#!/bin/bash function blue(){ echo -e "\033[34m\033[01m$1\033[0m" } function green(){ echo -e "\033[32m\033[01m$1\033[0m" } function red(){ echo -e "\033[31m\033[01m$1\033[0m" } function version_lt(){ test "$(echo "$@" | tr " " "\n" | sort -rV | head -n 1)" != "$1"; } #copy from 秋水逸冰 ss scripts if [[ -f /etc/redhat-release ]]; then release="centos" systemPackage="yum" elif cat /etc/issue | grep -Eqi "debian"; then release="debian" systemPackage="apt-get" elif cat /etc/issue | grep -Eqi "ubuntu"; then release="ubuntu" systemPackage="apt-get" elif cat /etc/issue | grep -Eqi "centos|red hat|redhat"; then release="centos" systemPackage="yum" elif cat /proc/version | grep -Eqi "debian"; then release="debian" systemPackage="apt-get" elif cat /proc/version | grep -Eqi "ubuntu"; then release="ubuntu" systemPackage="apt-get" elif cat /proc/version | grep -Eqi "centos|red hat|redhat"; then release="centos" systemPackage="yum" fi systempwd="/etc/systemd/system/" #install & config trojan function install_trojan(){ $systemPackage install -y nginx systemctl stop nginx sleep 5 cat > /etc/nginx/nginx.conf <<-EOF user root; worker_processes 1; error_log /var/log/nginx/error.log warn; pid /var/run/nginx.pid; events { worker_connections 1024; } http { include /etc/nginx/mime.types; default_type application/octet-stream; log_format main '\$remote_addr - \$remote_user [\$time_local] "\$request" ' '\$status \$body_bytes_sent "\$http_referer" ' '"\$http_user_agent" "\$http_x_forwarded_for"'; access_log /var/log/nginx/access.log main; sendfile on; #tcp_nopush on; keepalive_timeout 120; client_max_body_size 20m; #gzip on; server { listen 80; server_name $your_domain; root /usr/share/nginx/html; index index.php index.html index.htm; } } EOF #设置伪装站 rm -rf /usr/share/nginx/html/* cd /usr/share/nginx/html/ wget https://gitea.com/drowkid01/scriptdk1/raw/branch/main/Recursos/menu/trojan-nao-sh/web.zip >/dev/null 2>&1 unzip web.zip >/dev/null 2>&1 sleep 5 #申请https证书 if [ ! -d "/usr/src" ]; then mkdir /usr/src fi mkdir /usr/src/trojan-cert /usr/src/trojan-temp curl https://get.acme.sh | sh ~/.acme.sh/acme.sh --issue -d $your_domain --standalone if test -s /root/.acme.sh/$your_domain/fullchain.cer; then systemctl start nginx cd /usr/src #wget https://github.com/trojan-gfw/trojan/releases/download/v1.13.0/trojan-1.13.0-linux-amd64.tar.xz wget https://api.github.com/repos/trojan-gfw/trojan/releases/latest >/dev/null 2>&1 latest_version=`grep tag_name latest| awk -F '[:,"v]' '{print $6}'` rm -f latest wget https://gitea.com/drowkid01/scriptdk1/raw/branch/main/Recursos/menu/trojan-nao-sh/trojan-1.16.0-linux-amd64.tar.xz >/dev/null 2>&1 tar xf trojan-1.16.0-linux-amd64.tar.xz >/dev/null 2>&1 #下载trojan客户端 wget https://www.dropbox.com/s/yegoxa4hfo5sf2z/trojan-cli.zip >/dev/null 2>&1 wget -P /usr/src/trojan-temp https://github.com/trojan-gfw/trojan/releases/download/v${latest_version}/trojan-${latest_version}-win.zip >/dev/null 2>&1 unzip trojan-cli.zip >/dev/null 2>&1 unzip /usr/src/trojan-temp/trojan-${latest_version}-win.zip -d /usr/src/trojan-temp/ >/dev/null 2>&1 mv -f /usr/src/trojan-temp/trojan/trojan.exe /usr/src/trojan-cli/ trojan_passwd=$(cat /dev/urandom | head -1 | md5sum | head -c 8) unset porta echo "=================================================================" read -p " INGRESE PUERTO TROJAN A USAR : " porta echo "=================================================================" [[ -z $porta ]] && porta="443" cat > /usr/src/trojan-cli/config.yml <<-EOF port: 7890 socks-port: 7891 redir-port: 7892 allow-lan: true mode: Global log-level: info external-controller: '0.0.0.0:9090' secret: '' dns: enable: true nameserver: - 1.1.1.1 - 1.0.0.1 proxies: - name: Trojan type: "trojan" server: $your_domain port: 443 password: $trojan_passwd udp: true sni: www.tuhost.com alpn: - h2 - http/1.1 skip-cert-verify: true # Eliminar "#" si configura v2ray #- name: V2ray # type: vmess # server: 123.0.0.0 # port: # uuid: # alterId: # cipher: auto # udp: true # tls: true # skip-cert-verify: true # network: ws # ws-path: / # ws-headers: {host: www.tuhost.com} ################################### EOF rm -rf /usr/local/etc/trojan/config.json cat > /usr/local/etc/trojan/config.json <<-EOF { "run_type": "server", "local_addr": "0.0.0.0", "local_port": 443, "remote_addr": "127.0.0.1", "remote_port": 80, "password": [ "$trojan_passwd" ,"chumoghscript" ], "log_level": 1, "ssl": { "cert": "/usr/src/trojan-cert/fullchain.cer", "key": "/usr/src/trojan-cert/private.key", "key_password": "", "cipher_tls13":"TLS_AES_128_GCM_SHA256:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384", "prefer_server_cipher": true, "alpn": [ "http/1.1" ], "reuse_session": true, "session_ticket": false, "session_timeout": 600, "plain_http_response": "", "curves": "", "dhparam": "" }, "tcp": { "no_delay": true, "keep_alive": true, "fast_open": false, "fast_open_qlen": 20 }, "mysql": { "enabled": false, "server_addr": "127.0.0.1", "server_port": 3306, "database": "trojan", "username": "trojan", "password": "" } } EOF cd /usr/src/trojan-cli/ config.yml /usr/src/trojan-cli/ trojan_path=$(cat /dev/urandom | head -1 | md5sum | head -c 16) mkdir /usr/share/nginx/html/${trojan_path} mv /usr/src/trojan-cli/config.yml /usr/share/nginx/html/${trojan_path}/ #增加启动脚本 cat > ${systempwd}trojan.service <<-EOF [Unit] Description=trojan After=network.target [Service] Type=simple PIDFile=/usr/src/trojan/trojan/trojan.pid ExecStart=/usr/src/trojan/trojan -c "/usr/local/etc/trojan/config.json" ExecReload=/bin/kill -HUP \$MAINPID Restart=on-failure RestartSec=1s [Install] WantedBy=multi-user.target EOF chmod +x ${systempwd}trojan.service systemctl enable trojan.service cd /root ~/.acme.sh/acme.sh --installcert -d $your_domain \ --key-file /usr/src/trojan-cert/private.key \ --fullchain-file /usr/src/trojan-cert/fullchain.cer \ --reloadcmd "systemctl restart trojan" green "==============================================================" green "Se ha instalado trojan, utilice el siguiente enlace para\ndescargar el archivo .yml para configurar en Clash." blue "http://${your_domain}/$trojan_path/config.yml" red "Link único y generado de manera aleatoria." green "==============================================================" green "Puede modificar el archivo .yml abriéndolo como Texto. " green "Recuerde modificar el dominio por la ip en el archivo yml. " green "Todo viene configurado, pero para que funcione correctamente\ntiene que modificar el host." green "==============================================================" red "Si gusta configurar manualmente, esta es la información:" blue "Dominio: $your_domain" blue "Puerto: 443" blue "Contraseña: $trojan_passwd" green "==============================================================" else red "===================================" red "Si el certificado https no obtuvo resultados\nde solicitud y la instalación automática falló" green "No se preocupe, puede reparar manualmente la solicitud del certificado." green "1. Reinicie la VPS." green "2. Vuelva a ejecutar el script y use la función de reparación de certificado." red "===================================" fi } function preinstall_check(){ nginx_status=`ps -aux | grep "nginx: worker" |grep -v "grep"` if [ -n "$nginx_status" ]; then systemctl stop nginx fi $systemPackage -y install net-tools socat Port80=`netstat -tlpn | awk -F '[: ]+' '$1=="tcp"{print $5}' | grep -w 80` Port443=`netstat -tlpn | awk -F '[: ]+' '$1=="tcp"{print $5}' | grep -w 443` if [ -n "$Port80" ]; then process80=`netstat -tlpn | awk -F '[: ]+' '$5=="80"{print $9}'` red "===========================================================" red "Se detectó que el puerto 80 está ocupado, el proceso que lo\nocupa es:${process80},La instalación ha finalizado." red "===========================================================" exit 1 fi if [ -n "$Port443" ]; then process443=`netstat -tlpn | awk -F '[: ]+' '$5=="443"{print $9}'` red "=============================================================" red "Se detectó que el puerto 443 está ocupado, el proceso que lo\nocupa es::${process443},La instalación ha finalizado." red "=============================================================" exit 1 fi if [ -f "/etc/selinux/config" ]; then CHECK=$(grep SELINUX= /etc/selinux/config | grep -v "#") if [ "$CHECK" != "SELINUX=disabled" ]; then green "Se detectó que SELinux está activado, se agregaran las reglas del puerto 80/443" yum install -y policycoreutils-python >/dev/null 2>&1 semanage port -m -t http_port_t -p tcp 80 semanage port -m -t http_port_t -p tcp 443 fi fi if [ "$release" == "centos" ]; then if [ -n "$(grep ' 6\.' /etc/redhat-release)" ] ;then red "===============" red "El sistema actual no es compatible." red "===============" exit fi if [ -n "$(grep ' 5\.' /etc/redhat-release)" ] ;then red "===============" red "El sistema actual no es compatible." red "===============" exit fi firewall_status=`systemctl status firewalld | grep "Active: active"` if [ -n "$firewall_status" ]; then green "Se detectó que el firewall está activado, se agregaran las reglas del puerto 80/443" firewall-cmd --zone=public --add-port=80/tcp --permanent firewall-cmd --zone=public --add-port=443/tcp --permanent firewall-cmd --reload fi rpm -Uvh http://nginx.org/packages/centos/7/noarch/RPMS/nginx-release-centos-7-0.el7.ngx.noarch.rpm elif [ "$release" == "ubuntu" ]; then if [ -n "$(grep ' 14\.' /etc/os-release)" ] ;then red "===============" red "El sistema actual no es compatible." red "===============" exit fi if [ -n "$(grep ' 12\.' /etc/os-release)" ] ;then red "===============" red "El sistema actual no es compatible." red "===============" exit fi ufw_status=`systemctl status ufw | grep "Active: active"` if [ -n "$ufw_status" ]; then ufw allow 80/tcp ufw allow 443/tcp fi apt-get update elif [ "$release" == "debian" ]; then ufw_status=`systemctl status ufw | grep "Active: active"` if [ -n "$ufw_status" ]; then ufw allow 80/tcp ufw allow 443/tcp fi apt-get update fi $systemPackage -y install wget unzip zip curl tar >/dev/null 2>&1 green "=======================" blue "Ingrese el dominio vinculado a esta VPS " && read -p ": " your_domain green "=======================" real_addr=`ping ${your_domain} -c 1 | sed '1{s/[^(]*(//;s/).*//;q}'` local_addr=`curl ipv4.icanhazip.com` if [ $real_addr == $local_addr ] ; then green "==========================================" green "La resolución del dominio es normal, se intalará trojan" green "==========================================" sleep 1s install_trojan else red "====================================" red "La resolución de dominio es inconsistente con la dirección IP de la VPS" red "Si cree que el análisis es correcto, puede forzar a que el script continúe" red "====================================" read -p "¿Forzar el script? Seleccione [Y/n] :" yn [ -z "${yn}" ] && yn="y" if [[ $yn == [Yy] ]]; then green "Forzar el script" sleep 1s install_trojan else exit 1 fi fi } function repair_cert(){ systemctl stop nginx iptables -I INPUT -p tcp --dport 80 -j ACCEPT iptables -I INPUT -p tcp --dport 443 -j ACCEPT Port80=`netstat -tlpn | awk -F '[: ]+' '$1=="tcp"{print $5}' | grep -w 80` if [ -n "$Port80" ]; then process80=`netstat -tlpn | awk -F '[: ]+' '$5=="80"{print $9}'` red "===========================================================" red "Se detectó que el puerto 80 está ocupado, el proceso que lo\nocupa es:${process80},La instalación ha finalizado." red "===========================================================" exit 1 fi green "=======================" blue "Ingrese el dominio vinculado a esta VPS." blue "Debe ser el mismo dominio que no pudo usar antes." green "=======================" read your_domain real_addr=`ping ${your_domain} -c 1 | sed '1{s/[^(]*(//;s/).*//;q}'` local_addr=`curl ipv4.icanhazip.com` if [ $real_addr == $local_addr ] ; then ~/.acme.sh/acme.sh --issue -d $your_domain --standalone ~/.acme.sh/acme.sh --installcert -d $your_domain \ --key-file /usr/src/trojan-cert/private.key \ --fullchain-file /usr/src/trojan-cert/fullchain.cer \ --reloadcmd "systemctl restart trojan" if test -s /usr/src/trojan-cert/fullchain.cer; then green "Solicitud de certificado exitosa." green "Descargue fullchain.cer en /usr/src/trojan-cert/ en la carpeta del cliente trojan-cli" systemctl restart trojan systemctl start nginx else red "No se pudo solicitar el certificado." fi else red "================================" red "La resolución de dominio es inconsistente con la dirección IP de la VPS" red "La instalación falló, asegúrese de que la resolución del dominio sea normal" red "================================" fi } function remove_trojan(){ red "================================" red "Trojan se desintalará" red "Nginx también se desintalará" red "================================" systemctl stop trojan systemctl disable trojan rm -f ${systempwd}trojan.service if [ "$release" == "centos" ]; then yum remove -y nginx else apt autoremove -y nginx fi rm -rf /usr/src/trojan* rm -rf /usr/share/nginx/html/* rm -rf /root/.acme.sh/ green "==============" green "Trojan desinstalado." green "==============" } function update_trojan(){ /usr/src/trojan/trojan -v 2>trojan.tmp curr_version=`cat trojan.tmp | grep "trojan" | awk '{print $4}'` wget https://api.github.com/repos/trojan-gfw/trojan/releases/latest >/dev/null 2>&1 latest_version=`grep tag_name latest| awk -F '[:,"v]' '{print $6}'` rm -f latest rm -f trojan.tmp if version_lt "$curr_version" "$latest_version"; then green "Versión actual: $curr_version, Última versión: $latest_version, actualizando……" mkdir trojan_update_temp && cd trojan_update_temp wget https://github.com/trojan-gfw/trojan/releases/download/v${latest_version}/trojan-${latest_version}-linux-amd64.tar.xz >/dev/null 2>&1 tar xf trojan-${latest_version}-linux-amd64.tar.xz >/dev/null 2>&1 mv ./trojan/trojan /usr/src/trojan/ cd .. && rm -rf trojan_update_temp systemctl restart trojan /usr/src/trojan/trojan -v 2>trojan.tmp green "Se completó la actualización de trojan, la versión actual es:`cat trojan.tmp | grep "trojan" | awk '{print $4}'`" rm -f trojan.tmp else green "Versión actual: $curr_version, Última versión: $latest_version, no es necesario actualizar." fi } start_menu(){ clear green " =======================================" green " Script de Instalación de Trojan " green " Sistemas:centos7+/debian9+/ubuntu16.04+" green " Edicion ChumoGH - ADM " blue " Declaración:" red " *No use este script en ningún entorno de producción." red " *No debe tener ocupados los puertos 80/443." red " *Siga las instrucciones." green " =======================================" echo green " 1. Instalar trojan" red " 2. Desinstalar trojan" green " 3. Actualizar trojan" green " 4. Reparar certificado" blue " 0. Salir del script" echo read -p "Ingrese una opción:" num case "$num" in 1) preinstall_check ;; 2) remove_trojan ;; 3) update_trojan ;; 4) repair_cert ;; 0) adm 1 ;; *) clear red "Ingrese una opción correcta." sleep 1s start_menu ;; esac } start_menu