl_stapling on;
ssl_stapling_verify on;
resolver 8.8.8.8 8.8.4.4 valid=300s;
resolver_timeout 5s;
Raw
ss-manager.env
SS_MODULE=ss-manager
SS_CONFIG=-m aes-256-cfb -k mykey -u --manager-address 0.0.0.0:6001
KCP_FLAG=false
Raw
ssmgr.yml
type: s
empty: false
shadowsocks:
address: ss-manager:6001
manager:
address: 0.0.0.0:4001
password: 'mykey'
db: 'ss.sqlite'
Raw
webui.yml
type: m
empty: false
manager:
address: ssmgr-type-s:4001
password: 'mykey'
plugins:
flowSaver:
use: true
user:
use: true
account:
use: true
pay:
hour:
price: 0.03
flow: 500000000
day:
price: 0.5
flow: 7000000000
week:
price: 3
flow: 50000000000
month:
price: 10
flow: 200000000000
season:
price: 30
flow: 200000000000
year:
price: 120
flow: 200000000000
email:
use: true
username: 'username'
password: 'password'
host: 'smtp.server.com'
webgui:
use: true
host: '0.0.0.0'
port: '80'
site: 'http://localhost:8899'
gcmSenderId: '456102641793'
gcmAPIKey: 'AAAAGzzdqrE:XXXXXXXXXXXXXX'
alipay:
use: false
appid: 2015012104922471
notifyUrl: ''
merchantPrivateKey: 'xxxxxxxxxxxx'
alipayPublicKey: 'xxxxxxxxxxx'
gatewayUrl: 'https://openapi.alipay.com/gateway.do'
db: 'webgui.sqlite'
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment