一直以来都是使用dokodemo-door进行端口转发,但是因为其需要x-ui相关的面板(没面板的我不会),而面板最近一直被商家严查,查了一下也可以通过iptables、realm、gost三个进行转发,最后考虑配置的便利程度以及性能,我采用了realm。
realm是zhboner大佬开发的一个网络工具(A network relay tool)。
我目前使用的系统是Debian12,以此为例。
-
创建目录,并下载realm客户端
#创建目录 mkdir -p /etc/realm #进入新目录 cd /etc/realm #下载realm的压缩包,版本可以点上面超链接,去github上查看 wget https://github.com/zhboner/realm/releases/download/v2.9.2/realm-x86_64-unknown-linux-gnu.tar.gz #解压 tar -zxvf realm-x86_64-unknown-linux-gnu.tar.gz #赋予可执行权 chmod +x realm -
创建配置文件
config.json#进入目录 cd /etc/realm touch config.json vim config.json #配置文件信息参考如下:{ "log": { "level": "warn" }, "dns": { "mode": "ipv4_and_ipv6", "protocol": "tcp_and_udp", "min_ttl": 0, "max_ttl": 60, "cache_size": 5 }, "network": { "use_udp": true, "zero_copy": true, "fast_open": true, "tcp_timeout": 300, "udp_timeout": 30, "send_proxy": false, "send_proxy_version": 2, "accept_proxy": false, "accept_proxy_timeout": 5 }, "endpoints": [ { "listen": "0.0.0.0:10001", "remote": "落地机IP:端口" }, { "listen": "0.0.0.0:10002", "remote": "落地机IP:端口" },{ "listen": "0.0.0.0:10003", "remote": "落地机IP:端口" } ] }listen对应的是本地的端口,
0.0.0.0表示任意访问(公网、内网)这个端口比如10001的都会转发到落地机IP:端口。当然这个也可以配置wss,但是IEPL还是直接中转即可,加上tls有种掩耳盗铃的感觉。
-
创建系统服务
touch /etc/systemd/system/realm.service vim /etc/systemd/system/realm.service #内容如下: [Unit] Description=realm After=network-online.target Wants=network-online.target systemd-networkd-wait-online.service [Service] Type=simple User=root Restart=on-failure RestartSec=5s DynamicUser=true WorkingDirectory=/etc/realm ExecStart=/etc/realm/realm -c /etc/realm/config.json [Install] WantedBy=multi-user.target #重启系统服务 systemctl daemon-reload #开启realm服务 systemctl enable realm systemctl start realm
使用这个realm的好处就是:我只要维护这个config.json即可,无论是否vps重启反正服务都会自动生效,同时据说性能也相当不错。
下面这个realm_setup.sh,只要你修改里面的中转内容后,可以直接拿去执行使用。当然后续也是维护config.json即可,省略了一些操作步骤。
附录: realm_setup.sh
#!/bin/bash
# 定义realm版本和下载链接
REALM_VERSION="v2.9.2"
REALM_ARCH="x86_64-unknown-linux-gnu"
REALM_FILENAME="realm-${REALM_ARCH}.tar.gz"
REALM_URL="https://github.com/zhboner/realm/releases/download/${REALM_VERSION}/${REALM_FILENAME}"
# 检查脚本是否以root用户运行
if [[ "$EUID" -ne 0 ]]; then
echo "请以root用户运行此脚本。"
exit 1
fi
echo "---"
echo "开始设置realm..."
# 1. 创建目录并进入
echo "创建目录 /etc/realm..."
mkdir -p /etc/realm || { echo "创建目录失败"; exit 1; }
cd /etc/realm || { echo "进入目录失败"; exit 1; }
# 2. 下载并解压realm压缩包
echo "下载realm ${REALM_VERSION}..."
wget ${REALM_URL} || { echo "下载文件失败"; exit 1; }
echo "解压文件..."
tar -zxvf ${REALM_FILENAME} || { echo "解压文件失败"; exit 1; }
# 3. 赋予可执行权限
echo "赋予realm可执行权限..."
chmod +x realm || { echo "修改权限失败"; exit 1; }
# 4. 创建并配置config.json文件
echo "创建并配置config.json..."
cat <<EOF > config.json
{
"log": {
"level": "warn"
},
"dns": {
"mode": "ipv4_and_ipv6",
"protocol": "tcp_and_udp",
"min_ttl": 0,
"max_ttl": 60,
"cache_size": 5
},
"network": {
"use_udp": true,
"zero_copy": true,
"fast_open": true,
"tcp_timeout": 300,
"udp_timeout": 30,
"send_proxy": false,
"send_proxy_version": 2,
"accept_proxy": false,
"accept_proxy_timeout": 5
},
"endpoints": [
{
"listen": "0.0.0.0:10001",
"remote": "落地机IP:端口"
},
{
"listen": "0.0.0.0:10002",
"remote": "落地机IP:端口"
},{
"listen": "0.0.0.0:10003",
"remote": "落地机IP:端口"
}
]
}
EOF
# 5. 创建并配置realm.service文件
echo "创建并配置realm.service..."
cat <<EOF > /etc/systemd/system/realm.service
[Unit]
Description=realm
After=network-online.target
Wants=network-online.target systemd-networkd-wait-online.service
[Service]
Type=simple
User=root
Restart=on-failure
RestartSec=5s
DynamicUser=true
WorkingDirectory=/etc/realm
ExecStart=/etc/realm/realm -c /etc/realm/config.json
[Install]
WantedBy=multi-user.target
EOF
# 6. 重新加载和启动服务
echo "重新加载systemd配置..."
systemctl daemon-reload || { echo "重新加载配置失败"; exit 1; }
echo "启用并启动realm服务..."
systemctl enable realm || { echo "启用服务失败"; exit 1; }
systemctl start realm || { echo "启动服务失败"; exit 1; }
echo "---"
echo "realm 服务已成功设置并启动。"
echo "您可以通过 'systemctl status realm' 命令检查服务状态。"