-
Notifications
You must be signed in to change notification settings - Fork 624
/
Copy pathtrojan_centos7.sh
259 lines (249 loc) · 7.37 KB
/
trojan_centos7.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
#!/bin/bash
blue(){
echo -e "\033[34m\033[01m$1\033[0m"
}
green(){
echo -e "\033[32m\033[01m$1\033[0m"
}
red(){
echo -e "\033[31m\033[01m$1\033[0m"
}
yellow(){
echo -e "\033[33m\033[01m$1\033[0m"
}
bred(){
echo -e "\033[31m\033[01m\033[05m$1\033[0m"
}
byellow(){
echo -e "\033[33m\033[01m\033[05m$1\033[0m"
}
if [ ! -e '/etc/redhat-release' ]; then
red "==============="
red " 仅支持CentOS7"
red "==============="
exit
fi
if [ -n "$(grep ' 6\.' /etc/redhat-release)" ] ;then
red "==============="
red " 仅支持CentOS7"
red "==============="
exit
fi
function install_trojan(){
systemctl stop firewalld
systemctl disable firewalld
CHECK=$(grep SELINUX= /etc/selinux/config | grep -v "#")
if [ "$CHECK" == "SELINUX=enforcing" ]; then
sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config
setenforce 0
fi
if [ "$CHECK" == "SELINUX=permissive" ]; then
sed -i 's/SELINUX=permissive/SELINUX=disabled/g' /etc/selinux/config
setenforce 0
fi
yum -y install bind-utils wget unzip zip curl tar
green "======================="
yellow "请输入绑定到本VPS的域名"
green "======================="
read your_domain
real_addr=`ping ${your_domain} -c 1 | sed '1{s/[^(]*(//;s/).*//;q}'`
local_addr=`curl ipv4.icanhazip.com`
if [ $real_addr == $local_addr ] ; then
green "=========================================="
green "域名解析正常,开启安装nginx并申请https证书"
green "=========================================="
sleep 1s
rpm -Uvh http://nginx.org/packages/centos/7/noarch/RPMS/nginx-release-centos-7-0.el7.ngx.noarch.rpm
yum install -y nginx
systemctl enable nginx.service
#设置伪装站
rm -rf /usr/share/nginx/html/*
cd /usr/share/nginx/html/
wget https://github.com/atrandys/v2ray-ws-tls/raw/master/web.zip
unzip web.zip
systemctl restart nginx.service
#申请https证书
mkdir /usr/src/trojan-cert
curl https://get.acme.sh | sh
~/.acme.sh/acme.sh --issue -d $your_domain --webroot /usr/share/nginx/html/
~/.acme.sh/acme.sh --installcert -d $your_domain \
--key-file /usr/src/trojan-cert/private.key \
--fullchain-file /usr/src/trojan-cert/fullchain.cer \
--reloadcmd "systemctl force-reload nginx.service"
if test -s /usr/src/trojan-cert/fullchain.cer; then
cd /usr/src
#wget https://github.com/trojan-gfw/trojan/releases/download/v1.13.0/trojan-1.13.0-linux-amd64.tar.xz
wget https://github.com/trojan-gfw/trojan/releases/download/v1.14.0/trojan-1.14.0-linux-amd64.tar.xz
tar xf trojan-1.*
#下载trojan客户端
wget https://github.com/atrandys/trojan/raw/master/trojan-cli.zip
unzip trojan-cli.zip
cp /usr/src/trojan-cert/fullchain.cer /usr/src/trojan-cli/fullchain.cer
trojan_passwd=$(cat /dev/urandom | head -1 | md5sum | head -c 8)
cat > /usr/src/trojan-cli/config.json <<-EOF
{
"run_type": "client",
"local_addr": "127.0.0.1",
"local_port": 1080,
"remote_addr": "$your_domain",
"remote_port": 443,
"password": [
"$trojan_passwd"
],
"log_level": 1,
"ssl": {
"verify": true,
"verify_hostname": true,
"cert": "fullchain.cer",
"cipher_tls13":"TLS_AES_128_GCM_SHA256:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384",
"sni": "",
"alpn": [
"h2",
"http/1.1"
],
"reuse_session": true,
"session_ticket": false,
"curves": ""
},
"tcp": {
"no_delay": true,
"keep_alive": true,
"fast_open": false,
"fast_open_qlen": 20
}
}
EOF
rm -rf /usr/src/trojan/server.conf
cat > /usr/src/trojan/server.conf <<-EOF
{
"run_type": "server",
"local_addr": "0.0.0.0",
"local_port": 443,
"remote_addr": "127.0.0.1",
"remote_port": 80,
"password": [
"$trojan_passwd"
],
"log_level": 1,
"ssl": {
"cert": "/usr/src/trojan-cert/fullchain.cer",
"key": "/usr/src/trojan-cert/private.key",
"key_password": "",
"cipher_tls13":"TLS_AES_128_GCM_SHA256:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384",
"prefer_server_cipher": true,
"alpn": [
"http/1.1"
],
"reuse_session": true,
"session_ticket": false,
"session_timeout": 600,
"plain_http_response": "",
"curves": "",
"dhparam": ""
},
"tcp": {
"no_delay": true,
"keep_alive": true,
"fast_open": false,
"fast_open_qlen": 20
},
"mysql": {
"enabled": false,
"server_addr": "127.0.0.1",
"server_port": 3306,
"database": "trojan",
"username": "trojan",
"password": ""
}
}
EOF
cd /usr/src/trojan-cli/
zip -q -r trojan-cli.zip /usr/src/trojan-cli/
trojan_path=$(cat /dev/urandom | head -1 | md5sum | head -c 16)
mkdir /usr/share/nginx/html/${trojan_path}
mv /usr/src/trojan-cli/trojan-cli.zip /usr/share/nginx/html/${trojan_path}/
#增加启动脚本
cat > /usr/lib/systemd/system/trojan.service <<-EOF
[Unit]
Description=trojan
After=network.target
[Service]
Type=simple
PIDFile=/usr/src/trojan/trojan/trojan.pid
ExecStart=/usr/src/trojan/trojan -c "/usr/src/trojan/server.conf"
ExecReload=
ExecStop=/usr/src/trojan/trojan
PrivateTmp=true
[Install]
WantedBy=multi-user.target
EOF
chmod +x /usr/lib/systemd/system/trojan.service
systemctl start trojan.service
systemctl enable trojan.service
green "======================================================================"
green "Trojan已安装完成,请使用以下链接下载trojan客户端,此客户端已配置好所有参数"
green "1、复制下面的链接,在浏览器打开,下载客户端"
blue "http://${your_domain}/$trojan_path/trojan-cli.zip"
green "2、将下载的压缩包解压,打开文件夹,打开start.bat即打开并运行Trojan客户端"
green "3、打开stop.bat即关闭Trojan客户端"
green "4、Trojan客户端需要搭配浏览器插件使用,例如switchyomega等"
green "======================================================================"
else
red "================================"
red "https证书没有申请成果,本次安装失败"
red "================================"
fi
else
red "================================"
red "域名解析地址与本VPS IP地址不一致"
red "本次安装失败,请确保域名解析正常"
red "================================"
fi
}
function remove_trojan(){
red "================================"
red "即将卸载trojan"
red "同时卸载安装的nginx"
red "================================"
systemctl stop trojan
systemctl disable trojan
rm -f /usr/lib/systemd/system/trojan.service
yum remove -y nginx
rm -rf /usr/src/trojan*
rm -rf /usr/share/nginx/html/*
green "=============="
green "trojan删除完毕"
green "=============="
}
start_menu(){
clear
green " ===================================="
green " 介绍:一键安装trojan "
green " 系统:>=centos7 "
green " 作者:A "
green " ===================================="
echo
green " 1. 安装trojan"
red " 2. 卸载trojan"
yellow " 0. 退出脚本"
echo
read -p "请输入数字:" num
case "$num" in
1)
install_trojan
;;
2)
remove_trojan
;;
0)
exit 1
;;
*)
clear
red "请输入正确数字"
sleep 1s
start_menu
;;
esac
}
start_menu