Skip to content

Instantly share code, notes, and snippets.

@whoizit

whoizit/ss+v2ray+cf-wss+ubuntu.sh

Last active November 22, 2023 04:09
Show Gist options
  • Save whoizit/5d29de6161270c7eb20c079add6019d2 to your computer and use it in GitHub Desktop.
Save whoizit/5d29de6161270c7eb20c079add6019d2 to your computer and use it in GitHub Desktop.
Download ZIP
shadowsocks v2ray-plugin cloudflare-wss ubuntu.sh
Raw
ss+v2ray+cf-wss+ubuntu.sh
#!/bin/sh -e
# For Ubuntu 18.04
# How to launch:
# $ curl https://gist.githubusercontent.com/whoizit/5d29de6161270c7eb20c079add6019d2/raw/ss+v2ray+cf-wss+ubuntu.sh
# $ sh ss+v2ray+cf-wss+ubuntu.sh
[ ${EUID:-$(id -u)} -eq 0 ] && {
echo "This script must NOT be run as root"
exit
}
[ $# -eq 0 ] && {
echo -e "\
1. Sing up for:
freenom.com (FN)
cloudflare.com (CF)
Create new domain on FN for free on 12 months
2. Add domain to CF like:
'A @ domain.tld VPS_ipv4_address Proxied'
'AAAA @ domain.tld VPS_ipv6_address Proxied'
3. Add CF-NS servers to FN>Services>My Domains>Manage Domain>Management Tools>Nameservers>
Use custom nameservers
4. dash.cloudflare.com>DOMAIN>SSL/TLS>Overview>
Your SSL/TLS encryption mode is Full (strict)
5. dash.cloudflare.com>DOMAIN>SSL/TLS>Overview>Edge Certificates>
Minimum TLS Version=TLS 1.3
6. dash.cloudflare.com>DOMAIN>Firewall>Settings>
Security Level=Essentially Off
Browser Integrity Check=Off
Privacy Pass Support=Off
7. CF_API_KEY=dash.cloudflare.com>DOMAIN>
Get your API token>Global API Key
DOMAIN=example.com [email protected] CF_API_KEY=asdfghjkl sh $0 'ShAdoWsOcKs-PaSsWoRd777'
\b"
exit
}
sudo apt update && sudo apt upgrade --yes
sudo apt install --yes shadowsocks-libev qrencode
sudo systemctl stop shadowsocks-libev
sudo systemctl disable shadowsocks-libev
curl https://get.acme.sh | sh
curl -kSL \
$(curl -skSL \
"https://circleci.com/api/v1.1/project/github/shadowsocks/v2ray-plugin/latest/artifacts?branch=master" \
| sed -n '/url.*linux-amd64/{s/.*\(https:.*tar.gz\).*/\1/p}'
) \
| tar xz \
&& {
sudo mv v2ray-plugin_linux_amd64 /usr/local/bin/v2ray-plugin
sudo setcap cap_net_bind_service+ep /usr/local/bin/v2ray-plugin
}
cat >config.json <<EOL
{
"server": "0.0.0.0",
"server_port": 443,
"password": "$1",
"method": "xchacha20-ietf-poly1305",
"plugin": "v2ray-plugin",
"plugin_opts": "server;tls;host=$DOMAIN;path=/wss;cert=$HOME/.acme.sh/$DOMAIN/fullchain.cer;key=$HOME/.acme.sh/$DOMAIN/$DOMAIN.key;loglevel=none",
"timeout": 300,
"mptcp": true,
"reuse_port": true,
"fast_open": true,
"ipv6_first": true
}
EOL
sudo mv config.json /etc/shadowsocks-libev/
CF_Key="$CF_API_KEY" CF_Email="$CF_EMAIL" .acme.sh/acme.sh --issue --dns dns_cf -d $DOMAIN
sudo mkdir -p /etc/systemd/system/[email protected]
cat >user.conf <<EOL
[Service]
User=$USER
Group=$USER
EOL
sudo mv user.conf /etc/systemd/system/[email protected]/
sudo systemctl daemon-reload
sudo systemctl start shadowsocks-libev-server@config
sudo systemctl enable shadowsocks-libev-server@config
cat >client.conf <<EOL
{
"server": "'$DOMAIN'",
"server_port": 443,
"local_address": "127.0.0.1",
"local_port": 8443,
"password": "'$1'",
"method": "xchacha20-ietf-poly1305",
"plugin": "v2ray-plugin",
"plugin_opts": "tls;host='$DOMAIN';path=/wss;loglevel=none",
"timeout": 300,
"mptcp": true,
"reuse_port": true,
"fast_open": true,
"ipv6_first": true
}
EOL
echo 'client config:'
cat client.conf
URL=ss://$(echo -n xchacha20-ietf-poly1305:"$1" | base64 -w0 | tr -d '=')@$DOMAIN:443?plugin=v2ray%3Bpath%3D%2Fwss%3Bhost%3D$DOMAIN%3Btls
echo 'URL for shadowsocks-android:'
echo $URL
echo 'QR-code for shadowsocks-android:'
echo $URL | qrencode -t ansi256
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment