feat(脚本、教程): 增加tls脚本、修改只能dns教程

2020-06-10 19:11:41 +08:00 · 2020-06-10 19:11:41 +08:00 · 48c8715914
parent 13d57a90bc
commit 48c8715914
3 changed files with 223 additions and 3 deletions
--- a/README.md
+++ b/README.md
@ -65,6 +65,24 @@ bash <(curl -L -s https://raw.githubusercontent.com/mack-a/v2ray-agent/master/in
 - 6.添加了默认的CDN，自选ip智能解析
 - 7.增加定时任务 自动续期tls【todo】

+## 全自动生成TLS证书一键脚本
+- 针对只需要生成TLS证书的用户
+
+```
+bash <(curl -L -s https://raw.githubusercontent.com/mack-a/v2ray-agent/master/install.sh)
+```
+- 1.会安装依赖所需依赖
+- 2.会把Nginx配置文件备份
+- 3.会安装Nginx、acme.sh，如果已安装则使用已经存在的
+- 4.安装完毕或者安装失败会自动恢复备份，请不要手动关闭脚本
+- 5.执行期间请不要重启机器
+- 6.备份文件和证书文件都在/tmp下面，请注意留存
+- 7.如果多次执行则将上次生成备份和生成的证书强制覆盖
+- 8.证书默认ec-256
+- 9.下个版本会加入通配符证书生成[todo]
+- 10.可以生成多个不同域名的证书[包含子域名]，具体速率请查看[https://letsencrypt.org/zh-cn/docs/rate-limits/]
+- 11.兼容Centos、Ubuntu、Debian
+
 # 示例图
 <img src="https://raw.githubusercontent.com/mack-a/v2ray-agent/master/fodder/install/一键脚本示例图01.png" width=400>
 <img src="https://raw.githubusercontent.com/mack-a/v2ray-agent/master/fodder/install/一键脚本示例图02.png" width=400>
--- a/init_tls.sh
+++ b/init_tls.sh
@ -0,0 +1,202 @@
+#!/usr/bin/env bash
+installType='yum -y install'
+removeType='yum -y remove'
+upgrade="yum -y update"
+echoType='echo -e'
+cp=`which cp`
+# 打印
+echoColor(){
+    case $1 in
+        # 红色
+        "red")
+            ${echoType} "\033[31m$2 \033[0m"
+        ;;
+        # 天蓝色
+        "skyBlue")
+            ${echoType} "\033[36m$2 \033[0m"
+        ;;
+        # 绿色
+        "green")
+            ${echoType} "\033[32m$2 \033[0m"
+        ;;
+        # 白色
+        "white")
+            ${echoType} "\033[37m$2 \033[0m"
+        ;;
+        "magenta")
+            ${echoType} "\033[31m$2 \033[0m"
+        ;;
+        "skyBlue")
+            ${echoType} "\033[36m$2 \033[0m"
+        ;;
+        # 黄色
+        "yellow")
+            ${echoType} "\033[33m$2 \033[0m"
+        ;;
+    esac
+}
+# 选择系统执行工具
+checkSystem(){
+
+	if [[ ! -z `find /etc -name "redhat-release"` ]] || [[ ! -z `cat /proc/version | grep -i "centos" | grep -v grep ` ]] || [[ ! -z `cat /proc/version | grep -i "red hat" | grep -v grep ` ]] || [[ ! -z `cat /proc/version | grep -i "redhat" | grep -v grep ` ]]
+	then
+		release="centos"
+		installType='yum -y install'
+		removeType='yum -y remove'
+		upgrade="yum update -y"
+	elif [[ ! -z `cat /etc/issue | grep -i "debian" | grep -v grep` ]] || [[ ! -z `cat /proc/version | grep -i "debian" | grep -v grep` ]]
+    then
+		release="debian"
+		installType='apt -y install'
+		upgrade="apt update -y"
+		removeType='apt -y autoremove'
+	elif [[ ! -z `cat /etc/issue | grep -i "ubuntu" | grep -v grep` ]] || [[ ! -z `cat /proc/version | grep -i "ubuntu" | grep -v grep` ]]
+	then
+		release="ubuntu"
+		installType='apt -y install'
+		upgrade="apt update -y"
+		removeType='apt --purge remove'
+    fi
+    if [[ -z ${release} ]]
+    then
+        echoContent red "本脚本不支持此系统，请将下方日志反馈给开发者"
+        cat /etc/issue
+        cat /proc/version
+        exit 0;
+    fi
+}
+# 安装工具包
+installTools(){
+    echoColor yellow "更新"
+    ${upgrade}
+    if [[ -z `find /usr/bin/ -executable -name "socat"` ]]
+    then
+        echoColor yellow "\nsocat未安装，安装中\n"
+        ${installType} socat >/dev/null
+        echoColor green "socat安装完毕"
+    fi
+    echoColor yellow "\n检测是否安装Nginx"
+    if [[ -z `find /sbin/ -executable -name 'nginx'` ]]
+    then
+        echoColor yellow "nginx未安装，安装中\n"
+        ${installType} nginx >/dev/null
+        echoColor green "nginx安装完毕"
+    else
+        echoColor green "nginx已安装\n"
+    fi
+    echoColor yellow "检测是否安装acme.sh"
+    if [[ -z `find ~/.acme.sh/ -name "acme.sh"` ]]
+    then
+        echoColor yellow "\nacme.sh未安装，安装中\n"
+        curl -s https://get.acme.sh | sh >/dev/null
+        echoColor green "acme.sh安装完毕\n"
+    else
+        echoColor green "acme.sh已安装\n"
+    fi
+
+}
+# 恢复配置
+resetNginxConfig(){
+    `cp -Rrf /tmp/mack-a/nginx/nginx.conf /etc/nginx/nginx.conf`
+    rm -rf /etc/nginx/conf.d/5NX2O9XQKP.conf
+    echoColor green "\n恢复配置完毕"
+}
+# 备份
+bakConfig(){
+    mkdir -p /tmp/mack-a/nginx
+    `cp -Rrf /etc/nginx/nginx.conf /tmp/mack-a/nginx/nginx.conf`
+}
+# 安装证书
+installTLS(){
+    echoColor yellow "请输入域名【例:blog.v2ray-agent.com】："
+    read domain
+    if [[ -z ${domain} ]]
+    then
+        echoColor red "域名未填写\n"
+        installTLS
+    fi
+    # 备份
+    bakConfig
+    # 替换原始文件中的域名
+    if [[ ! -z `cat /etc/nginx/nginx.conf|grep -v grep|grep "${domain}"` ]]
+    then
+        sed -i "s/${domain}/X655Y0M9UM9/g"  `grep "${domain}" -rl /etc/nginx/nginx.conf`
+    fi
+
+    touch /etc/nginx/conf.d/6GFV1ES52V2.conf
+    echo "server {listen 80;server_name ${domain};root /usr/share/nginx/html;location ~ /.well-known {allow all;}location /test {return 200 '5NX2O9XQKP';}}" > /etc/nginx/conf.d/5NX2O9XQKP.conf
+    nginxStatus=1;
+    if [[ ! -z `ps -ef|grep -v grep|grep nginx` ]]
+    then
+        nginxStatus=2;
+        ps -ef|grep -v grep|grep nginx|awk '{print $2}'|xargs kill -9
+        sleep 0.5
+        nginx
+    else
+        nginx
+    fi
+    echoColor yellow "\n验证域名以及服务器是否可用"
+    if [[ ! -z `curl -s ${domain}/test|grep 5NX2O9XQKP` ]]
+    then
+        ps -ef|grep -v grep|grep nginx|awk '{print $2}'|xargs kill -9
+        sleep 0.5
+        echoColor green "服务可用，生成TLS中，请等待\n"
+    else
+        echoColor red "服务不可用请检测dns配置是否正确"
+        # 恢复备份
+        resetNginxConfig
+        exit 0;
+    fi
+    sudo ~/.acme.sh/acme.sh --issue -d ${domain} --standalone -k ec-256 >/dev/null
+    ~/.acme.sh/acme.sh --installcert -d ${domain} --fullchainpath /tmp/mack-a/nginx/${domain}.crt --keypath /tmp/mack-a/nginx/${domain}.key --ecc >/dev/null
+    if [[ -z `cat /tmp/mack-a/nginx/${domain}.key` ]]
+    then
+        echoColor red "证书key生成失败，请重新运行"
+        resetNginxConfig
+        exit
+    elif [[ -z `cat /tmp/mack-a/nginx/${domain}.crt` ]]
+    then
+        echoColor red "证书crt生成失败，请重新运行"
+        resetNginxConfig
+        exit
+    fi
+    echoColor green "证书生成成功"
+    echoColor green "证书目录/tmp/mack-a/nginx"
+    ls /tmp/mack-a/nginx
+
+    resetNginxConfig
+    if [[ ${nginxStatus} = 2  ]]
+    then
+        nginx
+    fi
+}
+
+init(){
+    echoColor red "\n=============================="
+    echoColor yellow "此脚本注意事项"
+    echoColor green "   1.会安装依赖所需依赖"
+    echoColor green "   2.会把Nginx配置文件备份"
+    echoColor green "   3.会安装Nginx、acme.sh，如果已安装则使用已经存在的"
+    echoColor green "   4.安装完毕或者安装失败会自动恢复备份，请不要手动关闭脚本"
+    echoColor green "   5.执行期间请不要重启机器"
+    echoColor green "   6.备份文件和证书文件都在/tmp下面，请注意留存"
+    echoColor green "   7.如果多次执行则将上次生成备份和生成的证书强制覆盖"
+    echoColor green "   8.证书默认ec-256"
+    echoColor green "   9.下个版本会加入通配符证书生成[todo]"
+    echoColor green "   10.可以生成多个不同域名的证书[包含子域名]，具体速率请查看[https://letsencrypt.org/zh-cn/docs/rate-limits/]"
+    echoColor green "   11.兼容Centos、Ubuntu、Debian"
+    echoColor green "   12.Github[https://github.com/mack-a]"
+    echoColor red "=============================="
+    echoColor yellow "请输入[y]执行脚本，[任意]结束:"
+    read isExecStatus
+    if [[ ${isExecStatus} = "y" ]]
+    then
+        installTools
+        installTLS
+    else
+        echoColor green "欢迎下次使用"
+        exit
+    fi
+}
+checkSystem
+init
--- a/optimize_V2Ray.md
+++ b/optimize_V2Ray.md
@ -20,9 +20,9 @@

 域名|移动|移动测试|联通|电信
 -|-|-|-|-
-domain01.qiu4.ml|1.0.0.1|上午峰值2.3w，4k稍显卡顿、晚九点峰值1.5w，1440p较为流畅，晚十点半峰值7000，流畅1080|104.16.25.4|104.27.165.3
-domain02.qiu4.ml|172.64.32.1|上午峰值7.5w，稳定4k不卡顿、晚九点1.3w，流畅1080p，晚十点半峰值5000，流畅1080p|104.16.25.4|104.27.165.3
-domain03.qiu4.ml|104.16.25.4|上午峰值4.5w，稳定4k不卡顿、晚九点2w，流畅1440p,晚十点半峰值3000,流畅720p|104.16.25.4|104.16.24.4
+domain01.qiu4.ml|1.0.0.1|上午峰值2.3w，4k稍显卡顿、晚九点峰值1.5w，1440p较为流畅，晚十点半峰值7000，流畅1080|104.16.25.4|104.16.25.4
+domain02.qiu4.ml|172.64.32.1|上午峰值7.5w，稳定4k不卡顿、晚九点1.3w，流畅1080p，晚十点半峰值5000，流畅1080p|104.16.25.4|104.16.25.4
+domain03.qiu4.ml|104.16.25.4|上午峰值4.5w，稳定4k不卡顿、晚九点2w，流畅1440p,晚十点半峰值3000,流畅720p|104.16.25.4|104.16.25.4
 domain04.qiu4.ml|104.17.209.9|上午峰值6w，稳定4k不卡顿、晚八点峰值4w，流畅4k，晚9点峰值1w-3w跨度较大，流畅1440p，晚十点半都不流畅|104.16.25.4|104.16.25.4
 domain05.qiu4.ml|104.16.133.229|上午峰值7w，稳定8k不卡顿、晚九点峰值1w，流畅1080p，晚十点半都不流畅|104.16.25.4|104.16.24.4