diff --git a/trojan.sh b/trojan.sh index bfd1876..15cd690 100644 --- a/trojan.sh +++ b/trojan.sh @@ -28,169 +28,7 @@ fi systempwd="/etc/systemd/system/" function install_trojan(){ - function configure_nginx() { - cat > /etc/nginx/nginx.conf <<-EOF -user root; -worker_processes 1; -error_log /var/log/nginx/error.log warn; -pid /var/run/nginx.pid; -events { - worker_connections 1024; -} -http { - include /etc/nginx/mime.types; - default_type application/octet-stream; - log_format main '\$remote_addr - \$remote_user [\$time_local] "\$request" ' - '\$status \$body_bytes_sent "\$http_referer" ' - '"\$http_user_agent" "\$http_x_forwarded_for"'; - access_log /var/log/nginx/access.log main; - sendfile on; - #tcp_nopush on; - keepalive_timeout 120; - client_max_body_size 20m; - #gzip on; - server { - listen 127.0.0.1:80; - server_name $your_domain; - root /usr/share/nginx/html; - index index.php index.html index.htm; - } - server { - listen 0.0.0.0:80; - server_name $your_domain; - return 301 https://$your_domain\$request_uri; - } - -} -EOF - systemctl restart nginx - systemctl enable nginx - } - - function download_trojan() { - cd /usr/src - wget https://api.github.com/repos/trojan-gfw/trojan/releases/latest >/dev/null 2>&1 - latest_version=`grep tag_name latest| awk -F '[:,"v]' '{print $6}'` - rm -f latest - green "开始下载最新版trojan amd64" - wget https://github.com/trojan-gfw/trojan/releases/download/v${latest_version}/trojan-${latest_version}-linux-amd64.tar.xz - tar xf trojan-${latest_version}-linux-amd64.tar.xz >/dev/null 2>&1 - rm -f trojan-${latest_version}-linux-amd64.tar.xz - } - - function configure_trojan() { - green "请设置trojan密码, 建议不要出现特殊字符" - read -p "请输入密码 :" trojan_passwd - cat > /usr/src/trojan-cli/config.json <<-EOF -{ - "run_type": "client", - "local_addr": "127.0.0.1", - "local_port": 1080, - "remote_addr": "$your_domain", - "remote_port": 443, - "password": [ - "$trojan_passwd" - ], - "log_level": 1, - "ssl": { - "verify": true, - "verify_hostname": true, - "cert": "", - "cipher_tls13":"TLS_AES_128_GCM_SHA256:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384", - "sni": "", - "alpn": [ - "h2", - "http/1.1" - ], - "reuse_session": true, - "session_ticket": false, - "curves": "" - }, - "tcp": { - "no_delay": true, - "keep_alive": true, - "fast_open": false, - "fast_open_qlen": 20 - } -} -EOF - rm -rf /usr/src/trojan/server.conf - cat > /usr/src/trojan/server.conf <<-EOF -{ - "run_type": "server", - "local_addr": "0.0.0.0", - "local_port": 443, - "remote_addr": "127.0.0.1", - "remote_port": 80, - "password": [ - "$trojan_passwd" - ], - "log_level": 1, - "ssl": { - "cert": "/usr/src/trojan-cert/$your_domain/fullchain.cer", - "key": "/usr/src/trojan-cert/$your_domain/private.key", - "key_password": "", - "cipher_tls13":"TLS_AES_128_GCM_SHA256:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384", - "prefer_server_cipher": true, - "alpn": [ - "http/1.1" - ], - "reuse_session": true, - "session_ticket": false, - "session_timeout": 600, - "plain_http_response": "", - "curves": "", - "dhparam": "" - }, - "tcp": { - "no_delay": true, - "keep_alive": true, - "fast_open": false, - "fast_open_qlen": 20 - }, - "mysql": { - "enabled": false, - "server_addr": "127.0.0.1", - "server_port": 3306, - "database": "trojan", - "username": "trojan", - "password": "" - } -} -EOF - } - - function setup_service() { - cat > ${systempwd}trojan.service <<-EOF -[Unit] -Description=trojan -After=network.target - -[Service] -Type=simple -PIDFile=/usr/src/trojan/trojan/trojan.pid -ExecStart=/usr/src/trojan/trojan -c "/usr/src/trojan/server.conf" -ExecReload=/bin/kill -HUP \$MAINPID -Restart=on-failure -RestartSec=1s - -[Install] -WantedBy=multi-user.target -EOF - - chmod +x ${systempwd}trojan.service - systemctl enable trojan.service - } - - - function display_info() { - green " 客户端配置文件" - green "===========================================================================" - cat /usr/src/trojan-cli/config.json - green "===========================================================================" - } -function install_trojan(){ - "$systemPackage" install -y nginx + $systemPackage install -y nginx if [ ! -d "/etc/nginx/" ]; then red "nginx安装有问题, 请使用卸载trojan后重新安装" exit 1 @@ -227,19 +65,48 @@ EOF sleep 3 rm -rf /usr/share/nginx/html/* cd /usr/share/nginx/html/ - wget -q https://github.com/mayswind/AriaNg-DailyBuild/archive/master.zip >/dev/null 2>&1 - unzip master.zip >/dev/null 2>&1 + wget https://git.i00.org/gamesme/bash-script/raw/branch/main/fakesite.zip >/dev/null 2>&1 + unzip fakesite.zip >/dev/null 2>&1 sleep 5 if [ ! -d "/usr/src" ]; then mkdir /usr/src fi - configure_nginx - download_trojan - configure_trojan - setup_service - display_info - port_forward - nginx_status=`pgrep -f "nginx: worker"` + if [ ! -d "/usr/src/trojan-cert" ]; then + mkdir /usr/src/trojan-cert /usr/src/trojan-temp + mkdir /usr/src/trojan-cert/$your_domain + if [ ! -d "/usr/src/trojan-cert/$your_domain" ]; then + red "不存在/usr/src/trojan-cert/$your_domain目录" + exit 1 + fi + /root/.acme.sh/acme.sh --register-account -m cert@gamesme.me --server zerossl + /root/.acme.sh/acme.sh --issue -d $your_domain --nginx --ecc + if test -s /root/.acme.sh/${your_domain}_ecc/fullchain.cer; then + cert_success="1" + fi + elif [ -f "/usr/src/trojan-cert/$your_domain/fullchain.cer" ]; then + cd /usr/src/trojan-cert/$your_domain + create_time=`stat -c %Y fullchain.cer` + now_time=`date +%s` + minus=$(($now_time - $create_time )) + if [ $minus -gt 5184000 ]; then + /root/.acme.sh/acme.sh --register-account -m cert@gamesme.me --server zerossl + /root/.acme.sh/acme.sh --issue -d $your_domain --nginx --ecc + if test -s /root/.acme.sh/${your_domain}_ecc/fullchain.cer; then + cert_success="1" + fi + else + green "检测到域名$your_domain证书存在且未超过60天, 无需重新申请" + cert_success="1" + fi + else + mkdir /usr/src/trojan-cert/$your_domain + /root/.acme.sh/acme.sh --register-account -m cert@gamesme.me --server zerossl + /root/.acme.sh/acme.sh --issue -d $your_domain --nginx --ecc + if test -s /root/.acme.sh/${your_domain}_ecc/fullchain.cer; then + cert_success="1" + fi + fi + if [ "$cert_success" == "1" ]; then cat > /etc/nginx/nginx.conf <<-EOF user root; @@ -285,6 +152,13 @@ EOF wget https://github.com/trojan-gfw/trojan/releases/download/v${latest_version}/trojan-${latest_version}-linux-amd64.tar.xz tar xf trojan-${latest_version}-linux-amd64.tar.xz >/dev/null 2>&1 rm -f trojan-${latest_version}-linux-amd64.tar.xz + #下载trojan客户端 + green "开始下载并处理trojan windows客户端" + wget https://github.com/xxxbrian/trojan.sh/raw/main/trojan-cli.zip + wget -P /usr/src/trojan-temp https://github.com/trojan-gfw/trojan/releases/download/v${latest_version}/trojan-${latest_version}-win.zip + unzip -o trojan-cli.zip >/dev/null 2>&1 + unzip -o /usr/src/trojan-temp/trojan-${latest_version}-win.zip -d /usr/src/trojan-temp/ >/dev/null 2>&1 + mv -f /usr/src/trojan-temp/trojan/trojan.exe /usr/src/trojan-cli/ green "请设置trojan密码, 建议不要出现特殊字符" read -p "请输入密码 :" trojan_passwd #trojan_passwd=$(cat /dev/urandom | head -1 | md5sum | head -c 8) @@ -389,77 +263,28 @@ RestartSec=1s WantedBy=multi-user.target EOF - chmod +x ${systempwd}trojan.service - systemctl enable trojan.service - cd /root - cat > /usr/src/trojan-cert/$your_domain/private.key<<-EOF ------BEGIN PRIVATE KEY----- -MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQDFgyVU/fGMnGRj -Re5GUAipHJ03EMtbvcJkb//97AvZ8ZbgGLAplMaFLPNnT07DkCWv3073V5RHyBbZ -XXRh18/o91KBYDaL9+Xu51xZ8jC3aLGnZDNXpZFXX0FRNcyUr8957lNM6f1EmXf/ -39Ny1Xn+F17IrM7IhZfqqc45NFQZIWX01axHbIxJRLaGfparoRKbdw1F5I6JguJw -v/Lnl900t7TlDTtV6XQgiYQf2QjQGuTv95qCzqOka8ZGf6uUS1fgSuk7NeNbUM54 -6hl7/GmZjggsTRXtkT0cdsQqoqbcM1nBIYp2GvLqH1opH+cZY/AnFfK44pSQ5uEm -KceYPZYvAgMBAAECggEAZKKdsuBw4qQMwkgvT8QXpZLex9/WvbfCBErMtCRBJZri -tOvfVlBnlhOBMXJHP32CtkmhgoUtGCXq/nWPhwre9GSPtTvAjzCQB1n6xBmSmODP -I+r5/f5uP4ZZUXeH9XpezFGSP+45DWrkqYrxweDjd4OQ1860zZbEANzkJmFzOBnW -fIdyWgdP9c5gPYirlUJLJ3cBEum4zbd+XC8N9X4IUyhPKJMZhAY0AFhTkTAYDWEJ -K+/5SNGpwUFry28asyI5SoesH4RRAoG5W1gCG0syjuPAy6ZpDvAe6Eix7pJ083z2 -XrPzYMl+j0ud5I/WHP9bPB3KVZdMm5LAK+0OBiZsgQKBgQDQfyarNPOsp0RRKaa4 -2UP/tLodgMFibs39L9NY0XuJQouKJtaFPgR9JFMkZP6GxfPUCVDEAxgUfgTVDVnn -7IIamBM+NoFcxDdMmK5fy+r6OKyZPMm4MDunSueI+1wReVSi0ovLzsZOARlCoJ72 -X5grbyIwPW/f+v1Zx9GIA5WhDQKBgQDyg1CvHwhQYhs2iU1PDnw6M6HDKr5Ap6U5 -fuOxPCrRquZac9yo6eXDDE8+qQoH4rUu+hXPElXhUAWxN3glxQD0z//OC5Is/j07 -+tdIcYezImVsHnAxyOrC5QE7AZxr4VJvFYNURHzCpnY6fboFHL51JO5viQ0fZ21s -4ht0Dm1tKwKBgB0qrG4m6i+s9pGkEf6p5ilPTvnxmRv8BDT3C8nRBEcfWAXriPb6 -xgX7nuXoevK/nmx7ISFKjYPQXTywsXMQUuMFgyug1Ff12waMFVixXh3C7+I/7rgl -hzLP97Ph9e872estKQFJ29Pts2rurU4p8U+iLFYzQgNDSU3V9ing1n3BAoGAIWwH -ipr0Ql/C8Fkr1mFgrYTAHm2dmruAAdSC/MIWBJ9Q79ZX6s+RYrgnk7MoNr3/ymGc -79TPESY+IpZKcKod359q2bKuipTfS4zebpV25jEvWR84xyOxdvqomME4FYYQHk8Q -smRd7VWTpav+HwY/GVXlpml07YcLhZ4DupLicdECgYBWetGpTXGfHgZxQBu6EIvb -f4PAJ6i1A3Jrpf1zDzFI+P/QJUf0xZUDvF4uzjqEe7Oz6t7HFXMLl7f0zlwBCqKg -R0Vq1jGtLvsL24UIr8ujrJDEmt5zSMNYhDCkI1Rpl/lfS2BWikJTgVl4Bxz4O8Dj -Pw4j4HYa1hsLalNhkohZ0g== ------END PRIVATE KEY----- -EOF - - cat > /usr/src/trojan-cert/$your_domain/fullchain.cer<<-EOF ------BEGIN CERTIFICATE----- -MIIEyjCCArKgAwIBAgIQTwN47Aj6/rIK5WCAN+orWTANBgkqhkiG9w0BAQsFADCB -jzELMAkGA1UEBhMCQ04xEzARBgNVBAgMCkdyZWF0Q2hpbmExDjAMBgNVBAcMBUxv -Y2FsMRUwEwYDVQQKDAxHYW1lc21lIEx0ZC4xFTATBgNVBAsMDEdhbWVzbWUgRHB0 -LjEQMA4GA1UEAwwHR2FtZXNtZTEbMBkGCSqGSIb3DQEJARYMaUBnYW1lc21lLm1l -MB4XDTI0MDQwMTIyMjkzMloXDTI2MDcwMTIyMjkzMlowUjEnMCUGA1UEChMebWtj -ZXJ0IGRldmVsb3BtZW50IGNlcnRpZmljYXRlMScwJQYDVQQLDB5nYW1lc21lQHgt -cHJvLW0xIChDSFVOTkFOIExJVSkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK -AoIBAQDFgyVU/fGMnGRjRe5GUAipHJ03EMtbvcJkb//97AvZ8ZbgGLAplMaFLPNn -T07DkCWv3073V5RHyBbZXXRh18/o91KBYDaL9+Xu51xZ8jC3aLGnZDNXpZFXX0FR -NcyUr8957lNM6f1EmXf/39Ny1Xn+F17IrM7IhZfqqc45NFQZIWX01axHbIxJRLaG -fparoRKbdw1F5I6JguJwv/Lnl900t7TlDTtV6XQgiYQf2QjQGuTv95qCzqOka8ZG -f6uUS1fgSuk7NeNbUM546hl7/GmZjggsTRXtkT0cdsQqoqbcM1nBIYp2GvLqH1op -H+cZY/AnFfK44pSQ5uEmKceYPZYvAgMBAAGjXjBcMA4GA1UdDwEB/wQEAwIFoDAT -BgNVHSUEDDAKBggrBgEFBQcDATAfBgNVHSMEGDAWgBRHJocZUxq1ByyNh3O8vHhP -u+YELjAUBgNVHREEDTALggkqLnUyYi5sb2wwDQYJKoZIhvcNAQELBQADggIBAK7I -WaY4Pz9tt86zZFMQ96cwWO2Bqy5zQe2LBQlABrK0MkV+0mTFbqpAN7ClqTzkxyc5 -jjwE5DUYJLId6cKHWAPynmIbNQcmvTBFunkFpEsqprmijt0Hhm63V6wBHBxAvGxR -8HoaSJJ0PRGl2u0BFbycmDL5ZNdDdVtjZvCXenOdRDcIqsDdjMm79/0n7rRuQ77c -5/OVBGVhVAVGuD7pyxKXQv6iumNkT9o6utPHIlXiS80df7ac0iCtyvuq8cPyOYND -BEIfVIOM+qm4WYPSTHEUrmN1lzoyhlZDiLRuVTNEMH8F5dGKlguxqfJZqNjOxUOh -GiL1InajsNVwmDCBpIrF/3hePW1PJM5XxE7DgqbnRoyMc6pdPhiZNHhhne5kFNR8 -dL/7opexACjN6yp+xeh8GVlJgHOQz01sLmbK7bWo5DKiU7JRYOabDWNx2wxg3O18 -KMmwkHSeFfcJxJRQ86nzBNmAuVm7UFYh7s66h0bZOCLy4Ik6Qf24J9tqqwvRLnoV -Rj9NhSMQY9SmuS8aYC4hYsoU9LRLIBuFLxVtinAyvoUn4uVul8haTMznqV/o+q+A -IOTFcQhop8TB7s0tH0zLmk/ykU+E5IRbWQsGH15bUAwoCRTLu9uv1YMO0MhUMfMs -A4LKG7+qOm+5egiZDomeaM472wyc/OK3jNR9uYMv ------END CERTIFICATE----- -EOF - - systemctl restart trojan - green " 客户端配置文件" - green "===========================================================================" - cat /usr/src/trojan-cli/config.json - green "===========================================================================" - port_forward + chmod +x ${systempwd}trojan.service + systemctl enable trojan.service + cd /root + /root/.acme.sh/acme.sh --installcert --ecc -d $your_domain \ + --key-file /usr/src/trojan-cert/$your_domain/private.key \ + --fullchain-file /usr/src/trojan-cert/$your_domain/fullchain.cer \ + --reloadcmd "systemctl restart trojan" + green "===========================================================================" + green "windows客户端路径/usr/src/trojan-cli/trojan-cli.zip, 此客户端已配置好所有参数" + green "===========================================================================" + echo + echo + green " 客户端配置文件" + green "===========================================================================" + cat /usr/src/trojan-cli/config.json + green "===========================================================================" + port_forward + else + red "===================================" + red "https证书没有申请成功, 本次安装失败" + red "===================================" + fi } function preinstall_check(){ @@ -569,6 +394,61 @@ function preinstall_check(){ fi } +function repair_cert(){ + systemctl stop nginx + if [ $? -ne 0 ]; then + red "停止 nginx 失败,退出脚本" + exit 1 + fi + check_port 80 + green "============================" + blue "请输入绑定到本VPS的域名" + blue "务必与之前失败使用的域名一致" + green "============================" + read your_domain + # if test -s /root/.acme.sh/${your_domain}_ecc/fullchain.cer; then + # green "证书文件存在" + # exit 1 + # fi + real_addr=`ping ${your_domain} -c 1 | sed '1{s/[^(]*(//;s/).*//;q}'` + local_addr=`curl ipv4.icanhazip.com` + if [ $real_addr == $local_addr ] ; then + if [ -f "/usr/src/trojan-cert/$your_domain/fullchain.cer" ]; then + cd /usr/src/trojan-cert/$your_domain + create_time=`stat -c %Y fullchain.cer` + now_time=`date +%s` + minus=$(($now_time - $create_time )) + if [ $minus -gt 5184000 ]; then + /root/.acme.sh/acme.sh --register-account -m cert@gamesme.me --server zerossl + /root/.acme.sh/acme.sh --issue -d $your_domain --standalone --ecc + /root/.acme.sh/acme.sh --installcert --ecc -d $your_domain \ + --key-file /usr/src/trojan-cert/$your_domain/private.key \ + --fullchain-file /usr/src/trojan-cert/$your_domain/fullchain.cer \ + --reloadcmd "systemctl restart trojan" + if test -s /usr/src/trojan-cert/$your_domain/fullchain.cer; then + green "证书申请成功" + systemctl restart trojan + systemctl start nginx + else + red "申请证书失败" + fi + else + /root/.acme.sh/acme.sh --installcert --ecc -d $your_domain \ + --key-file /usr/src/trojan-cert/$your_domain/private.key \ + --fullchain-file /usr/src/trojan-cert/$your_domain/fullchain.cer \ + --reloadcmd "systemctl restart trojan" + green "检测到域名$your_domain证书存在且未超过60天,无需重新申请" + cert_success="1" + fi + fi + else + red "================================" + red "域名解析地址与本VPS IP地址不一致" + red "本次安装失败, 请确保域名解析正常" + red "================================" + fi +} + function remove_trojan(){ red "================================" red "即将卸载trojan" @@ -592,6 +472,7 @@ function remove_trojan(){ rm -rf /usr/src/trojan-cert/ rm -rf /usr/share/nginx/html/* rm -rf /etc/nginx/ + rm -rf /root/.acme.sh/ green "==============" green "trojan删除完毕" green "==============" @@ -638,8 +519,25 @@ function update_trojan(){ } +function install_acme(){ + file_path="/root/.acme.sh/acme.sh" + if [ -f "$file_path" ] + then + red "$file_path 已存在" + else + blue "$file_path 不存在, 现在安装" + curl https://get.acme.sh | sh + fi +} - + function check_cert() { + local domain=$1 + local cert_path="/root/.acme.sh/${domain}_ecc/fullchain.cer" + if [[ -s $cert_path ]]; then + green "证书文件存在" + exit 1 + fi +} start_menu(){ clear green " =======================================" @@ -654,12 +552,14 @@ start_menu(){ green " 1. 安装trojan" red " 2. 卸载trojan" green " 3. 升级trojan" - green " 4. 端口映射" + green " 4. 修复证书" + green " 5. 端口映射" blue " 0. 退出脚本" echo read -p "请输入数字 :" num case "$num" in 1) + install_acme preinstall_check ;; 2) @@ -669,6 +569,10 @@ start_menu(){ update_trojan ;; 4) + install_acme + repair_cert + ;; + 5) port_forward ;; 0)