Total Pageviews

Sunday 27 September 2020

使用v2ray的VLESS協議+tcp+xtls翻墙

v2ray的core版本要4.27(含)以上才支持这个VLESS协议)

登陆linux vps.

wget https://raw.githubusercontent.com/v2fly/fhs-install-v2ray/master/install-release.sh

chmod 755 install-release.sh

./install-release.sh

显示:

...

installed: /usr/local/bin/v2ray

installed: /usr/local/bin/v2ctl

installed: /usr/local/share/v2ray/geoip.dat

installed: /usr/local/share/v2ray/geosite.dat

installed: /usr/local/etc/v2ray/config.json

installed: /var/log/v2ray/

installed: /var/log/v2ray/access.log

installed: /var/log/v2ray/error.log

installed: /etc/systemd/system/v2ray.service

installed: /etc/systemd/system/v2ray@.service

removed: /tmp/tmp.zQx1JyiFLv

...

得到的可执行文件为/usr/local/bin/v2ray

(如果你的系统之前安装过v2ray,你可以保留旧版本。然后去下载最新版的可执行文件包:

wget https://github.com/v2fly/v2ray-core/releases/download/v4.31.0/v2ray-linux-64.zip

unzip v2ray-linux-64.zip)

root@localhost:~# v2ray --version

V2Ray 4.29.0 (V2Fly, a community-driven edition of V2Ray.) Custom (go1.15.2 linux/amd64)

A unified platform for anti-censorship.

root@localhost:~#


现在V2Ray的最新版为4.31.0

cd /usr/local/etc/v2ray

nano vless_tcp_xtls.json

cat vless_tcp_xtls.json

{

"inbounds": [

        {

            "port": 451,

            "protocol": "vless",

            "settings": {

                "clients": [

                    {

                        "id": "23ad6b10-8d1a-40f7-8ad0-e3e35cd38297", 

                        "flow": "xtls-rprx-origin"

                    }

                ],

                "decryption": "none",

                "fallbacks": [

                    {

                        "dest": 80 

                    }

                ]

            },

            "streamSettings": {

                "network": "tcp",

                "security": "xtls",

                "xtlsSettings": {

                    "alpn": [

                        "http/1.1"

                    ],

                    "certificates": [

                        {

                            "certificateFile": "/root/.acme.sh/urdomain.com/fullchain.cer", 

                            "keyFile": "/root/.acme.sh/urdomain.com/urdomain.com.key" 

                        }

                    ]

                }

            }

        }

    ],

    "outbounds": [

        {

            "protocol": "freedom"

        }

    ]

}

然后,

cd /etc/systemd/system

nano vless_tcp_xtls.service

cat vless_tcp_xtls.service

[Unit]

After=network.target


[Service]

ExecStart=/usr/local/bin/v2ray -config /usr/local/etc/v2ray/vless_tcp_xtls.json

Restart=always


[Install]

WantedBy=multi-user.target


然后运行:

systemctl start vless_tcp_xtls

systemctl enable vless_tcp_xtls

服务器端搭建完成。


在本地机器mac上。

mkdir ~/v2ray-4.31.0/

cd ~/v2ray-4.31.0/

wget https://github.com/v2fly/v2ray-core/releases/download/v4.31.0/v2ray-macos-64.zip

unzip v2ray-macos-64.zip


yudeMacBook-Air:v2ray-4.31.0 brite$ ls

config.json v2ray

geoip.dat v2ray-macos-64.zip

geosite.dat vpoint_socks_vmess.json

v2ctl vpoint_vmess_freedom.json

yudeMacBook-Air:v2ray-4.31.0 brite$ chmod 755 v2ray

yudeMacBook-Air:v2ray-4.31.0 brite$ ./v2ray --version

V2Ray 4.31.0 (V2Fly, a community-driven edition of V2Ray.) Custom (go1.15.2 darwin/amd64)

A unified platform for anti-censorship.

yudeMacBook-Air:v2ray-4.31.0 brite$ nano ~/vless_tcp_xtls.json

yudeMacBook-Air:v2ray-4.31.0 brite$ cat ~/vless_tcp_xtls.json

{

"inbounds": [

        {

            "port": 10800,

            "listen": "127.0.0.1",

            "protocol": "socks",

            "settings": {

                "udp": true

            }

        }

    ],

    "outbounds": [

        {

            "protocol": "vless",

            "settings": {

                "vnext": [

                    {

                        "address": "urdomain.com", 

                        "port": 451,

                        "users": [

                            {

                                "id": "23ad6b10-8d1a-40f7-8ad0-e3e35cd38297", 

                                "flow": "xtls-rprx-origin",

                                "encryption": "none"

                            }

                        ]

                    }

                ]

            },

            "streamSettings": {

                "network": "tcp",

                "security": "xtls"

            }

        }

    ]

}


然后运行:

~/v2ray-4.31.0/v2ray -config ~/vless_tcp_xtls.json


不要关闭此终端,设置浏览器的socks5代理服务器地址为127.0.0.1 ,端口10800 ,浏览器即可翻墙。


参考:

https://github.com/v2fly/v2ray-examples/blob/master/VLESS-TCP-XTLS-WHATEVER/config_server.json

https://tlanyan.me/introduce-v2ray-vless-protocol/#tutorial

https://github.com/v2fly/v2ray-examples/blob/master/VLESS-TCP-XTLS-WHATEVER/config_client/vless_tcp_xtls.json

https://github.com/v2fly/v2ray-examples/issues/43

https://github.com/XTLS/Xray-examples 

https://github.com/XTLS/Xray-docs-next

------------

手动安装Xray及使用指南


Xray 是近期比较活跃的一个 V2ray 代理项目,整体称为 Project X,号称是 V2ray-Core 的一个超集,为更好的体现 XTLS 性能而开发的项目。从项目图标采用的北欧神界阿斯加德,就可以看出项目开发人员的宏图大志,一群大神帮助实现互联网的充分自由。

核心项目 Xray-Core 目前为 1.3.0,可以理解为是性能更加强劲的 V2ray。项目虽然提供了快速安装配置脚本,但是或多或少存在些问题,并且配置文件没有内容,并不能让 Xray 正常工作。本文将演示如何在 CentOS 7 系统手动安装及配置 Xray 服务器,并在 Windows 平台下使用 GUI 客户端连接该服务器,实现科学上网。

1] 下载 Xray 并安装

首先,从 Xray 的下载页面下载与自己操作系统相对应的 Xray 发行版压缩包,并将压缩包解压至当前目录:

# wget https://github.com/XTLS/Xray-core/releases/download/v1.3.0/Xray-linux-64.zip
# unzip -d ./Xray Xray-linux-64.zip
# ls -alh ./Xray

可以看到,Xray 发行版压缩包只有五个文件,其中”geoip.dat”和”geosite.dat”是代理规则文件,”xray”是 Xray 的主程序,其余两个文件是说明文件及授权信息,无实际用途。

根据 Xray 的官方建议,Xray 程序所使用的文件及默认位置如下:

  • xray 程序文件:/usr/local/bin/xray
  • xray 配置文件:/usr/local/etc/xray/config.json
  • geoip 规则文件:/usr/local/share/xray/geoip.dat
  • geosite 规则文件:/usr/local/share/xray/geosite.dat
  • xray 连接日志文件:/var/log/xray/access.log
  • xray 错误日志文件:/var/log/xray/error.log

于是,使用如下命令将已有文件复制到对应目录,并创建其他所需要文件:

# cp ./Xray/xray /usr/local/bin/
# chmod +x /usr/local/bin/xray
# mkdir -p /usr/local/share/xray
# cp ./Xray/*.dat /usr/local/share/xray/
# mkdir -p /usr/local/etc/xray/
# touch /usr/local/etc/xray/config.json
# mkdir -p /var/log/xray
# touch /var/log/xray/access.log
# touch /var/log/xray/error.log

至此,Xray 的安装工作就全部完成。

2] 配置 Xray 服务器

之前已经创建了 Xray 的配置文件”/usr/local/etc/xray/config.json”,修改文件内容如下:

{
    "log": {
        "loglevel": "warning"
    },
    "inbounds": [
        {
            "listen": "0.0.0.0",
            "port": 8080,
            "protocol": "vless",
            "settings": {
                "clients": [
                    {
                        "id": "YOUR_UID_HERE",
                        "level": 0,
                        "email": "service@rultr.com"
                    }
                ],
                "decryption": "none",
                "fallbacks": [
                    {
                        "dest": 8001
                    },
                    {
                        "alpn": "h2",
                        "dest": 8002
                    }
                ]
            },
            "streamSettings": {
                "network": "tcp",
                "security": "tls",
                "tlsSettings": {
                    "serverName": "YOUR_SERVER_NAME_HERE",
                    "alpn": [
                        "h2",
                        "http/1.1"
                    ],
                    "certificates": [
                        {
                            "certificateFile": "/usr/local/etc/xray/trojan-cert.pem",
                            "keyFile": "/usr/local/etc/xray/trojan-key.pem"
                        }
                    ]
                }
            }
        }
    ],
    "inboundDetour": [
	 {
        "port": 443,
        "protocol": "trojan",
        "settings": {
            "clients": [
                {
                   "password":"YOUR_TROJAN_PASSWORD_HERE",
                    "email": "service@rultr.com"
                }
            ]
            },
		"streamSettings": {
        "network": "tcp",
        "security": "tls",
        "tlsSettings": {
			"alpn": [
				"http/1.1"
            ],
		    "certificates": [
			{
				"certificateFile": "/usr/local/etc/xray/trojan-cert.pem",
				"keyFile": "/usr/local/etc/xray/trojan-key.pem"
            }
			]
		}
      }
    } 
   ],
    "outbounds": [
        {
            "protocol": "freedom",
            "tag": "direct"
        }
    ]
}

配置文件将 Xray 配置成为服务器,同时支持两种协议 VLESS 和 Trojan。配置文件中”YOUR_UID_HERE”表示 VLESS 协议的 UID 值,会与客户端相对应;”YOUR_SERVER_NAME_HERE”表示 Xray 主机名, IP 地址及域名均可,推荐使用域名;”YOUR_TROJAN_PASSWORD_HERE”表示 Trojan 协议所设置的密码,同样会与客户端相对应。以上内容需要根据自己的实际情况进行修改,协议侦听的端口也可以根据自己的实际需要自行设置。

配置文件中使用了 TLS 证书,方便起见,使用自签名证书即可.

将公钥和私钥均复制到”/usr/local/etc/xray/”目录,方便 Xray 管理使用。

3] 配置 Xray 服务

添加一个系统服务文件”/etc/systemd/system/xray.service”,内容如下:

[Unit]
Description=Xray Service
Documentation=https://github.com/xtls
After=network.target nss-lookup.target

[Service]
User=root
CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE
AmbientCapabilities=CAP_NET_ADMIN CAP_NET_BIND_SERVICE
NoNewPrivileges=true
ExecStart=/usr/local/bin/xray run -config /usr/local/etc/xray/config.json
Restart=on-failure
RestartPreventExitStatus=23
LimitNPROC=10000
LimitNOFILE=1000000

[Install]
WantedBy=multi-user.target

服务文件添加完成后,即可使用如下命令启动 Xray 并查看状态了:

# systemctl enable --now xray
# systemctl status xray
图.2 启动 Xray 服务器

可以看到,Xray 服务器已经正常运行,Xray 服务端的配置就全部完成了。

4] Xray GUI 客户端使用示例

Xray 虽然强大,但是其 GUI 客户端依然没有完成,可以使用其他 V2ray GUI 客户端实现代理功能。示例将使用 V2rayN,其他客户端如 Qv2ray 也可以,配置方法类似.

下载 Xray 的 Windows 版本软件,解压后将所有文件复制到 V2rayN 所在的目录,打开 V2rayN.exe文件,选择服务器菜单栏,选择”添加[VLESS]服务器”,根据需要填入内容.

图.3 V2rayN 配置 VLESS 服务器

注意客户端中的地址、端口和 UID 都与服务器相对应,由于使用 TLS 加密,所以底层传输安全项选择 TLS,自签名证书建议将跳过证书验证设置为 true。

全部完成后,点击确定完成服务器添加。之后,就可以访问一下 GOOGLE 来验证代理是否工作正常。如果访问不成功,则可以通过查看日志信息,全程查找原因。

至于 Trojan 客户端的配置,与 VLESS 服务器类似,这里就不再演示,相对比较简单。

总体来说,Xray 同 V2ray 具有高度兼容性,程序也更为简洁,不再需要 V2ctl 程序进行控制,由 xray 完成所有功能。并且 Xray 具有同 V2ray 一致的调用接口,最大程度满足不同客户端的要求。如果确实可以发挥其宣称的高性能,则不失为 V2ray 家族的新生代力量,值得大家期待。

 ------------------

XTLS介绍

XTLS官方库 的介绍仅有一句话:THE FUTURE。这个十个字符足以透露出XTLS的牛逼和霸气。

V2fly官网(V2fly社区是V2ray技术的主要推动力量) 称 XTLS为黑科技,VLESS协议作者的形容是 划时代的革命性概念和技术:XTLS

the future、黑科技、划时代、革命性,无论哪个词,都足以形容XTLS的牛逼和独到之处。

XTLS的原理是:使用TLS代理时,https数据其实经过了两层TLS:外层是代理的TLS,内层是https的TLS。XTLS无缝拼接了内外两条货真价实的TLS,使得代理几乎无需再对https流量进行数据加解密,只起到流量中转的作用,极大的提高了性能。

----------

配置V2Ray的新协议:VLESS

v2ray的core版本要4.27(含)以上才支持这个VLESS协议,首先看看我机器当前的版本,4.26是不支持该协议的:

root@imlala:~# /usr/bin/v2ray/v2ray -version
V2Ray 4.26.0 (V2Fly, a community-driven edition of V2Ray.) Custom (go1.14.4 linux/amd64)
A unified platform for anti-censorship.

下面的步骤基本上就是照着wiki上来了,首先咱们把systemd服务停了:

systemctl disable v2ray
systemctl stop v2ray

然后把systemd服务文件和旧版v2ray的文件删了:

rm -rf /etc/systemd/system/v2ray.service
rm -rf /usr/bin/v2ray/

把原来的配置文件目录复制到新的路径:

mv /etc/v2ray/ /usr/local/etc/

然后就可以安装新版本了,如果你是全新安装就可以直接从这里开始,上面那些步骤对你而言是没用的:

apt -y install curl
curl -O https://raw.githubusercontent.com/v2fly/fhs-install-v2ray/master/install-release.sh
chmod 755 install-release.sh
./install-release.sh

这里有一个问题,如果你是升级到最新版的,systemd需要reload一下:

systemctl daemon-reload

然后就可以启动v2ray/设置开机自启了:

systemctl start v2ray
systemctl enable v2ray

接下来我们就可以着手配置VLESS协议了,就目前而言这个协议如果你是拿来过墙的话务必要+一个TLS,因为VLESS协议本身不提供加密。

那么首先我们把nginx/certbot装一下:

apt -y install nginx python-certbot-nginx

这步的目的仅仅只是为了后续可以用certbot申请一个支持自动续期的let's encrypt证书。当然如果在后续你配置了VLESS协议内的fallback,那装一个nginx也是有必要的。

现在就可以用certbot申请一个你的域名证书了:

certbot --nginx --agree-tos --no-eff-email --email xxxxx@qq.com


现在生成一个uuid:

v2ctl uuid

编辑v2ray的配置文件:

nano /usr/local/etc/v2ray/config.json

写入如下配置:

{
  "inbounds": [
    {
      "port": 451,
      "protocol": "vless",
      "settings": {
         "clients": [
           {
             "id": "你刚才生成的UUID"
           }
         ],
         "decryption": "none",
         "fallback": {
           "port": 80
         }
      },
      "streamSettings": {
        "network":"tcp",
        "security": "tls",
        "tlsSettings": {
          "alpn": [
            "http/1.1"
          ],
          "certificates": [
            {
              "certificateFile": "/usr/local/etc/v2ray/fullchain.pem",
              "keyFile": "/usr/local/etc/v2ray/privkey.pem"
            }
          ]
        }
      }
    }
  ],
  "outbounds": [
    {
      "protocol": "freedom",
      "settings": {}
    }
  ]
}

测试你的配置是否正确:

v2ray -config /usr/local/etc/v2ray/config.json -test

最后重启v2ray即可完成服务端这块的配置:

systemctl restart v2ray

客户端要支持VLESS协议同样需要core版本4.27以上,目前windows下的v2rayN客户端已经支持了.

------------------

Xray一键脚本使用方法

Xray项目已经确定独自运作,目前最新版是1.1.2版本。根据测试数据,服务端direct+客户端使用splice后性能比VLESS裸奔还要强上一倍,已经远超trojan/trojan-go,非常推荐使用。

本文的Xray一键脚本可以配置常规VMESS协议、VMESS+KCP、VMESS+websocket+TLS+Nginx、VLESS+TCP+XTLS、VLESS+TCP+TLS、trojan、trojan+XTLS等多种组合,支持CentOS 7/8、Ubuntu 16.04、Debian 8及新版系统。

如果vps运营商开启了防火墙(阿里云、Ucloud、腾讯云、AWS、GCP等商家默认有,搬瓦工/hostdare/vultr等商家默认关闭),请先登录vps管理后台放行80和443端口,否则可能会导致获取证书失败。

复制(或手动输入)下面命令到终端

bash <(curl -sL https://s.hijk.art/xray.sh)

按回车键,将出现如下操作菜单。如果菜单没出现,CentOS系统请输入 yum install -y curl,Ubuntu/Debian系统请输入 sudo apt install -y curl,然后再次运行上面的命令.

本Xray一键脚本目前支持以下组合方式:

  • VMESS,即最普通的V2ray服务器,没有伪装,也不是VLESS
  • VMESS+KCP,传输协议使用mKCP,VPS线路不好时可能有奇效
  • VMESS+TCP+TLS,带伪装的V2ray,不能过CDN中转
  • VMESS+WS+TLS,即最通用的V2ray伪装方式,能过CDN中转,推荐使用
  • VLESS+KCP,传输协议使用mKCP
  • VLESS+TCP+TLS,通用的VLESS版本,不能过CDN中转,但比VMESS+TCP+TLS方式性能更好
  • VLESS+WS+TLS,基于websocket的V2ray伪装VLESS版本,能过CDN中转,有过CDN情况下推荐使
  • VLESS+TCP+XTLS,目前最强悍的VLESS+XTLS组合,强力推荐使用(但是支持的客户端少一些)
  • trojan,轻量级的伪装协议
  • trojan+XTLS,trojan加强版,使用XTLS技术来提升性能

注意:目前一些客户端不支持VLESS协议,或者不支持XTLS,请按照自己的情况选择组合

按照自己的需求选择一个方式。例如6,然后回车。接着脚本会让你输入一些信息,也可以直接按回车使用默认值。需要注意的是,对于要输入伪装域名的情况,如果服务器上有网站在运行,请联系运维再执行脚本,否则可能导致原来网站无法访问!

脚本接下来自动运行,一切顺利的话,结束后会输出配置信息。

到此服务端配置完毕,服务器可能会自动重启(没提示重启,则不需要),windows终端出现“disconnected”,mac出现“closed by remote host”说明服务器成功重启了。

对于VLESS协议、VMESS+WS+TLS的组合,网页上输入伪装域名,能正常打开伪装站,说明服务端已经正确配置好。

对于使用TLS的方式,脚本默认会申请域名证书,证书存放在和xray配置文件同一个文件夹内(即/usr/local/etc/xray目录下)。证书会自动更新,如果客户端突然无法使用,请打开伪装网站查看是否能正常打开。如果证书已过期,请再次运行上面的脚本重新配置。

frm https://v2raytech.com/xray-one-click-script/

Xray一键脚本的内容:

#!/bin/bash
# MTProto一键安装脚本
# Author: hijk<https://hijk.art>


RED="\033[31m"      # Error message
GREEN="\033[32m"    # Success message
YELLOW="\033[33m"   # Warning message
BLUE="\033[36m"     # Info message
PLAIN='\033[0m'

# 以下网站是随机从Google上找到的无广告小说网站,不喜欢请改成其他网址,以http或https开头
# 搭建好后无法打开伪装域名,可能是反代小说网站挂了,请在网站留言,或者Github发issue,以便替换新的网站
SITES=(
http://www.zhuizishu.com/
http://xs.56dyc.com/
http://www.xiaoshuosk.com/
https://www.quledu.net/
http://www.ddxsku.com/
http://www.biqu6.com/
https://www.wenshulou.cc/
http://www.auutea.com/
http://www.55shuba.com/
http://www.39shubao.com/
https://www.23xsw.cc/
)

CONFIG_FILE="/usr/local/etc/xray/config.json"
OS=`hostnamectl | grep -i system | cut -d: -f2`

V6_PROXY=""
IP=`curl -sL -4 ip.sb`
if [[ "$?" != "0" ]]; then
    IP=`curl -sL -6 ip.sb`
    V6_PROXY="https://gh.hijk.art/"
fi

BT="false"
NGINX_CONF_PATH="/etc/nginx/conf.d/"
res=`which bt 2>/dev/null`
if [[ "$res" != "" ]]; then
    BT="true"
    NGINX_CONF_PATH="/www/server/panel/vhost/nginx/"
fi

VLESS="false"
TROJAN="false"
TLS="false"
WS="false"
XTLS="false"
KCP="false"

checkSystem() {
    result=$(id | awk '{print $1}')
    if [[ $result != "uid=0(root)" ]]; then
        colorEcho $RED " 请以root身份执行该脚本"
        exit 1
    fi

    res=`which yum 2>/dev/null`
    if [[ "$?" != "0" ]]; then
        res=`which apt 2>/dev/null`
        if [[ "$?" != "0" ]]; then
            colorEcho $RED " 不受支持的Linux系统"
            exit 1
        fi
        PMT="apt"
        CMD_INSTALL="apt install -y "
        CMD_REMOVE="apt remove -y "
        CMD_UPGRADE="apt update; apt upgrade -y; apt autoremove -y"
    else
        PMT="yum"
        CMD_INSTALL="yum install -y "
        CMD_REMOVE="yum remove -y "
        CMD_UPGRADE="yum update -y"
    fi
    res=`which systemctl 2>/dev/null`
    if [[ "$?" != "0" ]]; then
        colorEcho $RED " 系统版本过低,请升级到最新版本"
        exit 1
    fi
}

colorEcho() {
    echo -e "${1}${@:2}${PLAIN}"
}

configNeedNginx() {
    local ws=`grep wsSettings $CONFIG_FILE`
    if [[ -z "$ws" ]]; then
        echo no
        return
    fi
    echo yes
}

needNginx() {
    if [[ "$WS" = "false" ]]; then
        echo no
        return
    fi
    echo yes
}

status() {
    if [[ ! -f /usr/local/bin/xray ]]; then
        echo 0
        return
    fi
    if [[ ! -f $CONFIG_FILE ]]; then
        echo 1
        return
    fi
    port=`grep port $CONFIG_FILE| head -n 1| cut -d: -f2| tr -d \",' '`
    res=`ss -nutlp| grep ${port} | grep -i xray`
    if [[ -z "$res" ]]; then
        echo 2
        return
    fi

    if [[ `configNeedNginx` != "yes" ]]; then
        echo 3
    else
        res=`ss -nutlp|grep -i nginx`
        if [[ -z "$res" ]]; then
            echo 4
        else
            echo 5
        fi
    fi
}

statusText() {
    res=`status`
    case $res in
        2)
            echo -e ${GREEN}已安装${PLAIN} ${RED}未运行${PLAIN}
            ;;
        3)
            echo -e ${GREEN}已安装${PLAIN} ${GREEN}Xray正在运行${PLAIN}
            ;;
        4)
            echo -e ${GREEN}已安装${PLAIN} ${GREEN}Xray正在运行${PLAIN}, ${RED}Nginx未运行${PLAIN}
            ;;
        5)
            echo -e ${GREEN}已安装${PLAIN} ${GREEN}Xray正在运行, Nginx正在运行${PLAIN}
            ;;
        *)
            echo -e ${RED}未安装${PLAIN}
            ;;
    esac
}

normalizeVersion() {
    if [ -n "$1" ]; then
        case "$1" in
            v*)
                echo "$1"
            ;;
            *)
                echo "v$1"
            ;;
        esac
    else
        echo ""
    fi
}

# 1: new Xray. 0: no. 1: yes. 2: not installed. 3: check failed.
getVersion() {
    VER=`/usr/local/bin/xray version|head -n1 | awk '{print $2}'`
    RETVAL=$?
    CUR_VER="$(normalizeVersion "$(echo "$VER" | head -n 1 | cut -d " " -f2)")"
    TAG_URL="${V6_PROXY}https://api.github.com/repos/XTLS/Xray-core/releases/latest"
    NEW_VER="$(normalizeVersion "$(curl -s "${TAG_URL}" --connect-timeout 10| grep 'tag_name' | cut -d\" -f4)")"

    if [[ $? -ne 0 ]] || [[ $NEW_VER == "" ]]; then
        colorEcho $RED " 检查Xray版本信息失败,请检查网络"
        return 3
    elif [[ $RETVAL -ne 0 ]];then
        return 2
    elif [[ $NEW_VER != $CUR_VER ]];then
        return 1
    fi
    return 0
}

archAffix(){
    case "$(uname -m)" in
        i686|i386)
            echo '32'
        ;;
        x86_64|amd64)
            echo '64'
        ;;
        armv5tel)
            echo 'arm32-v5'
        ;;
        armv6l)
            echo 'arm32-v6'
        ;;
        armv7|armv7l)
            echo 'arm32-v7a'
        ;;
        armv8|aarch64)
            echo 'arm64-v8a'
        ;;
        mips64le)
            echo 'mips64le'
        ;;
        mips64)
            echo 'mips64'
        ;;
        mipsle)
            echo 'mips32le'
        ;;
        mips)
            echo 'mips32'
        ;;
        ppc64le)
            echo 'ppc64le'
        ;;
        ppc64)
            echo 'ppc64'
        ;;
        ppc64le)
            echo 'ppc64le'
        ;;
        riscv64)
            echo 'riscv64'
        ;;
        s390x)
            echo 's390x'
        ;;
        *)
            colorEcho $RED " 不支持的CPU架构!"
            exit 1
        ;;
    esac

	return 0
}

getData() {
    if [[ "$TLS" = "true" || "$XTLS" = "true" ]]; then
        echo ""
        echo " Xray一键脚本,运行之前请确认如下条件已经具备:"
        colorEcho ${YELLOW} "  1. 一个伪装域名"
        colorEcho ${YELLOW} "  2. 伪装域名DNS解析指向当前服务器ip(${IP})"
        colorEcho ${BLUE} "  3. 如果/root目录下有 xray.pem 和 xray.key 证书密钥文件,无需理会条件2"
        echo " "
        read -p " 确认满足按y,按其他退出脚本:" answer
        if [[ "${answer,,}" != "y" ]]; then
            exit 0
        fi

        echo ""
        while true
        do
            read -p " 请输入伪装域名:" DOMAIN
            if [[ -z "${DOMAIN}" ]]; then
                colorEcho ${RED} " 域名输入错误,请重新输入!"
            else
                break
            fi
        done
        DOMAIN=${DOMAIN,,}
        colorEcho ${BLUE}  " 伪装域名(host):$DOMAIN"

        echo ""
        if [[ -f ~/xray.pem && -f ~/xray.key ]]; then
            colorEcho ${BLUE}  " 检测到自有证书,将使用其部署"
            CERT_FILE="/usr/local/etc/xray/${DOMAIN}.pem"
            KEY_FILE="/usr/local/etc/xray/${DOMAIN}.key"
        else
            resolve=`curl -sL https://hijk.art/hostip.php?d=${DOMAIN}`
            res=`echo -n ${resolve} | grep ${IP}`
            if [[ -z "${res}" ]]; then
                colorEcho ${BLUE}  "${DOMAIN} 解析结果:${resolve}"
                colorEcho ${RED}  " 域名未解析到当前服务器IP(${IP})!"
                exit 1
            fi
        fi
    fi

    echo ""
    if [[ "$(needNginx)" = "no" ]]; then
        if [[ "$TLS" = "true" ]]; then
            read -p " 请输入xray监听端口[强烈建议443,默认443]:" PORT
            [[ -z "${PORT}" ]] && PORT=443
        else
            read -p " 请输入xray监听端口[100-65535的一个数字]:" PORT
            [[ -z "${PORT}" ]] && PORT=`shuf -i200-65000 -n1`
            if [[ "${PORT:0:1}" = "0" ]]; then
                colorEcho ${RED}  " 端口不能以0开头"
                exit 1
            fi
        fi
        colorEcho ${BLUE}  " xray端口:$PORT"
    else
        read -p " 请输入Nginx监听端口[100-65535的一个数字,默认443]:" PORT
        [[ -z "${PORT}" ]] && PORT=443
        if [ "${PORT:0:1}" = "0" ]; then
            colorEcho ${BLUE}  " 端口不能以0开头"
            exit 1
        fi
        colorEcho ${BLUE}  " Nginx端口:$PORT"
        XPORT=`shuf -i10000-65000 -n1`
    fi

    if [[ "$KCP" = "true" ]]; then
        echo ""
        colorEcho $BLUE " 请选择伪装类型:"
        echo "   1) 无"
        echo "   2) BT下载"
        echo "   3) 视频通话"
        echo "   4) 微信视频通话"
        echo "   5) dtls"
        echo "   6) wiregard"
        read -p "  请选择伪装类型[默认:无]:" answer
        case $answer in
            2)
                HEADER_TYPE="utp"
                ;;
            3)
                HEADER_TYPE="srtp"
                ;;
            4)
                HEADER_TYPE="wechat-video"
                ;;
            5)
                HEADER_TYPE="dtls"
                ;;
            6)
                HEADER_TYPE="wireguard"
                ;;
            *)
                HEADER_TYPE="none"
                ;;
        esac
        colorEcho $BLUE " 伪装类型:$HEADER_TYPE"
        SEED=`cat /proc/sys/kernel/random/uuid`
    fi

    if [[ "$TROJAN" = "true" ]]; then
        echo ""
        read -p " 请设置trojan密码(不输则随机生成):" PASSWORD
        [[ -z "$PASSWORD" ]] && PASSWORD=`cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 16 | head -n 1`
        colorEcho $BLUE " trojan密码:$PASSWORD"
    fi

    if [[ "$XTLS" = "true" ]]; then
        echo ""
        colorEcho $BLUE " 请选择流控模式:" 
        echo -e "   1) xtls-rprx-direct [$RED推荐$PLAIN]"
        echo "   2) xtls-rprx-origin"
        read -p "  请选择流控模式[默认:direct]" answer
        [[ -z "$answer" ]] && answer=1
        case $answer in
            1)
                FLOW="xtls-rprx-direct"
                ;;
            2)
                FLOW="xtls-rprx-origin"
                ;;
            *)
                colorEcho $RED " 无效选项,使用默认的xtls-rprx-direct"
                FLOW="xtls-rprx-direct"
                ;;
        esac
        colorEcho $BLUE " 流控模式:$FLOW"
    fi

    if [[ "${WS}" = "true" ]]; then
        echo ""
        while true
        do
            read -p " 请输入伪装路径,以/开头:" WSPATH
            if [[ -z "${WSPATH}" ]]; then
                len=`shuf -i5-12 -n1`
                ws=`cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w $len | head -n 1`
                WSPATH="/$ws"
                break
            elif [[ "${WSPATH:0:1}" != "/" ]]; then
                colorEcho ${RED}  " 伪装路径必须以/开头!"
            elif [[ "${WSPATH}" = "/" ]]; then
                colorEcho ${RED}   " 不能使用根路径!"
            else
                break
            fi
        done
        colorEcho ${BLUE}  " ws路径:$WSPATH"
    fi

    if [[ "$TLS" = "true" || "$XTLS" = "true" ]]; then
        echo ""
        colorEcho $BLUE " 请选择伪装站类型:"
        echo "   1) 静态网站(位于/usr/share/nginx/html)"
        echo "   2) 小说站(随机选择)"
        echo "   3) 美女站(https://imeizi.me)"
        echo "   4) VPS优惠博客(https://vpsgongyi.com)"
        echo "   5) 自定义反代站点(需以http或者https开头)"
        read -p "  请选择伪装网站类型[默认:美女站]" answer
        if [[ -z "$answer" ]]; then
            PROXY_URL="https://imeizi.me"
        else
            case $answer in
            1)
                PROXY_URL=""
                ;;
            2)
                len=${#SITES[@]}
                ((len--))
                while true
                do
                    index=`shuf -i0-${len} -n1`
                    PROXY_URL=${SITES[$index]}
                    host=`echo ${PROXY_URL} | cut -d/ -f3`
                    ip=`curl -sL https://hijk.art/hostip.php?d=${host}`
                    res=`echo -n ${ip} | grep ${host}`
                    if [[ "${res}" = "" ]]; then
                        echo "$ip $host" >> /etc/hosts
                        break
                    fi
                done
                ;;
            3)
                PROXY_URL="https://imeizi.me"
                ;;
            4)
                PROXY_URL="https://vpsgongyi.com"
                ;;
            5)
                read -p " 请输入反代站点(以http或者https开头):" PROXY_URL
                if [[ -z "$PROXY_URL" ]]; then
                    colorEcho $RED " 请输入反代网站!"
                    exit 1
                elif [[ "${PROXY_URL:0:4}" != "http" ]]; then
                    colorEcho $RED " 反代网站必须以http或https开头!"
                    exit 1
                fi
                ;;
            *)
                colorEcho $RED " 请输入正确的选项!"
                exit 1
            esac
        fi
        REMOTE_HOST=`echo ${PROXY_URL} | cut -d/ -f3`
        colorEcho $BLUE " 伪装网站:$PROXY_URL"

        echo ""
        colorEcho $BLUE "  是否允许搜索引擎爬取网站?[默认:不允许]"
        echo "    y)允许,会有更多ip请求网站,但会消耗一些流量,vps流量充足情况下推荐使用"
        echo "    n)不允许,爬虫不会访问网站,访问ip比较单一,但能节省vps流量"
        read -p "  请选择:[y/n]" answer
        if [[ -z "$answer" ]]; then
            ALLOW_SPIDER="n"
        elif [[ "${answer,,}" = "y" ]]; then
            ALLOW_SPIDER="y"
        else
            ALLOW_SPIDER="n"
        fi
        colorEcho $BLUE " 允许搜索引擎:$ALLOW_SPIDER"
    fi

    echo ""
    read -p " 是否安装BBR(默认安装)?[y/n]:" NEED_BBR
    [[ -z "$NEED_BBR" ]] && NEED_BBR=y
    [[ "$NEED_BBR" = "Y" ]] && NEED_BBR=y
    colorEcho $BLUE " 安装BBR:$NEED_BBR"
}

installNginx() {
    echo ""
    colorEcho $BLUE " 安装nginx..."
    if [[ "$BT" = "false" ]]; then
        if [[ "$PMT" = "yum" ]]; then
            $CMD_INSTALL epel-release 
        fi
        $CMD_INSTALL nginx
        systemctl enable nginx
    else
        res=`which nginx 2>/dev/null`
        if [[ "$?" != "0" ]]; then
            colorEcho $RED " 您安装了宝塔,请在宝塔后台安装nginx后再运行本脚本"
            exit 1
        fi
    fi
}

startNginx() {
    if [[ "$BT" = "false" ]]; then
        systemctl start nginx
    else
        nginx -c /www/server/nginx/conf/nginx.conf
    fi
}

stopNginx() {
    if [[ "$BT" = "false" ]]; then
        systemctl stop nginx
    else
        res=`ps aux | grep -i nginx`
        if [[ "$res" != "" ]]; then
            nginx -s stop
        fi
    fi
}

getCert() {
    mkdir -p /usr/local/etc/xray
    if [[ -z ${CERT_FILE+x} ]]; then
        stopNginx
        systemctl stop xray
        res=`netstat -ntlp| grep -E ':80 |:443 '`
        if [[ "${res}" != "" ]]; then
            colorEcho ${RED}  " 其他进程占用了80或443端口,请先关闭再运行一键脚本"
            echo " 端口占用信息如下:"
            echo ${res}
            exit 1
        fi

        $CMD_INSTALL socat openssl
        if [[ "$PMT" = "yum" ]]; then
            $CMD_INSTALL cronie
            systemctl start crond
            systemctl enable crond
        else
            $CMD_INSTALL cron
            systemctl start cron
            systemctl enable cron
        fi
        curl -sL https://get.acme.sh | sh
        source ~/.bashrc
        ~/.acme.sh/acme.sh  --upgrade  --auto-upgrade
        ~/.acme.sh/acme.sh   --issue -d $DOMAIN   --standalone
        CERT_FILE="/usr/local/etc/xray/${DOMAIN}.pem"
        KEY_FILE="/usr/local/etc/xray/${DOMAIN}.key"
        ~/.acme.sh/acme.sh  --install-cert -d $DOMAIN \
            --key-file       $KEY_FILE  \
            --fullchain-file $CERT_FILE \
            --reloadcmd     "service nginx force-reload"
        [[ -f $CERT_FILE && -f $KEY_FILE ]] || {
            colorEcho $RED " 获取证书失败,请到 https://hijk.art 反馈"
            exit 1
        }
    else
        cp ~/xray.pem /usr/local/etc/xray/${DOMAIN}.pem
        cp ~/xray.key /usr/local/etc/xray/${DOMAIN}.key
    fi
}

configNginx() {
    mkdir -p /usr/share/nginx/html;
    if [[ "$ALLOW_SPIDER" = "n" ]]; then
        echo 'User-Agent: *' > /usr/share/nginx/html/robots.txt
        echo 'Disallow: /' >> /usr/share/nginx/html/robots.txt
        ROBOT_CONFIG="    location = /robots.txt {}"
    else
        ROBOT_CONFIG=""
    fi

    if [[ "$BT" = "false" ]]; then
        if [[ ! -f /etc/nginx/nginx.conf.bak ]]; then
            mv /etc/nginx/nginx.conf /etc/nginx/nginx.conf.bak
        fi
        res=`id nginx 2>/dev/null`
        if [[ "$?" != "0" ]]; then
            user="www-data"
        else
            user="nginx"
        fi
        cat > /etc/nginx/nginx.conf<<-EOF
user $user;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;

# Load dynamic modules. See /usr/share/doc/nginx/README.dynamic.
include /usr/share/nginx/modules/*.conf;

events {
    worker_connections 1024;
}

http {
    log_format  main  '\$remote_addr - \$remote_user [\$time_local] "\$request" '
                      '\$status \$body_bytes_sent "\$http_referer" '
                      '"\$http_user_agent" "\$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;
    server_tokens off;

    sendfile            on;
    tcp_nopush          on;
    tcp_nodelay         on;
    keepalive_timeout   65;
    types_hash_max_size 2048;
    gzip                on;

    include             /etc/nginx/mime.types;
    default_type        application/octet-stream;

    # Load modular configuration files from the /etc/nginx/conf.d directory.
    # See http://nginx.org/en/docs/ngx_core_module.html#include
    # for more information.
    include /etc/nginx/conf.d/*.conf;
}
EOF
    fi

    if [[ "$PROXY_URL" = "" ]]; then
        action=""
    else
        action="proxy_ssl_server_name on;
        proxy_pass $PROXY_URL;
        proxy_set_header Accept-Encoding '';
        sub_filter \"$REMOTE_HOST\" \"$DOMAIN\";
        sub_filter_once off;"
    fi

    if [[ "$TLS" = "true" || "$XTLS" = "true" ]]; then
        mkdir -p ${NGINX_CONF_PATH}
        # VMESS+WS+TLS
        # VLESS+WS+TLS
        if [[ "$WS" = "true" ]]; then
            cat > ${NGINX_CONF_PATH}${DOMAIN}.conf<<-EOF
server {
    listen 80;
    listen [::]:80;
    server_name ${DOMAIN};
    return 301 https://\$server_name:${PORT}\$request_uri;
}

server {
    listen       ${PORT} ssl http2;
    listen       [::]:${PORT} ssl http2;
    server_name ${DOMAIN};
    charset utf-8;

    # ssl配置
    ssl_protocols TLSv1.1 TLSv1.2;
    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
    ssl_ecdh_curve secp384r1;
    ssl_prefer_server_ciphers on;
    ssl_session_cache shared:SSL:10m;
    ssl_session_timeout 10m;
    ssl_session_tickets off;
    ssl_certificate $CERT_FILE;
    ssl_certificate_key $KEY_FILE;

    root /usr/share/nginx/html;
    location / {
        $action
    }
    $ROBOT_CONFIG

    location ${WSPATH} {
      proxy_redirect off;
      proxy_pass http://127.0.0.1:${XPORT};
      proxy_http_version 1.1;
      proxy_set_header Upgrade \$http_upgrade;
      proxy_set_header Connection "upgrade";
      proxy_set_header Host \$host;
      proxy_set_header X-Real-IP \$remote_addr;
      proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
    }
}
EOF
        else
            # VLESS+TCP+TLS
            # VLESS+TCP+XTLS
            # trojan
            cat > ${NGINX_CONF_PATH}${DOMAIN}.conf<<-EOF
server {
    listen 80;
    listen [::]:80;
    listen 81 http2;
    server_name ${DOMAIN};
    root /usr/share/nginx/html;
    location / {
        $action
    }
    $ROBOT_CONFIG
}
EOF
        fi
    fi
}

setSelinux() {
    if [[ -s /etc/selinux/config ]] && grep 'SELINUX=enforcing' /etc/selinux/config; then
        sed -i 's/SELINUX=enforcing/SELINUX=permissive/g' /etc/selinux/config
        setenforce 0
    fi
}

setFirewall() {
    res=`which firewall-cmd 2>/dev/null`
    if [[ $? -eq 0 ]]; then
        systemctl status firewalld > /dev/null 2>&1
        if [[ $? -eq 0 ]];then
            firewall-cmd --permanent --add-service=http
            firewall-cmd --permanent --add-service=https
            if [[ "$PORT" != "443" ]]; then
                firewall-cmd --permanent --add-port=${PORT}/tcp
                firewall-cmd --permanent --add-port=${PORT}/udp
            fi
            firewall-cmd --reload
        else
            nl=`iptables -nL | nl | grep FORWARD | awk '{print $1}'`
            if [[ "$nl" != "3" ]]; then
                iptables -I INPUT -p tcp --dport 80 -j ACCEPT
                iptables -I INPUT -p tcp --dport 443 -j ACCEPT
                if [[ "$PORT" != "443" ]]; then
                    iptables -I INPUT -p tcp --dport ${PORT} -j ACCEPT
                    iptables -I INPUT -p udp --dport ${PORT} -j ACCEPT
                fi
            fi
        fi
    else
        res=`which iptables 2>/dev/null`
        if [[ $? -eq 0 ]]; then
            nl=`iptables -nL | nl | grep FORWARD | awk '{print $1}'`
            if [[ "$nl" != "3" ]]; then
                iptables -I INPUT -p tcp --dport 80 -j ACCEPT
                iptables -I INPUT -p tcp --dport 443 -j ACCEPT
                if [[ "$PORT" != "443" ]]; then
                    iptables -I INPUT -p tcp --dport ${PORT} -j ACCEPT
                    iptables -I INPUT -p udp --dport ${PORT} -j ACCEPT
                fi
            fi
        else
            res=`which ufw 2>/dev/null`
            if [[ $? -eq 0 ]]; then
                res=`ufw status | grep -i inactive`
                if [[ "$res" = "" ]]; then
                    ufw allow http/tcp
                    ufw allow https/tcp
                    if [[ "$PORT" != "443" ]]; then
                        ufw allow ${PORT}/tcp
                        ufw allow ${PORT}/udp
                    fi
                fi
            fi
        fi
    fi
}

installBBR() {
    if [[ "$NEED_BBR" != "y" ]]; then
        INSTALL_BBR=false
        return
    fi
    result=$(lsmod | grep bbr)
    if [[ "$result" != "" ]]; then
        colorEcho $BLUE " BBR模块已安装"
        INSTALL_BBR=false
        echo "3" > /proc/sys/net/ipv4/tcp_fastopen
        echo "net.ipv4.tcp_fastopen = 3" >> /etc/sysctl.conf
        return
    fi
    res=`hostnamectl | grep -i openvz`
    if [[ "$res" != "" ]]; then
        colorEcho $BLUE " openvz机器,跳过安装"
        INSTALL_BBR=false
        return
    fi
    
    echo "net.core.default_qdisc=fq" >> /etc/sysctl.conf
    echo "net.ipv4.tcp_congestion_control=bbr" >> /etc/sysctl.conf
    echo "net.ipv4.tcp_fastopen = 3" >> /etc/sysctl.conf
    sysctl -p
    result=$(lsmod | grep bbr)
    if [[ "$result" != "" ]]; then
        colorEcho $GREEN " BBR模块已启用"
        INSTALL_BBR=false
        return
    fi

    colorEcho $BLUE " 安装BBR模块..."
    if [[ "$PMT" = "yum" ]]; then
        if [[ "$V6_PROXY" = "" ]]; then
            rpm --import https://www.elrepo.org/RPM-GPG-KEY-elrepo.org
            rpm -Uvh http://www.elrepo.org/elrepo-release-7.0-4.el7.elrepo.noarch.rpm
            $CMD_INSTALL --enablerepo=elrepo-kernel kernel-ml
            $CMD_REMOVE kernel-3.*
            grub2-set-default 0
            echo "tcp_bbr" >> /etc/modules-load.d/modules.conf
            echo "3" > /proc/sys/net/ipv4/tcp_fastopen
            INSTALL_BBR=true
        fi
    else
        $CMD_INSTALL --install-recommends linux-generic-hwe-16.04
        grub-set-default 0
        echo "tcp_bbr" >> /etc/modules-load.d/modules.conf
        echo "3" > /proc/sys/net/ipv4/tcp_fastopen
        INSTALL_BBR=true
    fi
}

installXray() {
    rm -rf /tmp/xray
    mkdir -p /tmp/xray
    DOWNLOAD_LINK="${V6_PROXY}https://github.com/XTLS/Xray-core/releases/download/${NEW_VER}/Xray-linux-$(archAffix).zip"
    colorEcho $BLUE " 下载Xray: ${DOWNLOAD_LINK}"
    curl -L -H "Cache-Control: no-cache" -o /tmp/xray/xray.zip ${DOWNLOAD_LINK}
    if [ $? != 0 ];then
        colorEcho $RED " 下载Xray文件失败,请检查服务器网络设置"
        exit 1
    fi
    systemctl stop xray
    mkdir -p /usr/local/etc/xray /usr/local/share/xray && \
    unzip /tmp/xray/xray.zip -d /tmp/xray
    cp /tmp/xray/xray /usr/local/bin
    cp /tmp/xray/geo* /usr/local/share/xray
    chmod +x /usr/local/bin/xray || {
        colorEcho $RED " Xray安装失败"
        exit 1
    }

    cat >/etc/systemd/system/xray.service<<-EOF
[Unit]
Description=Xray Service
Documentation=https://github.com/xtls https://hijk.art
After=network.target nss-lookup.target

[Service]
User=root
CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE
AmbientCapabilities=CAP_NET_ADMIN CAP_NET_BIND_SERVICE
NoNewPrivileges=true
ExecStart=/usr/local/bin/xray run -config /usr/local/etc/xray/config.json
Restart=on-failure
RestartPreventExitStatus=23

[Install]
WantedBy=multi-user.target
EOF
    systemctl daemon-reload
    systemctl enable xray.service
}

trojanConfig() {
    cat > $CONFIG_FILE<<-EOF
{
  "inbounds": [{
    "port": $PORT,
    "protocol": "trojan",
    "settings": {
      "clients": [
        {
          "password": "$PASSWORD"
        }
      ],
      "fallbacks": [
        {
              "alpn": "http/1.1",
              "dest": 80
          },
          {
              "alpn": "h2",
              "dest": 81
          }
      ]
    },
    "streamSettings": {
        "network": "tcp",
        "security": "tls",
        "tlsSettings": {
            "serverName": "$DOMAIN",
            "alpn": ["http/1.1", "h2"],
            "certificates": [
                {
                    "certificateFile": "$CERT_FILE",
                    "keyFile": "$KEY_FILE"
                }
            ]
        }
    }
  }],
  "outbounds": [{
    "protocol": "freedom",
    "settings": {}
  },{
    "protocol": "blackhole",
    "settings": {},
    "tag": "blocked"
  }],
  "routing": {
    "rules": [
      {
        "type": "field",
        "ip": ["geoip:private"],
        "outboundTag": "blocked"
      }
    ]
  }
}
EOF
}

trojanXTLSConfig() {
    cat > $CONFIG_FILE<<-EOF
{
  "inbounds": [{
    "port": $PORT,
    "protocol": "trojan",
    "settings": {
      "clients": [
        {
          "password": "$PASSWORD",
          "flow": "$FLOW"
        }
      ],
      "fallbacks": [
        {
              "alpn": "http/1.1",
              "dest": 80
          },
          {
              "alpn": "h2",
              "dest": 81
          }
      ]
    },
    "streamSettings": {
        "network": "tcp",
        "security": "xtls",
        "xtlsSettings": {
            "serverName": "$DOMAIN",
            "alpn": ["http/1.1", "h2"],
            "certificates": [
                {
                    "certificateFile": "$CERT_FILE",
                    "keyFile": "$KEY_FILE"
                }
            ]
        }
    }
  }],
  "outbounds": [{
    "protocol": "freedom",
    "settings": {}
  },{
    "protocol": "blackhole",
    "settings": {},
    "tag": "blocked"
  }],
  "routing": {
    "rules": [
      {
        "type": "field",
        "ip": ["geoip:private"],
        "outboundTag": "blocked"
      }
    ]
  }
}
EOF
}

vmessConfig() {
    local uuid="$(cat '/proc/sys/kernel/random/uuid')"
    local alterid=`shuf -i50-80 -n1`
    cat > $CONFIG_FILE<<-EOF
{
  "inbounds": [{
    "port": $PORT,
    "protocol": "vmess",
    "settings": {
      "clients": [
        {
          "id": "$uuid",
          "level": 1,
          "alterId": $alterid
        }
      ]
    }
  }],
  "outbounds": [{
    "protocol": "freedom",
    "settings": {}
  },{
    "protocol": "blackhole",
    "settings": {},
    "tag": "blocked"
  }],
  "routing": {
    "rules": [
      {
        "type": "field",
        "ip": ["geoip:private"],
        "outboundTag": "blocked"
      }
    ]
  }
}
EOF
}

vmessKCPConfig() {
    local uuid="$(cat '/proc/sys/kernel/random/uuid')"
    local alterid=`shuf -i50-80 -n1`
    cat > $CONFIG_FILE<<-EOF
{
  "inbounds": [{
    "port": $PORT,
    "protocol": "vmess",
    "settings": {
      "clients": [
        {
          "id": "$uuid",
          "level": 1,
          "alterId": $alterid
        }
      ]
    },
    "streamSettings": {
        "network": "mkcp",
        "kcpSettings": {
            "uplinkCapacity": 100,
            "downlinkCapacity": 100,
            "congestion": true,
            "header": {
                "type": "$HEADER_TYPE"
            },
            "seed": "$SEED"
        }
    }
  }],
  "outbounds": [{
    "protocol": "freedom",
    "settings": {}
  },{
    "protocol": "blackhole",
    "settings": {},
    "tag": "blocked"
  }],
  "routing": {
    "rules": [
      {
        "type": "field",
        "ip": ["geoip:private"],
        "outboundTag": "blocked"
      }
    ]
  }
}
EOF
}

vmessTLSConfig() {
    local uuid="$(cat '/proc/sys/kernel/random/uuid')"
    cat > $CONFIG_FILE<<-EOF
{
  "inbounds": [{
    "port": $PORT,
    "protocol": "vmess",
    "settings": {
      "clients": [
        {
          "id": "$uuid",
          "level": 1,
          "alterId": 0
        }
      ],
      "disableInsecureEncryption": false
    },
    "streamSettings": {
        "network": "tcp",
        "security": "tls",
        "tlsSettings": {
            "serverName": "$DOMAIN",
            "alpn": ["http/1.1", "h2"],
            "certificates": [
                {
                    "certificateFile": "$CERT_FILE",
                    "keyFile": "$KEY_FILE"
                }
            ]
        }
    }
  }],
  "outbounds": [{
    "protocol": "freedom",
    "settings": {}
  },{
    "protocol": "blackhole",
    "settings": {},
    "tag": "blocked"
  }],
  "routing": {
    "rules": [
      {
        "type": "field",
        "ip": ["geoip:private"],
        "outboundTag": "blocked"
      }
    ]
  }
}
EOF
}

vmessWSConfig() {
    local uuid="$(cat '/proc/sys/kernel/random/uuid')"
    cat > $CONFIG_FILE<<-EOF
{
  "inbounds": [{
    "port": $XPORT,
    "listen": "127.0.0.1",
    "protocol": "vmess",
    "settings": {
      "clients": [
        {
          "id": "$uuid",
          "level": 1,
          "alterId": 0
        }
      ],
      "disableInsecureEncryption": false
    },
    "streamSettings": {
        "network": "ws",
        "wsSettings": {
            "path": "$WSPATH",
            "headers": {
                "Host": "$DOMAIN"
            }
        }
    }
  }],
  "outbounds": [{
    "protocol": "freedom",
    "settings": {}
  },{
    "protocol": "blackhole",
    "settings": {},
    "tag": "blocked"
  }],
  "routing": {
    "rules": [
      {
        "type": "field",
        "ip": ["geoip:private"],
        "outboundTag": "blocked"
      }
    ]
  }
}
EOF
}

vlessTLSConfig() {
    local uuid="$(cat '/proc/sys/kernel/random/uuid')"
    cat > $CONFIG_FILE<<-EOF
{
  "inbounds": [{
    "port": $PORT,
    "protocol": "vless",
    "settings": {
      "clients": [
        {
          "id": "$uuid",
          "level": 0
        }
      ],
      "decryption": "none",
      "fallbacks": [
          {
              "alpn": "http/1.1",
              "dest": 80
          },
          {
              "alpn": "h2",
              "dest": 81
          }
      ]
    },
    "streamSettings": {
        "network": "tcp",
        "security": "tls",
        "tlsSettings": {
            "serverName": "$DOMAIN",
            "alpn": ["http/1.1", "h2"],
            "certificates": [
                {
                    "certificateFile": "$CERT_FILE",
                    "keyFile": "$KEY_FILE"
                }
            ]
        }
    }
  }],
  "outbounds": [{
    "protocol": "freedom",
    "settings": {}
  },{
    "protocol": "blackhole",
    "settings": {},
    "tag": "blocked"
  }],
  "routing": {
    "rules": [
      {
        "type": "field",
        "ip": ["geoip:private"],
        "outboundTag": "blocked"
      }
    ]
  }
}
EOF
}

vlessXTLSConfig() {
    local uuid="$(cat '/proc/sys/kernel/random/uuid')"
    cat > $CONFIG_FILE<<-EOF
{
  "inbounds": [{
    "port": $PORT,
    "protocol": "vless",
    "settings": {
      "clients": [
        {
          "id": "$uuid",
          "flow": "$FLOW",
          "level": 0
        }
      ],
      "decryption": "none",
      "fallbacks": [
          {
              "alpn": "http/1.1",
              "dest": 80
          },
          {
              "alpn": "h2",
              "dest": 81
          }
      ]
    },
    "streamSettings": {
        "network": "tcp",
        "security": "xtls",
        "xtlsSettings": {
            "serverName": "$DOMAIN",
            "alpn": ["http/1.1", "h2"],
            "certificates": [
                {
                    "certificateFile": "$CERT_FILE",
                    "keyFile": "$KEY_FILE"
                }
            ]
        }
    }
  }],
  "outbounds": [{
    "protocol": "freedom",
    "settings": {}
  },{
    "protocol": "blackhole",
    "settings": {},
    "tag": "blocked"
  }],
  "routing": {
    "rules": [
      {
        "type": "field",
        "ip": ["geoip:private"],
        "outboundTag": "blocked"
      }
    ]
  }
}
EOF
}

vlessWSConfig() {
    local uuid="$(cat '/proc/sys/kernel/random/uuid')"
    cat > $CONFIG_FILE<<-EOF
{
  "inbounds": [{
    "port": $XPORT,
    "listen": "127.0.0.1",
    "protocol": "vless",
    "settings": {
        "clients": [
            {
                "id": "$uuid",
                "level": 0
            }
        ],
        "decryption": "none"
    },
    "streamSettings": {
        "network": "ws",
        "security": "none",
        "wsSettings": {
            "path": "$WSPATH",
            "headers": {
                "Host": "$DOMAIN"
            }
        }
    }
  }],
  "outbounds": [{
    "protocol": "freedom",
    "settings": {}
  },{
    "protocol": "blackhole",
    "settings": {},
    "tag": "blocked"
  }],
  "routing": {
    "rules": [
      {
        "type": "field",
        "ip": ["geoip:private"],
        "outboundTag": "blocked"
      }
    ]
  }
}
EOF
}

vlessKCPConfig() {
    local uuid="$(cat '/proc/sys/kernel/random/uuid')"
    cat > $CONFIG_FILE<<-EOF
{
  "inbounds": [{
    "port": $PORT,
    "protocol": "vless",
    "settings": {
      "clients": [
        {
          "id": "$uuid",
          "level": 0
        }
      ],
      "decryption": "none"
    },
    "streamSettings": {
        "streamSettings": {
            "network": "mkcp",
            "kcpSettings": {
                "uplinkCapacity": 100,
                "downlinkCapacity": 100,
                "congestion": true,
                "header": {
                    "type": "$HEADER_TYPE"
                },
                "seed": "$SEED"
            }
        }
    }
  }],
  "outbounds": [{
    "protocol": "freedom",
    "settings": {}
  },{
    "protocol": "blackhole",
    "settings": {},
    "tag": "blocked"
  }],
  "routing": {
    "rules": [
      {
        "type": "field",
        "ip": ["geoip:private"],
        "outboundTag": "blocked"
      }
    ]
  }
}
EOF
}

configXray() {
    mkdir -p /usr/local/xray
    if [[ "$TROJAN" = "true" ]]; then
        if [[ "$XTLS" = "true" ]]; then
            trojanXTLSConfig
        else
            trojanConfig
        fi
        return 0
    fi
    if [[ "$VLESS" = "false" ]]; then
        # VMESS + kcp
        if [[ "$KCP" = "true" ]]; then
            vmessKCPConfig
            return 0
        fi
        # VMESS
        if [[ "$TLS" = "false" ]]; then
            vmessConfig
        elif [[ "$WS" = "false" ]]; then
            # VMESS+TCP+TLS
            vmessTLSConfig
        # VMESS+WS+TLS
        else
            vmessWSConfig
        fi
    #VLESS
    else
        if [[ "$KCP" = "true" ]]; then
            vlessKCPConfig
            return 0
        fi
        # VLESS+TCP
        if [[ "$WS" = "false" ]]; then
            # VLESS+TCP+TLS
            if [[ "$XTLS" = "false" ]]; then
                vlessTLSConfig
            # VLESS+TCP+XTLS
            else
                vlessXTLSConfig
            fi
        # VLESS+WS+TLS
        else
            vlessWSConfig
        fi
    fi
}

install() {
    getData

    $PMT clean all
    [[ "$PMT" = "apt" ]] && $PMT update
    #echo $CMD_UPGRADE | bash
    $CMD_INSTALL wget vim unzip tar gcc openssl
    $CMD_INSTALL net-tools
    if [[ "$PMT" = "apt" ]]; then
        $CMD_INSTALL libssl-dev g++
    fi
    res=`which unzip 2>/dev/null`
    if [[ $? -ne 0 ]]; then
        colorEcho $RED " unzip安装失败,请检查网络"
        exit 1
    fi

    installNginx
    setFirewall
    if [[ "$TLS" = "true" || "$XTLS" = "true" ]]; then
        getCert
    fi
    configNginx

    colorEcho $BLUE " 安装Xray..."
    getVersion
    RETVAL="$?"
    if [[ $RETVAL == 0 ]]; then
        colorEcho $BLUE " Xray最新版 ${CUR_VER} 已经安装"
    elif [[ $RETVAL == 3 ]]; then
        exit 1
    else
        colorEcho $BLUE " 安装Xray ${NEW_VER} ,架构$(archAffix)"
        installXray
    fi

    configXray

    setSelinux
    installBBR

    start
    showInfo

    bbrReboot
}

bbrReboot() {
    if [[ "${INSTALL_BBR}" == "true" ]]; then
        echo  
        echo " 为使BBR模块生效,系统将在30秒后重启"
        echo  
        echo -e " 您可以按 ctrl + c 取消重启,稍后输入 ${RED}reboot${PLAIN} 重启系统"
        sleep 30
        reboot
    fi
}

update() {
    res=`status`
    if [[ $res -lt 2 ]]; then
        colorEcho $RED " Xray未安装,请先安装!"
        return
    fi

    getVersion
    RETVAL="$?"
    if [[ $RETVAL == 0 ]]; then
        colorEcho $BLUE " Xray最新版 ${CUR_VER} 已经安装"
    elif [[ $RETVAL == 3 ]]; then
        exit 1
    else
        colorEcho $BLUE " 安装Xray ${NEW_VER} ,架构$(archAffix)"
        installXray
        stop
        start

        colorEcho $GREEN " 最新版Xray安装成功!"
    fi
}

uninstall() {
    echo ""
    read -p " 确定卸载Xray?[y/n]:" answer
    if [[ "${answer,,}" = "y" ]]; then
        domain=`grep Host $CONFIG_FILE | cut -d: -f2 | tr -d \",' '`
        if [[ "$domain" = "" ]]; then
            domain=`grep serverName $CONFIG_FILE | cut -d: -f2 | tr -d \",' '`
        fi
        
        stop
        systemctl disable xray
        rm -rf /etc/systemd/system/xray.service
        rm -rf /usr/local/bin/xray
        rm -rf /usr/local/etc/xray

        if [[ "$BT" = "false" ]]; then
            systemctl disable nginx
            $CMD_REMOVE nginx
            if [[ "$PMT" = "apt" ]]; then
                $CMD_REMOVE nginx-common
            fi
            rm -rf /etc/nginx/nginx.conf
            if [[ -f /etc/nginx/nginx.conf.bak ]]; then
                mv /etc/nginx/nginx.conf.bak /etc/nginx/nginx.conf
            fi
        fi
        if [[ "$domain" != "" ]]; then
            rm -rf ${NGINX_CONF_PATH}${domain}.conf
        fi
        [[ -f ~/.acme.sh/acme.sh ]] && ~/.acme.sh/acme.sh --uninstall
        colorEcho $GREEN " Xray卸载成功"
    fi
}

start() {
    res=`status`
    if [[ $res -lt 2 ]]; then
        colorEcho $RED " Xray未安装,请先安装!"
        return
    fi
    stopNginx
    startNginx
    systemctl restart xray
    sleep 2
    
    port=`grep port $CONFIG_FILE| head -n 1| cut -d: -f2| tr -d \",' '`
    res=`ss -nutlp| grep ${port} | grep -i xray`
    if [[ "$res" = "" ]]; then
        colorEcho $RED " Xray启动失败,请检查日志或查看端口是否被占用!"
    else
        colorEcho $BLUE " Xray启动成功"
    fi
}

stop() {
    stopNginx
    systemctl stop xray
    colorEcho $BLUE " Xray停止成功"
}


restart() {
    res=`status`
    if [[ $res -lt 2 ]]; then
        colorEcho $RED " Xray未安装,请先安装!"
        return
    fi

    stop
    start
}


getConfigFileInfo() {
    vless="false"
    tls="false"
    ws="false"
    xtls="false"
    trojan="false"
    protocol="VMess"
    kcp="false"

    uid=`grep id $CONFIG_FILE | head -n1| cut -d: -f2 | tr -d \",' '`
    alterid=`grep alterId $CONFIG_FILE  | cut -d: -f2 | tr -d \",' '`
    network=`grep network $CONFIG_FILE  | tail -n1| cut -d: -f2 | tr -d \",' '`
    [[ -z "$network" ]] && network="tcp"
    domain=`grep serverName $CONFIG_FILE | cut -d: -f2 | tr -d \",' '`
    if [[ "$domain" = "" ]]; then
        domain=`grep Host $CONFIG_FILE | cut -d: -f2 | tr -d \",' '`
        if [[ "$domain" != "" ]]; then
            ws="true"
            tls="true"
            wspath=`grep path $CONFIG_FILE | cut -d: -f2 | tr -d \",' '`
        fi
    else
        tls="true"
    fi
    if [[ "$ws" = "true" ]]; then
        port=`grep -i ssl $NGINX_CONF_PATH${domain}.conf| head -n1 | awk '{print $2}'`
    else
        port=`grep port $CONFIG_FILE | cut -d: -f2 | tr -d \",' '`
    fi
    res=`grep -i kcp $CONFIG_FILE`
    if [[ "$res" != "" ]]; then
        kcp="true"
        type=`grep header -A 3 $CONFIG_FILE | grep 'type' | cut -d: -f2 | tr -d \",' '`
        seed=`grep seed $CONFIG_FILE | cut -d: -f2 | tr -d \",' '`
    fi

    vmess=`grep vmess $CONFIG_FILE`
    if [[ "$vmess" = "" ]]; then
        trojan=`grep trojan $CONFIG_FILE`
        if [[ "$trojan" = "" ]]; then
            vless="true"
            protocol="VLESS"
        else
            trojan="true"
            password=`grep password $CONFIG_FILE | cut -d: -f2 | tr -d \",' '`
            protocol="trojan"
        fi
        tls="true"
        encryption="none"
        xtls=`grep xtlsSettings $CONFIG_FILE`
        if [[ "$xtls" != "" ]]; then
            xtls="true"
            flow=`grep flow $CONFIG_FILE | cut -d: -f2 | tr -d \",' '`
        else
            flow="无"
        fi
    fi
}

outputVmess() {
    raw="{
  \"v\":\"2\",
  \"ps\":\"\",
  \"add\":\"$IP\",
  \"port\":\"${port}\",
  \"id\":\"${uid}\",
  \"aid\":\"$alterid\",
  \"net\":\"tcp\",
  \"type\":\"none\",
  \"host\":\"\",
  \"path\":\"\",
  \"tls\":\"\"
}"
    link=`echo -n ${raw} | base64 -w 0`
    link="vmess://${link}"

    echo -e "   ${BLUE}IP(address): ${PLAIN} ${RED}${IP}${PLAIN}"
    echo -e "   ${BLUE}端口(port):${PLAIN}${RED}${port}${PLAIN}"
    echo -e "   ${BLUE}id(uuid):${PLAIN}${RED}${uid}${PLAIN}"
    echo -e "   ${BLUE}额外id(alterid):${PLAIN} ${RED}${alterid}${PLAIN}"
    echo -e "   ${BLUE}加密方式(security):${PLAIN} ${RED}auto${PLAIN}"
    echo -e "   ${BLUE}传输协议(network):${PLAIN} ${RED}${network}${PLAIN}" 
    echo  
    echo -e "   ${BLUE}vmess链接:${PLAIN} $RED$link$PLAIN"
}

outputVmessKCP() {
    echo -e "   ${BLUE}IP(address): ${PLAIN} ${RED}${IP}${PLAIN}"
    echo -e "   ${BLUE}端口(port):${PLAIN}${RED}${port}${PLAIN}"
    echo -e "   ${BLUE}id(uuid):${PLAIN}${RED}${uid}${PLAIN}"
    echo -e "   ${BLUE}额外id(alterid):${PLAIN} ${RED}${alterid}${PLAIN}"
    echo -e "   ${BLUE}加密方式(security):${PLAIN} ${RED}auto${PLAIN}"
    echo -e "   ${BLUE}传输协议(network):${PLAIN} ${RED}${network}${PLAIN}"
    echo -e "   ${BLUE}伪装类型(type):${PLAIN} ${RED}${type}${PLAIN}"
    echo -e "   ${BLUE}mkcp seed:${PLAIN} ${RED}${seed}${PLAIN}" 
}

outputTrojan() {
    if [[ "$xtls" = "true" ]]; then
        echo -e "   ${BLUE}IP/域名(address): ${PLAIN} ${RED}${domain}${PLAIN}"
        echo -e "   ${BLUE}端口(port):${PLAIN}${RED}${port}${PLAIN}"
        echo -e "   ${BLUE}密码(password):${PLAIN}${RED}${password}${PLAIN}"
        echo -e "   ${BLUE}流控(flow):${PLAIN}$RED$flow${PLAIN}"
        echo -e "   ${BLUE}加密(encryption):${PLAIN} ${RED}none${PLAIN}"
        echo -e "   ${BLUE}传输协议(network):${PLAIN} ${RED}${network}${PLAIN}" 
        echo -e "   ${BLUE}底层安全传输(tls):${PLAIN}${RED}XTLS${PLAIN}"
    else
        echo -e "   ${BLUE}IP/域名(address): ${PLAIN} ${RED}${domain}${PLAIN}"
        echo -e "   ${BLUE}端口(port):${PLAIN}${RED}${port}${PLAIN}"
        echo -e "   ${BLUE}密码(password):${PLAIN}${RED}${password}${PLAIN}"
        echo -e "   ${BLUE}传输协议(network):${PLAIN} ${RED}${network}${PLAIN}" 
        echo -e "   ${BLUE}底层安全传输(tls):${PLAIN}${RED}TLS${PLAIN}"
    fi
}

outputVmessTLS() {
    raw="{
  \"v\":\"2\",
  \"ps\":\"\",
  \"add\":\"$IP\",
  \"port\":\"${port}\",
  \"id\":\"${uid}\",
  \"aid\":\"$alterid\",
  \"net\":\"${network}\",
  \"type\":\"none\",
  \"host\":\"${domain}\",
  \"path\":\"\",
  \"tls\":\"tls\"
}"
    link=`echo -n ${raw} | base64 -w 0`
    link="vmess://${link}"
    echo -e "   ${BLUE}IP(address): ${PLAIN} ${RED}${IP}${PLAIN}"
    echo -e "   ${BLUE}端口(port):${PLAIN}${RED}${port}${PLAIN}"
    echo -e "   ${BLUE}id(uuid):${PLAIN}${RED}${uid}${PLAIN}"
    echo -e "   ${BLUE}额外id(alterid):${PLAIN} ${RED}${alterid}${PLAIN}"
    echo -e "   ${BLUE}加密方式(security):${PLAIN} ${RED}none${PLAIN}"
    echo -e "   ${BLUE}传输协议(network):${PLAIN} ${RED}${network}${PLAIN}" 
    echo -e "   ${BLUE}伪装域名/主机名(host):${PLAIN}${RED}${domain}${PLAIN}"
    echo -e "   ${BLUE}底层安全传输(tls):${PLAIN}${RED}TLS${PLAIN}"
    echo  
    echo -e "   ${BLUE}vmess链接: ${PLAIN}$RED$link$PLAIN"
}

outputVmessWS() {
    raw="{
  \"v\":\"2\",
  \"ps\":\"\",
  \"add\":\"$IP\",
  \"port\":\"${port}\",
  \"id\":\"${uid}\",
  \"aid\":\"$alterid\",
  \"net\":\"${network}\",
  \"type\":\"none\",
  \"host\":\"${domain}\",
  \"path\":\"${wspath}\",
  \"tls\":\"tls\"
}"
    link=`echo -n ${raw} | base64 -w 0`
    link="vmess://${link}"

    echo -e "   ${BLUE}IP(address): ${PLAIN} ${RED}${IP}${PLAIN}"
    echo -e "   ${BLUE}端口(port):${PLAIN}${RED}${port}${PLAIN}"
    echo -e "   ${BLUE}id(uuid):${PLAIN}${RED}${uid}${PLAIN}"
    echo -e "   ${BLUE}额外id(alterid):${PLAIN} ${RED}${alterid}${PLAIN}"
    echo -e "   ${BLUE}加密方式(security):${PLAIN} ${RED}none${PLAIN}"
    echo -e "   ${BLUE}传输协议(network):${PLAIN} ${RED}${network}${PLAIN}" 
    echo -e "   ${BLUE}伪装类型(type):${PLAIN}${RED}none$PLAIN"
    echo -e "   ${BLUE}伪装域名/主机名(host):${PLAIN}${RED}${domain}${PLAIN}"
    echo -e "   ${BLUE}路径(path):${PLAIN}${RED}${wspath}${PLAIN}"
    echo -e "   ${BLUE}底层安全传输(tls):${PLAIN}${RED}TLS${PLAIN}"
    echo  
    echo -e "   ${BLUE}vmess链接:${PLAIN} $RED$link$PLAIN"
}

showInfo() {
    res=`status`
    if [[ $res -lt 2 ]]; then
        colorEcho $RED " Xray未安装,请先安装!"
        return
    fi
    
    echo ""
    echo -n -e " ${BLUE}Xray运行状态:${PLAIN}"
    statusText
    echo -e " ${BLUE}Xray配置文件: ${PLAIN} ${RED}${CONFIG_FILE}${PLAIN}"
    colorEcho $BLUE " Xray配置信息:"

    getConfigFileInfo

    echo -e "   ${BLUE}协议: ${PLAIN} ${RED}${protocol}${PLAIN}"
    if [[ "$trojan" = "true" ]]; then
        outputTrojan
        return 0
    fi
    if [[ "$vless" = "false" ]]; then
        if [[ "$kcp" = "true" ]]; then
            outputVmessKCP
            return 0
        fi
        if [[ "$tls" = "false" ]]; then
            outputVmess
        elif [[ "$ws" = "false" ]]; then
            outputVmessTLS
        else
            outputVmessWS
        fi
    else
        if [[ "$kcp" = "true" ]]; then
            echo -e "   ${BLUE}IP(address): ${PLAIN} ${RED}${IP}${PLAIN}"
            echo -e "   ${BLUE}端口(port):${PLAIN}${RED}${port}${PLAIN}"
            echo -e "   ${BLUE}id(uuid):${PLAIN}${RED}${uid}${PLAIN}"
            echo -e "   ${BLUE}加密(encryption):${PLAIN} ${RED}none${PLAIN}"
            echo -e "   ${BLUE}传输协议(network):${PLAIN} ${RED}${network}${PLAIN}"
            echo -e "   ${BLUE}伪装类型(type):${PLAIN} ${RED}${type}${PLAIN}"
            echo -e "   ${BLUE}mkcp seed:${PLAIN} ${RED}${seed}${PLAIN}" 
            return 0
        fi
        if [[ "$xtls" = "true" ]]; then
            echo -e " ${BLUE}IP(address): ${PLAIN} ${RED}${IP}${PLAIN}"
            echo -e " ${BLUE}端口(port):${PLAIN}${RED}${port}${PLAIN}"
            echo -e " ${BLUE}id(uuid):${PLAIN}${RED}${uid}${PLAIN}"
            echo -e " ${BLUE}流控(flow):${PLAIN}$RED$flow${PLAIN}"
            echo -e " ${BLUE}加密(encryption):${PLAIN} ${RED}none${PLAIN}"
            echo -e " ${BLUE}传输协议(network):${PLAIN} ${RED}${network}${PLAIN}" 
            echo -e " ${BLUE}伪装类型(type):${PLAIN}${RED}none$PLAIN"
            echo -e " ${BLUE}伪装域名/主机名(host):${PLAIN}${RED}${domain}${PLAIN}"
            echo -e " ${BLUE}底层安全传输(tls):${PLAIN}${RED}XTLS${PLAIN}"
        elif [[ "$ws" = "false" ]]; then
            echo -e " ${BLUE}IP(address):  ${PLAIN}${RED}${IP}${PLAIN}"
            echo -e " ${BLUE}端口(port):${PLAIN}${RED}${port}${PLAIN}"
            echo -e " ${BLUE}id(uuid):${PLAIN}${RED}${uid}${PLAIN}"
            echo -e " ${BLUE}流控(flow):${PLAIN}$RED$flow${PLAIN}"
            echo -e " ${BLUE}加密(encryption):${PLAIN} ${RED}none${PLAIN}"
            echo -e " ${BLUE}传输协议(network):${PLAIN} ${RED}${network}${PLAIN}" 
            echo -e " ${BLUE}伪装类型(type):${PLAIN}${RED}none$PLAIN"
            echo -e " ${BLUE}伪装域名/主机名(host):${PLAIN}${RED}${domain}${PLAIN}"
            echo -e " ${BLUE}底层安全传输(tls):${PLAIN}${RED}TLS${PLAIN}"
        else
            echo -e " ${BLUE}IP(address): ${PLAIN} ${RED}${IP}${PLAIN}"
            echo -e " ${BLUE}端口(port):${PLAIN}${RED}${port}${PLAIN}"
            echo -e " ${BLUE}id(uuid):${PLAIN}${RED}${uid}${PLAIN}"
            echo -e " ${BLUE}流控(flow):${PLAIN}$RED$flow${PLAIN}"
            echo -e " ${BLUE}加密(encryption):${PLAIN} ${RED}none${PLAIN}"
            echo -e " ${BLUE}传输协议(network):${PLAIN} ${RED}${network}${PLAIN}" 
            echo -e " ${BLUE}伪装类型(type):${PLAIN}${RED}none$PLAIN"
            echo -e " ${BLUE}伪装域名/主机名(host):${PLAIN}${RED}${domain}${PLAIN}"
            echo -e " ${BLUE}路径(path):${PLAIN}${RED}${wspath}${PLAIN}"
            echo -e " ${BLUE}底层安全传输(tls):${PLAIN}${RED}TLS${PLAIN}"
        fi
    fi
}

showLog() {
    res=`status`
    if [[ $res -lt 2 ]]; then
        colorEcho $RED " Xray未安装,请先安装!"
        return
    fi

    journalctl -xen -u xray --no-pager
}

menu() {
    clear
    echo "#############################################################"
    echo -e "#                     ${RED}Xray一键安装脚本${PLAIN}                      #"
    echo -e "# ${GREEN}作者${PLAIN}: 网络跳越(hijk)                                      #"
    echo -e "# ${GREEN}网址${PLAIN}: https://hijk.art                                    #"
    echo -e "# ${GREEN}论坛${PLAIN}: https://hijk.club                                   #"
    echo -e "# ${GREEN}TG群${PLAIN}: https://t.me/hijkclub                               #"
    echo -e "# ${GREEN}Youtube频道${PLAIN}: https://youtube.com/channel/UCYTB--VsObzepVJtc9yvUxQ #"
    echo "#############################################################"
    echo -e "  ${GREEN}1.${PLAIN}   安装Xray-VMESS"
    echo -e "  ${GREEN}2.${PLAIN}   安装Xray-${BLUE}VMESS+mKCP${PLAIN}"
    echo -e "  ${GREEN}3.${PLAIN}   安装Xray-VMESS+TCP+TLS"
    echo -e "  ${GREEN}4.${PLAIN}   安装Xray-${BLUE}VMESS+WS+TLS${PLAIN}${RED}(推荐)${PLAIN}"
    echo -e "  ${GREEN}5.${PLAIN}   安装Xray-${BLUE}VLESS+mKCP${PLAIN}"
    echo -e "  ${GREEN}6.${PLAIN}   安装Xray-VLESS+TCP+TLS"
    echo -e "  ${GREEN}7.${PLAIN}   安装Xray-${BLUE}VLESS+WS+TLS${PLAIN}${RED}(可过cdn)${PLAIN}"
    echo -e "  ${GREEN}8.${PLAIN}   安装Xray-${BLUE}VLESS+TCP+XTLS${PLAIN}${RED}(推荐)${PLAIN}"
    echo -e "  ${GREEN}9.${PLAIN}   安装${BLUE}trojan${PLAIN}${RED}(推荐)${PLAIN}"
    echo -e "  ${GREEN}10.${PLAIN}  安装${BLUE}trojan+XTLS${PLAIN}${RED}(推荐)${PLAIN}"
    echo " -------------"
    echo -e "  ${GREEN}11.${PLAIN}  更新Xray"
    echo -e "  ${GREEN}12.${PLAIN}  卸载Xray"
    echo " -------------"
    echo -e "  ${GREEN}13.${PLAIN}  启动Xray"
    echo -e "  ${GREEN}14.${PLAIN}  重启Xray"
    echo -e "  ${GREEN}15.${PLAIN}  停止Xray"
    echo " -------------"
    echo -e "  ${GREEN}16.${PLAIN}  查看Xray配置"
    echo -e "  ${GREEN}17.${PLAIN}  查看Xray日志"
    echo " -------------"
    echo -e "  ${GREEN}0.${PLAIN}   退出"
    echo -n " 当前状态:"
    statusText
    echo 

    read -p " 请选择操作[0-17]:" answer
    case $answer in
        0)
            exit 0
            ;;
        1)
            install
            ;;
        2)
            KCP="true"
            install
            ;;
        3)
            TLS="true"
            install
            ;;
        4)
            TLS="true"
            WS="true"
            install
            ;;
        5)
            VLESS="true"
            KCP="true"
            install
            ;;
        6)
            VLESS="true"
            TLS="true"
            install
            ;;
        7)
            VLESS="true"
            TLS="true"
            WS="true"
            install
            ;;
        8)
            VLESS="true"
            TLS="true"
            XTLS="true"
            install
            ;;
        9)
            TROJAN="true"
            TLS="true"
            install
            ;;
        10)
            TROJAN="true"
            TLS="true"
            XTLS="true"
            install
            ;;
        11)
            update
            ;;
        12)
            uninstall
            ;;
        13)
            start
            ;;
        14)
            restart
            ;;
        15)
            stop
            ;;
        16)
            showInfo
            ;;
        17)
            showLog
            ;;
        *)
            colorEcho $RED " 请选择正确的操作!"
            exit 1
            ;;
    esac
}

checkSystem

menu
------------------

Easiest way to install & upgrade Xray.

Xray-install

Bash script for installing Xray in operating systems such as CentOS / Debian / OpenSUSE that support systemd.

Filesystem Hierarchy Standard (FHS)

installed: /etc/systemd/system/xray.service
installed: /etc/systemd/system/xray@.service

installed: /usr/local/bin/xray
installed: /usr/local/etc/xray/*.json

installed: /usr/local/share/xray/geoip.dat
installed: /usr/local/share/xray/geosite.dat

installed: /var/log/xray/access.log
installed: /var/log/xray/error.log

Notice: Xray will NOT log to /var/log/xray/*.log by default. Configure "log" to specify log files.

Basic Usage

Install & Upgrade Xray-core and geodata with User=nobody, but will NOT overwrite User in existing service files

# bash -c "$(curl -L https://github.com/XTLS/Xray-install/raw/main/install-release.sh)" @ install

Update geoip.dat and geosite.dat only

# bash -c "$(curl -L https://github.com/XTLS/Xray-install/raw/main/install-release.sh)" @ install-geodata

Remove Xray, except json and logs

# bash -c "$(curl -L https://github.com/XTLS/Xray-install/raw/main/install-release.sh)" @ remove

Advance

Install & Upgrade Xray-core and geodata with User=root, which will overwrite User in existing service files

# bash -c "$(curl -L https://github.com/XTLS/Xray-install/raw/main/install-release.sh)" @ install -u root

Install & Upgrade Xray-core without geodata

# bash -c "$(curl -L https://github.com/XTLS/Xray-install/raw/main/install-release.sh)" @ install --without-geodata

Remove Xray, include json and logs

# bash -c "$(curl -L https://github.com/XTLS/Xray-install/raw/main/install-release.sh)" @ remove --purge

More Usage

# bash -c "$(curl -L https://github.com/XTLS/Xray-install/raw/main/install-release.sh)" @ help
from https://github.com/XTLS/Xray-install
---------------
https://github.com/RPRX/v2ray-vless/
https://github.com/RPRX/v2ray-vless/tree/master/main

-----------------------------

VLESS的工作原理及VLESS客户端下载与使用教程

V2Ray和Trojan陆续走向了舞台的中央。相较之下,Trojan比V2Ray的Vmess协议更轻量,且V2Ray被爆出精准识别漏洞之后,不少小伙伴抛弃了V2Ray,而转向了Trojan,或使用隧道中转/内网专线的SS/SSR节点,但是成本比较高。此时,VLESS的横空出世让V2Ray再次被推向了舞台的中央,官方对VLESS的定义为““性能至上、可扩展性空前,目标是全场景终极协议”。

本文目录

1、什么是VLESS?

目前,V2fly社区一直是V2ray技术进步的主要推动力量。而VLESS的名字来源于V2fly社区开发者“less is more”(即“少就是多”)的理念,看起来与VMESS非常相似。VLESS协议是在V2ray-Core v4.27.0版本中才开始引入的,XTLS在V2ray-Core v4.29.0引入。

VLESS是一种无状态的轻量级数据传输协议,被定义为下一代V2ray数据传输协议。作者对该协议的愿景是“可扩展性空前,适合随意组合、全场景广泛使用,符合很多人的设想、几乎所有人的需求,足以成为 v2ray 的下一代主要协议,乃至整个 XX 界的终极协议。”,由此可见VLESS协议的强大。

VLESS 分为入站和出站两部分,可以作为 V2Ray 客户端和服务器之间的桥梁。与 VMess 不同,VLESS 不依赖于系统时间,认证方式同样为 UUID,但不需要 alterId。VLESS 的配置分为两部分,InboundConfigurationObject 和 OutboundConfigurationObject,分别对应入站和出站协议配置中的 settings 项。目前 VLESS 没有自带加密,请用于可靠信道,如 TLS。目前 VLESS 不支持分享。

2、VLESS 与 VMESS 协议的区别及优势

  • VLESS协议不依赖于系统时间,不使用alterId,你再也不需要保持本地计算机时间跟远程服务器相差在90秒之内。
  • VLESS协议本身不带加密,需要配合TLS等加密方式,这样就比VMESS协议少了一层加密,速度更快;
  • VLESS协议支持分流和回落,比Nginx分流转发更简洁、高效和安全;
  • 使用TLS的情况下,VLESS协议比VMESS速度更快,性能更好,因为VLESS不会对数据进行加解密;
  • V2ray官方对VLESS的期望更高,约束也更严格。例如要求客户端统一使用VLESS标识,而不是Vless、vless等名称;VLESS分享链接标准将由官方统一制定(仍在内部测试中);
  • VLESS协议的加密更灵活,不像VMESS一样高度耦合(仅对开发者有用)。

VLESS协议在仅套TLS加密的情况下,其性能和速度虽然还是比Trojan-gfw稍慢一些,但已经比以前的Vmess协议进步了很多。另外,VELSS引入了XTLS这一黑科技,堪称应对GFW技术封锁的大杀器。

3、XTLS的工作原理

关于XTLS的项目官网介绍只有几个字,即“THE FUTURE”,可见作者对XTLS的自信和期待,代表科学上网技术的未来。

XTLS技术原理:VLESS + XTLS 可以理解为是增强版 ECH,即多支持身份认证、代理转发、明文加密、UDP over TCP 等。以前使用VLESS协议TLS代理时,传输数据其实经过了两次TLS加解密,一次是代理的TLS,另外一次是HTTPS的TLS。现在,XTLS 无缝拼接了内外两条货真价实的 TLS,此时代理本身几乎无需再对数据加解密,只需要进行流量中转即可,性能堪比SS/SSR。

非常幸运的是,由于Google等互联网公司对SSL加密传输的推动,现在使用HTTP协议的网站非常少,大部分流量都使用HTTPS,GFW更加难以分辨,所以这对XTLS是非常利好的消息。毋庸置疑,VLESS+XTLS 会逐渐取代VMESS衍生的大部分模式。

XTLS 本身需要是 TLSv1.3(正常情况下的协商结果),内层 TLS 可以为 1.3 或 1.2(上网时的绝大多数流量),此时特殊功能就会生效(填写 flow 是开启/指定特殊功能,生效是另一码事)。

4、VLESS 协议配合 XTLS 模式

  • VLESS + TCP + TLS
  • VLESS + TCP +TLS + WS
  • VLESS + TCP + XTLS
  • VLESS + HTTP2 + h2c

VLESS over TCP with XTLS + 回落 & 分流 to WHATEVER 是其终极配置。如果你需要套CDN隐藏服务器的真实IP地址,那么请选择“VLESS + TCP + TLS + WS”模式。

5、VLESS over TCP with XTL 配置方法与VLESS分享链接

  1. 确认服务端与客户端的 v2ray-core 均为 v4.30.0+,并已配置 VLESS over TCP with TLS + 回落 & 可选分流,或者直接参考 终极配置 (opens new window)
  2. 将服务端与客户端 VLESS streamSettings 的 tlstlsSettings 改为 xtlsxtlsSettings(服务端 XTLS 可以接收普通 TLS 请求,也不影响回落分流)。
  3. 服务端与客户端的 VLESS flow 均填写 xtls-rprx-origin 即可,服务端的代表允许,客户端的代表使用(该用户仍可不填 flow、用普通 TLS 连上服务端)。

注意事项:

  1. 为了防止上层应用使用 QUIC,启用 XTLS 时客户端 VLESS 会自动拦截 UDP/443 的请求。若不需拦截,请在客户端填写 xtls-rprx-origin-udp443,服务端不变。
  2. 可设置环境变量 V2RAY_VLESS_XTLS_SHOW = true 以显示 XTLS 的输出,适用于服务端与客户端(仅用于确信 XTLS 生效了,千万别设成永久性的,不然会很卡)。
  3. 不能开启 Mux。XTLS 需要获得原始的数据流,所以原理上也不会支持 WebSocket、不适用于 VMess。此外,UDP over TCP 时,VLESS 不会开启 XTLS 的特殊功能。

v2ray-core v4.28.0 会增强 TLS,VLESS 的分享链接标准也会同时出炉。为了避免生态混乱,在此之前请勿支持分享,更勿自创分享链接方案。经过 ProjectV 项目官方综合考虑,VLESS 应于正式版再出分享链接标准(不是近期)。

6、支持 VLESS 的V2Ray客户端下载

如果使用VLESS协议,请确保客户端的内核版本至少是v4.27.0,使用XTLS功能则保证内核至少为4.29.0版本。

以下为已支持图形化配置 VLESS 的部分客户端列表,推荐使用:(按实现时间先后顺序排列)

(1)支持VLESS协议的Windows客户端

V2rayN :自 V2rayN 3.21 版本开始支持VLESS协议,3.24版本支持XTLS。目前,V2rayN 最新版是3.26,完美支持VLESS + XTLS组合,并且支持trojan协议。

Qv2ray:自 Qv2ray 2.6.3 版本起,支持VLESS协议,2.7.0 alpha1版本支持XTLS。目前,Qv2ray 最新版是2.7.0 alpha1,完美支持VLESS + XTLS组合。

(2)支持VLESS协议的Mac客户端

Qv2ray:自 Qv2ray 2.6.3 版本起,支持VLESS协议,2.7.0 alpha1版本支持XTLS。目前,Qv2ray 最新版是2.7.0 alpha1,完美支持VLESS + XTLS组合;

V2rayU:自 V2rayU 3.0预览版起,开始支持VLESS+XTLS和trojan协议。

(3)支持VLESS协议的Linux客户端

Qv2ray:自 Qv2ray 2.6.3 版本起,支持VLESS协议,2.7.0 alpha1版本完美支持VLESS + XTLS组合;

V2rayA:V2rayA是一个依赖于V2ray的UI工具,因此需要自行安装V2ray。V2rayA自1.0.0版本支持VLESS,可通过自行编辑配置文件支持XTLS。

(4)支持VLESS协议的Android安卓客户端

V2rayNG :自 V2rayNG 1.3.0 版本支持VLESS协议,1.4.4版本支持XTLS。目前,V2rayNG 最新版1.4.8,完美支持VLESS + XTLS组合,还支持trojan协议。

注意事项:自 V2rayNG 1.4.5 版本起,不提供全架构的客户端,如果本站版本无法安装和使用,请从官网下载对应平台版本。

(5)支持VLESS的iOS苹果客户端

Shadowrocket:自 Shadowrocket 2.1.60 版本起,支持VLESS协议,目前不支持XTLS模式。

7、VLESS客户端配置教程

VLESS协议的V2Ray客户端配置跟VMESS完全一样,照搬即可,这里不再赘述。

------------

自建 VLESS+Web+WS+TLS 服务器,一键搭建VLESS教程

V2Ray官方开发团队也推出VLESS协议,并以打造成下一代科学上网的终极协议为目标,轻便好用。

VLESS是一种无状态的轻量传输协议,与 VMess 不同,虽然其认证方式仍然为 UUID,但 VLESS 并不依赖于系统时间,也不需要 AlterID,它分为入站和出站两部分,作为 V2Ray 客户端和服务器之间的桥梁。我们可以把VLESS理解为Vmess的精简版。与VMess相比,优点在于轻量化,减少多余的算法,减轻cpu和内存资源负载。省去服务端和客户端系统时间差,不需要AlterID配置,再加上http/2最新的http协议组合,网络传输握手次数和网络报头均减少,并启用多路复用等网络优化功能,简直比Trojan协议还要轻量了。

我今天将使用wulabing大神的作品,向小伙伴演示“VLESS+Web+WS+TLS”一键搭建教程,具体操作步骤如下:

1、前期准备工作

一台非中国大陆地区的VPS和一个成功解析到VPS的域名

2、放行VPS服务器端口

在执行VLESS一键安装脚本之前,我们必须在防火墙放行你要开启的服务器端口(我这里以80/443端口为例),否则安装SSL证书会失败。请提前检查你的VPS服务器是否已经放行了你要开放的端口,否则请执行以下操作命令。

(1)如果你是 CentOS/Fedora/RedHat 系统,则依次执行以下命令:

firewall-cmd --query-port=端口号/tcp #查看“端口号”是否放行
systemctl start firewalld.service #开启防火墙
firewall-cmd --zone=public --add-port=80/tcp --permanent #放行80端口
firewall-cmd --zone=public --add-port=443/tcp --permanent #放行443端口
systemctl restart firewalld.service #重启防火墙
firewall-cmd --reload #重新载入配置

(2)如果你是 Debian/Ubuntu 系统,则依次执行以下命令:

apt-get install iptables #安装iptables
iptables -I INPUT -p tcp --dport 80 -j ACCEPT #放行80端口
iptables -I INPUT -p tcp --dport 443 -j ACCEPT #放行443端口
iptables-save #保存规则
apt-get install iptables-persistent #安装iptables-persistent
netfilter-persistent save
netfilter-persistent reload

(3)重启VPS服务器,执行命令:

reboot

3、安装Git环境

yum install -y git #CentOS安装命令
apt install -y git #Debian安装命令

4、执行VLESS一键安装脚本

wget -N --no-check-certificate -q -O install.sh "https://raw.githubusercontent.com/wulabing/V2Ray_ws-tls_bash_onekey/dev/install.sh" && chmod +x install.sh && bash install.sh

执行上述命令后,如下图所示:


(1)我们输入数字“1”,即选择“1. 安装 V2Ray (VLESS+Nginx+ws+tls)”,回车后进入安装过程。

如果出现“Do you want to continue? [Y/n]”或其它的提示,我们输入字母“y”即可。

(2)安装期间还会提示输入域名信息的提示,如“请输入你的域名信息(eg:www.wulabing.com):”,然后我们输入已经解析过度域名,如“vless.example.com”,并输入端口(默认为443)。如下图所示:



当以上绑定的域名和端口填写无误后,回车。然后,进入漫长的Web服务器安装过程,请大家耐心等待。

(3)后续安装过程中,还会提示“请选择生成的链接种类”,分别是 “1:V2RayNG和V2RayN”和“2:quantumult”,苹果iOS系统用户请选择“2”,否则请选择“1”即可。

(4)紧接着,还会提示“请选择支持的 TLS 版本(default:3)”,分别是“1:TLS1.1 TLS1.2 and TLS1.3(兼容模式)”、“2:TLS1.2 and TLS1.3(兼容模式)”和“3:TLS1.3 only”,请根据需要选择即可。

其实,如果Web服务器由Nginx换成Caddy会更好,毕竟Caddy更轻量,用时短,安装速度快,成功率更高,而且还会自动更新SSL证书。

(5)我们再次回到主菜单,选择“11. 安装 4合1 bbr 锐速安装脚本”,既可安装并启用BBR加速模块。

(6)安装成功后,如果在浏览器访问你绑定的域名,会直接显示伪装成的“3D元素周期表”网页。

经实际安装测试,由于用时较长,Nginx服务器在部分VPS上面安装会出现“[错误] SSL 证书测试签发失败”的错误提示。

5、支持VLESS协议的V2Ray客户端

截至目前,大多数V2Ray客户端都已经支持VLESS协议了,如 V2RayN、V2RayU、V2RayNG 和 Qv2ray 以及 PassWall 等。其中,V2RayN是Windows客户端,V2RayU是MacOS客户端,V2RayNG是Android客户端;Qv2ray是跨平台 V2Ray 客户端,同时支持 Linux、Windows、MacOS 系统,还可以通过插件支持 SSR / Trojan / Trojan-Go / NaiveProxy 等协议,但不支持批量测速,不支持自动更新,有一定的使用门槛;PassWall是支持OpenWrt路由器系统的插件.

from   https://github.com/wulabing/V2Ray_ws-tls_bash_onekey

-------------

Xray基于 Nginx 的 VLESS + XTLS 一键安装脚本 Project_Xray

由于 xtls 存在被阻断的可能性,建议使用 Nginx 前置版本

Telegram 群组

准备工作

  • 准备一个域名,并将 A 记录添加好;
  • 安装好 wget

导入链接规范

XTLS/Xray-core#91

截至 2021-2-24 仅有 V2RayN 4.12+ 及 V2RayNG 1.5.8+ 支持链接及二维码导入,其他客户端请手动填入配置信息。

安装/更新方式(Nginx 前置)

支持配置方式

  • VLESS + TCP + TLS + Nginx + WebSocket
wget -N --no-check-certificate -q -O install.sh "https://raw.githubusercontents.com/wulabing/Xray_onekey/nginx_forward/install.sh" && chmod +x install.sh && bash install.sh

安装/更新方式(Xray 前置)

支持配置方式

  • VLESS + TCP + XTLS / TLS + Nginx

  • VLESS + TCP + XTLS / TLS + Nginx 及 VLESS + TCP + TLS + Nginx + WebSocket 回落并存模式

wget -N --no-check-certificate -q -O install.sh "https://raw.githubusercontents.com/wulabing/Xray_onekey/main/install.sh" && chmod +x install.sh && bash install.sh

注意事项

  • 如果你不了解脚本中各项设置的具体含义,除域名外,请使用脚本提供的默认值;
  • 使用本脚本需要你拥有 Linux 基础及使用经验,了解计算机网络部分知识,计算机基础操作;
  • 目前支持 Debian 9+ / Ubuntu 18.04+ / Centos7+ / Oracle Linux 7+;
  • 群主仅提供极其有限的支持,如有问题可以询问群友。

鸣谢

启动方式

启动 Xray:systemctl start xray

停止 Xray:systemctl stop xray

启动 Nginx:systemctl start nginx

停止 Nginx:systemctl stop nginx

相关目录

Web 目录:/www/xray_web

Xray 服务端配置:/usr/local/etc/xray/config.json

Nginx 目录: /etc/nginx

证书文件: /ssl/xray.key(私钥)和 /ssl/xray.crt(证书公钥)

from https://github.com/wulabing/Xray_onekey

---------

xray

介绍

install.sh

  • xray安装脚本,适用于centos7+/debian9+/ubuntu16.04+
  • 调用xray官方安装脚本
  • 使用vless+tcp+xtls模式
  • 回落使用nginx,配置伪装站

install_wp.sh

  • xray安装脚本,适用于centos7
  • 调用xray官方安装脚本
  • 使用vless+tcp+xtls模式
  • 回落使用nginx,配置wordpress

install.sh使用

bash <(curl -Ls https://raw.githubusercontent.com/atrandys/xray/main/install.sh)

install_wp.sh使用

bash <(curl -Ls https://raw.githubusercontent.com/atrandys/xray/main/install_wp.sh)

client使用


from https://github.com/atrandys/xray
-------
 
Xray一键安装脚本,基于网络跳跃原脚本魔改,支持节点自动生成Nginx伪装站,支持和宝塔面板共存,支持IPv4、IPv6 VPS .

https://owo.misaka.rest/xray-script/

Xray-script

Xray一键安装脚本,支持自动生成伪装站,支持和宝塔面板共存,支持IPv4、IPv6 VPS.

由于纯IPv6 VPS不支持GitHub的访问,所以安装之前请先设置DNS64服务器或安装WARP脚本.

如对脚本不放心,可使用此沙箱先测一遍再使用:https://killercoda.com/playgrounds/scenario/ubuntu

近期待更新:内置分流规则,支持IPv4,IPv6和Socks5 WARP分流

使用方法

wget -N --no-check-certificate https://raw.githubusercontents.com/Misaka-blog/Xray-script/master/xray.sh && bash xray.sh

快捷方式 bash xray.sh

支持协议

  • Xray-VMESS
  • Xray-VMESS+mKCP
  • Xray-VMESS+TCP+TLS
  • Xray-VMESS+WS+TLS(可过cdn)
  • Xray-VLESS+mKCP
  • Xray-VLESS+TCP+TLS
  • Xray-VLESS+WS+TLS(可过cdn)
  • Xray-VLESS+TCP+XTLS
  • Trojan
  • Trojan+XTLS

交流

Telegram 群组

from https://github.com/Misaka-blog/Xray-script

No comments:

Post a Comment