Add shadowsocks-go and XRay

2025-02-12 11:21:56 +00:00 · 2023-10-10 14:38:56 +00:00 · 2023-10-10 14:38:56 +00:00 · 0d9a766d28
commit 0d9a766d28
parent 0743e7c75a
6 changed files with 422 additions and 4 deletions
--- a/debian9-x86_64.sh
+++ b/debian9-x86_64.sh
@ -17,6 +17,11 @@ OBFS=${OBFS:-yes}
 V2RAY_PLUGIN=${V2RAY_PLUGIN:-no}
 V2RAY=${V2RAY:-yes}
 V2RAY_UUID=${V2RAY_UUID:-$(cat /proc/sys/kernel/random/uuid | tr -d "\n")}
+XRAY=${XRAY:-yes}
+XRAY_UUID=${XRAY_UUID:-$V2RAY_UUID}
+SHADOWSOCKS_GO=${SHADOWSOCKS_GO:-yes}
+PSK=${PSK:-$(head -c 32 /dev/urandom | base64 -w0)}
+UPSK=${UPSK:-$(head -c 32 /dev/urandom | base64 -w0)}
 UPDATE_OS=${UPDATE_OS:-yes}
 UPDATE=${UPDATE:-yes}
 TLS=${TLS:-yes}
@ -61,13 +66,14 @@ MLVPN_BINARY_VERSION="3.0.0+20211028.git.ddafba3"
 UBOND_VERSION="31af0f69ebb6d07ed9348dca2fced33b956cedee"
 OBFS_VERSION="486bebd9208539058e57e23a12f23103016e09b4"
 OBFS_BINARY_VERSION="0.0.5-1"
-OMR_ADMIN_VERSION="488cc5346dbfe8bcbee4413013dc22b698f1d15c"
-OMR_ADMIN_BINARY_VERSION="0.3+20230911"
+OMR_ADMIN_VERSION="d560968d43850c48119c1b72372d6f341878ffa6"
+OMR_ADMIN_BINARY_VERSION="0.4+20231009"
 #OMR_ADMIN_BINARY_VERSION="0.3+20220827"
 DSVPN_VERSION="3b99d2ef6c02b2ef68b5784bec8adfdd55b29b1a"
 DSVPN_BINARY_VERSION="0.1.4-2"
 V2RAY_VERSION="5.7.0"
 V2RAY_PLUGIN_VERSION="4.43.0"
+XRAY_VERSION="1.8.5"
 EASYRSA_VERSION="3.0.6"
 #SHADOWSOCKS_VERSION="7407b214f335f0e2068a8622ef3674d868218e17"
 #if [ "$UPSTREAM" = "yes" ] || [ "$UPSTREAM6" = "yes" ]; then
@ -75,6 +81,7 @@ EASYRSA_VERSION="3.0.6"
 #fi
 IPROUTE2_VERSION="29da83f89f6e1fe528c59131a01f5d43bcd0a000"
 SHADOWSOCKS_BINARY_VERSION="3.3.5-3"
+SHADOWSOCKS_GO_VERSION="1.8.0"
 DEFAULT_USER="openmptcprouter"
 VPS_DOMAIN=${VPS_DOMAIN:-$(wget -4 -qO- -T 2 http://hostname.openmptcprouter.com)}
 VPSPATH="server-test"
@ -888,6 +895,48 @@ if [ "$OBFS" = "no" ] && [ "$V2RAY_PLUGIN" = "no" ]; then
 	sed -i -e '/plugin/d' -e 's/,,//' /etc/shadowsocks-libev/config.json
 fi

+if systemctl -q is-active shadowsocks-go.service; then
+	systemctl -q stop shadowsocks-go > /dev/null 2>&1
+	systemctl -q disable shadowsocks-go > /dev/null 2>&1
+fi
+
+if [ "$SHADOWSOCKS_GO" = "yes" ]; then
+	if [ "$SOURCES" = "yes" ] || [ "$ARCH" = "arm64" ]; then
+		if [ "$ARCH" = "amd64" ]; then
+			wget -O /tmp/shadowsocks-go-${SHADOWSOCKS_GO_VERSION}-amd64.deb ${VPSURL}/debian/shadowsocks-go-${SHADOWSOCKS_GO_VERSION}-amd64.deb
+			rm -f /var/lib/dpkg/lock
+			rm -f /var/lib/dpkg/lock-frontend
+			dpkg --force-all -i -B /tmp/shadowsocks-go-${SHADOWSOCKS_GO_VERSION}-amd64.deb
+			rm -f /tmp/shadowsocks-go-${SHADOWSOCKS_GO_VERSION}-amd64.deb
+		elif [ "$ARCH" = "arm64" ]; then
+			wget -O /tmp/shadowsocks-go-${SHADOWSOCKS_GO_VERSION}-arm64.deb ${VPSURL}/debian/shadowsocks-go-${SHADOWSOCKS_GO_VERSION}-arm64.deb
+			rm -f /var/lib/dpkg/lock
+			rm -f /var/lib/dpkg/lock-frontend
+			dpkg --force-all -i -B /tmp/shadowsocks-go-${SHADOWSOCKS_GO_VERSION}-arm64.deb
+			rm -f /tmp/shadowsocks-go-${SHADOWSOCKS_GO_VERSION}-arm64.deb
+		fi
+	else
+		apt-get -o Dpkg::Options::="--force-confold" -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-overwrite" -y install shadowsocks-go=${SHADOWSOCKS_GO_VERSION}
+	fi
+	if [ -f /etc/shadowsocks-go/server.json ]; then
+		PSK2=$(grep -Po '"'"psk"'"\s*:\s*"\K([^"]*)' /etc/shadowsocks-go/server.json | head -n 1 | tr -d "\n")
+		[ -n "$PSK2" ] && [ "$PSK2" != "PSK" ] && [ "$PSK2" != "null" ] && PSK="$PSK2"
+		UPSK2=$(grep -Po '"'"openmptcprouter"'"\s*:\s*"\K([^"]*)' /etc/shadowsocks-go/upsks.json | head -n 1 | tr -d "\n")
+		[ -n "$UPSK2" ] && [ "$UPSK2" != "UPSK" ] && [ "$UPSK2" != "null" ] && UPSK="$UPSK2"
+	fi
+	wget -O /etc/shadowsocks-go/server.json ${VPSURL}${VPSPATH}/shadowsocks-go.server.json
+	sed -i "s:\"PSK\":\"$PSK\":g" /etc/shadowsocks-go/server.json
+	sed -i "s:UPSK:$UPSK:g" /etc/shadowsocks-go/upsks.json
+	jq -M 'del(.users[0].openmptcprouter."shadowsocks-go")' /etc/openmptcprouter-vps-admin/omr-admin-config.json > /etc/openmptcprouter-vps-admin/omr-admin-config.json.new
+	mv -f /etc/openmptcprouter-vps-admin/omr-admin-config.json /etc/openmptcprouter-vps-admin/omr-admin-config.json.bak
+	mv -f /etc/openmptcprouter-vps-admin/omr-admin-config.json.new /etc/openmptcprouter-vps-admin/omr-admin-config.json
+
+	chmod 644 /lib/systemd/system/shadowsocks-go.service
+	systemctl daemon-reload
+	systemctl enable shadowsocks-go.service
+fi
+
+
 if systemctl -q is-active v2ray.service; then
 	systemctl -q stop v2ray > /dev/null 2>&1
 	systemctl -q disable v2ray > /dev/null 2>&1
@ -898,10 +947,14 @@ if [ "$V2RAY" = "yes" ]; then
 	if [ "$SOURCES" = "yes" ] || [ "$ARCH" = "arm64" ]; then
 		if [ "$ARCH" = "amd64" ]; then
 			wget -O /tmp/v2ray-${V2RAY_VERSION}-amd64.deb ${VPSURL}/debian/v2ray-${V2RAY_VERSION}-amd64.deb
+			rm -f /var/lib/dpkg/lock
+			rm -f /var/lib/dpkg/lock-frontend
 			dpkg --force-all -i -B /tmp/v2ray-${V2RAY_VERSION}-amd64.deb
 			rm -f /tmp/v2ray-${V2RAY_VERSION}-amd64.deb
 		elif [ "$ARCH" = "arm64" ]; then
 			wget -O /tmp/v2ray-${V2RAY_VERSION}-arm64.deb ${VPSURL}/debian/v2ray-${V2RAY_VERSION}-arm64.deb
+			rm -f /var/lib/dpkg/lock
+			rm -f /var/lib/dpkg/lock-frontend
 			dpkg --force-all -i -B /tmp/v2ray-${V2RAY_VERSION}-arm64.deb
 			rm -f /tmp/v2ray-${V2RAY_VERSION}-arm64.deb
 		fi
@ -957,6 +1010,66 @@ if [ "$V2RAY" = "yes" ]; then
 	#fi
 fi

+if systemctl -q is-active xray.service; then
+	systemctl -q stop xray > /dev/null 2>&1
+	systemctl -q disable xray > /dev/null 2>&1
+fi
+
+if [ "$XRAY" = "yes" ]; then
+	#apt-get -y -o Dpkg::Options::="--force-overwrite" install xray
+	if [ "$SOURCES" = "yes" ] || [ "$ARCH" = "arm64" ]; then
+		if [ "$ARCH" = "amd64" ]; then
+			wget -O /tmp/xray-${XRAY_VERSION}-amd64.deb ${VPSURL}/debian/xray-${XRAY_VERSION}-amd64.deb
+			rm -f /var/lib/dpkg/lock
+			rm -f /var/lib/dpkg/lock-frontend
+			dpkg --force-all -i -B /tmp/xray-${XRAY_VERSION}-amd64.deb
+			rm -f /tmp/xray-${XRAY_VERSION}-amd64.deb
+		elif [ "$ARCH" = "arm64" ]; then
+			wget -O /tmp/xray-${XRAY_VERSION}-arm64.deb ${VPSURL}/debian/xray-${XRAY_VERSION}-arm64.deb
+			rm -f /var/lib/dpkg/lock
+			rm -f /var/lib/dpkg/lock-frontend
+			dpkg --force-all -i -B /tmp/xray-${XRAY_VERSION}-arm64.deb
+			rm -f /tmp/xray-${XRAY_VERSION}-arm64.deb
+		fi
+	else
+		apt-get -o Dpkg::Options::="--force-confold" -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-overwrite" -y install xray=${XRAY_VERSION}
+	fi
+	if [ -f /etc/xray/xray-server.json ]; then
+		XRAY_UUID2=$(grep -Po '"'"id"'"\s*:\s*"\K([^"]*)' /etc/xray/xray-server.json | head -n 1 | tr -d "\n")
+		[ -n "$XRAY_UUID2" ] && [ "$XRAY_UUID2" != "XRAY_UUID" ] && [ "$XRAY_UUID2" != "V2RAY_UUID" ] && XRAY_UUID="$XRAY_UUID2"
+		PSK2=$(jq -r '.inbounds[] | select(.tag=="omrin-shadowsocks-tunnel") | .settings.password' /etc/xray/xray-server.json | tr -d "\n")
+		[ "$PSK2" != "null" ] && [ -n "$PSK2" ] && [ "$PSK2" != "XRAY_PSK" ] && PSK="$PSK2"
+		UPSK2=$(jq -r '.inbounds[] | select(.tag=="omrin-shadowsocks-tunnel") | .settings.clients[] | select(.email=="openmptcprouter") | .password' /etc/xray/xray-server.json | tr -d "\n")
+		[ "$UPSK2" != "null" ] && [ -n "$UPSK2" ] && [ "$UPSK2" != "XRAY_UPSK" ] && UPSK="$UPSK2"
+	fi
+	jq -M 'del(.users[0].openmptcprouter.xray)' /etc/openmptcprouter-vps-admin/omr-admin-config.json > /etc/openmptcprouter-vps-admin/omr-admin-config.json.new
+	mv -f /etc/openmptcprouter-vps-admin/omr-admin-config.json /etc/openmptcprouter-vps-admin/omr-admin-config.json.bak
+	mv -f /etc/openmptcprouter-vps-admin/omr-admin-config.json.new /etc/openmptcprouter-vps-admin/omr-admin-config.json
+	#if [ ! -f /etc/xray/xray-server.json ]; then
+		wget -O /etc/xray/xray-server.json ${VPSURL}${VPSPATH}/xray-server.json
+		sed -i "s:XRAY_UUID:$XRAY_UUID:g" /etc/xray/xray-server.json
+		sed -i "s:V2RAY_UUID:$XRAY_UUID:g" /etc/xray/xray-server.json
+		sed -i "s:XRAY_PSK:$PSK:g" /etc/xray/xray-server.json
+		sed -i "s:XRAY_UPSK:$UPSK:g" /etc/xray/xray-server.json
+	#fi
+	if ([ "$UPSTREAM" = "yes" ] || [ "$UPSTREAM6" = "yes" ]) && [ -z "$(grep mptcp /etc/xray/xray-server.json | grep true)" ]; then
+		sed -i 's/"sockopt": {/&\n                    "mptcp": true,/' /etc/xray/xray-server.json
+	fi
+	rm -f /etc/xray/config.json
+	ln -s /etc/xray/xray-server.json /etc/xray/config.json
+	#if [ -f /etc/systemd/system/xray.service.dpkg-dist ]; then
+	#	mv -f /etc/systemd/system/xray.service.dpkg-dist /etc/systemd/system/xray.service
+	#fi
+	if [ "$LOCALFILES" = "no" ]; then
+		wget -O /lib/systemd/system/xray.service ${VPSURL}${VPSPATH}/xray.service
+	else
+		cp ${DIR}/xray.service /lib/systemd/system/xray.service
+	fi
+	chmod 644 /lib/systemd/system/xray.service
+	systemctl daemon-reload
+	systemctl enable xray.service
+fi
+
 if systemctl -q is-active mlvpn@mlvpn0.service; then
 	systemctl -q stop mlvpn@mlvpn0 > /dev/null 2>&1
 	systemctl -q disable mlvpn@mlvpn0 > /dev/null 2>&1
@ -1003,6 +1116,8 @@ if [ "$MLVPN" = "yes" ]; then
 			fi
 		fi
 	else
+		rm -f /var/lib/dpkg/lock
+		rm -f /var/lib/dpkg/lock-frontend
 		apt-get -y -o Dpkg::Options::="--force-confold" -o Dpkg::Options::="--force-confdef" install omr-mlvpn=${MLVPN_BINARY_VERSION}
 	fi
 	if [ "$mlvpnupdate" = "0" ]; then
@ -1620,6 +1735,8 @@ if [ "$update" = "0" ]; then
 	echo 'Shadowsocks encryption: chacha20'
 	echo 'Your shadowsocks key: '
 	echo $SHADOWSOCKS_PASS
+	echo 'Your shadowsocks 2022 key: '
+	echo "${PSK}:${UPSK}"
 	echo 'Glorytun port: 65001'
 	echo 'Glorytun encryption: chacha20'
 	echo 'Your glorytun key: '
@ -1666,6 +1783,7 @@ if [ "$update" = "0" ]; then
 	Shadowsocks port: 65101
 	Shadowsocks encryption: chacha20
 	Your shadowsocks key: ${SHADOWSOCKS_PASS}
+	Your shadowsocks 2022 key: ${PSK}:${UPSK}
 	Glorytun port: 65001
 	Glorytun encryption: chacha20
 	Your glorytun key: ${GLORYTUN_PASS}
--- a/2
+++ b/2
@ -42,7 +42,7 @@ _glorytun_tcp() {
 			localip="$(cat /etc/glorytun-tcp/tun0 | grep LOCALIP | cut -d '=' -f2)"
 			[ -z "$localip" ] && localip="10.255.255.1"
 			remoteip="$(echo $localip | sed 's/\.1/\.2/')"
-			if [ "$(ping -c 4 -w 10 $remoteip | grep '100%')" != "" ] && ([ -z "$(pgrep glorytun-tcp)" ] || [ "$(expr $(date +%s) - $(stat -c %Y /proc/$(pgrep glorytun-tcp)/exe ))" -gt "300" ]); then
+			if [ "$(ping -c 3 -w 10 $remoteip | grep '100%')" != "" ] && ([ -z "$(pgrep glorytun-tcp)" ] || [ "$(expr $(date +%s) - $(stat -c %Y /proc/$(pgrep glorytun-tcp)/exe ))" -gt "300" ]); then
 				logger -t "OMR-Service" "No answer from VPN client end, restart Glorytun-TCP"
 				systemctl restart glorytun-tcp@tun0
 				sleep 10
--- a/shadowsocks-go.server.json
+++ b/shadowsocks-go.server.json
@ -0,0 +1,39 @@
+{
+    "servers": [
+        {
+            "name": "ss-2022",
+            "protocol": "2022-blake3-aes-256-gcm",
+            "tcpListeners": [
+            {
+                "network": "tcp",
+                "address": ":65280",
+                "fastOpen": false,
+                "reusePort": false,
+                "multipath": true
+            }
+            ],
+            "enableTCP": true,
+            "listenerTFO": false,
+            "enableUDP": true,
+            "mtu": 1500,
+            "psk": "PSK",
+            "uPSKStorePath": "/etc/shadowsocks-go/upsks.json"
+        }
+    ],
+    "stats": {
+        "enabled": true
+    },
+    "api": {
+        "enabled": true,
+        "debugPprof": false,
+        "enableTrustedProxyCheck": false,
+        "trustedProxies": [],
+        "proxyHeader": "X-Forwarded-For",
+        "listen": "127.0.0.1:65279",
+        "certFile": "",
+        "keyFile": "",
+        "clientCertFile": "",
+        "secretPath": "",
+        "fiberConfigPath": ""
+    }
+}
--- a/v2ray.service
+++ b/v2ray.service
@ -9,7 +9,7 @@ User=root
 CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_RAW
 AmbientCapabilities=CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_RAW
 NoNewPrivileges=true
-ExecStart=/usr/bin/v2ray run -config /etc/v2ray/config.json
+ExecStart=/usr/bin/v2ray run -config /etc/v2ray/v2ray-server.json
 Restart=always
 RestartPreventExitStatus=23
 StartLimitInterval=0
--- a/xray-server.json
+++ b/xray-server.json
@ -0,0 +1,243 @@
+{
+	"log": {
+		"loglevel": "error",
+		"error": "/tmp/v2rayError.log"
+	},
+	"transport": {
+		"tcpSettings": {},
+		"wsSettings": {},
+		"kcpSettings": {
+			"mtu": 1460,
+			"tti": 10,
+			"uplinkCapacity": 100,
+			"downlinkCapacity": 100,
+			"congestion": false,
+			"readBufferSize": 8,
+			"writeBufferSize": 8
+		}
+	},
+	"inbounds": [
+		{
+			"tag": "omrin-tunnel",
+			"port": 65248,
+			"protocol": "vless",
+			"settings": {
+				"decryption": "none",
+				"clients": [
+					{
+						"id": "V2RAY_UUID",
+						"level": 0,
+						"alterId": 0,
+						"email": "openmptcprouter"
+					}
+				]
+			},
+			"streamSettings": {
+				"sockopt": {
+					"tcpMptcp": true,
+					"mark": 0
+				},
+				"network": "tcp",
+				"security": "tls",
+				"tlsSettings": {
+					"certificates": [
+						{
+							"certificateFile": "/etc/openvpn/ca/pki/issued/server.crt",
+							"keyFile": "/etc/openvpn/ca/pki/private/server.key"
+						}
+					]
+				}
+			}
+		},
+		{
+			"tag": "omrin-vmess-tunnel",
+			"port": 65250,
+			"protocol": "vmess",
+			"settings": {
+				"decryption": "none",
+				"clients": [
+					{
+						"id": "V2RAY_UUID",
+						"level": 0,
+						"alterId": 0,
+						"email": "openmptcprouter"
+					}
+				]
+			},
+			"streamSettings": {
+				"sockopt": {
+					"tcpMptcp": true,
+					"mark": 0
+				},
+				"network": "tcp",
+				"security": "tls",
+				"tlsSettings": {
+					"certificates": [
+						{
+							"certificateFile": "/etc/openvpn/ca/pki/issued/server.crt",
+							"keyFile": "/etc/openvpn/ca/pki/private/server.key"
+						}
+					]
+				}
+			}
+		},
+		{
+			"tag": "omrin-socks-tunnel",
+			"port": 65251,
+			"protocol": "socks",
+			"settings": {
+				"auth": "password",
+				"accounts": [
+					{
+						"pass": "V2RAY_UUID",
+						"user": "openmptcprouter"
+					}
+				]
+			},
+			"streamSettings": {
+				"sockopt": {
+					"tcpMptcp": true,
+					"mark": 0
+				},
+				"network": "tcp",
+				"security": "tls",
+				"tlsSettings": {
+					"certificates": [
+						{
+							"certificateFile": "/etc/openvpn/ca/pki/issued/server.crt",
+							"keyFile": "/etc/openvpn/ca/pki/private/server.key"
+						}
+					]
+				}
+			}
+		},
+		{
+			"tag": "omrin-trojan-tunnel",
+			"port": 65249,
+			"protocol": "trojan",
+			"settings": {
+				"clients": [
+					{
+						"password": "V2RAY_UUID",
+						"email": "openmptcprouter",
+						"level": 0
+					}
+				]
+			},
+			"streamSettings": {
+				"sockopt": {
+					"tcpMptcp": true,
+					"mark": 0
+				},
+				"network": "tcp",
+				"security": "tls",
+				"tlsSettings": {
+				"certificates": [
+						{
+							"certificateFile": "/etc/openvpn/ca/pki/issued/server.crt",
+							"keyFile": "/etc/openvpn/ca/pki/private/server.key"
+						}
+					]
+				}
+			}
+		},
+		{
+			"tag": "omrin-shadowsocks-tunnel",
+			"port": 65252,
+			"protocol": "shadowsocks",
+			"settings": {
+				"password": "XRAY_PSK",
+				"method": "2022-blake3-aes-256-gcm",
+				"network": "tcp,udp",
+				"clients": [
+					{
+						"password": "XRAY_UPSK",
+						"email": "openmptcprouter"
+					}
+				]
+			},
+			"streamSettings": {
+				"sockopt": {
+					"tcpMptcp": true,
+					"mark": 0
+				},
+				"network": "tcp"
+			}
+		},
+		{
+			"listen": "127.0.0.1",
+			"port": 10086,
+			"protocol": "dokodemo-door",
+			"settings": {
+				"address": "127.0.0.1"
+			},
+			"tag": "api"
+		}
+	],
+	"outbounds": [
+		{
+			"protocol": "freedom",
+			"settings": {
+				"userLevel": 0
+			},
+			"tag": "direct"
+		}
+	],
+	"routing": {
+		"rules": [
+			{
+				"type": "field",
+				"inboundTag": [
+					"omrin-tunnel",
+					"omrin-vmess-tunnel",
+					"omrin-socks-tunnel",
+					"omrin-trojan-tunnel"
+				],
+				"outboundTag": "OMRLan",
+				"domain": [
+					"full:omr.lan"
+				]
+			},
+			{
+				"inboundTag": [
+					"api"
+				],
+				"outboundTag": "api",
+				"type": "field"
+			}
+		]
+	},
+	"reverse": {
+		"portals": [
+			{
+				"tag": "OMRLan",
+				"domain": "omr.lan"
+			}
+		]
+	},
+	"stats": {},
+	"api": {
+		"tag": "api",
+		"services": [
+			"HandlerService",
+			"LoggerService",
+			"StatsService"
+		]
+	},
+	"policy": {
+		"levels": {
+			"0": {
+				"uplinkOnly": 0,
+				"downlinkOnly": 0,
+				"bufferSize": 512,
+				"connIdle": 2400,
+				"statsUserUplink": true,
+				"statsUserDownlink": true
+			}
+		},
+		"system": {
+			"statsInboundUplink": true,
+			"statsInboundDownlink": true
+		}
+	}
+}
--- a/xray.service
+++ b/xray.service
@ -0,0 +1,18 @@
+[Unit]
+Description=XRay Service
+Documentation=https://www.v2fly.org/
+After=network.target nss-lookup.target
+Wants=network-online.target
+
+[Service]
+User=root
+CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_RAW
+AmbientCapabilities=CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_RAW
+NoNewPrivileges=true
+ExecStart=/usr/bin/xray run -config /etc/xray/xray-server.json
+Restart=always
+RestartPreventExitStatus=23
+StartLimitInterval=0
+
+[Install]
+WantedBy=multi-user.target