diff --git a/Dockerfile b/Dockerfile index dfc8d49..20be078 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,6 +1,6 @@ FROM alpine as asset COPY ./asset.sh / -RUN apk --update add --no-cache curl wget && \ +RUN apk --update add --no-cache curl wget jq && \ sh /asset.sh FROM alpine @@ -9,8 +9,6 @@ COPY --from=asset /tmp/asset/ /etc/xray/asset/ COPY --from=asset /tmp/xray/xray /usr/bin/ ENV XRAY_LOCATION_ASSET=/etc/xray/asset RUN apk --update add --no-cache iptables ip6tables && \ - mkdir -p /etc/xray/conf && \ - mkdir -p /etc/xray/expose/log && \ - mkdir -p /etc/xray/expose/segment && \ + mkdir -p /etc/xray/config && \ mv /etc/xray/tproxy.sh / CMD ["sh","/tproxy.sh"] diff --git a/asset.sh b/asset.sh index 8cc9e9c..1892855 100644 --- a/asset.sh +++ b/asset.sh @@ -1,5 +1,5 @@ get_github_latest_version() { - VERSION=$(curl --silent "https://api.github.com/repos/$1/releases/latest" | grep '"tag_name":' | sed -E 's/.*"([^"]+)".*/\1/'); + VERSION=$(curl --silent "https://api.github.com/repos/$1/releases/latest" | jq | grep '"tag_name":' | sed -E 's/.*"([^"]+)".*/\1/'); } get_architecture() { diff --git a/load.sh b/load.sh index a0d136e..9da7b20 100755 --- a/load.sh +++ b/load.sh @@ -1,20 +1,62 @@ XRAY_DIR="/etc/xray" LOG_DIR="$XRAY_DIR/expose/log" +ASSET_DIR="$XRAY_DIR/expose/asset" +CONFIG_DIR="$XRAY_DIR/expose/config" +NETWORK_DIR="$XRAY_DIR/expose/network" + +load_log(){ +log_level=`cat $LOG_DIR/level` +legal=false +[ "$log_level" == "debug" ] && legal=true +[ "$log_level" == "info" ] && legal=true +[ "$log_level" == "warning" ] && legal=true +[ "$log_level" == "error" ] && legal=true +[ "$log_level" == "none" ] && legal=true +[ "$legal" == false ] && log_level="warning" +if [ "$log_level" != "none" ]; then + [ ! -f "$LOG_DIR/access.log" ] && touch $LOG_DIR/access.log + [ ! -f "$LOG_DIR/error.log" ] && touch $LOG_DIR/error.log +fi +cat>$XRAY_DIR/config/log.json<$XRAY_DIR/conf/inbounds.json<$XRAY_DIR/config/inbounds.json<$XRAY_DIR/conf/inbounds.json<$XRAY_DIR/conf/log.json<$CONFIG_DIR/dns.json<$XRAY_DIR/expose/outbounds.json<$CONFIG_DIR/outbounds.json<$XRAY_DIR/expose/routing.json<$CONFIG_DIR/routing.json<$XRAY_DIR/expose/routing.json<$XRAY_DIR/expose/dns.json<$ASSET_DIR/update.sh<<"EOF" +GITHUB="github.com" +ASSET_REPO="Loyalsoldier/v2ray-rules-dat" +VERSION=$(curl --silent "https://api.github.com/repos/$ASSET_REPO/releases/latest" | grep '"tag_name":' | sed -E 's/.*"([^"]+)".*/\1/'); +mkdir -p ./temp/ +wget -P ./temp/ "https://$GITHUB/$ASSET_REPO/releases/download/$VERSION/geoip.dat" +file_size=`du ./temp/geoip.dat | awk '{print $1}'` +[ $file_size != "0" ] && mv -f ./temp/geoip.dat ./ +wget -P ./temp/ "https://$GITHUB/$ASSET_REPO/releases/download/$VERSION/geosite.dat" +file_size=`du ./temp/geosite.dat | awk '{print $1}'` +[ $file_size != "0" ] && mv -f ./temp/geosite.dat ./ +rm -rf ./temp/ EOF +chmod +x $ASSET_DIR/update.sh } -load_ipv4(){ -cat>$XRAY_DIR/expose/segment/ipv4<"$NETWORK_DIR/bypass/ipv4"<$XRAY_DIR/expose/segment/ipv6<"$NETWORK_DIR/bypass/ipv6"<"$NETWORK_DIR/interface/ipv4"<"$NETWORK_DIR/interface/ipv6"< /etc/resolv.conf +while read -r row +do + echo "nameserver $row" >> /etc/resolv.conf +done < $NETWORK_DIR/dns +} + +init_network(){ +ifconfig eth0 down +ip -4 addr flush dev eth0 +ip -6 addr flush dev eth0 +ifconfig eth0 up +while read -r row +do + temp=${row#ADDRESS=} + [ "$row" != "$temp" ] && ipv4_address=$temp + temp=${row#GATEWAY=} + [ "$row" != "$temp" ] && ipv4_gateway=$temp + temp=${row#FORWARD=} + [ "$row" != "$temp" ] && ipv4_forward=$temp +done < $NETWORK_DIR/interface/ipv4 +[ -n "$ipv4_address" ] && eval "ip -4 addr add $ipv4_address dev eth0" +[ -n "$ipv4_gateway" ] && eval "ip -4 route add default via $ipv4_gateway" +if [ -n "$ipv4_forward" ]; then + if [ "$ipv4_forward" = "true" ]; then + eval "sysctl -w net.ipv4.ip_forward=1" + else + eval "sysctl -w net.ipv4.ip_forward=0" + fi +fi +while read -r row +do + temp=${row#ADDRESS=} + [ "$row" != "$temp" ] && ipv6_address=$temp + temp=${row#GATEWAY=} + [ "$row" != "$temp" ] && ipv6_gateway=$temp + temp=${row#FORWARD=} + [ "$row" != "$temp" ] && ipv6_forward=$temp +done < $NETWORK_DIR/interface/ipv6 +[ -n "$ipv6_address" ] && eval "ip -6 addr add $ipv6_address dev eth0" +[ -n "$ipv6_gateway" ] && eval "ip -6 route add default via $ipv6_gateway" +if [ -n "$ipv6_forward" ]; then + if [ "$ipv6_forward" = "true" ]; then + eval "sysctl -w net.ipv6.conf.all.forwarding=1" + else + eval "sysctl -w net.ipv6.conf.all.forwarding=0" + fi +fi +} + mkdir -p $LOG_DIR -[ ! -s "$LOG_DIR/access.log" ] && touch $LOG_DIR/access.log -[ ! -s "$LOG_DIR/error.log" ] && touch $LOG_DIR/error.log -load_inbounds +mkdir -p $ASSET_DIR +mkdir -p $CONFIG_DIR +mkdir -p $NETWORK_DIR + load_log -[ ! -s "$XRAY_DIR/expose/outbounds.json" ] && load_outbounds -[ ! -s "$XRAY_DIR/expose/routing.json" ] && load_routing -[ ! -s "$XRAY_DIR/expose/dns.json" ] && load_dns -cp $XRAY_DIR/expose/outbounds.json $XRAY_DIR/conf/ -cp $XRAY_DIR/expose/routing.json $XRAY_DIR/conf/ -cp $XRAY_DIR/expose/dns.json $XRAY_DIR/conf/ -[ ! -s "$XRAY_DIR/expose/segment/ipv4" ] && load_ipv4 -[ ! -s "$XRAY_DIR/expose/segment/ipv6" ] && load_ipv6 +load_inbounds +[ ! -s "$CONFIG_DIR/outbounds.json" ] && load_outbounds +[ ! -s "$CONFIG_DIR/routing.json" ] && load_routing +[ ! -s "$CONFIG_DIR/dns.json" ] && load_dns +cp $CONFIG_DIR/*.json $XRAY_DIR/config/ + +[ ! -s "$ASSET_DIR/geoip.dat" ] && cp $XRAY_DIR/asset/geoip.dat $ASSET_DIR/ +[ ! -s "$ASSET_DIR/geosite.dat" ] && cp $XRAY_DIR/asset/geosite.dat $ASSET_DIR/ +[ ! -s "$ASSET_DIR/update.sh" ] && load_asset_update +cp $ASSET_DIR/*.dat $XRAY_DIR/asset/ + +mkdir -p $NETWORK_DIR/bypass +mkdir -p $NETWORK_DIR/interface +[ -s "$NETWORK_DIR/dns" ] && init_dns +[ ! -f "$NETWORK_DIR/bypass/ipv4" ] && load_bypass_ipv4 +[ ! -f "$NETWORK_DIR/bypass/ipv6" ] && load_bypass_ipv6 +[ -f "$NETWORK_DIR/interface/ignore" ] && exit +[ ! -s "$NETWORK_DIR/interface/ipv4" ] && load_network_ipv4 +[ ! -s "$NETWORK_DIR/interface/ipv6" ] && load_network_ipv6 +init_network diff --git a/tproxy.sh b/tproxy.sh index bd90eec..687793a 100755 --- a/tproxy.sh +++ b/tproxy.sh @@ -1,13 +1,19 @@ [ -f "/etc/xray/expose/custom.sh" ] && sh /etc/xray/expose/custom.sh sh /etc/xray/load.sh -ip rule add fwmark 1 table 100 -ip route add local 0.0.0.0/0 dev lo table 100 +ip -4 rule add fwmark 1 table 100 +ip -4 route add local 0.0.0.0/0 dev lo table 100 iptables -t mangle -N XRAY +ip -4 addr | grep -w "inet" | awk '{print $2}' > /ipv4_range while read -r segment do eval "iptables -t mangle -A XRAY -d $segment -j RETURN" -done < /etc/xray/expose/segment/ipv4 +done < /ipv4_range +rm -f /ipv4_range +while read -r segment +do + eval "iptables -t mangle -A XRAY -d $segment -j RETURN" +done < /etc/xray/expose/network/bypass/ipv4 iptables -t mangle -A XRAY -p tcp -j TPROXY --on-port 7288 --tproxy-mark 1 iptables -t mangle -A XRAY -p udp -j TPROXY --on-port 7288 --tproxy-mark 1 iptables -t mangle -A PREROUTING -j XRAY @@ -15,12 +21,18 @@ iptables -t mangle -A PREROUTING -j XRAY ip -6 rule add fwmark 1 table 106 ip -6 route add local ::/0 dev lo table 106 ip6tables -t mangle -N XRAY6 +ip -6 addr | grep -w "inet6" | awk '{print $2}' > /ipv6_range +while read -r segment +do + eval "ip6tables -t mangle -A XRAY6 -d $segment -j RETURN" +done < /ipv6_range +rm -f /ipv6_range while read -r segment do eval "ip6tables -t mangle -A XRAY6 -d $segment -j RETURN" -done < /etc/xray/expose/segment/ipv6 -ip6tables -t mangle -A XRAY6 -p tcp -j TPROXY --on-port 7288 --tproxy-mark 1 -ip6tables -t mangle -A XRAY6 -p udp -j TPROXY --on-port 7288 --tproxy-mark 1 +done < /etc/xray/expose/network/bypass/ipv6 +ip6tables -t mangle -A XRAY6 -p tcp -j TPROXY --on-port 7289 --tproxy-mark 1 +ip6tables -t mangle -A XRAY6 -p udp -j TPROXY --on-port 7289 --tproxy-mark 1 ip6tables -t mangle -A PREROUTING -j XRAY6 -xray -confdir /etc/xray/conf/ +xray -confdir /etc/xray/config/