Proxy-Tools/Xray_bash_onekey
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Optimization Features

Browse Source
This commit is contained in:
yunshu
2024-12-11 21:39:53 +08:00
parent a91eeeee8d
commit 675b2834b6
5 changed files with 104 additions and 85 deletions
Download Patch File Download Diff File Expand all files Collapse all files
README.md
+6 -4
View File
@@ -1,4 +1,4 @@
## Xray+Nginx 包含 VLESS WebSocket/gRPC+TLS / XTLS+TCP 协议的一键安装脚本
## Xray 支持 Reality / VLESS WebSocket/gRPC+TLS 协议 + Nginx 的一键安装脚本
[![GitHub stars](https://img.shields.io/github/stars/hello-yunshu/Xray_bash_onekey?color=%230885ce)](https://github.com/hello-yunshu/Xray_bash_onekey/stargazers) [![GitHub forks](https://img.shields.io/github/forks/hello-yunshu/Xray_bash_onekey?color=%230885ce)](https://github.com/hello-yunshu/Xray_bash_onekey/network) [![GitHub issues](https://img.shields.io/github/issues/hello-yunshu/Xray_bash_onekey)](https://github.com/hello-yunshu/Xray_bash_onekey/issues)
> 感谢 JetBrains 提供的非商业开源软件开发授权。
@@ -18,12 +18,14 @@
* Telegram 交流群:https://t.me/idleleo_chat 。
### 准备工作
* 准备一个域名,并将A记录添加好
* 阅读[Xray官方说明](https://xtls.github.io),大概了解 TLS WebSocket gRPC XTLS 及 Xray 相关信息
* 准备一个服务器,在中国大陆境外运行的有公网ip
* 安装 Reality 协议全,找好一个符合 Xray 要求的域名
* 安装 TLS 版本的,准备一个域名,并将A记录添加好。
* 阅读[Xray官方说明](https://xtls.github.io),大概了解 Reality TLS WebSocket gRPC 及 Xray 相关信息,了解 Reality target 的域名要求。
* **安装好 curl**Centos用户运行:`yum install -y curl`Debian/Ubuntu用户运行:`apt install -y curl`
### 安装/更新方式
VLESS+Nginx+WebSocket/gRPC+TLS 或 VLESS+XTLS+Nginx+ws+gRPC 或 ws/gRPC ONLY 三选一:
VLESS+Ngin+Reality+x+ws+gRPC 或 VLESS+Nginx+WebSocket/gRPC+TLS 或 ws/gRPC ONLY 三选一:
```
bash <(curl -Ss https://www.idleleo.com/install.sh)
```
VLESS_reality/config.json
+1 -1
View File
@@ -22,7 +22,7 @@
"decryption": "none"
},
"streamSettings": {
"network": "tcp",
"network": "raw",
"security": "reality",
"realitySettings": {
"target": "example.com:443",
VLESS_xtls/config.json
+1 -1
View File
@@ -28,7 +28,7 @@
]
},
"streamSettings": {
"network": "tcp",
"network": "raw",
"security": "tls",
"tlsSettings": {
"rejectUnknownSni": true,
fail2ban_manager.sh
+7 -5
View File
@@ -1,7 +1,7 @@
#!/bin/bash
# 定义当前版本号
mf_SCRIPT_VERSION="1.0.1"
mf_SCRIPT_VERSION="1.0.3"
mf_main_menu() {
check_system
@@ -19,7 +19,7 @@ mf_main_menu() {
2) mf_manage_fail2ban ;;
3) mf_uninstall_fail2ban ;;
4) mf_display_fail2ban_status ;;
5) source "$idleleo" ;;
5) source "${idleleo}" ;;
*) echo -e "\n${Error} ${RedBG} 无效的选择 请重试 ${Font}" ;;
esac
}
@@ -31,6 +31,7 @@ mf_install_fail2ban() {
pkg_install "fail2ban"
mf_configure_fail2ban
judge "Fail2ban 安装"
source "${idleleo}"
fi
}
@@ -63,7 +64,7 @@ mf_configure_fail2ban() {
# 启用 nginx-no-host 规则
if [[ ${reality_add_nginx} == "on" ]] && [[ -z $(grep "filter = nginx-no-host" /etc/fail2ban/jail.local) ]]; then
mf_create_nginx_no_host_filter
sed -i "$ a \[nginx-no-host]\nenabled = true\nfilter = nginx-no-host\nlogpath = ${nginx_dir}/logs/error.log\nbantime = 604800\nmaxretry = 600\n" /etc/fail2ban/jail.local
sed -i "$ a \n\[nginx-no-host]\nenabled = true\nfilter = nginx-no-host\nlogpath = ${nginx_dir}/logs/error.log\nbantime = 604800\nmaxretry = 600\n" /etc/fail2ban/jail.local
fi
judge "Fail2ban 配置"
@@ -72,7 +73,7 @@ mf_configure_fail2ban() {
mf_create_nginx_no_host_filter() {
local filter_file="/etc/fail2ban/filter.d/nginx-no-host.conf"
if [[ ! -f "$filter_file" ]]; then
cat <<EOF > "$filter_file"
cat >"$filter_file" <<EOF
[Definition]
failregex = \[error\].*?no host in upstream.*?, client: <HOST>,
ignoreregex =
@@ -160,7 +161,7 @@ mf_start_enable_fail2ban() {
mf_uninstall_fail2ban() {
systemctl stop fail2ban
systemctl disable fail2ban
pkg_uninstall "fail2ban"
${INS} -y remove fail2ban
[[ -f "/etc/fail2ban/jail.local" ]] && rm -rf /etc/fail2ban/jail.local
if [[ -f "/etc/fail2ban/filter.d/nginx-no-host.conf" ]]; then
rm -rf /etc/fail2ban/filter.d/nginx-no-host.conf
@@ -168,6 +169,7 @@ mf_uninstall_fail2ban() {
judge "Fail2ban 卸载"
timeout "清空屏幕!"
clear
source "${idleleo}"
}
mf_stop_disable_fail2ban() {
install.sh
+89 -74
View File
@@ -16,7 +16,7 @@ idleleo=$0
# Dscription: Xray Onekey Management
# Version: 2.0
# email: admin@idleleo.com
# Official document: www.idleleo.com
# Official document: hey.run
#=====================================================
#fonts color
@@ -958,6 +958,7 @@ nginx_exist_check() {
fi
modify_nginx_origin_conf
echo -e "${OK} ${GreenBG} Nginx 已存在, 跳过编译安装过程 ${Font}"
#兼容代码,下个大版本删除
elif [[ -d "/etc/nginx" ]] && [[ "$(info_extraction nginx_version)" == "null" ]]; then
echo -e "${Error} ${GreenBG} 检测到旧版本安装的 nginx ! ${Font}"
echo -e "${Warning} ${GreenBG} 请先做好备份 ${Font}"
@@ -976,6 +977,7 @@ nginx_exist_check() {
nginx_install
;;
esac
#兼容代码结束
elif [[ -d "/etc/nginx" ]] && [[ "$(info_extraction nginx_version)" == "null" ]]; then
echo -e "${Error} ${RedBG} 检测到其他套件安装的 Nginx, 继续安装会造成冲突, 请处理后安装! ${Font}"
exit 1
@@ -1679,91 +1681,104 @@ service_stop() {
}
acme_cron_update() {
if [[ "${ID}" == "centos" ]]; then
crontab_file="/var/spool/cron/root"
else
crontab_file="/var/spool/cron/crontabs/root"
fi
if [[ -f "${ssl_update_file}" ]] && [[ $(crontab -l | grep -c "ssl_update.sh") == "1" ]]; then
echo -e "\n${Warning} ${GreenBG} 新版本已自动设置证书自动更新 ${Font}"
echo -e "${Warning} ${GreenBG} 老版本请及时删除 废弃的 改版证书自动更新! ${Font}"
echo -e "${GreenBG} 已设置改版证书自动更新 ${Font}"
echo -e "${GreenBG} 是否需要删除改版证书自动更新 (请删除) [${Red}Y${Font}${GreenBG}/N]? ${Font}"
read -r remove_acme_cron_update_fq
case $remove_acme_cron_update_fq in
[nN][oO] | [nN]) ;;
*)
sed -i "/ssl_update.sh/d" ${crontab_file}
rm -rf ${ssl_update_file}
judge "删除改版证书自动更新"
;;
if [[ ${tls_mode} == "TLS" ]]; then
local crontab_file
if [[ "${ID}" == "centos" ]]; then
crontab_file="/var/spool/cron/root"
else
crontab_file="/var/spool/cron/crontabs/root"
fi
if [[ -f "${ssl_update_file}" ]] && [[ $(crontab -l | grep -c "ssl_update.sh") == "1" ]]; then
echo -e "\n${Warning} ${GreenBG} 新版本已自动设置证书自动更新 ${Font}"
echo -e "${Warning} ${GreenBG} 老版本请及时删除 废弃的 改版证书自动更新! ${Font}"
echo -e "${GreenBG} 已设置改版证书自动更新 ${Font}"
echo -e "${GreenBG} 是否需要删除改版证书自动更新 (请删除) [${Red}Y${Font}${GreenBG}/N]? ${Font}"
read -r remove_acme_cron_update_fq
case $remove_acme_cron_update_fq in
[nN][oO] | [nN]) ;;
*)
sed -i "/ssl_update.sh/d" ${crontab_file}
rm -rf ${ssl_update_file}
judge "删除改版证书自动更新"
;;
esac
esac
else
echo -e "\n${OK} ${GreenBG} 新版本已自动设置证书自动更新 ${Font}"
# echo -e "${GreenBG} 是否设置证书自动更新 (新版本无需设置) [Y/${Red}N${Font}${GreenBG}]? ${Font}"
# read -r acme_cron_update_fq
# case $acme_cron_update_fq in
# [yY][eE][sS] | [yY])
# # if [[ "${ssl_self}" != "on" ]]; then
# # wget -N -P ${idleleo_dir} --no-check-certificate https://raw.githubusercontent.com/hello-yunshu/Xray_bash_onekey/main/ssl_update.sh && chmod +x ${ssl_update_file}
# # if [[ $(crontab -l | grep -c "acme.sh") -lt 1 ]]; then
# # echo "0 3 15 * * bash ${ssl_update_file}" >>${crontab_file}
# # else
# # sed -i "/acme.sh/c 0 3 15 * * bash ${ssl_update_file}" ${crontab_file}
# # fi
# # judge "设置证书自动更新"
# # else
# # echo -e "${Error} ${RedBG} 自定义证书不支持此操作! ${Font}"
# # fi
# echo -e "${Error} ${RedBG} 新版本请勿使用! ${Font}"
# ;;
# *) ;;
# esac
fi
else
echo -e "\n${OK} ${GreenBG} 新版本已自动设置证书自动更新 ${Font}"
# echo -e "${GreenBG} 是否设置证书自动更新 (新版本无需设置) [Y/${Red}N${Font}${GreenBG}]? ${Font}"
# read -r acme_cron_update_fq
# case $acme_cron_update_fq in
# [yY][eE][sS] | [yY])
# # if [[ "${ssl_self}" != "on" ]]; then
# # wget -N -P ${idleleo_dir} --no-check-certificate https://raw.githubusercontent.com/hello-yunshu/Xray_bash_onekey/main/ssl_update.sh && chmod +x ${ssl_update_file}
# # if [[ $(crontab -l | grep -c "acme.sh") -lt 1 ]]; then
# # echo "0 3 15 * * bash ${ssl_update_file}" >>${crontab_file}
# # else
# # sed -i "/acme.sh/c 0 3 15 * * bash ${ssl_update_file}" ${crontab_file}
# # fi
# # judge "设置证书自动更新"
# # else
# # echo -e "${Error} ${RedBG} 自定义证书不支持此操作! ${Font}"
# # fi
# echo -e "${Error} ${RedBG} 新版本请勿使用! ${Font}"
# ;;
# *) ;;
# esac
echo -e "${Error} ${RedBG} 当前模式不支持此操作! ${Font}"
fi
}
check_cert_status() {
host="$(info_extraction host)"
if [[ -d "$HOME/.acme.sh/${host}_ecc" ]] && [[ -f "$HOME/.acme.sh/${host}_ecc/${host}.key" ]] && [[ -f "$HOME/.acme.sh/${host}_ecc/${host}.cer" ]]; then
modifyTime=$(stat "$HOME/.acme.sh/${host}_ecc/${host}.cer" | sed -n '7,6p' | awk '{print $2" "$3" "$4" "$5}')
modifyTime=$(date +%s -d "${modifyTime}")
currentTime=$(date +%s)
((stampDiff = currentTime - modifyTime))
((days = stampDiff / 86400))
((remainingDays = 90 - days))
tlsStatus=${remainingDays}
[[ ${remainingDays} -le 0 ]] && tlsStatus="${Red}已过期${Font}"
echo -e "\n${Green}证书生成日期: $(date -d "@${modifyTime}" +"%F %H:%M:%S")${Font}"
echo -e "${Green}证书生成天数: ${days}${Font}"
echo -e "${Green}证书剩余天数: ${tlsStatus}${Font}\n"
if [[ ${remainingDays} -le 0 ]]; then
echo -e "\n${Warning} ${YellowBG} 是否立即更新证书 [Y/${Red}N${Font}${YellowBG}]? ${Font}"
read -r cert_update_manuel_fq
case $cert_update_manuel_fq in
[yY][eE][sS] | [yY])
systemctl stop xray
judge "Xray 停止"
cert_update_manuel
service_restart
;;
*) ;;
esac
if [[ ${tls_mode} == "TLS" ]]; then
host="$(info_extraction host)"
if [[ -d "$HOME/.acme.sh/${host}_ecc" ]] && [[ -f "$HOME/.acme.sh/${host}_ecc/${host}.key" ]] && [[ -f "$HOME/.acme.sh/${host}_ecc/${host}.cer" ]]; then
modifyTime=$(stat "$HOME/.acme.sh/${host}_ecc/${host}.cer" | sed -n '7,6p' | awk '{print $2" "$3" "$4" "$5}')
modifyTime=$(date +%s -d "${modifyTime}")
currentTime=$(date +%s)
((stampDiff = currentTime - modifyTime))
((days = stampDiff / 86400))
((remainingDays = 90 - days))
tlsStatus=${remainingDays}
[[ ${remainingDays} -le 0 ]] && tlsStatus="${Red}已过期${Font}"
echo -e "\n${Green}证书生成日期: $(date -d "@${modifyTime}" +"%F %H:%M:%S")${Font}"
echo -e "${Green}证书生成天数: ${days}${Font}"
echo -e "${Green}证书剩余天数: ${tlsStatus}${Font}\n"
if [[ ${remainingDays} -le 0 ]]; then
echo -e "\n${Warning} ${YellowBG} 是否立即更新证书 [Y/${Red}N${Font}${YellowBG}]? ${Font}"
read -r cert_update_manuel_fq
case $cert_update_manuel_fq in
[yY][eE][sS] | [yY])
systemctl stop xray
judge "Xray 停止"
cert_update_manuel
service_restart
;;
*) ;;
esac
fi
else
echo -e "${Error} ${RedBG} 证书签发工具不存在, 请确认是否证书为脚本签发! ${Font}"
fi
else
echo -e "${Error} ${RedBG} 证书签发工具不存在, 请确认是否证书为脚本签发! ${Font}"
echo -e "${Error} ${RedBG} 当前模式不支持此操作! ${Font}"
fi
}
cert_update_manuel() {
if [[ -f "${amce_sh_file}" ]]; then
"/root/.acme.sh"/acme.sh --cron --home "/root/.acme.sh"
if [[ ${tls_mode} == "TLS" ]]; then
if [[ -f "${amce_sh_file}" ]]; then
"/root/.acme.sh"/acme.sh --cron --home "/root/.acme.sh"
else
echo -e "${Error} ${RedBG} 证书签发工具不存在, 请确认是否证书为脚本签发! ${Font}"
fi
host="$(info_extraction host)"
"$HOME"/.acme.sh/acme.sh --installcert -d "${host}" --fullchainpath ${ssl_chainpath}/xray.crt --keypath ${ssl_chainpath}/xray.key --ecc
judge "证书更新"
else
echo -e "${Error} ${RedBG} 证书签发工具不存在, 请确认是否证书为脚本签发! ${Font}"
echo -e "${Error} ${RedBG} 当前模式不支持此操作! ${Font}"
fi
host="$(info_extraction host)"
"$HOME"/.acme.sh/acme.sh --installcert -d "${host}" --fullchainpath ${ssl_chainpath}/xray.crt --keypath ${ssl_chainpath}/xray.key --ecc
judge "证书更新"
}
set_fail2ban() {
@@ -1892,7 +1907,7 @@ vless_qr_config_reality() {
"email": "${custom_email}",
"idc": "${UUID5_char}",
"id": "${UUID}",
"net": "tcp",
"net": "raw",
"tls": "Reality",
"target": "${target}",
"serverNames":"${serverNames}",
@@ -2360,7 +2375,7 @@ show_user() {
user_vless_link="vless://${user_id}@$(vless_urlquote $(info_extraction host)):$(info_extraction port)?serviceName=$(vless_urlquote $(info_extraction serviceName))&security=tls&encryption=none&host=$(vless_urlquote $(info_extraction host))&type=grpc#$(vless_urlquote $(info_extraction host))+gRPC%E5%8D%8F%E8%AE%AE"
fi
elif [[ ${tls_mode} == "Reality" ]]; then
user_vless_link="vless://${user_id}@$(vless_urlquote $(info_extraction host)):$(info_extraction port)?security=tls&encryption=none&headerType=none&type=tcp&flow=xtls-rprx-vision#$(vless_urlquote $(info_extraction host))+reality%E5%8D%8F%E8%AE%AE"
user_vless_link="vless://${user_id}@$(vless_urlquote $(info_extraction host)):$(info_extraction port)?security=tls&encryption=none&headerType=none&type=raw&flow=xtls-rprx-vision#$(vless_urlquote $(info_extraction host))+reality%E5%8D%8F%E8%AE%AE"
fi
echo -e "${Red} URL 分享链接:${Font} ${user_vless_link}"
echo -n "${user_vless_link}" | qrencode -o - -t utf8