chirophy/sing-box
1
0
Fork 0
mirror of https://github.com/233boy/sing-box.git synced 2026-05-03 06:14:41 +08:00
Code Issues Packages Projects Releases Wiki Activity

up

Browse Source
This commit is contained in:
233boy
2024-05-22 18:10:39 +08:00
commit 8e3265aa01
14 changed files with 3537 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
src/bbr.sh Normal file
View File

@@ -0,0 +1,20 @@
_open_bbr() {
sed -i '/net.ipv4.tcp_congestion_control/d' /etc/sysctl.conf
sed -i '/net.core.default_qdisc/d' /etc/sysctl.conf
echo "net.ipv4.tcp_congestion_control = bbr" >>/etc/sysctl.conf
echo "net.core.default_qdisc = fq" >>/etc/sysctl.conf
sysctl -p &>/dev/null
echo
_green "..已经启用 BBR 优化...."
echo
}
_try_enable_bbr() {
local _test1=$(uname -r | cut -d\. -f1)
local _test2=$(uname -r | cut -d\. -f2)
if [[ $_test1 -eq 4 && $_test2 -ge 9 ]] || [[ $_test1 -ge 5 ]]; then
_open_bbr
else
err "不支持启用 BBR 优化."
fi
}

57
src/caddy.sh Normal file
View File

@@ -0,0 +1,57 @@
caddy_config() {
is_caddy_site_file=$is_caddy_conf/${host}.conf
case $1 in
new)
mkdir -p $is_caddy_dir $is_caddy_dir/sites $is_caddy_conf
cat >$is_caddyfile <<-EOF
# don't edit this file #
# for more info, see https://233boy.com/$is_core/caddy-auto-tls/
# 不要编辑这个文件 #
# 更多相关请阅读此文章: https://233boy.com/$is_core/caddy-auto-tls/
# https://caddyserver.com/docs/caddyfile/options
{
admin off
http_port $is_http_port
https_port $is_https_port
}
import $is_caddy_conf/*.conf
import $is_caddy_dir/sites/*.conf
EOF
;;
*ws* | *http*)
cat >${is_caddy_site_file} <<<"
${host}:${is_https_port} {
reverse_proxy ${path} 127.0.0.1:${port}
import ${is_caddy_site_file}.add
}"
;;
*h2*)
cat >${is_caddy_site_file} <<<"
${host}:${is_https_port} {
reverse_proxy ${path} h2c://127.0.0.1:${port} {
transport http {
tls_insecure_skip_verify
}
}
import ${is_caddy_site_file}.add
}"
;;
*grpc*)
cat >${is_caddy_site_file} <<<"
${host}:${is_https_port} {
reverse_proxy /${path}/* h2c://127.0.0.1:${port}
import ${is_caddy_site_file}.add
}"
;;
proxy)
cat >${is_caddy_site_file}.add <<<"
reverse_proxy https://$proxy_site {
header_up Host {upstream_hostport}
}"
;;
esac
[[ $1 != "new" && $1 != 'proxy' ]] && {
[[ ! -f ${is_caddy_site_file}.add ]] && echo "# see https://233boy.com/$is_core/caddy-auto-tls/" >${is_caddy_site_file}.add
}
}

1712
src/core.sh Normal file
View File

File diff suppressed because it is too large Load Diff

56
src/dns.sh Normal file
View File

@@ -0,0 +1,56 @@
is_dns_list=(
1.1.1.1
8.8.8.8
h3://dns.google/dns-query
h3://cloudflare-dns.com/dns-query
h3://family.cloudflare-dns.com/dns-query
set
none
)
dns_set() {
if [[ $1 ]]; then
case ${1,,} in
11 | 1111)
is_dns_use=${is_dns_list[0]}
;;
88 | 8888)
is_dns_use=${is_dns_list[1]}
;;
gg | google)
is_dns_use=${is_dns_list[2]}
;;
cf | cloudflare)
is_dns_use=${is_dns_list[3]}
;;
nosex | family)
is_dns_use=${is_dns_list[4]}
;;
set)
if [[ $2 ]]; then
is_dns_use=${2,,}
else
ask string is_dns_use "请输入 DNS: "
fi
;;
none)
is_dns_use=none
;;
*)
err "无法识别 DNS 参数: $@"
;;
esac
else
is_tmp_list=(${is_dns_list[@]})
ask list is_dns_use null "\n请选择 DNS:\n"
if [[ $is_dns_use == "set" ]]; then
ask string is_dns_use "请输入 DNS: "
fi
fi
if [[ $is_dns_use == "none" ]]; then
cat <<<$(jq '.dns={}' $is_config_json) >$is_config_json
else
cat <<<$(jq '.dns.servers=[{address:"'$is_dns_use'",address_resolver:"local"},{tag:"local",address:"local"}]' $is_config_json) >$is_config_json
fi
manage restart &
msg "\n已更新 DNS 为: $(_green $is_dns_use)\n"
}

67
src/download.sh Normal file
View File

@@ -0,0 +1,67 @@
get_latest_version() {
case $1 in
core)
name=$is_core_name
url="https://api.github.com/repos/${is_core_repo}/releases/latest?v=$RANDOM"
;;
sh)
name="$is_core_name 脚本"
url="https://api.github.com/repos/$is_sh_repo/releases/latest?v=$RANDOM"
;;
caddy)
name="Caddy"
url="https://api.github.com/repos/$is_caddy_repo/releases/latest?v=$RANDOM"
;;
esac
latest_ver=$(_wget -qO- $url | grep tag_name | egrep -o 'v([0-9.]+)')
[[ ! $latest_ver ]] && {
err "获取 ${name} 最新版本失败."
}
unset name url
}
download() {
latest_ver=$2
[[ ! $latest_ver ]] && get_latest_version $1
# tmp dir
tmpdir=$(mktemp -u)
[[ ! $tmpdir ]] && {
tmpdir=/tmp/tmp-$RANDOM
}
mkdir -p $tmpdir
case $1 in
core)
name=$is_core_name
tmpfile=$tmpdir/$is_core.tar.gz
link="https://github.com/${is_core_repo}/releases/download/${latest_ver}/${is_core}-${latest_ver:1}-linux-${is_arch}.tar.gz"
download_file
tar zxf $tmpfile --strip-components 1 -C $is_core_dir/bin
chmod +x $is_core_bin
;;
sh)
name="$is_core_name 脚本"
tmpfile=$tmpdir/sh.tar.gz
link="https://github.com/${is_sh_repo}/releases/download/${latest_ver}/code.tar.gz"
download_file
tar zxf $tmpfile -C $is_sh_dir
chmod +x $is_sh_bin ${is_sh_bin/$is_core/sb}
;;
caddy)
name="Caddy"
tmpfile=$tmpdir/caddy.tar.gz
# https://github.com/caddyserver/caddy/releases/download/v2.6.4/caddy_2.6.4_linux_amd64.tar.gz
link="https://github.com/${is_caddy_repo}/releases/download/${latest_ver}/caddy_${latest_ver:1}_linux_${is_arch}.tar.gz"
download_file
tar zxf $tmpfile -C $tmpdir
cp -f $tmpdir/caddy $is_caddy_bin
chmod +x $is_caddy_bin
;;
esac
rm -rf $tmpdir
unset latest_ver
}
download_file() {
if ! _wget -t 5 -c $link -O $tmpfile; then
rm -rf $tmpdir
err "\n下载 ${name} 失败.\n"
fi
}

94
src/help.sh Normal file
View File

@@ -0,0 +1,94 @@
show_help() {
case $1 in
api | x25519 | tls | run | uuid | version)
$is_core_bin help $1 ${@:2}
;;
*)
[[ $1 ]] && warn "未知选项 '$1'"
msg "$is_core_name script $is_sh_ver by $author"
msg "Usage: $is_core [options]... [args]... "
msg
help_info=(
"基本:"
" v, version 显示当前版本"
" ip 返回当前主机的 IP"
" pbk 同等于 $is_core generate reality-keypair"
" get-port 返回一个可用的端口"
" ss2022 返回一个可用于 Shadowsocks 2022 的密码\n"
"一般:"
" a, add [protocol] [args... | auto] 添加配置"
" c, change [name] [option] [args... | auto] 更改配置"
" d, del [name] 删除配置**"
" i, info [name] 查看配置"
" qr [name] 二维码信息"
" url [name] URL 信息"
" log 查看日志"
# " logerr 查看错误日志\n"
"更改:"
# " dp, dynamicport [name] [start | auto] [end] 更改动态端口"
" full [name] [...] 更改多个参数"
" id [name] [uuid | auto] 更改 UUID"
" host [name] [domain] 更改域名"
" port [name] [port | auto] 更改端口"
" path [name] [path | auto] 更改路径"
" passwd [name] [password | auto] 更改密码"
" key [name] [Private key | atuo] [Public key] 更改密钥"
# " type [name] [type | auto] 更改伪装类型"
" method [name] [method | auto] 更改加密方式"
" sni [name] [ ip | domain] 更改 serverName"
# " seed [name] [seed | auto] 更改 mKCP seed"
" new [name] [...] 更改协议"
" web [name] [domain] 更改伪装网站\n"
"进阶:"
" dns [...] 设置 DNS"
" dd, ddel [name...] 删除多个配置**"
" fix [name] 修复一个配置"
" fix-all 修复全部配置"
" fix-caddyfile 修复 Caddyfile"
" fix-config.json 修复 config.json"
" import 导入 xray/v2ray 脚本配置\n"
"管理:"
" un, uninstall 卸载"
" u, update [core | sh | caddy] [ver] 更新"
" U, update.sh 更新脚本"
" s, status 运行状态"
" start, stop, restart [caddy] 启动, 停止, 重启"
" t, test 测试运行"
" reinstall 重装脚本\n"
"测试:"
# " client, genc [name] 显示用于客户端 JSON, 仅供参考"
" debug [name] 显示一些 debug 信息, 仅供参考"
" gen [...] 同等于 add, 但只显示 JSON 内容, 不创建文件, 测试使用"
" no-auto-tls [...] 同等于 add, 但禁止自动配置 TLS, 可用于 *TLS 相关协议"
# " xapi [...] 同等于 $is_core api, 但 API 后端使用当前运行的 $is_core_name 服务\n"
"其他:"
" bbr 启用 BBR, 如果支持"
" bin [...] 运行 $is_core_name 命令, 例如: $is_core bin help"
" [...] [...] 兼容绝大多数的 $is_core_name 命令, 例如: $is_core_name generate uuid"
" h, help 显示此帮助界面\n"
)
for v in "${help_info[@]}"; do
msg "$v"
done
msg "谨慎使用 del, ddel, 此选项会直接删除配置; 无需确认"
msg "反馈问题) $(msg_ul https://github.com/${is_sh_repo}/issues) "
msg "文档(doc) $(msg_ul https://233boy.com/$is_core/$is_core-script/)"
;;
esac
}
about() {
####### 要点13脸吗只会改我链接的小人 #######
unset c n m s b
msg
msg "网站: $(msg_ul https://233boy.com)"
msg "频道: $(msg_ul https://t.me/tg2333)"
msg "群组: $(msg_ul https://t.me/tg233boy)"
msg "Github: $(msg_ul https://github.com/${is_sh_repo})"
msg "Twitter: $(msg_ul https://twitter.com/ai233boy)"
msg "$is_core_name site: $(msg_ul https://sing-box.sagernet.org/)"
msg "$is_core_name core: $(msg_ul https://github.com/${is_core_repo})"
msg
####### 要点13脸吗只会改我链接的小人 #######
}

79
src/import.sh Normal file
View File

@@ -0,0 +1,79 @@
is_xray_sh=/etc/xray/sh/src/core.sh
is_v2ray_sh=/etc/v2ray/sh/src/core.sh
is_xray_conf=/etc/xray/conf
is_v2ray_conf=/etc/v2ray/conf
in_conf() {
is_conf_args=$(jq '.inbounds[0]|.protocol,.port,(.settings|(.clients[0]|.id,.password),.method,.password,.port,.address,(.accounts[0]|.user,.pass)),(.streamSettings|.network,.security,.tcpSettings.header.type,(.wsSettings|.path,.headers.Host),(.httpSettings|.path,.host[0]),(.realitySettings|.serverNames[0],.publicKey,.privateKey))' $1)
[[ $? != 0 ]] && warn "无法读取此文件: $1" && return
is_up_var_set=(null is_protocol port uuid trojan_password ss_method ss_password door_port door_addr is_socks_user is_socks_pass net is_reality net_type ws_path ws_host h2_path h2_host is_servername is_public_key is_private_key)
i=0
for v in $(sed 's/""/null/g;s/"//g' <<<"$is_conf_args"); do
((i++))
export ${is_up_var_set[$i]}="${v}"
done
for v in ${is_up_var_set[@]}; do
[[ ${!v} == 'null' ]] && unset $v
done
path="${ws_path}${h2_path}"
host="${ws_host}${h2_host}"
[[ ! $uuid ]] && uuid=$trojan_password
if [[ $host ]]; then
if [[ $is_caddy && -f $is_caddy_conf/$host.conf ]]; then
tmp_tlsport=$(egrep -o "$host:[1-9][0-9]?+" $is_caddy_conf/$host.conf | sed s/.*://)
fi
[[ $tmp_tlsport ]] && https_port=$tmp_tlsport
add $is_protocol-$net-tls
else
case $is_protocol in
vmess | vless)
[[ $net_type == "http" ]] && {
net=http
is_tips_msg="新配置文件名: (VMess-HTTP-$port.json)"
}
[[ $is_reality == "reality" ]] && net=reality
add $net
;;
dokodemo-door)
add door
is_tips_msg="新配置文件名: (Direct-$port.json)"
;;
*socks*)
add $is_protocol
;;
*)
is_not_in_conf=1
msg "不支持导入 $1"
;;
esac
fi
[[ ! $is_not_in_conf ]] && msg "导入: $1 $is_tips_msg" && rm $1
}
is_change=1
is_dont_auto_exit=1
is_dont_test_host=1
if [[ -f $is_xray_sh && -d $is_xray_conf ]]; then
is_list=($(ls $is_xray_conf | grep .json | egrep -iv 'kcp|grpc|dynamic|quic' | sed "s#^#$is_xray_conf/#"))
fi
if [[ -f $is_v2ray_sh && -d $is_v2ray_conf ]]; then
is_list+=($(ls $is_v2ray_conf | grep .json | egrep -iv 'kcp|grpc|dynamic|quic' | sed "s#^#$is_v2ray_conf/#"))
fi
[[ ${is_list[@]} =~ "xray" ]] && is_xray_in=1
[[ ${is_list[@]} =~ "v2ray" ]] && is_v2ray_in=1
[[ $is_xray_in ]] && xray stop
[[ $is_v2ray_in ]] && v2ray stop
if [[ ${is_list[@]} ]]; then
msg "开始导入配置..."
for i in ${is_list[@]}; do
in_conf $i &
done
wait
is_dont_auto_exit=
manage restart &
[[ $is_xray_in ]] && xray restart &
[[ $is_v2ray_in ]] && v2ray restart &
[[ ${is_list[@],,} =~ "tls" && $is_caddy ]] && manage restart caddy &
else
err "没有找到可导入的配置..."
fi

135
src/init.sh Normal file
View File

@@ -0,0 +1,135 @@
#!/bin/bash
author=233boy
# github=https://github.com/233boy/sing-box
# bash fonts colors
red='\e[31m'
yellow='\e[33m'
gray='\e[90m'
green='\e[92m'
blue='\e[94m'
magenta='\e[95m'
cyan='\e[96m'
none='\e[0m'
_red() { echo -e ${red}$@${none}; }
_blue() { echo -e ${blue}$@${none}; }
_cyan() { echo -e ${cyan}$@${none}; }
_green() { echo -e ${green}$@${none}; }
_yellow() { echo -e ${yellow}$@${none}; }
_magenta() { echo -e ${magenta}$@${none}; }
_red_bg() { echo -e "\e[41m$@${none}"; }
_rm() {
rm -rf "$@"
}
_cp() {
cp -rf "$@"
}
_sed() {
sed -i "$@"
}
_mkdir() {
mkdir -p "$@"
}
is_err=$(_red_bg 错误!)
is_warn=$(_red_bg 警告!)
err() {
echo -e "\n$is_err $@\n"
[[ $is_dont_auto_exit ]] && return
exit 1
}
warn() {
echo -e "\n$is_warn $@\n"
}
# yum or apt-get
cmd=$(type -P apt-get || type -P yum)
# x64
case $(arch) in
amd64 | x86_64)
is_arch="amd64"
;;
*aarch64* | *armv8*)
is_arch="arm64"
;;
*)
err "此脚本仅支持 64 位系统..."
;;
esac
is_core=sing-box
is_core_name=sing-box
is_core_dir=/etc/$is_core
is_core_bin=$is_core_dir/bin/$is_core
is_core_repo=SagerNet/$is_core
is_conf_dir=$is_core_dir/conf
is_log_dir=/var/log/$is_core
is_sh_bin=/usr/local/bin/$is_core
is_sh_dir=$is_core_dir/sh
is_sh_repo=$author/$is_core
is_pkg="wget unzip tar qrencode"
is_config_json=$is_core_dir/config.json
is_caddy_bin=/usr/local/bin/caddy
is_caddy_dir=/etc/caddy
is_caddy_repo=caddyserver/caddy
is_caddyfile=$is_caddy_dir/Caddyfile
is_caddy_conf=$is_caddy_dir/$author
is_caddy_service=$(systemctl list-units --full -all | grep caddy.service)
is_http_port=80
is_https_port=443
# core ver
is_core_ver=$($is_core_bin version | head -n1 | cut -d " " -f3)
# tmp tls key
is_tls_cer=$is_core_dir/bin/tls.cer
is_tls_key=$is_core_dir/bin/tls.key
[[ ! -f $is_tls_cer || ! -f $is_tls_key ]] && {
is_tls_tmp=${is_tls_key/key/tmp}
$is_core_bin generate tls-keypair tls -m 456 >$is_tls_tmp
awk '/BEGIN PRIVATE KEY/,/END PRIVATE KEY/' $is_tls_tmp >$is_tls_key
awk '/BEGIN CERTIFICATE/,/END CERTIFICATE/' $is_tls_tmp >$is_tls_cer
rm $is_tls_tmp
}
if [[ $(pgrep -f $is_core_bin) ]]; then
is_core_status=$(_green running)
else
is_core_status=$(_red_bg stopped)
is_core_stop=1
fi
if [[ -f $is_caddy_bin && -d $is_caddy_dir && $is_caddy_service ]]; then
is_caddy=1
is_caddy_ver=$($is_caddy_bin version | head -n1 | cut -d " " -f1)
is_tmp_http_port=$(egrep '^ {2,}http_port|^http_port' $is_caddyfile | egrep -o [0-9]+)
is_tmp_https_port=$(egrep '^ {2,}https_port|^https_port' $is_caddyfile | egrep -o [0-9]+)
[[ $is_tmp_http_port ]] && is_http_port=$is_tmp_http_port
[[ $is_tmp_https_port ]] && is_https_port=$is_tmp_https_port
if [[ $(pgrep -f $is_caddy_bin) ]]; then
is_caddy_status=$(_green running)
else
is_caddy_status=$(_red_bg stopped)
is_caddy_stop=1
fi
fi
# load bash script.
load() {
. $is_sh_dir/src/$1
}
# wget add --no-check-certificate
_wget() {
# [[ $proxy ]] && export https_proxy=$proxy
wget --no-check-certificate "$@"
}
load core.sh
[[ ! $args ]] && args=main
main $args

58
src/systemd.sh Normal file
View File

@@ -0,0 +1,58 @@
install_service() {
case $1 in
$is_core)
is_doc_site=https://sing-box.sagernet.org/
cat >/lib/systemd/system/$is_core.service <<<"
[Unit]
Description=$is_core_name Service
Documentation=$is_doc_site
After=network.target nss-lookup.target
[Service]
#User=nobody
User=root
NoNewPrivileges=true
ExecStart=$is_core_bin run -c $is_config_json -C $is_conf_dir
Restart=on-failure
RestartPreventExitStatus=23
LimitNPROC=10000
LimitNOFILE=1048576
PrivateTmp=true
ProtectSystem=full
#CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE
#AmbientCapabilities=CAP_NET_ADMIN CAP_NET_BIND_SERVICE
[Install]
WantedBy=multi-user.target"
;;
caddy)
cat >/lib/systemd/system/caddy.service <<<"
#https://github.com/caddyserver/dist/blob/master/init/caddy.service
[Unit]
Description=Caddy
Documentation=https://caddyserver.com/docs/
After=network.target network-online.target
Requires=network-online.target
[Service]
Type=notify
User=root
Group=root
ExecStart=$is_caddy_bin run --environ --config $is_caddyfile
ExecReload=$is_caddy_bin reload --config $is_caddyfile
TimeoutStopSec=5s
LimitNPROC=10000
LimitNOFILE=1048576
PrivateTmp=true
ProtectSystem=full
#AmbientCapabilities=CAP_NET_BIND_SERVICE
[Install]
WantedBy=multi-user.target"
;;
esac
# enable, reload
systemctl enable $1
systemctl daemon-reload
}