diff --git a/xu1 b/xu1 index ef6dd2b..64a5b55 100644 --- a/xu1 +++ b/xu1 @@ -1,12 +1,14 @@ #!/bin/bash # ========================================== -# 标题:X-UI 终极自动安装脚本 (咸V咆哮双模式融合版) +# 标题:X-UI 终极自动安装脚本 (咸V咆哮多线程防拦截版) # 特性: -# 1. 纯直链下载,彻底摆脱 GitHub 访问限制 (1B) -# 2. 双模式安装,自定义库自动附加安全随机路径防探测 (2B) -# 3. 完美集成官方 Let's Encrypt SSL 申请 (IP/域名) (3B) -# 4. 自动开启 BBR 加速与系统环境优化清理 (4B) +# 1. 纯直链下载,彻底摆脱 GitHub 访问限制 +# 2. 引入 Aria2 & Axel 极速多线程下载,伪装 Chrome 绕过防盗链拦截 +# 3. 智能文件大小校验,彻底杜绝 154B 微型假网页报错 +# 4. 双模式安装,自定义库自动附加安全随机路径防探测 +# 5. 完美集成官方 Let's Encrypt SSL 申请 (IP/域名) +# 6. 自动开启 BBR 加速与系统环境优化清理 # ========================================== # --- 颜色配置 --- @@ -23,6 +25,8 @@ DB_URL="https://git.77582585.xyz/3344/dock/releases/download/3xui1/1.db" PRIVATE_AUTH_CODE="7758258" INSTALL_PATH="/usr/local/x-ui" DB_PATH="/etc/x-ui/x-ui.db" +# 强制伪装的浏览器 User-Agent +FAKE_UA="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36" # 检查 root 权限 [[ $EUID -ne 0 ]] && echo -e "${Red}错误:请使用 root 权限运行此脚本!${Font}" && exit 1 @@ -33,6 +37,49 @@ gen_random_string() { echo $(LC_ALL=C tr -dc 'a-zA-Z0-9' 方案一:调用 Aria2 (4线程) 极速下载引擎...${Font}" + if command -v aria2c >/dev/null; then + aria2c -x 4 -s 4 -k 1M --user-agent="$FAKE_UA" --allow-overwrite=true --dir="$(dirname "$file")" --out="$(basename "$file")" "$url" >/dev/null 2>&1 + check_file_valid && return 0 + fi + + echo -e "${Yellow} -> 方案二:调用 Axel (4线程) 轻量级加速引擎...${Font}" + if command -v axel >/dev/null; then + axel -n 4 -U "$FAKE_UA" -o "$file" "$url" >/dev/null 2>&1 + check_file_valid && return 0 + fi + + echo -e "${Yellow} -> 方案三:退回 Wget (强制伪装浏览器) 单线程兜底...${Font}" + wget --no-check-certificate --user-agent="$FAKE_UA" --timeout=30 --tries=3 -O "$file" "$url" >/dev/null 2>&1 + check_file_valid && return 0 + + echo -e "${Yellow} -> 方案四:Curl (强制 HTTP/1.1 降级) 终极兜底...${Font}" + curl --http1.1 -L -k -A "$FAKE_UA" --connect-timeout 30 --retry 3 -o "$file" "$url" >/dev/null 2>&1 + check_file_valid && return 0 + + return 1 +} + clear echo -e "${Blue}══════════════════════════════════════════════════${Font}" echo -e "${Blue} X-UI 终极自动安装脚本 (咸V咆哮专属) ${Font}" @@ -58,17 +105,15 @@ if [ "$INSTALL_MODE" == "2" ]; then fi # ========================================== -# 步骤 1:系统优化与 BBR 加速 (4B 选项) +# 步骤 1:系统优化与 BBR 加速 # ========================================== echo -e "${Yellow}>> [1/7] 正在清理系统并开启 BBR 网络加速...${Font}" -# 简单清理 if command -v apt-get >/dev/null; then apt-get autoremove -y >/dev/null 2>&1 apt-get clean >/dev/null 2>&1 elif command -v yum >/dev/null; then yum clean all >/dev/null 2>&1 fi -# 开启 BBR if ! grep -q "bbr" /etc/sysctl.conf; then echo "net.core.default_qdisc=fq" >> /etc/sysctl.conf echo "net.ipv4.tcp_congestion_control=bbr" >> /etc/sysctl.conf @@ -79,22 +124,22 @@ else fi # ========================================== -# 步骤 2:安装基础依赖 +# 步骤 2:安装基础依赖与多线程工具 # ========================================== -echo -e "${Yellow}>> [2/7] 正在安装必备依赖 (curl, tar, socat, sqlite3)...${Font}" +echo -e "${Yellow}>> [2/7] 正在安装多线程下载器与必备依赖 (aria2, axel, sqlite3...)${Font}" if command -v apt-get >/dev/null; then apt-get update -y -q >/dev/null 2>&1 - apt-get install -y -q curl tar tzdata socat ca-certificates sqlite3 bc >/dev/null 2>&1 + apt-get install -y -q aria2 axel wget curl tar tzdata socat ca-certificates sqlite3 bc >/dev/null 2>&1 elif command -v yum >/dev/null; then - yum install -y -q curl tar tzdata socat ca-certificates sqlite3 bc >/dev/null 2>&1 + yum install -y -q epel-release >/dev/null 2>&1 + yum install -y -q aria2 axel wget curl tar tzdata socat ca-certificates sqlite3 bc >/dev/null 2>&1 fi -# 获取公网 IP SERVER_IP=$(curl -s4m5 api.ipify.org) [[ -z "$SERVER_IP" ]] && SERVER_IP=$(curl -s6m5 api64.ipify.org) # ========================================== -# 步骤 3:架构匹配与直链下载 +# 步骤 3:架构匹配与多线程直链下载 # ========================================== echo -e "${Yellow}>> [3/7] 识别架构并拉取核心程序...${Font}" ARCH=$(uname -m) @@ -112,15 +157,22 @@ case $ARCH in *) echo -e "${Red}不支持的架构: $ARCH${Font}" && exit 1 ;; esac -echo -e "${Green}✓ 检测到架构: $ARCH,开始下载...${Font}" +echo -e "${Green}✓ 检测到架构: $ARCH,启动多重防拦截下载引擎...${Font}" systemctl stop x-ui >/dev/null 2>&1 rm -rf /usr/local/x-ui mkdir -p /usr/local/ cd /usr/local/ -curl -L -k -o "$FILE_NAME" "$DOWNLOAD_URL" + +# 开始智能下载 +if ! download_file "$DOWNLOAD_URL" "$FILE_NAME"; then + echo -e "${Red}!! 终极下载失败:四大引擎全灭或直链失效,请检查服务器网络或链接 !!${Font}" + exit 1 +fi + +echo -e "${Green}✓ 核心程序下载成功,大小校验通过!${Font}" if ! tar -tzf "$FILE_NAME" >/dev/null 2>&1; then - echo -e "${Red}!! 安装包下载失败或文件损坏,请检查网络 !!${Font}" + echo -e "${Red}!! 文件解压失败,可能是包损坏,请重试 !!${Font}" exit 1 fi @@ -129,10 +181,8 @@ rm -f "$FILE_NAME" cd x-ui chmod +x x-ui x-ui.sh bin/xray-linux-* -# 生成快捷命令 (1B 选项:脱离 GitHub) ln -sf "$INSTALL_PATH/x-ui.sh" /usr/bin/x-ui -# 写入自启服务文件 (1B 选项:脱离 GitHub) cat > /etc/systemd/system/x-ui.service <> [4/7] 正在部署数据库并进行安全加固...${Font}" mkdir -p /etc/x-ui/ @@ -160,31 +210,35 @@ rm -f "$DB_PATH" CONFIG_USER="" CONFIG_PASS="" CONFIG_PORT="" -CONFIG_PATH="$(gen_random_string 16)" # 生成16位随机路径增强安全性 +CONFIG_PATH="$(gen_random_string 16)" if [ "$INSTALL_MODE" == "1" ]; then echo -e "${Green}✓ 模式一:初始化纯净数据库${Font}" - # 生成随机账号密码端口 CONFIG_USER=$(gen_random_string 8) CONFIG_PASS=$(gen_random_string 10) CONFIG_PORT=$(shuf -i 10000-60000 -n 1) - # 启动一次让它初始化默认数据库,然后修改 $INSTALL_PATH/x-ui setting -username "${CONFIG_USER}" -password "${CONFIG_PASS}" -port "${CONFIG_PORT}" -webBasePath "${CONFIG_PATH}" >/dev/null 2>&1 else - echo -e "${Green}✓ 模式二:拉取自定义数据库${Font}" - curl -L -k -o "$DB_PATH" "$DB_URL" + echo -e "${Green}✓ 模式二:拉取自定义数据库...${Font}" + + # 强制将下载下限调整为 10KB,因为 1.db 一般较小,防误判丢弃 + rm -f "$DB_PATH" + if command -v aria2c >/dev/null; then + aria2c -x 4 -s 4 --user-agent="$FAKE_UA" --allow-overwrite=true --dir="$(dirname "$DB_PATH")" --out="$(basename "$DB_PATH")" "$DB_URL" >/dev/null 2>&1 + else + wget --no-check-certificate --user-agent="$FAKE_UA" --timeout=30 --tries=3 -O "$DB_PATH" "$DB_URL" >/dev/null 2>&1 + fi + if [ ! -s "$DB_PATH" ]; then echo -e "${Red}警告:自定义数据库下载失败,退回初始状态!${Font}" cp $INSTALL_PATH/bin/x-ui.db "$DB_PATH" fi - # 提取自定义库里原本的账号、密码、端口 CONFIG_USER=$(sqlite3 "$DB_PATH" "SELECT username FROM users WHERE id=1;") CONFIG_PASS=$(sqlite3 "$DB_PATH" "SELECT password FROM users WHERE id=1;") CONFIG_PORT=$(sqlite3 "$DB_PATH" "SELECT value FROM settings WHERE key='webPort';") - # 【核心安全优化】:强制为自定义数据库添加随机路径防探测 sqlite3 -cmd ".timeout 2000" "$DB_PATH" "UPDATE settings SET value='/${CONFIG_PATH}/' WHERE key='webBasePath';" echo -e "${Green}✓ 已为自定义库注入随机网页路径:/${CONFIG_PATH}/${Font}" fi @@ -197,7 +251,6 @@ systemctl daemon-reload systemctl enable x-ui >/dev/null 2>&1 systemctl restart x-ui -# 放行端口 if command -v ufw >/dev/null 2>&1; then ufw allow ${CONFIG_PORT}/tcp >/dev/null 2>&1; fi if command -v firewall-cmd >/dev/null 2>&1; then firewall-cmd --zone=public --add-port=${CONFIG_PORT}/tcp --permanent >/dev/null 2>&1 @@ -206,7 +259,7 @@ fi iptables -I INPUT -p tcp --dport ${CONFIG_PORT} -j ACCEPT 2>/dev/null # ========================================== -# 步骤 6:SSL 证书配置 (3B 选项) +# 步骤 6:SSL 证书配置 # ========================================== echo "" echo -e "${Blue}══════════════════════════════════════════════════${Font}" @@ -220,17 +273,15 @@ read -rp "请选择 SSL 申请方式 [1-3]: " SSL_CHOICE FINAL_HOST="$SERVER_IP" if [[ "$SSL_CHOICE" == "1" || "$SSL_CHOICE" == "2" ]]; then - # 放行 80 端口用于验证 iptables -I INPUT -p tcp --dport 80 -j ACCEPT 2>/dev/null - # 安装 acme.sh if ! command -v ~/.acme.sh/acme.sh &>/dev/null; then echo -e "${Yellow}>> 正在安装 acme.sh 证书申请工具...${Font}" curl -s https://get.acme.sh | sh >/dev/null 2>&1 fi ~/.acme.sh/acme.sh --set-default-ca --server letsencrypt --force >/dev/null 2>&1 - systemctl stop x-ui # 临时停用以释放端口 + systemctl stop x-ui if [ "$SSL_CHOICE" == "1" ]; then read -rp "请输入已解析到本机的域名: " DOMAIN_NAME @@ -270,7 +321,6 @@ fi # ========================================== PROTOCOL="http" if [[ "$SSL_CHOICE" == "1" || "$SSL_CHOICE" == "2" ]]; then - # 检查证书文件是否成功写入数据库 if $INSTALL_PATH/x-ui setting -getCert true | grep -q "cert: /root/cert/"; then PROTOCOL="https" fi