title: 建站记录(三)番外:acme 自动更新证书 tags: [] id: '1468' categories:
安装 proxychans4
# https://github.com/rofl0r/proxychains-ng/releases 上传源码
tar -zxvf proxychains-ng-4.15.tar.gz
cd proxychains-ng-4.15
yum groupinstall "Development Tools" "Development Libraries" # apt install build-essential
./configure --prefix=/usr --sysconfdir=/etc
make && make install
make install-config
nano -K /etc/proxychains.conf
# socks5 127.0.0.1 20808
安装 xray
# https://github.com/XTLS/Xray-core/releases 上传 Xray-linux-64.zip
unzip Xray-linux-64.zip
开启 xray
# 上传xray配置文件
# 修改格式
vi ./xui2.json
:set ff
:set ff=unix
:wq
# 运行
./xray run -c ./xui2.json &
# 查看
jobs
xray的常见配置文件示例
{
"dns": {
"hosts": {
"domain:googleapis.cn": "googleapis.com"
},
"servers": [
"1.1.1.1"
]
},
"inbounds": [
{
"port": 20808,
"protocol": "socks",
"settings": {
"auth": "noauth",
"udp": true,
"userLevel": 8
},
"sniffing": {
"destOverride": [
"http",
"tls"
],
"enabled": true
},
"tag": "socks"
},
{
"port": 20809,
"protocol": "http",
"settings": {
"userLevel": 8
},
"tag": "http"
}
],
"log": {
"loglevel": "warning"
},
"outbounds": [
{
"mux": {
"concurrency": 8,
"enabled": false
},
"protocol": "vless",
"settings": {
"vnext": [
{
"address": "your.vless.com",
"port": 443,
"users": [
{
"encryption": "none",
"flow": "",
"id": "12345678-1234-1234-1234-12345678abcd",
"level": 8,
"security": "auto"
}
]
}
]
},
"streamSettings": {
"grpcSettings": {
"multiMode": false,
"serviceName": "yourservicepathname"
},
"network": "grpc",
"security": "tls",
"tlsSettings": {
"allowInsecure": false,
"serverName": "your.vless.com"
}
},
"tag": "proxy"
},
{
"protocol": "freedom",
"settings": {},
"tag": "direct"
},
{
"protocol": "blackhole",
"settings": {
"response": {
"type": "http"
}
},
"tag": "block"
}
],
"policy": {
"levels": {
"8": {
"connIdle": 300,
"downlinkOnly": 1,
"handshake": 4,
"uplinkOnly": 1
}
},
"system": {
"statsOutboundUplink": true,
"statsOutboundDownlink": true
}
},
"routing": {
"domainStrategy": "IPIfNonMatch",
"rules": [
{
"ip": [
"1.1.1.1"
],
"outboundTag": "proxy",
"port": "53",
"type": "field"
}
]
},
"stats": {}
}
安装 acme.sh
proxychains 只会代理 TCP 连接,而 ping 使用的是 ICMP。记住这一点即可。
proxychains4 bash
curl https://get.acme.sh sh
jobs
fg
^C
crontab -l
51 0 * * * "/root/.acme.sh"/acme.sh --cron --home "/root/.acme.sh" > /dev/null
export LE_WORKING_DIR="/root/.acme.sh"
export CF_Key=""
export CF_Email=""
alias acme.sh="/root/.acme.sh/acme.sh"
acme.sh --register-account -m limour@limour.top
acme.sh --issue --dns dns_cf -d *.limour.top -d limour.top -d *.frp.limour.top --server https://acme-v02.api.letsencrypt.org/directory
修改httpd配置
SSLCertificateFile /etc/letsencrypt/live/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/privkey.pem
安装证书
acme.sh --install-cert -d *.limour.top \
--key-file /etc/letsencrypt/live/privkey.pem \
--fullchain-file /etc/letsencrypt/live/fullchain.pem \
--reloadcmd "systemctl restart httpd"