Last active
September 12, 2024 20:31
-
-
Save greatwolf/719af2517b92e07c864cb2a8564f332e to your computer and use it in GitHub Desktop.
Setup Signal + Shadowsocks Proxy on AWS using Lua
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env lua | |
| server_domain = assert(..., 'Pass server domain as first argument') | |
| -- Convenience functions for running shell commands | |
| sh = os.execute | |
| shout = function(cmd) | |
| local out = assert(io.popen(cmd)):read '*all' | |
| assert(type(out) == 'string') | |
| return out:sub(0, -2) -- drop trailing newline | |
| end | |
| -- download base64 and json lua libraries | |
| sh 'wget -O base64.lua https://raw.githubusercontent.com/iskolbin/lbase64/master/base64.lua' | |
| sh 'wget -O dkjson.lua http://dkolf.de/src/dkjson-lua.fsl/raw/dkjson.lua?name=6c6486a4a589ed9ae70654a2821e956650299228' | |
| b64 = require 'base64' | |
| json = require 'dkjson' | |
| resolved = shout ('host ' .. server_domain .. ' 9.9.9.10') | |
| publicip = shout 'curl ipconfig.io' | |
| ipdomain_mismatch = string.format("Domain %s does not resolve to this server's public ip %s", server_domain, publicip) | |
| assert(resolved:match(publicip), ipdomain_mismatch) | |
| -- Install Signal Proxy | |
| sh 'sudo apt-get --yes install docker docker-compose git' | |
| sh 'git clone https://github.com/signalapp/Signal-TLS-Proxy.git' | |
| sh 'sudo rm -rf ./Signal-TLS-Proxy/data/certbot/' | |
| local initcert = | |
| [[ | |
| cd ./Signal-TLS-Proxy | |
| echo '%s' | sudo ./init-certificate.sh | |
| ]] | |
| sh (initcert:format(server_domain)) | |
| sh | |
| [[ | |
| cd ./Signal-TLS-Proxy | |
| sudo docker-compose up --detach | |
| ]] | |
| -- Install Shadowsocks Proxy | |
| sh 'sudo apt-get --yes install shadowsocks-libev' | |
| sh 'sudo chmod 666 /etc/shadowsocks-libev/config.json' | |
| local config = assert(io.open('/etc/shadowsocks-libev/config.json', 'rb')) | |
| config = config:read '*all' | |
| config = json.decode(config) | |
| local lanip = shout 'ip route':match 'default via [%w%. ]+ proto dhcp src ([%d%.]+) metric' | |
| local wanip = publicip | |
| local port = config.server_port | |
| local userinfo = b64.encode(config.method .. ':' .. config.password) | |
| local prefix = "%16%03%01%00%C2%A8%01%01" -- TLS ClientHello | |
| local ss_uri = string.format("ss://%s@%s:%d/?outline=1&prefix=%s", userinfo, wanip, port, prefix) | |
| local ssdns_uri = string.format("ss://%s@%s:%d/?outline=1&prefix=%s", userinfo, server_domain, port, prefix) | |
| for i = #config.server, 1, -1 do | |
| if config.server[i] == lanip then | |
| table.remove(config.server, i) | |
| end | |
| end | |
| table.insert(config.server, lanip) | |
| local newconfig = assert(io.open('/etc/shadowsocks-libev/config.json', 'wb')) | |
| newconfig:write(json.encode(config)) | |
| newconfig:close() | |
| sh 'sudo systemctl stop shadowsocks-libev.service' | |
| sh 'sudo systemctl start shadowsocks-libev.service' | |
| sh 'sudo systemctl status shadowsocks-libev.service' | |
| local urimsg = table.concat | |
| { | |
| '\27[33;92m', | |
| [[ | |
| -================================================================================================- | |
| | Shadow Socks SIP002 URI: | | |
| | %-91.91s | | |
| | %-91.91s | | |
| -================================================================================================- | |
| ]], | |
| '\27[33;0m' | |
| } | |
| print(urimsg:format(ss_uri, ssdns_uri)) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment