├── README.md ├── Website-Template.zip ├── Xray-TLS+Web-setup.sh ├── image ├── menu.jpg └── protocol.jpg └── redis-server.sh /README.md: -------------------------------------------------------------------------------- 1 | # Xray-TLS+Web搭建/管理脚本 2 | 修改PHP版本为7.4.21,兼容更多的PHP程序 3 | 4 | 修改自定义反向代理脚本,输入(127.0.0.1+nps或frp配置文件的http_proxy_port端口)即可配合frps和nps穿透 5 | 6 | 添加自动集成apcu缓存,解决nextcloud缓存提示问题,需自己添加nextcloud的config.php脚本 7 | 8 | 删除自定义模板页改为wordpress安装,前提是必须要先安装一个nextcloud做主站,支持一键安装wordpress 9 | 10 | 经测试wordpress和nextcloud网站目录删除原有程序,可以手动改安装phpmyadmin 11 | 12 | 部分ubuntu系统PHP编译失败解决方法,手动安装运行命令 13 | ``` 14 | apt-get install libsoup2.4-dev libenchant-dev -y 15 | ``` 16 | ## 目录 17 | [1. 脚本特性](#脚本特性) 18 | 19 | [2. 注意事项](#注意事项) 20 | 21 | [3. 安装时长说明](#安装时长说明) 22 | 23 | [4. 脚本使用说明](#脚本使用说明) 24 | 25 | [5. 运行截图](#运行截图) 26 | 27 | [6. 伪装网站说明](#伪装网站说明) 28 | 29 | [7. 关于TLS握手、TLS指纹和ALPN](#关于tls握手tls指纹和alpn) 30 | 31 | [8. 关于gRPC与WebSocket](#关于gRPC与WebSocket) 32 | 33 | [9. 安装位置](#安装位置) 34 | 35 | [10. 依赖列表](#依赖列表) 36 | 37 | [11. 注](#注) 38 | ## 脚本特性 39 | 1. 支持 (VLESS/VMess)-(TCP/gRPC/WebSocket)-(XTLS/TLS) + Web 的搭建/管理,支持多种协议并存 40 | 41 | 2. 集成 多版本bbr/锐速 安装选项 42 | 43 | 3. 支持多种系统 (Ubuntu CentOS Debian deepin fedora ...) 44 | 45 | 4. 支持多种指令集 (x86 x86_64 arm64 ...) 46 | 47 | 5. 支持ipv6only服务器 (需自行设置dns64) 48 | 49 | 6. 集成删除阿里云盾和腾讯云盾功能 (仅对阿里云和腾讯云服务器有效) 50 | 51 | 7. 使用Nginx作为网站服务 52 | 53 | 8. 使用Xray作为前置分流器 54 | 55 | 9. 使用acme.sh自动申请/更新域名证书 56 | 57 | 10. 支持选择搭建个人网盘作为伪装网页 58 | ## 注意事项 59 | 1. 此脚本需要一个解析到服务器的域名 (支持cdn) 60 | 61 | 2. 此脚本安装时间较长,见 **[安装时长说明](#安装时长说明)** 62 | 63 | 3. 此脚本设计为个人VPS用户使用,不适合机场主使用 (此脚本没有多用户管理/流量统计等功能)。 64 | 65 | 4. 建议在纯净的系统上使用此脚本 (VPS控制台-重置系统) 66 | ## 安装时长说明 67 | 此脚本的安装时间比较长 (**[安装时长参考](#安装时长参考)**) ,原因见[这里](#为什么脚本安装时间那么长)。 68 | 69 | 此脚本适合安装一次后长期使用,不适合反复重置系统安装,这会消耗您的大量时间。如果需要更换配置和域名等,在管理界面都有相应的选项。 70 | 71 | 如果有快速安装的需求,推荐在 **[Xray-core#Installation](https://github.com/XTLS/Xray-core#Installation)** 中选择其他脚本 72 | ### 安装时长参考 73 | 安装流程: 74 | 75 | `[升级系统组件]->[安装bbr]->[安装php]->安装Nginx->安装Xray->申请证书->配置文件->[配置伪装网站]` 76 | 77 | 其中`[]`包裹的部分是可选项。 78 | 79 | **这是一台单核1G的服务器的平均安装时长,仅供参考:** 80 | |项目|时长| 81 | |-|-| 82 | |升级已安装软件|0-10分钟| 83 | |升级系统|10-20分钟| 84 | |安装bbr|0-3分钟| 85 | |安装php|Centos8(gcc8.3 4.18内核):20-60分钟| 86 | ||Ubuntu20.10(gcc10.2 5.11-rc3内核):15-20分钟| 87 | ||Debian10(gcc8.3 4.19内核):10-15分钟| 88 | |安装Nginx|13-15分钟| 89 | |安装Xray|<半分钟| 90 | |申请证书|1-2分钟| 91 | |配置文件|<100毫秒| 92 | |配置伪装网站|Nextcloud:1-3分钟| 93 | ||Cloudreve:1-2分钟| 94 | ### 为什么脚本安装时间那么长? 95 | 之所以时间相比别的脚本长,有三个原因: 96 | ``` 97 | 1.集成了安装bbr的功能 98 | 2.集成更新系统及软件包的功能 99 | 3.(主要原因) 脚本的Nginx和php是采用源码编译的形式,其它脚本通常直接获取二进制程序 100 | ``` 101 | 之所以采用编译的形式,主要考虑的原因为: 102 | ``` 103 | 1.便于管理 104 | 2.便于适配多种系统 105 | ``` 106 | 编译相比直接安装二进制文件的优点有: 107 | ``` 108 | 1.运行效率高 (编译时采用了-O3优化) 109 | 2.软件版本新 (可以对比本脚本与其他脚本Nginx的版本) 110 | ``` 111 | 缺点就是编译耗时长 112 | ## 脚本使用说明 113 | ### 1. 安装wget 114 | Debian基系统(包括Ubuntu、Debian、deepin): 115 | ```bash 116 | [[ "$(type -P wget)" ]] || apt -y install wget || (apt update && apt -y install wget) 117 | ``` 118 | Red Hat基系统(包括CentOS、fedora): 119 | ```bash 120 | [[ "$(type -P wget)" ]] || dnf -y install wget || yum -y install wget 121 | ``` 122 | ### 2. 获取/更新脚本 123 | ```bash 124 | wget -O Xray-TLS+Web-setup.sh --no-check-certificate https://github.com/eysp/Xray-script/raw/main/Xray-TLS+Web-setup.sh 125 | ``` 126 | ### 3. 执行脚本 127 | ```bash 128 | bash Xray-TLS+Web-setup.sh 129 | ``` 130 | ### 4. 根据脚本提示完成安装 131 | ## 运行截图 132 |
133 | 134 |
135 |
136 | 137 |
138 | 139 | ## 伪装网站说明 140 | ### 伪装网站的作用 141 | 这个网站是用你的域名搭建的一个网站,搭建完成后可以直接在浏览器上输入你的域名访问。 142 | 143 | 你使用Xray进行代理的全部流量都将伪装成访问这个网站的流量。 144 | 145 | 注意伪装网站不是万能的,据部分人的经验,只要你的月流量超过一定限度运营商就会把你封喽,不管你的伪装网站是什么。也就是说哪怕你**完全不代理,只是正常访问你的网站访问了太多的流量,也可能被封**。 146 | ### 伪装网站的选择 147 | 使用VPS自建Xray代理在流量的常见特征有 **单点性** 、 **大流量性** 、 **长时间性** 、 **GO-TLS指纹特性** 、 **出入相同性** 等。 148 | 149 | * **单点性** 指使用的人少,一般只有自己,即使分享给朋友,一般也不会太多。 150 | * **长时间性** 不单指时间长,也指坚持一个月或一年每天都使用代理。 151 | * **GO-TLS指纹特性** **在不伪装浏览器指纹的前提下**,从TLS握手信息中可以判断出客户端是GO程序,详见[此处](#关于tls握手tls指纹和alpn)。 152 | * **出入相同性** 指入VPS和出VPS的流量在时间和大小上几乎相同,比如使用Xray代理浏览`BiliBili`,从`BiliBili`到`VPS(Xray服务端)`的流量,和从`VPS`到`Xray客户端`的流量在时间上和大小上是几乎相同的。**出入相同性** 是所有代理的通病,目前还没有太好的伪装方法,但是因为VPS不在大陆,如果不是被特别关注的对象,一般不会被审查。 153 | 154 | 既然使用Xray进行代理的全部流量都将伪装成访问这个网站的流量,那么我们选择伪装网站就是要尽量选择**流量特征与Xray代理的流量特征相同的网站**。 155 | 156 | 1. **Cloudreve 和 Nextcloud** 157 | 158 | 他们都是个人网盘,个人网盘可以理解为使用自己的VPS搭建起来的百度网盘,区别就是文件都存放在VPS中,并且自己是网盘的管理员。 159 | 160 | 个人网盘与上面所说特征的吻合数最多,包括 **单点性** 、 **大流量性** 、 **GO-TLS指纹特性** 、 **长时间性** 等,建议选择。 161 | 162 | 关于**GO-TLS指纹特性**,**在不伪装浏览器指纹的前提下**,将alpn设置为http/1.1,可以伪装成GO语言实现的WebDav客户端,详见[此处](#关于tls握手tls指纹和alpn)。 163 | 164 | Cloudreve 与 Nextcloud 的区别如下: 165 | ||优点|缺点| 166 | |-|-|-| 167 | |Nextcloud|功能更多更强大,用的人更多|需要安装php,安装php需要额外很多时间(见 **[安装时长参考](#安装时长参考)**),同时也比Cloudreve占用更多系统资源,因此不建议小机使用。| 168 | |Cloudreve|轻量化、安装快(不需要php)、占用系统资源少|功能较少,使用的人较少| 169 | 2. **403页面** 170 | 171 | 基本上所有大网站都有网站后台。比如哔哩哔哩的网址是`www.bilibili.com`。但是在播放视频时,提供视频文件的却是另外一个网址,在播放视频时右键点击`视频统计信息`,其中的`Video Host`就是。这类网址只有打开特定的url后缀才有内容,如果url不对,返回的就是一个错误页面。而403页面就是伪装成一个网站后台。 172 | 173 | 也就是说伪装成403页面,除了你自己,没人知道你的网站到底有没有东西。 174 | 175 | 3. **自定义静态网站** 176 | 177 | 自定义的静态网站,不建议小白选择。默认是Nextcloud的登陆界面,强烈建议自行更换,因为这里Nextcloud是静态网站,没有php,无法进行交互,很容易被主动探测出来。 178 | 179 | 4. **自定义反向代理网站** 180 | 181 | 不建议选择,因为反向代理往往只是反向代理几个html和js文件,网站里面的大部分内容依然是网站后台提供的。不符合大流量特点。 182 | ## 关于TLS握手、TLS指纹和ALPN 183 | 虽然TLS是一项加密技术,但在TLS握手的过程中会有一些明文的信息传输,其中包括SNI信息(由serverName参数指定)、ALPN、加密套件等。 184 | 185 | 目前TLS的标准中并没有对这些明文做严格的要求,所以在不同的TLS实现下这些明文信息的格式可谓五花八门,这些不同TLS实现所具有的不同的明文特征就是TLS指纹。 186 | 187 | 通过TLS指纹可以反推你所使用的TLS实现,比如Chrome的TLS,FireFox的TLS,GO语言官方库的TLS等。 188 | 189 | Xray默认使用的是GO语言官方提供的TLS库,这也是几乎所有GO语言程序所使用的TLS库。Xray也可以模拟Chrome、FireFox、Safari的指纹,但目前只有TCP协议支持。 190 | 191 | 当使用TCP且不伪装浏览器指纹时,可以自由指定义ALPN。建议设置为http/1.1,这样可以将Xray客户端伪装成GO语言实现的WebDav客户端(如 **[gowebdav](https://github.com/studio-b12/gowebdav)**)。WebDav是网盘特有的协议,且该协议基于HTTP/1.1,详见: **[WebDav](https://en.wikipedia.org/wiki/WebDAV)** 。 192 | 193 | 若选择伪装浏览器指纹,客户端配置中的alpn参数失效,且ALPN将被固定为h2,http/1.1。同样,当使用WebSocket时,ALPN将被固定为http/1.1;当使用gRPC时,ALPN将被强制添加h2。因此,使用WebSocket还是可以伪装成GO语言WebDav客户端的,gRPC则不行。 194 | ## 关于gRPC与WebSocket 195 | 当正在使用的CDN同时支持gRPC与WebSocket时,两者之间改如何选择呢?他们的主要区别体现在以下三个方面:ALPN、延迟和性能。 196 | 197 | 关于ALPN,见[此处](#关于tls握手tls指纹和alpn)。 198 | 199 | 关于延迟,gRPC自带mux,因此延迟更低。注意这里指的是打开网站的延迟,mux并不能降低游戏延迟。 200 | 201 | 关于性能,WebSocket的性能更强,如果你的设备性能较弱的话,如家用普通路由器,用WebSocket速度会快一些。 202 | ## 安装位置 203 | **Nginx:**`/usr/local/nginx` 204 | 205 | **php:**`/usr/local/php` 206 | 207 | **Cloudreve:**`/usr/local/cloudreve` 208 | 209 | **Xray:** 见 **[Xray-install](https://github.com/XTLS/Xray-install)** 210 | ## 依赖列表 211 | 脚本可能自动安装以下依赖: 212 | |用途|Debian基系统|Red Hat基系统| 213 | |-|-|-| 214 | |netstat|net-tools|net-tools| 215 | |lsb_release|lsb-release|redhat-lsb-core| 216 | |wget/curl https|ca-certificates|ca-certificates| 217 | |wget|wget|wget| 218 | |unzip|unzip|unzip| 219 | |curl|curl|curl| 220 | |acme.sh依赖|openssl|openssl| 221 | |acme.sh依赖|cron|crontabs| 222 | |编译基础:||| 223 | |gcc|gcc|gcc| 224 | |g++|g++|gcc-c++| 225 | |make|make|make| 226 | |编译openssl:||| 227 | |||perl-IPC-Cmd| 228 | |||perl-Getopt-Long| 229 | |||perl-Data-Dumper| 230 | |编译Nginx:||| 231 | ||libpcre3-dev|pcre-devel| 232 | ||zlib1g-dev|zlib-devel| 233 | |--with-http_xslt_module|libxml2-dev|libxml2-devel| 234 | |--with-http_xslt_module|libxslt1-dev|libxslt-devel| 235 | |--with-http_image_filter_module|libgd-dev|gd-devel| 236 | |--with-google_perftools_module|libgoogle-perftools-dev|gperftools-devel| 237 | |--with-http_geoip_module|libgeoip-dev|geoip-devel| 238 | |--with-http_perl_module||perl-ExtUtils-Embed| 239 | |--with-libatomic|libatomic-ops-dev|libatomic_ops-devel| 240 | ||libperl-dev|perl-devel| 241 | |编译php:||| 242 | ||pkg-config|pkgconf-pkg-config| 243 | ||libxml2-dev|libxml2-devel| 244 | ||libsqlite3-dev|sqlite-devel| 245 | |--with-fpm-systemd|libsystemd-dev|systemd-devel| 246 | |--with-fpm-acl|libacl1-dev|libacl-devel| 247 | |--with-fpm-apparmor|libapparmor-dev|| 248 | |--with-openssl|libssl-dev|openssl-devel| 249 | |--with-kerberos|libkrb5-dev|krb5-devel| 250 | |--with-external-pcre|libpcre2-dev|pcre2-devel| 251 | |--with-zlib|zlib1g-dev|zlib-devel| 252 | |--with-bz2|libbz2-dev|bzip2-devel| 253 | |--with-curl|libcurl4-openssl-dev|libcurl-devel| 254 | |--with-qdbm|libqdbm-dev|| 255 | |--with-gdbm||gdbm-devel| 256 | |--with-db4|libdb-dev|libdb-devel| 257 | |--with-tcadb|libtokyocabinet-dev|tokyocabinet-devel| 258 | |--with-lmdb|liblmdb-dev|lmdb-devel| 259 | |--with-enchant|libenchant-dev|enchant-devel| 260 | |--with-ffi|libffi-dev|libffi-devel| 261 | |--enable-gd|libpng-dev|libpng-devel| 262 | |--with-external-gd|libgd-dev|gd-devel| 263 | |--with-webp|libwebp-dev|libwebp-devel| 264 | |--with-jpeg|libjpeg-dev|libjpeg-turbo-devel| 265 | |--with-xpm|libxpm-dev|libXpm-devel| 266 | |--with-freetype|libfreetype6-dev|freetype-devel| 267 | |--with-gmp|libgmp-dev|gmp-devel| 268 | |--with-imap|libc-client2007e-dev|libc-client-devel| 269 | |--enable-intl|libicu-dev|libicu-devel| 270 | |--with-ldap|libldap2-dev|openldap-devel| 271 | |--with-ldap-sasl|libsasl2-dev|openldap-devel| 272 | |--enable-mbstring|libonig-dev|oniguruma-devel| 273 | |--with-unixODBC,--with-pdo-odbc|unixodbc-dev|unixODBC-devel| 274 | |--with-pdo-dblib|freetds-dev|freetds-devel| 275 | |--with-pdo-pgsql,--with-pgsql|libpq-dev|libpq-devel| 276 | |--with-pspell|libpspell-dev|aspell-devel| 277 | |--with-libedit|libedit-dev|libedit-devel| 278 | |--with-mm|libmm-dev|| 279 | |--with-snmp|libsnmp-dev|net-snmp-devel| 280 | |--with-sodium|libsodium-dev|libsodium-devel| 281 | |--with-password-argon2|libargon2-dev|libargon2-devel| 282 | |--with-tidy|libtidy-dev|libtidy-devel| 283 | |--with-xsl|libxslt1-dev|libxslt-devel| 284 | |--with-zip|libzip-dev|libzip-devel| 285 | |编译php-imagick:||| 286 | ||autoconf|autoconf| 287 | ||git|git| 288 | ||libmagickwand-dev|ImageMagick-devel| 289 | ## 注 290 | 1.本文链接(官网):https://github.com/kirin10000/Xray-script 291 | 292 | 2.参考教程:https://www.v2fly.org/config/overview.html https://guide.v2fly.org/ https://docs.nextcloud.com/server/21/admin_manual/installation/source_installation.html https://docs.cloudreve.org/ 293 | 294 | 3.域名证书申请:https://github.com/acmesh-official/acme.sh 295 | 296 | 4.bbr脚本来自:https://github.com/teddysun/across/blob/master/bbr.sh 297 | 298 | 5.bbr2脚本来自:https://github.com/yeyingorg/bbr2.sh (Ubuntu Debian) https://github.com/jackjieYYY/bbr2 (CentOS) 299 | 300 | 6.bbrplus脚本来自:https://github.com/chiakge/Linux-NetSpeed 301 | 302 | #### 此脚本仅供交流学习使用,请勿使用此脚本行违法之事。网络非法外之地,行非法之事,必将接受法律制裁!! 303 | -------------------------------------------------------------------------------- /Website-Template.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/eysp/Xray-script/acdbe435474734795535977ea07dcc9b46d1c36e/Website-Template.zip -------------------------------------------------------------------------------- /Xray-TLS+Web-setup.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | #系统信息 4 | #指令集 5 | machine="" 6 | #什么系统 7 | release="" 8 | #系统版本号 9 | systemVersion="" 10 | debian_package_manager="" 11 | redhat_package_manager="" 12 | redhat_package_manager_enhanced="" 13 | #CPU线程数 14 | cpu_thread_num="" 15 | #现在有没有通过脚本启动swap 16 | using_swap_now=0 17 | #系统时区 18 | timezone="" 19 | 20 | #安装信息 21 | nginx_version="nginx-1.21.6" 22 | openssl_version="openssl-openssl-3.0.3" 23 | nginx_prefix="/usr/local/nginx" 24 | nginx_config="${nginx_prefix}/conf.d/xray.conf" 25 | nginx_service="/etc/systemd/system/nginx.service" 26 | nginx_is_installed="" 27 | 28 | php_version="php-7.4.32" 29 | php_prefix="/usr/local/php" 30 | php_service="/etc/systemd/system/php-fpm.service" 31 | php_is_installed="" 32 | redis="5.3.7" 33 | 34 | cloudreve_version="3.5.3" 35 | cloudreve_prefix="/usr/local/cloudreve" 36 | cloudreve_service="/etc/systemd/system/cloudreve.service" 37 | cloudreve_is_installed="" 38 | 39 | nextcloud_url="https://download.nextcloud.com/server/releases/nextcloud-25.0.0.zip" 40 | 41 | xray_config="/usr/local/etc/xray/config.json" 42 | xray_is_installed="" 43 | 44 | temp_dir="/temp_install_update_xray_tls_web" 45 | 46 | is_installed="" 47 | 48 | update="" 49 | in_install_update_xray_tls_web=0 50 | 51 | #配置信息 52 | #域名列表 两个列表用来区别 www.主域名 53 | unset domain_list 54 | unset true_domain_list 55 | unset domain_config_list 56 | #域名伪装列表,对应域名列表 57 | unset pretend_list 58 | 59 | # TCP使用的会话层协议,0代表禁用,1代表VLESS 60 | protocol_1="" 61 | # grpc使用的会话层协议,0代表禁用,1代表VLESS,2代表VMess 62 | protocol_2="" 63 | # WebSocket使用的会话层协议,0代表禁用,1代表VLESS,2代表VMess 64 | protocol_3="" 65 | 66 | serviceName="" 67 | path="" 68 | 69 | xid_1="" 70 | xid_2="" 71 | xid_3="" 72 | 73 | #功能性函数: 74 | #定义几个颜色 75 | purple() #基佬紫 76 | { 77 | echo -e "\\033[35;1m${*}\\033[0m" 78 | } 79 | tyblue() #天依蓝 80 | { 81 | echo -e "\\033[36;1m${*}\\033[0m" 82 | } 83 | green() #原谅绿 84 | { 85 | echo -e "\\033[32;1m${*}\\033[0m" 86 | } 87 | yellow() #鸭屎黄 88 | { 89 | echo -e "\\033[33;1m${*}\\033[0m" 90 | } 91 | red() #姨妈红 92 | { 93 | echo -e "\\033[31;1m${*}\\033[0m" 94 | } 95 | blue() #蓝色 96 | { 97 | echo -e "\\033[34;1m${*}\\033[0m" 98 | } 99 | #检查基本命令 100 | check_base_command() 101 | { 102 | hash -r 103 | local i 104 | local temp_command_list=('bash' 'sh' 'command' 'type' 'hash' 'install' 'true' 'false' 'exit' 'echo' 'test' 'sort' 'sed' 'awk' 'grep' 'cut' 'cd' 'rm' 'cp' 'mv' 'head' 'tail' 'uname' 'tr' 'md5sum' 'cat' 'find' 'wc' 'ls' 'mktemp' 'swapon' 'swapoff' 'mkswap' 'chmod' 'chown' 'chgrp' 'export' 'tar' 'gzip' 'mkdir' 'arch' 'uniq') 105 | for i in "${temp_command_list[@]}" 106 | do 107 | if ! command -V "${i}" > /dev/null; then 108 | red "命令\"${i}\"未找到" 109 | red "不是标准的Linux系统" 110 | exit 1 111 | fi 112 | done 113 | } 114 | check_sudo() 115 | { 116 | if [ "$SUDO_GID" ] && [ "$SUDO_COMMAND" ] && [ "$SUDO_USER" ] && [ "$SUDO_UID" ]; then 117 | if [ "$SUDO_USER" = "root" ] && [ "$SUDO_UID" = "0" ]; then 118 | #it's root using sudo, no matter it's using sudo or not, just fine 119 | return 0 120 | fi 121 | if [ -n "$SUDO_COMMAND" ]; then 122 | #it's a normal user doing "sudo su", or `sudo -i` or `sudo -s`, or `sudo su acmeuser1` 123 | echo "$SUDO_COMMAND" | grep -- "/bin/su\$" >/dev/null 2>&1 || echo "$SUDO_COMMAND" | grep -- "/bin/su " >/dev/null 2>&1 || grep "^$SUDO_COMMAND\$" /etc/shells >/dev/null 2>&1 124 | return $? 125 | fi 126 | #otherwise 127 | return 1 128 | fi 129 | return 0 130 | } 131 | #版本比较函数 132 | version_ge() 133 | { 134 | test "$(echo -e "$1\\n$2" | sort -rV | head -n 1)" == "$1" 135 | } 136 | #检查脚本更新 137 | check_script_update() 138 | { 139 | [ "$(md5sum "${BASH_SOURCE[0]}" | awk '{print $1}')" == "$(md5sum <(wget -O - "https://github.com/eysp/Xray-script/raw/main/Xray-TLS+Web-setup.sh") | awk '{print $1}')" ] && return 1 || return 0 140 | } 141 | #更新脚本 142 | update_script() 143 | { 144 | if wget -O "${BASH_SOURCE[0]}" "https://github.com/eysp/Xray-script/raw/main/Xray-TLS+Web-setup.sh" || wget -O "${BASH_SOURCE[0]}" "https://github.com/eysp/Xray-script/raw/main/Xray-TLS+Web-setup.sh"; then 145 | green "脚本更新完成,请重新运行脚本!" 146 | exit 0 147 | else 148 | red "更新脚本失败!" 149 | exit 1 150 | fi 151 | } 152 | ask_update_script() 153 | { 154 | if check_script_update; then 155 | green "脚本可升级" 156 | ask_if "是否升级脚本?(y/n)" && update_script 157 | else 158 | green "脚本已经是最新版本" 159 | fi 160 | } 161 | ask_update_script_force() 162 | { 163 | if check_script_update; then 164 | green "脚本可升级" 165 | if ask_if "是否升级脚本?(y/n)"; then 166 | update_script 167 | else 168 | red "请先更新脚本" 169 | exit 0 170 | fi 171 | else 172 | green "脚本已经是最新版本" 173 | fi 174 | } 175 | redhat_install() 176 | { 177 | if $redhat_package_manager_enhanced install "$@"; then 178 | return 0 179 | fi 180 | 181 | 182 | if $redhat_package_manager --help | grep -q "\\-\\-enablerepo="; then 183 | local enable_repo="--enablerepo=" 184 | else 185 | local enable_repo="--enablerepo " 186 | fi 187 | if $redhat_package_manager --help | grep -q "\\-\\-disablerepo="; then 188 | local disable_repo="--disablerepo=" 189 | else 190 | local disable_repo="--disablerepo " 191 | fi 192 | if [ $release == centos-stream ]; then 193 | local epel_repo="epel,epel-next" 194 | elif [ $release == oracle ]; then 195 | if version_ge "$systemVersion" 9; then 196 | local epel_repo="ol9_developer_EPEL" 197 | elif version_ge "$systemVersion" 8; then 198 | local epel_repo="ol8_developer_EPEL" 199 | elif version_ge "$systemVersion" 7; then 200 | local epel_repo="ol7_developer_EPEL" 201 | else 202 | local epel_repo="epel" 203 | fi 204 | else 205 | local epel_repo="epel" 206 | fi 207 | 208 | 209 | if [ $release == fedora ]; then 210 | if $redhat_package_manager_enhanced ${enable_repo}"remi" install "$@"; then 211 | return 0 212 | fi 213 | else 214 | if $redhat_package_manager_enhanced ${enable_repo}"${epel_repo}" install "$@"; then 215 | return 0 216 | fi 217 | if $redhat_package_manager_enhanced ${enable_repo}"${epel_repo},powertools" install "$@" || $redhat_package_manager_enhanced ${enable_repo}"${epel_repo},PowerTools" install "$@"; then 218 | return 0 219 | fi 220 | fi 221 | if $redhat_package_manager_enhanced ${enable_repo}"*" ${disable_repo}"*-debug,*-debuginfo,*-source" install "$@"; then 222 | return 0 223 | fi 224 | if $redhat_package_manager_enhanced ${enable_repo}"*" install "$@"; then 225 | return 0 226 | fi 227 | return 1 228 | } 229 | #安装单个重要依赖 230 | test_important_dependence_installed() 231 | { 232 | local temp_exit_code=1 233 | if [ $release == "ubuntu" ] || [ $release == "debian" ] || [ $release == "deepin" ] || [ $release == "other-debian" ]; then 234 | if LANG="en_US.UTF-8" LANGUAGE="en_US:en" dpkg -s "$1" 2>/dev/null | grep -qi 'status[ '$'\t]*:[ '$'\t]*install[ '$'\t]*ok[ '$'\t]*installed[ '$'\t]*$'; then 235 | if LANG="en_US.UTF-8" LANGUAGE="en_US:en" apt-mark manual "$1" | grep -qi 'set[ '$'\t]*to[ '$'\t]*manually[ '$'\t]*installed'; then 236 | temp_exit_code=0 237 | else 238 | red "安装依赖 \"$1\" 出错!" 239 | green "欢迎进行Bug report(https://github.com/kirin10000/Xray-script/issues),感谢您的支持" 240 | yellow "按回车键继续或者Ctrl+c退出" 241 | read -s 242 | fi 243 | elif $debian_package_manager -y --no-install-recommends install "$1"; then 244 | temp_exit_code=0 245 | else 246 | $debian_package_manager update 247 | $debian_package_manager -y -f install 248 | $debian_package_manager -y --no-install-recommends install "$1" && temp_exit_code=0 249 | fi 250 | else 251 | if rpm -q "$2" > /dev/null 2>&1; then 252 | if [ "$redhat_package_manager" == "dnf" ]; then 253 | dnf mark install "$2" && temp_exit_code=0 254 | else 255 | yumdb set reason user "$2" && temp_exit_code=0 256 | fi 257 | elif redhat_install "$2"; then 258 | temp_exit_code=0 259 | fi 260 | fi 261 | return $temp_exit_code 262 | } 263 | check_important_dependence_installed() 264 | { 265 | if ! test_important_dependence_installed "$@"; then 266 | if [ $release == "ubuntu" ] || [ $release == "debian" ] || [ $release == "deepin" ] || [ $release == "other-debian" ]; then 267 | red "重要组件\"$1\"安装失败!!" 268 | else 269 | red "重要组件\"$2\"安装失败!!" 270 | fi 271 | yellow "按回车键继续或者Ctrl+c退出" 272 | read -s 273 | fi 274 | } 275 | #安装依赖 276 | install_dependence() 277 | { 278 | if [ $release == "ubuntu" ] || [ $release == "debian" ] || [ $release == "deepin" ] || [ $release == "other-debian" ]; then 279 | if ! $debian_package_manager -y --no-install-recommends install "$@"; then 280 | $debian_package_manager update 281 | $debian_package_manager -y -f install 282 | if ! $debian_package_manager -y --no-install-recommends install "$@"; then 283 | yellow "依赖安装失败!!" 284 | green "欢迎进行Bug report(https://github.com/kirin10000/Xray-script/issues),感谢您的支持" 285 | yellow "按回车键继续或者Ctrl+c退出" 286 | read -s 287 | fi 288 | fi 289 | else 290 | if ! redhat_install "$@"; then 291 | yellow "依赖安装失败!!" 292 | green "欢迎进行Bug report(https://github.com/kirin10000/Xray-script/issues),感谢您的支持" 293 | yellow "按回车键继续或者Ctrl+c退出" 294 | read -s 295 | fi 296 | fi 297 | } 298 | #安装epel源 299 | install_epel() 300 | { 301 | if [ $release == "ubuntu" ] || [ $release == "debian" ] || [ $release == "deepin" ] || [ $release == "other-debian" ]; then 302 | return 303 | fi 304 | 305 | local ret=0 306 | if [ $release == fedora ]; then 307 | return 308 | elif [ $release == centos-stream ]; then 309 | if version_ge "$systemVersion" 10; then 310 | ret=-1 311 | elif version_ge "$systemVersion" 9; then 312 | check_important_dependence_installed "" dnf-plugins-core 313 | dnf config-manager --set-enabled crb || ret=-1 314 | redhat_install "https://dl.fedoraproject.org/pub/epel/epel-release-latest-9.noarch.rpm" "https://dl.fedoraproject.org/pub/epel/epel-next-release-latest-9.noarch.rpm" || ret=-1 315 | elif version_ge "$systemVersion" 8; then 316 | check_important_dependence_installed "" dnf-plugins-core 317 | dnf config-manager --set-enabled powertools || dnf config-manager --set-enabled PowerTools || ret=-1 318 | redhat_install epel-release epel-next-release || ret=-1 319 | else 320 | ret=-1 321 | fi 322 | elif [ $release == centos ]; then 323 | if version_ge "$systemVersion" 9; then 324 | ret=-1 325 | elif version_ge "$systemVersion" 8; then 326 | check_important_dependence_installed "" dnf-plugins-core 327 | dnf config-manager --set-enabled powertools || dnf config-manager --set-enabled PowerTools || ret=-1 328 | redhat_install epel-release || ret=-1 329 | elif version_ge "$systemVersion" 7; then 330 | redhat_install epel-release || ret=-1 331 | elif version_ge "$systemVersion" 6; then 332 | redhat_install epel-release || ret=-1 333 | else 334 | ret=-1 335 | fi 336 | elif [ $release == oracle ]; then 337 | if version_ge "$systemVersion" 9; then 338 | ret=-1 339 | elif version_ge "$systemVersion" 8; then 340 | redhat_install oracle-epel-release-el8 || ret=-1 341 | elif version_ge "$systemVersion" 7; then 342 | redhat_install oracle-epel-release-el7 || ret=-1 343 | else 344 | ret=-1 345 | fi 346 | elif [ $release == rhel ]; then 347 | if version_ge "$systemVersion" 9; then 348 | ret=-1 349 | elif version_ge "$systemVersion" 8; then 350 | subscription-manager repos --enable "codeready-builder-for-rhel-8-$(arch)-rpms" || ret=-1 351 | redhat_install "https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm" || ret=-1 352 | elif version_ge "$systemVersion" 7; then 353 | subscription-manager repos --enable "rhel-*-optional-rpms" --enable "rhel-*-extras-rpms" --enable "rhel-ha-for-rhel-*-server-rpms" || ret=-1 354 | redhat_install "https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm" || ret=-1 355 | else 356 | ret=-1 357 | fi 358 | else 359 | if [ $redhat_package_manager == dnf ]; then 360 | check_important_dependence_installed "" dnf-plugins-core 361 | dnf config-manager --set-enabled powertools || dnf config-manager --set-enabled PowerTools 362 | fi 363 | redhat_install epel-release || ret=-1 364 | fi 365 | 366 | if [ $ret -ne 0 ]; then 367 | if [ $release == other-redhat ]; then 368 | if $redhat_package_manager repolist epel | grep -q epel; then 369 | return 370 | fi 371 | yellow "epel源安装失败,这可能导致之后的安装失败,也可能没有影响(取决于你的系统的repo包含软件是否丰富)" 372 | echo 373 | tyblue "除了安装epel源过程出错,也有可能是因为你使用的系统比较冷门导致安装失败" 374 | tyblue "这种情况下可以手动安装epel源,之后重新运行脚本" 375 | else 376 | yellow "epel源安装失败!!" 377 | fi 378 | echo 379 | green "欢迎进行Bug report(https://github.com/kirin10000/Xray-script/issues),感谢您的支持" 380 | yellow "按回车键继续或者Ctrl+c退出" 381 | read -s 382 | fi 383 | } 384 | fedora_install_remi() 385 | { 386 | if [ $release != fedora ]; then 387 | return 388 | fi 389 | if ! redhat_install "https://rpms.remirepo.net/fedora/remi-release-$systemVersion.rpm"; then 390 | yellow "remi源安装失败!!" 391 | green "欢迎进行Bug report(https://github.com/kirin10000/Xray-script/issues),感谢您的支持" 392 | yellow "按回车键继续或者Ctrl+c退出" 393 | read -s 394 | fi 395 | } 396 | #进入工作目录 397 | enter_temp_dir() 398 | { 399 | local temp_exit_code=0 400 | cd / || temp_exit_code=1 401 | rm -rf "$temp_dir" || temp_exit_code=1 402 | mkdir "$temp_dir" || temp_exit_code=1 403 | cd "$temp_dir" || temp_exit_code=1 404 | if [ $temp_exit_code -eq 1 ]; then 405 | yellow "进入临时目录失败" 406 | tyblue "可能是之前运行脚本中断导致,建议先重启系统,再运行脚本" 407 | exit 1 408 | fi 409 | } 410 | #检查是否需要php 411 | check_need_php() 412 | { 413 | [ $is_installed -eq 0 ] && return 1 414 | local i 415 | for i in "${pretend_list[@]}" 416 | do 417 | [ "$i" == "2" ] && return 0 418 | done 419 | return 1 420 | } 421 | #检查是否需要cloudreve 422 | check_need_cloudreve() 423 | { 424 | [ $is_installed -eq 0 ] && return 1 425 | local i 426 | for i in "${pretend_list[@]}" 427 | do 428 | [ "$i" == "1" ] && return 0 429 | done 430 | return 1 431 | } 432 | #检查Nginx更新 433 | check_nginx_update() 434 | { 435 | local nginx_version_now 436 | local openssl_version_now 437 | nginx_version_now="nginx-$(${nginx_prefix}/sbin/nginx -V 2>&1 | grep "^nginx version:" | cut -d / -f 2)" 438 | openssl_version_now="openssl-openssl-$(${nginx_prefix}/sbin/nginx -V 2>&1 | grep "^built with OpenSSL" | awk '{print $4}')" 439 | if [ "$nginx_version_now" == "$nginx_version" ] && [ "$openssl_version_now" == "$openssl_version" ]; then 440 | return 1 441 | else 442 | return 0 443 | fi 444 | } 445 | #检查php更新 446 | check_php_update() 447 | { 448 | local php_version_now 449 | php_version_now="php-$(${php_prefix}/bin/php -v | head -n 1 | awk '{print $2}')" 450 | [ "$php_version_now" == "$php_version" ] && return 1 451 | return 0 452 | } 453 | swap_on() 454 | { 455 | if [ $using_swap_now -ne 0 ]; then 456 | red "开启swap错误发生" 457 | green "欢迎进行Bug report(https://github.com/kirin10000/Xray-script/issues),感谢您的支持" 458 | yellow "按回车键继续或者Ctrl+c退出" 459 | read -s 460 | fi 461 | local need_swap_size=$(( $1+$(free -m | sed -n 2p | awk '{print $3}')+$(free -m | sed -n 3p | awk '{print $3}')-$(free -m | sed -n 2p | awk '{print $2}')-$(free -m | sed -n 3p | awk '{print $2}') )) 462 | if [ $need_swap_size -gt 0 ]; then 463 | tyblue "可用内存不足$1M,自动申请swap。。" 464 | if dd if=/dev/zero of=${temp_dir}/swap bs=1M count=$need_swap_size && chmod 0600 ${temp_dir}/swap && mkswap ${temp_dir}/swap && swapon ${temp_dir}/swap; then 465 | using_swap_now=1 466 | else 467 | rm -rf ${temp_dir}/swap 468 | red "开启swap失败!" 469 | yellow "可能是机器内存和硬盘空间都不足" 470 | green "欢迎进行Bug report(https://github.com/kirin10000/Xray-script/issues),感谢您的支持" 471 | yellow "按回车键继续或者Ctrl+c退出" 472 | read -s 473 | fi 474 | fi 475 | } 476 | swap_off() 477 | { 478 | if [ $using_swap_now -eq 1 ]; then 479 | tyblue "正在恢复swap。。。" 480 | if swapoff ${temp_dir}/swap && rm -rf ${temp_dir}/swap; then 481 | using_swap_now=0 482 | else 483 | red "关闭swap失败!" 484 | green "欢迎进行Bug report(https://github.com/kirin10000/Xray-script/issues),感谢您的 485 | 支持" 486 | yellow "按回车键继续或者Ctrl+c退出" 487 | read -s 488 | fi 489 | fi 490 | } 491 | #启用/禁用php cloudreve 492 | turn_on_off_php() 493 | { 494 | if check_need_php; then 495 | systemctl start php-fpm 496 | systemctl enable php-fpm 497 | else 498 | systemctl stop php-fpm 499 | systemctl disable php-fpm 500 | fi 501 | } 502 | turn_on_off_cloudreve() 503 | { 504 | if check_need_cloudreve; then 505 | systemctl start cloudreve 506 | systemctl enable cloudreve 507 | else 508 | systemctl stop cloudreve 509 | systemctl disable cloudreve 510 | fi 511 | } 512 | let_change_cloudreve_domain() 513 | { 514 | tyblue "----------- 请打开\"https://${domain_list[$1]}\"修改Cloudreve站点信息 ---------" 515 | tyblue " 1. 登陆帐号" 516 | tyblue " 2. 右上角头像 -> 管理面板" 517 | tyblue " 3. 左侧的参数设置 -> 站点信息" 518 | tyblue " 4. 站点URL改为\"https://${domain_list[$1]}\" -> 往下拉点击保存" 519 | sleep 15s 520 | echo -e "\\n\\n" 521 | tyblue "按两次回车键以继续。。。" 522 | read -s 523 | read -s 524 | } 525 | ask_if() 526 | { 527 | local choice="" 528 | while [ "$choice" != "y" ] && [ "$choice" != "n" ] 529 | do 530 | tyblue "$1" 531 | read choice 532 | done 533 | [ $choice == y ] && return 0 534 | return 1 535 | } 536 | #卸载函数 537 | remove_xray() 538 | { 539 | if ! bash -c "$(curl -L https://github.com/XTLS/Xray-install/raw/main/install-release.sh)" @ remove --purge; then 540 | systemctl stop xray 541 | systemctl disable xray 542 | rm -rf /usr/local/bin/xray 543 | rm -rf /usr/local/etc/xray 544 | rm -rf /etc/systemd/system/xray.service 545 | rm -rf /etc/systemd/system/xray@.service 546 | rm -rf /var/log/xray 547 | systemctl daemon-reload 548 | fi 549 | xray_is_installed=0 550 | is_installed=0 551 | } 552 | remove_nginx() 553 | { 554 | systemctl stop nginx 555 | systemctl disable nginx 556 | rm -rf $nginx_service 557 | systemctl daemon-reload 558 | rm -rf ${nginx_prefix} 559 | nginx_is_installed=0 560 | is_installed=0 561 | } 562 | remove_php() 563 | { 564 | systemctl stop php-fpm 565 | systemctl disable php-fpm 566 | rm -rf $php_service 567 | systemctl daemon-reload 568 | rm -rf ${php_prefix} 569 | php_is_installed=0 570 | } 571 | remove_cloudreve() 572 | { 573 | systemctl stop cloudreve 574 | systemctl disable cloudreve 575 | rm -rf $cloudreve_service 576 | systemctl daemon-reload 577 | rm -rf ${cloudreve_prefix} 578 | cloudreve_is_installed=0 579 | } 580 | #备份域名伪装网站 581 | backup_domains_web() 582 | { 583 | local i 584 | mkdir "${temp_dir}/domain_backup" 585 | for i in "${true_domain_list[@]}" 586 | do 587 | if [ "$1" == "cp" ]; then 588 | cp -rf "${nginx_prefix}/html/${i}" "${temp_dir}/domain_backup" 2>/dev/null 589 | else 590 | mv "${nginx_prefix}/html/${i}" "${temp_dir}/domain_backup" 2>/dev/null 591 | fi 592 | done 593 | } 594 | #获取配置信息 595 | get_config_info() 596 | { 597 | [ $is_installed -eq 0 ] && return 598 | local temp 599 | if grep -q '"network"[ '$'\t]*:[ '$'\t]*"ws"' $xray_config; then 600 | if [[ "$(grep -E '"protocol"[ '$'\t]*:[ '$'\t]*"(vmess|vless)"' $xray_config | tail -n 1)" =~ \"vmess\" ]]; then 601 | protocol_3=2 602 | else 603 | protocol_3=1 604 | fi 605 | path="$(grep '"path"' $xray_config | tail -n 1 | cut -d : -f 2 | cut -d \" -f 2)" 606 | xid_3="$(grep '"id"' $xray_config | tail -n 1 | cut -d : -f 2 | cut -d \" -f 2)" 607 | else 608 | protocol_3=0 609 | fi 610 | if grep -q '"network"[ '$'\t]*:[ '$'\t]*"grpc"' $xray_config; then 611 | if [ $protocol_3 -ne 0 ]; then 612 | temp=2 613 | else 614 | temp=1 615 | fi 616 | if [[ "$(grep -E '"protocol"[ '$'\t]*:[ '$'\t]*"(vmess|vless)"' $xray_config | tail -n $temp | head -n 1)" =~ \"vmess\" ]]; then 617 | protocol_2=2 618 | else 619 | protocol_2=1 620 | fi 621 | serviceName="$(grep '"serviceName"' $xray_config | cut -d : -f 2 | cut -d \" -f 2)" 622 | xid_2="$(grep '"id"' $xray_config | tail -n $temp | head -n 1 | cut -d : -f 2 | cut -d \" -f 2)" 623 | else 624 | protocol_2=0 625 | fi 626 | temp=1 627 | [ $protocol_2 -ne 0 ] && ((temp++)) 628 | [ $protocol_3 -ne 0 ] && ((temp++)) 629 | if [ $(grep -c '"clients"' $xray_config) -eq $temp ]; then 630 | protocol_1=1 631 | xid_1="$(grep '"id"' $xray_config | head -n 1 | cut -d : -f 2 | cut -d \" -f 2)" 632 | else 633 | protocol_1=0 634 | fi 635 | unset domain_list 636 | unset true_domain_list 637 | unset domain_config_list 638 | unset pretend_list 639 | domain_list=($(grep "^#domain_list=" $nginx_config | cut -d = -f 2)) 640 | true_domain_list=($(grep "^#true_domain_list=" $nginx_config | cut -d = -f 2)) 641 | domain_config_list=($(grep "^#domain_config_list=" $nginx_config | cut -d = -f 2)) 642 | pretend_list=($(grep "^#pretend_list=" $nginx_config | cut -d = -f 2)) 643 | } 644 | gen_cflags() 645 | { 646 | cflags=('-g0' '-O3') 647 | if gcc -v --help 2>&1 | grep -qw "\\-fstack\\-reuse"; then 648 | cflags+=('-fstack-reuse=all') 649 | fi 650 | if gcc -v --help 2>&1 | grep -qw "\\-fdwarf2\\-cfi\\-asm"; then 651 | cflags+=('-fdwarf2-cfi-asm') 652 | fi 653 | if gcc -v --help 2>&1 | grep -qw "\\-fplt"; then 654 | cflags+=('-fplt') 655 | fi 656 | if gcc -v --help 2>&1 | grep -qw "\\-ftrapv"; then 657 | cflags+=('-fno-trapv') 658 | fi 659 | if gcc -v --help 2>&1 | grep -qw "\\-fexceptions"; then 660 | cflags+=('-fno-exceptions') 661 | elif gcc -v --help 2>&1 | grep -qw "\\-fhandle\\-exceptions"; then 662 | cflags+=('-fno-handle-exceptions') 663 | fi 664 | if gcc -v --help 2>&1 | grep -qw "\\-funwind\\-tables"; then 665 | cflags+=('-fno-unwind-tables') 666 | fi 667 | if gcc -v --help 2>&1 | grep -qw "\\-fasynchronous\\-unwind\\-tables"; then 668 | cflags+=('-fno-asynchronous-unwind-tables') 669 | fi 670 | if gcc -v --help 2>&1 | grep -qw "\\-fstack\\-check"; then 671 | cflags+=('-fno-stack-check') 672 | fi 673 | if gcc -v --help 2>&1 | grep -qw "\\-fstack\\-clash\\-protection"; then 674 | cflags+=('-fno-stack-clash-protection') 675 | fi 676 | if gcc -v --help 2>&1 | grep -qw "\\-fstack\\-protector"; then 677 | cflags+=('-fno-stack-protector') 678 | fi 679 | if gcc -v --help 2>&1 | grep -qw "\\-fcf\\-protection="; then 680 | cflags+=('-fcf-protection=none') 681 | fi 682 | if gcc -v --help 2>&1 | grep -qw "\\-fsplit\\-stack"; then 683 | cflags+=('-fno-split-stack') 684 | fi 685 | if gcc -v --help 2>&1 | grep -qw "\\-fsanitize"; then 686 | > temp.c 687 | if gcc -E -fno-sanitize=all temp.c >/dev/null 2>&1; then 688 | cflags+=('-fno-sanitize=all') 689 | fi 690 | rm temp.c 691 | fi 692 | if gcc -v --help 2>&1 | grep -qw "\\-finstrument\\-functions"; then 693 | cflags+=('-fno-instrument-functions') 694 | fi 695 | } 696 | gen_cxxflags() 697 | { 698 | cxxflags=('-g0' '-O3') 699 | if g++ -v --help 2>&1 | grep -qw "\\-fstack\\-reuse"; then 700 | cxxflags+=('-fstack-reuse=all') 701 | fi 702 | if g++ -v --help 2>&1 | grep -qw "\\-fdwarf2\\-cfi\\-asm"; then 703 | cxxflags+=('-fdwarf2-cfi-asm') 704 | fi 705 | if g++ -v --help 2>&1 | grep -qw "\\-fplt"; then 706 | cxxflags+=('-fplt') 707 | fi 708 | if g++ -v --help 2>&1 | grep -qw "\\-ftrapv"; then 709 | cxxflags+=('-fno-trapv') 710 | fi 711 | if g++ -v --help 2>&1 | grep -qw "\\-fstack\\-check"; then 712 | cxxflags+=('-fno-stack-check') 713 | fi 714 | if g++ -v --help 2>&1 | grep -qw "\\-fstack\\-clash\\-protection"; then 715 | cxxflags+=('-fno-stack-clash-protection') 716 | fi 717 | if g++ -v --help 2>&1 | grep -qw "\\-fstack\\-protector"; then 718 | cxxflags+=('-fno-stack-protector') 719 | fi 720 | if g++ -v --help 2>&1 | grep -qw "\\-fcf\\-protection="; then 721 | cxxflags+=('-fcf-protection=none') 722 | fi 723 | if g++ -v --help 2>&1 | grep -qw "\\-fsplit\\-stack"; then 724 | cxxflags+=('-fno-split-stack') 725 | fi 726 | if g++ -v --help 2>&1 | grep -qw "\\-fsanitize"; then 727 | > temp.cpp 728 | if g++ -E -fno-sanitize=all temp.cpp >/dev/null 2>&1; then 729 | cxxflags+=('-fno-sanitize=all') 730 | fi 731 | rm temp.cpp 732 | fi 733 | if g++ -v --help 2>&1 | grep -qw "\\-finstrument\\-functions"; then 734 | cxxflags+=('-fno-instrument-functions') 735 | fi 736 | if g++ -v --help 2>&1 | grep -qw "\\-fvtable\\-verify"; then 737 | cxxflags+=('-fvtable-verify=none') 738 | fi 739 | } 740 | 741 | check_base_command 742 | if [[ ! -f '/etc/os-release' ]]; then 743 | red "系统版本太老,Xray官方脚本不支持" 744 | exit 1 745 | fi 746 | if [[ -f /.dockerenv ]] || grep -q 'docker\|lxc' /proc/1/cgroup && [[ "$(type -P systemctl)" ]]; then 747 | true 748 | elif [[ -d /run/systemd/system ]] || grep -q systemd <(ls -l /sbin/init); then 749 | true 750 | else 751 | red "仅支持使用systemd的系统!" 752 | exit 1 753 | fi 754 | if [[ ! -d /dev/shm ]]; then 755 | red "/dev/shm不存在,不支持的系统" 756 | exit 1 757 | fi 758 | if [[ "$(type -P apt)" ]]; then 759 | if [[ "$(type -P dnf)" ]] || [[ "$(type -P yum)" ]]; then 760 | red "同时存在apt和yum/dnf" 761 | red "不支持的系统!" 762 | exit 1 763 | fi 764 | release="other-debian" 765 | debian_package_manager="apt" 766 | redhat_package_manager="true" 767 | redhat_package_manager_enhanced="true" 768 | elif [[ "$(type -P dnf)" ]]; then 769 | release="other-redhat" 770 | redhat_package_manager="dnf" 771 | debian_package_manager="true" 772 | if $redhat_package_manager --help | grep -q "\\-\\-setopt="; then 773 | redhat_package_manager_enhanced="$redhat_package_manager -y --setopt=install_weak_deps=False" 774 | else 775 | redhat_package_manager_enhanced="$redhat_package_manager -y --setopt install_weak_deps=False" 776 | fi 777 | elif [[ "$(type -P yum)" ]]; then 778 | release="other-redhat" 779 | redhat_package_manager="yum" 780 | debian_package_manager="true" 781 | if $redhat_package_manager --help | grep -q "\\-\\-setopt="; then 782 | redhat_package_manager_enhanced="$redhat_package_manager -y --setopt=install_weak_deps=False" 783 | else 784 | redhat_package_manager_enhanced="$redhat_package_manager -y --setopt install_weak_deps=False" 785 | fi 786 | else 787 | red "apt yum dnf命令均不存在" 788 | red "不支持的系统" 789 | exit 1 790 | fi 791 | if [[ -z "${BASH_SOURCE[0]}" ]]; then 792 | red "请以文件的形式运行脚本,或不支持的bash版本" 793 | exit 1 794 | fi 795 | if [ "$EUID" != "0" ]; then 796 | red "请用root用户运行此脚本!!" 797 | exit 1 798 | fi 799 | if ! check_sudo; then 800 | yellow "检测到正在使用sudo!" 801 | yellow "acme.sh不支持sudo,请使用root用户运行此脚本" 802 | tyblue "详情请见:https://github.com/acmesh-official/acme.sh/wiki/sudo" 803 | exit 1 804 | fi 805 | [ -e $nginx_config ] && nginx_is_installed=1 || nginx_is_installed=0 806 | [ -e ${php_prefix}/php-fpm.service.default ] && php_is_installed=1 || php_is_installed=0 807 | [ -e ${cloudreve_prefix}/cloudreve.db ] && cloudreve_is_installed=1 || cloudreve_is_installed=0 808 | [ -e /usr/local/bin/xray ] && xray_is_installed=1 || xray_is_installed=0 809 | ([ $xray_is_installed -eq 1 ] && [ $nginx_is_installed -eq 1 ]) && is_installed=1 || is_installed=0 810 | cpu_thread_num="$(grep '^processor' /proc/cpuinfo | uniq | wc -l)" 811 | if [ -z "$cpu_thread_num" ] || [ $cpu_thread_num -lt 1 ]; then 812 | red "获取CPU线程数失败!" 813 | exit 1 814 | fi 815 | case "$(uname -m)" in 816 | 'amd64' | 'x86_64') 817 | machine='amd64' 818 | ;; 819 | 'armv5tel' | 'armv6l' | 'armv7' | 'armv7l') 820 | machine='arm' 821 | ;; 822 | 'armv8' | 'aarch64') 823 | machine='arm64' 824 | ;; 825 | *) 826 | machine='' 827 | ;; 828 | esac 829 | 830 | #获取系统版本信息 831 | get_system_info() 832 | { 833 | timezone="$(ls -l /etc/localtime | awk -F zoneinfo/ '{print $NF}')" 834 | if [[ ! -L /etc/localtime ]] || [ "$timezone" == "" ]; then 835 | yellow "获取时区失败!" 836 | green "欢迎进行Bug report(https://github.com/kirin10000/Xray-script/issues),感谢您的支持" 837 | yellow "按回车键继续或者Ctrl+c退出" 838 | read -s 839 | fi 840 | if bash -c "echo $(grep '^[ '$'\t]*ID[ '$'\t]*=' /etc/os-release | cut -d = -f 2-)" | grep -qiw ubuntu; then 841 | release="ubuntu" 842 | elif bash -c "echo $(grep '^[ '$'\t]*ID[ '$'\t]*=' /etc/os-release | cut -d = -f 2-)" | grep -qiw debian; then 843 | release="debian" 844 | elif bash -c "echo $(grep '^[ '$'\t]*ID[ '$'\t]*=' /etc/os-release | cut -d = -f 2-)" | grep -qiw deepin; then 845 | release="deepin" 846 | elif bash -c "echo $(grep '^[ '$'\t]*ID[ '$'\t]*=' /etc/os-release | cut -d = -f 2-)" | grep -qiw centos; then 847 | if bash -c "echo $(grep '^[ '$'\t]*NAME[ '$'\t]*=' /etc/os-release | cut -d = -f 2-)" | grep -qiw stream; then 848 | release="centos-stream" 849 | else 850 | release="centos" 851 | fi 852 | elif bash -c "echo $(grep '^[ '$'\t]*ID[ '$'\t]*=' /etc/os-release | cut -d = -f 2-)" | grep -qiw fedora; then 853 | release="fedora" 854 | elif bash -c "echo $(grep '^[ '$'\t]*NAME[ '$'\t]*=' /etc/os-release | cut -d = -f 2-)" | grep -qiw oracle; then 855 | release="oracle" 856 | elif bash -c "echo $(grep '^[ '$'\t]*ID[ '$'\t]*=' /etc/os-release | cut -d = -f 2-)" | grep -qiw rhel; then 857 | release="rhel" 858 | elif bash -c "echo $(grep '^[ '$'\t]*ID[ '$'\t]*=' /etc/os-release | cut -d = -f 2-)" | grep -qiw redhatenterprise; then 859 | release="rhel" 860 | fi 861 | systemVersion="$(bash -c "echo $(grep '^[ '$'\t]*VERSION_ID[ '$'\t]*=' /etc/os-release | cut -d = -f 2-)")" 862 | if [ "$(bash -c "echo $(grep '^[ '$'\t]*ID[ '$'\t]*=' /etc/os-release | cut -d = -f 2-)")" == "" ] || [ "$systemVersion" == "" ]; then 863 | yellow "获取系统信息失败!" 864 | green "欢迎进行Bug report(https://github.com/kirin10000/Xray-script/issues),感谢您的支持" 865 | yellow "按回车键继续或者Ctrl+c退出" 866 | read -s 867 | fi 868 | } 869 | 870 | #检查TCP 80端口和443端口是否被占用 871 | check_port() 872 | { 873 | green "正在检查端口占用。。。" 874 | local xray_status=0 875 | local nginx_status=0 876 | systemctl -q is-active xray && xray_status=1 && systemctl stop xray 877 | systemctl -q is-active nginx && nginx_status=1 && systemctl stop nginx 878 | ([ $xray_status -eq 1 ] || [ $nginx_status -eq 1 ]) && sleep 2s 879 | local check_list=('80' '443') 880 | local i 881 | for i in "${check_list[@]}" 882 | do 883 | if ss -natl | awk '{print $4}' | awk -F : '{print $NF}' | grep -E "^[0-9]+$" | grep -wq "${i}"; then 884 | red "TCP:${i}端口被占用!" 885 | yellow "请用 lsof -i:${i} 命令检查" 886 | exit 1 887 | fi 888 | done 889 | [ $xray_status -eq 1 ] && systemctl start xray 890 | [ $nginx_status -eq 1 ] && systemctl start nginx 891 | } 892 | 893 | #检查Nginx是否已通过apt/dnf/yum安装 894 | check_nginx_installed_system() 895 | { 896 | if [[ ! -f /usr/lib/systemd/system/nginx.service ]] && [[ ! -f /lib/systemd/system/nginx.service ]]; then 897 | return 0 898 | fi 899 | red "------------检测到Nginx已安装,并且会与此脚本冲突------------" 900 | yellow " 如果您不记得之前有安装过Nginx,那么可能是使用别的一键脚本时安装的" 901 | yellow " 建议使用纯净的系统运行此脚本" 902 | echo 903 | ! ask_if "是否尝试卸载?(y/n)" && exit 0 904 | $debian_package_manager -y purge '^nginx' '^libnginx' 905 | $redhat_package_manager -y remove 'nginx*' 906 | if [[ ! -f /usr/lib/systemd/system/nginx.service ]] && [[ ! -f /lib/systemd/system/nginx.service ]]; then 907 | return 0 908 | fi 909 | red "卸载失败!" 910 | yellow "请尝试更换系统,建议使用Ubuntu最新版系统" 911 | green "欢迎进行Bug report(https://github.com/kirin10000/Xray-script/issues),感谢您的支持" 912 | exit 1 913 | } 914 | 915 | #检查SELinux 916 | check_SELinux() 917 | { 918 | turn_off_selinux() 919 | { 920 | if command -V setenforce >/dev/null 2>&1; then 921 | local selinux_utils_is_installed=1 922 | else 923 | local selinux_utils_is_installed=0 924 | check_important_dependence_installed selinux-utils libselinux-utils 925 | fi 926 | setenforce 0 927 | sed -i 's/^[ \t]*SELINUX[ \t]*=[ \t]*enforcing[ \t]*$/SELINUX=disabled/g' /etc/sysconfig/selinux 928 | sed -i 's/^[ \t]*SELINUX[ \t]*=[ \t]*enforcing[ \t]*$/SELINUX=disabled/g' /etc/selinux/config 929 | if [ $selinux_utils_is_installed -eq 0 ]; then 930 | $redhat_package_manager -y remove libselinux-utils 931 | $debian_package_manager -y purge selinux-utils 932 | fi 933 | } 934 | if getenforce 2>/dev/null | grep -wqi Enforcing || grep -Eq '^[ '$'\t]*SELINUX[ '$'\t]*=[ '$'\t]*enforcing[ '$'\t]*$' /etc/sysconfig/selinux 2>/dev/null || grep -Eq '^[ '$'\t]*SELINUX[ '$'\t]*=[ '$'\t]*enforcing[ '$'\t]*$' /etc/selinux/config 2>/dev/null; then 935 | yellow "检测到SELinux已开启,脚本可能无法正常运行" 936 | if ask_if "尝试关闭SELinux?(y/n)"; then 937 | turn_off_selinux 938 | else 939 | exit 0 940 | fi 941 | fi 942 | } 943 | 944 | #配置sshd 945 | check_ssh_timeout() 946 | { 947 | if grep -q "#This file has been edited by Xray-TLS-Web-setup-script" /etc/ssh/sshd_config; then 948 | return 0 949 | fi 950 | echo -e "\\n\\n\\n" 951 | tyblue "------------------------------------------" 952 | tyblue " 安装可能需要比较长的时间" 953 | tyblue " 如果中途断开连接将会很麻烦" 954 | tyblue " 设置ssh连接超时时间将有效降低断连可能性" 955 | echo 956 | ! ask_if "是否设置ssh连接超时时间?(y/n)" && return 0 957 | sed -i '/^[ \t]*ClientAliveInterval[ \t]/d' /etc/ssh/sshd_config 958 | sed -i '/^[ \t]*ClientAliveCountMax[ \t]/d' /etc/ssh/sshd_config 959 | echo >> /etc/ssh/sshd_config 960 | echo "ClientAliveInterval 30" >> /etc/ssh/sshd_config 961 | echo "ClientAliveCountMax 60" >> /etc/ssh/sshd_config 962 | echo "#This file has been edited by Xray-TLS-Web-setup-script" >> /etc/ssh/sshd_config 963 | systemctl restart sshd 964 | green "----------------------配置完成----------------------" 965 | tyblue " 请重新连接服务器以让配置生效" 966 | if [ $in_install_update_xray_tls_web -eq 1 ]; then 967 | yellow " 重新连接服务器后,请再次运行脚本完成剩余部分的安装/升级" 968 | yellow " 再次运行脚本时,重复之前选过的选项即可" 969 | yellow " 按回车键退出。。。。" 970 | read -s 971 | fi 972 | exit 0 973 | } 974 | 975 | #删除防火墙和阿里云盾 976 | uninstall_firewall() 977 | { 978 | green "正在删除防火墙。。。" 979 | ufw disable 980 | $debian_package_manager -y purge firewalld 981 | $debian_package_manager -y purge ufw 982 | systemctl stop firewalld 983 | systemctl disable firewalld 984 | $redhat_package_manager -y remove firewalld 985 | green "正在删除阿里云盾和腾讯云盾 (仅对阿里云和腾讯云服务器有效)。。。" 986 | #阿里云盾 987 | pkill -9 assist_daemon 988 | rm -rf /usr/local/share/assist-daemon 989 | systemctl stop CmsGoAgent 990 | systemctl disable CmsGoAgent 991 | systemctl stop cloudmonitor 992 | /etc/rc.d/init.d/cloudmonitor remove 993 | rm -rf /usr/local/cloudmonitor 994 | rm -rf /etc/systemd/system/CmsGoAgent.service 995 | systemctl daemon-reload 996 | #aliyun-assist 997 | systemctl stop AssistDaemon 998 | systemctl disable AssistDaemon 999 | systemctl stop aliyun 1000 | systemctl disable aliyun 1001 | $debian_package_manager -y purge aliyun-assist 1002 | $redhat_package_manager -y remove aliyun_assist 1003 | rm -rf /usr/local/share/aliyun-assist 1004 | rm -rf /usr/sbin/aliyun_installer 1005 | rm -rf /usr/sbin/aliyun-service 1006 | rm -rf /usr/sbin/aliyun-service.backup 1007 | rm -rf /etc/systemd/system/aliyun.service 1008 | rm -rf /etc/systemd/system/AssistDaemon.service 1009 | systemctl daemon-reload 1010 | #AliYunDun aegis 1011 | pkill -9 AliYunDunUpdate 1012 | pkill -9 AliYunDun 1013 | pkill -9 AliHids 1014 | /etc/init.d/aegis uninstall 1015 | rm -rf /usr/local/aegis 1016 | rm -rf /etc/init.d/aegis 1017 | rm -rf /etc/rc2.d/S80aegis 1018 | rm -rf /etc/rc3.d/S80aegis 1019 | rm -rf /etc/rc4.d/S80aegis 1020 | rm -rf /etc/rc5.d/S80aegis 1021 | 1022 | #腾讯云盾 1023 | /usr/local/qcloud/stargate/admin/uninstall.sh 1024 | /usr/local/qcloud/YunJing/uninst.sh 1025 | /usr/local/qcloud/monitor/barad/admin/uninstall.sh 1026 | systemctl daemon-reload 1027 | systemctl stop YDService 1028 | systemctl disable YDService 1029 | rm -rf /lib/systemd/system/YDService.service 1030 | systemctl daemon-reload 1031 | systemctl stop tat_agent 1032 | systemctl disable tat_agent 1033 | rm -rf /etc/systemd/system/tat_agent.service 1034 | systemctl daemon-reload 1035 | sed -i 's#/usr/local/qcloud#rcvtevyy4f5d#g' /etc/rc.local 1036 | sed -i '/rcvtevyy4f5d/d' /etc/rc.local 1037 | rm -rf $(find /etc/udev/rules.d -iname "*qcloud*" 2>/dev/null) 1038 | pkill -9 watchdog.sh 1039 | pkill -9 secu-tcs-agent 1040 | pkill -9 YDService 1041 | pkill -9 YDLive 1042 | pkill -9 sgagent 1043 | pkill -9 tat_agent 1044 | pkill -9 /usr/local/qcloud 1045 | pkill -9 barad_agent 1046 | kill -s 9 "$(ps -aux | grep '/usr/local/qcloud/nv//nv_driver_install_helper\.sh' | awk '{print $2}')" 1047 | rm -rf /usr/local/qcloud 1048 | rm -rf /usr/local/sa 1049 | rm -rf /usr/local/yd.socket.client 1050 | rm -rf /usr/local/yd.socket.server 1051 | mkdir /usr/local/qcloud 1052 | mkdir /usr/local/qcloud/action 1053 | mkdir /usr/local/qcloud/action/login_banner.sh 1054 | mkdir /usr/local/qcloud/action/action.sh 1055 | if [[ "$(type -P uname)" ]] && uname -a | grep solaris >/dev/null; then 1056 | crontab -l | sed "/qcloud/d" | crontab -- 1057 | else 1058 | crontab -l | sed "/qcloud/d" | crontab - 1059 | fi 1060 | 1061 | # Huawei Cloud 1062 | rm -rf /CloudResetPwdUpdateAgent 1063 | rm -rf /etc/init.d/HSSInstall 1064 | rm -rf /usr/local/uniagent 1065 | pkill -9 uniagent 1066 | } 1067 | 1068 | #升级系统组件 1069 | doupdate() 1070 | { 1071 | updateSystem() 1072 | { 1073 | check_important_dependence_installed "ubuntu-release-upgrader-core" 1074 | echo -e "\\n\\n\\n" 1075 | tyblue "------------------请选择升级系统版本--------------------" 1076 | tyblue " 1. beta版(测试版) 当前版本号:22.04" 1077 | tyblue " 2. release版(稳定版) 当前版本号:22.04" 1078 | tyblue " 3. LTS版(长期支持版) 当前版本号:22.04" 1079 | tyblue " 0. 不升级系统" 1080 | tyblue "-------------------------注意事项-------------------------" 1081 | yellow " 1.升级过程中遇到问话/对话框,如果不清楚,请选择yes/y/第一个选项" 1082 | yellow " 2.升级系统可能需要15分钟或更久" 1083 | yellow " 3.有的时候不能一次性更新到所选择的版本,可能要更新多次" 1084 | yellow " 4.升级系统后以下配置可能会恢复系统默认配置:" 1085 | yellow " ssh端口 ssh超时时间 bbr加速(恢复到关闭状态)" 1086 | tyblue "----------------------------------------------------------" 1087 | green " 您现在的系统版本是:$systemVersion" 1088 | tyblue "----------------------------------------------------------" 1089 | echo 1090 | choice="" 1091 | while [[ ! "$choice" =~ ^(0|[1-9][0-9]*)$ ]] || ((choice>3)) 1092 | do 1093 | read -p "您的选择是:" choice 1094 | done 1095 | if [ $choice -ne 0 ]; then 1096 | if ! [[ "$(grep -i '^[ '$'\t]*port[ '$'\t]' /etc/ssh/sshd_config | awk '{print $2}')" =~ ^("22"|)$ ]]; then 1097 | red "检测到ssh端口号被修改" 1098 | red "升级系统后ssh端口号可能恢复默认值(22)" 1099 | yellow "按回车键继续。。。" 1100 | read -s 1101 | fi 1102 | if [ $in_install_update_xray_tls_web -eq 1 ]; then 1103 | echo 1104 | tyblue "提示:即将开始升级系统" 1105 | yellow " 升级完系统后服务器将重启,重启后,请再次运行脚本完成 Xray-TLS+Web 剩余部分的安装/升级" 1106 | yellow " 再次运行脚本时,重复之前选过的选项即可" 1107 | echo 1108 | sleep 2s 1109 | yellow "按回车键以继续。。。" 1110 | read -s 1111 | fi 1112 | fi 1113 | local i 1114 | for ((i=0;i<2;i++)) 1115 | do 1116 | sed -i '/^[ \t]*Prompt[ \t]*=/d' /etc/update-manager/release-upgrades 1117 | echo 'Prompt=normal' >> /etc/update-manager/release-upgrades 1118 | case "$choice" in 1119 | 1) 1120 | do-release-upgrade -d -m server 1121 | do-release-upgrade -d -m server 1122 | sed -i 's/Prompt=normal/Prompt=lts/' /etc/update-manager/release-upgrades 1123 | do-release-upgrade -d -m server 1124 | do-release-upgrade -d -m server 1125 | sed -i 's/Prompt=lts/Prompt=normal/' /etc/update-manager/release-upgrades 1126 | do-release-upgrade -p -m server 1127 | do-release-upgrade -p -m server 1128 | sed -i 's/Prompt=normal/Prompt=lts/' /etc/update-manager/release-upgrades 1129 | do-release-upgrade -p -m server 1130 | do-release-upgrade -p -m server 1131 | ;; 1132 | 2) 1133 | do-release-upgrade -m server 1134 | do-release-upgrade -m server 1135 | ;; 1136 | 3) 1137 | sed -i 's/Prompt=normal/Prompt=lts/' /etc/update-manager/release-upgrades 1138 | do-release-upgrade -m server 1139 | do-release-upgrade -m server 1140 | ;; 1141 | esac 1142 | $debian_package_manager -y --purge autoremove 1143 | $debian_package_manager update 1144 | $debian_package_manager -y --purge autoremove 1145 | $debian_package_manager -y --auto-remove --purge --no-install-recommends full-upgrade 1146 | $debian_package_manager -y --purge autoremove 1147 | $debian_package_manager clean 1148 | done 1149 | } 1150 | while ((1)) 1151 | do 1152 | echo -e "\\n\\n\\n" 1153 | tyblue "-----------------------是否更新系统组件?-----------------------" 1154 | green " 1. 更新已安装软件,并升级系统 (Ubuntu专享)" 1155 | green " 2. 仅更新已安装软件" 1156 | red " 3. 不更新" 1157 | if [ $release == "ubuntu" ] && (($(free -m | sed -n 2p | awk '{print $2}')<400)); then 1158 | red "检测到内存过小,升级系统可能导致无法开机,请谨慎选择" 1159 | fi 1160 | echo 1161 | choice="" 1162 | while [ "$choice" != "1" ] && [ "$choice" != "2" ] && [ "$choice" != "3" ] 1163 | do 1164 | read -p "您的选择是:" choice 1165 | done 1166 | if [ $release == "ubuntu" ] || [ $choice -ne 1 ]; then 1167 | break 1168 | fi 1169 | echo 1170 | yellow " 更新系统仅支持Ubuntu!" 1171 | sleep 3s 1172 | done 1173 | if [ $choice -eq 1 ]; then 1174 | updateSystem 1175 | $debian_package_manager -y --purge autoremove 1176 | $debian_package_manager clean 1177 | elif [ $choice -eq 2 ]; then 1178 | tyblue "-----------------------即将开始更新-----------------------" 1179 | yellow " 更新过程中遇到问话/对话框,如果不明白,选择yes/y/第一个选项" 1180 | yellow " 按回车键继续。。。" 1181 | read -s 1182 | $debian_package_manager -y --purge autoremove 1183 | $debian_package_manager update 1184 | $debian_package_manager -y --purge autoremove 1185 | $debian_package_manager -y --auto-remove --purge --no-install-recommends full-upgrade 1186 | $debian_package_manager -y --purge autoremove 1187 | $debian_package_manager clean 1188 | $redhat_package_manager -y autoremove 1189 | $redhat_package_manager_enhanced upgrade 1190 | $redhat_package_manager -y autoremove 1191 | $redhat_package_manager clean all 1192 | fi 1193 | } 1194 | 1195 | #安装bbr 1196 | install_bbr() 1197 | { 1198 | #输出:latest_kernel_version 和 your_kernel_version 1199 | get_kernel_info() 1200 | { 1201 | green "正在获取最新版本内核版本号。。。。(60内秒未获取成功自动跳过)" 1202 | your_kernel_version="$(uname -r | cut -d - -f 1)" 1203 | while [ ${your_kernel_version##*.} -eq 0 ] 1204 | do 1205 | your_kernel_version=${your_kernel_version%.*} 1206 | done 1207 | if ! timeout 60 wget -q -O "temp_kernel_version" "https://kernel.ubuntu.com/~kernel-ppa/mainline/"; then 1208 | latest_kernel_version="error" 1209 | return 1 1210 | fi 1211 | local kernel_list=() 1212 | local kernel_list_temp 1213 | kernel_list_temp=($(awk -F'\"v' '/v[0-9]/{print $2}' "temp_kernel_version" | cut -d '"' -f1 | cut -d '/' -f1 | sort -rV)) 1214 | if [ ${#kernel_list_temp[@]} -le 1 ]; then 1215 | latest_kernel_version="error" 1216 | return 1 1217 | fi 1218 | local i2=0 1219 | local i3 1220 | local kernel_rc="" 1221 | local kernel_list_temp2 1222 | while ((i2<${#kernel_list_temp[@]})) 1223 | do 1224 | if [[ "${kernel_list_temp[$i2]}" =~ -rc(0|[1-9][0-9]*)$ ]] && [ "$kernel_rc" == "" ]; then 1225 | kernel_list_temp2=("${kernel_list_temp[$i2]}") 1226 | kernel_rc="${kernel_list_temp[$i2]%-*}" 1227 | ((i2++)) 1228 | elif [[ "${kernel_list_temp[$i2]}" =~ -rc(0|[1-9][0-9]*)$ ]] && [ "${kernel_list_temp[$i2]%-*}" == "$kernel_rc" ]; then 1229 | kernel_list_temp2+=("${kernel_list_temp[$i2]}") 1230 | ((i2++)) 1231 | elif [[ "${kernel_list_temp[$i2]}" =~ -rc(0|[1-9][0-9]*)$ ]] && [ "${kernel_list_temp[$i2]%-*}" != "$kernel_rc" ]; then 1232 | for((i3=0;i3<${#kernel_list_temp2[@]};i3++)) 1233 | do 1234 | kernel_list+=("${kernel_list_temp2[$i3]}") 1235 | done 1236 | kernel_rc="" 1237 | elif [ -z "$kernel_rc" ] || version_ge "${kernel_list_temp[$i2]}" "$kernel_rc"; then 1238 | kernel_list+=("${kernel_list_temp[$i2]}") 1239 | ((i2++)) 1240 | else 1241 | for((i3=0;i3<${#kernel_list_temp2[@]};i3++)) 1242 | do 1243 | kernel_list+=("${kernel_list_temp2[$i3]}") 1244 | done 1245 | kernel_rc="" 1246 | fi 1247 | done 1248 | if [ -n "$kernel_rc" ]; then 1249 | for((i3=0;i3<${#kernel_list_temp2[@]};i3++)) 1250 | do 1251 | kernel_list+=("${kernel_list_temp2[$i3]}") 1252 | done 1253 | fi 1254 | latest_kernel_version="${kernel_list[0]}" 1255 | if [ $release == "ubuntu" ] || [ $release == "debian" ] || [ $release == "deepin" ] || [ $release == "other-debian" ]; then 1256 | local rc_version 1257 | rc_version="$(uname -r | cut -d - -f 2)" 1258 | if [[ $rc_version =~ rc ]]; then 1259 | rc_version="${rc_version##*'rc'}" 1260 | your_kernel_version="${your_kernel_version}-rc${rc_version}" 1261 | fi 1262 | uname -r | grep -q xanmod && your_kernel_version="${your_kernel_version}-xanmod" 1263 | else 1264 | latest_kernel_version="${latest_kernel_version%%-*}" 1265 | fi 1266 | } 1267 | #卸载多余内核 1268 | remove_other_kernel() 1269 | { 1270 | local exit_code=1 1271 | if [ $release == "ubuntu" ] || [ $release == "debian" ] || [ $release == "deepin" ] || [ $release == "other-debian" ]; then 1272 | dpkg --list > "temp_installed_list" 1273 | local kernel_list_image 1274 | kernel_list_image=($(awk '{print $2}' "temp_installed_list" | grep '^linux-image')) 1275 | local kernel_list_modules 1276 | kernel_list_modules=($(awk '{print $2}' "temp_installed_list" | grep '^linux-modules')) 1277 | local kernel_now 1278 | kernel_now="$(uname -r)" 1279 | local ok_install=0 1280 | for ((i=${#kernel_list_image[@]}-1;i>=0;i--)) 1281 | do 1282 | if [[ "${kernel_list_image[$i]}" =~ "$kernel_now" ]]; then 1283 | unset 'kernel_list_image[$i]' 1284 | ((ok_install++)) 1285 | fi 1286 | done 1287 | if [ $ok_install -lt 1 ]; then 1288 | red "未发现正在使用的内核,可能已经被卸载,请先重新启动" 1289 | yellow "按回车键继续。。。" 1290 | read -s 1291 | return 1 1292 | fi 1293 | for ((i=${#kernel_list_modules[@]}-1;i>=0;i--)) 1294 | do 1295 | if [[ "${kernel_list_modules[$i]}" =~ "$kernel_now" ]]; then 1296 | unset 'kernel_list_modules[$i]' 1297 | fi 1298 | done 1299 | if [ ${#kernel_list_modules[@]} -eq 0 ] && [ ${#kernel_list_image[@]} -eq 0 ]; then 1300 | yellow "没有内核可卸载" 1301 | return 0 1302 | fi 1303 | $debian_package_manager -y purge "${kernel_list_image[@]}" "${kernel_list_modules[@]}" && exit_code=0 1304 | [ $exit_code -eq 1 ] && $debian_package_manager -y -f install 1305 | apt-mark manual "^grub" 1306 | else 1307 | rpm -qa > "temp_installed_list" 1308 | local kernel_list 1309 | kernel_list=($(grep -E '^kernel(|-ml|-lt)-[0-9]' "temp_installed_list")) 1310 | #local kernel_list_headers 1311 | #kernel_list_headers=($(grep -E '^kernel(|-ml|-lt)-headers' "temp_installed_list")) 1312 | local kernel_list_devel 1313 | kernel_list_devel=($(grep -E '^kernel(|-ml|-lt)-devel' "temp_installed_list")) 1314 | local kernel_list_modules 1315 | kernel_list_modules=($(grep -E '^kernel(|-ml|-lt)-modules' "temp_installed_list")) 1316 | local kernel_list_core 1317 | kernel_list_core=($(grep -E '^kernel(|-ml|-lt)-core' "temp_installed_list")) 1318 | local kernel_now 1319 | kernel_now="$(uname -r)" 1320 | local ok_install=0 1321 | for ((i=${#kernel_list[@]}-1;i>=0;i--)) 1322 | do 1323 | if [[ "${kernel_list[$i]}" =~ "$kernel_now" ]]; then 1324 | unset 'kernel_list[$i]' 1325 | ((ok_install++)) 1326 | fi 1327 | done 1328 | if [ $ok_install -lt 1 ]; then 1329 | red "未发现正在使用的内核,可能已经被卸载,请先重新启动" 1330 | yellow "按回车键继续。。。" 1331 | read -s 1332 | return 1 1333 | fi 1334 | #for ((i=${#kernel_list_headers[@]}-1;i>=0;i--)) 1335 | #do 1336 | # if [[ "${kernel_list_headers[$i]}" =~ "$kernel_now" ]]; then 1337 | # unset 'kernel_list_headers[$i]' 1338 | # fi 1339 | #done 1340 | for ((i=${#kernel_list_devel[@]}-1;i>=0;i--)) 1341 | do 1342 | if [[ "${kernel_list_devel[$i]}" =~ "$kernel_now" ]]; then 1343 | unset 'kernel_list_devel[$i]' 1344 | fi 1345 | done 1346 | for ((i=${#kernel_list_modules[@]}-1;i>=0;i--)) 1347 | do 1348 | if [[ "${kernel_list_modules[$i]}" =~ "$kernel_now" ]]; then 1349 | unset 'kernel_list_modules[$i]' 1350 | fi 1351 | done 1352 | for ((i=${#kernel_list_core[@]}-1;i>=0;i--)) 1353 | do 1354 | if [[ "${kernel_list_core[$i]}" =~ "$kernel_now" ]]; then 1355 | unset 'kernel_list_core[$i]' 1356 | fi 1357 | done 1358 | #if [ ${#kernel_list[@]} -eq 0 ] && [ ${#kernel_list_headers[@]} -eq 0 ] && [ ${#kernel_list_devel[@]} -eq 0 ] && [ ${#kernel_list_modules[@]} -eq 0 ] && [ ${#kernel_list_core[@]} -eq 0 ]; then 1359 | if [ ${#kernel_list[@]} -eq 0 ] && [ ${#kernel_list_devel[@]} -eq 0 ] && [ ${#kernel_list_modules[@]} -eq 0 ] && [ ${#kernel_list_core[@]} -eq 0 ]; then 1360 | yellow "没有内核可卸载" 1361 | return 0 1362 | fi 1363 | #$redhat_package_manager -y remove "${kernel_list[@]}" "${kernel_list_headers[@]}" "${kernel_list_modules[@]}" "${kernel_list_core[@]}" "${kernel_list_devel[@]}" && exit_code=0 1364 | $redhat_package_manager -y remove "${kernel_list[@]}" "${kernel_list_modules[@]}" "${kernel_list_core[@]}" "${kernel_list_devel[@]}" && exit_code=0 1365 | fi 1366 | if [ $exit_code -eq 0 ]; then 1367 | green "卸载成功" 1368 | else 1369 | red "卸载失败!" 1370 | yellow "按回车键继续或Ctrl+c退出" 1371 | read -s 1372 | return 1 1373 | fi 1374 | } 1375 | change_qdisc() 1376 | { 1377 | local list=('fq' 'fq_pie' 'cake' 'fq_codel') 1378 | tyblue "---------------请选择你要使用的队列算法---------------" 1379 | green " 1.fq" 1380 | green " 2.fq_pie" 1381 | tyblue " 3.cake" 1382 | tyblue " 4.fq_codel" 1383 | choice="" 1384 | while [[ ! "$choice" =~ ^([1-9][0-9]*)$ ]] || ((choice>4)) 1385 | do 1386 | read -p "您的选择是:" choice 1387 | done 1388 | local qdisc="${list[$((choice-1))]}" 1389 | local default_qdisc 1390 | default_qdisc="$(sysctl net.core.default_qdisc | cut -d = -f 2 | awk '{print $1}')" 1391 | sed -i '/^[ \t]*net.core.default_qdisc[ \t]*=/d' /etc/sysctl.conf 1392 | echo "net.core.default_qdisc = $qdisc" >> /etc/sysctl.conf 1393 | sysctl -p 1394 | sleep 1s 1395 | if [ "$(sysctl net.core.default_qdisc | cut -d = -f 2 | awk '{print $1}')" == "$qdisc" ]; then 1396 | green "更换成功!" 1397 | else 1398 | red "更换失败,内核不支持" 1399 | sed -i '/^[ \t]*net.core.default_qdisc[ \t]*=/d' /etc/sysctl.conf 1400 | echo "net.core.default_qdisc = $default_qdisc" >> /etc/sysctl.conf 1401 | return 1 1402 | fi 1403 | } 1404 | enable_ecn() 1405 | { 1406 | if [[ ! -f /sys/module/tcp_bbr2/parameters/ecn_enable ]] || [ "$(sysctl net.ipv4.tcp_congestion_control | cut -d = -f 2 | awk '{print $1}')" != "bbr2" ]; then 1407 | red "请先开启bbr2!" 1408 | return 1 1409 | fi 1410 | if [ "$(cat /sys/module/tcp_bbr2/parameters/ecn_enable)" == "Y" ] && [ "$(sysctl net.ipv4.tcp_ecn | cut -d = -f 2 | awk '{print $1}')" == "1" ]; then 1411 | green "bbr2_ECN 已启用!" 1412 | tyblue "重启系统bbr2_ECN将自动关闭" 1413 | return 0 1414 | fi 1415 | tyblue "提示:bbr2_ECN 会在系统重启后自动关闭" 1416 | tyblue " 若重启系统,可以 运行脚本 -> 安装/更新bbr -> 启用bbr2_ECN 来重新启用bbr2_ECN" 1417 | yellow "按回车键以继续。。。" 1418 | read -s 1419 | echo Y > /sys/module/tcp_bbr2/parameters/ecn_enable 1420 | sysctl net.ipv4.tcp_ecn=1 1421 | sleep 1s 1422 | if [ "$(cat /sys/module/tcp_bbr2/parameters/ecn_enable)" == "Y" ] && [ "$(sysctl net.ipv4.tcp_ecn | cut -d = -f 2 | awk '{print $1}')" == "1" ]; then 1423 | green "bbr2_ECN 已启用" 1424 | return 0 1425 | else 1426 | red "bbr2_ECN 启用失败" 1427 | return 1 1428 | fi 1429 | } 1430 | local your_kernel_version 1431 | local latest_kernel_version 1432 | get_kernel_info 1433 | if ! grep -q "#This file has been edited by Xray-TLS-Web-setup-script" /etc/sysctl.conf; then 1434 | echo >> /etc/sysctl.conf 1435 | echo "#This file has been edited by Xray-TLS-Web-setup-script" >> /etc/sysctl.conf 1436 | fi 1437 | while : 1438 | do 1439 | echo -e "\\n\\n\\n" 1440 | tyblue "------------------请选择要使用的bbr版本------------------" 1441 | green " 1. 安装/升级最新稳定版内核并启用bbr (推荐)" 1442 | green " 2. 安装/升级最新xanmod内核并启用bbr (推荐)" 1443 | green " 3. 安装/升级最新xanmod内核并启用bbr2 (推荐)" 1444 | tyblue " 4. 安装/升级最新版内核并启用bbr" 1445 | if version_ge $your_kernel_version 4.9; then 1446 | tyblue " 5. 启用bbr" 1447 | else 1448 | tyblue " 5. 升级内核启用bbr" 1449 | fi 1450 | tyblue " 6. 启用bbr2" 1451 | tyblue " 7. 安装第三方内核并启用bbrplus/bbr魔改版/暴力bbr魔改版/锐速" 1452 | tyblue " 8. 更换队列算法" 1453 | tyblue " 9. 开启/关闭bbr2_ECN" 1454 | tyblue " 10. 卸载多余内核" 1455 | tyblue " 0. 退出bbr安装" 1456 | tyblue "------------------关于安装bbr加速的说明------------------" 1457 | green " bbr拥塞算法可以大幅提升网络速度,建议启用" 1458 | yellow " 更换第三方内核可能造成系统不稳定,甚至无法开机" 1459 | tyblue "---------------------------------------------------------" 1460 | tyblue " 当前内核版本:${your_kernel_version}" 1461 | tyblue " 最新内核版本:${latest_kernel_version}" 1462 | tyblue " 当前内核是否支持bbr:" 1463 | if version_ge $your_kernel_version 4.9; then 1464 | green " 是" 1465 | else 1466 | red " 否,需升级内核" 1467 | fi 1468 | tyblue " 当前拥塞控制算法:" 1469 | local tcp_congestion_control 1470 | tcp_congestion_control=$(sysctl net.ipv4.tcp_congestion_control | cut -d = -f 2 | awk '{print $1}') 1471 | if [[ "$tcp_congestion_control" =~ bbr|nanqinlang|tsunami ]]; then 1472 | if [ $tcp_congestion_control == nanqinlang ]; then 1473 | tcp_congestion_control="${tcp_congestion_control} \\033[35m(暴力bbr魔改版)" 1474 | elif [ $tcp_congestion_control == tsunami ]; then 1475 | tcp_congestion_control="${tcp_congestion_control} \\033[35m(bbr魔改版)" 1476 | fi 1477 | green " ${tcp_congestion_control}" 1478 | else 1479 | tyblue " ${tcp_congestion_control} \\033[31m(bbr未启用)" 1480 | fi 1481 | tyblue " 当前队列算法:" 1482 | green " $(sysctl net.core.default_qdisc | cut -d = -f 2 | awk '{print $1}')" 1483 | tyblue " 当前bbr2_ECN:" 1484 | if [ "$(cat /sys/module/tcp_bbr2/parameters/ecn_enable 2>/dev/null)" == "Y" ] && [ "$(sysctl net.ipv4.tcp_ecn | cut -d = -f 2 | awk '{print $1}')" == "1" ]; then 1485 | green " 已启用" 1486 | else 1487 | blue " 未启用" 1488 | fi 1489 | echo 1490 | local choice="" 1491 | while [[ ! "$choice" =~ ^(0|[1-9][0-9]*)$ ]] || ((choice>10)) 1492 | do 1493 | read -p "您的选择是:" choice 1494 | done 1495 | if (( 1<=choice&&choice<=4 )); then 1496 | if (( choice==1 || choice==4 )) && ([ $release == "ubuntu" ] || [ $release == "debian" ] || [ $release == "deepin" ] || [ $release == "other-debian" ]) && ! dpkg-deb --help | grep -qw "zstd"; then 1497 | red "当前系统dpkg不支持解压zst包,不支持安装此内核!" 1498 | green "请更新系统,或选择使用其他系统,或选择安装xanmod内核" 1499 | elif (( choice==2 || choice==3 )) && ([ $release == "centos" ] || [ $release == centos-stream ] || [ $release == oracle ] || [ $release == "rhel" ] || [ $release == "fedora" ] || [ $release == "other-redhat" ]); then 1500 | red "xanmod内核仅支持Debian系的系统,如Ubuntu、Debian、deepin、UOS" 1501 | else 1502 | if (( choice==1 || choice==4 )) && ([ $release == "ubuntu" ] || [ $release == "debian" ] || [ $release == "deepin" ] || [ $release == "other-debian" ]); then 1503 | check_important_dependence_installed "linux-base" "" 1504 | if ! version_ge "$(dpkg --list | grep '^[ '$'\t]*ii[ '$'\t][ '$'\t]*linux-base[ '$'\t]' | awk '{print $3}')" "4.5ubuntu1~16.04.1"; then 1505 | install_dependence linux-base 1506 | if ! version_ge "$(dpkg --list | grep '^[ '$'\t]*ii[ '$'\t][ '$'\t]*linux-base[ '$'\t]' | awk '{print $3}')" "4.5ubuntu1~16.04.1"; then 1507 | if ! $debian_package_manager update; then 1508 | red "$debian_package_manager update出错" 1509 | green "欢迎进行Bug report(https://github.com/kirin10000/Xray-script/issues),感谢您的支持" 1510 | yellow "按回车键继续或者Ctrl+c退出" 1511 | read -s 1512 | fi 1513 | install_dependence linux-base 1514 | fi 1515 | fi 1516 | fi 1517 | if (( choice==1 || choice==4 )) && ([ $release == "ubuntu" ] || [ $release == "debian" ] || [ $release == "deepin" ] || [ $release == "other-debian" ]) && ! version_ge "$(dpkg --list | grep '^[ '$'\t]*ii[ '$'\t][ '$'\t]*linux-base[ '$'\t]' | awk '{print $3}')" "4.5ubuntu1~16.04.1"; then 1518 | red "当前系统版本过低,不支持安装此内核!" 1519 | green "请使用新系统或选择安装xanmod内核" 1520 | else 1521 | if [ $choice -eq 3 ]; then 1522 | local temp_bbr=bbr2 1523 | else 1524 | local temp_bbr=bbr 1525 | fi 1526 | if ! ([ "$(sysctl net.ipv4.tcp_congestion_control | cut -d = -f 2 | awk '{print $1}')" == "$temp_bbr" ] && [ "$(grep '^[ '$'\t]*net.ipv4.tcp_congestion_control[ '$'\t]*=' "/etc/sysctl.conf" | tail -n 1 | cut -d = -f 2 | awk '{print $1}')" == "$temp_bbr" ] && [ "$(sysctl net.core.default_qdisc | cut -d = -f 2 | awk '{print $1}')" == "$(grep '^[ '$'\t]*net.core.default_qdisc[ '$'\t]*=' "/etc/sysctl.conf" | tail -n 1 | cut -d = -f 2 | awk '{print $1}')" ]); then 1527 | sed -i '/^[ \t]*net.core.default_qdisc[ \t]*=/d' /etc/sysctl.conf 1528 | sed -i '/^[ \t]*net.ipv4.tcp_congestion_control[ \t]*=/d' /etc/sysctl.conf 1529 | echo 'net.core.default_qdisc = fq' >> /etc/sysctl.conf 1530 | echo "net.ipv4.tcp_congestion_control = $temp_bbr" >> /etc/sysctl.conf 1531 | sysctl -p 1532 | fi 1533 | if [ $in_install_update_xray_tls_web -eq 1 ]; then 1534 | echo 1535 | tyblue "提示:" 1536 | yellow " 更换内核后服务器将重启,重启后,请再次运行脚本完成 Xray-TLS+Web 剩余部分的安装/升级" 1537 | yellow " 再次运行脚本时,重复之前选过的选项即可" 1538 | echo 1539 | sleep 2s 1540 | yellow "按回车键以继续。。。" 1541 | read -s 1542 | fi 1543 | local temp_kernel_sh_url 1544 | if [ $choice -eq 1 ]; then 1545 | temp_kernel_sh_url="https://github.com/kirin10000/update-kernel/raw/master/update-kernel-stable.sh" 1546 | elif [ $choice -eq 4 ]; then 1547 | temp_kernel_sh_url="https://github.com/kirin10000/update-kernel/raw/master/update-kernel.sh" 1548 | else 1549 | temp_kernel_sh_url="https://github.com/kirin10000/xanmod-install/raw/main/xanmod-install.sh" 1550 | fi 1551 | if ! wget -O kernel.sh "$temp_kernel_sh_url"; then 1552 | red "获取内核安装脚本失败" 1553 | yellow "按回车键继续或者按Ctrl+c终止" 1554 | read -s 1555 | fi 1556 | chmod +x kernel.sh 1557 | ./kernel.sh 1558 | if [ "$(sysctl net.ipv4.tcp_congestion_control | cut -d = -f 2 | awk '{print $1}')" == "$temp_bbr" ] && [ "$(sysctl net.core.default_qdisc | cut -d = -f 2 | awk '{print $1}')" == "$(grep '^[ '$'\t]*net.core.default_qdisc[ '$'\t]*=' "/etc/sysctl.conf" | tail -n 1 | cut -d = -f 2 | awk '{print $1}')" ]; then 1559 | green "--------------------$temp_bbr已安装--------------------" 1560 | else 1561 | red "开启$temp_bbr失败" 1562 | red "如果刚安装完内核,请先重启" 1563 | red "如果重启仍然无效,请尝试选项3" 1564 | fi 1565 | fi 1566 | fi 1567 | elif [ $choice -eq 5 ]; then 1568 | if [ "$(sysctl net.ipv4.tcp_congestion_control | cut -d = -f 2 | awk '{print $1}')" == "bbr" ] && [ "$(grep '^[ '$'\t]*net.ipv4.tcp_congestion_control[ '$'\t]*=' "/etc/sysctl.conf" | tail -n 1 | cut -d = -f 2 | awk '{print $1}')" == "bbr" ] && [ "$(sysctl net.core.default_qdisc | cut -d = -f 2 | awk '{print $1}')" == "$(grep '^[ '$'\t]*net.core.default_qdisc[ '$'\t]*=' "/etc/sysctl.conf" | tail -n 1 | cut -d = -f 2 | awk '{print $1}')" ]; then 1569 | green "--------------------bbr已安装--------------------" 1570 | else 1571 | sed -i '/^[ \t]*net.core.default_qdisc[ \t]*=/d' /etc/sysctl.conf 1572 | sed -i '/^[ \t]*net.ipv4.tcp_congestion_control[ \t]*=/d' /etc/sysctl.conf 1573 | echo 'net.core.default_qdisc = fq' >> /etc/sysctl.conf 1574 | echo 'net.ipv4.tcp_congestion_control = bbr' >> /etc/sysctl.conf 1575 | sysctl -p 1576 | sleep 1s 1577 | if [ "$(sysctl net.ipv4.tcp_congestion_control | cut -d = -f 2 | awk '{print $1}')" == "bbr" ] && [ "$(sysctl net.core.default_qdisc | cut -d = -f 2 | awk '{print $1}')" == "fq" ]; then 1578 | green "--------------------bbr已安装--------------------" 1579 | else 1580 | if [ $in_install_update_xray_tls_web -eq 1 ]; then 1581 | echo 1582 | tyblue "提示:开启bbr需要更换内核" 1583 | yellow " 更换内核后服务器将重启,重启后,请再次运行脚本完成 Xray-TLS+Web 剩余部分的安装/升级" 1584 | yellow " 再次运行脚本时,重复之前选过的选项即可" 1585 | echo 1586 | sleep 2s 1587 | yellow "按回车键以继续。。。" 1588 | read -s 1589 | fi 1590 | if ! wget -O bbr.sh https://github.com/teddysun/across/raw/master/bbr.sh; then 1591 | red "获取bbr脚本失败" 1592 | yellow "按回车键继续或者按Ctrl+c终止" 1593 | read -s 1594 | fi 1595 | chmod +x bbr.sh 1596 | ./bbr.sh 1597 | fi 1598 | fi 1599 | elif [ $choice -eq 6 ]; then 1600 | if [ "$(sysctl net.ipv4.tcp_congestion_control | cut -d = -f 2 | awk '{print $1}')" == "bbr2" ] && [ "$(grep '^[ '$'\t]*net.ipv4.tcp_congestion_control[ '$'\t]*=' "/etc/sysctl.conf" | tail -n 1 | cut -d = -f 2 | awk '{print $1}')" == "bbr2" ] && [ "$(sysctl net.core.default_qdisc | cut -d = -f 2 | awk '{print $1}')" == "$(grep '^[ '$'\t]*net.core.default_qdisc[ '$'\t]*=' "/etc/sysctl.conf" | tail -n 1 | cut -d = -f 2 | awk '{print $1}')" ]; then 1601 | green "--------------------bbr2已安装--------------------" 1602 | else 1603 | sed -i '/^[ \t]*net.core.default_qdisc[ \t]*=/d' /etc/sysctl.conf 1604 | sed -i '/^[ \t]*net.ipv4.tcp_congestion_control[ \t]*=/d' /etc/sysctl.conf 1605 | echo 'net.core.default_qdisc = fq' >> /etc/sysctl.conf 1606 | echo 'net.ipv4.tcp_congestion_control = bbr2' >> /etc/sysctl.conf 1607 | sysctl -p 1608 | sleep 1s 1609 | if [ "$(sysctl net.ipv4.tcp_congestion_control | cut -d = -f 2 | awk '{print $1}')" == "bbr2" ] && [ "$(sysctl net.core.default_qdisc | cut -d = -f 2 | awk '{print $1}')" == "fq" ]; then 1610 | green "--------------------bbr2已安装--------------------" 1611 | else 1612 | red "启用bbr2失败" 1613 | yellow "可能是内核不支持" 1614 | fi 1615 | fi 1616 | elif [ $choice -eq 7 ]; then 1617 | tyblue "提示:安装bbrplus/bbr魔改版/暴力bbr魔改版/锐速内核需要重启" 1618 | if [ $in_install_update_xray_tls_web -eq 1 ]; then 1619 | yellow " 重启后,请:" 1620 | yellow " 1. 再次运行脚本,重复之前选过的选项" 1621 | yellow " 2. 到这一步时,再次选择这个选项完成 bbrplus/bbr魔改版/暴力bbr魔改版/锐速 剩余部分的安装" 1622 | yellow " 3. 选择 \"退出bbr安装\" 选项完成 Xray-TLS+Web 剩余部分的安装/升级" 1623 | else 1624 | yellow " 重启后,请再次运行脚本并选择这个选项完成 bbrplus/bbr魔改版/暴力bbr魔改版/锐速 剩余部分的安装" 1625 | fi 1626 | sleep 2s 1627 | yellow " 按回车键以继续。。。。" 1628 | read -s 1629 | if ! wget -O tcp.sh "https://raw.githubusercontent.com/chiakge/Linux-NetSpeed/master/tcp.sh"; then 1630 | red "获取脚本失败" 1631 | yellow "按回车键继续或者按Ctrl+c终止" 1632 | read -s 1633 | fi 1634 | chmod +x tcp.sh 1635 | ./tcp.sh 1636 | elif [ $choice -eq 8 ]; then 1637 | change_qdisc 1638 | elif [ $choice -eq 9 ]; then 1639 | enable_ecn 1640 | elif [ $choice -eq 10 ]; then 1641 | tyblue " 该操作将会卸载除现在正在使用的内核外的其余内核" 1642 | tyblue " 您正在使用的内核是:$(uname -r)" 1643 | ask_if "是否继续?(y/n)" && remove_other_kernel 1644 | else 1645 | break 1646 | fi 1647 | sleep 3s 1648 | done 1649 | } 1650 | 1651 | #读取xray_protocol配置 1652 | readProtocolConfig() 1653 | { 1654 | echo -e "\\n\\n\\n" 1655 | tyblue "---------------------请选择传输层协议---------------------" 1656 | tyblue " 1. TCP" 1657 | tyblue " 2. gRPC" 1658 | tyblue " 3. WebSocket" 1659 | tyblue " 4. TCP + gRPC" 1660 | tyblue " 5. TCP + WebSocket" 1661 | tyblue " 6. gRPC + WebSocket" 1662 | tyblue " 7. TCP + gRPC + WebSocket" 1663 | yellow " 0. 无 (仅提供Web服务)" 1664 | echo 1665 | blue " 注:" 1666 | blue " 1. 不知道什么是CDN或不使用CDN,请选择TCP" 1667 | blue " 2. gRPC和WebSocket支持通过CDN,关于两者的区别,详见:https://github.com/kirin10000/Xray-script#关于grpc与websocket" 1668 | blue " 3. 只有TCP能使用XTLS,且XTLS完全兼容TLS" 1669 | blue " 4. 能使用TCP传输的只有VLESS" 1670 | echo 1671 | local choice="" 1672 | while [[ ! "$choice" =~ ^(0|[1-9][0-9]*)$ ]] || ((choice>7)) 1673 | do 1674 | read -p "您的选择是:" choice 1675 | done 1676 | if [ $choice -eq 1 ] || [ $choice -eq 4 ] || [ $choice -eq 5 ] || [ $choice -eq 7 ]; then 1677 | protocol_1=1 1678 | else 1679 | protocol_1=0 1680 | fi 1681 | if [ $choice -eq 2 ] || [ $choice -eq 4 ] || [ $choice -eq 6 ] || [ $choice -eq 7 ]; then 1682 | protocol_2=1 1683 | else 1684 | protocol_2=0 1685 | fi 1686 | if [ $choice -eq 3 ] || [ $choice -eq 5 ] || [ $choice -eq 6 ] || [ $choice -eq 7 ]; then 1687 | protocol_3=1 1688 | else 1689 | protocol_3=0 1690 | fi 1691 | if [ $protocol_2 -eq 1 ]; then 1692 | tyblue "-------------- 请选择使用gRPC传输的会话层协议 --------------" 1693 | tyblue " 1. VMess" 1694 | tyblue " 2. VLESS" 1695 | echo 1696 | yellow " 注:使用VMess的好处是可以对CDN加密,若使用VLESS,CDN提供商可获取传输明文" 1697 | echo 1698 | choice="" 1699 | while [[ ! "$choice" =~ ^([1-9][0-9]*)$ ]] || ((choice>2)) 1700 | do 1701 | read -p "您的选择是:" choice 1702 | done 1703 | [ $choice -eq 1 ] && protocol_2=2 1704 | fi 1705 | if [ $protocol_3 -eq 1 ]; then 1706 | tyblue "-------------- 请选择使用WebSocket传输的会话层协议 --------------" 1707 | tyblue " 1. VMess" 1708 | tyblue " 2. VLESS" 1709 | echo 1710 | yellow " 注:使用VMess的好处是可以对CDN加密,若使用VLESS,CDN提供商可获取传输明文" 1711 | echo 1712 | choice="" 1713 | while [[ ! "$choice" =~ ^([1-9][0-9]*)$ ]] || ((choice>2)) 1714 | do 1715 | read -p "您的选择是:" choice 1716 | done 1717 | [ $choice -eq 1 ] && protocol_3=2 1718 | fi 1719 | } 1720 | 1721 | #读取伪装类型 输入domain 输出pretend 1722 | readPretend() 1723 | { 1724 | local queren=0 1725 | while [ $queren -ne 1 ] 1726 | do 1727 | echo -e "\\n\\n\\n" 1728 | tyblue "------------------------------请选择伪装网站页面------------------------------" 1729 | green " 1. Cloudreve (推荐)" 1730 | purple " 个人网盘" 1731 | green " 2. Nextcloud (推荐)" 1732 | purple " 个人网盘,需安装php" 1733 | tyblue " 3. 403页面" 1734 | purple " 模拟网站后台" 1735 | red " 4. 自定义PHP动态网站 (不推荐)" 1736 | red " 5. 自定义反向代理网页 (不推荐)" 1737 | echo 1738 | green " 内存<128MB 建议选择 403页面" 1739 | green " 128MB<=内存<1G 建议选择 Cloudreve" 1740 | green " 内存>=1G 建议选择 Nextcloud 或 Cloudreve" 1741 | echo 1742 | yellow " 关于选择伪装网站的详细说明见:https://github.com/kirin10000/Xray-script#伪装网站说明" 1743 | echo 1744 | pretend="" 1745 | while [[ "$pretend" != "1" && "$pretend" != "2" && "$pretend" != "3" && "$pretend" != "4" && "$pretend" != "5" ]] 1746 | do 1747 | read -p "您的选择是:" pretend 1748 | done 1749 | queren=1 1750 | if [ $pretend -eq 1 ]; then 1751 | if [ -z "$machine" ]; then 1752 | red "您的VPS指令集不支持Cloudreve!" 1753 | yellow "Cloudreve仅支持x86_64、arm64和arm指令集" 1754 | sleep 3s 1755 | queren=0 1756 | fi 1757 | elif [ $pretend -eq 2 ]; then 1758 | if (([ $release == "centos" ] || [ $release == centos-stream ] || [ $release == oracle ]) && ! version_ge "$systemVersion" "8" ) || ([ $release == "rhel" ] && ! version_ge "$systemVersion" "8") || ([ $release == "fedora" ] && ! version_ge "$systemVersion" "30") || ([ $release == "ubuntu" ] && ! version_ge "$systemVersion" "20.04") || ([ $release == "debian" ] && ! version_ge "$systemVersion" "11"); then 1759 | red "系统版本过低,无法安装php!" 1760 | echo 1761 | tyblue "安装Nextcloud需要安装php" 1762 | yellow "仅支持在以下版本系统下安装php:" 1763 | yellow " 1. Ubuntu 20.04+" 1764 | yellow " 2. Debian 11+" 1765 | yellow " 3. 其他以 Debian 11+ 为基的系统" 1766 | yellow " 4. Red Hat Enterprise Linux 8+" 1767 | yellow " 5. CentOS 8+" 1768 | yellow " 6. Fedora 30+" 1769 | yellow " 7. Oracle Linux 8+" 1770 | yellow " 8. 其他以 Red Hat 8+ 为基的系统" 1771 | sleep 3s 1772 | queren=0 1773 | continue 1774 | elif [ $release == "other-debian" ] || [ $release == "other-redhat" ]; then 1775 | yellow "未知的系统,可能导致php安装失败!" 1776 | echo 1777 | tyblue "安装Nextcloud需要安装php" 1778 | yellow "仅支持在以下版本系统下安装php:" 1779 | yellow " 1. Ubuntu 20.04+" 1780 | yellow " 2. Debian 11+" 1781 | yellow " 3. 其他以 Debian 11+ 为基的系统" 1782 | yellow " 4. Red Hat Enterprise Linux 8+" 1783 | yellow " 5. CentOS 8+" 1784 | yellow " 6. Fedora 30+" 1785 | yellow " 7. Oracle Linux 8+" 1786 | yellow " 8. 其他以 Red Hat 8+ 为基的系统" 1787 | ! ask_if "确定选择吗?(y/n)" && queren=0 && continue 1788 | elif [ $release == "deepin" ]; then 1789 | red "php暂不支持deepin,请更换其他系统" 1790 | sleep 3s 1791 | queren=0 1792 | continue 1793 | fi 1794 | if [ $php_is_installed -eq 0 ]; then 1795 | tyblue "安装Nextcloud需要安装php" 1796 | yellow "编译&&安装php可能需要额外消耗15-60分钟" 1797 | yellow "php将占用一定系统资源,不建议内存<512M的机器使用" 1798 | ! ask_if "确定选择吗?(y/n)" && queren=0 1799 | fi 1800 | elif [ $pretend -eq 4 ]; then 1801 | tyblue "安装完成后请在 \"${nginx_prefix}/html/$1\" 放置您的网站源代码" 1802 | ! ask_if "确认并继续?(y/n)" && queren=0 1803 | elif [ $pretend -eq 5 ]; then 1804 | yellow "输入反向代理网址,格式如:\"https://v.qq.com\"" 1805 | pretend="" 1806 | while [ -z "$pretend" ] 1807 | do 1808 | read -p "请输入反向代理网址:" pretend 1809 | done 1810 | fi 1811 | done 1812 | } 1813 | readDomain() 1814 | { 1815 | check_domain() 1816 | { 1817 | if [ -z "$1" ]; then 1818 | return 1 1819 | elif [ "${1%%.*}" == "www" ]; then 1820 | red "域名前面不要带www!" 1821 | return 1 1822 | elif [ "$(echo -n "$1" | wc -c)" -gt 42 ]; then 1823 | red "域名过长!" 1824 | return 1 1825 | else 1826 | return 0 1827 | fi 1828 | } 1829 | local domain 1830 | local domain_config="" 1831 | local pretend 1832 | echo -e "\\n\\n\\n" 1833 | tyblue "--------------------请选择域名解析情况--------------------" 1834 | tyblue " 1. 主域名 和 www.主域名 都解析到此服务器上 \\033[32m(推荐)" 1835 | green " 如:123.com 和 www.123.com 都解析到此服务器上" 1836 | tyblue " 2. 仅某个特定域名解析到此服务器上" 1837 | green " 如:123.com 或 www.123.com 或 xxx.123.com 中的一个解析到此服务器上" 1838 | echo 1839 | while [ "$domain_config" != "1" ] && [ "$domain_config" != "2" ] 1840 | do 1841 | read -p "您的选择是:" domain_config 1842 | done 1843 | local queren=0 1844 | while [ $queren -ne 1 ] 1845 | do 1846 | domain="" 1847 | echo 1848 | if [ $domain_config -eq 1 ]; then 1849 | tyblue '---------请输入主域名(前面不带"www."、"http://"或"https://")---------' 1850 | while ! check_domain "$domain" 1851 | do 1852 | read -p "请输入域名:" domain 1853 | done 1854 | else 1855 | tyblue '-------请输入解析到此服务器的域名(前面不带"http://"或"https://")-------' 1856 | while [ -z "$domain" ] 1857 | do 1858 | read -p "请输入域名:" domain 1859 | if [ "$(echo -n "$domain" | wc -c)" -gt 46 ]; then 1860 | red "域名过长!" 1861 | domain="" 1862 | fi 1863 | done 1864 | fi 1865 | echo 1866 | ask_if "您输入的域名是\"$domain\",确认吗?(y/n)" && queren=1 1867 | done 1868 | readPretend "$domain" 1869 | true_domain_list+=("$domain") 1870 | [ $domain_config -eq 1 ] && domain_list+=("www.$domain") || domain_list+=("$domain") 1871 | domain_config_list+=("$domain_config") 1872 | pretend_list+=("$pretend") 1873 | } 1874 | 1875 | install_nginx_compile_toolchains() 1876 | { 1877 | green "正在安装Nginx编译工具链。。。" 1878 | if [ $release == "centos" ] || [ $release == centos-stream ] || [ $release == oracle ] || [ $release == "rhel" ] || [ $release == "fedora" ] || [ $release == "other-redhat" ]; then 1879 | install_dependence ca-certificates wget gcc gcc-c++ make perl-IPC-Cmd perl-Getopt-Long perl-Data-Dumper 1880 | if ! perl -e "use FindBin" > /dev/null 2>&1; then 1881 | install_dependence perl-FindBin 1882 | fi 1883 | else 1884 | install_dependence ca-certificates wget gcc g++ make perl-base perl 1885 | fi 1886 | } 1887 | install_php_compile_toolchains() 1888 | { 1889 | green "正在安装php编译工具链。。。" 1890 | if [ $release == "centos" ] || [ $release == centos-stream ] || [ $release == oracle ] || [ $release == "rhel" ] || [ $release == "fedora" ] || [ $release == "other-redhat" ]; then 1891 | install_dependence ca-certificates wget xz gcc gcc-c++ make pkgconf-pkg-config autoconf git 1892 | else 1893 | install_dependence ca-certificates wget xz-utils gcc g++ make pkg-config autoconf git 1894 | fi 1895 | } 1896 | install_nginx_dependence() 1897 | { 1898 | green "正在安装Nginx依赖。。。" 1899 | if [ $release == "centos" ] || [ $release == centos-stream ] || [ $release == oracle ] || [ $release == "rhel" ] || [ $release == "fedora" ] || [ $release == "other-redhat" ]; then 1900 | install_dependence pcre2-devel zlib-devel libxml2-devel libxslt-devel gd-devel geoip-devel perl-ExtUtils-Embed gperftools-devel perl-devel 1901 | else 1902 | install_dependence libpcre2-dev zlib1g-dev libxml2-dev libxslt1-dev libgd-dev libgeoip-dev libgoogle-perftools-dev libperl-dev 1903 | fi 1904 | } 1905 | install_php_dependence() 1906 | { 1907 | green "正在安装php依赖。。。" 1908 | if [ $release == "centos" ] || [ $release == centos-stream ] || [ $release == oracle ] || [ $release == "rhel" ] || [ $release == "fedora" ] || [ $release == "other-redhat" ]; then 1909 | fedora_install_remi 1910 | install_dependence libxml2-devel sqlite-devel systemd-devel libacl-devel openssl-devel krb5-devel pcre2-devel zlib-devel bzip2-devel libcurl-devel gdbm-devel libdb-devel tokyocabinet-devel lmdb-devel enchant-devel libffi-devel libpng-devel gd-devel libwebp-devel libjpeg-turbo-devel libXpm-devel freetype-devel gmp-devel uw-imap-devel libicu-devel openldap-devel oniguruma-devel unixODBC-devel freetds-devel libpq-devel aspell-devel libedit-devel net-snmp-devel libsodium-devel libargon2-devel libtidy-devel libxslt-devel libzip-devel ImageMagick-devel 1911 | else 1912 | if ! $debian_package_manager -y --no-install-recommends install libxml2-dev libsqlite3-dev libsystemd-dev libacl1-dev libapparmor-dev libssl-dev libkrb5-dev libpcre2-dev zlib1g-dev libbz2-dev libcurl4-openssl-dev libqdbm-dev libdb-dev libtokyocabinet-dev liblmdb-dev libenchant-2-dev libffi-dev libpng-dev libgd-dev libwebp-dev libjpeg-dev libxpm-dev libfreetype6-dev libgmp-dev libc-client2007e-dev libicu-dev libldap2-dev libsasl2-dev libonig-dev unixodbc-dev freetds-dev libpq-dev libpspell-dev libedit-dev libmm-dev libsnmp-dev libsodium-dev libargon2-dev libtidy-dev libxslt1-dev libzip-dev libmagickwand-dev && ! $debian_package_manager -y --no-install-recommends install libxml2-dev libsqlite3-dev libsystemd-dev libacl1-dev libapparmor-dev libssl-dev libkrb5-dev libpcre2-dev zlib1g-dev libbz2-dev libcurl4-openssl-dev libqdbm-dev libdb-dev libtokyocabinet-dev liblmdb-dev libenchant-dev libffi-dev libpng-dev libgd-dev libwebp-dev libjpeg-dev libxpm-dev libfreetype6-dev libgmp-dev libc-client2007e-dev libicu-dev libldap2-dev libsasl2-dev libonig-dev unixodbc-dev freetds-dev libpq-dev libpspell-dev libedit-dev libmm-dev libsnmp-dev libsodium-dev libargon2-dev libtidy-dev libxslt1-dev libzip-dev libmagickwand-dev; then 1913 | $debian_package_manager update 1914 | $debian_package_manager -y -f install 1915 | if ! $debian_package_manager -y --no-install-recommends install libxml2-dev libsqlite3-dev libsystemd-dev libacl1-dev libapparmor-dev libssl-dev libkrb5-dev libpcre2-dev zlib1g-dev libbz2-dev libcurl4-openssl-dev libqdbm-dev libdb-dev libtokyocabinet-dev liblmdb-dev libenchant-2-dev libffi-dev libpng-dev libgd-dev libwebp-dev libjpeg-dev libxpm-dev libfreetype6-dev libgmp-dev libc-client2007e-dev libicu-dev libldap2-dev libsasl2-dev libonig-dev unixodbc-dev freetds-dev libpq-dev libpspell-dev libedit-dev libmm-dev libsnmp-dev libsodium-dev libargon2-dev libtidy-dev libxslt1-dev libzip-dev libmagickwand-dev && ! $debian_package_manager -y --no-install-recommends install libxml2-dev libsqlite3-dev libsystemd-dev libacl1-dev libapparmor-dev libssl-dev libkrb5-dev libpcre2-dev zlib1g-dev libbz2-dev libcurl4-openssl-dev libqdbm-dev libdb-dev libtokyocabinet-dev liblmdb-dev libenchant-dev libffi-dev libpng-dev libgd-dev libwebp-dev libjpeg-dev libxpm-dev libfreetype6-dev libgmp-dev libc-client2007e-dev libicu-dev libldap2-dev libsasl2-dev libonig-dev unixodbc-dev freetds-dev libpq-dev libpspell-dev libedit-dev libmm-dev libsnmp-dev libsodium-dev libargon2-dev libtidy-dev libxslt1-dev libzip-dev libmagickwand-dev; then 1916 | yellow "依赖安装失败!!" 1917 | green "欢迎进行Bug report(https://github.com/kirin10000/Xray-script/issues),感谢您的支持" 1918 | yellow "按回车键继续或者Ctrl+c退出" 1919 | read -s 1920 | fi 1921 | fi 1922 | fi 1923 | } 1924 | install_acme_dependence() 1925 | { 1926 | green "正在安装acme.sh依赖。。。" 1927 | if [ $release == "centos" ] || [ $release == centos-stream ] || [ $release == oracle ] || [ $release == "rhel" ] || [ $release == "fedora" ] || [ $release == "other-redhat" ]; then 1928 | install_dependence curl openssl crontabs 1929 | else 1930 | install_dependence curl openssl cron 1931 | fi 1932 | } 1933 | install_web_dependence() 1934 | { 1935 | green "正在安装伪装网站依赖。。。" 1936 | if [ "$1" == "" ]; then 1937 | for i in "${pretend_list[@]}" 1938 | do 1939 | if [ "$i" == "1" ]; then 1940 | install_dependence ca-certificates wget 1941 | break 1942 | fi 1943 | done 1944 | for i in "${pretend_list[@]}" 1945 | do 1946 | if [ "$i" == "2" ]; then 1947 | install_dependence ca-certificates wget unzip 1948 | break 1949 | fi 1950 | done 1951 | else 1952 | if [ "$1" == "1" ]; then 1953 | install_dependence ca-certificates wget 1954 | elif [ "$1" == "2" ]; then 1955 | install_dependence ca-certificates wget unzip 1956 | fi 1957 | fi 1958 | } 1959 | 1960 | #编译&&安装php 1961 | compile_php() 1962 | { 1963 | green "正在编译php。。。。" 1964 | local cflags 1965 | local cxxflags 1966 | gen_cflags 1967 | gen_cxxflags 1968 | if ! wget -O "${php_version}.tar.xz" "https://www.php.net/distributions/${php_version}.tar.xz"; then 1969 | red "获取php失败" 1970 | yellow "按回车键继续或者按Ctrl+c终止" 1971 | read -s 1972 | fi 1973 | tar -xJf "${php_version}.tar.xz" 1974 | rm -f "${php_version}.tar.xz" 1975 | cd "${php_version}" 1976 | sed -i 's#db$THIS_VERSION/db_185.h include/db$THIS_VERSION/db_185.h include/db/db_185.h#& include/db_185.h#' configure 1977 | if [ $release == "ubuntu" ] || [ $release == "debian" ] || [ $release == "deepin" ] || [ $release == "other-debian" ]; then 1978 | sed -i 's#if test -f $THIS_PREFIX/$PHP_LIBDIR/lib$LIB.a || test -f $THIS_PREFIX/$PHP_LIBDIR/lib$LIB.$SHLIB_SUFFIX_NAME#& || true#' configure 1979 | sed -i 's#if test ! -r "$PDO_FREETDS_INSTALLATION_DIR/$PHP_LIBDIR/libsybdb.a" && test ! -r "$PDO_FREETDS_INSTALLATION_DIR/$PHP_LIBDIR/libsybdb.so"#& \&\& false#' configure 1980 | ./configure --prefix=${php_prefix} --enable-embed=shared --enable-fpm --with-fpm-user=www-data --with-fpm-group=www-data --with-fpm-systemd --with-fpm-acl --with-fpm-apparmor --disable-phpdbg --with-layout=GNU --with-openssl --with-kerberos --with-external-pcre --with-zlib --enable-bcmath --with-bz2 --enable-calendar --with-curl --enable-dba --with-qdbm --with-db4 --with-db1 --with-tcadb --with-lmdb --with-enchant --enable-exif --with-ffi --enable-ftp --enable-gd --with-external-gd --with-avif --with-webp --with-jpeg --with-xpm --with-freetype --enable-gd-jis-conv --with-gettext --with-gmp --with-mhash --with-imap --with-imap-ssl --enable-intl --with-ldap --with-ldap-sasl --enable-mbstring --with-mysqli --with-mysql-sock --with-unixODBC --enable-pcntl --with-pdo-dblib --with-pdo-mysql --with-zlib-dir --with-pdo-odbc=unixODBC,/usr --with-pdo-pgsql --with-pgsql --with-pspell --with-libedit --with-mm --enable-shmop --with-snmp --enable-soap --enable-sockets --with-sodium --with-external-libcrypt --with-password-argon2 --enable-sysvmsg --enable-sysvsem --enable-sysvshm --with-tidy --with-xsl --with-zip --enable-mysqlnd --with-pear CFLAGS="${cflags[*]}" CXXFLAGS="${cxxflags[*]}" 1981 | else 1982 | ./configure --prefix=${php_prefix} --with-libdir=lib64 --enable-embed=shared --enable-fpm --with-fpm-user=www-data --with-fpm-group=www-data --with-fpm-systemd --with-fpm-acl --disable-phpdbg --with-layout=GNU --with-openssl --with-kerberos --with-external-pcre --with-zlib --enable-bcmath --with-bz2 --enable-calendar --with-curl --enable-dba --with-gdbm --with-db4 --with-db1 --with-tcadb --with-lmdb --with-enchant --enable-exif --with-ffi --enable-ftp --enable-gd --with-external-gd --with-avif --with-webp --with-jpeg --with-xpm --with-freetype --enable-gd-jis-conv --with-gettext --with-gmp --with-mhash --with-imap --with-imap-ssl --enable-intl --with-ldap --with-ldap-sasl --enable-mbstring --with-mysqli --with-mysql-sock --with-unixODBC --enable-pcntl --with-pdo-dblib --with-pdo-mysql --with-zlib-dir --with-pdo-odbc=unixODBC,/usr --with-pdo-pgsql --with-pgsql --with-pspell --with-libedit --enable-shmop --with-snmp --enable-soap --enable-sockets --with-sodium --with-external-libcrypt --with-password-argon2 --enable-sysvmsg --enable-sysvsem --enable-sysvshm --with-tidy --with-xsl --with-zip --enable-mysqlnd --with-pear CFLAGS="${cflags[*]}" CXXFLAGS="${cxxflags[*]}" 1983 | fi 1984 | swap_on 2048 1985 | if ! make -j$cpu_thread_num; then 1986 | swap_off 1987 | red "php编译失败!" 1988 | green "欢迎进行Bug report(https://github.com/kirin10000/Xray-script/issues),感谢您的支持" 1989 | yellow "在Bug修复前,建议使用Ubuntu最新版系统" 1990 | exit 1 1991 | fi 1992 | swap_off 1993 | cd .. 1994 | } 1995 | instal_php_imagick() 1996 | { 1997 | local cflags 1998 | gen_cflags 1999 | if ! git clone https://github.com/Imagick/imagick; then 2000 | yellow "获取php-imagick源码失败" 2001 | yellow "按回车键继续或者按Ctrl+c终止" 2002 | read -s 2003 | fi 2004 | cd imagick 2005 | ${php_prefix}/bin/phpize 2006 | ./configure --with-php-config=${php_prefix}/bin/php-config CFLAGS="${cflags[*]}" 2007 | swap_on 380 2008 | if ! make -j$cpu_thread_num; then 2009 | swap_off 2010 | yellow "php-imagick编译失败" 2011 | green "欢迎进行Bug report(https://github.com/kirin10000/Xray-script/issues),感谢您的支持" 2012 | yellow "在Bug修复前,建议使用Ubuntu最新版系统" 2013 | yellow "按回车键继续或者按Ctrl+c终止" 2014 | read -s 2015 | else 2016 | swap_off 2017 | fi 2018 | mv modules/imagick.so "$(${php_prefix}/bin/php -i | grep "^extension_dir" | awk '{print $3}')" 2019 | cd .. 2020 | rm -rf imagick 2021 | } 2022 | instal_php_apcu() 2023 | { 2024 | if ! wget http://pecl.php.net/get/apcu-5.1.22.tgz; then 2025 | yellow "获取php-apcu源码失败" 2026 | yellow "按回车键继续或者按Ctrl+c终止" 2027 | read -s 2028 | fi 2029 | tar -zvxf apcu-5.1.22.tgz 2030 | cd apcu-5.1.22 2031 | ${php_prefix}/bin/phpize 2032 | ./configure --with-php-config=${php_prefix}/bin/php-config 2033 | swap_on 380 2034 | make 2035 | if ! make install; then 2036 | swap_off 2037 | yellow "php-apcu编译失败" 2038 | green "欢迎进行Bug report(https://github.com/eysp/Xray-script/issues),感谢您的支持" 2039 | yellow "在Bug修复前,建议使用Ubuntu最新版系统" 2040 | yellow "按回车键继续或者按Ctrl+c终止" 2041 | read -s 2042 | else 2043 | swap_off 2044 | fi 2045 | # mv apcu.so "$(${php_prefix}/bin/php -i | grep "^extension_dir" | awk '{print $3}')" 2046 | cd .. 2047 | rm -f apcu-5.1.22.tgz 2048 | rm -rf apcu-5.1.22 2049 | } 2050 | instal_php_redis() 2051 | { 2052 | if ! wget http://pecl.php.net/get/redis-${redis}.tgz; then 2053 | yellow "获取php-redis源码失败" 2054 | yellow "按回车键继续或者按Ctrl+c终止" 2055 | read -s 2056 | fi 2057 | tar -zvxf redis-${redis}.tgz 2058 | cd redis-${redis} 2059 | ${php_prefix}/bin/phpize 2060 | ./configure --with-php-config=${php_prefix}/bin/php-config 2061 | swap_on 380 2062 | make 2063 | if ! make install; then 2064 | swap_off 2065 | yellow "php-redis编译失败" 2066 | green "欢迎进行Bug report(https://github.com/eysp/Xray-script/issues),感谢您的支持" 2067 | yellow "在Bug修复前,建议使用Ubuntu最新版系统" 2068 | yellow "按回车键继续或者按Ctrl+c终止" 2069 | read -s 2070 | else 2071 | swap_off 2072 | fi 2073 | # mv redis.so "$(${php_prefix}/bin/php -i | grep "^extension_dir" | awk '{print $3}')" 2074 | cd .. 2075 | rm -f redis-${redis}.tgz 2076 | rm -rf redis-${redis} 2077 | } 2078 | install_php_part1() 2079 | { 2080 | green "正在安装php。。。。" 2081 | cd "${php_version}" 2082 | make install 2083 | mv sapi/fpm/php-fpm.service "${php_prefix}/php-fpm.service.default.temp" 2084 | mv php.ini-production "${php_prefix}" 2085 | mv php.ini-development "${php_prefix}" 2086 | cd .. 2087 | rm -rf "${php_version}" 2088 | instal_php_imagick 2089 | instal_php_apcu 2090 | instal_php_redis 2091 | ln -s ${php_prefix}/bin/php /usr/bin/php 2092 | mv "${php_prefix}/php-fpm.service.default.temp" "${php_prefix}/php-fpm.service.default" 2093 | php_is_installed=1 2094 | } 2095 | install_php_part2() 2096 | { 2097 | useradd -r -s /bin/bash www-data 2098 | cp ${php_prefix}/etc/php-fpm.conf.default ${php_prefix}/etc/php-fpm.conf 2099 | cp ${php_prefix}/etc/php-fpm.d/www.conf.default ${php_prefix}/etc/php-fpm.d/www.conf 2100 | sed -i 's/^[ \t]*listen[ \t]*=/;&/g' ${php_prefix}/etc/php-fpm.d/www.conf 2101 | sed -i 's/^[ \t]*env\[PATH\][ \t]*=/;&/g' ${php_prefix}/etc/php-fpm.d/www.conf 2102 | cat >> ${php_prefix}/etc/php-fpm.d/www.conf << EOF 2103 | 2104 | listen = /dev/shm/php-fpm/php-fpm.sock 2105 | pm = dynamic 2106 | pm.max_children = $((16*cpu_thread_num)) 2107 | pm.start_servers = $cpu_thread_num 2108 | pm.min_spare_servers = $cpu_thread_num 2109 | pm.max_spare_servers = $((16*cpu_thread_num)) 2110 | env[PATH] = $PATH 2111 | EOF 2112 | rm -rf "${php_prefix}/etc/php.ini" 2113 | cp "${php_prefix}/php.ini-production" "${php_prefix}/etc/php.ini" 2114 | cat >> ${php_prefix}/etc/php.ini << EOF 2115 | 2116 | [PHP] 2117 | extension=imagick.so 2118 | zend_extension=opcache.so 2119 | opcache.enable=1 2120 | date.timezone=$timezone 2121 | extension=apcu.so 2122 | extension=redis.so 2123 | opcache.enable=1 2124 | apc.enable_cli=1 2125 | opcache.interned_strings_buffer=32 2126 | opcache.max_wasted_percentage = 15 2127 | opcache.validate_timestamps = 1 2128 | opcache.revalidate_freq = 1 2129 | 2130 | ;如果使用mysql,并且使用unix domain socket方式连接,请正确设置以下内容 2131 | ;pdo_mysql.default_socket=/var/run/mysqld/mysqld.sock 2132 | ;mysqli.default_socket=/var/run/mysqld/mysqld.sock 2133 | 2134 | memory_limit=-1 2135 | post_max_size=0 2136 | upload_max_filesize=9223372036854775807 2137 | max_file_uploads=50000 2138 | max_execution_time=0 2139 | max_input_time=0 2140 | output_buffering=4096 2141 | session.auto_start=0 2142 | EOF 2143 | install -m 644 "${php_prefix}/php-fpm.service.default" $php_service 2144 | cat >> $php_service <[ \\t]*'-O'/OPTIMIZE => '-O3'/g" src/http/modules/perl/Makefile.PL 2179 | sed -i 's/NGX_PERL_CFLAGS="$CFLAGS `$NGX_PERL -MExtUtils::Embed -e ccopts`"/NGX_PERL_CFLAGS="`$NGX_PERL -MExtUtils::Embed -e ccopts` $CFLAGS"/g' auto/lib/perl/conf 2180 | sed -i 's/NGX_PM_CFLAGS=`$NGX_PERL -MExtUtils::Embed -e ccopts`/NGX_PM_CFLAGS="`$NGX_PERL -MExtUtils::Embed -e ccopts` $CFLAGS"/g' auto/lib/perl/conf 2181 | ./configure --prefix="${nginx_prefix}" --user=root --group=root --with-threads --with-file-aio --with-http_ssl_module --with-http_v2_module --with-http_realip_module --with-http_addition_module --with-http_xslt_module=dynamic --with-http_image_filter_module=dynamic --with-http_geoip_module=dynamic --with-http_sub_module --with-http_dav_module --with-http_flv_module --with-http_mp4_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_auth_request_module --with-http_random_index_module --with-http_secure_link_module --with-http_degradation_module --with-http_slice_module --with-http_stub_status_module --with-http_perl_module=dynamic --with-mail=dynamic --with-mail_ssl_module --with-stream=dynamic --with-stream_ssl_module --with-stream_realip_module --with-stream_geoip_module=dynamic --with-stream_ssl_preread_module --with-google_perftools_module --with-compat --with-cc-opt="${cflags[*]}" --with-openssl="../$openssl_version" --with-openssl-opt="${cflags[*]}" 2182 | #--with-select_module --with-poll_module --with-cpp_test_module --with-pcre --with-pcre-jit --with-libatomic 2183 | #./configure --prefix=/usr/local/nginx --with-openssl=../$openssl_version --with-mail=dynamic --with-mail_ssl_module --with-stream=dynamic --with-stream_ssl_module --with-stream_realip_module --with-stream_geoip_module=dynamic --with-stream_ssl_preread_module --with-http_ssl_module --with-http_v2_module --with-http_realip_module --with-http_addition_module --with-http_xslt_module=dynamic --with-http_image_filter_module=dynamic --with-http_geoip_module=dynamic --with-http_sub_module --with-http_dav_module --with-http_flv_module --with-http_mp4_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_auth_request_module --with-http_random_index_module --with-http_secure_link_module --with-http_degradation_module --with-http_slice_module --with-http_stub_status_module --with-http_perl_module=dynamic --with-pcre --with-libatomic --with-compat --with-cpp_test_module --with-google_perftools_module --with-file-aio --with-threads --with-poll_module --with-select_module --with-cc-opt="-Wno-error ${cflags[*]}" 2184 | swap_on 480 2185 | if ! make -j$cpu_thread_num; then 2186 | swap_off 2187 | red "Nginx编译失败!" 2188 | green "欢迎进行Bug report(https://github.com/kirin10000/Xray-script/issues),感谢您的支持" 2189 | yellow "在Bug修复前,建议使用Ubuntu最新版系统" 2190 | exit 1 2191 | fi 2192 | swap_off 2193 | cd .. 2194 | } 2195 | config_service_nginx() 2196 | { 2197 | rm -rf $nginx_service 2198 | cat > $nginx_service << EOF 2199 | [Unit] 2200 | Description=The NGINX HTTP and reverse proxy server 2201 | After=syslog.target network-online.target remote-fs.target nss-lookup.target 2202 | Wants=network-online.target 2203 | 2204 | [Service] 2205 | Type=forking 2206 | User=root 2207 | ExecStartPre=/bin/rm -rf /dev/shm/nginx 2208 | ExecStartPre=/bin/mkdir /dev/shm/nginx 2209 | ExecStartPre=/bin/chmod 711 /dev/shm/nginx 2210 | ExecStartPre=/bin/mkdir /dev/shm/nginx/tcmalloc 2211 | ExecStartPre=/bin/chmod 0777 /dev/shm/nginx/tcmalloc 2212 | ExecStart=${nginx_prefix}/sbin/nginx 2213 | ExecStop=${nginx_prefix}/sbin/nginx -s stop 2214 | ExecStopPost=/bin/rm -rf /dev/shm/nginx 2215 | PrivateTmp=true 2216 | 2217 | [Install] 2218 | WantedBy=multi-user.target 2219 | EOF 2220 | chmod 644 $nginx_service 2221 | systemctl daemon-reload 2222 | } 2223 | install_nginx_part1() 2224 | { 2225 | green "正在安装Nginx。。。" 2226 | cd "${nginx_version}" 2227 | make install 2228 | cd .. 2229 | rm -rf "${nginx_version}" 2230 | rm -rf "$openssl_version" 2231 | } 2232 | install_nginx_part2() 2233 | { 2234 | mkdir ${nginx_prefix}/conf.d 2235 | touch $nginx_config 2236 | mkdir ${nginx_prefix}/certs 2237 | mkdir ${nginx_prefix}/html/issue_certs 2238 | cat > ${nginx_prefix}/conf/issue_certs.conf << EOF 2239 | events { 2240 | worker_connections 1024; 2241 | } 2242 | http { 2243 | server { 2244 | listen [::]:80 ipv6only=off; 2245 | root ${nginx_prefix}/html/issue_certs; 2246 | } 2247 | } 2248 | EOF 2249 | cat > ${nginx_prefix}/conf.d/nextcloud.conf <> /etc/systemd/system/xray.service < $xray_config 2368 | local temp="" 2369 | [ ${domain_config_list[$1]} -eq 1 ] && temp="-d ${domain_list[$1]}" 2370 | if ! $HOME/.acme.sh/acme.sh --issue -d ${true_domain_list[$1]} $temp -w ${nginx_prefix}/html/issue_certs -k ec-256 -ak ec-256 --pre-hook "mv ${nginx_prefix}/conf/nginx.conf ${nginx_prefix}/conf/nginx.conf.bak && cp ${nginx_prefix}/conf/issue_certs.conf ${nginx_prefix}/conf/nginx.conf && sleep 2s && systemctl restart nginx" --post-hook "mv ${nginx_prefix}/conf/nginx.conf.bak ${nginx_prefix}/conf/nginx.conf && sleep 2s && systemctl restart nginx" --ocsp && ! $HOME/.acme.sh/acme.sh --issue -d ${true_domain_list[$1]} $temp -w ${nginx_prefix}/html/issue_certs -k ec-256 -ak ec-256 --server letsencrypt --pre-hook "mv ${nginx_prefix}/conf/nginx.conf ${nginx_prefix}/conf/nginx.conf.bak && cp ${nginx_prefix}/conf/issue_certs.conf ${nginx_prefix}/conf/nginx.conf && sleep 2s && systemctl restart nginx" --post-hook "mv ${nginx_prefix}/conf/nginx.conf.bak ${nginx_prefix}/conf/nginx.conf && sleep 2s && systemctl restart nginx" --ocsp; then 2371 | $HOME/.acme.sh/acme.sh --issue -d ${true_domain_list[$1]} $temp -w ${nginx_prefix}/html/issue_certs -k ec-256 -ak ec-256 --pre-hook "mv ${nginx_prefix}/conf/nginx.conf ${nginx_prefix}/conf/nginx.conf.bak && cp ${nginx_prefix}/conf/issue_certs.conf ${nginx_prefix}/conf/nginx.conf && sleep 2s && systemctl restart nginx" --post-hook "mv ${nginx_prefix}/conf/nginx.conf.bak ${nginx_prefix}/conf/nginx.conf && sleep 2s && systemctl restart nginx" --ocsp --debug || $HOME/.acme.sh/acme.sh --issue -d ${true_domain_list[$1]} $temp -w ${nginx_prefix}/html/issue_certs -k ec-256 -ak ec-256 --server letsencrypt --pre-hook "mv ${nginx_prefix}/conf/nginx.conf ${nginx_prefix}/conf/nginx.conf.bak && cp ${nginx_prefix}/conf/issue_certs.conf ${nginx_prefix}/conf/nginx.conf && sleep 2s && systemctl restart nginx" --post-hook "mv ${nginx_prefix}/conf/nginx.conf.bak ${nginx_prefix}/conf/nginx.conf && sleep 2s && systemctl restart nginx" --ocsp --debug 2372 | fi 2373 | if ! $HOME/.acme.sh/acme.sh --installcert -d ${true_domain_list[$1]} --key-file ${nginx_prefix}/certs/${true_domain_list[$1]}.key --fullchain-file ${nginx_prefix}/certs/${true_domain_list[$1]}.cer --reloadcmd "sleep 2s && systemctl restart xray" --ecc; then 2374 | $HOME/.acme.sh/acme.sh --remove --domain ${true_domain_list[$1]} --ecc 2375 | rm -rf $HOME/.acme.sh/${true_domain_list[$1]}_ecc 2376 | rm -rf "${nginx_prefix}/certs/${true_domain_list[$1]}.key" "${nginx_prefix}/certs/${true_domain_list[$1]}.cer" 2377 | mv ${xray_config}.bak $xray_config 2378 | mv ${nginx_prefix}/conf/nginx.conf.bak2 ${nginx_prefix}/conf/nginx.conf 2379 | return 1 2380 | fi 2381 | mv ${xray_config}.bak $xray_config 2382 | mv ${nginx_prefix}/conf/nginx.conf.bak2 ${nginx_prefix}/conf/nginx.conf 2383 | return 0 2384 | } 2385 | get_all_certs() 2386 | { 2387 | local i 2388 | for ((i=0;i<${#domain_list[@]};i++)) 2389 | do 2390 | if ! get_cert "$i"; then 2391 | red "域名\"${true_domain_list[$i]}\"证书申请失败!" 2392 | yellow "请检查:" 2393 | yellow " 1.域名是否解析正确" 2394 | yellow " 2.vps防火墙80端口是否开放" 2395 | yellow "并在安装/重置域名完成后,使用脚本主菜单\"重置域名\"选项修复" 2396 | yellow "按回车键继续。。。" 2397 | read -s 2398 | fi 2399 | done 2400 | } 2401 | 2402 | #配置nginx 2403 | config_nginx_init() 2404 | { 2405 | cat > ${nginx_prefix}/conf/nginx.conf < $nginx_config<> $nginx_config<> $nginx_config<> $nginx_config<> $nginx_config<> $nginx_config<> $nginx_config 2610 | echo " include ${nginx_prefix}/conf.d/nextcloud.conf;" >> $nginx_config 2611 | elif [ "${pretend_list[$i]}" == "3" ]; then 2612 | if [ $protocol_2 -ne 0 ]; then 2613 | echo " location / {" >> $nginx_config 2614 | echo " return 403;" >> $nginx_config 2615 | echo " }" >> $nginx_config 2616 | else 2617 | echo " return 403;" >> $nginx_config 2618 | fi 2619 | elif [ "${pretend_list[$i]}" == "4" ]; then 2620 | echo " root ${nginx_prefix}/html/${true_domain_list[$i]};" >> $nginx_config 2621 | echo " include ${nginx_prefix}/conf.d/nextcloud.conf;" >> $nginx_config 2622 | else 2623 | cat >> $nginx_config<> $nginx_config 2638 | done 2639 | cat >> $nginx_config << EOF 2640 | #-----------------不要修改以下内容---------------- 2641 | #domain_list=${domain_list[@]} 2642 | #true_domain_list=${true_domain_list[@]} 2643 | #domain_config_list=${domain_config_list[@]} 2644 | #pretend_list=${pretend_list[@]} 2645 | EOF 2646 | } 2647 | 2648 | #配置xray 2649 | config_xray() 2650 | { 2651 | local i 2652 | local temp_domain 2653 | cat > $xray_config <> $xray_config <> $xray_config 2675 | echo ' "fallbacks": [' >> $xray_config 2676 | if [ $protocol_3 -ne 0 ]; then 2677 | cat >> $xray_config <> $xray_config <> $xray_config <> $xray_config || echo " }," >> $xray_config 2714 | done 2715 | cat >> $xray_config <> $xray_config 2722 | echo ' {' >> $xray_config 2723 | echo ' "listen": "/dev/shm/xray/grpc.sock",' >> $xray_config 2724 | if [ $protocol_2 -eq 2 ]; then 2725 | echo ' "protocol": "vmess",' >> $xray_config 2726 | else 2727 | echo ' "protocol": "vless",' >> $xray_config 2728 | fi 2729 | echo ' "settings": {' >> $xray_config 2730 | echo ' "clients": [' >> $xray_config 2731 | echo ' {' >> $xray_config 2732 | echo " \"id\": \"$xid_2\"" >> $xray_config 2733 | echo ' }' >> $xray_config 2734 | if [ $protocol_2 -eq 2 ]; then 2735 | echo ' ]' >> $xray_config 2736 | else 2737 | echo ' ],' >> $xray_config 2738 | echo ' "decryption": "none"' >> $xray_config 2739 | fi 2740 | cat >> $xray_config <> $xray_config 2752 | echo ' {' >> $xray_config 2753 | echo ' "listen": "@/dev/shm/xray/ws.sock",' >> $xray_config 2754 | if [ $protocol_3 -eq 2 ]; then 2755 | echo ' "protocol": "vmess",' >> $xray_config 2756 | else 2757 | echo ' "protocol": "vless",' >> $xray_config 2758 | fi 2759 | echo ' "settings": {' >> $xray_config 2760 | echo ' "clients": [' >> $xray_config 2761 | echo ' {' >> $xray_config 2762 | echo " \"id\": \"$xid_3\"" >> $xray_config 2763 | echo ' }' >> $xray_config 2764 | if [ $protocol_3 -eq 2 ]; then 2765 | echo ' ]' >> $xray_config 2766 | else 2767 | echo ' ],' >> $xray_config 2768 | echo ' "decryption": "none"' >> $xray_config 2769 | fi 2770 | cat >> $xray_config <> $xray_config < $cloudreve_prefix/conf.ini << EOF 2846 | [System] 2847 | Mode = master 2848 | Debug = false 2849 | [UnixSocket] 2850 | Listen = /dev/shm/cloudreve/cloudreve.sock 2851 | EOF 2852 | rm -rf $cloudreve_service 2853 | cat > $cloudreve_service << EOF 2854 | [Unit] 2855 | Description=Cloudreve 2856 | Documentation=https://docs.cloudreve.org 2857 | After=network.target 2858 | After=mysqld.service 2859 | Wants=network.target 2860 | 2861 | [Service] 2862 | WorkingDirectory=$cloudreve_prefix 2863 | ExecStartPre=/bin/rm -rf /dev/shm/cloudreve 2864 | ExecStartPre=/bin/mkdir /dev/shm/cloudreve 2865 | ExecStartPre=/bin/chmod 711 /dev/shm/cloudreve 2866 | ExecStart=$cloudreve_prefix/cloudreve 2867 | ExecStopPost=/bin/rm -rf /dev/shm/cloudreve 2868 | Restart=on-abnormal 2869 | RestartSec=5s 2870 | KillMode=mixed 2871 | 2872 | StandardOutput=null 2873 | StandardError=syslog 2874 | 2875 | [Install] 2876 | WantedBy=multi-user.target 2877 | EOF 2878 | systemctl daemon-reload 2879 | [ $temp_cloudreve_status -eq 1 ] && systemctl start cloudreve 2880 | } 2881 | install_init_cloudreve() 2882 | { 2883 | remove_cloudreve 2884 | mkdir -p $cloudreve_prefix 2885 | chmod 0700 $cloudreve_prefix 2886 | update_cloudreve 2887 | rm -rf /dev/shm/cloudreve 2888 | local temp 2889 | temp="$("$cloudreve_prefix/cloudreve" | grep "初始管理员密码:" | awk '{print $4}')" 2890 | sleep 1s 2891 | systemctl start cloudreve 2892 | systemctl enable cloudreve 2893 | tyblue "-------- 请打开\"https://${domain_list[$1]}\"进行Cloudreve初始化 -------" 2894 | tyblue " 1. 登陆帐号" 2895 | purple " 初始管理员账号:admin@cloudreve.org" 2896 | purple " $temp" 2897 | tyblue " 2. 右上角头像 -> 管理面板" 2898 | tyblue " 3. 这时会弹出对话框 \"确定站点URL设置\" 选择 \"更改\"" 2899 | tyblue " 4. 左侧参数设置 -> 注册与登陆 -> 不允许新用户注册 -> 往下拉点击保存" 2900 | sleep 15s 2901 | echo -e "\\n\\n" 2902 | tyblue "按两次回车键以继续。。。" 2903 | read -s 2904 | read -s 2905 | cloudreve_is_installed=1 2906 | } 2907 | 2908 | #初始化nextcloud 参数 1:域名在列表中的位置 2909 | let_init_nextcloud() 2910 | { 2911 | echo -e "\\n\\n" 2912 | yellow "请立即打开\"https://${domain_list[$1]}\"进行Nextcloud初始化设置:" 2913 | tyblue " 1.自定义管理员的用户名和密码" 2914 | tyblue " 2.数据库类型选择SQLite" 2915 | tyblue " 3.建议不勾选\"安装推荐的应用\",因为进去之后还能再安装" 2916 | sleep 15s 2917 | echo -e "\\n\\n" 2918 | tyblue "按两次回车键以继续。。。" 2919 | read -s 2920 | read -s 2921 | echo 2922 | } 2923 | 2924 | print_share_link() 2925 | { 2926 | if [ $protocol_1 -eq 1 ]; then 2927 | local ip="" 2928 | while [ -z "$ip" ] 2929 | do 2930 | read -p "请输入您的服务器IP(用于生成分享链接):" ip 2931 | done 2932 | fi 2933 | if [[ "$ip" =~ : ]] && ! [[ "$ip" =~ ^\[.*:.*\]$ ]]; then 2934 | ip="[$ip]" 2935 | fi 2936 | echo 2937 | tyblue "分享链接:" 2938 | if [ $protocol_1 -eq 1 ]; then 2939 | green "============ VLESS-TCP-TLS\\033[35m(不走CDN)\\033[32m ============" 2940 | for i in "${!domain_list[@]}" 2941 | do 2942 | if [ "${pretend_list[$i]}" == "1" ] || [ "${pretend_list[$i]}" == "2" ]; then 2943 | tyblue "vless://${xid_1}@${ip}:443?security=tls&sni=${domain_list[$i]}&alpn=http%2F1.1" 2944 | else 2945 | tyblue "vless://${xid_1}@${ip}:443?security=tls&sni=${domain_list[$i]}&alpn=h2,http%2F1.1" 2946 | fi 2947 | done 2948 | green "============ VLESS-TCP-XTLS\\033[35m(不走CDN)\\033[32m ============" 2949 | yellow "Linux/安卓/路由器:" 2950 | for i in "${!domain_list[@]}" 2951 | do 2952 | if [ "${pretend_list[$i]}" == "1" ] || [ "${pretend_list[$i]}" == "2" ]; then 2953 | tyblue "vless://${xid_1}@${ip}:443?security=xtls&sni=${domain_list[$i]}&alpn=http%2F1.1&flow=xtls-rprx-splice" 2954 | else 2955 | tyblue "vless://${xid_1}@${ip}:443?security=xtls&sni=${domain_list[$i]}&alpn=h2,http%2F1.1&flow=xtls-rprx-splice" 2956 | fi 2957 | done 2958 | yellow "其他:" 2959 | for i in "${!domain_list[@]}" 2960 | do 2961 | if [ "${pretend_list[$i]}" == "1" ] || [ "${pretend_list[$i]}" == "2" ]; then 2962 | tyblue "vless://${xid_1}@${ip}:443?security=xtls&sni=${domain_list[$i]}&alpn=http%2F1.1&flow=xtls-rprx-direct" 2963 | else 2964 | tyblue "vless://${xid_1}@${ip}:443?security=xtls&sni=${domain_list[$i]}&alpn=h2,http%2F1.1&flow=xtls-rprx-direct" 2965 | fi 2966 | done 2967 | fi 2968 | if [ $protocol_2 -eq 1 ]; then 2969 | green "=========== VLESS-gRPC-TLS \\033[35m(若域名开启了CDN解析则会连接CDN,否则将直连)\\033[32m ===========" 2970 | for i in "${domain_list[@]}" 2971 | do 2972 | tyblue "vless://${xid_2}@${i}:443?type=grpc&security=tls&serviceName=${serviceName}&mode=multi&alpn=h2,http%2F1.1" 2973 | done 2974 | elif [ $protocol_2 -eq 2 ]; then 2975 | green "=========== VMess-gRPC-TLS \\033[35m(若域名开启了CDN解析则会连接CDN,否则将直连)\\033[32m ===========" 2976 | for i in "${domain_list[@]}" 2977 | do 2978 | tyblue "vmess://${xid_2}@${i}:443?type=grpc&security=tls&serviceName=${serviceName}&mode=multi&alpn=h2,http%2F1.1" 2979 | done 2980 | fi 2981 | if [ $protocol_3 -eq 1 ]; then 2982 | green "=========== VLESS-WebSocket-TLS \\033[35m(若域名开启了CDN解析则会连接CDN,否则将直连)\\033[32m ===========" 2983 | for i in "${domain_list[@]}" 2984 | do 2985 | tyblue "vless://${xid_3}@${i}:443?type=ws&security=tls&path=%2F${path#/}%3Fed=2048" 2986 | done 2987 | elif [ $protocol_3 -eq 2 ]; then 2988 | green "=========== VMess-WebSocket-TLS \\033[35m(若域名开启了CDN解析则会连接CDN,否则将直连)\\033[32m ===========" 2989 | for i in "${domain_list[@]}" 2990 | do 2991 | tyblue "vmess://${xid_3}@${i}:443?type=ws&security=tls&path=%2F${path#/}%3Fed=2048" 2992 | done 2993 | fi 2994 | } 2995 | print_config_info() 2996 | { 2997 | echo -e "\\n\\n\\n" 2998 | if [ $protocol_1 -ne 0 ]; then 2999 | tyblue "--------------------- VLESS-TCP-XTLS/TLS (不走CDN) ---------------------" 3000 | tyblue " protocol(传输协议) :\\033[33mvless" 3001 | purple " (V2RayN选择\"添加[VLESS]服务器\";V2RayNG选择\"手动输入[VLESS]\")" 3002 | tyblue " address(地址) :\\033[33m服务器ip" 3003 | purple " (Qv2ray:主机)" 3004 | tyblue " port(端口) :\\033[33m443" 3005 | tyblue " id(用户ID/UUID) :\\033[33m${xid_1}" 3006 | tyblue " flow(流控) :" 3007 | tyblue " 使用XTLS :" 3008 | tyblue " Linux/安卓/路由器:\\033[33mxtls-rprx-splice\\033[32m(推荐)\\033[36m或\\033[33mxtls-rprx-direct" 3009 | tyblue " 其它 :\\033[33mxtls-rprx-direct" 3010 | tyblue " 使用TLS :\\033[33m空" 3011 | tyblue " encryption(加密) :\\033[33mnone" 3012 | tyblue " ---Transport/StreamSettings(底层传输方式/流设置)---" 3013 | tyblue " network(传输方式) :\\033[33mtcp" 3014 | purple " (Shadowrocket传输方式选none)" 3015 | tyblue " type(伪装类型) :\\033[33mnone" 3016 | purple " (Qv2ray:协议设置-类型)" 3017 | tyblue " security(传输层加密) :\\033[33mxtls\\033[36m或\\033[33mtls \\033[35m(此选项将决定是使用XTLS还是TLS)" 3018 | purple " (V2RayN(G):底层传输安全;Qv2ray:TLS设置-安全类型)" 3019 | if [ ${#domain_list[@]} -eq 1 ]; then 3020 | tyblue " serverName :\\033[33m${domain_list[*]}" 3021 | else 3022 | tyblue " serverName :\\033[33m${domain_list[*]} \\033[35m(任选其一)" 3023 | fi 3024 | purple " (V2RayN(G):SNI;Qv2ray:TLS设置-服务器地址;Shadowrocket:Peer 名称)" 3025 | tyblue " allowInsecure :\\033[33mfalse" 3026 | purple " (Qv2ray:TLS设置-允许不安全的证书(不打勾);Shadowrocket:允许不安全(关闭))" 3027 | tyblue " fingerprint :" 3028 | tyblue " 使用XTLS :\\033[33m空" 3029 | tyblue " 使用TLS :\\033[33m空\\033[36m/\\033[33mchrome\\033[32m(推荐)\\033[36m/\\033[33mfirefox\\033[36m/\\033[33msafari" 3030 | purple " (此选项决定是否伪造浏览器指纹,空代表不伪造)" 3031 | tyblue " alpn :" 3032 | tyblue " 伪造浏览器指纹 :此参数不生效,可随意设置" 3033 | tyblue " 不伪造浏览器指纹:serverName填的域名对应的伪装网站为网盘则设置为\\033[33mhttp/1.1\\033[36m,否则设置为\\033[33m空\\033[36m或\\033[33mh2,http/1.1" 3034 | purple " (Qv2ray:TLS设置-ALPN) (注意Qv2ray如果要设置alpn为h2,http/1.1,请填写\"h2|http/1.1\")" 3035 | tyblue " ------------------------其他-----------------------" 3036 | tyblue " Mux(多路复用) :使用XTLS必须关闭;不使用XTLS也建议关闭" 3037 | purple " (V2RayN:设置页面-开启Mux多路复用)" 3038 | tyblue "------------------------------------------------------------------------" 3039 | fi 3040 | if [ $protocol_2 -ne 0 ]; then 3041 | echo 3042 | if [ $protocol_2 -eq 1 ]; then 3043 | tyblue "---------------- VLESS-gRPC-TLS (有CDN则走CDN,否则直连) ---------------" 3044 | tyblue " protocol(传输协议) :\\033[33mvless" 3045 | purple " (V2RayN选择\"添加[VLESS]服务器\";V2RayNG选择\"手动输入[VLESS]\")" 3046 | else 3047 | tyblue "---------------- VMess-gRPC-TLS (有CDN则走CDN,否则直连) ---------------" 3048 | tyblue " protocol(传输协议) :\\033[33mvmess" 3049 | purple " (V2RayN选择\"添加[VMess]服务器\";V2RayNG选择\"手动输入[Vmess]\")" 3050 | fi 3051 | if [ ${#domain_list[@]} -eq 1 ]; then 3052 | tyblue " address(地址) :\\033[33m${domain_list[*]}" 3053 | else 3054 | tyblue " address(地址) :\\033[33m${domain_list[*]} \\033[35m(任选其一)" 3055 | fi 3056 | purple " (Qv2ray:主机)" 3057 | tyblue " port(端口) :\\033[33m443" 3058 | tyblue " id(用户ID/UUID) :\\033[33m${xid_2}" 3059 | if [ $protocol_2 -eq 1 ]; then 3060 | tyblue " flow(流控) :\\033[33m空" 3061 | tyblue " encryption(加密) :\\033[33mnone" 3062 | else 3063 | tyblue " security(加密方式) :使用CDN,推荐\\033[33mauto\\033[36m;不使用CDN,推荐\\033[33mnone" 3064 | purple " (Qv2ray:安全选项;Shadowrocket:算法)" 3065 | fi 3066 | tyblue " ---Transport/StreamSettings(底层传输方式/流设置)---" 3067 | tyblue " network(传输方式) :\\033[33mgrpc" 3068 | tyblue " serviceName :\\033[33m${serviceName}" 3069 | tyblue " multiMode :\\033[33mtrue" 3070 | purple " (V2RayN(G)伪装类型(type)选择multi" 3071 | tyblue " security(传输层加密) :\\033[33mtls" 3072 | purple " (V2RayN(G):底层传输安全;Qv2ray:TLS设置-安全类型)" 3073 | tyblue " serverName :\\033[33m空" 3074 | purple " (V2RayN(G):SNI和伪装域名;Qv2ray:TLS设置-服务器地址;Shadowrocket:Peer 名称)" 3075 | tyblue " allowInsecure :\\033[33mfalse" 3076 | purple " (Qv2ray:TLS设置-允许不安全的证书(不打勾);Shadowrocket:允许不安全(关闭))" 3077 | tyblue " alpn :\\033[33m空\\033[36m或\\033[33mh2,http/1.1" 3078 | purple " (Qv2ray:TLS设置-ALPN) (注意Qv2ray如果要设置alpn为h2,http/1.1,请填写\"h2|http/1.1\")" 3079 | tyblue " ------------------------其他-----------------------" 3080 | tyblue " Mux(多路复用) :强烈建议关闭" 3081 | purple " (V2RayN:设置页面-开启Mux多路复用)" 3082 | tyblue "------------------------------------------------------------------------" 3083 | fi 3084 | if [ $protocol_3 -ne 0 ]; then 3085 | echo 3086 | if [ $protocol_3 -eq 1 ]; then 3087 | tyblue "------------- VLESS-WebSocket-TLS (有CDN则走CDN,否则直连) -------------" 3088 | tyblue " protocol(传输协议) :\\033[33mvless" 3089 | purple " (V2RayN选择\"添加[VLESS]服务器\";V2RayNG选择\"手动输入[VLESS]\")" 3090 | else 3091 | tyblue "------------- VMess-WebSocket-TLS (有CDN则走CDN,否则直连) -------------" 3092 | tyblue " protocol(传输协议) :\\033[33mvmess" 3093 | purple " (V2RayN选择\"添加[VMess]服务器\";V2RayNG选择\"手动输入[Vmess]\")" 3094 | fi 3095 | if [ ${#domain_list[@]} -eq 1 ]; then 3096 | tyblue " address(地址) :\\033[33m${domain_list[*]}" 3097 | else 3098 | tyblue " address(地址) :\\033[33m${domain_list[*]} \\033[35m(任选其一)" 3099 | fi 3100 | purple " (Qv2ray:主机)" 3101 | tyblue " port(端口) :\\033[33m443" 3102 | tyblue " id(用户ID/UUID) :\\033[33m${xid_3}" 3103 | if [ $protocol_3 -eq 1 ]; then 3104 | tyblue " flow(流控) :\\033[33m空" 3105 | tyblue " encryption(加密) :\\033[33mnone" 3106 | else 3107 | tyblue " security(加密方式) :使用CDN,推荐\\033[33mauto\\033[36m;不使用CDN,推荐\\033[33mnone" 3108 | purple " (Qv2ray:安全选项;Shadowrocket:算法)" 3109 | fi 3110 | tyblue " ---Transport/StreamSettings(底层传输方式/流设置)---" 3111 | tyblue " network(传输方式) :\\033[33mws" 3112 | purple " (Shadowrocket传输方式选websocket)" 3113 | tyblue " path(路径) :\\033[33m${path}?ed=2048" 3114 | tyblue " Host :\\033[33m空" 3115 | purple " (V2RayN(G):伪装域名;Qv2ray:协议设置-请求头)" 3116 | tyblue " security(传输层加密) :\\033[33mtls" 3117 | purple " (V2RayN(G):底层传输安全;Qv2ray:TLS设置-安全类型)" 3118 | tyblue " serverName :\\033[33m空" 3119 | purple " (V2RayN(G):SNI和伪装域名;Qv2ray:TLS设置-服务器地址;Shadowrocket:Peer 名称)" 3120 | tyblue " allowInsecure :\\033[33mfalse" 3121 | purple " (Qv2ray:TLS设置-允许不安全的证书(不打勾);Shadowrocket:允许不安全(关闭))" 3122 | tyblue " alpn :此参数不生效,可随意设置" 3123 | purple " (Qv2ray:TLS设置-ALPN) (注意Qv2ray如果要设置alpn为h2,http/1.1,请填写\"h2|http/1.1\")" 3124 | tyblue " ------------------------其他-----------------------" 3125 | tyblue " Mux(多路复用) :建议关闭" 3126 | purple " (V2RayN:设置页面-开启Mux多路复用)" 3127 | tyblue "------------------------------------------------------------------------" 3128 | fi 3129 | echo 3130 | ask_if "是否生成分享链接?(y/n)" && print_share_link 3131 | echo 3132 | yellow " 关于fingerprint与alpn,详见:https://github.com/kirin10000/Xray-script#关于tls握手tls指纹和alpn" 3133 | echo 3134 | blue " 若想实现Fullcone(NAT类型开放),需要达成以下条件:" 3135 | blue " 1. 确保客户端核心为 Xray v1.3.0+" 3136 | blue " 2. 若您正在使用Netch作为客户端,请不要使用模式 [1] 连接 (可使用模式 [3] Bypass LAN )" 3137 | blue " 3. 如果测试系统为Windows,并且正在使用透明代理或TUN/Bypass LAN,请确保当前网络设置为专用网络" 3138 | echo 3139 | blue " 若想实现WebSocket 0-rtt,请将客户端核心升级至 Xray v1.4.0+" 3140 | echo 3141 | tyblue " 脚本最后更新时间:2021.09.10" 3142 | echo 3143 | red " 此脚本仅供交流学习使用,请勿使用此脚本行违法之事。网络非法外之地,行非法之事,必将接受法律制裁!!!!" 3144 | tyblue " 2020.11" 3145 | } 3146 | 3147 | install_update_xray_tls_web() 3148 | { 3149 | in_install_update_xray_tls_web=1 3150 | check_nginx_installed_system 3151 | [ "$redhat_package_manager" == "yum" ] && check_important_dependence_installed "" "yum-utils" 3152 | check_SELinux 3153 | check_important_dependence_installed iproute2 iproute 3154 | check_port 3155 | check_important_dependence_installed tzdata tzdata 3156 | get_system_info 3157 | check_important_dependence_installed ca-certificates ca-certificates 3158 | check_important_dependence_installed wget wget 3159 | check_important_dependence_installed "procps" "procps-ng" 3160 | install_epel 3161 | ask_update_script 3162 | check_ssh_timeout 3163 | uninstall_firewall 3164 | doupdate 3165 | enter_temp_dir 3166 | install_bbr 3167 | $debian_package_manager -y -f install 3168 | 3169 | #读取信息 3170 | if [ $update -eq 0 ]; then 3171 | readProtocolConfig 3172 | readDomain 3173 | path="/$(head -c 20 /dev/urandom | md5sum | head -c 10)" 3174 | serviceName="$(head -c 20 /dev/urandom | md5sum | head -c 10)" 3175 | xid_1="$(cat /proc/sys/kernel/random/uuid)" 3176 | xid_2="$(cat /proc/sys/kernel/random/uuid)" 3177 | xid_3="$(cat /proc/sys/kernel/random/uuid)" 3178 | else 3179 | get_config_info 3180 | fi 3181 | 3182 | local choice 3183 | 3184 | local install_php 3185 | if [ $update -eq 0 ]; then 3186 | [ "${pretend_list[0]}" == "2" ] && install_php=1 || install_php=0 3187 | else 3188 | install_php=$php_is_installed 3189 | fi 3190 | local use_existed_php=0 3191 | if [ $install_php -eq 1 ]; then 3192 | if [ $update -eq 1 ]; then 3193 | if check_php_update; then 3194 | ! ask_if "检测到php有新版本,是否更新?(y/n)" && use_existed_php=1 3195 | else 3196 | green "php已经是最新版本,不更新" 3197 | use_existed_php=1 3198 | fi 3199 | elif [ $php_is_installed -eq 1 ]; then 3200 | tyblue "---------------检测到php已存在---------------" 3201 | tyblue " 1. 使用现有php" 3202 | tyblue " 2. 卸载现有php并重新编译安装" 3203 | echo 3204 | choice="" 3205 | while [ "$choice" != "1" ] && [ "$choice" != "2" ] 3206 | do 3207 | read -p "您的选择是:" choice 3208 | done 3209 | [ $choice -eq 1 ] && use_existed_php=1 3210 | fi 3211 | fi 3212 | 3213 | local use_existed_nginx=0 3214 | if [ $update -eq 1 ]; then 3215 | if check_nginx_update; then 3216 | ! ask_if "检测到Nginx有新版本,是否更新?(y/n)" && use_existed_nginx=1 3217 | else 3218 | green "Nginx已经是最新版本,不更新" 3219 | use_existed_nginx=1 3220 | fi 3221 | elif [ $nginx_is_installed -eq 1 ]; then 3222 | tyblue "---------------检测到Nginx已存在---------------" 3223 | tyblue " 1. 使用现有Nginx" 3224 | tyblue " 2. 卸载现有Nginx并重新编译安装" 3225 | echo 3226 | choice="" 3227 | while [ "$choice" != "1" ] && [ "$choice" != "2" ] 3228 | do 3229 | read -p "您的选择是:" choice 3230 | done 3231 | [ $choice -eq 1 ] && use_existed_nginx=1 3232 | fi 3233 | #此参数只在[ $update -eq 0 ]时有效 3234 | local temp_remove_cloudreve=1 3235 | if [ $update -eq 0 ] && [ "${pretend_list[0]}" == "1" ] && [ $cloudreve_is_installed -eq 1 ]; then 3236 | tyblue "----------------- Cloudreve已存在 -----------------" 3237 | tyblue " 1. 使用现有Cloudreve" 3238 | tyblue " 2. 卸载并重新安装" 3239 | echo 3240 | red "警告:卸载Cloudreve将删除网盘中所有文件和用户信息" 3241 | choice="" 3242 | while [ "$choice" != "1" ] && [ "$choice" != "2" ] 3243 | do 3244 | read -p "您的选择是:" choice 3245 | done 3246 | [ $choice -eq 1 ] && temp_remove_cloudreve=0 3247 | fi 3248 | 3249 | if [ $update -eq 0 ]; then 3250 | green "即将开始安装Xray-TLS+Web,可能需要10-20分钟。。。" 3251 | sleep 3s 3252 | fi 3253 | 3254 | [ $use_existed_nginx -eq 0 ] && install_nginx_compile_toolchains 3255 | install_nginx_dependence 3256 | if [ $install_php -eq 1 ]; then 3257 | [ $use_existed_php -eq 0 ] && install_php_compile_toolchains 3258 | install_php_dependence 3259 | fi 3260 | install_acme_dependence 3261 | if [ $update -eq 0 ]; then 3262 | install_web_dependence "" 3263 | else 3264 | [ $cloudreve_is_installed -eq 1 ] && install_web_dependence "1" 3265 | fi 3266 | $debian_package_manager clean 3267 | $redhat_package_manager clean all 3268 | 3269 | #编译&&安装php 3270 | if [ $install_php -eq 1 ]; then 3271 | if [ $use_existed_php -eq 0 ]; then 3272 | compile_php 3273 | remove_php 3274 | install_php_part1 3275 | else 3276 | systemctl stop php-fpm 3277 | systemctl disable php-fpm 3278 | fi 3279 | install_php_part2 3280 | [ $update -eq 1 ] && turn_on_off_php 3281 | fi 3282 | 3283 | #编译&&安装Nginx 3284 | if [ $use_existed_nginx -eq 0 ]; then 3285 | compile_nginx 3286 | [ $update -eq 1 ] && backup_domains_web 3287 | remove_nginx 3288 | install_nginx_part1 3289 | else 3290 | systemctl stop nginx 3291 | systemctl disable nginx 3292 | rm -rf ${nginx_prefix}/conf.d 3293 | rm -rf ${nginx_prefix}/certs 3294 | rm -rf ${nginx_prefix}/html/issue_certs 3295 | rm -rf ${nginx_prefix}/conf/issue_certs.conf 3296 | cp ${nginx_prefix}/conf/nginx.conf.default ${nginx_prefix}/conf/nginx.conf 3297 | fi 3298 | install_nginx_part2 3299 | [ $update -eq 1 ] && [ $use_existed_nginx -eq 0 ] && mv "${temp_dir}/domain_backup/"* ${nginx_prefix}/html 2>/dev/null 3300 | 3301 | #安装Xray 3302 | remove_xray 3303 | install_update_xray 3304 | 3305 | if [ $update -eq 0 ]; then 3306 | [ -e $HOME/.acme.sh/acme.sh ] && $HOME/.acme.sh/acme.sh --uninstall 3307 | rm -rf $HOME/.acme.sh 3308 | curl https://get.acme.sh | sh 3309 | $HOME/.acme.sh/acme.sh --register-account -ak ec-256 --server zerossl -m "my@example.com" 3310 | fi 3311 | $HOME/.acme.sh/acme.sh --upgrade --auto-upgrade 3312 | get_all_certs 3313 | 3314 | #配置Nginx和Xray 3315 | config_nginx 3316 | config_xray 3317 | sleep 2s 3318 | systemctl stop cloudreve 3319 | systemctl restart xray nginx 3320 | if [ $update -eq 0 ]; then 3321 | [ "${pretend_list[0]}" == "1" ] && [ $temp_remove_cloudreve -eq 1 ] && remove_cloudreve 3322 | init_web 0 3323 | green "-------------------安装完成-------------------" 3324 | print_config_info 3325 | else 3326 | [ $cloudreve_is_installed -eq 1 ] && update_cloudreve 3327 | turn_on_off_cloudreve 3328 | green "-------------------更新完成-------------------" 3329 | fi 3330 | cd / 3331 | rm -rf "$temp_dir" 3332 | in_install_update_xray_tls_web=0 3333 | } 3334 | 3335 | #主菜单函数 3336 | full_install_php() 3337 | { 3338 | green "开始安装/更新php。。。" 3339 | sleep 3s 3340 | install_php_compile_toolchains 3341 | install_php_dependence 3342 | enter_temp_dir 3343 | compile_php 3344 | remove_php 3345 | install_php_part1 3346 | install_php_part2 3347 | cd / 3348 | rm -rf "$temp_dir" 3349 | } 3350 | #安装/检查更新/更新php 3351 | install_check_update_update_php() 3352 | { 3353 | [ "$redhat_package_manager" == "yum" ] && check_important_dependence_installed "" "yum-utils" 3354 | check_SELinux 3355 | check_important_dependence_installed tzdata tzdata 3356 | get_system_info 3357 | if (([ $release == "centos" ] || [ $release == centos-stream ] || [ $release == oracle ]) && ! version_ge "$systemVersion" "8" ) || ([ $release == "rhel" ] && ! version_ge "$systemVersion" "8") || ([ $release == "fedora" ] && ! version_ge "$systemVersion" "30") || ([ $release == "ubuntu" ] && ! version_ge "$systemVersion" "20.04") || ([ $release == "debian" ] && ! version_ge "$systemVersion" "11"); then 3358 | red "系统版本过低,无法安装php!" 3359 | echo 3360 | tyblue "安装Nextcloud需要安装php" 3361 | yellow "仅支持在以下版本系统下安装php:" 3362 | yellow " 1. Ubuntu 20.04+" 3363 | yellow " 2. Debian 11+" 3364 | yellow " 3. 其他以 Debian 11+ 为基的系统" 3365 | yellow " 4. Red Hat Enterprise Linux 8+" 3366 | yellow " 5. CentOS 8+" 3367 | yellow " 6. Fedora 30+" 3368 | yellow " 7. Oracle Linux 8+" 3369 | yellow " 8. 其他以 Red Hat 8+ 为基的系统" 3370 | return 1 3371 | elif [ $release == "other-debian" ] || [ $release == "other-redhat" ]; then 3372 | yellow "未知的系统,可能导致php安装失败!" 3373 | echo 3374 | tyblue "安装Nextcloud需要安装php" 3375 | yellow "仅支持在以下版本系统下安装php:" 3376 | yellow " 1. Ubuntu 20.04+" 3377 | yellow " 2. Debian 11+" 3378 | yellow " 3. 其他以 Debian 11+ 为基的系统" 3379 | yellow " 4. Red Hat Enterprise Linux 8+" 3380 | yellow " 5. CentOS 8+" 3381 | yellow " 6. Fedora 30+" 3382 | yellow " 7. Oracle Linux 8+" 3383 | yellow " 8. 其他以 Red Hat 8+ 为基的系统" 3384 | ! ask_if "确定选择吗?(y/n)" && return 0 3385 | elif [ $release == "deepin" ]; then 3386 | red "php暂不支持deepin,请选择其他系统" 3387 | return 1 3388 | fi 3389 | check_important_dependence_installed ca-certificates ca-certificates 3390 | check_important_dependence_installed wget wget 3391 | check_important_dependence_installed "procps" "procps-ng" 3392 | install_epel 3393 | local php_status=0 3394 | if [ $php_is_installed -eq 1 ]; then 3395 | ask_update_script_force 3396 | if check_php_update; then 3397 | green "php有新版本" 3398 | ! ask_if "是否更新?(y/n)" && return 0 3399 | else 3400 | green "php已是最新版本" 3401 | return 0 3402 | fi 3403 | systemctl -q is-active php-fpm && php_status=1 3404 | else 3405 | ask_update_script 3406 | tyblue "安装php用于运行nextcloud网盘" 3407 | yellow "编译&&安装php可能需要消耗15-60分钟" 3408 | yellow "且php将占用一定系统资源,不建议内存<512M的机器使用" 3409 | ! ask_if "是否继续?(y/n)" && return 0 3410 | fi 3411 | check_ssh_timeout 3412 | get_config_info 3413 | full_install_php 3414 | turn_on_off_php 3415 | if [ $php_status -eq 1 ]; then 3416 | systemctl start php-fpm 3417 | else 3418 | systemctl stop php-fpm 3419 | fi 3420 | green "安装/更新完成!" 3421 | } 3422 | check_update_update_nginx() 3423 | { 3424 | check_nginx_installed_system 3425 | [ "$redhat_package_manager" == "yum" ] && check_important_dependence_installed "" "yum-utils" 3426 | check_SELinux 3427 | check_important_dependence_installed tzdata tzdata 3428 | get_system_info 3429 | check_important_dependence_installed ca-certificates ca-certificates 3430 | check_important_dependence_installed wget wget 3431 | check_important_dependence_installed "procps" "procps-ng" 3432 | install_epel 3433 | ask_update_script_force 3434 | if check_nginx_update; then 3435 | green "Nginx有新版本" 3436 | ! ask_if "是否更新?(y/n)" && return 0 3437 | else 3438 | green "Nginx已是最新版本" 3439 | return 0 3440 | fi 3441 | check_ssh_timeout 3442 | get_config_info 3443 | local nginx_status=0 3444 | local xray_status=0 3445 | systemctl -q is-active nginx && nginx_status=1 3446 | systemctl -q is-active xray && xray_status=1 3447 | install_nginx_compile_toolchains 3448 | install_nginx_dependence 3449 | enter_temp_dir 3450 | compile_nginx 3451 | backup_domains_web 3452 | remove_nginx 3453 | install_nginx_part1 3454 | install_nginx_part2 3455 | config_nginx 3456 | mv "${temp_dir}/domain_backup/"* ${nginx_prefix}/html 2>/dev/null 3457 | get_all_certs 3458 | if [ $nginx_status -eq 1 ]; then 3459 | systemctl restart nginx 3460 | else 3461 | systemctl stop nginx 3462 | fi 3463 | if [ $xray_status -eq 1 ]; then 3464 | systemctl restart xray 3465 | else 3466 | systemctl stop xray 3467 | fi 3468 | cd / 3469 | rm -rf "$temp_dir" 3470 | green "更新完成!" 3471 | } 3472 | restart_xray_tls_web() 3473 | { 3474 | get_config_info 3475 | systemctl restart xray nginx 3476 | systemctl stop php-fpm cloudreve 3477 | turn_on_off_php 3478 | turn_on_off_cloudreve 3479 | sleep 1s 3480 | if ! systemctl -q is-active xray; then 3481 | red "Xray启动失败!!" 3482 | elif ! systemctl -q is-active nginx; then 3483 | red "Nginx启动失败!!" 3484 | elif check_need_php && ! systemctl -q is-active php-fpm; then 3485 | red "php启动失败!!" 3486 | elif check_need_cloudreve && ! systemctl -q is-active cloudreve; then 3487 | red "Cloudreve启动失败!!" 3488 | else 3489 | green "重启/启动成功!!" 3490 | fi 3491 | } 3492 | reinit_domain() 3493 | { 3494 | [ "$redhat_package_manager" == "yum" ] && check_important_dependence_installed "" "yum-utils" 3495 | check_important_dependence_installed iproute2 iproute 3496 | check_port 3497 | check_important_dependence_installed tzdata tzdata 3498 | get_system_info 3499 | check_important_dependence_installed ca-certificates ca-certificates 3500 | check_important_dependence_installed wget wget 3501 | install_acme_dependence 3502 | ask_update_script 3503 | yellow "重置域名将删除所有现有域名(包括域名证书、伪装网站等)" 3504 | ! ask_if "是否继续?(y/n)" && return 0 3505 | get_config_info 3506 | readDomain 3507 | if [ "${pretend_list[-1]}" == "2" ] && [ $php_is_installed -eq 0 ]; then 3508 | check_SELinux 3509 | check_important_dependence_installed "procps" "procps-ng" 3510 | install_epel 3511 | install_web_dependence "${pretend_list[-1]}" 3512 | in_install_update_xray_tls_web=1 3513 | check_ssh_timeout 3514 | in_install_update_xray_tls_web=0 3515 | full_install_php 3516 | else 3517 | [ "${pretend_list[-1]}" == "1" ] && check_SELinux 3518 | install_web_dependence "${pretend_list[-1]}" 3519 | fi 3520 | green "重置域名中。。。" 3521 | local temp_domain="${domain_list[-1]}" 3522 | local temp_true_domain="${true_domain_list[-1]}" 3523 | local temp_domain_config="${domain_config_list[-1]}" 3524 | local temp_pretend="${pretend_list[-1]}" 3525 | systemctl stop xray 3526 | systemctl stop nginx 3527 | systemctl stop php-fpm 3528 | systemctl disable php-fpm 3529 | systemctl stop cloudreve 3530 | systemctl disable cloudreve 3531 | local i 3532 | for i in "${true_domain_list[@]}" 3533 | do 3534 | rm -rf "${nginx_prefix}/html/${i}" 3535 | done 3536 | rm -rf "${nginx_prefix}/certs" 3537 | mkdir "${nginx_prefix}/certs" 3538 | $HOME/.acme.sh/acme.sh --uninstall 3539 | rm -rf $HOME/.acme.sh 3540 | curl https://get.acme.sh | sh 3541 | $HOME/.acme.sh/acme.sh --register-account -ak ec-256 --server zerossl -m "my@example.com" 3542 | $HOME/.acme.sh/acme.sh --upgrade --auto-upgrade 3543 | unset domain_list 3544 | unset true_domain_list 3545 | unset domain_config_list 3546 | unset pretend_list 3547 | domain_list+=("$temp_domain") 3548 | domain_config_list+=("$temp_domain_config") 3549 | true_domain_list+=("$temp_true_domain") 3550 | pretend_list+=("$temp_pretend") 3551 | get_all_certs 3552 | config_nginx 3553 | config_xray 3554 | sleep 2s 3555 | systemctl restart xray nginx 3556 | init_web 0 3557 | green "域名重置完成!!" 3558 | print_config_info 3559 | } 3560 | add_domain() 3561 | { 3562 | [ "$redhat_package_manager" == "yum" ] && check_important_dependence_installed "" "yum-utils" 3563 | check_important_dependence_installed iproute2 iproute 3564 | check_port 3565 | check_important_dependence_installed tzdata tzdata 3566 | get_system_info 3567 | check_important_dependence_installed ca-certificates ca-certificates 3568 | check_important_dependence_installed wget wget 3569 | ask_update_script 3570 | get_config_info 3571 | local need_cloudreve=0 3572 | check_need_cloudreve && need_cloudreve=1 3573 | readDomain 3574 | local i 3575 | for ((i=${#domain_list[@]}-1; i!=0;)) 3576 | do 3577 | ((i--)) 3578 | if [ "${domain_list[-1]}" == "${domain_list[$i]}" ] || [ "${domain_list[-1]}" == "${true_domain_list[$i]}" ] || [ "${true_domain_list[-1]}" == "${domain_list[$i]}" ] || [ "${true_domain_list[-1]}" == "${true_domain_list[$i]}" ]; then 3579 | red "域名已存在!" 3580 | return 1 3581 | fi 3582 | done 3583 | if [ "${pretend_list[-1]}" == "1" ] && [ $need_cloudreve -eq 1 ]; then 3584 | yellow "Cloudreve只能用于一个域名!!" 3585 | tyblue "Nextcloud可以用于多个域名" 3586 | return 1 3587 | fi 3588 | if [ "${pretend_list[-1]}" == "2" ] && [ $php_is_installed -eq 0 ]; then 3589 | check_SELinux 3590 | check_important_dependence_installed "procps" "procps-ng" 3591 | install_epel 3592 | install_web_dependence "${pretend_list[-1]}" 3593 | in_install_update_xray_tls_web=1 3594 | check_ssh_timeout 3595 | in_install_update_xray_tls_web=0 3596 | full_install_php 3597 | else 3598 | [ "${pretend_list[-1]}" == "1" ] && check_SELinux 3599 | install_web_dependence "${pretend_list[-1]}" 3600 | fi 3601 | if ! get_cert "-1"; then 3602 | sleep 2s 3603 | systemctl restart xray nginx 3604 | red "申请证书失败!!" 3605 | red "域名添加失败" 3606 | return 1 3607 | fi 3608 | config_nginx 3609 | config_xray 3610 | sleep 2s 3611 | systemctl stop php-fpm cloudreve 3612 | systemctl restart xray nginx 3613 | init_web "-1" 3614 | green "域名添加完成!!" 3615 | print_config_info 3616 | } 3617 | delete_domain() 3618 | { 3619 | get_config_info 3620 | if [ ${#domain_list[@]} -le 1 ]; then 3621 | red "只有一个域名" 3622 | return 1 3623 | fi 3624 | local i 3625 | tyblue "-----------------------请选择要删除的域名-----------------------" 3626 | for i in "${!domain_list[@]}" 3627 | do 3628 | if [ ${domain_config_list[$i]} -eq 1 ]; then 3629 | tyblue " $((i+1)). ${domain_list[$i]} ${true_domain_list[$i]}" 3630 | else 3631 | tyblue " $((i+1)). ${domain_list[$i]}" 3632 | fi 3633 | done 3634 | yellow " 0. 不删除" 3635 | local delete="" 3636 | while ! [[ "$delete" =~ ^([1-9][0-9]*|0)$ ]] || [ $delete -gt ${#domain_list[@]} ] 3637 | do 3638 | read -p "你的选择是:" delete 3639 | done 3640 | [ $delete -eq 0 ] && return 0 3641 | ((delete--)) 3642 | if [ "${pretend_list[$delete]}" == "2" ]; then 3643 | red "警告:此操作可能导致该域名下的Nextcloud网盘数据被删除" 3644 | ! ask_if "是否要继续?(y/n)" && return 0 3645 | fi 3646 | $HOME/.acme.sh/acme.sh --remove --domain ${true_domain_list[$delete]} --ecc 3647 | rm -rf $HOME/.acme.sh/${true_domain_list[$delete]}_ecc 3648 | rm -rf "${nginx_prefix}/certs/${true_domain_list[$delete]}.key" "${nginx_prefix}/certs/${true_domain_list[$delete]}.cer" 3649 | rm -rf ${nginx_prefix}/html/${true_domain_list[$delete]} 3650 | unset 'domain_list[$delete]' 3651 | unset 'true_domain_list[$delete]' 3652 | unset 'domain_config_list[$delete]' 3653 | unset 'pretend_list[$delete]' 3654 | domain_list=("${domain_list[@]}") 3655 | true_domain_list=("${true_domain_list[@]}") 3656 | domain_config_list=("${domain_config_list[@]}") 3657 | pretend_list=("${pretend_list[@]}") 3658 | config_nginx 3659 | config_xray 3660 | systemctl restart xray nginx 3661 | turn_on_off_php 3662 | turn_on_off_cloudreve 3663 | green "域名删除完成!!" 3664 | print_config_info 3665 | } 3666 | change_pretend() 3667 | { 3668 | [ "$redhat_package_manager" == "yum" ] && check_important_dependence_installed "" "yum-utils" 3669 | check_important_dependence_installed tzdata tzdata 3670 | get_system_info 3671 | check_important_dependence_installed ca-certificates ca-certificates 3672 | check_important_dependence_installed wget wget 3673 | ask_update_script 3674 | get_config_info 3675 | local change="" 3676 | if [ ${#domain_list[@]} -eq 1 ]; then 3677 | change=0 3678 | else 3679 | local i 3680 | tyblue "-----------------------请选择要修改伪装类型的域名-----------------------" 3681 | for i in "${!domain_list[@]}" 3682 | do 3683 | if [ ${domain_config_list[$i]} -eq 1 ]; then 3684 | tyblue " $((i+1)). ${domain_list[$i]} ${true_domain_list[$i]}" 3685 | else 3686 | tyblue " $((i+1)). ${domain_list[$i]}" 3687 | fi 3688 | done 3689 | yellow " 0. 不修改" 3690 | while ! [[ "$change" =~ ^([1-9][0-9]*|0)$ ]] || [ $change -gt ${#domain_list[@]} ] 3691 | do 3692 | read -p "你的选择是:" change 3693 | done 3694 | [ $change -eq 0 ] && return 0 3695 | ((change--)) 3696 | fi 3697 | local pretend 3698 | readPretend "${true_domain_list[$change]}" 3699 | if [ "${pretend_list[$change]}" == "$pretend" ]; then 3700 | yellow "伪装类型没有变化" 3701 | return 1 3702 | fi 3703 | if [ "${pretend_list[$change]}" == "2" ]; then 3704 | red "警告:此操作可能导致该域名下的Nextcloud网盘数据被删除" 3705 | ! ask_if "是否要继续?(y/n)" && return 0 3706 | fi 3707 | local need_cloudreve=0 3708 | check_need_cloudreve && need_cloudreve=1 3709 | pretend_list[$change]="$pretend" 3710 | if [ "$pretend" == "1" ] && [ $need_cloudreve -eq 1 ]; then 3711 | yellow "Cloudreve只能用于一个域名!!" 3712 | tyblue "Nextcloud可以用于多个域名" 3713 | return 1 3714 | fi 3715 | if [ "$pretend" == "2" ] && [ $php_is_installed -eq 0 ]; then 3716 | check_SELinux 3717 | check_important_dependence_installed "procps" "procps-ng" 3718 | install_epel 3719 | install_web_dependence "$pretend" 3720 | in_install_update_xray_tls_web=1 3721 | check_ssh_timeout 3722 | in_install_update_xray_tls_web=0 3723 | full_install_php 3724 | else 3725 | [ "$pretend" == "1" ] && check_SELinux 3726 | install_web_dependence "$pretend" 3727 | fi 3728 | config_nginx 3729 | systemctl stop php-fpm cloudreve 3730 | systemctl restart nginx 3731 | init_web "$change" 3732 | green "修改完成!" 3733 | } 3734 | reinstall_cloudreve() 3735 | { 3736 | get_config_info 3737 | ! check_need_cloudreve && red "Cloudreve目前没有绑定域名" && return 1 3738 | red "重新安装Cloudreve将删除所有的网盘文件以及帐户信息,并重置管理员密码" 3739 | ! ask_if "确定要继续吗?(y/n)" && return 0 3740 | [ "$redhat_package_manager" == "yum" ] && check_important_dependence_installed "" "yum-utils" 3741 | check_SELinux 3742 | check_important_dependence_installed ca-certificates ca-certificates 3743 | check_important_dependence_installed wget wget 3744 | ask_update_script 3745 | install_web_dependence "1" 3746 | enter_temp_dir 3747 | local i 3748 | for i in "${!pretend_list[@]}" 3749 | do 3750 | if [ "${pretend_list[$i]}" == "1" ]; then 3751 | install_init_cloudreve "$i" 3752 | break 3753 | fi 3754 | done 3755 | cd / 3756 | rm -rf "$temp_dir" 3757 | green "重装完成!" 3758 | } 3759 | change_xray_protocol() 3760 | { 3761 | get_config_info 3762 | local protocol_1_old=$protocol_1 3763 | local protocol_2_old=$protocol_2 3764 | local protocol_3_old=$protocol_3 3765 | readProtocolConfig 3766 | if [ $protocol_1_old -eq $protocol_1 ] && [ $protocol_2_old -eq $protocol_2 ] && [ $protocol_3_old -eq $protocol_3 ]; then 3767 | red "传输协议未更换" 3768 | return 1 3769 | fi 3770 | [ $protocol_1_old -eq 0 ] && [ $protocol_1 -ne 0 ] && xid_1=$(cat /proc/sys/kernel/random/uuid) 3771 | if [ $protocol_2_old -eq 0 ] && [ $protocol_2 -ne 0 ]; then 3772 | serviceName="$(head -c 20 /dev/urandom | md5sum | head -c 10)" 3773 | xid_2=$(cat /proc/sys/kernel/random/uuid) 3774 | fi 3775 | if [ $protocol_3_old -eq 0 ] && [ $protocol_3 -ne 0 ]; then 3776 | path="/$(head -c 20 /dev/urandom | md5sum | head -c 10)" 3777 | xid_3=$(cat /proc/sys/kernel/random/uuid) 3778 | fi 3779 | config_xray 3780 | config_nginx 3781 | systemctl -q is-active xray && systemctl restart xray 3782 | systemctl -q is-active nginx && systemctl restart nginx 3783 | green "更换成功!!" 3784 | print_config_info 3785 | } 3786 | change_xray_id() 3787 | { 3788 | get_config_info 3789 | local flag="" 3790 | tyblue "-------------请输入你要修改的id-------------" 3791 | tyblue " 1. TCP的id" 3792 | tyblue " 2. gRPC的id" 3793 | tyblue " 3. WebSocket的id" 3794 | echo 3795 | while [[ ! "$flag" =~ ^([1-9][0-9]*)$ ]] || ((flag>3)) 3796 | do 3797 | read -p "您的选择是:" flag 3798 | done 3799 | local temp_protocol="protocol_$flag" 3800 | if [ ${!temp_protocol} -eq 0 ]; then 3801 | red "没有使用该协议!" 3802 | return 1 3803 | fi 3804 | local xid="xid_$flag" 3805 | tyblue "您现在的id是:${!xid}" 3806 | ! ask_if "是否要继续?(y/n)" && return 0 3807 | while true 3808 | do 3809 | xid="" 3810 | while [ -z "$xid" ] 3811 | do 3812 | tyblue "-------------请输入新的id-------------" 3813 | read xid 3814 | done 3815 | tyblue "您输入的id是:$xid" 3816 | ask_if "是否确定?(y/n)" && break 3817 | done 3818 | if [ $flag -eq 1 ]; then 3819 | xid_1="$xid" 3820 | elif [ $flag -eq 2 ]; then 3821 | xid_2="$xid" 3822 | else 3823 | xid_3="$xid" 3824 | fi 3825 | config_xray 3826 | systemctl -q is-active xray && systemctl restart xray 3827 | green "更换成功!!" 3828 | print_config_info 3829 | } 3830 | change_xray_serviceName() 3831 | { 3832 | get_config_info 3833 | if [ $protocol_2 -eq 0 ]; then 3834 | red "没有使用gRPC协议!" 3835 | return 1 3836 | fi 3837 | tyblue "您现在的serviceName是:$serviceName" 3838 | ! ask_if "是否要继续?(y/n)" && return 0 3839 | while true 3840 | do 3841 | serviceName="" 3842 | while [ -z "$serviceName" ] 3843 | do 3844 | tyblue "---------------请输入新的serviceName(字母数字组合)---------------" 3845 | read serviceName 3846 | done 3847 | tyblue "您输入的serviceName是:$serviceName" 3848 | ask_if "是否确定?(y/n)" && break 3849 | done 3850 | config_xray 3851 | config_nginx 3852 | systemctl -q is-active xray && systemctl restart xray 3853 | systemctl -q is-active nginx && systemctl restart nginx 3854 | green "更换成功!!" 3855 | print_config_info 3856 | } 3857 | change_xray_path() 3858 | { 3859 | get_config_info 3860 | if [ $protocol_3 -eq 0 ]; then 3861 | red "没有使用WebSocket协议!" 3862 | return 1 3863 | fi 3864 | tyblue "您现在的path是:$path" 3865 | ! ask_if "是否要继续?(y/n)" && return 0 3866 | while true 3867 | do 3868 | path="" 3869 | while [ -z "$path" ] 3870 | do 3871 | tyblue "---------------请输入新的path(/+字母数字组合)---------------" 3872 | read path 3873 | done 3874 | tyblue "您输入的path是:$path" 3875 | ask_if "是否确定?(y/n)" && break 3876 | done 3877 | config_xray 3878 | systemctl -q is-active xray && systemctl restart xray 3879 | green "更换成功!!" 3880 | print_config_info 3881 | } 3882 | simplify_system() 3883 | { 3884 | if systemctl -q is-active xray || systemctl -q is-active nginx || systemctl -q is-active php-fpm; then 3885 | yellow "请先停止Xray-TLS+Web" 3886 | return 1 3887 | fi 3888 | [ "$redhat_package_manager" == "yum" ] && check_important_dependence_installed "" "yum-utils" 3889 | check_important_dependence_installed tzdata tzdata 3890 | get_system_info 3891 | check_important_dependence_installed "procps" "procps-ng" 3892 | yellow "警告:" 3893 | tyblue " 1. 此功能可能导致某些VPS无法开机,请谨慎使用" 3894 | tyblue " 2. 如果VPS上部署了 Xray-TLS+Web 以外的东西,可能被误删" 3895 | ! ask_if "是否要继续?(y/n)" && return 0 3896 | echo 3897 | yellow "提示:在精简系统前请先设置apt/yum/dnf的软件源为http/ftp而非https/ftps" 3898 | purple "通常来说系统默认即是http/ftp" 3899 | ! ask_if "是否要继续?(y/n)" && return 0 3900 | echo 3901 | local save_ssh=0 3902 | yellow "提示:精简系统可能导致ssh配置文件(/etc/ssh/sshd_config)恢复默认" 3903 | tyblue "这可能导致ssh端口恢复默认(22),且有些系统默认仅允许密钥登录(不允许密码登录)" 3904 | tyblue "你可以自己备份ssh文件或使用脚本自动备份" 3905 | ask_if "是否备份ssh配置文件?(y/n)" && save_ssh=1 3906 | if [ $save_ssh -eq 1 ]; then 3907 | enter_temp_dir 3908 | cp /etc/ssh/sshd_config sshd_config 3909 | fi 3910 | uninstall_firewall 3911 | if [ $release == "centos" ] || [ $release == centos-stream ] || [ $release == oracle ] || [ $release == "rhel" ] || [ $release == "fedora" ] || [ $release == "other-redhat" ]; then 3912 | local temp_backup=() 3913 | local temp_important=('openssh-server' 'initscripts' 'tar') 3914 | for i in "${temp_important[@]}" 3915 | do 3916 | rpm -q "$i" > /dev/null 2>&1 && temp_backup+=("$i") 3917 | done 3918 | local temp_remove_list=('openssl' 'perl*' 'xz' 'libselinux-utils' 'zip' 'unzip' 'bzip2' 'wget' 'procps-ng' 'procps' 'iproute' 'dbus-glib' 'udisk*' 'libudisk*' 'gdisk*' 'libblock*' '*-devel' 'nginx*') 3919 | #libxmlb 3920 | if ! $redhat_package_manager -y remove "${temp_remove_list[@]}"; then 3921 | for i in "${temp_remove_list[@]}" 3922 | do 3923 | $redhat_package_manager -y remove "$i" 3924 | done 3925 | fi 3926 | for i in "${temp_backup[@]}" 3927 | do 3928 | check_important_dependence_installed "" "$i" 3929 | done 3930 | else 3931 | local temp_backup=() 3932 | local temp_important=('apt-utils' 'whiptail' 'initramfs-tools' 'isc-dhcp-client' 'netplan.io' 'openssh-server' 'network-manager') 3933 | for i in "${temp_important[@]}" 3934 | do 3935 | LANG="en_US.UTF-8" LANGUAGE="en_US:en" dpkg -s "$i" 2>/dev/null | grep -qi 'status[ '$'\t]*:[ '$'\t]*install[ '$'\t]*ok[ '$'\t]*installed[ '$'\t]*$' && temp_backup+=("$i") 3936 | done 3937 | temp_backup+=($(dpkg --list 'grub*' | grep '^[ '$'\t]*ii[ '$'\t]' | awk '{print $2}')) 3938 | local temp_remove_list=('cron' 'anacron' '^cups' '^foomatic' 'openssl' 'snapd' 'kdump-tools' 'flex' 'make' 'automake' '^cloud-init' 'pkg-config' '^gcc-[1-9][0-9]*$' '^cpp-[1-9][0-9]*$' 'curl' '^python' '^libpython' 'dbus' 'at' 'open-iscsi' 'rsyslog' 'acpid' 'libnetplan0' 'glib-networking-common' 'bcache-tools' '^bind([0-9]|-|$)' 'lshw' '^thermald' '^libdbus' '^libevdev' '^libupower' 'readline-common' '^libreadline' 'xz-utils' 'selinux-utils' 'wget' 'zip' 'unzip' 'bzip2' 'finalrd' '^cryptsetup' '^libplymouth' '^lib.*-dev$' 'perl' '^perl-modules' '^x11' '^libx11' '^qemu' '^xdg-' '^libglib' '^libicu' '^libxml' '^liburing' '^libisc' '^libdns' '^isc-' 'net-tools' 'xxd' 'xkb-data' 'lsof' '^task' '^usb' '^libusb' '^doc' '^libwrap' '^libtext' '^libmagic' '^libpci' '^liblocale' '^keyboard' '^libuni[^s]' '^libpipe' 'man-db' '^manpages' '^liblock' '^liblog' '^libxapian' '^libpsl' '^libpap' '^libgs[0-9]' '^libpaper' '^postfix' '^nginx' '^libnginx') 3939 | #'^libp11' '^libtasn' '^libkey' '^libnet' 3940 | if ! $debian_package_manager -y --auto-remove purge "${temp_remove_list[@]}"; then 3941 | $debian_package_manager -y -f install 3942 | $debian_package_manager -y --auto-remove purge cron anacron || $debian_package_manager -y -f install 3943 | $debian_package_manager -y --auto-remove purge '^cups' '^foomatic' || $debian_package_manager -y -f install 3944 | for i in "${temp_remove_list[@]}" 3945 | do 3946 | $debian_package_manager -y --auto-remove purge "$i" || $debian_package_manager -y -f install 3947 | done 3948 | fi 3949 | $debian_package_manager -y --auto-remove purge '^libpop' || $debian_package_manager -y -f install 3950 | $debian_package_manager -y --auto-remove purge '^libslang' || $debian_package_manager -y -f install 3951 | $debian_package_manager -y --auto-remove purge apt-utils || $debian_package_manager -y -f install 3952 | for i in "${temp_backup[@]}" 3953 | do 3954 | check_important_dependence_installed "$i" "" 3955 | done 3956 | fi 3957 | ([ $nginx_is_installed -eq 1 ] || [ $php_is_installed -eq 1 ] || [ $is_installed -eq 1 ]) && install_epel 3958 | [ $nginx_is_installed -eq 1 ] && install_nginx_dependence 3959 | [ $php_is_installed -eq 1 ] && install_php_dependence 3960 | [ $is_installed -eq 1 ] && install_acme_dependence 3961 | if [ $save_ssh -eq 1 ]; then 3962 | cp sshd_config /etc/ssh/sshd_config 3963 | cd / 3964 | rm -rf "$temp_dir" 3965 | systemctl restart sshd 3966 | fi 3967 | green "精简完成" 3968 | } 3969 | repair_tuige() 3970 | { 3971 | yellow "尝试修复退格键异常问题,退格键正常请不要修复" 3972 | ! ask_if "是否要继续?(y/n)" && return 0 3973 | if stty -a | grep -q 'erase = ^?'; then 3974 | stty erase '^H' 3975 | elif stty -a | grep -q 'erase = ^H'; then 3976 | stty erase '^?' 3977 | fi 3978 | green "修复完成!!" 3979 | } 3980 | change_dns() 3981 | { 3982 | red "注意!!" 3983 | red "1.部分云服务商(如阿里云)使用本地服务器作为软件包源,修改dns后需要换源!!" 3984 | red " 如果不明白,那么请在安装完成后再修改dns,并且修改完后不要重新安装" 3985 | red "2.Ubuntu系统重启后可能会恢复原dns" 3986 | tyblue "此操作将修改dns服务器为1.1.1.1和1.0.0.1(cloudflare公共dns)" 3987 | ! ask_if "是否要继续?(y/n)" && return 0 3988 | if ! grep -q "#This file has been edited by Xray-TLS-Web-setup-script" /etc/resolv.conf; then 3989 | sed -i 's/^[ \t]*nameserver[ \t][ \t]*/#&/' /etc/resolv.conf 3990 | { 3991 | echo 3992 | echo 'nameserver 1.1.1.1' 3993 | echo 'nameserver 1.0.0.1' 3994 | echo '#This file has been edited by Xray-TLS-Web-setup-script' 3995 | } >> /etc/resolv.conf 3996 | fi 3997 | green "修改完成!!" 3998 | } 3999 | #开始菜单 4000 | start_menu() 4001 | { 4002 | local xray_status 4003 | [ $xray_is_installed -eq 1 ] && xray_status="\\033[32m已安装" || xray_status="\\033[31m未安装" 4004 | systemctl -q is-active xray && xray_status+=" \\033[32m运行中" || xray_status+=" \\033[31m未运行" 4005 | local nginx_status 4006 | [ $nginx_is_installed -eq 1 ] && nginx_status="\\033[32m已安装" || nginx_status="\\033[31m未安装" 4007 | systemctl -q is-active nginx && nginx_status+=" \\033[32m运行中" || nginx_status+=" \\033[31m未运行" 4008 | local php_status 4009 | [ $php_is_installed -eq 1 ] && php_status="\\033[32m已安装" || php_status="\\033[31m未安装" 4010 | systemctl -q is-active php-fpm && php_status+=" \\033[32m运行中" || php_status+=" \\033[31m未运行" 4011 | local cloudreve_status 4012 | [ $cloudreve_is_installed -eq 1 ] && cloudreve_status="\\033[32m已安装" || cloudreve_status="\\033[31m未安装" 4013 | systemctl -q is-active cloudreve && cloudreve_status+=" \\033[32m运行中" || cloudreve_status+=" \\033[31m未运行" 4014 | tyblue "------------------------ Xray-TLS+Web 搭建/管理脚本 ------------------------" 4015 | echo 4016 | tyblue " Xray : ${xray_status}" 4017 | echo 4018 | tyblue " Nginx : ${nginx_status}" 4019 | echo 4020 | tyblue " php : ${php_status}" 4021 | echo 4022 | tyblue " Cloudreve : ${cloudreve_status}" 4023 | echo 4024 | tyblue " 官网:https://github.com/kirin10000/Xray-script" 4025 | echo 4026 | tyblue "----------------------------------注意事项----------------------------------" 4027 | yellow " 1. 此脚本需要一个解析到本服务器的域名" 4028 | tyblue " 2. 此脚本安装时间较长,建议在安装前阅读:" 4029 | tyblue " https://github.com/kirin10000/Xray-script#安装时长说明" 4030 | green " 3. 建议在纯净的系统上使用此脚本 (VPS控制台-重置系统)" 4031 | tyblue "----------------------------------------------------------------------------" 4032 | echo 4033 | echo 4034 | tyblue " -----------安装/更新/卸载-----------" 4035 | if [ $is_installed -eq 0 ]; then 4036 | green " 1. 安装Xray-TLS+Web" 4037 | else 4038 | green " 1. 重新安装Xray-TLS+Web" 4039 | fi 4040 | purple " 流程:[更新系统组件]->[安装bbr]->[安装php]->安装Nginx->安装Xray->申请证书->配置文件->[安装/配置Cloudreve]" 4041 | green " 2. 更新Xray-TLS+Web" 4042 | purple " 流程:更新脚本->[更新系统组件]->[更新bbr]->[更新php]->[更新Nginx]->更新Xray->更新证书->更新配置文件->[更新Cloudreve]" 4043 | tyblue " 3. 检查更新/更新脚本" 4044 | tyblue " 4. 更新系统组件" 4045 | tyblue " 5. 安装/检查更新/更新bbr" 4046 | purple " 包含:bbr2/bbrplus/bbr魔改版/暴力bbr魔改版/锐速" 4047 | tyblue " 6. 安装/检查更新/更新php" 4048 | tyblue " 7. 检查更新/更新Nginx" 4049 | tyblue " 8. 更新Cloudreve" 4050 | tyblue " 9. 更新Xray" 4051 | red " 10. 卸载Xray-TLS+Web" 4052 | red " 11. 卸载php" 4053 | red " 12. 卸载Cloudreve" 4054 | echo 4055 | tyblue " --------------启动/停止-------------" 4056 | tyblue " 13. 启动/重启Xray-TLS+Web" 4057 | tyblue " 14. 停止Xray-TLS+Web" 4058 | echo 4059 | tyblue " ----------------管理----------------" 4060 | tyblue " 15. 查看配置信息" 4061 | tyblue " 16. 重置域名" 4062 | purple " 将删除所有域名配置,安装过程中域名输错了造成Xray无法启动可以用此选项修复" 4063 | tyblue " 17. 添加域名" 4064 | tyblue " 18. 删除域名" 4065 | tyblue " 19. 修改伪装网站类型" 4066 | tyblue " 20. 重新安装Cloudreve" 4067 | purple " 将删除所有Cloudreve网盘的文件和帐户信息,管理员密码忘记可用此选项恢复" 4068 | tyblue " 21. 修改传输协议" 4069 | tyblue " 22. 修改id(用户ID/UUID)" 4070 | tyblue " 23. 修改gRPC的serviceName" 4071 | tyblue " 24. 修改WebSocket的path(路径)" 4072 | echo 4073 | tyblue " ----------------其它----------------" 4074 | tyblue " 25. 精简系统" 4075 | purple " 删除不必要的系统组件,即使已经安装 Xray-TLS+Web 仍然可以使用此功能" 4076 | tyblue " 26. 尝试修复退格键无法使用的问题" 4077 | purple " 部分ssh工具(如Xshell)可能有这类问题" 4078 | tyblue " 27. 修改dns" 4079 | yellow " 0. 退出脚本" 4080 | echo 4081 | echo 4082 | local choice="" 4083 | while [[ ! "$choice" =~ ^(0|[1-9][0-9]*)$ ]] || ((choice>27)) 4084 | do 4085 | read -p "您的选择是:" choice 4086 | done 4087 | if (( choice==2 || (7<=choice&&choice<=9) || choice==13 || (15<=choice&&choice<=24) )) && [ $is_installed -eq 0 ]; then 4088 | red "请先安装Xray-TLS+Web!!" 4089 | return 1 4090 | fi 4091 | if (( 17<=choice&&choice<=20 )) && ! (systemctl -q is-active nginx && systemctl -q is-active xray); then 4092 | red "请先启动Xray-TLS+Web!!" 4093 | return 1 4094 | fi 4095 | if [ $choice -eq 1 ]; then 4096 | install_update_xray_tls_web 4097 | elif [ $choice -eq 2 ]; then 4098 | [ "$redhat_package_manager" == "yum" ] && check_important_dependence_installed "" "yum-utils" 4099 | check_important_dependence_installed ca-certificates ca-certificates 4100 | check_important_dependence_installed wget wget 4101 | ask_update_script_force 4102 | bash "${BASH_SOURCE[0]}" --update 4103 | elif [ $choice -eq 3 ]; then 4104 | [ "$redhat_package_manager" == "yum" ] && check_important_dependence_installed "" "yum-utils" 4105 | check_important_dependence_installed ca-certificates ca-certificates 4106 | check_important_dependence_installed wget wget 4107 | ask_update_script 4108 | elif [ $choice -eq 4 ]; then 4109 | [ "$redhat_package_manager" == "yum" ] && check_important_dependence_installed "" "yum-utils" 4110 | check_important_dependence_installed tzdata tzdata 4111 | get_system_info 4112 | check_ssh_timeout 4113 | check_important_dependence_installed "procps" "procps-ng" 4114 | doupdate 4115 | green "更新完成!" 4116 | elif [ $choice -eq 5 ]; then 4117 | [ "$redhat_package_manager" == "yum" ] && check_important_dependence_installed "" "yum-utils" 4118 | check_important_dependence_installed ca-certificates ca-certificates 4119 | check_important_dependence_installed wget wget 4120 | check_important_dependence_installed "procps" "procps-ng" 4121 | enter_temp_dir 4122 | install_bbr 4123 | $debian_package_manager -y -f install 4124 | rm -rf "$temp_dir" 4125 | elif [ $choice -eq 6 ]; then 4126 | install_check_update_update_php 4127 | elif [ $choice -eq 7 ]; then 4128 | check_update_update_nginx 4129 | elif [ $choice -eq 8 ]; then 4130 | if [ $cloudreve_is_installed -eq 0 ]; then 4131 | red "请先安装Cloudreve!" 4132 | tyblue "在 修改伪装网站类型/重置域名/添加域名 里选择Cloudreve" 4133 | return 1 4134 | fi 4135 | [ "$redhat_package_manager" == "yum" ] && check_important_dependence_installed "" "yum-utils" 4136 | check_SELinux 4137 | install_web_dependence "1" 4138 | ask_update_script_force 4139 | enter_temp_dir 4140 | update_cloudreve 4141 | cd / 4142 | rm -rf "$temp_dir" 4143 | green "Cloudreve更新完成!" 4144 | elif [ $choice -eq 9 ]; then 4145 | [ "$redhat_package_manager" == "yum" ] && check_important_dependence_installed "" "yum-utils" 4146 | check_SELinux 4147 | check_important_dependence_installed ca-certificates ca-certificates 4148 | check_important_dependence_installed curl curl 4149 | install_update_xray 4150 | green "Xray更新完成!" 4151 | elif [ $choice -eq 10 ]; then 4152 | ! ask_if "确定要删除吗?(y/n)" && return 0 4153 | [ "$redhat_package_manager" == "yum" ] && check_important_dependence_installed "" "yum-utils" 4154 | check_important_dependence_installed ca-certificates ca-certificates 4155 | check_important_dependence_installed curl curl 4156 | remove_xray 4157 | remove_nginx 4158 | remove_php 4159 | remove_cloudreve 4160 | $HOME/.acme.sh/acme.sh --uninstall 4161 | rm -rf $HOME/.acme.sh 4162 | green "删除完成!" 4163 | elif [ $choice -eq 11 ]; then 4164 | get_config_info 4165 | [ $is_installed -eq 1 ] && check_need_php && red "有域名正在使用php" && return 1 4166 | ! ask_if "确定要删除php吗?(y/n)" && return 0 4167 | remove_php && green "删除完成!" 4168 | elif [ $choice -eq 12 ]; then 4169 | get_config_info 4170 | [ $is_installed -eq 1 ] && check_need_cloudreve && red "有域名正在使用Cloudreve" && return 1 4171 | ! ask_if "确定要删除cloudreve吗?(y/n)" && return 0 4172 | remove_cloudreve && green "删除完成!" 4173 | elif [ $choice -eq 13 ]; then 4174 | restart_xray_tls_web 4175 | elif [ $choice -eq 14 ]; then 4176 | systemctl stop xray nginx 4177 | [ $php_is_installed -eq 1 ] && systemctl stop php-fpm 4178 | [ $cloudreve_is_installed -eq 1 ] && systemctl stop cloudreve 4179 | green "已停止!" 4180 | elif [ $choice -eq 15 ]; then 4181 | get_config_info 4182 | print_config_info 4183 | elif [ $choice -eq 16 ]; then 4184 | reinit_domain 4185 | elif [ $choice -eq 17 ]; then 4186 | add_domain 4187 | elif [ $choice -eq 18 ]; then 4188 | delete_domain 4189 | elif [ $choice -eq 19 ]; then 4190 | change_pretend 4191 | elif [ $choice -eq 20 ]; then 4192 | reinstall_cloudreve 4193 | elif [ $choice -eq 21 ]; then 4194 | change_xray_protocol 4195 | elif [ $choice -eq 22 ]; then 4196 | change_xray_id 4197 | elif [ $choice -eq 23 ]; then 4198 | change_xray_serviceName 4199 | elif [ $choice -eq 24 ]; then 4200 | change_xray_path 4201 | elif [ $choice -eq 25 ]; then 4202 | simplify_system 4203 | elif [ $choice -eq 26 ]; then 4204 | repair_tuige 4205 | elif [ $choice -eq 27 ]; then 4206 | change_dns 4207 | fi 4208 | } 4209 | 4210 | if [ "$1" == "--update" ]; then 4211 | update=1 4212 | install_update_xray_tls_web 4213 | else 4214 | update=0 4215 | start_menu 4216 | fi 4217 | -------------------------------------------------------------------------------- /image/menu.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/eysp/Xray-script/acdbe435474734795535977ea07dcc9b46d1c36e/image/menu.jpg -------------------------------------------------------------------------------- /image/protocol.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/eysp/Xray-script/acdbe435474734795535977ea07dcc9b46d1c36e/image/protocol.jpg -------------------------------------------------------------------------------- /redis-server.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | 4 | 5 | wget https://download.redis.io/releases/redis-6.2.5.tar.gz 6 | 7 | tar xzf redis-6.2.5.tar.gz 8 | cd redis-6.2.5 9 | make PREFIX=/usr/local/redis install 10 | mkdir /usr/local/redis/etc/ 11 | cp redis.conf /usr/local/redis/etc/ 12 | cd /usr/local/redis/bin/ 13 | cp redis-benchmark redis-cli redis-server /usr/bin/ 14 | 15 | sed -i "s/daemonize no/daemonize yes/g" /usr/local/redis/etc/redis.conf 16 | 17 | echo -e "export PATH="$PATH:/usr/local/redis/bin" /etc/profile 18 | source /etc/profile 19 | 20 | 21 | cat >> /etc/init.d/redis <&2 71 | exit 1 72 | esac 73 | EOF 74 | 75 | chmod +x /etc/init.d/redis 76 | update-rc.d redis defaults | chkconfig --add redis 77 | --------------------------------------------------------------------------------