I-Spotify ingakusiza kanjani ukuthi ufunde ama-daemon, ama-RFC, amanethiwekhi futhi ikhuthaze umthombo ovulekile. Noma kwenzekani uma ungakwazi ukukhokha, kodwa ufuna ngempela izinto ezithile ze-premium.
Начало
Ngosuku lwesithathu, kwaqashelwa ukuthi uSpotify wayebonisa izikhangiso ezisekelwe ezweni lekheli le-IP. Kuphinde kwaphawulwa ukuthi kwamanye amazwe ukukhangisa kwakungangenisiwe nhlobo. Ngokwesibonelo, e-Republic of Belarus. Bese kwasungulwa icebo “elikhaliphile” lokukhubaza ukukhangisa ku-akhawunti engeyona eye-premium.
Okuncane mayelana ne-Spotify
Ngokuvamile, i-Spotify inomgomo ongajwayelekile. Umfowethu kufanele asonteke kahle ukuze athenge i-premium: shintsha indawo kuphrofayela yakhe iye phesheya kwezilwandle, bheka ikhadi lesipho elifanelekile elingakhokhelwa kuphela nge-PayPal, ebeliyinqaba muva nje futhi lifuna inqwaba yamadokhumenti. Ngokuvamile, futhi kuyi-adventure, kodwa ye-oda elihlukile. Nakuba abantu abaningi benza lokhu ngenxa yenguqulo yeselula, anginasithakazelo kuyo. Ngakho-ke, konke okungezansi kuzosiza kuphela esimweni senguqulo yedeskithophu. Ngaphezu kwalokho, ngeke kube khona ukunwetshwa kwemisebenzi. Vele unqamule ezinye ezengeziwe.
Kungani kuyinkimbinkimbi kangaka?
Futhi ngacabanga kanjalo lapho ngibhalisa idatha ye-socks-proxy ku-Spotify config. Inkinga ivele ukuthi ukufakazela ubuqiniso emasokisini usebenzisa ukungena ngemvume nephasiwedi akusebenzi. Futhi, abathuthukisi bavame ukwenza okuthile eduze kommeleli: ngezinye izikhathi bayayivumela, ngezinye izikhathi bayayinqabela, ngezinye izikhathi bayayephula, okunikeza amaphaneli aphelele ezingxoxo endaweni engaphandle kwesayithi.
Kwanqunywa ukuthi kunganciki emisebenzini engazinzile futhi kutholwe okuthile okunokwethenjelwa futhi okuthakazelisayo.
Endaweni ethile lapha umfundi kufanele abuze: kungani ungathathi ssh ngokhiye -D futhi isiphetho sakho? Futhi, ngokujwayelekile, uzobe elungile. Kodwa, okokuqala, lokhu kusadingeka kwenziwe idemoni futhi kwenziwe ubungane nge-autossh, ukuze ungacabangi ngokuxhumeka okudabukile. Futhi okwesibili: kulula kakhulu futhi kuyisicefe.
Ukuze
Njengenjwayelo, asisuke kwesokunxele siye kwesokudla, phezulu siye phansi futhi sichaze konke esikudingayo ukuze sisebenzise umbono wethu “olula”.
Okokuqala udinga ummeleli
Futhi kukhona ezinye izindlela eziningi ngesikhathi esisodwa:
- ungavele uhambe uthathe ohlwini oluvuliwe lommeleli. Kushibhile (noma kunalokho akukho lutho), kodwa akuthembeki ngokuphelele futhi isikhathi sokuphila sama-proxies anjalo sivame ukuba zero. Ngakho-ke, kungadingeka ukuthi uthole/ubhale isihlungi sohlu lommeleli, uhlunge ngohlobo olufunayo nezwe, futhi umbuzo wokufaka ummeleli otholakele kuSpotify uhlala uvulekile (kahle, mhlawumbe ngokusebenzisa
HTTP_PROXYdlulisa futhi udale isembozo sangokwezifiso senambambili ukuze yonke enye ithrafikhi ingathunyelwa lapho). - Ungathenga ummeleli ofanayo futhi uzisindise ezinkingeni eziningi ezichazwe ngenhla. Kepha ngentengo yommeleli, ungathenga ngokushesha i-premium ku-Spotify, futhi lokhu akusebenzi emsebenzini wokuqala.
- Phakamisa eyakho. Njengoba mhlawumbe uqagele, lokhu ukukhetha kwethu.
Ngenhlanhla kungase kuvele ukuthi unomngane oneseva e-Republic of Belarus noma kwelinye izwe elincane. Udinga ukusebenzisa lokhu futhi ukhiphe ummeleli oyifunayo kuwo. Ongoti abakhethekile banganeliseka ngomngane onerutha evuliwe noma isofthiwe efanayo. Kodwa lapho futhi lo mhlaba ngokusobala awungeni ohlakeni lwale ndaba.
Ngakho-ke, izinketho zethu: I-squid - ayikhuthazi, futhi angifuni ummeleli we-HTTP, sekuvele kuningi kakhulu kule nqubo yomthetho. Futhi endaweni yeSOCKS akukho lutho olunengqondo ngaphandle azikakafiki. Ngakho-ke, asiyithathe.
Ungalindi imanuwali kaDante yokufaka nokulungisa. Yena futhi akunantshisekelo ethile. Esikhathini esincane sokucushwa udinga ukuphonsa zonke izinhlobo client pass, socks pass, bhalisa kahle izixhumanisi futhi ungakhohlwa ukungeza socksmethod: username. Kuleli fomu, ukuze kuqinisekiswe, ilogopass izothathwa kubasebenzisi bohlelo. Futhi ingxenye emayelana nokuvikeleka: ukuvimbela ukufinyelela kuhosti wasendaweni, ukukhawulela abasebenzisi, njll. - lokhu kumuntu ngamunye, kuye nge-paranoia yomuntu siqu.
Khipha ummeleli obheke kunethiwekhi
Umdlalo usezenzweni ezimbili.
Yenza okukodwa
Silungise ummeleli, manje sidinga ukufinyelela kuwo kuwebhu yomhlaba. Uma unomshini one-IP emhlophe ezweni olifisayo, ungakwazi ukweqa leli phuzu ngokuphepha. Asinayo (thina, njengoba kushiwo ngenhla, isingathwe ezindlini zabangane) futhi i-IP emhlophe eseduze isendaweni ethile eJalimane, ngakho-ke sizofunda amanethiwekhi.
Ngakho-ke, yebo, umfundi olalelayo uzophinda abuze: kungani ungathathi isevisi ekhona noma okufanayo? Futhi uzobe elungile futhi. Kodwa lena yinkonzo, iphinde idinga ukuhlatshwa amadimoni, ingabiza nemali futhi ngokuvamile ayidlali. Ngakho-ke, sizodala amabhayisikili kusuka ezintweni ezilahliwe.
Umsebenzi: kukhona ummeleli endaweni ethile ngemuva kwe-NAT, udinga ukulengiswa kwelinye lamachweba e-VPS ane-IP emhlophe futhi etholakala emaphethelweni omhlaba.
Kunengqondo ukucabanga ukuthi lokhu kungaxazululwa ngokudluliswa kwembobo (okwenziwa ngokusebenzisa lokhu okubalulwe ngenhla. ssh), noma ngokuhlanganisa ihadiwe ibe yinethiwekhi ebonakalayo nge-VPN. NGE ssh siyakwazi ukusebenza, autossh Kuyisicefe ukuthatha, ngakho-ke ake sithathe i-OpenVPN.
I-DigitalOcean ine ngalolu daba. Akukho engingakwengeza kukho. Futhi ukulungiselelwa okuwumphumela kungaxhunywa kalula neklayenti le-OpenVPN futhi systemd. Vele uyifake (config) phakathi /etc/openvpn/client/ futhi ungakhohlwa ukushintsha isandiso sibe .conf. Ngemva kwalokho, donsa isevisi [email protected]ungakhohlwa ukumenzela enable futhi ujabule ngokuthi konke kundizile.
Yiqiniso, sidinga ukukhubaza noma yikuphi ukuqondisa kabusha kwethrafikhi ku-VPN esanda kwakhiwa, ngoba asifuni ukunciphisa isivinini emshinini weklayenti ngokudlula ithrafikhi ngesigamu sebhola.
Futhi yebo, sidinga ukubhalisa ikheli le-IP elimile kuseva ye-VPN yeklayenti lethu. Lokhu kuzodingeka kamuva endabeni. Ukuze wenze lokhu udinga ukunika amandla ifconfig-pool-persist, hlela ipp.txt, efakwe ne-OpenVPN futhi inike amandla iklayenti-config-dir, futhi uhlele ukucushwa kweklayenti olifunayo ngokungeza ifconfig-push ngemaski elungile nekheli le-IP olifisayo.
Yenza okubili
Manje sesinomshini “kunethiwekhi” obhekene ne-inthanethi futhi ongasetshenziselwa izinjongo zobugovu. Okungukuthi, qondisa kabusha ingxenye yethrafikhi ngayo.
Ngakho-ke, umsebenzi omusha: udinga ukuvala ithrafikhi efika kwelinye lamachweba e-VPS nge-IP emhlophe ukuze le thrafikhi iye kunethiwekhi esanda kuxhunywa futhi impendulo ingabuya lapho.
Isixazululo: kunjalo iptables! Kunini futhi lapho ozothola khona ithuba elihle kangaka lokuprakthiza naye?
Ukucushwa okudingekayo kungatholakala ngokushesha okukhulu, emahoreni amathathu, amagama ayikhulu anenhlamba kanye nedlanzana lemizwa elahlekile, ngoba amanethiwekhi okulungisa iphutha kuyinqubo ecacile kakhulu.
Okokuqala, udinga ukunika amandla ukuqondisa kabusha kwethrafikhi ku-kernel. Le nto ibizwa ipv4.ip_forward futhi inikwe amandla ngokuhlukile kancane kuye nge-OS nomphathi wenethiwekhi.
Okwesibili, udinga ukukhetha ichweba ku-VPS bese ugoqa yonke ithrafikhi eya kuyo ibe yi-subnet ebonakalayo. Lokhu kungenziwa, ngokwesibonelo, kanje:
iptables -t nat -A PREROUTING -p tcp -i eth0 --dport 8080 -j DNAT --to-destination 10.8.0.2:8080Lapha siqondisa kabusha yonke ithrafikhi ye-TCP eza ku-port 8080 yesixhumi esibonakalayo sangaphandle emshinini one-IP 10.8.0.2 kanye nembobo efanayo engu-8080.
Kulabo abafuna imininingwane engcolile yomsebenzi netfilter, iptables kanye nomzila ngokuvamile, kudingekile ngempela ukucabanga noma .
Ngakho-ke, manje amaphakethe ethu andizela ku-subnet ebonakalayo futhi... ahlala lapho. Ngokuqondile, impendulo evela kummeleli wamasokisi indizela emuva ngesango elizenzakalelayo emshinini onoDante futhi umamukeli uyawehlisa, ngoba kumanethiwekhi akuwona umkhuba ukuthumela isicelo ku-IP eyodwa futhi uthole impendulo kwenye. Ngakho-ke, sidinga ukuqhubeka nokuhlanganisa.
Ngakho-ke, manje udinga ukuqondisa kabusha wonke amaphakethe kusuka kummeleli emuva ku-subnet ebonakalayo ukuya ku-VPS nge-IP emhlophe. Lapha isimo sibi kakhulu, ngoba nje iptables ngeke sibe nokwanele, ngoba uma silungisa ikheli lendawo ngaphambi kokuthatha umzila (PREROUTING), khona-ke iphakheji yethu ngeke indize ku-inthanethi, futhi uma singayilungisi, iphakheji izoya default gateway. Ngakho-ke, udinga ukwenza okulandelayo: khumbula iketanga mangle, ukuze uphawule amaphakethe iptables futhi uwasonge ngetafula langokwezifiso elizowathumela lapho kufanele aye khona.
Kulula ukusho kunokwenza:
iptables -t mangle -A OUTPUT -p tcp --sport 8080 -j MARK --set-mark 0x80
ip rule add fwmark 0x80 table 80
ip route add default via 10.8.0.1 dev tun0 table 80Sithatha ithrafikhi ephumayo, phawula yonke into endizayo esuka echwebeni lapho ummeleli ehlezi khona (8080 kithi), siqondise kabusha yonke ithrafikhi ephawuliwe etafuleni lomzila ngenombolo 80 (ngokujwayelekile, inombolo ayincikile kunoma yini, besivele sifuna to) bese wengeza umthetho owodwa , ngokuya ngawo wonke amaphakethe afakwe kuleli thebula andizela ku-subnet ye-VPN.
Kuhle! Manje amaphakethe abuyela emuva abheke ku-VPS ... futhi afele lapho. Ngoba i-VPS ayazi ukuthi yenzeni ngabo. Ngakho-ke, uma ungazihluphi, ungavele uqondise kabusha yonke ithrafikhi efika isuka ku-subnet ibuyele ku-inthanethi:
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j SNAT --to-source 172.42.1.10Lapha, yonke into efika isuka ku-subnet engu-10.8.0.0 enemaski engu-255.255.255.000 isongwe kumthombo-NAT futhi indizela esibonakalayo esizenzakalelayo, esiguqulelwe ku-inthanethi. Kubalulekile ukuqaphela ukuthi le nto izosebenza kuphela uma sidlulisela phambili ichweba ngokusobala, okungukuthi, ichweba elingenayo ku-VPS lifana nechweba lommeleli wethu. Uma kungenjalo uzohlupheka kancane.
Endaweni ethile manje konke kufanele kuqale ukusebenza. Futhi okusele okuncane: ungakhohlwa ukwenza isiqiniseko sokuthi zonke izilungiselelo iptables и route ayizange iqhubeke ngemva kokuqala kabusha. Ngoba iptables kukhona amafayela akhethekile afana /etc/iptables/rules.v4(esimeni se-Ubuntu), kodwa emizileni yonke into iyinkimbinkimbi kakhulu. Ngabaphushela phakathi up/down Imibhalo ye-OpenVPN, nakuba ngicabanga ukuthi ngabe yenziwe ngesizotha.
Goqa ithrafikhi evela kuhlelo lokusebenza ngommeleli
Ngakho-ke, sinommeleli onokuqinisekisa ezweni esifisa ukulifinyelela, elifinyeleleka ngekheli le-IP elimhlophe elimile. Okusele nje ukukusebenzisa nokuqondisa kabusha ithrafikhi evela kuSpotify lapho. Kepha kune-nuance, njengoba kushiwo ngenhla, igama-mfihlo lokungena lommeleli kuSpotify alisebenzi, ngakho-ke sizobheka ukuthi singayizungeza kanjani.
Okokuqala, ake sikhumbule mayelana . Izinto ezinhle, kepha zibiza imali elingana nenkanyezi ($ 40). Ngale mali singaphinde sithenge i-premium bese siqeda ngayo. Ngakho-ke, sizobheka ama-analogue amaningi amahhala futhi avulekile ku-Mac (yebo, sifuna ukulalela umculo ku-Mac). Ake sithole ithuluzi elilodwa eliphelele: . Futhi sizohamba ngokuthokoza.
Kodwa injabulo izoba yesikhashana, ngoba kuvela ukuthi udinga ukunika amandla imodi yokulungisa iphutha kanye nezandiso ze-kernel yangokwezifiso ku-MacOS, fayela ukucushwa okulula futhi uqonde ukuthi leli thuluzi linenkinga efanayo neSpotify: alikwazi ukudlula ukuqinisekiswa usebenzisa ukungena-iphasiwedi kumasokisi-ummeleli.
Endaweni ethile lapha sekuyisikhathi sokuthuka futhi uthenge i-premium ... kodwa cha! Ake sizame ukucela ukuthi ilungiswe, i-open source! Asenzeni lokhu . Futhi ekuphenduleni sithola indaba edabukisayo yokuthi umondli kuphela akasenayo i-MacBook futhi esihogweni ngayo, hhayi ukulungiswa.
Sizophatheka kabi futhi. Kodwa-ke sizokhumbula intsha yethu no-C, sivule imodi yokususa iphutha ku-Dante, simbe emakhulwini ama-kilobytes ezingodo, siye ukuze uthole ulwazi mayelana nephrothokholi ye-SOCKS5, ake sibheke i-Xcode futhi sithole inkinga. Kwanele ukulungisa uhlamvu olulodwa ohlwini lwamakhodi ezindlela ezinikezwa iklayenti ukuze kuqinisekiswe futhi yonke into iqala ukusebenza njengewashi. Siyajabula, siqoqa ukukhululwa kanambambili, senza futhi singena ekushoneni kwelanga futhi siye endaweni elandelayo.
Izenzele
Uma i-Proximac isisebenza, idinga ukwenziwa idemoni futhi ikhohliwe ngayo. Kukhona uhlelo olulodwa lokuqalisa olulungele lokhu, olutholakala ku-MacOS, okungukuthi .
Siyithola ngokushesha futhi siyaqonda ukuthi lokhu akukhona nhlobo systemd futhi lapha cishe i-scoop futhi xml. Awekho ama-fancy configs akho, akukho miyalo efana nayo status, restart, daemon-reload. Kuphela uhlobo oluqinile start-stop, list-grep, unload-load nokunye okuningi okungajwayelekile. Ukunqoba konke lokhu sibhala plist, iyalayisha. Ayisebenzi. Sifunda indlela yokususa iphutha ledimoni, sililungise, siqonde ukuthi yini ekhona ENV даже PATH asizange sikulethe evamile, siyaphikisana, siyiletha (engeza /sbin и /usr/local/bin) futhi ekugcineni sijabule nge-autostart nokusebenza okuzinzile.
Exhale
Uyini umphumela? Iviki lokuzidela, i-zoo eguqayo evela ezinsizeni ezithandekayo enhliziyweni futhi eyenza okudingekayo kuyo. Ulwazi oluncane ezindaweni zobuchwepheshe ezingabazisayo, umthombo ovulekile kancane kanye nokumamatheka ebusweni bakho emcabangweni othi "Ngikwenzile!"
PS: lokhu akulona ikhwelo lokuduba onxiwankulu, ukonga ngomentshisi noma ubuqili obuphelele, kodwa kuyinkomba nje yamathuba ocwaningo nentuthuko lapho, ngokuvamile, ungawalindele.
Source: www.habr.com