添加 hy2.sh
This commit is contained in:
207
hy2.sh
Normal file
207
hy2.sh
Normal file
@@ -0,0 +1,207 @@
|
||||
#!/usr/bin/env bash
|
||||
set -Eeuo pipefail
|
||||
|
||||
CONFIG_FILE="/etc/hysteria/config.yaml"
|
||||
SERVICE_NAME="hysteria-server.service"
|
||||
|
||||
red() { printf '\033[31m%s\033[0m\n' "$*"; }
|
||||
green() { printf '\033[32m%s\033[0m\n' "$*"; }
|
||||
yellow() { printf '\033[33m%s\033[0m\n' "$*"; }
|
||||
blue() { printf '\033[36m%s\033[0m\n' "$*"; }
|
||||
|
||||
require_root() {
|
||||
if [[ "${EUID}" -ne 0 ]]; then
|
||||
red "请使用 root 运行此脚本。"
|
||||
exit 1
|
||||
fi
|
||||
}
|
||||
|
||||
require_cmd() {
|
||||
command -v "$1" >/dev/null 2>&1 || {
|
||||
red "缺少命令: $1"
|
||||
exit 1
|
||||
}
|
||||
}
|
||||
|
||||
prompt_nonempty() {
|
||||
local prompt="$1"
|
||||
local value=""
|
||||
while true; do
|
||||
read -r -p "$prompt" value
|
||||
if [[ -n "${value// }" ]]; then
|
||||
printf '%s' "$value"
|
||||
return 0
|
||||
fi
|
||||
yellow "输入不能为空,请重新输入。"
|
||||
done
|
||||
}
|
||||
|
||||
generate_password() {
|
||||
tr -dc 'A-Za-z0-9' </dev/urandom | head -c 24
|
||||
}
|
||||
|
||||
get_server_ip() {
|
||||
local ipv4 ipv6
|
||||
ipv4="$(curl -4 -fsSL https://api.ipify.org || true)"
|
||||
ipv6="$(curl -6 -fsSL https://api64.ipify.org || true)"
|
||||
echo "${ipv4}|${ipv6}"
|
||||
}
|
||||
|
||||
configure_firewall() {
|
||||
blue "==> 配置防火墙(会清空现有 iptables / ip6tables / ufw 规则)"
|
||||
|
||||
iptables -I INPUT 1 -p tcp --dport 22 -j ACCEPT || true
|
||||
ip6tables -I INPUT 1 -p tcp --dport 22 -j ACCEPT || true
|
||||
|
||||
iptables -F || true
|
||||
iptables -X || true
|
||||
iptables -Z || true
|
||||
iptables -P INPUT ACCEPT || true
|
||||
iptables -P FORWARD ACCEPT || true
|
||||
iptables -P OUTPUT ACCEPT || true
|
||||
|
||||
ip6tables -F || true
|
||||
ip6tables -X || true
|
||||
ip6tables -Z || true
|
||||
ip6tables -P INPUT ACCEPT || true
|
||||
ip6tables -P FORWARD ACCEPT || true
|
||||
ip6tables -P OUTPUT ACCEPT || true
|
||||
|
||||
ufw disable || true
|
||||
yes | ufw reset || true
|
||||
sed -i 's/^IPV6=.*/IPV6=yes/' /etc/default/ufw || true
|
||||
ufw default deny incoming || true
|
||||
ufw default allow outgoing || true
|
||||
ufw allow 22/tcp || true
|
||||
ufw allow 80/tcp || true
|
||||
ufw allow 443/tcp || true
|
||||
ufw allow 443/udp || true
|
||||
yes | ufw enable || true
|
||||
|
||||
green "防火墙配置完成。"
|
||||
}
|
||||
|
||||
install_hysteria2() {
|
||||
blue "==> 安装 Hysteria 2"
|
||||
bash <(curl -fsSL https://get.hy2.sh/)
|
||||
green "Hysteria 2 安装完成。"
|
||||
}
|
||||
|
||||
run_domain_selector() {
|
||||
blue "==> 执行域名筛选脚本(按你的要求)"
|
||||
yellow "下面会运行外部脚本并显示结果,请根据结果手动输入最终用于 masquerade 的 URL。"
|
||||
yellow "示例: https://news.ycombinator.com/"
|
||||
bash <(curl -sL https://raw.githubusercontent.com/ccxkai233/Domain_Selector/main/domain_check.sh) || true
|
||||
}
|
||||
|
||||
write_config() {
|
||||
local domain="$1"
|
||||
local email="$2"
|
||||
local cf_token="$3"
|
||||
local password="$4"
|
||||
local proxy_url="$5"
|
||||
|
||||
mkdir -p /etc/hysteria
|
||||
|
||||
cat > "${CONFIG_FILE}" <<EOF
|
||||
listen: :443
|
||||
|
||||
acme:
|
||||
domains:
|
||||
- ${domain}
|
||||
email: ${email}
|
||||
type: dns
|
||||
dns:
|
||||
name: cloudflare
|
||||
config:
|
||||
cloudflare_api_token: ${cf_token}
|
||||
|
||||
auth:
|
||||
type: password
|
||||
password: ${password}
|
||||
|
||||
masquerade:
|
||||
type: proxy
|
||||
proxy:
|
||||
url: ${proxy_url}
|
||||
rewriteHost: true
|
||||
EOF
|
||||
|
||||
chmod 600 "${CONFIG_FILE}"
|
||||
green "配置已写入 ${CONFIG_FILE}"
|
||||
}
|
||||
|
||||
start_service() {
|
||||
blue "==> 启动并设置开机自启"
|
||||
systemctl daemon-reload || true
|
||||
systemctl enable --now "${SERVICE_NAME}"
|
||||
systemctl restart "${SERVICE_NAME}"
|
||||
green "服务已启动。"
|
||||
}
|
||||
|
||||
show_result() {
|
||||
local domain="$1"
|
||||
local password="$2"
|
||||
local proxy_url="$3"
|
||||
local ip_info="$4"
|
||||
local ipv4="${ip_info%%|*}"
|
||||
local ipv6="${ip_info##*|}"
|
||||
|
||||
local share_link="hysteria2://${password}@${domain}:443/?sni=${domain}&insecure=0"
|
||||
|
||||
echo
|
||||
green "================= HY2 节点信息 ================="
|
||||
echo "服务名: ${SERVICE_NAME}"
|
||||
echo "配置文件: ${CONFIG_FILE}"
|
||||
echo "域名: ${domain}"
|
||||
echo "端口: 443"
|
||||
echo "认证方式: password"
|
||||
echo "密码: ${password}"
|
||||
echo "伪装站点: ${proxy_url}"
|
||||
[[ -n "${ipv4}" ]] && echo "服务器 IPv4: ${ipv4}"
|
||||
[[ -n "${ipv6}" ]] && echo "服务器 IPv6: ${ipv6}"
|
||||
echo
|
||||
echo "代理链接:"
|
||||
echo "${share_link}"
|
||||
echo
|
||||
echo "systemd 状态:"
|
||||
systemctl --no-pager --full status "${SERVICE_NAME}" || true
|
||||
echo
|
||||
echo "最近日志:"
|
||||
journalctl --no-pager -n 30 -u "${SERVICE_NAME}" || true
|
||||
echo "================================================"
|
||||
}
|
||||
|
||||
main() {
|
||||
require_root
|
||||
require_cmd curl
|
||||
require_cmd sed
|
||||
require_cmd systemctl
|
||||
require_cmd iptables
|
||||
require_cmd ip6tables
|
||||
require_cmd ufw
|
||||
|
||||
yellow "警告:本脚本将清空当前 iptables / ip6tables 规则并重置 UFW。"
|
||||
read -r -p "确认继续?输入 yes 继续: " confirm
|
||||
[[ "${confirm}" == "yes" ]] || { red "已取消。"; exit 1; }
|
||||
|
||||
local domain email cf_token password proxy_url ip_info
|
||||
|
||||
domain="$(prompt_nonempty '请输入用于签发证书的域名: ')"
|
||||
email="$(prompt_nonempty '请输入 ACME 邮箱: ')"
|
||||
cf_token="$(prompt_nonempty '请输入 Cloudflare API Token: ')"
|
||||
password="$(generate_password)"
|
||||
|
||||
configure_firewall
|
||||
install_hysteria2
|
||||
run_domain_selector
|
||||
proxy_url="$(prompt_nonempty '请输入最终用于 masquerade 的完整 URL(例如 https://example.com/): ')"
|
||||
|
||||
write_config "${domain}" "${email}" "${cf_token}" "${password}" "${proxy_url}"
|
||||
start_service
|
||||
|
||||
ip_info="$(get_server_ip)"
|
||||
show_result "${domain}" "${password}" "${proxy_url}" "${ip_info}"
|
||||
}
|
||||
|
||||
main "$@"
|
||||
Reference in New Issue
Block a user