dnomd343
/
TProxy
mirror of https://github.com/dnomd343/TProxy
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

Merge branch 'dev'

master
dnomd343 3 years ago
parent
8c9816b8e4 e5448123ec
commit
8d6d60ef00
4 changed files with 189 additions and 87 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 6
      Dockerfile
  2. 2
      asset.sh
  3. 242
      load.sh
  4. 26
      tproxy.sh

6
Dockerfile
View File

@ -1,6 +1,6 @@
FROM alpine as asset FROM alpine as asset
COPY ./asset.sh / COPY ./asset.sh /
RUN apk --update add --no-cache curl wget && \ RUN apk --update add --no-cache curl wget jq && \
sh /asset.sh sh /asset.sh
FROM alpine FROM alpine
@ -9,8 +9,6 @@ COPY --from=asset /tmp/asset/ /etc/xray/asset/
COPY --from=asset /tmp/xray/xray /usr/bin/ COPY --from=asset /tmp/xray/xray /usr/bin/
ENV XRAY_LOCATION_ASSET=/etc/xray/asset ENV XRAY_LOCATION_ASSET=/etc/xray/asset
RUN apk --update add --no-cache iptables ip6tables && \ RUN apk --update add --no-cache iptables ip6tables && \
mkdir -p /etc/xray/conf && \ mkdir -p /etc/xray/config && \
mkdir -p /etc/xray/expose/log && \
mkdir -p /etc/xray/expose/segment && \
mv /etc/xray/tproxy.sh / mv /etc/xray/tproxy.sh /
CMD ["sh","/tproxy.sh"] CMD ["sh","/tproxy.sh"]

2
asset.sh
View File

@ -1,5 +1,5 @@
get_github_latest_version() { get_github_latest_version() {
VERSION=$(curl --silent "https://api.github.com/repos/$1/releases/latest" | grep '"tag_name":' | sed -E 's/.*"([^"]+)".*/\1/'); VERSION=$(curl --silent "https://api.github.com/repos/$1/releases/latest" | jq | grep '"tag_name":' | sed -E 's/.*"([^"]+)".*/\1/');
} }
get_architecture() { get_architecture() {

242
load.sh
View File

@ -1,20 +1,62 @@
XRAY_DIR="/etc/xray" XRAY_DIR="/etc/xray"
LOG_DIR="$XRAY_DIR/expose/log" LOG_DIR="$XRAY_DIR/expose/log"
ASSET_DIR="$XRAY_DIR/expose/asset"
CONFIG_DIR="$XRAY_DIR/expose/config"
NETWORK_DIR="$XRAY_DIR/expose/network"
load_log(){
log_level=`cat $LOG_DIR/level`
legal=false
[ "$log_level" == "debug" ] && legal=true
[ "$log_level" == "info" ] && legal=true
[ "$log_level" == "warning" ] && legal=true
[ "$log_level" == "error" ] && legal=true
[ "$log_level" == "none" ] && legal=true
[ "$legal" == false ] && log_level="warning"
if [ "$log_level" != "none" ]; then
[ ! -f "$LOG_DIR/access.log" ] && touch $LOG_DIR/access.log
[ ! -f "$LOG_DIR/error.log" ] && touch $LOG_DIR/error.log
fi
cat>$XRAY_DIR/config/log.json<<EOF
{
"log": {
"loglevel": "$log_level",
"access": "$LOG_DIR/access.log",
"error": "$LOG_DIR/error.log"
}
}
EOF
}
load_inbounds(){ load_inbounds(){
cat>$XRAY_DIR/conf/inbounds.json<<EOF cat>$XRAY_DIR/config/inbounds.json<<EOF
{ {
"inbounds": [ "inbounds": [
{ {
"tag": "tproxy", "tag": "tproxy",
"port": 7288, "port": 7288,
"protocol": "dokodemo-door", "protocol": "dokodemo-door",
"settings": {
"network": "tcp,udp",
"followRedirect": true
},
"streamSettings": {
"sockopt": {
"tproxy": "tproxy"
}
},
"sniffing": { "sniffing": {
"enabled": true, "enabled": true,
"destOverride": [ "destOverride": [
"http", "http",
"tls" "tls"
] ]
}, }
},
{
"tag": "tproxy6",
"port": 7289,
"protocol": "dokodemo-door",
"settings": { "settings": {
"network": "tcp,udp", "network": "tcp,udp",
"followRedirect": true "followRedirect": true
@ -61,54 +103,32 @@ cat>$XRAY_DIR/conf/inbounds.json<<EOF
"tls" "tls"
] ]
} }
},
{
"tag": "proxy",
"port": 10808,
"protocol": "socks",
"settings": {
"udp": true
},
"sniffing": {
"enabled": true,
"destOverride": [
"http",
"tls"
]
}
} }
] ]
} }
EOF EOF
} }
load_log(){ load_dns(){
log_level=`cat $LOG_DIR/level` cat>$CONFIG_DIR/dns.json<<EOF
legal=false
[ "$log_level" == "debug" ] && legal=true
[ "$log_level" == "info" ] && legal=true
[ "$log_level" == "warning" ] && legal=true
[ "$log_level" == "error" ] && legal=true
[ "$log_level" == "none" ] && legal=true
[ "$legal" == false ] && log_level="warning"
cat>$XRAY_DIR/conf/log.json<<EOF
{ {
"log": { "dns": {
"loglevel": "$log_level", "servers": [
"access": "$LOG_DIR/access.log", "localhost"
"error": "$LOG_DIR/error.log" ]
} }
} }
EOF EOF
} }
load_outbounds(){ load_outbounds(){
cat>$XRAY_DIR/expose/outbounds.json<<EOF cat>$CONFIG_DIR/outbounds.json<<EOF
{ {
"outbounds": [ "outbounds": [
{ {
"tag": "node", "tag": "node",
"protocol": "freedom" "protocol": "freedom",
"settings": {}
} }
] ]
} }
@ -116,18 +136,11 @@ EOF
} }
load_routing(){ load_routing(){
cat>$XRAY_DIR/expose/routing.json<<EOF cat>$CONFIG_DIR/routing.json<<EOF
{ {
"routing": { "routing": {
"domainStrategy": "IPIfNonMatch", "domainStrategy": "AsIs",
"rules": [ "rules": [
{
"type": "field",
"inboundTag": [
"proxy"
],
"outboundTag": "node"
},
{ {
"type": "field", "type": "field",
"network": "tcp,udp", "network": "tcp,udp",
@ -139,49 +152,128 @@ cat>$XRAY_DIR/expose/routing.json<<EOF
EOF EOF
} }
load_asset_update(){
load_dns(){ cat>$ASSET_DIR/update.sh<<"EOF"
cat>$XRAY_DIR/expose/dns.json<<EOF GITHUB="github.com"
{ ASSET_REPO="Loyalsoldier/v2ray-rules-dat"
"dns": { VERSION=$(curl --silent "https://api.github.com/repos/$ASSET_REPO/releases/latest" | grep '"tag_name":' | sed -E 's/.*"([^"]+)".*/\1/');
"servers": [ mkdir -p ./temp/
"223.5.5.5", wget -P ./temp/ "https://$GITHUB/$ASSET_REPO/releases/download/$VERSION/geoip.dat"
"119.29.29.29" file_size=`du ./temp/geoip.dat | awk '{print $1}'`
] [ $file_size != "0" ] && mv -f ./temp/geoip.dat ./
} wget -P ./temp/ "https://$GITHUB/$ASSET_REPO/releases/download/$VERSION/geosite.dat"
} file_size=`du ./temp/geosite.dat | awk '{print $1}'`
[ $file_size != "0" ] && mv -f ./temp/geosite.dat ./
rm -rf ./temp/
EOF EOF
chmod +x $ASSET_DIR/update.sh
} }
load_ipv4(){ load_bypass_ipv4(){
cat>$XRAY_DIR/expose/segment/ipv4<<EOF cat>"$NETWORK_DIR/bypass/ipv4"<<EOF
127.0.0.0/8
169.254.0.0/16 169.254.0.0/16
224.0.0.0/3 224.0.0.0/3
EOF EOF
} }
load_ipv6(){ load_bypass_ipv6(){
cat>$XRAY_DIR/expose/segment/ipv6<<EOF cat>"$NETWORK_DIR/bypass/ipv6"<<EOF
::1/128 fc00::/7
FC00::/7 fe80::/10
FE80::/10 ff00::/8
FF00::/8 EOF
}
load_network_ipv4(){
cat>"$NETWORK_DIR/interface/ipv4"<<EOF
ADDRESS=
GATEWAY=
FORWARD=true
EOF
}
load_network_ipv6(){
cat>"$NETWORK_DIR/interface/ipv6"<<EOF
ADDRESS=
GATEWAY=
FORWARD=true
EOF EOF
} }
mkdir -p $XRAY_DIR/conf init_dns(){
mkdir -p $XRAY_DIR/expose/segment cat /dev/null > /etc/resolv.conf
while read -r row
do
echo "nameserver $row" >> /etc/resolv.conf
done < $NETWORK_DIR/dns
}
init_network(){
ifconfig eth0 down
ip -4 addr flush dev eth0
ip -6 addr flush dev eth0
ifconfig eth0 up
while read -r row
do
temp=${row#ADDRESS=}
[ "$row" != "$temp" ] && ipv4_address=$temp
temp=${row#GATEWAY=}
[ "$row" != "$temp" ] && ipv4_gateway=$temp
temp=${row#FORWARD=}
[ "$row" != "$temp" ] && ipv4_forward=$temp
done < $NETWORK_DIR/interface/ipv4
[ -n "$ipv4_address" ] && eval "ip -4 addr add $ipv4_address dev eth0"
[ -n "$ipv4_gateway" ] && eval "ip -4 route add default via $ipv4_gateway"
if [ -n "$ipv4_forward" ]; then
if [ "$ipv4_forward" = "true" ]; then
eval "sysctl -w net.ipv4.ip_forward=1"
else
eval "sysctl -w net.ipv4.ip_forward=0"
fi
fi
while read -r row
do
temp=${row#ADDRESS=}
[ "$row" != "$temp" ] && ipv6_address=$temp
temp=${row#GATEWAY=}
[ "$row" != "$temp" ] && ipv6_gateway=$temp
temp=${row#FORWARD=}
[ "$row" != "$temp" ] && ipv6_forward=$temp
done < $NETWORK_DIR/interface/ipv6
[ -n "$ipv6_address" ] && eval "ip -6 addr add $ipv6_address dev eth0"
[ -n "$ipv6_gateway" ] && eval "ip -6 route add default via $ipv6_gateway"
if [ -n "$ipv6_forward" ]; then
if [ "$ipv6_forward" = "true" ]; then
eval "sysctl -w net.ipv6.conf.all.forwarding=1"
else
eval "sysctl -w net.ipv6.conf.all.forwarding=0"
fi
fi
}
mkdir -p $LOG_DIR mkdir -p $LOG_DIR
[ ! -s "$LOG_DIR/access.log" ] && touch $LOG_DIR/access.log mkdir -p $ASSET_DIR
[ ! -s "$LOG_DIR/error.log" ] && touch $LOG_DIR/error.log mkdir -p $CONFIG_DIR
load_inbounds mkdir -p $NETWORK_DIR
load_log load_log
[ ! -s "$XRAY_DIR/expose/outbounds.json" ] && load_outbounds load_inbounds
[ ! -s "$XRAY_DIR/expose/routing.json" ] && load_routing [ ! -s "$CONFIG_DIR/outbounds.json" ] && load_outbounds
[ ! -s "$XRAY_DIR/expose/dns.json" ] && load_dns [ ! -s "$CONFIG_DIR/routing.json" ] && load_routing
cp $XRAY_DIR/expose/outbounds.json $XRAY_DIR/conf/ [ ! -s "$CONFIG_DIR/dns.json" ] && load_dns
cp $XRAY_DIR/expose/routing.json $XRAY_DIR/conf/ cp $CONFIG_DIR/*.json $XRAY_DIR/config/
cp $XRAY_DIR/expose/dns.json $XRAY_DIR/conf/
[ ! -s "$XRAY_DIR/expose/segment/ipv4" ] && load_ipv4 [ ! -s "$ASSET_DIR/geoip.dat" ] && cp $XRAY_DIR/asset/geoip.dat $ASSET_DIR/
[ ! -s "$XRAY_DIR/expose/segment/ipv6" ] && load_ipv6 [ ! -s "$ASSET_DIR/geosite.dat" ] && cp $XRAY_DIR/asset/geosite.dat $ASSET_DIR/
[ ! -s "$ASSET_DIR/update.sh" ] && load_asset_update
cp $ASSET_DIR/*.dat $XRAY_DIR/asset/
mkdir -p $NETWORK_DIR/bypass
mkdir -p $NETWORK_DIR/interface
[ -s "$NETWORK_DIR/dns" ] && init_dns
[ ! -f "$NETWORK_DIR/bypass/ipv4" ] && load_bypass_ipv4
[ ! -f "$NETWORK_DIR/bypass/ipv6" ] && load_bypass_ipv6
[ -f "$NETWORK_DIR/interface/ignore" ] && exit
[ ! -s "$NETWORK_DIR/interface/ipv4" ] && load_network_ipv4
[ ! -s "$NETWORK_DIR/interface/ipv6" ] && load_network_ipv6
init_network

26
tproxy.sh
View File

@ -1,13 +1,19 @@
[ -f "/etc/xray/expose/custom.sh" ] && sh /etc/xray/expose/custom.sh [ -f "/etc/xray/expose/custom.sh" ] && sh /etc/xray/expose/custom.sh
sh /etc/xray/load.sh sh /etc/xray/load.sh
ip rule add fwmark 1 table 100 ip -4 rule add fwmark 1 table 100
ip route add local 0.0.0.0/0 dev lo table 100 ip -4 route add local 0.0.0.0/0 dev lo table 100
iptables -t mangle -N XRAY iptables -t mangle -N XRAY
ip -4 addr | grep -w "inet" | awk '{print $2}' > /ipv4_range
while read -r segment while read -r segment
do do
eval "iptables -t mangle -A XRAY -d $segment -j RETURN" eval "iptables -t mangle -A XRAY -d $segment -j RETURN"
done < /etc/xray/expose/segment/ipv4 done < /ipv4_range
rm -f /ipv4_range
while read -r segment
do
eval "iptables -t mangle -A XRAY -d $segment -j RETURN"
done < /etc/xray/expose/network/bypass/ipv4
iptables -t mangle -A XRAY -p tcp -j TPROXY --on-port 7288 --tproxy-mark 1 iptables -t mangle -A XRAY -p tcp -j TPROXY --on-port 7288 --tproxy-mark 1
iptables -t mangle -A XRAY -p udp -j TPROXY --on-port 7288 --tproxy-mark 1 iptables -t mangle -A XRAY -p udp -j TPROXY --on-port 7288 --tproxy-mark 1
iptables -t mangle -A PREROUTING -j XRAY iptables -t mangle -A PREROUTING -j XRAY
@ -15,12 +21,18 @@ iptables -t mangle -A PREROUTING -j XRAY
ip -6 rule add fwmark 1 table 106 ip -6 rule add fwmark 1 table 106
ip -6 route add local ::/0 dev lo table 106 ip -6 route add local ::/0 dev lo table 106
ip6tables -t mangle -N XRAY6 ip6tables -t mangle -N XRAY6
ip -6 addr | grep -w "inet6" | awk '{print $2}' > /ipv6_range
while read -r segment
do
eval "ip6tables -t mangle -A XRAY6 -d $segment -j RETURN"
done < /ipv6_range
rm -f /ipv6_range
while read -r segment while read -r segment
do do
eval "ip6tables -t mangle -A XRAY6 -d $segment -j RETURN" eval "ip6tables -t mangle -A XRAY6 -d $segment -j RETURN"
done < /etc/xray/expose/segment/ipv6 done < /etc/xray/expose/network/bypass/ipv6
ip6tables -t mangle -A XRAY6 -p tcp -j TPROXY --on-port 7288 --tproxy-mark 1 ip6tables -t mangle -A XRAY6 -p tcp -j TPROXY --on-port 7289 --tproxy-mark 1
ip6tables -t mangle -A XRAY6 -p udp -j TPROXY --on-port 7288 --tproxy-mark 1 ip6tables -t mangle -A XRAY6 -p udp -j TPROXY --on-port 7289 --tproxy-mark 1
ip6tables -t mangle -A PREROUTING -j XRAY6 ip6tables -t mangle -A PREROUTING -j XRAY6
xray -confdir /etc/xray/conf/ xray -confdir /etc/xray/config/

Write Preview
Loading…
Cancel
Save