有时候我们在使用yum下载一些包时，会出现响应超时的情况，因为有的源需要去国外拉取，所以会出现安装失败的情况，这里我提供了一个在本地实现翻墙的方法

centos7
python 3.6.6

安装shadowsocks客户端

1）安装epel源，安装pip包管理

1 2	yum -y install epel-release yum -y install python-pip

2）安装shadowsocks客户端

1	pip install shadowsocks

这里我的python是使用的pyenv来安装的3.6.6版本，设置的全局模式

配置shadowsocks客户端的信息

1）创建存放shadowsocks连接信息的配置文件

1	mkdir /etc/shadowsocks

2）修改ss服务器的地址等一些连接信息

1 2 3 4 5 6 7 8 9 10 11 12 13	cat /etc/shadowsocks/shadowsocks.json { "server":"ss服务器的地址", "server_port":8080, #ss服务器的端口 "local_address": "127.0.0.1", #不用改 "local_port":1080, #不用改 "password":"pass", #ss的连接密码 "timeout":300, "method":"aes-256-cfb", #加密方式 "fast_open": false, #true表示开启，降低延迟，但是内核要在3.7+ "workers": 1 #工作线程，不用改 }

添加到系统服务里

1）创建启动脚本控制文件

1 2 3 4 5 6 7 8	# cat /etc/systemd/system/shadowsocks.service [Unit] Description=Shadowsocks [Service] TimeoutStartSec=0 ExecStart=/bin/sslocal -c /etc/shadowsocks/shadowsocks.json [Install] WantedBy=multi-user.target

注意：

sslocal要写命令的绝对路径，有时候可能是/usr/bin/sslocal，需要which sslocal看下

2）启动，并加入到开机自启动

1 2 3	systemctl daemon-reload systemctl start shadowsocks systemctl enable shadowsocks

3）确认启动状态

三种方式

systemctl status shadowsocks
ps auxf | grep shadowsocks
curl --socks5 127.0.0.1:1080 http://httpbin.org/ip

安装配置privoxy

privoxy是一个web代理软件，安装其目的是为了将sock5转换为http或https

1）安装privoxy

1 2 3	yum -y install privoxy systemctl enable privoxy systemctl start privoxy

2）配置privoxy

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25

# egrep -v "^#|^$" /etc/privoxy/config confdir /etc/privoxy logdir /var/log/privoxy actionsfile match-all.action # Actions that are applied to all sites and maybe overruled later on. actionsfile default.action # Main actions file actionsfile user.action # User customizations filterfile default.filter filterfile user.filter # User customizations logfile logfile <span style="color: #ff0000;">listen-address 127.0.0.1:8118 #确认</span> toggle 1 enable-remote-toggle 0 enable-remote-http-toggle 0 enable-edit-actions 0 enforce-blocks 0 buffer-limit 4096 enable-proxy-authentication-forwarding 0 <span style="color: #ff0000;">forward-socks5t / 127.0.0.1:1080 . #确认</span> forwarded-connect-retries 0 accept-intercepted-requests 0 allow-cgi-request-crunching 0 split-large-forms 0 keep-alive-timeout 5 tolerate-pipelining 1 socket-timeout 300

3）设置http和https代理，并加入到环境变量里

1 2 3 4 5 6 7 8	cat /etc/profile PROXY_HOST=127.0.0.1 export all_proxy=http://$PROXY_HOST:8118 export ftp_proxy=http://$PROXY_HOST:8118 export http_proxy=http://$PROXY_HOST:8118 export https_proxy=http://$PROXY_HOST:8118 export no_proxy=localhost,172.16.0.0/16,192.168.0.0/16.,127.0.0.1,10.10.0.0/16

1	source /etc/profile

测试是否成功

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17

curl -I www.google.com HTTP/1.1 200 OK Date: Tue, 28 Aug 2018 03:07:54 GMT Expires: -1 Cache-Control: private, max-age=0 Content-Type: text/html; charset=ISO-8859-1 P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info." Server: gws X-XSS-Protection: 1; mode=block X-Frame-Options: SAMEORIGIN Set-Cookie: 1P_JAR=2018-08-28-03; expires=Thu, 27-Sep-2018 03:07:54 GMT; path=/; domain=.google.com Set-Cookie: NID=137=SWzqk4mzOtCJKXwe7R-XfH4jndC3aAMVVORuTsg5ivCg39tie2s9ZqY4U8Jknsh-Wr0PQpQsdOH6XhkhbLlFWnoxSFpyTOQrGPoi--i4r6ut7Hf1xEw4EWR_oUtfYARD; expires=Wed, 27-Feb-2019 03:07:54 GMT; path=/; domain=.google.com; HttpOnly Transfer-Encoding: chunked Accept-Ranges: none Vary: Accept-Encoding Proxy-Connection: keep-alive

对比下使用代理和不使用代理时下载速度的对比

使用前：

1 2 3 4 5 6 7 8 9

# curl -s -w 'Testing Website Response Time for :%{url_effective}nnLookup Time:tt%{time_namelookup}nConnect Time:tt%{time_connect}nPre-transfer Time:t%{time_pretransfer}nStart-transfer Time:t%{time_starttransfer}nnTotal Time:tt%{time_total}n' -o /dev/null http://www.github.com Testing Website Response Time for :http://www.github.com/ Lookup Time: 0.014 Connect Time: 0.329 Pre-transfer Time: 0.330 Start-transfer Time: 1.481 Total Time: 1.481

使用后：

1 2 3 4 5 6 7 8 9

curl -s -w 'Testing Website Response Time for :%{url_effective}nnLookup Time:tt%{time_namelookup}nConnect Time:tt%{time_connect}nPre-transfer Time:t%{time_pretransfer}nStart-transfer Time:t%{time_starttransfer}nnTotal Time:tt%{time_total}n' -o /dev/null http://www.github.com Testing Website Response Time for :http://www.github.com/ Lookup Time: 0.000 Connect Time: 0.000 Pre-transfer Time: 0.000 Start-transfer Time: 0.513 Total Time: 0.513

关闭代理的话，可以写一个脚本，这里就不在贴出来了，大概思路就是：

关闭shadowsocks
关闭privoxy
关闭当前用户的proxy环境变量

1	while read var; do unset $var; done < <(env \| grep -i proxy \| awk -F= '{print $1}')

扩展

Ubuntu下安装ss客户端

1）下载ss和pip

1 2	sudo apt install python-pip pip install shadowsocks

2）配置ss客户端

1 2 3 4 5 6 7 8 9 10 11 12 13	cat /etc/shadowsocks/shadowsocks.json { "server":"ss服务器的地址", "server_port":8080, #ss服务器的端口 "local_address": "127.0.0.1", #不用改 "local_port":1080, #不用改 "password":"pass", #ss的连接密码 "timeout":300, "method":"aes-256-cfb", #加密方式 "fast_open": false, #true表示开启，降低延迟，但是内核要在3.7+ "workers": 1 #工作线程，不用改 }

3）启动ss客户端

1	sslocal -c /etc/shadowsocks.json

如果没有报错则进行下一步

4）配置全局代理

为什么要配置全局代理，上面已经说明了，shadowsocks是使用的socks5协议，而我们需要将它转换为http代理，我们需要安装polipo

1	sudo apt-get install polipo

修改polipo的配置，来为后面设置全局代理

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19

$ cat /etc/polipo/config # This file only needs to list configuration variables that deviate # from the default values. See /usr/share/doc/polipo/examples/config.sample # and "polipo -v" for variables you can tweak and further information. logSyslog = true logFile = /var/log/polipo/polipo.log socksParentProxy = "127.0.0.1:1080" socksProxyType = socks5 chunkHighMark = 50331648 objectHighMark = 16384 serverMaxSlots = 64 serverSlots = 16 serverSlots1 = 32 proxyAddress = "0.0.0.0" proxyPort = 8123

设置完成后，要进行重新启动

1	sudo /etc/init.d/polipo restart

修改/etc/profile或～/.bash_profile文件，来设置全局代理

1 2	sudo vim /etc/profile export http_proxy="http://127.0.0.1:8123/"

修改完成后执行：source /etc/profile

5）验证

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15

$ curl -I www.google.com HTTP/1.1 200 OK Date: Wed, 05 Dec 2018 15:28:59 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Cache-Control: private, max-age=0 Content-Type: text/html; charset=ISO-8859-1 P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info." Server: gws X-XSS-Protection: 1; mode=block X-Frame-Options: SAMEORIGIN Set-Cookie: 1P_JAR=2018-12-05-15; expires=Fri, 04-Jan-2019 15:28:59 GMT; path=/; domain=.google.com Set-Cookie: NID=148=rBGhQSmkHR_txwGHU5ojzmviP0xSdUpDIL7yEG5wxrX9qNEffxZRGSzfI4E8o1DpdGszvChI_Peh5uGo3xAUIfOKAbgRS1x5ySYuJew08KaxFoTFcj1N42Ni8kfFnxdF5o4tBVOR-R1zEllvC-hycwT0YF6NE7GYUA2Shwp-DUo; expires=Thu, 06-Jun-2019 15:28:59 GMT; path=/; domain=.google.com; HttpOnly Accept-Ranges: none Vary: Accept-Encoding Connection: keep-alive

如何在centos7上看墙外的世界