Skip to content

Instantly share code, notes, and snippets.

@U-Recommend

U-Recommend/danted_install.sh

Last active March 28, 2023 19:48
Show Gist options
  • Save U-Recommend/dfde8015b69754ff5a16a23f03513fc8 to your computer and use it in GitHub Desktop.
Save U-Recommend/dfde8015b69754ff5a16a23f03513fc8 to your computer and use it in GitHub Desktop.
Download ZIP
翻墙服务端代码
Raw
danted_install.sh
#!/bin/bash
#
# Dante Socks5 Server AutoInstall
# -- Owner: https://www.inet.no/dante
# -- Provider: https://sockd.info
# -- Author: Lozy
# -- 地址: https://github.com/Lozy/danted
# -- 运行:
# >>> wget --no-check-certificate https://raw.github.com/Lozy/danted/master/install.sh -O install.sh
# >>> bash install.sh
# #run with options: bash install.sh option1 option2
# >>> bash install.sh --ip="A.A.A.A:B.B.B.B" --port=2016 --user=sockd --passwd=sockd --whitelist="X.X.X.X/32"
# -- 客户端sstap: https://github.com/FQrabbit/SSTap-Rule/releases/download/SSTap%E5%B8%B8%E7%94%A8%E7%89%88%E6%9C%AC%E5%8F%8A%E5%8E%BB%E5%B9%BF%E5%91%8A/SSTap-beta-setup-1.0.9.7.exe.7z
# -- 客户端GitHub: https://github.com/FQrabbit/SSTap-Rule/releases/tag/SSTap%E5%B8%B8%E7%94%A8%E7%89%88%E6%9C%AC%E5%8F%8A%E5%8E%BB%E5%B9%BF%E5%91%8A
# Check if user is root
if [ $(id -u) != "0" ]; then
echo "Error: You must be root to run this script, please use root to install"
exit 1
fi
REQUEST_SERVER="https://raw.github.com/Lozy/danted/master"
SCRIPT_SERVER="https://public.sockd.info"
SYSTEM_RECOGNIZE=""
[ "$1" == "--no-github" ] && REQUEST_SERVER=${SCRIPT_SERVER}
if [ -s "/etc/os-release" ];then
os_name=$(sed -n 's/PRETTY_NAME="\(.*\)"/\1/p' /etc/os-release)
if [ -n "$(echo ${os_name} | grep -Ei 'Debian|Ubuntu' )" ];then
printf "Current OS: %s\n" "${os_name}"
SYSTEM_RECOGNIZE="debian"
elif [ -n "$(echo ${os_name} | grep -Ei 'CentOS')" ];then
printf "Current OS: %s\n" "${os_name}"
SYSTEM_RECOGNIZE="centos"
else
printf "Current OS: %s is not support.\n" "${os_name}"
fi
elif [ -s "/etc/issue" ];then
if [ -n "$(grep -Ei 'CentOS' /etc/issue)" ];then
printf "Current OS: %s\n" "$(grep -Ei 'CentOS' /etc/issue)"
SYSTEM_RECOGNIZE="centos"
else
printf "+++++++++++++++++++++++\n"
cat /etc/issue
printf "+++++++++++++++++++++++\n"
printf "[Error] Current OS: is not available to support.\n"
fi
else
printf "[Error] (/etc/os-release) OR (/etc/issue) not exist!\n"
printf "[Error] Current OS: is not available to support.\n"
fi
if [ -n "$SYSTEM_RECOGNIZE" ];then
wget -qO- --no-check-certificate ${REQUEST_SERVER}/install_${SYSTEM_RECOGNIZE}.sh | \
bash -s -- $* | tee /tmp/danted_install.log
else
printf "[Error] Installing terminated"
exit 1
fi
exit 0
Raw
trojan_mod1.sh
#!/bin/bash
# trojan一键安装脚本
# Author: hijk<https://hijk.art>
RED="\033[31m" # Error message
GREEN="\033[32m" # Success message
YELLOW="\033[33m" # Warning message
BLUE="\033[36m" # Info message
PLAIN='\033[0m'
OS=`hostnamectl | grep -i system | cut -d: -f2`
V6_PROXY=""
IP=`curl -sL -4 ip.sb`
if [[ "$?" != "0" ]]; then
IP=`curl -sL -6 ip.sb`
V6_PROXY="https://gh.hijk.art/"
fi
BT="false"
NGINX_CONF_PATH="/etc/nginx/conf.d/"
res=`which bt 2>/dev/null`
if [[ "$res" != "" ]]; then
BT="true"
NGINX_CONF_PATH="/www/server/panel/vhost/nginx/"
fi
# 以下网站是随机从Google上找到的无广告小说网站,不喜欢请改成其他网址,以http或https开头
# 搭建好后无法打开伪装域名,可能是反代小说网站挂了,请在网站留言,或者Github发issue,以便替换新的网站
SITES=(
http://www.zhuizishu.com/
http://xs.56dyc.com/
#http://www.xiaoshuosk.com/
#https://www.quledu.net/
http://www.ddxsku.com/
http://www.biqu6.com/
https://www.wenshulou.cc/
#http://www.auutea.com/
http://www.55shuba.com/
http://www.39shubao.com/
https://www.23xsw.cc/
#https://www.huanbige.com/
https://www.jueshitangmen.info/
https://www.zhetian.org/
http://www.bequgexs.com/
http://www.tjwl.com/
)
CONFIG_FILE=/usr/local/etc/trojan/config.json
colorEcho() {
echo -e "${1}${@:2}${PLAIN}"
}
function checkSystem()
{
result=$(id | awk '{print $1}')
if [ $result != "uid=0(root)" ]; then
colorEcho $RED " 请以root身份执行该脚本"
exit 1
fi
res=`which yum 2>/dev/null`
if [ "$?" != "0" ]; then
res=`which apt 2>/dev/null`
if [ "$?" != "0" ]; then
colorEcho $RED " 不受支持的Linux系统"
exit 1
fi
PMT=apt
CMD_INSTALL="apt install -y "
CMD_REMOVE="apt remove -y "
CMD_UPGRADE="apt update; apt upgrade -y; apt autoremove -y"
else
PMT=yum
CMD_INSTALL="yum install -y "
CMD_REMOVE="yum remove -y "
CMD_UPGRADE="yum update -y"
fi
res=`which systemctl 2>/dev/null`
if [ "$?" != "0" ]; then
colorEcho $RED " 系统版本过低,请升级到最新版本"
exit 1
fi
}
status() {
if [[ ! -f /usr/local/bin/trojan ]]; then
echo 0
return
fi
if [[ ! -f $CONFIG_FILE ]]; then
echo 1
return
fi
port=`grep local_port $CONFIG_FILE|cut -d: -f2| tr -d \",' '`
res=`ss -ntlp| grep ${port} | grep trojan`
if [[ -z "$res" ]]; then
echo 2
else
echo 3
fi
}
statusText() {
res=`status`
case $res in
2)
echo -e ${GREEN}已安装${PLAIN} ${RED}未运行${PLAIN}
;;
3)
echo -e ${GREEN}已安装${PLAIN} ${GREEN}正在运行${PLAIN}
;;
*)
echo -e ${RED}未安装${PLAIN}
;;
esac
}
function getData()
{
echo " "
echo " 本脚本为trojan一键脚本,运行之前请确认如下条件已经具备:"
echo -e " ${RED}1. 一个伪装域名${PLAIN}"
echo -e " ${RED}2. 伪装域名DNS解析指向当前服务器ip(${IP})${PLAIN}"
echo -e " 3. 如果/root目录下有 ${GREEN}trojan.pem${PLAIN} 和 ${GREEN}trojan.key${PLAIN} 证书密钥文件,无需理会条件2"
echo " "
read -p " 确认满足按y,按其他退出脚本:" answer
if [ "${answer}" != "y" ] && [ "${answer}" != "Y" ]; then
exit 0
fi
echo ""
while true
do
read -p " 请输入伪装域名:" DOMAIN
if [ -z "${DOMAIN}" ]; then
echo " 域名输入错误,请重新输入!"
else
break
fi
done
DOMAIN=${DOMAIN,,}
colorEcho $BLUE " 伪装域名(host): $DOMAIN"
echo ""
if [[ -f ~/trojan.pem && -f ~/trojan.key ]]; then
echo -e "${GREEN} 检测到自有证书,将使用其部署${PLAIN}"
echo
CERT_FILE="/usr/local/etc/trojan/${DOMAIN}.pem"
KEY_FILE="/usr/local/etc/trojan/${DOMAIN}.key"
else
resolve=`curl -sL http://ip-api.com/json/${DOMAIN}`
res=`echo -n ${resolve} | grep ${IP}`
if [[ -z "${res}" ]]; then
echo " ${DOMAIN} 解析结果:${resolve}"
echo -e " ${RED}域名未解析到当前服务器IP(${IP})!${PLAIN}"
exit 1
fi
fi
echo ""
read -p " 请设置trojan密码(不输入则随机生成):" PASSWORD
[ -z "$PASSWORD" ] && PASSWORD=`cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 16 | head -n 1`
colorEcho $BLUE " 密码: " $PASSWORD
echo ""
read -p " 请输入trojan端口[100-65535的一个数字,默认443]:" PORT
[ -z "${PORT}" ] && PORT=443
if [ "${PORT:0:1}" = "0" ]; then
echo -e " ${RED}端口不能以0开头${PLAIN}"
exit 1
fi
colorEcho $BLUE " trojan端口: " $PORT
echo ""
colorEcho $BLUE " 请选择伪装站类型:"
echo " 1) 静态网站(位于/usr/share/nginx/html)"
echo " 2) 小说站(随机选择)"
echo " 3) 美女站(https://imeizi.me)"
echo " 4) 高清壁纸站(https://bing.imeizi.me)"
echo " 5) 自定义反代站点(需以http或者https开头)"
read -p " 请选择伪装网站类型[默认:高清壁纸站]" answer
if [[ -z "$answer" ]]; then
PROXY_URL="https://bing.imeizi.me"
else
case $answer in
1)
PROXY_URL=""
;;
2)
len=${#SITES[@]}
((len--))
index=`shuf -i0-${len} -n1`
PROXY_URL=${SITES[$index]}
;;
3)
PROXY_URL="https://imeizi.me"
;;
4)
PROXY_URL="https://bing.imeizi.me"
;;
5)
read -p " 请输入反代站点(以http或者https开头):" PROXY_URL
if [[ -z "$PROXY_URL" ]]; then
colorEcho $RED " 请输入反代网站!"
exit 1
elif [[ "${PROXY_URL:0:4}" != "http" ]]; then
colorEcho $RED " 反代网站必须以http或https开头!"
exit 1
fi
;;
*)
colorEcho $RED " 请输入正确的选项!"
exit 1
esac
fi
REMOTE_HOST=`echo ${PROXY_URL} | cut -d/ -f3`
echo ""
colorEcho $BLUE " 伪装域名:$PROXY_URL"
echo ""
colorEcho $BLUE " 是否允许搜索引擎爬取网站?[默认:不允许]"
echo " y)允许,会有更多ip请求网站,但会消耗一些流量,vps流量充足情况下推荐使用"
echo " n)不允许,爬虫不会访问网站,访问ip比较单一,但能节省vps流量"
read -p " 请选择:[y/n]" answer
if [[ -z "$answer" ]]; then
ALLOW_SPIDER="n"
elif [[ "${answer,,}" = "y" ]]; then
ALLOW_SPIDER="y"
else
ALLOW_SPIDER="n"
fi
echo ""
colorEcho $BLUE " 允许搜索引擎:$ALLOW_SPIDER"
echo ""
read -p " 是否安装BBR(默认安装)?[y/n]:" NEED_BBR
[ -z "$NEED_BBR" ] && NEED_BBR=y
[ "$NEED_BBR" = "Y" ] && NEED_BBR=y
colorEcho $BLUE " 安装BBR:$NEED_BBR"
}
function preinstall()
{
$PMT clean all
[[ "$PMT" = "apt" ]] && $PMT update
#colorEcho $BLUE " 更新系统..."
#echo $CMD_UPGRADE | bash
colorEcho $BLUE " 安装必要软件"
if [[ "$PMT" = "yum" ]]; then
$CMD_INSTALL epel-release
fi
$CMD_INSTALL wget vim unzip tar gcc openssl
$CMD_INSTALL net-tools
if [[ "$PMT" = "apt" ]]; then
$CMD_INSTALL libssl-dev g++
fi
if [[ -s /etc/selinux/config ]] && grep 'SELINUX=enforcing' /etc/selinux/config; then
sed -i 's/SELINUX=enforcing/SELINUX=permissive/g' /etc/selinux/config
setenforce 0
fi
}
function installTrojan()
{
colorEcho $BLUE " 安装最新版trojan..."
rm -rf $CONFIG_FILE
rm -rf /etc/systemd/system/trojan.service
NAME=trojan
VERSION=`curl -fsSL ${V6_PROXY}https://api.github.com/repos/trojan-gfw/trojan/releases/latest | grep tag_name | sed -E 's/.*"v(.*)".*/\1/'`
TARBALL="$NAME-$VERSION-linux-amd64.tar.xz"
DOWNLOADURL="${V6_PROXY}https://github.com/trojan-gfw/$NAME/releases/download/v$VERSION/$TARBALL"
TMPDIR="$(mktemp -d)"
INSTALLPREFIX=/usr/local
SYSTEMDPREFIX=/etc/systemd/system
BINARYPATH="$INSTALLPREFIX/bin/$NAME"
CONFIGPATH="$INSTALLPREFIX/etc/$NAME/config.json"
SYSTEMDPATH="$SYSTEMDPREFIX/$NAME.service"
echo Entering temp directory $TMPDIR...
cd "$TMPDIR"
echo Downloading $NAME $VERSION...
curl -LO --progress-bar "$DOWNLOADURL" || wget -q --show-progress "$DOWNLOADURL"
echo Unpacking $NAME $VERSION...
tar xf "$TARBALL"
cd "$NAME"
echo Installing $NAME $VERSION to $BINARYPATH...
cp "$NAME" "$BINARYPATH"
chmod 755 "$BINARYPATH"
mkdir -p $INSTALLPREFIX/etc/$NAME
echo Installing $NAME systemd service to $SYSTEMDPATH...
cat > "$SYSTEMDPATH" << EOF
[Unit]
Description=$NAME
Documentation=https://trojan-gfw.github.io/$NAME/config https://trojan-gfw.github.io/$NAME/
After=network.target network-online.target nss-lookup.target mysql.service mariadb.service mysqld.service
[Service]
Type=simple
StandardError=journal
ExecStart="$BINARYPATH" "$CONFIGPATH"
ExecReload=/bin/kill -HUP \$MAINPID
LimitNOFILE=51200
Restart=on-failure
RestartSec=1s
[Install]
WantedBy=multi-user.target
EOF
echo Reloading systemd daemon...
systemctl daemon-reload
echo Deleting temp directory $TMPDIR...
rm -rf "$TMPDIR"
echo Done!
if [[ ! -f "$BINARYPATH" ]]; then
colorEcho $RED " $OS 安装trojan失败,请到 https://hijk.art 反馈"
exit 1
fi
systemctl enable trojan
colorEcho $GREEN " trojan安装成功!"
}
configTrojan() {
ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime
cat >$CONFIG_FILE<<-EOF
{
"run_type": "server",
"local_addr": "::",
"local_port": ${PORT},
"remote_addr": "127.0.0.1",
"remote_port": 80,
"password": [
"$PASSWORD"
],
"log_level": 1,
"ssl": {
"cert": "$CERT_FILE",
"key": "$KEY_FILE",
"key_password": "",
"sni": "$DOMAIN",
"cipher": "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384",
"cipher_tls13": "TLS_AES_128_GCM_SHA256:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384",
"prefer_server_cipher": true,
"alpn": [
"http/1.1", "h2"
],
"alpn_port_override": {
"h2": 81
},
"reuse_session": true,
"session_ticket": false,
"session_timeout": 600,
"plain_http_response": "",
"curves": "",
"dhparam": ""
},
"tcp": {
"prefer_ipv4": false,
"no_delay": true,
"keep_alive": true,
"reuse_port": false,
"fast_open": false,
"fast_open_qlen": 20
},
"mysql": {
"enabled": false,
"server_addr": "127.0.0.1",
"server_port": 3306,
"database": "trojan",
"username": "trojan",
"password": "",
"key": "",
"cert": "",
"ca": ""
}
}
EOF
}
getCert() {
mkdir -p /usr/local/etc/trojan
if [[ -z ${CERT_FILE+x} ]]; then
stopNginx
res=`netstat -ntlp| grep -E ':80 |:443 '`
if [[ "${res}" != "" ]]; then
colorEcho $RED " 其他进程占用了80或443端口,请先关闭再运行一键脚本"
echo " 端口占用信息如下:"
echo ${res}
exit 1
fi
$CMD_INSTALL socat openssl
if [[ "$PMT" = "yum" ]]; then
$CMD_INSTALL cronie
systemctl start crond
systemctl enable crond
else
$CMD_INSTALL cron
systemctl start cron
systemctl enable cron
fi
curl -sL https://get.acme.sh | sh -s [email protected]
source ~/.bashrc
~/.acme.sh/acme.sh --upgrade --auto-upgrade
~/.acme.sh/acme.sh --set-default-ca --server letsencrypt
if [[ "$BT" = "false" ]]; then
~/.acme.sh/acme.sh --issue -d $DOMAIN --keylength ec-256 --pre-hook "systemctl stop nginx" --post-hook "systemctl restart nginx" --standalone
else
~/.acme.sh/acme.sh --issue -d $DOMAIN --keylength ec-256 --pre-hook "nginx -s stop || { echo -n ''; }" --post-hook "nginx -c /www/server/nginx/conf/nginx.conf || { echo -n ''; }" --standalone
fi
[[ -f ~/.acme.sh/${DOMAIN}_ecc/ca.cer ]] || {
colorEcho $RED " 获取证书失败,请复制上面的红色文字到 https://hijk.art 反馈"
exit 1
}
CERT_FILE="/usr/local/etc/trojan/${DOMAIN}.pem"
KEY_FILE="/usr/local/etc/trojan/${DOMAIN}.key"
~/.acme.sh/acme.sh --install-cert -d $DOMAIN --ecc \
--key-file $KEY_FILE \
--fullchain-file $CERT_FILE \
--reloadcmd "service nginx force-reload"
[[ -f $CERT_FILE && -f $KEY_FILE ]] || {
colorEcho $RED " 获取证书失败,请到 https://hijk.art 反馈"
exit 1
}
else
cp ~/trojan.pem /usr/local/etc/trojan/${DOMAIN}.pem
cp ~/trojan.key /usr/local/etc/trojan/${DOMAIN}.key
fi
}
function installNginx()
{
colorEcho $BLUE " 安装nginx..."
if [[ "$BT" = "false" ]]; then
if [[ "$PMT" = "yum" ]]; then
$CMD_INSTALL epel-release
if [[ "$?" != "0" ]]; then
echo '[nginx-stable]
name=nginx stable repo
baseurl=http://nginx.org/packages/centos/$releasever/$basearch/
gpgcheck=1
enabled=1
gpgkey=https://nginx.org/keys/nginx_signing.key
module_hotfixes=true' > /etc/yum.repos.d/nginx.repo
fi
fi
$CMD_INSTALL nginx
if [[ "$?" != "0" ]]; then
colorEcho $RED " Nginx安装失败,请到 https://hijk.art 反馈"
exit 1
fi
systemctl enable nginx
else
res=`which nginx 2>/dev/null`
if [[ "$?" != "0" ]]; then
colorEcho $RED " 您安装了宝塔,请在宝塔后台安装nginx后再运行本脚本"
exit 1
fi
fi
}
configNginx() {
mkdir -p /usr/share/nginx/html
if [[ "$ALLOW_SPIDER" = "n" ]]; then
echo 'User-Agent: *' > /usr/share/nginx/html/robots.txt
echo 'Disallow: /' >> /usr/share/nginx/html/robots.txt
ROBOT_CONFIG=" location = /robots.txt {}"
else
ROBOT_CONFIG=""
fi
if [[ "$BT" = "false" ]]; then
if [ ! -f /etc/nginx/nginx.conf.bak ]; then
mv /etc/nginx/nginx.conf /etc/nginx/nginx.conf.bak
fi
res=`id nginx 2>/dev/null`
if [[ "$?" != "0" ]]; then
user="www-data"
else
user="nginx"
fi
cat > /etc/nginx/nginx.conf<<-EOF
user $user;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;
# Load dynamic modules. See /usr/share/doc/nginx/README.dynamic.
include /usr/share/nginx/modules/*.conf;
events {
worker_connections 1024;
}
http {
log_format main '\$remote_addr - \$remote_user [\$time_local] "\$request" '
'\$status \$body_bytes_sent "\$http_referer" '
'"\$http_user_agent" "\$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
gzip on;
include /etc/nginx/mime.types;
default_type application/octet-stream;
# Load modular configuration files from the /etc/nginx/conf.d directory.
# See http://nginx.org/en/docs/ngx_core_module.html#include
# for more information.
include /etc/nginx/conf.d/*.conf;
}
EOF
fi
mkdir -p $NGINX_CONF_PATH
if [[ "$PROXY_URL" = "" ]]; then
cat > $NGINX_CONF_PATH${DOMAIN}.conf<<-EOF
server {
listen 80;
listen [::]:80;
listen 81 http2;
server_name ${DOMAIN};
root /usr/share/nginx/html;
$ROBOT_CONFIG
}
EOF
else
cat > $NGINX_CONF_PATH${DOMAIN}.conf<<-EOF
server {
listen 80;
listen [::]:80;
listen 81 http2;
server_name ${DOMAIN};
root /usr/share/nginx/html;
location / {
proxy_ssl_server_name on;
proxy_pass $PROXY_URL;
proxy_set_header Accept-Encoding '';
sub_filter "$REMOTE_HOST" "$DOMAIN";
sub_filter_once off;
}
$ROBOT_CONFIG
}
EOF
fi
}
startNginx() {
if [[ "$BT" = "false" ]]; then
systemctl start nginx
else
nginx -c /www/server/nginx/conf/nginx.conf
fi
}
stopNginx() {
if [[ "$BT" = "false" ]]; then
systemctl stop nginx
else
res=`ps aux | grep -i nginx`
if [[ "$res" != "" ]]; then
nginx -s stop
fi
fi
}
function setFirewall()
{
res=`which firewall-cmd 2>/dev/null`
if [[ $? -eq 0 ]]; then
systemctl status firewalld > /dev/null 2>&1
if [[ $? -eq 0 ]];then
firewall-cmd --permanent --add-service=http
firewall-cmd --permanent --add-service=https
if [[ "$PORT" != "443" ]]; then
firewall-cmd --permanent --add-port=${PORT}/tcp
fi
firewall-cmd --reload
else
nl=`iptables -nL | nl | grep FORWARD | awk '{print $1}'`
if [[ "$nl" != "3" ]]; then
iptables -I INPUT -p tcp --dport 80 -j ACCEPT
iptables -I INPUT -p tcp --dport 443 -j ACCEPT
if [[ "$PORT" != "443" ]]; then
iptables -I INPUT -p tcp --dport ${PORT} -j ACCEPT
fi
fi
fi
else
res=`which iptables 2>/dev/null`
if [[ $? -eq 0 ]]; then
nl=`iptables -nL | nl | grep FORWARD | awk '{print $1}'`
if [[ "$nl" != "3" ]]; then
iptables -I INPUT -p tcp --dport 80 -j ACCEPT
iptables -I INPUT -p tcp --dport 443 -j ACCEPT
if [[ "$PORT" != "443" ]]; then
iptables -I INPUT -p tcp --dport ${PORT} -j ACCEPT
fi
fi
else
res=`which ufw 2>/dev/null`
if [[ $? -eq 0 ]]; then
res=`ufw status | grep -i inactive`
if [[ "$res" = "" ]]; then
ufw allow http/tcp
ufw allow https/tcp
if [[ "$PORT" != "443" ]]; then
ufw allow ${PORT}/tcp
fi
fi
fi
fi
fi
}
function installBBR()
{
if [ "$NEED_BBR" != "y" ]; then
INSTALL_BBR=false
return
fi
result=$(lsmod | grep bbr)
if [ "$result" != "" ]; then
colorEcho $YELLOW " BBR模块已安装"
INSTALL_BBR=false
return;
fi
res=`hostnamectl | grep -i openvz`
if [ "$res" != "" ]; then
colorEcho $YELLOW " openvz机器,跳过安装"
INSTALL_BBR=false
return
fi
echo "net.core.default_qdisc=fq" >> /etc/sysctl.conf
echo "net.ipv4.tcp_congestion_control=bbr" >> /etc/sysctl.conf
sysctl -p
result=$(lsmod | grep bbr)
if [[ "$result" != "" ]]; then
colorEcho $GREEN " BBR模块已启用"
INSTALL_BBR=false
return
fi
colorEcho $BLUE " 安装BBR模块..."
if [[ "$PMT" = "yum" ]]; then
if [[ "$V6_PROXY" = "" ]]; then
rpm --import https://www.elrepo.org/RPM-GPG-KEY-elrepo.org
rpm -Uvh http://www.elrepo.org/elrepo-release-7.0-4.el7.elrepo.noarch.rpm
$CMD_INSTALL --enablerepo=elrepo-kernel kernel-ml
$CMD_REMOVE kernel-3.*
grub2-set-default 0
echo "tcp_bbr" >> /etc/modules-load.d/modules.conf
INSTALL_BBR=true
fi
else
$CMD_INSTALL --install-recommends linux-generic-hwe-16.04
grub-set-default 0
echo "tcp_bbr" >> /etc/modules-load.d/modules.conf
INSTALL_BBR=true
fi
}
function showInfo()
{
res=`netstat -nltp | grep trojan`
[[ -z "$res" ]] && status="${RED}已停止${PLAIN}" || status="${GREEN}正在运行${PLAIN}"
domain=`grep sni $CONFIG_FILE | cut -d: -f2 | tr -d \",' '`
if [[ "$domain" = "" ]]; then
domain=`grep -m1 cert $CONFIG_FILE | cut -d/ -f5`
fi
port=`grep local_port $CONFIG_FILE | cut -d: -f2 | tr -d \",' '`
line1=`grep -n 'password' $CONFIG_FILE | head -n1 | cut -d: -f1`
line11=`expr $line1 + 1`
password=`sed -n "${line11}p" $CONFIG_FILE | tr -d \",' '`
res=`netstat -nltp | grep ${port} | grep nginx`
[[ -z "$res" ]] && ngstatus="${RED}已停止${PLAIN}" || ngstatus="${GREEN}正在运行${PLAIN}"
echo ============================================
echo -e " ${BLUE}trojan运行状态:${PLAIN}${status}"
echo ""
echo -e " ${BLUE}trojan配置文件:${PLAIN}${RED}$CONFIG_FILE${PLAIN}"
echo -e " ${BLUE}trojan配置信息:${PLAIN} "
echo -e " ${BLUE}IP/address:${PLAIN} ${RED}$IP${PLAIN}"
echo -e " ${BLUE}域名/SNI/peer名称:${PLAIN} ${RED}${domain}${PLAIN}"
echo -e " ${BLUE}端口(port):${PLAIN}${RED}${port}${PLAIN}"
echo -e " ${BLUE}密码(password):${PLAIN}${RED}$password${PLAIN}"
echo
echo ============================================
}
function bbrReboot() {
if [ "${INSTALL_BBR}" == "true" ]; then
echo ""
colorEcho $BLUE " 为使BBR模块生效,系统将在30秒后重启"
echo
echo -e " 您可以按 ctrl + c 取消重启,稍后输入 ${RED}reboot${PLAIN} 重启系统"
sleep 30
reboot
fi
}
function install() {
getData
preinstall
installBBR
setFirewall
installNginx
getCert
configNginx
installTrojan
configTrojan
start
showInfo
bbrReboot
}
reconfig() {
res=`status`
if [[ $res -lt 2 ]]; then
echo -e " ${RED}trojan未安装,请先安装!${PLAIN}"
return
fi
getData
setFirewall
getCert
configNginx
configTrojan
restart
showInfo
}
update() {
res=`status`
if [[ $res -lt 2 ]]; then
echo -e " ${RED}trojan未安装,请先安装!${PLAIN}"
return
fi
installTrojan
stop
start
colorEcho $BLUE " 成功更新到最新版trojan"
}
start() {
res=`status`
if [[ $res -lt 2 ]]; then
echo -e "${RED}trojan未安装,请先安装!${PLAIN}"
return
fi
stopNginx
startNginx
systemctl restart trojan
sleep 2
port=`grep local_port $CONFIG_FILE|cut -d: -f2| tr -d \",' '`
res=`ss -ntlp| grep ${port} | grep trojan`
if [[ "$res" = "" ]]; then
colorEcho $RED " trojan启动失败,请检查端口是否被占用!"
else
colorEcho $BLUE " trojan启动成功"
fi
}
stop() {
stopNginx
systemctl stop trojan
colorEcho $BLUE " trojan停止成功"
}
restart() {
res=`status`
if [[ $res -lt 2 ]]; then
echo -e " ${RED}trojan未安装,请先安装!${PLAIN}"
return
fi
stop
start
}
showLog() {
res=`status`
if [[ $res -lt 2 ]]; then
echo -e "${RED}trojan未安装,请先安装!${PLAIN}"
return
fi
journalctl -xen -u trojan --no-pager
}
function uninstall() {
res=`status`
if [[ $res -lt 2 ]]; then
echo -e "${RED}trojan未安装,请先安装!${PLAIN}"
return
fi
echo ""
read -p " 确定卸载trojan?(y/n)" answer
[[ -z ${answer} ]] && answer="n"
if [[ "${answer}" == "y" ]] || [[ "${answer}" == "Y" ]]; then
domain=`grep sni $CONFIG_FILE | cut -d: -f2 | tr -d \",' '`
if [[ "$domain" = "" ]]; then
domain=`grep -m1 cert $CONFIG_FILE | cut -d/ -f5`
fi
systemctl stop trojan
systemctl disable trojan
rm -rf /usr/local/bin/trojan
rm -rf /usr/local/etc/trojan
rm -rf /etc/systemd/system/trojan.service
if [[ "$BT" = "false" ]]; then
$CMD_REMOVE nginx
if [[ "$PMT" = "apt" ]]; then
$CMD_REMOVE nginx-common
fi
if [[ -d /usr/share/nginx/html.bak ]]; then
rm -rf /usr/share/nginx/html
mv /usr/share/nginx/html.bak /usr/share/nginx/html
fi
fi
rm -rf $NGINX_CONF_PATH${domain}.conf
~/.acme.sh/acme.sh --uninstall
colorEcho $GREEN " trojan卸载成功"
fi
}
menu() {
clear
echo "#############################################################"
echo -e "# ${RED}trojan一键安装脚本${PLAIN} #"
echo -e "# ${GREEN}作者${PLAIN}: 网络跳越(hijk) #"
echo -e "# ${GREEN}网址${PLAIN}: https://hijk.art #"
echo -e "# ${GREEN}论坛${PLAIN}: https://hijk.club #"
echo -e "# ${GREEN}TG群${PLAIN}: https://t.me/hijkclub #"
echo -e "# ${GREEN}Youtube频道${PLAIN}: https://youtube.com/channel/UCYTB--VsObzepVJtc9yvUxQ #"
echo "#############################################################"
echo ""
echo -e " ${GREEN}1.${PLAIN} 安装trojan"
echo -e " ${GREEN}2.${PLAIN} 更新trojan"
echo -e " ${GREEN}3. ${RED}卸载trojan${PLAIN}"
echo " -------------"
echo -e " ${GREEN}4.${PLAIN} 启动trojan"
echo -e " ${GREEN}5.${PLAIN} 重启trojan"
echo -e " ${GREEN}6.${PLAIN} 停止trojan"
echo " -------------"
echo -e " ${GREEN}7.${PLAIN} 查看trojan配置"
echo -e " ${GREEN}8. ${RED}修改trojan配置${PLAIN}"
echo -e " ${GREEN}9.${PLAIN} 查看trojan日志"
echo " -------------"
echo -e " ${GREEN}0.${PLAIN} 退出"
echo
echo -n " 当前状态:"
statusText
echo
read -p " 请选择操作[0-10]:" answer
case $answer in
0)
exit 0
;;
1)
install
;;
2)
update
;;
3)
uninstall
;;
4)
start
;;
5)
restart
;;
6)
stop
;;
7)
showInfo
;;
8)
reconfig
;;
9)
showLog
;;
*)
echo -e "$RED 请选择正确的操作!${PLAIN}"
exit 1
;;
esac
}
checkSystem
action=$1
[[ -z $1 ]] && action=menu
case "$action" in
menu|install|update|uninstall|start|restart|stop|showInfo|showLog)
${action}
;;
*)
echo " 参数错误"
echo " 用法: `basename $0` [menu|install|update|uninstall|start|restart|stop|showInfo|showLog]"
;;
esac
Raw
v2ray_dispoly.py
The kids take an oath in taekwondo
The first lesson in the taekwondo course, All of kids take an oath. It's so cute.
# 视频转换命令
ffmpeg -i old.mov -vcodec libx264 -s 960x540 -preset fast -crf 22 -y -acodec copy new.mp4
9eee1134-dccd-436f-815b-ddcdbe317c32
sudo vim ~/.ssh/known_hosts
sudo adduser tonytan
chmod -R 640 /etc/sudoers
chmod -R 440 /etc/sudoers
W6a#S6U!UJTd9n?}
# -----------------------------------------
V2Ray 一键搭建
bash <(curl -s -L https://233now.com/v2ray.sh)
v2ray带伪装一键脚本Ubuntu版
apt install -y curl
bash <(curl -sL https://raw.githubusercontent.com/daveleung/hijkpw-scripts-mod/main/xray_mod1.sh)
Trojan 一键脚本
bash <(curl -sL https://raw.githubusercontent.com/daveleung/hijkpw-scripts-mod/main/trojan_mod1.sh)
v2ray 一键脚本带伪装
yum install -y curl
bash <(curl -sL https://raw.githubusercontent.com/hiifeng/v2ray/main/install_v2ray.sh)
dante socket 服务搭建
wget --no-check-certificate https://raw.githubusercontent.com/Lozy/danted/master/install.sh -Oinstall.sh
bash install.sh --port=12345 --user=user001 --passwd=user001
# -----------------------------------------
V2ray URL:
vmess://ewoidiI6ICIyIiwKInBzIjogIjIzM3YyLmNvbV8xMzkuMTgwLjE5MC4xNiIsCiJhZGQiOiAiMTM5LjE4MC4xOTAuMTYiLAoicG9ydCI6ICIzNjE1MyIsCiJpZCI6ICIxNWY0NzhjOS04ZmVkLTRkOWMtOGU3OS0wYWMyMDUxODAyYTUiLAoiYWlkIjogIjAiLAoibmV0IjogInRjcCIsCiJ0eXBlIjogIm5vbmUiLAoiaG9zdCI6ICIiLAoicGF0aCI6ICIiLAoidGxzIjogIiIKfQo=
trojan配置信息:
IP/address: 144.202.81.184
域名/SNI/peer名称: vp.tonytansite.shop
端口(port):443
密码(password):violin
邮箱:
1
[email protected]
adbf678jhg
[email protected]
2
[email protected]
wouldopenups
[email protected]
3
[email protected]
P1KehMxIu
[email protected]
4
[email protected]
1y2TAQC1
[email protected]
5 V
[email protected]
BSuZJXv57
[email protected]
6 V
[email protected]
NiWXHIywJ
[email protected]
7 V
[email protected]
jHaH7du0
[email protected]
8 V
[email protected]
uvOntzBW
[email protected]
9 V
[email protected]
WRF2FfwE6
[email protected]
10 V
[email protected]
2hh6CLB5
[email protected]
11 V
[email protected]
7cPgVF9E
[email protected]
12 V
[email protected]
X1jLCekg
[email protected]
13 V
[email protected]
KPKjfOz7o
[email protected]
14 V
[email protected]
lttaEABcz
[email protected]
15 V
[email protected]
9HqFImKl
[email protected]
16 V
[email protected]
lNc1r5SZ
[email protected]
17 V
[email protected]
rqZCn9fZ
[email protected]
18 V
[email protected]
IbF55odaq
[email protected]
19 V
[email protected]
TxKUVrunP
[email protected]
20 V
[email protected]
veu2emnc
[email protected]
21
[email protected]
3z2Nac2tb
[email protected]
22
[email protected]
pcZ1T4WT
[email protected]
23
[email protected]
elEcwiCQt
[email protected]
24
[email protected]
4twLOTKz
[email protected]
25
[email protected]
q1l5kqlQR
[email protected]
26
[email protected]
GrJo8e1i
[email protected]
27
[email protected]
Gm5JUttk
[email protected]
28
[email protected]
DizsNbut
[email protected]
29
[email protected]
cJBQts3K
[email protected]
30
[email protected]
OLsrxUdZ
[email protected]
Raw
v2ray_mod1.sh
#!/bin/bash
# v2ray 一键脚本带伪装
# Modify by ifeng<https://www.hicairo.com>
RED="\033[31m" # Error message
GREEN="\033[32m" # Success message
YELLOW="\033[33m" # Warning message
BLUE="\033[36m" # Info message
PLAIN='\033[0m'
colorEcho() {
echo -e "${1}${@:2}${PLAIN}"
}
# 以下网站是随机从Google上找到的无广告小说网站,不喜欢请改成其他网址,以http或https开头
# 搭建好后无法打开伪装域名,可能是反代小说网站挂了,请在网站留言,或者Github发issue,以便替换新的网站
SITES=(
https://www.ruiwen.com/
https://www.ihuaben.com/
http://www.fbook.net/
https://www.tadu.com/
http://www.quyuewang.cn/
https://www.hongshu.com/
http://www.zongheng.com/
http://www.cjzww.com/
http://www.tiandizw.com/
https://b.faloo.com/
https://www.17k.com/
https://www.yousuu.com/
http://www.qwsy.com/
http://www.inbook.net/
https://www.zzwenxue.com/
)
CONFIG_FILE="/etc/v2ray/config.json"
SERVICE_FILE="/etc/systemd/system/v2ray.service"
OS=`hostnamectl | grep -i system | cut -d: -f2`
# 检查服务器网络环境
checkv4v6(){
v6=$(curl -s6m8 api64.ipify.org -k)
v4=$(curl -s4m8 api64.ipify.org -k)
}
colorEcho $YELLOW "正在检查VPS的IP配置环境, 请稍等..." && sleep 1
WgcfIPv4Status=$(curl -s4m8 https://www.cloudflare.com/cdn-cgi/trace -k | grep warp | cut -d= -f2)
WgcfIPv6Status=$(curl -s6m8 https://www.cloudflare.com/cdn-cgi/trace -k | grep warp | cut -d= -f2)
if [[ $WgcfIPv4Status =~ "on"|"plus" ]] || [[ $WgcfIPv6Status =~ "on"|"plus" ]]; then
wg-quick down wgcf >/dev/null 2>&1
systemctl stop warp-go >/dev/null 2>&1
checkv4v6
wg-quick up wgcf >/dev/null 2>&1
systemctl start warp-go >/dev/null 2>&1
else
checkv4v6
if [[ -z $v4 && -n $v6 ]]; then
colorEcho $GREEN "检测到为纯IPv6 VPS, 已自动添加DNS64解析服务器"
echo -e "nameserver 2a01:4f8:c2c:123f::1" > /etc/resolv.conf
IP=$v6
ipv6Status="on"
else
IP=$v4
fi
fi
sleep 3
BT="false"
NGINX_CONF_PATH="/etc/nginx/conf.d/"
res=`which bt 2>/dev/null`
if [[ "$res" != "" ]]; then
BT="true"
NGINX_CONF_PATH="/www/server/panel/vhost/nginx/"
fi
VLESS="false"
TROJAN="false"
TLS="false"
WS="false"
XTLS="false"
KCP="false"
checkSystem() {
result=$(id | awk '{print $1}')
if [[ $result != "uid=0(root)" ]]; then
colorEcho $RED " 请以root身份执行该脚本"
exit 1
fi
res=`which yum 2>/dev/null`
if [[ "$?" != "0" ]]; then
res=`which apt 2>/dev/null`
if [[ "$?" != "0" ]]; then
colorEcho $RED " 不受支持的Linux系统"
exit 1
fi
PMT="apt"
CMD_INSTALL="apt install -y "
CMD_REMOVE="apt remove -y "
CMD_UPGRADE="apt update; apt upgrade -y; apt autoremove -y"
else
PMT="yum"
CMD_INSTALL="yum install -y "
CMD_REMOVE="yum remove -y "
CMD_UPGRADE="yum update -y"
fi
res=`which systemctl 2>/dev/null`
if [[ "$?" != "0" ]]; then
colorEcho $RED " 系统版本过低,请升级到最新版本"
exit 1
fi
}
configNeedNginx() {
local ws=`grep wsSettings $CONFIG_FILE`
if [[ -z "$ws" ]]; then
echo no
return
fi
echo yes
}
needNginx() {
if [[ "$WS" = "false" ]]; then
echo no
return
fi
echo yes
}
status() {
if [[ ! -f /usr/bin/v2ray/v2ray ]]; then
echo 0
return
fi
if [[ ! -f $CONFIG_FILE ]]; then
echo 1
return
fi
port=`grep port $CONFIG_FILE| head -n 1| cut -d: -f2| tr -d \",' '`
res=`ss -nutlp| grep ${port} | grep -i v2ray`
if [[ -z "$res" ]]; then
echo 2
return
fi
if [[ `configNeedNginx` != "yes" ]]; then
echo 3
else
res=`ss -nutlp|grep -i nginx`
if [[ -z "$res" ]]; then
echo 4
else
echo 5
fi
fi
}
statusText() {
res=`status`
case $res in
2)
echo -e ${GREEN}已安装${PLAIN} ${RED}未运行${PLAIN}
;;
3)
echo -e ${GREEN}已安装${PLAIN} ${GREEN}V2ray正在运行${PLAIN}
;;
4)
echo -e ${GREEN}已安装${PLAIN} ${GREEN}V2ray正在运行${PLAIN}, ${RED}Nginx未运行${PLAIN}
;;
5)
echo -e ${GREEN}已安装${PLAIN} ${GREEN}V2ray正在运行, Nginx正在运行${PLAIN}
;;
*)
echo -e ${RED}未安装${PLAIN}
;;
esac
}
normalizeVersion() {
if [ -n "$1" ]; then
case "$1" in
v*)
echo "$1"
;;
*)
echo "v$1"
;;
esac
else
echo ""
fi
}
# 1: new V2Ray. 0: no. 1: yes. 2: not installed. 3: check failed.
getVersion() {
if /usr/bin/v2ray/v2ray -version >/dev/null 2>&1;then
VER="$(/usr/bin/v2ray/v2ray -version | awk 'NR==1 {print $2}')"
else
VER="$(/usr/bin/v2ray/v2ray version | awk 'NR==1 {print $2}')"
fi
RETVAL=$?
CUR_VER="$(normalizeVersion "$(echo "$VER" | head -n 1 | cut -d " " -f2)")"
TAG_URL="https://api.github.com/repos/v2fly/v2ray-core/releases/latest"
NEW_VER="$(normalizeVersion "$(curl -s "${TAG_URL}" --connect-timeout 10| tr ',' '\n' | grep 'tag_name' | cut -d\" -f4)")"
# 解决通过Github API获取v2ray最新版本失败问题
if [[ $NEW_VER == "" ]]; then
NEW_VER=v5.1.0
fi
if [[ "$XTLS" = "true" ]]; then
NEW_VER=v4.32.1
fi
if [[ $? -ne 0 ]] || [[ $NEW_VER == "" ]]; then
colorEcho $RED " 检查V2ray版本信息失败,请检查网络"
return 3
elif [[ $RETVAL -ne 0 ]];then
return 2
elif [[ $NEW_VER != $CUR_VER ]];then
return 1
fi
return 0
}
archAffix(){
case "$(uname -m)" in
i686|i386)
echo '32'
;;
x86_64|amd64)
echo '64'
;;
*armv7*)
echo 'arm32-v7a'
;;
armv6*)
echo 'arm32-v6a'
;;
*armv8*|aarch64)
echo 'arm64-v8a'
;;
*mips64le*)
echo 'mips64le'
;;
*mips64*)
echo 'mips64'
;;
*mipsle*)
echo 'mipsle'
;;
*mips*)
echo 'mips'
;;
*s390x*)
echo 's390x'
;;
ppc64le)
echo 'ppc64le'
;;
ppc64)
echo 'ppc64'
;;
*)
colorEcho $RED " 不支持的CPU架构!"
exit 1
;;
esac
return 0
}
getData() {
if [[ "$TLS" = "true" || "$XTLS" = "true" ]]; then
echo ""
echo " V2ray一键脚本,运行之前请确认如下条件已经具备:"
colorEcho ${YELLOW} " 1. 一个伪装域名"
colorEcho ${YELLOW} " 2. 伪装域名DNS解析指向当前服务器ip(${IP})"
colorEcho ${BLUE} " 3. 如果/root目录下有 v2ray.pem 和 v2ray.key 证书密钥文件,无需理会条件2"
echo " "
read -p " 确认满足按y,按其他退出脚本:" answer
if [[ "${answer,,}" != "y" ]]; then
exit 0
fi
echo ""
while true
do
read -p " 请输入伪装域名:" DOMAIN
if [[ -z "${DOMAIN}" ]]; then
colorEcho ${RED} " 域名输入错误,请重新输入!"
else
break
fi
done
DOMAIN=${DOMAIN,,}
colorEcho ${BLUE} " 伪装域名(host):$DOMAIN"
if [[ -f ~/v2ray.pem && -f ~/v2ray.key ]]; then
colorEcho ${BLUE} " 检测到自有证书,将使用其部署"
CERT_FILE="/etc/v2ray/${DOMAIN}.pem"
KEY_FILE="/etc/v2ray/${DOMAIN}.key"
else
resolve=`curl -sm8 ipget.net/?ip=${DOMAIN}`
res=`echo -n ${resolve} | grep ${IP}`
if [[ -z "${res}" ]]; then
colorEcho ${BLUE} "${DOMAIN} 解析结果:${resolve}"
colorEcho ${RED} " 域名未解析到当前服务器IP(${IP})!"
exit 1
fi
fi
fi
echo ""
if [[ "$(needNginx)" = "no" ]]; then
if [[ "$TLS" = "true" ]]; then
read -p " 请输入v2ray监听端口[强烈建议443,默认443]:" PORT
[[ -z "${PORT}" ]] && PORT=443
else
read -p " 请输入v2ray监听端口[100-65535的一个数字]:" PORT
[[ -z "${PORT}" ]] && PORT=`shuf -i200-65000 -n1`
if [[ "${PORT:0:1}" = "0" ]]; then
colorEcho ${RED} " 端口不能以0开头"
exit 1
fi
fi
colorEcho ${BLUE} " v2ray端口:$PORT"
else
read -p " 请输入Nginx监听端口[100-65535的一个数字,默认443]:" PORT
[[ -z "${PORT}" ]] && PORT=443
if [ "${PORT:0:1}" = "0" ]; then
colorEcho ${BLUE} " 端口不能以0开头"
exit 1
fi
colorEcho ${BLUE} " Nginx端口:$PORT"
V2PORT=`shuf -i10000-65000 -n1`
fi
if [[ "$KCP" = "true" ]]; then
echo ""
colorEcho $BLUE " 请选择伪装类型:"
echo " 1) 无"
echo " 2) BT下载"
echo " 3) 视频通话"
echo " 4) 微信视频通话"
echo " 5) dtls"
echo " 6) wiregard"
read -p " 请选择伪装类型[默认:无]:" answer
case $answer in
2)
HEADER_TYPE="utp"
;;
3)
HEADER_TYPE="srtp"
;;
4)
HEADER_TYPE="wechat-video"
;;
5)
HEADER_TYPE="dtls"
;;
6)
HEADER_TYPE="wireguard"
;;
*)
HEADER_TYPE="none"
;;
esac
colorEcho $BLUE " 伪装类型:$HEADER_TYPE"
SEED=`cat /proc/sys/kernel/random/uuid`
fi
if [[ "$TROJAN" = "true" ]]; then
echo ""
read -p " 请设置trojan密码(不输则随机生成):" PASSWORD
[[ -z "$PASSWORD" ]] && PASSWORD=`cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 16 | head -n 1`
colorEcho $BLUE " trojan密码:$PASSWORD"
fi
if [[ "$XTLS" = "true" ]]; then
echo ""
colorEcho $BLUE " 请选择流控模式:"
echo -e " 1) xtls-rprx-direct [$RED推荐$PLAIN]"
echo " 2) xtls-rprx-origin"
read -p " 请选择流控模式[默认:direct]" answer
[[ -z "$answer" ]] && answer=1
case $answer in
1)
FLOW="xtls-rprx-direct"
;;
2)
FLOW="xtls-rprx-origin"
;;
*)
colorEcho $RED " 无效选项,使用默认的xtls-rprx-direct"
FLOW="xtls-rprx-direct"
;;
esac
colorEcho $BLUE " 流控模式:$FLOW"
fi
if [[ "${WS}" = "true" ]]; then
echo ""
while true
do
read -p " 请输入伪装路径,以/开头(不懂请直接回车):" WSPATH
if [[ -z "${WSPATH}" ]]; then
len=`shuf -i5-12 -n1`
ws=`cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w $len | head -n 1`
WSPATH="/$ws"
break
elif [[ "${WSPATH:0:1}" != "/" ]]; then
colorEcho ${RED} " 伪装路径必须以/开头!"
elif [[ "${WSPATH}" = "/" ]]; then
colorEcho ${RED} " 不能使用根路径!"
else
break
fi
done
colorEcho ${BLUE} " ws路径:$WSPATH"
fi
if [[ "$TLS" = "true" || "$XTLS" = "true" ]]; then
echo ""
colorEcho $BLUE " 请选择伪装站类型:"
echo " 1) 静态网站(位于/usr/share/nginx/html)"
echo " 2) 小说站(随机选择)"
echo " 3) 美女站(http://www.kimiss.com)"
echo " 4) 高清壁纸站(https://www.wallpaperstock.net)"
echo " 5) 自定义反代站点(需以http或者https开头)"
read -p " 请选择伪装网站类型[默认:高清壁纸站]" answer
if [[ -z "$answer" ]]; then
PROXY_URL="https://www.wallpaperstock.net"
else
case $answer in
1)
PROXY_URL=""
;;
2)
len=${#SITES[@]}
((len--))
while true
do
index=`shuf -i0-${len} -n1`
PROXY_URL=${SITES[$index]}
host=`echo ${PROXY_URL} | cut -d/ -f3`
ip=`curl -sm8 ipget.net/?ip=${host}`
res=`echo -n ${ip} | grep ${host}`
if [[ "${res}" = "" ]]; then
echo "$ip $host" >> /etc/hosts
break
fi
done
;;
3)
PROXY_URL="http://www.kimiss.com"
;;
4)
PROXY_URL="https://www.wallpaperstock.net"
;;
5)
read -p " 请输入反代站点(以http或者https开头):" PROXY_URL
if [[ -z "$PROXY_URL" ]]; then
colorEcho $RED " 请输入反代网站!"
exit 1
elif [[ "${PROXY_URL:0:4}" != "http" ]]; then
colorEcho $RED " 反代网站必须以http或https开头!"
exit 1
fi
;;
*)
colorEcho $RED " 请输入正确的选项!"
exit 1
esac
fi
REMOTE_HOST=`echo ${PROXY_URL} | cut -d/ -f3`
colorEcho $BLUE " 伪装网站:$PROXY_URL"
echo ""
colorEcho $BLUE " 是否允许搜索引擎爬取网站?[默认:不允许]"
echo " y)允许,会有更多ip请求网站,但会消耗一些流量,vps流量充足情况下推荐使用"
echo " n)不允许,爬虫不会访问网站,访问ip比较单一,但能节省vps流量"
read -p " 请选择:[y/n]" answer
if [[ -z "$answer" ]]; then
ALLOW_SPIDER="n"
elif [[ "${answer,,}" = "y" ]]; then
ALLOW_SPIDER="y"
else
ALLOW_SPIDER="n"
fi
colorEcho $BLUE " 允许搜索引擎:$ALLOW_SPIDER"
fi
echo ""
read -p " 是否安装BBR(默认安装)?[y/n]:" NEED_BBR
[[ -z "$NEED_BBR" ]] && NEED_BBR=y
[[ "$NEED_BBR" = "Y" ]] && NEED_BBR=y
colorEcho $BLUE " 安装BBR:$NEED_BBR"
}
installNginx() {
echo ""
colorEcho $BLUE " 安装nginx..."
if [[ "$BT" = "false" ]]; then
if [[ "$PMT" = "yum" ]]; then
$CMD_INSTALL epel-release
if [[ "$?" != "0" ]]; then
echo '[nginx-stable]
name=nginx stable repo
baseurl=http://nginx.org/packages/centos/$releasever/$basearch/
gpgcheck=1
enabled=1
gpgkey=https://nginx.org/keys/nginx_signing.key
module_hotfixes=true' > /etc/yum.repos.d/nginx.repo
fi
fi
$CMD_INSTALL nginx
if [[ "$?" != "0" ]]; then
colorEcho $RED " Nginx安装失败,请到 https://www.hicairo.com 反馈"
exit 1
fi
systemctl enable nginx
else
res=`which nginx 2>/dev/null`
if [[ "$?" != "0" ]]; then
colorEcho $RED " 您安装了宝塔,请在宝塔后台安装nginx后再运行本脚本"
exit 1
fi
fi
}
startNginx() {
if [[ "$BT" = "false" ]]; then
systemctl start nginx
else
nginx -c /www/server/nginx/conf/nginx.conf
fi
}
stopNginx() {
if [[ "$BT" = "false" ]]; then
systemctl stop nginx
else
res=`ps aux | grep -i nginx`
if [[ "$res" != "" ]]; then
nginx -s stop
fi
fi
}
getCert() {
mkdir -p /etc/v2ray
if [[ -z ${CERT_FILE+x} ]]; then
stopNginx
sleep 2
res=`netstat -ntlp| grep -E ':80 |:443 '`
if [[ "${res}" != "" ]]; then
colorEcho ${RED} " 其他进程占用了80或443端口,请先关闭再运行一键脚本"
echo " 端口占用信息如下:"
echo ${res}
exit 1
fi
$CMD_INSTALL socat openssl
if [[ "$PMT" = "yum" ]]; then
$CMD_INSTALL cronie
systemctl start crond
systemctl enable crond
else
$CMD_INSTALL cron
systemctl start cron
systemctl enable cron
fi
curl -sL https://get.acme.sh | sh -s [email protected]
source ~/.bashrc
~/.acme.sh/acme.sh --upgrade --auto-upgrade
~/.acme.sh/acme.sh --set-default-ca --server letsencrypt
if [[ "$ipv6Status" = "on" ]]; then
if [[ "$BT" = "false" ]]; then
~/.acme.sh/acme.sh --issue -d $DOMAIN --keylength ec-256 --pre-hook "systemctl stop nginx" --post-hook "systemctl restart nginx" --standalone --listen-v6 --insecure
else
~/.acme.sh/acme.sh --issue -d $DOMAIN --keylength ec-256 --pre-hook "nginx -s stop || { echo -n ''; }" --post-hook "nginx -c /www/server/nginx/conf/nginx.conf || { echo -n ''; }" --standalone --listen-v6 --insecure
fi
else
if [[ "$BT" = "false" ]]; then
~/.acme.sh/acme.sh --issue -d $DOMAIN --keylength ec-256 --pre-hook "systemctl stop nginx" --post-hook "systemctl restart nginx" --standalone --insecure
else
~/.acme.sh/acme.sh --issue -d $DOMAIN --keylength ec-256 --pre-hook "nginx -s stop || { echo -n ''; }" --post-hook "nginx -c /www/server/nginx/conf/nginx.conf || { echo -n ''; }" --standalone --insecure
fi
fi
[[ -f ~/.acme.sh/${DOMAIN}_ecc/ca.cer ]] || {
colorEcho $RED " 获取证书失败,请复制上面的红色文字到 https://www.hicairo.com 反馈"
exit 1
}
KEY_FILE="/etc/v2ray/${DOMAIN}.key"
CERT_FILE="/etc/v2ray/${DOMAIN}.pem"
~/.acme.sh/acme.sh --install-cert -d $DOMAIN --ecc \
--key-file $KEY_FILE \
--fullchain-file $CERT_FILE \
--reloadcmd "service nginx force-reload"
[[ -f $CERT_FILE && -f $KEY_FILE ]] || {
colorEcho $RED " 获取证书失败,请到 https://www.hicairo.com 反馈"
exit 1
}
else
cp ~/v2ray.pem /etc/v2ray/${DOMAIN}.pem
cp ~/v2ray.key /etc/v2ray/${DOMAIN}.key
fi
}
configNginx() {
mkdir -p /usr/share/nginx/html;
if [[ "$ALLOW_SPIDER" = "n" ]]; then
echo 'User-Agent: *' > /usr/share/nginx/html/robots.txt
echo 'Disallow: /' >> /usr/share/nginx/html/robots.txt
ROBOT_CONFIG=" location = /robots.txt {}"
else
ROBOT_CONFIG=""
fi
if [[ "$BT" = "false" ]]; then
if [[ ! -f /etc/nginx/nginx.conf.bak ]]; then
mv /etc/nginx/nginx.conf /etc/nginx/nginx.conf.bak
fi
res=`id nginx 2>/dev/null`
if [[ "$?" != "0" ]]; then
user="www-data"
else
user="nginx"
fi
cat > /etc/nginx/nginx.conf<<-EOF
user $user;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;
# Load dynamic modules. See /usr/share/doc/nginx/README.dynamic.
include /usr/share/nginx/modules/*.conf;
events {
worker_connections 1024;
}
http {
log_format main '\$remote_addr - \$remote_user [\$time_local] "\$request" '
'\$status \$body_bytes_sent "\$http_referer" '
'"\$http_user_agent" "\$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
server_tokens off;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
gzip on;
include /etc/nginx/mime.types;
default_type application/octet-stream;
# Load modular configuration files from the /etc/nginx/conf.d directory.
# See http://nginx.org/en/docs/ngx_core_module.html#include
# for more information.
include /etc/nginx/conf.d/*.conf;
}
EOF
fi
if [[ "$PROXY_URL" = "" ]]; then
action=""
else
action="proxy_ssl_server_name on;
proxy_pass $PROXY_URL;
proxy_set_header Accept-Encoding '';
sub_filter \"$REMOTE_HOST\" \"$DOMAIN\";
sub_filter_once off;"
fi
if [[ "$TLS" = "true" || "$XTLS" = "true" ]]; then
mkdir -p $NGINX_CONF_PATH
# VMESS+WS+TLS
# VLESS+WS+TLS
if [[ "$WS" = "true" ]]; then
cat > ${NGINX_CONF_PATH}${DOMAIN}.conf<<-EOF
server {
listen 80;
listen [::]:80;
server_name ${DOMAIN};
return 301 https://\$server_name:${PORT}\$request_uri;
}
server {
listen ${PORT} ssl http2;
listen [::]:${PORT} ssl http2;
server_name ${DOMAIN};
charset utf-8;
# ssl配置
ssl_protocols TLSv1.1 TLSv1.2;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_ecdh_curve secp384r1;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
ssl_session_tickets off;
ssl_certificate $CERT_FILE;
ssl_certificate_key $KEY_FILE;
root /usr/share/nginx/html;
location / {
$action
}
$ROBOT_CONFIG
location ${WSPATH} {
proxy_redirect off;
proxy_pass http://127.0.0.1:${V2PORT};
proxy_http_version 1.1;
proxy_set_header Upgrade \$http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host \$host;
# Show real IP in v2ray access.log
proxy_set_header X-Real-IP \$remote_addr;
proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
}
}
EOF
else
# VLESS+TCP+TLS
# VLESS+TCP+XTLS
# trojan
cat > ${NGINX_CONF_PATH}${DOMAIN}.conf<<-EOF
server {
listen 80;
listen [::]:80;
listen 81 http2;
server_name ${DOMAIN};
root /usr/share/nginx/html;
location / {
$action
}
$ROBOT_CONFIG
}
EOF
fi
fi
}
setSelinux() {
if [[ -s /etc/selinux/config ]] && grep 'SELINUX=enforcing' /etc/selinux/config; then
sed -i 's/SELINUX=enforcing/SELINUX=permissive/g' /etc/selinux/config
setenforce 0
fi
}
setFirewall() {
res=`which firewall-cmd 2>/dev/null`
if [[ $? -eq 0 ]]; then
systemctl status firewalld > /dev/null 2>&1
if [[ $? -eq 0 ]];then
firewall-cmd --permanent --add-service=http
firewall-cmd --permanent --add-service=https
if [[ "$PORT" != "443" ]]; then
firewall-cmd --permanent --add-port=${PORT}/tcp
firewall-cmd --permanent --add-port=${PORT}/udp
fi
firewall-cmd --reload
else
nl=`iptables -nL | nl | grep FORWARD | awk '{print $1}'`
if [[ "$nl" != "3" ]]; then
iptables -I INPUT -p tcp --dport 80 -j ACCEPT
iptables -I INPUT -p tcp --dport 443 -j ACCEPT
if [[ "$PORT" != "443" ]]; then
iptables -I INPUT -p tcp --dport ${PORT} -j ACCEPT
iptables -I INPUT -p udp --dport ${PORT} -j ACCEPT
fi
fi
fi
else
res=`which iptables 2>/dev/null`
if [[ $? -eq 0 ]]; then
nl=`iptables -nL | nl | grep FORWARD | awk '{print $1}'`
if [[ "$nl" != "3" ]]; then
iptables -I INPUT -p tcp --dport 80 -j ACCEPT
iptables -I INPUT -p tcp --dport 443 -j ACCEPT
if [[ "$PORT" != "443" ]]; then
iptables -I INPUT -p tcp --dport ${PORT} -j ACCEPT
iptables -I INPUT -p udp --dport ${PORT} -j ACCEPT
fi
fi
else
res=`which ufw 2>/dev/null`
if [[ $? -eq 0 ]]; then
res=`ufw status | grep -i inactive`
if [[ "$res" = "" ]]; then
ufw allow http/tcp
ufw allow https/tcp
if [[ "$PORT" != "443" ]]; then
ufw allow ${PORT}/tcp
ufw allow ${PORT}/udp
fi
fi
fi
fi
fi
}
installBBR() {
if [[ "$NEED_BBR" != "y" ]]; then
INSTALL_BBR=false
return
fi
result=$(lsmod | grep bbr)
if [[ "$result" != "" ]]; then
colorEcho $BLUE " BBR模块已安装"
INSTALL_BBR=false
return
fi
res=`hostnamectl | grep -i openvz`
if [[ "$res" != "" ]]; then
colorEcho $BLUE " openvz机器,跳过安装"
INSTALL_BBR=false
return
fi
echo "net.core.default_qdisc=fq" >> /etc/sysctl.conf
echo "net.ipv4.tcp_congestion_control=bbr" >> /etc/sysctl.conf
sysctl -p
result=$(lsmod | grep bbr)
if [[ "$result" != "" ]]; then
colorEcho $GREEN " BBR模块已启用"
INSTALL_BBR=false
return
fi
colorEcho $BLUE " 安装BBR模块..."
if [[ "$PMT" = "yum" ]]; then
rpm --import https://www.elrepo.org/RPM-GPG-KEY-elrepo.org
rpm -Uvh http://www.elrepo.org/elrepo-release-7.0-4.el7.elrepo.noarch.rpm
$CMD_INSTALL --enablerepo=elrepo-kernel kernel-ml
$CMD_REMOVE kernel-3.*
grub2-set-default 0
echo "tcp_bbr" >> /etc/modules-load.d/modules.conf
INSTALL_BBR=true
else
$CMD_INSTALL --install-recommends linux-generic-hwe-16.04
grub-set-default 0
echo "tcp_bbr" >> /etc/modules-load.d/modules.conf
INSTALL_BBR=true
fi
}
installV2ray() {
rm -rf /tmp/v2ray
mkdir -p /tmp/v2ray
DOWNLOAD_LINK="https://github.com/v2fly/v2ray-core/releases/download/${NEW_VER}/v2ray-linux-$(archAffix).zip"
colorEcho $BLUE " 下载V2Ray: ${DOWNLOAD_LINK}"
curl -L -H "Cache-Control: no-cache" -o /tmp/v2ray/v2ray.zip ${DOWNLOAD_LINK}
if [ $? != 0 ];then
colorEcho $RED " 下载V2ray文件失败,请检查服务器网络设置"
exit 1
fi
v2ray_start_config="run -c"
mkdir -p '/etc/v2ray' '/var/log/v2ray' && \
unzip /tmp/v2ray/v2ray.zip -d /tmp/v2ray
mkdir -p /usr/bin/v2ray
cp /tmp/v2ray/v2ray /usr/bin/v2ray/; cp /tmp/v2ray/geo* /usr/bin/v2ray/;
chmod +x '/usr/bin/v2ray/v2ray' || {
colorEcho $RED " V2ray安装失败"
exit 1
}
if [[ "$NEW_VER" = "v4.32.1" ]]; then
cp /tmp/v2ray/v2ctl /usr/bin/v2ray/;
chmod +x '/usr/bin/v2ray/v2ctl' || {
colorEcho $RED " V2ray安装失败"
exit 1
}
v2ray_start_config="-config"
fi
cat >$SERVICE_FILE<<-EOF
[Unit]
Description=V2ray Service
Documentation=https://www.v2fly.org/
After=network.target nss-lookup.target
[Service]
# If the version of systemd is 240 or above, then uncommenting Type=exec and commenting out Type=simple
#Type=exec
Type=simple
# This service runs as root. You may consider to run it as another user for security concerns.
# By uncommenting User=nobody and commenting out User=root, the service will run as user nobody.
# More discussion at https://github.com/v2ray/v2ray-core/issues/1011
User=root
#User=nobody
NoNewPrivileges=true
ExecStart=/usr/bin/v2ray/v2ray $v2ray_start_config /etc/v2ray/config.json
Restart=on-failure
[Install]
WantedBy=multi-user.target
EOF
systemctl daemon-reload
systemctl enable v2ray.service
}
trojanConfig() {
cat > $CONFIG_FILE<<-EOF
{
"inbounds": [{
"port": $PORT,
"protocol": "trojan",
"settings": {
"clients": [
{
"password": "$PASSWORD"
}
],
"fallbacks": [
{
"alpn": "http/1.1",
"dest": 80
},
{
"alpn": "h2",
"dest": 81
}
]
},
"streamSettings": {
"network": "tcp",
"security": "tls",
"tlsSettings": {
"serverName": "$DOMAIN",
"alpn": ["http/1.1", "h2"],
"certificates": [
{
"certificateFile": "$CERT_FILE",
"keyFile": "$KEY_FILE"
}
]
}
}
}],
"outbounds": [{
"protocol": "freedom",
"settings": {}
},{
"protocol": "blackhole",
"settings": {},
"tag": "blocked"
}]
}
EOF
}
trojanXTLSConfig() {
cat > $CONFIG_FILE<<-EOF
{
"inbounds": [{
"port": $PORT,
"protocol": "trojan",
"settings": {
"clients": [
{
"password": "$PASSWORD",
"flow": "$FLOW"
}
],
"fallbacks": [
{
"alpn": "http/1.1",
"dest": 80
},
{
"alpn": "h2",
"dest": 81
}
]
},
"streamSettings": {
"network": "tcp",
"security": "xtls",
"xtlsSettings": {
"serverName": "$DOMAIN",
"alpn": ["http/1.1", "h2"],
"certificates": [
{
"certificateFile": "$CERT_FILE",
"keyFile": "$KEY_FILE"
}
]
}
}
}],
"outbounds": [{
"protocol": "freedom",
"settings": {}
},{
"protocol": "blackhole",
"settings": {},
"tag": "blocked"
}]
}
EOF
}
vmessConfig() {
local uuid="$(cat '/proc/sys/kernel/random/uuid')"
local alterid=`shuf -i50-80 -n1`
cat > $CONFIG_FILE<<-EOF
{
"inbounds": [{
"port": $PORT,
"protocol": "vmess",
"settings": {
"clients": [
{
"id": "$uuid",
"level": 1,
"alterId": $alterid
}
]
}
}],
"outbounds": [{
"protocol": "freedom",
"settings": {}
},{
"protocol": "blackhole",
"settings": {},
"tag": "blocked"
}]
}
EOF
}
vmessKCPConfig() {
local uuid="$(cat '/proc/sys/kernel/random/uuid')"
local alterid=`shuf -i50-80 -n1`
cat > $CONFIG_FILE<<-EOF
{
"inbounds": [{
"port": $PORT,
"protocol": "vmess",
"settings": {
"clients": [
{
"id": "$uuid",
"level": 1,
"alterId": $alterid
}
]
},
"streamSettings": {
"network": "mkcp",
"kcpSettings": {
"uplinkCapacity": 100,
"downlinkCapacity": 100,
"congestion": true,
"header": {
"type": "$HEADER_TYPE"
},
"seed": "$SEED"
}
}
}],
"outbounds": [{
"protocol": "freedom",
"settings": {}
},{
"protocol": "blackhole",
"settings": {},
"tag": "blocked"
}]
}
EOF
}
vmessTLSConfig() {
local uuid="$(cat '/proc/sys/kernel/random/uuid')"
cat > $CONFIG_FILE<<-EOF
{
"inbounds": [{
"port": $PORT,
"protocol": "vmess",
"settings": {
"clients": [
{
"id": "$uuid",
"level": 1,
"alterId": 0
}
],
"disableInsecureEncryption": false
},
"streamSettings": {
"network": "tcp",
"security": "tls",
"tlsSettings": {
"serverName": "$DOMAIN",
"alpn": ["http/1.1", "h2"],
"certificates": [
{
"certificateFile": "$CERT_FILE",
"keyFile": "$KEY_FILE"
}
]
}
}
}],
"outbounds": [{
"protocol": "freedom",
"settings": {}
},{
"protocol": "blackhole",
"settings": {},
"tag": "blocked"
}]
}
EOF
}
vmessWSConfig() {
local uuid="$(cat '/proc/sys/kernel/random/uuid')"
cat > $CONFIG_FILE<<-EOF
{
"inbounds": [{
"port": $V2PORT,
"listen": "127.0.0.1",
"protocol": "vmess",
"settings": {
"clients": [
{
"id": "$uuid",
"level": 1,
"alterId": 0
}
],
"disableInsecureEncryption": false
},
"streamSettings": {
"network": "ws",
"wsSettings": {
"path": "$WSPATH",
"headers": {
"Host": "$DOMAIN"
}
}
}
}],
"outbounds": [{
"protocol": "freedom",
"settings": {}
},{
"protocol": "blackhole",
"settings": {},
"tag": "blocked"
}]
}
EOF
}
vlessTLSConfig() {
local uuid="$(cat '/proc/sys/kernel/random/uuid')"
cat > $CONFIG_FILE<<-EOF
{
"inbounds": [{
"port": $PORT,
"protocol": "vless",
"settings": {
"clients": [
{
"id": "$uuid",
"level": 0
}
],
"decryption": "none",
"fallbacks": [
{
"alpn": "http/1.1",
"dest": 80
},
{
"alpn": "h2",
"dest": 81
}
]
},
"streamSettings": {
"network": "tcp",
"security": "tls",
"tlsSettings": {
"serverName": "$DOMAIN",
"alpn": ["http/1.1", "h2"],
"certificates": [
{
"certificateFile": "$CERT_FILE",
"keyFile": "$KEY_FILE"
}
]
}
}
}],
"outbounds": [{
"protocol": "freedom",
"settings": {}
},{
"protocol": "blackhole",
"settings": {},
"tag": "blocked"
}]
}
EOF
}
vlessXTLSConfig() {
local uuid="$(cat '/proc/sys/kernel/random/uuid')"
cat > $CONFIG_FILE<<-EOF
{
"inbounds": [{
"port": $PORT,
"protocol": "vless",
"settings": {
"clients": [
{
"id": "$uuid",
"flow": "$FLOW",
"level": 0
}
],
"decryption": "none",
"fallbacks": [
{
"alpn": "http/1.1",
"dest": 80
},
{
"alpn": "h2",
"dest": 81
}
]
},
"streamSettings": {
"network": "tcp",
"security": "xtls",
"xtlsSettings": {
"serverName": "$DOMAIN",
"alpn": ["http/1.1", "h2"],
"certificates": [
{
"certificateFile": "$CERT_FILE",
"keyFile": "$KEY_FILE"
}
]
}
}
}],
"outbounds": [{
"protocol": "freedom",
"settings": {}
},{
"protocol": "blackhole",
"settings": {},
"tag": "blocked"
}]
}
EOF
}
vlessWSConfig() {
local uuid="$(cat '/proc/sys/kernel/random/uuid')"
cat > $CONFIG_FILE<<-EOF
{
"inbounds": [{
"port": $V2PORT,
"listen": "127.0.0.1",
"protocol": "vless",
"settings": {
"clients": [
{
"id": "$uuid",
"level": 0
}
],
"decryption": "none"
},
"streamSettings": {
"network": "ws",
"security": "none",
"wsSettings": {
"path": "$WSPATH",
"headers": {
"Host": "$DOMAIN"
}
}
}
}],
"outbounds": [{
"protocol": "freedom",
"settings": {}
},{
"protocol": "blackhole",
"settings": {},
"tag": "blocked"
}]
}
EOF
}
vlessKCPConfig() {
local uuid="$(cat '/proc/sys/kernel/random/uuid')"
cat > $CONFIG_FILE<<-EOF
{
"inbounds": [{
"port": $PORT,
"protocol": "vless",
"settings": {
"clients": [
{
"id": "$uuid",
"level": 0
}
],
"decryption": "none"
},
"streamSettings": {
"streamSettings": {
"network": "mkcp",
"kcpSettings": {
"uplinkCapacity": 100,
"downlinkCapacity": 100,
"congestion": true,
"header": {
"type": "$HEADER_TYPE"
},
"seed": "$SEED"
}
}
}
}],
"outbounds": [{
"protocol": "freedom",
"settings": {}
},{
"protocol": "blackhole",
"settings": {},
"tag": "blocked"
}]
}
EOF
}
configV2ray() {
mkdir -p /etc/v2ray
if [[ "$TROJAN" = "true" ]]; then
if [[ "$XTLS" = "true" ]]; then
trojanXTLSConfig
else
trojanConfig
fi
return 0
fi
if [[ "$VLESS" = "false" ]]; then
# VMESS + kcp
if [[ "$KCP" = "true" ]]; then
vmessKCPConfig
return 0
fi
# VMESS
if [[ "$TLS" = "false" ]]; then
vmessConfig
elif [[ "$WS" = "false" ]]; then
# VMESS+TCP+TLS
vmessTLSConfig
# VMESS+WS+TLS
else
vmessWSConfig
fi
#VLESS
else
if [[ "$KCP" = "true" ]]; then
vlessKCPConfig
return 0
fi
# VLESS+TCP
if [[ "$WS" = "false" ]]; then
# VLESS+TCP+TLS
if [[ "$XTLS" = "false" ]]; then
vlessTLSConfig
# VLESS+TCP+XTLS
else
vlessXTLSConfig
fi
# VLESS+WS+TLS
else
vlessWSConfig
fi
fi
}
install() {
getData
$PMT clean all
[[ "$PMT" = "apt" ]] && $PMT update
#echo $CMD_UPGRADE | bash
$CMD_INSTALL wget vim unzip tar gcc openssl
$CMD_INSTALL net-tools
if [[ "$PMT" = "apt" ]]; then
$CMD_INSTALL libssl-dev g++
fi
res=`which unzip 2>/dev/null`
if [[ $? -ne 0 ]]; then
colorEcho $RED " unzip安装失败,请检查网络"
exit 1
fi
installNginx
setFirewall
if [[ "$TLS" = "true" || "$XTLS" = "true" ]]; then
getCert
fi
configNginx
colorEcho $BLUE " 安装V2ray..."
getVersion
RETVAL="$?"
if [[ $RETVAL == 0 ]]; then
colorEcho $BLUE " V2ray最新版 ${CUR_VER} 已经安装"
elif [[ $RETVAL == 3 ]]; then
exit 1
else
colorEcho $BLUE " 安装V2Ray ${NEW_VER} ,架构$(archAffix)"
installV2ray
fi
configV2ray
setSelinux
installBBR
start
showInfo
bbrReboot
}
bbrReboot() {
if [[ "${INSTALL_BBR}" == "true" ]]; then
echo
echo " 为使BBR模块生效,系统将在30秒后重启"
echo
echo -e " 您可以按 ctrl + c 取消重启,稍后输入 ${RED}reboot${PLAIN} 重启系统"
sleep 30
reboot
fi
}
update() {
res=`status`
if [[ $res -lt 2 ]]; then
colorEcho $RED " V2ray未安装,请先安装!"
return
fi
getVersion
RETVAL="$?"
if [[ $RETVAL == 0 ]]; then
colorEcho $BLUE " V2ray最新版 ${CUR_VER} 已经安装"
elif [[ $RETVAL == 3 ]]; then
exit 1
else
colorEcho $BLUE " 安装V2Ray ${NEW_VER} ,架构$(archAffix)"
installV2ray
stop
start
colorEcho $GREEN " 最新版V2ray安装成功!"
fi
}
uninstall() {
res=`status`
if [[ $res -lt 2 ]]; then
colorEcho $RED " V2ray未安装,请先安装!"
return
fi
echo ""
read -p " 确定卸载V2ray?[y/n]:" answer
if [[ "${answer,,}" = "y" ]]; then
domain=`grep Host $CONFIG_FILE | cut -d: -f2 | tr -d \",' '`
if [[ "$domain" = "" ]]; then
domain=`grep serverName $CONFIG_FILE | cut -d: -f2 | tr -d \",' '`
fi
stop
systemctl disable v2ray
rm -rf $SERVICE_FILE
rm -rf /etc/v2ray
rm -rf /usr/bin/v2ray
if [[ "$BT" = "false" ]]; then
systemctl disable nginx
$CMD_REMOVE nginx
if [[ "$PMT" = "apt" ]]; then
$CMD_REMOVE nginx-common
fi
rm -rf /etc/nginx/nginx.conf
if [[ -f /etc/nginx/nginx.conf.bak ]]; then
mv /etc/nginx/nginx.conf.bak /etc/nginx/nginx.conf
fi
fi
if [[ "$domain" != "" ]]; then
rm -rf $NGINX_CONF_PATH${domain}.conf
fi
[[ -f ~/.acme.sh/acme.sh ]] && ~/.acme.sh/acme.sh --uninstall
colorEcho $GREEN " V2ray卸载成功"
fi
}
start() {
res=`status`
if [[ $res -lt 2 ]]; then
colorEcho $RED " V2ray未安装,请先安装!"
return
fi
stopNginx
startNginx
systemctl restart v2ray
sleep 2
port=`grep port $CONFIG_FILE| head -n 1| cut -d: -f2| tr -d \",' '`
res=`ss -nutlp| grep ${port} | grep -i v2ray`
if [[ "$res" = "" ]]; then
colorEcho $RED " v2ray启动失败,请检查日志或查看端口是否被占用!"
else
colorEcho $BLUE " v2ray启动成功"
fi
}
stop() {
stopNginx
systemctl stop v2ray
colorEcho $BLUE " V2ray停止成功"
}
restart() {
res=`status`
if [[ $res -lt 2 ]]; then
colorEcho $RED " V2ray未安装,请先安装!"
return
fi
stop
start
}
getConfigFileInfo() {
vless="false"
tls="false"
ws="false"
xtls="false"
trojan="false"
protocol="VMess"
kcp="false"
uid=`grep id $CONFIG_FILE | head -n1| cut -d: -f2 | tr -d \",' '`
alterid=`grep alterId $CONFIG_FILE | cut -d: -f2 | tr -d \",' '`
network=`grep network $CONFIG_FILE | tail -n1| cut -d: -f2 | tr -d \",' '`
[[ -z "$network" ]] && network="tcp"
domain=`grep serverName $CONFIG_FILE | cut -d: -f2 | tr -d \",' '`
if [[ "$domain" = "" ]]; then
domain=`grep Host $CONFIG_FILE | cut -d: -f2 | tr -d \",' '`
if [[ "$domain" != "" ]]; then
ws="true"
tls="true"
wspath=`grep path $CONFIG_FILE | cut -d: -f2 | tr -d \",' '`
fi
else
tls="true"
fi
if [[ "$ws" = "true" ]]; then
port=`grep -i ssl $NGINX_CONF_PATH${domain}.conf| head -n1 | awk '{print $2}'`
else
port=`grep port $CONFIG_FILE | cut -d: -f2 | tr -d \",' '`
fi
res=`grep -i kcp $CONFIG_FILE`
if [[ "$res" != "" ]]; then
kcp="true"
type=`grep header -A 3 $CONFIG_FILE | grep 'type' | cut -d: -f2 | tr -d \",' '`
seed=`grep seed $CONFIG_FILE | cut -d: -f2 | tr -d \",' '`
fi
vmess=`grep vmess $CONFIG_FILE`
if [[ "$vmess" = "" ]]; then
trojan=`grep trojan $CONFIG_FILE`
if [[ "$trojan" = "" ]]; then
vless="true"
protocol="VLESS"
else
trojan="true"
password=`grep password $CONFIG_FILE | cut -d: -f2 | tr -d \",' '`
protocol="trojan"
fi
tls="true"
encryption="none"
xtls=`grep xtlsSettings $CONFIG_FILE`
if [[ "$xtls" != "" ]]; then
xtls="true"
flow=`grep flow $CONFIG_FILE | cut -d: -f2 | tr -d \",' '`
else
flow="无"
fi
fi
}
outputVmess() {
raw="{
\"v\":\"2\",
\"ps\":\"\",
\"add\":\"$IP\",
\"port\":\"${port}\",
\"id\":\"${uid}\",
\"aid\":\"$alterid\",
\"net\":\"tcp\",
\"type\":\"none\",
\"host\":\"\",
\"path\":\"\",
\"tls\":\"\"
}"
link=`echo -n ${raw} | base64 -w 0`
link="vmess://${link}"
echo -e " ${BLUE}IP(address): ${PLAIN} ${RED}${IP}${PLAIN}"
echo -e " ${BLUE}端口(port):${PLAIN}${RED}${port}${PLAIN}"
echo -e " ${BLUE}id(uuid):${PLAIN}${RED}${uid}${PLAIN}"
echo -e " ${BLUE}额外id(alterid):${PLAIN} ${RED}${alterid}${PLAIN}"
echo -e " ${BLUE}加密方式(security):${PLAIN} ${RED}auto${PLAIN}"
echo -e " ${BLUE}传输协议(network):${PLAIN} ${RED}${network}${PLAIN}"
echo
echo -e " ${BLUE}vmess链接:${PLAIN} $RED$link$PLAIN"
}
outputVmessKCP() {
echo -e " ${BLUE}IP(address): ${PLAIN} ${RED}${IP}${PLAIN}"
echo -e " ${BLUE}端口(port):${PLAIN}${RED}${port}${PLAIN}"
echo -e " ${BLUE}id(uuid):${PLAIN}${RED}${uid}${PLAIN}"
echo -e " ${BLUE}额外id(alterid):${PLAIN} ${RED}${alterid}${PLAIN}"
echo -e " ${BLUE}加密方式(security):${PLAIN} ${RED}auto${PLAIN}"
echo -e " ${BLUE}传输协议(network):${PLAIN} ${RED}${network}${PLAIN}"
echo -e " ${BLUE}伪装类型(type):${PLAIN} ${RED}${type}${PLAIN}"
echo -e " ${BLUE}mkcp seed:${PLAIN} ${RED}${seed}${PLAIN}"
}
outputTrojan() {
if [[ "$xtls" = "true" ]]; then
echo -e " ${BLUE}IP/域名(address): ${PLAIN} ${RED}${domain}${PLAIN}"
echo -e " ${BLUE}端口(port):${PLAIN}${RED}${port}${PLAIN}"
echo -e " ${BLUE}密码(password):${PLAIN}${RED}${password}${PLAIN}"
echo -e " ${BLUE}流控(flow):${PLAIN}$RED$flow${PLAIN}"
echo -e " ${BLUE}加密(encryption):${PLAIN} ${RED}none${PLAIN}"
echo -e " ${BLUE}传输协议(network):${PLAIN} ${RED}${network}${PLAIN}"
echo -e " ${BLUE}底层安全传输(tls):${PLAIN}${RED}XTLS${PLAIN}"
else
echo -e " ${BLUE}IP/域名(address): ${PLAIN} ${RED}${domain}${PLAIN}"
echo -e " ${BLUE}端口(port):${PLAIN}${RED}${port}${PLAIN}"
echo -e " ${BLUE}密码(password):${PLAIN}${RED}${password}${PLAIN}"
echo -e " ${BLUE}传输协议(network):${PLAIN} ${RED}${network}${PLAIN}"
echo -e " ${BLUE}底层安全传输(tls):${PLAIN}${RED}TLS${PLAIN}"
fi
}
outputVmessTLS() {
raw="{
\"v\":\"2\",
\"ps\":\"\",
\"add\":\"$IP\",
\"port\":\"${port}\",
\"id\":\"${uid}\",
\"aid\":\"$alterid\",
\"net\":\"${network}\",
\"type\":\"none\",
\"host\":\"${domain}\",
\"path\":\"\",
\"tls\":\"tls\"
}"
link=`echo -n ${raw} | base64 -w 0`
link="vmess://${link}"
echo -e " ${BLUE}IP(address): ${PLAIN} ${RED}${IP}${PLAIN}"
echo -e " ${BLUE}端口(port):${PLAIN}${RED}${port}${PLAIN}"
echo -e " ${BLUE}id(uuid):${PLAIN}${RED}${uid}${PLAIN}"
echo -e " ${BLUE}额外id(alterid):${PLAIN} ${RED}${alterid}${PLAIN}"
echo -e " ${BLUE}加密方式(security):${PLAIN} ${RED}none${PLAIN}"
echo -e " ${BLUE}传输协议(network):${PLAIN} ${RED}${network}${PLAIN}"
echo -e " ${BLUE}伪装域名/主机名(host)/SNI/peer名称:${PLAIN}${RED}${domain}${PLAIN}"
echo -e " ${BLUE}底层安全传输(tls):${PLAIN}${RED}TLS${PLAIN}"
echo
echo -e " ${BLUE}vmess链接: ${PLAIN}$RED$link$PLAIN"
}
outputVmessWS() {
raw="{
\"v\":\"2\",
\"ps\":\"\",
\"add\":\"$IP\",
\"port\":\"${port}\",
\"id\":\"${uid}\",
\"aid\":\"$alterid\",
\"net\":\"${network}\",
\"type\":\"none\",
\"host\":\"${domain}\",
\"path\":\"${wspath}\",
\"tls\":\"tls\"
}"
link=`echo -n ${raw} | base64 -w 0`
link="vmess://${link}"
echo -e " ${BLUE}IP(address): ${PLAIN} ${RED}${IP}${PLAIN}"
echo -e " ${BLUE}端口(port):${PLAIN}${RED}${port}${PLAIN}"
echo -e " ${BLUE}id(uuid):${PLAIN}${RED}${uid}${PLAIN}"
echo -e " ${BLUE}额外id(alterid):${PLAIN} ${RED}${alterid}${PLAIN}"
echo -e " ${BLUE}加密方式(security):${PLAIN} ${RED}none${PLAIN}"
echo -e " ${BLUE}传输协议(network):${PLAIN} ${RED}${network}${PLAIN}"
echo -e " ${BLUE}伪装类型(type):${PLAIN}${RED}none$PLAIN"
echo -e " ${BLUE}伪装域名/主机名(host)/SNI/peer名称:${PLAIN}${RED}${domain}${PLAIN}"
echo -e " ${BLUE}路径(path):${PLAIN}${RED}${wspath}${PLAIN}"
echo -e " ${BLUE}底层安全传输(tls):${PLAIN}${RED}TLS${PLAIN}"
echo
echo -e " ${BLUE}vmess链接:${PLAIN} $RED$link$PLAIN"
}
showInfo() {
res=`status`
if [[ $res -lt 2 ]]; then
colorEcho $RED " V2ray未安装,请先安装!"
return
fi
echo ""
echo -n -e " ${BLUE}V2ray运行状态:${PLAIN}"
statusText
echo -e " ${BLUE}V2ray配置文件: ${PLAIN} ${RED}${CONFIG_FILE}${PLAIN}"
colorEcho $BLUE " V2ray配置信息:"
getConfigFileInfo
echo -e " ${BLUE}协议: ${PLAIN} ${RED}${protocol}${PLAIN}"
if [[ "$trojan" = "true" ]]; then
outputTrojan
return 0
fi
if [[ "$vless" = "false" ]]; then
if [[ "$kcp" = "true" ]]; then
outputVmessKCP
return 0
fi
if [[ "$tls" = "false" ]]; then
outputVmess
elif [[ "$ws" = "false" ]]; then
outputVmessTLS
else
outputVmessWS
fi
else
if [[ "$kcp" = "true" ]]; then
echo -e " ${BLUE}IP(address): ${PLAIN} ${RED}${IP}${PLAIN}"
echo -e " ${BLUE}端口(port):${PLAIN}${RED}${port}${PLAIN}"
echo -e " ${BLUE}id(uuid):${PLAIN}${RED}${uid}${PLAIN}"
echo -e " ${BLUE}加密(encryption):${PLAIN} ${RED}none${PLAIN}"
echo -e " ${BLUE}传输协议(network):${PLAIN} ${RED}${network}${PLAIN}"
echo -e " ${BLUE}伪装类型(type):${PLAIN} ${RED}${type}${PLAIN}"
echo -e " ${BLUE}mkcp seed:${PLAIN} ${RED}${seed}${PLAIN}"
return 0
fi
if [[ "$xtls" = "true" ]]; then
echo -e " ${BLUE}IP(address): ${PLAIN} ${RED}${IP}${PLAIN}"
echo -e " ${BLUE}端口(port):${PLAIN}${RED}${port}${PLAIN}"
echo -e " ${BLUE}id(uuid):${PLAIN}${RED}${uid}${PLAIN}"
echo -e " ${BLUE}流控(flow):${PLAIN}$RED$flow${PLAIN}"
echo -e " ${BLUE}加密(encryption):${PLAIN} ${RED}none${PLAIN}"
echo -e " ${BLUE}传输协议(network):${PLAIN} ${RED}${network}${PLAIN}"
echo -e " ${BLUE}伪装类型(type):${PLAIN}${RED}none$PLAIN"
echo -e " ${BLUE}伪装域名/主机名(host)/SNI/peer名称:${PLAIN}${RED}${domain}${PLAIN}"
echo -e " ${BLUE}底层安全传输(tls):${PLAIN}${RED}XTLS${PLAIN}"
elif [[ "$ws" = "false" ]]; then
echo -e " ${BLUE}IP(address): ${PLAIN}${RED}${IP}${PLAIN}"
echo -e " ${BLUE}端口(port):${PLAIN}${RED}${port}${PLAIN}"
echo -e " ${BLUE}id(uuid):${PLAIN}${RED}${uid}${PLAIN}"
echo -e " ${BLUE}流控(flow):${PLAIN}$RED$flow${PLAIN}"
echo -e " ${BLUE}加密(encryption):${PLAIN} ${RED}none${PLAIN}"
echo -e " ${BLUE}传输协议(network):${PLAIN} ${RED}${network}${PLAIN}"
echo -e " ${BLUE}伪装类型(type):${PLAIN}${RED}none$PLAIN"
echo -e " ${BLUE}伪装域名/主机名(host)/SNI/peer名称:${PLAIN}${RED}${domain}${PLAIN}"
echo -e " ${BLUE}底层安全传输(tls):${PLAIN}${RED}TLS${PLAIN}"
else
echo -e " ${BLUE}IP(address): ${PLAIN} ${RED}${IP}${PLAIN}"
echo -e " ${BLUE}端口(port):${PLAIN}${RED}${port}${PLAIN}"
echo -e " ${BLUE}id(uuid):${PLAIN}${RED}${uid}${PLAIN}"
echo -e " ${BLUE}流控(flow):${PLAIN}$RED$flow${PLAIN}"
echo -e " ${BLUE}加密(encryption):${PLAIN} ${RED}none${PLAIN}"
echo -e " ${BLUE}传输协议(network):${PLAIN} ${RED}${network}${PLAIN}"
echo -e " ${BLUE}伪装类型(type):${PLAIN}${RED}none$PLAIN"
echo -e " ${BLUE}伪装域名/主机名(host)/SNI/peer名称:${PLAIN}${RED}${domain}${PLAIN}"
echo -e " ${BLUE}路径(path):${PLAIN}${RED}${wspath}${PLAIN}"
echo -e " ${BLUE}底层安全传输(tls):${PLAIN}${RED}TLS${PLAIN}"
fi
fi
}
showLog() {
res=`status`
if [[ $res -lt 2 ]]; then
colorEcho $RED " V2ray未安装,请先安装!"
return
fi
journalctl -xen -u v2ray --no-pager
}
menu() {
clear
echo "#############################################################"
echo -e "# ${RED}v2ray一键安装脚本${PLAIN} #"
echo -e "# ${GREEN}作者${PLAIN}: 网络跳越(hijk) #"
echo -e "# ${GREEN}维护${PLAIN}: ifeng #"
echo -e "# ${GREEN}网址${PLAIN}: https://www.hicairo.com #"
echo -e "# ${GREEN}TG群${PLAIN}: https://t.me/HiaiFeng #"
echo -e "# #"
echo -e "# 向${GREEN}网络跳越${PLAIN}致敬!!! #"
echo -e "# 该脚本原作者为${GREEN}网络跳越${PLAIN},好像已经停止维护。该脚本默认 #"
echo -e "# 支持BBR加速,支持ipv6连接。目前由${GREEN}ifeng${PLAIN}修改Bug进行维护。 #"
echo -e "# #"
echo "#############################################################"
echo -e " ${GREEN}1.${PLAIN} 安装V2ray-VMESS"
echo -e " ${GREEN}2.${PLAIN} 安装V2ray-${BLUE}VMESS+mKCP${PLAIN}"
echo -e " ${GREEN}3.${PLAIN} 安装V2ray-VMESS+TCP+TLS"
echo -e " ${GREEN}4.${PLAIN} 安装V2ray-${BLUE}VMESS+WS+TLS${PLAIN}${RED}(推荐)${PLAIN}"
echo -e " ${GREEN}5.${PLAIN} 安装V2ray-${BLUE}VLESS+mKCP${PLAIN}"
echo -e " ${GREEN}6.${PLAIN} 安装V2ray-VLESS+TCP+TLS"
echo -e " ${GREEN}7.${PLAIN} 安装V2ray-${BLUE}VLESS+WS+TLS${PLAIN}${RED}(可过cdn)${PLAIN}"
echo -e " ${GREEN}8.${PLAIN} 安装V2ray-${BLUE}VLESS+TCP+XTLS${PLAIN}${RED}(推荐)${PLAIN}"
echo -e " ${GREEN}9.${PLAIN} 安装${BLUE}trojan${PLAIN}${RED}(推荐)${PLAIN}"
echo -e " ${GREEN}10.${PLAIN} 安装${BLUE}trojan+XTLS${PLAIN}${RED}(推荐)${PLAIN}"
echo " -------------"
echo -e " ${GREEN}11.${PLAIN} 更新V2ray"
echo -e " ${GREEN}12. ${RED}卸载V2ray${PLAIN}"
echo " -------------"
echo -e " ${GREEN}13.${PLAIN} 启动V2ray"
echo -e " ${GREEN}14.${PLAIN} 重启V2ray"
echo -e " ${GREEN}15.${PLAIN} 停止V2ray"
echo " -------------"
echo -e " ${GREEN}16.${PLAIN} 查看V2ray配置"
echo -e " ${GREEN}17.${PLAIN} 查看V2ray日志"
echo " -------------"
echo -e " ${GREEN}0.${PLAIN} 退出"
echo -n " 当前状态:"
statusText
echo
read -p " 请选择操作[0-17]:" answer
case $answer in
0)
exit 0
;;
1)
install
;;
2)
KCP="true"
install
;;
3)
TLS="true"
install
;;
4)
TLS="true"
WS="true"
install
;;
5)
VLESS="true"
KCP="true"
install
;;
6)
VLESS="true"
TLS="true"
install
;;
7)
VLESS="true"
TLS="true"
WS="true"
install
;;
8)
VLESS="true"
TLS="true"
XTLS="true"
install
;;
9)
TROJAN="true"
TLS="true"
install
;;
10)
TROJAN="true"
TLS="true"
XTLS="true"
install
;;
11)
update
;;
12)
uninstall
;;
13)
start
;;
14)
restart
;;
15)
stop
;;
16)
showInfo
;;
17)
showLog
;;
*)
colorEcho $RED " 请选择正确的操作!"
exit 1
;;
esac
}
checkSystem
action=$1
[[ -z $1 ]] && action=menu
case "$action" in
menu|update|uninstall|start|restart|stop|showInfo|showLog)
${action}
;;
*)
echo " 参数错误"
echo " 用法: `basename $0` [menu|update|uninstall|start|restart|stop|showInfo|showLog]"
;;
esac
Raw
v2ray_normal.sh
#!/usr/bin/env bash
# shellcheck disable=SC2268
# The files installed by the script conform to the Filesystem Hierarchy Standard:
# https://wiki.linuxfoundation.org/lsb/fhs
# The URL of the script project is:
# https://github.com/v2fly/fhs-install-v2ray
# The URL of the script is:
# https://raw.githubusercontent.com/v2fly/fhs-install-v2ray/master/install-release.sh
# If the script executes incorrectly, go to:
# https://github.com/v2fly/fhs-install-v2ray/issues
# You can set this variable whatever you want in shell session right before running this script by issuing:
# export DAT_PATH='/usr/local/share/v2ray'
DAT_PATH=${DAT_PATH:-/usr/local/share/v2ray}
# You can set this variable whatever you want in shell session right before running this script by issuing:
# export JSON_PATH='/usr/local/etc/v2ray'
JSON_PATH=${JSON_PATH:-/usr/local/etc/v2ray}
# Set this variable only if you are starting v2ray with multiple configuration files:
# export JSONS_PATH='/usr/local/etc/v2ray'
# Set this variable only if you want this script to check all the systemd unit file:
# export check_all_service_files='yes'
curl() {
$(type -P curl) -L -q --retry 5 --retry-delay 10 --retry-max-time 60 "$@"
}
systemd_cat_config() {
if systemd-analyze --help | grep -qw 'cat-config'; then
systemd-analyze --no-pager cat-config "$@"
echo
else
echo "${aoi}~~~~~~~~~~~~~~~~"
cat "$@" "$1".d/*
echo "${aoi}~~~~~~~~~~~~~~~~"
echo "${red}warning: ${green}The systemd version on the current operating system is too low."
echo "${red}warning: ${green}Please consider to upgrade the systemd or the operating system.${reset}"
echo
fi
}
check_if_running_as_root() {
# If you want to run as another user, please modify $UID to be owned by this user
if [[ "$UID" -ne '0' ]]; then
echo "WARNING: The user currently executing this script is not root. You may encounter the insufficient privilege error."
read -r -p "Are you sure you want to continue? [y/n] " cont_without_been_root
if [[ x"${cont_without_been_root:0:1}" = x'y' ]]; then
echo "Continuing the installation with current user..."
else
echo "Not running with root, exiting..."
exit 1
fi
fi
}
identify_the_operating_system_and_architecture() {
if [[ "$(uname)" == 'Linux' ]]; then
case "$(uname -m)" in
'i386' | 'i686')
MACHINE='32'
;;
'amd64' | 'x86_64')
MACHINE='64'
;;
'armv5tel')
MACHINE='arm32-v5'
;;
'armv6l')
MACHINE='arm32-v6'
grep Features /proc/cpuinfo | grep -qw 'vfp' || MACHINE='arm32-v5'
;;
'armv7' | 'armv7l')
MACHINE='arm32-v7a'
grep Features /proc/cpuinfo | grep -qw 'vfp' || MACHINE='arm32-v5'
;;
'armv8' | 'aarch64')
MACHINE='arm64-v8a'
;;
'mips')
MACHINE='mips32'
;;
'mipsle')
MACHINE='mips32le'
;;
'mips64')
MACHINE='mips64'
;;
'mips64le')
MACHINE='mips64le'
;;
'ppc64')
MACHINE='ppc64'
;;
'ppc64le')
MACHINE='ppc64le'
;;
'riscv64')
MACHINE='riscv64'
;;
's390x')
MACHINE='s390x'
;;
*)
echo "error: The architecture is not supported."
exit 1
;;
esac
if [[ ! -f '/etc/os-release' ]]; then
echo "error: Don't use outdated Linux distributions."
exit 1
fi
# Do not combine this judgment condition with the following judgment condition.
## Be aware of Linux distribution like Gentoo, which kernel supports switch between Systemd and OpenRC.
### Refer: https://github.com/v2fly/fhs-install-v2ray/issues/84#issuecomment-688574989
if [[ -f /.dockerenv ]] || grep -q 'docker\|lxc' /proc/1/cgroup && [[ "$(type -P systemctl)" ]]; then
true
elif [[ -d /run/systemd/system ]] || grep -q systemd <(ls -l /sbin/init); then
true
else
echo "error: Only Linux distributions using systemd are supported."
exit 1
fi
if [[ "$(type -P apt)" ]]; then
PACKAGE_MANAGEMENT_INSTALL='apt -y --no-install-recommends install'
PACKAGE_MANAGEMENT_REMOVE='apt purge'
package_provide_tput='ncurses-bin'
elif [[ "$(type -P dnf)" ]]; then
PACKAGE_MANAGEMENT_INSTALL='dnf -y install'
PACKAGE_MANAGEMENT_REMOVE='dnf remove'
package_provide_tput='ncurses'
elif [[ "$(type -P yum)" ]]; then
PACKAGE_MANAGEMENT_INSTALL='yum -y install'
PACKAGE_MANAGEMENT_REMOVE='yum remove'
package_provide_tput='ncurses'
elif [[ "$(type -P zypper)" ]]; then
PACKAGE_MANAGEMENT_INSTALL='zypper install -y --no-recommends'
PACKAGE_MANAGEMENT_REMOVE='zypper remove'
package_provide_tput='ncurses-utils'
elif [[ "$(type -P pacman)" ]]; then
PACKAGE_MANAGEMENT_INSTALL='pacman -Syu --noconfirm'
PACKAGE_MANAGEMENT_REMOVE='pacman -Rsn'
package_provide_tput='ncurses'
else
echo "error: The script does not support the package manager in this operating system."
exit 1
fi
else
echo "error: This operating system is not supported."
exit 1
fi
}
## Demo function for processing parameters
judgment_parameters() {
while [[ "$#" -gt '0' ]]; do
case "$1" in
'--remove')
if [[ "$#" -gt '1' ]]; then
echo 'error: Please enter the correct parameters.'
exit 1
fi
REMOVE='1'
;;
'--version')
VERSION="${2:?error: Please specify the correct version.}"
break
;;
'-c' | '--check')
CHECK='1'
break
;;
'-f' | '--force')
FORCE='1'
break
;;
'-h' | '--help')
HELP='1'
break
;;
'-l' | '--local')
LOCAL_INSTALL='1'
LOCAL_FILE="${2:?error: Please specify the correct local file.}"
break
;;
'-p' | '--proxy')
if [[ -z "${2:?error: Please specify the proxy server address.}" ]]; then
exit 1
fi
PROXY="$2"
shift
;;
*)
echo "$0: unknown option -- -"
exit 1
;;
esac
shift
done
}
install_software() {
package_name="$1"
file_to_detect="$2"
type -P "$file_to_detect" > /dev/null 2>&1 && return
if ${PACKAGE_MANAGEMENT_INSTALL} "$package_name"; then
echo "info: $package_name is installed."
else
echo "error: Installation of $package_name failed, please check your network."
exit 1
fi
}
get_current_version() {
if /usr/local/bin/v2ray -version >/dev/null 2>&1;then
VERSION="$(/usr/local/bin/v2ray -version | awk 'NR==1 {print $2}')"
else
VERSION="$(/usr/local/bin/v2ray version | awk 'NR==1 {print $2}')"
fi
CURRENT_VERSION="v${VERSION#v}"
}
get_version() {
# 0: Install or update V2Ray.
# 1: Installed or no new version of V2Ray.
# 2: Install the specified version of V2Ray.
if [[ -n "$VERSION" ]]; then
RELEASE_VERSION="v${VERSION#v}"
return 2
fi
# Determine the version number for V2Ray installed from a local file
if [[ -f '/usr/local/bin/v2ray' ]]; then
get_current_version
if [[ "$LOCAL_INSTALL" -eq '1' ]]; then
RELEASE_VERSION="$CURRENT_VERSION"
return
fi
fi
# Get V2Ray release version number
TMP_FILE="$(mktemp)"
if ! curl -x "${PROXY}" -sS -H "Accept: application/vnd.github.v3+json" -o "$TMP_FILE" 'https://api.github.com/repos/v2fly/v2ray-core/releases/latest'; then
"rm" "$TMP_FILE"
echo 'error: Failed to get release list, please check your network.'
exit 1
fi
RELEASE_LATEST="$(sed 'y/,/\n/' "$TMP_FILE" | grep 'tag_name' | awk -F '"' '{print $4}')"
"rm" "$TMP_FILE"
RELEASE_VERSION="v${RELEASE_LATEST#v}"
# Compare V2Ray version numbers
if [[ "$RELEASE_VERSION" != "$CURRENT_VERSION" ]]; then
RELEASE_VERSIONSION_NUMBER="${RELEASE_VERSION#v}"
RELEASE_MAJOR_VERSION_NUMBER="${RELEASE_VERSIONSION_NUMBER%%.*}"
RELEASE_MINOR_VERSION_NUMBER="$(echo "$RELEASE_VERSIONSION_NUMBER" | awk -F '.' '{print $2}')"
RELEASE_MINIMUM_VERSION_NUMBER="${RELEASE_VERSIONSION_NUMBER##*.}"
# shellcheck disable=SC2001
CURRENT_VERSION_NUMBER="$(echo "${CURRENT_VERSION#v}" | sed 's/-.*//')"
CURRENT_MAJOR_VERSION_NUMBER="${CURRENT_VERSION_NUMBER%%.*}"
CURRENT_MINOR_VERSION_NUMBER="$(echo "$CURRENT_VERSION_NUMBER" | awk -F '.' '{print $2}')"
CURRENT_MINIMUM_VERSION_NUMBER="${CURRENT_VERSION_NUMBER##*.}"
if [[ "$RELEASE_MAJOR_VERSION_NUMBER" -gt "$CURRENT_MAJOR_VERSION_NUMBER" ]]; then
return 0
elif [[ "$RELEASE_MAJOR_VERSION_NUMBER" -eq "$CURRENT_MAJOR_VERSION_NUMBER" ]]; then
if [[ "$RELEASE_MINOR_VERSION_NUMBER" -gt "$CURRENT_MINOR_VERSION_NUMBER" ]]; then
return 0
elif [[ "$RELEASE_MINOR_VERSION_NUMBER" -eq "$CURRENT_MINOR_VERSION_NUMBER" ]]; then
if [[ "$RELEASE_MINIMUM_VERSION_NUMBER" -gt "$CURRENT_MINIMUM_VERSION_NUMBER" ]]; then
return 0
else
return 1
fi
else
return 1
fi
else
return 1
fi
elif [[ "$RELEASE_VERSION" == "$CURRENT_VERSION" ]]; then
return 1
fi
}
download_v2ray() {
DOWNLOAD_LINK="https://github.com/v2fly/v2ray-core/releases/download/$RELEASE_VERSION/v2ray-linux-$MACHINE.zip"
echo "Downloading V2Ray archive: $DOWNLOAD_LINK"
if ! curl -x "${PROXY}" -R -H 'Cache-Control: no-cache' -o "$ZIP_FILE" "$DOWNLOAD_LINK"; then
echo 'error: Download failed! Please check your network or try again.'
return 1
fi
echo "Downloading verification file for V2Ray archive: $DOWNLOAD_LINK.dgst"
if ! curl -x "${PROXY}" -sSR -H 'Cache-Control: no-cache' -o "$ZIP_FILE.dgst" "$DOWNLOAD_LINK.dgst"; then
echo 'error: Download failed! Please check your network or try again.'
return 1
fi
if [[ "$(cat "$ZIP_FILE".dgst)" == 'Not Found' ]]; then
echo 'error: This version does not support verification. Please replace with another version.'
return 1
fi
# Verification of V2Ray archive
for LISTSUM in 'md5' 'sha1' 'sha256' 'sha512'; do
SUM="$(${LISTSUM}sum "$ZIP_FILE" | sed 's/ .*//')"
CHECKSUM="$(grep ${LISTSUM^^} "$ZIP_FILE".dgst | grep "$SUM" -o -a | uniq)"
if [[ "$SUM" != "$CHECKSUM" ]]; then
echo 'error: Check failed! Please check your network or try again.'
return 1
fi
done
}
decompression() {
if ! unzip -q "$1" -d "$TMP_DIRECTORY"; then
echo 'error: V2Ray decompression failed.'
"rm" -r "$TMP_DIRECTORY"
echo "removed: $TMP_DIRECTORY"
exit 1
fi
echo "info: Extract the V2Ray package to $TMP_DIRECTORY and prepare it for installation."
}
install_file() {
NAME="$1"
if [[ "$NAME" == 'v2ray' ]] || [[ "$NAME" == 'v2ctl' ]]; then
install -m 755 "${TMP_DIRECTORY}/$NAME" "/usr/local/bin/$NAME"
elif [[ "$NAME" == 'geoip.dat' ]] || [[ "$NAME" == 'geosite.dat' ]]; then
install -m 644 "${TMP_DIRECTORY}/$NAME" "${DAT_PATH}/$NAME"
fi
}
install_v2ray() {
# Install V2Ray binary to /usr/local/bin/ and $DAT_PATH
install_file v2ray
if [[ -f "${TMP_DIRECTORY}/v2ctl" ]]; then
install_file v2ctl
else
if [[ -f '/usr/local/bin/v2ctl' ]]; then
rm '/usr/local/bin/v2ctl'
fi
fi
install -d "$DAT_PATH"
# If the file exists, geoip.dat and geosite.dat will not be installed or updated
if [[ ! -f "${DAT_PATH}/.undat" ]]; then
install_file geoip.dat
install_file geosite.dat
fi
# Install V2Ray configuration file to $JSON_PATH
# shellcheck disable=SC2153
if [[ -z "$JSONS_PATH" ]] && [[ ! -d "$JSON_PATH" ]]; then
install -d "$JSON_PATH"
echo "{}" > "${JSON_PATH}/config.json"
CONFIG_NEW='1'
fi
# Install V2Ray configuration file to $JSONS_PATH
if [[ -n "$JSONS_PATH" ]] && [[ ! -d "$JSONS_PATH" ]]; then
install -d "$JSONS_PATH"
for BASE in 00_log 01_api 02_dns 03_routing 04_policy 05_inbounds 06_outbounds 07_transport 08_stats 09_reverse; do
echo '{}' > "${JSONS_PATH}/${BASE}.json"
done
CONFDIR='1'
fi
# Used to store V2Ray log files
if [[ ! -d '/var/log/v2ray/' ]]; then
if id nobody | grep -qw 'nogroup'; then
install -d -m 700 -o nobody -g nogroup /var/log/v2ray/
install -m 600 -o nobody -g nogroup /dev/null /var/log/v2ray/access.log
install -m 600 -o nobody -g nogroup /dev/null /var/log/v2ray/error.log
else
install -d -m 700 -o nobody -g nobody /var/log/v2ray/
install -m 600 -o nobody -g nobody /dev/null /var/log/v2ray/access.log
install -m 600 -o nobody -g nobody /dev/null /var/log/v2ray/error.log
fi
LOG='1'
fi
}
install_startup_service_file() {
get_current_version
if [[ "$(echo "${CURRENT_VERSION#v}" | sed 's/-.*//' | awk -F'.' '{print $1}')" -gt "4" ]];then
START_COMMAND="/usr/local/bin/v2ray run"
else
START_COMMAND="/usr/local/bin/v2ray"
fi
install -m 644 "${TMP_DIRECTORY}/systemd/system/v2ray.service" /etc/systemd/system/v2ray.service
install -m 644 "${TMP_DIRECTORY}/systemd/system/[email protected]" /etc/systemd/system/[email protected]
mkdir -p '/etc/systemd/system/v2ray.service.d'
mkdir -p '/etc/systemd/system/[email protected]/'
if [[ -n "$JSONS_PATH" ]]; then
"rm" -f '/etc/systemd/system/v2ray.service.d/10-donot_touch_single_conf.conf' \
'/etc/systemd/system/[email protected]/10-donot_touch_single_conf.conf'
echo "# In case you have a good reason to do so, duplicate this file in the same directory and make your customizes there.
# Or all changes you made will be lost! # Refer: https://www.freedesktop.org/software/systemd/man/systemd.unit.html
[Service]
ExecStart=
ExecStart=${START_COMMAND} -confdir $JSONS_PATH" |
tee '/etc/systemd/system/v2ray.service.d/10-donot_touch_multi_conf.conf' > \
'/etc/systemd/system/[email protected]/10-donot_touch_multi_conf.conf'
else
"rm" -f '/etc/systemd/system/v2ray.service.d/10-donot_touch_multi_conf.conf' \
'/etc/systemd/system/[email protected]/10-donot_touch_multi_conf.conf'
echo "# In case you have a good reason to do so, duplicate this file in the same directory and make your customizes there.
# Or all changes you made will be lost! # Refer: https://www.freedesktop.org/software/systemd/man/systemd.unit.html
[Service]
ExecStart=
ExecStart=${START_COMMAND} -config ${JSON_PATH}/config.json" > \
'/etc/systemd/system/v2ray.service.d/10-donot_touch_single_conf.conf'
echo "# In case you have a good reason to do so, duplicate this file in the same directory and make your customizes there.
# Or all changes you made will be lost! # Refer: https://www.freedesktop.org/software/systemd/man/systemd.unit.html
[Service]
ExecStart=
ExecStart=${START_COMMAND} -config ${JSON_PATH}/%i.json" > \
'/etc/systemd/system/[email protected]/10-donot_touch_single_conf.conf'
fi
echo "info: Systemd service files have been installed successfully!"
echo "${red}warning: ${green}The following are the actual parameters for the v2ray service startup."
echo "${red}warning: ${green}Please make sure the configuration file path is correctly set.${reset}"
systemd_cat_config /etc/systemd/system/v2ray.service
# shellcheck disable=SC2154
if [[ x"${check_all_service_files:0:1}" = x'y' ]]; then
echo
echo
systemd_cat_config /etc/systemd/system/[email protected]
fi
systemctl daemon-reload
SYSTEMD='1'
}
start_v2ray() {
if [[ -f '/etc/systemd/system/v2ray.service' ]]; then
if systemctl start "${V2RAY_CUSTOMIZE:-v2ray}"; then
echo 'info: Start the V2Ray service.'
else
echo 'error: Failed to start V2Ray service.'
exit 1
fi
fi
}
stop_v2ray() {
V2RAY_CUSTOMIZE="$(systemctl list-units | grep 'v2ray@' | awk -F ' ' '{print $1}')"
if [[ -z "$V2RAY_CUSTOMIZE" ]]; then
local v2ray_daemon_to_stop='v2ray.service'
else
local v2ray_daemon_to_stop="$V2RAY_CUSTOMIZE"
fi
if ! systemctl stop "$v2ray_daemon_to_stop"; then
echo 'error: Stopping the V2Ray service failed.'
exit 1
fi
echo 'info: Stop the V2Ray service.'
}
check_update() {
if [[ -f '/etc/systemd/system/v2ray.service' ]]; then
get_version
local get_ver_exit_code=$?
if [[ "$get_ver_exit_code" -eq '0' ]]; then
echo "info: Found the latest release of V2Ray $RELEASE_VERSION . (Current release: $CURRENT_VERSION)"
elif [[ "$get_ver_exit_code" -eq '1' ]]; then
echo "info: No new version. The current version of V2Ray is $CURRENT_VERSION ."
fi
exit 0
else
echo 'error: V2Ray is not installed.'
exit 1
fi
}
remove_v2ray() {
if systemctl list-unit-files | grep -qw 'v2ray'; then
if [[ -n "$(pidof v2ray)" ]]; then
stop_v2ray
fi
if ! ("rm" -r '/usr/local/bin/v2ray' \
"$DAT_PATH" \
'/etc/systemd/system/v2ray.service' \
'/etc/systemd/system/[email protected]' \
'/etc/systemd/system/v2ray.service.d' \
'/etc/systemd/system/[email protected]'); then
echo 'error: Failed to remove V2Ray.'
exit 1
else
echo 'removed: /usr/local/bin/v2ray'
if [[ -f '/usr/local/bin/v2ctl' ]]; then
rm '/usr/local/bin/v2ctl'
echo 'removed: /usr/local/bin/v2ctl'
fi
echo "removed: $DAT_PATH"
echo 'removed: /etc/systemd/system/v2ray.service'
echo 'removed: /etc/systemd/system/[email protected]'
echo 'removed: /etc/systemd/system/v2ray.service.d'
echo 'removed: /etc/systemd/system/[email protected]'
echo 'Please execute the command: systemctl disable v2ray'
echo "You may need to execute a command to remove dependent software: $PACKAGE_MANAGEMENT_REMOVE curl unzip"
echo 'info: V2Ray has been removed.'
echo 'info: If necessary, manually delete the configuration and log files.'
if [[ -n "$JSONS_PATH" ]]; then
echo "info: e.g., $JSONS_PATH and /var/log/v2ray/ ..."
else
echo "info: e.g., $JSON_PATH and /var/log/v2ray/ ..."
fi
exit 0
fi
else
echo 'error: V2Ray is not installed.'
exit 1
fi
}
# Explanation of parameters in the script
show_help() {
echo "usage: $0 [--remove | --version number | -c | -f | -h | -l | -p]"
echo ' [-p address] [--version number | -c | -f]'
echo ' --remove Remove V2Ray'
echo ' --version Install the specified version of V2Ray, e.g., --version v4.18.0'
echo ' -c, --check Check if V2Ray can be updated'
echo ' -f, --force Force installation of the latest version of V2Ray'
echo ' -h, --help Show help'
echo ' -l, --local Install V2Ray from a local file'
echo ' -p, --proxy Download through a proxy server, e.g., -p http://127.0.0.1:8118 or -p socks5://127.0.0.1:1080'
exit 0
}
main() {
check_if_running_as_root
identify_the_operating_system_and_architecture
judgment_parameters "$@"
install_software "$package_provide_tput" 'tput'
red=$(tput setaf 1)
green=$(tput setaf 2)
aoi=$(tput setaf 6)
reset=$(tput sgr0)
# Parameter information
[[ "$HELP" -eq '1' ]] && show_help
[[ "$CHECK" -eq '1' ]] && check_update
[[ "$REMOVE" -eq '1' ]] && remove_v2ray
# Two very important variables
TMP_DIRECTORY="$(mktemp -d)"
ZIP_FILE="${TMP_DIRECTORY}/v2ray-linux-$MACHINE.zip"
# Install V2Ray from a local file, but still need to make sure the network is available
if [[ "$LOCAL_INSTALL" -eq '1' ]]; then
echo 'warn: Install V2Ray from a local file, but still need to make sure the network is available.'
echo -n 'warn: Please make sure the file is valid because we cannot confirm it. (Press any key) ...'
read -r
install_software 'unzip' 'unzip'
decompression "$LOCAL_FILE"
else
# Normal way
install_software 'curl' 'curl'
get_version
NUMBER="$?"
if [[ "$NUMBER" -eq '0' ]] || [[ "$FORCE" -eq '1' ]] || [[ "$NUMBER" -eq 2 ]]; then
echo "info: Installing V2Ray $RELEASE_VERSION for $(uname -m)"
download_v2ray
if [[ "$?" -eq '1' ]]; then
"rm" -r "$TMP_DIRECTORY"
echo "removed: $TMP_DIRECTORY"
exit 1
fi
install_software 'unzip' 'unzip'
decompression "$ZIP_FILE"
elif [[ "$NUMBER" -eq '1' ]]; then
echo "info: No new version. The current version of V2Ray is $CURRENT_VERSION ."
exit 0
fi
fi
# Determine if V2Ray is running
if systemctl list-unit-files | grep -qw 'v2ray'; then
if [[ -n "$(pidof v2ray)" ]]; then
stop_v2ray
V2RAY_RUNNING='1'
fi
fi
install_v2ray
install_startup_service_file
echo 'installed: /usr/local/bin/v2ray'
if [[ -f '/usr/local/bin/v2ctl' ]]; then
echo 'installed: /usr/local/bin/v2ctl'
fi
# If the file exists, the content output of installing or updating geoip.dat and geosite.dat will not be displayed
if [[ ! -f "${DAT_PATH}/.undat" ]]; then
echo "installed: ${DAT_PATH}/geoip.dat"
echo "installed: ${DAT_PATH}/geosite.dat"
fi
if [[ "$CONFIG_NEW" -eq '1' ]]; then
echo "installed: ${JSON_PATH}/config.json"
fi
if [[ "$CONFDIR" -eq '1' ]]; then
echo "installed: ${JSON_PATH}/00_log.json"
echo "installed: ${JSON_PATH}/01_api.json"
echo "installed: ${JSON_PATH}/02_dns.json"
echo "installed: ${JSON_PATH}/03_routing.json"
echo "installed: ${JSON_PATH}/04_policy.json"
echo "installed: ${JSON_PATH}/05_inbounds.json"
echo "installed: ${JSON_PATH}/06_outbounds.json"
echo "installed: ${JSON_PATH}/07_transport.json"
echo "installed: ${JSON_PATH}/08_stats.json"
echo "installed: ${JSON_PATH}/09_reverse.json"
fi
if [[ "$LOG" -eq '1' ]]; then
echo 'installed: /var/log/v2ray/'
echo 'installed: /var/log/v2ray/access.log'
echo 'installed: /var/log/v2ray/error.log'
fi
if [[ "$SYSTEMD" -eq '1' ]]; then
echo 'installed: /etc/systemd/system/v2ray.service'
echo 'installed: /etc/systemd/system/[email protected]'
fi
"rm" -r "$TMP_DIRECTORY"
echo "removed: $TMP_DIRECTORY"
if [[ "$LOCAL_INSTALL" -eq '1' ]]; then
get_version
fi
echo "info: V2Ray $RELEASE_VERSION is installed."
echo "You may need to execute a command to remove dependent software: $PACKAGE_MANAGEMENT_REMOVE curl unzip"
if [[ "$V2RAY_RUNNING" -eq '1' ]]; then
start_v2ray
else
echo 'Please execute the command: systemctl enable v2ray; systemctl start v2ray'
fi
}
main "$@"
Raw
xray_ubuntu_mod1.sh
#!/bin/bash
# xray一键安装脚本
# v2ray带伪装一键脚本Ubuntu版
# Author: hijk<https://hijk.art>
RED="\033[31m" # Error message
GREEN="\033[32m" # Success message
YELLOW="\033[33m" # Warning message
BLUE="\033[36m" # Info message
PLAIN='\033[0m'
# 以下网站是随机从Google上找到的无广告小说网站,不喜欢请改成其他网址,以http或https开头
# 搭建好后无法打开伪装域名,可能是反代小说网站挂了,请在网站留言,或者Github发issue,以便替换新的网站
SITES=(
http://www.zhuizishu.com/
http://xs.56dyc.com/
#http://www.xiaoshuosk.com/
#https://www.quledu.net/
http://www.ddxsku.com/
http://www.biqu6.com/
https://www.wenshulou.cc/
#http://www.auutea.com/
http://www.55shuba.com/
http://www.39shubao.com/
https://www.23xsw.cc/
#https://www.huanbige.com/
https://www.jueshitangmen.info/
https://www.zhetian.org/
http://www.bequgexs.com/
http://www.tjwl.com/
)
CONFIG_FILE="/usr/local/etc/xray/config.json"
OS=`hostnamectl | grep -i system | cut -d: -f2`
V6_PROXY=""
IP=`curl -sL -4 ip.sb`
if [[ "$?" != "0" ]]; then
IP=`curl -sL -6 ip.sb`
V6_PROXY="https://gh.hijk.art/"
fi
BT="false"
NGINX_CONF_PATH="/etc/nginx/conf.d/"
res=`which bt 2>/dev/null`
if [[ "$res" != "" ]]; then
BT="true"
NGINX_CONF_PATH="/www/server/panel/vhost/nginx/"
fi
VLESS="false"
TROJAN="false"
TLS="false"
WS="false"
XTLS="false"
KCP="false"
checkSystem() {
result=$(id | awk '{print $1}')
if [[ $result != "uid=0(root)" ]]; then
colorEcho $RED " 请以root身份执行该脚本"
exit 1
fi
res=`which yum 2>/dev/null`
if [[ "$?" != "0" ]]; then
res=`which apt 2>/dev/null`
if [[ "$?" != "0" ]]; then
colorEcho $RED " 不受支持的Linux系统"
exit 1
fi
PMT="apt"
CMD_INSTALL="apt install -y "
CMD_REMOVE="apt remove -y "
CMD_UPGRADE="apt update; apt upgrade -y; apt autoremove -y"
else
PMT="yum"
CMD_INSTALL="yum install -y "
CMD_REMOVE="yum remove -y "
CMD_UPGRADE="yum update -y"
fi
res=`which systemctl 2>/dev/null`
if [[ "$?" != "0" ]]; then
colorEcho $RED " 系统版本过低,请升级到最新版本"
exit 1
fi
}
colorEcho() {
echo -e "${1}${@:2}${PLAIN}"
}
configNeedNginx() {
local ws=`grep wsSettings $CONFIG_FILE`
if [[ -z "$ws" ]]; then
echo no
return
fi
echo yes
}
needNginx() {
if [[ "$WS" = "false" ]]; then
echo no
return
fi
echo yes
}
status() {
if [[ ! -f /usr/local/bin/xray ]]; then
echo 0
return
fi
if [[ ! -f $CONFIG_FILE ]]; then
echo 1
return
fi
port=`grep port $CONFIG_FILE| head -n 1| cut -d: -f2| tr -d \",' '`
res=`ss -nutlp| grep ${port} | grep -i xray`
if [[ -z "$res" ]]; then
echo 2
return
fi
if [[ `configNeedNginx` != "yes" ]]; then
echo 3
else
res=`ss -nutlp|grep -i nginx`
if [[ -z "$res" ]]; then
echo 4
else
echo 5
fi
fi
}
statusText() {
res=`status`
case $res in
2)
echo -e ${GREEN}已安装${PLAIN} ${RED}未运行${PLAIN}
;;
3)
echo -e ${GREEN}已安装${PLAIN} ${GREEN}Xray正在运行${PLAIN}
;;
4)
echo -e ${GREEN}已安装${PLAIN} ${GREEN}Xray正在运行${PLAIN}, ${RED}Nginx未运行${PLAIN}
;;
5)
echo -e ${GREEN}已安装${PLAIN} ${GREEN}Xray正在运行, Nginx正在运行${PLAIN}
;;
*)
echo -e ${RED}未安装${PLAIN}
;;
esac
}
normalizeVersion() {
if [ -n "$1" ]; then
case "$1" in
v*)
echo "$1"
;;
http*)
echo "v1.4.2"
;;
*)
echo "v$1"
;;
esac
else
echo ""
fi
}
# 1: new Xray. 0: no. 1: yes. 2: not installed. 3: check failed.
getVersion() {
VER=`/usr/local/bin/xray version|head -n1 | awk '{print $2}'`
RETVAL=$?
CUR_VER="$(normalizeVersion "$(echo "$VER" | head -n 1 | cut -d " " -f2)")"
TAG_URL="${V6_PROXY}https://api.github.com/repos/XTLS/Xray-core/releases/latest"
NEW_VER="$(normalizeVersion "$(curl -s "${TAG_URL}" --connect-timeout 10| grep 'tag_name' | cut -d\" -f4)")"
if [[ $? -ne 0 ]] || [[ $NEW_VER == "" ]]; then
colorEcho $RED " 检查Xray版本信息失败,请检查网络"
return 3
elif [[ $RETVAL -ne 0 ]];then
return 2
elif [[ $NEW_VER != $CUR_VER ]];then
return 1
fi
return 0
}
archAffix(){
case "$(uname -m)" in
i686|i386)
echo '32'
;;
x86_64|amd64)
echo '64'
;;
armv5tel)
echo 'arm32-v5'
;;
armv6l)
echo 'arm32-v6'
;;
armv7|armv7l)
echo 'arm32-v7a'
;;
armv8|aarch64)
echo 'arm64-v8a'
;;
mips64le)
echo 'mips64le'
;;
mips64)
echo 'mips64'
;;
mipsle)
echo 'mips32le'
;;
mips)
echo 'mips32'
;;
ppc64le)
echo 'ppc64le'
;;
ppc64)
echo 'ppc64'
;;
ppc64le)
echo 'ppc64le'
;;
riscv64)
echo 'riscv64'
;;
s390x)
echo 's390x'
;;
*)
colorEcho $RED " 不支持的CPU架构!"
exit 1
;;
esac
return 0
}
getData() {
if [[ "$TLS" = "true" || "$XTLS" = "true" ]]; then
echo ""
echo " Xray一键脚本,运行之前请确认如下条件已经具备:"
colorEcho ${YELLOW} " 1. 一个伪装域名"
colorEcho ${YELLOW} " 2. 伪装域名DNS解析指向当前服务器ip(${IP})"
colorEcho ${BLUE} " 3. 如果/root目录下有 xray.pem 和 xray.key 证书密钥文件,无需理会条件2"
echo " "
read -p " 确认满足按y,按其他退出脚本:" answer
if [[ "${answer,,}" != "y" ]]; then
exit 0
fi
echo ""
while true
do
read -p " 请输入伪装域名:" DOMAIN
if [[ -z "${DOMAIN}" ]]; then
colorEcho ${RED} " 域名输入错误,请重新输入!"
else
break
fi
done
DOMAIN=${DOMAIN,,}
colorEcho ${BLUE} " 伪装域名(host):$DOMAIN"
echo ""
if [[ -f ~/xray.pem && -f ~/xray.key ]]; then
colorEcho ${BLUE} " 检测到自有证书,将使用其部署"
CERT_FILE="/usr/local/etc/xray/${DOMAIN}.pem"
KEY_FILE="/usr/local/etc/xray/${DOMAIN}.key"
else
resolve=`curl -sL http://ip-api.com/json/${DOMAIN}`
res=`echo -n ${resolve} | grep ${IP}`
if [[ -z "${res}" ]]; then
colorEcho ${BLUE} "${DOMAIN} 解析结果:${resolve}"
colorEcho ${RED} " 域名未解析到当前服务器IP(${IP})!"
exit 1
fi
fi
fi
echo ""
if [[ "$(needNginx)" = "no" ]]; then
if [[ "$TLS" = "true" ]]; then
read -p " 请输入xray监听端口[强烈建议443,默认443]:" PORT
[[ -z "${PORT}" ]] && PORT=443
else
read -p " 请输入xray监听端口[100-65535的一个数字]:" PORT
[[ -z "${PORT}" ]] && PORT=`shuf -i200-65000 -n1`
if [[ "${PORT:0:1}" = "0" ]]; then
colorEcho ${RED} " 端口不能以0开头"
exit 1
fi
fi
colorEcho ${BLUE} " xray端口:$PORT"
else
read -p " 请输入Nginx监听端口[100-65535的一个数字,默认443]:" PORT
[[ -z "${PORT}" ]] && PORT=443
if [ "${PORT:0:1}" = "0" ]; then
colorEcho ${BLUE} " 端口不能以0开头"
exit 1
fi
colorEcho ${BLUE} " Nginx端口:$PORT"
XPORT=`shuf -i10000-65000 -n1`
fi
if [[ "$KCP" = "true" ]]; then
echo ""
colorEcho $BLUE " 请选择伪装类型:"
echo " 1) 无"
echo " 2) BT下载"
echo " 3) 视频通话"
echo " 4) 微信视频通话"
echo " 5) dtls"
echo " 6) wiregard"
read -p " 请选择伪装类型[默认:无]:" answer
case $answer in
2)
HEADER_TYPE="utp"
;;
3)
HEADER_TYPE="srtp"
;;
4)
HEADER_TYPE="wechat-video"
;;
5)
HEADER_TYPE="dtls"
;;
6)
HEADER_TYPE="wireguard"
;;
*)
HEADER_TYPE="none"
;;
esac
colorEcho $BLUE " 伪装类型:$HEADER_TYPE"
SEED=`cat /proc/sys/kernel/random/uuid`
fi
if [[ "$TROJAN" = "true" ]]; then
echo ""
read -p " 请设置trojan密码(不输则随机生成):" PASSWORD
[[ -z "$PASSWORD" ]] && PASSWORD=`cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 16 | head -n 1`
colorEcho $BLUE " trojan密码:$PASSWORD"
fi
if [[ "$XTLS" = "true" ]]; then
echo ""
colorEcho $BLUE " 请选择流控模式:"
echo -e " 1) xtls-rprx-direct [$RED推荐$PLAIN]"
echo " 2) xtls-rprx-origin"
read -p " 请选择流控模式[默认:direct]" answer
[[ -z "$answer" ]] && answer=1
case $answer in
1)
FLOW="xtls-rprx-direct"
;;
2)
FLOW="xtls-rprx-origin"
;;
*)
colorEcho $RED " 无效选项,使用默认的xtls-rprx-direct"
FLOW="xtls-rprx-direct"
;;
esac
colorEcho $BLUE " 流控模式:$FLOW"
fi
if [[ "${WS}" = "true" ]]; then
echo ""
while true
do
read -p " 请输入伪装路径,以/开头(不懂请直接回车):" WSPATH
if [[ -z "${WSPATH}" ]]; then
len=`shuf -i5-12 -n1`
ws=`cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w $len | head -n 1`
WSPATH="/$ws"
break
elif [[ "${WSPATH:0:1}" != "/" ]]; then
colorEcho ${RED} " 伪装路径必须以/开头!"
elif [[ "${WSPATH}" = "/" ]]; then
colorEcho ${RED} " 不能使用根路径!"
else
break
fi
done
colorEcho ${BLUE} " ws路径:$WSPATH"
fi
if [[ "$TLS" = "true" || "$XTLS" = "true" ]]; then
echo ""
colorEcho $BLUE " 请选择伪装站类型:"
echo " 1) 静态网站(位于/usr/share/nginx/html)"
echo " 2) 小说站(随机选择)"
echo " 3) 美女站(https://imeizi.me)"
echo " 4) 高清壁纸站(https://bing.imeizi.me)"
echo " 5) 自定义反代站点(需以http或者https开头)"
read -p " 请选择伪装网站类型[默认:高清壁纸站]" answer
if [[ -z "$answer" ]]; then
PROXY_URL="https://bing.imeizi.me"
else
case $answer in
1)
PROXY_URL=""
;;
2)
len=${#SITES[@]}
((len--))
while true
do
index=`shuf -i0-${len} -n1`
PROXY_URL=${SITES[$index]}
host=`echo ${PROXY_URL} | cut -d/ -f3`
ip=`curl -sL http://ip-api.com/json/${host}`
res=`echo -n ${ip} | grep ${host}`
if [[ "${res}" = "" ]]; then
echo "$ip $host" >> /etc/hosts
break
fi
done
;;
3)
PROXY_URL="https://imeizi.me"
;;
4)
PROXY_URL="https://bing.imeizi.me"
;;
5)
read -p " 请输入反代站点(以http或者https开头):" PROXY_URL
if [[ -z "$PROXY_URL" ]]; then
colorEcho $RED " 请输入反代网站!"
exit 1
elif [[ "${PROXY_URL:0:4}" != "http" ]]; then
colorEcho $RED " 反代网站必须以http或https开头!"
exit 1
fi
;;
*)
colorEcho $RED " 请输入正确的选项!"
exit 1
esac
fi
REMOTE_HOST=`echo ${PROXY_URL} | cut -d/ -f3`
colorEcho $BLUE " 伪装网站:$PROXY_URL"
echo ""
colorEcho $BLUE " 是否允许搜索引擎爬取网站?[默认:不允许]"
echo " y)允许,会有更多ip请求网站,但会消耗一些流量,vps流量充足情况下推荐使用"
echo " n)不允许,爬虫不会访问网站,访问ip比较单一,但能节省vps流量"
read -p " 请选择:[y/n]" answer
if [[ -z "$answer" ]]; then
ALLOW_SPIDER="n"
elif [[ "${answer,,}" = "y" ]]; then
ALLOW_SPIDER="y"
else
ALLOW_SPIDER="n"
fi
colorEcho $BLUE " 允许搜索引擎:$ALLOW_SPIDER"
fi
echo ""
read -p " 是否安装BBR(默认安装)?[y/n]:" NEED_BBR
[[ -z "$NEED_BBR" ]] && NEED_BBR=y
[[ "$NEED_BBR" = "Y" ]] && NEED_BBR=y
colorEcho $BLUE " 安装BBR:$NEED_BBR"
}
installNginx() {
echo ""
colorEcho $BLUE " 安装nginx..."
if [[ "$BT" = "false" ]]; then
if [[ "$PMT" = "yum" ]]; then
$CMD_INSTALL epel-release
if [[ "$?" != "0" ]]; then
echo '[nginx-stable]
name=nginx stable repo
baseurl=http://nginx.org/packages/centos/$releasever/$basearch/
gpgcheck=1
enabled=1
gpgkey=https://nginx.org/keys/nginx_signing.key
module_hotfixes=true' > /etc/yum.repos.d/nginx.repo
fi
fi
$CMD_INSTALL nginx
if [[ "$?" != "0" ]]; then
colorEcho $RED " Nginx安装失败,请到 https://hijk.art 反馈"
exit 1
fi
systemctl enable nginx
else
res=`which nginx 2>/dev/null`
if [[ "$?" != "0" ]]; then
colorEcho $RED " 您安装了宝塔,请在宝塔后台安装nginx后再运行本脚本"
exit 1
fi
fi
}
startNginx() {
if [[ "$BT" = "false" ]]; then
systemctl start nginx
else
nginx -c /www/server/nginx/conf/nginx.conf
fi
}
stopNginx() {
if [[ "$BT" = "false" ]]; then
systemctl stop nginx
else
res=`ps aux | grep -i nginx`
if [[ "$res" != "" ]]; then
nginx -s stop
fi
fi
}
getCert() {
mkdir -p /usr/local/etc/xray
if [[ -z ${CERT_FILE+x} ]]; then
stopNginx
systemctl stop xray
res=`netstat -ntlp| grep -E ':80 |:443 '`
if [[ "${res}" != "" ]]; then
colorEcho ${RED} " 其他进程占用了80或443端口,请先关闭再运行一键脚本"
echo " 端口占用信息如下:"
echo ${res}
exit 1
fi
$CMD_INSTALL socat openssl
if [[ "$PMT" = "yum" ]]; then
$CMD_INSTALL cronie
systemctl start crond
systemctl enable crond
else
$CMD_INSTALL cron
systemctl start cron
systemctl enable cron
fi
curl -sL https://get.acme.sh | sh -s [email protected]
source ~/.bashrc
~/.acme.sh/acme.sh --upgrade --auto-upgrade
~/.acme.sh/acme.sh --set-default-ca --server letsencrypt
if [[ "$BT" = "false" ]]; then
~/.acme.sh/acme.sh --issue -d $DOMAIN --keylength ec-256 --pre-hook "systemctl stop nginx" --post-hook "systemctl restart nginx" --standalone
else
~/.acme.sh/acme.sh --issue -d $DOMAIN --keylength ec-256 --pre-hook "nginx -s stop || { echo -n ''; }" --post-hook "nginx -c /www/server/nginx/conf/nginx.conf || { echo -n ''; }" --standalone
fi
[[ -f ~/.acme.sh/${DOMAIN}_ecc/ca.cer ]] || {
colorEcho $RED " 获取证书失败,请复制上面的红色文字到 https://hijk.art 反馈"
exit 1
}
CERT_FILE="/usr/local/etc/xray/${DOMAIN}.pem"
KEY_FILE="/usr/local/etc/xray/${DOMAIN}.key"
~/.acme.sh/acme.sh --install-cert -d $DOMAIN --ecc \
--key-file $KEY_FILE \
--fullchain-file $CERT_FILE \
--reloadcmd "service nginx force-reload"
[[ -f $CERT_FILE && -f $KEY_FILE ]] || {
colorEcho $RED " 获取证书失败,请到 https://hijk.art 反馈"
exit 1
}
else
cp ~/xray.pem /usr/local/etc/xray/${DOMAIN}.pem
cp ~/xray.key /usr/local/etc/xray/${DOMAIN}.key
fi
}
configNginx() {
mkdir -p /usr/share/nginx/html;
if [[ "$ALLOW_SPIDER" = "n" ]]; then
echo 'User-Agent: *' > /usr/share/nginx/html/robots.txt
echo 'Disallow: /' >> /usr/share/nginx/html/robots.txt
ROBOT_CONFIG=" location = /robots.txt {}"
else
ROBOT_CONFIG=""
fi
if [[ "$BT" = "false" ]]; then
if [[ ! -f /etc/nginx/nginx.conf.bak ]]; then
mv /etc/nginx/nginx.conf /etc/nginx/nginx.conf.bak
fi
res=`id nginx 2>/dev/null`
if [[ "$?" != "0" ]]; then
user="www-data"
else
user="nginx"
fi
cat > /etc/nginx/nginx.conf<<-EOF
user $user;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;
# Load dynamic modules. See /usr/share/doc/nginx/README.dynamic.
include /usr/share/nginx/modules/*.conf;
events {
worker_connections 1024;
}
http {
log_format main '\$remote_addr - \$remote_user [\$time_local] "\$request" '
'\$status \$body_bytes_sent "\$http_referer" '
'"\$http_user_agent" "\$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
server_tokens off;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
gzip on;
include /etc/nginx/mime.types;
default_type application/octet-stream;
# Load modular configuration files from the /etc/nginx/conf.d directory.
# See http://nginx.org/en/docs/ngx_core_module.html#include
# for more information.
include /etc/nginx/conf.d/*.conf;
}
EOF
fi
if [[ "$PROXY_URL" = "" ]]; then
action=""
else
action="proxy_ssl_server_name on;
proxy_pass $PROXY_URL;
proxy_set_header Accept-Encoding '';
sub_filter \"$REMOTE_HOST\" \"$DOMAIN\";
sub_filter_once off;"
fi
if [[ "$TLS" = "true" || "$XTLS" = "true" ]]; then
mkdir -p ${NGINX_CONF_PATH}
# VMESS+WS+TLS
# VLESS+WS+TLS
if [[ "$WS" = "true" ]]; then
cat > ${NGINX_CONF_PATH}${DOMAIN}.conf<<-EOF
server {
listen 80;
listen [::]:80;
server_name ${DOMAIN};
return 301 https://\$server_name:${PORT}\$request_uri;
}
server {
listen ${PORT} ssl http2;
listen [::]:${PORT} ssl http2;
server_name ${DOMAIN};
charset utf-8;
# ssl配置
ssl_protocols TLSv1.1 TLSv1.2;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_ecdh_curve secp384r1;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
ssl_session_tickets off;
ssl_certificate $CERT_FILE;
ssl_certificate_key $KEY_FILE;
root /usr/share/nginx/html;
location / {
$action
}
$ROBOT_CONFIG
location ${WSPATH} {
proxy_redirect off;
proxy_pass http://127.0.0.1:${XPORT};
proxy_http_version 1.1;
proxy_set_header Upgrade \$http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host \$host;
proxy_set_header X-Real-IP \$remote_addr;
proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
}
}
EOF
else
# VLESS+TCP+TLS
# VLESS+TCP+XTLS
# trojan
cat > ${NGINX_CONF_PATH}${DOMAIN}.conf<<-EOF
server {
listen 80;
listen [::]:80;
listen 81 http2;
server_name ${DOMAIN};
root /usr/share/nginx/html;
location / {
$action
}
$ROBOT_CONFIG
}
EOF
fi
fi
}
setSelinux() {
if [[ -s /etc/selinux/config ]] && grep 'SELINUX=enforcing' /etc/selinux/config; then
sed -i 's/SELINUX=enforcing/SELINUX=permissive/g' /etc/selinux/config
setenforce 0
fi
}
setFirewall() {
res=`which firewall-cmd 2>/dev/null`
if [[ $? -eq 0 ]]; then
systemctl status firewalld > /dev/null 2>&1
if [[ $? -eq 0 ]];then
firewall-cmd --permanent --add-service=http
firewall-cmd --permanent --add-service=https
if [[ "$PORT" != "443" ]]; then
firewall-cmd --permanent --add-port=${PORT}/tcp
firewall-cmd --permanent --add-port=${PORT}/udp
fi
firewall-cmd --reload
else
nl=`iptables -nL | nl | grep FORWARD | awk '{print $1}'`
if [[ "$nl" != "3" ]]; then
iptables -I INPUT -p tcp --dport 80 -j ACCEPT
iptables -I INPUT -p tcp --dport 443 -j ACCEPT
if [[ "$PORT" != "443" ]]; then
iptables -I INPUT -p tcp --dport ${PORT} -j ACCEPT
iptables -I INPUT -p udp --dport ${PORT} -j ACCEPT
fi
fi
fi
else
res=`which iptables 2>/dev/null`
if [[ $? -eq 0 ]]; then
nl=`iptables -nL | nl | grep FORWARD | awk '{print $1}'`
if [[ "$nl" != "3" ]]; then
iptables -I INPUT -p tcp --dport 80 -j ACCEPT
iptables -I INPUT -p tcp --dport 443 -j ACCEPT
if [[ "$PORT" != "443" ]]; then
iptables -I INPUT -p tcp --dport ${PORT} -j ACCEPT
iptables -I INPUT -p udp --dport ${PORT} -j ACCEPT
fi
fi
else
res=`which ufw 2>/dev/null`
if [[ $? -eq 0 ]]; then
res=`ufw status | grep -i inactive`
if [[ "$res" = "" ]]; then
ufw allow http/tcp
ufw allow https/tcp
if [[ "$PORT" != "443" ]]; then
ufw allow ${PORT}/tcp
ufw allow ${PORT}/udp
fi
fi
fi
fi
fi
}
installBBR() {
if [[ "$NEED_BBR" != "y" ]]; then
INSTALL_BBR=false
return
fi
result=$(lsmod | grep bbr)
if [[ "$result" != "" ]]; then
colorEcho $BLUE " BBR模块已安装"
INSTALL_BBR=false
return
fi
res=`hostnamectl | grep -i openvz`
if [[ "$res" != "" ]]; then
colorEcho $BLUE " openvz机器,跳过安装"
INSTALL_BBR=false
return
fi
echo "net.core.default_qdisc=fq" >> /etc/sysctl.conf
echo "net.ipv4.tcp_congestion_control=bbr" >> /etc/sysctl.conf
sysctl -p
result=$(lsmod | grep bbr)
if [[ "$result" != "" ]]; then
colorEcho $GREEN " BBR模块已启用"
INSTALL_BBR=false
return
fi
colorEcho $BLUE " 安装BBR模块..."
if [[ "$PMT" = "yum" ]]; then
if [[ "$V6_PROXY" = "" ]]; then
rpm --import https://www.elrepo.org/RPM-GPG-KEY-elrepo.org
rpm -Uvh http://www.elrepo.org/elrepo-release-7.0-4.el7.elrepo.noarch.rpm
$CMD_INSTALL --enablerepo=elrepo-kernel kernel-ml
$CMD_REMOVE kernel-3.*
grub2-set-default 0
echo "tcp_bbr" >> /etc/modules-load.d/modules.conf
INSTALL_BBR=true
fi
else
$CMD_INSTALL --install-recommends linux-generic-hwe-16.04
grub-set-default 0
echo "tcp_bbr" >> /etc/modules-load.d/modules.conf
INSTALL_BBR=true
fi
}
installXray() {
rm -rf /tmp/xray
mkdir -p /tmp/xray
DOWNLOAD_LINK="${V6_PROXY}https://github.com/XTLS/Xray-core/releases/download/${NEW_VER}/Xray-linux-$(archAffix).zip"
colorEcho $BLUE " 下载Xray: ${DOWNLOAD_LINK}"
curl -L -H "Cache-Control: no-cache" -o /tmp/xray/xray.zip ${DOWNLOAD_LINK}
if [ $? != 0 ];then
colorEcho $RED " 下载Xray文件失败,请检查服务器网络设置"
exit 1
fi
systemctl stop xray
mkdir -p /usr/local/etc/xray /usr/local/share/xray && \
unzip /tmp/xray/xray.zip -d /tmp/xray
cp /tmp/xray/xray /usr/local/bin
cp /tmp/xray/geo* /usr/local/share/xray
chmod +x /usr/local/bin/xray || {
colorEcho $RED " Xray安装失败"
exit 1
}
cat >/etc/systemd/system/xray.service<<-EOF
[Unit]
Description=Xray Service
Documentation=https://github.com/xtls https://hijk.art
After=network.target nss-lookup.target
[Service]
User=root
#User=nobody
#CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE
#AmbientCapabilities=CAP_NET_ADMIN CAP_NET_BIND_SERVICE
NoNewPrivileges=true
ExecStart=/usr/local/bin/xray run -config /usr/local/etc/xray/config.json
Restart=on-failure
RestartPreventExitStatus=23
[Install]
WantedBy=multi-user.target
EOF
systemctl daemon-reload
systemctl enable xray.service
}
trojanConfig() {
cat > $CONFIG_FILE<<-EOF
{
"inbounds": [{
"port": $PORT,
"protocol": "trojan",
"settings": {
"clients": [
{
"password": "$PASSWORD"
}
],
"fallbacks": [
{
"alpn": "http/1.1",
"dest": 80
},
{
"alpn": "h2",
"dest": 81
}
]
},
"streamSettings": {
"network": "tcp",
"security": "tls",
"tlsSettings": {
"serverName": "$DOMAIN",
"alpn": ["http/1.1", "h2"],
"certificates": [
{
"certificateFile": "$CERT_FILE",
"keyFile": "$KEY_FILE"
}
]
}
}
}],
"outbounds": [{
"protocol": "freedom",
"settings": {}
},{
"protocol": "blackhole",
"settings": {},
"tag": "blocked"
}]
}
EOF
}
trojanXTLSConfig() {
cat > $CONFIG_FILE<<-EOF
{
"inbounds": [{
"port": $PORT,
"protocol": "trojan",
"settings": {
"clients": [
{
"password": "$PASSWORD",
"flow": "$FLOW"
}
],
"fallbacks": [
{
"alpn": "http/1.1",
"dest": 80
},
{
"alpn": "h2",
"dest": 81
}
]
},
"streamSettings": {
"network": "tcp",
"security": "xtls",
"xtlsSettings": {
"serverName": "$DOMAIN",
"alpn": ["http/1.1", "h2"],
"certificates": [
{
"certificateFile": "$CERT_FILE",
"keyFile": "$KEY_FILE"
}
]
}
}
}],
"outbounds": [{
"protocol": "freedom",
"settings": {}
},{
"protocol": "blackhole",
"settings": {},
"tag": "blocked"
}]
}
EOF
}
vmessConfig() {
local uuid="$(cat '/proc/sys/kernel/random/uuid')"
local alterid=`shuf -i50-80 -n1`
cat > $CONFIG_FILE<<-EOF
{
"inbounds": [{
"port": $PORT,
"protocol": "vmess",
"settings": {
"clients": [
{
"id": "$uuid",
"level": 1,
"alterId": $alterid
}
]
}
}],
"outbounds": [{
"protocol": "freedom",
"settings": {}
},{
"protocol": "blackhole",
"settings": {},
"tag": "blocked"
}]
}
EOF
}
vmessKCPConfig() {
local uuid="$(cat '/proc/sys/kernel/random/uuid')"
local alterid=`shuf -i50-80 -n1`
cat > $CONFIG_FILE<<-EOF
{
"inbounds": [{
"port": $PORT,
"protocol": "vmess",
"settings": {
"clients": [
{
"id": "$uuid",
"level": 1,
"alterId": $alterid
}
]
},
"streamSettings": {
"network": "mkcp",
"kcpSettings": {
"uplinkCapacity": 100,
"downlinkCapacity": 100,
"congestion": true,
"header": {
"type": "$HEADER_TYPE"
},
"seed": "$SEED"
}
}
}],
"outbounds": [{
"protocol": "freedom",
"settings": {}
},{
"protocol": "blackhole",
"settings": {},
"tag": "blocked"
}]
}
EOF
}
vmessTLSConfig() {
local uuid="$(cat '/proc/sys/kernel/random/uuid')"
cat > $CONFIG_FILE<<-EOF
{
"inbounds": [{
"port": $PORT,
"protocol": "vmess",
"settings": {
"clients": [
{
"id": "$uuid",
"level": 1,
"alterId": 0
}
],
"disableInsecureEncryption": false
},
"streamSettings": {
"network": "tcp",
"security": "tls",
"tlsSettings": {
"serverName": "$DOMAIN",
"alpn": ["http/1.1", "h2"],
"certificates": [
{
"certificateFile": "$CERT_FILE",
"keyFile": "$KEY_FILE"
}
]
}
}
}],
"outbounds": [{
"protocol": "freedom",
"settings": {}
},{
"protocol": "blackhole",
"settings": {},
"tag": "blocked"
}]
}
EOF
}
vmessWSConfig() {
local uuid="$(cat '/proc/sys/kernel/random/uuid')"
cat > $CONFIG_FILE<<-EOF
{
"inbounds": [{
"port": $XPORT,
"listen": "127.0.0.1",
"protocol": "vmess",
"settings": {
"clients": [
{
"id": "$uuid",
"level": 1,
"alterId": 0
}
],
"disableInsecureEncryption": false
},
"streamSettings": {
"network": "ws",
"wsSettings": {
"path": "$WSPATH",
"headers": {
"Host": "$DOMAIN"
}
}
}
}],
"outbounds": [{
"protocol": "freedom",
"settings": {}
},{
"protocol": "blackhole",
"settings": {},
"tag": "blocked"
}]
}
EOF
}
vlessTLSConfig() {
local uuid="$(cat '/proc/sys/kernel/random/uuid')"
cat > $CONFIG_FILE<<-EOF
{
"inbounds": [{
"port": $PORT,
"protocol": "vless",
"settings": {
"clients": [
{
"id": "$uuid",
"level": 0
}
],
"decryption": "none",
"fallbacks": [
{
"alpn": "http/1.1",
"dest": 80
},
{
"alpn": "h2",
"dest": 81
}
]
},
"streamSettings": {
"network": "tcp",
"security": "tls",
"tlsSettings": {
"serverName": "$DOMAIN",
"alpn": ["http/1.1", "h2"],
"certificates": [
{
"certificateFile": "$CERT_FILE",
"keyFile": "$KEY_FILE"
}
]
}
}
}],
"outbounds": [{
"protocol": "freedom",
"settings": {}
},{
"protocol": "blackhole",
"settings": {},
"tag": "blocked"
}]
}
EOF
}
vlessXTLSConfig() {
local uuid="$(cat '/proc/sys/kernel/random/uuid')"
cat > $CONFIG_FILE<<-EOF
{
"inbounds": [{
"port": $PORT,
"protocol": "vless",
"settings": {
"clients": [
{
"id": "$uuid",
"flow": "$FLOW",
"level": 0
}
],
"decryption": "none",
"fallbacks": [
{
"alpn": "http/1.1",
"dest": 80
},
{
"alpn": "h2",
"dest": 81
}
]
},
"streamSettings": {
"network": "tcp",
"security": "xtls",
"xtlsSettings": {
"serverName": "$DOMAIN",
"alpn": ["http/1.1", "h2"],
"certificates": [
{
"certificateFile": "$CERT_FILE",
"keyFile": "$KEY_FILE"
}
]
}
}
}],
"outbounds": [{
"protocol": "freedom",
"settings": {}
},{
"protocol": "blackhole",
"settings": {},
"tag": "blocked"
}]
}
EOF
}
vlessWSConfig() {
local uuid="$(cat '/proc/sys/kernel/random/uuid')"
cat > $CONFIG_FILE<<-EOF
{
"inbounds": [{
"port": $XPORT,
"listen": "127.0.0.1",
"protocol": "vless",
"settings": {
"clients": [
{
"id": "$uuid",
"level": 0
}
],
"decryption": "none"
},
"streamSettings": {
"network": "ws",
"security": "none",
"wsSettings": {
"path": "$WSPATH",
"headers": {
"Host": "$DOMAIN"
}
}
}
}],
"outbounds": [{
"protocol": "freedom",
"settings": {}
},{
"protocol": "blackhole",
"settings": {},
"tag": "blocked"
}]
}
EOF
}
vlessKCPConfig() {
local uuid="$(cat '/proc/sys/kernel/random/uuid')"
cat > $CONFIG_FILE<<-EOF
{
"inbounds": [{
"port": $PORT,
"protocol": "vless",
"settings": {
"clients": [
{
"id": "$uuid",
"level": 0
}
],
"decryption": "none"
},
"streamSettings": {
"streamSettings": {
"network": "mkcp",
"kcpSettings": {
"uplinkCapacity": 100,
"downlinkCapacity": 100,
"congestion": true,
"header": {
"type": "$HEADER_TYPE"
},
"seed": "$SEED"
}
}
}
}],
"outbounds": [{
"protocol": "freedom",
"settings": {}
},{
"protocol": "blackhole",
"settings": {},
"tag": "blocked"
}]
}
EOF
}
configXray() {
mkdir -p /usr/local/xray
if [[ "$TROJAN" = "true" ]]; then
if [[ "$XTLS" = "true" ]]; then
trojanXTLSConfig
else
trojanConfig
fi
return 0
fi
if [[ "$VLESS" = "false" ]]; then
# VMESS + kcp
if [[ "$KCP" = "true" ]]; then
vmessKCPConfig
return 0
fi
# VMESS
if [[ "$TLS" = "false" ]]; then
vmessConfig
elif [[ "$WS" = "false" ]]; then
# VMESS+TCP+TLS
vmessTLSConfig
# VMESS+WS+TLS
else
vmessWSConfig
fi
#VLESS
else
if [[ "$KCP" = "true" ]]; then
vlessKCPConfig
return 0
fi
# VLESS+TCP
if [[ "$WS" = "false" ]]; then
# VLESS+TCP+TLS
if [[ "$XTLS" = "false" ]]; then
vlessTLSConfig
# VLESS+TCP+XTLS
else
vlessXTLSConfig
fi
# VLESS+WS+TLS
else
vlessWSConfig
fi
fi
}
install() {
getData
$PMT clean all
[[ "$PMT" = "apt" ]] && $PMT update
#echo $CMD_UPGRADE | bash
$CMD_INSTALL wget vim unzip tar gcc openssl
$CMD_INSTALL net-tools
if [[ "$PMT" = "apt" ]]; then
$CMD_INSTALL libssl-dev g++
fi
res=`which unzip 2>/dev/null`
if [[ $? -ne 0 ]]; then
colorEcho $RED " unzip安装失败,请检查网络"
exit 1
fi
installNginx
setFirewall
if [[ "$TLS" = "true" || "$XTLS" = "true" ]]; then
getCert
fi
configNginx
colorEcho $BLUE " 安装Xray..."
getVersion
RETVAL="$?"
if [[ $RETVAL == 0 ]]; then
colorEcho $BLUE " Xray最新版 ${CUR_VER} 已经安装"
elif [[ $RETVAL == 3 ]]; then
exit 1
else
colorEcho $BLUE " 安装Xray ${NEW_VER} ,架构$(archAffix)"
installXray
fi
configXray
setSelinux
installBBR
start
showInfo
bbrReboot
}
bbrReboot() {
if [[ "${INSTALL_BBR}" == "true" ]]; then
echo
echo " 为使BBR模块生效,系统将在30秒后重启"
echo
echo -e " 您可以按 ctrl + c 取消重启,稍后输入 ${RED}reboot${PLAIN} 重启系统"
sleep 30
reboot
fi
}
update() {
res=`status`
if [[ $res -lt 2 ]]; then
colorEcho $RED " Xray未安装,请先安装!"
return
fi
getVersion
RETVAL="$?"
if [[ $RETVAL == 0 ]]; then
colorEcho $BLUE " Xray最新版 ${CUR_VER} 已经安装"
elif [[ $RETVAL == 3 ]]; then
exit 1
else
colorEcho $BLUE " 安装Xray ${NEW_VER} ,架构$(archAffix)"
installXray
stop
start
colorEcho $GREEN " 最新版Xray安装成功!"
fi
}
uninstall() {
res=`status`
if [[ $res -lt 2 ]]; then
colorEcho $RED " Xray未安装,请先安装!"
return
fi
echo ""
read -p " 确定卸载Xray?[y/n]:" answer
if [[ "${answer,,}" = "y" ]]; then
domain=`grep Host $CONFIG_FILE | cut -d: -f2 | tr -d \",' '`
if [[ "$domain" = "" ]]; then
domain=`grep serverName $CONFIG_FILE | cut -d: -f2 | tr -d \",' '`
fi
stop
systemctl disable xray
rm -rf /etc/systemd/system/xray.service
rm -rf /usr/local/bin/xray
rm -rf /usr/local/etc/xray
if [[ "$BT" = "false" ]]; then
systemctl disable nginx
$CMD_REMOVE nginx
if [[ "$PMT" = "apt" ]]; then
$CMD_REMOVE nginx-common
fi
rm -rf /etc/nginx/nginx.conf
if [[ -f /etc/nginx/nginx.conf.bak ]]; then
mv /etc/nginx/nginx.conf.bak /etc/nginx/nginx.conf
fi
fi
if [[ "$domain" != "" ]]; then
rm -rf ${NGINX_CONF_PATH}${domain}.conf
fi
[[ -f ~/.acme.sh/acme.sh ]] && ~/.acme.sh/acme.sh --uninstall
colorEcho $GREEN " Xray卸载成功"
fi
}
start() {
res=`status`
if [[ $res -lt 2 ]]; then
colorEcho $RED " Xray未安装,请先安装!"
return
fi
stopNginx
startNginx
systemctl restart xray
sleep 2
port=`grep port $CONFIG_FILE| head -n 1| cut -d: -f2| tr -d \",' '`
res=`ss -nutlp| grep ${port} | grep -i xray`
if [[ "$res" = "" ]]; then
colorEcho $RED " Xray启动失败,请检查日志或查看端口是否被占用!"
else
colorEcho $BLUE " Xray启动成功"
fi
}
stop() {
stopNginx
systemctl stop xray
colorEcho $BLUE " Xray停止成功"
}
restart() {
res=`status`
if [[ $res -lt 2 ]]; then
colorEcho $RED " Xray未安装,请先安装!"
return
fi
stop
start
}
getConfigFileInfo() {
vless="false"
tls="false"
ws="false"
xtls="false"
trojan="false"
protocol="VMess"
kcp="false"
uid=`grep id $CONFIG_FILE | head -n1| cut -d: -f2 | tr -d \",' '`
alterid=`grep alterId $CONFIG_FILE | cut -d: -f2 | tr -d \",' '`
network=`grep network $CONFIG_FILE | tail -n1| cut -d: -f2 | tr -d \",' '`
[[ -z "$network" ]] && network="tcp"
domain=`grep serverName $CONFIG_FILE | cut -d: -f2 | tr -d \",' '`
if [[ "$domain" = "" ]]; then
domain=`grep Host $CONFIG_FILE | cut -d: -f2 | tr -d \",' '`
if [[ "$domain" != "" ]]; then
ws="true"
tls="true"
wspath=`grep path $CONFIG_FILE | cut -d: -f2 | tr -d \",' '`
fi
else
tls="true"
fi
if [[ "$ws" = "true" ]]; then
port=`grep -i ssl $NGINX_CONF_PATH${domain}.conf| head -n1 | awk '{print $2}'`
else
port=`grep port $CONFIG_FILE | cut -d: -f2 | tr -d \",' '`
fi
res=`grep -i kcp $CONFIG_FILE`
if [[ "$res" != "" ]]; then
kcp="true"
type=`grep header -A 3 $CONFIG_FILE | grep 'type' | cut -d: -f2 | tr -d \",' '`
seed=`grep seed $CONFIG_FILE | cut -d: -f2 | tr -d \",' '`
fi
vmess=`grep vmess $CONFIG_FILE`
if [[ "$vmess" = "" ]]; then
trojan=`grep trojan $CONFIG_FILE`
if [[ "$trojan" = "" ]]; then
vless="true"
protocol="VLESS"
else
trojan="true"
password=`grep password $CONFIG_FILE | cut -d: -f2 | tr -d \",' '`
protocol="trojan"
fi
tls="true"
encryption="none"
xtls=`grep xtlsSettings $CONFIG_FILE`
if [[ "$xtls" != "" ]]; then
xtls="true"
flow=`grep flow $CONFIG_FILE | cut -d: -f2 | tr -d \",' '`
else
flow="无"
fi
fi
}
outputVmess() {
raw="{
\"v\":\"2\",
\"ps\":\"\",
\"add\":\"$IP\",
\"port\":\"${port}\",
\"id\":\"${uid}\",
\"aid\":\"$alterid\",
\"net\":\"tcp\",
\"type\":\"none\",
\"host\":\"\",
\"path\":\"\",
\"tls\":\"\"
}"
link=`echo -n ${raw} | base64 -w 0`
link="vmess://${link}"
echo -e " ${BLUE}IP(address): ${PLAIN} ${RED}${IP}${PLAIN}"
echo -e " ${BLUE}端口(port):${PLAIN}${RED}${port}${PLAIN}"
echo -e " ${BLUE}id(uuid):${PLAIN}${RED}${uid}${PLAIN}"
echo -e " ${BLUE}额外id(alterid):${PLAIN} ${RED}${alterid}${PLAIN}"
echo -e " ${BLUE}加密方式(security):${PLAIN} ${RED}auto${PLAIN}"
echo -e " ${BLUE}传输协议(network):${PLAIN} ${RED}${network}${PLAIN}"
echo
echo -e " ${BLUE}vmess链接:${PLAIN} $RED$link$PLAIN"
}
outputVmessKCP() {
echo -e " ${BLUE}IP(address): ${PLAIN} ${RED}${IP}${PLAIN}"
echo -e " ${BLUE}端口(port):${PLAIN}${RED}${port}${PLAIN}"
echo -e " ${BLUE}id(uuid):${PLAIN}${RED}${uid}${PLAIN}"
echo -e " ${BLUE}额外id(alterid):${PLAIN} ${RED}${alterid}${PLAIN}"
echo -e " ${BLUE}加密方式(security):${PLAIN} ${RED}auto${PLAIN}"
echo -e " ${BLUE}传输协议(network):${PLAIN} ${RED}${network}${PLAIN}"
echo -e " ${BLUE}伪装类型(type):${PLAIN} ${RED}${type}${PLAIN}"
echo -e " ${BLUE}mkcp seed:${PLAIN} ${RED}${seed}${PLAIN}"
}
outputTrojan() {
if [[ "$xtls" = "true" ]]; then
echo -e " ${BLUE}IP/域名(address): ${PLAIN} ${RED}${domain}${PLAIN}"
echo -e " ${BLUE}端口(port):${PLAIN}${RED}${port}${PLAIN}"
echo -e " ${BLUE}密码(password):${PLAIN}${RED}${password}${PLAIN}"
echo -e " ${BLUE}流控(flow):${PLAIN}$RED$flow${PLAIN}"
echo -e " ${BLUE}加密(encryption):${PLAIN} ${RED}none${PLAIN}"
echo -e " ${BLUE}传输协议(network):${PLAIN} ${RED}${network}${PLAIN}"
echo -e " ${BLUE}底层安全传输(tls):${PLAIN}${RED}XTLS${PLAIN}"
else
echo -e " ${BLUE}IP/域名(address): ${PLAIN} ${RED}${domain}${PLAIN}"
echo -e " ${BLUE}端口(port):${PLAIN}${RED}${port}${PLAIN}"
echo -e " ${BLUE}密码(password):${PLAIN}${RED}${password}${PLAIN}"
echo -e " ${BLUE}传输协议(network):${PLAIN} ${RED}${network}${PLAIN}"
echo -e " ${BLUE}底层安全传输(tls):${PLAIN}${RED}TLS${PLAIN}"
fi
}
outputVmessTLS() {
raw="{
\"v\":\"2\",
\"ps\":\"\",
\"add\":\"$IP\",
\"port\":\"${port}\",
\"id\":\"${uid}\",
\"aid\":\"$alterid\",
\"net\":\"${network}\",
\"type\":\"none\",
\"host\":\"${domain}\",
\"path\":\"\",
\"tls\":\"tls\"
}"
link=`echo -n ${raw} | base64 -w 0`
link="vmess://${link}"
echo -e " ${BLUE}IP(address): ${PLAIN} ${RED}${IP}${PLAIN}"
echo -e " ${BLUE}端口(port):${PLAIN}${RED}${port}${PLAIN}"
echo -e " ${BLUE}id(uuid):${PLAIN}${RED}${uid}${PLAIN}"
echo -e " ${BLUE}额外id(alterid):${PLAIN} ${RED}${alterid}${PLAIN}"
echo -e " ${BLUE}加密方式(security):${PLAIN} ${RED}none${PLAIN}"
echo -e " ${BLUE}传输协议(network):${PLAIN} ${RED}${network}${PLAIN}"
echo -e " ${BLUE}伪装域名/主机名(host)/SNI/peer名称:${PLAIN}${RED}${domain}${PLAIN}"
echo -e " ${BLUE}底层安全传输(tls):${PLAIN}${RED}TLS${PLAIN}"
echo
echo -e " ${BLUE}vmess链接: ${PLAIN}$RED$link$PLAIN"
}
outputVmessWS() {
raw="{
\"v\":\"2\",
\"ps\":\"\",
\"add\":\"$IP\",
\"port\":\"${port}\",
\"id\":\"${uid}\",
\"aid\":\"$alterid\",
\"net\":\"${network}\",
\"type\":\"none\",
\"host\":\"${domain}\",
\"path\":\"${wspath}\",
\"tls\":\"tls\"
}"
link=`echo -n ${raw} | base64 -w 0`
link="vmess://${link}"
echo -e " ${BLUE}IP(address): ${PLAIN} ${RED}${IP}${PLAIN}"
echo -e " ${BLUE}端口(port):${PLAIN}${RED}${port}${PLAIN}"
echo -e " ${BLUE}id(uuid):${PLAIN}${RED}${uid}${PLAIN}"
echo -e " ${BLUE}额外id(alterid):${PLAIN} ${RED}${alterid}${PLAIN}"
echo -e " ${BLUE}加密方式(security):${PLAIN} ${RED}none${PLAIN}"
echo -e " ${BLUE}传输协议(network):${PLAIN} ${RED}${network}${PLAIN}"
echo -e " ${BLUE}伪装类型(type):${PLAIN}${RED}none$PLAIN"
echo -e " ${BLUE}伪装域名/主机名(host)/SNI/peer名称:${PLAIN}${RED}${domain}${PLAIN}"
echo -e " ${BLUE}路径(path):${PLAIN}${RED}${wspath}${PLAIN}"
echo -e " ${BLUE}底层安全传输(tls):${PLAIN}${RED}TLS${PLAIN}"
echo
echo -e " ${BLUE}vmess链接:${PLAIN} $RED$link$PLAIN"
}
showInfo() {
res=`status`
if [[ $res -lt 2 ]]; then
colorEcho $RED " Xray未安装,请先安装!"
return
fi
echo ""
echo -n -e " ${BLUE}Xray运行状态:${PLAIN}"
statusText
echo -e " ${BLUE}Xray配置文件: ${PLAIN} ${RED}${CONFIG_FILE}${PLAIN}"
colorEcho $BLUE " Xray配置信息:"
getConfigFileInfo
echo -e " ${BLUE}协议: ${PLAIN} ${RED}${protocol}${PLAIN}"
if [[ "$trojan" = "true" ]]; then
outputTrojan
return 0
fi
if [[ "$vless" = "false" ]]; then
if [[ "$kcp" = "true" ]]; then
outputVmessKCP
return 0
fi
if [[ "$tls" = "false" ]]; then
outputVmess
elif [[ "$ws" = "false" ]]; then
outputVmessTLS
else
outputVmessWS
fi
else
if [[ "$kcp" = "true" ]]; then
echo -e " ${BLUE}IP(address): ${PLAIN} ${RED}${IP}${PLAIN}"
echo -e " ${BLUE}端口(port):${PLAIN}${RED}${port}${PLAIN}"
echo -e " ${BLUE}id(uuid):${PLAIN}${RED}${uid}${PLAIN}"
echo -e " ${BLUE}加密(encryption):${PLAIN} ${RED}none${PLAIN}"
echo -e " ${BLUE}传输协议(network):${PLAIN} ${RED}${network}${PLAIN}"
echo -e " ${BLUE}伪装类型(type):${PLAIN} ${RED}${type}${PLAIN}"
echo -e " ${BLUE}mkcp seed:${PLAIN} ${RED}${seed}${PLAIN}"
return 0
fi
if [[ "$xtls" = "true" ]]; then
echo -e " ${BLUE}IP(address): ${PLAIN} ${RED}${IP}${PLAIN}"
echo -e " ${BLUE}端口(port):${PLAIN}${RED}${port}${PLAIN}"
echo -e " ${BLUE}id(uuid):${PLAIN}${RED}${uid}${PLAIN}"
echo -e " ${BLUE}流控(flow):${PLAIN}$RED$flow${PLAIN}"
echo -e " ${BLUE}加密(encryption):${PLAIN} ${RED}none${PLAIN}"
echo -e " ${BLUE}传输协议(network):${PLAIN} ${RED}${network}${PLAIN}"
echo -e " ${BLUE}伪装类型(type):${PLAIN}${RED}none$PLAIN"
echo -e " ${BLUE}伪装域名/主机名(host)/SNI/peer名称:${PLAIN}${RED}${domain}${PLAIN}"
echo -e " ${BLUE}底层安全传输(tls):${PLAIN}${RED}XTLS${PLAIN}"
elif [[ "$ws" = "false" ]]; then
echo -e " ${BLUE}IP(address): ${PLAIN}${RED}${IP}${PLAIN}"
echo -e " ${BLUE}端口(port):${PLAIN}${RED}${port}${PLAIN}"
echo -e " ${BLUE}id(uuid):${PLAIN}${RED}${uid}${PLAIN}"
echo -e " ${BLUE}流控(flow):${PLAIN}$RED$flow${PLAIN}"
echo -e " ${BLUE}加密(encryption):${PLAIN} ${RED}none${PLAIN}"
echo -e " ${BLUE}传输协议(network):${PLAIN} ${RED}${network}${PLAIN}"
echo -e " ${BLUE}伪装类型(type):${PLAIN}${RED}none$PLAIN"
echo -e " ${BLUE}伪装域名/主机名(host)/SNI/peer名称:${PLAIN}${RED}${domain}${PLAIN}"
echo -e " ${BLUE}底层安全传输(tls):${PLAIN}${RED}TLS${PLAIN}"
else
echo -e " ${BLUE}IP(address): ${PLAIN} ${RED}${IP}${PLAIN}"
echo -e " ${BLUE}端口(port):${PLAIN}${RED}${port}${PLAIN}"
echo -e " ${BLUE}id(uuid):${PLAIN}${RED}${uid}${PLAIN}"
echo -e " ${BLUE}流控(flow):${PLAIN}$RED$flow${PLAIN}"
echo -e " ${BLUE}加密(encryption):${PLAIN} ${RED}none${PLAIN}"
echo -e " ${BLUE}传输协议(network):${PLAIN} ${RED}${network}${PLAIN}"
echo -e " ${BLUE}伪装类型(type):${PLAIN}${RED}none$PLAIN"
echo -e " ${BLUE}伪装域名/主机名(host)/SNI/peer名称:${PLAIN}${RED}${domain}${PLAIN}"
echo -e " ${BLUE}路径(path):${PLAIN}${RED}${wspath}${PLAIN}"
echo -e " ${BLUE}底层安全传输(tls):${PLAIN}${RED}TLS${PLAIN}"
fi
fi
}
showLog() {
res=`status`
if [[ $res -lt 2 ]]; then
colorEcho $RED " Xray未安装,请先安装!"
return
fi
journalctl -xen -u xray --no-pager
}
menu() {
clear
echo "#############################################################"
echo -e "# ${RED}Xray一键安装脚本${PLAIN} #"
echo -e "# ${GREEN}作者${PLAIN}: 网络跳越(hijk) #"
echo -e "# ${GREEN}网址${PLAIN}: https://hijk.art #"
echo -e "# ${GREEN}论坛${PLAIN}: https://hijk.club #"
echo -e "# ${GREEN}TG群${PLAIN}: https://t.me/hijkclub #"
echo -e "# ${GREEN}Youtube频道${PLAIN}: https://youtube.com/channel/UCYTB--VsObzepVJtc9yvUxQ #"
echo "#############################################################"
echo -e " ${GREEN}1.${PLAIN} 安装Xray-VMESS"
echo -e " ${GREEN}2.${PLAIN} 安装Xray-${BLUE}VMESS+mKCP${PLAIN}"
echo -e " ${GREEN}3.${PLAIN} 安装Xray-VMESS+TCP+TLS"
echo -e " ${GREEN}4.${PLAIN} 安装Xray-${BLUE}VMESS+WS+TLS${PLAIN}${RED}(推荐)${PLAIN}"
echo -e " ${GREEN}5.${PLAIN} 安装Xray-${BLUE}VLESS+mKCP${PLAIN}"
echo -e " ${GREEN}6.${PLAIN} 安装Xray-VLESS+TCP+TLS"
echo -e " ${GREEN}7.${PLAIN} 安装Xray-${BLUE}VLESS+WS+TLS${PLAIN}${RED}(可过cdn)${PLAIN}"
echo -e " ${GREEN}8.${PLAIN} 安装Xray-${BLUE}VLESS+TCP+XTLS${PLAIN}${RED}(推荐)${PLAIN}"
echo -e " ${GREEN}9.${PLAIN} 安装${BLUE}trojan${PLAIN}${RED}(推荐)${PLAIN}"
echo -e " ${GREEN}10.${PLAIN} 安装${BLUE}trojan+XTLS${PLAIN}${RED}(推荐)${PLAIN}"
echo " -------------"
echo -e " ${GREEN}11.${PLAIN} 更新Xray"
echo -e " ${GREEN}12. ${RED}卸载Xray${PLAIN}"
echo " -------------"
echo -e " ${GREEN}13.${PLAIN} 启动Xray"
echo -e " ${GREEN}14.${PLAIN} 重启Xray"
echo -e " ${GREEN}15.${PLAIN} 停止Xray"
echo " -------------"
echo -e " ${GREEN}16.${PLAIN} 查看Xray配置"
echo -e " ${GREEN}17.${PLAIN} 查看Xray日志"
echo " -------------"
echo -e " ${GREEN}0.${PLAIN} 退出"
echo -n " 当前状态:"
statusText
echo
read -p " 请选择操作[0-17]:" answer
case $answer in
0)
exit 0
;;
1)
install
;;
2)
KCP="true"
install
;;
3)
TLS="true"
install
;;
4)
TLS="true"
WS="true"
install
;;
5)
VLESS="true"
KCP="true"
install
;;
6)
VLESS="true"
TLS="true"
install
;;
7)
VLESS="true"
TLS="true"
WS="true"
install
;;
8)
VLESS="true"
TLS="true"
XTLS="true"
install
;;
9)
TROJAN="true"
TLS="true"
install
;;
10)
TROJAN="true"
TLS="true"
XTLS="true"
install
;;
11)
update
;;
12)
uninstall
;;
13)
start
;;
14)
restart
;;
15)
stop
;;
16)
showInfo
;;
17)
showLog
;;
*)
colorEcho $RED " 请选择正确的操作!"
exit 1
;;
esac
}
checkSystem
action=$1
[[ -z $1 ]] && action=menu
case "$action" in
menu|update|uninstall|start|restart|stop|showInfo|showLog)
${action}
;;
*)
echo " 参数错误"
echo " 用法: `basename $0` [menu|update|uninstall|start|restart|stop|showInfo|showLog]"
;;
esac
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment