From 99cadd57b4de27dabfe9e801d23aafa12b3612bf Mon Sep 17 00:00:00 2001 From: yunshu Date: Tue, 2 Sep 2025 16:04:31 +0800 Subject: [PATCH] Add Reality load balancing and improve server config MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Introduces Reality负载均衡 (load balancing) support with new configuration options and logic in install.sh and file_manager.sh. Refactors server file creation to support default ports, adds helper for file_manager.sh download, and updates Nginx upstream configuration to include .realityServers files. Also improves customization prompts for shortIds and keys, and updates version numbers. Update install.sh Update version and fix realityServers file creation Bumped script version to 1.2.1. Changed realityServers file creation to no longer pass port '9443', ensuring consistent behavior with other server types. --- file_manager.sh | 24 ++++-- install.sh | 201 ++++++++++++++++++++++++++++++++---------------- 2 files changed, 154 insertions(+), 71 deletions(-) diff --git a/file_manager.sh b/file_manager.sh index ae35741..7eca8bf 100644 --- a/file_manager.sh +++ b/file_manager.sh @@ -1,7 +1,7 @@ #!/bin/bash # 定义当前版本号 -fm_SCRIPT_VERSION="1.1.0" +fm_SCRIPT_VERSION="1.2.1" if [ -z "$1" ]; then echo "$(gettext "用法"):" $0 <$(gettext "文件扩展名")> [<$(gettext "目录路径")>] @@ -90,11 +90,20 @@ fm_create_servername_file() { fm_list_files } -fm_create_ws_or_grpc_server_file() { +fm_create_server_file() { + local default_port="$1" local host port weight content firewall_set_fq + fm_list_files + read_optimize "$(gettext "请输入主机") (host):" host - read_optimize "$(gettext "请输入端口") (port):" port "" 1 65535 + + if [[ -n "$default_port" ]]; then + read_optimize "$(gettext "请输入端口") (port $(gettext "默认值"): ${default_port}):" port "${default_port}" 1 65535 + else + read_optimize "$(gettext "请输入端口") (port):" port "" 1 65535 + fi + read_optimize "$(gettext "请输入权重") (0~100 $(gettext "默认值") 50):" weight "50" 0 100 content="server ${host}:${port} weight=${weight} max_fails=2 fail_timeout=10;" @@ -126,7 +135,7 @@ fm_create_ws_or_grpc_server_file() { systemctl restart iptables log_echo "${OK} ${GreenBG} $(gettext "防火墙") $(gettext "重启完成") ${Font}" fi - ;; + ;; *) log_echo "${OK} ${GreenBG} $(gettext "跳过防火墙设置") ${Font}" ;; @@ -175,8 +184,11 @@ fm_create_file() { fm_create_servername_file ;; wsServers|grpcServers) - fm_create_ws_or_grpc_server_file - ;; + fm_create_server_file "" + ;; + realityServers) + fm_create_server_file "" + ;; *) echo log_echo "${Error} ${RedBG} $(gettext "不支持的文件扩展名") $fm_EXTENSION ${Font}" diff --git a/install.sh b/install.sh index 34d7024..283e5e9 100644 --- a/install.sh +++ b/install.sh @@ -35,7 +35,7 @@ OK="${Green}[OK]${Font}" Error="${RedW}[$(gettext "错误")]${Font}" Warning="${RedW}[$(gettext "警告")]${Font}" -shell_version="2.6.5" +shell_version="2.7.0" shell_mode="$(gettext "未安装")" tls_mode="None" ws_grpc_mode="None" @@ -71,6 +71,7 @@ get_versions_all=$(curl -s https://cdn.jsdelivr.net/gh/hello-yunshu/Xray_bash_on read_config_status=1 reality_add_more="off" reality_add_nginx="off" +reality_add_balance="off" old_config_status="off" old_tls_mode="NULL" random_num=$((RANDOM % 12 + 4)) @@ -831,7 +832,6 @@ keys_set() { local keys custom_keys_fq echo log_echo "${GreenBG} $(gettext "是否需要自定义") privateKey [Y/${Red}N${Font}${GreenBG}]? ${Font}" - echo -e "${Warning} ${YellowBG} $(gettext "如不清楚具体用途, 请勿继续")! ${Font}" read -r custom_keys_fq case $custom_keys_fq in [yY][eE][sS] | [yY]) @@ -854,20 +854,48 @@ keys_set() { shortIds_set() { if [[ "on" != ${old_config_status} ]]; then - pkg_install "openssl" - shortIds=$(openssl rand -hex 4) + local custom_shortids_fq + echo + log_echo "${GreenBG} $(gettext "是否需要自定义") shortIds [Y/${Red}N${Font}${GreenBG}]? ${Font}" + read -r custom_shortids_fq + case $custom_shortids_fq in + [yY][eE][sS] | [yY]) + read_optimize "$(gettext "请输入") shortIds:" "shortIds" "NULL" + ;; + *) + pkg_install "openssl" + shortIds=$(openssl rand -hex 8) + ;; + esac log_echo "${Green} shortIds: ${shortIds} ${Font}" + echo fi } +ensure_file_manager() { + local fm_remote_url="https://raw.githubusercontent.com/hello-yunshu/Xray_bash_onekey/main/file_manager.sh" + local fm_local_path="${idleleo_dir}/file_manager.sh" + + if [[ ! -f "${fm_local_path}" ]]; then + log_echo "${Info} ${Green} $(gettext "本地文件 file_manager.sh 不存在, 正在下载")... ${Font}" + if ! curl -sL "$fm_remote_url" -o "$fm_local_path"; then + log_echo "${Error} ${RedBG} $(gettext "下载失败, 请手动下载并安装新版本") ${Font}" + return 1 + fi + chmod +x "$fm_local_path" + fi + return 0 +} + + nginx_upstream_server_set() { - if [[ ${tls_mode} == "TLS" ]]; then - echo - log_echo "${GreenBG} $(gettext "是否变更") Nginx $(gettext "负载均衡") [Y/${Red}N${Font}${GreenBG}]? ${Font}" - echo -e "${Warning} ${YellowBG} $(gettext "如不清楚具体用途, 请勿继续")! ${Font}" - read -r nginx_upstream_server_fq - case $nginx_upstream_server_fq in - [yY][eE][sS] | [yY]) + echo + log_echo "${GreenBG} $(gettext "是否变更") Nginx $(gettext "负载均衡") [Y/${Red}N${Font}${GreenBG}]? ${Font}" + echo -e "${Warning} ${YellowBG} $(gettext "如不清楚具体用途, 请勿继续")! ${Font}" + read -r nginx_upstream_server_fq + case $nginx_upstream_server_fq in + [yY][eE][sS] | [yY]) + if [[ ${tls_mode} == "TLS" ]]; then echo -e "\n${GreenBG} $(gettext "请选择协议为 ws 或 gRPC") ${Font}" echo "1: ws" echo "2: gRPC" @@ -875,32 +903,28 @@ nginx_upstream_server_set() { local upstream_choose read_optimize "$(gettext "请输入"): " "upstream_choose" "NULL" 1 3 "$(gettext "请重新输入正确的数字")" - fm_remote_url="https://raw.githubusercontent.com/hello-yunshu/Xray_bash_onekey/main/file_manager.sh" - fm_file_path=${nginx_conf_dir} - if [ ! -f "${idleleo_dir}/file_manager.sh" ]; then - log_echo "${Info} ${Green} $(gettext "本地文件 file_manager.sh 不存在, 正在下载")... ${Font}" - curl -sL "$fm_remote_url" -o "${idleleo_dir}/file_manager.sh" - if [ $? -ne 0 ]; then - log_echo "${Error} ${RedBG} $(gettext "下载失败, 请手动下载并安装新版本") ${Font}" - return 1 - fi - chmod +x "${idleleo_dir}/file_manager.sh" + if ensure_file_manager; then + case $upstream_choose in + 1) source "${idleleo_dir}/file_manager.sh" wsServers ${nginx_conf_dir} ;; + 2) source "${idleleo_dir}/file_manager.sh" grpcServers ${nginx_conf_dir} ;; + 3) ;; + *) + log_echo "${Error} ${RedBG} $(gettext "无效选项, 请重试")! ${Font}" + nginx_upstream_server_set + ;; + esac fi - case $upstream_choose in - 1) source "${idleleo_dir}/file_manager.sh" wsServers ${fm_file_path} ;; - 2) source "${idleleo_dir}/file_manager.sh" grpcServers ${fm_file_path} ;; - 3) ;; - *) - log_echo "${Error} ${RedBG} $(gettext "无效选项 请重试") ${Font}" - nginx_upstream_server_set - ;; - esac - ;; - *) ;; - esac - else - log_echo "${Error} ${RedBG} $(gettext "当前模式不支持此操作")! ${Font}" - fi + elif [[ ${tls_mode} == "Reality" ]] && [[ ${reality_add_balance} == "on" ]] && [[ ${reality_add_nginx} == "on" ]]; then + if ensure_file_manager; then + source "${idleleo_dir}/file_manager.sh" realityServers ${nginx_conf_dir} + fi + else + log_echo "${Error} ${RedBG} $(gettext "当前模式不支持此操作")! ${Font}" + return 1 + fi + ;; + *) ;; + esac } nginx_servernames_server_set() { @@ -912,18 +936,9 @@ nginx_servernames_server_set() { read -r nginx_servernames_server_fq case $nginx_servernames_server_fq in [yY][eE][sS] | [yY]) - fm_remote_url="https://raw.githubusercontent.com/hello-yunshu/Xray_bash_onekey/main/file_manager.sh" - fm_file_path=${nginx_conf_dir} - if [ ! -f "${idleleo_dir}/file_manager.sh" ]; then - log_echo "${Info} ${Green} $(gettext "本地文件 file_manager.sh 不存在, 正在下载")... ${Font}" - curl -sL "$fm_remote_url" -o "${idleleo_dir}/file_manager.sh" - if [ $? -ne 0 ]; then - log_echo "${Error} ${RedBG} $(gettext "下载失败, 请手动下载并安装新版本") ${Font}" - return 1 - fi - chmod +x "${idleleo_dir}/file_manager.sh" + if ensure_file_manager; then + source "${idleleo_dir}/file_manager.sh" serverNames ${nginx_conf_dir} fi - source "${idleleo_dir}/file_manager.sh" serverNames ${fm_file_path} ;; *) ;; esac @@ -1200,27 +1215,67 @@ xray_update() { systemctl start xray } -reality_nginx_add_fq() { +reality_balance_add_fq() { echo - log_echo "${Warning} ${Green} $(gettext "Reality 协议有流量偷跑的风险") ${Font}" - log_echo "${Warning} ${Green} $(gettext "该风险在 target 网址被 cdn 加速时存在") ${Font}" - log_echo "${GreenBG} $(gettext "是否额外安装 nginx 前置保护(推荐)") [${Red}Y${Font}${GreenBG}/N]? ${Font}" - read -r reality_nginx_add_fq - case $reality_nginx_add_fq in - [nN][oO] | [nN]) - log_echo "${OK} ${GreenBG} $(gettext "已跳过安装") nginx ${Font}" + log_echo "${GreenBG} $(gettext "是否添加 Reality 负载均衡") [Y/${Red}N${Font}${GreenBG}]? ${Font}" + echo -e "${Warning} ${Green} $(gettext "使用此功能前,建议先阅读作者教程")! ${Font}" + echo -e "${Warning} ${YellowBG} $(gettext "如不清楚具体用途, 请勿选择")! ${Font}" + read -r reality_balance_add_fq + case $reality_balance_add_fq in + [yY][eE][sS] | [yY]) + reality_add_balance="on" + log_echo "${OK} ${GreenBG} $(gettext "已开启") ${Font}" ;; *) - reality_add_nginx="on" - nginx_exist_check - nginx_systemd - nginx_reality_conf_add - nginx_reality_serverNames_add + log_echo "${OK} ${GreenBG} $(gettext "已跳过") ${Font}" ;; esac } + +reality_nginx_add_fq() { + echo + log_echo "${Warning} ${Green} $(gettext "Reality 协议有流量偷跑的风险") ${Font}" + if [[ ${reality_add_balance} == "off" ]]; then + log_echo "${GreenBG} $(gettext "是否额外安装 nginx 前置保护")($(gettext "推荐")) [${Red}Y${Font}${GreenBG}/N]? ${Font}" + read -r reality_nginx_add_fq + case $reality_nginx_add_fq in + [nN][oO] | [nN]) + log_echo "${OK} ${GreenBG} $(gettext "已跳过安装") nginx ${Font}" + ;; + *) + reality_add_nginx="on" + nginx_exist_check + nginx_systemd + nginx_reality_conf_add + nginx_reality_servers_add + nginx_reality_serverNames_add + ;; + + esac + else + log_echo "${Warning} ${Green} $(gettext "检测到已开启 Reality 负载均衡") ${Font}" + log_echo "${Warning} ${Green} $(gettext "如用作 Reality 负载均衡主服务器必须安装") ${Font}" + log_echo "${Warning} ${Green} $(gettext "如用作 Reality 负载均衡二级服务器则无需安装") ${Font}" + log_echo "${GreenBG} $(gettext "是否额外安装 nginx 前置保护") [Y/${Red}N${Font}${GreenBG}]? ${Font}" + read -r reality_nginx_add_fq + case $reality_nginx_add_fq in + [yY][eE][sS] | [yY]) + reality_add_nginx="on" + nginx_exist_check + nginx_systemd + nginx_reality_conf_add + nginx_reality_servers_add + nginx_reality_serverNames_add + ;; + *) + log_echo "${OK} ${GreenBG} $(gettext "已跳过安装") nginx ${Font}" + ;; + esac + fi +} + nginx_exist_check() { if [[ -f "${nginx_dir}/sbin/nginx" ]] && [[ -n "$(info_extraction nginx_build_version)" ]]; then if [[ -d "${nginx_conf_dir}" ]]; then @@ -1386,6 +1441,9 @@ nginx_update() { nginx_servers_conf_add elif [[ ${tls_mode} == "Reality" ]] && [[ ${reality_add_nginx} == "on" ]] && [[ ${save_originconf} != "Yes" ]]; then nginx_reality_conf_add + #以下为兼容代码, 1个大版本后删除 from 2.3.5 + nginx_reality_servers_add + #兼容代码接受 fi service_start sleep 1 @@ -1718,7 +1776,7 @@ xray_reality_add_more() { modify_inbound_port fi - if [[ ${reality_add_nginx} == "on" ]]; then + if [[ ${reality_add_nginx} == "on" ]] && [[ ${reality_add_balance} == "off" ]]; then modify_reality_listen_address fi } @@ -1793,7 +1851,7 @@ old_config_input() { password=$(info_extraction password) ## 以下兼容 xray-core 旧版本,下个大版本删除 [[ -z "$password" ]] && password=$(info_extraction publicKey) - ## + ## 兼容代码结束 shortIds=$(info_extraction shortIds) if [[ ${reality_add_more} == "on" ]]; then if [[ ${ws_grpc_mode} == "onlyws" ]]; then @@ -1983,7 +2041,7 @@ stream { } upstream reality { - server 127.0.0.1:9443; + include ${nginx_conf_dir}/*.realityServers; } upstream deny { @@ -2017,12 +2075,20 @@ EOF judge "Nginx $(gettext "配置修改")" } +nginx_reality_servers_add () { + touch ${nginx_conf_dir}/127.0.0.1.realityServers + cat >${nginx_conf_dir}/127.0.0.1.realityServers <${nginx_conf_dir}/${serverNames}.serverNames <