#!/bin/bash #使用方法 #wget -N --no-check-certificate -q -O install.sh "https://raw.githubusercontent.com/jth445600/hello-world/master/v2ray_wp_free" && chmod +x install.sh && bash install.sh PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:~/bin export PATH cd "$( cd "$(dirname "$0")" || exit pwd )" || exit #==================================================== # System Request:Debian 9+/Ubuntu 18.04+/Centos 7+ # Author: wulabing # Dscription: V2ray ws+tls onekey Management # Version: 1.0 # email:admin@wulabing.com # Official document: www.v2ray.com #==================================================== #fonts color Green="\033[32m" Red="\033[31m" # Yellow="\033[33m" GreenBG="\033[42;37m" RedBG="\033[41;37m" Font="\033[0m" blue(){ echo -e "\033[34m\033[01m$1\033[0m" } green(){ echo -e "\033[32m\033[01m$1\033[0m" } red(){ echo -e "\033[31m\033[01m$1\033[0m" } yellow(){ echo -e "\033[33m\033[01m$1\033[0m" } source /etc/os-release RELEASE=$ID VERSION=$VERSION_ID green "== 仅适用于centos7版本" green "== Time : $(date +"%Y-%m-%d %H:%M:%S")" green "== OS : $RELEASE $VERSION" green "== Kernel: $(uname -r)" green "== User : $(whoami)" mkdir /usr/share mkdir /usr/share/nginx mkdir /usr/share/nginx/html sleep 2s #notification information # Info="${Green}[信息]${Font}" OK="${Green}[OK]${Font}" Error="${Red}[错误]${Font}" # 版本 shell_version="1.1.5.7" shell_mode="None" github_branch="master" version_cmp="/tmp/version_cmp.tmp" v2ray_conf_dir="/etc/v2ray" nginx_conf_dir="/etc/nginx/conf/conf.d" v2ray_conf="${v2ray_conf_dir}/config.json" nginx_conf="${nginx_conf_dir}/v2ray.conf" nginx_dir="/etc/nginx" web_dir="/home/wwwroot" nginx_openssl_src="/usr/local/src" v2ray_bin_dir_old="/usr/bin/v2ray" v2ray_bin_dir="/usr/local/bin" v2ray_info_file="$HOME/v2ray_info.inf" v2ray_qr_config_file="/usr/local/vmess_qr.json" nginx_systemd_file="/etc/systemd/system/nginx.service" v2ray_systemd_file="/etc/systemd/system/v2ray.service" v2ray_access_log="/var/log/v2ray/access.log" v2ray_error_log="/var/log/v2ray/error.log" amce_sh_file="/root/.acme.sh/acme.sh" ssl_update_file="/usr/bin/ssl_update.sh" nginx_version="1.18.0" openssl_version="1.1.1g" jemalloc_version="5.2.1" old_config_status="off" # v2ray_plugin_version="$(wget -qO- "https://github.com/shadowsocks/v2ray-plugin/tags" | grep -E "/shadowsocks/v2ray-plugin/releases/tag/" | head -1 | sed -r 's/.*tag\/v(.+)\">.*/\1/')" #移动旧版本配置信息 对小于 1.1.0 版本适配 [[ -f "/etc/v2ray/vmess_qr.json" ]] && mv /etc/v2ray/vmess_qr.json $v2ray_qr_config_file #简易随机数 random_num=$((RANDOM%12+4)) #生成伪装路径 camouflage="/$(head -n 10 /dev/urandom | md5sum | head -c ${random_num})/" THREAD=$(grep 'processor' /proc/cpuinfo | sort -u | wc -l) source '/etc/os-release' #从VERSION中提取发行版系统的英文名称,为了在debian/ubuntu下添加相对应的Nginx apt源 VERSION=$(echo "${VERSION}" | awk -F "[()]" '{print $2}') install_wordpress(){ green "$(date +"%Y-%m-%d %H:%M:%S") ==== 安装wordpress" yum install -y iptables-services systemctl start iptables systemctl enable iptables iptables -F SSH_PORT=$(awk '$1=="Port" {print $2}' /etc/ssh/sshd_config) if [ ! -n "$SSH_PORT" ]; then iptables -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT else iptables -A INPUT -p tcp -m tcp --dport ${SSH_PORT} -j ACCEPT fi iptables -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT iptables -A INPUT -p tcp -m tcp --dport 443 -j ACCEPT iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT iptables -A INPUT -i lo -j ACCEPT iptables -P INPUT DROP iptables -P FORWARD DROP iptables -P OUTPUT ACCEPT service iptables save green "=====================================================================" green "安全起见,iptables仅开启ssh,http,https端口,如需开放其他端口请自行放行" green "=====================================================================" echo echo sleep 1 yum -y install wget mkdir /usr/share/wordpresstemp cd /usr/share/wordpresstemp/ wget https://cn.wordpress.org/latest-zh_CN.zip if [ ! -f "/usr/share/wordpresstemp/latest-zh_CN.zip" ]; then red "从cn官网下载wordpress失败,尝试从github下载……" wget https://github.com/atrandys/wordpress/raw/master/latest-zh_CN.zip fi if [ ! -f "/usr/share/wordpresstemp/latest-zh_CN.zip" ]; then red "从github下载wordpress也失败了,请尝试手动安装……" green "从wordpress官网下载包然后命名为latest-zh_CN.zip,新建目录/usr/share/wordpresstemp/,上传到此目录下即可" exit 1 fi green "===============" green " 1.安装必要软件" green "===============" sleep 1s echo wget https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm wget https://rpms.remirepo.net/enterprise/remi-release-7.rpm if [ -f "epel-release-latest-7.noarch.rpm" -a -f "remi-release-7.rpm" ]; then green "下载软件源成功" else red "下载软件源失败,退出安装" exit 1 fi rpm -ivh remi-release-7.rpm epel-release-latest-7.noarch.rpm --force --nodeps #sed -i "0,/enabled=0/s//enabled=1/" /etc/yum.repos.d/epel.repo yum -y install unzip vim tcl expect curl socat echo echo green "============" green "2.安装PHP7.4" green "============" sleep 1 yum -y install php74 php74-php-gd php74-php-opcache php74-php-pdo php74-php-mbstring php74-php-cli php74-php-fpm php74-php-mysqlnd php74-php-xml service php74-php-fpm start chkconfig php74-php-fpm on if [ `yum list installed | grep php74 | wc -l` -ne 0 ]; then echo green "【checked】 PHP7安装成功" echo echo sleep 2s php_status=1 fi green "===============" green " 3.安装MySQL" green "===============" sleep 1s #wget http://repo.mysql.com/mysql-community-release-el7-5.noarch.rpm wget https://repo.mysql.com/mysql80-community-release-el7-3.noarch.rpm rpm -ivh mysql80-community-release-el7-3.noarch.rpm --force --nodeps yum -y install mysql-server systemctl enable mysqld.service systemctl start mysqld.service if [ `yum list installed | grep mysql-community | wc -l` -ne 0 ]; then green "【checked】 MySQL安装成功" echo echo sleep 2 mysql_status=1 fi echo echo green "===============" green " 4.配置MySQL" green "===============" sleep 2 originpasswd=`cat /var/log/mysqld.log | grep password | head -1 | rev | cut -d ' ' -f 1 | rev` mysqlpasswd=`mkpasswd -l 18 -d 2 -c 3 -C 4 -s 5 | sed $'s/[\'\/\;\"\:\.\?\&]//g'` cat > ~/.my.cnf < ~/.my.cnf <> /usr/share/nginx/html/wp-config.php chown -R apache:apache /usr/share/nginx/html/ #chmod 775 apache:apache /usr/share/nginx/html/ -Rf chmod -R 755 /usr/share/nginx/html/wp-content green "==========================================================================" green " WordPress服务端配置已完成,请打开浏览器访问您的域名进行前台配置" green " 数据库密码等信息参考文件:/usr/share/nginx/html/wp-config.php" green "==========================================================================" green "本次安装检测信息如下:" ps -aux | grep -e nginx -e xray -e mysql -e php } check_system() { if [[ "${ID}" == "centos" && ${VERSION_ID} -ge 7 ]]; then echo -e "${OK} ${GreenBG} 当前系统为 Centos ${VERSION_ID} ${VERSION} ${Font}" INS="yum" elif [[ "${ID}" == "debian" && ${VERSION_ID} -ge 8 ]]; then echo -e "${OK} ${GreenBG} 当前系统为 Debian ${VERSION_ID} ${VERSION} ${Font}" INS="apt" $INS update ## 添加 Nginx apt源 elif [[ "${ID}" == "ubuntu" && $(echo "${VERSION_ID}" | cut -d '.' -f1) -ge 16 ]]; then echo -e "${OK} ${GreenBG} 当前系统为 Ubuntu ${VERSION_ID} ${UBUNTU_CODENAME} ${Font}" INS="apt" rm /var/lib/dpkg/lock dpkg --configure -a rm /var/lib/apt/lists/lock rm /var/cache/apt/archives/lock $INS update else echo -e "${Error} ${RedBG} 当前系统为 ${ID} ${VERSION_ID} 不在支持的系统列表内,安装中断 ${Font}" exit 1 fi $INS install dbus systemctl stop firewalld systemctl disable firewalld echo -e "${OK} ${GreenBG} firewalld 已关闭 ${Font}" systemctl stop ufw systemctl disable ufw echo -e "${OK} ${GreenBG} ufw 已关闭 ${Font}" } is_root() { if [ 0 == $UID ]; then echo -e "${OK} ${GreenBG} 当前用户是root用户,进入安装流程 ${Font}" sleep 3 else echo -e "${Error} ${RedBG} 当前用户不是root用户,请切换到root用户后重新执行脚本 ${Font}" exit 1 fi } judge() { if [[ 0 -eq $? ]]; then echo -e "${OK} ${GreenBG} $1 完成 ${Font}" sleep 1 else echo -e "${Error} ${RedBG} $1 失败${Font}" exit 1 fi } chrony_install() { ${INS} -y install chrony judge "安装 chrony 时间同步服务 " timedatectl set-ntp true if [[ "${ID}" == "centos" ]]; then systemctl enable chronyd && systemctl restart chronyd else systemctl enable chrony && systemctl restart chrony fi judge "chronyd 启动 " timedatectl set-timezone Asia/Shanghai echo -e "${OK} ${GreenBG} 等待时间同步 ${Font}" sleep 10 chronyc sourcestats -v chronyc tracking -v date read -rp "请确认时间是否准确,误差范围±3分钟(Y/N): " chrony_install [[ -z ${chrony_install} ]] && chrony_install="Y" case $chrony_install in [yY][eE][sS] | [yY]) echo -e "${GreenBG} 继续安装 ${Font}" sleep 2 ;; *) echo -e "${RedBG} 安装终止 ${Font}" exit 2 ;; esac } dependency_install() { ${INS} install wget git lsof -y if [[ "${ID}" == "centos" ]]; then ${INS} -y install crontabs else ${INS} -y install cron fi judge "安装 crontab" if [[ "${ID}" == "centos" ]]; then touch /var/spool/cron/root && chmod 600 /var/spool/cron/root systemctl start crond && systemctl enable crond else touch /var/spool/cron/crontabs/root && chmod 600 /var/spool/cron/crontabs/root systemctl start cron && systemctl enable cron fi judge "crontab 自启动配置 " ${INS} -y install bc judge "安装 bc" ${INS} -y install unzip judge "安装 unzip" ${INS} -y install qrencode judge "安装 qrencode" ${INS} -y install curl judge "安装 curl" if [[ "${ID}" == "centos" ]]; then ${INS} -y groupinstall "Development tools" else ${INS} -y install build-essential fi judge "编译工具包 安装" if [[ "${ID}" == "centos" ]]; then ${INS} -y install pcre pcre-devel zlib-devel epel-release else ${INS} -y install libpcre3 libpcre3-dev zlib1g-dev dbus fi # ${INS} -y install rng-tools # judge "rng-tools 安装" ${INS} -y install haveged # judge "haveged 安装" # sed -i -r '/^HRNGDEVICE/d;/#HRNGDEVICE=\/dev\/null/a HRNGDEVICE=/dev/urandom' /etc/default/rng-tools if [[ "${ID}" == "centos" ]]; then # systemctl start rngd && systemctl enable rngd # judge "rng-tools 启动" systemctl start haveged && systemctl enable haveged # judge "haveged 启动" else # systemctl start rng-tools && systemctl enable rng-tools # judge "rng-tools 启动" systemctl start haveged && systemctl enable haveged # judge "haveged 启动" fi } basic_optimization() { # 最大文件打开数 sed -i '/^\*\ *soft\ *nofile\ *[[:digit:]]*/d' /etc/security/limits.conf sed -i '/^\*\ *hard\ *nofile\ *[[:digit:]]*/d' /etc/security/limits.conf echo '* soft nofile 65536' >>/etc/security/limits.conf echo '* hard nofile 65536' >>/etc/security/limits.conf # 关闭 Selinux if [[ "${ID}" == "centos" ]]; then sed -i 's/^SELINUX=.*/SELINUX=disabled/' /etc/selinux/config setenforce 0 fi } port_alterid_set() { if [[ "on" != "$old_config_status" ]]; then read -rp "请输入连接端口(default:443):" port [[ -z ${port} ]] && port="443" read -rp "请输入alterID(default:2 仅允许填数字):" alterID [[ -z ${alterID} ]] && alterID="2" fi } modify_path() { if [[ "on" == "$old_config_status" ]]; then camouflage="$(grep '\"path\"' $v2ray_qr_config_file | awk -F '"' '{print $4}')" fi sed -i "/\"path\"/c \\\t \"path\":\"${camouflage}\"" ${v2ray_conf} judge "V2ray 伪装路径 修改" } modify_alterid() { if [[ "on" == "$old_config_status" ]]; then alterID="$(grep '\"aid\"' $v2ray_qr_config_file | awk -F '"' '{print $4}')" fi sed -i "/\"alterId\"/c \\\t \"alterId\":${alterID}" ${v2ray_conf} judge "V2ray alterid 修改" [ -f ${v2ray_qr_config_file} ] && sed -i "/\"aid\"/c \\ \"aid\": \"${alterID}\"," ${v2ray_qr_config_file} echo -e "${OK} ${GreenBG} alterID:${alterID} ${Font}" } modify_inbound_port() { if [[ "on" == "$old_config_status" ]]; then port="$(info_extraction '\"port\"')" fi if [[ "$shell_mode" != "h2" ]]; then PORT=$((RANDOM + 10000)) sed -i "/\"port\"/c \ \"port\":${PORT}," ${v2ray_conf} else sed -i "/\"port\"/c \ \"port\":${port}," ${v2ray_conf} fi judge "V2ray inbound_port 修改" } modify_UUID() { [ -z "$UUID" ] && UUID=$(cat /proc/sys/kernel/random/uuid) if [[ "on" == "$old_config_status" ]]; then UUID="$(info_extraction '\"id\"')" fi sed -i "/\"id\"/c \\\t \"id\":\"${UUID}\"," ${v2ray_conf} judge "V2ray UUID 修改" [ -f ${v2ray_qr_config_file} ] && sed -i "/\"id\"/c \\ \"id\": \"${UUID}\"," ${v2ray_qr_config_file} echo -e "${OK} ${GreenBG} UUID:${UUID} ${Font}" } modify_nginx_port() { if [[ "on" == "$old_config_status" ]]; then port="$(info_extraction '\"port\"')" fi sed -i "/ssl http2;$/c \\\tlisten ${port} ssl http2;" ${nginx_conf} sed -i "3c \\\tlisten [::]:${port} http2;" ${nginx_conf} judge "V2ray port 修改" [ -f ${v2ray_qr_config_file} ] && sed -i "/\"port\"/c \\ \"port\": \"${port}\"," ${v2ray_qr_config_file} echo -e "${OK} ${GreenBG} 端口号:${port} ${Font}" } modify_nginx_other() { sed -i "/server_name/c \\\tserver_name ${domain};" ${nginx_conf} sed -i "/location/c \\\tlocation ${camouflage}" ${nginx_conf} sed -i "/proxy_pass/c \\\tproxy_pass http://127.0.0.1:${PORT};" ${nginx_conf} sed -i "/return/c \\\treturn 301 https://${domain}\$request_uri;" ${nginx_conf} #sed -i "27i \\\tproxy_intercept_errors on;" ${nginx_dir}/conf/nginx.conf } web_camouflage() { ##请注意 这里和LNMP脚本的默认路径冲突,千万不要在安装了LNMP的环境下使用本脚本,否则后果自负 rm -rf /home/wwwroot mkdir -p /home/wwwroot cd /home/wwwroot || exit git clone https://github.com/wulabing/3DCEList.git judge "web 站点伪装" } v2ray_install() { if [[ -d /root/v2ray ]]; then rm -rf /root/v2ray fi if [[ -d /etc/v2ray ]]; then rm -rf /etc/v2ray fi mkdir -p /root/v2ray cd /root/v2ray || exit wget -N --no-check-certificate https://raw.githubusercontent.com/wulabing/V2Ray_ws-tls_bash_onekey/${github_branch}/v2ray.sh if [[ -f v2ray.sh ]]; then rm -rf $v2ray_systemd_file systemctl daemon-reload bash v2ray.sh --force judge "安装 V2ray" else echo -e "${Error} ${RedBG} V2ray 安装文件下载失败,请检查下载地址是否可用 ${Font}" exit 4 fi # 清除临时文件 rm -rf /root/v2ray } nginx_exist_check() { if [[ -f "/etc/nginx/sbin/nginx" ]]; then echo -e "${OK} ${GreenBG} Nginx已存在,跳过编译安装过程 ${Font}" sleep 2 elif [[ -d "/usr/local/nginx/" ]]; then echo -e "${OK} ${GreenBG} 检测到其他套件安装的Nginx,继续安装会造成冲突,请处理后安装${Font}" exit 1 else nginx_install fi } nginx_install() { # if [[ -d "/etc/nginx" ]];then # rm -rf /etc/nginx # fi wget -nc --no-check-certificate http://nginx.org/download/nginx-${nginx_version}.tar.gz -P ${nginx_openssl_src} judge "Nginx 下载" wget -nc --no-check-certificate https://www.openssl.org/source/openssl-${openssl_version}.tar.gz -P ${nginx_openssl_src} judge "openssl 下载" wget -nc --no-check-certificate https://github.com/jemalloc/jemalloc/releases/download/${jemalloc_version}/jemalloc-${jemalloc_version}.tar.bz2 -P ${nginx_openssl_src} judge "jemalloc 下载" cd ${nginx_openssl_src} || exit [[ -d nginx-"$nginx_version" ]] && rm -rf nginx-"$nginx_version" tar -zxvf nginx-"$nginx_version".tar.gz [[ -d openssl-"$openssl_version" ]] && rm -rf openssl-"$openssl_version" tar -zxvf openssl-"$openssl_version".tar.gz [[ -d jemalloc-"${jemalloc_version}" ]] && rm -rf jemalloc-"${jemalloc_version}" tar -xvf jemalloc-"${jemalloc_version}".tar.bz2 [[ -d "$nginx_dir" ]] && rm -rf ${nginx_dir} echo -e "${OK} ${GreenBG} 即将开始编译安装 jemalloc ${Font}" sleep 2 cd jemalloc-${jemalloc_version} || exit ./configure judge "编译检查" make -j "${THREAD}" && make install judge "jemalloc 编译安装" echo '/usr/local/lib' >/etc/ld.so.conf.d/local.conf ldconfig echo -e "${OK} ${GreenBG} 即将开始编译安装 Nginx, 过程稍久,请耐心等待 ${Font}" sleep 4 cd ../nginx-${nginx_version} || exit ./configure --prefix="${nginx_dir}" \ --with-http_ssl_module \ --with-http_sub_module \ --with-http_gzip_static_module \ --with-http_stub_status_module \ --with-pcre \ --with-http_realip_module \ --with-http_flv_module \ --with-http_mp4_module \ --with-http_secure_link_module \ --with-http_v2_module \ --with-cc-opt='-O3' \ --with-ld-opt="-ljemalloc" \ --with-openssl=../openssl-"$openssl_version" judge "编译检查" make -j "${THREAD}" && make install judge "Nginx 编译安装" # 修改基本配置 sed -i 's/#user nobody;/user root;/' ${nginx_dir}/conf/nginx.conf sed -i 's/worker_processes 1;/worker_processes 3;/' ${nginx_dir}/conf/nginx.conf sed -i 's/ worker_connections 1024;/ worker_connections 4096;/' ${nginx_dir}/conf/nginx.conf sed -i '$i include conf.d/*.conf;' ${nginx_dir}/conf/nginx.conf # 删除临时文件 rm -rf ../nginx-"${nginx_version}" rm -rf ../openssl-"${openssl_version}" rm -rf ../nginx-"${nginx_version}".tar.gz rm -rf ../openssl-"${openssl_version}".tar.gz # 添加配置文件夹,适配旧版脚本 mkdir ${nginx_dir}/conf/conf.d } ssl_install() { if [[ "${ID}" == "centos" ]]; then ${INS} install socat nc -y else ${INS} install socat netcat -y fi judge "安装 SSL 证书生成脚本依赖" curl https://get.acme.sh | sh judge "安装 SSL 证书生成脚本" } domain_check() { read -rp "请输入你的域名信息(eg:www.wulabing.com):" domain domain_ip=$(ping "${domain}" -c 1 | sed '1{s/[^(]*(//;s/).*//;q}') echo -e "${OK} ${GreenBG} 正在获取 公网ip 信息,请耐心等待 ${Font}" local_ip=$(curl https://api-ipv4.ip.sb/ip) echo -e "域名dns解析IP:${domain_ip}" echo -e "本机IP: ${local_ip}" sleep 2 if [[ $(echo "${local_ip}" | tr '.' '+' | bc) -eq $(echo "${domain_ip}" | tr '.' '+' | bc) ]]; then echo -e "${OK} ${GreenBG} 域名dns解析IP 与 本机IP 匹配 ${Font}" sleep 2 else echo -e "${Error} ${RedBG} 请确保域名添加了正确的 A 记录,否则将无法正常使用 V2ray ${Font}" echo -e "${Error} ${RedBG} 域名dns解析IP 与 本机IP 不匹配 是否继续安装?(y/n)${Font}" && read -r install case $install in [yY][eE][sS] | [yY]) echo -e "${GreenBG} 继续安装 ${Font}" sleep 2 ;; *) echo -e "${RedBG} 安装终止 ${Font}" exit 2 ;; esac fi } port_exist_check() { if [[ 0 -eq $(lsof -i:"$1" | grep -i -c "listen") ]]; then echo -e "${OK} ${GreenBG} $1 端口未被占用 ${Font}" sleep 1 else echo -e "${Error} ${RedBG} 检测到 $1 端口被占用,以下为 $1 端口占用信息 ${Font}" lsof -i:"$1" echo -e "${OK} ${GreenBG} 5s 后将尝试自动 kill 占用进程 ${Font}" sleep 5 lsof -i:"$1" | awk '{print $2}' | grep -v "PID" | xargs kill -9 echo -e "${OK} ${GreenBG} kill 完成 ${Font}" sleep 1 fi } acme() { if "$HOME"/.acme.sh/acme.sh --issue -d "${domain}" --standalone -k ec-256 --force --test; then echo -e "${OK} ${GreenBG} SSL 证书测试签发成功,开始正式签发 ${Font}" rm -rf "$HOME/.acme.sh/${domain}_ecc" sleep 2 else echo -e "${Error} ${RedBG} SSL 证书测试签发失败 ${Font}" rm -rf "$HOME/.acme.sh/${domain}_ecc" exit 1 fi if "$HOME"/.acme.sh/acme.sh --issue -d "${domain}" --standalone -k ec-256 --force; then echo -e "${OK} ${GreenBG} SSL 证书生成成功 ${Font}" sleep 2 mkdir /data if "$HOME"/.acme.sh/acme.sh --installcert -d "${domain}" --fullchainpath /data/v2ray.crt --keypath /data/v2ray.key --ecc --force; then echo -e "${OK} ${GreenBG} 证书配置成功 ${Font}" sleep 2 fi else echo -e "${Error} ${RedBG} SSL 证书生成失败 ${Font}" rm -rf "$HOME/.acme.sh/${domain}_ecc" exit 1 fi } v2ray_conf_add_tls() { cd /etc/v2ray || exit wget --no-check-certificate https://raw.githubusercontent.com/wulabing/V2Ray_ws-tls_bash_onekey/${github_branch}/tls/config.json -O config.json modify_path modify_alterid modify_inbound_port modify_UUID } v2ray_conf_add_h2() { cd /etc/v2ray || exit wget --no-check-certificate https://raw.githubusercontent.com/wulabing/V2Ray_ws-tls_bash_onekey/${github_branch}/http2/config.json -O config.json modify_path modify_alterid modify_inbound_port modify_UUID } old_config_exist_check() { if [[ -f $v2ray_qr_config_file ]]; then echo -e "${OK} ${GreenBG} 检测到旧配置文件,是否读取旧文件配置 [Y/N]? ${Font}" read -r ssl_delete case $ssl_delete in [yY][eE][sS] | [yY]) echo -e "${OK} ${GreenBG} 已保留旧配置 ${Font}" old_config_status="on" port=$(info_extraction '\"port\"') ;; *) rm -rf $v2ray_qr_config_file echo -e "${OK} ${GreenBG} 已删除旧配置 ${Font}" ;; esac fi } nginx_conf_add() { touch ${nginx_conf_dir}/v2ray.conf cat >${nginx_conf_dir}/v2ray.conf <> /etc/rc.local # systemctl start rc-local # fi # # judge "rc.local 配置" #} acme_cron_update() { wget -N -P /usr/bin --no-check-certificate "https://raw.githubusercontent.com/wulabing/V2Ray_ws-tls_bash_onekey/dev/ssl_update.sh" if [[ $(crontab -l | grep -c "ssl_update.sh") -lt 1 ]]; then if [[ "${ID}" == "centos" ]]; then # sed -i "/acme.sh/c 0 3 * * 0 \"/root/.acme.sh\"/acme.sh --cron --home \"/root/.acme.sh\" \ # &> /dev/null" /var/spool/cron/root sed -i "/acme.sh/c 0 3 * * 0 bash ${ssl_update_file}" /var/spool/cron/root else # sed -i "/acme.sh/c 0 3 * * 0 \"/root/.acme.sh\"/acme.sh --cron --home \"/root/.acme.sh\" \ # &> /dev/null" /var/spool/cron/crontabs/root sed -i "/acme.sh/c 0 3 * * 0 bash ${ssl_update_file}" /var/spool/cron/crontabs/root fi fi judge "cron 计划任务更新" } vmess_qr_config_tls_ws() { cat >$v2ray_qr_config_file <<-EOF { "v": "2", "ps": "wulabing_${domain}", "add": "${domain}", "port": "${port}", "id": "${UUID}", "aid": "${alterID}", "net": "ws", "type": "none", "host": "${domain}", "path": "${camouflage}", "tls": "tls" } EOF } vmess_qr_config_h2() { cat >$v2ray_qr_config_file <<-EOF { "v": "2", "ps": "wulabing_${domain}", "add": "${domain}", "port": "${port}", "id": "${UUID}", "aid": "${alterID}", "net": "h2", "type": "none", "path": "${camouflage}", "tls": "tls" } EOF } vmess_qr_link_image() { vmess_link="vmess://$(base64 -w 0 $v2ray_qr_config_file)" { echo -e "$Red 二维码: $Font" echo -n "${vmess_link}" | qrencode -o - -t utf8 echo -e "${Red} URL导入链接:${vmess_link} ${Font}" } >>"${v2ray_info_file}" } vmess_quan_link_image() { echo "$(info_extraction '\"ps\"') = vmess, $(info_extraction '\"add\"'), \ $(info_extraction '\"port\"'), chacha20-ietf-poly1305, "\"$(info_extraction '\"id\"')\"", over-tls=true, \ certificate=1, obfs=ws, obfs-path="\"$(info_extraction '\"path\"')\"", " > /tmp/vmess_quan.tmp vmess_link="vmess://$(base64 -w 0 /tmp/vmess_quan.tmp)" { echo -e "$Red 二维码: $Font" echo -n "${vmess_link}" | qrencode -o - -t utf8 echo -e "${Red} URL导入链接:${vmess_link} ${Font}" } >>"${v2ray_info_file}" } vmess_link_image_choice() { echo "请选择生成的链接种类" echo "1: V2RayNG/V2RayN" echo "2: quantumult" read -rp "请输入:" link_version [[ -z ${link_version} ]] && link_version=1 if [[ $link_version == 1 ]]; then vmess_qr_link_image elif [[ $link_version == 2 ]]; then vmess_quan_link_image else vmess_qr_link_image fi } info_extraction() { grep "$1" $v2ray_qr_config_file | awk -F '"' '{print $4}' } basic_information() { { echo -e "${OK} ${GreenBG} V2ray+ws+tls 安装成功" echo -e "${Red} V2ray 配置信息 ${Font}" echo -e "${Red} 地址(address):${Font} $(info_extraction '\"add\"') " echo -e "${Red} 端口(port):${Font} $(info_extraction '\"port\"') " echo -e "${Red} 用户id(UUID):${Font} $(info_extraction '\"id\"')" echo -e "${Red} 额外id(alterId):${Font} $(info_extraction '\"aid\"')" echo -e "${Red} 加密方式(security):${Font} 自适应 " echo -e "${Red} 传输协议(network):${Font} $(info_extraction '\"net\"') " echo -e "${Red} 伪装类型(type):${Font} none " echo -e "${Red} 路径(不要落下/):${Font} $(info_extraction '\"path\"') " echo -e "${Red} 底层传输安全:${Font} tls " } >"${v2ray_info_file}" } show_information() { cat "${v2ray_info_file}" green "免费爬虫网址:在浏览器打开 $domain/free 即可" green "注意:爬虫工具没有配置开机自启,重启后需要手动启动。 使用如下命令启动" red "nohup /root/free/proxypool -c config.yaml >/dev/null 2>/dev/null &" } ssl_judge_and_install() { if [[ -f "/data/v2ray.key" || -f "/data/v2ray.crt" ]]; then echo "/data 目录下证书文件已存在" echo -e "${OK} ${GreenBG} 是否删除 [Y/N]? ${Font}" read -r ssl_delete case $ssl_delete in [yY][eE][sS] | [yY]) rm -rf /data/* echo -e "${OK} ${GreenBG} 已删除 ${Font}" ;; *) ;; esac fi if [[ -f "/data/v2ray.key" || -f "/data/v2ray.crt" ]]; then echo "证书文件已存在" elif [[ -f "$HOME/.acme.sh/${domain}_ecc/${domain}.key" && -f "$HOME/.acme.sh/${domain}_ecc/${domain}.cer" ]]; then echo "证书文件已存在" "$HOME"/.acme.sh/acme.sh --installcert -d "${domain}" --fullchainpath /data/v2ray.crt --keypath /data/v2ray.key --ecc judge "证书应用" else ssl_install acme fi } nginx_systemd() { cat >$nginx_systemd_file </dev/null 2>&1 [[ -d $HOME/.acme.sh ]] && rm -rf "$HOME/.acme.sh" echo -e "${OK} ${GreenBG} 已清空证书遗留文件 ${Font}" } judge_mode() { if [ -f $v2ray_bin_dir/v2ray ] || [ -f $v2ray_bin_dir_old/v2ray ]; then if grep -q "ws" $v2ray_qr_config_file; then shell_mode="ws" elif grep -q "h2" $v2ray_qr_config_file; then shell_mode="h2" fi fi } download_pc(){ echo green "===============" green " 1.安装爬虫" green "===============" sleep 1 cd /root mkdir free cd /root/free wget https://github.com/Sansui233/proxypool/releases/download/v0.6.0/proxypool-linux-amd64-v0.6.0.gz gzip -d proxypool-linux-amd64-v0.6.0.gz mv proxypool-linux-amd64-v0.6.0 proxypool chmod 755 proxypool wget https://raw.githubusercontent.com/lanhebe/proxypool/master/config.yaml wget https://raw.githubusercontent.com/lanhebe/proxypool/master/source.yaml cat > ./config.yaml <<-EOF domain: $domain port: # default 12580 # source list file source-files: # use local file - ./source.yaml # use web file # - https://example.com/config/source.yaml # ======= 可选项,留空使用default值 ======= # postgresql database info database_url: "" # interval between each crawling crawl-interval: # v0.5.x default 60 (minutes) crontime: # v0.4.x default 60 (minutes). Deprecated in the newest version # speed test speedtest: false # default false. Warning: this will consume large network resources. speedtest-interval: # default 720 (min) connection: # default 5. The number of speed test connections simultaneously timeout: # default 10 (seconds). ## active proxy speed test active-interval: # default 60 (min) active-frequency: # default 100 (requests per interval) active-max-number: # default 100. If more than this number of active proxies, the extra will be deprecated by speed # cloudflare api cf_email: "" cf_key: "" EOF nohup ./proxypool -c config.yaml >/dev/null 2>/dev/null & } last_config() { sed -i "s:root /home/wwwroot/3DCEList:root /usr/share/nginx/html:g" /etc/nginx/conf/conf.d/v2ray.conf sed -i 's/index index.html index.htm/index index.php index.html index.htm/g' /etc/nginx/conf/conf.d/v2ray.conf sed -i '11a location ~ \.php$ {' /etc/nginx/conf/conf.d/v2ray.conf sed -i '12a fastcgi_pass 127.0.0.1:9000;' /etc/nginx/conf/conf.d/v2ray.conf sed -i '13a fastcgi_param SCRIPT_FILENAME /usr/share/nginx/html$fastcgi_script_name;' /etc/nginx/conf/conf.d/v2ray.conf sed -i '14a fastcgi_index index.php;' /etc/nginx/conf/conf.d/v2ray.conf sed -i '15a include fastcgi_params;' /etc/nginx/conf/conf.d/v2ray.conf sed -i '16a }' /etc/nginx/conf/conf.d/v2ray.conf sed -i '11a location /free/ { \ proxy_pass http://127.0.0.1:12580/;\ }' /etc/nginx/conf/conf.d/v2ray.conf systemctl restart nginx.service } install_v2ray_ws_tls() { is_root check_system chrony_install dependency_install basic_optimization domain_check old_config_exist_check port_alterid_set v2ray_install port_exist_check 80 port_exist_check "${port}" nginx_exist_check v2ray_conf_add_tls nginx_conf_add web_camouflage ssl_judge_and_install nginx_systemd vmess_qr_config_tls_ws basic_information vmess_link_image_choice tls_type show_information start_process_systemd enable_process_systemd acme_cron_update install_wordpress download_pc last_config show_information } install_v2_h2() { is_root check_system chrony_install dependency_install basic_optimization domain_check old_config_exist_check port_alterid_set v2ray_install port_exist_check 80 port_exist_check "${port}" v2ray_conf_add_h2 ssl_judge_and_install vmess_qr_config_h2 basic_information vmess_qr_link_image show_information start_process_systemd enable_process_systemd } update_sh() { ol_version=$(curl -L -s https://raw.githubusercontent.com/wulabing/V2Ray_ws-tls_bash_onekey/${github_branch}/install.sh | grep "shell_version=" | head -1 | awk -F '=|"' '{print $3}') echo "$ol_version" >$version_cmp echo "$shell_version" >>$version_cmp if [[ "$shell_version" < "$(sort -rV $version_cmp | head -1)" ]]; then echo -e "${OK} ${GreenBG} 存在新版本,是否更新 [Y/N]? ${Font}" read -r update_confirm case $update_confirm in [yY][eE][sS] | [yY]) wget -N --no-check-certificate https://raw.githubusercontent.com/wulabing/V2Ray_ws-tls_bash_onekey/${github_branch}/install.sh echo -e "${OK} ${GreenBG} 更新完成 ${Font}" exit 0 ;; *) ;; esac else echo -e "${OK} ${GreenBG} 当前版本为最新版本 ${Font}" fi } maintain() { echo -e "${RedBG}该选项暂时无法使用${Font}" echo -e "${RedBG}$1${Font}" exit 0 } list() { case $1 in tls_modify) tls_type ;; uninstall) uninstall_all ;; crontab_modify) acme_cron_update ;; boost) bbr_boost_sh ;; *) menu ;; esac } menu() { update_sh echo -e "\t V2ray 安装管理脚本 ${Red}[${shell_version}]${Font}" echo -e "\t---authored by wulabing---" echo -e "\thttps://github.com/wulabing\n" echo -e "当前已安装版本:${shell_mode}\n" echo -e "—————————————— 安装向导 ——————————————""" echo -e "${Green}1.${Font} 安装 V2Ray (Nginx+ws+tls+wordpress+节点爬虫)" echo -e "${Green}3.${Font} 升级 V2Ray core" echo -e "—————————————— 配置变更 ——————————————" echo -e "${Green}4.${Font} 变更 UUID" echo -e "${Green}5.${Font} 变更 alterid" echo -e "${Green}6.${Font} 变更 port" echo -e "${Green}7.${Font} 变更 TLS 版本(仅ws+tls有效)" echo -e "—————————————— 查看信息 ——————————————" echo -e "${Green}8.${Font} 查看 实时访问日志" echo -e "${Green}9.${Font} 查看 实时错误日志" echo -e "${Green}10.${Font} 查看 V2Ray 配置信息" echo -e "—————————————— 其他选项 ——————————————" echo -e "${Green}11.${Font} 安装 4合1 bbr 锐速安装脚本" echo -e "${Green}12.${Font} 安装 MTproxy(支持TLS混淆)" echo -e "${Green}13.${Font} 证书 有效期更新" echo -e "${Green}14.${Font} 卸载 V2Ray" echo -e "${Green}15.${Font} 更新 证书crontab计划任务" echo -e "${Green}16.${Font} 清空 证书遗留文件" echo -e "${Green}17.${Font} 退出 \n" read -rp "请输入数字:" menu_num case $menu_num in 1) shell_mode="ws" install_v2ray_ws_tls ;; 2) shell_mode="h2" install_v2_h2 ;; 3) bash <(curl -L -s https://raw.githubusercontent.com/wulabing/V2Ray_ws-tls_bash_onekey/${github_branch}/v2ray.sh) ;; 4) read -rp "请输入UUID:" UUID modify_UUID start_process_systemd ;; 5) read -rp "请输入alterID:" alterID modify_alterid start_process_systemd ;; 6) read -rp "请输入连接端口:" port if grep -q "ws" $v2ray_qr_config_file; then modify_nginx_port elif grep -q "h2" $v2ray_qr_config_file; then modify_inbound_port fi start_process_systemd ;; 7) tls_type ;; 8) show_access_log ;; 9) show_error_log ;; 10) basic_information if [[ $shell_mode == "ws" ]]; then vmess_link_image_choice else vmess_qr_link_image fi show_information ;; 11) bbr_boost_sh ;; 12) mtproxy_sh ;; 13) stop_process_systemd ssl_update_manuel start_process_systemd ;; 14) uninstall_all ;; 15) acme_cron_update ;; 16) delete_tls_key_and_crt ;; 17) exit 0 ;; *) echo -e "${RedBG}请输入正确的数字${Font}" ;; esac } judge_mode list "$1"