diff --git a/rungost.sh b/rungost.sh index 43266d5..7a3ba91 100644 --- a/rungost.sh +++ b/rungost.sh @@ -3,7 +3,7 @@ Green_font_prefix="\033[32m" && Red_font_prefix="\033[31m" && Green_background_p Info="${Green_font_prefix}[信息]${Font_color_suffix}" Error="${Red_font_prefix}[错误]${Font_color_suffix}" shell_version="1.1.1" -ct_new_ver="2.11.2" +ct_new_ver="2.11.2" # 2.x 不再跟随官方更新 gost_conf_path="/etc/gost/config.json" raw_conf_path="/etc/gost/rawconf" function checknew() { @@ -111,8 +111,8 @@ function Install_ct() { mv gost-linux-"$bit"-"$ct_new_ver" gost mv gost /usr/bin/gost chmod -R 777 /usr/bin/gost - wget --no-check-certificate https://raw.githubusercontent.com/KANIKIG/Multi-EasyGost/master/gost.service && chmod -R 777 gost.service && mv gost.service /usr/lib/systemd/system - mkdir /etc/gost && wget --no-check-certificate https://raw.githubusercontent.com/KANIKIG/Multi-EasyGost/master/config.json && mv config.json /etc/gost && chmod -R 777 /etc/gost + wget --no-check-certificate https://raw.githubusercontent.com/yangliuchang/xbbox/main/gost.service && chmod -R 777 gost.service && mv gost.service /usr/lib/systemd/system + mkdir /etc/gost && wget --no-check-certificate https://raw.githubusercontent.com/yangliuchang/xbbox/main/config.json && mv config.json /etc/gost && chmod -R 777 /etc/gost fi systemctl enable gost && systemctl restart gost @@ -167,6 +167,15 @@ function read_protocol() { echo -e "说明: 对于经由gost加密中转的流量, 通过此选项进行解密并转发给本机的代理服务端口或转发给其他远程机器" echo -e " 一般设置在用于接收中转流量的国外机器上" echo -e "-----------------------------------" + echo -e "[4] 一键安装ss/socks5/http代理" + echo -e "说明: 使用gost内置的代理协议,轻量且易于管理" + echo -e "-----------------------------------" + echo -e "[5] 进阶:多落地均衡负载" + echo -e "说明: 支持各种加密方式的简单均衡负载" + echo -e "-----------------------------------" + echo -e "[6] 进阶:转发CDN自选节点" + echo -e "说明: 只需在中转机设置" + echo -e "-----------------------------------" read -p "请选择: " numprotocol if [ "$numprotocol" == "1" ]; then @@ -175,12 +184,115 @@ function read_protocol() { encrypt elif [ "$numprotocol" == "3" ]; then decrypt + elif [ "$numprotocol" == "4" ]; then + proxy + elif [ "$numprotocol" == "5" ]; then + enpeer + elif [ "$numprotocol" == "6" ]; then + cdn else echo "type error, please try again" exit fi } +function read_s_port() { + if [ "$flag_a" == "ss" ]; then + echo -e "-----------------------------------" + read -p "请输入ss密码: " flag_b + elif [ "$flag_a" == "socks" ]; then + echo -e "-----------------------------------" + read -p "请输入socks密码: " flag_b + elif [ "$flag_a" == "http" ]; then + echo -e "-----------------------------------" + read -p "请输入http密码: " flag_b + else + echo -e "------------------------------------------------------------------" + echo -e "请问你要将本机哪个端口接收到的流量进行转发?" + read -p "请输入: " flag_b + fi +} function read_d_ip() { + if [ "$flag_a" == "ss" ]; then + echo -e "------------------------------------------------------------------" + echo -e "请问您要设置的ss加密(仅提供常用的几种): " + echo -e "-----------------------------------" + echo -e "[1] aes-256-gcm" + echo -e "[2] aes-256-cfb" + echo -e "[3] chacha20-ietf-poly1305" + echo -e "[4] chacha20" + echo -e "[5] rc4-md5" + echo -e "[6] AEAD_CHACHA20_POLY1305" + echo -e "-----------------------------------" + read -p "请选择ss加密方式: " ssencrypt + + if [ "$ssencrypt" == "1" ]; then + flag_c="aes-256-gcm" + elif [ "$ssencrypt" == "2" ]; then + flag_c="aes-256-cfb" + elif [ "$ssencrypt" == "3" ]; then + flag_c="chacha20-ietf-poly1305" + elif [ "$ssencrypt" == "4" ]; then + flag_c="chacha20" + elif [ "$ssencrypt" == "5" ]; then + flag_c="rc4-md5" + elif [ "$ssencrypt" == "6" ]; then + flag_c="AEAD_CHACHA20_POLY1305" + else + echo "type error, please try again" + exit + fi + elif [ "$flag_a" == "socks" ]; then + echo -e "-----------------------------------" + read -p "请输入socks用户名: " flag_c + elif [ "$flag_a" == "http" ]; then + echo -e "-----------------------------------" + read -p "请输入http用户名: " flag_c + elif [[ "$flag_a" == "peer"* ]]; then + echo -e "------------------------------------------------------------------" + echo -e "请输入落地列表文件名" + read -e -p "自定义但不同配置应不重复,不用输入后缀,例如ips1、iplist2: " flag_c + touch $flag_c.txt + echo -e "------------------------------------------------------------------" + echo -e "请依次输入你要均衡负载的落地ip与端口" + while true; do + echo -e "请问你要将本机从${flag_b}接收到的流量转发向的IP或域名?" + read -p "请输入: " peer_ip + echo -e "请问你要将本机从${flag_b}接收到的流量转发向${peer_ip}的哪个端口?" + read -p "请输入: " peer_port + echo -e "$peer_ip:$peer_port" >>$flag_c.txt + read -e -p "是否继续添加落地?[Y/n]:" addyn + [[ -z ${addyn} ]] && addyn="y" + if [[ ${addyn} == [Nn] ]]; then + echo -e "------------------------------------------------------------------" + echo -e "已在root目录创建$flag_c.txt,您可以随时编辑该文件修改落地信息,重启gost即可生效" + echo -e "------------------------------------------------------------------" + break + else + echo -e "------------------------------------------------------------------" + echo -e "继续添加均衡负载落地配置" + fi + done + elif [[ "$flag_a" == "cdn"* ]]; then + echo -e "------------------------------------------------------------------" + echo -e "将本机从${flag_b}接收到的流量转发向的自选ip:" + read -p "请输入: " flag_c + echo -e "请问你要将本机从${flag_b}接收到的流量转发向${flag_c}的哪个端口?" + echo -e "[1] 80" + echo -e "[2] 443" + echo -e "[3] 自定义端口(如8080等)" + read -p "请选择端口: " cdnport + if [ "$cdnport" == "1" ]; then + flag_c="$flag_c:80" + elif [ "$cdnport" == "2" ]; then + flag_c="$flag_c:443" + elif [ "$cdnport" == "3" ]; then + read -p "请输入自定义端口: " customport + flag_c="$flag_c:$customport" + else + echo "type error, please try again" + exit + fi + else echo -e "------------------------------------------------------------------" echo -e "请问你要将本机从${flag_b}接收到的流量转发向哪个IP或域名?" echo -e "注: IP既可以是[远程机器/当前机器]的公网IP, 也可是以本机本地回环IP(即127.0.0.1)" @@ -189,9 +301,22 @@ function read_d_ip() { echo -e "注意: 落地机开启自定义tls证书,务必填写${Red_font_prefix}域名${Font_color_suffix}" fi read -p "请输入: " flag_c + fi } function read_d_port() { - if [[ "$flag_a" == "peer"* ]]; then + if [ "$flag_a" == "ss" ]; then + echo -e "------------------------------------------------------------------" + echo -e "请问你要设置ss代理服务的端口?" + read -p "请输入: " flag_d + elif [ "$flag_a" == "socks" ]; then + echo -e "------------------------------------------------------------------" + echo -e "请问你要设置socks代理服务的端口?" + read -p "请输入: " flag_d + elif [ "$flag_a" == "http" ]; then + echo -e "------------------------------------------------------------------" + echo -e "请问你要设置http代理服务的端口?" + read -p "请输入: " flag_d + elif [[ "$flag_a" == "peer"* ]]; then echo -e "------------------------------------------------------------------" echo -e "您要设置的均衡负载策略: " echo -e "-----------------------------------" @@ -211,6 +336,9 @@ function read_d_port() { echo "type error, please try again" exit fi + elif [[ "$flag_a" == "cdn"* ]]; then + echo -e "------------------------------------------------------------------" + read -p "请输入host:" flag_d else echo -e "------------------------------------------------------------------" echo -e "请问你要将本机从${flag_b}接收到的流量转发向${flag_c}的哪个端口?" @@ -225,6 +353,7 @@ function writerawconf() { } function rawconf() { read_protocol + read_s_port read_d_ip read_d_port writerawconf @@ -286,14 +415,120 @@ function encrypt() { exit fi } +function enpeer() { + echo -e "请问您要设置的均衡负载传输类型: " + echo -e "-----------------------------------" + echo -e "[1] 不加密转发" + echo -e "[2] tls隧道" + echo -e "[3] ws隧道" + echo -e "[4] wss隧道" + echo -e "注意: 同一则转发,中转与落地传输类型必须对应!本脚本默认同一配置的传输类型相同" + echo -e "此脚本仅支持简单型均衡负载,具体可参考官方文档" + echo -e "gost均衡负载官方文档:https://docs.ginuerzh.xyz/gost/load-balancing" + echo -e "-----------------------------------" + read -p "请选择转发传输类型: " numpeer + if [ "$numpeer" == "1" ]; then + flag_a="peerno" + elif [ "$numpeer" == "2" ]; then + flag_a="peertls" + elif [ "$numpeer" == "3" ]; then + flag_a="peerws" + elif [ "$numpeer" == "4" ]; then + flag_a="peerwss" + + else + echo "type error, please try again" + exit + fi +} +function cdn() { + echo -e "请问您要设置的CDN传输类型: " + echo -e "-----------------------------------" + echo -e "[1] 不加密转发" + echo -e "[2] ws隧道" + echo -e "[3] wss隧道" + echo -e "注意: 同一则转发,中转与落地传输类型必须对应!" + echo -e "此功能只需在中转机设置" + echo -e "-----------------------------------" + read -p "请选择CDN转发传输类型: " numcdn + + if [ "$numcdn" == "1" ]; then + flag_a="cdnno" + elif [ "$numcdn" == "2" ]; then + flag_a="cdnws" + elif [ "$numcdn" == "3" ]; then + flag_a="cdnwss" + else + echo "type error, please try again" + exit + fi +} function cert() { echo -e "-----------------------------------" - echo -e "[1] 手动上传证书" + echo -e "[1] ACME一键申请证书" + echo -e "[2] 手动上传证书" echo -e "-----------------------------------" + echo -e "说明: 仅用于落地机配置,默认使用的gost内置的证书可能带来安全问题,使用自定义证书提高安全性" + echo -e " 配置后对本机所有tls/wss解密生效,无需再次设置" read -p "请选择证书生成方式: " numcert -if [ "$numcert" == "1" ]; then + if [ "$numcert" == "1" ]; then + check_sys + if [[ ${release} == "centos" ]]; then + yum install -y socat + else + apt-get install -y socat + fi + read -p "请输入ZeroSSL的账户邮箱(至 zerossl.com 注册即可):" zeromail + read -p "请输入解析到本机的域名:" domain + curl https://get.acme.sh | sh + "$HOME"/.acme.sh/acme.sh --set-default-ca --server zerossl + "$HOME"/.acme.sh/acme.sh --register-account -m "${zeromail}" --server zerossl + echo -e "ACME证书申请程序安装成功" + echo -e "-----------------------------------" + echo -e "[1] HTTP申请(需要80端口未占用)" + echo -e "[2] Cloudflare DNS API 申请(需要输入APIKEY)" + echo -e "-----------------------------------" + read -p "请选择证书申请方式: " certmethod + if [ "certmethod" == "1" ]; then + echo -e "请确认本机${Red_font_prefix}80${Font_color_suffix}端口未被占用, 否则会申请失败" + if "$HOME"/.acme.sh/acme.sh --issue -d "${domain}" --standalone -k ec-256 --force; then + echo -e "SSL 证书生成成功,默认申请高安全性的ECC证书" + if [ ! -d "$HOME/gost_cert" ]; then + mkdir $HOME/gost_cert + fi + if "$HOME"/.acme.sh/acme.sh --installcert -d "${domain}" --fullchainpath $HOME/gost_cert/cert.pem --keypath $HOME/gost_cert/key.pem --ecc --force; then + echo -e "SSL 证书配置成功,且会自动续签,证书及秘钥位于用户目录下的 ${Red_font_prefix}gost_cert${Font_color_suffix} 目录" + echo -e "证书目录名与证书文件名请勿更改; 删除 gost_cert 目录后用脚本重启,即自动启用gost内置证书" + echo -e "-----------------------------------" + fi + else + echo -e "SSL 证书生成失败" + exit 1 + fi + else + read -p "请输入Cloudflare账户邮箱:" cfmail + read -p "请输入Cloudflare Global API Key:" cfkey + export CF_Key="${cfkey}" + export CF_Email="${cfmail}" + if "$HOME"/.acme.sh/acme.sh --issue --dns dns_cf -d "${domain}" --standalone -k ec-256 --force; then + echo -e "SSL 证书生成成功,默认申请高安全性的ECC证书" + if [ ! -d "$HOME/gost_cert" ]; then + mkdir $HOME/gost_cert + fi + if "$HOME"/.acme.sh/acme.sh --installcert -d "${domain}" --fullchainpath $HOME/gost_cert/cert.pem --keypath $HOME/gost_cert/key.pem --ecc --force; then + echo -e "SSL 证书配置成功,且会自动续签,证书及秘钥位于用户目录下的 ${Red_font_prefix}gost_cert${Font_color_suffix} 目录" + echo -e "证书目录名与证书文件名请勿更改; 删除 gost_cert 目录后使用脚本重启, 即重新启用gost内置证书" + echo -e "-----------------------------------" + fi + else + echo -e "SSL 证书生成失败" + exit 1 + fi + fi + + elif [ "$numcert" == "2" ]; then if [ ! -d "$HOME/gost_cert" ]; then mkdir $HOME/gost_cert fi @@ -328,6 +563,26 @@ function decrypt() { exit fi } +function proxy() { + echo -e "------------------------------------------------------------------" + echo -e "请问您要设置的代理类型: " + echo -e "-----------------------------------" + echo -e "[1] shadowsocks" + echo -e "[2] socks5(强烈建议加隧道用于Telegram代理)" + echo -e "[3] http" + echo -e "-----------------------------------" + read -p "请选择代理类型: " numproxy + if [ "$numproxy" == "1" ]; then + flag_a="ss" + elif [ "$numproxy" == "2" ]; then + flag_a="socks" + elif [ "$numproxy" == "3" ]; then + flag_a="http" + else + echo "type error, please try again" + exit + fi +} function method() { if [ $i -eq 1 ]; then if [ "$is_encrypt" == "nonencrypt" ]; then @@ -375,6 +630,18 @@ function method() { ], \"ChainNodes\": [ \"relay+wss://:?ip=/root/$d_ip.txt&strategy=$d_port\"" >>$gost_conf_path + elif [ "$is_encrypt" == "cdnws" ]; then + echo " \"tcp://:$s_port\", + \"udp://:$s_port\" + ], + \"ChainNodes\": [ + \"relay+ws://$d_ip?host=$d_port\"" >>$gost_conf_path + elif [ "$is_encrypt" == "cdnwss" ]; then + echo " \"tcp://:$s_port\", + \"udp://:$s_port\" + ], + \"ChainNodes\": [ + \"relay+wss://$d_ip?host=$d_port\"" >>$gost_conf_path elif [ "$is_encrypt" == "decrypttls" ]; then if [ -d "$HOME/gost_cert" ]; then echo " \"relay+tls://:$s_port/$d_ip:$d_port?cert=/root/gost_cert/cert.pem&key=/root/gost_cert/key.pem\"" >>$gost_conf_path @@ -389,6 +656,12 @@ function method() { else echo " \"relay+wss://:$s_port/$d_ip:$d_port\"" >>$gost_conf_path fi + elif [ "$is_encrypt" == "ss" ]; then + echo " \"ss://$d_ip:$s_port@:$d_port\"" >>$gost_conf_path + elif [ "$is_encrypt" == "socks" ]; then + echo " \"socks5://$d_ip:$s_port@:$d_port\"" >>$gost_conf_path + elif [ "$is_encrypt" == "http" ]; then + echo " \"http://$d_ip:$s_port@:$d_port\"" >>$gost_conf_path else echo "config error" fi @@ -438,6 +711,18 @@ function method() { ], \"ChainNodes\": [ \"relay+wss://:?ip=/root/$d_ip.txt&strategy=$d_port\"" >>$gost_conf_path + elif [ "$is_encrypt" == "cdnws" ]; then + echo " \"tcp://:$s_port\", + \"udp://:$s_port\" + ], + \"ChainNodes\": [ + \"relay+ws://$d_ip?host=$d_port\"" >>$gost_conf_path + elif [ "$is_encrypt" == "cdnwss" ]; then + echo " \"tcp://:$s_port\", + \"udp://:$s_port\" + ], + \"ChainNodes\": [ + \"relay+wss://$d_ip?host=$d_port\"" >>$gost_conf_path elif [ "$is_encrypt" == "decrypttls" ]; then if [ -d "$HOME/gost_cert" ]; then echo " \"relay+tls://:$s_port/$d_ip:$d_port?cert=/root/gost_cert/cert.pem&key=/root/gost_cert/key.pem\"" >>$gost_conf_path @@ -452,6 +737,12 @@ function method() { else echo " \"relay+wss://:$s_port/$d_ip:$d_port\"" >>$gost_conf_path fi + elif [ "$is_encrypt" == "ss" ]; then + echo " \"ss://$d_ip:$s_port@:$d_port\"" >>$gost_conf_path + elif [ "$is_encrypt" == "socks" ]; then + echo " \"socks5://$d_ip:$s_port@:$d_port\"" >>$gost_conf_path + elif [ "$is_encrypt" == "http" ]; then + echo " \"http://$d_ip:$s_port@:$d_port\"" >>$gost_conf_path else echo "config error" fi @@ -520,6 +811,18 @@ function show_all_conf() { str=" ws解密 " elif [ "$is_encrypt" == "decryptwss" ]; then str=" wss解密 " + elif [ "$is_encrypt" == "ss" ]; then + str=" ss " + elif [ "$is_encrypt" == "socks" ]; then + str=" socks5 " + elif [ "$is_encrypt" == "http" ]; then + str=" http " + elif [ "$is_encrypt" == "cdnno" ]; then + str="不加密转发CDN" + elif [ "$is_encrypt" == "cdnws" ]; then + str="ws隧道转发CDN" + elif [ "$is_encrypt" == "cdnwss" ]; then + str="wss隧道转发CDN" else str="" fi @@ -568,7 +871,13 @@ cron_restart() { fi } + echo && echo -e " gost 一键安装配置脚本"${Red_font_prefix}[${shell_version}]${Font_color_suffix}" + ----------- KANIKIG ----------- + 特性: (1)本脚本采用systemd及gost配置文件对gost进行管理 + (2)能够在不借助其他工具(如screen)的情况下实现多条转发规则同时生效 + (3)机器reboot后转发不失效 + 功能: (1)tcp+udp不加密转发, (2)中转机加密转发, (3)落地机解密对接转发 ${Green_font_prefix}1.${Font_color_suffix} 安装 gost ${Green_font_prefix}2.${Font_color_suffix} 更新 gost