diff --git a/LICENSE b/LICENSE index fdddb29a..5c93f456 100644 --- a/LICENSE +++ b/LICENSE @@ -1,24 +1,13 @@ -This is free and unencumbered software released into the public domain. + DO WHAT THE FUCK YOU WANT TO PUBLIC LICENSE + Version 2, December 2004 -Anyone is free to copy, modify, publish, use, compile, sell, or -distribute this software, either in source code form or as a compiled -binary, for any purpose, commercial or non-commercial, and by any -means. + Copyright (C) 2004 Sam Hocevar -In jurisdictions that recognize copyright laws, the author or authors -of this software dedicate any and all copyright interest in the -software to the public domain. We make this dedication for the benefit -of the public at large and to the detriment of our heirs and -successors. We intend this dedication to be an overt act of -relinquishment in perpetuity of all present and future rights to this -software under copyright law. + Everyone is permitted to copy and distribute verbatim or modified + copies of this license document, and changing it is allowed as long + as the name is changed. -THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, -EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF -MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. -IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY CLAIM, DAMAGES OR -OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, -ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR -OTHER DEALINGS IN THE SOFTWARE. + DO WHAT THE FUCK YOU WANT TO PUBLIC LICENSE + TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION -For more information, please refer to + 0. You just DO WHAT THE FUCK YOU WANT TO. diff --git a/README.md b/README.md index 03fecaee..6d3b075a 100644 --- a/README.md +++ b/README.md @@ -67,6 +67,8 @@ Youtube频道: ## V2Ray +[V2rayN 4.12配置教程](https://v2raytech.com/v2rayn-4-12-config-tutorial/) + [V2rayN配置教程](https://v2raytech.com/v2rayn-config-tutorial/) [V2rayW配置教程](https://v2raytech.com/v2rayw-config-tutorial/) @@ -141,7 +143,7 @@ Youtube频道: [Mac电脑连接Linux教程](https://v2raytech.com/mac-connect-to-linux-tutorial/) -[vultr常见问题](hijk.pw/vultr-faq/) +[vultr常见问题](https://v2raytech.com/vultr-faq/) [v2ray使用cloudflare中转流量,拯救被墙ip](https://v2raytech.com/use-cloudflare-unlock-blocked-ip/) diff --git a/centos_install_ss.sh b/centos_install_ss.sh index fe95d796..25beea03 100644 --- a/centos_install_ss.sh +++ b/centos_install_ss.sh @@ -1,5 +1,5 @@ #!/bin/bash -# shadowsocks/ss CentOS8一键安装脚本 +# shadowsocks/ss CentOS一键安装脚本 # Author: hijk @@ -224,6 +224,7 @@ installSS() { tag_url="${V6_PROXY}https://api.github.com/repos/shadowsocks/shadowsocks-libev/releases/latest" new_ver="$(normalizeVersion "$(curl -s "${tag_url}" --connect-timeout 10| grep 'tag_name' | cut -d\" -f4)")" + export PATH=/usr/local/bin:$PATH ssPath=`which ss-server` if [[ "$?" != "0" ]]; then installNewVer $new_ver @@ -236,9 +237,6 @@ installSS() { fi fi - echo "3" > /proc/sys/net/ipv4/tcp_fastopen - echo "net.ipv4.tcp_fastopen = 3" >> /etc/sysctl.conf - interface="0.0.0.0" if [[ "$V6_PROXY" != "" ]]; then interface="::" diff --git a/centos_install_ssr.sh b/centos_install_ssr.sh index d6e58c5d..ef30d73b 100644 --- a/centos_install_ssr.sh +++ b/centos_install_ssr.sh @@ -366,8 +366,6 @@ installBBR() { result=$(lsmod | grep bbr) if [ "$result" != "" ]; then colorEcho $GREEN " BBR模块已安装" - echo "3" > /proc/sys/net/ipv4/tcp_fastopen - echo "net.ipv4.tcp_fastopen = 3" >> /etc/sysctl.conf INSTALL_BBR=false return fi @@ -380,7 +378,6 @@ installBBR() { echo "net.core.default_qdisc=fq" >> /etc/sysctl.conf echo "net.ipv4.tcp_congestion_control=bbr" >> /etc/sysctl.conf - echo "net.ipv4.tcp_fastopen = 3" >> /etc/sysctl.conf sysctl -p result=$(lsmod | grep bbr) if [[ "$result" != "" ]]; then @@ -396,7 +393,6 @@ installBBR() { yum remove kernel-3.* -y grub2-set-default 0 echo "tcp_bbr" >> /etc/modules-load.d/modules.conf - echo "3" > /proc/sys/net/ipv4/tcp_fastopen INSTALL_BBR=true } diff --git a/centos_install_v2ray.sh b/centos_install_v2ray.sh index 01c511be..f4e5e6dd 100644 --- a/centos_install_v2ray.sh +++ b/centos_install_v2ray.sh @@ -158,8 +158,6 @@ installBBR() { if [ "$result" != "" ]; then colorEcho $YELLOW " BBR模块已安装" INSTALL_BBR=false - echo "3" > /proc/sys/net/ipv4/tcp_fastopen - echo "net.ipv4.tcp_fastopen = 3" >> /etc/sysctl.conf return; fi @@ -172,7 +170,6 @@ installBBR() { echo "net.core.default_qdisc=fq" >> /etc/sysctl.conf echo "net.ipv4.tcp_congestion_control=bbr" >> /etc/sysctl.conf - echo "net.ipv4.tcp_fastopen = 3" >> /etc/sysctl.conf sysctl -p result=$(lsmod | grep bbr) if [[ "$result" != "" ]]; then @@ -188,7 +185,6 @@ installBBR() { yum --enablerepo=elrepo-kernel install kernel-ml -y grub2-set-default 0 echo "tcp_bbr" >> /etc/modules-load.d/modules.conf - echo "3" > /proc/sys/net/ipv4/tcp_fastopen INSTALL_BBR=true fi } diff --git a/centos_install_v2ray2.sh b/centos_install_v2ray2.sh index b1dec1e2..4feade97 100644 --- a/centos_install_v2ray2.sh +++ b/centos_install_v2ray2.sh @@ -14,15 +14,20 @@ PLAIN='\033[0m' SITES=( http://www.zhuizishu.com/ http://xs.56dyc.com/ -http://www.xiaoshuosk.com/ -https://www.quledu.net/ +#http://www.xiaoshuosk.com/ +#https://www.quledu.net/ http://www.ddxsku.com/ http://www.biqu6.com/ https://www.wenshulou.cc/ -http://www.auutea.com/ +#http://www.auutea.com/ http://www.55shuba.com/ http://www.39shubao.com/ https://www.23xsw.cc/ +#https://www.huanbige.com/ +https://www.jueshitangmen.info/ +https://www.zhetian.org/ +http://www.bequgexs.com/ +http://www.tjwl.com/ ) CONFIG_FILE="/etc/v2ray/config.json" @@ -36,6 +41,15 @@ if [[ "$?" != "0" ]]; then V6_PROXY="https://gh.hijk.art/" fi +BT="false" +NGINX_CONF_PATH="/etc/nginx/conf.d/" + +res=`which bt 2>/dev/null` +if [[ "$res" != "" ]]; then + BT="true" + NGINX_CONF_PATH="/www/server/panel/vhost/nginx/" +fi + checkSystem() { result=$(id | awk '{print $1}') if [[ $result != "uid=0(root)" ]]; then @@ -125,7 +139,7 @@ getData() { echo "" while true do - read -p " 请输入伪装路径,以/开头:" WSPATH + read -p " 请输入伪装路径,以/开头(不懂请直接回车):" WSPATH if [[ -z "${WSPATH}" ]]; then len=`shuf -i5-12 -n1` ws=`cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w $len | head -n 1` @@ -155,11 +169,11 @@ getData() { echo " 1) 静态网站(位于/usr/share/nginx/html)" echo " 2) 小说站(随机选择)" echo " 3) 美女站(https://imeizi.me)" - echo " 4) VPS优惠博客(https://vpsgongyi.com)" + echo " 4) 高清壁纸站(https://bing.imeizi.me)" echo " 5) 自定义反代站点(需以http或者https开头)" - read -p " 请选择伪装网站类型[默认:美女站]" answer + read -p " 请选择伪装网站类型[默认:高清壁纸站]" answer if [[ -z "$answer" ]]; then - PROXY_URL="https://imeizi.me" + PROXY_URL="https://bing.imeizi.me" else case $answer in 1) @@ -185,7 +199,7 @@ getData() { PROXY_URL="https://imeizi.me" ;; 4) - PROXY_URL="https://vpsgongyi.com" + PROXY_URL="https://bing.imeizi.me" ;; 5) read -p " 请输入反代站点(以http或者https开头):" PROXY_URL @@ -248,7 +262,7 @@ preinstall() { getCert() { mkdir -p /etc/v2ray if [[ -z ${CERT_FILE+x} ]]; then - systemctl stop nginx + stopNginx systemctl stop v2ray res=`netstat -ntlp| grep -E ':80 |:443 '` if [[ "${res}" != "" ]]; then @@ -261,12 +275,22 @@ getCert() { yum install -y socat openssl cronie systemctl enable crond systemctl start crond - curl -sL https://get.acme.sh | sh + curl -sL https://get.acme.sh | sh -s email=hijk.pw@protonmail.ch source ~/.bashrc - ~/.acme.sh/acme.sh --issue -d $DOMAIN --standalone + ~/.acme.sh/acme.sh --upgrade --auto-upgrade + ~/.acme.sh/acme.sh --set-default-ca --server letsencrypt + if [[ "$BT" = "false" ]]; then + ~/.acme.sh/acme.sh --issue -d $DOMAIN --keylength ec-256 --pre-hook "systemctl stop nginx" --post-hook "systemctl restart nginx" --standalone + else + ~/.acme.sh/acme.sh --issue -d $DOMAIN --keylength ec-256 --pre-hook "nginx -s stop || { echo -n ''; }" --post-hook "nginx -c /www/server/nginx/conf/nginx.conf || { echo -n ''; }" --standalone + fi + [[ -f ~/.acme.sh/${DOMAIN}_ecc/ca.cer ]] || { + colorEcho $RED " 获取证书失败,请复制上面的红色文字到 https://hijk.art 反馈" + exit 1 + } CERT_FILE="/etc/v2ray/${DOMAIN}.pem" KEY_FILE="/etc/v2ray/${DOMAIN}.key" - ~/.acme.sh/acme.sh --install-cert -d $DOMAIN \ + ~/.acme.sh/acme.sh --install-cert -d $DOMAIN --ecc \ --key-file $KEY_FILE \ --fullchain-file $CERT_FILE \ --reloadcmd "service nginx force-reload" @@ -318,21 +342,20 @@ installV2ray() { } installNginx() { - BT=false - confpath="/etc/nginx/conf.d/" - yum install -y nginx - if [[ "$?" != "0" ]]; then - res=`which nginx` - if [[ "$?" != "0" ]]; then - colorEcho $RED " 您安装了宝塔,请在宝塔后台安装nginx后再运行本脚本" + if [[ "$BT" = "false" ]]; then + yum install -y nginx + res=$(command -v nginx) + if [[ "$res" = "" ]]; then + colorEcho $RED " Nginx安装失败,请到 https://hijk.art 反馈" exit 1 fi - BT=true - confpath="/www/server/panel/vhost/nginx/" - res=`ps aux | grep -i nginx` - [[ "$res" != "" ]] && nginx -s stop + systemctl enable nginx else - systemctl stop nginx + res=$(command -v nginx) + if [[ "$res" = "" ]]; then + colorEcho $RED " 您安装了宝塔,请在宝塔后台安装nginx后再运行本脚本" + exit 1 + fi fi getCert @@ -378,10 +401,10 @@ http { } EOF - mkdir -p /etc/nginx/conf.d; + mkdir -p /etc/nginx/conf.d fi - mkdir -p /usr/share/nginx/html; + mkdir -p /usr/share/nginx/html if [[ "$ALLOW_SPIDER" = "n" ]]; then echo 'User-Agent: *' > /usr/share/nginx/html/robots.txt echo 'Disallow: /' >> /usr/share/nginx/html/robots.txt @@ -395,7 +418,7 @@ EOF sub_filter \"$REMOTE_HOST\" \"$DOMAIN\"; sub_filter_once off;" fi - cat > ${confpath}${DOMAIN}.conf<<-EOF + cat > ${NGINX_CONF_PATH}${DOMAIN}.conf<<-EOF server { listen 80; listen [::]:80; @@ -444,21 +467,37 @@ server { } EOF - if [[ "$BT" = "false" ]]; then - systemctl enable nginx && systemctl restart nginx - else - nginx -c /www/server/nginx/conf/nginx.conf - fi + startNginx systemctl start v2ray sleep 3 res=`netstat -nltp | grep ${PORT} | grep nginx` if [[ "${res}" = "" ]]; then - echo -e " nginx启动失败! 请到 ${RED}https://www.hijk.pw${PLAIN} 反馈" + nginx -t + echo -e " nginx启动失败! 请到 ${RED}https://hijk.art${PLAIN} 反馈" exit 1 fi } +startNginx() { + if [[ "$BT" = "false" ]]; then + systemctl start nginx + else + nginx -c /www/server/nginx/conf/nginx.conf + fi +} + +stopNginx() { + if [[ "$BT" = "false" ]]; then + systemctl stop nginx + else + res=`ps aux | grep -i nginx` + if [[ "$res" != "" ]]; then + nginx -s stop + fi + fi +} + function setFirewall() { systemctl status firewalld > /dev/null 2>&1 @@ -490,8 +529,6 @@ installBBR() { if [[ "$result" != "" ]]; then colorEcho $YELLOW " BBR模块已安装" INSTALL_BBR=false - echo "3" > /proc/sys/net/ipv4/tcp_fastopen - echo "net.ipv4.tcp_fastopen = 3" >> /etc/sysctl.conf return; fi res=`hostnamectl | grep -i openvz` @@ -503,7 +540,6 @@ installBBR() { echo "net.core.default_qdisc=fq" >> /etc/sysctl.conf echo "net.ipv4.tcp_congestion_control=bbr" >> /etc/sysctl.conf - echo "net.ipv4.tcp_fastopen = 3" >> /etc/sysctl.conf sysctl -p result=$(lsmod | grep bbr) if [[ "$result" != "" ]]; then @@ -519,7 +555,6 @@ installBBR() { yum --enablerepo=elrepo-kernel install kernel-ml -y grub2-set-default 0 echo "tcp_bbr" >> /etc/modules-load.d/modules.conf - echo "3" > /proc/sys/net/ipv4/tcp_fastopen INSTALL_BBR=true fi } @@ -542,11 +577,7 @@ info() { exit 1 fi path=`grep path $CONFIG_FILE| cut -d: -f2 | tr -d \",' '` - confpath="/etc/nginx/conf.d/" - if [[ ! -f $confpath${domain}.conf ]]; then - confpath="/www/server/panel/vhost/nginx/" - fi - port=`cat ${confpath}${domain}.conf | grep -i ssl | head -n1 | awk '{print $2}'` + port=`cat ${NGINX_CONF_PATH}${domain}.conf | grep -i ssl | head -n1 | awk '{print $2}'` security="none" res=`netstat -nltp | grep ${port} | grep nginx` @@ -573,7 +604,7 @@ info() { echo -e " ${BLUE}v2ray运行状态:${PLAIN}${v2status}" echo -e " ${BLUE}v2ray配置文件:${PLAIN}${RED}$CONFIG_FILE${PLAIN}" echo -e " ${BLUE}nginx运行状态:${PLAIN}${ngstatus}" - echo -e " ${BLUE}nginx配置文件:${PLAIN}${RED}${confpath}${domain}.conf${PLAIN}" + echo -e " ${BLUE}nginx配置文件:${PLAIN}${RED}${NGINX_CONF_PATH}${domain}.conf${PLAIN}" echo "" echo -e " ${RED}v2ray配置信息:${PLAIN} " echo -e " ${BLUE}IP(address): ${PLAIN} ${RED}${IP}${PLAIN}" @@ -583,7 +614,7 @@ info() { echo -e " ${BLUE}加密方式(security):${PLAIN} ${RED}$security${PLAIN}" echo -e " ${BLUE}传输协议(network):${PLAIN} ${RED}${network}${PLAIN}" echo -e " ${BLUE}伪装类型(type):${PLAIN}${RED}none${PLAIN}" - echo -e " ${BLUE}伪装域名/主机名(host):${PLAIN}${RED}${domain}${PLAIN}" + echo -e " ${BLUE}伪装域名/主机名(host)/SNI/peer名称:${PLAIN}${RED}${domain}${PLAIN}" echo -e " ${BLUE}路径(path):${PLAIN}${RED}${path}${PLAIN}" echo -e " ${BLUE}底层安全传输(tls):${PLAIN}${RED}TLS${PLAIN}" echo diff --git a/goV2.sh b/goV2.sh index 6e30a13d..afee8864 100644 --- a/goV2.sh +++ b/goV2.sh @@ -110,11 +110,14 @@ archAffix(){ x86_64|amd64) echo '64' ;; - *armv7*|armv6l) - echo 'arm' + *armv7*) + echo 'arm32-v7a' + ;; + armv6*) + echo 'arm32-v6a' ;; *armv8*|aarch64) - echo 'arm64' + echo 'arm64-v8a' ;; *mips64le*) echo 'mips64le' diff --git a/mtproto.sh b/mtproto.sh index 99809477..24455a34 100644 --- a/mtproto.sh +++ b/mtproto.sh @@ -12,7 +12,7 @@ export MTG_CONFIG="${MTG_CONFIG:-$HOME/.config/mtg}" export MTG_ENV="$MTG_CONFIG/env" export MTG_SECRET="$MTG_CONFIG/secret" export MTG_CONTAINER="${MTG_CONTAINER:-mtg}" -export MTG_IMAGENAME="${MTG_IMAGENAME:-nineseconds/mtg:stable}" +export MTG_IMAGENAME="${MTG_IMAGENAME:-nineseconds/mtg:1}" DOCKER_CMD="$(command -v docker)" OSNAME=`hostnamectl | grep -i system | cut -d: -f2` @@ -131,12 +131,12 @@ installDocker() { curl \ gnupg-agent \ software-properties-common - curl -fsSL https://download.docker.com/linux/$OS/gpg | sudo apt-key add - + curl -fsSL https://download.docker.com/linux/$OS/gpg | apt-key add - add-apt-repository \ "deb [arch=amd64] https://download.docker.com/linux/$OS \ $(lsb_release -cs) \ stable" - #apt update -y + apt update else wget -O /etc/yum.repos.d/docker-ce.repo https://download.docker.com/linux/centos/docker-ce.repo yum clean all diff --git a/ss.sh b/ss.sh index cb947bbe..df9b5504 100644 --- a/ss.sh +++ b/ss.sh @@ -59,6 +59,7 @@ checkSystem() { } status() { + export PATH=/usr/local/bin:$PATH cmd="$(command -v ss-server)" if [[ "$cmd" = "" ]]; then echo 0 @@ -200,6 +201,7 @@ getData() { preinstall() { $PMT clean all #echo $CMD_UPGRADE | bash + [[ "$PMT" = "apt" ]] && $PMT update echo "" colorEcho $BULE " 安装必要软件" @@ -293,6 +295,7 @@ installSS() { tag_url="${V6_PROXY}https://api.github.com/repos/shadowsocks/shadowsocks-libev/releases/latest" new_ver="$(normalizeVersion "$(curl -s "${tag_url}" --connect-timeout 10| grep 'tag_name' | cut -d\" -f4)")" + export PATH=/usr/local/bin:$PATH ssPath=`which ss-server 2>/dev/null` if [[ "$?" != "0" ]]; then [[ "$new_ver" != "" ]] || new_ver="3.3.5" @@ -333,8 +336,6 @@ installBBR() { result=$(lsmod | grep bbr) if [[ "$result" != "" ]]; then colorEcho $GREEN " BBR模块已安装" - echo "3" > /proc/sys/net/ipv4/tcp_fastopen - echo "net.ipv4.tcp_fastopen = 3" >> /etc/sysctl.conf INSTALL_BBR=false return fi @@ -347,7 +348,6 @@ installBBR() { echo "net.core.default_qdisc=fq" >> /etc/sysctl.conf echo "net.ipv4.tcp_congestion_control=bbr" >> /etc/sysctl.conf - echo "net.ipv4.tcp_fastopen = 3" >> /etc/sysctl.conf sysctl -p result=$(lsmod | grep bbr) if [[ "$result" != "" ]]; then @@ -366,14 +366,12 @@ installBBR() { $CMD_REMOVE kernel-3.* grub2-set-default 0 echo "tcp_bbr" >> /etc/modules-load.d/modules.conf - echo "3" > /proc/sys/net/ipv4/tcp_fastopen INSTALL_BBR=true fi else $CMD_INSTALL --install-recommends linux-generic-hwe-16.04 grub-set-default 0 echo "tcp_bbr" >> /etc/modules-load.d/modules.conf - echo "3" > /proc/sys/net/ipv4/tcp_fastopen INSTALL_BBR=true fi } @@ -415,6 +413,12 @@ setFirewall() { } showInfo() { + res=`status` + if [[ $res -lt 2 ]]; then + echo -e " ${RED}SS未安装,请先安装!${PLAIN}" + return + fi + port=`grep server_port $CONFIG_FILE | cut -d: -f2 | tr -d \",' '` res=`netstat -nltp | grep ${port} | grep 'ss-server'` [[ -z "$res" ]] && status="${RED}已停止${PLAIN}" || status="${GREEN}正在运行${PLAIN}" @@ -435,6 +439,24 @@ showInfo() { echo -e " ${BLUE}加密方式(method):${PLAIN} ${RED}${method}${PLAIN}" echo echo -e " ${BLUE}ss链接${PLAIN}: ${link}" + #qrencode -o - -t utf8 ${link} +} + +showQR() { + res=`status` + if [[ $res -lt 2 ]]; then + echo -e " ${RED}SS未安装,请先安装!${PLAIN}" + return + fi + + port=`grep server_port $CONFIG_FILE | cut -d: -f2 | tr -d \",' '` + res=`netstat -nltp | grep ${port} | grep 'ss-server'` + [[ -z "$res" ]] && status="${RED}已停止${PLAIN}" || status="${GREEN}正在运行${PLAIN}" + password=`grep password $CONFIG_FILE| cut -d: -f2 | tr -d \",' '` + method=`grep method $CONFIG_FILE| cut -d: -f2 | tr -d \",' '` + + res=`echo -n "${method}:${password}@${IP}:${port}" | base64 -w 0` + link="ss://${res}" qrencode -o - -t utf8 ${link} } @@ -527,6 +549,12 @@ stop() { } uninstall() { + res=`status` + if [[ $res -lt 2 ]]; then + echo -e " ${RED}SS未安装,请先安装!${PLAIN}" + return + fi + echo "" read -p " 确定卸载SS吗?(y/n)" answer [[ -z ${answer} ]] && answer="n" @@ -544,6 +572,11 @@ uninstall() { } showLog() { + res=`status` + if [[ $res -lt 2 ]]; then + echo -e " ${RED}SS未安装,请先安装!${PLAIN}" + return + fi journalctl -xen --no-pager -u ${NAME} } @@ -561,15 +594,16 @@ menu() { echo -e " ${GREEN}1.${PLAIN} 安装SS" echo -e " ${GREEN}2.${PLAIN} 更新SS" - echo -e " ${GREEN}3.${PLAIN} 卸载SS" + echo -e " ${GREEN}3. ${RED}卸载SS${PLAIN}" echo " -------------" echo -e " ${GREEN}4.${PLAIN} 启动SS" echo -e " ${GREEN}5.${PLAIN} 重启SS" echo -e " ${GREEN}6.${PLAIN} 停止SS" echo " -------------" echo -e " ${GREEN}7.${PLAIN} 查看SS配置" - echo -e " ${GREEN}8.${PLAIN} 修改SS配置" - echo -e " ${GREEN}9.${PLAIN} 查看SS日志" + echo -e " ${GREEN}8.${PLAIN} 查看配置二维码" + echo -e " ${GREEN}9. ${RED}修改SS配置${PLAIN}" + echo -e " ${GREEN}10.${PLAIN} 查看SS日志" echo " -------------" echo -e " ${GREEN}0.${PLAIN} 退出" echo @@ -604,9 +638,12 @@ menu() { showInfo ;; 8) - reconfig + showQR ;; 9) + reconfig + ;; + 10) showLog ;; *) @@ -618,4 +655,14 @@ menu() { checkSystem -menu +action=$1 +[[ -z $1 ]] && action=menu +case "$action" in + menu|install|update|uninstall|start|restart|stop|showInfo|showQR|showLog) + ${action} + ;; + *) + echo " 参数错误" + echo " 用法: `basename $0` [menu|install|update|uninstall|start|restart|stop|showInfo|showQR|showLog]" + ;; +esac diff --git a/ssr.sh b/ssr.sh index 409625f2..ce7203cf 100644 --- a/ssr.sh +++ b/ssr.sh @@ -1,5 +1,5 @@ #!/bin/bash -# shadowsocksR/SSR CentOS 7/8一键安装教程 +# shadowsocksR/SSR一键安装教程 # Author: hijk @@ -290,6 +290,7 @@ statusText() { preinstall() { $PMT clean all + [[ "$PMT" = "apt" ]] && $PMT update #echo $CMD_UPGRADE | bash echo "" colorEcho $BLUE " 安装必要软件" @@ -414,8 +415,6 @@ installBBR() { result=$(lsmod | grep bbr) if [[ "$result" != "" ]]; then colorEcho $GREEN " BBR模块已安装" - echo "3" > /proc/sys/net/ipv4/tcp_fastopen - echo "net.ipv4.tcp_fastopen = 3" >> /etc/sysctl.conf INSTALL_BBR=false return fi @@ -428,7 +427,6 @@ installBBR() { echo "net.core.default_qdisc=fq" >> /etc/sysctl.conf echo "net.ipv4.tcp_congestion_control=bbr" >> /etc/sysctl.conf - echo "net.ipv4.tcp_fastopen = 3" >> /etc/sysctl.conf sysctl -p result=$(lsmod | grep bbr) if [[ "$result" != "" ]]; then @@ -446,19 +444,22 @@ installBBR() { $CMD_REMOVE kernel-3.* grub2-set-default 0 echo "tcp_bbr" >> /etc/modules-load.d/modules.conf - echo "3" > /proc/sys/net/ipv4/tcp_fastopen INSTALL_BBR=true fi else $CMD_INSTALL --install-recommends linux-generic-hwe-16.04 grub-set-default 0 echo "tcp_bbr" >> /etc/modules-load.d/modules.conf - echo "3" > /proc/sys/net/ipv4/tcp_fastopen INSTALL_BBR=true fi } showInfo() { + res=`status` + if [[ $res -lt 2 ]]; then + echo -e " ${RED}SSR未安装,请先安装!${PLAIN}" + return + fi port=`grep server_port $CONFIG_FILE| cut -d: -f2 | tr -d \",' '` res=`netstat -nltp | grep ${port} | grep python` [[ -z "$res" ]] && status="${RED}已停止${PLAIN}" || status="${GREEN}正在运行${PLAIN}" @@ -487,6 +488,28 @@ showInfo() { echo -e " ${BLUE}混淆(obfuscation):${PLAIN} ${RED}${obfs}${PLAIN}" echo echo -e " ${BLUE}ssr链接:${PLAIN} $link" + #qrencode -o - -t utf8 $link +} + +showQR() { + res=`status` + if [[ $res -lt 2 ]]; then + echo -e " ${RED}SSR未安装,请先安装!${PLAIN}" + return + fi + port=`grep server_port $CONFIG_FILE| cut -d: -f2 | tr -d \",' '` + res=`netstat -nltp | grep ${port} | grep python` + [[ -z "$res" ]] && status="${RED}已停止${PLAIN}" || status="${GREEN}正在运行${PLAIN}" + password=`grep password $CONFIG_FILE| cut -d: -f2 | tr -d \",' '` + method=`grep method $CONFIG_FILE| cut -d: -f2 | tr -d \",' '` + protocol=`grep protocol $CONFIG_FILE| cut -d: -f2 | tr -d \",' '` + obfs=`grep obfs $CONFIG_FILE| cut -d: -f2 | tr -d \",' '` + + p1=`echo -n ${password} | base64 -w 0` + p1=`echo -n ${p1} | tr -d =` + res=`echo -n "${IP}:${port}:${protocol}:${method}:${obfs}:${p1}/?remarks=&protoparam=&obfsparam=" | base64 -w 0` + res=`echo -n ${res} | tr -d =` + link="ssr://${res}" qrencode -o - -t utf8 $link } @@ -531,6 +554,12 @@ reconfig() { } uninstall() { + res=`status` + if [[ $res -lt 2 ]]; then + echo -e " ${RED}SSR未安装,请先安装!${PLAIN}" + return + fi + echo "" read -p " 确定卸载SSR吗?(y/n)" answer [[ -z ${answer} ]] && answer="n" @@ -599,15 +628,16 @@ menu() { echo "" echo -e " ${GREEN}1.${PLAIN} 安装SSR" - echo -e " ${GREEN}2.${PLAIN} 卸载SSR" + echo -e " ${GREEN}2. ${RED}卸载SSR${PLAIN}" echo " -------------" echo -e " ${GREEN}4.${PLAIN} 启动SSR" echo -e " ${GREEN}5.${PLAIN} 重启SSR" echo -e " ${GREEN}6.${PLAIN} 停止SSR" echo " -------------" echo -e " ${GREEN}7.${PLAIN} 查看SSR配置" - echo -e " ${GREEN}8.${PLAIN} 修改SSR配置" - echo -e " ${GREEN}9.${PLAIN} 查看SSR日志" + echo -e " ${GREEN}8.${PLAIN} 查看配置二维码" + echo -e " ${GREEN}9. ${RED}修改SSR配置${PLAIN}" + echo -e " ${GREEN}10.${PLAIN} 查看SSR日志" echo " -------------" echo -e " ${GREEN}0.${PLAIN} 退出" echo @@ -639,9 +669,12 @@ menu() { showInfo ;; 8) - reconfig + showQR ;; 9) + reconfig + ;; + 10) showLog ;; *) @@ -653,4 +686,15 @@ menu() { checkSystem -menu +action=$1 +[[ -z $1 ]] && action=menu +case "$action" in + menu|install|uninstall|start|restart|stop|showInfo|showQR|showLog) + ${action} + ;; + *) + echo " 参数错误" + echo " 用法: `basename $0` [menu|install|uninstall|start|restart|stop|showInfo|showQR|showLog]" + ;; +esac + diff --git a/trojan-go.sh b/trojan-go.sh index c5303957..cff64361 100644 --- a/trojan-go.sh +++ b/trojan-go.sh @@ -1,5 +1,5 @@ #!/bin/bash -# MTProto一键安装脚本 +# trojan-go一键安装脚本 # Author: hijk @@ -32,15 +32,20 @@ fi SITES=( http://www.zhuizishu.com/ http://xs.56dyc.com/ -http://www.xiaoshuosk.com/ -https://www.quledu.net/ +#http://www.xiaoshuosk.com/ +#https://www.quledu.net/ http://www.ddxsku.com/ http://www.biqu6.com/ https://www.wenshulou.cc/ -http://www.auutea.com/ +#http://www.auutea.com/ http://www.55shuba.com/ http://www.39shubao.com/ https://www.23xsw.cc/ +#https://www.huanbige.com/ +https://www.jueshitangmen.info/ +https://www.zhetian.org/ +http://www.bequgexs.com/ +http://www.tjwl.com/ ) ZIP_FILE="trojan-go" @@ -216,9 +221,9 @@ getData() { fi echo "" - read -p " 请设置trojan密码(不输则随机生成):" PASSWORD + read -p " 请设置trojan-go密码(不输则随机生成):" PASSWORD [[ -z "$PASSWORD" ]] && PASSWORD=`cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 16 | head -n 1` - colorEcho $BLUE " trojan密码:$PASSWORD" + colorEcho $BLUE " trojan-go密码:$PASSWORD" echo "" while true do @@ -226,27 +231,27 @@ getData() { if [[ ${answer,,} = "n" ]]; then break fi - read -p " 请设置trojan密码(不输则随机生成):" pass + read -p " 请设置trojan-go密码(不输则随机生成):" pass [[ -z "$pass" ]] && pass=`cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 16 | head -n 1` echo "" - colorEcho $BLUE " trojan密码:$pass" + colorEcho $BLUE " trojan-go密码:$pass" PASSWORD="${PASSWORD}\",\"$pass" done echo "" - read -p " 请输入trojan端口[100-65535的一个数字,默认443]:" PORT + read -p " 请输入trojan-go端口[100-65535的一个数字,默认443]:" PORT [[ -z "${PORT}" ]] && PORT=443 if [[ "${PORT:0:1}" = "0" ]]; then echo -e "${RED}端口不能以0开头${PLAIN}" exit 1 fi - colorEcho $BLUE " trojan端口:$PORT" + colorEcho $BLUE " trojan-go端口:$PORT" if [[ ${WS} = "true" ]]; then echo "" while true do - read -p " 请输入伪装路径,以/开头:" WSPATH + read -p " 请输入伪装路径,以/开头(不懂请直接回车):" WSPATH if [[ -z "${WSPATH}" ]]; then len=`shuf -i5-12 -n1` ws=`cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w $len | head -n 1` @@ -269,11 +274,11 @@ getData() { echo " 1) 静态网站(位于/usr/share/nginx/html)" echo " 2) 小说站(随机选择)" echo " 3) 美女站(https://imeizi.me)" - echo " 4) VPS优惠博客(https://vpsgongyi.com)" + echo " 4) 高清壁纸站(https://bing.imeizi.me)" echo " 5) 自定义反代站点(需以http或者https开头)" - read -p " 请选择伪装网站类型[默认:美女站]" answer + read -p " 请选择伪装网站类型[默认:高清壁纸站]" answer if [[ -z "$answer" ]]; then - PROXY_URL="https://imeizi.me" + PROXY_URL="https://bing.imeizi.me" else case $answer in 1) @@ -299,7 +304,7 @@ getData() { PROXY_URL="https://imeizi.me" ;; 4) - PROXY_URL="https://vpsgongyi.com" + PROXY_URL="https://bing.imeizi.me" ;; 5) read -p " 请输入反代站点(以http或者https开头):" PROXY_URL @@ -347,9 +352,22 @@ installNginx() { colorEcho $BLUE " 安装nginx..." if [[ "$BT" = "false" ]]; then if [[ "$PMT" = "yum" ]]; then - $CMD_INSTALL epel-release + $CMD_INSTALL epel-release + if [[ "$?" != "0" ]]; then + echo '[nginx-stable] +name=nginx stable repo +baseurl=http://nginx.org/packages/centos/$releasever/$basearch/ +gpgcheck=1 +enabled=1 +gpgkey=https://nginx.org/keys/nginx_signing.key +module_hotfixes=true' > /etc/yum.repos.d/nginx.repo + fi fi $CMD_INSTALL nginx + if [[ "$?" != "0" ]]; then + colorEcho $RED " Nginx安装失败,请到 https://hijk.art 反馈" + exit 1 + fi systemctl enable nginx else res=`which nginx 2>/dev/null` @@ -403,12 +421,22 @@ getCert() { systemctl start cron systemctl enable cron fi - curl -sL https://get.acme.sh | sh + curl -sL https://get.acme.sh | sh -s email=hijk.pw@protonmail.ch source ~/.bashrc - ~/.acme.sh/acme.sh --issue -d $DOMAIN --standalone + ~/.acme.sh/acme.sh --upgrade --auto-upgrade + ~/.acme.sh/acme.sh --set-default-ca --server letsencrypt + if [[ "$BT" = "false" ]]; then + ~/.acme.sh/acme.sh --issue -d $DOMAIN --keylength ec-256 --pre-hook "systemctl stop nginx" --post-hook "systemctl restart nginx" --standalone + else + ~/.acme.sh/acme.sh --issue -d $DOMAIN --keylength ec-256 --pre-hook "nginx -s stop || { echo -n ''; }" --post-hook "nginx -c /www/server/nginx/conf/nginx.conf || { echo -n ''; }" --standalone + fi + [[ -f ~/.acme.sh/${DOMAIN}_ecc/ca.cer ]] || { + colorEcho $RED " 获取证书失败,请复制上面的红色文字到 https://hijk.art 反馈" + exit 1 + } CERT_FILE="/etc/trojan-go/${DOMAIN}.pem" KEY_FILE="/etc/trojan-go/${DOMAIN}.key" - ~/.acme.sh/acme.sh --install-cert -d $DOMAIN \ + ~/.acme.sh/acme.sh --install-cert -d $DOMAIN --ecc \ --key-file $KEY_FILE \ --fullchain-file $CERT_FILE \ --reloadcmd "service nginx force-reload" @@ -427,6 +455,9 @@ configNginx() { if [[ "$ALLOW_SPIDER" = "n" ]]; then echo 'User-Agent: *' > /usr/share/nginx/html/robots.txt echo 'Disallow: /' >> /usr/share/nginx/html/robots.txt + ROBOT_CONFIG=" location = /robots.txt {}" + else + ROBOT_CONFIG="" fi if [[ "$BT" = "false" ]]; then if [[ ! -f /etc/nginx/nginx.conf.bak ]]; then @@ -485,6 +516,8 @@ server { listen [::]:80; server_name ${DOMAIN}; root /usr/share/nginx/html; + + $ROBOT_CONFIG } EOF else @@ -502,8 +535,7 @@ server { sub_filter_once off; } - location = /robots.txt { - } + $ROBOT_CONFIG } EOF fi @@ -534,7 +566,6 @@ installTrojan() { } configTrojan() { - rm -rf /etc/trojan-go mkdir -p /etc/trojan-go cat > $CONFIG_FILE <<-EOF { @@ -650,8 +681,6 @@ installBBR() { if [[ "$result" != "" ]]; then echo " BBR模块已安装" INSTALL_BBR=false - echo "3" > /proc/sys/net/ipv4/tcp_fastopen - echo "net.ipv4.tcp_fastopen = 3" >> /etc/sysctl.conf return fi res=`hostnamectl | grep -i openvz` @@ -663,7 +692,6 @@ installBBR() { echo "net.core.default_qdisc=fq" >> /etc/sysctl.conf echo "net.ipv4.tcp_congestion_control=bbr" >> /etc/sysctl.conf - echo "net.ipv4.tcp_fastopen = 3" >> /etc/sysctl.conf sysctl -p result=$(lsmod | grep bbr) if [[ "$result" != "" ]]; then @@ -681,14 +709,12 @@ installBBR() { $CMD_REMOVE kernel-3.* grub2-set-default 0 echo "tcp_bbr" >> /etc/modules-load.d/modules.conf - echo "3" > /proc/sys/net/ipv4/tcp_fastopen INSTALL_BBR=true fi else $CMD_INSTALL --install-recommends linux-generic-hwe-16.04 grub-set-default 0 echo "tcp_bbr" >> /etc/modules-load.d/modules.conf - echo "3" > /proc/sys/net/ipv4/tcp_fastopen INSTALL_BBR=true fi } @@ -697,6 +723,7 @@ install() { getData $PMT clean all + [[ "$PMT" = "apt" ]] && $PMT update #echo $CMD_UPGRADE | bash $CMD_INSTALL wget vim unzip tar gcc openssl $CMD_INSTALL net-tools @@ -757,6 +784,12 @@ update() { } uninstall() { + res=`status` + if [[ $res -lt 2 ]]; then + echo -e " ${RED}trojan-go未安装,请先安装!${PLAIN}" + return + fi + echo "" read -p " 确定卸载trojan-go?[y/n]:" answer if [[ "${answer,,}" = "y" ]]; then @@ -862,19 +895,20 @@ showInfo() { line1=`grep -n 'websocket' $CONFIG_FILE | head -n1 | cut -d: -f1` line11=`expr $line1 + 1` ws=`sed -n "${line11}p" $CONFIG_FILE | cut -d: -f2 | tr -d \",' '` - echo - echo -e " ${RED}trojan-go配置信息:${PLAIN}" - echo - echo -n " 当前状态:" + echo "" + echo -n " trojan-go运行状态:" statusText - echo -e " IP:${RED}$IP${PLAIN}" - echo -e " 伪装域名/主机名(host):${RED}$domain${PLAIN}" - echo -e " 端口(port):${RED}$port${PLAIN}" - echo -e " 密码(password):${RED}$password${PLAIN}" + echo "" + echo -e " ${BLUE}trojan-go配置文件: ${PLAIN} ${RED}${CONFIG_FILE}${PLAIN}" + echo -e " ${BLUE}trojan-go配置信息:${PLAIN}" + echo -e " IP:${RED}$IP${PLAIN}" + echo -e " 伪装域名/主机名(host)/SNI/peer名称:${RED}$domain${PLAIN}" + echo -e " 端口(port):${RED}$port${PLAIN}" + echo -e " 密码(password):${RED}$password${PLAIN}" if [[ $ws = "true" ]]; then - echo -e " websocket:${RED}true${PLAIN}" + echo -e " websocket:${RED}true${PLAIN}" wspath=`grep path $CONFIG_FILE | cut -d: -f2 | tr -d \",' '` - echo -e " ws路径(ws path):${RED}${wspath}${PLAIN}" + echo -e " ws路径(ws path):${RED}${wspath}${PLAIN}" fi echo "" } @@ -904,14 +938,14 @@ menu() { echo -e " ${GREEN}1.${PLAIN} 安装trojan-go" echo -e " ${GREEN}2.${PLAIN} 安装trojan-go+WS" echo -e " ${GREEN}3.${PLAIN} 更新trojan-go" - echo -e " ${GREEN}4.${PLAIN} 卸载trojan-go" + echo -e " ${GREEN}4. ${RED}卸载trojan-go${PLAIN}" echo " -------------" echo -e " ${GREEN}5.${PLAIN} 启动trojan-go" echo -e " ${GREEN}6.${PLAIN} 重启trojan-go" echo -e " ${GREEN}7.${PLAIN} 停止trojan-go" echo " -------------" echo -e " ${GREEN}8.${PLAIN} 查看trojan-go配置" - echo -e " ${GREEN}9.${PLAIN} 修改trojan-go配置" + echo -e " ${GREEN}9. ${RED}修改trojan-go配置${PLAIN}" echo -e " ${GREEN}10.${PLAIN} 查看trojan-go日志" echo " -------------" echo -e " ${GREEN}0.${PLAIN} 退出" @@ -965,4 +999,14 @@ menu() { checkSystem -menu +action=$1 +[[ -z $1 ]] && action=menu +case "$action" in + menu|update|uninstall|start|restart|stop|showInfo|showLog) + ${action} + ;; + *) + echo " 参数错误" + echo " 用法: `basename $0` [menu|update|uninstall|start|restart|stop|showInfo|showLog]" + ;; +esac diff --git a/trojan.sh b/trojan.sh index 4c42fab3..d12739d9 100644 --- a/trojan.sh +++ b/trojan.sh @@ -30,15 +30,20 @@ fi SITES=( http://www.zhuizishu.com/ http://xs.56dyc.com/ -http://www.xiaoshuosk.com/ -https://www.quledu.net/ +#http://www.xiaoshuosk.com/ +#https://www.quledu.net/ http://www.ddxsku.com/ http://www.biqu6.com/ https://www.wenshulou.cc/ -http://www.auutea.com/ +#http://www.auutea.com/ http://www.55shuba.com/ http://www.39shubao.com/ https://www.23xsw.cc/ +#https://www.huanbige.com/ +https://www.jueshitangmen.info/ +https://www.zhetian.org/ +http://www.bequgexs.com/ +http://www.tjwl.com/ ) CONFIG_FILE=/usr/local/etc/trojan/config.json @@ -80,11 +85,11 @@ function checkSystem() } status() { - trojan_cmd="$(command -v trojan)" - if [[ "$trojan_cmd" = "" ]]; then + if [[ ! -f /usr/local/bin/trojan ]]; then echo 0 return fi + if [[ ! -f $CONFIG_FILE ]]; then echo 1 return @@ -174,11 +179,11 @@ function getData() echo " 1) 静态网站(位于/usr/share/nginx/html)" echo " 2) 小说站(随机选择)" echo " 3) 美女站(https://imeizi.me)" - echo " 4) VPS优惠博客(https://vpsgongyi.com)" + echo " 4) 高清壁纸站(https://bing.imeizi.me)" echo " 5) 自定义反代站点(需以http或者https开头)" - read -p " 请选择伪装网站类型[默认:美女站]" answer + read -p " 请选择伪装网站类型[默认:高清壁纸站]" answer if [[ -z "$answer" ]]; then - PROXY_URL="https://imeizi.me" + PROXY_URL="https://bing.imeizi.me" else case $answer in 1) @@ -194,7 +199,7 @@ function getData() PROXY_URL="https://imeizi.me" ;; 4) - PROXY_URL="https://vpsgongyi.com" + PROXY_URL="https://bing.imeizi.me" ;; 5) read -p " 请输入反代站点(以http或者https开头):" PROXY_URL @@ -231,7 +236,7 @@ function getData() colorEcho $BLUE " 允许搜索引擎:$ALLOW_SPIDER" echo "" - read -p " 是否安装BBR(安装请按y,不安装请输n,默认安装):" NEED_BBR + read -p " 是否安装BBR(默认安装)?[y/n]:" NEED_BBR [ -z "$NEED_BBR" ] && NEED_BBR=y [ "$NEED_BBR" = "Y" ] && NEED_BBR=y colorEcho $BLUE " 安装BBR:$NEED_BBR" @@ -240,7 +245,8 @@ function getData() function preinstall() { $PMT clean all - colorEcho $BLUE " 更新系统..." + [[ "$PMT" = "apt" ]] && $PMT update + #colorEcho $BLUE " 更新系统..." #echo $CMD_UPGRADE | bash colorEcho $BLUE " 安装必要软件" @@ -353,7 +359,7 @@ configTrojan() { "cipher_tls13": "TLS_AES_128_GCM_SHA256:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384", "prefer_server_cipher": true, "alpn": [ - "http/1.1" + "http/1.1", "h2" ], "alpn_port_override": { "h2": 81 @@ -391,7 +397,7 @@ EOF getCert() { mkdir -p /usr/local/etc/trojan if [[ -z ${CERT_FILE+x} ]]; then - systemctl stop nginx + stopNginx res=`netstat -ntlp| grep -E ':80 |:443 '` if [[ "${res}" != "" ]]; then colorEcho $RED " 其他进程占用了80或443端口,请先关闭再运行一键脚本" @@ -410,12 +416,22 @@ getCert() { systemctl start cron systemctl enable cron fi - curl -sL https://get.acme.sh | sh + curl -sL https://get.acme.sh | sh -s email=hijk.pw@protonmail.ch source ~/.bashrc - ~/.acme.sh/acme.sh --issue -d $DOMAIN --standalone + ~/.acme.sh/acme.sh --upgrade --auto-upgrade + ~/.acme.sh/acme.sh --set-default-ca --server letsencrypt + if [[ "$BT" = "false" ]]; then + ~/.acme.sh/acme.sh --issue -d $DOMAIN --keylength ec-256 --pre-hook "systemctl stop nginx" --post-hook "systemctl restart nginx" --standalone + else + ~/.acme.sh/acme.sh --issue -d $DOMAIN --keylength ec-256 --pre-hook "nginx -s stop || { echo -n ''; }" --post-hook "nginx -c /www/server/nginx/conf/nginx.conf || { echo -n ''; }" --standalone + fi + [[ -f ~/.acme.sh/${DOMAIN}_ecc/ca.cer ]] || { + colorEcho $RED " 获取证书失败,请复制上面的红色文字到 https://hijk.art 反馈" + exit 1 + } CERT_FILE="/usr/local/etc/trojan/${DOMAIN}.pem" KEY_FILE="/usr/local/etc/trojan/${DOMAIN}.key" - ~/.acme.sh/acme.sh --install-cert -d $DOMAIN \ + ~/.acme.sh/acme.sh --install-cert -d $DOMAIN --ecc \ --key-file $KEY_FILE \ --fullchain-file $CERT_FILE \ --reloadcmd "service nginx force-reload" @@ -434,9 +450,22 @@ function installNginx() colorEcho $BLUE " 安装nginx..." if [[ "$BT" = "false" ]]; then if [[ "$PMT" = "yum" ]]; then - $CMD_INSTALL epel-release + $CMD_INSTALL epel-release + if [[ "$?" != "0" ]]; then + echo '[nginx-stable] +name=nginx stable repo +baseurl=http://nginx.org/packages/centos/$releasever/$basearch/ +gpgcheck=1 +enabled=1 +gpgkey=https://nginx.org/keys/nginx_signing.key +module_hotfixes=true' > /etc/yum.repos.d/nginx.repo + fi fi $CMD_INSTALL nginx + if [[ "$?" != "0" ]]; then + colorEcho $RED " Nginx安装失败,请到 https://hijk.art 反馈" + exit 1 + fi systemctl enable nginx else res=`which nginx 2>/dev/null` @@ -452,6 +481,9 @@ configNginx() { if [[ "$ALLOW_SPIDER" = "n" ]]; then echo 'User-Agent: *' > /usr/share/nginx/html/robots.txt echo 'Disallow: /' >> /usr/share/nginx/html/robots.txt + ROBOT_CONFIG=" location = /robots.txt {}" + else + ROBOT_CONFIG="" fi if [[ "$BT" = "false" ]]; then @@ -508,8 +540,11 @@ EOF server { listen 80; listen [::]:80; + listen 81 http2; server_name ${DOMAIN}; root /usr/share/nginx/html; + + $ROBOT_CONFIG } EOF else @@ -517,6 +552,7 @@ EOF server { listen 80; listen [::]:80; + listen 81 http2; server_name ${DOMAIN}; root /usr/share/nginx/html; location / { @@ -527,8 +563,7 @@ server { sub_filter_once off; } - location = /robots.txt { - } + $ROBOT_CONFIG } EOF fi @@ -613,8 +648,6 @@ function installBBR() if [ "$result" != "" ]; then colorEcho $YELLOW " BBR模块已安装" INSTALL_BBR=false - echo "3" > /proc/sys/net/ipv4/tcp_fastopen - echo "net.ipv4.tcp_fastopen = 3" >> /etc/sysctl.conf return; fi res=`hostnamectl | grep -i openvz` @@ -626,7 +659,6 @@ function installBBR() echo "net.core.default_qdisc=fq" >> /etc/sysctl.conf echo "net.ipv4.tcp_congestion_control=bbr" >> /etc/sysctl.conf - echo "net.ipv4.tcp_fastopen = 3" >> /etc/sysctl.conf sysctl -p result=$(lsmod | grep bbr) if [[ "$result" != "" ]]; then @@ -644,14 +676,12 @@ function installBBR() $CMD_REMOVE kernel-3.* grub2-set-default 0 echo "tcp_bbr" >> /etc/modules-load.d/modules.conf - echo "3" > /proc/sys/net/ipv4/tcp_fastopen INSTALL_BBR=true fi else $CMD_INSTALL --install-recommends linux-generic-hwe-16.04 grub-set-default 0 echo "tcp_bbr" >> /etc/modules-load.d/modules.conf - echo "3" > /proc/sys/net/ipv4/tcp_fastopen INSTALL_BBR=true fi } @@ -675,10 +705,11 @@ function showInfo() echo ============================================ echo -e " ${BLUE}trojan运行状态:${PLAIN}${status}" - echo -e " ${BLUE}trojan配置文件:${PLAIN}${RED}$CONFIG_FILE${PLAIN}" echo "" - echo -e " ${RED}trojan配置信息:${PLAIN} " - echo -e " ${BLUE}IP/域名(address):${PLAIN} ${RED}${domain}${PLAIN}" + echo -e " ${BLUE}trojan配置文件:${PLAIN}${RED}$CONFIG_FILE${PLAIN}" + echo -e " ${BLUE}trojan配置信息:${PLAIN} " + echo -e " ${BLUE}IP/address:${PLAIN} ${RED}$IP${PLAIN}" + echo -e " ${BLUE}域名/SNI/peer名称:${PLAIN} ${RED}${domain}${PLAIN}" echo -e " ${BLUE}端口(port):${PLAIN}${RED}${port}${PLAIN}" echo -e " ${BLUE}密码(password):${PLAIN}${RED}$password${PLAIN}" echo @@ -687,7 +718,7 @@ function showInfo() function bbrReboot() { if [ "${INSTALL_BBR}" == "true" ]; then - echo + echo "" colorEcho $BLUE " 为使BBR模块生效,系统将在30秒后重启" echo echo -e " 您可以按 ctrl + c 取消重启,稍后输入 ${RED}reboot${PLAIN} 重启系统" @@ -791,6 +822,12 @@ showLog() { } function uninstall() { + res=`status` + if [[ $res -lt 2 ]]; then + echo -e "${RED}trojan未安装,请先安装!${PLAIN}" + return + fi + echo "" read -p " 确定卸载trojan?(y/n)" answer [[ -z ${answer} ]] && answer="n" @@ -819,7 +856,7 @@ function uninstall() { fi rm -rf $NGINX_CONF_PATH${domain}.conf ~/.acme.sh/acme.sh --uninstall - echo -e " ${RED}trojan卸载成功${PLAIN}" + colorEcho $GREEN " trojan卸载成功" fi } @@ -837,14 +874,14 @@ menu() { echo -e " ${GREEN}1.${PLAIN} 安装trojan" echo -e " ${GREEN}2.${PLAIN} 更新trojan" - echo -e " ${GREEN}3.${PLAIN} 卸载trojan" + echo -e " ${GREEN}3. ${RED}卸载trojan${PLAIN}" echo " -------------" echo -e " ${GREEN}4.${PLAIN} 启动trojan" echo -e " ${GREEN}5.${PLAIN} 重启trojan" echo -e " ${GREEN}6.${PLAIN} 停止trojan" echo " -------------" echo -e " ${GREEN}7.${PLAIN} 查看trojan配置" - echo -e " ${GREEN}8.${PLAIN} 修改trojan配置" + echo -e " ${GREEN}8. ${RED}修改trojan配置${PLAIN}" echo -e " ${GREEN}9.${PLAIN} 查看trojan日志" echo " -------------" echo -e " ${GREEN}0.${PLAIN} 退出" @@ -894,4 +931,14 @@ menu() { checkSystem -menu +action=$1 +[[ -z $1 ]] && action=menu +case "$action" in + menu|install|update|uninstall|start|restart|stop|showInfo|showLog) + ${action} + ;; + *) + echo " 参数错误" + echo " 用法: `basename $0` [menu|install|update|uninstall|start|restart|stop|showInfo|showLog]" + ;; +esac diff --git a/ubuntu_install_ss.sh b/ubuntu_install_ss.sh index d3b8502b..f6324bca 100644 --- a/ubuntu_install_ss.sh +++ b/ubuntu_install_ss.sh @@ -222,6 +222,7 @@ installSS() { tag_url="${V6_PROXY}https://api.github.com/repos/shadowsocks/shadowsocks-libev/releases/latest" new_ver="$(normalizeVersion "$(curl -s "${tag_url}" --connect-timeout 10| grep 'tag_name' | cut -d\" -f4)")" + export PATH=/usr/local/bin:$PATH res=`which ss-server` if [ "$?" != "0" ]; then installNewVer $new_ver @@ -234,10 +235,6 @@ installSS() { fi fi - - echo "3" > /proc/sys/net/ipv4/tcp_fastopen - echo "net.ipv4.tcp_fastopen = 3" >> /etc/sysctl.conf - interface="0.0.0.0" if [[ "$V6_PROXY" != "" ]]; then interface="::" @@ -299,8 +296,6 @@ installBBR() { if [ "$result" != "" ]; then colorEcho $BLUE " BBR模块已安装" INSTALL_BBR=false - echo "3" > /proc/sys/net/ipv4/tcp_fastopen - echo "net.ipv4.tcp_fastopen = 3" >> /etc/sysctl.conf return; fi @@ -313,7 +308,6 @@ installBBR() { echo "net.core.default_qdisc=fq" >> /etc/sysctl.conf echo "net.ipv4.tcp_congestion_control=bbr" >> /etc/sysctl.conf - echo "net.ipv4.tcp_fastopen = 3" >> /etc/sysctl.conf sysctl -p result=$(lsmod | grep bbr) if [[ "$result" != "" ]]; then @@ -326,7 +320,6 @@ installBBR() { apt install -y --install-recommends linux-generic-hwe-16.04 grub-set-default 0 echo "tcp_bbr" >> /etc/modules-load.d/modules.conf - echo "3" > /proc/sys/net/ipv4/tcp_fastopen INSTALL_BBR=true } diff --git a/ubuntu_install_ssr.sh b/ubuntu_install_ssr.sh index e34f8808..ca65831b 100644 --- a/ubuntu_install_ssr.sh +++ b/ubuntu_install_ssr.sh @@ -354,8 +354,6 @@ installBBR() { if [ "$result" != "" ]; then colorEcho $BLUE " BBR模块已安装" INSTALL_BBR=false - echo "3" > /proc/sys/net/ipv4/tcp_fastopen - echo "net.ipv4.tcp_fastopen = 3" >> /etc/sysctl.conf return fi @@ -368,7 +366,6 @@ installBBR() { echo "net.core.default_qdisc=fq" >> /etc/sysctl.conf echo "net.ipv4.tcp_congestion_control=bbr" >> /etc/sysctl.conf - echo "net.ipv4.tcp_fastopen = 3" >> /etc/sysctl.conf sysctl -p result=$(lsmod | grep bbr) if [[ "$result" != "" ]]; then @@ -381,7 +378,6 @@ installBBR() { apt install -y --install-recommends linux-generic-hwe-16.04 grub-set-default 0 echo "tcp_bbr" >> /etc/modules-load.d/modules.conf - echo "3" > /proc/sys/net/ipv4/tcp_fastopen INSTALL_BBR=false } diff --git a/ubuntu_install_v2ray.sh b/ubuntu_install_v2ray.sh index 568dafc0..014f509d 100644 --- a/ubuntu_install_v2ray.sh +++ b/ubuntu_install_v2ray.sh @@ -144,8 +144,6 @@ installBBR() { if [ "$result" != "" ]; then colorEcho $BLUE " BBR模块已安装" INSTALL_BBR=false - echo "3" > /proc/sys/net/ipv4/tcp_fastopen - echo "net.ipv4.tcp_fastopen = 3" >> /etc/sysctl.conf return; fi @@ -158,7 +156,6 @@ installBBR() { echo "net.core.default_qdisc=fq" >> /etc/sysctl.conf echo "net.ipv4.tcp_congestion_control=bbr" >> /etc/sysctl.conf - echo "net.ipv4.tcp_fastopen = 3" >> /etc/sysctl.conf sysctl -p result=$(lsmod | grep bbr) if [[ "$result" != "" ]]; then @@ -171,7 +168,6 @@ installBBR() { apt install -y --install-recommends linux-generic-hwe-16.04 grub-set-default 0 echo "tcp_bbr" >> /etc/modules-load.d/modules.conf - echo "3" > /proc/sys/net/ipv4/tcp_fastopen INSTALL_BBR=false } diff --git a/ubuntu_install_v2ray2.sh b/ubuntu_install_v2ray2.sh index 1a4349a9..077a6908 100644 --- a/ubuntu_install_v2ray2.sh +++ b/ubuntu_install_v2ray2.sh @@ -14,15 +14,20 @@ PLAIN='\033[0m' SITES=( http://www.zhuizishu.com/ http://xs.56dyc.com/ -http://www.xiaoshuosk.com/ -https://www.quledu.net/ +#http://www.xiaoshuosk.com/ +#https://www.quledu.net/ http://www.ddxsku.com/ http://www.biqu6.com/ https://www.wenshulou.cc/ -http://www.auutea.com/ +#http://www.auutea.com/ http://www.55shuba.com/ http://www.39shubao.com/ https://www.23xsw.cc/ +#https://www.huanbige.com/ +https://www.jueshitangmen.info/ +https://www.zhetian.org/ +http://www.bequgexs.com/ +http://www.tjwl.com/ ) CONFIG_FILE="/etc/v2ray/config.json" @@ -123,7 +128,7 @@ getData() { echo "" while true do - read -p " 请输入伪装路径,以/开头:" WSPATH + read -p " 请输入伪装路径,以/开头(不懂请直接回车):" WSPATH if [[ -z "${WSPATH}" ]]; then len=`shuf -i5-12 -n1` ws=`cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w $len | head -n 1` @@ -153,11 +158,11 @@ getData() { echo " 1) 静态网站(位于/usr/share/nginx/html)" echo " 2) 小说站(随机选择)" echo " 3) 美女站(https://imeizi.me)" - echo " 4) VPS优惠博客(https://vpsgongyi.com)" + echo " 4) 高清壁纸站(https://bing.imeizi.me)" echo " 5) 自定义反代站点(需以http或者https开头)" - read -p " 请选择伪装网站类型[默认:美女站]" answer + read -p " 请选择伪装网站类型[默认:高清壁纸站]" answer if [[ -z "$answer" ]]; then - PROXY_URL="https://imeizi.me" + PROXY_URL="https://bing.imeizi.me" else case $answer in 1) @@ -183,7 +188,7 @@ getData() { PROXY_URL="https://imeizi.me" ;; 4) - PROXY_URL="https://vpsgongyi.com" + PROXY_URL="https://bing.imeizi.me" ;; 5) read -p " 请输入反代站点(以http或者https开头):" PROXY_URL @@ -292,12 +297,18 @@ getCert() { apt install -y socat openssl cron systemctl start cron systemctl enable cron - curl -sL https://get.acme.sh | sh + curl -sL https://get.acme.sh | sh -s email=hijk.pw@protonmail.ch source ~/.bashrc - ~/.acme.sh/acme.sh --issue -d $DOMAIN --standalone + ~/.acme.sh/acme.sh --upgrade --auto-upgrade + ~/.acme.sh/acme.sh --set-default-ca --server letsencrypt + ~/.acme.sh/acme.sh --issue -d $DOMAIN --keylength ec-256 --pre-hook "systemctl stop nginx" --post-hook "systemctl restart nginx" --standalone + [[ -f ~/.acme.sh/${DOMAIN}_ecc/ca.cer ]] || { + colorEcho $RED " 获取证书失败,请复制上面的红色文字到 https://hijk.art 反馈" + exit 1 + } CERT_FILE="/etc/v2ray/${DOMAIN}.pem" KEY_FILE="/etc/v2ray/${DOMAIN}.key" - ~/.acme.sh/acme.sh --install-cert -d $DOMAIN \ + ~/.acme.sh/acme.sh --install-cert -d $DOMAIN --ecc \ --key-file $KEY_FILE \ --fullchain-file $CERT_FILE \ --reloadcmd "service nginx force-reload" @@ -313,6 +324,11 @@ getCert() { installNginx() { apt install -y nginx + res=$(command -v nginx) + if [[ "$res" = "" ]]; then + colorEcho $RED " Nginx安装失败,请到 https://hijk.art 反馈" + exit 1 + fi getCert @@ -368,7 +384,7 @@ http { } EOF - mkdir -p /etc/nginx/conf.d; + mkdir -p /etc/nginx/conf.d cat > /etc/nginx/conf.d/${DOMAIN}.conf<<-EOF server { listen 80; @@ -417,9 +433,7 @@ server { } } EOF - sed -i '/certbot/d' /etc/crontab - certbotpath=`which certbot` - echo "0 3 1 */2 0 root systemctl stop nginx; ${certbotpath} renew; systemctl restart nginx" >> /etc/crontab + systemctl enable nginx && systemctl restart nginx systemctl start v2ray sleep 3 @@ -448,8 +462,6 @@ installBBR() { if [ "$result" != "" ]; then colorEcho $YELLOW " BBR模块已安装" INSTALL_BBR=false - echo "3" > /proc/sys/net/ipv4/tcp_fastopen - echo "net.ipv4.tcp_fastopen = 3" >> /etc/sysctl.conf return; fi @@ -462,7 +474,6 @@ installBBR() { echo "net.core.default_qdisc=fq" >> /etc/sysctl.conf echo "net.ipv4.tcp_congestion_control=bbr" >> /etc/sysctl.conf - echo "net.ipv4.tcp_fastopen = 3" >> /etc/sysctl.conf sysctl -p result=$(lsmod | grep bbr) if [[ "$result" != "" ]]; then @@ -475,7 +486,6 @@ installBBR() { apt install -y --install-recommends linux-generic-hwe-16.04 grub-set-default 0 echo "tcp_bbr" >> /etc/modules-load.d/modules.conf - echo "3" > /proc/sys/net/ipv4/tcp_fastopen INSTALL_BBR=true } @@ -523,7 +533,7 @@ info() { echo -e " ${BLUE}v2ray运行状态:${PLAIN}${v2status}" echo -e " ${BLUE}v2ray配置文件:${PLAIN}${RED}$CONFIG_FILE${PLAIN}" echo -e " ${BLUE}nginx运行状态:${PLAIN}${ngstatus}" - echo -e " ${BLUE}nginx配置文件:${PLAIN}${RED}${confpath}${domain}.conf${PLAIN}" + echo -e " ${BLUE}nginx配置文件:${PLAIN}${RED}/etc/nginx/conf.d/${domain}.conf${PLAIN}" echo "" echo -e " ${RED}v2ray配置信息:${PLAIN} " echo -e " ${BLUE}IP(address):${PLAIN} ${RED}${IP}${PLAIN}" @@ -533,7 +543,7 @@ info() { echo -e " ${BLUE}加密方式(security):${PLAIN} ${RED}$security${PLAIN}" echo -e " ${BLUE}传输协议(network):${PLAIN} ${RED}${network}${PLAIN}" echo -e " ${BLUE}伪装类型(type):${PLAIN}${RED}none${PLAIN}" - echo -e " ${BLUE}伪装域名/主机名(host):${PLAIN}${RED}${domain}${PLAIN}" + echo -e " ${BLUE}伪装域名/主机名(host)/SNI/peer名称:${PLAIN}${RED}${domain}${PLAIN}" echo -e " ${BLUE}路径(path):${PLAIN}${RED}${path}${PLAIN}" echo -e " ${BLUE}底层安全传输(tls):${PLAIN}${RED}TLS${PLAIN}" echo diff --git a/v2ray.sh b/v2ray.sh index 43acd624..384ae6d5 100644 --- a/v2ray.sh +++ b/v2ray.sh @@ -1,5 +1,5 @@ #!/bin/bash -# MTProto一键安装脚本 +# v2ray一键安装脚本 # Author: hijk @@ -14,15 +14,20 @@ PLAIN='\033[0m' SITES=( http://www.zhuizishu.com/ http://xs.56dyc.com/ -http://www.xiaoshuosk.com/ -https://www.quledu.net/ +#http://www.xiaoshuosk.com/ +#https://www.quledu.net/ http://www.ddxsku.com/ http://www.biqu6.com/ https://www.wenshulou.cc/ -http://www.auutea.com/ +#http://www.auutea.com/ http://www.55shuba.com/ http://www.39shubao.com/ https://www.23xsw.cc/ +https://www.huanbige.com/ +https://www.jueshitangmen.info/ +https://www.zhetian.org/ +http://www.bequgexs.com/ +http://www.tjwl.com/ ) CONFIG_FILE="/etc/v2ray/config.json" @@ -113,7 +118,7 @@ status() { return fi port=`grep port $CONFIG_FILE| head -n 1| cut -d: -f2| tr -d \",' '` - res=`ss -ntlp| grep ${port} | grep -i v2ray` + res=`ss -nutlp| grep ${port} | grep -i v2ray` if [[ -z "$res" ]]; then echo 2 return @@ -122,7 +127,7 @@ status() { if [[ `configNeedNginx` != "yes" ]]; then echo 3 else - res=`ss -ntlp|grep -i nginx` + res=`ss -nutlp|grep -i nginx` if [[ -z "$res" ]]; then echo 4 else @@ -173,7 +178,7 @@ getVersion() { RETVAL=$? CUR_VER="$(normalizeVersion "$(echo "$VER" | head -n 1 | cut -d " " -f2)")" TAG_URL="${V6_PROXY}https://api.github.com/repos/v2fly/v2ray-core/releases/latest" - NEW_VER="$(normalizeVersion "$(curl -s "${TAG_URL}" --connect-timeout 10| grep 'tag_name' | cut -d\" -f4)")" + NEW_VER="$(normalizeVersion "$(curl -s "${TAG_URL}" --connect-timeout 10| tr ',' '\n' | grep 'tag_name' | cut -d\" -f4)")" if [[ "$XTLS" = "true" ]]; then NEW_VER=v4.32.1 fi @@ -197,11 +202,14 @@ archAffix(){ x86_64|amd64) echo '64' ;; - *armv7*|armv6l) - echo 'arm' + *armv7*) + echo 'arm32-v7a' + ;; + armv6*) + echo 'arm32-v6a' ;; *armv8*|aarch64) - echo 'arm64' + echo 'arm64-v8a' ;; *mips64le*) echo 'mips64le' @@ -308,7 +316,7 @@ getData() { echo " 4) 微信视频通话" echo " 5) dtls" echo " 6) wiregard" - read -p " 请选择伪装类型[默认:无]" answer + read -p " 请选择伪装类型[默认:无]:" answer case $answer in 2) HEADER_TYPE="utp" @@ -345,7 +353,8 @@ getData() { colorEcho $BLUE " 请选择流控模式:" echo -e " 1) xtls-rprx-direct [$RED推荐$PLAIN]" echo " 2) xtls-rprx-origin" - read -p " 请选择流控模式[默认:origin]" answer + read -p " 请选择流控模式[默认:direct]" answer + [[ -z "$answer" ]] && answer=1 case $answer in 1) FLOW="xtls-rprx-direct" @@ -354,8 +363,8 @@ getData() { FLOW="xtls-rprx-origin" ;; *) - colorEcho $RED " 无效选项,使用默认的xtls-rprx-origin" - FLOW="xtls-rprx-origin" + colorEcho $RED " 无效选项,使用默认的xtls-rprx-direct" + FLOW="xtls-rprx-direct" ;; esac colorEcho $BLUE " 流控模式:$FLOW" @@ -365,7 +374,7 @@ getData() { echo "" while true do - read -p " 请输入伪装路径,以/开头:" WSPATH + read -p " 请输入伪装路径,以/开头(不懂请直接回车):" WSPATH if [[ -z "${WSPATH}" ]]; then len=`shuf -i5-12 -n1` ws=`cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w $len | head -n 1` @@ -388,11 +397,11 @@ getData() { echo " 1) 静态网站(位于/usr/share/nginx/html)" echo " 2) 小说站(随机选择)" echo " 3) 美女站(https://imeizi.me)" - echo " 4) VPS优惠博客(https://vpsgongyi.com)" + echo " 4) 高清壁纸站(https://bing.imeizi.me)" echo " 5) 自定义反代站点(需以http或者https开头)" - read -p " 请选择伪装网站类型[默认:美女站]" answer + read -p " 请选择伪装网站类型[默认:高清壁纸站]" answer if [[ -z "$answer" ]]; then - PROXY_URL="https://imeizi.me" + PROXY_URL="https://bing.imeizi.me" else case $answer in 1) @@ -418,7 +427,7 @@ getData() { PROXY_URL="https://imeizi.me" ;; 4) - PROXY_URL="https://vpsgongyi.com" + PROXY_URL="https://bing.imeizi.me" ;; 5) read -p " 请输入反代站点(以http或者https开头):" PROXY_URL @@ -465,9 +474,22 @@ installNginx() { colorEcho $BLUE " 安装nginx..." if [[ "$BT" = "false" ]]; then if [[ "$PMT" = "yum" ]]; then - $CMD_INSTALL epel-release + $CMD_INSTALL epel-release + if [[ "$?" != "0" ]]; then + echo '[nginx-stable] +name=nginx stable repo +baseurl=http://nginx.org/packages/centos/$releasever/$basearch/ +gpgcheck=1 +enabled=1 +gpgkey=https://nginx.org/keys/nginx_signing.key +module_hotfixes=true' > /etc/yum.repos.d/nginx.repo + fi fi $CMD_INSTALL nginx + if [[ "$?" != "0" ]]; then + colorEcho $RED " Nginx安装失败,请到 https://hijk.art 反馈" + exit 1 + fi systemctl enable nginx else res=`which nginx 2>/dev/null` @@ -500,7 +522,6 @@ stopNginx() { getCert() { mkdir -p /etc/v2ray if [[ -z ${CERT_FILE+x} ]]; then - systemctl stop v2ray stopNginx sleep 2 res=`netstat -ntlp| grep -E ':80 |:443 '` @@ -521,12 +542,22 @@ getCert() { systemctl start cron systemctl enable cron fi - curl -sL https://get.acme.sh | sh + curl -sL https://get.acme.sh | sh -s email=hijk.pw@protonmail.ch source ~/.bashrc - ~/.acme.sh/acme.sh --issue -d $DOMAIN --standalone + ~/.acme.sh/acme.sh --upgrade --auto-upgrade + ~/.acme.sh/acme.sh --set-default-ca --server letsencrypt + if [[ "$BT" = "false" ]]; then + ~/.acme.sh/acme.sh --issue -d $DOMAIN --keylength ec-256 --pre-hook "systemctl stop nginx" --post-hook "systemctl restart nginx" --standalone + else + ~/.acme.sh/acme.sh --issue -d $DOMAIN --keylength ec-256 --pre-hook "nginx -s stop || { echo -n ''; }" --post-hook "nginx -c /www/server/nginx/conf/nginx.conf || { echo -n ''; }" --standalone + fi + [[ -f ~/.acme.sh/${DOMAIN}_ecc/ca.cer ]] || { + colorEcho $RED " 获取证书失败,请复制上面的红色文字到 https://hijk.art 反馈" + exit 1 + } CERT_FILE="/etc/v2ray/${DOMAIN}.pem" KEY_FILE="/etc/v2ray/${DOMAIN}.key" - ~/.acme.sh/acme.sh --install-cert -d $DOMAIN \ + ~/.acme.sh/acme.sh --install-cert -d $DOMAIN --ecc \ --key-file $KEY_FILE \ --fullchain-file $CERT_FILE \ --reloadcmd "service nginx force-reload" @@ -545,6 +576,9 @@ configNginx() { if [[ "$ALLOW_SPIDER" = "n" ]]; then echo 'User-Agent: *' > /usr/share/nginx/html/robots.txt echo 'Disallow: /' >> /usr/share/nginx/html/robots.txt + ROBOT_CONFIG=" location = /robots.txt {}" + else + ROBOT_CONFIG="" fi if [[ "$BT" = "false" ]]; then @@ -640,8 +674,7 @@ server { location / { $action } - location = /robots.txt { - } + $ROBOT_CONFIG location ${WSPATH} { proxy_redirect off; @@ -664,13 +697,13 @@ EOF server { listen 80; listen [::]:80; + listen 81 http2; server_name ${DOMAIN}; root /usr/share/nginx/html; location / { $action } - location = /robots.txt { - } + $ROBOT_CONFIG } EOF fi @@ -693,6 +726,7 @@ setFirewall() { firewall-cmd --permanent --add-service=https if [[ "$PORT" != "443" ]]; then firewall-cmd --permanent --add-port=${PORT}/tcp + firewall-cmd --permanent --add-port=${PORT}/udp fi firewall-cmd --reload else @@ -702,6 +736,7 @@ setFirewall() { iptables -I INPUT -p tcp --dport 443 -j ACCEPT if [[ "$PORT" != "443" ]]; then iptables -I INPUT -p tcp --dport ${PORT} -j ACCEPT + iptables -I INPUT -p udp --dport ${PORT} -j ACCEPT fi fi fi @@ -714,6 +749,7 @@ setFirewall() { iptables -I INPUT -p tcp --dport 443 -j ACCEPT if [[ "$PORT" != "443" ]]; then iptables -I INPUT -p tcp --dport ${PORT} -j ACCEPT + iptables -I INPUT -p udp --dport ${PORT} -j ACCEPT fi fi else @@ -725,6 +761,7 @@ setFirewall() { ufw allow https/tcp if [[ "$PORT" != "443" ]]; then ufw allow ${PORT}/tcp + ufw allow ${PORT}/udp fi fi fi @@ -741,8 +778,6 @@ installBBR() { if [[ "$result" != "" ]]; then colorEcho $BLUE " BBR模块已安装" INSTALL_BBR=false - echo "3" > /proc/sys/net/ipv4/tcp_fastopen - echo "net.ipv4.tcp_fastopen = 3" >> /etc/sysctl.conf return fi res=`hostnamectl | grep -i openvz` @@ -754,7 +789,6 @@ installBBR() { echo "net.core.default_qdisc=fq" >> /etc/sysctl.conf echo "net.ipv4.tcp_congestion_control=bbr" >> /etc/sysctl.conf - echo "net.ipv4.tcp_fastopen = 3" >> /etc/sysctl.conf sysctl -p result=$(lsmod | grep bbr) if [[ "$result" != "" ]]; then @@ -772,14 +806,12 @@ installBBR() { $CMD_REMOVE kernel-3.* grub2-set-default 0 echo "tcp_bbr" >> /etc/modules-load.d/modules.conf - echo "3" > /proc/sys/net/ipv4/tcp_fastopen INSTALL_BBR=true fi else $CMD_INSTALL --install-recommends linux-generic-hwe-16.04 grub-set-default 0 echo "tcp_bbr" >> /etc/modules-load.d/modules.conf - echo "3" > /proc/sys/net/ipv4/tcp_fastopen INSTALL_BBR=true fi } @@ -840,6 +872,16 @@ trojanConfig() { { "password": "$PASSWORD" } + ], + "fallbacks": [ + { + "alpn": "http/1.1", + "dest": 80 + }, + { + "alpn": "h2", + "dest": 81 + } ] }, "streamSettings": { @@ -847,6 +889,7 @@ trojanConfig() { "security": "tls", "tlsSettings": { "serverName": "$DOMAIN", + "alpn": ["http/1.1", "h2"], "certificates": [ { "certificateFile": "$CERT_FILE", @@ -863,16 +906,7 @@ trojanConfig() { "protocol": "blackhole", "settings": {}, "tag": "blocked" - }], - "routing": { - "rules": [ - { - "type": "field", - "ip": ["geoip:private"], - "outboundTag": "blocked" - } - ] - } + }] } EOF } @@ -889,6 +923,16 @@ trojanXTLSConfig() { "password": "$PASSWORD", "flow": "$FLOW" } + ], + "fallbacks": [ + { + "alpn": "http/1.1", + "dest": 80 + }, + { + "alpn": "h2", + "dest": 81 + } ] }, "streamSettings": { @@ -896,9 +940,7 @@ trojanXTLSConfig() { "security": "xtls", "xtlsSettings": { "serverName": "$DOMAIN", - "alpn": [ - "http/1.1" - ], + "alpn": ["http/1.1", "h2"], "certificates": [ { "certificateFile": "$CERT_FILE", @@ -915,16 +957,7 @@ trojanXTLSConfig() { "protocol": "blackhole", "settings": {}, "tag": "blocked" - }], - "routing": { - "rules": [ - { - "type": "field", - "ip": ["geoip:private"], - "outboundTag": "blocked" - } - ] - } + }] } EOF } @@ -954,16 +987,7 @@ vmessConfig() { "protocol": "blackhole", "settings": {}, "tag": "blocked" - }], - "routing": { - "rules": [ - { - "type": "field", - "ip": ["geoip:private"], - "outboundTag": "blocked" - } - ] - } + }] } EOF } @@ -1005,16 +1029,7 @@ vmessKCPConfig() { "protocol": "blackhole", "settings": {}, "tag": "blocked" - }], - "routing": { - "rules": [ - { - "type": "field", - "ip": ["geoip:private"], - "outboundTag": "blocked" - } - ] - } + }] } EOF } @@ -1041,6 +1056,7 @@ vmessTLSConfig() { "security": "tls", "tlsSettings": { "serverName": "$DOMAIN", + "alpn": ["http/1.1", "h2"], "certificates": [ { "certificateFile": "$CERT_FILE", @@ -1057,16 +1073,7 @@ vmessTLSConfig() { "protocol": "blackhole", "settings": {}, "tag": "blocked" - }], - "routing": { - "rules": [ - { - "type": "field", - "ip": ["geoip:private"], - "outboundTag": "blocked" - } - ] - } + }] } EOF } @@ -1106,16 +1113,7 @@ vmessWSConfig() { "protocol": "blackhole", "settings": {}, "tag": "blocked" - }], - "routing": { - "rules": [ - { - "type": "field", - "ip": ["geoip:private"], - "outboundTag": "blocked" - } - ] - } + }] } EOF } @@ -1137,7 +1135,12 @@ vlessTLSConfig() { "decryption": "none", "fallbacks": [ { + "alpn": "http/1.1", "dest": 80 + }, + { + "alpn": "h2", + "dest": 81 } ] }, @@ -1146,9 +1149,7 @@ vlessTLSConfig() { "security": "tls", "tlsSettings": { "serverName": "$DOMAIN", - "alpn": [ - "http/1.1" - ], + "alpn": ["http/1.1", "h2"], "certificates": [ { "certificateFile": "$CERT_FILE", @@ -1165,16 +1166,7 @@ vlessTLSConfig() { "protocol": "blackhole", "settings": {}, "tag": "blocked" - }], - "routing": { - "rules": [ - { - "type": "field", - "ip": ["geoip:private"], - "outboundTag": "blocked" - } - ] - } + }] } EOF } @@ -1197,7 +1189,12 @@ vlessXTLSConfig() { "decryption": "none", "fallbacks": [ { + "alpn": "http/1.1", "dest": 80 + }, + { + "alpn": "h2", + "dest": 81 } ] }, @@ -1206,9 +1203,7 @@ vlessXTLSConfig() { "security": "xtls", "xtlsSettings": { "serverName": "$DOMAIN", - "alpn": [ - "http/1.1" - ], + "alpn": ["http/1.1", "h2"], "certificates": [ { "certificateFile": "$CERT_FILE", @@ -1225,16 +1220,7 @@ vlessXTLSConfig() { "protocol": "blackhole", "settings": {}, "tag": "blocked" - }], - "routing": { - "rules": [ - { - "type": "field", - "ip": ["geoip:private"], - "outboundTag": "blocked" - } - ] - } + }] } EOF } @@ -1274,16 +1260,7 @@ vlessWSConfig() { "protocol": "blackhole", "settings": {}, "tag": "blocked" - }], - "routing": { - "rules": [ - { - "type": "field", - "ip": ["geoip:private"], - "outboundTag": "blocked" - } - ] - } + }] } EOF } @@ -1326,16 +1303,7 @@ vlessKCPConfig() { "protocol": "blackhole", "settings": {}, "tag": "blocked" - }], - "routing": { - "rules": [ - { - "type": "field", - "ip": ["geoip:private"], - "outboundTag": "blocked" - } - ] - } + }] } EOF } @@ -1392,6 +1360,7 @@ install() { getData $PMT clean all + [[ "$PMT" = "apt" ]] && $PMT update #echo $CMD_UPGRADE | bash $CMD_INSTALL wget vim unzip tar gcc openssl $CMD_INSTALL net-tools @@ -1469,6 +1438,12 @@ update() { } uninstall() { + res=`status` + if [[ $res -lt 2 ]]; then + colorEcho $RED " V2ray未安装,请先安装!" + return + fi + echo "" read -p " 确定卸载V2ray?[y/n]:" answer if [[ "${answer,,}" = "y" ]]; then @@ -1513,7 +1488,7 @@ start() { systemctl restart v2ray sleep 2 port=`grep port $CONFIG_FILE| head -n 1| cut -d: -f2| tr -d \",' '` - res=`ss -ntlp| grep ${port} | grep -i v2ray` + res=`ss -nutlp| grep ${port} | grep -i v2ray` if [[ "$res" = "" ]]; then colorEcho $RED " v2ray启动失败,请检查日志或查看端口是否被占用!" else @@ -1676,7 +1651,7 @@ outputVmessTLS() { echo -e " ${BLUE}额外id(alterid):${PLAIN} ${RED}${alterid}${PLAIN}" echo -e " ${BLUE}加密方式(security):${PLAIN} ${RED}none${PLAIN}" echo -e " ${BLUE}传输协议(network):${PLAIN} ${RED}${network}${PLAIN}" - echo -e " ${BLUE}伪装域名/主机名(host):${PLAIN}${RED}${domain}${PLAIN}" + echo -e " ${BLUE}伪装域名/主机名(host)/SNI/peer名称:${PLAIN}${RED}${domain}${PLAIN}" echo -e " ${BLUE}底层安全传输(tls):${PLAIN}${RED}TLS${PLAIN}" echo echo -e " ${BLUE}vmess链接: ${PLAIN}$RED$link$PLAIN" @@ -1706,7 +1681,7 @@ outputVmessWS() { echo -e " ${BLUE}加密方式(security):${PLAIN} ${RED}none${PLAIN}" echo -e " ${BLUE}传输协议(network):${PLAIN} ${RED}${network}${PLAIN}" echo -e " ${BLUE}伪装类型(type):${PLAIN}${RED}none$PLAIN" - echo -e " ${BLUE}伪装域名/主机名(host):${PLAIN}${RED}${domain}${PLAIN}" + echo -e " ${BLUE}伪装域名/主机名(host)/SNI/peer名称:${PLAIN}${RED}${domain}${PLAIN}" echo -e " ${BLUE}路径(path):${PLAIN}${RED}${wspath}${PLAIN}" echo -e " ${BLUE}底层安全传输(tls):${PLAIN}${RED}TLS${PLAIN}" echo @@ -1720,9 +1695,10 @@ showInfo() { return fi - echo + echo "" echo -n -e " ${BLUE}V2ray运行状态:${PLAIN}" statusText + echo -e " ${BLUE}V2ray配置文件: ${PLAIN} ${RED}${CONFIG_FILE}${PLAIN}" colorEcho $BLUE " V2ray配置信息:" getConfigFileInfo @@ -1763,7 +1739,7 @@ showInfo() { echo -e " ${BLUE}加密(encryption):${PLAIN} ${RED}none${PLAIN}" echo -e " ${BLUE}传输协议(network):${PLAIN} ${RED}${network}${PLAIN}" echo -e " ${BLUE}伪装类型(type):${PLAIN}${RED}none$PLAIN" - echo -e " ${BLUE}伪装域名/主机名(host):${PLAIN}${RED}${domain}${PLAIN}" + echo -e " ${BLUE}伪装域名/主机名(host)/SNI/peer名称:${PLAIN}${RED}${domain}${PLAIN}" echo -e " ${BLUE}底层安全传输(tls):${PLAIN}${RED}XTLS${PLAIN}" elif [[ "$ws" = "false" ]]; then echo -e " ${BLUE}IP(address): ${PLAIN}${RED}${IP}${PLAIN}" @@ -1773,7 +1749,7 @@ showInfo() { echo -e " ${BLUE}加密(encryption):${PLAIN} ${RED}none${PLAIN}" echo -e " ${BLUE}传输协议(network):${PLAIN} ${RED}${network}${PLAIN}" echo -e " ${BLUE}伪装类型(type):${PLAIN}${RED}none$PLAIN" - echo -e " ${BLUE}伪装域名/主机名(host):${PLAIN}${RED}${domain}${PLAIN}" + echo -e " ${BLUE}伪装域名/主机名(host)/SNI/peer名称:${PLAIN}${RED}${domain}${PLAIN}" echo -e " ${BLUE}底层安全传输(tls):${PLAIN}${RED}TLS${PLAIN}" else echo -e " ${BLUE}IP(address): ${PLAIN} ${RED}${IP}${PLAIN}" @@ -1783,7 +1759,7 @@ showInfo() { echo -e " ${BLUE}加密(encryption):${PLAIN} ${RED}none${PLAIN}" echo -e " ${BLUE}传输协议(network):${PLAIN} ${RED}${network}${PLAIN}" echo -e " ${BLUE}伪装类型(type):${PLAIN}${RED}none$PLAIN" - echo -e " ${BLUE}伪装域名/主机名(host):${PLAIN}${RED}${domain}${PLAIN}" + echo -e " ${BLUE}伪装域名/主机名(host)/SNI/peer名称:${PLAIN}${RED}${domain}${PLAIN}" echo -e " ${BLUE}路径(path):${PLAIN}${RED}${wspath}${PLAIN}" echo -e " ${BLUE}底层安全传输(tls):${PLAIN}${RED}TLS${PLAIN}" fi @@ -1823,7 +1799,7 @@ menu() { echo -e " ${GREEN}10.${PLAIN} 安装${BLUE}trojan+XTLS${PLAIN}${RED}(推荐)${PLAIN}" echo " -------------" echo -e " ${GREEN}11.${PLAIN} 更新V2ray" - echo -e " ${GREEN}12.${PLAIN} 卸载V2ray" + echo -e " ${GREEN}12. ${RED}卸载V2ray${PLAIN}" echo " -------------" echo -e " ${GREEN}13.${PLAIN} 启动V2ray" echo -e " ${GREEN}14.${PLAIN} 重启V2ray" @@ -1921,4 +1897,14 @@ menu() { checkSystem -menu +action=$1 +[[ -z $1 ]] && action=menu +case "$action" in + menu|update|uninstall|start|restart|stop|showInfo|showLog) + ${action} + ;; + *) + echo " 参数错误" + echo " 用法: `basename $0` [menu|update|uninstall|start|restart|stop|showInfo|showLog]" + ;; +esac diff --git a/wordpress.sh b/wordpress.sh index ae7bd09f..4ae700e1 100644 --- a/wordpress.sh +++ b/wordpress.sh @@ -1,5 +1,5 @@ #!/bin/bash -# v2ray centos7/8 WordPress一键安装脚本 +# v2ray/xray WordPress一键安装脚本 # Author: hijk RED="\033[31m" # Error message @@ -13,97 +13,209 @@ colorEcho() { } V2_CONFIG_FILE="/etc/v2ray/config.json" +X_CONFIG_FILE="/usr/local/etc/xray/config.json" + +BT="false" +NGINX_CONF_PATH="/etc/nginx/conf.d/" +res=$(command -v bt) +if [[ "$res" != "" ]]; then + BT="true" + NGINX_CONF_PATH="/www/server/panel/vhost/nginx/" +fi + +VMESS="true" +WS="false" +TLS="false" checkSystem() { - result=$(id | awk '{print $1}') - if [ $result != "uid=0(root)" ]; then + uid=$(id -u) + if [[ $uid -ne 0 ]]; then colorEcho $RED " 请以root身份执行该脚本" exit 1 fi - if [ ! -f /etc/centos-release ];then - res=`which yum` - if [ "$?" != "0" ]; then - colorEcho $RED " 系统不是CentOS" + res=$(command -v yum) + if [[ "$res" = "" ]]; then + res=$(command -v apt) + if [[ "$res" = "" ]]; then + colorEcho $RED " 不受支持的Linux系统" exit 1 - fi + fi + PMT="apt" + CMD_INSTALL="apt install -y " + CMD_REMOVE="apt remove -y " + CMD_UPGRADE="apt update; apt upgrade -y; apt autoremove -y" + PHP_SERVICE="php7.4-fpm" else - result=`cat /etc/centos-release|grep -oE "[0-9.]+"` + PMT="yum" + CMD_INSTALL="yum install -y " + CMD_REMOVE="yum remove -y " + CMD_UPGRADE="yum update -y" + PHP_SERVICE="php-fpm" + result=`grep -oE "[0-9.]+" /etc/centos-release` MAIN=${result%%.*} - if [ $MAIN -lt 7 ]; then - colorEcho $RED " 不受支持的CentOS版本" - exit 1 - fi + fi + res=$(command -v systemctl) + if [[ "$res" = "" ]]; then + colorEcho $RED " 系统版本过低,请升级到最新版本" + exit 1 fi } -slogon() { - clear - echo "#############################################################" - echo -e "# ${RED}CentOS 7/8 WordPress一键安装脚本${PLAIN} #" - echo -e "# ${GREEN}作者${PLAIN}: 网络跳越(hijk) #" - echo -e "# ${GREEN}网址${PLAIN}: https://hijk.art #" - echo -e "# ${GREEN}论坛${PLAIN}: https://hijk.club #" - echo -e "# ${GREEN}TG群${PLAIN}: https://t.me/hijkclub #" - echo -e "# ${GREEN}Youtube频道${PLAIN}: https://youtube.com/channel/UCYTB--VsObzepVJtc9yvUxQ #" - echo "#############################################################" - echo "" +configNeedNginx() { + local ws=`grep wsSettings $V2_CONFIG_FILE` + if [[ -z "$ws" ]]; then + echo no + return + fi + echo yes } checkV2() { - colorEcho $YELLOW " 该脚本仅适用于 https://hijk.art 网站的v2ray带伪装一键脚本 安装wordpress用!" - read -p " 退出请按n,按其他键继续:" answer - [ "$answer" = "n" ] && exit 0 + if [[ ! -f $V2_CONFIG_FILE ]]; then + if [[ ! -f $X_CONFIG_FILE ]]; then + colorEcho $RED " 未安装V2ray/Xray" + exit 1 + fi + SERVICE=xray + V2_CONFIG_FILE=$X_CONFIG_FILE + else + SERVICE=v2ray + fi - if [ ! -f $V2_CONFIG_FILE ]; then - colorEcho $RED " 未安装v2ray" - exit 1 + res=`grep -i trojan $V2_CONFIG_FILE` + [[ "$res" != "" ]] && { + res=`grep -i fallbacks $V2_CONFIG_FILE` + [[ "$res" != "" ]] || { + colorEcho $RED " 检测到旧版trojan配置文件,请使用最新版一键脚本安装trojan后再运行此脚本" + exit 1 + } + } + + res=`grep vmess $V2_CONFIG_FILE` + [[ "$res" != "" ]] || { + VMESS="false" + V2PORT=`grep port $V2_CONFIG_FILE | cut -d: -f2 | tr -d \",' '` + } + + res=`grep -i wsSettings $V2_CONFIG_FILE` + [[ "$res" != "" ]] && { + WS="true" + TLS="true" + DOMAIN=`grep Host $V2_CONFIG_FILE | cut -d: -f2 | tr -d \",' '` + [[ "$1" = "install" ]] && colorEcho $BLUE " 伪装域名:$DOMAIN" + NGINX_CONFIG_FILE="$NGINX_CONF_PATH${DOMAIN}.conf" + [[ -f $NGINX_CONFIG_FILE ]] || { + colorEcho $RED " 未找到域名的nginx配置文件" + exit 1 + } + V2PORT=`grep port $V2_CONFIG_FILE | cut -d: -f2 | tr -d \",' '` + WSPATH=`grep path $V2_CONFIG_FILE | cut -d: -f2 | tr -d \",' '` + NGINX_PORT=`grep -i ssl $NGINX_CONFIG_FILE | grep listen | head -n1 | awk '{print $2}'` + [[ "$1" = "install" ]] && colorEcho $BLUE " Nginx端口:$NGINX_PORT" + CERT_FILE=`grep ssl_certificate $NGINX_CONFIG_FILE | grep -v _key` + KEY_FILE=`grep ssl_certificate_key $NGINX_CONFIG_FILE` + } + + res=`grep -i tlsSettings $V2_CONFIG_FILE` + [[ "$res" != "" ]] && { + TLS="true" + PORT=`grep port $V2_CONFIG_FILE | cut -d: -f2 | tr -d \",' '` + DOMAIN=`grep serverName $V2_CONFIG_FILE | cut -d: -f2 | tr -d \",' '` + [[ "$DOMAIN" = "" ]] && DOMAIN=`grep Host $V2_CONFIG_FILE | cut -d: -f2 | tr -d \",' '` + [[ "$1" = "install" ]] && colorEcho $BLUE " 伪装域名:$DOMAIN" + [[ "$1" = "install" ]] && colorEcho $BLUE " V2ray/Xray监听端口:$PORT" + NGINX_CONFIG_FILE="$NGINX_CONF_PATH${DOMAIN}.conf" + } + + if [[ "$TLS" = "false" ]]; then + case "$1" in + install) + colorEcho $RED " 您未使用伪装域名安装V2ray/Xray" + read -p " 请输入您的域名:" DOMAIN + [[ -z "$DOMAIN" ]] && DOMAIN=$(curl -sL ip.sb) + ;; + info) + if [[ -z ${DBNAME+x} ]]; then + colorEcho $RED " 您未使用伪装域名安装V2ray/Xray,无法检测配置,请到 /var/www 目录下自行查看配置信息" + exit 1 + fi + ;; + uninstall) + colorEcho $RED " 您未使用伪装域名安装V2ray/Xray,无法检测配置,请到 /var/www 目录下自行删除网站文件" + colorEcho $GREEN " 卸载成功!" + exit 1 + ;; + *) + esac fi - DOMAIN=`grep Host $V2_CONFIG_FILE | cut -d: -f2 | tr -d \",' '` - if [ "$DOMAIN" = "" ]; then - colorEcho $RED " 未检测到配置了ws协议的v2ray" - exit 1 +} + +statusText() { + res=$(command -v nginx) + if [[ "$res" = "" ]]; then + echo -e -n ${RED}Nginx未安装${PLAIN} + else + res=`ps aux | grep nginx | grep -v grep` + [[ "$res" = "" ]] && echo -e -n ${RED}Nginx未运行${PLAIN} || echo -e -n ${GREEN}Nginx正在运行${PLAIN} fi - NGINX_CONFIG_FILE="/etc/nginx/conf.d/${DOMAIN}.conf" - if [ ! -f $NGINX_CONFIG_FILE ]; then - colorEcho $RED " 未找到域名的nginx配置文件" - exit 1 + echo -n ", " + res=$(command -v php) + if [[ "$res" = "" ]]; then + echo -e -n ${RED}PHP未安装${PLAIN} + else + res=`ps aux | grep php | grep -v grep` + [[ "$res" = "" ]] && echo -e -n ${RED}PHP未运行${PLAIN} || echo -e -n ${GREEN}PHP正在运行${PLAIN} + fi + echo -n ", " + res=$(command -v mysql) + if [[ "$res" = "" ]]; then + echo -e -n ${RED}Mysql未安装${PLAIN} + else + res=`ps aux | grep mysql | grep -v grep` + [[ "$res" = "" ]] && echo -e -n ${RED}Mysql未运行${PLAIN} || echo -e -n ${GREEN}Mysql正在运行${PLAIN} fi - V2PORT=`grep port $V2_CONFIG_FILE | cut -d: -f2 | tr -d \",' '` - WSPATH=`grep path $V2_CONFIG_FILE | cut -d: -f2 | tr -d \",' '` - PORT=`grep -i ssl $NGINX_CONFIG_FILE | grep listen | head -n1 | awk '{print $2}'` - CERT_FILE=`grep ssl_certificate $NGINX_CONFIG_FILE | grep -v _key` - KEY_FILE=`grep ssl_certificate_key $NGINX_CONFIG_FILE` } installPHP() { - yum install -y epel-release - if [ $MAIN -eq 7 ]; then - rpm -iUh https://rpms.remirepo.net/enterprise/remi-release-7.rpm - sed -i '0,/enabled=0/{s/enabled=0/enabled=1/}' /etc/yum.repos.d/remi-php74.repo + [[ "$PMT" = "apt" ]] && $PMT update + $CMD_INSTALL curl wget ca-certificates + if [[ "$PMT" = "yum" ]]; then + $CMD_INSTALL epel-release + if [[ $MAIN -eq 7 ]]; then + rpm -iUh https://rpms.remirepo.net/enterprise/remi-release-7.rpm + sed -i '0,/enabled=0/{s/enabled=0/enabled=1/}' /etc/yum.repos.d/remi-php74.repo + else + dnf install https://rpms.remirepo.net/enterprise/remi-release-8.rpm + sed -i '0,/enabled=0/{s/enabled=0/enabled=1/}' /etc/yum.repos.d/remi.repo + dnf module install -y php:remi-7.4 + fi + $CMD_INSTALL php-cli php-fpm php-bcmath php-gd php-mbstring php-mysqlnd php-pdo php-opcache php-xml php-pecl-zip php-pecl-imagick else - rpm -iUh https://rpms.remirepo.net/enterprise/remi-release-8.rpm - sed -i '0,/enabled=0/{s/enabled=0/enabled=1/}' /etc/yum.repos.d/remi.repo - dnf module install -y php:remi-7.4 + $CMD_INSTALL lsb-release gnupg2 + wget -q https://packages.sury.org/php/apt.gpg -O- | apt-key add - + echo "deb https://packages.sury.org/php/ $(lsb_release -sc) main" | tee /etc/apt/sources.list.d/php7.list + $PMT update + $CMD_INSTALL php7.4-cli php7.4-fpm php7.4-bcmath php7.4-gd php7.4-mbstring php7.4-mysql php7.4-opcache php7.4-xml php7.4-zip php7.4-json php7.4-imagick + update-alternatives --set php /usr/bin/php7.4 fi - yum install -y php-cli php-fpm php-bcmath php-gd php-mbstring php-mysqlnd php-pdo php-opcache php-xml php-pecl-zip - systemctl enable php-fpm.service + systemctl enable $PHP_SERVICE } installMysql() { - yum remove -y MariaDB-server - rm -rf /var/lib/mysql - if [ ! -f /etc/yum.repos.d/mariadb.repo ]; then - if [ $MAIN -eq 7 ]; then - echo '# MariaDB 10.5 CentOS repository list - created 2019-11-23 15:00 UTC + if [[ "$PMT" = "yum" ]]; then + yum remove -y MariaDB-server + if [ ! -f /etc/yum.repos.d/mariadb.repo ]; then + if [ $MAIN -eq 7 ]; then + echo '# MariaDB 10.5 CentOS repository list - created 2019-11-23 15:00 UTC # http://downloads.mariadb.org/mariadb/repositories/ [mariadb] name = MariaDB baseurl = http://yum.mariadb.org/10.5/centos7-amd64 gpgkey=https://yum.mariadb.org/RPM-GPG-KEY-MariaDB gpgcheck=1' >> /etc/yum.repos.d/mariadb.repo - else - echo '# MariaDB 10.5 CentOS repository list - created 2020-03-11 16:29 UTC + else + echo '# MariaDB 10.5 CentOS repository list - created 2020-03-11 16:29 UTC # http://downloads.mariadb.org/mariadb/repositories/ [mariadb] name = MariaDB @@ -111,17 +223,20 @@ baseurl = http://yum.mariadb.org/10.5/centos8-amd64 module_hotfixes=1 gpgkey=https://yum.mariadb.org/RPM-GPG-KEY-MariaDB gpgcheck=1' >> /etc/yum.repos.d/mariadb.repo - fi + fi + fi + yum install -y MariaDB-server + else + $PMT update + $CMD_INSTALL mariadb-server fi - yum install -y MariaDB-server systemctl enable mariadb.service } installWordPress() { - yum install -y wget - mkdir -p /var/www; + mkdir -p /var/www wget https://cn.wordpress.org/latest-zh_CN.tar.gz - if [ ! -f latest-zh_CN.tar.gz ]; then + if [[ ! -f latest-zh_CN.tar.gz ]]; then colorEcho $RED " 下载WordPress失败,请稍后重试" exit 1 fi @@ -160,29 +275,36 @@ EOF } s/put your unique phrase here/salt()/ge ' wp-config.php - chown -R apache:apache /var/www/${DOMAIN} - - # config nginx - if [ $MAIN -eq 7 ]; then - upstream="127.0.0.1:9000" + if [[ "$PMT" = "yum" ]]; then + user="apache" + # config nginx + [[ $MAIN -eq 7 ]] && upstream="127.0.0.1:9000" || upstream="php-fpm" else - upstream="php-fpm" + user="www-data" + upstream="unix:/run/php/php7.4-fpm.sock" fi + chown -R $user:$user /var/www/${DOMAIN} - cat > $NGINX_CONFIG_FILE<<-EOF + configNginx +} + +configNginx() { + if [[ "$WS" = "true" ]]; then + cat > $NGINX_CONFIG_FILE<<-EOF server { listen 80; + listen [::]:80; server_name ${DOMAIN}; - return 301 https://\$server_name:${PORT}\$request_uri; + return 301 https://\$server_name:${NGINX_PORT}\$request_uri; } server { - listen ${PORT} ssl http2; + listen ${NGINX_PORT} ssl http2; server_name ${DOMAIN}; charset utf-8; # ssl配置 - ssl_protocols TLSv1.1 TLSv1.2; + ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3; ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4; ssl_ecdh_curve secp384r1; ssl_prefer_server_ciphers on; @@ -226,33 +348,238 @@ server { } } EOF + return 0 + fi - # restart service - systemctl restart php-fpm mariadb nginx + if [[ "$TLS" = "false" ]] || [[ "$TLS" = "true" && "$VMESS" = "true" ]]; then + cat > $NGINX_CONFIG_FILE<<-EOF +server { + listen 80; + listen [::]:80; + server_name ${DOMAIN}; + + charset utf-8; + + set \$host_path "/var/www/${DOMAIN}"; + access_log /var/log/nginx/${DOMAIN}.access.log main buffer=32k flush=30s; + error_log /var/log/nginx/${DOMAIN}.error.log; + root \$host_path; + location / { + index index.php; + try_files \$uri \$uri/ /index.php?\$args; + } + location ~ \.php\$ { + try_files \$uri =404; + fastcgi_index index.php; + fastcgi_pass $upstream; + include fastcgi_params; + fastcgi_param SCRIPT_FILENAME \$document_root\$fastcgi_script_name; + } + + location ~ \.(js|css|png|jpg|jpeg|gif|ico|swf|webp|pdf|txt|doc|docx|xls|xlsx|ppt|pptx|mov|fla|zip|rar)\$ { + expires max; + access_log off; + try_files \$uri =404; + } +} +EOF + return 0 + fi + + res=`grep -E 'dest.*8080' $V2_CONFIG_FILE` + [[ "$res" = "" ]] && sed -i 's/"dest": 80/"dest": 8080/' $V2_CONFIG_FILE + # VLESS + cat > $NGINX_CONFIG_FILE<<-EOF +server { + listen 80; + listen [::]:80; + server_name ${DOMAIN}; + return 301 https://\$server_name:${PORT}\$request_uri; +} + +server { + listen 8080; + listen 81 http2; + server_name ${DOMAIN}; + charset utf-8; + + set \$host_path "/var/www/${DOMAIN}"; + access_log /var/log/nginx/${DOMAIN}.access.log main buffer=32k flush=30s; + error_log /var/log/nginx/${DOMAIN}.error.log; + root \$host_path; + location / { + index index.php; + try_files \$uri \$uri/ /index.php?\$args; + } + location ~ \.php\$ { + try_files \$uri =404; + fastcgi_index index.php; + fastcgi_pass $upstream; + include fastcgi_params; + fastcgi_param SCRIPT_FILENAME \$document_root\$fastcgi_script_name; + fastcgi_param SERVER_PORT ${PORT}; + fastcgi_param HTTPS "on"; + } + + location ~ \.(js|css|png|jpg|jpeg|gif|ico|swf|webp|pdf|txt|doc|docx|xls|xlsx|ppt|pptx|mov|fla|zip|rar)\$ { + expires max; + access_log off; + try_files \$uri =404; + } +} +EOF } -info() { +install() { + checkV2 "install" + installPHP + installMysql + installWordPress colorEcho $BLUE " WordPress安装成功!" + + config + # restart service + systemctl restart $PHP_SERVICE mariadb nginx $SERVICE + sleep 2 + statusText + echo "" + + showInfo +} + +uninstall() { + echo "" + colorEcho $RED " 该操作会删除所有WordPress文件,清空数据库!" + read -p " 确认卸载WordPress?[y/n]" answer + [[ "$answer" != "y" && "$answer" != "Y" ]] && exit 0 + + systemctl stop mariadb + systemctl disable mariadb + if [[ "$PMT" = "yum" ]]; then + $CMD_REMOVE MariaDB-server + else + $CMD_REMOVE mariadb-* + fi + rm -rf /var/lib/mysql + + systemctl stop $PHP_SERVICE + systemctl disable $PHP_SERVICE + + checkV2 "uninstall" + [[ "$DOMAIN" != "" ]] && rm -rf /var/www/${DOMAIN} + + colorEcho $GREEN " 卸载成功!" +} + +showInfo() { + checkV2 "info" + + # VMESS/VLESS+WS+TLS + if [[ "$WS" = "true" ]]; then + if [[ "$NGINX_PORT" = "443" ]]; then + url="https://$DOMAIN" + else + url="https://$DOMAIN:$PORT" + fi + # pure VMESS/VLESS [+kcp] + elif [[ "$TLS" = "false" ]]; then + url="http://$DOMAIN" + else + # VMESS+TCP+TLS + if [[ "$VMESS" = "true" ]]; then + url="http://$DOMAIN" + else + # trojan/VLESS+TLS + if [[ "$V2PORT" = "443" ]]; then + url="https://$DOMAIN" + else + url="https://$DOMAIN:$V2PORT" + fi + fi + fi + + if [[ -z ${DBNAME+x} ]]; then + wpconfig="/var/www/${DOMAIN}/wp-config.php" + DBUSER=`grep DB_USER $wpconfig | cut -d, -f2 | cut -d\) -f1 | tr -d \",\'' '` + DBNAME=`grep DB_NAME $wpconfig | cut -d, -f2 | cut -d\) -f1 | tr -d \",\'' '` + DBPASS=`grep DB_PASSWORD $wpconfig | cut -d, -f2 | cut -d\) -f1 | tr -d \",\'' '` + fi + colorEcho $BLUE " WordPress配置信息:" echo "===============================" echo -e " ${BLUE}WordPress安装路径:${PLAIN}${RED}/var/www/${DOMAIN}${PLAIN}" echo -e " ${BLUE}WordPress数据库:${PLAIN}${RED}${DBNAME}${PLAIN}" echo -e " ${BLUE}WordPress数据库用户名:${PLAIN}${RED}${DBUSER}${PLAIN}" echo -e " ${BLUE}WordPress数据库密码:${PLAIN}${RED}${DBPASS}${PLAIN}" - echo -e " ${BLUE}博客访问地址:${PLAIN}${RED}https://${DOMAIN}${PLAIN}" + echo -e " ${BLUE}WordPress网址:${PLAIN}${RED}$url${PLAIN}" echo "===============================" } -main() { - slogon - checkSystem - checkV2 - installPHP - installMysql - installWordPress +help() { + echo "" + colorEcho $BLUE " Nginx操作:" + colorEcho $GREEN " 启动: systemctl start nginx" + colorEcho $GREEN " 停止:systemctl stop nginx" + colorEcho $GREEN " 重启:systemctl restart nginx" + echo " -------------" + colorEcho $BLUE " PHP操作:" + colorEcho $GREEN " 启动: systemctl start $PHP_SERVICE" + colorEcho $GREEN " 停止:systemctl stop $PHP_SERVICE" + colorEcho $GREEN " 重启:systemctl restart $PHP_SERVICE" + echo " -------------" + colorEcho $BLUE " Mysql操作:" + colorEcho $GREEN " 启动: systemctl start mariadb" + colorEcho $GREEN " 停止:systemctl stop mariadb" + colorEcho $GREEN " 重启:systemctl restart mariadb" +} - config +menu() { + clear + echo "#############################################################" + echo -e "# ${RED}WordPress一键安装脚本${PLAIN} #" + echo -e "# ${GREEN}作者${PLAIN}: 网络跳越(hijk) #" + echo -e "# ${GREEN}网址${PLAIN}: https://hijk.art #" + echo -e "# ${GREEN}论坛${PLAIN}: https://hijk.club #" + echo -e "# ${GREEN}TG群${PLAIN}: https://t.me/hijkclub #" + echo -e "# ${GREEN}Youtube频道${PLAIN}: https://youtube.com/channel/UCYTB--VsObzepVJtc9yvUxQ #" + echo "#############################################################" + echo + colorEcho $YELLOW " 该脚本仅适用于 https://hijk.art 网站上的V2ray/Xray一键脚本安装wordpress用!" + echo + echo -e " ${GREEN}1.${PLAIN} 安装WordPress" + echo -e " ${GREEN}2.${PLAIN} 卸载WordPress" + echo -e " ${GREEN}3.${PLAIN} 查看WordPress配置" + echo -e " ${GREEN}4.${PLAIN} 查看操作帮助" + echo " -------------" + echo -e " ${GREEN}0.${PLAIN} 退出" + echo -n " 当前状态:" + statusText + echo - info + echo "" + read -p " 请选择操作[0-17]:" answer + case $answer in + 0) + exit 0 + ;; + 1) + install + ;; + 2) + uninstall + ;; + 3) + showInfo + ;; + 4) + help + ;; + *) + colorEcho $RED " 请选择正确的操作!" + exit 1 + ;; + esac } -main +checkSystem + +menu diff --git a/wordpress_trojan-go.sh b/wordpress_trojan-go.sh index 9371cc48..76492533 100644 --- a/wordpress_trojan-go.sh +++ b/wordpress_trojan-go.sh @@ -1,5 +1,5 @@ #!/bin/bash -# centos7/8 trojan-go WordPress一键安装脚本 +# trojan-go WordPress一键安装脚本 # Author: hijk @@ -11,104 +11,161 @@ PLAIN='\033[0m' CONFIG_FILE="/etc/trojan-go/config.json" +BT="false" +NGINX_CONF_PATH="/etc/nginx/conf.d/" +res=$(command -v bt) +if [[ "$res" != "" ]]; then + BT="true" + NGINX_CONF_PATH="/www/server/panel/vhost/nginx/" +fi + colorEcho() { echo -e "${1}${@:2}${PLAIN}" } checkSystem() { - result=$(id | awk '{print $1}') - if [[ $result != "uid=0(root)" ]]; then + uid=$(id -u) + if [[ $uid -ne 0 ]]; then colorEcho $RED " 请以root身份执行该脚本" exit 1 fi - if [[ ! -f /etc/centos-release ]];then - res=`which yum` - if [[ "$?" != "0" ]]; then - colorEcho $RED " 系统不是CentOS" + res=$(command -v yum) + if [[ "$res" = "" ]]; then + res=$(command -v apt) + if [[ "$res" = "" ]]; then + colorEcho $RED " 不受支持的Linux系统" exit 1 - fi + fi + PMT="apt" + CMD_INSTALL="apt install -y " + CMD_REMOVE="apt remove -y " + CMD_UPGRADE="apt update; apt upgrade -y; apt autoremove -y" + PHP_SERVICE="php7.4-fpm" else + PMT="yum" + CMD_INSTALL="yum install -y " + CMD_REMOVE="yum remove -y " + CMD_UPGRADE="yum update -y" + PHP_SERVICE="php-fpm" result=`grep -oE "[0-9.]+" /etc/centos-release` MAIN=${result%%.*} - if [[ $MAIN -lt 7 ]]; then - colorEcho $RED " 不受支持的CentOS版本" - exit 1 - fi fi -} - -slogon() { - clear - echo "#############################################################" - echo -e "# ${RED}CentOS 7/8 WordPress一键安装脚本${PLAIN} #" - echo -e "# ${GREEN}作者${PLAIN}: 网络跳越(hijk) #" - echo -e "# ${GREEN}网址${PLAIN}: https://hijk.art #" - echo -e "# ${GREEN}论坛${PLAIN}: https://hijk.club #" - echo -e "# ${GREEN}TG群${PLAIN}: https://t.me/hijkclub #" - echo -e "# ${GREEN}Youtube频道${PLAIN}: https://youtube.com/channel/UCYTB--VsObzepVJtc9yvUxQ #" - echo "#############################################################" - echo "" + res=$(command -v systemctl) + if [[ "$res" = "" ]]; then + colorEcho $RED " 系统版本过低,请升级到最新版本" + exit 1 + fi } checkTrojan() { - colorEcho $YELLOW " 该脚本仅适用于 https://hijk.art 网站的 trojan-go 一键脚本安装wordpress用!" - read -p " 退出请按n,按其他键继续:" answer - [[ "$answer" = "n" ]] && exit 0 - if [[ ! -f ${CONFIG_FILE} ]]; then colorEcho $RED " 未安装trojan-go" exit 1 fi DOMAIN=`grep sni $CONFIG_FILE | cut -d\" -f4` - if [[ ! -f /etc/nginx/conf.d/${DOMAIN}.conf ]]; then + NGINX_CONFIG_FILE="$NGINX_CONF_PATH${DOMAIN}.conf" + if [[ ! -f $NGINX_CONFIG_FILE ]]; then colorEcho $RED " 未找到域名的nginx配置文件" exit 1 fi PORT=`grep local_port $CONFIG_FILE | cut -d: -f2 | tr -d \",' '` + [[ "$1" = "install" ]] && colorEcho $BLUE " 伪装域名:$DOMAIN" + [[ "$1" = "install" ]] && colorEcho $BLUE " trojan-go监听端口:$PORT" +} + +statusText() { + res=$(command -v nginx) + if [[ "$res" = "" ]]; then + echo -e -n ${RED}Nginx未安装${PLAIN} + else + res=`ps aux | grep nginx | grep -v grep` + [[ "$res" = "" ]] && echo -e -n ${RED}Nginx未运行${PLAIN} || echo -e -n ${GREEN}Nginx正在运行${PLAIN} + fi + echo -n ", " + res=$(command -v php) + if [[ "$res" = "" ]]; then + echo -e -n ${RED}PHP未安装${PLAIN} + else + res=`ps aux | grep php | grep -v grep` + [[ "$res" = "" ]] && echo -e -n ${RED}PHP未运行${PLAIN} || echo -e -n ${GREEN}PHP正在运行${PLAIN} + fi + echo -n ", " + res=$(command -v mysql) + if [[ "$res" = "" ]]; then + echo -e -n ${RED}Mysql未安装${PLAIN} + else + res=`ps aux | grep mysql | grep -v grep` + [[ "$res" = "" ]] && echo -e -n ${RED}Mysql未运行${PLAIN} || echo -e -n ${GREEN}Mysql正在运行${PLAIN} + fi } installPHP() { - rpm -iUh https://rpms.remirepo.net/enterprise/remi-release-${MAIN}.rpm - if [[ $MAIN -eq 7 ]]; then - sed -i '0,/enabled=0/{s/enabled=0/enabled=1/}' /etc/yum.repos.d/remi-php74.repo + [[ "$PMT" = "apt" ]] && $PMT update + $CMD_INSTALL curl wget ca-certificates + if [[ "$PMT" = "yum" ]]; then + $CMD_INSTALL epel-release + if [[ $MAIN -eq 7 ]]; then + rpm -iUh https://rpms.remirepo.net/enterprise/remi-release-7.rpm + sed -i '0,/enabled=0/{s/enabled=0/enabled=1/}' /etc/yum.repos.d/remi-php74.repo + else + dnf install https://rpms.remirepo.net/enterprise/remi-release-8.rpm + sed -i '0,/enabled=0/{s/enabled=0/enabled=1/}' /etc/yum.repos.d/remi.repo + dnf module install -y php:remi-7.4 + fi + $CMD_INSTALL php-cli php-fpm php-bcmath php-gd php-mbstring php-mysqlnd php-pdo php-opcache php-xml php-pecl-zip php-pecl-imagick else - sed -i '0,/enabled=0/{s/enabled=0/enabled=1/}' /etc/yum.repos.d/remi.repo - dnf module install -y php:remi-7.4 + $CMD_INSTALL lsb-release gnupg2 + wget -q https://packages.sury.org/php/apt.gpg -O- | apt-key add - + echo "deb https://packages.sury.org/php/ $(lsb_release -sc) main" | tee /etc/apt/sources.list.d/php7.list + $PMT update + $CMD_INSTALL php7.4-cli php7.4-fpm php7.4-bcmath php7.4-gd php7.4-mbstring php7.4-mysql php7.4-opcache php7.4-xml php7.4-zip php7.4-json php7.4-imagick + update-alternatives --set php /usr/bin/php7.4 fi - yum install -y php-cli php-fpm php-bcmath php-gd php-mbstring php-mysqlnd php-pdo php-opcache php-xml php-pecl-zip - systemctl enable php-fpm.service + systemctl enable $PHP_SERVICE } installMysql() { - echo "# MariaDB 10.5 CentOS repository list + if [[ "$PMT" = "yum" ]]; then + yum remove -y MariaDB-server + if [ ! -f /etc/yum.repos.d/mariadb.repo ]; then + if [ $MAIN -eq 7 ]; then + echo '# MariaDB 10.5 CentOS repository list - created 2019-11-23 15:00 UTC +# http://downloads.mariadb.org/mariadb/repositories/ +[mariadb] +name = MariaDB +baseurl = http://yum.mariadb.org/10.5/centos7-amd64 +gpgkey=https://yum.mariadb.org/RPM-GPG-KEY-MariaDB +gpgcheck=1' >> /etc/yum.repos.d/mariadb.repo + else + echo '# MariaDB 10.5 CentOS repository list - created 2020-03-11 16:29 UTC # http://downloads.mariadb.org/mariadb/repositories/ [mariadb] name = MariaDB -baseurl = http://yum.mariadb.org/10.5/centos${MAIN}-amd64 +baseurl = http://yum.mariadb.org/10.5/centos8-amd64 +module_hotfixes=1 gpgkey=https://yum.mariadb.org/RPM-GPG-KEY-MariaDB -gpgcheck=1" > /etc/yum.repos.d/mariadb.repo - if [[ $MAIN -eq 8 ]]; then - echo "module_hotfixes=1" >> /etc/yum.repos.d/mariadb.repo +gpgcheck=1' >> /etc/yum.repos.d/mariadb.repo + fi + fi + yum install -y MariaDB-server + else + $PMT update + $CMD_INSTALL mariadb-server fi - - yum remove -y MariaDB-server - rm -rf /var/lib/mysql - yum install -y MariaDB-server systemctl enable mariadb.service } installWordPress() { - yum install -y wget - mkdir -p /var/www; + mkdir -p /var/www wget https://cn.wordpress.org/latest-zh_CN.tar.gz if [[ ! -f latest-zh_CN.tar.gz ]]; then colorEcho $RED " 下载WordPress失败,请稍后重试" exit 1 fi tar -zxf latest-zh_CN.tar.gz - rm -rf /var/www/${DOMAIN} - mv wordpress /var/www/${DOMAIN} + rm -rf /var/www/$DOMAIN + mv wordpress /var/www/$DOMAIN rm -rf latest-zh_CN.tar.gz } @@ -126,17 +183,6 @@ GRANT ALL PRIVILEGES ON ${DBNAME}.* to ${DBUSER}@'%'; FLUSH PRIVILEGES; EOF - #config php - sed -i 's/expose_php = On/expose_php = Off/' /etc/php.ini - line=`cat -n /etc/php.ini | grep 'date.timezone' | tail -n1 | awk '{print $1}'` - sed -i "${line}a date.timezone = Asia/Shanghai" /etc/php.ini - sed -i 's/;opcache.revalidate_freq=2/opcache.revalidate_freq=30/' /etc/php.d/10-opcache.ini - if [[ $MAIN -eq 7 ]]; then - sed -i 's/listen = 127.0.0.1:9000/listen = \/run\/php-fpm\/www.sock/' /etc/php-fpm.d/www.conf - fi - line=`cat -n /etc/php-fpm.d/www.conf | grep 'listen.mode' | tail -n1 | awk '{print $1}'` - sed -i "${line}a listen.mode=0666" /etc/php-fpm.d/www.conf - # config wordpress cd /var/www/$DOMAIN cp wp-config-sample.php wp-config.php @@ -154,12 +200,21 @@ EOF s/put your unique phrase here/salt()/ge ' wp-config.php - chown -R apache:apache /var/www/$DOMAIN + if [[ "$PMT" = "yum" ]]; then + user="apache" + # config nginx + [[ $MAIN -eq 7 ]] && upstream="127.0.0.1:9000" || upstream="php-fpm" + else + user="www-data" + upstream="unix:/run/php/php7.4-fpm.sock" + fi + chown -R $user:$user /var/www/${DOMAIN} # config nginx - cat > /etc/nginx/conf.d/${DOMAIN}.conf<<-EOF + cat > $NGINX_CONFIG_FILE<<-EOF server { listen 80; + listen [::]:80; server_name ${DOMAIN}; return 301 https://\$server_name:${PORT}\$request_uri; } @@ -180,7 +235,7 @@ server { location ~ \.php\$ { try_files \$uri =404; fastcgi_index index.php; - fastcgi_pass unix:/run/php-fpm/www.sock; + fastcgi_pass $upstream; include fastcgi_params; fastcgi_param SCRIPT_FILENAME \$document_root\$fastcgi_script_name; fastcgi_param SERVER_PORT ${PORT}; @@ -201,31 +256,141 @@ EOF sed -i -e "s/fallback_port\":\s*[0-9]*/fallback_port\": 8080/" $CONFIG_FILE # restart service - systemctl restart php-fpm mariadb nginx trojan-go + systemctl restart $PHP_SERVICE mariadb nginx trojan-go } -info() { +install() { + checkTrojan "install" + installPHP + installMysql + installWordPress colorEcho $BLUE " WordPress安装成功!" + + config + # restart service + systemctl restart $PHP_SERVICE mariadb nginx + + sleep 2 + statusText + echo "" + + showInfo +} + +uninstall() { + echo "" + colorEcho $RED " 该操作会删除所有WordPress文件,清空数据库!" + read -p " 确认卸载WordPress?[y/n]" answer + [[ "$answer" != "y" && "$answer" != "Y" ]] && exit 0 + + checkTrojan + systemctl stop mariadb + systemctl disable mariadb + if [[ "$PMT" = "yum" ]]; then + $CMD_REMOVE MariaDB-server + else + apt-get purge -y mariadb-* + fi + rm -rf /var/lib/mysql + + systemctl stop $PHP_SERVICE + systemctl disable $PHP_SERVICE + + rm -rf /var/www/${DOMAIN} + + colorEcho $GREEN " 卸载成功!" +} + +showInfo() { + checkTrojan + + if [[ -z ${DBNAME+x} ]]; then + wpconfig="/var/www/${DOMAIN}/wp-config.php" + DBUSER=`grep DB_USER $wpconfig | cut -d, -f2 | cut -d\) -f1 | tr -d \",\'' '` + DBNAME=`grep DB_NAME $wpconfig | cut -d, -f2 | cut -d\) -f1 | tr -d \",\'' '` + DBPASS=`grep DB_PASSWORD $wpconfig | cut -d, -f2 | cut -d\) -f1 | tr -d \",\'' '` + fi + if [[ "$PORT" = "443" ]]; then + url="https://$DOMAIN" + else + url="https://$DOMAIN:$PORT" + fi + colorEcho $BLUE " WordPress配置信息:" echo "===============================" echo -e " ${BLUE}WordPress安装路径:${PLAIN}${RED}/var/www/${DOMAIN}${PLAIN}" echo -e " ${BLUE}WordPress数据库:${PLAIN}${RED}${DBNAME}${PLAIN}" echo -e " ${BLUE}WordPress数据库用户名:${PLAIN}${RED}${DBUSER}${PLAIN}" echo -e " ${BLUE}WordPress数据库密码:${PLAIN}${RED}${DBPASS}${PLAIN}" - echo -e " ${BLUE}博客访问地址:${PLAIN}${RED}https://${DOMAIN}:${PORT}${PLAIN}" + echo -e " ${BLUE}WordPress网址:${PLAIN}${RED}$url${PLAIN}" echo "===============================" } -main() { - slogon - checkSystem - checkTrojan - installPHP - installMysql - installWordPress +help() { + echo "" + colorEcho $BLUE " Nginx操作:" + colorEcho $GREEN " 启动: systemctl start nginx" + colorEcho $GREEN " 停止:systemctl stop nginx" + colorEcho $GREEN " 重启:systemctl restart nginx" + echo " -------------" + colorEcho $BLUE " PHP操作:" + colorEcho $GREEN " 启动: systemctl start $PHP_SERVICE" + colorEcho $GREEN " 停止:systemctl stop $PHP_SERVICE" + colorEcho $GREEN " 重启:systemctl restart $PHP_SERVICE" + echo " -------------" + colorEcho $BLUE " Mysql操作:" + colorEcho $GREEN " 启动: systemctl start mariadb" + colorEcho $GREEN " 停止:systemctl stop mariadb" + colorEcho $GREEN " 重启:systemctl restart mariadb" +} - config +menu() { + clear + echo "#############################################################" + echo -e "# ${RED}WordPress一键安装脚本${PLAIN} #" + echo -e "# ${GREEN}作者${PLAIN}: 网络跳越(hijk) #" + echo -e "# ${GREEN}网址${PLAIN}: https://hijk.art #" + echo -e "# ${GREEN}论坛${PLAIN}: https://hijk.club #" + echo -e "# ${GREEN}TG群${PLAIN}: https://t.me/hijkclub #" + echo -e "# ${GREEN}Youtube频道${PLAIN}: https://youtube.com/channel/UCYTB--VsObzepVJtc9yvUxQ #" + echo "#############################################################" + echo + colorEcho $YELLOW " 该脚本仅适用于 https://hijk.art 网站上的trojan-go一键脚本安装wordpress用!" + echo + echo -e " ${GREEN}1.${PLAIN} 安装WordPress" + echo -e " ${GREEN}2.${PLAIN} 卸载WordPress" + echo -e " ${GREEN}3.${PLAIN} 查看WordPress配置" + echo -e " ${GREEN}4.${PLAIN} 查看操作帮助" + echo " -------------" + echo -e " ${GREEN}0.${PLAIN} 退出" + echo -n " 当前状态:" + statusText + echo - info + echo "" + read -p " 请选择操作[0-17]:" answer + case $answer in + 0) + exit 0 + ;; + 1) + install + ;; + 2) + uninstall + ;; + 3) + showInfo + ;; + 4) + help + ;; + *) + colorEcho $RED " 请选择正确的操作!" + exit 1 + ;; + esac } -main +checkSystem + +menu diff --git a/wordpress_trojan.sh b/wordpress_trojan.sh index 018ba84b..22fe5950 100644 --- a/wordpress_trojan.sh +++ b/wordpress_trojan.sh @@ -1,5 +1,5 @@ #!/bin/bash -# centos7/8 trojan WordPress一键安装脚本 +# trojan WordPress一键安装脚本 # Author: hijk @@ -11,104 +11,161 @@ PLAIN='\033[0m' CONFIG_FILE=/usr/local/etc/trojan/config.json +BT="false" +NGINX_CONF_PATH="/etc/nginx/conf.d/" +res=$(command -v bt) +if [[ "$res" != "" ]]; then + BT="true" + NGINX_CONF_PATH="/www/server/panel/vhost/nginx/" +fi + colorEcho() { echo -e "${1}${@:2}${PLAIN}" } checkSystem() { - result=$(id | awk '{print $1}') - if [ $result != "uid=0(root)" ]; then + uid=$(id -u) + if [[ $uid -ne 0 ]]; then colorEcho $RED " 请以root身份执行该脚本" exit 1 fi - if [ ! -f /etc/centos-release ];then - res=`which yum` - if [ "$?" != "0" ]; then - colorEcho $RED " 系统不是CentOS" + res=$(command -v yum) + if [[ "$res" = "" ]]; then + res=$(command -v apt) + if [[ "$res" = "" ]]; then + colorEcho $RED " 不受支持的Linux系统" exit 1 - fi + fi + PMT="apt" + CMD_INSTALL="apt install -y " + CMD_REMOVE="apt remove -y " + CMD_UPGRADE="apt update; apt upgrade -y; apt autoremove -y" + PHP_SERVICE="php7.4-fpm" else - result=`cat /etc/centos-release|grep -oE "[0-9.]+"` + PMT="yum" + CMD_INSTALL="yum install -y " + CMD_REMOVE="yum remove -y " + CMD_UPGRADE="yum update -y" + PHP_SERVICE="php-fpm" + result=`grep -oE "[0-9.]+" /etc/centos-release` MAIN=${result%%.*} - if [ $MAIN -lt 7 ]; then - colorEcho $RED " 不受支持的CentOS版本" - exit 1 - fi fi -} - -slogon() { - clear - echo "#############################################################" - echo -e "# ${RED}CentOS 7/8 WordPress一键安装脚本${PLAIN} #" - echo -e "# ${GREEN}作者${PLAIN}: 网络跳越(hijk) #" - echo -e "# ${GREEN}网址${PLAIN}: https://hijk.art #" - echo -e "# ${GREEN}论坛${PLAIN}: https://hijk.club #" - echo -e "# ${GREEN}TG群${PLAIN}: https://t.me/hijkclub #" - echo -e "# ${GREEN}Youtube频道${PLAIN}: https://youtube.com/channel/UCYTB--VsObzepVJtc9yvUxQ #" - echo "#############################################################" - echo "" + res=$(command -v systemctl) + if [[ "$res" = "" ]]; then + colorEcho $RED " 系统版本过低,请升级到最新版本" + exit 1 + fi } checkTrojan() { - colorEcho $YELLOW " 该脚本仅适用于 https://hijk.art 网站的trojan一键脚本 安装wordpress用!" - read -p " 退出请按n,按其他键继续:" answer - [ "$answer" = "n" ] && exit 0 - if [ ! -f ${CONFIG_FILE} ]; then colorEcho $RED " 未安装trojan" exit 1 fi - DOMAIN=`grep -m1 cert $CONFIG_FILE | awk 'BEGIN { FS = "/" } ; { print $5 }'` - if [ ! -f /etc/nginx/conf.d/${DOMAIN}.conf ]; then + DOMAIN=`grep sni $CONFIG_FILE | cut -d: -f2 | tr -d \",' '` + NGINX_CONFIG_FILE="$NGINX_CONF_PATH${DOMAIN}.conf" + if [[ ! -f $NGINX_CONFIG_FILE ]]; then colorEcho $RED " 未找到域名的nginx配置文件" exit 1 fi PORT=`grep local_port $CONFIG_FILE | cut -d: -f2 | tr -d \",' '` + [[ "$1" = "install" ]] && colorEcho $BLUE " 伪装域名:$DOMAIN" + [[ "$1" = "install" ]] && colorEcho $BLUE " trojan监听端口:$PORT" +} + +statusText() { + res=$(command -v nginx) + if [[ "$res" = "" ]]; then + echo -e -n ${RED}Nginx未安装${PLAIN} + else + res=`ps aux | grep nginx | grep -v grep` + [[ "$res" = "" ]] && echo -e -n ${RED}Nginx未运行${PLAIN} || echo -e -n ${GREEN}Nginx正在运行${PLAIN} + fi + echo -n ", " + res=$(command -v php) + if [[ "$res" = "" ]]; then + echo -e -n ${RED}PHP未安装${PLAIN} + else + res=`ps aux | grep php | grep -v grep` + [[ "$res" = "" ]] && echo -e -n ${RED}PHP未运行${PLAIN} || echo -e -n ${GREEN}PHP正在运行${PLAIN} + fi + echo -n ", " + res=$(command -v mysql) + if [[ "$res" = "" ]]; then + echo -e -n ${RED}Mysql未安装${PLAIN} + else + res=`ps aux | grep mysql | grep -v grep` + [[ "$res" = "" ]] && echo -e -n ${RED}Mysql未运行${PLAIN} || echo -e -n ${GREEN}Mysql正在运行${PLAIN} + fi } installPHP() { - rpm -iUh https://rpms.remirepo.net/enterprise/remi-release-${MAIN}.rpm - if [ $MAIN -eq 7 ]; then - sed -i '0,/enabled=0/{s/enabled=0/enabled=1/}' /etc/yum.repos.d/remi-php74.repo + [[ "$PMT" = "apt" ]] && $PMT update + $CMD_INSTALL curl wget ca-certificates + if [[ "$PMT" = "yum" ]]; then + $CMD_INSTALL epel-release + if [[ $MAIN -eq 7 ]]; then + rpm -iUh https://rpms.remirepo.net/enterprise/remi-release-7.rpm + sed -i '0,/enabled=0/{s/enabled=0/enabled=1/}' /etc/yum.repos.d/remi-php74.repo + else + dnf install https://rpms.remirepo.net/enterprise/remi-release-8.rpm + sed -i '0,/enabled=0/{s/enabled=0/enabled=1/}' /etc/yum.repos.d/remi.repo + dnf module install -y php:remi-7.4 + fi + $CMD_INSTALL php-cli php-fpm php-bcmath php-gd php-mbstring php-mysqlnd php-pdo php-opcache php-xml php-pecl-zip php-pecl-imagick else - sed -i '0,/enabled=0/{s/enabled=0/enabled=1/}' /etc/yum.repos.d/remi.repo - dnf module install -y php:remi-7.4 + $CMD_INSTALL lsb-release gnupg2 + wget -q https://packages.sury.org/php/apt.gpg -O- | apt-key add - + echo "deb https://packages.sury.org/php/ $(lsb_release -sc) main" | tee /etc/apt/sources.list.d/php7.list + $PMT update + $CMD_INSTALL php7.4-cli php7.4-fpm php7.4-bcmath php7.4-gd php7.4-mbstring php7.4-mysql php7.4-opcache php7.4-xml php7.4-zip php7.4-json php7.4-imagick + update-alternatives --set php /usr/bin/php7.4 fi - yum install -y php-cli php-fpm php-bcmath php-gd php-mbstring php-mysqlnd php-pdo php-opcache php-xml php-pecl-zip - systemctl enable php-fpm.service + systemctl enable $PHP_SERVICE } installMysql() { - echo "# MariaDB 10.5 CentOS repository list + if [[ "$PMT" = "yum" ]]; then + yum remove -y MariaDB-server + if [ ! -f /etc/yum.repos.d/mariadb.repo ]; then + if [ $MAIN -eq 7 ]; then + echo '# MariaDB 10.5 CentOS repository list - created 2019-11-23 15:00 UTC # http://downloads.mariadb.org/mariadb/repositories/ [mariadb] name = MariaDB -baseurl = http://yum.mariadb.org/10.5/centos${MAIN}-amd64 +baseurl = http://yum.mariadb.org/10.5/centos7-amd64 gpgkey=https://yum.mariadb.org/RPM-GPG-KEY-MariaDB -gpgcheck=1" > /etc/yum.repos.d/mariadb.repo - if [ $MAIN -eq 8 ]; then - echo "module_hotfixes=1" >> /etc/yum.repos.d/mariadb.repo +gpgcheck=1' >> /etc/yum.repos.d/mariadb.repo + else + echo '# MariaDB 10.5 CentOS repository list - created 2020-03-11 16:29 UTC +# http://downloads.mariadb.org/mariadb/repositories/ +[mariadb] +name = MariaDB +baseurl = http://yum.mariadb.org/10.5/centos8-amd64 +module_hotfixes=1 +gpgkey=https://yum.mariadb.org/RPM-GPG-KEY-MariaDB +gpgcheck=1' >> /etc/yum.repos.d/mariadb.repo + fi + fi + yum install -y MariaDB-server + else + $PMT update + $CMD_INSTALL mariadb-server fi - - yum remove -y MariaDB-server - rm -rf /var/lib/mysql - yum install -y MariaDB-server systemctl enable mariadb.service } installWordPress() { - yum install -y wget - mkdir -p /var/www; + mkdir -p /var/www wget https://cn.wordpress.org/latest-zh_CN.tar.gz - if [ ! -f latest-zh_CN.tar.gz ]; then + if [[ ! -f latest-zh_CN.tar.gz ]]; then colorEcho $RED " 下载WordPress失败,请稍后重试" exit 1 fi tar -zxf latest-zh_CN.tar.gz - rm -rf /var/www/${DOMAIN} - mv wordpress /var/www/${DOMAIN} + rm -rf /var/www/$DOMAIN + mv wordpress /var/www/$DOMAIN rm -rf latest-zh_CN.tar.gz } @@ -126,17 +183,6 @@ GRANT ALL PRIVILEGES ON ${DBNAME}.* to ${DBUSER}@'%'; FLUSH PRIVILEGES; EOF - #config php - sed -i 's/expose_php = On/expose_php = Off/' /etc/php.ini - line=`cat -n /etc/php.ini | grep 'date.timezone' | tail -n1 | awk '{print $1}'` - sed -i "${line}a date.timezone = Asia/Shanghai" /etc/php.ini - sed -i 's/;opcache.revalidate_freq=2/opcache.revalidate_freq=30/' /etc/php.d/10-opcache.ini - if [ $MAIN -eq 7 ]; then - sed -i 's/listen = 127.0.0.1:9000/listen = \/run\/php-fpm\/www.sock/' /etc/php-fpm.d/www.conf - fi - line=`cat -n /etc/php-fpm.d/www.conf | grep 'listen.mode' | tail -n1 | awk '{print $1}'` - sed -i "${line}a listen.mode=0666" /etc/php-fpm.d/www.conf - # config wordpress cd /var/www/$DOMAIN cp wp-config-sample.php wp-config.php @@ -153,20 +199,26 @@ EOF } s/put your unique phrase here/salt()/ge ' wp-config.php - #sed -i "23a define( 'WP_HOME', 'https://${DOMAIN}:${PORT}' );" wp-config.php - #sed -i "24a define( 'WP_SITEURL', 'https://${DOMAIN}:${PORT}' );" wp-config.php - - chown -R apache:apache /var/www/$DOMAIN - + if [[ "$PMT" = "yum" ]]; then + user="apache" + # config nginx + [[ $MAIN -eq 7 ]] && upstream="127.0.0.1:9000" || upstream="php-fpm" + else + user="www-data" + upstream="unix:/run/php/php7.4-fpm.sock" + fi + chown -R $user:$user /var/www/${DOMAIN} # config nginx - cat > /etc/nginx/conf.d/${DOMAIN}.conf<<-EOF + cat > $NGINX_CONFIG_FILE<<-EOF server { listen 80; + listen [::]:80; server_name ${DOMAIN}; return 301 https://\$server_name:${PORT}\$request_uri; } server { listen 8080; + listen 81 http2; server_name ${DOMAIN}; charset utf-8; @@ -182,7 +234,7 @@ server { location ~ \.php\$ { try_files \$uri =404; fastcgi_index index.php; - fastcgi_pass unix:/run/php-fpm/www.sock; + fastcgi_pass $upstream; include fastcgi_params; fastcgi_param SCRIPT_FILENAME \$document_root\$fastcgi_script_name; fastcgi_param SERVER_PORT ${PORT}; @@ -201,31 +253,141 @@ EOF sed -i -e "s/remote_port\":\s*[0-9]*/remote_port\": 8080/" $CONFIG_FILE # restart service - systemctl restart php-fpm mariadb nginx trojan + systemctl restart $PHP_SERVICE mariadb nginx trojan } -info() { +install() { + checkTrojan "install" + installPHP + installMysql + installWordPress colorEcho $BLUE " WordPress安装成功!" + + config + # restart service + systemctl restart $PHP_SERVICE mariadb nginx + + sleep 2 + statusText + echo "" + + showInfo +} + +uninstall() { + echo "" + colorEcho $RED " 该操作会删除所有WordPress文件,清空数据库!" + read -p " 确认卸载WordPress?[y/n]" answer + [[ "$answer" != "y" && "$answer" != "Y" ]] && exit 0 + + checkTrojan + systemctl stop mariadb + systemctl disable mariadb + if [[ "$PMT" = "yum" ]]; then + $CMD_REMOVE MariaDB-server + else + apt-get purge -y mariadb-* + fi + rm -rf /var/lib/mysql + + systemctl stop $PHP_SERVICE + systemctl disable $PHP_SERVICE + + rm -rf /var/www/${DOMAIN} + + colorEcho $GREEN " 卸载成功!" +} + +showInfo() { + checkTrojan + + if [[ -z ${DBNAME+x} ]]; then + wpconfig="/var/www/${DOMAIN}/wp-config.php" + DBUSER=`grep DB_USER $wpconfig | cut -d, -f2 | cut -d\) -f1 | tr -d \",\'' '` + DBNAME=`grep DB_NAME $wpconfig | cut -d, -f2 | cut -d\) -f1 | tr -d \",\'' '` + DBPASS=`grep DB_PASSWORD $wpconfig | cut -d, -f2 | cut -d\) -f1 | tr -d \",\'' '` + fi + if [[ "$PORT" = "443" ]]; then + url="https://$DOMAIN" + else + url="https://$DOMAIN:$PORT" + fi + colorEcho $BLUE " WordPress配置信息:" echo "===============================" echo -e " ${BLUE}WordPress安装路径:${PLAIN}${RED}/var/www/${DOMAIN}${PLAIN}" echo -e " ${BLUE}WordPress数据库:${PLAIN}${RED}${DBNAME}${PLAIN}" echo -e " ${BLUE}WordPress数据库用户名:${PLAIN}${RED}${DBUSER}${PLAIN}" echo -e " ${BLUE}WordPress数据库密码:${PLAIN}${RED}${DBPASS}${PLAIN}" - echo -e " ${BLUE}博客访问地址:${PLAIN}${RED}https://${DOMAIN}:${PORT}${PLAIN}" + echo -e " ${BLUE}WordPress网址:${PLAIN}${RED}$url${PLAIN}" echo "===============================" } -main() { - slogon - checkSystem - checkTrojan - installPHP - installMysql - installWordPress +help() { + echo "" + colorEcho $BLUE " Nginx操作:" + colorEcho $GREEN " 启动: systemctl start nginx" + colorEcho $GREEN " 停止:systemctl stop nginx" + colorEcho $GREEN " 重启:systemctl restart nginx" + echo " -------------" + colorEcho $BLUE " PHP操作:" + colorEcho $GREEN " 启动: systemctl start $PHP_SERVICE" + colorEcho $GREEN " 停止:systemctl stop $PHP_SERVICE" + colorEcho $GREEN " 重启:systemctl restart $PHP_SERVICE" + echo " -------------" + colorEcho $BLUE " Mysql操作:" + colorEcho $GREEN " 启动: systemctl start mariadb" + colorEcho $GREEN " 停止:systemctl stop mariadb" + colorEcho $GREEN " 重启:systemctl restart mariadb" +} - config +menu() { + clear + echo "#############################################################" + echo -e "# ${RED}WordPress一键安装脚本${PLAIN} #" + echo -e "# ${GREEN}作者${PLAIN}: 网络跳越(hijk) #" + echo -e "# ${GREEN}网址${PLAIN}: https://hijk.art #" + echo -e "# ${GREEN}论坛${PLAIN}: https://hijk.club #" + echo -e "# ${GREEN}TG群${PLAIN}: https://t.me/hijkclub #" + echo -e "# ${GREEN}Youtube频道${PLAIN}: https://youtube.com/channel/UCYTB--VsObzepVJtc9yvUxQ #" + echo "#############################################################" + echo + colorEcho $YELLOW " 该脚本仅适用于 https://hijk.art 网站上的trojan一键脚本安装wordpress用!" + echo + echo -e " ${GREEN}1.${PLAIN} 安装WordPress" + echo -e " ${GREEN}2.${PLAIN} 卸载WordPress" + echo -e " ${GREEN}3.${PLAIN} 查看WordPress配置" + echo -e " ${GREEN}4.${PLAIN} 查看操作帮助" + echo " -------------" + echo -e " ${GREEN}0.${PLAIN} 退出" + echo -n " 当前状态:" + statusText + echo - info + echo "" + read -p " 请选择操作[0-17]:" answer + case $answer in + 0) + exit 0 + ;; + 1) + install + ;; + 2) + uninstall + ;; + 3) + showInfo + ;; + 4) + help + ;; + *) + colorEcho $RED " 请选择正确的操作!" + exit 1 + ;; + esac } -main +checkSystem + +menu diff --git a/xray.sh b/xray.sh index ab0dd4f1..eb7cad83 100644 --- a/xray.sh +++ b/xray.sh @@ -1,5 +1,5 @@ #!/bin/bash -# MTProto一键安装脚本 +# xray一键安装脚本 # Author: hijk @@ -14,15 +14,20 @@ PLAIN='\033[0m' SITES=( http://www.zhuizishu.com/ http://xs.56dyc.com/ -http://www.xiaoshuosk.com/ -https://www.quledu.net/ +#http://www.xiaoshuosk.com/ +#https://www.quledu.net/ http://www.ddxsku.com/ http://www.biqu6.com/ https://www.wenshulou.cc/ -http://www.auutea.com/ +#http://www.auutea.com/ http://www.55shuba.com/ http://www.39shubao.com/ https://www.23xsw.cc/ +#https://www.huanbige.com/ +https://www.jueshitangmen.info/ +https://www.zhetian.org/ +http://www.bequgexs.com/ +http://www.tjwl.com/ ) CONFIG_FILE="/usr/local/etc/xray/config.json" @@ -112,7 +117,7 @@ status() { return fi port=`grep port $CONFIG_FILE| head -n 1| cut -d: -f2| tr -d \",' '` - res=`ss -ntlp| grep ${port} | grep -i xray` + res=`ss -nutlp| grep ${port} | grep -i xray` if [[ -z "$res" ]]; then echo 2 return @@ -121,7 +126,7 @@ status() { if [[ `configNeedNginx` != "yes" ]]; then echo 3 else - res=`ss -ntlp|grep -i nginx` + res=`ss -nutlp|grep -i nginx` if [[ -z "$res" ]]; then echo 4 else @@ -157,6 +162,9 @@ normalizeVersion() { v*) echo "$1" ;; + http*) + echo "v1.4.2" + ;; *) echo "v$1" ;; @@ -317,7 +325,7 @@ getData() { echo " 4) 微信视频通话" echo " 5) dtls" echo " 6) wiregard" - read -p " 请选择伪装类型[默认:无]" answer + read -p " 请选择伪装类型[默认:无]:" answer case $answer in 2) HEADER_TYPE="utp" @@ -354,7 +362,8 @@ getData() { colorEcho $BLUE " 请选择流控模式:" echo -e " 1) xtls-rprx-direct [$RED推荐$PLAIN]" echo " 2) xtls-rprx-origin" - read -p " 请选择流控模式[默认:origin]" answer + read -p " 请选择流控模式[默认:direct]" answer + [[ -z "$answer" ]] && answer=1 case $answer in 1) FLOW="xtls-rprx-direct" @@ -363,8 +372,8 @@ getData() { FLOW="xtls-rprx-origin" ;; *) - colorEcho $RED " 无效选项,使用默认的xtls-rprx-origin" - FLOW="xtls-rprx-origin" + colorEcho $RED " 无效选项,使用默认的xtls-rprx-direct" + FLOW="xtls-rprx-direct" ;; esac colorEcho $BLUE " 流控模式:$FLOW" @@ -374,7 +383,7 @@ getData() { echo "" while true do - read -p " 请输入伪装路径,以/开头:" WSPATH + read -p " 请输入伪装路径,以/开头(不懂请直接回车):" WSPATH if [[ -z "${WSPATH}" ]]; then len=`shuf -i5-12 -n1` ws=`cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w $len | head -n 1` @@ -397,11 +406,11 @@ getData() { echo " 1) 静态网站(位于/usr/share/nginx/html)" echo " 2) 小说站(随机选择)" echo " 3) 美女站(https://imeizi.me)" - echo " 4) VPS优惠博客(https://vpsgongyi.com)" + echo " 4) 高清壁纸站(https://bing.imeizi.me)" echo " 5) 自定义反代站点(需以http或者https开头)" - read -p " 请选择伪装网站类型[默认:美女站]" answer + read -p " 请选择伪装网站类型[默认:高清壁纸站]" answer if [[ -z "$answer" ]]; then - PROXY_URL="https://imeizi.me" + PROXY_URL="https://bing.imeizi.me" else case $answer in 1) @@ -427,7 +436,7 @@ getData() { PROXY_URL="https://imeizi.me" ;; 4) - PROXY_URL="https://vpsgongyi.com" + PROXY_URL="https://bing.imeizi.me" ;; 5) read -p " 请输入反代站点(以http或者https开头):" PROXY_URL @@ -474,9 +483,22 @@ installNginx() { colorEcho $BLUE " 安装nginx..." if [[ "$BT" = "false" ]]; then if [[ "$PMT" = "yum" ]]; then - $CMD_INSTALL epel-release + $CMD_INSTALL epel-release + if [[ "$?" != "0" ]]; then + echo '[nginx-stable] +name=nginx stable repo +baseurl=http://nginx.org/packages/centos/$releasever/$basearch/ +gpgcheck=1 +enabled=1 +gpgkey=https://nginx.org/keys/nginx_signing.key +module_hotfixes=true' > /etc/yum.repos.d/nginx.repo + fi fi $CMD_INSTALL nginx + if [[ "$?" != "0" ]]; then + colorEcho $RED " Nginx安装失败,请到 https://hijk.art 反馈" + exit 1 + fi systemctl enable nginx else res=`which nginx 2>/dev/null` @@ -529,12 +551,22 @@ getCert() { systemctl start cron systemctl enable cron fi - curl -sL https://get.acme.sh | sh + curl -sL https://get.acme.sh | sh -s email=hijk.pw@protonmail.sh source ~/.bashrc - ~/.acme.sh/acme.sh --issue -d $DOMAIN --standalone + ~/.acme.sh/acme.sh --upgrade --auto-upgrade + ~/.acme.sh/acme.sh --set-default-ca --server letsencrypt + if [[ "$BT" = "false" ]]; then + ~/.acme.sh/acme.sh --issue -d $DOMAIN --keylength ec-256 --pre-hook "systemctl stop nginx" --post-hook "systemctl restart nginx" --standalone + else + ~/.acme.sh/acme.sh --issue -d $DOMAIN --keylength ec-256 --pre-hook "nginx -s stop || { echo -n ''; }" --post-hook "nginx -c /www/server/nginx/conf/nginx.conf || { echo -n ''; }" --standalone + fi + [[ -f ~/.acme.sh/${DOMAIN}_ecc/ca.cer ]] || { + colorEcho $RED " 获取证书失败,请复制上面的红色文字到 https://hijk.art 反馈" + exit 1 + } CERT_FILE="/usr/local/etc/xray/${DOMAIN}.pem" KEY_FILE="/usr/local/etc/xray/${DOMAIN}.key" - ~/.acme.sh/acme.sh --install-cert -d $DOMAIN \ + ~/.acme.sh/acme.sh --install-cert -d $DOMAIN --ecc \ --key-file $KEY_FILE \ --fullchain-file $CERT_FILE \ --reloadcmd "service nginx force-reload" @@ -553,6 +585,9 @@ configNginx() { if [[ "$ALLOW_SPIDER" = "n" ]]; then echo 'User-Agent: *' > /usr/share/nginx/html/robots.txt echo 'Disallow: /' >> /usr/share/nginx/html/robots.txt + ROBOT_CONFIG=" location = /robots.txt {}" + else + ROBOT_CONFIG="" fi if [[ "$BT" = "false" ]]; then @@ -648,8 +683,7 @@ server { location / { $action } - location = /robots.txt { - } + $ROBOT_CONFIG location ${WSPATH} { proxy_redirect off; @@ -671,13 +705,13 @@ EOF server { listen 80; listen [::]:80; + listen 81 http2; server_name ${DOMAIN}; root /usr/share/nginx/html; location / { $action } - location = /robots.txt { - } + $ROBOT_CONFIG } EOF fi @@ -700,6 +734,7 @@ setFirewall() { firewall-cmd --permanent --add-service=https if [[ "$PORT" != "443" ]]; then firewall-cmd --permanent --add-port=${PORT}/tcp + firewall-cmd --permanent --add-port=${PORT}/udp fi firewall-cmd --reload else @@ -709,6 +744,7 @@ setFirewall() { iptables -I INPUT -p tcp --dport 443 -j ACCEPT if [[ "$PORT" != "443" ]]; then iptables -I INPUT -p tcp --dport ${PORT} -j ACCEPT + iptables -I INPUT -p udp --dport ${PORT} -j ACCEPT fi fi fi @@ -721,6 +757,7 @@ setFirewall() { iptables -I INPUT -p tcp --dport 443 -j ACCEPT if [[ "$PORT" != "443" ]]; then iptables -I INPUT -p tcp --dport ${PORT} -j ACCEPT + iptables -I INPUT -p udp --dport ${PORT} -j ACCEPT fi fi else @@ -732,6 +769,7 @@ setFirewall() { ufw allow https/tcp if [[ "$PORT" != "443" ]]; then ufw allow ${PORT}/tcp + ufw allow ${PORT}/udp fi fi fi @@ -748,8 +786,6 @@ installBBR() { if [[ "$result" != "" ]]; then colorEcho $BLUE " BBR模块已安装" INSTALL_BBR=false - echo "3" > /proc/sys/net/ipv4/tcp_fastopen - echo "net.ipv4.tcp_fastopen = 3" >> /etc/sysctl.conf return fi res=`hostnamectl | grep -i openvz` @@ -761,7 +797,6 @@ installBBR() { echo "net.core.default_qdisc=fq" >> /etc/sysctl.conf echo "net.ipv4.tcp_congestion_control=bbr" >> /etc/sysctl.conf - echo "net.ipv4.tcp_fastopen = 3" >> /etc/sysctl.conf sysctl -p result=$(lsmod | grep bbr) if [[ "$result" != "" ]]; then @@ -779,14 +814,12 @@ installBBR() { $CMD_REMOVE kernel-3.* grub2-set-default 0 echo "tcp_bbr" >> /etc/modules-load.d/modules.conf - echo "3" > /proc/sys/net/ipv4/tcp_fastopen INSTALL_BBR=true fi else $CMD_INSTALL --install-recommends linux-generic-hwe-16.04 grub-set-default 0 echo "tcp_bbr" >> /etc/modules-load.d/modules.conf - echo "3" > /proc/sys/net/ipv4/tcp_fastopen INSTALL_BBR=true fi } @@ -801,6 +834,7 @@ installXray() { colorEcho $RED " 下载Xray文件失败,请检查服务器网络设置" exit 1 fi + systemctl stop xray mkdir -p /usr/local/etc/xray /usr/local/share/xray && \ unzip /tmp/xray/xray.zip -d /tmp/xray cp /tmp/xray/xray /usr/local/bin @@ -818,8 +852,9 @@ After=network.target nss-lookup.target [Service] User=root -CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE -AmbientCapabilities=CAP_NET_ADMIN CAP_NET_BIND_SERVICE +#User=nobody +#CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE +#AmbientCapabilities=CAP_NET_ADMIN CAP_NET_BIND_SERVICE NoNewPrivileges=true ExecStart=/usr/local/bin/xray run -config /usr/local/etc/xray/config.json Restart=on-failure @@ -843,6 +878,16 @@ trojanConfig() { { "password": "$PASSWORD" } + ], + "fallbacks": [ + { + "alpn": "http/1.1", + "dest": 80 + }, + { + "alpn": "h2", + "dest": 81 + } ] }, "streamSettings": { @@ -850,6 +895,7 @@ trojanConfig() { "security": "tls", "tlsSettings": { "serverName": "$DOMAIN", + "alpn": ["http/1.1", "h2"], "certificates": [ { "certificateFile": "$CERT_FILE", @@ -866,16 +912,7 @@ trojanConfig() { "protocol": "blackhole", "settings": {}, "tag": "blocked" - }], - "routing": { - "rules": [ - { - "type": "field", - "ip": ["geoip:private"], - "outboundTag": "blocked" - } - ] - } + }] } EOF } @@ -892,6 +929,16 @@ trojanXTLSConfig() { "password": "$PASSWORD", "flow": "$FLOW" } + ], + "fallbacks": [ + { + "alpn": "http/1.1", + "dest": 80 + }, + { + "alpn": "h2", + "dest": 81 + } ] }, "streamSettings": { @@ -899,9 +946,7 @@ trojanXTLSConfig() { "security": "xtls", "xtlsSettings": { "serverName": "$DOMAIN", - "alpn": [ - "http/1.1" - ], + "alpn": ["http/1.1", "h2"], "certificates": [ { "certificateFile": "$CERT_FILE", @@ -918,16 +963,7 @@ trojanXTLSConfig() { "protocol": "blackhole", "settings": {}, "tag": "blocked" - }], - "routing": { - "rules": [ - { - "type": "field", - "ip": ["geoip:private"], - "outboundTag": "blocked" - } - ] - } + }] } EOF } @@ -957,16 +993,7 @@ vmessConfig() { "protocol": "blackhole", "settings": {}, "tag": "blocked" - }], - "routing": { - "rules": [ - { - "type": "field", - "ip": ["geoip:private"], - "outboundTag": "blocked" - } - ] - } + }] } EOF } @@ -1008,16 +1035,7 @@ vmessKCPConfig() { "protocol": "blackhole", "settings": {}, "tag": "blocked" - }], - "routing": { - "rules": [ - { - "type": "field", - "ip": ["geoip:private"], - "outboundTag": "blocked" - } - ] - } + }] } EOF } @@ -1044,6 +1062,7 @@ vmessTLSConfig() { "security": "tls", "tlsSettings": { "serverName": "$DOMAIN", + "alpn": ["http/1.1", "h2"], "certificates": [ { "certificateFile": "$CERT_FILE", @@ -1060,16 +1079,7 @@ vmessTLSConfig() { "protocol": "blackhole", "settings": {}, "tag": "blocked" - }], - "routing": { - "rules": [ - { - "type": "field", - "ip": ["geoip:private"], - "outboundTag": "blocked" - } - ] - } + }] } EOF } @@ -1109,16 +1119,7 @@ vmessWSConfig() { "protocol": "blackhole", "settings": {}, "tag": "blocked" - }], - "routing": { - "rules": [ - { - "type": "field", - "ip": ["geoip:private"], - "outboundTag": "blocked" - } - ] - } + }] } EOF } @@ -1140,7 +1141,12 @@ vlessTLSConfig() { "decryption": "none", "fallbacks": [ { + "alpn": "http/1.1", "dest": 80 + }, + { + "alpn": "h2", + "dest": 81 } ] }, @@ -1149,9 +1155,7 @@ vlessTLSConfig() { "security": "tls", "tlsSettings": { "serverName": "$DOMAIN", - "alpn": [ - "http/1.1" - ], + "alpn": ["http/1.1", "h2"], "certificates": [ { "certificateFile": "$CERT_FILE", @@ -1168,16 +1172,7 @@ vlessTLSConfig() { "protocol": "blackhole", "settings": {}, "tag": "blocked" - }], - "routing": { - "rules": [ - { - "type": "field", - "ip": ["geoip:private"], - "outboundTag": "blocked" - } - ] - } + }] } EOF } @@ -1200,7 +1195,12 @@ vlessXTLSConfig() { "decryption": "none", "fallbacks": [ { + "alpn": "http/1.1", "dest": 80 + }, + { + "alpn": "h2", + "dest": 81 } ] }, @@ -1209,9 +1209,7 @@ vlessXTLSConfig() { "security": "xtls", "xtlsSettings": { "serverName": "$DOMAIN", - "alpn": [ - "http/1.1" - ], + "alpn": ["http/1.1", "h2"], "certificates": [ { "certificateFile": "$CERT_FILE", @@ -1228,16 +1226,7 @@ vlessXTLSConfig() { "protocol": "blackhole", "settings": {}, "tag": "blocked" - }], - "routing": { - "rules": [ - { - "type": "field", - "ip": ["geoip:private"], - "outboundTag": "blocked" - } - ] - } + }] } EOF } @@ -1277,16 +1266,7 @@ vlessWSConfig() { "protocol": "blackhole", "settings": {}, "tag": "blocked" - }], - "routing": { - "rules": [ - { - "type": "field", - "ip": ["geoip:private"], - "outboundTag": "blocked" - } - ] - } + }] } EOF } @@ -1329,16 +1309,7 @@ vlessKCPConfig() { "protocol": "blackhole", "settings": {}, "tag": "blocked" - }], - "routing": { - "rules": [ - { - "type": "field", - "ip": ["geoip:private"], - "outboundTag": "blocked" - } - ] - } + }] } EOF } @@ -1395,6 +1366,7 @@ install() { getData $PMT clean all + [[ "$PMT" = "apt" ]] && $PMT update #echo $CMD_UPGRADE | bash $CMD_INSTALL wget vim unzip tar gcc openssl $CMD_INSTALL net-tools @@ -1472,6 +1444,12 @@ update() { } uninstall() { + res=`status` + if [[ $res -lt 2 ]]; then + colorEcho $RED " Xray未安装,请先安装!" + return + fi + echo "" read -p " 确定卸载Xray?[y/n]:" answer if [[ "${answer,,}" = "y" ]]; then @@ -1517,7 +1495,7 @@ start() { sleep 2 port=`grep port $CONFIG_FILE| head -n 1| cut -d: -f2| tr -d \",' '` - res=`ss -ntlp| grep ${port} | grep -i xray` + res=`ss -nutlp| grep ${port} | grep -i xray` if [[ "$res" = "" ]]; then colorEcho $RED " Xray启动失败,请检查日志或查看端口是否被占用!" else @@ -1681,7 +1659,7 @@ outputVmessTLS() { echo -e " ${BLUE}额外id(alterid):${PLAIN} ${RED}${alterid}${PLAIN}" echo -e " ${BLUE}加密方式(security):${PLAIN} ${RED}none${PLAIN}" echo -e " ${BLUE}传输协议(network):${PLAIN} ${RED}${network}${PLAIN}" - echo -e " ${BLUE}伪装域名/主机名(host):${PLAIN}${RED}${domain}${PLAIN}" + echo -e " ${BLUE}伪装域名/主机名(host)/SNI/peer名称:${PLAIN}${RED}${domain}${PLAIN}" echo -e " ${BLUE}底层安全传输(tls):${PLAIN}${RED}TLS${PLAIN}" echo echo -e " ${BLUE}vmess链接: ${PLAIN}$RED$link$PLAIN" @@ -1711,7 +1689,7 @@ outputVmessWS() { echo -e " ${BLUE}加密方式(security):${PLAIN} ${RED}none${PLAIN}" echo -e " ${BLUE}传输协议(network):${PLAIN} ${RED}${network}${PLAIN}" echo -e " ${BLUE}伪装类型(type):${PLAIN}${RED}none$PLAIN" - echo -e " ${BLUE}伪装域名/主机名(host):${PLAIN}${RED}${domain}${PLAIN}" + echo -e " ${BLUE}伪装域名/主机名(host)/SNI/peer名称:${PLAIN}${RED}${domain}${PLAIN}" echo -e " ${BLUE}路径(path):${PLAIN}${RED}${wspath}${PLAIN}" echo -e " ${BLUE}底层安全传输(tls):${PLAIN}${RED}TLS${PLAIN}" echo @@ -1725,9 +1703,10 @@ showInfo() { return fi - echo + echo "" echo -n -e " ${BLUE}Xray运行状态:${PLAIN}" statusText + echo -e " ${BLUE}Xray配置文件: ${PLAIN} ${RED}${CONFIG_FILE}${PLAIN}" colorEcho $BLUE " Xray配置信息:" getConfigFileInfo @@ -1768,7 +1747,7 @@ showInfo() { echo -e " ${BLUE}加密(encryption):${PLAIN} ${RED}none${PLAIN}" echo -e " ${BLUE}传输协议(network):${PLAIN} ${RED}${network}${PLAIN}" echo -e " ${BLUE}伪装类型(type):${PLAIN}${RED}none$PLAIN" - echo -e " ${BLUE}伪装域名/主机名(host):${PLAIN}${RED}${domain}${PLAIN}" + echo -e " ${BLUE}伪装域名/主机名(host)/SNI/peer名称:${PLAIN}${RED}${domain}${PLAIN}" echo -e " ${BLUE}底层安全传输(tls):${PLAIN}${RED}XTLS${PLAIN}" elif [[ "$ws" = "false" ]]; then echo -e " ${BLUE}IP(address): ${PLAIN}${RED}${IP}${PLAIN}" @@ -1778,7 +1757,7 @@ showInfo() { echo -e " ${BLUE}加密(encryption):${PLAIN} ${RED}none${PLAIN}" echo -e " ${BLUE}传输协议(network):${PLAIN} ${RED}${network}${PLAIN}" echo -e " ${BLUE}伪装类型(type):${PLAIN}${RED}none$PLAIN" - echo -e " ${BLUE}伪装域名/主机名(host):${PLAIN}${RED}${domain}${PLAIN}" + echo -e " ${BLUE}伪装域名/主机名(host)/SNI/peer名称:${PLAIN}${RED}${domain}${PLAIN}" echo -e " ${BLUE}底层安全传输(tls):${PLAIN}${RED}TLS${PLAIN}" else echo -e " ${BLUE}IP(address): ${PLAIN} ${RED}${IP}${PLAIN}" @@ -1788,7 +1767,7 @@ showInfo() { echo -e " ${BLUE}加密(encryption):${PLAIN} ${RED}none${PLAIN}" echo -e " ${BLUE}传输协议(network):${PLAIN} ${RED}${network}${PLAIN}" echo -e " ${BLUE}伪装类型(type):${PLAIN}${RED}none$PLAIN" - echo -e " ${BLUE}伪装域名/主机名(host):${PLAIN}${RED}${domain}${PLAIN}" + echo -e " ${BLUE}伪装域名/主机名(host)/SNI/peer名称:${PLAIN}${RED}${domain}${PLAIN}" echo -e " ${BLUE}路径(path):${PLAIN}${RED}${wspath}${PLAIN}" echo -e " ${BLUE}底层安全传输(tls):${PLAIN}${RED}TLS${PLAIN}" fi @@ -1827,7 +1806,7 @@ menu() { echo -e " ${GREEN}10.${PLAIN} 安装${BLUE}trojan+XTLS${PLAIN}${RED}(推荐)${PLAIN}" echo " -------------" echo -e " ${GREEN}11.${PLAIN} 更新Xray" - echo -e " ${GREEN}12.${PLAIN} 卸载Xray" + echo -e " ${GREEN}12. ${RED}卸载Xray${PLAIN}" echo " -------------" echo -e " ${GREEN}13.${PLAIN} 启动Xray" echo -e " ${GREEN}14.${PLAIN} 重启Xray" @@ -1925,4 +1904,14 @@ menu() { checkSystem -menu +action=$1 +[[ -z $1 ]] && action=menu +case "$action" in + menu|update|uninstall|start|restart|stop|showInfo|showLog) + ${action} + ;; + *) + echo " 参数错误" + echo " 用法: `basename $0` [menu|update|uninstall|start|restart|stop|showInfo|showLog]" + ;; +esac