├── config └── config.json ├── besttrace ├── slave.zip ├── config.json ├── gost.service ├── install-docker.sh ├── music.json ├── README.md ├── addnat.sh ├── speedtest-cli.sh ├── vps_tools.sh ├── create_self-signed-cert.sh ├── gost.sh ├── gost_dev.sh └── brook.sh /config/config.json: -------------------------------------------------------------------------------- 1 | {"api":"https://v2.178145.xyz"} 2 | -------------------------------------------------------------------------------- /besttrace: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hulisang/Port-forwarding/HEAD/besttrace -------------------------------------------------------------------------------- /slave.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hulisang/Port-forwarding/HEAD/slave.zip -------------------------------------------------------------------------------- /config.json: -------------------------------------------------------------------------------- 1 | { 2 | "Debug": true, 3 | "Retries": 0, 4 | "ServeNodes": [ 5 | "https://admin:password@0.0.0.0:44444" 6 | ] 7 | } 8 | -------------------------------------------------------------------------------- /gost.service: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description=gost 3 | After=network-online.target 4 | Wants=network-online.target systemd-networkd-wait-online.service 5 | 6 | [Service] 7 | Type=simple 8 | User=root 9 | DynamicUser=true 10 | ExecStart=/usr/bin/gost -C /etc/gost/config.json 11 | 12 | [Install] 13 | WantedBy=multi-user.target 14 | -------------------------------------------------------------------------------- /install-docker.sh: -------------------------------------------------------------------------------- 1 | function installDocker { 2 | which docker 3 | 4 | if [ $? -eq 0 ] 5 | then 6 | docker --version | grep "Docker version" 7 | if [ $? -eq 0 ] 8 | then 9 | echo "docker existing" 10 | else 11 | curl -fsSL https://get.docker.com | bash 12 | fi 13 | else 14 | curl -fsSL https://get.docker.com | bash 15 | fi 16 | } 17 | 18 | installDocker 19 | 20 | curl -L "https://github.com/docker/compose/releases/download/v2.27.0/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose 21 | chmod a+x /usr/local/bin/docker-compose 22 | rm -rf `which dc` 23 | ln -s /usr/local/bin/docker-compose /usr/bin/dc 24 | systemctl start docker.service 25 | systemctl enable docker.service 26 | -------------------------------------------------------------------------------- /music.json: -------------------------------------------------------------------------------- 1 | {"plugins":[{"name":"5sing","url":"http://adad23u.appinstall.life/dist/5sing/index.js","version":"0.1.1"},{"name":"bilibili","url":"http://adad23u.appinstall.life/dist/bilibili/index.js","version":"0.1.7"},{"name":"酷我","url":"http://adad23u.appinstall.life/dist/kuwo/index.js","version":"0.1.6"},{"name":"酷狗","url":"http://adad23u.appinstall.life/dist/kugou/index.js","version":"0.1.4"},{"name":"猫耳FM","url":"http://adad23u.appinstall.life/dist/maoerfm/index.js","version":"0.1.3"},{"name":"网易云","url":"http://adad23u.appinstall.life/dist/netease/index.js","version":"0.2.1"},{"name":"千千音乐","url":"http://adad23u.appinstall.life/dist/qianqian/index.js","version":"0.1.2"},{"name":"咪咕","url":"http://adad23u.appinstall.life/dist/migu/index.js","version":"0.2.0"},{"name":"喜马拉雅","url":"http://adad23u.appinstall.life/dist/xmly/index.js","version":"0.1.4"},{"name":"全民K歌","url":"http://adad23u.appinstall.life/dist/qmkg/index.js","version":"0.1.0"},{"name":"QQ音乐","url":"http://adad23u.appinstall.life/dist/qq/index.js","version":"0.2.1"}]} 2 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # brook-pf-mod 2 | brook一键端口转发 3 | 4 | 5 | wget https://raw.githubusercontent.com/hulisang/Port-forwarding/master/brook.sh && chmod +x brook.sh && bash brook.sh 6 | 7 | 8 | # gost 9 | 10 | wget https://raw.githubusercontent.com/hulisang/Port-forwarding/master/gost.sh && chmod +x gost.sh && bash gost.sh 11 | 12 | 13 | # gost 配置文件版 14 | 15 | wget https://raw.githubusercontent.com/hulisang/Port-forwarding/master/gost_dev.sh && chmod +x gost_dev.sh && bash gost_dev.sh 16 | 17 | 18 | ## install docker and docker-compose(dc) 19 | 20 | wget https://raw.githubusercontent.com/hulisang/Port-forwarding/master/install-docker.sh && chmod +x install-docker.sh && bash install-docker.sh 21 | 22 | # 生成自签证书 23 | wget https://raw.githubusercontent.com/hulisang/Port-forwarding/master/create_self-signed-cert.sh && chmod +x create_self-signed-cert.sh && bash create_self-signed-cert.sh --ssl-domain=www.test.com 24 | 25 | --ssl-domain: 生成ssl证书需要的主域名,如不指定则默认为www.rancher.local,如果是ip访问服务,则可忽略; 26 | --ssl-trusted-ip: 一般ssl证书只信任域名的访问请求,有时候需要使用ip去访问server,那么需要给ssl证书添加扩展IP,多个IP用逗号隔开; 27 | --ssl-trusted-domain: 如果想多个域名访问,则添加扩展域名(TRUSTED_DOMAIN),多个TRUSTED_DOMAIN用逗号隔开; 28 | --ssl-size: ssl加密位数,默认2048; 29 | --ssl-cn: 国家代码(2个字母的代号),默认CN; 30 | 使用示例: 31 | ./create_self-signed-cert.sh --ssl-domain=www.test.com --ssl-trusted-domain=www.test2.com \ 32 | --ssl-trusted-ip=1.1.1.1,2.2.2.2,3.3.3.3 --ssl-size=2048 --ssl-date=3650 33 | -------------------------------------------------------------------------------- /addnat.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | echo -e "Please input your server main ip" 3 | stty erase '^H' && read -p "(such as 8.8.8.8):" main_ip 4 | [[ -z "${main_ip}" ]] && echo -e "cancel..." && exit 1 5 | echo -e "Please input how many /24 you want to use, max is 5" 6 | stty erase '^H' && read -p "(such as 1):" user_ip_num 7 | [[ -z "${user_ip_num}" ]] && echo -e "cancel..." && exit 1 8 | iptables -t nat -F 9 | iptables -t nat -A POSTROUTING -o ens3 -j SNAT --to ${main_ip} 10 | user_ip_head="10.0." 11 | for (( c = 1; c <= ${user_ip_num}; c++ ));do 12 | for (( d = 1; d <= 100; d++ ));do 13 | user_ip=${user_ip_head}${c}"."${d} 14 | if (("$d" < 10)); then 15 | ssh_port="6"${c}"00"${d} 16 | user_port_first="100"${d}"0" 17 | user_port_last="100"${d}"9" 18 | elif (("$d" < 100)); then 19 | ssh_port="6"${c}"0"${d} 20 | user_port_first="10"${d}"0" 21 | user_port_last="10"${d}"9" 22 | else 23 | ssh_port="6"${c}${d} 24 | user_port_first="1"${d}"0" 25 | user_port_last="1"${d}"9" 26 | fi 27 | iptables -t nat -A PREROUTING -i ens3 -p tcp -m tcp --dport ${ssh_port} -j DNAT --to-destination ${user_ip}:22 28 | iptables -t nat -A PREROUTING -i ens3 -p tcp -m tcp --dport ${user_port_first}:${user_port_last} -j DNAT --to-destination ${user_ip} 29 | iptables -t nat -A PREROUTING -i ens3 -p udp -m udp --dport ${user_port_first}:${user_port_last} -j DNAT --to-destination ${user_ip} 30 | done 31 | done 32 | service iptables save 33 | service iptables restart 34 | echo -e "It seems done" 35 | 36 | -------------------------------------------------------------------------------- /speedtest-cli.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | # 3 | # Copyright (c) 2020-2021 P3TERX 4 | # 5 | # This is free software, licensed under the MIT License. 6 | # See /LICENSE for more information. 7 | # 8 | # https://github.com/P3TERX/script 9 | # File name: speedtest-cli.sh 10 | # Description: Install Ookla Speedtest CLI 11 | # System Required: GNU/Linux 12 | # Version: 1.3 13 | # 14 | 15 | set -o errexit 16 | set -o errtrace 17 | set -o pipefail 18 | 19 | Green_font_prefix="\033[32m" 20 | Red_font_prefix="\033[31m" 21 | Green_background_prefix="\033[42;37m" 22 | Red_background_prefix="\033[41;37m" 23 | Font_color_suffix="\033[0m" 24 | INFO="[${Green_font_prefix}INFO${Font_color_suffix}]" 25 | ERROR="[${Red_font_prefix}ERROR${Font_color_suffix}]" 26 | 27 | PROJECT_NAME='Ookla Speedtest CLI' 28 | BIN_DIR='/usr/local/bin' 29 | BIN_NAME='speedtest' 30 | BIN_FILE="${BIN_DIR}/${BIN_NAME}" 31 | 32 | if [[ $(uname -s) != Linux ]]; then 33 | echo -e "${ERROR} This operating system is not supported." 34 | exit 1 35 | fi 36 | 37 | if [[ $(id -u) != 0 ]]; then 38 | echo -e "${ERROR} This script must be run as root." 39 | exit 1 40 | fi 41 | 42 | echo -e "${INFO} Get CPU architecture ..." 43 | if [[ $(command -v apk) ]]; then 44 | PKGT='(apk)' 45 | OS_ARCH=$(apk --print-arch) 46 | elif [[ $(command -v dpkg) ]]; then 47 | PKGT='(dpkg)' 48 | OS_ARCH=$(dpkg --print-architecture | awk -F- '{ print $NF }') 49 | else 50 | OS_ARCH=$(uname -m) 51 | fi 52 | case ${OS_ARCH} in 53 | *86) 54 | FILE_KEYWORD='i386' 55 | ;; 56 | x86_64 | amd64) 57 | FILE_KEYWORD='x86_64' 58 | ;; 59 | aarch64 | arm64) 60 | FILE_KEYWORD='aarch64' 61 | ;; 62 | arm*) 63 | FILE_KEYWORD='arm' 64 | ;; 65 | *) 66 | echo -e "${ERROR} Unsupported architecture: ${OS_ARCH} ${PKGT}" 67 | exit 1 68 | ;; 69 | esac 70 | echo -e "${INFO} Architecture: ${OS_ARCH} ${PKGT}" 71 | 72 | echo -e "${INFO} Get ${PROJECT_NAME} download URL ..." 73 | DOWNLOAD_URL="https://install.speedtest.net/app/cli/ookla-speedtest-1.2.0-linux-${FILE_KEYWORD}.tgz" 74 | echo -e "${INFO} Download URL: ${DOWNLOAD_URL}" 75 | 76 | echo -e "${INFO} Installing ${PROJECT_NAME} ..." 77 | curl -LS "${DOWNLOAD_URL}" | tar xzC ${BIN_DIR} ${BIN_NAME} 78 | chmod +x ${BIN_FILE} 79 | if [[ ! $(echo ${PATH} | grep ${BIN_DIR}) ]]; then 80 | ln -sf ${BIN_FILE} /usr/bin/${BIN_NAME} 81 | fi 82 | if [[ -s ${BIN_FILE} && $(${BIN_NAME} --version) ]]; then 83 | echo -e "${INFO} Done." 84 | else 85 | echo -e "${ERROR} ${PROJECT_NAME} installation failed !" 86 | exit 1 87 | fi 88 | -------------------------------------------------------------------------------- /vps_tools.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | export LC_ALL=C 3 | export LANG=C 4 | export LANGUAGE=en_US.UTF-8 5 | 6 | if [[ $(/usr/bin/id -u) -ne 0 ]]; then 7 | sudoCmd="sudo" 8 | else 9 | sudoCmd="" 10 | fi 11 | 12 | # copied from v2ray official script 13 | # colour code 14 | RED="31m" # Error message 15 | GREEN="32m" # Success message 16 | YELLOW="33m" # Warning message 17 | BLUE="36m" # Info message 18 | # colour function 19 | colorEcho(){ 20 | echo -e "\033[${1}${@:2}\033[0m" 1>& 2 21 | } 22 | 23 | #copied & modified from atrandys trojan scripts 24 | #copy from 秋水逸冰 ss scripts 25 | if [[ -f /etc/redhat-release ]]; then 26 | release="centos" 27 | systemPackage="yum" 28 | #colorEcho ${RED} "unsupported OS" 29 | #exit 0 30 | elif cat /etc/issue | grep -Eqi "debian"; then 31 | release="debian" 32 | systemPackage="apt-get" 33 | elif cat /etc/issue | grep -Eqi "ubuntu"; then 34 | release="ubuntu" 35 | systemPackage="apt-get" 36 | elif cat /etc/issue | grep -Eqi "centos|red hat|redhat"; then 37 | release="centos" 38 | systemPackage="yum" 39 | #colorEcho ${RED} "unsupported OS" 40 | #exit 0 41 | elif cat /proc/version | grep -Eqi "debian"; then 42 | release="debian" 43 | systemPackage="apt-get" 44 | elif cat /proc/version | grep -Eqi "ubuntu"; then 45 | release="ubuntu" 46 | systemPackage="apt-get" 47 | elif cat /proc/version | grep -Eqi "centos|red hat|redhat"; then 48 | release="centos" 49 | systemPackage="yum" 50 | #colorEcho ${RED} "unsupported OS" 51 | #exit 0 52 | fi 53 | 54 | # a trick to redisplay menu option 55 | show_menu() { 56 | echo "1) 安装加速" 57 | echo "2) 设置Swap" 58 | echo "3) 卸载阿里云盾" 59 | echo "4) 性能测试(LemonBench)" 60 | echo "5) 性能测试(Oldking)" 61 | } 62 | 63 | continue_prompt() { 64 | read -p "继续其他操作 (yes/no)? " choice 65 | case "${choice}" in 66 | y|Y|[yY][eE][sS] ) show_menu ;; 67 | * ) exit 0;; 68 | esac 69 | } 70 | 71 | netSpeed() { 72 | ${sudoCmd} ${systemPackage} install curl -y -qq 73 | wget -q -N https://raw.githubusercontent.com/ylx2016/Linux-NetSpeed/master/tcp.sh -O /tmp/tcp.sh && chmod +x /tmp/tcp.sh && ${sudoCmd} /tmp/tcp.sh 74 | } 75 | 76 | setSwap() { 77 | ${sudoCmd} ${systemPackage} install curl -y -qq 78 | curl -sL https://raw.githubusercontent.com/phlinhng/v2ray-tcp-tls-web/master/tools/set_swap.sh | bash 79 | } 80 | 81 | rmAliyundun() { 82 | ${sudoCmd} ${systemPackage} install curl -y -qq 83 | curl -sL https://raw.githubusercontent.com/phlinhng/v2ray-tcp-tls-web/master/tools/rm_aliyundun.sh | bash 84 | } 85 | 86 | # credit: https://github.com/LemonBench/LemonBench 87 | LemonBench() { 88 | ${sudoCmd} ${systemPackage} install curl -y -qq 89 | curl -sL https://raw.githubusercontent.com/LemonBench/LemonBench/master/LemonBench.sh | bash -s -- --mode fast 90 | } 91 | 92 | # credit: https://www.oldking.net/350.html 93 | Oldking() { 94 | ${sudoCmd} ${systemPackage} install wget -y -qq 95 | wget https://raw.githubusercontent.com/oooldking/script/master/superspeed.sh && chmod +x superspeed.sh && ./superspeed.sh 96 | } 97 | 98 | menu() { 99 | cd "$(dirname "$0")" 100 | colorEcho ${YELLOW} "VPS Toolkit by phlinhng" 101 | echo "" 102 | 103 | PS3="选择操作[输入任意值或按Ctrl+C退出]: " 104 | COLUMNS=39 105 | options=("安装加速" "设置Swap" "卸载阿里云盾" "性能测试(LemonBench)" "性能测试(Oldking)") 106 | select opt in "${options[@]}" 107 | do 108 | case "${opt}" in 109 | "安装加速") netSpeed && continue_prompt ;; 110 | "设置Swap") setSwap && continue_prompt ;; 111 | "卸载阿里云盾") rmAliyundun && continue_prompt ;; 112 | "性能测试(LemonBench)") LemonBench && exit 0 ;; 113 | "性能测试(Oldking)") Oldking && exit 0 ;; 114 | *) break;; 115 | esac 116 | done 117 | 118 | } 119 | 120 | menu 121 | -------------------------------------------------------------------------------- /create_self-signed-cert.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | help () 4 | { 5 | echo ' ================================================================ ' 6 | echo ' --ssl-domain: 生成ssl证书需要的主域名,如不指定则默认为www.rancher.local,如果是ip访问服务,则可忽略;' 7 | echo ' --ssl-trusted-ip: 一般ssl证书只信任域名的访问请求,有时候需要使用ip去访问server,那么需要给ssl证书添加扩展IP,多个IP用逗号隔开;' 8 | echo ' --ssl-trusted-domain: 如果想多个域名访问,则添加扩展域名(SSL_TRUSTED_DOMAIN),多个扩展域名用逗号隔开;' 9 | echo ' --ssl-size: ssl加密位数,默认2048;' 10 | echo ' --ssl-cn: 国家代码(2个字母的代号),默认CN;' 11 | echo ' --ca-cert-recreate: 是否重新创建 ca-cert,ca 证书默认有效期 10 年,创建的 ssl 证书有效期如果是一年需要续签,那么可以直接复用原来的 ca 证书,默认 false;' 12 | echo ' 使用示例:' 13 | echo ' ./create_self-signed-cert.sh --ssl-domain=www.test.com --ssl-trusted-domain=www.test2.com \ ' 14 | echo ' --ssl-trusted-ip=1.1.1.1,2.2.2.2,3.3.3.3 --ssl-size=2048 --ssl-date=3650' 15 | echo ' ================================================================' 16 | } 17 | 18 | case "$1" in 19 | -h|--help) help; exit;; 20 | esac 21 | 22 | if [[ $1 == '' ]];then 23 | help; 24 | exit; 25 | fi 26 | 27 | CMDOPTS="$*" 28 | for OPTS in $CMDOPTS; 29 | do 30 | key=$(echo ${OPTS} | awk -F"=" '{print $1}' ) 31 | value=$(echo ${OPTS} | awk -F"=" '{print $2}' ) 32 | case "$key" in 33 | --ssl-domain) SSL_DOMAIN=$value ;; 34 | --ssl-trusted-ip) SSL_TRUSTED_IP=$value ;; 35 | --ssl-trusted-domain) SSL_TRUSTED_DOMAIN=$value ;; 36 | --ssl-size) SSL_SIZE=$value ;; 37 | --ssl-date) SSL_DATE=$value ;; 38 | --ca-date) CA_DATE=$value ;; 39 | --ssl-cn) CN=$value ;; 40 | --ca-cert-recreate) CA_CERT_RECREATE=$value ;; 41 | --ca-key-recreate) CA_KEY_RECREATE=$value ;; 42 | esac 43 | done 44 | 45 | # CA相关配置 46 | CA_KEY_RECREATE=${CA_KEY_RECREATE:-false} 47 | CA_CERT_RECREATE=${CA_CERT_RECREATE:-false} 48 | 49 | CA_DATE=${CA_DATE:-3650} 50 | CA_KEY=${CA_KEY:-cakey.pem} 51 | CA_CERT=${CA_CERT:-cacerts.pem} 52 | CA_DOMAIN=cattle-ca 53 | 54 | # ssl相关配置 55 | SSL_CONFIG=${SSL_CONFIG:-$PWD/openssl.cnf} 56 | SSL_DOMAIN=${SSL_DOMAIN:-'www.rancher.local'} 57 | SSL_DATE=${SSL_DATE:-3650} 58 | SSL_SIZE=${SSL_SIZE:-2048} 59 | 60 | ## 国家代码(2个字母的代号),默认CN; 61 | CN=${CN:-CN} 62 | 63 | SSL_KEY=$SSL_DOMAIN.key 64 | SSL_CSR=$SSL_DOMAIN.csr 65 | SSL_CERT=$SSL_DOMAIN.crt 66 | 67 | echo -e "\033[32m ---------------------------- \033[0m" 68 | echo -e "\033[32m | 生成 SSL Cert | \033[0m" 69 | echo -e "\033[32m ---------------------------- \033[0m" 70 | 71 | # 如果存在 ca-key, 并且需要重新创建 ca-key 72 | if [[ -e ./${CA_KEY} ]] && [[ ${CA_KEY_RECREATE} == 'true' ]]; then 73 | 74 | # 先备份旧 ca-key,然后重新创建 ca-key 75 | echo -e "\033[32m ====> 1. 发现已存在 CA 私钥,备份 "${CA_KEY}" 为 "${CA_KEY}"-bak,然后重新创建 \033[0m" 76 | mv ${CA_KEY} "${CA_KEY}"-bak-$(date +"%Y%m%d%H%M") 77 | openssl genrsa -out ${CA_KEY} ${SSL_SIZE} 78 | 79 | # 如果存在 ca-cert,因为 ca-key 重新创建,则需要重新创建 ca-cert。先备份然后重新创建 ca-cert 80 | if [[ -e ./${CA_CERT} ]]; then 81 | echo -e "\033[32m ====> 2. 发现已存在 CA 证书,先备份 "${CA_CERT}" 为 "${CA_CERT}"-bak,然后重新创建 \033[0m" 82 | mv ${CA_CERT} "${CA_CERT}"-bak-$(date +"%Y%m%d%H%M") 83 | openssl req -x509 -sha256 -new -nodes -key ${CA_KEY} -days ${CA_DATE} -out ${CA_CERT} -subj "/C=${CN}/CN=${CA_DOMAIN}" 84 | else 85 | # 如果不存在 ca-cert,直接创建 ca-cert 86 | echo -e "\033[32m ====> 2. 生成新的 CA 证书 ${CA_CERT} \033[0m" 87 | openssl req -x509 -sha256 -new -nodes -key ${CA_KEY} -days ${CA_DATE} -out ${CA_CERT} -subj "/C=${CN}/CN=${CA_DOMAIN}" 88 | fi 89 | 90 | # 如果存在 ca-key,并且不需要重新创建 ca-key 91 | elif [[ -e ./${CA_KEY} ]] && [[ ${CA_KEY_RECREATE} == 'false' ]]; then 92 | 93 | # 存在旧 ca-key,不需要重新创建,直接复用 94 | echo -e "\033[32m ====> 1. 发现已存在 CA 私钥,直接复用 CA 私钥 "${CA_KEY}" \033[0m" 95 | 96 | # 如果存在 ca-cert,并且需要重新创建 ca-cert。先备份然后重新创建 97 | if [[ -e ./${CA_CERT} ]] && [[ ${CA_CERT_RECREATE} == 'true' ]]; then 98 | echo -e "\033[32m ====> 2. 发现已存在 CA 证书,先备份 "${CA_CERT}" 为 "${CA_CERT}"-bak,然后重新创建 \033[0m" 99 | mv ${CA_CERT} "${CA_CERT}"-bak-$(date +"%Y%m%d%H%M") 100 | openssl req -x509 -sha256 -new -nodes -key ${CA_KEY} -days ${CA_DATE} -out ${CA_CERT} -subj "/C=${CN}/CN=${CA_DOMAIN}" 101 | 102 | # 如果存在 ca-cert,并且不需要重新创建 ca-cert,直接复用 103 | elif [[ -e ./${CA_CERT} ]] && [[ ${CA_CERT_RECREATE} == 'false' ]]; then 104 | echo -e "\033[32m ====> 2. 发现已存在 CA 证书,直接复用 CA 证书 "${CA_CERT}" \033[0m" 105 | else 106 | # 如果不存在 ca-cert ,直接创建 ca-cert 107 | echo -e "\033[32m ====> 2. 生成新的 CA 证书 ${CA_CERT} \033[0m" 108 | openssl req -x509 -sha256 -new -nodes -key ${CA_KEY} -days ${CA_DATE} -out ${CA_CERT} -subj "/C=${CN}/CN=${CA_DOMAIN}" 109 | fi 110 | 111 | # 如果不存在 ca-key 112 | else 113 | # ca-key 不存在,直接生成 114 | echo -e "\033[32m ====> 1. 生成新的 CA 私钥 ${CA_KEY} \033[0m" 115 | openssl genrsa -out ${CA_KEY} ${SSL_SIZE} 116 | 117 | # 如果存在旧的 ca-cert,先做备份,然后重新生成 ca-cert 118 | if [[ -e ./${CA_CERT} ]]; then 119 | echo -e "\033[32m ====> 2. 发现已存在 CA 证书,先备份 "${CA_CERT}" 为 "${CA_CERT}"-bak,然后重新创建 \033[0m" 120 | mv ${CA_CERT} "${CA_CERT}"-bak-$(date +"%Y%m%d%H%M") 121 | openssl req -x509 -sha256 -new -nodes -key ${CA_KEY} -days ${CA_DATE} -out ${CA_CERT} -subj "/C=${CN}/CN=${CA_DOMAIN}" 122 | else 123 | # 不存在旧的 ca-cert,直接生成 ca-cert 124 | echo -e "\033[32m ====> 2. 生成新的 CA 证书 ${CA_CERT} \033[0m" 125 | openssl req -x509 -sha256 -new -nodes -key ${CA_KEY} -days ${CA_DATE} -out ${CA_CERT} -subj "/C=${CN}/CN=${CA_DOMAIN}" 126 | fi 127 | 128 | fi 129 | 130 | echo -e "\033[32m ====> 3. 生成 Openssl 配置文件 ${SSL_CONFIG} \033[0m" 131 | cat > ${SSL_CONFIG} <> ${SSL_CONFIG} <> ${SSL_CONFIG} 152 | done 153 | 154 | if [[ -n ${SSL_TRUSTED_IP} ]]; then 155 | ip=(${SSL_TRUSTED_IP}) 156 | for i in "${!ip[@]}"; do 157 | echo IP.$((i+1)) = ${ip[$i]} >> ${SSL_CONFIG} 158 | done 159 | fi 160 | fi 161 | 162 | echo -e "\033[32m ====> 4. 生成服务 SSL KEY ${SSL_KEY} \033[0m" 163 | openssl genrsa -out ${SSL_KEY} ${SSL_SIZE} 164 | 165 | echo -e "\033[32m ====> 5. 生成服务 SSL CSR ${SSL_CSR} \033[0m" 166 | openssl req -sha256 -new -key ${SSL_KEY} -out ${SSL_CSR} -subj "/C=${CN}/CN=${SSL_DOMAIN}" -config ${SSL_CONFIG} 167 | 168 | echo -e "\033[32m ====> 6. 生成服务 SSL CERT ${SSL_CERT} \033[0m" 169 | openssl x509 -sha256 -req -in ${SSL_CSR} -CA ${CA_CERT} \ 170 | -CAkey ${CA_KEY} -CAcreateserial -out ${SSL_CERT} \ 171 | -days ${SSL_DATE} -extensions v3_req \ 172 | -extfile ${SSL_CONFIG} 173 | 174 | echo -e "\033[32m ====> 7. 证书制作完成 \033[0m" 175 | echo 176 | echo -e "\033[32m ====> 8. 以 YAML 格式输出结果 \033[0m" 177 | echo "----------------------------------------------------------" 178 | echo "ca_key: |" 179 | cat $CA_KEY | sed 's/^/ /' 180 | echo 181 | echo "ca_cert: |" 182 | cat $CA_CERT | sed 's/^/ /' 183 | echo 184 | echo "ssl_key: |" 185 | cat $SSL_KEY | sed 's/^/ /' 186 | echo 187 | echo "ssl_csr: |" 188 | cat $SSL_CSR | sed 's/^/ /' 189 | echo 190 | echo "ssl_cert: |" 191 | cat $SSL_CERT | sed 's/^/ /' 192 | echo 193 | 194 | echo -e "\033[32m ====> 9. 附加 CA 证书到 Cert 文件 \033[0m" 195 | cat ${CA_CERT} >> ${SSL_CERT} 196 | echo "ssl_cert: |" 197 | cat $SSL_CERT | sed 's/^/ /' 198 | echo 199 | 200 | echo -e "\033[32m ====> 10. 重命名服务证书 \033[0m" 201 | echo "cp ${SSL_DOMAIN}.key tls.key" 202 | cp ${SSL_DOMAIN}.key tls.key 203 | echo "cp ${SSL_DOMAIN}.crt tls.crt" 204 | cp ${SSL_DOMAIN}.crt tls.crt 205 | -------------------------------------------------------------------------------- /gost.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:~/bin 3 | export PATH 4 | 5 | sh_ver=1.0.1 6 | Green_font_prefix="\033[32m" && Red_font_prefix="\033[31m" && Green_background_prefix="\033[42;37m" && Red_background_prefix="\033[41;37m" && Font_color_suffix="\033[0m" 7 | Info="${Green_font_prefix}[信息]${Font_color_suffix}" 8 | Error="${Red_font_prefix}[错误]${Font_color_suffix}" 9 | Tip="${Green_font_prefix}[注意]${Font_color_suffix}" 10 | 11 | check_sys(){ 12 | if [[ -f /etc/redhat-release ]]; then 13 | release="centos" 14 | elif cat /etc/issue | grep -q -E -i "debian"; then 15 | release="debian" 16 | elif cat /etc/issue | grep -q -E -i "ubuntu"; then 17 | release="ubuntu" 18 | elif cat /etc/issue | grep -q -E -i "centos|red hat|redhat"; then 19 | release="centos" 20 | elif cat /proc/version | grep -q -E -i "debian"; then 21 | release="debian" 22 | elif cat /proc/version | grep -q -E -i "ubuntu"; then 23 | release="ubuntu" 24 | elif cat /proc/version | grep -q -E -i "centos|red hat|redhat"; then 25 | release="centos" 26 | fi 27 | bit=$(uname -m) 28 | if test "$bit" != "x86_64"; then 29 | echo "请输入你的芯片架构,/386/armv5/armv6/armv7/armv8" 30 | read bit 31 | else bit="amd64" 32 | fi 33 | } 34 | 35 | Installation_dependency(){ 36 | gzip_ver=$(gzip -V) 37 | if [[ -z ${gzip_ver} ]]; then 38 | if [[ ${release} == "centos" ]]; then 39 | yum update 40 | yum install -y gzip 41 | yum install -y curl 42 | yum install -y wget 43 | yum install -y epel-release 44 | yum install -y nload net-tools htop 45 | else 46 | apt-get update 47 | apt-get install -y gzip 48 | fi 49 | fi 50 | } 51 | 52 | check_root(){ 53 | [[ $EUID != 0 ]] && echo -e "${Error} 当前非ROOT账号(或没有ROOT权限),无法继续操作,请更换ROOT账号或使用 ${Green_background_prefix}sudo su${Font_color_suffix} 命令获取临时ROOT权限(执行后可能会提示输入当前账号的密码)。" && exit 1 54 | } 55 | 56 | check_new_ver(){ 57 | ct_new_ver=$(wget --no-check-certificate -qO- -t2 -T3 https://api.github.com/repos/ginuerzh/gost/releases/latest| grep "tag_name"| head -n 1| awk -F ":" '{print $2}'| sed 's/\"//g;s/,//g;s/ //g;s/v//g') 58 | if [[ -z ${ct_new_ver} ]]; then 59 | echo -e "${Error} gost 最新版本获取失败,请手动获取最新版本号[ https://github.com/ginuerzh/gost/releases ]" 60 | read -e -p "请输入版本号 [ 格式 x.x.xx , 如 2.11.0 ] :" ct_new_ver 61 | [[ -z "${ct_new_ver}" ]] && echo "取消..." && exit 1 62 | else 63 | echo -e "${Info} gost 目前最新版本为 ${ct_new_ver}" 64 | fi 65 | } 66 | check_file(){ 67 | if test ! -d "/usr/lib/systemd/system/";then 68 | `mkdir /usr/lib/systemd/system` 69 | `chmod -R 777 /usr/lib/systemd/system` 70 | fi 71 | } 72 | check_nor_file(){ 73 | `rm -rf "$(pwd)"/gost` 74 | `rm -rf "$(pwd)"/gost.service` 75 | `rm -rf "$(pwd)"/config.json` 76 | 77 | `rm -rf /etc/gost` 78 | `rm -rf /usr/lib/systemd/system/gost.service` 79 | `rm -rf /usr/bin/gost` 80 | } 81 | 82 | Install_ct(){ 83 | check_root 84 | check_nor_file 85 | Installation_dependency 86 | check_file 87 | check_sys 88 | check_new_ver 89 | `wget --no-check-certificate https://github.com/ginuerzh/gost/releases/download/v"$ct_new_ver"/gost-linux-"$bit"-"$ct_new_ver".gz` 90 | `gunzip gost-linux-"$bit"-"$ct_new_ver".gz` 91 | `mv gost-linux-"$bit"-"$ct_new_ver" gost` 92 | `mv gost /usr/bin/gost` 93 | `chmod -R 777 /usr/bin/gost` 94 | `wget --no-check-certificate http://pay.1loli.pw/gost/gost.service && chmod -R 777 gost.service && mv gost.service /usr/lib/systemd/system` 95 | `mkdir /etc/gost && wget --no-check-certificate http://pay.1loli.pw/gost/config.json && mv config.json /etc/gost && chmod -R 777 /etc/gost` 96 | `systemctl enable gost && systemctl restart gost` 97 | echo "------------------------------" 98 | if test -a /usr/bin/gost -a /usr/lib/systemctl/gost.service -a /etc/gost/config.json;then 99 | echo "${Green_font_prefix}gost似乎安装成功${Font_color_suffix}" 100 | `rm -rf "$(pwd)"/gost` 101 | `rm -rf "$(pwd)"/gost.service` 102 | `rm -rf "$(pwd)"/config.json` 103 | 104 | else 105 | echo "${Red_font_prefix}gost没有安装成功${Font_color_suffix}" 106 | `rm -rf "$(pwd)"/gost` 107 | `rm -rf "$(pwd)"/gost.service` 108 | `rm -rf "$(pwd)"/config.json` 109 | 110 | fi 111 | } 112 | 113 | Uninstall_ct(){ 114 | `rm -rf /usr/bin/gost` 115 | `rm -rf /usr/lib/systemd/system/gost.service` 116 | `rm -rf /etc/gost` 117 | 118 | echo "${Red_font_prefix}gost已经成功删除${Font_color_suffix}" 119 | } 120 | 121 | Start_ct(){ 122 | `systemctl start gost` 123 | echo "${Green_font_prefix}已启动${Font_color_suffix}" 124 | } 125 | 126 | Stop_ct(){ 127 | `systemctl stop gost` 128 | echo "${Green_font_prefix}已停止${Font_color_suffix}" 129 | } 130 | 131 | Restart_ct(){ 132 | `systemctl restart gost` 133 | echo "${Green_font_prefix}已重启${Font_color_suffix}" 134 | } 135 | 136 | 137 | WEBSOCKET_M(){ 138 | `systemctl restart gost` 139 | read -e -p " 请输入传输方式(ws/wss/mws/mwss [+tls]):" method12 140 | read -e -p " 请输入监听端口:" inport 141 | read -e -p " 请输入目标IP:" ipout 142 | read -e -p " 请输入目标端口:" inport2 143 | read -e -p " 请输入终点端口:" inport3 144 | read -e -p " 是否启用调试模式(y/n):" testmode 145 | 146 | if [[ ${testmode} == "n" ]]; then 147 | echo "nohup gost -L=:${inport}/${ipout}:${inport3} -F=${method12}://${ipout}:${inport2}/api >/dev/null 2>&1 &" 148 | nohup gost -L=:${inport}/${ipout}:${inport3} -F=${method12}://${ipout}:${inport2}/api >/dev/null 2>&1 & 149 | else 150 | echo "gost -L=:${inport}/${ipout}:${inport3} -F=${method12}://${ipout}:${inport2}/api " 151 | gost -L=:${inport}/${ipout}:${inport3} -F=${method12}://${ipout}:${inport2}/api 152 | fi 153 | 154 | 155 | 156 | } 157 | 158 | ADDCILENT_ct(){ 159 | `systemctl restart gost` 160 | 161 | read -e -p " 请输入传输方式(ws/wss/wss+tls/mwss/mwss+tls)" method13 162 | read -e -p " 请输入监听端口" inport2 163 | read -e -p " 请输入ws 参数(如果不知道请直接回车):" type4 164 | [[ -z "${type4}" ]] && type4="?path=/api&rbuf=4096&wbuf=4096&compression=false" 165 | read -e -p " 是否启用调试模式(y/n):" testmode 166 | 167 | if [[ ${testmode} == "n" ]]; then 168 | echo "nohup gost -D -L "${method13}://${ipout}:${inport2}${type4}" >/dev/null 2>&1 &" 169 | nohup gost -D -L "${method13}://${ipout}:${inport2}${type4}" >/dev/null 2>&1 & 170 | else 171 | echo "gost -D -L "${method13}://${ipout}:${inport2}${type4}" " 172 | gost -D -L "${method13}://${ipout}:${inport2}${type4}" 173 | fi 174 | } 175 | 176 | 177 | 178 | 179 | echo && echo -e " gost 一键管理脚本 ${Red_font_prefix}[v${sh_ver}]${Font_color_suffix} 180 | --------gost tunnel--------- 181 | ---- 安装程序基于fiisi ----- 182 | -------- 2020/3/22 --------- 183 | 184 | ${Green_font_prefix}1.${Font_color_suffix} 安装 gost 185 | ${Green_font_prefix}2.${Font_color_suffix} 卸载 gost 186 | ———————————— 187 | ${Green_font_prefix}3.${Font_color_suffix} 启动 gost 188 | ${Green_font_prefix}4.${Font_color_suffix} 停止 gost 189 | ${Green_font_prefix}5.${Font_color_suffix} 重启 gost 190 | ———————————— 191 | ${Green_font_prefix}6.${Font_color_suffix} 设置 gost中转端 192 | ${Green_font_prefix}7.${Font_color_suffix} 设置 gost客户端 193 | ————————————" && echo 194 | read -e -p " 请输入数字 [1-7]:" num 195 | case "$num" in 196 | 1) 197 | Install_ct 198 | ;; 199 | 2) 200 | Uninstall_ct 201 | ;; 202 | 3) 203 | Start_ct 204 | ;; 205 | 4) 206 | Stop_ct 207 | ;; 208 | 5) 209 | Restart_ct 210 | ;; 211 | 6) 212 | WEBSOCKET_M 213 | ;; 214 | 7) 215 | ADDCILENT_ct 216 | ;; 217 | *) 218 | echo "请输入正确数字 [1-5]" 219 | ;; 220 | esac 221 | -------------------------------------------------------------------------------- /gost_dev.sh: -------------------------------------------------------------------------------- 1 | #! /bin/bash 2 | 3 | sh_ver=1.0.1 4 | Green_font_prefix="\033[32m" && Red_font_prefix="\033[31m" && Green_background_prefix="\033[42;37m" && Red_background_prefix="\033[41;37m" && Font_color_suffix="\033[0m" 5 | Info="${Green_font_prefix}[信息]${Font_color_suffix}" 6 | Error="${Red_font_prefix}[错误]${Font_color_suffix}" 7 | Tip="${Green_font_prefix}[注意]${Font_color_suffix}" 8 | 9 | outinstalltls(){ 10 | echo -n "是否自定义ssl证书y/n:" 11 | read iftls 12 | if test $iftls = y;then 13 | echo "请输入tls证书地址格式为?cert=/path/to/my/cert/file&key=/path/to/my/key/file:" 14 | read tlsaddress 15 | fi 16 | } 17 | 18 | installtls(){ 19 | echo -n "请问是否验证证书y/n:" 20 | read iftls 21 | if test $iftls = y;then 22 | tlsaddress="?secure=true" 23 | fi 24 | } 25 | 26 | check_outtls(){ 27 | if test $protocol = "tls" -o $protocol = "https" -o $protocol = "wss" -o $protocol = "mwss" -o $protocol = "relay+tls";then 28 | if test $inorout -eq 1;then 29 | installtls 30 | else 31 | outinstalltls 32 | fi 33 | fi 34 | } 35 | 36 | installbefore(){ 37 | echo -n "请问需要设置多少个本地监听端口?" 38 | read allinstallbeforenum 39 | installbeforenum=1 40 | echo "{ 41 | \"Debug\": true, 42 | \"Retries\": 0, 43 | \"Routes\": [" >> /tmp/gost_config.json 44 | while test "$installbeforenum" -le "$allinstallbeforenum" 45 | do 46 | check_protocol 47 | echo -n "本地监听端口:" 48 | read inport 49 | echo -n "目的地ip(需要被转发ip):" 50 | read ipother 51 | echo -n "需要被转发端口(通常为ssr端口):" 52 | read portother 53 | installafter 54 | echo "{ 55 | \"ServeNodes\": [" >> /tmp/gost_config.json 56 | if test $protocol = "relay+tls";then 57 | echo "\""udp"://0.0.0.0:"$inport"/"$ipother":"$portother"\"," >> /tmp/gost_config.json 58 | fi 59 | echo "\""tcp"://0.0.0.0:"$inport"/"$ipother":"$portother"\"" >> /tmp/gost_config.json 60 | echo "], 61 | \"ChainNodes\": [" >> /tmp/gost_config.json 62 | installnom 63 | installbeforenum=$((++installbeforenum)) 64 | if [ "$installbeforenum" -le "$allinstallbeforenum" ]; then 65 | hasdot="," 66 | else 67 | hasdot= 68 | fi 69 | echo "] 70 | }""$hasdot" >> /tmp/gost_config.json 71 | done 72 | } 73 | 74 | installafter(){ 75 | echo -n "隧道ip(国外ip):" 76 | read outip 77 | echo -n "隧道出口端口(通信端口):" 78 | read outport 79 | echo -n "隧道出口账户:" 80 | read outaccount 81 | echo -n "隧道密码:" 82 | read outpassword 83 | } 84 | 85 | outinstallafter(){ 86 | outip="0.0.0.0" 87 | echo -n "隧道出口端口(通信端口):" 88 | read outport 89 | echo -n "隧道出口账户:" 90 | read outaccount 91 | echo -n "隧道密码:" 92 | read outpassword 93 | } 94 | 95 | installnom(){ 96 | echo "\""$protocol"://"$outaccount":"$outpassword"@"$outip":"$outport""$tlsaddress"\"" >> /tmp/gost_config.json 97 | } 98 | 99 | confstart(){ 100 | echo "{ 101 | \"Debug\": true, 102 | \"Retries\": 0, 103 | \"ServeNodes\": [" >> /tmp/gost_config.json 104 | } 105 | 106 | conflast(){ 107 | echo " ] 108 | }" >> /tmp/gost_config.json 109 | cat /tmp/gost_config.json | jq . > /etc/gost/config.json 110 | rm -f /tmp/gost_config.json 111 | } 112 | 113 | check_inorout(){ 114 | echo -n "请问是国内还是国外[1/2]:" 115 | read inorout 116 | if test $inorout -eq 1;then 117 | ininstall 118 | else 119 | outinstall 120 | fi 121 | } 122 | 123 | check_protocol(){ 124 | echo "请问是哪种安装协议 125 | 1 ws 2 tls 3 https 4 http 126 | 5 kcp 6 h2 7 h2c 8 quic 127 | 9 mws 10 wss 11 mwss 12 relay+tls" 128 | echo "----------" 129 | read numprotocol 130 | case "$numprotocol" in 131 | 1) 132 | protocol=ws 133 | ;; 134 | 2) 135 | protocol=tls 136 | ;; 137 | 3) 138 | protocol=https 139 | ;; 140 | 4) 141 | protocol=http 142 | ;; 143 | 5) 144 | protocol=kcp 145 | ;; 146 | 6) 147 | protocol=h2 148 | ;; 149 | 7) 150 | protocol=h2c 151 | ;; 152 | 8) 153 | protocol=quic 154 | ;; 155 | 9) 156 | protocol=mws 157 | ;; 158 | 10) 159 | protocol=wss 160 | ;; 161 | 11) 162 | protocol=mwss 163 | ;; 164 | 12) 165 | protocol=relay+tls 166 | ;; 167 | *) 168 | echo "$protocol is error" 169 | ;; 170 | esac 171 | } 172 | 173 | outinstall(){ 174 | confstart 175 | check_protocol 176 | outinstallafter 177 | check_outtls 178 | installnom 179 | conflast 180 | } 181 | 182 | ininstall(){ 183 | installbefore 184 | check_outtls 185 | conflast 186 | } 187 | 188 | 189 | checknew(){ 190 | checknew=$(gost -V 2>&1|awk '{print $2}') 191 | check_new_ver 192 | echo "你的gost版本为:"$checknew"" 193 | echo -n 是否更新\(y/n\)\: 194 | read checknewnum 195 | if test $checknewnum = "y";then 196 | Install_ct 197 | else 198 | exit 0 199 | fi 200 | } 201 | 202 | check_sys(){ 203 | if [[ -f /etc/redhat-release ]]; then 204 | release="centos" 205 | elif cat /etc/issue | grep -q -E -i "debian"; then 206 | release="debian" 207 | elif cat /etc/issue | grep -q -E -i "ubuntu"; then 208 | release="ubuntu" 209 | elif cat /etc/issue | grep -q -E -i "centos|red hat|redhat"; then 210 | release="centos" 211 | elif cat /proc/version | grep -q -E -i "debian"; then 212 | release="debian" 213 | elif cat /proc/version | grep -q -E -i "ubuntu"; then 214 | release="ubuntu" 215 | elif cat /proc/version | grep -q -E -i "centos|red hat|redhat"; then 216 | release="centos" 217 | fi 218 | bit=$(uname -m) 219 | if test "$bit" != "x86_64"; then 220 | echo "请输入你的芯片架构,/386/armv5/armv6/armv7/armv8" 221 | read bit 222 | else bit="amd64" 223 | fi 224 | } 225 | 226 | Installation_dependency(){ 227 | gzip_ver=$(gzip -V) 228 | if [[ -z ${gzip_ver} ]]; then 229 | if [[ ${release} == "centos" ]]; then 230 | yum update 231 | yum install -y gzip jq 232 | else 233 | apt-get update 234 | apt-get install -y gzip jq 235 | fi 236 | fi 237 | } 238 | 239 | check_root(){ 240 | [[ $EUID != 0 ]] && echo -e "${Error} 当前非ROOT账号(或没有ROOT权限),无法继续操作,请更换ROOT账号或使用 ${Green_background_prefix}sudo su${Font_color_suffix} 命令获取临时ROOT权限(执行后可能会提示输入当前账号的密码)。" && exit 1 241 | } 242 | 243 | check_new_ver(){ 244 | ct_new_ver=$(wget --no-check-certificate -qO- -t2 -T3 https://api.github.com/repos/ginuerzh/gost/releases/latest| grep "tag_name"| head -n 1| awk -F ":" '{print $2}'| sed 's/\"//g;s/,//g;s/ //g;s/v//g') 245 | if [[ -z ${ct_new_ver} ]]; then 246 | echo -e "${Error} gost 最新版本获取失败,请手动获取最新版本号[ https://github.com/ginuerzh/gost/releases ]" 247 | read -e -p "请输入版本号 [ 格式 x.x.xx , 如 0.8.21 ] :" ct_new_ver 248 | [[ -z "${ct_new_ver}" ]] && echo "取消..." && exit 1 249 | else 250 | echo -e "${Info} gost 目前最新版本为 ${ct_new_ver}" 251 | fi 252 | } 253 | check_file(){ 254 | if test ! -d "/usr/lib/systemd/system/";then 255 | `mkdir /usr/lib/systemd/system` 256 | `chmod -R 777 /usr/lib/systemd/system` 257 | fi 258 | } 259 | check_nor_file(){ 260 | `rm -rf "$(pwd)"/gost` 261 | `rm -rf "$(pwd)"/gost.service` 262 | `rm -rf "$(pwd)"/config.json` 263 | `rm -rf "$(pwd)"/gost.sh` 264 | `rm -rf /etc/gost` 265 | `rm -rf /usr/lib/systemd/system/gost.service` 266 | `rm -rf /usr/bin/gost` 267 | } 268 | 269 | Install_ct(){ 270 | check_root 271 | check_nor_file 272 | Installation_dependency 273 | check_file 274 | check_sys 275 | check_new_ver 276 | `rm -rf gost-linux-"$bit"-"$ct_new_ver".gz` 277 | `wget --no-check-certificate https://github.com/ginuerzh/gost/releases/download/v"$ct_new_ver"/gost-linux-"$bit"-"$ct_new_ver".gz` 278 | `gunzip gost-linux-"$bit"-"$ct_new_ver".gz` 279 | `mv gost-linux-"$bit"-"$ct_new_ver" gost` 280 | `mv gost /usr/bin/gost` 281 | `chmod -R 777 /usr/bin/gost` 282 | `wget --no-check-certificate https://raw.githubusercontent.com/hulisang/Port-forwarding/master/gost.service && chmod -R 777 gost.service && mv gost.service /usr/lib/systemd/system` 283 | `mkdir /etc/gost && wget --no-check-certificate https://raw.githubusercontent.com/hulisang/Port-forwarding/master/config.json && mv config.json /etc/gost && chmod -R 777 /etc/gost` 284 | `systemctl enable gost && systemctl restart gost` 285 | echo "------------------------------" 286 | if test -a /usr/bin/gost -a /usr/lib/systemctl/gost.service -a /etc/gost/config.json;then 287 | echo "gost似乎安装成功" 288 | `rm -rf "$(pwd)"/gost` 289 | `rm -rf "$(pwd)"/gost.service` 290 | `rm -rf "$(pwd)"/config.json` 291 | `rm -rf "$(pwd)"/gost.sh` 292 | else 293 | echo "gost没有安装成功" 294 | `rm -rf "$(pwd)"/gost` 295 | `rm -rf "$(pwd)"/gost.service` 296 | `rm -rf "$(pwd)"/config.json` 297 | `rm -rf "$(pwd)"/gost.sh` 298 | fi 299 | } 300 | 301 | Uninstall_ct(){ 302 | `rm -rf /usr/bin/gost` 303 | `rm -rf /usr/lib/systemd/system/gost.service` 304 | `rm -rf /etc/gost` 305 | `rm -rf "$(pwd)"/gost.sh` 306 | echo "gost已经成功删除" 307 | } 308 | 309 | Start_ct(){ 310 | `systemctl start gost` 311 | echo "已启动" 312 | } 313 | 314 | Stop_ct(){ 315 | `systemctl stop gost` 316 | echo "已停止" 317 | } 318 | 319 | Restart_ct(){ 320 | `systemctl restart gost` 321 | echo "已重启" 322 | } 323 | 324 | echo && echo -e " gost 一键安装脚本 ${Red_font_prefix}[v${sh_ver}]${Font_color_suffix} 更新日期2020/4/21 325 | ---- ------------------------------ ---- 326 | 327 | ${Green_font_prefix}1.${Font_color_suffix} 安装 gost 328 | ${Green_font_prefix}2.${Font_color_suffix} 更新 gost 329 | ${Green_font_prefix}3.${Font_color_suffix} 卸载 gost 330 | ———————————— 331 | ${Green_font_prefix}4.${Font_color_suffix} 启动 gost 332 | ${Green_font_prefix}5.${Font_color_suffix} 停止 gost 333 | ${Green_font_prefix}6.${Font_color_suffix} 重启 gost 334 | ———————————— 335 | ${Green_font_prefix}7.${Font_color_suffix} 配置gost 336 | ${Green_font_prefix}8.${Font_color_suffix} 重新配置gost 337 | ${Green_font_prefix}9.${Font_color_suffix} 输出gost配置 338 | ————————————" && echo 339 | read -e -p " 请输入数字 [1-9]:" num 340 | case "$num" in 341 | 1) 342 | Install_ct 343 | ;; 344 | 2) 345 | checknew 346 | ;; 347 | 3) 348 | Uninstall_ct 349 | ;; 350 | 4) 351 | Start_ct 352 | ;; 353 | 5) 354 | Stop_ct 355 | ;; 356 | 6) 357 | Restart_ct 358 | ;; 359 | 7) 360 | rm -rf /etc/gost/config.json 361 | check_inorout 362 | `systemctl restart gost` 363 | echo "your json" 364 | echo "----------" 365 | cat /etc/gost/config.json 366 | ;; 367 | 8) 368 | rm -rf /etc/gost/config.json 369 | check_inorout 370 | `chmod -R 777 /etc/gost/config.json` 371 | `systemctl restart gost` 372 | echo "your json" 373 | echo "----------" 374 | cat /etc/gost/config.json 375 | ;; 376 | 9) 377 | cat /etc/gost/config.json 378 | ;; 379 | *) 380 | echo "请输入正确数字 [1-9]" 381 | ;; 382 | esac 383 | -------------------------------------------------------------------------------- /brook.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:~/bin 3 | export PATH 4 | 5 | #================================================= 6 | # System Required: CentOS/Debian/Ubuntu 7 | # Description: Brook 8 | # Version: 1.0.0 9 | # Author: Toyo, yulewang(DDNS features) 10 | # Blog: https://doub.io/wlzy-jc37/ 11 | #================================================= 12 | 13 | sh_ver="1.0.0" 14 | filepath=$(cd "$(dirname "$0")"; pwd) 15 | file_1=$(echo -e "${filepath}"|awk -F "$0" '{print $1}') 16 | file="/usr/local/brook-pf" 17 | brook_file="/usr/local/brook-pf/brook" 18 | brook_conf="/usr/local/brook-pf/brook.conf" 19 | brook_log="/usr/local/brook-pf/brook.log" 20 | Crontab_file="/usr/bin/crontab" 21 | 22 | Green_font_prefix="\033[32m" && Red_font_prefix="\033[31m" && Green_background_prefix="\033[42;37m" && Red_background_prefix="\033[41;37m" && Font_color_suffix="\033[0m" 23 | Info="${Green_font_prefix}[信息]${Font_color_suffix}" 24 | Error="${Red_font_prefix}[错误]${Font_color_suffix}" 25 | Tip="${Green_font_prefix}[注意]${Font_color_suffix}" 26 | 27 | check_root(){ 28 | [[ $EUID != 0 ]] && echo -e "${Error} 当前非ROOT账号(或没有ROOT权限),无法继续操作,请更换ROOT账号或使用 ${Green_background_prefix}sudo su${Font_color_suffix} 命令获取临时ROOT权限(执行后可能会提示输入当前账号的密码)。" && exit 1 29 | } 30 | #检查系统 31 | check_sys(){ 32 | if [[ -f /etc/redhat-release ]]; then 33 | release="centos" 34 | elif cat /etc/issue | grep -q -E -i "debian"; then 35 | release="debian" 36 | elif cat /etc/issue | grep -q -E -i "ubuntu"; then 37 | release="ubuntu" 38 | elif cat /etc/issue | grep -q -E -i "centos|red hat|redhat"; then 39 | release="centos" 40 | elif cat /proc/version | grep -q -E -i "debian"; then 41 | release="debian" 42 | elif cat /proc/version | grep -q -E -i "ubuntu"; then 43 | release="ubuntu" 44 | elif cat /proc/version | grep -q -E -i "centos|red hat|redhat"; then 45 | release="centos" 46 | fi 47 | bit=`uname -m` 48 | } 49 | check_installed_status(){ 50 | [[ ! -e ${brook_file} ]] && echo -e "${Error} Brook 没有安装,请检查 !" && exit 1 51 | } 52 | check_crontab_installed_status(){ 53 | if [[ ! -e ${Crontab_file} ]]; then 54 | echo -e "${Error} Crontab 没有安装,开始安装..." 55 | if [[ ${release} == "centos" ]]; then 56 | yum install crond -y 57 | else 58 | apt-get install cron -y 59 | fi 60 | if [[ ! -e ${Crontab_file} ]]; then 61 | echo -e "${Error} Crontab 安装失败,请检查!" && exit 1 62 | else 63 | echo -e "${Info} Crontab 安装成功!" 64 | fi 65 | fi 66 | } 67 | check_pid(){ 68 | PID=$(ps -ef| grep "brook relays"| grep -v grep| grep -v ".sh"| grep -v "init.d"| grep -v "service"| awk '{print $2}') 69 | } 70 | check_new_ver(){ 71 | echo -e "请输入要下载安装的 Brook 版本号 ${Green_font_prefix}[ 格式是日期,例如: v20180909 ]${Font_color_suffix} 72 | 版本列表请去这里获取:${Green_font_prefix}[ https://github.com/txthinking/brook/releases ]${Font_color_suffix}" 73 | read -e -p "直接回车即自动获取:" brook_new_ver 74 | if [[ -z ${brook_new_ver} ]]; then 75 | brook_new_ver=$(wget -qO- https://api.github.com/repos/txthinking/brook/releases| grep "tag_name"| head -n 1| awk -F ":" '{print $2}'| sed 's/\"//g;s/,//g;s/ //g') 76 | [[ -z ${brook_new_ver} ]] && echo -e "${Error} Brook 最新版本获取失败!" && exit 1 77 | echo -e "${Info} 检测到 Brook 最新版本为 [ ${brook_new_ver} ]" 78 | else 79 | echo -e "${Info} 开始下载 Brook [ ${brook_new_ver} ] 版本!" 80 | fi 81 | } 82 | check_ver_comparison(){ 83 | brook_now_ver=$(${brook_file} -v|awk '{print $3}') 84 | [[ -z ${brook_now_ver} ]] && echo -e "${Error} Brook 当前版本获取失败 !" && exit 1 85 | brook_now_ver="v${brook_now_ver}" 86 | if [[ "${brook_now_ver}" != "${brook_new_ver}" ]]; then 87 | echo -e "${Info} 发现 Brook 已有新版本 [ ${brook_new_ver} ],旧版本 [ ${brook_now_ver} ]" 88 | read -e -p "是否更新 ? [Y/n] :" yn 89 | [[ -z "${yn}" ]] && yn="y" 90 | if [[ $yn == [Yy] ]]; then 91 | check_pid 92 | [[ ! -z $PID ]] && kill -9 ${PID} 93 | rm -rf ${brook_file} 94 | Download_brook 95 | Start_brook 96 | fi 97 | else 98 | echo -e "${Info} 当前 Brook 已是最新版本 [ ${brook_new_ver} ]" && exit 1 99 | fi 100 | } 101 | check_domain_ip_change(){ 102 | Modify_success="0" 103 | user_all=$(cat ${brook_conf}|sed '/^\s*$/d') 104 | user_num=$(echo -e "${user_all}"|wc -l) 105 | for((integer = 1; integer <= ${user_num}; integer++)) 106 | do 107 | user_port=$(echo "${user_all}"|sed -n "${integer}p"|awk '{print $1}') 108 | user_ip_pf=$(echo "${user_all}"|sed -n "${integer}p"|awk '{print $2}') 109 | user_port_pf=$(echo "${user_all}"|sed -n "${integer}p"|awk '{print $3}') 110 | user_Enabled_pf=$(echo "${user_all}"|sed -n "${integer}p"|awk '{print $4}') 111 | user_domain_pf=$(echo "${user_all}"|sed -n "${integer}p"|awk '{print $5}') 112 | if [ ! -z "$user_domain_pf" ]; then 113 | ip=`dig +short ${user_domain_pf} | grep -Eo '[0-9\.]{7,15}' | head -1` 114 | if [ -n "$ip" ]; then 115 | echo -e "Check domain IP: $ip" 116 | else 117 | echo -e "${Error} [$(date "+%Y-%m-%d %H:%M:%S %u %Z")] Could not resolve hostname [${user_domain_pf}] !" | tee -a ${brook_log} 118 | continue 119 | fi 120 | 121 | if [[ ${user_ip_pf} != ${ip} ]]; then 122 | echo -e "${user_domain_pf}的IP发生变化, ${user_ip_pf} ===> ${ip}" 123 | echo -e "${Info} [$(date "+%Y-%m-%d %H:%M:%S %u %Z")] ${user_domain_pf}的IP发生变化, ${user_ip_pf} ===> ${ip}" | tee -a ${brook_log} 124 | sed -i -e "s/${user_port} ${user_ip_pf} ${user_port_pf} ${user_Enabled_pf} ${user_domain_pf}/${user_port} ${ip} ${user_port_pf} ${user_Enabled_pf} ${user_domain_pf}/g" ${brook_conf} 125 | Modify_success="1" 126 | else 127 | echo -e "${Info} [$(date "+%Y-%m-%d %H:%M:%S %u %Z")] ${user_domain_pf} 的IP未发生变化: ${ip}" | tee -a ${brook_log} 128 | fi 129 | fi 130 | done 131 | if [[ ${Modify_success} = "1" ]]; then 132 | echo -e "有IP发生了变化,正在重启Brook" 133 | Restart_brook 134 | fi 135 | } 136 | Download_brook(){ 137 | [[ ! -e ${file} ]] && mkdir ${file} 138 | cd ${file} 139 | if [[ ${bit} == "x86_64" ]]; then 140 | wget --no-check-certificate -N "https://github.com/txthinking/brook/releases/download/${brook_new_ver}/brook" 141 | else 142 | wget --no-check-certificate -N "https://github.com/txthinking/brook/releases/download/${brook_new_ver}/brook_linux_386" 143 | mv brook_linux_386 brook 144 | fi 145 | [[ ! -e "brook" ]] && echo -e "${Error} Brook 下载失败 !" && exit 1 146 | chmod +x brook 147 | } 148 | Service_brook(){ 149 | if [[ ${release} = "centos" ]]; then 150 | if ! wget --no-check-certificate https://raw.githubusercontent.com/ToyoDAdoubi/doubi/master/service/brook-pf_centos -O /etc/init.d/brook-pf; then 151 | echo -e "${Error} Brook服务 管理脚本下载失败 !" && exit 1 152 | fi 153 | chmod +x /etc/init.d/brook-pf 154 | chkconfig --add brook-pf 155 | chkconfig brook-pf on 156 | else 157 | if ! wget --no-check-certificate https://raw.githubusercontent.com/ToyoDAdoubi/doubi/master/service/brook-pf_debian -O /etc/init.d/brook-pf; then 158 | echo -e "${Error} Brook服务 管理脚本下载失败 !" && exit 1 159 | fi 160 | chmod +x /etc/init.d/brook-pf 161 | update-rc.d -f brook-pf defaults 162 | fi 163 | echo -e "${Info} Brook服务 管理脚本下载完成 !" 164 | } 165 | Installation_dependency(){ 166 | \cp -f /usr/share/zoneinfo/Asia/Shanghai /etc/localtime 167 | } 168 | Read_config(){ 169 | [[ ! -e ${brook_conf} ]] && echo -e "${Error} Brook 配置文件不存在 !" && exit 1 170 | user_all=$(cat ${brook_conf}) 171 | user_all_num=$(echo "${user_all}"|wc -l) 172 | [[ -z ${user_all} ]] && echo -e "${Error} Brook 配置文件中用户配置为空 !" && exit 1 173 | } 174 | Set_pf_Enabled(){ 175 | echo -e "立即启用该端口转发,还是禁用? [Y/n]" 176 | read -e -p "(默认: Y 启用):" pf_Enabled_un 177 | [[ -z ${pf_Enabled_un} ]] && pf_Enabled_un="y" 178 | if [[ ${pf_Enabled_un} == [Yy] ]]; then 179 | bk_Enabled="1" 180 | else 181 | bk_Enabled="0" 182 | fi 183 | } 184 | Set_port_Modify(){ 185 | while true 186 | do 187 | echo -e "请选择并输入要修改的 Brook 端口转发本地监听端口 [1-65535]" 188 | read -e -p "(默认取消):" bk_port_Modify 189 | [[ -z "${bk_port_Modify}" ]] && echo "取消..." && exit 1 190 | echo $((${bk_port_Modify}+0)) &>/dev/null 191 | if [[ $? -eq 0 ]]; then 192 | if [[ ${bk_port_Modify} -ge 1 ]] && [[ ${bk_port_Modify} -le 65535 ]]; then 193 | check_port "${bk_port_Modify}" 194 | if [[ $? == 0 ]]; then 195 | break 196 | else 197 | echo -e "${Error} 该本地监听端口不存在 [${bk_port_Modify}] !" 198 | fi 199 | else 200 | echo "输入错误, 请输入正确的端口。" 201 | fi 202 | else 203 | echo "输入错误, 请输入正确的端口。" 204 | fi 205 | done 206 | } 207 | Set_port(){ 208 | while true 209 | do 210 | echo -e "请输入 Brook 本地监听端口 [1-65535](端口不能重复,避免冲突)" 211 | read -e -p "(默认取消):" bk_port 212 | [[ -z "${bk_port}" ]] && echo "已取消..." && exit 1 213 | echo $((${bk_port}+0)) &>/dev/null 214 | if [[ $? -eq 0 ]]; then 215 | if [[ ${bk_port} -ge 1 ]] && [[ ${bk_port} -le 65535 ]]; then 216 | echo && echo "========================" 217 | echo -e " 本地监听端口 : ${Red_background_prefix} ${bk_port} ${Font_color_suffix}" 218 | echo "========================" && echo 219 | break 220 | else 221 | echo "输入错误, 请输入正确的端口。" 222 | fi 223 | else 224 | echo "输入错误, 请输入正确的端口。" 225 | fi 226 | done 227 | } 228 | Set_IP_pf(){ 229 | echo "请输入被转发的 IP :" 230 | read -e -p "(默认取消):" bk_ip_pf 231 | [[ -z "${bk_ip_pf}" ]] && echo "已取消..." && exit 1 232 | echo && echo "========================" 233 | echo -e " 被转发IP : ${Red_background_prefix} ${bk_ip_pf} ${Font_color_suffix}" 234 | echo "========================" && echo 235 | } 236 | Set_DOMAIN_pf(){ 237 | echo "请输入被转发的 域名 :" 238 | read -e -p "(默认取消):" bk_domain_pf 239 | [[ -z "${bk_domain_pf}" ]] && echo "已取消..." && exit 1 240 | echo && echo "========================" 241 | echo -e " 被转发域名 : ${Red_background_prefix} ${bk_domain_pf} ${Font_color_suffix}" 242 | echo "========================" && echo 243 | } 244 | Set_port_pf(){ 245 | while true 246 | do 247 | echo -e "请输入 Brook 被转发的端口 [1-65535]" 248 | read -e -p "(默认取消):" bk_port_pf 249 | [[ -z "${bk_port_pf}" ]] && echo "已取消..." && exit 1 250 | echo $((${bk_port_pf}+0)) &>/dev/null 251 | if [[ $? -eq 0 ]]; then 252 | if [[ ${bk_port_pf} -ge 1 ]] && [[ ${bk_port_pf} -le 65535 ]]; then 253 | echo && echo "========================" 254 | echo -e " 被转发端口 : ${Red_background_prefix} ${bk_port_pf} ${Font_color_suffix}" 255 | echo "========================" && echo 256 | break 257 | else 258 | echo "输入错误, 请输入正确的端口。" 259 | fi 260 | else 261 | echo "输入错误, 请输入正确的端口。" 262 | fi 263 | done 264 | } 265 | Set_brook(){ 266 | check_installed_status 267 | echo && echo -e "你要做什么? 268 | ${Green_font_prefix}0.${Font_color_suffix} 添加 端口转发(域名) 269 | ${Green_font_prefix}1.${Font_color_suffix} 添加 端口转发 270 | ${Green_font_prefix}2.${Font_color_suffix} 删除 端口转发 271 | ${Green_font_prefix}3.${Font_color_suffix} 修改 端口转发 272 | ${Green_font_prefix}4.${Font_color_suffix} 启用/禁用 端口转发 273 | 274 | ${Tip} 本地监听端口不能重复,被转发的IP或端口可重复!" && echo 275 | read -e -p "(默认: 取消):" bk_modify 276 | [[ -z "${bk_modify}" ]] && echo "已取消..." && exit 1 277 | if [[ ${bk_modify} == "1" ]]; then 278 | Add_pf 279 | elif [[ ${bk_modify} == "2" ]]; then 280 | Del_pf 281 | elif [[ ${bk_modify} == "3" ]]; then 282 | Modify_pf 283 | elif [[ ${bk_modify} == "4" ]]; then 284 | Modify_Enabled_pf 285 | elif [[ ${bk_modify} == "0" ]]; then 286 | Add_pf_with_domin 287 | else 288 | echo -e "${Error} 请输入正确的数字(0-4)" && exit 1 289 | fi 290 | } 291 | check_port(){ 292 | check_port_1=$1 293 | user_all=$(cat ${brook_conf}|sed '1d;/^\s*$/d') 294 | #[[ -z "${user_all}" ]] && echo -e "${Error} Brook 配置文件中用户配置为空 !" && exit 1 295 | check_port_statu=$(echo "${user_all}"|awk '{print $1}'|grep -w "${check_port_1}") 296 | if [[ ! -z "${check_port_statu}" ]]; then 297 | return 0 298 | else 299 | return 1 300 | fi 301 | } 302 | list_port(){ 303 | port_Type=$1 304 | user_all=$(cat ${brook_conf}|sed '/^\s*$/d') 305 | if [[ -z "${user_all}" ]]; then 306 | if [[ "${port_Type}" == "ADD" ]]; then 307 | echo -e "${Info} 目前 Brook 配置文件中用户配置为空。" 308 | else 309 | echo -e "${Info} 目前 Brook 配置文件中用户配置为空。" && exit 1 310 | fi 311 | else 312 | user_num=$(echo -e "${user_all}"|wc -l) 313 | for((integer = 1; integer <= ${user_num}; integer++)) 314 | do 315 | user_port=$(echo "${user_all}"|sed -n "${integer}p"|awk '{print $1}') 316 | user_ip_pf=$(echo "${user_all}"|sed -n "${integer}p"|awk '{print $2}') 317 | user_port_pf=$(echo "${user_all}"|sed -n "${integer}p"|awk '{print $3}') 318 | user_Enabled_pf=$(echo "${user_all}"|sed -n "${integer}p"|awk '{print $4}') 319 | if [[ ${user_Enabled_pf} == "0" ]]; then 320 | user_Enabled_pf_1="${Red_font_prefix}禁用${Font_color_suffix}" 321 | else 322 | user_Enabled_pf_1="${Green_font_prefix}启用${Font_color_suffix}" 323 | fi 324 | user_list_all=${user_list_all}"本地监听端口: ${Green_font_prefix}"${user_port}"${Font_color_suffix}\t 被转发IP: ${Green_font_prefix}"${user_ip_pf}"${Font_color_suffix}\t 被转发端口: ${Green_font_prefix}"${user_port_pf}"${Font_color_suffix}\t 状态: ${user_Enabled_pf_1}\n" 325 | user_IP="" 326 | done 327 | ip=$(wget -qO- -t1 -T2 ipinfo.io/ip) 328 | if [[ -z "${ip}" ]]; then 329 | ip=$(wget -qO- -t1 -T2 api.ip.sb/ip) 330 | if [[ -z "${ip}" ]]; then 331 | ip=$(wget -qO- -t1 -T2 members.3322.org/dyndns/getip) 332 | if [[ -z "${ip}" ]]; then 333 | ip="VPS_IP" 334 | fi 335 | fi 336 | fi 337 | echo -e "当前端口转发总数: ${Green_background_prefix} "${user_num}" ${Font_color_suffix} 当前服务器IP: ${Green_background_prefix} "${ip}" ${Font_color_suffix}" 338 | echo -e "${user_list_all}" 339 | echo -e "========================\n" 340 | fi 341 | } 342 | Add_pf_with_domin(){ 343 | while true 344 | do 345 | list_port "ADD" 346 | Set_port 347 | check_port "${bk_port}" 348 | [[ $? == 0 ]] && echo -e "${Error} 该本地监听端口已使用 [${bk_port}] !" && exit 1 349 | Set_DOMAIN_pf 350 | Set_port_pf 351 | Set_pf_Enabled 352 | Resolve_Hostname_To_IP 353 | echo "${bk_port} ${ip} ${bk_port_pf} ${bk_Enabled} ${bk_domain_pf}" >> ${brook_conf} 354 | Add_success=$(cat ${brook_conf}| grep ${bk_port}) 355 | if [[ -z "${Add_success}" ]]; then 356 | echo -e "${Error} 端口转发 添加失败 ${Green_font_prefix}[端口: ${bk_port} 被转发域名和端口: ${ip}:${bk_port_pf}]${Font_color_suffix} " 357 | break 358 | else 359 | Add_iptables 360 | Save_iptables 361 | echo -e "${Info} 端口转发 添加成功 ${Green_font_prefix}[端口: ${bk_port} 被转发域名和端口: ${ip}:${bk_port_pf}]${Font_color_suffix}\n" 362 | read -e -p "是否继续 添加端口转发配置?[Y/n]:" addyn 363 | [[ -z ${addyn} ]] && addyn="y" 364 | if [[ ${addyn} == [Nn] ]]; then 365 | Restart_brook 366 | break 367 | else 368 | echo -e "${Info} 继续 添加端口转发配置..." 369 | user_list_all="" 370 | fi 371 | fi 372 | done 373 | } 374 | Add_pf(){ 375 | while true 376 | do 377 | list_port "ADD" 378 | Set_port 379 | check_port "${bk_port}" 380 | [[ $? == 0 ]] && echo -e "${Error} 该本地监听端口已使用 [${bk_port}] !" && exit 1 381 | Set_IP_pf 382 | Set_port_pf 383 | Set_pf_Enabled 384 | echo "${bk_port} ${bk_ip_pf} ${bk_port_pf} ${bk_Enabled}" >> ${brook_conf} 385 | Add_success=$(cat ${brook_conf}| grep ${bk_port}) 386 | if [[ -z "${Add_success}" ]]; then 387 | echo -e "${Error} 端口转发 添加失败 ${Green_font_prefix}[端口: ${bk_port} 被转发IP和端口: ${bk_ip_pf}:${bk_port_pf}]${Font_color_suffix} " 388 | break 389 | else 390 | Add_iptables 391 | Save_iptables 392 | echo -e "${Info} 端口转发 添加成功 ${Green_font_prefix}[端口: ${bk_port} 被转发IP和端口: ${bk_ip_pf}:${bk_port_pf}]${Font_color_suffix}\n" 393 | read -e -p "是否继续 添加端口转发配置?[Y/n]:" addyn 394 | [[ -z ${addyn} ]] && addyn="y" 395 | if [[ ${addyn} == [Nn] ]]; then 396 | Restart_brook 397 | break 398 | else 399 | echo -e "${Info} 继续 添加端口转发配置..." 400 | user_list_all="" 401 | fi 402 | fi 403 | done 404 | } 405 | Del_pf(){ 406 | while true 407 | do 408 | list_port 409 | Set_port 410 | check_port "${bk_port}" 411 | [[ $? == 1 ]] && echo -e "${Error} 该本地监听端口不存在 [${bk_port}] !" && exit 1 412 | sed -i "/^${bk_port} /d" ${brook_conf} 413 | Del_success=$(cat ${brook_conf}| grep ${bk_port}) 414 | if [[ ! -z "${Del_success}" ]]; then 415 | echo -e "${Error} 端口转发 删除失败 ${Green_font_prefix}[端口: ${bk_port}]${Font_color_suffix} " 416 | break 417 | else 418 | port=${bk_port} 419 | Del_iptables 420 | Save_iptables 421 | echo -e "${Info} 端口转发 删除成功 ${Green_font_prefix}[端口: ${bk_port}]${Font_color_suffix}\n" 422 | port_num=$(cat ${brook_conf}|sed '/^\s*$/d'|wc -l) 423 | if [[ ${port_num} == 0 ]]; then 424 | echo -e "${Error} 已无任何端口 !" 425 | check_pid 426 | if [[ ! -z ${PID} ]]; then 427 | Stop_brook 428 | fi 429 | break 430 | else 431 | read -e -p "是否继续 删除端口转发配置?[Y/n]:" delyn 432 | [[ -z ${delyn} ]] && delyn="y" 433 | if [[ ${delyn} == [Nn] ]]; then 434 | Restart_brook 435 | break 436 | else 437 | echo -e "${Info} 继续 删除端口转发配置..." 438 | user_list_all="" 439 | fi 440 | fi 441 | fi 442 | done 443 | } 444 | Modify_pf(){ 445 | list_port 446 | Set_port_Modify 447 | echo -e "\n${Info} 开始输入新端口... \n" 448 | Set_port 449 | check_port "${bk_port}" 450 | [[ $? == 0 ]] && echo -e "${Error} 该端口已存在 [${bk_port}] !" && exit 1 451 | Set_IP_pf 452 | Set_port_pf 453 | sed -i "/^${bk_port_Modify} /d" ${brook_conf} 454 | Set_pf_Enabled 455 | echo "${bk_port} ${bk_ip_pf} ${bk_port_pf} ${bk_Enabled}" >> ${brook_conf} 456 | Modify_success=$(cat ${brook_conf}| grep "${bk_port} ${bk_ip_pf} ${bk_port_pf} ${bk_Enabled}") 457 | if [[ -z "${Modify_success}" ]]; then 458 | echo -e "${Error} 端口转发 修改失败 ${Green_font_prefix}[端口: ${bk_port} 被转发IP和端口: ${bk_ip_pf}:${bk_port_pf}]${Font_color_suffix}" 459 | exit 1 460 | else 461 | port=${bk_port_Modify} 462 | Del_iptables 463 | Add_iptables 464 | Save_iptables 465 | Restart_brook 466 | echo -e "${Info} 端口转发 修改成功 ${Green_font_prefix}[端口: ${bk_port} 被转发IP和端口: ${bk_ip_pf}:${bk_port_pf}]${Font_color_suffix}\n" 467 | fi 468 | } 469 | Modify_Enabled_pf(){ 470 | list_port 471 | Set_port_Modify 472 | user_pf_text=$(cat ${brook_conf}|sed '/^\s*$/d'|grep "${bk_port_Modify}") 473 | user_port_text=$(echo ${user_pf_text}|awk '{print $1}') 474 | user_ip_pf_text=$(echo ${user_pf_text}|awk '{print $2}') 475 | user_port_pf_text=$(echo ${user_pf_text}|awk '{print $3}') 476 | user_Enabled_pf_text=$(echo ${user_pf_text}|awk '{print $4}') 477 | if [[ ${user_Enabled_pf_text} == "0" ]]; then 478 | echo -e "该端口转发已${Red_font_prefix}禁用${Font_color_suffix},是否${Green_font_prefix}启用${Font_color_suffix}? [Y/n]" 479 | read -e -p "(默认: Y 启用):" user_Enabled_pf_text_un 480 | [[ -z ${user_Enabled_pf_text_un} ]] && user_Enabled_pf_text_un="y" 481 | if [[ ${user_Enabled_pf_text_un} == [Yy] ]]; then 482 | user_Enabled_pf_text_1="1" 483 | sed -i "/^${bk_port_Modify} /d" ${brook_conf} 484 | echo "${user_port_text} ${user_ip_pf_text} ${user_port_pf_text} ${user_Enabled_pf_text_1}" >> ${brook_conf} 485 | Modify_Enabled_success=$(cat ${brook_conf}| grep "${user_port_text} ${user_ip_pf_text} ${user_port_pf_text} ${user_Enabled_pf_text_1}") 486 | if [[ -z "${Modify_Enabled_success}" ]]; then 487 | echo -e "${Error} 端口转发 启用失败 ${Green_font_prefix}[端口: ${user_port_text} 被转发IP和端口: ${user_ip_pf_text}:${user_port_pf_text}]${Font_color_suffix}" 488 | exit 1 489 | else 490 | echo -e "${Info} 端口转发 启用成功 ${Green_font_prefix}[端口: ${user_port_text} 被转发IP和端口: ${user_ip_pf_text}:${user_port_pf_text}]${Font_color_suffix}\n" 491 | Restart_brook 492 | fi 493 | else 494 | echo "已取消..." && exit 0 495 | fi 496 | else 497 | echo -e "该端口转发已${Green_font_prefix}启用${Font_color_suffix},是否${Red_font_prefix}禁用${Font_color_suffix}? [Y/n]" 498 | read -e -p "(默认: Y 禁用):" user_Enabled_pf_text_un 499 | [[ -z ${user_Enabled_pf_text_un} ]] && user_Enabled_pf_text_un="y" 500 | if [[ ${user_Enabled_pf_text_un} == [Yy] ]]; then 501 | user_Enabled_pf_text_1="0" 502 | sed -i "/^${bk_port_Modify} /d" ${brook_conf} 503 | echo "${user_port_text} ${user_ip_pf_text} ${user_port_pf_text} ${user_Enabled_pf_text_1}" >> ${brook_conf} 504 | Modify_Enabled_success=$(cat ${brook_conf}| grep "${user_port_text} ${user_ip_pf_text} ${user_port_pf_text} ${user_Enabled_pf_text_1}") 505 | if [[ -z "${Modify_Enabled_success}" ]]; then 506 | echo -e "${Error} 端口转发 禁用失败 ${Green_font_prefix}[端口: ${user_port_text} 被转发IP和端口: ${user_ip_pf_text}:${user_port_pf_text}]${Font_color_suffix}" 507 | exit 1 508 | else 509 | echo -e "${Info} 端口转发 禁用成功 ${Green_font_prefix}[端口: ${user_port_text} 被转发IP和端口: ${user_ip_pf_text}:${user_port_pf_text}]${Font_color_suffix}\n" 510 | Restart_brook 511 | fi 512 | else 513 | echo "已取消..." && exit 0 514 | fi 515 | fi 516 | } 517 | Install_brook(){ 518 | check_root 519 | [[ -e ${brook_file} ]] && echo -e "${Error} 检测到 Brook 已安装 !" && exit 1 520 | echo -e "${Info} 开始安装/配置 依赖..." 521 | Installation_dependency 522 | echo -e "${Info} 开始检测最新版本..." 523 | check_new_ver 524 | echo -e "${Info} 开始下载/安装..." 525 | Download_brook 526 | echo -e "${Info} 开始下载/安装 服务脚本(init)..." 527 | Service_brook 528 | echo -e "${Info} 开始写入 配置文件..." 529 | echo "" > ${brook_conf} 530 | echo -e "${Info} 开始设置 iptables防火墙..." 531 | Set_iptables 532 | echo -e "${Info} Brook 安装完成!默认配置文件为空,请选择 [7.设置 Brook 端口转发 - 1.添加 端口转发] 来添加端口转发。" 533 | } 534 | Start_brook(){ 535 | check_installed_status 536 | check_pid 537 | [[ ! -z ${PID} ]] && echo -e "${Error} Brook 正在运行,请检查 !" && exit 1 538 | /etc/init.d/brook-pf start 539 | } 540 | Stop_brook(){ 541 | check_installed_status 542 | check_pid 543 | [[ -z ${PID} ]] && echo -e "${Error} Brook 没有运行,请检查 !" && exit 1 544 | /etc/init.d/brook-pf stop 545 | } 546 | Restart_brook(){ 547 | check_installed_status 548 | check_pid 549 | [[ ! -z ${PID} ]] && /etc/init.d/brook-pf stop 550 | /etc/init.d/brook-pf start 551 | } 552 | Update_brook(){ 553 | check_installed_status 554 | echo && echo -e "请选择你的服务器是国内还是国外 555 | ${Green_font_prefix}1.${Font_color_suffix} 国内服务器(逗比云) 556 | ${Green_font_prefix}2.${Font_color_suffix} 国外服务器(Github) 557 | 558 | ${Tip} 因为国内对 Github 限速,这会导致国内服务器下载速度极慢,所以选择 国内服务器 选项就会从我的 逗比云 下载!" && echo 559 | read -e -p "(默认: 2 国外服务器):" bk_Download 560 | [[ -z "${bk_Download}" ]] && bk_Download="2" 561 | if [[ ${bk_Download} == "1" ]]; then 562 | Download_type="1" 563 | else 564 | Download_type="2" 565 | fi 566 | check_new_ver 567 | check_ver_comparison 568 | } 569 | Uninstall_brook(){ 570 | check_installed_status 571 | echo -e "确定要卸载 Brook ? [y/N]\n" 572 | read -e -p "(默认: n):" unyn 573 | [[ -z ${unyn} ]] && unyn="n" 574 | if [[ ${unyn} == [Yy] ]]; then 575 | check_pid 576 | [[ ! -z $PID ]] && kill -9 ${PID} 577 | if [[ -e ${brook_conf} ]]; then 578 | user_all=$(cat ${brook_conf}|sed '/^\s*$/d') 579 | user_all_num=$(echo "${user_all}"|wc -l) 580 | if [[ ! -z ${user_all} ]]; then 581 | for((integer = 1; integer <= ${user_all_num}; integer++)) 582 | do 583 | port=$(echo "${user_all}"|sed -n "${integer}p"|awk '{print $1}') 584 | Del_iptables 585 | done 586 | Save_iptables 587 | fi 588 | fi 589 | if [[ ! -z $(crontab -l | grep "brook.sh monitor") ]]; then 590 | crontab_monitor_brook_cron_stop 591 | fi 592 | rm -rf ${file} 593 | if [[ ${release} = "centos" ]]; then 594 | chkconfig --del brook-pf 595 | else 596 | update-rc.d -f brook-pf remove 597 | fi 598 | rm -rf /etc/init.d/brook-pf 599 | echo && echo "Brook 卸载完成 !" && echo 600 | else 601 | echo && echo "卸载已取消..." && echo 602 | fi 603 | } 604 | View_Log(){ 605 | check_installed_status 606 | [[ ! -e ${brook_log} ]] && echo -e "${Error} Brook 日志文件不存在 !" && exit 1 607 | echo && echo -e "${Tip} 按 ${Red_font_prefix}Ctrl+C${Font_color_suffix} 终止查看日志(正常情况是没有使用日志记录的)" && echo -e "如果需要查看完整日志内容,请用 ${Red_font_prefix}cat ${brook_log}${Font_color_suffix} 命令。" && echo 608 | tail -f ${brook_log} 609 | } 610 | Set_crontab_monitor_brook(){ 611 | check_installed_status 612 | check_crontab_installed_status 613 | crontab_monitor_brook_status=$(crontab -l|grep "brook.sh monitor") 614 | if [[ -z "${crontab_monitor_brook_status}" ]]; then 615 | echo && echo -e "当前监控模式: ${Green_font_prefix}未开启${Font_color_suffix}" && echo 616 | echo -e "确定要开启 ${Green_font_prefix}Brook 服务端运行状态监控${Font_color_suffix} 功能吗?(当进程关闭则自动启动 Brook 服务端)[Y/n]" 617 | read -e -p "(默认: y):" crontab_monitor_brook_status_ny 618 | [[ -z "${crontab_monitor_brook_status_ny}" ]] && crontab_monitor_brook_status_ny="y" 619 | if [[ ${crontab_monitor_brook_status_ny} == [Yy] ]]; then 620 | crontab_monitor_brook_cron_start 621 | else 622 | echo && echo " 已取消..." && echo 623 | fi 624 | else 625 | echo && echo -e "当前监控模式: ${Green_font_prefix}已开启${Font_color_suffix}" && echo 626 | echo -e "确定要关闭 ${Green_font_prefix}Brook 服务端运行状态监控${Font_color_suffix} 功能吗?(当进程关闭则自动启动 Brook 服务端)[y/N]" 627 | read -e -p "(默认: n):" crontab_monitor_brook_status_ny 628 | [[ -z "${crontab_monitor_brook_status_ny}" ]] && crontab_monitor_brook_status_ny="n" 629 | if [[ ${crontab_monitor_brook_status_ny} == [Yy] ]]; then 630 | crontab_monitor_brook_cron_stop 631 | else 632 | echo && echo " 已取消..." && echo 633 | fi 634 | fi 635 | } 636 | crontab_monitor_brook_cron_start(){ 637 | crontab -l > "$file_1/crontab.bak" 638 | sed -i "/brook.sh monitor/d" "$file_1/crontab.bak" 639 | echo -e "\n*/2 * * * * /bin/bash $file_1/brook.sh monitor" >> "$file_1/crontab.bak" 640 | crontab "$file_1/crontab.bak" 641 | rm -r "$file_1/crontab.bak" 642 | cron_config=$(crontab -l | grep "brook.sh monitor") 643 | if [[ -z ${cron_config} ]]; then 644 | echo -e "${Error} Brook 服务端运行状态监控功能 启动失败 !" && exit 1 645 | else 646 | echo -e "${Info} Brook 服务端运行状态监控功能 启动成功 !" 647 | fi 648 | } 649 | crontab_monitor_brook_cron_stop(){ 650 | crontab -l > "$file_1/crontab.bak" 651 | sed -i "/brook.sh monitor/d" "$file_1/crontab.bak" 652 | crontab "$file_1/crontab.bak" 653 | rm -r "$file_1/crontab.bak" 654 | cron_config=$(crontab -l | grep "brook.sh monitor") 655 | if [[ ! -z ${cron_config} ]]; then 656 | echo -e "${Error} Brook 服务端运行状态监控功能 停止失败 !" && exit 1 657 | else 658 | echo -e "${Info} Brook 服务端运行状态监控功能 停止成功 !" 659 | fi 660 | } 661 | crontab_monitor_brook(){ 662 | check_domain_ip_change 663 | check_installed_status 664 | check_pid 665 | echo "${PID}" 666 | if [[ -z ${PID} ]]; then 667 | echo -e "${Error} [$(date "+%Y-%m-%d %H:%M:%S %u %Z")] 检测到 Brook服务端 未运行 , 开始启动..." | tee -a ${brook_log} 668 | /etc/init.d/brook-pf start 669 | sleep 1s 670 | check_pid 671 | if [[ -z ${PID} ]]; then 672 | echo -e "${Error} [$(date "+%Y-%m-%d %H:%M:%S %u %Z")] Brook服务端 启动失败..." | tee -a ${brook_log} 673 | else 674 | echo -e "${Info} [$(date "+%Y-%m-%d %H:%M:%S %u %Z")] Brook服务端 启动成功..." | tee -a ${brook_log} 675 | fi 676 | else 677 | echo -e "${Info} [$(date "+%Y-%m-%d %H:%M:%S %u %Z")] Brook服务端 进程运行正常..." | tee -a ${brook_log} 678 | fi 679 | } 680 | Add_iptables(){ 681 | iptables -I INPUT -m state --state NEW -m tcp -p tcp --dport ${bk_port} -j ACCEPT 682 | iptables -I INPUT -m state --state NEW -m udp -p udp --dport ${bk_port} -j ACCEPT 683 | } 684 | Del_iptables(){ 685 | iptables -D INPUT -m state --state NEW -m tcp -p tcp --dport ${port} -j ACCEPT 686 | iptables -D INPUT -m state --state NEW -m udp -p udp --dport ${port} -j ACCEPT 687 | } 688 | Save_iptables(){ 689 | if [[ ${release} == "centos" ]]; then 690 | service iptables save 691 | else 692 | iptables-save > /etc/iptables.up.rules 693 | fi 694 | } 695 | Set_iptables(){ 696 | if [[ ${release} == "centos" ]]; then 697 | service iptables save 698 | chkconfig --level 2345 iptables on 699 | else 700 | iptables-save > /etc/iptables.up.rules 701 | echo -e '#!/bin/bash\n/sbin/iptables-restore < /etc/iptables.up.rules' > /etc/network/if-pre-up.d/iptables 702 | chmod +x /etc/network/if-pre-up.d/iptables 703 | fi 704 | } 705 | Resolve_Hostname_To_IP(){ 706 | ip=`dig +short $bk_domain_pf` 707 | if [ -n "$ip" ]; then 708 | echo -e " IP: $ip" 709 | else 710 | echo -e "${Error} Could not resolve hostname [${bk_domain_pf}] !" && exit 1 711 | fi 712 | } 713 | Update_Shell(){ 714 | sh_new_ver=$(wget --no-check-certificate -qO- -t1 -T3 "https://raw.githubusercontent.com/yulewang/brook/master/brook.sh"|grep 'sh_ver="'|awk -F "=" '{print $NF}'|sed 's/\"//g'|head -1) && sh_new_type="github" 715 | [[ -z ${sh_new_ver} ]] && echo -e "${Error} 无法链接到 Github !" && exit 0 716 | if [[ -e "/etc/init.d/brook-pf" ]]; then 717 | rm -rf /etc/init.d/brook-pf 718 | Service_brook 719 | fi 720 | wget -N --no-check-certificate "https://raw.githubusercontent.com/yulewang/brook/master/brook.sh" && chmod +x brook.sh 721 | echo -e "脚本已更新为最新版本[ ${sh_new_ver} ] !(注意:因为更新方式为直接覆盖当前运行的脚本,所以可能下面会提示一些报错,无视即可)" && exit 0 722 | } 723 | check_sys 724 | action=$1 725 | if [[ "${action}" == "monitor" ]]; then 726 | crontab_monitor_brook 727 | else 728 | echo && echo -e " Brook 端口转发 一键管理脚本修改版(DDNS支持) ${Red_font_prefix}[v${sh_ver}]${Font_color_suffix} 729 | 730 | ${Green_font_prefix} 0.${Font_color_suffix} 升级脚本 731 | ———————————— 732 | ${Green_font_prefix} 1.${Font_color_suffix} 安装 Brook 733 | ${Green_font_prefix} 2.${Font_color_suffix} 更新 Brook 734 | ${Green_font_prefix} 3.${Font_color_suffix} 卸载 Brook 735 | ———————————— 736 | ${Green_font_prefix} 4.${Font_color_suffix} 启动 Brook 737 | ${Green_font_prefix} 5.${Font_color_suffix} 停止 Brook 738 | ${Green_font_prefix} 6.${Font_color_suffix} 重启 Brook 739 | ———————————— 740 | ${Green_font_prefix} 7.${Font_color_suffix} 设置 Brook 端口转发 741 | ${Green_font_prefix} 8.${Font_color_suffix} 查看 Brook 端口转发 742 | ${Green_font_prefix} 9.${Font_color_suffix} 查看 Brook 日志 743 | ${Green_font_prefix}10.${Font_color_suffix} 监控 Brook 运行状态(如果使用ddns必须打开) 744 | ————————————" && echo 745 | if [[ -e ${brook_file} ]]; then 746 | check_pid 747 | if [[ ! -z "${PID}" ]]; then 748 | echo -e " 当前状态: ${Green_font_prefix}已安装${Font_color_suffix} 并 ${Green_font_prefix}已启动${Font_color_suffix}" 749 | else 750 | echo -e " 当前状态: ${Green_font_prefix}已安装${Font_color_suffix} 但 ${Red_font_prefix}未启动${Font_color_suffix}" 751 | fi 752 | else 753 | echo -e " 当前状态: ${Red_font_prefix}未安装${Font_color_suffix}" 754 | fi 755 | echo 756 | read -e -p " 请输入数字 [0-10]:" num 757 | case "$num" in 758 | 0) 759 | Update_Shell 760 | ;; 761 | 1) 762 | Install_brook 763 | ;; 764 | 2) 765 | Update_brook 766 | ;; 767 | 3) 768 | Uninstall_brook 769 | ;; 770 | 4) 771 | Start_brook 772 | ;; 773 | 5) 774 | Stop_brook 775 | ;; 776 | 6) 777 | Restart_brook 778 | ;; 779 | 7) 780 | Set_brook 781 | ;; 782 | 8) 783 | check_installed_status 784 | list_port 785 | ;; 786 | 9) 787 | View_Log 788 | ;; 789 | 10) 790 | Set_crontab_monitor_brook 791 | ;; 792 | *) 793 | echo "请输入正确数字 [0-10]" 794 | ;; 795 | esac 796 | fi --------------------------------------------------------------------------------