diff --git a/Dockerfile b/Dockerfile index f2553f0..ec2db44 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,6 +1,6 @@ FROM alpine as asset COPY ./asset.sh / -RUN apk --update add --no-cache curl wget jq && \ +RUN apk add curl wget jq && \ sh /asset.sh FROM alpine diff --git a/load.sh b/load.sh index c0b6a0d..cbe33c1 100755 --- a/load.sh +++ b/load.sh @@ -4,20 +4,20 @@ ASSET_DIR="$XRAY_DIR/expose/asset" CONFIG_DIR="$XRAY_DIR/expose/config" NETWORK_DIR="$XRAY_DIR/expose/network" -load_xray_log(){ -log_level=$(cat $LOG_DIR/level) -legal=false -[ "$log_level" == "debug" ] && legal=true -[ "$log_level" == "info" ] && legal=true -[ "$log_level" == "warning" ] && legal=true -[ "$log_level" == "error" ] && legal=true -[ "$log_level" == "none" ] && legal=true -[ "$legal" == false ] && log_level="warning" -if [ "$log_level" != "none" ]; then - [ ! -f "$LOG_DIR/access.log" ] && touch $LOG_DIR/access.log - [ ! -f "$LOG_DIR/error.log" ] && touch $LOG_DIR/error.log -fi -cat>$XRAY_DIR/config/log.json< $XRAY_DIR/config/log.json << EOF { "log": { "loglevel": "$log_level", @@ -28,8 +28,8 @@ cat>$XRAY_DIR/config/log.json<$XRAY_DIR/config/inbounds.json< $XRAY_DIR/config/inbounds.json << EOF { "inbounds": [ { @@ -109,8 +109,8 @@ cat>$XRAY_DIR/config/inbounds.json<$CONFIG_DIR/dns.json< $CONFIG_DIR/dns.json << EOF { "dns": { "servers": [ @@ -121,8 +121,8 @@ cat>$CONFIG_DIR/dns.json<$CONFIG_DIR/outbounds.json< $CONFIG_DIR/outbounds.json << EOF { "outbounds": [ { @@ -135,8 +135,8 @@ cat>$CONFIG_DIR/outbounds.json<$CONFIG_DIR/routing.json< $CONFIG_DIR/routing.json << EOF { "routing": { "domainStrategy": "AsIs", @@ -152,8 +152,8 @@ cat>$CONFIG_DIR/routing.json<$ASSET_DIR/update.sh<<"EOF" +load_update_script() { + cat > $ASSET_DIR/update.sh << "EOF" VERSION=$(curl -sL "https://api.github.com/repos/Loyalsoldier/v2ray-rules-dat/releases/latest" | grep '"tag_name":' | sed -E 's/.*"([^"]+)".*/\1/') mkdir temp/ && cd temp/ wget "https://github.com/Loyalsoldier/v2ray-rules-dat/releases/download/$VERSION/geoip.dat" @@ -162,11 +162,11 @@ wget "https://github.com/Loyalsoldier/v2ray-rules-dat/releases/download/$VERSION [ -s "geosite.dat" ] && mv -f geosite.dat ../ cd ../ && rm -rf temp/ EOF -chmod +x $ASSET_DIR/update.sh + chmod +x $ASSET_DIR/update.sh } -load_radvd_conf(){ -cat>$NETWORK_DIR/radvd/config< $NETWORK_DIR/radvd/config << EOF AdvSendAdvert=on AdvManagedFlag=off AdvOtherConfigFlag=off @@ -183,134 +183,134 @@ AdvPreferredLifetime=100 EOF } -load_bypass_ipv4(){ -cat>"$NETWORK_DIR/bypass/ipv4"< $NETWORK_DIR/bypass/ipv4 << EOF 169.254.0.0/16 224.0.0.0/3 EOF } -load_bypass_ipv6(){ -cat>"$NETWORK_DIR/bypass/ipv6"< $NETWORK_DIR/bypass/ipv6 << EOF fc00::/7 fe80::/10 ff00::/8 EOF } -load_network_ipv4(){ -cat>"$NETWORK_DIR/interface/ipv4"< $NETWORK_DIR/interface/ipv4 << EOF ADDRESS= GATEWAY= FORWARD=true EOF } -load_network_ipv6(){ -cat>"$NETWORK_DIR/interface/ipv6"< $NETWORK_DIR/interface/ipv6 << EOF ADDRESS= GATEWAY= FORWARD=true EOF } -init_dns(){ -cat /dev/null > /etc/resolv.conf -while read -r row -do - echo "nameserver $row" >> /etc/resolv.conf -done < $NETWORK_DIR/dns +init_dns() { + cat /dev/null > /etc/resolv.conf + while read -r row + do + echo "nameserver $row" >> /etc/resolv.conf + done < $NETWORK_DIR/dns } -init_network(){ -ifconfig eth0 down -ip -4 addr flush dev eth0 -ip -6 addr flush dev eth0 -ifconfig eth0 up -while read -r row -do - temp=${row#ADDRESS=} - [ "$row" != "$temp" ] && ipv4_address=$temp - temp=${row#GATEWAY=} - [ "$row" != "$temp" ] && ipv4_gateway=$temp - temp=${row#FORWARD=} - [ "$row" != "$temp" ] && ipv4_forward=$temp -done < $NETWORK_DIR/interface/ipv4 -[ -n "$ipv4_address" ] && eval "ip -4 addr add $ipv4_address dev eth0" -[ -n "$ipv4_gateway" ] && eval "ip -4 route add default via $ipv4_gateway" -if [ -n "$ipv4_forward" ]; then - if [ "$ipv4_forward" = "true" ]; then - eval "sysctl -w net.ipv4.ip_forward=1" - else - eval "sysctl -w net.ipv4.ip_forward=0" +init_network() { + ifconfig eth0 down + ip -4 addr flush dev eth0 + ip -6 addr flush dev eth0 + ifconfig eth0 up + while read -r row + do + temp=${row#ADDRESS=} + [ "$row" != "$temp" ] && ipv4_address=$temp + temp=${row#GATEWAY=} + [ "$row" != "$temp" ] && ipv4_gateway=$temp + temp=${row#FORWARD=} + [ "$row" != "$temp" ] && ipv4_forward=$temp + done < $NETWORK_DIR/interface/ipv4 + [ -n "$ipv4_address" ] && eval "ip -4 addr add $ipv4_address dev eth0" + [ -n "$ipv4_gateway" ] && eval "ip -4 route add default via $ipv4_gateway" + if [ -n "$ipv4_forward" ]; then + if [ "$ipv4_forward" = "true" ]; then + eval "sysctl -w net.ipv4.ip_forward=1" + else + eval "sysctl -w net.ipv4.ip_forward=0" + fi fi -fi -while read -r row -do - temp=${row#ADDRESS=} - [ "$row" != "$temp" ] && ipv6_address=$temp - temp=${row#GATEWAY=} - [ "$row" != "$temp" ] && ipv6_gateway=$temp - temp=${row#FORWARD=} - [ "$row" != "$temp" ] && ipv6_forward=$temp -done < $NETWORK_DIR/interface/ipv6 -[ -n "$ipv6_address" ] && eval "ip -6 addr add $ipv6_address dev eth0" -[ -n "$ipv6_gateway" ] && eval "ip -6 route add default via $ipv6_gateway" -if [ -n "$ipv6_forward" ]; then - if [ "$ipv6_forward" = "true" ]; then - eval "sysctl -w net.ipv6.conf.all.forwarding=1" - else - eval "sysctl -w net.ipv6.conf.all.forwarding=0" + while read -r row + do + temp=${row#ADDRESS=} + [ "$row" != "$temp" ] && ipv6_address=$temp + temp=${row#GATEWAY=} + [ "$row" != "$temp" ] && ipv6_gateway=$temp + temp=${row#FORWARD=} + [ "$row" != "$temp" ] && ipv6_forward=$temp + done < $NETWORK_DIR/interface/ipv6 + [ -n "$ipv6_address" ] && eval "ip -6 addr add $ipv6_address dev eth0" + [ -n "$ipv6_gateway" ] && eval "ip -6 route add default via $ipv6_gateway" + if [ -n "$ipv6_forward" ]; then + if [ "$ipv6_forward" = "true" ]; then + eval "sysctl -w net.ipv6.conf.all.forwarding=1" + else + eval "sysctl -w net.ipv6.conf.all.forwarding=0" + fi fi -fi } -init_radvd(){ -while read -r row -do - temp=${row#AdvSendAdvert=} - [ "$row" != "$temp" ] && AdvSendAdvert=$temp - temp=${row#AdvManagedFlag=} - [ "$row" != "$temp" ] && AdvManagedFlag=$temp - temp=${row#AdvOtherConfigFlag=} - [ "$row" != "$temp" ] && AdvOtherConfigFlag=$temp - temp=${row#MinRtrAdvInterval=} - [ "$row" != "$temp" ] && MinRtrAdvInterval=$temp - temp=${row#MaxRtrAdvInterval=} - [ "$row" != "$temp" ] && MaxRtrAdvInterval=$temp - temp=${row#MinDelayBetweenRAs=} - [ "$row" != "$temp" ] && MinDelayBetweenRAs=$temp - temp=${row#AdvOnLink=} - [ "$row" != "$temp" ] && AdvOnLink=$temp - temp=${row#AdvAutonomous=} - [ "$row" != "$temp" ] && AdvAutonomous=$temp - temp=${row#AdvRouterAddr=} - [ "$row" != "$temp" ] && AdvRouterAddr=$temp - temp=${row#AdvValidLifetime=} - [ "$row" != "$temp" ] && AdvValidLifetime=$temp - temp=${row#AdvPreferredLifetime=} - [ "$row" != "$temp" ] && AdvPreferredLifetime=$temp -done < $NETWORK_DIR/radvd/config +init_radvd() { + while read -r row + do + temp=${row#AdvSendAdvert=} + [ "$row" != "$temp" ] && AdvSendAdvert=$temp + temp=${row#AdvManagedFlag=} + [ "$row" != "$temp" ] && AdvManagedFlag=$temp + temp=${row#AdvOtherConfigFlag=} + [ "$row" != "$temp" ] && AdvOtherConfigFlag=$temp + temp=${row#MinRtrAdvInterval=} + [ "$row" != "$temp" ] && MinRtrAdvInterval=$temp + temp=${row#MaxRtrAdvInterval=} + [ "$row" != "$temp" ] && MaxRtrAdvInterval=$temp + temp=${row#MinDelayBetweenRAs=} + [ "$row" != "$temp" ] && MinDelayBetweenRAs=$temp + temp=${row#AdvOnLink=} + [ "$row" != "$temp" ] && AdvOnLink=$temp + temp=${row#AdvAutonomous=} + [ "$row" != "$temp" ] && AdvAutonomous=$temp + temp=${row#AdvRouterAddr=} + [ "$row" != "$temp" ] && AdvRouterAddr=$temp + temp=${row#AdvValidLifetime=} + [ "$row" != "$temp" ] && AdvValidLifetime=$temp + temp=${row#AdvPreferredLifetime=} + [ "$row" != "$temp" ] && AdvPreferredLifetime=$temp + done < $NETWORK_DIR/radvd/config -RADVD_CONF="/etc/radvd.conf" -echo "interface eth0 {" > $RADVD_CONF -[ -n "$AdvSendAdvert" ] && echo " AdvSendAdvert $AdvSendAdvert;" >> $RADVD_CONF -[ -n "$AdvManagedFlag" ] && echo " AdvManagedFlag $AdvManagedFlag;" >> $RADVD_CONF -[ -n "$AdvOtherConfigFlag" ] && echo " AdvOtherConfigFlag $AdvOtherConfigFlag;" >> $RADVD_CONF -[ -n "$MinRtrAdvInterval" ] && echo " MinRtrAdvInterval $MinRtrAdvInterval;" >> $RADVD_CONF -[ -n "$MaxRtrAdvInterval" ] && echo " MaxRtrAdvInterval $MaxRtrAdvInterval;" >> $RADVD_CONF -[ -n "$MinDelayBetweenRAs" ] && echo " MinDelayBetweenRAs $MinDelayBetweenRAs;" >> $RADVD_CONF -if [ -n "$ipv6_address" ]; then - echo " prefix $ipv6_address {" >> $RADVD_CONF - [ -n "$AdvOnLink" ] && echo " AdvOnLink $AdvOnLink;" >> $RADVD_CONF - [ -n "$AdvAutonomous" ] && echo " AdvAutonomous $AdvAutonomous;" >> $RADVD_CONF - [ -n "$AdvRouterAddr" ] && echo " AdvRouterAddr $AdvRouterAddr;" >> $RADVD_CONF - [ -n "$AdvValidLifetime" ] && echo " AdvValidLifetime $AdvValidLifetime;" >> $RADVD_CONF - [ -n "$AdvPreferredLifetime" ] && echo " AdvPreferredLifetime $AdvPreferredLifetime;" >> $RADVD_CONF - echo " };" >> $RADVD_CONF -fi -echo "};" >> $RADVD_CONF -radvd -C $RADVD_CONF + RADVD_CONF="/etc/radvd.conf" + echo "interface eth0 {" > $RADVD_CONF + [ -n "$AdvSendAdvert" ] && echo " AdvSendAdvert $AdvSendAdvert;" >> $RADVD_CONF + [ -n "$AdvManagedFlag" ] && echo " AdvManagedFlag $AdvManagedFlag;" >> $RADVD_CONF + [ -n "$AdvOtherConfigFlag" ] && echo " AdvOtherConfigFlag $AdvOtherConfigFlag;" >> $RADVD_CONF + [ -n "$MinRtrAdvInterval" ] && echo " MinRtrAdvInterval $MinRtrAdvInterval;" >> $RADVD_CONF + [ -n "$MaxRtrAdvInterval" ] && echo " MaxRtrAdvInterval $MaxRtrAdvInterval;" >> $RADVD_CONF + [ -n "$MinDelayBetweenRAs" ] && echo " MinDelayBetweenRAs $MinDelayBetweenRAs;" >> $RADVD_CONF + if [ -n "$ipv6_address" ]; then + echo " prefix $ipv6_address {" >> $RADVD_CONF + [ -n "$AdvOnLink" ] && echo " AdvOnLink $AdvOnLink;" >> $RADVD_CONF + [ -n "$AdvAutonomous" ] && echo " AdvAutonomous $AdvAutonomous;" >> $RADVD_CONF + [ -n "$AdvRouterAddr" ] && echo " AdvRouterAddr $AdvRouterAddr;" >> $RADVD_CONF + [ -n "$AdvValidLifetime" ] && echo " AdvValidLifetime $AdvValidLifetime;" >> $RADVD_CONF + [ -n "$AdvPreferredLifetime" ] && echo " AdvPreferredLifetime $AdvPreferredLifetime;" >> $RADVD_CONF + echo " };" >> $RADVD_CONF + fi + echo "};" >> $RADVD_CONF + radvd -C $RADVD_CONF } mkdir -p $LOG_DIR diff --git a/tproxy.sh b/tproxy.sh index 13c58af..1706600 100755 --- a/tproxy.sh +++ b/tproxy.sh @@ -1,44 +1,75 @@ #!/bin/sh -trap "echo \"Get exit signal\" && exit" 2 15 -[ -f "/etc/xray/expose/custom.sh" ] && sh /etc/xray/expose/custom.sh - -# IPv4 tproxy settings -ip -4 rule add fwmark 1 table 100 -ip -4 route add local 0.0.0.0/0 dev lo table 100 -iptables -t mangle -N XRAY - -for cidr in $(ip -4 addr | grep -w "inet" | awk '{print $2}') # bypass local ipv4 range -do - eval "iptables -t mangle -A XRAY -d $cidr -j RETURN" -done - -while read -r cidr # bypass custom ipv4 range -do - eval "iptables -t mangle -A XRAY -d $cidr -j RETURN" -done < /etc/xray/expose/network/bypass/ipv4 - -iptables -t mangle -A XRAY -p tcp -j TPROXY --on-port 7288 --tproxy-mark 1 -iptables -t mangle -A XRAY -p udp -j TPROXY --on-port 7288 --tproxy-mark 1 -iptables -t mangle -A PREROUTING -j XRAY - -# IPv6 tproxy settings -ip -6 rule add fwmark 1 table 106 -ip -6 route add local ::/0 dev lo table 106 -ip6tables -t mangle -N XRAY6 - -for cidr in $(ip -6 addr | grep -w "inet6" | awk '{print $2}') # bypass local ipv6 range -do - eval "ip6tables -t mangle -A XRAY6 -d $cidr -j RETURN" -done - -while read -r cidr # bypass custom ipv6 range -do - eval "ip6tables -t mangle -A XRAY6 -d $cidr -j RETURN" -done < /etc/xray/expose/network/bypass/ipv6 - -ip6tables -t mangle -A XRAY6 -p tcp -j TPROXY --on-port 7289 --tproxy-mark 1 -ip6tables -t mangle -A XRAY6 -p udp -j TPROXY --on-port 7289 --tproxy-mark 1 -ip6tables -t mangle -A PREROUTING -j XRAY6 +exit_func() { # doing before exit + echo "[TProxy] Get exit signal." + kill -15 -1 # send SIGTERM to all process + + while [ "$(ps -ef | grep -cv "PID\|ps -ef\|\[")" != "2" ] # remain itself and it's fork $(...) + do + usleep 10000 # wait 10ms + done + + echo "[TProxy] All subprocess exit." + exit +} + +ipv4_tproxy() { # IPv4 tproxy settings + ip -4 rule add fwmark 1 table 100 + ip -4 route add local 0.0.0.0/0 dev lo table 100 + iptables -t mangle -N XRAY + + for cidr in $(ip -4 addr | grep -w "inet" | awk '{print $2}') # bypass local ipv4 range + do + echo "[TProxy] IPv4 bypass $cidr" + eval "iptables -t mangle -A XRAY -d $cidr -j RETURN" + done + + while read -r cidr # bypass custom ipv4 range + do + echo "[TProxy] IPv4 bypass $cidr" + eval "iptables -t mangle -A XRAY -d $cidr -j RETURN" + done < /etc/xray/expose/network/bypass/ipv4 + + iptables -t mangle -A XRAY -p tcp -j TPROXY --on-port 7288 --tproxy-mark 1 + iptables -t mangle -A XRAY -p udp -j TPROXY --on-port 7288 --tproxy-mark 1 + iptables -t mangle -A PREROUTING -j XRAY +} + +ipv6_tproxy() { # IPv6 tproxy settings + ip -6 rule add fwmark 1 table 106 + ip -6 route add local ::/0 dev lo table 106 + ip6tables -t mangle -N XRAY6 + + for cidr in $(ip -6 addr | grep -w "inet6" | awk '{print $2}') # bypass local ipv6 range + do + echo "[TProxy] IPv6 bypass $cidr" + eval "ip6tables -t mangle -A XRAY6 -d $cidr -j RETURN" + done + + while read -r cidr # bypass custom ipv6 range + do + echo "[TProxy] IPv6 bypass $cidr" + eval "ip6tables -t mangle -A XRAY6 -d $cidr -j RETURN" + done < /etc/xray/expose/network/bypass/ipv6 + + ip6tables -t mangle -A XRAY6 -p tcp -j TPROXY --on-port 7289 --tproxy-mark 1 + ip6tables -t mangle -A XRAY6 -p udp -j TPROXY --on-port 7289 --tproxy-mark 1 + ip6tables -t mangle -A PREROUTING -j XRAY6 +} + + +trap exit_func 2 15 # SIGINT and SIGTERM signal + +echo "[TProxy] Server start." +echo "[TProxy] Init network environment." +ipv4_tproxy +ipv6_tproxy sh /etc/xray/load.sh -xray -confdir /etc/xray/config/ # start xray server +echo "[TProxy] Init complete." + +echo "[TProxy] Running custom script." +custom_script="/etc/xray/expose/custom.sh" +[ -f "$custom_script" ] && sh $custom_script + +echo "[TProxy] Start xray service." +xray -confdir /etc/xray/config/