diff --git a/sing-box.sh b/sing-box.sh index e220117..87d9767 100644 --- a/sing-box.sh +++ b/sing-box.sh @@ -177,15 +177,10 @@ install_singbox() { private_key=$(echo "${output}" | awk '/PrivateKey:/ {print $2}') public_key=$(echo "${output}" | awk '/PublicKey:/ {print $2}') - iptables -A INPUT -p tcp --dport 8001 -j ACCEPT > /dev/null 2>&1 - iptables -A INPUT -p tcp --dport $vless_port -j ACCEPT > /dev/null 2>&1 - iptables -A INPUT -p tcp --dport $nginx_port -j ACCEPT > /dev/null 2>&1 - iptables -A INPUT -p udp --dport $tuic_port -j ACCEPT > /dev/null 2>&1 - iptables -A INPUT -p udp --dport $hy2_port -j ACCEPT > /dev/null 2>&1 - iptables -P FORWARD ACCEPT > /dev/null 2>&1 - iptables -P OUTPUT ACCEPT > /dev/null 2>&1 - iptables -F > /dev/null 2>&1 - manage_packages uninstall ufw firewalld iptables-persistent iptables-services > /dev/null 2>&1 + iptables -F > /dev/null 2>&1 && iptables -P INPUT ACCEPT > /dev/null 2>&1 && iptables -P FORWARD ACCEPT > /dev/null 2>&1 && iptables -P OUTPUT ACCEPT > /dev/null 2>&1 + command -v ip6tables &> /dev/null && ip6tables -F > /dev/null 2>&1 && ip6tables -P INPUT ACCEPT > /dev/null 2>&1 && ip6tables -P FORWARD ACCEPT > /dev/null 2>&1 && ip6tables -P OUTPUT ACCEPT > /dev/null 2>&1 + + manage_packages uninstall ufw firewalld > /dev/null 2>&1 # 生成自签名证书 openssl ecparam -genkey -name prime256v1 -out "${work_dir}/private.key" @@ -257,8 +252,6 @@ cat > "${config_dir}" << EOF { "tag": "hysteria2", "type": "hysteria2", - "sniff":true, - "sniff_override_destination":true, "listen": "::", "listen_port": $hy2_port, "users": [ @@ -542,6 +535,7 @@ get_info() { if [ -f "${work_dir}/argo.log" ]; then for i in {1..5}; do + purple "第 $i 次尝试获取ArgoDoamin中..." argodomain=$(sed -n 's|.*https://\([^/]*trycloudflare\.com\).*|\1|p' "${work_dir}/argo.log") [ -n "$argodomain" ] && break sleep 2 @@ -554,8 +548,6 @@ get_info() { green "\nArgoDomain:${purple}$argodomain${re}\n" - yellow "\n温馨提醒:如节点不通,请打开V2rayN里的 “跳过证书验证”,或将节点的跳过证书验证设置为“true”\n" - VMESS="{ \"v\": \"2\", \"ps\": \"${isp}\", \"add\": \"${CFIP}\", \"port\": \"${CFPORT}\", \"id\": \"${uuid}\", \"aid\": \"0\", \"scy\": \"none\", \"net\": \"ws\", \"type\": \"none\", \"host\": \"${argodomain}\", \"path\": \"/vmess?ed=2048\", \"tls\": \"tls\", \"sni\": \"${argodomain}\", \"alpn\": \"\", \"fp\": \"randomized\", \"allowlnsecure\": \"flase\"}" cat > ${work_dir}/url.txt < ${work_dir}/sub.txt -echo "" -green "节点订阅链接:http://${server_ip}/${password}\n\n订阅链接适用于V2rayN,Nekbox,Sterisand,Loon,小火箭,圈X等\n" -$work_dir/qrencode "http://${server_ip}/${password}" +yellow "\n温馨提醒:需打开V2rayN或其他软件里的 “跳过证书验证”,或将节点的Insecure或TLS里设置为“true”\n" +green "节点订阅链接:http://${server_ip}:${nginx_port}/${password}\n\n订阅链接适用于V2rayN,Nekbox,Sterisand,Loon,小火箭,圈X等\n" +green "订阅二维码" +$work_dir/qrencode "http://${server_ip}:${nginx_port}/${password}" echo "" } @@ -601,8 +594,8 @@ events { http { server { - listen 80; - listen [::]:80; + listen $nginx_port; + listen [::]:$nginx_port; location /$password { alias /etc/sing-box/sub.txt; @@ -612,12 +605,12 @@ http { } EOF -nginx -t +nginx -t > /dev/null if [ $? -eq 0 ]; then if [ -f /etc/alpine-release ]; then - touch /run/nginx.pid pkill -f '[n]ginx' + touch /run/nginx.pid nginx -s reload rc-service nginx restart else @@ -861,15 +854,15 @@ uninstall_singbox() { y|Y) manage_packages uninstall nginx ;; - *) - yellow "取消卸载Nginx\n" + *) + yellow "取消卸载Nginx\n\n" ;; esac - green "\nsing-box 卸载成功\n" + green "\nsing-box 卸载成功\n\n" && exit 0 ;; *) - purple "已取消卸载操作\n" + purple "已取消卸载操作\n\n" ;; esac } @@ -910,7 +903,9 @@ if [ ${check_singbox} -eq 0 ]; then skyblue "------------" green "4. 添加hysteria2端口跳跃" skyblue "------------" - purple "${purple}5. 返回主菜单" + green "5. 删除hysteria2端口跳跃" + skyblue "------------" + purple "${purple}6. 返回主菜单" skyblue "------------" reading "请输入选择: " choice case "${choice}" in @@ -1013,17 +1008,45 @@ if [ ${check_singbox} -eq 0 ]; then ;; 4) purple "端口跳跃需确保跳跃区间的端口没有被占用,nat鸡请注意可用端口范围,否则可能造成节点不通\n" - reading "请输入起始端口 (回车跳过将使用随机端口): " min_port + reading "请输入跳跃起始端口 (回车跳过将使用随机端口): " min_port [ -z "$min_port" ] && min_port=$(shuf -i 50000-65000 -n 1) yellow "你的起始端口为:$min_port" - reading "\n请输入结束端口 (需大于起始端口): " max_port + reading "\n请输入跳跃结束端口 (需大于起始端口): " max_port [ -z "$max_port" ] && max_port=$(($min_port + 100)) yellow "你的结束端口为:$max_port\n" - manage_packages install iptables6 > /dev/null 2>&1 + purple "正在安装依赖,并设置端口跳跃规则中,请稍等...\n" listen_port=$(sed -n '/"tag": "hysteria2"/,/}/s/.*"listen_port": \([0-9]*\).*/\1/p' $config_dir) - iptables -A FORWARD -p udp --dport $min_port:$max_port -j ACCEPT > /dev/null 2>&1 - iptables -t nat -A PREROUTING -p udp --dport $min_port:$max_port -j REDIRECT --to-port $listen_port > /dev/null 2>&1 - command -v ip6tables &> /dev/null && ip6tables -A FORWARD -p udp --dport $min_port:$max_port -j ACCEPT > /dev/null 2>&1 && ip6tables -t nat -A PREROUTING -p tcp --dport $min_port:$max_port -j REDIRECT --to-port $listen_port > /dev/null 2>&1 + iptables -t nat -A PREROUTING -p udp --dport $min_port:$max_port -j DNAT --to-destination :$listen_port > /dev/null + command -v ip6tables &> /dev/null && ip6tables -t nat -A PREROUTING -p udp --dport $min_port:$max_port -j DNAT --to-destination :$listen_port > /dev/null + if [ -f /etc/alpine-release ]; then + iptables-save > /etc/iptables/rules.v4 + command -v ip6tables &> /dev/null && ip6tables-save > /etc/iptables/rules.v6 + + cat << 'EOF' > /etc/init.d/iptables +#!/sbin/openrc-run + +depend() { + need net +} + +start() { + [ -f /etc/iptables/rules.v4 ] && iptables-restore < /etc/iptables/rules.v4 + command -v ip6tables &> /dev/null && [ -f /etc/iptables/rules.v6 ] && ip6tables-restore < /etc/iptables/rules.v6 +} +EOF + + chmod +x /etc/init.d/iptables && rc-update add iptables default && /etc/init.d/iptables start + elif [ -f /etc/debian_version ]; then + DEBIAN_FRONTEND=noninteractive apt install -y iptables-persistent > /dev/null 2>&1 && netfilter-persistent save > /dev/null 2>&1 + systemctl enable netfilter-persistent > /dev/null 2>&1 && systemctl start netfilter-persistent > /dev/null 2>&1 + elif [ -f /etc/redhat-release ]; then + manage_packages install iptables-services > /dev/null 2>&1 && service iptables save > /dev/null 2>&1 + systemctl enable iptables > /dev/null 2>&1 && systemctl start iptables > /dev/null 2>&1 + command -v ip6tables &> /dev/null && service ip6tables save > /dev/null 2>&1 + systemctl enable ip6tables > /dev/null 2>&1 && systemctl start ip6tables > /dev/null 2>&1 + else + red "未知系统,请自行将跳跃端口转发到主端口" && exit 1 + fi restart_singbox ip=$(get_realip) uuid=$(sed -n 's/.*hysteria2:\/\/\([^@]*\)@.*/\1/p' $client_dir) @@ -1035,7 +1058,24 @@ if [ ${check_singbox} -eq 0 ]; then while IFS= read -r line; do yellow "$line"; done < ${work_dir}/url.txt green "\nhysteria2端口跳跃已开启,跳跃端口为:${purple}$min_port-$max_port${re} ${green}请更新订阅或手动复制以上hysteria2节点${re}\n" ;; - 5) menu ;; + 5) + iptables -t nat -F PREROUTING > /dev/null 2>&1 + command -v ip6tables &> /dev/null && ip6tables -t nat -F PREROUTING > /dev/null 2>&1 + if [ -f /etc/alpine-release ]; then + rc-update del iptables default && rm -rf /etc/init.d/iptables + elif [ -f /etc/redhat-release ]; then + netfilter-persistent save > /dev/null 2>&1 + elif [ -f /etc/redhat-release ]; then + service iptables save > /dev/null 2>&1 + command -v ip6tables &> /dev/null && service ip6tables save > /dev/null 2>&1 + else + manage_packages uninstall iptables ip6tables iptables-persistent iptables-service > /dev/null 2>&1 + fi + sed -i '/hysteria2/s/&mport=[^#&]*//g' /etc/sing-box/url.txt + base64 -w0 $client_dir > /etc/sing-box/sub.txt + green "\n端口跳跃已删除\n" + ;; + 6) menu ;; *) read "无效的选项!" ;; esac else @@ -1156,7 +1196,13 @@ else case "${choice}" in 1) start_argo ;; 2) stop_argo ;; - 3) restart_argo ;; + 3) clear + if [ -f /etc/alpine-release ]; then + grep -Fq -- '--url http://localhost:8001' /etc/init.d/argo && get_quick_tunnel && change_argo_domain || { green "\n当前使用固定隧道,无需获取临时域名"; sleep 2; menu; } + else + grep -q 'ExecStart=.*--url http://localhost:8001' /etc/systemd/system/argo.service && get_quick_tunnel && change_argo_domain || { green "\n当前使用固定隧道,无需获取临时域名"; sleep 2; menu; } + fi + ;; 4) clear yellow "\n固定隧道可为json或token,固定隧道端口为8001,自行在cf后台设置\n\njson在f佬维护的站点里获取,获取地址:${purple}https://fscarmen.cloudflare.now.cc${re}\n" @@ -1247,6 +1293,7 @@ yellow "获取临时argo域名中,请稍等...\n" sleep 3 if [ -f /etc/sing-box/argo.log ]; then for i in {1..5}; do + purple "第 $i 次尝试获取ArgoDoamin中..." get_argodomain=$(sed -n 's|.*https://\([^/]*trycloudflare\.com\).*|\1|p' /etc/sing-box/argo.log) [ -n "$get_argodomain" ] && break sleep 2 @@ -1336,8 +1383,8 @@ while true; do yellow "sing-box 已经安装!" else fix_nginx - manage_packages install nginx jq tar iptables openssl coreutils - [ -n "$(curl -s --max-time 1 ipv6.ip.sb)" ] && manage_packages install ip6tables + manage_packages install nginx jq tar openssl iptables # coreutils + [ -n "$(curl -s --max-time 2 ipv6.ip.sb)" ] && manage_packages install ip6tables install_singbox if [ -x "$(command -v systemctl)" ]; then