diff --git a/config/web.conf b/config/web.conf index d84dcce..fde20cd 100644 --- a/config/web.conf +++ b/config/web.conf @@ -1,32 +1,39 @@ -server -{ + server { + listen 443 ssl http2; + listen [::]:443 http2; + ssl_certificate /ssl/v2ray.crt; + ssl_certificate_key /ssl/v2ray.key; + ssl_protocols TLSv1.3; + ssl_ecdh_curve X25519:P-256:P-384:P-521; + ssl_ciphers '[ECDHE-ECDSA-AES128-GCM-SHA256|ECDHE-ECDSA-CHACHA20-POLY1305|ECDHE-RSA-AES128-GCM-SHA256|ECDHE-RSA-CHACHA20-POLY1305]:ECDHE+AES128:RSA+AES128:ECDHE+AES256:RSA+AES256:ECDHE+3DES:RSA+3DES'; + server_name xxx; + index index.html index.htm; + root /www/xray_web; + error_page 400 = /400.html; + + # Config for 0-RTT in TLSv1.3 + ssl_early_data on; + ssl_stapling on; + ssl_stapling_verify on; + add_header Strict-Transport-Security "max-age=63072000" always; + + location /ray/ + { + proxy_redirect off; + proxy_pass http://127.0.0.1:10000; + proxy_http_version 1.1; + proxy_set_header X-Real-IP \$remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_set_header Host $http_host; + # Config for 0-RTT in TLSv1.3 + proxy_set_header Early-Data $ssl_early_data; + } +} + server { listen 80; listen [::]:80; server_name xxx; return 301 https://$http_host$request_uri; - - access_log /dev/null; - error_log /dev/null; -} - -server -{ - listen 127.0.0.1:60000 proxy_protocol; - listen 127.0.0.1:60001 http2 proxy_protocol; - server_name xxx; - index index.html index.htm index.php default.php default.htm default.html; - root /www/xray_web; - add_header Strict-Transport-Security "max-age=63072000" always; - - location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$ - { - expires 30d; - error_log off; - } - - location ~ .*\.(js|css)?$ - { - expires 12h; - error_log off; - } -} + } \ No newline at end of file diff --git a/config/web_compatible.conf b/config/web_compatible.conf new file mode 100644 index 0000000..2f65ab5 --- /dev/null +++ b/config/web_compatible.conf @@ -0,0 +1,39 @@ + server { + listen 443 ssl http2; + listen [::]:443 http2; + ssl_certificate /ssl/v2ray.crt; + ssl_certificate_key /ssl/v2ray.key; + ssl_protocols TLSv1.3 TLSv1.2; + ssl_ecdh_curve X25519:P-256:P-384:P-521; + ssl_ciphers '[ECDHE-ECDSA-AES128-GCM-SHA256|ECDHE-ECDSA-CHACHA20-POLY1305|ECDHE-RSA-AES128-GCM-SHA256|ECDHE-RSA-CHACHA20-POLY1305]:ECDHE+AES128:RSA+AES128:ECDHE+AES256:RSA+AES256:ECDHE+3DES:RSA+3DES'; + server_name xxx; + index index.html index.htm; + root /www/xray_web; + error_page 400 = /400.html; + + # Config for 0-RTT in TLSv1.3 + ssl_early_data on; + ssl_stapling on; + ssl_stapling_verify on; + add_header Strict-Transport-Security "max-age=63072000" always; + + location /ray/ + { + proxy_redirect off; + proxy_pass http://127.0.0.1:10000; + proxy_http_version 1.1; + proxy_set_header X-Real-IP \$remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_set_header Host $http_host; + # Config for 0-RTT in TLSv1.3 + proxy_set_header Early-Data $ssl_early_data; + } +} + server { + listen 80; + listen [::]:80; + server_name xxx; + return 301 https://$http_host$request_uri; + } \ No newline at end of file diff --git a/config/xray_tls_ws.json b/config/xray_tls_ws.json new file mode 100644 index 0000000..c01f271 --- /dev/null +++ b/config/xray_tls_ws.json @@ -0,0 +1,64 @@ +{ + "log": { + "access": "/var/log/v2ray/access.log", + "error": "/var/log/v2ray/error.log", + "loglevel": "warning" + }, + "inbounds": [ + { + "port": 10086, + "listen": "127.0.0.1", + "tag": "VLESS-in", + "protocol": "VLESS", + "settings": { + "clients": [ + { + "id": "3f3effce-2640-4f29-b95b-a2106df6d96d", + "alterId": 0 + } + ], + "decryption": "none" + }, + "streamSettings": { + "network": "ws", + "wsSettings": { + "path": "/e01ec5ea/" + } + } + } + ], + "outbounds": [ + { + "protocol": "freedom", + "settings": {}, + "tag": "direct" + }, + { + "protocol": "blackhole", + "settings": {}, + "tag": "blocked" + } + ], + "dns": { + "servers": [ + "https+local://1.1.1.1/dns-query", + "1.1.1.1", + "1.0.0.1", + "8.8.8.8", + "8.8.4.4", + "localhost" + ] + }, + "routing": { + "domainStrategy": "AsIs", + "rules": [ + { + "type": "field", + "inboundTag": [ + "VLESS-in" + ], + "outboundTag": "direct" + } + ] + } +} diff --git a/config/xray_tls_ws_mix-rprx-direct.json b/config/xray_tls_ws_mix-rprx-direct.json deleted file mode 100644 index f37078c..0000000 --- a/config/xray_tls_ws_mix-rprx-direct.json +++ /dev/null @@ -1,89 +0,0 @@ -{ - "log": { - "access": "/var/log/xray/access.log", - "error": "/var/log/xray/error.log", - "loglevel": "warning" - }, - "inbounds": [ - { - "port": 443, - "protocol": "vless", - "settings": { - "clients": [ - { - "id": "xx", - "flow": "xtls-rprx-direct" - } - ], - "decryption": "none", - "fallbacks": [ - { - "dest": 60000, - "alpn": "", - "xver": 1 - }, - { - "dest": 60001, - "alpn": "h2", - "xver": 1 - }, - { - "dest": 60002, - "path": "/wulabing", - "xver": 1 - } - ] - }, - "streamSettings": { - "network": "tcp", - "security": "xtls", - "xtlsSettings": { - "minVersion": "1.2", - "certificates": [ - { - "certificateFile": "/usr/local/etc/xray/self_signed_cert.pem", - "keyFile": "/usr/local/etc/xray/self_signed_key.pem" - }, - { - "certificateFile": "/ssl/xray.crt", - "keyFile": "/ssl/xray.key" - } - ] - } - }, - "sniffing": { - "enabled": true, - "destOverride": [ - "http", - "tls" - ] - } - }, - { - "port": 60002, - "listen": "127.0.0.1", - "protocol": "vless", - "settings": { - "clients": [ - { - "id": "xx" - } - ], - "decryption": "none" - }, - "streamSettings": { - "network": "ws", - "security": "none", - "wsSettings": { - "acceptProxyProtocol": true, - "path": "xx" - } - } - } -], - "outbounds": [ - { - "protocol": "freedom" - } - ] -} diff --git a/config/xray_xtls-rprx-direct.json b/config/xray_xtls-rprx-direct.json deleted file mode 100644 index 90590a1..0000000 --- a/config/xray_xtls-rprx-direct.json +++ /dev/null @@ -1,63 +0,0 @@ -{ - "log": { - "access": "/var/log/xray/access.log", - "error": "/var/log/xray/error.log", - "loglevel": "warning" - }, - "inbounds": [ - { - "port": 443, - "protocol": "vless", - "settings": { - "clients": [ - { - "id": "xx", - "flow": "xtls-rprx-direct" - } - ], - "decryption": "none", - "fallbacks": [ - { - "dest": 60000, - "alpn": "", - "xver": 1 - }, - { - "dest": 60001, - "alpn": "h2", - "xver": 1 - } - ] - }, - "streamSettings": { - "network": "tcp", - "security": "xtls", - "xtlsSettings": { - "minVersion": "1.2", - "certificates": [ - { - "certificateFile": "/usr/local/etc/xray/self_signed_cert.pem", - "keyFile": "/usr/local/etc/xray/self_signed_key.pem" - }, - { - "certificateFile": "/ssl/xray.crt", - "keyFile": "/ssl/xray.key" - } - ] - } - }, - "sniffing": { - "enabled": true, - "destOverride": [ - "http", - "tls" - ] - } - } - ], - "outbounds": [ - { - "protocol": "freedom" - } - ] -} \ No newline at end of file diff --git a/install.sh b/install.sh index ef0a93b..20c6716 100644 --- a/install.sh +++ b/install.sh @@ -1,7 +1,7 @@ #!/usr/bin/env bash #==================================================== -# System Request:Debian 9+/Ubuntu 18.04+/Centos 7+ +# System Request:Debian 10+/Ubuntu 20.04+/Centos 8+ # Author: wulabing # Dscription: Xray onekey Management # email: admin@wulabing.com @@ -27,14 +27,18 @@ OK="${Green}[OK]${Font}" ERROR="${Red}[ERROR]${Font}" # 变量 -shell_version="1.3.4" -github_branch="main" +shell_version="0.1.0" +github_branch="nginx_forward" xray_conf_dir="/usr/local/etc/xray" website_dir="/www/xray_web/" xray_access_log="/var/log/xray/access.log" xray_error_log="/var/log/xray/error.log" cert_dir="/usr/local/etc/xray" domain_tmp_dir="/usr/local/etc/xray" +nginx_conf_dir="/etc/nginx/conf/conf.d" +nginx_conf="${nginx_conf_dir}/v2ray.conf" +compatible_nginx_conf="no" + cert_group="nobody" random_num=$((RANDOM % 12 + 4)) @@ -45,8 +49,6 @@ function shell_mode_check() { if [ -f ${xray_conf_dir}/config.json ]; then if [ "$(grep -c "wsSettings" ${xray_conf_dir}/config.json)" -ge 1 ]; then shell_mode="ws" - else - shell_mode="tcp" fi else shell_mode="None" @@ -83,12 +85,18 @@ function system_check() { source '/etc/os-release' if [[ "${ID}" == "centos" && ${VERSION_ID} -ge 7 ]]; then + if [[ ${VERSION_ID} -ge 8 ]]; then + compatible_nginx_conf="no" + else + compatible_nginx_conf="yes" + fi print_ok "当前系统为 Centos ${VERSION_ID} ${VERSION}" INS="yum install -y" wget -N -P /etc/yum.repos.d/ https://raw.githubusercontent.com/wulabing/Xray_onekey/${github_branch}/basic/nginx.repo elif [[ "${ID}" == "ol" ]]; then print_ok "当前系统为 Oracle Linux ${VERSION_ID} ${VERSION}" INS="yum install -y" + compatible_nginx_conf="yes" wget -N -P /etc/yum.repos.d/ https://raw.githubusercontent.com/wulabing/Xray_onekey/${github_branch}/basic/nginx.repo elif [[ "${ID}" == "debian" && ${VERSION_ID} -ge 9 ]]; then print_ok "当前系统为 Debian ${VERSION_ID} ${VERSION}" @@ -137,6 +145,8 @@ function nginx_install() { judge "Nginx 安装" else print_ok "Nginx 已存在" + # 防止部分异常 + ${INS} nginx fi } function dependency_install() { @@ -289,31 +299,21 @@ function modify_UUID() { judge "Xray TCP UUID 修改" } -function modify_UUID_ws() { - cat ${xray_conf_dir}/config.json | jq 'setpath(["inbounds",1,"settings","clients",0,"id"];"'${UUID}'")' >${xray_conf_dir}/config_tmp.json - xray_tmp_config_file_check_and_use - judge "Xray ws UUID 修改" -} - -function modify_fallback_ws() { - cat ${xray_conf_dir}/config.json | jq 'setpath(["inbounds",0,"settings","fallbacks",2,"path"];"'${WS_PATH}'")' >${xray_conf_dir}/config_tmp.json - xray_tmp_config_file_check_and_use - judge "Xray fallback_ws 修改" -} - function modify_ws() { - cat ${xray_conf_dir}/config.json | jq 'setpath(["inbounds",1,"streamSettings","wsSettings","path"];"'${WS_PATH}'")' >${xray_conf_dir}/config_tmp.json + cat ${xray_conf_dir}/config.json | jq 'setpath(["inbounds",0,"streamSettings","wsSettings","path"];"'${WS_PATH}'")' >${xray_conf_dir}/config_tmp.json xray_tmp_config_file_check_and_use judge "Xray ws 修改" } -function configure_nginx() { - nginx_conf="/etc/nginx/conf.d/${domain}.conf" - cd /etc/nginx/conf.d/ && rm -f ${domain}.conf && wget -O ${domain}.conf https://raw.githubusercontent.com/wulabing/Xray_onekey/${github_branch}/config/web.conf - sed -i "s/xxx/${domain}/g" ${nginx_conf} - judge "Nginx config modify" +function modify_nginx_port() { + sed -i "/ssl http2;$/c \\\tlisten ${PORT} ssl http2;" ${nginx_conf} + sed -i "3c \\\tlisten [::]:${PORT} http2;" ${nginx_conf} + judge "Xray port 修改" +} - systemctl restart nginx +function modify_nginx_other() { + sed -i "/location/c \\\tlocation ${WS_PATH}" ${nginx_conf} + sed -i "/proxy_pass/c \\\tproxy_pass http://127.0.0.1:${PORT};" ${nginx_conf} } function modify_port() { @@ -324,24 +324,37 @@ function modify_port() { exit 1 fi port_exist_check $PORT - cat ${xray_conf_dir}/config.json | jq 'setpath(["inbounds",0,"port"];'${PORT}')' >${xray_conf_dir}/config_tmp.json - xray_tmp_config_file_check_and_use - judge "Xray 端口 修改" + modify_nginx_port } -function configure_xray() { - cd /usr/local/etc/xray && rm -f config.json && wget -O config.json https://raw.githubusercontent.com/wulabing/Xray_onekey/${github_branch}/config/xray_xtls-rprx-direct.json - modify_UUID +function configure_nginx() { + nginx_conf="/etc/nginx/conf.d/${domain}.conf" + cd /etc/nginx/conf.d/ && rm -f ${domain}.conf + if [[ $compatible_nginx_conf == "yes" ]]; then + wget -O ${domain}.conf https://raw.githubusercontent.com/wulabing/Xray_onekey/${github_branch}/config/web_compatible.conf + elif [[ $compatible_nginx_conf == "no" ]]; then + wget -O ${domain}.conf https://raw.githubusercontent.com/wulabing/Xray_onekey/${github_branch}/config/web.conf + fi + sed -i "s/xxx/${domain}/g" ${nginx_conf} modify_port + modify_nginx_other + systemctl restart nginx +} + + +function modify_inbound_port() { + inbound_port=$((RANDOM + 10000)) + cat ${xray_conf_dir}/config.json | jq 'setpath(["inbounds",0,"port"];'${inbound_port}')' >${xray_conf_dir}/config_tmp.json + xray_tmp_config_file_check_and_use + sed -i "9c \ \"port\":${inbound_port}," ${xray_conf_dir}/config.json + judge "Xray inbound_port 修改" } function configure_xray_ws() { - cd /usr/local/etc/xray && rm -f config.json && wget -O config.json https://raw.githubusercontent.com/wulabing/Xray_onekey/${github_branch}/config/xray_tls_ws_mix-rprx-direct.json + cd /usr/local/etc/xray && rm -f config.json && wget -O config.json https://raw.githubusercontent.com/wulabing/Xray_onekey/${github_branch}/config/xray_tls_ws.json modify_UUID - modify_UUID_ws - modify_port - modify_fallback_ws modify_ws + modify_inbound_port } function xray_install() { @@ -482,25 +495,6 @@ function restart_all() { judge "Xray 启动" } -function vless_xtls-rprx-direct_link() { - UUID=$(cat ${xray_conf_dir}/config.json | jq .inbounds[0].settings.clients[0].id | tr -d '"') - PORT=$(cat ${xray_conf_dir}/config.json | jq .inbounds[0].port) - FLOW=$(cat ${xray_conf_dir}/config.json | jq .inbounds[0].settings.clients[0].flow | tr -d '"') - DOMAIN=$(cat ${domain_tmp_dir}/domain) - - print_ok "URL 链接(VLESS + TCP + TLS)" - print_ok "vless://$UUID@$DOMAIN:$PORT?security=tls&flow=$FLOW#TLS_wulabing-$DOMAIN" - - print_ok "URL 链接(VLESS + TCP + XTLS)" - print_ok "vless://$UUID@$DOMAIN:$PORT?security=xtls&flow=$FLOW#XTLS_wulabing-$DOMAIN" - print_ok "-------------------------------------------------" - print_ok "URL 二维码(VLESS + TCP + TLS)(请在浏览器中访问)" - print_ok "https://api.qrserver.com/v1/create-qr-code/?size=400x400&data=vless://$UUID@$DOMAIN:$PORT?security=tls%26flow=$FLOW%23TLS_wulabing-$DOMAIN" - - print_ok "URL 二维码(VLESS + TCP + XTLS)(请在浏览器中访问)" - print_ok "https://api.qrserver.com/v1/create-qr-code/?size=400x400&data=vless://$UUID@$DOMAIN:$PORT?security=xtls%26flow=$FLOW%23XTLS_wulabing-$DOMAIN" -} - function vless_xtls-rprx-direct_information() { UUID=$(cat ${xray_conf_dir}/config.json | jq .inbounds[0].settings.clients[0].id | tr -d '"') PORT=$(cat ${xray_conf_dir}/config.json | jq .inbounds[0].port) @@ -594,23 +588,6 @@ function mtproxy_sh() { wget -N --no-check-certificate "https://github.com/wulabing/mtp/raw/master/mtproxy.sh" && chmod +x mtproxy.sh && bash mtproxy.sh } -function install_xray() { - is_root - system_check - dependency_install - basic_optimization - domain_check - port_exist_check 80 - xray_install - configure_xray - nginx_install - configure_nginx - configure_web - generate_certificate - ssl_judge_and_install - restart_all - basic_information -} function install_xray_ws() { is_root system_check @@ -623,7 +600,6 @@ function install_xray_ws() { nginx_install configure_nginx configure_web - generate_certificate ssl_judge_and_install restart_all basic_ws_information @@ -670,12 +646,7 @@ menu() { ;; 11) read -rp "请输入UUID:" UUID - if [[ ${shell_mode} == "tcp" ]]; then - modify_UUID - elif [[ ${shell_mode} == "ws" ]]; then - modify_UUID - modify_UUID_ws - fi + modify_UUID restart_all ;; 13) @@ -683,14 +654,9 @@ menu() { restart_all ;; 14) - if [[ ${shell_mode} == "ws" ]]; then - read -rp "请输入路径(示例:/wulabing/ 要求两侧都包含/):" WS_PATH - modify_fallback_ws - modify_ws - restart_all - else - print_error "当前模式不是Websocket模式" - fi + read -rp "请输入路径(示例:/wulabing/ 要求两侧都包含/):" WS_PATH + modify_ws + restart_all ;; 21) tail -f $xray_access_log @@ -700,11 +666,7 @@ menu() { ;; 23) if [[ -f $xray_conf_dir/config.json ]]; then - if [[ ${shell_mode} == "tcp" ]]; then - basic_information - elif [[ ${shell_mode} == "ws" ]]; then - basic_ws_information - fi + basic_ws_information else print_error "xray 配置文件不存在" fi