# 适用于在 ubuntu/debian 服务器上安装 gost

## 1. 安装 fabric，需要重启内核

In [None]:
!pip install fabric

## 2. [每次必须执行]填写自己的服务器地址端口用户名密码

In [None]:
from fabric import Connection


REMOTE_HOST = "150.109.13.221"  # 替换为您的远程主机名或IP地址
REMOTE_PORT = 22  # 替换为您的远程SSH端口号
REMOTE_USER = "root"  # 替换为您的远程用户名
REMOTE_PASSWORD = "sS7aDgQgqVCPNJf7"  # 替换为您的远程密码

conn = Connection(host=REMOTE_HOST, port=REMOTE_PORT, user=REMOTE_USER, connect_kwargs={"password": REMOTE_PASSWORD})


## 3. 测试一下，看看能不能连接上

In [None]:
def test(c: Connection):
    result = c.run("uname -a")
    print(f"Command output: {result.stdout.strip()}")
        
test(conn)

## 4. 安装必要的工具

In [None]:
def install_tools(c: Connection):
    c.run('apt-get install wget -y')
install_tools(conn)

## 5. [每次必须执行]定义 GOST 的安装位置和 WSS 端口

In [None]:
# GOST 安装位置
GOST_HOME = '/opt/gost'


# 使用 Cloudflare 支持的 HTTPS 代理端口
# https://developers.cloudflare.com/fundamentals/get-started/reference/network-ports/#network-ports-compatible-with-cloudflares-proxy
# - 443
# - 2053
# - 2083
# - 2087
# - 2096
# - 8443
GOST_WSS_PORT=443

## 6. 下载 GOST

In [None]:
def download_gost(c: Connection, gost_ver: str = '2.11.5'):
    
    c.run(f'mkdir -p {GOST_HOME}')
    with c.cd(GOST_HOME):
        c.run('rm -rf gost-*')
        c.run(f"wget -nv https://github.com/ginuerzh/gost/releases/download/v{gost_ver}/gost-linux-amd64-{gost_ver}.gz | true")
        c.run(f'gunzip gost-linux-amd64-{gost_ver}.gz')
        c.run(f'mv gost-linux-amd64-{gost_ver} gost')
        c.run('chmod +x gost')

download_gost(conn)

## 7. 设置或更新域名证书(在 Cloudflare 后台获取证书，需要登录 Cloudflare 后台创建)

In [None]:
ca_content = """-----BEGIN CERTIFICATE-----
MIIDHTCCAsSgAwIBAgIUcF63xnECqLlN94qEcweJwdIyz4gwCgYIKoZIzj0EAwIw
gY8xCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1T
YW4gRnJhbmNpc2NvMRkwFwYDVQQKExBDbG91ZEZsYXJlLCBJbmMuMTgwNgYDVQQL
Ey9DbG91ZEZsYXJlIE9yaWdpbiBTU0wgRUNDIENlcnRpZmljYXRlIEF1dGhvcml0
eTAeFw0yMzAzMTcxNTIxMDBaFw0zODAzMTMxNTIxMDBaMGIxGTAXBgNVBAoTEENs
b3VkRmxhcmUsIEluYy4xHTAbBgNVBAsTFENsb3VkRmxhcmUgT3JpZ2luIENBMSYw
JAYDVQQDEx1DbG91ZEZsYXJlIE9yaWdpbiBDZXJ0aWZpY2F0ZTBZMBMGByqGSM49
AgEGCCqGSM49AwEHA0IABKAuCXtkYpEsnVk4W0zVQuWLlAYX7QIxat9IYH5pmwf8
RZBxuSK+BrLvsRSgQaQ+Xuqv8bW/yqH81smwIxILceGjggEoMIIBJDAOBgNVHQ8B
Af8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMAwGA1UdEwEB
/wQCMAAwHQYDVR0OBBYEFESjneNGQQGg4N9DiU6TwjCuM9S2MB8GA1UdIwQYMBaA
FIUwXTsqcNTt1ZJnB/3rObQaDjinMEQGCCsGAQUFBwEBBDgwNjA0BggrBgEFBQcw
AYYoaHR0cDovL29jc3AuY2xvdWRmbGFyZS5jb20vb3JpZ2luX2VjY19jYTAhBgNV
HREEGjAYggsqLmJpODMubGlua4IJYmk4My5saW5rMDwGA1UdHwQ1MDMwMaAvoC2G
K2h0dHA6Ly9jcmwuY2xvdWRmbGFyZS5jb20vb3JpZ2luX2VjY19jYS5jcmwwCgYI
KoZIzj0EAwIDRwAwRAIgS5M2pcS9kjrOjVlR1ImN2ieip0lgiAKMDUT7HxRfi9EC
IGhVMiKTjlSj4u/yC+rMiDBEBvqcho9a7pvBmRdXpCRq
-----END CERTIFICATE-----
"""
key_content = """-----BEGIN PRIVATE KEY-----
MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQg5bLrVhwtwJ70nwPH
LG4Yac6+0YJilE60Gh+sLTPAXFShRANCAASgLgl7ZGKRLJ1ZOFtM1ULli5QGF+0C
MWrfSGB+aZsH/EWQcbkivgay77EUoEGkPl7qr/G1v8qh/NbJsCMSC3Hh
-----END PRIVATE KEY-----
"""
import io
def config_cert(c: Connection):
    ca_file_path= f"{GOST_HOME}/ca.pem"
    with io.StringIO(ca_content) as ca_file:
            conn.put(ca_file, ca_file_path)

    key_file_path= f"{GOST_HOME}/key.pem"
    with io.StringIO(key_content) as key_file:
            conn.put(key_file, key_file_path)

config_cert(conn)

## 8. 设置或更新客户端用户名密码

可以添加多个帐号，用户名和密码之间用空格分隔

In [None]:
secrets_content = """# period for live reloading
reload      10s

# username password
bob A5PUL_qqfkyj
alice P9QDhs9ZVmc
"""
import io
def config_secrets(c: Connection):
    secrets_file_path= f"{GOST_HOME}/secrets.txt"
    with io.StringIO(secrets_content) as secrets_file:
            conn.put(secrets_file, secrets_file_path)

config_secrets(conn)

## 9. 配置 GOST

In [None]:
import json
import io


def config_gost(c: Connection):
    conf_file_path = f"{GOST_HOME}/config.json"
    conf = dict(ServeNodes=[
        f"wss://:{GOST_WSS_PORT}?secrets={GOST_HOME}/secrets.txt&cert={GOST_HOME}/ca.pem&key={GOST_HOME}/key.pem"
    ])
    conf_content = json.dumps(conf, indent=4)
    with io.StringIO(conf_content) as conf_file:
            conn.put(conf_file, conf_file_path)

            
config_gost(conn)

## 10. 配置开机自启

In [None]:
gost_systemd_service_content = f"""[Unit]
Description=Gost Service
After=network.target
Wants=network.target

[Service]
Type=simple
User=root
ExecStart={GOST_HOME}/gost -C {GOST_HOME}/config.json
Restart=on-failure

[Install]
WantedBy=multi-user.target
"""
import io
def config_systemd(c: Connection):
    gost_systemd_service_file_path = "/usr/lib/systemd/system/gost.service"
    with io.StringIO(gost_systemd_service_content) as gost_systemd_service_file:
            conn.put(gost_systemd_service_file, gost_systemd_service_file_path)  
    c.run('systemctl enable gost')
    c.run('systemctl start gost')
    
config_systemd(conn)

## 11. [可选] 添加规则打开防火墙的 WSS 端口

In [None]:
def iptables_allow_wss(c: Connection):
    c.run(f'iptables -I INPUT -p tcp --dport {GOST_WSS_PORT} -j ACCEPT')
    
iptables_allow_wss(conn)

## 12. [可选] 重启 GOST 服务

In [None]:
def restart_gost(c: Connection):
    c.run('systemctl restart gost')

restart_gost(conn)

## 13. [可选] 停止 GOST 服务

In [None]:
def stop_gost(c: Connection):
    c.run('systemctl stop gost')

stop_gost(conn)

## 14. [可选] 启动 GOST 服务

In [None]:
def start_gost(c: Connection):
    c.run('systemctl start gost')

start_gost(conn)

## 15. [可选] 开启 BBR

In [None]:
def enable_bbr(c: Connection):
    c.run('echo -e "net.core.default_qdisc=fq\nnet.ipv4.tcp_congestion_control=bbr" | tee -a /etc/sysctl.conf >/dev/null')
    c.run('sysctl -p')
enable_bbr(conn)