Compare commits
16 Commits
2347e16958
..
main
| Author | SHA1 | Date | |
|---|---|---|---|
| 5a102d7306 | |||
| 17d82a1ead | |||
| 3f456ad592 | |||
| 21f3d14277 | |||
| 81206be8a4 | |||
| 3f383af8d4 | |||
| c573968dfc | |||
| 585cb5e09d | |||
| 1446138557 | |||
| e37c61d437 | |||
| fcdeee1249 | |||
| 5309bf254b | |||
| 88f9422f01 | |||
| b0aa99f394 | |||
| 1f62620be3 | |||
| 7549097b3f |
+276
-19
@@ -150,6 +150,137 @@ get_port() {
|
||||
done
|
||||
}
|
||||
|
||||
update_caddyfile_fallback() {
|
||||
[[ ! -f $is_caddyfile ]] && return
|
||||
# Backup Caddyfile
|
||||
cp -f $is_caddyfile ${is_caddyfile}.bak
|
||||
|
||||
# 1. Replace servers :443 with servers :4443
|
||||
sed -i 's/servers :443/servers :4443/g' $is_caddyfile
|
||||
|
||||
# 2. Replace any site block headers explicit :443 with :4443
|
||||
sed -i 's/:443[[:space:]]*{/:4443 {/g' $is_caddyfile
|
||||
|
||||
# 3. Add or update https_port 4443 in global block
|
||||
if [[ $(grep "https_port" $is_caddyfile) ]]; then
|
||||
# Replace existing https_port with 4443
|
||||
sed -i 's/https_port[[:space:]]\+[0-9]\+/https_port 4443/g' $is_caddyfile
|
||||
else
|
||||
# Find first { and insert https_port 4443 on the next line
|
||||
sed -i '0,/^[[:space:]]*{[[:space:]]*$/s//{\n https_port 4443/' $is_caddyfile
|
||||
fi
|
||||
}
|
||||
|
||||
install_haproxy() {
|
||||
[[ $(type -P haproxy) ]] && return
|
||||
msg "正在安装 HAProxy 用于四层端口分流..."
|
||||
if [[ $(type -P apt-get) ]]; then
|
||||
apt-get update && apt-get install -y haproxy
|
||||
elif [[ $(type -P dnf) ]]; then
|
||||
dnf install -y haproxy
|
||||
elif [[ $(type -P yum) ]]; then
|
||||
yum install -y haproxy
|
||||
else
|
||||
err "未知的软件包管理器,请手动安装 haproxy!"
|
||||
fi
|
||||
}
|
||||
|
||||
restore_caddy_default() {
|
||||
[[ ! -f $is_caddyfile ]] && return
|
||||
if [[ -f ${is_caddyfile}.bak ]]; then
|
||||
mv -f ${is_caddyfile}.bak $is_caddyfile
|
||||
else
|
||||
sed -i 's/servers :4443/servers :443/g' $is_caddyfile
|
||||
sed -i 's/:4443[[:space:]]*{/:443 {/g' $is_caddyfile
|
||||
sed -i 's/https_port 4443/https_port 443/g' $is_caddyfile
|
||||
fi
|
||||
systemctl restart caddy >/dev/null 2>&1
|
||||
}
|
||||
|
||||
update_haproxy_config() {
|
||||
[[ ! -d $is_conf_dir ]] && return
|
||||
|
||||
local haproxy_conf="/etc/haproxy/haproxy.cfg"
|
||||
[[ ! -d /etc/haproxy ]] && mkdir -p /etc/haproxy
|
||||
|
||||
[[ -f $haproxy_conf ]] && cp -f $haproxy_conf ${haproxy_conf}.bak
|
||||
|
||||
cat >$haproxy_conf <<'EOF'
|
||||
global
|
||||
log /dev/log local0
|
||||
log /dev/log local1 notice
|
||||
chroot /var/lib/haproxy
|
||||
user haproxy
|
||||
group haproxy
|
||||
daemon
|
||||
|
||||
defaults
|
||||
log global
|
||||
mode tcp
|
||||
timeout connect 5s
|
||||
timeout client 50s
|
||||
timeout server 50s
|
||||
|
||||
frontend https-in
|
||||
bind *:443
|
||||
mode tcp
|
||||
tcp-request inspect-delay 5s
|
||||
tcp-request content accept if { req_ssl_hello_type 1 }
|
||||
EOF
|
||||
|
||||
local acl_rules=""
|
||||
local use_backend_rules=""
|
||||
local backends=""
|
||||
local has_reality=0
|
||||
|
||||
for config in $is_conf_dir/*.json; do
|
||||
[[ ! -f $config ]] && continue
|
||||
local json_clean=$(cat "$config" | sed s#//.*##)
|
||||
|
||||
local is_real=$(jq -r '.inbounds[0].tls.reality.enabled // empty' <<<"$json_clean")
|
||||
[[ $is_real != "true" ]] && continue
|
||||
|
||||
local local_port=$(jq -r '.inbounds[0].listen_port // empty' <<<"$json_clean")
|
||||
local sni=$(jq -r '.inbounds[0].tls.server_name // empty' <<<"$json_clean")
|
||||
|
||||
[[ ! $local_port || ! $sni ]] && continue
|
||||
[[ $local_port == "443" ]] && continue
|
||||
|
||||
has_reality=1
|
||||
local backend_name="singbox_backend_${local_port}"
|
||||
|
||||
acl_rules="${acl_rules}\n acl is_reality_${local_port} req.ssl_sni -i ${sni}"
|
||||
use_backend_rules="${use_backend_rules}\n use_backend ${backend_name} if is_reality_${local_port}"
|
||||
|
||||
backends="${backends}\n\nbackend ${backend_name}\n mode tcp\n server srv1 127.0.0.1:${local_port}"
|
||||
done
|
||||
|
||||
if [[ $has_reality -eq 1 ]]; then
|
||||
echo -e "$acl_rules" >>$haproxy_conf
|
||||
echo -e "$use_backend_rules" >>$haproxy_conf
|
||||
echo -e " default_backend caddy_backend" >>$haproxy_conf
|
||||
|
||||
cat >>$haproxy_conf <<'EOF'
|
||||
|
||||
backend caddy_backend
|
||||
mode tcp
|
||||
server caddy 127.0.0.1:4443
|
||||
EOF
|
||||
echo -e "$backends" >>$haproxy_conf
|
||||
|
||||
systemctl daemon-reload
|
||||
systemctl enable haproxy >/dev/null 2>&1
|
||||
systemctl restart haproxy >/dev/null 2>&1
|
||||
else
|
||||
if systemctl is-active --quiet haproxy; then
|
||||
systemctl stop haproxy >/dev/null 2>&1
|
||||
systemctl disable haproxy >/dev/null 2>&1
|
||||
fi
|
||||
restore_caddy_default
|
||||
fi
|
||||
}
|
||||
|
||||
|
||||
get_pbk() {
|
||||
is_tmp_pbk=($($is_core_bin generate reality-keypair | sed 's/.*://'))
|
||||
is_public_key=${is_tmp_pbk[1]}
|
||||
@@ -280,6 +411,18 @@ ask() {
|
||||
msg "$is_err 请输入正确的端口, 可选(1-65535)"
|
||||
continue
|
||||
}
|
||||
if [[ $REPLY == 443 && $is_caddy && ${is_new_protocol,,} =~ "reality" ]]; then
|
||||
msg "\n检测到你的系统已启用 Caddy。"
|
||||
msg "你可以选择启用 REALITY 回落分流功能,将非代理流量转发给本地 Caddy。"
|
||||
msg "这会自动安装 HAProxy 监听 443 端口进行四层分流,并将 Caddy 的 https 端口自动调整为 4443。"
|
||||
echo -ne "是否启用 Caddy 回落分流?(y/n):"
|
||||
read is_enable_fallback
|
||||
if [[ $is_enable_fallback =~ ^[Yy]$ ]]; then
|
||||
is_reality_fallback=1
|
||||
export $is_ask_set=$REPLY
|
||||
break
|
||||
fi
|
||||
fi
|
||||
if [[ $(is_test port_used $REPLY) && $is_ask_set != 'door_port' ]]; then
|
||||
msg "$is_err 无法使用 ($REPLY) 端口."
|
||||
continue
|
||||
@@ -332,7 +475,12 @@ create() {
|
||||
# get json
|
||||
[[ $is_change || ! $json_str ]] && get protocol $2
|
||||
[[ $net == "reality" ]] && is_add_public_key=",outbounds:[{type:\"direct\"},{tag:\"public_key_$is_public_key\",type:\"direct\"}]"
|
||||
is_new_json=$(jq "{inbounds:[{tag:\"$is_config_name\",type:\"$is_protocol\",$is_listen,listen_port:$port,$json_str}]$is_add_public_key}" <<<{})
|
||||
local write_port=$port
|
||||
if [[ $is_reality_fallback ]]; then
|
||||
get_port
|
||||
write_port=$tmp_port
|
||||
fi
|
||||
is_new_json=$(jq "{inbounds:[{tag:\"$is_config_name\",type:\"$is_protocol\",$is_listen,listen_port:$write_port,$json_str}]$is_add_public_key}" <<<{})
|
||||
[[ $is_test_json ]] && return # tmp test
|
||||
# only show json, dont save to file.
|
||||
[[ $is_gen ]] && {
|
||||
@@ -341,14 +489,57 @@ create() {
|
||||
msg
|
||||
return
|
||||
}
|
||||
# Read old remarks before file deletion
|
||||
local old_remarks=""
|
||||
if [[ -f $is_json_file ]]; then
|
||||
old_remarks=$(grep -E '^[[:space:]]*//[[:space:]]*remarks:' $is_json_file | sed 's/.*remarks:[[:space:]]*//')
|
||||
elif [[ $is_config_file && -f $is_conf_dir/$is_config_file ]]; then
|
||||
old_remarks=$(grep -E '^[[:space:]]*//[[:space:]]*remarks:' $is_conf_dir/$is_config_file | sed 's/.*remarks:[[:space:]]*//')
|
||||
fi
|
||||
|
||||
local is_remarks=""
|
||||
if [[ ! $is_gen ]]; then
|
||||
if [[ $is_change ]]; then
|
||||
if [[ $old_remarks ]]; then
|
||||
msg "\n当前节点备注名称为: $old_remarks"
|
||||
fi
|
||||
echo -ne "请输入新的节点备注名称 (回车保持不变,输入 clear 确认清除):"
|
||||
read is_remarks
|
||||
if [[ -z $is_remarks ]]; then
|
||||
is_remarks=$old_remarks
|
||||
elif [[ $is_remarks == "clear" ]]; then
|
||||
is_remarks=""
|
||||
fi
|
||||
else
|
||||
msg "\n你可以为该节点设置一个自定义备注名称(用于生成的链接末尾显示)。"
|
||||
echo -ne "请输入节点备注名称 (直接回车将使用默认生成值):"
|
||||
read is_remarks
|
||||
fi
|
||||
fi
|
||||
|
||||
# del old file
|
||||
[[ $is_config_file ]] && is_no_del_msg=1 && del $is_config_file
|
||||
# save json to file
|
||||
cat <<<$is_new_json >$is_json_file
|
||||
if [[ $is_new_install ]]; then
|
||||
if [[ $is_remarks ]]; then
|
||||
echo -e "// remarks: $is_remarks\n$(cat <<<$is_new_json)" >$is_json_file
|
||||
else
|
||||
cat <<<$is_new_json >$is_json_file
|
||||
fi
|
||||
if [[ ! -f $is_config_json ]]; then
|
||||
# config.json
|
||||
create config.json
|
||||
fi
|
||||
# If reality fallback is enabled, automatically update Caddyfile!
|
||||
if [[ $is_reality_fallback ]]; then
|
||||
msg "\n自动调整 Caddy 配置文件以支持 4443 端口回落..."
|
||||
update_caddyfile_fallback
|
||||
msg "Caddy 配置文件更新成功,备份已保存至 ${is_caddyfile}.bak"
|
||||
msg "正在重启 Caddy 以释放 443 端口..."
|
||||
manage restart caddy &>/dev/null
|
||||
sleep 1
|
||||
install_haproxy
|
||||
update_haproxy_config
|
||||
fi
|
||||
# caddy auto tls
|
||||
[[ $is_caddy && $host && ! $is_no_auto_tls ]] && {
|
||||
create caddy $net
|
||||
@@ -655,6 +846,7 @@ del() {
|
||||
pause
|
||||
fi
|
||||
rm -rf $is_conf_dir/"$is_config_file"
|
||||
update_haproxy_config
|
||||
[[ ! $is_new_json ]] && manage restart &
|
||||
[[ ! $is_no_del_msg ]] && _green "\n已删除: $is_config_file\n"
|
||||
|
||||
@@ -686,6 +878,24 @@ uninstall() {
|
||||
else
|
||||
ask string y "是否卸载 ${is_core_name}? [y]:"
|
||||
fi
|
||||
# Clean up HAProxy and restore Caddy before removing files
|
||||
if systemctl is-active --quiet haproxy >/dev/null 2>&1; then
|
||||
systemctl stop haproxy >/dev/null 2>&1
|
||||
systemctl disable haproxy >/dev/null 2>&1
|
||||
if [[ $(type -P apt-get) ]]; then
|
||||
apt-get purge -y haproxy >/dev/null 2>&1
|
||||
apt-get autoremove -y >/dev/null 2>&1
|
||||
elif [[ $(type -P dnf) ]]; then
|
||||
dnf remove -y haproxy >/dev/null 2>&1
|
||||
elif [[ $(type -P yum) ]]; then
|
||||
yum remove -y haproxy >/dev/null 2>&1
|
||||
fi
|
||||
fi
|
||||
# If Caddy is NOT being uninstalled (REPLY != '2'), we must restore Caddy back to port 443!
|
||||
if [[ $REPLY != '2' ]]; then
|
||||
restore_caddy_default
|
||||
fi
|
||||
|
||||
manage stop &>/dev/null
|
||||
manage disable &>/dev/null
|
||||
rm -rf $is_core_dir $is_log_dir $is_sh_bin ${is_sh_bin/$is_core/sb}
|
||||
@@ -925,7 +1135,17 @@ add() {
|
||||
[[ ! $(is_test port ${is_use_port}) ]] && {
|
||||
err "($is_use_port) 不是一个有效的端口. $is_err_tips"
|
||||
}
|
||||
[[ $(is_test port_used $is_use_port) && ! $is_gen ]] && {
|
||||
if [[ $is_use_port == 443 && $is_caddy && ${is_new_protocol,,} =~ "reality" ]]; then
|
||||
msg "\n检测到你的系统已启用 Caddy。"
|
||||
msg "你可以选择启用 REALITY 回落分流功能,将非代理流量转发给本地 Caddy。"
|
||||
msg "这会自动安装 HAProxy 监听 443 端口进行四层分流,并将 Caddy 的 https 端口自动调整为 4443。"
|
||||
echo -ne "是否启用 Caddy 回落分流?(y/n):"
|
||||
read is_enable_fallback
|
||||
if [[ $is_enable_fallback =~ ^[Yy]$ ]]; then
|
||||
is_reality_fallback=1
|
||||
fi
|
||||
fi
|
||||
[[ $(is_test port_used $is_use_port) && ! $is_gen && ! $is_reality_fallback ]] && {
|
||||
err "无法使用 ($is_use_port) 端口. $is_err_tips"
|
||||
}
|
||||
port=$is_use_port
|
||||
@@ -1100,9 +1320,9 @@ get() {
|
||||
get file $2
|
||||
if [[ $is_config_file ]]; then
|
||||
is_json_str=$(cat $is_conf_dir/"$is_config_file" | sed s#//.*##)
|
||||
is_json_data=$(jq '(.inbounds[0]|.type,.listen_port,(.users[0]|.uuid,.password,.username),.method,.password,.override_port,.override_address,(.transport|.type,.path,.headers.host),(.tls|.server_name,.reality.private_key)),(.outbounds[1].tag)' <<<$is_json_str)
|
||||
is_json_data=$(jq '(.inbounds[0]|.type,.listen_port,(.users[0]|.uuid,.password,.username),.method,.password,.override_port,.override_address,(.transport|.type,.path,.headers.host),(.tls|.server_name,.reality.private_key),.fallback.server_port),(.outbounds[1].tag)' <<<$is_json_str)
|
||||
[[ $? != 0 ]] && err "无法读取此文件: $is_config_file"
|
||||
is_up_var_set=(null is_protocol port uuid password username ss_method ss_password door_port door_addr net_type path host is_servername is_private_key is_public_key)
|
||||
is_up_var_set=(null is_protocol port uuid password username ss_method ss_password door_port door_addr net_type path host is_servername is_private_key is_reality_fallback_port is_public_key)
|
||||
[[ $is_debug ]] && msg "\n------------- debug: $is_config_file -------------"
|
||||
i=0
|
||||
for v in $(sed 's/""/null/g;s/"//g' <<<"$is_json_data"); do
|
||||
@@ -1114,10 +1334,19 @@ get() {
|
||||
[[ ${!v} == 'null' ]] && unset $v
|
||||
done
|
||||
|
||||
# Override port if it's mapped behind HAProxy
|
||||
local file_port=$(echo "$is_config_file" | grep -oE '[0-9]+\.json' | grep -oE '[0-9]+')
|
||||
if [[ $file_port && $port && $port != $file_port ]]; then
|
||||
port=$file_port
|
||||
fi
|
||||
|
||||
if [[ $is_private_key ]]; then
|
||||
is_reality=1
|
||||
net_type+=reality
|
||||
is_public_key=${is_public_key/public_key_/}
|
||||
if [[ $is_reality_fallback_port == '4443' || $port == '443' ]]; then
|
||||
is_reality_fallback=1
|
||||
fi
|
||||
fi
|
||||
is_socks_user=$username
|
||||
is_socks_pass=$password
|
||||
@@ -1238,7 +1467,9 @@ get() {
|
||||
net=reality
|
||||
[[ ! $is_servername ]] && is_servername=$is_random_servername
|
||||
[[ ! $is_private_key ]] && get_pbk
|
||||
is_json_add="tls:{enabled:true,server_name:\"$is_servername\",reality:{enabled:true,handshake:{server:\"$is_servername\",server_port:443},private_key:\"$is_private_key\",short_id:[\"\"]}}"
|
||||
local handshake_server=$is_servername
|
||||
local handshake_port=443
|
||||
is_json_add="tls:{enabled:true,server_name:\"$is_servername\",reality:{enabled:true,handshake:{server:\"$handshake_server\",server_port:$handshake_port},private_key:\"$is_private_key\",short_id:[\"\"]}}"
|
||||
[[ $is_lower =~ "http" ]] && {
|
||||
is_json_add="$is_json_add,transport:{type:\"http\"}"
|
||||
} || {
|
||||
@@ -1353,6 +1584,15 @@ info() {
|
||||
if [[ ! $is_protocol ]]; then
|
||||
get info $1
|
||||
fi
|
||||
local custom_remarks=""
|
||||
if [[ $is_config_file ]]; then
|
||||
custom_remarks=$(grep -E '^[[:space:]]*//[[:space:]]*remarks:' $is_conf_dir/"$is_config_file" | sed 's/.*remarks:[[:space:]]*//')
|
||||
fi
|
||||
local url_remarks="sb-$net-$is_addr"
|
||||
[[ $host ]] && url_remarks="sb-$net-$host"
|
||||
[[ $is_anytls_domain ]] && url_remarks="sb-$net-$is_anytls_domain"
|
||||
[[ $custom_remarks ]] && url_remarks=$custom_remarks
|
||||
|
||||
# is_color=$(shuf -i 41-45 -n1)
|
||||
is_color=44
|
||||
case $net in
|
||||
@@ -1362,7 +1602,7 @@ info() {
|
||||
is_can_change=(0 1 2 3 5)
|
||||
is_info_show=(0 1 2 3 4 6 7 8)
|
||||
[[ $is_protocol == 'vmess' ]] && {
|
||||
is_vmess_url=$(jq -c '{v:2,ps:'\"sb-$net-$host\"',add:'\"$is_addr\"',port:'\"$is_https_port\"',id:'\"$uuid\"',aid:"0",net:'\"$net\"',host:'\"$host\"',path:'\"$path\"',tls:'\"tls\"'}' <<<{})
|
||||
is_vmess_url=$(jq -c '{v:2,ps:'\"$url_remarks\"',add:'\"$is_addr\"',port:'\"$is_https_port\"',id:'\"$uuid\"',aid:"0",net:'\"$net\"',host:'\"$host\"',path:'\"$path\"',tls:'\"tls\"'}' <<<{})
|
||||
is_url=vmess://$(echo -n $is_vmess_url | base64 -w 0)
|
||||
} || {
|
||||
[[ $is_protocol == "trojan" ]] && {
|
||||
@@ -1371,7 +1611,7 @@ info() {
|
||||
is_can_change=(0 1 2 3 4)
|
||||
is_info_show=(0 1 2 10 4 6 7 8)
|
||||
}
|
||||
is_url="$is_protocol://$uuid@$host:$is_https_port?encryption=none&security=tls&type=$net&host=$host&path=$path#sb-$net-$host"
|
||||
is_url="$is_protocol://$uuid@$host:$is_https_port?encryption=none&security=tls&type=$net&host=$host&path=$path#$url_remarks"
|
||||
}
|
||||
[[ $is_caddy ]] && is_can_change+=(11)
|
||||
is_info_str=($is_protocol $is_addr $is_https_port $uuid $net $host $path 'tls')
|
||||
@@ -1393,21 +1633,21 @@ info() {
|
||||
is_info_str+=(tls h3 true)
|
||||
is_quic_add=",tls:\"tls\",alpn:\"h3\"" # cant add allowInsecure
|
||||
}
|
||||
is_vmess_url=$(jq -c "{v:2,ps:\"sb-${net}-$is_addr\",add:\"$is_addr\",port:\"$port\",id:\"$uuid\",aid:\"0\",net:\"$net\",type:\"$is_type\"$is_quic_add}" <<<{})
|
||||
is_vmess_url=$(jq -c "{v:2,ps:\"$url_remarks\",add:\"$is_addr\",port:\"$port\",id:\"$uuid\",aid:\"0\",net:\"$net\",type:\"$is_type\"$is_quic_add}" <<<{})
|
||||
is_url=vmess://$(echo -n $is_vmess_url | base64 -w 0)
|
||||
fi
|
||||
;;
|
||||
ss)
|
||||
is_can_change=(0 1 4 6)
|
||||
is_info_show=(0 1 2 10 11)
|
||||
is_url="ss://$(echo -n ${ss_method}:${ss_password} | base64 -w 0)@${is_addr}:${port}#sb-$net-${is_addr}"
|
||||
is_url="ss://$(echo -n ${ss_method}:${ss_password} | base64 -w 0)@${is_addr}:${port}#$url_remarks"
|
||||
is_info_str=($is_protocol $is_addr $port $ss_password $ss_method)
|
||||
;;
|
||||
trojan)
|
||||
is_insecure=1
|
||||
is_can_change=(0 1 4)
|
||||
is_info_show=(0 1 2 10 4 8 20)
|
||||
is_url="$is_protocol://$password@$is_addr:$port?type=tcp&security=tls&insecure=1&allowInsecure=1#sb-$net-$is_addr"
|
||||
is_url="$is_protocol://$password@$is_addr:$port?type=tcp&security=tls&insecure=1&allowInsecure=1#$url_remarks"
|
||||
is_info_str=($is_protocol $is_addr $port $password tcp tls true)
|
||||
;;
|
||||
hy*)
|
||||
@@ -1415,14 +1655,14 @@ info() {
|
||||
is_info_show=(0 1 2 10 8 9 20)
|
||||
# fix xray core for client use.
|
||||
is_sha256=$(openssl x509 -noout -fingerprint -sha256 -in $is_core_dir/bin/tls.cer | sed 's/.*=//;s/://g')
|
||||
is_url="$is_protocol://$password@$is_addr:$port?alpn=h3&insecure=1&allowInsecure=1&pinSHA256=$is_sha256#sb-$net-$is_addr"
|
||||
is_url="$is_protocol://$password@$is_addr:$port?alpn=h3&insecure=1&allowInsecure=1&pinSHA256=$is_sha256#$url_remarks"
|
||||
is_info_str=($is_protocol $is_addr $port $password tls h3 "true (设置, 固定证书>证书指纹(SHA-256): $is_sha256)")
|
||||
;;
|
||||
tuic)
|
||||
is_insecure=1
|
||||
is_can_change=(0 1 4 5)
|
||||
is_info_show=(0 1 2 3 10 8 9 20 21)
|
||||
is_url="$is_protocol://$uuid:$password@$is_addr:$port?alpn=h3&insecure=1&allowInsecure=1&congestion_control=bbr#sb-$net-$is_addr"
|
||||
is_url="$is_protocol://$uuid:$password@$is_addr:$port?alpn=h3&insecure=1&allowInsecure=1&congestion_control=bbr#$url_remarks"
|
||||
is_info_str=($is_protocol $is_addr $port $uuid $password tls h3 true bbr)
|
||||
;;
|
||||
reality)
|
||||
@@ -1437,19 +1677,19 @@ info() {
|
||||
is_info_show=(${is_info_show[@]/15/})
|
||||
}
|
||||
is_info_str=($is_protocol $is_addr $port $uuid $is_flow $is_net_type reality $is_servername chrome $is_public_key)
|
||||
is_url="$is_protocol://$uuid@$is_addr:$port?encryption=none&security=reality&flow=$is_flow&type=$is_net_type&sni=$is_servername&pbk=$is_public_key&fp=chrome#sb-$net-$is_addr"
|
||||
is_url="$is_protocol://$uuid@$is_addr:$port?encryption=none&security=reality&flow=$is_flow&type=$is_net_type&sni=$is_servername&pbk=$is_public_key&fp=chrome#$url_remarks"
|
||||
;;
|
||||
anytls)
|
||||
is_can_change=(0 1 4)
|
||||
if [[ $is_anytls_domain ]]; then
|
||||
is_info_show=(0 1 2 10 8)
|
||||
is_info_str=($is_protocol $is_anytls_domain $port $password tls)
|
||||
is_url="anytls://$password@$is_anytls_domain:$port#sb-$net-$is_anytls_domain"
|
||||
is_url="anytls://$password@$is_anytls_domain:$port#$url_remarks"
|
||||
else
|
||||
is_insecure=1
|
||||
is_info_show=(0 1 2 10 8 20)
|
||||
is_info_str=($is_protocol $is_addr $port $password tls true)
|
||||
is_url="anytls://$password@$is_addr:$port?insecure=1&allowInsecure=1#sb-$net-$is_addr"
|
||||
is_url="anytls://$password@$is_addr:$port?insecure=1&allowInsecure=1#$url_remarks"
|
||||
fi
|
||||
;;
|
||||
direct)
|
||||
@@ -1461,7 +1701,7 @@ info() {
|
||||
is_can_change=(0 1 12 4)
|
||||
is_info_show=(0 1 2 19 10)
|
||||
is_info_str=($is_protocol $is_addr $port $is_socks_user $is_socks_pass)
|
||||
is_url="socks://$(echo -n ${is_socks_user}:${is_socks_pass} | base64 -w 0)@${is_addr}:${port}#sb-$net-${is_addr}"
|
||||
is_url="socks://$(echo -n ${is_socks_user}:${is_socks_pass} | base64 -w 0)@${is_addr}:${port}#$url_remarks"
|
||||
;;
|
||||
esac
|
||||
[[ $is_dont_show_info || $is_gen || $is_dont_auto_exit ]] && return # dont show info
|
||||
@@ -1490,6 +1730,14 @@ info() {
|
||||
msg "端口(port): $port"
|
||||
msg "路径(path): $path"
|
||||
fi
|
||||
if [[ $is_reality_fallback ]]; then
|
||||
msg "------------- REALITY Fallback NOTICE -------------"
|
||||
_green "检测到启用了 Caddy 回落分流,脚本已自动为你调整了 Caddy 配置文件:"
|
||||
msg "1. 已自动将你的 ${yellow}/etc/caddy/Caddyfile${none} 中的默认 https 端口修改为 ${green}4443${none}。"
|
||||
msg "2. 原配置文件备份已保存至 ${yellow}${is_caddyfile}.bak${none}。"
|
||||
msg "3. Caddy、sing-box 和 HAProxy 已自动重启,现在 443 端口由 HAProxy 监听并做四层分流,普通流量回落至 Caddy,代理流量转至 sing-box。"
|
||||
msg "---------------------------------------------------"
|
||||
fi
|
||||
footer_msg
|
||||
}
|
||||
|
||||
@@ -1539,7 +1787,9 @@ update() {
|
||||
is_update_repo=$is_core_repo
|
||||
;;
|
||||
2 | sh)
|
||||
err "当前项目已净化,已禁用自动更新脚本以防止覆盖净化修改。"
|
||||
is_update_name=sh
|
||||
is_show_name="脚本"
|
||||
is_run_ver=$is_sh_ver
|
||||
;;
|
||||
3 | caddy)
|
||||
[[ ! $is_caddy ]] && err "不支持更新 Caddy."
|
||||
@@ -1552,6 +1802,13 @@ update() {
|
||||
err "无法识别 ($1), 请使用: $is_core update [core | sh | caddy] [ver]"
|
||||
;;
|
||||
esac
|
||||
load download.sh
|
||||
if [[ $is_update_name == 'sh' ]]; then
|
||||
msg "\n正在从 Gitea 获取最新脚本并应用...\n"
|
||||
download sh latest
|
||||
msg "更新成功, 当前脚本已更新为最新版。\n"
|
||||
exit
|
||||
fi
|
||||
[[ $2 ]] && is_new_ver=v${2#v}
|
||||
[[ $is_run_ver == $is_new_ver ]] && {
|
||||
msg "\n自定义版本和当前 $is_show_name 版本一样, 无需更新.\n"
|
||||
|
||||
+2
-2
@@ -40,9 +40,9 @@ download() {
|
||||
sh)
|
||||
name="$is_core_name 脚本"
|
||||
tmpfile=$tmpdir/sh.tar.gz
|
||||
link="https://github.com/${is_sh_repo}/releases/download/${latest_ver}/code.tar.gz"
|
||||
link="https://git.lll.rest/svefnz/sing-box/archive/main.tar.gz"
|
||||
download_file
|
||||
tar zxf $tmpfile -C $is_sh_dir
|
||||
tar zxf $tmpfile --strip-components 1 -C $is_sh_dir
|
||||
chmod +x $is_sh_bin ${is_sh_bin/$is_core/sb}
|
||||
;;
|
||||
caddy)
|
||||
|
||||
Reference in New Issue
Block a user