From f02d26b32e5bb0b6b56e19342ec31972c606ea60 Mon Sep 17 00:00:00 2001 From: zeaslity Date: Wed, 13 Sep 2023 10:23:30 +0800 Subject: [PATCH] =?UTF-8?q?=E6=96=B0=E5=A2=9Ehysteria=E9=83=A8=E5=88=86?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../Root/Default Group/directory.json | 9 + .fastRequest/collections/Root/directory.json | 9 + Hysteria/Misaka的Hysteria的安装脚本.sh | 520 ++++++++++++++++ Hysteria/hysteria证书申请.sh | 22 + Hysteria/客户端配置.yaml | 31 + Hysteria/服务端配置.yaml | 29 + Hysteria/需要配合iptables使用.txt | 12 + .../Seoul4实际使用的Xray配置.json | 588 ++++++++++++------ .../v2ray-Socks5/socks-http-代理服务器.json | 31 + 9 files changed, 1065 insertions(+), 186 deletions(-) create mode 100644 .fastRequest/collections/Root/Default Group/directory.json create mode 100644 .fastRequest/collections/Root/directory.json create mode 100644 Hysteria/Misaka的Hysteria的安装脚本.sh create mode 100644 Hysteria/hysteria证书申请.sh create mode 100644 Hysteria/客户端配置.yaml create mode 100644 Hysteria/服务端配置.yaml create mode 100644 Hysteria/需要配合iptables使用.txt create mode 100644 v2ray示例/v2ray-Socks5/socks-http-代理服务器.json diff --git a/.fastRequest/collections/Root/Default Group/directory.json b/.fastRequest/collections/Root/Default Group/directory.json new file mode 100644 index 0000000..46dee2f --- /dev/null +++ b/.fastRequest/collections/Root/Default Group/directory.json @@ -0,0 +1,9 @@ +{ + "description":"", + "directory":"~.fastRequest~collections~Root~Default Group", + "filePath":"~.fastRequest~collections~Root~Default Group~", + "groupId":"1", + "id":"1", + "name":"Default Group", + "type":1 +} \ No newline at end of file diff --git a/.fastRequest/collections/Root/directory.json b/.fastRequest/collections/Root/directory.json new file mode 100644 index 0000000..a2102fe --- /dev/null +++ b/.fastRequest/collections/Root/directory.json @@ -0,0 +1,9 @@ +{ + "description":"", + "directory":"~.fastRequest~collections~Root", + "filePath":"~.fastRequest~collections~Root~", + "groupId":"-1", + "id":"0", + "name":"Root", + "type":1 +} \ No newline at end of file diff --git a/Hysteria/Misaka的Hysteria的安装脚本.sh b/Hysteria/Misaka的Hysteria的安装脚本.sh new file mode 100644 index 0000000..ab3d3c7 --- /dev/null +++ b/Hysteria/Misaka的Hysteria的安装脚本.sh @@ -0,0 +1,520 @@ +#!/bin/bash + +export LANG=en_US.UTF-8 + +RED="\033[31m" +GREEN="\033[32m" +YELLOW="\033[33m" +PLAIN="\033[0m" + +red(){ + echo -e "\033[31m\033[01m$1\033[0m" +} + +green(){ + echo -e "\033[32m\033[01m$1\033[0m" +} + +yellow(){ + echo -e "\033[33m\033[01m$1\033[0m" +} + +# 判断系统及定义系统安装依赖方式 +REGEX=("debian" "ubuntu" "centos|red hat|kernel|oracle linux|alma|rocky" "'amazon linux'" "fedora") +RELEASE=("Debian" "Ubuntu" "CentOS" "CentOS" "Fedora") +PACKAGE_UPDATE=("apt-get update" "apt-get update" "yum -y update" "yum -y update" "yum -y update") +PACKAGE_INSTALL=("apt -y install" "apt -y install" "yum -y install" "yum -y install" "yum -y install") +PACKAGE_REMOVE=("apt -y remove" "apt -y remove" "yum -y remove" "yum -y remove" "yum -y remove") +PACKAGE_UNINSTALL=("apt -y autoremove" "apt -y autoremove" "yum -y autoremove" "yum -y autoremove" "yum -y autoremove") + +[[ $EUID -ne 0 ]] && red "注意: 请在root用户下运行脚本" && exit 1 + +CMD=("$(grep -i pretty_name /etc/os-release 2>/dev/null | cut -d \" -f2)" "$(hostnamectl 2>/dev/null | grep -i system | cut -d : -f2)" "$(lsb_release -sd 2>/dev/null)" "$(grep -i description /etc/lsb-release 2>/dev/null | cut -d \" -f2)" "$(grep . /etc/redhat-release 2>/dev/null)" "$(grep . /etc/issue 2>/dev/null | cut -d \\ -f1 | sed '/^[ ]*$/d')") + +for i in "${CMD[@]}"; do + SYS="$i" && [[ -n $SYS ]] && break +done + +for ((int = 0; int < ${#REGEX[@]}; int++)); do + [[ $(echo "$SYS" | tr '[:upper:]' '[:lower:]') =~ ${REGEX[int]} ]] && SYSTEM="${RELEASE[int]}" && [[ -n $SYSTEM ]] && break +done + +[[ -z $SYSTEM ]] && red "目前暂不支持你的VPS的操作系统!" && exit 1 + +if [[ -z $(type -P curl) ]]; then + if [[ ! $SYSTEM == "CentOS" ]]; then + ${PACKAGE_UPDATE[int]} + fi + ${PACKAGE_INSTALL[int]} curl +fi + +realip(){ + ip=$(curl -s4m8 ip.sb -k) || ip=$(curl -s6m8 ip.sb -k) +} + +inst_cert(){ + green "Hysteria 2 协议证书申请方式如下:" + echo "" + echo -e " ${GREEN}1.${PLAIN} 必应自签证书 ${YELLOW}(默认)${PLAIN}" + echo -e " ${GREEN}2.${PLAIN} Acme 脚本自动申请" + echo -e " ${GREEN}3.${PLAIN} 自定义证书路径" + echo "" + read -rp "请输入选项 [1-3]: " certInput + if [[ $certInput == 2 ]]; then + cert_path="/root/cert.crt" + key_path="/root/private.key" + + chmod a+x /root # 让 Hysteria 主程序访问到 /root 目录 + + if [[ -f /root/cert.crt && -f /root/private.key ]] && [[ -s /root/cert.crt && -s /root/private.key ]] && [[ -f /root/ca.log ]]; then + domain=$(cat /root/ca.log) + green "检测到原有域名:$domain 的证书,正在应用" + hy_domain=$domain + else + WARPv4Status=$(curl -s4m8 https://www.cloudflare.com/cdn-cgi/trace -k | grep warp | cut -d= -f2) + WARPv6Status=$(curl -s6m8 https://www.cloudflare.com/cdn-cgi/trace -k | grep warp | cut -d= -f2) + if [[ $WARPv4Status =~ on|plus ]] || [[ $WARPv6Status =~ on|plus ]]; then + wg-quick down wgcf >/dev/null 2>&1 + systemctl stop warp-go >/dev/null 2>&1 + realip + wg-quick up wgcf >/dev/null 2>&1 + systemctl start warp-go >/dev/null 2>&1 + else + realip + fi + + read -p "请输入需要申请证书的域名:" domain + [[ -z $domain ]] && red "未输入域名,无法执行操作!" && exit 1 + green "已输入的域名:$domain" && sleep 1 + domainIP=$(curl -sm8 ipget.net/?ip="${domain}") + if [[ $domainIP == $ip ]]; then + ${PACKAGE_INSTALL[int]} curl wget sudo socat openssl + if [[ $SYSTEM == "CentOS" ]]; then + ${PACKAGE_INSTALL[int]} cronie + systemctl start crond + systemctl enable crond + else + ${PACKAGE_INSTALL[int]} cron + systemctl start cron + systemctl enable cron + fi + curl https://get.acme.sh | sh -s email=$(date +%s%N | md5sum | cut -c 1-16)@gmail.com + source ~/.bashrc + bash ~/.acme.sh/acme.sh --upgrade --auto-upgrade + bash ~/.acme.sh/acme.sh --set-default-ca --server letsencrypt + if [[ -n $(echo $ip | grep ":") ]]; then + bash ~/.acme.sh/acme.sh --issue -d ${domain} --standalone -k ec-256 --listen-v6 --insecure + else + bash ~/.acme.sh/acme.sh --issue -d ${domain} --standalone -k ec-256 --insecure + fi + bash ~/.acme.sh/acme.sh --install-cert -d ${domain} --key-file /root/private.key --fullchain-file /root/cert.crt --ecc + if [[ -f /root/cert.crt && -f /root/private.key ]] && [[ -s /root/cert.crt && -s /root/private.key ]]; then + echo $domain > /root/ca.log + sed -i '/--cron/d' /etc/crontab >/dev/null 2>&1 + echo "0 0 * * * root bash /root/.acme.sh/acme.sh --cron -f >/dev/null 2>&1" >> /etc/crontab + green "证书申请成功! 脚本申请到的证书 (cert.crt) 和私钥 (private.key) 文件已保存到 /root 文件夹下" + yellow "证书crt文件路径如下: /root/cert.crt" + yellow "私钥key文件路径如下: /root/private.key" + hy_domain=$domain + fi + else + red "当前域名解析的IP与当前VPS使用的真实IP不匹配" + green "建议如下:" + yellow "1. 请确保CloudFlare小云朵为关闭状态(仅限DNS), 其他域名解析或CDN网站设置同理" + yellow "2. 请检查DNS解析设置的IP是否为VPS的真实IP" + yellow "3. 脚本可能跟不上时代, 建议截图发布到GitHub Issues、GitLab Issues、论坛或TG群询问" + exit 1 + fi + fi + elif [[ $certInput == 3 ]]; then + read -p "请输入公钥文件 crt 的路径:" cert_path + yellow "公钥文件 crt 的路径:$cert_path " + read -p "请输入密钥文件 key 的路径:" key_path + yellow "密钥文件 key 的路径:$key_path " + read -p "请输入证书的域名:" domain + yellow "证书域名:$domain" + hy_domain=$domain + else + green "将使用必应自签证书作为 Hysteria 2 的节点证书" + + cert_path="/etc/hysteria/cert.crt" + key_path="/etc/hysteria/private.key" + openssl ecparam -genkey -name prime256v1 -out /etc/hysteria/private.key + openssl req -new -x509 -days 36500 -key /etc/hysteria/private.key -out /etc/hysteria/cert.crt -subj "/CN=www.bing.com" + chmod 777 /etc/hysteria/cert.crt + chmod 777 /etc/hysteria/private.key + hy_domain="www.bing.com" + domain="www.bing.com" + fi +} + +inst_port(){ + iptables -t nat -F PREROUTING >/dev/null 2>&1 + + read -p "设置 Hysteria 2 端口 [1-65535](回车则随机分配端口):" port + [[ -z $port ]] && port=$(shuf -i 2000-65535 -n 1) + until [[ -z $(ss -tunlp | grep -w udp | awk '{print $5}' | sed 's/.*://g' | grep -w "$port") ]]; do + if [[ -n $(ss -tunlp | grep -w udp | awk '{print $5}' | sed 's/.*://g' | grep -w "$port") ]]; then + echo -e "${RED} $port ${PLAIN} 端口已经被其他程序占用,请更换端口重试!" + read -p "设置 Hysteria 2 端口 [1-65535](回车则随机分配端口):" port + [[ -z $port ]] && port=$(shuf -i 2000-65535 -n 1) + fi + done + + yellow "将在 Hysteria 2 节点使用的端口是:$port" + inst_jump +} + +inst_jump(){ + green "Hysteria 2 端口使用模式如下:" + echo "" + echo -e " ${GREEN}1.${PLAIN} 单端口 ${YELLOW}(默认)${PLAIN}" + echo -e " ${GREEN}2.${PLAIN} 端口跳跃" + echo "" + read -rp "请输入选项 [1-2]: " jumpInput + if [[ $jumpInput == 2 ]]; then + read -p "设置范围端口的起始端口 (建议10000-65535之间):" firstport + read -p "设置一个范围端口的末尾端口 (建议10000-65535之间,一定要比上面起始端口大):" endport + if [[ $firstport -ge $endport ]]; then + until [[ $firstport -le $endport ]]; do + if [[ $firstport -ge $endport ]]; then + red "你设置的起始端口小于末尾端口,请重新输入起始和末尾端口" + read -p "设置范围端口的起始端口 (建议10000-65535之间):" firstport + read -p "设置一个范围端口的末尾端口 (建议10000-65535之间,一定要比上面起始端口大):" endport + fi + done + fi + iptables -t nat -A PREROUTING -p udp --dport $firstport:$endport -j DNAT --to-destination :$port + ip6tables -t nat -A PREROUTING -p udp --dport $firstport:$endport -j DNAT --to-destination :$port + netfilter-persistent save >/dev/null 2>&1 + else + red "将继续使用单端口模式" + fi +} + +inst_pwd(){ + read -p "设置 Hysteria 2 密码(回车跳过为随机字符):" auth_pwd + [[ -z $auth_pwd ]] && auth_pwd=$(date +%s%N | md5sum | cut -c 1-8) + yellow "使用在 Hysteria 2 节点的密码为:$auth_pwd" +} + +inst_site(){ + read -rp "请输入 Hysteria 2 的伪装网站地址 (去除https://) [回车世嘉maimai日本网站]:" proxysite + [[ -z $proxysite ]] && proxysite="maimai.sega.jp" + yellow "使用在 Hysteria 2 节点的伪装网站为:$proxysite" +} + +insthysteria(){ + warpv6=$(curl -s6m8 https://www.cloudflare.com/cdn-cgi/trace -k | grep warp | cut -d= -f2) + warpv4=$(curl -s4m8 https://www.cloudflare.com/cdn-cgi/trace -k | grep warp | cut -d= -f2) + if [[ $warpv4 =~ on|plus || $warpv6 =~ on|plus ]]; then + wg-quick down wgcf >/dev/null 2>&1 + systemctl stop warp-go >/dev/null 2>&1 + realip + systemctl start warp-go >/dev/null 2>&1 + wg-quick up wgcf >/dev/null 2>&1 + else + realip + fi + + if [[ ! ${SYSTEM} == "CentOS" ]]; then + ${PACKAGE_UPDATE} + fi + ${PACKAGE_INSTALL} curl wget sudo qrencode procps iptables-persistent netfilter-persistent + + wget -N https://raw.githubusercontent.com/Misaka-blog/hysteria-install/main/hy2/install_server.sh + bash install_server.sh + rm -f install_server.sh + + if [[ -f "/usr/local/bin/hysteria" ]]; then + green "Hysteria 2 安装成功!" + else + red "Hysteria 2 安装失败!" + fi + + # 询问用户 Hysteria 配置 + inst_cert + inst_port + inst_pwd + inst_site + + # 设置 Hysteria 配置文件 + cat << EOF > /etc/hysteria/config.yaml +listen: :$port + +tls: + cert: $cert_path + key: $key_path + +quic: + initStreamReceiveWindow: 16777216 + maxStreamReceiveWindow: 16777216 + initConnReceiveWindow: 33554432 + maxConnReceiveWindow: 33554432 + +auth: + type: password + password: $auth_pwd + +masquerade: + type: proxy + proxy: + url: https://$proxysite + rewriteHost: true +EOF + + # 确定最终入站端口范围 + if [[ -n $firstport ]]; then + last_port="$port,$firstport-$endport" + else + last_port=$port + fi + + # 给 IPv6 地址加中括号 + if [[ -n $(echo $ip | grep ":") ]]; then + last_ip="[$ip]" + else + last_ip=$ip + fi + + mkdir /root/hy + cat << EOF > /root/hy/hy-client.yaml +server: $last_ip:$last_port + +auth: $auth_pwd + +tls: + sni: $hy_domain + insecure: true + +quic: + initStreamReceiveWindow: 16777216 + maxStreamReceiveWindow: 16777216 + initConnReceiveWindow: 33554432 + maxConnReceiveWindow: 33554432 + +fastOpen: true + +socks5: + listen: 127.0.0.1:5080 + +transport: + udp: + hopInterval: 30s +EOF + cat << EOF > /root/hy/hy-client.json +{ + "server": "$last_ip:$last_port", + "auth": "$auth_pwd", + "tls": { + "sni": "$hy_domain", + "insecure": true + }, + "quic": { + "initStreamReceiveWindow": 16777216, + "maxStreamReceiveWindow": 16777216, + "initConnReceiveWindow": 33554432, + "maxConnReceiveWindow": 33554432 + }, + "socks5": { + "listen": "127.0.0.1:5080" + }, + "transport": { + "udp": { + "hopInterval": "30s" + } + } +} +EOF + + url="hysteria2://$auth_pwd@$last_ip:$last_port/?insecure=1&sni=$hy_domain#Hysteria2-misaka" + echo $url > /root/hy/url.txt + + systemctl daemon-reload + systemctl enable hysteria-server + systemctl start hysteria-server + if [[ -n $(systemctl status hysteria-server 2>/dev/null | grep -w active) && -f '/etc/hysteria/config.yaml' ]]; then + green "Hysteria 2 服务启动成功" + else + red "Hysteria 2 服务启动失败,请运行 systemctl status hysteria-server 查看服务状态并反馈,脚本退出" && exit 1 + fi + red "======================================================================================" + green "Hysteria 2 代理服务安装完成" + yellow "Hysteria 2 客户端 YAML 配置文件 hy-client.yaml 内容如下,并保存到 /root/hy/hy-client.yaml" + red "$(cat /root/hy/hy-client.yaml)" + yellow "Hysteria 2 客户端 JSON 配置文件 hy-client.json 内容如下,并保存到 /root/hy/hy-client.json" + red "$(cat /root/hy/hy-client.json)" + yellow "Hysteria 2 节点分享链接如下,并保存到 /root/hy/url.txt" + red "$(cat /root/hy/url.txt)" +} + +unsthysteria(){ + systemctl stop hysteria-server.service >/dev/null 2>&1 + systemctl disable hysteria-server.service >/dev/null 2>&1 + rm -f /lib/systemd/system/hysteria-server.service /lib/systemd/system/hysteria-server@.service + rm -rf /usr/local/bin/hysteria /etc/hysteria /root/hy /root/hysteria.sh + iptables -t nat -F PREROUTING >/dev/null 2>&1 + netfilter-persistent save >/dev/null 2>&1 + + green "Hysteria 2 已彻底卸载完成!" +} + +starthysteria(){ + systemctl start hysteria-server + systemctl enable hysteria-server >/dev/null 2>&1 +} + +stophysteria(){ + systemctl stop hysteria-server + systemctl disable hysteria-server >/dev/null 2>&1 +} + +hysteriaswitch(){ + yellow "请选择你需要的操作:" + echo "" + echo -e " ${GREEN}1.${PLAIN} 启动 Hysteria 2" + echo -e " ${GREEN}2.${PLAIN} 关闭 Hysteria 2" + echo -e " ${GREEN}3.${PLAIN} 重启 Hysteria 2" + echo "" + read -rp "请输入选项 [0-3]: " switchInput + case $switchInput in + 1 ) starthysteria ;; + 2 ) stophysteria ;; + 3 ) stophysteria && starthysteria ;; + * ) exit 1 ;; + esac +} + +changeport(){ + oldport=$(cat /etc/hysteria/config.yaml 2>/dev/null | sed -n 1p | awk '{print $2}' | awk -F ":" '{print $2}') + + read -p "设置 Hysteria 2 端口[1-65535](回车则随机分配端口):" port + [[ -z $port ]] && port=$(shuf -i 2000-65535 -n 1) + + until [[ -z $(ss -tunlp | grep -w udp | awk '{print $5}' | sed 's/.*://g' | grep -w "$port") ]]; do + if [[ -n $(ss -tunlp | grep -w udp | awk '{print $5}' | sed 's/.*://g' | grep -w "$port") ]]; then + echo -e "${RED} $port ${PLAIN} 端口已经被其他程序占用,请更换端口重试!" + read -p "设置 Hysteria 2 端口 [1-65535](回车则随机分配端口):" port + [[ -z $port ]] && port=$(shuf -i 2000-65535 -n 1) + fi + done + + sed -i "1s#$oldport#$port#g" /etc/hysteria/config.yaml + sed -i "1s#$oldport#$port#g" /root/hy/hy-client.yaml + sed -i "2s#$oldport#$port#g" /root/hy/hy-client.json + + stophysteria && starthysteria + + green "Hysteria 2 端口已成功修改为:$port" + yellow "请手动更新客户端配置文件以使用节点" + showconf +} + +changepasswd(){ + oldpasswd=$(cat /etc/hysteria/config.yaml 2>/dev/null | sed -n 15p | awk '{print $2}') + + read -p "设置 Hysteria 2 密码(回车跳过为随机字符):" passwd + [[ -z $passwd ]] && passwd=$(date +%s%N | md5sum | cut -c 1-8) + + sed -i "1s#$oldpasswd#$passwd#g" /etc/hysteria/config.yaml + sed -i "1s#$oldpasswd#$passwd#g" /root/hy/hy-client.yaml + sed -i "3s#$oldpasswd#$passwd#g" /root/hy/hy-client.json + + stophysteria && starthysteria + + green "Hysteria 2 节点密码已成功修改为:$passwd" + yellow "请手动更新客户端配置文件以使用节点" + showconf +} + +change_cert(){ + old_cert=$(cat /etc/hysteria/config.yaml | grep cert | awk -F " " '{print $2}') + old_key=$(cat /etc/hysteria/config.yaml | grep key | awk -F " " '{print $2}') + old_hydomain=$(cat /root/hy/hy-client.yaml | grep sni | awk '{print $2}') + + inst_cert + + sed -i "s!$old_cert!$cert_path!g" /etc/hysteria/config.yaml + sed -i "s!$old_key!$key_path!g" /etc/hysteria/config.yaml + sed -i "6s/$old_hydomain/$hy_domain/g" /root/hy/hy-client.yaml + sed -i "5s/$old_hydomain/$hy_domain/g" /root/hy/hy-client.json + + stophysteria && starthysteria + + green "Hysteria 2 节点证书类型已成功修改" + yellow "请手动更新客户端配置文件以使用节点" + showconf +} + +changeproxysite(){ + oldproxysite=$(cat /etc/hysteria/config.yaml | grep url | awk -F " " '{print $2}' | awk -F "https://" '{print $2}') + + inst_site + + sed -i "s#$oldproxysite#$proxysite#g" /etc/caddy/Caddyfile + + stophysteria && starthysteria + + green "Hysteria 2 节点伪装网站已成功修改为:$proxysite" +} + +changeconf(){ + green "Hysteria 2 配置变更选择如下:" + echo -e " ${GREEN}1.${PLAIN} 修改端口" + echo -e " ${GREEN}2.${PLAIN} 修改密码" + echo -e " ${GREEN}3.${PLAIN} 修改证书类型" + echo -e " ${GREEN}4.${PLAIN} 修改伪装网站" + echo "" + read -p " 请选择操作 [1-4]:" confAnswer + case $confAnswer in + 1 ) changeport ;; + 2 ) changepasswd ;; + 3 ) change_cert ;; + 4 ) changeproxysite ;; + * ) exit 1 ;; + esac +} + +showconf(){ + yellow "Hysteria 2 客户端 YAML 配置文件 hy-client.yaml 内容如下,并保存到 /root/hy/hy-client.yaml" + red "$(cat /root/hy/hy-client.yaml)" + yellow "Hysteria 2 客户端 JSON 配置文件 hy-client.json 内容如下,并保存到 /root/hy/hy-client.json" + red "$(cat /root/hy/hy-client.json)" + yellow "Hysteria 2 节点分享链接如下,并保存到 /root/hy/url.txt" + red "$(cat /root/hy/url.txt)" +} + +menu() { + clear + echo "#############################################################" + echo -e "# ${RED}Hysteria 2 一键安装脚本${PLAIN} #" + echo -e "# ${GREEN}作者${PLAIN}: MisakaNo の 小破站 #" + echo -e "# ${GREEN}博客${PLAIN}: https://blog.misaka.rest #" + echo -e "# ${GREEN}GitHub 项目${PLAIN}: https://github.com/Misaka-blog #" + echo -e "# ${GREEN}GitLab 项目${PLAIN}: https://gitlab.com/Misaka-blog #" + echo -e "# ${GREEN}Telegram 频道${PLAIN}: https://t.me/misakanocchannel #" + echo -e "# ${GREEN}Telegram 群组${PLAIN}: https://t.me/misakanoc #" + echo -e "# ${GREEN}YouTube 频道${PLAIN}: https://www.youtube.com/@misaka-blog #" + echo "#############################################################" + echo "" + echo -e " ${GREEN}1.${PLAIN} 安装 Hysteria 2" + echo -e " ${GREEN}2.${PLAIN} ${RED}卸载 Hysteria 2${PLAIN}" + echo " -------------" + echo -e " ${GREEN}3.${PLAIN} 关闭、开启、重启 Hysteria 2" + echo -e " ${GREEN}4.${PLAIN} 修改 Hysteria 2 配置" + echo -e " ${GREEN}5.${PLAIN} 显示 Hysteria 2 配置文件" + echo " -------------" + echo -e " ${GREEN}0.${PLAIN} 退出脚本" + echo "" + read -rp "请输入选项 [0-5]: " menuInput + case $menuInput in + 1 ) insthysteria ;; + 2 ) unsthysteria ;; + 3 ) hysteriaswitch ;; + 4 ) changeconf ;; + 5 ) showconf ;; + * ) exit 1 ;; + esac +} + +menu \ No newline at end of file diff --git a/Hysteria/hysteria证书申请.sh b/Hysteria/hysteria证书申请.sh new file mode 100644 index 0000000..2ecf7d9 --- /dev/null +++ b/Hysteria/hysteria证书申请.sh @@ -0,0 +1,22 @@ +#!/bin/bash + +export DOMAIN_NAME=super-idol.107421.xyz + +export CF_Token="oXJRP5XI8Zhipa_PtYtB_jy6qWL0I9BosrJEYE8p" +export CF_Account_ID="dfaadeb83406ef5ad35da02617af9191" +export CF_Zone_ID="511894a4f1357feb905e974e16241ebb" + +acme.sh --issue --dns dns_cf -d ${DOMAIN_NAME} --keylength ec-256 + + + +acme.sh --install-cert -d ${DOMAIN_NAME} --ecc \ +--key-file /etc/nginx/conf.d/ssl_key/${DOMAIN_NAME}.key.pem \ +--fullchain-file /etc/nginx/conf.d/ssl_key/${DOMAIN_NAME}.cert.pem \ +--reloadcmd "systemctl restart nginx --force" + + +openssl x509 -noout -fingerprint -sha256 -in /root/.acme.sh/super-idol.107421.xyz_ecc/super-idol.107421.xyz.cer + +cp /root/.acme.sh/super-idol.107421.xyz_ecc/super-idol.107421.xyz.cer /etc/hysteria/super-idol.107421.xyz.cert +cp /root/.acme.sh/super-idol.107421.xyz_ecc/super-idol.107421.xyz.key /etc/hysteria/super-idol.107421.xyz.key diff --git a/Hysteria/客户端配置.yaml b/Hysteria/客户端配置.yaml new file mode 100644 index 0000000..11af4e4 --- /dev/null +++ b/Hysteria/客户端配置.yaml @@ -0,0 +1,31 @@ +server: 140.238.8.73:29100 + +auth: V2ryStr0ngP@ss + +tls: + sni: super-idol.107421.xyz + insecure: false + pinSHA256: 71:82:78:59:3B:9B:33:50:9C:02:A7:C3:DF:9B:77:6B:81:E2:B7:C8:56:B0:25:4F:D2:0E:B8:FB:E0:46:3D:4A + +quic: + initStreamReceiveWindow: 16777216 + maxStreamReceiveWindow: 16777216 + initConnReceiveWindow: 33554432 + maxConnReceiveWindow: 33554432 + maxIdleTimeout: 10s + maxIncomingStreams: 128 + disablePathMTUDiscovery: false + +obfs: + type: salamander + salamander: + password: fuck_ufw + +fastOpen: false + +socks5: + listen: 127.0.0.1:5080 + +transport: + udp: + hopInterval: 10s \ No newline at end of file diff --git a/Hysteria/服务端配置.yaml b/Hysteria/服务端配置.yaml new file mode 100644 index 0000000..2bdbd5d --- /dev/null +++ b/Hysteria/服务端配置.yaml @@ -0,0 +1,29 @@ +listen: :29100 + +tls: + cert: /etc/hysteria/super-idol.107421.xyz.cert + key: /etc/hysteria/super-idol.107421.xyz.key + +quic: + initStreamReceiveWindow: 16777216 + maxStreamReceiveWindow: 16777216 + initConnReceiveWindow: 33554432 + maxConnReceiveWindow: 33554432 + maxIdleTimeout: 10s + maxIncomingStreams: 128 + disablePathMTUDiscovery: false + +obfs: + type: salamander + salamander: + password: fuck_ufw + +auth: + type: password + password: V2ryStr0ngP@ss + +masquerade: + type: proxy + proxy: + url: https://aws.amazon.com + rewriteHost: true \ No newline at end of file diff --git a/Hysteria/需要配合iptables使用.txt b/Hysteria/需要配合iptables使用.txt new file mode 100644 index 0000000..c189578 --- /dev/null +++ b/Hysteria/需要配合iptables使用.txt @@ -0,0 +1,12 @@ +Hysteria 服务端并不能同时监听多个端口,因此不能在服务器端使用上面的格式作为监听地址。建议配合 iptables 的 DNAT 将端口转发到服务器的监听端口。 + +# IPv4 +iptables -t nat -A PREROUTING -i ens3 -p udp --dport 19100:19300 -j DNAT --to-destination :19100 +iptables -t nat -A PREROUTING -i ens3 -p tcp --dport 19100:19300 -j DNAT --to-destination :19100 +# IPv6 +ip6tables -t nat -A PREROUTING -i ens3 -p udp --dport 19100:19300 -j DNAT --to-destination :19100 + + +iptables -t nat -L +iptables -t nat -D PREROUTING 1 +iptables -t nat -nL --line-number \ No newline at end of file diff --git a/v2ray示例/XRay-外网服务器/Seoul4实际使用的Xray配置.json b/v2ray示例/XRay-外网服务器/Seoul4实际使用的Xray配置.json index f45b896..5c59d81 100644 --- a/v2ray示例/XRay-外网服务器/Seoul4实际使用的Xray配置.json +++ b/v2ray示例/XRay-外网服务器/Seoul4实际使用的Xray配置.json @@ -6,221 +6,437 @@ }, "inbounds": [ { - "port": 19990, - "protocol": "vless", - "settings": { - "clients": [ - { - "id": "adbd84eb-15fe-4c62-931c-b471791672ad", - "flow": "xtls-rprx-direct", - "level": 0, - "email": "ice@gmail.com" - } - ], - "decryption": "none", - "fallbacks": [ - { - "dest": 60001, - "alpn": "", - "xver": 1 - }, - { - "dest": 60002, - "alpn": "h2", - "xver": 1 - }, - { - "path": "/v2ice-vless-ws/", - "dest": 19998, - "xver": 1 - }, - { - "path": "/v2ice-vmess-tcp", - "dest": 19997, - "xver": 1 - }, - { - "path": "/v2ice-vmess-ws", - "dest": 19996, - "xver": 1 - } - ] - }, - "streamSettings": { - "network": "tcp", - "security": "xtls", - "xtlsSettings": { - "alpn": [ - "h2", - "http/1.1" - ], - "certificates": [ - { - "certificateFile": "/root/.acme.sh/xx.s4.cc.hh.107421.xyz_ecc/fullchain.cer", - "keyFile": "/root/.acme.sh/xx.s4.cc.hh.107421.xyz_ecc/xx.s4.cc.hh.107421.xyz.key" - } - ] - }, - "sniffing": { - "enabled": true, - "destOverride": [ - "http", - "tls" - ] - } - } - }, - { - "port": 19999, - "listen": "127.0.0.1", - "protocol": "trojan", - "settings": { - "clients": [ - { - "password": "loveff.22", - "level": 0, - "email": "ice@gmail.com.cn", - "flow": "xtls-rprx-direct" - } - ], - "fallbacks": [ - { - "dest": 8080, - "alpn": "", - "xver": 1 - }, - { - "dest": 8081, - "alpn": "h2", - "xver": 1 - } - ] - }, - "streamSettings": { - "network": "tcp", - "security": "xtls", - "xtlsSettings": { - "alpn": [ - "h2", - "http/1.1" - ], - "certificates": [ - { - "certificateFile": "/root/.acme.sh/xx.s4.cc.hh.107421.xyz_ecc/fullchain.cer", - "keyFile": "/root/.acme.sh/xx.s4.cc.hh.107421.xyz_ecc/xx.s4.cc.hh.107421.xyz.key" - } - ] - }, - "sniffing": { - "enabled": true, - "destOverride": [ - "http", - "tls" - ] - } - } - }, - { - "port": 19998, - "listen": "127.0.0.1", - "protocol": "vless", - "settings": { - "clients": [ - { - "id": "adbd84eb-15fe-4c62-931c-b471791672ad", - "level": 0, - "email": "ice@gmail.com" - } - ], - "decryption": "none" - }, - "streamSettings": { - "network": "ws", - "security": "none", - "wsSettings": { - "acceptProxyProtocol": true, - "path": "/v2ice-vless-ws/" - } - } - }, - { - "port": 19997, - "listen": "127.0.0.1", "protocol": "vmess", - "settings": { - "clients": [ - { - "id": "3da8aa3f-ddd7-49bf-94ba-950593f24471", - "level": 0, - "email": "ice@gmail.com" - } - ] - }, + "listen": "0.0.0.0", + "port": 19999, "streamSettings": { - "network": "tcp", - "security": "auto", "tcpSettings": { - "acceptProxyProtocol": true, "header": { "type": "http", - "request": { - "path": [ - "/v2ice-vmess-tcp" - ] + "response": { + "version": "1.1", + "status": "200", + "reason": "Accept", + "headers": { + "Content-Type": [ + "application/octet-stream", + "video/mpeg" + ], + "Transfer-Encoding": [ + "chunked" + ], + "Connection": [ + "keep-alive" + ], + "Pragma": "no-cache" + } } } } - } - }, - { - "port": 19996, - "listen": "127.0.0.1", - "protocol": "vmess", + }, + "tag": "Seoul-amd64-04", "settings": { "clients": [ { - "id": "c08e68f1-283c-4f91-9603-0b80484bb283", + "id": "6aa7cdeb-ba46-4264-8e02-5131bca27729", + "email": "Seoul-amd64-04@octopus.io", "level": 0, - "email": "ice@gmail.com" + "alterId": 0 } - ] - }, - "streamSettings": { - "network": "ws", - "security": "auto", - "wsSettings": { - "acceptProxyProtocol": true, - "path": "/v2ice-vmess-ws" - } + ], + "disableInsecureEncryption": false } }, { - "port": 19995, + "protocol": "vmess", "listen": "0.0.0.0", - "protocol": "vmess", + "port": 19997, + "streamSettings": { + "tcpSettings": { + "header": { + "type": "http", + "response": { + "version": "1.1", + "status": "200", + "reason": "Accept", + "headers": { + "Content-Type": [ + "application/octet-stream", + "video/mpeg" + ], + "Transfer-Encoding": [ + "chunked" + ], + "Connection": [ + "keep-alive" + ], + "Pragma": "no-cache" + } + } + } + } + }, + "tag": "Shanghai-amd64-01->Seoul-amd64-04", "settings": { "clients": [ { - "id": "becaca40-b457-4572-9b46-ed66ecca7b4e", + "id": "3835293a-35a7-4c96-8595-d52e5a2754a9", + "email": "Shanghai-amd64-01->Seoul-amd64-04@octopus.io", "level": 0, - "alterId": 0, - "email": "ice@cc.com" + "alterId": 0 } - ] - }, + ], + "disableInsecureEncryption": false + } + }, + { + "protocol": "vmess", + "listen": "0.0.0.0", + "port": 19996, "streamSettings": { - "network": "ws", - "security": "auto", - "wsSettings": { - "acceptProxyProtocol": false, - "path": "/v2ice-default-ws" + "tcpSettings": { + "header": { + "type": "http", + "response": { + "version": "1.1", + "status": "200", + "reason": "Accept", + "headers": { + "Content-Type": [ + "application/octet-stream", + "video/mpeg" + ], + "Transfer-Encoding": [ + "chunked" + ], + "Connection": [ + "keep-alive" + ], + "Pragma": "no-cache" + } + } + } } + }, + "tag": "Shanghai-amd64-01->Seoul-amd64-04->Tokyo-amd64-02", + "settings": { + "clients": [ + { + "id": "89cce8ba-0b2c-4cde-8a67-07a6508b55bc", + "email": "Shanghai-amd64-01->Seoul-amd64-04->Tokyo-amd64-02@octopus.io", + "level": 0, + "alterId": 0 + } + ], + "disableInsecureEncryption": false + } + }, + { + "protocol": "vmess", + "listen": "0.0.0.0", + "port": 19995, + "streamSettings": { + "tcpSettings": { + "header": { + "type": "http", + "response": { + "version": "1.1", + "status": "200", + "reason": "Accept", + "headers": { + "Content-Type": [ + "application/octet-stream", + "video/mpeg" + ], + "Transfer-Encoding": [ + "chunked" + ], + "Connection": [ + "keep-alive" + ], + "Pragma": "no-cache" + } + } + } + } + }, + "tag": "Shanghai-amd64-01->Seoul-amd64-04->Phoenix-amd64-02", + "settings": { + "clients": [ + { + "id": "534528a0-dd12-4fc5-b367-f081d6e717cc", + "email": "Shanghai-amd64-01->Seoul-amd64-04->Phoenix-amd64-02@octopus.io", + "level": 0, + "alterId": 0 + } + ], + "disableInsecureEncryption": false + } + }, + { + "protocol": "vmess", + "listen": "0.0.0.0", + "port": 19994, + "streamSettings": { + "tcpSettings": { + "header": { + "type": "http", + "response": { + "version": "1.1", + "status": "200", + "reason": "Accept", + "headers": { + "Content-Type": [ + "application/octet-stream", + "video/mpeg" + ], + "Transfer-Encoding": [ + "chunked" + ], + "Connection": [ + "keep-alive" + ], + "Pragma": "no-cache" + } + } + } + } + }, + "tag": "Shanghai-amd64-01->Seoul-amd64-04->London-amd64-01", + "settings": { + "clients": [ + { + "id": "d5b67da8-ea65-4ba1-a586-0189c968ba85", + "email": "Shanghai-amd64-01->Seoul-amd64-04->London-amd64-01@octopus.io", + "level": 0, + "alterId": 0 + } + ], + "disableInsecureEncryption": false } } ], "outbounds": [ { "protocol": "freedom" + }, + { + "protocol": "blackhole", + "tag": "block" + }, + { + "protocol": "vmess", + "settings": { + "vnext": [ + { + "address": "140.238.52.228", + "port": 19996, + "users": [ + { + "id": "89cce8ba-0b2c-4cde-8a67-07a6508b55bc", + "email": "Shanghai-amd64-01->Seoul-amd64-04->Tokyo-amd64-02@octopus.io", + "level": 0, + "alterId": 0 + } + ] + } + ] + }, + "tag": "Shanghai-amd64-01->Seoul-amd64-04->Tokyo-amd64-02", + "streamSettings": { + "tcpSettings": { + "header": { + "type": "http", + "request": { + "version": "1.1", + "method": "GET", + "path": [ + "/" + ], + "headers": { + "Host": [ + "www.baidu.com", + "www.google.com", + "www.bing.com", + "www.github.com" + ], + "User-Agent": [ + "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.143 Safari/537.36", + "Mozilla/5.0 (iPhone; CPU iPhone OS 10_0_2 like Mac OS X) AppleWebKit/601.1 (KHTML, like Gecko) CriOS/53.0.2785.109 Mobile/14A456 Safari/601.1.46" + ], + "Accept-Encoding": [ + "gzip", + "deflate" + ], + "Connection": [ + "keep-alive" + ], + "Pragma": "no-cache" + } + } + } + } + }, + "mux": { + "enabled": false, + "concurrency": -1 + } + }, + { + "protocol": "vmess", + "settings": { + "vnext": [ + { + "address": "129.146.171.163", + "port": 19995, + "users": [ + { + "id": "534528a0-dd12-4fc5-b367-f081d6e717cc", + "email": "Shanghai-amd64-01->Seoul-amd64-04->Phoenix-amd64-02@octopus.io", + "level": 0, + "alterId": 0 + } + ] + } + ] + }, + "tag": "Shanghai-amd64-01->Seoul-amd64-04->Phoenix-amd64-02", + "streamSettings": { + "tcpSettings": { + "header": { + "type": "http", + "request": { + "version": "1.1", + "method": "GET", + "path": [ + "/" + ], + "headers": { + "Host": [ + "www.baidu.com", + "www.google.com", + "www.bing.com", + "www.github.com" + ], + "User-Agent": [ + "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.143 Safari/537.36", + "Mozilla/5.0 (iPhone; CPU iPhone OS 10_0_2 like Mac OS X) AppleWebKit/601.1 (KHTML, like Gecko) CriOS/53.0.2785.109 Mobile/14A456 Safari/601.1.46" + ], + "Accept-Encoding": [ + "gzip", + "deflate" + ], + "Connection": [ + "keep-alive" + ], + "Pragma": "no-cache" + } + } + } + } + }, + "mux": { + "enabled": false, + "concurrency": -1 + } + }, + { + "protocol": "vmess", + "settings": { + "vnext": [ + { + "address": "141.147.99.91", + "port": 19994, + "users": [ + { + "id": "d5b67da8-ea65-4ba1-a586-0189c968ba85", + "email": "Shanghai-amd64-01->Seoul-amd64-04->London-amd64-01@octopus.io", + "level": 0, + "alterId": 0 + } + ] + } + ] + }, + "tag": "Shanghai-amd64-01->Seoul-amd64-04->London-amd64-01", + "streamSettings": { + "tcpSettings": { + "header": { + "type": "http", + "request": { + "version": "1.1", + "method": "GET", + "path": [ + "/" + ], + "headers": { + "Host": [ + "www.baidu.com", + "www.google.com", + "www.bing.com", + "www.github.com" + ], + "User-Agent": [ + "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.143 Safari/537.36", + "Mozilla/5.0 (iPhone; CPU iPhone OS 10_0_2 like Mac OS X) AppleWebKit/601.1 (KHTML, like Gecko) CriOS/53.0.2785.109 Mobile/14A456 Safari/601.1.46" + ], + "Accept-Encoding": [ + "gzip", + "deflate" + ], + "Connection": [ + "keep-alive" + ], + "Pragma": "no-cache" + } + } + } + } + }, + "mux": { + "enabled": false, + "concurrency": -1 + } } - ] + ], + "routing": { + "domainStrategy": "IPIfNonMatch", + "rules": [ + { + "type": "field", + "inboundTag": [ + "Seoul-amd64-04" + ], + "outboundTag": "Seoul-amd64-04" + }, + { + "type": "field", + "inboundTag": [ + "Shanghai-amd64-01->Seoul-amd64-04" + ], + "outboundTag": "Shanghai-amd64-01->Seoul-amd64-04" + }, + { + "type": "field", + "inboundTag": [ + "Shanghai-amd64-01->Seoul-amd64-04->Tokyo-amd64-02" + ], + "outboundTag": "Shanghai-amd64-01->Seoul-amd64-04->Tokyo-amd64-02" + }, + { + "type": "field", + "inboundTag": [ + "Shanghai-amd64-01->Seoul-amd64-04->Phoenix-amd64-02" + ], + "outboundTag": "Shanghai-amd64-01->Seoul-amd64-04->Phoenix-amd64-02" + }, + { + "type": "field", + "inboundTag": [ + "Shanghai-amd64-01->Seoul-amd64-04->London-amd64-01" + ], + "outboundTag": "Shanghai-amd64-01->Seoul-amd64-04->London-amd64-01" + } + ] + } } \ No newline at end of file diff --git a/v2ray示例/v2ray-Socks5/socks-http-代理服务器.json b/v2ray示例/v2ray-Socks5/socks-http-代理服务器.json new file mode 100644 index 0000000..45bf667 --- /dev/null +++ b/v2ray示例/v2ray-Socks5/socks-http-代理服务器.json @@ -0,0 +1,31 @@ +{ + "inbounds": [ + { + "protocol": "http", + "port": 58888, + "listen": "10.20.1.130" + } + , + { + "protocol": "socks", + "port": 58889, + "listen": "10.20.1.130", + "settings": { + "auth": "noauth", + "udp": true, + "userLevel": 0 + } + } + ], + "dns": { + "network": "udp", + "address": "223.5.5.5", + "port": 53 + }, + "outbounds": [ + { + "protocol": "freedom", + "settings": {} + } + ] +} \ No newline at end of file