yanglc
/
xbbox
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix url

main
yanglc 2023-07-24 07:41:23 +08:00
parent 50e229d3b7
commit 2f76751213
1 changed files with 315 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

321
rungost.sh
View File

@ -3,7 +3,7 @@ Green_font_prefix="\033[32m" && Red_font_prefix="\033[31m" && Green_background_p
Info="${Green_font_prefix}[信息]${Font_color_suffix}" Info="${Green_font_prefix}[信息]${Font_color_suffix}"
Error="${Red_font_prefix}[错误]${Font_color_suffix}" Error="${Red_font_prefix}[错误]${Font_color_suffix}"
shell_version="1.1.1" shell_version="1.1.1"
ct_new_ver="2.11.2" ct_new_ver="2.11.2" # 2.x 不再跟随官方更新
gost_conf_path="/etc/gost/config.json" gost_conf_path="/etc/gost/config.json"
raw_conf_path="/etc/gost/rawconf" raw_conf_path="/etc/gost/rawconf"
function checknew() { function checknew() {
@ -111,8 +111,8 @@ function Install_ct() {
mv gost-linux-"$bit"-"$ct_new_ver" gost mv gost-linux-"$bit"-"$ct_new_ver" gost
mv gost /usr/bin/gost mv gost /usr/bin/gost
chmod -R 777 /usr/bin/gost chmod -R 777 /usr/bin/gost
wget --no-check-certificate https://raw.githubusercontent.com/KANIKIG/Multi-EasyGost/master/gost.service && chmod -R 777 gost.service && mv gost.service /usr/lib/systemd/system wget --no-check-certificate https://raw.githubusercontent.com/yangliuchang/xbbox/main/gost.service && chmod -R 777 gost.service && mv gost.service /usr/lib/systemd/system
mkdir /etc/gost && wget --no-check-certificate https://raw.githubusercontent.com/KANIKIG/Multi-EasyGost/master/config.json && mv config.json /etc/gost && chmod -R 777 /etc/gost mkdir /etc/gost && wget --no-check-certificate https://raw.githubusercontent.com/yangliuchang/xbbox/main/config.json && mv config.json /etc/gost && chmod -R 777 /etc/gost
fi fi
systemctl enable gost && systemctl restart gost systemctl enable gost && systemctl restart gost
@ -167,6 +167,15 @@ function read_protocol() {
echo -e "说明: 对于经由gost加密中转的流量, 通过此选项进行解密并转发给本机的代理服务端口或转发给其他远程机器" echo -e "说明: 对于经由gost加密中转的流量, 通过此选项进行解密并转发给本机的代理服务端口或转发给其他远程机器"
echo -e " 一般设置在用于接收中转流量的国外机器上" echo -e " 一般设置在用于接收中转流量的国外机器上"
echo -e "-----------------------------------" echo -e "-----------------------------------"
echo -e "[4] 一键安装ss/socks5/http代理"
echo -e "说明: 使用gost内置的代理协议轻量且易于管理"
echo -e "-----------------------------------"
echo -e "[5] 进阶:多落地均衡负载"
echo -e "说明: 支持各种加密方式的简单均衡负载"
echo -e "-----------------------------------"
echo -e "[6] 进阶转发CDN自选节点"
echo -e "说明: 只需在中转机设置"
echo -e "-----------------------------------"
read -p "请选择: " numprotocol read -p "请选择: " numprotocol
if [ "$numprotocol" == "1" ]; then if [ "$numprotocol" == "1" ]; then
@ -175,12 +184,115 @@ function read_protocol() {
encrypt encrypt
elif [ "$numprotocol" == "3" ]; then elif [ "$numprotocol" == "3" ]; then
decrypt decrypt
elif [ "$numprotocol" == "4" ]; then
proxy
elif [ "$numprotocol" == "5" ]; then
enpeer
elif [ "$numprotocol" == "6" ]; then
cdn
else else
echo "type error, please try again" echo "type error, please try again"
exit exit
fi fi
} }
function read_s_port() {
if [ "$flag_a" == "ss" ]; then
echo -e "-----------------------------------"
read -p "请输入ss密码: " flag_b
elif [ "$flag_a" == "socks" ]; then
echo -e "-----------------------------------"
read -p "请输入socks密码: " flag_b
elif [ "$flag_a" == "http" ]; then
echo -e "-----------------------------------"
read -p "请输入http密码: " flag_b
else
echo -e "------------------------------------------------------------------"
echo -e "请问你要将本机哪个端口接收到的流量进行转发?"
read -p "请输入: " flag_b
fi
}
function read_d_ip() { function read_d_ip() {
if [ "$flag_a" == "ss" ]; then
echo -e "------------------------------------------------------------------"
echo -e "请问您要设置的ss加密(仅提供常用的几种): "
echo -e "-----------------------------------"
echo -e "[1] aes-256-gcm"
echo -e "[2] aes-256-cfb"
echo -e "[3] chacha20-ietf-poly1305"
echo -e "[4] chacha20"
echo -e "[5] rc4-md5"
echo -e "[6] AEAD_CHACHA20_POLY1305"
echo -e "-----------------------------------"
read -p "请选择ss加密方式: " ssencrypt
if [ "$ssencrypt" == "1" ]; then
flag_c="aes-256-gcm"
elif [ "$ssencrypt" == "2" ]; then
flag_c="aes-256-cfb"
elif [ "$ssencrypt" == "3" ]; then
flag_c="chacha20-ietf-poly1305"
elif [ "$ssencrypt" == "4" ]; then
flag_c="chacha20"
elif [ "$ssencrypt" == "5" ]; then
flag_c="rc4-md5"
elif [ "$ssencrypt" == "6" ]; then
flag_c="AEAD_CHACHA20_POLY1305"
else
echo "type error, please try again"
exit
fi
elif [ "$flag_a" == "socks" ]; then
echo -e "-----------------------------------"
read -p "请输入socks用户名: " flag_c
elif [ "$flag_a" == "http" ]; then
echo -e "-----------------------------------"
read -p "请输入http用户名: " flag_c
elif [[ "$flag_a" == "peer"* ]]; then
echo -e "------------------------------------------------------------------"
echo -e "请输入落地列表文件名"
read -e -p "自定义但不同配置应不重复不用输入后缀例如ips1、iplist2: " flag_c
touch $flag_c.txt
echo -e "------------------------------------------------------------------"
echo -e "请依次输入你要均衡负载的落地ip与端口"
while true; do
echo -e "请问你要将本机从${flag_b}接收到的流量转发向的IP或域名?"
read -p "请输入: " peer_ip
echo -e "请问你要将本机从${flag_b}接收到的流量转发向${peer_ip}的哪个端口?"
read -p "请输入: " peer_port
echo -e "$peer_ip:$peer_port" >>$flag_c.txt
read -e -p "是否继续添加落地?[Y/n]:" addyn
[[ -z ${addyn} ]] && addyn="y"
if [[ ${addyn} == [Nn] ]]; then
echo -e "------------------------------------------------------------------"
echo -e "已在root目录创建$flag_c.txt您可以随时编辑该文件修改落地信息重启gost即可生效"
echo -e "------------------------------------------------------------------"
break
else
echo -e "------------------------------------------------------------------"
echo -e "继续添加均衡负载落地配置"
fi
done
elif [[ "$flag_a" == "cdn"* ]]; then
echo -e "------------------------------------------------------------------"
echo -e "将本机从${flag_b}接收到的流量转发向的自选ip:"
read -p "请输入: " flag_c
echo -e "请问你要将本机从${flag_b}接收到的流量转发向${flag_c}的哪个端口?"
echo -e "[1] 80"
echo -e "[2] 443"
echo -e "[3] 自定义端口如8080等"
read -p "请选择端口: " cdnport
if [ "$cdnport" == "1" ]; then
flag_c="$flag_c:80"
elif [ "$cdnport" == "2" ]; then
flag_c="$flag_c:443"
elif [ "$cdnport" == "3" ]; then
read -p "请输入自定义端口: " customport
flag_c="$flag_c:$customport"
else
echo "type error, please try again"
exit
fi
else
echo -e "------------------------------------------------------------------" echo -e "------------------------------------------------------------------"
echo -e "请问你要将本机从${flag_b}接收到的流量转发向哪个IP或域名?" echo -e "请问你要将本机从${flag_b}接收到的流量转发向哪个IP或域名?"
echo -e "注: IP既可以是[远程机器/当前机器]的公网IP, 也可是以本机本地回环IP(即127.0.0.1)" echo -e "注: IP既可以是[远程机器/当前机器]的公网IP, 也可是以本机本地回环IP(即127.0.0.1)"
@ -189,9 +301,22 @@ function read_d_ip() {
echo -e "注意: 落地机开启自定义tls证书务必填写${Red_font_prefix}域名${Font_color_suffix}" echo -e "注意: 落地机开启自定义tls证书务必填写${Red_font_prefix}域名${Font_color_suffix}"
fi fi
read -p "请输入: " flag_c read -p "请输入: " flag_c
fi
} }
function read_d_port() { function read_d_port() {
if [[ "$flag_a" == "peer"* ]]; then if [ "$flag_a" == "ss" ]; then
echo -e "------------------------------------------------------------------"
echo -e "请问你要设置ss代理服务的端口?"
read -p "请输入: " flag_d
elif [ "$flag_a" == "socks" ]; then
echo -e "------------------------------------------------------------------"
echo -e "请问你要设置socks代理服务的端口?"
read -p "请输入: " flag_d
elif [ "$flag_a" == "http" ]; then
echo -e "------------------------------------------------------------------"
echo -e "请问你要设置http代理服务的端口?"
read -p "请输入: " flag_d
elif [[ "$flag_a" == "peer"* ]]; then
echo -e "------------------------------------------------------------------" echo -e "------------------------------------------------------------------"
echo -e "您要设置的均衡负载策略: " echo -e "您要设置的均衡负载策略: "
echo -e "-----------------------------------" echo -e "-----------------------------------"
@ -211,6 +336,9 @@ function read_d_port() {
echo "type error, please try again" echo "type error, please try again"
exit exit
fi fi
elif [[ "$flag_a" == "cdn"* ]]; then
echo -e "------------------------------------------------------------------"
read -p "请输入host:" flag_d
else else
echo -e "------------------------------------------------------------------" echo -e "------------------------------------------------------------------"
echo -e "请问你要将本机从${flag_b}接收到的流量转发向${flag_c}的哪个端口?" echo -e "请问你要将本机从${flag_b}接收到的流量转发向${flag_c}的哪个端口?"
@ -225,6 +353,7 @@ function writerawconf() {
} }
function rawconf() { function rawconf() {
read_protocol read_protocol
read_s_port
read_d_ip read_d_ip
read_d_port read_d_port
writerawconf writerawconf
@ -286,14 +415,120 @@ function encrypt() {
exit exit
fi fi
} }
function enpeer() {
echo -e "请问您要设置的均衡负载传输类型: "
echo -e "-----------------------------------"
echo -e "[1] 不加密转发"
echo -e "[2] tls隧道"
echo -e "[3] ws隧道"
echo -e "[4] wss隧道"
echo -e "注意: 同一则转发,中转与落地传输类型必须对应!本脚本默认同一配置的传输类型相同"
echo -e "此脚本仅支持简单型均衡负载,具体可参考官方文档"
echo -e "gost均衡负载官方文档https://docs.ginuerzh.xyz/gost/load-balancing"
echo -e "-----------------------------------"
read -p "请选择转发传输类型: " numpeer
if [ "$numpeer" == "1" ]; then
flag_a="peerno"
elif [ "$numpeer" == "2" ]; then
flag_a="peertls"
elif [ "$numpeer" == "3" ]; then
flag_a="peerws"
elif [ "$numpeer" == "4" ]; then
flag_a="peerwss"
else
echo "type error, please try again"
exit
fi
}
function cdn() {
echo -e "请问您要设置的CDN传输类型: "
echo -e "-----------------------------------"
echo -e "[1] 不加密转发"
echo -e "[2] ws隧道"
echo -e "[3] wss隧道"
echo -e "注意: 同一则转发,中转与落地传输类型必须对应!"
echo -e "此功能只需在中转机设置"
echo -e "-----------------------------------"
read -p "请选择CDN转发传输类型: " numcdn
if [ "$numcdn" == "1" ]; then
flag_a="cdnno"
elif [ "$numcdn" == "2" ]; then
flag_a="cdnws"
elif [ "$numcdn" == "3" ]; then
flag_a="cdnwss"
else
echo "type error, please try again"
exit
fi
}
function cert() { function cert() {
echo -e "-----------------------------------" echo -e "-----------------------------------"
echo -e "[1] 手动上传证书" echo -e "[1] ACME一键申请证书"
echo -e "[2] 手动上传证书"
echo -e "-----------------------------------" echo -e "-----------------------------------"
echo -e "说明: 仅用于落地机配置默认使用的gost内置的证书可能带来安全问题使用自定义证书提高安全性"
echo -e " 配置后对本机所有tls/wss解密生效无需再次设置"
read -p "请选择证书生成方式: " numcert read -p "请选择证书生成方式: " numcert
if [ "$numcert" == "1" ]; then if [ "$numcert" == "1" ]; then
check_sys
if [[ ${release} == "centos" ]]; then
yum install -y socat
else
apt-get install -y socat
fi
read -p "请输入ZeroSSL的账户邮箱(至 zerossl.com 注册即可)" zeromail
read -p "请输入解析到本机的域名:" domain
curl https://get.acme.sh | sh
"$HOME"/.acme.sh/acme.sh --set-default-ca --server zerossl
"$HOME"/.acme.sh/acme.sh --register-account -m "${zeromail}" --server zerossl
echo -e "ACME证书申请程序安装成功"
echo -e "-----------------------------------"
echo -e "[1] HTTP申请需要80端口未占用"
echo -e "[2] Cloudflare DNS API 申请需要输入APIKEY"
echo -e "-----------------------------------"
read -p "请选择证书申请方式: " certmethod
if [ "certmethod" == "1" ]; then
echo -e "请确认本机${Red_font_prefix}80${Font_color_suffix}端口未被占用, 否则会申请失败"
if "$HOME"/.acme.sh/acme.sh --issue -d "${domain}" --standalone -k ec-256 --force; then
echo -e "SSL 证书生成成功默认申请高安全性的ECC证书"
if [ ! -d "$HOME/gost_cert" ]; then
mkdir $HOME/gost_cert
fi
if "$HOME"/.acme.sh/acme.sh --installcert -d "${domain}" --fullchainpath $HOME/gost_cert/cert.pem --keypath $HOME/gost_cert/key.pem --ecc --force; then
echo -e "SSL 证书配置成功,且会自动续签,证书及秘钥位于用户目录下的 ${Red_font_prefix}gost_cert${Font_color_suffix} 目录"
echo -e "证书目录名与证书文件名请勿更改; 删除 gost_cert 目录后用脚本重启,即自动启用gost内置证书"
echo -e "-----------------------------------"
fi
else
echo -e "SSL 证书生成失败"
exit 1
fi
else
read -p "请输入Cloudflare账户邮箱" cfmail
read -p "请输入Cloudflare Global API Key" cfkey
export CF_Key="${cfkey}"
export CF_Email="${cfmail}"
if "$HOME"/.acme.sh/acme.sh --issue --dns dns_cf -d "${domain}" --standalone -k ec-256 --force; then
echo -e "SSL 证书生成成功默认申请高安全性的ECC证书"
if [ ! -d "$HOME/gost_cert" ]; then
mkdir $HOME/gost_cert
fi
if "$HOME"/.acme.sh/acme.sh --installcert -d "${domain}" --fullchainpath $HOME/gost_cert/cert.pem --keypath $HOME/gost_cert/key.pem --ecc --force; then
echo -e "SSL 证书配置成功,且会自动续签,证书及秘钥位于用户目录下的 ${Red_font_prefix}gost_cert${Font_color_suffix} 目录"
echo -e "证书目录名与证书文件名请勿更改; 删除 gost_cert 目录后使用脚本重启, 即重新启用gost内置证书"
echo -e "-----------------------------------"
fi
else
echo -e "SSL 证书生成失败"
exit 1
fi
fi
elif [ "$numcert" == "2" ]; then
if [ ! -d "$HOME/gost_cert" ]; then if [ ! -d "$HOME/gost_cert" ]; then
mkdir $HOME/gost_cert mkdir $HOME/gost_cert
fi fi
@ -328,6 +563,26 @@ function decrypt() {
exit exit
fi fi
} }
function proxy() {
echo -e "------------------------------------------------------------------"
echo -e "请问您要设置的代理类型: "
echo -e "-----------------------------------"
echo -e "[1] shadowsocks"
echo -e "[2] socks5(强烈建议加隧道用于Telegram代理)"
echo -e "[3] http"
echo -e "-----------------------------------"
read -p "请选择代理类型: " numproxy
if [ "$numproxy" == "1" ]; then
flag_a="ss"
elif [ "$numproxy" == "2" ]; then
flag_a="socks"
elif [ "$numproxy" == "3" ]; then
flag_a="http"
else
echo "type error, please try again"
exit
fi
}
function method() { function method() {
if [ $i -eq 1 ]; then if [ $i -eq 1 ]; then
if [ "$is_encrypt" == "nonencrypt" ]; then if [ "$is_encrypt" == "nonencrypt" ]; then
@ -375,6 +630,18 @@ function method() {
], ],
\"ChainNodes\": [ \"ChainNodes\": [
\"relay+wss://:?ip=/root/$d_ip.txt&strategy=$d_port\"" >>$gost_conf_path \"relay+wss://:?ip=/root/$d_ip.txt&strategy=$d_port\"" >>$gost_conf_path
elif [ "$is_encrypt" == "cdnws" ]; then
echo " \"tcp://:$s_port\",
\"udp://:$s_port\"
],
\"ChainNodes\": [
\"relay+ws://$d_ip?host=$d_port\"" >>$gost_conf_path
elif [ "$is_encrypt" == "cdnwss" ]; then
echo " \"tcp://:$s_port\",
\"udp://:$s_port\"
],
\"ChainNodes\": [
\"relay+wss://$d_ip?host=$d_port\"" >>$gost_conf_path
elif [ "$is_encrypt" == "decrypttls" ]; then elif [ "$is_encrypt" == "decrypttls" ]; then
if [ -d "$HOME/gost_cert" ]; then if [ -d "$HOME/gost_cert" ]; then
echo " \"relay+tls://:$s_port/$d_ip:$d_port?cert=/root/gost_cert/cert.pem&key=/root/gost_cert/key.pem\"" >>$gost_conf_path echo " \"relay+tls://:$s_port/$d_ip:$d_port?cert=/root/gost_cert/cert.pem&key=/root/gost_cert/key.pem\"" >>$gost_conf_path
@ -389,6 +656,12 @@ function method() {
else else
echo " \"relay+wss://:$s_port/$d_ip:$d_port\"" >>$gost_conf_path echo " \"relay+wss://:$s_port/$d_ip:$d_port\"" >>$gost_conf_path
fi fi
elif [ "$is_encrypt" == "ss" ]; then
echo " \"ss://$d_ip:$s_port@:$d_port\"" >>$gost_conf_path
elif [ "$is_encrypt" == "socks" ]; then
echo " \"socks5://$d_ip:$s_port@:$d_port\"" >>$gost_conf_path
elif [ "$is_encrypt" == "http" ]; then
echo " \"http://$d_ip:$s_port@:$d_port\"" >>$gost_conf_path
else else
echo "config error" echo "config error"
fi fi
@ -438,6 +711,18 @@ function method() {
], ],
\"ChainNodes\": [ \"ChainNodes\": [
\"relay+wss://:?ip=/root/$d_ip.txt&strategy=$d_port\"" >>$gost_conf_path \"relay+wss://:?ip=/root/$d_ip.txt&strategy=$d_port\"" >>$gost_conf_path
elif [ "$is_encrypt" == "cdnws" ]; then
echo " \"tcp://:$s_port\",
\"udp://:$s_port\"
],
\"ChainNodes\": [
\"relay+ws://$d_ip?host=$d_port\"" >>$gost_conf_path
elif [ "$is_encrypt" == "cdnwss" ]; then
echo " \"tcp://:$s_port\",
\"udp://:$s_port\"
],
\"ChainNodes\": [
\"relay+wss://$d_ip?host=$d_port\"" >>$gost_conf_path
elif [ "$is_encrypt" == "decrypttls" ]; then elif [ "$is_encrypt" == "decrypttls" ]; then
if [ -d "$HOME/gost_cert" ]; then if [ -d "$HOME/gost_cert" ]; then
echo " \"relay+tls://:$s_port/$d_ip:$d_port?cert=/root/gost_cert/cert.pem&key=/root/gost_cert/key.pem\"" >>$gost_conf_path echo " \"relay+tls://:$s_port/$d_ip:$d_port?cert=/root/gost_cert/cert.pem&key=/root/gost_cert/key.pem\"" >>$gost_conf_path
@ -452,6 +737,12 @@ function method() {
else else
echo " \"relay+wss://:$s_port/$d_ip:$d_port\"" >>$gost_conf_path echo " \"relay+wss://:$s_port/$d_ip:$d_port\"" >>$gost_conf_path
fi fi
elif [ "$is_encrypt" == "ss" ]; then
echo " \"ss://$d_ip:$s_port@:$d_port\"" >>$gost_conf_path
elif [ "$is_encrypt" == "socks" ]; then
echo " \"socks5://$d_ip:$s_port@:$d_port\"" >>$gost_conf_path
elif [ "$is_encrypt" == "http" ]; then
echo " \"http://$d_ip:$s_port@:$d_port\"" >>$gost_conf_path
else else
echo "config error" echo "config error"
fi fi
@ -520,6 +811,18 @@ function show_all_conf() {
str=" ws解密 " str=" ws解密 "
elif [ "$is_encrypt" == "decryptwss" ]; then elif [ "$is_encrypt" == "decryptwss" ]; then
str=" wss解密 " str=" wss解密 "
elif [ "$is_encrypt" == "ss" ]; then
str=" ss "
elif [ "$is_encrypt" == "socks" ]; then
str=" socks5 "
elif [ "$is_encrypt" == "http" ]; then
str=" http "
elif [ "$is_encrypt" == "cdnno" ]; then
str="不加密转发CDN"
elif [ "$is_encrypt" == "cdnws" ]; then
str="ws隧道转发CDN"
elif [ "$is_encrypt" == "cdnwss" ]; then
str="wss隧道转发CDN"
else else
str="" str=""
fi fi
@ -568,7 +871,13 @@ cron_restart() {
fi fi
} }
echo && echo -e " gost 一键安装配置脚本"${Red_font_prefix}[${shell_version}]${Font_color_suffix}" echo && echo -e " gost 一键安装配置脚本"${Red_font_prefix}[${shell_version}]${Font_color_suffix}"
----------- KANIKIG -----------
特性: (1)本脚本采用systemd及gost配置文件对gost进行管理
(2)能够在不借助其他工具(如screen)的情况下实现多条转发规则同时生效
(3)机器reboot后转发不失效
功能: (1)tcp+udp不加密转发, (2)中转机加密转发, (3)落地机解密对接转发
${Green_font_prefix}1.${Font_color_suffix} 安装 gost ${Green_font_prefix}1.${Font_color_suffix} 安装 gost
${Green_font_prefix}2.${Font_color_suffix} 更新 gost ${Green_font_prefix}2.${Font_color_suffix} 更新 gost