muxueqz · September 28, 2025 07:34
diff --git a/client.sh b/client.sh
 #!/bin/bash
 set -e

 WG_INTERFACE="wg0"
 XRAY_VERSION="v25.9.11"
 #XRAY_PATH="/usr/local/bin/xray"
 XRAY_PATH="$PWD/xray"
 XRAY_CONFIG="./config.json"

 mkdir -p ./client-config
 cd ./client-config

 # 检测架构
 ARCH=$(uname -m)
 case "$ARCH" in
  x86_64)   XRAY_ARCH="64" ;;
  aarch64)  XRAY_ARCH="arm64-v8a" ;;
  *) echo "❌ 不支持的架构: $ARCH"; exit 1 ;;
 esac

 # # 安装依赖
 # if command -v apt >/dev/null; then
 #   apt update && apt install -y wireguard curl unzip
 # fi

 # 安装 Xray
 if [ ! -f "$XRAY_PATH" ]; then
  mkdir -p /tmp/xray
  cd /tmp/xray
  curl -L -o xray.zip https://github.com/XTLS/Xray-core/releases/download/${XRAY_VERSION}/Xray-linux-$XRAY_ARCH.zip
  unzip xray.zip
  install -m 755 xray $XRAY_PATH
  cd -
 fi

 # 检查环境变量是否存在
 : "${SERVER_WG_PUBKEY:?请先设置 SERVER_WG_PUBKEY}"
 : "${CLIENT_WG_PRIVKEY:?请先设置 CLIENT_WG_PRIVKEY}"
 : "${XRAY_UUID:?请先设置 XRAY_UUID}"
 : "${XRAY_REALITY_PASSWORD:?请先设置 XRAY_REALITY_PASSWORD}"
 : "${XRAY_REALITY_SHORTID:?请先设置 XRAY_REALITY_SHORTID}"
 : "${WG_SERVER_IP:?请先设置 WG_SERVER_IP}"
 : "${WG_CLIENT_IP:?请先设置 WG_CLIENT_IP}"

 # WireGuard 配置
 cat > ${WG_INTERFACE}.conf <<EOF
 [Interface]
 PrivateKey = ${CLIENT_WG_PRIVKEY}
 Address = ${WG_CLIENT_IP}/32
 MTU = 1420

 [Peer]
 PublicKey = ${SERVER_WG_PUBKEY}
 AllowedIPs = 0.0.0.0/0, ::/0
 Endpoint = 127.0.0.1:51820
 EOF

 # Xray 配置
 cat > ${XRAY_CONFIG} <<EOF
 {
  "inbounds": [
    {
      "port": 51820,
      "protocol": "dokodemo-door",
      "settings": {
        "network": "udp",
        "address": "127.0.0.1",
        "port": 51820
      }
    }
  ],
  "outbounds": [
    {
      "protocol": "vless",
      "settings": {
        "vnext": [
          {
            "address": "${WG_SERVER_IP}",
            "port": 10004,
            "users": [
              {
                "id": "${XRAY_UUID}",
                "flow": "xtls-rprx-vision",
                "encryption": "none"
              }
            ]
          }
        ]
      },
      "streamSettings": {
        "network": "tcp",
        "security": "reality",
        "realitySettings": {
          "fingerprint": "chrome",
          "serverName": "www.cloudflare.com",
          "password": "${XRAY_REALITY_PASSWORD}",
          "shortId": "${XRAY_REALITY_SHORTID}"
        }
      }
    }
  ]
 }
 EOF

 echo "=== ✅ 客户端配置完成 ==="
 echo "WireGuard 配置: ./client-config/${WG_INTERFACE}.conf"
 echo "Xray 配置: ./client-config/${XRAY_CONFIG}"
diff --git a/server.sh b/server.sh
 #!/bin/bash
 set -e

 WG_INTERFACE="wg0"
 WG_PORT=51820
 WG_SERVER_IP="10.66.66.1"
 WG_CLIENT_IP="10.66.66.2"

 XRAY_VERSION="v25.9.11"
 XRAY_PATH="/usr/local/bin/xray"
 XRAY_CONFIG="/usr/local/etc/xray/config.json"
 UUID=$(cat /proc/sys/kernel/random/uuid)
 SHORT_ID=$(openssl rand -hex 8)

 echo "=== 安装依赖 ==="
 apt install -y wireguard curl unzip

 # 检测架构
 ARCH=$(uname -m)
 case "$ARCH" in
  x86_64)   XRAY_ARCH="64" ;;
  aarch64)  XRAY_ARCH="arm64-v8a" ;;
  *) echo "❌ 不支持的架构: $ARCH"; exit 1 ;;
 esac
 echo "检测到架构: $ARCH -> 使用 Xray-$XRAY_ARCH"

 # 安装 Xray
 if [ ! -f "$XRAY_PATH" ]; then
  mkdir -p /tmp/xray
  cd /tmp/xray
  curl -L -o xray.zip https://github.com/XTLS/Xray-core/releases/download/${XRAY_VERSION}/Xray-linux-$XRAY_ARCH.zip
  unzip xray.zip
  install -m 755 xray $XRAY_PATH
  mkdir -p /usr/local/etc/xray
  mkdir -p /var/log/xray
 fi

 # 生成 Reality 密钥
 REALITY_KEYS=$($XRAY_PATH x25519)
 REALITY_PRIVATE_KEY=$(echo "$REALITY_KEYS" | grep "Private" | awk '{print $2}')
 REALITY_PUBLIC_KEY=$(echo "$REALITY_KEYS" | grep "Password" | awk '{print $2}')

 # WireGuard 配置
 mkdir -p /etc/wireguard
 cd /etc/wireguard

 wg genkey | tee server_private.key | wg pubkey > server_public.key
 wg genkey | tee client_private.key | wg pubkey > client_public.key

 cat > /etc/wireguard/${WG_INTERFACE}.conf <<EOF
 [Interface]
 PrivateKey = $(cat server_private.key)
 Address = ${WG_SERVER_IP}/24
 ListenPort = ${WG_PORT}
 MTU = 1420

 [Peer]
 PublicKey = $(cat client_public.key)
 AllowedIPs = ${WG_CLIENT_IP}/32
 EOF

 systemctl enable wg-quick@${WG_INTERFACE}
 systemctl start wg-quick@${WG_INTERFACE}

 # Xray 配置
 cat > $XRAY_CONFIG <<EOF
 {
  "inbounds": [
    {
      "port": 14443,
      "protocol": "vless",
      "settings": {
        "clients": [
          {
            "id": "$UUID",
            "flow": "xtls-rprx-vision"
          }
        ],
        "decryption": "none"
      },
      "streamSettings": {
        "network": "tcp",
        "security": "reality",
        "realitySettings": {
          "show": false,
          "dest": "www.cloudflare.com:443",
          "xver": 0,
          "serverNames": ["www.cloudflare.com"],
          "privateKey": "$REALITY_PRIVATE_KEY",
          "shortIds": ["$SHORT_ID"]
        }
      }
    }
  ],
  "outbounds": [
    {
      "protocol": "freedom"
    }
  ]
 }
 EOF

 # systemd service
 cat > /etc/systemd/system/xray.service <<EOF
 [Unit]
 Description=Xray Service
 After=network.target

 [Service]
 ExecStart=$XRAY_PATH run -c $XRAY_CONFIG
 Restart=on-failure
 User=nobody
 CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE
 AmbientCapabilities=CAP_NET_ADMIN CAP_NET_BIND_SERVICE
 NoNewPrivileges=true

 [Install]
 WantedBy=multi-user.target
 EOF

 systemctl daemon-reexec
 systemctl enable xray
 systemctl restart xray

 #=============================
 # 输出环境变量 (方便客户端使用)
 #=============================
 cat <<EOF

 === ✅ 服务端安装完成 ===

 你可以直接复制以下内容到客户端终端执行：
 -------------------------------------------------
 export SERVER_WG_PUBKEY="$(cat server_public.key)"
 export CLIENT_WG_PRIVKEY="$(cat client_private.key)"
 export CLIENT_WG_PUBKEY="$(cat client_public.key)"
 export XRAY_UUID="$UUID"
 export XRAY_REALITY_PASSWORD="$REALITY_PUBLIC_KEY"
 export XRAY_REALITY_SHORTID="$SHORT_ID"
 export WG_SERVER_IP="$(curl -s ifconfig.me)"
 export WG_CLIENT_IP="$WG_CLIENT_IP"
 -------------------------------------------------

 EOF
	#!/bin/bash
	set -e

	WG_INTERFACE="wg0"
	XRAY_VERSION="v25.9.11"
	#XRAY_PATH="/usr/local/bin/xray"
	XRAY_PATH="$PWD/xray"
	XRAY_CONFIG="./config.json"

	mkdir -p ./client-config
	cd ./client-config

	# 检测架构
	ARCH=$(uname -m)
	case "$ARCH" in
	x86_64) XRAY_ARCH="64" ;;
	aarch64) XRAY_ARCH="arm64-v8a" ;;
	*) echo "❌ 不支持的架构: $ARCH"; exit 1 ;;
	esac

	# # 安装依赖
	# if command -v apt >/dev/null; then
	# apt update && apt install -y wireguard curl unzip
	# fi

	# 安装 Xray
	if [ ! -f "$XRAY_PATH" ]; then
	mkdir -p /tmp/xray
	cd /tmp/xray
	curl -L -o xray.zip https://github.com/XTLS/Xray-core/releases/download/${XRAY_VERSION}/Xray-linux-$XRAY_ARCH.zip
	unzip xray.zip
	install -m 755 xray $XRAY_PATH
	cd -
	fi

	# 检查环境变量是否存在
	: "${SERVER_WG_PUBKEY:?请先设置 SERVER_WG_PUBKEY}"
	: "${CLIENT_WG_PRIVKEY:?请先设置 CLIENT_WG_PRIVKEY}"
	: "${XRAY_UUID:?请先设置 XRAY_UUID}"
	: "${XRAY_REALITY_PASSWORD:?请先设置 XRAY_REALITY_PASSWORD}"
	: "${XRAY_REALITY_SHORTID:?请先设置 XRAY_REALITY_SHORTID}"
	: "${WG_SERVER_IP:?请先设置 WG_SERVER_IP}"
	: "${WG_CLIENT_IP:?请先设置 WG_CLIENT_IP}"

	# WireGuard 配置
	cat > ${WG_INTERFACE}.conf <<EOF
	[Interface]
	PrivateKey = ${CLIENT_WG_PRIVKEY}
	Address = ${WG_CLIENT_IP}/32
	MTU = 1420

	[Peer]
	PublicKey = ${SERVER_WG_PUBKEY}
	AllowedIPs = 0.0.0.0/0, ::/0
	Endpoint = 127.0.0.1:51820
	EOF

	# Xray 配置
	cat > ${XRAY_CONFIG} <<EOF
	{
	"inbounds": [
	{
	"port": 51820,
	"protocol": "dokodemo-door",
	"settings": {
	"network": "udp",
	"address": "127.0.0.1",
	"port": 51820
	}
	}
	],
	"outbounds": [
	{
	"protocol": "vless",
	"settings": {
	"vnext": [
	{
	"address": "${WG_SERVER_IP}",
	"port": 10004,
	"users": [
	{
	"id": "${XRAY_UUID}",
	"flow": "xtls-rprx-vision",
	"encryption": "none"
	}
	]
	}
	]
	},
	"streamSettings": {
	"network": "tcp",
	"security": "reality",
	"realitySettings": {
	"fingerprint": "chrome",
	"serverName": "www.cloudflare.com",
	"password": "${XRAY_REALITY_PASSWORD}",
	"shortId": "${XRAY_REALITY_SHORTID}"
	}
	}
	}
	]
	}
	EOF

	echo "=== ✅ 客户端配置完成 ==="
	echo "WireGuard 配置: ./client-config/${WG_INTERFACE}.conf"
	echo "Xray 配置: ./client-config/${XRAY_CONFIG}"