diff --git a/README.md b/README.md index 7d01dfc..78ce677 100644 --- a/README.md +++ b/README.md @@ -1,8 +1,14 @@ # Xray-install +English | [简体中文](README_zh-Hans.md) | [繁體中文](README_zh-Hant.md) + Bash script for installing Xray in operating systems such as CentOS / Debian / OpenSUSE that support systemd. -[Filesystem Hierarchy Standard (FHS)](https://en.wikipedia.org/wiki/Filesystem_Hierarchy_Standard) +**For Alpine Linux users**, please refer to **[Alpine Linux Specific Instructions](alpinelinux/README.md)** for installation scripts and guides tailored for Alpine Linux. + +--- + +#### [Filesystem Hierarchy Standard (FHS)](https://en.wikipedia.org/wiki/Filesystem_Hierarchy_Standard) ``` installed: /etc/systemd/system/xray.service @@ -53,6 +59,7 @@ bash -c "$(curl -L https://github.com/XTLS/Xray-install/raw/main/install-release ``` bash -c "$(curl -L https://github.com/XTLS/Xray-install/raw/main/install-release.sh)" @ install --logrotate $time ``` + ``` installed: /etc/systemd/system/logrotate@.service installed: /etc/systemd/system/logrotate@.timer diff --git a/README_zh-Hans.md b/README_zh-Hans.md new file mode 100644 index 0000000..447dcfe --- /dev/null +++ b/README_zh-Hans.md @@ -0,0 +1,97 @@ +# Xray-install + +[English](README.md) | 简体中文 | [繁體中文](README_zh-Hant.md) + +用于在支持 systemd 的操作系统(如 CentOS / Debian / OpenSUSE)中安装 Xray 的 Bash 脚本。 + +**对于 Alpine Linux 用户**,请参考 **[Alpine Linux 专用说明](alpinelinux/README_zh-Hans.md)** 以获取适用于 Alpine Linux 的安装脚本和指南。 + +--- + +#### [文件系统层次结构标准 (FHS)](https://en.wikipedia.org/wiki/Filesystem_Hierarchy_Standard) + +``` +已安装文件: +- /etc/systemd/system/xray.service +- /etc/systemd/system/xray@.service + +- /usr/local/bin/xray +- /usr/local/etc/xray/*.json + +- /usr/local/share/xray/geoip.dat +- /usr/local/share/xray/geosite.dat + +- /var/log/xray/access.log +- /var/log/xray/error.log +``` + +注意:Xray 默认不会将日志记录到 `/var/log/xray/*.log`。请配置 `"log"` 来指定日志文件。 + +## 基本用法 + +**安装并升级 Xray-core 和地理数据,默认使用 `User=nobody`,但不会覆盖已有服务文件中的 `User` 设置** + +``` +bash -c "$(curl -L https://github.com/XTLS/Xray-install/raw/main/install-release.sh)" @ install +``` + +**仅更新 geoip.dat 和 geosite.dat** + +``` +bash -c "$(curl -L https://github.com/XTLS/Xray-install/raw/main/install-release.sh)" @ install-geodata +``` + +**移除 Xray,但保留 json 配置文件和日志** + +``` +bash -c "$(curl -L https://github.com/XTLS/Xray-install/raw/main/install-release.sh)" @ remove +``` + +## 高级用法 + +**安装并升级 Xray-core 到预发布版本** + +``` +bash -c "$(curl -L https://github.com/XTLS/Xray-install/raw/main/install-release.sh)" @ install --beta +``` + +**安装并升级 Xray-core 和地理数据,并启用 `logrotate`,`$time` 可以是 12:34:56 格式的时间** + +``` +bash -c "$(curl -L https://github.com/XTLS/Xray-install/raw/main/install-release.sh)" @ install --logrotate $time +``` + +``` +已安装文件: +- /etc/systemd/system/logrotate@.service +- /etc/systemd/system/logrotate@.timer +- /etc/logrotate.d/xray +``` + +**安装并升级 Xray-core 和地理数据,使用 `User=root`,会覆盖已有服务文件中的 `User` 设置** + +``` +bash -c "$(curl -L https://github.com/XTLS/Xray-install/raw/main/install-release.sh)" @ install -u root +``` + +**安装并升级 Xray-core,但不包含地理数据** + +``` +bash -c "$(curl -L https://github.com/XTLS/Xray-install/raw/main/install-release.sh)" @ install --without-geodata +``` + +**移除 Xray,包括 json 配置文件和日志** + +``` +bash -c "$(curl -L https://github.com/XTLS/Xray-install/raw/main/install-release.sh)" @ remove --purge +``` + +## 更多用法 + +``` +bash -c "$(curl -L https://github.com/XTLS/Xray-install/raw/main/install-release.sh)" @ help +``` + +## 星标趋势图 + +[![星标趋势图](https://starchart.cc/XTLS/Xray-install.svg)](https://starchart.cc/XTLS/Xray-install) diff --git a/README_zh-Hant.md b/README_zh-Hant.md new file mode 100644 index 0000000..e47b1e8 --- /dev/null +++ b/README_zh-Hant.md @@ -0,0 +1,97 @@ +# Xray-install + +[English](README.md) | [简体中文](README_zh-Hans.md) | 繁體中文 + +用於在支持 systemd 的作業系統(如 CentOS / Debian / OpenSUSE)中安裝 Xray 的 Bash 腳本。 + +**對於 Alpine Linux 使用者**,請參考 **[Alpine Linux 專用說明](alpinelinux/README_zh-Hant.md)** 以獲取適用於 Alpine Linux 的安裝腳本和指南。 + +--- + +#### [檔案系統層次結構標準 (FHS)](https://en.wikipedia.org/wiki/Filesystem_Hierarchy_Standard) + +``` +已安裝檔案: +- /etc/systemd/system/xray.service +- /etc/systemd/system/xray@.service + +- /usr/local/bin/xray +- /usr/local/etc/xray/*.json + +- /usr/local/share/xray/geoip.dat +- /usr/local/share/xray/geosite.dat + +- /var/log/xray/access.log +- /var/log/xray/error.log +``` + +注意:Xray 預設不會將日誌記錄到 `/var/log/xray/*.log`。請配置 `"log"` 來指定日誌檔案。 + +## 基本用法 + +**安裝並升級 Xray-core 和地理數據,預設使用 `User=nobody`,但不會覆蓋已有服務檔案中的 `User` 設定** + +``` +bash -c "$(curl -L https://github.com/XTLS/Xray-install/raw/main/install-release.sh)" @ install +``` + +**僅更新 geoip.dat 和 geosite.dat** + +``` +bash -c "$(curl -L https://github.com/XTLS/Xray-install/raw/main/install-release.sh)" @ install-geodata +``` + +**移除 Xray,但保留 json 設定檔案和日誌** + +``` +bash -c "$(curl -L https://github.com/XTLS/Xray-install/raw/main/install-release.sh)" @ remove +``` + +## 進階用法 + +**安裝並升級 Xray-core 到預發布版本** + +``` +bash -c "$(curl -L https://github.com/XTLS/Xray-install/raw/main/install-release.sh)" @ install --beta +``` + +**安裝並升級 Xray-core 和地理數據,並啟用 `logrotate`,`$time` 可以是 12:34:56 格式的時間** + +``` +bash -c "$(curl -L https://github.com/XTLS/Xray-install/raw/main/install-release.sh)" @ install --logrotate $time +``` + +``` +已安裝檔案: +- /etc/systemd/system/logrotate@.service +- /etc/systemd/system/logrotate@.timer +- /etc/logrotate.d/xray +``` + +**安裝並升級 Xray-core 和地理數據,使用 `User=root`,會覆蓋已有服務檔案中的 `User` 設定** + +``` +bash -c "$(curl -L https://github.com/XTLS/Xray-install/raw/main/install-release.sh)" @ install -u root +``` + +**安裝並升級 Xray-core,但不包含地理數據** + +``` +bash -c "$(curl -L https://github.com/XTLS/Xray-install/raw/main/install-release.sh)" @ install --without-geodata +``` + +**移除 Xray,包括 json 設定檔案和日誌** + +``` +bash -c "$(curl -L https://github.com/XTLS/Xray-install/raw/main/install-release.sh)" @ remove --purge +``` + +## 更多用法 + +``` +bash -c "$(curl -L https://github.com/XTLS/Xray-install/raw/main/install-release.sh)" @ help +``` + +## 星標趨勢圖 + +[![星標趨勢圖](https://starchart.cc/XTLS/Xray-install.svg)](https://starchart.cc/XTLS/Xray-install) diff --git a/alpinelinux/README.md b/alpinelinux/README.md new file mode 100644 index 0000000..f1b4e13 --- /dev/null +++ b/alpinelinux/README.md @@ -0,0 +1,78 @@ +# Xray-install for Alpine Linux + +English | [简体中文](README_zh-Hans.md) | [繁體中文](README_zh-Hant.md) + +## Install Xray + +#### Install cURL + +```sh +apk add curl +``` + +#### Download Installation Script + +```sh +curl -O https://raw.githubusercontent.com/XTLS/Xray-install/main/alpinelinux/install-release.sh +``` + +#### Run Installation Script + +```sh +ash install-release.sh +``` + +## Management Commands + +#### Enable Xray Service (Auto-start on Boot) + +```sh +rc-update add xray +``` + +#### Disable Xray Service (Remove from Auto-start) + +```sh +rc-update del xray +``` + +#### Start Xray + +```sh +rc-service xray start +``` + +#### Stop Xray + +```sh +rc-service xray stop +``` + +#### Restart Xray + +```sh +rc-service xray restart +``` + +## Breaking Changes at 2025-04-09 + +#### Path Change: Original path `/usr/local/lib/xray/` has been updated to new path `/usr/local/share/xray/` + +- This directory contains `geosite.dat` and `geoip.dat` +- If you have scripts to automatically update these files, please adjust them accordingly +- Regular users can ignore this change + +#### Watchdog: Xray process will now automatically restart indefinitely (every 5 seconds) upon panic, unless it panic 3 times in 10 minutes + +- Advanced users no longer need to manually modify `/etc/init.d/xray` or write custom daemon scripts +- Regular users can ignore this change + +#### No `root` Required: Xray now retains privileges (capabilities) to support `tproxy` and `sockopt` even when running as `nobody` + +- Advanced users **should not** (and need not) run Xray as `root` anymore — it already has all required network privileges +- If you run Xray as a **server** (not client), you _may_ optionally run the command below to reduce capabilities. This theoretically minimizes attack surface but has negligible practical impact +- Regular users can ignore this change + +```sh +sed -i 's/^capabilities="^cap_net_bind_service,^cap_net_admin,^cap_net_raw"$/capabilities="^cap_net_bind_service"/g' /etc/init.d/xray +``` diff --git a/alpinelinux/README_zh-Hans.md b/alpinelinux/README_zh-Hans.md new file mode 100644 index 0000000..e946c86 --- /dev/null +++ b/alpinelinux/README_zh-Hans.md @@ -0,0 +1,78 @@ +# Xray-install for Alpine Linux + +[English](README.md) | 简体中文 | [繁體中文](README_zh-Hant.md) + +## 安装 Xray + +#### 安装 cURL + +```sh +apk add curl +``` + +#### 下载安装脚本 + +```sh +curl -O https://raw.githubusercontent.com/XTLS/Xray-install/main/alpinelinux/install-release.sh +``` + +#### 运行安装脚本 + +```sh +ash install-release.sh +``` + +## 管理命令 + +#### 启用 Xray 服务 (开机自启) + +```sh +rc-update add xray +``` + +#### 禁用 Xray 服务 (取消自启) + +```sh +rc-update del xray +``` + +#### 运行 Xray + +```sh +rc-service xray start +``` + +#### 停止 Xray + +```sh +rc-service xray stop +``` + +#### 重启 Xray + +```sh +rc-service xray restart +``` + +## 重大更改 at 2025-04-09 + +#### 路径变更:原路径 `/usr/local/lib/xray/` 变更为 新路径 `/usr/local/share/xray/` + +- 此目录存放了 `geosite.dat` 和 `geoip.dat` +- 如果你编写了一些脚本来自动更新这些文件,需要留意此项改动 +- 普通用户无需关注此改动 + +#### 看门狗:若 Xray 进程 `panic` 将无限自动重启,间隔 5 秒,除非 10 分钟内崩溃 3 次 + +- 对于高级用户,你无需再手动调整 `/etc/init.d/xray` 或自己编写 daemon 脚本了 +- 普通用户无需关注此改动 + +#### 无需 `root`:已为 Xray 授予特权,即便以 `nobody` 身份运行也支持 `tproxy` 和 `sockopt` + +- 对于高级用户,你无需、也**不应该**再让 Xray 以 `root` 身份运行,现在它们已具备所有网络特权 +- 如果你的 Xray 作为**节点**而不是客户端运行,或*可考虑*执行下面的命令撤销部分网络特权。理论上可以降低攻击面,实际上无关痛痒 +- 普通用户无需关注此改动 + +```sh +sed -i 's/^capabilities="^cap_net_bind_service,^cap_net_admin,^cap_net_raw"$/capabilities="^cap_net_bind_service"/g' /etc/init.d/xray +``` diff --git a/alpinelinux/README_zh-Hant.md b/alpinelinux/README_zh-Hant.md new file mode 100644 index 0000000..9fcea8e --- /dev/null +++ b/alpinelinux/README_zh-Hant.md @@ -0,0 +1,78 @@ +# Xray-install for Alpine Linux + +[English](README.md) | [简体中文](README_zh-Hans.md) | 繁體中文 + +## 安裝 Xray + +#### 安裝 cURL + +```sh +apk add curl +``` + +#### 下載安裝腳本 + +```sh +curl -O https://raw.githubusercontent.com/XTLS/Xray-install/main/alpinelinux/install-release.sh +``` + +#### 執行安裝腳本 + +```sh +ash install-release.sh +``` + +## 管理指令 + +#### 啟用 Xray 服務 (開機自啟) + +```sh +rc-update add xray +``` + +#### 停用 Xray 服務 (取消自啟) + +```sh +rc-update del xray +``` + +#### 啟動 Xray + +```sh +rc-service xray start +``` + +#### 關閉 Xray + +```sh +rc-service xray stop +``` + +#### 重啟 Xray + +```sh +rc-service xray restart +``` + +## 重大變更 at 2025-04-09 + +#### 路徑變更:原始路徑 `/usr/local/lib/xray/` 變更為 新路徑 `/usr/local/share/xray/` + +- 此目錄存放了 `geosite.dat` 和 `geoip.dat` +- 如果你編寫了一些腳本來自動更新這些文件,需要留意此項改動 +- 普通用戶無需關注此改動 + +#### 看門狗:若 Xray 進程 `panic` 將無限自動重啟,間隔 5 秒,除非 10 分鐘內崩潰 3 次 + +- 對於高級用戶,你無需再手動調整 `/etc/init.d/xray` 或自己編寫 daemon 腳本了 +- 普通用戶無需關注此改動 + +#### 無需 `root`:已為 Xray 授予特權,即便以 `nobody` 身分執行也支援 `tproxy` 和 `sockopt` + +- 對於高級用戶,你無需、也**不應該**再讓 Xray 以 `root` 身份運行,現在它們已具備所有網絡特權 +- 如果你的 Xray 是作為**節點**而不是客戶端運行,或*可考慮*執行下面的命令撤銷部分網路特權。理論上可以降低攻擊面,實際上無關痛癢 +- 普通用戶無需關注此改動 + +```sh +sed -i 's/^capabilities="^cap_net_bind_service,^cap_net_admin,^cap_net_raw"$/capabilities="^cap_net_bind_service"/g' /etc/init.d/xray +``` diff --git a/alpinelinux/init.d/xray b/alpinelinux/init.d/xray new file mode 100644 index 0000000..aece55b --- /dev/null +++ b/alpinelinux/init.d/xray @@ -0,0 +1,37 @@ +#!/sbin/openrc-run + +name="Xray Daemon" +description="A unified platform for anti-censorship" + +supervisor=supervise-daemon +respawn_delay=5 +respawn_max=2 +respawn_period=600 + +pidfile="/run/${RC_SVCNAME}.pid" +rc_ulimit="-n 1024000 -u 1024000" +capabilities="^cap_net_bind_service,^cap_net_admin,^cap_net_raw" +extra_commands="checkconfig" + +env=${env:-"XRAY_LOCATION_ASSET=/usr/local/share/xray/"} # See: https://github.com/XTLS/Xray-core/blob/main/common/platform/platform.go +confdir=${confdir:-"/usr/local/etc/xray/"} +command="/usr/local/bin/xray" +command_user="nobody:nobody" +command_args="run -confdir $confdir" +required_files="$confdir" + +depend() { + need net + want dns ntp-client + after firewall +} + +checkconfig() { + export $env + $command $command_args -test + eend $? +} + +start_pre() { + checkconfig || return 1 +} diff --git a/alpinelinux/install-release.sh b/alpinelinux/install-release.sh new file mode 100644 index 0000000..e49a2f7 --- /dev/null +++ b/alpinelinux/install-release.sh @@ -0,0 +1,231 @@ +#!/usr/bin/env ash +# shellcheck shell=dash + +set -euo pipefail + +check_alpine() { + if [ -f /etc/alpine-release ]; then + return 0 + else + return 1 + fi +} + +check_if_running_as_root() { + # If you want to run as another user, please modify $EUID to be owned by this user + if [ "$(id -u)" -eq 0 ]; then + return 0 + else + echo "error: You must run this script as root!" + return 1 + fi +} + +identify_architecture() { + if [ "$(uname)" != 'Linux' ]; then + echo "error: This operating system is not supported." + return 1 + fi + case "$(uname -m)" in + 'i386' | 'i686') + MACHINE='32' + ;; + 'amd64' | 'x86_64') + MACHINE='64' + ;; + 'armv5tel') + MACHINE='arm32-v5' + ;; + 'armv6l') + MACHINE='arm32-v6' + grep Features /proc/cpuinfo | grep -qw 'vfp' || MACHINE='arm32-v5' + ;; + 'armv7' | 'armv7l') + MACHINE='arm32-v7a' + grep Features /proc/cpuinfo | grep -qw 'vfp' || MACHINE='arm32-v5' + ;; + 'armv8' | 'aarch64') + MACHINE='arm64-v8a' + ;; + 'mips') + MACHINE='mips32' + ;; + 'mipsle') + MACHINE='mips32le' + ;; + 'mips64') + MACHINE='mips64' + lscpu | grep -q "Little Endian" && MACHINE='mips64le' + ;; + 'mips64le') + MACHINE='mips64le' + ;; + 'ppc64') + MACHINE='ppc64' + ;; + 'ppc64le') + MACHINE='ppc64le' + ;; + 'riscv64') + MACHINE='riscv64' + ;; + 's390x') + MACHINE='s390x' + ;; + *) + echo "error: The architecture is not supported." + return 1 + ;; + esac + if [ ! -f '/etc/os-release' ]; then + echo "error: Don't use outdated Linux distributions." + return 1 + fi +} + +install_dependencies() { + if [ -n "$(command -v curl)" ]; then + return + fi + if [ -n "$(command -v unzip)" ]; then + return + fi + if [ "$(command -v apk)" ]; then + echo "Installing required dependencies..." + apk add curl unzip + else + echo "error: The script does not support the package manager in this operating system." + exit 1 + fi +} + +download_xray() { + echo "Downloading Xray files..." + if ! curl -f -L -H 'Cache-Control: no-cache' -o "$ZIP_FILE" "$DOWNLOAD_LINK" -#; then + echo 'error: Download failed! Please check your network or try again.' + exit 1 + fi + + if ! curl -f -L -H 'Cache-Control: no-cache' -o "$ZIP_FILE.dgst" "$DOWNLOAD_LINK.dgst" -#; then + echo 'error: Download failed! Please check your network or try again.' + exit 1 + fi +} + +verification_xray() { + CHECKSUM=$(awk -F '= ' '/256=/ {print $2}' "$ZIP_FILE.dgst") + LOCALSUM=$(sha256sum "$ZIP_FILE" | awk '{printf $1}') + if [ "$CHECKSUM" != "$LOCALSUM" ]; then + echo 'error: SHA256 check failed! Please check your network or try again.' + return 1 + fi +} + +decompression() { + unzip -q "$ZIP_FILE" -d "$TMP_DIRECTORY" +} + +is_it_running() { + XRAY_RUNNING='0' + if [ -n "$(pgrep xray)" ]; then + rc-service xray stop + XRAY_RUNNING='1' + fi +} + +install_xray() { + install -m 755 "${TMP_DIRECTORY}xray" "/usr/local/bin/xray" + install -d /usr/local/share/xray/ + install -m 644 "${TMP_DIRECTORY}geoip.dat" "/usr/local/share/xray/geoip.dat" + install -m 644 "${TMP_DIRECTORY}geosite.dat" "/usr/local/share/xray/geosite.dat" +} + +install_confdir() { + CONFDIR='0' + if [ ! -d '/usr/local/etc/xray/' ]; then + install -d /usr/local/etc/xray/ + for BASE in 00_log 01_api 02_dns 03_routing 04_policy 05_inbounds 06_outbounds 07_transport 08_stats 09_reverse; do + echo '{}' >"/usr/local/etc/xray/$BASE.json" + done + CONFDIR='1' + fi +} + +install_log() { + LOG='0' + if [ ! -d '/var/log/xray/' ]; then + install -d -o nobody -g nobody /var/log/xray/ + install -m 600 -o nobody -g nobody /dev/null /var/log/xray/access.log + install -m 600 -o nobody -g nobody /dev/null /var/log/xray/error.log + LOG='1' + fi +} + +install_startup_service_file() { + OPENRC='0' + if [ ! -f '/etc/init.d/xray' ]; then + mkdir "${TMP_DIRECTORY}init.d/" + if ! curl -f -L -o "${TMP_DIRECTORY}init.d/xray" https://raw.githubusercontent.com/XTLS/Xray-install/main/alpinelinux/init.d/xray -sS; then + echo 'error: Failed to start service file download! Please check your network or try again.' + exit 1 + fi + install -m 755 "${TMP_DIRECTORY}init.d/xray" /etc/init.d/xray + OPENRC='1' + fi +} + +information() { + echo 'installed: /usr/local/bin/xray' + echo 'installed: /usr/local/share/xray/geoip.dat' + echo 'installed: /usr/local/share/xray/geosite.dat' + if [ "$CONFDIR" -eq '1' ]; then + echo 'installed: /usr/local/etc/xray/00_log.json' + echo 'installed: /usr/local/etc/xray/01_api.json' + echo 'installed: /usr/local/etc/xray/02_dns.json' + echo 'installed: /usr/local/etc/xray/03_routing.json' + echo 'installed: /usr/local/etc/xray/04_policy.json' + echo 'installed: /usr/local/etc/xray/05_inbounds.json' + echo 'installed: /usr/local/etc/xray/06_outbounds.json' + echo 'installed: /usr/local/etc/xray/07_transport.json' + echo 'installed: /usr/local/etc/xray/08_stats.json' + echo 'installed: /usr/local/etc/xray/09_reverse.json' + fi + if [ "$LOG" -eq '1' ]; then + echo 'installed: /var/log/xray/' + fi + if [ "$OPENRC" -eq '1' ]; then + echo 'installed: /etc/init.d/xray' + fi + rm -r "$TMP_DIRECTORY" + echo "removed: $TMP_DIRECTORY" + echo "You may need to execute a command to remove dependent software: apk del curl unzip" + if [ "$XRAY_RUNNING" -eq '1' ]; then + rc-service xray start + else + echo 'Please execute the command: rc-update add xray; rc-service xray start' + fi + echo "info: Xray is installed." +} + +main() { + check_alpine || return 1 + check_if_running_as_root || return 1 + identify_architecture || return 1 + install_dependencies + + TMP_DIRECTORY="$(mktemp -d)/" + ZIP_FILE="${TMP_DIRECTORY}Xray-linux-$MACHINE.zip" + DOWNLOAD_LINK="https://github.com/XTLS/Xray-core/releases/latest/download/Xray-linux-$MACHINE.zip" + + download_xray + verification_xray + decompression + is_it_running + install_xray + install_confdir + install_log + install_startup_service_file || return 1 + information +} + +main