适配 Centos8 Debian10 Ubuntu19.04

修复部分系统下计划任务不生效的问题修复时间同步服务在 Centos8 下无法安装的错误修复部分系统下证书不会自动更新的问题修复部分系统下 Nginx 开机自启配置失效的问题变更重复安装时，将不对相同的域名进行重复的证书申请，防止出现 Let's encrypt API 次数限制变更默认 alterID 64 -> 4 ，减少资源占用变更 nginx 安装方式从源获取变更为编译安装，并使用新版Openssl，支持tls1.3 变更 nginx 配置文件 ssl_protocols ssl_ciphers，适配 tls1.3 变更取消对Debian8 Ubuntu 16.04 的适配工作（本版本可能依旧可用）变更默认页面伪装为 html5 小游戏新增安装完成，节点配置信息留档
2019-10-16 01:27:30 +08:00 · 2019-10-16 01:27:30 +08:00 · 92acd74aa3
parent ed7585ac13
commit 92acd74aa3
1 changed files with 208 additions and 117 deletions
--- a/install.sh
+++ b/install.sh
@ -1,11 +1,11 @@
 #!/bin/bash
 #====================================================
-#	System Request:Debian 7+/Ubuntu 14.04+/Centos 6+
+#	System Request:Debian 9+/Ubuntu 18.04+/Centos 7+
 #	Author:	wulabing
 #	Dscription: V2ray ws+tls onekey 
-#	Version: 3.3.1
+#	Version: 5.0
-#	Blog: https://www.wulabing.com
+#	email:wulabing@admin.com
 #	Official document: www.v2ray.com
 #====================================================
@ -23,10 +23,13 @@ OK="${Green}[OK]${Font}"
 Error="${Red}[错误]${Font}"
 v2ray_conf_dir="/etc/v2ray"
-nginx_conf_dir="/etc/nginx/conf.d"
+nginx_conf_dir="/etc/nginx/conf/conf.d"
 v2ray_conf="${v2ray_conf_dir}/config.json"
 nginx_conf="${nginx_conf_dir}/v2ray.conf"
-
+nginx_dir=$"/etc/nginx"
 nginx_openssl_src="/usr/local/src"
 nginx_version="1.16.1"
 openssl_version="1.1.1d"
 #生成伪装路径
 camouflage=`cat /dev/urandom | head -n 10 | md5sum | head -c 8`
@ -36,51 +39,30 @@ source /etc/os-release
 VERSION=`echo ${VERSION} | awk -F "[()]" '{print $2}'`
 check_system(){
    if [[ "${ID}" == "centos" && ${VERSION_ID} -ge 7 ]];then
-        echo -e "${OK} ${GreenBG} 当前系统为 Centos ${VERSION_ID} ${VERSION} ${Font} "
+        echo -e "${OK} ${GreenBG} 当前系统为 Centos ${VERSION_ID} ${VERSION} ${Font}"
        INS="yum"
        echo -e "${OK} ${GreenBG} SElinux 设置中，请耐心等待，不要进行其他操作${Font} "
        setsebool -P httpd_can_network_connect 1
        echo -e "${OK} ${GreenBG} SElinux 设置完成 ${Font} "
        ## Centos 也可以通过添加 epel 仓库来安装，目前不做改动
        cat>/etc/yum.repos.d/nginx.repo<<EOF
 [nginx]
 name=nginx repo
 baseurl=http://nginx.org/packages/mainline/centos/7/\$basearch/
 gpgcheck=0
 enabled=1
 EOF
        echo -e "${OK} ${GreenBG} Nginx 源 安装完成 ${Font}" 
    elif [[ "${ID}" == "debian" && ${VERSION_ID} -ge 8 ]];then
-        echo -e "${OK} ${GreenBG} 当前系统为 Debian ${VERSION_ID} ${VERSION} ${Font} "
+        echo -e "${OK} ${GreenBG} 当前系统为 Debian ${VERSION_ID} ${VERSION} ${Font}"
        INS="apt"
        INS update
        ## 添加 Nginx apt源
        if [ ! -f nginx_signing.key ];then
        echo "deb http://nginx.org/packages/mainline/debian/ ${VERSION} nginx" >> /etc/apt/sources.list
        echo "deb-src http://nginx.org/packages/mainline/debian/ ${VERSION} nginx" >> /etc/apt/sources.list
        wget -nc https://nginx.org/keys/nginx_signing.key
        apt-key add nginx_signing.key
        fi
    elif [[ "${ID}" == "ubuntu" && `echo "${VERSION_ID}" | cut -d '.' -f1` -ge 16 ]];then
-        echo -e "${OK} ${GreenBG} 当前系统为 Ubuntu ${VERSION_ID} ${UBUNTU_CODENAME} ${Font} "
+        echo -e "${OK} ${GreenBG} 当前系统为 Ubuntu ${VERSION_ID} ${UBUNTU_CODENAME} ${Font}"
        INS="apt"
-        ## 添加 Nginx apt源
+        INS update
        if [ ! -f nginx_signing.key ];then
        echo "deb http://nginx.org/packages/mainline/ubuntu/ ${UBUNTU_CODENAME} nginx" >> /etc/apt/sources.list
        echo "deb-src http://nginx.org/packages/mainline/ubuntu/ ${UBUNTU_CODENAME} nginx" >> /etc/apt/sources.list
        wget -nc https://nginx.org/keys/nginx_signing.key
        apt-key add nginx_signing.key
        fi
    else
-        echo -e "${Error} ${RedBG} 当前系统为 ${ID} ${VERSION_ID} 不在支持的系统列表内，安装中断 ${Font} "
+        echo -e "${Error} ${RedBG} 当前系统为 ${ID} ${VERSION_ID} 不在支持的系统列表内，安装中断 ${Font}"
        exit 1
    fi
    systemctl stop firewalld && systemctl disable firewalld
    echo -e "${OK} ${GreenBG} firewalld 已关闭 ${Font}"
 }
 is_root(){
    if [ `id -u` == 0 ]
-        then echo -e "${OK} ${GreenBG} 当前用户是root用户，进入安装流程 ${Font} "
+        then echo -e "${OK} ${GreenBG} 当前用户是root用户，进入安装流程 ${Font}"
        sleep 3
    else
        echo -e "${Error} ${RedBG} 当前用户不是root用户，请切换到root用户后重新执行脚本 ${Font}" 
@ -96,57 +78,105 @@ judge(){
        exit 1
    fi
 }
-ntpdate_install(){
+chrony_install(){
    ${INS} -y install chrony
    judge "安装 chrony 时间同步服务 "
    timedatectl set-ntp true
    if [[ "${ID}" == "centos" ]];then
-        ${INS} install ntpdate -y
+       systemctl enable chronyd && systemctl restart chronyd
    else
-        ${INS} update
+       systemctl enable chrony && systemctl restart chrony
        ${INS} install ntpdate -y
    fi
-    judge "安装 NTPdate 时间同步服务 "
+
    judge "chronyd 启动 "
    timedatectl set-timezone Asia/Shanghai
    echo -e "${OK} ${GreenBG} 等待时间同步 ${Font}"
    sleep 10
    chronyc sourcestats -v
    chronyc tracking -v
    date
    read -p "请确认时间是否准确,误差范围±3分钟(Y/N): " chrony_install
    [[ -z ${chrony_install} ]] && chrony_install="Y"
    case $chrony_install in
        [yY][eE][sS]|[yY])
            echo -e "${GreenBG} 继续安装 ${Font}"
            sleep 2
            ;;
        *)
            echo -e "${RedBG} 安装终止 ${Font}"
            exit 2
            ;;
        esac
 }
 time_modify(){
    ntpdate_install
    systemctl stop ntp &>/dev/null
    echo -e "${Info} ${GreenBG} 正在进行时间同步 ${Font}"
    ntpdate time.nist.gov
    if [[ $? -eq 0 ]];then 
        echo -e "${OK} ${GreenBG} 时间同步成功 ${Font}"
        echo -e "${OK} ${GreenBG} 当前系统时间 `date -R`（请注意时区间时间换算，换算后时间误差应为三分钟以内）${Font}"
        sleep 1
    else
        echo -e "${Error} ${RedBG} 时间同步失败，请检查ntpdate服务是否正常工作 ${Font}"
    fi 
 }
 dependency_install(){
    ${INS} install wget git lsof -y
    if [[ "${ID}" == "centos" ]];then
       ${INS} -y install crontabs
    else
-        ${INS} install cron
+       ${INS} -y install cron
    fi
    judge "安装 crontab"
-    # 新版的IP判定不需要使用net-tools
+    if [[ "${ID}" == "centos" ]];then
-    # ${INS} install net-tools -y
+       systemctl start crond && systemctl enable crond
-    # judge "安装 net-tools"
+    else
       touch /var/spool/cron/crontabs/root && chmod 600 /var/spool/cron/crontabs/root
       systemctl start cron && systemctl enable cron
    fi
    judge "crontab 自启动配置 "
    ${INS} install bc -y
    judge "安装 bc"
    ${INS} install unzip -y
    judge "安装 unzip"
    if [[ "${ID}" == "centos" ]];then
       ${INS} -y groupinstall "Development tools"
    else
       ${INS} -y install build-essential
    fi
    judge "编译工具包 安装"
    if [[ "${ID}" == "centos" ]];then
       ${INS} -y install pcre pcre-devel zlib-devel
    else
       ${INS} -y install libpcre3 libpcre3-dev zlib1g-dev
    fi
    judge "nginx 编译依赖"
 }
 basic_optimization(){
    # 最大文件打开数
    sed -i '/^\*\ *soft\ *nofile\ *[[:digit:]]*/d' /etc/security/limits.conf
    sed -i '/^\*\ *hard\ *nofile\ *[[:digit:]]*/d' /etc/security/limits.conf
    echo '* soft nofile 65536' >> /etc/security/limits.conf
    echo '* hard nofile 65536' >> /etc/security/limits.conf
    # 关闭 Selinux
    if [[ "${ID}" == "centos" ]];then
        sed -i 's/^SELINUX=.*/SELINUX=disabled/' /etc/selinux/config
        setenforce 0
    fi
 }
 port_alterid_set(){
    stty erase '^H' && read -p "请输入连接端口（default:443）:" port
    [[ -z ${port} ]] && port="443"
-    stty erase '^H' && read -p "请输入alterID（default:64）:" alterID
+    stty erase '^H' && read -p "请输入alterID（default:4）:" alterID
-    [[ -z ${alterID} ]] && alterID="64"
+    [[ -z ${alterID} ]] && alterID="4"
 }
 modify_port_UUID(){
    let PORT=$RANDOM+10000
@ -157,21 +187,17 @@ modify_port_UUID(){
    sed -i "/\"path\"/c \\\t  \"path\":\"\/${camouflage}\/\"" ${v2ray_conf}
 }
 modify_nginx(){
    ## sed 部分地方 适应新配置修正
    if [[ -f /etc/nginx/nginx.conf.bak ]];then
        cp /etc/nginx/nginx.conf.bak /etc/nginx/nginx.conf
    fi
    sed -i "1,/listen/{s/listen 443 ssl;/listen ${port} ssl;/}" ${nginx_conf}
    sed -i "/server_name/c \\\tserver_name ${domain};" ${nginx_conf}
    sed -i "/location/c \\\tlocation \/${camouflage}\/" ${nginx_conf}
    sed -i "/proxy_pass/c \\\tproxy_pass http://127.0.0.1:${PORT};" ${nginx_conf}
    sed -i "/return/c \\\treturn 301 https://${domain}\$request_uri;" ${nginx_conf}
-    sed -i "27i \\\tproxy_intercept_errors on;"  /etc/nginx/nginx.conf
+    sed -i "27i \\\tproxy_intercept_errors on;"  ${nginx_dir}/conf/nginx.conf
 }
 web_camouflage(){
    ##请注意 这里和LNMP脚本的默认路径冲突，千万不要在安装了LNMP的环境下使用本脚本，否则后果自负
    rm -rf /home/wwwroot && mkdir -p /home/wwwroot && cd /home/wwwroot
-    git clone https://github.com/wulabing/sCalc.git
+    git clone https://github.com/eyebluecn/levis.git
    judge "web 站点伪装"   
 }
 v2ray_install(){
@ -191,21 +217,60 @@ v2ray_install(){
        echo -e "${Error} ${RedBG} V2ray 安装文件下载失败，请检查下载地址是否可用 ${Font}"
        exit 4
    fi
    # 清除临时文件
    rm -rf /root/v2ray
 }
 nginx_install(){
-    ${INS} install nginx -y
+    wget -nc http://nginx.org/download/nginx-${nginx_version}.tar.gz -P ${nginx_openssl_src}
-    if [[ -d /etc/nginx ]];then
+    judge "Nginx 下载"
-        echo -e "${OK} ${GreenBG} nginx 安装完成 ${Font}"
+    wget -nc https://www.openssl.org/source/openssl-${openssl_version}.tar.gz -P ${nginx_openssl_src}
-        sleep 2
+    judge "openssl 下载"
-    else
+
-        echo -e "${Error} ${RedBG} nginx 安装失败 ${Font}"
+    cd ${nginx_openssl_src}
-        exit 5
+
-    fi
+    [[ -d nginx-"$nginx_version" ]] && rm -rf nginx-"$nginx_version"
-    if [[ ! -f /etc/nginx/nginx.conf.bak ]];then
+    tar -zxvf nginx-"$nginx_version".tar.gz
-        cp /etc/nginx/nginx.conf /etc/nginx/nginx.conf.bak
+
-        echo -e "${OK} ${GreenBG} nginx 初始配置备份完成 ${Font}"
+    [[ -d openssl-"$openssl_version" ]] && rm -rf openssl-"$openssl_version"
-        sleep 1
+    tar -zxvf openssl-"$openssl_version".tar.gz
-    fi
+
    [[ -d "$nginx_dir" ]] && rm -rf ${nginx_dir}
    echo -e "${OK} ${GreenBG} 即将开始编译安装 Nginx, 过程稍久，请耐心等待 ${Font}"
    sleep 4
    cd nginx-${nginx_version}
    ./configure --prefix="${nginx_dir}"                         \
            --with-http_ssl_module                              \
            --with-http_gzip_static_module                      \
            --with-http_stub_status_module                      \
            --with-pcre                                         \
            --with-http_realip_module                           \
            --with-http_flv_module                              \
            --with-http_mp4_module                              \
            --with-http_secure_link_module                      \
            --with-http_v2_module                               \
            --with-openssl=../openssl-"$openssl_version"
    judge "编译检查"
    make && make install
    judge "Nginx 编译安装"
    # 修改基本配置
    sed -i 's/#user  nobody;/user  root;/' ${nginx_dir}/conf/nginx.conf
    sed -i 's/worker_processes  1;/worker_processes  3;/' ${nginx_dir}/conf/nginx.conf
    sed -i 's/    worker_connections  1024;/    worker_connections  4096;/' ${nginx_dir}/conf/nginx.conf
    sed -i '$i include conf.d/*.conf;' ${nginx_dir}/conf/nginx.conf
    # 删除临时文件
    rm -rf nginx-"${nginx_version}"
    rm -rf openssl-"${openssl_version}"
    rm -rf ../nginx-"${nginx_version}".tar.gz
    rm -rf ../openssl-"${openssl_version}".tar.gz
    # 添加配置文件夹，适配旧版脚本
    mkdir ${nginx_dir}/conf/conf.d
 }
 ssl_install(){
    if [[ "${ID}" == "centos" ]];then
@ -217,10 +282,9 @@ ssl_install(){
    curl  https://get.acme.sh | sh
    judge "安装 SSL 证书生成脚本"
 }
 domain_check(){
-    stty erase '^H' && read -p "请输入你的域名信息(eg:www.wulabing.com):" domain
+    read -p "请输入你的域名信息(eg:www.wulabing.com):" domain
    domain_ip=`ping ${domain} -c 1 | sed '1{s/[^(]*(//;s/).*//;q}'`
    echo -e "${OK} ${GreenBG} 正在获取 公网ip 信息，请耐心等待 ${Font}"
    local_ip=`curl -4 ip.sb`
@ -231,6 +295,7 @@ domain_check(){
        echo -e "${OK} ${GreenBG} 域名dns解析IP  与 本机IP 匹配 ${Font}"
        sleep 2
    else
        echo -e "${Error} ${RedBG} 请确保域名添加了正确的 A 记录，否则将无法正常使用 V2ray（y/n)"
        echo -e "${Error} ${RedBG} 域名dns解析IP 与 本机IP 不匹配 是否继续安装？（y/n）${Font}" && read install
        case $install in
        [yY][eE][sS]|[yY])
@ -264,7 +329,8 @@ acme(){
    if [[ $? -eq 0 ]];then
        echo -e "${OK} ${GreenBG} SSL 证书生成成功 ${Font}"
        sleep 2
-        ~/.acme.sh/acme.sh --installcert -d ${domain} --fullchainpath /etc/v2ray/v2ray.crt --keypath /etc/v2ray/v2ray.key --ecc
+        mkdir /data
        ~/.acme.sh/acme.sh --installcert -d ${domain} --fullchainpath /data/v2ray.crt --keypath /data/v2ray.key --ecc
        if [[ $? -eq 0 ]];then
        echo -e "${OK} ${GreenBG} 证书配置成功 ${Font}"
        sleep 2
@ -285,14 +351,13 @@ nginx_conf_add(){
    cat>${nginx_conf_dir}/v2ray.conf<<EOF
    server {
        listen 443 ssl;
-        ssl on;
+        ssl_certificate       /data/v2ray.crt;
-        ssl_certificate       /etc/v2ray/v2ray.crt;
+        ssl_certificate_key   /data/v2ray.key;
-        ssl_certificate_key   /etc/v2ray/v2ray.key;
+        ssl_protocols         TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
-        ssl_protocols         TLSv1 TLSv1.1 TLSv1.2;
+        ssl_ciphers           TLS13-AES-256-GCM-SHA384:TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-128-GCM-SHA256:TLS13-AES-128-CCM-8-SHA256:TLS13-AES-128-CCM-SHA256:EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+ECDSA+AES128:EECDH+aRSA+AES128:RSA+AES128:EECDH+ECDSA+AES256:EECDH+aRSA+AES256:RSA+AES256:EECDH+ECDSA+3DES:EECDH+aRSA+3DES:RSA+3DES:!MD5;
        ssl_ciphers           HIGH:!aNULL:!MD5;
        server_name           serveraddr.com;
        index index.html index.htm;
-        root  /home/wwwroot/sCalc;
+        root  /home/wwwroot/levis;
        error_page 400 = /400.html;
        location /ray/ 
        {
@ -318,50 +383,79 @@ judge "Nginx 配置修改"
 start_process_systemd(){
    ### nginx服务在安装完成后会自动启动。需要通过restart或reload重新加载配置
-    systemctl start nginx 
+    ${nginx_dir}/sbin/nginx
    judge "Nginx 启动"
-    systemctl enable nginx
+    sed -i '/nginx/d' /etc/rc.local
 	echo "${nginx_dir}/sbin/nginx" >> /etc/rc.local
    judge "设置 Nginx 开机自启"
    systemctl start v2ray
    judge "V2ray 启动"
    systemctl enable v2ray
    judge "设置 v2ray 开机自启"
 }
 #debian 系 9 10 适配
 rc_local_initialization(){
    if [[ -f /etc/rc.local ]];then
        chmod +x /etc/rc.local
    else
        touch /etc/rc.local && chmod +x /etc/rc.local
        echo "#!/bin/bash" >> /etc/rc.local
        systemctl start rc-local
    fi
    judge "rc.local 配置"
 }
 acme_cron_update(){
    if [[ "${ID}" == "centos" ]];then
-        sed -i "/acme.sh/c 0 0 * * 0 systemctl stop nginx && \"/root/.acme.sh\"/acme.sh --cron --home \"/root/.acme.sh\" \
+        sed -i "/acme.sh/c 0 0 * * 0 /etc/nginx/sbin/nginx -s stop  && \"/root/.acme.sh\"/acme.sh --cron --home \"/root/.acme.sh\" \
-        > /dev/null && systemctl start nginx " /var/spool/cron/root
+        > /dev/null && /etc/nginx/sbin/nginx" /var/spool/cron/root
    else
-        sed -i "/acme.sh/c 0 0 * * 0 systemctl stop nginx && \"/root/.acme.sh\"/acme.sh --cron --home \"/root/.acme.sh\" \
+        sed -i "/acme.sh/c 0 0 * * 0 /etc/nginx/sbin/nginx -s stop && \"/root/.acme.sh\"/acme.sh --cron --home \"/root/.acme.sh\" \
-        > /dev/null && systemctl start nginx " /var/spool/cron/crontabs/root
+        > /dev/null && /etc/nginx/sbin/nginx" /var/spool/cron/crontabs/root
    fi
    judge "cron 计划任务更新"
 }
 show_information(){
    clear
    cd ~
-    echo -e "${OK} ${Green} V2ray+ws+tls 安装成功 "
+    echo -e "${OK} ${Green} V2ray+ws+tls 安装成功" >./v2ray_info.txt
-    echo -e "${Red} V2ray 配置信息 ${Font}"
+    echo -e "${Red} V2ray 配置信息 ${Font}" >>./v2ray_info.txt
-    echo -e "${Red} 地址（address）:${Font} ${domain} "
+    echo -e "${Red} 地址（address）:${Font} ${domain} " >>./v2ray_info.txt
-    echo -e "${Red} 端口（port）：${Font} ${port} "
+    echo -e "${Red} 端口（port）：${Font} ${port} " >>./v2ray_info.txt
-    echo -e "${Red} 用户id（UUID）：${Font} ${UUID}"
+    echo -e "${Red} 用户id（UUID）：${Font} ${UUID}" >>./v2ray_info.txt
-    echo -e "${Red} 额外id（alterId）：${Font} ${alterID}"
+    echo -e "${Red} 额外id（alterId）：${Font} ${alterID}" >>./v2ray_info.txt
-    echo -e "${Red} 加密方式（security）：${Font} 自适应 "
+    echo -e "${Red} 加密方式（security）：${Font} 自适应 " >>./v2ray_info.txt
-    echo -e "${Red} 传输协议（network）：${Font} ws "
+    echo -e "${Red} 传输协议（network）：${Font} ws " >>./v2ray_info.txt
-    echo -e "${Red} 伪装类型（type）：${Font} none "
+    echo -e "${Red} 伪装类型（type）：${Font} none " >>./v2ray_info.txt
-    echo -e "${Red} 路径（不要落下/）：${Font} /${camouflage}/ "
+    echo -e "${Red} 路径（不要落下/）：${Font} /${camouflage}/ " >>./v2ray_info.txt
-    echo -e "${Red} 底层传输安全：${Font} tls "
+    echo -e "${Red} 底层传输安全：${Font} tls " >>./v2ray_info.txt
-    
+    cat ./v2ray_info.txt
 }
-
+ssl_judge_and_install(){
    if [[ -f "/data/v2ray.key" && -f "/data/v2ray.crt" ]];then
        echo "证书文件已存在"
    elif [[ -f "~/.acme.sh/${domain}_ecc/${domain}.key" && -f "~/.acme.sh/${domain}_ecc/${domain}.cer" ]];then
        echo "证书文件已存在"
        ~/.acme.sh/acme.sh --installcert -d ${domain} --fullchainpath /data/v2ray.crt --keypath /data/v2ray.key --ecc
        judge "证书应用"
    else
        ssl_install
        acme
    fi
 }
 main(){
    is_root
    check_system
-    time_modify
+    chrony_install
    dependency_install
    basic_optimization
    domain_check
    port_alterid_set
    v2ray_install
@ -372,17 +466,14 @@ main(){
    nginx_conf_add
    web_camouflage
    #改变证书安装位置，防止端口冲突关闭相关应用
    systemctl stop nginx
    systemctl stop v2ray
    #将证书生成放在最后，尽量避免多次尝试脚本从而造成的多次证书申请
-    ssl_install
+    ssl_judge_and_install
    acme
    show_information
    rc_local_initialization
    start_process_systemd
    acme_cron_update
 }
 main