drowkid01/scriptdk1
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
scriptdk1/Recursos/menu/trojan-nao.sh
@drowkid01 82407c9abf first main
2025-05-26 15:48:09 -06:00

495 lines
16 KiB
Bash
Raw Permalink Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

#!/bin/bash
function blue(){
echo -e "\033[34m\033[01m$1\033[0m"
}
function green(){
echo -e "\033[32m\033[01m$1\033[0m"
}
function red(){
echo -e "\033[31m\033[01m$1\033[0m"
}
function version_lt(){
test "$(echo "$@" | tr " " "\n" | sort -rV | head -n 1)" != "$1";
}
#copy from 秋水逸冰 ss scripts
if [[ -f /etc/redhat-release ]]; then
release="centos"
systemPackage="yum"
elif cat /etc/issue | grep -Eqi "debian"; then
release="debian"
systemPackage="apt-get"
elif cat /etc/issue | grep -Eqi "ubuntu"; then
release="ubuntu"
systemPackage="apt-get"
elif cat /etc/issue | grep -Eqi "centos|red hat|redhat"; then
release="centos"
systemPackage="yum"
elif cat /proc/version | grep -Eqi "debian"; then
release="debian"
systemPackage="apt-get"
elif cat /proc/version | grep -Eqi "ubuntu"; then
release="ubuntu"
systemPackage="apt-get"
elif cat /proc/version | grep -Eqi "centos|red hat|redhat"; then
release="centos"
systemPackage="yum"
fi
systempwd="/etc/systemd/system/"
#install & config trojan
function install_trojan(){
$systemPackage install -y nginx
systemctl stop nginx
sleep 5
cat > /etc/nginx/nginx.conf <<-EOF
user root;
worker_processes 1;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '\$remote_addr - \$remote_user [\$time_local] "\$request" '
'\$status \$body_bytes_sent "\$http_referer" '
'"\$http_user_agent" "\$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
keepalive_timeout 120;
client_max_body_size 20m;
#gzip on;
server {
listen 80;
server_name $your_domain;
root /usr/share/nginx/html;
index index.php index.html index.htm;
}
}
EOF
#设置伪装站
rm -rf /usr/share/nginx/html/*
cd /usr/share/nginx/html/
wget https://gitea.com/drowkid01/scriptdk1/raw/branch/main/Recursos/menu/trojan-nao-sh/web.zip >/dev/null 2>&1
unzip web.zip >/dev/null 2>&1
sleep 5
#申请https证书
if [ ! -d "/usr/src" ]; then
mkdir /usr/src
fi
mkdir /usr/src/trojan-cert /usr/src/trojan-temp
curl https://get.acme.sh | sh
~/.acme.sh/acme.sh --issue -d $your_domain --standalone
if test -s /root/.acme.sh/$your_domain/fullchain.cer; then
systemctl start nginx
cd /usr/src
#wget https://github.com/trojan-gfw/trojan/releases/download/v1.13.0/trojan-1.13.0-linux-amd64.tar.xz
wget https://api.github.com/repos/trojan-gfw/trojan/releases/latest >/dev/null 2>&1
latest_version=`grep tag_name latest| awk -F '[:,"v]' '{print $6}'`
rm -f latest
wget https://gitea.com/drowkid01/scriptdk1/raw/branch/main/Recursos/menu/trojan-nao-sh/trojan-1.16.0-linux-amd64.tar.xz >/dev/null 2>&1
tar xf trojan-1.16.0-linux-amd64.tar.xz >/dev/null 2>&1
#下载trojan客户端
wget https://www.dropbox.com/s/yegoxa4hfo5sf2z/trojan-cli.zip >/dev/null 2>&1
wget -P /usr/src/trojan-temp https://github.com/trojan-gfw/trojan/releases/download/v${latest_version}/trojan-${latest_version}-win.zip >/dev/null 2>&1
unzip trojan-cli.zip >/dev/null 2>&1
unzip /usr/src/trojan-temp/trojan-${latest_version}-win.zip -d /usr/src/trojan-temp/ >/dev/null 2>&1
mv -f /usr/src/trojan-temp/trojan/trojan.exe /usr/src/trojan-cli/
trojan_passwd=$(cat /dev/urandom | head -1 | md5sum | head -c 8)
unset porta
echo "================================================================="
read -p " INGRESE PUERTO TROJAN A USAR : " porta
echo "================================================================="
[[ -z $porta ]] && porta="443"
cat > /usr/src/trojan-cli/config.yml <<-EOF
port: 7890
socks-port: 7891
redir-port: 7892
allow-lan: true
mode: Global
log-level: info
external-controller: '0.0.0.0:9090'
secret: ''
dns:
enable: true
nameserver:
- 1.1.1.1
- 1.0.0.1
proxies:
- name: Trojan
type: "trojan"
server: $your_domain
port: 443
password: $trojan_passwd
udp: true
sni: www.tuhost.com
alpn:
- h2
- http/1.1
skip-cert-verify: true
# Eliminar "#" si configura v2ray
#- name: V2ray
# type: vmess
# server: 123.0.0.0
# port:
# uuid:
# alterId:
# cipher: auto
# udp: true
# tls: true
# skip-cert-verify: true
# network: ws
# ws-path: /
# ws-headers: {host: www.tuhost.com}
###################################
EOF
rm -rf /usr/local/etc/trojan/config.json
cat > /usr/local/etc/trojan/config.json <<-EOF
{
"run_type": "server",
"local_addr": "0.0.0.0",
"local_port": 443,
"remote_addr": "127.0.0.1",
"remote_port": 80,
"password": [
"$trojan_passwd"
,"chumoghscript"
],
"log_level": 1,
"ssl": {
"cert": "/usr/src/trojan-cert/fullchain.cer",
"key": "/usr/src/trojan-cert/private.key",
"key_password": "",
"cipher_tls13":"TLS_AES_128_GCM_SHA256:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384",
"prefer_server_cipher": true,
"alpn": [
"http/1.1"
],
"reuse_session": true,
"session_ticket": false,
"session_timeout": 600,
"plain_http_response": "",
"curves": "",
"dhparam": ""
},
"tcp": {
"no_delay": true,
"keep_alive": true,
"fast_open": false,
"fast_open_qlen": 20
},
"mysql": {
"enabled": false,
"server_addr": "127.0.0.1",
"server_port": 3306,
"database": "trojan",
"username": "trojan",
"password": ""
}
}
EOF
cd /usr/src/trojan-cli/
config.yml /usr/src/trojan-cli/
trojan_path=$(cat /dev/urandom | head -1 | md5sum | head -c 16)
mkdir /usr/share/nginx/html/${trojan_path}
mv /usr/src/trojan-cli/config.yml /usr/share/nginx/html/${trojan_path}/
#增加启动脚本
cat > ${systempwd}trojan.service <<-EOF
[Unit]
Description=trojan
After=network.target
[Service]
Type=simple
PIDFile=/usr/src/trojan/trojan/trojan.pid
ExecStart=/usr/src/trojan/trojan -c "/usr/local/etc/trojan/config.json"
ExecReload=/bin/kill -HUP \$MAINPID
Restart=on-failure
RestartSec=1s
[Install]
WantedBy=multi-user.target
EOF
chmod +x ${systempwd}trojan.service
systemctl enable trojan.service
cd /root
~/.acme.sh/acme.sh --installcert -d $your_domain \
--key-file /usr/src/trojan-cert/private.key \
--fullchain-file /usr/src/trojan-cert/fullchain.cer \
--reloadcmd "systemctl restart trojan"
green "=============================================================="
green "Se ha instalado trojan, utilice el siguiente enlace para\ndescargar el archivo .yml para configurar en Clash."
blue "http://${your_domain}/$trojan_path/config.yml"
red "Link único y generado de manera aleatoria."
green "=============================================================="
green "Puede modificar el archivo .yml abriéndolo como Texto. "
green "Recuerde modificar el dominio por la ip en el archivo yml. "
green "Todo viene configurado, pero para que funcione correctamente\ntiene que modificar el host."
green "=============================================================="
red "Si gusta configurar manualmente, esta es la información:"
blue "Dominio: $your_domain"
blue "Puerto: 443"
blue "Contraseña: $trojan_passwd"
green "=============================================================="
else
red "==================================="
red "Si el certificado https no obtuvo resultados\nde solicitud y la instalación automática falló"
green "No se preocupe, puede reparar manualmente la solicitud del certificado."
green "1. Reinicie la VPS."
green "2. Vuelva a ejecutar el script y use la función de reparación de certificado."
red "==================================="
fi
}
function preinstall_check(){
nginx_status=`ps -aux | grep "nginx: worker" |grep -v "grep"`
if [ -n "$nginx_status" ]; then
systemctl stop nginx
fi
$systemPackage -y install net-tools socat
Port80=`netstat -tlpn | awk -F '[: ]+' '$1=="tcp"{print $5}' | grep -w 80`
Port443=`netstat -tlpn | awk -F '[: ]+' '$1=="tcp"{print $5}' | grep -w 443`
if [ -n "$Port80" ]; then
process80=`netstat -tlpn | awk -F '[: ]+' '$5=="80"{print $9}'`
red "==========================================================="
red "Se detectó que el puerto 80 está ocupado, el proceso que lo\nocupa es:${process80}La instalación ha finalizado."
red "==========================================================="
exit 1
fi
if [ -n "$Port443" ]; then
process443=`netstat -tlpn | awk -F '[: ]+' '$5=="443"{print $9}'`
red "============================================================="
red "Se detectó que el puerto 443 está ocupado, el proceso que lo\nocupa es:${process443}La instalación ha finalizado."
red "============================================================="
exit 1
fi
if [ -f "/etc/selinux/config" ]; then
CHECK=$(grep SELINUX= /etc/selinux/config | grep -v "#")
if [ "$CHECK" != "SELINUX=disabled" ]; then
green "Se detectó que SELinux está activado, se agregaran las reglas del puerto 80/443"
yum install -y policycoreutils-python >/dev/null 2>&1
semanage port -m -t http_port_t -p tcp 80
semanage port -m -t http_port_t -p tcp 443
fi
fi
if [ "$release" == "centos" ]; then
if [ -n "$(grep ' 6\.' /etc/redhat-release)" ] ;then
red "==============="
red "El sistema actual no es compatible."
red "==============="
exit
fi
if [ -n "$(grep ' 5\.' /etc/redhat-release)" ] ;then
red "==============="
red "El sistema actual no es compatible."
red "==============="
exit
fi
firewall_status=`systemctl status firewalld | grep "Active: active"`
if [ -n "$firewall_status" ]; then
green "Se detectó que el firewall está activado, se agregaran las reglas del puerto 80/443"
firewall-cmd --zone=public --add-port=80/tcp --permanent
firewall-cmd --zone=public --add-port=443/tcp --permanent
firewall-cmd --reload
fi
rpm -Uvh http://nginx.org/packages/centos/7/noarch/RPMS/nginx-release-centos-7-0.el7.ngx.noarch.rpm
elif [ "$release" == "ubuntu" ]; then
if [ -n "$(grep ' 14\.' /etc/os-release)" ] ;then
red "==============="
red "El sistema actual no es compatible."
red "==============="
exit
fi
if [ -n "$(grep ' 12\.' /etc/os-release)" ] ;then
red "==============="
red "El sistema actual no es compatible."
red "==============="
exit
fi
ufw_status=`systemctl status ufw | grep "Active: active"`
if [ -n "$ufw_status" ]; then
ufw allow 80/tcp
ufw allow 443/tcp
fi
apt-get update
elif [ "$release" == "debian" ]; then
ufw_status=`systemctl status ufw | grep "Active: active"`
if [ -n "$ufw_status" ]; then
ufw allow 80/tcp
ufw allow 443/tcp
fi
apt-get update
fi
$systemPackage -y install wget unzip zip curl tar >/dev/null 2>&1
green "======================="
blue "Ingrese el dominio vinculado a esta VPS " && read -p ": " your_domain
green "======================="
real_addr=`ping ${your_domain} -c 1 | sed '1{s/[^(]*(//;s/).*//;q}'`
local_addr=`curl ipv4.icanhazip.com`
if [ $real_addr == $local_addr ] ; then
green "=========================================="
green "La resolución del dominio es normal, se intalará trojan"
green "=========================================="
sleep 1s
install_trojan
else
red "===================================="
red "La resolución de dominio es inconsistente con la dirección IP de la VPS"
red "Si cree que el análisis es correcto, puede forzar a que el script continúe"
red "===================================="
read -p "¿Forzar el script? Seleccione [Y/n] :" yn
[ -z "${yn}" ] && yn="y"
if [[ $yn == [Yy] ]]; then
green "Forzar el script"
sleep 1s
install_trojan
else
exit 1
fi
fi
}
function repair_cert(){
systemctl stop nginx
iptables -I INPUT -p tcp --dport 80 -j ACCEPT
iptables -I INPUT -p tcp --dport 443 -j ACCEPT
Port80=`netstat -tlpn | awk -F '[: ]+' '$1=="tcp"{print $5}' | grep -w 80`
if [ -n "$Port80" ]; then
process80=`netstat -tlpn | awk -F '[: ]+' '$5=="80"{print $9}'`
red "==========================================================="
red "Se detectó que el puerto 80 está ocupado, el proceso que lo\nocupa es:${process80}La instalación ha finalizado."
red "==========================================================="
exit 1
fi
green "======================="
blue "Ingrese el dominio vinculado a esta VPS."
blue "Debe ser el mismo dominio que no pudo usar antes."
green "======================="
read your_domain
real_addr=`ping ${your_domain} -c 1 | sed '1{s/[^(]*(//;s/).*//;q}'`
local_addr=`curl ipv4.icanhazip.com`
if [ $real_addr == $local_addr ] ; then
~/.acme.sh/acme.sh --issue -d $your_domain --standalone
~/.acme.sh/acme.sh --installcert -d $your_domain \
--key-file /usr/src/trojan-cert/private.key \
--fullchain-file /usr/src/trojan-cert/fullchain.cer \
--reloadcmd "systemctl restart trojan"
if test -s /usr/src/trojan-cert/fullchain.cer; then
green "Solicitud de certificado exitosa."
green "Descargue fullchain.cer en /usr/src/trojan-cert/ en la carpeta del cliente trojan-cli"
systemctl restart trojan
systemctl start nginx
else
red "No se pudo solicitar el certificado."
fi
else
red "================================"
red "La resolución de dominio es inconsistente con la dirección IP de la VPS"
red "La instalación falló, asegúrese de que la resolución del dominio sea normal"
red "================================"
fi
}
function remove_trojan(){
red "================================"
red "Trojan se desintalará"
red "Nginx también se desintalará"
red "================================"
systemctl stop trojan
systemctl disable trojan
rm -f ${systempwd}trojan.service
if [ "$release" == "centos" ]; then
yum remove -y nginx
else
apt autoremove -y nginx
fi
rm -rf /usr/src/trojan*
rm -rf /usr/share/nginx/html/*
rm -rf /root/.acme.sh/
green "=============="
green "Trojan desinstalado."
green "=============="
}
function update_trojan(){
/usr/src/trojan/trojan -v 2>trojan.tmp
curr_version=`cat trojan.tmp | grep "trojan" | awk '{print $4}'`
wget https://api.github.com/repos/trojan-gfw/trojan/releases/latest >/dev/null 2>&1
latest_version=`grep tag_name latest| awk -F '[:,"v]' '{print $6}'`
rm -f latest
rm -f trojan.tmp
if version_lt "$curr_version" "$latest_version"; then
green "Versión actual: $curr_version, Última versión: $latest_version, actualizando……"
mkdir trojan_update_temp && cd trojan_update_temp
wget https://github.com/trojan-gfw/trojan/releases/download/v${latest_version}/trojan-${latest_version}-linux-amd64.tar.xz >/dev/null 2>&1
tar xf trojan-${latest_version}-linux-amd64.tar.xz >/dev/null 2>&1
mv ./trojan/trojan /usr/src/trojan/
cd .. && rm -rf trojan_update_temp
systemctl restart trojan
/usr/src/trojan/trojan -v 2>trojan.tmp
green "Se completó la actualización de trojan, la versión actual es:`cat trojan.tmp | grep "trojan" | awk '{print $4}'`"
rm -f trojan.tmp
else
green "Versión actual: $curr_version, Última versión: $latest_version, no es necesario actualizar."
fi
}
start_menu(){
clear
green " ======================================="
green " Script de Instalación de Trojan "
green " Sistemascentos7+/debian9+/ubuntu16.04+"
green " Edicion ChumoGH - ADM "
blue " Declaración"
red " *No use este script en ningún entorno de producción."
red " *No debe tener ocupados los puertos 80/443."
red " *Siga las instrucciones."
green " ======================================="
echo
green " 1. Instalar trojan"
red " 2. Desinstalar trojan"
green " 3. Actualizar trojan"
green " 4. Reparar certificado"
blue " 0. Salir del script"
echo
read -p "Ingrese una opción:" num
case "$num" in
1)
preinstall_check
;;
2)
remove_trojan
;;
3)
update_trojan
;;
4)
repair_cert
;;
0)
adm 1
;;
*)
clear
red "Ingrese una opción correcta."
sleep 1s
start_menu
;;
esac
}
start_menu
Reference in New Issue View Git Blame Copy Permalink