svefnz/sh
0
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

更新 hy2.sh

Browse Source
This commit is contained in:
朝代尾
2026-03-19 14:13:59 +08:00
parent a3c5cc8ceb
commit 926d90f346
1 changed files with 167 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

182
hy2.sh
View File

@@ -36,6 +36,28 @@ prompt_nonempty() {
done done
} }
confirm_yes() {
local prompt="${1:-确认继续?输入 yes 继续: }"
local answer
read -r -p "$prompt" answer
[[ "$answer" == "yes" ]]
}
double_confirm() {
local title="$1"
local detail="$2"
echo
yellow "========== 二次确认 =========="
yellow "$title"
echo "$detail"
echo
confirm_yes "第一次确认,输入 yes 继续: " || return 1
confirm_yes "第二次确认,输入 yes 最终执行: " || return 1
return 0
}
generate_password() { generate_password() {
tr -dc 'A-Za-z0-9' </dev/urandom | head -c 24 tr -dc 'A-Za-z0-9' </dev/urandom | head -c 24
} }
@@ -47,9 +69,57 @@ get_server_ip() {
echo "${ipv4}|${ipv6}" echo "${ipv4}|${ipv6}"
} }
configure_firewall() { apt_update_and_install_base() {
blue "==> 配置防火墙(会清空现有 iptables / ip6tables / ufw 规则)" if ! double_confirm \
"即将更新 APT 软件库并安装基础依赖" \
$'将执行:\n- apt update -y\n- apt install -y curl sed ufw iptables ip6tables'; then
red "用户取消:未执行软件库更新和基础依赖安装。"
exit 1
fi
blue "==> 更新 APT 软件库"
export DEBIAN_FRONTEND=noninteractive
apt update -y
blue "==> 安装基础依赖"
apt install -y curl sed ufw iptables ip6tables
}
disable_existing_firewalls() {
if ! double_confirm \
"即将停用当前系统防火墙并清空规则" \
$'将尝试执行以下操作:\n- 关闭并重置 UFW\n- 停止并禁用 firewalld\n- 停止并禁用 nftables\n- 清空 nftables ruleset\n- 清空 iptables / ip6tables 规则\n\n该操作可能影响当前网络访问控制策略。'; then
red "用户取消:未停用现有防火墙。"
exit 1
fi
blue "==> 自动检测并关闭当前系统防火墙"
if command -v ufw >/dev/null 2>&1; then
yellow "检测到 UFW正在关闭并重置"
ufw disable || true
yes | ufw reset || true
fi
if systemctl list-unit-files 2>/dev/null | grep -q '^firewalld\.service'; then
yellow "检测到 firewalld正在停止并禁用"
systemctl stop firewalld || true
systemctl disable firewalld || true
systemctl mask firewalld || true
fi
if systemctl list-unit-files 2>/dev/null | grep -q '^nftables\.service'; then
yellow "检测到 nftables正在停止并禁用"
systemctl stop nftables || true
systemctl disable nftables || true
fi
if command -v nft >/dev/null 2>&1; then
yellow "清空 nftables 规则"
nft flush ruleset || true
fi
yellow "清空 iptables / ip6tables 规则"
iptables -I INPUT 1 -p tcp --dport 22 -j ACCEPT || true iptables -I INPUT 1 -p tcp --dport 22 -j ACCEPT || true
ip6tables -I INPUT 1 -p tcp --dport 22 -j ACCEPT || true ip6tables -I INPUT 1 -p tcp --dport 22 -j ACCEPT || true
@@ -67,8 +137,19 @@ configure_firewall() {
ip6tables -P FORWARD ACCEPT || true ip6tables -P FORWARD ACCEPT || true
ip6tables -P OUTPUT ACCEPT || true ip6tables -P OUTPUT ACCEPT || true
ufw disable || true green "现有防火墙已处理完成。"
yes | ufw reset || true }
configure_ufw() {
if ! double_confirm \
"即将启用并配置 UFW" \
$'将执行以下规则:\n- 默认拒绝入站\n- 默认允许出站\n- 放行 22/tcp\n- 放行 80/tcp\n- 放行 443/tcp\n- 放行 443/udp\n- 启用 IPv6'; then
red "用户取消:未配置 UFW。"
exit 1
fi
blue "==> 配置 UFW"
sed -i 's/^IPV6=.*/IPV6=yes/' /etc/default/ufw || true sed -i 's/^IPV6=.*/IPV6=yes/' /etc/default/ufw || true
ufw default deny incoming || true ufw default deny incoming || true
ufw default allow outgoing || true ufw default allow outgoing || true
@@ -78,22 +159,42 @@ configure_firewall() {
ufw allow 443/udp || true ufw allow 443/udp || true
yes | ufw enable || true yes | ufw enable || true
green "防火墙配置完成。" green "UFW 配置完成。"
} }
install_hysteria2() { install_hysteria2() {
if ! double_confirm \
"即将安装 Hysteria 2" \
$'将执行:\n- bash <(curl -fsSL https://get.hy2.sh/)\n\n该步骤会从外部下载安装脚本并执行。'; then
red "用户取消:未安装 Hysteria 2。"
exit 1
fi
blue "==> 安装 Hysteria 2" blue "==> 安装 Hysteria 2"
bash <(curl -fsSL https://get.hy2.sh/) bash <(curl -fsSL https://get.hy2.sh/)
green "Hysteria 2 安装完成。" green "Hysteria 2 安装完成。"
} }
run_domain_selector() { run_domain_selector() {
blue "==> 执行域名筛选脚本(按你的要求)" blue "==> 执行域名筛选脚本"
yellow "下面会运行外部脚本并显示结果,请根据结果手动输入最终用于 masquerade 的 URL" yellow "请根据脚本输出结果手动输入最终伪装 URL"
yellow "示例: https://news.ycombinator.com/"
if ! confirm_yes "确认执行外部域名筛选脚本?输入 yes 继续: "; then
red "用户取消:未执行域名筛选脚本。"
return 0
fi
bash <(curl -sL https://raw.githubusercontent.com/ccxkai233/Domain_Selector/main/domain_check.sh) || true bash <(curl -sL https://raw.githubusercontent.com/ccxkai233/Domain_Selector/main/domain_check.sh) || true
} }
backup_existing_config() {
if [[ -f "${CONFIG_FILE}" ]]; then
local backup_file="${CONFIG_FILE}.bak.$(date +%Y%m%d_%H%M%S)"
cp -a "${CONFIG_FILE}" "${backup_file}"
yellow "检测到已有配置,已备份到: ${backup_file}"
fi
}
write_config() { write_config() {
local domain="$1" local domain="$1"
local email="$2" local email="$2"
@@ -101,7 +202,43 @@ write_config() {
local password="$4" local password="$4"
local proxy_url="$5" local proxy_url="$5"
echo
blue "==> 即将写入以下配置"
cat <<EOF
listen: :443
acme:
domains:
- ${domain}
email: ${email}
type: dns
dns:
name: cloudflare
config:
cloudflare_api_token: ${cf_token}
auth:
type: password
password: ${password}
masquerade:
type: proxy
proxy:
url: ${proxy_url}
rewriteHost: true
EOF
echo
if ! double_confirm \
"即将写入 Hysteria 配置文件" \
"目标文件:${CONFIG_FILE}
如已存在旧配置,将先自动备份,再覆盖写入。"; then
red "用户取消:未写入配置文件。"
exit 1
fi
mkdir -p /etc/hysteria mkdir -p /etc/hysteria
backup_existing_config
cat > "${CONFIG_FILE}" <<EOF cat > "${CONFIG_FILE}" <<EOF
listen: :443 listen: :443
@@ -132,6 +269,13 @@ EOF
} }
start_service() { start_service() {
if ! double_confirm \
"即将启动并设置 Hysteria 开机自启" \
$'将执行:\n- systemctl daemon-reload\n- systemctl enable --now hysteria-server.service\n- systemctl restart hysteria-server.service'; then
red "用户取消:未启动服务。"
exit 1
fi
blue "==> 启动并设置开机自启" blue "==> 启动并设置开机自启"
systemctl daemon-reload || true systemctl daemon-reload || true
systemctl enable --now "${SERVICE_NAME}" systemctl enable --now "${SERVICE_NAME}"
@@ -174,6 +318,18 @@ show_result() {
main() { main() {
require_root require_root
if ! double_confirm \
"脚本总确认" \
$'本脚本将执行以下操作:\n- apt update -y\n- 安装基础依赖\n- 自动检测并停用当前系统防火墙\n- 重建 UFW 规则\n- 安装 Hysteria 2\n- 写入 /etc/hysteria/config.yaml\n- 启动并启用 hysteria-server.service'; then
red "用户取消执行。"
exit 1
fi
local domain email cf_token password proxy_url ip_info
apt_update_and_install_base
require_cmd curl require_cmd curl
require_cmd sed require_cmd sed
require_cmd systemctl require_cmd systemctl
@@ -181,20 +337,16 @@ main() {
require_cmd ip6tables require_cmd ip6tables
require_cmd ufw require_cmd ufw
yellow "警告:本脚本将清空当前 iptables / ip6tables 规则并重置 UFW。"
read -r -p "确认继续?输入 yes 继续: " confirm
[[ "${confirm}" == "yes" ]] || { red "已取消。"; exit 1; }
local domain email cf_token password proxy_url ip_info
domain="$(prompt_nonempty '请输入用于签发证书的域名: ')" domain="$(prompt_nonempty '请输入用于签发证书的域名: ')"
email="$(prompt_nonempty '请输入 ACME 邮箱: ')" email="$(prompt_nonempty '请输入 ACME 邮箱: ')"
cf_token="$(prompt_nonempty '请输入 Cloudflare API Token: ')" cf_token="$(prompt_nonempty '请输入 Cloudflare API Token: ')"
password="$(generate_password)" password="$(generate_password)"
configure_firewall disable_existing_firewalls
configure_ufw
install_hysteria2 install_hysteria2
run_domain_selector run_domain_selector
proxy_url="$(prompt_nonempty '请输入最终用于 masquerade 的完整 URL例如 https://example.com/: ')" proxy_url="$(prompt_nonempty '请输入最终用于 masquerade 的完整 URL例如 https://example.com/: ')"
write_config "${domain}" "${email}" "${cf_token}" "${password}" "${proxy_url}" write_config "${domain}" "${email}" "${cf_token}" "${password}" "${proxy_url}"