gamesme/bash-script
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
67b1675dcf2c99a3a7527d57ee7983dd89105892
bash-script/trojan.sh
gamesme 67b1675dcf 更新 trojan.sh 
Change Certs
2025-08-28 17:18:48 +08:00

551 lines
19 KiB
Bash
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

#!/bin/bash
function blue(){
echo -e "\033[34m\033[01m$1\033[0m"
}
function green(){
echo -e "\033[32m\033[01m$1\033[0m"
}
function red(){
echo -e "\033[31m\033[01m$1\033[0m"
}
function version_lt(){
test "$(echo "$@" | tr " " "\n" | sort -rV | head -n 1)" != "$1";
}
source /etc/os-release
RELEASE=$ID
VERSION=$VERSION_ID
if [ "$RELEASE" == "centos" ]; then
release="centos"
systemPackage="yum"
elif [ "$RELEASE" == "debian" ]; then
release="debian"
systemPackage="apt-get"
elif [ "$RELEASE" == "ubuntu" ]; then
release="ubuntu"
systemPackage="apt-get"
fi
systempwd="/etc/systemd/system/"
function install_trojan(){
$systemPackage install -y nginx
if [ ! -d "/etc/nginx/" ]; then
red "nginx安装有问题, 请使用卸载trojan后重新安装"
exit 1
fi
cat > /etc/nginx/nginx.conf <<-EOF
user root;
worker_processes 1;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '\$remote_addr - \$remote_user [\$time_local] "\$request" '
'\$status \$body_bytes_sent "\$http_referer" '
'"\$http_user_agent" "\$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
keepalive_timeout 120;
client_max_body_size 20m;
#gzip on;
server {
listen 80;
server_name $your_domain;
root /usr/share/nginx/html;
index index.php index.html index.htm;
}
}
EOF
systemctl restart nginx
sleep 3
rm -rf /usr/share/nginx/html/*
cd /usr/share/nginx/html/
wget -q https://github.com/mayswind/AriaNg-DailyBuild/archive/master.zip >/dev/null 2>&1
unzip master.zip "AriaNg-DailyBuild-master/*" >/dev/null 2>&1
mv ./AriaNg-DailyBuild-master/* .
rm -rf AriaNg-DailyBuild-master
sleep 5
rm master.zip
if [ ! -d "/usr/src" ]; then
mkdir /usr/src
fi
mkdir /usr/src/trojan-cert
cat > /etc/nginx/nginx.conf <<-EOF
user root;
worker_processes 1;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '\$remote_addr - \$remote_user [\$time_local] "\$request" '
'\$status \$body_bytes_sent "\$http_referer" '
'"\$http_user_agent" "\$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
keepalive_timeout 120;
client_max_body_size 20m;
#gzip on;
server {
listen 127.0.0.1:80;
server_name $your_domain;
root /usr/share/nginx/html;
index index.php index.html index.htm;
}
server {
listen 0.0.0.0:80;
server_name $your_domain;
return 301 https://$your_domain\$request_uri;
}
}
EOF
systemctl restart nginx
systemctl enable nginx
cd /usr/src
wget -q https://api.github.com/repos/trojan-gfw/trojan/releases/latest >/dev/null 2>&1
latest_version=`grep tag_name latest| awk -F '[:,"v]' '{print $6}'`
rm -f latest
green "开始下载最新版trojan amd64"
wget -q https://github.com/trojan-gfw/trojan/releases/download/v${latest_version}/trojan-${latest_version}-linux-amd64.tar.xz
tar xf trojan-${latest_version}-linux-amd64.tar.xz >/dev/null 2>&1
rm -f trojan-${latest_version}-linux-amd64.tar.xz
green "请设置trojan密码, 建议不要出现特殊字符"
read -p "请输入密码 :" trojan_passwd
rm -rf /usr/src/trojan/server.conf
cat > /usr/src/trojan/server.conf <<-EOF
{
"run_type": "server",
"local_addr": "0.0.0.0",
"local_port": 443,
"remote_addr": "127.0.0.1",
"remote_port": 80,
"password": [
"$trojan_passwd"
],
"log_level": 1,
"ssl": {
"cert": "/usr/src/trojan-cert/fullchain.cer",
"key": "/usr/src/trojan-cert/private.key",
"key_password": "",
"cipher_tls13":"TLS_AES_128_GCM_SHA256:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384",
"prefer_server_cipher": true,
"alpn": [
"http/1.1"
],
"reuse_session": true,
"session_ticket": false,
"session_timeout": 600,
"plain_http_response": "",
"curves": "",
"dhparam": ""
},
"tcp": {
"no_delay": true,
"keep_alive": true,
"fast_open": false,
"fast_open_qlen": 20
},
"mysql": {
"enabled": false,
"server_addr": "127.0.0.1",
"server_port": 3306,
"database": "trojan",
"username": "trojan",
"password": ""
}
}
EOF
rm -rf /usr/src/trojan-temp/
trojan_path=$(cat /dev/urandom | head -1 | md5sum | head -c 16)
#mkdir /usr/share/nginx/html/${trojan_path}
cat > ${systempwd}trojan.service <<-EOF
[Unit]
Description=trojan
After=network.target
[Service]
Type=simple
PIDFile=/usr/src/trojan/trojan/trojan.pid
ExecStart=/usr/src/trojan/trojan -c "/usr/src/trojan/server.conf"
ExecReload=/bin/kill -HUP \$MAINPID
Restart=on-failure
RestartSec=1s
[Install]
WantedBy=multi-user.target
EOF
chmod +x ${systempwd}trojan.service
systemctl enable trojan.service
cd /root
cat > /usr/src/trojan-cert/private.key<<-EOF
-----BEGIN EC PRIVATE KEY-----
MHcCAQEEIHLvOtSmlDNwAKGSwg/EAHtCeS6m+yQhPrDgwjysm0ZYoAoGCCqGSM49
AwEHoUQDQgAEhno1kApWH1jXEfX0acjHcpRfxSUrcPBCiYB7TuvcXMo3muYiK7bt
ayCH6Qcpk7aZ2bvcjTAv3bcXg60BT5VDnA==
-----END EC PRIVATE KEY-----
EOF
cat > /usr/src/trojan-cert/fullchain.cer<<-EOF
-----BEGIN CERTIFICATE-----
MIIEAzCCAeugAwIBAgIISh2TCQBfJhgwDQYJKoZIhvcNAQELBQAwezELMAkGA1UE
BhMCQ04xEDAOBgNVBAcMB05hbm5pbmcxEDAOBgNVBAgMB0d1YW5neGkxGDAWBgNV
BAoMD0dhbWVzbWUgTGFiIExMQzEYMBYGA1UEAwwPR2FtZXNtZSBSb290IENBMRQw
EgYDVQQLDAtHYW1lc21lIExhYjAeFw0yNTA4MjYyMjU0MDBaFw0yNjA4MjYyMjU0
MDBaMBQxEjAQBgNVBAMMCSouem16ei5kZTBZMBMGByqGSM49AgEGCCqGSM49AwEH
A0IABIZ6NZAKVh9Y1xH19GnIx3KUX8UlK3DwQomAe07r3FzKN5rmIiu27Wsgh+kH
KZO2mdm73I0wL923F4OtAU+VQ5yjgbwwgbkwDAYDVR0TAQH/BAIwADAdBgNVHQ4E
FgQUEpbS9f3TG78ulBj8vkTGSkNNRUYwHwYDVR0jBBgwFoAUevkG2+KBufTzvvUL
uuNXGTk9RlUwCwYDVR0PBAQDAgPoMBMGA1UdJQQMMAoGCCsGAQUFBwMBMBQGA1Ud
EQQNMAuCCSouem16ei5kZTARBglghkgBhvhCAQEEBAMCBkAwHgYJYIZIAYb4QgEN
BBEWD3hjYSBjZXJ0aWZpY2F0ZTANBgkqhkiG9w0BAQsFAAOCAgEAxXmKevFnH8pQ
pLuN1mHiZDneOCrV2U2L87IKzm6+1U7EBgDEgFepme0qeZ7SoOkR2V5WU6MFbySL
vDRUDR/ZAjkyRyBtW6hIm5YWHSCcUMHc3ywIVNGjqXx3PLAN1n2RK3klglnloI6H
4JEeZMPJAnzbD0BAoDBHzFu8N3RMcgKOc8FpDXZs5mBaqy98PyjHEaVFYWDiZN4D
aUB30grlQteHCMMc8olzP7E9Ub7KkYY3YgYZbTR47KUBdh6Q4Jny57x/EcexbSdZ
Vfb1L5xWcug1yRPzYVeP0DEdOmpmmw51FsPizf2QRmvWp5W9YEENq8pt/zcJBeP8
61atfUZkM5apujwDpFaYbsPol4OhGRYNZW1x7e8d0zOptrqKkq3+3A4ES3yAu2oU
70o58G1x6i1VYrvquGMZ9OrKhIKV3hN3TelMA/22W7CCl3Xw4RnTZayEglJJ32Tg
9LBRfL0IkPU7G3L9DVKBbx0idKwn1oIhU7vU05ujQ+9A0QlKHYVL7KWG9uNYry3o
Gd3o6hQk4I8cWE2rwADYpaUBJXGzwiHzvVFsM2bFVZV5Bxq6gdE5HqSeSDxGtCnb
H+7OZ2/Z668X4x0MvovMpTIxP8GtRLRyMQR3fUr7w/gQE9uqkOlIyU/56fbnZK1g
s8gF7DKVAgEEukjSg6YeCbFoL3eT348=
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIGCDCCA/CgAwIBAgIUXcWAck8Ts2OgL2eTsvTrmnOw1l8wDQYJKoZIhvcNAQEL
BQAwezELMAkGA1UEBhMCQ04xEDAOBgNVBAcMB05hbm5pbmcxEDAOBgNVBAgMB0d1
YW5neGkxGDAWBgNVBAoMD0dhbWVzbWUgTGFiIExMQzEYMBYGA1UEAwwPR2FtZXNt
ZSBSb290IENBMRQwEgYDVQQLDAtHYW1lc21lIExhYjAeFw0yNTAyMjYxODU2NDJa
Fw0yNzA2MDExODU2NDJaMHsxCzAJBgNVBAYTAkNOMRAwDgYDVQQHDAdOYW5uaW5n
MRAwDgYDVQQIDAdHdWFuZ3hpMRgwFgYDVQQKDA9HYW1lc21lIExhYiBMTEMxGDAW
BgNVBAMMD0dhbWVzbWUgUm9vdCBDQTEUMBIGA1UECwwLR2FtZXNtZSBMYWIwggIi
MA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDKkoCv55erjrKPP48zshNitCDn
efARxdWg1T5jSBOMW0b4fXlVfjj4mL910CRX4If865e2Rhk901EJaG/xr+2kNE5r
yNk+wsZkqTa12gYQ6kEZJ8jw8GwyJK5XtAtbwfZgBtuj9UiTq5qpc03kUVfITllz
5xi4NLffXsy7O6k7RtXoE5QXUntRo7+l5sov888ud2GIX/d2k0L0+J4ZitoBVVsl
ei2EyrIL+lxpV7/UuDRVp78w7T4GLZXnlJ+6jIHpGAaxt4wBrDEBZ/fX2HBnCWwM
dnPHG+wgoYy3RoPwoyDz7m5ImkYSfXcskYBa1AX0kY6tznfRZwpeso6tr58EQii8
zqc2VNFUy1u+IOvb+cAquzWVaIcJawyvcO0qwhJn7PYG/NuY7vVS6juufKh6rmeT
6+v26rIFIrQOiKEJxWO2RvCPPwHVNuForaoZIvO4/H8gRkeryiLK1/95T7ffHYQE
blDS//MWUaJqiJ5SH+hZQ7OA+5q/HGby54X0zfYRwyij40yKZeOYDGFLrud79rP3
Ugm2aCLqROm1BB7fH3KGDgU4kQe81VTw6+ifG0XKx2Y0aaJrM1uuqoNrAUg5Grgg
nBu6U2VJ7AGaXg2pinubUwt65KM63zGAEFGzZbrL46I1Hukuzhqccx3HiYCYTGXh
8EsTaV+h6ZtUa5ivYQIDAQABo4GDMIGAMB0GA1UdDgQWBBR6+Qbb4oG59PO+9Qu6
41cZOT1GVTAfBgNVHSMEGDAWgBR6+Qbb4oG59PO+9Qu641cZOT1GVTAPBgNVHRMB
Af8EBTADAQH/MA4GA1UdDwEB/wQEAwICBDAdBgNVHSUEFjAUBggrBgEFBQcDAQYI
KwYBBQUHAwIwDQYJKoZIhvcNAQELBQADggIBABYltxV+XDCp+GR3M63IgoM5RAHn
GHiaWcdt0zs8mR7j+WIeiFdENsI5nEhTa4WkE+orMhFh2QVf60vu78yhM0Uq/97a
WpJMdCWuHP5OFNyeyPhpjRjihSnxp61vRPiIfLlgn3c/BB9QWLJMzmfaIpbLQ3E3
bo9FIr9CroSmpOoOum+moPuNQqPWVgQu+fcm6xsPJdjrzL6ICzm5/AaYoLxcDOZk
lINYM39yAGh6qPVUt0hz04PL5zOPwIpENF57en2BZYRiZ3C7jJLPChGpmaOe07hH
CiSdJApwWozcfizG/PwpONenJ/MzeAYd7bv4782j0f6sJbh/p3GzLiH799nObiZL
zH8CR9+eOl+WD2IWhoPsScEwXDjfiTE+LYCA61al8CV4vzrRuBxkr9WKENMX3NMB
w0D4OhYfymJb+rMDkfJDNNNs6oPcNjRtVga2U0QXbSgrPGHttdiK9G/MbTULQVbE
N2GMuh3bjMWKSwUtXfNnoO3cW1/wLYvYIRok35KbMZCbE+n+1rnx68sre+urPG3Q
DOoUxdhJreH/8CFxWMkH3f+RLagdaBZZ8Lm8oRs54RHZGKfU7z0Dha2oNAp7Af3d
YWrnxHV9hRtyprVZ3NVD5Or9c2YdBhAK2IM/3LTWLgEP/x4X2oCJPTbCtVt+rk5B
I98gerjgVyllyVyj
-----END CERTIFICATE-----
EOF
port_forward
}
function preinstall_check(){
nginx_status=`ps -aux | grep "nginx: worker" |grep -v "grep"`
if [ -n "$nginx_status" ]; then
systemctl stop nginx
fi
$systemPackage -y install net-tools socat >/dev/null 2>&1
check_port 80
check_port 443
if [ -f "/etc/selinux/config" ]; then
CHECK=$(grep SELINUX= /etc/selinux/config | grep -v "#")
if [ "$CHECK" == "SELINUX=enforcing" ]; then
green "$(date +"%Y-%m-%d %H:%M:%S") - SELinux状态非disabled,关闭SELinux."
setenforce 0
sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config
#loggreen "SELinux is not disabled, add port 80/443 to SELinux rules."
#loggreen "==== Install semanage"
#logcmd "yum install -y policycoreutils-python"
#semanage port -a -t http_port_t -p tcp 80
#semanage port -a -t http_port_t -p tcp 443
#semanage port -a -t http_port_t -p tcp 37212
#semanage port -a -t http_port_t -p tcp 37213
elif [ "$CHECK" == "SELINUX=permissive" ]; then
green "$(date +"%Y-%m-%d %H:%M:%S") - SELinux状态非disabled,关闭SELinux."
setenforce 0
sed -i 's/SELINUX=permissive/SELINUX=disabled/g' /etc/selinux/config
fi
fi
if [ "$release" == "centos" ]; then
if [ -n "$(grep ' 6\.' /etc/redhat-release)" ] ;then
red "==============="
red "当前系统不受支持"
red "==============="
exit
fi
if [ -n "$(grep ' 5\.' /etc/redhat-release)" ] ;then
red "==============="
red "当前系统不受支持"
red "==============="
exit
fi
firewall_status=`systemctl status firewalld | grep "Active: active"`
if [ -n "$firewall_status" ]; then
green "检测到firewalld开启状态, 添加放行80/443端口规则"
firewall-cmd --zone=public --add-port=80/tcp --permanent
firewall-cmd --zone=public --add-port=443/tcp --permanent
firewall-cmd --reload
fi
rpm -Uvh http://nginx.org/packages/centos/7/noarch/RPMS/nginx-release-centos-7-0.el7.ngx.noarch.rpm --force --nodeps
elif [ "$release" == "ubuntu" ]; then
if [ -n "$(grep ' 14\.' /etc/os-release)" ] ;then
red "==============="
red "当前系统不受支持"
red "==============="
exit
fi
if [ -n "$(grep ' 12\.' /etc/os-release)" ] ;then
red "==============="
red "当前系统不受支持"
red "==============="
exit
fi
ufw_status=`systemctl status ufw | grep "Active: active"`
if [ -n "$ufw_status" ]; then
ufw allow 80/tcp
ufw allow 443/tcp
ufw reload
fi
apt-get update
elif [ "$release" == "debian" ]; then
ufw_status=`systemctl status ufw | grep "Active: active"`
if [ -n "$ufw_status" ]; then
ufw allow 80/tcp
ufw allow 443/tcp
ufw reload
fi
apt-get update
fi
$systemPackage -y install wget unzip zip curl tar >/dev/null 2>&1
green "======================="
blue "请输入绑定到本VPS的域名"
green "======================="
read your_domain
real_addr=`ping ${your_domain} -c 1 | sed '1{s/[^(]*(//;s/).*//;q}'`
local_addr=`curl ipv4.icanhazip.com`
if [ $real_addr == $local_addr ] ; then
green "=========================================="
green " 域名解析正常, 开始安装trojan"
green "=========================================="
sleep 1s
install_trojan
else
red "===================================="
red "域名解析地址与本VPS IP地址不一致"
red "若你确认解析成功你可强制脚本继续运行"
red "===================================="
read -p "是否强制运行 ?请输入 [Y/n] :" yn
[ -z "${yn}" ] && yn="y"
if [[ $yn == [Yy] ]]; then
green "强制继续运行脚本"
sleep 1s
install_trojan
else
exit 1
fi
fi
}
function remove_trojan(){
red "================================"
red "即将卸载trojan"
red "同时卸载安装的nginx"
red "================================"
systemctl stop trojan
systemctl disable trojan
systemctl stop nginx
systemctl disable nginx
rm -f ${systempwd}trojan.service
if [ "$release" == "centos" ]; then
yum remove -y nginx
else
apt-get -y autoremove nginx
apt-get -y --purge remove nginx
apt-get -y autoremove && apt-get -y autoclean
find / | grep nginx | sudo xargs rm -rf
fi
rm -rf /usr/src/trojan/
rm -rf /usr/src/trojan-cert/
rm -rf /usr/share/nginx/html/*
rm -rf /etc/nginx/
# 删除所有端口转发规则
remove_all_port_forwards
green "=============="
green "trojan删除完毕"
green "=============="
}
function check_port() {
local port=$1
local port_process=`netstat -tlpn | awk -F '[: ]+' '$5=="'"$port"'" {print $9}'`
if [ -n "$port_process" ]; then
red "==========================================================="
red "检测到${port}端口被占用, 占用进程为: ${port_process}, 本次安装结束"
red "==========================================================="
exit 1
fi
}
function port_forward(){
# 检查是否为root用户
if [ $EUID -ne 0 ]; then
red "错误请以root用户运行此脚本"
exit 1
fi
# 检查iptables是否安装
if ! command -v iptables &> /dev/null; then
red "错误iptables未安装"
green "正在安装iptables..."
$systemPackage install -y iptables
fi
green "=========================="
green "请输入要转发的起始端口(默认49000):"
read -p "" start_port
start_port=${start_port:-49000}
green "请输入要转发的结束端口(默认49010):"
read -p "" end_port
end_port=${end_port:-49010}
# 添加端口转发规则
iptables -t nat -A PREROUTING -p tcp --dport ${start_port}:${end_port} -j REDIRECT --to-ports 443
# 安装 iptables-persistent 来保存规则
if [ "$release" == "ubuntu" ] || [ "$release" == "debian" ]; then
$systemPackage install -y iptables-persistent
# 保存规则
netfilter-persistent save
# 设置开机自动加载
systemctl enable netfilter-persistent
elif [ "$release" == "centos" ]; then
# CentOS 保存规则
service iptables save
# 设置开机自动加载
systemctl enable iptables
fi
# 验证规则是否添加成功
if ! iptables -t nat -C PREROUTING -p tcp --dport ${start_port}:${end_port} -j REDIRECT --to-ports 443 &>/dev/null; then
red "端口转发规则添加失败"
exit 1
fi
green "=========================="
green "已将${start_port}-${end_port}端口转发至443"
green "规则已保存并设置开机自动加载"
green "=========================="
}
function update_trojan(){
/usr/src/trojan/trojan -v 2>trojan.tmp
curr_version=`cat trojan.tmp | grep "trojan" | awk '{print $4}'`
wget -q https://api.github.com/repos/trojan-gfw/trojan/releases/latest >/dev/null 2>&1
latest_version=`grep tag_name latest| awk -F '[:,"v]' '{print $6}'`
rm -f latest
rm -f trojan.tmp
if version_lt "$curr_version" "$latest_version"; then
green "当前版本$curr_version,最新版本$latest_version,开始升级……"
mkdir trojan_update_temp && cd trojan_update_temp
wget -q https://github.com/trojan-gfw/trojan/releases/download/v${latest_version}/trojan-${latest_version}-linux-amd64.tar.xz >/dev/null 2>&1
tar xf trojan-${latest_version}-linux-amd64.tar.xz >/dev/null 2>&1
mv ./trojan/trojan /usr/src/trojan/
cd .. && rm -rf trojan_update_temp
systemctl restart trojan
/usr/src/trojan/trojan -v 2>trojan.tmp
green "服务端trojan升级完成,当前版本: `cat trojan.tmp | grep "trojan" | awk '{print $4}'`,客户端请在trojan github下载最新版"
rm -f trojan.tmp
else
green "当前版本$curr_version,最新版本$latest_version,无需升级"
fi
}
function remove_all_port_forwards(){
# 获取所有 PREROUTING 规则
rules=$(iptables -t nat -L PREROUTING -n --line-numbers | grep REDIRECT | awk '{print $1}' | tac)
for rule in $rules; do
iptables -t nat -D PREROUTING $rule
done
# 保存更改
if [ "$release" == "ubuntu" ] || [ "$release" == "debian" ]; then
netfilter-persistent save
elif [ "$release" == "centos" ]; then
service iptables save
fi
}
start_menu(){
clear
green " ======================================="
green " 介绍: 一键安装trojan "
green " 系统: centos7+/debian9+/ubuntu16.04+"
blue " 注意:"
red " *1. 不要在任何生产环境使用此脚本"
red " *2. 不要占用80和443端口"
red " *3. 若第二次使用脚本, 请先执行卸载trojan"
green " ======================================="
echo
green " 1. 安装trojan"
red " 2. 卸载trojan"
green " 3. 升级trojan"
green " 4. 添加端口映射"
red " 5. 删除端口映射"
blue " 0. 退出脚本"
echo
read -p "请输入数字 :" num
case "$num" in
1)
preinstall_check
;;
2)
remove_trojan
;;
3)
update_trojan
;;
4)
port_forward
;;
5)
remove_all_port_forwards
;;
0)
exit 1
;;
*)
clear
red "请输入正确数字"
sleep 1s
start_menu
;;
esac
}
start_menu
Reference in New Issue View Git Blame Copy Permalink