-
Notifications
You must be signed in to change notification settings - Fork 79
/
Copy pathins.sh~
208 lines (171 loc) · 9.48 KB
/
ins.sh~
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
#!/bin/bash
# 作者:Mark Salatino
# 协议:GPL
# 欢迎大家提交测试报告,并协助修正bug,目前完整测试的环境是Centos 7,7.5
export PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
[ $(id -u) != "0" ] && { echo "Error: You must be root to run this script"; exit 1; }
#template file
ca="Y24gPSAiX2lwXyIKb3JnYW5pemF0aW9uID0gIkdsb2JhbFNpZ24gbnYtc2EiCnNlcmlhbCA9IDEKZXhwaXJhdGlvbl9kYXlzID0gMzY1MApjYQpzaWduaW5nX2tleQpjZXJ0X3NpZ25pbmdfa2V5CmNybF9zaWduaW5nX2tleQ=="
server="Y24gPSAiX2lwXyIKb3JnYW5pemF0aW9uID0gIkdsb2JhbFNpZ24gbnYtc2EiCmV4cGlyYXRpb25fZGF5cyA9IDM2NTAKc2lnbmluZ19rZXkKZW5jcnlwdGlvbl9rZXkKdGxzX3d3d19zZXJ2ZXI="
s_cfg="ew0KICAgICJydW5fdHlwZSI6ICJzZXJ2ZXIiLA0KICAgICJsb2NhbF9hZGRyIjogIjAuMC4wLjAiLA0KICAgICJsb2NhbF9wb3J0IjogNDQzLA0KICAgICJyZW1vdGVfYWRkciI6ICIxMjcuMC4wLjEiLA0KICAgICJyZW1vdGVfcG9ydCI6IDgwLA0KICAgICJwYXNzd29yZCI6IFsNCiAgICAgICAgIl9wd2RfIiAgICAgICAgDQogICAgXSwNCiAgICAibG9nX2xldmVsIjogMSwNCiAgICAic3NsIjogew0KICAgICAgICAiY2VydCI6ICJfY2VydF8iLA0KICAgICAgICAia2V5IjogIl9rZXlfIiwNCiAgICAgICAgImtleV9wYXNzd29yZCI6ICIiLA0KICAgICAgICAiY2lwaGVyIjogIkVDREhFLUVDRFNBLUFFUzI1Ni1HQ00tU0hBMzg0OkVDREhFLVJTQS1BRVMyNTYtR0NNLVNIQTM4NDpFQ0RIRS1FQ0RTQS1DSEFDSEEyMC1QT0xZMTMwNTpFQ0RIRS1SU0EtQ0hBQ0hBMjAtUE9MWTEzMDU6RUNESEUtRUNEU0EtQUVTMTI4LUdDTS1TSEEyNTY6RUNESEUtUlNBLUFFUzEyOC1HQ00tU0hBMjU2OkVDREhFLUVDRFNBLUFFUzI1Ni1TSEEzODQ6RUNESEUtUlNBLUFFUzI1Ni1TSEEzODQ6RUNESEUtRUNEU0EtQUVTMTI4LVNIQTI1NjpFQ0RIRS1SU0EtQUVTMTI4LVNIQTI1NiIsDQogICAgICAgICJwcmVmZXJfc2VydmVyX2NpcGhlciI6IHRydWUsDQogICAgICAgICJhbHBuIjogWw0KCQkJImgyIiwNCiAgICAgICAgICAgICJodHRwLzEuMSINCiAgICAgICAgXSwNCiAgICAgICAgInJldXNlX3Nlc3Npb24iOiB0cnVlLA0KICAgICAgICAic2Vzc2lvbl90aWNrZXQiOiBmYWxzZSwNCiAgICAgICAgInNlc3Npb25fdGltZW91dCI6IDYwMCwNCiAgICAgICAgInBsYWluX2h0dHBfcmVzcG9uc2UiOiAiIiwNCiAgICAgICAgImN1cnZlcyI6ICIiLA0KICAgICAgICAiZGhwYXJhbSI6ICIiDQogICAgfSwNCiAgICAidGNwIjogew0KICAgICAgICAicHJlZmVyX2lwdjQiOiBmYWxzZSwNCiAgICAgICAgIm5vX2RlbGF5IjogdHJ1ZSwNCiAgICAgICAgImtlZXBfYWxpdmUiOiB0cnVlLA0KICAgICAgICAiZmFzdF9vcGVuIjogZmFsc2UsDQogICAgICAgICJmYXN0X29wZW5fcWxlbiI6IDIwDQogICAgfSwNCiAgICAibXlzcWwiOiB7DQogICAgICAgICJlbmFibGVkIjogZmFsc2UsDQogICAgICAgICJzZXJ2ZXJfYWRkciI6ICIxMjcuMC4wLjEiLA0KICAgICAgICAic2VydmVyX3BvcnQiOiAzMzA2LA0KICAgICAgICAiZGF0YWJhc2UiOiAidHJvamFuIiwNCiAgICAgICAgInVzZXJuYW1lIjogInRyb2phbiIsDQogICAgICAgICJwYXNzd29yZCI6ICIiDQogICAgfQ0KfQ0K"
c_cfg="ew0KICAgICJydW5fdHlwZSI6ICJjbGllbnQiLA0KICAgICJsb2NhbF9hZGRyIjogIjEyNy4wLjAuMSIsDQogICAgImxvY2FsX3BvcnQiOiAxMDgwLA0KICAgICJyZW1vdGVfYWRkciI6ICJfaXBfIiwNCiAgICAicmVtb3RlX3BvcnQiOiA0NDMsDQogICAgInBhc3N3b3JkIjogWw0KICAgICAgICAiX3B3ZF8iDQogICAgXSwNCiAgICAiYXBwZW5kX3BheWxvYWQiOiB0cnVlLA0KICAgICJsb2dfbGV2ZWwiOiAxLA0KICAgICJzc2wiOiB7DQogICAgICAgICJ2ZXJpZnkiOiB0cnVlLA0KICAgICAgICAidmVyaWZ5X2hvc3RuYW1lIjogdHJ1ZSwNCiAgICAgICAgImNlcnQiOiAiY2EtY2VydC5wZW0iLA0KICAgICAgICAiY2lwaGVyIjogIkVDREhFLUVDRFNBLUFFUzEyOC1HQ00tU0hBMjU2OkVDREhFLVJTQS1BRVMxMjgtR0NNLVNIQTI1NjpFQ0RIRS1FQ0RTQS1BRVMyNTYtR0NNLVNIQTM4NDpFQ0RIRS1SU0EtQUVTMjU2LUdDTS1TSEEzODQ6RUNESEUtRUNEU0EtQ0hBQ0hBMjAtUE9MWTEzMDUtU0hBMjU2OkVDREhFLVJTQS1DSEFDSEEyMC1QT0xZMTMwNS1TSEEyNTY6RUNESEUtUlNBLUFFUzEyOC1TSEE6RUNESEUtUlNBLUFFUzI1Ni1TSEE6UlNBLUFFUzEyOC1HQ00tU0hBMjU2OlJTQS1BRVMyNTYtR0NNLVNIQTM4NDpSU0EtQUVTMTI4LVNIQTpSU0EtQUVTMjU2LVNIQTpSU0EtM0RFUy1FREUtU0hBIiwNCiAgICAgICAgInNuaSI6ICIiLA0KICAgICAgICAiYWxwbiI6IFsNCiAgICAgICAgICAgICJoMiIsDQogICAgICAgICAgICAiaHR0cC8xLjEiDQogICAgICAgIF0sDQogICAgICAgICJyZXVzZV9zZXNzaW9uIjogdHJ1ZSwNCiAgICAgICAgInNlc3Npb25fdGlja2V0IjogZmFsc2UsDQogICAgICAgICJjdXJ2ZXMiOiAiIg0KICAgIH0sDQogICAgInRjcCI6IHsNCiAgICAgICAgIm5vX2RlbGF5IjogdHJ1ZSwNCiAgICAgICAgImtlZXBfYWxpdmUiOiB0cnVlLA0KICAgICAgICAiZmFzdF9vcGVuIjogZmFsc2UsDQogICAgICAgICJmYXN0X29wZW5fcWxlbiI6IDIwDQogICAgfQ0KfQ0K";
svc="W1VuaXRdCkFmdGVyPW5ldHdvcmsudGFyZ2V0IAoKW1NlcnZpY2VdCkV4ZWNTdGFydD0vdXNyL2xvY2FsL2Jpbi90cm9qYW4gLWMgL2V0Yy90cm9qYW4vY29uZmlnLmpzb24KUmVzdGFydD1hbHdheXMKCltJbnN0YWxsXQpXYW50ZWRCeT1tdWx0aS11c2VyLnRhcmdldA=="
# end template
#全局变量区
workpath=$(mktemp -d) #程序工作目录
trojan_path="/etc/trojan/cert/" #trojan服务端配置目录
trojan_client="/home/trojan" #trojan客户端配置目录
#全局变量区结束
#初始化相关目录
init(){
mkdir -p $trojan_path $trojan_client
chown -R $SUDO_USER: $trojan_client
cd $workpath
}
#安装依赖
function setup_deps(){
if [ -f /etc/redhat-release ];then
OS='CentOS'
elif [ ! -z "`cat /etc/issue | grep bian`" ];then
OS='Debian'
elif [ ! -z "`cat /etc/issue | grep Ubuntu`" ];then
OS='Ubuntu'
else
echo "Not support OS, Please reinstall OS and retry!"
exit 1
fi
if [[ ${OS} == 'CentOS' ]];then
yum install curl wget git gnutls-utils -y
else
apt-get update
apt-get install curl wget git gnutls-bin -y
fi
}
# 下载并安装trojan-gfw文件
function dl_install_trojan(){
trojan="https://github.com/trojan-gfw/trojan/releases/download/v1.10.0/trojan-1.10.0-linux-amd64.tar.xz"
file_name="$workpath/trojan.xz"
# Download trojan tarball
wget --no-check-certificate -O $file_name $trojan
tar -Jxf $file_name -C $workpath
mv $workpath/trojan/trojan /usr/local/bin/
}
#自动生成服务器和客户端配置文件
#原型:ac_files(cert,key,ip)
function ac_files(){
#将内存中配置模板文件存入硬盘
base64 -d <<< ${s_cfg} > config-server.txt
base64 -d <<< ${c_cfg} > config-client.txt
#存放客户端配置文件和客户端使用证书
local pwd=$(cat /proc/sys/kernel/random/uuid)
sed -i "s#_pwd_#$pwd#;s#_cert_#$1#;s#_key_#$2#" config-server.txt
sed -i "s/_ip_/$3/;s/_pwd_/$pwd/" config-client.txt
#自动配置后,放到对应的目录
mv config-server.txt $trojan_path/../config.json
mv config-client.txt $trojan_client/client.json
}
# 自动生成服务器证书(IP方式)
function ac_cert_ip(){
#将内存中证书模板文件存入硬盘
base64 -d <<< ${ca} > ca.txt
base64 -d <<< ${server} > server.txt
ip=$(curl -s http://api.ipify.org)
sed -i "s/_ip_/$ip/" ca.txt
sed -i "s/_ip_/$ip/" server.txt
certtool --generate-privkey --outfile ca-key.pem
certtool --generate-self-signed --load-privkey ca-key.pem --template ca.txt --outfile ca-cert.pem
certtool --generate-privkey --outfile server-key.pem
certtool --generate-certificate --load-privkey server-key.pem --load-ca-certificate ca-cert.pem --load-ca-privkey ca-key.pem --template server.txt --outfile server-cert.pem
mv server-key.pem $trojan_path
mv server-cert.pem $trojan_path
mv ca-cert.pem $trojan_client
local c_path=$trojan_path"server-cert.pem"
local k_path=$trojan_path"server-key.pem"
#echo $c_path,$k_path
ac_files $c_path $k_path $ip
}
#自动生成服务器证书(域名方式)
#原型:ac_cert_domain(domain,email)
function ac_cert_domain(){
git clone https://github.com/letsencrypt/letsencrypt
cd letsencrypt
#清除域名原来已经申请的证书,修正重复签发证书错误
rm -rf /etc/letsencrypt/live/$1
rm -rf /etc/letsencrypt/archive/$1
rm /etc/letsencrypt/renewal/$1.conf
echo "a y"|sh ./letsencrypt-auto certonly --standalone -d $1 --email $2 > result.txt
#重复签发证书
#local c1=$(grep 'have an existing certificate' result.txt)
#if [ -n "$c1" ] ;then
# echo "重复签发证书!"
#fi
#签发证书证书成功分支
grep '\.pem' result.txt > cert_list.txt
IFS=$'\n' read -d '' -r -a lines < cert_list.txt
ac_files ${lines[0]} ${lines[1]} $1
local pem_path=${lines[0]%/*}
cp $pem_path/cert.pem $trojan_client/ca-cert.pem
#echo $pem_path
}
#将trojan-gfw以服务的方式安装
function install_trojan_svc(){
base64 -d <<< $svc > /lib/systemd/system/trojan-gfw.service
#Test for windows mingw64
#base64 -d <<< $svc > trojan-gfw.service
#ac_cert_ip
systemctl daemon-reload
systemctl enable trojan-gfw
sleep 0.01
systemctl start trojan-gfw
}
#主界面
function ui(){
while [ 1 ]
do
opt=$(whiptail --title "Trojan GFW 配置向导" --menu "请选择证书模式" 15 60 2 \
"1" "使用IP自签发证书" \
"2" "使用免费的域名证书(Let's Encrypt)" \
3>&1 1>&2 2>&3)
if [ $? = 1 ]; then
break;
fi
case $opt in
1)
ac_cert_ip
whiptail --title "安装成功" --msgbox "请复制【/home/trojan】目录中的证书文件[ca-cert.pem]和\n配置文件[client.json]到Trojan客户端根目录" 10 60
break
;;
2)
domain=$(whiptail --title "Let's Encrypt证书配置" --inputbox "请输入你的域名:" 10 60 3>&1 1>&2 2>&3)
email=$(whiptail --title "Let's Encrypt证书配置" --inputbox "请输入你的邮箱(接收过期提醒):" 10 60 3>&1 1>&2 2>&3)
if [ -z "$email" ] || [ -z "$domain" ];then
whiptail --title "错误" --msgbox "域名和邮箱都不能为空!" 10 60
fi
#域名正则
re1='[a-zA-Z0-9][-a-zA-Z0-9]{0,62}(.[a-zA-Z0-9][-a-zA-Z0-9]{0,62})+.?'
#邮箱正则
re2='^[a-zA-Z0-9_.-]+@[a-zA-Z0-9-]+(\.[a-zA-Z0-9-]+)*\.[a-zA-Z0-9]{2,6}$'
if [[ "$domain" =~ $re1 ]] && [[ "$email" =~ $re2 ]];then
if (whiptail --title "Let's Encrypt证书配置确认" --yes-button "下一步" --no-button "修改" --yesno "域名:【$domain】\n邮箱:【$email】" 10 60) then
ac_cert_domain $domain $email
whiptail --title "安装成功" --msgbox "请复制【/home/trojan】目录中的证书文件[ca-cert.pem]和\n配置文件[client.json]到Trojan客户端根目录" 10 60
break;
fi
else
whiptail --title "格式错误" --msgbox "域名或邮箱格式输入有误!" 10 60
fi
;;
*)
break ;;
esac
done
}
#伪程序入口^-^
function main(){
setup_deps
init
dl_install_trojan
install_trojan_svc
ui
}
main