Merge pull request #121 from fr0der1c/anytls

feat: add AnyTLS protocol support

README.md

@@ -16,6 +16,7 @@
 - 一键添加 TUIC
 - 一键添加 Trojan
 - 一键添加 Hysteria2
+- 一键添加 AnyTLS
 - 一键添加 Shadowsocks 2022
 - 一键添加 VMess-(TCP/HTTP/QUIC)
 - 一键添加 VMess-(WS/H2/HTTPUpgrade)-TLS

install.sh

@@ -34,13 +34,15 @@ warn() {
 # root
 [[ $EUID != 0 ]] && err "当前非 ${yellow}ROOT用户.${none}"
 
-# yum or apt-get, ubuntu/debian/centos
+# apt-get, yum, zypper or apk
-cmd=$(type -P apt-get || type -P yum)
+cmd=$(type -P apt-get || type -P yum || type -P zypper || type -P apk)
-[[ ! $cmd ]] && err "此脚本仅支持 ${yellow}(Ubuntu or Debian or CentOS)${none}."
+[[ ! $cmd ]] && err "此脚本仅支持 ${yellow}(Ubuntu or Debian or CentOS or SUSE or Alpine)${none}."
 
-# systemd
+# systemd or openrc
-[[ ! $(type -P systemctl) ]] && {
+is_systemd=$(type -P systemctl)
-    err "此系统缺少 ${yellow}(systemctl)${none}, 请尝试执行:${yellow} ${cmd} update -y;${cmd} install systemd -y ${none}来修复此错误."
+is_openrc=$(type -P rc-service)
+[[ ! $is_systemd && ! $is_openrc ]] && {
+    err "此系统缺少 ${yellow}(systemctl 或 rc-service)${none}, 请安装 systemd 或确认 OpenRC 已启用."
 }
 
 # wget installed or none
@@ -69,7 +71,9 @@ is_log_dir=/var/log/$is_core
 is_sh_bin=/usr/local/bin/$is_core
 is_sh_dir=$is_core_dir/sh
 is_sh_repo=$author/$is_core
-is_pkg="wget tar"
+is_pkg="wget tar bash"
+# Alpine: gcompat provides glibc compatibility for prebuilt binaries
+[[ $cmd =~ apk ]] && is_pkg="$is_pkg gcompat jq"
 is_config_json=$is_core_dir/config.json
 tmp_var_lists=(
     tmpcore
@@ -125,7 +129,7 @@ show_help() {
     echo -e "Usage: $0 [-f xxx | -l | -p xxx | -v xxx | -h]"
     echo -e "  -f, --core-file <path>          自定义 $is_core_name 文件路径, e.g., -f /root/$is_core-linux-amd64.tar.gz"
     echo -e "  -l, --local-install             本地获取安装脚本, 使用当前目录"
-    echo -e "  -p, --proxy <addr>              使用代理下载, e.g., -p http://127.0.0.1:2333 or -p socks5://127.0.0.1:2333"
+    echo -e "  -p, --proxy <addr>              使用代理下载, e.g., -p http://127.0.0.1:2333"
     echo -e "  -v, --core-version <ver>        自定义 $is_core_name 版本, e.g., -v v1.8.13"
     echo -e "  -h, --help                      显示此帮助界面\n"
 
@@ -141,15 +145,22 @@ install_pkg() {
     if [[ $cmd_not_found ]]; then
         pkg=$(echo $cmd_not_found | sed 's/,/ /g')
         msg warn "安装依赖包 >${pkg}"
+        if [[ $cmd =~ apk ]]; then
+            apk update &>/dev/null
+            apk add $pkg &>/dev/null
+        else
             $cmd install -y $pkg &>/dev/null
             if [[ $? != 0 ]]; then
                 [[ $cmd =~ yum ]] && yum install epel-release -y &>/dev/null
-            $cmd update -y &>/dev/null
+                if [[ $cmd =~ zypper ]]; then
-            $cmd install -y $pkg &>/dev/null
+                    $cmd --non-interactive refresh &>/dev/null
-            [[ $? == 0 ]] && >$is_pkg_ok
                 else
-            >$is_pkg_ok
+                    $cmd update -y &>/dev/null
                 fi
+                $cmd install -y $pkg &>/dev/null
+            fi
+        fi
+        [[ $? == 0 ]] && >$is_pkg_ok
     else
         >$is_pkg_ok
     fi
@@ -159,7 +170,7 @@ install_pkg() {
 download() {
     case $1 in
     core)
-        [[ ! $is_core_ver ]] && is_core_ver=$(_wget -qO- "https://api.github.com/repos/${is_core_repo}/releases/latest?v=$RANDOM" | grep tag_name | egrep -o 'v([0-9.]+)')
+        [[ ! $is_core_ver ]] && is_core_ver=$(_wget -qO- "https://api.github.com/repos/${is_core_repo}/releases/latest?v=$RANDOM" | grep tag_name | grep -E -o 'v([0-9.]+)')
         [[ $is_core_ver ]] && link="https://github.com/${is_core_repo}/releases/download/${is_core_ver}/${is_core}-${is_core_ver:1}-linux-${is_arch}.tar.gz"
         name=$is_core_name
         tmpfile=$tmpcore
@@ -198,7 +209,11 @@ check_status() {
     # dependent pkg install fail
     [[ ! -f $is_pkg_ok ]] && {
         msg err "安装依赖包失败"
-        msg err "请尝试手动安装依赖包: $cmd update -y; $cmd install -y $pkg"
+        if [[ $cmd =~ apk ]]; then
+            msg err "请尝试手动安装依赖包: apk update; apk add $is_pkg"
+        else
+            msg err "请尝试手动安装依赖包: $cmd update -y; $cmd install -y $is_pkg"
+        fi
         is_fail=1
     }
 
@@ -329,13 +344,22 @@ main() {
         msg warn "${yellow}本地获取安装脚本 > $PWD ${none}"
     }
 
+    if [[ $is_systemd ]]; then
         timedatectl set-ntp true &>/dev/null
         [[ $? != 0 ]] && {
             is_ntp_on=1
         }
+    fi
 
     # install dependent pkg
+    if [[ $cmd =~ apk ]]; then
+        # Alpine: force install full versions to replace BusyBox applets
+        apk update &>/dev/null
+        apk add $is_pkg &>/dev/null
+        [[ $? == 0 ]] && >$is_pkg_ok
+    else
         install_pkg $is_pkg &
+    fi
 
     # jq
     if [[ $(type -P jq) ]]; then
@@ -416,7 +440,7 @@ main() {
     # show a tips msg
     msg ok "生成配置文件..."
 
-    # create systemd service
+    # create service
     load systemd.sh
     is_new_install=1
     install_service $is_core &>/dev/null
@@ -427,6 +451,8 @@ main() {
     load core.sh
     # create a reality config
     add reality
+    # wait for background tasks (e.g., OpenRC service start)
+    wait
     # remove tmp dir and exit.
     exit_and_del_tmpdir ok
 }

sing-box.sh

@@ -1,6 +1,6 @@
 #!/bin/bash
 
 args=$@
-is_sh_ver=v1.06
+is_sh_ver=v1.16
 
 . /etc/sing-box/sh/src/init.sh

src/core.sh

@@ -20,6 +20,7 @@ protocol_list=(
     Trojan-HTTPUpgrade-TLS
     VLESS-REALITY
     VLESS-HTTP2-REALITY
+    AnyTLS
     # Direct
     Socks
 )
@@ -92,6 +93,20 @@ servername_list=(
     aws.amazon.com
 )
 
+# shuf fallback for systems without shuf (e.g., Alpine BusyBox)
+if ! type -P shuf &>/dev/null; then
+    shuf() {
+        local min max n
+        while [[ $# -gt 0 ]]; do
+            case $1 in
+            -i) IFS=- read min max <<<"$2"; shift 2 ;;
+            -n) n=$2; shift 2 ;;
+            esac
+        done
+        echo $(( RANDOM % (max - min + 1) + min ))
+    }
+fi
+
 is_random_ss_method=${ss_method_list[$(shuf -i 4-6 -n1)]} # random only use ss2022
 is_random_servername=${servername_list[$(shuf -i 0-${#servername_list[@]} -n1) - 1]}
 
@@ -159,7 +174,7 @@ show_list() {
 is_test() {
     case $1 in
     number)
-        echo $2 | egrep '^[1-9][0-9]?+$'
+        echo $2 | grep -E '^[1-9][0-9]?+$'
         ;;
     port)
         if [[ $(is_test number $2) ]]; then
@@ -170,13 +185,13 @@ is_test() {
         [[ $(is_port_used $2) && ! $is_cant_test_port ]] && echo ok
         ;;
     domain)
-        echo $2 | egrep -i '^\w(\w|\-|\.)?+\.\w+$'
+        echo $2 | grep -E -i '^\w(\w|\-|\.)?+\.\w+$'
         ;;
     path)
-        echo $2 | egrep -i '^\/\w(\w|\-|\/)?+\w$'
+        echo $2 | grep -E -i '^\/\w(\w|\-|\/)?+\w$'
         ;;
     uuid)
-        echo $2 | egrep -i '[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}'
+        echo $2 | grep -E -i '[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}'
         ;;
     esac
 
@@ -213,7 +228,7 @@ ask() {
         [[ $is_no_auto_tls ]] && {
             unset is_tmp_list
             for v in ${protocol_list[@]}; do
-                [[ $(grep -i tls$ <<<$v) ]] && is_tmp_list=(${is_tmp_list[@]} $v)
+                [[ $(grep -i "\-tls$" <<<$v) ]] && is_tmp_list=(${is_tmp_list[@]} $v)
             done
         }
         is_opt_msg="\n请选择协议:\n"
@@ -309,6 +324,8 @@ create() {
         if [[ $host ]]; then
             is_config_name=$2-${host}.json
             is_listen='listen: "127.0.0.1"'
+        elif [[ $is_anytls_domain ]]; then
+            is_config_name=$2-${is_anytls_domain}.json
         else
             is_config_name=$2-${port}.json
         fi
@@ -369,7 +386,7 @@ create() {
         else
             [[ ! $is_ntp_on ]] && is_ntp=
         fi
-        is_outbounds='outbounds:[{tag:"direct",type:"direct"},{tag:"block",type:"block"}]'
+        is_outbounds='outbounds:[{tag:"direct",type:"direct"}]'
         is_server_config_json=$(jq "{$is_log,$is_dns,$is_ntp$is_outbounds}" <<<{})
         cat <<<$is_server_config_json >$is_config_json
         manage restart &
@@ -467,7 +484,7 @@ change() {
     1)
         # new port
         is_new_port=$3
-        [[ $host && ! $is_caddy ]] && err "($is_config_file) 不支持更改端口, 因为没啥意义."
+        [[ $host && ! $is_caddy || $is_no_auto_tls ]] && err "($is_config_file) 不支持更改端口, 因为没啥意义."
         if [[ $is_new_port && ! $is_auto ]]; then
             [[ ! $(is_test port $is_new_port) ]] && err "请输入正确的端口, 可选(1-65535)"
             [[ $is_new_port != 443 && $(is_test port_used $is_new_port) ]] && err "无法使用 ($is_new_port) 端口"
@@ -655,7 +672,7 @@ del() {
                 [[ ! $old_host ]] && return # no host exist or not set new host;
                 is_del_host=$old_host
             }
-            [[ $is_del_host && $host != $old_host ]] && {
+            [[ $is_del_host && $host != $old_host && -f $is_caddy_conf/$is_del_host.conf ]] && {
                 rm -rf $is_caddy_conf/$is_del_host.conf $is_caddy_conf/$is_del_host.conf.add
                 [[ ! $is_new_json ]] && manage restart caddy &
             }
@@ -679,13 +696,22 @@ uninstall() {
     fi
     manage stop &>/dev/null
     manage disable &>/dev/null
-    rm -rf $is_core_dir $is_log_dir $is_sh_bin ${is_sh_bin/$is_core/sb} /lib/systemd/system/$is_core.service
+    rm -rf $is_core_dir $is_log_dir $is_sh_bin ${is_sh_bin/$is_core/sb}
-    sed -i "/alias $is_core=/d" /root/.bashrc
+    if [[ $is_systemd ]]; then
+        rm -f /lib/systemd/system/$is_core.service
+    elif [[ $is_openrc ]]; then
+        rm -f /etc/init.d/$is_core
+    fi
+    sed -i "/$is_core/d" /root/.bashrc
     # uninstall caddy; 2 is ask result
     if [[ $REPLY == '2' ]]; then
         manage stop caddy &>/dev/null
         manage disable caddy &>/dev/null
+        if [[ $is_systemd ]]; then
             rm -rf $is_caddy_dir $is_caddy_bin /lib/systemd/system/caddy.service
+        elif [[ $is_openrc ]]; then
+            rm -rf $is_caddy_dir $is_caddy_bin /etc/init.d/caddy
+        fi
     fi
     [[ $is_install_sh ]] && return # reinstall
     _green "\n卸载完成!"
@@ -728,10 +754,24 @@ manage() {
         is_do_name_msg=$is_core_name
         ;;
     esac
-    systemctl $is_do $is_do_name
+    if [[ $is_systemd ]]; then
+        systemctl $is_do $is_do_name 2>/dev/null
+    elif [[ $is_openrc ]]; then
+        case $is_do in
+        enable)
+            rc-update add $is_do_name default 2>/dev/null
+            ;;
+        disable)
+            rc-update del $is_do_name default 2>/dev/null
+            ;;
+        *)
+            rc-service $is_do_name $is_do 2>/dev/null
+            ;;
+        esac
+    fi
     [[ $is_test_run && ! $is_new_install ]] && {
         sleep 2
-        if [[ ! $(pgrep -f $is_run_bin) ]]; then
+        if [[ ! $(pgrep -f $is_run_bin 2>/dev/null || grep -l "$is_run_bin" /proc/*/cmdline 2>/dev/null) ]]; then
             is_run_fail=${is_do_name_msg,,}
             [[ ! $is_no_manage_msg ]] && {
                 msg
@@ -776,12 +816,15 @@ add() {
         trojan)
             is_new_protocol=Trojan
             ;;
+        anytls)
+            is_new_protocol=AnyTLS
+            ;;
         socks)
             is_new_protocol=Socks
             ;;
         *)
             for v in ${protocol_list[@]}; do
-                [[ $(egrep -i "^$is_lower$" <<<$v) ]] && is_new_protocol=$v && break
+                [[ $(grep -E -i "^$is_lower$" <<<$v) ]] && is_new_protocol=$v && break
             done
 
             [[ ! $is_new_protocol ]] && err "无法识别 ($1), 请使用: $is_core add [protocol] [args... | auto]"
@@ -792,6 +835,14 @@ add() {
     # no prefer protocol
     [[ ! $is_new_protocol ]] && ask set_protocol
 
+    if [[ ${is_new_protocol,,} == 'anytls' ]]; then
+        is_core_major=$(echo "$is_core_ver" | cut -d. -f1)
+        is_core_minor=$(echo "$is_core_ver" | cut -d. -f2)
+        if [[ ${is_core_major:-0} -lt 1 || ${is_core_major:-0} -eq 1 && ${is_core_minor:-0} -lt 12 ]]; then
+            err "当前 sing-box 版本 ($is_core_ver) 不支持 AnyTLS，请先升级 sing-box core 到 1.12.0 或更高版本。"
+        fi
+    fi
+
     case ${is_new_protocol,,} in
     *-tls)
         is_use_tls=1
@@ -829,6 +880,12 @@ add() {
         is_use_door_port=$4
         is_add_opts="[port] [remote_addr] [remote_port]"
         ;;
+    anytls*)
+        is_use_port=$2
+        is_use_pass=$3
+        [[ $4 ]] && is_anytls_domain=$4
+        is_add_opts="[port] [password] [domain]"
+        ;;
     socks)
         is_socks=1
         is_use_port=$2
@@ -849,7 +906,7 @@ add() {
         case $is_old_net in
         h2 | ws | httpupgrade)
             old_host=$host
-            [[ ! $is_use_tls ]] && host=
+            [[ ! $is_use_tls ]] && unset host is_no_auto_tls
             ;;
         reality)
             net_type=
@@ -905,7 +962,7 @@ add() {
             is_tmp_use_name=加密方式
             is_tmp_list=${ss_method_list[@]}
             for v in ${is_tmp_list[@]}; do
-                [[ $(egrep -i "^${is_use_method}$" <<<$v) ]] && is_tmp_use_type=$v && break
+                [[ $(grep -E -i "^${is_use_method}$" <<<$v) ]] && is_tmp_use_type=$v && break
             done
             [[ ! ${is_tmp_use_type} ]] && {
                 warn "(${is_use_method}) 不是一个可用的${is_tmp_use_name}."
@@ -926,6 +983,14 @@ add() {
         [[ $is_use_socks_pass ]] && is_socks_pass=$is_use_socks_pass
     fi
 
+    # anytls with domain (ACME TLS)
+    if [[ $is_anytls_domain && ! $is_change && ! $is_gen ]]; then
+        get_ip
+        host=$is_anytls_domain
+        get host-test
+        host=
+    fi
+
     if [[ $is_use_tls ]]; then
         if [[ ! $is_no_auto_tls && ! $is_caddy && ! $is_gen && ! $is_dont_test_host ]]; then
             # test auto tls
@@ -1022,6 +1087,7 @@ get() {
         [[ ! $is_addr ]] && {
             get_ip
             is_addr=$ip
+            [[ $(grep ":" <<<$ip) ]] && is_addr="[$ip]"
         }
         ;;
     new)
@@ -1032,8 +1098,8 @@ get() {
     file)
         is_file_str=$2
         [[ ! $is_file_str ]] && is_file_str='.json$'
-        # is_all_json=("$(ls $is_conf_dir | egrep $is_file_str)")
+        # is_all_json=("$(ls $is_conf_dir | grep -E $is_file_str)")
-        readarray -t is_all_json <<<"$(ls $is_conf_dir | egrep -i "$is_file_str" | sed '/dynamic-port-.*-link/d' | head -233)" # limit max 233 lines for show.
+        readarray -t is_all_json <<<"$(ls $is_conf_dir | grep -E -i "$is_file_str" | sed '/dynamic-port-.*-link/d' | head -233)" # limit max 233 lines for show.
         [[ ! $is_all_json ]] && err "无法找到相关的配置文件: $2"
         [[ ${#is_all_json[@]} -eq 1 ]] && is_config_file=$is_all_json && is_auto_get_config=1
         [[ ! $is_config_file ]] && {
@@ -1067,10 +1133,18 @@ get() {
             is_socks_user=$username
             is_socks_pass=$password
 
+            # extract anytls ACME domain
+            [[ $is_protocol == 'anytls' ]] && {
+                is_anytls_domain=$(jq -r '(.inbounds[0].tls.certificate_provider.domain[0] // .inbounds[0].tls.acme.domain[0]) // empty' <<<$is_json_str 2>/dev/null)
+            }
+
             is_config_name=$is_config_file
 
             if [[ $is_caddy && $host && -f $is_caddy_conf/$host.conf ]]; then
-                is_tmp_https_port=$(egrep -o "$host:[1-9][0-9]?+" $is_caddy_conf/$host.conf | sed s/.*://)
+                is_tmp_https_port=$(grep -E -o "$host:[1-9][0-9]?+" $is_caddy_conf/$host.conf | sed s/.*://)
+            fi
+            if [[ $host && ! -f $is_caddy_conf/$host.conf ]]; then
+                is_no_auto_tls=1
             fi
             [[ $is_tmp_https_port ]] && is_https_port=$is_tmp_https_port
             [[ $is_client && $host ]] && port=$is_https_port
@@ -1128,6 +1202,24 @@ get() {
             is_protocol=$net
             json_str="override_port:$door_port,override_address:\"$door_addr\""
             ;;
+        anytls*)
+            net=anytls
+            is_protocol=$net
+            [[ ! $password ]] && password=$uuid
+            is_users="users:[{password:\"$password\"}]"
+            if [[ $is_anytls_domain ]]; then
+                # sing-box >= 1.14.0 uses certificate_provider; older uses acme
+                is_core_minor=$(echo "$is_core_ver" | cut -d. -f2)
+                if [[ ${is_core_minor:-0} -ge 14 ]]; then
+                    is_anytls_tls="tls:{enabled:true,certificate_provider:{type:\"acme\",domain:[\"$is_anytls_domain\"]}}"
+                else
+                    is_anytls_tls="tls:{enabled:true,acme:{domain:[\"$is_anytls_domain\"]}}"
+                fi
+            else
+                is_anytls_tls="${is_tls_json/alpn\:\[\"h3\"\],/}"
+            fi
+            json_str="$is_users,$is_anytls_tls"
+            ;;
         socks*)
             net=socks
             is_protocol=$net
@@ -1195,7 +1287,11 @@ get() {
         fi
         ;;
     ssss | ss2022)
+        if [[ $(grep 128 <<<$ss_method) ]]; then
+            $is_core_bin generate rand 16 --base64
+        else
             $is_core_bin generate rand 32 --base64
+        fi
         ;;
     ping)
         # is_ip_type="-4"
@@ -1205,11 +1301,6 @@ get() {
         [[ $(grep ":" <<<$ip) ]] && is_dns_type="aaaa"
         is_host_dns=$(_wget -qO- --header="accept: application/dns-json" "https://one.one.one.one/dns-query?name=$host&type=$is_dns_type")
         ;;
-    log | logerr)
-        msg "\n 提醒: 按 $(_green Ctrl + C) 退出\n"
-        [[ $1 == 'log' ]] && tail -f $is_log_dir/access.log
-        [[ $1 == 'logerr' ]] && tail -f $is_log_dir/error.log
-        ;;
     install-caddy)
         _green "\n安装 Caddy 实现自动配置 TLS.\n"
         load download.sh
@@ -1225,13 +1316,15 @@ get() {
         bash <<<$is_install_sh
         ;;
     test-run)
+        if [[ $is_systemd ]]; then
             systemctl list-units --full -all &>/dev/null
             [[ $? != 0 ]] && {
                 _yellow "\n无法执行测试, 请检查 systemctl 状态.\n"
                 return
             }
+        fi
         is_no_manage_msg=1
-        if [[ ! $(pgrep -f $is_core_bin) ]]; then
+        if [[ ! $(pgrep -f $is_core_bin 2>/dev/null || grep -l "$is_core_bin" /proc/*/cmdline 2>/dev/null) ]]; then
             _yellow "\n测试运行 $is_core_name ..\n"
             manage start &>/dev/null
             if [[ $is_run_fail == $is_core ]]; then
@@ -1244,7 +1337,7 @@ get() {
             _green "\n$is_core_name 正在运行, 跳过测试\n"
         fi
         if [[ $is_caddy ]]; then
-            if [[ ! $(pgrep -f $is_caddy_bin) ]]; then
+            if [[ ! $(pgrep -f $is_caddy_bin 2>/dev/null || grep -l "$is_caddy_bin" /proc/*/cmdline 2>/dev/null) ]]; then
                 _yellow "\n测试运行 Caddy ..\n"
                 manage start caddy &>/dev/null
                 if [[ $is_run_fail == 'caddy' ]]; then
@@ -1348,7 +1441,20 @@ info() {
             is_info_show=(${is_info_show[@]/15/})
         }
         is_info_str=($is_protocol $is_addr $port $uuid $is_flow $is_net_type reality $is_servername chrome $is_public_key)
-        is_url="$is_protocol://$uuid@$ip:$port?encryption=none&security=reality&flow=$is_flow&type=$is_net_type&sni=$is_servername&pbk=$is_public_key&fp=chrome#233boy-$net-$is_addr"
+        is_url="$is_protocol://$uuid@$is_addr:$port?encryption=none&security=reality&flow=$is_flow&type=$is_net_type&sni=$is_servername&pbk=$is_public_key&fp=chrome#233boy-$net-$is_addr"
+        ;;
+    anytls)
+        is_can_change=(0 1 4)
+        if [[ $is_anytls_domain ]]; then
+            is_info_show=(0 1 2 10 8)
+            is_info_str=($is_protocol $is_anytls_domain $port $password tls)
+            is_url="anytls://$password@$is_anytls_domain:$port#233boy-$net-$is_anytls_domain"
+        else
+            is_insecure=1
+            is_info_show=(0 1 2 10 8 20)
+            is_info_str=($is_protocol $is_addr $port $password tls true)
+            is_url="anytls://$password@$is_addr:$port?allowInsecure=1#233boy-$net-$is_addr"
+        fi
         ;;
     direct)
         is_can_change=(0 1 7 8)
@@ -1533,7 +1639,8 @@ is_main_menu() {
             _try_enable_bbr
             ;;
         2)
-            get log
+            load log.sh
+            log_set
             ;;
         3)
             get test-run
@@ -1651,7 +1758,8 @@ main() {
         load import.sh
         ;;
     log)
-        get $@
+        load log.sh
+        log_set $2
         ;;
     url | qr)
         url_qr $@

src/dns.sh

@@ -8,6 +8,9 @@ is_dns_list=(
     none
 )
 dns_set() {
+    if [[ $(echo -e "1.11.99\n$is_core_ver" | sort -V | head -n1) == '1.11.99' ]]; then
+        is_dns_new=1
+    fi
     if [[ $1 ]]; then
         case ${1,,} in
         11 | 1111)
@@ -46,11 +49,34 @@ dns_set() {
             ask string is_dns_use "请输入 DNS: "
         fi
     fi
+    is_dns_use_bak=$is_dns_use
     if [[ $is_dns_use == "none" ]]; then
-        cat <<<$(jq '.dns={}' $is_config_json) >$is_config_json
+        cat <<<$(jq '.|.dns={}|del(.route.default_domain_resolver)' $is_config_json) >$is_config_json
+    else
+        if [[ $is_dns_new ]]; then
+            dns_set_server $is_dns_use
+            cat <<<$(jq '.|.dns.servers=[{tag:"dns",type:"'$is_dns_type'",server:"'$is_dns_use'",domain_resolver:"local"},{tag:"local",type:"local"}]|.route.default_domain_resolver="dns"' $is_config_json) >$is_config_json
         else
             cat <<<$(jq '.dns.servers=[{address:"'$is_dns_use'",address_resolver:"local"},{tag:"local",address:"local"}]' $is_config_json) >$is_config_json
         fi
+    fi
     manage restart &
-    msg "\n已更新 DNS 为: $(_green $is_dns_use)\n"
+    msg "\n已更新 DNS 为: $(_green $is_dns_use_bak)\n"
+}
+dns_set_server() {
+    if [[ $(grep '://' <<<$1) ]]; then
+        is_tmp_dns_set=($(awk -F '://|/' '{print $1, $2}' <<<${1,,}))
+        case ${is_tmp_dns_set[0]} in
+        tcp | udp | tls | https | quic | h3)
+            is_dns_use=${is_tmp_dns_set[1]}
+            is_dns_type=${is_tmp_dns_set[0]}
+            ;;
+        *)
+            err "无法识别 DNS 类型!"
+            ;;
+        esac
+    else
+        is_dns_use=$1
+        is_dns_type=udp
+    fi
 }

src/download.sh

@@ -13,7 +13,7 @@ get_latest_version() {
         url="https://api.github.com/repos/$is_caddy_repo/releases/latest?v=$RANDOM"
         ;;
     esac
-    latest_ver=$(_wget -qO- $url | grep tag_name | egrep -o 'v([0-9.]+)')
+    latest_ver=$(_wget -qO- $url | grep tag_name | grep -E -o 'v([0-9.]+)')
     [[ ! $latest_ver ]] && {
         err "获取 ${name} 最新版本失败."
     }

src/import.sh

@@ -19,7 +19,7 @@ in_conf() {
     [[ ! $uuid ]] && uuid=$trojan_password
     if [[ $host ]]; then
         if [[ $is_caddy && -f $is_caddy_conf/$host.conf ]]; then
-            tmp_tlsport=$(egrep -o "$host:[1-9][0-9]?+" $is_caddy_conf/$host.conf | sed s/.*://)
+            tmp_tlsport=$(grep -E -o "$host:[1-9][0-9]?+" $is_caddy_conf/$host.conf | sed s/.*://)
         fi
         [[ $tmp_tlsport ]] && https_port=$tmp_tlsport
         add $is_protocol-$net-tls
@@ -53,10 +53,10 @@ is_change=1
 is_dont_auto_exit=1
 is_dont_test_host=1
 if [[ -f $is_xray_sh && -d $is_xray_conf ]]; then
-    is_list=($(ls $is_xray_conf | grep .json | egrep -iv 'kcp|grpc|dynamic|quic' | sed "s#^#$is_xray_conf/#"))
+    is_list=($(ls $is_xray_conf | grep .json | grep -E -iv 'kcp|grpc|dynamic|quic' | sed "s#^#$is_xray_conf/#"))
 fi
 if [[ -f $is_v2ray_sh && -d $is_v2ray_conf ]]; then
-    is_list+=($(ls $is_v2ray_conf | grep .json | egrep -iv 'kcp|grpc|dynamic|quic' | sed "s#^#$is_v2ray_conf/#"))
+    is_list+=($(ls $is_v2ray_conf | grep .json | grep -E -iv 'kcp|grpc|dynamic|quic' | sed "s#^#$is_v2ray_conf/#"))
 fi
 [[ ${is_list[@]} =~ "xray" ]] && is_xray_in=1
 [[ ${is_list[@]} =~ "v2ray" ]] && is_v2ray_in=1

src/init.sh

@@ -58,11 +58,11 @@ _wget() {
     wget --no-check-certificate "$@"
 }
 
-# yum or apt-get
+# apt-get, yum, zypper or apk
-cmd=$(type -P apt-get || type -P yum)
+cmd=$(type -P apt-get || type -P yum || type -P zypper || type -P apk)
 
 # x64
-case $(arch) in
+case $(uname -m) in
 amd64 | x86_64)
     is_arch="amd64"
     ;;
@@ -84,14 +84,20 @@ is_log_dir=/var/log/$is_core
 is_sh_bin=/usr/local/bin/$is_core
 is_sh_dir=$is_core_dir/sh
 is_sh_repo=$author/$is_core
-is_pkg="wget unzip tar qrencode"
+is_pkg="wget unzip tar qrencode bash"
 is_config_json=$is_core_dir/config.json
 is_caddy_bin=/usr/local/bin/caddy
 is_caddy_dir=/etc/caddy
 is_caddy_repo=caddyserver/caddy
 is_caddyfile=$is_caddy_dir/Caddyfile
 is_caddy_conf=$is_caddy_dir/$author
-is_caddy_service=$(systemctl list-units --full -all | grep caddy.service)
+is_systemd=$(type -P systemctl)
+is_openrc=$(type -P rc-service)
+if [[ $is_systemd ]]; then
+    is_caddy_service=$(systemctl list-units --full -all | grep caddy.service)
+elif [[ $is_openrc ]]; then
+    [[ -f /etc/init.d/caddy ]] && is_caddy_service=1
+fi
 is_http_port=80
 is_https_port=443
 
@@ -109,7 +115,7 @@ is_tls_key=$is_core_dir/bin/tls.key
     rm $is_tls_tmp
 }
 
-if [[ $(pgrep -f $is_core_bin) ]]; then
+if [[ $(pgrep -f $is_core_bin 2>/dev/null || grep -l "$is_core_bin" /proc/*/cmdline 2>/dev/null) ]]; then
     is_core_status=$(_green running)
 else
     is_core_status=$(_red_bg stopped)
@@ -117,18 +123,19 @@ else
 fi
 if [[ -f $is_caddy_bin && -d $is_caddy_dir && $is_caddy_service ]]; then
     is_caddy=1
-    # fix caddy run; ver >= 2.8.2
+    if [[ $is_systemd ]]; then
-    [[ ! $(grep '\-\-adapter caddyfile' /lib/systemd/system/caddy.service) ]] && {
+        [[ -f /lib/systemd/system/caddy.service && ! $(grep '\-\-adapter caddyfile' /lib/systemd/system/caddy.service) ]] && {
             load systemd.sh
             install_service caddy
             systemctl restart caddy &
         }
+    fi
     is_caddy_ver=$($is_caddy_bin version | head -n1 | cut -d " " -f1)
-    is_tmp_http_port=$(egrep '^ {2,}http_port|^http_port' $is_caddyfile | egrep -o [0-9]+)
+    is_tmp_http_port=$(grep -E '^ {2,}http_port|^http_port' $is_caddyfile | grep -E -o [0-9]+)
-    is_tmp_https_port=$(egrep '^ {2,}https_port|^https_port' $is_caddyfile | egrep -o [0-9]+)
+    is_tmp_https_port=$(grep -E '^ {2,}https_port|^https_port' $is_caddyfile | grep -E -o [0-9]+)
     [[ $is_tmp_http_port ]] && is_http_port=$is_tmp_http_port
     [[ $is_tmp_https_port ]] && is_https_port=$is_tmp_https_port
-    if [[ $(pgrep -f $is_caddy_bin) ]]; then
+    if [[ $(pgrep -f $is_caddy_bin 2>/dev/null || grep -l "$is_caddy_bin" /proc/*/cmdline 2>/dev/null) ]]; then
         is_caddy_status=$(_green running)
     else
         is_caddy_status=$(_red_bg stopped)

src/log.sh

@@ -0,0 +1,44 @@
+is_log_level_list=(
+    trace
+    debug
+    info
+    warn
+    error
+    fatal
+    panic
+    none
+    del
+)
+log_set() {
+    if [[ $1 ]]; then
+        for v in ${is_log_level_list[@]}; do
+            [[ $(grep -E -i "^${1,,}$" <<<$v) ]] && is_log_level_use=$v && break
+        done
+        [[ ! $is_log_level_use ]] && {
+            err "无法识别 log 参数: $@ \n请使用 $is_core log [${is_log_level_list[@]}] 进行相关设定.\n备注: del 参数仅临时删除 log 文件; none 参数将不会生成 log 文件."
+        }
+        case $is_log_level_use in
+        del)
+            rm -rf $is_log_dir/*.log
+            msg "\n $(_green 已临时删除 log 文件, 如果你想要完全禁止生成 log 文件请使用: $is_core log none)\n"
+            ;;
+        none)
+            rm -rf $is_log_dir/*.log
+            cat <<<$(jq '.log={"disabled":true}' $is_config_json) >$is_config_json
+            ;;
+        *)
+            cat <<<$(jq '.log={output:"/var/log/'$is_core'/access.log",level:"'$is_log_level_use'","timestamp":true}' $is_config_json) >$is_config_json
+            ;;
+        esac
+
+        manage restart &
+        [[ $1 != 'del' ]] && msg "\n已更新 Log 设定为: $(_green $is_log_level_use)\n"
+    else
+        if [[ -f $is_log_dir/access.log ]]; then
+            msg "\n 提醒: 按 $(_green Ctrl + C) 退出\n"
+            tail -f $is_log_dir/access.log
+        else
+            err "无法找到 log 文件."
+        fi
+    fi
+}

src/systemd.sh

@@ -1,4 +1,16 @@
+# detect init system
+is_systemd=$(type -P systemctl)
+is_openrc=$(type -P rc-service)
+
 install_service() {
+    if [[ $is_systemd ]]; then
+        install_service_systemd $1
+    elif [[ $is_openrc ]]; then
+        install_service_openrc $1
+    fi
+}
+
+install_service_systemd() {
     case $1 in
     $is_core)
         is_doc_site=https://sing-box.sagernet.org/
@@ -56,3 +68,55 @@ WantedBy=multi-user.target"
     systemctl enable $1
     systemctl daemon-reload
 }
+
+install_service_openrc() {
+    case $1 in
+    $is_core)
+        cat >/etc/init.d/$is_core <<EOF
+#!/sbin/openrc-run
+
+name="$is_core_name"
+description="$is_core_name Service"
+
+command="$is_core_bin"
+command_args="run -c $is_config_json -C $is_conf_dir"
+command_background=true
+pidfile="/run/\${RC_SVCNAME}.pid"
+output_log="/var/log/$is_core/access.log"
+error_log="/var/log/$is_core/error.log"
+
+supervisor=supervise-daemon
+
+depend() {
+    need net
+    after firewall
+}
+EOF
+        chmod +x /etc/init.d/$is_core
+        ;;
+    caddy)
+        cat >/etc/init.d/caddy <<EOF
+#!/sbin/openrc-run
+
+name="Caddy"
+description="Caddy web server"
+
+command="$is_caddy_bin"
+command_args="run --environ --config $is_caddyfile --adapter caddyfile"
+command_background=true
+pidfile="/run/\${RC_SVCNAME}.pid"
+
+supervisor=supervise-daemon
+
+depend() {
+    need net
+    after firewall
+}
+EOF
+        chmod +x /etc/init.d/caddy
+        ;;
+    esac
+
+    # enable
+    rc-update add $1 default
+}