xbbox/rungost.sh

956 lines
35 KiB
Bash
Raw Blame History

This file contains ambiguous Unicode characters!

This file contains ambiguous Unicode characters that may be confused with others in your current locale. If your use case is intentional and legitimate, you can safely ignore this warning. Use the Escape button to highlight these characters.

#! /bin/bash
Green_font_prefix="\033[32m" && Red_font_prefix="\033[31m" && Green_background_prefix="\033[42;37m" && Font_color_suffix="\033[0m"
Info="${Green_font_prefix}[信息]${Font_color_suffix}"
Error="${Red_font_prefix}[错误]${Font_color_suffix}"
shell_version="1.1.1"
ct_new_ver="2.11.2" # 2.x 不再跟随官方更新
gost_conf_path="/etc/gost/config.json"
raw_conf_path="/etc/gost/rawconf"
function checknew() {
checknew=$(gost -V 2>&1 | awk '{print $2}')
# check_new_ver
echo "你的gost版本为:""$checknew"""
echo -n 是否更新\(y/n\)\:
read checknewnum
if test $checknewnum = "y"; then
cp -r /etc/gost /tmp/
Install_ct
rm -rf /etc/gost
mv /tmp/gost /etc/
systemctl restart gost
else
exit 0
fi
}
function check_sys() {
if [[ -f /etc/redhat-release ]]; then
release="centos"
elif cat /etc/issue | grep -q -E -i "debian"; then
release="debian"
elif cat /etc/issue | grep -q -E -i "ubuntu"; then
release="ubuntu"
elif cat /etc/issue | grep -q -E -i "centos|red hat|redhat"; then
release="centos"
elif cat /proc/version | grep -q -E -i "debian"; then
release="debian"
elif cat /proc/version | grep -q -E -i "ubuntu"; then
release="ubuntu"
elif cat /proc/version | grep -q -E -i "centos|red hat|redhat"; then
release="centos"
fi
bit=$(uname -m)
if test "$bit" != "x86_64"; then
echo "请输入你的芯片架构,/386/armv5/armv6/armv7/armv8"
read bit
else
bit="amd64"
fi
}
function Installation_dependency() {
gzip_ver=$(gzip -V)
if [[ -z ${gzip_ver} ]]; then
if [[ ${release} == "centos" ]]; then
yum update
yum install -y gzip wget
else
apt-get update
apt-get install -y gzip wget
fi
fi
}
function check_root() {
[[ $EUID != 0 ]] && echo -e "${Error} 当前非ROOT账号(或没有ROOT权限)无法继续操作请更换ROOT账号或使用 ${Green_background_prefix}sudo su${Font_color_suffix} 命令获取临时ROOT权限执行后可能会提示输入当前账号的密码" && exit 1
}
function check_new_ver() {
# deprecated
ct_new_ver=$(wget --no-check-certificate -qO- -t2 -T3 https://api.github.com/repos/ginuerzh/gost/releases/latest | grep "tag_name" | head -n 1 | awk -F ":" '{print $2}' | sed 's/\"//g;s/,//g;s/ //g;s/v//g')
if [[ -z ${ct_new_ver} ]]; then
ct_new_ver="2.11.2"
echo -e "${Error} gost 最新版本获取失败正在下载v${ct_new_ver}"
else
echo -e "${Info} gost 目前最新版本为 ${ct_new_ver}"
fi
}
function check_file() {
if test ! -d "/usr/lib/systemd/system/"; then
mkdir /usr/lib/systemd/system
chmod -R 777 /usr/lib/systemd/system
fi
}
function check_nor_file() {
rm -rf "$(pwd)"/gost
rm -rf "$(pwd)"/gost.service
rm -rf "$(pwd)"/config.json
rm -rf /etc/gost
rm -rf /usr/lib/systemd/system/gost.service
rm -rf /usr/bin/gost
}
function Install_ct() {
check_root
check_nor_file
Installation_dependency
check_file
check_sys
# check_new_ver
echo -e "若为国内机器建议使用大陆镜像加速下载"
read -e -p "是否使用?[y/n]:" addyn
[[ -z ${addyn} ]] && addyn="n"
if [[ ${addyn} == [Yy] ]]; then
rm -rf gost-linux-"$bit"-"$ct_new_ver".gz
wget --no-check-certificate https://gotunnel.oss-cn-shenzhen.aliyuncs.com/gost-linux-"$bit"-"$ct_new_ver".gz
gunzip gost-linux-"$bit"-"$ct_new_ver".gz
mv gost-linux-"$bit"-"$ct_new_ver" gost
mv gost /usr/bin/gost
chmod -R 777 /usr/bin/gost
wget --no-check-certificate https://gotunnel.oss-cn-shenzhen.aliyuncs.com/gost.service && chmod -R 777 gost.service && mv gost.service /usr/lib/systemd/system
mkdir /etc/gost && wget --no-check-certificate https://gotunnel.oss-cn-shenzhen.aliyuncs.com/config.json && mv config.json /etc/gost && chmod -R 777 /etc/gost
else
rm -rf gost-linux-"$bit"-"$ct_new_ver".gz
wget --no-check-certificate https://github.com/ginuerzh/gost/releases/download/v"$ct_new_ver"/gost-linux-"$bit"-"$ct_new_ver".gz
gunzip gost-linux-"$bit"-"$ct_new_ver".gz
mv gost-linux-"$bit"-"$ct_new_ver" gost
mv gost /usr/bin/gost
chmod -R 777 /usr/bin/gost
wget --no-check-certificate https://raw.githubusercontent.com/yangliuchang/xbbox/main/gost.service && chmod -R 777 gost.service && mv gost.service /usr/lib/systemd/system
mkdir /etc/gost && wget --no-check-certificate https://raw.githubusercontent.com/yangliuchang/xbbox/main/config.json && mv config.json /etc/gost && chmod -R 777 /etc/gost
fi
systemctl enable gost && systemctl restart gost
echo "------------------------------"
if test -a /usr/bin/gost -a /usr/lib/systemctl/gost.service -a /etc/gost/config.json; then
echo "gost安装成功"
rm -rf "$(pwd)"/gost
rm -rf "$(pwd)"/gost.service
rm -rf "$(pwd)"/config.json
else
echo "gost没有安装成功"
rm -rf "$(pwd)"/gost
rm -rf "$(pwd)"/gost.service
rm -rf "$(pwd)"/config.json
rm -rf "$(pwd)"/gost.sh
fi
}
function Uninstall_ct() {
rm -rf /usr/bin/gost
rm -rf /usr/lib/systemd/system/gost.service
rm -rf /etc/gost
rm -rf "$(pwd)"/gost.sh
echo "gost已经成功删除"
}
function Start_ct() {
systemctl start gost
echo "已启动"
}
function Stop_ct() {
systemctl stop gost
echo "已停止"
}
function Restart_ct() {
rm -rf /etc/gost/config.json
confstart
writeconf
conflast
systemctl restart gost
echo "已重读配置并重启"
}
function read_protocol() {
echo -e "请问您要设置哪种功能: "
echo -e "-----------------------------------"
echo -e "[1] tcp+udp流量转发, 不加密"
echo -e "说明: 一般设置在国内中转机上"
echo -e "-----------------------------------"
echo -e "[2] 加密隧道流量转发"
echo -e "说明: 用于转发原本加密等级较低的流量, 一般设置在国内中转机上"
echo -e " 选择此协议意味着你还有一台机器用于接收此加密流量, 之后须在那台机器上配置协议[3]进行对接"
echo -e "-----------------------------------"
echo -e "[3] 解密由gost传输而来的流量并转发"
echo -e "说明: 对于经由gost加密中转的流量, 通过此选项进行解密并转发给本机的代理服务端口或转发给其他远程机器"
echo -e " 一般设置在用于接收中转流量的国外机器上"
echo -e "-----------------------------------"
echo -e "[4] 一键安装ss/socks5/http代理"
echo -e "说明: 使用gost内置的代理协议轻量且易于管理"
echo -e "-----------------------------------"
echo -e "[5] 进阶:多落地均衡负载"
echo -e "说明: 支持各种加密方式的简单均衡负载"
echo -e "-----------------------------------"
echo -e "[6] 进阶转发CDN自选节点"
echo -e "说明: 只需在中转机设置"
echo -e "-----------------------------------"
read -p "请选择: " numprotocol
if [ "$numprotocol" == "1" ]; then
flag_a="nonencrypt"
elif [ "$numprotocol" == "2" ]; then
encrypt
elif [ "$numprotocol" == "3" ]; then
decrypt
elif [ "$numprotocol" == "4" ]; then
proxy
elif [ "$numprotocol" == "5" ]; then
enpeer
elif [ "$numprotocol" == "6" ]; then
cdn
else
echo "type error, please try again"
exit
fi
}
function read_s_port() {
if [ "$flag_a" == "ss" ]; then
echo -e "-----------------------------------"
read -p "请输入ss密码: " flag_b
elif [ "$flag_a" == "socks" ]; then
echo -e "-----------------------------------"
read -p "请输入socks密码: " flag_b
elif [ "$flag_a" == "http" ]; then
echo -e "-----------------------------------"
read -p "请输入http密码: " flag_b
else
echo -e "------------------------------------------------------------------"
echo -e "请问你要将本机哪个端口接收到的流量进行转发?"
read -p "请输入: " flag_b
fi
}
function read_d_ip() {
if [ "$flag_a" == "ss" ]; then
echo -e "------------------------------------------------------------------"
echo -e "请问您要设置的ss加密(仅提供常用的几种): "
echo -e "-----------------------------------"
echo -e "[1] aes-256-gcm"
echo -e "[2] aes-256-cfb"
echo -e "[3] chacha20-ietf-poly1305"
echo -e "[4] chacha20"
echo -e "[5] rc4-md5"
echo -e "[6] AEAD_CHACHA20_POLY1305"
echo -e "-----------------------------------"
read -p "请选择ss加密方式: " ssencrypt
if [ "$ssencrypt" == "1" ]; then
flag_c="aes-256-gcm"
elif [ "$ssencrypt" == "2" ]; then
flag_c="aes-256-cfb"
elif [ "$ssencrypt" == "3" ]; then
flag_c="chacha20-ietf-poly1305"
elif [ "$ssencrypt" == "4" ]; then
flag_c="chacha20"
elif [ "$ssencrypt" == "5" ]; then
flag_c="rc4-md5"
elif [ "$ssencrypt" == "6" ]; then
flag_c="AEAD_CHACHA20_POLY1305"
else
echo "type error, please try again"
exit
fi
elif [ "$flag_a" == "socks" ]; then
echo -e "-----------------------------------"
read -p "请输入socks用户名: " flag_c
elif [ "$flag_a" == "http" ]; then
echo -e "-----------------------------------"
read -p "请输入http用户名: " flag_c
elif [[ "$flag_a" == "peer"* ]]; then
echo -e "------------------------------------------------------------------"
echo -e "请输入落地列表文件名"
read -e -p "自定义但不同配置应不重复不用输入后缀例如ips1、iplist2: " flag_c
touch $flag_c.txt
echo -e "------------------------------------------------------------------"
echo -e "请依次输入你要均衡负载的落地ip与端口"
while true; do
echo -e "请问你要将本机从${flag_b}接收到的流量转发向的IP或域名?"
read -p "请输入: " peer_ip
echo -e "请问你要将本机从${flag_b}接收到的流量转发向${peer_ip}的哪个端口?"
read -p "请输入: " peer_port
echo -e "$peer_ip:$peer_port" >>$flag_c.txt
read -e -p "是否继续添加落地?[Y/n]:" addyn
[[ -z ${addyn} ]] && addyn="y"
if [[ ${addyn} == [Nn] ]]; then
echo -e "------------------------------------------------------------------"
echo -e "已在root目录创建$flag_c.txt您可以随时编辑该文件修改落地信息重启gost即可生效"
echo -e "------------------------------------------------------------------"
break
else
echo -e "------------------------------------------------------------------"
echo -e "继续添加均衡负载落地配置"
fi
done
elif [[ "$flag_a" == "cdn"* ]]; then
echo -e "------------------------------------------------------------------"
echo -e "将本机从${flag_b}接收到的流量转发向的自选ip:"
read -p "请输入: " flag_c
echo -e "请问你要将本机从${flag_b}接收到的流量转发向${flag_c}的哪个端口?"
echo -e "[1] 80"
echo -e "[2] 443"
echo -e "[3] 自定义端口如8080等"
read -p "请选择端口: " cdnport
if [ "$cdnport" == "1" ]; then
flag_c="$flag_c:80"
elif [ "$cdnport" == "2" ]; then
flag_c="$flag_c:443"
elif [ "$cdnport" == "3" ]; then
read -p "请输入自定义端口: " customport
flag_c="$flag_c:$customport"
else
echo "type error, please try again"
exit
fi
else
echo -e "------------------------------------------------------------------"
echo -e "请问你要将本机从${flag_b}接收到的流量转发向哪个IP或域名?"
echo -e "注: IP既可以是[远程机器/当前机器]的公网IP, 也可是以本机本地回环IP(即127.0.0.1)"
echo -e "具体IP地址的填写, 取决于接收该流量的服务正在监听的IP"
if [[ ${is_cert} == [Yy] ]]; then
echo -e "注意: 落地机开启自定义tls证书务必填写${Red_font_prefix}域名${Font_color_suffix}"
fi
read -p "请输入: " flag_c
fi
}
function read_d_port() {
if [ "$flag_a" == "ss" ]; then
echo -e "------------------------------------------------------------------"
echo -e "请问你要设置ss代理服务的端口?"
read -p "请输入: " flag_d
elif [ "$flag_a" == "socks" ]; then
echo -e "------------------------------------------------------------------"
echo -e "请问你要设置socks代理服务的端口?"
read -p "请输入: " flag_d
elif [ "$flag_a" == "http" ]; then
echo -e "------------------------------------------------------------------"
echo -e "请问你要设置http代理服务的端口?"
read -p "请输入: " flag_d
elif [[ "$flag_a" == "peer"* ]]; then
echo -e "------------------------------------------------------------------"
echo -e "您要设置的均衡负载策略: "
echo -e "-----------------------------------"
echo -e "[1] round - 轮询"
echo -e "[2] random - 随机"
echo -e "[3] fifo - 自上而下"
echo -e "-----------------------------------"
read -p "请选择均衡负载类型: " numstra
if [ "$numstra" == "1" ]; then
flag_d="round"
elif [ "$numstra" == "2" ]; then
flag_d="random"
elif [ "$numstra" == "3" ]; then
flag_d="fifo"
else
echo "type error, please try again"
exit
fi
elif [[ "$flag_a" == "cdn"* ]]; then
echo -e "------------------------------------------------------------------"
read -p "请输入host:" flag_d
else
echo -e "------------------------------------------------------------------"
echo -e "请问你要将本机从${flag_b}接收到的流量转发向${flag_c}的哪个端口?"
read -p "请输入: " flag_d
if [[ ${is_cert} == [Yy] ]]; then
flag_d="$flag_d?secure=true"
fi
fi
}
function writerawconf() {
echo $flag_a"/""$flag_b""#""$flag_c""#""$flag_d" >>$raw_conf_path
}
function rawconf() {
read_protocol
read_s_port
read_d_ip
read_d_port
writerawconf
}
function eachconf_retrieve() {
d_server=${trans_conf#*#}
d_port=${d_server#*#}
d_ip=${d_server%#*}
flag_s_port=${trans_conf%%#*}
s_port=${flag_s_port#*/}
is_encrypt=${flag_s_port%/*}
}
function confstart() {
echo "{
\"Debug\": true,
\"Retries\": 0,
\"ServeNodes\": [" >>$gost_conf_path
}
function multiconfstart() {
echo " {
\"Retries\": 0,
\"ServeNodes\": [" >>$gost_conf_path
}
function conflast() {
echo " ]
}" >>$gost_conf_path
}
function multiconflast() {
if [ $i -eq $count_line ]; then
echo " ]
}" >>$gost_conf_path
else
echo " ]
}," >>$gost_conf_path
fi
}
function encrypt() {
echo -e "请问您要设置的转发传输类型: "
echo -e "-----------------------------------"
echo -e "[1] tls隧道"
echo -e "[2] ws隧道"
echo -e "[3] wss隧道"
echo -e "注意: 同一则转发中转与落地传输类型必须对应本脚本默认开启tcp+udp"
echo -e "-----------------------------------"
read -p "请选择转发传输类型: " numencrypt
if [ "$numencrypt" == "1" ]; then
flag_a="encrypttls"
echo -e "注意: 选择 是 将针对落地的自定义证书开启证书校验保证安全性,稍后落地机务必填写${Red_font_prefix}域名${Font_color_suffix}"
read -e -p "落地机是否开启了自定义tls证书[y/n]:" is_cert
elif [ "$numencrypt" == "2" ]; then
flag_a="encryptws"
elif [ "$numencrypt" == "3" ]; then
flag_a="encryptwss"
echo -e "注意: 选择 是 将针对落地的自定义证书开启证书校验保证安全性,稍后落地机务必填写${Red_font_prefix}域名${Font_color_suffix}"
read -e -p "落地机是否开启了自定义tls证书[y/n]:" is_cert
else
echo "type error, please try again"
exit
fi
}
function enpeer() {
echo -e "请问您要设置的均衡负载传输类型: "
echo -e "-----------------------------------"
echo -e "[1] 不加密转发"
echo -e "[2] tls隧道"
echo -e "[3] ws隧道"
echo -e "[4] wss隧道"
echo -e "注意: 同一则转发,中转与落地传输类型必须对应!本脚本默认同一配置的传输类型相同"
echo -e "此脚本仅支持简单型均衡负载,具体可参考官方文档"
echo -e "gost均衡负载官方文档https://docs.ginuerzh.xyz/gost/load-balancing"
echo -e "-----------------------------------"
read -p "请选择转发传输类型: " numpeer
if [ "$numpeer" == "1" ]; then
flag_a="peerno"
elif [ "$numpeer" == "2" ]; then
flag_a="peertls"
elif [ "$numpeer" == "3" ]; then
flag_a="peerws"
elif [ "$numpeer" == "4" ]; then
flag_a="peerwss"
else
echo "type error, please try again"
exit
fi
}
function cdn() {
echo -e "请问您要设置的CDN传输类型: "
echo -e "-----------------------------------"
echo -e "[1] 不加密转发"
echo -e "[2] ws隧道"
echo -e "[3] wss隧道"
echo -e "注意: 同一则转发,中转与落地传输类型必须对应!"
echo -e "此功能只需在中转机设置"
echo -e "-----------------------------------"
read -p "请选择CDN转发传输类型: " numcdn
if [ "$numcdn" == "1" ]; then
flag_a="cdnno"
elif [ "$numcdn" == "2" ]; then
flag_a="cdnws"
elif [ "$numcdn" == "3" ]; then
flag_a="cdnwss"
else
echo "type error, please try again"
exit
fi
}
function cert() {
echo -e "-----------------------------------"
echo -e "[1] ACME一键申请证书"
echo -e "[2] 手动上传证书"
echo -e "-----------------------------------"
echo -e "说明: 仅用于落地机配置默认使用的gost内置的证书可能带来安全问题使用自定义证书提高安全性"
echo -e " 配置后对本机所有tls/wss解密生效无需再次设置"
read -p "请选择证书生成方式: " numcert
if [ "$numcert" == "1" ]; then
check_sys
if [[ ${release} == "centos" ]]; then
yum install -y socat
else
apt-get install -y socat
fi
read -p "请输入ZeroSSL的账户邮箱(至 zerossl.com 注册即可)" zeromail
read -p "请输入解析到本机的域名:" domain
curl https://get.acme.sh | sh
"$HOME"/.acme.sh/acme.sh --set-default-ca --server zerossl
"$HOME"/.acme.sh/acme.sh --register-account -m "${zeromail}" --server zerossl
echo -e "ACME证书申请程序安装成功"
echo -e "-----------------------------------"
echo -e "[1] HTTP申请需要80端口未占用"
echo -e "[2] Cloudflare DNS API 申请需要输入APIKEY"
echo -e "-----------------------------------"
read -p "请选择证书申请方式: " certmethod
if [ "certmethod" == "1" ]; then
echo -e "请确认本机${Red_font_prefix}80${Font_color_suffix}端口未被占用, 否则会申请失败"
if "$HOME"/.acme.sh/acme.sh --issue -d "${domain}" --standalone -k ec-256 --force; then
echo -e "SSL 证书生成成功默认申请高安全性的ECC证书"
if [ ! -d "$HOME/gost_cert" ]; then
mkdir $HOME/gost_cert
fi
if "$HOME"/.acme.sh/acme.sh --installcert -d "${domain}" --fullchainpath $HOME/gost_cert/cert.pem --keypath $HOME/gost_cert/key.pem --ecc --force; then
echo -e "SSL 证书配置成功,且会自动续签,证书及秘钥位于用户目录下的 ${Red_font_prefix}gost_cert${Font_color_suffix} 目录"
echo -e "证书目录名与证书文件名请勿更改; 删除 gost_cert 目录后用脚本重启,即自动启用gost内置证书"
echo -e "-----------------------------------"
fi
else
echo -e "SSL 证书生成失败"
exit 1
fi
else
read -p "请输入Cloudflare账户邮箱" cfmail
read -p "请输入Cloudflare Global API Key" cfkey
export CF_Key="${cfkey}"
export CF_Email="${cfmail}"
if "$HOME"/.acme.sh/acme.sh --issue --dns dns_cf -d "${domain}" --standalone -k ec-256 --force; then
echo -e "SSL 证书生成成功默认申请高安全性的ECC证书"
if [ ! -d "$HOME/gost_cert" ]; then
mkdir $HOME/gost_cert
fi
if "$HOME"/.acme.sh/acme.sh --installcert -d "${domain}" --fullchainpath $HOME/gost_cert/cert.pem --keypath $HOME/gost_cert/key.pem --ecc --force; then
echo -e "SSL 证书配置成功,且会自动续签,证书及秘钥位于用户目录下的 ${Red_font_prefix}gost_cert${Font_color_suffix} 目录"
echo -e "证书目录名与证书文件名请勿更改; 删除 gost_cert 目录后使用脚本重启, 即重新启用gost内置证书"
echo -e "-----------------------------------"
fi
else
echo -e "SSL 证书生成失败"
exit 1
fi
fi
elif [ "$numcert" == "2" ]; then
if [ ! -d "$HOME/gost_cert" ]; then
mkdir $HOME/gost_cert
fi
echo -e "-----------------------------------"
echo -e "已在用户目录建立 ${Red_font_prefix}gost_cert${Font_color_suffix} 目录,请将证书文件 cert.pem 与秘钥文件 key.pem 上传到该目录"
echo -e "证书与秘钥文件名必须与上述一致,目录名也请勿更改"
echo -e "上传成功后用脚本重启gost会自动启用无需再设置; 删除 gost_cert 目录后用脚本重启,即重新启用gost内置证书"
echo -e "-----------------------------------"
else
echo "type error, please try again"
exit
fi
}
function decrypt() {
echo -e "请问您要设置的解密传输类型: "
echo -e "-----------------------------------"
echo -e "[1] tls"
echo -e "[2] ws"
echo -e "[3] wss"
echo -e "注意: 同一则转发中转与落地传输类型必须对应本脚本默认开启tcp+udp"
echo -e "-----------------------------------"
read -p "请选择解密传输类型: " numdecrypt
if [ "$numdecrypt" == "1" ]; then
flag_a="decrypttls"
elif [ "$numdecrypt" == "2" ]; then
flag_a="decryptws"
elif [ "$numdecrypt" == "3" ]; then
flag_a="decryptwss"
else
echo "type error, please try again"
exit
fi
}
function proxy() {
echo -e "------------------------------------------------------------------"
echo -e "请问您要设置的代理类型: "
echo -e "-----------------------------------"
echo -e "[1] shadowsocks"
echo -e "[2] socks5(强烈建议加隧道用于Telegram代理)"
echo -e "[3] http"
echo -e "-----------------------------------"
read -p "请选择代理类型: " numproxy
if [ "$numproxy" == "1" ]; then
flag_a="ss"
elif [ "$numproxy" == "2" ]; then
flag_a="socks"
elif [ "$numproxy" == "3" ]; then
flag_a="http"
else
echo "type error, please try again"
exit
fi
}
function method() {
if [ $i -eq 1 ]; then
if [ "$is_encrypt" == "nonencrypt" ]; then
echo " \"tcp://:$s_port/$d_ip:$d_port\",
\"udp://:$s_port/$d_ip:$d_port\"" >>$gost_conf_path
elif [ "$is_encrypt" == "cdnno" ]; then
echo " \"tcp://:$s_port/$d_ip?host=$d_port\",
\"udp://:$s_port/$d_ip?host=$d_port\"" >>$gost_conf_path
elif [ "$is_encrypt" == "peerno" ]; then
echo " \"tcp://:$s_port?ip=/root/$d_ip.txt&strategy=$d_port\",
\"udp://:$s_port?ip=/root/$d_ip.txt&strategy=$d_port\"" >>$gost_conf_path
elif [ "$is_encrypt" == "encrypttls" ]; then
echo " \"tcp://:$s_port\",
\"udp://:$s_port\"
],
\"ChainNodes\": [
\"relay+tls://$d_ip:$d_port\"" >>$gost_conf_path
elif [ "$is_encrypt" == "encryptws" ]; then
echo " \"tcp://:$s_port\",
\"udp://:$s_port\"
],
\"ChainNodes\": [
\"relay+ws://$d_ip:$d_port\"" >>$gost_conf_path
elif [ "$is_encrypt" == "encryptwss" ]; then
echo " \"tcp://:$s_port\",
\"udp://:$s_port\"
],
\"ChainNodes\": [
\"relay+wss://$d_ip:$d_port\"" >>$gost_conf_path
elif [ "$is_encrypt" == "peertls" ]; then
echo " \"tcp://:$s_port\",
\"udp://:$s_port\"
],
\"ChainNodes\": [
\"relay+tls://:?ip=/root/$d_ip.txt&strategy=$d_port\"" >>$gost_conf_path
elif [ "$is_encrypt" == "peerws" ]; then
echo " \"tcp://:$s_port\",
\"udp://:$s_port\"
],
\"ChainNodes\": [
\"relay+ws://:?ip=/root/$d_ip.txt&strategy=$d_port\"" >>$gost_conf_path
elif [ "$is_encrypt" == "peerwss" ]; then
echo " \"tcp://:$s_port\",
\"udp://:$s_port\"
],
\"ChainNodes\": [
\"relay+wss://:?ip=/root/$d_ip.txt&strategy=$d_port\"" >>$gost_conf_path
elif [ "$is_encrypt" == "cdnws" ]; then
echo " \"tcp://:$s_port\",
\"udp://:$s_port\"
],
\"ChainNodes\": [
\"relay+ws://$d_ip?host=$d_port\"" >>$gost_conf_path
elif [ "$is_encrypt" == "cdnwss" ]; then
echo " \"tcp://:$s_port\",
\"udp://:$s_port\"
],
\"ChainNodes\": [
\"relay+wss://$d_ip?host=$d_port\"" >>$gost_conf_path
elif [ "$is_encrypt" == "decrypttls" ]; then
if [ -d "$HOME/gost_cert" ]; then
echo " \"relay+tls://:$s_port/$d_ip:$d_port?cert=/root/gost_cert/cert.pem&key=/root/gost_cert/key.pem\"" >>$gost_conf_path
else
echo " \"relay+tls://:$s_port/$d_ip:$d_port\"" >>$gost_conf_path
fi
elif [ "$is_encrypt" == "decryptws" ]; then
echo " \"relay+ws://:$s_port/$d_ip:$d_port\"" >>$gost_conf_path
elif [ "$is_encrypt" == "decryptwss" ]; then
if [ -d "$HOME/gost_cert" ]; then
echo " \"relay+wss://:$s_port/$d_ip:$d_port?cert=/root/gost_cert/cert.pem&key=/root/gost_cert/key.pem\"" >>$gost_conf_path
else
echo " \"relay+wss://:$s_port/$d_ip:$d_port\"" >>$gost_conf_path
fi
elif [ "$is_encrypt" == "ss" ]; then
echo " \"ss://$d_ip:$s_port@:$d_port\"" >>$gost_conf_path
elif [ "$is_encrypt" == "socks" ]; then
echo " \"socks5://$d_ip:$s_port@:$d_port\"" >>$gost_conf_path
elif [ "$is_encrypt" == "http" ]; then
echo " \"http://$d_ip:$s_port@:$d_port\"" >>$gost_conf_path
else
echo "config error"
fi
elif [ $i -gt 1 ]; then
if [ "$is_encrypt" == "nonencrypt" ]; then
echo " \"tcp://:$s_port/$d_ip:$d_port\",
\"udp://:$s_port/$d_ip:$d_port\"" >>$gost_conf_path
elif [ "$is_encrypt" == "peerno" ]; then
echo " \"tcp://:$s_port?ip=/root/$d_ip.txt&strategy=$d_port\",
\"udp://:$s_port?ip=/root/$d_ip.txt&strategy=$d_port\"" >>$gost_conf_path
elif [ "$is_encrypt" == "cdnno" ]; then
echo " \"tcp://:$s_port/$d_ip?host=$d_port\",
\"udp://:$s_port/$d_ip?host=$d_port\"" >>$gost_conf_path
elif [ "$is_encrypt" == "encrypttls" ]; then
echo " \"tcp://:$s_port\",
\"udp://:$s_port\"
],
\"ChainNodes\": [
\"relay+tls://$d_ip:$d_port\"" >>$gost_conf_path
elif [ "$is_encrypt" == "encryptws" ]; then
echo " \"tcp://:$s_port\",
\"udp://:$s_port\"
],
\"ChainNodes\": [
\"relay+ws://$d_ip:$d_port\"" >>$gost_conf_path
elif [ "$is_encrypt" == "encryptwss" ]; then
echo " \"tcp://:$s_port\",
\"udp://:$s_port\"
],
\"ChainNodes\": [
\"relay+wss://$d_ip:$d_port\"" >>$gost_conf_path
elif [ "$is_encrypt" == "peertls" ]; then
echo " \"tcp://:$s_port\",
\"udp://:$s_port\"
],
\"ChainNodes\": [
\"relay+tls://:?ip=/root/$d_ip.txt&strategy=$d_port\"" >>$gost_conf_path
elif [ "$is_encrypt" == "peerws" ]; then
echo " \"tcp://:$s_port\",
\"udp://:$s_port\"
],
\"ChainNodes\": [
\"relay+ws://:?ip=/root/$d_ip.txt&strategy=$d_port\"" >>$gost_conf_path
elif [ "$is_encrypt" == "peerwss" ]; then
echo " \"tcp://:$s_port\",
\"udp://:$s_port\"
],
\"ChainNodes\": [
\"relay+wss://:?ip=/root/$d_ip.txt&strategy=$d_port\"" >>$gost_conf_path
elif [ "$is_encrypt" == "cdnws" ]; then
echo " \"tcp://:$s_port\",
\"udp://:$s_port\"
],
\"ChainNodes\": [
\"relay+ws://$d_ip?host=$d_port\"" >>$gost_conf_path
elif [ "$is_encrypt" == "cdnwss" ]; then
echo " \"tcp://:$s_port\",
\"udp://:$s_port\"
],
\"ChainNodes\": [
\"relay+wss://$d_ip?host=$d_port\"" >>$gost_conf_path
elif [ "$is_encrypt" == "decrypttls" ]; then
if [ -d "$HOME/gost_cert" ]; then
echo " \"relay+tls://:$s_port/$d_ip:$d_port?cert=/root/gost_cert/cert.pem&key=/root/gost_cert/key.pem\"" >>$gost_conf_path
else
echo " \"relay+tls://:$s_port/$d_ip:$d_port\"" >>$gost_conf_path
fi
elif [ "$is_encrypt" == "decryptws" ]; then
echo " \"relay+ws://:$s_port/$d_ip:$d_port\"" >>$gost_conf_path
elif [ "$is_encrypt" == "decryptwss" ]; then
if [ -d "$HOME/gost_cert" ]; then
echo " \"relay+wss://:$s_port/$d_ip:$d_port?cert=/root/gost_cert/cert.pem&key=/root/gost_cert/key.pem\"" >>$gost_conf_path
else
echo " \"relay+wss://:$s_port/$d_ip:$d_port\"" >>$gost_conf_path
fi
elif [ "$is_encrypt" == "ss" ]; then
echo " \"ss://$d_ip:$s_port@:$d_port\"" >>$gost_conf_path
elif [ "$is_encrypt" == "socks" ]; then
echo " \"socks5://$d_ip:$s_port@:$d_port\"" >>$gost_conf_path
elif [ "$is_encrypt" == "http" ]; then
echo " \"http://$d_ip:$s_port@:$d_port\"" >>$gost_conf_path
else
echo "config error"
fi
else
echo "config error"
exit
fi
}
function writeconf() {
count_line=$(awk 'END{print NR}' $raw_conf_path)
for ((i = 1; i <= $count_line; i++)); do
if [ $i -eq 1 ]; then
trans_conf=$(sed -n "${i}p" $raw_conf_path)
eachconf_retrieve
method
elif [ $i -gt 1 ]; then
if [ $i -eq 2 ]; then
echo " ],
\"Routes\": [" >>$gost_conf_path
trans_conf=$(sed -n "${i}p" $raw_conf_path)
eachconf_retrieve
multiconfstart
method
multiconflast
else
trans_conf=$(sed -n "${i}p" $raw_conf_path)
eachconf_retrieve
multiconfstart
method
multiconflast
fi
fi
done
}
function show_all_conf() {
echo -e " GOST 配置 "
echo -e "--------------------------------------------------------"
echo -e "序号|方法\t |本地端口\t|目的地地址:目的地端口"
echo -e "--------------------------------------------------------"
count_line=$(awk 'END{print NR}' $raw_conf_path)
for ((i = 1; i <= $count_line; i++)); do
trans_conf=$(sed -n "${i}p" $raw_conf_path)
eachconf_retrieve
if [ "$is_encrypt" == "nonencrypt" ]; then
str="不加密中转"
elif [ "$is_encrypt" == "encrypttls" ]; then
str=" tls隧道 "
elif [ "$is_encrypt" == "encryptws" ]; then
str=" ws隧道 "
elif [ "$is_encrypt" == "encryptwss" ]; then
str=" wss隧道 "
elif [ "$is_encrypt" == "peerno" ]; then
str=" 不加密均衡负载 "
elif [ "$is_encrypt" == "peertls" ]; then
str=" tls隧道均衡负载 "
elif [ "$is_encrypt" == "peerws" ]; then
str=" ws隧道均衡负载 "
elif [ "$is_encrypt" == "peerwss" ]; then
str=" wss隧道均衡负载 "
elif [ "$is_encrypt" == "decrypttls" ]; then
str=" tls解密 "
elif [ "$is_encrypt" == "decryptws" ]; then
str=" ws解密 "
elif [ "$is_encrypt" == "decryptwss" ]; then
str=" wss解密 "
elif [ "$is_encrypt" == "ss" ]; then
str=" ss "
elif [ "$is_encrypt" == "socks" ]; then
str=" socks5 "
elif [ "$is_encrypt" == "http" ]; then
str=" http "
elif [ "$is_encrypt" == "cdnno" ]; then
str="不加密转发CDN"
elif [ "$is_encrypt" == "cdnws" ]; then
str="ws隧道转发CDN"
elif [ "$is_encrypt" == "cdnwss" ]; then
str="wss隧道转发CDN"
else
str=""
fi
echo -e " $i |$str |$s_port\t|$d_ip:$d_port"
echo -e "--------------------------------------------------------"
done
}
cron_restart() {
echo -e "------------------------------------------------------------------"
echo -e "gost定时重启任务: "
echo -e "-----------------------------------"
echo -e "[1] 配置gost定时重启任务"
echo -e "[2] 删除gost定时重启任务"
echo -e "-----------------------------------"
read -p "请选择: " numcron
if [ "$numcron" == "1" ]; then
echo -e "------------------------------------------------------------------"
echo -e "gost定时重启任务类型: "
echo -e "-----------------------------------"
echo -e "[1] 每?小时重启"
echo -e "[2] 每日?点重启"
echo -e "-----------------------------------"
read -p "请选择: " numcrontype
if [ "$numcrontype" == "1" ]; then
echo -e "-----------------------------------"
read -p "每?小时重启: " cronhr
echo "0 0 */$cronhr * * ? * systemctl restart gost" >>/etc/crontab
echo -e "定时重启设置成功!"
elif [ "$numcrontype" == "2" ]; then
echo -e "-----------------------------------"
read -p "每日?点重启: " cronhr
echo "0 0 $cronhr * * ? systemctl restart gost" >>/etc/crontab
echo -e "定时重启设置成功!"
else
echo "type error, please try again"
exit
fi
elif [ "$numcron" == "2" ]; then
sed -i "/gost/d" /etc/crontab
echo -e "定时重启任务删除完成!"
else
echo "type error, please try again"
exit
fi
}
echo && echo -e " gost 一键安装配置脚本"${Red_font_prefix}[${shell_version}]${Font_color_suffix}"
----------- KANIKIG -----------
特性: (1)本脚本采用systemd及gost配置文件对gost进行管理
(2)能够在不借助其他工具(如screen)的情况下实现多条转发规则同时生效
(3)机器reboot后转发不失效
功能: (1)tcp+udp不加密转发, (2)中转机加密转发, (3)落地机解密对接转发
${Green_font_prefix}1.${Font_color_suffix} 安装 gost
${Green_font_prefix}2.${Font_color_suffix} 更新 gost
${Green_font_prefix}3.${Font_color_suffix} 卸载 gost
————————————
${Green_font_prefix}4.${Font_color_suffix} 启动 gost
${Green_font_prefix}5.${Font_color_suffix} 停止 gost
${Green_font_prefix}6.${Font_color_suffix} 重启 gost
————————————
${Green_font_prefix}7.${Font_color_suffix} 新增gost转发配置
${Green_font_prefix}8.${Font_color_suffix} 查看现有gost配置
${Green_font_prefix}9.${Font_color_suffix} 删除一则gost配置
————————————
${Green_font_prefix}10.${Font_color_suffix} gost定时重启配置
${Green_font_prefix}11.${Font_color_suffix} 自定义TLS证书配置
————————————" && echo
read -e -p " 请输入数字 [1-9]:" num
case "$num" in
1)
Install_ct
;;
2)
checknew
;;
3)
Uninstall_ct
;;
4)
Start_ct
;;
5)
Stop_ct
;;
6)
Restart_ct
;;
7)
rawconf
rm -rf /etc/gost/config.json
confstart
writeconf
conflast
systemctl restart gost
echo -e "配置已生效,当前配置如下"
echo -e "--------------------------------------------------------"
show_all_conf
;;
8)
show_all_conf
;;
9)
show_all_conf
read -p "请输入你要删除的配置编号:" numdelete
if echo $numdelete | grep -q '[0-9]'; then
sed -i "${numdelete}d" $raw_conf_path
rm -rf /etc/gost/config.json
confstart
writeconf
conflast
systemctl restart gost
echo -e "配置已删除,服务已重启"
else
echo "请输入正确数字"
fi
;;
10)
cron_restart
;;
11)
cert
;;
*)
echo "请输入正确数字 [1-9]"
;;
esac