zeaslity/shell-scripts
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

新增hysteria部分

Browse Source
This commit is contained in:
zeaslity
2023-09-13 10:23:30 +08:00
parent 92acacb7b4
commit f02d26b32e
9 changed files with 1065 additions and 186 deletions
Download Patch File Download Diff File Expand all files Collapse all files

520
Hysteria/Misaka的Hysteria的安装脚本.sh Normal file
View File

@@ -0,0 +1,520 @@
#!/bin/bash
export LANG=en_US.UTF-8
RED="\033[31m"
GREEN="\033[32m"
YELLOW="\033[33m"
PLAIN="\033[0m"
red(){
echo -e "\033[31m\033[01m$1\033[0m"
}
green(){
echo -e "\033[32m\033[01m$1\033[0m"
}
yellow(){
echo -e "\033[33m\033[01m$1\033[0m"
}
# 判断系统及定义系统安装依赖方式
REGEX=("debian" "ubuntu" "centos|red hat|kernel|oracle linux|alma|rocky" "'amazon linux'" "fedora")
RELEASE=("Debian" "Ubuntu" "CentOS" "CentOS" "Fedora")
PACKAGE_UPDATE=("apt-get update" "apt-get update" "yum -y update" "yum -y update" "yum -y update")
PACKAGE_INSTALL=("apt -y install" "apt -y install" "yum -y install" "yum -y install" "yum -y install")
PACKAGE_REMOVE=("apt -y remove" "apt -y remove" "yum -y remove" "yum -y remove" "yum -y remove")
PACKAGE_UNINSTALL=("apt -y autoremove" "apt -y autoremove" "yum -y autoremove" "yum -y autoremove" "yum -y autoremove")
[[ $EUID -ne 0 ]] && red "注意: 请在root用户下运行脚本" && exit 1
CMD=("$(grep -i pretty_name /etc/os-release 2>/dev/null | cut -d \" -f2)" "$(hostnamectl 2>/dev/null | grep -i system | cut -d : -f2)" "$(lsb_release -sd 2>/dev/null)" "$(grep -i description /etc/lsb-release 2>/dev/null | cut -d \" -f2)" "$(grep . /etc/redhat-release 2>/dev/null)" "$(grep . /etc/issue 2>/dev/null | cut -d \\ -f1 | sed '/^[ ]*$/d')")
for i in "${CMD[@]}"; do
SYS="$i" && [[ -n $SYS ]] && break
done
for ((int = 0; int < ${#REGEX[@]}; int++)); do
[[ $(echo "$SYS" | tr '[:upper:]' '[:lower:]') =~ ${REGEX[int]} ]] && SYSTEM="${RELEASE[int]}" && [[ -n $SYSTEM ]] && break
done
[[ -z $SYSTEM ]] && red "目前暂不支持你的VPS的操作系统" && exit 1
if [[ -z $(type -P curl) ]]; then
if [[ ! $SYSTEM == "CentOS" ]]; then
${PACKAGE_UPDATE[int]}
fi
${PACKAGE_INSTALL[int]} curl
fi
realip(){
ip=$(curl -s4m8 ip.sb -k) || ip=$(curl -s6m8 ip.sb -k)
}
inst_cert(){
green "Hysteria 2 协议证书申请方式如下:"
echo ""
echo -e " ${GREEN}1.${PLAIN} 必应自签证书 ${YELLOW}(默认)${PLAIN}"
echo -e " ${GREEN}2.${PLAIN} Acme 脚本自动申请"
echo -e " ${GREEN}3.${PLAIN} 自定义证书路径"
echo ""
read -rp "请输入选项 [1-3]: " certInput
if [[ $certInput == 2 ]]; then
cert_path="/root/cert.crt"
key_path="/root/private.key"
chmod a+x /root # 让 Hysteria 主程序访问到 /root 目录
if [[ -f /root/cert.crt && -f /root/private.key ]] && [[ -s /root/cert.crt && -s /root/private.key ]] && [[ -f /root/ca.log ]]; then
domain=$(cat /root/ca.log)
green "检测到原有域名:$domain 的证书,正在应用"
hy_domain=$domain
else
WARPv4Status=$(curl -s4m8 https://www.cloudflare.com/cdn-cgi/trace -k | grep warp | cut -d= -f2)
WARPv6Status=$(curl -s6m8 https://www.cloudflare.com/cdn-cgi/trace -k | grep warp | cut -d= -f2)
if [[ $WARPv4Status =~ on|plus ]] || [[ $WARPv6Status =~ on|plus ]]; then
wg-quick down wgcf >/dev/null 2>&1
systemctl stop warp-go >/dev/null 2>&1
realip
wg-quick up wgcf >/dev/null 2>&1
systemctl start warp-go >/dev/null 2>&1
else
realip
fi
read -p "请输入需要申请证书的域名:" domain
[[ -z $domain ]] && red "未输入域名,无法执行操作!" && exit 1
green "已输入的域名:$domain" && sleep 1
domainIP=$(curl -sm8 ipget.net/?ip="${domain}")
if [[ $domainIP == $ip ]]; then
${PACKAGE_INSTALL[int]} curl wget sudo socat openssl
if [[ $SYSTEM == "CentOS" ]]; then
${PACKAGE_INSTALL[int]} cronie
systemctl start crond
systemctl enable crond
else
${PACKAGE_INSTALL[int]} cron
systemctl start cron
systemctl enable cron
fi
curl https://get.acme.sh | sh -s email=$(date +%s%N | md5sum | cut -c 1-16)@gmail.com
source ~/.bashrc
bash ~/.acme.sh/acme.sh --upgrade --auto-upgrade
bash ~/.acme.sh/acme.sh --set-default-ca --server letsencrypt
if [[ -n $(echo $ip | grep ":") ]]; then
bash ~/.acme.sh/acme.sh --issue -d ${domain} --standalone -k ec-256 --listen-v6 --insecure
else
bash ~/.acme.sh/acme.sh --issue -d ${domain} --standalone -k ec-256 --insecure
fi
bash ~/.acme.sh/acme.sh --install-cert -d ${domain} --key-file /root/private.key --fullchain-file /root/cert.crt --ecc
if [[ -f /root/cert.crt && -f /root/private.key ]] && [[ -s /root/cert.crt && -s /root/private.key ]]; then
echo $domain > /root/ca.log
sed -i '/--cron/d' /etc/crontab >/dev/null 2>&1
echo "0 0 * * * root bash /root/.acme.sh/acme.sh --cron -f >/dev/null 2>&1" >> /etc/crontab
green "证书申请成功! 脚本申请到的证书 (cert.crt) 和私钥 (private.key) 文件已保存到 /root 文件夹下"
yellow "证书crt文件路径如下: /root/cert.crt"
yellow "私钥key文件路径如下: /root/private.key"
hy_domain=$domain
fi
else
red "当前域名解析的IP与当前VPS使用的真实IP不匹配"
green "建议如下:"
yellow "1. 请确保CloudFlare小云朵为关闭状态(仅限DNS), 其他域名解析或CDN网站设置同理"
yellow "2. 请检查DNS解析设置的IP是否为VPS的真实IP"
yellow "3. 脚本可能跟不上时代, 建议截图发布到GitHub Issues、GitLab Issues、论坛或TG群询问"
exit 1
fi
fi
elif [[ $certInput == 3 ]]; then
read -p "请输入公钥文件 crt 的路径:" cert_path
yellow "公钥文件 crt 的路径:$cert_path "
read -p "请输入密钥文件 key 的路径:" key_path
yellow "密钥文件 key 的路径:$key_path "
read -p "请输入证书的域名:" domain
yellow "证书域名:$domain"
hy_domain=$domain
else
green "将使用必应自签证书作为 Hysteria 2 的节点证书"
cert_path="/etc/hysteria/cert.crt"
key_path="/etc/hysteria/private.key"
openssl ecparam -genkey -name prime256v1 -out /etc/hysteria/private.key
openssl req -new -x509 -days 36500 -key /etc/hysteria/private.key -out /etc/hysteria/cert.crt -subj "/CN=www.bing.com"
chmod 777 /etc/hysteria/cert.crt
chmod 777 /etc/hysteria/private.key
hy_domain="www.bing.com"
domain="www.bing.com"
fi
}
inst_port(){
iptables -t nat -F PREROUTING >/dev/null 2>&1
read -p "设置 Hysteria 2 端口 [1-65535](回车则随机分配端口):" port
[[ -z $port ]] && port=$(shuf -i 2000-65535 -n 1)
until [[ -z $(ss -tunlp | grep -w udp | awk '{print $5}' | sed 's/.*://g' | grep -w "$port") ]]; do
if [[ -n $(ss -tunlp | grep -w udp | awk '{print $5}' | sed 's/.*://g' | grep -w "$port") ]]; then
echo -e "${RED} $port ${PLAIN} 端口已经被其他程序占用,请更换端口重试!"
read -p "设置 Hysteria 2 端口 [1-65535](回车则随机分配端口):" port
[[ -z $port ]] && port=$(shuf -i 2000-65535 -n 1)
fi
done
yellow "将在 Hysteria 2 节点使用的端口是:$port"
inst_jump
}
inst_jump(){
green "Hysteria 2 端口使用模式如下:"
echo ""
echo -e " ${GREEN}1.${PLAIN} 单端口 ${YELLOW}(默认)${PLAIN}"
echo -e " ${GREEN}2.${PLAIN} 端口跳跃"
echo ""
read -rp "请输入选项 [1-2]: " jumpInput
if [[ $jumpInput == 2 ]]; then
read -p "设置范围端口的起始端口 (建议10000-65535之间)" firstport
read -p "设置一个范围端口的末尾端口 (建议10000-65535之间一定要比上面起始端口大)" endport
if [[ $firstport -ge $endport ]]; then
until [[ $firstport -le $endport ]]; do
if [[ $firstport -ge $endport ]]; then
red "你设置的起始端口小于末尾端口,请重新输入起始和末尾端口"
read -p "设置范围端口的起始端口 (建议10000-65535之间)" firstport
read -p "设置一个范围端口的末尾端口 (建议10000-65535之间一定要比上面起始端口大)" endport
fi
done
fi
iptables -t nat -A PREROUTING -p udp --dport $firstport:$endport -j DNAT --to-destination :$port
ip6tables -t nat -A PREROUTING -p udp --dport $firstport:$endport -j DNAT --to-destination :$port
netfilter-persistent save >/dev/null 2>&1
else
red "将继续使用单端口模式"
fi
}
inst_pwd(){
read -p "设置 Hysteria 2 密码(回车跳过为随机字符):" auth_pwd
[[ -z $auth_pwd ]] && auth_pwd=$(date +%s%N | md5sum | cut -c 1-8)
yellow "使用在 Hysteria 2 节点的密码为:$auth_pwd"
}
inst_site(){
read -rp "请输入 Hysteria 2 的伪装网站地址 去除https:// [回车世嘉maimai日本网站]" proxysite
[[ -z $proxysite ]] && proxysite="maimai.sega.jp"
yellow "使用在 Hysteria 2 节点的伪装网站为:$proxysite"
}
insthysteria(){
warpv6=$(curl -s6m8 https://www.cloudflare.com/cdn-cgi/trace -k | grep warp | cut -d= -f2)
warpv4=$(curl -s4m8 https://www.cloudflare.com/cdn-cgi/trace -k | grep warp | cut -d= -f2)
if [[ $warpv4 =~ on|plus || $warpv6 =~ on|plus ]]; then
wg-quick down wgcf >/dev/null 2>&1
systemctl stop warp-go >/dev/null 2>&1
realip
systemctl start warp-go >/dev/null 2>&1
wg-quick up wgcf >/dev/null 2>&1
else
realip
fi
if [[ ! ${SYSTEM} == "CentOS" ]]; then
${PACKAGE_UPDATE}
fi
${PACKAGE_INSTALL} curl wget sudo qrencode procps iptables-persistent netfilter-persistent
wget -N https://raw.githubusercontent.com/Misaka-blog/hysteria-install/main/hy2/install_server.sh
bash install_server.sh
rm -f install_server.sh
if [[ -f "/usr/local/bin/hysteria" ]]; then
green "Hysteria 2 安装成功!"
else
red "Hysteria 2 安装失败!"
fi
# 询问用户 Hysteria 配置
inst_cert
inst_port
inst_pwd
inst_site
# 设置 Hysteria 配置文件
cat << EOF > /etc/hysteria/config.yaml
listen: :$port
tls:
cert: $cert_path
key: $key_path
quic:
initStreamReceiveWindow: 16777216
maxStreamReceiveWindow: 16777216
initConnReceiveWindow: 33554432
maxConnReceiveWindow: 33554432
auth:
type: password
password: $auth_pwd
masquerade:
type: proxy
proxy:
url: https://$proxysite
rewriteHost: true
EOF
# 确定最终入站端口范围
if [[ -n $firstport ]]; then
last_port="$port,$firstport-$endport"
else
last_port=$port
fi
# 给 IPv6 地址加中括号
if [[ -n $(echo $ip | grep ":") ]]; then
last_ip="[$ip]"
else
last_ip=$ip
fi
mkdir /root/hy
cat << EOF > /root/hy/hy-client.yaml
server: $last_ip:$last_port
auth: $auth_pwd
tls:
sni: $hy_domain
insecure: true
quic:
initStreamReceiveWindow: 16777216
maxStreamReceiveWindow: 16777216
initConnReceiveWindow: 33554432
maxConnReceiveWindow: 33554432
fastOpen: true
socks5:
listen: 127.0.0.1:5080
transport:
udp:
hopInterval: 30s
EOF
cat << EOF > /root/hy/hy-client.json
{
"server": "$last_ip:$last_port",
"auth": "$auth_pwd",
"tls": {
"sni": "$hy_domain",
"insecure": true
},
"quic": {
"initStreamReceiveWindow": 16777216,
"maxStreamReceiveWindow": 16777216,
"initConnReceiveWindow": 33554432,
"maxConnReceiveWindow": 33554432
},
"socks5": {
"listen": "127.0.0.1:5080"
},
"transport": {
"udp": {
"hopInterval": "30s"
}
}
}
EOF
url="hysteria2://$auth_pwd@$last_ip:$last_port/?insecure=1&sni=$hy_domain#Hysteria2-misaka"
echo $url > /root/hy/url.txt
systemctl daemon-reload
systemctl enable hysteria-server
systemctl start hysteria-server
if [[ -n $(systemctl status hysteria-server 2>/dev/null | grep -w active) && -f '/etc/hysteria/config.yaml' ]]; then
green "Hysteria 2 服务启动成功"
else
red "Hysteria 2 服务启动失败,请运行 systemctl status hysteria-server 查看服务状态并反馈,脚本退出" && exit 1
fi
red "======================================================================================"
green "Hysteria 2 代理服务安装完成"
yellow "Hysteria 2 客户端 YAML 配置文件 hy-client.yaml 内容如下,并保存到 /root/hy/hy-client.yaml"
red "$(cat /root/hy/hy-client.yaml)"
yellow "Hysteria 2 客户端 JSON 配置文件 hy-client.json 内容如下,并保存到 /root/hy/hy-client.json"
red "$(cat /root/hy/hy-client.json)"
yellow "Hysteria 2 节点分享链接如下,并保存到 /root/hy/url.txt"
red "$(cat /root/hy/url.txt)"
}
unsthysteria(){
systemctl stop hysteria-server.service >/dev/null 2>&1
systemctl disable hysteria-server.service >/dev/null 2>&1
rm -f /lib/systemd/system/hysteria-server.service /lib/systemd/system/hysteria-server@.service
rm -rf /usr/local/bin/hysteria /etc/hysteria /root/hy /root/hysteria.sh
iptables -t nat -F PREROUTING >/dev/null 2>&1
netfilter-persistent save >/dev/null 2>&1
green "Hysteria 2 已彻底卸载完成!"
}
starthysteria(){
systemctl start hysteria-server
systemctl enable hysteria-server >/dev/null 2>&1
}
stophysteria(){
systemctl stop hysteria-server
systemctl disable hysteria-server >/dev/null 2>&1
}
hysteriaswitch(){
yellow "请选择你需要的操作:"
echo ""
echo -e " ${GREEN}1.${PLAIN} 启动 Hysteria 2"
echo -e " ${GREEN}2.${PLAIN} 关闭 Hysteria 2"
echo -e " ${GREEN}3.${PLAIN} 重启 Hysteria 2"
echo ""
read -rp "请输入选项 [0-3]: " switchInput
case $switchInput in
1 ) starthysteria ;;
2 ) stophysteria ;;
3 ) stophysteria && starthysteria ;;
* ) exit 1 ;;
esac
}
changeport(){
oldport=$(cat /etc/hysteria/config.yaml 2>/dev/null | sed -n 1p | awk '{print $2}' | awk -F ":" '{print $2}')
read -p "设置 Hysteria 2 端口[1-65535](回车则随机分配端口):" port
[[ -z $port ]] && port=$(shuf -i 2000-65535 -n 1)
until [[ -z $(ss -tunlp | grep -w udp | awk '{print $5}' | sed 's/.*://g' | grep -w "$port") ]]; do
if [[ -n $(ss -tunlp | grep -w udp | awk '{print $5}' | sed 's/.*://g' | grep -w "$port") ]]; then
echo -e "${RED} $port ${PLAIN} 端口已经被其他程序占用,请更换端口重试!"
read -p "设置 Hysteria 2 端口 [1-65535](回车则随机分配端口):" port
[[ -z $port ]] && port=$(shuf -i 2000-65535 -n 1)
fi
done
sed -i "1s#$oldport#$port#g" /etc/hysteria/config.yaml
sed -i "1s#$oldport#$port#g" /root/hy/hy-client.yaml
sed -i "2s#$oldport#$port#g" /root/hy/hy-client.json
stophysteria && starthysteria
green "Hysteria 2 端口已成功修改为:$port"
yellow "请手动更新客户端配置文件以使用节点"
showconf
}
changepasswd(){
oldpasswd=$(cat /etc/hysteria/config.yaml 2>/dev/null | sed -n 15p | awk '{print $2}')
read -p "设置 Hysteria 2 密码(回车跳过为随机字符):" passwd
[[ -z $passwd ]] && passwd=$(date +%s%N | md5sum | cut -c 1-8)
sed -i "1s#$oldpasswd#$passwd#g" /etc/hysteria/config.yaml
sed -i "1s#$oldpasswd#$passwd#g" /root/hy/hy-client.yaml
sed -i "3s#$oldpasswd#$passwd#g" /root/hy/hy-client.json
stophysteria && starthysteria
green "Hysteria 2 节点密码已成功修改为:$passwd"
yellow "请手动更新客户端配置文件以使用节点"
showconf
}
change_cert(){
old_cert=$(cat /etc/hysteria/config.yaml | grep cert | awk -F " " '{print $2}')
old_key=$(cat /etc/hysteria/config.yaml | grep key | awk -F " " '{print $2}')
old_hydomain=$(cat /root/hy/hy-client.yaml | grep sni | awk '{print $2}')
inst_cert
sed -i "s!$old_cert!$cert_path!g" /etc/hysteria/config.yaml
sed -i "s!$old_key!$key_path!g" /etc/hysteria/config.yaml
sed -i "6s/$old_hydomain/$hy_domain/g" /root/hy/hy-client.yaml
sed -i "5s/$old_hydomain/$hy_domain/g" /root/hy/hy-client.json
stophysteria && starthysteria
green "Hysteria 2 节点证书类型已成功修改"
yellow "请手动更新客户端配置文件以使用节点"
showconf
}
changeproxysite(){
oldproxysite=$(cat /etc/hysteria/config.yaml | grep url | awk -F " " '{print $2}' | awk -F "https://" '{print $2}')
inst_site
sed -i "s#$oldproxysite#$proxysite#g" /etc/caddy/Caddyfile
stophysteria && starthysteria
green "Hysteria 2 节点伪装网站已成功修改为:$proxysite"
}
changeconf(){
green "Hysteria 2 配置变更选择如下:"
echo -e " ${GREEN}1.${PLAIN} 修改端口"
echo -e " ${GREEN}2.${PLAIN} 修改密码"
echo -e " ${GREEN}3.${PLAIN} 修改证书类型"
echo -e " ${GREEN}4.${PLAIN} 修改伪装网站"
echo ""
read -p " 请选择操作 [1-4]" confAnswer
case $confAnswer in
1 ) changeport ;;
2 ) changepasswd ;;
3 ) change_cert ;;
4 ) changeproxysite ;;
* ) exit 1 ;;
esac
}
showconf(){
yellow "Hysteria 2 客户端 YAML 配置文件 hy-client.yaml 内容如下,并保存到 /root/hy/hy-client.yaml"
red "$(cat /root/hy/hy-client.yaml)"
yellow "Hysteria 2 客户端 JSON 配置文件 hy-client.json 内容如下,并保存到 /root/hy/hy-client.json"
red "$(cat /root/hy/hy-client.json)"
yellow "Hysteria 2 节点分享链接如下,并保存到 /root/hy/url.txt"
red "$(cat /root/hy/url.txt)"
}
menu() {
clear
echo "#############################################################"
echo -e "# ${RED}Hysteria 2 一键安装脚本${PLAIN} #"
echo -e "# ${GREEN}作者${PLAIN}: MisakaNo の 小破站 #"
echo -e "# ${GREEN}博客${PLAIN}: https://blog.misaka.rest #"
echo -e "# ${GREEN}GitHub 项目${PLAIN}: https://github.com/Misaka-blog #"
echo -e "# ${GREEN}GitLab 项目${PLAIN}: https://gitlab.com/Misaka-blog #"
echo -e "# ${GREEN}Telegram 频道${PLAIN}: https://t.me/misakanocchannel #"
echo -e "# ${GREEN}Telegram 群组${PLAIN}: https://t.me/misakanoc #"
echo -e "# ${GREEN}YouTube 频道${PLAIN}: https://www.youtube.com/@misaka-blog #"
echo "#############################################################"
echo ""
echo -e " ${GREEN}1.${PLAIN} 安装 Hysteria 2"
echo -e " ${GREEN}2.${PLAIN} ${RED}卸载 Hysteria 2${PLAIN}"
echo " -------------"
echo -e " ${GREEN}3.${PLAIN} 关闭、开启、重启 Hysteria 2"
echo -e " ${GREEN}4.${PLAIN} 修改 Hysteria 2 配置"
echo -e " ${GREEN}5.${PLAIN} 显示 Hysteria 2 配置文件"
echo " -------------"
echo -e " ${GREEN}0.${PLAIN} 退出脚本"
echo ""
read -rp "请输入选项 [0-5]: " menuInput
case $menuInput in
1 ) insthysteria ;;
2 ) unsthysteria ;;
3 ) hysteriaswitch ;;
4 ) changeconf ;;
5 ) showconf ;;
* ) exit 1 ;;
esac
}
menu

22
Hysteria/hysteria证书申请.sh Normal file
View File

@@ -0,0 +1,22 @@
#!/bin/bash
export DOMAIN_NAME=super-idol.107421.xyz
export CF_Token="oXJRP5XI8Zhipa_PtYtB_jy6qWL0I9BosrJEYE8p"
export CF_Account_ID="dfaadeb83406ef5ad35da02617af9191"
export CF_Zone_ID="511894a4f1357feb905e974e16241ebb"
acme.sh --issue --dns dns_cf -d ${DOMAIN_NAME} --keylength ec-256
acme.sh --install-cert -d ${DOMAIN_NAME} --ecc \
--key-file /etc/nginx/conf.d/ssl_key/${DOMAIN_NAME}.key.pem \
--fullchain-file /etc/nginx/conf.d/ssl_key/${DOMAIN_NAME}.cert.pem \
--reloadcmd "systemctl restart nginx --force"
openssl x509 -noout -fingerprint -sha256 -in /root/.acme.sh/super-idol.107421.xyz_ecc/super-idol.107421.xyz.cer
cp /root/.acme.sh/super-idol.107421.xyz_ecc/super-idol.107421.xyz.cer /etc/hysteria/super-idol.107421.xyz.cert
cp /root/.acme.sh/super-idol.107421.xyz_ecc/super-idol.107421.xyz.key /etc/hysteria/super-idol.107421.xyz.key

31
Hysteria/客户端配置.yaml Normal file
View File

@@ -0,0 +1,31 @@
server: 140.238.8.73:29100
auth: V2ryStr0ngP@ss
tls:
sni: super-idol.107421.xyz
insecure: false
pinSHA256: 71:82:78:59:3B:9B:33:50:9C:02:A7:C3:DF:9B:77:6B:81:E2:B7:C8:56:B0:25:4F:D2:0E:B8:FB:E0:46:3D:4A
quic:
initStreamReceiveWindow: 16777216
maxStreamReceiveWindow: 16777216
initConnReceiveWindow: 33554432
maxConnReceiveWindow: 33554432
maxIdleTimeout: 10s
maxIncomingStreams: 128
disablePathMTUDiscovery: false
obfs:
type: salamander
salamander:
password: fuck_ufw
fastOpen: false
socks5:
listen: 127.0.0.1:5080
transport:
udp:
hopInterval: 10s

29
Hysteria/服务端配置.yaml Normal file
View File

@@ -0,0 +1,29 @@
listen: :29100
tls:
cert: /etc/hysteria/super-idol.107421.xyz.cert
key: /etc/hysteria/super-idol.107421.xyz.key
quic:
initStreamReceiveWindow: 16777216
maxStreamReceiveWindow: 16777216
initConnReceiveWindow: 33554432
maxConnReceiveWindow: 33554432
maxIdleTimeout: 10s
maxIncomingStreams: 128
disablePathMTUDiscovery: false
obfs:
type: salamander
salamander:
password: fuck_ufw
auth:
type: password
password: V2ryStr0ngP@ss
masquerade:
type: proxy
proxy:
url: https://aws.amazon.com
rewriteHost: true

12
Hysteria/需要配合iptables使用.txt Normal file
View File

@@ -0,0 +1,12 @@
Hysteria 服务端并不能同时监听多个端口,因此不能在服务器端使用上面的格式作为监听地址。建议配合 iptables 的 DNAT 将端口转发到服务器的监听端口。
# IPv4
iptables -t nat -A PREROUTING -i ens3 -p udp --dport 19100:19300 -j DNAT --to-destination :19100
iptables -t nat -A PREROUTING -i ens3 -p tcp --dport 19100:19300 -j DNAT --to-destination :19100
# IPv6
ip6tables -t nat -A PREROUTING -i ens3 -p udp --dport 19100:19300 -j DNAT --to-destination :19100
iptables -t nat -L
iptables -t nat -D PREROUTING 1
iptables -t nat -nL --line-number