gamesme/bash-script
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

去除 acme

Browse Source 
Signed-off-by: gamesme <i@gamesme.me>
This commit is contained in:
gamesme
2024-11-30 05:48:03 +08:00
parent 082cb648e5
commit f75adfc7f9
1 changed files with 245 additions and 149 deletions
Download Patch File Download Diff File Expand all files Collapse all files

394
trojan.sh
View File

@@ -28,7 +28,169 @@ fi
systempwd="/etc/systemd/system/"
function install_trojan(){
$systemPackage install -y nginx
function configure_nginx() {
cat > /etc/nginx/nginx.conf <<-EOF
user root;
worker_processes 1;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '\$remote_addr - \$remote_user [\$time_local] "\$request" '
'\$status \$body_bytes_sent "\$http_referer" '
'"\$http_user_agent" "\$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
keepalive_timeout 120;
client_max_body_size 20m;
#gzip on;
server {
listen 127.0.0.1:80;
server_name $your_domain;
root /usr/share/nginx/html;
index index.php index.html index.htm;
}
server {
listen 0.0.0.0:80;
server_name $your_domain;
return 301 https://$your_domain\$request_uri;
}
}
EOF
systemctl restart nginx
systemctl enable nginx
}
function download_trojan() {
cd /usr/src
wget https://api.github.com/repos/trojan-gfw/trojan/releases/latest >/dev/null 2>&1
latest_version=`grep tag_name latest| awk -F '[:,"v]' '{print $6}'`
rm -f latest
green "开始下载最新版trojan amd64"
wget https://github.com/trojan-gfw/trojan/releases/download/v${latest_version}/trojan-${latest_version}-linux-amd64.tar.xz
tar xf trojan-${latest_version}-linux-amd64.tar.xz >/dev/null 2>&1
rm -f trojan-${latest_version}-linux-amd64.tar.xz
}
function configure_trojan() {
green "请设置trojan密码, 建议不要出现特殊字符"
read -p "请输入密码 :" trojan_passwd
cat > /usr/src/trojan-cli/config.json <<-EOF
{
"run_type": "client",
"local_addr": "127.0.0.1",
"local_port": 1080,
"remote_addr": "$your_domain",
"remote_port": 443,
"password": [
"$trojan_passwd"
],
"log_level": 1,
"ssl": {
"verify": true,
"verify_hostname": true,
"cert": "",
"cipher_tls13":"TLS_AES_128_GCM_SHA256:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384",
"sni": "",
"alpn": [
"h2",
"http/1.1"
],
"reuse_session": true,
"session_ticket": false,
"curves": ""
},
"tcp": {
"no_delay": true,
"keep_alive": true,
"fast_open": false,
"fast_open_qlen": 20
}
}
EOF
rm -rf /usr/src/trojan/server.conf
cat > /usr/src/trojan/server.conf <<-EOF
{
"run_type": "server",
"local_addr": "0.0.0.0",
"local_port": 443,
"remote_addr": "127.0.0.1",
"remote_port": 80,
"password": [
"$trojan_passwd"
],
"log_level": 1,
"ssl": {
"cert": "/usr/src/trojan-cert/$your_domain/fullchain.cer",
"key": "/usr/src/trojan-cert/$your_domain/private.key",
"key_password": "",
"cipher_tls13":"TLS_AES_128_GCM_SHA256:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384",
"prefer_server_cipher": true,
"alpn": [
"http/1.1"
],
"reuse_session": true,
"session_ticket": false,
"session_timeout": 600,
"plain_http_response": "",
"curves": "",
"dhparam": ""
},
"tcp": {
"no_delay": true,
"keep_alive": true,
"fast_open": false,
"fast_open_qlen": 20
},
"mysql": {
"enabled": false,
"server_addr": "127.0.0.1",
"server_port": 3306,
"database": "trojan",
"username": "trojan",
"password": ""
}
}
EOF
}
function setup_service() {
cat > ${systempwd}trojan.service <<-EOF
[Unit]
Description=trojan
After=network.target
[Service]
Type=simple
PIDFile=/usr/src/trojan/trojan/trojan.pid
ExecStart=/usr/src/trojan/trojan -c "/usr/src/trojan/server.conf"
ExecReload=/bin/kill -HUP \$MAINPID
Restart=on-failure
RestartSec=1s
[Install]
WantedBy=multi-user.target
EOF
chmod +x ${systempwd}trojan.service
systemctl enable trojan.service
}
function display_info() {
green " 客户端配置文件"
green "==========================================================================="
cat /usr/src/trojan-cli/config.json
green "==========================================================================="
}
function install_trojan(){
"$systemPackage" install -y nginx
if [ ! -d "/etc/nginx/" ]; then
red "nginx安装有问题, 请使用卸载trojan后重新安装"
exit 1
@@ -65,48 +227,19 @@ EOF
sleep 3
rm -rf /usr/share/nginx/html/*
cd /usr/share/nginx/html/
wget https://git.i00.org/gamesme/bash-script/raw/branch/main/fakesite.zip >/dev/null 2>&1
unzip fakesite.zip >/dev/null 2>&1
wget -q https://github.com/mayswind/AriaNg-DailyBuild/archive/master.zip >/dev/null 2>&1
unzip master.zip >/dev/null 2>&1
sleep 5
if [ ! -d "/usr/src" ]; then
mkdir /usr/src
fi
if [ ! -d "/usr/src/trojan-cert" ]; then
mkdir /usr/src/trojan-cert /usr/src/trojan-temp
mkdir /usr/src/trojan-cert/$your_domain
if [ ! -d "/usr/src/trojan-cert/$your_domain" ]; then
red "不存在/usr/src/trojan-cert/$your_domain目录"
exit 1
fi
/root/.acme.sh/acme.sh --register-account -m cert@gamesme.me --server zerossl
/root/.acme.sh/acme.sh --issue -d $your_domain --nginx --ecc
if test -s /root/.acme.sh/${your_domain}_ecc/fullchain.cer; then
cert_success="1"
fi
elif [ -f "/usr/src/trojan-cert/$your_domain/fullchain.cer" ]; then
cd /usr/src/trojan-cert/$your_domain
create_time=`stat -c %Y fullchain.cer`
now_time=`date +%s`
minus=$(($now_time - $create_time ))
if [ $minus -gt 5184000 ]; then
/root/.acme.sh/acme.sh --register-account -m cert@gamesme.me --server zerossl
/root/.acme.sh/acme.sh --issue -d $your_domain --nginx --ecc
if test -s /root/.acme.sh/${your_domain}_ecc/fullchain.cer; then
cert_success="1"
fi
else
green "检测到域名$your_domain证书存在且未超过60天, 无需重新申请"
cert_success="1"
fi
else
mkdir /usr/src/trojan-cert/$your_domain
/root/.acme.sh/acme.sh --register-account -m cert@gamesme.me --server zerossl
/root/.acme.sh/acme.sh --issue -d $your_domain --nginx --ecc
if test -s /root/.acme.sh/${your_domain}_ecc/fullchain.cer; then
cert_success="1"
fi
fi
configure_nginx
download_trojan
configure_trojan
setup_service
display_info
port_forward
nginx_status=`pgrep -f "nginx: worker"`
if [ "$cert_success" == "1" ]; then
cat > /etc/nginx/nginx.conf <<-EOF
user root;
@@ -152,13 +285,6 @@ EOF
wget https://github.com/trojan-gfw/trojan/releases/download/v${latest_version}/trojan-${latest_version}-linux-amd64.tar.xz
tar xf trojan-${latest_version}-linux-amd64.tar.xz >/dev/null 2>&1
rm -f trojan-${latest_version}-linux-amd64.tar.xz
#下载trojan客户端
green "开始下载并处理trojan windows客户端"
wget https://github.com/xxxbrian/trojan.sh/raw/main/trojan-cli.zip
wget -P /usr/src/trojan-temp https://github.com/trojan-gfw/trojan/releases/download/v${latest_version}/trojan-${latest_version}-win.zip
unzip -o trojan-cli.zip >/dev/null 2>&1
unzip -o /usr/src/trojan-temp/trojan-${latest_version}-win.zip -d /usr/src/trojan-temp/ >/dev/null 2>&1
mv -f /usr/src/trojan-temp/trojan/trojan.exe /usr/src/trojan-cli/
green "请设置trojan密码, 建议不要出现特殊字符"
read -p "请输入密码 :" trojan_passwd
#trojan_passwd=$(cat /dev/urandom | head -1 | md5sum | head -c 8)
@@ -263,28 +389,77 @@ RestartSec=1s
WantedBy=multi-user.target
EOF
chmod +x ${systempwd}trojan.service
systemctl enable trojan.service
cd /root
/root/.acme.sh/acme.sh --installcert --ecc -d $your_domain \
--key-file /usr/src/trojan-cert/$your_domain/private.key \
--fullchain-file /usr/src/trojan-cert/$your_domain/fullchain.cer \
--reloadcmd "systemctl restart trojan"
green "==========================================================================="
green "windows客户端路径/usr/src/trojan-cli/trojan-cli.zip, 此客户端已配置好所有参数"
green "==========================================================================="
echo
echo
green " 客户端配置文件"
green "==========================================================================="
cat /usr/src/trojan-cli/config.json
green "==========================================================================="
port_forward
else
red "==================================="
red "https证书没有申请成功, 本次安装失败"
red "==================================="
fi
chmod +x ${systempwd}trojan.service
systemctl enable trojan.service
cd /root
cat > /usr/src/trojan-cert/$your_domain/private.key<<-EOF
-----BEGIN PRIVATE KEY-----
MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQDFgyVU/fGMnGRj
Re5GUAipHJ03EMtbvcJkb//97AvZ8ZbgGLAplMaFLPNnT07DkCWv3073V5RHyBbZ
XXRh18/o91KBYDaL9+Xu51xZ8jC3aLGnZDNXpZFXX0FRNcyUr8957lNM6f1EmXf/
39Ny1Xn+F17IrM7IhZfqqc45NFQZIWX01axHbIxJRLaGfparoRKbdw1F5I6JguJw
v/Lnl900t7TlDTtV6XQgiYQf2QjQGuTv95qCzqOka8ZGf6uUS1fgSuk7NeNbUM54
6hl7/GmZjggsTRXtkT0cdsQqoqbcM1nBIYp2GvLqH1opH+cZY/AnFfK44pSQ5uEm
KceYPZYvAgMBAAECggEAZKKdsuBw4qQMwkgvT8QXpZLex9/WvbfCBErMtCRBJZri
tOvfVlBnlhOBMXJHP32CtkmhgoUtGCXq/nWPhwre9GSPtTvAjzCQB1n6xBmSmODP
I+r5/f5uP4ZZUXeH9XpezFGSP+45DWrkqYrxweDjd4OQ1860zZbEANzkJmFzOBnW
fIdyWgdP9c5gPYirlUJLJ3cBEum4zbd+XC8N9X4IUyhPKJMZhAY0AFhTkTAYDWEJ
K+/5SNGpwUFry28asyI5SoesH4RRAoG5W1gCG0syjuPAy6ZpDvAe6Eix7pJ083z2
XrPzYMl+j0ud5I/WHP9bPB3KVZdMm5LAK+0OBiZsgQKBgQDQfyarNPOsp0RRKaa4
2UP/tLodgMFibs39L9NY0XuJQouKJtaFPgR9JFMkZP6GxfPUCVDEAxgUfgTVDVnn
7IIamBM+NoFcxDdMmK5fy+r6OKyZPMm4MDunSueI+1wReVSi0ovLzsZOARlCoJ72
X5grbyIwPW/f+v1Zx9GIA5WhDQKBgQDyg1CvHwhQYhs2iU1PDnw6M6HDKr5Ap6U5
fuOxPCrRquZac9yo6eXDDE8+qQoH4rUu+hXPElXhUAWxN3glxQD0z//OC5Is/j07
+tdIcYezImVsHnAxyOrC5QE7AZxr4VJvFYNURHzCpnY6fboFHL51JO5viQ0fZ21s
4ht0Dm1tKwKBgB0qrG4m6i+s9pGkEf6p5ilPTvnxmRv8BDT3C8nRBEcfWAXriPb6
xgX7nuXoevK/nmx7ISFKjYPQXTywsXMQUuMFgyug1Ff12waMFVixXh3C7+I/7rgl
hzLP97Ph9e872estKQFJ29Pts2rurU4p8U+iLFYzQgNDSU3V9ing1n3BAoGAIWwH
ipr0Ql/C8Fkr1mFgrYTAHm2dmruAAdSC/MIWBJ9Q79ZX6s+RYrgnk7MoNr3/ymGc
79TPESY+IpZKcKod359q2bKuipTfS4zebpV25jEvWR84xyOxdvqomME4FYYQHk8Q
smRd7VWTpav+HwY/GVXlpml07YcLhZ4DupLicdECgYBWetGpTXGfHgZxQBu6EIvb
f4PAJ6i1A3Jrpf1zDzFI+P/QJUf0xZUDvF4uzjqEe7Oz6t7HFXMLl7f0zlwBCqKg
R0Vq1jGtLvsL24UIr8ujrJDEmt5zSMNYhDCkI1Rpl/lfS2BWikJTgVl4Bxz4O8Dj
Pw4j4HYa1hsLalNhkohZ0g==
-----END PRIVATE KEY-----
EOF
cat > /usr/src/trojan-cert/$your_domain/fullchain.cer<<-EOF
-----BEGIN CERTIFICATE-----
MIIEyjCCArKgAwIBAgIQTwN47Aj6/rIK5WCAN+orWTANBgkqhkiG9w0BAQsFADCB
jzELMAkGA1UEBhMCQ04xEzARBgNVBAgMCkdyZWF0Q2hpbmExDjAMBgNVBAcMBUxv
Y2FsMRUwEwYDVQQKDAxHYW1lc21lIEx0ZC4xFTATBgNVBAsMDEdhbWVzbWUgRHB0
LjEQMA4GA1UEAwwHR2FtZXNtZTEbMBkGCSqGSIb3DQEJARYMaUBnYW1lc21lLm1l
MB4XDTI0MDQwMTIyMjkzMloXDTI2MDcwMTIyMjkzMlowUjEnMCUGA1UEChMebWtj
ZXJ0IGRldmVsb3BtZW50IGNlcnRpZmljYXRlMScwJQYDVQQLDB5nYW1lc21lQHgt
cHJvLW0xIChDSFVOTkFOIExJVSkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQDFgyVU/fGMnGRjRe5GUAipHJ03EMtbvcJkb//97AvZ8ZbgGLAplMaFLPNn
T07DkCWv3073V5RHyBbZXXRh18/o91KBYDaL9+Xu51xZ8jC3aLGnZDNXpZFXX0FR
NcyUr8957lNM6f1EmXf/39Ny1Xn+F17IrM7IhZfqqc45NFQZIWX01axHbIxJRLaG
fparoRKbdw1F5I6JguJwv/Lnl900t7TlDTtV6XQgiYQf2QjQGuTv95qCzqOka8ZG
f6uUS1fgSuk7NeNbUM546hl7/GmZjggsTRXtkT0cdsQqoqbcM1nBIYp2GvLqH1op
H+cZY/AnFfK44pSQ5uEmKceYPZYvAgMBAAGjXjBcMA4GA1UdDwEB/wQEAwIFoDAT
BgNVHSUEDDAKBggrBgEFBQcDATAfBgNVHSMEGDAWgBRHJocZUxq1ByyNh3O8vHhP
u+YELjAUBgNVHREEDTALggkqLnUyYi5sb2wwDQYJKoZIhvcNAQELBQADggIBAK7I
WaY4Pz9tt86zZFMQ96cwWO2Bqy5zQe2LBQlABrK0MkV+0mTFbqpAN7ClqTzkxyc5
jjwE5DUYJLId6cKHWAPynmIbNQcmvTBFunkFpEsqprmijt0Hhm63V6wBHBxAvGxR
8HoaSJJ0PRGl2u0BFbycmDL5ZNdDdVtjZvCXenOdRDcIqsDdjMm79/0n7rRuQ77c
5/OVBGVhVAVGuD7pyxKXQv6iumNkT9o6utPHIlXiS80df7ac0iCtyvuq8cPyOYND
BEIfVIOM+qm4WYPSTHEUrmN1lzoyhlZDiLRuVTNEMH8F5dGKlguxqfJZqNjOxUOh
GiL1InajsNVwmDCBpIrF/3hePW1PJM5XxE7DgqbnRoyMc6pdPhiZNHhhne5kFNR8
dL/7opexACjN6yp+xeh8GVlJgHOQz01sLmbK7bWo5DKiU7JRYOabDWNx2wxg3O18
KMmwkHSeFfcJxJRQ86nzBNmAuVm7UFYh7s66h0bZOCLy4Ik6Qf24J9tqqwvRLnoV
Rj9NhSMQY9SmuS8aYC4hYsoU9LRLIBuFLxVtinAyvoUn4uVul8haTMznqV/o+q+A
IOTFcQhop8TB7s0tH0zLmk/ykU+E5IRbWQsGH15bUAwoCRTLu9uv1YMO0MhUMfMs
A4LKG7+qOm+5egiZDomeaM472wyc/OK3jNR9uYMv
-----END CERTIFICATE-----
EOF
systemctl restart trojan
green " 客户端配置文件"
green "==========================================================================="
cat /usr/src/trojan-cli/config.json
green "==========================================================================="
port_forward
}
function preinstall_check(){
@@ -394,61 +569,6 @@ function preinstall_check(){
fi
}
function repair_cert(){
systemctl stop nginx
if [ $? -ne 0 ]; then
red "停止 nginx 失败,退出脚本"
exit 1
fi
check_port 80
green "============================"
blue "请输入绑定到本VPS的域名"
blue "务必与之前失败使用的域名一致"
green "============================"
read your_domain
# if test -s /root/.acme.sh/${your_domain}_ecc/fullchain.cer; then
# green "证书文件存在"
# exit 1
# fi
real_addr=`ping ${your_domain} -c 1 | sed '1{s/[^(]*(//;s/).*//;q}'`
local_addr=`curl ipv4.icanhazip.com`
if [ $real_addr == $local_addr ] ; then
if [ -f "/usr/src/trojan-cert/$your_domain/fullchain.cer" ]; then
cd /usr/src/trojan-cert/$your_domain
create_time=`stat -c %Y fullchain.cer`
now_time=`date +%s`
minus=$(($now_time - $create_time ))
if [ $minus -gt 5184000 ]; then
/root/.acme.sh/acme.sh --register-account -m cert@gamesme.me --server zerossl
/root/.acme.sh/acme.sh --issue -d $your_domain --standalone --ecc
/root/.acme.sh/acme.sh --installcert --ecc -d $your_domain \
--key-file /usr/src/trojan-cert/$your_domain/private.key \
--fullchain-file /usr/src/trojan-cert/$your_domain/fullchain.cer \
--reloadcmd "systemctl restart trojan"
if test -s /usr/src/trojan-cert/$your_domain/fullchain.cer; then
green "证书申请成功"
systemctl restart trojan
systemctl start nginx
else
red "申请证书失败"
fi
else
/root/.acme.sh/acme.sh --installcert --ecc -d $your_domain \
--key-file /usr/src/trojan-cert/$your_domain/private.key \
--fullchain-file /usr/src/trojan-cert/$your_domain/fullchain.cer \
--reloadcmd "systemctl restart trojan"
green "检测到域名$your_domain证书存在且未超过60天,无需重新申请"
cert_success="1"
fi
fi
else
red "================================"
red "域名解析地址与本VPS IP地址不一致"
red "本次安装失败, 请确保域名解析正常"
red "================================"
fi
}
function remove_trojan(){
red "================================"
red "即将卸载trojan"
@@ -472,7 +592,6 @@ function remove_trojan(){
rm -rf /usr/src/trojan-cert/
rm -rf /usr/share/nginx/html/*
rm -rf /etc/nginx/
rm -rf /root/.acme.sh/
green "=============="
green "trojan删除完毕"
green "=============="
@@ -519,25 +638,8 @@ function update_trojan(){
}
function install_acme(){
file_path="/root/.acme.sh/acme.sh"
if [ -f "$file_path" ]
then
red "$file_path 已存在"
else
blue "$file_path 不存在, 现在安装"
curl https://get.acme.sh | sh
fi
}
function check_cert() {
local domain=$1
local cert_path="/root/.acme.sh/${domain}_ecc/fullchain.cer"
if [[ -s $cert_path ]]; then
green "证书文件存在"
exit 1
fi
}
start_menu(){
clear
green " ======================================="
@@ -552,14 +654,12 @@ start_menu(){
green " 1. 安装trojan"
red " 2. 卸载trojan"
green " 3. 升级trojan"
green " 4. 修复证书"
green " 5. 端口映射"
green " 4. 端口映射"
blue " 0. 退出脚本"
echo
read -p "请输入数字 :" num
case "$num" in
1)
install_acme
preinstall_check
;;
2)
@@ -569,10 +669,6 @@ start_menu(){
update_trojan
;;
4)
install_acme
repair_cert
;;
5)
port_forward
;;
0)