├── Caddyfile ├── LICENSE ├── README.md ├── caddy.service ├── config.json └── v2.sh /Caddyfile: -------------------------------------------------------------------------------- 1 | :80 { 2 | redir https://FAKEDOMAIN{uri} 3 | } 4 | 5 | FAKEDOMAIN { 6 | gzip 7 | timeouts none 8 | proxy / www.lse.ac.uk { 9 | except /FAKEPATH robots.txt 10 | } 11 | proxy /FAKEPATH localhost:35666 { 12 | without /FAKEPATH 13 | websocket 14 | transparent 15 | } 16 | tls { 17 | dns cloudflare 18 | } 19 | } 20 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2020 phlinhng 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # V2Ray Caddy Cloudflare 一键脚本 2 | 利用官方腳本实现的 V2Ray 干净一键脚本,集成 Cloudflare API,无需手动点灰云朵也能自动获取证书。 3 | 4 | ## [Docker 版](https://github.com/phlinhng/v2ray-caddy-cf/tree/docker) 5 | 6 | # 用法 7 | ## 初次安装 8 | ```sh 9 | wget -N --no-check-certificate https://raw.githubusercontent.com/phlinhng/v2ray-caddy-cf/master/v2.sh && chmod +x v2.sh && ./v2.sh [domain] [path] [cloudflare email] [cloudflare api key] 10 | ``` 11 | ## 更新 v2Ray 12 | ```sh 13 | bash <(curl -L -s https://install.direct/go.sh) 14 | ``` 15 | 适用ubuntu, debian系统 16 | 17 | # 示范 18 | ```sh 19 | ./v2.sh "www.yourdomain.com" "yourpath" "johndoe@gmail.com" "a665a45920422f9d417e4867efdc4fb8a04a1f3fff1fa07e998e86f7f7a27ae3" 20 | ``` 21 | 安装成功后会显示如下的配置信息 (UUID为随机生成,每次皆不同;Alter ID默认为0) 22 | ```sh 23 | Address: www.yourdomain.com 24 | Port: 443 25 | UUID: 13FB0A64-3BC8-4574-8D49-7121B04BDE83 26 | Alter ID: 0 27 | Type: websocket 28 | Hostname: www.yourdomain.com 29 | Path: /yourpath 30 | 31 | vmess://eyJhZGQiOiJhYmMuY29tIiwiYWlkIjoiMzYiLCJob3N0IjoiYWJjLmNvbSIsImlkIjoiRDA0RTczODEtN0Y5Qi00OEYyLTg2QzMtOTQwRjBCNTQ3MEEwIiwibmV0Ijoid3MiLCJwYXRoIjoiL2FiYyIsInBvcnQiOiI0NDMiLCJwcyI6ImFiYy5jb206NDQzIiwidGxzIjoidGxzIiwidHlwZSI6Im5vbmUiLCJ2IjoiMiJ9Cg== 32 | ``` 33 | 34 | # 注意事项 35 | 请确保配置信息填写正确。 36 | 37 | # 安装 BBR四合一加速脚本 38 | ```sh 39 | sudo wget -N --no-check-certificate "https://raw.githubusercontent.com/chiakge/Linux-NetSpeed/master/tcp.sh" && chmod +x tcp.sh && ./tcp.sh 40 | ``` 41 | 42 | 43 | 44 | -------------------------------------------------------------------------------- /caddy.service: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description=Caddy HTTP/2 web server 3 | Documentation=https://caddyserver.com/docs 4 | After=network-online.target 5 | Wants=network-online.target systemd-networkd-wait-online.service 6 | 7 | ; Do not allow the process to be restarted in a tight loop. If the 8 | ; process fails to start, something critical needs to be fixed. 9 | StartLimitIntervalSec=14400 10 | StartLimitBurst=10 11 | 12 | [Service] 13 | Restart=on-abnormal 14 | 15 | ; User and group the process will run as. 16 | User=www-data 17 | Group=www-data 18 | 19 | ; Letsencrypt-issued certificates will be written to this directory. 20 | Environment=CADDYPATH=/etc/ssl/caddy 21 | Environment=CLOUDFLARE_EMAIL=FAKEEMAIL 22 | Environment=CLOUDFLARE_API_KEY=FAKEAPIKEY 23 | 24 | ; Always set "-root" to something safe in case it gets forgotten in the Caddyfile. 25 | ExecStart=/usr/local/bin/caddy -log stdout -log-timestamps=false -agree=true -conf=/etc/caddy/Caddyfile -root=/var/tmp 26 | ExecReload=/bin/kill -USR1 $MAINPID 27 | 28 | ; Use graceful shutdown with a reasonable timeout 29 | KillMode=mixed 30 | KillSignal=SIGQUIT 31 | TimeoutStopSec=5s 32 | 33 | ; Limit the number of file descriptors; see `man systemd.exec` for more limit settings. 34 | LimitNOFILE=1048576 35 | ; Unmodified caddy is not expected to use more than that. 36 | LimitNPROC=512 37 | 38 | ; Use private /tmp and /var/tmp, which are discarded after caddy stops. 39 | PrivateTmp=true 40 | ; Use a minimal /dev (May bring additional security if switched to 'true', but it may not work on Raspberry Pi's or other devices, so it has been disabled in this dist.) 41 | PrivateDevices=false 42 | ; Hide /home, /root, and /run/user. Nobody will steal your SSH-keys. 43 | ProtectHome=true 44 | ; Make /usr, /boot, /etc and possibly some more folders read-only. 45 | ProtectSystem=full 46 | ; … except /etc/ssl/caddy, because we want Letsencrypt-certificates there. 47 | ; This merely retains r/w access rights, it does not add any new. Must still be writable on the host! 48 | ReadWritePaths=/etc/ssl/caddy 49 | ReadWriteDirectories=/etc/ssl/caddy 50 | 51 | ; The following additional security directives only work with systemd v229 or later. 52 | ; They further restrict privileges that can be gained by caddy. Uncomment if you like. 53 | ; Note that you may have to add capabilities required by any plugins in use. 54 | ;CapabilityBoundingSet=CAP_NET_BIND_SERVICE 55 | ;AmbientCapabilities=CAP_NET_BIND_SERVICE 56 | ;NoNewPrivileges=true 57 | 58 | [Install] 59 | WantedBy=multi-user.target 60 | -------------------------------------------------------------------------------- /config.json: -------------------------------------------------------------------------------- 1 | { 2 | "inbounds": [ 3 | { 4 | "port": 35666, 5 | "protocol": "vmess", 6 | "settings": { 7 | "clients": [ 8 | { 9 | "id": "FAKEUUID", 10 | "alterId": 0 11 | } 12 | ] 13 | }, 14 | "streamSettings": { 15 | "network": "ws", 16 | "security": "none" 17 | }, 18 | "sniffing": { 19 | "enabled": true, 20 | "destOverride": [ "http", "tls" ] 21 | }, 22 | "listen": "127.0.0.1" 23 | } 24 | ], 25 | "outbounds": [ 26 | { 27 | "tag": "direct", 28 | "protocol": "freedom", 29 | "settings": {} 30 | }, 31 | { 32 | "tag": "blocked", 33 | "protocol": "blackhole", 34 | "settings": {} 35 | } 36 | ], 37 | "routing": { 38 | "domainStrategy": "AsIs", 39 | "rules": [ 40 | { 41 | "type": "field", 42 | "ip": [ 43 | "geoip:private" 44 | ], 45 | "outboundTag": "blocked" 46 | }, 47 | { 48 | "type": "field", 49 | "protocol": [ 50 | "bittorrent" 51 | ], 52 | "outboundTag": "blocked" 53 | } 54 | ] 55 | } 56 | } 57 | -------------------------------------------------------------------------------- /v2.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | if [[ $(/usr/bin/id -u) -ne 0 ]]; then 4 | echo "请使用root用户或sudo指令執行" 5 | exit 2 6 | fi 7 | 8 | V2_DOMAIN=$1 9 | V2_PATH=$(echo $2| tr -d '/') 10 | CF_EMAIL=$3 11 | CF_APIKEY=$4 12 | 13 | apt-get install curl git uuid-runtime coreutils libcap2-bin wget ntp -y 14 | 15 | # install v2ray 16 | bash <(curl -L -s https://install.direct/go.sh) 17 | 18 | # install caddy 19 | curl https://getcaddy.com | bash -s personal tls.dns.cloudflare 20 | 21 | rm -rf v2ray-caddy-cf 22 | git clone https://github.com/phlinhng/v2ray-caddy-cf.git 23 | cd v2ray-caddy-cf 24 | 25 | uuid=$(uuidgen) 26 | sed -i "s/FAKEUUID/${uuid}/g" config.json 27 | sed -i "s/FAKEDOMAIN/${V2_DOMAIN}/g" Caddyfile 28 | sed -i "s/FAKEPATH/${V2_PATH}/g" Caddyfile 29 | sed -i "s/FAKEEMAIL/${CF_EMAIL}/g" caddy.service 30 | sed -i "s/FAKEAPIKEY/${CF_APIKEY}/g" caddy.service 31 | 32 | # Give the caddy binary the ability to bind to privileged ports (e.g. 80, 443) as a non-root user 33 | setcap 'cap_net_bind_service=+ep' /usr/local/bin/caddy 34 | 35 | # create user for caddy 36 | groupadd -g 33 www-data 37 | useradd -g www-data --no-user-group \ 38 | --home-dir /var/www --no-create-home \ 39 | --shell /usr/sbin/nologin \ 40 | --system --uid 33 www-data 41 | 42 | mkdir /var/www 43 | chown www-data:www-data /var/www 44 | chmod 555 /var/www 45 | 46 | /bin/cp -f config.json /etc/v2ray 47 | 48 | mkdir -p /etc/caddy 49 | chown -R root:root /etc/caddy 50 | 51 | mkdir -p /etc/ssl/caddy 52 | chown -R root:www-data /etc/ssl/caddy 53 | chmod 0770 /etc/ssl/caddy 54 | # to prevent problem from restarting caddy 55 | rm -rf /etc/ssl/caddy/* 56 | 57 | /bin/cp Caddyfile /etc/caddy/Caddyfile 58 | chown root:root /etc/caddy/Caddyfile 59 | chmod 644 /etc/caddy/Caddyfile 60 | 61 | /bin/cp caddy.service /etc/systemd/system/caddy.service 62 | chown root:root /etc/systemd/system/caddy.service 63 | chmod 644 /etc/systemd/system/caddy.service 64 | 65 | (crontab -l 2>/dev/null; echo "0 7 * * * wget -q https://github.com/Loyalsoldier/v2ray-rules-dat/raw/release/geoip.dat -O /usr/bin/v2ray/geoip.dat >/dev/null >/dev/null") | crontab - 66 | (crontab -l 2>/dev/null; echo "0 7 * * * wget -q https://github.com/Loyalsoldier/v2ray-rules-dat/raw/release/geosite.dat -O /usr/bin/v2ray/geosite.dat >/dev/null >/dev/null") | crontab - 67 | 68 | systemctl daemon-reload 69 | 70 | systemctl enable ntp 71 | systemctl start ntp 72 | 73 | systemctl enable v2ray 74 | systemctl start v2ray 75 | 76 | systemctl enable caddy 77 | systemctl start caddy 78 | 79 | cd .. 80 | rm -rf v2ray-caddy-cf 81 | 82 | printf "" 83 | printf "Address: ${V2_DOMAIN}" 84 | printf "Port: 443" 85 | printf "UUID: ${uuid}" 86 | printf "Alter ID: 0" 87 | printf "Type: websocket" 88 | printf "Hostname: ${V2_DOMAIN}" 89 | printf "Path: /${V2_PATH}" 90 | printf "" 91 | 92 | json="{\"add\":\"${V2_DOMAIN}\",\"aid\":\"0\",\"host\":\"${V2_DOMAIN}\",\"id\":\"${uuid}\",\"net\":\"ws\",\"path\":\"/${V2_PATH}\",\"port\":\"443\",\"ps\":\"${V2_DOMAIN}:443\",\"tls\":\"tls\",\"type\":\"none\",\"v\":\"2\"}" 93 | 94 | uri="$(printf "${json}" | base64)" 95 | printf "vmess://${uri}" 96 | printf "\n" 97 | 98 | exit 0 99 | --------------------------------------------------------------------------------