svefnz/sh
0
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

更新 hy2.sh

Browse Source
This commit is contained in:
朝代尾
2026-03-19 14:19:08 +08:00
parent cf96716cf9
commit 7988ed22f3
1 changed files with 59 additions and 78 deletions
Download Patch File Download Diff File Expand all files Collapse all files

137
hy2.sh
View File

@@ -36,25 +36,15 @@ prompt_nonempty() {
done
}
confirm_yes() {
local prompt="${1:-确认继续输入 yes 继续: }"
confirm_yn() {
local prompt="${1:-是否继续}"
local answer
read -r -p "$prompt" answer
[[ "$answer" == "yes" ]]
}
double_confirm() {
local title="$1"
local detail="$2"
echo
yellow "=============================="
yellow "$title"
echo "$detail"
echo
confirm_yes "输入 yes 继续: " || return 1
return 0
read -r -p "${prompt} [Y/n]: " answer
case "${answer:-Y}" in
Y|y|yes|YES|"") return 0 ;;
N|n|no|NO) return 1 ;;
*) yellow "输入无效,默认按 Y 处理。"; return 0 ;;
esac
}
generate_password() {
@@ -69,10 +59,8 @@ get_server_ip() {
}
apt_update_and_install_base() {
if ! double_confirm \
"即将更新 APT 软件库并安装基础依赖" \
$'将执行:\n- apt update -y\n- apt install -y curl sed ufw iptables ip6tables'; then
red "用户取消:未执行软件库更新和基础依赖安装。"
if ! confirm_yn "即将执行 apt update 并安装基础依赖 curl sed ufw是否继续"; then
red "已取消。"
exit 1
fi
@@ -81,14 +69,12 @@ apt_update_and_install_base() {
apt update -y
blue "==> 安装基础依赖"
apt install -y curl sed ufw iptables ip6tables
apt install -y curl sed ufw
}
disable_existing_firewalls() {
if ! double_confirm \
"即将停用当前系统防火墙并清空规则" \
$'将尝试执行以下操作:\n- 关闭并重置 UFW\n- 停止并禁用 firewalld\n- 停止并禁用 nftables\n- 清空 nftables ruleset\n- 清空 iptables / ip6tables 规则\n\n该操作可能影响当前网络访问控制策略。'; then
red "用户取消:未停用现有防火墙。"
if ! confirm_yn "即将关闭系统现有防火墙并清理规则,是否继续?"; then
red "已取消关闭现有防火墙。"
exit 1
fi
@@ -118,38 +104,47 @@ disable_existing_firewalls() {
nft flush ruleset || true
fi
yellow "清空 iptables / ip6tables 规则"
iptables -I INPUT 1 -p tcp --dport 22 -j ACCEPT || true
ip6tables -I INPUT 1 -p tcp --dport 22 -j ACCEPT || true
if command -v iptables >/dev/null 2>&1; then
yellow "清空 iptables 规则"
iptables -I INPUT 1 -p tcp --dport 22 -j ACCEPT || true
iptables -F || true
iptables -X || true
iptables -Z || true
iptables -P INPUT ACCEPT || true
iptables -P FORWARD ACCEPT || true
iptables -P OUTPUT ACCEPT || true
else
yellow "未检测到 iptables跳过。"
fi
iptables -F || true
iptables -X || true
iptables -Z || true
iptables -P INPUT ACCEPT || true
iptables -P FORWARD ACCEPT || true
iptables -P OUTPUT ACCEPT || true
if command -v ip6tables >/dev/null 2>&1; then
yellow "清空 ip6tables 规则"
ip6tables -I INPUT 1 -p tcp --dport 22 -j ACCEPT || true
ip6tables -F || true
ip6tables -X || true
ip6tables -Z || true
ip6tables -P INPUT ACCEPT || true
ip6tables -P FORWARD ACCEPT || true
ip6tables -P OUTPUT ACCEPT || true
else
yellow "未检测到 ip6tables跳过。"
fi
ip6tables -F || true
ip6tables -X || true
ip6tables -Z || true
ip6tables -P INPUT ACCEPT || true
ip6tables -P FORWARD ACCEPT || true
ip6tables -P OUTPUT ACCEPT || true
green "现有防火墙已处理完成。"
green "现有防火墙处理完成。"
}
configure_ufw() {
if ! double_confirm \
"即将启用并配置 UFW" \
$'将执行以下规则:\n- 默认拒绝入站\n- 默认允许出站\n- 放行 22/tcp\n- 放行 80/tcp\n- 放行 443/tcp\n- 放行 443/udp\n- 启用 IPv6'; then
red "用户取消:未配置 UFW。"
if ! confirm_yn "即将配置并启用 UFW开放 22/80/443 TCP 和 443 UDP是否继续"; then
red "已取消 UFW 配置。"
exit 1
fi
blue "==> 配置 UFW"
sed -i 's/^IPV6=.*/IPV6=yes/' /etc/default/ufw || true
if [[ -f /etc/default/ufw ]]; then
sed -i 's/^IPV6=.*/IPV6=yes/' /etc/default/ufw || true
fi
ufw default deny incoming || true
ufw default allow outgoing || true
ufw allow 22/tcp || true
@@ -162,10 +157,8 @@ configure_ufw() {
}
install_hysteria2() {
if ! double_confirm \
"即将安装 Hysteria 2" \
$'将执行:\n- bash <(curl -fsSL https://get.hy2.sh/)\n\n该步骤会从外部下载安装脚本并执行。'; then
red "用户取消:未安装 Hysteria 2。"
if ! confirm_yn "即将安装 Hysteria 2是否继续"; then
red "已取消 Hysteria 2 安装。"
exit 1
fi
@@ -175,15 +168,12 @@ install_hysteria2() {
}
run_domain_selector() {
blue "==> 执行域名筛选脚本"
yellow "请根据脚本输出结果,手动输入最终伪装 URL"
if ! confirm_yes "确认执行外部域名筛选脚本?输入 yes 继续: "; then
red "用户取消:未执行域名筛选脚本。"
return 0
if confirm_yn "是否执行外部域名筛选脚本?"; then
blue "==> 执行域名筛选脚本"
bash <(curl -sL https://raw.githubusercontent.com/ccxkai233/Domain_Selector/main/domain_check.sh) || true
else
yellow "已跳过域名筛选脚本。"
fi
bash <(curl -sL https://raw.githubusercontent.com/ccxkai233/Domain_Selector/main/domain_check.sh) || true
}
backup_existing_config() {
@@ -202,7 +192,7 @@ write_config() {
local proxy_url="$5"
echo
blue "==> 即将写入下配置"
blue "==> 即将写入下配置${CONFIG_FILE}"
cat <<EOF
listen: :443
@@ -228,11 +218,8 @@ masquerade:
EOF
echo
if ! double_confirm \
"即将写入 Hysteria 配置文件" \
"目标文件:${CONFIG_FILE}
如已存在旧配置,将先自动备份,再覆盖写入。"; then
red "用户取消:未写入配置文件。"
if ! confirm_yn "是否确认写入配置文件?"; then
red "已取消写入配置。"
exit 1
fi
@@ -268,10 +255,8 @@ EOF
}
start_service() {
if ! double_confirm \
"即将启动并设置 Hysteria 开机自启" \
$'将执行:\n- systemctl daemon-reload\n- systemctl enable --now hysteria-server.service\n- systemctl restart hysteria-server.service'; then
red "用户取消:未启动服务。"
if ! confirm_yn "是否启动并设置 Hysteria 服务开机自启?"; then
red "已取消启动服务。"
exit 1
fi
@@ -318,24 +303,20 @@ show_result() {
main() {
require_root
if ! double_confirm \
"脚本总确认" \
$'本脚本将执行以下操作:\n- apt update -y\n- 安装基础依赖\n- 自动检测并停用当前系统防火墙\n- 重建 UFW 规则\n- 安装 Hysteria 2\n- 写入 /etc/hysteria/config.yaml\n- 启动并启用 hysteria-server.service'; then
if ! confirm_yn "本脚本将更新软件源、关闭现有防火墙、配置 UFW、安装并配置 Hysteria 2是否继续"; then
red "用户取消执行。"
exit 1
fi
local domain email cf_token password proxy_url ip_info
apt_update_and_install_base
require_cmd curl
require_cmd sed
require_cmd systemctl
require_cmd iptables
require_cmd ip6tables
require_cmd ufw
local domain email cf_token password proxy_url ip_info
domain="$(prompt_nonempty '请输入用于签发证书的域名: ')"
email="$(prompt_nonempty '请输入 ACME 邮箱: ')"
cf_token="$(prompt_nonempty '请输入 Cloudflare API Token: ')"