diff --git a/README.md b/README.md index 0b5655a..5397c74 100644 --- a/README.md +++ b/README.md @@ -8,7 +8,7 @@ 详细安装 shadowsocks server --- -- [搭建shadowsocksR](https://github.com/breakwa11/shadowsocks-rss/wiki/Server-Setup) +- [搭建shadowsocksR](https://github.com/iMeiji/shadowsocks_install/blob/master/shadowsocksR-wiki/Server-Setup.md) - [搭建shadowsocks libev](https://github.com/iMeiji/shadowsocks_install/wiki/shadowsocks-libev) - [搭建shadowsocksR libev](https://github.com/iMeiji/shadowsocks_install/wiki/shadowsocksR-libev) @@ -21,10 +21,13 @@ | [net speeder](https://github.com/iMeiji/shadowsocks_install/wiki/Net-Speeder) | [kcptun](https://github.com/xtaci/kcptun) | | [serverspeeder](https://github.com/91yun/serverspeeder) | [FinalSpeed](https://github.com/91yun/finalspeed) | | [TCP BBR](https://github.com/iMeiji/shadowsocks_install/wiki/%E5%BC%80%E5%90%AFTCP-BBR%E6%8B%A5%E5%A1%9E%E6%8E%A7%E5%88%B6%E7%AE%97%E6%B3%95) | | +| [TCP BBR 魔改版](https://moeclub.org/2017/06/24/278/) | | 其他 --- - [搭建OpenConnect VPN server](https://github.com/iMeiji/shadowsocks_install/wiki/OpenConnect-VPN-server) -- [shadowsocksR 文档](https://github.com/iMeiji/shadowsocks_install/shadowsocksR-wiki) +- [shadowsocksR 文档](https://github.com/iMeiji/shadowsocks_install/tree/master/shadowsocksR-wiki) +- [shadowsocksR 客户端](https://github.com/iMeiji/shadowsocks_install/releases/tag/0.13) + diff --git a/shadowsocksR.sh b/shadowsocksR.sh index fba7948..8c535a2 100644 --- a/shadowsocksR.sh +++ b/shadowsocksR.sh @@ -1,4 +1,4 @@ -#! /bin/bash +#!/usr/bin/env bash PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:~/bin export PATH #=================================================================# @@ -10,176 +10,387 @@ export PATH #=================================================================# clear -echo "" +echo echo "#############################################################" echo "# One click Install ShadowsocksR Server #" echo "# Intro: https://shadowsocks.be/9.html #" echo "# Author: Teddysun #" -echo "# Thanks: @breakwa11 #" +echo "# Github: https://github.com/shadowsocksr/shadowsocksr #" echo "#############################################################" -echo "" +echo #Current folder cur_dir=`pwd` -# Get public IP address -IP=$(ip addr | egrep -o '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' | egrep -v "^192\.168|^172\.1[6-9]\.|^172\.2[0-9]\.|^172\.3[0-2]\.|^10\.|^127\.|^255\." | head -n 1) -if [[ "$IP" = "" ]]; then - IP=$(wget -qO- -t1 -T2 ipv4.icanhazip.com) -fi +# Stream Ciphers +ciphers=( +none +aes-256-cfb +aes-192-cfb +aes-128-cfb +aes-256-cfb8 +aes-192-cfb8 +aes-128-cfb8 +aes-256-ctr +aes-192-ctr +aes-128-ctr +chacha20-ietf +chacha20 +rc4-md5 +rc4-md5-6 +) +# Reference URL: +# https://github.com/breakwa11/shadowsocks-rss/blob/master/ssr.md +# https://github.com/breakwa11/shadowsocks-rss/wiki/config.json +# Protocol +protocols=( +origin +verify_deflate +auth_sha1_v4 +auth_sha1_v4_compatible +auth_aes128_md5 +auth_aes128_sha1 +auth_chain_a +auth_chain_b +) +# obfs +obfs=( +plain +http_simple +http_simple_compatible +http_post +http_post_compatible +tls1.2_ticket_auth +tls1.2_ticket_auth_compatible +tls1.2_ticket_fastauth +tls1.2_ticket_fastauth_compatible +) +# Color +red='\033[0;31m' +green='\033[0;32m' +yellow='\033[0;33m' +plain='\033[0m' # Make sure only root can run our script -function rootness(){ - if [[ $EUID -ne 0 ]]; then - echo "Error:This script must be run as root!" 1>&2 - exit 1 +[[ $EUID -ne 0 ]] && echo -e "[${red}Error${plain}] This script must be run as root!" && exit 1 + +# Disable selinux +disable_selinux(){ + if [ -s /etc/selinux/config ] && grep 'SELINUX=enforcing' /etc/selinux/config; then + sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config + setenforce 0 fi } -# Check OS -function checkos(){ - if [ -f /etc/redhat-release ];then - OS='CentOS' - elif [ ! -z "`cat /etc/issue | grep bian`" ];then - OS='Debian' - elif [ ! -z "`cat /etc/issue | grep Ubuntu`" ];then - OS='Ubuntu' - else - echo "Not support OS, Please reinstall OS and retry!" - exit 1 +#Check system +check_sys(){ + local checkType=$1 + local value=$2 + + local release='' + local systemPackage='' + + if [[ -f /etc/redhat-release ]]; then + release="centos" + systemPackage="yum" + elif cat /etc/issue | grep -Eqi "debian"; then + release="debian" + systemPackage="apt" + elif cat /etc/issue | grep -Eqi "ubuntu"; then + release="ubuntu" + systemPackage="apt" + elif cat /etc/issue | grep -Eqi "centos|red hat|redhat"; then + release="centos" + systemPackage="yum" + elif cat /proc/version | grep -Eqi "debian"; then + release="debian" + systemPackage="apt" + elif cat /proc/version | grep -Eqi "ubuntu"; then + release="ubuntu" + systemPackage="apt" + elif cat /proc/version | grep -Eqi "centos|red hat|redhat"; then + release="centos" + systemPackage="yum" + fi + + if [[ ${checkType} == "sysRelease" ]]; then + if [ "$value" == "$release" ]; then + return 0 + else + return 1 + fi + elif [[ ${checkType} == "packageManager" ]]; then + if [ "$value" == "$systemPackage" ]; then + return 0 + else + return 1 + fi fi } # Get version -function getversion(){ - if [[ -s /etc/redhat-release ]];then +getversion(){ + if [[ -s /etc/redhat-release ]]; then grep -oE "[0-9.]+" /etc/redhat-release - else + else grep -oE "[0-9.]+" /etc/issue - fi + fi } # CentOS version -function centosversion(){ - local code=$1 - local version="`getversion`" - local main_ver=${version%%.*} - if [ $main_ver == $code ];then - return 0 +centosversion(){ + if check_sys sysRelease centos; then + local code=$1 + local version="$(getversion)" + local main_ver=${version%%.*} + if [ "$main_ver" == "$code" ]; then + return 0 + else + return 1 + fi else return 1 - fi + fi } -# Disable selinux -function disable_selinux(){ -if [ -s /etc/selinux/config ] && grep 'SELINUX=enforcing' /etc/selinux/config; then - sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config - setenforce 0 -fi +# Get public IP address +get_ip(){ + local IP=$( ip addr | egrep -o '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' | egrep -v "^192\.168|^172\.1[6-9]\.|^172\.2[0-9]\.|^172\.3[0-2]\.|^10\.|^127\.|^255\.|^0\." | head -n 1 ) + [ -z ${IP} ] && IP=$( wget -qO- -t1 -T2 ipv4.icanhazip.com ) + [ -z ${IP} ] && IP=$( wget -qO- -t1 -T2 ipinfo.io/ip ) + [ ! -z ${IP} ] && echo ${IP} || echo +} + +get_char(){ + SAVEDSTTY=`stty -g` + stty -echo + stty cbreak + dd if=/dev/tty bs=1 count=1 2> /dev/null + stty -raw + stty echo + stty $SAVEDSTTY } # Pre-installation settings -function pre_install(){ - # Not support CentOS 5 - if centosversion 5; then - echo "Not support CentOS 5.x, please change OS to CentOS 6,7/Debian/Ubuntu and retry." +pre_install(){ + if check_sys packageManager yum || check_sys packageManager apt; then + # Not support CentOS 5 + if centosversion 5; then + echo -e "$[{red}Error${plain}] Not supported CentOS 5, please change to CentOS 6+/Debian 7+/Ubuntu 12+ and try again." + exit 1 + fi + else + echo -e "[${red}Error${plain}] Your OS is not supported. please change OS to CentOS/Debian/Ubuntu and try again." exit 1 fi # Set ShadowsocksR config password echo "Please input password for ShadowsocksR:" read -p "(Default password: teddysun.com):" shadowsockspwd - [ -z "$shadowsockspwd" ] && shadowsockspwd="teddysun.com" - echo "" + [ -z "${shadowsockspwd}" ] && shadowsockspwd="teddysun.com" + echo echo "---------------------------" - echo "password = $shadowsockspwd" + echo "password = ${shadowsockspwd}" echo "---------------------------" - echo "" + echo # Set ShadowsocksR config port while true do echo -e "Please input port for ShadowsocksR [1-65535]:" read -p "(Default port: 8989):" shadowsocksport - [ -z "$shadowsocksport" ] && shadowsocksport="8989" - expr $shadowsocksport + 0 &>/dev/null + [ -z "${shadowsocksport}" ] && shadowsocksport="8989" + expr ${shadowsocksport} + 1 &>/dev/null if [ $? -eq 0 ]; then - if [ $shadowsocksport -ge 1 ] && [ $shadowsocksport -le 65535 ]; then - echo "" + if [ ${shadowsocksport} -ge 1 ] && [ ${shadowsocksport} -le 65535 ]; then + echo echo "---------------------------" - echo "port = $shadowsocksport" + echo "port = ${shadowsocksport}" echo "---------------------------" - echo "" + echo break else - echo "Input error! Please input correct number." + echo -e "[${red}Error${plain}] Input error, please input a number between 1 and 65535" fi else - echo "Input error! Please input correct number." + echo -e "[${red}Error${plain}] Input error, please input a number between 1 and 65535" + fi + done + + # Set shadowsocksR config stream ciphers + while true + do + echo -e "Please select stream cipher for ShadowsocksR:" + for ((i=1;i<=${#ciphers[@]};i++ )); do + hint="${ciphers[$i-1]}" + echo -e "${green}${i}${plain}) ${hint}" + done + read -p "Which cipher you'd select(Default: ${ciphers[1]}):" pick + [ -z "$pick" ] && pick=2 + expr ${pick} + 1 &>/dev/null + if [ $? -ne 0 ]; then + echo -e "[${red}Error${plain}] Input error, please input a number" + continue fi + if [[ "$pick" -lt 1 || "$pick" -gt ${#ciphers[@]} ]]; then + echo -e "[${red}Error${plain}] Input error, please input a number between 1 and ${#ciphers[@]}" + continue + fi + shadowsockscipher=${ciphers[$pick-1]} + echo + echo "---------------------------" + echo "cipher = ${shadowsockscipher}" + echo "---------------------------" + echo + break done - get_char(){ - SAVEDSTTY=`stty -g` - stty -echo - stty cbreak - dd if=/dev/tty bs=1 count=1 2> /dev/null - stty -raw - stty echo - stty $SAVEDSTTY - } - echo "" + + # Set shadowsocksR config protocol + while true + do + echo -e "Please select protocol for ShadowsocksR:" + for ((i=1;i<=${#protocols[@]};i++ )); do + hint="${protocols[$i-1]}" + echo -e "${green}${i}${plain}) ${hint}" + done + read -p "Which protocol you'd select(Default: ${protocols[0]}):" protocol + [ -z "$protocol" ] && protocol=1 + expr ${protocol} + 1 &>/dev/null + if [ $? -ne 0 ]; then + echo -e "[${red}Error${plain}] Input error, please input a number" + continue + fi + if [[ "$protocol" -lt 1 || "$protocol" -gt ${#protocols[@]} ]]; then + echo -e "[${red}Error${plain}] Input error, please input a number between 1 and ${#protocols[@]}" + continue + fi + shadowsockprotocol=${protocols[$protocol-1]} + echo + echo "---------------------------" + echo "protocol = ${shadowsockprotocol}" + echo "---------------------------" + echo + break + done + + # Set shadowsocksR config obfs + while true + do + echo -e "Please select obfs for ShadowsocksR:" + for ((i=1;i<=${#obfs[@]};i++ )); do + hint="${obfs[$i-1]}" + echo -e "${green}${i}${plain}) ${hint}" + done + read -p "Which obfs you'd select(Default: ${obfs[0]}):" r_obfs + [ -z "$r_obfs" ] && r_obfs=1 + expr ${r_obfs} + 1 &>/dev/null + if [ $? -ne 0 ]; then + echo -e "[${red}Error${plain}] Input error, please input a number" + continue + fi + if [[ "$r_obfs" -lt 1 || "$r_obfs" -gt ${#obfs[@]} ]]; then + echo -e "[${red}Error${plain}] Input error, please input a number between 1 and ${#obfs[@]}" + continue + fi + shadowsockobfs=${obfs[$r_obfs-1]} + echo + echo "---------------------------" + echo "obfs = ${shadowsockobfs}" + echo "---------------------------" + echo + break + done + + echo echo "Press any key to start...or Press Ctrl+C to cancel" char=`get_char` # Install necessary dependencies - if [ "$OS" == 'CentOS' ]; then - yum install -y wget unzip openssl-devel gcc swig python python-devel python-setuptools autoconf libtool libevent - yum install -y m2crypto automake make curl curl-devel zlib-devel perl perl-devel cpio expat-devel gettext-devel - else + if check_sys packageManager yum; then + yum install -y python python-devel python-setuptools openssl openssl-devel curl wget unzip gcc automake autoconf make libtool + elif check_sys packageManager apt; then apt-get -y update - apt-get -y install python python-dev python-pip python-m2crypto curl wget unzip gcc swig automake make perl cpio build-essential + apt-get -y install python python-dev python-setuptools openssl libssl-dev curl wget unzip gcc automake autoconf make libtool fi - cd $cur_dir + cd ${cur_dir} } # Download files -function download_files(){ +download_files(){ # Download libsodium file - if ! wget --no-check-certificate -O libsodium-1.0.8.tar.gz https://github.com/jedisct1/libsodium/releases/download/1.0.8/libsodium-1.0.8.tar.gz; then - echo "Failed to download libsodium file!" + if ! wget --no-check-certificate -O libsodium-1.0.13.tar.gz https://github.com/jedisct1/libsodium/releases/download/1.0.13/libsodium-1.0.13.tar.gz; then + echo -e "[${red}Error${plain}] Failed to download libsodium-1.0.13.tar.gz!" exit 1 fi # Download ShadowsocksR file - if ! wget --no-check-certificate -O manyuser.zip https://github.com/breakwa11/shadowsocks/archive/manyuser.zip; then - echo "Failed to download ShadowsocksR file!" + if ! wget --no-check-certificate -O manyuser.zip https://github.com/teddysun/shadowsocksr/archive/manyuser.zip; then + echo -e "[${red}Error${plain}] Failed to download ShadowsocksR file!" exit 1 fi - # Download ShadowsocksR chkconfig file - if [ "$OS" == 'CentOS' ]; then + # Download ShadowsocksR init script + if check_sys packageManager yum; then if ! wget --no-check-certificate https://raw.githubusercontent.com/teddysun/shadowsocks_install/master/shadowsocksR -O /etc/init.d/shadowsocks; then - echo "Failed to download ShadowsocksR chkconfig file!" + echo -e "[${red}Error${plain}] Failed to download ShadowsocksR chkconfig file!" exit 1 fi - else + elif check_sys packageManager apt; then if ! wget --no-check-certificate https://raw.githubusercontent.com/teddysun/shadowsocks_install/master/shadowsocksR-debian -O /etc/init.d/shadowsocks; then - echo "Failed to download ShadowsocksR chkconfig file!" + echo -e "[${red}Error${plain}] Failed to download ShadowsocksR chkconfig file!" exit 1 fi fi } +# Firewall set +firewall_set(){ + echo "firewall set start..." + if centosversion 6; then + /etc/init.d/iptables status > /dev/null 2>&1 + if [ $? -eq 0 ]; then + iptables -L -n | grep -i ${shadowsocksport} > /dev/null 2>&1 + if [ $? -ne 0 ]; then + iptables -I INPUT -m state --state NEW -m tcp -p tcp --dport ${shadowsocksport} -j ACCEPT + iptables -I INPUT -m state --state NEW -m udp -p udp --dport ${shadowsocksport} -j ACCEPT + /etc/init.d/iptables save + /etc/init.d/iptables restart + else + echo "port ${shadowsocksport} has been set up." + fi + else + echo -e "[${yellow}Warning${plain}] iptables looks like shutdown or not installed, please manually set it if necessary." + fi + elif centosversion 7; then + systemctl status firewalld > /dev/null 2>&1 + if [ $? -eq 0 ]; then + firewall-cmd --permanent --zone=public --add-port=${shadowsocksport}/tcp + firewall-cmd --permanent --zone=public --add-port=${shadowsocksport}/udp + firewall-cmd --reload + else + echo "Firewalld looks like not running, try to start..." + systemctl start firewalld + if [ $? -eq 0 ]; then + firewall-cmd --permanent --zone=public --add-port=${shadowsocksport}/tcp + firewall-cmd --permanent --zone=public --add-port=${shadowsocksport}/udp + firewall-cmd --reload + else + echo -e "[${yellow}Warning${plain}] Try to start firewalld failed. please enable port ${shadowsocksport} manually if necessary." + fi + fi + fi + echo "firewall set completed..." +} + # Config ShadowsocksR -function config_shadowsocks(){ +config_shadowsocks(){ cat > /etc/shadowsocks.json<<-EOF { "server":"0.0.0.0", - "server_ipv6":"::", + "server_ipv6":"[::]", "server_port":${shadowsocksport}, "local_address":"127.0.0.1", "local_port":1080, "password":"${shadowsockspwd}", "timeout":120, - "method":"aes-256-cfb", - "protocol":"origin", + "method":"${shadowsockscipher}", + "protocol":"${shadowsockprotocol}", "protocol_param":"", - "obfs":"plain", + "obfs":"${shadowsockobfs}", "obfs_param":"", "redirect":"", "dns_ipv6":false, @@ -190,114 +401,112 @@ EOF } # Install ShadowsocksR -function install_ss(){ +install(){ # Install libsodium - tar zxf libsodium-1.0.8.tar.gz - cd $cur_dir/libsodium-1.0.8 - ./configure && make && make install + if [ ! -f /usr/lib/libsodium.a ]; then + cd ${cur_dir} + tar zxf libsodium-1.0.13.tar.gz + cd libsodium-1.0.13 + ./configure --prefix=/usr && make && make install + if [ $? -ne 0 ]; then + echo -e "[${red}Error${plain}] libsodium install failed!" + install_cleanup + exit 1 + fi + fi + ldconfig # Install ShadowsocksR - cd $cur_dir + cd ${cur_dir} unzip -q manyuser.zip mv shadowsocksr-manyuser/shadowsocks /usr/local/ if [ -f /usr/local/shadowsocks/server.py ]; then chmod +x /etc/init.d/shadowsocks - # Add run on system start up - if [ "$OS" == 'CentOS' ]; then + if check_sys packageManager yum; then chkconfig --add shadowsocks chkconfig shadowsocks on - else - update-rc.d shadowsocks defaults + elif check_sys packageManager apt; then + update-rc.d -f shadowsocks defaults fi - # Run ShadowsocksR in the background /etc/init.d/shadowsocks start + clear - echo "" - echo "Congratulations, ShadowsocksR install completed!" - echo -e "Server IP: \033[41;37m ${IP} \033[0m" - echo -e "Server Port: \033[41;37m ${shadowsocksport} \033[0m" - echo -e "Password: \033[41;37m ${shadowsockspwd} \033[0m" - echo -e "Local IP: \033[41;37m 127.0.0.1 \033[0m" - echo -e "Local Port: \033[41;37m 1080 \033[0m" - echo -e "Protocol: \033[41;37m origin \033[0m" - echo -e "obfs: \033[41;37m plain \033[0m" - echo -e "Encryption Method: \033[41;37m aes-256-cfb \033[0m" - echo "" + echo + echo -e "Congratulations, ShadowsocksR server install completed!" + echo -e "Your Server IP : \033[41;37m $(get_ip) \033[0m" + echo -e "Your Server Port : \033[41;37m ${shadowsocksport} \033[0m" + echo -e "Your Password : \033[41;37m ${shadowsockspwd} \033[0m" + echo -e "Your Protocol : \033[41;37m ${shadowsockprotocol} \033[0m" + echo -e "Your obfs : \033[41;37m ${shadowsockobfs} \033[0m" + echo -e "Your Encryption Method: \033[41;37m ${shadowsockscipher} \033[0m" + echo echo "Welcome to visit:https://shadowsocks.be/9.html" - echo "If you want to change protocol & obfs, reference URL:" - echo "https://github.com/breakwa11/shadowsocks-rss/wiki/Server-Setup" - echo "" echo "Enjoy it!" - echo "" + echo else - echo "Shadowsocks install failed! Please Email to Teddysun and contact." + echo "ShadowsocksR install failed, please Email to Teddysun and contact" install_cleanup exit 1 fi } # Install cleanup -function install_cleanup(){ - cd $cur_dir - rm -f manyuser.zip - rm -rf shadowsocks-manyuser - rm -f libsodium-1.0.8.tar.gz - rm -rf libsodium-1.0.8 +install_cleanup(){ + cd ${cur_dir} + rm -rf manyuser.zip shadowsocksr-manyuser libsodium-1.0.13.tar.gz libsodium-1.0.13 } # Uninstall ShadowsocksR -function uninstall_shadowsocks(){ - printf "Are you sure uninstall ShadowsocksR? (y/n) " +uninstall_shadowsocksr(){ + printf "Are you sure uninstall ShadowsocksR? (y/n)" printf "\n" read -p "(Default: n):" answer - if [ -z $answer ]; then - answer="n" - fi - if [ "$answer" = "y" ]; then + [ -z ${answer} ] && answer="n" + if [ "${answer}" == "y" ] || [ "${answer}" == "Y" ]; then /etc/init.d/shadowsocks status > /dev/null 2>&1 if [ $? -eq 0 ]; then /etc/init.d/shadowsocks stop fi - checkos - if [ "$OS" == 'CentOS' ]; then + if check_sys packageManager yum; then chkconfig --del shadowsocks - else + elif check_sys packageManager apt; then update-rc.d -f shadowsocks remove fi rm -f /etc/shadowsocks.json rm -f /etc/init.d/shadowsocks + rm -f /var/log/shadowsocks.log rm -rf /usr/local/shadowsocks echo "ShadowsocksR uninstall success!" else - echo "uninstall cancelled, Nothing to do" + echo + echo "uninstall cancelled, nothing to do..." + echo fi } # Install ShadowsocksR -function install_shadowsocks(){ - checkos - rootness +install_shadowsocksr(){ disable_selinux pre_install download_files config_shadowsocks - install_ss + if check_sys packageManager yum; then + firewall_set + fi + install install_cleanup } # Initialization step action=$1 -[ -z $1 ] && action=install +[ -z $1 ] && action=install case "$action" in -install) - install_shadowsocks - ;; -uninstall) - uninstall_shadowsocks - ;; -*) - echo "Arguments error! [${action} ]" - echo "Usage: `basename $0` {install|uninstall}" - ;; -esac + install|uninstall) + ${action}_shadowsocksr + ;; + *) + echo "Arguments error! [${action}]" + echo "Usage: `basename $0` [install|uninstall]" + ;; +esac \ No newline at end of file