yanglc
/
tunnel
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
tunnel/99nginx.sh

373 lines
9.6 KiB
Bash
Raw Normal View History

first-commit
2024-01-16 14:44:09 +00:00
#!/bin/bash
PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:~/bin
export PATH
RED_COLOR="\033[0;31m"
NO_COLOR="\033[0m"
GREEN="\033[32m\033[01m"
BLUE="\033[0;36m"
FUCHSIA="\033[0;35m"
nginx_v=1.25.3.1
install_nginx(){
apt update -y && apt install vim curl lsof wget -y
apt install build-essential libpcre3 libpcre3-dev zlib1g-dev openssl libssl-dev linux-image-amd64 linux-headers-amd64 -y
wget -N --no-check-certificate https://git.igewu.org/yanglc/tunnel/raw/branch/main/$nginx_v.tar.gz && tar -xvzf $nginx_v.tar.gz
cd openresty-$nginx_v
./configure \
--prefix=/etc/nginx \
--sbin-path=/usr/sbin/nginx \
--conf-path=/etc/nginx/nginx.conf \
--error-log-path=/var/log/nginx/error.log \
--http-log-path=/var/log/nginx/access.log \
--pid-path=/var/run/nginx.pid \
--lock-path=/var/run/nginx.lock \
--with-file-aio \
--with-threads \
--with-stream \
--with-stream_realip_module \
--with-stream_ssl_module \
--with-stream_ssl_preread_module
make && make install
cd
rm -rf $nginx_v.tar.gz openresty-$nginx_v
wget -N --no-check-certificate -P /etc/nginx/ "https://git.igewu.org/yanglc/tunnel/raw/branch/main/nginx.conf"
wget -N --no-check-certificate -P /usr/lib/systemd/system/ "https://git.igewu.org/yanglc/tunnel/raw/branch/main/nginx.service"
systemctl enable nginx --now
systemctl daemon-reload
install_wireguard
99_menu
}
install_wireguard(){
apt install linux-image-amd64 -y && apt install wireguard -y
systemctl enable wg-quick@wg0
}
nginx_conf(){
echo -e "
${GREEN} 1.跳板机
${GREEN} 2.中转机
"
read -p "输入选项:" aNum
echo -e "
${GREEN} 1.隧道1(tunnel1)
${GREEN} 2.隧道2(tunnel2)
${GREEN} 3.隧道3(tunnel3)
"
read -p "请输入括号里的代号:" mplsdh
if [ "$aNum" = "1" ];then
rm -rf /etc/nginx/nginx.conf
wget -N --no-check-certificate -P /etc/nginx/ "https://h5ai.98yys.pw/99/$mplsdh/luodi/nginx.txt"
wget -N --no-check-certificate -P /etc/nginx/ssl "https://h5ai.98yys.pw/99/${mplsdh}/luodi/ca1.crt"
wget -N --no-check-certificate -P /etc/nginx/ "https://git.igewu.org/yanglc/tunnel/raw/branch/main/nginx.conf"
nginx_rows=`wc -l /etc/nginx/nginx.txt | awk '{print $1}'`
echo -e "
stream {" >> /etc/nginx/nginx.conf
for((i=1;i<=$nginx_rows;i++));
do
listen_ip=`sed -n "$i, 1p" /etc/nginx/nginx.txt | awk '{print $1}'`
listen_port=`sed -n "$i, 1p" /etc/nginx/nginx.txt | awk '{print $2}'`
remote_ip=`sed -n "$i, 1p" /etc/nginx/nginx.txt | awk '{print $3}'`
remote_port=`sed -n "$i, 1p" /etc/nginx/nginx.txt | awk '{print $4}'`
lan_ip=`sed -n "$i, 1p" /etc/nginx/nginx.txt | awk '{print $5}'`
echo -e "
server {
listen $listen_ip:$listen_port ssl;
listen $lan_ip:$listen_port udp;
ssl_protocols TLSv1.3;
ssl_conf_command MinProtocol TLSv1.3;
ssl_conf_command Ciphersuites TLS_CHACHA20_POLY1305_SHA256;
ssl_certificate /etc/nginx/ssl/server.crt;
ssl_certificate_key /etc/nginx/ssl/server.key;
ssl_client_certificate /etc/nginx/ssl/ca1.crt;
ssl_verify_client on;
ssl_session_cache shared:SSL:15m;
ssl_session_timeout 3h;
ssl_session_tickets off;
tcp_nodelay on;
proxy_pass $remote_ip:$remote_port;
proxy_protocol off;
access_log off;
}" >> /etc/nginx/nginx.conf
done
elif [ "$aNum" = "2" ];then
rm -rf /etc/nginx/nginx.conf
wget -N --no-check-certificate -P /etc/nginx/ "https://h5ai.98yys.pw/99/$mplsdh/zhongzhuan/nginx.txt"
wget -N --no-check-certificate -P /etc/nginx/ssl "https://h5ai.98yys.pw/99/${mplsdh}/zhongzhuan/ca1.crt"
wget -N --no-check-certificate -P /etc/nginx/ "https://git.igewu.org/yanglc/tunnel/raw/branch/main/nginx.conf"
nginx_rows=`wc -l /etc/nginx/nginx.txt | awk '{print $1}'`
echo -e "
stream {" >> /etc/nginx/nginx.conf
for((i=1;i<=$nginx_rows;i++));
do
listen_ip=`sed -n "$i, 1p" /etc/nginx/nginx.txt | awk '{print $1}'`
listen_port=`sed -n "$i, 1p" /etc/nginx/nginx.txt | awk '{print $2}'`
remote_ip=`sed -n "$i, 1p" /etc/nginx/nginx.txt | awk '{print $3}'`
remote_port=`sed -n "$i, 1p" /etc/nginx/nginx.txt | awk '{print $4}'`
lan_ip=`sed -n "$i, 1p" /etc/nginx/nginx.txt | awk '{print $5}'`
echo -e "
server {
listen $listen_ip:$listen_port;
proxy_ssl_certificate /etc/nginx/ssl/server.crt;
proxy_ssl_certificate_key /etc/nginx/ssl/server.key;
proxy_ssl_trusted_certificate /etc/nginx/ssl/ca1.crt;
proxy_ssl_protocols TLSv1.3;
proxy_ssl_server_name on;
proxy_ssl_verify on;
proxy_ssl on;
ssl_session_tickets off;
tcp_nodelay on;
proxy_ssl_name $remote_ip;
proxy_pass $remote_ip:$remote_port;
proxy_protocol off;
access_log off;
}
server {
listen $listen_ip:$listen_port udp;
proxy_pass $lan_ip:$remote_port;
proxy_protocol off;
access_log off;
}" >> /etc/nginx/nginx.conf
done
fi
echo -e "
}" >> /etc/nginx/nginx.conf
wireguard_conf
systemctl restart nginx
99_menu
}
wireguard_conf(){
if [ "$aNum" = "1" ];then
wget -N --no-check-certificate -P /etc/wireguard "https://h5ai.98yys.pw/99/${mplsdh}/luodi/wg0.conf"
elif [ "$aNum" = "2" ];then
wget -N --no-check-certificate -P /etc/wireguard "https://h5ai.98yys.pw/99/${mplsdh}/zhongzhuan/wg0.conf"
fi
wg-quick down wg0
wg-quick up wg0
}
delete_firewall(){
if [[ "$EUID" -ne 0 ]]; then
echo "false"
else
echo "true"
fi
if [[ -f /etc/redhat-release ]]; then
release="centos"
elif cat /etc/issue | grep -q -E -i "debian"; then
release="debian"
elif cat /etc/issue | grep -q -E -i "ubuntu"; then
release="ubuntu"
elif cat /etc/issue | grep -q -E -i "centos|red hat|redhat"; then
release="centos"
elif cat /proc/version | grep -q -E -i "debian"; then
release="debian"
elif cat /proc/version | grep -q -E -i "ubuntu"; then
release="ubuntu"
elif cat /proc/version | grep -q -E -i "centos|red hat|redhat"; then
release="centos"
fi
if [[ $release = "ubuntu" || $release = "debian" ]]; then
ufw disable
apt-get remove ufw
apt-get purge ufw
elif [[ $release = "centos" ]]; then
systemctl stop firewalld.service
systemctl disable firewalld.service
else
exit 1
fi
99_menu
}
create_ssl(){
mkdir -p /etc/nginx/ssl
cd /etc/nginx/ssl
servername=`curl -s http://ipv4.icanhazip.com`
cat > my-openssl.cnf << EOF
[ ca ]
default_ca = CA_default
[ CA_default ]
x509_extensions = usr_cert
[ req ]
default_bits = 2048
default_md = sha256
default_keyfile = privkey.pem
distinguished_name = req_distinguished_name
attributes = req_attributes
x509_extensions = v3_ca
string_mask = utf8only
[ req_distinguished_name ]
[ req_attributes ]
[ usr_cert ]
basicConstraints = CA:FALSE
nsComment = "OpenSSL Generated Certificate"
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid,issuer
[ v3_ca ]
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid:always,issuer
basicConstraints = CA:true
EOF
openssl genrsa -out ca.key 2048
openssl req -x509 -new -nodes -key ca.key -subj "/CN=${servername}" -days 5000 -out ca.crt
openssl genrsa -out server.key 2048
openssl req -new -sha256 -key server.key \
-subj "/C=CN/ST=lj/L=lj/O=ljfxz/CN=${servername}" \
-reqexts SAN \
-config <(cat my-openssl.cnf <(printf "\n[SAN]\nsubjectAltName=DNS:${servername},IP:${servername}")) \
-out server.csr
openssl x509 -req -days 365 -sha256 \
-in server.csr -CA ca.crt -CAkey ca.key -CAcreateserial \
-extfile <(printf "subjectAltName=DNS:${servername},IP:${servername}") \
-out server.crt
cat /etc/nginx/ssl/ca.crt
}
install_kernel(){
wget -N --no-check-certificate "https://git.igewu.org/yanglc/tunnel/raw/branch/main/tcp.sh" && chmod +x tcp.sh && ./tcp.sh
}
install_v2ray(){
bash <(curl -Ls https://raw.githubusercontent.com/vaxilu/soga/master/install.sh)
rm -rf /etc/soga/soga.conf
read -p "输入对接域名(例如www.baidu.com):" ym
read -p "输入节点id:" nodeid
read -p "输入mukey:" mukey
read -p "输入soga授权码:" sogakey
echo "
# 基础配置
type=sspanel-uim
server_type=v2ray
node_id=${nodeid}
soga_key=${sogakey}
# webapi 或 db 对接任选一个
api=webapi
# webapi 对接信息
webapi_url=https://${ym}
webapi_key=${mukey}
# db 对接信息
db_host=
db_port=
db_name=
db_user=
db_password=
# 手动证书配置
cert_file=
key_file=
# 自动证书配置
cert_mode=
cert_domain=
cert_key_length=ec-256
dns_provider=
# dns 配置
default_dns=
dns_cache_time=10
dns_strategy=ipv4_first
# v2ray 特殊配置
v2ray_reduce_memory=false
vless=false
vless_flow=
# proxy protocol 中转配置
proxy_protocol=false
# 全局限制用户 IP 数配置
redis_enable=false
redis_addr=
redis_password=
redis_db=0
conn_limit_expiry=60
# 其它杂项
user_conn_limit=0
user_speed_limit=0
node_speed_limit=0
check_interval=60
force_close_ssl=false
forbidden_bit_torrent=true
log_level=info
# 更多配置项如有需要自行添加
" > /etc/soga/soga.conf
soga restart
}
manage_nginx(){
echo -e "
${GREEN} 1.停止隧道
${GREEN} 2.启动隧道
${GREEN} 3.重启隧道
"
read -p "请输入选项:" bNum
if [ "$bNum" = "1" ];then
wg-quick down wg0
systemctl stop nginx
elif [ "$bNum" = "2" ];then
wg-quick up wg0
systemctl start nginx
elif [ "$bNum" = "3" ];then
wg-quick down wg0
wg-quick up wg0
systemctl restart nginx
fi
99_menu
}
99_menu(){
clear
echo -e "
${GREEN} 1.安装隧道工具
${GREEN} 2.获取隧道配置
${GREEN} 3.对接v2ray
${GREEN} 4.删除防火墙
${GREEN} 5.管理隧道
${GREEN} 6.自签ssl
${GREEN} 7.安装内核
${GREEN} 0.退出脚本"
read -p " 请输入数字后[0-7] 按回车键:" num
case "$num" in
1)
install_nginx
;;
2)
nginx_conf
;;
3)
install_v2ray
;;
4)
delete_firewall
;;
5)
manage_nginx
;;
6)
create_ssl
;;
7)
install_kernel
;;
0)
exit 1
;;
*)
echo "请输入正确数字 [0-7] 按回车键"
sleep 1s
99_menu
;;
esac
}
99_menu