diff --git a/0-部署应用/Oracle-Cloud/所有集群的IP网段.txt b/0-部署应用/Oracle-Cloud/所有集群的IP网段.txt index c4976cd..3200458 100644 --- a/0-部署应用/Oracle-Cloud/所有集群的IP网段.txt +++ b/0-部署应用/Oracle-Cloud/所有集群的IP网段.txt @@ -1,17 +1,31 @@ -# seoul arm +# seoul tokyo amd64 +140.238.0.0/16 + +# seoul arm-01 +132.145.87.10/32 + +# seoul arm-02 146.56.0.0/16 + # tokyo arm 150.230.0.0/16 -# tokyo seoul -140.238.0.0/16 + # phonix send to boge #144.24.0.0/16 + # phonix amd 129.146.0.0/16 + # osaka amd64 140.83.0.0/16 +# frankfurt amd64 +158.180.0.0/16 + # tencent-shanghai 42.192.52.227/32 # tencent-hongkong -43.154.83.213/32 \ No newline at end of file +43.154.83.213/32 + +# Rare.io-amd64-deussdolf +144.24.164.121/32 \ No newline at end of file diff --git a/0-部署应用/minio-docker.sh b/0-部署应用/minio-docker.sh deleted file mode 100644 index b0998e6..0000000 --- a/0-部署应用/minio-docker.sh +++ /dev/null @@ -1,16 +0,0 @@ -#!/bin/bash - - -export MIOIO_DATA_PATH=/var/lib/docker/minio-pv - - -mkdir -p ${MIOIO_DATA_PATH} -chown -R 1001:1001 ${MIOIO_DATA_PATH} - -docker run -d \ - --env MINIO_ACCESS_KEY="cmii" \ - --env MINIO_SECRET_KEY="boge14@Level5" \ - --volume ${MIOIO_DATA_PATH}:/data \ - --network host \ - --name minio-server \ - bitnami/minio:2021.11.24-debian-10-r0 diff --git a/0-部署应用/nacos-docker.sh b/0-部署应用/nacos-docker.sh deleted file mode 100644 index d08f4b2..0000000 --- a/0-部署应用/nacos-docker.sh +++ /dev/null @@ -1,14 +0,0 @@ -#!/bin/bash - - - -docker run -d \ - -e MODE=standalone \ - -e MYSQL_SERVICE_HOST=localhost \ - -e MYSQL_SERVICE_PORT=33306 \ - -e MYSQL_SERVICE_DB_NAME=nacos_config \ - -e MYSQL_SERVICE_USER=root \ - -e MYSQL_SERVICE_PASSWORD=boge14@Level5 \ - --name nacos-server \ - --network host \ - nacos/nacos-server:2.0.2 \ No newline at end of file diff --git a/1-代理Xray/0-主机网络优化/内核转发优化.txt b/1-代理Xray/0-主机网络优化/内核转发优化.txt index 6550c5f..d34b04f 100644 --- a/1-代理Xray/0-主机网络优化/内核转发优化.txt +++ b/1-代理Xray/0-主机网络优化/内核转发优化.txt @@ -69,7 +69,7 @@ sudo sysctl -p /etc/sysctl.d/proxy-wdd.conf sysctl net.ipv4.tcp_congestion_control -sudo ethtool -K enp0s3 gro on -sudo ethtool -K enp0s3 gso on -sudo ethtool -K enp0s3 tso on +sudo ethtool -K eth0 gro on +sudo ethtool -K eth0 gso on +sudo ethtool -K eth0 tso on diff --git a/1-代理Xray/路由转发内核优化.sh b/1-代理Xray/0-主机网络优化/路由转发内核优化.sh similarity index 100% rename from 1-代理Xray/路由转发内核优化.sh rename to 1-代理Xray/0-主机网络优化/路由转发内核优化.sh diff --git a/1-代理Xray/0-香港节点/0-分层代理回落.json b/1-代理Xray/0-香港节点/0-分层代理回落.json index b0fdf93..b46a5c3 100644 --- a/1-代理Xray/0-香港节点/0-分层代理回落.json +++ b/1-代理Xray/0-香港节点/0-分层代理回落.json @@ -9,7 +9,7 @@ "settings": { "clients": [ { - "id": "b4bdf874-8c03-5bd8-8fd7-5e409dfd82c0", + "id": "8c1b580b-c59d-4b89-b020-980fa947539f", "flow": "xtls-rprx-vision", "email": "cc@vless.com", "level": 0 @@ -72,7 +72,7 @@ "clients": [ { "email": "ice@qq.com", - "password": "Vad3.123a)asd1234-asdasd.asdazzS.123", + "password": "VaC3.123a-asd1234-asdasd.aAsDazzS.123", "level": 0 } ] diff --git a/1-代理Xray/0-香港节点/分层代理回落.json b/1-代理Xray/0-香港节点/分层代理回落.json deleted file mode 100644 index 5125c4b..0000000 --- a/1-代理Xray/0-香港节点/分层代理回落.json +++ /dev/null @@ -1,126 +0,0 @@ -{ - "log": { - "loglevel": "debug" - }, - "inbounds": [ - { - "port": 443, - "protocol": "vless", - "settings": { - "clients": [ - { - "id": "b4bdf874-8c03-5bd8-8fd7-5e409dfd82c0", - "flow": "xtls-rprx-vision" - } - ], - "decryption": "none", - "fallbacks": [ - { - "name": "xx.tc.hk.go.107421.xyz", - "path": "/status", - "dest": 5000, - "xver": 1 - }, - { - "name": "book.107421.xyz", - "dest": 5003, - "xver": 1 - }, - { - "name": "book.107421.xyz", - "alpn": "h2", - "dest": 5004, - "xver": 1 - }, - { - "dest": 5001, - "xver": 1 - }, - { - "alpn": "h2", - "dest": 5002, - "xver": 1 - } - ] - }, - "streamSettings": { - "network": "tcp", - "security": "tls", - "tlsSettings": { - "alpn": ["h2", "http/1.1"], - "certificates": [ - { - "certificateFile": "/root/.acme.sh/book.107421.xyz_ecc/fullchain.cer", - "keyFile": "/root/.acme.sh/book.107421.xyz_ecc/book.107421.xyz.key" - } - ] - } - } - }, - { - "port": 5000, - "listen": "127.0.0.1", - "protocol": "vless", - "settings": { - "clients": [ - { - "id": "481d1403-de9a-5ae1-b921-18c04a4a9da0", - "level": 0, - "email": "dd@qq.com" - } - ], - "decryption": "none" - }, - "streamSettings": { - "network": "ws", - "security": "tls", - "wsSettings": { - "acceptProxyProtocol": true, - "path": "/status" - }, - "tlsSettings": { - "alpn": ["h2", "http/1.1"], - "certificates": [ - { - "certificateFile": "/root/.acme.sh/xx.tc.hk.go.107421.xyz_ecc/fullchain.cer", - "keyFile": "/root/.acme.sh/xx.tc.hk.go.107421.xyz_ecc/xx.tc.hk.go.107421.xyz.key" - } - ] - } - } - }, - { - "listen": "0.0.0.0", - "port": 29999, - "protocol": "trojan", - "settings": { - "clients": [ - { - "password": "V2ryStr0ngP0ss" - } - ] - }, - "streamSettings": { - "network": "tcp", - "security": "tls", - "tlsSettings": { - "alpn": [ - "h2", - "http/1.1" - ], - "certificates": [ - { - "certificateFile": "/root/.acme.sh/xx.tc.hk.go.107421.xyz_ecc/fullchain.cer", - "keyFile": "/root/.acme.sh/xx.tc.hk.go.107421.xyz_ecc/xx.tc.hk.go.107421.xyz.key" - } - ] - } - } - } - ], - "outbounds": [ - { - "protocol": "freedom" - } - ] -} \ No newline at end of file diff --git a/1-代理Xray/1-韩国中转/0-Vless回落中转-Seoul-ARM-01.json b/1-代理Xray/1-韩国中转/0-Seoul-ARM-01-Vless回落中转-.json similarity index 93% rename from 1-代理Xray/1-韩国中转/0-Vless回落中转-Seoul-ARM-01.json rename to 1-代理Xray/1-韩国中转/0-Seoul-ARM-01-Vless回落中转-.json index b6e2adb..27b39fc 100644 --- a/1-代理Xray/1-韩国中转/0-Vless回落中转-Seoul-ARM-01.json +++ b/1-代理Xray/1-韩国中转/0-Seoul-ARM-01-Vless回落中转-.json @@ -20,6 +20,13 @@ { "name": "pan.107421.xyz", "dest": 5003, + "alpn": "h2", + "xver": 2 + }, + { + "name": "push.107421.xyz", + "dest": 5004, + "alpn": "h2", "xver": 2 }, { @@ -62,6 +69,11 @@ "ocspStapling": 3600, "certificateFile": "/root/.acme.sh/pan.107421.xyz_ecc/fullchain.cer", "keyFile": "/root/.acme.sh/pan.107421.xyz_ecc/pan.107421.xyz.key" + }, + { + "ocspStapling": 3600, + "certificateFile": "/root/.acme.sh/push.107421.xyz_ecc/fullchain.cer", + "keyFile": "/root/.acme.sh/push.107421.xyz_ecc/push.107421.xyz.key" } ], "minVersion": "1.2", diff --git a/1-代理Xray/1-韩国中转/0-Seoul4-Vless回落中转.json b/1-代理Xray/1-韩国中转/0-Seoul4-Vless回落中转.json index 7a7932b..52bc507 100644 --- a/1-代理Xray/1-韩国中转/0-Seoul4-Vless回落中转.json +++ b/1-代理Xray/1-韩国中转/0-Seoul4-Vless回落中转.json @@ -9,7 +9,7 @@ "settings": { "clients": [ { - "id": "1dde748d-32ee-4ed7-b70b-f2376d34e7e5", + "id": "1089cc14-557e-47ac-ac85-c07957b3cce3", "flow": "xtls-rprx-vision", "email": "cc@vless.com", "level": 0 @@ -82,7 +82,7 @@ "clients": [ { "email": "general@trojan-h2-tokyo2", - "password": "ADasfsaad12.21312@113.adsaddasds.112321", + "password": "ADaSfsaad12.21312-.1Ac13.adsCCddasds.112321", "level": 0 } ] diff --git a/1-代理Xray/2-上海中转/0-Shanghai.json b/1-代理Xray/2-上海中转/0-Shanghai.json index be37895..9798785 100644 --- a/1-代理Xray/2-上海中转/0-Shanghai.json +++ b/1-代理Xray/2-上海中转/0-Shanghai.json @@ -25,6 +25,31 @@ "allowTransparent": false } }, + { + "tag": "proxy-germany", + "port": 22889, + "listen": "0.0.0.0", + "protocol": "socks", + "sniffing": { + "enabled": true, + "destOverride": [ + "http", + "tls" + ], + "routeOnly": false + }, + "settings": { + "auth": "password", + "accounts": [ + { + "user": "zeaslity", + "pass": "lovemm.23" + } + ], + "udp": true, + "allowTransparent": false + } + }, { "tag": "direct", "port": 22887, @@ -89,6 +114,43 @@ "concurrency": -1 } }, + { + "tag": "proxy-germany", + "protocol": "vless", + "settings": { + "vnext": [ + { + "address": "45.134.50.233", + "port": 443, + "users": [ + { + "id": "8a681ef0-cb4b-4768-9553-49acb7b9a1ad", + "email": "t@t.tt", + "security": "auto", + "encryption": "none", + "flow": "xtls-rprx-vision" + } + ] + } + ] + }, + "streamSettings": { + "network": "tcp", + "security": "tls", + "tlsSettings": { + "allowInsecure": false, + "serverName": "bingo.107421.xyz", + "alpn": [ + "h2" + ], + "fingerprint": "firefox" + } + }, + "mux": { + "enabled": false, + "concurrency": -1 + } + }, { "tag": "direct", "protocol": "freedom", @@ -123,6 +185,13 @@ "proxy-socks" ] }, + { + "type": "field", + "outboundTag": "proxy-germany", + "inboundTag": [ + "proxy-germany" + ] + }, { "type": "field", "outboundTag": "direct", diff --git a/1-代理Xray/3-搬瓦工节点/0-分层代理.json b/1-代理Xray/3-搬瓦工节点/0-分层代理.json index 5109922..5ada0c3 100644 --- a/1-代理Xray/3-搬瓦工节点/0-分层代理.json +++ b/1-代理Xray/3-搬瓦工节点/0-分层代理.json @@ -9,7 +9,7 @@ "settings": { "clients": [ { - "id": "717c40e7-efeb-45bc-8f5e-4e6e7d9eea18", + "id": "0c5741d0-76a9-4945-9c1d-14647afcce24", "flow": "xtls-rprx-vision", "email": "cc@gg.com", "level": 0 @@ -72,7 +72,7 @@ "clients": [ { "email": "ice@qq.com", - "password": "Vad3.123a)asd@1234-as.dasd.asdazzS.123", + "password": "Vad3.123acasd-1234-as.dAsd.asdazzS.123", "level": 0 } ] diff --git a/1-代理Xray/4-凤凰城arm02节点/0-分层代理回落.json b/1-代理Xray/4-凤凰城arm02节点/0-分层代理回落.json index d5b94a2..fb5f7e4 100644 --- a/1-代理Xray/4-凤凰城arm02节点/0-分层代理回落.json +++ b/1-代理Xray/4-凤凰城arm02节点/0-分层代理回落.json @@ -9,7 +9,7 @@ "settings": { "clients": [ { - "id": "12491d80-745c-4e26-a58b-edf584afb208", + "id": "f1335f03-8c67-43c4-ac47-88697e917cc0", "flow": "xtls-rprx-vision", "email": "cc@Phoenix-arm02.com", "level": 0 diff --git a/1-代理Xray/5-临时Vmess方案/德国-vulter.json b/1-代理Xray/5-临时Vmess方案/德国-vulter.json new file mode 100644 index 0000000..76ae277 --- /dev/null +++ b/1-代理Xray/5-临时Vmess方案/德国-vulter.json @@ -0,0 +1,28 @@ +{ + "log": { + "loglevel": "warning" + }, + "inbounds": [ + { + "listen": "0.0.0.0", + "port": 31234, + "protocol": "vmess", + "settings": { + "clients": [ + { + "id": "7d390fdf-0a48-4a3e-b18c-b18db36c6f23" + } + ] + }, + "streamSettings": { + "network": "tcp" + } + } + ], + "outbounds": [ + { + "protocol": "freedom", + "tag": "direct" + } + ] +} \ No newline at end of file diff --git a/1-代理Xray/6-德国-Care节点/0-分层代理回落.json b/1-代理Xray/6-德国-Care节点/0-分层代理回落.json new file mode 100644 index 0000000..4aff4c7 --- /dev/null +++ b/1-代理Xray/6-德国-Care节点/0-分层代理回落.json @@ -0,0 +1,64 @@ +{ + "log": { + "loglevel": "warning" + }, + "inbounds": [ + { + "port": 443, + "protocol": "vless", + "settings": { + "clients": [ + { + "id": "b1417d92-998d-410b-a5f3-cf144b6f043e", + "flow": "xtls-rprx-vision", + "email": "cc@vless.com", + "level": 0 + } + ], + "decryption": "none", + "fallbacks": [ + { + "dest": "/dev/shm/h2c.sock", + "xver": 2, + "alpn": "h2" + }, + { + "dest": "/dev/shm/h1.sock", + "xver": 2 + } + ] + }, + "streamSettings": { + "network": "tcp", + "security": "tls", + "tlsSettings": { + "certificates": [ + { + "ocspStapling": 3600, + "certificateFile": "/root/.acme.sh/bingo.107421.xyz_ecc/fullchain.cer", + "keyFile": "/root/.acme.sh/bingo.107421.xyz_ecc/bingo.107421.xyz.key" + } + ], + "minVersion": "1.2", + "cipherSuites": "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256:TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384:TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", + "alpn": [ + "h2", + "http/1.1" + ] + } + }, + "sniffing": { + "enabled": true, + "destOverride": [ + "http", + "tls" + ] + } + } + ], + "outbounds": [ + { + "protocol": "freedom" + } + ] +} \ No newline at end of file diff --git a/1-代理Xray/6-德国-Care节点/节点IP.txt b/1-代理Xray/6-德国-Care节点/节点IP.txt new file mode 100644 index 0000000..5b23d05 --- /dev/null +++ b/1-代理Xray/6-德国-Care节点/节点IP.txt @@ -0,0 +1 @@ +当前 IP:45.134.50.233 来自于:罗马尼亚 蒂米什县 蒂米什瓦拉 bunea.eu diff --git a/1-代理Xray/9-伪装网站/dist.zip b/1-代理Xray/9-伪装网站/dist.zip new file mode 100644 index 0000000..0a62c61 Binary files /dev/null and b/1-代理Xray/9-伪装网站/dist.zip differ diff --git a/1-代理Xray/9-伪装网站/nginx-高版本.conf b/1-代理Xray/9-伪装网站/nginx-高版本.conf new file mode 100644 index 0000000..68b24bf --- /dev/null +++ b/1-代理Xray/9-伪装网站/nginx-高版本.conf @@ -0,0 +1,58 @@ +# Restrict access to the website by IP or wrong domain name) and return 400 +server { + listen unix:/dev/shm/h2c.sock proxy_protocol default_server; + # listen 5000; + http2 on; + set_real_ip_from unix:; + real_ip_header proxy_protocol; + server_name _; + return 400 "not allowed"; +} +server { + # listen 5001; + listen unix:/dev/shm/h1.sock proxy_protocol default_server; + set_real_ip_from unix:; + real_ip_header proxy_protocol; + server_name _; + return 400 "not allowed"; +} + +# HTTP1 UDS listener +server { + listen unix:/dev/shm/h1.sock proxy_protocol; + # listen 5001; + server_name bingo.107421.xyz; + + set_real_ip_from unix:; + real_ip_header proxy_protocol; + + location / { + add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always; # enable HSTS + root /var/www/html/; + index index.html index.htm; + } +} + +# HTTP2 UDS listener +server { + listen unix:/dev/shm/h2c.sock proxy_protocol; + + http2 on; + + set_real_ip_from unix:; + real_ip_header proxy_protocol; + + server_name bingo.107421.xyz; + + # grpc settings + # grpc_read_timeout 1h; + # grpc_send_timeout 1h; + # grpc_set_header X-Real-IP $remote_addr; + + # Decoy website + location / { + add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always; # enable HSTS + root /var/www/html; + index index.html index.htm; + } +} \ No newline at end of file diff --git a/1-代理Xray/9-伪装网站/nginx.conf b/1-代理Xray/9-伪装网站/nginx.conf new file mode 100644 index 0000000..663b9c0 --- /dev/null +++ b/1-代理Xray/9-伪装网站/nginx.conf @@ -0,0 +1,57 @@ +# Restrict access to the website by IP or wrong domain name) and return 400 +server { + listen unix:/dev/shm/h2c.sock http2 proxy_protocol default_server; + # listen 5000; + # http2 on; + set_real_ip_from unix:; + real_ip_header proxy_protocol; + server_name _; + return 400 "not allowed"; +} +server { + # listen 5001; + listen unix:/dev/shm/h1.sock proxy_protocol default_server; + set_real_ip_from unix:; + real_ip_header proxy_protocol; + server_name _; + return 400 "not allowed"; +} + +# HTTP1 UDS listener +server { + listen unix:/dev/shm/h1.sock proxy_protocol; + # listen 5001; + server_name bingo.107421.xyz; + + set_real_ip_from unix:; + real_ip_header proxy_protocol; + + location / { + add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always; # enable HSTS + root /var/www/html/; + index index.html index.htm; + } +} + +# HTTP2 UDS listener +server { + listen unix:/dev/shm/h2c.sock http2 proxy_protocol; + + + set_real_ip_from unix:; + real_ip_header proxy_protocol; + + server_name bingo.107421.xyz; + + # grpc settings + # grpc_read_timeout 1h; + # grpc_send_timeout 1h; + # grpc_set_header X-Real-IP $remote_addr; + + # Decoy website + location / { + add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always; # enable HSTS + root /var/www/html; + index index.html index.htm; + } +} \ No newline at end of file diff --git a/1-代理Xray/0-香港节点/在线安装nginx.sh b/1-代理Xray/9-伪装网站/在线安装nginx.sh similarity index 66% rename from 1-代理Xray/0-香港节点/在线安装nginx.sh rename to 1-代理Xray/9-伪装网站/在线安装nginx.sh index 80fc1d4..599fc28 100644 --- a/1-代理Xray/0-香港节点/在线安装nginx.sh +++ b/1-代理Xray/9-伪装网站/在线安装nginx.sh @@ -16,4 +16,22 @@ echo -e "Package: *\nPin: origin nginx.org\nPin: release o=nginx\nPin-Priority: | sudo tee /etc/apt/preferences.d/99nginx sudo apt update -sudo apt install -y nginx \ No newline at end of file +sudo apt install -y nginx + +mkdir -p /var/www/html/ +mv dist.zip /var/www/html/ +cd /var/www/html/ +unzip dist.zip +chown -R www-data:www-data /var/www/html/ +chmod -R 755 /var/www/html/ + + +systemctl restart nginx +systemctl enable nginx + +systemctl restart xray +systemctl enable xray + +journalctl -u nginx -n 100 -f + +journalctl -u xray -n 100 -f diff --git a/1-代理Xray/98-subscribe-clash.yaml b/1-代理Xray/98-subscribe-clash.yaml index b44892b..1b636c9 100644 --- a/1-代理Xray/98-subscribe-clash.yaml +++ b/1-代理Xray/98-subscribe-clash.yaml @@ -57,13 +57,15 @@ proxies: - {"type":"socks5","name":"onetools-35-71","server":"192.168.35.71","port":22888,"username":"zeaslity","password":"password","udp":true} - {"type":"socks5","name":"TC-SH","server":"42.192.52.227","port":22887,"username":"zeaslity","password":"lovemm.23","udp":true} - {"type":"socks5","name":"TC-SH-LosA-BanH","server":"42.192.52.227","port":22888,"username":"zeaslity","password":"lovemm.23","udp":true} - - {"type":"trojan","name":"TC-HK-Trojan","server":"43.154.83.213","port":443,"password":"Vad3.123a)asd1234-asdasd.asdazzS.123","udp":true,"skip-cert-verify":false,"sni":"xx.tc.hk.go.107421.xyz","network":"http","ws-opts":{"path":"status"}} - - {"type":"vless","name":"TC-HK-Vless","server":"43.154.83.213","port":443,"uuid":"b4bdf874-8c03-5bd8-8fd7-5e409dfd82c0","skip-cert-verify":false,"network":"tcp","flow":"xtls-rprx-vision","servername":"book.107421.xyz","tls":true,"udp":true} - - {"type":"vless","name":"Oracle-Seoul-ARM01-Vless","server":"132.145.87.10","port":443,"uuid":"1dde748d-32ee-4ed7-b70b-f2376d34e7e5","skip-cert-verify":false,"network":"tcp","flow":"xtls-rprx-vision","servername":"xx.s0.yy.ac.107421.xyz","tls":true,"udp":true} - - {"type":"vless","name":"Oracle-Seoul-Vless","server":"140.238.14.103","port":443,"uuid":"1dde748d-32ee-4ed7-b70b-f2376d34e7e5","skip-cert-verify":false,"network":"tcp","flow":"xtls-rprx-vision","servername":"xx.s4.cc.hh.107421.xyz","tls":true,"udp":true} - - {"type":"vless","name":"BanH-LosA-Vless","server":"89.208.251.209","port":443,"uuid":"717c40e7-efeb-45bc-8f5e-4e6e7d9eea18","skip-cert-verify":false,"network":"tcp","flow":"xtls-rprx-vision","servername":"octopus.107421.xyz","tls":true,"udp":true} - - {"type":"trojan","name":"BanH-LosA-Trojan","server":"89.208.251.209","port":443,"password":"Vad3.123a)asd@1234-as.dasd.asdazzS.123","udp":true,"skip-cert-verify":false,"sni":"xx.l4.cc.nn.107421.xyz","network":"http","ws-opts":{"path":"status","headers":{"host":"xx.l4.cc.nn.107421.xyz"}}} - - {"type":"trojan","name":"Oracle-Tokyo-Trojan","server":"140.238.14.103","port":443,"password":"ADasfsaad12.21312@113.adsaddasds.112321","udp":true,"skip-cert-verify":false,"sni":"xx.t2.ll.c0.107421.xyz","network":"http","ws-opts":{"path":"vlh2tokyo2","headers":{"host":"xx.t2.ll.c0.107421.xyz"}}} + - {"type":"socks5","name":"TC-SH-Germany","server":"42.192.52.227","port":22889,"username":"zeaslity","password":"lovemm.23","udp":true} + - {"type":"trojan","name":"TC-HK-Trojan","server":"43.154.83.213","port":443,"password":"VaC3.123a-asd1234-asdasd.aAsDazzS.123","udp":true,"skip-cert-verify":false,"sni":"xx.tc.hk.go.107421.xyz","network":"http","ws-opts":{"path":"status"}} + - {"type":"vless","name":"TC-HK-Vless","server":"43.154.83.213","port":443,"uuid":"8c1b580b-c59d-4b89-b020-980fa947539f","skip-cert-verify":false,"network":"tcp","flow":"xtls-rprx-vision","servername":"book.107421.xyz","tls":true,"udp":true} + - {"type":"vless","name":"Care-Germany-Vless","server":"45.134.50.233","port":443,"uuid":"b1417d92-998d-410b-a5f3-cf144b6f043e","skip-cert-verify":false,"network":"tcp","flow":"xtls-rprx-vision","servername":"bingo.107421.xyz","tls":true,"udp":true} + - {"type":"vless","name":"Oracle-Seoul-ARM01-Vless","server":"132.145.87.10","port":443,"uuid":"1089cc14-557e-47ac-ac85-c07957b3cce3","skip-cert-verify":false,"network":"tcp","flow":"xtls-rprx-vision","servername":"xx.s0.yy.ac.107421.xyz","tls":true,"udp":true} + - {"type":"vless","name":"Oracle-Seoul-Vless","server":"140.238.14.103","port":443,"uuid":"1089cc14-557e-47ac-ac85-c07957b3cce3","skip-cert-verify":false,"network":"tcp","flow":"xtls-rprx-vision","servername":"xx.s4.cc.hh.107421.xyz","tls":true,"udp":true} + - {"type":"vless","name":"BanH-LosA-Vless","server":"89.208.251.209","port":443,"uuid":"0c5741d0-76a9-4945-9c1d-14647afcce24","skip-cert-verify":false,"network":"tcp","flow":"xtls-rprx-vision","servername":"octopus.107421.xyz","tls":true,"udp":true} + - {"type":"trojan","name":"BanH-LosA-Trojan","server":"89.208.251.209","port":443,"password":"Vad3.123acasd-1234-as.dAsd.asdazzS.123","udp":true,"skip-cert-verify":false,"sni":"xx.l4.cc.nn.107421.xyz","network":"http","ws-opts":{"path":"status","headers":{"host":"xx.l4.cc.nn.107421.xyz"}}} + - {"type":"trojan","name":"Oracle-Tokyo-Trojan","server":"140.238.14.103","port":443,"password":"ADaSfsaad12.21312-.1Ac13.adsCCddasds.112321","udp":true,"skip-cert-verify":false,"sni":"xx.t2.ll.c0.107421.xyz","network":"http","ws-opts":{"path":"vlh2tokyo2","headers":{"host":"xx.t2.ll.c0.107421.xyz"}}} - {"type":"vless","name":"Oracle-Pheonix-ARM02-Vless","server":"129.146.57.94","port":443,"uuid":"12491d80-745c-4e26-a58b-edf584afb208","skip-cert-verify":false,"network":"tcp","flow":"xtls-rprx-vision","servername":"zc.p4.cc.xx.107421.xyz","tls":true,"udp":true} proxy-groups: - name: 🚀 节点选择 @@ -75,12 +77,14 @@ proxy-groups: - us-central-free - Oracle-Seoul-Vless - Oracle-Seoul-ARM01-Vless + - Care-Germany-Vless - TC-SH + - TC-SH-LosA-BanH + - TC-SH-Germany - TC-HK-Trojan - Oracle-Tokyo-Trojan - Oracle-Pheonix-ARM02-Vless - onetools-35-71 - - TC-SH-LosA-BanH - ♻️ 自动选择 - DIRECT - name: ♻️ 自动选择 @@ -94,6 +98,7 @@ proxy-groups: - us-central-free - Oracle-Seoul-Vless - Oracle-Seoul-ARM01-Vless + - Care-Germany-Vless - Oracle-Tokyo-Trojan - Oracle-Pheonix-ARM02-Vless - BanH-LosA-Vless @@ -109,6 +114,7 @@ proxy-groups: - us-central-free - Oracle-Seoul-Vless - Oracle-Seoul-ARM01-Vless + - Care-Germany-Vless - BanH-LosA-Vless - TC-HK-Trojan - TC-HK-Vless @@ -154,8 +160,8 @@ proxy-groups: - name: 💩 工作代理 type: select proxies: - - onetools-35-71 - DIRECT + - onetools-35-71 - name: 🎯 全球直连 type: select proxies: @@ -191,7 +197,7 @@ rules: - DOMAIN-SUFFIX,wdd.io,💩 工作直连 - DOMAIN-SUFFIX,harbor.cdcyy.com.cn,💩 工作代理 - DOMAIN-SUFFIX,ecs.io,💩 工作代理 - - DOMAIN-SUFFIX,ops.uavcmlc.com,💩 工作代理 + - DOMAIN-SUFFIX,uavcmlc.com,💩 工作代理 - DOMAIN-SUFFIX,acl4.ssr,🎯 全球直连 - DOMAIN-SUFFIX,ip6-localhost,🎯 全球直连 - DOMAIN-SUFFIX,ip6-loopback,🎯 全球直连 @@ -2321,6 +2327,7 @@ rules: - IP-CIDR6,2001:b28:f23d::/48,📲 电报信息,no-resolve - IP-CIDR6,2001:b28:f23f::/48,📲 电报信息,no-resolve - DOMAIN-SUFFIX,hetushu.com,🚀 节点选择 + - DOMAIN-SUFFIX,gitea.107421.xyz,🚀 节点选择 - DOMAIN-SUFFIX,1password.com,🚀 节点选择 - DOMAIN-SUFFIX,v2rayse.com,🚀 节点选择 - DOMAIN-SUFFIX,vpnse.org,🚀 节点选择 diff --git a/1-代理Xray/99-subscribe-octopus-latest.txt b/1-代理Xray/99-subscribe-octopus-latest.txt index 0e4e3b5..5545871 100644 --- a/1-代理Xray/99-subscribe-octopus-latest.txt +++ b/1-代理Xray/99-subscribe-octopus-latest.txt @@ -1,11 +1,11 @@ vmess://eyJ2IjoiMiIsInBzIjoidXMtY2VudGUtZnJlZSIsImFkZCI6Im5vcnRoZmxhbmsuMTA3NDIxLnh5eiIsInBvcnQiOjQ0MywiaWQiOiJkZTA0YWRkOS01YzY4LThiYWItOTUwYy0wOGNkNTMyMGRmMTgiLCJhaWQiOjAsInNjeSI6ImF1dG8iLCJuZXQiOiJ3cyIsInBhdGgiOiIvdm1lc3MiLCJ0bHMiOiJ0bHMifQ== -trojan://Vad3.123a%29asd1234-asdasd.asdazzS.123@43.154.83.213:443?flow=xtls-rprx-vision&security=tls&sni=xx.tc.hk.go.107421.xyz&alpn=h2&fp=firefox&type=http&path=trh2#TC-HK-Trojan +trojan://VaC3.123a-asd1234-asdasd.aAsDazzS.123@43.154.83.213:443?flow=xtls-rprx-vision&security=tls&sni=xx.tc.hk.go.107421.xyz&alpn=h2&fp=firefox&type=http&path=status#TC-HK-Trojan vless://b4bdf874-8c03-5bd8-8fd7-5e409dfd82c0@43.154.83.213:443?encryption=none&flow=xtls-rprx-vision&security=tls&sni=book.107421.xyz&alpn=h2%2Chttp%2F1.1&fp=firefox&type=tcp&headerType=none#TC-HK-Vless -vless://1dde748d-32ee-4ed7-b70b-f2376d34e7e5@132.145.87.10:443?encryption=none&flow=xtls-rprx-vision&security=tls&sni=xx.s0.yy.ac.107421.xyz&alpn=h2&fp=firefox&type=tcp&headerType=none&host=xx.s0.yy.ac.107421.xyz#Oracle-Seoul-ARM01-Vless -vless://1dde748d-32ee-4ed7-b70b-f2376d34e7e5@140.238.14.103:443?encryption=none&flow=xtls-rprx-vision&security=tls&sni=xx.s4.cc.hh.107421.xyz&alpn=h2&fp=firefox&type=tcp&headerType=none&host=xx.s4.cc.hh.107421.xyz#Oracle-Seoul-Vless +vless://b1417d92-998d-410b-a5f3-cf144b6f043e@45.134.50.233:443?encryption=none&flow=xtls-rprx-vision&security=tls&sni=bingo.107421.xyz&alpn=h2%2Chttp%2F1.1&fp=firefox&type=tcp&headerType=none#Care-Germany-Vless +vless://1089cc14-557e-47ac-ac85-c07957b3cce3@140.238.14.103:443?encryption=none&flow=xtls-rprx-vision&security=tls&sni=xx.s4.cc.hh.107421.xyz&alpn=h2&fp=firefox&type=tcp&headerType=none&host=xx.s4.cc.hh.107421.xyz#Oracle-Seoul-Vless socks://emVhc2xpdHk6bG92ZW1tLjIz@42.192.52.227:22888#TC-SH-LosA-BanH -vless://717c40e7-efeb-45bc-8f5e-4e6e7d9eea18@89.208.251.209:443?encryption=none&flow=xtls-rprx-vision&security=tls&sni=octopus.107421.xyz&alpn=h2&fp=firefox&type=tcp&headerType=none#BanH-LosA-Vless -trojan://Vad3.123a%29asd%401234-as.dasd.asdazzS.123@89.208.251.209:443?flow=xtls-rprx-vision&security=tls&sni=xx.l4.cc.nn.107421.xyz&alpn=h2&fp=firefox&type=http&host=xx.l4.cc.nn.107421.xyz&path=status#BanH-LosA-Trojan -trojan://ADasfsaad12.21312%40113.adsaddasds.112321@140.238.14.103:443?flow=xtls-rprx-vision&security=tls&sni=xx.t2.ll.c0.107421.xyz&alpn=h2&fp=firefox&type=http&host=xx.t2.ll.c0.107421.xyz&path=vlh2tokyo2#Oracle-Tokyo-Trojan +vless://0c5741d0-76a9-4945-9c1d-14647afcce24@89.208.251.209:443?encryption=none&flow=xtls-rprx-vision&security=tls&sni=octopus.107421.xyz&alpn=h2&fp=firefox&type=tcp&headerType=none#BanH-LosA-Vless +trojan://Vad3.123acasd-1234-as.dAsd.asdazzS.123@89.208.251.209:443?flow=xtls-rprx-vision&security=tls&sni=xx.l4.cc.nn.107421.xyz&alpn=h2&fp=firefox&type=http&host=xx.l4.cc.nn.107421.xyz&path=status#BanH-LosA-Trojan +trojan://ADaSfsaad12.21312-.1Ac13.adsCCddasds.112321@140.238.14.103:443?flow=xtls-rprx-vision&security=tls&sni=xx.t2.ll.c0.107421.xyz&alpn=h2&fp=firefox&type=http&host=xx.t2.ll.c0.107421.xyz&path=vlh2tokyo2#Oracle-Tokyo-Trojan vless://12491d80-745c-4e26-a58b-edf584afb208@129.146.57.94:443?encryption=none&flow=xtls-rprx-vision&security=tls&sni=zc.p4.cc.xx.107421.xyz&alpn=h2&fp=firefox&type=tcp&headerType=none#Oracle-Pheonix-ARM02-Vless diff --git a/1-代理Xray/XRay-安装脚本/Xray-linux-64-v1.6.0.zip b/1-代理Xray/XRay-安装脚本/Xray-linux-64-v1.6.0.zip deleted file mode 100644 index 5233607..0000000 Binary files a/1-代理Xray/XRay-安装脚本/Xray-linux-64-v1.6.0.zip and /dev/null differ diff --git a/1-代理Xray/XRay-安装脚本/Xray安装脚本.txt b/1-代理Xray/XRay-安装脚本/Xray安装脚本.txt index 5190b4c..c41057d 100644 --- a/1-代理Xray/XRay-安装脚本/Xray安装脚本.txt +++ b/1-代理Xray/XRay-安装脚本/Xray安装脚本.txt @@ -1,2 +1,9 @@ -bash -c "$(curl -L https://github.com/XTLS/Xray-install/raw/main/install-release.sh)" @ install --without-geodata \ No newline at end of file +bash -c "$(curl -L https://github.com/XTLS/Xray-install/raw/main/install-release.sh)" @ install --without-geodata + +sed -i "s/nobody/root/g" /etc/systemd/system/xray.service +systemctl daemon-reload +systemctl restart xray +systemctl enable xray + +journalctl -u xray -n 100 -f \ No newline at end of file diff --git a/1-代理Xray/XRay-安装脚本/xray-install-另外的版本.sh b/1-代理Xray/XRay-安装脚本/xray-install-另外的版本.sh deleted file mode 100644 index 9f8ba9f..0000000 --- a/1-代理Xray/XRay-安装脚本/xray-install-另外的版本.sh +++ /dev/null @@ -1,744 +0,0 @@ -#!/usr/bin/env bash - -#==================================================== -# System Request:Debian 9+/Ubuntu 18.04+/Centos 7+ -# Author: wulabing -# Dscription: Xray onekey Management -# email: admin@wulabing.com -#==================================================== - -export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin -stty erase ^? - -cd "$( - cd "$(dirname "$0")" || exit - pwd -)" || exit - -# 字体颜色配置 -Green="\033[32m" -Red="\033[31m" -Yellow="\033[33m" -Blue="\033[36m" -Font="\033[0m" -GreenBG="\033[42;37m" -RedBG="\033[41;37m" -OK="${Green}[OK]${Font}" -ERROR="${Red}[ERROR]${Font}" - -# 变量 -shell_version="1.3.7" -github_branch="main" -xray_conf_dir="/usr/local/etc/xray" -website_dir="/www/xray_web/" -xray_access_log="/var/log/xray/access.log" -xray_error_log="/var/log/xray/error.log" -cert_dir="/usr/local/etc/xray" -domain_tmp_dir="/usr/local/etc/xray" -cert_group="nobody" -random_num=$((RANDOM % 12 + 4)) - -VERSION=$(echo "${VERSION}" | awk -F "[()]" '{print $2}') -WS_PATH="/$(head -n 10 /dev/urandom | md5sum | head -c ${random_num})/" - -function shell_mode_check() { - if [ -f ${xray_conf_dir}/config.json ]; then - if [ "$(grep -c "wsSettings" ${xray_conf_dir}/config.json)" -ge 1 ]; then - shell_mode="ws" - else - shell_mode="tcp" - fi - else - shell_mode="None" - fi -} -function print_ok() { - echo -e "${OK} ${Blue} $1 ${Font}" -} - -function print_error() { - echo -e "${ERROR} ${RedBG} $1 ${Font}" -} - -function is_root() { - if [[ 0 == "$UID" ]]; then - print_ok "当前用户是 root 用户,开始安装流程" - else - print_error "当前用户不是 root 用户,请切换到 root 用户后重新执行脚本" - exit 1 - fi -} - -judge() { - if [[ 0 -eq $? ]]; then - print_ok "$1 完成" - sleep 1 - else - print_error "$1 失败" - exit 1 - fi -} - -function system_check() { - source '/etc/os-release' - - if [[ "${ID}" == "centos" && ${VERSION_ID} -ge 7 ]]; then - print_ok "当前系统为 Centos ${VERSION_ID} ${VERSION}" - INS="yum install -y" - wget -N -P /etc/yum.repos.d/ https://raw.githubusercontent.com/wulabing/Xray_onekey/${github_branch}/basic/nginx.repo - elif [[ "${ID}" == "ol" ]]; then - print_ok "当前系统为 Oracle Linux ${VERSION_ID} ${VERSION}" - INS="yum install -y" - wget -N -P /etc/yum.repos.d/ https://raw.githubusercontent.com/wulabing/Xray_onekey/${github_branch}/basic/nginx.repo - elif [[ "${ID}" == "debian" && ${VERSION_ID} -ge 9 ]]; then - print_ok "当前系统为 Debian ${VERSION_ID} ${VERSION}" - INS="apt install -y" - # 清除可能的遗留问题 - rm -f /etc/apt/sources.list.d/nginx.list - $INS lsb-release gnupg2 - - echo "deb http://nginx.org/packages/debian $(lsb_release -cs) nginx" >/etc/apt/sources.list.d/nginx.list - curl -fsSL https://nginx.org/keys/nginx_signing.key | apt-key add - - - apt update - elif [[ "${ID}" == "ubuntu" && $(echo "${VERSION_ID}" | cut -d '.' -f1) -ge 18 ]]; then - print_ok "当前系统为 Ubuntu ${VERSION_ID} ${UBUNTU_CODENAME}" - INS="apt install -y" - # 清除可能的遗留问题 - rm -f /etc/apt/sources.list.d/nginx.list - $INS lsb-release gnupg2 - - echo "deb http://nginx.org/packages/ubuntu $(lsb_release -cs) nginx" >/etc/apt/sources.list.d/nginx.list - curl -fsSL https://nginx.org/keys/nginx_signing.key | apt-key add - - apt update - else - print_error "当前系统为 ${ID} ${VERSION_ID} 不在支持的系统列表内" - exit 1 - fi - - if [[ $(grep "nogroup" /etc/group) ]]; then - cert_group="nogroup" - fi - - $INS dbus - - # 关闭各类防火墙 - systemctl stop firewalld - systemctl disable firewalld - systemctl stop nftables - systemctl disable nftables - systemctl stop ufw - systemctl disable ufw -} - -function nginx_install() { - if ! command -v nginx >/dev/null 2>&1; then - ${INS} nginx - judge "Nginx 安装" - else - print_ok "Nginx 已存在" - ${INS} nginx - fi - # 遗留问题处理 - mkdir -p /etc/nginx/conf.d >/dev/null 2>&1 -} -function dependency_install() { - ${INS} wget lsof tar - judge "安装 wget lsof tar" - - if [[ "${ID}" == "centos" || "${ID}" == "ol" ]]; then - ${INS} crontabs - else - ${INS} cron - fi - judge "安装 crontab" - - if [[ "${ID}" == "centos" || "${ID}" == "ol" ]]; then - touch /var/spool/cron/root && chmod 600 /var/spool/cron/root - systemctl start crond && systemctl enable crond - else - touch /var/spool/cron/crontabs/root && chmod 600 /var/spool/cron/crontabs/root - systemctl start cron && systemctl enable cron - - fi - judge "crontab 自启动配置 " - - ${INS} unzip - judge "安装 unzip" - - ${INS} curl - judge "安装 curl" - - # upgrade systemd - ${INS} systemd - judge "安装/升级 systemd" - - # Nginx 后置 无需编译 不再需要 - # if [[ "${ID}" == "centos" || "${ID}" == "ol" ]]; then - # yum -y groupinstall "Development tools" - # else - # ${INS} build-essential - # fi - # judge "编译工具包 安装" - - if [[ "${ID}" == "centos" ]]; then - ${INS} pcre pcre-devel zlib-devel epel-release openssl openssl-devel - elif [[ "${ID}" == "ol" ]]; then - ${INS} pcre pcre-devel zlib-devel openssl openssl-devel - # Oracle Linux 不同日期版本的 VERSION_ID 比较乱 直接暴力处理 - yum-config-manager --enable ol7_developer_EPEL >/dev/null 2>&1 - yum-config-manager --enable ol8_developer_EPEL >/dev/null 2>&1 - else - ${INS} libpcre3 libpcre3-dev zlib1g-dev openssl libssl-dev - fi - - ${INS} jq - - if ! command -v jq; then - wget -P /usr/bin https://raw.githubusercontent.com/wulabing/Xray_onekey/${github_branch}/binary/jq && chmod +x /usr/bin/jq - judge "安装 jq" - fi - - # 防止部分系统xray的默认bin目录缺失 - mkdir /usr/local/bin >/dev/null 2>&1 -} - -function basic_optimization() { - # 最大文件打开数 - sed -i '/^\*\ *soft\ *nofile\ *[[:digit:]]*/d' /etc/security/limits.conf - sed -i '/^\*\ *hard\ *nofile\ *[[:digit:]]*/d' /etc/security/limits.conf - echo '* soft nofile 65536' >>/etc/security/limits.conf - echo '* hard nofile 65536' >>/etc/security/limits.conf - - # 关闭 Selinux - if [[ "${ID}" == "centos" || "${ID}" == "ol" ]]; then - sed -i 's/^SELINUX=.*/SELINUX=disabled/' /etc/selinux/config - setenforce 0 - fi -} -function domain_check() { - read -rp "请输入你的域名信息(eg: www.wulabing.com):" domain - domain_ip=$(ping "${domain}" -c 1 | sed '1{s/[^(]*(//;s/).*//;q}') - print_ok "正在获取 IP 地址信息,请耐心等待" - local_ip=$(curl -4L api64.ipify.org) - echo -e "域名通过 DNS 解析的 IP 地址:${domain_ip}" - echo -e "本机公网 IP 地址: ${local_ip}" - sleep 2 - if [[ ${domain_ip} == "${local_ip}" ]]; then - print_ok "域名通过 DNS 解析的 IP 地址与 本机 IP 地址匹配" - sleep 2 - else - print_error "请确保域名添加了正确的 A 记录,否则将无法正常使用 xray" - print_error "域名通过 DNS 解析的 IP 地址与 本机 IP 地址不匹配,是否继续安装?(y/n)" && read -r install - case $install in - [yY][eE][sS] | [yY]) - print_ok "继续安装" - sleep 2 - ;; - *) - print_error "安装终止" - exit 2 - ;; - esac - fi -} - -function port_exist_check() { - if [[ 0 -eq $(lsof -i:"$1" | grep -i -c "listen") ]]; then - print_ok "$1 端口未被占用" - sleep 1 - else - print_error "检测到 $1 端口被占用,以下为 $1 端口占用信息" - lsof -i:"$1" - print_error "5s 后将尝试自动 kill 占用进程" - sleep 5 - lsof -i:"$1" | awk '{print $2}' | grep -v "PID" | xargs kill -9 - print_ok "kill 完成" - sleep 1 - fi -} -function update_sh() { - ol_version=$(curl -L -s https://raw.githubusercontent.com/wulabing/Xray_onekey/${github_branch}/install.sh | grep "shell_version=" | head -1 | awk -F '=|"' '{print $3}') - if [[ "$shell_version" != "$(echo -e "$shell_version\n$ol_version" | sort -rV | head -1)" ]]; then - print_ok "存在新版本,是否更新 [Y/N]?" - read -r update_confirm - case $update_confirm in - [yY][eE][sS] | [yY]) - wget -N --no-check-certificate https://raw.githubusercontent.com/wulabing/Xray_onekey/${github_branch}/install.sh - print_ok "更新完成" - print_ok "您可以通过 bash $0 执行本程序" - exit 0 - ;; - *) ;; - esac - else - print_ok "当前版本为最新版本" - print_ok "您可以通过 bash $0 执行本程序" - fi -} - -function xray_tmp_config_file_check_and_use() { - if [[ -s ${xray_conf_dir}/config_tmp.json ]]; then - mv -f ${xray_conf_dir}/config_tmp.json ${xray_conf_dir}/config.json - else - print_error "xray 配置文件修改异常" - fi -} - -function modify_UUID() { - [ -z "$UUID" ] && UUID=$(cat /proc/sys/kernel/random/uuid) - cat ${xray_conf_dir}/config.json | jq 'setpath(["inbounds",0,"settings","clients",0,"id"];"'${UUID}'")' >${xray_conf_dir}/config_tmp.json - xray_tmp_config_file_check_and_use - judge "Xray TCP UUID 修改" -} - -function modify_UUID_ws() { - cat ${xray_conf_dir}/config.json | jq 'setpath(["inbounds",1,"settings","clients",0,"id"];"'${UUID}'")' >${xray_conf_dir}/config_tmp.json - xray_tmp_config_file_check_and_use - judge "Xray ws UUID 修改" -} - -function modify_fallback_ws() { - cat ${xray_conf_dir}/config.json | jq 'setpath(["inbounds",0,"settings","fallbacks",2,"path"];"'${WS_PATH}'")' >${xray_conf_dir}/config_tmp.json - xray_tmp_config_file_check_and_use - judge "Xray fallback_ws 修改" -} - -function modify_ws() { - cat ${xray_conf_dir}/config.json | jq 'setpath(["inbounds",1,"streamSettings","wsSettings","path"];"'${WS_PATH}'")' >${xray_conf_dir}/config_tmp.json - xray_tmp_config_file_check_and_use - judge "Xray ws 修改" -} - -function configure_nginx() { - nginx_conf="/etc/nginx/conf.d/${domain}.conf" - cd /etc/nginx/conf.d/ && rm -f ${domain}.conf && wget -O ${domain}.conf https://raw.githubusercontent.com/wulabing/Xray_onekey/${github_branch}/config/web.conf - sed -i "s/xxx/${domain}/g" ${nginx_conf} - judge "Nginx config modify" - - systemctl restart nginx -} - -function modify_port() { - read -rp "请输入端口号(默认:443):" PORT - [ -z "$PORT" ] && PORT="443" - if [[ $PORT -le 0 ]] || [[ $PORT -gt 65535 ]]; then - print_error "请输入 0-65535 之间的值" - exit 1 - fi - port_exist_check $PORT - cat ${xray_conf_dir}/config.json | jq 'setpath(["inbounds",0,"port"];'${PORT}')' >${xray_conf_dir}/config_tmp.json - xray_tmp_config_file_check_and_use - judge "Xray 端口 修改" -} - -function configure_xray() { - cd /usr/local/etc/xray && rm -f config.json && wget -O config.json https://raw.githubusercontent.com/wulabing/Xray_onekey/${github_branch}/config/xray_xtls-rprx-direct.json - modify_UUID - modify_port -} - -function configure_xray_ws() { - cd /usr/local/etc/xray && rm -f config.json && wget -O config.json https://raw.githubusercontent.com/wulabing/Xray_onekey/${github_branch}/config/xray_tls_ws_mix-rprx-direct.json - modify_UUID - modify_UUID_ws - modify_port - modify_fallback_ws - modify_ws -} - -function xray_install() { - print_ok "安装 Xray" - curl -L https://github.com/XTLS/Xray-install/raw/main/install-release.sh | bash -s -- install - judge "Xray 安装" - - # 用于生成 Xray 的导入链接 - echo $domain >$domain_tmp_dir/domain - judge "域名记录" -} - -function ssl_install() { - # 使用 Nginx 配合签发 无需安装相关依赖 - # if [[ "${ID}" == "centos" || "${ID}" == "ol" ]]; then - # ${INS} socat nc - # else - # ${INS} socat netcat - # fi - # judge "安装 SSL 证书生成脚本依赖" - - curl -L get.acme.sh | bash - judge "安装 SSL 证书生成脚本" -} - -function acme() { - "$HOME"/.acme.sh/acme.sh --set-default-ca --server letsencrypt - - sed -i "6s/^/#/" "$nginx_conf" - sed -i "6a\\\troot $website_dir;" "$nginx_conf" - systemctl restart nginx - - if "$HOME"/.acme.sh/acme.sh --issue -d "${domain}" --webroot "$website_dir" -k ec-256 --force; then - print_ok "SSL 证书生成成功" - sleep 2 - if "$HOME"/.acme.sh/acme.sh --installcert -d "${domain}" --fullchainpath /ssl/xray.crt --keypath /ssl/xray.key --reloadcmd "systemctl restart xray" --ecc --force; then - print_ok "SSL 证书配置成功" - sleep 2 - fi - else - print_error "SSL 证书生成失败" - rm -rf "$HOME/.acme.sh/${domain}_ecc" - exit 1 - fi - - sed -i "7d" "$nginx_conf" - sed -i "6s/#//" "$nginx_conf" -} - -function ssl_judge_and_install() { - - mkdir -p /ssl >/dev/null 2>&1 - if [[ -f "/ssl/xray.key" || -f "/ssl/xray.crt" ]]; then - print_ok "/ssl 目录下证书文件已存在" - print_ok "是否删除 /ssl 目录下的证书文件 [Y/N]?" - read -r ssl_delete - case $ssl_delete in - [yY][eE][sS] | [yY]) - rm -rf /ssl/* - print_ok "已删除" - ;; - *) ;; - - esac - fi - - if [[ -f "/ssl/xray.key" || -f "/ssl/xray.crt" ]]; then - echo "证书文件已存在" - elif [[ -f "$HOME/.acme.sh/${domain}_ecc/${domain}.key" && -f "$HOME/.acme.sh/${domain}_ecc/${domain}.cer" ]]; then - echo "证书文件已存在" - "$HOME"/.acme.sh/acme.sh --installcert -d "${domain}" --fullchainpath /ssl/xray.crt --keypath /ssl/xray.key --ecc - judge "证书应用" - else - mkdir /ssl - cp -a $cert_dir/self_signed_cert.pem /ssl/xray.crt - cp -a $cert_dir/self_signed_key.pem /ssl/xray.key - ssl_install - acme - fi - - # Xray 默认以 nobody 用户运行,证书权限适配 - chown -R nobody.$cert_group /ssl/* -} - -function generate_certificate() { - signedcert=$(xray tls cert -domain="$local_ip" -name="$local_ip" -org="$local_ip" -expire=87600h) - echo $signedcert | jq '.certificate[]' | sed 's/\"//g' | tee $cert_dir/self_signed_cert.pem - echo $signedcert | jq '.key[]' | sed 's/\"//g' >$cert_dir/self_signed_key.pem - openssl x509 -in $cert_dir/self_signed_cert.pem -noout || 'print_error "生成自签名证书失败" && exit 1' - print_ok "生成自签名证书成功" - chown nobody.$cert_group $cert_dir/self_signed_cert.pem - chown nobody.$cert_group $cert_dir/self_signed_key.pem -} - -function configure_web() { - rm -rf /www/xray_web - mkdir -p /www/xray_web - wget -O web.tar.gz https://raw.githubusercontent.com/wulabing/Xray_onekey/main/basic/web.tar.gz - tar xzf web.tar.gz -C /www/xray_web - judge "站点伪装" - rm -f web.tar.gz -} - -function xray_uninstall() { - curl -L https://github.com/XTLS/Xray-install/raw/main/install-release.sh | bash -s -- remove --purge - rm -rf $website_dir - print_ok "是否卸载nginx [Y/N]?" - read -r uninstall_nginx - case $uninstall_nginx in - [yY][eE][sS] | [yY]) - if [[ "${ID}" == "centos" || "${ID}" == "ol" ]]; then - yum remove nginx -y - else - apt purge nginx -y - fi - ;; - *) ;; - esac - print_ok "是否卸载acme.sh [Y/N]?" - read -r uninstall_acme - case $uninstall_acme in - [yY][eE][sS] | [yY]) - /root/.acme.sh/acme.sh --uninstall - rm -rf /root/.acme.sh - rm -rf /ssl/ - ;; - *) ;; - esac - print_ok "卸载完成" - exit 0 -} - -function restart_all() { - systemctl restart nginx - judge "Nginx 启动" - systemctl restart xray - judge "Xray 启动" -} - -function vless_xtls-rprx-direct_link() { - UUID=$(cat ${xray_conf_dir}/config.json | jq .inbounds[0].settings.clients[0].id | tr -d '"') - PORT=$(cat ${xray_conf_dir}/config.json | jq .inbounds[0].port) - FLOW=$(cat ${xray_conf_dir}/config.json | jq .inbounds[0].settings.clients[0].flow | tr -d '"') - DOMAIN=$(cat ${domain_tmp_dir}/domain) - - print_ok "URL 链接(VLESS + TCP + TLS)" - print_ok "vless://$UUID@$DOMAIN:$PORT?security=tls&flow=$FLOW#TLS_wulabing-$DOMAIN" - - print_ok "URL 链接(VLESS + TCP + XTLS)" - print_ok "vless://$UUID@$DOMAIN:$PORT?security=xtls&flow=$FLOW#XTLS_wulabing-$DOMAIN" - print_ok "-------------------------------------------------" - print_ok "URL 二维码(VLESS + TCP + TLS)(请在浏览器中访问)" - print_ok "https://api.qrserver.com/v1/create-qr-code/?size=400x400&data=vless://$UUID@$DOMAIN:$PORT?security=tls%26flow=$FLOW%23TLS_wulabing-$DOMAIN" - - print_ok "URL 二维码(VLESS + TCP + XTLS)(请在浏览器中访问)" - print_ok "https://api.qrserver.com/v1/create-qr-code/?size=400x400&data=vless://$UUID@$DOMAIN:$PORT?security=xtls%26flow=$FLOW%23XTLS_wulabing-$DOMAIN" -} - -function vless_xtls-rprx-direct_information() { - UUID=$(cat ${xray_conf_dir}/config.json | jq .inbounds[0].settings.clients[0].id | tr -d '"') - PORT=$(cat ${xray_conf_dir}/config.json | jq .inbounds[0].port) - FLOW=$(cat ${xray_conf_dir}/config.json | jq .inbounds[0].settings.clients[0].flow | tr -d '"') - DOMAIN=$(cat ${domain_tmp_dir}/domain) - - echo -e "${Red} Xray 配置信息 ${Font}" - echo -e "${Red} 地址(address):${Font} $DOMAIN" - echo -e "${Red} 端口(port):${Font} $PORT" - echo -e "${Red} 用户 ID(UUID):${Font} $UUID" - echo -e "${Red} 流控(flow):${Font} $FLOW" - echo -e "${Red} 加密方式(security):${Font} none " - echo -e "${Red} 传输协议(network):${Font} tcp " - echo -e "${Red} 伪装类型(type):${Font} none " - echo -e "${Red} 底层传输安全:${Font} xtls 或 tls" -} - -function ws_information() { - UUID=$(cat ${xray_conf_dir}/config.json | jq .inbounds[0].settings.clients[0].id | tr -d '"') - PORT=$(cat ${xray_conf_dir}/config.json | jq .inbounds[0].port) - FLOW=$(cat ${xray_conf_dir}/config.json | jq .inbounds[0].settings.clients[0].flow | tr -d '"') - WS_PATH=$(cat ${xray_conf_dir}/config.json | jq .inbounds[0].settings.fallbacks[2].path | tr -d '"') - DOMAIN=$(cat ${domain_tmp_dir}/domain) - - echo -e "${Red} Xray 配置信息 ${Font}" - echo -e "${Red} 地址(address):${Font} $DOMAIN" - echo -e "${Red} 端口(port):${Font} $PORT" - echo -e "${Red} 用户 ID(UUID):${Font} $UUID" - echo -e "${Red} 加密方式(security):${Font} none " - echo -e "${Red} 传输协议(network):${Font} ws " - echo -e "${Red} 伪装类型(type):${Font} none " - echo -e "${Red} 路径(path):${Font} $WS_PATH " - echo -e "${Red} 底层传输安全:${Font} tls " -} - -function ws_link() { - UUID=$(cat ${xray_conf_dir}/config.json | jq .inbounds[0].settings.clients[0].id | tr -d '"') - PORT=$(cat ${xray_conf_dir}/config.json | jq .inbounds[0].port) - FLOW=$(cat ${xray_conf_dir}/config.json | jq .inbounds[0].settings.clients[0].flow | tr -d '"') - WS_PATH=$(cat ${xray_conf_dir}/config.json | jq .inbounds[0].settings.fallbacks[2].path | tr -d '"') - WS_PATH_WITHOUT_SLASH=$(echo $WS_PATH | tr -d '/') - DOMAIN=$(cat ${domain_tmp_dir}/domain) - - print_ok "URL 链接(VLESS + TCP + TLS)" - print_ok "vless://$UUID@$DOMAIN:$PORT?security=tls#TLS_wulabing-$DOMAIN" - - print_ok "URL 链接(VLESS + TCP + XTLS)" - print_ok "vless://$UUID@$DOMAIN:$PORT?security=xtls&flow=$FLOW#XTLS_wulabing-$DOMAIN" - - print_ok "URL 链接(VLESS + WebSocket + TLS)" - print_ok "vless://$UUID@$DOMAIN:$PORT?type=ws&security=tls&path=%2f${WS_PATH_WITHOUT_SLASH}%2f#WS_TLS_wulabing-$DOMAIN" - print_ok "-------------------------------------------------" - print_ok "URL 二维码(VLESS + TCP + TLS)(请在浏览器中访问)" - print_ok "https://api.qrserver.com/v1/create-qr-code/?size=400x400&data=vless://$UUID@$DOMAIN:$PORT?security=tls%23TLS_wulabing-$DOMAIN" - - print_ok "URL 二维码(VLESS + TCP + XTLS)(请在浏览器中访问)" - print_ok "https://api.qrserver.com/v1/create-qr-code/?size=400x400&data=vless://$UUID@$DOMAIN:$PORT?security=xtls%26flow=$FLOW%23XTLS_wulabing-$DOMAIN" - - print_ok "URL 二维码(VLESS + WebSocket + TLS)(请在浏览器中访问)" - print_ok "https://api.qrserver.com/v1/create-qr-code/?size=400x400&data=vless://$UUID@$DOMAIN:$PORT?type=ws%26security=tls%26path=%2f${WS_PATH_WITHOUT_SLASH}%2f%23WS_TLS_wulabing-$DOMAIN" -} - -function basic_information() { - print_ok "VLESS+TCP+XTLS+Nginx 安装成功" - vless_xtls-rprx-direct_information - vless_xtls-rprx-direct_link -} - -function basic_ws_information() { - print_ok "VLESS+TCP+TLS+Nginx with WebSocket 混合模式 安装成功" - ws_information - print_ok "————————————————————————" - vless_xtls-rprx-direct_information - ws_link -} - -function show_access_log() { - [ -f ${xray_access_log} ] && tail -f ${xray_access_log} || echo -e "${RedBG}log文件不存在${Font}" -} - -function show_error_log() { - [ -f ${xray_error_log} ] && tail -f ${xray_error_log} || echo -e "${RedBG}log文件不存在${Font}" -} - -function bbr_boost_sh() { - [ -f "tcp.sh" ] && rm -rf ./tcp.sh - wget -N --no-check-certificate "https://raw.githubusercontent.com/ylx2016/Linux-NetSpeed/master/tcp.sh" && chmod +x tcp.sh && ./tcp.sh -} - -function mtproxy_sh() { - wget -N --no-check-certificate "https://github.com/wulabing/mtp/raw/master/mtproxy.sh" && chmod +x mtproxy.sh && bash mtproxy.sh -} - -function install_xray() { - is_root - system_check - dependency_install - basic_optimization - domain_check - port_exist_check 80 - xray_install - configure_xray - nginx_install - configure_nginx - configure_web - generate_certificate - ssl_judge_and_install - restart_all - basic_information -} -function install_xray_ws() { - is_root - system_check - dependency_install - basic_optimization - domain_check - port_exist_check 80 - xray_install - configure_xray_ws - nginx_install - configure_nginx - configure_web - generate_certificate - ssl_judge_and_install - restart_all - basic_ws_information -} -menu() { - #update_sh - shell_mode_check - echo -e "\t Xray 安装管理脚本 ${Red}[${shell_version}]${Font}" - echo -e "\t---authored by wulabing---" - echo -e "\thttps://github.com/wulabing\n" - - echo -e "当前已安装版本:${shell_mode}" - echo -e "—————————————— 安装向导 ——————————————""" - echo -e "${Green}0.${Font} 升级 脚本" - echo -e "${Green}1.${Font} 安装 Xray (VLESS + TCP + XTLS / TLS + Nginx)" - echo -e "${Green}2.${Font} 安装 Xray (VLESS + TCP + XTLS / TLS + Nginx 及 VLESS + TCP + TLS + Nginx + WebSocket 回落并存模式)" - echo -e "—————————————— 配置变更 ——————————————" - echo -e "${Green}11.${Font} 变更 UUID" - echo -e "${Green}13.${Font} 变更 连接端口" - echo -e "${Green}14.${Font} 变更 WebSocket PATH" - echo -e "—————————————— 查看信息 ——————————————" - echo -e "${Green}21.${Font} 查看 实时访问日志" - echo -e "${Green}22.${Font} 查看 实时错误日志" - echo -e "${Green}23.${Font} 查看 Xray 配置链接" - # echo -e "${Green}23.${Font} 查看 V2Ray 配置信息" - echo -e "—————————————— 其他选项 ——————————————" - echo -e "${Green}31.${Font} 安装 4 合 1 BBR、锐速安装脚本" - echo -e "${Yellow}32.${Font} 安装 MTproxy(不推荐使用,请相关用户关闭或卸载)" - echo -e "${Green}33.${Font} 卸载 Xray" - echo -e "${Green}34.${Font} 更新 Xray-core" - echo -e "${Green}35.${Font} 安装 Xray-core 测试版(Pre)" - echo -e "${Green}36.${Font} 手动更新SSL证书" - echo -e "${Green}40.${Font} 退出" - read -rp "请输入数字:" menu_num - case $menu_num in - 0) - update_sh - ;; - 1) - install_xray - ;; - 2) - install_xray_ws - ;; - 11) - read -rp "请输入UUID:" UUID - if [[ ${shell_mode} == "tcp" ]]; then - modify_UUID - elif [[ ${shell_mode} == "ws" ]]; then - modify_UUID - modify_UUID_ws - fi - restart_all - ;; - 13) - modify_port - restart_all - ;; - 14) - if [[ ${shell_mode} == "ws" ]]; then - read -rp "请输入路径(示例:/wulabing/ 要求两侧都包含/):" WS_PATH - modify_fallback_ws - modify_ws - restart_all - else - print_error "当前模式不是Websocket模式" - fi - ;; - 21) - tail -f $xray_access_log - ;; - 22) - tail -f $xray_error_log - ;; - 23) - if [[ -f $xray_conf_dir/config.json ]]; then - if [[ ${shell_mode} == "tcp" ]]; then - basic_information - elif [[ ${shell_mode} == "ws" ]]; then - basic_ws_information - fi - else - print_error "xray 配置文件不存在" - fi - ;; - 31) - bbr_boost_sh - ;; - 32) - mtproxy_sh - ;; - 33) - source '/etc/os-release' - xray_uninstall - ;; - 34) - bash -c "$(curl -L https://github.com/XTLS/Xray-install/raw/main/install-release.sh)" - install - restart_all - ;; - 35) - bash -c "$(curl -L https://github.com/XTLS/Xray-install/raw/main/install-release.sh)" - install --beta - restart_all - ;; - 36) - "/root/.acme.sh"/acme.sh --cron --home "/root/.acme.sh" - restart_all - ;; - 40) - exit 0 - ;; - *) - print_error "请输入正确的数字" - ;; - esac -} -menu "$@" diff --git a/1-代理Xray/XRay-安装脚本/官方Xray安装脚本-2022-10-21.sh b/1-代理Xray/XRay-安装脚本/官方Xray安装脚本-2022-10-21.sh deleted file mode 100644 index 03b9be4..0000000 --- a/1-代理Xray/XRay-安装脚本/官方Xray安装脚本-2022-10-21.sh +++ /dev/null @@ -1,911 +0,0 @@ -#!/usr/bin/env bash - -# The files installed by the script conform to the Filesystem Hierarchy Standard: -# https://wiki.linuxfoundation.org/lsb/fhs - -# The URL of the script project is: -# https://github.com/XTLS/Xray-install - -# The URL of the scraaaaaipt is: -# https://raw.githubusercontent.com/XTLS/Xray-install/main/install-release.sh - -# If the script executes incorrectly, go to: -# https://github.com/XTLS/Xray-install/issues - -# You can set this variable whatever you want in shell session right before running this script by issuing: -# export DAT_PATH='/usr/local/share/xray' -DAT_PATH=${DAT_PATH:-/usr/local/share/xray} - -# You can set this variable whatever you want in shell session right before running this script by issuing: -# export JSON_PATH='/usr/local/etc/xray' -JSON_PATH=${JSON_PATH:-/usr/local/etc/xray} - -# Set this variable only if you are starting xray with multiple configuration files: -# export JSONS_PATH='/usr/local/etc/xray' - -# Set this variable only if you want this script to check all the systemd unit file: -# export check_all_service_files='yes' - -# Gobal verbals - -if [[ -f '/etc/systemd/system/xray.service' ]] && [[ -f '/usr/local/bin/xray' ]]; then - XRAY_IS_INSTALLED_BEFORE_RUNNING_SCRIPT=1 -else - XRAY_IS_INSTALLED_BEFORE_RUNNING_SCRIPT=0 -fi - -# Xray current version -CURRENT_VERSION='' - -# Xray latest release version -RELEASE_LATEST='' - -# Xray latest prerelease/release version -PRE_RELEASE_LATEST='' - -# Xray version will be installed -INSTALL_VERSION='' - -# install -INSTALL='0' - -# install-geodata -INSTALL_GEODATA='0' - -# remove -REMOVE='0' - -# help -HELP='0' - -# check -CHECK='0' - -# --force -FORCE='0' - -# --beta -BETA='0' - -# --install-user ? -INSTALL_USER='' - -# --without-geodata -NO_GEODATA='0' - -# --without-logfiles -NO_LOGFILES='0' - -# --no-update-service -N_UP_SERVICE='0' - -# --reinstall -REINSTALL='0' - -# --version ? -SPECIFIED_VERSION='' - -# --local ? -LOCAL_FILE='' - -# --proxy ? -PROXY='' - -# --purge -PURGE='0' - -curl() { - $(type -P curl) -L -q --retry 5 --retry-delay 10 --retry-max-time 60 "$@" -} - -systemd_cat_config() { - if systemd-analyze --help | grep -qw 'cat-config'; then - systemd-analyze --no-pager cat-config "$@" - echo - else - echo "${aoi}~~~~~~~~~~~~~~~~" - cat "$@" "$1".d/* - echo "${aoi}~~~~~~~~~~~~~~~~" - echo "${red}warning: ${green}The systemd version on the current operating system is too low." - echo "${red}warning: ${green}Please consider to upgrade the systemd or the operating system.${reset}" - echo - fi -} - -check_if_running_as_root() { - # If you want to run as another user, please modify $EUID to be owned by this user - if [[ "$EUID" -ne '0' ]]; then - echo "error: You must run this script as root!" - exit 1 - fi -} - -identify_the_operating_system_and_architecture() { - if [[ "$(uname)" == 'Linux' ]]; then - case "$(uname -m)" in - 'i386' | 'i686') - MACHINE='32' - ;; - 'amd64' | 'x86_64') - MACHINE='64' - ;; - 'armv5tel') - MACHINE='arm32-v5' - ;; - 'armv6l') - MACHINE='arm32-v6' - grep Features /proc/cpuinfo | grep -qw 'vfp' || MACHINE='arm32-v5' - ;; - 'armv7' | 'armv7l') - MACHINE='arm32-v7a' - grep Features /proc/cpuinfo | grep -qw 'vfp' || MACHINE='arm32-v5' - ;; - 'armv8' | 'aarch64') - MACHINE='arm64-v8a' - ;; - 'mips') - MACHINE='mips32' - ;; - 'mipsle') - MACHINE='mips32le' - ;; - 'mips64') - MACHINE='mips64' - lscpu | grep -q "Little Endian" && MACHINE='mips64le' - ;; - 'mips64le') - MACHINE='mips64le' - ;; - 'ppc64') - MACHINE='ppc64' - ;; - 'ppc64le') - MACHINE='ppc64le' - ;; - 'riscv64') - MACHINE='riscv64' - ;; - 's390x') - MACHINE='s390x' - ;; - *) - echo "error: The architecture is not supported." - exit 1 - ;; - esac - if [[ ! -f '/etc/os-release' ]]; then - echo "error: Don't use outdated Linux distributions." - exit 1 - fi - # Do not combine this judgment condition with the following judgment condition. - ## Be aware of Linux distribution like Gentoo, which kernel supports switch between Systemd and OpenRC. - if [[ -f /.dockerenv ]] || grep -q 'docker\|lxc' /proc/1/cgroup && [[ "$(type -P systemctl)" ]]; then - true - elif [[ -d /run/systemd/system ]] || grep -q systemd <(ls -l /sbin/init); then - true - else - echo "error: Only Linux distributions using systemd are supported." - exit 1 - fi - if [[ "$(type -P apt)" ]]; then - PACKAGE_MANAGEMENT_INSTALL='apt -y --no-install-recommends install' - PACKAGE_MANAGEMENT_REMOVE='apt purge' - package_provide_tput='ncurses-bin' - elif [[ "$(type -P dnf)" ]]; then - PACKAGE_MANAGEMENT_INSTALL='dnf -y install' - PACKAGE_MANAGEMENT_REMOVE='dnf remove' - package_provide_tput='ncurses' - elif [[ "$(type -P yum)" ]]; then - PACKAGE_MANAGEMENT_INSTALL='yum -y install' - PACKAGE_MANAGEMENT_REMOVE='yum remove' - package_provide_tput='ncurses' - elif [[ "$(type -P zypper)" ]]; then - PACKAGE_MANAGEMENT_INSTALL='zypper install -y --no-recommends' - PACKAGE_MANAGEMENT_REMOVE='zypper remove' - package_provide_tput='ncurses-utils' - elif [[ "$(type -P pacman)" ]]; then - PACKAGE_MANAGEMENT_INSTALL='pacman -Syu --noconfirm' - PACKAGE_MANAGEMENT_REMOVE='pacman -Rsn' - package_provide_tput='ncurses' - elif [[ "$(type -P emerge)" ]]; then - PACKAGE_MANAGEMENT_INSTALL='emerge -v' - PACKAGE_MANAGEMENT_REMOVE='emerge -Cv' - package_provide_tput='ncurses' - else - echo "error: The script does not support the package manager in this operating system." - exit 1 - fi - else - echo "error: This operating system is not supported." - exit 1 - fi -} - -## Demo function for processing parameters -judgment_parameters() { - local local_install='0' - local temp_version='0' - while [[ "$#" -gt '0' ]]; do - case "$1" in - 'install') - INSTALL='1' - ;; - 'install-geodata') - INSTALL_GEODATA='1' - ;; - 'remove') - REMOVE='1' - ;; - 'help') - HELP='1' - ;; - 'check') - CHECK='1' - ;; - '--without-geodata') - NO_GEODATA='1' - ;; - '--without-logfiles') - NO_LOGFILES='1' - ;; - '--purge') - PURGE='1' - ;; - '--version') - if [[ -z "$2" ]]; then - echo "error: Please specify the correct version." - exit 1 - fi - temp_version='1' - SPECIFIED_VERSION="$2" - shift - ;; - '-f' | '--force') - FORCE='1' - ;; - '--beta') - BETA='1' - ;; - '-l' | '--local') - local_install='1' - if [[ -z "$2" ]]; then - echo "error: Please specify the correct local file." - exit 1 - fi - LOCAL_FILE="$2" - shift - ;; - '-p' | '--proxy') - if [[ -z "$2" ]]; then - echo "error: Please specify the proxy server address." - exit 1 - fi - PROXY="$2" - shift - ;; - '-u' | '--install-user') - if [[ -z "$2" ]]; then - echo "error: Please specify the install user.}" - exit 1 - fi - INSTALL_USER="$2" - shift - ;; - '--reinstall') - REINSTALL='1' - ;; - '--no-update-service') - N_UP_SERVICE='1' - ;; - *) - echo "$0: unknown option -- -" - exit 1 - ;; - esac - shift - done - if ((INSTALL+INSTALL_GEODATA+HELP+CHECK+REMOVE==0)); then - INSTALL='1' - elif ((INSTALL+INSTALL_GEODATA+HELP+CHECK+REMOVE>1)); then - echo 'You can only choose one action.' - exit 1 - fi - if [[ "$INSTALL" -eq '1' ]] && ((temp_version+local_install+REINSTALL+BETA>1)); then - echo "--version,--reinstall,--beta and --local can't be used together." - exit 1 - fi -} - -check_install_user() { - if [[ -z "$INSTALL_USER" ]]; then - if [[ -f '/usr/local/bin/xray' ]]; then - INSTALL_USER="$(grep '^[ '$'\t]*User[ '$'\t]*=' /etc/systemd/system/xray.service | tail -n 1 | awk -F = '{print $2}' | awk '{print $1}')" - if [[ -z "$INSTALL_USER" ]]; then - INSTALL_USER='root' - fi - else - INSTALL_USER='nobody' - fi - fi - if ! id $INSTALL_USER > /dev/null 2>&1; then - echo "the user '$INSTALL_USER' is not effective" - exit 1 - fi - INSTALL_USER_UID="$(id -u $INSTALL_USER)" - INSTALL_USER_GID="$(id -g $INSTALL_USER)" -} - -install_software() { - package_name="$1" - file_to_detect="$2" - type -P "$file_to_detect" > /dev/null 2>&1 && return - if ${PACKAGE_MANAGEMENT_INSTALL} "$package_name"; then - echo "info: $package_name is installed." - else - echo "error: Installation of $package_name failed, please check your network." - exit 1 - fi -} - -get_current_version() { - # Get the CURRENT_VERSION - if [[ -f '/usr/local/bin/xray' ]]; then - CURRENT_VERSION="$(/usr/local/bin/xray -version | awk 'NR==1 {print $2}')" - CURRENT_VERSION="v${CURRENT_VERSION#v}" - else - CURRENT_VERSION="" - fi -} - -get_latest_version() { - # Get Xray latest release version number - local tmp_file - tmp_file="$(mktemp)" - if ! curl -x "${PROXY}" -sS -H "Accept: application/vnd.github.v3+json" -o "$tmp_file" 'https://api.github.com/repos/XTLS/Xray-core/releases/latest'; then - "rm" "$tmp_file" - echo 'error: Failed to get release list, please check your network.' - exit 1 - fi - RELEASE_LATEST="$(sed 'y/,/\n/' "$tmp_file" | grep 'tag_name' | awk -F '"' '{print $4}')" - if [[ -z "$RELEASE_LATEST" ]]; then - if grep -q "API rate limit exceeded" "$tmp_file"; then - echo "error: github API rate limit exceeded" - else - echo "error: Failed to get the latest release version." - echo "Welcome bug report:https://github.com/XTLS/Xray-install/issues" - fi - "rm" "$tmp_file" - exit 1 - fi - "rm" "$tmp_file" - RELEASE_LATEST="v${RELEASE_LATEST#v}" - if ! curl -x "${PROXY}" -sS -H "Accept: application/vnd.github.v3+json" -o "$tmp_file" 'https://api.github.com/repos/XTLS/Xray-core/releases'; then - "rm" "$tmp_file" - echo 'error: Failed to get release list, please check your network.' - exit 1 - fi - local releases_list - releases_list=($(sed 'y/,/\n/' "$tmp_file" | grep 'tag_name' | awk -F '"' '{print $4}')) - if [[ "${#releases_list[@]}" -eq '0' ]]; then - if grep -q "API rate limit exceeded" "$tmp_file"; then - echo "error: github API rate limit exceeded" - else - echo "error: Failed to get the latest release version." - echo "Welcome bug report:https://github.com/XTLS/Xray-install/issues" - fi - "rm" "$tmp_file" - exit 1 - fi - local i - for i in ${!releases_list[@]} - do - releases_list[$i]="v${releases_list[$i]#v}" - grep -q "https://github.com/XTLS/Xray-core/releases/download/${releases_list[$i]}/Xray-linux-$MACHINE.zip" "$tmp_file" && break - done - "rm" "$tmp_file" - PRE_RELEASE_LATEST="${releases_list[$i]}" -} - -version_gt() { - # compare two version - # 0: $1 > $2 - # 1: $1 <= $2 - - if [[ "$1" != "$2" ]]; then - local temp_1_version_number="${1#v}" - local temp_1_major_version_number="${temp_1_version_number%%.*}" - local temp_1_minor_version_number - temp_1_minor_version_number="$(echo "$temp_1_version_number" | awk -F '.' '{print $2}')" - local temp_1_minimunm_version_number="${temp_1_version_number##*.}" - # shellcheck disable=SC2001 - local temp_2_version_number="${2#v}" - local temp_2_major_version_number="${temp_2_version_number%%.*}" - local temp_2_minor_version_number - temp_2_minor_version_number="$(echo "$temp_2_version_number" | awk -F '.' '{print $2}')" - local temp_2_minimunm_version_number="${temp_2_version_number##*.}" - if [[ "$temp_1_major_version_number" -gt "$temp_2_major_version_number" ]]; then - return 0 - elif [[ "$temp_1_major_version_number" -eq "$temp_2_major_version_number" ]]; then - if [[ "$temp_1_minor_version_number" -gt "$temp_2_minor_version_number" ]]; then - return 0 - elif [[ "$temp_1_minor_version_number" -eq "$temp_2_minor_version_number" ]]; then - if [[ "$temp_1_minimunm_version_number" -gt "$temp_2_minimunm_version_number" ]]; then - return 0 - else - return 1 - fi - else - return 1 - fi - else - return 1 - fi - elif [[ "$1" == "$2" ]]; then - return 1 - fi -} - -download_xray() { - DOWNLOAD_LINK="https://github.com/XTLS/Xray-core/releases/download/$INSTALL_VERSION/Xray-linux-$MACHINE.zip" - echo "Downloading Xray archive: $DOWNLOAD_LINK" - if ! curl -x "${PROXY}" -R -H 'Cache-Control: no-cache' -o "$ZIP_FILE" "$DOWNLOAD_LINK"; then - echo 'error: Download failed! Please check your network or try again.' - return 1 - fi - return 0 - echo "Downloading verification file for Xray archive: $DOWNLOAD_LINK.dgst" - if ! curl -x "${PROXY}" -sSR -H 'Cache-Control: no-cache' -o "$ZIP_FILE.dgst" "$DOWNLOAD_LINK.dgst"; then - echo 'error: Download failed! Please check your network or try again.' - return 1 - fi - if [[ "$(cat "$ZIP_FILE".dgst)" == 'Not Found' ]]; then - echo 'error: This version does not support verification. Please replace with another version.' - return 1 - fi - - # Verification of Xray archive - for LISTSUM in 'md5' 'sha1' 'sha256' 'sha512'; do - SUM="$(${LISTSUM}sum "$ZIP_FILE" | sed 's/ .*//')" - CHECKSUM="$(grep ${LISTSUM^^} "$ZIP_FILE".dgst | grep "$SUM" -o -a | uniq)" - if [[ "$SUM" != "$CHECKSUM" ]]; then - echo 'error: Check failed! Please check your network or try again.' - return 1 - fi - done -} - -decompression() { - if ! unzip -q "$1" -d "$TMP_DIRECTORY"; then - echo 'error: Xray decompression failed.' - "rm" -r "$TMP_DIRECTORY" - echo "removed: $TMP_DIRECTORY" - exit 1 - fi - echo "info: Extract the Xray package to $TMP_DIRECTORY and prepare it for installation." -} - -install_file() { - NAME="$1" - if [[ "$NAME" == 'xray' ]]; then - install -m 755 "${TMP_DIRECTORY}/$NAME" "/usr/local/bin/$NAME" - elif [[ "$NAME" == 'geoip.dat' ]] || [[ "$NAME" == 'geosite.dat' ]]; then - install -m 644 "${TMP_DIRECTORY}/$NAME" "${DAT_PATH}/$NAME" - fi -} - -install_xray() { - # Install Xray binary to /usr/local/bin/ and $DAT_PATH - install_file xray - # If the file exists, geoip.dat and geosite.dat will not be installed or updated - if [[ "$NO_GEODATA" -eq '0' ]] && [[ ! -f "${DAT_PATH}/.undat" ]]; then - install -d "$DAT_PATH" - install_file geoip.dat - install_file geosite.dat - GEODATA='1' - fi - - # Install Xray configuration file to $JSON_PATH - # shellcheck disable=SC2153 - if [[ -z "$JSONS_PATH" ]] && [[ ! -d "$JSON_PATH" ]]; then - install -d "$JSON_PATH" - echo "{}" > "${JSON_PATH}/config.json" - CONFIG_NEW='1' - fi - - # Install Xray configuration file to $JSONS_PATH - if [[ -n "$JSONS_PATH" ]] && [[ ! -d "$JSONS_PATH" ]]; then - install -d "$JSONS_PATH" - for BASE in 00_log 01_api 02_dns 03_routing 04_policy 05_inbounds 06_outbounds 07_transport 08_stats 09_reverse; do - echo '{}' > "${JSONS_PATH}/${BASE}.json" - done - CONFDIR='1' - fi - - # Used to store Xray log files - if [[ "$NO_LOGFILES" -eq '0' ]]; then - if [[ ! -d '/var/log/xray/' ]]; then - install -d -m 700 -o "$INSTALL_USER_UID" -g "$INSTALL_USER_GID" /var/log/xray/ - install -m 600 -o "$INSTALL_USER_UID" -g "$INSTALL_USER_GID" /dev/null /var/log/xray/access.log - install -m 600 -o "$INSTALL_USER_UID" -g "$INSTALL_USER_GID" /dev/null /var/log/xray/error.log - LOG='1' - else - chown -R "$INSTALL_USER_UID:$INSTALL_USER_GID" /var/log/xray/ - fi - fi -} - -install_startup_service_file() { - mkdir -p '/etc/systemd/system/xray.service.d' - mkdir -p '/etc/systemd/system/xray@.service.d/' - local temp_CapabilityBoundingSet="CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE" - local temp_AmbientCapabilities="AmbientCapabilities=CAP_NET_ADMIN CAP_NET_BIND_SERVICE" - local temp_NoNewPrivileges="NoNewPrivileges=true" - if [[ "$INSTALL_USER_UID" -eq '0' ]]; then - temp_CapabilityBoundingSet="#${temp_CapabilityBoundingSet}" - temp_AmbientCapabilities="#${temp_AmbientCapabilities}" - temp_NoNewPrivileges="#${temp_NoNewPrivileges}" - fi -cat > /etc/systemd/system/xray.service << EOF -[Unit] -Description=Xray Service -Documentation=https://github.com/xtls -After=network.target nss-lookup.target - -[Service] -User=$INSTALL_USER -${temp_CapabilityBoundingSet} -${temp_AmbientCapabilities} -${temp_NoNewPrivileges} -ExecStart=/usr/local/bin/xray run -config /usr/local/etc/xray/config.json -Restart=on-failure -RestartPreventExitStatus=23 -LimitNPROC=10000 -LimitNOFILE=1000000 - -[Install] -WantedBy=multi-user.target -EOF -cat > /etc/systemd/system/xray@.service < \ - '/etc/systemd/system/xray@.service.d/10-donot_touch_multi_conf.conf' - else - "rm" '/etc/systemd/system/xray.service.d/10-donot_touch_multi_conf.conf' \ - '/etc/systemd/system/xray@.service.d/10-donot_touch_multi_conf.conf' - echo "# In case you have a good reason to do so, duplicate this file in the same directory and make your customizes there. -# Or all changes you made will be lost! # Refer: https://www.freedesktop.org/software/systemd/man/systemd.unit.html -[Service] -ExecStart= -ExecStart=/usr/local/bin/xray run -config ${JSON_PATH}/config.json" > \ - '/etc/systemd/system/xray.service.d/10-donot_touch_single_conf.conf' - echo "# In case you have a good reason to do so, duplicate this file in the same directory and make your customizes there. -# Or all changes you made will be lost! # Refer: https://www.freedesktop.org/software/systemd/man/systemd.unit.html -[Service] -ExecStart= -ExecStart=/usr/local/bin/xray run -config ${JSON_PATH}/%i.json" > \ - '/etc/systemd/system/xray@.service.d/10-donot_touch_single_conf.conf' - fi - echo "info: Systemd service files have been installed successfully!" - echo "${red}warning: ${green}The following are the actual parameters for the xray service startup." - echo "${red}warning: ${green}Please make sure the configuration file path is correctly set.${reset}" - systemd_cat_config /etc/systemd/system/xray.service - # shellcheck disable=SC2154 - if [[ x"${check_all_service_files:0:1}" = x'y' ]]; then - echo - echo - systemd_cat_config /etc/systemd/system/xray@.service - fi - systemctl daemon-reload - SYSTEMD='1' -} - -start_xray() { - if [[ -f '/etc/systemd/system/xray.service' ]]; then - systemctl start "${XRAY_CUSTOMIZE:-xray}" - sleep 1s - if systemctl -q is-active "${XRAY_CUSTOMIZE:-xray}"; then - echo 'info: Start the Xray service.' - else - echo 'error: Failed to start Xray service.' - exit 1 - fi - fi -} - -stop_xray() { - XRAY_CUSTOMIZE="$(systemctl list-units | grep 'xray@' | awk -F ' ' '{print $1}')" - if [[ -z "$XRAY_CUSTOMIZE" ]]; then - local xray_daemon_to_stop='xray.service' - else - local xray_daemon_to_stop="$XRAY_CUSTOMIZE" - fi - if ! systemctl stop "$xray_daemon_to_stop"; then - echo 'error: Stopping the Xray service failed.' - exit 1 - fi - echo 'info: Stop the Xray service.' -} - -install_geodata() { - download_geodata() { - if ! curl -x "${PROXY}" -R -H 'Cache-Control: no-cache' -o "${dir_tmp}/${2}" "${1}"; then - echo 'error: Download failed! Please check your network or try again.' - exit 1 - fi - if ! curl -x "${PROXY}" -R -H 'Cache-Control: no-cache' -o "${dir_tmp}/${2}.sha256sum" "${1}.sha256sum"; then - echo 'error: Download failed! Please check your network or try again.' - exit 1 - fi - } - local download_link_geoip="https://github.com/v2fly/geoip/releases/latest/download/geoip.dat" - local download_link_geosite="https://github.com/v2fly/domain-list-community/releases/latest/download/dlc.dat" - local file_ip='geoip.dat' - local file_dlc='dlc.dat' - local file_site='geosite.dat' - local dir_tmp - dir_tmp="$(mktemp -d)" - [[ "$XRAY_IS_INSTALLED_BEFORE_RUNNING_SCRIPT" -eq '0' ]] && echo "warning: Xray was not installed" - download_geodata $download_link_geoip $file_ip - download_geodata $download_link_geosite $file_dlc - cd "${dir_tmp}" || exit - for i in "${dir_tmp}"/*.sha256sum; do - if ! sha256sum -c "${i}"; then - echo 'error: Check failed! Please check your network or try again.' - exit 1 - fi - done - cd - > /dev/null - install -d "$DAT_PATH" - install -m 644 "${dir_tmp}"/${file_dlc} "${DAT_PATH}"/${file_site} - install -m 644 "${dir_tmp}"/${file_ip} "${DAT_PATH}"/${file_ip} - rm -r "${dir_tmp}" - exit 0 -} - -check_update() { - if [[ "$XRAY_IS_INSTALLED_BEFORE_RUNNING_SCRIPT" -eq '1' ]]; then - get_current_version - echo "info: The current version of Xray is $CURRENT_VERSION ." - else - echo 'warning: Xray is not installed.' - fi - get_latest_version - echo "info: The latest release version of Xray is $RELEASE_LATEST ." - echo "info: The latest pre-release/release version of Xray is $PRE_RELEASE_LATEST ." - exit 0 -} - -remove_xray() { - if systemctl list-unit-files | grep -qw 'xray'; then - if [[ -n "$(pidof xray)" ]]; then - stop_xray - fi - local delete_files=('/usr/local/bin/xray' '/etc/systemd/system/xray.service' '/etc/systemd/system/xray@.service' '/etc/systemd/system/xray.service.d' '/etc/systemd/system/xray@.service.d') - [[ -d "$DAT_PATH" ]] && delete_files+=("$DAT_PATH") - if [[ "$PURGE" -eq '1' ]]; then - if [[ -z "$JSONS_PATH" ]]; then - delete_files+=("$JSON_PATH") - else - delete_files+=("$JSONS_PATH") - fi - [[ -d '/var/log/xray' ]] && delete_files+=('/var/log/xray') - fi - systemctl disable xray - if ! ("rm" -r "${delete_files[@]}"); then - echo 'error: Failed to remove Xray.' - exit 1 - else - for i in ${!delete_files[@]} - do - echo "removed: ${delete_files[$i]}" - done - systemctl daemon-reload - echo "You may need to execute a command to remove dependent software: $PACKAGE_MANAGEMENT_REMOVE curl unzip" - echo 'info: Xray has been removed.' - if [[ "$PURGE" -eq '0' ]]; then - echo 'info: If necessary, manually delete the configuration and log files.' - if [[ -n "$JSONS_PATH" ]]; then - echo "info: e.g., $JSONS_PATH and /var/log/xray/ ..." - else - echo "info: e.g., $JSON_PATH and /var/log/xray/ ..." - fi - fi - exit 0 - fi - else - echo 'error: Xray is not installed.' - exit 1 - fi -} - -# Explanation of parameters in the script -show_help() { - echo "usage: $0 ACTION [OPTION]..." - echo - echo 'ACTION:' - echo ' install Install/Update Xray' - echo ' install-geodata Install/Update geoip.dat and geosite.dat only' - echo ' remove Remove Xray' - echo ' help Show help' - echo ' check Check if Xray can be updated' - echo 'If no action is specified, then install will be selected' - echo - echo 'OPTION:' - echo ' install:' - echo ' --version Install the specified version of Xray, e.g., --version v1.0.0' - echo ' -f, --force Force install even though the versions are same' - echo ' --beta Install the pre-release version if it is exist' - echo ' -l, --local Install Xray from a local file' - echo ' -p, --proxy Download through a proxy server, e.g., -p http://127.0.0.1:8118 or -p socks5://127.0.0.1:1080' - echo ' -u, --install-user Install Xray in specified user, e.g, -u root' - echo ' --reinstall Reinstall current Xray version' - echo " --no-update-service Don't change service files if they are exist" - echo " --without-geodata Don't install/update geoip.dat and geosite.dat" - echo " --without-logfiles Don't install /var/log/xray" - echo ' install-geodata:' - echo ' -p, --proxy Download through a proxy server' - echo ' remove:' - echo ' --purge Remove all the Xray files, include logs, configs, etc' - echo ' check:' - echo ' -p, --proxy Check new version through a proxy server' - exit 0 -} - -main() { - check_if_running_as_root - identify_the_operating_system_and_architecture - judgment_parameters "$@" - - install_software "$package_provide_tput" 'tput' - red=$(tput setaf 1) - green=$(tput setaf 2) - aoi=$(tput setaf 6) - reset=$(tput sgr0) - - # Parameter information - [[ "$HELP" -eq '1' ]] && show_help - [[ "$CHECK" -eq '1' ]] && check_update - [[ "$REMOVE" -eq '1' ]] && remove_xray - [[ "$INSTALL_GEODATA" -eq '1' ]] && install_geodata - - # Check if the user is effective - check_install_user - - # Two very important variables - TMP_DIRECTORY="$(mktemp -d)" - ZIP_FILE="${TMP_DIRECTORY}/Xray-linux-$MACHINE.zip" - - # Install Xray from a local file, but still need to make sure the network is available - if [[ -n "$LOCAL_FILE" ]]; then - echo 'warn: Install Xray from a local file, but still need to make sure the network is available.' - echo -n 'warn: Please make sure the file is valid because we cannot confirm it. (Press any key) ...' - read -r - install_software 'unzip' 'unzip' - decompression "$LOCAL_FILE" - else - get_current_version - if [[ "$REINSTALL" -eq '1' ]]; then - if [[ -z "$CURRENT_VERSION" ]]; then - echo "error: Xray is not installed" - exit 1 - fi - INSTALL_VERSION="$CURRENT_VERSION" - echo "info: Reinstalling Xray $CURRENT_VERSION" - elif [[ -n "$SPECIFIED_VERSION" ]]; then - SPECIFIED_VERSION="v${SPECIFIED_VERSION#v}" - if [[ "$CURRENT_VERSION" == "$SPECIFIED_VERSION" ]] && [[ "$FORCE" -eq '0' ]]; then - echo "info: The current version is same as the specified version. The version is $CURRENT_VERSION ." - exit 0 - fi - INSTALL_VERSION="$SPECIFIED_VERSION" - echo "info: Installing specified Xray version $INSTALL_VERSION for $(uname -m)" - else - install_software 'curl' 'curl' - get_latest_version - if [[ "$BETA" -eq '0' ]]; then - INSTALL_VERSION="$RELEASE_LATEST" - else - INSTALL_VERSION="$PRE_RELEASE_LATEST" - fi - if ! version_gt "$INSTALL_VERSION" "$CURRENT_VERSION" && [[ "$FORCE" -eq '0' ]]; then - echo "info: No new version. The current version of Xray is $CURRENT_VERSION ." - exit 0 - fi - echo "info: Installing Xray $INSTALL_VERSION for $(uname -m)" - fi - install_software 'curl' 'curl' - install_software 'unzip' 'unzip' - if ! download_xray; then - "rm" -r "$TMP_DIRECTORY" - echo "removed: $TMP_DIRECTORY" - exit 1 - fi - decompression "$ZIP_FILE" - fi - - # Determine if Xray is running - if systemctl list-unit-files | grep -qw 'xray'; then - if [[ -n "$(pidof xray)" ]]; then - stop_xray - XRAY_RUNNING='1' - fi - fi - install_xray - ([[ "$N_UP_SERVICE" -eq '1' ]] && [[ -f '/etc/systemd/system/xray.service' ]]) || install_startup_service_file - echo 'installed: /usr/local/bin/xray' - # If the file exists, the content output of installing or updating geoip.dat and geosite.dat will not be displayed - if [[ "$GEODATA" -eq '1' ]]; then - echo "installed: ${DAT_PATH}/geoip.dat" - echo "installed: ${DAT_PATH}/geosite.dat" - fi - if [[ "$CONFIG_NEW" -eq '1' ]]; then - echo "installed: ${JSON_PATH}/config.json" - fi - if [[ "$CONFDIR" -eq '1' ]]; then - echo "installed: ${JSON_PATH}/00_log.json" - echo "installed: ${JSON_PATH}/01_api.json" - echo "installed: ${JSON_PATH}/02_dns.json" - echo "installed: ${JSON_PATH}/03_routing.json" - echo "installed: ${JSON_PATH}/04_policy.json" - echo "installed: ${JSON_PATH}/05_inbounds.json" - echo "installed: ${JSON_PATH}/06_outbounds.json" - echo "installed: ${JSON_PATH}/07_transport.json" - echo "installed: ${JSON_PATH}/08_stats.json" - echo "installed: ${JSON_PATH}/09_reverse.json" - fi - if [[ "$LOG" -eq '1' ]]; then - echo 'installed: /var/log/xray/' - echo 'installed: /var/log/xray/access.log' - echo 'installed: /var/log/xray/error.log' - fi - if [[ "$SYSTEMD" -eq '1' ]]; then - echo 'installed: /etc/systemd/system/xray.service' - echo 'installed: /etc/systemd/system/xray@.service' - fi - "rm" -r "$TMP_DIRECTORY" - echo "removed: $TMP_DIRECTORY" - get_current_version - echo "info: Xray $CURRENT_VERSION is installed." - echo "You may need to execute a command to remove dependent software: $PACKAGE_MANAGEMENT_REMOVE curl unzip" - if [[ "$XRAY_IS_INSTALLED_BEFORE_RUNNING_SCRIPT" -eq '1' ]] && [[ "$FORCE" -eq '0' ]] && [[ "$REINSTALL" -eq '0' ]]; then - [[ "$XRAY_RUNNING" -eq '1' ]] && start_xray - else - systemctl start xray - systemctl enable xray - sleep 1s - if systemctl -q is-active xray; then - echo "info: Enable and start the Xray service" - else - echo "warning: Failed to enable and start the Xray service" - fi - fi -} - -main "$@" \ No newline at end of file diff --git a/1-代理Xray/sync-proxy-config.sh b/1-代理Xray/sync-proxy-config.sh new file mode 100644 index 0000000..b4a8d7b --- /dev/null +++ b/1-代理Xray/sync-proxy-config.sh @@ -0,0 +1,29 @@ +#!/bin/bash + +ooss_dest_list=(tc-sh seoul-1) +ooss_dest_list=(seoul-1) + + +function set_oss_alias() +{ + # /usr/local/bin/mc alias set local http://10.250.0.100:9000 cmii B#923fC7mk +# /usr/local/bin/mc alias set tc-sh http://42.192.52.227:9000 cmii B#923fC7mk + /usr/local/bin/mc alias set seoul-1 https://cnk8d6fazu16.compat.objectstorage.ap-seoul-1.oraclecloud.com aed62d24d85e2da809ce02bf272420ba4ed74820 rQdEcn69K049+JkA1IGoQmC1k8zma8zfWvZvVS0h144= +} + +function do_sync(){ + + for dest in ${ooss_dest_list[@]};do + echo "[do_sync] - start to sync to $dest" + /usr/local/bin/mc cp /root/wddproject/shell-scripts/1-代理Xray/98-subscribe-clash.yaml ${dest}/seoul/ + /usr/local/bin/mc cp /root/wddproject/shell-scripts/1-代理Xray/99-subscribe-octopus-latest.txt ${dest}/seoul/ + echo "[do_sync] - end to sync to $dest" + echo "" + done +} + +set_oss_alias +do_sync + +echo "[sync-proxy-config] - done !" + diff --git a/2-NGINX相关/107421.xyz/21-申请证书.sh b/2-NGINX相关/107421.xyz/21-申请证书.sh index 13ca214..dbcbc88 100644 --- a/2-NGINX相关/107421.xyz/21-申请证书.sh +++ b/2-NGINX相关/107421.xyz/21-申请证书.sh @@ -6,6 +6,8 @@ export DOMAIN_NAME=octopus.107421.xyz export DOMAIN_NAME=xx.t2.ll.c0.107421.xyz export DOMAIN_NAME=zc.p4.cc.xx.107421.xyz +export DOMAIN_NAME=bingo.107421.xyz + export CF_Token="oXJRP5XI8Zhipa_PtYtB_jy6qWL0I9BosrJEYE8p" export CF_Account_ID="dfaadeb83406ef5ad35da02617af9191" export CF_Zone_ID="511894a4f1357feb905e974e16241ebb" diff --git a/2-NGINX相关/107421.xyz/Seoul-Arm-01/push.107421.xyz.conf b/2-NGINX相关/107421.xyz/Seoul-Arm-01/push.107421.xyz.conf new file mode 100644 index 0000000..d52c679 --- /dev/null +++ b/2-NGINX相关/107421.xyz/Seoul-Arm-01/push.107421.xyz.conf @@ -0,0 +1,31 @@ +server { + listen 5004 ssl http2; + server_name push.107421.xyz; + + ssl_session_timeout 1d; + ssl_session_cache shared:MozSSL:10m; # about 40000 sessions + ssl_session_tickets off; + ssl_protocols TLSv1.2 TLSv1.3; + ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384; + ssl_prefer_server_ciphers off; + + ssl_certificate /etc/nginx/conf.d/ssl_key/push.107421.xyz.cert.pem; + ssl_certificate_key /etc/nginx/conf.d/ssl_key/push.107421.xyz.key.pem; + + location / { + + proxy_http_version 1.1; + + proxy_set_header Host $http_host; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + + proxy_connect_timeout 3m; + proxy_send_timeout 3m; + proxy_read_timeout 3m; + + client_max_body_size 0; # Stream request body to backend + proxy_pass http://129.146.65.80:8800; + } +} \ No newline at end of file diff --git a/2-NGINX相关/107421.xyz/Seoul-Arm-01/push.107421.xyz.conf_back b/2-NGINX相关/107421.xyz/Seoul-Arm-01/push.107421.xyz.conf_back new file mode 100644 index 0000000..0bb89b5 --- /dev/null +++ b/2-NGINX相关/107421.xyz/Seoul-Arm-01/push.107421.xyz.conf_back @@ -0,0 +1,54 @@ +server { + listen 80; + server_name push.107421.xyz; + + location / { + return 302 https://$http_host$request_uri$is_args$query_string; + + proxy_pass http://129.146.65.80:8800; + proxy_http_version 1.1; + + proxy_set_header Host $http_host; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + + proxy_connect_timeout 3m; + proxy_send_timeout 3m; + proxy_read_timeout 3m; + + client_max_body_size 0; # Stream request body to backend + } +} + +server { + listen 443 ssl http2; + server_name push.107421.xyz; + + ssl_session_timeout 1d; + ssl_session_cache shared:MozSSL:10m; # about 40000 sessions + ssl_session_tickets off; + ssl_protocols TLSv1.2 TLSv1.3; + ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384; + ssl_prefer_server_ciphers off; + + ssl_certificate /etc/nginx/conf.d/ssl_key/push.107421.xyz.cert.pem; + ssl_certificate_key /etc/nginx/conf.d/ssl_key/push.107421.xyz.key.pem; + + location / { + + proxy_http_version 1.1; + + proxy_set_header Host $http_host; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + + proxy_connect_timeout 3m; + proxy_send_timeout 3m; + proxy_read_timeout 3m; + + client_max_body_size 0; # Stream request body to backend + proxy_pass http://129.146.65.80:8800; + } +} \ No newline at end of file diff --git a/3-wdd初始化/dep/octopus-offline-nginx.conf b/3-wdd初始化-OSS/dep/octopus-offline-nginx.conf similarity index 100% rename from 3-wdd初始化/dep/octopus-offline-nginx.conf rename to 3-wdd初始化-OSS/dep/octopus-offline-nginx.conf diff --git a/3-wdd初始化/dep/octopus_ssh_banner b/3-wdd初始化-OSS/dep/octopus_ssh_banner similarity index 100% rename from 3-wdd初始化/dep/octopus_ssh_banner rename to 3-wdd初始化-OSS/dep/octopus_ssh_banner diff --git a/3-wdd初始化/dep/oh-my-zsh-plugins-list.txt b/3-wdd初始化-OSS/dep/oh-my-zsh-plugins-list.txt similarity index 100% rename from 3-wdd初始化/dep/oh-my-zsh-plugins-list.txt rename to 3-wdd初始化-OSS/dep/oh-my-zsh-plugins-list.txt diff --git a/3-wdd初始化/dep/ssh_key_pub.txt b/3-wdd初始化-OSS/dep/ssh_key_pub.txt similarity index 100% rename from 3-wdd初始化/dep/ssh_key_pub.txt rename to 3-wdd初始化-OSS/dep/ssh_key_pub.txt diff --git a/3-wdd初始化/dep/wdd-server-host.txt b/3-wdd初始化-OSS/dep/wdd-server-host.txt similarity index 86% rename from 3-wdd初始化/dep/wdd-server-host.txt rename to 3-wdd初始化-OSS/dep/wdd-server-host.txt index c030e37..0f31d1e 100644 --- a/3-wdd初始化/dep/wdd-server-host.txt +++ b/3-wdd初始化-OSS/dep/wdd-server-host.txt @@ -39,3 +39,11 @@ 114.117.165.222 tc-cd 89.208.251.209 los-1 + +45.134.50.233 de-1 + +158.180.57.125 frankfurt-1 f1 + +158.180.27.191 frankfurt-2 f2 + + diff --git a/3-wdd初始化/init-script-wdd.sh b/3-wdd初始化-OSS/init-script-wdd.sh similarity index 99% rename from 3-wdd初始化/init-script-wdd.sh rename to 3-wdd初始化-OSS/init-script-wdd.sh index 5ee6c5f..7728024 100644 --- a/3-wdd初始化/init-script-wdd.sh +++ b/3-wdd初始化-OSS/init-script-wdd.sh @@ -28,6 +28,7 @@ is_install_zsh=0 is_install_host=0 is_modify_ssh_login=0 is_modify_ssh_port=0 +is_set_security=0 is_install_agent=0 is_update_agent=0 is_remove_agent=0 @@ -79,6 +80,7 @@ help() { --time 是否配置时间同步 --ssh-login 修改ssh的登录密钥 --ssh-port 修改ssh的登录端口 端口 + --security 设置主机的安全性,ssh黑名单 --agent-install 安装 Octopus-Agent --agent-install 更新 Octopus-Agent @@ -119,6 +121,9 @@ while [[ $# -gt 0 ]]; do --docker-compose) is_install_docker_compose=1 ;; + --security) + is_set_security=1 + ;; --zsh) is_install_zsh=1 ;; @@ -489,6 +494,10 @@ install_docker_compose() { FunctionEnd } +set_system_security(){ + +} + ####################################### # description # Globals: @@ -1332,6 +1341,10 @@ main() { install_docker_compose fi + if [[ $is_set_security -eq 1 ]]; then + set_system_security + fi + if [[ $is_install_agent -eq 1 ]]; then # 安装agent install_octopus_agent diff --git a/3-wdd初始化/lib/wdd-lib-clean.sh b/3-wdd初始化-OSS/lib/wdd-lib-clean.sh similarity index 100% rename from 3-wdd初始化/lib/wdd-lib-clean.sh rename to 3-wdd初始化-OSS/lib/wdd-lib-clean.sh diff --git a/3-wdd初始化/lib/wdd-lib-env.sh b/3-wdd初始化-OSS/lib/wdd-lib-env.sh similarity index 100% rename from 3-wdd初始化/lib/wdd-lib-env.sh rename to 3-wdd初始化-OSS/lib/wdd-lib-env.sh diff --git a/3-wdd初始化/lib/wdd-lib-file.sh b/3-wdd初始化-OSS/lib/wdd-lib-file.sh similarity index 100% rename from 3-wdd初始化/lib/wdd-lib-file.sh rename to 3-wdd初始化-OSS/lib/wdd-lib-file.sh diff --git a/3-wdd初始化/lib/wdd-lib-log.sh b/3-wdd初始化-OSS/lib/wdd-lib-log.sh similarity index 100% rename from 3-wdd初始化/lib/wdd-lib-log.sh rename to 3-wdd初始化-OSS/lib/wdd-lib-log.sh diff --git a/3-wdd初始化/lib/wdd-lib-sys.sh b/3-wdd初始化-OSS/lib/wdd-lib-sys.sh similarity index 100% rename from 3-wdd初始化/lib/wdd-lib-sys.sh rename to 3-wdd初始化-OSS/lib/wdd-lib-sys.sh diff --git a/3-wdd初始化/mid-script.sh b/3-wdd初始化-OSS/mid-script.sh similarity index 100% rename from 3-wdd初始化/mid-script.sh rename to 3-wdd初始化-OSS/mid-script.sh diff --git a/3-wdd初始化/sync-base-script.ps1 b/3-wdd初始化-OSS/sync-base-script.ps1 similarity index 100% rename from 3-wdd初始化/sync-base-script.ps1 rename to 3-wdd初始化-OSS/sync-base-script.ps1 diff --git a/3-wdd初始化-OSS/初始化脚本使用方法.txt b/3-wdd初始化-OSS/初始化脚本使用方法.txt new file mode 100644 index 0000000..08b118d --- /dev/null +++ b/3-wdd初始化-OSS/初始化脚本使用方法.txt @@ -0,0 +1,7 @@ + +# 本目录下的全部文件都会被上传到OSS中 + +# linux使用 +bash <(curl -sSL http://oss-s1.107421.xyz/init-script-wdd.sh) --help + +bash <(curl -sSL http://oss-s1.107421.xyz/init-script-wdd.sh) --tools --host --time --ssh-login --ssh-port 22333 --zsh diff --git a/4-初始化/oracle-移除Agent.sh b/4-初始化/oracle-移除Agent.sh new file mode 100644 index 0000000..1128e91 --- /dev/null +++ b/4-初始化/oracle-移除Agent.sh @@ -0,0 +1,42 @@ +#!/bin/bash + +function StopFirewallReleated() +{ + systemctl stop netfilter-persistent.service + systemctl disable netfilter-persistent.service + + systemctl stop firewalld + systemctl disable firewalld + + systemctl stop ufw + systemctl disable ufw + + + systemctl stop systemd-resolved + systemctl disable systemd-resolved + + echo " +nameserver 1.1.1.1 +nameserver 8.8.8.8 +nameserver 4.2.2.2" > /etc/resolv.conf + + iptables -F && iptables -t nat -F && iptables -t mangle -F && iptables -t raw -F + ip6tables -F && ip6tables -t nat -F && ip6tables -t mangle -F && ip6tables -t raw -F +} + + + +function RemoveOracleAgent() +{ + # 完全移除 oracle-cloud-agent + snap remove oracle-cloud-agent + snap remove oracle-cloud-agent-updater + + systemctl stop oracle-cloud-agent + systemctl disable oracle-cloud-agent + systemctl stop oracle-cloud-agent-updater + systemctl disable oracle-cloud-agent-updater + +} + + diff --git a/4-初始化/snap-完全移除.sh b/4-初始化/snap-完全移除.sh new file mode 100644 index 0000000..c6e166d --- /dev/null +++ b/4-初始化/snap-完全移除.sh @@ -0,0 +1,30 @@ +#!/bin/bash + +# 确保以 root 用户运行 +if [ "$EUID" -ne 0 ] + then echo "请以 root 用户或使用 sudo 运行此脚本" + exit +fi + +# 停止 snap 服务 +systemctl stop snapd.service + +# 卸载所有 snap 包 +for snap in $(snap list | awk '{print $1}' | tail -n +2); do + snap remove $snap --purge +done + +# 移除 snapd 包 +apt purge snapd -y + +# 清理 snapd 的残留文件 +rm -rf /var/cache/snapd/ +rm -rf /var/snap/ +rm -rf /var/lib/snapd/ +rm -rf /snap/ +rm -rf ~/.snap/ + +# 更新软件包列表 +apt update + +echo "Snap 和 snapd 已被移除。请注意,这可能会影响某些程序的功能。" \ No newline at end of file diff --git a/Untitled-1.sh b/Untitled-1.sh deleted file mode 100644 index 0535e3b..0000000 --- a/Untitled-1.sh +++ /dev/null @@ -1,53 +0,0 @@ -#! /bin/bash - - -systemctl stop netclient - -systemctl disable netclient - -rm -rf /etc/systemd/system/netclient.service -rm -rf /etc/netclient/config - -/usr/local/bin/k3s-uninstall.sh -/usr/local/bin/k3s-agent-uninstall.sh - -apt remove -y wireguard wireguard-tools -rm -rf /root/k3s-install/ -ifconfig wg0-oracle down - -apt autoremove -y - -ifconfig - -systemctl stop systemd-resolved.service && systemctl disable systemd-resolved.service -systemctl stop netfilter-persistent.service && systemctl disable netfilter-persistent.service - - -rm /etc/resolv.conf -cat > /etc/resolv.conf<