├── .editorconfig ├── .github └── ISSUE_TEMPLATE │ └── bug-report-----.md ├── .gitignore ├── DNS.md ├── HOWTOUSEGO.md ├── KERNEL.md ├── KERNEL_CN.md ├── LICENSE ├── README.md ├── README2.md ├── README2_CN.md ├── READMEOLD.md ├── TOOL.md ├── TOOL_CN.md ├── acuteangle ├── autorun ├── boot1.jpg ├── boot2.jpg ├── boot3.jpg ├── date.sh ├── img1.jpg ├── img2.jpg ├── img3.jpg ├── img32.jpg ├── img33.jpg ├── img4.jpg ├── local1.jpg ├── local2.jpg ├── mosdns1.jpg ├── mosdns2.jpg ├── pve1.jpg ├── pve2.jpg ├── pve3.jpg ├── pve9.jpg ├── readme.md ├── setup1.jpg ├── setup2.jpg ├── vm1.jpg ├── vm2.jpg ├── vm3.jpg └── zip1.png ├── bench.sh ├── docs ├── cfcheck1.png ├── cfcheck2.png ├── cfcheck3.png ├── chrome1.png ├── chrome2.png ├── chrome3.png ├── cloudflare1.jpg ├── debian.jpg ├── dns1.png ├── dns2.png ├── dns3.png ├── firefox1.png ├── firefox2.png ├── firefox3.png ├── firefoxesni1.png ├── firefoxesni2.png ├── firefoxesni3.png ├── go1.png ├── go2.png ├── gov1.png ├── gov2.png ├── gov3.png ├── gov5.png ├── gov6.png ├── grpc.png ├── https1.png ├── kernel.png ├── mosdns1.png ├── mosdns2.png ├── mosdns3.png ├── mosdns4.png ├── mosdns5.png ├── mosdns6.png ├── netflix1.png ├── pve1.png ├── pve2.png ├── readme.png ├── readme2.png ├── readme2_en.png ├── readme3.png ├── readme3_en.png ├── readme4.png ├── readme_en.png ├── ubuntu.png ├── v2board1.png └── v2board1_en.png ├── download ├── lzma.py ├── mitm-vip-unlocker-x86_64-linux-musl.zip ├── mosdns │ ├── cn.dat │ ├── geoip.dat │ ├── geosite.dat │ ├── luci-app-mosdns_git-22.142.44511-c664869_all.ipk │ ├── mosdns_cee9e6d-55_x86_64.ipk │ ├── v2ray-geoip_202204210050-4_all.ipk │ └── v2ray-geosite_20220425025949-4_all.ipk ├── trojan-mac.zip ├── trojan-qt5.zip ├── trojan-win-cli.zip ├── v2ray-android.zip ├── v2ray-mac.zip ├── v2ray-windows.zip ├── website.zip └── website2.zip ├── dsm ├── FixSynoboot.sh ├── ch_cpuinfo ├── frpc-noarch_v0.35.0.spk ├── img2kvm ├── libsynonvme.so.1 ├── mosdns.yaml ├── openwrt.sh ├── pve.sh └── readme.md ├── install_kernel.sh ├── linux_install_software.sh ├── netflix_check.sh └── trojan_v2ray_install.sh /.editorconfig: -------------------------------------------------------------------------------- 1 | # EditorConfig is awesome: https://EditorConfig.org 2 | 3 | # top-most EditorConfig file 4 | root = true 5 | 6 | # Unix-style newlines with a newline ending every file 7 | [*] 8 | indent_style = space 9 | indent_size = 4 10 | end_of_line = lf 11 | charset = utf-8 12 | trim_trailing_whitespace = true 13 | insert_final_newline = true 14 | 15 | # Matches multiple files with brace expansion notation 16 | # Set default charset 17 | [*.{js,py}] 18 | charset = utf-8 19 | 20 | # 4 space indentation 21 | [*.py,*.sh] 22 | indent_style = space 23 | indent_size = 4 24 | 25 | # Tab indentation (no size specified) 26 | [Makefile] 27 | indent_style = tab 28 | 29 | # Indentation override for all JS under lib directory 30 | [lib/**.js] 31 | indent_style = space 32 | indent_size = 4 33 | 34 | # Matches the exact files either package.json or .travis.yml 35 | [{package.json,.travis.yml}] 36 | indent_style = space 37 | indent_size = 4 38 | 39 | -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/bug-report-----.md: -------------------------------------------------------------------------------- 1 | --- 2 | name: Bug report 问题报告 3 | about: 用来解决BUG和新功能需求 4 | title: '' 5 | labels: '' 6 | assignees: jinwyp 7 | 8 | --- 9 | 10 | **Describe the bug** A clear and concise description of what the bug is. 11 | 在提出问题前请先自行排除服务器端问题和把客户端升级到最新版本例如v2rayN,同时也请通过搜索确认是否有人提出过相同问题。 12 | 13 | 14 | !!! 请务必提供安装的选择的第几项 !!! 15 | !!! 请务必提供什么操作系统 和用的什么终端 !!! 16 | !!! 请务必提供是否开启了Cloudflare 的 CDN !!! 17 | !!! 请用 ping.pe 或 ping.ceo 网站 输入IP:端口号 查看是否被GFW屏蔽 !!! 18 | 19 | 20 | ** Steps to reproduce the behavior: ** 请提供使用脚本安装的选择第几项: 21 | 22 | 1. 例如选择的第2项 安装trojan. 安装过程中选择了 2 原版trojan-go 23 | 2. 例如选择的第11项 安装v2ray 或 xray . 安装过程中选择了 websocket 选项 并 选择了解锁流媒体 24 | 25 | ** OS and Terminal: ** 系统环境 信息 请务必提供什么操作系统 和用的什么终端 ,还有VPS主机商 26 | 27 | - OS: [e.g. Centos] 28 | - Version [e.g. 7] 29 | - Terminal : 例如 Mac的teminal 或 linux ssh 或 zsh 或 Windows putty 或 VPS自带的在线ssh 30 | - VPS [e.g. Google Cloud] 31 | 32 | 33 | ** To Reproduce ** 复现方法 34 | 35 | Log Info 日志信息: 请提供安装时出错的信息 36 | 例如 xxx 37 | 38 | 安装完成后 通过以下命令 检查服务是否启动成功 并提供输出日志 39 | 40 | 1. 检查 trojan 是否启动成功 ``` systemctl status trojan ``` 41 | 2. 检查 trojan-go 是否启动成功 ``` systemctl status trojan-go ``` 42 | 3. 检查 v2ray 是否启动成功 ``` systemctl status v2ray ``` 43 | 4. 检查 xray 是否启动成功 ``` systemctl status xray ``` 44 | 4. 检查 shadowsocks (xray内核) 是否启动成功 ``` systemctl status shadowsocksxray ``` 45 | 5. 检查 nginx 是否启动成功 ``` systemctl status nginx ``` 46 | 47 | 48 | ** X-UI ** 问你 49 | 1. 请到 https://github.com/vaxilu/x-ui 询问是否有人提出过相同问题 50 | 2. 检查 nginx 是否启动成功 ``` systemctl status nginx ``` 51 | 52 | 53 | 安装完成如选择了安装nginx, 请检查 nginx 是否启动成功,域名网站是否能在浏览器正常打开, 是https 还是 http. 正常安装应该是https. 如果打不开说明nginx安装有问题,请给出nginx安装时输出日志 54 | 55 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | /bbr 2 | 3 | # Prerequisites 4 | *.d 5 | 6 | # Object files 7 | *.o 8 | *.ko 9 | *.obj 10 | *.elf 11 | 12 | # Linker output 13 | *.ilk 14 | *.map 15 | *.exp 16 | 17 | # Precompiled Headers 18 | *.gch 19 | *.pch 20 | 21 | # Libraries 22 | *.lib 23 | *.a 24 | *.la 25 | *.lo 26 | 27 | # Shared objects (inc. Windows DLLs) 28 | *.dll 29 | 30 | *.dylib 31 | 32 | # Executables 33 | *.exe 34 | *.out 35 | *.app 36 | *.i*86 37 | *.x86_64 38 | *.hex 39 | 40 | # Debug files 41 | *.dSYM/ 42 | *.su 43 | *.idb 44 | *.pdb 45 | 46 | # Kernel Module Compile Results 47 | *.mod* 48 | *.cmd 49 | .tmp_versions/ 50 | modules.order 51 | Module.symvers 52 | Mkfile.old 53 | dkms.conf 54 | 55 | 56 | 57 | 58 | 59 | 60 | # static file for dist css html js 61 | 62 | 63 | 64 | 65 | 66 | # css sprite 67 | auto-sprite.png 68 | _auto_sprite.scss 69 | .sass-cache 70 | *auto-sprite* 71 | 72 | 73 | # upload files 74 | 75 | 76 | 77 | # Logs 78 | logs 79 | *.log 80 | npm-debug.log* 81 | 82 | 83 | 84 | 85 | # Runtime data 86 | pids 87 | *.pid 88 | *.seed 89 | 90 | # Directory for instrumented libs generated by jscoverage/JSCover 91 | lib-cov 92 | 93 | # Coverage directory used by tools like istanbul 94 | coverage 95 | 96 | # nyc test coverage 97 | .nyc_output 98 | 99 | # Grunt intermediate storage (http://gruntjs.com/creating-plugins#storing-task-files) 100 | .grunt 101 | 102 | # node-waf configuration 103 | .lock-wscript 104 | 105 | # Compiled binary addons (http://nodejs.org/api/addons.html) 106 | build/Release 107 | 108 | # Dependency directories 109 | node_modules 110 | jspm_packages 111 | 112 | # Optional npm cache directory 113 | .npm 114 | 115 | # Optional REPL history 116 | .node_repl_history 117 | 118 | 119 | 120 | 121 | 122 | # Covers JetBrains IDEs: IntelliJ, RubyMine, PhpStorm, AppCode, PyCharm, CLion, Android Studio and Webstorm 123 | # Reference: https://intellij-support.jetbrains.com/hc/en-us/articles/206544839 124 | 125 | .idea/ 126 | 127 | 128 | ## File-based project format: 129 | *.iws 130 | 131 | ## Plugin-specific files: 132 | 133 | # IntelliJ 134 | /out/ 135 | 136 | # mpeltonen/sbt-idea plugin 137 | .idea_modules/ 138 | 139 | 140 | # JIRA plugin 141 | atlassian-ide-plugin.xml 142 | 143 | # Crashlytics plugin (for Android Studio and IntelliJ) 144 | com_crashlytics_export_strings.xml 145 | crashlytics.properties 146 | crashlytics-build.properties 147 | fabric.properties 148 | 149 | 150 | 151 | 152 | 153 | # Ignore Mac OS desktop services store 154 | *.DS_Store 155 | 156 | 157 | # Ignore Windows desktop setting file 158 | desktop.ini 159 | -------------------------------------------------------------------------------- /DNS.md: -------------------------------------------------------------------------------- 1 | # DNS, DOT(DNS over TLS) and DOH(DNS over HTTPS) 2 | 3 | ## 目录 Table of Contents 4 | 5 | * [DNS DOT DOH 介绍](#dns) 6 | * [Chrome 如何开启DOH 解决DNS污染](#chrome) 7 | * [Firefox 如何开启DOH](#firefox) 8 | * [Edge 如何开启DOH](#edge) 9 | * [安装 AdGuard Home 搭建 DNS 服务器](#adguardhome) 10 | * [使用 Mosdns 分流国内与国外域名DNS解析请求](#mosdns) 11 | 12 | ### DNS 13 | 14 | 1. 面试程序员经常会问的一道面试题: 当在浏览器输入一个网址回车后,后面发生了什么. 例如下图 输入了网址foobar.com后, 首先从DNS服务器查询 foobar.com对应的IP地址 156.x.x.x. 浏览器得到IP后继续访问156.x.x.x 这个服务器地址返回网页. 用户就可以正常浏览网页了. 15 | ![DNS1](https://github.com/jinwyp/one_click_script/blob/master/docs/dns1.png?raw=true) 16 | 17 | 2. 早些年网页采用http方式传输, 网页没有加密. 后来基于TLS加密技术的https方式传送,网页就被加密无法看到传送的内容了. 如下图 18 | ![DNS2](https://github.com/jinwyp/one_click_script/blob/master/docs/dns2.png?raw=true) 19 | 20 | 3. 网页传输 http未加密 与 https加密 对比图. 可以看到内容已被加密 21 | ![HTTPS1](https://github.com/jinwyp/one_click_script/blob/master/docs/https1.png?raw=true) 22 | 23 | 4. 通过DNS解析后得到IP后虽然网页传输是加密的https,其他人无法知道浏览的内容是什么,但第一步查询DNS时是未加密的, GFW防火墙就可以获取到域名信息并污染DNS,返回一个错误的IP地址,这样就无法正常打开网页了. 所以DNS也要加密, DOT(DNS over TLS) 与 DOH(DNS over HTTPS)就诞生了. 开启DOT或DOH后就如下图, 查询DNS后返回的IP地址信息也是加密的. GFW就无法截取信息并污染DNS了. 如何开启DOT和DOH 请看[Chrome开启方法](#chrome) 和 [Firefox开启方法](#firefox) 24 | ![DNS3](https://github.com/jinwyp/one_click_script/blob/master/docs/dns3.png?raw=true) 25 | 26 | 5. 根据上图仔细看还会发现,第一步输入网址查询DNS的时候还是未加密的, 这样网址的名称还会被其他人获取, 为了解决这个问题又提出了ESNI(Encrypted server name indication), 这样从所有链路都加密了. 由于从第一步输入网址信息就是加密的, 那么DNS服务器如何知道输入的什么网址呢, 所以该技术需要浏览器和DNS提供商配合, 目前新版firefox和CDN服务商Cloudflare已支持开启ESNI. [如何开启Firefox的ESNI方法](#firefoxesni). 27 | 28 | 6. 更多DOH DOT ESNI 资料请看[什么是加密的 SNI](https://www.cloudflare.com/zh-cn/learning/ssl/what-is-encrypted-sni/). [使用 ESNI、DoH 和 DoT](https://www.toptal.com/web/encrypted-safe-with-esni-doh-dot). [搭建全协议DNS服务器](https://blog.dnomd343.top/dns-server/) 29 | 30 | 31 | ### Chrome 32 | 33 | 1. 需要先下载新版本Chrome 100 [下载地址1](https://pan.baidu.com/s/1PPRPggOHvBhcuZoQL7ZRQQ?pwd=9xuu). [下载地址2](https://wws.lanzout.com/ihbbt040y4oh) 34 | 2. 打开 Chrome, 在网址栏输入 chrome://settings/security 回车后, 进入"安全"设置页面. 或者点击Chrome地址栏右边菜单栏的三个点 打开菜单,然后点击 "设置" , 然后点击左边菜单的 "隐私设置和安全性", 然后在右边找到的 "安全"点击进入"安全"设置页面 35 | 36 | ![Chrome1](https://github.com/jinwyp/one_click_script/blob/master/docs/chrome1.png?raw=true) 37 | ![Chrome2](https://github.com/jinwyp/one_click_script/blob/master/docs/chrome2.png?raw=true) 38 | 39 | 3. 在打开的 "安全" 设置页面中, 选中 "使用安全 DNS" 后面的滑块, 再选择下拉框中的Cloudflare 1.1.1.1 或 Google Public DNS,也可以选择下拉框里选择自定义, 然后在下面文本框中输入自己找到的 DoH 服务器. [DNS服务器列表](https://dns.icoa.cn/) [如何验证是否开启DOT和ESNI](#测试是否开启DOT和ESNI ). 40 | 41 | ![Chrome3](https://github.com/jinwyp/one_click_script/blob/master/docs/chrome3.png?raw=true) 42 | 43 | 4. 有时候选择Cloudflare 1.1.1.1 或 Google Public DNS 会出现打不开网站的情况, 这是因为GFW防火墙除了会污染DNS, 还会直接屏蔽掉IP, 导致Cloudflare 1.1.1.1 或 Google Public DNS 8.8.8.8 无法访问, 也就无法解析DNS域名. 解决办法就是自己找到其他海外支持DOT或DOH的DNS服务器, 或者自己在海外架设DNS服务器. 可以使用[ 44 | AdGuardHome](https://github.com/AdguardTeam/AdGuardHome). 具体方法请看[搭建自己的DNS服务器](#搭建自己的DNS服务器). 45 | 46 | 5. 使用了国外的DOT或DOH后, 也会发现访问国内网站慢, 或者访问国内网站变成海外版本的问题. 这就需要区分国内和国外网站走不同的DNS进行分流, [具体请看DNS分流](#分流国内和国外的DNS服务解析) 47 | 48 | ### Firefox 49 | 50 | 1. 需要下载新版本的Firefox. [下载地址1](https://pan.baidu.com/s/19u-Ayy-rKvgYDmg_TNDIzA?pwd=827m). [下载地址2](https://wws.lanzout.com/ipGdD040ylbg) 51 | 52 | 2. 点击右边的菜单栏, 然后在下拉菜单点击 "设置". 然后选择左边菜单点击"常规", 然后在右边最下面"网络设置" 点击"设置" 53 | ![Firefox1](https://github.com/jinwyp/one_click_script/blob/master/docs/firefox1.png?raw=true) 54 | ![Firefox2](https://github.com/jinwyp/one_click_script/blob/master/docs/firefox2.png?raw=true) 55 | 56 | 3. 在打开的对话框中,在最下面, 选中 "启用基于 HTTPS 的 DNS", 然后在下拉框可以选择Cloudflare 默认值或自定义的DOT服务器 . [如何验证是否开启DOT和ESNI](#测试是否开启DOT和ESNI ). 57 | ![Firefox3](https://github.com/jinwyp/one_click_script/blob/master/docs/firefox3.png?raw=true) 58 | 59 | 4. 其他网上教程 [在Firefox中启用 DNS-over-HTTPS(DoH)](https://zhuanlan.zhihu.com/p/75845767) 60 | 61 | ### FirefoxESNI 62 | 63 | 1. 需要下载最新版的Firefox [下载地址1](https://pan.baidu.com/s/19u-Ayy-rKvgYDmg_TNDIzA?pwd=827m). [下载地址2](https://wws.lanzout.com/ipGdD040ylbg) 64 | 2. 在地址栏输入 ``` about:config ``` , 然后点击 "接受风险并继续", 然后搜索 ``` network.security.esni.enabled ``` , 65 | ![Firefox1](https://github.com/jinwyp/one_click_script/blob/master/docs/firefoxesni1.png?raw=true) 66 | ![Firefox2](https://github.com/jinwyp/one_click_script/blob/master/docs/firefoxesni2.png?raw=true) 67 | 68 | 3. 然后选择 "布尔" 类型, 点击右边 + 号, 然后点击右边按钮 将值设为true, 完成. [如何验证是否开启DOT和ESNI](#测试是否开启DOT和ESNI ). 69 | ![Firefox3](https://github.com/jinwyp/one_click_script/blob/master/docs/firefoxesni3.png?raw=true) 70 | 71 | 4. 开启 Encrypted Client Hello (ECH) (ESNI的进化版本). 同样在 ``` about:config ``` 搜索条目 ```network.dns.echconfig.enabled``` 和 ```network.dns.use_https_rr_as_altsvc```,将它们的值设定改为 true 即可。 72 | 73 | 5. 更多问题请查看 [在 Firefox 上设置 DoH 和 ESNI/ECH](https://blog.outv.im/2020/firefox-doh-ech-esni/) 74 | 75 | 76 | ### Edge 77 | 78 | 1. Edge 浏览器 [设置DoH加密DNS的方法] (https://www.icoa.cn/a/953.html) 79 | 80 | ### 测试是否开启DOT和ESNI 81 | 82 | 1. 使用浏览器打开 https://www.cloudflare.com/zh-cn/ssl/encrypted-sni/ 点击 "Check My Browser" 按钮. 测试之前浏览器设置DNS的服务器请选择Cloudflare的DOH的服务器. 83 | 84 | ![CF1](https://github.com/jinwyp/one_click_script/blob/master/docs/cfcheck1.png?raw=true) 85 | 86 | 2. 查看结果. 目前Chrome 还不支持ESNI,估计很快就会支持. 87 | ![CF2](https://github.com/jinwyp/one_click_script/blob/master/docs/cfcheck2.png?raw=true) 88 | 89 | 90 | 3. 常见问题: Cloudflare 提醒我 ESNI 未启用!可能是你的 DNS over HTTPS 并没有生效,Firefox 还在使用普通的 DNS 请求方式。这种情况下 ECH 无法工作。 91 | 92 | 你可以尝试按照 Mozilla Wiki 的指示,在 about:config 中将 network.trr.mode设置为 3,即只使用 TRR(也就是我们的 DNS over HTTPS),强制 Firefox 使用 DoH,这样就能确保使用 ESNI 了。 93 | 94 | ![CF3](https://github.com/jinwyp/one_click_script/blob/master/docs/cfcheck3.png?raw=true) 95 | 96 | ### AdGuardHome 97 | ### 搭建的DNS服务器 98 | 99 | 1. 通过本脚本, ``` bash <(curl -Lso- https://git.io/oneclick) ``` 运行本脚本, 选择28 安装 AdGuard Home 架设DNS服务器, 同时还可以去广告. 建议在国外的服务器上安装 100 | 2. 安装完成后, 再次运行本脚本 选择29 申请域名证书. 这样就可以开启DOH和DOT 加密DNS解析. 101 | 102 | 3. 具体设置请参考 [AdGuardHome 官方网站](https://github.com/AdguardTeam/AdGuardHome). 本脚本已经自动添加了针对中国网站的广告屏蔽规则. 103 | 4. [AdGuard Home 的整理的DNS服务器列表](https://kb.adguard.com/en/general/dns-providers) 104 | 105 | ### Mosdns 106 | ### 分流国内和国外的DNS服务解析 107 | 108 | 1. 建议有条件的请先按照上面教程搭建AdGuardHome DNS服务器. 然后再安装mosdns 进行DNS分流. 没有条件搭建DNS服务器也不用担心, 本脚本已经内置多个DNS服务器地址 109 | 2. 通过使用mosdns 或 mosdns-cn 可以让国内的网址走国内的DNS解析, 国外的网址走国外的DNS解析. 同时也不用在浏览器里面设置DOH了 (上面教程里浏览器设置部分不需要了). 安装mosdns 分为 [Openwrt X86版本](#mosdnsopenwrt), [linux 版本](#mosdnslinux) 或 [windows 版本](#mosdnswindows). 建议有软路由的直接在软路由安装Openwrt X86版本. 110 | 111 | #### Mosdnsopenwrt 112 | #### Mosdns 在 Openwrt 上安装与使用 113 | 1. 升级带有Moddns 的路由器固件. X86的Openwrt可以很方便升级最近的固件 例如Esir的固件或 Sirpdboy 的固件 114 | 2. Esir的固件下载 https://drive.google.com/drive/folders/1uRXg_krKHPrQneI3F2GNcSVRoCgkqESr . Esir youtube 频道 https://www.youtube.com/c/eSirPlayGround 115 | 3. Sirpdboy 的固件下载 https://github.com/sirpdboy/openwrt/blob/master/README.md#%E5%9B%BA%E4%BB%B6%E4%B8%8B%E8%BD%BD 116 | 117 | 4. 如果使用x86 openwrt 软路由, 也可以直接使用 SSH登录到软路由上 使用如下脚本安装mosdns. 如果已经安装过mosdns 可以在OpenWRT中先删除mosdns. 在openwrt管理菜单 系统 -> 软件包 -> 过滤器 里面 搜索 mosdns 有两个结果 一个是mosdns 一个是 luci-app-mosdns 2个都点击移除 然后再用下面脚本重新安装就可以了 118 | ```bash 119 | wget --no-check-certificate https://raw.githubusercontent.com/jinwyp/one_click_script/master/dsm/openwrt.sh && chmod +x ./openwrt.sh && ./openwrt.sh 120 | ``` 121 | 122 | 5. 在软路由安装 luci-app-mosdns 完毕后, 请进入OpenWRT管理菜单: 服务-> MosDNS, 在第一个 基本配置 选项卡页面 勾选 "DNS转发 将 Dnsmasq 域名解析请求转发到 MosDNS 服务器" 然后勾选 启用 复选框后, 点击 保存&应用 按钮 就可以启动 MosDNS. 注意:如果mosdns启动失败, 请先关闭ssr 或 passwall 或 clash 等插件, 因为这些插件内置的PDNSD也运行在5335端口导致冲突. 或者更换mosdns的启动端口. 123 | 124 | ![mosdns1](https://github.com/jinwyp/one_click_script/blob/master/docs/mosdns1.png?raw=true) 125 | 126 | 127 | 6. 然后在 OpenWRT管理菜单: 网络-> DHCP/DNS -> DNS 转发 填入 127.0.0.1#5335, 因为mosdns运行在软路由的5335端口, 如果mosdns不是运行在软路由 而是用下面的脚本运行在其他linux上,则填入对应IP和端口即可. 然后在第二个tab "HOSTS 和解析文件" 勾选 忽略解析文件. 最后点击右下角 保存&应用 按钮完成设置. 注意: 如果没有正确填写转发就勾选了 "忽略解析文件" 会导致无法上网, 忽略解析文件的意思就是在dnsmasq 添加 no-reslov 指令不再使用原有的上游DNS解析. 128 | 129 | ![mosdns2](https://github.com/jinwyp/one_click_script/blob/master/docs/mosdns2.png?raw=true) 130 | ![mosdns3](https://github.com/jinwyp/one_click_script/blob/master/docs/mosdns3.png?raw=true) 131 | 132 | 7. 最后在 ShadowSocksR Plus+ 或其他passwal等插件中 设置 -> DNS解析方式 -> 使用本机端口为5335的DNS服务. 注意: 默认第一个选项使用PDNSD TCP查询并缓存, 该项的PDNSD的也运行在5335端口, 所以会导致冲突, 如果mosdns启动失败, 请先关闭SSR plus 然后在Openwrt菜单 服务-> MosDNS 页面启动Mosdns. 然后回到ShadowSocksR Plus+页面 选择"使用本机端口为5335的DNS服务"后再启动ssr 即可. 133 | 134 | ![mosdns4](https://github.com/jinwyp/one_click_script/blob/master/docs/mosdns4.png?raw=true) 135 | 136 | #### Mosdnslinux 137 | #### Mosdns 在 linux 上安装与使用 138 | 1. 如果 linux系统 可以使用如下脚本在linux 系统上安装 mosdns 或 mosdns-cn. 安装完成后按照上面的步骤在路由器中设置DNS即可. 139 | ```bash 140 | wget --no-check-certificate https://raw.githubusercontent.com/jinwyp/one_click_script/master/trojan_v2ray_install.sh && chmod +x ./trojan_v2ray_install.sh && ./trojan_v2ray_install.sh 141 | ``` 142 | 143 | #### Mosdnswindows 144 | #### Mosdns 在 windows 上安装与使用 145 | 146 | 1. 如果是 windows 系统, 推荐直接下载打包好的 [mosdns](https://pan.baidu.com/s/1EN6nvlwQLYzwotCIaDs5UA?pwd=t34w) 提取码: t34w 解压后运行 run_mosdns.bat 147 | 148 | 2. 如果是 windows 系统, 也可以直接下载打包好的 [mosdns-cn](https://wws.lanzout.com/i7pYR05e80eh) 解压后运行 run.bat 或运行命令 ``` mosdns-cn --config ./config_mosdns_cn.yaml ``` 149 | 150 | 3. 如果是 windows 系统, 也可以可以从 [mosdns-cn 官方网站](https://github.com/IrineSistiana/mosdns-cn/releases/download/v1.4.0/mosdns-cn-windows-amd64.zip) 下载 mosdns-cn 压缩包直接解压后放到一个目录中. 再下载 [geosite文件](https://github.com/Loyalsoldier/v2ray-rules-dat/releases/latest/download/geosite.dat) [geoip文件](https://raw.githubusercontent.com/Loyalsoldier/geoip/release/geoip.dat) [cnip文件](https://raw.githubusercontent.com/Loyalsoldier/geoip/release/cn.dat) 放到mosdns-cn解压的同一个目录中. 最后运行 ``` mosdns-cn -s :53 --blacklist-domain "geosite.dat:category-ads-all" --local-upstream https://223.5.5.5/dns-query --local-domain "geosite.dat:cn" --local-ip "geoip.dat:cn" --remote-upstream https://8.8.8.8/dns-query --remote-domain "geosite.dat:geolocation-!cn" ``` 即可. 151 | 152 | 153 | 4. 如果是OpenWRT路由器则不用在每个终端设备上设置, 只需要在路由器上设置即可,请看下面OpenWRT的设置. 如果是非OpenWRT路由器, 需要在你的每个终端设备上设置DNS服务器为Mosdns的IP. 例如windows 需要在网络设置设置中指定DNS服务器为Mosdns的IP. 154 | ![mosdns6](https://github.com/jinwyp/one_click_script/blob/master/docs/mosdns6.png?raw=true) 155 | 156 | 5. 在OpenWRT中可以在DHCP给客户端分配IP时, 直接给客户端赋予与路由器IP不同的DNS服务器, 这样无论通过上面方法架设好mosdns后, 把运行mosdns 的机器的IP填入下图.客户端就不用手动设置DNS了. OpenWRT管理菜单: 网络 -> 接口 -> LAN 点击"修改" 按钮 进入页面下部 "DHCP 服务器" 部分, 点击第二个tab "高级设置" -> DHCP 选项 填入6,192.168.1.5, 其中192.168.1.5改为mosdns的机器IP就可以了. 这样所有客户端会默认使用mosdns作为DNS服务器, 同时也不需要上面的设置 DHCP/DNS -> DNS 转发 的修改方法了. 客户端需要重新连接一下WIFI或网络重新获取IP地址才能生效. 157 | ![mosdns5](https://github.com/jinwyp/one_click_script/blob/master/docs/mosdns5.png?raw=true) 158 | 159 | 160 | 6. 具体参数可以参考官方网站 https://github.com/IrineSistiana/mosdns-cn 和 https://github.com/IrineSistiana/mosdns 161 | 7. Mosdns 相关整理好的配置文件 https://github.com/pmkol/easymosdns 和 https://github.com/Journalist-HK/mosdns-config 162 | 163 | ### DNS服务器列表大全 164 | 165 | 1. [AdGuard 官方DNS服务器列表1](https://adguard-dns.io/kb/general/dns-providers/) 166 | 167 | 2. [DNS服务器列表2](https://dns.icoa.cn/), [https://dns.icoa.cn/](https://dns.icoa.cn/) 168 | 169 | 3. [全国DNS列表](https://github.com/easonjim/dns-server-list) 170 | 171 | -------------------------------------------------------------------------------- /HOWTOUSEGO.md: -------------------------------------------------------------------------------- 1 | # How to use software by go language 2 | 3 | 4 | 5 | ## 如何使用go语言开发的软件 6 | 7 | ### 区分服务器端还是客户端使用的软件, 区分命令行客户端软件不同操作系统平台 8 | 9 | 10 | 1. 很多软件首先要区分是用在服务器端还是客户端. 服务器端(即运行在linux操作系统下服务器端软件,而且是命令行软件,没有图形界面). 客户端(即平常使用的 windows/Mac/iOS/Android 系统) 11 | 12 | #### 例子1 例如内网穿透软件FRP 13 | 14 | 1. 例子1 例如内网穿透软件FRP https://github.com/fatedier/frp 15 | 打开github官方网页后首先找到右边 Releases 处, 可以看到当前最新版本是0.39.0 16 | ![软件使用11](https://github.com/jinwyp/one_click_script/blob/master/docs/go1.png?raw=true) 17 | 18 | 19 | 2. 点击 Releases 进入已编译打包好的程序下载页面 https://github.com/fatedier/frp/releases 20 | 21 | ![软件使用12](https://github.com/jinwyp/one_click_script/blob/master/docs/go2.png?raw=true) 22 | 23 | 3. 这里就要下载服务器端还是客户端软件. 如果要下载服务器端, 正常情况一般linux服务器都是x86架构的64位CPU, 需要下载 frp_0.39.0_linux_amd64.tar.gz. 就是要下载"amd64"字样的服务器端程序. 如果服务器是很老的32位CPU 需要下载 frp_0.39.0_linux_386.tar.gz. 就是要下载"386"字样的服务器端. 如果服务器是使用ARM的CPU,同样需要区分是64位的ARM还是32位的ARM CPU. 64位的ARM对应下载frp_0.39.0_linux_arm64.tar.gz, 32位的ARM CPU 对应下载frp_0.39.0_linux_arm.tar.gz. 24 | 25 | 4. 下载完成后解压出来 frps是用于服务器端, frpc是用于客户端. 26 | 27 | 5. 一般用户用的都是客户端 并且都是 windows/Mac/iOS/Android 系统. 就要下载 windows 客户端 frp_0.39.0_windows_amd64.zip. 或下载 Mac 客户端 frp_0.39.0_darwin_amd64.tar.gz. Mac就是要下载"darwin"字样的程序. 而新出的M1芯片的Mac由于是ARM架构, 就需要下载frp_0.39.0_darwin_arm64.tar.gz. 下载完成后解压出来 frpc是用于客户端. 通常需要先修改配置文件然后运行frpc就可以了. 28 | 29 | #### 例子2 V2ray 30 | 31 | 1. 例子2 V2ray https://github.com/v2fly/v2ray-core 32 | 打开github官方网页后首先找到右边 Releases 处, 可以看到当前最新版本是4.44.0 33 | ![软件使用11](https://github.com/jinwyp/one_click_script/blob/master/docs/gov1.png?raw=true) 34 | 35 | 36 | 2. 点击 Releases 进入已编译打包好的程序下载页面 https://github.com/v2fly/v2ray-core/releases 由于目前v2ray 5.0版本是开发者预览版本还不稳定, 把页面向下翻找到4.44.0版本 37 | 38 | ![软件使用12](https://github.com/jinwyp/one_click_script/blob/master/docs/gov2.png?raw=true) 39 | 40 | ![软件使用13](https://github.com/jinwyp/one_click_script/blob/master/docs/gov3.png?raw=true) 41 | 42 | 43 | 3. 这里就要下载服务器端还是客户端软件. 如果要下载服务器端, 正常情况一般linux服务器都是x86架构的64位CPU, 需要下载 v2ray-linux-64.zip. 就是要下载"64"字样的服务器端程序. 如果服务器是很老的32位CPU 需要下载 v2ray-linux-32.zip. 就是要下载"32"字样的服务器端. 如果服务器是使用ARM的CPU,同样需要区分是64位的ARM还是32位的ARM CPU. 64位的ARM对应下载v2ray-linux-arm64-v8a.zip, 32位的ARM CPU 对应下载v2ray-linux-arm32-v7a.zip 或 v2ray-linux-arm32-v6.zip. 44 | 45 | 4. 下载完成后解压出来 与frp不同, v2ray服务器端与客户端是同一个文件, 都是v2ray, 是通过v2ray 配置文件来区分启动的是服务器端还是客户端 46 | 47 | 5. 一般用户用的都是客户端 并且都是 windows/Mac/iOS/Android 系统. 就要下载 windows 客户端 v2ray-windows-64.zip. 或下载 Mac 客户端 v2ray-macos-64.zip. 而新出的M1芯片的Mac由于是ARM架构, 就需要下载v2ray-macos-arm64-v8a.zip. Android 客户端就下载v2ray-android-arm64-v8a.zip 下载完成后解压出来, 通常需要先修改配置文件然后运行v2ray就可以了. 48 | 49 | 50 | 51 | 52 | ### 区分是命令行程序还是带有UI的GUI界面软件 53 | 54 | 1. 上面是命令行方式运行的程序核心文件. 对于普通用户来说命令行方式需要手动修改配置文件很不方便. 所以对普通用户来说肯定需要找对应的UI带界面的程序,这样使用起来才方便. UI带界面的程序与原来的命令行程序都是不同项目不同人开发的. 所以有的界面集成了核心命令程序, 有的没有集成核心命令行程序只是一个界面需要自己手动下载命令行与UI界面程序放到一起. 55 | 56 | 2. 同样用v2ray举例, 不同平台的v2ray UI界面程序五花八门, 名字叫什么的都有, 所以要区分仅仅是v2ray的界面程序还是 根本就不是v2ray的UI界面程序而是可以支持v2ray的协议的程序例如Clash 57 | 58 | 3. 这里先说仅仅是v2ray的UI界面程序. 例如 windows平台 v2rayN 根据上面介绍进入v2rayN项目的下载Releases 页面 https://github.com/2dust/v2rayN/releases 当前版本4.29 59 | 60 | ![软件使用15](https://github.com/jinwyp/one_click_script/blob/master/docs/gov5.png?raw=true) 61 | 62 | 4. 由于 v2rayN只针对 windows 平台 所以不需要区分平台版本, 下载 v2rayN-Core.zip 带v2ray命令行核心文件. 或下载 v2rayN.zip 只有界面程序需要手动下载 [v2ray命令行程序](https://github.com/v2fly/v2ray-core/releases) 63 | 64 | 5. 这种界面程序与核心程序分开的好处就是 如果核心命令行有新功能升级了, 可以单独升级命令行核心程序. 在v2rayN可以点击 检查更新 升级v2ray-core或xray-core. 这里简单说明一下 v2ray-core和xray-core的区别. xray-core基本与v2ray-core相同, 但xray-core 多支持一种XTLS加密方式, XTLS速度快,但需要服务器端开启. 具体详细请看[xray官方文档](https://xtls.github.io/). 如果需要使用XTLS加密, 需要在v2rayN中参数设置-> v2rayN 设置 -> Core类型设置 使用xray-core. 65 | 66 | 67 | ![软件使用15](https://github.com/jinwyp/one_click_script/blob/master/docs/gov6.png?raw=true) 68 | 69 | 6. windows 平台下的v2ray的UI界面程序 还有WinXray [官方地址](https://github.com/TheMRLL/WinXray/releases) 70 | 71 | 7. [Qv2ray](https://github.com/Qv2ray/Qv2ray/releases)也是一个v2ray的UI界面程序, 而且支持windows和Mac, 还可以通过插件支持trojan等其他协议. 72 | 73 | 8. 不同平台下都有不同的UI界面程序, 有的集成了核心命令行程序有的没有集成, 所以要学会到官方github网站上下载最新版程序. Windows 平台: v2rayN / Qv2ray / WinXray. Android 平台: v2rayNG / Kitsunebi. iOS 平台(只能通过apple store 购买获得): Shadowrocket / Quantumult / Quantumult X. OpenWrt 路由器平台: PassWall / Hello World / ShadowSocksR Plus+ 74 | 75 | ### 本身不是某个软件的UI界面程序 例如 Clash 与 Quantumult X 76 | 77 | 1. [Clash](https://github.com/Dreamacro/clash) 本身并不是v2ray的UI界面程序. Clash本身自己是个独立的代理平台软件,主要用来提供SOCKS5/HTTP代理. 而随后支持V2ray的Vmess协议, 同时还支持 Shadowsocks, Snell, Trojan等其他协议. 78 | 79 | 2. 同样 Clash也是go语言开发的命令行软件, 用户要方便使用还需要找对应平台的UI客户端. 例如 windows 平台下UI界面客户端 [clash_for_windows](https://github.com/Fndroid/clash_for_windows_pkg/releases) 注意 clash_for_windows 没有开源, 安全性未知. Mac平台下Clash的UI界面客户端 [clashX](https://github.com/yichengchen/clashX). Android平台下Clash的UI界面客户端 [ClashForAndroid](https://github.com/Kr328/ClashForAndroid). 80 | 81 | 82 | 83 | ### 关于 TLS 加密与各种协议的介绍和具体使用方法 敬请期待 84 | 85 | -------------------------------------------------------------------------------- /KERNEL.md: -------------------------------------------------------------------------------- 1 | # Easy install latest or LTS linux kernel and enable BBR or BBR plus 2 | 3 | ### [中文文档](/KERNEL_CN.md) 4 | ### [xray v2ray trojan 一键安装脚本](/README2.md) 5 | 6 | ## Sponsors 7 | Thanks for support this project. Check on [patreon](https://www.patreon.com/linuxkernel) 8 | 9 | 10 | ## Table of Contents 11 | 12 | * [Easy install v2ray (xray) and trojan (trojan-go) script (ultimate script for all condition)](/README2.md) 13 | * [Install linux latest and LTS kernel. Install BBR Plus kernel](#kernel) 14 | * [Enable BBR or BBR plus or BBR2 congestion control algorithm with FQ or CAKE](#kernel) 15 | * [Install wireguard and Cloudflare WARP. Unlock Netflix ip geo-restriction. Avoid Google reCAPTCHA human verification](#Wireguard) 16 | 17 | 18 | ## Features 19 | 1. Easily switch Linux kernel for all versions, including latest kernel, 5.16, 5.10 LTS, 5.4 LTS, 4.19 LTS, 4.14 LTS 20 | 2. Easily enable BBR or BBR plus congestion control algorithm with FQ / FQ-Codel / FQ-PIE / CAKE. 21 | 3. Support Debian9+, Ubuntu 16+ and CentOS 7+ operation systems 22 | 4. Install wireguard and Cloudflare WARP client to avoid Google reCAPTCHA and unlock Netflix ip geo-restriction 23 | 24 | 25 | 26 | 27 | ## Installation 28 | 29 | #### via bash 30 | ```bash 31 | bash <(curl -Lso- https://git.io/kernel.sh) 32 | ``` 33 | #### via curl to install script 34 | 35 | ```bash 36 | curl -O https://raw.githubusercontent.com/jinwyp/one_click_script/master/install_kernel.sh && chmod +x ./install_kernel.sh && ./install_kernel.sh 37 | ``` 38 | 39 | 40 | #### via wget to install script 41 | 42 | ```bash 43 | wget --no-check-certificate https://raw.githubusercontent.com/jinwyp/one_click_script/master/install_kernel.sh && chmod +x ./install_kernel.sh && ./install_kernel.sh 44 | ``` 45 | 46 | 47 | 48 | ![功能列表3](https://github.com/jinwyp/one_click_script/blob/master/docs/readme3_en.png?raw=true) 49 | 50 | 51 | 52 | 53 | ## Usage 54 | 55 | ### kernel 56 | ### Install latest or LTS linux kernel and enable BBR or BBR Plus 57 | 58 | 1. On CentOS / AlmaLinux / Rocky Linux, run script then choose 31 to install latest 5.16 kernel or choose 35 to install LTS 5.10 kernel (recommended). It will reboot twice duiring the whole installation. 59 | 2. On Debian run script then choose 41 to install LTS 5.10 kernel, on Ubuntu please choose 45 to install LTS 5.10 kernel. It will reboot twice duiring the whole installation. 60 | 3. After finished new kernel installation, rerun the script and choose 2 to enable BBR congestion control algorithm with Cake(recommended) or FQ. 61 | 4. To enable BBR Plus. run script then choose 61 to install BBR Plus 4.14.129 kernel , or choose 66 to install BBR Plus 5.10 LTS kernel. It will reboot twice duiring the whole installation. After finished new kernel installation, rerun the script then choose 3 to enable BBR Plus. 62 | 5. Duiring the the whole installation when show the big warning screen(see below pics), please choose "NO" to continue installation. Do not abort kernel removal. 63 | 64 | ![注意 安装BBR plus](https://github.com/jinwyp/one_click_script/blob/master/docs/debian.jpg?raw=true) 65 | ![注意 安装BBR plus](https://github.com/jinwyp/one_click_script/blob/master/docs/kernel.png?raw=true) 66 | ![注意 安装BBR plus](https://github.com/jinwyp/one_click_script/blob/master/docs/ubuntu.png?raw=true) 67 | 68 | 6. To install XanMod kernel and enable BBR2 on Debian or Ubuntu. Run script then choose 51 to install XanMod LTS 5.10 kernel, after reboot and finish kernel installation, rerun the script then choose 2 to enable BBR2 congestion control algorithm. 69 | 70 | 71 | ### Wireguard 72 | ### Unlock Netflix(Youtube/Hulu/HBO Now/Disney+) region restriction and avoid Google reCAPTCHA human verification 73 | 74 | 1. Unlock with Cloudflare WARP sock5 proxy. Run script then choose 11 to install Cloudflare WARP linux client sock5 proxy, After finish installation, rerun script then choose 21 to test whether Netflix is unlock or not through the WARP sock5 proxy. 75 | 2. Unlock with Cloudflare WARP IPv6. Run script then choose 12 to install Wireguard and Cloudflare WARP. After finish installation, The VPS will enable IPv6. As default the VPS is to use IPv4 to access the network. Rerun script then choose 21 to test whether Netflix is unlock or not through the IPv6. 76 | 3. To unlock Netflix and other stream website. Using the [script](/README.md) in the same repo to install v2ray. During the v2ray installation follow the instruction and select different v2ray routing rules (IPv6 or WARP sock5 or DNS or other unlocked v2ray server) to unlock netflix. 77 | 4. To avoid Google reCAPTCHA human verification. Using the [script](/README.md) in the same repo to install v2ray. During the v2ray installation follow the instruction and select different v2ray routing rules (IPv6 or WARP sock5 or other unlocked v2ray server) to avoid Google reCAPTCHA. Recommended to use IPv6 to avoid Google reCAPTCHA. 78 | 79 | 80 | 81 | 82 | ## Netflix-Check 83 | ### Netflix non-self produced drama test script for regions. Support test with IPv6 and Cloudflare WARP Sock5 proxy 84 | 85 | #### via wget to install script 86 | 87 | ```bash 88 | wget --no-check-certificate https://raw.githubusercontent.com/jinwyp/one_click_script/master/netflix_check.sh && chmod +x ./netflix_check.sh && ./netflix_check.sh 89 | ``` 90 | 91 | 92 | #### via curl to install script 93 | 94 | ```bash 95 | curl -O https://raw.githubusercontent.com/jinwyp/one_click_script/master/netflix_check.sh && chmod +x ./netflix_check.sh && ./netflix_check.sh 96 | ``` 97 | 98 | 99 | 100 | ## FAQ 101 | 102 | 1. Netflix non-self produced drama test script can't test through v2ray routing rule. The VPS is already unlocked but the result of the test could not show the right unlocked answer. You can use the test script on the V2ray client computer which connected the unlocked netflix V2ray server to get the right unlocked result. The Netflix non-self produced drama test shell script can be running on Mac and linux. On Windows you can use Ubuntu (windows linux sub-system) to run the test script. 103 | 104 | 105 | 106 | -------------------------------------------------------------------------------- /KERNEL_CN.md: -------------------------------------------------------------------------------- 1 | # Easy install latest or LTS linux kernel and enable BBR or BBR plus 2 | 3 | ### [xray v2ray trojan 一键安装脚本](/README2.md) 4 | 5 | ## 目录 Table of Contents 6 | 7 | * [Trojan 或 Trojan-go 和 V2ray 或 xray 一键安装脚本](/README2_CN.md) 8 | * [安装 Linux 最新版内核或 LTS 内核, 安装支持 BBR Plus 内核](#kernel) 9 | * [开启BBR 或 BBR plus 网络加速](#kernel) 10 | * [安装 wireguard 和 Cloudflare WARP, 解锁 Netflix 区域限制 和 避免弹出Google人机验证](#Wireguard) 11 | * [Netflix 非自制剧检测脚本 支持IPv6和 WARP Sock5 代理检测](#netflix-check) 12 | 13 | ## 功能说明 Features 14 | 1. 安装各个版本的 Linux 内核 包括最新的5.16内核 和 所有LTS内核. 例如 5.10 LTS, 5.4 LTS, 4.19 LTS, 4.14 LTS 15 | 2. 开启 BBR / BBR Plus / BBR2 网络加速, 切换 FQ / FQ-Codel / FQ-PIE / CAKE 队列调度算法. 16 | 3. 支持 Debian9+, Ubuntu 16+, CentOS 7+ (AlmaLinux / Rocky Linux) 17 | 4. 安装 wireguard 和 Cloudflare WARP sock5 client 用于解锁 Netflix 和避免弹出Google人机验证 18 | 19 | 20 | ## Installation 安装方法 21 | 22 | #### Usage 脚本使用方法 23 | ```bash 24 | bash <(curl -Lso- https://git.io/kernel.sh) 25 | ``` 26 | #### 通过 curl 命令安装 via curl to install script 27 | 28 | ```bash 29 | curl -O https://raw.githubusercontent.com/jinwyp/one_click_script/master/install_kernel.sh && chmod +x ./install_kernel.sh && ./install_kernel.sh 30 | ``` 31 | 32 | 33 | #### 通过 wget 命令安装 Linux 内核 和 Wireguard via wget to install script 34 | 35 | ```bash 36 | wget --no-check-certificate https://raw.githubusercontent.com/jinwyp/one_click_script/master/install_kernel.sh && chmod +x ./install_kernel.sh && ./install_kernel.sh 37 | ``` 38 | 39 | 40 | 41 | ![功能列表3](https://github.com/jinwyp/one_click_script/blob/master/docs/readme3.png?raw=true) 42 | 43 | 44 | 45 | 46 | ## 使用说明 Usage 47 | 48 | ### kernel 49 | ### 安装 linux 新版内核 开启BBR 或 BBR Plus 加速 50 | 51 | 52 | 1. CentOS / AlmaLinux / Rocky Linux 系统安装新版 linux 内核. 运行脚本后 请选择31 安装官方源最新版5.16内核 或选择35 安装 LTS 5.10 内核 推荐安装 LTS 5.10. 根据提示需要重启2次 完成内核安装。 53 | 2. Debian / Ubuntu 系统安装新版 linux 内核. 运行脚本后 Debian 请选择41 安装 LTS 5.10 内核, Ubuntu 请选择45 安装 LTS 5.10 内核. 根据提示需要重启2次 完成内核安装。 54 | 3. 开启 BBR 网络加速. 完成上面更换新内核后, 重新运行脚本后 选择2 然后根据提示选择 BBR 加速, 推荐使用BBR + Cake 组合算法. 55 | 4. 安装BBR Plus 内核并开启 BBR Plus. 运行脚本后 选择61 安装原版4.14.129版本 BBR Plus 内核, 或选择66 安装5.10 LTS BBR Plus内核. 安装完成重启2次后, 重新运行脚本后 选择3 根据提示开始 BBR Plus. 56 | 5. 注意安装过程中 如果弹出大框的英文提示(下面有示例图) "安装linux内核有风险是否终止", 要选择" NO" 不终止. 安装完毕会重启VPS. 57 | 58 | ![注意 安装BBR plus](https://github.com/jinwyp/one_click_script/blob/master/docs/debian.jpg?raw=true) 59 | ![注意 安装BBR plus](https://github.com/jinwyp/one_click_script/blob/master/docs/kernel.png?raw=true) 60 | ![注意 安装BBR plus](https://github.com/jinwyp/one_click_script/blob/master/docs/ubuntu.png?raw=true) 61 | 62 | 6. 安装 XanMod 内核并开启 BBR2. Debian / Ubuntu 系统 运行脚本后 请选择51 安装 XanMod 内核, 安装完成重启后, 重新运行脚本后 选择2 然后根据提示选择 BBR2 加速. 63 | 64 | 65 | ### Wireguard 66 | ### 解锁 Netflix 等流媒体网站的区域限制 和 避免弹出 Google reCAPTCHA 人机验证 67 | 68 | 1. 使用Cloudflare WARP sock5 方式解锁. 运行脚本后 选择11 安装 Cloudflare WARP 官方 linux client sock5 代理, 安装完成后系统已经启动 WARP的sock5 代理. 重新运行脚本 选择21 测试一下 WARP sock5 是否已经解锁Netflix. 69 | 2. 使用Cloudflare WARP IPv6 方式解锁. 运行脚本后 选择12 安装 Wireguard 和 Cloudflare WARP. 安装成功后系统会启用IPv6, 但默认还是优先使用IPv4 访问网络. 重新运行脚本 选择21 测试一下 IPv6 是否已经解锁Netflix. 70 | 3. 解锁 Netflix 等流媒体网站. 通过本项目内的[另一脚本](/README_CN.md) 安装V2ray, 安装过成功中根据提示设置域名分流规则, 让流媒体网站使用IPv6 或 WARP sock5解锁即可. 71 | 4. 解锁 Google reCAPTCHA 人机验证. 通过本项目内的[另一脚本](/README_CN.md) 安装V2ray, 安装过成功中根据提示设置域名分流规则, 让Google网站使用IPv6 或 WARP sock5解锁即可. 推荐使用 IPv6 来避免 Google reCAPTCHA 人机验证. 72 | 73 | 74 | 75 | 76 | ## Netflix-Check 77 | ### Netflix 非自制剧解锁 检测脚本 支持IPv6 和 Cloudflare WARP Sock5 代理检测 78 | 79 | #### 通过 wget 命令安装 via wget to install script 80 | 81 | ```bash 82 | wget --no-check-certificate https://raw.githubusercontent.com/jinwyp/one_click_script/master/netflix_check.sh && chmod +x ./netflix_check.sh && ./netflix_check.sh 83 | ``` 84 | 85 | 86 | #### 通过 curl 命令安装 via curl to install script 87 | 88 | ```bash 89 | curl -O https://raw.githubusercontent.com/jinwyp/one_click_script/master/netflix_check.sh && chmod +x ./netflix_check.sh && ./netflix_check.sh 90 | ``` 91 | 92 | 93 | 94 | ## 注意事项与常见问题 FAQ 95 | 96 | 1. Netflix 检测解锁脚本无法测试 使用V2ray路由规则的解锁. 就是说使用本脚本安装过v2ray已经解锁了Netflix, 但用检测解锁脚本检测的结果还是会显示没有解锁, 就是无法测出已解锁Netflix. 可以把检测脚本运行在 V2ray客户端机器上, 则能检测成功解锁. Netflix 检测解锁脚本只能运行在Mac或linux 平台. Windows平台可以使用linux ubuntu 子系统来运行 Netflix 检测解锁脚本. 97 | 98 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2020 JinWYP WangYupeng 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Easy install latest or LTS linux kernel and enable BBR or BBR plus 2 | 3 | ### [中文文档](/KERNEL_CN.md) 4 | ### [xray v2ray trojan shadowsocks install script](/README2.md) 5 | ### [xray v2ray trojan shadowsocks 一键安装脚本 中文](/README2_CN.md) 6 | ### [install script for docker, Nodejs, Joplin, Jitsi Meet, Focalboard, FreeGPT and more ](TOOL.md) 7 | ### [Docker Nodejs Joplin笔记 视频会议 Alist网盘 免费GPT 一键安装脚本 中文 ](TOOL_CN.md) 8 | 9 | ## Sponsors 10 | Thanks for support this project. Check on [patreon](https://www.patreon.com/linuxkernel) 11 | 12 | 13 | ## Table of Contents 14 | 15 | * [Easy install v2ray (xray) and trojan (trojan-go) script (ultimate script for all condition)](/README2.md) 16 | * [Install linux latest and LTS kernel. Install BBR Plus kernel](#kernel) 17 | * [Enable BBR or BBR plus or BBR2 congestion control algorithm with FQ or CAKE](#kernel) 18 | * [Install wireguard and Cloudflare WARP. Unlock Netflix ip geo-restriction. Avoid Google reCAPTCHA human verification](#Wireguard) 19 | 20 | 21 | ## Features 22 | 1. Easily switch Linux kernel for all versions, including latest kernel, 5.16, 5.10 LTS, 5.4 LTS, 4.19 LTS, 4.14 LTS 23 | 2. Easily enable BBR or BBR plus congestion control algorithm with FQ / FQ-Codel / FQ-PIE / CAKE. 24 | 3. Support Debian9+, Ubuntu 16+ and CentOS 7+ operation systems 25 | 4. Install wireguard and Cloudflare WARP client to avoid Google reCAPTCHA and unlock Netflix ip geo-restriction 26 | 27 | 28 | 29 | 30 | ## Installation 31 | 32 | #### via bash 33 | ```bash 34 | bash <(curl -Lso- https://git.io/kernel.sh) 35 | ``` 36 | #### via curl to install script 37 | 38 | ```bash 39 | curl -O https://raw.githubusercontent.com/jinwyp/one_click_script/master/install_kernel.sh && chmod +x ./install_kernel.sh && ./install_kernel.sh 40 | ``` 41 | 42 | 43 | #### via wget to install script 44 | 45 | ```bash 46 | wget --no-check-certificate https://raw.githubusercontent.com/jinwyp/one_click_script/master/install_kernel.sh && chmod +x ./install_kernel.sh && ./install_kernel.sh 47 | ``` 48 | 49 | 50 | 51 | ![功能列表3](https://github.com/jinwyp/one_click_script/blob/master/docs/readme3_en.png?raw=true) 52 | 53 | 54 | 55 | 56 | ## Usage 57 | 58 | ### kernel 59 | ### Install latest or LTS linux kernel and enable BBR or BBR Plus 60 | 61 | 1. On CentOS / AlmaLinux / Rocky Linux, run script then choose 31 to install latest 5.16 kernel or choose 35 to install LTS 5.10 kernel (recommended). It will reboot twice duiring the whole installation. 62 | 2. On Debian run script then choose 41 to install LTS 5.10 kernel, on Ubuntu please choose 45 to install LTS 5.10 kernel. It will reboot twice duiring the whole installation. 63 | 3. After finished new kernel installation, rerun the script and choose 2 to enable BBR congestion control algorithm with Cake(recommended) or FQ. 64 | 4. To enable BBR Plus. run script then choose 61 to install BBR Plus 4.14.129 kernel , or choose 66 to install BBR Plus 5.10 LTS kernel. It will reboot twice duiring the whole installation. After finished new kernel installation, rerun the script then choose 3 to enable BBR Plus. 65 | 5. Duiring the the whole installation when show the big warning screen(see below pics), please choose "NO" to continue installation. Do not abort kernel removal. 66 | 67 | ![注意 安装BBR plus](https://github.com/jinwyp/one_click_script/blob/master/docs/debian.jpg?raw=true) 68 | ![注意 安装BBR plus](https://github.com/jinwyp/one_click_script/blob/master/docs/kernel.png?raw=true) 69 | ![注意 安装BBR plus](https://github.com/jinwyp/one_click_script/blob/master/docs/ubuntu.png?raw=true) 70 | 71 | 6. To install XanMod kernel and enable BBR2 on Debian or Ubuntu. Run script then choose 51 to install XanMod LTS 5.10 kernel, after reboot and finish kernel installation, rerun the script then choose 2 to enable BBR2 congestion control algorithm. 72 | 73 | 74 | ### Wireguard 75 | ### Unlock Netflix(Youtube/Hulu/HBO Now/Disney+) region restriction and avoid Google reCAPTCHA human verification 76 | 77 | 1. Unlock with Cloudflare WARP sock5 proxy. Run script then choose 11 to install Cloudflare WARP linux client sock5 proxy, After finish installation, rerun script then choose 21 to test whether Netflix is unlock or not through the WARP sock5 proxy. 78 | 2. Unlock with Cloudflare WARP IPv6. Run script then choose 12 to install Wireguard and Cloudflare WARP. After finish installation, The VPS will enable IPv6. As default the VPS is to use IPv4 to access the network. Rerun script then choose 21 to test whether Netflix is unlock or not through the IPv6. 79 | 3. To unlock Netflix and other stream website. Using the [script](/README.md) in the same repo to install v2ray. During the v2ray installation follow the instruction and select different v2ray routing rules (IPv6 or WARP sock5 or DNS or other unlocked v2ray server) to unlock netflix. 80 | 4. To avoid Google reCAPTCHA human verification. Using the [script](/README.md) in the same repo to install v2ray. During the v2ray installation follow the instruction and select different v2ray routing rules (IPv6 or WARP sock5 or other unlocked v2ray server) to avoid Google reCAPTCHA. Recommended to use IPv6 to avoid Google reCAPTCHA. 81 | 82 | 83 | 84 | 85 | ## Netflix-Check 86 | ### Netflix non-self produced drama test script for regions. Support test with IPv6 and Cloudflare WARP Sock5 proxy 87 | 88 | #### via wget to install script 89 | 90 | ```bash 91 | wget --no-check-certificate https://raw.githubusercontent.com/jinwyp/one_click_script/master/netflix_check.sh && chmod +x ./netflix_check.sh && ./netflix_check.sh 92 | ``` 93 | 94 | 95 | #### via curl to install script 96 | 97 | ```bash 98 | curl -O https://raw.githubusercontent.com/jinwyp/one_click_script/master/netflix_check.sh && chmod +x ./netflix_check.sh && ./netflix_check.sh 99 | ``` 100 | 101 | 102 | 103 | ## FAQ 104 | 105 | 1. Netflix non-self produced drama test script can't test through v2ray routing rule. The VPS is already unlocked but the result of the test could not show the right unlocked answer. You can use the test script on the V2ray client computer which connected the unlocked netflix V2ray server to get the right unlocked result. The Netflix non-self produced drama test shell script can be running on Mac and linux. On Windows you can use Ubuntu (windows linux sub-system) to run the test script. 106 | 107 | 108 | 109 | -------------------------------------------------------------------------------- /README2.md: -------------------------------------------------------------------------------- 1 | # Easy install v2ray (xray) and trojan (trojan-go) script (ultimate script for all condition) 2 | 3 | ### [中文文档](/README2_CN.md) 4 | 5 | [![Hits](https://hits.seeyoufarm.com/api/count/incr/badge.svg?url=https%3A%2F%2Fgithub.com%2Fjinwyp%2Fone_click_script&count_bg=%2379C83D&title_bg=%23555555&icon=&icon_color=%23E7E7E7&title=hits&edge_flat=false)](https://hits.seeyoufarm.com) 6 | 7 | ## Sponsors 8 | Thanks for support this project. Check on [patreon](https://www.patreon.com/linuxkernel) 9 | 10 | ## Table of Contents 11 | 12 | * [Install Trojan/Trojan-go and V2ray/Xray shell script](#installation) 13 | * [Easy get SSL certificate for domains](#acme) 14 | * [Linux Kernel switcher, including all LTS kernel and latest kernel, enable BBR or BBR Plus to speed up network](/KERNEL.md) 15 | * [Install wireguard and Cloudflare WARP, unlock Netflix restriction and avoid Google reCAPTCHA](/KERNEL.md) 16 | * [Netflix available region testing shell script, support for testing through IPv6 and WARP Sock5 proxy](#netflix-check) 17 | * [PVE Proxmox VE and Synology DiskStation Manager NAS Toolkit](/dsm/readme.md) 18 | * [Install FRP shell script (expose local server behind a NAT or firewall to the Internet tool)](/dsm/readme.md) 19 | * [How to enable DOH for DNS](/DNS.md) 20 | * [Install DNS server AdGuard Home and Mosdns to divert domestic and foreign dns traffic](/DNS.md) 21 | 22 | 23 | 24 | ## Features 25 | 26 | 1. Install and upgrade trojan/trojan-go/v2ray/xray and fully remove. 27 | 2. Support to running trojan-go and v2ray at the same server. 28 | 3. Support various mode, using trojan or v2ray or nginx to serve 443 port 29 | 4. Support multi https domains with Nginx SNI on one VPS server. 30 | 5. Support install trojan or v2ray only in order to work with exist website on one VPS. 31 | 6. Customize trojan or v2ray working port, password and Websocket path. 32 | 7. Support v2ray or xray vless protocol. Support Xray XTLS. 33 | 8. Script create 10 password as default, can set prefix for these passwords. 34 | 9. Install trojan and v2ray UI panel to easily manage users. 35 | 10. Easily set v2ray route rules with wireguard IPv6 and Cloudflare WARP to unlock Netflix restriction and Google reCAPTCHA. 36 | 11. Using bootstarp official template for default website content serve by nginx 37 | 12. All working port are random generated to ensure high security. 38 | 39 | 40 | 41 | ## Installation 42 | 43 | #### via bash 44 | ```bash 45 | bash <(curl -Lso- https://git.io/oneclick) 46 | ``` 47 | 48 | 49 | #### via curl to install script 50 | 51 | ```bash 52 | curl -O https://raw.githubusercontent.com/jinwyp/one_click_script/master/trojan_v2ray_install.sh && chmod +x ./trojan_v2ray_install.sh && ./trojan_v2ray_install.sh 53 | ``` 54 | 55 | #### via wget to install script 56 | 57 | ```bash 58 | wget --no-check-certificate https://raw.githubusercontent.com/jinwyp/one_click_script/master/trojan_v2ray_install.sh && chmod +x ./trojan_v2ray_install.sh && ./trojan_v2ray_install.sh 59 | ``` 60 | 61 | 62 | 63 | ![功能列表](https://github.com/jinwyp/one_click_script/blob/master/docs/readme_en.png?raw=true) 64 | 65 | ![功能列表2](https://github.com/jinwyp/one_click_script/blob/master/docs/readme2_en.png?raw=true) 66 | 67 | ![功能列表3](https://github.com/jinwyp/one_click_script/blob/master/docs/readme3_en.png?raw=true) 68 | 69 | 70 | 71 | 72 | ## Netflix-Check 73 | ### Netflix non-self-produced drama and region testing shell script 74 | 75 | #### via wget to install script 76 | 77 | ```bash 78 | wget --no-check-certificate https://raw.githubusercontent.com/jinwyp/one_click_script/master/netflix_check.sh && chmod +x ./netflix_check.sh && ./netflix_check.sh 79 | ``` 80 | 81 | 82 | ## acme 83 | ### Get SSL certificate for domain 84 | 85 | 1. Run script then choose 26 to request SSL certificate for any domains. It's better to disable CDN of your domain duiring the SSL certificate application process. Make sure the domain is resolved to the real VPS ip. 86 | 2. Duiring the SSL certificate application process, if you can't disable CDN or the VPS only have IPv6, you can skip the IP check process to continue your following SSL certificate request. 87 | 3. The script is using acme.sh to get SSL certificate. There are 4 providers: Let's Encrypt, BuyPass.com, ZeroSSL.com, Google. When you request too many times in one day and reach the limit of Let's Encrypt, you can switch other providers such as BuyPass.com. 88 | 4. Normally SSL certificate need renew in three month,The script will autorenew the certificate with Cronjob by acme.sh . 89 | 90 | ![功能列表4](https://github.com/jinwyp/one_click_script/blob/master/docs/readme4.png?raw=true) 91 | 92 | 93 | ##### [The Rate Limits rule of Let's Encrypt](https://letsencrypt.org/docs/rate-limits/) 94 | 95 | 1. The main limit is Certificates per Registered Domain (50 per week) 96 | 2. You can create a maximum of 300 New Orders per account per 3 hours 97 | 3. You can create a maximum of 10 Accounts per IP Address per 3 hours. You can create a maximum of 500 Accounts per IP Range within an IPv6 /48 per 3 hours 98 | 4. You can combine multiple hostnames into a single certificate, up to a limit of 100 Names per Certificate 99 | 5. You can have a maximum of 300 Pending Authorizations on your account 100 | 101 | 102 | 103 | ## How to use 104 | 105 | 106 | ### Preparatory work for setting up a new VPS 107 | 108 | 1. There are several work to do to secure your VPS when you set up a new VPS. It's optional but recommended. 109 | 2. Configuring an SSH login without password. Run script then choose 26. Input your public key and save the authorized_keys file 110 | 3. Change the SSH Default Port. Run script then choose 33. Customize your SSH login port. The default SSH port is 22, Modify the port number you want. 111 | 5. Enable root accout login. Some VPS can't login with root as default. Run script then choose 32 to enable root accout login. 112 | 6. Run script then choose 31 to install sofrware including Oh-my-zsh, zsh-autosuggestions, Micro editors. After finish installation, exit VPS and relogin SSH to use ZSH. 113 | 114 | ### Install latest or LTS Linux kernel and enable BBR or BBR plus 115 | 1. To install latest or LTS Linux kernel. Run script then choose 1. And enter the sub menu to install Linux kernel and enable BBR+Cake. Check out more details for [LTS Linux kernel switcher script](/KERNEL.md) 116 | 117 | 118 | 119 | ### Install command line trojan or trojan-go 120 | 121 | 1. Firstly, prefer run this script with root user. Because linux kernel installation need root privileges. And to get SSL with acme.sh also need root privileges. [acme.sh instruction](https://github.com/acmesh-official/acme.sh/wiki/sudo). 122 | 123 | 2. How to install trojan. Run script ```./trojan_v2ray_install.sh ```. Choose 2 to install trojan or trojan-go with websocket support CDN. 124 | 125 | 126 | 127 | ### Install command line xray or v2ray 128 | 129 | 1. Firstly, prefer run this script with root user. Because linux kernel installation need root privileges. And to get SSL with acme.sh also need root privileges. [acme.sh instruction](https://github.com/acmesh-official/acme.sh/wiki/sudo). 130 | 131 | 2. How to install V2ray or Xray. Run script ```./trojan_v2ray_install.sh ```. Choose 11 to install V2ray or Xray with Nginx. Nginx listen 443 port and serve TLS service. During the installation, you can choose websocket or gRPC to support CDN. Choose TCP or HTTP2 or QUIC protocal will not supprot CDN. 132 | 133 | 3. How to install V2ray or Xray using Vless. Run script ```./trojan_v2ray_install.sh ```. Choose 13-16 to install V2ray or Xray. Vless listen 443 port and serve TLS service. Nginx is optional during the installation for fake website service. Also you can choose XTLS instead of TLS to improve network speed. 134 | 135 | 4. Run script ```./trojan_v2ray_install.sh ```. Choose 21 to install both V2ray and trojan on same VPS. Vless listen 443 port and serve TLS service. 136 | 137 | 5. Run script ```./trojan_v2ray_install.sh ```. Choose 22 to install both V2ray and trojan/trojan-go on same VPS. trojan/trojan-go listen 443 port and serve TLS service. 138 | 139 | 6. Run script ```./trojan_v2ray_install.sh ```. Choose 23 to install both V2ray and trojan/trojan-go on same VPS. Nginx SNI listen 443 port. You need at least 2 domain for trojan and v2ray. Nginx SNI distinguishes v2ray or trojan traffic by different domain name. 140 | 141 | ### Install command line xray vision or Reality 142 | 143 | 1. How to install Xray using XTLS Vision. Run script ```./trojan_v2ray_install.sh ```. Choose 17 to install Xray XTLS Vision protocol. Use Vless protocol to provide tls service on port 443. Fallback to nginx on port 80 to provide web camouflage. During installation, please select Xray version 1.7.5 or above, as older versions prior to 1.6 do not support XTLS Vision protocol. This protocol does not support CDN relay. To use XTLS Vision on the client side, please use latest V2rayN and choose Xray version 1.7.5 or higher. 144 | 145 | 2. How to install Xray using Reality protocol. Run script ```./trojan_v2ray_install.sh ```. Choose 18 to install Xray Reality protocol. Domain name is not required for this installation, making the process more convenient. Vless Reality protocol provides forwarding service on port 443, and fallbacks to a specific foreign enterprise website that was filled by you during installation. During the installation, please choose Xray version 1.8.0 or above, as older versions of Xray prior to 1.7 do not support Reality protocol. This protocol does not support CDN relay. To use Xray Reality on the client side, it is necessary to use latest V2rayN 6.xx and choose Xray version 1.8.0 or above. 146 | 147 | 148 | 149 | 150 | ### Advanced Tutorials - Work with existing website or web server 151 | 152 | 1. If you already have a website or other web server, you can choose 12 to install V2ray or Xray only running at non 80 and 443 port with no TLS. You need modify nginx config manually to serve TLS and redirect v2ray traffic by url or path for V2ray websocket. 153 | 154 | 2. If you already have a website or other web server, you can choose 13-17 to install V2ray or Xray. Duiring the installation, you can choose not to install nginx. Vless serve 443 port with TLS. You need modify nginx config manually to serve the website at 80 port. V2ray or Xray will fallback non V2ray traffic to 80 port. 155 | 156 | 3. If you already have a website or other web server, you can choose 4 to install trojan or trojan-go only running at non 443 port with TLS. You need modify nginx config manually to serve the website at 80 port. trojan or trojan-go will fallback non trojan traffic to 80 port. Pay attention that if you choose to install trojan-go, nginx must already serve at 80 port which is trojan-go fallback port. Otherwise trojan-go will stop and not running if 80 port is not served by web HTTP server. [trojan-go document](https://p4gefau1t.github.io/trojan-go/basic/config/) 157 | 158 | 159 | 160 | 161 | ### Install Web UI admin panel for trojan and v2ray 162 | 163 | 1. On a new VPS without v2ray or trojan installed. Run script ```./trojan_v2ray_install.sh ```. Choose 30 to enter sub menu. Then choose 1 to install trojan UI admin panel. 164 | 165 | 2. On a new VPS without v2ray or trojan installed. Run script ```./trojan_v2ray_install.sh ```. Choose 30 to enter sub menu. Then choose 6 or 9 to install V2ray or Xray UI admin panel. After sinish the installation. Run script and choose 26 to request SSL certificate. Then input the certificate file path on the UI admin panel config. 166 | 167 | 168 | 169 | ### Unlock Region restriction for Netflix or Disney+ or other video streaming site 170 | ### Avoid showing Google CAPTCHA Human verification 171 | 172 | 1. Run script ```./trojan_v2ray_install.sh ```. Choose 1 to enter sub menu to install linux kernel. Prefer to install linux kernel 5.10 LTS. [More Details](/KERNEL.md) 173 | 2. Run script ```./trojan_v2ray_install.sh ```. Choose 1 to enter sub menu. Then choose 2 to enable BBR and Cake. This will import VPS network speed. 174 | 3. After reboot, rerun script ```./trojan_v2ray_install.sh ```. Choose 1 to enter sub menu. Then choose 11 or 12 to Wireguard or cloudflare WARP linux client sock5 proxy. 175 | 4. After finish Wireguard installation, rerun script ```./trojan_v2ray_install.sh ```. Choose 11-17 to v2ray or xray。 During the installation, you can follow the instruction to unlock netflix region restriction and avoid showing Google CAPTCHA Human verification. 176 | 177 | 178 | 179 | 180 | ## FAQ 181 | 182 | 1. You can use [freenom](https://www.freenom.com/zh/index.html?lang=zh) for free domain name. 183 | 184 | 2. Please disable your CDN acceleration duiring the installation. Such as cloudflare.com. After finish v2ray or trojan-go installation. you can enable CDN acceleration. trojan not support CDN acceleration. 185 | 186 | ![注意 cloudflare CDN](https://github.com/jinwyp/one_click_script/blob/master/docs/cloudflare1.jpg?raw=true) 187 | 188 | 3. Using v2ray or xray gRPC protocal for CDN acceleration, you need do some settings at cloudflare.com. Click the "Network" on the leftside menu. Then enable gRPC on the right page. "Network => gRPC" 189 | 190 | ![注意 cloudflare CDN gRPC](https://github.com/jinwyp/one_click_script/blob/master/docs/grpc.png?raw=true) 191 | 192 | 4. The Cloudflare CDN worker script, Please replace the domain name with your own domain name. 193 | ``` 194 | addEventListener( 195 | "fetch", event => { 196 | let url = new URL(event.request.url); 197 | url.hostname = "yourdomain.xxx.xx"; 198 | url.protocol = "https"; 199 | let request = new Request(url, event.request); 200 | event.respondWith( 201 | fetch(request) 202 | ) 203 | } 204 | ) 205 | ``` 206 | 207 | ## Special Thanks 208 | 209 | 1. https://github.com/sprov065/v2-ui 210 | 2. https://github.com/Jrohy/trojan 211 | 3. https://github.com/v2fly/v2ray-core 212 | 4. https://github.com/XTLS/Xray-core 213 | 5. https://github.com/trojan-gfw/trojan 214 | 6. https://github.com/p4gefau1t/trojan-go 215 | 7. https://github.com/ylx2016/Linux-NetSpeed 216 | 217 | 218 | 219 | 220 | ## Stargazers over time 221 | [![Stargazers over time](https://starchart.cc/jinwyp/one_click_script.svg)](https://starchart.cc/jinwyp/one_click_script) 222 | 223 | 224 | 225 | [better-cloudflare-ip]: https://github.com/badafans/better-cloudflare-ip/releases 226 | [CFIP]: https://github.com/BlueSkyXN/CFIP/releases 227 | [CloudflareScanner]: https://github.com/Spedoske/CloudflareScanner/releases/tag/1.1.2 228 | [CloudflareSpeedTest]: https://github.com/XIU2/CloudflareSpeedTest/releases/tag/v1.4.9 229 | -------------------------------------------------------------------------------- /README2_CN.md: -------------------------------------------------------------------------------- 1 | # Easy install v2ray (xray) and trojan (trojan-go) script (ultimate script for all protocol) 2 | 3 | 4 | ## 目录 Table of Contents 5 | 6 | * [Trojan 或 Trojan-go 和 V2ray 或 xray 一键安装脚本](#installation-安装方法) 7 | * [单独给网站申请SSL证书](#acme) 8 | * [Linux LTS 内核更换脚本, BBR 和 BBR Plus 内核更换 一键安装脚本](/KERNEL_CN.md) 9 | * [安装 wireguard 和 Cloudflare WARP, 解锁 Netflix 区域限制 和 避免弹出Google人机验证](/KERNEL_CN.md) 10 | * [Netflix 非自制剧检测脚本 支持IPv6和 WARP Sock5 代理检测](#netflix-check) 11 | * [PVE Proxmox VE虚拟机 群晖NAS 安装工具脚本](/dsm/readme.md) 12 | * [FRP 内网穿透工具 一键安装脚本](/dsm/readme.md) 13 | * [锐角云 自动安装PVE 工具脚本](/acuteangle/readme.md) 14 | * [如何使用GO语言开发的软件](/HOWTOUSEGO.md) 15 | * [如何开启DOH 解决DNS污染](/DNS.md) 16 | * [安装 AdGuard Home DNS 服务器 并使用 Mosdns 分流国内与国外域名DNS解析请求](/DNS.md) 17 | 18 | 19 | ## 功能说明 Features 20 | 21 | 1. 支持 trojan,trojan-go 和 v2ray, xray 的安装 升级 卸载. 卸载后不留任何痕迹, 方便重复安装. 22 | 2. 支持 trojan 或 trojan-go 与 v2ray 共存, nginx全面支持TLS1.3 保证安全性, 23 | 3. 支持 trojan 或 v2ray 或 nginx 前置服务于443 端口, 包括目前所有的组合模式. 24 | 4. 支持 Nginx SNI 分流, 多个Https网站和trojan或v2ray 共存使用. 25 | 5. 可以仅安装 trojan 或 v2ray, 不安装nginx. 方便与宝塔面板或现有网站共存. 26 | 6. 支持 v2ray 和 xray 自定义端口, 自定义密码和WS的Path, 支持监听额外端口 方便中转机中转. 27 | 7. 支持 v2ray 和 xray 新的vless协议, 支持Xray的XTLS加密, 支持vless作为前端 监听443端口. 28 | 8. 默认会创建10个以上用户账号, 还能创建指定前缀的密码, 方便用户使用. 29 | 9. trojan 和 v2ray 可视化管理面板安装. 30 | 10. 一键安装 wireguard 和 Cloudflare WARP, 解决避免弹出Google人机验证和 Netflix Youtube 等流媒体网站限制问题, 同时支持v2ray相应的路由分流配置. 31 | 11. 本脚本没有偷跑服务器流量的网页或其他屏蔽bt流量的等限制. 默认网站的网页仅为bootstarp最简单的模板 32 | 12. 本脚本所使用端口除443和80外都是随机生成, 保证安全性, 而其他脚本写死固定端口容易被检测 33 | 34 | 35 | 36 | ## Installation 安装方法 37 | 38 | #### Usage 脚本使用方法 39 | ```bash 40 | bash <(curl -Lso- https://git.io/oneclick) 41 | ``` 42 | 43 | 44 | #### 通过 curl 命令安装 via curl to install script 45 | 46 | ```bash 47 | curl -O https://raw.githubusercontent.com/jinwyp/one_click_script/master/trojan_v2ray_install.sh && chmod +x ./trojan_v2ray_install.sh && ./trojan_v2ray_install.sh 48 | ``` 49 | 50 | #### 通过 wget 命令安装 via wget to install script 51 | 52 | ```bash 53 | wget --no-check-certificate https://raw.githubusercontent.com/jinwyp/one_click_script/master/trojan_v2ray_install.sh && chmod +x ./trojan_v2ray_install.sh && ./trojan_v2ray_install.sh 54 | ``` 55 | 56 | 57 | 58 | ![功能列表](https://github.com/jinwyp/one_click_script/blob/master/docs/readme.png?raw=true) 59 | 60 | ![功能列表2](https://github.com/jinwyp/one_click_script/blob/master/docs/readme2.png?raw=true) 61 | 62 | ![功能列表3](https://github.com/jinwyp/one_click_script/blob/master/docs/netflix1.png?raw=true) 63 | 64 | ![功能列表4](https://github.com/jinwyp/one_click_script/blob/master/docs/readme3.png?raw=true) 65 | 66 | 67 | 68 | ## Netflix-Check 69 | ### Netflix 非自制剧解锁 检测脚本 支持IPv6 和 Cloudflare WARP Sock5 代理检测 70 | 71 | #### 通过 wget 命令安装 via wget to install script 72 | 73 | ```bash 74 | wget --no-check-certificate https://raw.githubusercontent.com/jinwyp/one_click_script/master/netflix_check.sh && chmod +x ./netflix_check.sh && ./netflix_check.sh 75 | ``` 76 | 77 | 78 | ## acme 79 | ### 单独给网站申请SSL证书 80 | 81 | 1. 本脚本可以用来单独给网站申请免费的SSL证书, 选择26 即可. 申请SSL证书过程中请关闭域名的CDN功能, 保证域名已经成功解析到VPS真实IP. 82 | 2. 申请SSL证书过程中如果不方便关闭CDN, 或者纯IPv6主机 可以选择不检测IP解析是否正确, 从而跳过检测IP继续申请证书. 83 | 3. 本脚本使用的 acme.sh 来申请的免费证书. 可以选择 Let's Encrypt, BuyPass.com, ZeroSSL.com, Google 提供商. Let's Encrypt 申请证书有一些限制, 如果频繁申请证书出现无法申请的情况请选择其他证书提供商如 BuyPass.com 84 | 4. 三个月之后需要续期,本脚本通过cron任务自动完成续期,无需用户操作. 85 | 86 | 87 | ![功能列表4](https://github.com/jinwyp/one_click_script/blob/master/docs/readme4.png?raw=true) 88 | 89 | ##### Let's Encrypt 申请证书有一些限制, 具体限制如下: 90 | 91 | 1. 同一个主域名一周之内只能申请50个证书 92 | 2. 每个账号下每个域名每小时申请验证失败的次数为5次 93 | 3. 每周只能创建5个重复的证书,即使是通过不同的账号进行创建 94 | 4. 每个账号同一个IP地址每3小时最多可以创建10个证书 95 | 5. 每个多域名(SAN) SSL证书(不是通配符域名证书)最多只能包含100个子域 96 | 6. 更新证书没有次数的限制,但是更新证书会受到上述重复证书的限制 97 | 7. 如果提示证书申请失败,可以尝试更换域名再试(添加或换不同的二级域名,也算是新域名) 98 | 8. 同一IP地址,在短时间内过于频繁的申请证书,也会被限制,此时更换域名也无法申请成功,只能等待一段时间,或者在安装过程中选择使用 BuyPass.com 来申请. 99 | 100 | 101 | 102 | 103 | ## 使用说明 How to use 104 | 105 | 106 | ### 准备工作 107 | 108 | 1. 一台新的VPS开通后,建议做以下事情(非必须) 109 | 2. 运行脚本后 选择45 填入你自己的公钥, 这样就可以不需要每次输入SSH密码登录VPS, 提高安全性. 还可以继续手动修改配置文件 /etc/ssh/sshd_config 关闭SSH使用密码登录,使其只能使用密钥登录VPS 110 | 3. 运行脚本后 选择43 修改SSH端口号, 一般默认SSH端口号是22, 强烈建议改成其他的端口号, 提高安全性. 默认22端口极易被扫描和攻击. 111 | 4. 运行脚本后 选择44 修改时区为北京时间, 因为V2ray的Vmess的协议需要对服务器和客户端时间一致, 建议把VPS服务器改成北京时间. 112 | 5. 有一些VPS例如Google Cloud 默认没有开启root账号登录, 运行脚本后 选择42 可以开启root账号登录. 建议使用root用户运行该脚本. 113 | 6. 运行脚本后 选择41 安装 Oh-my-zsh 和Micro 编辑器 等软件, 这些软件会简化你的后续操作, 并带有提示. 安装完成后请退出VPS, 命令为```exit```. 重新登录VPS后继续后续操作. 114 | 115 | ### 安装新版Linux 内核 和 BBR 内核 116 | 1. 运行脚本后 选择1 安装 Linux 内核和开启BBR+Cake, 具体请参考[Linux 内核一键安装脚本](/KERNEL_CN.md) 117 | 118 | 119 | 120 | ### 安装 trojan or trojan-go 121 | 122 | 1. 安装 trojan-go 重新运行脚本 命令为 ```./trojan_v2ray_install.sh ``` 选2 安装trojan-go 如果开启 Websocket 来支持CDN, 需要注意 很多原版trojan客户端不支持websocket, 使用原版trojan客户端只能连接 trojan-go的原版tcp协议, 无法支持websocket 使用CDN. 需要使用支持 trojan-go的客户端才可以支持websocket 支持CDN. 123 | 124 | 125 | ### 安装 v2ray 或 xray 126 | 127 | 1. 重新运行脚本 选择11 安装 v2ray或xray 和 nginx. Nginx前置提供443端口的tls服务, 推荐使用本模式 安全性最高. 然后安装v2ray协议时可以选择websocket或gRPC 等协议 通过设置 path来区分v2ray流量, 并且支持CDN. 如果选择TCP或HTTP2或QUIC 协议则无法使用CDN中转流量. Cloudflare 虽然支持HTTP2或QUIC协议, 但却无法使用其CDN中转, [具体信息可以看](https://github.com/v2ray/v2ray-core/issues/1769). QUIC(HTTP3)协议由于使用了UDP, 在某些运营商会被禁止或被限制端口或QoS降速, 所以使用QUIC可能无法达到提速的预期目的. 选择KCP协议降低延迟,如果打游戏可以尝试该协议. 128 | 129 | 130 | 2. 重新运行脚本 选择13-16 安装 v2ray或xray 使用Vless协议提供443端口的tls服务, 同时 fallback 到80端口的nginx提供web伪装网站服务. 安装过程中如果选XTLS代替TLS加密 将会明显提高速度. 安装完毕后会提供多种协议可以同时使用. 使用WS-TLS 或 gRPC+TLS协议可以使用CDN中转加速. 使用TCP-XTLS则为直连速度最快协议(选择15或16安装). 安装V2ray或Xray, 都可以自定义端口, 密码和websocket 的path 路径, 默认为随机密码和随机路径. 同时还可以增加一个额外的监听端口与主端口同时使用, 方便用于不支持443端口的中转机中转给目标主机. 131 | 132 | 3. 同时安装 trojan-go 和 v2ray 选择21 使用Vless提供443端口的tls服务, 而trojan或trojan-go运行在非443的其他端口上. 133 | 134 | 4. 同时安装 trojan-go 和 v2ray 选择22 使用trojan-go 提供443端口的tls服务, trojan把非trojan流量转发到nginx, nginx在通过path路径转发流量到v2ray. 135 | 136 | 5. 同时安装 trojan-go 和 v2ray 选择23 通过nginx SNI 提供443端口服务, 最少需要提供2个域名分别给trojan, v2ray单独使用, 并且可以与现有网站共存(需要再提供第3个域名给网站使用), 通过不同域名区分不同的HTTPS加密流量. 137 | 138 | 139 | 6. 建议: 如果VPS线路速度可以保证,不需要CDN,建议17 安装xray + XTLS 速度最快, 或选2 安装 trojan-go. 如果需要CDN 可以选11 安装V2ray和Nginx. 不建议使用本脚本或其他脚本同时安装多个协议, 协议安装的越多安全性越低, 而且也不会提高速度, 适合自己的协议装一种最好. 140 | 141 | 7. 以上安装都可以选择是否申请证书, 如果已有证书可以不在安装过程中申请, 或多次安装本脚本也可以不需要再次申请。证书位置在 /root/website/cert/fullchain.cer 和 /root/website/cert/private.key, 可以手动放置. 142 | 143 | 8. 安装的Nginx的伪装网站路径为 /nginxweb/html, 可自行替换网页内容. Nginx 配置路径为 /etc/nginx/conf.d. 同时安装过程中可以选择不使用静态网页 而是直接反代某个网站 例如反代 baidu.com 144 | 145 | ### 安装 xray 的 vision 和 Reality 协议 146 | 147 | 1. 重新运行脚本 选择17 安装 xray 的 XTLS Vision协议. 使用Vless协议提供443端口的tls服务, 同时 fallback 到80端口的nginx提供web伪装网站服务. 安装过程中请选择 xray 1.7.5版本以上, 1.6以前的老版本不支持 XTLS Vision协议. 该协议不支持CDN中转. 客户端使用时也需要匹配最新版本的xray 1.7.5或以上版本内核 才能支持XTLS Vision. 148 | 149 | 2. 重新运行脚本 选择18 安装 xray 的 Reality 协议. 该项安装时可以不需要域名, 这样就方便了很多. Vless Reality 协议提供443端口的转发服务. 同时 fallback 到安装时填写的某国外大企业网站. 安装过程中请选择 xray 1.8.0版本以上, 1.7以前的老版本不支持 Reality协议. 该协议不支持CDN中转. 客户端使用时也需要匹配最新版本的xray 1.8.0或以上版本内核 才能支持Reality. 150 | 151 | ### 高级用法 Advanced Usage 与现有网站或宝塔面板共存 152 | 153 | 1. 如果机器上已经有nginx或已有其他Web网站服务, 或是与宝塔面板共同使用, 可以运行脚本后 选择12 只安装V2ray或Xray, 运行在非80和443端口(端口可自定义), 注意: 选择12 安装V2ray或Xray 此时没有加密, 需要在宝塔面板或nginx自行修改配置, 让nginx服务于443 https端口, 根据指定的url路径path 转发到V2ray 端口, 起到tls加密作用. 154 | 155 | 2. 运行脚本 选择13-17 安装V2ray或Xray, 过程中可以选择不安装nginx, 这样让V2ray或Xray的 Vless协议服务于443 https端口(端口可自定义), 可与现有的nginx或网站共存, nginx需要修改配置只监听80端口即可。Https的TLS加密由V2ray或Xray的 Vless协议提供. 156 | 157 | 3. 如果机器上已经有nginx或已有其他Web网站服务, 或是与宝塔面板共同使用, 可以运行脚本后 选择3 只安装trojan-go, 这样让trojan或trojan-go服务于443 https端口, 与现有的nginx或网站共存, nginx需要修改配置只监听80端口即可。Https的TLS加密由 trojan-go提供服务. 158 | 159 | 4. 注意 运行脚本后选择3 并选择安装trojan-go. 必须保证本机80端口有监听, 否则trojan-go无法启动. 这是trojan-go的一个fallback功能, 非trojan协议的流量会转发到remote_addr和remote_port指定这个HTTP服务器的地址. Trojan-Go将会测试这个HTTP服务器是否工作正常,如果不正常,Trojan-Go会拒绝启动. [参考trojan-go官方文档](https://p4gefau1t.github.io/trojan-go/basic/config/) 160 | 161 | 162 | 163 | 164 | 165 | ### 安装管理面板 Install Web UI Panel for Trojan and V2ray 166 | 167 | 1. 在没有安装任何 trojan 和 v2ray 的新机器上(如使用本脚本安装过可执行卸载操作), 选择30 进入子菜单安装 trojan 或 v2ray 可视化管理面板。(如果之前通过其他脚本安装过,再安装可视化管理面板则极易产生问题, 请先卸载其他脚本程序在安装) 168 | 169 | 2. 选择30后 然后再选择1 安装trojan-web可视化管理面板 和 nginx. 根据提示输入域名后, 继续根据提示再选择1.Let's Encrypt 证书, 申请证书成功后. 继续根据提示再选择1.安装docker版mysql(mariadb). ariadb启动成功后,继续根据提示输入第一个trojan用户的账号密码,回车后出现"欢迎使用trojan管理程序" 需要不输入数字直接按回车,这样继续安装nginx直到完成. nginx安装成功会显示可视化管理面板网址,请保存下来. 如果没有显示管理面板网址则表明安装失败. 170 | 171 | 3. 选择30后 然后再选择6或9 安装v2ray-ui可视化管理面板. 安装成功后可以再次运行本脚本, 选择26申请域名SSL证书. 然后再可视化管理面板新建添加vless账号或trojan账号, 填入证书文件路径 即可同时支持trojan和v2ray. 172 | 173 | 174 | ### Netflix Unlock 解锁Netflix 等其他流媒体网站的区域限制 和 避免弹出Google人机验证 175 | 176 | 1. 运行脚本后选择1 进入Linux 内核安装菜单, 根据提示安装 linux 内核 5.10或5.16, 具体请参考[Linux 内核一键安装脚本](/KERNEL_CN.md). 177 | 2. 更换内核重启后, 选择1 进入linux 内核安装菜单, 选择2 使用BBR加速 和 Cake算法 优化VPS参数后 重启 178 | 3. 重启后, 选择1, 再选择11或12 安装 Wireguard 和 Cloudflare WARP. 具体请参考[Linux 内核一键安装脚本](/KERNEL_CN.md) 179 | 4. 确认 Wireguard 和 Cloudflare WARP 启动成功后, 运行脚本后 安装v2ray或xray, 安装过程中根据提示 选择 Netflix 和 Google 人机验证 解锁即可, 也可以选择解锁更多的视频网站. 180 | 5. 本脚本集合了所有解锁 Netflix 网站的方法, 目前有 1 使用DNS解锁, 2 使用IPv6解锁, 3 使用WARP sock5 代理解锁, 4 使用转发到可解锁的V2ray或Xray服务器解锁. 181 | 6. 目前网上搭建解锁反代服务器是使用 sniproxy + dns的方式, 本脚本稍后推出 nginx stream + dns, nginx + xray, nginx + v2ray, nginx + sock5, 非常灵活的各种方式搭建解锁反代服务器, 以便达到一台VPS可以同时做网站+提供解锁+v2ray+trojan的目的 182 | 7. Netflix 检测解锁脚本无法测试 使用V2ray路由规则的解锁. 就是说使用本脚本安装过v2ray已经解锁了Netflix, 但用检测解锁脚本检测的结果还是会显示没有解锁, 就是无法测出已解锁Netflix. 可以把检测脚本运行在 V2ray客户端机器上, 则能检测成功解锁. Netflix 检测解锁脚本只能运行在Mac或linux 平台. Windows平台可以使用linux ubuntu 子系统来运行 Netflix 检测解锁脚本. 183 | 184 | 185 | 186 | 187 | ## 注意事项与常见问题 FAQ 188 | 189 | 1. 建议使用root用户运行该脚本. 因为安装bbr 内核 需要root权限, 默认认为使用root执行本脚本, 非root用户请手动添加sudo执行 ```sudo ./trojan_v2ray_install.sh ``` 脚本. 注意 证书申请也需要用root用户而不建议用sudo运行 [acme.sh文档说明](https://github.com/acmesh-official/acme.sh/wiki/sudo). 190 | 191 | 2. 自2022年 1月 1日起,V2ray 服务器端将默认禁用对于 MD5 认证信息 的兼容。任何使用 MD5 认证信息的客户端将无法连接到禁用 VMess MD5 认证信息的服务器端, [V2ray官方文档说明](https://www.v2fly.org/config/protocols/vmess.html#inboundconfigurationobject). 解决方法为客户端升级到最新版, 客户端配置文件AID=0(alterId 为 0). [其他解决方法1](https://www.blueskyxn.com/202201/5696.html). [其他解决方法2](https://dasmz.com/?p=1051). 192 | 193 | 194 | 3. 免费域名可以使用 [freenom](https://www.freenom.com/zh/index.html?lang=zh). 注册freenom时需要使用美国IP,否则无法通过注册邮件验证. 请自行搜索教程. 195 | 196 | 4. 使用脚本安装时请先关闭CDN, cloudflare.com 中DNS设置页面, 二级域名设置为DNS only 为关闭CDN(即关闭黄色云朵). 安装v2ray或trojan-go完毕后 可以开启CDN 设置为Proxied 即可. trojan目前不支持CDN, trojan-go 支持CDN,可以在安装过程中选择支持CDN. 197 | 198 | ![注意 cloudflare CDN](https://github.com/jinwyp/one_click_script/blob/master/docs/cloudflare1.jpg?raw=true) 199 | 200 | 5. 如果使用v2ray 或 xray的 gRPC 通过cloudflare 转发, 需要在cloudflare 域名 "设置"中 => "网络" 菜单里面 允许gRPC,cloudflare Network => gRPC 201 | 202 | ![注意 cloudflare CDN gRPC](https://github.com/jinwyp/one_click_script/blob/master/docs/grpc.png?raw=true) 203 | 204 | 6. 以下是Cloudflare CDN 的worker 加速脚本, 请把域名替换成自己的vps的域名. 然后在Cloudflare新建worker 添加即可. 可以通过下面3个工具任选其一, [CFIP][better-cloudflare-ip], [CloudflareScanner], [CloudflareSpeedTest], 在你自己的客户端机器上运行, 找出距离你最快的 cloudflare 的CDN IP, 在v2ray或trojan-go支持CDN的配置中填入该IP即可. 205 | ``` 206 | addEventListener( 207 | "fetch", event => { 208 | let url = new URL(event.request.url); 209 | url.hostname = "yourdomain.xxx.xx"; 210 | url.protocol = "https"; 211 | let request = new Request(url, event.request); 212 | event.respondWith( 213 | fetch(request) 214 | ) 215 | } 216 | ) 217 | ``` 218 | 219 | 220 | ## 特别感谢 Special Thanks 221 | 222 | 1. 脚本感谢 https://github.com/sprov065/v2-ui 223 | 2. 脚本感谢 https://github.com/Jrohy/trojan 224 | 3. 脚本感谢 https://github.com/v2fly/v2ray-core 225 | 4. 脚本感谢 https://github.com/XTLS/Xray-core 226 | 5. 脚本感谢 https://github.com/trojan-gfw/trojan 227 | 6. 脚本感谢 https://github.com/p4gefau1t/trojan-go 228 | 7. 脚本感谢 https://github.com/ylx2016/Linux-NetSpeed 229 | 230 | 231 | 232 | ## Stargazers over time 233 | [![Stargazers over time](https://starchart.cc/jinwyp/one_click_script.svg)](https://starchart.cc/jinwyp/one_click_script) 234 | 235 | 236 | 237 | [better-cloudflare-ip]: https://github.com/badafans/better-cloudflare-ip/releases 238 | [CFIP]: https://github.com/BlueSkyXN/CFIP/releases 239 | [CloudflareScanner]: https://github.com/Spedoske/CloudflareScanner/releases/tag/1.1.2 240 | [CloudflareSpeedTest]: https://github.com/XIU2/CloudflareSpeedTest/releases/tag/v1.4.9 241 | 242 | 243 | -------------------------------------------------------------------------------- /READMEOLD.md: -------------------------------------------------------------------------------- 1 | # Easy install v2ray (xray) and trojan (trojan-go) script (ultimate script for all condition) 2 | 3 | 4 | ## 目录 Table of Contents 5 | 6 | * [Trojan 和 V2ray xray 一键安装脚本](#installation-安装方法) 7 | * [安装 最新版和LTS Linux 内核, BBR 和 BBR Plus 内核](#installation-linux-kernel-wireguard) 8 | * [安装 wireguard 和 Cloudflare WARP, 解锁 Netflix 区域限制 和 避免弹出Google人机验证](#installation-linux-kernel-wireguard) 9 | * [Netflix 非自制剧检测脚本 支持IPv6和 WARP Sock5 代理检测](#netflix-check) 10 | * [PVE Proxmox VE虚拟机 群晖NAS 安装工具脚本](/dsm/readme.md) 11 | * [FRP 内网穿透工具 一键安装脚本](/dsm/readme.md) 12 | * [锐角云 自动安装PVE 工具脚本](/acuteangle/readme.md) 13 | 14 | 15 | ## 功能说明 Features 16 | 17 | 1. 支持 trojan,trojan-go 和 v2ray, xray 的安装 升级 卸载. 卸载后不留任何痕迹, 方便重复安装. 18 | 2. 支持 trojan 或 trojan-go 与 v2ray 共存, nginx全面支持TLS1.3 保证安全性, 支持SNI分流 19 | 3. 可以仅安装 trojan 或 v2ray, 可以不安装nginx. 方便与宝塔面板或现有网站共存. 20 | 4. 支持 v2ray 和 xray 自定义端口, 密码和WS的Path, 支持监听额外端口 方便中转机中转. 21 | 5. 支持 v2ray 和 xray 新的vless协议, 支持v2ray作为前端 监听443端口 同时转发trojan 和 websocket. 22 | 6. 支持 trojan-go websocket 模式, 可以选择是否支持CDN (websocket) 23 | 7. 默认会创建10个以上用户账号, 还能创建指定前缀的密码, 方便用户使用. 24 | 8. trojan 和 v2ray 可视化管理面板安装. 25 | 9. 一键安装wireguard, 解决避免弹出Google人机验证和 Netflix Youtube 等流媒体网站限制问题, 同时v2ray支持相应的配置 26 | 10. 一键安装wireguard, 解决避免弹出Google人机验证和 Netflix Youtube 等流媒体网站限制问题, 同时v2ray支持相应的配置 27 | 11. 支持 一键安装 v2board 面板的服务器端 V2Ray-Poseidon, Soga, XrayR, Air-Universe 28 | 12. 本脚本没有偷跑服务器流量的网页或其他屏蔽bt流量的等限制. 默认网页仅为bootstarp最简单的模板 29 | 13. 本脚本所使用端口除443和80外都是随机生成, 保证安全性, 而其他脚本写死固定端口容易被检测 30 | 14. 本脚本不推荐安装多种v2ray的多种协议共存, 协议越多安全性越低, 而且也不会提高速度, 强烈不建议使用其他脚本同时安装多个协议 31 | 32 | ## Features English 33 | 1. Install V2Ray or Xray using VLESS or VMess, support all condition: VLESS+TCP+TLS / VLESS+Websocket+TLS(CDN) / VMess+TCP+TLS / VMess+Websocket+TLS(CDN) 34 | 2. Using Trojan or Nginx or v2ray-core / Xray-core as frontend listening port 443 35 | 3. Install trojan or trojan-go and V2Ray or Xray on the same server to support all protocol. 36 | 4. Support Debian9+, Ubuntu 16+ and CentOS 7+ operation systems 37 | 5. install wireguard and wgcf to avoid Google reCAPTCHA and unlock Netflix ip geo-restriction 38 | 6. Easily switch Linux kernel version, 5.11, 5.10 LTS, 5.4 LTS, 4.19 LTS, 4.14 LTS 39 | 40 | ## Installation 安装方法 41 | 42 | #### Usage 脚本使用方法 43 | ```bash 44 | bash <(curl -Lso- https://git.io/oneclick) 45 | ``` 46 | 47 | 48 | #### 通过 curl 命令安装 via curl to install script 49 | 50 | ```bash 51 | curl -O https://raw.githubusercontent.com/jinwyp/one_click_script/master/trojan_v2ray_install.sh && chmod +x ./trojan_v2ray_install.sh && ./trojan_v2ray_install.sh 52 | ``` 53 | 54 | #### 通过 wget 命令安装 via wget to install script 55 | 56 | ```bash 57 | wget --no-check-certificate https://raw.githubusercontent.com/jinwyp/one_click_script/master/trojan_v2ray_install.sh && chmod +x ./trojan_v2ray_install.sh && ./trojan_v2ray_install.sh 58 | ``` 59 | 60 | 61 | 62 | ![功能列表](https://github.com/jinwyp/one_click_script/blob/master/docs/readme.png?raw=true) 63 | 64 | ![功能列表2](https://github.com/jinwyp/one_click_script/blob/master/docs/readme2.png?raw=true) 65 | 66 | ![功能列表3](https://github.com/jinwyp/one_click_script/blob/master/docs/readme3.png?raw=true) 67 | 68 | 69 | 70 | ## Installation Linux kernel Wireguard 71 | 72 | #### Usage 脚本使用方法 73 | ```bash 74 | bash <(curl -Lso- https://git.io/kernel.sh) 75 | ``` 76 | 77 | #### 通过 wget 命令安装 Linux 内核 和 Wireguard via wget to install script 78 | 79 | ```bash 80 | wget --no-check-certificate https://raw.githubusercontent.com/jinwyp/one_click_script/master/install_kernel.sh && chmod +x ./install_kernel.sh && ./install_kernel.sh 81 | ``` 82 | 83 | 84 | ## Netflix-Check 85 | #### Netflix 非自制剧解锁 检测脚本 全网最准确检测脚本 支持IPv6 和 Cloudflare WARP Sock5 代理检测 86 | 87 | #### 通过 wget 命令安装 via wget to install script 88 | 89 | ```bash 90 | wget --no-check-certificate https://raw.githubusercontent.com/jinwyp/one_click_script/master/netflix_check.sh && chmod +x ./netflix_check.sh && ./netflix_check.sh 91 | ``` 92 | 93 | 94 | ## 使用说明 Usage 95 | 96 | ### 安装命令行方式 启动 trojan 或 v2ray 97 | 98 | 1. 该步骤可省略. 如果是使用google cloud 谷歌云服务器,默认无法使用root账号登陆, 可以选择32 开启root用户登录. 建议使用root用户运行该脚本. 安装bbr plus 需要root权限, 默认认为使用root执行, 非root用户请手动添加sudo执行 ```sudo ./tcp.sh ```和 ```sudo ./trojan_v2ray_install.sh ``` 脚本. (注意 证书申请也需要用root用户而不建议用sudo [acme.sh文档说明](https://github.com/acmesh-official/acme.sh/wiki/sudo) ). 99 | 2. 安装 BBR plus (或 BBR) 网络加速. 运行脚本 ```./trojan_v2ray_install.sh ``` 选择1 然后 再选择36 安装5.10内核 或 选择61或其他 安装原版 BBRplus 4.14,129 版内核 , 注意安装过程中会弹出大框的英文提示(下面有示例图)"安装linux内核有风险是否终止", 要选择" NO" 不终止. 安装完毕会重启VPS 100 | 3. 使用 BBR 或 BBRplus版 网络加速. 重新登录VPS后, 重新运行脚本 ```./trojan_v2ray_install.sh ``` 选择1 然后 选择2 使用BBR 或选择2 使用BBRplus 加速. 101 | 4. 该步骤可省略. 选择31, 安装 oh-my-zsh. 这样以后登录有命令提示, 方便新手操作. 安装完成后请退出VPS, 命令为```exit```. 重新登录VPS后继续下面操作. 102 | 5. 安装 trojan 或 v2ray. 根据提示 重新运行脚本 ```./trojan_v2ray_install.sh ``` 选2 安装trojan, 或选5 安装trojan-go, 或选11或14 安装v2ray, 或选21 同时安装trojan和v2ray, 或选24 同时安装trojan-go和v2ray. 强烈建议:如果VPS线路速度可以保证,不需要CDN,强烈建议选11或14 只安装xray 或只安装5 trojan-go (trojan-go速度已经很快了). 需要CDN可以选11只安装V2ray. 协议安装的越多安全性越低,而且也不会提高速度,适合自己的软件装一种最好. 完全没有必要使用多合一的脚本同时安装多个协议 103 | 104 | 6. 第一步安装 BBR plus 时出现的提示 "是否终止删除内核" 请选择 "NO". 就是要卸载掉目前的内核. 105 | ![注意 安装BBR plus](https://github.com/jinwyp/one_click_script/blob/master/docs/debian.jpg?raw=true) 106 | ![注意 安装BBR plus](https://github.com/jinwyp/one_click_script/blob/master/docs/kernel.png?raw=true) 107 | ![注意 安装BBR plus](https://github.com/jinwyp/one_click_script/blob/master/docs/ubuntu.png?raw=true) 108 | 109 | 110 | ### 安装管理面板 Install web admin panel 111 | 112 | 1. 在没有安装任何 trojan 和 v2ray 的新机器上(即没有执行过第5步, 执行过可以选择卸载), 选择29 进入子菜单安装 trojan 或 v2ray 可视化管理面板。(如果之前通过其他脚本安装过,再安装可视化管理面板则极易产生问题) 113 | 2. 选择29后 然后再选择1 安装trojan-web可视化管理面板(建议使用centos7系统).根据提示输入域名后, 继续根据提示再选择1.Let's Encrypt 证书, 申请证书成功后. 继续根据提示再选择1.安装docker版mysql(mariadb). ariadb启动成功后,继续根据提示输入第一个trojan用户的账号密码,回车后出现"欢迎使用trojan管理程序" 需要不输入数字直接按回车,这样继续安装nginx直到完成. nginx安装成功会显示可视化管理面板网址,请保存下来. 如果没有显示管理面板网址则表明安装失败. 114 | 3. 选择29后 然后再选择6 安装v2ray-ui可视化管理面板. 安装成功后可以再次运行本脚本选择29后在选择11申请域名SSL证书. 然后再可视化管理面板新建添加vless账号或trojan账号, 填入证书文件路径 即可同时支持trojan和v2ray. 115 | 116 | ### 高级用法 Advanced Usage 与现有网站共存 117 | 118 | 1. 如果机器上已经有nginx或已有网站服务, 或是与宝塔面板共同使用, 可以运行脚本后选择30, 然后单独安装不带有nginx的版本。 选择30后再选15, 则V2ray运行在非80和443端口(端口可自定义), 同时没有加密, 然后在宝塔面板或nginx自行修改配置, 让nginx服务于443 https端口, 根据指定的url路径转发到V2ray 端口, 起到加密作用。 119 | 2. 选择30后 再选择12-14 安装trojan或trojan-go, 这样让trojan或trojan-go服务于443 https端口, 与现有的nginx或网站共存, nginx需要修改配置只监听80端口即可。https ssl加密由trojan或trojan-go提供。 120 | 3. 选择30后, 再选择13或14后仅安装trojan-go. 必须保证本机80端口有监听, 否则trojan-go无法启动. 这是trojan-go的一个fallback功能, 非trojan协议的流量会转发到remote_addr和remote_port指定这个HTTP服务器的地址. Trojan-Go将会测试这个HTTP服务器是否工作正常,如果不正常,Trojan-Go会拒绝启动. [参考trojan-go官方文档](https://p4gefau1t.github.io/trojan-go/basic/config/) 121 | 4. 选择30后 再选择16-24 安装V2ray或Xray, 这样让V2ray或Xray 的 Vless协议服务于443 https端口(端口可自定义), 与现有的nginx或网站共存, nginx需要修改配置只监听80端口即可。https ssl加密由V2ray或Xray 的 Vless协议提供。 推荐选择20的 Xray的Xtls-direct 模式速度最快 122 | 5. 选择30后 再选择15-24 安装V2ray或Xray,都可以自定义端口, 密码和websocket 的path 路径, 默认为随机密码和随机路径. 同时还可以增加一个额外的监听端口与主端口同时使用, 方便不支持443端口的中转机中转给目标主机. 123 | 6. 以上安装都可以选择是否申请证书, 如果已有证书可以不在安装过程中申请, 或多次安装本脚本也可以不需要再次申请。证书位置在 /root/website/cert/fullchain.cer 和 /root/website/cert/private.key, 可以手动放置 124 | 125 | 126 | ### Netflix Unlock 解锁Netflix 等其他流媒体网站的区域限制 和 避免弹出Google人机验证 127 | 128 | 1. 运行脚本后选择1 进入linux 内核安装菜单, 根据提示安装 linux 内核 5.10或5.14 都可以. 129 | 2. 更换内核重启后, 选择1 进入linux 内核安装菜单, 选择2 使用BBR加速 和 Cake算法 优化VPS参数后 重启 130 | 3. 重启后, 选择1, 再选择6 安装 Wireguard 和 cloudflare WARP. 131 | 4. 确认Wireguard启动成功后, 运行脚本后选择14 或 11 或其他选项 安装v2ray或xray, 安装过程中根据提示 选择netflix 和 google 人机验证 解锁即可, 也可以选择解锁更多的视频网站. 132 | 5. 本脚本集合了所有解锁 Netflix 网站的方法, 目前有 1 使用DNS解锁, 2 使用IPv6解锁, 3 使用WARP sock5 代理解锁, 4 使用转发到可解锁的V2ray或Xray服务器解锁 133 | 6. 目前网上搭建解锁反代服务器是使用 sniproxy + dns的方式, 本脚本稍后推出 nginx stream + dns, nginx + xray, nginx + v2ray, nginx + sock5, 非常灵活的各种方式搭建解锁反代服务器, 以便达到一台VPS可以同时做网站+提供解锁+v2ray+trojan的目的 134 | 135 | 136 | 137 | ## 注意事项与常见问题 FAQ 138 | 139 | 1. 免费域名可以使用 [freenom](https://www.freenom.com/zh/index.html?lang=zh). 注册freenom时需要使用美国IP,否则无法通过注册邮件验证. 请自行搜索教程. 140 | 2. 使用脚本安装时请先关闭CDN, cloudflare.com 中DNS设置页面, 二级域名设置为DNS only 为关闭CDN. 安装v2ray或trojan-go完毕后 可以开启CDN 设置为Proxied 即可. trojan目前不支持CDN, trojan-go 默认安装设置为不支持CDN,可以在安装过程中选择支持CDN. 141 | 142 | ![注意 cloudflare CDN](https://github.com/jinwyp/one_click_script/blob/master/docs/cloudflare1.jpg?raw=true) 143 | 144 | 3. 如果使用v2ray 或 xray的 gRPC 通过cloudflare 转发, 需要在cloudflare 域名 "设置"中 => "网络" 菜单里面 允许gRPC,cloudflare Network => gRPC 145 | 146 | ![注意 cloudflare CDN gRPC](https://github.com/jinwyp/one_click_script/blob/master/docs/grpc.png?raw=true) 147 | 148 | 4. 以下是Cloudflare CDN 的worker 加速脚本, 请把域名替换成自己的vps的域名. 然后在Cloudflare新建worker 添加即可. 可以通过下面3个工具任选其一, [CFIP][better-cloudflare-ip], [CloudflareScanner], [CloudflareSpeedTest], 在你自己的客户端机器上运行, 找出距离你最快的 cloudflare 的CDN IP, 在v2ray或trojan-go支持CDN的配置中填入该IP即可. 149 | ``` 150 | addEventListener( 151 | "fetch", event => { 152 | let url = new URL(event.request.url); 153 | url.hostname = "yourdomain.xxx.xx"; 154 | url.protocol = "https"; 155 | let request = new Request(url, event.request); 156 | event.respondWith( 157 | fetch(request) 158 | ) 159 | } 160 | ) 161 | ``` 162 | 163 | ## 关于Let's Encrypt证书 164 | 本脚本使用的acme.sh来申请的Let's Encrypt免费证书。三个月需要续期,本脚本通过cron自动完成续期的,无需用户操作。但Let's Encrypt 申请证书有一些限制,如下: 165 | 166 | Let's Encrypt证书申请频率的限制 167 | 168 | 1. 同一个主域名一周之内只能申请50个证书 169 | 2. 每个账号下每个域名每小时申请验证失败的次数为5次 170 | 3. 每周只能创建5个重复的证书,即使是通过不同的账号进行创建 171 | 4. 每个账号同一个IP地址每3小时最多可以创建10个证书 172 | 5. 每个多域名(SAN) SSL证书(不是通配符域名证书)最多只能包含100个子域 173 | 6. 更新证书没有次数的限制,但是更新证书会受到上述重复证书的限制 174 | 7. 如果提示证书申请失败,可以尝试更换域名再试(添加或换不同的二级域名,也算是新域名) 175 | 8. 同一IP地址,在短时间内过于频繁的申请证书,也会被限制,此时更换域名也无法申请成功,只能等待一段时间,或者在安装过程中选择使用 BuyPass.com 来申请. 176 | 177 | 178 | ## 特别感谢 Special Thanks 179 | 180 | 1. 脚本感谢 https://github.com/sprov065/v2-ui 181 | 2. 脚本感谢 https://github.com/Jrohy/trojan 182 | 3. 脚本感谢 https://github.com/v2fly/v2ray-core 183 | 4. 脚本感谢 https://github.com/XTLS/Xray-core 184 | 5. 脚本感谢 https://github.com/trojan-gfw/trojan 185 | 6. 脚本感谢 https://github.com/p4gefau1t/trojan-go 186 | 7. 脚本感谢 https://github.com/ylx2016/Linux-NetSpeed 187 | 8. 脚本感谢 秋水逸冰、Atrandys、V2ray官方 和 波仔分享 等 188 | 9. 脚本感谢 JCNF的博客 https://ybfl.xyz/111.html 189 | 190 | 191 | 192 | ## Installation Xrayr 193 | ## 安装其他 Linux 软件 和 V2board 服务器端 V2Ray-Poseidon, Soga, XrayR, Air-Universe 一键脚本 194 | 195 | #### via curl 安装命令 196 | 197 | ```bash 198 | curl -O https://raw.githubusercontent.com/jinwyp/one_click_script/master/linux_install_software.sh && chmod +x ./linux_install_software.sh && ./linux_install_software.sh 199 | 200 | ``` 201 | 202 | #### via wget 安装命令 203 | 204 | ```bash 205 | wget --no-check-certificate https://raw.githubusercontent.com/jinwyp/one_click_script/master/linux_install_software.sh && chmod +x ./linux_install_software.sh && ./linux_install_software.sh 206 | 207 | ``` 208 | 209 | ![功能列表4](https://github.com/jinwyp/one_click_script/blob/master/docs/v2board1.png?raw=true) 210 | 211 | 212 | 213 | ## Stargazers over time 214 | [![Stargazers over time](https://starchart.cc/jinwyp/one_click_script.svg)](https://starchart.cc/jinwyp/one_click_script) 215 | 216 | 217 | 218 | [better-cloudflare-ip]: https://github.com/badafans/better-cloudflare-ip/releases 219 | [CFIP]: https://github.com/BlueSkyXN/CFIP/releases 220 | [CloudflareScanner]: https://github.com/Spedoske/CloudflareScanner/releases/tag/1.1.2 221 | [CloudflareSpeedTest]: https://github.com/XIU2/CloudflareSpeedTest/releases/tag/v1.4.9 222 | 223 | 224 | 225 | 226 | -------------------------------------------------------------------------------- /TOOL.md: -------------------------------------------------------------------------------- 1 | # Linux toolkit Easily install docker and Nodejs shell script 2 | 3 | 4 | ## [中文文档](/TOOL_CN.md) 5 | 6 | ## Features 7 | 8 | 1. Configuring an SSH login without password. Change the SSH Default Port. Secure your VPS. 9 | 2. Install linux sofrware including Oh-my-zsh, zsh-autosuggestions, Micro editors. 10 | 3. Install Nodejs and PM2. 11 | 4. Install Docker and Docker Compose. 12 | 5. Install Portainer. 13 | 14 | 15 | 16 | ## Installation 17 | 18 | #### via curl to install script 19 | 20 | ```bash 21 | curl -O https://raw.githubusercontent.com/jinwyp/one_click_script/master/linux_install_software.sh && chmod +x ./linux_install_software.sh && ./linux_install_software.sh 22 | 23 | ``` 24 | 25 | #### via wget to install script 26 | 27 | ```bash 28 | wget --no-check-certificate https://raw.githubusercontent.com/jinwyp/one_click_script/master/linux_install_software.sh && chmod +x ./linux_install_software.sh && ./linux_install_software.sh 29 | 30 | ``` 31 | 32 | ![功能列表4](https://github.com/jinwyp/one_click_script/blob/master/docs/v2board1_en.png?raw=true) 33 | 34 | 35 | 36 | 37 | -------------------------------------------------------------------------------- /TOOL_CN.md: -------------------------------------------------------------------------------- 1 | # Linux toolkit Easily install docker and Nodejs shell script 2 | 3 | ## 安装 Linux 软件 和 服务器端 一键脚本 4 | 5 | ## 目录 Table of Contents 6 | 7 | * [V2board 服务器端 一键安装脚本](#installation) 8 | 9 | ## 功能介绍 10 | 11 | 1. 开启SSH 无密码登录.修改SSH默认端口, 增加VPS安全性. 12 | 2. 安装 Oh-my-zsh, zsh-autosuggestions, Micro 编辑器. 13 | 3. 安装 Nodejs 和 PM2. 14 | 4. 安装 Docker 和 Docker Compose. 15 | 5. 安装 Portainer. 16 | 17 | 18 | ## Installation 19 | 20 | #### via curl 安装命令 21 | 22 | ```bash 23 | curl -O https://raw.githubusercontent.com/jinwyp/one_click_script/master/linux_install_software.sh && chmod +x ./linux_install_software.sh && ./linux_install_software.sh 24 | 25 | ``` 26 | 27 | #### via wget 安装命令 28 | 29 | ```bash 30 | wget --no-check-certificate https://raw.githubusercontent.com/jinwyp/one_click_script/master/linux_install_software.sh && chmod +x ./linux_install_software.sh && ./linux_install_software.sh 31 | 32 | ``` 33 | 34 | ![功能列表4](https://github.com/jinwyp/one_click_script/blob/master/docs/v2board1.png?raw=true) 35 | 36 | 37 | 38 | 39 | -------------------------------------------------------------------------------- /acuteangle/autorun: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | 4 | # source https://gist.github.com/saltlakeryan/e12aafd09528ff77c346 5 | 6 | # set -e 7 | # set -o pipefail 8 | 9 | export LC_ALL=C 10 | export LANG=C 11 | export LANGUAGE=en_US.UTF-8 12 | 13 | 14 | # fonts color 15 | red(){ 16 | echo -e "\033[31m\033[01m$1\033[0m" 17 | } 18 | green(){ 19 | echo -e "\033[32m\033[01m$1\033[0m" 20 | } 21 | yellow(){ 22 | echo -e "\033[33m\033[01m$1\033[0m" 23 | } 24 | blue(){ 25 | echo -e "\033[34m\033[01m$1\033[0m" 26 | } 27 | bold(){ 28 | echo -e "\033[1m\033[01m$1\033[0m" 29 | } 30 | 31 | 32 | function main() { 33 | 34 | setup_env 35 | print_welcome 36 | mount_usb 37 | } 38 | 39 | 40 | 41 | function setup_env() { 42 | PASSWORD="mypass" 43 | USERNAME="autoback" 44 | DIRECTORY_BASE="/fab/office/imaging/other/autoback" 45 | SERVER="storage.nanofab.utah.edu" 46 | DATE=$(date +%Y-%m-%d_%H_%M_%S) 47 | MACADDR=$(ls /sys/class/net/*/address | grep -v lo | sort | head -1 | xargs cat | perl -pe 's/:/-/g') 48 | BACKUPDIR="/mnt/backup/$MACADDR/$DATE" 49 | 50 | HDDP1="/dev/mmcblk1p1" 51 | HDDP2="/dev/mmcblk1p2" 52 | HDDP3="/dev/mmcblk1p3" 53 | HDDP4="/dev/mmcblk1p4" 54 | 55 | MountDisk1="/mnt/disk1" 56 | MountDisk2="/mnt/disk2" 57 | MountDisk3="/mnt/disk3" 58 | MountDisk4="/mnt/disk4" 59 | 60 | MountDIR1="/mnt/usb1" 61 | MountDIR2="/mnt/usb2" 62 | 63 | PVEIMGFilenamePath1="/mnt/usb1/proxmox.img.gz" 64 | PVEIMGFilenamePath2="/mnt/usb2/proxmox.img.gz" 65 | PVEIMGFilenamePath3="/mnt/usb1/proxmox-ve.iso" 66 | PVEIMGFilenamePath4="/mnt/usb2/proxmox-ve.iso" 67 | PVEIMGFilenameReal="proxmox.img.gz" 68 | PVEIMGFilenameRealISO="proxmox-ve.iso" 69 | 70 | 71 | HARDDISK=$(ls ${HDDP1} 2> /dev/null || true) 72 | if [ "$HARDDISK" == "" ] 73 | then 74 | echo "No disk found" 75 | exit 1 76 | fi 77 | HARDDISKSIZE=$(blockdev --getsize64 ${HDDP1}) 78 | } 79 | 80 | 81 | function print_welcome() { 82 | green "================================================== " 83 | echo " STARTING AUTOMATIC Install PVE ! $DATE" 84 | echo " This machine is identified by its mac address: $MACADDR" 85 | echo " Size of Hard Disk in bytes: $HARDDISKSIZE" 86 | green "================================================== " 87 | echo 88 | } 89 | 90 | 91 | function print_metadata() { 92 | echo "Size of Hard Disk in bytes: $HARDDISKSIZE" 93 | IPADDR=$(ip addr show | grep 'inet ' | grep -v 'lo$' | awk '{print $2}' | perl -pe 's!/.*!!') 94 | echo "IP: $IPADDR" 95 | IPHOST=`getent hosts $IPADDR || true` 96 | echo "HOST by IP: $IPHOST" 97 | } 98 | 99 | 100 | 101 | 102 | function mount_usb() { 103 | green "============================================================ " 104 | echo " Run Command : lsblk" 105 | lsblk 106 | echo 107 | green "============================================================ " 108 | echo " Run Command : blkid" 109 | blkid 110 | echo 111 | green "============================================================ " 112 | echo " Starting mount usb drive to ${MountDIR1} and ${MountDIR2} " 113 | 114 | 115 | # if [ -b "$HDDP1" ]; then 116 | # green "$HDDP1 is a block device. Mount to ${MountDisk1}" 117 | # mkdir -p $MountDisk1 118 | # mount -o rw $HDDP1 $MountDisk1 119 | # fi 120 | 121 | # if [ -b "$HDDP2" ]; then 122 | # green "$HDDP2 is a block device. Mount to ${MountDisk2}" 123 | # mkdir -p $MountDisk2 124 | # mount -o rw $HDDP2 $MountDisk2 125 | # fi 126 | 127 | # if [ -b "$HDDP3" ]; then 128 | # green "$HDDP3 is a block device. Mount to ${MountDisk3}" 129 | # mkdir -p $MountDisk3 130 | # mount -o rw $HDDP3 $MountDisk3 131 | # fi 132 | 133 | # if [ -b "$HDDP4" ]; then 134 | # green "$HDDP4 is a block device. Mount to ${MountDisk4}" 135 | # mkdir -p $MountDisk4 136 | # mount -o rw $HDDP4 $MountDisk4 137 | # fi 138 | 139 | deviceUSB1="/dev/sda1" 140 | deviceUSB2="/dev/sdb1" 141 | 142 | if [ -b "$deviceUSB1" ]; then 143 | green "$deviceUSB1 is a block device. Mount to ${MountDIR1}" 144 | mkdir -p $MountDIR1 145 | mount -o rw $deviceUSB1 $MountDIR1 146 | fi 147 | 148 | if [ -b "$deviceUSB2" ]; then 149 | echo "$deviceUSB2 is a block device. . Mount to ${MountDIR2}" 150 | mkdir -p $MountDIR2 151 | mount -o rw $deviceUSB2 $MountDIR2 152 | fi 153 | 154 | 155 | if [ -f "$PVEIMGFilenamePath1" ]; then 156 | PVEIMGFilenameReal=$PVEIMGFilenamePath1 157 | installpve $PVEIMGFilenameReal "gz" 158 | elif [ -f "$PVEIMGFilenamePath2" ]; then 159 | echo "$PVEIMGFilenamePath1 does not exist !" 160 | PVEIMGFilenameReal=$PVEIMGFilenamePath2 161 | installpve $PVEIMGFilenameReal "gz" 162 | elif [ -f "$PVEIMGFilenamePath3" ]; then 163 | echo "$PVEIMGFilenamePath2 does not exist !" 164 | PVEIMGFilenameReal=$PVEIMGFilenamePath3 165 | installpve $PVEIMGFilenameReal "iso" 166 | elif [ -f "$PVEIMGFilenamePath4" ]; then 167 | echo "$PVEIMGFilenamePath3 does not exist !" 168 | PVEIMGFilenameReal=$PVEIMGFilenamePath4 169 | installpve $PVEIMGFilenameReal "iso" 170 | else 171 | echo "$PVEIMGFilenamePath4 does not exist !" 172 | fi 173 | 174 | } 175 | 176 | 177 | 178 | function installpve(){ 179 | green "============================================================ " 180 | echo " Starting Install PVE !" 181 | 182 | read -p "Comfirm to install PVE? Please input [Y/n]?" isInstallPVEInput 183 | isInstallPVEInput=${isInstallPVEInput:-Y} 184 | 185 | if [[ $isInstallPVEInput == [Yy] ]]; then 186 | 187 | if [ "$2" == "gz" ]; then 188 | echo "Running Command: $1 | gunzip | dd of=/dev/mmcblk1 && reboot" 189 | red "Do Not Turn off the Power! Wait for a long time please. " 190 | green "It will reboot after finish !" 191 | cat $1 | gunzip | dd of=/dev/mmcblk1 && reboot 192 | else 193 | echo "Running Command: dd if=$1 of=/dev/mmcblk1 && reboot" 194 | red "Do Not Turn off the Power! Wait for a long time please. " 195 | green "It will reboot after finish !" 196 | dd if=$1 of=/dev/mmcblk1 197 | reboot 198 | fi 199 | 200 | else 201 | red "============================================================ " 202 | red " Exit PVE Installation !" 203 | red "============================================================ " 204 | exit 1 205 | fi 206 | 207 | } 208 | 209 | 210 | 211 | 212 | 213 | main $1 -------------------------------------------------------------------------------- /acuteangle/boot1.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jinwyp/one_click_script/da872e15099966d30fd0bb8d98cd728457055b24/acuteangle/boot1.jpg -------------------------------------------------------------------------------- /acuteangle/boot2.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jinwyp/one_click_script/da872e15099966d30fd0bb8d98cd728457055b24/acuteangle/boot2.jpg -------------------------------------------------------------------------------- /acuteangle/boot3.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jinwyp/one_click_script/da872e15099966d30fd0bb8d98cd728457055b24/acuteangle/boot3.jpg -------------------------------------------------------------------------------- /acuteangle/date.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | 4 | # source https://gist.github.com/saltlakeryan/e12aafd09528ff77c346 5 | 6 | # set -e 7 | # set -o pipefail 8 | 9 | export LC_ALL=C 10 | export LANG=C 11 | export LANGUAGE=en_US.UTF-8 12 | 13 | 14 | # fonts color 15 | red(){ 16 | echo -e "\033[31m\033[01m$1\033[0m" 17 | } 18 | green(){ 19 | echo -e "\033[32m\033[01m$1\033[0m" 20 | } 21 | yellow(){ 22 | echo -e "\033[33m\033[01m$1\033[0m" 23 | } 24 | blue(){ 25 | echo -e "\033[34m\033[01m$1\033[0m" 26 | } 27 | bold(){ 28 | echo -e "\033[1m\033[01m$1\033[0m" 29 | } 30 | 31 | 32 | 33 | function main() { 34 | echo $1 35 | if [[ -n $1 ]]; then 36 | saveDateToFile 37 | 38 | if [[ $1 == "reset" ]]; then 39 | reset 40 | apt-get install ifupdown2 -y 41 | chmod +x /root/date.sh 42 | setCrontab 43 | setIP 44 | 45 | fi 46 | 47 | if [[ $1 == "firstrun" ]]; then 48 | apt-get install ifupdown2 -y 49 | chmod +x /root/date.sh 50 | setCrontab 51 | setIP 52 | fi 53 | 54 | if [[ $1 == "deljob" ]]; then 55 | removeCrontab 56 | fi 57 | 58 | else 59 | setDateFromFile 60 | fi 61 | } 62 | 63 | 64 | 65 | dateFilePath="/root/date.log" 66 | function saveDateToFile(){ 67 | green " ================================================== " 68 | echo "Save system date to file $dateFilePath " 69 | date +'%Y-%m-%d %H:%M:%S' > $dateFilePath 70 | cat $dateFilePath 71 | } 72 | 73 | function setDateFromFile(){ 74 | green " ================================================== " 75 | echo "Set system date from file $dateFilePath " 76 | currentDate=$(cat $dateFilePath) 77 | echo "$currentDate" 78 | date -s "$currentDate" 79 | 80 | hwclock --set --date "$currentDate" 81 | hwclock --hctosys 82 | } 83 | 84 | 85 | function setCrontab(){ 86 | # 设置 cron 定时任务 87 | # https://stackoverflow.com/questions/610839/how-can-i-programmatically-create-a-new-cron-job 88 | 89 | # (crontab -l 2>/dev/null | grep -v '^[a-zA-Z]'; echo "15 4 * * 0,1,2,3,4,5,6 systemctl restart trojan.service") | sort - | uniq - | crontab - 90 | (crontab -l ; echo "@reboot /root/date.sh") | sort - | uniq - | crontab - 91 | (crontab -l ; echo "10 4 * * 0,1,2,3,4,5,6 /root/date.sh savedate") | sort - | uniq - | crontab - 92 | } 93 | 94 | 95 | function removeCrontab(){ 96 | # 清楚 cron 定时任务 97 | crontab -r 98 | } 99 | 100 | function setIP(){ 101 | # https://pve.proxmox.com/pve-docs/chapter-sysadmin.html#sysadmin_network_configuration 102 | 103 | 104 | green " ================================================== " 105 | 106 | read -r -p "Choose IP Mode: DHCP(y) or Static(n) ? (default: static ip) Pls Input [y/N]?" IPModeInput 107 | IPModeInput=${IPModeInput:-n} 108 | read -r -p "Please input IP address of your n3450 computer (default:192.168.7.200) ?" IPInput 109 | 110 | if [[ $IPModeInput == [Yy] ]]; then 111 | cat > /etc/network/interfaces <<-EOF 112 | 113 | # This file describes the network interfaces available on your system 114 | # and how to activate them. For more information, see interfaces(5). 115 | 116 | source /etc/network/interfaces.d/* 117 | 118 | # The loopback network interface 119 | auto lo 120 | iface lo inet loopback 121 | 122 | 123 | # The primary network interface 124 | iface enp1s0 inet manual 125 | 126 | auto vmbr0 127 | iface vmbr0 inet dhcp 128 | bridge_ports enp1s0 129 | bridge_stp off 130 | bridge_fd 0 131 | 132 | 133 | # allow-hotplug wlp2s0 134 | # iface wlp2s0 inet dhcp 135 | # pre-up ip link set wlan0 up 136 | # pre-up iwconfig wlan0 essid ssid 137 | # wpa-ssid ssid 138 | # wpa-psk password 139 | 140 | EOF 141 | green " ================================================== " 142 | red "$IPInput is not the real ip. It only shows on the welcome message !" 143 | red "Please run command 'ifconfig' to show the real IP or check the real ip on the router !" 144 | 145 | green " ================================================== " 146 | else 147 | 148 | read -r -p "Please input IP netmask (default:255.255.255.0) ?" netmaskInput 149 | read -r -p "Please input IP gateway (default:192.168.7.1) ?" gatewayInput 150 | 151 | IPInput=${IPInput:-192.168.7.200} 152 | netmaskInput=${netmaskInput:-255.255.255.0} 153 | gatewayInput=${gatewayInput:-192.168.7.1} 154 | 155 | 156 | cat > /etc/network/interfaces <<-EOF 157 | 158 | # This file describes the network interfaces available on your system 159 | # and how to activate them. For more information, see interfaces(5). 160 | 161 | source /etc/network/interfaces.d/* 162 | 163 | # The loopback network interface 164 | auto lo 165 | iface lo inet loopback 166 | 167 | # The primary network interface 168 | iface enp1s0 inet manual 169 | 170 | auto vmbr0 171 | iface vmbr0 inet static 172 | address ${IPInput} 173 | netmask ${netmaskInput} 174 | gateway ${gatewayInput} 175 | bridge_ports enp1s0 176 | bridge_stp off 177 | bridge_fd 0 178 | 179 | 180 | EOF 181 | 182 | fi 183 | 184 | sed -i -e "s/[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}/${IPInput}/g" /etc/issue 185 | sed -i "s/10\.100\.99\.1/${IPInput}/g" /etc/hosts 186 | 187 | sed -i "s/# alias/alias/g" /root/.bashrc 188 | 189 | green " ================================================== " 190 | green " Change IP to ${IPInput} success !" 191 | echo "Please Check file /etc/hosts and make sure the IP of your hostname is correct" 192 | green " ================================================== " 193 | } 194 | 195 | 196 | 197 | 198 | 199 | function mount_usb() { 200 | green " ================================================== " 201 | echo "Run Command : lsblk" 202 | lsblk 203 | echo 204 | green " ================================================== " 205 | echo "Run Command : blkid" 206 | blkid 207 | echo 208 | green " ================================================== " 209 | echo " Starting mount usb drive " 210 | 211 | deviceUSB1="/dev/sda1" 212 | deviceUSB2="/dev/sdb1" 213 | 214 | MountDIR1="/mnt/usb1" 215 | MountDIR2="/mnt/usb2" 216 | 217 | if [ -b "$deviceUSB1" ]; then 218 | green "$deviceUSB1 is a block device. Mount to ${MountDIR1}" 219 | mkdir -p $MountDIR1 220 | mount -o rw $deviceUSB1 $MountDIR1 221 | fi 222 | 223 | if [ -b "$deviceUSB2" ]; then 224 | echo "$deviceUSB2 is a block device. . Mount to ${MountDIR2}" 225 | mkdir -p $MountDIR2 226 | mount -o rw $deviceUSB2 $MountDIR2 227 | fi 228 | 229 | } 230 | 231 | 232 | function addMoreDisk(){ 233 | DISK="/dev/mmcblk1" 234 | echo -e "d\n\nn\n\n\n\nw" | fdisk $DISK 235 | xfs_growfs / 236 | } 237 | 238 | function reset(){ 239 | addMoreDisk 240 | 241 | rm /etc/ssh/ssh_host_* 242 | test -f /etc/ssh/ssh_host_dsa_key || dpkg-reconfigure openssh-server 243 | 244 | pvecm updatecerts -f 245 | systemctl disable reset 246 | rm /etc/systemd/system/reset.service 247 | systemctl daemon-reload 248 | systemctl reset-failed 249 | rm /reset.sh 250 | 251 | } 252 | 253 | main $1 -------------------------------------------------------------------------------- /acuteangle/img1.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jinwyp/one_click_script/da872e15099966d30fd0bb8d98cd728457055b24/acuteangle/img1.jpg -------------------------------------------------------------------------------- /acuteangle/img2.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jinwyp/one_click_script/da872e15099966d30fd0bb8d98cd728457055b24/acuteangle/img2.jpg -------------------------------------------------------------------------------- /acuteangle/img3.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jinwyp/one_click_script/da872e15099966d30fd0bb8d98cd728457055b24/acuteangle/img3.jpg -------------------------------------------------------------------------------- /acuteangle/img32.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jinwyp/one_click_script/da872e15099966d30fd0bb8d98cd728457055b24/acuteangle/img32.jpg -------------------------------------------------------------------------------- /acuteangle/img33.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jinwyp/one_click_script/da872e15099966d30fd0bb8d98cd728457055b24/acuteangle/img33.jpg -------------------------------------------------------------------------------- /acuteangle/img4.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jinwyp/one_click_script/da872e15099966d30fd0bb8d98cd728457055b24/acuteangle/img4.jpg -------------------------------------------------------------------------------- /acuteangle/local1.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jinwyp/one_click_script/da872e15099966d30fd0bb8d98cd728457055b24/acuteangle/local1.jpg -------------------------------------------------------------------------------- /acuteangle/local2.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jinwyp/one_click_script/da872e15099966d30fd0bb8d98cd728457055b24/acuteangle/local2.jpg -------------------------------------------------------------------------------- /acuteangle/mosdns1.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jinwyp/one_click_script/da872e15099966d30fd0bb8d98cd728457055b24/acuteangle/mosdns1.jpg -------------------------------------------------------------------------------- /acuteangle/mosdns2.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jinwyp/one_click_script/da872e15099966d30fd0bb8d98cd728457055b24/acuteangle/mosdns2.jpg -------------------------------------------------------------------------------- /acuteangle/pve1.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jinwyp/one_click_script/da872e15099966d30fd0bb8d98cd728457055b24/acuteangle/pve1.jpg -------------------------------------------------------------------------------- /acuteangle/pve2.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jinwyp/one_click_script/da872e15099966d30fd0bb8d98cd728457055b24/acuteangle/pve2.jpg -------------------------------------------------------------------------------- /acuteangle/pve3.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jinwyp/one_click_script/da872e15099966d30fd0bb8d98cd728457055b24/acuteangle/pve3.jpg -------------------------------------------------------------------------------- /acuteangle/pve9.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jinwyp/one_click_script/da872e15099966d30fd0bb8d98cd728457055b24/acuteangle/pve9.jpg -------------------------------------------------------------------------------- /acuteangle/readme.md: -------------------------------------------------------------------------------- 1 | # 锐角云安装PVE 最简单教程 2 | 3 | ## Table of Contents 4 | 5 | * [方法1 自动DD方法)](#autodd) 6 | * [方法2 修改代码方法 让PVE 安装到EMMC 硬盘上](#pveemmc) 7 | * [在 PVE中 安装Openwrt](#openwrt) 8 | * [Openwrt的DHCP和DNS 设置 ](#openwrtsetting) 9 | 10 | 11 | ## AutoDD 12 | ## 方法1 自动DD方法 13 | ### 准备工作 14 | 1. 下载 PVE 6.2 镜像 proxmox.img.gz(该镜像已经被修改 可以支持emmc并且删除了无用lvm分区) 地址 https://n3450.cloud/proxmox.img.gz 15 | 2. 下载 SystemRescue Linux 启动盘 地址 https://nchc.dl.sourceforge.net/project/systemrescuecd/sysresccd-x86/9.04/systemrescue-9.04-amd64.iso 16 | 3. 下载 autorun 脚本 https://raw.githubusercontent.com/jinwyp/one_click_script/master/acuteangle/autorun , 页面打开后另存为autorun. 注意不要有扩展名 (autorun.txt 这种是错误的) 17 | 4. 下载初始化脚本 https://raw.githubusercontent.com/jinwyp/one_click_script/master/acuteangle/date.sh, 页面打开后另存为date.sh 扩展名是.sh 18 | 19 | 20 | 21 | ### 开始制作启动盘和安装PVE 22 | 23 | 1. 用 rufus 或 balenaEtcher(推荐 https://www.balena.io/) U盘写入工具 将 systemrescue-9.04-amd64.iso 写入U盘 24 | 2. U盘写入完成后, 复制 autorun 脚本 和 proxmox.img.gz 到U盘根目录 25 | 3. 插入U盘到 锐角云 HDMI口旁边的USB, 开机按F7选择U盘引导后 (一般U盘为第二项 UEFI:你的U盘名称 例如 SanDisk, Partition 1)。 26 | 4. 进入SystemRescue 菜单后 选择第二项 Boot SystemRescue and Copy system to Ram (Copytoram) 进入, 然后会自动运行autorun脚本, 根据提示选择Y 安装PVE或n 退出。 随后耐心等待直至屏幕变化,设备会自动重启。此时可以插入网线连接好路由器. 27 | 28 | 5. 插入网线会通过dhcp获取ip的。进入PVE的命令行环境后,使用用户名和密码为"root/password"进行登陆。 首次进入要执行下面初始化脚本, 需要已经正常联网. 然后根据提示可以选择DHCP获取IP或手动指定IP地址。 29 | ```bash 30 | wget --no-check-certificate https://raw.githubusercontent.com/jinwyp/one_click_script/master/acuteangle/date.sh && chmod +x ./date.sh && ./date.sh reset 31 | ``` 32 | 33 | 如果没有联网,可以执行 bash /reset.sh 来初始化系统, 但会导致重启后获取不到IP连不上网, 请慎重使用。 所以没有联网推荐插入网线重启后运行上一条命令。 34 | 35 | 36 | 6. 如果第5步没有联网,重启后获取不到IP连不上网 解决方法. 下载脚本date.sh, 放到U盘, 插入到 HDMI口旁边的USB, 输入下面的命令. 加载U盘运行脚本,根据提示可以选择DHCP获取IP或手动指定IP地址。 37 | ```bash 38 | mkdir -p /mnt/usb1/ 39 | mount /dev/sda1 /mnt/usb1 40 | chmod +x ./mnt/usb1/date.sh && /mnt/usb1/date.sh firstrun 41 | ``` 42 | 7. 一切完成后访问 http://IP:8006 进入后台 43 | 44 | ### date.sh 脚本 说明 45 | 1. date.sh 脚本会保存到/root/下,还修复了bios没有电池导致时间丢失问题 脚本每天会保存当前时间到文件, 断电重启后会通过crontab重启脚本读取文件设置系统时间, 46 | ```bash 47 | wget --no-check-certificate https://raw.githubusercontent.com/jinwyp/one_click_script/master/acuteangle/date.sh && chmod +x ./date.sh && ./date.sh firstrun 48 | ``` 49 | 50 | 2. 以后使用其他电脑在浏览器就可以管理PVE,登陆方式:https://你设置的IP:8006,用户名/密码分别是"root/password"进行登陆。 51 | 52 | 3. 如果已经给机器加上了bios电池, 不需要再修复系统时间问题, 运行 ```crontab -r ``` 清除自动运行修复时间的脚本, 注意 ```crontab -r ``` 会清除所有定时任务, 如果还有其他定时任务 请运行```crontab -e ```手动修改 删除或注释掉 包含 date.sh 的两行脚本即可 53 | 54 | 55 | 56 | 57 | 58 | ## pveemmc 59 | ## 方法2 修改代码方法让PVE 安装到EMMC 硬盘上 60 | 61 | ### 准备工作 62 | 1. 下载 PVE 7.1 https://n3450.cloud/proxmox-ve_7.1-2-emmc.iso (已经修改好可以从EMMC安装PVE的镜像, 后面不再需要修改代码) 63 | 2. 或从 官方下载 [PVE 7.2-1](https://www.proxmox.com/en/downloads?task=callelement&format=raw&item_id=654&element=f85c494b-2b32-4109-b8c1-083cca2b7db6&method=download&args[0]=71d0b7259765b2c03267418eb4d7889e) 64 | 65 | ### 开始制作启动盘和安装PVE 66 | 1. 用 balenaEtcher(推荐) U盘写入工具 将 proxmox-ve_7.1-2-emmc.iso 或 官方PVE的 proxmox-ve_7.2-1.iso 写入U盘 67 | 2. 插入U盘到 锐角云 HDMI口旁边的USB, 开机按F7选择U盘引导后 (一般U盘为第二项 UEFI:你的U盘名称 例如 SanDisk, Partition 1)。 68 | 3. 启动 PVE 安装程序后 进入安装初始界面后 先选 Advanced Options, 然后点击 Install Proxmox VE (Debug mode), 在第一次提示你可以输入命令的时候输入 Ctrl-D , 69 | ![pve1](https://github.com/jinwyp/one_click_script/blob/master/acuteangle/pve1.jpg?raw=true) 70 | 71 | 72 | 4. 继续安装过程, 在第二次提示你可以输入命令的时候输入命令 vi /usr/bin/proxinstall. 编辑文件(或者使用其他文字编辑器如 nano). 73 | ![pve2](https://github.com/jinwyp/one_click_script/blob/master/acuteangle/pve2.jpg?raw=true) 74 | 75 | 5. 输入 /unable to get device 回车后 定位到对应位置, 输入i进入编辑模式 , 找到如下代码: (这里对VIM编辑器不熟悉的建议去学一下VIM的基本操作. VIM默认有两种模式 打开文件后默认是普通模式 可以控制光标移动,搜索但不能编辑, 输入i 进入编辑模式 可以编辑文件但无法保存, 按ESC键返回到普通模式. 普通模式输入/是搜索, 输入:wq是保存退出) 76 | ``` 77 | 78 | } elsif ($dev =~ m|^/dev/[^/]+/hd[a-z]$|) { 79 | return "${dev}$partnum"; 80 | } elsif ($dev =~ m|^/dev/nvme\d+n\d+$|) { 81 | return "${dev}p$partnum"; 82 | } else { 83 | die "unable to get device for partition $partnum on device $dev\n"; 84 | } 85 | 86 | ``` 87 | 88 | 修改为下面代码 (增加 elsif ($dev =~ m|^/dev/mmcblk\d+$|) 部分代码 ) 89 | 90 | ``` 91 | } elsif ($dev =~ m|^/dev/[^/]+/hd[a-z]$|) { 92 | return "${dev}$partnum"; 93 | } elsif ($dev =~ m|^/dev/nvme\d+n\d+$|) { 94 | return "${dev}p$partnum"; 95 | 96 | } elsif ($dev =~ m|^/dev/mmcblk\d+$|) { 97 | return "${dev}p$partnum"; 98 | 99 | } else { 100 | die "unable to get device for partition $partnum on device $dev\n"; 101 | } 102 | 103 | ``` 104 | 105 | 具体操作如下: 在普通模式移动到/dev/nvme那行输入2yy 就是复制2行的意思, 然后移动光标到else行 键入p 就是粘贴, 然后输入i 进入编辑模式 编辑成/dev/mmcblk\d+$, 然后按ESC返回到普通模式, 输入:wq, 保存退出后. 然后输入 Ctrl-D ,继续安装过程. 此时应该进入了正常的安装程序, 106 | 107 | ![pve3](https://github.com/jinwyp/one_click_script/blob/master/acuteangle/pve3.jpg?raw=true) 108 | 109 | 110 | 111 | 6. 硬盘选择的时候选择 /dev/mmcblk1 (没有 bootX 后缀). 点击下图 options (建议关闭 swap, swapsize设置为0, 延长EMMC寿命. maxvz 也推荐设置为0, 毕竟只有64G, 不需要分太多卷). 最后安装完成后输入 Ctrl-D ,重启系统. 完成后访问 http://IP:8006 进入后台 112 | ![pve9](https://github.com/jinwyp/one_click_script/blob/master/acuteangle/pve9.jpg?raw=true) 113 | 114 | 7. 后续操作 运行以下脚本, 更新软件源, 删除逻辑卷 /pve/data 合并磁盘等操作 (安装完/dev/pve/root 只有14G). 115 | 116 | ```bash 117 | wget --no-check-certificate -P /root https://raw.githubusercontent.com/jinwyp/one_click_script/master/dsm/pve.sh && chmod 700 /root/pve.sh && /root/pve.sh 118 | 119 | ``` 120 | 121 | #### 注意 解决 Proxmox VE 无法安装到 eMMC 上的问题 122 | 123 | 1. 如果使用PVE官方6.4的iso安装 默认无法安装到EMMC存储上 需要 修改代码 可以参考这篇文章 https://lookas2001.com/%E8%A7%A3%E5%86%B3-proxmox-ve-%E6%97%A0%E6%B3%95%E5%AE%89%E8%A3%85%E5%88%B0-emmc-%E4%B8%8A%E7%9A%84%E9%97%AE%E9%A2%98/ 124 | 125 | 126 | 127 | ## 其他工作 128 | 129 | 1. 如果不能联网, 因为PVE是基于 Debian系统的, 对linux 熟悉的可以直接 修改 /etc/network/interfaces 文件. 同时也要想要修改/etc/issue 和 /etc/hosts. 不熟悉linux的可以用上面的date.sh 脚本修改. 130 | 131 | 2. PVE的硬盘盘符. 因为锐角云只有一个64G的EMMC硬盘 物理设备为 /dev/mmcblk1. 安装完PVE后会建立3个物理分区 /dev/mmcblk1p1 /dev/mmcblk1p2 /dev/mmcblk1p3, 其中前2个为系统引导分区 不要修改, PVE的主要文件都在 /dev/mmcblk1p3 分区上. 可以运行命令 lsblk 或 blkid 查看 132 | ![local1](https://github.com/jinwyp/one_click_script/blob/master/acuteangle/local1.jpg?raw=true) 133 | 134 | 3. PVE的LVM LVM逻辑卷. 首先科普一下 [linix的 LVM 磁盘管理](https://www.yisu.com/zixun/3865.html) [LVM 科普文章2](https://zhuanlan.zhihu.com/p/62597195). 简单来讲就是物理卷PV(就是/dev/mmcblk1p3分区), 逻辑卷组VG 和 逻辑卷LV. PVE正常通过官方ISO安装 就是用上面的第二种方法安装, 默认会有3个LV: /dev/pve/root /dev/pve/data /dev/pve/swap . 如果安装过成功中swap设置为0 就不没有第三个 /dev/pve/swap 了. 通过运行 命令 lvdisplay 可以查看这3个LV的信息. 在PVE的概念里面 通过 数据中心-> 存储 里面可以看到有local (对应 /dev/pve/root) 和 local-lvm (对应 /dev/pve/data) 两个储存盘. 135 | 136 | ![local2](https://github.com/jinwyp/one_click_script/blob/master/acuteangle/local2.jpg?raw=true) 137 | 138 | 139 | 由于锐角云只有64G, 建议合并成只有一个LV 都是/dev/pve/root. 运行下面脚本选择3 合并逻辑卷. 合并完成后就只有一个 local (对应 /dev/pve/root) 储存盘了 如上图 140 | 141 | 142 | ```bash 143 | wget --no-check-certificate -P /root https://raw.githubusercontent.com/jinwyp/one_click_script/master/dsm/pve.sh && chmod 700 /root/pve.sh && /root/pve.sh 144 | 145 | ``` 146 | 147 | 4. 通过再次运行上面脚本 选择1 更新软件源 148 | 149 | 150 | ## Openwrt 151 | ## 在 PVE中 安装Openwrt 152 | 153 | ### 准备工作 154 | 1. 下载 openwrt X86的 镜像 可以使用esir的版本 Stable v21.02.3 0818 [官方下载地址](https://drive.google.com/drive/folders/1amWhdhq0XhQR4tNyFcouB49-Uf4VsUrL). 这里选择的是 sirpdboy 编译的版本,比esir速度快不少[sirpdboy官方下载地址](https://www.123pan.com/s/dS5A-Hoxqd?pwd=MwhD#MwhD) 155 | 156 | 2. 一般 openwrt X86 镜像有2种 uefi 引导和 传统的legacy引导. 如果不使用PVE直接把openwrt安装到锐角云上必须使用UEFI版本, 由于锐角云只支持UEFI引导, 使用legacy版本直接安装会导致锐角云变砖. 而这里如果用PVE创建虚拟机安装openwrt, 虚拟机的bios是支持legacy的, 所以2种引导都可以,这里选择legacy版本. esir版本的固件下载文件 openwrt-21.02.3-x86-64-generic-squashfs-legacy.img.gz . sirpdboy版本的固件下载文件为 20220919-Ipv6-Super-5.15-x86-64-generic-squashfs-rootfs.img.gz 157 | 158 | 3. 开始创建虚拟机. 点击右上角 "创建虚拟机" 按钮 输入名称 例如OpenWRTX86. 点击勾选 下面的高级选项, 勾选开机自启动. 点击 下一步. 选择不使用任何介质, 因为.img.gz的格式PVE无法直接使用需要转换. 客户机操作系统不用改动,点击下一步. 然后系统菜单直接点击下一步. 然后磁盘菜单 删除已有的磁盘 不需要任何磁盘. 因为稍后会导入img.gz镜像. 点击下一步进入CPU菜单 159 | 160 | ![vm1](https://github.com/jinwyp/one_click_script/blob/master/acuteangle/vm1.jpg?raw=true) 161 | 162 | ![vm2](https://github.com/jinwyp/one_click_script/blob/master/acuteangle/vm2.jpg?raw=true) 163 | 164 | 4. CPU菜单 可以选择2核, 也可以根据情况添加更多的核. 锐角云是4核8G内存. 如果需要在openwrt里面安装docker 可以增加CPU核数或内容, 但不建议, 如果要使用docker建议在创建另外的linux虚拟机. 类别选host. 点击勾选 下面的高级选项, 开启 aes. 点击下一步 内存设置为1024 除非要在openwrt里面跑docker, 否则1024(1G) 已经够用了. 点击下一步进入网络, 一切都默认后继续点击直到完成. 165 | 166 | ![vm3](https://github.com/jinwyp/one_click_script/blob/master/acuteangle/vm3.jpg?raw=true) 167 | 168 | 5. 把之前下载的 20220919-Ipv6-Super-5.15-x86-64-generic-squashfs-rootfs.img.gz 解压出来并改名为 openwrt.img (原文件名太长了,改名后方便以后打字输入). 点击 PVE 节点 -> local (PVE) 储存盘 -> ISO镜像 点击上传按钮 在弹出选择文件框 选择 openwrt.img文件上传. 上传成功后会弹出信息提示 记住上传的文件路径 例如 target file: /var/lib/vz/template/iso/openwrt.img 169 | 170 | ![img1](https://github.com/jinwyp/one_click_script/blob/master/acuteangle/img1.jpg?raw=true) 171 | 172 | ![img2](https://github.com/jinwyp/one_click_script/blob/master/acuteangle/img2.jpg?raw=true) 173 | 174 | 6. 把镜像转成虚拟磁盘并导入到虚拟机. 选择“pve”节点 > shell > 输入以下命令并回车:qm importdisk 100 /var/lib/vz/template/iso/openwrt.img local-lvm 175 | 这里注意 100 是相应的虚拟机的ID 需要修改成对应的ID. local-lvm 是PVE储存盘, 也有可能是local. 如果弄不明白命令, 直接用我下面的脚本 选择14 使用 qm importdisk 命令导入. 运行下面的脚本选择14后 根据提示输入文件名 openwrt.img 和 虚拟机ID 100 然后回车 完成导入。 176 | 177 | ```bash 178 | wget --no-check-certificate -O /root/pve.sh https://raw.githubusercontent.com/jinwyp/one_click_script/master/dsm/pve.sh && chmod 700 /root/pve.sh && /root/pve.sh 179 | 180 | ``` 181 | 182 | 7. 导入成功后在 Openwrt 虚拟机的“硬件”选项卡就能看到一个“未使用的磁盘0”,选中它 双击弹出配置窗口,总线/设备类型选“sata”,最后点击添加。然后继续给磁盘扩容. 由于openwrt制作的镜像可能体积较小,导致以后虚拟机磁盘空间不足, 需要进行一下扩容 一般增加1G空间足够给openwrt用了 183 | 184 | ![img3](https://github.com/jinwyp/one_click_script/blob/master/acuteangle/img3.jpg?raw=true) 185 | 186 | ![img32](https://github.com/jinwyp/one_click_script/blob/master/acuteangle/img32.jpg?raw=true) 187 | 188 | ![img33](https://github.com/jinwyp/one_click_script/blob/master/acuteangle/img33.jpg?raw=true) 189 | 190 | 8. 切换到虚拟机的“选项”选项卡,双击“引导顺序”,第一引导项拖拽选‘sata0’ 勾选 已启用 点击 OK 191 | ![img4](https://github.com/jinwyp/one_click_script/blob/master/acuteangle/img4.jpg?raw=true) 192 | 193 | 194 | 9. 启动虚拟机, 点击 openwrt 虚拟机 “控制台”查看启动状态. 按一下回车 显示 Openwrt 的图标表明启动正常. esir固件默认后台地址:192.168.5.1 密码:空 . sirpdboy 固件默认后台地址:192.168.8.1 密码无 195 | ![boot1](https://github.com/jinwyp/one_click_script/blob/master/acuteangle/boot1.jpg?raw=true) 196 | 197 | 10. 不知道openwrt IP地址的也可以 输入命令 ip addr 查看. 198 | ![boot2](https://github.com/jinwyp/one_click_script/blob/master/acuteangle/boot2.jpg?raw=true) 199 | 200 | 201 | 11. 下一步就是改电脑的IP为192.168.5.2,让电脑和openwrt 在同一个网段. 或者觉得改电脑IP麻烦可以修改openwrt的IP. 在虚拟机的 “控制台” 输入命令 vi /etc/config/network 找到 config interface 'lan' 下面的IP. 编辑openwrt的IP 192.168.5.1 或 192.168.8.1 那行, 改为你想要的IP. 如果作为旁路由同时需要修改网关为原路由器的IP. 输入:wq 保存后 重启openwrt虚拟机. 输入 reboot 命令即可重启. 202 | ![boot3](https://github.com/jinwyp/one_click_script/blob/master/acuteangle/boot3.jpg?raw=true) 203 | 204 | 12. 重启后就可以在电脑浏览器上打开你设定的 ip 例如 http://192.168.1.6/ 密码:空 进入管理openwrt了. 205 | 206 | 13. 后续操作 Openwrt 中的 DHCP 和 DNS 等设置 请继续看下面 207 | 208 | ## Openwrtsetting 209 | ## Openwrt 中的 DHCP 和 DNS 等设置 210 | 211 | 14. 由于锐角云只有一个网卡, 可以在 网络 -> 接口 里面可以直接删除WAN. 或者把WAN设置为"不配置协议". sirpdboy 固件里面还可以通过向导模式设置旁路由. 具体单臂网关服务器如何设置可以参考 [DNS设置方法](https://github.com/jinwyp/one_click_script/blob/master/DNS.md#mosdns). 212 | 213 | 15. 开启MosDNS服务器, 进入MosDNS服务器设置页面, 先点击 "更新数据库"Tab, 然后点击按钮 "检查并更新" 更新IP数据库. 然后回到"基本设置"Tab 启动MosDNS即可. 214 | ![setup1](https://github.com/jinwyp/one_click_script/blob/master/acuteangle/mosdns2.jpg?raw=true) 215 | ![setup2](https://github.com/jinwyp/one_click_script/blob/master/acuteangle/mosdns1.jpg?raw=true) 216 | 217 | 16. 建议使用锐角云做DHCP服务器 (锐角云的DHCP优先级高, 在DHCP勾选 强制), 并保留原路由器的DHCP功能. 使主路由的DHCP和锐角云的DHCP同时工作, 这样即使锐角云挂了也可以正常上网. 在 DHCP 选项 中填写 6,192.168.xxx.xxx , 192.168.xxx.xxx 为本openwrt的IP,这样设备获取到的IP同时,DNS会设置为本openwrt的IP, 如果开启了MosDNS,就是由本Openwrt上的MosDNS服务器提供域名解析服务. 218 | ![setup1](https://github.com/jinwyp/one_click_script/blob/master/acuteangle/setup1.jpg?raw=true) 219 | ![setup2](https://github.com/jinwyp/one_click_script/blob/master/acuteangle/setup2.jpg?raw=true) 220 | 221 | -------------------------------------------------------------------------------- /acuteangle/setup1.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jinwyp/one_click_script/da872e15099966d30fd0bb8d98cd728457055b24/acuteangle/setup1.jpg -------------------------------------------------------------------------------- /acuteangle/setup2.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jinwyp/one_click_script/da872e15099966d30fd0bb8d98cd728457055b24/acuteangle/setup2.jpg -------------------------------------------------------------------------------- /acuteangle/vm1.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jinwyp/one_click_script/da872e15099966d30fd0bb8d98cd728457055b24/acuteangle/vm1.jpg -------------------------------------------------------------------------------- /acuteangle/vm2.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jinwyp/one_click_script/da872e15099966d30fd0bb8d98cd728457055b24/acuteangle/vm2.jpg -------------------------------------------------------------------------------- /acuteangle/vm3.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jinwyp/one_click_script/da872e15099966d30fd0bb8d98cd728457055b24/acuteangle/vm3.jpg -------------------------------------------------------------------------------- /acuteangle/zip1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jinwyp/one_click_script/da872e15099966d30fd0bb8d98cd728457055b24/acuteangle/zip1.png -------------------------------------------------------------------------------- /bench.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | # 3 | # Description: Auto test download & I/O speed script 4 | # 5 | # Copyright (C) 2015 - 2022 Teddysun 6 | # Thanks: LookBack 7 | # URL: https://teddysun.com/444.html 8 | # https://github.com/teddysun/across/blob/master/bench.sh 9 | # 10 | trap _exit INT QUIT TERM 11 | 12 | _red() { 13 | printf '\033[0;31;31m%b\033[0m' "$1" 14 | } 15 | 16 | _green() { 17 | printf '\033[0;31;32m%b\033[0m' "$1" 18 | } 19 | 20 | _yellow() { 21 | printf '\033[0;31;33m%b\033[0m' "$1" 22 | } 23 | 24 | _blue() { 25 | printf '\033[0;31;36m%b\033[0m' "$1" 26 | } 27 | 28 | _exists() { 29 | local cmd="$1" 30 | if eval type type > /dev/null 2>&1; then 31 | eval type "$cmd" > /dev/null 2>&1 32 | elif command > /dev/null 2>&1; then 33 | command -v "$cmd" > /dev/null 2>&1 34 | else 35 | which "$cmd" > /dev/null 2>&1 36 | fi 37 | local rt=$? 38 | return ${rt} 39 | } 40 | 41 | _exit() { 42 | _red "\nThe script has been terminated.\n" 43 | # clean up 44 | rm -fr speedtest.tgz speedtest-cli benchtest_* 45 | exit 1 46 | } 47 | 48 | get_opsy() { 49 | [ -f /etc/redhat-release ] && awk '{print $0}' /etc/redhat-release && return 50 | [ -f /etc/os-release ] && awk -F'[= "]' '/PRETTY_NAME/{print $3,$4,$5}' /etc/os-release && return 51 | [ -f /etc/lsb-release ] && awk -F'[="]+' '/DESCRIPTION/{print $2}' /etc/lsb-release && return 52 | } 53 | 54 | next() { 55 | printf "%-70s\n" "-" | sed 's/\s/-/g' 56 | } 57 | 58 | speed_test() { 59 | local nodeName="$2" 60 | [ -z "$1" ] && ./speedtest-cli/speedtest --progress=no --accept-license --accept-gdpr > ./speedtest-cli/speedtest.log 2>&1 || \ 61 | ./speedtest-cli/speedtest --progress=no --server-id=$1 --accept-license --accept-gdpr > ./speedtest-cli/speedtest.log 2>&1 62 | if [ $? -eq 0 ]; then 63 | local dl_speed=$(awk '/Download/{print $3" "$4}' ./speedtest-cli/speedtest.log) 64 | local up_speed=$(awk '/Upload/{print $3" "$4}' ./speedtest-cli/speedtest.log) 65 | local latency=$(awk '/Latency/{print $2" "$3}' ./speedtest-cli/speedtest.log) 66 | if [[ -n "${dl_speed}" && -n "${up_speed}" && -n "${latency}" ]]; then 67 | printf "\033[0;33m%-18s\033[0;32m%-18s\033[0;31m%-20s\033[0;36m%-12s\033[0m\n" " ${nodeName}" "${up_speed}" "${dl_speed}" "${latency}" 68 | fi 69 | fi 70 | } 71 | 72 | speed() { 73 | speed_test '' 'Speedtest.net' 74 | speed_test '14939' 'SanJose, Mimosa' 75 | speed_test '17846' 'SJ, Sonic' 76 | speed_test '21541' 'Los Angeles, i3D' 77 | speed_test '7190' 'LA, Sharktech' 78 | speed_test '17614' 'Phoenix, AZ' 79 | speed_test '24215' 'Paris, FR' 80 | speed_test '28922' 'Amsterdam, NL' 81 | speed_test '37235' 'Shenyang, CU' 82 | speed_test '43752' 'BeiJing, CU' 83 | speed_test '25858' 'BeiJing, CM' 84 | speed_test '24447' 'Shanghai, CN' 85 | speed_test '24447' 'ShangHai, CU 5G' 86 | speed_test '26352' 'NanJing, CT 5G' 87 | speed_test '59386' 'HangZhou, CT' 88 | speed_test '5396' 'SuZhou, CT 5G' 89 | speed_test '45170' 'WuXi, CU' 90 | speed_test '59387' 'NingBo, CT' 91 | speed_test '36646' 'ZhengZhou, CU 5G' 92 | speed_test '5317' 'Yangzhou, CT 5G' 93 | speed_test '56354' 'FuZhou, CU' 94 | speed_test '60572' 'Guangzhou, CN' 95 | speed_test '58591' 'Shenzhen, CM' 96 | speed_test '32155' 'Hongkong, CN' 97 | speed_test '6527' 'Seoul, KR' 98 | speed_test '13623' 'Singapore, SG' 99 | speed_test '21569' 'Tokyo, JP' 100 | 101 | 102 | } 103 | 104 | io_test() { 105 | (LANG=C dd if=/dev/zero of=benchtest_$$ bs=512k count=$1 conv=fdatasync && rm -f benchtest_$$ ) 2>&1 | awk -F, '{io=$NF} END { print io}' | sed 's/^[ \t]*//;s/[ \t]*$//' 106 | } 107 | 108 | calc_size() { 109 | local raw=$1 110 | local total_size=0 111 | local num=1 112 | local unit="KB" 113 | if ! [[ ${raw} =~ ^[0-9]+$ ]] ; then 114 | echo "" 115 | return 116 | fi 117 | if [ "${raw}" -ge 1073741824 ]; then 118 | num=1073741824 119 | unit="TB" 120 | elif [ "${raw}" -ge 1048576 ]; then 121 | num=1048576 122 | unit="GB" 123 | elif [ "${raw}" -ge 1024 ]; then 124 | num=1024 125 | unit="MB" 126 | elif [ "${raw}" -eq 0 ]; then 127 | echo "${total_size}" 128 | return 129 | fi 130 | total_size=$( awk 'BEGIN{printf "%.1f", '$raw' / '$num'}' ) 131 | echo "${total_size} ${unit}" 132 | } 133 | 134 | check_virt(){ 135 | _exists "dmesg" && virtualx="$(dmesg 2>/dev/null)" 136 | if _exists "dmidecode"; then 137 | sys_manu="$(dmidecode -s system-manufacturer 2>/dev/null)" 138 | sys_product="$(dmidecode -s system-product-name 2>/dev/null)" 139 | sys_ver="$(dmidecode -s system-version 2>/dev/null)" 140 | else 141 | sys_manu="" 142 | sys_product="" 143 | sys_ver="" 144 | fi 145 | if grep -qa docker /proc/1/cgroup; then 146 | virt="Docker" 147 | elif grep -qa lxc /proc/1/cgroup; then 148 | virt="LXC" 149 | elif grep -qa container=lxc /proc/1/environ; then 150 | virt="LXC" 151 | elif [[ -f /proc/user_beancounters ]]; then 152 | virt="OpenVZ" 153 | elif [[ "${virtualx}" == *kvm-clock* ]]; then 154 | virt="KVM" 155 | elif [[ "${sys_product}" == *KVM* ]]; then 156 | virt="KVM" 157 | elif [[ "${cname}" == *KVM* ]]; then 158 | virt="KVM" 159 | elif [[ "${cname}" == *QEMU* ]]; then 160 | virt="KVM" 161 | elif [[ "${virtualx}" == *"VMware Virtual Platform"* ]]; then 162 | virt="VMware" 163 | elif [[ "${virtualx}" == *"Parallels Software International"* ]]; then 164 | virt="Parallels" 165 | elif [[ "${virtualx}" == *VirtualBox* ]]; then 166 | virt="VirtualBox" 167 | elif [[ -e /proc/xen ]]; then 168 | if grep -q "control_d" "/proc/xen/capabilities" 2>/dev/null; then 169 | virt="Xen-Dom0" 170 | else 171 | virt="Xen-DomU" 172 | fi 173 | elif [ -f "/sys/hypervisor/type" ] && grep -q "xen" "/sys/hypervisor/type"; then 174 | virt="Xen" 175 | elif [[ "${sys_manu}" == *"Microsoft Corporation"* ]]; then 176 | if [[ "${sys_product}" == *"Virtual Machine"* ]]; then 177 | if [[ "${sys_ver}" == *"7.0"* || "${sys_ver}" == *"Hyper-V" ]]; then 178 | virt="Hyper-V" 179 | else 180 | virt="Microsoft Virtual Machine" 181 | fi 182 | fi 183 | else 184 | virt="Dedicated" 185 | fi 186 | } 187 | 188 | ipv4_info() { 189 | local org="$(wget -q -T10 -O- ipinfo.io/org)" 190 | local city="$(wget -q -T10 -O- ipinfo.io/city)" 191 | local country="$(wget -q -T10 -O- ipinfo.io/country)" 192 | local region="$(wget -q -T10 -O- ipinfo.io/region)" 193 | if [[ -n "$org" ]]; then 194 | echo " Organization : $(_blue "$org")" 195 | fi 196 | if [[ -n "$city" && -n "country" ]]; then 197 | echo " Location : $(_blue "$city / $country")" 198 | fi 199 | if [[ -n "$region" ]]; then 200 | echo " Region : $(_yellow "$region")" 201 | fi 202 | if [[ -z "$org" ]]; then 203 | echo " Region : $(_red "No ISP detected")" 204 | fi 205 | } 206 | 207 | install_speedtest() { 208 | if [ ! -e "./speedtest-cli/speedtest" ]; then 209 | sys_bit="" 210 | local sysarch="$(uname -m)" 211 | if [ "${sysarch}" = "unknown" ] || [ "${sysarch}" = "" ]; then 212 | local sysarch="$(arch)" 213 | fi 214 | if [ "${sysarch}" = "x86_64" ]; then 215 | sys_bit="x86_64" 216 | fi 217 | if [ "${sysarch}" = "i386" ] || [ "${sysarch}" = "i686" ]; then 218 | sys_bit="i386" 219 | fi 220 | if [ "${sysarch}" = "armv8" ] || [ "${sysarch}" = "armv8l" ] || [ "${sysarch}" = "aarch64" ] || [ "${sysarch}" = "arm64" ]; then 221 | sys_bit="aarch64" 222 | fi 223 | if [ "${sysarch}" = "armv7" ] || [ "${sysarch}" = "armv7l" ]; then 224 | sys_bit="armhf" 225 | fi 226 | if [ "${sysarch}" = "armv6" ]; then 227 | sys_bit="armel" 228 | fi 229 | [ -z "${sys_bit}" ] && _red "Error: Unsupported system architecture (${sysarch}).\n" && exit 1 230 | url1="https://install.speedtest.net/app/cli/ookla-speedtest-1.1.1-linux-${sys_bit}.tgz" 231 | url2="https://dl.lamp.sh/files/ookla-speedtest-1.1.1-linux-${sys_bit}.tgz" 232 | wget --no-check-certificate -q -T10 -O speedtest.tgz ${url1} 233 | if [ $? -ne 0 ]; then 234 | wget --no-check-certificate -q -T10 -O speedtest.tgz ${url2} 235 | [ $? -ne 0 ] && _red "Error: Failed to download speedtest-cli.\n" && exit 1 236 | fi 237 | mkdir -p speedtest-cli && tar zxf speedtest.tgz -C ./speedtest-cli && chmod +x ./speedtest-cli/speedtest 238 | rm -f speedtest.tgz 239 | fi 240 | } 241 | 242 | print_intro() { 243 | echo "-------------------- A Bench.sh Script By Teddysun -------------------" 244 | echo " Version : $(_green v2022-02-22)" 245 | echo " Usage : $(_red "wget -qO- bench.sh | bash")" 246 | } 247 | 248 | # Get System information 249 | get_system_info() { 250 | cname=$( awk -F: '/model name/ {name=$2} END {print name}' /proc/cpuinfo | sed 's/^[ \t]*//;s/[ \t]*$//' ) 251 | cores=$( awk -F: '/processor/ {core++} END {print core}' /proc/cpuinfo ) 252 | freq=$( awk -F'[ :]' '/cpu MHz/ {print $4;exit}' /proc/cpuinfo ) 253 | ccache=$( awk -F: '/cache size/ {cache=$2} END {print cache}' /proc/cpuinfo | sed 's/^[ \t]*//;s/[ \t]*$//' ) 254 | cpu_aes=$( grep -i 'aes' /proc/cpuinfo ) 255 | cpu_virt=$( grep -Ei 'vmx|svm' /proc/cpuinfo ) 256 | tram=$( LANG=C; free | awk '/Mem/ {print $2}' ) 257 | tram=$( calc_size $tram ) 258 | uram=$( LANG=C; free | awk '/Mem/ {print $3}' ) 259 | uram=$( calc_size $uram ) 260 | swap=$( LANG=C; free | awk '/Swap/ {print $2}' ) 261 | swap=$( calc_size $swap ) 262 | uswap=$( LANG=C; free | awk '/Swap/ {print $3}' ) 263 | uswap=$( calc_size $uswap ) 264 | up=$( awk '{a=$1/86400;b=($1%86400)/3600;c=($1%3600)/60} {printf("%d days, %d hour %d min\n",a,b,c)}' /proc/uptime ) 265 | if _exists "w"; then 266 | load=$( LANG=C; w | head -1 | awk -F'load average:' '{print $2}' | sed 's/^[ \t]*//;s/[ \t]*$//' ) 267 | elif _exists "uptime"; then 268 | load=$( LANG=C; uptime | head -1 | awk -F'load average:' '{print $2}' | sed 's/^[ \t]*//;s/[ \t]*$//' ) 269 | fi 270 | opsy=$( get_opsy ) 271 | arch=$( uname -m ) 272 | if _exists "getconf"; then 273 | lbit=$( getconf LONG_BIT ) 274 | else 275 | echo ${arch} | grep -q "64" && lbit="64" || lbit="32" 276 | fi 277 | kern=$( uname -r ) 278 | disk_total_size=$( LANG=C; df -t simfs -t ext2 -t ext3 -t ext4 -t btrfs -t xfs -t vfat -t ntfs -t swap --total 2>/dev/null | grep total | awk '{ print $2 }' ) 279 | disk_total_size=$( calc_size $disk_total_size ) 280 | disk_used_size=$( LANG=C; df -t simfs -t ext2 -t ext3 -t ext4 -t btrfs -t xfs -t vfat -t ntfs -t swap --total 2>/dev/null | grep total | awk '{ print $3 }' ) 281 | disk_used_size=$( calc_size $disk_used_size ) 282 | tcpctrl=$( sysctl net.ipv4.tcp_congestion_control | awk -F ' ' '{print $3}' ) 283 | } 284 | # Print System information 285 | print_system_info() { 286 | if [ -n "$cname" ]; then 287 | echo " CPU Model : $(_blue "$cname")" 288 | else 289 | echo " CPU Model : $(_blue "CPU model not detected")" 290 | fi 291 | if [ -n "$freq" ]; then 292 | echo " CPU Cores : $(_blue "$cores @ $freq MHz")" 293 | else 294 | echo " CPU Cores : $(_blue "$cores")" 295 | fi 296 | if [ -n "$ccache" ]; then 297 | echo " CPU Cache : $(_blue "$ccache")" 298 | fi 299 | if [ -n "$cpu_aes" ]; then 300 | echo " AES-NI : $(_green "Enabled")" 301 | else 302 | echo " AES-NI : $(_red "Disabled")" 303 | fi 304 | if [ -n "$cpu_virt" ]; then 305 | echo " VM-x/AMD-V : $(_green "Enabled")" 306 | else 307 | echo " VM-x/AMD-V : $(_red "Disabled")" 308 | fi 309 | echo " Total Disk : $(_yellow "$disk_total_size") $(_blue "($disk_used_size Used)")" 310 | echo " Total Mem : $(_yellow "$tram") $(_blue "($uram Used)")" 311 | if [ "$swap" != "0" ]; then 312 | echo " Total Swap : $(_blue "$swap ($uswap Used)")" 313 | fi 314 | echo " System uptime : $(_blue "$up")" 315 | echo " Load average : $(_blue "$load")" 316 | echo " OS : $(_blue "$opsy")" 317 | echo " Arch : $(_blue "$arch ($lbit Bit)")" 318 | echo " Kernel : $(_blue "$kern")" 319 | echo " TCP CC : $(_yellow "$tcpctrl")" 320 | echo " Virtualization : $(_blue "$virt")" 321 | } 322 | 323 | print_io_test() { 324 | freespace=$( df -m . | awk 'NR==2 {print $4}' ) 325 | if [ -z "${freespace}" ]; then 326 | freespace=$( df -m . | awk 'NR==3 {print $3}' ) 327 | fi 328 | if [ ${freespace} -gt 1024 ]; then 329 | writemb=2048 330 | io1=$( io_test ${writemb} ) 331 | echo " I/O Speed(1st run) : $(_yellow "$io1")" 332 | io2=$( io_test ${writemb} ) 333 | echo " I/O Speed(2nd run) : $(_yellow "$io2")" 334 | io3=$( io_test ${writemb} ) 335 | echo " I/O Speed(3rd run) : $(_yellow "$io3")" 336 | ioraw1=$( echo $io1 | awk 'NR==1 {print $1}' ) 337 | [ "`echo $io1 | awk 'NR==1 {print $2}'`" == "GB/s" ] && ioraw1=$( awk 'BEGIN{print '$ioraw1' * 1024}' ) 338 | ioraw2=$( echo $io2 | awk 'NR==1 {print $1}' ) 339 | [ "`echo $io2 | awk 'NR==1 {print $2}'`" == "GB/s" ] && ioraw2=$( awk 'BEGIN{print '$ioraw2' * 1024}' ) 340 | ioraw3=$( echo $io3 | awk 'NR==1 {print $1}' ) 341 | [ "`echo $io3 | awk 'NR==1 {print $2}'`" == "GB/s" ] && ioraw3=$( awk 'BEGIN{print '$ioraw3' * 1024}' ) 342 | ioall=$( awk 'BEGIN{print '$ioraw1' + '$ioraw2' + '$ioraw3'}' ) 343 | ioavg=$( awk 'BEGIN{printf "%.1f", '$ioall' / 3}' ) 344 | echo " I/O Speed(average) : $(_yellow "$ioavg MB/s")" 345 | else 346 | echo " $(_red "Not enough space for I/O Speed test!")" 347 | fi 348 | } 349 | 350 | print_end_time() { 351 | end_time=$(date +%s) 352 | time=$(( ${end_time} - ${start_time} )) 353 | if [ ${time} -gt 60 ]; then 354 | min=$(expr $time / 60) 355 | sec=$(expr $time % 60) 356 | echo " Finished in : ${min} min ${sec} sec" 357 | else 358 | echo " Finished in : ${time} sec" 359 | fi 360 | date_time=$(date '+%Y-%m-%d %H:%M:%S %Z') 361 | echo " Timestamp : $date_time" 362 | } 363 | 364 | ! _exists "wget" && _red "Error: wget command not found.\n" && exit 1 365 | ! _exists "free" && _red "Error: free command not found.\n" && exit 1 366 | start_time=$(date +%s) 367 | get_system_info 368 | check_virt 369 | clear 370 | print_intro 371 | next 372 | print_system_info 373 | ipv4_info 374 | next 375 | print_io_test 376 | next 377 | install_speedtest && printf "%-18s%-18s%-20s%-12s\n" " Node Name" "Upload Speed" "Download Speed" "Latency" 378 | speed && rm -fr speedtest-cli 379 | next 380 | print_end_time 381 | next 382 | -------------------------------------------------------------------------------- /docs/cfcheck1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jinwyp/one_click_script/da872e15099966d30fd0bb8d98cd728457055b24/docs/cfcheck1.png -------------------------------------------------------------------------------- /docs/cfcheck2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jinwyp/one_click_script/da872e15099966d30fd0bb8d98cd728457055b24/docs/cfcheck2.png -------------------------------------------------------------------------------- /docs/cfcheck3.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jinwyp/one_click_script/da872e15099966d30fd0bb8d98cd728457055b24/docs/cfcheck3.png -------------------------------------------------------------------------------- /docs/chrome1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jinwyp/one_click_script/da872e15099966d30fd0bb8d98cd728457055b24/docs/chrome1.png -------------------------------------------------------------------------------- /docs/chrome2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jinwyp/one_click_script/da872e15099966d30fd0bb8d98cd728457055b24/docs/chrome2.png -------------------------------------------------------------------------------- /docs/chrome3.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jinwyp/one_click_script/da872e15099966d30fd0bb8d98cd728457055b24/docs/chrome3.png -------------------------------------------------------------------------------- /docs/cloudflare1.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jinwyp/one_click_script/da872e15099966d30fd0bb8d98cd728457055b24/docs/cloudflare1.jpg -------------------------------------------------------------------------------- /docs/debian.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jinwyp/one_click_script/da872e15099966d30fd0bb8d98cd728457055b24/docs/debian.jpg -------------------------------------------------------------------------------- /docs/dns1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jinwyp/one_click_script/da872e15099966d30fd0bb8d98cd728457055b24/docs/dns1.png -------------------------------------------------------------------------------- /docs/dns2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jinwyp/one_click_script/da872e15099966d30fd0bb8d98cd728457055b24/docs/dns2.png -------------------------------------------------------------------------------- /docs/dns3.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jinwyp/one_click_script/da872e15099966d30fd0bb8d98cd728457055b24/docs/dns3.png -------------------------------------------------------------------------------- /docs/firefox1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jinwyp/one_click_script/da872e15099966d30fd0bb8d98cd728457055b24/docs/firefox1.png -------------------------------------------------------------------------------- /docs/firefox2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jinwyp/one_click_script/da872e15099966d30fd0bb8d98cd728457055b24/docs/firefox2.png -------------------------------------------------------------------------------- /docs/firefox3.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jinwyp/one_click_script/da872e15099966d30fd0bb8d98cd728457055b24/docs/firefox3.png -------------------------------------------------------------------------------- /docs/firefoxesni1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jinwyp/one_click_script/da872e15099966d30fd0bb8d98cd728457055b24/docs/firefoxesni1.png -------------------------------------------------------------------------------- /docs/firefoxesni2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jinwyp/one_click_script/da872e15099966d30fd0bb8d98cd728457055b24/docs/firefoxesni2.png -------------------------------------------------------------------------------- /docs/firefoxesni3.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jinwyp/one_click_script/da872e15099966d30fd0bb8d98cd728457055b24/docs/firefoxesni3.png -------------------------------------------------------------------------------- /docs/go1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jinwyp/one_click_script/da872e15099966d30fd0bb8d98cd728457055b24/docs/go1.png -------------------------------------------------------------------------------- /docs/go2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jinwyp/one_click_script/da872e15099966d30fd0bb8d98cd728457055b24/docs/go2.png -------------------------------------------------------------------------------- /docs/gov1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jinwyp/one_click_script/da872e15099966d30fd0bb8d98cd728457055b24/docs/gov1.png -------------------------------------------------------------------------------- /docs/gov2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jinwyp/one_click_script/da872e15099966d30fd0bb8d98cd728457055b24/docs/gov2.png -------------------------------------------------------------------------------- /docs/gov3.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jinwyp/one_click_script/da872e15099966d30fd0bb8d98cd728457055b24/docs/gov3.png -------------------------------------------------------------------------------- /docs/gov5.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jinwyp/one_click_script/da872e15099966d30fd0bb8d98cd728457055b24/docs/gov5.png -------------------------------------------------------------------------------- /docs/gov6.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jinwyp/one_click_script/da872e15099966d30fd0bb8d98cd728457055b24/docs/gov6.png -------------------------------------------------------------------------------- /docs/grpc.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jinwyp/one_click_script/da872e15099966d30fd0bb8d98cd728457055b24/docs/grpc.png -------------------------------------------------------------------------------- /docs/https1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jinwyp/one_click_script/da872e15099966d30fd0bb8d98cd728457055b24/docs/https1.png -------------------------------------------------------------------------------- /docs/kernel.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jinwyp/one_click_script/da872e15099966d30fd0bb8d98cd728457055b24/docs/kernel.png -------------------------------------------------------------------------------- /docs/mosdns1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jinwyp/one_click_script/da872e15099966d30fd0bb8d98cd728457055b24/docs/mosdns1.png -------------------------------------------------------------------------------- /docs/mosdns2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jinwyp/one_click_script/da872e15099966d30fd0bb8d98cd728457055b24/docs/mosdns2.png -------------------------------------------------------------------------------- /docs/mosdns3.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jinwyp/one_click_script/da872e15099966d30fd0bb8d98cd728457055b24/docs/mosdns3.png -------------------------------------------------------------------------------- /docs/mosdns4.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jinwyp/one_click_script/da872e15099966d30fd0bb8d98cd728457055b24/docs/mosdns4.png -------------------------------------------------------------------------------- /docs/mosdns5.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jinwyp/one_click_script/da872e15099966d30fd0bb8d98cd728457055b24/docs/mosdns5.png -------------------------------------------------------------------------------- /docs/mosdns6.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jinwyp/one_click_script/da872e15099966d30fd0bb8d98cd728457055b24/docs/mosdns6.png -------------------------------------------------------------------------------- /docs/netflix1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jinwyp/one_click_script/da872e15099966d30fd0bb8d98cd728457055b24/docs/netflix1.png -------------------------------------------------------------------------------- /docs/pve1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jinwyp/one_click_script/da872e15099966d30fd0bb8d98cd728457055b24/docs/pve1.png -------------------------------------------------------------------------------- /docs/pve2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jinwyp/one_click_script/da872e15099966d30fd0bb8d98cd728457055b24/docs/pve2.png -------------------------------------------------------------------------------- /docs/readme.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jinwyp/one_click_script/da872e15099966d30fd0bb8d98cd728457055b24/docs/readme.png -------------------------------------------------------------------------------- /docs/readme2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jinwyp/one_click_script/da872e15099966d30fd0bb8d98cd728457055b24/docs/readme2.png -------------------------------------------------------------------------------- /docs/readme2_en.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jinwyp/one_click_script/da872e15099966d30fd0bb8d98cd728457055b24/docs/readme2_en.png -------------------------------------------------------------------------------- /docs/readme3.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jinwyp/one_click_script/da872e15099966d30fd0bb8d98cd728457055b24/docs/readme3.png -------------------------------------------------------------------------------- /docs/readme3_en.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jinwyp/one_click_script/da872e15099966d30fd0bb8d98cd728457055b24/docs/readme3_en.png -------------------------------------------------------------------------------- /docs/readme4.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jinwyp/one_click_script/da872e15099966d30fd0bb8d98cd728457055b24/docs/readme4.png -------------------------------------------------------------------------------- /docs/readme_en.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jinwyp/one_click_script/da872e15099966d30fd0bb8d98cd728457055b24/docs/readme_en.png -------------------------------------------------------------------------------- /docs/ubuntu.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jinwyp/one_click_script/da872e15099966d30fd0bb8d98cd728457055b24/docs/ubuntu.png -------------------------------------------------------------------------------- /docs/v2board1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jinwyp/one_click_script/da872e15099966d30fd0bb8d98cd728457055b24/docs/v2board1.png -------------------------------------------------------------------------------- /docs/v2board1_en.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jinwyp/one_click_script/da872e15099966d30fd0bb8d98cd728457055b24/docs/v2board1_en.png -------------------------------------------------------------------------------- /download/lzma.py: -------------------------------------------------------------------------------- 1 | """Interface to the liblzma compression library. 2 | 3 | This module provides a class for reading and writing compressed files, 4 | classes for incremental (de)compression, and convenience functions for 5 | one-shot (de)compression. 6 | 7 | These classes and functions support both the XZ and legacy LZMA 8 | container formats, as well as raw compressed data streams. 9 | """ 10 | 11 | __all__ = [ 12 | "CHECK_NONE", "CHECK_CRC32", "CHECK_CRC64", "CHECK_SHA256", 13 | "CHECK_ID_MAX", "CHECK_UNKNOWN", 14 | "FILTER_LZMA1", "FILTER_LZMA2", "FILTER_DELTA", "FILTER_X86", "FILTER_IA64", 15 | "FILTER_ARM", "FILTER_ARMTHUMB", "FILTER_POWERPC", "FILTER_SPARC", 16 | "FORMAT_AUTO", "FORMAT_XZ", "FORMAT_ALONE", "FORMAT_RAW", 17 | "MF_HC3", "MF_HC4", "MF_BT2", "MF_BT3", "MF_BT4", 18 | "MODE_FAST", "MODE_NORMAL", "PRESET_DEFAULT", "PRESET_EXTREME", 19 | 20 | "LZMACompressor", "LZMADecompressor", "LZMAFile", "LZMAError", 21 | "open", "compress", "decompress", "is_check_supported", 22 | ] 23 | 24 | import builtins 25 | import io 26 | import os 27 | try: 28 | from _lzma import * 29 | from _lzma import _encode_filter_properties, _decode_filter_properties 30 | except ImportError: 31 | from backports.lzma import * 32 | from backports.lzma import _encode_filter_properties, _decode_filter_properties 33 | 34 | import _compression 35 | 36 | 37 | _MODE_CLOSED = 0 38 | _MODE_READ = 1 39 | # Value 2 no longer used 40 | _MODE_WRITE = 3 41 | 42 | 43 | class LZMAFile(_compression.BaseStream): 44 | 45 | """A file object providing transparent LZMA (de)compression. 46 | 47 | An LZMAFile can act as a wrapper for an existing file object, or 48 | refer directly to a named file on disk. 49 | 50 | Note that LZMAFile provides a *binary* file interface - data read 51 | is returned as bytes, and data to be written must be given as bytes. 52 | """ 53 | 54 | def __init__(self, filename=None, mode="r", *, 55 | format=None, check=-1, preset=None, filters=None): 56 | """Open an LZMA-compressed file in binary mode. 57 | 58 | filename can be either an actual file name (given as a str, 59 | bytes, or PathLike object), in which case the named file is 60 | opened, or it can be an existing file object to read from or 61 | write to. 62 | 63 | mode can be "r" for reading (default), "w" for (over)writing, 64 | "x" for creating exclusively, or "a" for appending. These can 65 | equivalently be given as "rb", "wb", "xb" and "ab" respectively. 66 | 67 | format specifies the container format to use for the file. 68 | If mode is "r", this defaults to FORMAT_AUTO. Otherwise, the 69 | default is FORMAT_XZ. 70 | 71 | check specifies the integrity check to use. This argument can 72 | only be used when opening a file for writing. For FORMAT_XZ, 73 | the default is CHECK_CRC64. FORMAT_ALONE and FORMAT_RAW do not 74 | support integrity checks - for these formats, check must be 75 | omitted, or be CHECK_NONE. 76 | 77 | When opening a file for reading, the *preset* argument is not 78 | meaningful, and should be omitted. The *filters* argument should 79 | also be omitted, except when format is FORMAT_RAW (in which case 80 | it is required). 81 | 82 | When opening a file for writing, the settings used by the 83 | compressor can be specified either as a preset compression 84 | level (with the *preset* argument), or in detail as a custom 85 | filter chain (with the *filters* argument). For FORMAT_XZ and 86 | FORMAT_ALONE, the default is to use the PRESET_DEFAULT preset 87 | level. For FORMAT_RAW, the caller must always specify a filter 88 | chain; the raw compressor does not support preset compression 89 | levels. 90 | 91 | preset (if provided) should be an integer in the range 0-9, 92 | optionally OR-ed with the constant PRESET_EXTREME. 93 | 94 | filters (if provided) should be a sequence of dicts. Each dict 95 | should have an entry for "id" indicating ID of the filter, plus 96 | additional entries for options to the filter. 97 | """ 98 | self._fp = None 99 | self._closefp = False 100 | self._mode = _MODE_CLOSED 101 | 102 | if mode in ("r", "rb"): 103 | if check != -1: 104 | raise ValueError("Cannot specify an integrity check " 105 | "when opening a file for reading") 106 | if preset is not None: 107 | raise ValueError("Cannot specify a preset compression " 108 | "level when opening a file for reading") 109 | if format is None: 110 | format = FORMAT_AUTO 111 | mode_code = _MODE_READ 112 | elif mode in ("w", "wb", "a", "ab", "x", "xb"): 113 | if format is None: 114 | format = FORMAT_XZ 115 | mode_code = _MODE_WRITE 116 | self._compressor = LZMACompressor(format=format, check=check, 117 | preset=preset, filters=filters) 118 | self._pos = 0 119 | else: 120 | raise ValueError("Invalid mode: {!r}".format(mode)) 121 | 122 | if isinstance(filename, (str, bytes, os.PathLike)): 123 | if "b" not in mode: 124 | mode += "b" 125 | self._fp = builtins.open(filename, mode) 126 | self._closefp = True 127 | self._mode = mode_code 128 | elif hasattr(filename, "read") or hasattr(filename, "write"): 129 | self._fp = filename 130 | self._mode = mode_code 131 | else: 132 | raise TypeError("filename must be a str, bytes, file or PathLike object") 133 | 134 | if self._mode == _MODE_READ: 135 | raw = _compression.DecompressReader(self._fp, LZMADecompressor, 136 | trailing_error=LZMAError, format=format, filters=filters) 137 | self._buffer = io.BufferedReader(raw) 138 | 139 | def close(self): 140 | """Flush and close the file. 141 | 142 | May be called more than once without error. Once the file is 143 | closed, any other operation on it will raise a ValueError. 144 | """ 145 | if self._mode == _MODE_CLOSED: 146 | return 147 | try: 148 | if self._mode == _MODE_READ: 149 | self._buffer.close() 150 | self._buffer = None 151 | elif self._mode == _MODE_WRITE: 152 | self._fp.write(self._compressor.flush()) 153 | self._compressor = None 154 | finally: 155 | try: 156 | if self._closefp: 157 | self._fp.close() 158 | finally: 159 | self._fp = None 160 | self._closefp = False 161 | self._mode = _MODE_CLOSED 162 | 163 | @property 164 | def closed(self): 165 | """True if this file is closed.""" 166 | return self._mode == _MODE_CLOSED 167 | 168 | def fileno(self): 169 | """Return the file descriptor for the underlying file.""" 170 | self._check_not_closed() 171 | return self._fp.fileno() 172 | 173 | def seekable(self): 174 | """Return whether the file supports seeking.""" 175 | return self.readable() and self._buffer.seekable() 176 | 177 | def readable(self): 178 | """Return whether the file was opened for reading.""" 179 | self._check_not_closed() 180 | return self._mode == _MODE_READ 181 | 182 | def writable(self): 183 | """Return whether the file was opened for writing.""" 184 | self._check_not_closed() 185 | return self._mode == _MODE_WRITE 186 | 187 | def peek(self, size=-1): 188 | """Return buffered data without advancing the file position. 189 | 190 | Always returns at least one byte of data, unless at EOF. 191 | The exact number of bytes returned is unspecified. 192 | """ 193 | self._check_can_read() 194 | # Relies on the undocumented fact that BufferedReader.peek() always 195 | # returns at least one byte (except at EOF) 196 | return self._buffer.peek(size) 197 | 198 | def read(self, size=-1): 199 | """Read up to size uncompressed bytes from the file. 200 | 201 | If size is negative or omitted, read until EOF is reached. 202 | Returns b"" if the file is already at EOF. 203 | """ 204 | self._check_can_read() 205 | return self._buffer.read(size) 206 | 207 | def read1(self, size=-1): 208 | """Read up to size uncompressed bytes, while trying to avoid 209 | making multiple reads from the underlying stream. Reads up to a 210 | buffer's worth of data if size is negative. 211 | 212 | Returns b"" if the file is at EOF. 213 | """ 214 | self._check_can_read() 215 | if size < 0: 216 | size = io.DEFAULT_BUFFER_SIZE 217 | return self._buffer.read1(size) 218 | 219 | def readline(self, size=-1): 220 | """Read a line of uncompressed bytes from the file. 221 | 222 | The terminating newline (if present) is retained. If size is 223 | non-negative, no more than size bytes will be read (in which 224 | case the line may be incomplete). Returns b'' if already at EOF. 225 | """ 226 | self._check_can_read() 227 | return self._buffer.readline(size) 228 | 229 | def write(self, data): 230 | """Write a bytes object to the file. 231 | 232 | Returns the number of uncompressed bytes written, which is 233 | always len(data). Note that due to buffering, the file on disk 234 | may not reflect the data written until close() is called. 235 | """ 236 | self._check_can_write() 237 | compressed = self._compressor.compress(data) 238 | self._fp.write(compressed) 239 | self._pos += len(data) 240 | return len(data) 241 | 242 | def seek(self, offset, whence=io.SEEK_SET): 243 | """Change the file position. 244 | 245 | The new position is specified by offset, relative to the 246 | position indicated by whence. Possible values for whence are: 247 | 248 | 0: start of stream (default): offset must not be negative 249 | 1: current stream position 250 | 2: end of stream; offset must not be positive 251 | 252 | Returns the new file position. 253 | 254 | Note that seeking is emulated, so depending on the parameters, 255 | this operation may be extremely slow. 256 | """ 257 | self._check_can_seek() 258 | return self._buffer.seek(offset, whence) 259 | 260 | def tell(self): 261 | """Return the current file position.""" 262 | self._check_not_closed() 263 | if self._mode == _MODE_READ: 264 | return self._buffer.tell() 265 | return self._pos 266 | 267 | 268 | def open(filename, mode="rb", *, 269 | format=None, check=-1, preset=None, filters=None, 270 | encoding=None, errors=None, newline=None): 271 | """Open an LZMA-compressed file in binary or text mode. 272 | 273 | filename can be either an actual file name (given as a str, bytes, 274 | or PathLike object), in which case the named file is opened, or it 275 | can be an existing file object to read from or write to. 276 | 277 | The mode argument can be "r", "rb" (default), "w", "wb", "x", "xb", 278 | "a", or "ab" for binary mode, or "rt", "wt", "xt", or "at" for text 279 | mode. 280 | 281 | The format, check, preset and filters arguments specify the 282 | compression settings, as for LZMACompressor, LZMADecompressor and 283 | LZMAFile. 284 | 285 | For binary mode, this function is equivalent to the LZMAFile 286 | constructor: LZMAFile(filename, mode, ...). In this case, the 287 | encoding, errors and newline arguments must not be provided. 288 | 289 | For text mode, an LZMAFile object is created, and wrapped in an 290 | io.TextIOWrapper instance with the specified encoding, error 291 | handling behavior, and line ending(s). 292 | 293 | """ 294 | if "t" in mode: 295 | if "b" in mode: 296 | raise ValueError("Invalid mode: %r" % (mode,)) 297 | else: 298 | if encoding is not None: 299 | raise ValueError("Argument 'encoding' not supported in binary mode") 300 | if errors is not None: 301 | raise ValueError("Argument 'errors' not supported in binary mode") 302 | if newline is not None: 303 | raise ValueError("Argument 'newline' not supported in binary mode") 304 | 305 | lz_mode = mode.replace("t", "") 306 | binary_file = LZMAFile(filename, lz_mode, format=format, check=check, 307 | preset=preset, filters=filters) 308 | 309 | if "t" in mode: 310 | return io.TextIOWrapper(binary_file, encoding, errors, newline) 311 | else: 312 | return binary_file 313 | 314 | 315 | def compress(data, format=FORMAT_XZ, check=-1, preset=None, filters=None): 316 | """Compress a block of data. 317 | 318 | Refer to LZMACompressor's docstring for a description of the 319 | optional arguments *format*, *check*, *preset* and *filters*. 320 | 321 | For incremental compression, use an LZMACompressor instead. 322 | """ 323 | comp = LZMACompressor(format, check, preset, filters) 324 | return comp.compress(data) + comp.flush() 325 | 326 | 327 | def decompress(data, format=FORMAT_AUTO, memlimit=None, filters=None): 328 | """Decompress a block of data. 329 | 330 | Refer to LZMADecompressor's docstring for a description of the 331 | optional arguments *format*, *check* and *filters*. 332 | 333 | For incremental decompression, use an LZMADecompressor instead. 334 | """ 335 | results = [] 336 | while True: 337 | decomp = LZMADecompressor(format, memlimit, filters) 338 | try: 339 | res = decomp.decompress(data) 340 | except LZMAError: 341 | if results: 342 | break # Leftover data is not a valid LZMA/XZ stream; ignore it. 343 | else: 344 | raise # Error on the first iteration; bail out. 345 | results.append(res) 346 | if not decomp.eof: 347 | raise LZMAError("Compressed data ended before the " 348 | "end-of-stream marker was reached") 349 | data = decomp.unused_data 350 | if not data: 351 | break 352 | return b"".join(results) 353 | -------------------------------------------------------------------------------- /download/mitm-vip-unlocker-x86_64-linux-musl.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jinwyp/one_click_script/da872e15099966d30fd0bb8d98cd728457055b24/download/mitm-vip-unlocker-x86_64-linux-musl.zip -------------------------------------------------------------------------------- /download/mosdns/cn.dat: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jinwyp/one_click_script/da872e15099966d30fd0bb8d98cd728457055b24/download/mosdns/cn.dat -------------------------------------------------------------------------------- /download/mosdns/geoip.dat: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jinwyp/one_click_script/da872e15099966d30fd0bb8d98cd728457055b24/download/mosdns/geoip.dat -------------------------------------------------------------------------------- /download/mosdns/geosite.dat: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jinwyp/one_click_script/da872e15099966d30fd0bb8d98cd728457055b24/download/mosdns/geosite.dat -------------------------------------------------------------------------------- /download/mosdns/luci-app-mosdns_git-22.142.44511-c664869_all.ipk: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jinwyp/one_click_script/da872e15099966d30fd0bb8d98cd728457055b24/download/mosdns/luci-app-mosdns_git-22.142.44511-c664869_all.ipk -------------------------------------------------------------------------------- /download/mosdns/mosdns_cee9e6d-55_x86_64.ipk: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jinwyp/one_click_script/da872e15099966d30fd0bb8d98cd728457055b24/download/mosdns/mosdns_cee9e6d-55_x86_64.ipk -------------------------------------------------------------------------------- /download/mosdns/v2ray-geoip_202204210050-4_all.ipk: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jinwyp/one_click_script/da872e15099966d30fd0bb8d98cd728457055b24/download/mosdns/v2ray-geoip_202204210050-4_all.ipk -------------------------------------------------------------------------------- /download/mosdns/v2ray-geosite_20220425025949-4_all.ipk: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jinwyp/one_click_script/da872e15099966d30fd0bb8d98cd728457055b24/download/mosdns/v2ray-geosite_20220425025949-4_all.ipk -------------------------------------------------------------------------------- /download/trojan-mac.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jinwyp/one_click_script/da872e15099966d30fd0bb8d98cd728457055b24/download/trojan-mac.zip -------------------------------------------------------------------------------- /download/trojan-qt5.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jinwyp/one_click_script/da872e15099966d30fd0bb8d98cd728457055b24/download/trojan-qt5.zip -------------------------------------------------------------------------------- /download/trojan-win-cli.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jinwyp/one_click_script/da872e15099966d30fd0bb8d98cd728457055b24/download/trojan-win-cli.zip -------------------------------------------------------------------------------- /download/v2ray-android.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jinwyp/one_click_script/da872e15099966d30fd0bb8d98cd728457055b24/download/v2ray-android.zip -------------------------------------------------------------------------------- /download/v2ray-mac.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jinwyp/one_click_script/da872e15099966d30fd0bb8d98cd728457055b24/download/v2ray-mac.zip -------------------------------------------------------------------------------- /download/v2ray-windows.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jinwyp/one_click_script/da872e15099966d30fd0bb8d98cd728457055b24/download/v2ray-windows.zip -------------------------------------------------------------------------------- /download/website.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jinwyp/one_click_script/da872e15099966d30fd0bb8d98cd728457055b24/download/website.zip -------------------------------------------------------------------------------- /download/website2.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jinwyp/one_click_script/da872e15099966d30fd0bb8d98cd728457055b24/download/website2.zip -------------------------------------------------------------------------------- /dsm/FixSynoboot.sh: -------------------------------------------------------------------------------- 1 | #!/bin/ash 2 | # FixSynoboot() extracted from Jun 1.04b loader 3 | # added hotplug-out event to gracefully clean up esata volumes 2020-Apr-18 4 | # cleaned up share references in message log and root folder 2020-May-16 5 | 6 | FixSynoboot() 7 | { 8 | if [ ! -e /dev/synoboot ]; then 9 | tail -n+3 /proc/partitions | while read major minor sz name 10 | do 11 | if echo $name | grep -q "^sd[[:alpha:]]*$";then 12 | basename=$name 13 | minor0=$minor 14 | synoboot1="" 15 | synoboot2="" 16 | continue 17 | fi 18 | if [ $name = "${basename}1" -a $sz -le 512000 ]; then 19 | synoboot1="$name" 20 | minor1=$minor 21 | elif [ $name = "${basename}2" -a $sz -le 512000 ]; then 22 | synoboot2="$name" 23 | minor2=$minor 24 | else 25 | continue 26 | fi 27 | if [ -n "$synoboot1" -a -n "$synoboot2" ]; then 28 | # begin hotplug event added 29 | if [ -e /sys/class/block/$basename ]; then 30 | port=$(synodiskport -portcheck $basename) 31 | df | grep "^/dev/$basename." | while read share; do 32 | share=$(echo $share | awk '{print $1,$NF}') 33 | sharedir=$(echo $share | awk '{print $2}') 34 | sharebase=$(echo $sharedir | awk -F\/ '{print $2}') 35 | sharedir=$(echo $sharedir | awk -F\/ '{print $3}') 36 | if ( synocheckshare --vol-unmounting $port $share ); then 37 | umount $(echo $share | awk '{print $1}') 38 | grep -v "^$share" /run/synostorage/volumetab >/tmp/volumetab 39 | mv /tmp/volumetab /run/synostorage/volumetab 40 | rm "/$sharebase/@eaDir/$sharedir/SYNO@.attr" 41 | find "/$sharebase" -empty -type d -delete 2>/dev/null 42 | fi 43 | done 44 | echo "remove" >/sys/class/block/$basename/uevent 45 | fi 46 | # end 47 | 48 | rm "/dev/$basename" 49 | rm "/dev/$synoboot1" 50 | rm "/dev/$synoboot2" 51 | rm "/dev/${basename}3" 52 | mknod /dev/synoboot b $major $minor0 53 | mknod /dev/synoboot1 b $major $minor1 54 | mknod /dev/synoboot2 b $major $minor2 55 | break 56 | fi 57 | done 58 | fi 59 | } 60 | 61 | RUNAS="root" 62 | 63 | case $1 in 64 | start) 65 | FixSynoboot 66 | exit 0 67 | ;; 68 | stop) 69 | exit 0 70 | ;; 71 | status) 72 | exit 0 73 | ;; 74 | log) 75 | exit 1 76 | ;; 77 | *) 78 | exit 1 79 | ;; 80 | esac 81 | -------------------------------------------------------------------------------- /dsm/ch_cpuinfo: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jinwyp/one_click_script/da872e15099966d30fd0bb8d98cd728457055b24/dsm/ch_cpuinfo -------------------------------------------------------------------------------- /dsm/frpc-noarch_v0.35.0.spk: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jinwyp/one_click_script/da872e15099966d30fd0bb8d98cd728457055b24/dsm/frpc-noarch_v0.35.0.spk -------------------------------------------------------------------------------- /dsm/img2kvm: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jinwyp/one_click_script/da872e15099966d30fd0bb8d98cd728457055b24/dsm/img2kvm -------------------------------------------------------------------------------- /dsm/libsynonvme.so.1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jinwyp/one_click_script/da872e15099966d30fd0bb8d98cd728457055b24/dsm/libsynonvme.so.1 -------------------------------------------------------------------------------- /dsm/mosdns.yaml: -------------------------------------------------------------------------------- 1 | log: 2 | level: info 3 | file: "${configMosdnsPath}/mosdns.log" 4 | 5 | # []string, 从其他配置文件载入 plugins 插件设置。 6 | # include 的插件会比本配置文件中的插件先初始化。 7 | 8 | plugins: 9 | # - tag: ecs_cn 10 | # type: ecs_handler 11 | # args: 12 | # forward: false 13 | # preset: 58.208.0.0 # 电信,请针对不同的运营商自行修改 14 | # send: false 15 | # mask4: 12 16 | # mask6: 28 17 | 18 | - tag: ecs_tw 19 | type: ecs_handler 20 | args: 21 | forward: false 22 | preset: 168.95.0.0 23 | send: false 24 | mask4: 16 25 | # mask6: 40 26 | 27 | - tag: ecs_us 28 | type: ecs_handler 29 | args: 30 | forward: false 31 | preset: 38.94.109.0 32 | send: false 33 | mask4: 24 34 | # mask6: 40 35 | 36 | # 不应处理本地 DNS 请求,防止死循环。正确顺序应该是 dnsmasq --> OpenClash(可选)--> mosdns。 37 | # - tag: "forward_lan" 38 | # type: forward 39 | # args: 40 | # concurrent: 1 41 | # upstream: 42 | # - addr: "192.168.1.1" 43 | 44 | - tag: "forward_local" 45 | type: forward 46 | args: 47 | concurrent: 2 48 | upstreams: 49 | - addr: "${chinaDNSServerIPInput}" # 江苏电信 DNS,自行修改 50 | - addr: "218.4.4.4" # 江苏电信 DNS,自行修改 51 | - addr: "210.22.70.3" # 上海联通 DNS,自行修改 52 | 53 | - tag: "forward_alidns" 54 | type: forward 55 | args: 56 | concurrent: 1 57 | upstreams: 58 | - addr: "quic://223.6.6.6:853" 59 | - addr: "https://dns.alidns.com/dns-query" 60 | dial_addr: "223.5.5.5" 61 | enable_http3: false 62 | 63 | - tag: "forward_easy" 64 | type: "forward" 65 | args: 66 | concurrent: 1 67 | upstreams: 68 | - addr: "https://doh.apad.pro/dns-query" 69 | bootstrap: "218.2.2.2" 70 | enable_http3: false 71 | 72 | - tag: "forward_remote" 73 | type: "forward" 74 | args: 75 | concurrent: 1 # 并发数。每次请求随机选取 concurrent 个 upstreams 发送请求。 76 | # 取最快返回的应答。超过 3 最多选 3 个。默认 1。 77 | upstreams: 78 | - addr: "https://162.159.36.1/dns-query" 79 | enable_http3: false 80 | # socks5: "127.0.0.1:1080" # 目前暂不支持用户名密码认证,只支持基于 TCP 的协议 81 | - addr: "https://162.159.46.1/dns-query" 82 | enable_http3: false 83 | # - addr: "https://doh.opendns.com/dns-query" 84 | # dial_addr: "146.112.41.2" 85 | # enable_http3: false 86 | # - addr: "https://public.dns.iij.jp/dns-query" 87 | # dial_addr: 103.2.57.5 88 | # enable_http3: false 89 | # - addr: "tcp://208.67.220.220:5353" # CISCO OpenDNS 90 | # enable_pipeline: true 91 | 92 | - tag: remote_sequence 93 | type: sequence 94 | args: 95 | - exec: prefer_ipv4 96 | - exec: $ecs_tw 97 | - exec: $forward_remote 98 | - exec: return 99 | 100 | - tag: "fallback" 101 | type: "fallback" 102 | args: 103 | primary: forward_easy # easy 104 | secondary: forward_remote # remote 105 | threshold: 360 # 无响应回滚阈值。单位毫秒。默认 500 。 106 | always_standby: true # 副可执行插件始终待命。 107 | 108 | - tag: fallback_sequence 109 | type: sequence 110 | args: 111 | - exec: prefer_ipv4 112 | - exec: $ecs_tw 113 | - exec: $fallback 114 | - exec: return 115 | 116 | - tag: fallback_sequence_ipv6 117 | type: sequence 118 | args: 119 | - exec: prefer_ipv6 120 | - exec: $fallback 121 | - exec: return 122 | 123 | - tag: has_resp_sequence 124 | type: sequence 125 | args: 126 | - matches: 127 | - has_resp 128 | exec: accept 129 | 130 | 131 | 132 | 133 | - tag: "hosts" 134 | type: "hosts" 135 | args: 136 | # entries: 137 | # - "google.com 108.177.122.113" 138 | files: 139 | - "/etc/mosdns/rule/hosts.txt" 140 | 141 | - tag: geosite_cn # 国内域名 142 | type: domain_set 143 | args: 144 | files: 145 | - "/etc/mosdns/rule/china_domain_list.txt" # https://raw.githubusercontent.com/pmkol/easymosdns/rules/china_domain_list.txt 146 | 147 | - tag: geoip_cn # 国内 IP 148 | type: ip_set 149 | args: 150 | files: 151 | - "/etc/mosdns/rule/china_ip_list.txt" # https://raw.githubusercontent.com/pmkol/easymosdns/rules/china_ip_list.txt 152 | 153 | - tag: privatelist # 内网域名 154 | type: domain_set 155 | args: 156 | files: 157 | - "/etc/mosdns/rule/private.txt" # https://raw.githubusercontent.com/Loyalsoldier/domain-list-custom/release/private.txt 158 | 159 | - tag: whitelist 160 | type: domain_set 161 | args: 162 | files: 163 | - "/etc/mosdns/rule/white_list.txt" # https://raw.githubusercontent.com/Journalist-HK/Rules/master/white_list.txt 164 | 165 | - tag: blocklist 166 | type: domain_set 167 | args: 168 | files: 169 | - "/etc/mosdns/rule/block_list.txt" # https://raw.githubusercontent.com/Journalist-HK/Rules/master/block_list.txt 170 | 171 | - tag: greylist # 用来存放被污染的域名。 172 | type: domain_set 173 | args: 174 | files: 175 | - "/etc/mosdns/rule/grey_list.txt" # https://raw.githubusercontent.com/Journalist-HK/Rules/master/grey_list.txt 176 | 177 | - tag: ipv6list # 用来存放优先走 ipv6 的域名。 178 | type: domain_set 179 | args: 180 | files: 181 | - "/etc/mosdns/rule/ipv6_domain_list.txt" # https://raw.githubusercontent.com/Journalist-HK/Rules/master/ipv6_domain_list.txt 182 | 183 | - tag: originallist # 用来存放优不进行 IP 优选的域名。 184 | type: domain_set 185 | args: 186 | files: 187 | - "/etc/mosdns/rule/original_domain_list.txt" # https://raw.githubusercontent.com/Journalist-HK/Rules/master/original_domain_list.txt 188 | 189 | - tag: akamailist 190 | type: domain_set 191 | args: 192 | files: 193 | - "/etc/mosdns/rule/akamai_domain_list.txt" # https://raw.githubusercontent.com/Journalist-HK/Rules/master/akamai_domain_list.txt 194 | 195 | - tag: cdnlist 196 | type: domain_set 197 | args: 198 | exps: 199 | - "cloudflare.com" 200 | - "cloudfront.net" 201 | - "ghproxy.com" 202 | - "microsoft.com" 203 | - "playstation.com" 204 | - "playstation.net" 205 | - "redhat.com" 206 | - "samsung.com" 207 | - "ubi.com" 208 | - "ubisoft.com" 209 | - "xboxlive.com" 210 | files: 211 | - "/etc/mosdns/rule/cdn_domain_list.txt" # https://raw.githubusercontent.com/pmkol/easymosdns/rules/cdn_domain_list.txt 212 | 213 | - tag: gfwlist 214 | type: domain_set 215 | args: 216 | files: 217 | - "/etc/mosdns/rule/gfw.txt" # https://raw.githubusercontent.com/Loyalsoldier/v2ray-rules-dat/release/gfw.txt 218 | - "/etc/mosdns/rule/greatfire.txt" # https://raw.githubusercontent.com/Loyalsoldier/v2ray-rules-dat/release/greatfire.txt 219 | - "/etc/mosdns/rule/custom_list.txt" # https://raw.githubusercontent.com/Journalist-HK/Rules/master/custom_list.txt 220 | 221 | - tag: banned_ip 222 | type: ip_set 223 | args: 224 | ips: 225 | - "0.0.0.0/32" 226 | - "2001::/32" 227 | files: 228 | - "/etc/mosdns/rule/gfw_ip_list.txt" # https://raw.githubusercontent.com/pmkol/easymosdns/rules/gfw_ip_list.txt 229 | - "/etc/mosdns/rule/facebook.txt" # https://raw.githubusercontent.com/Loyalsoldier/geoip/release/text/facebook.txt 230 | # - "/etc/mosdns/rule/telegram.txt" # https://raw.githubusercontent.com/Loyalsoldier/geoip/release/text/telegram.txt 231 | - "/etc/mosdns/rule/twitter.txt" # https://raw.githubusercontent.com/Loyalsoldier/geoip/release/text/twitter.txt 232 | 233 | - tag: cloudflare_ip 234 | type: ip_set 235 | args: 236 | files: 237 | - "/etc/mosdns/rule/ip.txt" # https://raw.githubusercontent.com/XIU2/CloudflareSpeedTest/master/ip.txt 238 | 239 | - tag: cloudflare_ipv6 240 | type: ip_set 241 | args: 242 | files: 243 | - "/etc/mosdns/rule/ipv6.txt" # https://raw.githubusercontent.com/XIU2/CloudflareSpeedTest/master/ipv6.txt 244 | 245 | - tag: cloudfront_ip 246 | type: ip_set 247 | args: 248 | files: 249 | - "/etc/mosdns/rule/cloudfront.txt" # https://raw.githubusercontent.com/Journalist-HK/Rules/master/cloudfront.txt 250 | 251 | - tag: cloudfront_ipv6 252 | type: ip_set 253 | args: 254 | files: 255 | - "/etc/mosdns/rule/cloudfront_ipv6.txt" # https://raw.githubusercontent.com/Journalist-HK/Rules/master/cloudfront_ipv6.txt 256 | 257 | - tag: fastly_ip 258 | type: ip_set 259 | args: 260 | files: 261 | - "/etc/mosdns/rule/fastly.txt" # https://raw.githubusercontent.com/Loyalsoldier/geoip/release/text/fastly.txt 262 | 263 | - tag: "cache_0" 264 | type: "cache" 265 | args: 266 | size: 8192 # 默认: 1024。 267 | # lazy_cache_ttl > 0 会启用 lazy cache。 268 | # 所有应答都会在缓存中存留 lazy_cache_ttl 秒,但自身的 TTL 仍然有效。如果命中过期的应答, 269 | # 则缓存会立即返回 TTL 为 5 的应答,然后自动在后台发送请求更新数据。 270 | lazy_cache_ttl: 259200 # 默认: 0(禁用 lazy cache)。 271 | # 建议值 86400(1天)~ 259200(3天) 272 | dump_file: /usr/share/mosdns/cache.dump 273 | # (实验性) 自动保存间隔。单位秒。默认 600。 274 | # 如果距离上次 dump 有 1024 次更新,则自动保存。 275 | dump_interval: 7200 276 | 277 | 278 | 279 | 280 | 281 | 282 | 283 | # IP 优选,需要定期修改,最好填写 2 - 4 个 284 | - tag: blackhole_akamai # 替换部分 AKAMAI 域名 IP,详见 https://github.com/IrineSistiana/mosdns/discussions/489 285 | type: sequence 286 | args: 287 | - exec: black_hole 119.149.188.15 202.142.229.59 223.44.51.33 # best_akamai_ip 288 | - exec: ttl 3600-0 289 | - exec: accept # 运行 black_hole 之后接受请求,不再进行后续判断 290 | 291 | - tag: blackhole_akamai_ipv6 292 | type: sequence 293 | args: 294 | - exec: black_hole 2600:140b:1000::1730:d5ab 2600:140b:1000::1730:d5ce # best_akamai_ipv6 295 | - exec: ttl 3600-0 296 | - exec: accept 297 | 298 | - tag: blackhole_cloudflare 299 | type: sequence 300 | args: 301 | - exec: black_hole 104.17.7.198 104.17.61.114 162.159.0.195 162.159.7.75 # best_cloudflare_ip 302 | - exec: ttl 3600-0 303 | - exec: accept 304 | 305 | - tag: blackhole_cloudflare_ipv6 306 | type: sequence 307 | args: 308 | - exec: black_hole 2a06:98c1:310f::e0c0:131c:2cb3 2a06:98c1:310f::ee3c:1d43:fc2e:6f6c # best_cloudflare_ipv6 309 | - exec: ttl 3600-0 310 | - exec: accept 311 | 312 | - tag: blackhole_cloudfront 313 | type: sequence 314 | args: 315 | - exec: black_hole 18.172.26.139 18.172.28.94 52.84.151.126 52.84.228.48 # best_cloudfront_ip 316 | - exec: ttl 3600-0 317 | - exec: accept 318 | 319 | - tag: blackhole_cloudfront_ipv6 320 | type: sequence 321 | args: 322 | - exec: black_hole 2600:9000:20e9:1edf:3560:977b:c990:1f75 2600:9000:20e9:1edf:35c0:29ed:b6ac:7b3b # best_cloudfront_ipv6 323 | - exec: ttl 3600-0 324 | - exec: accept 325 | 326 | - tag: remote_sequence_us # 使用 US ECS 请求上游 327 | type: sequence 328 | args: 329 | - exec: prefer_ipv4 330 | - exec: $ecs_us 331 | - exec: $forward_remote 332 | - exec: jump has_resp_sequence 333 | 334 | - tag: fallback_sequence_us # 使用 US ECS 请求上游 335 | type: sequence 336 | args: 337 | - exec: prefer_ipv4 338 | - exec: $ecs_us 339 | - exec: $fallback 340 | - exec: jump has_resp_sequence 341 | 342 | - tag: change_cdn_ip_akamai 343 | type: sequence 344 | args: 345 | - matches: 346 | - cname akamai.net 347 | - qtype 1 348 | - has_wanted_ans # 防止纯 IPV6 域名被替换 349 | exec: jump blackhole_akamai 350 | - matches: 351 | - cname akamai.net 352 | - qtype 28 353 | - has_wanted_ans 354 | exec: jump blackhole_akamai_ipv6 # 如果不需要对纯 IPV6 域名优选可以去掉这一段 355 | - exec: return 356 | 357 | - tag: change_cdn_ip_cf # https://github.com/XIU2/CloudflareSpeedTest/discussions/317 358 | type: sequence 359 | args: 360 | - matches: 361 | - qtype 1 362 | - has_wanted_ans 363 | - resp_ip $cloudflare_ip 364 | exec: jump blackhole_cloudflare 365 | - matches: 366 | - qtype 1 367 | - has_wanted_ans 368 | - resp_ip $cloudfront_ip 369 | exec: jump blackhole_cloudfront 370 | - matches: 371 | - qtype 28 372 | - has_wanted_ans 373 | - resp_ip $cloudflare_ipv6 374 | exec: jump blackhole_cloudflare_ipv6 375 | - matches: 376 | - qtype 28 377 | - has_wanted_ans 378 | - resp_ip $cloudfront_ipv6 379 | exec: jump blackhole_cloudfront_ipv6 380 | - exec: return 381 | 382 | - tag: reforward_fastly_remote # 使用 US ECS 再次查询优化 Fastly CDN 结果 383 | type: sequence 384 | args: 385 | - matches: 386 | - resp_ip $fastly_ip 387 | exec: jump remote_sequence_us 388 | - exec: return 389 | 390 | - tag: reforward_fastly_fallback # 使用 US ECS 再次查询优化 Fastly CDN 结果 391 | type: sequence 392 | args: 393 | - matches: 394 | - resp_ip $fastly_ip 395 | exec: jump fallback_sequence_us 396 | - exec: return 397 | 398 | - tag: gfw_sequence # 处理 GFW 域名 399 | type: sequence 400 | args: 401 | - exec: jump remote_sequence 402 | - exec: jump change_cdn_ip_akamai 403 | - exec: jump change_cdn_ip_cf 404 | - exec: jump reforward_fastly_remote 405 | - exec: accept # 查询失败也会停止,防止后续查询回落到国内上游 406 | 407 | - tag: default_sequence # 默认使用 fallback 408 | type: sequence 409 | args: 410 | - exec: jump fallback_sequence 411 | - exec: jump change_cdn_ip_akamai 412 | - exec: jump change_cdn_ip_cf 413 | - exec: jump reforward_fastly_fallback 414 | - exec: accept # 查询失败也会停止,防止后续查询回落到国内上游 415 | 416 | - tag: default_sequence_original # 使用 fallback,不替换 CDN IP 417 | type: sequence 418 | args: 419 | - exec: jump fallback_sequence 420 | - exec: jump has_resp_sequence 421 | 422 | - tag: default_sequence_ipv6 # 使用 fallback,但不替换 CDN IP,IPV6 优先 423 | type: sequence 424 | args: 425 | - exec: jump fallback_sequence_ipv6 426 | - exec: jump has_resp_sequence 427 | 428 | - tag: ali_sequence 429 | type: sequence 430 | args: 431 | # - exec: prefer_ipv4 432 | - exec: $forward_alidns 433 | - exec: jump change_cdn_ip_akamai 434 | - exec: jump change_cdn_ip_cf 435 | - exec: jump reforward_fastly_fallback 436 | - exec: accept # 查询失败也会停止,防止后续查询其他上游 437 | 438 | - tag: ali_sequence_ipv4 439 | type: sequence 440 | args: 441 | - exec: prefer_ipv4 442 | - exec: $forward_alidns 443 | - exec: jump change_cdn_ip_akamai 444 | - exec: jump change_cdn_ip_cf 445 | - exec: jump reforward_fastly_fallback 446 | - exec: accept # 查询失败也会停止,防止后续查询其他上游 447 | 448 | # - tag: reforward_banned_ip 449 | # type: sequence 450 | # args: 451 | # - exec: debug_print "DNS poisoning detected" 452 | # - exec: jump fallback_sequence 453 | # - exec: return 454 | 455 | - tag: main 456 | type: sequence 457 | args: 458 | - matches: 459 | - qtype 65 460 | exec: reject 3 # 屏蔽 QTYPE 65 461 | 462 | - exec: $hosts 463 | - exec: jump has_resp_sequence 464 | 465 | - matches: 466 | - qname $privatelist #内网域名 467 | exec: reject 5 # 屏蔽内网域名 468 | # exec: $forward_lan # 查询内网 DNS 469 | # - exec: jump has_resp_sequence 470 | 471 | - matches: 472 | - qname $whitelist # DDNS 和 其他白名单 473 | exec: $forward_local 474 | - exec: ttl 5-180 475 | - exec: jump has_resp_sequence 476 | 477 | - matches: 478 | - qname $blocklist # 黑名单,可添加去广告列表 479 | exec: reject 5 480 | 481 | - exec: $cache_0 # 下面的请求结果均进入缓存 482 | 483 | - matches: 484 | - qname $ipv6list 485 | exec: jump default_sequence_ipv6 # IPV6 域名请求 EASY DNS 486 | 487 | - matches: 488 | - qname $originallist # 不进行 IP 替换的域名,通常是游戏等使用非常用端口的域名 489 | exec: jump default_sequence_original 490 | 491 | - matches: 492 | - qname $greylist 493 | exec: jump default_sequence # 污染域名请求 EASY DNS 494 | 495 | - matches: 496 | - qname $geosite_cn # 国内域名走阿里 DNS,也可以走运营商 DNS 497 | exec: jump ali_sequence # 如果使用策略 1,可以考虑去掉这一段。去掉后,当阿里 DNS 查询失败后会查询可信上游。 498 | 499 | - matches: 500 | - qname $cdnlist apple.com icloud.com edgesuite.net msftconnecttest.com trafficmanager.net 501 | exec: jump ali_sequence_ipv4 # 我这里用阿里 DNS 请求 AKAMAI 域名返回东京电信的概率较高,可以替换成其他。 502 | 503 | - matches: 504 | - qname $gfwlist 505 | exec: jump gfw_sequence # GFW 域名直接请求海外 DNS 506 | 507 | - matches: 508 | - qname $akamailist 509 | exec: jump ali_sequence_ipv4 # 我这里用阿里 DNS 请求 AKAMAI 域名返回东京电信的概率较高,可以替换成其他。 510 | 511 | # 策略 1:默认查询国内上游,入返回境外 IP,再次将域名交给可信 DNS 查询。 512 | - exec: $forward_alidns # 默认使用阿里 DNS,如果担心 DNS 泄露,可以调换顺序,把 fallback 放在前面,代价是延迟会变高。这种情况下可以使用前面的 cdnlist 域名先做判断。 513 | - matches: 514 | - resp_ip $banned_ip # 记录被污染域名,日后加入 gerylist。可以去掉。 515 | exec: debug_print "DNS poisoning detected" 516 | - matches: 517 | - "resp_ip $geoip_cn" 518 | exec: accept # 返回国内 IP 直接接受 519 | - exec: jump change_cdn_ip_akamai 520 | - matches: # 有些 AKAMAI 的域名不能直接替换 IP(没有绑定全证书),此处多加一次判断,接受所有 AKAMAI CDN 的 IP。 521 | - cname $akamailist 522 | exec: accept 523 | - exec: jump change_cdn_ip_cf 524 | - exec: jump reforward_fastly_fallback 525 | 526 | # 策略 2:注释上方策略 1 的配置,默认查询可信 DNS,可以避免“DNS 泄露”,对上游稳定性要求更高 527 | - exec: jump default_sequence # 其余域名使用可信 DNS 528 | 529 | 530 | - tag: udp_server 531 | type: udp_server 532 | args: 533 | entry: main 534 | listen: ":${mosDNSServerPort}" 535 | 536 | - tag: tcp_server 537 | type: tcp_server 538 | args: 539 | entry: main 540 | listen: ":${mosDNSServerPort}" 541 | # cert: "/etc/nginx/conf.d/_lan.crt" # 配置 cert 和 key 后会启用 TLS (DoT)。 542 | # key: "/etc/nginx/conf.d/_lan.key" 543 | idle_timeout: 10 # 空连接超时。单位秒。默认 10。 544 | 545 | -------------------------------------------------------------------------------- /dsm/openwrt.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | 4 | 5 | checkArchitecture(){ 6 | # https://stackoverflow.com/questions/48678152/how-to-detect-386-amd64-arm-or-arm64-os-architecture-via-shell-bash 7 | 8 | case $(uname -m) in 9 | i386) osArchitecture="386" ;; 10 | i686) osArchitecture="386" ;; 11 | x86_64) osArchitecture="amd64" ;; 12 | arm) dpkg --print-architecture | grep -q "arm64" && osArchitecture="arm64" || osArchitecture="arm" ;; 13 | aarch64) dpkg --print-architecture | grep -q "arm64" && osArchitecture="arm64" || osArchitecture="arm" ;; 14 | * ) osArchitecture="arm" ;; 15 | esac 16 | 17 | } 18 | 19 | 20 | getLinuxOSRelease(){ 21 | 22 | checkArchitecture 23 | 24 | # NAME="OpenWrt" 25 | # VERSION="SNAPSHOT" 26 | # ID="openwrt" 27 | if [ -f /etc/os-release ]; then 28 | . /etc/os-release 29 | osInfo=$NAME 30 | osID=$ID 31 | osReleaseVersionNo=$VERSION_ID 32 | fi 33 | 34 | echo "OS: ${osInfo}, ${ID}, ${VERSION_ID} CPU: $osArchitecture" 35 | } 36 | 37 | 38 | getGithubLatestReleaseVersion(){ 39 | # https://github.com/p4gefau1t/trojan-go/issues/63 40 | wget --no-check-certificate -qO- https://api.github.com/repos/$1/tags | grep 'name' | cut -d\" -f4 | head -1 | cut -b 1- 41 | } 42 | 43 | 44 | 45 | mosdnsDownloadPath="/tmp" 46 | mosdnsLogFilePath="/tmp/mosdns.log" 47 | mosdnsEtcPath="/etc/mosdns" 48 | 49 | getIPDKdownloadFilename(){ 50 | # mosdnsIPK_array=($(wget -qO- https://op.supes.top/packages/x86_64/ | grep -E "mosdns|v2ray" | awk -F' "${mosdnsEtcPath}/cus_config.yaml" <<-EOF 302 | 303 | log: 304 | level: info 305 | file: "${mosdnsLogFilePath}" 306 | 307 | data_providers: 308 | - tag: geosite 309 | file: ./geosite.dat 310 | auto_reload: true 311 | - tag: geoip 312 | file: ./geoip.dat 313 | auto_reload: true 314 | 315 | plugins: 316 | # 缓存 317 | - tag: cache 318 | type: cache 319 | args: 320 | size: 2048 321 | lazy_cache_ttl: 3600 322 | cache_everything: true 323 | 324 | # hosts map 325 | # - tag: map_hosts 326 | # type: hosts 327 | # args: 328 | # hosts: 329 | # - 'google.com 0.0.0.0' 330 | # - 'api.miwifi.com 127.0.0.1' 331 | # - 'www.baidu.com 0.0.0.0' 332 | 333 | # 转发至本地服务器的插件 334 | - tag: forward_local 335 | type: fast_forward 336 | args: 337 | upstream: 338 | - addr: "udp://223.5.5.5" 339 | trusted: true 340 | - addr: "udp://119.29.29.29" 341 | trusted: false 342 | 343 | 344 | # 转发至远程服务器的插件 345 | - tag: forward_remote 346 | type: fast_forward 347 | args: 348 | upstream: 349 | ${addNewDNSServerIPText} 350 | ${addNewDNSServerDomainText} 351 | - addr: "udp://208.67.222.222" 352 | trusted: true 353 | 354 | - addr: "udp://1.0.0.1" 355 | trusted: true 356 | - addr: "https://dns.cloudflare.com/dns-query" 357 | idle_timeout: 400 358 | trusted: true 359 | 360 | - addr: "udp://5.2.75.231" 361 | idle_timeout: 400 362 | trusted: true 363 | 364 | - addr: "udp://185.121.177.177" 365 | idle_timeout: 400 366 | trusted: true 367 | 368 | - addr: "udp://94.130.180.225" 369 | idle_timeout: 400 370 | trusted: true 371 | 372 | - addr: "udp://78.47.64.161" 373 | idle_timeout: 400 374 | trusted: true 375 | 376 | - addr: "udp://51.38.83.141" 377 | 378 | - addr: "udp://176.9.93.198" 379 | - addr: "udp://176.9.1.117" 380 | 381 | - addr: "udp://88.198.92.222" 382 | 383 | 384 | # 匹配本地域名的插件 385 | - tag: query_is_local_domain 386 | type: query_matcher 387 | args: 388 | domain: 389 | - 'provider:geosite:cn' 390 | 391 | - tag: query_is_gfw_domain 392 | type: query_matcher 393 | args: 394 | domain: 395 | - 'provider:geosite:gfw' 396 | 397 | # 匹配非本地域名的插件 398 | - tag: query_is_non_local_domain 399 | type: query_matcher 400 | args: 401 | domain: 402 | - 'provider:geosite:geolocation-!cn' 403 | 404 | # 匹配广告域名的插件 405 | - tag: query_is_ad_domain 406 | type: query_matcher 407 | args: 408 | domain: 409 | - 'provider:geosite:category-ads-all' 410 | 411 | # 匹配本地 IP 的插件 412 | - tag: response_has_local_ip 413 | type: response_matcher 414 | args: 415 | ip: 416 | - 'provider:geoip:cn' 417 | 418 | 419 | # 主要的运行逻辑插件 420 | # sequence 插件中调用的插件 tag 必须在 sequence 前定义, 421 | # 否则 sequence 找不到对应插件。 422 | - tag: main_sequence 423 | type: sequence 424 | args: 425 | exec: 426 | # hosts map 427 | # - map_hosts 428 | 429 | # 缓存 430 | - cache 431 | 432 | # 屏蔽广告域名 ad block 433 | - if: query_is_ad_domain 434 | exec: 435 | - _new_nxdomain_response 436 | - _return 437 | 438 | # 已知的本地域名用本地服务器解析 439 | - if: query_is_local_domain 440 | exec: 441 | - forward_local 442 | - _return 443 | 444 | - if: query_is_gfw_domain 445 | exec: 446 | - forward_remote 447 | - _return 448 | 449 | # 已知的非本地域名用远程服务器解析 450 | - if: query_is_non_local_domain 451 | exec: 452 | - _prefer_ipv4 453 | - forward_remote 454 | - _return 455 | 456 | # 剩下的未知域名用 IP 分流。 457 | # primary 从本地服务器获取应答,丢弃非本地 IP 的结果。 458 | - primary: 459 | - forward_local 460 | - if: "(! response_has_local_ip) && [_response_valid_answer]" 461 | exec: 462 | - _drop_response 463 | secondary: 464 | - _prefer_ipv4 465 | - forward_remote 466 | fast_fallback: 200 467 | always_standby: true 468 | 469 | servers: 470 | - exec: main_sequence 471 | listeners: 472 | - protocol: udp 473 | addr: ":${mosDNSServerPort}" 474 | - protocol: tcp 475 | addr: ":${mosDNSServerPort}" 476 | 477 | 478 | EOF 479 | 480 | 481 | echo 482 | echo " ================================================== " 483 | echo " Install mosdns success! 安装 mosdns 成功!" 484 | echo " mosdns running at port ${mosDNSServerPort}! 运行端口: ${mosDNSServerPort}!" 485 | echo " 查看访问日志: cat ${mosdnsLogFilePath}" 486 | 487 | echo " 请进入OpenWRT管理菜单: 服务-> MosDNS -> MosDNS 配置文件选择 下拉框选择 自定义配置 !" 488 | echo " 然后勾选 启用 复选框后, 点击 保存&应用 按钮 启动 MosDNS !" 489 | echo " ================================================== " 490 | echo 491 | } 492 | 493 | 494 | 495 | removeMosdns(){ 496 | 497 | echo 498 | echo " ==================================================" 499 | echo " 准备卸载 Mosdns on OpenWRT" 500 | echo " ==================================================" 501 | echo 502 | 503 | opkg remove luci-app-mosdns 504 | opkg remove mosdns 505 | 506 | rm -f "${mosdnsLogFilePath}" 507 | rm -rf "${mosdnsEtcPath}" 508 | 509 | rm -f /etc/config/mosdns 510 | rm -f /etc/config/mosdns-opkg 511 | 512 | 513 | 514 | echo 515 | echo " ================================================== " 516 | echo " Mosdns 卸载完毕 !" 517 | echo " ================================================== " 518 | 519 | } 520 | 521 | 522 | main(){ 523 | 524 | if [ -z "$1" ]; then 525 | installMosdns 526 | else 527 | removeMosdns 528 | fi 529 | 530 | } 531 | 532 | main $1 533 | 534 | 535 | -------------------------------------------------------------------------------- /dsm/readme.md: -------------------------------------------------------------------------------- 1 | # PVE 和 群晖DSM NAS 安装工具, FRP 内网穿透工具 一键安装管理脚本 2 | 3 | ### 运行方法 Installation 4 | 5 | #### linux系统下 通过 wget 命令安装 via wget to install script 6 | 7 | ```bash 8 | wget --no-check-certificate -O /root/pve.sh https://raw.githubusercontent.com/jinwyp/one_click_script/master/dsm/pve.sh && chmod 700 /root/pve.sh && /root/pve.sh 9 | 10 | ``` 11 | 12 | #### DSM 群晖系统下 通过 wget 命令安装 via wget to install script 13 | 14 | ```bash 15 | wget --no-check-certificate -O /root/pve.sh /tmp https://raw.githubusercontent.com/jinwyp/one_click_script/master/dsm/pve.sh && chmod 700 /tmp/pve.sh && /tmp/pve.sh 16 | 17 | ``` 18 | 19 | 20 | ### 注意事项与常见问题 FAQ 21 | 22 | 1. 群晖补丁需要用 ssh 工具登录到群晖的系统后运行使用. 请先在群晖系统 "控制面板->终端机和SNMP" 开启SSH, 然后用admin用户登录ssh后, 运行上面命令. 由于第一次使用admin登陆后, 默认admin没有写入当前的文件夹的权限,所以第一次运行的命令把脚本放到了/tmp目录下. 以后开启root登陆后,可以直接用上面linux的运行方法把脚放到/root目录下即可. 23 | 24 | 25 | 26 | ### 功能介绍 Feature 27 | 28 | ![功能列表](https://github.com/jinwyp/one_click_script/blob/master/docs/pve1.png?raw=true) 29 | 30 | ![功能列表](https://github.com/jinwyp/one_click_script/blob/master/docs/pve2.png?raw=true) 31 | 32 | 33 | -------------------------------------------------------------------------------- /netflix_check.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | Font_Black="\033[30m" 4 | Font_Red="\033[31m" 5 | Font_Green="\033[32m" 6 | Font_Yellow="\033[33m" 7 | Font_Blue="\033[34m" 8 | Font_Purple="\033[35m" 9 | Font_SkyBlue="\033[36m" 10 | Font_White="\033[37m" 11 | Font_Suffix="\033[0m" 12 | 13 | # fonts color 14 | red(){ 15 | echo -e "\033[31m\033[01m$1\033[0m" 16 | } 17 | green(){ 18 | echo -e "\033[32m\033[01m$1\033[0m" 19 | } 20 | yellow(){ 21 | echo -e "\033[33m\033[01m$1\033[0m" 22 | } 23 | blue(){ 24 | echo -e "\033[34m\033[01m$1\033[0m" 25 | } 26 | bold(){ 27 | echo -e "\033[1m\033[01m$1\033[0m" 28 | } 29 | 30 | 31 | 32 | 33 | 34 | UA_Browser="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36"; 35 | 36 | configWARPPortFilePath="${HOME}/wireguard/warp-port" 37 | configWARPPortLocalServerPort="40000" 38 | warpPortInput="${1:-40000}" 39 | 40 | isAutoRefreshWarp="" 41 | 42 | function testWARPEnabled(){ 43 | 44 | if [[ -f "${configWARPPortFilePath}" ]]; then 45 | configWARPPortLocalServerPort="$(cat ${configWARPPortFilePath})" 46 | yellow "检测到本机已安装 WARP Sock5, 端口号 ${configWARPPortLocalServerPort}" 47 | echo 48 | fi 49 | 50 | if [[ "$isAutoRefreshWarp" == "true" ]]; then 51 | warpPortInput="${configWARPPortLocalServerPort}" 52 | else 53 | read -p "请输入WARP Sock5 端口号? 直接回车默认${configWARPPortLocalServerPort}, 请输入纯数字:" warpPortInput 54 | warpPortInput=${warpPortInput:-$configWARPPortLocalServerPort} 55 | fi 56 | echo 57 | 58 | } 59 | 60 | isIPV6Enabled="false" 61 | function testIPV6Enabled(){ 62 | cmdCatIpv6=$(cat /sys/module/ipv6/parameters/disable) 63 | isIPV6Enabled="false" 64 | 65 | if [[ ${cmdCatIpv6} == "0" ]]; then 66 | isIPV6Enabled="true" 67 | fi 68 | 69 | cmd1SysCtlIpv6=$(sysctl -a 2>/dev/null | grep net.ipv6.conf.all.disable_ipv6 | awk -F " " '{print $3}' ) 70 | cmd2SysCtlIpv6=$(sysctl -a 2>/dev/null | grep net.ipv6.conf.default.disable_ipv6 | awk -F " " '{print $3}' ) 71 | 72 | if [[ ${cmd1SysCtlIpv6} == "0" && ${cmd2SysCtlIpv6} == "0" ]]; then 73 | isIPV6Enabled="true" 74 | fi 75 | } 76 | 77 | 78 | function testNetflixAll(){ 79 | curlCommand="curl --connect-timeout 10 -sL" 80 | curlInfo="IPv4" 81 | 82 | if [[ $1 == "ipv4" ]]; then 83 | bold " 开始测试本机的IPv4 解锁 Netflix 情况" 84 | curlCommand="${curlCommand} -4" 85 | curlInfo="IPv4" 86 | 87 | elif [[ $1 == "ipv4warp" ]]; then 88 | 89 | read -r -p "是否测试本机 IPv4 WARP Sock5 代理? 直接回车默认不测试 请输入[y/N]:" isIpv4WARPContinueInput 90 | isIpv4WARPContinueInput=${isIpv4WARPContinueInput:-n} 91 | 92 | if [[ ${isIpv4WARPContinueInput} == [Nn] ]]; then 93 | red " 已退出本机 IPv4 WARP Sock5 代理测试" 94 | echo 95 | return 96 | else 97 | testWARPEnabled 98 | 99 | bold " 开始测试本机的IPv4 通过CloudFlare WARP 解锁 Netflix 情况" 100 | curlCommand="${curlCommand} -x socks5h://127.0.0.1:${warpPortInput}" 101 | curlInfo="IPv4 CloudFlare WARP" 102 | fi 103 | 104 | 105 | elif [[ $1 == "ipv6" ]]; then 106 | 107 | if [[ "${isIPV6Enabled}" == "false" ]]; then 108 | red " 本机IPv6 没有开启 是否继续测试IPv6 " 109 | read -r -p "是否继续测试IPv6? 直接回车默认不继续测试 请输入[y/N]:" isIpv6ContinueInput 110 | isIpv6ContinueInput=${isIpv6ContinueInput:-n} 111 | 112 | if [[ ${isIpv6ContinueInput} == [Nn] ]]; then 113 | red " 已退出 本机IPv6 测试 " 114 | echo 115 | return 116 | else 117 | echo 118 | bold " 开始测试本机的IPv6 解锁 Netflix 情况" 119 | curlCommand="${curlCommand} -6" 120 | curlInfo="IPv6" 121 | fi 122 | else 123 | bold " 开始测试本机的IPv6 解锁 Netflix 情况" 124 | curlCommand="${curlCommand} -6" 125 | curlInfo="IPv6" 126 | 127 | fi 128 | 129 | 130 | elif [[ $1 == "ipv6warp" ]]; then 131 | bold " 开始测试本机的IPv6 通过CloudFlare WARP 解锁 Netflix 情况" 132 | curlCommand="${curlCommand} -6" 133 | curlInfo="IPv6 CloudFlare WARP" 134 | 135 | else 136 | red " 没有选择要进行的测试 已退出! " 137 | return 138 | 139 | fi 140 | 141 | # curl 参数说明 142 | # --connect-timeout Maximum time allowed for connection 143 | # -4, --ipv4 Resolve names to IPv4 addresses 144 | # -s, --silent Silent mode 145 | # -S, --show-error Show error even when -s is used 146 | # -L, --location Follow redirects 147 | # -i, --include Include protocol response headers in the output 148 | # -f, --fail Fail silently (no output at all) on HTTP errors 149 | 150 | 151 | testNetflixOneMethod "${curlCommand}" "${curlInfo}" 152 | echo 153 | 154 | } 155 | 156 | function testNetflixOneMethod(){ 157 | # https://stackoverflow.com/questions/3869072/test-for-non-zero-length-string-in-bash-n-var-or-var 158 | 159 | if [[ -n "$1" ]]; then 160 | 161 | netflixLinkIndex="https://www.netflix.com/" 162 | netflixLinkOwn="https://www.netflix.com/title/80018499" 163 | 164 | 165 | # green " Test Url: $1 -S ${netflixLinkIndex}" 166 | resultIndex=$($1 -S ${netflixLinkIndex} 2>&1) 167 | 168 | if [[ "${resultIndex}" == "curl"* ]];then 169 | red " 网络错误 无法打开 Netflix 网站" 170 | return 171 | fi 172 | 173 | if [[ -z "${resultIndex}" ]];then 174 | resultIndex2=$($1 -S ${netflixLinkIndex} 2>&1) 175 | if [[ -z "${resultIndex2}" ]];then 176 | red " 已被 Netflix 屏蔽, 403 访问错误 " 177 | return 178 | fi 179 | fi 180 | 181 | if [ "${resultIndex}" == "Not Available" ];then 182 | red " Netflix 不提供此地区服务 " 183 | if [[ "$isAutoRefreshWarp" == "true" ]]; then 184 | echo 185 | else 186 | return 187 | fi 188 | 189 | fi 190 | 191 | 192 | 193 | 194 | 195 | # green " Test Url: $1 -S ${netflixLinkOwn}" 196 | resultOwn=$($1 -S ${netflixLinkIndex} 2>&1) 197 | 198 | if [[ "${resultOwn}" == *"page-404"* ]] || [[ "${resultOwn}" == *"NSEZ-403"* ]];then 199 | red " 本机 $2 不能播放 Netflix 任何剧集" 200 | return 201 | fi 202 | 203 | 204 | # green " Test Url: $1 -fi https://www.netflix.com/title/80018499 2>&1 | sed -n '8p'" 205 | resultRegion=`tr [:lower:] [:upper:] <<< $($1 -fi "https://www.netflix.com/title/80018499" 2>&1 | sed -n '8p' | awk '{print $2}' | cut -d '/' -f4 | cut -d '-' -f1)` 206 | 207 | netflixRegion="${resultRegion}" 208 | # echo "x-robots-tag: ${netflixRegion}" 209 | 210 | if [[ "${resultRegion}" == *"INDEX"* ]] || [[ "${resultRegion}" == *"index"* ]];then 211 | netflixRegion="US" 212 | fi 213 | 214 | result1=$($1 -S "https://www.netflix.com/title/70143836" 2>&1) 215 | result2=$($1 -S "https://www.netflix.com/title/80027042" 2>&1) 216 | result3=$($1 -S "https://www.netflix.com/title/70140425" 2>&1) 217 | result4=$($1 -S "https://www.netflix.com/title/70283261" 2>&1) 218 | result5=$($1 -S "https://www.netflix.com/title/70143860" 2>&1) 219 | result6=$($1 -S "https://www.netflix.com/title/70202589" 2>&1) 220 | result7=$($1 -S "https://www.netflix.com/title/70305903" 2>&1) 221 | 222 | if [[ "$result1" == *"page-404"* ]] && [[ "$result2" == *"page-404"* ]] && [[ "$result3" == *"page-404"* ]] && [[ "$result4" == *"page-404"* ]] && [[ "$result5" == *"page-404"* ]] && [[ "$result6" == *"page-404"* ]]; then 223 | yellow " 本机 $2 仅解锁 Netflix 自制剧, 无法播放非自制剧. 区域: ${netflixRegion}" 224 | 225 | if [[ $2 == "IPv4 CloudFlare WARP Refresh" ]]; then 226 | echo 227 | green " 重启Warp 用于刷新能解锁IP, $2" 228 | warp_restart 229 | sleep 2 230 | 231 | autoRefreshWarpIP 232 | fi 233 | return 234 | fi 235 | 236 | green " 恭喜 本机 $2 解锁 Netflix 全部剧集 包括非自制剧. 区域: ${netflixRegion} " 237 | return 238 | 239 | else 240 | red " 要进行的测试 Url为空! " 241 | fi 242 | 243 | 244 | } 245 | 246 | 247 | 248 | function warp_restart(){ 249 | if [ -f /etc/wireguard/wgcf.conf ]; then 250 | systemctl restart wg-quick@wgcf 251 | sleep 2 252 | fi 253 | 254 | if [ -f /usr/bin/warp-cli ]; then 255 | # systemctl restart warp-svc 256 | # sleep 3 257 | warp-cli --accept-tos delete 258 | sleep 2 259 | warp-cli --accept-tos register 260 | sleep 2 261 | warp-cli --accept-tos connect 262 | sleep 2 263 | 264 | fi 265 | green " 已经完成 重启Warp " 266 | } 267 | 268 | 269 | counter=1 270 | function autoRefreshWarpIPStart(){ 271 | 272 | if [[ "$isAutoRefreshWarp" == "true" ]]; then 273 | testWARPEnabled 274 | autoRefreshWarpIP 275 | fi 276 | 277 | } 278 | 279 | function autoRefreshWarpIP(){ 280 | # https://stackoverflow.com/questions/13638670/adding-counter-in-shell-script 281 | 282 | if [[ "$isAutoRefreshWarp" == "true" ]]; then 283 | 284 | echo 285 | time=$(date "+%Y-%m-%d %H:%M:%S") 286 | green " $time 开始自动刷新 WARP IP, 默认尝试20次 此次为第${counter}次" 287 | echo 288 | curlCommand="curl --connect-timeout 10 -sL" 289 | curlInfo="IPv4 CloudFlare WARP Refresh" 290 | 291 | 292 | 293 | if [ -f /usr/bin/warp-cli ]; then 294 | bold " 开始测试本机的IPv4 通过CloudFlare WARP sock5 解锁 Netflix 情况" 295 | curlCommand="${curlCommand} -x socks5h://127.0.0.1:${warpPortInput}" 296 | else 297 | bold " 开始测试本机的IPv6 通过CloudFlare WARP 解锁 Netflix 情况" 298 | curlCommand="${curlCommand} -6" 299 | fi 300 | 301 | 302 | if [[ "$counter" -gt 20 ]]; then 303 | exit 1 304 | else 305 | counter=$((counter+1)) 306 | testNetflixOneMethod "${curlCommand}" "${curlInfo}" 307 | fi 308 | echo 309 | fi 310 | 311 | } 312 | 313 | 314 | 315 | 316 | 317 | 318 | 319 | 320 | 321 | 322 | 323 | 324 | 325 | 326 | 327 | 328 | 329 | 330 | 331 | function testYoutubeAll(){ 332 | # curlCommand="curl --connect-timeout 10 -s --user-agent ${UA_Browser}" 333 | curlCommand="curl --connect-timeout 10 -s" 334 | curlInfo="IPv4" 335 | 336 | if [[ $1 == "ipv4" ]]; then 337 | bold " 开始测试本机的IPv4 解锁 Youtube Premium 情况" 338 | curlCommand="${curlCommand} -4" 339 | curlInfo="IPv4" 340 | 341 | elif [[ $1 == "ipv4warp" ]]; then 342 | 343 | if [[ ${isIpv4WARPContinueInput} == [Nn] ]]; then 344 | red " 已退出本机 IPv4 WARP Sock5 代理测试" 345 | echo 346 | return 347 | else 348 | 349 | bold " 开始测试本机的IPv4 通过CloudFlare WARP 解锁 Youtube Premium 情况" 350 | curlCommand="${curlCommand} -x socks5h://127.0.0.1:${warpPortInput}" 351 | curlInfo="IPv4 CloudFlare WARP" 352 | fi 353 | 354 | elif [[ $1 == "ipv6" ]]; then 355 | 356 | if [[ "${isIPV6Enabled}" == "false" ]]; then 357 | 358 | if [[ ${isIpv6ContinueInput} == [Nn] ]]; then 359 | red " 已退出 本机IPv6 测试 " 360 | echo 361 | return 362 | else 363 | bold " 开始测试本机的IPv6 解锁 Youtube Premium 情况" 364 | curlCommand="${curlCommand} -6" 365 | curlInfo="IPv6" 366 | fi 367 | else 368 | bold " 开始测试本机的IPv6 解锁 Youtube Premium 情况" 369 | curlCommand="${curlCommand} -6" 370 | curlInfo="IPv6" 371 | 372 | fi 373 | 374 | elif [[ $1 == "ipv6warp" ]]; then 375 | bold " 开始测试本机的IPv6 通过CloudFlare WARP 解锁 Youtube Premium 情况" 376 | curlCommand="${curlCommand} -6" 377 | curlInfo="IPv6 CloudFlare WARP" 378 | 379 | else 380 | red " 没有选择要进行的测试 已退出! " 381 | return 382 | 383 | fi 384 | 385 | # curl 参数说明 386 | # --connect-timeout Maximum time allowed for connection 387 | # -4, --ipv4 Resolve names to IPv4 addresses 388 | # -s, --silent Silent mode 389 | # -S, --show-error Show error even when -s is used 390 | # -L, --location Follow redirects 391 | 392 | testYoutubeOneMethod "${curlCommand}" "${curlInfo}" 393 | echo 394 | 395 | } 396 | 397 | function testYoutubeOneMethod(){ 398 | 399 | if [[ -n "$1" ]]; then 400 | 401 | youtubeLinkRed="https://www.youtube.com/red" 402 | 403 | # green " Test Url: $1 ${youtubeLinkRed}" 404 | 405 | resultYoutubeIndex=$($1 -S ${youtubeLinkRed} 2>&1) 406 | 407 | if [[ "${resultYoutubeIndex}" == "curl"* ]];then 408 | red " 网络错误 无法打开 YouTube 网站" 409 | return 410 | fi 411 | 412 | resultYoutube=$($1 ${youtubeLinkRed} | sed 's/,/\n/g' | grep countryCode | cut -d '"' -f4) 413 | 414 | if [ ! -n "${resultYoutube}" ]; then 415 | yellow " YouTube 角标不显示 可能不支持 YouTube Premium" 416 | else 417 | green " 本机 $2 支持 YouTube Premium, 角标: ${resultYoutube}" 418 | fi 419 | 420 | else 421 | red " 要进行的测试 Url为空! " 422 | fi 423 | 424 | } 425 | 426 | 427 | 428 | 429 | 430 | 431 | 432 | 433 | 434 | 435 | 436 | 437 | 438 | 439 | 440 | 441 | 442 | 443 | function testDisneyPlusAll(){ 444 | curlCommand="curl --connect-timeout 10 -s --user-agent ${UA_Browser}" 445 | # curlCommand="curl --connect-timeout 10 -s" 446 | curlInfo="IPv4" 447 | 448 | if [[ $1 == "ipv4" ]]; then 449 | bold " 开始测试本机的IPv4 解锁 Disney+ 情况" 450 | curlCommand="${curlCommand} -4" 451 | curlInfo="IPv4" 452 | 453 | elif [[ $1 == "ipv4warp" ]]; then 454 | 455 | if [[ ${isIpv4WARPContinueInput} == [Nn] ]]; then 456 | red " 已退出本机 IPv4 WARP Sock5 代理测试" 457 | echo 458 | return 459 | else 460 | 461 | bold " 开始测试本机的IPv4 通过CloudFlare WARP 解锁 Disney+ 情况" 462 | curlCommand="${curlCommand} -x socks5h://127.0.0.1:${warpPortInput}" 463 | curlInfo="IPv4 CloudFlare WARP" 464 | fi 465 | 466 | elif [[ $1 == "ipv6" ]]; then 467 | 468 | if [[ "${isIPV6Enabled}" == "false" ]]; then 469 | 470 | if [[ ${isIpv6ContinueInput} == [Nn] ]]; then 471 | red " 已退出 本机IPv6 测试 " 472 | echo 473 | return 474 | else 475 | bold " 开始测试本机的IPv6 解锁 Disney+ 情况" 476 | curlCommand="${curlCommand} -6" 477 | curlInfo="IPv6" 478 | fi 479 | else 480 | bold " 开始测试本机的IPv6 解锁 Disney+ 情况" 481 | curlCommand="${curlCommand} -6" 482 | curlInfo="IPv6" 483 | 484 | fi 485 | 486 | elif [[ $1 == "ipv6warp" ]]; then 487 | bold " 开始测试本机的IPv6 通过CloudFlare WARP 解锁 Disney+ 情况" 488 | curlCommand="${curlCommand} -6" 489 | curlInfo="IPv6 CloudFlare WARP" 490 | 491 | else 492 | red " 没有选择要进行的测试 已退出! " 493 | return 494 | 495 | fi 496 | 497 | # curl 参数说明 498 | # --connect-timeout Maximum time allowed for connection 499 | # -4, --ipv4 Resolve names to IPv4 addresses 500 | # -s, --silent Silent mode 501 | # -S, --show-error Show error even when -s is used 502 | # -L, --location Follow redirects 503 | 504 | testDisneyPlusOneMethod "${curlCommand}" "${curlInfo}" 505 | echo 506 | 507 | } 508 | 509 | function testDisneyPlusOneMethod(){ 510 | 511 | if [[ -n "$1" ]]; then 512 | 513 | disneyLinkPrepare="https://disney.api.edge.bamgrid.com/devices" 514 | disneyLinkRed="https://www.disneyplus.com/movies/thor-the-dark-world/ZHk7aM5xTbW7" 515 | 516 | # green " Test Url: $1 ${disneyLinkRed}" 517 | 518 | resultDisneyPlusIndex=$($1 --max-time 10 -S -X POST "${disneyLinkPrepare}" -H "authorization: Bearer ZGlzbmV5JmJyb3dzZXImMS4wLjA.Cu56AgSfBTDag5NiRA81oLHkDZfu5L3CKadnefEAY84" -H "content-type: application/json; charset=UTF-8" -d '{"deviceFamily":"browser","applicationRuntime":"chrome","deviceProfile":"windows","attributes":{}}' 2>&1) 519 | 520 | if [[ "${resultDisneyPlusIndex}" == "curl"* ]];then 521 | red " 网络错误 无法打开 Disney+ 网站" 522 | return 523 | fi 524 | 525 | local PreDisneyCookie=$(curl -s --max-time 10 "https://raw.githubusercontent.com/lmc999/RegionRestrictionCheck/main/cookies" | sed -n '1p') 526 | 527 | #resultYoutube=$(curl --connect-timeout 10 https://www.disneyplus.com/movies/thor-the-dark-world/ZHk7aM5xTbW7 | grep 'The Dark World' ) 528 | resultYoutube=$($1 ${disneyLinkRed} | grep 'The Dark World' ) 529 | 530 | if [ -z "${resultYoutube}" ]; then 531 | yellow " 无法打开 Disney Plus 影片" 532 | else 533 | green " 本机 $2 支持观看 Disney Plus 影片" 534 | fi 535 | 536 | else 537 | red " 要进行的测试 Url为空! " 538 | fi 539 | 540 | } 541 | 542 | 543 | function MediaUnlockTest_DisneyPlus() { 544 | echo -n -e " Disney+:\t\t\t\t->\c" 545 | local PreAssertion=$(curl $useNIC $xForward -${1} --user-agent "${UA_Browser}" -s --max-time 10 -X POST "https://disney.api.edge.bamgrid.com/devices" -H "authorization: Bearer ZGlzbmV5JmJyb3dzZXImMS4wLjA.Cu56AgSfBTDag5NiRA81oLHkDZfu5L3CKadnefEAY84" -H "content-type: application/json; charset=UTF-8" -d '{"deviceFamily":"browser","applicationRuntime":"chrome","deviceProfile":"windows","attributes":{}}' 2>&1) 546 | if [[ "$PreAssertion" == "curl"* ]] && [[ "$1" == "6" ]]; then 547 | echo -n -e "\r Disney+:\t\t\t\t${Font_Red}IPv6 Not Support${Font_Suffix}\n" 548 | return 549 | elif [[ "$PreAssertion" == "curl"* ]]; then 550 | echo -n -e "\r Disney+:\t\t\t\t${Font_Red}Failed (Network Connection)${Font_Suffix}\n" 551 | return 552 | fi 553 | 554 | local assertion=$(echo $PreAssertion | python -m json.tool 2>/dev/null | grep assertion | cut -f4 -d'"') 555 | local PreDisneyCookie=$(curl -s --max-time 10 "https://raw.githubusercontent.com/lmc999/RegionRestrictionCheck/main/cookies" | sed -n '1p') 556 | local disneycookie=$(echo $PreDisneyCookie | sed "s/DISNEYASSERTION/${assertion}/g") 557 | local TokenContent=$(curl $useNIC $xForward -${1} --user-agent "${UA_Browser}" -s --max-time 10 -X POST "https://disney.api.edge.bamgrid.com/token" -H "authorization: Bearer ZGlzbmV5JmJyb3dzZXImMS4wLjA.Cu56AgSfBTDag5NiRA81oLHkDZfu5L3CKadnefEAY84" -d "$disneycookie") 558 | local isBanned=$(echo $TokenContent | python -m json.tool 2>/dev/null | grep 'forbidden-location') 559 | local is403=$(echo $TokenContent | grep '403 ERROR') 560 | 561 | if [ -n "$isBanned" ] || [ -n "$is403" ]; then 562 | echo -n -e "\r Disney+:\t\t\t\t${Font_Red}No${Font_Suffix}\n" 563 | return 564 | fi 565 | 566 | local fakecontent=$(curl -s --max-time 10 "https://raw.githubusercontent.com/lmc999/RegionRestrictionCheck/main/cookies" | sed -n '8p') 567 | local refreshToken=$(echo $TokenContent | python -m json.tool 2>/dev/null | grep 'refresh_token' | awk '{print $2}' | cut -f2 -d'"') 568 | local disneycontent=$(echo $fakecontent | sed "s/ILOVEDISNEY/${refreshToken}/g") 569 | local tmpresult=$(curl $useNIC $xForward -${1} --user-agent "${UA_Browser}" -X POST -sSL --max-time 10 "https://disney.api.edge.bamgrid.com/graph/v1/device/graphql" -H "authorization: ZGlzbmV5JmJyb3dzZXImMS4wLjA.Cu56AgSfBTDag5NiRA81oLHkDZfu5L3CKadnefEAY84" -d "$disneycontent" 2>&1) 570 | local previewcheck=$(curl $useNIC $xForward -${1} -s -o /dev/null -L --max-time 10 -w '%{url_effective}\n' "https://disneyplus.com" | grep preview) 571 | local isUnabailable=$(echo $previewcheck | grep 'unavailable') 572 | local region=$(echo $tmpresult | python -m json.tool 2>/dev/null | grep 'countryCode' | cut -f4 -d'"') 573 | local inSupportedLocation=$(echo $tmpresult | python -m json.tool 2>/dev/null | grep 'inSupportedLocation' | awk '{print $2}' | cut -f1 -d',') 574 | 575 | if [[ "$region" == "JP" ]]; then 576 | echo -n -e "\r Disney+:\t\t\t\t${Font_Green}Yes (Region: JP)${Font_Suffix}\n" 577 | return 578 | elif [ -n "$region" ] && [[ "$inSupportedLocation" == "false" ]] && [ -z "$isUnabailable" ]; then 579 | echo -n -e "\r Disney+:\t\t\t\t${Font_Yellow}Available For [Disney+ $region] Soon${Font_Suffix}\n" 580 | return 581 | elif [ -n "$region" ] && [ -n "$isUnavailable" ]; then 582 | echo -n -e "\r Disney+:\t\t\t\t${Font_Red}No${Font_Suffix}\n" 583 | return 584 | elif [ -n "$region" ] && [[ "$inSupportedLocation" == "true" ]]; then 585 | echo -n -e "\r Disney+:\t\t\t\t${Font_Green}Yes (Region: $region)${Font_Suffix}\n" 586 | return 587 | elif [ -z "$region" ]; then 588 | echo -n -e "\r Disney+:\t\t\t\t${Font_Red}No${Font_Suffix}\n" 589 | return 590 | else 591 | echo -n -e "\r Disney+:\t\t\t\t${Font_Red}Failed${Font_Suffix}\n" 592 | return 593 | fi 594 | 595 | } 596 | 597 | 598 | 599 | 600 | 601 | 602 | 603 | 604 | 605 | 606 | 607 | 608 | 609 | 610 | 611 | function startNetflixTest(){ 612 | 613 | echo 614 | green " ==================================================" 615 | green " Netflix 非自制剧解锁 检测脚本 By JinWYP" 616 | red " 本脚本无法检测出使用 V2ray 服务器端路由规则解锁Netflix" 617 | red " 需要在 V2ray 客户端上运行本脚本才可以检测成功" 618 | green " ==================================================" 619 | echo 620 | 621 | if [[ -n "$1" ]]; then 622 | isAutoRefreshWarp="true" 623 | autoRefreshWarpIPStart 624 | 625 | else 626 | 627 | testIPV6Enabled 628 | 629 | testNetflixAll "ipv4" 630 | testNetflixAll "ipv6" 631 | testNetflixAll "ipv4warp" 632 | 633 | green " ===== Youtube Premium 准备开始检测 =====" 634 | 635 | testYoutubeAll "ipv4" 636 | testYoutubeAll "ipv6" 637 | testYoutubeAll "ipv4warp" 638 | 639 | green " ===== Disney+ 准备开始检测 =====" 640 | 641 | testDisneyPlusAll "ipv4" 642 | testDisneyPlusAll "ipv6" 643 | testDisneyPlusAll "ipv4warp" 644 | 645 | fi 646 | } 647 | 648 | 649 | 650 | startNetflixTest "$1" 651 | 652 | --------------------------------------------------------------------------------