Skip to content

Instantly share code, notes, and snippets.

@gengen1988

gengen1988/install.sh

Last active June 12, 2022 02:48
Show Gist options
  • Save gengen1988/12caba65fe05cb46988223eccb1352e5 to your computer and use it in GitHub Desktop.
Save gengen1988/12caba65fe05cb46988223eccb1352e5 to your computer and use it in GitHub Desktop.
Download ZIP
configure openwrt in china
Raw
install.sh
#!/bin/sh
set -e
echo === configure openwrt version 21.02.0 ===
# override shadowsocks server config
SERVER_NAME=lightsail-tokyo
METHOD=xchacha20-ietf-poly1305
HOST=
PORT=
KEY=
# scripts path
PATH_WATCHDOG=/usr/bin/ss-watchdog
PATH_CHNROUTE=/usr/bin/chnroute-update
echo === add openwrt dist repo ===
for a in $(opkg print-architecture | awk '{print $2}'); do
case "$a" in
all|noarch)
;;
aarch64_armv8-a|aarch64_cortex-a53|aarch64_cortex-a72|aarch64_generic|arm_arm926ej-s|arm_arm1176jzf-s_vfp|arm_cortex-a5|arm_cortex-a5_neon-vfpv4|arm_cortex-a5_vfpv4|arm_cortex-a7_neon-vfpv4|arm_cortex-a8_vfpv3|arm_cortex-a9|arm_cortex-a9_neon|arm_cortex-a9_vfpv3|arm_cortex-a15_neon-vfpv4|arm_cortex-a53_neon-vfpv4|arm_fa526|arm_mpcore|arm_mpcore_vfp|arm_xscale|armeb_xscale|i386_pentium|i386_pentium4|mips64_octeon|mips_24kc|mips_mips32|mipsel_24kc|mipsel_24kc_24kf|mipsel_74kc|mipsel_mips32|powerpc_464fp|powerpc_8540|x86_64)
ARCH=${a}
;;
*)
echo "Architectures not support."
exit 0
;;
esac
done
echo -e "\nTarget Arch:\033[32m $ARCH \033[0m\n"
if !(grep -q "openwrt_dist" /etc/opkg/customfeeds.conf); then
wget http://openwrt-dist.sourceforge.net/packages/openwrt-dist.pub
opkg-key add openwrt-dist.pub
echo "src/gz openwrt_dist http://openwrt-dist.sourceforge.net/packages/base/$ARCH" >>/etc/opkg/customfeeds.conf
echo "src/gz openwrt_dist_luci http://openwrt-dist.sourceforge.net/packages/luci" >>/etc/opkg/customfeeds.conf
fi
opkg update
echo === install packages ===
# bypass china
opkg install \
luci-app-chinadns \
luci-app-dns-forwarder \
luci-app-shadowsocks \
shadowsocks-libev \
iptables-mod-tproxy \
luci-compat
# allow https wget
opkg install \
ca-certificates \
ca-bundle \
wget
# apps
opkg install \
luci-app-adblock \
luci-app-statistics \
collectd-mod-ping \
collectd-mod-dns
echo === create admin scripts ===
# create ip list update script
cat > $PATH_CHNROUTE << 'EOF'
#!/bin/sh
wget -O- 'http://ftp.apnic.net/apnic/stats/apnic/delegated-apnic-latest' | awk -F\| '/CN\|ipv4/ { printf("%s/%d\n", $4, 32-log($5)/log(2)) }' > /etc/chinadns_chnroute.txt
EOF
chmod +x $PATH_CHNROUTE
# create watchdog script
cat > $PATH_WATCHDOG << 'EOF'
#!/bin/sh
LOGTIME=$(date "+%Y-%m-%d %H:%M:%S")
TIMEOUT=3
TRIES=3
RATING_URL=https://www.google.com/
REFERENCE_URL=https://www.alipay.com/
network_probe () {
wget --spider --quiet --tries=$TRIES --timeout=$TIMEOUT $1
echo $?
}
if [ `network_probe $RATING_URL` = 0 ]; then
echo [$LOGTIME] No Problem
exit 0
elif [ `network_probe $REFERENCE_URL` = 0 ]; then
echo [$LOGTIME] Problem decteted. Restarting shadowsocks
/etc/init.d/shadowsocks restart > /dev/null
else
echo [$LOGTIME] Network problem. Do nothing
fi
EOF
chmod +x $PATH_WATCHDOG
echo === config shadowsocks ===
SERVER_ID=`uci add shadowsocks servers`
uci set shadowsocks.@servers[-1].alias=$SERVER_NAME
uci set shadowsocks.@servers[-1].encrypt_method=$METHOD
uci set shadowsocks.@servers[-1].fast_open=1
uci set shadowsocks.@servers[-1].no_delay=1
uci set shadowsocks.@servers[-1].password=$KEY
uci set shadowsocks.@servers[-1].server=$HOST
uci set shadowsocks.@servers[-1].server_port=$PORT
uci add_list shadowsocks.@transparent_proxy[0].main_server=$SERVER_ID
uci set shadowsocks.@access_control[0].wan_bp_list=/etc/chinadns_chnroute.txt
uci set shadowsocks.@access_control[0].ipt_ext='-m multiport --dports 53,80,443,465,587,993'
echo === config dns ===
uci set chinadns.@chinadns[0].enable=1
uci set chinadns.@chinadns[0].server=119.29.29.29,127.0.0.1#5300
uci set dns-forwarder.@dns-forwarder[0].enable=1
uci set dhcp.@dnsmasq[0].noresolv=1
uci set dhcp.@dnsmasq[0].cachesize=10000
uci add_list dhcp.@dnsmasq[0].server=127.0.0.1#5353
uci set network.wan.peerdns=0
uci set network.wwan.peerdns=0
uci add_list network.wan.dns=127.0.0.1
uci add_list network.wwan.dns=127.0.0.1
echo === config adblock ===
uci set adblock.global.adb_triggerdelay=30
echo === config cron ===
crontab - << 'EOF'
# beware timezone
# update chnroute at sunday 3:30am
30 3 * * 0 chnroute-update
# Reboot at 4:30am every monday
# Note: To avoid infinite reboot loop, wait 70 seconds
# and touch a file in /etc so clock will be set
# properly to 4:31 on reboot before cron starts.
30 4 * * 1 sleep 70 && touch /etc/banner && reboot
# shadowsocks watchdog, check every 5 min
*/5 * * * * ss-watchdog >> /var/log/ss-watchdog.log 2>&1
# clean log every monday
0 1 * * 1 echo "" > /var/log/ss-watchdog.log
EOF
echo === apply changes ===
uci commit
luci-reload
echo === update system ===
# beware dns configuration override
# you may want upgrade netifd & dnsmasq first
#opkg upgrade netifd dnsmasq
#opkg list-upgradable | cut -f 1 -d ' ' | xargs opkg upgrade
#chnroute-update
echo '=== all done, congratulations! (you may reboot now) ==='
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment