diff --git a/install.sh b/install.sh index e90fb6a..45b0073 100644 --- a/install.sh +++ b/install.sh @@ -1,11 +1,11 @@ #!/bin/bash #==================================================== -# System Request:Debian 7+/Ubuntu 14.04+/Centos 6+ +# System Request:Debian 9+/Ubuntu 18.04+/Centos 7+ # Author: wulabing # Dscription: V2ray ws+tls onekey -# Version: 3.3.1 -# Blog: https://www.wulabing.com +# Version: 5.0 +# email:wulabing@admin.com # Official document: www.v2ray.com #==================================================== @@ -23,10 +23,13 @@ OK="${Green}[OK]${Font}" Error="${Red}[错误]${Font}" v2ray_conf_dir="/etc/v2ray" -nginx_conf_dir="/etc/nginx/conf.d" +nginx_conf_dir="/etc/nginx/conf/conf.d" v2ray_conf="${v2ray_conf_dir}/config.json" nginx_conf="${nginx_conf_dir}/v2ray.conf" - +nginx_dir=$"/etc/nginx" +nginx_openssl_src="/usr/local/src" +nginx_version="1.16.1" +openssl_version="1.1.1d" #生成伪装路径 camouflage=`cat /dev/urandom | head -n 10 | md5sum | head -c 8` @@ -36,51 +39,30 @@ source /etc/os-release VERSION=`echo ${VERSION} | awk -F "[()]" '{print $2}'` check_system(){ - if [[ "${ID}" == "centos" && ${VERSION_ID} -ge 7 ]];then - echo -e "${OK} ${GreenBG} 当前系统为 Centos ${VERSION_ID} ${VERSION} ${Font} " + echo -e "${OK} ${GreenBG} 当前系统为 Centos ${VERSION_ID} ${VERSION} ${Font}" INS="yum" - echo -e "${OK} ${GreenBG} SElinux 设置中,请耐心等待,不要进行其他操作${Font} " - setsebool -P httpd_can_network_connect 1 - echo -e "${OK} ${GreenBG} SElinux 设置完成 ${Font} " - ## Centos 也可以通过添加 epel 仓库来安装,目前不做改动 - cat>/etc/yum.repos.d/nginx.repo<> /etc/apt/sources.list - echo "deb-src http://nginx.org/packages/mainline/debian/ ${VERSION} nginx" >> /etc/apt/sources.list - wget -nc https://nginx.org/keys/nginx_signing.key - apt-key add nginx_signing.key - fi elif [[ "${ID}" == "ubuntu" && `echo "${VERSION_ID}" | cut -d '.' -f1` -ge 16 ]];then - echo -e "${OK} ${GreenBG} 当前系统为 Ubuntu ${VERSION_ID} ${UBUNTU_CODENAME} ${Font} " + echo -e "${OK} ${GreenBG} 当前系统为 Ubuntu ${VERSION_ID} ${UBUNTU_CODENAME} ${Font}" INS="apt" - ## 添加 Nginx apt源 - if [ ! -f nginx_signing.key ];then - echo "deb http://nginx.org/packages/mainline/ubuntu/ ${UBUNTU_CODENAME} nginx" >> /etc/apt/sources.list - echo "deb-src http://nginx.org/packages/mainline/ubuntu/ ${UBUNTU_CODENAME} nginx" >> /etc/apt/sources.list - wget -nc https://nginx.org/keys/nginx_signing.key - apt-key add nginx_signing.key - fi + INS update else - echo -e "${Error} ${RedBG} 当前系统为 ${ID} ${VERSION_ID} 不在支持的系统列表内,安装中断 ${Font} " + echo -e "${Error} ${RedBG} 当前系统为 ${ID} ${VERSION_ID} 不在支持的系统列表内,安装中断 ${Font}" exit 1 fi + systemctl stop firewalld && systemctl disable firewalld + echo -e "${OK} ${GreenBG} firewalld 已关闭 ${Font}" } + is_root(){ if [ `id -u` == 0 ] - then echo -e "${OK} ${GreenBG} 当前用户是root用户,进入安装流程 ${Font} " + then echo -e "${OK} ${GreenBG} 当前用户是root用户,进入安装流程 ${Font}" sleep 3 else echo -e "${Error} ${RedBG} 当前用户不是root用户,请切换到root用户后重新执行脚本 ${Font}" @@ -96,57 +78,105 @@ judge(){ exit 1 fi } -ntpdate_install(){ +chrony_install(){ + ${INS} -y install chrony + judge "安装 chrony 时间同步服务 " + + timedatectl set-ntp true + if [[ "${ID}" == "centos" ]];then - ${INS} install ntpdate -y + systemctl enable chronyd && systemctl restart chronyd else - ${INS} update - ${INS} install ntpdate -y + systemctl enable chrony && systemctl restart chrony fi - judge "安装 NTPdate 时间同步服务 " + + judge "chronyd 启动 " + + timedatectl set-timezone Asia/Shanghai + + echo -e "${OK} ${GreenBG} 等待时间同步 ${Font}" + sleep 10 + + chronyc sourcestats -v + chronyc tracking -v + date + read -p "请确认时间是否准确,误差范围±3分钟(Y/N): " chrony_install + [[ -z ${chrony_install} ]] && chrony_install="Y" + case $chrony_install in + [yY][eE][sS]|[yY]) + echo -e "${GreenBG} 继续安装 ${Font}" + sleep 2 + ;; + *) + echo -e "${RedBG} 安装终止 ${Font}" + exit 2 + ;; + esac } -time_modify(){ - ntpdate_install - - systemctl stop ntp &>/dev/null - - echo -e "${Info} ${GreenBG} 正在进行时间同步 ${Font}" - ntpdate time.nist.gov - - if [[ $? -eq 0 ]];then - echo -e "${OK} ${GreenBG} 时间同步成功 ${Font}" - echo -e "${OK} ${GreenBG} 当前系统时间 `date -R`(请注意时区间时间换算,换算后时间误差应为三分钟以内)${Font}" - sleep 1 - else - echo -e "${Error} ${RedBG} 时间同步失败,请检查ntpdate服务是否正常工作 ${Font}" - fi -} dependency_install(){ ${INS} install wget git lsof -y if [[ "${ID}" == "centos" ]];then ${INS} -y install crontabs else - ${INS} install cron + ${INS} -y install cron fi judge "安装 crontab" - # 新版的IP判定不需要使用net-tools - # ${INS} install net-tools -y - # judge "安装 net-tools" + if [[ "${ID}" == "centos" ]];then + systemctl start crond && systemctl enable crond + else + touch /var/spool/cron/crontabs/root && chmod 600 /var/spool/cron/crontabs/root + systemctl start cron && systemctl enable cron + + fi + judge "crontab 自启动配置 " + + ${INS} install bc -y judge "安装 bc" ${INS} install unzip -y judge "安装 unzip" + + if [[ "${ID}" == "centos" ]];then + ${INS} -y groupinstall "Development tools" + else + ${INS} -y install build-essential + fi + judge "编译工具包 安装" + + if [[ "${ID}" == "centos" ]];then + ${INS} -y install pcre pcre-devel zlib-devel + else + ${INS} -y install libpcre3 libpcre3-dev zlib1g-dev + fi + + + judge "nginx 编译依赖" + +} +basic_optimization(){ + # 最大文件打开数 + sed -i '/^\*\ *soft\ *nofile\ *[[:digit:]]*/d' /etc/security/limits.conf + sed -i '/^\*\ *hard\ *nofile\ *[[:digit:]]*/d' /etc/security/limits.conf + echo '* soft nofile 65536' >> /etc/security/limits.conf + echo '* hard nofile 65536' >> /etc/security/limits.conf + + # 关闭 Selinux + if [[ "${ID}" == "centos" ]];then + sed -i 's/^SELINUX=.*/SELINUX=disabled/' /etc/selinux/config + setenforce 0 + fi + } port_alterid_set(){ stty erase '^H' && read -p "请输入连接端口(default:443):" port [[ -z ${port} ]] && port="443" - stty erase '^H' && read -p "请输入alterID(default:64):" alterID - [[ -z ${alterID} ]] && alterID="64" + stty erase '^H' && read -p "请输入alterID(default:4):" alterID + [[ -z ${alterID} ]] && alterID="4" } modify_port_UUID(){ let PORT=$RANDOM+10000 @@ -157,21 +187,17 @@ modify_port_UUID(){ sed -i "/\"path\"/c \\\t \"path\":\"\/${camouflage}\/\"" ${v2ray_conf} } modify_nginx(){ - ## sed 部分地方 适应新配置修正 - if [[ -f /etc/nginx/nginx.conf.bak ]];then - cp /etc/nginx/nginx.conf.bak /etc/nginx/nginx.conf - fi sed -i "1,/listen/{s/listen 443 ssl;/listen ${port} ssl;/}" ${nginx_conf} sed -i "/server_name/c \\\tserver_name ${domain};" ${nginx_conf} sed -i "/location/c \\\tlocation \/${camouflage}\/" ${nginx_conf} sed -i "/proxy_pass/c \\\tproxy_pass http://127.0.0.1:${PORT};" ${nginx_conf} sed -i "/return/c \\\treturn 301 https://${domain}\$request_uri;" ${nginx_conf} - sed -i "27i \\\tproxy_intercept_errors on;" /etc/nginx/nginx.conf + sed -i "27i \\\tproxy_intercept_errors on;" ${nginx_dir}/conf/nginx.conf } web_camouflage(){ ##请注意 这里和LNMP脚本的默认路径冲突,千万不要在安装了LNMP的环境下使用本脚本,否则后果自负 rm -rf /home/wwwroot && mkdir -p /home/wwwroot && cd /home/wwwroot - git clone https://github.com/wulabing/sCalc.git + git clone https://github.com/eyebluecn/levis.git judge "web 站点伪装" } v2ray_install(){ @@ -191,21 +217,60 @@ v2ray_install(){ echo -e "${Error} ${RedBG} V2ray 安装文件下载失败,请检查下载地址是否可用 ${Font}" exit 4 fi + # 清除临时文件 + rm -rf /root/v2ray } nginx_install(){ - ${INS} install nginx -y - if [[ -d /etc/nginx ]];then - echo -e "${OK} ${GreenBG} nginx 安装完成 ${Font}" - sleep 2 - else - echo -e "${Error} ${RedBG} nginx 安装失败 ${Font}" - exit 5 - fi - if [[ ! -f /etc/nginx/nginx.conf.bak ]];then - cp /etc/nginx/nginx.conf /etc/nginx/nginx.conf.bak - echo -e "${OK} ${GreenBG} nginx 初始配置备份完成 ${Font}" - sleep 1 - fi + wget -nc http://nginx.org/download/nginx-${nginx_version}.tar.gz -P ${nginx_openssl_src} + judge "Nginx 下载" + wget -nc https://www.openssl.org/source/openssl-${openssl_version}.tar.gz -P ${nginx_openssl_src} + judge "openssl 下载" + + cd ${nginx_openssl_src} + + [[ -d nginx-"$nginx_version" ]] && rm -rf nginx-"$nginx_version" + tar -zxvf nginx-"$nginx_version".tar.gz + + [[ -d openssl-"$openssl_version" ]] && rm -rf openssl-"$openssl_version" + tar -zxvf openssl-"$openssl_version".tar.gz + + [[ -d "$nginx_dir" ]] && rm -rf ${nginx_dir} + + echo -e "${OK} ${GreenBG} 即将开始编译安装 Nginx, 过程稍久,请耐心等待 ${Font}" + sleep 4 + + cd nginx-${nginx_version} + ./configure --prefix="${nginx_dir}" \ + --with-http_ssl_module \ + --with-http_gzip_static_module \ + --with-http_stub_status_module \ + --with-pcre \ + --with-http_realip_module \ + --with-http_flv_module \ + --with-http_mp4_module \ + --with-http_secure_link_module \ + --with-http_v2_module \ + --with-openssl=../openssl-"$openssl_version" + judge "编译检查" + make && make install + judge "Nginx 编译安装" + + # 修改基本配置 + sed -i 's/#user nobody;/user root;/' ${nginx_dir}/conf/nginx.conf + sed -i 's/worker_processes 1;/worker_processes 3;/' ${nginx_dir}/conf/nginx.conf + sed -i 's/ worker_connections 1024;/ worker_connections 4096;/' ${nginx_dir}/conf/nginx.conf + sed -i '$i include conf.d/*.conf;' ${nginx_dir}/conf/nginx.conf + + + + # 删除临时文件 + rm -rf nginx-"${nginx_version}" + rm -rf openssl-"${openssl_version}" + rm -rf ../nginx-"${nginx_version}".tar.gz + rm -rf ../openssl-"${openssl_version}".tar.gz + + # 添加配置文件夹,适配旧版脚本 + mkdir ${nginx_dir}/conf/conf.d } ssl_install(){ if [[ "${ID}" == "centos" ]];then @@ -217,10 +282,9 @@ ssl_install(){ curl https://get.acme.sh | sh judge "安装 SSL 证书生成脚本" - } domain_check(){ - stty erase '^H' && read -p "请输入你的域名信息(eg:www.wulabing.com):" domain + read -p "请输入你的域名信息(eg:www.wulabing.com):" domain domain_ip=`ping ${domain} -c 1 | sed '1{s/[^(]*(//;s/).*//;q}'` echo -e "${OK} ${GreenBG} 正在获取 公网ip 信息,请耐心等待 ${Font}" local_ip=`curl -4 ip.sb` @@ -231,6 +295,7 @@ domain_check(){ echo -e "${OK} ${GreenBG} 域名dns解析IP 与 本机IP 匹配 ${Font}" sleep 2 else + echo -e "${Error} ${RedBG} 请确保域名添加了正确的 A 记录,否则将无法正常使用 V2ray(y/n)" echo -e "${Error} ${RedBG} 域名dns解析IP 与 本机IP 不匹配 是否继续安装?(y/n)${Font}" && read install case $install in [yY][eE][sS]|[yY]) @@ -264,7 +329,8 @@ acme(){ if [[ $? -eq 0 ]];then echo -e "${OK} ${GreenBG} SSL 证书生成成功 ${Font}" sleep 2 - ~/.acme.sh/acme.sh --installcert -d ${domain} --fullchainpath /etc/v2ray/v2ray.crt --keypath /etc/v2ray/v2ray.key --ecc + mkdir /data + ~/.acme.sh/acme.sh --installcert -d ${domain} --fullchainpath /data/v2ray.crt --keypath /data/v2ray.key --ecc if [[ $? -eq 0 ]];then echo -e "${OK} ${GreenBG} 证书配置成功 ${Font}" sleep 2 @@ -285,14 +351,13 @@ nginx_conf_add(){ cat>${nginx_conf_dir}/v2ray.conf<> /etc/rc.local judge "设置 Nginx 开机自启" systemctl start v2ray judge "V2ray 启动" + + systemctl enable v2ray + judge "设置 v2ray 开机自启" } +#debian 系 9 10 适配 +rc_local_initialization(){ + if [[ -f /etc/rc.local ]];then + chmod +x /etc/rc.local + else + touch /etc/rc.local && chmod +x /etc/rc.local + echo "#!/bin/bash" >> /etc/rc.local + systemctl start rc-local + fi + + judge "rc.local 配置" +} acme_cron_update(){ if [[ "${ID}" == "centos" ]];then - sed -i "/acme.sh/c 0 0 * * 0 systemctl stop nginx && \"/root/.acme.sh\"/acme.sh --cron --home \"/root/.acme.sh\" \ - > /dev/null && systemctl start nginx " /var/spool/cron/root + sed -i "/acme.sh/c 0 0 * * 0 /etc/nginx/sbin/nginx -s stop && \"/root/.acme.sh\"/acme.sh --cron --home \"/root/.acme.sh\" \ + > /dev/null && /etc/nginx/sbin/nginx" /var/spool/cron/root else - sed -i "/acme.sh/c 0 0 * * 0 systemctl stop nginx && \"/root/.acme.sh\"/acme.sh --cron --home \"/root/.acme.sh\" \ - > /dev/null && systemctl start nginx " /var/spool/cron/crontabs/root + sed -i "/acme.sh/c 0 0 * * 0 /etc/nginx/sbin/nginx -s stop && \"/root/.acme.sh\"/acme.sh --cron --home \"/root/.acme.sh\" \ + > /dev/null && /etc/nginx/sbin/nginx" /var/spool/cron/crontabs/root fi judge "cron 计划任务更新" } show_information(){ clear + cd ~ - echo -e "${OK} ${Green} V2ray+ws+tls 安装成功 " - echo -e "${Red} V2ray 配置信息 ${Font}" - echo -e "${Red} 地址(address):${Font} ${domain} " - echo -e "${Red} 端口(port):${Font} ${port} " - echo -e "${Red} 用户id(UUID):${Font} ${UUID}" - echo -e "${Red} 额外id(alterId):${Font} ${alterID}" - echo -e "${Red} 加密方式(security):${Font} 自适应 " - echo -e "${Red} 传输协议(network):${Font} ws " - echo -e "${Red} 伪装类型(type):${Font} none " - echo -e "${Red} 路径(不要落下/):${Font} /${camouflage}/ " - echo -e "${Red} 底层传输安全:${Font} tls " + echo -e "${OK} ${Green} V2ray+ws+tls 安装成功" >./v2ray_info.txt + echo -e "${Red} V2ray 配置信息 ${Font}" >>./v2ray_info.txt + echo -e "${Red} 地址(address):${Font} ${domain} " >>./v2ray_info.txt + echo -e "${Red} 端口(port):${Font} ${port} " >>./v2ray_info.txt + echo -e "${Red} 用户id(UUID):${Font} ${UUID}" >>./v2ray_info.txt + echo -e "${Red} 额外id(alterId):${Font} ${alterID}" >>./v2ray_info.txt + echo -e "${Red} 加密方式(security):${Font} 自适应 " >>./v2ray_info.txt + echo -e "${Red} 传输协议(network):${Font} ws " >>./v2ray_info.txt + echo -e "${Red} 伪装类型(type):${Font} none " >>./v2ray_info.txt + echo -e "${Red} 路径(不要落下/):${Font} /${camouflage}/ " >>./v2ray_info.txt + echo -e "${Red} 底层传输安全:${Font} tls " >>./v2ray_info.txt - + cat ./v2ray_info.txt } - +ssl_judge_and_install(){ + if [[ -f "/data/v2ray.key" && -f "/data/v2ray.crt" ]];then + echo "证书文件已存在" + elif [[ -f "~/.acme.sh/${domain}_ecc/${domain}.key" && -f "~/.acme.sh/${domain}_ecc/${domain}.cer" ]];then + echo "证书文件已存在" + ~/.acme.sh/acme.sh --installcert -d ${domain} --fullchainpath /data/v2ray.crt --keypath /data/v2ray.key --ecc + judge "证书应用" + else + ssl_install + acme + fi +} main(){ is_root check_system - time_modify + chrony_install dependency_install + basic_optimization domain_check port_alterid_set v2ray_install @@ -372,17 +466,14 @@ main(){ nginx_conf_add web_camouflage - #改变证书安装位置,防止端口冲突关闭相关应用 - systemctl stop nginx - systemctl stop v2ray - #将证书生成放在最后,尽量避免多次尝试脚本从而造成的多次证书申请 - ssl_install - acme + ssl_judge_and_install show_information + rc_local_initialization start_process_systemd acme_cron_update } main +