From 88e64d5fd8836ab5840c335cb77effd497658094 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E5=A4=A9=E5=B7=A5=E5=BC=80=E7=89=A9?= <59247295+heidongwang@users.noreply.github.com> Date: Sun, 23 Feb 2020 14:45:20 +0800 Subject: [PATCH] =?UTF-8?q?=E8=A1=A5=E5=85=85?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- trojan4balance.sh | 243 ++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 243 insertions(+) create mode 100644 trojan4balance.sh diff --git a/trojan4balance.sh b/trojan4balance.sh new file mode 100644 index 0000000..7276cfa --- /dev/null +++ b/trojan4balance.sh @@ -0,0 +1,243 @@ +#!/bin/bash + +blue(){ + echo -e "\033[34m\033[01m$1\033[0m" +} +green(){ + echo -e "\033[32m\033[01m$1\033[0m" +} +red(){ + echo -e "\033[31m\033[01m$1\033[0m" +} +if [[ -f /etc/redhat-release ]]; then + release="centos" + systemPackage="yum" + systempwd="/usr/lib/systemd/system/" +elif cat /etc/issue | grep -Eqi "debian"; then + release="debian" + systemPackage="apt-get" + systempwd="/lib/systemd/system/" +elif cat /etc/issue | grep -Eqi "ubuntu"; then + release="ubuntu" + systemPackage="apt-get" + systempwd="/lib/systemd/system/" +elif cat /etc/issue | grep -Eqi "centos|red hat|redhat"; then + release="centos" + systemPackage="yum" + systempwd="/usr/lib/systemd/system/" +elif cat /proc/version | grep -Eqi "debian"; then + release="debian" + systemPackage="apt-get" + systempwd="/lib/systemd/system/" +elif cat /proc/version | grep -Eqi "ubuntu"; then + release="ubuntu" + systemPackage="apt-get" + systempwd="/lib/systemd/system/" +elif cat /proc/version | grep -Eqi "centos|red hat|redhat"; then + release="centos" + systemPackage="yum" + systempwd="/usr/lib/systemd/system/" +fi + +$systemPackage -y install net-tools +Port80=`netstat -tlpn | awk -F '[: ]+' '$1=="tcp"{print $5}' | grep -w 80` +Port443=`netstat -tlpn | awk -F '[: ]+' '$1=="tcp"{print $5}' | grep -w 443` +if [ -n "$Port443" ]; then + process443=`netstat -tlpn | awk -F '[: ]+' '$5=="443"{print $9}'` + red "=============================================================" + red "检测到443端口被占用,占用进程为:${process443},本次安装结束" + red "=============================================================" + exit 1 +fi +if [ -n "$Port80" ]; then + process80=`netstat -tlpn | awk -F '[: ]+' '$5=="80"{print $9}'` + red "=============================================================" + red "检测到80端口被占用,占用进程为:${process80},本次安装结束" + red "=============================================================" + exit 1 +fi +CHECK=$(grep SELINUX= /etc/selinux/config | grep -v "#") +if [ "$CHECK" == "SELINUX=enforcing" ]; then + red "=======================================================================" + red "检测到SELinux为开启状态,为防止申请证书失败,请先重启VPS后,再执行本脚本" + red "=======================================================================" + read -p "是否现在重启 ?请输入 [Y/n] :" yn + [ -z "${yn}" ] && yn="y" + if [[ $yn == [Yy] ]]; then + sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config + setenforce 0 + echo -e "VPS 重启中..." + reboot + fi + exit +fi +if [ "$CHECK" == "SELINUX=permissive" ]; then + red "=======================================================================" + red "检测到SELinux为宽容状态,为防止申请证书失败,请先重启VPS后,再执行本脚本" + red "=======================================================================" + read -p "是否现在重启 ?请输入 [Y/n] :" yn + [ -z "${yn}" ] && yn="y" + if [[ $yn == [Yy] ]]; then + sed -i 's/SELINUX=permissive/SELINUX=disabled/g' /etc/selinux/config + setenforce 0 + echo -e "VPS 重启中..." + reboot + fi + exit +fi +if [ "$release" == "centos" ]; then + if [ -n "$(grep ' 6\.' /etc/redhat-release)" ] ;then + red "===============" + red "当前系统不受支持" + red "===============" + exit + fi + if [ -n "$(grep ' 5\.' /etc/redhat-release)" ] ;then + red "===============" + red "当前系统不受支持" + red "===============" + exit + fi + systemctl stop firewalld + systemctl disable firewalld + rpm -Uvh http://nginx.org/packages/centos/7/noarch/RPMS/nginx-release-centos-7-0.el7.ngx.noarch.rpm +elif [ "$release" == "ubuntu" ]; then + if [ -n "$(grep ' 14\.' /etc/os-release)" ] ;then + red "===============" + red "当前系统不受支持" + red "===============" + exit + fi + if [ -n "$(grep ' 12\.' /etc/os-release)" ] ;then + red "===============" + red "当前系统不受支持" + red "===============" + exit + fi + systemctl stop ufw + systemctl disable ufw + apt-get update +fi +$systemPackage -y install nginx wget unzip zip curl tar socat >/dev/null 2>&1 +systemctl enable nginx +systemctl stop nginx +cat > /etc/nginx/nginx.conf <<-EOF +user root; +worker_processes 1; +error_log /var/log/nginx/error.log warn; +pid /var/run/nginx.pid; +events { + worker_connections 1024; +} +http { + include /etc/nginx/mime.types; + default_type application/octet-stream; + log_format main '\$remote_addr - \$remote_user [\$time_local] "\$request" ' + '\$status \$body_bytes_sent "\$http_referer" ' + '"\$http_user_agent" "\$http_x_forwarded_for"'; + access_log /var/log/nginx/access.log main; + sendfile on; + #tcp_nopush on; + keepalive_timeout 120; + client_max_body_size 20m; + #gzip on; + server { + listen 7777; + server_name $1; + root /usr/share/nginx/html; + index index.php index.html index.htm; + } +} +EOF + +#设置伪装站 +mkdir /usr/share/nginx/html +rm -rf /usr/share/nginx/html/* +cd /usr/share/nginx/html/ +wget https://github.com/atrandys/v2ray-ws-tls/raw/master/web.zip +unzip web.zip +systemctl start nginx + +#申请https证书 +mkdir /usr/src/trojan-cert +curl https://get.acme.sh | sh +~/.acme.sh/acme.sh --issue -d $1 --standalone +~/.acme.sh/acme.sh --installcert -d $1 \ +--key-file /usr/src/trojan-cert/private.key \ +--fullchain-file /usr/src/trojan-cert/fullchain.cer +if test -s /usr/src/trojan-cert/fullchain.cer; then + cd /usr/src + #wget https://github.com/trojan-gfw/trojan/releases/download/v1.13.0/trojan-1.13.0-linux-amd64.tar.xz + wget https://api.github.com/repos/trojan-gfw/trojan/releases/latest + latest_version=`grep tag_name latest| awk -F '[:,"v]' '{print $6}'` + wget https://github.com/trojan-gfw/trojan/releases/download/v${latest_version}/trojan-${latest_version}-linux-amd64.tar.xz + tar xf trojan-${latest_version}-linux-amd64.tar.xz + #trojan_passwd=$(cat /dev/urandom | head -1 | md5sum | head -c 8) + rm -rf /usr/src/trojan/server.conf + cat > /usr/src/trojan/server.conf <<-EOF +{ + "run_type": "server", + "local_addr": "0.0.0.0", + "local_port": 443, + "remote_addr": "127.0.0.1", + "remote_port": 7777, + "password": [ + "$2" + ], + "log_level": 1, + "ssl": { + "cert": "/usr/src/trojan-cert/fullchain.cer", + "key": "/usr/src/trojan-cert/private.key", + "key_password": "", + "cipher_tls13":"TLS_AES_128_GCM_SHA256:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384", + "prefer_server_cipher": true, + "alpn": [ + "http/1.1" + ], + "reuse_session": true, + "session_ticket": false, + "session_timeout": 600, + "plain_http_response": "", + "curves": "", + "dhparam": "" + }, + "tcp": { + "no_delay": true, + "keep_alive": true, + "fast_open": false, + "fast_open_qlen": 20 + } +} +EOF + +#增加启动脚本 + + cat > ${systempwd}trojan.service <<-EOF +[Unit] +Description=trojan +After=network.target + +[Service] +Type=simple +PIDFile=/usr/src/trojan/trojan/trojan.pid +ExecStart=/usr/src/trojan/trojan -c "/usr/src/trojan/server.conf" +ExecReload= +ExecStop=/usr/src/trojan/trojan +PrivateTmp=true + +[Install] +WantedBy=multi-user.target +EOF + + chmod +x ${systempwd}trojan.service + systemctl start trojan.service + systemctl enable trojan.service + green "===============" + green "Trojan已安装完成" + green "===============" +else + red "===================================" + red "https证书没有申请成果,自动安装失败" + green "不要担心,你可以手动修复证书申请" + red "===================================" +fi