From ce461a201ecbfce7e51138e86c5661d04fdbe51b Mon Sep 17 00:00:00 2001 From: gamesme Date: Sat, 30 Nov 2024 05:56:55 +0800 Subject: [PATCH] =?UTF-8?q?=E6=9B=B4=E6=96=B0=20trojan.sh?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- trojan.sh | 226 ++++++++++++++++++------------------------------------ 1 file changed, 74 insertions(+), 152 deletions(-) diff --git a/trojan.sh b/trojan.sh index 15cd690..106b3e8 100644 --- a/trojan.sh +++ b/trojan.sh @@ -65,50 +65,13 @@ EOF sleep 3 rm -rf /usr/share/nginx/html/* cd /usr/share/nginx/html/ - wget https://git.i00.org/gamesme/bash-script/raw/branch/main/fakesite.zip >/dev/null 2>&1 - unzip fakesite.zip >/dev/null 2>&1 + wget -q https://github.com/mayswind/AriaNg-DailyBuild/archive/master.zip >/dev/null 2>&1 + unzip master.zip >/dev/null 2>&1 sleep 5 if [ ! -d "/usr/src" ]; then mkdir /usr/src fi - if [ ! -d "/usr/src/trojan-cert" ]; then - mkdir /usr/src/trojan-cert /usr/src/trojan-temp - mkdir /usr/src/trojan-cert/$your_domain - if [ ! -d "/usr/src/trojan-cert/$your_domain" ]; then - red "不存在/usr/src/trojan-cert/$your_domain目录" - exit 1 - fi - /root/.acme.sh/acme.sh --register-account -m cert@gamesme.me --server zerossl - /root/.acme.sh/acme.sh --issue -d $your_domain --nginx --ecc - if test -s /root/.acme.sh/${your_domain}_ecc/fullchain.cer; then - cert_success="1" - fi - elif [ -f "/usr/src/trojan-cert/$your_domain/fullchain.cer" ]; then - cd /usr/src/trojan-cert/$your_domain - create_time=`stat -c %Y fullchain.cer` - now_time=`date +%s` - minus=$(($now_time - $create_time )) - if [ $minus -gt 5184000 ]; then - /root/.acme.sh/acme.sh --register-account -m cert@gamesme.me --server zerossl - /root/.acme.sh/acme.sh --issue -d $your_domain --nginx --ecc - if test -s /root/.acme.sh/${your_domain}_ecc/fullchain.cer; then - cert_success="1" - fi - else - green "检测到域名$your_domain证书存在且未超过60天, 无需重新申请" - cert_success="1" - fi - else - mkdir /usr/src/trojan-cert/$your_domain - /root/.acme.sh/acme.sh --register-account -m cert@gamesme.me --server zerossl - /root/.acme.sh/acme.sh --issue -d $your_domain --nginx --ecc - if test -s /root/.acme.sh/${your_domain}_ecc/fullchain.cer; then - cert_success="1" - fi - fi - - if [ "$cert_success" == "1" ]; then - cat > /etc/nginx/nginx.conf <<-EOF + cat > /etc/nginx/nginx.conf <<-EOF user root; worker_processes 1; error_log /var/log/nginx/error.log warn; @@ -152,16 +115,8 @@ EOF wget https://github.com/trojan-gfw/trojan/releases/download/v${latest_version}/trojan-${latest_version}-linux-amd64.tar.xz tar xf trojan-${latest_version}-linux-amd64.tar.xz >/dev/null 2>&1 rm -f trojan-${latest_version}-linux-amd64.tar.xz - #下载trojan客户端 - green "开始下载并处理trojan windows客户端" - wget https://github.com/xxxbrian/trojan.sh/raw/main/trojan-cli.zip - wget -P /usr/src/trojan-temp https://github.com/trojan-gfw/trojan/releases/download/v${latest_version}/trojan-${latest_version}-win.zip - unzip -o trojan-cli.zip >/dev/null 2>&1 - unzip -o /usr/src/trojan-temp/trojan-${latest_version}-win.zip -d /usr/src/trojan-temp/ >/dev/null 2>&1 - mv -f /usr/src/trojan-temp/trojan/trojan.exe /usr/src/trojan-cli/ green "请设置trojan密码, 建议不要出现特殊字符" read -p "请输入密码 :" trojan_passwd - #trojan_passwd=$(cat /dev/urandom | head -1 | md5sum | head -c 8) cat > /usr/src/trojan-cli/config.json <<-EOF { "run_type": "client", @@ -263,28 +218,75 @@ RestartSec=1s WantedBy=multi-user.target EOF - chmod +x ${systempwd}trojan.service - systemctl enable trojan.service - cd /root - /root/.acme.sh/acme.sh --installcert --ecc -d $your_domain \ - --key-file /usr/src/trojan-cert/$your_domain/private.key \ - --fullchain-file /usr/src/trojan-cert/$your_domain/fullchain.cer \ - --reloadcmd "systemctl restart trojan" - green "===========================================================================" - green "windows客户端路径/usr/src/trojan-cli/trojan-cli.zip, 此客户端已配置好所有参数" - green "===========================================================================" - echo - echo - green " 客户端配置文件" - green "===========================================================================" - cat /usr/src/trojan-cli/config.json - green "===========================================================================" - port_forward - else - red "===================================" - red "https证书没有申请成功, 本次安装失败" - red "===================================" - fi + chmod +x ${systempwd}trojan.service + systemctl enable trojan.service + cd /root + cat > /usr/src/trojan-cert/$your_domain/private.key<<-EOF +-----BEGIN PRIVATE KEY----- +MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQDFgyVU/fGMnGRj +Re5GUAipHJ03EMtbvcJkb//97AvZ8ZbgGLAplMaFLPNnT07DkCWv3073V5RHyBbZ +XXRh18/o91KBYDaL9+Xu51xZ8jC3aLGnZDNXpZFXX0FRNcyUr8957lNM6f1EmXf/ +39Ny1Xn+F17IrM7IhZfqqc45NFQZIWX01axHbIxJRLaGfparoRKbdw1F5I6JguJw +v/Lnl900t7TlDTtV6XQgiYQf2QjQGuTv95qCzqOka8ZGf6uUS1fgSuk7NeNbUM54 +6hl7/GmZjggsTRXtkT0cdsQqoqbcM1nBIYp2GvLqH1opH+cZY/AnFfK44pSQ5uEm +KceYPZYvAgMBAAECggEAZKKdsuBw4qQMwkgvT8QXpZLex9/WvbfCBErMtCRBJZri +tOvfVlBnlhOBMXJHP32CtkmhgoUtGCXq/nWPhwre9GSPtTvAjzCQB1n6xBmSmODP +I+r5/f5uP4ZZUXeH9XpezFGSP+45DWrkqYrxweDjd4OQ1860zZbEANzkJmFzOBnW +fIdyWgdP9c5gPYirlUJLJ3cBEum4zbd+XC8N9X4IUyhPKJMZhAY0AFhTkTAYDWEJ +K+/5SNGpwUFry28asyI5SoesH4RRAoG5W1gCG0syjuPAy6ZpDvAe6Eix7pJ083z2 +XrPzYMl+j0ud5I/WHP9bPB3KVZdMm5LAK+0OBiZsgQKBgQDQfyarNPOsp0RRKaa4 +2UP/tLodgMFibs39L9NY0XuJQouKJtaFPgR9JFMkZP6GxfPUCVDEAxgUfgTVDVnn +7IIamBM+NoFcxDdMmK5fy+r6OKyZPMm4MDunSueI+1wReVSi0ovLzsZOARlCoJ72 +X5grbyIwPW/f+v1Zx9GIA5WhDQKBgQDyg1CvHwhQYhs2iU1PDnw6M6HDKr5Ap6U5 +fuOxPCrRquZac9yo6eXDDE8+qQoH4rUu+hXPElXhUAWxN3glxQD0z//OC5Is/j07 ++tdIcYezImVsHnAxyOrC5QE7AZxr4VJvFYNURHzCpnY6fboFHL51JO5viQ0fZ21s +4ht0Dm1tKwKBgB0qrG4m6i+s9pGkEf6p5ilPTvnxmRv8BDT3C8nRBEcfWAXriPb6 +xgX7nuXoevK/nmx7ISFKjYPQXTywsXMQUuMFgyug1Ff12waMFVixXh3C7+I/7rgl +hzLP97Ph9e872estKQFJ29Pts2rurU4p8U+iLFYzQgNDSU3V9ing1n3BAoGAIWwH +ipr0Ql/C8Fkr1mFgrYTAHm2dmruAAdSC/MIWBJ9Q79ZX6s+RYrgnk7MoNr3/ymGc +79TPESY+IpZKcKod359q2bKuipTfS4zebpV25jEvWR84xyOxdvqomME4FYYQHk8Q +smRd7VWTpav+HwY/GVXlpml07YcLhZ4DupLicdECgYBWetGpTXGfHgZxQBu6EIvb +f4PAJ6i1A3Jrpf1zDzFI+P/QJUf0xZUDvF4uzjqEe7Oz6t7HFXMLl7f0zlwBCqKg +R0Vq1jGtLvsL24UIr8ujrJDEmt5zSMNYhDCkI1Rpl/lfS2BWikJTgVl4Bxz4O8Dj +Pw4j4HYa1hsLalNhkohZ0g== +-----END PRIVATE KEY----- +EOF + + cat > /usr/src/trojan-cert/$your_domain/fullchain.cer<<-EOF +-----BEGIN CERTIFICATE----- +MIIEyjCCArKgAwIBAgIQTwN47Aj6/rIK5WCAN+orWTANBgkqhkiG9w0BAQsFADCB +jzELMAkGA1UEBhMCQ04xEzARBgNVBAgMCkdyZWF0Q2hpbmExDjAMBgNVBAcMBUxv +Y2FsMRUwEwYDVQQKDAxHYW1lc21lIEx0ZC4xFTATBgNVBAsMDEdhbWVzbWUgRHB0 +LjEQMA4GA1UEAwwHR2FtZXNtZTEbMBkGCSqGSIb3DQEJARYMaUBnYW1lc21lLm1l +MB4XDTI0MDQwMTIyMjkzMloXDTI2MDcwMTIyMjkzMlowUjEnMCUGA1UEChMebWtj +ZXJ0IGRldmVsb3BtZW50IGNlcnRpZmljYXRlMScwJQYDVQQLDB5nYW1lc21lQHgt +cHJvLW0xIChDSFVOTkFOIExJVSkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK +AoIBAQDFgyVU/fGMnGRjRe5GUAipHJ03EMtbvcJkb//97AvZ8ZbgGLAplMaFLPNn +T07DkCWv3073V5RHyBbZXXRh18/o91KBYDaL9+Xu51xZ8jC3aLGnZDNXpZFXX0FR +NcyUr8957lNM6f1EmXf/39Ny1Xn+F17IrM7IhZfqqc45NFQZIWX01axHbIxJRLaG +fparoRKbdw1F5I6JguJwv/Lnl900t7TlDTtV6XQgiYQf2QjQGuTv95qCzqOka8ZG +f6uUS1fgSuk7NeNbUM546hl7/GmZjggsTRXtkT0cdsQqoqbcM1nBIYp2GvLqH1op +H+cZY/AnFfK44pSQ5uEmKceYPZYvAgMBAAGjXjBcMA4GA1UdDwEB/wQEAwIFoDAT +BgNVHSUEDDAKBggrBgEFBQcDATAfBgNVHSMEGDAWgBRHJocZUxq1ByyNh3O8vHhP +u+YELjAUBgNVHREEDTALggkqLnUyYi5sb2wwDQYJKoZIhvcNAQELBQADggIBAK7I +WaY4Pz9tt86zZFMQ96cwWO2Bqy5zQe2LBQlABrK0MkV+0mTFbqpAN7ClqTzkxyc5 +jjwE5DUYJLId6cKHWAPynmIbNQcmvTBFunkFpEsqprmijt0Hhm63V6wBHBxAvGxR +8HoaSJJ0PRGl2u0BFbycmDL5ZNdDdVtjZvCXenOdRDcIqsDdjMm79/0n7rRuQ77c +5/OVBGVhVAVGuD7pyxKXQv6iumNkT9o6utPHIlXiS80df7ac0iCtyvuq8cPyOYND +BEIfVIOM+qm4WYPSTHEUrmN1lzoyhlZDiLRuVTNEMH8F5dGKlguxqfJZqNjOxUOh +GiL1InajsNVwmDCBpIrF/3hePW1PJM5XxE7DgqbnRoyMc6pdPhiZNHhhne5kFNR8 +dL/7opexACjN6yp+xeh8GVlJgHOQz01sLmbK7bWo5DKiU7JRYOabDWNx2wxg3O18 +KMmwkHSeFfcJxJRQ86nzBNmAuVm7UFYh7s66h0bZOCLy4Ik6Qf24J9tqqwvRLnoV +Rj9NhSMQY9SmuS8aYC4hYsoU9LRLIBuFLxVtinAyvoUn4uVul8haTMznqV/o+q+A +IOTFcQhop8TB7s0tH0zLmk/ykU+E5IRbWQsGH15bUAwoCRTLu9uv1YMO0MhUMfMs +A4LKG7+qOm+5egiZDomeaM472wyc/OK3jNR9uYMv +-----END CERTIFICATE----- +EOF + green " 客户端配置文件" + green "===========================================================================" + cat /usr/src/trojan-cli/config.json + green "===========================================================================" + port_forward } function preinstall_check(){ @@ -394,60 +396,6 @@ function preinstall_check(){ fi } -function repair_cert(){ - systemctl stop nginx - if [ $? -ne 0 ]; then - red "停止 nginx 失败,退出脚本" - exit 1 - fi - check_port 80 - green "============================" - blue "请输入绑定到本VPS的域名" - blue "务必与之前失败使用的域名一致" - green "============================" - read your_domain - # if test -s /root/.acme.sh/${your_domain}_ecc/fullchain.cer; then - # green "证书文件存在" - # exit 1 - # fi - real_addr=`ping ${your_domain} -c 1 | sed '1{s/[^(]*(//;s/).*//;q}'` - local_addr=`curl ipv4.icanhazip.com` - if [ $real_addr == $local_addr ] ; then - if [ -f "/usr/src/trojan-cert/$your_domain/fullchain.cer" ]; then - cd /usr/src/trojan-cert/$your_domain - create_time=`stat -c %Y fullchain.cer` - now_time=`date +%s` - minus=$(($now_time - $create_time )) - if [ $minus -gt 5184000 ]; then - /root/.acme.sh/acme.sh --register-account -m cert@gamesme.me --server zerossl - /root/.acme.sh/acme.sh --issue -d $your_domain --standalone --ecc - /root/.acme.sh/acme.sh --installcert --ecc -d $your_domain \ - --key-file /usr/src/trojan-cert/$your_domain/private.key \ - --fullchain-file /usr/src/trojan-cert/$your_domain/fullchain.cer \ - --reloadcmd "systemctl restart trojan" - if test -s /usr/src/trojan-cert/$your_domain/fullchain.cer; then - green "证书申请成功" - systemctl restart trojan - systemctl start nginx - else - red "申请证书失败" - fi - else - /root/.acme.sh/acme.sh --installcert --ecc -d $your_domain \ - --key-file /usr/src/trojan-cert/$your_domain/private.key \ - --fullchain-file /usr/src/trojan-cert/$your_domain/fullchain.cer \ - --reloadcmd "systemctl restart trojan" - green "检测到域名$your_domain证书存在且未超过60天,无需重新申请" - cert_success="1" - fi - fi - else - red "================================" - red "域名解析地址与本VPS IP地址不一致" - red "本次安装失败, 请确保域名解析正常" - red "================================" - fi -} function remove_trojan(){ red "================================" @@ -472,7 +420,6 @@ function remove_trojan(){ rm -rf /usr/src/trojan-cert/ rm -rf /usr/share/nginx/html/* rm -rf /etc/nginx/ - rm -rf /root/.acme.sh/ green "==============" green "trojan删除完毕" green "==============" @@ -489,7 +436,7 @@ function check_port() { fi } function port_forward(){ - iptables -t nat -A PREROUTING -p tcp --dport 49000:50000 -j REDIRECT --to-ports 443 + iptables -t nat -A PREROUTING -p tcp --dport 49000:49010 -j REDIRECT --to-ports 443 green "==========================" green "已将49000-50000端口转发至443" green "==========================" @@ -519,25 +466,6 @@ function update_trojan(){ } -function install_acme(){ - file_path="/root/.acme.sh/acme.sh" - if [ -f "$file_path" ] - then - red "$file_path 已存在" - else - blue "$file_path 不存在, 现在安装" - curl https://get.acme.sh | sh - fi -} - - function check_cert() { - local domain=$1 - local cert_path="/root/.acme.sh/${domain}_ecc/fullchain.cer" - if [[ -s $cert_path ]]; then - green "证书文件存在" - exit 1 - fi -} start_menu(){ clear green " =======================================" @@ -552,14 +480,12 @@ start_menu(){ green " 1. 安装trojan" red " 2. 卸载trojan" green " 3. 升级trojan" - green " 4. 修复证书" - green " 5. 端口映射" + green " 4. 端口映射" blue " 0. 退出脚本" echo read -p "请输入数字 :" num case "$num" in 1) - install_acme preinstall_check ;; 2) @@ -569,10 +495,6 @@ start_menu(){ update_trojan ;; 4) - install_acme - repair_cert - ;; - 5) port_forward ;; 0)