Compare commits

...

21 Commits

Author SHA1 Message Date
svefnz 5a102d7306 feat: support custom remarks for node connection links
Main / build (push) Waiting to run
2026-07-08 02:11:04 +08:00
svefnz 17d82a1ead docs: clarify interactive prompts and output notices for HAProxy L4 routing
Main / build (push) Waiting to run
2026-07-08 02:05:14 +08:00
svefnz 3f456ad592 fix: remove fallback block generation from sing-box VLESS configuration since HAProxy handles fallback
Main / build (push) Waiting to run
2026-07-08 02:00:22 +08:00
svefnz 21f3d14277 feat: enable automated script updates directly from the Gitea repository
Main / build (push) Waiting to run
2026-07-08 01:56:59 +08:00
svefnz 81206be8a4 feat: automate HAProxy cleanup and Caddy restore during sing-box uninstallation
Main / build (push) Waiting to run
2026-07-08 01:55:33 +08:00
svefnz 3f383af8d4 feat: automate HAProxy L4 SNI routing for Caddy and VLESS-REALITY co-existence on port 443
Main / build (push) Waiting to run
2026-07-08 01:53:59 +08:00
svefnz c573968dfc fix: relocate fallback configuration block to root level of inbound object
Main / build (push) Waiting to run
2026-07-08 01:46:06 +08:00
svefnz 585cb5e09d feat: decouple reality handshake destination from fallback destination to support external SNIs on 443
Main / build (push) Waiting to run
2026-07-08 01:37:42 +08:00
svefnz 1446138557 feat: force using Caddy domain as SNI when REALITY fallback is enabled
Main / build (push) Waiting to run
2026-07-08 01:25:56 +08:00
svefnz e37c61d437 fix: replace recursive ask call with direct read to fix variable scope pollution
Main / build (push) Waiting to run
2026-07-08 01:10:20 +08:00
svefnz fcdeee1249 feat: prompt for Caddy fallback on port 443 regardless of port occupancy status
Main / build (push) Waiting to run
2026-07-08 01:04:46 +08:00
svefnz 5309bf254b fix: update existing https_port in Caddyfile instead of appending a duplicate key
Main / build (push) Waiting to run
2026-07-08 00:57:36 +08:00
svefnz 88f9422f01 feat: automatically adjust Caddyfile and restart Caddy when enabling REALITY fallback on 443
Main / build (push) Waiting to run
2026-07-08 00:56:35 +08:00
svefnz b0aa99f394 fix: ensure config.json is generated if it does not exist when saving a new configuration
Main / build (push) Waiting to run
2026-07-08 00:52:58 +08:00
svefnz 1f62620be3 fix: correct protocol variable check inside port validation to support interactive menu
Main / build (push) Waiting to run
2026-07-08 00:51:08 +08:00
svefnz 7549097b3f feat: support Caddy fallback routing for VLESS-REALITY on port 443
Main / build (push) Waiting to run
2026-07-08 00:46:24 +08:00
svefnz 2347e16958 refactor: remove all remaining feedback prompts and issue references
Main / build (push) Waiting to run
2026-07-08 00:14:56 +08:00
svefnz 2f7153b058 feat: disable automatic reality config generation on install 2026-07-08 00:13:47 +08:00
svefnz bb682d3f63 fix: update online installation source URL to Gitea
Main / build (push) Waiting to run
2026-07-08 00:05:48 +08:00
svefnz a3e048b949 fix: reuse existing Caddy binary and preserve Caddyfile on install
Main / build (push) Waiting to run
2026-07-07 23:47:56 +08:00
svefnz 906ee96282 docs: add one-key installation commands to README.md
Main / build (push) Waiting to run
2026-07-07 23:39:22 +08:00
7 changed files with 318 additions and 37 deletions
+13
View File
@@ -12,6 +12,19 @@
- 支持所有常用协议(VLESS-REALITY, TUIC, Trojan, Hysteria2, Shadowsocks, VMess 等)
- 一键启用 BBR
## 安装命令
系统支持:Ubuntu / Debian / CentOS / Alpine / SUSE (仅限 64 位系统,需以 ROOT 用户运行)。
一键安装及管理命令:
```bash
bash <(wget -qO- https://git.lll.rest/svefnz/sing-box/raw/branch/main/install.sh)
```
或者使用 `curl`
```bash
bash <(curl -fsSL https://git.lll.rest/svefnz/sing-box/raw/branch/main/install.sh)
```
## 帮助信息
使用:`sing-box help`
+8 -6
View File
@@ -176,7 +176,7 @@ download() {
is_ok=$is_core_ok
;;
sh)
link=https://github.com/${is_sh_repo}/releases/latest/download/code.tar.gz
link=https://git.lll.rest/svefnz/sing-box/archive/main.tar.gz
name="$is_core_name 脚本"
tmpfile=$tmpsh
is_ok=$is_sh_ok
@@ -302,7 +302,6 @@ exit_and_del_tmpdir() {
[[ ! $1 ]] && {
msg err "哦豁.."
msg err "安装过程出现错误..."
echo -e "反馈问题) 请前往项目平台提交 Issue"
echo
exit 1
}
@@ -407,7 +406,7 @@ main() {
if [[ $local_install ]]; then
cp -rf $PWD/* $is_sh_dir
else
tar zxf $is_sh_ok -C $is_sh_dir
tar zxf $is_sh_ok --strip-components 1 -C $is_sh_dir
fi
# create core bin dir
@@ -437,7 +436,7 @@ main() {
mkdir -p $is_log_dir
# show a tips msg
msg ok "生成配置文件..."
msg ok "初始化配置目录..."
# create service
load systemd.sh
@@ -448,10 +447,13 @@ main() {
mkdir -p $is_conf_dir
load core.sh
# create a reality config
add reality
# wait for background tasks (e.g., OpenRC service start)
wait
_green "\nsing-box 脚本安装成功!\n"
msg "你可以输入 ${green}sing-box${none} 或者 ${green}sb${none} 快捷命令来打开管理菜单配置你的节点。"
echo
# remove tmp dir and exit.
exit_and_del_tmpdir ok
}
+7 -1
View File
@@ -3,7 +3,12 @@ caddy_config() {
case $1 in
new)
mkdir -p $is_caddy_dir $is_caddy_dir/sites $is_caddy_conf
cat >$is_caddyfile <<-EOF
if [[ -f $is_caddyfile ]]; then
[[ ! $(grep -F "$is_caddy_conf/*.conf" $is_caddyfile) ]] && {
echo -e "\nimport $is_caddy_conf/*.conf" >>$is_caddyfile
}
else
cat >$is_caddyfile <<-EOF
# caddy configuration #
{
admin off
@@ -13,6 +18,7 @@ caddy_config() {
import $is_caddy_conf/*.conf
import $is_caddy_dir/sites/*.conf
EOF
fi
;;
*ws* | *http*)
cat >${is_caddy_site_file} <<<"
+286 -26
View File
@@ -150,6 +150,137 @@ get_port() {
done
}
update_caddyfile_fallback() {
[[ ! -f $is_caddyfile ]] && return
# Backup Caddyfile
cp -f $is_caddyfile ${is_caddyfile}.bak
# 1. Replace servers :443 with servers :4443
sed -i 's/servers :443/servers :4443/g' $is_caddyfile
# 2. Replace any site block headers explicit :443 with :4443
sed -i 's/:443[[:space:]]*{/:4443 {/g' $is_caddyfile
# 3. Add or update https_port 4443 in global block
if [[ $(grep "https_port" $is_caddyfile) ]]; then
# Replace existing https_port with 4443
sed -i 's/https_port[[:space:]]\+[0-9]\+/https_port 4443/g' $is_caddyfile
else
# Find first { and insert https_port 4443 on the next line
sed -i '0,/^[[:space:]]*{[[:space:]]*$/s//{\n https_port 4443/' $is_caddyfile
fi
}
install_haproxy() {
[[ $(type -P haproxy) ]] && return
msg "正在安装 HAProxy 用于四层端口分流..."
if [[ $(type -P apt-get) ]]; then
apt-get update && apt-get install -y haproxy
elif [[ $(type -P dnf) ]]; then
dnf install -y haproxy
elif [[ $(type -P yum) ]]; then
yum install -y haproxy
else
err "未知的软件包管理器,请手动安装 haproxy!"
fi
}
restore_caddy_default() {
[[ ! -f $is_caddyfile ]] && return
if [[ -f ${is_caddyfile}.bak ]]; then
mv -f ${is_caddyfile}.bak $is_caddyfile
else
sed -i 's/servers :4443/servers :443/g' $is_caddyfile
sed -i 's/:4443[[:space:]]*{/:443 {/g' $is_caddyfile
sed -i 's/https_port 4443/https_port 443/g' $is_caddyfile
fi
systemctl restart caddy >/dev/null 2>&1
}
update_haproxy_config() {
[[ ! -d $is_conf_dir ]] && return
local haproxy_conf="/etc/haproxy/haproxy.cfg"
[[ ! -d /etc/haproxy ]] && mkdir -p /etc/haproxy
[[ -f $haproxy_conf ]] && cp -f $haproxy_conf ${haproxy_conf}.bak
cat >$haproxy_conf <<'EOF'
global
log /dev/log local0
log /dev/log local1 notice
chroot /var/lib/haproxy
user haproxy
group haproxy
daemon
defaults
log global
mode tcp
timeout connect 5s
timeout client 50s
timeout server 50s
frontend https-in
bind *:443
mode tcp
tcp-request inspect-delay 5s
tcp-request content accept if { req_ssl_hello_type 1 }
EOF
local acl_rules=""
local use_backend_rules=""
local backends=""
local has_reality=0
for config in $is_conf_dir/*.json; do
[[ ! -f $config ]] && continue
local json_clean=$(cat "$config" | sed s#//.*##)
local is_real=$(jq -r '.inbounds[0].tls.reality.enabled // empty' <<<"$json_clean")
[[ $is_real != "true" ]] && continue
local local_port=$(jq -r '.inbounds[0].listen_port // empty' <<<"$json_clean")
local sni=$(jq -r '.inbounds[0].tls.server_name // empty' <<<"$json_clean")
[[ ! $local_port || ! $sni ]] && continue
[[ $local_port == "443" ]] && continue
has_reality=1
local backend_name="singbox_backend_${local_port}"
acl_rules="${acl_rules}\n acl is_reality_${local_port} req.ssl_sni -i ${sni}"
use_backend_rules="${use_backend_rules}\n use_backend ${backend_name} if is_reality_${local_port}"
backends="${backends}\n\nbackend ${backend_name}\n mode tcp\n server srv1 127.0.0.1:${local_port}"
done
if [[ $has_reality -eq 1 ]]; then
echo -e "$acl_rules" >>$haproxy_conf
echo -e "$use_backend_rules" >>$haproxy_conf
echo -e " default_backend caddy_backend" >>$haproxy_conf
cat >>$haproxy_conf <<'EOF'
backend caddy_backend
mode tcp
server caddy 127.0.0.1:4443
EOF
echo -e "$backends" >>$haproxy_conf
systemctl daemon-reload
systemctl enable haproxy >/dev/null 2>&1
systemctl restart haproxy >/dev/null 2>&1
else
if systemctl is-active --quiet haproxy; then
systemctl stop haproxy >/dev/null 2>&1
systemctl disable haproxy >/dev/null 2>&1
fi
restore_caddy_default
fi
}
get_pbk() {
is_tmp_pbk=($($is_core_bin generate reality-keypair | sed 's/.*://'))
is_public_key=${is_tmp_pbk[1]}
@@ -280,6 +411,18 @@ ask() {
msg "$is_err 请输入正确的端口, 可选(1-65535)"
continue
}
if [[ $REPLY == 443 && $is_caddy && ${is_new_protocol,,} =~ "reality" ]]; then
msg "\n检测到你的系统已启用 Caddy。"
msg "你可以选择启用 REALITY 回落分流功能,将非代理流量转发给本地 Caddy。"
msg "这会自动安装 HAProxy 监听 443 端口进行四层分流,并将 Caddy 的 https 端口自动调整为 4443。"
echo -ne "是否启用 Caddy 回落分流?(y/n):"
read is_enable_fallback
if [[ $is_enable_fallback =~ ^[Yy]$ ]]; then
is_reality_fallback=1
export $is_ask_set=$REPLY
break
fi
fi
if [[ $(is_test port_used $REPLY) && $is_ask_set != 'door_port' ]]; then
msg "$is_err 无法使用 ($REPLY) 端口."
continue
@@ -332,7 +475,12 @@ create() {
# get json
[[ $is_change || ! $json_str ]] && get protocol $2
[[ $net == "reality" ]] && is_add_public_key=",outbounds:[{type:\"direct\"},{tag:\"public_key_$is_public_key\",type:\"direct\"}]"
is_new_json=$(jq "{inbounds:[{tag:\"$is_config_name\",type:\"$is_protocol\",$is_listen,listen_port:$port,$json_str}]$is_add_public_key}" <<<{})
local write_port=$port
if [[ $is_reality_fallback ]]; then
get_port
write_port=$tmp_port
fi
is_new_json=$(jq "{inbounds:[{tag:\"$is_config_name\",type:\"$is_protocol\",$is_listen,listen_port:$write_port,$json_str}]$is_add_public_key}" <<<{})
[[ $is_test_json ]] && return # tmp test
# only show json, dont save to file.
[[ $is_gen ]] && {
@@ -341,14 +489,57 @@ create() {
msg
return
}
# Read old remarks before file deletion
local old_remarks=""
if [[ -f $is_json_file ]]; then
old_remarks=$(grep -E '^[[:space:]]*//[[:space:]]*remarks:' $is_json_file | sed 's/.*remarks:[[:space:]]*//')
elif [[ $is_config_file && -f $is_conf_dir/$is_config_file ]]; then
old_remarks=$(grep -E '^[[:space:]]*//[[:space:]]*remarks:' $is_conf_dir/$is_config_file | sed 's/.*remarks:[[:space:]]*//')
fi
local is_remarks=""
if [[ ! $is_gen ]]; then
if [[ $is_change ]]; then
if [[ $old_remarks ]]; then
msg "\n当前节点备注名称为: $old_remarks"
fi
echo -ne "请输入新的节点备注名称 (回车保持不变,输入 clear 确认清除):"
read is_remarks
if [[ -z $is_remarks ]]; then
is_remarks=$old_remarks
elif [[ $is_remarks == "clear" ]]; then
is_remarks=""
fi
else
msg "\n你可以为该节点设置一个自定义备注名称(用于生成的链接末尾显示)。"
echo -ne "请输入节点备注名称 (直接回车将使用默认生成值):"
read is_remarks
fi
fi
# del old file
[[ $is_config_file ]] && is_no_del_msg=1 && del $is_config_file
# save json to file
cat <<<$is_new_json >$is_json_file
if [[ $is_new_install ]]; then
if [[ $is_remarks ]]; then
echo -e "// remarks: $is_remarks\n$(cat <<<$is_new_json)" >$is_json_file
else
cat <<<$is_new_json >$is_json_file
fi
if [[ ! -f $is_config_json ]]; then
# config.json
create config.json
fi
# If reality fallback is enabled, automatically update Caddyfile!
if [[ $is_reality_fallback ]]; then
msg "\n自动调整 Caddy 配置文件以支持 4443 端口回落..."
update_caddyfile_fallback
msg "Caddy 配置文件更新成功,备份已保存至 ${is_caddyfile}.bak"
msg "正在重启 Caddy 以释放 443 端口..."
manage restart caddy &>/dev/null
sleep 1
install_haproxy
update_haproxy_config
fi
# caddy auto tls
[[ $is_caddy && $host && ! $is_no_auto_tls ]] && {
create caddy $net
@@ -655,6 +846,7 @@ del() {
pause
fi
rm -rf $is_conf_dir/"$is_config_file"
update_haproxy_config
[[ ! $is_new_json ]] && manage restart &
[[ ! $is_no_del_msg ]] && _green "\n已删除: $is_config_file\n"
@@ -686,6 +878,24 @@ uninstall() {
else
ask string y "是否卸载 ${is_core_name}? [y]:"
fi
# Clean up HAProxy and restore Caddy before removing files
if systemctl is-active --quiet haproxy >/dev/null 2>&1; then
systemctl stop haproxy >/dev/null 2>&1
systemctl disable haproxy >/dev/null 2>&1
if [[ $(type -P apt-get) ]]; then
apt-get purge -y haproxy >/dev/null 2>&1
apt-get autoremove -y >/dev/null 2>&1
elif [[ $(type -P dnf) ]]; then
dnf remove -y haproxy >/dev/null 2>&1
elif [[ $(type -P yum) ]]; then
yum remove -y haproxy >/dev/null 2>&1
fi
fi
# If Caddy is NOT being uninstalled (REPLY != '2'), we must restore Caddy back to port 443!
if [[ $REPLY != '2' ]]; then
restore_caddy_default
fi
manage stop &>/dev/null
manage disable &>/dev/null
rm -rf $is_core_dir $is_log_dir $is_sh_bin ${is_sh_bin/$is_core/sb}
@@ -706,9 +916,7 @@ uninstall() {
fi
fi
[[ $is_install_sh ]] && return # reinstall
_green "\n卸载完成!"
msg "脚本哪里需要完善? 请反馈"
msg "反馈问题) $(msg_ul https://github.com/${is_sh_repo}/issues)\n"
_green "\n卸载完成!\n"
}
# manage run status
@@ -927,7 +1135,17 @@ add() {
[[ ! $(is_test port ${is_use_port}) ]] && {
err "($is_use_port) 不是一个有效的端口. $is_err_tips"
}
[[ $(is_test port_used $is_use_port) && ! $is_gen ]] && {
if [[ $is_use_port == 443 && $is_caddy && ${is_new_protocol,,} =~ "reality" ]]; then
msg "\n检测到你的系统已启用 Caddy。"
msg "你可以选择启用 REALITY 回落分流功能,将非代理流量转发给本地 Caddy。"
msg "这会自动安装 HAProxy 监听 443 端口进行四层分流,并将 Caddy 的 https 端口自动调整为 4443。"
echo -ne "是否启用 Caddy 回落分流?(y/n):"
read is_enable_fallback
if [[ $is_enable_fallback =~ ^[Yy]$ ]]; then
is_reality_fallback=1
fi
fi
[[ $(is_test port_used $is_use_port) && ! $is_gen && ! $is_reality_fallback ]] && {
err "无法使用 ($is_use_port) 端口. $is_err_tips"
}
port=$is_use_port
@@ -1102,9 +1320,9 @@ get() {
get file $2
if [[ $is_config_file ]]; then
is_json_str=$(cat $is_conf_dir/"$is_config_file" | sed s#//.*##)
is_json_data=$(jq '(.inbounds[0]|.type,.listen_port,(.users[0]|.uuid,.password,.username),.method,.password,.override_port,.override_address,(.transport|.type,.path,.headers.host),(.tls|.server_name,.reality.private_key)),(.outbounds[1].tag)' <<<$is_json_str)
is_json_data=$(jq '(.inbounds[0]|.type,.listen_port,(.users[0]|.uuid,.password,.username),.method,.password,.override_port,.override_address,(.transport|.type,.path,.headers.host),(.tls|.server_name,.reality.private_key),.fallback.server_port),(.outbounds[1].tag)' <<<$is_json_str)
[[ $? != 0 ]] && err "无法读取此文件: $is_config_file"
is_up_var_set=(null is_protocol port uuid password username ss_method ss_password door_port door_addr net_type path host is_servername is_private_key is_public_key)
is_up_var_set=(null is_protocol port uuid password username ss_method ss_password door_port door_addr net_type path host is_servername is_private_key is_reality_fallback_port is_public_key)
[[ $is_debug ]] && msg "\n------------- debug: $is_config_file -------------"
i=0
for v in $(sed 's/""/null/g;s/"//g' <<<"$is_json_data"); do
@@ -1116,10 +1334,19 @@ get() {
[[ ${!v} == 'null' ]] && unset $v
done
# Override port if it's mapped behind HAProxy
local file_port=$(echo "$is_config_file" | grep -oE '[0-9]+\.json' | grep -oE '[0-9]+')
if [[ $file_port && $port && $port != $file_port ]]; then
port=$file_port
fi
if [[ $is_private_key ]]; then
is_reality=1
net_type+=reality
is_public_key=${is_public_key/public_key_/}
if [[ $is_reality_fallback_port == '4443' || $port == '443' ]]; then
is_reality_fallback=1
fi
fi
is_socks_user=$username
is_socks_pass=$password
@@ -1240,7 +1467,9 @@ get() {
net=reality
[[ ! $is_servername ]] && is_servername=$is_random_servername
[[ ! $is_private_key ]] && get_pbk
is_json_add="tls:{enabled:true,server_name:\"$is_servername\",reality:{enabled:true,handshake:{server:\"$is_servername\",server_port:443},private_key:\"$is_private_key\",short_id:[\"\"]}}"
local handshake_server=$is_servername
local handshake_port=443
is_json_add="tls:{enabled:true,server_name:\"$is_servername\",reality:{enabled:true,handshake:{server:\"$handshake_server\",server_port:$handshake_port},private_key:\"$is_private_key\",short_id:[\"\"]}}"
[[ $is_lower =~ "http" ]] && {
is_json_add="$is_json_add,transport:{type:\"http\"}"
} || {
@@ -1293,13 +1522,18 @@ get() {
is_host_dns=$(_wget -qO- --header="accept: application/dns-json" "https://one.one.one.one/dns-query?name=$host&type=$is_dns_type")
;;
install-caddy)
_green "\n安装 Caddy 实现自动配置 TLS.\n"
load download.sh
download caddy
if [[ -f $is_caddy_bin || $(type -P caddy) ]]; then
[[ ! -f $is_caddy_bin ]] && is_caddy_bin=$(type -P caddy)
_green "\n检测到系统已安装 Caddy (${is_caddy_bin}),将直接使用现有版本。\n"
else
_green "\n安装 Caddy 实现自动配置 TLS.\n"
load download.sh
download caddy
fi
load systemd.sh
install_service caddy &>/dev/null
is_caddy=1
_green "安装 Caddy 成功.\n"
_green "Caddy 配置成功.\n"
;;
reinstall)
is_install_sh=$(cat $is_sh_dir/install.sh)
@@ -1350,6 +1584,15 @@ info() {
if [[ ! $is_protocol ]]; then
get info $1
fi
local custom_remarks=""
if [[ $is_config_file ]]; then
custom_remarks=$(grep -E '^[[:space:]]*//[[:space:]]*remarks:' $is_conf_dir/"$is_config_file" | sed 's/.*remarks:[[:space:]]*//')
fi
local url_remarks="sb-$net-$is_addr"
[[ $host ]] && url_remarks="sb-$net-$host"
[[ $is_anytls_domain ]] && url_remarks="sb-$net-$is_anytls_domain"
[[ $custom_remarks ]] && url_remarks=$custom_remarks
# is_color=$(shuf -i 41-45 -n1)
is_color=44
case $net in
@@ -1359,7 +1602,7 @@ info() {
is_can_change=(0 1 2 3 5)
is_info_show=(0 1 2 3 4 6 7 8)
[[ $is_protocol == 'vmess' ]] && {
is_vmess_url=$(jq -c '{v:2,ps:'\"sb-$net-$host\"',add:'\"$is_addr\"',port:'\"$is_https_port\"',id:'\"$uuid\"',aid:"0",net:'\"$net\"',host:'\"$host\"',path:'\"$path\"',tls:'\"tls\"'}' <<<{})
is_vmess_url=$(jq -c '{v:2,ps:'\"$url_remarks\"',add:'\"$is_addr\"',port:'\"$is_https_port\"',id:'\"$uuid\"',aid:"0",net:'\"$net\"',host:'\"$host\"',path:'\"$path\"',tls:'\"tls\"'}' <<<{})
is_url=vmess://$(echo -n $is_vmess_url | base64 -w 0)
} || {
[[ $is_protocol == "trojan" ]] && {
@@ -1368,7 +1611,7 @@ info() {
is_can_change=(0 1 2 3 4)
is_info_show=(0 1 2 10 4 6 7 8)
}
is_url="$is_protocol://$uuid@$host:$is_https_port?encryption=none&security=tls&type=$net&host=$host&path=$path#sb-$net-$host"
is_url="$is_protocol://$uuid@$host:$is_https_port?encryption=none&security=tls&type=$net&host=$host&path=$path#$url_remarks"
}
[[ $is_caddy ]] && is_can_change+=(11)
is_info_str=($is_protocol $is_addr $is_https_port $uuid $net $host $path 'tls')
@@ -1390,21 +1633,21 @@ info() {
is_info_str+=(tls h3 true)
is_quic_add=",tls:\"tls\",alpn:\"h3\"" # cant add allowInsecure
}
is_vmess_url=$(jq -c "{v:2,ps:\"sb-${net}-$is_addr\",add:\"$is_addr\",port:\"$port\",id:\"$uuid\",aid:\"0\",net:\"$net\",type:\"$is_type\"$is_quic_add}" <<<{})
is_vmess_url=$(jq -c "{v:2,ps:\"$url_remarks\",add:\"$is_addr\",port:\"$port\",id:\"$uuid\",aid:\"0\",net:\"$net\",type:\"$is_type\"$is_quic_add}" <<<{})
is_url=vmess://$(echo -n $is_vmess_url | base64 -w 0)
fi
;;
ss)
is_can_change=(0 1 4 6)
is_info_show=(0 1 2 10 11)
is_url="ss://$(echo -n ${ss_method}:${ss_password} | base64 -w 0)@${is_addr}:${port}#sb-$net-${is_addr}"
is_url="ss://$(echo -n ${ss_method}:${ss_password} | base64 -w 0)@${is_addr}:${port}#$url_remarks"
is_info_str=($is_protocol $is_addr $port $ss_password $ss_method)
;;
trojan)
is_insecure=1
is_can_change=(0 1 4)
is_info_show=(0 1 2 10 4 8 20)
is_url="$is_protocol://$password@$is_addr:$port?type=tcp&security=tls&insecure=1&allowInsecure=1#sb-$net-$is_addr"
is_url="$is_protocol://$password@$is_addr:$port?type=tcp&security=tls&insecure=1&allowInsecure=1#$url_remarks"
is_info_str=($is_protocol $is_addr $port $password tcp tls true)
;;
hy*)
@@ -1412,14 +1655,14 @@ info() {
is_info_show=(0 1 2 10 8 9 20)
# fix xray core for client use.
is_sha256=$(openssl x509 -noout -fingerprint -sha256 -in $is_core_dir/bin/tls.cer | sed 's/.*=//;s/://g')
is_url="$is_protocol://$password@$is_addr:$port?alpn=h3&insecure=1&allowInsecure=1&pinSHA256=$is_sha256#sb-$net-$is_addr"
is_url="$is_protocol://$password@$is_addr:$port?alpn=h3&insecure=1&allowInsecure=1&pinSHA256=$is_sha256#$url_remarks"
is_info_str=($is_protocol $is_addr $port $password tls h3 "true (设置, 固定证书>证书指纹(SHA-256): $is_sha256)")
;;
tuic)
is_insecure=1
is_can_change=(0 1 4 5)
is_info_show=(0 1 2 3 10 8 9 20 21)
is_url="$is_protocol://$uuid:$password@$is_addr:$port?alpn=h3&insecure=1&allowInsecure=1&congestion_control=bbr#sb-$net-$is_addr"
is_url="$is_protocol://$uuid:$password@$is_addr:$port?alpn=h3&insecure=1&allowInsecure=1&congestion_control=bbr#$url_remarks"
is_info_str=($is_protocol $is_addr $port $uuid $password tls h3 true bbr)
;;
reality)
@@ -1434,19 +1677,19 @@ info() {
is_info_show=(${is_info_show[@]/15/})
}
is_info_str=($is_protocol $is_addr $port $uuid $is_flow $is_net_type reality $is_servername chrome $is_public_key)
is_url="$is_protocol://$uuid@$is_addr:$port?encryption=none&security=reality&flow=$is_flow&type=$is_net_type&sni=$is_servername&pbk=$is_public_key&fp=chrome#sb-$net-$is_addr"
is_url="$is_protocol://$uuid@$is_addr:$port?encryption=none&security=reality&flow=$is_flow&type=$is_net_type&sni=$is_servername&pbk=$is_public_key&fp=chrome#$url_remarks"
;;
anytls)
is_can_change=(0 1 4)
if [[ $is_anytls_domain ]]; then
is_info_show=(0 1 2 10 8)
is_info_str=($is_protocol $is_anytls_domain $port $password tls)
is_url="anytls://$password@$is_anytls_domain:$port#sb-$net-$is_anytls_domain"
is_url="anytls://$password@$is_anytls_domain:$port#$url_remarks"
else
is_insecure=1
is_info_show=(0 1 2 10 8 20)
is_info_str=($is_protocol $is_addr $port $password tls true)
is_url="anytls://$password@$is_addr:$port?insecure=1&allowInsecure=1#sb-$net-$is_addr"
is_url="anytls://$password@$is_addr:$port?insecure=1&allowInsecure=1#$url_remarks"
fi
;;
direct)
@@ -1458,7 +1701,7 @@ info() {
is_can_change=(0 1 12 4)
is_info_show=(0 1 2 19 10)
is_info_str=($is_protocol $is_addr $port $is_socks_user $is_socks_pass)
is_url="socks://$(echo -n ${is_socks_user}:${is_socks_pass} | base64 -w 0)@${is_addr}:${port}#sb-$net-${is_addr}"
is_url="socks://$(echo -n ${is_socks_user}:${is_socks_pass} | base64 -w 0)@${is_addr}:${port}#$url_remarks"
;;
esac
[[ $is_dont_show_info || $is_gen || $is_dont_auto_exit ]] && return # dont show info
@@ -1487,6 +1730,14 @@ info() {
msg "端口(port): $port"
msg "路径(path): $path"
fi
if [[ $is_reality_fallback ]]; then
msg "------------- REALITY Fallback NOTICE -------------"
_green "检测到启用了 Caddy 回落分流,脚本已自动为你调整了 Caddy 配置文件:"
msg "1. 已自动将你的 ${yellow}/etc/caddy/Caddyfile${none} 中的默认 https 端口修改为 ${green}4443${none}"
msg "2. 原配置文件备份已保存至 ${yellow}${is_caddyfile}.bak${none}"
msg "3. Caddy、sing-box 和 HAProxy 已自动重启,现在 443 端口由 HAProxy 监听并做四层分流,普通流量回落至 Caddy,代理流量转至 sing-box。"
msg "---------------------------------------------------"
fi
footer_msg
}
@@ -1536,7 +1787,9 @@ update() {
is_update_repo=$is_core_repo
;;
2 | sh)
err "当前项目已净化,已禁用自动更新脚本以防止覆盖净化修改。"
is_update_name=sh
is_show_name="脚本"
is_run_ver=$is_sh_ver
;;
3 | caddy)
[[ ! $is_caddy ]] && err "不支持更新 Caddy."
@@ -1549,6 +1802,13 @@ update() {
err "无法识别 ($1), 请使用: $is_core update [core | sh | caddy] [ver]"
;;
esac
load download.sh
if [[ $is_update_name == 'sh' ]]; then
msg "\n正在从 Gitea 获取最新脚本并应用...\n"
download sh latest
msg "更新成功, 当前脚本已更新为最新版。\n"
exit
fi
[[ $2 ]] && is_new_ver=v${2#v}
[[ $is_run_ver == $is_new_ver ]] && {
msg "\n自定义版本和当前 $is_show_name 版本一样, 无需更新.\n"
+2 -2
View File
@@ -40,9 +40,9 @@ download() {
sh)
name="$is_core_name 脚本"
tmpfile=$tmpdir/sh.tar.gz
link="https://github.com/${is_sh_repo}/releases/download/${latest_ver}/code.tar.gz"
link="https://git.lll.rest/svefnz/sing-box/archive/main.tar.gz"
download_file
tar zxf $tmpfile -C $is_sh_dir
tar zxf $tmpfile --strip-components 1 -C $is_sh_dir
chmod +x $is_sh_bin ${is_sh_bin/$is_core/sb}
;;
caddy)
-1
View File
@@ -69,7 +69,6 @@ show_help() {
for v in "${help_info[@]}"; do
msg "$v"
done
msg "反馈问题) 请前往项目平台提交 Issue"
;;
esac
+2 -1
View File
@@ -85,7 +85,8 @@ is_sh_dir=$is_core_dir/sh
is_sh_repo=$author/$is_core
is_pkg="wget unzip tar qrencode bash"
is_config_json=$is_core_dir/config.json
is_caddy_bin=/usr/local/bin/caddy
is_caddy_bin=$(type -P caddy)
[[ ! $is_caddy_bin ]] && is_caddy_bin=/usr/local/bin/caddy
is_caddy_dir=/etc/caddy
is_caddy_repo=caddyserver/caddy
is_caddyfile=$is_caddy_dir/Caddyfile