207 lines
5.1 KiB
Bash
207 lines
5.1 KiB
Bash
#!/usr/bin/env bash
|
||
set -Eeuo pipefail
|
||
|
||
CONFIG_FILE="/etc/hysteria/config.yaml"
|
||
SERVICE_NAME="hysteria-server.service"
|
||
|
||
red() { printf '\033[31m%s\033[0m\n' "$*"; }
|
||
green() { printf '\033[32m%s\033[0m\n' "$*"; }
|
||
yellow() { printf '\033[33m%s\033[0m\n' "$*"; }
|
||
blue() { printf '\033[36m%s\033[0m\n' "$*"; }
|
||
|
||
require_root() {
|
||
if [[ "${EUID}" -ne 0 ]]; then
|
||
red "请使用 root 运行此脚本。"
|
||
exit 1
|
||
fi
|
||
}
|
||
|
||
require_cmd() {
|
||
command -v "$1" >/dev/null 2>&1 || {
|
||
red "缺少命令: $1"
|
||
exit 1
|
||
}
|
||
}
|
||
|
||
prompt_nonempty() {
|
||
local prompt="$1"
|
||
local value=""
|
||
while true; do
|
||
read -r -p "$prompt" value
|
||
if [[ -n "${value// }" ]]; then
|
||
printf '%s' "$value"
|
||
return 0
|
||
fi
|
||
yellow "输入不能为空,请重新输入。"
|
||
done
|
||
}
|
||
|
||
generate_password() {
|
||
tr -dc 'A-Za-z0-9' </dev/urandom | head -c 24
|
||
}
|
||
|
||
get_server_ip() {
|
||
local ipv4 ipv6
|
||
ipv4="$(curl -4 -fsSL https://api.ipify.org || true)"
|
||
ipv6="$(curl -6 -fsSL https://api64.ipify.org || true)"
|
||
echo "${ipv4}|${ipv6}"
|
||
}
|
||
|
||
configure_firewall() {
|
||
blue "==> 配置防火墙(会清空现有 iptables / ip6tables / ufw 规则)"
|
||
|
||
iptables -I INPUT 1 -p tcp --dport 22 -j ACCEPT || true
|
||
ip6tables -I INPUT 1 -p tcp --dport 22 -j ACCEPT || true
|
||
|
||
iptables -F || true
|
||
iptables -X || true
|
||
iptables -Z || true
|
||
iptables -P INPUT ACCEPT || true
|
||
iptables -P FORWARD ACCEPT || true
|
||
iptables -P OUTPUT ACCEPT || true
|
||
|
||
ip6tables -F || true
|
||
ip6tables -X || true
|
||
ip6tables -Z || true
|
||
ip6tables -P INPUT ACCEPT || true
|
||
ip6tables -P FORWARD ACCEPT || true
|
||
ip6tables -P OUTPUT ACCEPT || true
|
||
|
||
ufw disable || true
|
||
yes | ufw reset || true
|
||
sed -i 's/^IPV6=.*/IPV6=yes/' /etc/default/ufw || true
|
||
ufw default deny incoming || true
|
||
ufw default allow outgoing || true
|
||
ufw allow 22/tcp || true
|
||
ufw allow 80/tcp || true
|
||
ufw allow 443/tcp || true
|
||
ufw allow 443/udp || true
|
||
yes | ufw enable || true
|
||
|
||
green "防火墙配置完成。"
|
||
}
|
||
|
||
install_hysteria2() {
|
||
blue "==> 安装 Hysteria 2"
|
||
bash <(curl -fsSL https://get.hy2.sh/)
|
||
green "Hysteria 2 安装完成。"
|
||
}
|
||
|
||
run_domain_selector() {
|
||
blue "==> 执行域名筛选脚本(按你的要求)"
|
||
yellow "下面会运行外部脚本并显示结果,请根据结果手动输入最终用于 masquerade 的 URL。"
|
||
yellow "示例: https://news.ycombinator.com/"
|
||
bash <(curl -sL https://raw.githubusercontent.com/ccxkai233/Domain_Selector/main/domain_check.sh) || true
|
||
}
|
||
|
||
write_config() {
|
||
local domain="$1"
|
||
local email="$2"
|
||
local cf_token="$3"
|
||
local password="$4"
|
||
local proxy_url="$5"
|
||
|
||
mkdir -p /etc/hysteria
|
||
|
||
cat > "${CONFIG_FILE}" <<EOF
|
||
listen: :443
|
||
|
||
acme:
|
||
domains:
|
||
- ${domain}
|
||
email: ${email}
|
||
type: dns
|
||
dns:
|
||
name: cloudflare
|
||
config:
|
||
cloudflare_api_token: ${cf_token}
|
||
|
||
auth:
|
||
type: password
|
||
password: ${password}
|
||
|
||
masquerade:
|
||
type: proxy
|
||
proxy:
|
||
url: ${proxy_url}
|
||
rewriteHost: true
|
||
EOF
|
||
|
||
chmod 600 "${CONFIG_FILE}"
|
||
green "配置已写入 ${CONFIG_FILE}"
|
||
}
|
||
|
||
start_service() {
|
||
blue "==> 启动并设置开机自启"
|
||
systemctl daemon-reload || true
|
||
systemctl enable --now "${SERVICE_NAME}"
|
||
systemctl restart "${SERVICE_NAME}"
|
||
green "服务已启动。"
|
||
}
|
||
|
||
show_result() {
|
||
local domain="$1"
|
||
local password="$2"
|
||
local proxy_url="$3"
|
||
local ip_info="$4"
|
||
local ipv4="${ip_info%%|*}"
|
||
local ipv6="${ip_info##*|}"
|
||
|
||
local share_link="hysteria2://${password}@${domain}:443/?sni=${domain}&insecure=0"
|
||
|
||
echo
|
||
green "================= HY2 节点信息 ================="
|
||
echo "服务名: ${SERVICE_NAME}"
|
||
echo "配置文件: ${CONFIG_FILE}"
|
||
echo "域名: ${domain}"
|
||
echo "端口: 443"
|
||
echo "认证方式: password"
|
||
echo "密码: ${password}"
|
||
echo "伪装站点: ${proxy_url}"
|
||
[[ -n "${ipv4}" ]] && echo "服务器 IPv4: ${ipv4}"
|
||
[[ -n "${ipv6}" ]] && echo "服务器 IPv6: ${ipv6}"
|
||
echo
|
||
echo "代理链接:"
|
||
echo "${share_link}"
|
||
echo
|
||
echo "systemd 状态:"
|
||
systemctl --no-pager --full status "${SERVICE_NAME}" || true
|
||
echo
|
||
echo "最近日志:"
|
||
journalctl --no-pager -n 30 -u "${SERVICE_NAME}" || true
|
||
echo "================================================"
|
||
}
|
||
|
||
main() {
|
||
require_root
|
||
require_cmd curl
|
||
require_cmd sed
|
||
require_cmd systemctl
|
||
require_cmd iptables
|
||
require_cmd ip6tables
|
||
require_cmd ufw
|
||
|
||
yellow "警告:本脚本将清空当前 iptables / ip6tables 规则并重置 UFW。"
|
||
read -r -p "确认继续?输入 yes 继续: " confirm
|
||
[[ "${confirm}" == "yes" ]] || { red "已取消。"; exit 1; }
|
||
|
||
local domain email cf_token password proxy_url ip_info
|
||
|
||
domain="$(prompt_nonempty '请输入用于签发证书的域名: ')"
|
||
email="$(prompt_nonempty '请输入 ACME 邮箱: ')"
|
||
cf_token="$(prompt_nonempty '请输入 Cloudflare API Token: ')"
|
||
password="$(generate_password)"
|
||
|
||
configure_firewall
|
||
install_hysteria2
|
||
run_domain_selector
|
||
proxy_url="$(prompt_nonempty '请输入最终用于 masquerade 的完整 URL(例如 https://example.com/): ')"
|
||
|
||
write_config "${domain}" "${email}" "${cf_token}" "${password}" "${proxy_url}"
|
||
start_service
|
||
|
||
ip_info="$(get_server_ip)"
|
||
show_result "${domain}" "${password}" "${proxy_url}" "${ip_info}"
|
||
}
|
||
|
||
main "$@" |