dnomd343
/
TProxy
mirror of https://github.com/dnomd343/TProxy
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

refactor: optimize init script

master
dnomd343 2 years ago
parent
84302e33c3
commit
0446c78072
3 changed files with 198 additions and 167 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 2
      Dockerfile
  2. 250
      load.sh
  3. 113
      tproxy.sh

2
Dockerfile
View File

@ -1,6 +1,6 @@
FROM alpine as asset FROM alpine as asset
COPY ./asset.sh / COPY ./asset.sh /
RUN apk --update add --no-cache curl wget jq && \ RUN apk add curl wget jq && \
sh /asset.sh sh /asset.sh
FROM alpine FROM alpine

250
load.sh
View File

@ -4,20 +4,20 @@ ASSET_DIR="$XRAY_DIR/expose/asset"
CONFIG_DIR="$XRAY_DIR/expose/config" CONFIG_DIR="$XRAY_DIR/expose/config"
NETWORK_DIR="$XRAY_DIR/expose/network" NETWORK_DIR="$XRAY_DIR/expose/network"
load_xray_log(){ load_xray_log() {
log_level=$(cat $LOG_DIR/level) log_level=$(cat $LOG_DIR/level)
legal=false legal=false
[ "$log_level" == "debug" ] && legal=true [ "$log_level" == "debug" ] && legal=true
[ "$log_level" == "info" ] && legal=true [ "$log_level" == "info" ] && legal=true
[ "$log_level" == "warning" ] && legal=true [ "$log_level" == "warning" ] && legal=true
[ "$log_level" == "error" ] && legal=true [ "$log_level" == "error" ] && legal=true
[ "$log_level" == "none" ] && legal=true [ "$log_level" == "none" ] && legal=true
[ "$legal" == false ] && log_level="warning" [ "$legal" == false ] && log_level="warning"
if [ "$log_level" != "none" ]; then if [ "$log_level" != "none" ]; then
[ ! -f "$LOG_DIR/access.log" ] && touch $LOG_DIR/access.log [ ! -f "$LOG_DIR/access.log" ] && touch $LOG_DIR/access.log
[ ! -f "$LOG_DIR/error.log" ] && touch $LOG_DIR/error.log [ ! -f "$LOG_DIR/error.log" ] && touch $LOG_DIR/error.log
fi fi
cat>$XRAY_DIR/config/log.json<<EOF cat > $XRAY_DIR/config/log.json << EOF
{ {
"log": { "log": {
"loglevel": "$log_level", "loglevel": "$log_level",
@ -28,8 +28,8 @@ cat>$XRAY_DIR/config/log.json<<EOF
EOF EOF
} }
load_xray_inbounds(){ load_xray_inbounds() {
cat>$XRAY_DIR/config/inbounds.json<<EOF cat > $XRAY_DIR/config/inbounds.json << EOF
{ {
"inbounds": [ "inbounds": [
{ {
@ -109,8 +109,8 @@ cat>$XRAY_DIR/config/inbounds.json<<EOF
EOF EOF
} }
load_xray_dns(){ load_xray_dns() {
cat>$CONFIG_DIR/dns.json<<EOF cat > $CONFIG_DIR/dns.json << EOF
{ {
"dns": { "dns": {
"servers": [ "servers": [
@ -121,8 +121,8 @@ cat>$CONFIG_DIR/dns.json<<EOF
EOF EOF
} }
load_xray_outbounds(){ load_xray_outbounds() {
cat>$CONFIG_DIR/outbounds.json<<EOF cat > $CONFIG_DIR/outbounds.json << EOF
{ {
"outbounds": [ "outbounds": [
{ {
@ -135,8 +135,8 @@ cat>$CONFIG_DIR/outbounds.json<<EOF
EOF EOF
} }
load_xray_routing(){ load_xray_routing() {
cat>$CONFIG_DIR/routing.json<<EOF cat > $CONFIG_DIR/routing.json << EOF
{ {
"routing": { "routing": {
"domainStrategy": "AsIs", "domainStrategy": "AsIs",
@ -152,8 +152,8 @@ cat>$CONFIG_DIR/routing.json<<EOF
EOF EOF
} }
load_update_script(){ load_update_script() {
cat>$ASSET_DIR/update.sh<<"EOF" cat > $ASSET_DIR/update.sh << "EOF"
VERSION=$(curl -sL "https://api.github.com/repos/Loyalsoldier/v2ray-rules-dat/releases/latest" | grep '"tag_name":' | sed -E 's/.*"([^"]+)".*/\1/') VERSION=$(curl -sL "https://api.github.com/repos/Loyalsoldier/v2ray-rules-dat/releases/latest" | grep '"tag_name":' | sed -E 's/.*"([^"]+)".*/\1/')
mkdir temp/ && cd temp/ mkdir temp/ && cd temp/
wget "https://github.com/Loyalsoldier/v2ray-rules-dat/releases/download/$VERSION/geoip.dat" wget "https://github.com/Loyalsoldier/v2ray-rules-dat/releases/download/$VERSION/geoip.dat"
@ -162,11 +162,11 @@ wget "https://github.com/Loyalsoldier/v2ray-rules-dat/releases/download/$VERSION
[ -s "geosite.dat" ] && mv -f geosite.dat ../ [ -s "geosite.dat" ] && mv -f geosite.dat ../
cd ../ && rm -rf temp/ cd ../ && rm -rf temp/
EOF EOF
chmod +x $ASSET_DIR/update.sh chmod +x $ASSET_DIR/update.sh
} }
load_radvd_conf(){ load_radvd_conf() {
cat>$NETWORK_DIR/radvd/config<<EOF cat > $NETWORK_DIR/radvd/config << EOF
AdvSendAdvert=on AdvSendAdvert=on
AdvManagedFlag=off AdvManagedFlag=off
AdvOtherConfigFlag=off AdvOtherConfigFlag=off
@ -183,134 +183,134 @@ AdvPreferredLifetime=100
EOF EOF
} }
load_bypass_ipv4(){ load_bypass_ipv4() {
cat>"$NETWORK_DIR/bypass/ipv4"<<EOF cat > $NETWORK_DIR/bypass/ipv4 << EOF
169.254.0.0/16 169.254.0.0/16
224.0.0.0/3 224.0.0.0/3
EOF EOF
} }
load_bypass_ipv6(){ load_bypass_ipv6() {
cat>"$NETWORK_DIR/bypass/ipv6"<<EOF cat > $NETWORK_DIR/bypass/ipv6 << EOF
fc00::/7 fc00::/7
fe80::/10 fe80::/10
ff00::/8 ff00::/8
EOF EOF
} }
load_network_ipv4(){ load_network_ipv4() {
cat>"$NETWORK_DIR/interface/ipv4"<<EOF cat > $NETWORK_DIR/interface/ipv4 << EOF
ADDRESS= ADDRESS=
GATEWAY= GATEWAY=
FORWARD=true FORWARD=true
EOF EOF
} }
load_network_ipv6(){ load_network_ipv6() {
cat>"$NETWORK_DIR/interface/ipv6"<<EOF cat > $NETWORK_DIR/interface/ipv6 << EOF
ADDRESS= ADDRESS=
GATEWAY= GATEWAY=
FORWARD=true FORWARD=true
EOF EOF
} }
init_dns(){ init_dns() {
cat /dev/null > /etc/resolv.conf cat /dev/null > /etc/resolv.conf
while read -r row while read -r row
do do
echo "nameserver $row" >> /etc/resolv.conf echo "nameserver $row" >> /etc/resolv.conf
done < $NETWORK_DIR/dns done < $NETWORK_DIR/dns
} }
init_network(){ init_network() {
ifconfig eth0 down ifconfig eth0 down
ip -4 addr flush dev eth0 ip -4 addr flush dev eth0
ip -6 addr flush dev eth0 ip -6 addr flush dev eth0
ifconfig eth0 up ifconfig eth0 up
while read -r row while read -r row
do do
temp=${row#ADDRESS=} temp=${row#ADDRESS=}
[ "$row" != "$temp" ] && ipv4_address=$temp [ "$row" != "$temp" ] && ipv4_address=$temp
temp=${row#GATEWAY=} temp=${row#GATEWAY=}
[ "$row" != "$temp" ] && ipv4_gateway=$temp [ "$row" != "$temp" ] && ipv4_gateway=$temp
temp=${row#FORWARD=} temp=${row#FORWARD=}
[ "$row" != "$temp" ] && ipv4_forward=$temp [ "$row" != "$temp" ] && ipv4_forward=$temp
done < $NETWORK_DIR/interface/ipv4 done < $NETWORK_DIR/interface/ipv4
[ -n "$ipv4_address" ] && eval "ip -4 addr add $ipv4_address dev eth0" [ -n "$ipv4_address" ] && eval "ip -4 addr add $ipv4_address dev eth0"
[ -n "$ipv4_gateway" ] && eval "ip -4 route add default via $ipv4_gateway" [ -n "$ipv4_gateway" ] && eval "ip -4 route add default via $ipv4_gateway"
if [ -n "$ipv4_forward" ]; then if [ -n "$ipv4_forward" ]; then
if [ "$ipv4_forward" = "true" ]; then if [ "$ipv4_forward" = "true" ]; then
eval "sysctl -w net.ipv4.ip_forward=1" eval "sysctl -w net.ipv4.ip_forward=1"
else else
eval "sysctl -w net.ipv4.ip_forward=0" eval "sysctl -w net.ipv4.ip_forward=0"
fi
fi fi
fi while read -r row
while read -r row do
do temp=${row#ADDRESS=}
temp=${row#ADDRESS=} [ "$row" != "$temp" ] && ipv6_address=$temp
[ "$row" != "$temp" ] && ipv6_address=$temp temp=${row#GATEWAY=}
temp=${row#GATEWAY=} [ "$row" != "$temp" ] && ipv6_gateway=$temp
[ "$row" != "$temp" ] && ipv6_gateway=$temp temp=${row#FORWARD=}
temp=${row#FORWARD=} [ "$row" != "$temp" ] && ipv6_forward=$temp
[ "$row" != "$temp" ] && ipv6_forward=$temp done < $NETWORK_DIR/interface/ipv6
done < $NETWORK_DIR/interface/ipv6 [ -n "$ipv6_address" ] && eval "ip -6 addr add $ipv6_address dev eth0"
[ -n "$ipv6_address" ] && eval "ip -6 addr add $ipv6_address dev eth0" [ -n "$ipv6_gateway" ] && eval "ip -6 route add default via $ipv6_gateway"
[ -n "$ipv6_gateway" ] && eval "ip -6 route add default via $ipv6_gateway" if [ -n "$ipv6_forward" ]; then
if [ -n "$ipv6_forward" ]; then if [ "$ipv6_forward" = "true" ]; then
if [ "$ipv6_forward" = "true" ]; then eval "sysctl -w net.ipv6.conf.all.forwarding=1"
eval "sysctl -w net.ipv6.conf.all.forwarding=1" else
else eval "sysctl -w net.ipv6.conf.all.forwarding=0"
eval "sysctl -w net.ipv6.conf.all.forwarding=0" fi
fi fi
fi
} }
init_radvd(){ init_radvd() {
while read -r row while read -r row
do do
temp=${row#AdvSendAdvert=} temp=${row#AdvSendAdvert=}
[ "$row" != "$temp" ] && AdvSendAdvert=$temp [ "$row" != "$temp" ] && AdvSendAdvert=$temp
temp=${row#AdvManagedFlag=} temp=${row#AdvManagedFlag=}
[ "$row" != "$temp" ] && AdvManagedFlag=$temp [ "$row" != "$temp" ] && AdvManagedFlag=$temp
temp=${row#AdvOtherConfigFlag=} temp=${row#AdvOtherConfigFlag=}
[ "$row" != "$temp" ] && AdvOtherConfigFlag=$temp [ "$row" != "$temp" ] && AdvOtherConfigFlag=$temp
temp=${row#MinRtrAdvInterval=} temp=${row#MinRtrAdvInterval=}
[ "$row" != "$temp" ] && MinRtrAdvInterval=$temp [ "$row" != "$temp" ] && MinRtrAdvInterval=$temp
temp=${row#MaxRtrAdvInterval=} temp=${row#MaxRtrAdvInterval=}
[ "$row" != "$temp" ] && MaxRtrAdvInterval=$temp [ "$row" != "$temp" ] && MaxRtrAdvInterval=$temp
temp=${row#MinDelayBetweenRAs=} temp=${row#MinDelayBetweenRAs=}
[ "$row" != "$temp" ] && MinDelayBetweenRAs=$temp [ "$row" != "$temp" ] && MinDelayBetweenRAs=$temp
temp=${row#AdvOnLink=} temp=${row#AdvOnLink=}
[ "$row" != "$temp" ] && AdvOnLink=$temp [ "$row" != "$temp" ] && AdvOnLink=$temp
temp=${row#AdvAutonomous=} temp=${row#AdvAutonomous=}
[ "$row" != "$temp" ] && AdvAutonomous=$temp [ "$row" != "$temp" ] && AdvAutonomous=$temp
temp=${row#AdvRouterAddr=} temp=${row#AdvRouterAddr=}
[ "$row" != "$temp" ] && AdvRouterAddr=$temp [ "$row" != "$temp" ] && AdvRouterAddr=$temp
temp=${row#AdvValidLifetime=} temp=${row#AdvValidLifetime=}
[ "$row" != "$temp" ] && AdvValidLifetime=$temp [ "$row" != "$temp" ] && AdvValidLifetime=$temp
temp=${row#AdvPreferredLifetime=} temp=${row#AdvPreferredLifetime=}
[ "$row" != "$temp" ] && AdvPreferredLifetime=$temp [ "$row" != "$temp" ] && AdvPreferredLifetime=$temp
done < $NETWORK_DIR/radvd/config done < $NETWORK_DIR/radvd/config
RADVD_CONF="/etc/radvd.conf" RADVD_CONF="/etc/radvd.conf"
echo "interface eth0 {" > $RADVD_CONF echo "interface eth0 {" > $RADVD_CONF
[ -n "$AdvSendAdvert" ] && echo " AdvSendAdvert $AdvSendAdvert;" >> $RADVD_CONF [ -n "$AdvSendAdvert" ] && echo " AdvSendAdvert $AdvSendAdvert;" >> $RADVD_CONF
[ -n "$AdvManagedFlag" ] && echo " AdvManagedFlag $AdvManagedFlag;" >> $RADVD_CONF [ -n "$AdvManagedFlag" ] && echo " AdvManagedFlag $AdvManagedFlag;" >> $RADVD_CONF
[ -n "$AdvOtherConfigFlag" ] && echo " AdvOtherConfigFlag $AdvOtherConfigFlag;" >> $RADVD_CONF [ -n "$AdvOtherConfigFlag" ] && echo " AdvOtherConfigFlag $AdvOtherConfigFlag;" >> $RADVD_CONF
[ -n "$MinRtrAdvInterval" ] && echo " MinRtrAdvInterval $MinRtrAdvInterval;" >> $RADVD_CONF [ -n "$MinRtrAdvInterval" ] && echo " MinRtrAdvInterval $MinRtrAdvInterval;" >> $RADVD_CONF
[ -n "$MaxRtrAdvInterval" ] && echo " MaxRtrAdvInterval $MaxRtrAdvInterval;" >> $RADVD_CONF [ -n "$MaxRtrAdvInterval" ] && echo " MaxRtrAdvInterval $MaxRtrAdvInterval;" >> $RADVD_CONF
[ -n "$MinDelayBetweenRAs" ] && echo " MinDelayBetweenRAs $MinDelayBetweenRAs;" >> $RADVD_CONF [ -n "$MinDelayBetweenRAs" ] && echo " MinDelayBetweenRAs $MinDelayBetweenRAs;" >> $RADVD_CONF
if [ -n "$ipv6_address" ]; then if [ -n "$ipv6_address" ]; then
echo " prefix $ipv6_address {" >> $RADVD_CONF echo " prefix $ipv6_address {" >> $RADVD_CONF
[ -n "$AdvOnLink" ] && echo " AdvOnLink $AdvOnLink;" >> $RADVD_CONF [ -n "$AdvOnLink" ] && echo " AdvOnLink $AdvOnLink;" >> $RADVD_CONF
[ -n "$AdvAutonomous" ] && echo " AdvAutonomous $AdvAutonomous;" >> $RADVD_CONF [ -n "$AdvAutonomous" ] && echo " AdvAutonomous $AdvAutonomous;" >> $RADVD_CONF
[ -n "$AdvRouterAddr" ] && echo " AdvRouterAddr $AdvRouterAddr;" >> $RADVD_CONF [ -n "$AdvRouterAddr" ] && echo " AdvRouterAddr $AdvRouterAddr;" >> $RADVD_CONF
[ -n "$AdvValidLifetime" ] && echo " AdvValidLifetime $AdvValidLifetime;" >> $RADVD_CONF [ -n "$AdvValidLifetime" ] && echo " AdvValidLifetime $AdvValidLifetime;" >> $RADVD_CONF
[ -n "$AdvPreferredLifetime" ] && echo " AdvPreferredLifetime $AdvPreferredLifetime;" >> $RADVD_CONF [ -n "$AdvPreferredLifetime" ] && echo " AdvPreferredLifetime $AdvPreferredLifetime;" >> $RADVD_CONF
echo " };" >> $RADVD_CONF echo " };" >> $RADVD_CONF
fi fi
echo "};" >> $RADVD_CONF echo "};" >> $RADVD_CONF
radvd -C $RADVD_CONF radvd -C $RADVD_CONF
} }
mkdir -p $LOG_DIR mkdir -p $LOG_DIR

113
tproxy.sh
View File

@ -1,44 +1,75 @@
#!/bin/sh #!/bin/sh
trap "echo \"Get exit signal\" && exit" 2 15
[ -f "/etc/xray/expose/custom.sh" ] && sh /etc/xray/expose/custom.sh
# IPv4 tproxy settings
ip -4 rule add fwmark 1 table 100
ip -4 route add local 0.0.0.0/0 dev lo table 100
iptables -t mangle -N XRAY
for cidr in $(ip -4 addr | grep -w "inet" | awk '{print $2}') # bypass local ipv4 range
do
eval "iptables -t mangle -A XRAY -d $cidr -j RETURN"
done
while read -r cidr # bypass custom ipv4 range
do
eval "iptables -t mangle -A XRAY -d $cidr -j RETURN"
done < /etc/xray/expose/network/bypass/ipv4
iptables -t mangle -A XRAY -p tcp -j TPROXY --on-port 7288 --tproxy-mark 1
iptables -t mangle -A XRAY -p udp -j TPROXY --on-port 7288 --tproxy-mark 1
iptables -t mangle -A PREROUTING -j XRAY
# IPv6 tproxy settings
ip -6 rule add fwmark 1 table 106
ip -6 route add local ::/0 dev lo table 106
ip6tables -t mangle -N XRAY6
for cidr in $(ip -6 addr | grep -w "inet6" | awk '{print $2}') # bypass local ipv6 range
do
eval "ip6tables -t mangle -A XRAY6 -d $cidr -j RETURN"
done
while read -r cidr # bypass custom ipv6 range
do
eval "ip6tables -t mangle -A XRAY6 -d $cidr -j RETURN"
done < /etc/xray/expose/network/bypass/ipv6
ip6tables -t mangle -A XRAY6 -p tcp -j TPROXY --on-port 7289 --tproxy-mark 1
ip6tables -t mangle -A XRAY6 -p udp -j TPROXY --on-port 7289 --tproxy-mark 1
ip6tables -t mangle -A PREROUTING -j XRAY6
exit_func() { # doing before exit
echo "[TProxy] Get exit signal."
kill -15 -1 # send SIGTERM to all process
while [ "$(ps -ef | grep -cv "PID\|ps -ef\|\[")" != "2" ] # remain itself and it's fork $(...)
do
usleep 10000 # wait 10ms
done
echo "[TProxy] All subprocess exit."
exit
}
ipv4_tproxy() { # IPv4 tproxy settings
ip -4 rule add fwmark 1 table 100
ip -4 route add local 0.0.0.0/0 dev lo table 100
iptables -t mangle -N XRAY
for cidr in $(ip -4 addr | grep -w "inet" | awk '{print $2}') # bypass local ipv4 range
do
echo "[TProxy] IPv4 bypass $cidr"
eval "iptables -t mangle -A XRAY -d $cidr -j RETURN"
done
while read -r cidr # bypass custom ipv4 range
do
echo "[TProxy] IPv4 bypass $cidr"
eval "iptables -t mangle -A XRAY -d $cidr -j RETURN"
done < /etc/xray/expose/network/bypass/ipv4
iptables -t mangle -A XRAY -p tcp -j TPROXY --on-port 7288 --tproxy-mark 1
iptables -t mangle -A XRAY -p udp -j TPROXY --on-port 7288 --tproxy-mark 1
iptables -t mangle -A PREROUTING -j XRAY
}
ipv6_tproxy() { # IPv6 tproxy settings
ip -6 rule add fwmark 1 table 106
ip -6 route add local ::/0 dev lo table 106
ip6tables -t mangle -N XRAY6
for cidr in $(ip -6 addr | grep -w "inet6" | awk '{print $2}') # bypass local ipv6 range
do
echo "[TProxy] IPv6 bypass $cidr"
eval "ip6tables -t mangle -A XRAY6 -d $cidr -j RETURN"
done
while read -r cidr # bypass custom ipv6 range
do
echo "[TProxy] IPv6 bypass $cidr"
eval "ip6tables -t mangle -A XRAY6 -d $cidr -j RETURN"
done < /etc/xray/expose/network/bypass/ipv6
ip6tables -t mangle -A XRAY6 -p tcp -j TPROXY --on-port 7289 --tproxy-mark 1
ip6tables -t mangle -A XRAY6 -p udp -j TPROXY --on-port 7289 --tproxy-mark 1
ip6tables -t mangle -A PREROUTING -j XRAY6
}
trap exit_func 2 15 # SIGINT and SIGTERM signal
echo "[TProxy] Server start."
echo "[TProxy] Init network environment."
ipv4_tproxy
ipv6_tproxy
sh /etc/xray/load.sh sh /etc/xray/load.sh
xray -confdir /etc/xray/config/ # start xray server echo "[TProxy] Init complete."
echo "[TProxy] Running custom script."
custom_script="/etc/xray/expose/custom.sh"
[ -f "$custom_script" ] && sh $custom_script
echo "[TProxy] Start xray service."
xray -confdir /etc/xray/config/

Write Preview
Loading…
Cancel
Save