commit a3c5cc8ceb9f89b22702e4fe301654893d2e4a55
Author: 朝代尾 <svefnz@gmail.com>
Date:   Thu Mar 19 12:08:36 2026 +0800

    添加 hy2.sh

diff --git a/hy2.sh b/hy2.sh
new file mode 100644
index 0000000..d413272
--- /dev/null
+++ b/hy2.sh
@@ -0,0 +1,207 @@
+#!/usr/bin/env bash
+set -Eeuo pipefail
+
+CONFIG_FILE="/etc/hysteria/config.yaml"
+SERVICE_NAME="hysteria-server.service"
+
+red()    { printf '\033[31m%s\033[0m\n' "$*"; }
+green()  { printf '\033[32m%s\033[0m\n' "$*"; }
+yellow() { printf '\033[33m%s\033[0m\n' "$*"; }
+blue()   { printf '\033[36m%s\033[0m\n' "$*"; }
+
+require_root() {
+  if [[ "${EUID}" -ne 0 ]]; then
+    red "请使用 root 运行此脚本。"
+    exit 1
+  fi
+}
+
+require_cmd() {
+  command -v "$1" >/dev/null 2>&1 || {
+    red "缺少命令: $1"
+    exit 1
+  }
+}
+
+prompt_nonempty() {
+  local prompt="$1"
+  local value=""
+  while true; do
+    read -r -p "$prompt" value
+    if [[ -n "${value// }" ]]; then
+      printf '%s' "$value"
+      return 0
+    fi
+    yellow "输入不能为空，请重新输入。"
+  done
+}
+
+generate_password() {
+  tr -dc 'A-Za-z0-9' </dev/urandom | head -c 24
+}
+
+get_server_ip() {
+  local ipv4 ipv6
+  ipv4="$(curl -4 -fsSL https://api.ipify.org || true)"
+  ipv6="$(curl -6 -fsSL https://api64.ipify.org || true)"
+  echo "${ipv4}|${ipv6}"
+}
+
+configure_firewall() {
+  blue "==> 配置防火墙（会清空现有 iptables / ip6tables / ufw 规则）"
+
+  iptables -I INPUT 1 -p tcp --dport 22 -j ACCEPT || true
+  ip6tables -I INPUT 1 -p tcp --dport 22 -j ACCEPT || true
+
+  iptables -F || true
+  iptables -X || true
+  iptables -Z || true
+  iptables -P INPUT ACCEPT || true
+  iptables -P FORWARD ACCEPT || true
+  iptables -P OUTPUT ACCEPT || true
+
+  ip6tables -F || true
+  ip6tables -X || true
+  ip6tables -Z || true
+  ip6tables -P INPUT ACCEPT || true
+  ip6tables -P FORWARD ACCEPT || true
+  ip6tables -P OUTPUT ACCEPT || true
+
+  ufw disable || true
+  yes | ufw reset || true
+  sed -i 's/^IPV6=.*/IPV6=yes/' /etc/default/ufw || true
+  ufw default deny incoming || true
+  ufw default allow outgoing || true
+  ufw allow 22/tcp || true
+  ufw allow 80/tcp || true
+  ufw allow 443/tcp || true
+  ufw allow 443/udp || true
+  yes | ufw enable || true
+
+  green "防火墙配置完成。"
+}
+
+install_hysteria2() {
+  blue "==> 安装 Hysteria 2"
+  bash <(curl -fsSL https://get.hy2.sh/)
+  green "Hysteria 2 安装完成。"
+}
+
+run_domain_selector() {
+  blue "==> 执行域名筛选脚本（按你的要求）"
+  yellow "下面会运行外部脚本并显示结果，请根据结果手动输入最终用于 masquerade 的 URL。"
+  yellow "示例: https://news.ycombinator.com/"
+  bash <(curl -sL https://raw.githubusercontent.com/ccxkai233/Domain_Selector/main/domain_check.sh) || true
+}
+
+write_config() {
+  local domain="$1"
+  local email="$2"
+  local cf_token="$3"
+  local password="$4"
+  local proxy_url="$5"
+
+  mkdir -p /etc/hysteria
+
+  cat > "${CONFIG_FILE}" <<EOF
+listen: :443
+
+acme:
+  domains:
+    - ${domain}
+  email: ${email}
+  type: dns
+  dns:
+    name: cloudflare
+    config:
+      cloudflare_api_token: ${cf_token}
+
+auth:
+  type: password
+  password: ${password}
+
+masquerade:
+  type: proxy
+  proxy:
+    url: ${proxy_url}
+    rewriteHost: true
+EOF
+
+  chmod 600 "${CONFIG_FILE}"
+  green "配置已写入 ${CONFIG_FILE}"
+}
+
+start_service() {
+  blue "==> 启动并设置开机自启"
+  systemctl daemon-reload || true
+  systemctl enable --now "${SERVICE_NAME}"
+  systemctl restart "${SERVICE_NAME}"
+  green "服务已启动。"
+}
+
+show_result() {
+  local domain="$1"
+  local password="$2"
+  local proxy_url="$3"
+  local ip_info="$4"
+  local ipv4="${ip_info%%|*}"
+  local ipv6="${ip_info##*|}"
+
+  local share_link="hysteria2://${password}@${domain}:443/?sni=${domain}&insecure=0"
+
+  echo
+  green "================= HY2 节点信息 ================="
+  echo "服务名: ${SERVICE_NAME}"
+  echo "配置文件: ${CONFIG_FILE}"
+  echo "域名: ${domain}"
+  echo "端口: 443"
+  echo "认证方式: password"
+  echo "密码: ${password}"
+  echo "伪装站点: ${proxy_url}"
+  [[ -n "${ipv4}" ]] && echo "服务器 IPv4: ${ipv4}"
+  [[ -n "${ipv6}" ]] && echo "服务器 IPv6: ${ipv6}"
+  echo
+  echo "代理链接:"
+  echo "${share_link}"
+  echo
+  echo "systemd 状态:"
+  systemctl --no-pager --full status "${SERVICE_NAME}" || true
+  echo
+  echo "最近日志:"
+  journalctl --no-pager -n 30 -u "${SERVICE_NAME}" || true
+  echo "================================================"
+}
+
+main() {
+  require_root
+  require_cmd curl
+  require_cmd sed
+  require_cmd systemctl
+  require_cmd iptables
+  require_cmd ip6tables
+  require_cmd ufw
+
+  yellow "警告：本脚本将清空当前 iptables / ip6tables 规则并重置 UFW。"
+  read -r -p "确认继续？输入 yes 继续: " confirm
+  [[ "${confirm}" == "yes" ]] || { red "已取消。"; exit 1; }
+
+  local domain email cf_token password proxy_url ip_info
+
+  domain="$(prompt_nonempty '请输入用于签发证书的域名: ')"
+  email="$(prompt_nonempty '请输入 ACME 邮箱: ')"
+  cf_token="$(prompt_nonempty '请输入 Cloudflare API Token: ')"
+  password="$(generate_password)"
+
+  configure_firewall
+  install_hysteria2
+  run_domain_selector
+  proxy_url="$(prompt_nonempty '请输入最终用于 masquerade 的完整 URL（例如 https://example.com/）: ')"
+
+  write_config "${domain}" "${email}" "${cf_token}" "${password}" "${proxy_url}"
+  start_service
+
+  ip_info="$(get_server_ip)"
+  show_result "${domain}" "${password}" "${proxy_url}" "${ip_info}"
+}
+
+main "$@"
\ No newline at end of file