From a03db52a0144ab961d8a45c6d360941e2d21b272 Mon Sep 17 00:00:00 2001 From: eller <23046078+ellermister@users.noreply.github.com> Date: Wed, 22 Nov 2023 19:47:28 +0800 Subject: [PATCH] Refactor part of version and fix some bugs. --- .github/workflows/docker-publish.yml | 68 +++++ .gitignore | 6 + Dockerfile | 5 +- README.md | 81 ++++-- mtp_config => mtp_config.example | 3 +- mtproxy-entrypoint.sh | 17 +- mtproxy.sh | 398 +++++++++++++++------------ nginx/default.conf | 4 + nginx/nginx.conf | 8 +- 9 files changed, 392 insertions(+), 198 deletions(-) create mode 100644 .github/workflows/docker-publish.yml create mode 100644 .gitignore rename mtp_config => mtp_config.example (78%) diff --git a/.github/workflows/docker-publish.yml b/.github/workflows/docker-publish.yml new file mode 100644 index 0000000..a55a969 --- /dev/null +++ b/.github/workflows/docker-publish.yml @@ -0,0 +1,68 @@ +name: Docker + +on: + workflow_dispatch: + push: + branches: [ "master" ] + # Publish semver tags as releases. + tags: [ 'v*.*.*' ] + +env: + # Use docker.io for Docker Hub if empty + REGISTRY: "docker.io" + # github.repository as / + IMAGE_NAME: ${{ github.repository }} + + +jobs: + build: + + runs-on: ubuntu-latest + permissions: + contents: read + packages: write + # This is used to complete the identity challenge + # with sigstore/fulcio when running outside of PRs. + id-token: write + + steps: + - name: Checkout repository + uses: actions/checkout@v3 + + # Set up BuildKit Docker container builder to be able to build + # multi-platform images and export cache + # https://github.com/docker/setup-buildx-action + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0 + + # Login against a Docker registry except on PR + # https://github.com/docker/login-action + - name: Log into registry ${{ env.REGISTRY }} + if: github.event_name != 'pull_request' + uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0 + with: + registry: ${{ env.REGISTRY }} + username: ${{ secrets.DOCKERHUB_USERNAME }} + password: ${{ secrets.DOCKERHUB_TOKEN }} + + # Extract metadata (tags, labels) for Docker + # https://github.com/docker/metadata-action + - name: Extract Docker metadata + id: meta + uses: docker/metadata-action@96383f45573cb7f253c731d3b3ab81c87ef81934 # v5.0.0 + with: + images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} + + # Build and push Docker image with Buildx (don't push on PR) + # https://github.com/docker/build-push-action + - name: Build and push Docker image + id: build-and-push + uses: docker/build-push-action@0565240e2d4ab88bba5387d719585280857ece09 # v5.0.0 + with: + context: . + platforms: linux/amd64,linux/arm64 + push: ${{ github.event_name != 'pull_request' }} + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} + cache-from: type=gha + cache-to: type=gha,mode=max diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..522356e --- /dev/null +++ b/.gitignore @@ -0,0 +1,6 @@ +mtg +mtproto-proxy +proxy-multi.conf +proxy-secret +build +pid \ No newline at end of file diff --git a/Dockerfile b/Dockerfile index 76f7bd0..129b942 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,6 @@ -FROM --platform=$TARGETPLATFORM nginx AS build +FROM --platform=$TARGETPLATFORM nginx:1.23.2 AS build +#FROM nginx:1.23.2 AS build + COPY . /home/mtproxy @@ -10,7 +12,6 @@ WORKDIR /home/mtproxy RUN set -ex \ && cd $WORKDIR \ && cp src/* /usr/share/nginx/html \ - && cp mtp_config mtp_config.bak \ && rm -rf .git \ && cp mtproxy-entrypoint.sh /docker-entrypoint.d/40-mtproxy-start.sh \ && chmod +x /docker-entrypoint.d/40-mtproxy-start.sh \ diff --git a/README.md b/README.md index 3461858..6dc54aa 100644 --- a/README.md +++ b/README.md @@ -1,29 +1,43 @@ # mtproxy -MTProxyTLS 一键安装绿色脚本 [English](README-en.md) - -> 如果你反复遇到段错误或者其他未知问题, 建议更换为 Debian 9+ 以上的系统或采用 Docker 方式运行. +这是一个一键安装 MTProxy 代理的绿色脚本,脚本可以在官方版本的 MTProxy 程序和兼容性最强的第三方作者开发的 mtg 程序中进行选择静态安装或者编译,该版本默认支持 Fake TLS 以及 AdTag 配置。 +在此基础上,提供了 Nginx 作为前端转发,MTProxy 作为后端代理的方式以实现安全的伪装,并且在 nginx 转发层进行配置了 IP 白名单,只有通过白名单认证过的 IP 才可以进行访问,此功能提供了 Docker 镜像以便开箱即用。 + [English](README-en.md) ## 交流群组 Telegram 群组:https://t.me/EllerHK +## 安装方式 +提供了两种安装方式可供选择: -## 安装方式 +- 使用脚本 + + 选择该方式一般是你在宿主机中进行直接安装或者编译,会或多或少需要安装一些系统基础依赖库。 + +- 使用 Docker + + **小白建议使用 Docker!** 不会对宿主机造成污染,如果你需要修改一些配置文件,需要你稍微学习一些基础Docker 使用技术。 + +### 使用脚本 + +> 如果你反复遇到段错误或者其他未知问题, 建议更换为 Debian 9+ 以上的系统或采用 Docker 方式运行. 执行如下代码进行安装 ```bash -mkdir /home/mtproxy && cd /home/mtproxy -curl -s -o mtproxy.sh https://raw.githubusercontent.com/ellermister/mtproxy/master/mtproxy.sh && chmod +x mtproxy.sh && bash mtproxy.sh +rm -rf /home/mtproxy && mkdir /home/mtproxy && cd /home/mtproxy +curl -s -o mtproxy.sh https://github.com/ellermister/mtproxy/raw/master/mtproxy.sh +bash mtproxy.sh ``` ![mtproxy.sh](https://raw.githubusercontent.com/ellermister/mtproxy/master/mtproxy.jpg) - ## 白名单 MTProxy Docker 镜像 +### 使用Docker | 白名单 MTProxy Docker 镜像 + The image integrates nginx and mtproxy+tls to disguise traffic, and uses a whitelist mode to deal with firewall detection. 该镜像集成了 nginx、mtproxy+tls 实现对流量的伪装,并采用**白名单**模式来应对防火墙的检测。 @@ -32,20 +46,55 @@ If you use this Docker image, you don't need to use the script, you can choose o 若使用该 Docker 镜像, 就不需要用脚本了,二者二选一,不要搞混了。 +**如果没有安装Docker**,一键安装方式: + +```bash +curl -fsSL https://get.docker.com -o get-docker.sh +sh get-docker.sh +``` + +**创建白名单镜像:** + ```bash -secret=$(head -c 16 /dev/urandom | xxd -ps) -domain="cloudflare.com" -docker run --name nginx-mtproxy -d -e secret="$secret" -e domain="$domain" -p 8080:80 -p 8443:443 ellermister/nginx-mtproxy:latest +docker run -d \ +--name mtproxy \ +--restart=always \ +-e domain="cloudflare.com" \ +-p 8080:80 \ +-p 8443:443 \ +ellermister/mtproxy ``` -镜像默认开启了 IP 段白名单,如果你不需要可以取消: +**镜像默认开启了 IP 段白名单**,如果你不需要可以配置 `ip_white_list="OFF"` 取消: ```bash -docker run --name nginx-mtproxy -d -e secret="$secret" -e domain="$domain" -e ip_white_list="IP" -p 8080:80 -p 8443:443 ellermister/nginx-mtproxy:latest +docker run -d \ +--name mtproxy \ +--restart=always \ +-e domain="cloudflare.com" \ +-e secret="548593a9c0688f4f7d9d57377897d964" \ +-e ip_white_list="OFF" \ +-p 8080:80 \ +-p 8443:443 \ +ellermister/mtproxy ``` -更多使用请参考: https://hub.docker.com/r/ellermister/nginx-mtproxy +`ip_white_list` 选项: + +- **OFF** 关闭白名单 +- **IP** 开启 IP 白名单 +- **IPSEG** 开启 IP 段白名单 + +`secret`指定密钥:如果你想创建已知的密钥,格式为:32位十六进制字符。 +**在日志中查看链接的参数配置**: + +```bash +docker logs -f mtproxy +``` +连接端口记得修改为你映射后的外部端口,如上文例子中都是`8443`,在连接时修改端口。 + +更多使用请参考: https://hub.docker.com/r/ellermister/mtproxy ## 使用方式 @@ -73,8 +122,6 @@ bash mtproxy.sh stop bash mtproxy.sh restart ``` - - ## 卸载安装 因为是绿色版卸载极其简单,直接删除所在目录即可。 @@ -83,10 +130,10 @@ bash mtproxy.sh restart rm -rf /home/mtproxy ``` - - ## 开机启动 +> 该脚本没有配置为系统服务的方式,你可以将其添加到开机启动脚本中。 + 开机启动脚本,如果你的 rc.local 文件不存在请检查开机自启服务。 通过编辑文件`/etc/rc.local`将如下代码加入到开机自启脚本中: diff --git a/mtp_config b/mtp_config.example similarity index 78% rename from mtp_config rename to mtp_config.example index 3c09b86..1c09ebf 100644 --- a/mtp_config +++ b/mtp_config.example @@ -2,5 +2,6 @@ secret="4451023506896290666356006a67ce93" port=8443 web_port=8888 -domain="azure.microsoft.com" +domain="cloudflare.com" proxy_tag="4451023506896290666356006a67ce91" +provider=1 \ No newline at end of file diff --git a/mtproxy-entrypoint.sh b/mtproxy-entrypoint.sh index 7d469a4..5cc2396 100644 --- a/mtproxy-entrypoint.sh +++ b/mtproxy-entrypoint.sh @@ -4,8 +4,15 @@ set -e chmod 777 /etc/nginx/ip_white.conf chmod 777 /run/php/php7.4-fpm.sock + +default_config="/home/mtproxy/mtp_config.example" mtp_config="/home/mtproxy/mtp_config" -init_lock="/home/mtproxy/mtp_config.lock" + +function gen_rand_hex() { + local result=$(dd if=/dev/urandom bs=1 count=500 status=none | od -An -tx1 | tr -d ' \n') + echo "${result:0:$1}" +} + set_config(){ if [ "$secret" ] && [[ "$secret" =~ ^[A-Za-z0-9]{32}$ ]]; then @@ -19,11 +26,11 @@ set_config(){ fi } -if [ ! -f $init_lock ];then - cp "${mtp_config}.bak" "$mtp_config" - echo 1>"$init_lock" +if [ ! -f $mtp_config ];then + cp "${default_config}" "$mtp_config" + if [ ! "$secret" ]; then - secret=$(head -c 16 /dev/urandom | xxd -ps) + secret=$(gen_rand_hex 32) fi if [ ! "$ip_white_list" ]; then diff --git a/mtproxy.sh b/mtproxy.sh index 33a64c7..096df20 100644 --- a/mtproxy.sh +++ b/mtproxy.sh @@ -72,72 +72,63 @@ function get_cpu_core() { echo $(cat /proc/cpuinfo | grep "processor" | wc -l) } -function get_architecture(){ +function get_architecture() { local architecture="" case $(uname -m) in - i386) architecture="386" ;; - i686) architecture="386" ;; - x86_64) architecture="amd64" ;; - arm|aarch64|aarch) dpkg --print-architecture | grep -q "arm64" && architecture="arm64" || architecture="armv6l" ;; - *) echo "Unsupported system architecture "$(uname -m) && exit 1 ;; + i386) architecture="386" ;; + i686) architecture="386" ;; + x86_64) architecture="amd64" ;; + arm | aarch64 | aarch) dpkg --print-architecture | grep -q "arm64" && architecture="arm64" || architecture="armv6l" ;; + *) echo "Unsupported system architecture "$(uname -m) && exit 1 ;; esac echo $architecture } -function check_ps_not_install_to_install(){ - if type ps >/dev/null 2>&1; then - return 1 - else - if check_sys packageManager yum; then - yum install -y procps-ng.x86_64 - elif check_sys packageManager apt; then - apt-get -y update - apt install -y procps - fi - return 0 - fi -} +function build_mtproto() { + cd $WORKDIR -function pid_exists() { - check_ps_not_install_to_install - local exists=$(ps aux | awk '{print $2}' | grep -w $1) - if [[ ! $exists ]]; then - return 0 - else - return 1 + local platform=$(uname -m) + if [[ -z "$1" ]]; then + echo "缺少参数" + exit 1 fi -} + do_install_build_dep -function build_mtproto() { - cd $WORKDIR - local platform=$(uname -m) + rm -rf build + mkdir build && cd build - if [[ "$platform" == "x86_64" ]];then - if [ ! -d 'MTProxy' ]; then - git clone https://github.com/TelegramMessenger/MTProxy --depth=1 + if [[ "1" == "$1" ]]; then + if [ -d 'MTProxy' ]; then + rm -rf 'MTProxy' fi - cd MTProxy - sed -i 's/CFLAGS\s*=[^\r]\+/& -fcommon\r/' Makefile - make && cd objs/bin - cp -f $WORKDIR/MTProxy/objs/bin/mtproto-proxy $WORKDIR - cd $WORKDIR - else - if [[ -f "WORKDIR/mtg" ]];then - return + + git clone https://github.com/ellermister/MTProxyC --depth=1 MTProxy + cd MTProxy && make && cd objs/bin && chmod +x mtproto-proxy + + if [ ! -f "./mtproto-proxy" ]; then + echo "mtproto-proxy 编译失败" + exit 1 fi - # golang + cp -f mtproto-proxy $WORKDIR + + + # clean + rm -rf 'MTProxy' + + elif [[ "2" == "$1" ]]; then + # golang local arch=$(get_architecture) - rm -f golang.tar.gz + # https://go.dev/dl/go1.18.4.linux-amd64.tar.gz local golang_url="https://go.dev/dl/go1.18.4.linux-$arch.tar.gz" wget $golang_url -O golang.tar.gz - rm -rf $WORKDIR/go && tar -C $WORKDIR -xzf golang.tar.gz - export PATH=$PATH:$WORKDIR/go/bin + rm -rf go && tar -C . -xzf golang.tar.gz + export PATH=$PATH:$(pwd)/go/bin go version - if [[ $? != 0 ]];then + if [[ $? != 0 ]]; then local uname_m=$(uname -m) local architecture_origin=$(dpkg --print-architecture) echo -e "[\033[33mError\033[0m] golang download failed, please check!!! arch: $arch, platform: $platform, uname: $uname_m, architecture_origin: $architecture_origin download url: $golang_url" @@ -145,84 +136,153 @@ function build_mtproto() { fi rm -rf build-mtg - git clone https://github.com/9seconds/mtg.git -b v1 build-mtg --depth=1 - cd build-mtg && make static - - if [[ ! -f "$WORKDIR/build-mtg/mtg" ]];then + git clone https://github.com/9seconds/mtg.git -b v1 build-mtg + cd build-mtg && git reset --hard 9d67414db633dded5f11d549eb80617dc6abb2c3 && make static + + if [[ ! -f "./mtg" ]]; then echo -e "[\033[33mError\033[0m] Build fail for mtg, please check!!! $arch" exit 1 fi - cp -f $WORKDIR/build-mtg/mtg $WORKDIR && chmod +x $WORKDIR/mtg - - # clean - rm -rf $WORKDIR/build-mtg $WORKDIR/golang.tar.gz $WORKDIR/go + cp -f mtg $WORKDIR && chmod +x $WORKDIR/mtg fi + + # clean + cd $WORKDIR + rm -rf build + } -function get_mtg_provider(){ - local arch=$(uname -m) - if [[ "$arch" == "x86_64" ]];then +function get_mtg_provider() { + source ./mtp_config + + local arch=$(get_architecture) + if [[ "$arch" != "amd64" && $provider -eq 1 ]]; then + provider=2 + fi + + if [ $provider -eq 1 ]; then echo "mtproto-proxy" - else + elif [ $provider -eq 2 ]; then echo "mtg" + else + echo "错误配置,请重新安装" + exit 1 fi } -install() { - cd $WORKDIR - if [ ! -d "./pid" ]; then - mkdir "./pid" +function is_installed() { + if [ ! -f "$WORKDIR/mtp_config" ]; then + return 1 fi + return 0 +} - xxd_status=1 - echo a | xxd -ps &>/dev/null - if [ $? != "0" ]; then - xxd_status=0 - fi +function is_running_mtp() { + if [ -f $pid_file ]; then - if [[ "$(uname -m)" != "x86_64" ]]; then - if check_sys packageManager yum; then - yum update -y - yum install -y openssl-devel zlib-devel iproute wget git - yum groupinstall -y "Development Tools" - if [ $xxd_status == 0 ]; then - yum install -y vim-common - fi - elif check_sys packageManager apt; then - apt-get -y update - apt install -y git curl build-essential libssl-dev zlib1g-dev iproute2 wget - if [ $xxd_status == 0 ]; then - apt install -y vim-common - fi + if is_pid_exists $(cat $pid_file); then + return 0 fi + fi + return 1 +} + +function is_supported_official_version() { + local arch=$(uname -m) + if [[ "$arch" == "x86_64" ]]; then + return 0 else - if check_sys packageManager yum; then - yum update -y - yum install -y vim-common git - yum groupinstall "Development Tools" - elif check_sys packageManager apt; then - apt-get -y update - apt install -y vim-common git - fi + return 1 + fi +} + +function is_pid_exists() { + # check_ps_not_install_to_install + local exists=$(ps aux | awk '{print $2}' | grep -w $1) + if [[ ! $exists ]]; then + return 1 + else + return 0 fi +} + +do_install() { + cd $WORKDIR mtg_provider=$(get_mtg_provider) + if [[ "$mtg_provider" == "mtg" ]]; then - build_mtproto + local arch=$(get_architecture) + local mtg_url=https://github.com/9seconds/mtg/releases/download/v1.0.12/mtg-1.0.12-linux-amd64.tar.gz + wget $mtg_url -O mtg.tar.gz + tar -xzvf mtg.tar.gz mtg-1.0.12-linux-amd64/mtg --strip-components 1 + + [[ -f "./mtg" ]] && ./mtg && echo "Installed for mtg" else - wget https://github.com/ellermister/mtproxy/releases/download/0.02/mtproto-proxy -O mtproto-proxy -q + wget https://github.com/ellermister/mtproxy/releases/download/0.03/mtproto-proxy -O mtproto-proxy -q chmod +x mtproto-proxy fi + + if [ ! -d "./pid" ]; then + mkdir "./pid" + fi + } print_line() { echo -e "=========================================" } -config_mtp() { +do_install_basic_dep() { + if check_sys packageManager yum; then + yum install -y iproute curl wget procps-ng.x86_64 + elif check_sys packageManager apt; then + apt install -y iproute2 curl wget procps + fi + + return 0 +} + +do_install_build_dep() { + if check_sys packageManager yum; then + yum install -y git openssl-devel zlib-devel + yum groupinstall -y "Development Tools" + elif check_sys packageManager apt; then + apt install -y git curl build-essential libssl-dev zlib1g-dev + fi + return 0 +} + +do_config_mtp() { cd $WORKDIR - echo -e "检测到您的配置文件不存在, 为您指引生成!" && print_line + + while true; do + default_provider=1 + echo -e "请输入要安装的程序版本" + echo -e "1. Telegram 官方版本 (C语言, 存在一些问题, 只支持 x86_64)" + echo -e "2. 9seconds 第三方版本(兼容性强)" + + if ! is_supported_official_version; then + echo -e "\n[\033[33m提醒\033[0m] 你的系统不支持官方版本\n" + fi + + read -p "(默认版本: ${default_provider}):" input_provider + [ -z "${input_provider}" ] && input_provider=${default_provider} + expr ${input_provider} + 1 &>/dev/null + if [ $? -eq 0 ]; then + if [ ${input_provider} -ge 1 ] && [ ${input_provider} -le 2 ] && [ ${input_provider:0:1} != 0 ]; then + echo + echo "---------------------------" + echo "provider = ${input_provider}" + echo "---------------------------" + echo + break + fi + fi + echo -e "[\033[33m错误\033[0m] 请重新输入程序版本 [1-65535]\n" + done + while true; do default_port=443 echo -e "请输入一个客户端连接端口 [1-65535]" @@ -282,7 +342,7 @@ config_mtp() { # config info public_ip=$(get_ip_public) - secret=$(head -c 16 /dev/urandom | xxd -ps) + secret=$(gen_rand_hex 32) # proxy tag while true; do @@ -305,8 +365,6 @@ config_mtp() { echo -e "[\033[33m错误\033[0m] TAG格式不正确!" done - curl -s https://core.telegram.org/getProxySecret -o proxy-secret - curl -s https://core.telegram.org/getProxyConfig -o proxy-multi.conf cat >./mtp_config </dev/null 2>&1 & + [[ -f "./mtg" ]] || (echo -e "提醒:\033[33m MTProxy 代理程序不存在请重新安装! \033[0m" && exit 1) ./mtg run $client_secret $proxy_tag -b 0.0.0.0:$port --multiplex-per-connection 500 >/dev/null 2>&1 & else curl -s https://core.telegram.org/getProxyConfig -o proxy-multi.conf @@ -365,7 +427,7 @@ run_mtp() { workerman=$(get_cpu_core) tag_arg="" [[ -n "$proxy_tag" ]] && tag_arg="-P $proxy_tag" - ./mtproto-proxy -u nobody -p $web_port -H $port -S $secret --aes-pwd proxy-secret proxy-multi.conf -M $workerman $tag_arg --domain $domain $nat_info >/dev/null 2>&1 & + ./mtproto-proxy -u nobody -p $web_port -H $port -S $secret --aes-pwd proxy-secret proxy-multi.conf -M $workerman $tag_arg --domain $domain $nat_info >/dev/null 2>&1 & fi echo $! >$pid_file @@ -377,15 +439,21 @@ run_mtp() { debug_mtp() { cd $WORKDIR source ./mtp_config + + mtg_provider=$(get_mtg_provider) + nat_info=$(get_nat_ip_param) workerman=$(get_cpu_core) tag_arg="" [[ -n "$proxy_tag" ]] && tag_arg="-P $proxy_tag" echo "当前正在运行调试模式:" echo -e "\t你随时可以通过 Ctrl+C 进行取消操作" - if [[ "$mtg_provider" == "mtg" ]];then - domain_hex=$(xxd -pu <<<$domain | sed 's/0a//g') + if [[ "$mtg_provider" == "mtg" ]]; then + domain_hex=$(str_to_hex $domain) client_secret="ee${secret}${domain_hex}" + + echo "domain_hex = $domain_hex" + echo "secret = $secret" #echo " ./mtg simple-run -n 1.1.1.1 -t 30s -a 512kib 0.0.0.0:$port $client_secret" #./mtg simple-run -n 1.1.1.1 -t 30s -a 512kib 0.0.0.0:$port $client_secret echo " ./mtg run $client_secret $proxy_tag -b 0.0.0.0:$port --multiplex-per-connection 500" @@ -394,65 +462,48 @@ debug_mtp() { echo " ./mtproto-proxy -u nobody -p $web_port -H $port -S $secret --aes-pwd proxy-secret proxy-multi.conf -M $workerman $tag_arg --domain $domain $nat_info" ./mtproto-proxy -u nobody -p $web_port -H $port -S $secret --aes-pwd proxy-secret proxy-multi.conf -M $workerman $tag_arg --domain $domain $nat_info fi - + } stop_mtp() { local pid=$(cat $pid_file) kill -9 $pid - pid_exists $pid - if [[ $pid == 1 ]]; then + + if is_pid_exists $pid; then echo "停止任务失败" fi } -fix_mtp() { - if [ $(id -u) != 0 ]; then - echo -e "> ※ (该功能仅限 root 用户执行)" - exit 1 +reinstall_mtp() { + cd $WORKDIR + if [ -f "./mtp_config" ]; then + while true; do + default_keep_config="y" + echo -e "是否保留配置文件? " + read -p "y: 保留 , n: 不保留 (默认: ${default_keep_config}):" input_keep_config + [ -z "${input_keep_config}" ] && input_keep_config=${default_keep_config} + echo "debug = ${input_keep_config}" + if [[ "$input_keep_config" == "y" ]] || [[ "$input_keep_config" == "n" ]]; then + if [[ "$input_keep_config" == "n" ]]; then + rm -f mtp_config + fi + break + fi + echo -e "[\033[33m错误\033[0m] 输入错误, 请输入 y / n" + done fi - print_line - echo -e "> 开始清空防火墙规则/停止防火墙/卸载防火墙..." - print_line - - if check_sys packageManager yum; then - systemctl stop firewalld.service - systemctl disable firewalld.service - systemctl stop iptables - systemctl disable iptables - service stop iptables - yum remove -y iptables - yum remove -y firewalld - elif check_sys packageManager apt; then - iptables -F - iptables -t nat -F - iptables -P ACCEPT - iptables -t nat -P ACCEPT - service stop iptables - apt-get remove -y iptables - ufw disable + if [ ! -f "./mtp_config" ]; then + do_install_basic_dep + do_config_mtp fi - print_line - echo -e "> 开始安装/更新iproute2..." - print_line - - if check_sys packageManager yum; then - yum install -y epel-release - yum update -y - yum install -y iproute - elif check_sys packageManager apt; then - apt-get install -y epel-release - apt-get update -y - apt-get install -y iproute2 - fi - - echo -e "< 处理完毕,如有报错忽略即可..." - echo -e "< 如遇到端口冲突,请自行关闭相关程序" + do_install + run_mtp } param=$1 + if [[ "start" == $param ]]; then echo "即将:启动脚本" run_mtp @@ -465,19 +516,28 @@ elif [[ "debug" == $param ]]; then elif [[ "restart" == $param ]]; then stop_mtp run_mtp -elif [[ "fix" == $param ]]; then - fix_mtp + debug_mtp +elif [[ "reinstall" == $param ]]; then + reinstall_mtp elif [[ "build" == $param ]]; then - build_mtproto + arch=$(get_architecture) + if [[ "$arch" == "amd64" ]]; then + build_mtproto 1 + fi + + build_mtproto 2 else - if [ ! -f "$WORKDIR/mtp_config" ] && [ ! -f "$WORKDIR/mtproto-proxy" ]; then + if ! is_installed; then echo "MTProxyTLS一键安装运行绿色脚本" print_line - install - config_mtp + echo -e "检测到您的配置文件不存在, 为您指引生成!" && print_line + + do_install_basic_dep + do_config_mtp + do_install run_mtp else - [ ! -f "$WORKDIR/mtp_config" ] && config_mtp + [ ! -f "$WORKDIR/mtp_config" ] && do_config_mtp echo "MTProxyTLS一键安装运行绿色脚本" print_line info_mtp @@ -486,10 +546,10 @@ else echo -e "配置文件: $WORKDIR/mtp_config" echo -e "卸载方式:直接删除当前目录下文件即可" echo "使用方式:" - echo -e "\t启动服务 bash $0 start" - echo -e "\t调试运行 bash $0 debug" - echo -e "\t停止服务 bash $0 stop" - echo -e "\t重启服务 bash $0 restart" - echo -e "\t修复常见问题 bash $0 fix" + echo -e "\t启动服务\t bash $0 start" + echo -e "\t调试运行\t bash $0 debug" + echo -e "\t停止服务\t bash $0 stop" + echo -e "\t重启服务\t bash $0 restart" + echo -e "\t重新安装代理程序 bash $0 reinstall" fi fi diff --git a/nginx/default.conf b/nginx/default.conf index f64eb23..fc12fcb 100644 --- a/nginx/default.conf +++ b/nginx/default.conf @@ -11,7 +11,11 @@ server { index index.html index.htm; } + error_log off; + access_log off; location ~ \.php$ { + access_log /var/log/nginx/access.log main; + fastcgi_pass unix:/run/php/php7.4-fpm.sock; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; diff --git a/nginx/nginx.conf b/nginx/nginx.conf index fee3c37..238e702 100644 --- a/nginx/nginx.conf +++ b/nginx/nginx.conf @@ -40,17 +40,17 @@ stream { map $ssl_preread_server_name $name { default 127.0.0.1:8443; } - map $ip_whitelist $name2{ + map $ip_whitelist $route_endpoint{ 1 $name; - 0 eller; + 0 blackhole; } - upstream eller { + upstream blackhole { server "255.255.255.255:443"; } server { listen 443; - proxy_pass $name2; + proxy_pass $route_endpoint; #proxy_protocol on; ssl_preread on; access_log off;