天翼云自用搭建

Posted at 2024-11-01

byd 天翼云弹性计算服务器用的 Ubuntu 16.84.7 LTS

# 1.openssl 升级前置

openssl1.1.1 以下会没有 +addext 选项，记得升级

1 2	root@vm:~# which openssl /usr/bin/openssl

1 2	#获取openssl1.1.1w source/old wget https://www.openssl.org/source/old/1.1.1/openssl-1.1.1w.tar.gz --no-check-certificate

#安装依赖/Ubuntu
sudo apt install -y zlib1g
sudo apt install -y zlib1g-dev
sudo apt install -y gcc

#安装Perl
wget https://www.cpan.org/src/5.0/perl-5.40.0.tar.gz
#解压perl
tar -zxvf perl-5.40.0.tar.gz
#建立文件目录
mkdir /usr/local/perl
cd perl-5.40.0
./Configure -des -Dprefix=/usr/local/perl -Dusethreads –Uversiononly
#编译
make
#安装
make install
#查看版本
perl -v

# 2. 升级 openssl

#解压openssl
tar -zxvf openssl-1.1.1w.tar.gz
#调用zlib共享库
cd openssl-1.1.1w
./config shared zlib
#编译
make
#安装
make install

记得备份旧版本 openssl

1 2	mv /usr/bin/openssl /usr/bin/openssl.old mv /usr/lib64/openssl /usr/lib64/openssl.old

使用新版

1 2	ln -s /usr/local/bin/openssl /usr/bin/openssl ln -s /usr/local/include/openssl/ /usr/include/openssl

更新动态链接库数据

1	echo "/usr/local/lib/" >> /etc/ld.so.conf

重新加载动态链接库

1	ldconfig -v

查看新版本

1	openssl version

# 3. 安装 tailscale derp (基于 Ubuntu)

# 更新软件源
apt update && apt upgrade

# 安装相关依赖
apt install -y wget git openssl curl

# 拉取go 可打开https://go.dev/dl/查看最新版本
cd /root
wget https://go.dev/dl/go1.20.7inux-amd64.tar.gz

# 解压
rm -rf /usr/local/go && tar -C /usr/local -xzf go1.20.5.linux-amd64.tar.gz

# 查看版本
export PATH=$PATH:/usr/local/go/bin
go version

# 添加环境变量
echo "export PATH=$PATH:/usr/local/go/bin" >> /etc/profile
source /etc/profile

# 让go使用国内代理源(国外主机忽略)
go env -w GO111MODULE=on
go env -w GOPROXY=https://goproxy.cn,direct

# 拉取并编译derper
go install tailscale.com/cmd/derper@main

# 进入到编译好的文件夹(不要直接复制命令，按实际情况填写)
cd /root/go/pkg/mod/tailscale.com@v1.1.1-xxxx/cmd/derper/

# 打开cert.go文件
vi cert.go

# 注释以下信息
func (m *manualCertManager) getCertificate(hi *tls.ClientHelloInfo) (*tls.Certificate, error) {
    // if hi.ServerName != m.hostname {
    //     return nil, fmt.Errorf("cert mismatch with hostname: %q", hi.ServerName)
    // }

# 编译并输出到/etc/derp/
go build -o /etc/derp/derper

# 查看是否存在derper文件
cd /root
ls /etc/derp

# 自签域名(derp.myself.com可随意编写，命令中四处需要一致)
openssl req -x509 -newkey rsa:4096 -sha256 -days 3650 -nodes -keyout /etc/derp/derp.myself.com.key -out /etc/derp/derp.myself.com.crt -subj "/CN=derp.myself.com" -addext "subjectAltName=DNS:derp.myself.com"

# 自行开放33445(tcp)、2478(udp)端口

设置开机自启

cat > /etc/systemd/system/derp.service <<EOF
[Unit]
Description=TS Derper
After=network.target
Wants=network.target
[Service]
User=root
Restart=always
ExecStart=/etc/derp/derper -hostname derp.myself.com -a :33445 -http-port 33446 -certmode manual -certdir /etc/derp
RestartPreventExitStatus=1
[Install]
WantedBy=multi-user.target
EOF

# 设置开机自启
systemctl enable derp

# 启动derp服务
systemctl start derp

# 验证 derp 服务

打开 Tailscale 控制台，按照图中位置添加以下内容：

其中 IPv4、IPv6、RegionCode、RegionName 填写自己的

"derpMap": {
    //"OmitDefaultRegions": false,
    "OmitDefaultRegions": true,
    "Regions": {"901": {
        "RegionID":   901,
        "RegionCode": "EndlessJY",
        "RegionName": "EndlessJY Derper",
        "Nodes": [{
            "Name":             "901a",
            "RegionID":         901,
            "IPv4":             "xxxx",
            "IPv6":             "xxxx",
            "DERPPort":         33445,
            "InsecureForTests": true,
        }],
    }},
},

# 当以上配置文件中"OmitDefaultRegions": true时表示只启用自建DERP Server
[root@OpenWrt:01:01 PM ~] # tailscale netcheck
Report:
        * UDP: true
        * IPv4: yes, xxxx:xxx
        * IPv6: yes, [xxxx]:xxx
        * MappingVariesByDestIP: 
        * HairPinning: false
        * PortMapping: 
        * Nearest DERP: EndlessJY Derper
        * DERP latency:
                - EndlessJY: 56.3ms  (EndlessJY Derper)

# 当以上配置文件中"OmitDefaultRegions": false时表示启用全部(官方和自建)DERP Server
# 此时Tailscale会自动选择延迟最低节点
[root@OpenWrt:01:03 PM ~] # tailscale netcheck
Report:
        * UDP: true
        * IPv4: yes, xxx:xxx
        * IPv6: yes, [xxx]:xxx
        * MappingVariesByDestIP: false
        * HairPinning: false
        * PortMapping: 
        * Nearest DERP: EndlessJY Derper
        * DERP latency:
                - EndlessJY: 55ms    (EndlessJY Derper)
                - hkg: 56.4ms  (Hong Kong)
                - tok: 108.4ms (Tokyo)
                - syd: 178.8ms (Sydney)
                - sea: 181.1ms (Seattle)
                - lax: 202.1ms (Los Angeles)
                - sfo: 208.9ms (San Francisco)
                - sin: 231.2ms (Singapore)
                - ord: 233.1ms (Chicago)
                - den: 234.9ms (Denver)
                - dfw: 237.7ms (Dallas)
                - nyc: 246.8ms (New York City)
                - tor: 261.2ms (Toronto)
                - mia: 262.1ms (Miami)
                - hnl: 262.6ms (Honolulu)
                - lhr: 266.6ms (London)
                - par: 269.1ms (Paris)
                - ams: 272.9ms (Amsterdam)
                - blr: 273.7ms (Bangalore)
                - fra: 285.5ms (Frankfurt)
                - mad: 285.7ms (Madrid)
                - waw: 295ms   (Warsaw)
                - dbi: 330.6ms (Dubai)
                - nai: 344ms   (Nairobi)
                - sao: 371.2ms (São Paulo)
                - jnb: 443.7ms (Johannesburg)

Previous post: Next post: 关于某大学校园网共享上网检测机制的研究与解决方案

Typography

活版印字

# 1.openssl 升级前置

# 2. 升级 openssl

# 3. 安装 tailscale derp (基于 Ubuntu)

# 验证 derp 服务