Outline是一款突破网络封锁的工具,Jigsaw开发的项目,而Jigsaw是属于alphabet旗下的,而alphabet,是google的母公司。
现在你明白了吧,这是一款google出的工具。
outline的官方网站是:
https://getoutline.org/en/home
outline需要服务器端和客户端。
1. 客户端,已经有各种版本,包括Andriod、iOS等等:
iOS的下载地址是这里 ,目前中国区也还有的下载。
2. 服务器端,你需要在你自己搭建的服务器上安装,安装过程非常简单,但是还是需要在电脑上操作一下,我们需要先下载一个Outline Manager:
我们这里以Mac版为例,Mac版的Outline manager的下载地址是这里。
下载后安装:
在launchpad启动outline manager,你可以看到他会叫你如何在你自己搭建的服务器上安装outline的服务器端。
默认是用Digital Ocean这家云服务商的服务器
当然你也可以使用其他任意云端的服务器:
我们以使用其他云端服务器为例,进行说明,点击get started:
看到没? 很简单,只有2步骤。
那么我在我的云端服务器运行如下命令即可:
wget -qO- https://raw.githubusercontent.com/Jigsaw-Code/outline-server/master/src/server_manager/install_scripts/install_server.sh | bash
注意,这要求云端的服务器要已经安装好docker,并且启动docker服务,并且关闭防火墙。如果你没有做到这些,你可以会遇到和我一样的报错:
[root@vultr outline_server]# wget -qO- https://raw.githubusercontent.com/Jigsaw-Code/outline-server/master/src/server_manager/install_scripts/install_server.sh | bash > Verifying that Docker is installed .......... Docker CE must be installed, please run "curl -sS https://get.docker.com/ | sh" or visit https://docs.docker.com/install/ Sorry! Something went wrong. If you can't figure this out, please copy and paste all this output into the Outline Manager screen, and send it to us, to see if we can help you. [root@vultr outline_server]#
此时我需要先安装docker:
[root@vultr outline_server]# curl -sS https://get.docker.com/ | sh
# Executing docker install script, commit: e749601
+ sh -c 'yum install -y -q yum-utils'
+ sh -c 'yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo'
Loaded plugins: fastestmirror
adding repo from: https://download.docker.com/linux/centos/docker-ce.repo
grabbing file https://download.docker.com/linux/centos/docker-ce.repo to /etc/yum.repos.d/docker-ce.repo
repo saved to /etc/yum.repos.d/docker-ce.repo
+ '[' edge '!=' stable ']'
+ sh -c 'yum-config-manager --enable docker-ce-edge'
Loaded plugins: fastestmirror
============================================================================================== repo: docker-ce-edge ==============================================================================================
[docker-ce-edge]
async = True
bandwidth = 0
base_persistdir = /var/lib/yum/repos/x86_64/7
baseurl = https://download.docker.com/linux/centos/7/x86_64/edge
cache = 0
cachedir = /var/cache/yum/x86_64/7/docker-ce-edge
check_config_file_age = True
compare_providers_priority = 80
cost = 1000
deltarpm_metadata_percentage = 100
deltarpm_percentage =
enabled = 1
enablegroups = True
exclude =
failovermethod = priority
ftp_disable_epsv = False
gpgcadir = /var/lib/yum/repos/x86_64/7/docker-ce-edge/gpgcadir
gpgcakey =
gpgcheck = True
gpgdir = /var/lib/yum/repos/x86_64/7/docker-ce-edge/gpgdir
gpgkey = https://download.docker.com/linux/centos/gpg
hdrdir = /var/cache/yum/x86_64/7/docker-ce-edge/headers
http_caching = all
includepkgs =
ip_resolve =
keepalive = True
keepcache = False
mddownloadpolicy = sqlite
mdpolicy = group:small
mediaid =
metadata_expire = 21600
metadata_expire_filter = read-only:present
metalink =
minrate = 0
mirrorlist =
mirrorlist_expire = 86400
name = Docker CE Edge - x86_64
old_base_cache_dir =
password =
persistdir = /var/lib/yum/repos/x86_64/7/docker-ce-edge
pkgdir = /var/cache/yum/x86_64/7/docker-ce-edge/packages
proxy = False
proxy_dict =
proxy_password =
proxy_username =
repo_gpgcheck = False
retries = 10
skip_if_unavailable = False
ssl_check_cert_permissions = True
sslcacert =
sslclientcert =
sslclientkey =
sslverify = True
throttle = 0
timeout = 30.0
ui_id = docker-ce-edge/x86_64
ui_repoid_vars = releasever,
basearch
username =
+ sh -c 'yum makecache'
Loaded plugins: fastestmirror
base | 3.6 kB 00:00:00
docker-ce-edge | 2.9 kB 00:00:00
docker-ce-stable | 2.9 kB 00:00:00
extras | 3.4 kB 00:00:00
updates | 3.4 kB 00:00:00
(1/14): docker-ce-edge/x86_64/filelists_db | 8.5 kB 00:00:00
(2/14): docker-ce-edge/x86_64/primary_db | 15 kB 00:00:00
(3/14): docker-ce-stable/x86_64/primary_db | 12 kB 00:00:00
(4/14): docker-ce-edge/x86_64/other_db | 62 kB 00:00:00
(5/14): docker-ce-stable/x86_64/other_db | 66 kB 00:00:00
(6/14): docker-ce-stable/x86_64/filelists_db | 7.3 kB 00:00:00
(7/14): extras/7/x86_64/prestodelta | 129 kB 00:00:00
(8/14): extras/7/x86_64/filelists_db | 709 kB 00:00:00
(9/14): updates/7/x86_64/prestodelta | 960 kB 00:00:00
(10/14): base/7/x86_64/other_db | 2.5 MB 00:00:01
(11/14): updates/7/x86_64/other_db | 734 kB 00:00:00
(12/14): extras/7/x86_64/other_db | 121 kB 00:00:00
(13/14): updates/7/x86_64/filelists_db | 4.2 MB 00:00:00
(14/14): base/7/x86_64/filelists_db | 6.7 MB 00:00:01
Loading mirror speeds from cached hostfile
* base: repo1.dal.innoscale.net
* extras: repo1.ash.innoscale.net
* updates: mirror.nodesdirect.com
Metadata Cache Created
+ sh -c 'yum install -y -q docker-ce'
warning: /var/cache/yum/x86_64/7/docker-ce-edge/packages/docker-ce-18.03.0.ce-1.el7.centos.x86_64.rpm: Header V4 RSA/SHA512 Signature, key ID 621e9f35: NOKEY
Public key for docker-ce-18.03.0.ce-1.el7.centos.x86_64.rpm is not installed
Importing GPG key 0x621E9F35:
Userid : "Docker Release (CE rpm) <docker@docker.com>"
Fingerprint: 060a 61c5 1b55 8a7f 742b 77aa c52f eb6b 621e 9f35
From : https://download.docker.com/linux/centos/gpg
If you would like to use Docker as a non-root user, you should now consider
adding your user to the "docker" group with something like:
sudo usermod -aG docker your-user
Remember that you will have to log out and back in for this to take effect!
WARNING: Adding a user to the "docker" group will grant the ability to run
containers which can be used to obtain root privileges on the
docker host.
Refer to https://docs.docker.com/engine/security/security/#docker-daemon-attack-surface
for more information.
[root@vultr outline_server]#
[root@vultr outline_server]#
然后启动docker服务:
[root@vultr outline_server]# service docker start Redirecting to /bin/systemctl start docker.service [root@vultr outline_server]#
然后关闭防火墙:
[root@vultr outline_server]# service firewalld stop
开始安装:
[root@vultr outline_server]# wget -qO- https://raw.githubusercontent.com/Jigsaw-Code/outline-server/master/src/server_manager/install_scripts/install_server.sh | bash
> Verifying that Docker is installed .......... OK
> Verifying that Docker daemon is running ..... OK
> Creating persistent state dir ............... OK
> Generating secret key ....................... OK
> Generating TLS certificate .................. OK
> Generating SHA-256 certificate fingerprint .. OK
> Starting Shadowbox .......................... Unable to find image 'quay.io/outline/shadowbox:stable' locally
stable: Pulling from outline/shadowbox
605ce1bd3f31: Pulling fs layer
9d1b67fd48b4: Pulling fs layer
f87706f29a6f: Pulling fs layer
b50c2fcde876: Pulling fs layer
e1ecd3c15a4b: Pulling fs layer
f72ac4625f86: Pulling fs layer
98be2229c9b1: Pulling fs layer
5b2bb8abc0c7: Pulling fs layer
3852ab6d98b2: Pulling fs layer
8219c6ace457: Pulling fs layer
88c337662eb5: Pulling fs layer
5ce0d168fc22: Pulling fs layer
170df050f533: Pulling fs layer
b50c2fcde876: Waiting
e1ecd3c15a4b: Waiting
f72ac4625f86: Waiting
98be2229c9b1: Waiting
5b2bb8abc0c7: Waiting
3852ab6d98b2: Waiting
8219c6ace457: Waiting
88c337662eb5: Waiting
5ce0d168fc22: Waiting
170df050f533: Waiting
605ce1bd3f31: Verifying Checksum
605ce1bd3f31: Download complete
f87706f29a6f: Verifying Checksum
f87706f29a6f: Download complete
9d1b67fd48b4: Verifying Checksum
9d1b67fd48b4: Download complete
b50c2fcde876: Verifying Checksum
b50c2fcde876: Download complete
e1ecd3c15a4b: Verifying Checksum
e1ecd3c15a4b: Download complete
605ce1bd3f31: Pull complete
98be2229c9b1: Verifying Checksum
98be2229c9b1: Download complete
5b2bb8abc0c7: Verifying Checksum
5b2bb8abc0c7: Download complete
3852ab6d98b2: Verifying Checksum
3852ab6d98b2: Download complete
f72ac4625f86: Verifying Checksum
f72ac4625f86: Download complete
8219c6ace457: Verifying Checksum
8219c6ace457: Download complete
88c337662eb5: Verifying Checksum
88c337662eb5: Download complete
170df050f533: Verifying Checksum
170df050f533: Download complete
5ce0d168fc22: Verifying Checksum
5ce0d168fc22: Download complete
9d1b67fd48b4: Pull complete
f87706f29a6f: Pull complete
b50c2fcde876: Pull complete
e1ecd3c15a4b: Pull complete
f72ac4625f86: Pull complete
98be2229c9b1: Pull complete
5b2bb8abc0c7: Pull complete
3852ab6d98b2: Pull complete
8219c6ace457: Pull complete
88c337662eb5: Pull complete
5ce0d168fc22: Pull complete
170df050f533: Pull complete
Digest: sha256:ed974a668b0c858781188882cde0c802afa9a36337587884a4e7ff6a5e96ec5b
Status: Downloaded newer image for quay.io/outline/shadowbox:stable
OK
> Starting Watchtower ......................... Unable to find image 'v2tec/watchtower:latest' locally
latest: Pulling from v2tec/watchtower
a5415f98d52c: Pulling fs layer
c3f7208ad77c: Pulling fs layer
169c1e589d74: Pulling fs layer
a5415f98d52c: Verifying Checksum
a5415f98d52c: Download complete
c3f7208ad77c: Verifying Checksum
c3f7208ad77c: Download complete
169c1e589d74: Verifying Checksum
169c1e589d74: Download complete
a5415f98d52c: Pull complete
c3f7208ad77c: Pull complete
169c1e589d74: Pull complete
Digest: sha256:4cb6299fe87dcbfe0f13dcc5a11bf44bd9628a4dae0035fecb8cc2b88ff0fc79
Status: Downloaded newer image for v2tec/watchtower:latest
OK
> Waiting for Outline server to be healthy .... OK
> Creating first user ......................... OK
> Adding API URL to config .................... OK
> Checking host firewall ...................... OK
CONGRATULATIONS! Your Outline server is up and running.
To manage your Outline server, please copy the following text (including curly
brackets) into Step 2 of the Outline Manager interface:
{
"apiUrl": "https://11.22.33.44:51714/-9w7ZBvaEt88dwpb1dASFD",
"certSha256": "2349DDF1D15SGDEESE504TSREQQ59060B42044B04A47A32635ASB4EE249HSFES"
}
If have connection problems, it may be that your router or cloud provider
blocks inbound connections, even though your machine seems to allow them.
- If you plan to have a single access key to access your server make sure
ports 51714 and 50581 are open for TCP and UDP on
your router or cloud provider.
- If you plan on adding additional access keys, you’ll have to open ports
1024 through 65535 on your router or cloud provider since the Outline
Server may allocate any of those ports to new access keys.
[root@vultr outline_server]#
注意,上面那段apiUrl和certSha256就是要填到outline manager中的:
点击done,就会连接到远处的server。然后,在界面中点击ADD Key:
生成key之后点击share
会生成一个分享连接。把连接发给别人或者自己。
点击连接就能看到一个connect to this server,点击之后,可以看到一个ss://开头的地址,将这个地址填写到你的iPhone的客户端中,点击add server:
然后,就可以使用了。
现在可以通畅的访问所有的网络了。
注1,如果你在outline manager remove了某个key,那边你发送给别人或者自己的这个key就失效了。后续iPhone等客户端无法使用这个key连接。
注2,这是全局代理,没法写规则,所以要注意一下流量。
注3,如果你想根据规则,其实也很容易。因为ss:\\的这个地址,你复制到shadowrocket中,就会自动的转换成IP,密码,端口,加密访问,你就可以直接用在shadowrocket中走规则。
最后,再简单分析一下。
outline其实还是基于shadowsocks协议进行的通信,只不过包了一层docker。即将ss server包在docker里面,然后将docker部署到你的机器上。
