From 9645e785682c95c6f54cc77828639d83b7172456 Mon Sep 17 00:00:00 2001 From: zhangyang Date: Thu, 14 May 2026 20:58:51 +0000 Subject: [PATCH] =?UTF-8?q?=E6=B7=BB=E5=8A=A0=20install.sh?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- install.sh | 725 +++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 725 insertions(+) create mode 100644 install.sh diff --git a/install.sh b/install.sh new file mode 100644 index 0000000..5fa3cab --- /dev/null +++ b/install.sh @@ -0,0 +1,725 @@ +#!/bin/bash +# ================================================================ +# 🚀 终极四合一 代理管理面板 克劳德魔改版 +# 支持 amd64 / arm64,Ubuntu / Debian / CentOS +# 集成: Xray(Vision/Reality) + NaïveProxy + Sing-box(SS-TLS) + AnyTLS +# ================================================================ + +RED='\033[0;31m' +GREEN='\033[0;32m' +YELLOW='\033[1;33m' +BLUE='\033[0;34m' +CYAN='\033[0;36m' +NC='\033[0m' + +print_info() { echo -e "${BLUE}[信息]${NC} $1"; } +print_success() { echo -e "${GREEN}[成功]${NC} $1"; } +print_warning() { echo -e "${YELLOW}[警告]${NC} $1"; } +print_error() { echo -e "${RED}[错误]${NC} $1"; } +step() { echo -e "${CYAN} ▶ $1${NC}"; } + +askline() { + local prompt="$1" + local varname="$2" + echo -e -n "${YELLOW} ➤ ${prompt}${NC} " + read -r "$varname" +} + +check_root() { + if [[ $EUID -ne 0 ]]; then + print_error "请使用 root 权限运行此脚本 (sudo bash $0)" + exit 1 + fi +} + +detect_arch() { + case "$(uname -m)" in + x86_64) echo "amd64" ;; + aarch64|arm64) echo "arm64" ;; + *) echo "unsupported" ;; + esac +} + +rand_str() { cat /dev/urandom | tr -dc 'A-Za-z0-9' | head -c "$1"; } + +urlencode() { + local string="$1" + if command -v python3 &>/dev/null; then + python3 -c "import urllib.parse, sys; print(urllib.parse.quote(sys.argv[1], safe=''))" "$string" + elif command -v python &>/dev/null; then + python -c "import urllib, sys; print(urllib.quote(sys.argv[1], safe=''))" "$string" + else + local strlen=${#string} + local encoded="" pos c o + for (( pos=0; pos/dev/null | grep -q "bbr"; then + print_info "开启 BBR 加速..." + echo "net.core.default_qdisc=fq" >> /etc/sysctl.conf + echo "net.ipv4.tcp_congestion_control=bbr" >> /etc/sysctl.conf + sysctl -p >/dev/null 2>&1 + fi +} + +install_dependencies() { + print_info "安装系统依赖..." + if [ -f /etc/debian_version ]; then + apt-get update -qq -y + apt-get install -y -qq curl wget openssl jq socat cron ufw tar lsof ca-certificates + elif [ -f /etc/redhat-release ]; then + yum install -y -q epel-release + yum install -y -q curl wget openssl jq socat cronie tar lsof ca-certificates + fi +} + +check_port() { + local port=$1 + if lsof -Pi :"$port" -sTCP:LISTEN -t >/dev/null 2>&1; then + print_error "端口 $port 已被占用!请更换端口或先停止占用该端口的服务。" + return 1 + fi + return 0 +} + +open_ports() { + local port=$1 + if command -v ufw &>/dev/null; then + ufw allow 80/tcp >/dev/null 2>&1 + ufw allow "$port"/tcp >/dev/null 2>&1 + ufw allow "$port"/udp >/dev/null 2>&1 + fi + if command -v firewall-cmd &>/dev/null; then + firewall-cmd --zone=public --add-port=80/tcp --permanent >/dev/null 2>&1 + firewall-cmd --zone=public --add-port="$port"/tcp --permanent >/dev/null 2>&1 + firewall-cmd --zone=public --add-port="$port"/udp --permanent >/dev/null 2>&1 + firewall-cmd --reload >/dev/null 2>&1 + fi +} + +# ================================================================ +# 通用 SSL 证书申请 (使用 Let's Encrypt) +# ================================================================ +apply_cert() { + local domain=$1 + local cert_dir=$2 + mkdir -p "$cert_dir" + + local acme_bin="$HOME/.acme.sh/acme.sh" + + print_info "正在为域名 $domain 申请 SSL 证书 (CA: Let's Encrypt)..." + print_info "需确保 80 端口未被占用且域名已正确解析到本机 IP" + + # 安装 acme.sh(若尚未安装) + if [ ! -f "$acme_bin" ]; then + curl https://get.acme.sh | sh + fi + export PATH="$HOME/.acme.sh:$PATH" + + # 强制切换到 Let's Encrypt + "$acme_bin" --set-default-ca --server letsencrypt >/dev/null 2>&1 + + # 释放 80 端口 + systemctl stop nginx 2>/dev/null || true + systemctl stop apache2 2>/dev/null || true + systemctl stop caddy 2>/dev/null || true + systemctl stop caddy-naive 2>/dev/null || true + + # 申请证书 + "$acme_bin" --issue -d "$domain" --standalone -k ec-256 --force \ + --server letsencrypt + + if [ $? -eq 0 ]; then + print_success "证书申请成功!" + "$acme_bin" --installcert -d "$domain" \ + --fullchainpath "$cert_dir/fullchain.pem" \ + --keypath "$cert_dir/privkey.pem" \ + --ecc + chmod 755 "$cert_dir" + chmod 644 "$cert_dir/fullchain.pem" "$cert_dir/privkey.pem" + return 0 + else + print_error "证书申请失败!请检查:" + print_error " 1. 域名 $domain 是否已解析到本机公网 IP" + print_error " 2. 80 端口是否可以从外部访问(Oracle 安全组需放行 80)" + return 1 + fi +} + +# ================================================================ +# 1. 部署 Xray (Vision/Reality) +# ================================================================ +do_install_xray() { + clear + echo -e "${BLUE} ── 部署 Xray (VLESS-Reality / Vision-TLS) ────────${NC}" + install_dependencies + + echo "1. VLESS-Reality (无需域名,适合无域名用户 - 推荐)" + echo "2. VLESS-Vision-TLS (需要自有域名并解析到本机)" + askline "请选择 [1-2]: " mode + askline "请输入 Xray 端口 [留空默认 443]: " PORT + PORT=${PORT:-443} + + if ! check_port "$PORT"; then sleep 2; return; fi + open_ports "$PORT" + + if ! command -v xray &>/dev/null; then + bash -c "$(curl -L https://github.com/XTLS/Xray-install/raw/main/install-release.sh)" @ install + fi + + local UUID + UUID=$(xray uuid) + local CONFIG_FILE="/usr/local/etc/xray/config.json" + + if [ "$mode" == "2" ]; then + askline "请输入你的域名 (如 s1.example.com): " USER_DOMAIN + if ! apply_cert "$USER_DOMAIN" "/usr/local/etc/xray/cert"; then return; fi + cat > "$CONFIG_FILE" << EOF +{ + "inbounds": [{ + "port": $PORT, "protocol": "vless", + "settings": { "clients": [ { "id": "$UUID", "flow": "xtls-rprx-vision" } ], "decryption": "none" }, + "streamSettings": { + "network": "tcp", "security": "tls", + "tlsSettings": { "certificates": [ { + "certificateFile": "/usr/local/etc/xray/cert/fullchain.pem", + "keyFile": "/usr/local/etc/xray/cert/privkey.pem" + } ] } + }, + "sniffing": { "enabled": true, "destOverride": ["http", "tls"] } + }], + "outbounds": [{ "protocol": "freedom", "tag": "direct" }] +} +EOF + LINK_ADDR="$USER_DOMAIN" + LINK_SNI="$USER_DOMAIN" + LINK_TYPE="tls" + LINK_EXTRA="" + SHOW_MSG="Vision-TLS" + else + local KEYS + KEYS=$(xray x25519) + local PRIVATE_KEY + PRIVATE_KEY=$(echo "$KEYS" | grep -i "PrivateKey" | awk -F': ' '{print $2}' | tr -d ' ') + local PUBLIC_KEY + PUBLIC_KEY=$(echo "$KEYS" | grep -i "PublicKey" | awk -F': ' '{print $2}' | tr -d ' ') + + echo "选择伪装域名:" + echo " 1. dl.google.com" + echo " 2. www.apple.com" + echo " 3. www.microsoft.com" + askline "请选择 [留空默认 1]: " dest_choice + case $dest_choice in + 2) DEST="www.apple.com:443"; SNI="www.apple.com" ;; + 3) DEST="www.microsoft.com:443"; SNI="www.microsoft.com" ;; + *) DEST="dl.google.com:443"; SNI="dl.google.com" ;; + esac + + local SHORT_ID + SHORT_ID=$(openssl rand -hex 8) + cat > "$CONFIG_FILE" << EOF +{ + "inbounds": [{ + "port": $PORT, "protocol": "vless", + "settings": { "clients": [ { "id": "$UUID", "flow": "xtls-rprx-vision" } ], "decryption": "none" }, + "streamSettings": { + "network": "tcp", "security": "reality", + "realitySettings": { + "show": false, "dest": "$DEST", "xver": 0, + "serverNames": ["$SNI"], + "privateKey": "$PRIVATE_KEY", + "shortIds": ["", "$SHORT_ID"] + } + }, + "sniffing": { "enabled": true, "destOverride": ["http", "tls"] } + }], + "outbounds": [{ "protocol": "freedom", "tag": "direct" }] +} +EOF + LINK_ADDR=$(curl -s4 ifconfig.me 2>/dev/null || curl -s6 ifconfig.me) + LINK_SNI="$SNI" + LINK_TYPE="reality" + LINK_EXTRA="&pbk=${PUBLIC_KEY}&sid=${SHORT_ID}" + SHOW_MSG="Reality" + fi + + systemctl daemon-reload + systemctl restart xray + systemctl enable xray + + local ALIAS + ALIAS=$(urlencode "Xray-${SHOW_MSG}-${PORT}") + local VLESS_LINK="vless://${UUID}@${LINK_ADDR}:${PORT}?security=${LINK_TYPE}&encryption=none&type=tcp&flow=xtls-rprx-vision&sni=${LINK_SNI}&fp=chrome${LINK_EXTRA}#${ALIAS}" + + echo "==========================================" + print_success "Xray ($SHOW_MSG) 部署成功!" + echo -e "${YELLOW}【VLESS 分享链接 (直接导入)】${NC}" + echo -e "${GREEN}${VLESS_LINK}${NC}" + echo "==========================================" + read -n 1 -s -r -p "按任意键返回..." +} + +# ================================================================ +# 2. 部署 NaïveProxy (Caddy + 网盘伪装) +# ================================================================ +generate_fake_site() { + local site_name="$1" + local domain="$2" + local webroot="/var/www/naive-disguise" + mkdir -p "$webroot" + cat > "$webroot/index.html" <${site_name}Drive — Private Cloud
${site_name}Drive Private

Sign in to your vault

Access is restricted to authorized accounts only.

Invalid credentials.
+HTMLEOF +} + +do_install_naive() { + clear + echo -e "${BLUE} ── 部署 NaïveProxy (带 Vault 私有网盘伪装) ────────${NC}" + local arch + arch=$(detect_arch) + [ "$arch" = "unsupported" ] && { print_error "不支持的 CPU 架构"; return; } + install_dependencies + + askline "请输入代理域名 (DNS需提前解析到本机): " domain + askline "请输入 Naive 端口 [留空默认 443]: " PORT + PORT=${PORT:-443} + + if ! check_port "$PORT"; then sleep 2; return; fi + + askline "网盘名称 [留空默认 Vault]: " sitename + sitename=${sitename:-Vault} + + local username="naive_$(rand_str 6 | tr '[:upper:]' '[:lower:]')" + local password + password=$(rand_str 18) + + open_ports "$PORT" + + if ! apply_cert "$domain" "/etc/caddy/cert"; then return; fi + + step "下载 Caddy (含 forwardproxy)..." + local caddy_url + if [ "$arch" = "arm64" ]; then + caddy_url="https://github.com/Michaol/caddy-naive/releases/latest/download/caddy-linux-arm64" + else + caddy_url="https://github.com/Michaol/caddy-naive/releases/latest/download/caddy-linux-amd64" + fi + if ! wget -q --show-progress -O /usr/local/bin/caddy "$caddy_url"; then + print_error "下载 Caddy 失败,请检查网络。" + return + fi + chmod +x /usr/local/bin/caddy + setcap 'cap_net_bind_service=+ep' /usr/local/bin/caddy 2>/dev/null || true + + mkdir -p /etc/caddy /var/lib/caddy /var/log/caddy + id caddy &>/dev/null || useradd --system --home /var/lib/caddy --shell /usr/sbin/nologin caddy + + generate_fake_site "$sitename" "$domain" + chown -R caddy:caddy /var/www/naive-disguise /etc/caddy /var/lib/caddy /var/log/caddy + + cat > /etc/caddy/Caddyfile < /etc/systemd/system/caddy-naive.service </dev/null; then + step "下载 Sing-box Core..." + local version + version=$(curl -s https://api.github.com/repos/SagerNet/sing-box/releases/latest \ + | grep '"tag_name":' | sed -E 's/.*"v([^"]+)".*/\1/') + if [ -z "$version" ]; then + print_error "无法获取 sing-box 最新版本,请检查网络。" + return + fi + wget -q --show-progress -O /tmp/sing-box.tar.gz \ + "https://github.com/SagerNet/sing-box/releases/download/v${version}/sing-box-${version}-linux-${sb_arch}.tar.gz" + tar -xzf /tmp/sing-box.tar.gz -C /tmp/ + mv "/tmp/sing-box-${version}-linux-${sb_arch}/sing-box" /usr/local/bin/ + chmod +x /usr/local/bin/sing-box + rm -rf /tmp/sing-box.tar.gz "/tmp/sing-box-${version}-linux-${sb_arch}" + fi + + if ! apply_cert "$USER_DOMAIN" "/usr/local/etc/sing-box/cert"; then return; fi + + local ss_pass + ss_pass="$(rand_str 16)" + + mkdir -p /usr/local/etc/sing-box + cat > /usr/local/etc/sing-box/config.json < /etc/systemd/system/sing-box.service </dev/null; then + need_install=1 + else + local sb_ver + sb_ver=$(sing-box version 2>/dev/null | grep -E '^sing-box version' | awk '{print $3}' | head -1) + local sb_major=${sb_ver%%.*} + local sb_minor + sb_minor=$(echo "$sb_ver" | awk -F. '{print $2}') + if [ "${sb_major:-0}" -lt 1 ] || { [ "${sb_major:-0}" -eq 1 ] && [ "${sb_minor:-0}" -lt 11 ]; }; then + print_warning "当前 sing-box 版本 ($sb_ver) 不支持 AnyTLS,需要 1.11+,将重新安装最新版..." + need_install=1 + fi + fi + + if [ "$need_install" -eq 1 ]; then + step "下载 Sing-box Core (最新版)..." + local version + version=$(curl -s https://api.github.com/repos/SagerNet/sing-box/releases/latest \ + | grep '"tag_name":' | sed -E 's/.*"v([^"]+)".*/\1/') + if [ -z "$version" ]; then + print_error "无法获取 sing-box 最新版本,请检查网络。" + return + fi + wget -q --show-progress -O /tmp/sing-box.tar.gz \ + "https://github.com/SagerNet/sing-box/releases/download/v${version}/sing-box-${version}-linux-${sb_arch}.tar.gz" + tar -xzf /tmp/sing-box.tar.gz -C /tmp/ + mv "/tmp/sing-box-${version}-linux-${sb_arch}/sing-box" /usr/local/bin/sing-box + chmod +x /usr/local/bin/sing-box + rm -rf /tmp/sing-box.tar.gz "/tmp/sing-box-${version}-linux-${sb_arch}" + fi + + if ! apply_cert "$USER_DOMAIN" "/usr/local/etc/sing-box-anytls/cert"; then return; fi + + local password + password="$(rand_str 32)" + + mkdir -p /usr/local/etc/sing-box-anytls + cat > /usr/local/etc/sing-box-anytls/config.json < /etc/systemd/system/sing-box-anytls.service </dev/null || true + systemctl disable caddy-naive 2>/dev/null || true + rm -f /etc/systemd/system/caddy-naive.service /usr/local/bin/caddy + rm -rf /etc/caddy /var/lib/caddy /var/www/naive-disguise + print_success "NaïveProxy 已卸载" +} + +un_singbox() { + systemctl stop sing-box 2>/dev/null || true + systemctl disable sing-box 2>/dev/null || true + rm -f /etc/systemd/system/sing-box.service /usr/local/bin/sing-box + rm -rf /usr/local/etc/sing-box + print_success "Sing-box 已卸载" +} + +un_anytls() { + systemctl stop sing-box-anytls 2>/dev/null || true + systemctl disable sing-box-anytls 2>/dev/null || true + rm -f /etc/systemd/system/sing-box-anytls.service + rm -rf /usr/local/etc/sing-box-anytls + print_success "AnyTLS 已卸载" +} + +# ================================================================ +# 主菜单 +# ================================================================ +while true; do + clear + echo -e "${BLUE} ╔════════════════════════════════════════════════════╗${NC}" + echo -e "${BLUE} ║ 🚀 终极四合一 代理管理面板 ║${NC}" + echo -e "${BLUE} ║ Xray(Reality/Vision) + NaïveProxy + SS-TLS + AnyTLS ║${NC}" + echo -e "${BLUE} ╚════════════════════════════════════════════════════╝${NC}" + echo -e " ${YELLOW}注意: 同时部署多个协议请使用不同端口!(如 443, 8443, 9443)${NC}" + echo "" + echo -e " ${CYAN}[安装 & 部署]${NC}" + echo -e " ${YELLOW}1)${NC} 部署 Xray ${GREEN}(VLESS-Reality / Vision-TLS)${NC}" + echo -e " ${YELLOW}2)${NC} 部署 NaïveProxy ${GREEN}(含 Vault 网盘伪装 - 究极隐蔽)${NC}" + echo -e " ${YELLOW}3)${NC} 部署 Sing-box ${GREEN}(Shadowsocks + TLS 协议)${NC}" + echo -e " ${YELLOW}4)${NC} 部署 AnyTLS ${GREEN}(sing-box,抗流量检测 - 推荐)${NC}" + echo "" + echo -e " ${CYAN}[管理 & 卸载]${NC}" + echo -e " ${YELLOW}5)${NC} 管理 Xray" + echo -e " ${YELLOW}6)${NC} 管理 NaïveProxy" + echo -e " ${YELLOW}7)${NC} 管理 Sing-box (SS-TLS)" + echo -e " ${YELLOW}8)${NC} 管理 AnyTLS" + echo "" + echo -e " ${YELLOW}0)${NC} 退出" + echo "" + askline "请输入选项: " choice + case "$choice" in + 1) check_root; enable_bbr; do_install_xray ;; + 2) check_root; enable_bbr; do_install_naive ;; + 3) check_root; enable_bbr; do_install_sstls ;; + 4) check_root; enable_bbr; do_install_anytls ;; + 5) check_root; manage_service "xray" "Xray" "un_xray" ;; + 6) check_root; manage_service "caddy-naive" "NaïveProxy" "un_naive" ;; + 7) check_root; manage_service "sing-box" "Sing-box" "un_singbox" ;; + 8) check_root; manage_service "sing-box-anytls" "AnyTLS" "un_anytls" ;; + 0|q|Q) echo -e "\n${BLUE}向开源生态致敬!再见 🫡${NC}\n"; exit 0 ;; + *) print_warning "无效选项"; sleep 1 ;; + esac +done \ No newline at end of file