zeaslity/shell-scripts
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

first-commit

Browse Source
This commit is contained in:
zeaslity
2023-05-15 16:49:09 +08:00
commit 06cba6ca3c
816 changed files with 157018 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
.idea/.gitignore generated vendored Normal file
View File

@@ -0,0 +1,5 @@
# Default ignored files
/shelf/
/workspace.xml
# Editor-based HTTP Client requests
/httpRequests/

6
.idea/misc.xml generated Normal file
View File

@@ -0,0 +1,6 @@
<?xml version="1.0" encoding="UTF-8"?>
<project version="4">
<component name="ProjectRootManager" version="2" languageLevel="JDK_11" project-jdk-name="11" project-jdk-type="JavaSDK">
<output url="file://$PROJECT_DIR$/out" />
</component>
</project>

8
.idea/modules.xml generated Normal file
View File

@@ -0,0 +1,8 @@
<?xml version="1.0" encoding="UTF-8"?>
<project version="4">
<component name="ProjectModuleManager">
<modules>
<module fileurl="file://$PROJECT_DIR$/.idea/Shell.iml" filepath="$PROJECT_DIR$/.idea/Shell.iml" />
</modules>
</component>
</project>

6
.idea/vcs.xml generated Normal file
View File

@@ -0,0 +1,6 @@
<?xml version="1.0" encoding="UTF-8"?>
<project version="4">
<component name="VcsDirectoryMappings">
<mapping directory="" vcs="Git" />
</component>
</project>

4
.vscode/settings.json vendored Normal file
View File

@@ -0,0 +1,4 @@
{
"python.autoComplete.addBrackets": true,
"go.autocompleteUnimportedPackages": true
}

96
SQL学习/DDL操作集合.sql Normal file
View File

@@ -0,0 +1,96 @@
show DATABASES;
drop database nengdie;
create database nengdie;
show CREATE DATABASE nengdie;
use nengdie;
# can not rename database
# alter nengdie rename nengdie woshinibaba;
# delete a table
drop table user_info;
# create a table
create table user_info (
user_id TINYINT(3) PRIMARY KEY,
user_name VARCHAR(30) not null,
email_address VARCHAR(50),
age SMALLINT(4) not null,
gender VARCHAR(5) DEFAULT 'male'
);
# read all tables
show tables;
# read a table
describe user_info;
show create table user_info;
# modify a table
## change table name
alter table user_info rename user_information;
show tables;
alter table nengdie.user_information rename user_info;
show tables;
## add a column
alter table user_info add column favoriteID tinyint after age;
describe user_info;
## change column position
alter table user_info modify favoriteID smallint after gender;
## change column name
alter table user_info change favoriteID fav_id tinyint;
## modify column data format
alter table user_info modify gender varchar(10);
## delete a column
alter table user_info drop fav_id;
alter table user_info add fav_id tinyint after age;
## modify column CONSTRAINTS
alter table user_info modify user_id tinyint auto_increment;
# DML insert records into a table user_info
insert into user_info( nengdie.user_info.user_name, nengdie.user_info.email, nengdie.user_info.age, nengdie.user_info.gender)
values
('wangdada','zeaslity@qq.com',15,'male'),
('cxc','cxc@163.com',12,'male'),
('nengdie','nengdie@qq.com',30,'male'),
('hong','hong@qq.com',25,'female'),
('zeaslity','zeaslity@qq.com',18,'male'),
('zey','zety@qq.com',18,'male'),
('die','die@qq.com',15,'male');
SELECT * FROM user_info;
describe user_info;
describe fav_thing;
## 内连接,只输出符合限定条件的内容
select user_name,age,gender from user_info
inner join
fav_thing as t on user_id = t.fav_user_id
order by age;
## left outer join 左外连接 讲用户的喜好表 fav_thing与user表连接查看用户对应喜好的事情
select * from user_info
left join
fav_thing as t on user_id =t.fav_user_id
order by age;
## 全外连接
select *
from user_info
full join fav_thing;
# 交叉连接
select * from user_info
cross join fav_thing;

51
Untitled-1.sh Normal file
View File

@@ -0,0 +1,51 @@
#! /bin/bash
systemctl stop netclient
systemctl disable netclient
rm -rf /etc/systemd/system/netclient.service
rm -rf /etc/netclient/config
/usr/local/bin/k3s-uninstall.sh
/usr/local/bin/k3s-agent-uninstall.sh
apt remove -y wireguard wireguard-tools
rm -rf /root/k3s-install/
ifconfig wg0-oracle down
apt autoremove -y
ifconfig
systemctl stop systemd-resolved.service && systemctl disable systemd-resolved.service
systemctl stop netfilter-persistent.service && systemctl disable netfilter-persistent.service
rm /etc/resolv.conf
cat > /etc/resolv.conf<<EOF
nameserver 1.1.1.1
nameserver 1.0.0.1
nameserver 8.8.8.8
nameserver 8.8.4.4
nameserver 223.5.5.5
nameserver 114.114.114.114
EOF
ping google.com
## Ubuntu 18.04
curl -fsSL https://pkgs.tailscale.com/stable/ubuntu/bionic.gpg | sudo apt-key add -
curl -fsSL https://pkgs.tailscale.com/stable/ubuntu/bionic.list | sudo tee /etc/apt/sources.list.d/tailscale.list
sudo apt-get update
sudo apt-get install tailscale
systemctl enable --now tailscaled
tailscale up --login-server=http://tailscale.107421.xyz --accept-routes=false --accept-dns=false
headscale -n wdd-net nodes register --key
systemctl status tailscaled

165
nginx/addNginxProxy copy.sh Normal file
View File

@@ -0,0 +1,165 @@
#!/bin/bash
# 添加了端口占用的检测
# todo
# 对某一代理内容的删除
# 当运行时, 可以传入额外的参数
## ./runParams.sh [-h] [-c] [--remove] [-p proxy] [-f] [--version vx.y.z] [-l file]
#########color code#############
RED="31m" # Error message
GREEN="32m" # Success message
YELLOW="33m" # Warning message
BLUE="36m" # Info message
###############color echo func#################
colorEcho() {
echo -e "\033[${1}${@:2}\033[0m" 1>&2
}
Help() {
cat - 1>&2 <<EOF
本脚本的用法如下:
[-tcp t] <代理端口> <需要转发的IP> <需要转发的端口>
[-http] <反向代理域名> <代理端口> <反代的IP> <反代的端口>
[-h -help]
-tcp/t <代理端口>代表本机的端口 <需要转发的IP>代表反向代理的ip地址
<需要转发的端口>代表反向代理的端口
-http <反向代理域名>代表转发的url <代理端口>代表本机的端口
<反代的IP>代表反向代理的ip地址 <反代的端口>代表反向代理的端口
-h/help 打印本说明文档
例子:./addNginxProxy.sh -tcp 9500 192.168.1.248 80
即为将本地9500端口 转发至 192.168.1.248的80端口
EOF
}
checkPortInUse(){
# 如果端口被占用则返回错误
# 如果端口未占用则返回0
netstat -ntlp | awk '{print $4}' | cut -d ":" -f 2 | sed -n "3,+99999p"
if [[ `netstat -ntlp | awk '{print $4}' | cut -d ":" -f 2 | sed -n "3,+99999p" | grep -w ${FRONT_PROXY_PORT} &>/dev/null` -eq 0 ]]
then
colorEcho ${RED} "你想要使用的代理端口 ${FRONT_PROXY_PORT} 已被占用,请重新选用端口!!"
return 23
else
return 0
fi
}
addPortForward() {
#判断REVERSE_PROXY_IP是否符合IP的规格
#判断REVERSE_PROXY_PORT是否被占用
## 端口转发模板文件简单,直接写入此处!!
cat > /etc/nginx/conf.d/stream/${FRONT_PROXY_PORT}_${REVERSE_PROXY_IP}::${REVERSE_PROXY_PORT}.conf <<EOF
server {
listen ${FRONT_PROXY_PORT};
proxy_pass ${REVERSE_PROXY_IP}:${REVERSE_PROXY_PORT};
}
EOF
if [[ -a /etc/nginx/conf.d/stream/${FRONT_PROXY_PORT}_${REVERSE_PROXY_IP}::${REVERSE_PROXY_PORT}.conf ]]; then
colorEcho ${GREEN} "端口转发配置成功!!"
nginx -t && nginx -s reload
if [[ $? -eq 0 ]];then
LOCAL_INTERNAL_IP=$(ip addr show eth0 | grep 'inet ' | awk '{print $2}' | cut -f1 -d'/')
colorEcho ${GREEN} "nignx已成功重启"
colorEcho ${BLUE} "端口转发为: ${LOCAL_INTERNAL_IP}:${FRONT_PROXY_PORT} >>>> ${REVERSE_PROXY_IP}:${REVERSE_PROXY_PORT}"
else
colorEcho ${RED} "nginx重启失败请检查是否端口已被使用"
fi
else
colorEcho ${RED} "端口转发文件添加失败,请手动添加!!"
return 34
fi
return 0
}
addReverProxy() {
#判断REVERSE_PROXY_IP是否符合IP的规格
#判断REVERSE_PROXY_PORT是否被占用
# 读取反向代理的模板然后写入相应的特定反向代理文件
if [[ -a /etc/nginx/conf.d/reverse_proxy_demo ]]
then
cat > /etc/nginx/conf.d/${REVERSE_PROXY_SERVER_NAME}_${FRONT_PROXY_PORT}-${REVERSE_PROXY_IP}::${REVERSE_PROXY_PORT}.conf < /etc/nginx/conf.d/reverse_proxy_demo
else
colorEcho ${RED} "反向代理的模板文件丢失!!! 无法添加反向代理!"
return 45
fi
if [[ -a /etc/nginx/conf.d/${REVERSE_PROXY_SERVER_NAME}_${FRONT_PROXY_PORT}-${REVERSE_PROXY_IP}::${REVERSE_PROXY_PORT}.conf ]]; then
sed -i -e "s/\${REVERSE_PROXY_SERVER_NAME}/${REVERSE_PROXY_SERVER_NAME}/g" \
-e "s/\${FRONT_PROXY_PORT}/${FRONT_PROXY_PORT}/g" \
-e "s/\${REVERSE_PROXY_IP}/${REVERSE_PROXY_IP}/g" \
-e "s/\${REVERSE_PROXY_PORT}/${REVERSE_PROXY_PORT}/g" \
/etc/nginx/conf.d/${REVERSE_PROXY_SERVER_NAME}_${FRONT_PROXY_PORT}-${REVERSE_PROXY_IP}::${REVERSE_PROXY_PORT}.conf
colorEcho ${GREEN} "反向代理文件添加成功!!"
nginx -t && nginx -s reload
if [[ $? -eq 0 ]];then
colorEcho ${GREEN} "nignx已成功重启"
colorEcho ${BLUE} "反向代理为: ${REVERSE_PROXY_SERVER_NAME}:${FRONT_PROXY_PORT} >>>> ${REVERSE_PROXY_IP}:${REVERSE_PROXY_PORT}"
else
colorEcho ${RED} "nginx重启失败请检查是否端口已被使用"
fi
else
colorEcho ${RED} "反向代理配置文件添加失败,请手动添加!!"
return 34
fi
return 0
}
#########################
if [[ $# > 0 ]]
then
case "$1" in
-tcp | -t)
if [[ $# == 4 ]]; then
FRONT_PROXY_PORT="${2}"
REVERSE_PROXY_IP="${3}"
REVERSE_PROXY_PORT="${4}"
if [[ `checkPortInUse` -eq 0 ]]
then
addPortForward
else
return 23
fi
else
colorEcho ${RED} "输入的参数有误,请重新输入!"
return 123
fi
;;
-h | --help)
Help
;;
-http)
if [[ $# == 5 ]]; then
REVERSE_PROXY_SERVER_NAME="${2}"
FRONT_PROXY_PORT="${3}"
REVERSE_PROXY_IP="${4}"
REVERSE_PROXY_PORT="${5}"
if [[ `checkPortInUse -ne 0` ]]
then
addReverProxy
fi
else
colorEcho ${RED} "输入的参数有误,请重新输入!"
return 123
fi
;;
*)
# unknown option
colorEcho ${RED} "输入的参数不正确!"
Help
return 1
;;
esac
else
colorEcho ${BLUE} "请输入参数!!本脚本的用法如下!!"
Help
fi

128
nginx/addNginxProxy.sh Normal file
View File

@@ -0,0 +1,128 @@
#!/bin/bash
# 当运行时, 可以传入额外的参数
## ./runParams.sh [-h] [-c] [--remove] [-p proxy] [-f] [--version vx.y.z] [-l file]
#########color code#############
RED="31m" # Error message
GREEN="32m" # Success message
YELLOW="33m" # Warning message
BLUE="36m" # Info message
###############color echo func#################
colorEcho() {
echo -e "\033[${1}${@:2}\033[0m" 1>&2
}
Help() {
cat - 1>&2 <<EOF
./addNginxProxy.sh [-tcp t] <FRONT_PROXY_PORT> <REVERSE_PROXY_IP> <REVERSE_PROXY_PORT>
./addNginxProxy.sh [-http] <REVERSE_PROXY_SERVER_NAME> <FRONT_PROXY_PORT> <REVERSE_PROXY_IP> <REVERSE_PROXY_PORT>
./addNginxProxy.sh [-h -help]
-tcp/t <FRONT_PROXY_PORT>代表本机的端口 <REVERSE_PROXY_IP>代表反向代理的ip地址 <REVERSE_PROXY_PORT>代表反向代理的端口
-http <REVERSE_PROXY_SERVER_NAME>代表转发的url <REVERSE_PROXY_IP>代表反向代理的ip地址 <REVERSE_PROXY_PORT>代表反向代理的端口
-h/help 显示本说明
EOF
}
addPortForward() {
#判断FRONT_PROXY_PORT是否被占用
#判断REVERSE_PROXY_IP是否符合IP的规格
#判断REVERSE_PROXY_PORT是否被占用
## 端口转发模板文件简单,直接写入此处!!
cat > /etc/nginx/conf.d/stream/${FRONT_PROXY_PORT}_${REVERSE_PROXY_IP}::${REVERSE_PROXY_PORT}.conf <<EOF
server {
listen ${FRONT_PROXY_PORT};
proxy_pass ${REVERSE_PROXY_IP}:${REVERSE_PROXY_PORT};
}
EOF
if [[ -a /etc/nginx/conf.d/stream/${FRONT_PROXY_PORT}_${REVERSE_PROXY_IP}::${REVERSE_PROXY_PORT}.conf ]]; then
colorEcho ${GREEN} "端口转发配置成功!!"
nginx -t && nginx -s reload
if [[ $? -eq 0 ]];then
LOCAL_INTERNAL_IP=$(ip addr show eth0 | grep 'inet ' | awk '{print $2}' | cut -f1 -d'/')
colorEcho ${GREEN} "nignx已成功重启"
colorEcho ${BLUE} "端口转发为: ${LOCAL_INTERNAL_IP}:${FRONT_PROXY_PORT} >>>> ${REVERSE_PROXY_IP}:${REVERSE_PROXY_PORT}"
else
colorEcho ${RED} "nginx重启失败请检查是否端口已被使用"
fi
else
colorEcho ${RED} "端口转发文件添加失败,请手动添加!!"
return 34
fi
return 0
}
addReverProxy() {
#判断FRONT_PROXY_PORT是否被占用
#判断REVERSE_PROXY_IP是否符合IP的规格
#判断REVERSE_PROXY_PORT是否被占用
# 读取反向代理的模板然后写入相应的特定反向代理文件
if [[ -a /etc/nginx/conf.d/reverse_proxy_demo ]]
then
cat > /etc/nginx/conf.d/${REVERSE_PROXY_SERVER_NAME}_${FRONT_PROXY_PORT}-${REVERSE_PROXY_IP}::${REVERSE_PROXY_PORT}.conf < /etc/nginx/conf.d/reverse_proxy_demo
else
colorEcho ${RED} "反向代理的模板文件丢失!!! 无法添加反向代理!"
return 45
fi
if [[ -a /etc/nginx/conf.d/${REVERSE_PROXY_SERVER_NAME}_${FRONT_PROXY_PORT}-${REVERSE_PROXY_IP}::${REVERSE_PROXY_PORT}.conf ]]; then
sed -i -e "s/\${REVERSE_PROXY_SERVER_NAME}/${REVERSE_PROXY_SERVER_NAME}/g" \
-e "s/\${FRONT_PROXY_PORT}/${FRONT_PROXY_PORT}/g" \
-e "s/\${REVERSE_PROXY_IP}/${REVERSE_PROXY_IP}/g" \
-e "s/\${REVERSE_PROXY_PORT}/${REVERSE_PROXY_PORT}/g" \
/etc/nginx/conf.d/${REVERSE_PROXY_SERVER_NAME}_${FRONT_PROXY_PORT}-${REVERSE_PROXY_IP}::${REVERSE_PROXY_PORT}.conf
colorEcho ${GREEN} "反向代理文件添加成功!!"
nginx -t && nginx -s reload
if [[ $? -eq 0 ]];then
colorEcho ${GREEN} "nignx已成功重启"
colorEcho ${BLUE} "反向代理为: ${REVERSE_PROXY_SERVER_NAME}:${FRONT_PROXY_PORT} >>>> ${REVERSE_PROXY_IP}:${REVERSE_PROXY_PORT}"
else
colorEcho ${RED} "nginx重启失败请检查是否端口已被使用"
fi
else
colorEcho ${RED} "反向代理配置文件添加失败,请手动添加!!"
return 34
fi
return 0
}
#########################
if [[ $# > 0 ]]
then
case "$1" in
-tcp | -t)
if [[ $# == 4 ]]; then
FRONT_PROXY_PORT="${2}"
REVERSE_PROXY_IP="${3}"
REVERSE_PROXY_PORT="${4}"
addPortForward
else
colorEcho ${RED} "输入的参数有误,请重新输入!"
return 123
fi
;;
-h | --help)
Help
;;
-http)
if [[ $# == 5 ]]; then
REVERSE_PROXY_SERVER_NAME="${2}"
FRONT_PROXY_PORT="${3}"
REVERSE_PROXY_IP="${4}"
REVERSE_PROXY_PORT="${5}"
addReverProxy
else
colorEcho ${RED} "输入的参数有误,请重新输入!"
return 123
fi
;;
*)
# unknown option
colorEcho ${RED} "输入的参数不正确!"
Help
return 1
;;
esac
fi

94
nginx/nginx-alpine-offical.dockerfile Normal file
View File

@@ -0,0 +1,94 @@
ADD file:46ad43b4984bcf49c5a888ff3628f23161f55cd1fb062f469e707100c97fa254 in /
CMD ["/bin/sh"]
LABEL maintainer=NGINX Docker Maintainers <docker-maint@nginx.com>
ENV NGINX_VERSION=1.19.4
ENV NJS_VERSION=0.4.4
ENV PKG_RELEASE=1
RUN /bin/sh -c set -x \
&& addgroup -g 101 -S nginx \
&& adduser -S -D -H -u 101 -h /var/cache/nginx -s /sbin/nologin -G nginx -g nginx nginx \
&& apkArch="$(cat /etc/apk/arch)" \
&& nginxPackages=" \
nginx=${NGINX_VERSION}-r${PKG_RELEASE} \
nginx-module-xslt=${NGINX_VERSION}-r${PKG_RELEASE} \
nginx-module-geoip=${NGINX_VERSION}-r${PKG_RELEASE} \
nginx-module-image-filter=${NGINX_VERSION}-r${PKG_RELEASE} \
nginx-module-njs=${NGINX_VERSION}.${NJS_VERSION}-r${PKG_RELEASE} " \
&& case "$apkArch" in x86_64) set -x \
&& KEY_SHA512="e7fa8303923d9b95db37a77ad46c68fd4755ff935d0a534d26eba83de193c76166c68bfe7f65471bf8881004ef4aa6df3e34689c305662750c0172fca5d8552a *stdin" \
&& apk add --no-cache --virtual .cert-deps openssl \
&& wget -O /tmp/nginx_signing.rsa.pub https://nginx.org/keys/nginx_signing.rsa.pub \
&& if [ "$(openssl rsa -pubin -in /tmp/nginx_signing.rsa.pub -text -noout | openssl sha512 -r)" = "$KEY_SHA512" ]; then\
echo "key verification succeeded!"; \
mv /tmp/nginx_signing.rsa.pub /etc/apk/keys/; \
else \
echo "key verification failed!"; \
exit 1; \
fi \
&& apk del .cert-deps \
&& apk add -X "https://nginx.org/packages/mainline/alpine/v$(egrep -o '^[0-9]+\.[0-9]+' /etc/alpine-release)/main" --no-cache $nginxPackages ;; *) set -x \
&& tempDir="$(mktemp -d)" \
&& chown nobody:nobody $tempDir \
&& apk add --no-cache --virtual .build-deps\
gcc \
libc-dev \
make \
openssl-dev \
pcre-dev \
zlib-dev \
linux-headers \
libxslt-dev \
gd-dev \
geoip-dev \
perl-dev \
libedit-dev \
mercurial \
bash \
alpine-sdk \
findutils \
&& su nobody -s /bin/sh -c "\
export HOME=${tempDir}\
&& cd ${tempDir}\
&& hg clone https://hg.nginx.org/pkg-oss\
&& cd pkg-oss\
&& hg up ${NGINX_VERSION}-${PKG_RELEASE}\
&& cd alpine\
&& make all\
&& apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk\
&& abuild-sign -k ${tempDir}/.abuild/abuild-key.rsa ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz\
"\
&& cp ${tempDir}/.abuild/abuild-key.rsa.pub /etc/apk/keys/ \
&& apk del .build-deps \
&& apk add -X ${tempDir}/packages/alpine/ --no-cache $nginxPackages \
;; \
esac \
&& if [ -n "$tempDir" ]; then rm -rf "$tempDir"; fi \
&& if [ -n "/etc/apk/keys/abuild-key.rsa.pub" ]; then \
rm -f /etc/apk/keys/abuild-key.rsa.pub; fi \
&& if [ -n "/etc/apk/keys/nginx_signing.rsa.pub" ]; \
then rm -f /etc/apk/keys/nginx_signing.rsa.pub; fi \
&& apk add --no-cache --virtual .gettext gettext \
&& mv /usr/bin/envsubst /tmp/ \
&& runDeps="$( scanelf --needed --nobanner /tmp/envsubst | awk '{ gsub(/,/, "\nso:", $2); print "so:" $2 }' | sort -u | xargs -r apk info --installed | sort -u )" \
&& apk add --no-cache $runDeps && apk del .gettext \
&& mv /tmp/envsubst /usr/local/bin/ \
&& apk add --no-cache tzdata \
&& apk add --no-cache curl ca-certificates \
&& ln -sf /dev/stdout /var/log/nginx/access.log \
&& ln -sf /dev/stderr /var/log/nginx/error.log \
&& mkdir /docker-entrypoint.d
COPY file:e7e183879c35719c18aa7f733651029fbcc55f5d8c22a877ae199b389425789e in /
COPY file:13577a83b18ff90a0f97a15cd6380790a5f5288c651fa08708ff64d3f1595861 in /docker-entrypoint.d
COPY file:0fd5fca330dcd6a7de297435e32af634f29f7132ed0550d342cad9fd20158258 in /docker-entrypoint.d
ENTRYPOINT ["/docker-entrypoint.sh"]
EXPOSE 80
STOPSIGNAL SIGTERM
CMD ["nginx" "-g" "daemon off;"]

49
nginx/nginx的默认配置文件.conf Normal file
View File

@@ -0,0 +1,49 @@
user nginx;
pid /var/run/nginx.pid;
worker_processes auto;
worker_rlimit_nofile 65535;
events {
multi_accept on;
worker_connections 65535;
}
http {
charset utf-8;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
server_tokens off;
log_not_found off;
types_hash_max_size 2048;
client_max_body_size 16M;
# MIME
include mime.types;
default_type application/octet-stream;
# Logging
log_format log_json '{'
'"remote_addr": "$remote_addr", '
'"ident": "-", '
'"user": "$remote_user", '
'"timestamp": "$time_local", '
'"request": "$request", '
'"status": $status, '
'"bytes": $body_bytes_sent, '
'"referer": "$http_referer", '
'"agent": "$http_user_agent", '
'"x_forwarded": "$http_x_forwarded_for"'
' }';
access_log /var/log/nginx/access.log log_json;
error_log /var/log/nginx/error.log warn;
# reverse proxy/server configs
include /etc/nginx/conf.d/*.conf;
}
# port forward configs
stream{
include /etc/nginx/conf.d/stream/*.conf;
}

37
nginx/反向代理模板.conf Normal file
View File

@@ -0,0 +1,37 @@
server {
# ${REVERSE_PROXY_SERVER_NAME}
listen ${FRONT_PROXY_PORT};
server_name ${REVERSE_PROXY_SERVER_NAME};
# security headers
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-XSS-Protection "1; mode=block" always;
add_header X-Content-Type-Options "nosniff" always;
add_header Referrer-Policy "no-referrer-when-downgrade" always;
add_header Content-Security-Policy "default-src 'self' http: https: data: blob: 'unsafe-inline'" always;
# logging
access_log /var/log/nginx/${REVERSE_PROXY_SERVER_NAME}.access.log;
error_log /var/log/nginx/${REVERSE_PROXY_SERVER_NAME}.error.log warn;
# reverse proxy
location / {
proxy_pass http://${REVERSE_PROXY_IP}:${REVERSE_PROXY_PORT};
proxy_cache_bypass $http_upgrade;
# Proxy headers
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Port $server_port;
# Proxy timeouts
proxy_connect_timeout 60s;
proxy_send_timeout 60s;
proxy_read_timeout 60s;
}
}

4
nginx/端口转发模板.conf Normal file
View File

@@ -0,0 +1,4 @@
server {
listen ${FRONT_PROXY_PORT};
proxy_pass ${REVERSE_PROXY_IP}:${REVERSE_PROXY_PORT};
}

141
nginx/编译安装nginx.sh Normal file
View File

@@ -0,0 +1,141 @@
#!/bin/bash
nginx_version="nginx-1.19.4"
openssl_version="openssl-openssl-3.0.0-alpha8"
nginx_prefix="/etc/nginx"
nginx_config="${nginx_prefix}/conf.d/"
nginx_is_installed=""
#判断是否已经安装
check_is_installed(){
if [ -d $nginx_config ]; then
nginx_is_installed=1
else
nginx_is_installed=0
fi
}
remove_nginx(){
systemctl stop nginx
${nginx_prefix}/sbin/nginx -s stop
pkill -9 nginx
systemctl disable nginx
rm -rf /etc/systemd/system/nginx.service
systemctl daemon-reload
rm -rf ${nginx_prefix}
}
#安装nignx
install_nginx()
{
green "正在编译和安装nginx。。。。"
if ! wget -O ${nginx_version}.tar.gz https://nginx.org/download/${nginx_version}.tar.gz; then
red "获取nginx失败"
yellow "按回车键继续或者按ctrl+c终止"
read -s
fi
tar -zxf ${nginx_version}.tar.gz
if ! wget -O ${openssl_version}.tar.gz https://github.com/openssl/openssl/archive/${openssl_version#*-}.tar.gz; then
red "获取openssl失败"
yellow "按回车键继续或者按ctrl+c终止"
read -s
fi
tar -zxf ${openssl_version}.tar.gz
cd ${nginx_version}
sed -i "s/OPTIMIZE[ \t]*=>[ \t]*'-O'/OPTIMIZE => '-O3'/g" src/http/modules/perl/Makefile.PL
./configure \
--prefix=${nginx_prefix} \
--with-openssl=../$openssl_version \
--with-openssl-opt="enable-ec_nistp_64_gcc_128 shared threads zlib-dynamic sctp" \
--with-mail=dynamic \
--with-mail_ssl_module \
--with-stream=dynamic \
--with-stream_ssl_module \
--with-stream_realip_module \
--with-stream_geoip_module=dynamic \
--with-stream_ssl_preread_module \
--with-http_ssl_module \
--with-http_v2_module \
--with-http_realip_module \
--with-http_addition_module \
--with-http_xslt_module=dynamic \
--with-http_image_filter_module=dynamic \
--with-http_geoip_module=dynamic \
--with-http_sub_module \
--with-http_dav_module \
--with-http_flv_module \
--with-http_mp4_module \
--with-http_gunzip_module \
--with-http_gzip_static_module \
--with-http_auth_request_module \
--with-http_random_index_module \
--with-http_secure_link_module \
--with-http_degradation_module \
--with-http_slice_module \
--with-http_stub_status_module \
--with-http_perl_module=dynamic \
--with-pcre \
--with-libatomic \
--with-compat \
--with-cpp_test_module \
--with-google_perftools_module \
--with-file-aio \
--with-threads \
--with-poll_module \
--with-select_module \
--with-cc-opt="-Wno-error -g0 -O3"
# 详细的 nginx-module说明https://docs.nginx.com/nginx/admin-guide/installing-nginx/installing-nginx-open-source/#dependencies
if ! make; then
red "nginx编译失败"
yellow "请尝试更换系统建议使用Ubuntu最新版系统"
exit 1
fi
remove_nginx
make install
cd ..
}
config_service_nginx(){
systemctl disable nginx
rm -rf /etc/systemd/system/nginx.service
cat > /etc/systemd/system/nginx.service << EOF
[Unit]
Description=The NGINX HTTP and reverse proxy server
After=syslog.target network-online.target remote-fs.target nss-lookup.target
Wants=network-online.target
[Service]
Type=forking
User=root
ExecStartPre=/bin/rm -rf /dev/shm/nginx_unixsocket
ExecStartPre=/bin/mkdir /dev/shm/nginx_unixsocket
ExecStartPre=/bin/chmod 711 /dev/shm/nginx_unixsocket
ExecStartPre=/bin/rm -rf /dev/shm/nginx_tcmalloc
ExecStartPre=/bin/mkdir /dev/shm/nginx_tcmalloc
ExecStartPre=/bin/chmod 0777 /dev/shm/nginx_tcmalloc
ExecStart=${nginx_prefix}/sbin/nginx
ExecStop=${nginx_prefix}/sbin/nginx -s stop
ExecStopPost=/bin/rm -rf /dev/shm/nginx_tcmalloc
ExecStopPost=/bin/rm -rf /dev/shm/nginx_unixsocket
PrivateTmp=true
[Install]
WantedBy=multi-user.target
EOF
chmod 0644 /etc/systemd/system/nginx.service
systemctl daemon-reload
systemctl enable nginx
}
main(){
## 检查nginx是否已经安装
}
main

10
removeSeafile.sh Normal file
View File

@@ -0,0 +1,10 @@
#!/bin/bash
rm -rf /root/.my.conf
rm -rf /opt/seafile.my.cnf
rm -rf /opt/seafile/*
pkill -9 -u seafile
userdel seafile

8
shell-scripts.iml Normal file
View File

@@ -0,0 +1,8 @@
<?xml version="1.0" encoding="UTF-8"?>
<module type="GENERAL_MODULE" version="4">
<component name="NewModuleRootManager" inherit-compiler-output="true">
<exclude-output />
<content url="file://$MODULE_DIR$" />
<orderEntry type="sourceFolder" forTests="false" />
</component>
</module>

172
temp.sh Normal file
View File

@@ -0,0 +1,172 @@
#!/bin/bash
ip_list=($(cat ip.txt))
single_ip=()
for ip in ${ip_list[@]}
do
Rrst=$(echo ${single_ip[@]} | grep -q $ip)
if [[ $Rrst -ne 0 ]]
then
single_ip+=($ip)
fi
done
for ip in ${single_ip[@]}
do
timss=$(cat ip.txt | grep -l $ip)
echo "$ip 访问的次数为 $timss"
done
if [[ ${linuxRelease} = "ubuntu" ]] ;then echo yes;else echo no;fi
mv /etc/yum.repos.d/bak/* /etc/yum.repos.d/
rm -rf /etc/yum.repos.d/bak /etc/yum.repos.d/elrepo.repo
yum clean call
yum makecache
cd /root/linux-init
./custom-init.sh
OLD_MYSQL=(mysql MySQL mariadb)
for item in ${OLD_MYSQL[@]}
do
rpm -qa | grep ${item}
done
mysql
root@localhost
v2ryStr@ngPa.ss
sed -i "/skip-grant-tables/ d" /etc/my.cnf
docker run \
-u root \
-d \
-p 8080:8080 \
-p 50000:50000 \
-v /root/jenkins-data:/var/jenkins_home \
-v /var/run/docker.sock:/var/run/docker.sock \
jenkinsci/blueocean
gitee all_access_token
47c3f65b7d7539a90f016362a9082ff9
if [[ ${LinuxReleaseVersion} == "centos" ]];then echo "yes";else echo "no";fi
kk logs -n kube-ops ${$(kk -n kube-ops get pods | grep jenkins-work-slave| awk '{print$1}')[@]}
hostnamectl set-hostname tourism-worker-node-1
echo "192.168.12.53 aiboxhb.cdcyy.cn" >>/etc/hosts
heketi-cli --server http://tourism-glusterfs-storage-1:8080 --user admin --secret aCs1dGnaloa8Sadd cluster list
heketi-cli topology load --user admin --secret aCs1dGnaloa8Sadd --json=/etc/heketi/topology.json
FileName="maven-repository"
for i in /home/gfs-data /opt/gfs-data /data/gfs-data ; do
ls $i | grep -qw ${FileName}
if [[ $? -eq 0 ]]; then
echo $i
cd $i
ls $i
fi
done
echo "export JAVA_HOME=/opt/java/openjdk/" >>/etc/profile
echo "export MAVEN_HOME=/usr/local/maven3" >>/etc/profile
echo "export PATH=${PATH}:${JAVA_HOME}/bin:${MAVEN_HOME}/bin" >>/etc/profile
ln -s /usr/local/maven3/bin/mvn /usr/bin/mvn
keadm init --advertise-address=192.168.35.24 --kubeedge-version=1.3.1 --kube-config=/root/.kube/config
echo "151.101.108.133 raw.githubusercontent.com" >>/etc/hosts
LinuxReleaseVersion="ubuntu"
if [ $LinuxReleaseVersion = "ubuntu" ]; then
echo yes
else
echo no
fi
SSHLoginPort=22333
sed -i "/^#Port 22/a Port ${SSHLoginPort}" /etc/ssh/sshd_config
#!/bin/bash
# 判断命令是否存在
command_exists() {
command -v "$@" >/dev/null 2>&1
}
# 获取服务器的IP地址
get_server_ip() {
local server_ip=""
local Network_Manage_Tool=""
if command_exists ip; then
Network_Manage_Tool="$(ip addr)"
elif command_exists ifconfig; then
Network_Manage_Tool="$(ifconfig)"
fi
server_ip=$(echo "$Network_Manage_Tool" | \
grep -oE "[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}" | \
grep -vE "^192\.168|^172\.1[6-9]\.|^172\.2[0-9]\.|^172\.3[0-2]\.|^10\.|^127\.|^255\.|^0\." | \
head -n 1)
# 自动获取失败时,通过网站提供的 API 获取外网地址
if [ -z "$server_ip" ]; then
server_ip="$(wget -qO- --no-check-certificate https://ipv4.icanhazip.com)"
fi
echo "$server_ip"
}
get_server_ip
for i in {3..1..-1}
do
echo "倒计时开始-- $i s --准备切换shell上文的日志输出将会消失"
sleep 1
done
for namespace in $(kubectl get ns | awk '{print $1}' | grep -v "NAME")
do
echo $namespace
kubectl get pods -n $namespace | grep Evicted |awk '{print $1}' |xargs kubectl -n $namespace delete pod --force
done
echo "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDF7nRu6T9xj8qQzU8EtDFq4NXpgOPIF1CVFID5yhE+VHuXi+ZgaUa7ZSRBIod3I2wRh0HrmzH+cvlvDHmSZtyzxo8JDUkvJbdU037plMp9b0rB0OkVYL60lNRaEs6H4JTydxb9yQvi70GRv+UEz6wu/Xql3gexdLuNoHMbuPjkht3DLeufOws9CfZod70CT/zGHqTWLfSkvxIc5MFJhSo70jO1S7ADRri/2u4JXfFPTqRDdZ2PCPa/4CVFp3JA/ITjgk+HalQ/e+S46DQu7kY8aea4Mjqe6XQXrbISQ/wuBUqu2qF0TV23UWwjqdZlhSwGGiCikd/RiAjEOo2+NuOr root@rke-master" \
>> ~/.ssh/authorized_keys
PrivateServerIPs=(10.170.0.8)
DOCKER_VERSION=19.03.8
for ip in ${PrivateServerIPs[@]}
do
echo "正在将Docker的离线安装包分发至主机 ${ip} 上……"
scp -r /tmp/docker-${DOCKER_VERSION} root@$ip:/tmp/docker-${DOCKER_VERSION}
echo "Docker离线安装包已经分发完成"
echo "----------------------------------------------------------"
done
mkdir rancher
cd rancher/
vim 0.0-extend-disk.sh
chmod +x 0.0-extend-disk.sh
./0.0-extend-disk.sh
umount /var
sed -i "s/\/var/\/var\/lib\/docker/g" /etc/fstab
mount -a
sed -i "s/\/data/\/var\/lib\/docker/g" /etc/fstab

20
tmp.yaml Normal file
View File

@@ -0,0 +1,20 @@
kind: ConfigMap
apiVersion: v1
metadata:
name: tenant-prefix-security-application
namespace: uavcloud-test
labels:
app.kubernetes.io/managed-by: Helm
annotations:
meta.helm.sh/release-name: uavcloud-ingress-core
meta.helm.sh/release-namespace: uavcloud-test
data:
ingress-config.js: |-
// 从ConfigMap中注入
// injected from ConfigMap
var __GlobalIngressConfig = {
TenantEnvironment: "integration",
CloudHOST: "lab.uavcmlc.com",
ApplicationShortName: "security",
AppClientId: "APP_kVuQY0pNTxgE6KBd"
}

896
v2ray示例/Clash/clash-config.yaml Normal file
View File

@@ -0,0 +1,896 @@
#---------------------------------------------------#
## 更新2022-09-28 09:02:50
## 感谢https://github.com/Hackl0us/SS-Rule-Snippet
## 链接https://link.oness.xyz/link/0fHPiayjsMIn6BUC?clash=1
#---------------------------------------------------#
# HTTP 代理端口
port: 7890
# SOCKS5 代理端口
socks-port: 7891
# Linux 和 macOS 的 redir 代理端口
redir-port: 7892
# 允许局域网的连接
allow-lan: true
# 规则模式Rule规则 / Global全局代理/ Direct全局直连
mode: Rule
# 设置日志输出级别 (默认级别silent即不输出任何内容以避免因日志内容过大而导致程序内存溢出
# 5 个级别silent / info / warning / error / debug。级别越高日志输出量越大越倾向于调试若需要请自行开启。
log-level: info
# Clash 的 RESTful API
external-controller: '0.0.0.0:9090'
# RESTful API 的口令
secret: ''
# 您可以将静态网页资源(如 clash-dashboard放置在一个目录中clash 将会服务于 `RESTful API/ui`
# 参数应填写配置目录的相对路径或绝对路径。
# external-ui: folder
proxies:
# vmess
# cipher support auto/aes-128-gcm/chacha20-poly1305/none
- name: "Tencent-Shanghai-Relay"
type: vmess
server: 42.192.52.227
port: 19999
uuid: 7318178c-5583-40dd-996c-a0add1f8fc1e
alterId: 0
cipher: auto
# udp: true
tls: false
skip-cert-verify: true
# servername: example.com # priority over wss host
network: http
http-opts:
host:
path:
- /v2ice-vmess-tcp-seoul
# headers:
# Host: v2ray.com
# max-early-data: 2048
# early-data-header-name: Sec-WebSocket-Protocol
proxy-groups:
- name: Proxy
type: select
# disable-udp: true
proxies:
- Tencent-Shanghai-Relay
- name: Direct
type: select
proxies:
- DIRECT
- name: Domestic
type: select
proxies:
- DIRECT
- Proxy
- name: Others
type: select
proxies:
- Proxy
- DIRECT
# 规则
rules:
# anti-ads
- DOMAIN-KEYWORD,adservice,REJECT
- DOMAIN-SUFFIX,adcolony.com,REJECT
- DOMAIN-SUFFIX,adinall.com,REJECT
- DOMAIN-SUFFIX,admaster.com.cn,REJECT
- DOMAIN-SUFFIX,admob.com,REJECT
- DOMAIN-SUFFIX,adnxs.com,REJECT
- DOMAIN-SUFFIX,adnyg.com,REJECT
- DOMAIN-SUFFIX,adsensor.org,REJECT
- DOMAIN-SUFFIX,adsymptotic.com,REJECT
- DOMAIN-SUFFIX,adthor.com,REJECT
- DOMAIN-SUFFIX,adwhirl.com,REJECT
- DOMAIN-SUFFIX,amazon-adsystem.com,REJECT
- DOMAIN-SUFFIX,amobee.com,REJECT
- DOMAIN-SUFFIX,app-adforce.jp,REJECT
- DOMAIN-SUFFIX,appads.com,REJECT
- DOMAIN-SUFFIX,appcpi.net,REJECT
- DOMAIN-SUFFIX,appier.net,REJECT
- DOMAIN-SUFFIX,applift.com,REJECT
- DOMAIN-SUFFIX,applovin.com,REJECT
- DOMAIN-SUFFIX,applvn.com,REJECT
- DOMAIN-SUFFIX,apsalar.com,REJECT
- DOMAIN-SUFFIX,apxadtracking.net,REJECT
- DOMAIN-SUFFIX,axonix.com,REJECT
- DOMAIN-SUFFIX,bayimob.com,REJECT
- DOMAIN-SUFFIX,bjvvqu.cn,REJECT
- DOMAIN-SUFFIX,bulldogcpi.com,REJECT
- DOMAIN-SUFFIX,clotfun.mobi,REJECT
- DOMAIN-SUFFIX,clotfun.online,REJECT
- DOMAIN-SUFFIX,cloudmobi.net,REJECT
- DOMAIN-SUFFIX,crwdcntrl.net,REJECT
- DOMAIN-SUFFIX,ctrmi.com,REJECT
- DOMAIN-SUFFIX,exosrv.com,REJECT
- DOMAIN-SUFFIX,go2cloud.org,REJECT
- DOMAIN-SUFFIX,growingio.com,REJECT
- DOMAIN-SUFFIX,haloapps.com,REJECT
- DOMAIN-SUFFIX,hypers.com,REJECT
- DOMAIN-SUFFIX,idealads.net,REJECT
- DOMAIN-SUFFIX,inmobi.cn,REJECT
- DOMAIN-SUFFIX,inmobi.com,REJECT
- DOMAIN-SUFFIX,inmobi.net,REJECT
- DOMAIN-SUFFIX,inmobicdn.cn,REJECT
- DOMAIN-SUFFIX,inmobicdn.net,REJECT
- DOMAIN-SUFFIX,inner-active.mobi,REJECT
- DOMAIN-SUFFIX,insurads.com,REJECT
- DOMAIN-SUFFIX,ironsrc.com,REJECT
- DOMAIN-SUFFIX,irs01.com,REJECT
- DOMAIN-SUFFIX,iskyworker.com,REJECT
- DOMAIN-SUFFIX,juicyads.com,REJECT
- DOMAIN-SUFFIX,kochava.com,REJECT
- DOMAIN-SUFFIX,leadboltmobile.net,REJECT
- DOMAIN-SUFFIX,lenzmx.com,REJECT
- DOMAIN-SUFFIX,liveadvert.com,REJECT
- DOMAIN-SUFFIX,lnk0.com,REJECT
- DOMAIN-SUFFIX,lnk8.cn,REJECT
- DOMAIN-SUFFIX,localytics.com,REJECT
- DOMAIN-SUFFIX,mdfull.com,REJECT
- DOMAIN-SUFFIX,measurementapi.com,REJECT
- DOMAIN-SUFFIX,medialytics.com,REJECT
- DOMAIN-SUFFIX,meetrics.com,REJECT
- DOMAIN-SUFFIX,meetrics.net,REJECT
- DOMAIN-SUFFIX,miaozhen.com,REJECT
- DOMAIN-SUFFIX,mmstat.com,REJECT
- DOMAIN-SUFFIX,moatads.com,REJECT
- DOMAIN-SUFFIX,mobclix.com,REJECT
- DOMAIN-SUFFIX,mopub.com,REJECT
- DOMAIN-SUFFIX,okjhb.xyz,REJECT
- DOMAIN-SUFFIX,openx.net,REJECT
- DOMAIN-SUFFIX,outbrain.com,REJECT
- DOMAIN-SUFFIX,pubmatic.com,REJECT
- DOMAIN-SUFFIX,qchannel01.cn,REJECT
- DOMAIN-SUFFIX,rayjump.com,REJECT
- DOMAIN-SUFFIX,rtbasia.com,REJECT
- DOMAIN-SUFFIX,rubiconproject.com,REJECT
- DOMAIN-SUFFIX,scorecardresearch.com,REJECT
- DOMAIN-SUFFIX,sdkclick.com,REJECT
- DOMAIN-SUFFIX,shuzilm.cn,REJECT
- DOMAIN-SUFFIX,smaato.net,REJECT
- DOMAIN-SUFFIX,smartadserver.com,REJECT
- DOMAIN-SUFFIX,smartnews-ads.com,REJECT
- DOMAIN-SUFFIX,supersonic.com,REJECT
- DOMAIN-SUFFIX,supersonicads.com,REJECT
- DOMAIN-SUFFIX,tagtic.cn,REJECT
- DOMAIN-SUFFIX,tanv.com,REJECT
- DOMAIN-SUFFIX,tanx.com,REJECT
- DOMAIN-SUFFIX,tapjoy.com,REJECT
- DOMAIN-SUFFIX,trafficjunky.net,REJECT
- DOMAIN-SUFFIX,turn.com,REJECT
- DOMAIN-SUFFIX,uri6.com,REJECT
- DOMAIN-SUFFIX,vidoomy.com,REJECT
- DOMAIN-SUFFIX,vungle.com,REJECT
- DOMAIN-SUFFIX,wedolook.com,REJECT
- DOMAIN-SUFFIX,xdrig.com,REJECT
- DOMAIN-SUFFIX,yumimobi.com,REJECT
- DOMAIN-SUFFIX,zu08e.cn,REJECT
- DOMAIN-SUFFIX,ad.cmvideo.cn,REJECT
- DOMAIN-SUFFIX,ad.daum.net,REJECT
- DOMAIN,abema-adx.ameba.jp,REJECT
- DOMAIN,ad.12306.cn,REJECT
- DOMAIN,ad.360in.com,REJECT
- DOMAIN,ad.51wnl-cq.com,REJECT
- DOMAIN,ad.caiyunapp.com,REJECT
- DOMAIN,ad.huajiao.com,REJECT
- DOMAIN,ad.hzyoka.com,REJECT
- DOMAIN,ad.jiemian.com,REJECT
- DOMAIN,ad.qingting.fm,REJECT
- DOMAIN,ad.wappalyzer.com,REJECT
- DOMAIN,ad-cn.jovcloud.com,REJECT
- DOMAIN,adextra.51wnl-cq.com,REJECT
- DOMAIN,api.adnet.mob.com,REJECT
- DOMAIN,ads.adadapted.com,REJECT
- DOMAIN,ads.chinadaily.com.cn,REJECT
- DOMAIN,ads.daydaycook.com.cn,REJECT
- DOMAIN,ads.weilitoutiao.net,REJECT
- DOMAIN,adsapi.manhuaren.com,REJECT
- DOMAIN,adsdk.dmzj.com,REJECT
- DOMAIN,adserver.pandora.com,REJECT
- DOMAIN,adshow.58.com,REJECT
- DOMAIN,adui.tg.meitu.com,REJECT
- DOMAIN,adv.bandi.so,REJECT
- DOMAIN,app-ad.variflight.com,REJECT
- DOMAIN,appnext.hs.llnwd.net,REJECT
- DOMAIN,appnext-a.akamaihd.net,REJECT
- DOMAIN,ggs.myzaker.com,REJECT
- DOMAIN,itad.linetv.tw,REJECT
- DOMAIN,ja.chushou.tv,REJECT
- DOMAIN,mads.suning.com,REJECT
- DOMAIN,mobileads.msn.com,REJECT
- DOMAIN,mopnativeadv.037201.com,REJECT
- DOMAIN,nativeadv.dftoutiao.com,REJECT
- DOMAIN-SUFFIX,iadsdk.apple.com,REJECT
- DOMAIN-SUFFIX,ads.internal.unity3d.com,REJECT
- DOMAIN-SUFFIX,ads.prd.ie.internal.unity3d.com,REJECT
- DOMAIN-SUFFIX,unityads.unity3d.com,REJECT
- DOMAIN,optimus-ads.amap.com,REJECT
- DOMAIN,optimus-ads.amap.com.w.alikunlun.com,REJECT
- DOMAIN,tunion-api.m.taobao.com,REJECT
- DOMAIN,adproxy.autohome.com.cn,REJECT
- DOMAIN,rd.autohome.com.cn,REJECT
- DOMAIN,al.autohome.com.cn,REJECT
- DOMAIN,applogapi.autohome.com.cn,REJECT
- DOMAIN-SUFFIX,cpro.baidu.com,REJECT
- DOMAIN-SUFFIX,pos.baidu.com,REJECT
- DOMAIN,afd.baidu.com,REJECT
- DOMAIN,als.baidu.com,REJECT
- DOMAIN,duclick.baidu.com,REJECT
- DOMAIN,mobads.baidu.com,REJECT
- DOMAIN,mobads-logs.baidu.com,REJECT
- DOMAIN,nsclick.baidu.com,REJECT
- DOMAIN,ad.toutiao.com,REJECT
- DOMAIN,adx.yiche.com,REJECT
- DOMAIN,log.ycapp.yiche.com,REJECT
- DOMAIN,advertise.baicizhan.com,REJECT
- DOMAIN,advertise.baicizhan.org,REJECT
- DOMAIN,galaxy.bjcathay.com,REJECT
- DOMAIN,mdrecv.app.cntvwb.cn,REJECT
- DOMAIN,sdapprecv.app.cntvwb.cn,REJECT
- DOMAIN,vdapprecv.app.cntvwb.cn,REJECT
- DOMAIN,ad.21cn.com,REJECT
- DOMAIN,ad.k.21cn.com,REJECT
- DOMAIN,admarket.21cn.com,REJECT
- DOMAIN,adshows.21cn.com,REJECT
- DOMAIN,atrace.chelaile.net.cn,REJECT
- DOMAIN,logs.chelaile.net.cn,REJECT
- DOMAIN-SUFFIX,doubleclick.net,REJECT
- DOMAIN-SUFFIX,googleadservices.com,REJECT
- DOMAIN-SUFFIX,googleadsserving.cn,REJECT
- DOMAIN-SUFFIX,googlesyndication.com,REJECT
- DOMAIN-SUFFIX,da.mgtv.com,REJECT
- DOMAIN-SUFFIX,da.hunantv.com,REJECT
- DOMAIN,adx.hupu.com,REJECT
- DOMAIN,adx-api.hupu.com,REJECT
- DOMAIN,goblin.hupu.com,REJECT
- DOMAIN,t7z.cupid.iqiyi.com,REJECT
- IP-CIDR,101.227.97.240/32,REJECT,no-resolve
- IP-CIDR,101.227.200.11/32,REJECT,no-resolve
- IP-CIDR,101.227.200.28/32,REJECT,no-resolve
- IP-CIDR,124.192.153.42/32,REJECT,no-resolve
- DOMAIN-SUFFIX,deliver.ifeng.com,REJECT
- DOMAIN,api.newad.ifeng.com,REJECT
- DOMAIN,ifengad.3g.ifeng.com,REJECT
- DOMAIN,adserviceretry.kugou.com,REJECT
- DOMAIN,ads.service.kugou.com,REJECT
- DOMAIN,adsfile.bssdlbig.kugou.com,REJECT
- DOMAIN,g.koowo.com,REJECT
- DOMAIN,kgmobilestat.kugou.com,REJECT
- DOMAIN,kgmobilestatbak.kugou.com,REJECT
- DOMAIN,mobilelog.kugou.com,REJECT
- DOMAIN,mobilead.kuwo.cn,REJECT
- DOMAIN,rich.kuwo.cn,REJECT
- DOMAIN,ad-stat.ksosoft.com,REJECT
- DOMAIN,img.auction-ads.wpscdn.cn,REJECT
- DOMAIN,counter.kingsoft.com,REJECT
- DOMAIN,counter.ksosoft.com,REJECT
- DOMAIN,minfo.wps.cn,REJECT
- DOMAIN,mobad.ijinshan.com,REJECT
- DOMAIN,ups.ksmobile.net,REJECT
- DOMAIN,ws.ksmobile.net,REJECT
- DOMAIN-SUFFIX,webp2p.letv.com,REJECT
- DOMAIN,ark.letv.com,REJECT
- DOMAIN,emma-414870e223.huodonghezi.com,REJECT
- DOMAIN,g3.letv.com,REJECT
- DOMAIN,n.mark.letv.com,REJECT
- DOMAIN,ad.hpplay.cn,REJECT
- DOMAIN,adcdn.hpplay.cn,REJECT
- DOMAIN,adeng.hpplay.cn,REJECT
- DOMAIN,rp.hpplay.cn,REJECT
- DOMAIN-SUFFIX,ad.intl.xiaomi.com,REJECT
- DOMAIN-SUFFIX,ad.xiaomi.com,REJECT
- DOMAIN-SUFFIX,admob.xiaomi.com,REJECT
- DOMAIN,adv.sec.intl.miui.com,REJECT
- DOMAIN,adv.sec.miui.com,REJECT
- DOMAIN,ad.api.moji.com,REJECT
- DOMAIN,adlaunch.moji.com,REJECT
- DOMAIN,ads.mojicdn.com,REJECT
- DOMAIN,v1.log.moji.com,REJECT
- DOMAIN,ad.bn.netease.com,REJECT
- DOMAIN,ad.yixin.im,REJECT
- DOMAIN,admusicpic.music.126.net,REJECT
- DOMAIN,gorgon.youdao.com,REJECT
- DOMAIN,iadmat.nosdn.127.net,REJECT
- DOMAIN,iadmusicmat.music.126.net,REJECT
- DOMAIN,iadmusicmatvideo.music.126.net,REJECT
- DOMAIN,impservice.dictapp.youdao.com,REJECT
- DOMAIN,impservice.youdao.com,REJECT
- DOMAIN,log.yex.youdao.com,REJECT
- DOMAIN,log-yex.youdao.com,REJECT
- DOMAIN,n.3g.163.com,REJECT
- DOMAIN,nex.163.com,REJECT
- DOMAIN,yt-adp.nosdn.127.net,REJECT
- DOMAIN,yt-adp.ws.126.net,REJECT
- DOMAIN,ads.aplus.pptv.com,REJECT
- DOMAIN,ads.aplusapi.pptv.com,REJECT
- DOMAIN,asimgs.pplive.cn,REJECT
- DOMAIN,de.as.pptv.com,REJECT
- DOMAIN,regist.fotoable.com,REJECT
- DOMAIN,cdn.adapi.fotoable.com,REJECT
- DOMAIN,adnew.wifi8.com,REJECT
- DOMAIN,adfile.wifi8.com,REJECT
- DOMAIN-SUFFIX,beacon.sina.com.cn,REJECT
- DOMAIN,adimg.vue.weibo.com,REJECT
- DOMAIN,u1.img.mobile.sina.cn,REJECT
- DOMAIN,sax.sina.com.cn,REJECT
- DOMAIN,saxs.sina.com.cn,REJECT
- DOMAIN,saxn.sina.com.cn,REJECT
- DOMAIN-SUFFIX,ad.sohu.com,REJECT
- DOMAIN-SUFFIX,ads.sohu.com,REJECT
- DOMAIN-SUFFIX,aty.sohu.com,REJECT
- DOMAIN,imp.optaim.com,REJECT
- DOMAIN,v2.reachmax.cn,REJECT
- DOMAIN,track.sohu.com,REJECT
- DOMAIN,hui.sohu.com,REJECT
- DOMAIN-SUFFIX,e.qq.com,REJECT
- DOMAIN-SUFFIX,gdt.qq.com,REJECT
- DOMAIN-SUFFIX,l.qq.com,REJECT
- DOMAIN,adsmind.apdcdn.tc.qq.com,REJECT
- DOMAIN,adsmind.gdtimg.com,REJECT
- DOMAIN,adsmind.tc.qq.com,REJECT
- DOMAIN,pgdt.gtimg.cn,REJECT
- DOMAIN,pgdt.gtimg.com,REJECT
- DOMAIN,pgdt.ugdtimg.com,REJECT
- DOMAIN,splashqqlive.gtimg.com,REJECT
- DOMAIN,wa.gtimg.com,REJECT
- DOMAIN,wxsnsdy.wxs.qq.com,REJECT
- DOMAIN,wxsnsdythumb.wxs.qq.com,REJECT
- DOMAIN,admonitor.thepaper.cn,REJECT
- DOMAIN,adpai.thepaper.cn,REJECT
- DOMAIN,imgadpai.thepaper.cn,REJECT
- DOMAIN,adsp.xunlei.com,REJECT
- DOMAIN,etl.xlmc.sandai.net,REJECT
- DOMAIN,adm.10jqka.com.cn,REJECT
- DOMAIN,stat.10jqka.com.cn,REJECT
- DOMAIN,ad-analysis.pconline.com.cn,REJECT
- DOMAIN,iad0ssl.pcauto.com.cn,REJECT
- DOMAIN,iad0ssl.pconline.com.cn,REJECT
- DOMAIN,imgad0.pcauto.com.cn,REJECT
- DOMAIN,imgad0.pconline.com.cn,REJECT
- DOMAIN,ivy.pchouse.com.cn,REJECT
- DOMAIN,a.wkanx.com,REJECT
- DOMAIN,cwx.lianwangtech.com,REJECT
- DOMAIN,c1wx.lianwangtech.com,REJECT
- DOMAIN,ad.ximalaya.com,REJECT
- DOMAIN,adbs.ximalaya.com,REJECT
- DOMAIN,adse.ximalaya.com,REJECT
- DOMAIN,adse.wsa.ximalaya.com,REJECT
- DOMAIN,adbehavior.wsa.ximalaya.com,REJECT
- DOMAIN,adsebs.ximalaya.com,REJECT
- DOMAIN,ads-img-qc.xhscdn.com,REJECT
- DOMAIN,ads-video-qc.xhscdn.com,REJECT
- DOMAIN,t-ads.xiaohongshu.com,REJECT
- DOMAIN-SUFFIX,atm.youku.com,REJECT
- DOMAIN,ad.mobile.youku.com,REJECT
- DOMAIN,iyes.youku.com,REJECT
- DOMAIN,apppv.zol.com.cn,REJECT
- DOMAIN,pvnapp.zol.com.cn,REJECT
# (DNS Cache Pollution Protection)
# > Google
- DOMAIN-SUFFIX,appspot.com,Proxy
- DOMAIN-SUFFIX,blogger.com,Proxy
- DOMAIN-SUFFIX,getoutline.org,Proxy
- DOMAIN-SUFFIX,gvt0.com,Proxy
- DOMAIN-SUFFIX,gvt1.com,Proxy
- DOMAIN-SUFFIX,gvt3.com,Proxy
- DOMAIN-SUFFIX,xn--ngstr-lra8j.com,Proxy
- DOMAIN-KEYWORD,google,Proxy
- DOMAIN-KEYWORD,blogspot,Proxy
# > Facebook
- DOMAIN-SUFFIX,cdninstagram.com,Proxy
- DOMAIN-SUFFIX,fb.com,Proxy
- DOMAIN-SUFFIX,fb.me,Proxy
- DOMAIN-SUFFIX,fbaddins.com,Proxy
- DOMAIN-SUFFIX,fbcdn.net,Proxy
- DOMAIN-SUFFIX,fbsbx.com,Proxy
- DOMAIN-SUFFIX,fbworkmail.com,Proxy
- DOMAIN-SUFFIX,instagram.com,Proxy
- DOMAIN-SUFFIX,m.me,Proxy
- DOMAIN-SUFFIX,messenger.com,Proxy
- DOMAIN-SUFFIX,oculus.com,Proxy
- DOMAIN-SUFFIX,oculuscdn.com,Proxy
- DOMAIN-SUFFIX,rocksdb.org,Proxy
- DOMAIN-SUFFIX,whatsapp.com,Proxy
- DOMAIN-SUFFIX,whatsapp.net,Proxy
- DOMAIN-KEYWORD,facebook,Proxy
# > Twitter
- DOMAIN-SUFFIX,pscp.tv,Proxy
- DOMAIN-SUFFIX,periscope.tv,Proxy
- DOMAIN-SUFFIX,t.co,Proxy
- DOMAIN-SUFFIX,twimg.co,Proxy
- DOMAIN-SUFFIX,twimg.com,Proxy
- DOMAIN-SUFFIX,twitpic.com,Proxy
- DOMAIN-SUFFIX,vine.co,Proxy
- DOMAIN-KEYWORD,twitter,Proxy
# > Telegram
- DOMAIN-SUFFIX,t.me,Proxy
- DOMAIN-SUFFIX,tdesktop.com,Proxy
- DOMAIN-SUFFIX,telegra.ph,Proxy
- DOMAIN-SUFFIX,telegram.me,Proxy
- DOMAIN-SUFFIX,telegram.org,Proxy
# > Line
- DOMAIN-SUFFIX,line.me,Proxy
- DOMAIN-SUFFIX,line-apps.com,Proxy
- DOMAIN-SUFFIX,line-scdn.net,Proxy
- DOMAIN-SUFFIX,naver.jp,Proxy
# > Other
- DOMAIN-SUFFIX,4shared.com,Proxy
- DOMAIN-SUFFIX,881903.com,Proxy
- DOMAIN-SUFFIX,abc.net.au,Proxy
- DOMAIN-SUFFIX,abebooks.com,Proxy
- DOMAIN-SUFFIX,amazon.co.jp,Proxy
- DOMAIN-SUFFIX,apigee.com,Proxy
- DOMAIN-SUFFIX,apk-dl.com,Proxy
- DOMAIN-SUFFIX,apkmirror.com,Proxy
- DOMAIN-SUFFIX,apkmonk.com,Proxy
- DOMAIN-SUFFIX,apkpure.com,Proxy
- DOMAIN-SUFFIX,aptoide.com,Proxy
- DOMAIN-SUFFIX,archive.is,Proxy
- DOMAIN-SUFFIX,archive.org,Proxy
- DOMAIN-SUFFIX,arte.tv,Proxy
- DOMAIN-SUFFIX,ask.com,Proxy
- DOMAIN-SUFFIX,avgle.com,Proxy
- DOMAIN-SUFFIX,badoo.com,Proxy
- DOMAIN-SUFFIX,bandwagonhost.com,Proxy
- DOMAIN-SUFFIX,bbc.com,Proxy
- DOMAIN-SUFFIX,behance.net,Proxy
- DOMAIN-SUFFIX,bibox.com,Proxy
- DOMAIN-SUFFIX,biggo.com.tw,Proxy
- DOMAIN-SUFFIX,binance.com,Proxy
- DOMAIN-SUFFIX,bitcointalk.org,Proxy
- DOMAIN-SUFFIX,bitfinex.com,Proxy
- DOMAIN-SUFFIX,bitmex.com,Proxy
- DOMAIN-SUFFIX,bit-z.com,Proxy
- DOMAIN-SUFFIX,bloglovin.com,Proxy
- DOMAIN-SUFFIX,bloomberg.cn,Proxy
- DOMAIN-SUFFIX,bloomberg.com,Proxy
- DOMAIN-SUFFIX,book.com.tw,Proxy
- DOMAIN-SUFFIX,booklive.jp,Proxy
- DOMAIN-SUFFIX,books.com.tw,Proxy
- DOMAIN-SUFFIX,box.com,Proxy
- DOMAIN-SUFFIX,brookings.edu,Proxy
- DOMAIN-SUFFIX,businessinsider.com,Proxy
- DOMAIN-SUFFIX,bwh1.net,Proxy
- DOMAIN-SUFFIX,castbox.fm,Proxy
- DOMAIN-SUFFIX,cbc.ca,Proxy
- DOMAIN-SUFFIX,cdw.com,Proxy
- DOMAIN-SUFFIX,change.org,Proxy
- DOMAIN-SUFFIX,ck101.com,Proxy
- DOMAIN-SUFFIX,clarionproject.org,Proxy
- DOMAIN-SUFFIX,clyp.it,Proxy
- DOMAIN-SUFFIX,cna.com.tw,Proxy
- DOMAIN-SUFFIX,comparitech.com,Proxy
- DOMAIN-SUFFIX,conoha.jp,Proxy
- DOMAIN-SUFFIX,crucial.com,Proxy
- DOMAIN-SUFFIX,cts.com.tw,Proxy
- DOMAIN-SUFFIX,cw.com.tw,Proxy
- DOMAIN-SUFFIX,cyberctm.com,Proxy
- DOMAIN-SUFFIX,dailymotion.com,Proxy
- DOMAIN-SUFFIX,dailyview.tw,Proxy
- DOMAIN-SUFFIX,daum.net,Proxy
- DOMAIN-SUFFIX,daumcdn.net,Proxy
- DOMAIN-SUFFIX,dcard.tw,Proxy
- DOMAIN-SUFFIX,deepdiscount.com,Proxy
- DOMAIN-SUFFIX,deezer.com,Proxy
- DOMAIN-SUFFIX,depositphotos.com,Proxy
- DOMAIN-SUFFIX,disconnect.me,Proxy
- DOMAIN-SUFFIX,discordapp.com,Proxy
- DOMAIN-SUFFIX,discordapp.net,Proxy
- DOMAIN-SUFFIX,disqus.com,Proxy
- DOMAIN-SUFFIX,dns2go.com,Proxy
- DOMAIN-SUFFIX,dropbox.com,Proxy
- DOMAIN-SUFFIX,dropboxusercontent.com,Proxy
- DOMAIN-SUFFIX,duckduckgo.com,Proxy
- DOMAIN-SUFFIX,dw.com,Proxy
- DOMAIN-SUFFIX,dynu.com,Proxy
- DOMAIN-SUFFIX,earthcam.com,Proxy
- DOMAIN-SUFFIX,ebookservice.tw,Proxy
- DOMAIN-SUFFIX,economist.com,Proxy
- DOMAIN-SUFFIX,edgecastcdn.net,Proxy
- DOMAIN-SUFFIX,edu,Proxy
- DOMAIN-SUFFIX,elpais.com,Proxy
- DOMAIN-SUFFIX,enanyang.my,Proxy
- DOMAIN-SUFFIX,euronews.com,Proxy
- DOMAIN-SUFFIX,feedly.com,Proxy
- DOMAIN-SUFFIX,files.wordpress.com,Proxy
- DOMAIN-SUFFIX,flickr.com,Proxy
- DOMAIN-SUFFIX,flitto.com,Proxy
- DOMAIN-SUFFIX,foreignpolicy.com,Proxy
- DOMAIN-SUFFIX,friday.tw,Proxy
- DOMAIN-SUFFIX,gate.io,Proxy
- DOMAIN-SUFFIX,getlantern.org,Proxy
- DOMAIN-SUFFIX,getsync.com,Proxy
- DOMAIN-SUFFIX,globalvoices.org,Proxy
- DOMAIN-SUFFIX,goo.ne.jp,Proxy
- DOMAIN-SUFFIX,goodreads.com,Proxy
- DOMAIN-SUFFIX,gov.tw,Proxy
- DOMAIN-SUFFIX,gumroad.com,Proxy
- DOMAIN-SUFFIX,hbg.com,Proxy
- DOMAIN-SUFFIX,hightail.com,Proxy
- DOMAIN-SUFFIX,hk01.com,Proxy
- DOMAIN-SUFFIX,hkbf.org,Proxy
- DOMAIN-SUFFIX,hkbookcity.com,Proxy
- DOMAIN-SUFFIX,hkej.com,Proxy
- DOMAIN-SUFFIX,hket.com,Proxy
- DOMAIN-SUFFIX,hkgolden.com,Proxy
- DOMAIN-SUFFIX,hootsuite.com,Proxy
- DOMAIN-SUFFIX,hudson.org,Proxy
- DOMAIN-SUFFIX,huobi.pro,Proxy
- DOMAIN-SUFFIX,initiummall.com,Proxy
- DOMAIN-SUFFIX,ipfs.io,Proxy
- DOMAIN-SUFFIX,issuu.com,Proxy
- DOMAIN-SUFFIX,japantimes.co.jp,Proxy
- DOMAIN-SUFFIX,jiji.com,Proxy
- DOMAIN-SUFFIX,jinx.com,Proxy
- DOMAIN-SUFFIX,jkforum.net,Proxy
- DOMAIN-SUFFIX,joinmastodon.org,Proxy
- DOMAIN-SUFFIX,kakao.com,Proxy
- DOMAIN-SUFFIX,lihkg.com,Proxy
- DOMAIN-SUFFIX,live.com,Proxy
- DOMAIN-SUFFIX,mail.ru,Proxy
- DOMAIN-SUFFIX,matters.news,Proxy
- DOMAIN-SUFFIX,medium.com,Proxy
- DOMAIN-SUFFIX,mega.nz,Proxy
- DOMAIN-SUFFIX,mil,Proxy
- DOMAIN-SUFFIX,mobile01.com,Proxy
- DOMAIN-SUFFIX,naver.com,Proxy
- DOMAIN-SUFFIX,nikkei.com,Proxy
- DOMAIN-SUFFIX,nofile.io,Proxy
- DOMAIN-SUFFIX,now.com,Proxy
- DOMAIN-SUFFIX,nyt.com,Proxy
- DOMAIN-SUFFIX,nytchina.com,Proxy
- DOMAIN-SUFFIX,nytcn.me,Proxy
- DOMAIN-SUFFIX,nytco.com,Proxy
- DOMAIN-SUFFIX,nytimes.com,Proxy
- DOMAIN-SUFFIX,nytimg.com,Proxy
- DOMAIN-SUFFIX,nytlog.com,Proxy
- DOMAIN-SUFFIX,nytstyle.com,Proxy
- DOMAIN-SUFFIX,ok.ru,Proxy
- DOMAIN-SUFFIX,okex.com,Proxy
- DOMAIN-SUFFIX,pcloud.com,Proxy
- DOMAIN-SUFFIX,pinimg.com,Proxy
- DOMAIN-SUFFIX,pixiv.net,Proxy
- DOMAIN-SUFFIX,pornhub.com,Proxy
- DOMAIN-SUFFIX,pureapk.com,Proxy
- DOMAIN-SUFFIX,quora.com,Proxy
- DOMAIN-SUFFIX,quoracdn.net,Proxy
- DOMAIN-SUFFIX,rakuten.co.jp,Proxy
- DOMAIN-SUFFIX,reddit.com,Proxy
- DOMAIN-SUFFIX,redditmedia.com,Proxy
- DOMAIN-SUFFIX,resilio.com,Proxy
- DOMAIN-SUFFIX,reuters.com,Proxy
- DOMAIN-SUFFIX,scmp.com,Proxy
- DOMAIN-SUFFIX,scribd.com,Proxy
- DOMAIN-SUFFIX,seatguru.com,Proxy
- DOMAIN-SUFFIX,shadowsocks.org,Proxy
- DOMAIN-SUFFIX,slideshare.net,Proxy
- DOMAIN-SUFFIX,soundcloud.com,Proxy
- DOMAIN-SUFFIX,startpage.com,Proxy
- DOMAIN-SUFFIX,steamcommunity.com,Proxy
- DOMAIN-SUFFIX,steemit.com,Proxy
- DOMAIN-SUFFIX,t66y.com,Proxy
- DOMAIN-SUFFIX,teco-hk.org,Proxy
- DOMAIN-SUFFIX,teco-mo.org,Proxy
- DOMAIN-SUFFIX,teddysun.com,Proxy
- DOMAIN-SUFFIX,theinitium.com,Proxy
- DOMAIN-SUFFIX,tineye.com,Proxy
- DOMAIN-SUFFIX,torproject.org,Proxy
- DOMAIN-SUFFIX,tumblr.com,Proxy
- DOMAIN-SUFFIX,turbobit.net,Proxy
- DOMAIN-SUFFIX,twitch.tv,Proxy
- DOMAIN-SUFFIX,udn.com,Proxy
- DOMAIN-SUFFIX,unseen.is,Proxy
- DOMAIN-SUFFIX,upmedia.mg,Proxy
- DOMAIN-SUFFIX,uptodown.com,Proxy
- DOMAIN-SUFFIX,ustream.tv,Proxy
- DOMAIN-SUFFIX,uwants.com,Proxy
- DOMAIN-SUFFIX,v2ray.com,Proxy
- DOMAIN-SUFFIX,viber.com,Proxy
- DOMAIN-SUFFIX,videopress.com,Proxy
- DOMAIN-SUFFIX,vimeo.com,Proxy
- DOMAIN-SUFFIX,voxer.com,Proxy
- DOMAIN-SUFFIX,vzw.com,Proxy
- DOMAIN-SUFFIX,w3schools.com,Proxy
- DOMAIN-SUFFIX,wattpad.com,Proxy
- DOMAIN-SUFFIX,whoer.net,Proxy
- DOMAIN-SUFFIX,wikimapia.org,Proxy
- DOMAIN-SUFFIX,wikipedia.org,Proxy
- DOMAIN-SUFFIX,wire.com,Proxy
- DOMAIN-SUFFIX,worldcat.org,Proxy
- DOMAIN-SUFFIX,wsj.com,Proxy
- DOMAIN-SUFFIX,wsj.net,Proxy
- DOMAIN-SUFFIX,xboxlive.com,Proxy
- DOMAIN-SUFFIX,xvideos.com,Proxy
- DOMAIN-SUFFIX,yahoo.com,Proxy
- DOMAIN-SUFFIX,yesasia.com,Proxy
- DOMAIN-SUFFIX,yes-news.com,Proxy
- DOMAIN-SUFFIX,yomiuri.co.jp,Proxy
- DOMAIN-SUFFIX,you-get.org,Proxy
- DOMAIN-SUFFIX,zb.com,Proxy
- DOMAIN-SUFFIX,zello.com,Proxy
- DOMAIN-SUFFIX,zeronet.io,Proxy
- DOMAIN,cdn-images.mailchimp.com,Proxy
- DOMAIN,id.heroku.com,Proxy
- DOMAIN-KEYWORD,github,Proxy
- DOMAIN-KEYWORD,jav,Proxy
- DOMAIN-KEYWORD,pinterest,Proxy
- DOMAIN-KEYWORD,porn,Proxy
- DOMAIN-KEYWORD,wikileaks,Proxy
# (Region-Restricted Access Denied)
- DOMAIN-SUFFIX,apartmentratings.com,Proxy
- DOMAIN-SUFFIX,apartments.com,Proxy
- DOMAIN-SUFFIX,bankmobilevibe.com,Proxy
- DOMAIN-SUFFIX,bing.com,Proxy
- DOMAIN-SUFFIX,booktopia.com.au,Proxy
- DOMAIN-SUFFIX,centauro.com.br,Proxy
- DOMAIN-SUFFIX,clearsurance.com,Proxy
- DOMAIN-SUFFIX,costco.com,Proxy
- DOMAIN-SUFFIX,crackle.com,Proxy
- DOMAIN-SUFFIX,depositphotos.cn,Proxy
- DOMAIN-SUFFIX,dish.com,Proxy
- DOMAIN-SUFFIX,dmm.co.jp,Proxy
- DOMAIN-SUFFIX,dmm.com,Proxy
- DOMAIN-SUFFIX,dnvod.tv,Proxy
- DOMAIN-SUFFIX,esurance.com,Proxy
- DOMAIN-SUFFIX,extmatrix.com,Proxy
- DOMAIN-SUFFIX,fastpic.ru,Proxy
- DOMAIN-SUFFIX,flipboard.com,Proxy
- DOMAIN-SUFFIX,fnac.be,Proxy
- DOMAIN-SUFFIX,fnac.com,Proxy
- DOMAIN-SUFFIX,funkyimg.com,Proxy
- DOMAIN-SUFFIX,fxnetworks.com,Proxy
- DOMAIN-SUFFIX,gettyimages.com,Proxy
- DOMAIN-SUFFIX,jcpenney.com,Proxy
- DOMAIN-SUFFIX,kknews.cc,Proxy
- DOMAIN-SUFFIX,nationwide.com,Proxy
- DOMAIN-SUFFIX,nbc.com,Proxy
- DOMAIN-SUFFIX,nordstrom.com,Proxy
- DOMAIN-SUFFIX,nordstromimage.com,Proxy
- DOMAIN-SUFFIX,nordstromrack.com,Proxy
- DOMAIN-SUFFIX,read01.com,Proxy
- DOMAIN-SUFFIX,superpages.com,Proxy
- DOMAIN-SUFFIX,target.com,Proxy
- DOMAIN-SUFFIX,thinkgeek.com,Proxy
- DOMAIN-SUFFIX,tracfone.com,Proxy
- DOMAIN-SUFFIX,uploader.jp,Proxy
- DOMAIN-SUFFIX,vevo.com,Proxy
- DOMAIN-SUFFIX,viu.tv,Proxy
- DOMAIN-SUFFIX,vk.com,Proxy
- DOMAIN-SUFFIX,vsco.co,Proxy
- DOMAIN-SUFFIX,xfinity.com,Proxy
- DOMAIN-SUFFIX,zattoo.com,Proxy
- DOMAIN,abc.com,Proxy
- DOMAIN,abc.go.com,Proxy
- DOMAIN,abc.net.au,Proxy
- DOMAIN,wego.here.com,Proxy
# > Telegram
- DOMAIN-SUFFIX,t.me,Proxy
- DOMAIN-SUFFIX,tdesktop.com,Proxy
- DOMAIN-SUFFIX,telegra.ph,Proxy
- DOMAIN-SUFFIX,telegram.me,Proxy
- DOMAIN-SUFFIX,telegram.org,Proxy
- IP-CIDR,91.108.0.0/16,Proxy,no-resolve
- IP-CIDR,109.239.140.0/24,Proxy,no-resolve
- IP-CIDR,149.154.160.0/20,Proxy,no-resolve
- IP-CIDR6,2001:67c:4e8::/48,Proxy,no-resolve
- IP-CIDR6,2001:b28:f23d::/48,Proxy,no-resolve
- IP-CIDR6,2001:b28:f23f::/48,Proxy,no-resolve
#USER-AGENT,Roam*,Proxy
# (The Most Popular Sites)
# > Apple
# > Apple URL Shortener
- DOMAIN-SUFFIX,appsto.re,Proxy
# > TestFlight
- DOMAIN,beta.itunes.apple.com,Proxy
# > iBooks Store download
- DOMAIN,books.itunes.apple.com,Proxy
# > iTunes Store Moveis Trailers
- DOMAIN,hls.itunes.apple.com,Proxy
# App Store Preview
- DOMAIN,itunes.apple.com,Proxy
# > Spotlight
- DOMAIN,api-glb-sea.smoot.apple.com,Proxy
# > Dictionary
- DOMAIN,lookup-api.apple.com,Proxy
#PROCESS-NAME,LookupViewService,Proxy
# > Google
- DOMAIN-SUFFIX,abc.xyz,Proxy
- DOMAIN-SUFFIX,android.com,Proxy
- DOMAIN-SUFFIX,androidify.com,Proxy
- DOMAIN-SUFFIX,dialogflow.com,Proxy
- DOMAIN-SUFFIX,autodraw.com,Proxy
- DOMAIN-SUFFIX,capitalg.com,Proxy
- DOMAIN-SUFFIX,certificate-transparency.org,Proxy
- DOMAIN-SUFFIX,chrome.com,Proxy
- DOMAIN-SUFFIX,chromeexperiments.com,Proxy
- DOMAIN-SUFFIX,chromestatus.com,Proxy
- DOMAIN-SUFFIX,chromium.org,Proxy
- DOMAIN-SUFFIX,creativelab5.com,Proxy
- DOMAIN-SUFFIX,debug.com,Proxy
- DOMAIN-SUFFIX,deepmind.com,Proxy
- DOMAIN-SUFFIX,firebaseio.com,Proxy
- DOMAIN-SUFFIX,getmdl.io,Proxy
- DOMAIN-SUFFIX,ggpht.com,Proxy
- DOMAIN-SUFFIX,gmail.com,Proxy
- DOMAIN-SUFFIX,gmodules.com,Proxy
- DOMAIN-SUFFIX,godoc.org,Proxy
- DOMAIN-SUFFIX,golang.org,Proxy
- DOMAIN-SUFFIX,gstatic.com,Proxy
- DOMAIN-SUFFIX,gv.com,Proxy
- DOMAIN-SUFFIX,gwtproject.org,Proxy
- DOMAIN-SUFFIX,itasoftware.com,Proxy
- DOMAIN-SUFFIX,madewithcode.com,Proxy
- DOMAIN-SUFFIX,material.io,Proxy
- DOMAIN-SUFFIX,polymer-project.org,Proxy
- DOMAIN-SUFFIX,admin.recaptcha.net,Proxy
- DOMAIN-SUFFIX,recaptcha.net,Proxy
- DOMAIN-SUFFIX,shattered.io,Proxy
- DOMAIN-SUFFIX,synergyse.com,Proxy
- DOMAIN-SUFFIX,tensorflow.org,Proxy
- DOMAIN-SUFFIX,tiltbrush.com,Proxy
- DOMAIN-SUFFIX,waveprotocol.org,Proxy
- DOMAIN-SUFFIX,waymo.com,Proxy
- DOMAIN-SUFFIX,webmproject.org,Proxy
- DOMAIN-SUFFIX,webrtc.org,Proxy
- DOMAIN-SUFFIX,whatbrowser.org,Proxy
- DOMAIN-SUFFIX,widevine.com,Proxy
- DOMAIN-SUFFIX,x.company,Proxy
- DOMAIN-SUFFIX,youtu.be,Proxy
- DOMAIN-SUFFIX,yt.be,Proxy
- DOMAIN-SUFFIX,ytimg.com,Proxy
# > Steam
- DOMAIN,media.steampowered.com,Proxy
- DOMAIN,store.steampowered.com,Proxy
# > Other
- DOMAIN-SUFFIX,0rz.tw,Proxy
- DOMAIN-SUFFIX,4bluestones.biz,Proxy
- DOMAIN-SUFFIX,9bis.net,Proxy
- DOMAIN-SUFFIX,allconnected.co,Proxy
- DOMAIN-SUFFIX,amazonaws.com,Proxy
- DOMAIN-SUFFIX,aol.com,Proxy
- DOMAIN-SUFFIX,bcc.com.tw,Proxy
- DOMAIN-SUFFIX,bit.ly,Proxy
- DOMAIN-SUFFIX,bitshare.com,Proxy
- DOMAIN-SUFFIX,blog.jp,Proxy
- DOMAIN-SUFFIX,blogimg.jp,Proxy
- DOMAIN-SUFFIX,blogtd.org,Proxy
- DOMAIN-SUFFIX,broadcast.co.nz,Proxy
- DOMAIN-SUFFIX,camfrog.com,Proxy
- DOMAIN-SUFFIX,cfos.de,Proxy
- DOMAIN-SUFFIX,citypopulation.de,Proxy
- DOMAIN-SUFFIX,cloudfront.net,Proxy
- DOMAIN-SUFFIX,ctitv.com.tw,Proxy
- DOMAIN-SUFFIX,cuhk.edu.hk,Proxy
- DOMAIN-SUFFIX,cusu.hk,Proxy
- DOMAIN-SUFFIX,discuss.com.hk,Proxy
- DOMAIN-SUFFIX,dropboxapi.com,Proxy
- DOMAIN-SUFFIX,edditstatic.com,Proxy
- DOMAIN-SUFFIX,flickriver.com,Proxy
- DOMAIN-SUFFIX,focustaiwan.tw,Proxy
- DOMAIN-SUFFIX,free.fr,Proxy
- DOMAIN-SUFFIX,ftchinese.com,Proxy
- DOMAIN-SUFFIX,gigacircle.com,Proxy
- DOMAIN-SUFFIX,gov,Proxy
- DOMAIN-SUFFIX,hk-pub.com,Proxy
- DOMAIN-SUFFIX,hosting.co.uk,Proxy
- DOMAIN-SUFFIX,hwcdn.net,Proxy
- DOMAIN-SUFFIX,jtvnw.net,Proxy
- DOMAIN-SUFFIX,linksalpha.com,Proxy
- DOMAIN-SUFFIX,manyvids.com,Proxy
- DOMAIN-SUFFIX,myactimes.com,Proxy
- DOMAIN-SUFFIX,newsblur.com,Proxy
- DOMAIN-SUFFIX,now.im,Proxy
- DOMAIN-SUFFIX,redditlist.com,Proxy
- DOMAIN-SUFFIX,signal.org,Proxy
- DOMAIN-SUFFIX,sparknotes.com,Proxy
- DOMAIN-SUFFIX,streetvoice.com,Proxy
- DOMAIN-SUFFIX,ttvnw.net,Proxy
- DOMAIN-SUFFIX,tv.com,Proxy
- DOMAIN-SUFFIX,twitchcdn.net,Proxy
- DOMAIN-SUFFIX,typepad.com,Proxy
- DOMAIN-SUFFIX,udnbkk.com,Proxy
- DOMAIN-SUFFIX,whispersystems.org,Proxy
- DOMAIN-SUFFIX,wikia.com,Proxy
- DOMAIN-SUFFIX,wn.com,Proxy
- DOMAIN-SUFFIX,wolframalpha.com,Proxy
- DOMAIN-SUFFIX,x-art.com,Proxy
- DOMAIN-SUFFIX,yimg.com,Proxy
- DOMAIN-KEYWORD,dlercloud,Proxy
- DOMAIN-SUFFIX,dler.cloud,Proxy
# Local Area Network
- DOMAIN-KEYWORD,announce,DIRECT
- DOMAIN-KEYWORD,torrent,DIRECT
- DOMAIN-KEYWORD,tracker,DIRECT
- DOMAIN-SUFFIX,smtp,DIRECT
- DOMAIN-SUFFIX,local,DIRECT
- IP-CIDR,192.168.0.0/16,DIRECT
- IP-CIDR,10.0.0.0/8,DIRECT
- IP-CIDR,172.16.0.0/12,DIRECT
- IP-CIDR,127.0.0.0/8,DIRECT
- IP-CIDR,100.64.0.0/10,DIRECT
# # > IQIYI
# - IP-CIDR,101.227.0.0/16,Bilibili|iQIYI|NeteaseMusic|TencentVideo
# - IP-CIDR,101.224.0.0/13,Bilibili|iQIYI|NeteaseMusic|TencentVideo
# - IP-CIDR,119.176.0.0/12,Bilibili|iQIYI|NeteaseMusic|TencentVideo
# # > Youku
# - IP-CIDR,106.11.0.0/16,Bilibili|iQIYI|NeteaseMusic|TencentVideo
# > Telegram
- IP-CIDR,67.198.55.0/24,Proxy
- IP-CIDR,91.108.4.0/22,Proxy
- IP-CIDR,91.108.8.0/22,Proxy
- IP-CIDR,91.108.12.0/22,Proxy
- IP-CIDR,91.108.16.0/22,Proxy
- IP-CIDR,91.108.56.0/22,Proxy
- IP-CIDR,109.239.140.0/24,Proxy
- IP-CIDR,149.154.160.0/20,Proxy
- IP-CIDR,205.172.60.0/22,Proxy
# (Extra IP-CIRD)
# > Google
- IP-CIDR,35.190.247.0/24,Proxy
- IP-CIDR,64.233.160.0/19,Proxy
- IP-CIDR,66.102.0.0/20,Proxy
- IP-CIDR,66.249.80.0/20,Proxy
- IP-CIDR,72.14.192.0/18,Proxy
- IP-CIDR,74.125.0.0/16,Proxy
- IP-CIDR,108.177.8.0/21,Proxy
- IP-CIDR,172.217.0.0/16,Proxy
- IP-CIDR,173.194.0.0/16,Proxy
- IP-CIDR,209.85.128.0/17,Proxy
- IP-CIDR,216.58.192.0/19,Proxy
- IP-CIDR,216.239.32.0/19,Proxy
# > Facebook
- IP-CIDR,31.13.24.0/21,Proxy
- IP-CIDR,31.13.64.0/18,Proxy
- IP-CIDR,45.64.40.0/22,Proxy
- IP-CIDR,66.220.144.0/20,Proxy
- IP-CIDR,69.63.176.0/20,Proxy
- IP-CIDR,69.171.224.0/19,Proxy
- IP-CIDR,74.119.76.0/22,Proxy
- IP-CIDR,103.4.96.0/22,Proxy
- IP-CIDR,129.134.0.0/17,Proxy
- IP-CIDR,157.240.0.0/17,Proxy
- IP-CIDR,173.252.64.0/19,Proxy
- IP-CIDR,173.252.96.0/19,Proxy
- IP-CIDR,179.60.192.0/22,Proxy
- IP-CIDR,185.60.216.0/22,Proxy
- IP-CIDR,204.15.20.0/22,Proxy
# > Twitter
- IP-CIDR,69.195.160.0/19,Proxy
- IP-CIDR,104.244.42.0/21,Proxy
- IP-CIDR,192.133.76.0/22,Proxy
- IP-CIDR,199.16.156.0/22,Proxy
- IP-CIDR,199.59.148.0/22,Proxy
- IP-CIDR,199.96.56.0/21,Proxy
- IP-CIDR,202.160.128.0/22,Proxy
- IP-CIDR,209.237.192.0/19,Proxy
# GeoIP China
- GEOIP,CN,Domestic
- MATCH,Others

0
v2ray示例/Clash/clash-socks5-server.yaml Normal file
View File

294
v2ray示例/XRay-中继服务器/tc-shanghai-mid-relay.json Normal file
View File

@@ -0,0 +1,294 @@
{
"log": {
"loglevel": "warning",
"access": "/var/log/xray/access.log",
"error": "/var/log/xray/error.log"
},
"inbounds": [
{
"protocol": "socks",
"tag": "proxy-tcp-seoul",
"port": 29999,
"listen": "0.0.0.0",
"settings": {
"auth": "noauth",
"udp": true,
"userLevel": 0
}
},
{
"tag": "in-vmess-tcp-seoul",
"port": 19999,
"listen": "0.0.0.0",
"protocol": "vmess",
"settings": {
"clients": [
{
"id": "7318178c-5583-40dd-996c-a0add1f8fc1e",
"level": 0,
"email": "不能用,腾讯云的ssl阻断机制 会封IP"
}
]
},
"streamSettings": {
"network": "tcp",
"security": "auto",
"tcpSettings": {
"acceptProxyProtocol": false,
"header": {
"type": "http",
"request": {
"path": [
"/v2ice-vmess-tcp-seoul"
]
}
}
}
}
},
{
"tag": "in-vmess-tcp-tokyo",
"port": 19998,
"listen": "0.0.0.0",
"protocol": "vmess",
"settings": {
"clients": [
{
"id": "89cb7e1d-9833-402c-9c1f-aafe8291510a",
"level": 0,
"email": "ice@gmail.com"
}
]
},
"streamSettings": {
"network": "tcp",
"security": "auto",
"tcpSettings": {
"acceptProxyProtocol": false,
"header": {
"type": "http",
"request": {
"path": [
"/v2ice-vmess-tcp-tokyo"
]
}
}
}
}
},
{
"tag": "in-vmess-vless-seoul4",
"port": 19997,
"listen": "0.0.0.0",
"protocol": "vmess",
"settings": {
"clients": [
{
"id": "eb574953-52fa-442e-a724-d3a21c72e658",
"level": 0,
"email": "ice@gmail.com"
}
]
},
"streamSettings": {
"network": "tcp",
"security": "auto",
"tcpSettings": {
"acceptProxyProtocol": false,
"header": {
"type": "http",
"request": {
"path": [
"/vmess-vless-seoul4"
]
}
}
}
}
}
],
"outbounds": [
{
"tag": "direct-out",
"protocol": "freedom"
},
{
"tag": "block",
"protocol": "blackhole"
},
{
"tag": "oracle-seoul4-vmess-websocket",
"protocol": "vmess",
"settings": {
"vnext": [
{
"address": "140.238.14.103",
"port": 19995,
"users": [
{
"id": "becaca40-b457-4572-9b46-ed66ecca7b4e",
"alterId": 0,
"email": "ice@cc.com",
"security": "auto"
}
]
}
]
},
"streamSettings": {
"network": "ws",
"wsSettings": {
"path": "/v2ice-default-ws"
}
},
"mux": {
"enabled": true,
"concurrency": 8
}
},
{
"tag": "oracle-seoul4-vless",
"protocol": "vless",
"settings": {
"vnext": [
{
"address": "140.238.14.103",
"port": 19990,
"users": [
{
"id": "adbd84eb-15fe-4c62-931c-b471791672ad",
"flow": "xtls-rprx-direct",
"security": "auto",
"encryption": "none",
"level": 0
}
]
}
]
},
"streamSettings": {
"network": "tcp",
"security": "xtls",
"xtlsSettings": {
"serverName": "xx.s4.cc.hh.107421.xyz",
"allowInsecure": true,
"rejectUnknownSni": false,
"alpn": [
"h2",
"http/1.1"
],
"minVersion": "1.2",
"maxVersion": "1.3"
}
}
},
{
"tag": "oracle-seoul4-trojan",
"protocol": "trojan",
"settings": {
"servers": [
{
"address": "140.238.14.103",
"port": 19990,
"password": "loveff.22",
"level": 0,
"flow": "xtls-rprx-direct"
}
]
},
"streamSettings": {
"network": "tcp",
"security": "tls",
"tlsSettings": {
"serverName": "xx.s4.cc.hh.107421.xyz"
}
},
"mux": {
"enabled": true,
"concurrency": 8
}
},
{
"tag": "oracle-seoul4-vmess-ws",
"protocol": "vmess",
"settings": {
"vnext": [
{
"address": "140.238.14.103",
"port": 19990,
"users": [
{
"id": "c08e68f1-283c-4f91-9603-0b80484bb283",
"security": "none",
"level": 0
}
]
}
]
},
"streamSettings": {
"network": "ws",
"security": "tls",
"tlsSettings": {
"serverName": "xx.s4.cc.hh.107421.xyz"
},
"wsSettings": {
"path": "/v2ice-vmess-ws"
}
},
"mux": {
"enabled": true,
"concurrency": 8
}
}
],
"routing": {
"domainStrategy": "AsIs",
"domainMatcher": "hybrid",
"balancers": [
{
"tag": "seoul-4-balancer",
"selector": [
"oracle-seoul"
]
}
],
"rules": [
{
"type": "field",
"domain": [
"geosite:category-ads-all"
],
"outboundTag": "block"
},
{
"type": "field",
"domain": [
"geosite:cn",
"geosite:private"
],
"outboundTag": "direct-out"
},
{
"type": "field",
"inboundTag": "in-vmess-tcp-seoul",
"outboundTag": "oracle-seoul4-vmess-websocket"
},
{
"type": "field",
"inboundTag": "proxy-tcp-seoul",
"outboundTag": "oracle-seoul4-vmess-websocket"
},
{
"type": "field",
"inboundTag": "in-vmess-tcp-tokyo",
"outboundTag": "oracle-tokyo1-vmess-websocket"
},
{
"type": "field",
"inboundTag": "in-vmess-vless-seoul4",
"outboundTag": "oracle-seoul4-vless"
}
]
}
}

3
v2ray示例/XRay-中继服务器/中继服务器-说明文档.md Normal file
View File

@@ -0,0 +1,3 @@
## Xray官方文档写的非常好
https://xtls.github.io/document/level-1/fallbacks-lv1.html

226
v2ray示例/XRay-外网服务器/Phonix-amd64-02实际使用的Xray配置.json Normal file
View File

@@ -0,0 +1,226 @@
{
"log": {
"access": "/var/log/xray/access.log",
"error": "/var/log/xray/error.log",
"loglevel": "warning"
},
"inbounds": [
{
"port": 19990,
"protocol": "vless",
"settings": {
"clients": [
{
"id": "adbd84eb-15fe-4c62-931c-b471791672ad",
"flow": "xtls-rprx-direct",
"level": 0,
"email": "ice@gmail.com"
}
],
"decryption": "none",
"fallbacks": [
{
"dest": 60001,
"alpn": "",
"xver": 1
},
{
"dest": 60002,
"alpn": "h2",
"xver": 1
},
{
"path": "/v2ice-vless-ws/",
"dest": 19998,
"xver": 1
},
{
"path": "/v2ice-vmess-tcp",
"dest": 19997,
"xver": 1
},
{
"path": "/v2ice-vmess-ws",
"dest": 19996,
"xver": 1
}
]
},
"streamSettings": {
"network": "tcp",
"security": "xtls",
"xtlsSettings": {
"alpn": [
"h2",
"http/1.1"
],
"certificates": [
{
"certificateFile": "/root/.acme.sh/xx.s4.cc.hh.107421.xyz_ecc/fullchain.cer",
"keyFile": "/root/.acme.sh/xx.s4.cc.hh.107421.xyz_ecc/xx.s4.cc.hh.107421.xyz.key"
}
]
},
"sniffing": {
"enabled": true,
"destOverride": [
"http",
"tls"
]
}
}
},
{
"port": 19999,
"listen": "127.0.0.1",
"protocol": "trojan",
"settings": {
"clients": [
{
"password": "loveff.22",
"level": 0,
"email": "ice@gmail.com.cn",
"flow": "xtls-rprx-direct"
}
],
"fallbacks": [
{
"dest": 8080,
"alpn": "",
"xver": 1
},
{
"dest": 8081,
"alpn": "h2",
"xver": 1
}
]
},
"streamSettings": {
"network": "tcp",
"security": "xtls",
"xtlsSettings": {
"alpn": [
"h2",
"http/1.1"
],
"certificates": [
{
"certificateFile": "/root/.acme.sh/xx.s4.cc.hh.107421.xyz_ecc/fullchain.cer",
"keyFile": "/root/.acme.sh/xx.s4.cc.hh.107421.xyz_ecc/xx.s4.cc.hh.107421.xyz.key"
}
]
},
"sniffing": {
"enabled": true,
"destOverride": [
"http",
"tls"
]
}
}
},
{
"port": 19998,
"listen": "127.0.0.1",
"protocol": "vless",
"settings": {
"clients": [
{
"id": "adbd84eb-15fe-4c62-931c-b471791672ad",
"level": 0,
"email": "ice@gmail.com"
}
],
"decryption": "none"
},
"streamSettings": {
"network": "ws",
"security": "none",
"wsSettings": {
"acceptProxyProtocol": true,
"path": "/v2ice-vless-ws/"
}
}
},
{
"port": 19997,
"listen": "127.0.0.1",
"protocol": "vmess",
"settings": {
"clients": [
{
"id": "3da8aa3f-ddd7-49bf-94ba-950593f24471",
"level": 0,
"email": "ice@gmail.com"
}
]
},
"streamSettings": {
"network": "tcp",
"security": "auto",
"tcpSettings": {
"acceptProxyProtocol": true,
"header": {
"type": "http",
"request": {
"path": [
"/v2ice-vmess-tcp"
]
}
}
}
}
},
{
"port": 19996,
"listen": "127.0.0.1",
"protocol": "vmess",
"settings": {
"clients": [
{
"id": "c08e68f1-283c-4f91-9603-0b80484bb283",
"level": 0,
"email": "ice@gmail.com"
}
]
},
"streamSettings": {
"network": "ws",
"security": "auto",
"wsSettings": {
"acceptProxyProtocol": true,
"path": "/v2ice-vmess-ws"
}
}
},
{
"port": 19995,
"listen": "0.0.0.0",
"protocol": "vmess",
"settings": {
"clients": [
{
"id": "becaca40-b457-4572-9b46-ed66ecca7b4e",
"level": 0,
"alterId": 0,
"email": "ice@cc.com"
}
]
},
"streamSettings": {
"network": "ws",
"security": "auto",
"wsSettings": {
"acceptProxyProtocol": false,
"path": "/v2ice-default-ws"
}
}
}
],
"outbounds": [
{
"protocol": "freedom"
}
]
}

226
v2ray示例/XRay-外网服务器/Seoul4实际使用的Xray配置.json Normal file
View File

@@ -0,0 +1,226 @@
{
"log": {
"access": "/var/log/xray/access.log",
"error": "/var/log/xray/error.log",
"loglevel": "warning"
},
"inbounds": [
{
"port": 19990,
"protocol": "vless",
"settings": {
"clients": [
{
"id": "adbd84eb-15fe-4c62-931c-b471791672ad",
"flow": "xtls-rprx-direct",
"level": 0,
"email": "ice@gmail.com"
}
],
"decryption": "none",
"fallbacks": [
{
"dest": 60001,
"alpn": "",
"xver": 1
},
{
"dest": 60002,
"alpn": "h2",
"xver": 1
},
{
"path": "/v2ice-vless-ws/",
"dest": 19998,
"xver": 1
},
{
"path": "/v2ice-vmess-tcp",
"dest": 19997,
"xver": 1
},
{
"path": "/v2ice-vmess-ws",
"dest": 19996,
"xver": 1
}
]
},
"streamSettings": {
"network": "tcp",
"security": "xtls",
"xtlsSettings": {
"alpn": [
"h2",
"http/1.1"
],
"certificates": [
{
"certificateFile": "/root/.acme.sh/xx.s4.cc.hh.107421.xyz_ecc/fullchain.cer",
"keyFile": "/root/.acme.sh/xx.s4.cc.hh.107421.xyz_ecc/xx.s4.cc.hh.107421.xyz.key"
}
]
},
"sniffing": {
"enabled": true,
"destOverride": [
"http",
"tls"
]
}
}
},
{
"port": 19999,
"listen": "127.0.0.1",
"protocol": "trojan",
"settings": {
"clients": [
{
"password": "loveff.22",
"level": 0,
"email": "ice@gmail.com.cn",
"flow": "xtls-rprx-direct"
}
],
"fallbacks": [
{
"dest": 8080,
"alpn": "",
"xver": 1
},
{
"dest": 8081,
"alpn": "h2",
"xver": 1
}
]
},
"streamSettings": {
"network": "tcp",
"security": "xtls",
"xtlsSettings": {
"alpn": [
"h2",
"http/1.1"
],
"certificates": [
{
"certificateFile": "/root/.acme.sh/xx.s4.cc.hh.107421.xyz_ecc/fullchain.cer",
"keyFile": "/root/.acme.sh/xx.s4.cc.hh.107421.xyz_ecc/xx.s4.cc.hh.107421.xyz.key"
}
]
},
"sniffing": {
"enabled": true,
"destOverride": [
"http",
"tls"
]
}
}
},
{
"port": 19998,
"listen": "127.0.0.1",
"protocol": "vless",
"settings": {
"clients": [
{
"id": "adbd84eb-15fe-4c62-931c-b471791672ad",
"level": 0,
"email": "ice@gmail.com"
}
],
"decryption": "none"
},
"streamSettings": {
"network": "ws",
"security": "none",
"wsSettings": {
"acceptProxyProtocol": true,
"path": "/v2ice-vless-ws/"
}
}
},
{
"port": 19997,
"listen": "127.0.0.1",
"protocol": "vmess",
"settings": {
"clients": [
{
"id": "3da8aa3f-ddd7-49bf-94ba-950593f24471",
"level": 0,
"email": "ice@gmail.com"
}
]
},
"streamSettings": {
"network": "tcp",
"security": "auto",
"tcpSettings": {
"acceptProxyProtocol": true,
"header": {
"type": "http",
"request": {
"path": [
"/v2ice-vmess-tcp"
]
}
}
}
}
},
{
"port": 19996,
"listen": "127.0.0.1",
"protocol": "vmess",
"settings": {
"clients": [
{
"id": "c08e68f1-283c-4f91-9603-0b80484bb283",
"level": 0,
"email": "ice@gmail.com"
}
]
},
"streamSettings": {
"network": "ws",
"security": "auto",
"wsSettings": {
"acceptProxyProtocol": true,
"path": "/v2ice-vmess-ws"
}
}
},
{
"port": 19995,
"listen": "0.0.0.0",
"protocol": "vmess",
"settings": {
"clients": [
{
"id": "becaca40-b457-4572-9b46-ed66ecca7b4e",
"level": 0,
"alterId": 0,
"email": "ice@cc.com"
}
]
},
"streamSettings": {
"network": "ws",
"security": "auto",
"wsSettings": {
"acceptProxyProtocol": false,
"path": "/v2ice-default-ws"
}
}
}
],
"outbounds": [
{
"protocol": "freedom"
}
]
}

220
v2ray示例/XRay-外网服务器/XTLS-Trojan-vless-websocket-终极方案.json Normal file
View File

@@ -0,0 +1,220 @@
{
"log": {
"access": "/var/log/xray/access.log",
"error": "/var/log/xray/error.log",
"loglevel": "warning"
},
"inbounds": [
{
"port": 19990,
"protocol": "vless",
"settings": {
"clients": [
{
"id": "adbd84eb-15fe-4c62-931c-b471791672ad",
"flow": "xtls-rprx-direct",
"level": 0,
"email": "ice@gmail.com"
}
],
"decryption": "none",
"fallbacks": [
{
"dest": 19999,
"xver": 1
},
{
"path": "/v2ice-vless-ws",
"dest": 19998,
"xver": 1
},
{
"path": "/v2ice-vmess-tcp",
"dest": 19997,
"xver": 1
},
{
"path": "/v2ice-vmess-ws",
"dest": 19996,
"xver": 1
}
]
},
"streamSettings": {
"network": "tcp",
"security": "xtls",
"xtlsSettings": {
"alpn": [
"h2",
"http/1.1"
],
"certificates": [
{
"certificateFile": "/root/.acme.sh/xx.s4.cc.hh.107421.xyz_ecc/fullchain.cer",
"keyFile": "/root/.acme.sh/xx.s4.cc.hh.107421.xyz_ecc/xx.s4.cc.hh.107421.xyz.key"
}
]
},
"sniffing": {
"enabled": true,
"destOverride": [
"http",
"tls"
]
}
}
},
{
"port": 19999,
"listen": "127.0.0.1",
"protocol": "trojan",
"settings": {
"clients": [
{
"password": "loveff.22",
"level": 0,
"email": "ice@gmail.com.cn",
"flow": "xtls-rprx-direct"
}
],
"fallbacks": [
{
"dest": 8080,
"alpn": "",
"xver": 1
},
{
"dest": 8081,
"alpn": "h2",
"xver": 1
}
]
},
"streamSettings": {
"network": "tcp",
"security": "xtls",
"xtlsSettings": {
"alpn": [
"h2",
"http/1.1"
],
"certificates": [
{
"certificateFile": "/root/.acme.sh/xx.s4.cc.hh.107421.xyz_ecc/fullchain.cer",
"keyFile": "/root/.acme.sh/xx.s4.cc.hh.107421.xyz_ecc/xx.s4.cc.hh.107421.xyz.key"
}
]
},
"sniffing": {
"enabled": true,
"destOverride": [
"http",
"tls"
]
}
}
},
{
"port": 19998,
"listen": "127.0.0.1",
"protocol": "vless",
"settings": {
"clients": [
{
"id": "adbd84eb-15fe-4c62-931c-b471791672ad",
"level": 0,
"email": "ice@gmail.com"
}
],
"decryption": "none"
},
"streamSettings": {
"network": "ws",
"security": "auto",
"wsSettings": {
"acceptProxyProtocol": true,
"path": "/v2ice-vless-ws"
}
}
},
{
"port": 19997,
"listen": "127.0.0.1",
"protocol": "vmess",
"settings": {
"clients": [
{
"id": "3da8aa3f-ddd7-49bf-94ba-950593f24471",
"level": 0,
"email": "ice@gmail.com"
}
]
},
"streamSettings": {
"network": "tcp",
"security": "auto",
"tcpSettings": {
"acceptProxyProtocol": true,
"header": {
"type": "http",
"request": {
"path": [
"/v2ice-vmess-tcp"
]
}
}
}
}
},
{
"port": 19996,
"listen": "127.0.0.1",
"protocol": "vmess",
"settings": {
"clients": [
{
"id": "c08e68f1-283c-4f91-9603-0b80484bb283",
"level": 0,
"email": "ice@gmail.com"
}
]
},
"streamSettings": {
"network": "ws",
"security": "auto",
"wsSettings": {
"acceptProxyProtocol": true,
"path": "/v2ice-vmess-ws"
}
}
},
{
"port": 19995,
"listen": "0.0.0.0",
"protocol": "vmess",
"settings": {
"clients": [
{
"id": "becaca40-b457-4572-9b46-ed66ecca7b4e",
"level": 0,
"alterId": 0,
"email": "ice@cc.com"
}
]
},
"streamSettings": {
"network": "ws",
"security": "auto",
"wsSettings": {
"acceptProxyProtocol": false,
"path": "/v2ice-default-ws"
}
}
}
],
"outbounds": [
{
"protocol": "freedom"
}
]
}

64
v2ray示例/XRay-外网服务器/XTLS-Vless.json Normal file
View File

@@ -0,0 +1,64 @@
{
"log": {
"access": "/var/log/xray/access.log",
"error": "/var/log/xray/error.log",
"loglevel": "warning"
},
"inbounds": [
{
"port": 19990,
"protocol": "vless",
"settings": {
"clients": [
{
"id": "adbd84eb-15fe-4c62-931c-b471791672ad",
"flow": "xtls-rprx-direct",
"level": 0,
"email": "ice@gmail.com"
}
],
"decryption": "none",
"fallbacks": [
{
"dest": 60000,
"alpn": "",
"xver": 1
},
{
"dest": 60001,
"alpn": "h2",
"xver": 1
}
]
},
"streamSettings": {
"network": "tcp",
"security": "xtls",
"xtlsSettings": {
"alpn": [
"h2",
"http/1.1"
],
"certificates": [
{
"certificateFile": "/root/.acme.sh/xx.s4.cc.hh.107421.xyz_ecc/fullchain.cer",
"keyFile": "/root/.acme.sh/xx.s4.cc.hh.107421.xyz_ecc/xx.s4.cc.hh.107421.xyz.key"
}
]
},
"sniffing": {
"enabled": true,
"destOverride": [
"http",
"tls"
]
}
}
}
],
"outbounds": [
{
"protocol": "freedom"
}
]
}

30
v2ray示例/XRay-外网服务器/vmess-websocket-前端Nginx配置.conf Normal file
View File

@@ -0,0 +1,30 @@
server {
listen 443 ssl;
listen [::]:443 ssl;
ssl_certificate /etc/nginx/ssl/ws.s1.ccc.107421.xyz/ws.s1.ccc.107421.xyz.cert.pem;
ssl_certificate_key /etc/nginx/ssl/ws.s1.ccc.107421.xyz/ws.s1.ccc.107421.xyz.key.pem;
ssl_session_timeout 1d;
ssl_session_cache shared:MozSSL:10m;
ssl_session_tickets off;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
ssl_prefer_server_ciphers off;
server_name xx.s4.cc.hh.107421.xyz;
location /v2ice { # 与 V2Ray 配置中的 path 保持一致
if ($http_upgrade != "websocket") { # WebSocket协商失败时返回404
return 404;
}
proxy_redirect off;
proxy_pass http://127.0.0.1:12000; # 假设WebSocket监听在环回地址的10000端口上
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
# Show real IP in v2ray access.log
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}

19
v2ray示例/XRay-外网服务器/外网服务器-说明文档.md Normal file
View File

@@ -0,0 +1,19 @@
## Xray官方文档写的非常好
https://xtls.github.io/document/level-1/fallbacks-lv1.html
这一段配置用人话要怎么解释呢?
Xray 的入站端口 (inbound port) 是 443
即由 Xray 负责监听 443 端口的 HTTPS 流量,并使用 certificates 项下设定的 TLS 证书来进行验证
Xray 的入站协议 (inbound protocol) 是 vless
1. vless 协议流量直接流入 Xray 中做后续处理
2. 非 VLESS 协议流量有 4 个不同的回落目标:
1. path 为 websocket 的流量,回落给端口 1234 后续处理
2. path 为 vmesstcp 的流量,回落给端口 2345 后续处理
3. path 为 vmessws 的流量,回落给端口 3456 后续处理
4. 其它所有流量,回落给端口 1310 后续处理
3. xver 为 1 表示开启 proxy protocol 功能,向后传递来源真实 IP

BIN
v2ray示例/XRay-外网服务器/服务器系统架构图.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 72 KiB

89
v2ray示例/XRay-外网服务器/香港实际使用的Xray配置.json Normal file
View File

@@ -0,0 +1,89 @@
{
"log": {
"access": "/var/log/xray/access.log",
"error": "/var/log/xray/error.log",
"loglevel": "warning"
},
"inbounds": [
{
"port": 29999,
"protocol": "vless",
"settings": {
"clients": [
{
"id": "fc903f5d-a007-482b-928c-570da9a851f9",
"flow": "xtls-rprx-direct"
}
],
"decryption": "none",
"fallbacks": [
{
"dest": 60000,
"alpn": "",
"xver": 1
},
{
"dest": 60001,
"alpn": "h2",
"xver": 1
},
{
"dest": 60002,
"path": "/0e03986e4baac9/",
"xver": 1
}
]
},
"streamSettings": {
"network": "tcp",
"security": "xtls",
"xtlsSettings": {
"minVersion": "1.2",
"certificates": [
{
"certificateFile": "/usr/local/etc/xray/self_signed_cert.pem",
"keyFile": "/usr/local/etc/xray/self_signed_key.pem"
},
{
"certificateFile": "/ssl/xray.crt",
"keyFile": "/ssl/xray.key"
}
]
}
},
"sniffing": {
"enabled": true,
"destOverride": [
"http",
"tls"
]
}
},
{
"port": 60002,
"listen": "127.0.0.1",
"protocol": "vless",
"settings": {
"clients": [
{
"id": "fc903f5d-a007-482b-928c-570da9a851f9"
}
],
"decryption": "none"
},
"streamSettings": {
"network": "ws",
"security": "none",
"wsSettings": {
"acceptProxyProtocol": true,
"path": "/0e03986e4baac9/"
}
}
}
],
"outbounds": [
{
"protocol": "freedom"
}
]
}

BIN
v2ray示例/XRay/Xray-linux-64-v1.6.0.zip Normal file
View File

Binary file not shown.

744
v2ray示例/XRay/xray-install-另外的版本.sh Normal file
View File

@@ -0,0 +1,744 @@
#!/usr/bin/env bash
#====================================================
# System Request:Debian 9+/Ubuntu 18.04+/Centos 7+
# Author: wulabing
# Dscription: Xray onekey Management
# email: admin@wulabing.com
#====================================================
export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
stty erase ^?
cd "$(
cd "$(dirname "$0")" || exit
pwd
)" || exit
# 字体颜色配置
Green="\033[32m"
Red="\033[31m"
Yellow="\033[33m"
Blue="\033[36m"
Font="\033[0m"
GreenBG="\033[42;37m"
RedBG="\033[41;37m"
OK="${Green}[OK]${Font}"
ERROR="${Red}[ERROR]${Font}"
# 变量
shell_version="1.3.7"
github_branch="main"
xray_conf_dir="/usr/local/etc/xray"
website_dir="/www/xray_web/"
xray_access_log="/var/log/xray/access.log"
xray_error_log="/var/log/xray/error.log"
cert_dir="/usr/local/etc/xray"
domain_tmp_dir="/usr/local/etc/xray"
cert_group="nobody"
random_num=$((RANDOM % 12 + 4))
VERSION=$(echo "${VERSION}" | awk -F "[()]" '{print $2}')
WS_PATH="/$(head -n 10 /dev/urandom | md5sum | head -c ${random_num})/"
function shell_mode_check() {
if [ -f ${xray_conf_dir}/config.json ]; then
if [ "$(grep -c "wsSettings" ${xray_conf_dir}/config.json)" -ge 1 ]; then
shell_mode="ws"
else
shell_mode="tcp"
fi
else
shell_mode="None"
fi
}
function print_ok() {
echo -e "${OK} ${Blue} $1 ${Font}"
}
function print_error() {
echo -e "${ERROR} ${RedBG} $1 ${Font}"
}
function is_root() {
if [[ 0 == "$UID" ]]; then
print_ok "当前用户是 root 用户,开始安装流程"
else
print_error "当前用户不是 root 用户,请切换到 root 用户后重新执行脚本"
exit 1
fi
}
judge() {
if [[ 0 -eq $? ]]; then
print_ok "$1 完成"
sleep 1
else
print_error "$1 失败"
exit 1
fi
}
function system_check() {
source '/etc/os-release'
if [[ "${ID}" == "centos" && ${VERSION_ID} -ge 7 ]]; then
print_ok "当前系统为 Centos ${VERSION_ID} ${VERSION}"
INS="yum install -y"
wget -N -P /etc/yum.repos.d/ https://raw.githubusercontent.com/wulabing/Xray_onekey/${github_branch}/basic/nginx.repo
elif [[ "${ID}" == "ol" ]]; then
print_ok "当前系统为 Oracle Linux ${VERSION_ID} ${VERSION}"
INS="yum install -y"
wget -N -P /etc/yum.repos.d/ https://raw.githubusercontent.com/wulabing/Xray_onekey/${github_branch}/basic/nginx.repo
elif [[ "${ID}" == "debian" && ${VERSION_ID} -ge 9 ]]; then
print_ok "当前系统为 Debian ${VERSION_ID} ${VERSION}"
INS="apt install -y"
# 清除可能的遗留问题
rm -f /etc/apt/sources.list.d/nginx.list
$INS lsb-release gnupg2
echo "deb http://nginx.org/packages/debian $(lsb_release -cs) nginx" >/etc/apt/sources.list.d/nginx.list
curl -fsSL https://nginx.org/keys/nginx_signing.key | apt-key add -
apt update
elif [[ "${ID}" == "ubuntu" && $(echo "${VERSION_ID}" | cut -d '.' -f1) -ge 18 ]]; then
print_ok "当前系统为 Ubuntu ${VERSION_ID} ${UBUNTU_CODENAME}"
INS="apt install -y"
# 清除可能的遗留问题
rm -f /etc/apt/sources.list.d/nginx.list
$INS lsb-release gnupg2
echo "deb http://nginx.org/packages/ubuntu $(lsb_release -cs) nginx" >/etc/apt/sources.list.d/nginx.list
curl -fsSL https://nginx.org/keys/nginx_signing.key | apt-key add -
apt update
else
print_error "当前系统为 ${ID} ${VERSION_ID} 不在支持的系统列表内"
exit 1
fi
if [[ $(grep "nogroup" /etc/group) ]]; then
cert_group="nogroup"
fi
$INS dbus
# 关闭各类防火墙
systemctl stop firewalld
systemctl disable firewalld
systemctl stop nftables
systemctl disable nftables
systemctl stop ufw
systemctl disable ufw
}
function nginx_install() {
if ! command -v nginx >/dev/null 2>&1; then
${INS} nginx
judge "Nginx 安装"
else
print_ok "Nginx 已存在"
${INS} nginx
fi
# 遗留问题处理
mkdir -p /etc/nginx/conf.d >/dev/null 2>&1
}
function dependency_install() {
${INS} wget lsof tar
judge "安装 wget lsof tar"
if [[ "${ID}" == "centos" || "${ID}" == "ol" ]]; then
${INS} crontabs
else
${INS} cron
fi
judge "安装 crontab"
if [[ "${ID}" == "centos" || "${ID}" == "ol" ]]; then
touch /var/spool/cron/root && chmod 600 /var/spool/cron/root
systemctl start crond && systemctl enable crond
else
touch /var/spool/cron/crontabs/root && chmod 600 /var/spool/cron/crontabs/root
systemctl start cron && systemctl enable cron
fi
judge "crontab 自启动配置 "
${INS} unzip
judge "安装 unzip"
${INS} curl
judge "安装 curl"
# upgrade systemd
${INS} systemd
judge "安装/升级 systemd"
# Nginx 后置 无需编译 不再需要
# if [[ "${ID}" == "centos" || "${ID}" == "ol" ]]; then
# yum -y groupinstall "Development tools"
# else
# ${INS} build-essential
# fi
# judge "编译工具包 安装"
if [[ "${ID}" == "centos" ]]; then
${INS} pcre pcre-devel zlib-devel epel-release openssl openssl-devel
elif [[ "${ID}" == "ol" ]]; then
${INS} pcre pcre-devel zlib-devel openssl openssl-devel
# Oracle Linux 不同日期版本的 VERSION_ID 比较乱 直接暴力处理
yum-config-manager --enable ol7_developer_EPEL >/dev/null 2>&1
yum-config-manager --enable ol8_developer_EPEL >/dev/null 2>&1
else
${INS} libpcre3 libpcre3-dev zlib1g-dev openssl libssl-dev
fi
${INS} jq
if ! command -v jq; then
wget -P /usr/bin https://raw.githubusercontent.com/wulabing/Xray_onekey/${github_branch}/binary/jq && chmod +x /usr/bin/jq
judge "安装 jq"
fi
# 防止部分系统xray的默认bin目录缺失
mkdir /usr/local/bin >/dev/null 2>&1
}
function basic_optimization() {
# 最大文件打开数
sed -i '/^\*\ *soft\ *nofile\ *[[:digit:]]*/d' /etc/security/limits.conf
sed -i '/^\*\ *hard\ *nofile\ *[[:digit:]]*/d' /etc/security/limits.conf
echo '* soft nofile 65536' >>/etc/security/limits.conf
echo '* hard nofile 65536' >>/etc/security/limits.conf
# 关闭 Selinux
if [[ "${ID}" == "centos" || "${ID}" == "ol" ]]; then
sed -i 's/^SELINUX=.*/SELINUX=disabled/' /etc/selinux/config
setenforce 0
fi
}
function domain_check() {
read -rp "请输入你的域名信息(eg: www.wulabing.com):" domain
domain_ip=$(ping "${domain}" -c 1 | sed '1{s/[^(]*(//;s/).*//;q}')
print_ok "正在获取 IP 地址信息,请耐心等待"
local_ip=$(curl -4L api64.ipify.org)
echo -e "域名通过 DNS 解析的 IP 地址:${domain_ip}"
echo -e "本机公网 IP 地址: ${local_ip}"
sleep 2
if [[ ${domain_ip} == "${local_ip}" ]]; then
print_ok "域名通过 DNS 解析的 IP 地址与 本机 IP 地址匹配"
sleep 2
else
print_error "请确保域名添加了正确的 A 记录,否则将无法正常使用 xray"
print_error "域名通过 DNS 解析的 IP 地址与 本机 IP 地址不匹配是否继续安装y/n" && read -r install
case $install in
[yY][eE][sS] | [yY])
print_ok "继续安装"
sleep 2
;;
*)
print_error "安装终止"
exit 2
;;
esac
fi
}
function port_exist_check() {
if [[ 0 -eq $(lsof -i:"$1" | grep -i -c "listen") ]]; then
print_ok "$1 端口未被占用"
sleep 1
else
print_error "检测到 $1 端口被占用,以下为 $1 端口占用信息"
lsof -i:"$1"
print_error "5s 后将尝试自动 kill 占用进程"
sleep 5
lsof -i:"$1" | awk '{print $2}' | grep -v "PID" | xargs kill -9
print_ok "kill 完成"
sleep 1
fi
}
function update_sh() {
ol_version=$(curl -L -s https://raw.githubusercontent.com/wulabing/Xray_onekey/${github_branch}/install.sh | grep "shell_version=" | head -1 | awk -F '=|"' '{print $3}')
if [[ "$shell_version" != "$(echo -e "$shell_version\n$ol_version" | sort -rV | head -1)" ]]; then
print_ok "存在新版本,是否更新 [Y/N]?"
read -r update_confirm
case $update_confirm in
[yY][eE][sS] | [yY])
wget -N --no-check-certificate https://raw.githubusercontent.com/wulabing/Xray_onekey/${github_branch}/install.sh
print_ok "更新完成"
print_ok "您可以通过 bash $0 执行本程序"
exit 0
;;
*) ;;
esac
else
print_ok "当前版本为最新版本"
print_ok "您可以通过 bash $0 执行本程序"
fi
}
function xray_tmp_config_file_check_and_use() {
if [[ -s ${xray_conf_dir}/config_tmp.json ]]; then
mv -f ${xray_conf_dir}/config_tmp.json ${xray_conf_dir}/config.json
else
print_error "xray 配置文件修改异常"
fi
}
function modify_UUID() {
[ -z "$UUID" ] && UUID=$(cat /proc/sys/kernel/random/uuid)
cat ${xray_conf_dir}/config.json | jq 'setpath(["inbounds",0,"settings","clients",0,"id"];"'${UUID}'")' >${xray_conf_dir}/config_tmp.json
xray_tmp_config_file_check_and_use
judge "Xray TCP UUID 修改"
}
function modify_UUID_ws() {
cat ${xray_conf_dir}/config.json | jq 'setpath(["inbounds",1,"settings","clients",0,"id"];"'${UUID}'")' >${xray_conf_dir}/config_tmp.json
xray_tmp_config_file_check_and_use
judge "Xray ws UUID 修改"
}
function modify_fallback_ws() {
cat ${xray_conf_dir}/config.json | jq 'setpath(["inbounds",0,"settings","fallbacks",2,"path"];"'${WS_PATH}'")' >${xray_conf_dir}/config_tmp.json
xray_tmp_config_file_check_and_use
judge "Xray fallback_ws 修改"
}
function modify_ws() {
cat ${xray_conf_dir}/config.json | jq 'setpath(["inbounds",1,"streamSettings","wsSettings","path"];"'${WS_PATH}'")' >${xray_conf_dir}/config_tmp.json
xray_tmp_config_file_check_and_use
judge "Xray ws 修改"
}
function configure_nginx() {
nginx_conf="/etc/nginx/conf.d/${domain}.conf"
cd /etc/nginx/conf.d/ && rm -f ${domain}.conf && wget -O ${domain}.conf https://raw.githubusercontent.com/wulabing/Xray_onekey/${github_branch}/config/web.conf
sed -i "s/xxx/${domain}/g" ${nginx_conf}
judge "Nginx config modify"
systemctl restart nginx
}
function modify_port() {
read -rp "请输入端口号(默认443)" PORT
[ -z "$PORT" ] && PORT="443"
if [[ $PORT -le 0 ]] || [[ $PORT -gt 65535 ]]; then
print_error "请输入 0-65535 之间的值"
exit 1
fi
port_exist_check $PORT
cat ${xray_conf_dir}/config.json | jq 'setpath(["inbounds",0,"port"];'${PORT}')' >${xray_conf_dir}/config_tmp.json
xray_tmp_config_file_check_and_use
judge "Xray 端口 修改"
}
function configure_xray() {
cd /usr/local/etc/xray && rm -f config.json && wget -O config.json https://raw.githubusercontent.com/wulabing/Xray_onekey/${github_branch}/config/xray_xtls-rprx-direct.json
modify_UUID
modify_port
}
function configure_xray_ws() {
cd /usr/local/etc/xray && rm -f config.json && wget -O config.json https://raw.githubusercontent.com/wulabing/Xray_onekey/${github_branch}/config/xray_tls_ws_mix-rprx-direct.json
modify_UUID
modify_UUID_ws
modify_port
modify_fallback_ws
modify_ws
}
function xray_install() {
print_ok "安装 Xray"
curl -L https://github.com/XTLS/Xray-install/raw/main/install-release.sh | bash -s -- install
judge "Xray 安装"
# 用于生成 Xray 的导入链接
echo $domain >$domain_tmp_dir/domain
judge "域名记录"
}
function ssl_install() {
# 使用 Nginx 配合签发 无需安装相关依赖
# if [[ "${ID}" == "centos" || "${ID}" == "ol" ]]; then
# ${INS} socat nc
# else
# ${INS} socat netcat
# fi
# judge "安装 SSL 证书生成脚本依赖"
curl -L get.acme.sh | bash
judge "安装 SSL 证书生成脚本"
}
function acme() {
"$HOME"/.acme.sh/acme.sh --set-default-ca --server letsencrypt
sed -i "6s/^/#/" "$nginx_conf"
sed -i "6a\\\troot $website_dir;" "$nginx_conf"
systemctl restart nginx
if "$HOME"/.acme.sh/acme.sh --issue -d "${domain}" --webroot "$website_dir" -k ec-256 --force; then
print_ok "SSL 证书生成成功"
sleep 2
if "$HOME"/.acme.sh/acme.sh --installcert -d "${domain}" --fullchainpath /ssl/xray.crt --keypath /ssl/xray.key --reloadcmd "systemctl restart xray" --ecc --force; then
print_ok "SSL 证书配置成功"
sleep 2
fi
else
print_error "SSL 证书生成失败"
rm -rf "$HOME/.acme.sh/${domain}_ecc"
exit 1
fi
sed -i "7d" "$nginx_conf"
sed -i "6s/#//" "$nginx_conf"
}
function ssl_judge_and_install() {
mkdir -p /ssl >/dev/null 2>&1
if [[ -f "/ssl/xray.key" || -f "/ssl/xray.crt" ]]; then
print_ok "/ssl 目录下证书文件已存在"
print_ok "是否删除 /ssl 目录下的证书文件 [Y/N]?"
read -r ssl_delete
case $ssl_delete in
[yY][eE][sS] | [yY])
rm -rf /ssl/*
print_ok "已删除"
;;
*) ;;
esac
fi
if [[ -f "/ssl/xray.key" || -f "/ssl/xray.crt" ]]; then
echo "证书文件已存在"
elif [[ -f "$HOME/.acme.sh/${domain}_ecc/${domain}.key" && -f "$HOME/.acme.sh/${domain}_ecc/${domain}.cer" ]]; then
echo "证书文件已存在"
"$HOME"/.acme.sh/acme.sh --installcert -d "${domain}" --fullchainpath /ssl/xray.crt --keypath /ssl/xray.key --ecc
judge "证书应用"
else
mkdir /ssl
cp -a $cert_dir/self_signed_cert.pem /ssl/xray.crt
cp -a $cert_dir/self_signed_key.pem /ssl/xray.key
ssl_install
acme
fi
# Xray 默认以 nobody 用户运行,证书权限适配
chown -R nobody.$cert_group /ssl/*
}
function generate_certificate() {
signedcert=$(xray tls cert -domain="$local_ip" -name="$local_ip" -org="$local_ip" -expire=87600h)
echo $signedcert | jq '.certificate[]' | sed 's/\"//g' | tee $cert_dir/self_signed_cert.pem
echo $signedcert | jq '.key[]' | sed 's/\"//g' >$cert_dir/self_signed_key.pem
openssl x509 -in $cert_dir/self_signed_cert.pem -noout || 'print_error "生成自签名证书失败" && exit 1'
print_ok "生成自签名证书成功"
chown nobody.$cert_group $cert_dir/self_signed_cert.pem
chown nobody.$cert_group $cert_dir/self_signed_key.pem
}
function configure_web() {
rm -rf /www/xray_web
mkdir -p /www/xray_web
wget -O web.tar.gz https://raw.githubusercontent.com/wulabing/Xray_onekey/main/basic/web.tar.gz
tar xzf web.tar.gz -C /www/xray_web
judge "站点伪装"
rm -f web.tar.gz
}
function xray_uninstall() {
curl -L https://github.com/XTLS/Xray-install/raw/main/install-release.sh | bash -s -- remove --purge
rm -rf $website_dir
print_ok "是否卸载nginx [Y/N]?"
read -r uninstall_nginx
case $uninstall_nginx in
[yY][eE][sS] | [yY])
if [[ "${ID}" == "centos" || "${ID}" == "ol" ]]; then
yum remove nginx -y
else
apt purge nginx -y
fi
;;
*) ;;
esac
print_ok "是否卸载acme.sh [Y/N]?"
read -r uninstall_acme
case $uninstall_acme in
[yY][eE][sS] | [yY])
/root/.acme.sh/acme.sh --uninstall
rm -rf /root/.acme.sh
rm -rf /ssl/
;;
*) ;;
esac
print_ok "卸载完成"
exit 0
}
function restart_all() {
systemctl restart nginx
judge "Nginx 启动"
systemctl restart xray
judge "Xray 启动"
}
function vless_xtls-rprx-direct_link() {
UUID=$(cat ${xray_conf_dir}/config.json | jq .inbounds[0].settings.clients[0].id | tr -d '"')
PORT=$(cat ${xray_conf_dir}/config.json | jq .inbounds[0].port)
FLOW=$(cat ${xray_conf_dir}/config.json | jq .inbounds[0].settings.clients[0].flow | tr -d '"')
DOMAIN=$(cat ${domain_tmp_dir}/domain)
print_ok "URL 链接VLESS + TCP + TLS"
print_ok "vless://$UUID@$DOMAIN:$PORT?security=tls&flow=$FLOW#TLS_wulabing-$DOMAIN"
print_ok "URL 链接VLESS + TCP + XTLS"
print_ok "vless://$UUID@$DOMAIN:$PORT?security=xtls&flow=$FLOW#XTLS_wulabing-$DOMAIN"
print_ok "-------------------------------------------------"
print_ok "URL 二维码VLESS + TCP + TLS请在浏览器中访问"
print_ok "https://api.qrserver.com/v1/create-qr-code/?size=400x400&data=vless://$UUID@$DOMAIN:$PORT?security=tls%26flow=$FLOW%23TLS_wulabing-$DOMAIN"
print_ok "URL 二维码VLESS + TCP + XTLS请在浏览器中访问"
print_ok "https://api.qrserver.com/v1/create-qr-code/?size=400x400&data=vless://$UUID@$DOMAIN:$PORT?security=xtls%26flow=$FLOW%23XTLS_wulabing-$DOMAIN"
}
function vless_xtls-rprx-direct_information() {
UUID=$(cat ${xray_conf_dir}/config.json | jq .inbounds[0].settings.clients[0].id | tr -d '"')
PORT=$(cat ${xray_conf_dir}/config.json | jq .inbounds[0].port)
FLOW=$(cat ${xray_conf_dir}/config.json | jq .inbounds[0].settings.clients[0].flow | tr -d '"')
DOMAIN=$(cat ${domain_tmp_dir}/domain)
echo -e "${Red} Xray 配置信息 ${Font}"
echo -e "${Red} 地址address:${Font} $DOMAIN"
echo -e "${Red} 端口port${Font} $PORT"
echo -e "${Red} 用户 IDUUID${Font} $UUID"
echo -e "${Red} 流控flow${Font} $FLOW"
echo -e "${Red} 加密方式security${Font} none "
echo -e "${Red} 传输协议network${Font} tcp "
echo -e "${Red} 伪装类型type${Font} none "
echo -e "${Red} 底层传输安全:${Font} xtls 或 tls"
}
function ws_information() {
UUID=$(cat ${xray_conf_dir}/config.json | jq .inbounds[0].settings.clients[0].id | tr -d '"')
PORT=$(cat ${xray_conf_dir}/config.json | jq .inbounds[0].port)
FLOW=$(cat ${xray_conf_dir}/config.json | jq .inbounds[0].settings.clients[0].flow | tr -d '"')
WS_PATH=$(cat ${xray_conf_dir}/config.json | jq .inbounds[0].settings.fallbacks[2].path | tr -d '"')
DOMAIN=$(cat ${domain_tmp_dir}/domain)
echo -e "${Red} Xray 配置信息 ${Font}"
echo -e "${Red} 地址address:${Font} $DOMAIN"
echo -e "${Red} 端口port${Font} $PORT"
echo -e "${Red} 用户 IDUUID${Font} $UUID"
echo -e "${Red} 加密方式security${Font} none "
echo -e "${Red} 传输协议network${Font} ws "
echo -e "${Red} 伪装类型type${Font} none "
echo -e "${Red} 路径path${Font} $WS_PATH "
echo -e "${Red} 底层传输安全:${Font} tls "
}
function ws_link() {
UUID=$(cat ${xray_conf_dir}/config.json | jq .inbounds[0].settings.clients[0].id | tr -d '"')
PORT=$(cat ${xray_conf_dir}/config.json | jq .inbounds[0].port)
FLOW=$(cat ${xray_conf_dir}/config.json | jq .inbounds[0].settings.clients[0].flow | tr -d '"')
WS_PATH=$(cat ${xray_conf_dir}/config.json | jq .inbounds[0].settings.fallbacks[2].path | tr -d '"')
WS_PATH_WITHOUT_SLASH=$(echo $WS_PATH | tr -d '/')
DOMAIN=$(cat ${domain_tmp_dir}/domain)
print_ok "URL 链接VLESS + TCP + TLS"
print_ok "vless://$UUID@$DOMAIN:$PORT?security=tls#TLS_wulabing-$DOMAIN"
print_ok "URL 链接VLESS + TCP + XTLS"
print_ok "vless://$UUID@$DOMAIN:$PORT?security=xtls&flow=$FLOW#XTLS_wulabing-$DOMAIN"
print_ok "URL 链接VLESS + WebSocket + TLS"
print_ok "vless://$UUID@$DOMAIN:$PORT?type=ws&security=tls&path=%2f${WS_PATH_WITHOUT_SLASH}%2f#WS_TLS_wulabing-$DOMAIN"
print_ok "-------------------------------------------------"
print_ok "URL 二维码VLESS + TCP + TLS请在浏览器中访问"
print_ok "https://api.qrserver.com/v1/create-qr-code/?size=400x400&data=vless://$UUID@$DOMAIN:$PORT?security=tls%23TLS_wulabing-$DOMAIN"
print_ok "URL 二维码VLESS + TCP + XTLS请在浏览器中访问"
print_ok "https://api.qrserver.com/v1/create-qr-code/?size=400x400&data=vless://$UUID@$DOMAIN:$PORT?security=xtls%26flow=$FLOW%23XTLS_wulabing-$DOMAIN"
print_ok "URL 二维码VLESS + WebSocket + TLS请在浏览器中访问"
print_ok "https://api.qrserver.com/v1/create-qr-code/?size=400x400&data=vless://$UUID@$DOMAIN:$PORT?type=ws%26security=tls%26path=%2f${WS_PATH_WITHOUT_SLASH}%2f%23WS_TLS_wulabing-$DOMAIN"
}
function basic_information() {
print_ok "VLESS+TCP+XTLS+Nginx 安装成功"
vless_xtls-rprx-direct_information
vless_xtls-rprx-direct_link
}
function basic_ws_information() {
print_ok "VLESS+TCP+TLS+Nginx with WebSocket 混合模式 安装成功"
ws_information
print_ok "————————————————————————"
vless_xtls-rprx-direct_information
ws_link
}
function show_access_log() {
[ -f ${xray_access_log} ] && tail -f ${xray_access_log} || echo -e "${RedBG}log文件不存在${Font}"
}
function show_error_log() {
[ -f ${xray_error_log} ] && tail -f ${xray_error_log} || echo -e "${RedBG}log文件不存在${Font}"
}
function bbr_boost_sh() {
[ -f "tcp.sh" ] && rm -rf ./tcp.sh
wget -N --no-check-certificate "https://raw.githubusercontent.com/ylx2016/Linux-NetSpeed/master/tcp.sh" && chmod +x tcp.sh && ./tcp.sh
}
function mtproxy_sh() {
wget -N --no-check-certificate "https://github.com/wulabing/mtp/raw/master/mtproxy.sh" && chmod +x mtproxy.sh && bash mtproxy.sh
}
function install_xray() {
is_root
system_check
dependency_install
basic_optimization
domain_check
port_exist_check 80
xray_install
configure_xray
nginx_install
configure_nginx
configure_web
generate_certificate
ssl_judge_and_install
restart_all
basic_information
}
function install_xray_ws() {
is_root
system_check
dependency_install
basic_optimization
domain_check
port_exist_check 80
xray_install
configure_xray_ws
nginx_install
configure_nginx
configure_web
generate_certificate
ssl_judge_and_install
restart_all
basic_ws_information
}
menu() {
#update_sh
shell_mode_check
echo -e "\t Xray 安装管理脚本 ${Red}[${shell_version}]${Font}"
echo -e "\t---authored by wulabing---"
echo -e "\thttps://github.com/wulabing\n"
echo -e "当前已安装版本:${shell_mode}"
echo -e "—————————————— 安装向导 ——————————————"""
echo -e "${Green}0.${Font} 升级 脚本"
echo -e "${Green}1.${Font} 安装 Xray (VLESS + TCP + XTLS / TLS + Nginx)"
echo -e "${Green}2.${Font} 安装 Xray (VLESS + TCP + XTLS / TLS + Nginx 及 VLESS + TCP + TLS + Nginx + WebSocket 回落并存模式)"
echo -e "—————————————— 配置变更 ——————————————"
echo -e "${Green}11.${Font} 变更 UUID"
echo -e "${Green}13.${Font} 变更 连接端口"
echo -e "${Green}14.${Font} 变更 WebSocket PATH"
echo -e "—————————————— 查看信息 ——————————————"
echo -e "${Green}21.${Font} 查看 实时访问日志"
echo -e "${Green}22.${Font} 查看 实时错误日志"
echo -e "${Green}23.${Font} 查看 Xray 配置链接"
# echo -e "${Green}23.${Font} 查看 V2Ray 配置信息"
echo -e "—————————————— 其他选项 ——————————————"
echo -e "${Green}31.${Font} 安装 4 合 1 BBR、锐速安装脚本"
echo -e "${Yellow}32.${Font} 安装 MTproxy(不推荐使用,请相关用户关闭或卸载)"
echo -e "${Green}33.${Font} 卸载 Xray"
echo -e "${Green}34.${Font} 更新 Xray-core"
echo -e "${Green}35.${Font} 安装 Xray-core 测试版(Pre)"
echo -e "${Green}36.${Font} 手动更新SSL证书"
echo -e "${Green}40.${Font} 退出"
read -rp "请输入数字:" menu_num
case $menu_num in
0)
update_sh
;;
1)
install_xray
;;
2)
install_xray_ws
;;
11)
read -rp "请输入UUID:" UUID
if [[ ${shell_mode} == "tcp" ]]; then
modify_UUID
elif [[ ${shell_mode} == "ws" ]]; then
modify_UUID
modify_UUID_ws
fi
restart_all
;;
13)
modify_port
restart_all
;;
14)
if [[ ${shell_mode} == "ws" ]]; then
read -rp "请输入路径(示例:/wulabing/ 要求两侧都包含/):" WS_PATH
modify_fallback_ws
modify_ws
restart_all
else
print_error "当前模式不是Websocket模式"
fi
;;
21)
tail -f $xray_access_log
;;
22)
tail -f $xray_error_log
;;
23)
if [[ -f $xray_conf_dir/config.json ]]; then
if [[ ${shell_mode} == "tcp" ]]; then
basic_information
elif [[ ${shell_mode} == "ws" ]]; then
basic_ws_information
fi
else
print_error "xray 配置文件不存在"
fi
;;
31)
bbr_boost_sh
;;
32)
mtproxy_sh
;;
33)
source '/etc/os-release'
xray_uninstall
;;
34)
bash -c "$(curl -L https://github.com/XTLS/Xray-install/raw/main/install-release.sh)" - install
restart_all
;;
35)
bash -c "$(curl -L https://github.com/XTLS/Xray-install/raw/main/install-release.sh)" - install --beta
restart_all
;;
36)
"/root/.acme.sh"/acme.sh --cron --home "/root/.acme.sh"
restart_all
;;
40)
exit 0
;;
*)
print_error "请输入正确的数字"
;;
esac
}
menu "$@"

911
v2ray示例/XRay/官方Xray安装脚本-2022-10-21.sh Normal file
View File

@@ -0,0 +1,911 @@
#!/usr/bin/env bash
# The files installed by the script conform to the Filesystem Hierarchy Standard:
# https://wiki.linuxfoundation.org/lsb/fhs
# The URL of the script project is:
# https://github.com/XTLS/Xray-install
# The URL of the scraaaaaipt is:
# https://raw.githubusercontent.com/XTLS/Xray-install/main/install-release.sh
# If the script executes incorrectly, go to:
# https://github.com/XTLS/Xray-install/issues
# You can set this variable whatever you want in shell session right before running this script by issuing:
# export DAT_PATH='/usr/local/share/xray'
DAT_PATH=${DAT_PATH:-/usr/local/share/xray}
# You can set this variable whatever you want in shell session right before running this script by issuing:
# export JSON_PATH='/usr/local/etc/xray'
JSON_PATH=${JSON_PATH:-/usr/local/etc/xray}
# Set this variable only if you are starting xray with multiple configuration files:
# export JSONS_PATH='/usr/local/etc/xray'
# Set this variable only if you want this script to check all the systemd unit file:
# export check_all_service_files='yes'
# Gobal verbals
if [[ -f '/etc/systemd/system/xray.service' ]] && [[ -f '/usr/local/bin/xray' ]]; then
XRAY_IS_INSTALLED_BEFORE_RUNNING_SCRIPT=1
else
XRAY_IS_INSTALLED_BEFORE_RUNNING_SCRIPT=0
fi
# Xray current version
CURRENT_VERSION=''
# Xray latest release version
RELEASE_LATEST=''
# Xray latest prerelease/release version
PRE_RELEASE_LATEST=''
# Xray version will be installed
INSTALL_VERSION=''
# install
INSTALL='0'
# install-geodata
INSTALL_GEODATA='0'
# remove
REMOVE='0'
# help
HELP='0'
# check
CHECK='0'
# --force
FORCE='0'
# --beta
BETA='0'
# --install-user ?
INSTALL_USER=''
# --without-geodata
NO_GEODATA='0'
# --without-logfiles
NO_LOGFILES='0'
# --no-update-service
N_UP_SERVICE='0'
# --reinstall
REINSTALL='0'
# --version ?
SPECIFIED_VERSION=''
# --local ?
LOCAL_FILE=''
# --proxy ?
PROXY=''
# --purge
PURGE='0'
curl() {
$(type -P curl) -L -q --retry 5 --retry-delay 10 --retry-max-time 60 "$@"
}
systemd_cat_config() {
if systemd-analyze --help | grep -qw 'cat-config'; then
systemd-analyze --no-pager cat-config "$@"
echo
else
echo "${aoi}~~~~~~~~~~~~~~~~"
cat "$@" "$1".d/*
echo "${aoi}~~~~~~~~~~~~~~~~"
echo "${red}warning: ${green}The systemd version on the current operating system is too low."
echo "${red}warning: ${green}Please consider to upgrade the systemd or the operating system.${reset}"
echo
fi
}
check_if_running_as_root() {
# If you want to run as another user, please modify $EUID to be owned by this user
if [[ "$EUID" -ne '0' ]]; then
echo "error: You must run this script as root!"
exit 1
fi
}
identify_the_operating_system_and_architecture() {
if [[ "$(uname)" == 'Linux' ]]; then
case "$(uname -m)" in
'i386' | 'i686')
MACHINE='32'
;;
'amd64' | 'x86_64')
MACHINE='64'
;;
'armv5tel')
MACHINE='arm32-v5'
;;
'armv6l')
MACHINE='arm32-v6'
grep Features /proc/cpuinfo | grep -qw 'vfp' || MACHINE='arm32-v5'
;;
'armv7' | 'armv7l')
MACHINE='arm32-v7a'
grep Features /proc/cpuinfo | grep -qw 'vfp' || MACHINE='arm32-v5'
;;
'armv8' | 'aarch64')
MACHINE='arm64-v8a'
;;
'mips')
MACHINE='mips32'
;;
'mipsle')
MACHINE='mips32le'
;;
'mips64')
MACHINE='mips64'
lscpu | grep -q "Little Endian" && MACHINE='mips64le'
;;
'mips64le')
MACHINE='mips64le'
;;
'ppc64')
MACHINE='ppc64'
;;
'ppc64le')
MACHINE='ppc64le'
;;
'riscv64')
MACHINE='riscv64'
;;
's390x')
MACHINE='s390x'
;;
*)
echo "error: The architecture is not supported."
exit 1
;;
esac
if [[ ! -f '/etc/os-release' ]]; then
echo "error: Don't use outdated Linux distributions."
exit 1
fi
# Do not combine this judgment condition with the following judgment condition.
## Be aware of Linux distribution like Gentoo, which kernel supports switch between Systemd and OpenRC.
if [[ -f /.dockerenv ]] || grep -q 'docker\|lxc' /proc/1/cgroup && [[ "$(type -P systemctl)" ]]; then
true
elif [[ -d /run/systemd/system ]] || grep -q systemd <(ls -l /sbin/init); then
true
else
echo "error: Only Linux distributions using systemd are supported."
exit 1
fi
if [[ "$(type -P apt)" ]]; then
PACKAGE_MANAGEMENT_INSTALL='apt -y --no-install-recommends install'
PACKAGE_MANAGEMENT_REMOVE='apt purge'
package_provide_tput='ncurses-bin'
elif [[ "$(type -P dnf)" ]]; then
PACKAGE_MANAGEMENT_INSTALL='dnf -y install'
PACKAGE_MANAGEMENT_REMOVE='dnf remove'
package_provide_tput='ncurses'
elif [[ "$(type -P yum)" ]]; then
PACKAGE_MANAGEMENT_INSTALL='yum -y install'
PACKAGE_MANAGEMENT_REMOVE='yum remove'
package_provide_tput='ncurses'
elif [[ "$(type -P zypper)" ]]; then
PACKAGE_MANAGEMENT_INSTALL='zypper install -y --no-recommends'
PACKAGE_MANAGEMENT_REMOVE='zypper remove'
package_provide_tput='ncurses-utils'
elif [[ "$(type -P pacman)" ]]; then
PACKAGE_MANAGEMENT_INSTALL='pacman -Syu --noconfirm'
PACKAGE_MANAGEMENT_REMOVE='pacman -Rsn'
package_provide_tput='ncurses'
elif [[ "$(type -P emerge)" ]]; then
PACKAGE_MANAGEMENT_INSTALL='emerge -v'
PACKAGE_MANAGEMENT_REMOVE='emerge -Cv'
package_provide_tput='ncurses'
else
echo "error: The script does not support the package manager in this operating system."
exit 1
fi
else
echo "error: This operating system is not supported."
exit 1
fi
}
## Demo function for processing parameters
judgment_parameters() {
local local_install='0'
local temp_version='0'
while [[ "$#" -gt '0' ]]; do
case "$1" in
'install')
INSTALL='1'
;;
'install-geodata')
INSTALL_GEODATA='1'
;;
'remove')
REMOVE='1'
;;
'help')
HELP='1'
;;
'check')
CHECK='1'
;;
'--without-geodata')
NO_GEODATA='1'
;;
'--without-logfiles')
NO_LOGFILES='1'
;;
'--purge')
PURGE='1'
;;
'--version')
if [[ -z "$2" ]]; then
echo "error: Please specify the correct version."
exit 1
fi
temp_version='1'
SPECIFIED_VERSION="$2"
shift
;;
'-f' | '--force')
FORCE='1'
;;
'--beta')
BETA='1'
;;
'-l' | '--local')
local_install='1'
if [[ -z "$2" ]]; then
echo "error: Please specify the correct local file."
exit 1
fi
LOCAL_FILE="$2"
shift
;;
'-p' | '--proxy')
if [[ -z "$2" ]]; then
echo "error: Please specify the proxy server address."
exit 1
fi
PROXY="$2"
shift
;;
'-u' | '--install-user')
if [[ -z "$2" ]]; then
echo "error: Please specify the install user.}"
exit 1
fi
INSTALL_USER="$2"
shift
;;
'--reinstall')
REINSTALL='1'
;;
'--no-update-service')
N_UP_SERVICE='1'
;;
*)
echo "$0: unknown option -- -"
exit 1
;;
esac
shift
done
if ((INSTALL+INSTALL_GEODATA+HELP+CHECK+REMOVE==0)); then
INSTALL='1'
elif ((INSTALL+INSTALL_GEODATA+HELP+CHECK+REMOVE>1)); then
echo 'You can only choose one action.'
exit 1
fi
if [[ "$INSTALL" -eq '1' ]] && ((temp_version+local_install+REINSTALL+BETA>1)); then
echo "--version,--reinstall,--beta and --local can't be used together."
exit 1
fi
}
check_install_user() {
if [[ -z "$INSTALL_USER" ]]; then
if [[ -f '/usr/local/bin/xray' ]]; then
INSTALL_USER="$(grep '^[ '$'\t]*User[ '$'\t]*=' /etc/systemd/system/xray.service | tail -n 1 | awk -F = '{print $2}' | awk '{print $1}')"
if [[ -z "$INSTALL_USER" ]]; then
INSTALL_USER='root'
fi
else
INSTALL_USER='nobody'
fi
fi
if ! id $INSTALL_USER > /dev/null 2>&1; then
echo "the user '$INSTALL_USER' is not effective"
exit 1
fi
INSTALL_USER_UID="$(id -u $INSTALL_USER)"
INSTALL_USER_GID="$(id -g $INSTALL_USER)"
}
install_software() {
package_name="$1"
file_to_detect="$2"
type -P "$file_to_detect" > /dev/null 2>&1 && return
if ${PACKAGE_MANAGEMENT_INSTALL} "$package_name"; then
echo "info: $package_name is installed."
else
echo "error: Installation of $package_name failed, please check your network."
exit 1
fi
}
get_current_version() {
# Get the CURRENT_VERSION
if [[ -f '/usr/local/bin/xray' ]]; then
CURRENT_VERSION="$(/usr/local/bin/xray -version | awk 'NR==1 {print $2}')"
CURRENT_VERSION="v${CURRENT_VERSION#v}"
else
CURRENT_VERSION=""
fi
}
get_latest_version() {
# Get Xray latest release version number
local tmp_file
tmp_file="$(mktemp)"
if ! curl -x "${PROXY}" -sS -H "Accept: application/vnd.github.v3+json" -o "$tmp_file" 'https://api.github.com/repos/XTLS/Xray-core/releases/latest'; then
"rm" "$tmp_file"
echo 'error: Failed to get release list, please check your network.'
exit 1
fi
RELEASE_LATEST="$(sed 'y/,/\n/' "$tmp_file" | grep 'tag_name' | awk -F '"' '{print $4}')"
if [[ -z "$RELEASE_LATEST" ]]; then
if grep -q "API rate limit exceeded" "$tmp_file"; then
echo "error: github API rate limit exceeded"
else
echo "error: Failed to get the latest release version."
echo "Welcome bug report:https://github.com/XTLS/Xray-install/issues"
fi
"rm" "$tmp_file"
exit 1
fi
"rm" "$tmp_file"
RELEASE_LATEST="v${RELEASE_LATEST#v}"
if ! curl -x "${PROXY}" -sS -H "Accept: application/vnd.github.v3+json" -o "$tmp_file" 'https://api.github.com/repos/XTLS/Xray-core/releases'; then
"rm" "$tmp_file"
echo 'error: Failed to get release list, please check your network.'
exit 1
fi
local releases_list
releases_list=($(sed 'y/,/\n/' "$tmp_file" | grep 'tag_name' | awk -F '"' '{print $4}'))
if [[ "${#releases_list[@]}" -eq '0' ]]; then
if grep -q "API rate limit exceeded" "$tmp_file"; then
echo "error: github API rate limit exceeded"
else
echo "error: Failed to get the latest release version."
echo "Welcome bug report:https://github.com/XTLS/Xray-install/issues"
fi
"rm" "$tmp_file"
exit 1
fi
local i
for i in ${!releases_list[@]}
do
releases_list[$i]="v${releases_list[$i]#v}"
grep -q "https://github.com/XTLS/Xray-core/releases/download/${releases_list[$i]}/Xray-linux-$MACHINE.zip" "$tmp_file" && break
done
"rm" "$tmp_file"
PRE_RELEASE_LATEST="${releases_list[$i]}"
}
version_gt() {
# compare two version
# 0: $1 > $2
# 1: $1 <= $2
if [[ "$1" != "$2" ]]; then
local temp_1_version_number="${1#v}"
local temp_1_major_version_number="${temp_1_version_number%%.*}"
local temp_1_minor_version_number
temp_1_minor_version_number="$(echo "$temp_1_version_number" | awk -F '.' '{print $2}')"
local temp_1_minimunm_version_number="${temp_1_version_number##*.}"
# shellcheck disable=SC2001
local temp_2_version_number="${2#v}"
local temp_2_major_version_number="${temp_2_version_number%%.*}"
local temp_2_minor_version_number
temp_2_minor_version_number="$(echo "$temp_2_version_number" | awk -F '.' '{print $2}')"
local temp_2_minimunm_version_number="${temp_2_version_number##*.}"
if [[ "$temp_1_major_version_number" -gt "$temp_2_major_version_number" ]]; then
return 0
elif [[ "$temp_1_major_version_number" -eq "$temp_2_major_version_number" ]]; then
if [[ "$temp_1_minor_version_number" -gt "$temp_2_minor_version_number" ]]; then
return 0
elif [[ "$temp_1_minor_version_number" -eq "$temp_2_minor_version_number" ]]; then
if [[ "$temp_1_minimunm_version_number" -gt "$temp_2_minimunm_version_number" ]]; then
return 0
else
return 1
fi
else
return 1
fi
else
return 1
fi
elif [[ "$1" == "$2" ]]; then
return 1
fi
}
download_xray() {
DOWNLOAD_LINK="https://github.com/XTLS/Xray-core/releases/download/$INSTALL_VERSION/Xray-linux-$MACHINE.zip"
echo "Downloading Xray archive: $DOWNLOAD_LINK"
if ! curl -x "${PROXY}" -R -H 'Cache-Control: no-cache' -o "$ZIP_FILE" "$DOWNLOAD_LINK"; then
echo 'error: Download failed! Please check your network or try again.'
return 1
fi
return 0
echo "Downloading verification file for Xray archive: $DOWNLOAD_LINK.dgst"
if ! curl -x "${PROXY}" -sSR -H 'Cache-Control: no-cache' -o "$ZIP_FILE.dgst" "$DOWNLOAD_LINK.dgst"; then
echo 'error: Download failed! Please check your network or try again.'
return 1
fi
if [[ "$(cat "$ZIP_FILE".dgst)" == 'Not Found' ]]; then
echo 'error: This version does not support verification. Please replace with another version.'
return 1
fi
# Verification of Xray archive
for LISTSUM in 'md5' 'sha1' 'sha256' 'sha512'; do
SUM="$(${LISTSUM}sum "$ZIP_FILE" | sed 's/ .*//')"
CHECKSUM="$(grep ${LISTSUM^^} "$ZIP_FILE".dgst | grep "$SUM" -o -a | uniq)"
if [[ "$SUM" != "$CHECKSUM" ]]; then
echo 'error: Check failed! Please check your network or try again.'
return 1
fi
done
}
decompression() {
if ! unzip -q "$1" -d "$TMP_DIRECTORY"; then
echo 'error: Xray decompression failed.'
"rm" -r "$TMP_DIRECTORY"
echo "removed: $TMP_DIRECTORY"
exit 1
fi
echo "info: Extract the Xray package to $TMP_DIRECTORY and prepare it for installation."
}
install_file() {
NAME="$1"
if [[ "$NAME" == 'xray' ]]; then
install -m 755 "${TMP_DIRECTORY}/$NAME" "/usr/local/bin/$NAME"
elif [[ "$NAME" == 'geoip.dat' ]] || [[ "$NAME" == 'geosite.dat' ]]; then
install -m 644 "${TMP_DIRECTORY}/$NAME" "${DAT_PATH}/$NAME"
fi
}
install_xray() {
# Install Xray binary to /usr/local/bin/ and $DAT_PATH
install_file xray
# If the file exists, geoip.dat and geosite.dat will not be installed or updated
if [[ "$NO_GEODATA" -eq '0' ]] && [[ ! -f "${DAT_PATH}/.undat" ]]; then
install -d "$DAT_PATH"
install_file geoip.dat
install_file geosite.dat
GEODATA='1'
fi
# Install Xray configuration file to $JSON_PATH
# shellcheck disable=SC2153
if [[ -z "$JSONS_PATH" ]] && [[ ! -d "$JSON_PATH" ]]; then
install -d "$JSON_PATH"
echo "{}" > "${JSON_PATH}/config.json"
CONFIG_NEW='1'
fi
# Install Xray configuration file to $JSONS_PATH
if [[ -n "$JSONS_PATH" ]] && [[ ! -d "$JSONS_PATH" ]]; then
install -d "$JSONS_PATH"
for BASE in 00_log 01_api 02_dns 03_routing 04_policy 05_inbounds 06_outbounds 07_transport 08_stats 09_reverse; do
echo '{}' > "${JSONS_PATH}/${BASE}.json"
done
CONFDIR='1'
fi
# Used to store Xray log files
if [[ "$NO_LOGFILES" -eq '0' ]]; then
if [[ ! -d '/var/log/xray/' ]]; then
install -d -m 700 -o "$INSTALL_USER_UID" -g "$INSTALL_USER_GID" /var/log/xray/
install -m 600 -o "$INSTALL_USER_UID" -g "$INSTALL_USER_GID" /dev/null /var/log/xray/access.log
install -m 600 -o "$INSTALL_USER_UID" -g "$INSTALL_USER_GID" /dev/null /var/log/xray/error.log
LOG='1'
else
chown -R "$INSTALL_USER_UID:$INSTALL_USER_GID" /var/log/xray/
fi
fi
}
install_startup_service_file() {
mkdir -p '/etc/systemd/system/xray.service.d'
mkdir -p '/etc/systemd/system/xray@.service.d/'
local temp_CapabilityBoundingSet="CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE"
local temp_AmbientCapabilities="AmbientCapabilities=CAP_NET_ADMIN CAP_NET_BIND_SERVICE"
local temp_NoNewPrivileges="NoNewPrivileges=true"
if [[ "$INSTALL_USER_UID" -eq '0' ]]; then
temp_CapabilityBoundingSet="#${temp_CapabilityBoundingSet}"
temp_AmbientCapabilities="#${temp_AmbientCapabilities}"
temp_NoNewPrivileges="#${temp_NoNewPrivileges}"
fi
cat > /etc/systemd/system/xray.service << EOF
[Unit]
Description=Xray Service
Documentation=https://github.com/xtls
After=network.target nss-lookup.target
[Service]
User=$INSTALL_USER
${temp_CapabilityBoundingSet}
${temp_AmbientCapabilities}
${temp_NoNewPrivileges}
ExecStart=/usr/local/bin/xray run -config /usr/local/etc/xray/config.json
Restart=on-failure
RestartPreventExitStatus=23
LimitNPROC=10000
LimitNOFILE=1000000
[Install]
WantedBy=multi-user.target
EOF
cat > /etc/systemd/system/xray@.service <<EOF
[Unit]
Description=Xray Service
Documentation=https://github.com/xtls
After=network.target nss-lookup.target
[Service]
User=$INSTALL_USER
${temp_CapabilityBoundingSet}
${temp_AmbientCapabilities}
${temp_NoNewPrivileges}
ExecStart=/usr/local/bin/xray run -config /usr/local/etc/xray/%i.json
Restart=on-failure
RestartPreventExitStatus=23
LimitNPROC=10000
LimitNOFILE=1000000
[Install]
WantedBy=multi-user.target
EOF
chmod 644 /etc/systemd/system/xray.service /etc/systemd/system/xray@.service
if [[ -n "$JSONS_PATH" ]]; then
"rm" '/etc/systemd/system/xray.service.d/10-donot_touch_single_conf.conf' \
'/etc/systemd/system/xray@.service.d/10-donot_touch_single_conf.conf'
echo "# In case you have a good reason to do so, duplicate this file in the same directory and make your customizes there.
# Or all changes you made will be lost! # Refer: https://www.freedesktop.org/software/systemd/man/systemd.unit.html
[Service]
ExecStart=
ExecStart=/usr/local/bin/xray run -confdir $JSONS_PATH" |
tee '/etc/systemd/system/xray.service.d/10-donot_touch_multi_conf.conf' > \
'/etc/systemd/system/xray@.service.d/10-donot_touch_multi_conf.conf'
else
"rm" '/etc/systemd/system/xray.service.d/10-donot_touch_multi_conf.conf' \
'/etc/systemd/system/xray@.service.d/10-donot_touch_multi_conf.conf'
echo "# In case you have a good reason to do so, duplicate this file in the same directory and make your customizes there.
# Or all changes you made will be lost! # Refer: https://www.freedesktop.org/software/systemd/man/systemd.unit.html
[Service]
ExecStart=
ExecStart=/usr/local/bin/xray run -config ${JSON_PATH}/config.json" > \
'/etc/systemd/system/xray.service.d/10-donot_touch_single_conf.conf'
echo "# In case you have a good reason to do so, duplicate this file in the same directory and make your customizes there.
# Or all changes you made will be lost! # Refer: https://www.freedesktop.org/software/systemd/man/systemd.unit.html
[Service]
ExecStart=
ExecStart=/usr/local/bin/xray run -config ${JSON_PATH}/%i.json" > \
'/etc/systemd/system/xray@.service.d/10-donot_touch_single_conf.conf'
fi
echo "info: Systemd service files have been installed successfully!"
echo "${red}warning: ${green}The following are the actual parameters for the xray service startup."
echo "${red}warning: ${green}Please make sure the configuration file path is correctly set.${reset}"
systemd_cat_config /etc/systemd/system/xray.service
# shellcheck disable=SC2154
if [[ x"${check_all_service_files:0:1}" = x'y' ]]; then
echo
echo
systemd_cat_config /etc/systemd/system/xray@.service
fi
systemctl daemon-reload
SYSTEMD='1'
}
start_xray() {
if [[ -f '/etc/systemd/system/xray.service' ]]; then
systemctl start "${XRAY_CUSTOMIZE:-xray}"
sleep 1s
if systemctl -q is-active "${XRAY_CUSTOMIZE:-xray}"; then
echo 'info: Start the Xray service.'
else
echo 'error: Failed to start Xray service.'
exit 1
fi
fi
}
stop_xray() {
XRAY_CUSTOMIZE="$(systemctl list-units | grep 'xray@' | awk -F ' ' '{print $1}')"
if [[ -z "$XRAY_CUSTOMIZE" ]]; then
local xray_daemon_to_stop='xray.service'
else
local xray_daemon_to_stop="$XRAY_CUSTOMIZE"
fi
if ! systemctl stop "$xray_daemon_to_stop"; then
echo 'error: Stopping the Xray service failed.'
exit 1
fi
echo 'info: Stop the Xray service.'
}
install_geodata() {
download_geodata() {
if ! curl -x "${PROXY}" -R -H 'Cache-Control: no-cache' -o "${dir_tmp}/${2}" "${1}"; then
echo 'error: Download failed! Please check your network or try again.'
exit 1
fi
if ! curl -x "${PROXY}" -R -H 'Cache-Control: no-cache' -o "${dir_tmp}/${2}.sha256sum" "${1}.sha256sum"; then
echo 'error: Download failed! Please check your network or try again.'
exit 1
fi
}
local download_link_geoip="https://github.com/v2fly/geoip/releases/latest/download/geoip.dat"
local download_link_geosite="https://github.com/v2fly/domain-list-community/releases/latest/download/dlc.dat"
local file_ip='geoip.dat'
local file_dlc='dlc.dat'
local file_site='geosite.dat'
local dir_tmp
dir_tmp="$(mktemp -d)"
[[ "$XRAY_IS_INSTALLED_BEFORE_RUNNING_SCRIPT" -eq '0' ]] && echo "warning: Xray was not installed"
download_geodata $download_link_geoip $file_ip
download_geodata $download_link_geosite $file_dlc
cd "${dir_tmp}" || exit
for i in "${dir_tmp}"/*.sha256sum; do
if ! sha256sum -c "${i}"; then
echo 'error: Check failed! Please check your network or try again.'
exit 1
fi
done
cd - > /dev/null
install -d "$DAT_PATH"
install -m 644 "${dir_tmp}"/${file_dlc} "${DAT_PATH}"/${file_site}
install -m 644 "${dir_tmp}"/${file_ip} "${DAT_PATH}"/${file_ip}
rm -r "${dir_tmp}"
exit 0
}
check_update() {
if [[ "$XRAY_IS_INSTALLED_BEFORE_RUNNING_SCRIPT" -eq '1' ]]; then
get_current_version
echo "info: The current version of Xray is $CURRENT_VERSION ."
else
echo 'warning: Xray is not installed.'
fi
get_latest_version
echo "info: The latest release version of Xray is $RELEASE_LATEST ."
echo "info: The latest pre-release/release version of Xray is $PRE_RELEASE_LATEST ."
exit 0
}
remove_xray() {
if systemctl list-unit-files | grep -qw 'xray'; then
if [[ -n "$(pidof xray)" ]]; then
stop_xray
fi
local delete_files=('/usr/local/bin/xray' '/etc/systemd/system/xray.service' '/etc/systemd/system/xray@.service' '/etc/systemd/system/xray.service.d' '/etc/systemd/system/xray@.service.d')
[[ -d "$DAT_PATH" ]] && delete_files+=("$DAT_PATH")
if [[ "$PURGE" -eq '1' ]]; then
if [[ -z "$JSONS_PATH" ]]; then
delete_files+=("$JSON_PATH")
else
delete_files+=("$JSONS_PATH")
fi
[[ -d '/var/log/xray' ]] && delete_files+=('/var/log/xray')
fi
systemctl disable xray
if ! ("rm" -r "${delete_files[@]}"); then
echo 'error: Failed to remove Xray.'
exit 1
else
for i in ${!delete_files[@]}
do
echo "removed: ${delete_files[$i]}"
done
systemctl daemon-reload
echo "You may need to execute a command to remove dependent software: $PACKAGE_MANAGEMENT_REMOVE curl unzip"
echo 'info: Xray has been removed.'
if [[ "$PURGE" -eq '0' ]]; then
echo 'info: If necessary, manually delete the configuration and log files.'
if [[ -n "$JSONS_PATH" ]]; then
echo "info: e.g., $JSONS_PATH and /var/log/xray/ ..."
else
echo "info: e.g., $JSON_PATH and /var/log/xray/ ..."
fi
fi
exit 0
fi
else
echo 'error: Xray is not installed.'
exit 1
fi
}
# Explanation of parameters in the script
show_help() {
echo "usage: $0 ACTION [OPTION]..."
echo
echo 'ACTION:'
echo ' install Install/Update Xray'
echo ' install-geodata Install/Update geoip.dat and geosite.dat only'
echo ' remove Remove Xray'
echo ' help Show help'
echo ' check Check if Xray can be updated'
echo 'If no action is specified, then install will be selected'
echo
echo 'OPTION:'
echo ' install:'
echo ' --version Install the specified version of Xray, e.g., --version v1.0.0'
echo ' -f, --force Force install even though the versions are same'
echo ' --beta Install the pre-release version if it is exist'
echo ' -l, --local Install Xray from a local file'
echo ' -p, --proxy Download through a proxy server, e.g., -p http://127.0.0.1:8118 or -p socks5://127.0.0.1:1080'
echo ' -u, --install-user Install Xray in specified user, e.g, -u root'
echo ' --reinstall Reinstall current Xray version'
echo " --no-update-service Don't change service files if they are exist"
echo " --without-geodata Don't install/update geoip.dat and geosite.dat"
echo " --without-logfiles Don't install /var/log/xray"
echo ' install-geodata:'
echo ' -p, --proxy Download through a proxy server'
echo ' remove:'
echo ' --purge Remove all the Xray files, include logs, configs, etc'
echo ' check:'
echo ' -p, --proxy Check new version through a proxy server'
exit 0
}
main() {
check_if_running_as_root
identify_the_operating_system_and_architecture
judgment_parameters "$@"
install_software "$package_provide_tput" 'tput'
red=$(tput setaf 1)
green=$(tput setaf 2)
aoi=$(tput setaf 6)
reset=$(tput sgr0)
# Parameter information
[[ "$HELP" -eq '1' ]] && show_help
[[ "$CHECK" -eq '1' ]] && check_update
[[ "$REMOVE" -eq '1' ]] && remove_xray
[[ "$INSTALL_GEODATA" -eq '1' ]] && install_geodata
# Check if the user is effective
check_install_user
# Two very important variables
TMP_DIRECTORY="$(mktemp -d)"
ZIP_FILE="${TMP_DIRECTORY}/Xray-linux-$MACHINE.zip"
# Install Xray from a local file, but still need to make sure the network is available
if [[ -n "$LOCAL_FILE" ]]; then
echo 'warn: Install Xray from a local file, but still need to make sure the network is available.'
echo -n 'warn: Please make sure the file is valid because we cannot confirm it. (Press any key) ...'
read -r
install_software 'unzip' 'unzip'
decompression "$LOCAL_FILE"
else
get_current_version
if [[ "$REINSTALL" -eq '1' ]]; then
if [[ -z "$CURRENT_VERSION" ]]; then
echo "error: Xray is not installed"
exit 1
fi
INSTALL_VERSION="$CURRENT_VERSION"
echo "info: Reinstalling Xray $CURRENT_VERSION"
elif [[ -n "$SPECIFIED_VERSION" ]]; then
SPECIFIED_VERSION="v${SPECIFIED_VERSION#v}"
if [[ "$CURRENT_VERSION" == "$SPECIFIED_VERSION" ]] && [[ "$FORCE" -eq '0' ]]; then
echo "info: The current version is same as the specified version. The version is $CURRENT_VERSION ."
exit 0
fi
INSTALL_VERSION="$SPECIFIED_VERSION"
echo "info: Installing specified Xray version $INSTALL_VERSION for $(uname -m)"
else
install_software 'curl' 'curl'
get_latest_version
if [[ "$BETA" -eq '0' ]]; then
INSTALL_VERSION="$RELEASE_LATEST"
else
INSTALL_VERSION="$PRE_RELEASE_LATEST"
fi
if ! version_gt "$INSTALL_VERSION" "$CURRENT_VERSION" && [[ "$FORCE" -eq '0' ]]; then
echo "info: No new version. The current version of Xray is $CURRENT_VERSION ."
exit 0
fi
echo "info: Installing Xray $INSTALL_VERSION for $(uname -m)"
fi
install_software 'curl' 'curl'
install_software 'unzip' 'unzip'
if ! download_xray; then
"rm" -r "$TMP_DIRECTORY"
echo "removed: $TMP_DIRECTORY"
exit 1
fi
decompression "$ZIP_FILE"
fi
# Determine if Xray is running
if systemctl list-unit-files | grep -qw 'xray'; then
if [[ -n "$(pidof xray)" ]]; then
stop_xray
XRAY_RUNNING='1'
fi
fi
install_xray
([[ "$N_UP_SERVICE" -eq '1' ]] && [[ -f '/etc/systemd/system/xray.service' ]]) || install_startup_service_file
echo 'installed: /usr/local/bin/xray'
# If the file exists, the content output of installing or updating geoip.dat and geosite.dat will not be displayed
if [[ "$GEODATA" -eq '1' ]]; then
echo "installed: ${DAT_PATH}/geoip.dat"
echo "installed: ${DAT_PATH}/geosite.dat"
fi
if [[ "$CONFIG_NEW" -eq '1' ]]; then
echo "installed: ${JSON_PATH}/config.json"
fi
if [[ "$CONFDIR" -eq '1' ]]; then
echo "installed: ${JSON_PATH}/00_log.json"
echo "installed: ${JSON_PATH}/01_api.json"
echo "installed: ${JSON_PATH}/02_dns.json"
echo "installed: ${JSON_PATH}/03_routing.json"
echo "installed: ${JSON_PATH}/04_policy.json"
echo "installed: ${JSON_PATH}/05_inbounds.json"
echo "installed: ${JSON_PATH}/06_outbounds.json"
echo "installed: ${JSON_PATH}/07_transport.json"
echo "installed: ${JSON_PATH}/08_stats.json"
echo "installed: ${JSON_PATH}/09_reverse.json"
fi
if [[ "$LOG" -eq '1' ]]; then
echo 'installed: /var/log/xray/'
echo 'installed: /var/log/xray/access.log'
echo 'installed: /var/log/xray/error.log'
fi
if [[ "$SYSTEMD" -eq '1' ]]; then
echo 'installed: /etc/systemd/system/xray.service'
echo 'installed: /etc/systemd/system/xray@.service'
fi
"rm" -r "$TMP_DIRECTORY"
echo "removed: $TMP_DIRECTORY"
get_current_version
echo "info: Xray $CURRENT_VERSION is installed."
echo "You may need to execute a command to remove dependent software: $PACKAGE_MANAGEMENT_REMOVE curl unzip"
if [[ "$XRAY_IS_INSTALLED_BEFORE_RUNNING_SCRIPT" -eq '1' ]] && [[ "$FORCE" -eq '0' ]] && [[ "$REINSTALL" -eq '0' ]]; then
[[ "$XRAY_RUNNING" -eq '1' ]] && start_xray
else
systemctl start xray
systemctl enable xray
sleep 1s
if systemctl -q is-active xray; then
echo "info: Enable and start the Xray service"
else
echo "warning: Failed to enable and start the Xray service"
fi
fi
}
main "$@"

36
v2ray示例/v2ray-Socks5/socks5中继服务器.json Normal file
View File

@@ -0,0 +1,36 @@
{
"log": {
"access": "/var/log/v2ray/access.log",
"error": "/var/log/v2ray/error.log",
"loglevel": "none"
},
"inbounds": [
{
"protocol": "socks",
"port": 22888,
"listen": "0.0.0.0",
"settings": {
"auth": "password",
"accounts": [
{
"user": "zeaslity",
"pass": "password"
}
],
"udp": true,
"userLevel": 0
}
}
],
"dns": {
"network": "udp",
"address": "223.5.5.5",
"port": 53
},
"outbounds": [
{
"protocol": "freedom",
"settings": {}
}
]
}

601
v2ray示例/v2ray-Socks5/v2ray-install.sh Normal file
View File

@@ -0,0 +1,601 @@
#!/bin/bash
# The files installed by the script conform to the Filesystem Hierarchy Standard:
# https://wiki.linuxfoundation.org/lsb/fhs
# The URL of the script project is:
# https://github.com/v2fly/fhs-install-v2ray
# The URL of the script is:
# https://raw.githubusercontent.com/v2fly/fhs-install-v2ray/master/install-release.sh
# If the script executes incorrectly, go to:
# https://github.com/v2fly/fhs-install-v2ray/issues
# You can set this variable whatever you want in shell session right before running this script by issuing:
# export DAT_PATH='/usr/local/share/v2ray'
DAT_PATH=${DAT_PATH:-/usr/local/share/v2ray}
# You can set this variable whatever you want in shell session right before running this script by issuing:
# export JSON_PATH='/usr/local/etc/v2ray'
JSON_PATH=${JSON_PATH:-/usr/local/etc/v2ray}
# Set this variable only if you are starting v2ray with multiple configuration files:
# export JSONS_PATH='/usr/local/etc/v2ray'
# Set this variable only if you want this script to check all the systemd unit file:
# export check_all_service_files='yes'
curl() {
$(type -P curl) -L -q --retry 5 --retry-delay 10 --retry-max-time 60 "$@"
}
systemd_cat_config() {
if systemd-analyze --help | grep -qw 'cat-config'; then
systemd-analyze --no-pager cat-config "$@"
echo
else
echo "${aoi}~~~~~~~~~~~~~~~~"
cat "$@" "$1".d/*
echo "${aoi}~~~~~~~~~~~~~~~~"
echo "${red}warning: ${green}The systemd version on the current operating system is too low."
echo "${red}warning: ${green}Please consider to upgrade the systemd or the operating system.${reset}"
echo
fi
}
check_if_running_as_root() {
# If you want to run as another user, please modify $UID to be owned by this user
if [[ "$UID" -ne '0' ]]; then
echo "error: You must run this script as root!"
exit 1
fi
}
identify_the_operating_system_and_architecture() {
if [[ "$(uname)" == 'Linux' ]]; then
case "$(uname -m)" in
'i386' | 'i686')
MACHINE='32'
;;
'amd64' | 'x86_64')
MACHINE='64'
;;
'armv5tel')
MACHINE='arm32-v5'
;;
'armv6l')
MACHINE='arm32-v6'
;;
'armv7' | 'armv7l')
MACHINE='arm32-v7a'
;;
'armv8' | 'aarch64')
MACHINE='arm64-v8a'
;;
'mips')
MACHINE='mips32'
;;
'mipsle')
MACHINE='mips32le'
;;
'mips64')
MACHINE='mips64'
;;
'mips64le')
MACHINE='mips64le'
;;
'ppc64')
MACHINE='ppc64'
;;
'ppc64le')
MACHINE='ppc64le'
;;
'riscv64')
MACHINE='riscv64'
;;
's390x')
MACHINE='s390x'
;;
*)
echo "error: The architecture is not supported."
exit 1
;;
esac
if [[ ! -f '/etc/os-release' ]]; then
echo "error: Don't use outdated Linux distributions."
exit 1
fi
# Do not combine this judgment condition with the following judgment condition.
## Be aware of Linux distribution like Gentoo, which kernel supports switch between Systemd and OpenRC.
### Refer: https://github.com/v2fly/fhs-install-v2ray/issues/84#issuecomment-688574989
if [[ -f /.dockerenv ]] || grep -q 'docker\|lxc' /proc/1/cgroup && [[ "$(type -P systemctl)" ]]; then
true
elif [[ -d /run/systemd/system ]] || grep -q systemd <(ls -l /sbin/init); then
true
else
echo "error: Only Linux distributions using systemd are supported."
exit 1
fi
if [[ "$(type -P apt)" ]]; then
PACKAGE_MANAGEMENT_INSTALL='apt -y --no-install-recommends install'
PACKAGE_MANAGEMENT_REMOVE='apt purge'
package_provide_tput='ncurses-bin'
elif [[ "$(type -P dnf)" ]]; then
PACKAGE_MANAGEMENT_INSTALL='dnf -y install'
PACKAGE_MANAGEMENT_REMOVE='dnf remove'
package_provide_tput='ncurses'
elif [[ "$(type -P yum)" ]]; then
PACKAGE_MANAGEMENT_INSTALL='yum -y install'
PACKAGE_MANAGEMENT_REMOVE='yum remove'
package_provide_tput='ncurses'
elif [[ "$(type -P zypper)" ]]; then
PACKAGE_MANAGEMENT_INSTALL='zypper install -y --no-recommends'
PACKAGE_MANAGEMENT_REMOVE='zypper remove'
package_provide_tput='ncurses-utils'
elif [[ "$(type -P pacman)" ]]; then
PACKAGE_MANAGEMENT_INSTALL='pacman -Syu --noconfirm'
PACKAGE_MANAGEMENT_REMOVE='pacman -Rsn'
package_provide_tput='ncurses'
else
echo "error: The script does not support the package manager in this operating system."
exit 1
fi
else
echo "error: This operating system is not supported."
exit 1
fi
}
## Demo function for processing parameters
judgment_parameters() {
while [[ "$#" -gt '0' ]]; do
case "$1" in
'--remove')
if [[ "$#" -gt '1' ]]; then
echo 'error: Please enter the correct parameters.'
exit 1
fi
REMOVE='1'
;;
'--version')
VERSION="${2:?error: Please specify the correct version.}"
break
;;
'-c' | '--check')
CHECK='1'
break
;;
'-f' | '--force')
FORCE='1'
break
;;
'-h' | '--help')
HELP='1'
break
;;
'-l' | '--local')
LOCAL_INSTALL='1'
LOCAL_FILE="${2:?error: Please specify the correct local file.}"
break
;;
'-p' | '--proxy')
if [[ -z "${2:?error: Please specify the proxy server address.}" ]]; then
exit 1
fi
PROXY="$2"
shift
;;
*)
echo "$0: unknown option -- -"
exit 1
;;
esac
shift
done
}
install_software() {
package_name="$1"
file_to_detect="$2"
type -P "$file_to_detect" > /dev/null 2>&1 && return
if ${PACKAGE_MANAGEMENT_INSTALL} "$package_name"; then
echo "info: $package_name is installed."
else
echo "error: Installation of $package_name failed, please check your network."
exit 1
fi
}
get_version() {
# 0: Install or update V2Ray.
# 1: Installed or no new version of V2Ray.
# 2: Install the specified version of V2Ray.
if [[ -n "$VERSION" ]]; then
RELEASE_VERSION="v${VERSION#v}"
return 2
fi
# Determine the version number for V2Ray installed from a local file
if [[ -f '/usr/local/bin/v2ray' ]]; then
VERSION="$(/usr/local/bin/v2ray -version | awk 'NR==1 {print $2}')"
CURRENT_VERSION="v${VERSION#v}"
if [[ "$LOCAL_INSTALL" -eq '1' ]]; then
RELEASE_VERSION="$CURRENT_VERSION"
return
fi
fi
# Get V2Ray release version number
TMP_FILE="$(mktemp)"
if ! curl -x "${PROXY}" -sS -H "Accept: application/vnd.github.v3+json" -o "$TMP_FILE" 'https://api.github.com/repos/v2fly/v2ray-core/releases/latest'; then
"rm" "$TMP_FILE"
echo 'error: Failed to get release list, please check your network.'
exit 1
fi
RELEASE_LATEST="$(sed 'y/,/\n/' "$TMP_FILE" | grep 'tag_name' | awk -F '"' '{print $4}')"
"rm" "$TMP_FILE"
RELEASE_VERSION="v${RELEASE_LATEST#v}"
# Compare V2Ray version numbers
if [[ "$RELEASE_VERSION" != "$CURRENT_VERSION" ]]; then
RELEASE_VERSIONSION_NUMBER="${RELEASE_VERSION#v}"
RELEASE_MAJOR_VERSION_NUMBER="${RELEASE_VERSIONSION_NUMBER%%.*}"
RELEASE_MINOR_VERSION_NUMBER="$(echo "$RELEASE_VERSIONSION_NUMBER" | awk -F '.' '{print $2}')"
RELEASE_MINIMUM_VERSION_NUMBER="${RELEASE_VERSIONSION_NUMBER##*.}"
# shellcheck disable=SC2001
CURRENT_VERSIONSION_NUMBER="$(echo "${CURRENT_VERSION#v}" | sed 's/-.*//')"
CURRENT_MAJOR_VERSION_NUMBER="${CURRENT_VERSIONSION_NUMBER%%.*}"
CURRENT_MINOR_VERSION_NUMBER="$(echo "$CURRENT_VERSIONSION_NUMBER" | awk -F '.' '{print $2}')"
CURRENT_MINIMUM_VERSION_NUMBER="${CURRENT_VERSIONSION_NUMBER##*.}"
if [[ "$RELEASE_MAJOR_VERSION_NUMBER" -gt "$CURRENT_MAJOR_VERSION_NUMBER" ]]; then
return 0
elif [[ "$RELEASE_MAJOR_VERSION_NUMBER" -eq "$CURRENT_MAJOR_VERSION_NUMBER" ]]; then
if [[ "$RELEASE_MINOR_VERSION_NUMBER" -gt "$CURRENT_MINOR_VERSION_NUMBER" ]]; then
return 0
elif [[ "$RELEASE_MINOR_VERSION_NUMBER" -eq "$CURRENT_MINOR_VERSION_NUMBER" ]]; then
if [[ "$RELEASE_MINIMUM_VERSION_NUMBER" -gt "$CURRENT_MINIMUM_VERSION_NUMBER" ]]; then
return 0
else
return 1
fi
else
return 1
fi
else
return 1
fi
elif [[ "$RELEASE_VERSION" == "$CURRENT_VERSION" ]]; then
return 1
fi
}
download_v2ray() {
DOWNLOAD_LINK="https://github.com/v2fly/v2ray-core/releases/download/$RELEASE_VERSION/v2ray-linux-$MACHINE.zip"
echo "Downloading V2Ray archive: $DOWNLOAD_LINK"
if ! curl -x "${PROXY}" -R -H 'Cache-Control: no-cache' -o "$ZIP_FILE" "$DOWNLOAD_LINK"; then
echo 'error: Download failed! Please check your network or try again.'
return 1
fi
echo "Downloading verification file for V2Ray archive: $DOWNLOAD_LINK.dgst"
if ! curl -x "${PROXY}" -sSR -H 'Cache-Control: no-cache' -o "$ZIP_FILE.dgst" "$DOWNLOAD_LINK.dgst"; then
echo 'error: Download failed! Please check your network or try again.'
return 1
fi
if [[ "$(cat "$ZIP_FILE".dgst)" == 'Not Found' ]]; then
echo 'error: This version does not support verification. Please replace with another version.'
return 1
fi
# Verification of V2Ray archive
for LISTSUM in 'md5' 'sha1' 'sha256' 'sha512'; do
SUM="$(${LISTSUM}sum "$ZIP_FILE" | sed 's/ .*//')"
CHECKSUM="$(grep ${LISTSUM^^} "$ZIP_FILE".dgst | grep "$SUM" -o -a | uniq)"
if [[ "$SUM" != "$CHECKSUM" ]]; then
echo 'error: Check failed! Please check your network or try again.'
return 1
fi
done
}
decompression() {
if ! unzip -q "$1" -d "$TMP_DIRECTORY"; then
echo 'error: V2Ray decompression failed.'
"rm" -r "$TMP_DIRECTORY"
echo "removed: $TMP_DIRECTORY"
exit 1
fi
echo "info: Extract the V2Ray package to $TMP_DIRECTORY and prepare it for installation."
}
install_file() {
NAME="$1"
if [[ "$NAME" == 'v2ray' ]] || [[ "$NAME" == 'v2ctl' ]]; then
install -m 755 "${TMP_DIRECTORY}/$NAME" "/usr/local/bin/$NAME"
elif [[ "$NAME" == 'geoip.dat' ]] || [[ "$NAME" == 'geosite.dat' ]]; then
install -m 644 "${TMP_DIRECTORY}/$NAME" "${DAT_PATH}/$NAME"
fi
}
install_v2ray() {
# Install V2Ray binary to /usr/local/bin/ and $DAT_PATH
install_file v2ray
install_file v2ctl
install -d "$DAT_PATH"
# If the file exists, geoip.dat and geosite.dat will not be installed or updated
if [[ ! -f "${DAT_PATH}/.undat" ]]; then
install_file geoip.dat
install_file geosite.dat
fi
# Install V2Ray configuration file to $JSON_PATH
# shellcheck disable=SC2153
if [[ -z "$JSONS_PATH" ]] && [[ ! -d "$JSON_PATH" ]]; then
install -d "$JSON_PATH"
echo "{}" > "${JSON_PATH}/config.json"
CONFIG_NEW='1'
fi
# Install V2Ray configuration file to $JSONS_PATH
if [[ -n "$JSONS_PATH" ]] && [[ ! -d "$JSONS_PATH" ]]; then
install -d "$JSONS_PATH"
for BASE in 00_log 01_api 02_dns 03_routing 04_policy 05_inbounds 06_outbounds 07_transport 08_stats 09_reverse; do
echo '{}' > "${JSONS_PATH}/${BASE}.json"
done
CONFDIR='1'
fi
# Used to store V2Ray log files
if [[ ! -d '/var/log/v2ray/' ]]; then
if id nobody | grep -qw 'nogroup'; then
install -d -m 700 -o nobody -g nogroup /var/log/v2ray/
install -m 600 -o nobody -g nogroup /dev/null /var/log/v2ray/access.log
install -m 600 -o nobody -g nogroup /dev/null /var/log/v2ray/error.log
else
install -d -m 700 -o nobody -g nobody /var/log/v2ray/
install -m 600 -o nobody -g nobody /dev/null /var/log/v2ray/access.log
install -m 600 -o nobody -g nobody /dev/null /var/log/v2ray/error.log
fi
LOG='1'
fi
}
install_startup_service_file() {
install -m 644 "${TMP_DIRECTORY}/systemd/system/v2ray.service" /etc/systemd/system/v2ray.service
install -m 644 "${TMP_DIRECTORY}/systemd/system/v2ray@.service" /etc/systemd/system/v2ray@.service
mkdir -p '/etc/systemd/system/v2ray.service.d'
mkdir -p '/etc/systemd/system/v2ray@.service.d/'
if [[ -n "$JSONS_PATH" ]]; then
"rm" '/etc/systemd/system/v2ray.service.d/10-donot_touch_single_conf.conf' \
'/etc/systemd/system/v2ray@.service.d/10-donot_touch_single_conf.conf'
echo "# In case you have a good reason to do so, duplicate this file in the same directory and make your customizes there.
# Or all changes you made will be lost! # Refer: https://www.freedesktop.org/software/systemd/man/systemd.unit.html
[Service]
ExecStart=
ExecStart=/usr/local/bin/v2ray -confdir $JSONS_PATH" |
tee '/etc/systemd/system/v2ray.service.d/10-donot_touch_multi_conf.conf' > \
'/etc/systemd/system/v2ray@.service.d/10-donot_touch_multi_conf.conf'
else
"rm" '/etc/systemd/system/v2ray.service.d/10-donot_touch_multi_conf.conf' \
'/etc/systemd/system/v2ray@.service.d/10-donot_touch_multi_conf.conf'
echo "# In case you have a good reason to do so, duplicate this file in the same directory and make your customizes there.
# Or all changes you made will be lost! # Refer: https://www.freedesktop.org/software/systemd/man/systemd.unit.html
[Service]
ExecStart=
ExecStart=/usr/local/bin/v2ray -config ${JSON_PATH}/config.json" > \
'/etc/systemd/system/v2ray.service.d/10-donot_touch_single_conf.conf'
echo "# In case you have a good reason to do so, duplicate this file in the same directory and make your customizes there.
# Or all changes you made will be lost! # Refer: https://www.freedesktop.org/software/systemd/man/systemd.unit.html
[Service]
ExecStart=
ExecStart=/usr/local/bin/v2ray -config ${JSON_PATH}/%i.json" > \
'/etc/systemd/system/v2ray@.service.d/10-donot_touch_single_conf.conf'
fi
echo "info: Systemd service files have been installed successfully!"
echo "${red}warning: ${green}The following are the actual parameters for the v2ray service startup."
echo "${red}warning: ${green}Please make sure the configuration file path is correctly set.${reset}"
systemd_cat_config /etc/systemd/system/v2ray.service
# shellcheck disable=SC2154
if [[ x"${check_all_service_files:0:1}" = x'y' ]]; then
echo
echo
systemd_cat_config /etc/systemd/system/v2ray@.service
fi
systemctl daemon-reload
SYSTEMD='1'
}
start_v2ray() {
if [[ -f '/etc/systemd/system/v2ray.service' ]]; then
if systemctl start "${V2RAY_CUSTOMIZE:-v2ray}"; then
echo 'info: Start the V2Ray service.'
else
echo 'error: Failed to start V2Ray service.'
exit 1
fi
fi
}
stop_v2ray() {
V2RAY_CUSTOMIZE="$(systemctl list-units | grep 'v2ray@' | awk -F ' ' '{print $1}')"
if [[ -z "$V2RAY_CUSTOMIZE" ]]; then
local v2ray_daemon_to_stop='v2ray.service'
else
local v2ray_daemon_to_stop="$V2RAY_CUSTOMIZE"
fi
if ! systemctl stop "$v2ray_daemon_to_stop"; then
echo 'error: Stopping the V2Ray service failed.'
exit 1
fi
echo 'info: Stop the V2Ray service.'
}
check_update() {
if [[ -f '/etc/systemd/system/v2ray.service' ]]; then
(get_version)
local get_ver_exit_code=$?
if [[ "$get_ver_exit_code" -eq '0' ]]; then
echo "info: Found the latest release of V2Ray $RELEASE_VERSION . (Current release: $CURRENT_VERSION)"
elif [[ "$get_ver_exit_code" -eq '1' ]]; then
echo "info: No new version. The current version of V2Ray is $CURRENT_VERSION ."
fi
exit 0
else
echo 'error: V2Ray is not installed.'
exit 1
fi
}
remove_v2ray() {
if systemctl list-unit-files | grep -qw 'v2ray'; then
if [[ -n "$(pidof v2ray)" ]]; then
stop_v2ray
fi
if ! ("rm" -r '/usr/local/bin/v2ray' \
'/usr/local/bin/v2ctl' \
"$DAT_PATH" \
'/etc/systemd/system/v2ray.service' \
'/etc/systemd/system/v2ray@.service' \
'/etc/systemd/system/v2ray.service.d' \
'/etc/systemd/system/v2ray@.service.d'); then
echo 'error: Failed to remove V2Ray.'
exit 1
else
echo 'removed: /usr/local/bin/v2ray'
echo 'removed: /usr/local/bin/v2ctl'
echo "removed: $DAT_PATH"
echo 'removed: /etc/systemd/system/v2ray.service'
echo 'removed: /etc/systemd/system/v2ray@.service'
echo 'removed: /etc/systemd/system/v2ray.service.d'
echo 'removed: /etc/systemd/system/v2ray@.service.d'
echo 'Please execute the command: systemctl disable v2ray'
echo "You may need to execute a command to remove dependent software: $PACKAGE_MANAGEMENT_REMOVE curl unzip"
echo 'info: V2Ray has been removed.'
echo 'info: If necessary, manually delete the configuration and log files.'
if [[ -n "$JSONS_PATH" ]]; then
echo "info: e.g., $JSONS_PATH and /var/log/v2ray/ ..."
else
echo "info: e.g., $JSON_PATH and /var/log/v2ray/ ..."
fi
exit 0
fi
else
echo 'error: V2Ray is not installed.'
exit 1
fi
}
# Explanation of parameters in the script
show_help() {
echo "usage: $0 [--remove | --version number | -c | -f | -h | -l | -p]"
echo ' [-p address] [--version number | -c | -f]'
echo ' --remove Remove V2Ray'
echo ' --version Install the specified version of V2Ray, e.g., --version v4.18.0'
echo ' -c, --check Check if V2Ray can be updated'
echo ' -f, --force Force installation of the latest version of V2Ray'
echo ' -h, --help Show help'
echo ' -l, --local Install V2Ray from a local file'
echo ' -p, --proxy Download through a proxy server, e.g., -p http://127.0.0.1:8118 or -p socks5://127.0.0.1:1080'
exit 0
}
main() {
check_if_running_as_root
identify_the_operating_system_and_architecture
judgment_parameters "$@"
install_software "$package_provide_tput" 'tput'
red=$(tput setaf 1)
green=$(tput setaf 2)
aoi=$(tput setaf 6)
reset=$(tput sgr0)
# Parameter information
[[ "$HELP" -eq '1' ]] && show_help
[[ "$CHECK" -eq '1' ]] && check_update
[[ "$REMOVE" -eq '1' ]] && remove_v2ray
# Two very important variables
TMP_DIRECTORY="$(mktemp -d)"
ZIP_FILE="${TMP_DIRECTORY}/v2ray-linux-$MACHINE.zip"
# Install V2Ray from a local file, but still need to make sure the network is available
if [[ "$LOCAL_INSTALL" -eq '1' ]]; then
echo 'warn: Install V2Ray from a local file, but still need to make sure the network is available.'
echo -n 'warn: Please make sure the file is valid because we cannot confirm it. (Press any key) ...'
read -r
install_software 'unzip' 'unzip'
decompression "$LOCAL_FILE"
else
# Normal way
install_software 'curl' 'curl'
get_version
NUMBER="$?"
if [[ "$NUMBER" -eq '0' ]] || [[ "$FORCE" -eq '1' ]] || [[ "$NUMBER" -eq 2 ]]; then
echo "info: Installing V2Ray $RELEASE_VERSION for $(uname -m)"
download_v2ray
if [[ "$?" -eq '1' ]]; then
"rm" -r "$TMP_DIRECTORY"
echo "removed: $TMP_DIRECTORY"
exit 0
fi
install_software 'unzip' 'unzip'
decompression "$ZIP_FILE"
elif [[ "$NUMBER" -eq '1' ]]; then
echo "info: No new version. The current version of V2Ray is $CURRENT_VERSION ."
exit 0
fi
fi
# Determine if V2Ray is running
if systemctl list-unit-files | grep -qw 'v2ray'; then
if [[ -n "$(pidof v2ray)" ]]; then
stop_v2ray
V2RAY_RUNNING='1'
fi
fi
install_v2ray
install_startup_service_file
echo 'installed: /usr/local/bin/v2ray'
echo 'installed: /usr/local/bin/v2ctl'
# If the file exists, the content output of installing or updating geoip.dat and geosite.dat will not be displayed
if [[ ! -f "${DAT_PATH}/.undat" ]]; then
echo "installed: ${DAT_PATH}/geoip.dat"
echo "installed: ${DAT_PATH}/geosite.dat"
fi
if [[ "$CONFIG_NEW" -eq '1' ]]; then
echo "installed: ${JSON_PATH}/config.json"
fi
if [[ "$CONFDIR" -eq '1' ]]; then
echo "installed: ${JSON_PATH}/00_log.json"
echo "installed: ${JSON_PATH}/01_api.json"
echo "installed: ${JSON_PATH}/02_dns.json"
echo "installed: ${JSON_PATH}/03_routing.json"
echo "installed: ${JSON_PATH}/04_policy.json"
echo "installed: ${JSON_PATH}/05_inbounds.json"
echo "installed: ${JSON_PATH}/06_outbounds.json"
echo "installed: ${JSON_PATH}/07_transport.json"
echo "installed: ${JSON_PATH}/08_stats.json"
echo "installed: ${JSON_PATH}/09_reverse.json"
fi
if [[ "$LOG" -eq '1' ]]; then
echo 'installed: /var/log/v2ray/'
echo 'installed: /var/log/v2ray/access.log'
echo 'installed: /var/log/v2ray/error.log'
fi
if [[ "$SYSTEMD" -eq '1' ]]; then
echo 'installed: /etc/systemd/system/v2ray.service'
echo 'installed: /etc/systemd/system/v2ray@.service'
fi
"rm" -r "$TMP_DIRECTORY"
echo "removed: $TMP_DIRECTORY"
if [[ "$LOCAL_INSTALL" -eq '1' ]]; then
get_version
fi
echo "info: V2Ray $RELEASE_VERSION is installed."
echo "You may need to execute a command to remove dependent software: $PACKAGE_MANAGEMENT_REMOVE curl unzip"
if [[ "$V2RAY_RUNNING" -eq '1' ]]; then
start_v2ray
else
echo 'Please execute the command: systemctl enable v2ray; systemctl start v2ray'
fi
}
main "$@"

BIN
v2ray示例/v2ray-Socks5/v2ray-linux-64_v4.32.1.zip Normal file
View File

Binary file not shown.

65
v2ray示例/斐讯K2P升级padavan固件/k2p的使用.iptables Normal file
View File

@@ -0,0 +1,65 @@
# 设置策略路由
# 添加路由表 100
sudo ip route add local default dev lo table 100
# 为路由表 100 设定规则
ip rule add fwmark 1 table 100
# 创建XRAY过滤器链
iptables -t mangle -N XRAY
# 代理局域网设备
iptables -t mangle -A XRAY -d 10.0.0.0/8 -j RETURN
iptables -t mangle -A XRAY -d 100.64.0.0/10 -j RETURN
iptables -t mangle -A XRAY -d 127.0.0.0/8 -j RETURN
iptables -t mangle -A XRAY -d 169.254.0.0/16 -j RETURN
iptables -t mangle -A XRAY -d 172.16.0.0/12 -j RETURN
iptables -t mangle -A XRAY -d 192.0.0.0/24 -j RETURN
iptables -t mangle -A XRAY -d 224.0.0.0/4 -j RETURN
iptables -t mangle -A XRAY -d 240.0.0.0/4 -j RETURN
iptables -t mangle -A XRAY -d 255.255.255.255/32 -j RETURN
# 直连局域网,避免 XRAY 无法启动时无法连网关的 SSH如果你配置的是其他网段如 10.x.x.x 等),则修改成自己的
iptables -t mangle -A XRAY -d 10.10.10.0/24 -p tcp -j RETURN
# 直连局域网53 端口除外(因为要使用 XRAY 的 DNS)
iptables -t mangle -A XRAY -d 10.10.10.0/24 -p udp ! --dport 53 -j RETURN
# 直连 SO_MARK 为 0xff 的流量(0xff 是 16 进制数数值上等同与上面XRAY 配置的 255)此规则目的是解决XRAY占用大量CPUhttps://github.com/XRAY/XRAY-core/issues/2621
#iptables -t mangle -A XRAY -j RETURN -m mark --mark 0xff
# 给 UDP 打标记 1转发至 12345 端口
iptables -t mangle -A XRAY -p udp -j TPROXY --on-port 12345 --tproxy-mark 1
# 给 TCP 打标记 1转发至 12345 端口
iptables -t mangle -A XRAY -p tcp -j TPROXY --on-port 12345 --tproxy-mark 1
# 应用规则
iptables -t mangle -A PREROUTING -j XRAY
# 代理网关本机
iptables -t mangle -N XRAY_SELF
iptables -t mangle -A XRAY_SELF -d 10.0.0.0/8 -j RETURN
iptables -t mangle -A XRAY_SELF -d 100.64.0.0/10 -j RETURN
iptables -t mangle -A XRAY_SELF -d 127.0.0.0/8 -j RETURN
iptables -t mangle -A XRAY_SELF -d 169.254.0.0/16 -j RETURN
iptables -t mangle -A XRAY_SELF -d 172.16.0.0/12 -j RETURN
iptables -t mangle -A XRAY_SELF -d 192.0.0.0/24 -j RETURN
iptables -t mangle -A XRAY_SELF -d 224.0.0.0/4 -j RETURN
iptables -t mangle -A XRAY_SELF -d 240.0.0.0/4 -j RETURN
iptables -t mangle -A XRAY_SELF -d 255.255.255.255/32 -j RETURN
iptables -t mangle -A XRAY_SELF -d 10.10.10.0/24 -p tcp -j RETURN # 直连局域网
# 直连局域网53 端口除外(因为要使用 XRAY 的 DNS
iptables -t mangle -A XRAY_SELF -d 10.10.10.0/24 -p udp ! --dport 53 -j RETURN
# 直连 SO_MARK 为 0xff 的流量(0xff 是 16 进制数数值上等同与上面XRAY 配置的 255),此规则目的是避免代理本机(网关)流量出现回环问题
#iptables -t mangle -A XRAY_SELF -m mark --mark 0xff -j RETURN
iptables -t mangle -A XRAY_SELF -m mark --mark 2 -j RETURN
# 给 UDP 打标记,重路由
iptables -t mangle -A XRAY_SELF -p udp -j MARK --set-mark 1
# 给 TCP 打标记,重路由
iptables -t mangle -A XRAY_SELF -p tcp -j MARK --set-mark 1
# 应用规则
iptables -t mangle -A OUTPUT -j XRAY_SELF

200
v2ray示例/斐讯K2P升级padavan固件/v2ray配置-透明代理.json Normal file
View File

@@ -0,0 +1,200 @@
{
"log": {
"loglevel": "warning"
},
"inbounds": [
{
"tag": "all-in",
"port": 12345,
"protocol": "dokodemo-door",
"settings": {
"network": "tcp,udp",
"followRedirect": true
},
"sniffing": {
"enabled": true,
"destOverride": [
"http",
"tls"
]
},
"streamSettings": {
"sockopt": {
"tproxy": "tproxy"
}
}
},
{
"protocol": "socks",
"port": 22999,
"listen": "0.0.0.0",
"sniffing": {
"enabled": true,
"destOverride": [
"http",
"tls"
]
},
"settings": {
"auth": "none",
"udp": true,
"userLevel": 10
},
"streamSettings": {
"sockopt": {
"tproxy": "tproxy"
}
}
}
],
"outbounds": [
{
"tag": "direct",
"protocol": "freedom",
"settings": {
"domainStrategy": "UseIPv4"
},
"streamSettings": {
"sockopt": {
"mark": 2
}
}
},
{
"tag": "proxy",
"protocol": "vless",
"settings": {
"vnext": [
{
"address": "43.154.83.213",
"port": 29999,
"users": [
{
"id": "fc903f5d-a007-482b-928c-570da9a851f9",
"alterId": 0,
"email": "192.168.11.19@qq.com",
"security": "auto",
"encryption": "none",
"flow": "xtls-rprx-direct"
}
]
}
]
},
"streamSettings": {
"network": "tcp",
"security": "xtls",
"xtlsSettings": {
"serverName": "tencent-hk-11.17.107421.xyz",
"allowInsecure": true,
"rejectUnknownSni": false,
"alpn": [
"h2",
"http/1.1"
],
"minVersion": "1.2",
"maxVersion": "1.3"
},
"sockopt": {
"mark": 2
}
}
},
{
"tag": "block",
"protocol": "blackhole",
"settings": {
"response": {
"type": "http"
}
}
},
{
"tag": "dns-out",
"protocol": "dns",
"settings": {
"address": "8.8.8.8"
},
"proxySettings": {
"tag": "proxy"
},
"streamSettings": {
"sockopt": {
"mark": 2
}
}
}
],
"dns": {
"hosts": {
"icederce.io": "192.168.11.19"
},
"servers": [
{
"address": "223.5.5.5",
"port": 53,
"domains": [
"geosite:cn"
],
"expectIPs": [
"geoip:cn"
]
},
{
"address": "119.29.29.29",
"port": 53,
"domains": [
"geosite:cn"
],
"expectIPs": [
"geoip:cn"
]
},
"8.8.8.8",
"1.1.1.1",
"https+local://doh.dns.sb/dns-query"
]
},
"routing": {
"domainStrategy": "IPIfNonMatch",
"rules": [
{
"type": "field",
"inboundTag": [
"all-in"
],
"port": 53,
"outboundTag": "dns-out"
},
{
"type": "field",
"ip": [
"8.8.8.8",
"1.1.1.1"
],
"outboundTag": "proxy"
},
{
"type": "field",
"domain": [
"geosite:category-ads-all"
],
"outboundTag": "block"
},
{
"type": "field",
"domain": [
"geosite:geolocation-!cn"
],
"outboundTag": "proxy"
},
{
"type": "field",
"domains": [
"geosite:cn"
],
"outboundTag": "direct"
}
]
}
}

76
v2ray示例/旁路由-透明代理/HomeProxy/Tproxy/iptables-homeProxy-实际使用.sh Normal file
View File

@@ -0,0 +1,76 @@
#!/usr/bin/env bash
# 设置策略路由
# 添加路由表 100
sudo ip route add local default dev lo table 100
# 为路由表 100 设定规则
+ip rule add fwmark 1 table 100
# 创建XRAY过滤器链
iptables -t mangle -N XRAY
# 代理局域网设备
iptables -t mangle -A XRAY -d 10.0.0.0/8 -j RETURN
iptables -t mangle -A XRAY -d 100.64.0.0/10 -j RETURN
iptables -t mangle -A XRAY -d 127.0.0.0/8 -j RETURN
iptables -t mangle -A XRAY -d 169.254.0.0/16 -j RETURN
iptables -t mangle -A XRAY -d 172.0.0.0/8 -j RETURN
iptables -t mangle -A XRAY -d 224.0.0.0/4 -j RETURN
iptables -t mangle -A XRAY -d 255.255.255.255/32 -j RETURN
# 直连局域网,避免 XRAY 无法启动时无法连网关的 SSH如果你配置的是其他网段如 10.x.x.x 等),则修改成自己的
iptables -t mangle -A XRAY -d 192.168.233.0/24 -p tcp -j RETURN
# 直连局域网53 端口除外(因为要使用 XRAY 的 DNS)
iptables -t mangle -A XRAY -d 192.168.233.0/24 -p udp ! --dport 53 -j RETURN
# 给 UDP 打标记 1转发至 12345 端口
iptables -t mangle -A XRAY -i ens3 -p udp -j TPROXY --on-port 12345 --tproxy-mark 1
# 给 TCP 打标记 1转发至 12345 端口
iptables -t mangle -A XRAY -i ens3 -p tcp -j TPROXY --on-port 12345 --tproxy-mark 1
# 应用规则
iptables -t mangle -A PREROUTING -j XRAY
# 代理网关本机
iptables -t mangle -N XRAY_SELF
iptables -t mangle -A XRAY -d 10.0.0.0/8 -j RETURN
iptables -t mangle -A XRAY -d 100.64.0.0/10 -j RETURN
iptables -t mangle -A XRAY -d 127.0.0.0/8 -j RETURN
iptables -t mangle -A XRAY -d 169.254.0.0/16 -j RETURN
iptables -t mangle -A XRAY -d 172.0.0.0/8 -j RETURN
iptables -t mangle -A XRAY -d 224.0.0.0/4 -j RETURN
iptables -t mangle -A XRAY -d 255.255.255.255/32 -j RETURN
iptables -t mangle -A XRAY_SELF -d 192.168.233.0/24 -p tcp -j RETURN # 直连局域网
# 直连局域网53 端口除外(因为要使用 XRAY 的 DNS
iptables -t mangle -A XRAY_SELF -d 192.168.233.0/24 -p udp ! --dport 53 -j RETURN
# 除了上述的所有流量均为进入PostRouting的流量需要判定mark标记然后释放
iptables -t mangle -A XRAY_SELF -m mark --mark 23 -j RETURN
# 为CoreDNS开启PostRouting流量
# 请求UDP-53的流量 放行请求国内dns的请求直接出去
iptables -t mangle -A XRAY_SELF -i ens3 -p udp --dport 53 -j RETURN
# 请求DNS over TLS - 853 的流量 需要重新回到Xray中走代理
#iptables -t mangle -A XRAY_SELF -p tcp --dport 853 -j RETURN
#iptables -t mangle -A XRAY_SELF -p udp --dport 853 -j RETURN
# 所有其他流量,需要重路由
# 给 UDP 打标记,重路由
iptables -t mangle -A XRAY_SELF -i ens3 -p udp -j MARK --set-mark 1
# 给 TCP 打标记,重路由
iptables -t mangle -A XRAY_SELF -i ens3 -p tcp -j MARK --set-mark 1
# 应用规则
iptables -t mangle -A OUTPUT -j XRAY_SELF
# 新建 DIVERT 规则,避免已有连接的包二次通过 TPROXY理论上有一定的性能提升
iptables -t mangle -N DIVERT
iptables -t mangle -A DIVERT -i ens3 -j MARK --set-mark 1
iptables -t mangle -A DIVERT -j ACCEPT
iptables -t mangle -I PREROUTING -p tcp -m socket -j DIVERT

18
v2ray示例/旁路由-透明代理/HomeProxy/Tproxy/remove-tporxy-iptables.sh Normal file
View File

@@ -0,0 +1,18 @@
#!/usr/bin/ bash
iptables -t mangle -F XRAY
iptables -t mangle -F XRAY_SELF
iptables -t mangle -F DIVERT
iptables -t mangle -D PREROUTING -j XRAY
iptables -t mangle -D PREROUTING 1
iptables -t mangle -X XRAY
iptables -t mangle -X DIVERT
iptables -t mangle -D OUTPUT -j XRAY_SELF
iptables -t mangle -X XRAY_SELF
sudo ip route del local default dev lo table 100
iptables -t mangle -nL --line-number

185
v2ray示例/旁路由-透明代理/HomeProxy/Xray-Config/Home-Gateway使用的Xray-配置.json Normal file
View File

@@ -0,0 +1,185 @@
{
"log": {
"loglevel": "warning",
"error": "/var/log/xray/error.log",
"access": "/var/log/xray/access.log"
},
"inbounds": [
{
"tag": "all-in",
"port": 12345,
"protocol": "dokodemo-door",
"settings": {
"network": "tcp,udp",
"followRedirect": true
},
"sniffing": {
"enabled": true,
"destOverride": [
"http",
"tls"
]
},
"streamSettings": {
"sockopt": {
"tproxy": "tproxy"
}
}
},
{
"protocol": "socks",
"port": 22999,
"listen": "0.0.0.0",
"sniffing": {
"enabled": true,
"destOverride": [
"http",
"tls"
]
},
"settings": {
"auth": "noauth",
"udp": true,
"userLevel": 10
},
"streamSettings": {
"sockopt": {
"tproxy": "tproxy"
}
}
}
],
"outbounds": [
{
"tag": "direct",
"protocol": "freedom",
"settings": {
"domainStrategy": "UseIPv4"
},
"streamSettings": {
"sockopt": {
"mark": 233
}
}
},
{
"tag": "proxy",
"protocol": "vless",
"settings": {
"vnext": [
{
"address": "43.154.83.213",
"port": 29999,
"users": [
{
"id": "fc903f5d-a007-482b-928c-570da9a851f9",
"alterId": 0,
"email": "192.168.11.19@qq.com",
"security": "auto",
"encryption": "none",
"flow": "xtls-rprx-direct"
}
]
}
]
},
"streamSettings": {
"network": "tcp",
"security": "xtls",
"xtlsSettings": {
"serverName": "tencent-hk-11.17.107421.xyz",
"allowInsecure": true,
"rejectUnknownSni": false,
"alpn": [
"h2",
"http/1.1"
],
"minVersion": "1.2",
"maxVersion": "1.3"
},
"sockopt": {
"mark": 233
}
}
},
{
"tag": "block",
"protocol": "blackhole",
"settings": {
"response": {
"type": "http"
}
}
},
{
"tag": "dns-out",
"protocol": "dns",
"streamSettings": {
"sockopt": {
"mark": 233
}
}
}
],
"dns": {
"hosts": {
"proxy.io": "192.168.233.2"
},
"servers": [
{
"address": "223.5.5.5",
"port": 53,
"domains": [
"geosite:cn"
],
"expectIPs": [
"geoip:cn"
]
},
{
"address": "8.8.8.8",
"port": 53,
"domains": [
"geosite:geolocation-!cn"
]
},
"https+local://doh.dns.sb/dns-query"
]
},
"routing": {
"domainStrategy": "IPIfNonMatch",
"rules": [
{
"type": "field",
"inboundTag": [
"all-in"
],
"port": 53,
"outboundTag": "dns-out"
},
{
"type": "field",
"ip": [
"8.8.8.8",
"1.1.1.1"
],
"outboundTag": "proxy"
},
{
"type": "field",
"domain": [
"geosite:category-ads-all"
],
"outboundTag": "block"
},
{
"type": "field",
"domain": [
"travel.state.gov",
"geosite:geolocation-!cn"
],
"outboundTag": "proxy"
}
]
}
}

164
v2ray示例/旁路由-透明代理/HomeProxy/Xray-Config/xray-config-HomeProxy-with-CoreDNS.json Normal file
View File

@@ -0,0 +1,164 @@
// 为了更好的分流体验,请替换默认路由规则文件为 Loyalsoldier/v2ray-rules-dat否则 Xray-core 将无法加载本配置。
//
//sudo curl -oL /usr/local/share/xray/geoip.dat https://cdn.jsdelivr.net/gh/Loyalsoldier/v2ray-rules-dat@release/geoip.dat
//sudo curl -oL /usr/local/share/xray/geosite.dat https://cdn.jsdelivr.net/gh/Loyalsoldier/v2ray-rules-dat@release/geosite.dat
// https://xtls.github.io/document/level-2/tproxy.html#xray-%E9%85%8D%E7%BD%AE
{
"log": {
"loglevel": "warning",
"error": "/var/log/xray/error.log",
"access": "/var/log/xray/access.log"
},
"inbounds": [
{
"tag": "dns-in",
"port": 53,
"protocol": "dokodemo-door",
"settings": {
"address": "192.168.233.2",
"port": 5353,
"network": "udp",
"userLevel": 1
}
},
{
"tag": "all-in",
"port": 12345,
"protocol": "dokodemo-door",
"settings": {
"network": "tcp,udp",
"followRedirect": true
},
"sniffing": {
"enabled": true,
"destOverride": [
"http",
"tls"
]
},
"streamSettings": {
"sockopt": {
"tproxy": "tproxy"
}
}
},
{
"protocol": "socks",
"port": 22999,
"listen": "0.0.0.0",
"sniffing": {
"enabled": true,
"destOverride": [
"http",
"tls"
]
},
"settings": {
"auth": "noauth",
"udp": true,
"userLevel": 10
},
"streamSettings": {
"sockopt": {
"tproxy": "tproxy"
}
}
}
],
"outbounds": [
{
"tag": "proxy",
"protocol": "vless",
"settings": {
"vnext": [
{
"address": "43.154.83.213",
"port": 29999,
"users": [
{
"id": "fc903f5d-a007-482b-928c-570da9a851f9",
"alterId": 0,
"email": "192.168.11.19@qq.com",
"security": "auto",
"encryption": "none",
"flow": "xtls-rprx-direct"
}
]
}
]
},
"streamSettings": {
"network": "tcp",
"security": "xtls",
"xtlsSettings": {
"serverName": "tencent-hk-11.17.107421.xyz",
"allowInsecure": true,
"rejectUnknownSni": false,
"alpn": [
"h2",
"http/1.1"
],
"minVersion": "1.2",
"maxVersion": "1.3"
},
"sockopt": {
"mark": 23
}
}
},
{
"tag": "direct",
"protocol": "freedom",
"settings": {
"domainStrategy": "UseIPv4"
},
"streamSettings": {
"sockopt": {
"mark": 23
}
}
},
{
"tag": "block",
"protocol": "blackhole"
}
],
"routing": {
"domainStrategy": "IPIfNonMatch",
"rules": [
{
"type": "field",
"ip": [
"geoip:private",
"geoip:cn"
],
"domain": [
"geosite:cn",
"geosite:apple-cn"
],
"outboundTag": "direct"
},
{
"type": "field",
"ip": [
"8.8.8.8",
"8.8.4.4",
"1.1.1.1",
"1.0.0.1"
],
"domain": [
"geosite:geolocation-!cn"
],
"outboundTag": "proxy"
},
{
"type": "field",
"domain": [
"geosite:category-ads-all"
],
"outboundTag": "block"
}
]
}
}

167
v2ray示例/旁路由-透明代理/HomeProxy/Xray-Config/实际-简洁路由HomeProxy-with-CoreDNS.json Normal file
View File

@@ -0,0 +1,167 @@
{
"log": {
"loglevel": "warning",
"error": "/var/log/xray/error.log",
"access": "/var/log/xray/access.log"
},
"inbounds": [
{
"tag": "dns-in",
"port": 53,
"protocol": "dokodemo-door",
"settings": {
"address": "192.168.233.2",
"port": 5353,
"network": "udp",
"userLevel": 1
}
},
{
"tag": "all-in",
"port": 12345,
"protocol": "dokodemo-door",
"settings": {
"network": "tcp,udp",
"followRedirect": true
},
"sniffing": {
"enabled": true,
"destOverride": [
"http",
"tls"
]
},
"streamSettings": {
"sockopt": {
"tproxy": "tproxy"
}
}
},
{
"protocol": "socks",
"port": 22999,
"listen": "0.0.0.0",
"sniffing": {
"enabled": true,
"destOverride": [
"http",
"tls"
]
},
"settings": {
"auth": "noauth",
"udp": true,
"userLevel": 10
},
"streamSettings": {
"sockopt": {
"tproxy": "tproxy"
}
}
}
],
"outbounds": [
{
"tag": "direct",
"protocol": "freedom",
"settings": {
"domainStrategy": "UseIPv4"
},
"streamSettings": {
"sockopt": {
"mark": 23
}
}
},
{
"tag": "proxy",
"protocol": "vless",
"settings": {
"vnext": [
{
"address": "43.154.83.213",
"port": 29999,
"users": [
{
"id": "fc903f5d-a007-482b-928c-570da9a851f9",
"alterId": 0,
"email": "192.168.11.19@qq.com",
"security": "auto",
"encryption": "none",
"flow": "xtls-rprx-direct"
}
]
}
]
},
"streamSettings": {
"network": "tcp",
"security": "xtls",
"xtlsSettings": {
"serverName": "tencent-hk-11.17.107421.xyz",
"allowInsecure": true,
"rejectUnknownSni": false,
"alpn": [
"h2",
"http/1.1"
],
"minVersion": "1.2",
"maxVersion": "1.3"
},
"sockopt": {
"mark": 23
}
}
},
{
"tag": "block",
"protocol": "blackhole"
}
],
"routing": {
"domainStrategy": "IPIfNonMatch",
"rules": [
{
"type": "field",
"ip": [
"geoip:google",
"geoip:us",
"geoip:facebook",
"geoip:jp",
"geoip:facebook",
"geoip:telegram",
"geoip:twitter",
"1.1.1.1/32",
"1.0.0.1/32",
"8.8.8.8/32",
"8.8.4.4/32"
],
"domain": [
"github.com",
"youtube.com",
"geosite:gfw",
"geosite:greatfire",
"chatgpt.107421.xyz"
],
"outboundTag": "proxy"
},
{
"type": "field",
"ip": [
"223.5.5.5/32",
"119.29.29.29/32",
"180.76.76.76/32",
"114.114.114.114/32",
"geoip:cn",
"geoip:private"
],
"domain": [
"superwdd-my.sharepoint.com",
"sharepoint.com",
"geosite:apple-cn"
],
"outboundTag": "direct"
}
]
}
}

27
v2ray示例/旁路由-透明代理/HomeProxy/Xray-Config/自动更新路由规则.sh Normal file
View File

@@ -0,0 +1,27 @@
#!/bin/bash
LogPath=/var/log/xray/geoip_update.log
rm -rf /usr/local/share/xray/geosite.dat
rm -rf /usr/local/share/xray/geoip.dat
echo "current time is $(date), start to update geo ip for xray" >> $LogPath
curl --connect-timeout 5 -s -o /dev/null https://www.google.com
if [[ $? -eq 0 ]];then
echo "start to download from github !"
wget https://github.com/Loyalsoldier/v2ray-rules-dat/releases/latest/download/geosite.dat -O /usr/local/share/xray/geosite.dat
wget https://github.com/Loyalsoldier/v2ray-rules-dat/releases/latest/download/geoip.dat -O /usr/local/share/xray/geoip.dat
else
echo "start to download from jsdelivr !"
wget https://cdn.jsdelivr.net/gh/Loyalsoldier/v2ray-rules-dat@release/geosite.dat -O /usr/local/share/xray/geosite.dat
wget https://cdn.jsdelivr.net/gh/Loyalsoldier/v2ray-rules-dat@release/geoip.dat -O /usr/local/share/xray/geoip.dat
fi
echo "start to restrat xray !" >> $LogPath
systemctl restart xray

9
v2ray示例/旁路由-透明代理/HomeProxy/自建CoreDNS服务器/1-docker-redis-bitnami.sh Normal file
View File

@@ -0,0 +1,9 @@
#!/usr/bin/env bash
docker run \
-d \
--name redis \
-p 16379:6379 \
-e ALLOW_EMPTY_PASSWORD=yes \
bitnami/redis:6.2.7

72
v2ray示例/旁路由-透明代理/HomeProxy/自建CoreDNS服务器/2-CoreDNS Config Corefile.sh Normal file
View File

@@ -0,0 +1,72 @@
#!/usr/bin/env bash
cat > /etc/coredns/Corefile <<EOF
# https://coredns.io/plugins/cache/
(global_cache) {
cache {
# [5, 60]
success 65536 7200 900
# [1, 10]
denial 8192 600 60
prefetch 1 60m 10%
}
}
.:5353 {
ads {
default-lists
blacklist https://raw.githubusercontent.com/privacy-protection-tools/anti-AD/master/anti-ad-domains.txt
whitelist https://files.krnl.eu/whitelist.txt
log
auto-update-interval 24h
list-store ads-cache
}
errors
# health
# prometheus :9153
import global_cache
template ANY AAAA {
rcode NXDOMAIN
}
dnsredir accelerated-domains.china.conf google.china.conf apple.china.conf mydns.conf {
expire 15s
max_fails 3
health_check 3s
policy round_robin
path_reload 2s
to 223.5.5.5 119.29.29.29 114.114.114.114
no_ipv6
}
hosts {
fallthrough
}
dnsredir . {
expire 60s
max_fails 5
health_check 5s
policy random
spray
to tls://8.8.8.8@dns.google tls://8.8.4.4@dns.google
to tls://1.1.1.1:853 tls://1.0.0.1:853
# to tcp://8.8.8.8
# Global TLS server name
# tls_servername cloudflare-dns.com
}
log
loop
reload 6s
}
EOF

24
v2ray示例/旁路由-透明代理/HomeProxy/自建CoreDNS服务器/3-coredns-daemon-service.sh Normal file
View File

@@ -0,0 +1,24 @@
#!bin/bash
cat > /etc/systemd/system/coredns.service << EOF
[Unit]
Description=CoreDNS DNS - Custom Build Plugins server
Documentation=https://coredns.minidump.info/
After=network.target
[Service]
PermissionsStartOnly=true
LimitNOFILE=1048576
LimitNPROC=512
CapabilityBoundingSet=CAP_NET_BIND_SERVICE
AmbientCapabilities=CAP_NET_BIND_SERVICE
NoNewPrivileges=true
User=coredns
WorkingDirectory=~
ExecStart=/usr/local/bin/coredns -conf=/etc/coredns/Corefile
ExecReload=/bin/kill -SIGUSR1 $MAINPID
Restart=on-failure
[Install]
WantedBy=multi-user.target
EOF

16
v2ray示例/旁路由-透明代理/HomeProxy/自建CoreDNS服务器/3-update-coredns.sh Normal file
View File

@@ -0,0 +1,16 @@
#!/usr/bin/env bash
cat > /usr/local/bin/update_coredns.sh <<EOF
#!/bin/bash
cd /usr/local/etc/
rm accelerated-domains.china.conf
wget https://jsdelivr.icloudnative.io/gh/felixonmars/dnsmasq-china-list/accelerated-domains.china.conf -O /usr/local/etc/accelerated-domains.china.conf
rm apple.china.conf
wget https://jsdelivr.icloudnative.io/gh/felixonmars/dnsmasq-china-list/apple.china.conf -O /usr/local/etc/apple.china.conf
rm google.china.conf
wget https://jsdelivr.icloudnative.io/gh/felixonmars/dnsmasq-china-list/google.china.conf -O /usr/local/etc/google.china.conf
EOF
sudo chmod +x /usr/local/bin/update_coredns.sh

30
v2ray示例/旁路由-透明代理/HomeProxy/自建CoreDNS服务器/Corefile-GitHub Normal file
View File

@@ -0,0 +1,30 @@
.:5353 {
ads {
strict-default-lists
blacklist https://raw.githubusercontent.com/privacy-protection-tools/anti-AD/master/anti-ad-domains.txt
whitelist https://files.krnl.eu/whitelist.txt
log
auto-update-interval 48h
list-store ads-cache
}
hosts {
fallthrough
}
forward . tcp://8.8.8.8 127.0.0.1:53001 {
log
cache
redisc {
endpoint 16379
}
health
reload
}
.:53001 {
bind 127.0.0.1
forward . tls://1.1.1.1:853 {
tls_servername cloudflare-dns.com
}
cache
}

BIN
v2ray示例/旁路由-透明代理/HomeProxy/自建CoreDNS服务器/coredns-linux-amd64.zip Normal file
View File

Binary file not shown.

BIN
v2ray示例/旁路由-透明代理/Xray透明代理配置/geoip.dat Normal file
View File

Binary file not shown.

40452
v2ray示例/旁路由-透明代理/Xray透明代理配置/geosite.dat Normal file
View File

File diff suppressed because one or more lines are too long

191
v2ray示例/旁路由-透明代理/Xray透明代理配置/v2ray透明代理配置-2.json Normal file
View File

@@ -0,0 +1,191 @@
// https://guide.v2fly.org/app/tproxy.html#%E4%B8%BA-v2ray-%E9%85%8D%E7%BD%AE%E9%80%8F%E6%98%8E%E4%BB%A3%E7%90%86%E7%9A%84%E5%85%A5%E7%AB%99%E5%92%8C-dns-%E5%88%86%E6%B5%81
{
"inbounds": [
{
"tag":"transparent",
"port": 12345,
"protocol": "dokodemo-door",
"settings": {
"network": "tcp,udp",
"followRedirect": true
},
"sniffing": {
"enabled": true,
"destOverride": [
"http",
"tls"
]
},
"streamSettings": {
"sockopt": {
"tproxy": "tproxy", // 透明代理使用 TPROXY 方式
"mark":255
}
}
},
{
"port": 1080,
"protocol": "socks", // 入口协议为 SOCKS 5
"sniffing": {
"enabled": true,
"destOverride": ["http", "tls"]
},
"settings": {
"auth": "noauth"
}
}
],
"outbounds": [
{
"tag": "proxy",
"protocol": "vmess", // 代理服务器
"settings": {
"vnext": [
...
]
},
"streamSettings": {
"sockopt": {
"mark": 255
}
},
"mux": {
"enabled": true
}
},
{
"tag": "direct",
"protocol": "freedom",
"settings": {
"domainStrategy": "UseIP"
},
"streamSettings": {
"sockopt": {
"mark": 255
}
}
},
{
"tag": "block",
"protocol": "blackhole",
"settings": {
"response": {
"type": "http"
}
}
},
{
"tag": "dns-out",
"protocol": "dns",
"streamSettings": {
"sockopt": {
"mark": 255
}
}
}
],
"dns": {
"servers": [
{
"address": "223.5.5.5", //中国大陆域名使用阿里的 DNS
"port": 53,
"domains": [
"geosite:cn",
"ntp.org", // NTP 服务器
"$myserver.address" // 此处改为你 VPS 的域名
]
},
{
"address": "114.114.114.114", //中国大陆域名使用 114 的 DNS (备用)
"port": 53,
"domains": [
"geosite:cn",
"ntp.org", // NTP 服务器
"$myserver.address" // 此处改为你 VPS 的域名
]
},
{
"address": "8.8.8.8", //非中国大陆域名使用 Google 的 DNS
"port": 53,
"domains": [
"geosite:geolocation-!cn"
]
},
{
"address": "1.1.1.1", //非中国大陆域名使用 Cloudflare 的 DNS
"port": 53,
"domains": [
"geosite:geolocation-!cn"
]
}
]
},
"routing": {
"domainStrategy": "IPOnDemand",
"rules": [
{ // 劫持 53 端口 UDP 流量,使用 V2Ray 的 DNS
"type": "field",
"inboundTag": [
"transparent"
],
"port": 53,
"network": "udp",
"outboundTag": "dns-out"
},
{ // 直连 123 端口 UDP 流量NTP 协议)
"type": "field",
"inboundTag": [
"transparent"
],
"port": 123,
"network": "udp",
"outboundTag": "direct"
},
{
"type": "field",
"ip": [
// 设置 DNS 配置中的国内 DNS 服务器地址直连,以达到 DNS 分流目的
"223.5.5.5",
"114.114.114.114"
],
"outboundTag": "direct"
},
{
"type": "field",
"ip": [
// 设置 DNS 配置中的国外 DNS 服务器地址走代理,以达到 DNS 分流目的
"8.8.8.8",
"1.1.1.1"
],
"outboundTag": "proxy" // 改为你自己代理的出站 tag
},
{ // 广告拦截
"type": "field",
"domain": [
"geosite:category-ads-all"
],
"outboundTag": "block"
},
{ // BT 流量直连
"type": "field",
"protocol":["bittorrent"],
"outboundTag": "direct"
},
{ // 直连中国大陆主流网站 ip 和 保留 ip
"type": "field",
"ip": [
"geoip:private",
"geoip:cn"
],
"outboundTag": "direct"
},
{ // 直连中国大陆主流网站域名
"type": "field",
"domain": [
"geosite:cn"
],
"outboundTag": "direct"
}
]
}
}

150
v2ray示例/旁路由-透明代理/Xray透明代理配置/xray透明代理配置-1.json Normal file
View File

@@ -0,0 +1,150 @@
// 为了更好的分流体验,请替换默认路由规则文件为 Loyalsoldier/v2ray-rules-dat否则 Xray-core 将无法加载本配置。
//
//sudo curl -oL /usr/local/share/xray/geoip.dat https://cdn.jsdelivr.net/gh/Loyalsoldier/v2ray-rules-dat@release/geoip.dat
//sudo curl -oL /usr/local/share/xray/geosite.dat https://cdn.jsdelivr.net/gh/Loyalsoldier/v2ray-rules-dat@release/geosite.dat
// https://xtls.github.io/document/level-2/tproxy.html#xray-%E9%85%8D%E7%BD%AE
{
"log": {
"loglevel": "warning",
"error": "/var/log/xray/error.log",
"access": "/var/log/xray/access.log"
},
"inbounds": [
{
"tag": "all-in",
"port": 12345,
"protocol": "dokodemo-door",
"settings": {
"network": "tcp,udp",
"followRedirect": true
},
"sniffing": {
"enabled": true,
"destOverride": ["http", "tls"]
},
"streamSettings": {
"sockopt": {
"tproxy": "tproxy"
}
}
}
],
"outbounds": [
{
"tag": "direct",
"protocol": "freedom",
"settings": {
"domainStrategy": "UseIPv4"
},
"streamSettings": {
"sockopt": {
"mark": 2
}
}
},
{
"tag": "proxy",
"protocol": "vless",
"settings": {
"vnext": [
{
"address": "服务端域名",
"port": 443,
"users": [
{
"id": "UUID",
"flow": "xtls-rprx-splice",
"encryption": "none"
}
]
}
]
},
"streamSettings": {
"network": "tcp",
"security": "xtls",
"sockopt": {
"mark": 2
}
}
},
{
"tag": "block",
"protocol": "blackhole",
"settings": {
"response": {
"type": "http"
}
}
},
{
"tag": "dns-out",
"protocol": "dns",
"settings": {
"address": "8.8.8.8"
},
"proxySettings": {
"tag": "proxy"
},
"streamSettings": {
"sockopt": {
"mark": 2
}
}
}
],
"dns": {
"hosts": {
"服务端域名": "服务端 IP"
},
"servers": [
{
"address": "119.29.29.29",
"port": 53,
"domains": ["geosite:cn"],
"expectIPs": ["geoip:cn"]
},
{
"address": "223.5.5.5",
"port": 53,
"domains": ["geosite:cn"],
"expectIPs": ["geoip:cn"]
},
"8.8.8.8",
"1.1.1.1",
"https+local://doh.dns.sb/dns-query"
]
},
"routing": {
"domainStrategy": "IPIfNonMatch",
"rules": [
{
"type": "field",
"inboundTag": ["all-in"],
"port": 53,
"outboundTag": "dns-out"
},
{
"type": "field",
"ip": ["8.8.8.8", "1.1.1.1"],
"outboundTag": "proxy"
},
{
"type": "field",
"domain": ["geosite:category-ads-all"],
"outboundTag": "block"
},
{
"type": "field",
"domain": ["geosite:geolocation-!cn"],
"outboundTag": "proxy"
},
{
"type": "field",
"ip": ["geoip:telegram"],
"outboundTag": "proxy"
}
]
}
}

40
v2ray示例/旁路由-透明代理/Xray透明代理配置/实际使用的透明代理XRAY配置-192.168.11.19.json Normal file
View File

@@ -0,0 +1,40 @@
{
"tag": "proxy",
"protocol": "vless",
"settings": {
"vnext": [
{
"address": "43.154.83.213",
"port": 29999,
"users": [
{
"id": "fc903f5d-a007-482b-928c-570da9a851f9",
"alterId": 0,
"email": "192.168.11.19@qq.com",
"security": "auto",
"encryption": "none",
"flow": "xtls-rprx-direct"
}
]
}
]
},
"streamSettings": {
"network": "tcp",
"security": "xtls",
"xtlsSettings": {
"serverName": "tencent-hk-11.17.107421.xyz",
"allowInsecure": true,
"rejectUnknownSni": false,
"alpn": [
"h2",
"http/1.1"
],
"minVersion": "1.2",
"maxVersion": "1.3"
},
"sockopt": {
"mark": 2
}
}
}

25
v2ray示例/旁路由-透明代理/Xray透明代理配置/更新geoip的脚本.sh Normal file
View File

@@ -0,0 +1,25 @@
#!/bin/bash
LogPath=/var/log/xray/geoip_update.log
rm -rf /usr/local/share/xray/geosite.dat
rm -rf /usr/local/share/xray/geoip.dat
echo "current time is $(date), start to update geo ip for xray" >> $LogPath
curl --connect-timeout 5 -s -o /dev/null https://www.google.com
if [[ $? -eq 0 ]];then
echo "start to download from github !"
wget https://github.com/Loyalsoldier/v2ray-rules-dat/releases/latest/download/geosite.dat -O /usr/local/share/xray/geosite.dat
wget https://github.com/Loyalsoldier/v2ray-rules-dat/releases/latest/download/geoip.dat -O /usr/local/share/xray/geoip.dat
else
echo "start to download from jsdelivr !"
wget https://cdn.jsdelivr.net/gh/Loyalsoldier/v2ray-rules-dat@release/geosite.dat -O /usr/local/share/xray/geosite.dat
wget https://cdn.jsdelivr.net/gh/Loyalsoldier/v2ray-rules-dat@release/geoip.dat -O /usr/local/share/xray/geoip.dat
fi
echo "start to restrat xray !" >> $LogPath
systemctl restart xray

40
v2ray示例/旁路由-透明代理/Xray透明代理配置/香港Xray节点.json Normal file
View File

@@ -0,0 +1,40 @@
{
"tag": "proxy",
"protocol": "vless",
"settings": {
"vnext": [
{
"address": "43.154.83.213",
"port": 29999,
"users": [
{
"id": "fc903f5d-a007-482b-928c-570da9a851f9",
"alterId": 0,
"email": "192.168.11.19@qq.com",
"security": "auto",
"encryption": "none",
"flow": "xtls-rprx-direct"
}
]
}
]
},
"streamSettings": {
"network": "tcp",
"security": "xtls",
"xtlsSettings": {
"serverName": "tencent-hk-11.17.107421.xyz",
"allowInsecure": true,
"rejectUnknownSni": false,
"alpn": [
"h2",
"http/1.1"
],
"minVersion": "1.2",
"maxVersion": "1.3"
},
"sockopt": {
"mark": 2
}
}
}

65
v2ray示例/旁路由-透明代理/iptbles规则/实际使用的透明代理-192.168.11.19.iptables Normal file
View File

@@ -0,0 +1,65 @@
# 设置策略路由
# 添加路由表 100
sudo ip route add local default dev lo table 100
# 为路由表 100 设定规则
ip rule add fwmark 1 table 100
# 创建XRAY过滤器链
iptables -t mangle -N XRAY
# 代理局域网设备
iptables -t mangle -A XRAY -d 10.0.0.0/8 -j RETURN
iptables -t mangle -A XRAY -d 100.64.0.0/10 -j RETURN
iptables -t mangle -A XRAY -d 127.0.0.0/8 -j RETURN
iptables -t mangle -A XRAY -d 169.254.0.0/16 -j RETURN
iptables -t mangle -A XRAY -d 172.16.0.0/12 -j RETURN
iptables -t mangle -A XRAY -d 192.0.0.0/24 -j RETURN
iptables -t mangle -A XRAY -d 224.0.0.0/4 -j RETURN
iptables -t mangle -A XRAY -d 240.0.0.0/4 -j RETURN
iptables -t mangle -A XRAY -d 255.255.255.255/32 -j RETURN
# 直连局域网,避免 XRAY 无法启动时无法连网关的 SSH如果你配置的是其他网段如 10.x.x.x 等),则修改成自己的
iptables -t mangle -A XRAY -d 192.168.0.0/16 -p tcp -j RETURN
# 直连局域网53 端口除外(因为要使用 XRAY 的 DNS)
iptables -t mangle -A XRAY -d 192.168.0.0/16 -p udp ! --dport 53 -j RETURN
# 直连 SO_MARK 为 0xff 的流量(0xff 是 16 进制数数值上等同与上面XRAY 配置的 255)此规则目的是解决XRAY占用大量CPUhttps://github.com/XRAY/XRAY-core/issues/2621
#iptables -t mangle -A XRAY -j RETURN -m mark --mark 0xff
# 给 UDP 打标记 1转发至 12345 端口
iptables -t mangle -A XRAY -p udp -j TPROXY --on-port 12345 --tproxy-mark 1
# 给 TCP 打标记 1转发至 12345 端口
iptables -t mangle -A XRAY -p tcp -j TPROXY --on-port 12345 --tproxy-mark 1
# 应用规则
iptables -t mangle -A PREROUTING -j XRAY
# 代理网关本机
iptables -t mangle -N XRAY_SELF
iptables -t mangle -A XRAY_SELF -d 10.0.0.0/8 -j RETURN
iptables -t mangle -A XRAY_SELF -d 100.64.0.0/10 -j RETURN
iptables -t mangle -A XRAY_SELF -d 127.0.0.0/8 -j RETURN
iptables -t mangle -A XRAY_SELF -d 169.254.0.0/16 -j RETURN
iptables -t mangle -A XRAY_SELF -d 172.16.0.0/12 -j RETURN
iptables -t mangle -A XRAY_SELF -d 192.0.0.0/24 -j RETURN
iptables -t mangle -A XRAY_SELF -d 224.0.0.0/4 -j RETURN
iptables -t mangle -A XRAY_SELF -d 240.0.0.0/4 -j RETURN
iptables -t mangle -A XRAY_SELF -d 255.255.255.255/32 -j RETURN
iptables -t mangle -A XRAY_SELF -d 192.168.0.0/16 -p tcp -j RETURN # 直连局域网
# 直连局域网53 端口除外(因为要使用 XRAY 的 DNS
iptables -t mangle -A XRAY_SELF -d 192.168.0.0/16 -p udp ! --dport 53 -j RETURN
# 直连 SO_MARK 为 0xff 的流量(0xff 是 16 进制数数值上等同与上面XRAY 配置的 255),此规则目的是避免代理本机(网关)流量出现回环问题
#iptables -t mangle -A XRAY_SELF -m mark --mark 0xff -j RETURN
iptables -t mangle -A XRAY_SELF -m mark --mark 2 -j RETURN
# 给 UDP 打标记,重路由
iptables -t mangle -A XRAY_SELF -p udp -j MARK --set-mark 1
# 给 TCP 打标记,重路由
iptables -t mangle -A XRAY_SELF -p tcp -j MARK --set-mark 1
# 应用规则
iptables -t mangle -A OUTPUT -j XRAY_SELF

14
v2ray示例/旁路由-透明代理/iptbles规则/转发tailscale的33389端口的流量.iptables Normal file
View File

@@ -0,0 +1,14 @@
iptables -t nat -A PREROUTING -p tcp --dport 3389 -j DNAT --to 192.168.126.37
iptables -t nat -A PREROUTING -p udp --dport 3389 -j DNAT --to 192.168.126.37
iptables -t nat -A PREROUTING -p tcp --dport 3389 -j DNAT --to 192.168.126.41
iptables -t nat -A PREROUTING -p udp --dport 3389 -j DNAT --to 192.168.126.41
## tenda router
iptables -t nat -A PREROUTING -p tcp --dport 3389 -j DNAT --to 192.168.126.32
iptables -t nat -A PREROUTING -p udp --dport 3389 -j DNAT --to 192.168.126.32

32
v2ray示例/旁路由-透明代理/iptbles规则/透明代理-v2ray官方.iptables Normal file
View File

@@ -0,0 +1,32 @@
# 设置策略路由
ip rule add fwmark 1 table 100
ip route add local 0.0.0.0/0 dev lo table 100
# 代理局域网设备
iptables -t mangle -N V2RAY
iptables -t mangle -A V2RAY -d 127.0.0.1/32 -j RETURN
iptables -t mangle -A V2RAY -d 224.0.0.0/4 -j RETURN
iptables -t mangle -A V2RAY -d 255.255.255.255/32 -j RETURN
iptables -t mangle -A V2RAY -d 192.168.0.0/16 -p tcp -j RETURN # 直连局域网,避免 V2Ray 无法启动时无法连网关的 SSH如果你配置的是其他网段如 10.x.x.x 等),则修改成自己的
iptables -t mangle -A V2RAY -d 192.168.0.0/16 -p udp ! --dport 53 -j RETURN # 直连局域网53 端口除外(因为要使用 V2Ray 的 DNS)
iptables -t mangle -A V2RAY -j RETURN -m mark --mark 0xff # 直连 SO_MARK 为 0xff 的流量(0xff 是 16 进制数数值上等同与上面V2Ray 配置的 255)此规则目的是解决v2ray占用大量CPUhttps://github.com/v2ray/v2ray-core/issues/2621
iptables -t mangle -A V2RAY -p udp -j TPROXY --on-ip 127.0.0.1 --on-port 12345 --tproxy-mark 1 # 给 UDP 打标记 1转发至 12345 端口
iptables -t mangle -A V2RAY -p tcp -j TPROXY --on-ip 127.0.0.1 --on-port 12345 --tproxy-mark 1 # 给 TCP 打标记 1转发至 12345 端口
iptables -t mangle -A PREROUTING -j V2RAY # 应用规则
# 代理网关本机
iptables -t mangle -N V2RAY_MASK
iptables -t mangle -A V2RAY_MASK -d 224.0.0.0/4 -j RETURN
iptables -t mangle -A V2RAY_MASK -d 255.255.255.255/32 -j RETURN
iptables -t mangle -A V2RAY_MASK -d 192.168.0.0/16 -p tcp -j RETURN # 直连局域网
iptables -t mangle -A V2RAY_MASK -d 192.168.0.0/16 -p udp ! --dport 53 -j RETURN # 直连局域网53 端口除外(因为要使用 V2Ray 的 DNS
iptables -t mangle -A V2RAY_MASK -j RETURN -m mark --mark 0xff # 直连 SO_MARK 为 0xff 的流量(0xff 是 16 进制数数值上等同与上面V2Ray 配置的 255),此规则目的是避免代理本机(网关)流量出现回环问题
iptables -t mangle -A V2RAY_MASK -p udp -j MARK --set-mark 1 # 给 UDP 打标记,重路由
iptables -t mangle -A V2RAY_MASK -p tcp -j MARK --set-mark 1 # 给 TCP 打标记,重路由
iptables -t mangle -A OUTPUT -j V2RAY_MASK # 应用规则
# 新建 DIVERT 规则,避免已有连接的包二次通过 TPROXY理论上有一定的性能提升
iptables -t mangle -N DIVERT
iptables -t mangle -A DIVERT -j MARK --set-mark 1
iptables -t mangle -A DIVERT -j ACCEPT
iptables -t mangle -I PREROUTING -p tcp -m socket -j DIVERT

40
v2ray示例/旁路由-透明代理/iptbles规则/透明代理-xray官方.iptables Normal file
View File

@@ -0,0 +1,40 @@
sudo ip route add local default dev lo table 100 # 添加路由表 100
sudo ip rule add fwmark 1 table 100 # 为路由表 100 设定规则
iptables -t mangle -N XRAY
iptables -t mangle -A XRAY -d 10.0.0.0/8 -j RETURN
iptables -t mangle -A XRAY -d 100.64.0.0/10 -j RETURN
iptables -t mangle -A XRAY -d 127.0.0.0/8 -j RETURN
iptables -t mangle -A XRAY -d 169.254.0.0/16 -j RETURN
iptables -t mangle -A XRAY -d 172.16.0.0/12 -j RETURN
iptables -t mangle -A XRAY -d 192.0.0.0/24 -j RETURN
iptables -t mangle -A XRAY -d 224.0.0.0/4 -j RETURN
iptables -t mangle -A XRAY -d 240.0.0.0/4 -j RETURN
iptables -t mangle -A XRAY -d 255.255.255.255/32 -j RETURN
iptables -t mangle -A XRAY -d 192.168.0.0/16 -p tcp ! --dport 53 -j RETURN
iptables -t mangle -A XRAY -d 192.168.0.0/16 -p udp ! --dport 53 -j RETURN
iptables -t mangle -A XRAY -p tcp -j TPROXY --on-port 12345 --tproxy-mark 1
iptables -t mangle -A XRAY -p udp -j TPROXY --on-port 12345 --tproxy-mark 1
iptables -t mangle -A PREROUTING -j XRAY
iptables -t mangle -N XRAY_SELF
iptables -t mangle -A XRAY_SELF -d 10.0.0.0/8 -j RETURN
iptables -t mangle -A XRAY_SELF -d 100.64.0.0/10 -j RETURN
iptables -t mangle -A XRAY_SELF -d 127.0.0.0/8 -j RETURN
iptables -t mangle -A XRAY_SELF -d 169.254.0.0/16 -j RETURN
iptables -t mangle -A XRAY_SELF -d 172.16.0.0/12 -j RETURN
iptables -t mangle -A XRAY_SELF -d 192.0.0.0/24 -j RETURN
iptables -t mangle -A XRAY_SELF -d 224.0.0.0/4 -j RETURN
iptables -t mangle -A XRAY_SELF -d 240.0.0.0/4 -j RETURN
iptables -t mangle -A XRAY_SELF -d 255.255.255.255/32 -j RETURN
iptables -t mangle -A XRAY_SELF -d 192.168.0.0/16 -p tcp ! --dport 53 -j RETURN
iptables -t mangle -A XRAY_SELF -d 192.168.0.0/16 -p udp ! --dport 53 -j RETURN
iptables -t mangle -A XRAY_SELF -m mark --mark 2 -j RETURN
iptables -t mangle -A XRAY_SELF -p tcp -j MARK --set-mark 1
iptables -t mangle -A XRAY_SELF -p udp -j MARK --set-mark 1
iptables -t mangle -A OUTPUT -j XRAY_SELF

0
v2ray示例/旁路由-透明代理/基于xray-splice转发的透明代理配置.json Normal file
View File

13
下载中心/youtube/1-systemd-daemon.service Normal file
View File

@@ -0,0 +1,13 @@
# /etc/systemd/system/daemon-rclone-to-onedrive.service
# systemctl restart daemon-rclone-to-onedrive.service
[Unit]
Description=Daemon Rclone To OneDrive
[Service]
ExecStart=/root/app-install/ytdl-material/rclone-sync-to-onedrive.sh
Restart=always
[Install]
WantedBy=multi-user.target

60
下载中心/youtube/1-离线下载中心Rclone守护脚本.sh Normal file
View File

@@ -0,0 +1,60 @@
#!/bin/bash
video_file_path=/data/alist/local/ytdl/video/
rclone_remote=office-wdd
rclone_log_path=/data/alist/local/ytdl/appdata/rclone-to-onedrive.log
build_duplicate_files() {
path=$1
namelist=('How Geography Made The US Ridiculously OP.f399.mp4.part'
'How Geography Made The US Ridiculously OP.f399.mp4.ytdl'
'How Geography Made The US Ridiculously OP.info.json'
"Why Russia's Biggest Threat is Actually China.mp4"
)
for file in $namelist; do
echo "$file"
touch "$file"
done
}
check_duplicate_filenames() {
path=$1
files=$(find $path -type f)
if [ -z "$files" ]; then
echo "there are no files in $path, continue waiting!"
return 1
fi
duplicates=0
for file in $files; do
filename=$(basename $file)
count=$(echo $filename | tr -cd '.' | wc -c)
if [ $count -gt 1 ]; then
echo "find duplicate files in $path, continue waiting!"
duplicates=1
break
fi
done
return $duplicates
}
move_files_to_onedrive() {
echo "[$(date --rfc-3339=seconds | cut -d"+" -f1 | sed "s/ /-/g" | sed "s/:/-/g")] start to move files [ $(find "$video_file_path" -type f -exec basename {} \;) ] to OneDrive" >> $rclone_log_path
rclone move "$video_file_path" "$rclone_remote":/TransVideos --create-empty-src-dirs -P >> $rclone_log_path
echo "[$(date --rfc-3339=seconds | cut -d"+" -f1 | sed "s/ /-/g" | sed "s/:/-/g")] move files [ $(find "$video_file_path" -type f -exec basename {} \;) ] to OneDrive complete!" >> $rclone_log_path
}
while true; do
check_duplicate_filenames "$video_file_path"
result=$?
if [ $result -eq 0 ]; then
move_files_to_onedrive
else
sleep 5
fi
done

13
下载中心/youtube/2-systemd-daemon.service Normal file
View File

@@ -0,0 +1,13 @@
# vim /etc/systemd/system/rclone-sync-from-onedrive.service
# systemctl restart rclone-sync-from-onedrive.service
[Unit]
Description=Daemon Rclone To OneDrive
[Service]
ExecStart=/root/app-install/rclone-sync-from-onedrive.sh
Restart=always
[Install]
WantedBy=multi-user.target

20
下载中心/youtube/2-家庭Rclone守护脚本.sh Normal file
View File

@@ -0,0 +1,20 @@
#!/bin/bash
video_file_path=/data/nfs-share/OneDriveSync/
rclone_remote=office-wdd
rclone_log_path=/data/rlone_sync/rclone-to-onedrive.log
rclone_sync_from_onedrive(){
echo "[$(date --rfc-3339=seconds | cut -d"+" -f1 | sed "s/ /-/g" | sed "s/:/-/g")] sync from OneDrive"
rclone copy "$rclone_remote":/TransVideos "$video_file_path" -P >> $rclone_log_path
}
while true; do
rclone_sync_from_onedrive
sleep 15
done

15
下载中心/youtube/metube-dockercompose.yaml Normal file
View File

@@ -0,0 +1,15 @@
# https://github.com/alexta69/metube
# t0.107421.xyz:28081
version: "3"
services:
metube:
image: ghcr.io/alexta69/metube
container_name: metube
restart: unless-stopped
ports:
- "28081:8081"
volumes:
- /data/alist/local/youtube:/downloads

33
下载中心/youtube/ytdl-material-docker-compose.yaml Normal file
View File

@@ -0,0 +1,33 @@
# https://github.com/Tzahi12345/YoutubeDL-Material
# https://youtubedl-material.stoplight.io/docs/youtubedl-material/
version: "2"
services:
ytdl_material:
environment:
ALLOW_CONFIG_MUTATIONS: 'true'
ytdl_mongodb_connection_string: 'mongodb://ytdl-mongo-db:27017'
ytdl_use_local_db: 'false'
write_ytdl_config: 'true'
restart: always
depends_on:
- ytdl-mongo-db
volumes:
- /data/alist/local/ytdl/appdata:/app/appdata
- /data/alist/local/ytdl/audio:/app/audio
- /data/alist/local/ytdl/video:/app/video
- /data/alist/local/ytdl/subscriptions:/app/subscriptions
- /data/alist/local/ytdl/users:/app/users
ports:
- "28998:17442"
image: tzahi12345/youtubedl-material:latest
ytdl-mongo-db:
image: mongo
# ports:
# - "27017:27017"
logging:
driver: "none"
container_name: mongo-db
restart: always
volumes:
- /data/alist/local/ytdl/db/:/data/db

69
中间件部署/MariaDB.sh Normal file
View File

@@ -0,0 +1,69 @@
#!/bin/bash
OLD_MYSQL=(mysql MySQL mariadb)
for item in ${OLD_MYSQL[@]}
do
findVar=$(rpm -qa | grep -w ${item} | awk '{print$1}')
echo $findVar
rpm -e --nodeps $findVar
done
cat >> /etc/yum.repos.d/MariaDB.repo <<EOF
# MariaDB 10.5 CentOS repository list - created 2021-01-06 06:01 UTC
# http://downloads.mariadb.org/mariadb/repositories/
# 已经替换为国内的中科大的yum源选择10.5版本
[mariadb]
name = MariaDB
baseurl = https://mirrors.ustc.edu.cn/mariadb/yum/10.5/centos7-amd64
gpgkey=https://mirrors.ustc.edu.cn/mariadb/yum/RPM-GPG-KEY-MariaDB
gpgcheck=1
EOF
MariaDBVersion=$(yum list MariaDB-server --showduplicates | grep -w MariaDB | sort -r | awk 'NR==1{print$2}' | cut -d "-" -f1)
echo "MariaDB的最新版本为$MariaDBVersion"
rpm --import https://mirrors.ustc.edu.cn/mariadb/yum/RPM-GPG-KEY-MariaDB
sudo yum install -y MariaDB-server-$MariaDBVersion MariaDB-client-$MariaDBVersion
echo "
n
y
v2ryStr@ngPa.ss
v2ryStr@ngPa.ss
y
y
" | mysql_secure_installation
# 配置MariaDB-server的相关属性
mv /etc/my.cnf.d/server.conf /etc/my.cnf.d/server.conf_back
cat >/etc/my.cnf.d/server.conf <<EOF
[mysqld]
binlog_format = row
secure_file_priv=''
log-bin=/vdb1/data/mariadb/mysql-bin
expire_logs_days=5
lower_case_table_names=1
server_id = 123
skip-character-set-client-handshake=true
character-set-client-handshake = FALSE
character_set_server=utf8mb4
collation-server=utf8mb4_unicode_ci
init_connect='SET NAMES utf8mb4'
datadir=/data/mariadb
log-error=/data/mariadb/mariadb.log
slow_query_log=on
slow_query_log_file=/data/mariadb/slow_query_log.log
long_query_time=1
EOF
systemctl restart mariadb
# mysql -u root -p
# 创建相应的用户名及密码
# create user username@localhost identified by 'password';
#授予外网登陆权限
# grant all privileges on *.* to username@'%' identified by 'password';

47
中间件部署/Nacos.sh Normal file
View File

@@ -0,0 +1,47 @@
#!/bin/bash
#wget https://uno.teracloud.jp/v2/api/share/public/116148eb18ae82c4/5ff5f6f339c4 -O jdk-8u271-linux-x64.tar.gz
#wget https://pan.107423.xyz/api/v3/file/download/j8v2CiYppkatcafb?sign=8Z_0Hq9-Fy0UxKiDkchO52YPht8l-dTfi3DTyWSluT4%3D%3A1609922899 -O jdk-8u271-linux-x64.tar.gz
wget https://objectstorage.ap-seoul-1.oraclecloud.com/n/cnk8d6fazu16/b/seoul/o/jdk-8u271-linux-x64.tar.gz
mkdir /usr/local/java/
tar -zxvf jdk-8u271-linux-x64.tar.gz -C /usr/local/java/
cat >>/etc/profile <<EOF
export JAVA_HOME=/usr/local/java/jdk1.8.0_271
export JRE_HOME=${JAVA_HOME}/jre
export CLASSPATH=${JAVA_HOME}/lib:${JRE_HOME}/lib:${CLASSPATH}
export PATH=${JAVA_HOME}/bin:${JRE_HOME}/bin:${PATH}
EOF
source /etc/profile
ln -s /usr/local/java/jdk1.8.0_271/bin/java /usr/bin/java
java -version
#wget --no-check-certificate https://github.com/alibaba/nacos/releases/download/1.4.0/nacos-server-1.4.0.tar.gz
wget https://objectstorage.ap-seoul-1.oraclecloud.com/n/cnk8d6fazu16/b/seoul/o/nacos-server-1.4.0.tar.gz
tar -zvxf nacos-server-1.4.0.tar.gz -C /usr/local
cat >>/lib/systemd/system/nacos.service<<EOF
[Unit]
Description=nacos
After=network.target
[Service]
Type=forking
ExecStart=/usr/local/nacos/bin/startup.sh -m standalone
ExecReload=/usr/local/nacos/bin/shutdown.sh
ExecStop=/usr/local/nacos/bin/shutdown.sh
PrivateTmp=true
[Install]
WantedBy=multi-user.target
EOF
systemctl daemon-reload
systemctl start nacos.service
systemctl enable nacos.service
rm -rf /usr/local/nacos
rm -rf /lib/systemd/system/nacos.service

32
中间件部署/RabbitMQ.sh Normal file
View File

@@ -0,0 +1,32 @@
#!/bin/bash
wget https://objectstorage.ap-seoul-1.oraclecloud.com/n/cnk8d6fazu16/b/seoul/o/socat-1.7.3.2-5.el7.lux.x86_64.rpm
rpm -ivh socat-1.7.3.2-5.el7.lux.x86_64.rpm
wget https://objectstorage.ap-seoul-1.oraclecloud.com/n/cnk8d6fazu16/b/seoul/o/erlang-18.3-1.el7.centos.x86_64.rpm
rpm -ivh erlang-18.3-1.el7.centos.x86_64.rpm
wget https://objectstorage.ap-seoul-1.oraclecloud.com/n/cnk8d6fazu16/b/seoul/o/rabbitmq-server-3.6.5-1.noarch.rpm
rpm -ivh rabbitmq-server-3.6.5-1.noarch.rpm
RabbitMQDataPath=/data/rabbitmq
mkdir -p ${RabbitMQDataPath} && mkdir -p ${RabbitMQDataPath}/logs
chmod -R 777 ${RabbitMQDataPath}
chown -R rabbitmq:rabbitmq ${RabbitMQDataPath} && chown -R rabbitmq:rabbitmq ${RabbitMQDataPath}/logs
cat >>/etc/rabbitmq/rabbitmq-env.conf <<EOF
RABBITMQ_MNESIA_BASE=${RabbitMQDataPath}
RABBITMQ_LOG_BASE=${RabbitMQDataPath}/logs
EOF
chmod -R 644 /etc/rabbitmq/
systemctl start rabbitmq-server
rabbitmq-plugins enable rabbitmq_management
systemctl restart rabbitmq-server
systemctl enable rabbitmq-server
rabbitmqctl add_user etour eTour@5672
rabbitmqctl set_user_tags etour administrator

22
中间件部署/Redis.sh Normal file
View File

@@ -0,0 +1,22 @@
#!/bin/bash
RedisVersion=5.0.5
wget http://download.redis.io/releases/redis-$RedisVersion.tar.gz
tar -zvxf redis-$RedisVersion.tar.gz
cd ./redis-$RedisVersion
yum install gcc -y
./configure
make
make install
mkdir -p /etc/redis/
cp ./redis.conf /etc/redis/6379.conf
cp ./utils/redis_init_script /etc/init.d/redisd
cd /etc/init.d/
chkconfig redisd on
service redisd start

11
中间件部署/backend-base-image.dockerfile Normal file
View File

@@ -0,0 +1,11 @@
FROM java:8
MAINTAINER wdd<wdd@cmii.com>
WORKDIR /ems
COPY agent /ems/agent
docker build -t aiboxhb.cdcyy.cn:8033/etour/java8-skywalking_agent:7.0 .
docker login --username=etour --password=eTour@jenkins123 http://aiboxhb.cdcyy.cn:8033
docker push aiboxhb.cdcyy.cn:8033/etour/java8-skywalking_agent:7.0

97
中间件部署/mongoDB-4.0.sh Normal file
View File

@@ -0,0 +1,97 @@
#!/bin/bash
setenforce 0
sed -i "s/SELINUX=enforcing/SELINUX=disabled/g" /etc/selinux/config
cat >>/etc/yum.repos.d/mongodb-org-4.0.repo<<EOF
[mongodb-org]
name=MongoDB Repository
baseurl=http://mirrors.aliyun.com/mongodb/yum/redhat/7Server/mongodb-org/4.0/x86_64/
gpgcheck=0
enabled=1
EOF
yum install -y mongodb-org
MongoDBDataPath=/data/mogodb-data
mkdir -p ${MongoDBDataPath} && touch ${MongoDBDataPath}/mongod.log
chown -R mongod:mongod ${MongoDBDataPath}
systemctl daemon-reload
systemctl start mongod
mv /etc/mongod.conf /etc/mongod.conf_bak
cat >>/etc/mongod.conf <<EOF
# mongod.conf
# for documentation of all options, see:
# http://docs.mongodb.org/manual/reference/configuration-options/
# where to write logging data.
systemLog:
destination: file
logAppend: true
path: /data/mogodb-data/mongod.log
# Where and how to store data.
storage:
dbPath: /data/mogodb-data
journal:
enabled: true
# engine:
# mmapv1:
wiredTiger:
engineConfig:
cacheSizeGB: 4
# how the process runs
processManagement:
fork: true # fork and run in background
pidFilePath: /var/run/mongodb/mongod.pid # location of pidfile
timeZoneInfo: /usr/share/zoneinfo
# network interfaces
net:
port: 27017
bindIp: 0.0.0.0 # Enter 0.0.0.0,:: to bind to all IPv4 and IPv6 addresses or, alternatively, use the net.bindIpAll setting.
security:
authorization: enabled
#operationProfiling:
#replication:
#sharding:
## Enterprise-Only Options
#auditLog:
#snmp:
EOF
systemctl restart mongod
echo "
use admin
db.createUser(
{
user: "etour",
pwd: "eTour@27017",
roles: [
{ role: "userAdminAnyDatabase", db: "admin" },
{ role: "userAdmin", db: "admin" },
{ role: "dbAdminAnyDatabase", db: "admin" }
]
}
)
" | mongo --port 27017
db.grantRolesToUser( "etour" , [ { role: "userAdmin", db: "admin" } ])
db.grantRolesToUser( "etour" , [ { role: "dbAdminAnyDatabase", db: "admin" } ])
db.grantRolesToUser( "etour" , [ { role: "root", db: "admin" } ])

65
中间件部署/skywalking-server-docker-compose.yaml Normal file
View File

@@ -0,0 +1,65 @@
version: '3.3'
services:
elasticsearch:
image: docker.elastic.co/elasticsearch/elasticsearch:7.5.0
container_name: elasticsearch
restart: always
ports:
- 9200:9200
environment:
- discovery.type=single-node
- bootstrap.memory_lock=true
- xpack.security.enabled=false
- "ES_JAVA_OPTS=-Xms512m -Xmx512m"
- xpack.license.self_generated.type=basic
- xpack.monitoring.collection.enabled=false
ulimits:
memlock:
soft: -1
hard: -1
volumes:
- type: bind
source: /data/elasticsearch
target: /usr/share/elasticsearch/data
read_only: false
networks:
- skywalking-server
oap:
image: apache/skywalking-oap-server:7.0.0-es7
container_name: oap
depends_on:
- elasticsearch
links:
- elasticsearch
restart: always
ports:
- 11800:11800
- 12800:12800
environment:
SW_STORAGE: elasticsearch7
SW_STORAGE_ES_CLUSTER_NODES: elasticsearch:9200
networks:
- skywalking-server
ui:
image: apache/skywalking-ui:7.0.0
container_name: ui
depends_on:
- oap
links:
- oap
restart: always
ports:
- 8666:8080
environment:
SW_OAP_ADDRESS: oap:12800
networks:
- skywalking-server
networks:
skywalking-server:
# default driver is bridge
# dirver: bridge
external: true
name: skywalking-server

BIN
中间件部署/基础服务组件-docker-compose.zip Normal file
View File

Binary file not shown.

23
中间件部署/基础服务组件-docker-compose/clean-db+logs.txt Normal file
View File

@@ -0,0 +1,23 @@
rm -r ./mariadb-10.5.5/persistant-data/*
rm -r ./mogodb-4.0/persit-data/*
rm -r ./nacos-1.4.0/logs/*
rm -r ./nacos-1.4.0/mysql-data/*
rm -r ./redis-5.0.9/persit-data/*
{
"debug": true,
"experimental": false,
"insecure-registries": [
"aiboxhb.cdcyy.cn:8033"
],
"registry-mirrors": [
"https://docker.mirrors.ustc.edu.cn",
"https://reg-mirror.qiniu.com",
"https://dockerhub.azk8s.cn",
"https://hub-mirror.c.163.com",
"https://registry.docker-cn.com"
]
}

95
中间件部署/基础服务组件-docker-compose/docker-compose.yml Normal file
View File

@@ -0,0 +1,95 @@
version: '3'
services:
mariadb:
image: "mariadb:10.5.5"
ports:
- "3306:3306"
volumes:
- "./mariadb-10.5.5/persistant-data:/var/lib/mysql"
- "./mariadb-10.5.5/initdb-sql:/docker-entrypoint-initdb.d"
environment:
MYSQL_USER: "lishi"
MYSQL_PASSWORD: "Lishi@123456"
MYSQL_ROOT_PASSWORD: "Lishi@123456"
redis:
image: redis:5.0.5
container_name: redis-6379
restart: always
ports:
- "6379:6379"
volumes:
- "./redis-5.0.9/redis-conf/redis-6379.conf:/usr/local/etc/redis/redis.conf"
- "./redis-5.0.9/persit-data:/data"
command: redis-server /usr/local/etc/redis/redis.conf
# nacos:
# hostname: nacos
# image: nacos/nacos-server:1.4.0
# container_name: nacos
# volumes:
# - "./nacos-1.4.0/logs/:/home/nacos/logs"
# - "./nacos-1.4.0/init.d/custom.properties:/home/nacos/init.d/custom.properties"
# ports:
# - "8848:8848"
# - "9555:9555"
# env_file:
# - "./nacos-1.4.0/env/nacos-hostname.env"
# restart: always
# depends_on:
# - mysql
# mysql:
# container_name: mysql
# image: nacos/nacos-mysql:5.7
# env_file:
# - "./nacos-1.4.0/env/mysql.env"
# volumes:
# - "./nacos-1.4.0/mysql-data:/var/lib/mysql"
# ports:
# - "3309:3306"
rabbitmq:
image: rabbitmq:3.6.5
container_name: rabbitmq
environment:
- RABBITMQ_DEFAULT_USER=admin
- RABBITMQ_DEFAULT_PASS=Lishi@123456
restart: always
ports:
- "15672:15672"
- "5672:5672"
logging:
driver: "json-file"
options:
max-size: "200k"
max-file: "10"
mongo:
image: mongo:4.0
container_name: mongodb
restart: always
environment:
MONGO_INITDB_ROOT_USERNAME: lishi
MONGO_INITDB_ROOT_PASSWORD: Lishi@123456
ports:
- "27017:27017"
volumes:
- "./mogodb-4.0/persit-data:/data/db"
- "./mogodb-4.0/mongo-entrypoint/:/docker-entrypoint-initdb.d/" #目录下创建docker-entrypoint-initdb.sh初始化数据库脚本
command: mongod
mongo-express:
image: mongo-express
container_name: mongo-express
restart: always
ports:
- 8081:8081
chengdu_emergency:
image: aiboxhb.cdcyy.cn:8033/etour/chengdu-emergency@sha256:af2ec062507bbaaf235a2710a27bdd8fd9189f55e64031d084e98a3aedc08dc0
container_name: chengdu_emergency
restart: always
ports:
- 18888:18888

14
中间件部署/基础服务组件-docker-compose/mariadb-10.5.5/initdb-sql/for-test.sql Normal file
View File

@@ -0,0 +1,14 @@
CREATE DATABASE IF NOT EXISTS testdb;
use testdb;
CREATE TABLE IF NOT EXISTS tasks (
task_id INT AUTO_INCREMENT PRIMARY KEY,
title VARCHAR(255) NOT NULL,
start_date DATE,
due_date DATE,
status TINYINT NOT NULL,
priority TINYINT NOT NULL,
description TEXT,
created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP
) ENGINE=INNODB;

4
中间件部署/基础服务组件-docker-compose/nacos-1.4.0/env/mysql.env vendored Normal file
View File

@@ -0,0 +1,4 @@
MYSQL_ROOT_PASSWORD=Lishi123456
MYSQL_DATABASE=nacos_devtest
MYSQL_USER=nacos
MYSQL_PASSWORD=Lishi123456

12
中间件部署/基础服务组件-docker-compose/nacos-1.4.0/env/nacos-hostname.env vendored Normal file
View File

@@ -0,0 +1,12 @@
PREFER_HOST_MODE=hostname
MODE=standalone
SPRING_DATASOURCE_PLATFORM=mysql
MYSQL_SERVICE_HOST=mysql
MYSQL_SERVICE_DB_NAME=nacos_devtest
MYSQL_SERVICE_PORT=3309
MYSQL_SERVICE_USER=nacos
MYSQL_SERVICE_PASSWORD=Lishi123456
# 上面的密码到底是什么
# 添加如下内容
JVM_XMS=1024m

19
中间件部署/基础服务组件-docker-compose/nacos-1.4.0/init.d/custom.properties Normal file
View File

@@ -0,0 +1,19 @@
#spring.security.enabled=false
#management.security=false
#security.basic.enabled=false
#nacos.security.ignore.urls=/**
#management.metrics.export.elastic.host=http://localhost:9200
# metrics for prometheus
management.endpoints.web.exposure.include=*
# metrics for elastic search
#management.metrics.export.elastic.enabled=false
#management.metrics.export.elastic.host=http://localhost:9200
# metrics for influx
#management.metrics.export.influx.enabled=false
#management.metrics.export.influx.db=springboot
#management.metrics.export.influx.uri=http://localhost:8086
#management.metrics.export.influx.auto-create-db=true
#management.metrics.export.influx.consistency=one
#management.metrics.export.influx.compressed=true

9
中间件部署/基础服务组件-docker-compose/redis-5.0.9/redis-conf/redis-6379.conf Normal file
View File

@@ -0,0 +1,9 @@
port 6379
protected-mode no
requirepass Lishi@123456
daemonize no
appendonly yes
cluster-enabled no
databases 1
## 待修复

325
功能脚本/cloudreve_install.sh Normal file
View File

@@ -0,0 +1,325 @@
#!/bin/bash
NewVerion=""
CMD_INSTALL=""
CMD_UPDATE=""
CMD_REMOVE=""
SOFTWARE_UPDATED=0
LinuxReleaseVersion=""
release=""
RED="31m" ## 姨妈红
GREEN="32m" ## 水鸭青
YELLOW="33m" ## 鸭屎黄
PURPLE="35m" ## 基佬紫
BLUE="36m" ## 天依蓝
BlinkRed="31;5m" ##闪烁的红色
BackRed="41m" ## 背景红色
######## 颜色函数方法很精妙 ############
colorEcho() {
echo -e "\033[${1}${@:2}\033[0m" 1>&2
}
check_root() {
if [[ $EUID != 0 ]]; then
colorEcho ${RED} "当前非root账号(或没有root权限)无法继续操作请更换root账号!"
colorEcho ${YELLOW} "使用sudo -命令获取临时root权限执行后可能会提示输入root密码"
exit 1
fi
}
# 判断命令是否存在
command_exists() {
command -v "$@" >/dev/null 2>&1
}
####### 获取系统版本及64位或32位信息
check_sys() {
sys_bit=$(uname -m)
case $sys_bit in
i[36]86)
os_bit="32"
release="386"
;;
x86_64)
os_bit="64"
release="amd64"
;;
*armv6*)
os_bit="arm"
release="arm6"
;;
*armv7*)
os_bit="arm"
release="arm7"
;;
*aarch64* | *armv8*)
os_bit="arm64"
release="arm64"
;;
*)
colorEcho ${RED} "
哈哈……这个 辣鸡脚本 不支持你的系统。 (-_-) \n
备注: 仅支持 Ubuntu 16+ / Debian 8+ / CentOS 7+ 系统
" && exit 1
;;
esac
## 判定Linux的发行版本
if [ -f /etc/redhat-release ]; then
LinuxReleaseVersion="centos"
elif cat /etc/issue | grep -Eqi "debian"; then
LinuxReleaseVersion="debian"
elif cat /etc/issue | grep -Eqi "ubuntu"; then
LinuxReleaseVersion="ubuntu"
elif cat /etc/issue | grep -Eqi "centos|red hat|redhat"; then
LinuxReleaseVersion="centos"
elif cat /proc/version | grep -Eqi "debian"; then
LinuxReleaseVersion="debian"
elif cat /proc/version | grep -Eqi "ubuntu"; then
LinuxReleaseVersion="ubuntu"
elif cat /proc/version | grep -Eqi "centos|red hat|redhat"; then
LinuxReleaseVersion="centos"
else
LinuxReleaseVersion=""
fi
# 判断系统的包管理工具 apt, yum, or zypper
getPackageManageTool() {
if [[ -n $(command -v apt-get) ]]; then
CMD_INSTALL="apt-get -y -qq install"
CMD_UPDATE="apt-get -qq update"
CMD_REMOVE="apt-get -y remove"
elif [[ -n $(command -v yum) ]]; then
CMD_INSTALL="yum -y -q install"
CMD_UPDATE="yum -q makecache"
CMD_REMOVE="yum -y remove"
elif [[ -n $(command -v zypper) ]]; then
CMD_INSTALL="zypper -y install"
CMD_UPDATE="zypper ref"
CMD_REMOVE="zypper -y remove"
else
return 1
fi
return 0
}
# 检查系统包管理方式,更新包
getPackageManageTool
if [ $? -eq 1 ]; then
colorEcho ${RED} "系统的包管理不是 APT or YUM, 请手动安装所需要的软件."
return 1
fi
### 更新程序引索
if [ $SOFTWARE_UPDATED -eq 0 ]; then
colorEcho ${BLUE} "正在更新软件包管理...可能花费较长时间…………"
$CMD_UPDATE
SOFTWARE_UPDATED=1
fi
return 0
}
## 安装所需要的程序,及依赖程序
installDemandSoftwares() {
for software in $@; do
## 安装该软件
if [[ -n $(command -v ${software}) ]]; then
colorEcho ${GREEN} "${software}已经安装了...跳过..."
echo ""
else
colorEcho ${BLUE} "正在安装 ${software}..."
$CMD_INSTALL ${software}
## 判断该软件是否安装成功
if [ $? -ne 0 ]; then
colorEcho ${RED} "安装 ${software} 失败。"
colorEcho ${RED} "如果是重要软件,本脚本会自动终止!!"
colorEcho ${PURPLE} "一般软件,本脚本会忽略错误并继续运行,请之后手动安装该程序。"
return 1
else
colorEcho ${GREEN} "已经成功安装 ${software}"
colorEcho ${GREEN} "-----------------------------------------------------------"
echo ""
fi
fi
done
return 0
}
getNewVersion(){
VersionURL="https://api.github.com/repos/cloudreve/Cloudreve/releases/latest"
NewVerion=$(curl -s "${VersionURL}" --connect-timeout 60 | grep -w 'tag_name' | cut -d '"' -f4)
if [ $? -ne 0 ] || [ ${NewVerion} == "" ]
then
colorEcho ${RED} "从GitHub获取 Cloudreve 的最新版本失败!! "
colorEcho ${RED} "大概率是由于无法访问github.com, 请检查网络!!"
return 3
fi
}
installCloudreve(){
CloudreveFileName="cloudreve_${NewVerion}_linux_${release}.tar.gz"
wget --no-check-certificate -v -N -T 10 https://github.com/cloudreve/Cloudreve/releases/download/${NewVerion}/${CloudreveFileName}
if [ -s ${CloudreveFileName} ] || [ "$?" -eq "0" ]
then
tar -zxvf ${CloudreveFileName}
chmod +x ./cloudreve
if [ -d /home/cloudreve ]
then
mv ./cloudreve /home/cloudreve/
else
mkdir -p /home/cloudreve
mv ./cloudreve /home/cloudreve/
fi
if [ -s /home/cloudreve/cloudreve ]; then
colorEcho ${GREEN} "cloudreve-${NewVerion} 已经安装完成!!!"
colorEcho ${GREEN} "安装的目录为 /home/cloudreve/"
echo ""
fi
else
echo ""
colorEcho ${BlinkRed} "cloudreve安装包下载失败!"
colorEcho ${BlinkRed} "cloudreve安装包下载失败!"
echo ""
colorEcho ${RED} "请检查网络,并重新运行此脚本!!"
return 3
fi
}
installNginx(){
colorEcho ${BLUE} "开始通过 apt 或者 yum 的方式安装 nginx "
installDemandSoftwares nginx
systemctl enable nginx
systemctl start nginx
systemctl status nginx | grep -q "Active: active (running)"
if [ "$?" -eq "0" ]; then
colorEcho ${GREEN} "nginx 安装完成,并成功运行!!"
else
colorEcho ${BlinkRed} "Nginx 安装失败!!!"
colorEcho ${Red} "请查看nginx安装失败的原因"
systemctl status nginx
fi
}
configNginx(){
nginx_pre_fix="/etc/nginx/conf.d"
ServerName=$1
if [ ${ServerName} = "" ];then
colorEcho ${BLUE} "您没有传递域名参数!! Cloudreve将使用ip+port的形式向外暴露"
else
colorEcho ${BLUE} "开始配置Nginx反向代理的相关参数"
cat >>${nginx_pre_fix}/{ServerName} <<EOF
server {
listen 443 ssl;
ssl_certificate /etc/ssl/cloudreve.example.com.crt;
ssl_certificate_key /etc/ssl/cloudreve.example.com.key;
ssl_session_timeout 1d;
ssl_session_cache shared:MozSSL:10m;
ssl_session_tickets off;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
ssl_prefer_server_ciphers off;
server_name cloudreve.example.com;
location / {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_pass http://127.0.0.1:5212;
# 如果您要使用本地存储策略,请将下一行注释符删除,并更改大小为理论最大文件尺寸
client_max_body_size 20000m;
}
}
EOF
sed -i "s/cloudreve.example.com/${ServerName}/g" ${nginx_pre_fix}/{ServerName}
fi
colorEcho ${BLUE} "开始重启Nginx"
nginx -t && nginx -s reload
if [ "$?" -eq "0" ]; then
echo ""
colorEcho ${GREEN} "Nginx 重启完成!!"
fi
}
cloudreveSystemD(){
echo ""
colorEcho ${BLUE} "开始配置cloudreve的守护进程服务"
if [ -d /usr/lib/systemd/system/ ]
then
systemDPath="/usr/lib/systemd/system"
else
systemDPath="/lib/systemd/system"
fi
cat >>${systemDPath}/cloudreve.service <<EOF
[Unit]
Description=Cloudreve
Documentation=https://docs.cloudreve.org
After=network.target
Wants=network.target
[Service]
WorkingDirectory=/home/cloudreve
ExecStart=/home/cloudreve/cloudreve
Restart=on-abnormal
RestartSec=5s
KillMode=mixed
StandardOutput=null
StandardError=syslog
[Install]
WantedBy=multi-user.target
EOF
systemctl start cloudreve.service
systemctl status cloudreve.service | grep -q "Active: active (running)"
if [ "$?" -eq "0" ]; then
echo ""
colorEcho ${GREEN} "cloudreve已经成功运行"
colorEcho ${GREEN} "请访问 curl localhost:5212 查看!!!"
systemctl enable cloudreve.service
else
colorEcho ${BlinkRed} "cloudreve守护进程配置失败请查看原因"
systemctl status cloudreve.servic -l
fi
}
main(){
check_sys
check_root
getNewVersion || return $?
installCloudreve || return $?
installNginx
configNginx "pan.s1.107421.xyz"
cloudreveSystemD
}
main

171
功能脚本/v2ray_4.32.1_install.sh Normal file
View File

@@ -0,0 +1,171 @@
#!/bin/bash
v2ray_config_file="/usr/local/etc/v2ray/config.json"
v2ray_tls_file="/usr/local/etc/v2ray/cert"
# 默认的uuid
V2rayUUID=""
DomainName=""
RED="31m" ## 姨妈红
GREEN="32m" ## 水鸭青
YELLOW="33m" ## 鸭屎黄
PURPLE="35m" ## 基佬紫
BLUE="36m" ## 天依蓝
######## 颜色函数方法很精妙 ############
colorEcho() {
echo -e "\033[${1}${@:2}\033[0m" 1>&2
}
check_root() {
if [[ $EUID != 0 ]]; then
colorEcho ${RED} "当前非root账号(或没有root权限)无法继续操作请更换root账号!"
colorEcho ${YELLOW} "使用sudo -命令获取临时root权限执行后可能会提示输入root密码"
exit 1
fi
}
# 判断命令是否存在
command_exists() {
command -v "$@" >/dev/null 2>&1
}
downloadSoftwares(){
colorEcho ${PURPLE} "---------------------------------------------------------------------------------"
colorEcho ${BLUE} "开始下载安装V2ray所需要的所有软件…………"
command_exists curl wget
if [[ $? -nq 0]]
then
colorEcho ${RED} "未检测到强依赖----------------------------------------------"
colorEcho ${RED} "请确保您已经安装wget,curl, unzip等工具"
fi
echo ""
colorEcho ${BLUE} "创建v2ray的安装目录 ./v2ray_install"
pwd
mkdir v2ray_install
cd ./v2ray_install
pwd
echo ""
colorEcho ${BLUE} "正在下载v2ray的安装脚本…………"
wget https://objectstorage.ap-seoul-1.oraclecloud.com/n/cnk8d6fazu16/b/seoul/o/v2ray-install.sh
chmod +x v2ray-install.sh
colorEcho ${GREEN} " 下载完成 "
echo ""
colorEcho ${BLUE} "正在下载v2ray-linux-adm64-v4.32.1的安装包文件…………"
wget https://objectstorage.ap-seoul-1.oraclecloud.com/n/cnk8d6fazu16/b/seoul/o/v2ray-linux-64_v4.32.1.zip
colorEcho ${GREEN} " 下载完成 "
echo ""
colorEcho ${BLUE} "正在下载envsubst-Linux-x86_64文件…………"
wget https://objectstorage.ap-seoul-1.oraclecloud.com/n/cnk8d6fazu16/b/seoul/o/envsubst-Linux-x86_64 -O -o envsubst
chmod + envsubst
mv envsubst /usr/local/bin
colorEcho ${GREEN} " 下载完成 "
echo ""
}
installV2ray(){
colorEcho ${PURPLE} "---------------------------------------------------------------------------------"
colorEcho ${BLUE} "开始下载安装V2ray所需要的所有软件…………"
echo ""
colorEcho ${BLUE}"开始离线安装v2ray……"
echo "
" | ./v2ray-install.sh --local v2ray-linux-64_v4.32.1.zip
echo ""
cd ..
colorEcho ${GREEN} "v2ray v4.32.1已经安装成功!"
echo ""
colorEcho ${BLUE} "正在开启v2ray的服务程序……"
systemctl start v2ray
colorEcho ${GREEN} " 启动完成 "
echo ""
colorEcho ${BLUE} "正在设置v2ray的开机自启动……"
systemctl enable v2ray
colorEcho ${GREEN} " 设置开启自启动完成 "
echo ""
}
modifyV2rayConfig(){
colorEcho ${PURPLE} "---------------------------------------------------------------------------------"
colorEcho ${BLUE} "开始配置V2ray默认采用Vless_Over_TCP+XTLS…………"
colorEcho ${BLUE} "本脚本暂不负责证书生成,请手动将域名的证书文件上传至 /usr/local/etc/v2ray/cert目录下"
colorEcho ${PURPLE} "---------------------------------------------------------------------------------"
colorEcho ${BLUE} "证书文件命名规则: <DomainName>.pem <DomainName>.key"
echo ""
echo ""
mkdir -p ${v2ray_tls_file}
colorEcho ${RED} "-------请输入解析到此服务器的域名(前面不带"http://"或"https://")-------"
colorEcho ${RED} "----------------------------------------------------------"
read -r -p "输入域名地址:" DomainName
echo ""
colorEcho ${BLUE} "----------------------------------------------------------"
colorEcho ${GREEN} "您输入的域名为:${DomainName}"
colorEcho ${GREEN} "----------------------------------------------------------"
echo ""
while true
do
colorEcho ${RED} "请确保您已经将证书文件上传至 ${v2ray_tls_file} 目录下!!"
read -r -p "请输入yes进行确认脚本才可继续运行" input
case $input in
yes)
colorEcho ${GREEN} "您已确认上传了证书文件! 开始检测……"
echo ""
if [[ -f ${v2ray_tls_file}/${DomainName}.pem && -f ${v2ray_tls_file}/${DomainName}.key]]
then
colorEcho ${GREEN} "检测到TLS域名的证书文件"
colorEcho ${GREEN} "----------------------------------------------------------"
echo ""
break
else
colorEcho ${RED} "你欺骗了善良的自己!! 没有检测到TLS域名的证书文件"
colorEcho ${RED} "请手动将域名的证书文件上传至 ${v2ray_tls_file} 目录下"
colorEcho ${BLUE} "证书文件命名规则:${DomainName}.pem ${DomainName}.key"
continue
;;
*)
echo ""
colorEcho ${RED} "输入有误!!! 请输入 >> yes << 进行确认"
colorEcho ${RED} "-----------------------------------------------------"
echo ""
;;
esac
done
colorEcho ${BLUE} "开始配置v2ray的config文件…………"
V2rayUUID=$(cat /proc/sys/kernel/random/uuid)
echo ""
colorEcho ${BLUE} "生成的UUID为 ${V2rayUUID}"
colorEcho ${GREEN} "-----------------------------------------------------"
colorEcho ${BLUE} "正在下载v2ray的config文件…………"
wget https://objectstorage.ap-seoul-1.oraclecloud.com/n/cnk8d6fazu16/b/seoul/o/v2ray_vless-xtls-tcp.json
colorEcho ${GREEN} " 下载完成 "
echo ""
colorEcho ${BLUE} "正在生成v2ray的config文件…………"
envsubst < v2ray_vless-xtls-tcp.json > ${v2ray_config_file}
colorEcho ${GREEN} " 生成完成 "
echo ""
}
printV2rayInfo(){
}
main(){
check_root
downloadSoftwares
installV2ray
modifyV2rayConfig
printV2rayInfo
}

49
功能脚本/v2ray_vless-xtls-tcp.json Normal file
View File

@@ -0,0 +1,49 @@
{
"log":{
"access": "/var/log/v2ray/access.log",
"error": "/var/log/v2ray/error.log",
"loglevel": "warning"
},
"inbounds": [
{
"port": 443,
"protocol": "vless",
"settings": {
"clients": [
{
"id": "$V2rayUUID",
"flow": "xtls-rprx-direct",
"level": 0,
"email": "woshinibaba@cc.cc"
}
],
"decryption": "none",
"fallbacks": [
{
"dest": "www.baidu.com:443"
}
]
},
"streamSettings": {
"network": "tcp",
"security": "xtls",
"xtlsSettings": {
"alpn": [
"http/1.1"
],
"certificates": [
{
"certificateFile": "/usr/local/etc/v2ray/cert/$DomainName.pem",
"keyFile": "/usr/local/etc/v2ray/cert/$DomainName.key"
}
]
}
}
}
],
"outbounds": [
{
"protocol": "freedom"
}
]
}

40
功能脚本/基础脚本/fontColor.sh Normal file
View File

@@ -0,0 +1,40 @@
#!/bin/bash
#######第一种方法(推荐使用 颜色函数)########
#########color code#############
RED="31m" ## 姨妈红
GREEN="32m" ## 水鸭青
YELLOW="33m" ## 鸭屎黄
BLUE="35m" ## 基佬紫
BLUE="36m" ## 天依蓝
###############color echo func#################
colorEcho(){
echo -e "\033[${1}${@:2}\033[0m" 1>& 2
}
###########第二种方法###############
Red_font_prefix="\033[31m"
Green_font_prefix="\033[32m"
Yellow_font_prefix="\033[33m"
Blue_font_prefix="\033[34m"
Green_background_prefix="\033[42;37m"
Red_background_prefix="\033[41;37m"
Font_color_suffix="\033[0m"
main(){
colorEcho ${RED} "这是红色的字体!"
colorEcho ${GREEN} "这是绿色的字体!"
colorEcho ${YELLOW} "这是黄色的字体!"
colorEcho ${BLUE} "这是蓝色的字体!"
echo "#######################下面是第二种方法!###############################"
echo
echo -e "${Red_font_prefix}这是红色的字体!${Font_color_suffix}"
echo -e "${Green_font_prefix}这是绿色的字体!${Font_color_suffix}"
echo -e "${Yellow_font_prefix}这是黄色的字体!${Font_color_suffix}"
echo -e "${Blue_font_prefix}这是蓝色的字体!${Font_color_suffix}"
}
main

494
功能脚本/基础脚本/go.sh Normal file
View File

@@ -0,0 +1,494 @@
#!/bin/bash
# This file is accessible as https://install.direct/go.sh
# Original source is located at github.com/v2ray/v2ray-core/release/install-release.sh
# If not specify, default meaning of return value:
# 0: Success
# 1: System error
# 2: Application error
# 3: Network error
# CLI arguments
PROXY=''
HELP=''
FORCE=''
CHECK=''
REMOVE=''
VERSION=''
VSRC_ROOT='/tmp/v2ray'
EXTRACT_ONLY=''
LOCAL=''
LOCAL_INSTALL=''
DIST_SRC='jsdelivr'
ERROR_IF_UPTODATE=''
CUR_VER=""
NEW_VER=""
VDIS=''
ZIPFILE="/tmp/v2ray/v2ray.zip"
V2RAY_RUNNING=0
CMD_INSTALL=""
CMD_UPDATE=""
SOFTWARE_UPDATED=0
SYSTEMCTL_CMD=$(command -v systemctl 2>/dev/null)
SERVICE_CMD=$(command -v service 2>/dev/null)
#######color code########
RED="31m" # Error message
GREEN="32m" # Success message
YELLOW="33m" # Warning message
BLUE="36m" # Info message
#########################
while [[ $# > 0 ]]; do
case "$1" in
-p|--proxy)
PROXY="-x ${2}"
shift # past argument
;;
-h|--help)
HELP="1"
;;
-f|--force)
FORCE="1"
;;
-c|--check)
CHECK="1"
;;
--remove)
REMOVE="1"
;;
--version)
VERSION="$2"
shift
;;
--extract)
VSRC_ROOT="$2"
shift
;;
--extractonly)
EXTRACT_ONLY="1"
;;
-l|--local)
LOCAL="$2"
LOCAL_INSTALL="1"
shift
;;
--source)
DIST_SRC="$2"
shift
;;
--errifuptodate)
ERROR_IF_UPTODATE="1"
;;
*)
# unknown option
;;
esac
shift # past argument or value
done
######## 颜色函数方法 #########
colorEcho(){
echo -e "\033[${1}${@:2}\033[0m" 1>& 2
}
archAffix(){
case "${1:-"$(uname -m)"}" in
i686|i386)
echo '32'
;;
x86_64|amd64)
echo '64'
;;
*armv7*|armv6l)
echo 'arm'
;;
*armv8*|aarch64)
echo 'arm64'
;;
*mips64le*)
echo 'mips64le'
;;
*mips64*)
echo 'mips64'
;;
*mipsle*)
echo 'mipsle'
;;
*mips*)
echo 'mips'
;;
*s390x*)
echo 's390x'
;;
ppc64le)
echo 'ppc64le'
;;
ppc64)
echo 'ppc64'
;;
*)
return 1
;;
esac
return 0
}
downloadV2Ray(){
rm -rf /tmp/v2ray
mkdir -p /tmp/v2ray
if [[ "${DIST_SRC}" == "jsdelivr" ]]; then
DOWNLOAD_LINK="https://cdn.jsdelivr.net/gh/v2ray/dist/v2ray-linux-${VDIS}.zip"
else
DOWNLOAD_LINK="https://github.com/v2ray/v2ray-core/releases/download/${NEW_VER}/v2ray-linux-${VDIS}.zip"
fi
colorEcho ${BLUE} "Downloading V2Ray: ${DOWNLOAD_LINK}"
curl ${PROXY} -L -H "Cache-Control: no-cache" -o ${ZIPFILE} ${DOWNLOAD_LINK}
if [ $? != 0 ];then
colorEcho ${RED} "Failed to download! Please check your network or try again."
return 3
fi
return 0
}
installSoftware(){
for software in $@
do
COMPONENT=$1
if [[ -n `command -v $COMPONENT` ]]; then
return 0
fi
getPMT
if [[ $? -eq 1 ]]; then
colorEcho ${RED} "The system package manager tool isn't APT or YUM, please install ${COMPONENT} manually."
return 1
fi
if [[ $SOFTWARE_UPDATED -eq 0 ]]; then
colorEcho ${BLUE} "Updating software repo"
$CMD_UPDATE
SOFTWARE_UPDATED=1
fi
colorEcho ${BLUE} "Installing ${COMPONENT}"
$CMD_INSTALL $COMPONENT
if [[ $? -ne 0 ]]; then
colorEcho ${RED} "Failed to install ${COMPONENT}. Please install it manually."
return 1
fi
return 0
done
}
# return 1: not apt, yum, or zypper
getPMT(){
if [[ -n `command -v apt-get` ]];then
CMD_INSTALL="apt-get -y -qq install"
CMD_UPDATE="apt-get -qq update"
elif [[ -n `command -v yum` ]]; then
CMD_INSTALL="yum -y -q install"
CMD_UPDATE="yum -q makecache"
elif [[ -n `command -v zypper` ]]; then
CMD_INSTALL="zypper -y install"
CMD_UPDATE="zypper ref"
else
return 1
fi
return 0
}
extract(){
colorEcho ${BLUE}"Extracting V2Ray package to /tmp/v2ray."
mkdir -p /tmp/v2ray
unzip $1 -d ${VSRC_ROOT}
if [[ $? -ne 0 ]]; then
colorEcho ${RED} "Failed to extract V2Ray."
return 2
fi
if [[ -d "/tmp/v2ray/v2ray-${NEW_VER}-linux-${VDIS}" ]]; then
VSRC_ROOT="/tmp/v2ray/v2ray-${NEW_VER}-linux-${VDIS}"
fi
return 0
}
normalizeVersion() {
if [ -n "$1" ]; then
case "$1" in
v*)
echo "$1"
;;
*)
echo "v$1"
;;
esac
else
echo ""
fi
}
# 1: new V2Ray. 0: no. 2: not installed. 3: check failed. 4: don't check.
getVersion(){
if [[ -n "$VERSION" ]]; then
NEW_VER="$(normalizeVersion "$VERSION")"
return 4
else
VER="$(/usr/bin/v2ray/v2ray -version 2>/dev/null)"
RETVAL=$?
CUR_VER="$(normalizeVersion "$(echo "$VER" | head -n 1 | cut -d " " -f2)")"
TAG_URL="https://api.github.com/repos/v2ray/v2ray-core/releases/latest"
NEW_VER="$(normalizeVersion "$(curl ${PROXY} -s "${TAG_URL}" --connect-timeout 10 | grep 'tag_name' | cut -d\" -f26)")"
if [[ $? -ne 0 ]] || [[ $NEW_VER == "" ]]; then
colorEcho ${RED} "Failed to fetch release information. Please check your network or try again."
return 3
elif [[ $RETVAL -ne 0 ]];then
return 2
elif [[ $NEW_VER != $CUR_VER ]];then
return 1
fi
return 0
fi
}
stopV2ray(){
colorEcho ${BLUE} "Shutting down V2Ray service."
if [[ -n "${SYSTEMCTL_CMD}" ]] || [[ -f "/lib/systemd/system/v2ray.service" ]] || [[ -f "/etc/systemd/system/v2ray.service" ]]; then
${SYSTEMCTL_CMD} stop v2ray
elif [[ -n "${SERVICE_CMD}" ]] || [[ -f "/etc/init.d/v2ray" ]]; then
${SERVICE_CMD} v2ray stop
fi
if [[ $? -ne 0 ]]; then
colorEcho ${YELLOW} "Failed to shutdown V2Ray service."
return 2
fi
return 0
}
startV2ray(){
if [ -n "${SYSTEMCTL_CMD}" ] && [[ -f "/lib/systemd/system/v2ray.service" || -f "/etc/systemd/system/v2ray.service" ]]; then
${SYSTEMCTL_CMD} start v2ray
elif [ -n "${SERVICE_CMD}" ] && [ -f "/etc/init.d/v2ray" ]; then
${SERVICE_CMD} v2ray start
fi
if [[ $? -ne 0 ]]; then
colorEcho ${YELLOW} "Failed to start V2Ray service."
return 2
fi
return 0
}
copyFile() {
NAME=$1
ERROR=`cp "${VSRC_ROOT}/${NAME}" "/usr/bin/v2ray/${NAME}" 2>&1`
if [[ $? -ne 0 ]]; then
colorEcho ${YELLOW} "${ERROR}"
return 1
fi
return 0
}
makeExecutable() {
chmod +x "/usr/bin/v2ray/$1"
}
installV2Ray(){
# Install V2Ray binary to /usr/bin/v2ray
mkdir -p /usr/bin/v2ray
copyFile v2ray
if [[ $? -ne 0 ]]; then
colorEcho ${RED} "Failed to copy V2Ray binary and resources."
return 1
fi
makeExecutable v2ray
copyFile v2ctl && makeExecutable v2ctl
copyFile geoip.dat
copyFile geosite.dat
# Install V2Ray server config to /etc/v2ray
if [[ ! -f "/etc/v2ray/config.json" ]]; then
mkdir -p /etc/v2ray
mkdir -p /var/log/v2ray
cp "${VSRC_ROOT}/vpoint_vmess_freedom.json" "/etc/v2ray/config.json"
if [[ $? -ne 0 ]]; then
colorEcho ${YELLOW} "Failed to create V2Ray configuration file. Please create it manually."
return 1
fi
let PORT=$RANDOM+10000
UUID=$(cat /proc/sys/kernel/random/uuid)
sed -i "s/10086/${PORT}/g" "/etc/v2ray/config.json"
sed -i "s/23ad6b10-8d1a-40f7-8ad0-e3e35cd38297/${UUID}/g" "/etc/v2ray/config.json"
colorEcho ${BLUE} "PORT:${PORT}"
colorEcho ${BLUE} "UUID:${UUID}"
fi
return 0
}
installInitScript(){
if [[ -n "${SYSTEMCTL_CMD}" ]] && [[ ! -f "/etc/systemd/system/v2ray.service" && ! -f "/lib/systemd/system/v2ray.service" ]]; then
cp "${VSRC_ROOT}/systemd/v2ray.service" "/etc/systemd/system/"
systemctl daemon-reload
systemctl enable v2ray.service
elif [[ -n "${SERVICE_CMD}" ]] && [[ ! -f "/etc/init.d/v2ray" ]]; then
installSoftware "daemon" || return $?
cp "${VSRC_ROOT}/systemv/v2ray" "/etc/init.d/v2ray"
chmod +x "/etc/init.d/v2ray"
update-rc.d v2ray defaults
fi
}
Help(){
cat - 1>& 2 << EOF
./install-release.sh [-h] [-c] [--remove] [-p proxy] [-f] [--version vx.y.z] [-l file]
-h, --help Show help
-p, --proxy To download through a proxy server, use -p socks5://127.0.0.1:1080 or -p http://127.0.0.1:3128 etc
-f, --force Force install
--version Install a particular version, use --version v3.15
-l, --local Install from a local file
--remove Remove installed V2Ray
-c, --check Check for update
EOF
}
remove(){
if [[ -n "${SYSTEMCTL_CMD}" ]] && [[ -f "/etc/systemd/system/v2ray.service" ]];then
if pgrep "v2ray" > /dev/null ; then
stopV2ray
fi
systemctl disable v2ray.service
rm -rf "/usr/bin/v2ray" "/etc/systemd/system/v2ray.service"
if [[ $? -ne 0 ]]; then
colorEcho ${RED} "Failed to remove V2Ray."
return 0
else
colorEcho ${GREEN} "Removed V2Ray successfully."
colorEcho ${BLUE} "If necessary, please remove configuration file and log file manually."
return 0
fi
elif [[ -n "${SYSTEMCTL_CMD}" ]] && [[ -f "/lib/systemd/system/v2ray.service" ]];then
if pgrep "v2ray" > /dev/null ; then
stopV2ray
fi
systemctl disable v2ray.service
rm -rf "/usr/bin/v2ray" "/lib/systemd/system/v2ray.service"
if [[ $? -ne 0 ]]; then
colorEcho ${RED} "Failed to remove V2Ray."
return 0
else
colorEcho ${GREEN} "Removed V2Ray successfully."
colorEcho ${BLUE} "If necessary, please remove configuration file and log file manually."
return 0
fi
elif [[ -n "${SERVICE_CMD}" ]] && [[ -f "/etc/init.d/v2ray" ]]; then
if pgrep "v2ray" > /dev/null ; then
stopV2ray
fi
rm -rf "/usr/bin/v2ray" "/etc/init.d/v2ray"
if [[ $? -ne 0 ]]; then
colorEcho ${RED} "Failed to remove V2Ray."
return 0
else
colorEcho ${GREEN} "Removed V2Ray successfully."
colorEcho ${BLUE} "If necessary, please remove configuration file and log file manually."
return 0
fi
else
colorEcho ${YELLOW} "V2Ray not found."
return 0
fi
}
checkUpdate(){
echo "Checking for update."
VERSION=""
getVersion
RETVAL="$?"
if [[ $RETVAL -eq 1 ]]; then
colorEcho ${BLUE} "Found new version ${NEW_VER} for V2Ray.(Current version:$CUR_VER)"
elif [[ $RETVAL -eq 0 ]]; then
colorEcho ${BLUE} "No new version. Current version is ${NEW_VER}."
elif [[ $RETVAL -eq 2 ]]; then
colorEcho ${YELLOW} "No V2Ray installed."
colorEcho ${BLUE} "The newest version for V2Ray is ${NEW_VER}."
fi
return 0
}
main(){
#helping information
[[ "$HELP" == "1" ]] && Help && return
[[ "$CHECK" == "1" ]] && checkUpdate && return
[[ "$REMOVE" == "1" ]] && remove && return
local ARCH=$(uname -m)
VDIS="$(archAffix)"
# extract local file
if [[ $LOCAL_INSTALL -eq 1 ]]; then
colorEcho ${YELLOW} "Installing V2Ray via local file. Please make sure the file is a valid V2Ray package, as we are not able to determine that."
NEW_VER=local
installSoftware unzip || return $?
rm -rf /tmp/v2ray
extract $LOCAL || return $?
#FILEVDIS=`ls /tmp/v2ray |grep v2ray-v |cut -d "-" -f4`
#SYSTEM=`ls /tmp/v2ray |grep v2ray-v |cut -d "-" -f3`
#if [[ ${SYSTEM} != "linux" ]]; then
# colorEcho ${RED} "The local V2Ray can not be installed in linux."
# return 1
#elif [[ ${FILEVDIS} != ${VDIS} ]]; then
# colorEcho ${RED} "The local V2Ray can not be installed in ${ARCH} system."
# return 1
#else
# NEW_VER=`ls /tmp/v2ray |grep v2ray-v |cut -d "-" -f2`
#fi
else
# download via network and extract
installSoftware "curl" || return $?
getVersion
RETVAL="$?"
if [[ $RETVAL == 0 ]] && [[ "$FORCE" != "1" ]]; then
colorEcho ${BLUE} "Latest version ${CUR_VER} is already installed."
if [ -n "${ERROR_IF_UPTODATE}" ]; then
return 10
fi
return
elif [[ $RETVAL == 3 ]]; then
return 3
else
colorEcho ${BLUE} "Installing V2Ray ${NEW_VER} on ${ARCH}"
downloadV2Ray || return $?
installSoftware unzip || return $?
extract ${ZIPFILE} || return $?
fi
fi
if [ -n "${EXTRACT_ONLY}" ]; then
colorEcho ${GREEN} "V2Ray extracted to ${VSRC_ROOT}, and exiting..."
return 0
fi
if pgrep "v2ray" > /dev/null ; then
V2RAY_RUNNING=1
stopV2ray
fi
installV2Ray || return $?
installInitScript || return $?
if [[ ${V2RAY_RUNNING} -eq 1 ]];then
colorEcho ${BLUE} "Restarting V2Ray service."
startV2ray
fi
colorEcho ${GREEN} "V2Ray ${NEW_VER} is installed."
rm -rf /tmp/v2ray
return 0
}
main

3
功能脚本/基础脚本/关闭防火墙.sh Normal file
View File

@@ -0,0 +1,3 @@
#!/bin/bash

4
功能脚本/基础脚本/去掉注释.sh Normal file
View File

@@ -0,0 +1,4 @@
sed -i -r '/^[ ]*#/d;/^$/d' /etc/haproxy/haproxy.cfg #修改配置文件去掉注释,或者你可以直接复制我的代码
sed -i -r '/^[ ]*#/d;/^$/d'#Port 22

44
功能脚本/基础脚本/参数传递-提示确认.sh Normal file
View File

@@ -0,0 +1,44 @@
#!/bin/bash
## 确认提示(一次)
# 这个示例代码将为确认提示一次如果你给输入错误程序会以状态1退出。
# 这个例子将只接受Y或N或YES或NO不区分大小写
read -r -p "Are You Sure? [Y/n] " input
case $input in
[yY][eE][sS]|[yY])
echo "Yes"
;;
[nN][oO]|[nN])
echo "No"
;;
*)
echo "Invalid input..."
exit 1
;;
esac
## 确认提示(循环确认)
# 提示进行确认(输入正常退出,输入错误则需重新输入,知道输入正确才可以)
while true
do
read -r -p "Are You Sure? [Y/n] " input
case $input in
[yY][eE][sS]|[yY])
echo "Yes"
break
;;
[nN][oO]|[nN])
echo "No"
break
;;
*)
echo "Invalid input..."
;;
esac
done

27
功能脚本/基础脚本/参数传递.sh Normal file
View File

@@ -0,0 +1,27 @@
#!/bin/bash
# 输出参数索引
echo "OPTIND starts at $OPTIND"
# 接收参数
while getopts ":pq:" optname
do
case "$optname" in
"p")
echo "Option $optname is specified"
;;
"q")
echo "Option $optname has value $OPTARG"
;;
"?")
echo "Unknown option $OPTARG"
;;
":")
echo "No argument value for option $OPTARG"
;;
*)
# Should not occur
echo "Unknown error while processing options"
;;
esac
echo "OPtIND now is $OPTIND"
done

67
功能脚本/基础脚本/安装单个软件.sh Normal file
View File

@@ -0,0 +1,67 @@
#!/bin/bash
CMD_INSTALL=""
CMD_UPDATE=""
SOFTWARE_UPDATED=0
#########color code#############
RED="31m" # Error message
GREEN="32m" # Success message
YELLOW="33m" # Warning message
BLUE="36m" # Info message
###############color echo func#################
colorEcho(){
echo -e "\033[${1}${@:2}\033[0m" 1>& 2
}
# 判断系统的包管理工具 apt, yum, or zypper
getPackageManageTool(){
if [[ -n `command -v apt-get` ]];then
CMD_INSTALL="apt-get -y -qq install"
CMD_UPDATE="apt-get -qq update"
elif [[ -n `command -v yum` ]]; then
CMD_INSTALL="yum -y -q install"
CMD_UPDATE="yum -q makecache"
elif [[ -n `command -v zypper` ]]; then
CMD_INSTALL="zypper -y install"
CMD_UPDATE="zypper ref"
else
return 1
fi
return 0
}
## 安装所需要的程序,及依赖程序
installDemands(){
COMPONENT=$1
if [[ -n `command -v $COMPONENT` ]]; then
return 0
fi
getPackageManageTool
if [[ $? -eq 1 ]]; then
colorEcho ${RED} "The system package manager tool isn't APT or YUM, please install ${COMPONENT} manually."
return 1
fi
### 更新程序引索
if [[ $SOFTWARE_UPDATED -eq 0 ]]; then
colorEcho ${BLUE} "正在更新软件包管理..."
$CMD_UPDATE
SOFTWARE_UPDATED=1
fi
colorEcho ${BLUE} "正在安装 ${COMPONENT}.."
$CMD_INSTALL $COMPONENT
if [[ $? -ne 0 ]]; then
colorEcho ${RED} "安装 ${COMPONENT} 失败. 请手动安装该程序."
return 1
else
colorEcho ${GREEN} "已经成功安装 ${COMPONENT}."
fi
return 0
}
## 下面只是例子,使用时在主函数中应用之
installDemands "iftop" || return $?

76
功能脚本/基础脚本/安装多个软件.sh Normal file
View File

@@ -0,0 +1,76 @@
#!/bin/bash
CMD_INSTALL=""
CMD_UPDATE=""
CMD_REMOVE=""
SOFTWARE_UPDATED=0
#########color code#############
RED="31m" # Error message
GREEN="32m" # Success message
YELLOW="33m" # Warning message
BLUE="36m" # Info message
###############color echo func#################
colorEcho(){
echo -e "\033[${1}${@:2}\033[0m" 1>& 2
}
# 判断系统的包管理工具 apt, yum, or zypper
getPackageManageTool(){
if [[ -n `command -v apt-get` ]];then
CMD_INSTALL="apt-get -y -qq install"
CMD_UPDATE="apt-get -qq update"
CMD_REMOVE="apt-get -y remove"
elif [[ -n `command -v yum` ]]; then
CMD_INSTALL="yum -y -q install"
CMD_UPDATE="yum -q makecache"
CMD_REMOVE="yum -y remove"
elif [[ -n `command -v zypper` ]]; then
CMD_INSTALL="zypper -y install"
CMD_UPDATE="zypper ref"
CMD_REMOVE="zypper -y remove"
else
return 1
fi
return 0
}
## 安装所需要的程序,及依赖程序
installDemandSoftwares(){
# 检查系统包管理方式,更新包
getPackageManageTool
if [[ $? -eq 1 ]]; then
colorEcho ${RED} "系统的包管理不是 APT or YUM, 请手动安装所需要的软件."
return 1
fi
### 更新程序引索
if [[ $SOFTWARE_UPDATED -eq 0 ]]; then
colorEcho ${BLUE} "正在更新软件包管理..."
$CMD_UPDATE
SOFTWARE_UPDATED=1
fi
for software in $@
do
## 安装该软件
if [[ -n `command -v ${software}` ]]; then
colorEcho ${GREEN} "${software}已经安装了...跳过..."
else
colorEcho ${BLUE} "正在安装 ${software}.."
$CMD_INSTALL ${software}
## 判断该软件是否安装成功
if [[ $? -ne 0 ]]; then
colorEcho ${RED} "安装 ${software} 失败. 请手动安装该程序."
return 1
else
colorEcho ${GREEN} "已经成功安装 ${software}."
fi
fi
done
return 0
}
installDemandSoftwares iftop vim curl wget mtr

66
功能脚本/基础脚本/检查系统版本.sh Normal file
View File

@@ -0,0 +1,66 @@
#!/bin/bash
### 为了文件美观直接继承了fontColor.sh文件 #####
#######第一种方法########
RED="31m" # Error message
GREEN="32m" # Success message
YELLOW="33m" # Warning message
BLUE="36m" # Info message
check_root(){
if [[ $EUID != 0 ]];then
colorEcho ${RED} "当前非root账号(或没有root权限)无法继续操作请更换root账号!"
colorEcho ${YELLOW} "使用sudo -命令获取临时root权限执行后可能会提示输入root密码"
exit 1
fi
}
####### 获取系统版本及64位或32位信息
check_sys(){
sys_bit=$(uname -m)
case $sys_bit in
i[36]86)
os_bit="32"
release="386"
;;
x86_64)
os_bit="64"
release="amd64"
;;
*armv6*)
os_bit="arm"
release="arm6"
;;
*armv7*)
os_bit="arm"
release="arm7"
;;
*aarch64* | *armv8*)
os_bit="arm64"
release="arm64"
;;
*)
colorEcho ${RED} "
哈哈……这个 辣鸡脚本 不支持你的系统。 (-_-) \n
备注: 仅支持 Ubuntu 16+ / Debian 8+ / CentOS 7+ 系统
" && exit 1
;;
esac
return 0
}
######## 颜色函数方法很精妙 ############
colorEcho(){
echo -e "\033[${1}${@:2}\033[0m" 1>& 2
}
main(){
check_root
check_sys
colorEcho $GREEN "\t你现在正在以root的身份查看系统信息"
colorEcho $YELLOW "\t操作系统是${os_bit}位的,发行版本是${release}"
}
main

33
功能脚本/基础脚本/获取本机的公网IP.sh Normal file
View File

@@ -0,0 +1,33 @@
#!/bin/bash
# 判断命令是否存在
command_exists() {
command -v "$@" >/dev/null 2>&1
}
# 获取服务器的公网IP地址
get_server_ip() {
local server_ip=""
local Network_Manage_Tool=""
if command_exists ip; then
Network_Manage_Tool="$(ip addr)"
elif command_exists ifconfig; then
Network_Manage_Tool="$(ifconfig)"
fi
server_ip=$(echo "$Network_Manage_Tool" | \
grep -oE "[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}" | \
grep -vE "^192\.168|^172\.1[6-9]\.|^172\.2[0-9]\.|^172\.3[0-2]\.|^10\.|^127\.|^255\.|^0\." | \
head -n 1)
# 自动获取失败时,通过网站提供的 API 获取外网地址
if [ -z "$server_ip" ]; then
server_ip="$(wget -qO- --no-check-certificate https://ipv4.icanhazip.com)"
server_ip=$(curl -s https://myip.ipip.net | awk '{print$2}' | cut -d"" -f2)
fi
echo "$server_ip"
}
get_server_ip

33
功能脚本/基础脚本/获取本机的内网IP.sh Normal file
View File

@@ -0,0 +1,33 @@
#!/bin/bash
# 判断命令是否存在
command_exists() {
command -v "$@" >/dev/null 2>&1
}
# 获取服务器的公网IP地址
get_Internal_IP() {
local Internal_IP=""
local Network_Manage_Tool=""
if command_exists ip; then
Network_Manage_Tool=$(ip addr)
Ethernet_Interface_Name=$(echo "$Network_Manage_Tool" | grep -Eo "eth([0-9]{1,3})|eno([0-9]{1,3})|ens([0-9]{1,3})" | head -n 1)
echo "正在使用ip addr命令获取内网的IP地址"
Internal_IP=$(ip addr show ${Ethernet_Interface_Name} | grep 'inet ' | head -1 | awk '{print $2}' | cut -f1 -d'/')
elif command_exists ifconfig; then
Network_Manage_Tool=$(ifconfig)
Ethernet_Interface_Name=$(echo "$Network_Manage_Tool" | grep -Eo "eth([0-9]{1,3})|eno([0-9]{1,3})|ens([0-9]{1,3})" | head -n 1)
echo "正在使用ifconfig命令获取内网的IP地址"
Internal_IP=$(ifconfig ${Ethernet_Interface_Name} | grep 'inet ' | head -1 | awk '{print $2}' | cut -f1 -d'/')
fi
echo ""
echo "$Internal_IP"
echo ""
}
get_Internal_IP

66
功能脚本/基础脚本/读取脚本传递参数.sh Normal file
View File

@@ -0,0 +1,66 @@
#!/bin/bash
# 当运行时, 可以传入额外的参数
## ./runParams.sh [-h] [-c] [--remove] [-p proxy] [-f] [--version vx.y.z] [-l file]
Help(){
cat - 1>& 2 << EOF
./install-release.sh [-h] [-c] [--remove] [-p proxy] [-f] [--version vx.y.z] [-l file]
-h, --help Show help
-p, --proxy To download through a proxy server, use -p socks5://127.0.0.1:1080 or -p http://127.0.0.1:3128 etc
-f, --force Force install
--version Install a particular version, use --version v3.15
-l, --local Install from a local file
--remove Remove installed V2Ray
-c, --check Check for update
EOF
}
#########################
while [[ $# > 0 ]]; do
case "$1" in
-p|--proxy)
PROXY="-x ${2}"
shift # past argument
;;
-h|--help)
HELP="1"
;;
-f|--force)
FORCE="1"
;;
-c|--check)
CHECK="1"
;;
--remove)
REMOVE="1"
;;
--version)
VERSION="$2"
shift
;;
--extract)
VSRC_ROOT="$2"
shift
;;
--extractonly)
EXTRACT_ONLY="1"
;;
-l|--local)
LOCAL="$2"
LOCAL_INSTALL="1"
shift
;;
--source)
DIST_SRC="$2"
shift
;;
--errifuptodate)
ERROR_IF_UPTODATE="1"
;;
*)
# unknown option
;;
esac
shift # past argument or value
done

26
升级所有的deployment.sh Normal file
View File

@@ -0,0 +1,26 @@
#!/bin/bash
app_list_backend=("cmii-uav-user" "cmii-admin-data" "cmii-admin-user" "cmii-uav-airspace" "cmii-uav-brain" "cmii-uav-clusters" "cmii-uav-data-post-process" "cmii-uav-developer" "cmii-uav-device" "cmii-uav-kpi-monitor" "cmii-uav-live" "cmii-uav-logger" "cmii-uav-mission" "cmii-uav-monitor" "cmii-uav-mqtthandler" "cmii-uav-notice" "cmii-uav-oauth" "cmii-uav-process" "cmii-uav-surveillance" "cmii-uav-user" "cmii-uav-waypoint" "cmii-uav-material-warehouse" "cmii-uav-gateway" "cmii-open-gateway" "cmii-admin-gateway")
app_list_frontend=("cmii-uav-platform" "cmii-uav-platform-ai-brain" "cmii-uav-platform-hyperspectral" "cmii-uav-platform-mws" "cmii-uav-platform-mws-admin" "cmii-uav-platform-oms" "cmii-uav-platform-cms" "cmii-uav-platform-open" "cmii-uav-platform-splice")
for app in ${app_list_frontend[@]}; do
echo ${app}
echo "--------------------------------------------------------------"
echo ""
echo "{\"spec\":{\"template\":{\"spec\":{\"containers\":[{\"name\":\"$app\",\"image\":\"harbor-manager.sre.cdcyy.cn/cmii/$app:2.1.14\"}]}}}}"
echo "--------------------------------------------------------------"
echo ""
kubectl patch deployment $(kubectl get deployment -n cmii | grep -w "${app}" | awk '{print $1}') -n cmii -p "{\"spec\":{\"template\":{\"spec\":{\"containers\":[{\"name\":\"$app\",\"image\":\"harbor-manager.sre.cdcyy.cn/cmii/$app:2.1.14\"}]}}}}"
echo "升级完成!!"
echo ""
done
kubectl get deployment -n uavcloud-dev | grep cmii-uav-user | awk '{print $1}'
kubectl patch deployment $(kubectl get deployment -n iot | grep mns | awk '{print $1}') -n iot -p '{"spec":{"template":{"spec":{"containers":[{"name": "iotx-foundry-mns","image":"docker.io/csiot/iotx-foundry-mns:latest"}]}}}}'
kk delete ing -n uavcloud-dev $(kk get ing -n uavcloud-dev | grep cmii | awk '{print$1}')
kk delete configmap -n uavcloud-dev $(kk get configmap -n uavcloud-dev | grep tenant-prefix | awk '{print$1}')

40
基础脚本/fontColor.sh Normal file
View File

@@ -0,0 +1,40 @@
#!/bin/bash
#######第一种方法(推荐使用 颜色函数)########
#########color code#############
RED="31m" ## 姨妈红
GREEN="32m" ## 水鸭青
YELLOW="33m" ## 鸭屎黄
BLUE="35m" ## 基佬紫
BLUE="36m" ## 天依蓝
###############color echo func#################
colorEcho(){
echo -e "\033[${1}${@:2}\033[0m" 1>& 2
}
###########第二种方法###############
Red_font_prefix="\033[31m"
Green_font_prefix="\033[32m"
Yellow_font_prefix="\033[33m"
Blue_font_prefix="\033[34m"
Green_background_prefix="\033[42;37m"
Red_background_prefix="\033[41;37m"
Font_color_suffix="\033[0m"
main(){
colorEcho ${RED} "这是红色的字体!"
colorEcho ${GREEN} "这是绿色的字体!"
colorEcho ${YELLOW} "这是黄色的字体!"
colorEcho ${BLUE} "这是蓝色的字体!"
echo "#######################下面是第二种方法!###############################"
echo
echo -e "${Red_font_prefix}这是红色的字体!${Font_color_suffix}"
echo -e "${Green_font_prefix}这是绿色的字体!${Font_color_suffix}"
echo -e "${Yellow_font_prefix}这是黄色的字体!${Font_color_suffix}"
echo -e "${Blue_font_prefix}这是蓝色的字体!${Font_color_suffix}"
}
main

Some files were not shown because too many files have changed in this diff Show More