-
Notifications
You must be signed in to change notification settings - Fork 146
/
Copy pathcentos-ss-install.sh
273 lines (250 loc) · 8.44 KB
/
centos-ss-install.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
#!/bin/sh
# Check system
if [ ! -f /etc/redhat-release ];then
if ! grep -Eqi "centos|red hat|redhat" /etc/issue;then
echo -e "\033[1;31mOnly CentOS can run this shell.\033[0m"
exit 1
fi
fi
# Make sure only root can run our script
[ `whoami` != "root" ] && echo -e "\033[1;31mThis script must be run as root.\033[0m" && exit 1
# Version
LIBSODIUM_VER=stable
MBEDTLS_VER=2.16.5
ss_file=0
v2_file=0
get_latest_ver(){
ss_file=$(wget -qO- https://api.github.com/repos/shadowsocks/shadowsocks-libev/releases/latest | grep name | grep tar | cut -f4 -d\")
v2_file=$(wget -qO- https://api.github.com/repos/shadowsocks/v2ray-plugin/releases/latest | grep linux-amd64 | grep name | cut -f4 -d\")
}
# Set shadowsocks-libev config password
set_password(){
echo -e "\033[1;34mPlease enter password for shadowsocks-libev:\033[0m"
read -p "(Default password: M3chD09):" shadowsockspwd
[ -z "${shadowsockspwd}" ] && shadowsockspwd="M3chD09"
echo -e "\033[1;35mpassword = ${shadowsockspwd}\033[0m"
}
# Set domain
set_domain(){
echo -e "\033[1;34mPlease enter your domain:\033[0m"
echo "If you don't have one, you can register one for free at:"
echo "https://my.freenom.com/clientarea.php"
read domain
str=`echo $domain | gawk '/^([a-zA-Z0-9_\-\.]+)\.([a-zA-Z]{2,5})$/{print $0}'`
while [ ! -n "${str}" ]
do
echo -e "\033[1;31mInvalid domain.\033[0m"
echo -e "\033[1;31mPlease try again:\033[0m"
read domain
str=`echo $domain | gawk '/^([a-zA-Z0-9_\-\.]+)\.([a-zA-Z]{2,5})$/{print $0}'`
done
echo -e "\033[1;35mdomain = ${domain}\033[0m"
}
# Pre-installation
pre_install(){
read -p "Press any key to start the installation." a
echo -e "\033[1;34mStart installing. This may take a while.\033[0m"
yum install -y epel-release
yum install -y git wget gettext gcc autoconf libtool automake make asciidoc xmlto c-ares-devel libev-devel zlib-devel openssl-devel rng-tools python2 pcre-devel
}
# Installation of Libsodium
install_libsodium(){
if [ -f /usr/lib/libsodium.a ] || [ -f /usr/lib64/libsodium.a ];then
echo -e "\033[1;32mLibsodium already installed, skip.\033[0m"
else
if [ ! -f libsodium-$LIBSODIUM_VER.tar.gz ];then
wget https://download.libsodium.org/libsodium/releases/LATEST.tar.gz -O libsodium-$LIBSODIUM_VER.tar.gz
fi
tar xf libsodium-$LIBSODIUM_VER.tar.gz
pushd libsodium-$LIBSODIUM_VER
./configure --prefix=/usr && make
make install
popd
ldconfig
if [ ! -f /usr/lib/libsodium.a ] && [ ! -f /usr/lib64/libsodium.a ];then
echo -e "\033[1;31mFailed to install libsodium.\033[0m"
exit 1
fi
fi
}
# Installation of MbedTLS
install_mbedtls(){
if [ -f /usr/lib/libmbedtls.a ];then
echo -e "\033[1;32mMbedTLS already installed, skip.\033[0m"
else
if [ ! -f mbedtls-$MBEDTLS_VER-gpl.tgz ];then
wget https://tls.mbed.org/download/mbedtls-$MBEDTLS_VER-gpl.tgz
fi
tar xf mbedtls-$MBEDTLS_VER-gpl.tgz
pushd mbedtls-$MBEDTLS_VER
make SHARED=1 CFLAGS=-fPIC
make DESTDIR=/usr install
popd
ldconfig
if [ ! -f /usr/lib/libmbedtls.a ];then
echo -e "\033[1;31mFailed to install MbedTLS.\033[0m"
exit 1
fi
fi
}
# Installation of shadowsocks-libev
install_ss(){
if [ -f /usr/local/bin/ss-server ];then
echo -e "\033[1;32mShadowsocks-libev already installed, skip.\033[0m"
else
if [ ! -f $ss_file ];then
ss_url=$(wget -qO- https://api.github.com/repos/shadowsocks/shadowsocks-libev/releases/latest | grep browser_download_url | cut -f4 -d\")
wget $ss_url
fi
tar xf $ss_file
pushd $(echo ${ss_file} | cut -f1-3 -d\.)
./configure && make
make install
popd
if [ ! -f /usr/local/bin/ss-server ];then
echo -e "\033[1;31mFailed to install shadowsocks-libev.\033[0m"
exit 1
fi
fi
}
# Installation of v2ray-plugin
install_v2(){
if [ -f /usr/local/bin/v2ray-plugin ];then
echo -e "\033[1;32mv2ray-plugin already installed, skip.\033[0m"
else
if [ ! -f $v2_file ];then
v2_url=$(wget -qO- https://api.github.com/repos/shadowsocks/v2ray-plugin/releases/latest | grep linux-amd64 | grep browser_download_url | cut -f4 -d\")
wget $v2_url
fi
tar xf $v2_file
mv v2ray-plugin_linux_amd64 /usr/local/bin/v2ray-plugin
if [ ! -f /usr/local/bin/v2ray-plugin ];then
echo -e "\033[1;31mFailed to install v2ray-plugin.\033[0m"
exit 1
fi
fi
}
# Configure
ss_conf(){
mkdir /etc/shadowsocks-libev
cat >/etc/shadowsocks-libev/config.json << EOF
{
"server":"0.0.0.0",
"server_port":443,
"password":"$shadowsockspwd",
"timeout":300,
"method":"aes-256-gcm",
"plugin":"v2ray-plugin",
"plugin_opts":"server;tls;cert=/etc/letsencrypt/live/$domain/fullchain.pem;key=/etc/letsencrypt/live/$domain/privkey.pem;host=$domain;loglevel=none"
}
EOF
cat >/usr/lib/systemd/system/shadowsocks.service << EOF
[Unit]
Description=Shadowsocks-libev Server Service
After=network.target
[Service]
ExecStart=/usr/local/bin/ss-server -c /etc/shadowsocks-libev/config.json
ExecReload=/bin/kill -HUP \$MAINPID
Restart=on-failure
[Install]
WantedBy=multi-user.target
EOF
}
firewall_conf(){
systemctl status firewalld > /dev/null 2>&1
if [ $? -eq 0 ]; then
firewall-cmd --permanent --zone=public --add-service=http
firewall-cmd --permanent --zone=public --add-service=https
firewall-cmd --reload
fi
}
get_cert(){
if [ -f /etc/letsencrypt/live/$domain/fullchain.pem ];then
echo -e "\033[1;32mcert already got, skip.\033[0m"
else
yum install -y certbot
certbot certonly --cert-name $domain -d $domain --standalone --agree-tos --register-unsafely-without-email
systemctl enable certbot-renew.timer
systemctl start certbot-renew.timer
if [ ! -f /etc/letsencrypt/live/$domain/fullchain.pem ];then
echo -e "\033[1;31mFailed to get cert.\033[0m"
exit 1
fi
fi
}
start_ss(){
systemctl status shadowsocks > /dev/null 2>&1
if [ $? -eq 0 ]; then
systemctl stop shadowsocks
fi
systemctl enable shadowsocks
systemctl start shadowsocks
}
remove_files(){
rm -f libsodium-$LIBSODIUM_VER.tar.gz mbedtls-$MBEDTLS_VER-gpl.tgz $ss_file $v2_file
rm -rf libsodium-$LIBSODIUM_VER mbedtls-$MBEDTLS_VER $(echo ${ss_file} | cut -f1-3 -d\.)
}
print_ss_info(){
clear
echo -e "\033[1;32mCongratulations, Shadowsocks-libev server install completed\033[0m"
echo "Your Server IP : ${domain} "
echo "Your Server Port : 443 "
echo "Your Password : ${shadowsockspwd} "
echo "Your Encryption Method: aes-256-gcm "
echo "Your Plugin : v2ray-plugin"
echo "Your Plugin options : tls;host=${domain}"
echo "Enjoy it!"
}
install_all(){
set_password
set_domain
pre_install
install_libsodium
install_mbedtls
get_latest_ver
install_ss
install_v2
ss_conf
firewall_conf
get_cert
start_ss
remove_files
print_ss_info
}
remove_all(){
systemctl disable shadowsocks
systemctl stop shadowsocks
rm -fr /etc/shadowsocks-libev
rm -f /usr/local/bin/ss-local
rm -f /usr/local/bin/ss-tunnel
rm -f /usr/local/bin/ss-server
rm -f /usr/local/bin/ss-manager
rm -f /usr/local/bin/ss-redir
rm -f /usr/local/bin/ss-nat
rm -f /usr/local/bin/v2ray-plugin
rm -f /usr/local/lib/libshadowsocks-libev.a
rm -f /usr/local/lib/libshadowsocks-libev.la
rm -f /usr/local/include/shadowsocks.h
rm -f /usr/local/lib/pkgconfig/shadowsocks-libev.pc
rm -f /usr/local/share/man/man1/ss-local.1
rm -f /usr/local/share/man/man1/ss-tunnel.1
rm -f /usr/local/share/man/man1/ss-server.1
rm -f /usr/local/share/man/man1/ss-manager.1
rm -f /usr/local/share/man/man1/ss-redir.1
rm -f /usr/local/share/man/man1/ss-nat.1
rm -f /usr/local/share/man/man8/shadowsocks-libev.8
rm -fr /usr/local/share/doc/shadowsocks-libev
rm -f /usr/lib/systemd/system/shadowsocks.service
echo -e "\033[1;32mRemove success!\033[0m"
}
clear
echo "What do you want to do?"
echo "[1] Install"
echo "[2] Remove"
read -p "(Default option: Install):" option
option=${option:-1}
if [ $option -eq 2 ];then
remove_all
else
install_all
fi