#!/bin/bash PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:~/bin export PATH RED_COLOR="\033[0;31m" NO_COLOR="\033[0m" GREEN="\033[32m\033[01m" BLUE="\033[0;36m" FUCHSIA="\033[0;35m" nginx_v=1.25.3.1 install_nginx(){ apt update -y && apt install vim curl lsof wget -y apt install build-essential libpcre3 libpcre3-dev zlib1g-dev openssl libssl-dev linux-image-amd64 linux-headers-amd64 -y wget -N --no-check-certificate https://git.igewu.org/yanglc/tunnel/raw/branch/main/$nginx_v.tar.gz && tar -xvzf $nginx_v.tar.gz cd openresty-$nginx_v ./configure \ --prefix=/etc/nginx \ --sbin-path=/usr/sbin/nginx \ --conf-path=/etc/nginx/nginx.conf \ --error-log-path=/var/log/nginx/error.log \ --http-log-path=/var/log/nginx/access.log \ --pid-path=/var/run/nginx.pid \ --lock-path=/var/run/nginx.lock \ --with-file-aio \ --with-threads \ --with-stream \ --with-stream_realip_module \ --with-stream_ssl_module \ --with-stream_ssl_preread_module make && make install cd rm -rf $nginx_v.tar.gz openresty-$nginx_v wget -N --no-check-certificate -P /etc/nginx/ "https://git.igewu.org/yanglc/tunnel/raw/branch/main/nginx.conf" wget -N --no-check-certificate -P /usr/lib/systemd/system/ "https://git.igewu.org/yanglc/tunnel/raw/branch/main/nginx.service" systemctl enable nginx --now systemctl daemon-reload install_wireguard 99_menu } install_wireguard(){ apt install linux-image-amd64 -y && apt install wireguard -y systemctl enable wg-quick@wg0 } nginx_conf(){ echo -e " ${GREEN} 1.跳板机 ${GREEN} 2.中转机 " read -p "输入选项:" aNum echo -e " ${GREEN} 1.隧道1(tunnel1) ${GREEN} 2.隧道2(tunnel2) ${GREEN} 3.隧道3(tunnel3) " read -p "请输入括号里的代号:" mplsdh if [ "$aNum" = "1" ];then rm -rf /etc/nginx/nginx.conf wget -N --no-check-certificate -P /etc/nginx/ "https://h5ai.98yys.pw/99/$mplsdh/luodi/nginx.txt" wget -N --no-check-certificate -P /etc/nginx/ssl "https://h5ai.98yys.pw/99/${mplsdh}/luodi/ca1.crt" wget -N --no-check-certificate -P /etc/nginx/ "https://git.igewu.org/yanglc/tunnel/raw/branch/main/nginx.conf" nginx_rows=`wc -l /etc/nginx/nginx.txt | awk '{print $1}'` echo -e " stream {" >> /etc/nginx/nginx.conf for((i=1;i<=$nginx_rows;i++)); do listen_ip=`sed -n "$i, 1p" /etc/nginx/nginx.txt | awk '{print $1}'` listen_port=`sed -n "$i, 1p" /etc/nginx/nginx.txt | awk '{print $2}'` remote_ip=`sed -n "$i, 1p" /etc/nginx/nginx.txt | awk '{print $3}'` remote_port=`sed -n "$i, 1p" /etc/nginx/nginx.txt | awk '{print $4}'` lan_ip=`sed -n "$i, 1p" /etc/nginx/nginx.txt | awk '{print $5}'` echo -e " server { listen $listen_ip:$listen_port ssl; listen $lan_ip:$listen_port udp; ssl_protocols TLSv1.3; ssl_conf_command MinProtocol TLSv1.3; ssl_conf_command Ciphersuites TLS_CHACHA20_POLY1305_SHA256; ssl_certificate /etc/nginx/ssl/server.crt; ssl_certificate_key /etc/nginx/ssl/server.key; ssl_client_certificate /etc/nginx/ssl/ca1.crt; ssl_verify_client on; ssl_session_cache shared:SSL:15m; ssl_session_timeout 3h; ssl_session_tickets off; tcp_nodelay on; proxy_pass $remote_ip:$remote_port; proxy_protocol off; access_log off; }" >> /etc/nginx/nginx.conf done elif [ "$aNum" = "2" ];then rm -rf /etc/nginx/nginx.conf wget -N --no-check-certificate -P /etc/nginx/ "https://h5ai.98yys.pw/99/$mplsdh/zhongzhuan/nginx.txt" wget -N --no-check-certificate -P /etc/nginx/ssl "https://h5ai.98yys.pw/99/${mplsdh}/zhongzhuan/ca1.crt" wget -N --no-check-certificate -P /etc/nginx/ "https://git.igewu.org/yanglc/tunnel/raw/branch/main/nginx.conf" nginx_rows=`wc -l /etc/nginx/nginx.txt | awk '{print $1}'` echo -e " stream {" >> /etc/nginx/nginx.conf for((i=1;i<=$nginx_rows;i++)); do listen_ip=`sed -n "$i, 1p" /etc/nginx/nginx.txt | awk '{print $1}'` listen_port=`sed -n "$i, 1p" /etc/nginx/nginx.txt | awk '{print $2}'` remote_ip=`sed -n "$i, 1p" /etc/nginx/nginx.txt | awk '{print $3}'` remote_port=`sed -n "$i, 1p" /etc/nginx/nginx.txt | awk '{print $4}'` lan_ip=`sed -n "$i, 1p" /etc/nginx/nginx.txt | awk '{print $5}'` echo -e " server { listen $listen_ip:$listen_port; proxy_ssl_certificate /etc/nginx/ssl/server.crt; proxy_ssl_certificate_key /etc/nginx/ssl/server.key; proxy_ssl_trusted_certificate /etc/nginx/ssl/ca1.crt; proxy_ssl_protocols TLSv1.3; proxy_ssl_server_name on; proxy_ssl_verify on; proxy_ssl on; ssl_session_tickets off; tcp_nodelay on; proxy_ssl_name $remote_ip; proxy_pass $remote_ip:$remote_port; proxy_protocol off; access_log off; } server { listen $listen_ip:$listen_port udp; proxy_pass $lan_ip:$remote_port; proxy_protocol off; access_log off; }" >> /etc/nginx/nginx.conf done fi echo -e " }" >> /etc/nginx/nginx.conf wireguard_conf systemctl restart nginx 99_menu } wireguard_conf(){ if [ "$aNum" = "1" ];then wget -N --no-check-certificate -P /etc/wireguard "https://h5ai.98yys.pw/99/${mplsdh}/luodi/wg0.conf" elif [ "$aNum" = "2" ];then wget -N --no-check-certificate -P /etc/wireguard "https://h5ai.98yys.pw/99/${mplsdh}/zhongzhuan/wg0.conf" fi wg-quick down wg0 wg-quick up wg0 } delete_firewall(){ if [[ "$EUID" -ne 0 ]]; then echo "false" else echo "true" fi if [[ -f /etc/redhat-release ]]; then release="centos" elif cat /etc/issue | grep -q -E -i "debian"; then release="debian" elif cat /etc/issue | grep -q -E -i "ubuntu"; then release="ubuntu" elif cat /etc/issue | grep -q -E -i "centos|red hat|redhat"; then release="centos" elif cat /proc/version | grep -q -E -i "debian"; then release="debian" elif cat /proc/version | grep -q -E -i "ubuntu"; then release="ubuntu" elif cat /proc/version | grep -q -E -i "centos|red hat|redhat"; then release="centos" fi if [[ $release = "ubuntu" || $release = "debian" ]]; then ufw disable apt-get remove ufw apt-get purge ufw elif [[ $release = "centos" ]]; then systemctl stop firewalld.service systemctl disable firewalld.service else exit 1 fi 99_menu } create_ssl(){ mkdir -p /etc/nginx/ssl cd /etc/nginx/ssl servername=`curl -s http://ipv4.icanhazip.com` cat > my-openssl.cnf << EOF [ ca ] default_ca = CA_default [ CA_default ] x509_extensions = usr_cert [ req ] default_bits = 2048 default_md = sha256 default_keyfile = privkey.pem distinguished_name = req_distinguished_name attributes = req_attributes x509_extensions = v3_ca string_mask = utf8only [ req_distinguished_name ] [ req_attributes ] [ usr_cert ] basicConstraints = CA:FALSE nsComment = "OpenSSL Generated Certificate" subjectKeyIdentifier = hash authorityKeyIdentifier = keyid,issuer [ v3_ca ] subjectKeyIdentifier = hash authorityKeyIdentifier = keyid:always,issuer basicConstraints = CA:true EOF openssl genrsa -out ca.key 2048 openssl req -x509 -new -nodes -key ca.key -subj "/CN=${servername}" -days 5000 -out ca.crt openssl genrsa -out server.key 2048 openssl req -new -sha256 -key server.key \ -subj "/C=CN/ST=lj/L=lj/O=ljfxz/CN=${servername}" \ -reqexts SAN \ -config <(cat my-openssl.cnf <(printf "\n[SAN]\nsubjectAltName=DNS:${servername},IP:${servername}")) \ -out server.csr openssl x509 -req -days 365 -sha256 \ -in server.csr -CA ca.crt -CAkey ca.key -CAcreateserial \ -extfile <(printf "subjectAltName=DNS:${servername},IP:${servername}") \ -out server.crt cat /etc/nginx/ssl/ca.crt } install_kernel(){ wget -N --no-check-certificate "https://git.igewu.org/yanglc/tunnel/raw/branch/main/tcp.sh" && chmod +x tcp.sh && ./tcp.sh } install_v2ray(){ bash <(curl -Ls https://raw.githubusercontent.com/vaxilu/soga/master/install.sh) rm -rf /etc/soga/soga.conf read -p "输入对接域名(例如www.baidu.com):" ym read -p "输入节点id:" nodeid read -p "输入mukey:" mukey read -p "输入soga授权码:" sogakey echo " # 基础配置 type=sspanel-uim server_type=v2ray node_id=${nodeid} soga_key=${sogakey} # webapi 或 db 对接任选一个 api=webapi # webapi 对接信息 webapi_url=https://${ym} webapi_key=${mukey} # db 对接信息 db_host= db_port= db_name= db_user= db_password= # 手动证书配置 cert_file= key_file= # 自动证书配置 cert_mode= cert_domain= cert_key_length=ec-256 dns_provider= # dns 配置 default_dns= dns_cache_time=10 dns_strategy=ipv4_first # v2ray 特殊配置 v2ray_reduce_memory=false vless=false vless_flow= # proxy protocol 中转配置 proxy_protocol=false # 全局限制用户 IP 数配置 redis_enable=false redis_addr= redis_password= redis_db=0 conn_limit_expiry=60 # 其它杂项 user_conn_limit=0 user_speed_limit=0 node_speed_limit=0 check_interval=60 force_close_ssl=false forbidden_bit_torrent=true log_level=info # 更多配置项如有需要自行添加 " > /etc/soga/soga.conf soga restart } manage_nginx(){ echo -e " ${GREEN} 1.停止隧道 ${GREEN} 2.启动隧道 ${GREEN} 3.重启隧道 " read -p "请输入选项:" bNum if [ "$bNum" = "1" ];then wg-quick down wg0 systemctl stop nginx elif [ "$bNum" = "2" ];then wg-quick up wg0 systemctl start nginx elif [ "$bNum" = "3" ];then wg-quick down wg0 wg-quick up wg0 systemctl restart nginx fi 99_menu } 99_menu(){ clear echo -e " ${GREEN} 1.安装隧道工具 ${GREEN} 2.获取隧道配置 ${GREEN} 3.对接v2ray ${GREEN} 4.删除防火墙 ${GREEN} 5.管理隧道 ${GREEN} 6.自签ssl ${GREEN} 7.安装内核 ${GREEN} 0.退出脚本" read -p " 请输入数字后[0-7] 按回车键:" num case "$num" in 1) install_nginx ;; 2) nginx_conf ;; 3) install_v2ray ;; 4) delete_firewall ;; 5) manage_nginx ;; 6) create_ssl ;; 7) install_kernel ;; 0) exit 1 ;; *) echo "请输入正确数字 [0-7] 按回车键" sleep 1s 99_menu ;; esac } 99_menu