收到一个这样的需求:要求访问腾讯的一个服务,无论身在哪里,都必须通过制定 ip 访问此服务,因为公司之前的 VPN 是我搭的,领导找我做这个需求,但是 VPN 此事并没有能适配此需求,因为我的那个 VPN 只是针对内网服务才走 VPN 流量,而腾讯的相关服务需要走外网流量,而且出口 ip 这个时候需要被代理成指定 ip。所以此文章针对次任务做个记录。
*下载解压
yum -y install gcc gcc-c++ automake make pam-devel openldap-devel cyrus-sasl-devel openssl-devel wget https://jaist.dl.sourceforge.net/project/ss5/ss5/3.8.9-8/ss5-3.8.9-8.tar.gz tar zxvf ss5-3.8.9-8.tar.gz -C /usr/local/src cd /usr/local/src/ss5-3.8.9 ./configure make && make install
[root@cjz ~]# vim /etc/opt/ss5/ss5.conf ... # /////////////////////////////////////////////////////////////////////////////////// # SHost SPort Authentication # auth 0.0.0.0/0 - u ... # ///////////////////////////////////////////////////////////////////////////////////////////////// # Auth SHost SPort DHost DPort Fixup Group Band ExpDate # permit u 0.0.0.0/0 - 0.0.0.0/0 - - - - - ...
[root@cjz ~]# vim /etc/opt/ss5/ss5.passwd cuijianzhe 5982943132425433
[root@cjz ~]# cat /etc/sysconfig/ss5 # Add startup option here SS5_OPTS=" -u root -b 0.0.0.0:8091"
1.添加代理服务器配置
3.设置 dns 解析
如果出现下面的错误, 先创建 /var/run/ss5 目录后再启动 ss5 。
Can’t create pid file /var/run/ss5/ss5.pid
Can’t unlink pid file /var/run/ss5/ss5.pid
默认的日志文件路径: /var/log/ss5/ss5.log
#!/usr/bin env python3 import requests import json import os import pypinyin import subprocess ''' AppKey: ding AppSecret: dingding ''' corpId='ding' corpSecret='dingding' headers = {'Content-Type': 'application/json;charset=utf-8'} api_url = "https://oapi.dingtalk.com/gettoken?appkey=%s≈psecret=%s"%(corpId,corpSecret) def del_conf(): CMD = "rm -f /etc/opt/ss5/ss5.passwd" subprocess.getoutput(CMD) def get_token(): try: res = requests.get(api_url,headers=headers) if res.status_code == 200: str_res = res.text token = (json.loads(str_res)).get('access_token') return token except: print('请求失败') def get_bumenId(token): try: bumen_url = "https://oapi.dingtalk.com/department/list?access_token=%s&id=1"%(token) res_bumen = requests.get(bumen_url,headers=headers) str_bumen = res_bumen.text json_bumen = json.loads(str_bumen) code = json_bumen.get('errcode') if code != 0: print('接口返回错误,{}'.format(json_bumen.get('errmsg'))) res = json_bumen.get('department') bname_list = [] for i in res: bumen_name = i.get('name') bname_list.append(bumen_name) if bumen_name == '产品部': bumen_id = i.get('id') ''' 部门人员: 取出人员姓名和userid,作为login和passwd ''' member_url = "https://oapi.dingtalk.com/user/simplelist?access_token=%s&department_id=%s"%(token,bumen_id) res_member = requests.get(member_url, headers=headers) json_member = json.loads(res_member.text) list_member = json_member.get('userlist') # 取userlist列表出来 info = {} #构造用户名和密码,后面会写到配置文件中 name_list = [] passwd_list = [] for staff_info in list_member: ''' 返回结果值格式:{'name': '李四', 'userid': '3008111850842061'} ''' pinyin_name = ''.join(pypinyin.lazy_pinyin(staff_info.get('name'))) passwd_name = staff_info.get('userid') info[pinyin_name] = passwd_name name_list.append(pinyin_name) passwd_list.append(passwd_name) for k, v in info.items(): #将用户名和密码写入文本 with open('/etc/opt/ss5/ss5.passwd', 'a', encoding='utf-8') as f: f.write(k + '\t' + v + '\n') '''以下是先判断有没有旧的人员名单文件,有的话转换成列表和新生成的人员列表进行对比,如有增加,发送邮件''' newname = [] #生成新入职人员名单 list_files = os.listdir() if "name_old.txt" in list_files: with open('name_old.txt','r' ,encoding='utf-8') as old_info: all_info = old_info.read() list_info = all_info.split(',') for add_staff in name_list: if add_staff in list_info: pass else: newname.append(add_staff) else: with open('name_old.txt','w',encoding='utf-8') as name_sync: for xingming in name_list: name_sync.write(str(xingming)) name_sync.write(',') #更新old人员信息 with open('name_old.txt','w' ,encoding='utf-8') as renew_info: for re_name in name_list: renew_info.write(str(re_name)) renew_info.write(',') return newname,passwd_list except Exception as err: print('请求失败!','error: {}'.format(err)) def _email(name,password): '''发送邮件''' for name1 in name: import smtplib from email.mime.text import MIMEText from email.utils import formataddr import time date = time.strftime('%Y-%m-%d', time.localtime()) body = """ 欢迎使用代理, 登录代理的用户名是%s,Password为:%s. 日期:%s """%(name1,password[name.index(name1)],date) my_sender = '598941324@qq.com' my_pass = 'mypwrqbdccwert' my_user = "{}@limikeji.com".format(name1) msg = MIMEText(body, 'plain', 'utf-8') msg['From'] = formataddr(["北京狸米科技有限公司", my_sender]) msg['To'] = formataddr(["北京狸米科技有限公司",my_user]) msg['Subject'] = '信息同步' server = smtplib.SMTP_SSL("smtp.qq.com", 465) server.login(my_sender, my_pass) server.sendmail(my_sender, [my_user], msg.as_string()) server.quit() def service_reboot(): CMD1 = "systemctl restart ss5" subprocess.getoutput(CMD1) if __name__ == "__main__": del_conf() key = get_token() username,userpasswd = get_bumenId(key) _email(username,userpasswd) service_reboot()
邯城往事