Skip to content

Commit e440601

Browse files
committed
initial commit
0 parents  commit e440601

File tree

4 files changed

+212
-0
lines changed

4 files changed

+212
-0
lines changed

.gitignore

+24
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,24 @@
1+
# Local .terraform directories
2+
**/.terraform/*
3+
4+
# .tfstate files
5+
*.tfstate
6+
*.tfstate.*
7+
8+
# Crash log files
9+
crash.log
10+
11+
# Ignore any .tfvars files that are generated automatically for each Terraform run. Most
12+
# .tfvars files are managed as part of configuration and so should be included in
13+
# version control.
14+
#
15+
# example.tfvars
16+
17+
# Ignore override files as they are usually used to override resources locally and so
18+
# are not checked in
19+
override.tf
20+
override.tf.json
21+
*_override.tf
22+
*_override.tf.json
23+
24+
public_dns.txt

deploy.tf

+98
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,98 @@
1+
provider "aws" {
2+
# region = "us-east-1"
3+
# region = "us-east-2"
4+
# region = "us-west-1"
5+
# region = "us-west-2"
6+
region = "ap-south-1"
7+
# region = "ap-northeast-2"
8+
# region = "ap-southeast-1"
9+
# region = "ap-southeast-2"
10+
# region = "ap-northeast-1"
11+
# region = "eu-central-1"
12+
# region = "eu-west-1"
13+
# region = "eu-west-2"
14+
# region = "eu-west-3"
15+
# region = "eu-north-1"
16+
# region = "ca-central-1"
17+
# region = "cn-north-1"
18+
# region = "sa-east-1"
19+
}
20+
21+
resource "aws_instance" "ssocks" {
22+
count = 1 # number of copies to spin up - if you put 1000 here, your bill might surprise you...
23+
ami = "${data.aws_ami.ubuntu.id}"
24+
instance_type = "t2.micro"
25+
key_name = "narc_key"
26+
security_groups = [
27+
"${aws_security_group.ssh_https.name}"
28+
]
29+
30+
provisioner "remote-exec" {
31+
script = "scripts/provision.sh"
32+
connection {
33+
type = "ssh"
34+
user = "ubuntu"
35+
private_key = "${file("~/.ssh/narc_key.pem")}"
36+
}
37+
}
38+
39+
# Return the public dns names into a local file for later use.
40+
provisioner "local-exec" {
41+
command = "echo ${self.public_dns} >> public_dns.txt"
42+
}
43+
}
44+
45+
resource "aws_security_group" "ssh_https" {
46+
count = 1
47+
name = "ssh_https"
48+
description = "Allow all inbound traffic"
49+
50+
ingress {
51+
from_port = 443
52+
to_port = 443
53+
protocol = "tcp"
54+
cidr_blocks = ["0.0.0.0/0"]
55+
}
56+
57+
ingress {
58+
from_port = 22
59+
to_port = 22
60+
protocol = "tcp"
61+
cidr_blocks = ["0.0.0.0/0"]
62+
}
63+
64+
egress {
65+
from_port = 0
66+
to_port = 65535
67+
protocol = "tcp"
68+
cidr_blocks = ["0.0.0.0/0"]
69+
}
70+
71+
tags = {
72+
Name = "ssh_https"
73+
}
74+
}
75+
76+
data "aws_ami" "ubuntu" {
77+
most_recent = true
78+
79+
filter {
80+
name = "name"
81+
values = ["ubuntu/images/hvm-ssd/ubuntu-xenial-16.04-amd64-server-*"]
82+
}
83+
84+
owners = ["099720109477"] # Canonical
85+
}
86+
87+
resource "null_resource" "after_cleanup" {
88+
provisioner "local-exec" {
89+
when = "destroy"
90+
command = "rm -f public_dns.txt"
91+
}
92+
}
93+
94+
resource "null_resource" "before_cleanup" {
95+
provisioner "local-exec" {
96+
command = "rm -f public_dns.txt"
97+
}
98+
}

scripts/provision.sh

+87
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,87 @@
1+
#!/usr/bin/env bash
2+
sudo apt update && sudo apt upgrade -yuf
3+
sudo apt-get install -y --no-install-recommends gettext build-essential autoconf libtool libpcre3-dev asciidoc xmlto libev-dev libudns-dev automake libmbedtls-dev libsodium-dev git python-m2crypto libc-ares-dev
4+
cd /opt
5+
sudo git clone https://github.com/shadowsocks/shadowsocks-libev.git
6+
cd shadowsocks-libev
7+
sudo git submodule update --init --recursive
8+
sudo ./autogen.sh
9+
sudo ./configure
10+
sudo make && sudo make install
11+
sudo adduser --system --no-create-home --group shadowsocks
12+
sudo mkdir -m 755 /etc/shadowsocks
13+
ip=`ifconfig | grep -Eo 'inet (addr:)?([0-9]*\.){3}[0-9]*' | grep -Eo '([0-9]*\.){3}[0-9]*' | grep -v '127.0.0.1'`
14+
15+
printf "{\n\
16+
\"server\":\"$ip\",\n\
17+
\"server_port\":443,\n\
18+
\"password\":\"holymoly\",\n\
19+
\"timeout\":300,\n\
20+
\"method\":\"aes-256-gcm\",\n\
21+
\"fast_open\": true\n}\n" | sudo tee /etc/shadowsocks/shadowsocks.json
22+
23+
sudo bash -c 'cat >/etc/sysctl.d/local.conf <<EOL
24+
# max open files
25+
fs.file-max = 51200
26+
# max read buffer
27+
net.core.rmem_max = 67108864
28+
# max write buffer
29+
net.core.wmem_max = 67108864
30+
# default read buffer
31+
net.core.rmem_default = 65536
32+
# default write buffer
33+
net.core.wmem_default = 65536
34+
# max processor input queue
35+
net.core.netdev_max_backlog = 4096
36+
# max backlog
37+
net.core.somaxconn = 4096
38+
# resist SYN flood attacks
39+
net.ipv4.tcp_syncookies = 1
40+
# reuse timewait sockets when safe
41+
net.ipv4.tcp_tw_reuse = 1
42+
# turn off fast timewait sockets recycling
43+
net.ipv4.tcp_tw_recycle = 0
44+
# short FIN timeout
45+
net.ipv4.tcp_fin_timeout = 30
46+
# short keepalive time
47+
net.ipv4.tcp_keepalive_time = 1200
48+
# outbound port range
49+
net.ipv4.ip_local_port_range = 10000 65000
50+
# max SYN backlog
51+
net.ipv4.tcp_max_syn_backlog = 4096
52+
# max timewait sockets held by system simultaneously
53+
net.ipv4.tcp_max_tw_buckets = 5000
54+
# turn on TCP Fast Open on both client and server side
55+
net.ipv4.tcp_fastopen = 3
56+
# TCP receive buffer
57+
net.ipv4.tcp_rmem = 4096 87380 67108864
58+
# TCP write buffer
59+
net.ipv4.tcp_wmem = 4096 65536 67108864
60+
# turn on path MTU discovery
61+
net.ipv4.tcp_mtu_probing = 1
62+
# for high-latency network
63+
net.ipv4.tcp_congestion_control = hybla
64+
# for low-latency network, use cubic instead
65+
net.ipv4.tcp_congestion_control = cubic
66+
EOL'
67+
68+
sudo sysctl --system
69+
70+
sudo bash -c 'cat >/etc/systemd/system/shadowsocks.service <<EOL
71+
[Unit]
72+
Description=Shadowsocks proxy server
73+
74+
[Service]
75+
User=root
76+
Group=root
77+
Type=simple
78+
ExecStart=/usr/local/bin/ss-server -c /etc/shadowsocks/shadowsocks.json -a shadowsocks -v start
79+
ExecStop=/usr/local/bin/ss-server -c /etc/shadowsocks/shadowsocks.json -a shadowsocks -v stop
80+
81+
[Install]
82+
WantedBy=multi-user.target
83+
EOL'
84+
85+
sudo systemctl daemon-reload
86+
sudo systemctl enable shadowsocks
87+
sudo systemctl start shadowsocks

ssh_to.sh

+3
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,3 @@
1+
#!/usr/bin/env bash
2+
n=`sed "${1}q;d" public_dns.txt`
3+
ssh -t -o "StrictHostKeyChecking no" -o "UserKnownHostsFile /dev/null" -i ~/.ssh/narc_key.pem ubuntu@$n

0 commit comments

Comments
 (0)