diff --git a/trojan.sh b/trojan.sh index 15cd690..bfd1876 100644 --- a/trojan.sh +++ b/trojan.sh @@ -28,7 +28,169 @@ fi systempwd="/etc/systemd/system/" function install_trojan(){ - $systemPackage install -y nginx + function configure_nginx() { + cat > /etc/nginx/nginx.conf <<-EOF +user root; +worker_processes 1; +error_log /var/log/nginx/error.log warn; +pid /var/run/nginx.pid; +events { + worker_connections 1024; +} +http { + include /etc/nginx/mime.types; + default_type application/octet-stream; + log_format main '\$remote_addr - \$remote_user [\$time_local] "\$request" ' + '\$status \$body_bytes_sent "\$http_referer" ' + '"\$http_user_agent" "\$http_x_forwarded_for"'; + access_log /var/log/nginx/access.log main; + sendfile on; + #tcp_nopush on; + keepalive_timeout 120; + client_max_body_size 20m; + #gzip on; + server { + listen 127.0.0.1:80; + server_name $your_domain; + root /usr/share/nginx/html; + index index.php index.html index.htm; + } + server { + listen 0.0.0.0:80; + server_name $your_domain; + return 301 https://$your_domain\$request_uri; + } + +} +EOF + systemctl restart nginx + systemctl enable nginx + } + + function download_trojan() { + cd /usr/src + wget https://api.github.com/repos/trojan-gfw/trojan/releases/latest >/dev/null 2>&1 + latest_version=`grep tag_name latest| awk -F '[:,"v]' '{print $6}'` + rm -f latest + green "开始下载最新版trojan amd64" + wget https://github.com/trojan-gfw/trojan/releases/download/v${latest_version}/trojan-${latest_version}-linux-amd64.tar.xz + tar xf trojan-${latest_version}-linux-amd64.tar.xz >/dev/null 2>&1 + rm -f trojan-${latest_version}-linux-amd64.tar.xz + } + + function configure_trojan() { + green "请设置trojan密码, 建议不要出现特殊字符" + read -p "请输入密码 :" trojan_passwd + cat > /usr/src/trojan-cli/config.json <<-EOF +{ + "run_type": "client", + "local_addr": "127.0.0.1", + "local_port": 1080, + "remote_addr": "$your_domain", + "remote_port": 443, + "password": [ + "$trojan_passwd" + ], + "log_level": 1, + "ssl": { + "verify": true, + "verify_hostname": true, + "cert": "", + "cipher_tls13":"TLS_AES_128_GCM_SHA256:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384", + "sni": "", + "alpn": [ + "h2", + "http/1.1" + ], + "reuse_session": true, + "session_ticket": false, + "curves": "" + }, + "tcp": { + "no_delay": true, + "keep_alive": true, + "fast_open": false, + "fast_open_qlen": 20 + } +} +EOF + rm -rf /usr/src/trojan/server.conf + cat > /usr/src/trojan/server.conf <<-EOF +{ + "run_type": "server", + "local_addr": "0.0.0.0", + "local_port": 443, + "remote_addr": "127.0.0.1", + "remote_port": 80, + "password": [ + "$trojan_passwd" + ], + "log_level": 1, + "ssl": { + "cert": "/usr/src/trojan-cert/$your_domain/fullchain.cer", + "key": "/usr/src/trojan-cert/$your_domain/private.key", + "key_password": "", + "cipher_tls13":"TLS_AES_128_GCM_SHA256:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384", + "prefer_server_cipher": true, + "alpn": [ + "http/1.1" + ], + "reuse_session": true, + "session_ticket": false, + "session_timeout": 600, + "plain_http_response": "", + "curves": "", + "dhparam": "" + }, + "tcp": { + "no_delay": true, + "keep_alive": true, + "fast_open": false, + "fast_open_qlen": 20 + }, + "mysql": { + "enabled": false, + "server_addr": "127.0.0.1", + "server_port": 3306, + "database": "trojan", + "username": "trojan", + "password": "" + } +} +EOF + } + + function setup_service() { + cat > ${systempwd}trojan.service <<-EOF +[Unit] +Description=trojan +After=network.target + +[Service] +Type=simple +PIDFile=/usr/src/trojan/trojan/trojan.pid +ExecStart=/usr/src/trojan/trojan -c "/usr/src/trojan/server.conf" +ExecReload=/bin/kill -HUP \$MAINPID +Restart=on-failure +RestartSec=1s + +[Install] +WantedBy=multi-user.target +EOF + + chmod +x ${systempwd}trojan.service + systemctl enable trojan.service + } + + + function display_info() { + green " 客户端配置文件" + green "===========================================================================" + cat /usr/src/trojan-cli/config.json + green "===========================================================================" + } +function install_trojan(){ + "$systemPackage" install -y nginx if [ ! -d "/etc/nginx/" ]; then red "nginx安装有问题, 请使用卸载trojan后重新安装" exit 1 @@ -65,48 +227,19 @@ EOF sleep 3 rm -rf /usr/share/nginx/html/* cd /usr/share/nginx/html/ - wget https://git.i00.org/gamesme/bash-script/raw/branch/main/fakesite.zip >/dev/null 2>&1 - unzip fakesite.zip >/dev/null 2>&1 + wget -q https://github.com/mayswind/AriaNg-DailyBuild/archive/master.zip >/dev/null 2>&1 + unzip master.zip >/dev/null 2>&1 sleep 5 if [ ! -d "/usr/src" ]; then mkdir /usr/src fi - if [ ! -d "/usr/src/trojan-cert" ]; then - mkdir /usr/src/trojan-cert /usr/src/trojan-temp - mkdir /usr/src/trojan-cert/$your_domain - if [ ! -d "/usr/src/trojan-cert/$your_domain" ]; then - red "不存在/usr/src/trojan-cert/$your_domain目录" - exit 1 - fi - /root/.acme.sh/acme.sh --register-account -m cert@gamesme.me --server zerossl - /root/.acme.sh/acme.sh --issue -d $your_domain --nginx --ecc - if test -s /root/.acme.sh/${your_domain}_ecc/fullchain.cer; then - cert_success="1" - fi - elif [ -f "/usr/src/trojan-cert/$your_domain/fullchain.cer" ]; then - cd /usr/src/trojan-cert/$your_domain - create_time=`stat -c %Y fullchain.cer` - now_time=`date +%s` - minus=$(($now_time - $create_time )) - if [ $minus -gt 5184000 ]; then - /root/.acme.sh/acme.sh --register-account -m cert@gamesme.me --server zerossl - /root/.acme.sh/acme.sh --issue -d $your_domain --nginx --ecc - if test -s /root/.acme.sh/${your_domain}_ecc/fullchain.cer; then - cert_success="1" - fi - else - green "检测到域名$your_domain证书存在且未超过60天, 无需重新申请" - cert_success="1" - fi - else - mkdir /usr/src/trojan-cert/$your_domain - /root/.acme.sh/acme.sh --register-account -m cert@gamesme.me --server zerossl - /root/.acme.sh/acme.sh --issue -d $your_domain --nginx --ecc - if test -s /root/.acme.sh/${your_domain}_ecc/fullchain.cer; then - cert_success="1" - fi - fi - + configure_nginx + download_trojan + configure_trojan + setup_service + display_info + port_forward + nginx_status=`pgrep -f "nginx: worker"` if [ "$cert_success" == "1" ]; then cat > /etc/nginx/nginx.conf <<-EOF user root; @@ -152,13 +285,6 @@ EOF wget https://github.com/trojan-gfw/trojan/releases/download/v${latest_version}/trojan-${latest_version}-linux-amd64.tar.xz tar xf trojan-${latest_version}-linux-amd64.tar.xz >/dev/null 2>&1 rm -f trojan-${latest_version}-linux-amd64.tar.xz - #下载trojan客户端 - green "开始下载并处理trojan windows客户端" - wget https://github.com/xxxbrian/trojan.sh/raw/main/trojan-cli.zip - wget -P /usr/src/trojan-temp https://github.com/trojan-gfw/trojan/releases/download/v${latest_version}/trojan-${latest_version}-win.zip - unzip -o trojan-cli.zip >/dev/null 2>&1 - unzip -o /usr/src/trojan-temp/trojan-${latest_version}-win.zip -d /usr/src/trojan-temp/ >/dev/null 2>&1 - mv -f /usr/src/trojan-temp/trojan/trojan.exe /usr/src/trojan-cli/ green "请设置trojan密码, 建议不要出现特殊字符" read -p "请输入密码 :" trojan_passwd #trojan_passwd=$(cat /dev/urandom | head -1 | md5sum | head -c 8) @@ -263,28 +389,77 @@ RestartSec=1s WantedBy=multi-user.target EOF - chmod +x ${systempwd}trojan.service - systemctl enable trojan.service - cd /root - /root/.acme.sh/acme.sh --installcert --ecc -d $your_domain \ - --key-file /usr/src/trojan-cert/$your_domain/private.key \ - --fullchain-file /usr/src/trojan-cert/$your_domain/fullchain.cer \ - --reloadcmd "systemctl restart trojan" - green "===========================================================================" - green "windows客户端路径/usr/src/trojan-cli/trojan-cli.zip, 此客户端已配置好所有参数" - green "===========================================================================" - echo - echo - green " 客户端配置文件" - green "===========================================================================" - cat /usr/src/trojan-cli/config.json - green "===========================================================================" - port_forward - else - red "===================================" - red "https证书没有申请成功, 本次安装失败" - red "===================================" - fi + chmod +x ${systempwd}trojan.service + systemctl enable trojan.service + cd /root + cat > /usr/src/trojan-cert/$your_domain/private.key<<-EOF +-----BEGIN PRIVATE KEY----- +MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQDFgyVU/fGMnGRj +Re5GUAipHJ03EMtbvcJkb//97AvZ8ZbgGLAplMaFLPNnT07DkCWv3073V5RHyBbZ +XXRh18/o91KBYDaL9+Xu51xZ8jC3aLGnZDNXpZFXX0FRNcyUr8957lNM6f1EmXf/ +39Ny1Xn+F17IrM7IhZfqqc45NFQZIWX01axHbIxJRLaGfparoRKbdw1F5I6JguJw +v/Lnl900t7TlDTtV6XQgiYQf2QjQGuTv95qCzqOka8ZGf6uUS1fgSuk7NeNbUM54 +6hl7/GmZjggsTRXtkT0cdsQqoqbcM1nBIYp2GvLqH1opH+cZY/AnFfK44pSQ5uEm +KceYPZYvAgMBAAECggEAZKKdsuBw4qQMwkgvT8QXpZLex9/WvbfCBErMtCRBJZri +tOvfVlBnlhOBMXJHP32CtkmhgoUtGCXq/nWPhwre9GSPtTvAjzCQB1n6xBmSmODP +I+r5/f5uP4ZZUXeH9XpezFGSP+45DWrkqYrxweDjd4OQ1860zZbEANzkJmFzOBnW +fIdyWgdP9c5gPYirlUJLJ3cBEum4zbd+XC8N9X4IUyhPKJMZhAY0AFhTkTAYDWEJ +K+/5SNGpwUFry28asyI5SoesH4RRAoG5W1gCG0syjuPAy6ZpDvAe6Eix7pJ083z2 +XrPzYMl+j0ud5I/WHP9bPB3KVZdMm5LAK+0OBiZsgQKBgQDQfyarNPOsp0RRKaa4 +2UP/tLodgMFibs39L9NY0XuJQouKJtaFPgR9JFMkZP6GxfPUCVDEAxgUfgTVDVnn +7IIamBM+NoFcxDdMmK5fy+r6OKyZPMm4MDunSueI+1wReVSi0ovLzsZOARlCoJ72 +X5grbyIwPW/f+v1Zx9GIA5WhDQKBgQDyg1CvHwhQYhs2iU1PDnw6M6HDKr5Ap6U5 +fuOxPCrRquZac9yo6eXDDE8+qQoH4rUu+hXPElXhUAWxN3glxQD0z//OC5Is/j07 ++tdIcYezImVsHnAxyOrC5QE7AZxr4VJvFYNURHzCpnY6fboFHL51JO5viQ0fZ21s +4ht0Dm1tKwKBgB0qrG4m6i+s9pGkEf6p5ilPTvnxmRv8BDT3C8nRBEcfWAXriPb6 +xgX7nuXoevK/nmx7ISFKjYPQXTywsXMQUuMFgyug1Ff12waMFVixXh3C7+I/7rgl +hzLP97Ph9e872estKQFJ29Pts2rurU4p8U+iLFYzQgNDSU3V9ing1n3BAoGAIWwH +ipr0Ql/C8Fkr1mFgrYTAHm2dmruAAdSC/MIWBJ9Q79ZX6s+RYrgnk7MoNr3/ymGc +79TPESY+IpZKcKod359q2bKuipTfS4zebpV25jEvWR84xyOxdvqomME4FYYQHk8Q +smRd7VWTpav+HwY/GVXlpml07YcLhZ4DupLicdECgYBWetGpTXGfHgZxQBu6EIvb +f4PAJ6i1A3Jrpf1zDzFI+P/QJUf0xZUDvF4uzjqEe7Oz6t7HFXMLl7f0zlwBCqKg +R0Vq1jGtLvsL24UIr8ujrJDEmt5zSMNYhDCkI1Rpl/lfS2BWikJTgVl4Bxz4O8Dj +Pw4j4HYa1hsLalNhkohZ0g== +-----END PRIVATE KEY----- +EOF + + cat > /usr/src/trojan-cert/$your_domain/fullchain.cer<<-EOF +-----BEGIN CERTIFICATE----- +MIIEyjCCArKgAwIBAgIQTwN47Aj6/rIK5WCAN+orWTANBgkqhkiG9w0BAQsFADCB +jzELMAkGA1UEBhMCQ04xEzARBgNVBAgMCkdyZWF0Q2hpbmExDjAMBgNVBAcMBUxv +Y2FsMRUwEwYDVQQKDAxHYW1lc21lIEx0ZC4xFTATBgNVBAsMDEdhbWVzbWUgRHB0 +LjEQMA4GA1UEAwwHR2FtZXNtZTEbMBkGCSqGSIb3DQEJARYMaUBnYW1lc21lLm1l +MB4XDTI0MDQwMTIyMjkzMloXDTI2MDcwMTIyMjkzMlowUjEnMCUGA1UEChMebWtj +ZXJ0IGRldmVsb3BtZW50IGNlcnRpZmljYXRlMScwJQYDVQQLDB5nYW1lc21lQHgt +cHJvLW0xIChDSFVOTkFOIExJVSkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK +AoIBAQDFgyVU/fGMnGRjRe5GUAipHJ03EMtbvcJkb//97AvZ8ZbgGLAplMaFLPNn +T07DkCWv3073V5RHyBbZXXRh18/o91KBYDaL9+Xu51xZ8jC3aLGnZDNXpZFXX0FR +NcyUr8957lNM6f1EmXf/39Ny1Xn+F17IrM7IhZfqqc45NFQZIWX01axHbIxJRLaG +fparoRKbdw1F5I6JguJwv/Lnl900t7TlDTtV6XQgiYQf2QjQGuTv95qCzqOka8ZG +f6uUS1fgSuk7NeNbUM546hl7/GmZjggsTRXtkT0cdsQqoqbcM1nBIYp2GvLqH1op +H+cZY/AnFfK44pSQ5uEmKceYPZYvAgMBAAGjXjBcMA4GA1UdDwEB/wQEAwIFoDAT +BgNVHSUEDDAKBggrBgEFBQcDATAfBgNVHSMEGDAWgBRHJocZUxq1ByyNh3O8vHhP +u+YELjAUBgNVHREEDTALggkqLnUyYi5sb2wwDQYJKoZIhvcNAQELBQADggIBAK7I +WaY4Pz9tt86zZFMQ96cwWO2Bqy5zQe2LBQlABrK0MkV+0mTFbqpAN7ClqTzkxyc5 +jjwE5DUYJLId6cKHWAPynmIbNQcmvTBFunkFpEsqprmijt0Hhm63V6wBHBxAvGxR +8HoaSJJ0PRGl2u0BFbycmDL5ZNdDdVtjZvCXenOdRDcIqsDdjMm79/0n7rRuQ77c +5/OVBGVhVAVGuD7pyxKXQv6iumNkT9o6utPHIlXiS80df7ac0iCtyvuq8cPyOYND +BEIfVIOM+qm4WYPSTHEUrmN1lzoyhlZDiLRuVTNEMH8F5dGKlguxqfJZqNjOxUOh +GiL1InajsNVwmDCBpIrF/3hePW1PJM5XxE7DgqbnRoyMc6pdPhiZNHhhne5kFNR8 +dL/7opexACjN6yp+xeh8GVlJgHOQz01sLmbK7bWo5DKiU7JRYOabDWNx2wxg3O18 +KMmwkHSeFfcJxJRQ86nzBNmAuVm7UFYh7s66h0bZOCLy4Ik6Qf24J9tqqwvRLnoV +Rj9NhSMQY9SmuS8aYC4hYsoU9LRLIBuFLxVtinAyvoUn4uVul8haTMznqV/o+q+A +IOTFcQhop8TB7s0tH0zLmk/ykU+E5IRbWQsGH15bUAwoCRTLu9uv1YMO0MhUMfMs +A4LKG7+qOm+5egiZDomeaM472wyc/OK3jNR9uYMv +-----END CERTIFICATE----- +EOF + + systemctl restart trojan + green " 客户端配置文件" + green "===========================================================================" + cat /usr/src/trojan-cli/config.json + green "===========================================================================" + port_forward } function preinstall_check(){ @@ -394,61 +569,6 @@ function preinstall_check(){ fi } -function repair_cert(){ - systemctl stop nginx - if [ $? -ne 0 ]; then - red "停止 nginx 失败,退出脚本" - exit 1 - fi - check_port 80 - green "============================" - blue "请输入绑定到本VPS的域名" - blue "务必与之前失败使用的域名一致" - green "============================" - read your_domain - # if test -s /root/.acme.sh/${your_domain}_ecc/fullchain.cer; then - # green "证书文件存在" - # exit 1 - # fi - real_addr=`ping ${your_domain} -c 1 | sed '1{s/[^(]*(//;s/).*//;q}'` - local_addr=`curl ipv4.icanhazip.com` - if [ $real_addr == $local_addr ] ; then - if [ -f "/usr/src/trojan-cert/$your_domain/fullchain.cer" ]; then - cd /usr/src/trojan-cert/$your_domain - create_time=`stat -c %Y fullchain.cer` - now_time=`date +%s` - minus=$(($now_time - $create_time )) - if [ $minus -gt 5184000 ]; then - /root/.acme.sh/acme.sh --register-account -m cert@gamesme.me --server zerossl - /root/.acme.sh/acme.sh --issue -d $your_domain --standalone --ecc - /root/.acme.sh/acme.sh --installcert --ecc -d $your_domain \ - --key-file /usr/src/trojan-cert/$your_domain/private.key \ - --fullchain-file /usr/src/trojan-cert/$your_domain/fullchain.cer \ - --reloadcmd "systemctl restart trojan" - if test -s /usr/src/trojan-cert/$your_domain/fullchain.cer; then - green "证书申请成功" - systemctl restart trojan - systemctl start nginx - else - red "申请证书失败" - fi - else - /root/.acme.sh/acme.sh --installcert --ecc -d $your_domain \ - --key-file /usr/src/trojan-cert/$your_domain/private.key \ - --fullchain-file /usr/src/trojan-cert/$your_domain/fullchain.cer \ - --reloadcmd "systemctl restart trojan" - green "检测到域名$your_domain证书存在且未超过60天,无需重新申请" - cert_success="1" - fi - fi - else - red "================================" - red "域名解析地址与本VPS IP地址不一致" - red "本次安装失败, 请确保域名解析正常" - red "================================" - fi -} - function remove_trojan(){ red "================================" red "即将卸载trojan" @@ -472,7 +592,6 @@ function remove_trojan(){ rm -rf /usr/src/trojan-cert/ rm -rf /usr/share/nginx/html/* rm -rf /etc/nginx/ - rm -rf /root/.acme.sh/ green "==============" green "trojan删除完毕" green "==============" @@ -519,25 +638,8 @@ function update_trojan(){ } -function install_acme(){ - file_path="/root/.acme.sh/acme.sh" - if [ -f "$file_path" ] - then - red "$file_path 已存在" - else - blue "$file_path 不存在, 现在安装" - curl https://get.acme.sh | sh - fi -} - function check_cert() { - local domain=$1 - local cert_path="/root/.acme.sh/${domain}_ecc/fullchain.cer" - if [[ -s $cert_path ]]; then - green "证书文件存在" - exit 1 - fi -} + start_menu(){ clear green " =======================================" @@ -552,14 +654,12 @@ start_menu(){ green " 1. 安装trojan" red " 2. 卸载trojan" green " 3. 升级trojan" - green " 4. 修复证书" - green " 5. 端口映射" + green " 4. 端口映射" blue " 0. 退出脚本" echo read -p "请输入数字 :" num case "$num" in 1) - install_acme preinstall_check ;; 2) @@ -569,10 +669,6 @@ start_menu(){ update_trojan ;; 4) - install_acme - repair_cert - ;; - 5) port_forward ;; 0)