343 lines
16 KiB
Bash
343 lines
16 KiB
Bash
#!/bin/bash
|
||
|
||
# ==========================================
|
||
# 标题:X-UI 终极自动安装脚本 (咸V咆哮多线程防拦截版)
|
||
# 特性:
|
||
# 1. 纯直链下载,彻底摆脱 GitHub 访问限制
|
||
# 2. 引入 Aria2 & Axel 极速多线程下载,伪装 Chrome 绕过防盗链拦截
|
||
# 3. 智能文件大小校验,彻底杜绝 154B 微型假网页报错
|
||
# 4. 双模式安装,自定义库自动附加安全随机路径防探测
|
||
# 5. 完美集成官方 Let's Encrypt SSL 申请 (IP/域名)
|
||
# 6. 自动开启 BBR 加速与系统环境优化清理
|
||
# ==========================================
|
||
|
||
# --- 颜色配置 ---
|
||
Red="\033[31m"
|
||
Green="\033[32m"
|
||
Yellow="\033[33m"
|
||
Blue="\033[36m"
|
||
Font="\033[0m"
|
||
|
||
# --- 核心配置 ---
|
||
# 配置二的自定义数据库链接
|
||
DB_URL="https://git.77582585.xyz/3344/dock/releases/download/3xui1/1.db"
|
||
# 配置二的专属授权码
|
||
PRIVATE_AUTH_CODE="7758258"
|
||
INSTALL_PATH="/usr/local/x-ui"
|
||
DB_PATH="/etc/x-ui/x-ui.db"
|
||
# 强制伪装的浏览器 User-Agent
|
||
FAKE_UA="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36"
|
||
|
||
# 检查 root 权限
|
||
[[ $EUID -ne 0 ]] && echo -e "${Red}错误:请使用 root 权限运行此脚本!${Font}" && exit 1
|
||
|
||
# 随机字符串生成器
|
||
gen_random_string() {
|
||
local length="$1"
|
||
echo $(LC_ALL=C tr -dc 'a-zA-Z0-9' </dev/urandom | fold -w "$length" | head -n 1)
|
||
}
|
||
|
||
# 终极多线程防拦截下载引擎
|
||
download_file() {
|
||
local url=$1
|
||
local file=$2
|
||
local min_size=1000 # 最小文件限制 1000KB (防154B假文件)
|
||
|
||
rm -f "$file"
|
||
|
||
# 文件大小校验函数
|
||
check_file_valid() {
|
||
if [ -f "$file" ]; then
|
||
local file_size=$(du -k "$file" | cut -f1)
|
||
if [ "$file_size" -ge "$min_size" ]; then
|
||
return 0 # 成功
|
||
fi
|
||
fi
|
||
rm -f "$file"
|
||
return 1 # 失败(文件太小)
|
||
}
|
||
|
||
echo -e "${Yellow} -> 方案一:调用 Aria2 (4线程) 极速下载引擎...${Font}"
|
||
if command -v aria2c >/dev/null; then
|
||
aria2c -x 4 -s 4 -k 1M --user-agent="$FAKE_UA" --allow-overwrite=true --dir="$(dirname "$file")" --out="$(basename "$file")" "$url" >/dev/null 2>&1
|
||
check_file_valid && return 0
|
||
fi
|
||
|
||
echo -e "${Yellow} -> 方案二:调用 Axel (4线程) 轻量级加速引擎...${Font}"
|
||
if command -v axel >/dev/null; then
|
||
axel -n 4 -U "$FAKE_UA" -o "$file" "$url" >/dev/null 2>&1
|
||
check_file_valid && return 0
|
||
fi
|
||
|
||
echo -e "${Yellow} -> 方案三:退回 Wget (强制伪装浏览器) 单线程兜底...${Font}"
|
||
wget --no-check-certificate --user-agent="$FAKE_UA" --timeout=30 --tries=3 -O "$file" "$url" >/dev/null 2>&1
|
||
check_file_valid && return 0
|
||
|
||
echo -e "${Yellow} -> 方案四:Curl (强制 HTTP/1.1 降级) 终极兜底...${Font}"
|
||
curl --http1.1 -L -k -A "$FAKE_UA" --connect-timeout 30 --retry 3 -o "$file" "$url" >/dev/null 2>&1
|
||
check_file_valid && return 0
|
||
|
||
return 1
|
||
}
|
||
|
||
clear
|
||
echo -e "${Blue}══════════════════════════════════════════════════${Font}"
|
||
echo -e "${Blue} X-UI 终极自动安装脚本 (咸V咆哮专属) ${Font}"
|
||
echo -e "${Blue}══════════════════════════════════════════════════${Font}"
|
||
echo -e "${Yellow}请选择安装模式:${Font}"
|
||
echo -e " 1. ${Green}官方纯净安装${Font} (直链下载主程序,随机生成安全账密)"
|
||
echo -e " 2. ${Red}载入自定义库${Font} (使用预设数据库,需授权码,自动增强安全)"
|
||
echo -e "──────────────────────────────────────────────────"
|
||
read -rp "请输入数字 [1-2] (默认1): " INSTALL_MODE
|
||
[[ -z "$INSTALL_MODE" ]] && INSTALL_MODE="1"
|
||
|
||
if [ "$INSTALL_MODE" == "2" ]; then
|
||
echo -e "──────────────────────────────────────────────────"
|
||
read -s -rp "请输入专属授权码: " INPUT_PWD
|
||
echo ""
|
||
if [ "$INPUT_PWD" != "$PRIVATE_AUTH_CODE" ]; then
|
||
echo -e "${Red}!! 授权码错误:拒绝安装,脚本已终止 !!${Font}"
|
||
exit 1
|
||
else
|
||
echo -e "${Green}>> 授权通过,准备部署自定义配置...${Font}"
|
||
fi
|
||
echo -e "──────────────────────────────────────────────────"
|
||
fi
|
||
|
||
# ==========================================
|
||
# 步骤 1:系统优化与 BBR 加速
|
||
# ==========================================
|
||
echo -e "${Yellow}>> [1/7] 正在清理系统并开启 BBR 网络加速...${Font}"
|
||
if command -v apt-get >/dev/null; then
|
||
apt-get autoremove -y >/dev/null 2>&1
|
||
apt-get clean >/dev/null 2>&1
|
||
elif command -v yum >/dev/null; then
|
||
yum clean all >/dev/null 2>&1
|
||
fi
|
||
if ! grep -q "bbr" /etc/sysctl.conf; then
|
||
echo "net.core.default_qdisc=fq" >> /etc/sysctl.conf
|
||
echo "net.ipv4.tcp_congestion_control=bbr" >> /etc/sysctl.conf
|
||
sysctl -p >/dev/null 2>&1
|
||
echo -e "${Green}✓ BBR 加速已成功开启${Font}"
|
||
else
|
||
echo -e "${Green}✓ BBR 之前已开启,跳过${Font}"
|
||
fi
|
||
|
||
# ==========================================
|
||
# 步骤 2:安装基础依赖与多线程工具
|
||
# ==========================================
|
||
echo -e "${Yellow}>> [2/7] 正在安装多线程下载器与必备依赖 (aria2, axel, sqlite3...)${Font}"
|
||
if command -v apt-get >/dev/null; then
|
||
apt-get update -y -q >/dev/null 2>&1
|
||
apt-get install -y -q aria2 axel wget curl tar tzdata socat ca-certificates sqlite3 bc >/dev/null 2>&1
|
||
elif command -v yum >/dev/null; then
|
||
yum install -y -q epel-release >/dev/null 2>&1
|
||
yum install -y -q aria2 axel wget curl tar tzdata socat ca-certificates sqlite3 bc >/dev/null 2>&1
|
||
fi
|
||
|
||
SERVER_IP=$(curl -s4m5 api.ipify.org)
|
||
[[ -z "$SERVER_IP" ]] && SERVER_IP=$(curl -s6m5 api64.ipify.org)
|
||
|
||
# ==========================================
|
||
# 步骤 3:架构匹配与多线程直链下载
|
||
# ==========================================
|
||
echo -e "${Yellow}>> [3/7] 识别架构并拉取核心程序...${Font}"
|
||
ARCH=$(uname -m)
|
||
DOWNLOAD_URL=""
|
||
FILE_NAME=""
|
||
|
||
case $ARCH in
|
||
x86_64|amd64) DOWNLOAD_URL="https://git.77582585.xyz/attachments/40eeb013-5006-423f-ad74-a0541ab340f4"; FILE_NAME="x-ui-linux-amd64.tar.gz" ;;
|
||
aarch64|armv8|arm64) DOWNLOAD_URL="https://git.77582585.xyz/attachments/4ab708d5-6bc8-42c0-8494-ef5efe03e074"; FILE_NAME="x-ui-linux-arm64.tar.gz" ;;
|
||
i386|i686|x86) DOWNLOAD_URL="https://git.77582585.xyz/attachments/d1604006-c6b7-4c7c-9652-b42b229ef4cb"; FILE_NAME="x-ui-linux-386.tar.gz" ;;
|
||
armv5*) DOWNLOAD_URL="https://git.77582585.xyz/attachments/8a5c678c-4ae4-43c4-910d-7e47f7c21c22"; FILE_NAME="x-ui-linux-armv5.tar.gz" ;;
|
||
armv6*) DOWNLOAD_URL="https://git.77582585.xyz/attachments/0e7c7fd7-192e-44b3-9739-785a5fb1b51f"; FILE_NAME="x-ui-linux-armv6.tar.gz" ;;
|
||
armv7*) DOWNLOAD_URL="https://git.77582585.xyz/attachments/9d1bf416-afb6-4e9f-b46b-ab3a1913a998"; FILE_NAME="x-ui-linux-armv7.tar.gz" ;;
|
||
s390x) DOWNLOAD_URL="https://git.77582585.xyz/attachments/18784828-0d20-4bc5-908c-15f91bcf8eb5"; FILE_NAME="x-ui-linux-s390x.tar.gz" ;;
|
||
*) echo -e "${Red}不支持的架构: $ARCH${Font}" && exit 1 ;;
|
||
esac
|
||
|
||
echo -e "${Green}✓ 检测到架构: $ARCH,启动多重防拦截下载引擎...${Font}"
|
||
systemctl stop x-ui >/dev/null 2>&1
|
||
rm -rf /usr/local/x-ui
|
||
mkdir -p /usr/local/
|
||
cd /usr/local/
|
||
|
||
# 开始智能下载
|
||
if ! download_file "$DOWNLOAD_URL" "$FILE_NAME"; then
|
||
echo -e "${Red}!! 终极下载失败:四大引擎全灭或直链失效,请检查服务器网络或链接 !!${Font}"
|
||
exit 1
|
||
fi
|
||
|
||
echo -e "${Green}✓ 核心程序下载成功,大小校验通过!${Font}"
|
||
|
||
if ! tar -tzf "$FILE_NAME" >/dev/null 2>&1; then
|
||
echo -e "${Red}!! 文件解压失败,可能是包损坏,请重试 !!${Font}"
|
||
exit 1
|
||
fi
|
||
|
||
tar zxvf "$FILE_NAME" >/dev/null
|
||
rm -f "$FILE_NAME"
|
||
cd x-ui
|
||
chmod +x x-ui x-ui.sh bin/xray-linux-*
|
||
|
||
ln -sf "$INSTALL_PATH/x-ui.sh" /usr/bin/x-ui
|
||
|
||
cat > /etc/systemd/system/x-ui.service <<EOF
|
||
[Unit]
|
||
Description=x-ui Service
|
||
After=network.target
|
||
|
||
[Service]
|
||
Type=simple
|
||
User=root
|
||
WorkingDirectory=$INSTALL_PATH
|
||
ExecStart=$INSTALL_PATH/x-ui
|
||
Restart=on-failure
|
||
RestartSec=5s
|
||
|
||
[Install]
|
||
WantedBy=multi-user.target
|
||
EOF
|
||
|
||
# ==========================================
|
||
# 步骤 4:数据库部署与安全加固
|
||
# ==========================================
|
||
echo -e "${Yellow}>> [4/7] 正在部署数据库并进行安全加固...${Font}"
|
||
mkdir -p /etc/x-ui/
|
||
rm -f "$DB_PATH"
|
||
|
||
CONFIG_USER=""
|
||
CONFIG_PASS=""
|
||
CONFIG_PORT=""
|
||
CONFIG_PATH="$(gen_random_string 16)"
|
||
|
||
if [ "$INSTALL_MODE" == "1" ]; then
|
||
echo -e "${Green}✓ 模式一:初始化纯净数据库${Font}"
|
||
CONFIG_USER=$(gen_random_string 8)
|
||
CONFIG_PASS=$(gen_random_string 10)
|
||
CONFIG_PORT=$(shuf -i 10000-60000 -n 1)
|
||
|
||
$INSTALL_PATH/x-ui setting -username "${CONFIG_USER}" -password "${CONFIG_PASS}" -port "${CONFIG_PORT}" -webBasePath "${CONFIG_PATH}" >/dev/null 2>&1
|
||
else
|
||
echo -e "${Green}✓ 模式二:拉取自定义数据库...${Font}"
|
||
|
||
# 强制将下载下限调整为 10KB,因为 1.db 一般较小,防误判丢弃
|
||
rm -f "$DB_PATH"
|
||
if command -v aria2c >/dev/null; then
|
||
aria2c -x 4 -s 4 --user-agent="$FAKE_UA" --allow-overwrite=true --dir="$(dirname "$DB_PATH")" --out="$(basename "$DB_PATH")" "$DB_URL" >/dev/null 2>&1
|
||
else
|
||
wget --no-check-certificate --user-agent="$FAKE_UA" --timeout=30 --tries=3 -O "$DB_PATH" "$DB_URL" >/dev/null 2>&1
|
||
fi
|
||
|
||
if [ ! -s "$DB_PATH" ]; then
|
||
echo -e "${Red}警告:自定义数据库下载失败,退回初始状态!${Font}"
|
||
cp $INSTALL_PATH/bin/x-ui.db "$DB_PATH"
|
||
fi
|
||
|
||
CONFIG_USER=$(sqlite3 "$DB_PATH" "SELECT username FROM users WHERE id=1;")
|
||
CONFIG_PASS=$(sqlite3 "$DB_PATH" "SELECT password FROM users WHERE id=1;")
|
||
CONFIG_PORT=$(sqlite3 "$DB_PATH" "SELECT value FROM settings WHERE key='webPort';")
|
||
|
||
sqlite3 -cmd ".timeout 2000" "$DB_PATH" "UPDATE settings SET value='/${CONFIG_PATH}/' WHERE key='webBasePath';"
|
||
echo -e "${Green}✓ 已为自定义库注入随机网页路径:/${CONFIG_PATH}/${Font}"
|
||
fi
|
||
|
||
# ==========================================
|
||
# 步骤 5:启动服务与防火墙放行
|
||
# ==========================================
|
||
echo -e "${Yellow}>> [5/7] 启动面板并放行防火墙端口 (${CONFIG_PORT})...${Font}"
|
||
systemctl daemon-reload
|
||
systemctl enable x-ui >/dev/null 2>&1
|
||
systemctl restart x-ui
|
||
|
||
if command -v ufw >/dev/null 2>&1; then ufw allow ${CONFIG_PORT}/tcp >/dev/null 2>&1; fi
|
||
if command -v firewall-cmd >/dev/null 2>&1; then
|
||
firewall-cmd --zone=public --add-port=${CONFIG_PORT}/tcp --permanent >/dev/null 2>&1
|
||
firewall-cmd --reload >/dev/null 2>&1
|
||
fi
|
||
iptables -I INPUT -p tcp --dport ${CONFIG_PORT} -j ACCEPT 2>/dev/null
|
||
|
||
# ==========================================
|
||
# 步骤 6:SSL 证书配置
|
||
# ==========================================
|
||
echo ""
|
||
echo -e "${Blue}══════════════════════════════════════════════════${Font}"
|
||
echo -e "${Yellow}>> [6/7] SSL 证书安全设置 (强烈推荐配置 HTTPS)${Font}"
|
||
echo -e "${Blue}══════════════════════════════════════════════════${Font}"
|
||
echo -e " 1. ${Green}使用 Let's Encrypt 申请域名证书${Font} (需提前解析域名至本机,有效期90天)"
|
||
echo -e " 2. ${Green}使用 Let's Encrypt 申请 IP 证书${Font} (自动绑定本机IP,有效期6天自动续期)"
|
||
echo -e " 3. ${Red}跳过,裸奔 HTTP${Font} (极易被墙探测,不推荐)"
|
||
read -rp "请选择 SSL 申请方式 [1-3]: " SSL_CHOICE
|
||
|
||
FINAL_HOST="$SERVER_IP"
|
||
|
||
if [[ "$SSL_CHOICE" == "1" || "$SSL_CHOICE" == "2" ]]; then
|
||
iptables -I INPUT -p tcp --dport 80 -j ACCEPT 2>/dev/null
|
||
|
||
if ! command -v ~/.acme.sh/acme.sh &>/dev/null; then
|
||
echo -e "${Yellow}>> 正在安装 acme.sh 证书申请工具...${Font}"
|
||
curl -s https://get.acme.sh | sh >/dev/null 2>&1
|
||
fi
|
||
|
||
~/.acme.sh/acme.sh --set-default-ca --server letsencrypt --force >/dev/null 2>&1
|
||
systemctl stop x-ui
|
||
|
||
if [ "$SSL_CHOICE" == "1" ]; then
|
||
read -rp "请输入已解析到本机的域名: " DOMAIN_NAME
|
||
echo -e "${Yellow}>> 正在为 ${DOMAIN_NAME} 申请域名证书...${Font}"
|
||
~/.acme.sh/acme.sh --issue -d ${DOMAIN_NAME} --standalone --httpport 80 --force
|
||
|
||
if [ $? -eq 0 ]; then
|
||
CERT_DIR="/root/cert/${DOMAIN_NAME}"
|
||
mkdir -p "$CERT_DIR"
|
||
~/.acme.sh/acme.sh --installcert -d ${DOMAIN_NAME} --key-file ${CERT_DIR}/privkey.pem --fullchain-file ${CERT_DIR}/fullchain.pem --reloadcmd "systemctl restart x-ui" >/dev/null 2>&1
|
||
$INSTALL_PATH/x-ui cert -webCert "${CERT_DIR}/fullchain.pem" -webCertKey "${CERT_DIR}/privkey.pem" >/dev/null 2>&1
|
||
FINAL_HOST="${DOMAIN_NAME}"
|
||
echo -e "${Green}✓ 域名证书申请并部署成功!${Font}"
|
||
else
|
||
echo -e "${Red}!! 证书申请失败,请确保域名已解析且 80 端口未被占用。回退至 HTTP 模式。${Font}"
|
||
fi
|
||
|
||
elif [ "$SSL_CHOICE" == "2" ]; then
|
||
echo -e "${Yellow}>> 正在为本机 IP (${SERVER_IP}) 申请短效证书...${Font}"
|
||
CERT_DIR="/root/cert/ip"
|
||
mkdir -p "$CERT_DIR"
|
||
~/.acme.sh/acme.sh --issue -d ${SERVER_IP} --standalone --server letsencrypt --certificate-profile shortlived --days 6 --httpport 80 --force
|
||
|
||
if [ $? -eq 0 ]; then
|
||
~/.acme.sh/acme.sh --installcert -d ${SERVER_IP} --key-file "${CERT_DIR}/privkey.pem" --fullchain-file "${CERT_DIR}/fullchain.pem" --reloadcmd "systemctl restart x-ui" >/dev/null 2>&1
|
||
$INSTALL_PATH/x-ui cert -webCert "${CERT_DIR}/fullchain.pem" -webCertKey "${CERT_DIR}/privkey.pem" >/dev/null 2>&1
|
||
echo -e "${Green}✓ IP 证书申请并部署成功!(后台会自动续期)${Font}"
|
||
else
|
||
echo -e "${Red}!! 证书申请失败,请确保 80 端口未被占用。回退至 HTTP 模式。${Font}"
|
||
fi
|
||
fi
|
||
systemctl start x-ui
|
||
fi
|
||
|
||
# ==========================================
|
||
# 步骤 7:完成与信息展示
|
||
# ==========================================
|
||
PROTOCOL="http"
|
||
if [[ "$SSL_CHOICE" == "1" || "$SSL_CHOICE" == "2" ]]; then
|
||
if $INSTALL_PATH/x-ui setting -getCert true | grep -q "cert: /root/cert/"; then
|
||
PROTOCOL="https"
|
||
fi
|
||
fi
|
||
|
||
echo ""
|
||
echo -e "${Blue}══════════════════════════════════════════════════${Font}"
|
||
echo -e "${Green} X-UI 面板安装部署完成 ${Font}"
|
||
echo -e "${Blue}══════════════════════════════════════════════════${Font}"
|
||
echo -e "部署模式 : ${Yellow}$([ "$INSTALL_MODE" == "1" ] && echo "官方纯净模式" || echo "自定义数据库模式 (已注入随机路径防封)")${Font}"
|
||
echo -e "访问协议 : $([ "$PROTOCOL" == "https" ] && echo "${Green}HTTPS (SSL 安全加密)${Font}" || echo "${Red}HTTP (未加密)${Font}")"
|
||
echo -e "──────────────────────────────────────────────────"
|
||
echo -e "面板地址 : ${Green}${PROTOCOL}://${FINAL_HOST}:${CONFIG_PORT}/${CONFIG_PATH}/${Font}"
|
||
echo -e "登入账号 : ${Green}${CONFIG_USER}${Font}"
|
||
echo -e "登入密码 : ${Green}${CONFIG_PASS}${Font}"
|
||
echo -e "面板端口 : ${Green}${CONFIG_PORT}${Font}"
|
||
echo -e "安全路径 : ${Green}/${CONFIG_PATH}/${Font}"
|
||
echo -e "${Blue}══════════════════════════════════════════════════${Font}"
|
||
echo -e "${Yellow}⚠ 强烈建议:请立即保存上方的信息!${Font}"
|
||
echo -e "${Yellow}⚠ 日常管理:在终端输入 x-ui 即可呼出管理菜单。${Font}" |