#!/bin/bash function blue(){ echo -e "\033[34m\033[01m$1\033[0m" } function green(){ echo -e "\033[32m\033[01m$1\033[0m" } function red(){ echo -e "\033[31m\033[01m$1\033[0m" } function version_lt(){ test "$(echo "$@" | tr " " "\n" | sort -rV | head -n 1)" != "$1"; } source /etc/os-release RELEASE=$ID VERSION=$VERSION_ID if [ "$RELEASE" == "centos" ]; then release="centos" systemPackage="yum" elif [ "$RELEASE" == "debian" ]; then release="debian" systemPackage="apt-get" elif [ "$RELEASE" == "ubuntu" ]; then release="ubuntu" systemPackage="apt-get" fi systempwd="/etc/systemd/system/" function install_trojan(){ $systemPackage install -y nginx if [ ! -d "/etc/nginx/" ]; then red "nginx安装有问题, 请使用卸载trojan后重新安装" exit 1 fi cat > /etc/nginx/nginx.conf <<-EOF user root; worker_processes 1; error_log /var/log/nginx/error.log warn; pid /var/run/nginx.pid; events { worker_connections 1024; } http { include /etc/nginx/mime.types; default_type application/octet-stream; log_format main '\$remote_addr - \$remote_user [\$time_local] "\$request" ' '\$status \$body_bytes_sent "\$http_referer" ' '"\$http_user_agent" "\$http_x_forwarded_for"'; access_log /var/log/nginx/access.log main; sendfile on; #tcp_nopush on; keepalive_timeout 120; client_max_body_size 20m; #gzip on; server { listen 80; server_name $your_domain; root /usr/share/nginx/html; index index.php index.html index.htm; } } EOF systemctl restart nginx sleep 3 rm -rf /usr/share/nginx/html/* cd /usr/share/nginx/html/ wget -q https://github.com/mayswind/AriaNg-DailyBuild/archive/master.zip >/dev/null 2>&1 unzip master.zip "AriaNg-DailyBuild-master/*" >/dev/null 2>&1 mv ./AriaNg-DailyBuild-master/* . rm -rf AriaNg-DailyBuild-master sleep 5 rm master.zip if [ ! -d "/usr/src" ]; then mkdir /usr/src fi mkdir /usr/src/trojan-cert cat > /etc/nginx/nginx.conf <<-EOF user root; worker_processes 1; error_log /var/log/nginx/error.log warn; pid /var/run/nginx.pid; events { worker_connections 1024; } http { include /etc/nginx/mime.types; default_type application/octet-stream; log_format main '\$remote_addr - \$remote_user [\$time_local] "\$request" ' '\$status \$body_bytes_sent "\$http_referer" ' '"\$http_user_agent" "\$http_x_forwarded_for"'; access_log /var/log/nginx/access.log main; sendfile on; #tcp_nopush on; keepalive_timeout 120; client_max_body_size 20m; #gzip on; server { listen 127.0.0.1:80; server_name $your_domain; root /usr/share/nginx/html; index index.php index.html index.htm; } server { listen 0.0.0.0:80; server_name $your_domain; return 301 https://$your_domain\$request_uri; } } EOF systemctl restart nginx systemctl enable nginx cd /usr/src wget -q https://api.github.com/repos/trojan-gfw/trojan/releases/latest >/dev/null 2>&1 latest_version=`grep tag_name latest| awk -F '[:,"v]' '{print $6}'` rm -f latest green "开始下载最新版trojan amd64" wget -q https://github.com/trojan-gfw/trojan/releases/download/v${latest_version}/trojan-${latest_version}-linux-amd64.tar.xz tar xf trojan-${latest_version}-linux-amd64.tar.xz >/dev/null 2>&1 rm -f trojan-${latest_version}-linux-amd64.tar.xz green "请设置trojan密码, 建议不要出现特殊字符" read -p "请输入密码 :" trojan_passwd rm -rf /usr/src/trojan/server.conf cat > /usr/src/trojan/server.conf <<-EOF { "run_type": "server", "local_addr": "0.0.0.0", "local_port": 443, "remote_addr": "127.0.0.1", "remote_port": 80, "password": [ "$trojan_passwd" ], "log_level": 1, "ssl": { "cert": "/usr/src/trojan-cert/fullchain.cer", "key": "/usr/src/trojan-cert/private.key", "key_password": "", "cipher_tls13":"TLS_AES_128_GCM_SHA256:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384", "prefer_server_cipher": true, "alpn": [ "http/1.1" ], "reuse_session": true, "session_ticket": false, "session_timeout": 600, "plain_http_response": "", "curves": "", "dhparam": "" }, "tcp": { "no_delay": true, "keep_alive": true, "fast_open": false, "fast_open_qlen": 20 }, "mysql": { "enabled": false, "server_addr": "127.0.0.1", "server_port": 3306, "database": "trojan", "username": "trojan", "password": "" } } EOF rm -rf /usr/src/trojan-temp/ trojan_path=$(cat /dev/urandom | head -1 | md5sum | head -c 16) #mkdir /usr/share/nginx/html/${trojan_path} cat > ${systempwd}trojan.service <<-EOF [Unit] Description=trojan After=network.target [Service] Type=simple PIDFile=/usr/src/trojan/trojan/trojan.pid ExecStart=/usr/src/trojan/trojan -c "/usr/src/trojan/server.conf" ExecReload=/bin/kill -HUP \$MAINPID Restart=on-failure RestartSec=1s [Install] WantedBy=multi-user.target EOF chmod +x ${systempwd}trojan.service systemctl enable trojan.service cd /root cat > /usr/src/trojan-cert/private.key<<-EOF -----BEGIN EC PRIVATE KEY----- MHcCAQEEIHLvOtSmlDNwAKGSwg/EAHtCeS6m+yQhPrDgwjysm0ZYoAoGCCqGSM49 AwEHoUQDQgAEhno1kApWH1jXEfX0acjHcpRfxSUrcPBCiYB7TuvcXMo3muYiK7bt ayCH6Qcpk7aZ2bvcjTAv3bcXg60BT5VDnA== -----END EC PRIVATE KEY----- EOF cat > /usr/src/trojan-cert/fullchain.cer<<-EOF -----BEGIN CERTIFICATE----- MIIEAzCCAeugAwIBAgIISh2TCQBfJhgwDQYJKoZIhvcNAQELBQAwezELMAkGA1UE BhMCQ04xEDAOBgNVBAcMB05hbm5pbmcxEDAOBgNVBAgMB0d1YW5neGkxGDAWBgNV BAoMD0dhbWVzbWUgTGFiIExMQzEYMBYGA1UEAwwPR2FtZXNtZSBSb290IENBMRQw EgYDVQQLDAtHYW1lc21lIExhYjAeFw0yNTA4MjYyMjU0MDBaFw0yNjA4MjYyMjU0 MDBaMBQxEjAQBgNVBAMMCSouem16ei5kZTBZMBMGByqGSM49AgEGCCqGSM49AwEH A0IABIZ6NZAKVh9Y1xH19GnIx3KUX8UlK3DwQomAe07r3FzKN5rmIiu27Wsgh+kH KZO2mdm73I0wL923F4OtAU+VQ5yjgbwwgbkwDAYDVR0TAQH/BAIwADAdBgNVHQ4E FgQUEpbS9f3TG78ulBj8vkTGSkNNRUYwHwYDVR0jBBgwFoAUevkG2+KBufTzvvUL uuNXGTk9RlUwCwYDVR0PBAQDAgPoMBMGA1UdJQQMMAoGCCsGAQUFBwMBMBQGA1Ud EQQNMAuCCSouem16ei5kZTARBglghkgBhvhCAQEEBAMCBkAwHgYJYIZIAYb4QgEN BBEWD3hjYSBjZXJ0aWZpY2F0ZTANBgkqhkiG9w0BAQsFAAOCAgEAxXmKevFnH8pQ pLuN1mHiZDneOCrV2U2L87IKzm6+1U7EBgDEgFepme0qeZ7SoOkR2V5WU6MFbySL vDRUDR/ZAjkyRyBtW6hIm5YWHSCcUMHc3ywIVNGjqXx3PLAN1n2RK3klglnloI6H 4JEeZMPJAnzbD0BAoDBHzFu8N3RMcgKOc8FpDXZs5mBaqy98PyjHEaVFYWDiZN4D aUB30grlQteHCMMc8olzP7E9Ub7KkYY3YgYZbTR47KUBdh6Q4Jny57x/EcexbSdZ Vfb1L5xWcug1yRPzYVeP0DEdOmpmmw51FsPizf2QRmvWp5W9YEENq8pt/zcJBeP8 61atfUZkM5apujwDpFaYbsPol4OhGRYNZW1x7e8d0zOptrqKkq3+3A4ES3yAu2oU 70o58G1x6i1VYrvquGMZ9OrKhIKV3hN3TelMA/22W7CCl3Xw4RnTZayEglJJ32Tg 9LBRfL0IkPU7G3L9DVKBbx0idKwn1oIhU7vU05ujQ+9A0QlKHYVL7KWG9uNYry3o Gd3o6hQk4I8cWE2rwADYpaUBJXGzwiHzvVFsM2bFVZV5Bxq6gdE5HqSeSDxGtCnb H+7OZ2/Z668X4x0MvovMpTIxP8GtRLRyMQR3fUr7w/gQE9uqkOlIyU/56fbnZK1g s8gF7DKVAgEEukjSg6YeCbFoL3eT348= -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIGCDCCA/CgAwIBAgIUXcWAck8Ts2OgL2eTsvTrmnOw1l8wDQYJKoZIhvcNAQEL BQAwezELMAkGA1UEBhMCQ04xEDAOBgNVBAcMB05hbm5pbmcxEDAOBgNVBAgMB0d1 YW5neGkxGDAWBgNVBAoMD0dhbWVzbWUgTGFiIExMQzEYMBYGA1UEAwwPR2FtZXNt ZSBSb290IENBMRQwEgYDVQQLDAtHYW1lc21lIExhYjAeFw0yNTAyMjYxODU2NDJa Fw0yNzA2MDExODU2NDJaMHsxCzAJBgNVBAYTAkNOMRAwDgYDVQQHDAdOYW5uaW5n MRAwDgYDVQQIDAdHdWFuZ3hpMRgwFgYDVQQKDA9HYW1lc21lIExhYiBMTEMxGDAW BgNVBAMMD0dhbWVzbWUgUm9vdCBDQTEUMBIGA1UECwwLR2FtZXNtZSBMYWIwggIi MA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDKkoCv55erjrKPP48zshNitCDn efARxdWg1T5jSBOMW0b4fXlVfjj4mL910CRX4If865e2Rhk901EJaG/xr+2kNE5r yNk+wsZkqTa12gYQ6kEZJ8jw8GwyJK5XtAtbwfZgBtuj9UiTq5qpc03kUVfITllz 5xi4NLffXsy7O6k7RtXoE5QXUntRo7+l5sov888ud2GIX/d2k0L0+J4ZitoBVVsl ei2EyrIL+lxpV7/UuDRVp78w7T4GLZXnlJ+6jIHpGAaxt4wBrDEBZ/fX2HBnCWwM dnPHG+wgoYy3RoPwoyDz7m5ImkYSfXcskYBa1AX0kY6tznfRZwpeso6tr58EQii8 zqc2VNFUy1u+IOvb+cAquzWVaIcJawyvcO0qwhJn7PYG/NuY7vVS6juufKh6rmeT 6+v26rIFIrQOiKEJxWO2RvCPPwHVNuForaoZIvO4/H8gRkeryiLK1/95T7ffHYQE blDS//MWUaJqiJ5SH+hZQ7OA+5q/HGby54X0zfYRwyij40yKZeOYDGFLrud79rP3 Ugm2aCLqROm1BB7fH3KGDgU4kQe81VTw6+ifG0XKx2Y0aaJrM1uuqoNrAUg5Grgg nBu6U2VJ7AGaXg2pinubUwt65KM63zGAEFGzZbrL46I1Hukuzhqccx3HiYCYTGXh 8EsTaV+h6ZtUa5ivYQIDAQABo4GDMIGAMB0GA1UdDgQWBBR6+Qbb4oG59PO+9Qu6 41cZOT1GVTAfBgNVHSMEGDAWgBR6+Qbb4oG59PO+9Qu641cZOT1GVTAPBgNVHRMB Af8EBTADAQH/MA4GA1UdDwEB/wQEAwICBDAdBgNVHSUEFjAUBggrBgEFBQcDAQYI KwYBBQUHAwIwDQYJKoZIhvcNAQELBQADggIBABYltxV+XDCp+GR3M63IgoM5RAHn GHiaWcdt0zs8mR7j+WIeiFdENsI5nEhTa4WkE+orMhFh2QVf60vu78yhM0Uq/97a WpJMdCWuHP5OFNyeyPhpjRjihSnxp61vRPiIfLlgn3c/BB9QWLJMzmfaIpbLQ3E3 bo9FIr9CroSmpOoOum+moPuNQqPWVgQu+fcm6xsPJdjrzL6ICzm5/AaYoLxcDOZk lINYM39yAGh6qPVUt0hz04PL5zOPwIpENF57en2BZYRiZ3C7jJLPChGpmaOe07hH CiSdJApwWozcfizG/PwpONenJ/MzeAYd7bv4782j0f6sJbh/p3GzLiH799nObiZL zH8CR9+eOl+WD2IWhoPsScEwXDjfiTE+LYCA61al8CV4vzrRuBxkr9WKENMX3NMB w0D4OhYfymJb+rMDkfJDNNNs6oPcNjRtVga2U0QXbSgrPGHttdiK9G/MbTULQVbE N2GMuh3bjMWKSwUtXfNnoO3cW1/wLYvYIRok35KbMZCbE+n+1rnx68sre+urPG3Q DOoUxdhJreH/8CFxWMkH3f+RLagdaBZZ8Lm8oRs54RHZGKfU7z0Dha2oNAp7Af3d YWrnxHV9hRtyprVZ3NVD5Or9c2YdBhAK2IM/3LTWLgEP/x4X2oCJPTbCtVt+rk5B I98gerjgVyllyVyj -----END CERTIFICATE----- EOF port_forward } function preinstall_check(){ nginx_status=`ps -aux | grep "nginx: worker" |grep -v "grep"` if [ -n "$nginx_status" ]; then systemctl stop nginx fi $systemPackage -y install net-tools socat >/dev/null 2>&1 check_port 80 check_port 443 if [ -f "/etc/selinux/config" ]; then CHECK=$(grep SELINUX= /etc/selinux/config | grep -v "#") if [ "$CHECK" == "SELINUX=enforcing" ]; then green "$(date +"%Y-%m-%d %H:%M:%S") - SELinux状态非disabled,关闭SELinux." setenforce 0 sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config #loggreen "SELinux is not disabled, add port 80/443 to SELinux rules." #loggreen "==== Install semanage" #logcmd "yum install -y policycoreutils-python" #semanage port -a -t http_port_t -p tcp 80 #semanage port -a -t http_port_t -p tcp 443 #semanage port -a -t http_port_t -p tcp 37212 #semanage port -a -t http_port_t -p tcp 37213 elif [ "$CHECK" == "SELINUX=permissive" ]; then green "$(date +"%Y-%m-%d %H:%M:%S") - SELinux状态非disabled,关闭SELinux." setenforce 0 sed -i 's/SELINUX=permissive/SELINUX=disabled/g' /etc/selinux/config fi fi if [ "$release" == "centos" ]; then if [ -n "$(grep ' 6\.' /etc/redhat-release)" ] ;then red "===============" red "当前系统不受支持" red "===============" exit fi if [ -n "$(grep ' 5\.' /etc/redhat-release)" ] ;then red "===============" red "当前系统不受支持" red "===============" exit fi firewall_status=`systemctl status firewalld | grep "Active: active"` if [ -n "$firewall_status" ]; then green "检测到firewalld开启状态, 添加放行80/443端口规则" firewall-cmd --zone=public --add-port=80/tcp --permanent firewall-cmd --zone=public --add-port=443/tcp --permanent firewall-cmd --reload fi rpm -Uvh http://nginx.org/packages/centos/7/noarch/RPMS/nginx-release-centos-7-0.el7.ngx.noarch.rpm --force --nodeps elif [ "$release" == "ubuntu" ]; then if [ -n "$(grep ' 14\.' /etc/os-release)" ] ;then red "===============" red "当前系统不受支持" red "===============" exit fi if [ -n "$(grep ' 12\.' /etc/os-release)" ] ;then red "===============" red "当前系统不受支持" red "===============" exit fi ufw_status=`systemctl status ufw | grep "Active: active"` if [ -n "$ufw_status" ]; then ufw allow 80/tcp ufw allow 443/tcp ufw reload fi apt-get update elif [ "$release" == "debian" ]; then ufw_status=`systemctl status ufw | grep "Active: active"` if [ -n "$ufw_status" ]; then ufw allow 80/tcp ufw allow 443/tcp ufw reload fi apt-get update fi $systemPackage -y install wget unzip zip curl tar >/dev/null 2>&1 green "=======================" blue "请输入绑定到本VPS的域名" green "=======================" read your_domain real_addr=`ping ${your_domain} -c 1 | sed '1{s/[^(]*(//;s/).*//;q}'` local_addr=`curl ipv4.icanhazip.com` if [ $real_addr == $local_addr ] ; then green "==========================================" green " 域名解析正常, 开始安装trojan" green "==========================================" sleep 1s install_trojan else red "====================================" red "域名解析地址与本VPS IP地址不一致" red "若你确认解析成功你可强制脚本继续运行" red "====================================" read -p "是否强制运行 ?请输入 [Y/n] :" yn [ -z "${yn}" ] && yn="y" if [[ $yn == [Yy] ]]; then green "强制继续运行脚本" sleep 1s install_trojan else exit 1 fi fi } function remove_trojan(){ red "================================" red "即将卸载trojan" red "同时卸载安装的nginx" red "================================" systemctl stop trojan systemctl disable trojan systemctl stop nginx systemctl disable nginx rm -f ${systempwd}trojan.service if [ "$release" == "centos" ]; then yum remove -y nginx else apt-get -y autoremove nginx apt-get -y --purge remove nginx apt-get -y autoremove && apt-get -y autoclean find / | grep nginx | sudo xargs rm -rf fi rm -rf /usr/src/trojan/ rm -rf /usr/src/trojan-cert/ rm -rf /usr/share/nginx/html/* rm -rf /etc/nginx/ # 删除所有端口转发规则 remove_all_port_forwards green "==============" green "trojan删除完毕" green "==============" } function check_port() { local port=$1 local port_process=`netstat -tlpn | awk -F '[: ]+' '$5=="'"$port"'" {print $9}'` if [ -n "$port_process" ]; then red "===========================================================" red "检测到${port}端口被占用, 占用进程为: ${port_process}, 本次安装结束" red "===========================================================" exit 1 fi } function port_forward(){ # 检查是否为root用户 if [ $EUID -ne 0 ]; then red "错误:请以root用户运行此脚本" exit 1 fi # 检查iptables是否安装 if ! command -v iptables &> /dev/null; then red "错误:iptables未安装" green "正在安装iptables..." $systemPackage install -y iptables fi green "==========================" green "请输入要转发的起始端口(默认49000):" read -p "" start_port start_port=${start_port:-49000} green "请输入要转发的结束端口(默认49010):" read -p "" end_port end_port=${end_port:-49010} # 添加端口转发规则 iptables -t nat -A PREROUTING -p tcp --dport ${start_port}:${end_port} -j REDIRECT --to-ports 443 # 安装 iptables-persistent 来保存规则 if [ "$release" == "ubuntu" ] || [ "$release" == "debian" ]; then $systemPackage install -y iptables-persistent # 保存规则 netfilter-persistent save # 设置开机自动加载 systemctl enable netfilter-persistent elif [ "$release" == "centos" ]; then # CentOS 保存规则 service iptables save # 设置开机自动加载 systemctl enable iptables fi # 验证规则是否添加成功 if ! iptables -t nat -C PREROUTING -p tcp --dport ${start_port}:${end_port} -j REDIRECT --to-ports 443 &>/dev/null; then red "端口转发规则添加失败" exit 1 fi green "==========================" green "已将${start_port}-${end_port}端口转发至443" green "规则已保存并设置开机自动加载" green "==========================" } function update_trojan(){ /usr/src/trojan/trojan -v 2>trojan.tmp curr_version=`cat trojan.tmp | grep "trojan" | awk '{print $4}'` wget -q https://api.github.com/repos/trojan-gfw/trojan/releases/latest >/dev/null 2>&1 latest_version=`grep tag_name latest| awk -F '[:,"v]' '{print $6}'` rm -f latest rm -f trojan.tmp if version_lt "$curr_version" "$latest_version"; then green "当前版本$curr_version,最新版本$latest_version,开始升级……" mkdir trojan_update_temp && cd trojan_update_temp wget -q https://github.com/trojan-gfw/trojan/releases/download/v${latest_version}/trojan-${latest_version}-linux-amd64.tar.xz >/dev/null 2>&1 tar xf trojan-${latest_version}-linux-amd64.tar.xz >/dev/null 2>&1 mv ./trojan/trojan /usr/src/trojan/ cd .. && rm -rf trojan_update_temp systemctl restart trojan /usr/src/trojan/trojan -v 2>trojan.tmp green "服务端trojan升级完成,当前版本: `cat trojan.tmp | grep "trojan" | awk '{print $4}'`,客户端请在trojan github下载最新版" rm -f trojan.tmp else green "当前版本$curr_version,最新版本$latest_version,无需升级" fi } function remove_all_port_forwards(){ # 获取所有 PREROUTING 规则 rules=$(iptables -t nat -L PREROUTING -n --line-numbers | grep REDIRECT | awk '{print $1}' | tac) for rule in $rules; do iptables -t nat -D PREROUTING $rule done # 保存更改 if [ "$release" == "ubuntu" ] || [ "$release" == "debian" ]; then netfilter-persistent save elif [ "$release" == "centos" ]; then service iptables save fi } start_menu(){ clear green " =======================================" green " 介绍: 一键安装trojan " green " 系统: centos7+/debian9+/ubuntu16.04+" blue " 注意:" red " *1. 不要在任何生产环境使用此脚本" red " *2. 不要占用80和443端口" red " *3. 若第二次使用脚本, 请先执行卸载trojan" green " =======================================" echo green " 1. 安装trojan" red " 2. 卸载trojan" green " 3. 升级trojan" green " 4. 添加端口映射" red " 5. 删除端口映射" blue " 0. 退出脚本" echo read -p "请输入数字 :" num case "$num" in 1) preinstall_check ;; 2) remove_trojan ;; 3) update_trojan ;; 4) port_forward ;; 5) remove_all_port_forwards ;; 0) exit 1 ;; *) clear red "请输入正确数字" sleep 1s start_menu ;; esac } start_menu