xray、v2ray 一键安装配置脚本
xray、v2ray 一键安装配置脚本
bash
#!/bin/bash
# desc: v2ray/x2ray config script
Green_font_prefix="\033[32m" && Red_font_prefix="\033[31m" && Green_background_prefix="\033[42;37m" && Red_background_prefix="\033[41;37m" && Font_color_suffix="\033[0m"
Info="${Green_font_prefix}[信息]${Font_color_suffix}"
Error="${Red_font_prefix}[错误]${Font_color_suffix}"
Tip="${Green_font_prefix}[注意]${Font_color_suffix}"
is_root() {
if [ $UID -ne 0 ]; then
echo "请使用 root 权限的帐号执行此脚本"
exit 1
fi
}
# 安装 BBR
install_bbr() {
update_server
if [[ "${release}" == "centos" ]]; then
rpm --import https://www.elrepo.org/RPM-GPG-KEY-elrepo.org
yum install yum-plugin-fastestmirror -y
if [[ ${version} == "7" ]]; then
yum install https://www.elrepo.org/elrepo-release-7.el7.elrepo.noarch.rpm
elif [[ ${version} == "8" ]]; then
yum install https://www.elrepo.org/elrepo-release-8.el8.elrepo.noarch.rpm
fi
yum --enablerepo=elrepo-kernel install kernel-ml -y
elif [[ "${release}" == "debian" || "${release}" == "ubuntu" ]]; then
apt-get upgrade linux-image-generic
fi
BBR_grub
echo -e "${Tip} 重启VPS后,请重新运行脚本开启${Red_font_prefix}BBR${Font_color_suffix}"
stty erase '^H' && read -p "需要重启VPS后,才能开启BBR,是否现在重启 ? [Y/n] :" yn
[ -z "${yn}" ] && yn="y"
if [[ $yn == [Yy] ]]; then
echo -e "${Info} VPS 重启中..."
reboot
fi
}
#更新引导
BBR_grub(){
if [[ "${release}" == "centos" ]]; then
if [[ ${version} = "6" ]]; then
if [ ! -f "/boot/grub/grub.conf" ]; then
echo -e "${Error} /boot/grub/grub.conf 找不到,请检查."
exit 1
fi
sed -i 's/^default=.*/default=0/g' /boot/grub/grub.conf
elif [[ ${version} = "7" ]]; then
if [ ! -f "/boot/grub2/grub.cfg" ]; then
echo -e "${Error} /boot/grub2/grub.cfg 找不到,请检查."
exit 1
fi
grub2-set-default 0
fi
elif [[ "${release}" == "debian" || "${release}" == "ubuntu" ]]; then
/usr/sbin/update-grub
fi
}
# 启用 BBR
start_bbr(){
remove_all
echo "net.core.default_qdisc=fq" >> /etc/sysctl.conf
echo "net.ipv4.tcp_congestion_control=bbr" >> /etc/sysctl.conf
sysctl -p
lsmod | grep bbr
if [[ $? -ne 0 ]]; then
echo -e "${Error}: BBR 未启动"
else
echo -e "${Info}: BBR 启动成功!"
fi
}
# 检查内核版本(未使用)
check_kernel_version() {
# 判断内核是否大于4.9,如果内核版本小于4.9就升级到最新的稳定版内核:5.17.8
# 当内核版本大于4.9(如:centos8 默认内核为4.18)时就不做更新
mainVersion=`uname -r| awk -F"." '{print $1}'`
MinorVersion=`uname -r| awk -F"." '{print $2}'`
kVersion=`uname -r| awk -F"-" '{print $1}'`
if [[ ${mainVersion} -ge 4 && ${MinorVersion} -ge 9 ]]; then
echo -e "${Info}: 当前内核版本为${kVersion},支持开启BBR,等待开启..."
start_bbr
else
echo -e "${Error}: 安装BBR需要内核版本大于4.9,当前内核版本为${kVersion},将更新内核..."
kernelVersion="5.17.8"
install_bbr
fi
}
# 检查是Ubuntu还是Centos
check_os_platform() {
# 方法1: 判断是否有 apt-get 或者 yum, 有yum的就是Centos, 有apt-get的就是Ubuntu
# 方法2: radhat或centos存在 /etc/redhat-release 这个文件,ubuntu存在 /etc/lsb-release 这个文件
if [ -f "/bin/yum" ] || [ -f "/usr/bin/yum" ]; then
package_manager="yum"
release="centos"
elif [ -f "/usr/bin/apt-get" ]; then
package_manager="apt-get"
release="ubuntu"
fi
}
# 检查系统版本
check_os_version() {
if [[ -s /etc/redhat-release ]]; then
version=`grep -oE "[0-9.]+" /etc/redhat-release | cut -d . -f 1`
else
version=`grep -oE "[0-9.]+" /etc/issue | cut -d . -f 1`
fi
bit=`uname -m`
if [[ ${bit} = "x86_64" ]]; then
bit="x64"
else
bit="x32"
fi
}
# 检查安装bbr的系统要求,内核版本必须大于4.9才能开启bbr
# centos7 内核版本是3.10,centos8 内核版本是4.18
# 统一更新到最新稳定版内核或者LTS内核
# elrepo源里的最新LTS版本为5.4.194,如果要使用LTS版本就替换kernelVersion值为5.4.194
check_bbr_require() {
check_os_version
if [[ "${release}" == "centos" ]]; then
if [[ ${version} -ge "6" ]]; then
install_bbr
else
echo -e "${Error} BBR内核不支持当前系统 ${release} ${version} ${bit} !" && exit 1
fi
elif [[ "${release}" == "ubuntu" ]]; then
if [[ ${version} -ge "16" ]]; then
install_bbr
else
echo -e "${Error} BBR内核不支持当前系统 ${release} ${version} ${bit} !" && exit 1
fi
else
echo -e "${Error} BBR内核不支持当前系统 ${release} ${version} ${bit} !" && exit 1
fi
}
#卸载全部加速
remove_all(){
rm -rf bbrmod
sed -i '/net.core.default_qdisc/d' /etc/sysctl.conf
sed -i '/net.ipv4.tcp_congestion_control/d' /etc/sysctl.conf
sed -i '/fs.file-max/d' /etc/sysctl.conf
sed -i '/net.core.rmem_max/d' /etc/sysctl.conf
sed -i '/net.core.wmem_max/d' /etc/sysctl.conf
sed -i '/net.core.rmem_default/d' /etc/sysctl.conf
sed -i '/net.core.wmem_default/d' /etc/sysctl.conf
sed -i '/net.core.netdev_max_backlog/d' /etc/sysctl.conf
sed -i '/net.core.somaxconn/d' /etc/sysctl.conf
sed -i '/net.ipv4.tcp_syncookies/d' /etc/sysctl.conf
sed -i '/net.ipv4.tcp_tw_reuse/d' /etc/sysctl.conf
sed -i '/net.ipv4.tcp_tw_recycle/d' /etc/sysctl.conf
sed -i '/net.ipv4.tcp_fin_timeout/d' /etc/sysctl.conf
sed -i '/net.ipv4.tcp_keepalive_time/d' /etc/sysctl.conf
sed -i '/net.ipv4.ip_local_port_range/d' /etc/sysctl.conf
sed -i '/net.ipv4.tcp_max_syn_backlog/d' /etc/sysctl.conf
sed -i '/net.ipv4.tcp_max_tw_buckets/d' /etc/sysctl.conf
sed -i '/net.ipv4.tcp_rmem/d' /etc/sysctl.conf
sed -i '/net.ipv4.tcp_wmem/d' /etc/sysctl.conf
sed -i '/net.ipv4.tcp_mtu_probing/d' /etc/sysctl.conf
sed -i '/net.ipv4.ip_forward/d' /etc/sysctl.conf
sed -i '/fs.inotify.max_user_instances/d' /etc/sysctl.conf
sed -i '/net.ipv4.tcp_syncookies/d' /etc/sysctl.conf
sed -i '/net.ipv4.tcp_fin_timeout/d' /etc/sysctl.conf
sed -i '/net.ipv4.tcp_tw_reuse/d' /etc/sysctl.conf
sed -i '/net.ipv4.tcp_max_syn_backlog/d' /etc/sysctl.conf
sed -i '/net.ipv4.ip_local_port_range/d' /etc/sysctl.conf
sed -i '/net.ipv4.tcp_max_tw_buckets/d' /etc/sysctl.conf
sed -i '/net.ipv4.route.gc_timeout/d' /etc/sysctl.conf
sed -i '/net.ipv4.tcp_synack_retries/d' /etc/sysctl.conf
sed -i '/net.ipv4.tcp_syn_retries/d' /etc/sysctl.conf
sed -i '/net.core.somaxconn/d' /etc/sysctl.conf
sed -i '/net.core.netdev_max_backlog/d' /etc/sysctl.conf
sed -i '/net.ipv4.tcp_timestamps/d' /etc/sysctl.conf
sed -i '/net.ipv4.tcp_max_orphans/d' /etc/sysctl.conf
clear
echo -e "${Info}:清除加速完成。"
sleep 1s
}
#优化系统配置
optimizing_system(){
sed -i '/fs.file-max/d' /etc/sysctl.conf
sed -i '/fs.inotify.max_user_instances/d' /etc/sysctl.conf
sed -i '/net.ipv4.tcp_syncookies/d' /etc/sysctl.conf
sed -i '/net.ipv4.tcp_fin_timeout/d' /etc/sysctl.conf
sed -i '/net.ipv4.tcp_tw_reuse/d' /etc/sysctl.conf
sed -i '/net.ipv4.tcp_max_syn_backlog/d' /etc/sysctl.conf
sed -i '/net.ipv4.ip_local_port_range/d' /etc/sysctl.conf
sed -i '/net.ipv4.tcp_max_tw_buckets/d' /etc/sysctl.conf
sed -i '/net.ipv4.route.gc_timeout/d' /etc/sysctl.conf
sed -i '/net.ipv4.tcp_synack_retries/d' /etc/sysctl.conf
sed -i '/net.ipv4.tcp_syn_retries/d' /etc/sysctl.conf
sed -i '/net.core.somaxconn/d' /etc/sysctl.conf
sed -i '/net.core.netdev_max_backlog/d' /etc/sysctl.conf
sed -i '/net.ipv4.tcp_timestamps/d' /etc/sysctl.conf
sed -i '/net.ipv4.tcp_max_orphans/d' /etc/sysctl.conf
sed -i '/net.ipv4.ip_forward/d' /etc/sysctl.conf
echo "fs.file-max = 1000000
fs.inotify.max_user_instances = 8192
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_fin_timeout = 30
net.ipv4.tcp_tw_reuse = 1
net.ipv4.ip_local_port_range = 1024 65000
net.ipv4.tcp_max_syn_backlog = 16384
net.ipv4.tcp_max_tw_buckets = 6000
net.ipv4.route.gc_timeout = 100
net.ipv4.tcp_syn_retries = 1
net.ipv4.tcp_synack_retries = 1
net.core.somaxconn = 32768
net.core.netdev_max_backlog = 32768
net.ipv4.tcp_timestamps = 0
net.ipv4.tcp_max_orphans = 32768
# forward ipv4
net.ipv4.ip_forward = 1">>/etc/sysctl.conf
sysctl -p
echo "* soft nofile 1000000
* hard nofile 1000000">/etc/security/limits.conf
echo "ulimit -SHn 1000000">>/etc/profile
read -p "需要重启VPS后,才能生效系统优化配置,是否现在重启 ? [Y/n] :" yn
[ -z "${yn}" ] && yn="y"
if [[ $yn == [Yy] ]]; then
echo -e "${Info} VPS 重启中..."
reboot
fi
}
update_server() {
check_os_platform
$package_manager update -y
# $package_manager upgrade -y
$package_manager install curl -y
}
manager_v2ray() {
update_server
install_v2ray
config_v2ray
start_v2ray
}
install_v2ray() {
bash <(curl -L https://raw.githubusercontent.com/v2fly/fhs-install-v2ray/master/install-release.sh)
}
config_v2ray() {
filepath="/usr/local/etc/v2ray"
rm -rf ${filepath}/config.json
cp v2ray/v2ray_server_ws.json ${filepath}/config.json
uuid=`cat /proc/sys/kernel/random/uuid`
sed -i "s/yourUUID/${uuid}/g" ${filepath}/config.json
echo -e "${Info}: 请复制 ${uuid} 到你的客户端配置文件中!"
}
start_v2ray() {
# v2ray 服务器的时间一定要与本地的时间一致,不然会连接失败
sbin="/usr/local/bin/v2ray"
configpath="/usr/local/etc/v2ray"
${sbin} -test -config ${configpath}/config.json
if [ $? -ne 0 ]; then
echo -e "${Error}: 配置文件语法错误,请检查v2ray配置文件"
exit 1
else
systemctl start v2ray
systemctl enable v2ray
echo -e "${Info}: v2ray 已启动!"
fi
}
manager_xray() {
update_server
install_xray
config_xray
start_xray
}
install_xray() {
bash -c "$(curl -L https://github.com/XTLS/Xray-install/raw/main/install-release.sh)" @ install
}
# VLESS + TCP + XTLS + WS
config_xray() {
# 证书文件配置
mkdir -p /usr/local/etc/ssl
cp ssl_keys/* /usr/local/etc/ssl/
chown -R nobody:nogroup /usr/local/etc/ssl/
# 下载路由规则文件增强版
curl -Lo /usr/local/share/xray/geosite.dat https://github.com/Loyalsoldier/v2ray-rules-dat/releases/latest/download/geosite.dat && curl -Lo /usr/local/share/xray/geoip.dat https://github.com/Loyalsoldier/v2ray-rules-dat/releases/latest/download/geoip.dat
# xray 配置文件
filepath="/usr/local/etc/xray"
rm -rf ${filepath}/config.json
cp xray/server/* ${filepath}/
cp xray/server/xray_server_socket.json ${filepath}/config.json
uuid=`cat /proc/sys/kernel/random/uuid`
sed -i "s/yourUUID/${uuid}/g" ${filepath}/config.json
echo -e "${Info}: 请复制 ${uuid} 到你的客户端配置文件中! "
}
start_xray() {
sbin="/usr/local/bin/xray"
configpath="/usr/local/etc/xray"
${sbin} -test -config ${configpath}/config.json
if [ $? -ne 0 ]; then
echo -e "${Error}: 配置文件语法错误,请检查xray配置文件"
exit 1
else
systemctl start xray
systemctl enable xray
echo -e "${Info}: xray 已启动!"
fi
}
manager_nginx() {
update_server
install_nginx
config_nginx
start_nginx
}
install_nginx() {
if [[ "${release}" == "centos" ]]; then
yum install yum-utils -y
cp nginx/nginx.repo /etc/yum.repos.d/
yum install nginx -y
elif [[ "${release}" == "ubuntu" ]]; then
apt install curl gnupg2 ca-certificates lsb-release ubuntu-keyring
curl https://nginx.org/keys/nginx_signing.key | gpg --dearmor \
| sudo tee /usr/share/keyrings/nginx-archive-keyring.gpg >/dev/null
gpg --dry-run --quiet --import --import-options import-show /usr/share/keyrings/nginx-archive-keyring.gpg
echo "deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] \
http://nginx.org/packages/ubuntu `lsb_release -cs` nginx" \
| sudo tee /etc/apt/sources.list.d/nginx.list
apt install nginx -y
fi
}
config_nginx() {
if [ -f "/usr/local/bin/v2ray" ]; then
# v2ray 配置 ws 时 Nginx 的配置文件,需要先安装 nginx
cp nginx/v2ray_nginx/v2ray_server_ws_nginx.conf /etc/nginx/conf.d/
mkdir -p /etc/nginx/ssl
cp ssl_keys/* /etc/nginx/ssl/
elif [ -f "/usr/local/bin/xray" ]; then
# xray 配置
cp nginx/xray_nginx/xray_server_socket_nginx.conf /etc/nginx/conf.d/
cp nginx/xray_nginx/xray_server_port_nginx.conf /etc/nginx/
fi
if [ ! -f "/etc/nginx/nginx.conf.back" ]; then
cp /etc/nginx/nginx.conf /etc/nginx/nginx.conf.back
fi
if [[ "${release}" == "centos" ]]; then
sed -i "s/1024/65535/g" /etc/nginx/nginx.conf
sed -i '10 a use epoll;' /etc/nginx/nginx.conf
elif [[ "${release}" == "ubuntu" ]]; then
sed -i "s/768/65535/g" /etc/nginx/nginx.conf
sed -i '8 a use epoll;' /etc/nginx/nginx.conf
fi
mv /etc/nginx/conf.d/default.conf /etc/nginx/
sed -i '3 a worker_rlimit_nofile 65535;' /etc/nginx/nginx.conf
mkdir -p /usr/share/nginx/html/wwwdoc
cp /usr/share/nginx/html/index.html /usr/share/nginx/html/wwwdoc/
# 这里只是放了个Nginx默认页面,可以用 Minio 之类的,设置 proxy_pass 到 Minio 端口
}
start_nginx() {
/sbin/nginx -t
if [ $? -ne 0 ]; then
echo -e "${Error}: 配置文件语法错误,请检查nginx配置文件"
exit 1
else
systemctl start nginx
systemctl enable nginx
echo -e "${Info}: nginx 已启动 "
fi
config_firewall
}
config_firewall() {
if [[ "${release}" == "centos" ]]; then
setenforce 0
firewall-cmd --zone=public --add-port=443/tcp --add-port=80/tcp --add-port=22/tcp --permanent
firewall-cmd --zone=public --remove-port=18888/tcp --permanent
firewall-cmd --reload
echo -e "${Info}: 已开放的端口:`firewall-cmd --zone=public --list-ports`"
elif [[ "${release}" == "ubuntu" ]]; then
ufw enable
ufw allow 80
ufw allow ssh
ufw allow 443
ufw reload
echo -e "${Info}: 已开放的端口:`ufw status`"
fi
}
clean_all() {
rm -rf /etc/nginx/conf.d/*
rm -rf /etc/nginx/ssl
rm -rf /usr/local/etc/v2ray/*
rm -rf /usr/local/etc/xray/*
rm -rf /usr/share/nginx/html/wwwdoc
rm -rf /usr/local/etc/ssl
find / -name "go_outside*" -exec rm -rf {} \;
}
start_menu() {
clear
echo && echo -e " 代理服务器一键安装管理脚本 ${Red_font_prefix}${Font_color_suffix}
————————————BBR 管理————————————
${Green_font_prefix}1.${Font_color_suffix} 安装 BBR
${Green_font_prefix}2.${Font_color_suffix} 启动 BBR
————————————V2ray 管理————————————
${Green_font_prefix}3.${Font_color_suffix} 安装并启动 V2ray
————————————Xray 管理————————————
${Green_font_prefix}4.${Font_color_suffix} 安装并开启 Xray
————————————Nginx 管理————————————
${Green_font_prefix}5.${Font_color_suffix} 安装并开启 Nginx
————————————杂项管理————————————
${Green_font_prefix}6.${Font_color_suffix} 系统配置优化
${Green_font_prefix}7.${Font_color_suffix} 卸载全部
${Green_font_prefix}8.${Font_color_suffix} 退出脚本
————————————————————————————————"
echo
while true
do
read -p " 请输入数字 [0-11]:" num
case "$num" in
1)
check_bbr_require
;;
2)
start_bbr
;;
3)
manager_v2ray
;;
4)
manager_xray
;;
5)
manager_nginx
;;
6)
optimizing_system
;;
7)
clean_all
;;
8)
exit 1
;;
*)
clear
echo -e "${Error}:请输入正确数字 [0-11]"
sleep 5s
start_menu
;;
esac
done
}
# 先通过 chekBBR 检查是否安装了 BBR,如果没有就通过 checkOSPlatform 查看系统版本是centos7还是8,如果是7就要升级kenel然后再安装BBR
# is_root
check_os_platform
check_os_version
chattr -i /etc/passwd /etc/shadow /etc/group /etc/gshadow /etc/inittab
# [[ ${release} != "ubuntu" ]] && [[ ${release} != "centos" ]] && echo -e "${Error} 本脚本不支持当前系统 ${release} !" && exit 1
start_menu