gamesme/bash-script
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
cf0d7b644cd1c628f1bfc68cbe6aa3092d8058fa
bash-script/trojan.sh
gamesme 6bc04ed138 Enhance port forwarding functionality in trojan.sh 
- Add dynamic port forwarding configuration
- Implement port forward rule saving and persistence
- Add option to remove all port forwarding rules
- Improve error handling and user experience
- Update start menu to include port mapping removal option
2025-02-06 01:52:27 +08:00

543 lines
19 KiB
Bash
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

#!/bin/bash
function blue(){
echo -e "\033[34m\033[01m$1\033[0m"
}
function green(){
echo -e "\033[32m\033[01m$1\033[0m"
}
function red(){
echo -e "\033[31m\033[01m$1\033[0m"
}
function version_lt(){
test "$(echo "$@" | tr " " "\n" | sort -rV | head -n 1)" != "$1";
}
source /etc/os-release
RELEASE=$ID
VERSION=$VERSION_ID
if [ "$RELEASE" == "centos" ]; then
release="centos"
systemPackage="yum"
elif [ "$RELEASE" == "debian" ]; then
release="debian"
systemPackage="apt-get"
elif [ "$RELEASE" == "ubuntu" ]; then
release="ubuntu"
systemPackage="apt-get"
fi
systempwd="/etc/systemd/system/"
function install_trojan(){
$systemPackage install -y nginx
if [ ! -d "/etc/nginx/" ]; then
red "nginx安装有问题, 请使用卸载trojan后重新安装"
exit 1
fi
cat > /etc/nginx/nginx.conf <<-EOF
user root;
worker_processes 1;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '\$remote_addr - \$remote_user [\$time_local] "\$request" '
'\$status \$body_bytes_sent "\$http_referer" '
'"\$http_user_agent" "\$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
keepalive_timeout 120;
client_max_body_size 20m;
#gzip on;
server {
listen 80;
server_name $your_domain;
root /usr/share/nginx/html;
index index.php index.html index.htm;
}
}
EOF
systemctl restart nginx
sleep 3
rm -rf /usr/share/nginx/html/*
cd /usr/share/nginx/html/
wget -q https://github.com/mayswind/AriaNg-DailyBuild/archive/master.zip >/dev/null 2>&1
unzip master.zip "AriaNg-DailyBuild-master/*" >/dev/null 2>&1
mv ./AriaNg-DailyBuild-master/* .
rm -rf AriaNg-DailyBuild-master
sleep 5
rm master.zip
if [ ! -d "/usr/src" ]; then
mkdir /usr/src
fi
mkdir /usr/src/trojan-cert
cat > /etc/nginx/nginx.conf <<-EOF
user root;
worker_processes 1;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '\$remote_addr - \$remote_user [\$time_local] "\$request" '
'\$status \$body_bytes_sent "\$http_referer" '
'"\$http_user_agent" "\$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
keepalive_timeout 120;
client_max_body_size 20m;
#gzip on;
server {
listen 127.0.0.1:80;
server_name $your_domain;
root /usr/share/nginx/html;
index index.php index.html index.htm;
}
server {
listen 0.0.0.0:80;
server_name $your_domain;
return 301 https://$your_domain\$request_uri;
}
}
EOF
systemctl restart nginx
systemctl enable nginx
cd /usr/src
wget -q https://api.github.com/repos/trojan-gfw/trojan/releases/latest >/dev/null 2>&1
latest_version=`grep tag_name latest| awk -F '[:,"v]' '{print $6}'`
rm -f latest
green "开始下载最新版trojan amd64"
wget -q https://github.com/trojan-gfw/trojan/releases/download/v${latest_version}/trojan-${latest_version}-linux-amd64.tar.xz
tar xf trojan-${latest_version}-linux-amd64.tar.xz >/dev/null 2>&1
rm -f trojan-${latest_version}-linux-amd64.tar.xz
green "请设置trojan密码, 建议不要出现特殊字符"
read -p "请输入密码 :" trojan_passwd
rm -rf /usr/src/trojan/server.conf
cat > /usr/src/trojan/server.conf <<-EOF
{
"run_type": "server",
"local_addr": "0.0.0.0",
"local_port": 443,
"remote_addr": "127.0.0.1",
"remote_port": 80,
"password": [
"$trojan_passwd"
],
"log_level": 1,
"ssl": {
"cert": "/usr/src/trojan-cert/fullchain.cer",
"key": "/usr/src/trojan-cert/private.key",
"key_password": "",
"cipher_tls13":"TLS_AES_128_GCM_SHA256:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384",
"prefer_server_cipher": true,
"alpn": [
"http/1.1"
],
"reuse_session": true,
"session_ticket": false,
"session_timeout": 600,
"plain_http_response": "",
"curves": "",
"dhparam": ""
},
"tcp": {
"no_delay": true,
"keep_alive": true,
"fast_open": false,
"fast_open_qlen": 20
},
"mysql": {
"enabled": false,
"server_addr": "127.0.0.1",
"server_port": 3306,
"database": "trojan",
"username": "trojan",
"password": ""
}
}
EOF
rm -rf /usr/src/trojan-temp/
trojan_path=$(cat /dev/urandom | head -1 | md5sum | head -c 16)
#mkdir /usr/share/nginx/html/${trojan_path}
cat > ${systempwd}trojan.service <<-EOF
[Unit]
Description=trojan
After=network.target
[Service]
Type=simple
PIDFile=/usr/src/trojan/trojan/trojan.pid
ExecStart=/usr/src/trojan/trojan -c "/usr/src/trojan/server.conf"
ExecReload=/bin/kill -HUP \$MAINPID
Restart=on-failure
RestartSec=1s
[Install]
WantedBy=multi-user.target
EOF
chmod +x ${systempwd}trojan.service
systemctl enable trojan.service
cd /root
cat > /usr/src/trojan-cert/private.key<<-EOF
-----BEGIN PRIVATE KEY-----
MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQDFgyVU/fGMnGRj
Re5GUAipHJ03EMtbvcJkb//97AvZ8ZbgGLAplMaFLPNnT07DkCWv3073V5RHyBbZ
XXRh18/o91KBYDaL9+Xu51xZ8jC3aLGnZDNXpZFXX0FRNcyUr8957lNM6f1EmXf/
39Ny1Xn+F17IrM7IhZfqqc45NFQZIWX01axHbIxJRLaGfparoRKbdw1F5I6JguJw
v/Lnl900t7TlDTtV6XQgiYQf2QjQGuTv95qCzqOka8ZGf6uUS1fgSuk7NeNbUM54
6hl7/GmZjggsTRXtkT0cdsQqoqbcM1nBIYp2GvLqH1opH+cZY/AnFfK44pSQ5uEm
KceYPZYvAgMBAAECggEAZKKdsuBw4qQMwkgvT8QXpZLex9/WvbfCBErMtCRBJZri
tOvfVlBnlhOBMXJHP32CtkmhgoUtGCXq/nWPhwre9GSPtTvAjzCQB1n6xBmSmODP
I+r5/f5uP4ZZUXeH9XpezFGSP+45DWrkqYrxweDjd4OQ1860zZbEANzkJmFzOBnW
fIdyWgdP9c5gPYirlUJLJ3cBEum4zbd+XC8N9X4IUyhPKJMZhAY0AFhTkTAYDWEJ
K+/5SNGpwUFry28asyI5SoesH4RRAoG5W1gCG0syjuPAy6ZpDvAe6Eix7pJ083z2
XrPzYMl+j0ud5I/WHP9bPB3KVZdMm5LAK+0OBiZsgQKBgQDQfyarNPOsp0RRKaa4
2UP/tLodgMFibs39L9NY0XuJQouKJtaFPgR9JFMkZP6GxfPUCVDEAxgUfgTVDVnn
7IIamBM+NoFcxDdMmK5fy+r6OKyZPMm4MDunSueI+1wReVSi0ovLzsZOARlCoJ72
X5grbyIwPW/f+v1Zx9GIA5WhDQKBgQDyg1CvHwhQYhs2iU1PDnw6M6HDKr5Ap6U5
fuOxPCrRquZac9yo6eXDDE8+qQoH4rUu+hXPElXhUAWxN3glxQD0z//OC5Is/j07
+tdIcYezImVsHnAxyOrC5QE7AZxr4VJvFYNURHzCpnY6fboFHL51JO5viQ0fZ21s
4ht0Dm1tKwKBgB0qrG4m6i+s9pGkEf6p5ilPTvnxmRv8BDT3C8nRBEcfWAXriPb6
xgX7nuXoevK/nmx7ISFKjYPQXTywsXMQUuMFgyug1Ff12waMFVixXh3C7+I/7rgl
hzLP97Ph9e872estKQFJ29Pts2rurU4p8U+iLFYzQgNDSU3V9ing1n3BAoGAIWwH
ipr0Ql/C8Fkr1mFgrYTAHm2dmruAAdSC/MIWBJ9Q79ZX6s+RYrgnk7MoNr3/ymGc
79TPESY+IpZKcKod359q2bKuipTfS4zebpV25jEvWR84xyOxdvqomME4FYYQHk8Q
smRd7VWTpav+HwY/GVXlpml07YcLhZ4DupLicdECgYBWetGpTXGfHgZxQBu6EIvb
f4PAJ6i1A3Jrpf1zDzFI+P/QJUf0xZUDvF4uzjqEe7Oz6t7HFXMLl7f0zlwBCqKg
R0Vq1jGtLvsL24UIr8ujrJDEmt5zSMNYhDCkI1Rpl/lfS2BWikJTgVl4Bxz4O8Dj
Pw4j4HYa1hsLalNhkohZ0g==
-----END PRIVATE KEY-----
EOF
cat > /usr/src/trojan-cert/fullchain.cer<<-EOF
-----BEGIN CERTIFICATE-----
MIIEyjCCArKgAwIBAgIQTwN47Aj6/rIK5WCAN+orWTANBgkqhkiG9w0BAQsFADCB
jzELMAkGA1UEBhMCQ04xEzARBgNVBAgMCkdyZWF0Q2hpbmExDjAMBgNVBAcMBUxv
Y2FsMRUwEwYDVQQKDAxHYW1lc21lIEx0ZC4xFTATBgNVBAsMDEdhbWVzbWUgRHB0
LjEQMA4GA1UEAwwHR2FtZXNtZTEbMBkGCSqGSIb3DQEJARYMaUBnYW1lc21lLm1l
MB4XDTI0MDQwMTIyMjkzMloXDTI2MDcwMTIyMjkzMlowUjEnMCUGA1UEChMebWtj
ZXJ0IGRldmVsb3BtZW50IGNlcnRpZmljYXRlMScwJQYDVQQLDB5nYW1lc21lQHgt
cHJvLW0xIChDSFVOTkFOIExJVSkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQDFgyVU/fGMnGRjRe5GUAipHJ03EMtbvcJkb//97AvZ8ZbgGLAplMaFLPNn
T07DkCWv3073V5RHyBbZXXRh18/o91KBYDaL9+Xu51xZ8jC3aLGnZDNXpZFXX0FR
NcyUr8957lNM6f1EmXf/39Ny1Xn+F17IrM7IhZfqqc45NFQZIWX01axHbIxJRLaG
fparoRKbdw1F5I6JguJwv/Lnl900t7TlDTtV6XQgiYQf2QjQGuTv95qCzqOka8ZG
f6uUS1fgSuk7NeNbUM546hl7/GmZjggsTRXtkT0cdsQqoqbcM1nBIYp2GvLqH1op
H+cZY/AnFfK44pSQ5uEmKceYPZYvAgMBAAGjXjBcMA4GA1UdDwEB/wQEAwIFoDAT
BgNVHSUEDDAKBggrBgEFBQcDATAfBgNVHSMEGDAWgBRHJocZUxq1ByyNh3O8vHhP
u+YELjAUBgNVHREEDTALggkqLnUyYi5sb2wwDQYJKoZIhvcNAQELBQADggIBAK7I
WaY4Pz9tt86zZFMQ96cwWO2Bqy5zQe2LBQlABrK0MkV+0mTFbqpAN7ClqTzkxyc5
jjwE5DUYJLId6cKHWAPynmIbNQcmvTBFunkFpEsqprmijt0Hhm63V6wBHBxAvGxR
8HoaSJJ0PRGl2u0BFbycmDL5ZNdDdVtjZvCXenOdRDcIqsDdjMm79/0n7rRuQ77c
5/OVBGVhVAVGuD7pyxKXQv6iumNkT9o6utPHIlXiS80df7ac0iCtyvuq8cPyOYND
BEIfVIOM+qm4WYPSTHEUrmN1lzoyhlZDiLRuVTNEMH8F5dGKlguxqfJZqNjOxUOh
GiL1InajsNVwmDCBpIrF/3hePW1PJM5XxE7DgqbnRoyMc6pdPhiZNHhhne5kFNR8
dL/7opexACjN6yp+xeh8GVlJgHOQz01sLmbK7bWo5DKiU7JRYOabDWNx2wxg3O18
KMmwkHSeFfcJxJRQ86nzBNmAuVm7UFYh7s66h0bZOCLy4Ik6Qf24J9tqqwvRLnoV
Rj9NhSMQY9SmuS8aYC4hYsoU9LRLIBuFLxVtinAyvoUn4uVul8haTMznqV/o+q+A
IOTFcQhop8TB7s0tH0zLmk/ykU+E5IRbWQsGH15bUAwoCRTLu9uv1YMO0MhUMfMs
A4LKG7+qOm+5egiZDomeaM472wyc/OK3jNR9uYMv
-----END CERTIFICATE-----
EOF
port_forward
}
function preinstall_check(){
nginx_status=`ps -aux | grep "nginx: worker" |grep -v "grep"`
if [ -n "$nginx_status" ]; then
systemctl stop nginx
fi
$systemPackage -y install net-tools socat >/dev/null 2>&1
check_port 80
check_port 443
if [ -f "/etc/selinux/config" ]; then
CHECK=$(grep SELINUX= /etc/selinux/config | grep -v "#")
if [ "$CHECK" == "SELINUX=enforcing" ]; then
green "$(date +"%Y-%m-%d %H:%M:%S") - SELinux状态非disabled,关闭SELinux."
setenforce 0
sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config
#loggreen "SELinux is not disabled, add port 80/443 to SELinux rules."
#loggreen "==== Install semanage"
#logcmd "yum install -y policycoreutils-python"
#semanage port -a -t http_port_t -p tcp 80
#semanage port -a -t http_port_t -p tcp 443
#semanage port -a -t http_port_t -p tcp 37212
#semanage port -a -t http_port_t -p tcp 37213
elif [ "$CHECK" == "SELINUX=permissive" ]; then
green "$(date +"%Y-%m-%d %H:%M:%S") - SELinux状态非disabled,关闭SELinux."
setenforce 0
sed -i 's/SELINUX=permissive/SELINUX=disabled/g' /etc/selinux/config
fi
fi
if [ "$release" == "centos" ]; then
if [ -n "$(grep ' 6\.' /etc/redhat-release)" ] ;then
red "==============="
red "当前系统不受支持"
red "==============="
exit
fi
if [ -n "$(grep ' 5\.' /etc/redhat-release)" ] ;then
red "==============="
red "当前系统不受支持"
red "==============="
exit
fi
firewall_status=`systemctl status firewalld | grep "Active: active"`
if [ -n "$firewall_status" ]; then
green "检测到firewalld开启状态, 添加放行80/443端口规则"
firewall-cmd --zone=public --add-port=80/tcp --permanent
firewall-cmd --zone=public --add-port=443/tcp --permanent
firewall-cmd --reload
fi
rpm -Uvh http://nginx.org/packages/centos/7/noarch/RPMS/nginx-release-centos-7-0.el7.ngx.noarch.rpm --force --nodeps
elif [ "$release" == "ubuntu" ]; then
if [ -n "$(grep ' 14\.' /etc/os-release)" ] ;then
red "==============="
red "当前系统不受支持"
red "==============="
exit
fi
if [ -n "$(grep ' 12\.' /etc/os-release)" ] ;then
red "==============="
red "当前系统不受支持"
red "==============="
exit
fi
ufw_status=`systemctl status ufw | grep "Active: active"`
if [ -n "$ufw_status" ]; then
ufw allow 80/tcp
ufw allow 443/tcp
ufw reload
fi
apt-get update
elif [ "$release" == "debian" ]; then
ufw_status=`systemctl status ufw | grep "Active: active"`
if [ -n "$ufw_status" ]; then
ufw allow 80/tcp
ufw allow 443/tcp
ufw reload
fi
apt-get update
fi
$systemPackage -y install wget unzip zip curl tar >/dev/null 2>&1
green "======================="
blue "请输入绑定到本VPS的域名"
green "======================="
read your_domain
real_addr=`ping ${your_domain} -c 1 | sed '1{s/[^(]*(//;s/).*//;q}'`
local_addr=`curl ipv4.icanhazip.com`
if [ $real_addr == $local_addr ] ; then
green "=========================================="
green " 域名解析正常, 开始安装trojan"
green "=========================================="
sleep 1s
install_trojan
else
red "===================================="
red "域名解析地址与本VPS IP地址不一致"
red "若你确认解析成功你可强制脚本继续运行"
red "===================================="
read -p "是否强制运行 ?请输入 [Y/n] :" yn
[ -z "${yn}" ] && yn="y"
if [[ $yn == [Yy] ]]; then
green "强制继续运行脚本"
sleep 1s
install_trojan
else
exit 1
fi
fi
}
function remove_trojan(){
red "================================"
red "即将卸载trojan"
red "同时卸载安装的nginx"
red "================================"
systemctl stop trojan
systemctl disable trojan
systemctl stop nginx
systemctl disable nginx
rm -f ${systempwd}trojan.service
if [ "$release" == "centos" ]; then
yum remove -y nginx
else
apt-get -y autoremove nginx
apt-get -y --purge remove nginx
apt-get -y autoremove && apt-get -y autoclean
find / | grep nginx | sudo xargs rm -rf
fi
rm -rf /usr/src/trojan/
rm -rf /usr/src/trojan-cert/
rm -rf /usr/share/nginx/html/*
rm -rf /etc/nginx/
# 删除所有端口转发规则
remove_all_port_forwards
green "=============="
green "trojan删除完毕"
green "=============="
}
function check_port() {
local port=$1
local port_process=`netstat -tlpn | awk -F '[: ]+' '$5=="'"$port"'" {print $9}'`
if [ -n "$port_process" ]; then
red "==========================================================="
red "检测到${port}端口被占用, 占用进程为: ${port_process}, 本次安装结束"
red "==========================================================="
exit 1
fi
}
function port_forward(){
# 检查是否为root用户
if [ $EUID -ne 0 ]; then
red "错误请以root用户运行此脚本"
exit 1
fi
# 检查iptables是否安装
if ! command -v iptables &> /dev/null; then
red "错误iptables未安装"
green "正在安装iptables..."
$systemPackage install -y iptables
fi
green "=========================="
green "请输入要转发的起始端口(默认49000):"
read -p "" start_port
start_port=${start_port:-49000}
green "请输入要转发的结束端口(默认49010):"
read -p "" end_port
end_port=${end_port:-49010}
# 添加端口转发规则
iptables -t nat -A PREROUTING -p tcp --dport ${start_port}:${end_port} -j REDIRECT --to-ports 443
# 安装 iptables-persistent 来保存规则
if [ "$release" == "ubuntu" ] || [ "$release" == "debian" ]; then
$systemPackage install -y iptables-persistent
# 保存规则
netfilter-persistent save
# 设置开机自动加载
systemctl enable netfilter-persistent
elif [ "$release" == "centos" ]; then
# CentOS 保存规则
service iptables save
# 设置开机自动加载
systemctl enable iptables
fi
# 验证规则是否添加成功
if ! iptables -t nat -C PREROUTING -p tcp --dport ${start_port}:${end_port} -j REDIRECT --to-ports 443 &>/dev/null; then
red "端口转发规则添加失败"
exit 1
fi
green "=========================="
green "已将${start_port}-${end_port}端口转发至443"
green "规则已保存并设置开机自动加载"
green "=========================="
}
function update_trojan(){
/usr/src/trojan/trojan -v 2>trojan.tmp
curr_version=`cat trojan.tmp | grep "trojan" | awk '{print $4}'`
wget -q https://api.github.com/repos/trojan-gfw/trojan/releases/latest >/dev/null 2>&1
latest_version=`grep tag_name latest| awk -F '[:,"v]' '{print $6}'`
rm -f latest
rm -f trojan.tmp
if version_lt "$curr_version" "$latest_version"; then
green "当前版本$curr_version,最新版本$latest_version,开始升级……"
mkdir trojan_update_temp && cd trojan_update_temp
wget -q https://github.com/trojan-gfw/trojan/releases/download/v${latest_version}/trojan-${latest_version}-linux-amd64.tar.xz >/dev/null 2>&1
tar xf trojan-${latest_version}-linux-amd64.tar.xz >/dev/null 2>&1
mv ./trojan/trojan /usr/src/trojan/
cd .. && rm -rf trojan_update_temp
systemctl restart trojan
/usr/src/trojan/trojan -v 2>trojan.tmp
green "服务端trojan升级完成,当前版本: `cat trojan.tmp | grep "trojan" | awk '{print $4}'`,客户端请在trojan github下载最新版"
rm -f trojan.tmp
else
green "当前版本$curr_version,最新版本$latest_version,无需升级"
fi
}
function remove_all_port_forwards(){
# 获取所有 PREROUTING 规则
rules=$(iptables -t nat -L PREROUTING -n --line-numbers | grep REDIRECT | awk '{print $1}' | tac)
for rule in $rules; do
iptables -t nat -D PREROUTING $rule
done
# 保存更改
if [ "$release" == "ubuntu" ] || [ "$release" == "debian" ]; then
netfilter-persistent save
elif [ "$release" == "centos" ]; then
service iptables save
fi
}
start_menu(){
clear
green " ======================================="
green " 介绍: 一键安装trojan "
green " 系统: centos7+/debian9+/ubuntu16.04+"
blue " 注意:"
red " *1. 不要在任何生产环境使用此脚本"
red " *2. 不要占用80和443端口"
red " *3. 若第二次使用脚本, 请先执行卸载trojan"
green " ======================================="
echo
green " 1. 安装trojan"
red " 2. 卸载trojan"
green " 3. 升级trojan"
green " 4. 添加端口映射"
red " 5. 删除端口映射"
blue " 0. 退出脚本"
echo
read -p "请输入数字 :" num
case "$num" in
1)
preinstall_check
;;
2)
remove_trojan
;;
3)
update_trojan
;;
4)
port_forward
;;
5)
remove_all_port_forwards
;;
0)
exit 1
;;
*)
clear
red "请输入正确数字"
sleep 1s
start_menu
;;
esac
}
start_menu
Reference in New Issue View Git Blame Copy Permalink