2024-01-16 14:44:09 +00:00
|
|
|
|
#!/bin/bash
|
|
|
|
|
|
PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:~/bin
|
|
|
|
|
|
export PATH
|
|
|
|
|
|
|
|
|
|
|
|
RED_COLOR="\033[0;31m"
|
|
|
|
|
|
NO_COLOR="\033[0m"
|
|
|
|
|
|
GREEN="\033[32m\033[01m"
|
|
|
|
|
|
BLUE="\033[0;36m"
|
|
|
|
|
|
FUCHSIA="\033[0;35m"
|
|
|
|
|
|
|
|
|
|
|
|
nginx_v=1.25.3.1
|
|
|
|
|
|
|
|
|
|
|
|
install_nginx(){
|
|
|
|
|
|
apt update -y && apt install vim curl lsof wget -y
|
|
|
|
|
|
apt install build-essential libpcre3 libpcre3-dev zlib1g-dev openssl libssl-dev linux-image-amd64 linux-headers-amd64 -y
|
|
|
|
|
|
wget -N --no-check-certificate https://git.igewu.org/yanglc/tunnel/raw/branch/main/$nginx_v.tar.gz && tar -xvzf $nginx_v.tar.gz
|
|
|
|
|
|
cd openresty-$nginx_v
|
|
|
|
|
|
./configure \
|
|
|
|
|
|
--prefix=/etc/nginx \
|
|
|
|
|
|
--sbin-path=/usr/sbin/nginx \
|
|
|
|
|
|
--conf-path=/etc/nginx/nginx.conf \
|
|
|
|
|
|
--error-log-path=/var/log/nginx/error.log \
|
|
|
|
|
|
--http-log-path=/var/log/nginx/access.log \
|
|
|
|
|
|
--pid-path=/var/run/nginx.pid \
|
|
|
|
|
|
--lock-path=/var/run/nginx.lock \
|
|
|
|
|
|
--with-file-aio \
|
|
|
|
|
|
--with-threads \
|
|
|
|
|
|
--with-stream \
|
|
|
|
|
|
--with-stream_realip_module \
|
|
|
|
|
|
--with-stream_ssl_module \
|
|
|
|
|
|
--with-stream_ssl_preread_module
|
|
|
|
|
|
make && make install
|
|
|
|
|
|
cd
|
|
|
|
|
|
rm -rf $nginx_v.tar.gz openresty-$nginx_v
|
|
|
|
|
|
wget -N --no-check-certificate -P /etc/nginx/ "https://git.igewu.org/yanglc/tunnel/raw/branch/main/nginx.conf"
|
|
|
|
|
|
wget -N --no-check-certificate -P /usr/lib/systemd/system/ "https://git.igewu.org/yanglc/tunnel/raw/branch/main/nginx.service"
|
|
|
|
|
|
systemctl enable nginx --now
|
|
|
|
|
|
systemctl daemon-reload
|
|
|
|
|
|
install_wireguard
|
|
|
|
|
|
99_menu
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
install_wireguard(){
|
|
|
|
|
|
apt install linux-image-amd64 -y && apt install wireguard -y
|
|
|
|
|
|
systemctl enable wg-quick@wg0
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
nginx_conf(){
|
|
|
|
|
|
echo -e "
|
|
|
|
|
|
${GREEN} 1.跳板机
|
|
|
|
|
|
${GREEN} 2.中转机
|
|
|
|
|
|
"
|
|
|
|
|
|
read -p "输入选项:" aNum
|
|
|
|
|
|
echo -e "
|
|
|
|
|
|
${GREEN} 1.隧道1(tunnel1)
|
|
|
|
|
|
${GREEN} 2.隧道2(tunnel2)
|
|
|
|
|
|
${GREEN} 3.隧道3(tunnel3)
|
|
|
|
|
|
"
|
|
|
|
|
|
read -p "请输入括号里的代号:" mplsdh
|
|
|
|
|
|
if [ "$aNum" = "1" ];then
|
|
|
|
|
|
rm -rf /etc/nginx/nginx.conf
|
2024-01-16 15:09:44 +00:00
|
|
|
|
wget -N --no-check-certificate -P /etc/nginx/ "https://git.igewu.org/yanglc/tunnel/raw/branch/main/$mplsdh/client/nginx.txt"
|
|
|
|
|
|
wget -N --no-check-certificate -P /etc/nginx/ssl "https://git.igewu.org/yanglc/tunnel/raw/branch/main/$mplsdh/client/ca1.crt"
|
2024-01-16 14:44:09 +00:00
|
|
|
|
wget -N --no-check-certificate -P /etc/nginx/ "https://git.igewu.org/yanglc/tunnel/raw/branch/main/nginx.conf"
|
|
|
|
|
|
nginx_rows=`wc -l /etc/nginx/nginx.txt | awk '{print $1}'`
|
|
|
|
|
|
echo -e "
|
|
|
|
|
|
stream {" >> /etc/nginx/nginx.conf
|
|
|
|
|
|
for((i=1;i<=$nginx_rows;i++));
|
|
|
|
|
|
do
|
|
|
|
|
|
listen_ip=`sed -n "$i, 1p" /etc/nginx/nginx.txt | awk '{print $1}'`
|
|
|
|
|
|
listen_port=`sed -n "$i, 1p" /etc/nginx/nginx.txt | awk '{print $2}'`
|
|
|
|
|
|
remote_ip=`sed -n "$i, 1p" /etc/nginx/nginx.txt | awk '{print $3}'`
|
|
|
|
|
|
remote_port=`sed -n "$i, 1p" /etc/nginx/nginx.txt | awk '{print $4}'`
|
|
|
|
|
|
lan_ip=`sed -n "$i, 1p" /etc/nginx/nginx.txt | awk '{print $5}'`
|
|
|
|
|
|
echo -e "
|
|
|
|
|
|
server {
|
|
|
|
|
|
listen $listen_ip:$listen_port ssl;
|
|
|
|
|
|
listen $lan_ip:$listen_port udp;
|
|
|
|
|
|
ssl_protocols TLSv1.3;
|
|
|
|
|
|
ssl_conf_command MinProtocol TLSv1.3;
|
|
|
|
|
|
ssl_conf_command Ciphersuites TLS_CHACHA20_POLY1305_SHA256;
|
|
|
|
|
|
ssl_certificate /etc/nginx/ssl/server.crt;
|
|
|
|
|
|
ssl_certificate_key /etc/nginx/ssl/server.key;
|
|
|
|
|
|
ssl_client_certificate /etc/nginx/ssl/ca1.crt;
|
|
|
|
|
|
ssl_verify_client on;
|
|
|
|
|
|
ssl_session_cache shared:SSL:15m;
|
|
|
|
|
|
ssl_session_timeout 3h;
|
|
|
|
|
|
ssl_session_tickets off;
|
|
|
|
|
|
tcp_nodelay on;
|
|
|
|
|
|
proxy_pass $remote_ip:$remote_port;
|
|
|
|
|
|
proxy_protocol off;
|
|
|
|
|
|
access_log off;
|
|
|
|
|
|
}" >> /etc/nginx/nginx.conf
|
|
|
|
|
|
done
|
|
|
|
|
|
elif [ "$aNum" = "2" ];then
|
|
|
|
|
|
rm -rf /etc/nginx/nginx.conf
|
2024-01-16 15:09:44 +00:00
|
|
|
|
wget -N --no-check-certificate -P /etc/nginx/ "https://git.igewu.org/yanglc/tunnel/raw/branch/main/$mplsdh/server/nginx.txt"
|
|
|
|
|
|
wget -N --no-check-certificate -P /etc/nginx/ssl "https://git.igewu.org/yanglc/tunnel/raw/branch/main/$mplsdh/server/ca1.crt"
|
2024-01-16 14:44:09 +00:00
|
|
|
|
wget -N --no-check-certificate -P /etc/nginx/ "https://git.igewu.org/yanglc/tunnel/raw/branch/main/nginx.conf"
|
|
|
|
|
|
nginx_rows=`wc -l /etc/nginx/nginx.txt | awk '{print $1}'`
|
|
|
|
|
|
echo -e "
|
|
|
|
|
|
stream {" >> /etc/nginx/nginx.conf
|
|
|
|
|
|
for((i=1;i<=$nginx_rows;i++));
|
|
|
|
|
|
do
|
|
|
|
|
|
listen_ip=`sed -n "$i, 1p" /etc/nginx/nginx.txt | awk '{print $1}'`
|
|
|
|
|
|
listen_port=`sed -n "$i, 1p" /etc/nginx/nginx.txt | awk '{print $2}'`
|
|
|
|
|
|
remote_ip=`sed -n "$i, 1p" /etc/nginx/nginx.txt | awk '{print $3}'`
|
|
|
|
|
|
remote_port=`sed -n "$i, 1p" /etc/nginx/nginx.txt | awk '{print $4}'`
|
|
|
|
|
|
lan_ip=`sed -n "$i, 1p" /etc/nginx/nginx.txt | awk '{print $5}'`
|
|
|
|
|
|
echo -e "
|
|
|
|
|
|
server {
|
|
|
|
|
|
listen $listen_ip:$listen_port;
|
|
|
|
|
|
proxy_ssl_certificate /etc/nginx/ssl/server.crt;
|
|
|
|
|
|
proxy_ssl_certificate_key /etc/nginx/ssl/server.key;
|
|
|
|
|
|
proxy_ssl_trusted_certificate /etc/nginx/ssl/ca1.crt;
|
|
|
|
|
|
proxy_ssl_protocols TLSv1.3;
|
|
|
|
|
|
proxy_ssl_server_name on;
|
|
|
|
|
|
proxy_ssl_verify on;
|
|
|
|
|
|
proxy_ssl on;
|
|
|
|
|
|
ssl_session_tickets off;
|
|
|
|
|
|
tcp_nodelay on;
|
|
|
|
|
|
proxy_ssl_name $remote_ip;
|
|
|
|
|
|
proxy_pass $remote_ip:$remote_port;
|
|
|
|
|
|
proxy_protocol off;
|
|
|
|
|
|
access_log off;
|
|
|
|
|
|
}
|
|
|
|
|
|
server {
|
|
|
|
|
|
listen $listen_ip:$listen_port udp;
|
|
|
|
|
|
proxy_pass $lan_ip:$remote_port;
|
|
|
|
|
|
proxy_protocol off;
|
|
|
|
|
|
access_log off;
|
|
|
|
|
|
}" >> /etc/nginx/nginx.conf
|
|
|
|
|
|
done
|
|
|
|
|
|
fi
|
|
|
|
|
|
echo -e "
|
|
|
|
|
|
}" >> /etc/nginx/nginx.conf
|
|
|
|
|
|
wireguard_conf
|
|
|
|
|
|
systemctl restart nginx
|
|
|
|
|
|
99_menu
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
wireguard_conf(){
|
|
|
|
|
|
if [ "$aNum" = "1" ];then
|
2024-01-16 15:09:44 +00:00
|
|
|
|
wget -N --no-check-certificate -P /etc/wireguard "https://git.igewu.org/yanglc/tunnel/raw/branch/main/$mplsdh/client/wg0.conf"
|
2024-01-16 14:44:09 +00:00
|
|
|
|
elif [ "$aNum" = "2" ];then
|
2024-01-16 15:09:44 +00:00
|
|
|
|
wget -N --no-check-certificate -P /etc/wireguard "https://git.igewu.org/yanglc/tunnel/raw/branch/main/$mplsdh/server/wg0.conf"
|
2024-01-16 14:44:09 +00:00
|
|
|
|
fi
|
|
|
|
|
|
wg-quick down wg0
|
|
|
|
|
|
wg-quick up wg0
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
delete_firewall(){
|
|
|
|
|
|
if [[ "$EUID" -ne 0 ]]; then
|
|
|
|
|
|
echo "false"
|
|
|
|
|
|
else
|
|
|
|
|
|
echo "true"
|
|
|
|
|
|
fi
|
|
|
|
|
|
if [[ -f /etc/redhat-release ]]; then
|
|
|
|
|
|
release="centos"
|
|
|
|
|
|
elif cat /etc/issue | grep -q -E -i "debian"; then
|
|
|
|
|
|
release="debian"
|
|
|
|
|
|
elif cat /etc/issue | grep -q -E -i "ubuntu"; then
|
|
|
|
|
|
release="ubuntu"
|
|
|
|
|
|
elif cat /etc/issue | grep -q -E -i "centos|red hat|redhat"; then
|
|
|
|
|
|
release="centos"
|
|
|
|
|
|
elif cat /proc/version | grep -q -E -i "debian"; then
|
|
|
|
|
|
release="debian"
|
|
|
|
|
|
elif cat /proc/version | grep -q -E -i "ubuntu"; then
|
|
|
|
|
|
release="ubuntu"
|
|
|
|
|
|
elif cat /proc/version | grep -q -E -i "centos|red hat|redhat"; then
|
|
|
|
|
|
release="centos"
|
|
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
|
|
if [[ $release = "ubuntu" || $release = "debian" ]]; then
|
|
|
|
|
|
ufw disable
|
|
|
|
|
|
apt-get remove ufw
|
|
|
|
|
|
apt-get purge ufw
|
|
|
|
|
|
elif [[ $release = "centos" ]]; then
|
|
|
|
|
|
systemctl stop firewalld.service
|
|
|
|
|
|
systemctl disable firewalld.service
|
|
|
|
|
|
else
|
|
|
|
|
|
exit 1
|
|
|
|
|
|
fi
|
|
|
|
|
|
99_menu
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
create_ssl(){
|
|
|
|
|
|
mkdir -p /etc/nginx/ssl
|
|
|
|
|
|
cd /etc/nginx/ssl
|
2024-01-16 15:09:44 +00:00
|
|
|
|
servername=`curl -s https://ip.nekocat.cn`
|
2024-01-16 14:44:09 +00:00
|
|
|
|
cat > my-openssl.cnf << EOF
|
|
|
|
|
|
[ ca ]
|
|
|
|
|
|
default_ca = CA_default
|
|
|
|
|
|
[ CA_default ]
|
|
|
|
|
|
x509_extensions = usr_cert
|
|
|
|
|
|
[ req ]
|
|
|
|
|
|
default_bits = 2048
|
|
|
|
|
|
default_md = sha256
|
|
|
|
|
|
default_keyfile = privkey.pem
|
|
|
|
|
|
distinguished_name = req_distinguished_name
|
|
|
|
|
|
attributes = req_attributes
|
|
|
|
|
|
x509_extensions = v3_ca
|
|
|
|
|
|
string_mask = utf8only
|
|
|
|
|
|
[ req_distinguished_name ]
|
|
|
|
|
|
[ req_attributes ]
|
|
|
|
|
|
[ usr_cert ]
|
|
|
|
|
|
basicConstraints = CA:FALSE
|
|
|
|
|
|
nsComment = "OpenSSL Generated Certificate"
|
|
|
|
|
|
subjectKeyIdentifier = hash
|
|
|
|
|
|
authorityKeyIdentifier = keyid,issuer
|
|
|
|
|
|
[ v3_ca ]
|
|
|
|
|
|
subjectKeyIdentifier = hash
|
|
|
|
|
|
authorityKeyIdentifier = keyid:always,issuer
|
|
|
|
|
|
basicConstraints = CA:true
|
|
|
|
|
|
EOF
|
|
|
|
|
|
openssl genrsa -out ca.key 2048
|
|
|
|
|
|
openssl req -x509 -new -nodes -key ca.key -subj "/CN=${servername}" -days 5000 -out ca.crt
|
|
|
|
|
|
openssl genrsa -out server.key 2048
|
|
|
|
|
|
openssl req -new -sha256 -key server.key \
|
2024-01-16 15:09:44 +00:00
|
|
|
|
-subj "/C=CN/ST=yanglc/L=yanglc/O=mymisaka/CN=${servername}" \
|
2024-01-16 14:44:09 +00:00
|
|
|
|
-reqexts SAN \
|
|
|
|
|
|
-config <(cat my-openssl.cnf <(printf "\n[SAN]\nsubjectAltName=DNS:${servername},IP:${servername}")) \
|
|
|
|
|
|
-out server.csr
|
|
|
|
|
|
openssl x509 -req -days 365 -sha256 \
|
|
|
|
|
|
-in server.csr -CA ca.crt -CAkey ca.key -CAcreateserial \
|
|
|
|
|
|
-extfile <(printf "subjectAltName=DNS:${servername},IP:${servername}") \
|
|
|
|
|
|
-out server.crt
|
|
|
|
|
|
cat /etc/nginx/ssl/ca.crt
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
install_kernel(){
|
|
|
|
|
|
wget -N --no-check-certificate "https://git.igewu.org/yanglc/tunnel/raw/branch/main/tcp.sh" && chmod +x tcp.sh && ./tcp.sh
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2024-01-16 15:09:44 +00:00
|
|
|
|
get_ip(){
|
|
|
|
|
|
ehco -e "你的ipv6地址是:"
|
|
|
|
|
|
curl -6 ip.nekocat.cn
|
|
|
|
|
|
ehco -e "你的ipv4地址是:"
|
|
|
|
|
|
curl -4 ip.nekocat.cn
|
2024-01-16 14:44:09 +00:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
manage_nginx(){
|
|
|
|
|
|
echo -e "
|
|
|
|
|
|
${GREEN} 1.停止隧道
|
|
|
|
|
|
${GREEN} 2.启动隧道
|
|
|
|
|
|
${GREEN} 3.重启隧道
|
|
|
|
|
|
"
|
|
|
|
|
|
read -p "请输入选项:" bNum
|
|
|
|
|
|
if [ "$bNum" = "1" ];then
|
|
|
|
|
|
wg-quick down wg0
|
|
|
|
|
|
systemctl stop nginx
|
|
|
|
|
|
elif [ "$bNum" = "2" ];then
|
|
|
|
|
|
wg-quick up wg0
|
|
|
|
|
|
systemctl start nginx
|
|
|
|
|
|
elif [ "$bNum" = "3" ];then
|
|
|
|
|
|
wg-quick down wg0
|
|
|
|
|
|
wg-quick up wg0
|
|
|
|
|
|
systemctl restart nginx
|
|
|
|
|
|
fi
|
|
|
|
|
|
99_menu
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
99_menu(){
|
|
|
|
|
|
clear
|
|
|
|
|
|
echo -e "
|
|
|
|
|
|
${GREEN} 1.安装隧道工具
|
|
|
|
|
|
${GREEN} 2.获取隧道配置
|
2024-01-16 15:09:44 +00:00
|
|
|
|
${GREEN} 3.查看当前ip
|
2024-01-16 14:44:09 +00:00
|
|
|
|
${GREEN} 4.删除防火墙
|
|
|
|
|
|
${GREEN} 5.管理隧道
|
|
|
|
|
|
${GREEN} 6.自签ssl
|
|
|
|
|
|
${GREEN} 7.安装内核
|
|
|
|
|
|
${GREEN} 0.退出脚本"
|
|
|
|
|
|
read -p " 请输入数字后[0-7] 按回车键:" num
|
|
|
|
|
|
case "$num" in
|
|
|
|
|
|
1)
|
|
|
|
|
|
install_nginx
|
|
|
|
|
|
;;
|
|
|
|
|
|
2)
|
|
|
|
|
|
nginx_conf
|
|
|
|
|
|
;;
|
2024-01-16 15:09:44 +00:00
|
|
|
|
3)
|
|
|
|
|
|
get_ip
|
2024-01-16 14:44:09 +00:00
|
|
|
|
;;
|
|
|
|
|
|
4)
|
|
|
|
|
|
delete_firewall
|
|
|
|
|
|
;;
|
|
|
|
|
|
5)
|
|
|
|
|
|
manage_nginx
|
|
|
|
|
|
;;
|
|
|
|
|
|
6)
|
|
|
|
|
|
create_ssl
|
|
|
|
|
|
;;
|
|
|
|
|
|
7)
|
|
|
|
|
|
install_kernel
|
|
|
|
|
|
;;
|
|
|
|
|
|
0)
|
|
|
|
|
|
exit 1
|
|
|
|
|
|
;;
|
|
|
|
|
|
*)
|
|
|
|
|
|
echo "请输入正确数字 [0-7] 按回车键"
|
|
|
|
|
|
sleep 1s
|
|
|
|
|
|
99_menu
|
|
|
|
|
|
;;
|
|
|
|
|
|
esac
|
|
|
|
|
|
}
|
|
|
|
|
|
99_menu
|
