zeaslity/shell-scripts
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

first-commit

Browse Source
This commit is contained in:
zeaslity
2023-05-15 16:49:09 +08:00
commit 06cba6ca3c
816 changed files with 157018 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

76
v2ray示例/旁路由-透明代理/HomeProxy/Tproxy/iptables-homeProxy-实际使用.sh Normal file
View File

@@ -0,0 +1,76 @@
#!/usr/bin/env bash
# 设置策略路由
# 添加路由表 100
sudo ip route add local default dev lo table 100
# 为路由表 100 设定规则
+ip rule add fwmark 1 table 100
# 创建XRAY过滤器链
iptables -t mangle -N XRAY
# 代理局域网设备
iptables -t mangle -A XRAY -d 10.0.0.0/8 -j RETURN
iptables -t mangle -A XRAY -d 100.64.0.0/10 -j RETURN
iptables -t mangle -A XRAY -d 127.0.0.0/8 -j RETURN
iptables -t mangle -A XRAY -d 169.254.0.0/16 -j RETURN
iptables -t mangle -A XRAY -d 172.0.0.0/8 -j RETURN
iptables -t mangle -A XRAY -d 224.0.0.0/4 -j RETURN
iptables -t mangle -A XRAY -d 255.255.255.255/32 -j RETURN
# 直连局域网,避免 XRAY 无法启动时无法连网关的 SSH如果你配置的是其他网段如 10.x.x.x 等),则修改成自己的
iptables -t mangle -A XRAY -d 192.168.233.0/24 -p tcp -j RETURN
# 直连局域网53 端口除外(因为要使用 XRAY 的 DNS)
iptables -t mangle -A XRAY -d 192.168.233.0/24 -p udp ! --dport 53 -j RETURN
# 给 UDP 打标记 1转发至 12345 端口
iptables -t mangle -A XRAY -i ens3 -p udp -j TPROXY --on-port 12345 --tproxy-mark 1
# 给 TCP 打标记 1转发至 12345 端口
iptables -t mangle -A XRAY -i ens3 -p tcp -j TPROXY --on-port 12345 --tproxy-mark 1
# 应用规则
iptables -t mangle -A PREROUTING -j XRAY
# 代理网关本机
iptables -t mangle -N XRAY_SELF
iptables -t mangle -A XRAY -d 10.0.0.0/8 -j RETURN
iptables -t mangle -A XRAY -d 100.64.0.0/10 -j RETURN
iptables -t mangle -A XRAY -d 127.0.0.0/8 -j RETURN
iptables -t mangle -A XRAY -d 169.254.0.0/16 -j RETURN
iptables -t mangle -A XRAY -d 172.0.0.0/8 -j RETURN
iptables -t mangle -A XRAY -d 224.0.0.0/4 -j RETURN
iptables -t mangle -A XRAY -d 255.255.255.255/32 -j RETURN
iptables -t mangle -A XRAY_SELF -d 192.168.233.0/24 -p tcp -j RETURN # 直连局域网
# 直连局域网53 端口除外(因为要使用 XRAY 的 DNS
iptables -t mangle -A XRAY_SELF -d 192.168.233.0/24 -p udp ! --dport 53 -j RETURN
# 除了上述的所有流量均为进入PostRouting的流量需要判定mark标记然后释放
iptables -t mangle -A XRAY_SELF -m mark --mark 23 -j RETURN
# 为CoreDNS开启PostRouting流量
# 请求UDP-53的流量 放行请求国内dns的请求直接出去
iptables -t mangle -A XRAY_SELF -i ens3 -p udp --dport 53 -j RETURN
# 请求DNS over TLS - 853 的流量 需要重新回到Xray中走代理
#iptables -t mangle -A XRAY_SELF -p tcp --dport 853 -j RETURN
#iptables -t mangle -A XRAY_SELF -p udp --dport 853 -j RETURN
# 所有其他流量,需要重路由
# 给 UDP 打标记,重路由
iptables -t mangle -A XRAY_SELF -i ens3 -p udp -j MARK --set-mark 1
# 给 TCP 打标记,重路由
iptables -t mangle -A XRAY_SELF -i ens3 -p tcp -j MARK --set-mark 1
# 应用规则
iptables -t mangle -A OUTPUT -j XRAY_SELF
# 新建 DIVERT 规则,避免已有连接的包二次通过 TPROXY理论上有一定的性能提升
iptables -t mangle -N DIVERT
iptables -t mangle -A DIVERT -i ens3 -j MARK --set-mark 1
iptables -t mangle -A DIVERT -j ACCEPT
iptables -t mangle -I PREROUTING -p tcp -m socket -j DIVERT

18
v2ray示例/旁路由-透明代理/HomeProxy/Tproxy/remove-tporxy-iptables.sh Normal file
View File

@@ -0,0 +1,18 @@
#!/usr/bin/ bash
iptables -t mangle -F XRAY
iptables -t mangle -F XRAY_SELF
iptables -t mangle -F DIVERT
iptables -t mangle -D PREROUTING -j XRAY
iptables -t mangle -D PREROUTING 1
iptables -t mangle -X XRAY
iptables -t mangle -X DIVERT
iptables -t mangle -D OUTPUT -j XRAY_SELF
iptables -t mangle -X XRAY_SELF
sudo ip route del local default dev lo table 100
iptables -t mangle -nL --line-number

185
v2ray示例/旁路由-透明代理/HomeProxy/Xray-Config/Home-Gateway使用的Xray-配置.json Normal file
View File

@@ -0,0 +1,185 @@
{
"log": {
"loglevel": "warning",
"error": "/var/log/xray/error.log",
"access": "/var/log/xray/access.log"
},
"inbounds": [
{
"tag": "all-in",
"port": 12345,
"protocol": "dokodemo-door",
"settings": {
"network": "tcp,udp",
"followRedirect": true
},
"sniffing": {
"enabled": true,
"destOverride": [
"http",
"tls"
]
},
"streamSettings": {
"sockopt": {
"tproxy": "tproxy"
}
}
},
{
"protocol": "socks",
"port": 22999,
"listen": "0.0.0.0",
"sniffing": {
"enabled": true,
"destOverride": [
"http",
"tls"
]
},
"settings": {
"auth": "noauth",
"udp": true,
"userLevel": 10
},
"streamSettings": {
"sockopt": {
"tproxy": "tproxy"
}
}
}
],
"outbounds": [
{
"tag": "direct",
"protocol": "freedom",
"settings": {
"domainStrategy": "UseIPv4"
},
"streamSettings": {
"sockopt": {
"mark": 233
}
}
},
{
"tag": "proxy",
"protocol": "vless",
"settings": {
"vnext": [
{
"address": "43.154.83.213",
"port": 29999,
"users": [
{
"id": "fc903f5d-a007-482b-928c-570da9a851f9",
"alterId": 0,
"email": "192.168.11.19@qq.com",
"security": "auto",
"encryption": "none",
"flow": "xtls-rprx-direct"
}
]
}
]
},
"streamSettings": {
"network": "tcp",
"security": "xtls",
"xtlsSettings": {
"serverName": "tencent-hk-11.17.107421.xyz",
"allowInsecure": true,
"rejectUnknownSni": false,
"alpn": [
"h2",
"http/1.1"
],
"minVersion": "1.2",
"maxVersion": "1.3"
},
"sockopt": {
"mark": 233
}
}
},
{
"tag": "block",
"protocol": "blackhole",
"settings": {
"response": {
"type": "http"
}
}
},
{
"tag": "dns-out",
"protocol": "dns",
"streamSettings": {
"sockopt": {
"mark": 233
}
}
}
],
"dns": {
"hosts": {
"proxy.io": "192.168.233.2"
},
"servers": [
{
"address": "223.5.5.5",
"port": 53,
"domains": [
"geosite:cn"
],
"expectIPs": [
"geoip:cn"
]
},
{
"address": "8.8.8.8",
"port": 53,
"domains": [
"geosite:geolocation-!cn"
]
},
"https+local://doh.dns.sb/dns-query"
]
},
"routing": {
"domainStrategy": "IPIfNonMatch",
"rules": [
{
"type": "field",
"inboundTag": [
"all-in"
],
"port": 53,
"outboundTag": "dns-out"
},
{
"type": "field",
"ip": [
"8.8.8.8",
"1.1.1.1"
],
"outboundTag": "proxy"
},
{
"type": "field",
"domain": [
"geosite:category-ads-all"
],
"outboundTag": "block"
},
{
"type": "field",
"domain": [
"travel.state.gov",
"geosite:geolocation-!cn"
],
"outboundTag": "proxy"
}
]
}
}

164
v2ray示例/旁路由-透明代理/HomeProxy/Xray-Config/xray-config-HomeProxy-with-CoreDNS.json Normal file
View File

@@ -0,0 +1,164 @@
// 为了更好的分流体验,请替换默认路由规则文件为 Loyalsoldier/v2ray-rules-dat否则 Xray-core 将无法加载本配置。
//
//sudo curl -oL /usr/local/share/xray/geoip.dat https://cdn.jsdelivr.net/gh/Loyalsoldier/v2ray-rules-dat@release/geoip.dat
//sudo curl -oL /usr/local/share/xray/geosite.dat https://cdn.jsdelivr.net/gh/Loyalsoldier/v2ray-rules-dat@release/geosite.dat
// https://xtls.github.io/document/level-2/tproxy.html#xray-%E9%85%8D%E7%BD%AE
{
"log": {
"loglevel": "warning",
"error": "/var/log/xray/error.log",
"access": "/var/log/xray/access.log"
},
"inbounds": [
{
"tag": "dns-in",
"port": 53,
"protocol": "dokodemo-door",
"settings": {
"address": "192.168.233.2",
"port": 5353,
"network": "udp",
"userLevel": 1
}
},
{
"tag": "all-in",
"port": 12345,
"protocol": "dokodemo-door",
"settings": {
"network": "tcp,udp",
"followRedirect": true
},
"sniffing": {
"enabled": true,
"destOverride": [
"http",
"tls"
]
},
"streamSettings": {
"sockopt": {
"tproxy": "tproxy"
}
}
},
{
"protocol": "socks",
"port": 22999,
"listen": "0.0.0.0",
"sniffing": {
"enabled": true,
"destOverride": [
"http",
"tls"
]
},
"settings": {
"auth": "noauth",
"udp": true,
"userLevel": 10
},
"streamSettings": {
"sockopt": {
"tproxy": "tproxy"
}
}
}
],
"outbounds": [
{
"tag": "proxy",
"protocol": "vless",
"settings": {
"vnext": [
{
"address": "43.154.83.213",
"port": 29999,
"users": [
{
"id": "fc903f5d-a007-482b-928c-570da9a851f9",
"alterId": 0,
"email": "192.168.11.19@qq.com",
"security": "auto",
"encryption": "none",
"flow": "xtls-rprx-direct"
}
]
}
]
},
"streamSettings": {
"network": "tcp",
"security": "xtls",
"xtlsSettings": {
"serverName": "tencent-hk-11.17.107421.xyz",
"allowInsecure": true,
"rejectUnknownSni": false,
"alpn": [
"h2",
"http/1.1"
],
"minVersion": "1.2",
"maxVersion": "1.3"
},
"sockopt": {
"mark": 23
}
}
},
{
"tag": "direct",
"protocol": "freedom",
"settings": {
"domainStrategy": "UseIPv4"
},
"streamSettings": {
"sockopt": {
"mark": 23
}
}
},
{
"tag": "block",
"protocol": "blackhole"
}
],
"routing": {
"domainStrategy": "IPIfNonMatch",
"rules": [
{
"type": "field",
"ip": [
"geoip:private",
"geoip:cn"
],
"domain": [
"geosite:cn",
"geosite:apple-cn"
],
"outboundTag": "direct"
},
{
"type": "field",
"ip": [
"8.8.8.8",
"8.8.4.4",
"1.1.1.1",
"1.0.0.1"
],
"domain": [
"geosite:geolocation-!cn"
],
"outboundTag": "proxy"
},
{
"type": "field",
"domain": [
"geosite:category-ads-all"
],
"outboundTag": "block"
}
]
}
}

167
v2ray示例/旁路由-透明代理/HomeProxy/Xray-Config/实际-简洁路由HomeProxy-with-CoreDNS.json Normal file
View File

@@ -0,0 +1,167 @@
{
"log": {
"loglevel": "warning",
"error": "/var/log/xray/error.log",
"access": "/var/log/xray/access.log"
},
"inbounds": [
{
"tag": "dns-in",
"port": 53,
"protocol": "dokodemo-door",
"settings": {
"address": "192.168.233.2",
"port": 5353,
"network": "udp",
"userLevel": 1
}
},
{
"tag": "all-in",
"port": 12345,
"protocol": "dokodemo-door",
"settings": {
"network": "tcp,udp",
"followRedirect": true
},
"sniffing": {
"enabled": true,
"destOverride": [
"http",
"tls"
]
},
"streamSettings": {
"sockopt": {
"tproxy": "tproxy"
}
}
},
{
"protocol": "socks",
"port": 22999,
"listen": "0.0.0.0",
"sniffing": {
"enabled": true,
"destOverride": [
"http",
"tls"
]
},
"settings": {
"auth": "noauth",
"udp": true,
"userLevel": 10
},
"streamSettings": {
"sockopt": {
"tproxy": "tproxy"
}
}
}
],
"outbounds": [
{
"tag": "direct",
"protocol": "freedom",
"settings": {
"domainStrategy": "UseIPv4"
},
"streamSettings": {
"sockopt": {
"mark": 23
}
}
},
{
"tag": "proxy",
"protocol": "vless",
"settings": {
"vnext": [
{
"address": "43.154.83.213",
"port": 29999,
"users": [
{
"id": "fc903f5d-a007-482b-928c-570da9a851f9",
"alterId": 0,
"email": "192.168.11.19@qq.com",
"security": "auto",
"encryption": "none",
"flow": "xtls-rprx-direct"
}
]
}
]
},
"streamSettings": {
"network": "tcp",
"security": "xtls",
"xtlsSettings": {
"serverName": "tencent-hk-11.17.107421.xyz",
"allowInsecure": true,
"rejectUnknownSni": false,
"alpn": [
"h2",
"http/1.1"
],
"minVersion": "1.2",
"maxVersion": "1.3"
},
"sockopt": {
"mark": 23
}
}
},
{
"tag": "block",
"protocol": "blackhole"
}
],
"routing": {
"domainStrategy": "IPIfNonMatch",
"rules": [
{
"type": "field",
"ip": [
"geoip:google",
"geoip:us",
"geoip:facebook",
"geoip:jp",
"geoip:facebook",
"geoip:telegram",
"geoip:twitter",
"1.1.1.1/32",
"1.0.0.1/32",
"8.8.8.8/32",
"8.8.4.4/32"
],
"domain": [
"github.com",
"youtube.com",
"geosite:gfw",
"geosite:greatfire",
"chatgpt.107421.xyz"
],
"outboundTag": "proxy"
},
{
"type": "field",
"ip": [
"223.5.5.5/32",
"119.29.29.29/32",
"180.76.76.76/32",
"114.114.114.114/32",
"geoip:cn",
"geoip:private"
],
"domain": [
"superwdd-my.sharepoint.com",
"sharepoint.com",
"geosite:apple-cn"
],
"outboundTag": "direct"
}
]
}
}

27
v2ray示例/旁路由-透明代理/HomeProxy/Xray-Config/自动更新路由规则.sh Normal file
View File

@@ -0,0 +1,27 @@
#!/bin/bash
LogPath=/var/log/xray/geoip_update.log
rm -rf /usr/local/share/xray/geosite.dat
rm -rf /usr/local/share/xray/geoip.dat
echo "current time is $(date), start to update geo ip for xray" >> $LogPath
curl --connect-timeout 5 -s -o /dev/null https://www.google.com
if [[ $? -eq 0 ]];then
echo "start to download from github !"
wget https://github.com/Loyalsoldier/v2ray-rules-dat/releases/latest/download/geosite.dat -O /usr/local/share/xray/geosite.dat
wget https://github.com/Loyalsoldier/v2ray-rules-dat/releases/latest/download/geoip.dat -O /usr/local/share/xray/geoip.dat
else
echo "start to download from jsdelivr !"
wget https://cdn.jsdelivr.net/gh/Loyalsoldier/v2ray-rules-dat@release/geosite.dat -O /usr/local/share/xray/geosite.dat
wget https://cdn.jsdelivr.net/gh/Loyalsoldier/v2ray-rules-dat@release/geoip.dat -O /usr/local/share/xray/geoip.dat
fi
echo "start to restrat xray !" >> $LogPath
systemctl restart xray

9
v2ray示例/旁路由-透明代理/HomeProxy/自建CoreDNS服务器/1-docker-redis-bitnami.sh Normal file
View File

@@ -0,0 +1,9 @@
#!/usr/bin/env bash
docker run \
-d \
--name redis \
-p 16379:6379 \
-e ALLOW_EMPTY_PASSWORD=yes \
bitnami/redis:6.2.7

72
v2ray示例/旁路由-透明代理/HomeProxy/自建CoreDNS服务器/2-CoreDNS Config Corefile.sh Normal file
View File

@@ -0,0 +1,72 @@
#!/usr/bin/env bash
cat > /etc/coredns/Corefile <<EOF
# https://coredns.io/plugins/cache/
(global_cache) {
cache {
# [5, 60]
success 65536 7200 900
# [1, 10]
denial 8192 600 60
prefetch 1 60m 10%
}
}
.:5353 {
ads {
default-lists
blacklist https://raw.githubusercontent.com/privacy-protection-tools/anti-AD/master/anti-ad-domains.txt
whitelist https://files.krnl.eu/whitelist.txt
log
auto-update-interval 24h
list-store ads-cache
}
errors
# health
# prometheus :9153
import global_cache
template ANY AAAA {
rcode NXDOMAIN
}
dnsredir accelerated-domains.china.conf google.china.conf apple.china.conf mydns.conf {
expire 15s
max_fails 3
health_check 3s
policy round_robin
path_reload 2s
to 223.5.5.5 119.29.29.29 114.114.114.114
no_ipv6
}
hosts {
fallthrough
}
dnsredir . {
expire 60s
max_fails 5
health_check 5s
policy random
spray
to tls://8.8.8.8@dns.google tls://8.8.4.4@dns.google
to tls://1.1.1.1:853 tls://1.0.0.1:853
# to tcp://8.8.8.8
# Global TLS server name
# tls_servername cloudflare-dns.com
}
log
loop
reload 6s
}
EOF

24
v2ray示例/旁路由-透明代理/HomeProxy/自建CoreDNS服务器/3-coredns-daemon-service.sh Normal file
View File

@@ -0,0 +1,24 @@
#!bin/bash
cat > /etc/systemd/system/coredns.service << EOF
[Unit]
Description=CoreDNS DNS - Custom Build Plugins server
Documentation=https://coredns.minidump.info/
After=network.target
[Service]
PermissionsStartOnly=true
LimitNOFILE=1048576
LimitNPROC=512
CapabilityBoundingSet=CAP_NET_BIND_SERVICE
AmbientCapabilities=CAP_NET_BIND_SERVICE
NoNewPrivileges=true
User=coredns
WorkingDirectory=~
ExecStart=/usr/local/bin/coredns -conf=/etc/coredns/Corefile
ExecReload=/bin/kill -SIGUSR1 $MAINPID
Restart=on-failure
[Install]
WantedBy=multi-user.target
EOF

16
v2ray示例/旁路由-透明代理/HomeProxy/自建CoreDNS服务器/3-update-coredns.sh Normal file
View File

@@ -0,0 +1,16 @@
#!/usr/bin/env bash
cat > /usr/local/bin/update_coredns.sh <<EOF
#!/bin/bash
cd /usr/local/etc/
rm accelerated-domains.china.conf
wget https://jsdelivr.icloudnative.io/gh/felixonmars/dnsmasq-china-list/accelerated-domains.china.conf -O /usr/local/etc/accelerated-domains.china.conf
rm apple.china.conf
wget https://jsdelivr.icloudnative.io/gh/felixonmars/dnsmasq-china-list/apple.china.conf -O /usr/local/etc/apple.china.conf
rm google.china.conf
wget https://jsdelivr.icloudnative.io/gh/felixonmars/dnsmasq-china-list/google.china.conf -O /usr/local/etc/google.china.conf
EOF
sudo chmod +x /usr/local/bin/update_coredns.sh

30
v2ray示例/旁路由-透明代理/HomeProxy/自建CoreDNS服务器/Corefile-GitHub Normal file
View File

@@ -0,0 +1,30 @@
.:5353 {
ads {
strict-default-lists
blacklist https://raw.githubusercontent.com/privacy-protection-tools/anti-AD/master/anti-ad-domains.txt
whitelist https://files.krnl.eu/whitelist.txt
log
auto-update-interval 48h
list-store ads-cache
}
hosts {
fallthrough
}
forward . tcp://8.8.8.8 127.0.0.1:53001 {
log
cache
redisc {
endpoint 16379
}
health
reload
}
.:53001 {
bind 127.0.0.1
forward . tls://1.1.1.1:853 {
tls_servername cloudflare-dns.com
}
cache
}

BIN
v2ray示例/旁路由-透明代理/HomeProxy/自建CoreDNS服务器/coredns-linux-amd64.zip Normal file
View File

Binary file not shown.