zhangyang/Na-veProxy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
Na-veProxy/install.sh
T
zhangyang 9645e78568 添加 install.sh
2026-05-14 20:58:51 +00:00

725 lines
28 KiB
Bash
Raw Permalink Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
#!/bin/bash
# ================================================================
# 🚀 终极四合一 代理管理面板 克劳德魔改版
# 支持 amd64 / arm64Ubuntu / Debian / CentOS
# 集成: Xray(Vision/Reality) + NaïveProxy + Sing-box(SS-TLS) + AnyTLS
# ================================================================
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
BLUE='\033[0;34m'
CYAN='\033[0;36m'
NC='\033[0m'
print_info() { echo -e "${BLUE}[信息]${NC} $1"; }
print_success() { echo -e "${GREEN}[成功]${NC} $1"; }
print_warning() { echo -e "${YELLOW}[警告]${NC} $1"; }
print_error() { echo -e "${RED}[错误]${NC} $1"; }
step() { echo -e "${CYAN}$1${NC}"; }
askline() {
local prompt="$1"
local varname="$2"
echo -e -n "${YELLOW}${prompt}${NC} "
read -r "$varname"
}
check_root() {
if [[ $EUID -ne 0 ]]; then
print_error "请使用 root 权限运行此脚本 (sudo bash $0)"
exit 1
fi
}
detect_arch() {
case "$(uname -m)" in
x86_64) echo "amd64" ;;
aarch64|arm64) echo "arm64" ;;
*) echo "unsupported" ;;
esac
}
rand_str() { cat /dev/urandom | tr -dc 'A-Za-z0-9' | head -c "$1"; }
urlencode() {
local string="$1"
if command -v python3 &>/dev/null; then
python3 -c "import urllib.parse, sys; print(urllib.parse.quote(sys.argv[1], safe=''))" "$string"
elif command -v python &>/dev/null; then
python -c "import urllib, sys; print(urllib.quote(sys.argv[1], safe=''))" "$string"
else
local strlen=${#string}
local encoded="" pos c o
for (( pos=0; pos<strlen; pos++ )); do
c=${string:$pos:1}
case "$c" in
[-_.~a-zA-Z0-9]) o="${c}" ;;
*) printf -v o '%%%02X' "'$c" ;;
esac
encoded+="${o}"
done
echo "${encoded}"
fi
}
enable_bbr() {
if ! sysctl net.ipv4.tcp_congestion_control 2>/dev/null | grep -q "bbr"; then
print_info "开启 BBR 加速..."
echo "net.core.default_qdisc=fq" >> /etc/sysctl.conf
echo "net.ipv4.tcp_congestion_control=bbr" >> /etc/sysctl.conf
sysctl -p >/dev/null 2>&1
fi
}
install_dependencies() {
print_info "安装系统依赖..."
if [ -f /etc/debian_version ]; then
apt-get update -qq -y
apt-get install -y -qq curl wget openssl jq socat cron ufw tar lsof ca-certificates
elif [ -f /etc/redhat-release ]; then
yum install -y -q epel-release
yum install -y -q curl wget openssl jq socat cronie tar lsof ca-certificates
fi
}
check_port() {
local port=$1
if lsof -Pi :"$port" -sTCP:LISTEN -t >/dev/null 2>&1; then
print_error "端口 $port 已被占用!请更换端口或先停止占用该端口的服务。"
return 1
fi
return 0
}
open_ports() {
local port=$1
if command -v ufw &>/dev/null; then
ufw allow 80/tcp >/dev/null 2>&1
ufw allow "$port"/tcp >/dev/null 2>&1
ufw allow "$port"/udp >/dev/null 2>&1
fi
if command -v firewall-cmd &>/dev/null; then
firewall-cmd --zone=public --add-port=80/tcp --permanent >/dev/null 2>&1
firewall-cmd --zone=public --add-port="$port"/tcp --permanent >/dev/null 2>&1
firewall-cmd --zone=public --add-port="$port"/udp --permanent >/dev/null 2>&1
firewall-cmd --reload >/dev/null 2>&1
fi
}
# ================================================================
# 通用 SSL 证书申请 (使用 Let's Encrypt)
# ================================================================
apply_cert() {
local domain=$1
local cert_dir=$2
mkdir -p "$cert_dir"
local acme_bin="$HOME/.acme.sh/acme.sh"
print_info "正在为域名 $domain 申请 SSL 证书 (CA: Let's Encrypt)..."
print_info "需确保 80 端口未被占用且域名已正确解析到本机 IP"
# 安装 acme.sh(若尚未安装)
if [ ! -f "$acme_bin" ]; then
curl https://get.acme.sh | sh
fi
export PATH="$HOME/.acme.sh:$PATH"
# 强制切换到 Let's Encrypt
"$acme_bin" --set-default-ca --server letsencrypt >/dev/null 2>&1
# 释放 80 端口
systemctl stop nginx 2>/dev/null || true
systemctl stop apache2 2>/dev/null || true
systemctl stop caddy 2>/dev/null || true
systemctl stop caddy-naive 2>/dev/null || true
# 申请证书
"$acme_bin" --issue -d "$domain" --standalone -k ec-256 --force \
--server letsencrypt
if [ $? -eq 0 ]; then
print_success "证书申请成功!"
"$acme_bin" --installcert -d "$domain" \
--fullchainpath "$cert_dir/fullchain.pem" \
--keypath "$cert_dir/privkey.pem" \
--ecc
chmod 755 "$cert_dir"
chmod 644 "$cert_dir/fullchain.pem" "$cert_dir/privkey.pem"
return 0
else
print_error "证书申请失败!请检查:"
print_error " 1. 域名 $domain 是否已解析到本机公网 IP"
print_error " 2. 80 端口是否可以从外部访问(Oracle 安全组需放行 80"
return 1
fi
}
# ================================================================
# 1. 部署 Xray (Vision/Reality)
# ================================================================
do_install_xray() {
clear
echo -e "${BLUE} ── 部署 Xray (VLESS-Reality / Vision-TLS) ────────${NC}"
install_dependencies
echo "1. VLESS-Reality (无需域名,适合无域名用户 - 推荐)"
echo "2. VLESS-Vision-TLS (需要自有域名并解析到本机)"
askline "请选择 [1-2]: " mode
askline "请输入 Xray 端口 [留空默认 443]: " PORT
PORT=${PORT:-443}
if ! check_port "$PORT"; then sleep 2; return; fi
open_ports "$PORT"
if ! command -v xray &>/dev/null; then
bash -c "$(curl -L https://github.com/XTLS/Xray-install/raw/main/install-release.sh)" @ install
fi
local UUID
UUID=$(xray uuid)
local CONFIG_FILE="/usr/local/etc/xray/config.json"
if [ "$mode" == "2" ]; then
askline "请输入你的域名 (如 s1.example.com): " USER_DOMAIN
if ! apply_cert "$USER_DOMAIN" "/usr/local/etc/xray/cert"; then return; fi
cat > "$CONFIG_FILE" << EOF
{
"inbounds": [{
"port": $PORT, "protocol": "vless",
"settings": { "clients": [ { "id": "$UUID", "flow": "xtls-rprx-vision" } ], "decryption": "none" },
"streamSettings": {
"network": "tcp", "security": "tls",
"tlsSettings": { "certificates": [ {
"certificateFile": "/usr/local/etc/xray/cert/fullchain.pem",
"keyFile": "/usr/local/etc/xray/cert/privkey.pem"
} ] }
},
"sniffing": { "enabled": true, "destOverride": ["http", "tls"] }
}],
"outbounds": [{ "protocol": "freedom", "tag": "direct" }]
}
EOF
LINK_ADDR="$USER_DOMAIN"
LINK_SNI="$USER_DOMAIN"
LINK_TYPE="tls"
LINK_EXTRA=""
SHOW_MSG="Vision-TLS"
else
local KEYS
KEYS=$(xray x25519)
local PRIVATE_KEY
PRIVATE_KEY=$(echo "$KEYS" | grep -i "PrivateKey" | awk -F': ' '{print $2}' | tr -d ' ')
local PUBLIC_KEY
PUBLIC_KEY=$(echo "$KEYS" | grep -i "PublicKey" | awk -F': ' '{print $2}' | tr -d ' ')
echo "选择伪装域名:"
echo " 1. dl.google.com"
echo " 2. www.apple.com"
echo " 3. www.microsoft.com"
askline "请选择 [留空默认 1]: " dest_choice
case $dest_choice in
2) DEST="www.apple.com:443"; SNI="www.apple.com" ;;
3) DEST="www.microsoft.com:443"; SNI="www.microsoft.com" ;;
*) DEST="dl.google.com:443"; SNI="dl.google.com" ;;
esac
local SHORT_ID
SHORT_ID=$(openssl rand -hex 8)
cat > "$CONFIG_FILE" << EOF
{
"inbounds": [{
"port": $PORT, "protocol": "vless",
"settings": { "clients": [ { "id": "$UUID", "flow": "xtls-rprx-vision" } ], "decryption": "none" },
"streamSettings": {
"network": "tcp", "security": "reality",
"realitySettings": {
"show": false, "dest": "$DEST", "xver": 0,
"serverNames": ["$SNI"],
"privateKey": "$PRIVATE_KEY",
"shortIds": ["", "$SHORT_ID"]
}
},
"sniffing": { "enabled": true, "destOverride": ["http", "tls"] }
}],
"outbounds": [{ "protocol": "freedom", "tag": "direct" }]
}
EOF
LINK_ADDR=$(curl -s4 ifconfig.me 2>/dev/null || curl -s6 ifconfig.me)
LINK_SNI="$SNI"
LINK_TYPE="reality"
LINK_EXTRA="&pbk=${PUBLIC_KEY}&sid=${SHORT_ID}"
SHOW_MSG="Reality"
fi
systemctl daemon-reload
systemctl restart xray
systemctl enable xray
local ALIAS
ALIAS=$(urlencode "Xray-${SHOW_MSG}-${PORT}")
local VLESS_LINK="vless://${UUID}@${LINK_ADDR}:${PORT}?security=${LINK_TYPE}&encryption=none&type=tcp&flow=xtls-rprx-vision&sni=${LINK_SNI}&fp=chrome${LINK_EXTRA}#${ALIAS}"
echo "=========================================="
print_success "Xray ($SHOW_MSG) 部署成功!"
echo -e "${YELLOW}【VLESS 分享链接 (直接导入)】${NC}"
echo -e "${GREEN}${VLESS_LINK}${NC}"
echo "=========================================="
read -n 1 -s -r -p "按任意键返回..."
}
# ================================================================
# 2. 部署 NaïveProxy (Caddy + 网盘伪装)
# ================================================================
generate_fake_site() {
local site_name="$1"
local domain="$2"
local webroot="/var/www/naive-disguise"
mkdir -p "$webroot"
cat > "$webroot/index.html" <<HTMLEOF
<!DOCTYPE html><html lang="en"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width, initial-scale=1.0"><title>${site_name}Drive — Private Cloud</title><style>*{box-sizing:border-box;margin:0;padding:0}body{font-family:-apple-system,BlinkMacSystemFont,'Segoe UI',sans-serif;background:#0f0f14;min-height:100vh;display:flex;flex-direction:column;align-items:center;justify-content:center;padding:1.5rem}.logo-wrap{display:flex;align-items:center;gap:10px;margin-bottom:2rem}.logo-icon{width:38px;height:38px;border-radius:9px;background:#1e1b4b;border:1px solid #312e81;display:flex;align-items:center;justify-content:center}.logo-icon svg{width:20px;height:20px}.logo-text{font-size:17px;font-weight:600;color:#e2e8f0;letter-spacing:-0.3px}.logo-text span{color:#818cf8}.badge{display:inline-flex;align-items:center;gap:3px;font-size:10px;padding:2px 7px;border-radius:99px;background:#1e1b4b;color:#a5b4fc;margin-left:7px;font-weight:500;border:1px solid #312e81}.card{background:#16161f;border:1px solid #232336;border-radius:14px;padding:2rem;width:100%;max-width:380px}.card-title{font-size:18px;font-weight:600;color:#e2e8f0;margin-bottom:4px}.card-sub{font-size:13px;color:#64748b;margin-bottom:1.5rem;line-height:1.5}.field{margin-bottom:1rem}.field label{display:block;font-size:11px;font-weight:600;color:#475569;margin-bottom:6px;text-transform:uppercase;letter-spacing:0.6px}.field input{width:100%;padding:9px 12px;font-size:14px;border:1px solid #232336;border-radius:8px;background:#0f0f14;color:#e2e8f0;outline:none}.btn{width:100%;padding:10px;font-size:14px;font-weight:600;color:#fff;background:#6366f1;border:none;border-radius:8px;cursor:pointer;margin-top:.5rem}.alert{padding:10px 12px;border-radius:8px;font-size:13px;margin-bottom:1rem;display:none;align-items:center;gap:8px;background:#2d1515;color:#f87171;border:1px solid #7f1d1d}.alert.show{display:flex}</style></head><body><div class="logo-wrap"><div class="logo-icon"><svg viewBox="0 0 24 24" fill="none" stroke="#818cf8" stroke-width="1.8" stroke-linecap="round" stroke-linejoin="round"><ellipse cx="12" cy="12" rx="10" ry="10"/><path d="M12 2C8.5 7 8.5 17 12 22"/><path d="M12 2C15.5 7 15.5 17 12 22"/><path d="M2 12h20"/></svg></div><div class="logo-text">${site_name}<span>Drive</span> <span class="badge">Private</span></div></div><div class="card"><p class="card-title">Sign in to your vault</p><p class="card-sub">Access is restricted to authorized accounts only.</p><div class="alert" id="alert"><span id="alert-msg">Invalid credentials.</span></div><div class="field"><label>Email address</label><input type="email" id="email" placeholder="you@${domain}" autocomplete="email"/></div><div class="field"><label>Password</label><input type="password" id="password" placeholder="••••••••••••" autocomplete="current-password"/></div><button class="btn" onclick="doLogin()">Sign in</button></div><script>function doLogin(){const a=document.getElementById('alert');document.getElementById('alert-msg').textContent='Authentication failed.';a.classList.add('show');setTimeout(()=>a.classList.remove('show'),3000);}</script></body></html>
HTMLEOF
}
do_install_naive() {
clear
echo -e "${BLUE} ── 部署 NaïveProxy (带 Vault 私有网盘伪装) ────────${NC}"
local arch
arch=$(detect_arch)
[ "$arch" = "unsupported" ] && { print_error "不支持的 CPU 架构"; return; }
install_dependencies
askline "请输入代理域名 (DNS需提前解析到本机): " domain
askline "请输入 Naive 端口 [留空默认 443]: " PORT
PORT=${PORT:-443}
if ! check_port "$PORT"; then sleep 2; return; fi
askline "网盘名称 [留空默认 Vault]: " sitename
sitename=${sitename:-Vault}
local username="naive_$(rand_str 6 | tr '[:upper:]' '[:lower:]')"
local password
password=$(rand_str 18)
open_ports "$PORT"
if ! apply_cert "$domain" "/etc/caddy/cert"; then return; fi
step "下载 Caddy (含 forwardproxy)..."
local caddy_url
if [ "$arch" = "arm64" ]; then
caddy_url="https://github.com/Michaol/caddy-naive/releases/latest/download/caddy-linux-arm64"
else
caddy_url="https://github.com/Michaol/caddy-naive/releases/latest/download/caddy-linux-amd64"
fi
if ! wget -q --show-progress -O /usr/local/bin/caddy "$caddy_url"; then
print_error "下载 Caddy 失败,请检查网络。"
return
fi
chmod +x /usr/local/bin/caddy
setcap 'cap_net_bind_service=+ep' /usr/local/bin/caddy 2>/dev/null || true
mkdir -p /etc/caddy /var/lib/caddy /var/log/caddy
id caddy &>/dev/null || useradd --system --home /var/lib/caddy --shell /usr/sbin/nologin caddy
generate_fake_site "$sitename" "$domain"
chown -R caddy:caddy /var/www/naive-disguise /etc/caddy /var/lib/caddy /var/log/caddy
cat > /etc/caddy/Caddyfile <<EOF
{
admin off
}
$domain:$PORT {
tls /etc/caddy/cert/fullchain.pem /etc/caddy/cert/privkey.pem {
protocols tls1.2 tls1.3
}
route {
forward_proxy {
basic_auth ${username} ${password}
hide_ip
hide_via
probe_resistance
}
file_server {
root /var/www/naive-disguise
}
}
}
EOF
cat > /etc/systemd/system/caddy-naive.service <<EOF
[Unit]
Description=Caddy NaiveProxy
After=network.target
[Service]
Type=notify
User=caddy
ExecStart=/usr/local/bin/caddy run --config /etc/caddy/Caddyfile --adapter caddyfile
Restart=on-failure
LimitNOFILE=1048576
AmbientCapabilities=CAP_NET_BIND_SERVICE
[Install]
WantedBy=multi-user.target
EOF
systemctl daemon-reload
systemctl restart caddy-naive
systemctl enable caddy-naive
local uri="naive+https://${username}:${password}@${domain}:${PORT}"
echo "=========================================="
print_success "NaïveProxy 部署成功!"
echo "=========================================="
echo " 协议 : naive+https"
echo " 域名 : $domain"
echo " 端口 : $PORT"
echo " 用户名 : $username"
echo " 密码 : $password"
echo "=========================================="
echo -e "${YELLOW}【一键导入 URI】${NC}"
echo -e "${GREEN}${uri}${NC}"
read -n 1 -s -r -p "按任意键返回..."
}
# ================================================================
# 3. 部署 Sing-box (Shadowsocks + TLS)
# ================================================================
do_install_sstls() {
clear
echo -e "${BLUE} ── 部署 Sing-box (Shadowsocks + TLS 协议) ─────────${NC}"
install_dependencies
local arch
arch=$(detect_arch)
local sb_arch
case "$arch" in
amd64) sb_arch="amd64" ;;
arm64) sb_arch="arm64" ;;
*) print_error "架构不支持"; return ;;
esac
askline "请输入绑定域名 (DNS需解析到本机): " USER_DOMAIN
askline "请输入 SS-TLS 监听端口 [留空默认 443]: " PORT
PORT=${PORT:-443}
if ! check_port "$PORT"; then sleep 2; return; fi
open_ports "$PORT"
if ! command -v sing-box &>/dev/null; then
step "下载 Sing-box Core..."
local version
version=$(curl -s https://api.github.com/repos/SagerNet/sing-box/releases/latest \
| grep '"tag_name":' | sed -E 's/.*"v([^"]+)".*/\1/')
if [ -z "$version" ]; then
print_error "无法获取 sing-box 最新版本,请检查网络。"
return
fi
wget -q --show-progress -O /tmp/sing-box.tar.gz \
"https://github.com/SagerNet/sing-box/releases/download/v${version}/sing-box-${version}-linux-${sb_arch}.tar.gz"
tar -xzf /tmp/sing-box.tar.gz -C /tmp/
mv "/tmp/sing-box-${version}-linux-${sb_arch}/sing-box" /usr/local/bin/
chmod +x /usr/local/bin/sing-box
rm -rf /tmp/sing-box.tar.gz "/tmp/sing-box-${version}-linux-${sb_arch}"
fi
if ! apply_cert "$USER_DOMAIN" "/usr/local/etc/sing-box/cert"; then return; fi
local ss_pass
ss_pass="$(rand_str 16)"
mkdir -p /usr/local/etc/sing-box
cat > /usr/local/etc/sing-box/config.json <<EOF
{
"log": { "level": "warn" },
"inbounds": [
{
"type": "shadowsocks",
"tag": "ss-tls-in",
"listen": "::",
"listen_port": $PORT,
"method": "aes-256-gcm",
"password": "$ss_pass",
"tls": {
"enabled": true,
"server_name": "$USER_DOMAIN",
"certificate_path": "/usr/local/etc/sing-box/cert/fullchain.pem",
"key_path": "/usr/local/etc/sing-box/cert/privkey.pem"
}
}
],
"outbounds": [
{ "type": "direct", "tag": "direct" }
]
}
EOF
cat > /etc/systemd/system/sing-box.service <<EOF
[Unit]
Description=sing-box Service
After=network.target
[Service]
ExecStart=/usr/local/bin/sing-box run -c /usr/local/etc/sing-box/config.json
Restart=on-failure
LimitNOFILE=infinity
[Install]
WantedBy=multi-user.target
EOF
systemctl daemon-reload
systemctl restart sing-box
systemctl enable sing-box
echo "=========================================="
print_success "Sing-box (SS-TLS) 部署成功!"
echo "=========================================="
echo " 域名 (Server) : $USER_DOMAIN"
echo " 端口 (Port) : $PORT"
echo " 密码 (Password) : $ss_pass"
echo " 加密 (Method) : aes-256-gcm"
echo "=========================================="
echo -e "${YELLOW}【sing-box 客户端配置片段】${NC}"
cat <<SBEOF
{
"type": "shadowsocks",
"tag": "SS-TLS-Node",
"server": "$USER_DOMAIN",
"server_port": $PORT,
"method": "aes-256-gcm",
"password": "$ss_pass",
"tls": { "enabled": true, "server_name": "$USER_DOMAIN" }
}
SBEOF
echo "=========================================="
read -n 1 -s -r -p "按任意键返回..."
}
# ================================================================
# 4. 部署 AnyTLS (sing-box)
# ================================================================
do_install_anytls() {
clear
echo -e "${BLUE} ── 部署 AnyTLS (sing-box,抗流量检测) ─────────────${NC}"
install_dependencies
local arch
arch=$(detect_arch)
local sb_arch
case "$arch" in
amd64) sb_arch="amd64" ;;
arm64) sb_arch="arm64" ;;
*) print_error "架构不支持"; return ;;
esac
askline "请输入绑定域名 (DNS需解析到本机): " USER_DOMAIN
askline "请输入 AnyTLS 监听端口 [留空默认 443]: " PORT
PORT=${PORT:-443}
if ! check_port "$PORT"; then sleep 2; return; fi
open_ports "$PORT"
local need_install=0
if ! command -v sing-box &>/dev/null; then
need_install=1
else
local sb_ver
sb_ver=$(sing-box version 2>/dev/null | grep -E '^sing-box version' | awk '{print $3}' | head -1)
local sb_major=${sb_ver%%.*}
local sb_minor
sb_minor=$(echo "$sb_ver" | awk -F. '{print $2}')
if [ "${sb_major:-0}" -lt 1 ] || { [ "${sb_major:-0}" -eq 1 ] && [ "${sb_minor:-0}" -lt 11 ]; }; then
print_warning "当前 sing-box 版本 ($sb_ver) 不支持 AnyTLS,需要 1.11+,将重新安装最新版..."
need_install=1
fi
fi
if [ "$need_install" -eq 1 ]; then
step "下载 Sing-box Core (最新版)..."
local version
version=$(curl -s https://api.github.com/repos/SagerNet/sing-box/releases/latest \
| grep '"tag_name":' | sed -E 's/.*"v([^"]+)".*/\1/')
if [ -z "$version" ]; then
print_error "无法获取 sing-box 最新版本,请检查网络。"
return
fi
wget -q --show-progress -O /tmp/sing-box.tar.gz \
"https://github.com/SagerNet/sing-box/releases/download/v${version}/sing-box-${version}-linux-${sb_arch}.tar.gz"
tar -xzf /tmp/sing-box.tar.gz -C /tmp/
mv "/tmp/sing-box-${version}-linux-${sb_arch}/sing-box" /usr/local/bin/sing-box
chmod +x /usr/local/bin/sing-box
rm -rf /tmp/sing-box.tar.gz "/tmp/sing-box-${version}-linux-${sb_arch}"
fi
if ! apply_cert "$USER_DOMAIN" "/usr/local/etc/sing-box-anytls/cert"; then return; fi
local password
password="$(rand_str 32)"
mkdir -p /usr/local/etc/sing-box-anytls
cat > /usr/local/etc/sing-box-anytls/config.json <<EOF
{
"log": { "level": "warn" },
"inbounds": [
{
"type": "anytls",
"tag": "anytls-in",
"listen": "::",
"listen_port": $PORT,
"users": [
{ "name": "user1", "password": "$password" }
],
"tls": {
"enabled": true,
"server_name": "$USER_DOMAIN",
"certificate_path": "/usr/local/etc/sing-box-anytls/cert/fullchain.pem",
"key_path": "/usr/local/etc/sing-box-anytls/cert/privkey.pem"
}
}
],
"outbounds": [
{ "type": "direct", "tag": "direct" }
]
}
EOF
cat > /etc/systemd/system/sing-box-anytls.service <<EOF
[Unit]
Description=sing-box AnyTLS Service
After=network.target
[Service]
ExecStart=/usr/local/bin/sing-box run -c /usr/local/etc/sing-box-anytls/config.json
Restart=on-failure
LimitNOFILE=infinity
[Install]
WantedBy=multi-user.target
EOF
systemctl daemon-reload
systemctl restart sing-box-anytls
systemctl enable sing-box-anytls
echo "=========================================="
print_success "AnyTLS 部署成功!"
echo "=========================================="
echo " 域名 (Server) : $USER_DOMAIN"
echo " 端口 (Port) : $PORT"
echo " 密码 (Password) : $password"
echo "=========================================="
echo -e "${YELLOW}【sing-box 客户端配置片段】${NC}"
cat <<SBEOF
{
"type": "anytls",
"tag": "AnyTLS-Node",
"server": "$USER_DOMAIN",
"server_port": $PORT,
"password": "$password",
"tls": {
"enabled": true,
"server_name": "$USER_DOMAIN"
}
}
SBEOF
echo "=========================================="
echo -e "${YELLOW}【Hiddify / 小火箭填写方式】${NC}"
echo " 类型 : AnyTLS"
echo " 地址 : $USER_DOMAIN"
echo " 端口 : $PORT"
echo " 密码 : $password"
echo " TLS : 开启"
echo " SNI : $USER_DOMAIN"
echo "=========================================="
read -n 1 -s -r -p "按任意键返回..."
}
# ================================================================
# 服务管理
# ================================================================
manage_service() {
local svc_name=$1
local display_name=$2
local uninstall_func=$3
clear
echo -e "${BLUE} ── 管理 ${display_name} ────────────────────────${NC}"
echo " 1) 启动/重启"
echo " 2) 停止"
echo " 3) 查看实时日志 (按 Ctrl+C 退出)"
echo " 4) 完全卸载 ${display_name}"
echo " 0) 返回主菜单"
echo ""
askline "请选择: " sel
case $sel in
1) systemctl restart "$svc_name"; systemctl enable "$svc_name"; print_success "已启动/重启" ;;
2) systemctl stop "$svc_name"; print_info "已停止" ;;
3) journalctl -u "$svc_name" -f --no-pager ;;
4) $uninstall_func ;;
*) return ;;
esac
sleep 2
}
un_xray() {
bash -c "$(curl -L https://github.com/XTLS/Xray-install/raw/main/install-release.sh)" @ remove
rm -rf /usr/local/etc/xray
print_success "Xray 已卸载"
}
un_naive() {
systemctl stop caddy-naive 2>/dev/null || true
systemctl disable caddy-naive 2>/dev/null || true
rm -f /etc/systemd/system/caddy-naive.service /usr/local/bin/caddy
rm -rf /etc/caddy /var/lib/caddy /var/www/naive-disguise
print_success "NaïveProxy 已卸载"
}
un_singbox() {
systemctl stop sing-box 2>/dev/null || true
systemctl disable sing-box 2>/dev/null || true
rm -f /etc/systemd/system/sing-box.service /usr/local/bin/sing-box
rm -rf /usr/local/etc/sing-box
print_success "Sing-box 已卸载"
}
un_anytls() {
systemctl stop sing-box-anytls 2>/dev/null || true
systemctl disable sing-box-anytls 2>/dev/null || true
rm -f /etc/systemd/system/sing-box-anytls.service
rm -rf /usr/local/etc/sing-box-anytls
print_success "AnyTLS 已卸载"
}
# ================================================================
# 主菜单
# ================================================================
while true; do
clear
echo -e "${BLUE} ╔════════════════════════════════════════════════════╗${NC}"
echo -e "${BLUE} ║ 🚀 终极四合一 代理管理面板 ║${NC}"
echo -e "${BLUE} ║ Xray(Reality/Vision) + NaïveProxy + SS-TLS + AnyTLS ║${NC}"
echo -e "${BLUE} ╚════════════════════════════════════════════════════╝${NC}"
echo -e " ${YELLOW}注意: 同时部署多个协议请使用不同端口!(如 443, 8443, 9443)${NC}"
echo ""
echo -e " ${CYAN}[安装 & 部署]${NC}"
echo -e " ${YELLOW}1)${NC} 部署 Xray ${GREEN}(VLESS-Reality / Vision-TLS)${NC}"
echo -e " ${YELLOW}2)${NC} 部署 NaïveProxy ${GREEN}(含 Vault 网盘伪装 - 究极隐蔽)${NC}"
echo -e " ${YELLOW}3)${NC} 部署 Sing-box ${GREEN}(Shadowsocks + TLS 协议)${NC}"
echo -e " ${YELLOW}4)${NC} 部署 AnyTLS ${GREEN}(sing-box,抗流量检测 - 推荐)${NC}"
echo ""
echo -e " ${CYAN}[管理 & 卸载]${NC}"
echo -e " ${YELLOW}5)${NC} 管理 Xray"
echo -e " ${YELLOW}6)${NC} 管理 NaïveProxy"
echo -e " ${YELLOW}7)${NC} 管理 Sing-box (SS-TLS)"
echo -e " ${YELLOW}8)${NC} 管理 AnyTLS"
echo ""
echo -e " ${YELLOW}0)${NC} 退出"
echo ""
askline "请输入选项: " choice
case "$choice" in
1) check_root; enable_bbr; do_install_xray ;;
2) check_root; enable_bbr; do_install_naive ;;
3) check_root; enable_bbr; do_install_sstls ;;
4) check_root; enable_bbr; do_install_anytls ;;
5) check_root; manage_service "xray" "Xray" "un_xray" ;;
6) check_root; manage_service "caddy-naive" "NaïveProxy" "un_naive" ;;
7) check_root; manage_service "sing-box" "Sing-box" "un_singbox" ;;
8) check_root; manage_service "sing-box-anytls" "AnyTLS" "un_anytls" ;;
0|q|Q) echo -e "\n${BLUE}向开源生态致敬!再见 🫡${NC}\n"; exit 0 ;;
*) print_warning "无效选项"; sleep 1 ;;
esac
done
Reference in New Issue View Git Blame Copy Permalink