补充

chawaa · Feb 23, 2020 · 88e64d5 · 88e64d5
1 parent 33081a6
commit 88e64d5
Showing 1 changed file with 243 additions and 0 deletions.
diff --git a/trojan4balance.sh b/trojan4balance.sh
@@ -0,0 +1,243 @@
+#!/bin/bash
+
+blue(){
+    echo -e "\033[34m\033[01m$1\033[0m"
+}
+green(){
+    echo -e "\033[32m\033[01m$1\033[0m"
+}
+red(){
+    echo -e "\033[31m\033[01m$1\033[0m"
+}
+if [[ -f /etc/redhat-release ]]; then
+    release="centos"
+    systemPackage="yum"
+    systempwd="/usr/lib/systemd/system/"
+elif cat /etc/issue | grep -Eqi "debian"; then
+    release="debian"
+    systemPackage="apt-get"
+    systempwd="/lib/systemd/system/"
+elif cat /etc/issue | grep -Eqi "ubuntu"; then
+    release="ubuntu"
+    systemPackage="apt-get"
+    systempwd="/lib/systemd/system/"
+elif cat /etc/issue | grep -Eqi "centos|red hat|redhat"; then
+    release="centos"
+    systemPackage="yum"
+    systempwd="/usr/lib/systemd/system/"
+elif cat /proc/version | grep -Eqi "debian"; then
+    release="debian"
+    systemPackage="apt-get"
+    systempwd="/lib/systemd/system/"
+elif cat /proc/version | grep -Eqi "ubuntu"; then
+    release="ubuntu"
+    systemPackage="apt-get"
+    systempwd="/lib/systemd/system/"
+elif cat /proc/version | grep -Eqi "centos|red hat|redhat"; then
+    release="centos"
+    systemPackage="yum"
+    systempwd="/usr/lib/systemd/system/"
+fi
+
+$systemPackage -y install net-tools
+Port80=`netstat -tlpn | awk -F '[: ]+' '$1=="tcp"{print $5}' | grep -w 80`
+Port443=`netstat -tlpn | awk -F '[: ]+' '$1=="tcp"{print $5}' | grep -w 443`
+if [ -n "$Port443" ]; then
+    process443=`netstat -tlpn | awk -F '[: ]+' '$5=="443"{print $9}'`
+    red "============================================================="
+    red "检测到443端口被占用，占用进程为：${process443}，本次安装结束"
+    red "============================================================="
+    exit 1
+fi
+if [ -n "$Port80" ]; then
+    process80=`netstat -tlpn | awk -F '[: ]+' '$5=="80"{print $9}'`
+    red "============================================================="
+    red "检测到80端口被占用，占用进程为：${process80}，本次安装结束"
+    red "============================================================="
+    exit 1
+fi
+CHECK=$(grep SELINUX= /etc/selinux/config | grep -v "#")
+if [ "$CHECK" == "SELINUX=enforcing" ]; then
+    red "======================================================================="
+    red "检测到SELinux为开启状态，为防止申请证书失败，请先重启VPS后，再执行本脚本"
+    red "======================================================================="
+    read -p "是否现在重启 ?请输入 [Y/n] :" yn
+	[ -z "${yn}" ] && yn="y"
+	if [[ $yn == [Yy] ]]; then
+	    sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config
+            setenforce 0
+	    echo -e "VPS 重启中..."
+	    reboot
+	fi
+    exit
+fi
+if [ "$CHECK" == "SELINUX=permissive" ]; then
+    red "======================================================================="
+    red "检测到SELinux为宽容状态，为防止申请证书失败，请先重启VPS后，再执行本脚本"
+    red "======================================================================="
+    read -p "是否现在重启 ?请输入 [Y/n] :" yn
+	[ -z "${yn}" ] && yn="y"
+	if [[ $yn == [Yy] ]]; then
+	    sed -i 's/SELINUX=permissive/SELINUX=disabled/g' /etc/selinux/config
+            setenforce 0
+	    echo -e "VPS 重启中..."
+	    reboot
+	fi
+    exit
+fi
+if [ "$release" == "centos" ]; then
+    if  [ -n "$(grep ' 6\.' /etc/redhat-release)" ] ;then
+    red "==============="
+    red "当前系统不受支持"
+    red "==============="
+    exit
+    fi
+    if  [ -n "$(grep ' 5\.' /etc/redhat-release)" ] ;then
+    red "==============="
+    red "当前系统不受支持"
+    red "==============="
+    exit
+    fi
+    systemctl stop firewalld
+    systemctl disable firewalld
+    rpm -Uvh http://nginx.org/packages/centos/7/noarch/RPMS/nginx-release-centos-7-0.el7.ngx.noarch.rpm
+elif [ "$release" == "ubuntu" ]; then
+    if  [ -n "$(grep ' 14\.' /etc/os-release)" ] ;then
+    red "==============="
+    red "当前系统不受支持"
+    red "==============="
+    exit
+    fi
+    if  [ -n "$(grep ' 12\.' /etc/os-release)" ] ;then
+    red "==============="
+    red "当前系统不受支持"
+    red "==============="
+    exit
+    fi
+    systemctl stop ufw
+    systemctl disable ufw
+    apt-get update
+fi
+$systemPackage -y install  nginx wget unzip zip curl tar socat >/dev/null 2>&1
+systemctl enable nginx
+systemctl stop nginx
+cat > /etc/nginx/nginx.conf <<-EOF
+user  root;
+worker_processes  1;
+error_log  /var/log/nginx/error.log warn;
+pid        /var/run/nginx.pid;
+events {
+    worker_connections  1024;
+}
+http {
+    include       /etc/nginx/mime.types;
+    default_type  application/octet-stream;
+    log_format  main  '\$remote_addr - \$remote_user [\$time_local] "\$request" '
+                      '\$status \$body_bytes_sent "\$http_referer" '
+                      '"\$http_user_agent" "\$http_x_forwarded_for"';
+    access_log  /var/log/nginx/access.log  main;
+    sendfile        on;
+    #tcp_nopush     on;
+    keepalive_timeout  120;
+    client_max_body_size 20m;
+    #gzip  on;
+    server {
+        listen       7777;
+        server_name  $1;
+        root /usr/share/nginx/html;
+        index index.php index.html index.htm;
+    }
+}
+EOF
+
+#设置伪装站
+mkdir /usr/share/nginx/html
+rm -rf /usr/share/nginx/html/*
+cd /usr/share/nginx/html/
+wget https://github.com/atrandys/v2ray-ws-tls/raw/master/web.zip
+unzip web.zip
+systemctl start nginx
+
+#申请https证书
+mkdir /usr/src/trojan-cert
+curl https://get.acme.sh | sh
+~/.acme.sh/acme.sh --issue -d $1 --standalone
+~/.acme.sh/acme.sh  --installcert  -d  $1   \
+--key-file   /usr/src/trojan-cert/private.key \
+--fullchain-file /usr/src/trojan-cert/fullchain.cer
+if test -s /usr/src/trojan-cert/fullchain.cer; then
+    cd /usr/src
+    #wget https://github.com/trojan-gfw/trojan/releases/download/v1.13.0/trojan-1.13.0-linux-amd64.tar.xz
+    wget https://api.github.com/repos/trojan-gfw/trojan/releases/latest
+    latest_version=`grep tag_name latest| awk -F '[:,"v]' '{print $6}'`
+    wget https://github.com/trojan-gfw/trojan/releases/download/v${latest_version}/trojan-${latest_version}-linux-amd64.tar.xz
+    tar xf trojan-${latest_version}-linux-amd64.tar.xz
+    #trojan_passwd=$(cat /dev/urandom | head -1 | md5sum | head -c 8)
+    rm -rf /usr/src/trojan/server.conf
+    cat > /usr/src/trojan/server.conf <<-EOF
+{
+    "run_type": "server",
+    "local_addr": "0.0.0.0",
+    "local_port": 443,
+    "remote_addr": "127.0.0.1",
+    "remote_port": 7777,
+    "password": [
+        "$2"
+    ],
+    "log_level": 1,
+    "ssl": {
+        "cert": "/usr/src/trojan-cert/fullchain.cer",
+        "key": "/usr/src/trojan-cert/private.key",
+        "key_password": "",
+        "cipher_tls13":"TLS_AES_128_GCM_SHA256:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384",
+	"prefer_server_cipher": true,
+        "alpn": [
+            "http/1.1"
+        ],
+        "reuse_session": true,
+        "session_ticket": false,
+        "session_timeout": 600,
+        "plain_http_response": "",
+        "curves": "",
+        "dhparam": ""
+    },
+    "tcp": {
+        "no_delay": true,
+        "keep_alive": true,
+        "fast_open": false,
+        "fast_open_qlen": 20
+    }
+}
+EOF
+
+#增加启动脚本
+
+    cat > ${systempwd}trojan.service <<-EOF
+[Unit]  
+Description=trojan  
+After=network.target  
+   
+[Service]  
+Type=simple  
+PIDFile=/usr/src/trojan/trojan/trojan.pid
+ExecStart=/usr/src/trojan/trojan -c "/usr/src/trojan/server.conf"  
+ExecReload=  
+ExecStop=/usr/src/trojan/trojan  
+PrivateTmp=true  
+   
+[Install]  
+WantedBy=multi-user.target
+EOF
+
+    chmod +x ${systempwd}trojan.service
+    systemctl start trojan.service 
+    systemctl enable trojan.service 
+    green "==============="
+    green "Trojan已安装完成"
+    green "==============="
+else
+    red "==================================="
+    red "https证书没有申请成果，自动安装失败" 
+    green "不要担心，你可以手动修复证书申请"
+    red "==================================="
+fi