├── .vscode └── settings.json ├── README.md ├── install-frpc.sh ├── README_EN.md └── .idx └── dev.nix /.vscode/settings.json: -------------------------------------------------------------------------------- 1 | { 2 | "IDX.aI.enableInlineCompletion": true, 3 | "IDX.aI.enableCodebaseIndexing": true 4 | } -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # IDX 多容器代理服务部署项目 2 | Documentation: [English version](https://github.com/fscarmen2/IDX_NixOS/blob/main/README_EN.md) | 中文版 3 | 4 | ## 目录 5 | - [项目概述](#项目概述) 6 | - [项目特点](#项目特点) 7 | - [项目组件详解](#项目组件详解) 8 | - [容器环境](#1-容器环境) 9 | - [网络代理服务](#2-网络代理服务) 10 | - [网络穿透服务](#3-网络穿透服务) 11 | - [监控服务](#4-监控服务) 12 | - [部署步骤](#部署步骤) 13 | - [下载项目](#1-下载项目) 14 | - [修改配置](#2-修改配置) 15 | - [保存文件](#3-保存文件) 16 | - [部署到 IDX](#4-部署到-idx) 17 | - [验证部署](#5-验证部署) 18 | - [注意事项](#注意事项) 19 | - [OpenWrt FRPC 快速部署](#openwrt-frpc-快速部署) 20 | - [OpenWRT 部署步骤](#openwrt-部署步骤) 21 | - [卸载](#卸载) 22 | - [OpenWRT 注意事项](#openwrt-注意事项) 23 | 24 | ## 项目概述 25 | 26 | 本项目是一个基于 IDX 开发环境的多容器代理服务部署解决方案,集成了多种网络工具和服务,包括 Sing-Box、Cloudflare Argo Tunnel、FRP 内网穿透以及多种 Linux 容器环境。项目通过 Nix 配置文件自动化部署和管理,提供了一套完整的网络代理和远程访问解决方案。 27 | 28 | ## 项目特点 29 | 30 | 1. **多容器环境**:同时部署 Debian、Ubuntu、CentOS 和 Alpine 四种 Linux 容器 31 | 2. **网络代理服务**:集成 Sing-Box 提供6种协议支持 32 | 3. **内网穿透**:通过 Cloudflare Argo Tunnel 和 FRP 实现内网服务的外网访问 33 | 4. **服务监控**:集成哪吒监控 (Nezha) 代理,实时监控服务状态 34 | 5. **自动化部署**:利用 IDX 的 Nix 配置实现一键部署和启动 35 | 6. **安全访问**:所有容器均配置 SSH 远程访问,支持密码认证 36 | 37 | ## 项目组件详解 38 | 39 | ### 1. 容器环境 40 | 41 | 项目部署了四种主流 Linux 容器,每个容器都配置了 SSH 服务,可通过密码远程登录: 42 | 43 | - **Debian**:通用 Linux 环境,适合大多数应用部署 44 | - **Ubuntu**:友好的用户界面,丰富的软件包支持 45 | - **CentOS 9**:企业级稳定性,适合长期运行的服务 46 | - **Alpine**:轻量级容器,占用资源少 47 | 48 | ### 2. 网络代理服务 49 | 50 | 使用 Sing-Box 提供高性能的网络代理服务: 51 | 52 | - **协议支持**:VMess + WebSocket + TLS, VLESS + WebSocket + TLS, VLESS + Reality,AnyTLS,Hysteria2,TUIC 53 | - **多客户端支持**:自动生成 Clash、V2rayN、NekoBox、Shadowrocket 和 SingBox 配置 54 | 55 | ### 3. 网络穿透服务 56 | 57 | - **Cloudflare Argo Tunnel**:将内部服务安全暴露到公网,无需公网 IP 58 | - **FRP 内网穿透**:为每个容器的 SSH 服务提供外网访问端口 59 | 60 | ### 4. 监控服务 61 | 62 | - **哪吒监控 (Nezha)**:实时监控服务器状态,包括 CPU、内存、网络等指标 63 | 64 | ## 通过 IDX 的 import 文件部署 65 | 66 | 为了更好地管理配置,您可以将配置拆分为多个文件,然后通过 IDX 的 import 功能导入。这种方法有以下优点: 67 | 68 | 1. **模块化配置**:将大型配置文件拆分为更小、更易管理的部分 69 | 2. **环境隔离**:可以为不同环境(开发、测试、生产)创建不同的配置 70 | 3. **配置重用**:共享配置可以在多个项目中重用 71 | 72 | ### 部署步骤 73 | 74 | 1. **下载项目** 75 | - 下载项目压缩包文件到本地 76 | 77 | 2. **修改配置** 78 | - 打开 `.idx/dev.nix` 文件 79 | - 根据文件中的注释说明修改相应参数 80 | - **重要提示**:除了 `env` 区域外的其他配置,建议初学者保持默认设置,避免出错 81 | 82 | 3. **保存文件** 83 | - 保存修改后的 `.idx/dev.nix` 文件 84 | - 确保压缩包中包含所有必要文件 85 | 86 | 4. **部署到 IDX** 87 | - 访问 https://idx.google.com 88 | - 创建新的 `custom workspace` 89 | - 上传修改后的项目压缩包 90 | - 等待约 2 分钟,系统将自动完成部署 91 | 92 | 5. **验证部署** 93 | - 部署完成后,可以通过配置的域名访问服务 94 | - 使用配置的端口和密码访问各个容器 95 | - 查看哪吒监控面板确认服务状态 96 | 97 | ### 注意事项 98 | - 请确保修改的参数格式正确,保持引号完整 99 | - 敏感信息(如密码、令牌)建议使用强密码 100 | - 部署完成后请及时测试所有服务是否正常运行 101 | 102 | ## OpenWrt FRPC 快速部署 103 | 104 | 本项目提供了一键部署脚本,可以在 OpenWrt 系统上快速部署和管理 FRP 客户端。 105 | 106 | ### OpenWRT 部署步骤 107 | 108 | 1. **下载并执行安装脚本** 109 | ```bash 110 | bash <(curl -sSL https://raw.githubusercontent.com/fscarmen2/IDX_NIXOS/main/install-frpc.sh) 111 | ``` 112 | 113 | 2. **配置 FRPC** 114 | - 脚本会提示您输入 FRPC 配置内容 115 | - 输入完成后按 Ctrl+D 保存 116 | 117 | 3. **服务管理** 118 | - 启动服务:`/etc/init.d/idx-frpc start` 119 | - 停止服务:`/etc/init.d/idx-frpc stop` 120 | - 重启服务:`/etc/init.d/idx-frpc restart` 121 | 122 | ### 卸载 123 | 124 | 如需卸载 FRPC 服务,只需执行以下命令: 125 | ```bash 126 | uninstall-idx-frpc 127 | ``` 128 | 129 | 此命令会: 130 | - 停止 FRPC 服务 131 | - 删除所有配置文件 132 | - 移除服务脚本 133 | - 清理日志文件 134 | 135 | ### OpenWRT 注意事项 136 | 137 | 1. 确保系统已安装 curl 或 wget 138 | 2. 配置文件会保存在 `/etc/frpc/idx-frpc.toml` 139 | 3. 日志文件位置:`/var/log/idx-frpc.log` 140 | 4. 支持配置文件热重载 141 | 5. 进程异常退出会自动重启 -------------------------------------------------------------------------------- /install-frpc.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # 定义 GitHub 代理地址 4 | GH_PROXY='https://ghfast.top/' 5 | 6 | # 定义颜色函数 7 | info() { echo -e "\033[32m\033[01m$*\033[0m"; } 8 | error() { echo -e "\033[31m\033[01m$*\033[0m" && exit 1; } 9 | 10 | # 多语言提示 11 | info "请输入 frpc 配置内容 / Please input frpc configuration content:" 12 | info "完成后请按 Ctrl+D / Press Ctrl+D when finished:\n" 13 | 14 | # 读取用户输入的配置内容到临时文件 15 | cat > /tmp/frpc.toml 16 | 17 | # 检查用户是否输入了内容 18 | if [ ! -s /tmp/frpc.toml ]; then 19 | rm -f /tmp/frpc.toml 20 | error "错误:未输入配置内容 / Error: No configuration content provided" 21 | fi 22 | 23 | # 创建配置目录 24 | [ ! -d "/etc/frpc" ] && mkdir -p /etc/frpc 25 | 26 | # 复制配置文件 27 | mv /tmp/frpc.toml /etc/frpc/idx-frpc.toml 28 | 29 | # 检查下载工具 30 | DOWNLOAD_TOOL="curl" 31 | if ! command -v curl >/dev/null 2>&1; then 32 | if command -v wget >/dev/null 2>&1; then 33 | DOWNLOAD_TOOL="wget" 34 | else 35 | error "未找到 curl 或 wget / curl or wget not found" 36 | fi 37 | fi 38 | 39 | # 检测系统架构 40 | ARCH=$(uname -m) 41 | case "$ARCH" in 42 | x86_64|amd64) 43 | ARCH_TYPE="amd64" 44 | ;; 45 | aarch64|arm64) 46 | ARCH_TYPE="arm64" 47 | ;; 48 | armv7l|armv7) 49 | ARCH_TYPE="arm" 50 | ;; 51 | mips) 52 | ARCH_TYPE="mips" 53 | ;; 54 | mips64) 55 | ARCH_TYPE="mips64" 56 | ;; 57 | *) 58 | error "不支持的架构: $ARCH / Unsupported architecture: $ARCH" 59 | ;; 60 | esac 61 | 62 | # 下载最新版本 frpc 63 | info "下载 frpc / Downloading frpc..." 64 | if [ "$DOWNLOAD_TOOL" = "curl" ]; then 65 | LATEST_VERSION=$(curl -s https://api.github.com/repos/fatedier/frp/releases/latest | grep -o '"tag_name": ".*"' | cut -d'"' -f4) 66 | DOWNLOAD_URL="https://github.com/fatedier/frp/releases/download/${LATEST_VERSION}/frp_${LATEST_VERSION#v}_linux_${ARCH_TYPE}.tar.gz" 67 | curl -L "${GH_PROXY}${DOWNLOAD_URL}" -o /tmp/frp.tar.gz 68 | else 69 | LATEST_VERSION=$(wget -qO- https://api.github.com/repos/fatedier/frp/releases/latest | grep -o '"tag_name": ".*"' | cut -d'"' -f4) 70 | DOWNLOAD_URL="https://github.com/fatedier/frp/releases/download/${LATEST_VERSION}/frp_${LATEST_VERSION#v}_linux_${ARCH_TYPE}.tar.gz" 71 | wget -O /tmp/frp.tar.gz "${GH_PROXY}${DOWNLOAD_URL}" 72 | fi 73 | 74 | # 下载并解压 frpc 75 | curl -L "$DOWNLOAD_URL" -o /tmp/frp.tar.gz 76 | tar -xzf /tmp/frp.tar.gz -C /tmp 77 | mv /tmp/frp_*/frpc /etc/frpc/ 78 | rm -rf /tmp/frp.tar.gz /tmp/frp_* 79 | 80 | # 创建服务文件 81 | cat > /etc/init.d/idx-frpc << 'EOF' 82 | #!/bin/sh /etc/rc.common 83 | 84 | START=99 85 | STOP=10 86 | 87 | NAME="frpc" 88 | USE_PROCD=1 89 | 90 | FRPC_PROG="/etc/frpc/frpc" 91 | FRPC_CONF="/etc/frpc/idx-frpc.toml" 92 | FRPC_LOG="/var/log/idx-frpc.log" 93 | FRPC_PID="/var/run/idx-frpc.pid" 94 | 95 | start_service() { 96 | echo -e "\nStarting frpc server..." 97 | procd_open_instance 98 | procd_set_param command $FRPC_PROG -c $FRPC_CONF 99 | procd_set_param pidfile $FRPC_PID 100 | procd_set_param file $FRPC_CONF 101 | procd_set_param stdout 1 102 | procd_set_param stderr 1 103 | procd_set_param respawn ${respawn_threshold:-3600} ${respawn_timeout:-5} ${respawn_retry:-5} 104 | procd_close_instance 105 | } 106 | 107 | stop_service() { 108 | echo "Stopping frpc server..." 109 | service_stop $FRPC_PROG 110 | } 111 | 112 | reload_service() { 113 | stop 114 | start 115 | } 116 | EOF 117 | 118 | # 设置执行权限 119 | chmod +x /etc/init.d/idx-frpc 120 | 121 | # 启动服务 122 | /etc/init.d/idx-frpc start 123 | 124 | info "安装完成 / Installation completed" 125 | echo -e "\n使用方法 / Usage:" 126 | info "启动 / Start: /etc/init.d/idx-frpc start" 127 | info "停止 / Stop: /etc/init.d/idx-frpc stop" 128 | info "重启 / Restart: /etc/init.d/idx-frpc restart" 129 | 130 | # 创建卸载脚本 131 | cat > /usr/bin/uninstall-idx-frpc << 'EOF' 132 | #!/bin/bash 133 | info() { echo -e "\033[32m\033[01m$*\033[0m"; } 134 | info "正在卸载 idx-frpc / Uninstalling idx-frpc..." 135 | /etc/init.d/idx-frpc stop 136 | rm -rf /etc/frpc 137 | rm -f /etc/init.d/idx-frpc 138 | rm -f /var/log/idx-frpc.log 139 | rm -f /var/run/idx-frpc.pid 140 | rm -f /usr/bin/uninstall-idx-frpc 141 | info "卸载完成 / Uninstallation completed" 142 | EOF 143 | 144 | chmod +x /usr/bin/uninstall-idx-frpc 145 | 146 | info "卸载命令 / Uninstall: uninstall-idx-frpc" -------------------------------------------------------------------------------- /README_EN.md: -------------------------------------------------------------------------------- 1 | # IDX Multi-Container Proxy Service Deployment Project 2 | Documentation: English version | [中文版](https://github.com/fscarmen2/IDX_NixOS/blob/main/README.md) 3 | 4 | ## Table of Contents 5 | - [Project Overview](#project-overview) 6 | - [Features](#features) 7 | - [Component Details](#component-details) 8 | - [Container Environment](#1-container-environment) 9 | - [Network Proxy Service](#2-network-proxy-service) 10 | - [Network Tunneling Service](#3-network-tunneling-service) 11 | - [Monitoring Service](#4-monitoring-service) 12 | - [Deployment Steps](#deployment-steps) 13 | - [Download Project](#1-download-project) 14 | - [Modify Configuration](#2-modify-configuration) 15 | - [Save Files](#3-save-files) 16 | - [Deploy to IDX](#4-deploy-to-idx) 17 | - [Verify Deployment](#5-verify-deployment) 18 | - [Notes](#notes) 19 | - [OpenWrt FRPC Quick Deployment](#openwrt-frpc-quick-deployment) 20 | - [OpenWRT Deployment Steps](#openwrt-deployment-steps) 21 | - [Uninstallation](#uninstallation) 22 | - [OpenWRT Notes](#openwrt-notes) 23 | 24 | ## Project Overview 25 | This project is a multi-container proxy service deployment solution based on the IDX development environment. It integrates various network tools and services, including Sing-Box, Cloudflare Argo Tunnel, FRP intranet penetration, and multiple Linux container environments. The project uses Nix configuration files for automated deployment and management, providing a complete network proxy and remote access solution. 26 | 27 | ## Features 28 | 1. **Multi-Container Environment**: Simultaneously deploy Debian, Ubuntu, CentOS, and Alpine Linux containers 29 | 2. **Network Proxy Service**: Integrate Sing-Box with support for 6 protocols 30 | 3. **Network Tunneling**: Enable external access to internal services via Cloudflare Argo Tunnel and FRP 31 | 4. **Service Monitoring**: Integrate Nezha monitoring agent for real-time service status tracking 32 | 5. **Automated Deployment**: One-click deployment and startup using IDX's Nix configuration 33 | 6. **Secure Access**: All containers configured with SSH remote access, supporting password authentication 34 | 35 | ## Component Details 36 | ### 1. Container Environment 37 | The project deploys four mainstream Linux containers, each configured with SSH service for remote login: 38 | 39 | - **Debian**: General Linux environment suitable for most application deployments 40 | - **Ubuntu**: User-friendly interface with rich package support 41 | - **CentOS 9**: Enterprise-grade stability for long-running services 42 | - **Alpine**: Lightweight container with minimal resource usage 43 | 44 | ### 2. Network Proxy Service 45 | Using Sing-Box to provide high-performance network proxy services: 46 | 47 | - **Protocol Support**: VMess + WebSocket + TLS, VLESS + WebSocket + TLS, VLESS + Reality, AnyTLS, Hysteria2, TUIC 48 | - **Multi-Client Support**: Auto-generate configurations for Clash, V2rayN, NekoBox, Shadowrocket, and SingBox 49 | 50 | ### 3. Network Tunneling Service 51 | - **Cloudflare Argo Tunnel**: Securely expose internal services to the internet without public IP. 52 | - **FRP Intranet Penetration**: Provide external access ports for each container's SSH service. 53 | 54 | ### 4. Monitoring Service 55 | - **Nezha Monitoring**: Real-time server status monitoring, including CPU, memory, network metrics. 56 | 57 | ## Deployment Steps 58 | 1. **Download Project** 59 | 60 | - Download the project archive file locally. 61 | 62 | 2. **Modify Configuration** 63 | 64 | - Open .idx/dev.nix file. 65 | - Modify parameters according to comments. 66 | - Important: Beginners should maintain default settings except for the env section. 67 | 68 | 3. **Save Files** 69 | 70 | - Save the modified .idx/dev.nix file. 71 | - Ensure all necessary files are included in the archive. 72 | 73 | 4. **Deploy to IDX** 74 | 75 | - Visit https://idx.google.com. 76 | - Create new custom workspace. 77 | - Upload the modified project archive. 78 | - Wait approximately 2 minutes for automatic deployment. 79 | 80 | 5. **Verify Deployment** 81 | 82 | - Access services through configured domain. 83 | - Access containers using configured ports and passwords. 84 | - Check Nezha dashboard for service status. 85 | 86 | ### Notes: 87 | 88 | - Ensure parameter formats are correct and quotes are complete. 89 | - Use strong passwords for sensitive information. 90 | - Test all services immediately after deployment. 91 | 92 | ## OpenWrt FRPC Quick Deployment 93 | 94 | This project provides a one-click deployment script for quickly deploying and managing FRP client on OpenWrt systems. 95 | 96 | ### OpenWRT Deployment Steps 97 | 98 | 1. **Download and Execute Installation Script** 99 | ```bash 100 | bash <(curl -sSL https://raw.githubusercontent.com/fscarmen2/IDX_NIXOS/main/install-frpc.sh) 101 | ``` 102 | 103 | 2. **Configure FRPC** 104 | - The script will prompt you to input FRPC configuration content 105 | - Press Ctrl+D when finished to save 106 | 107 | 3. **Service Management** 108 | - Start service: `/etc/init.d/idx-frpc start` 109 | - Stop service: `/etc/init.d/idx-frpc stop` 110 | - Restart service: `/etc/init.d/idx-frpc restart` 111 | 112 | ### Uninstallation 113 | 114 | To uninstall the FRPC service, simply execute: 115 | ```bash 116 | uninstall-idx-frpc 117 | ``` 118 | 119 | This command will: 120 | - Stop FRPC service 121 | - Remove all configuration files 122 | - Remove service scripts 123 | - Clean up log files 124 | 125 | ### OpenWRT Notes 126 | 127 | 1. Ensure either curl or wget is installed on the system 128 | 2. Configuration file is saved at `/etc/frpc/idx-frpc.toml` 129 | 3. Log file location: `/var/log/idx-frpc.log` 130 | 4. Supports configuration file hot reload 131 | 5. Process automatically restarts on abnormal exit -------------------------------------------------------------------------------- /.idx/dev.nix: -------------------------------------------------------------------------------- 1 | # 要了解更多关于如何使用 Nix 配置您的环境 2 | # 请参阅:https://firebase.google.com/docs/studio/customize-workspace 3 | { pkgs, ... }: { 4 | # 系统环境变量 5 | env = { 6 | # Sing-box 配置 7 | ARGO_DOMAIN = "your-domain.example.com"; 8 | UUID = "de04add9-5c68-8bab-950c-08cd5320df18"; # 可以通过 `cat /proc/sys/kernel/random/uuid` 获取 9 | CDN = "your-cdn-domain.com"; 10 | NODE_NAME = "your-node-name"; 11 | VMESS_PORT = ""; # 端口范围 1000-65535,留空则不启用 12 | VLESS_PORT = ""; # 端口范围 1000-65535,留空则不启用 13 | REALITY_PORT = ""; # 端口范围 1000-65535,留空则不启用 14 | ANYTLS_PORT = ""; # 端口范围 1000-65535,留空则不启用 15 | HYSTERIA2_PORT = ""; # 端口范围 1000-65535,留空则不启用 16 | TUIC_PORT = ""; # 端口范围 1000-65535,留空则不启用 17 | REALITY_PRIVATE = "CClfZsI2vKDN1d3R7LoaDKE639F816jTYKBk3OTCW3A"; # reality 私钥,43个字符 18 | REALITY_PUBLIC = "lQbxDqzENHyul8jcFw3Qx0IyRGp4_goLWG5RjzCkiX8"; # reality 公钥,43个字符 19 | LOCAL_IP = ""; # 本地软路由内网地址 20 | 21 | # 节点信息的 Nginx 静态文件服务 22 | NGINX_PORT = ""; # 端口范围 1000-65535,留空则不启用 23 | 24 | # Argo Tunnel TOKEN 或者 json 25 | ARGO_AUTH = "your-argo-token"; 26 | 27 | # Nezha 监控配置 28 | NEZHA_SERVER = "monitor.example.com"; 29 | NEZHA_PORT = "443"; 30 | NEZHA_KEY = "your-nezha-key"; 31 | NEZHA_TLS = "--tls"; # 不要可以清空值 32 | 33 | # SSH 配置 34 | SSH_PASSWORD = "your-secure-password"; 35 | 36 | # FRP 配置 37 | FRP_SERVER_ADDR = "frp.example.com"; 38 | FRP_SERVER_PORT = "7000"; 39 | FRP_AUTH_TOKEN = "your-frp-token"; 40 | 41 | # 远程端口配置 42 | DEBIAN_REMOTE_PORT = "6001"; 43 | UBUNTU_REMOTE_PORT = "6002"; 44 | CENTOS_REMOTE_PORT = "6003"; 45 | ALPINE_REMOTE_PORT = "6004"; 46 | }; 47 | 48 | # 使用哪个 nixpkgs 频道 49 | channel = "stable-25.05"; # 或 "unstable" 50 | 51 | # 添加常用系统工具包 52 | packages = [ 53 | # 基础系统工具 54 | pkgs.debianutils # Debian 系统实用工具集 55 | pkgs.uutils-coreutils-noprefix # Rust 实现的核心工具集 56 | pkgs.gnugrep # GNU 文本搜索工具 57 | pkgs.openssl # SSL/TLS 加密工具 58 | pkgs.screen # 终端多窗口管理器 59 | pkgs.qrencode # 二维码生成工具 60 | 61 | # 系统监控和管理 62 | pkgs.procps # 进程监控工具集(ps, top 等) 63 | pkgs.nettools # 网络配置工具集 64 | pkgs.rsync # 文件同步工具 65 | pkgs.psmisc # 进程管理工具集(killall, pstree 等) 66 | pkgs.htop # 交互式进程查看器 67 | pkgs.iotop # IO 监控工具 68 | 69 | # 开发工具 70 | pkgs.gcc # GNU C/C++ 编译器 71 | pkgs.gnumake # GNU 构建工具 72 | pkgs.cmake # 跨平台构建系统 73 | pkgs.python3 # Python 3 编程语言 74 | pkgs.openssh # SSH 连接工具 75 | pkgs.nano # 简单文本编辑器 76 | 77 | # 文件工具 78 | pkgs.file # 文件类型识别工具 79 | pkgs.tree # 目录树显示工具 80 | pkgs.zip # 文件压缩工具 81 | 82 | # 网络代理工具 83 | pkgs.cloudflared # Cloudflare 隧道客户端 84 | pkgs.xray # 代理工具 85 | pkgs.sing-box # 通用代理平台 86 | 87 | # 监控类 88 | pkgs.nezha-agent # 哪吒监控客户端 89 | ]; 90 | 91 | # 服务配置 92 | services = { 93 | # 启用 Docker 服务 94 | docker.enable = true; 95 | }; 96 | 97 | idx = { 98 | # 搜索扩展程序: https://open-vsx.org/ 并使用 "publisher.id" 99 | extensions = [ 100 | # 添加您需要的扩展 101 | ]; 102 | 103 | # 启用预览 104 | previews = { 105 | enable = true; 106 | previews = { 107 | # 预览配置 108 | }; 109 | }; 110 | 111 | # 工作区生命周期钩子 112 | workspace = { 113 | # 工作区首次创建时运行 114 | onCreate = { 115 | default.openFiles = [ ".idx/dev.nix" "README.md" ]; 116 | }; 117 | 118 | # 工作区(重新)启动时运行 119 | onStart = { 120 | # 创建配置文件目录 121 | init-01-mkdir = " 122 | [ ! -d conf ] && mkdir conf 123 | [[ $VMESS_PORT$VLESS_PORT$REALITY_PORT$HYSTERIA2_PORT$TUIC_PORT =~ [0-9]+ && ! -d sing-box ]] && mkdir sing-box"; 124 | 125 | # 生成随机 UUID 126 | init-01-set-uuid = "[[ ! $UUID =~ ^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$ ]] && cat /proc/sys/kernel/random/uuid > conf/uuid.txt"; 127 | 128 | # 生成 Argo Json 配置文件 129 | init-02-argo-json = " 130 | if [[ $ARGO_AUTH =~ TunnelSecret ]]; then 131 | ARGO_JSON=$(sed 's/ //g' <<< \"$ARGO_AUTH\") 132 | rm -rf conf/tunnel.* 133 | echo $ARGO_JSON > conf/tunnel.json 134 | [[ -n $VMESS_PORT || -n $VLESS_PORT || -n $NGINX_PORT ]] && cat > conf/tunnel.yml << EOF 135 | tunnel: $(awk -F '\"' '{print $12}' <<< \"$ARGO_JSON\") 136 | credentials-file: /etc/cloudflared/tunnel.json 137 | 138 | ingress: 139 | EOF 140 | 141 | [[ -n $VMESS_PORT ]] && cat >> conf/tunnel.yml << EOF 142 | - hostname: $ARGO_DOMAIN 143 | service: https://sing-box:$VMESS_PORT 144 | path: /$UUID-vmess 145 | originRequest: 146 | noTLSVerify: true 147 | 148 | EOF 149 | 150 | [[ -n $VLESS_PORT ]] && cat >> conf/tunnel.yml << EOF 151 | - hostname: $ARGO_DOMAIN 152 | service: https://sing-box:$VLESS_PORT 153 | path: /$UUID-vless 154 | originRequest: 155 | noTLSVerify: true 156 | 157 | EOF 158 | 159 | [[ -n $NGINX_PORT ]] && cat >> conf/tunnel.yml << EOF 160 | - hostname: $ARGO_DOMAIN 161 | service: http://nginx:$NGINX_PORT 162 | path: /$UUID 163 | EOF 164 | 165 | cat >> conf/tunnel.yml << EOF 166 | - service: http_status:404 167 | EOF 168 | chmod 644 conf/tunnel.yml conf/tunnel.json 169 | fi"; 170 | 171 | # 检查并创建 nginx 配置 172 | init-02-nginx = " 173 | if [[ $VMESS_PORT$VLESS_PORT$REALITY_PORT$HYSTERIA2_PORT$TUIC_PORT =~ [0-9]+ ]]; then 174 | [[ ! $UUID =~ ^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$ && -s conf/uuid.txt ]] && UUID=$(cat conf/uuid.txt) 175 | [ -s sing-box/nginx.conf ] && rm -rf sing-box/nginx.conf 176 | cat > sing-box/nginx.conf << EOF 177 | user nginx; 178 | worker_processes auto; 179 | 180 | error_log /dev/null; 181 | pid /var/run/nginx.pid; 182 | 183 | events { 184 | worker_connections 1024; 185 | } 186 | 187 | http { 188 | include /etc/nginx/mime.types; 189 | default_type application/octet-stream; 190 | charset utf-8; 191 | 192 | access_log /dev/null; 193 | 194 | sendfile on; 195 | 196 | keepalive_timeout 65; 197 | 198 | #gzip on; 199 | 200 | server { 201 | listen $NGINX_PORT; 202 | server_name localhost; 203 | 204 | # 严格匹配 /\$UUID/node 路径 205 | location = /\$UUID/node { 206 | alias /data/node.txt; 207 | default_type text/plain; 208 | charset utf-8; 209 | add_header Content-Type 'text/plain; charset=utf-8'; 210 | } 211 | 212 | # 拒绝其他所有请求 213 | location / { 214 | return 403; 215 | } 216 | 217 | # 错误页面配置 218 | error_page 500 502 503 504 /50x.html; 219 | location = /50x.html { 220 | root /usr/share/nginx/html; 221 | } 222 | } 223 | } 224 | EOF 225 | fi"; 226 | 227 | # 检查并创建 SSL 证书 228 | init-02-ssl-cert = "[[ $VMESS_PORT$VLESS_PORT$REALITY_PORT$HYSTERIA2_PORT$TUIC_PORT =~ [0-9]+ && ! -f sing-box/cert/private.key ]] && (mkdir -p sing-box/cert && openssl ecparam -genkey -name prime256v1 -out sing-box/cert/private.key && openssl req -new -x509 -days 36500 -key sing-box/cert/private.key -out sing-box/cert/cert.pem -subj \"/CN=mozilla.org\")"; 229 | 230 | # 检查并创建 sing-box 配置 231 | init-02-singbox = " 232 | [ -s sing-box/config.json ] && rm -rf sing-box/config.json 233 | if [[ $VMESS_PORT$VLESS_PORT$REALITY_PORT$HYSTERIA2_PORT$TUIC_PORT =~ [0-9]+ ]]; then 234 | if [[ $REALITY_PORT =~ [0-9]+ ]]; then 235 | if [[ -z $REALITY_PUBLIC || -z $REALITY_PRIVATE ]]; then 236 | REALITY_KEYPAIR=$(sing-box generate reality-keypair) 237 | REALITY_PRIVATE=$(awk '/PrivateKey/{print $NF}' <<< \"$REALITY_KEYPAIR\") 238 | REALITY_PUBLIC=$(awk '/PublicKey/{print $NF}' <<< \"$REALITY_KEYPAIR\") 239 | fi 240 | [ -s sing-box/reality_keypair.txt ] && rm -rf sing-box/reality_keypair.txt 241 | echo -n \"PrivateKey: $REALITY_PRIVATE\nPublicKey: $REALITY_PUBLIC\" > sing-box/reality_keypair.txt 242 | fi 243 | 244 | [[ ! $UUID =~ ^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$ && -s conf/uuid.txt ]] && UUID=$(cat conf/uuid.txt) 245 | 246 | cat > sing-box/config.json << EOF 247 | { 248 | \"dns\":{ 249 | \"servers\":[ 250 | { 251 | \"type\":\"local\" 252 | } 253 | ], 254 | \"strategy\": \"ipv4_only\" 255 | }, 256 | \"experimental\": { 257 | \"cache_file\": { 258 | \"enabled\": true, 259 | \"path\": \"/etc/sing-box/cache.db\" 260 | } 261 | }, 262 | \"ntp\": { 263 | \"enabled\": true, 264 | \"server\": \"time.apple.com\", 265 | \"server_port\": 123, 266 | \"interval\": \"60m\" 267 | }, 268 | \"inbounds\": [ 269 | EOF 270 | [[ $VMESS_PORT =~ [0-9]+ ]] && cat >> sing-box/config.json << EOF 271 | { 272 | \"type\":\"vmess\", 273 | \"tag\":\"vmess-in\", 274 | \"listen\":\"::\", 275 | \"listen_port\":$VMESS_PORT, 276 | \"tcp_fast_open\":false, 277 | \"proxy_protocol\":false, 278 | \"users\":[ 279 | { 280 | \"uuid\":\"$UUID\", 281 | \"alterId\":0 282 | } 283 | ], 284 | \"transport\":{ 285 | \"type\":\"ws\", 286 | \"path\":\"/$UUID-vmess\", 287 | \"max_early_data\":2048, 288 | \"early_data_header_name\":\"Sec-WebSocket-Protocol\" 289 | }, 290 | \"tls\": { 291 | \"enabled\": true, 292 | \"server_name\": \"$ARGO_DOMAIN\", 293 | \"certificate_path\": \"/etc/sing-box/cert/cert.pem\", 294 | \"key_path\": \"/etc/sing-box/cert/private.key\" 295 | }, 296 | \"multiplex\":{ 297 | \"enabled\":true, 298 | \"padding\":true, 299 | \"brutal\":{ 300 | \"enabled\":false, 301 | \"up_mbps\":1000, 302 | \"down_mbps\":1000 303 | } 304 | } 305 | }, 306 | EOF 307 | [[ $VLESS_PORT =~ [0-9]+ ]] && cat >> sing-box/config.json << EOF 308 | { 309 | \"type\": \"vless\", 310 | \"tag\": \"vless-in\", 311 | \"listen\": \"::\", 312 | \"listen_port\": $VLESS_PORT, 313 | \"users\": [ 314 | { 315 | \"uuid\": \"$UUID\", 316 | \"flow\": \"\" 317 | } 318 | ], 319 | \"transport\": { 320 | \"type\": \"ws\", 321 | \"path\": \"/$UUID-vless\", 322 | \"max_early_data\": 2048, 323 | \"early_data_header_name\": \"Sec-WebSocket-Protocol\" 324 | }, 325 | \"tls\": { 326 | \"enabled\": true, 327 | \"server_name\": \"$ARGO_DOMAIN\", 328 | \"certificate_path\": \"/etc/sing-box/cert/cert.pem\", 329 | \"key_path\": \"/etc/sing-box/cert/private.key\" 330 | }, 331 | \"multiplex\": { 332 | \"enabled\":true, 333 | \"padding\":true 334 | } 335 | }, 336 | EOF 337 | [[ $REALITY_PORT =~ [0-9]+ ]] && cat >> sing-box/config.json << EOF 338 | { 339 | \"type\":\"vless\", 340 | \"tag\":\"reality-in\", 341 | \"listen\":\"::\", 342 | \"listen_port\":$REALITY_PORT, 343 | \"users\":[ 344 | { 345 | \"uuid\":\"$UUID\", 346 | \"flow\":\"\" 347 | } 348 | ], 349 | \"tls\":{ 350 | \"enabled\":true, 351 | \"server_name\":\"addons.mozilla.org\", 352 | \"reality\":{ 353 | \"enabled\":true, 354 | \"handshake\":{ 355 | \"server\":\"addons.mozilla.org\", 356 | \"server_port\":443 357 | }, 358 | \"private_key\":\"$REALITY_PRIVATE\", 359 | \"short_id\":[ 360 | \"\" 361 | ] 362 | } 363 | }, 364 | \"multiplex\":{ 365 | \"enabled\":true, 366 | \"padding\":true, 367 | \"brutal\":{ 368 | \"enabled\":true, 369 | \"up_mbps\":1000, 370 | \"down_mbps\":1000 371 | } 372 | } 373 | }, 374 | EOF 375 | 376 | [[ $ANYTLS_PORT =~ [0-9]+ ]] && cat >> sing-box/config.json << EOF 377 | { 378 | \"type\":\"anytls\", 379 | \"tag\":\"anytls-in\", 380 | \"listen\":\"::\", 381 | \"listen_port\":$ANYTLS_PORT, 382 | \"users\":[ 383 | { 384 | \"password\":\"$UUID\" 385 | } 386 | ], 387 | \"padding_scheme\":[], 388 | \"tls\":{ 389 | \"enabled\":true, 390 | \"certificate_path\":\"/etc/sing-box/cert/cert.pem\", 391 | \"key_path\":\"/etc/sing-box/cert/private.key\" 392 | } 393 | }, 394 | EOF 395 | 396 | [[ $HYSTERIA2_PORT =~ [0-9]+ ]] && cat >> sing-box/config.json << EOF 397 | { 398 | \"type\":\"hysteria2\", 399 | \"tag\":\"hysteria2-in\", 400 | \"listen\":\"::\", 401 | \"listen_port\":$HYSTERIA2_PORT, 402 | \"users\":[ 403 | { 404 | \"password\":\"$UUID\" 405 | } 406 | ], 407 | \"ignore_client_bandwidth\":false, 408 | \"tls\":{ 409 | \"enabled\":true, 410 | \"server_name\":\"\", 411 | \"alpn\":[ 412 | \"h3\" 413 | ], 414 | \"min_version\":\"1.3\", 415 | \"max_version\":\"1.3\", 416 | \"certificate_path\":\"/etc/sing-box/cert/cert.pem\", 417 | \"key_path\":\"/etc/sing-box/cert/private.key\" 418 | } 419 | }, 420 | EOF 421 | [[ $TUIC_PORT =~ [0-9]+ ]] && cat >> sing-box/config.json << EOF 422 | { 423 | \"type\":\"tuic\", 424 | \"tag\":\"tuic-in\", 425 | \"listen\":\"::\", 426 | \"listen_port\":$TUIC_PORT, 427 | \"users\":[ 428 | { 429 | \"uuid\":\"$UUID\", 430 | \"password\":\"$UUID\" 431 | } 432 | ], 433 | \"congestion_control\": \"bbr\", 434 | \"zero_rtt_handshake\": false, 435 | \"tls\":{ 436 | \"enabled\":true, 437 | \"alpn\":[ 438 | \"h3\" 439 | ], 440 | \"certificate_path\":\"/etc/sing-box/cert/cert.pem\", 441 | \"key_path\":\"/etc/sing-box/cert/private.key\" 442 | } 443 | }, 444 | EOF 445 | 446 | sed -i '$s/,$//g' sing-box/config.json 447 | 448 | cat >> sing-box/config.json << EOF 449 | ], 450 | \"outbounds\": [ 451 | { 452 | \"type\": \"direct\", 453 | \"tag\": \"direct\" 454 | } 455 | ] 456 | } 457 | EOF 458 | 459 | # 创建 node.txt 文件 460 | [[ ! $UUID =~ ^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$ && -s conf/uuid.txt ]] && UUID=$(cat conf/uuid.txt) 461 | NODE_NAME_1=$(sed \"s/ /%20/g\" <<< \"$NODE_NAME\") 462 | [ -s sing-box/node.txt ] && rm -rf sing-box/node.txt 463 | [[ $VMESS_PORT$VLESS_PORT$REALITY_PORT$HYSTERIA2_PORT$TUIC_PORT =~ [0-9]+ ]] && cat > sing-box/node.txt << EOF 464 | 浏览器访问节点信息: https://$ARGO_DOMAIN/$UUID/node 465 | 466 | ******************************************* 467 | 468 | ┌────────────────┐ 469 | │ │ 470 | │ V2rayN │ 471 | │ │ 472 | └────────────────┘ 473 | 474 | EOF 475 | 476 | [[ $VMESS_PORT =~ [0-9]+ ]] && cat >> sing-box/node.txt << EOF 477 | vmess://\$(echo -n '{\"v\":\"2\",\"ps\":\"'$NODE_NAME' vmess\",\"add\":\"'$CDN'\",\"port\":\"443\",\"id\":\"'$UUID'\",\"aid\":\"0\",\"scy\":\"none\",\"net\":\"ws\",\"type\":\"none\",\"host\":\"'$ARGO_DOMAIN'\",\"path\":\"/'$UUID'-vmess\",\"tls\":\"tls\",\"sni\":\"'$ARGO_DOMAIN'\",\"alpn\":\"\",\"fp\":\"chrome\"}' | base64 -w0) 478 | 479 | EOF 480 | 481 | [[ $VLESS_PORT =~ [0-9]+ ]] && cat >> sing-box/node.txt << EOF 482 | vless://$UUID@$CDN:443?encryption=none&security=tls&sni=$ARGO_DOMAIN&fp=chrome&type=ws&host=$ARGO_DOMAIN&path=%2F$UUID-vless#$NODE_NAME_1%20vless 483 | 484 | EOF 485 | 486 | [[ $REALITY_PORT =~ [0-9]+ ]] && cat >> sing-box/node.txt << EOF 487 | vless://$UUID@$LOCAL_IP:$REALITY_PORT?encryption=none&security=reality&sni=addons.mozilla.org&fp=chrome&pbk=$REALITY_PUBLIC&type=tcp&headerType=none#$NODE_NAME_1%20reality 488 | 489 | EOF 490 | 491 | [[ $ANYTLS_PORT =~ [0-9]+ ]] && cat >> sing-box/node.txt << EOF 492 | { 493 | \"log\":{ 494 | \"level\":\"warn\" 495 | }, 496 | \"inbounds\":[ 497 | { 498 | \"listen\":\"127.0.0.1\", 499 | \"listen_port\":$ANYTLS_PORT, 500 | \"sniff\":true, 501 | \"sniff_override_destination\":false, 502 | \"tag\": \"reality-in\", 503 | \"type\":\"mixed\" 504 | } 505 | ], 506 | \"outbounds\":[ 507 | { 508 | \"type\": \"anytls\", 509 | \"tag\": \"anytls-in\", 510 | \"server\": \"$LOCAL_IP\", 511 | \"server_port\": $ANYTLS_PORT, 512 | \"password\": \"$UUID\", 513 | \"idle_session_check_interval\": \"30s\", 514 | \"idle_session_timeout\": \"30s\", 515 | \"min_idle_session\": 5, 516 | \"tls\": { 517 | \"enabled\": true, 518 | \"insecure\": true, 519 | \"server_name\": \"\" 520 | } 521 | } 522 | ] 523 | } 524 | 525 | EOF 526 | 527 | [[ $HYSTERIA2_PORT =~ [0-9]+ ]] && cat >> sing-box/node.txt << EOF 528 | hysteria2://$UUID@$LOCAL_IP:$HYSTERIA2_PORT/?alpn=h3&insecure=1#$NODE_NAME_1%20hysteria2 529 | 530 | EOF 531 | 532 | [[ $TUIC_PORT =~ [0-9]+ ]] && cat >> sing-box/node.txt << EOF 533 | tuic://$UUID:$UUID@$LOCAL_IP:$TUIC_PORT?alpn=h3&congestion_control=bbr#$NODE_NAME_1%20tuic 534 | 535 | EOF 536 | 537 | cat >> sing-box/node.txt << EOF 538 | ******************************************* 539 | 540 | ┌────────────────┐ 541 | │ │ 542 | │ NekoBox │ 543 | │ │ 544 | └────────────────┘ 545 | 546 | EOF 547 | 548 | [[ $VMESS_PORT =~ [0-9]+ ]] && cat >> sing-box/node.txt << EOF 549 | vmess://\$(echo -n '{\"add\":\"'$CDN'\",\"aid\":\"0\",\"host\":\"'$ARGO_DOMAIN'\",\"id\":\"'$UUID'\",\"net\":\"ws\",\"path\":\"/'$UUID'-vmess\",\"port\":\"443\",\"ps\":\"'$NODE_NAME' vmess\",\"scy\":\"none\",\"sni\":\"'$ARGO_DOMAIN'\",\"tls\":\"tls\",\"type\":\"\",\"v\":\"2\"}' | base64 -w0) 550 | 551 | EOF 552 | 553 | [[ $VLESS_PORT =~ [0-9]+ ]] && cat >> sing-box/node.txt << EOF 554 | vless://$UUID@$CDN:443?security=tls&sni=$ARGO_DOMAIN&fp=chrome&type=ws&path=/$UUID-vless&host=$ARGO_DOMAIN&encryption=none#$NODE_NAME%20vless 555 | 556 | EOF 557 | 558 | [[ $REALITY_PORT =~ [0-9]+ ]] && cat >> sing-box/node.txt << EOF 559 | vless://$UUID@$LOCAL_IP:$REALITY_PORT?security=reality&sni=addons.mozilla.org&fp=chrome&pbk=$REALITY_PUBLIC&type=tcp&encryption=none#$NODE_NAME_1%20reality 560 | 561 | EOF 562 | 563 | [[ $ANYTLS_PORT =~ [0-9]+ ]] && cat >> sing-box/node.txt << EOF 564 | anytls://$UUID@$LOCAL_IP:$ANYTLS_PORT/?insecure=1#$NODE_NAME_1%20anytls 565 | 566 | EOF 567 | 568 | [[ $HYSTERIA2_PORT =~ [0-9]+ ]] && cat >> sing-box/node.txt << EOF 569 | hy2://$UUID@$LOCAL_IP:$HYSTERIA2_PORT?insecure=1#$NODE_NAME_1%20hysteria2 570 | 571 | EOF 572 | 573 | [[ $TUIC_PORT =~ [0-9]+ ]] && cat >> sing-box/node.txt << EOF 574 | tuic://$UUID:$UUID@$LOCAL_IP:$TUIC_PORT?congestion_control=bbr&alpn=h3&udp_relay_mode=native&allow_insecure=1&disable_sni=1#$NODE_NAME_1%20tuic 575 | 576 | EOF 577 | 578 | cat >> sing-box/node.txt << EOF 579 | ******************************************* 580 | 581 | ┌────────────────┐ 582 | │ │ 583 | │ ShadowRocket │ 584 | │ │ 585 | └────────────────┘ 586 | 587 | EOF 588 | [[ $VMESS_PORT =~ [0-9]+ ]] && cat >> sing-box/node.txt << EOF 589 | vmess://\$(echo -n \"none:$UUID@$CDN:443\" | base64 -w0)?remarks=$NODE_NAME_1%20vmess&obfsParam=$ARGO_DOMAIN&path=/$UUID-vmess?ed=2048&obfs=websocket&tls=1&peer=$ARGO_DOMAIN&mux=1&alterId=0 590 | 591 | EOF 592 | [[ $VLESS_PORT =~ [0-9]+ ]] && cat >> sing-box/node.txt << EOF 593 | vless://\$(echo -n \"auto:$UUID@$CDN:443\" | base64 -w0)?remarks=$NODE_NAME_1%20vless&obfsParam=$ARGO_DOMAIN&path=/$UUID-vless?ed=2048&obfs=websocket&tls=1&peer=$ARGO_DOMAIN&allowInsecure=1&mux=1 594 | 595 | EOF 596 | 597 | [[ $REALITY_PORT =~ [0-9]+ ]] && cat >> sing-box/node.txt << EOF 598 | vless://$(echo -n \"auto:$UUID@$LOCAL_IP:$REALITY_PORT\" | base64 -w0)?remarks=$NODE_NAME_1%20reality&obfs=none&tls=1&peer=addons.mozilla.org&mux=1&pbk=$REALITY_PUBLIC 599 | 600 | EOF 601 | 602 | [[ $ANYTLS_PORT =~ [0-9]+ ]] && cat >> sing-box/node.txt << EOF 603 | anytls://$UUID@$LOCAL_IP:$ANYTLS_PORT?insecure=1&udp=1#$NODE_NAME_1%20anytls 604 | 605 | EOF 606 | 607 | [[ $HYSTERIA2_PORT =~ [0-9]+ ]] && cat >> sing-box/node.txt << EOF 608 | hysteria2://$UUID@$LOCAL_IP:$HYSTERIA2_PORT?insecure=1&obfs=none#$NODE_NAME_1%20hysteria2 609 | 610 | EOF 611 | 612 | [[ $TUIC_PORT =~ [0-9]+ ]] && cat >> sing-box/node.txt << EOF 613 | tuic://$UUID:$UUID@$LOCAL_IP:$TUIC_PORT?congestion_control=bbr&udp_relay_mode=native&alpn=h3&allow_insecure=1#$NODE_NAME_1%20tuic 614 | 615 | EOF 616 | cat >> sing-box/node.txt << EOF 617 | ******************************************* 618 | 619 | ┌────────────────┐ 620 | │ │ 621 | │ Clash Verge │ 622 | │ │ 623 | └────────────────┘ 624 | 625 | proxies: 626 | EOF 627 | [[ $VMESS_PORT =~ [0-9]+ ]] && cat >> sing-box/node.txt << EOF 628 | - name: \"$NODE_NAME vmess\" 629 | type: vmess 630 | server: \"$CDN\" 631 | port: 443 632 | uuid: \"$UUID\" 633 | alterId: 0 634 | cipher: none 635 | tls: true 636 | servername: \"$ARGO_DOMAIN\" 637 | skip-cert-verify: false 638 | network: ws 639 | ws-opts: 640 | path: \"/$UUID-vmess\" 641 | headers: 642 | Host: \"$ARGO_DOMAIN\" 643 | max-early-data: 2048 644 | early-data-header-name: Sec-WebSocket-Protocol 645 | smux: 646 | enabled: true 647 | protocol: 'h2mux' 648 | padding: true 649 | max-connections: '8' 650 | min-streams: '16' 651 | statistic: true 652 | only-tcp: false 653 | tfo: false 654 | 655 | EOF 656 | [[ $VLESS_PORT =~ [0-9]+ ]] && cat >> sing-box/node.txt << EOF 657 | - name: \"$NODE_NAME vless\" 658 | type: vless 659 | server: \"$CDN\" 660 | port: 443 661 | uuid: \"$UUID\" 662 | tls: true 663 | servername: \"$ARGO_DOMAIN\" 664 | skip-cert-verify: false 665 | network: ws 666 | ws-opts: 667 | path: \"/$UUID-vless\" 668 | headers: 669 | Host: \"$ARGO_DOMAIN\" 670 | max-early-data: 2048 671 | early-data-header-name: Sec-WebSocket-Protocol 672 | smux: 673 | enabled: true 674 | protocol: 'h2mux' 675 | padding: true 676 | max-connections: '8' 677 | min-streams: '16' 678 | statistic: true 679 | only-tcp: false 680 | tfo: false 681 | 682 | EOF 683 | 684 | [[ $REALITY_PORT =~ [0-9]+ ]] && cat >> sing-box/node.txt << EOF 685 | - name: \"$NODE_NAME reality\" 686 | type: vless 687 | server: $LOCAL_IP 688 | port: $REALITY_PORT 689 | uuid: \"$UUID\" 690 | network: tcp 691 | udp: true 692 | tls: true 693 | client-fingerprint: chrome 694 | servername: addons.mozilla.org 695 | reality-opts: 696 | public-key: $REALITY_PUBLIC 697 | short-id: \"\" 698 | smux: 699 | enabled: true 700 | protocol: 'h2mux' 701 | padding: true 702 | max-connections: '8' 703 | min-streams: '16' 704 | statistic: true 705 | only-tcp: false 706 | tfo: false 707 | 708 | EOF 709 | 710 | [[ $ANYTLS_PORT =~ [0-9]+ ]] && cat >> sing-box/node.txt << EOF 711 | - name: \"$NODE_NAME anytls\" 712 | type: anytls 713 | server: $LOCAL_IP 714 | port: $ANYTLS_PORT 715 | password: \"$UUID\" 716 | udp: true 717 | client-fingerprint: chrome 718 | idle-session-check-interval: 30 719 | idle-session-timeout: 30 720 | skip-cert-verify: true 721 | 722 | EOF 723 | 724 | [[ $HYSTERIA2_PORT =~ [0-9]+ ]] && cat >> sing-box/node.txt << EOF 725 | - name: \"$NODE_NAME hysteria2\" 726 | type: hysteria2 727 | server: $LOCAL_IP 728 | port: $HYSTERIA2_PORT 729 | password: \"$UUID\" 730 | up: \"200 Mbps\" 731 | down: \"1000 Mbps\" 732 | skip-cert-verify: true 733 | 734 | EOF 735 | 736 | [[ $TUIC_PORT =~ [0-9]+ ]] && cat >> sing-box/node.txt << EOF 737 | - name: \"$NODE_NAME tuic\" 738 | type: tuic 739 | server: $LOCAL_IP 740 | port: $TUIC_PORT 741 | uuid: \"$UUID\" 742 | password: \"$UUID\" 743 | alpn: 744 | - h3 745 | disable-sni: true 746 | reduce-rtt: true 747 | request-timeout: 8000 748 | udp-relay-mode: native 749 | congestion-controller: bbr 750 | skip-cert-verify: true 751 | 752 | EOF 753 | cat >> sing-box/node.txt << EOF 754 | ******************************************* 755 | 756 | ┌────────────────┐ 757 | │ │ 758 | │ Sing-box │ 759 | │ │ 760 | └────────────────┘ 761 | 762 | { 763 | \"outbounds\": [ 764 | { 765 | EOF 766 | 767 | [[ $VMESS_PORT =~ [0-9]+ ]] && cat >> sing-box/node.txt << EOF 768 | \"tag\": \"$NODE_NAME vmess\", 769 | \"type\": \"vmess\", 770 | \"server\": \"$CDN\", 771 | \"server_port\": 443, 772 | \"uuid\": \"$UUID\", 773 | \"alter_id\": 0, 774 | \"security\": \"none\", 775 | \"network\": \"tcp\", 776 | \"tcp_fast_open\": false, 777 | \"transport\": { 778 | \"type\": \"ws\", 779 | \"path\": \"/$UUID-vmess\", 780 | \"headers\": { 781 | \"Host\": \"$ARGO_DOMAIN\" 782 | } 783 | }, 784 | \"tls\": { 785 | \"enabled\": true, 786 | \"insecure\": false, 787 | \"server_name\": \"$ARGO_DOMAIN\", 788 | \"utls\": { 789 | \"enabled\": true, 790 | \"fingerprint\": \"chrome\" 791 | } 792 | }, 793 | \"multiplex\": { 794 | \"enabled\": true, 795 | \"protocol\": \"h2mux\", 796 | \"max_streams\": 16, 797 | \"padding\": true 798 | } 799 | }, 800 | EOF 801 | 802 | [[ $VLESS_PORT =~ [0-9]+ ]] && cat >> sing-box/node.txt << EOF 803 | { 804 | \"type\": \"vless\", 805 | \"tag\": \"$NODE_NAME vless\", 806 | \"server\": \"$CDN\", 807 | \"server_port\": 443, 808 | \"uuid\": \"$UUID\", 809 | \"network\": \"tcp\", 810 | \"tcp_fast_open\": false, 811 | \"tls\": { 812 | \"enabled\": true, 813 | \"insecure\": false, 814 | \"server_name\": \"$ARGO_DOMAIN\", 815 | \"utls\": { 816 | \"enabled\": true, 817 | \"fingerprint\": \"chrome\" 818 | } 819 | }, 820 | \"multiplex\": { 821 | \"enabled\": true, 822 | \"protocol\": \"h2mux\", 823 | \"max_streams\": 16, 824 | \"padding\": true 825 | } 826 | }, 827 | EOF 828 | 829 | [[ $REALITY_PORT =~ [0-9]+ ]] && cat >> sing-box/node.txt << EOF 830 | { 831 | \"type\": \"vless\", 832 | \"tag\": \"$NODE_NAME xtls-reality\", 833 | \"server\": \"$LOCAL_IP\", 834 | \"server_port\": $REALITY_PORT, 835 | \"uuid\": \"$UUID\", 836 | \"flow\": \"\", 837 | \"packet_encoding\": \"xudp\", 838 | \"tls\": { 839 | \"enabled\": true, 840 | \"server_name\": \"addons.mozilla.org\", 841 | \"utls\": { 842 | \"enabled\": true, 843 | \"fingerprint\": \"chrome\" 844 | }, 845 | \"reality\": { 846 | \"enabled\": true, 847 | \"public_key\": \"$REALITY_PRIVATE\", 848 | \"short_id\": \"\" 849 | } 850 | }, 851 | \"multiplex\": { 852 | \"enabled\": true, 853 | \"protocol\": \"h2mux\", 854 | \"max_connections\": 8, 855 | \"min_streams\": 16, 856 | \"padding\": true, 857 | \"brutal\": { 858 | \"enabled\": false, 859 | \"up_mbps\": 1000, 860 | \"down_mbps\": 1000 861 | } 862 | } 863 | }, 864 | EOF 865 | 866 | [[ $ANYTLS_PORT =~ [0-9]+ ]] && cat >> sing-box/node.txt << EOF 867 | { 868 | \"type\": \"anytls\", 869 | \"tag\": \"$NODE_NAME anytls\", 870 | \"server\": \"$LOCAL_IP\", 871 | \"server_port\": $ANYTLS_PORT, 872 | \"password\": \"$UUID\", 873 | \"idle_session_check_interval\": \"30s\", 874 | \"idle_session_timeout\": \"30s\", 875 | \"min_idle_session\": 5, 876 | \"tls\": { 877 | \"enabled\": true, 878 | \"insecure\": true, 879 | \"server_name\": \"\" 880 | } 881 | }, 882 | EOF 883 | 884 | [[ $HYSTERIA2_PORT =~ [0-9]+ ]] && cat >> sing-box/node.txt << EOF 885 | { 886 | \"type\": \"hysteria2\", 887 | \"tag\": \"$NODE_NAME hysteria2\", 888 | \"server\": \"$LOCAL_IP\", 889 | \"server_port\": $HYSTERIA2_PORT, 890 | \"up_mbps\": 200, 891 | \"down_mbps\": 1000, 892 | \"password\": \"$UUID\", 893 | \"tls\": { 894 | \"enabled\": true, 895 | \"insecure\": true, 896 | \"server_name\": \"\", 897 | \"alpn\": [ 898 | \"h3\" 899 | ] 900 | } 901 | }, 902 | EOF 903 | 904 | [[ $TUIC_PORT =~ [0-9]+ ]] && cat >> sing-box/node.txt << EOF 905 | { 906 | \"type\": \"tuic\", 907 | \"tag\": \"$NODE_NAME tuic\", 908 | \"server\": \"$LOCAL_IP\", 909 | \"server_port\": $TUIC_PORT, 910 | \"uuid\": \"$UUID\", 911 | \"password\": \"$UUID\", 912 | \"congestion_control\": \"bbr\", 913 | \"udp_relay_mode\": \"native\", 914 | \"zero_rtt_handshake\": false, 915 | \"heartbeat\": \"10s\", 916 | \"tls\": { 917 | \"enabled\": true, 918 | \"insecure\": true, 919 | \"server_name\": \"\", 920 | \"alpn\": [ 921 | \"h3\" 922 | ] 923 | } 924 | }, 925 | EOF 926 | sed -i '$s/,$//g' sing-box/node.txt 927 | cat >> sing-box/node.txt << EOF 928 | ] 929 | } 930 | EOF 931 | 932 | [ -s sing-box/local_frpc.toml ] && rm -rf sing-box/local_frpc.toml 933 | [[ -n $FRP_SERVER_ADDR && -n $FRP_SERVER_PORT ]] && cat > sing-box/local_frpc.toml << EOF 934 | serverAddr = \"$FRP_SERVER_ADDR\" 935 | serverPort = $FRP_SERVER_PORT 936 | loginFailExit = false 937 | 938 | # 认证配置 939 | auth.method = \"token\" 940 | auth.token = \"$FRP_AUTH_TOKEN\" 941 | 942 | # 传输配置 943 | transport.heartbeatInterval = 10 944 | transport.heartbeatTimeout = 30 945 | transport.dialServerKeepalive = 10 946 | transport.dialServerTimeout = 30 947 | transport.tcpMuxKeepaliveInterval = 10 948 | transport.poolCount = 5 949 | 950 | EOF 951 | 952 | [[ $REALITY_PORT =~ [0-9]+ ]] && cat >> sing-box/local_frpc.toml << EOF 953 | [[visitors]] 954 | name = \"$NODE_NAME reality_visitor\" 955 | type = \"xtcp\" 956 | serverName = \"$WORKSPACE_SLUG-reality\" 957 | secretKey = \"$UUID\" 958 | bindAddr = \"0.0.0.0\" 959 | bindPort = $REALITY_PORT 960 | keepTunnelOpen = true 961 | 962 | EOF 963 | 964 | [[ $ANYTLS_PORT =~ [0-9]+ ]] && cat >> sing-box/local_frpc.toml << EOF 965 | [[visitors]] 966 | name = \"$NODE_NAME anytls_visitor\" 967 | type = \"xtcp\" 968 | serverName = \"$WORKSPACE_SLUG-anytls\" 969 | secretKey = \"$UUID\" 970 | bindAddr = \"0.0.0.0\" 971 | bindPort = $ANYTLS_PORT 972 | keepTunnelOpen = true 973 | 974 | EOF 975 | 976 | [[ $HYSTERIA2_PORT =~ [0-9]+ ]] && cat >> sing-box/local_frpc.toml << EOF 977 | [[visitors]] 978 | name = \"$NODE_NAME hysteria_visitor\" 979 | type = \"sudp\" 980 | serverName = \"$WORKSPACE_SLUG-hysteria2\" 981 | secretKey = \"$UUID\" 982 | bindAddr = \"0.0.0.0\" 983 | bindPort = $HYSTERIA2_PORT 984 | 985 | EOF 986 | 987 | [[ $TUIC_PORT =~ [0-9]+ ]] && cat >> sing-box/local_frpc.toml << EOF 988 | [[visitors]] 989 | name = \"$NODE_NAME tuic_visitor\" 990 | type = \"sudp\" 991 | serverName = \"$WORKSPACE_SLUG-tuic\" 992 | secretKey = \"$UUID\" 993 | bindAddr = \"0.0.0.0\" 994 | bindPort = $TUIC_PORT 995 | 996 | EOF 997 | fi"; 998 | 999 | # 检查并创建 docker compose 配置文件 1000 | init-02-compose = " 1001 | # 根据 ARGO_AUTH 的内容,自行判断是 Json 还是 Token 1002 | if [[ $ARGO_AUTH =~ TunnelSecret ]]; then 1003 | ARGO_ARGS=\"tunnel --edge-ip-version 4 --config /etc/cloudflared/tunnel.yml run\" 1004 | elif [[ $ARGO_AUTH =~ .*[a-z0-9=]{120,250}$ ]]; then 1005 | ARGO_TOKEN=$(awk '{print $NF}' <<< \"$ARGO_AUTH\") 1006 | ARGO_ARGS=\"tunnel --edge-ip-version 4 run --token $ARGO_TOKEN\" 1007 | fi 1008 | 1009 | cat > docker-compose.yml << 'EOF' 1010 | services: 1011 | EOF 1012 | [[ $DEBIAN_REMOTE_PORT =~ [0-9]+ ]] && cat >> docker-compose.yml << 'EOF' 1013 | debian: 1014 | image: debian:latest 1015 | container_name: debian 1016 | hostname: debian 1017 | networks: 1018 | - idx 1019 | volumes: 1020 | - debian_data:/data 1021 | tty: true 1022 | restart: unless-stopped 1023 | command: | 1024 | bash -c \" 1025 | export DEBIAN_FRONTEND=noninteractive && 1026 | apt update && apt install -y openssh-server iproute2 && 1027 | echo \"root:$SSH_PASSWORD\" | chpasswd && 1028 | sed -i 's/#*PermitRootLogin.*/PermitRootLogin yes/' /etc/ssh/sshd_config && 1029 | sed -i 's/#*PasswordAuthentication.*/PasswordAuthentication yes/' /etc/ssh/sshd_config && 1030 | mkdir -p /var/run/sshd && 1031 | service ssh start && 1032 | tail -f /dev/null 1033 | \" 1034 | 1035 | EOF 1036 | [[ $UBUNTU_REMOTE_PORT =~ [0-9]+ ]] && cat >> docker-compose.yml << 'EOF' 1037 | ubuntu: 1038 | image: ubuntu:latest 1039 | container_name: ubuntu 1040 | hostname: ubuntu 1041 | networks: 1042 | - idx 1043 | volumes: 1044 | - ubuntu_data:/data 1045 | tty: true 1046 | restart: unless-stopped 1047 | command: | 1048 | bash -c \" 1049 | export DEBIAN_FRONTEND=noninteractive && 1050 | apt update && apt install -y openssh-server && 1051 | echo \"root:$SSH_PASSWORD\" | chpasswd && 1052 | sed -i 's/#*PermitRootLogin.*/PermitRootLogin yes/' /etc/ssh/sshd_config && 1053 | sed -i 's/#*PasswordAuthentication.*/PasswordAuthentication yes/' /etc/ssh/sshd_config && 1054 | mkdir -p /var/run/sshd && 1055 | service ssh start && 1056 | tail -f /dev/null 1057 | \" 1058 | 1059 | EOF 1060 | [[ $CENTOS_REMOTE_PORT =~ [0-9]+ ]] && cat >> docker-compose.yml << 'EOF' 1061 | centos9: 1062 | image: quay.io/centos/centos:stream9 1063 | container_name: centos9 1064 | hostname: centos9 1065 | networks: 1066 | - idx 1067 | volumes: 1068 | - centos9_data:/data 1069 | tty: true 1070 | restart: unless-stopped 1071 | command: | 1072 | sh -c \" 1073 | dnf install -y openssh-server passwd iproute procps-ng && 1074 | echo \"root:$SSH_PASSWORD\" | chpasswd && 1075 | mkdir -p /run/sshd && 1076 | ssh-keygen -A && 1077 | sed -i 's/^#*PermitRootLogin.*/PermitRootLogin yes/' /etc/ssh/sshd_config && 1078 | sed -i 's/^#*PasswordAuthentication.*/PasswordAuthentication yes/' /etc/ssh/sshd_config && 1079 | /usr/sbin/sshd -D & 1080 | tail -f /dev/null 1081 | \" 1082 | 1083 | EOF 1084 | [[ $ALPINE_REMOTE_PORT =~ [0-9]+ ]] && cat >> docker-compose.yml << 'EOF' 1085 | alpine: 1086 | image: alpine:latest 1087 | container_name: alpine 1088 | hostname: alpine 1089 | networks: 1090 | - idx 1091 | volumes: 1092 | - alpine_data:/data 1093 | tty: true 1094 | restart: unless-stopped 1095 | command: | 1096 | sh -c \" 1097 | apk update && apk add --no-cache openssh-server openssh-sftp-server && 1098 | echo \"root:$SSH_PASSWORD\" | chpasswd && 1099 | sed -i 's/#PermitRootLogin.*/PermitRootLogin yes/' /etc/ssh/sshd_config && 1100 | sed -i 's/#PasswordAuthentication.*/PasswordAuthentication yes/' /etc/ssh/sshd_config && 1101 | mkdir -p /run/sshd && 1102 | ssh-keygen -A && 1103 | /usr/sbin/sshd && 1104 | tail -f /dev/null 1105 | \" 1106 | 1107 | EOF 1108 | 1109 | [[ -n $FRP_SERVER_ADDR && $FRP_SERVER_PORT =~ [0-9]+ ]] && cat >> docker-compose.yml << 'EOF' 1110 | frpc: 1111 | image: snowdreamtech/frpc 1112 | container_name: frpc 1113 | networks: 1114 | - idx 1115 | volumes: 1116 | - ./conf/frpc.toml:/frp/frpc.toml:ro 1117 | command: -c /frp/frpc.toml 1118 | restart: unless-stopped 1119 | 1120 | EOF 1121 | 1122 | if [[ $VMESS_PORT$VLESS_PORT$REALITY_PORT$HYSTERIA2_PORT$TUIC_PORT =~ [0-9]+ ]]; then 1123 | grep -q '.' <<< $ARGO_ARGS && cat >> docker-compose.yml << EOF 1124 | cloudflared: 1125 | image: cloudflare/cloudflared:latest 1126 | container_name: cloudflared 1127 | command: $ARGO_ARGS 1128 | networks: 1129 | - idx 1130 | volumes: 1131 | - ./conf/tunnel.yml:/etc/cloudflared/tunnel.yml:ro 1132 | - ./conf/tunnel.json:/etc/cloudflared/tunnel.json:ro 1133 | restart: unless-stopped 1134 | 1135 | EOF 1136 | 1137 | cat >> docker-compose.yml << 'EOF' 1138 | sing-box: 1139 | image: fscarmen/sing-box:pre 1140 | container_name: sing-box 1141 | networks: 1142 | - idx 1143 | volumes: 1144 | - ./sing-box:/etc/sing-box 1145 | command: run -c /etc/sing-box/config.json 1146 | restart: unless-stopped 1147 | 1148 | EOF 1149 | [[ $NGINX_PORT =~ [0-9]+ ]] && cat >> docker-compose.yml << 'EOF' 1150 | nginx: 1151 | image: nginx:alpine 1152 | container_name: nginx 1153 | networks: 1154 | - idx 1155 | volumes: 1156 | - ./sing-box/node.txt:/data/node.txt:ro 1157 | - ./sing-box/nginx.conf:/etc/nginx/nginx.conf:ro 1158 | restart: unless-stopped 1159 | 1160 | EOF 1161 | fi 1162 | 1163 | grep -q '.' <<< $NEZHA_SERVER && cat >> docker-compose.yml << EOF 1164 | nezha-agent: 1165 | image: fscarmen/nezha-agent:latest 1166 | container_name: nezha-agent 1167 | pid: host # 使用主机 PID 命名空间 1168 | volumes: 1169 | - /:/host:ro # 挂载主机根目录 1170 | - /proc:/host/proc:ro # 挂载主机进程信息 1171 | - /sys:/host/sys:ro # 挂载主机系统信息 1172 | - /etc:/host/etc:ro # 挂载主机配置 1173 | environment: 1174 | - NEZHA_SERVER=$NEZHA_SERVER 1175 | - NEZHA_PORT=$NEZHA_PORT 1176 | - NEZHA_KEY=$NEZHA_KEY 1177 | - NEZHA_TLS=$NEZHA_TLS 1178 | command: -s $NEZHA_SERVER:$NEZHA_PORT -p $NEZHA_KEY $NEZHA_TLS 1179 | restart: unless-stopped 1180 | 1181 | EOF 1182 | 1183 | cat >> docker-compose.yml << 'EOF' 1184 | networks: 1185 | idx: 1186 | driver: bridge 1187 | EOF 1188 | 1189 | [[ $DEBIAN_REMOTE_PORT =~ [0-9]+ ]] || [[ $UBUNTU_REMOTE_PORT =~ [0-9]+ ]] || [[ $CENTOS_REMOTE_PORT =~ [0-9]+ ]] || [[ $ALPINE_REMOTE_PORT =~ [0-9]+ ]] && cat >> docker-compose.yml << 'EOF' 1190 | 1191 | volumes: 1192 | EOF 1193 | [[ $DEBIAN_REMOTE_PORT =~ [0-9]+ ]] && cat >> docker-compose.yml << 'EOF' 1194 | debian_data: 1195 | EOF 1196 | [[ $UBUNTU_REMOTE_PORT =~ [0-9]+ ]] && cat >> docker-compose.yml << 'EOF' 1197 | ubuntu_data: 1198 | EOF 1199 | [[ $CENTOS_REMOTE_PORT =~ [0-9]+ ]] && cat >> docker-compose.yml << 'EOF' 1200 | centos9_data: 1201 | EOF 1202 | [[ $ALPINE_REMOTE_PORT =~ [0-9]+ ]] && cat >> docker-compose.yml << 'EOF' 1203 | alpine_data: 1204 | EOF"; 1205 | 1206 | # 检查并创建 frpc 配置 1207 | init-02-frpc = "[[ ! $UUID =~ ^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$ && -s conf/uuid.txt ]] && UUID=$(cat conf/uuid.txt) 1208 | [[ -n $FRP_SERVER_ADDR && $FRP_SERVER_PORT =~ [0-9]+ ]] && cat > frpc.toml << EOF 1209 | # 通用配置 1210 | serverAddr = \"$FRP_SERVER_ADDR\" 1211 | serverPort = $FRP_SERVER_PORT 1212 | loginFailExit = false 1213 | 1214 | # 认证配置 1215 | auth.method = \"token\" 1216 | auth.token = \"$FRP_AUTH_TOKEN\" 1217 | 1218 | # 传输配置 1219 | transport.heartbeatInterval = 10 1220 | transport.heartbeatTimeout = 30 1221 | transport.dialServerKeepalive = 10 1222 | transport.dialServerTimeout = 30 1223 | transport.tcpMuxKeepaliveInterval = 10 1224 | transport.poolCount = 5 1225 | 1226 | # 代理配置 1227 | EOF 1228 | [[ $DEBIAN_REMOTE_PORT =~ [0-9]+ ]] && cat >> frpc.toml << EOF 1229 | [[proxies]] 1230 | name = \"$WORKSPACE_SLUG-debian_ssh\" 1231 | type = \"tcp\" 1232 | localIP = \"debian\" 1233 | localPort = 22 1234 | remotePort = $DEBIAN_REMOTE_PORT 1235 | 1236 | EOF 1237 | [[ $UBUNTU_REMOTE_PORT =~ [0-9]+ ]] && cat >> frpc.toml << EOF 1238 | [[proxies]] 1239 | name = \"$WORKSPACE_SLUG-ubuntu_ssh\" 1240 | type = \"tcp\" 1241 | localIP = \"ubuntu\" 1242 | localPort = 22 1243 | remotePort = $UBUNTU_REMOTE_PORT 1244 | 1245 | EOF 1246 | [[ $CENTOS_REMOTE_PORT =~ [0-9]+ ]] && cat >> frpc.toml << EOF 1247 | [[proxies]] 1248 | name = \"$WORKSPACE_SLUG-centos9_ssh\" 1249 | type = \"tcp\" 1250 | localIP = \"centos9\" 1251 | localPort = 22 1252 | remotePort = $CENTOS_REMOTE_PORT 1253 | 1254 | EOF 1255 | [[ $ALPINE_REMOTE_PORT =~ [0-9]+ ]] && cat >> frpc.toml << EOF 1256 | [[proxies]] 1257 | name = \"$WORKSPACE_SLUG-alpine_ssh\" 1258 | type = \"tcp\" 1259 | localIP = \"alpine\" 1260 | localPort = 22 1261 | remotePort = $ALPINE_REMOTE_PORT 1262 | 1263 | EOF 1264 | 1265 | [[ $REALITY_PORT =~ [0-9]+ ]] && cat >> frpc.toml << EOF 1266 | [[proxies]] 1267 | name = \"$WORKSPACE_SLUG-reality\" 1268 | type = \"xtcp\" 1269 | secretKey = \"$UUID\" 1270 | localIP = \"sing-box\" 1271 | localPort = $REALITY_PORT 1272 | 1273 | EOF 1274 | 1275 | [[ $ANYTLS_PORT =~ [0-9]+ ]] && cat >> frpc.toml << EOF 1276 | [[proxies]] 1277 | name = \"$WORKSPACE_SLUG-anytls\" 1278 | type = \"xtcp\" 1279 | secretKey = \"$UUID\" 1280 | localIP = \"sing-box\" 1281 | localPort = $ANYTLS_PORT 1282 | 1283 | EOF 1284 | 1285 | [[ $HYSTERIA2_PORT =~ [0-9]+ ]] && cat >> frpc.toml << EOF 1286 | [[proxies]] 1287 | name = \"$WORKSPACE_SLUG-hysteria2\" 1288 | type = \"sudp\" 1289 | secretKey = \"$UUID\" 1290 | localIP = \"sing-box\" 1291 | localPort = $HYSTERIA2_PORT 1292 | 1293 | EOF 1294 | 1295 | [[ $TUIC_PORT =~ [0-9]+ ]] && cat >> frpc.toml << EOF 1296 | [[proxies]] 1297 | name = \"$WORKSPACE_SLUG-tuic\" 1298 | type = \"sudp\" 1299 | secretKey = \"$UUID\" 1300 | localIP = \"sing-box\" 1301 | localPort = $TUIC_PORT 1302 | 1303 | EOF 1304 | 1305 | # 把 frpc 配置文件移到 conf 工作目录 1306 | rm -rf conf/frpc.toml 1307 | mv frpc.toml conf/"; 1308 | 1309 | # 启动服务(在初始化完成后) 1310 | start-compose = "docker compose up -d"; 1311 | start-node = "cat sing-box/node.txt"; 1312 | }; 1313 | }; 1314 | }; 1315 | } 1316 | --------------------------------------------------------------------------------