├── README.md
├── configure_ip.sh
├── create_image.sh
├── install_shellclash_docker.sh
└── uninstall_shellclash_docker.sh


/README.md:
--------------------------------------------------------------------------------
 1 | # shellclash_docker 一键脚本和镜像
 2 | 在任意Linux主机上, 利用Docker自动创建并配置虚拟OpenWrt路由容器以运行 [juewuy's ShellClash](https://github.com/juewuy/ShellClash) 实现旁路由透明代理
 3 | 
 4 | ## 使用方法: 
 5 | - 下载脚本到Linux主机, root用户运行:
 6 | ```
 7 | ./install_shellclash_docker.sh #配置环境并安装, 安装过程中出现问题请运行卸载命令
 8 | ```
 9 | 
10 | - 成功导入配置并启动ShellClash后, 在需要科学上网的设备上把网关及DNS改为ShellClash旁路网关地址即可
11 | 
12 | 
13 | - 卸载命令:
14 | ```
15 | ./uninstall_shellclash_docker.sh #重置环境并卸载
16 | ```
17 | 
18 | ## 注意事项:
19 | - 宿主机重启后会重置防火墙配置, 请根据自己的Linux发行版本在安装完成后自行固化防火墙配置
20 | - 如未保存宿主机防火墙配置, 重启后需运行以下脚本重新配置防火墙; 首先cd到脚本所在文件夹, 再运行:
21 | ```
22 | ./configure_ip.sh #重新配置防火墙
23 | ```
24 | - 如果知道如何操作, 亦可将此防火墙配置脚本设置开机自动运行
25 | 


--------------------------------------------------------------------------------
/configure_ip.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )"
 3 | source $SCRIPT_DIR/shellclash_docker.config
 4 | 
 5 | ip link set $host_interface promisc on
 6 | ip link add macvlan_host link $host_interface type macvlan mode bridge
 7 | ip addr add $relay_ip dev macvlan_host
 8 | ip link set macvlan_host up
 9 | ip route add $container_ip dev macvlan_host
10 | 
11 | docker container restart shellclash_docker


--------------------------------------------------------------------------------
/create_image.sh:
--------------------------------------------------------------------------------
 1 | # 这是我用来生成镜像的命令, 不想用Dockerfile因为不方便; 可自行修改创建自己的OpenWrt虚拟机镜像
 2 | # 非脚本, 请手动运行
 3 | 
 4 | # 卸载并重置环境
 5 | ./uninstall_shellclash_docker.sh
 6 | 
 7 | # 设置变量
 8 | host_interface="eth0"
 9 | gateway_ip="192.168.31.1"
10 | host_ip="192.168.31.2"
11 | container_ip="192.168.31.3"
12 | relay_ip="192.168.31.4"
13 | 
14 | # 设置macvlan
15 | ip link set $host_interface promisc on
16 | ip link add macvlan_host link $host_interface type macvlan mode bridge
17 | ip addr add $relay_ip dev macvlan_host
18 | ip link set macvlan_host up
19 | ip route add $container_ip dev macvlan_host
20 | 
21 | # Docker安装运行
22 | docker network create -d macvlan --subnet=$gateway_ip/24 --gateway=$gateway_ip -o parent=$host_interface macvlan
23 | 
24 | docker run --restart=always --name=shellclash_docker --network=macvlan --ip=$container_ip --cap-add=NET_ADMIN -d openwrtorg/rootfs:x86-64
25 | 
26 | docker exec -it shellclash_docker sh -l
27 | 
28 | # 容器Shell内运行
29 | > /etc/config/network
30 | echo -e "config interface 'loopback'
31 | \toption proto 'static'
32 | \toption ipaddr '127.0.0.1'
33 | \toption netmask '255.0.0.0'
34 | \toption device 'lo'
35 | 
36 | config interface 'lan'
37 | \toption proto 'static'
38 | \toption device 'eth0'
39 | \toption ipaddr '192.168.31.3'
40 | \toption netmask '255.255.255.0'
41 | \toption gateway '192.168.31.1'
42 | \toption dns '192.168.31.1'" >> /etc/config/network
43 | uci set dhcp.lan.ignore=1
44 | uci set dhcp.lan.dhcpv6=disabled
45 | uci set dhcp.lan.ra=disabled
46 | uci set firewall.@include[0].reload='1'
47 | uci commit
48 | echo "iptables -t nat -I POSTROUTING -o eth0 -j MASQUERADE" >> /etc/firewall.user
49 | reboot
50 | # 退出容器
51 | 
52 | docker exec -it shellclash_docker sh -l
53 | 
54 | # 容器Shell内运行
55 | export url='https://cdn.jsdelivr.net/gh/juewuy/ShellClash@master' && wget -q --no-check-certificate -O /tmp/install.sh $url/install.sh && echo -ne "1\n2\n1\n1\n" | sh /tmp/install.sh && source /etc/profile &> /dev/null
56 | 
57 | echo -e "1\n1\n1\n1\n0\n0\n4\n9\n2\n2\n3\n2\n0\n0\n"| clash
58 | echo -e "7\n6\n1\n192.168.31.1, 119.29.29.29, 223.5.5.5\n2\ntls://dns.pub:853, https://doh.pub/dns-query, tls://dns.alidns.com:853, https://dns.alidns.com/dns-query, tls://dns.rubyfish.cn:853, https://dns.rubyfish.cn/dns-query\n0\n0\n0\n"| clash
59 | echo -e "6\n2\nhttp://192.168.31.4/clash/test.yaml\n1\n1\n"| clash
60 | echo -e "1\n"| clash
61 | 
62 | echo "echo -e \"\e[1;31m \n安装成功! 请继续在容器内导入Clash配置后启动即可; 若想退出shell请Ctrl+D \e[0m\"" >> /etc/profile
63 | echo "echo -e \"\e[1;32m \n登陆容器shell时ShellClash菜单默认自动运行\n \e[0m\"" >> /etc/profile
64 | echo "clash" >> /etc/profile
65 | 
66 | > /etc/config/network
67 | echo -e "config interface 'loopback'
68 | \toption proto 'static'
69 | \toption ipaddr '127.0.0.1'
70 | \toption netmask '255.0.0.0'
71 | \toption device 'lo'\n" >> /etc/config/network
72 | # 退出容器
73 | 
74 | docker commit shellclash_docker echvoyager/shellclash_docker
75 | docker push echvoyager/shellclash_docker
76 | 
77 | # 清除Docker相关配置及数据
78 | docker stop shellclash_docker
79 | docker rm shellclash_docker
80 | docker rmi openwrtorg/rootfs:x86-64
81 | docker rmi echvoyager/shellclash_docker
82 | docker network rm macvlan
83 | 
84 | # 清除网络相关配置
85 | ip link set $host_interface promisc off
86 | ip link delete macvlan_host


--------------------------------------------------------------------------------
/install_shellclash_docker.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | # Docker安装运行ShellClash旁路由容器
 3 | # 我自己在群晖DS920+上测试过, 理论上任何Linux系统都可以用, 但是搞出了问题后果自负。脚本格式和功能还有待改进。
 4 | 
 5 | echo -e "\e[1;31m \n如果安装过程中需要退出, 请Ctrl+C退出并运行uninstall_shellclash_docker.sh以重置环境\n \e[0m"
 6 | 
 7 | # 读取用户输入信息
 8 | > shellclash_docker.config
 9 | echo -e "\033[1m请选择宿主机网络接口(请确定IP是宿主机LAN IP)\033[0m"
10 | ip_info=$(ip -o -4 a show scope global | awk '{split($4, a, "/"); printf("%d%s\n", NR, " - " $2 ": " a[1])}')
11 | echo -e "${ip_info}" && read -p $'\e[1;32m输入对应数字: ' interface_num && echo -en "\e[0m"
12 | host_interface=$(echo "${ip_info}" | awk 'NR=='$interface_num'{split($3, a, ":"); printf("%s\n", a[1])}') && echo "host_interface=$host_interface" >> shellclash_docker.config
13 | host_ip=$(echo "${ip_info}" | awk 'NR=='$interface_num'{split($4, a); printf("%s\n", a[1])}') && echo "host_ip=$host_ip" >> shellclash_docker.config
14 | ip_range=$(echo "${ip_info}" | awk 'NR=='$interface_num'{split($4, a, "."); printf("%s\n", a[1] "." a[2] "." a[3] ".")}')
15 | echo -e "\033[1m\n请补全以下信息\033[0m"
16 | echo -en "\033[1m主网关IP\033[0m: \e[1;32m$ip_range" && read && gateway_ip="${ip_range}${REPLY}" && echo -en "\e[0m" && echo "gateway_ip=$gateway_ip" >> shellclash_docker.config
17 | echo -en "\033[1mShellClash旁路网关IP\033[0m (切勿与内网其他设备冲突!): \e[1;32m$ip_range" && read && container_ip="${ip_range}${REPLY}" && echo -en "\e[0m" && echo "container_ip=$container_ip" >> shellclash_docker.config
18 | echo -en "\033[1m中转IP\033[0m (用作容器向宿主机沟通, 切勿与内网其他设备冲突!): \e[1;32m$ip_range" && read && relay_ip="${ip_range}${REPLY}" && echo -en "\e[0m" && echo "relay_ip=$relay_ip" >> shellclash_docker.config
19 | 
20 | # 设置macvlan, 宿主机重启后需重新设置
21 | ip link set $host_interface promisc on
22 | ip link add macvlan_host link $host_interface type macvlan mode bridge
23 | ip addr add $relay_ip dev macvlan_host
24 | ip link set macvlan_host up
25 | ip route add $container_ip dev macvlan_host
26 | 
27 | # Docker安装运行
28 | docker network create -d macvlan --subnet=$gateway_ip/24 --gateway=$gateway_ip -o parent=$host_interface macvlan
29 | docker run --restart=always --name=shellclash_docker --network=macvlan --ip=$container_ip --cap-add=NET_ADMIN -d echvoyager/shellclash_docker
30 | docker exec -it shellclash_docker sh -c "echo \"config interface 'lan'
31 | 	option proto 'static'
32 | 	option device 'eth0'
33 | 	option ipaddr '$container_ip'
34 | 	option netmask '255.255.255.0'
35 | 	option gateway '$gateway_ip'
36 | 	option dns '$gateway_ip'\" >> /etc/config/network"
37 | docker exec -it shellclash_docker sh -c "echo \"iptables -t nat -I OUTPUT -d $host_ip -j DNAT --to-destination $relay_ip\" >> /etc/firewall.user"
38 | docker exec -it shellclash_docker sh -l
39 | docker exec -it shellclash_docker sh -c "sed -i \"\$(( \$(wc -l </etc/profile)-2 ))d\" /etc/profile"
40 | 
41 | echo -e "\e[1;31m \n如需重新进入容器shell, 在宿主机运行 docker exec -it shellclash_docker sh -l ,或任意设备运行 ssh root@$container_ip\n \e[0m"


--------------------------------------------------------------------------------
/uninstall_shellclash_docker.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | # 清除安装数据并恢复默认配置，安装失败后也可运行。
 3 | SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )"
 4 | source $SCRIPT_DIR/shellclash_docker.config
 5 | 
 6 | # 清除Docker相关配置及数据
 7 | docker stop shellclash_docker
 8 | docker rm shellclash_docker
 9 | docker rmi echvoyager/shellclash_docker
10 | docker network rm macvlan
11 | 
12 | # 清除网络相关配置
13 | ip link set $host_interface promisc off
14 | ip link delete macvlan_host
15 | rm $SCRIPT_DIR/shellclash_docker.config


--------------------------------------------------------------------------------