Compare commits

..

22 Commits

Author SHA1 Message Date
svefnz 4850edb6f1 feat: support custom node remarks in command-line mode
Main / build (push) Waiting to run
2026-07-08 13:30:07 +08:00
svefnz fa34c74937 fix: ensure HAProxy is completely removed and Caddy is restored during uninstall
Main / build (push) Waiting to run
2026-07-08 13:26:44 +08:00
svefnz c1dd5bf640 fix: recursively update explicit ports in imported Caddy configuration files
Main / build (push) Waiting to run
2026-07-08 13:04:50 +08:00
svefnz f05e5e0410 fix: make Caddyfile global config update robust to avoid IPv6 conflicts
Main / build (push) Waiting to run
2026-07-08 12:54:48 +08:00
svefnz f07100c074 fix: override caddy-based node client port to 443 when HAProxy is active
Main / build (push) Waiting to run
2026-07-08 12:35:46 +08:00
svefnz 90a8ad633f fix: resolve node remarks printed as default prefix upon initial node creation
Main / build (push) Waiting to run
2026-07-08 12:24:13 +08:00
svefnz 5a102d7306 feat: support custom remarks for node connection links
Main / build (push) Waiting to run
2026-07-08 02:11:04 +08:00
svefnz 17d82a1ead docs: clarify interactive prompts and output notices for HAProxy L4 routing
Main / build (push) Waiting to run
2026-07-08 02:05:14 +08:00
svefnz 3f456ad592 fix: remove fallback block generation from sing-box VLESS configuration since HAProxy handles fallback
Main / build (push) Waiting to run
2026-07-08 02:00:22 +08:00
svefnz 21f3d14277 feat: enable automated script updates directly from the Gitea repository
Main / build (push) Waiting to run
2026-07-08 01:56:59 +08:00
svefnz 81206be8a4 feat: automate HAProxy cleanup and Caddy restore during sing-box uninstallation
Main / build (push) Waiting to run
2026-07-08 01:55:33 +08:00
svefnz 3f383af8d4 feat: automate HAProxy L4 SNI routing for Caddy and VLESS-REALITY co-existence on port 443
Main / build (push) Waiting to run
2026-07-08 01:53:59 +08:00
svefnz c573968dfc fix: relocate fallback configuration block to root level of inbound object
Main / build (push) Waiting to run
2026-07-08 01:46:06 +08:00
svefnz 585cb5e09d feat: decouple reality handshake destination from fallback destination to support external SNIs on 443
Main / build (push) Waiting to run
2026-07-08 01:37:42 +08:00
svefnz 1446138557 feat: force using Caddy domain as SNI when REALITY fallback is enabled
Main / build (push) Waiting to run
2026-07-08 01:25:56 +08:00
svefnz e37c61d437 fix: replace recursive ask call with direct read to fix variable scope pollution
Main / build (push) Waiting to run
2026-07-08 01:10:20 +08:00
svefnz fcdeee1249 feat: prompt for Caddy fallback on port 443 regardless of port occupancy status
Main / build (push) Waiting to run
2026-07-08 01:04:46 +08:00
svefnz 5309bf254b fix: update existing https_port in Caddyfile instead of appending a duplicate key
Main / build (push) Waiting to run
2026-07-08 00:57:36 +08:00
svefnz 88f9422f01 feat: automatically adjust Caddyfile and restart Caddy when enabling REALITY fallback on 443
Main / build (push) Waiting to run
2026-07-08 00:56:35 +08:00
svefnz b0aa99f394 fix: ensure config.json is generated if it does not exist when saving a new configuration
Main / build (push) Waiting to run
2026-07-08 00:52:58 +08:00
svefnz 1f62620be3 fix: correct protocol variable check inside port validation to support interactive menu
Main / build (push) Waiting to run
2026-07-08 00:51:08 +08:00
svefnz 7549097b3f feat: support Caddy fallback routing for VLESS-REALITY on port 443
Main / build (push) Waiting to run
2026-07-08 00:46:24 +08:00
2 changed files with 320 additions and 30 deletions
+318 -28
View File
@@ -150,6 +150,151 @@ get_port() {
done
}
update_caddyfile_fallback() {
[[ ! -f $is_caddyfile ]] && return
# Backup Caddyfile
cp -f $is_caddyfile ${is_caddyfile}.bak
# 1. Replace servers :443 with servers :4443
sed -i 's/servers :443/servers :4443/g' $is_caddyfile
# 2. Replace any site block headers explicit :443 with :4443
sed -i 's/:443\b/:4443/g' $is_caddyfile
# 3. Add or update https_port 4443 globally
if grep -q "https_port" $is_caddyfile; then
# Replace existing https_port with 4443
sed -i 's/https_port[[:space:]]\+[0-9]\+/https_port 4443/g' $is_caddyfile
elif grep -q '^[[:space:]]*{[[:space:]]*$' $is_caddyfile; then
# Insert inside existing global block
sed -i '0,/^[[:space:]]*{[[:space:]]*$/s//{\n https_port 4443/' $is_caddyfile
else
# Prepend a new global block at the very top of the Caddyfile
echo -e "{\n https_port 4443\n}\n$(cat $is_caddyfile)" >$is_caddyfile
fi
# 4. Replace any explicit :443 in other conf files inside /etc/caddy/sing-box/
if [[ -d /etc/caddy/sing-box ]]; then
sed -i 's/:443\b/:4443/g' /etc/caddy/sing-box/*.conf 2>/dev/null
fi
}
install_haproxy() {
[[ $(type -P haproxy) ]] && return
msg "正在安装 HAProxy 用于四层端口分流..."
if [[ $(type -P apt-get) ]]; then
apt-get update && apt-get install -y haproxy
elif [[ $(type -P dnf) ]]; then
dnf install -y haproxy
elif [[ $(type -P yum) ]]; then
yum install -y haproxy
else
err "未知的软件包管理器,请手动安装 haproxy!"
fi
}
restore_caddy_default() {
[[ ! -f $is_caddyfile ]] && return
if [[ -f ${is_caddyfile}.bak ]]; then
mv -f ${is_caddyfile}.bak $is_caddyfile
else
sed -i 's/servers :4443/servers :443/g' $is_caddyfile
sed -i 's/:4443[[:space:]]*{/:443 {/g' $is_caddyfile
sed -i 's/https_port 4443/https_port 443/g' $is_caddyfile
fi
# Restore explicit :4443 in other conf files inside /etc/caddy/sing-box/
if [[ -d /etc/caddy/sing-box ]]; then
sed -i 's/:4443\b/:443/g' /etc/caddy/sing-box/*.conf 2>/dev/null
fi
systemctl restart caddy >/dev/null 2>&1
}
update_haproxy_config() {
[[ ! -d $is_conf_dir ]] && return
local haproxy_conf="/etc/haproxy/haproxy.cfg"
[[ ! -d /etc/haproxy ]] && mkdir -p /etc/haproxy
[[ -f $haproxy_conf ]] && cp -f $haproxy_conf ${haproxy_conf}.bak
cat >$haproxy_conf <<'EOF'
global
log /dev/log local0
log /dev/log local1 notice
chroot /var/lib/haproxy
user haproxy
group haproxy
daemon
defaults
log global
mode tcp
timeout connect 5s
timeout client 50s
timeout server 50s
frontend https-in
bind *:443
mode tcp
tcp-request inspect-delay 5s
tcp-request content accept if { req_ssl_hello_type 1 }
EOF
local acl_rules=""
local use_backend_rules=""
local backends=""
local has_reality=0
for config in $is_conf_dir/*.json; do
[[ ! -f $config ]] && continue
local json_clean=$(cat "$config" | sed s#//.*##)
local is_real=$(jq -r '.inbounds[0].tls.reality.enabled // empty' <<<"$json_clean")
[[ $is_real != "true" ]] && continue
local local_port=$(jq -r '.inbounds[0].listen_port // empty' <<<"$json_clean")
local sni=$(jq -r '.inbounds[0].tls.server_name // empty' <<<"$json_clean")
[[ ! $local_port || ! $sni ]] && continue
[[ $local_port == "443" ]] && continue
has_reality=1
local backend_name="singbox_backend_${local_port}"
acl_rules="${acl_rules}\n acl is_reality_${local_port} req.ssl_sni -i ${sni}"
use_backend_rules="${use_backend_rules}\n use_backend ${backend_name} if is_reality_${local_port}"
backends="${backends}\n\nbackend ${backend_name}\n mode tcp\n server srv1 127.0.0.1:${local_port}"
done
if [[ $has_reality -eq 1 ]]; then
echo -e "$acl_rules" >>$haproxy_conf
echo -e "$use_backend_rules" >>$haproxy_conf
echo -e " default_backend caddy_backend" >>$haproxy_conf
cat >>$haproxy_conf <<'EOF'
backend caddy_backend
mode tcp
server caddy 127.0.0.1:4443
EOF
echo -e "$backends" >>$haproxy_conf
systemctl daemon-reload
systemctl enable haproxy >/dev/null 2>&1
systemctl restart haproxy >/dev/null 2>&1
else
if systemctl is-active --quiet haproxy; then
systemctl stop haproxy >/dev/null 2>&1
systemctl disable haproxy >/dev/null 2>&1
fi
restore_caddy_default
fi
}
get_pbk() {
is_tmp_pbk=($($is_core_bin generate reality-keypair | sed 's/.*://'))
is_public_key=${is_tmp_pbk[1]}
@@ -280,6 +425,18 @@ ask() {
msg "$is_err 请输入正确的端口, 可选(1-65535)"
continue
}
if [[ $REPLY == 443 && $is_caddy && ${is_new_protocol,,} =~ "reality" ]]; then
msg "\n检测到你的系统已启用 Caddy。"
msg "你可以选择启用 REALITY 回落分流功能,将非代理流量转发给本地 Caddy。"
msg "这会自动安装 HAProxy 监听 443 端口进行四层分流,并将 Caddy 的 https 端口自动调整为 4443。"
echo -ne "是否启用 Caddy 回落分流?(y/n):"
read is_enable_fallback
if [[ $is_enable_fallback =~ ^[Yy]$ ]]; then
is_reality_fallback=1
export $is_ask_set=$REPLY
break
fi
fi
if [[ $(is_test port_used $REPLY) && $is_ask_set != 'door_port' ]]; then
msg "$is_err 无法使用 ($REPLY) 端口."
continue
@@ -332,7 +489,12 @@ create() {
# get json
[[ $is_change || ! $json_str ]] && get protocol $2
[[ $net == "reality" ]] && is_add_public_key=",outbounds:[{type:\"direct\"},{tag:\"public_key_$is_public_key\",type:\"direct\"}]"
is_new_json=$(jq "{inbounds:[{tag:\"$is_config_name\",type:\"$is_protocol\",$is_listen,listen_port:$port,$json_str}]$is_add_public_key}" <<<{})
local write_port=$port
if [[ $is_reality_fallback ]]; then
get_port
write_port=$tmp_port
fi
is_new_json=$(jq "{inbounds:[{tag:\"$is_config_name\",type:\"$is_protocol\",$is_listen,listen_port:$write_port,$json_str}]$is_add_public_key}" <<<{})
[[ $is_test_json ]] && return # tmp test
# only show json, dont save to file.
[[ $is_gen ]] && {
@@ -341,14 +503,58 @@ create() {
msg
return
}
# Read old remarks before file deletion
local old_remarks=""
if [[ -f $is_json_file ]]; then
old_remarks=$(grep -E '^[[:space:]]*//[[:space:]]*remarks:' $is_json_file | sed 's/.*remarks:[[:space:]]*//')
elif [[ $is_config_file && -f $is_conf_dir/$is_config_file ]]; then
old_remarks=$(grep -E '^[[:space:]]*//[[:space:]]*remarks:' $is_conf_dir/$is_config_file | sed 's/.*remarks:[[:space:]]*//')
fi
local is_remarks="${is_remarks:-}"
if [[ ! $is_gen && ! $is_remarks ]]; then
if [[ $is_change ]]; then
if [[ $old_remarks ]]; then
msg "\n当前节点备注名称为: $old_remarks"
fi
echo -ne "请输入新的节点备注名称 (回车保持不变,输入 clear 确认清除):"
read is_remarks
if [[ -z $is_remarks ]]; then
is_remarks=$old_remarks
elif [[ $is_remarks == "clear" ]]; then
is_remarks=""
fi
else
msg "\n你可以为该节点设置一个自定义备注名称(用于生成的链接末尾显示)。"
echo -ne "请输入节点备注名称 (直接回车将使用默认生成值):"
read is_remarks
fi
fi
# del old file
[[ $is_config_file ]] && is_no_del_msg=1 && del $is_config_file
# save json to file
cat <<<$is_new_json >$is_json_file
if [[ $is_new_install ]]; then
if [[ $is_remarks ]]; then
echo "// remarks: $is_remarks" >$is_json_file
echo "$is_new_json" >>$is_json_file
else
echo "$is_new_json" >$is_json_file
fi
if [[ ! -f $is_config_json ]]; then
# config.json
create config.json
fi
# If reality fallback is enabled, automatically update Caddyfile!
if [[ $is_reality_fallback ]]; then
msg "\n自动调整 Caddy 配置文件以支持 4443 端口回落..."
update_caddyfile_fallback
msg "Caddy 配置文件更新成功,备份已保存至 ${is_caddyfile}.bak"
msg "正在重启 Caddy 以释放 443 端口..."
manage restart caddy &>/dev/null
sleep 1
install_haproxy
update_haproxy_config
fi
# caddy auto tls
[[ $is_caddy && $host && ! $is_no_auto_tls ]] && {
create caddy $net
@@ -655,6 +861,7 @@ del() {
pause
fi
rm -rf $is_conf_dir/"$is_config_file"
update_haproxy_config
[[ ! $is_new_json ]] && manage restart &
[[ ! $is_no_del_msg ]] && _green "\n已删除: $is_config_file\n"
@@ -686,6 +893,25 @@ uninstall() {
else
ask string y "是否卸载 ${is_core_name}? [y]:"
fi
# Clean up HAProxy and restore Caddy before removing files
if [[ $(type -P haproxy) || -d /etc/haproxy ]]; then
systemctl stop haproxy >/dev/null 2>&1
systemctl disable haproxy >/dev/null 2>&1
if [[ $(type -P apt-get) ]]; then
apt-get purge -y haproxy >/dev/null 2>&1
apt-get autoremove -y >/dev/null 2>&1
elif [[ $(type -P dnf) ]]; then
dnf remove -y haproxy >/dev/null 2>&1
elif [[ $(type -P yum) ]]; then
yum remove -y haproxy >/dev/null 2>&1
fi
rm -rf /etc/haproxy
fi
# If Caddy is NOT being uninstalled (REPLY != '2'), we must restore Caddy back to port 443!
if [[ $REPLY != '2' ]]; then
restore_caddy_default
fi
manage stop &>/dev/null
manage disable &>/dev/null
rm -rf $is_core_dir $is_log_dir $is_sh_bin ${is_sh_bin/$is_core/sb}
@@ -839,49 +1065,57 @@ add() {
is_use_host=$2
is_use_uuid=$3
is_use_path=$4
is_add_opts="[host] [uuid] [/path]"
is_use_remarks=$5
is_add_opts="[host] [uuid] [/path] [remarks]"
;;
vmess* | tuic*)
is_use_port=$2
is_use_uuid=$3
is_add_opts="[port] [uuid]"
is_use_remarks=$4
is_add_opts="[port] [uuid] [remarks]"
;;
trojan* | hysteria*)
is_use_port=$2
is_use_pass=$3
is_add_opts="[port] [password]"
is_use_remarks=$4
is_add_opts="[port] [password] [remarks]"
;;
*reality*)
is_reality=1
is_use_port=$2
is_use_uuid=$3
is_use_servername=$4
is_add_opts="[port] [uuid] [sni]"
is_use_remarks=$5
is_add_opts="[port] [uuid] [sni] [remarks]"
;;
shadowsocks)
is_use_port=$2
is_use_pass=$3
is_use_method=$4
is_add_opts="[port] [password] [method]"
is_use_remarks=$5
is_add_opts="[port] [password] [method] [remarks]"
;;
direct)
is_use_port=$2
is_use_door_addr=$3
is_use_door_port=$4
is_add_opts="[port] [remote_addr] [remote_port]"
is_use_remarks=$5
is_add_opts="[port] [remote_addr] [remote_port] [remarks]"
;;
anytls*)
is_use_port=$2
is_use_pass=$3
[[ $4 ]] && is_anytls_domain=$4
is_add_opts="[port] [password] [domain]"
is_use_remarks=$5
is_add_opts="[port] [password] [domain] [remarks]"
;;
socks)
is_socks=1
is_use_port=$2
is_use_socks_user=$3
is_use_socks_pass=$4
is_add_opts="[port] [username] [password]"
is_use_remarks=$5
is_add_opts="[port] [username] [password] [remarks]"
;;
esac
@@ -917,7 +1151,7 @@ add() {
# prefer args.
if [[ $2 ]]; then
for v in is_use_port is_use_uuid is_use_host is_use_path is_use_pass is_use_method is_use_door_addr is_use_door_port; do
for v in is_use_port is_use_uuid is_use_host is_use_path is_use_pass is_use_method is_use_door_addr is_use_door_port is_use_remarks; do
[[ ${!v} == 'auto' ]] && unset $v
done
@@ -925,7 +1159,17 @@ add() {
[[ ! $(is_test port ${is_use_port}) ]] && {
err "($is_use_port) 不是一个有效的端口. $is_err_tips"
}
[[ $(is_test port_used $is_use_port) && ! $is_gen ]] && {
if [[ $is_use_port == 443 && $is_caddy && ${is_new_protocol,,} =~ "reality" ]]; then
msg "\n检测到你的系统已启用 Caddy。"
msg "你可以选择启用 REALITY 回落分流功能,将非代理流量转发给本地 Caddy。"
msg "这会自动安装 HAProxy 监听 443 端口进行四层分流,并将 Caddy 的 https 端口自动调整为 4443。"
echo -ne "是否启用 Caddy 回落分流?(y/n):"
read is_enable_fallback
if [[ $is_enable_fallback =~ ^[Yy]$ ]]; then
is_reality_fallback=1
fi
fi
[[ $(is_test port_used $is_use_port) && ! $is_gen && ! $is_reality_fallback ]] && {
err "无法使用 ($is_use_port) 端口. $is_err_tips"
}
port=$is_use_port
@@ -971,6 +1215,7 @@ add() {
[[ $is_use_servername ]] && is_servername=$is_use_servername
[[ $is_use_socks_user ]] && is_socks_user=$is_use_socks_user
[[ $is_use_socks_pass ]] && is_socks_pass=$is_use_socks_pass
[[ $is_use_remarks ]] && is_remarks=$is_use_remarks
fi
# anytls with domain (ACME TLS)
@@ -1100,9 +1345,9 @@ get() {
get file $2
if [[ $is_config_file ]]; then
is_json_str=$(cat $is_conf_dir/"$is_config_file" | sed s#//.*##)
is_json_data=$(jq '(.inbounds[0]|.type,.listen_port,(.users[0]|.uuid,.password,.username),.method,.password,.override_port,.override_address,(.transport|.type,.path,.headers.host),(.tls|.server_name,.reality.private_key)),(.outbounds[1].tag)' <<<$is_json_str)
is_json_data=$(jq '(.inbounds[0]|.type,.listen_port,(.users[0]|.uuid,.password,.username),.method,.password,.override_port,.override_address,(.transport|.type,.path,.headers.host),(.tls|.server_name,.reality.private_key),.fallback.server_port),(.outbounds[1].tag)' <<<$is_json_str)
[[ $? != 0 ]] && err "无法读取此文件: $is_config_file"
is_up_var_set=(null is_protocol port uuid password username ss_method ss_password door_port door_addr net_type path host is_servername is_private_key is_public_key)
is_up_var_set=(null is_protocol port uuid password username ss_method ss_password door_port door_addr net_type path host is_servername is_private_key is_reality_fallback_port is_public_key)
[[ $is_debug ]] && msg "\n------------- debug: $is_config_file -------------"
i=0
for v in $(sed 's/""/null/g;s/"//g' <<<"$is_json_data"); do
@@ -1114,10 +1359,19 @@ get() {
[[ ${!v} == 'null' ]] && unset $v
done
# Override port if it's mapped behind HAProxy
local file_port=$(echo "$is_config_file" | grep -oE '[0-9]+\.json' | grep -oE '[0-9]+')
if [[ $file_port && $port && $port != $file_port ]]; then
port=$file_port
fi
if [[ $is_private_key ]]; then
is_reality=1
net_type+=reality
is_public_key=${is_public_key/public_key_/}
if [[ $is_reality_fallback_port == '4443' || $port == '443' ]]; then
is_reality_fallback=1
fi
fi
is_socks_user=$username
is_socks_pass=$password
@@ -1238,7 +1492,9 @@ get() {
net=reality
[[ ! $is_servername ]] && is_servername=$is_random_servername
[[ ! $is_private_key ]] && get_pbk
is_json_add="tls:{enabled:true,server_name:\"$is_servername\",reality:{enabled:true,handshake:{server:\"$is_servername\",server_port:443},private_key:\"$is_private_key\",short_id:[\"\"]}}"
local handshake_server=$is_servername
local handshake_port=443
is_json_add="tls:{enabled:true,server_name:\"$is_servername\",reality:{enabled:true,handshake:{server:\"$handshake_server\",server_port:$handshake_port},private_key:\"$is_private_key\",short_id:[\"\"]}}"
[[ $is_lower =~ "http" ]] && {
is_json_add="$is_json_add,transport:{type:\"http\"}"
} || {
@@ -1353,6 +1609,23 @@ info() {
if [[ ! $is_protocol ]]; then
get info $1
fi
local custom_remarks=""
if [[ $is_config_file ]]; then
custom_remarks=$(grep -E '^[[:space:]]*//[[:space:]]*remarks:' $is_conf_dir/"$is_config_file" | sed 's/.*remarks:[[:space:]]*//')
elif [[ -f $is_json_file ]]; then
custom_remarks=$(grep -E '^[[:space:]]*//[[:space:]]*remarks:' $is_json_file | sed 's/.*remarks:[[:space:]]*//')
fi
local url_remarks="sb-$net-$is_addr"
[[ $host ]] && url_remarks="sb-$net-$host"
[[ $is_anytls_domain ]] && url_remarks="sb-$net-$is_anytls_domain"
[[ $custom_remarks ]] && url_remarks=$custom_remarks
[[ $is_remarks ]] && url_remarks=$is_remarks
# If HAProxy is active, the public HTTPS port is 443 (routed to Caddy on 4443)
if systemctl is-active --quiet haproxy >/dev/null 2>&1; then
is_https_port=443
fi
# is_color=$(shuf -i 41-45 -n1)
is_color=44
case $net in
@@ -1362,7 +1635,7 @@ info() {
is_can_change=(0 1 2 3 5)
is_info_show=(0 1 2 3 4 6 7 8)
[[ $is_protocol == 'vmess' ]] && {
is_vmess_url=$(jq -c '{v:2,ps:'\"sb-$net-$host\"',add:'\"$is_addr\"',port:'\"$is_https_port\"',id:'\"$uuid\"',aid:"0",net:'\"$net\"',host:'\"$host\"',path:'\"$path\"',tls:'\"tls\"'}' <<<{})
is_vmess_url=$(jq -c '{v:2,ps:'\"$url_remarks\"',add:'\"$is_addr\"',port:'\"$is_https_port\"',id:'\"$uuid\"',aid:"0",net:'\"$net\"',host:'\"$host\"',path:'\"$path\"',tls:'\"tls\"'}' <<<{})
is_url=vmess://$(echo -n $is_vmess_url | base64 -w 0)
} || {
[[ $is_protocol == "trojan" ]] && {
@@ -1371,7 +1644,7 @@ info() {
is_can_change=(0 1 2 3 4)
is_info_show=(0 1 2 10 4 6 7 8)
}
is_url="$is_protocol://$uuid@$host:$is_https_port?encryption=none&security=tls&type=$net&host=$host&path=$path#sb-$net-$host"
is_url="$is_protocol://$uuid@$host:$is_https_port?encryption=none&security=tls&type=$net&host=$host&path=$path#$url_remarks"
}
[[ $is_caddy ]] && is_can_change+=(11)
is_info_str=($is_protocol $is_addr $is_https_port $uuid $net $host $path 'tls')
@@ -1393,21 +1666,21 @@ info() {
is_info_str+=(tls h3 true)
is_quic_add=",tls:\"tls\",alpn:\"h3\"" # cant add allowInsecure
}
is_vmess_url=$(jq -c "{v:2,ps:\"sb-${net}-$is_addr\",add:\"$is_addr\",port:\"$port\",id:\"$uuid\",aid:\"0\",net:\"$net\",type:\"$is_type\"$is_quic_add}" <<<{})
is_vmess_url=$(jq -c "{v:2,ps:\"$url_remarks\",add:\"$is_addr\",port:\"$port\",id:\"$uuid\",aid:\"0\",net:\"$net\",type:\"$is_type\"$is_quic_add}" <<<{})
is_url=vmess://$(echo -n $is_vmess_url | base64 -w 0)
fi
;;
ss)
is_can_change=(0 1 4 6)
is_info_show=(0 1 2 10 11)
is_url="ss://$(echo -n ${ss_method}:${ss_password} | base64 -w 0)@${is_addr}:${port}#sb-$net-${is_addr}"
is_url="ss://$(echo -n ${ss_method}:${ss_password} | base64 -w 0)@${is_addr}:${port}#$url_remarks"
is_info_str=($is_protocol $is_addr $port $ss_password $ss_method)
;;
trojan)
is_insecure=1
is_can_change=(0 1 4)
is_info_show=(0 1 2 10 4 8 20)
is_url="$is_protocol://$password@$is_addr:$port?type=tcp&security=tls&insecure=1&allowInsecure=1#sb-$net-$is_addr"
is_url="$is_protocol://$password@$is_addr:$port?type=tcp&security=tls&insecure=1&allowInsecure=1#$url_remarks"
is_info_str=($is_protocol $is_addr $port $password tcp tls true)
;;
hy*)
@@ -1415,14 +1688,14 @@ info() {
is_info_show=(0 1 2 10 8 9 20)
# fix xray core for client use.
is_sha256=$(openssl x509 -noout -fingerprint -sha256 -in $is_core_dir/bin/tls.cer | sed 's/.*=//;s/://g')
is_url="$is_protocol://$password@$is_addr:$port?alpn=h3&insecure=1&allowInsecure=1&pinSHA256=$is_sha256#sb-$net-$is_addr"
is_url="$is_protocol://$password@$is_addr:$port?alpn=h3&insecure=1&allowInsecure=1&pinSHA256=$is_sha256#$url_remarks"
is_info_str=($is_protocol $is_addr $port $password tls h3 "true (设置, 固定证书>证书指纹(SHA-256): $is_sha256)")
;;
tuic)
is_insecure=1
is_can_change=(0 1 4 5)
is_info_show=(0 1 2 3 10 8 9 20 21)
is_url="$is_protocol://$uuid:$password@$is_addr:$port?alpn=h3&insecure=1&allowInsecure=1&congestion_control=bbr#sb-$net-$is_addr"
is_url="$is_protocol://$uuid:$password@$is_addr:$port?alpn=h3&insecure=1&allowInsecure=1&congestion_control=bbr#$url_remarks"
is_info_str=($is_protocol $is_addr $port $uuid $password tls h3 true bbr)
;;
reality)
@@ -1437,19 +1710,19 @@ info() {
is_info_show=(${is_info_show[@]/15/})
}
is_info_str=($is_protocol $is_addr $port $uuid $is_flow $is_net_type reality $is_servername chrome $is_public_key)
is_url="$is_protocol://$uuid@$is_addr:$port?encryption=none&security=reality&flow=$is_flow&type=$is_net_type&sni=$is_servername&pbk=$is_public_key&fp=chrome#sb-$net-$is_addr"
is_url="$is_protocol://$uuid@$is_addr:$port?encryption=none&security=reality&flow=$is_flow&type=$is_net_type&sni=$is_servername&pbk=$is_public_key&fp=chrome#$url_remarks"
;;
anytls)
is_can_change=(0 1 4)
if [[ $is_anytls_domain ]]; then
is_info_show=(0 1 2 10 8)
is_info_str=($is_protocol $is_anytls_domain $port $password tls)
is_url="anytls://$password@$is_anytls_domain:$port#sb-$net-$is_anytls_domain"
is_url="anytls://$password@$is_anytls_domain:$port#$url_remarks"
else
is_insecure=1
is_info_show=(0 1 2 10 8 20)
is_info_str=($is_protocol $is_addr $port $password tls true)
is_url="anytls://$password@$is_addr:$port?insecure=1&allowInsecure=1#sb-$net-$is_addr"
is_url="anytls://$password@$is_addr:$port?insecure=1&allowInsecure=1#$url_remarks"
fi
;;
direct)
@@ -1461,7 +1734,7 @@ info() {
is_can_change=(0 1 12 4)
is_info_show=(0 1 2 19 10)
is_info_str=($is_protocol $is_addr $port $is_socks_user $is_socks_pass)
is_url="socks://$(echo -n ${is_socks_user}:${is_socks_pass} | base64 -w 0)@${is_addr}:${port}#sb-$net-${is_addr}"
is_url="socks://$(echo -n ${is_socks_user}:${is_socks_pass} | base64 -w 0)@${is_addr}:${port}#$url_remarks"
;;
esac
[[ $is_dont_show_info || $is_gen || $is_dont_auto_exit ]] && return # dont show info
@@ -1490,6 +1763,14 @@ info() {
msg "端口(port): $port"
msg "路径(path): $path"
fi
if [[ $is_reality_fallback ]]; then
msg "------------- REALITY Fallback NOTICE -------------"
_green "检测到启用了 Caddy 回落分流,脚本已自动为你调整了 Caddy 配置文件:"
msg "1. 已自动将你的 ${yellow}/etc/caddy/Caddyfile${none} 中的默认 https 端口修改为 ${green}4443${none}"
msg "2. 原配置文件备份已保存至 ${yellow}${is_caddyfile}.bak${none}"
msg "3. Caddy、sing-box 和 HAProxy 已自动重启,现在 443 端口由 HAProxy 监听并做四层分流,普通流量回落至 Caddy,代理流量转至 sing-box。"
msg "---------------------------------------------------"
fi
footer_msg
}
@@ -1539,7 +1820,9 @@ update() {
is_update_repo=$is_core_repo
;;
2 | sh)
err "当前项目已净化,已禁用自动更新脚本以防止覆盖净化修改。"
is_update_name=sh
is_show_name="脚本"
is_run_ver=$is_sh_ver
;;
3 | caddy)
[[ ! $is_caddy ]] && err "不支持更新 Caddy."
@@ -1552,6 +1835,13 @@ update() {
err "无法识别 ($1), 请使用: $is_core update [core | sh | caddy] [ver]"
;;
esac
load download.sh
if [[ $is_update_name == 'sh' ]]; then
msg "\n正在从 Gitea 获取最新脚本并应用...\n"
download sh latest
msg "更新成功, 当前脚本已更新为最新版。\n"
exit
fi
[[ $2 ]] && is_new_ver=v${2#v}
[[ $is_run_ver == $is_new_ver ]] && {
msg "\n自定义版本和当前 $is_show_name 版本一样, 无需更新.\n"
+2 -2
View File
@@ -40,9 +40,9 @@ download() {
sh)
name="$is_core_name 脚本"
tmpfile=$tmpdir/sh.tar.gz
link="https://github.com/${is_sh_repo}/releases/download/${latest_ver}/code.tar.gz"
link="https://git.lll.rest/svefnz/sing-box/archive/main.tar.gz"
download_file
tar zxf $tmpfile -C $is_sh_dir
tar zxf $tmpfile --strip-components 1 -C $is_sh_dir
chmod +x $is_sh_bin ${is_sh_bin/$is_core/sb}
;;
caddy)