From 675b2834b65828d797e23db1dd8433491c231fcd Mon Sep 17 00:00:00 2001 From: yunshu <33997505+hello-yunshu@users.noreply.github.com> Date: Wed, 11 Dec 2024 21:39:53 +0800 Subject: [PATCH] Optimization Features --- README.md | 10 ++- VLESS_reality/config.json | 2 +- VLESS_xtls/config.json | 2 +- fail2ban_manager.sh | 12 +-- install.sh | 163 +++++++++++++++++++++----------------- 5 files changed, 104 insertions(+), 85 deletions(-) diff --git a/README.md b/README.md index 24a8185..07c3bdd 100644 --- a/README.md +++ b/README.md @@ -1,4 +1,4 @@ -## Xray+Nginx 包含 VLESS WebSocket/gRPC+TLS / XTLS+TCP 协议的一键安装脚本 +## Xray 支持 Reality / VLESS WebSocket/gRPC+TLS 协议 + Nginx 的一键安装脚本 [![GitHub stars](https://img.shields.io/github/stars/hello-yunshu/Xray_bash_onekey?color=%230885ce)](https://github.com/hello-yunshu/Xray_bash_onekey/stargazers) [![GitHub forks](https://img.shields.io/github/forks/hello-yunshu/Xray_bash_onekey?color=%230885ce)](https://github.com/hello-yunshu/Xray_bash_onekey/network) [![GitHub issues](https://img.shields.io/github/issues/hello-yunshu/Xray_bash_onekey)](https://github.com/hello-yunshu/Xray_bash_onekey/issues) > 感谢 JetBrains 提供的非商业开源软件开发授权。 @@ -18,12 +18,14 @@ * Telegram 交流群:https://t.me/idleleo_chat 。 ### 准备工作 -* 准备一个域名,并将A记录添加好。 -* 阅读[Xray官方说明](https://xtls.github.io),大概了解 TLS WebSocket gRPC XTLS 及 Xray 相关信息。 +* 准备一个服务器,在中国大陆境外运行的有公网ip。 +* 安装 Reality 协议全,找好一个符合 Xray 要求的域名。 +* 安装 TLS 版本的,准备一个域名,并将A记录添加好。 +* 阅读[Xray官方说明](https://xtls.github.io),大概了解 Reality TLS WebSocket gRPC 及 Xray 相关信息,了解 Reality target 的域名要求。 * **安装好 curl**,Centos用户运行:`yum install -y curl`;Debian/Ubuntu用户运行:`apt install -y curl`。 ### 安装/更新方式 -VLESS+Nginx+WebSocket/gRPC+TLS 或 VLESS+XTLS+Nginx+ws+gRPC 或 ws/gRPC ONLY 三选一: +VLESS+Ngin+Reality+x+ws+gRPC 或 VLESS+Nginx+WebSocket/gRPC+TLS 或 ws/gRPC ONLY 三选一: ``` bash <(curl -Ss https://www.idleleo.com/install.sh) ``` diff --git a/VLESS_reality/config.json b/VLESS_reality/config.json index 28a8141..4a9d6ef 100644 --- a/VLESS_reality/config.json +++ b/VLESS_reality/config.json @@ -22,7 +22,7 @@ "decryption": "none" }, "streamSettings": { - "network": "tcp", + "network": "raw", "security": "reality", "realitySettings": { "target": "example.com:443", diff --git a/VLESS_xtls/config.json b/VLESS_xtls/config.json index d3101ce..e42751c 100644 --- a/VLESS_xtls/config.json +++ b/VLESS_xtls/config.json @@ -28,7 +28,7 @@ ] }, "streamSettings": { - "network": "tcp", + "network": "raw", "security": "tls", "tlsSettings": { "rejectUnknownSni": true, diff --git a/fail2ban_manager.sh b/fail2ban_manager.sh index 848ecab..3c677ef 100644 --- a/fail2ban_manager.sh +++ b/fail2ban_manager.sh @@ -1,7 +1,7 @@ #!/bin/bash # 定义当前版本号 -mf_SCRIPT_VERSION="1.0.1" +mf_SCRIPT_VERSION="1.0.3" mf_main_menu() { check_system @@ -19,7 +19,7 @@ mf_main_menu() { 2) mf_manage_fail2ban ;; 3) mf_uninstall_fail2ban ;; 4) mf_display_fail2ban_status ;; - 5) source "$idleleo" ;; + 5) source "${idleleo}" ;; *) echo -e "\n${Error} ${RedBG} 无效的选择 请重试 ${Font}" ;; esac } @@ -31,6 +31,7 @@ mf_install_fail2ban() { pkg_install "fail2ban" mf_configure_fail2ban judge "Fail2ban 安装" + source "${idleleo}" fi } @@ -63,7 +64,7 @@ mf_configure_fail2ban() { # 启用 nginx-no-host 规则 if [[ ${reality_add_nginx} == "on" ]] && [[ -z $(grep "filter = nginx-no-host" /etc/fail2ban/jail.local) ]]; then mf_create_nginx_no_host_filter - sed -i "$ a \[nginx-no-host]\nenabled = true\nfilter = nginx-no-host\nlogpath = ${nginx_dir}/logs/error.log\nbantime = 604800\nmaxretry = 600\n" /etc/fail2ban/jail.local + sed -i "$ a \n\[nginx-no-host]\nenabled = true\nfilter = nginx-no-host\nlogpath = ${nginx_dir}/logs/error.log\nbantime = 604800\nmaxretry = 600\n" /etc/fail2ban/jail.local fi judge "Fail2ban 配置" @@ -72,7 +73,7 @@ mf_configure_fail2ban() { mf_create_nginx_no_host_filter() { local filter_file="/etc/fail2ban/filter.d/nginx-no-host.conf" if [[ ! -f "$filter_file" ]]; then - cat < "$filter_file" + cat >"$filter_file" <, ignoreregex = @@ -160,7 +161,7 @@ mf_start_enable_fail2ban() { mf_uninstall_fail2ban() { systemctl stop fail2ban systemctl disable fail2ban - pkg_uninstall "fail2ban" + ${INS} -y remove fail2ban [[ -f "/etc/fail2ban/jail.local" ]] && rm -rf /etc/fail2ban/jail.local if [[ -f "/etc/fail2ban/filter.d/nginx-no-host.conf" ]]; then rm -rf /etc/fail2ban/filter.d/nginx-no-host.conf @@ -168,6 +169,7 @@ mf_uninstall_fail2ban() { judge "Fail2ban 卸载" timeout "清空屏幕!" clear + source "${idleleo}" } mf_stop_disable_fail2ban() { diff --git a/install.sh b/install.sh index 937c9e2..ef0dc9b 100644 --- a/install.sh +++ b/install.sh @@ -16,7 +16,7 @@ idleleo=$0 # Dscription: Xray Onekey Management # Version: 2.0 # email: admin@idleleo.com -# Official document: www.idleleo.com +# Official document: hey.run #===================================================== #fonts color @@ -958,6 +958,7 @@ nginx_exist_check() { fi modify_nginx_origin_conf echo -e "${OK} ${GreenBG} Nginx 已存在, 跳过编译安装过程 ${Font}" + #兼容代码,下个大版本删除 elif [[ -d "/etc/nginx" ]] && [[ "$(info_extraction nginx_version)" == "null" ]]; then echo -e "${Error} ${GreenBG} 检测到旧版本安装的 nginx ! ${Font}" echo -e "${Warning} ${GreenBG} 请先做好备份 ${Font}" @@ -976,6 +977,7 @@ nginx_exist_check() { nginx_install ;; esac + #兼容代码结束 elif [[ -d "/etc/nginx" ]] && [[ "$(info_extraction nginx_version)" == "null" ]]; then echo -e "${Error} ${RedBG} 检测到其他套件安装的 Nginx, 继续安装会造成冲突, 请处理后安装! ${Font}" exit 1 @@ -1679,91 +1681,104 @@ service_stop() { } acme_cron_update() { - if [[ "${ID}" == "centos" ]]; then - crontab_file="/var/spool/cron/root" - else - crontab_file="/var/spool/cron/crontabs/root" - fi - if [[ -f "${ssl_update_file}" ]] && [[ $(crontab -l | grep -c "ssl_update.sh") == "1" ]]; then - echo -e "\n${Warning} ${GreenBG} 新版本已自动设置证书自动更新 ${Font}" - echo -e "${Warning} ${GreenBG} 老版本请及时删除 废弃的 改版证书自动更新! ${Font}" - echo -e "${GreenBG} 已设置改版证书自动更新 ${Font}" - echo -e "${GreenBG} 是否需要删除改版证书自动更新 (请删除) [${Red}Y${Font}${GreenBG}/N]? ${Font}" - read -r remove_acme_cron_update_fq - case $remove_acme_cron_update_fq in - [nN][oO] | [nN]) ;; - *) - sed -i "/ssl_update.sh/d" ${crontab_file} - rm -rf ${ssl_update_file} - judge "删除改版证书自动更新" - ;; + if [[ ${tls_mode} == "TLS" ]]; then + local crontab_file + if [[ "${ID}" == "centos" ]]; then + crontab_file="/var/spool/cron/root" + else + crontab_file="/var/spool/cron/crontabs/root" + fi + if [[ -f "${ssl_update_file}" ]] && [[ $(crontab -l | grep -c "ssl_update.sh") == "1" ]]; then + echo -e "\n${Warning} ${GreenBG} 新版本已自动设置证书自动更新 ${Font}" + echo -e "${Warning} ${GreenBG} 老版本请及时删除 废弃的 改版证书自动更新! ${Font}" + echo -e "${GreenBG} 已设置改版证书自动更新 ${Font}" + echo -e "${GreenBG} 是否需要删除改版证书自动更新 (请删除) [${Red}Y${Font}${GreenBG}/N]? ${Font}" + read -r remove_acme_cron_update_fq + case $remove_acme_cron_update_fq in + [nN][oO] | [nN]) ;; + *) + sed -i "/ssl_update.sh/d" ${crontab_file} + rm -rf ${ssl_update_file} + judge "删除改版证书自动更新" + ;; - esac + esac + else + echo -e "\n${OK} ${GreenBG} 新版本已自动设置证书自动更新 ${Font}" + # echo -e "${GreenBG} 是否设置证书自动更新 (新版本无需设置) [Y/${Red}N${Font}${GreenBG}]? ${Font}" + # read -r acme_cron_update_fq + # case $acme_cron_update_fq in + # [yY][eE][sS] | [yY]) + # # if [[ "${ssl_self}" != "on" ]]; then + # # wget -N -P ${idleleo_dir} --no-check-certificate https://raw.githubusercontent.com/hello-yunshu/Xray_bash_onekey/main/ssl_update.sh && chmod +x ${ssl_update_file} + # # if [[ $(crontab -l | grep -c "acme.sh") -lt 1 ]]; then + # # echo "0 3 15 * * bash ${ssl_update_file}" >>${crontab_file} + # # else + # # sed -i "/acme.sh/c 0 3 15 * * bash ${ssl_update_file}" ${crontab_file} + # # fi + # # judge "设置证书自动更新" + # # else + # # echo -e "${Error} ${RedBG} 自定义证书不支持此操作! ${Font}" + # # fi + # echo -e "${Error} ${RedBG} 新版本请勿使用! ${Font}" + # ;; + # *) ;; + # esac + fi else - echo -e "\n${OK} ${GreenBG} 新版本已自动设置证书自动更新 ${Font}" - # echo -e "${GreenBG} 是否设置证书自动更新 (新版本无需设置) [Y/${Red}N${Font}${GreenBG}]? ${Font}" - # read -r acme_cron_update_fq - # case $acme_cron_update_fq in - # [yY][eE][sS] | [yY]) - # # if [[ "${ssl_self}" != "on" ]]; then - # # wget -N -P ${idleleo_dir} --no-check-certificate https://raw.githubusercontent.com/hello-yunshu/Xray_bash_onekey/main/ssl_update.sh && chmod +x ${ssl_update_file} - # # if [[ $(crontab -l | grep -c "acme.sh") -lt 1 ]]; then - # # echo "0 3 15 * * bash ${ssl_update_file}" >>${crontab_file} - # # else - # # sed -i "/acme.sh/c 0 3 15 * * bash ${ssl_update_file}" ${crontab_file} - # # fi - # # judge "设置证书自动更新" - # # else - # # echo -e "${Error} ${RedBG} 自定义证书不支持此操作! ${Font}" - # # fi - # echo -e "${Error} ${RedBG} 新版本请勿使用! ${Font}" - # ;; - # *) ;; - # esac + echo -e "${Error} ${RedBG} 当前模式不支持此操作! ${Font}" fi } check_cert_status() { - host="$(info_extraction host)" - if [[ -d "$HOME/.acme.sh/${host}_ecc" ]] && [[ -f "$HOME/.acme.sh/${host}_ecc/${host}.key" ]] && [[ -f "$HOME/.acme.sh/${host}_ecc/${host}.cer" ]]; then - modifyTime=$(stat "$HOME/.acme.sh/${host}_ecc/${host}.cer" | sed -n '7,6p' | awk '{print $2" "$3" "$4" "$5}') - modifyTime=$(date +%s -d "${modifyTime}") - currentTime=$(date +%s) - ((stampDiff = currentTime - modifyTime)) - ((days = stampDiff / 86400)) - ((remainingDays = 90 - days)) - tlsStatus=${remainingDays} - [[ ${remainingDays} -le 0 ]] && tlsStatus="${Red}已过期${Font}" - echo -e "\n${Green}证书生成日期: $(date -d "@${modifyTime}" +"%F %H:%M:%S")${Font}" - echo -e "${Green}证书生成天数: ${days}${Font}" - echo -e "${Green}证书剩余天数: ${tlsStatus}${Font}\n" - if [[ ${remainingDays} -le 0 ]]; then - echo -e "\n${Warning} ${YellowBG} 是否立即更新证书 [Y/${Red}N${Font}${YellowBG}]? ${Font}" - read -r cert_update_manuel_fq - case $cert_update_manuel_fq in - [yY][eE][sS] | [yY]) - systemctl stop xray - judge "Xray 停止" - cert_update_manuel - service_restart - ;; - *) ;; - esac + if [[ ${tls_mode} == "TLS" ]]; then + host="$(info_extraction host)" + if [[ -d "$HOME/.acme.sh/${host}_ecc" ]] && [[ -f "$HOME/.acme.sh/${host}_ecc/${host}.key" ]] && [[ -f "$HOME/.acme.sh/${host}_ecc/${host}.cer" ]]; then + modifyTime=$(stat "$HOME/.acme.sh/${host}_ecc/${host}.cer" | sed -n '7,6p' | awk '{print $2" "$3" "$4" "$5}') + modifyTime=$(date +%s -d "${modifyTime}") + currentTime=$(date +%s) + ((stampDiff = currentTime - modifyTime)) + ((days = stampDiff / 86400)) + ((remainingDays = 90 - days)) + tlsStatus=${remainingDays} + [[ ${remainingDays} -le 0 ]] && tlsStatus="${Red}已过期${Font}" + echo -e "\n${Green}证书生成日期: $(date -d "@${modifyTime}" +"%F %H:%M:%S")${Font}" + echo -e "${Green}证书生成天数: ${days}${Font}" + echo -e "${Green}证书剩余天数: ${tlsStatus}${Font}\n" + if [[ ${remainingDays} -le 0 ]]; then + echo -e "\n${Warning} ${YellowBG} 是否立即更新证书 [Y/${Red}N${Font}${YellowBG}]? ${Font}" + read -r cert_update_manuel_fq + case $cert_update_manuel_fq in + [yY][eE][sS] | [yY]) + systemctl stop xray + judge "Xray 停止" + cert_update_manuel + service_restart + ;; + *) ;; + esac + fi + else + echo -e "${Error} ${RedBG} 证书签发工具不存在, 请确认是否证书为脚本签发! ${Font}" fi else - echo -e "${Error} ${RedBG} 证书签发工具不存在, 请确认是否证书为脚本签发! ${Font}" + echo -e "${Error} ${RedBG} 当前模式不支持此操作! ${Font}" fi } cert_update_manuel() { - if [[ -f "${amce_sh_file}" ]]; then - "/root/.acme.sh"/acme.sh --cron --home "/root/.acme.sh" + if [[ ${tls_mode} == "TLS" ]]; then + if [[ -f "${amce_sh_file}" ]]; then + "/root/.acme.sh"/acme.sh --cron --home "/root/.acme.sh" + else + echo -e "${Error} ${RedBG} 证书签发工具不存在, 请确认是否证书为脚本签发! ${Font}" + fi + host="$(info_extraction host)" + "$HOME"/.acme.sh/acme.sh --installcert -d "${host}" --fullchainpath ${ssl_chainpath}/xray.crt --keypath ${ssl_chainpath}/xray.key --ecc + judge "证书更新" else - echo -e "${Error} ${RedBG} 证书签发工具不存在, 请确认是否证书为脚本签发! ${Font}" + echo -e "${Error} ${RedBG} 当前模式不支持此操作! ${Font}" fi - host="$(info_extraction host)" - "$HOME"/.acme.sh/acme.sh --installcert -d "${host}" --fullchainpath ${ssl_chainpath}/xray.crt --keypath ${ssl_chainpath}/xray.key --ecc - judge "证书更新" } set_fail2ban() { @@ -1892,7 +1907,7 @@ vless_qr_config_reality() { "email": "${custom_email}", "idc": "${UUID5_char}", "id": "${UUID}", - "net": "tcp", + "net": "raw", "tls": "Reality", "target": "${target}", "serverNames":"${serverNames}", @@ -2360,7 +2375,7 @@ show_user() { user_vless_link="vless://${user_id}@$(vless_urlquote $(info_extraction host)):$(info_extraction port)?serviceName=$(vless_urlquote $(info_extraction serviceName))&security=tls&encryption=none&host=$(vless_urlquote $(info_extraction host))&type=grpc#$(vless_urlquote $(info_extraction host))+gRPC%E5%8D%8F%E8%AE%AE" fi elif [[ ${tls_mode} == "Reality" ]]; then - user_vless_link="vless://${user_id}@$(vless_urlquote $(info_extraction host)):$(info_extraction port)?security=tls&encryption=none&headerType=none&type=tcp&flow=xtls-rprx-vision#$(vless_urlquote $(info_extraction host))+reality%E5%8D%8F%E8%AE%AE" + user_vless_link="vless://${user_id}@$(vless_urlquote $(info_extraction host)):$(info_extraction port)?security=tls&encryption=none&headerType=none&type=raw&flow=xtls-rprx-vision#$(vless_urlquote $(info_extraction host))+reality%E5%8D%8F%E8%AE%AE" fi echo -e "${Red} URL 分享链接:${Font} ${user_vless_link}" echo -n "${user_vless_link}" | qrencode -o - -t utf8