#!/bin/bash #==================================================== # System Request:Debian 9+/Ubuntu 18.04+/Centos 7+ # Author: wulabing # Dscription: V2ray ws+tls onekey Management # Version: 1.0 # email:admin@wulabing.com # Official document: www.v2ray.com #==================================================== #fonts color Green="\033[32m" Red="\033[31m" Yellow="\033[33m" GreenBG="\033[42;37m" RedBG="\033[41;37m" Font="\033[0m" #notification information Info="${Green}[信息]${Font}" OK="${Green}[OK]${Font}" Error="${Red}[错误]${Font}" # 版本 shell_version="1.0" version_cmp="/tmp/version_cmp.tmp" v2ray_conf_dir="/etc/v2ray" nginx_conf_dir="/etc/nginx/conf/conf.d" v2ray_conf="${v2ray_conf_dir}/config.json" nginx_conf="${nginx_conf_dir}/v2ray.conf" nginx_dir="/etc/nginx" web_dir="/home/wwwroot" nginx_openssl_src="/usr/local/src" v2ray_bin_file="/usr/bin/v2ray" v2ray_info_file="$HOME/v2ray_info.inf" v2ray_qr_config_file="/etc/v2ray/vmess_qr.json" nginx_systemd_file="/etc/systemd/system/nginx.service" v2ray_systemd_file="/etc/systemd/system/v2ray.service" v2ray_access_log="/var/log/v2ray/access.log" v2ray_error_log="/var/log/v2ray/error.log" amce_sh_file="/root/.acme.sh/acme.sh" nginx_version="1.16.1" openssl_version="1.1.1d" #生成伪装路径 camouflage=`cat /dev/urandom | head -n 10 | md5sum | head -c 8` source /etc/os-release #从VERSION中提取发行版系统的英文名称,为了在debian/ubuntu下添加相对应的Nginx apt源 VERSION=`echo ${VERSION} | awk -F "[()]" '{print $2}'` check_system(){ if [[ "${ID}" == "centos" && ${VERSION_ID} -ge 7 ]];then echo -e "${OK} ${GreenBG} 当前系统为 Centos ${VERSION_ID} ${VERSION} ${Font}" INS="yum" elif [[ "${ID}" == "debian" && ${VERSION_ID} -ge 8 ]];then echo -e "${OK} ${GreenBG} 当前系统为 Debian ${VERSION_ID} ${VERSION} ${Font}" INS="apt" $INS update ## 添加 Nginx apt源 elif [[ "${ID}" == "ubuntu" && `echo "${VERSION_ID}" | cut -d '.' -f1` -ge 16 ]];then echo -e "${OK} ${GreenBG} 当前系统为 Ubuntu ${VERSION_ID} ${UBUNTU_CODENAME} ${Font}" INS="apt" $INS update else echo -e "${Error} ${RedBG} 当前系统为 ${ID} ${VERSION_ID} 不在支持的系统列表内,安装中断 ${Font}" exit 1 fi $INS install dbus systemctl stop firewalld && systemctl disable firewalld echo -e "${OK} ${GreenBG} firewalld 已关闭 ${Font}" } is_root(){ if [ `id -u` == 0 ] then echo -e "${OK} ${GreenBG} 当前用户是root用户,进入安装流程 ${Font}" sleep 3 else echo -e "${Error} ${RedBG} 当前用户不是root用户,请切换到root用户后重新执行脚本 ${Font}" exit 1 fi } judge(){ if [[ $? -eq 0 ]];then echo -e "${OK} ${GreenBG} $1 完成 ${Font}" sleep 1 else echo -e "${Error} ${RedBG} $1 失败${Font}" exit 1 fi } chrony_install(){ ${INS} -y install chrony judge "安装 chrony 时间同步服务 " timedatectl set-ntp true if [[ "${ID}" == "centos" ]];then systemctl enable chronyd && systemctl restart chronyd else systemctl enable chrony && systemctl restart chrony fi judge "chronyd 启动 " timedatectl set-timezone Asia/Shanghai echo -e "${OK} ${GreenBG} 等待时间同步 ${Font}" sleep 10 chronyc sourcestats -v chronyc tracking -v date read -p "请确认时间是否准确,误差范围±3分钟(Y/N): " chrony_install [[ -z ${chrony_install} ]] && chrony_install="Y" case $chrony_install in [yY][eE][sS]|[yY]) echo -e "${GreenBG} 继续安装 ${Font}" sleep 2 ;; *) echo -e "${RedBG} 安装终止 ${Font}" exit 2 ;; esac } dependency_install(){ ${INS} install wget git lsof -y if [[ "${ID}" == "centos" ]];then ${INS} -y install crontabs else ${INS} -y install cron fi judge "安装 crontab" if [[ "${ID}" == "centos" ]];then touch /var/spool/cron/root && chmod 600 /var/spool/cron/root systemctl start crond && systemctl enable crond else touch /var/spool/cron/crontabs/root && chmod 600 /var/spool/cron/crontabs/root systemctl start cron && systemctl enable cron fi judge "crontab 自启动配置 " ${INS} -y install bc judge "安装 bc" ${INS} -y install unzip judge "安装 unzip" ${INS} -y install qrencode judge "安装 qrencode" if [[ "${ID}" == "centos" ]];then ${INS} -y groupinstall "Development tools" else ${INS} -y install build-essential fi judge "编译工具包 安装" if [[ "${ID}" == "centos" ]];then ${INS} -y install pcre pcre-devel zlib-devel else ${INS} -y install libpcre3 libpcre3-dev zlib1g-dev dbus fi ${INS} -y install rng-tools judge "rng-tools 安装" ${INS} -y install haveged judge "haveged 安装" sed -i -r '/^HRNGDEVICE/d;/#HRNGDEVICE=\/dev\/null/a HRNGDEVICE=/dev/urandom' /etc/default/rng-tools if [[ "${ID}" == "centos" ]];then systemctl start rngd && systemctl enable rngd judge "rng-tools 启动" systemctl start haveged && systemctl enable haveged judge "haveged 启动" else systemctl start rng-tools && systemctl enable rng-tools judge "rng-tools 启动" systemctl start haveged && systemctl enable haveged judge "haveged 启动" fi } basic_optimization(){ # 最大文件打开数 sed -i '/^\*\ *soft\ *nofile\ *[[:digit:]]*/d' /etc/security/limits.conf sed -i '/^\*\ *hard\ *nofile\ *[[:digit:]]*/d' /etc/security/limits.conf echo '* soft nofile 65536' >> /etc/security/limits.conf echo '* hard nofile 65536' >> /etc/security/limits.conf # 关闭 Selinux if [[ "${ID}" == "centos" ]];then sed -i 's/^SELINUX=.*/SELINUX=disabled/' /etc/selinux/config setenforce 0 fi } port_alterid_set(){ read -p "请输入连接端口(default:443):" port [[ -z ${port} ]] && port="443" read -p "请输入alterID(default:2 仅允许填数字):" alterID [[ -z ${alterID} ]] && alterID="2" } modify_path(){ sed -i "/\"path\"/c \\\t \"path\":\"\/${camouflage}\/\"" ${v2ray_conf} judge "V2ray 伪装路径 修改" } modify_alterid(){ sed -i "/\"alterId\"/c \\\t \"alterId\":${alterID}" ${v2ray_conf} judge "V2ray alterid 修改" [ -f ${v2ray_qr_config_file} ] && sed -i "/\"aid\"/c \\ \"aid\": \"${aid}\"," ${v2ray_qr_config_file} echo -e "${GreenBG} alterID:${alterID} ${Font}" } modify_inbound_port(){ let PORT=$RANDOM+10000 sed -i "/\"port\"/c \ \"port\":${PORT}," ${v2ray_conf} judge "V2ray inbound_port 修改" } modify_UUID(){ [ -z $UUID ] && UUID=$(cat /proc/sys/kernel/random/uuid) sed -i "/\"id\"/c \\\t \"id\":\"${UUID}\"," ${v2ray_conf} judge "V2ray UUID 修改" [ -f ${v2ray_qr_config_file} ] && sed -i "/\"id\"/c \\ \"id\": \"${UUID}\"," ${v2ray_qr_config_file} echo -e "${GreenBG} UUID:${UUID} ${Font}" } modify_nginx_port(){ sed -i "/ssl http2;$/c \\\tlisten ${port} ssl http2;" ${nginx_conf} judge "V2ray port 修改" [ -f ${v2ray_qr_config_file} ] && sed -i "/\"port\"/c \\ \"port\": \"${port}\"," ${v2ray_qr_config_file} echo -e "${GreenBG} 端口号:${port} ${Font}" } modify_nginx_other(){ sed -i "/server_name/c \\\tserver_name ${domain};" ${nginx_conf} sed -i "/location/c \\\tlocation \/${camouflage}\/" ${nginx_conf} sed -i "/proxy_pass/c \\\tproxy_pass http://127.0.0.1:${PORT};" ${nginx_conf} sed -i "/return/c \\\treturn 301 https://${domain}\$request_uri;" ${nginx_conf} #sed -i "27i \\\tproxy_intercept_errors on;" ${nginx_dir}/conf/nginx.conf } web_camouflage(){ ##请注意 这里和LNMP脚本的默认路径冲突,千万不要在安装了LNMP的环境下使用本脚本,否则后果自负 rm -rf /home/wwwroot && mkdir -p /home/wwwroot && cd /home/wwwroot git clone https://github.com/wulabing/3DCEList.git judge "web 站点伪装" } v2ray_install(){ if [[ -d /root/v2ray ]];then rm -rf /root/v2ray fi if [[ -d /etc/v2ray ]];then rm -rf /etc/v2ray fi mkdir -p /root/v2ray && cd /root/v2ray wget --no-check-certificate https://install.direct/go.sh ## wget http://install.direct/go.sh if [[ -f go.sh ]];then bash go.sh --force judge "安装 V2ray" else echo -e "${Error} ${RedBG} V2ray 安装文件下载失败,请检查下载地址是否可用 ${Font}" exit 4 fi # 清除临时文件 rm -rf /root/v2ray } nginx_exist_check(){ if [[ -f "/etc/nginx/sbin/nginx" ]];then echo -e "${OK} ${GreenBG} Nginx已存在,跳过编译安装过程 ${Font}" sleep 2 else nginx_install fi } nginx_install(){ # if [[ -d "/etc/nginx" ]];then # rm -rf /etc/nginx # fi wget -nc http://nginx.org/download/nginx-${nginx_version}.tar.gz -P ${nginx_openssl_src} judge "Nginx 下载" wget -nc https://www.openssl.org/source/openssl-${openssl_version}.tar.gz -P ${nginx_openssl_src} judge "openssl 下载" cd ${nginx_openssl_src} [[ -d nginx-"$nginx_version" ]] && rm -rf nginx-"$nginx_version" tar -zxvf nginx-"$nginx_version".tar.gz [[ -d openssl-"$openssl_version" ]] && rm -rf openssl-"$openssl_version" tar -zxvf openssl-"$openssl_version".tar.gz [[ -d "$nginx_dir" ]] && rm -rf ${nginx_dir} echo -e "${OK} ${GreenBG} 即将开始编译安装 Nginx, 过程稍久,请耐心等待 ${Font}" sleep 4 cd nginx-${nginx_version} ./configure --prefix="${nginx_dir}" \ --with-http_ssl_module \ --with-http_gzip_static_module \ --with-http_stub_status_module \ --with-pcre \ --with-http_realip_module \ --with-http_flv_module \ --with-http_mp4_module \ --with-http_secure_link_module \ --with-http_v2_module \ --with-openssl=../openssl-"$openssl_version" judge "编译检查" make && make install judge "Nginx 编译安装" # 修改基本配置 sed -i 's/#user nobody;/user root;/' ${nginx_dir}/conf/nginx.conf sed -i 's/worker_processes 1;/worker_processes 3;/' ${nginx_dir}/conf/nginx.conf sed -i 's/ worker_connections 1024;/ worker_connections 4096;/' ${nginx_dir}/conf/nginx.conf sed -i '$i include conf.d/*.conf;' ${nginx_dir}/conf/nginx.conf # 删除临时文件 rm -rf nginx-"${nginx_version}" rm -rf openssl-"${openssl_version}" rm -rf ../nginx-"${nginx_version}".tar.gz rm -rf ../openssl-"${openssl_version}".tar.gz # 添加配置文件夹,适配旧版脚本 mkdir ${nginx_dir}/conf/conf.d } ssl_install(){ if [[ "${ID}" == "centos" ]];then ${INS} install socat nc -y else ${INS} install socat netcat -y fi judge "安装 SSL 证书生成脚本依赖" curl https://get.acme.sh | sh judge "安装 SSL 证书生成脚本" } domain_check(){ read -p "请输入你的域名信息(eg:www.wulabing.com):" domain domain_ip=`ping ${domain} -c 1 | sed '1{s/[^(]*(//;s/).*//;q}'` echo -e "${OK} ${GreenBG} 正在获取 公网ip 信息,请耐心等待 ${Font}" local_ip=`curl -4 ip.sb` echo -e "域名dns解析IP:${domain_ip}" echo -e "本机IP: ${local_ip}" sleep 2 if [[ $(echo ${local_ip}|tr '.' '+'|bc) -eq $(echo ${domain_ip}|tr '.' '+'|bc) ]];then echo -e "${OK} ${GreenBG} 域名dns解析IP 与 本机IP 匹配 ${Font}" sleep 2 else echo -e "${Error} ${RedBG} 请确保域名添加了正确的 A 记录,否则将无法正常使用 V2ray" echo -e "${Error} ${RedBG} 域名dns解析IP 与 本机IP 不匹配 是否继续安装?(y/n)${Font}" && read install case $install in [yY][eE][sS]|[yY]) echo -e "${GreenBG} 继续安装 ${Font}" sleep 2 ;; *) echo -e "${RedBG} 安装终止 ${Font}" exit 2 ;; esac fi } port_exist_check(){ if [[ 0 -eq `lsof -i:"$1" | grep -i "listen" | wc -l` ]];then echo -e "${OK} ${GreenBG} $1 端口未被占用 ${Font}" sleep 1 else echo -e "${Error} ${RedBG} 检测到 $1 端口被占用,以下为 $1 端口占用信息 ${Font}" lsof -i:"$1" echo -e "${OK} ${GreenBG} 5s 后将尝试自动 kill 占用进程 ${Font}" sleep 5 lsof -i:"$1" | awk '{print $2}'| grep -v "PID" | xargs kill -9 echo -e "${OK} ${GreenBG} kill 完成 ${Font}" sleep 1 fi } acme(){ ~/.acme.sh/acme.sh --issue -d ${domain} --standalone -k ec-256 --force --test if [[ $? -eq 0 ]];then echo -e "${OK} ${GreenBG} SSL 证书测试签发成功,开始正式签发 ${Font}" sleep 2 else echo -e "${Error} ${RedBG} SSL 证书测试签发失败 ${Font}" fi ~/.acme.sh/acme.sh --issue -d ${domain} --standalone -k ec-256 --force if [[ $? -eq 0 ]];then echo -e "${OK} ${GreenBG} SSL 证书生成成功 ${Font}" sleep 2 mkdir /data ~/.acme.sh/acme.sh --installcert -d ${domain} --fullchainpath /data/v2ray.crt --keypath /data/v2ray.key --ecc if [[ $? -eq 0 ]];then echo -e "${OK} ${GreenBG} 证书配置成功 ${Font}" sleep 2 fi else echo -e "${Error} ${RedBG} SSL 证书生成失败 ${Font}" exit 1 fi } v2ray_conf_add_tls(){ cd /etc/v2ray wget https://raw.githubusercontent.com/wulabing/V2Ray_ws-tls_bash_onekey/master/tls/config.json -O config.json modify_path modify_alterid modify_inbound_port modify_UUID } v2ray_conf_add_h2(){ cd /etc/v2ray wget https://raw.githubusercontent.com/wulabing/V2Ray_ws-tls_bash_onekey/master/http2/config.json -O config.json modify_path modify_alterid modify_UUID } nginx_conf_add(){ touch ${nginx_conf_dir}/v2ray.conf cat>${nginx_conf_dir}/v2ray.conf<> /etc/rc.local # systemctl start rc-local # fi # # judge "rc.local 配置" #} acme_cron_update(){ if [[ "${ID}" == "centos" ]];then sed -i "/acme.sh/c 0 3 * * 0 systemctl stop nginx && \"/root/.acme.sh\"/acme.sh --cron --home \"/root/.acme.sh\" \ > /dev/null && systemctl start nginx" /var/spool/cron/root else sed -i "/acme.sh/c 0 3 * * 0 systemctl stop nginx && \"/root/.acme.sh\"/acme.sh --cron --home \"/root/.acme.sh\" \ > /dev/null && systemctl start nginx" /var/spool/cron/crontabs/root fi judge "cron 计划任务更新" } vmess_qr_config_tls_ws(){ cat > $v2ray_qr_config_file <<-EOF { "v": "2", "ps": "wulabing_${domain}", "add": "${domain}", "port": "${port}", "id": "${UUID}", "aid": "${alterID}", "net": "ws", "type": "none", "host": "${domain}", "path": "/${camouflage}/", "tls": "tls" } EOF } vmess_qr_config_h2(){ cat > $v2ray_qr_config_file <<-EOF { "v": "2", "ps": "wulabing_${domain}", "add": "${domain}", "port": "${port}", "id": "${UUID}", "aid": "${alterID}", "net": "h2", "type": "none", "path": "/${camouflage}/", "tls": "tls" } EOF } vmess_qr_link_image(){ vmess_link="vmess://$(cat $v2ray_qr_config_file | base64 -w 0)" echo -e "${Red} URL导入链接:${vmess_link} ${Font}" >> ${v2ray_info_file} echo -e "${Red} 二维码: ${Font}" >> ${v2ray_info_file} echo -n "${vmess_link}"| qrencode -o - -t utf8 >> ${v2ray_info_file} } info_extraction(){ grep $1 $v2ray_qr_config_file | awk -F '"' '{print $4}' } basic_information(){ echo -e "${OK} ${Green} V2ray+ws+tls 安装成功" > ${v2ray_info_file} echo -e "${Red} V2ray 配置信息 ${Font}" >> ${v2ray_info_file} echo -e "${Red} 地址(address):${Font} $(info_extraction "add") " >> ${v2ray_info_file} echo -e "${Red} 端口(port):${Font} $(info_extraction "port") " >> ${v2ray_info_file} echo -e "${Red} 用户id(UUID):${Font} $(info_extraction '\"id\"')" >> ${v2ray_info_file} echo -e "${Red} 额外id(alterId):${Font} $(info_extraction "aid")" >> ${v2ray_info_file} echo -e "${Red} 加密方式(security):${Font} 自适应 " >> ${v2ray_info_file} echo -e "${Red} 传输协议(network):${Font} $(info_extraction "net") " >> ${v2ray_info_file} echo -e "${Red} 伪装类型(type):${Font} none " >> ${v2ray_info_file} echo -e "${Red} 路径(不要落下/):${Font} $(info_extraction "tls") " >> ${v2ray_info_file} echo -e "${Red} 底层传输安全:${Font} tls " >> ${v2ray_info_file} } show_information(){ cat ${v2ray_info_file} } ssl_judge_and_install(){ if [[ -f "/data/v2ray.key" && -f "/data/v2ray.crt" ]];then echo "证书文件已存在" elif [[ -f "~/.acme.sh/${domain}_ecc/${domain}.key" && -f "~/.acme.sh/${domain}_ecc/${domain}.cer" ]];then echo "证书文件已存在" ~/.acme.sh/acme.sh --installcert -d ${domain} --fullchainpath /data/v2ray.crt --keypath /data/v2ray.key --ecc judge "证书应用" else ssl_install acme fi } nginx_systemd(){ cat>$nginx_systemd_file< $version_cmp echo $shell_version >> $version_cmp if [ "$(sort -rV $version_cmp | head -1)" -gt "$shell_version" ] then echo -e "${OK} ${Green} 存在新版本,是否更新 [Y/N]? ${Font}" read -r update_confirm case $update_confirm in [yY][eE][sS]|[yY]) wget -N https://raw.githubusercontent.com/wulabing/V2Ray_ws-tls_bash_onekey/master/install.sh echo -e "${OK} ${Green} 更新完成 ${Font}" ;; *) exit 0 ;; esac else echo -e "${OK} ${Green} 当前版本为最新版本 ${Font}" fi } maintain(){ echo -e "${RedBG}该选项暂时无法使用${Font}" echo -e "${RedBG}$1${Font}" exit 0 } list(){ case $1 in tls_modify) tls_type ;; uninstall) uninstall_all ;; crontab_modify) acme_cron_update ;; boost) bbr_boost_sh ;; *) menu ;; esac } menu(){ echo -e "\t V2ray 安装管理脚本 ${Red}[${shell_version}]${Font}" echo -e "\t---authored by wulabing---" echo -e "\thttps://github.com/wulabing\n" echo -e "—————————————— 安装向导 ——————————————""" echo -e "${Green}0.${Font} 升级 脚本" echo -e "${Green}1.${Font} 安装 V2Ray (Nginx+ws+tls)" echo -e "${Green}2.${Font} 安装 V2Ray (http/2)" echo -e "—————————————— 配置变更 ——————————————" echo -e "${Green}3.${Font} 变更 UUID" echo -e "${Green}4.${Font} 变更 alterid" echo -e "${Green}5.${Font} 变更 port" echo -e "${Green}6.${Font} 变更 TLS 版本(仅ws+tls有效)" echo -e "—————————————— 查看信息 ——————————————" echo -e "${Green}7.${Font} 查看 实时访问日志" echo -e "${Green}8.${Font} 查看 实时错误日志" echo -e "${Green}9.${Font} 查看 V2Ray 配置信息" echo -e "—————————————— 其他选项 ——————————————" echo -e "${Green}10.${Font} 安装 4合1 bbr 锐速安装脚本" echo -e "${Green}11.${Font} 证书 有效期更新" echo -e "${Green}12.${Font} 卸载 V2Ray" echo -e "${Green}13.${Font} 退出 \n" read -p "请输入数字:" menu_num case $menu_num in 0) update_sh ;; 1) install_v2ray_ws_tls ;; 2) install_v2_h2 ;; 3) read -p "请输入UUID:" UUID modify_UUID start_process_systemd ;; 4) read -p "请输入alterID:" alterID modify_alterid start_process_systemd ;; 5) read -p "请输入连接端口:" port modify_nginx_port start_process_systemd ;; 6) tls_modify ;; 7) show_access_log ;; 8) show_error_log ;; 9) basic_information vmess_qr_link_image show_information ;; 10) bbr_boost_sh ;; 11) ssl_update_manuel ;; 12) uninstall_all ;; 13) exit 0 ;; *) echo -e "${RedBG}请输入正确的数字${Font}" ;; esac } list $1