(v2ray的core版本要4.27(含)以上才支持这个VLESS协议)
登陆linux vps.
wget https://raw.githubusercontent.com/v2fly/fhs-install-v2ray/master/install-release.sh
chmod 755 install-release.sh
./install-release.sh
显示:
...
installed: /usr/local/bin/v2ray
installed: /usr/local/bin/v2ctl
installed: /usr/local/share/v2ray/geoip.dat
installed: /usr/local/share/v2ray/geosite.dat
installed: /usr/local/etc/v2ray/config.json
installed: /var/log/v2ray/
installed: /var/log/v2ray/access.log
installed: /var/log/v2ray/error.log
installed: /etc/systemd/system/v2ray.service
installed: /etc/systemd/system/v2ray@.service
removed: /tmp/tmp.zQx1JyiFLv
...
得到的可执行文件为/usr/local/bin/v2ray
(如果你的系统之前安装过v2ray,你可以保留旧版本。然后去下载最新版的可执行文件包:
wget https://github.com/v2fly/v2ray-core/releases/download/v4.31.0/v2ray-linux-64.zip
unzip v2ray-linux-64.zip)
root@localhost:~# v2ray --version
V2Ray 4.29.0 (V2Fly, a community-driven edition of V2Ray.) Custom (go1.15.2 linux/amd64)
A unified platform for anti-censorship.
root@localhost:~#
现在V2Ray的最新版为4.31.0
cd /usr/local/etc/v2ray
nano vless_tcp_xtls.json
cat vless_tcp_xtls.json
{
"inbounds": [
{
"port": 451,
"protocol": "vless",
"settings": {
"clients": [
{
"id": "23ad6b10-8d1a-40f7-8ad0-e3e35cd38297",
"flow": "xtls-rprx-origin"
}
],
"decryption": "none",
"fallbacks": [
{
"dest": 80
}
]
},
"streamSettings": {
"network": "tcp",
"security": "xtls",
"xtlsSettings": {
"alpn": [
"http/1.1"
],
"certificates": [
{
"certificateFile": "/root/.acme.sh/urdomain.com/fullchain.cer",
"keyFile": "/root/.acme.sh/urdomain.com/urdomain.com.key"
}
]
}
}
}
],
"outbounds": [
{
"protocol": "freedom"
}
]
}
然后,
cd /etc/systemd/system
nano vless_tcp_xtls.service
cat vless_tcp_xtls.service
[Unit]
After=network.target
[Service]
ExecStart=/usr/local/bin/v2ray -config /usr/local/etc/v2ray/vless_tcp_xtls.json
Restart=always
[Install]
WantedBy=multi-user.target
然后运行:
systemctl start vless_tcp_xtls
systemctl enable vless_tcp_xtls
服务器端搭建完成。
在本地机器mac上。
mkdir ~/v2ray-4.31.0/
cd ~/v2ray-4.31.0/
wget https://github.com/v2fly/v2ray-core/releases/download/v4.31.0/v2ray-macos-64.zip
unzip v2ray-macos-64.zip
yudeMacBook-Air:v2ray-4.31.0 brite$ ls
config.json v2ray
geoip.dat v2ray-macos-64.zip
geosite.dat vpoint_socks_vmess.json
v2ctl vpoint_vmess_freedom.json
yudeMacBook-Air:v2ray-4.31.0 brite$ chmod 755 v2ray
yudeMacBook-Air:v2ray-4.31.0 brite$ ./v2ray --version
V2Ray 4.31.0 (V2Fly, a community-driven edition of V2Ray.) Custom (go1.15.2 darwin/amd64)
A unified platform for anti-censorship.
yudeMacBook-Air:v2ray-4.31.0 brite$ nano ~/vless_tcp_xtls.json
yudeMacBook-Air:v2ray-4.31.0 brite$ cat ~/vless_tcp_xtls.json
{
"inbounds": [
{
"port": 10800,
"listen": "127.0.0.1",
"protocol": "socks",
"settings": {
"udp": true
}
}
],
"outbounds": [
{
"protocol": "vless",
"settings": {
"vnext": [
{
"address": "urdomain.com",
"port": 451,
"users": [
{
"id": "23ad6b10-8d1a-40f7-8ad0-e3e35cd38297",
"flow": "xtls-rprx-origin",
"encryption": "none"
}
]
}
]
},
"streamSettings": {
"network": "tcp",
"security": "xtls"
}
}
]
}
然后运行:
~/v2ray-4.31.0/v2ray -config ~/vless_tcp_xtls.json
不要关闭此终端,设置浏览器的socks5代理服务器地址为127.0.0.1 ,端口10800 ,浏览器即可翻墙。
参考:
https://github.com/v2fly/v2ray-examples/blob/master/VLESS-TCP-XTLS-WHATEVER/config_server.json
https://tlanyan.me/introduce-v2ray-vless-protocol/#tutorial
https://github.com/v2fly/v2ray-examples/blob/master/VLESS-TCP-XTLS-WHATEVER/config_client/vless_tcp_xtls.json
https://github.com/v2fly/v2ray-examples/issues/43
https://github.com/XTLS/Xray-examples
https://github.com/XTLS/Xray-docs-next
------------
手动安装Xray及使用指南
Xray 是近期比较活跃的一个 V2ray 代理项目,整体称为 Project X,号称是 V2ray-Core 的一个超集,为更好的体现 XTLS 性能而开发的项目。从项目图标采用的北欧神界阿斯加德,就可以看出项目开发人员的宏图大志,一群大神帮助实现互联网的充分自由。
核心项目 Xray-Core 目前为 1.3.0,可以理解为是性能更加强劲的 V2ray。项目虽然提供了快速安装配置脚本,但是或多或少存在些问题,并且配置文件没有内容,并不能让 Xray 正常工作。本文将演示如何在 CentOS 7 系统手动安装及配置 Xray 服务器,并在 Windows 平台下使用 GUI 客户端连接该服务器,实现科学上网。
1] 下载 Xray 并安装
首先,从 Xray 的下载页面下载与自己操作系统相对应的 Xray 发行版压缩包,并将压缩包解压至当前目录:
# wget https://github.com/XTLS/Xray-core/releases/download/v1.3.0/Xray-linux-64.zip # unzip -d ./Xray Xray-linux-64.zip # ls -alh ./Xray
可以看到,Xray 发行版压缩包只有五个文件,其中”geoip.dat”和”geosite.dat”是代理规则文件,”xray”是 Xray 的主程序,其余两个文件是说明文件及授权信息,无实际用途。
根据 Xray 的官方建议,Xray 程序所使用的文件及默认位置如下:
- xray 程序文件:/usr/local/bin/xray
- xray 配置文件:/usr/local/etc/xray/config.json
- geoip 规则文件:/usr/local/share/xray/geoip.dat
- geosite 规则文件:/usr/local/share/xray/geosite.dat
- xray 连接日志文件:/var/log/xray/access.log
- xray 错误日志文件:/var/log/xray/error.log
于是,使用如下命令将已有文件复制到对应目录,并创建其他所需要文件:
# cp ./Xray/xray /usr/local/bin/ # chmod +x /usr/local/bin/xray # mkdir -p /usr/local/share/xray # cp ./Xray/*.dat /usr/local/share/xray/ # mkdir -p /usr/local/etc/xray/ # touch /usr/local/etc/xray/config.json # mkdir -p /var/log/xray # touch /var/log/xray/access.log # touch /var/log/xray/error.log
至此,Xray 的安装工作就全部完成。
2] 配置 Xray 服务器
之前已经创建了 Xray 的配置文件”/usr/local/etc/xray/config.json”,修改文件内容如下:
{ "log": { "loglevel": "warning" }, "inbounds": [ { "listen": "0.0.0.0", "port": 8080, "protocol": "vless", "settings": { "clients": [ { "id": "YOUR_UID_HERE", "level": 0, "email": "service@rultr.com" } ], "decryption": "none", "fallbacks": [ { "dest": 8001 }, { "alpn": "h2", "dest": 8002 } ] }, "streamSettings": { "network": "tcp", "security": "tls", "tlsSettings": { "serverName": "YOUR_SERVER_NAME_HERE", "alpn": [ "h2", "http/1.1" ], "certificates": [ { "certificateFile": "/usr/local/etc/xray/trojan-cert.pem", "keyFile": "/usr/local/etc/xray/trojan-key.pem" } ] } } } ], "inboundDetour": [ { "port": 443, "protocol": "trojan", "settings": { "clients": [ { "password":"YOUR_TROJAN_PASSWORD_HERE", "email": "service@rultr.com" } ] }, "streamSettings": { "network": "tcp", "security": "tls", "tlsSettings": { "alpn": [ "http/1.1" ], "certificates": [ { "certificateFile": "/usr/local/etc/xray/trojan-cert.pem", "keyFile": "/usr/local/etc/xray/trojan-key.pem" } ] } } } ], "outbounds": [ { "protocol": "freedom", "tag": "direct" } ] }
配置文件将 Xray 配置成为服务器,同时支持两种协议 VLESS 和 Trojan。配置文件中”YOUR_UID_HERE”表示 VLESS 协议的 UID 值,会与客户端相对应;”YOUR_SERVER_NAME_HERE”表示 Xray 主机名, IP 地址及域名均可,推荐使用域名;”YOUR_TROJAN_PASSWORD_HERE”表示 Trojan 协议所设置的密码,同样会与客户端相对应。以上内容需要根据自己的实际情况进行修改,协议侦听的端口也可以根据自己的实际需要自行设置。
配置文件中使用了 TLS 证书,方便起见,使用自签名证书即可.
将公钥和私钥均复制到”/usr/local/etc/xray/”目录,方便 Xray 管理使用。
3] 配置 Xray 服务
添加一个系统服务文件”/etc/systemd/system/xray.service”,内容如下:
[Unit] Description=Xray Service Documentation=https://github.com/xtls After=network.target nss-lookup.target [Service] User=root CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE AmbientCapabilities=CAP_NET_ADMIN CAP_NET_BIND_SERVICE NoNewPrivileges=true ExecStart=/usr/local/bin/xray run -config /usr/local/etc/xray/config.json Restart=on-failure RestartPreventExitStatus=23 LimitNPROC=10000 LimitNOFILE=1000000 [Install] WantedBy=multi-user.target
服务文件添加完成后,即可使用如下命令启动 Xray 并查看状态了:
# systemctl enable --now xray # systemctl status xray
图.2 启动 Xray 服务器
可以看到,Xray 服务器已经正常运行,Xray 服务端的配置就全部完成了。
4] Xray GUI 客户端使用示例
Xray 虽然强大,但是其 GUI 客户端依然没有完成,可以使用其他 V2ray GUI 客户端实现代理功能。示例将使用 V2rayN,其他客户端如 Qv2ray 也可以,配置方法类似.
下载 Xray 的 Windows 版本软件,解压后将所有文件复制到 V2rayN 所在的目录,打开 V2rayN.exe文件,选择服务器菜单栏,选择”添加[VLESS]服务器”,根据需要填入内容.
图.3 V2rayN 配置 VLESS 服务器
注意客户端中的地址、端口和 UID 都与服务器相对应,由于使用 TLS 加密,所以底层传输安全项选择 TLS,自签名证书建议将跳过证书验证设置为 true。
全部完成后,点击确定完成服务器添加。之后,就可以访问一下 GOOGLE 来验证代理是否工作正常。如果访问不成功,则可以通过查看日志信息,全程查找原因。
至于 Trojan 客户端的配置,与 VLESS 服务器类似,这里就不再演示,相对比较简单。
总体来说,Xray 同 V2ray 具有高度兼容性,程序也更为简洁,不再需要 V2ctl 程序进行控制,由 xray 完成所有功能。并且 Xray 具有同 V2ray 一致的调用接口,最大程度满足不同客户端的要求。如果确实可以发挥其宣称的高性能,则不失为 V2ray 家族的新生代力量,值得大家期待。
------------------
XTLS介绍
XTLS官方库 的介绍仅有一句话:THE FUTURE。这个十个字符足以透露出XTLS的牛逼和霸气。
V2fly官网(V2fly社区是V2ray技术的主要推动力量) 称 XTLS为黑科技,VLESS协议作者的形容是 划时代的革命性概念和技术:XTLS。
the future、黑科技、划时代、革命性,无论哪个词,都足以形容XTLS的牛逼和独到之处。
XTLS的原理是:使用TLS代理时,https数据其实经过了两层TLS:外层是代理的TLS,内层是https的TLS。XTLS无缝拼接了内外两条货真价实的TLS,使得代理几乎无需再对https流量进行数据加解密,只起到流量中转的作用,极大的提高了性能。
----------
配置V2Ray的新协议:VLESS
v2ray的core版本要4.27(含)以上才支持这个VLESS协议,首先看看我机器当前的版本,4.26是不支持该协议的:
root@imlala:~# /usr/bin/v2ray/v2ray -version
V2Ray 4.26.0 (V2Fly, a community-driven edition of V2Ray.) Custom (go1.14.4 linux/amd64)
A unified platform for anti-censorship.
下面的步骤基本上就是照着wiki上来了,首先咱们把systemd服务停了:
systemctl disable v2ray
systemctl stop v2ray
然后把systemd服务文件和旧版v2ray的文件删了:
rm -rf /etc/systemd/system/v2ray.service
rm -rf /usr/bin/v2ray/
把原来的配置文件目录复制到新的路径:
mv /etc/v2ray/ /usr/local/etc/
然后就可以安装新版本了,如果你是全新安装就可以直接从这里开始,上面那些步骤对你而言是没用的:
apt -y install curl
curl -O https://raw.githubusercontent.com/v2fly/fhs-install-v2ray/master/install-release.sh
chmod 755 install-release.sh
./install-release.sh
这里有一个问题,如果你是升级到最新版的,systemd需要reload一下:
systemctl daemon-reload
然后就可以启动v2ray/设置开机自启了:
systemctl start v2ray
systemctl enable v2ray
接下来我们就可以着手配置VLESS协议了,就目前而言这个协议如果你是拿来过墙的话务必要+一个TLS,因为VLESS协议本身不提供加密。
那么首先我们把nginx/certbot装一下:
apt -y install nginx python-certbot-nginx
这步的目的仅仅只是为了后续可以用certbot申请一个支持自动续期的let's encrypt证书。当然如果在后续你配置了VLESS协议内的fallback,那装一个nginx也是有必要的。
现在就可以用certbot申请一个你的域名证书了:
certbot --nginx --agree-tos --no-eff-email --email xxxxx@qq.com
现在生成一个uuid:
v2ctl uuid
编辑v2ray的配置文件:
nano /usr/local/etc/v2ray/config.json
写入如下配置:
{
"inbounds": [
{
"port": 451,
"protocol": "vless",
"settings": {
"clients": [
{
"id": "你刚才生成的UUID"
}
],
"decryption": "none",
"fallback": {
"port": 80
}
},
"streamSettings": {
"network":"tcp",
"security": "tls",
"tlsSettings": {
"alpn": [
"http/1.1"
],
"certificates": [
{
"certificateFile": "/usr/local/etc/v2ray/fullchain.pem",
"keyFile": "/usr/local/etc/v2ray/privkey.pem"
}
]
}
}
}
],
"outbounds": [
{
"protocol": "freedom",
"settings": {}
}
]
}
测试你的配置是否正确:
v2ray -config /usr/local/etc/v2ray/config.json -test
最后重启v2ray即可完成服务端这块的配置:
systemctl restart v2ray
客户端要支持VLESS协议同样需要core版本4.27以上,目前windows下的v2rayN客户端已经支持了.
------------------
Xray一键脚本使用方法
Xray项目已经确定独自运作,目前最新版是1.1.2版本。根据测试数据,服务端direct+客户端使用splice后性能比VLESS裸奔还要强上一倍,已经远超trojan/trojan-go,非常推荐使用。
本文的Xray一键脚本可以配置常规VMESS协议、VMESS+KCP、VMESS+websocket+TLS+Nginx、VLESS+TCP+XTLS、VLESS+TCP+TLS、trojan、trojan+XTLS等多种组合,支持CentOS 7/8、Ubuntu 16.04、Debian 8及新版系统。
如果vps运营商开启了防火墙(阿里云、Ucloud、腾讯云、AWS、GCP等商家默认有,搬瓦工/hostdare/vultr等商家默认关闭),请先登录vps管理后台放行80和443端口,否则可能会导致获取证书失败。
复制(或手动输入)下面命令到终端
bash <(curl -sL https://s.hijk.art/xray.sh)
按回车键,将出现如下操作菜单。如果菜单没出现,CentOS系统请输入 yum install -y curl
,Ubuntu/Debian系统请输入 sudo apt install -y curl
,然后再次运行上面的命令.
本Xray一键脚本目前支持以下组合方式:
- VMESS,即最普通的V2ray服务器,没有伪装,也不是VLESS
- VMESS+KCP,传输协议使用mKCP,VPS线路不好时可能有奇效
- VMESS+TCP+TLS,带伪装的V2ray,不能过CDN中转
- VMESS+WS+TLS,即最通用的V2ray伪装方式,能过CDN中转,推荐使用
- VLESS+KCP,传输协议使用mKCP
- VLESS+TCP+TLS,通用的VLESS版本,不能过CDN中转,但比VMESS+TCP+TLS方式性能更好
- VLESS+WS+TLS,基于websocket的V2ray伪装VLESS版本,能过CDN中转,有过CDN情况下推荐使
- VLESS+TCP+XTLS,目前最强悍的VLESS+XTLS组合,强力推荐使用(但是支持的客户端少一些)
- trojan,轻量级的伪装协议
- trojan+XTLS,trojan加强版,使用XTLS技术来提升性能
注意:目前一些客户端不支持VLESS协议,或者不支持XTLS,请按照自己的情况选择组合
按照自己的需求选择一个方式。例如6,然后回车。接着脚本会让你输入一些信息,也可以直接按回车使用默认值。需要注意的是,对于要输入伪装域名的情况,如果服务器上有网站在运行,请联系运维再执行脚本,否则可能导致原来网站无法访问!
脚本接下来自动运行,一切顺利的话,结束后会输出配置信息。
到此服务端配置完毕,服务器可能会自动重启(没提示重启,则不需要),windows终端出现“disconnected”,mac出现“closed by remote host”说明服务器成功重启了。
对于VLESS协议、VMESS+WS+TLS的组合,网页上输入伪装域名,能正常打开伪装站,说明服务端已经正确配置好。
对于使用TLS的方式,脚本默认会申请域名证书,证书存放在和xray配置文件同一个文件夹内(即/usr/local/etc/xray
目录下)。证书会自动更新,如果客户端突然无法使用,请打开伪装网站查看是否能正常打开。如果证书已过期,请再次运行上面的脚本重新配置。
frm https://v2raytech.com/xray-one-click-script/
Xray一键脚本的内容:
#!/bin/bash
# MTProto一键安装脚本
# Author: hijk<https://hijk.art>
RED="\033[31m" # Error message
GREEN="\033[32m" # Success message
YELLOW="\033[33m" # Warning message
BLUE="\033[36m" # Info message
PLAIN='\033[0m'
# 以下网站是随机从Google上找到的无广告小说网站,不喜欢请改成其他网址,以http或https开头
# 搭建好后无法打开伪装域名,可能是反代小说网站挂了,请在网站留言,或者Github发issue,以便替换新的网站
SITES=(
http://www.zhuizishu.com/
http://xs.56dyc.com/
http://www.xiaoshuosk.com/
https://www.quledu.net/
http://www.ddxsku.com/
http://www.biqu6.com/
https://www.wenshulou.cc/
http://www.auutea.com/
http://www.55shuba.com/
http://www.39shubao.com/
https://www.23xsw.cc/
)
CONFIG_FILE="/usr/local/etc/xray/config.json"
OS=`hostnamectl | grep -i system | cut -d: -f2`
V6_PROXY=""
IP=`curl -sL -4 ip.sb`
if [[ "$?" != "0" ]]; then
IP=`curl -sL -6 ip.sb`
V6_PROXY="https://gh.hijk.art/"
fi
BT="false"
NGINX_CONF_PATH="/etc/nginx/conf.d/"
res=`which bt 2>/dev/null`
if [[ "$res" != "" ]]; then
BT="true"
NGINX_CONF_PATH="/www/server/panel/vhost/nginx/"
fi
VLESS="false"
TROJAN="false"
TLS="false"
WS="false"
XTLS="false"
KCP="false"
checkSystem() {
result=$(id | awk '{print $1}')
if [[ $result != "uid=0(root)" ]]; then
colorEcho $RED " 请以root身份执行该脚本"
exit 1
fi
res=`which yum 2>/dev/null`
if [[ "$?" != "0" ]]; then
res=`which apt 2>/dev/null`
if [[ "$?" != "0" ]]; then
colorEcho $RED " 不受支持的Linux系统"
exit 1
fi
PMT="apt"
CMD_INSTALL="apt install -y "
CMD_REMOVE="apt remove -y "
CMD_UPGRADE="apt update; apt upgrade -y; apt autoremove -y"
else
PMT="yum"
CMD_INSTALL="yum install -y "
CMD_REMOVE="yum remove -y "
CMD_UPGRADE="yum update -y"
fi
res=`which systemctl 2>/dev/null`
if [[ "$?" != "0" ]]; then
colorEcho $RED " 系统版本过低,请升级到最新版本"
exit 1
fi
}
colorEcho() {
echo -e "${1}${@:2}${PLAIN}"
}
configNeedNginx() {
local ws=`grep wsSettings $CONFIG_FILE`
if [[ -z "$ws" ]]; then
echo no
return
fi
echo yes
}
needNginx() {
if [[ "$WS" = "false" ]]; then
echo no
return
fi
echo yes
}
status() {
if [[ ! -f /usr/local/bin/xray ]]; then
echo 0
return
fi
if [[ ! -f $CONFIG_FILE ]]; then
echo 1
return
fi
port=`grep port $CONFIG_FILE| head -n 1| cut -d: -f2| tr -d \",' '`
res=`ss -nutlp| grep ${port} | grep -i xray`
if [[ -z "$res" ]]; then
echo 2
return
fi
if [[ `configNeedNginx` != "yes" ]]; then
echo 3
else
res=`ss -nutlp|grep -i nginx`
if [[ -z "$res" ]]; then
echo 4
else
echo 5
fi
fi
}
statusText() {
res=`status`
case $res in
2)
echo -e ${GREEN}已安装${PLAIN} ${RED}未运行${PLAIN}
;;
3)
echo -e ${GREEN}已安装${PLAIN} ${GREEN}Xray正在运行${PLAIN}
;;
4)
echo -e ${GREEN}已安装${PLAIN} ${GREEN}Xray正在运行${PLAIN}, ${RED}Nginx未运行${PLAIN}
;;
5)
echo -e ${GREEN}已安装${PLAIN} ${GREEN}Xray正在运行, Nginx正在运行${PLAIN}
;;
*)
echo -e ${RED}未安装${PLAIN}
;;
esac
}
normalizeVersion() {
if [ -n "$1" ]; then
case "$1" in
v*)
echo "$1"
;;
*)
echo "v$1"
;;
esac
else
echo ""
fi
}
# 1: new Xray. 0: no. 1: yes. 2: not installed. 3: check failed.
getVersion() {
VER=`/usr/local/bin/xray version|head -n1 | awk '{print $2}'`
RETVAL=$?
CUR_VER="$(normalizeVersion "$(echo "$VER" | head -n 1 | cut -d " " -f2)")"
TAG_URL="${V6_PROXY}https://api.github.com/repos/XTLS/Xray-core/releases/latest"
NEW_VER="$(normalizeVersion "$(curl -s "${TAG_URL}" --connect-timeout 10| grep 'tag_name' | cut -d\" -f4)")"
if [[ $? -ne 0 ]] || [[ $NEW_VER == "" ]]; then
colorEcho $RED " 检查Xray版本信息失败,请检查网络"
return 3
elif [[ $RETVAL -ne 0 ]];then
return 2
elif [[ $NEW_VER != $CUR_VER ]];then
return 1
fi
return 0
}
archAffix(){
case "$(uname -m)" in
i686|i386)
echo '32'
;;
x86_64|amd64)
echo '64'
;;
armv5tel)
echo 'arm32-v5'
;;
armv6l)
echo 'arm32-v6'
;;
armv7|armv7l)
echo 'arm32-v7a'
;;
armv8|aarch64)
echo 'arm64-v8a'
;;
mips64le)
echo 'mips64le'
;;
mips64)
echo 'mips64'
;;
mipsle)
echo 'mips32le'
;;
mips)
echo 'mips32'
;;
ppc64le)
echo 'ppc64le'
;;
ppc64)
echo 'ppc64'
;;
ppc64le)
echo 'ppc64le'
;;
riscv64)
echo 'riscv64'
;;
s390x)
echo 's390x'
;;
*)
colorEcho $RED " 不支持的CPU架构!"
exit 1
;;
esac
return 0
}
getData() {
if [[ "$TLS" = "true" || "$XTLS" = "true" ]]; then
echo ""
echo " Xray一键脚本,运行之前请确认如下条件已经具备:"
colorEcho ${YELLOW} " 1. 一个伪装域名"
colorEcho ${YELLOW} " 2. 伪装域名DNS解析指向当前服务器ip(${IP})"
colorEcho ${BLUE} " 3. 如果/root目录下有 xray.pem 和 xray.key 证书密钥文件,无需理会条件2"
echo " "
read -p " 确认满足按y,按其他退出脚本:" answer
if [[ "${answer,,}" != "y" ]]; then
exit 0
fi
echo ""
while true
do
read -p " 请输入伪装域名:" DOMAIN
if [[ -z "${DOMAIN}" ]]; then
colorEcho ${RED} " 域名输入错误,请重新输入!"
else
break
fi
done
DOMAIN=${DOMAIN,,}
colorEcho ${BLUE} " 伪装域名(host):$DOMAIN"
echo ""
if [[ -f ~/xray.pem && -f ~/xray.key ]]; then
colorEcho ${BLUE} " 检测到自有证书,将使用其部署"
CERT_FILE="/usr/local/etc/xray/${DOMAIN}.pem"
KEY_FILE="/usr/local/etc/xray/${DOMAIN}.key"
else
resolve=`curl -sL https://hijk.art/hostip.php?d=${DOMAIN}`
res=`echo -n ${resolve} | grep ${IP}`
if [[ -z "${res}" ]]; then
colorEcho ${BLUE} "${DOMAIN} 解析结果:${resolve}"
colorEcho ${RED} " 域名未解析到当前服务器IP(${IP})!"
exit 1
fi
fi
fi
echo ""
if [[ "$(needNginx)" = "no" ]]; then
if [[ "$TLS" = "true" ]]; then
read -p " 请输入xray监听端口[强烈建议443,默认443]:" PORT
[[ -z "${PORT}" ]] && PORT=443
else
read -p " 请输入xray监听端口[100-65535的一个数字]:" PORT
[[ -z "${PORT}" ]] && PORT=`shuf -i200-65000 -n1`
if [[ "${PORT:0:1}" = "0" ]]; then
colorEcho ${RED} " 端口不能以0开头"
exit 1
fi
fi
colorEcho ${BLUE} " xray端口:$PORT"
else
read -p " 请输入Nginx监听端口[100-65535的一个数字,默认443]:" PORT
[[ -z "${PORT}" ]] && PORT=443
if [ "${PORT:0:1}" = "0" ]; then
colorEcho ${BLUE} " 端口不能以0开头"
exit 1
fi
colorEcho ${BLUE} " Nginx端口:$PORT"
XPORT=`shuf -i10000-65000 -n1`
fi
if [[ "$KCP" = "true" ]]; then
echo ""
colorEcho $BLUE " 请选择伪装类型:"
echo " 1) 无"
echo " 2) BT下载"
echo " 3) 视频通话"
echo " 4) 微信视频通话"
echo " 5) dtls"
echo " 6) wiregard"
read -p " 请选择伪装类型[默认:无]:" answer
case $answer in
2)
HEADER_TYPE="utp"
;;
3)
HEADER_TYPE="srtp"
;;
4)
HEADER_TYPE="wechat-video"
;;
5)
HEADER_TYPE="dtls"
;;
6)
HEADER_TYPE="wireguard"
;;
*)
HEADER_TYPE="none"
;;
esac
colorEcho $BLUE " 伪装类型:$HEADER_TYPE"
SEED=`cat /proc/sys/kernel/random/uuid`
fi
if [[ "$TROJAN" = "true" ]]; then
echo ""
read -p " 请设置trojan密码(不输则随机生成):" PASSWORD
[[ -z "$PASSWORD" ]] && PASSWORD=`cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 16 | head -n 1`
colorEcho $BLUE " trojan密码:$PASSWORD"
fi
if [[ "$XTLS" = "true" ]]; then
echo ""
colorEcho $BLUE " 请选择流控模式:"
echo -e " 1) xtls-rprx-direct [$RED推荐$PLAIN]"
echo " 2) xtls-rprx-origin"
read -p " 请选择流控模式[默认:direct]" answer
[[ -z "$answer" ]] && answer=1
case $answer in
1)
FLOW="xtls-rprx-direct"
;;
2)
FLOW="xtls-rprx-origin"
;;
*)
colorEcho $RED " 无效选项,使用默认的xtls-rprx-direct"
FLOW="xtls-rprx-direct"
;;
esac
colorEcho $BLUE " 流控模式:$FLOW"
fi
if [[ "${WS}" = "true" ]]; then
echo ""
while true
do
read -p " 请输入伪装路径,以/开头:" WSPATH
if [[ -z "${WSPATH}" ]]; then
len=`shuf -i5-12 -n1`
ws=`cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w $len | head -n 1`
WSPATH="/$ws"
break
elif [[ "${WSPATH:0:1}" != "/" ]]; then
colorEcho ${RED} " 伪装路径必须以/开头!"
elif [[ "${WSPATH}" = "/" ]]; then
colorEcho ${RED} " 不能使用根路径!"
else
break
fi
done
colorEcho ${BLUE} " ws路径:$WSPATH"
fi
if [[ "$TLS" = "true" || "$XTLS" = "true" ]]; then
echo ""
colorEcho $BLUE " 请选择伪装站类型:"
echo " 1) 静态网站(位于/usr/share/nginx/html)"
echo " 2) 小说站(随机选择)"
echo " 3) 美女站(https://imeizi.me)"
echo " 4) VPS优惠博客(https://vpsgongyi.com)"
echo " 5) 自定义反代站点(需以http或者https开头)"
read -p " 请选择伪装网站类型[默认:美女站]" answer
if [[ -z "$answer" ]]; then
PROXY_URL="https://imeizi.me"
else
case $answer in
1)
PROXY_URL=""
;;
2)
len=${#SITES[@]}
((len--))
while true
do
index=`shuf -i0-${len} -n1`
PROXY_URL=${SITES[$index]}
host=`echo ${PROXY_URL} | cut -d/ -f3`
ip=`curl -sL https://hijk.art/hostip.php?d=${host}`
res=`echo -n ${ip} | grep ${host}`
if [[ "${res}" = "" ]]; then
echo "$ip $host" >> /etc/hosts
break
fi
done
;;
3)
PROXY_URL="https://imeizi.me"
;;
4)
PROXY_URL="https://vpsgongyi.com"
;;
5)
read -p " 请输入反代站点(以http或者https开头):" PROXY_URL
if [[ -z "$PROXY_URL" ]]; then
colorEcho $RED " 请输入反代网站!"
exit 1
elif [[ "${PROXY_URL:0:4}" != "http" ]]; then
colorEcho $RED " 反代网站必须以http或https开头!"
exit 1
fi
;;
*)
colorEcho $RED " 请输入正确的选项!"
exit 1
esac
fi
REMOTE_HOST=`echo ${PROXY_URL} | cut -d/ -f3`
colorEcho $BLUE " 伪装网站:$PROXY_URL"
echo ""
colorEcho $BLUE " 是否允许搜索引擎爬取网站?[默认:不允许]"
echo " y)允许,会有更多ip请求网站,但会消耗一些流量,vps流量充足情况下推荐使用"
echo " n)不允许,爬虫不会访问网站,访问ip比较单一,但能节省vps流量"
read -p " 请选择:[y/n]" answer
if [[ -z "$answer" ]]; then
ALLOW_SPIDER="n"
elif [[ "${answer,,}" = "y" ]]; then
ALLOW_SPIDER="y"
else
ALLOW_SPIDER="n"
fi
colorEcho $BLUE " 允许搜索引擎:$ALLOW_SPIDER"
fi
echo ""
read -p " 是否安装BBR(默认安装)?[y/n]:" NEED_BBR
[[ -z "$NEED_BBR" ]] && NEED_BBR=y
[[ "$NEED_BBR" = "Y" ]] && NEED_BBR=y
colorEcho $BLUE " 安装BBR:$NEED_BBR"
}
installNginx() {
echo ""
colorEcho $BLUE " 安装nginx..."
if [[ "$BT" = "false" ]]; then
if [[ "$PMT" = "yum" ]]; then
$CMD_INSTALL epel-release
fi
$CMD_INSTALL nginx
systemctl enable nginx
else
res=`which nginx 2>/dev/null`
if [[ "$?" != "0" ]]; then
colorEcho $RED " 您安装了宝塔,请在宝塔后台安装nginx后再运行本脚本"
exit 1
fi
fi
}
startNginx() {
if [[ "$BT" = "false" ]]; then
systemctl start nginx
else
nginx -c /www/server/nginx/conf/nginx.conf
fi
}
stopNginx() {
if [[ "$BT" = "false" ]]; then
systemctl stop nginx
else
res=`ps aux | grep -i nginx`
if [[ "$res" != "" ]]; then
nginx -s stop
fi
fi
}
getCert() {
mkdir -p /usr/local/etc/xray
if [[ -z ${CERT_FILE+x} ]]; then
stopNginx
systemctl stop xray
res=`netstat -ntlp| grep -E ':80 |:443 '`
if [[ "${res}" != "" ]]; then
colorEcho ${RED} " 其他进程占用了80或443端口,请先关闭再运行一键脚本"
echo " 端口占用信息如下:"
echo ${res}
exit 1
fi
$CMD_INSTALL socat openssl
if [[ "$PMT" = "yum" ]]; then
$CMD_INSTALL cronie
systemctl start crond
systemctl enable crond
else
$CMD_INSTALL cron
systemctl start cron
systemctl enable cron
fi
curl -sL https://get.acme.sh | sh
source ~/.bashrc
~/.acme.sh/acme.sh --upgrade --auto-upgrade
~/.acme.sh/acme.sh --issue -d $DOMAIN --standalone
CERT_FILE="/usr/local/etc/xray/${DOMAIN}.pem"
KEY_FILE="/usr/local/etc/xray/${DOMAIN}.key"
~/.acme.sh/acme.sh --install-cert -d $DOMAIN \
--key-file $KEY_FILE \
--fullchain-file $CERT_FILE \
--reloadcmd "service nginx force-reload"
[[ -f $CERT_FILE && -f $KEY_FILE ]] || {
colorEcho $RED " 获取证书失败,请到 https://hijk.art 反馈"
exit 1
}
else
cp ~/xray.pem /usr/local/etc/xray/${DOMAIN}.pem
cp ~/xray.key /usr/local/etc/xray/${DOMAIN}.key
fi
}
configNginx() {
mkdir -p /usr/share/nginx/html;
if [[ "$ALLOW_SPIDER" = "n" ]]; then
echo 'User-Agent: *' > /usr/share/nginx/html/robots.txt
echo 'Disallow: /' >> /usr/share/nginx/html/robots.txt
ROBOT_CONFIG=" location = /robots.txt {}"
else
ROBOT_CONFIG=""
fi
if [[ "$BT" = "false" ]]; then
if [[ ! -f /etc/nginx/nginx.conf.bak ]]; then
mv /etc/nginx/nginx.conf /etc/nginx/nginx.conf.bak
fi
res=`id nginx 2>/dev/null`
if [[ "$?" != "0" ]]; then
user="www-data"
else
user="nginx"
fi
cat > /etc/nginx/nginx.conf<<-EOF
user $user;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;
# Load dynamic modules. See /usr/share/doc/nginx/README.dynamic.
include /usr/share/nginx/modules/*.conf;
events {
worker_connections 1024;
}
http {
log_format main '\$remote_addr - \$remote_user [\$time_local] "\$request" '
'\$status \$body_bytes_sent "\$http_referer" '
'"\$http_user_agent" "\$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
server_tokens off;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
gzip on;
include /etc/nginx/mime.types;
default_type application/octet-stream;
# Load modular configuration files from the /etc/nginx/conf.d directory.
# See http://nginx.org/en/docs/ngx_core_module.html#include
# for more information.
include /etc/nginx/conf.d/*.conf;
}
EOF
fi
if [[ "$PROXY_URL" = "" ]]; then
action=""
else
action="proxy_ssl_server_name on;
proxy_pass $PROXY_URL;
proxy_set_header Accept-Encoding '';
sub_filter \"$REMOTE_HOST\" \"$DOMAIN\";
sub_filter_once off;"
fi
if [[ "$TLS" = "true" || "$XTLS" = "true" ]]; then
mkdir -p ${NGINX_CONF_PATH}
# VMESS+WS+TLS
# VLESS+WS+TLS
if [[ "$WS" = "true" ]]; then
cat > ${NGINX_CONF_PATH}${DOMAIN}.conf<<-EOF
server {
listen 80;
listen [::]:80;
server_name ${DOMAIN};
return 301 https://\$server_name:${PORT}\$request_uri;
}
server {
listen ${PORT} ssl http2;
listen [::]:${PORT} ssl http2;
server_name ${DOMAIN};
charset utf-8;
# ssl配置
ssl_protocols TLSv1.1 TLSv1.2;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_ecdh_curve secp384r1;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
ssl_session_tickets off;
ssl_certificate $CERT_FILE;
ssl_certificate_key $KEY_FILE;
root /usr/share/nginx/html;
location / {
$action
}
$ROBOT_CONFIG
location ${WSPATH} {
proxy_redirect off;
proxy_pass http://127.0.0.1:${XPORT};
proxy_http_version 1.1;
proxy_set_header Upgrade \$http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host \$host;
proxy_set_header X-Real-IP \$remote_addr;
proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
}
}
EOF
else
# VLESS+TCP+TLS
# VLESS+TCP+XTLS
# trojan
cat > ${NGINX_CONF_PATH}${DOMAIN}.conf<<-EOF
server {
listen 80;
listen [::]:80;
listen 81 http2;
server_name ${DOMAIN};
root /usr/share/nginx/html;
location / {
$action
}
$ROBOT_CONFIG
}
EOF
fi
fi
}
setSelinux() {
if [[ -s /etc/selinux/config ]] && grep 'SELINUX=enforcing' /etc/selinux/config; then
sed -i 's/SELINUX=enforcing/SELINUX=permissive/g' /etc/selinux/config
setenforce 0
fi
}
setFirewall() {
res=`which firewall-cmd 2>/dev/null`
if [[ $? -eq 0 ]]; then
systemctl status firewalld > /dev/null 2>&1
if [[ $? -eq 0 ]];then
firewall-cmd --permanent --add-service=http
firewall-cmd --permanent --add-service=https
if [[ "$PORT" != "443" ]]; then
firewall-cmd --permanent --add-port=${PORT}/tcp
firewall-cmd --permanent --add-port=${PORT}/udp
fi
firewall-cmd --reload
else
nl=`iptables -nL | nl | grep FORWARD | awk '{print $1}'`
if [[ "$nl" != "3" ]]; then
iptables -I INPUT -p tcp --dport 80 -j ACCEPT
iptables -I INPUT -p tcp --dport 443 -j ACCEPT
if [[ "$PORT" != "443" ]]; then
iptables -I INPUT -p tcp --dport ${PORT} -j ACCEPT
iptables -I INPUT -p udp --dport ${PORT} -j ACCEPT
fi
fi
fi
else
res=`which iptables 2>/dev/null`
if [[ $? -eq 0 ]]; then
nl=`iptables -nL | nl | grep FORWARD | awk '{print $1}'`
if [[ "$nl" != "3" ]]; then
iptables -I INPUT -p tcp --dport 80 -j ACCEPT
iptables -I INPUT -p tcp --dport 443 -j ACCEPT
if [[ "$PORT" != "443" ]]; then
iptables -I INPUT -p tcp --dport ${PORT} -j ACCEPT
iptables -I INPUT -p udp --dport ${PORT} -j ACCEPT
fi
fi
else
res=`which ufw 2>/dev/null`
if [[ $? -eq 0 ]]; then
res=`ufw status | grep -i inactive`
if [[ "$res" = "" ]]; then
ufw allow http/tcp
ufw allow https/tcp
if [[ "$PORT" != "443" ]]; then
ufw allow ${PORT}/tcp
ufw allow ${PORT}/udp
fi
fi
fi
fi
fi
}
installBBR() {
if [[ "$NEED_BBR" != "y" ]]; then
INSTALL_BBR=false
return
fi
result=$(lsmod | grep bbr)
if [[ "$result" != "" ]]; then
colorEcho $BLUE " BBR模块已安装"
INSTALL_BBR=false
echo "3" > /proc/sys/net/ipv4/tcp_fastopen
echo "net.ipv4.tcp_fastopen = 3" >> /etc/sysctl.conf
return
fi
res=`hostnamectl | grep -i openvz`
if [[ "$res" != "" ]]; then
colorEcho $BLUE " openvz机器,跳过安装"
INSTALL_BBR=false
return
fi
echo "net.core.default_qdisc=fq" >> /etc/sysctl.conf
echo "net.ipv4.tcp_congestion_control=bbr" >> /etc/sysctl.conf
echo "net.ipv4.tcp_fastopen = 3" >> /etc/sysctl.conf
sysctl -p
result=$(lsmod | grep bbr)
if [[ "$result" != "" ]]; then
colorEcho $GREEN " BBR模块已启用"
INSTALL_BBR=false
return
fi
colorEcho $BLUE " 安装BBR模块..."
if [[ "$PMT" = "yum" ]]; then
if [[ "$V6_PROXY" = "" ]]; then
rpm --import https://www.elrepo.org/RPM-GPG-KEY-elrepo.org
rpm -Uvh http://www.elrepo.org/elrepo-release-7.0-4.el7.elrepo.noarch.rpm
$CMD_INSTALL --enablerepo=elrepo-kernel kernel-ml
$CMD_REMOVE kernel-3.*
grub2-set-default 0
echo "tcp_bbr" >> /etc/modules-load.d/modules.conf
echo "3" > /proc/sys/net/ipv4/tcp_fastopen
INSTALL_BBR=true
fi
else
$CMD_INSTALL --install-recommends linux-generic-hwe-16.04
grub-set-default 0
echo "tcp_bbr" >> /etc/modules-load.d/modules.conf
echo "3" > /proc/sys/net/ipv4/tcp_fastopen
INSTALL_BBR=true
fi
}
installXray() {
rm -rf /tmp/xray
mkdir -p /tmp/xray
DOWNLOAD_LINK="${V6_PROXY}https://github.com/XTLS/Xray-core/releases/download/${NEW_VER}/Xray-linux-$(archAffix).zip"
colorEcho $BLUE " 下载Xray: ${DOWNLOAD_LINK}"
curl -L -H "Cache-Control: no-cache" -o /tmp/xray/xray.zip ${DOWNLOAD_LINK}
if [ $? != 0 ];then
colorEcho $RED " 下载Xray文件失败,请检查服务器网络设置"
exit 1
fi
systemctl stop xray
mkdir -p /usr/local/etc/xray /usr/local/share/xray && \
unzip /tmp/xray/xray.zip -d /tmp/xray
cp /tmp/xray/xray /usr/local/bin
cp /tmp/xray/geo* /usr/local/share/xray
chmod +x /usr/local/bin/xray || {
colorEcho $RED " Xray安装失败"
exit 1
}
cat >/etc/systemd/system/xray.service<<-EOF
[Unit]
Description=Xray Service
Documentation=https://github.com/xtls https://hijk.art
After=network.target nss-lookup.target
[Service]
User=root
CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE
AmbientCapabilities=CAP_NET_ADMIN CAP_NET_BIND_SERVICE
NoNewPrivileges=true
ExecStart=/usr/local/bin/xray run -config /usr/local/etc/xray/config.json
Restart=on-failure
RestartPreventExitStatus=23
[Install]
WantedBy=multi-user.target
EOF
systemctl daemon-reload
systemctl enable xray.service
}
trojanConfig() {
cat > $CONFIG_FILE<<-EOF
{
"inbounds": [{
"port": $PORT,
"protocol": "trojan",
"settings": {
"clients": [
{
"password": "$PASSWORD"
}
],
"fallbacks": [
{
"alpn": "http/1.1",
"dest": 80
},
{
"alpn": "h2",
"dest": 81
}
]
},
"streamSettings": {
"network": "tcp",
"security": "tls",
"tlsSettings": {
"serverName": "$DOMAIN",
"alpn": ["http/1.1", "h2"],
"certificates": [
{
"certificateFile": "$CERT_FILE",
"keyFile": "$KEY_FILE"
}
]
}
}
}],
"outbounds": [{
"protocol": "freedom",
"settings": {}
},{
"protocol": "blackhole",
"settings": {},
"tag": "blocked"
}],
"routing": {
"rules": [
{
"type": "field",
"ip": ["geoip:private"],
"outboundTag": "blocked"
}
]
}
}
EOF
}
trojanXTLSConfig() {
cat > $CONFIG_FILE<<-EOF
{
"inbounds": [{
"port": $PORT,
"protocol": "trojan",
"settings": {
"clients": [
{
"password": "$PASSWORD",
"flow": "$FLOW"
}
],
"fallbacks": [
{
"alpn": "http/1.1",
"dest": 80
},
{
"alpn": "h2",
"dest": 81
}
]
},
"streamSettings": {
"network": "tcp",
"security": "xtls",
"xtlsSettings": {
"serverName": "$DOMAIN",
"alpn": ["http/1.1", "h2"],
"certificates": [
{
"certificateFile": "$CERT_FILE",
"keyFile": "$KEY_FILE"
}
]
}
}
}],
"outbounds": [{
"protocol": "freedom",
"settings": {}
},{
"protocol": "blackhole",
"settings": {},
"tag": "blocked"
}],
"routing": {
"rules": [
{
"type": "field",
"ip": ["geoip:private"],
"outboundTag": "blocked"
}
]
}
}
EOF
}
vmessConfig() {
local uuid="$(cat '/proc/sys/kernel/random/uuid')"
local alterid=`shuf -i50-80 -n1`
cat > $CONFIG_FILE<<-EOF
{
"inbounds": [{
"port": $PORT,
"protocol": "vmess",
"settings": {
"clients": [
{
"id": "$uuid",
"level": 1,
"alterId": $alterid
}
]
}
}],
"outbounds": [{
"protocol": "freedom",
"settings": {}
},{
"protocol": "blackhole",
"settings": {},
"tag": "blocked"
}],
"routing": {
"rules": [
{
"type": "field",
"ip": ["geoip:private"],
"outboundTag": "blocked"
}
]
}
}
EOF
}
vmessKCPConfig() {
local uuid="$(cat '/proc/sys/kernel/random/uuid')"
local alterid=`shuf -i50-80 -n1`
cat > $CONFIG_FILE<<-EOF
{
"inbounds": [{
"port": $PORT,
"protocol": "vmess",
"settings": {
"clients": [
{
"id": "$uuid",
"level": 1,
"alterId": $alterid
}
]
},
"streamSettings": {
"network": "mkcp",
"kcpSettings": {
"uplinkCapacity": 100,
"downlinkCapacity": 100,
"congestion": true,
"header": {
"type": "$HEADER_TYPE"
},
"seed": "$SEED"
}
}
}],
"outbounds": [{
"protocol": "freedom",
"settings": {}
},{
"protocol": "blackhole",
"settings": {},
"tag": "blocked"
}],
"routing": {
"rules": [
{
"type": "field",
"ip": ["geoip:private"],
"outboundTag": "blocked"
}
]
}
}
EOF
}
vmessTLSConfig() {
local uuid="$(cat '/proc/sys/kernel/random/uuid')"
cat > $CONFIG_FILE<<-EOF
{
"inbounds": [{
"port": $PORT,
"protocol": "vmess",
"settings": {
"clients": [
{
"id": "$uuid",
"level": 1,
"alterId": 0
}
],
"disableInsecureEncryption": false
},
"streamSettings": {
"network": "tcp",
"security": "tls",
"tlsSettings": {
"serverName": "$DOMAIN",
"alpn": ["http/1.1", "h2"],
"certificates": [
{
"certificateFile": "$CERT_FILE",
"keyFile": "$KEY_FILE"
}
]
}
}
}],
"outbounds": [{
"protocol": "freedom",
"settings": {}
},{
"protocol": "blackhole",
"settings": {},
"tag": "blocked"
}],
"routing": {
"rules": [
{
"type": "field",
"ip": ["geoip:private"],
"outboundTag": "blocked"
}
]
}
}
EOF
}
vmessWSConfig() {
local uuid="$(cat '/proc/sys/kernel/random/uuid')"
cat > $CONFIG_FILE<<-EOF
{
"inbounds": [{
"port": $XPORT,
"listen": "127.0.0.1",
"protocol": "vmess",
"settings": {
"clients": [
{
"id": "$uuid",
"level": 1,
"alterId": 0
}
],
"disableInsecureEncryption": false
},
"streamSettings": {
"network": "ws",
"wsSettings": {
"path": "$WSPATH",
"headers": {
"Host": "$DOMAIN"
}
}
}
}],
"outbounds": [{
"protocol": "freedom",
"settings": {}
},{
"protocol": "blackhole",
"settings": {},
"tag": "blocked"
}],
"routing": {
"rules": [
{
"type": "field",
"ip": ["geoip:private"],
"outboundTag": "blocked"
}
]
}
}
EOF
}
vlessTLSConfig() {
local uuid="$(cat '/proc/sys/kernel/random/uuid')"
cat > $CONFIG_FILE<<-EOF
{
"inbounds": [{
"port": $PORT,
"protocol": "vless",
"settings": {
"clients": [
{
"id": "$uuid",
"level": 0
}
],
"decryption": "none",
"fallbacks": [
{
"alpn": "http/1.1",
"dest": 80
},
{
"alpn": "h2",
"dest": 81
}
]
},
"streamSettings": {
"network": "tcp",
"security": "tls",
"tlsSettings": {
"serverName": "$DOMAIN",
"alpn": ["http/1.1", "h2"],
"certificates": [
{
"certificateFile": "$CERT_FILE",
"keyFile": "$KEY_FILE"
}
]
}
}
}],
"outbounds": [{
"protocol": "freedom",
"settings": {}
},{
"protocol": "blackhole",
"settings": {},
"tag": "blocked"
}],
"routing": {
"rules": [
{
"type": "field",
"ip": ["geoip:private"],
"outboundTag": "blocked"
}
]
}
}
EOF
}
vlessXTLSConfig() {
local uuid="$(cat '/proc/sys/kernel/random/uuid')"
cat > $CONFIG_FILE<<-EOF
{
"inbounds": [{
"port": $PORT,
"protocol": "vless",
"settings": {
"clients": [
{
"id": "$uuid",
"flow": "$FLOW",
"level": 0
}
],
"decryption": "none",
"fallbacks": [
{
"alpn": "http/1.1",
"dest": 80
},
{
"alpn": "h2",
"dest": 81
}
]
},
"streamSettings": {
"network": "tcp",
"security": "xtls",
"xtlsSettings": {
"serverName": "$DOMAIN",
"alpn": ["http/1.1", "h2"],
"certificates": [
{
"certificateFile": "$CERT_FILE",
"keyFile": "$KEY_FILE"
}
]
}
}
}],
"outbounds": [{
"protocol": "freedom",
"settings": {}
},{
"protocol": "blackhole",
"settings": {},
"tag": "blocked"
}],
"routing": {
"rules": [
{
"type": "field",
"ip": ["geoip:private"],
"outboundTag": "blocked"
}
]
}
}
EOF
}
vlessWSConfig() {
local uuid="$(cat '/proc/sys/kernel/random/uuid')"
cat > $CONFIG_FILE<<-EOF
{
"inbounds": [{
"port": $XPORT,
"listen": "127.0.0.1",
"protocol": "vless",
"settings": {
"clients": [
{
"id": "$uuid",
"level": 0
}
],
"decryption": "none"
},
"streamSettings": {
"network": "ws",
"security": "none",
"wsSettings": {
"path": "$WSPATH",
"headers": {
"Host": "$DOMAIN"
}
}
}
}],
"outbounds": [{
"protocol": "freedom",
"settings": {}
},{
"protocol": "blackhole",
"settings": {},
"tag": "blocked"
}],
"routing": {
"rules": [
{
"type": "field",
"ip": ["geoip:private"],
"outboundTag": "blocked"
}
]
}
}
EOF
}
vlessKCPConfig() {
local uuid="$(cat '/proc/sys/kernel/random/uuid')"
cat > $CONFIG_FILE<<-EOF
{
"inbounds": [{
"port": $PORT,
"protocol": "vless",
"settings": {
"clients": [
{
"id": "$uuid",
"level": 0
}
],
"decryption": "none"
},
"streamSettings": {
"streamSettings": {
"network": "mkcp",
"kcpSettings": {
"uplinkCapacity": 100,
"downlinkCapacity": 100,
"congestion": true,
"header": {
"type": "$HEADER_TYPE"
},
"seed": "$SEED"
}
}
}
}],
"outbounds": [{
"protocol": "freedom",
"settings": {}
},{
"protocol": "blackhole",
"settings": {},
"tag": "blocked"
}],
"routing": {
"rules": [
{
"type": "field",
"ip": ["geoip:private"],
"outboundTag": "blocked"
}
]
}
}
EOF
}
configXray() {
mkdir -p /usr/local/xray
if [[ "$TROJAN" = "true" ]]; then
if [[ "$XTLS" = "true" ]]; then
trojanXTLSConfig
else
trojanConfig
fi
return 0
fi
if [[ "$VLESS" = "false" ]]; then
# VMESS + kcp
if [[ "$KCP" = "true" ]]; then
vmessKCPConfig
return 0
fi
# VMESS
if [[ "$TLS" = "false" ]]; then
vmessConfig
elif [[ "$WS" = "false" ]]; then
# VMESS+TCP+TLS
vmessTLSConfig
# VMESS+WS+TLS
else
vmessWSConfig
fi
#VLESS
else
if [[ "$KCP" = "true" ]]; then
vlessKCPConfig
return 0
fi
# VLESS+TCP
if [[ "$WS" = "false" ]]; then
# VLESS+TCP+TLS
if [[ "$XTLS" = "false" ]]; then
vlessTLSConfig
# VLESS+TCP+XTLS
else
vlessXTLSConfig
fi
# VLESS+WS+TLS
else
vlessWSConfig
fi
fi
}
install() {
getData
$PMT clean all
[[ "$PMT" = "apt" ]] && $PMT update
#echo $CMD_UPGRADE | bash
$CMD_INSTALL wget vim unzip tar gcc openssl
$CMD_INSTALL net-tools
if [[ "$PMT" = "apt" ]]; then
$CMD_INSTALL libssl-dev g++
fi
res=`which unzip 2>/dev/null`
if [[ $? -ne 0 ]]; then
colorEcho $RED " unzip安装失败,请检查网络"
exit 1
fi
installNginx
setFirewall
if [[ "$TLS" = "true" || "$XTLS" = "true" ]]; then
getCert
fi
configNginx
colorEcho $BLUE " 安装Xray..."
getVersion
RETVAL="$?"
if [[ $RETVAL == 0 ]]; then
colorEcho $BLUE " Xray最新版 ${CUR_VER} 已经安装"
elif [[ $RETVAL == 3 ]]; then
exit 1
else
colorEcho $BLUE " 安装Xray ${NEW_VER} ,架构$(archAffix)"
installXray
fi
configXray
setSelinux
installBBR
start
showInfo
bbrReboot
}
bbrReboot() {
if [[ "${INSTALL_BBR}" == "true" ]]; then
echo
echo " 为使BBR模块生效,系统将在30秒后重启"
echo
echo -e " 您可以按 ctrl + c 取消重启,稍后输入 ${RED}reboot${PLAIN} 重启系统"
sleep 30
reboot
fi
}
update() {
res=`status`
if [[ $res -lt 2 ]]; then
colorEcho $RED " Xray未安装,请先安装!"
return
fi
getVersion
RETVAL="$?"
if [[ $RETVAL == 0 ]]; then
colorEcho $BLUE " Xray最新版 ${CUR_VER} 已经安装"
elif [[ $RETVAL == 3 ]]; then
exit 1
else
colorEcho $BLUE " 安装Xray ${NEW_VER} ,架构$(archAffix)"
installXray
stop
start
colorEcho $GREEN " 最新版Xray安装成功!"
fi
}
uninstall() {
echo ""
read -p " 确定卸载Xray?[y/n]:" answer
if [[ "${answer,,}" = "y" ]]; then
domain=`grep Host $CONFIG_FILE | cut -d: -f2 | tr -d \",' '`
if [[ "$domain" = "" ]]; then
domain=`grep serverName $CONFIG_FILE | cut -d: -f2 | tr -d \",' '`
fi
stop
systemctl disable xray
rm -rf /etc/systemd/system/xray.service
rm -rf /usr/local/bin/xray
rm -rf /usr/local/etc/xray
if [[ "$BT" = "false" ]]; then
systemctl disable nginx
$CMD_REMOVE nginx
if [[ "$PMT" = "apt" ]]; then
$CMD_REMOVE nginx-common
fi
rm -rf /etc/nginx/nginx.conf
if [[ -f /etc/nginx/nginx.conf.bak ]]; then
mv /etc/nginx/nginx.conf.bak /etc/nginx/nginx.conf
fi
fi
if [[ "$domain" != "" ]]; then
rm -rf ${NGINX_CONF_PATH}${domain}.conf
fi
[[ -f ~/.acme.sh/acme.sh ]] && ~/.acme.sh/acme.sh --uninstall
colorEcho $GREEN " Xray卸载成功"
fi
}
start() {
res=`status`
if [[ $res -lt 2 ]]; then
colorEcho $RED " Xray未安装,请先安装!"
return
fi
stopNginx
startNginx
systemctl restart xray
sleep 2
port=`grep port $CONFIG_FILE| head -n 1| cut -d: -f2| tr -d \",' '`
res=`ss -nutlp| grep ${port} | grep -i xray`
if [[ "$res" = "" ]]; then
colorEcho $RED " Xray启动失败,请检查日志或查看端口是否被占用!"
else
colorEcho $BLUE " Xray启动成功"
fi
}
stop() {
stopNginx
systemctl stop xray
colorEcho $BLUE " Xray停止成功"
}
restart() {
res=`status`
if [[ $res -lt 2 ]]; then
colorEcho $RED " Xray未安装,请先安装!"
return
fi
stop
start
}
getConfigFileInfo() {
vless="false"
tls="false"
ws="false"
xtls="false"
trojan="false"
protocol="VMess"
kcp="false"
uid=`grep id $CONFIG_FILE | head -n1| cut -d: -f2 | tr -d \",' '`
alterid=`grep alterId $CONFIG_FILE | cut -d: -f2 | tr -d \",' '`
network=`grep network $CONFIG_FILE | tail -n1| cut -d: -f2 | tr -d \",' '`
[[ -z "$network" ]] && network="tcp"
domain=`grep serverName $CONFIG_FILE | cut -d: -f2 | tr -d \",' '`
if [[ "$domain" = "" ]]; then
domain=`grep Host $CONFIG_FILE | cut -d: -f2 | tr -d \",' '`
if [[ "$domain" != "" ]]; then
ws="true"
tls="true"
wspath=`grep path $CONFIG_FILE | cut -d: -f2 | tr -d \",' '`
fi
else
tls="true"
fi
if [[ "$ws" = "true" ]]; then
port=`grep -i ssl $NGINX_CONF_PATH${domain}.conf| head -n1 | awk '{print $2}'`
else
port=`grep port $CONFIG_FILE | cut -d: -f2 | tr -d \",' '`
fi
res=`grep -i kcp $CONFIG_FILE`
if [[ "$res" != "" ]]; then
kcp="true"
type=`grep header -A 3 $CONFIG_FILE | grep 'type' | cut -d: -f2 | tr -d \",' '`
seed=`grep seed $CONFIG_FILE | cut -d: -f2 | tr -d \",' '`
fi
vmess=`grep vmess $CONFIG_FILE`
if [[ "$vmess" = "" ]]; then
trojan=`grep trojan $CONFIG_FILE`
if [[ "$trojan" = "" ]]; then
vless="true"
protocol="VLESS"
else
trojan="true"
password=`grep password $CONFIG_FILE | cut -d: -f2 | tr -d \",' '`
protocol="trojan"
fi
tls="true"
encryption="none"
xtls=`grep xtlsSettings $CONFIG_FILE`
if [[ "$xtls" != "" ]]; then
xtls="true"
flow=`grep flow $CONFIG_FILE | cut -d: -f2 | tr -d \",' '`
else
flow="无"
fi
fi
}
outputVmess() {
raw="{
\"v\":\"2\",
\"ps\":\"\",
\"add\":\"$IP\",
\"port\":\"${port}\",
\"id\":\"${uid}\",
\"aid\":\"$alterid\",
\"net\":\"tcp\",
\"type\":\"none\",
\"host\":\"\",
\"path\":\"\",
\"tls\":\"\"
}"
link=`echo -n ${raw} | base64 -w 0`
link="vmess://${link}"
echo -e " ${BLUE}IP(address): ${PLAIN} ${RED}${IP}${PLAIN}"
echo -e " ${BLUE}端口(port):${PLAIN}${RED}${port}${PLAIN}"
echo -e " ${BLUE}id(uuid):${PLAIN}${RED}${uid}${PLAIN}"
echo -e " ${BLUE}额外id(alterid):${PLAIN} ${RED}${alterid}${PLAIN}"
echo -e " ${BLUE}加密方式(security):${PLAIN} ${RED}auto${PLAIN}"
echo -e " ${BLUE}传输协议(network):${PLAIN} ${RED}${network}${PLAIN}"
echo
echo -e " ${BLUE}vmess链接:${PLAIN} $RED$link$PLAIN"
}
outputVmessKCP() {
echo -e " ${BLUE}IP(address): ${PLAIN} ${RED}${IP}${PLAIN}"
echo -e " ${BLUE}端口(port):${PLAIN}${RED}${port}${PLAIN}"
echo -e " ${BLUE}id(uuid):${PLAIN}${RED}${uid}${PLAIN}"
echo -e " ${BLUE}额外id(alterid):${PLAIN} ${RED}${alterid}${PLAIN}"
echo -e " ${BLUE}加密方式(security):${PLAIN} ${RED}auto${PLAIN}"
echo -e " ${BLUE}传输协议(network):${PLAIN} ${RED}${network}${PLAIN}"
echo -e " ${BLUE}伪装类型(type):${PLAIN} ${RED}${type}${PLAIN}"
echo -e " ${BLUE}mkcp seed:${PLAIN} ${RED}${seed}${PLAIN}"
}
outputTrojan() {
if [[ "$xtls" = "true" ]]; then
echo -e " ${BLUE}IP/域名(address): ${PLAIN} ${RED}${domain}${PLAIN}"
echo -e " ${BLUE}端口(port):${PLAIN}${RED}${port}${PLAIN}"
echo -e " ${BLUE}密码(password):${PLAIN}${RED}${password}${PLAIN}"
echo -e " ${BLUE}流控(flow):${PLAIN}$RED$flow${PLAIN}"
echo -e " ${BLUE}加密(encryption):${PLAIN} ${RED}none${PLAIN}"
echo -e " ${BLUE}传输协议(network):${PLAIN} ${RED}${network}${PLAIN}"
echo -e " ${BLUE}底层安全传输(tls):${PLAIN}${RED}XTLS${PLAIN}"
else
echo -e " ${BLUE}IP/域名(address): ${PLAIN} ${RED}${domain}${PLAIN}"
echo -e " ${BLUE}端口(port):${PLAIN}${RED}${port}${PLAIN}"
echo -e " ${BLUE}密码(password):${PLAIN}${RED}${password}${PLAIN}"
echo -e " ${BLUE}传输协议(network):${PLAIN} ${RED}${network}${PLAIN}"
echo -e " ${BLUE}底层安全传输(tls):${PLAIN}${RED}TLS${PLAIN}"
fi
}
outputVmessTLS() {
raw="{
\"v\":\"2\",
\"ps\":\"\",
\"add\":\"$IP\",
\"port\":\"${port}\",
\"id\":\"${uid}\",
\"aid\":\"$alterid\",
\"net\":\"${network}\",
\"type\":\"none\",
\"host\":\"${domain}\",
\"path\":\"\",
\"tls\":\"tls\"
}"
link=`echo -n ${raw} | base64 -w 0`
link="vmess://${link}"
echo -e " ${BLUE}IP(address): ${PLAIN} ${RED}${IP}${PLAIN}"
echo -e " ${BLUE}端口(port):${PLAIN}${RED}${port}${PLAIN}"
echo -e " ${BLUE}id(uuid):${PLAIN}${RED}${uid}${PLAIN}"
echo -e " ${BLUE}额外id(alterid):${PLAIN} ${RED}${alterid}${PLAIN}"
echo -e " ${BLUE}加密方式(security):${PLAIN} ${RED}none${PLAIN}"
echo -e " ${BLUE}传输协议(network):${PLAIN} ${RED}${network}${PLAIN}"
echo -e " ${BLUE}伪装域名/主机名(host):${PLAIN}${RED}${domain}${PLAIN}"
echo -e " ${BLUE}底层安全传输(tls):${PLAIN}${RED}TLS${PLAIN}"
echo
echo -e " ${BLUE}vmess链接: ${PLAIN}$RED$link$PLAIN"
}
outputVmessWS() {
raw="{
\"v\":\"2\",
\"ps\":\"\",
\"add\":\"$IP\",
\"port\":\"${port}\",
\"id\":\"${uid}\",
\"aid\":\"$alterid\",
\"net\":\"${network}\",
\"type\":\"none\",
\"host\":\"${domain}\",
\"path\":\"${wspath}\",
\"tls\":\"tls\"
}"
link=`echo -n ${raw} | base64 -w 0`
link="vmess://${link}"
echo -e " ${BLUE}IP(address): ${PLAIN} ${RED}${IP}${PLAIN}"
echo -e " ${BLUE}端口(port):${PLAIN}${RED}${port}${PLAIN}"
echo -e " ${BLUE}id(uuid):${PLAIN}${RED}${uid}${PLAIN}"
echo -e " ${BLUE}额外id(alterid):${PLAIN} ${RED}${alterid}${PLAIN}"
echo -e " ${BLUE}加密方式(security):${PLAIN} ${RED}none${PLAIN}"
echo -e " ${BLUE}传输协议(network):${PLAIN} ${RED}${network}${PLAIN}"
echo -e " ${BLUE}伪装类型(type):${PLAIN}${RED}none$PLAIN"
echo -e " ${BLUE}伪装域名/主机名(host):${PLAIN}${RED}${domain}${PLAIN}"
echo -e " ${BLUE}路径(path):${PLAIN}${RED}${wspath}${PLAIN}"
echo -e " ${BLUE}底层安全传输(tls):${PLAIN}${RED}TLS${PLAIN}"
echo
echo -e " ${BLUE}vmess链接:${PLAIN} $RED$link$PLAIN"
}
showInfo() {
res=`status`
if [[ $res -lt 2 ]]; then
colorEcho $RED " Xray未安装,请先安装!"
return
fi
echo ""
echo -n -e " ${BLUE}Xray运行状态:${PLAIN}"
statusText
echo -e " ${BLUE}Xray配置文件: ${PLAIN} ${RED}${CONFIG_FILE}${PLAIN}"
colorEcho $BLUE " Xray配置信息:"
getConfigFileInfo
echo -e " ${BLUE}协议: ${PLAIN} ${RED}${protocol}${PLAIN}"
if [[ "$trojan" = "true" ]]; then
outputTrojan
return 0
fi
if [[ "$vless" = "false" ]]; then
if [[ "$kcp" = "true" ]]; then
outputVmessKCP
return 0
fi
if [[ "$tls" = "false" ]]; then
outputVmess
elif [[ "$ws" = "false" ]]; then
outputVmessTLS
else
outputVmessWS
fi
else
if [[ "$kcp" = "true" ]]; then
echo -e " ${BLUE}IP(address): ${PLAIN} ${RED}${IP}${PLAIN}"
echo -e " ${BLUE}端口(port):${PLAIN}${RED}${port}${PLAIN}"
echo -e " ${BLUE}id(uuid):${PLAIN}${RED}${uid}${PLAIN}"
echo -e " ${BLUE}加密(encryption):${PLAIN} ${RED}none${PLAIN}"
echo -e " ${BLUE}传输协议(network):${PLAIN} ${RED}${network}${PLAIN}"
echo -e " ${BLUE}伪装类型(type):${PLAIN} ${RED}${type}${PLAIN}"
echo -e " ${BLUE}mkcp seed:${PLAIN} ${RED}${seed}${PLAIN}"
return 0
fi
if [[ "$xtls" = "true" ]]; then
echo -e " ${BLUE}IP(address): ${PLAIN} ${RED}${IP}${PLAIN}"
echo -e " ${BLUE}端口(port):${PLAIN}${RED}${port}${PLAIN}"
echo -e " ${BLUE}id(uuid):${PLAIN}${RED}${uid}${PLAIN}"
echo -e " ${BLUE}流控(flow):${PLAIN}$RED$flow${PLAIN}"
echo -e " ${BLUE}加密(encryption):${PLAIN} ${RED}none${PLAIN}"
echo -e " ${BLUE}传输协议(network):${PLAIN} ${RED}${network}${PLAIN}"
echo -e " ${BLUE}伪装类型(type):${PLAIN}${RED}none$PLAIN"
echo -e " ${BLUE}伪装域名/主机名(host):${PLAIN}${RED}${domain}${PLAIN}"
echo -e " ${BLUE}底层安全传输(tls):${PLAIN}${RED}XTLS${PLAIN}"
elif [[ "$ws" = "false" ]]; then
echo -e " ${BLUE}IP(address): ${PLAIN}${RED}${IP}${PLAIN}"
echo -e " ${BLUE}端口(port):${PLAIN}${RED}${port}${PLAIN}"
echo -e " ${BLUE}id(uuid):${PLAIN}${RED}${uid}${PLAIN}"
echo -e " ${BLUE}流控(flow):${PLAIN}$RED$flow${PLAIN}"
echo -e " ${BLUE}加密(encryption):${PLAIN} ${RED}none${PLAIN}"
echo -e " ${BLUE}传输协议(network):${PLAIN} ${RED}${network}${PLAIN}"
echo -e " ${BLUE}伪装类型(type):${PLAIN}${RED}none$PLAIN"
echo -e " ${BLUE}伪装域名/主机名(host):${PLAIN}${RED}${domain}${PLAIN}"
echo -e " ${BLUE}底层安全传输(tls):${PLAIN}${RED}TLS${PLAIN}"
else
echo -e " ${BLUE}IP(address): ${PLAIN} ${RED}${IP}${PLAIN}"
echo -e " ${BLUE}端口(port):${PLAIN}${RED}${port}${PLAIN}"
echo -e " ${BLUE}id(uuid):${PLAIN}${RED}${uid}${PLAIN}"
echo -e " ${BLUE}流控(flow):${PLAIN}$RED$flow${PLAIN}"
echo -e " ${BLUE}加密(encryption):${PLAIN} ${RED}none${PLAIN}"
echo -e " ${BLUE}传输协议(network):${PLAIN} ${RED}${network}${PLAIN}"
echo -e " ${BLUE}伪装类型(type):${PLAIN}${RED}none$PLAIN"
echo -e " ${BLUE}伪装域名/主机名(host):${PLAIN}${RED}${domain}${PLAIN}"
echo -e " ${BLUE}路径(path):${PLAIN}${RED}${wspath}${PLAIN}"
echo -e " ${BLUE}底层安全传输(tls):${PLAIN}${RED}TLS${PLAIN}"
fi
fi
}
showLog() {
res=`status`
if [[ $res -lt 2 ]]; then
colorEcho $RED " Xray未安装,请先安装!"
return
fi
journalctl -xen -u xray --no-pager
}
menu() {
clear
echo "#############################################################"
echo -e "# ${RED}Xray一键安装脚本${PLAIN} #"
echo -e "# ${GREEN}作者${PLAIN}: 网络跳越(hijk) #"
echo -e "# ${GREEN}网址${PLAIN}: https://hijk.art #"
echo -e "# ${GREEN}论坛${PLAIN}: https://hijk.club #"
echo -e "# ${GREEN}TG群${PLAIN}: https://t.me/hijkclub #"
echo -e "# ${GREEN}Youtube频道${PLAIN}: https://youtube.com/channel/UCYTB--VsObzepVJtc9yvUxQ #"
echo "#############################################################"
echo -e " ${GREEN}1.${PLAIN} 安装Xray-VMESS"
echo -e " ${GREEN}2.${PLAIN} 安装Xray-${BLUE}VMESS+mKCP${PLAIN}"
echo -e " ${GREEN}3.${PLAIN} 安装Xray-VMESS+TCP+TLS"
echo -e " ${GREEN}4.${PLAIN} 安装Xray-${BLUE}VMESS+WS+TLS${PLAIN}${RED}(推荐)${PLAIN}"
echo -e " ${GREEN}5.${PLAIN} 安装Xray-${BLUE}VLESS+mKCP${PLAIN}"
echo -e " ${GREEN}6.${PLAIN} 安装Xray-VLESS+TCP+TLS"
echo -e " ${GREEN}7.${PLAIN} 安装Xray-${BLUE}VLESS+WS+TLS${PLAIN}${RED}(可过cdn)${PLAIN}"
echo -e " ${GREEN}8.${PLAIN} 安装Xray-${BLUE}VLESS+TCP+XTLS${PLAIN}${RED}(推荐)${PLAIN}"
echo -e " ${GREEN}9.${PLAIN} 安装${BLUE}trojan${PLAIN}${RED}(推荐)${PLAIN}"
echo -e " ${GREEN}10.${PLAIN} 安装${BLUE}trojan+XTLS${PLAIN}${RED}(推荐)${PLAIN}"
echo " -------------"
echo -e " ${GREEN}11.${PLAIN} 更新Xray"
echo -e " ${GREEN}12.${PLAIN} 卸载Xray"
echo " -------------"
echo -e " ${GREEN}13.${PLAIN} 启动Xray"
echo -e " ${GREEN}14.${PLAIN} 重启Xray"
echo -e " ${GREEN}15.${PLAIN} 停止Xray"
echo " -------------"
echo -e " ${GREEN}16.${PLAIN} 查看Xray配置"
echo -e " ${GREEN}17.${PLAIN} 查看Xray日志"
echo " -------------"
echo -e " ${GREEN}0.${PLAIN} 退出"
echo -n " 当前状态:"
statusText
echo
read -p " 请选择操作[0-17]:" answer
case $answer in
0)
exit 0
;;
1)
install
;;
2)
KCP="true"
install
;;
3)
TLS="true"
install
;;
4)
TLS="true"
WS="true"
install
;;
5)
VLESS="true"
KCP="true"
install
;;
6)
VLESS="true"
TLS="true"
install
;;
7)
VLESS="true"
TLS="true"
WS="true"
install
;;
8)
VLESS="true"
TLS="true"
XTLS="true"
install
;;
9)
TROJAN="true"
TLS="true"
install
;;
10)
TROJAN="true"
TLS="true"
XTLS="true"
install
;;
11)
update
;;
12)
uninstall
;;
13)
start
;;
14)
restart
;;
15)
stop
;;
16)
showInfo
;;
17)
showLog
;;
*)
colorEcho $RED " 请选择正确的操作!"
exit 1
;;
esac
}
checkSystem
menu
------------------
Easiest way to install & upgrade Xray.
Xray-install
Bash script for installing Xray in operating systems such as CentOS / Debian / OpenSUSE that support systemd.
Filesystem Hierarchy Standard (FHS)
installed: /etc/systemd/system/xray.service
installed: /etc/systemd/system/xray@.service
installed: /usr/local/bin/xray
installed: /usr/local/etc/xray/*.json
installed: /usr/local/share/xray/geoip.dat
installed: /usr/local/share/xray/geosite.dat
installed: /var/log/xray/access.log
installed: /var/log/xray/error.log
Notice: Xray will NOT log to /var/log/xray/*.log
by default. Configure "log"
to specify log files.
Basic Usage
Install & Upgrade Xray-core and geodata with User=nobody
, but will NOT overwrite User
in existing service files
# bash -c "$(curl -L https://github.com/XTLS/Xray-install/raw/main/install-release.sh)" @ install
Update geoip.dat and geosite.dat only
# bash -c "$(curl -L https://github.com/XTLS/Xray-install/raw/main/install-release.sh)" @ install-geodata
Remove Xray, except json and logs
# bash -c "$(curl -L https://github.com/XTLS/Xray-install/raw/main/install-release.sh)" @ remove
Advance
Install & Upgrade Xray-core and geodata with User=root
, which will overwrite User
in existing service files
# bash -c "$(curl -L https://github.com/XTLS/Xray-install/raw/main/install-release.sh)" @ install -u root
Install & Upgrade Xray-core without geodata
# bash -c "$(curl -L https://github.com/XTLS/Xray-install/raw/main/install-release.sh)" @ install --without-geodata
Remove Xray, include json and logs
# bash -c "$(curl -L https://github.com/XTLS/Xray-install/raw/main/install-release.sh)" @ remove --purge
More Usage
# bash -c "$(curl -L https://github.com/XTLS/Xray-install/raw/main/install-release.sh)" @ help
from https://github.com/XTLS/Xray-install
---------------
https://github.com/RPRX/v2ray-vless/
https://github.com/RPRX/v2ray-vless/tree/master/main
-----------------------------
VLESS的工作原理及VLESS客户端下载与使用教程
V2Ray和Trojan陆续走向了舞台的中央。相较之下,Trojan比V2Ray的Vmess协议更轻量,且V2Ray被爆出精准识别漏洞之后,不少小伙伴抛弃了V2Ray,而转向了Trojan,或使用隧道中转/内网专线的SS/SSR节点,但是成本比较高。此时,VLESS的横空出世让V2Ray再次被推向了舞台的中央,官方对VLESS的定义为““性能至上、可扩展性空前,目标是全场景终极协议”。
本文目录
1、什么是VLESS?
目前,V2fly社区一直是V2ray技术进步的主要推动力量。而VLESS的名字来源于V2fly社区开发者“less is more”(即“少就是多”)的理念,看起来与VMESS非常相似。VLESS协议是在V2ray-Core v4.27.0版本中才开始引入的,XTLS在V2ray-Core v4.29.0引入。
VLESS是一种无状态的轻量级数据传输协议,被定义为下一代V2ray数据传输协议。作者对该协议的愿景是“可扩展性空前,适合随意组合、全场景广泛使用,符合很多人的设想、几乎所有人的需求,足以成为 v2ray 的下一代主要协议,乃至整个 XX 界的终极协议。”,由此可见VLESS协议的强大。
VLESS 分为入站和出站两部分,可以作为 V2Ray 客户端和服务器之间的桥梁。与 VMess 不同,VLESS 不依赖于系统时间,认证方式同样为 UUID,但不需要 alterId。VLESS 的配置分为两部分,InboundConfigurationObject
和 OutboundConfigurationObject
,分别对应入站和出站协议配置中的 settings
项。目前 VLESS 没有自带加密,请用于可靠信道,如 TLS。目前 VLESS 不支持分享。
2、VLESS 与 VMESS 协议的区别及优势
- VLESS协议不依赖于系统时间,不使用alterId,你再也不需要保持本地计算机时间跟远程服务器相差在90秒之内。
- VLESS协议本身不带加密,需要配合TLS等加密方式,这样就比VMESS协议少了一层加密,速度更快;
- VLESS协议支持分流和回落,比Nginx分流转发更简洁、高效和安全;
- 使用TLS的情况下,VLESS协议比VMESS速度更快,性能更好,因为VLESS不会对数据进行加解密;
- V2ray官方对VLESS的期望更高,约束也更严格。例如要求客户端统一使用VLESS标识,而不是Vless、vless等名称;VLESS分享链接标准将由官方统一制定(仍在内部测试中);
- VLESS协议的加密更灵活,不像VMESS一样高度耦合(仅对开发者有用)。
VLESS协议在仅套TLS加密的情况下,其性能和速度虽然还是比Trojan-gfw稍慢一些,但已经比以前的Vmess协议进步了很多。另外,VELSS引入了XTLS这一黑科技,堪称应对GFW技术封锁的大杀器。
3、XTLS的工作原理
关于XTLS的项目官网介绍只有几个字,即“THE FUTURE”,可见作者对XTLS的自信和期待,代表科学上网技术的未来。
XTLS技术原理:VLESS + XTLS 可以理解为是增强版 ECH,即多支持身份认证、代理转发、明文加密、UDP over TCP 等。以前使用VLESS协议TLS代理时,传输数据其实经过了两次TLS加解密,一次是代理的TLS,另外一次是HTTPS的TLS。现在,XTLS 无缝拼接了内外两条货真价实的 TLS,此时代理本身几乎无需再对数据加解密,只需要进行流量中转即可,性能堪比SS/SSR。
非常幸运的是,由于Google等互联网公司对SSL加密传输的推动,现在使用HTTP协议的网站非常少,大部分流量都使用HTTPS,GFW更加难以分辨,所以这对XTLS是非常利好的消息。毋庸置疑,VLESS+XTLS 会逐渐取代VMESS衍生的大部分模式。
XTLS 本身需要是 TLSv1.3(正常情况下的协商结果),内层 TLS 可以为 1.3 或 1.2(上网时的绝大多数流量),此时特殊功能就会生效(填写 flow 是开启/指定特殊功能,生效是另一码事)。
4、VLESS 协议配合 XTLS 模式
- VLESS + TCP + TLS
- VLESS + TCP +TLS + WS
- VLESS + TCP + XTLS
- VLESS + HTTP2 + h2c
VLESS over TCP with XTLS + 回落 & 分流 to WHATEVER 是其终极配置。如果你需要套CDN隐藏服务器的真实IP地址,那么请选择“VLESS + TCP + TLS + WS”模式。
5、VLESS over TCP with XTL 配置方法与VLESS分享链接
- 确认服务端与客户端的 v2ray-core 均为 v4.30.0+,并已配置 VLESS over TCP with TLS + 回落 & 可选分流,或者直接参考 终极配置 。
- 将服务端与客户端 VLESS streamSettings 的
tls
、tlsSettings
改为xtls
、xtlsSettings
(服务端 XTLS 可以接收普通 TLS 请求,也不影响回落分流)。 - 服务端与客户端的 VLESS flow 均填写
xtls-rprx-origin
即可,服务端的代表允许,客户端的代表使用(该用户仍可不填 flow、用普通 TLS 连上服务端)。
注意事项:
- 为了防止上层应用使用 QUIC,启用 XTLS 时客户端 VLESS 会自动拦截 UDP/443 的请求。若不需拦截,请在客户端填写
xtls-rprx-origin-udp443
,服务端不变。 - 可设置环境变量
V2RAY_VLESS_XTLS_SHOW = true
以显示 XTLS 的输出,适用于服务端与客户端(仅用于确信 XTLS 生效了,千万别设成永久性的,不然会很卡)。 - 不能开启 Mux。XTLS 需要获得原始的数据流,所以原理上也不会支持 WebSocket、不适用于 VMess。此外,UDP over TCP 时,VLESS 不会开启 XTLS 的特殊功能。
v2ray-core v4.28.0 会增强 TLS,VLESS 的分享链接标准也会同时出炉。为了避免生态混乱,在此之前请勿支持分享,更勿自创分享链接方案。经过 ProjectV 项目官方综合考虑,VLESS 应于正式版再出分享链接标准(不是近期)。
6、支持 VLESS 的V2Ray客户端下载
如果使用VLESS协议,请确保客户端的内核版本至少是v4.27.0,使用XTLS功能则保证内核至少为4.29.0版本。
以下为已支持图形化配置 VLESS 的部分客户端列表,推荐使用:(按实现时间先后顺序排列)
- Qv2ray (v2.6.3+),支持 Linux、macOS、Windows
- v2rayN (v3.21+),支持 Windows
- v2rayNG (v1.3.0+),支持 Android
- PassWall (v3.9.35+),支持 OpenWrt
- v2rayA (v1.0.0+),支持 Linux
(1)支持VLESS协议的Windows客户端
V2rayN :自 V2rayN 3.21 版本开始支持VLESS协议,3.24版本支持XTLS。目前,V2rayN 最新版是3.26,完美支持VLESS + XTLS组合,并且支持trojan协议。
Qv2ray:自 Qv2ray 2.6.3 版本起,支持VLESS协议,2.7.0 alpha1版本支持XTLS。目前,Qv2ray 最新版是2.7.0 alpha1,完美支持VLESS + XTLS组合。
(2)支持VLESS协议的Mac客户端
Qv2ray:自 Qv2ray 2.6.3 版本起,支持VLESS协议,2.7.0 alpha1版本支持XTLS。目前,Qv2ray 最新版是2.7.0 alpha1,完美支持VLESS + XTLS组合;
V2rayU:自 V2rayU 3.0预览版起,开始支持VLESS+XTLS和trojan协议。
(3)支持VLESS协议的Linux客户端
Qv2ray:自 Qv2ray 2.6.3 版本起,支持VLESS协议,2.7.0 alpha1版本完美支持VLESS + XTLS组合;
V2rayA:V2rayA是一个依赖于V2ray的UI工具,因此需要自行安装V2ray。V2rayA自1.0.0版本支持VLESS,可通过自行编辑配置文件支持XTLS。
(4)支持VLESS协议的Android安卓客户端
V2rayNG :自 V2rayNG 1.3.0 版本支持VLESS协议,1.4.4版本支持XTLS。目前,V2rayNG 最新版1.4.8,完美支持VLESS + XTLS组合,还支持trojan协议。
注意事项:自 V2rayNG 1.4.5 版本起,不提供全架构的客户端,如果本站版本无法安装和使用,请从官网下载对应平台版本。
(5)支持VLESS的iOS苹果客户端
Shadowrocket:自 Shadowrocket 2.1.60 版本起,支持VLESS协议,目前不支持XTLS模式。
7、VLESS客户端配置教程
VLESS协议的V2Ray客户端配置跟VMESS完全一样,照搬即可,这里不再赘述。
------------
自建 VLESS+Web+WS+TLS 服务器,一键搭建VLESS教程
V2Ray官方开发团队也推出VLESS协议,并以打造成下一代科学上网的终极协议为目标,轻便好用。
VLESS是一种无状态的轻量传输协议,与 VMess 不同,虽然其认证方式仍然为 UUID,但 VLESS 并不依赖于系统时间,也不需要 AlterID,它分为入站和出站两部分,作为 V2Ray 客户端和服务器之间的桥梁。我们可以把VLESS理解为Vmess的精简版。与VMess相比,优点在于轻量化,减少多余的算法,减轻cpu和内存资源负载。省去服务端和客户端系统时间差,不需要AlterID配置,再加上http/2最新的http协议组合,网络传输握手次数和网络报头均减少,并启用多路复用等网络优化功能,简直比Trojan协议还要轻量了。
我今天将使用wulabing大神的作品,向小伙伴演示“VLESS+Web+WS+TLS”一键搭建教程,具体操作步骤如下:
1、前期准备工作
一台非中国大陆地区的VPS和一个成功解析到VPS的域名
2、放行VPS服务器端口
在执行VLESS一键安装脚本之前,我们必须在防火墙放行你要开启的服务器端口(我这里以80/443端口为例),否则安装SSL证书会失败。请提前检查你的VPS服务器是否已经放行了你要开放的端口,否则请执行以下操作命令。
(1)如果你是 CentOS/Fedora/RedHat 系统,则依次执行以下命令:
firewall-cmd --query-port=端口号/tcp #查看“端口号”是否放行
systemctl start firewalld.service #开启防火墙
firewall-cmd --zone=public --add-port=80/tcp --permanent #放行80端口
firewall-cmd --zone=public --add-port=443/tcp --permanent #放行443端口
systemctl restart firewalld.service #重启防火墙
firewall-cmd --reload #重新载入配置
(2)如果你是 Debian/Ubuntu 系统,则依次执行以下命令:
apt-get install iptables #安装iptables
iptables -I INPUT -p tcp --dport 80 -j ACCEPT #放行80端口
iptables -I INPUT -p tcp --dport 443 -j ACCEPT #放行443端口
iptables-save #保存规则
apt-get install iptables-persistent #安装iptables-persistent
netfilter-persistent save
netfilter-persistent reload
(3)重启VPS服务器,执行命令:
reboot
3、安装Git环境
yum install -y git #CentOS安装命令 apt install -y git #Debian安装命令
4、执行VLESS一键安装脚本
wget -N --no-check-certificate -q -O install.sh "https://raw.githubusercontent.com/wulabing/V2Ray_ws-tls_bash_onekey/dev/install.sh" && chmod +x install.sh && bash install.sh
执行上述命令后,如下图所示:
(1)我们输入数字“1”,即选择“1. 安装 V2Ray (VLESS+Nginx+ws+tls)”,回车后进入安装过程。
如果出现“Do you want to continue? [Y/n]”或其它的提示,我们输入字母“y”即可。
(2)安装期间还会提示输入域名信息的提示,如“请输入你的域名信息(eg:www.wulabing.com):”,然后我们输入已经解析过度域名,如“vless.example.com”,并输入端口(默认为443)。如下图所示:
当以上绑定的域名和端口填写无误后,回车。然后,进入漫长的Web服务器安装过程,请大家耐心等待。
(3)后续安装过程中,还会提示“请选择生成的链接种类”,分别是 “1:V2RayNG和V2RayN”和“2:quantumult”,苹果iOS系统用户请选择“2”,否则请选择“1”即可。
(4)紧接着,还会提示“请选择支持的 TLS 版本(default:3)”,分别是“1:TLS1.1 TLS1.2 and TLS1.3(兼容模式)”、“2:TLS1.2 and TLS1.3(兼容模式)”和“3:TLS1.3 only”,请根据需要选择即可。
其实,如果Web服务器由Nginx换成Caddy会更好,毕竟Caddy更轻量,用时短,安装速度快,成功率更高,而且还会自动更新SSL证书。
(5)我们再次回到主菜单,选择“11. 安装 4合1 bbr 锐速安装脚本”,既可安装并启用BBR加速模块。
(6)安装成功后,如果在浏览器访问你绑定的域名,会直接显示伪装成的“3D元素周期表”网页。
经实际安装测试,由于用时较长,Nginx服务器在部分VPS上面安装会出现“[错误] SSL 证书测试签发失败”的错误提示。
5、支持VLESS协议的V2Ray客户端
截至目前,大多数V2Ray客户端都已经支持VLESS协议了,如 V2RayN、V2RayU、V2RayNG 和 Qv2ray 以及 PassWall 等。其中,V2RayN是Windows客户端,V2RayU是MacOS客户端,V2RayNG是Android客户端;Qv2ray是跨平台 V2Ray 客户端,同时支持 Linux、Windows、MacOS 系统,还可以通过插件支持 SSR / Trojan / Trojan-Go / NaiveProxy 等协议,但不支持批量测速,不支持自动更新,有一定的使用门槛;PassWall是支持OpenWrt路由器系统的插件.
from https://github.com/wulabing/V2Ray_ws-tls_bash_onekey
-------------
Xray基于 Nginx 的 VLESS + XTLS 一键安装脚本
由于 xtls 存在被阻断的可能性,建议使用 Nginx 前置版本
Telegram 群组
- Telegram 交流群:https://t.me/wulabing_v2ray
- Telegram 更新公告频道:https://t.me/wulabing_channel
准备工作
- 准备一个域名,并将 A 记录添加好;
- 安装好
wget
。
导入链接规范
截至 2021-2-24 仅有 V2RayN 4.12+ 及 V2RayNG 1.5.8+ 支持链接及二维码导入,其他客户端请手动填入配置信息。
安装/更新方式(Nginx 前置)
支持配置方式
- VLESS + TCP + TLS + Nginx + WebSocket
wget -N --no-check-certificate -q -O install.sh "https://raw.githubusercontents.com/wulabing/Xray_onekey/nginx_forward/install.sh" && chmod +x install.sh && bash install.sh
安装/更新方式(Xray 前置)
支持配置方式
-
VLESS + TCP + XTLS / TLS + Nginx
-
VLESS + TCP + XTLS / TLS + Nginx 及 VLESS + TCP + TLS + Nginx + WebSocket 回落并存模式
wget -N --no-check-certificate -q -O install.sh "https://raw.githubusercontents.com/wulabing/Xray_onekey/main/install.sh" && chmod +x install.sh && bash install.sh
注意事项
- 如果你不了解脚本中各项设置的具体含义,除域名外,请使用脚本提供的默认值;
- 使用本脚本需要你拥有 Linux 基础及使用经验,了解计算机网络部分知识,计算机基础操作;
- 目前支持 Debian 9+ / Ubuntu 18.04+ / Centos7+ / Oracle Linux 7+;
- 群主仅提供极其有限的支持,如有问题可以询问群友。
鸣谢
- 本脚本中 README Project_Xray 项目图片由 Blitzcrank Telegram:@Blitz_crank 提供 在此感谢Blitzcrank
- 本脚本中 MTProxyTLS 基于 https://github.com/sunpma/mtp 二次修改 在此感谢 sunpma;
- 本脚本中 锐速 4 合 1 脚本原项目引用 https://www.94ish.me/1635.html 在此感谢;
- 本脚本中 锐速 4 合 1 脚本修改版项目引用 https://github.com/ylx2016/Linux-NetSpeed 在此感谢 ylx2016;
- 本脚本中 配置文件及部分逻辑参考 https://github.com/jiuqi9997/xray-yes 在此感谢 玖柒;
- 本脚本中 二维码 API 部分参考 https://github.com/mack-a/v2ray-agent 在此感谢 mack-a。
启动方式
启动 Xray:systemctl start xray
停止 Xray:systemctl stop xray
启动 Nginx:systemctl start nginx
停止 Nginx:systemctl stop nginx
相关目录
Web 目录:/www/xray_web
Xray 服务端配置:/usr/local/etc/xray/config.json
Nginx 目录: /etc/nginx
证书文件: /ssl/xray.key
(私钥)和 /ssl/xray.crt
(证书公钥)
from https://github.com/wulabing/Xray_onekey
---------
xray
介绍
install.sh
- xray安装脚本,适用于centos7+/debian9+/ubuntu16.04+
- 调用xray官方安装脚本
- 使用vless+tcp+xtls模式
- 回落使用nginx,配置伪装站
install_wp.sh
- xray安装脚本,适用于centos7
- 调用xray官方安装脚本
- 使用vless+tcp+xtls模式
- 回落使用nginx,配置wordpress
install.sh使用
bash <(curl -Ls https://raw.githubusercontent.com/atrandys/xray/main/install.sh)
install_wp.sh使用
bash <(curl -Ls https://raw.githubusercontent.com/atrandys/xray/main/install_wp.sh)
client使用
- OpenWrt
- Windows
- Android
- iOS / Mac
Xray-script
Xray一键安装脚本,支持自动生成伪装站,支持和宝塔面板共存,支持IPv4、IPv6 VPS.
由于纯IPv6 VPS不支持GitHub的访问,所以安装之前请先设置DNS64服务器或安装WARP脚本.
如对脚本不放心,可使用此沙箱先测一遍再使用:https://killercoda.com/playgrounds/scenario/ubuntu
近期待更新:内置分流规则,支持IPv4,IPv6和Socks5 WARP分流
使用方法
wget -N --no-check-certificate https://raw.githubusercontents.com/Misaka-blog/Xray-script/master/xray.sh && bash xray.sh
快捷方式 bash xray.sh
支持协议
- Xray-VMESS
- Xray-VMESS+mKCP
- Xray-VMESS+TCP+TLS
- Xray-VMESS+WS+TLS(可过cdn)
- Xray-VLESS+mKCP
- Xray-VLESS+TCP+TLS
- Xray-VLESS+WS+TLS(可过cdn)
- Xray-VLESS+TCP+XTLS
- Trojan
- Trojan+XTLS
交流
from https://github.com/Misaka-blog/Xray-script
No comments:
Post a Comment