forked from atrandys/v2ray-ws-tls
-
Notifications
You must be signed in to change notification settings - Fork 0
/
v2ray_ws_tls.sh
263 lines (240 loc) · 7.03 KB
/
v2ray_ws_tls.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
#!/bin/bash
#判断系统
if [ ! -e '/etc/redhat-release' ]; then
echo "仅支持centos7"
exit
fi
if [ -n "$(grep ' 6\.' /etc/redhat-release)" ] ;then
echo "仅支持centos7"
exit
fi
CHECK=$(grep SELINUX= /etc/selinux/config | grep -v "#")
if [ "$CHECK" == "SELINUX=enforcing" ]; then
sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config
setenforce 0
fi
if [ "$CHECK" == "SELINUX=permissive" ]; then
sed -i 's/SELINUX=permissive/SELINUX=disabled/g' /etc/selinux/config
setenforce 0
fi
function blue(){
echo -e "\033[34m\033[01m $1 \033[0m"
}
function green(){
echo -e "\033[32m\033[01m $1 \033[0m"
}
function red(){
echo -e "\033[31m\033[01m $1 \033[0m"
}
function yellow(){
echo -e "\033[33m\033[01m $1 \033[0m"
}
#安装nginx
install_nginx(){
systemctl stop firewalld
systemctl disable firewalld
yum install -y libtool perl-core zlib-devel gcc wget pcre* unzip
wget https://www.openssl.org/source/openssl-1.1.1a.tar.gz
tar xzvf openssl-1.1.1a.tar.gz
mkdir /etc/nginx
mkdir /etc/nginx/ssl
mkdir /etc/nginx/conf.d
wget https://nginx.org/download/nginx-1.15.8.tar.gz
tar xf nginx-1.15.8.tar.gz && rm nginx-1.15.8.tar.gz
cd nginx-1.15.8
./configure --prefix=/etc/nginx --with-openssl=../openssl-1.1.1a --with-openssl-opt='enable-tls1_3' --with-http_v2_module --with-http_ssl_module --with-http_gzip_static_module --with-http_stub_status_module --with-http_sub_module --with-stream --with-stream_ssl_module
make && make install
green "======================"
green " 输入解析到此VPS的域名"
green "======================"
read domain
cat > /etc/nginx/conf/nginx.conf <<-EOF
user root;
worker_processes 1;
error_log /etc/nginx/logs/error.log warn;
pid /etc/nginx/logs/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/conf/mime.types;
default_type application/octet-stream;
log_format main '\$remote_addr - \$remote_user [\$time_local] "\$request" '
'\$status \$body_bytes_sent "\$http_referer" '
'"\$http_user_agent" "\$http_x_forwarded_for"';
access_log /etc/nginx/logs/access.log main;
sendfile on;
#tcp_nopush on;
keepalive_timeout 120;
client_max_body_size 20m;
#gzip on;
include /etc/nginx/conf.d/*.conf;
}
EOF
cat > /etc/nginx/conf.d/default.conf<<-EOF
server {
listen 80;
server_name $domain;
root /etc/nginx/html;
index index.php index.html index.htm;
location / {
try_files \$uri \$uri/ /index.php?\$args;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /etc/nginx/html;
}
}
EOF
/etc/nginx/sbin/nginx
curl https://get.acme.sh | sh
~/.acme.sh/acme.sh --issue -d $domain --webroot /etc/nginx/html/
~/.acme.sh/acme.sh --installcert -d $domain \
--key-file /etc/nginx/ssl/$domain.key \
--fullchain-file /etc/nginx/ssl/fullchain.cer \
--reloadcmd "/etc/nginx/sbin/nginx -s reload"
cat > /etc/nginx/conf.d/default.conf<<-EOF
server {
listen 80;
server_name $domain;
rewrite ^(.*)$ https://\$host\$1 permanent;
}
server {
listen 443 ssl http2;
server_name $domain;
root /etc/nginx/html;
index index.php index.html;
ssl_certificate /etc/nginx/ssl/fullchain.cer;
ssl_certificate_key /etc/nginx/ssl/$domain.key;
#TLS 版本控制
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
ssl_ciphers 'TLS13-AES-256-GCM-SHA384:TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-128-GCM-SHA256:TLS13-AES-128-CCM-8-SHA256:TLS13-AES-128-CCM-SHA256:EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+ECDSA+AES128:EECDH+aRSA+AES128:RSA+AES128:EECDH+ECDSA+AES256:EECDH+aRSA+AES256:RSA+AES256:EECDH+ECDSA+3DES:EECDH+aRSA+3DES:RSA+3DES:!MD5';
ssl_prefer_server_ciphers on;
# 开启 1.3 0-RTT
ssl_early_data on;
ssl_stapling on;
ssl_stapling_verify on;
#add_header Strict-Transport-Security "max-age=31536000";
#access_log /var/log/nginx/access.log combined;
location /mypath {
proxy_redirect off;
proxy_pass http://127.0.0.1:11234;
proxy_http_version 1.1;
proxy_set_header Upgrade \$http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host \$http_host;
}
location / {
try_files \$uri \$uri/ /index.php?\$args;
}
}
EOF
}
#安装v2ray
install_v2ray(){
yum install -y wget
bash <(curl -L -s https://install.direct/go.sh)
cd /etc/v2ray/
rm -f config.json
wget https://raw.githubusercontent.com/atrandys/v2ray-ws-tls/master/config.json
v2uuid=$(cat /proc/sys/kernel/random/uuid)
sed -i "s/aaaa/$v2uuid/;" config.json
newpath=$(cat /dev/urandom | head -1 | md5sum | head -c 4)
sed -i "s/mypath/$newpath/;" config.json
sed -i "s/mypath/$newpath/;" /etc/nginx/conf.d/default.conf
cd /etc/nginx/html
rm -f /etc/nginx/html/*
wget https://github.com/atrandys/v2ray-ws-tls/raw/master/web.zip
unzip web.zip
/etc/nginx/sbin/nginx -s stop
/etc/nginx/sbin/nginx
systemctl restart v2ray.service
#增加自启动脚本
cat > /etc/rc.d/init.d/autov2ray<<-EOF
#!/bin/sh
#chkconfig: 2345 80 90
#description:autov2ray
/etc/nginx/sbin/nginx
EOF
#设置脚本权限
chmod +x /etc/rc.d/init.d/autov2ray
chkconfig --add autov2ray
chkconfig autov2ray on
cat > /etc/v2ray/myconfig.json<<-EOF
{
===========配置参数=============
地址:${domain}
端口:443
uuid:${v2uuid}
额外id:64
加密方式:aes-128-gcm
传输协议:ws
别名:myws
路径:${newpath}
底层传输:tls
}
EOF
clear
green
green "安装已经完成"
green
green "===========配置参数============"
green "地址:${domain}"
green "端口:443"
green "uuid:${v2uuid}"
green "额外id:64"
green "加密方式:aes-128-gcm"
green "传输协议:ws"
green "别名:myws"
green "路径:${newpath}"
green "底层传输:tls"
green
}
remove_v2ray(){
/etc/nginx/sbin/nginx -s stop
systemctl stop v2ray.service
systemctl disable v2ray.service
rm -rf /usr/bin/v2ray /etc/v2ray
rm -rf /etc/v2ray
rm -rf /etc/nginx
green "nginx、v2ray已删除"
}
start_menu(){
clear
green " ===================================="
green " 介绍:一键安装v2ray+ws+tls "
green " 系统:centos7 "
green " 作者:atrandys "
green " 网站:www.atrandys.com "
green " Youtube:atrandys "
green " ===================================="
echo
green " 1. 安装v2ray+ws+tls"
green " 2. 升级v2ray"
red " 3. 卸载v2ray"
yellow " 0. 退出脚本"
echo
read -p "请输入数字:" num
case "$num" in
1)
install_nginx
install_v2ray
;;
2)
bash <(curl -L -s https://install.direct/go.sh)
;;
3)
remove_v2ray
;;
0)
exit 1
;;
*)
clear
red "请输入正确数字"
sleep 2s
start_menu
;;
esac
}
start_menu