VPS配置一键脚本
背景
自己有一台服务器,每次切换机房时,机器会被重置(提供商不提供备份机制),导致又得按照之前的配置手动来一遍,非常的耗时,也不方便。
解决方案
受网上一键脚本启发,制作了一个适合自己服务器的一键脚本。
可学到的知识点
- 如何在 shell 中显示和操作可选择菜单。
- 如何安装系统服务。
- 什么是 ACME。
- 什么是 Frps
- 如何配置 Nginx
一键脚本
已脱敏处理。
1#!/bin/bash23RED="\\033[31m" # Error message4GREEN="\\033[32m" # Success message5YELLOW="\\033[33m" # Warning message6BLUE="\\033[36m" # Info message7PLAIN='\\033[0m'89CMD_INSTALL="yum install -y "1011console() {12 echo -e "${1}${@:2}${PLAIN}"13}1415resetTimezone() {16 console $GREEN "重置为中国时区"17 timezone=`timedatectl | cut -d: -f2 | sed -n 4p`18 console $GREEN "之前时区:$timezone"19 timedatectl set-timezone Asia/Shanghai20 timezone=`timedatectl | cut -d: -f2 | sed -n 4p`21 console $GREEN "当前时区:$timezone"22}2324updateSystem() {25 console $GREEN "更新系统"26 yum update27 console $GREEN "安装 make zlib zlib-devel gcc-c++ libtool openssl openssl-devel libxslt-devel git tar vim unzip"28 $CMD_INSTALL make zlib zlib-devel gcc-c++ libtool openssl openssl-devel libxslt-devel git tar vim unzip29}3031startFirewall() {32 # <https://www.linode.com/docs/security/firewalls/introduction-to-firewalld-on-centos/>33 console $GREEN "开启防火墙,打开 80/443 端口"34 systemctl start firewalld35 systemctl enable firewalld36 firewall-cmd --zone=public --add-service=http --permanent37 firewall-cmd --zone=public --add-service=https --permanent38 # firewall-cmd --zone=public --add-port=9055/tcp --permanent39 # firewall-cmd --zone=public --remove-port=18646/tcp --permanent40 # firewall-cmd --list-ports41 # firewall-cmd --state42 firewall-cmd --reload43}4445cloneJSGardenSite() {46 console $GREEN "配置 JS 花园站点"47 mkdir /opt/site48 git clone <https://github.com/xbf321/js-garden-page.git> /opt/site/js-garden49}5051installACME() {52 # <https://github.com/acmesh-official/acme.sh/wiki/%E8%AF%B4%E6%98%8E>53 console $GREEN "安装 ACME"54 cd ~55 curl -sL <https://get.acme.sh> | sh -s email=xbf321@gmail.com56 ~/.acme.sh/acme.sh --upgrade --auto-upgrade57}5859installNginx() {60 console $GREEN "安装 Nginx ..."61 $CMD_INSTALL epel-release62 $CMD_INSTALL nginx63 if [[ "$?" != "0" ]]; then64 console $RED " Nginx安装失败,请手动安装"65 exit 166 fi67 $CMD_INSTALL nginx-mod-stream68 # 证书都放到这里69 mkdir /etc/nginx/ssl/70 systemctl enable nginx71 systemctl start nginx72}7374installTrojanGo() {75 console $GREEN "安装 Trojan-Go ..."76 ZIP_FILE="trojan-go"77 wget -O /tmp/${ZIP_FILE}.zip <https://github.com/p4gefau1t/trojan-go/releases/download/v0.10.6/trojan-go-linux-amd64.zip>78 if [[ ! -f /tmp/${ZIP_FILE}.zip ]]; then79 console $RED "trojan-go安装文件下载失败,请检查网络或重试"80 exit 181 fi82 mkdir -p /etc/trojan-go83 rm -rf /tmp/${ZIP_FILE}84 unzip /tmp/${ZIP_FILE}.zip -d /tmp/${ZIP_FILE}85 cp /tmp/${ZIP_FILE}/trojan-go /usr/bin86 cp /tmp/${ZIP_FILE}/geoip.dat /etc/trojan-go/87 cp /tmp/${ZIP_FILE}/geosite.dat /etc/trojan-go/88 cp /tmp/${ZIP_FILE}/example/trojan-go.service /etc/systemd/system/89 sed -i '/User=nobody/d' /etc/systemd/system/trojan-go.service90 systemctl daemon-reload91 systemctl enable trojan-go92 rm -rf /tmp/${ZIP_FILE}93 console $YELLOW "trojan-go安装成功!"94}9596installFrps() {97 console $GREEN "安装 Frp 服务端 ..."98 ZIP_FILE="frp"99 mkdir -p /tmp/frp100 mkdir -p /etc/frp101 wget -O /tmp/${ZIP_FILE}.tar.gz <https://github.com/fatedier/frp/releases/download/v0.39.0/frp_0.39.0_linux_amd64.tar.gz>102 if [[ ! -f /tmp/${ZIP_FILE}.tar.gz ]]; then103 console $RED "frp安装文件下载失败,请检查网络或重试"104 exit 1105 fi106 tar -xzvf /tmp/${ZIP_FILE}.tar.gz --strip-components 1 -C /tmp/frp107 cp /tmp/frp/frps /usr/bin108 cp /tmp/frp/frps.ini /etc/frp/109 cp /tmp/frp/systemd/frps.service /etc/systemd/system/110 sed -i '/User=nobody/d' /etc/systemd/system/frps.service111 systemctl daemon-reload112 systemctl enable frps113 rm -rf /tmp/${ZIP_FILE}114 console $YELLOW "frps 安装成功!"115}116117configFrps() {118 console $GREEN "配置 Frp 服务端 ..."119 cat > /etc/frp/frps.ini <<-"EOF"120[common]121bind_addr = 0.0.0.0122bind_port = 9000123bind_udp_port = 9001124kcp_bind_port = 9000125126# auth token127token = token128129# dashboard130dashboard_addr = 0.0.0.0131dashboard_port = 9500132dashboard_user = root133dashboard_pwd = pwd134135log_file = /var/log/frps.log136log_level = info137log_max_days = 3138139# only allow frpc to bind ports you list, if you set nothing, there won't be any limit140allow_ports = 9000-9999141142# pool_count in each proxy will change to max_pool_count if they exceed the maximum value143max_pool_count = 5144145# max ports can be used for each client, default value is 0 means no limit146# if tcp stream multiplexing is used, default is true147tcp_mux = true148EOF149 systemctl restart frps150}151152buildXingBaifangSSL() {153 console $GREEN "生成 xingbaifang.com 域名证书"154 export GD_Key="key"155 export GD_Secret="secret"156 ~/.acme.sh/acme.sh --issue --dns dns_gd -d xingbaifang.com -d www.xingbaifang.com157 ~/.acme.sh/acme.sh --issue --dns dns_gd -d tro-go.xingbaifang.com158 console $GREEN "安装 xingbaifang.com 域名证书到 Nginx SSL 目录下"159 ~/.acme.sh/acme.sh --installcert -d xingbaifang.com -d www.xingbaifang.com \\160 --key-file /etc/nginx/ssl/xingbaifang.com.key \\161 --fullchain-file /etc/nginx/ssl/xingbaifang.com.fullchain.cer162 ~/.acme.sh/acme.sh --installcert -d tro-go.xingbaifang.com \\163 --key-file /etc/nginx/ssl/tro-go.xingbaifang.com.key \\164 --fullchain-file /etc/nginx/ssl/tro-go.xingbaifang.com.fullchain.cer165}166167buildXingshuoSSL() {168 console $GREEN "生成 xingshuo.me 域名证书"169 export GD_Key="key"170 export GD_Secret="script"171 ~/.acme.sh/acme.sh --issue --dns dns_gd -d xingshuo.me -d www.xingshuo.me172 ~/.acme.sh/acme.sh --issue --dns dns_gd -d tro-go.xingshuo.me173 console $GREEN "安装 xingshuo.me 域名证书到 Nginx SSL 目录下"174 ~/.acme.sh/acme.sh --installcert -d xingshuo.me -d www.xingshuo.me \\175 --key-file /etc/nginx/ssl/xingshuo.me.key \\176 --fullchain-file /etc/nginx/ssl/xingshuo.me.fullchain.cer177 ~/.acme.sh/acme.sh --installcert -d tro-go.xingshuo.me \\178 --key-file /etc/nginx/ssl/tro-go.xingshuo.me.key \\179 --fullchain-file /etc/nginx/ssl/tro-go.xingshuo.me.fullchain.cer180}181182configXingBaifangTrojan() {183 console $GREEN "配置 tro-go.xingbaifang.com"184 cat > /etc/trojan-go/config.json <<-"EOF"185{186 "run_type": "server",187 "local_addr": "0.0.0.0",188 "local_port": 11443,189 "remote_addr": "127.0.0.1",190 "remote_port": 80,191 "password": [192 "pwd",193 ],194 "ssl": {195 "cert": "/etc/nginx/ssl/tro-go.xingbaifang.com.fullchain.cer",196 "key": "/etc/nginx/ssl/tro-go.xingbaifang.com.key"197 },198 "mux": {199 "enabled": true,200 "concurrency": 8,201 "idle_timeout": 60202 },203 "router": {204 "enabled": true,205 "block": [206 "geoip:private"207 ],208 "geoip": "/etc/trojan-go/geoip.dat",209 "geosite": "/etc/trojan-go/geosite.dat"210 }211}212EOF213 console $GREEN "启动Trojan-Go服务"214 systemctl restart trojan-go215}216217configXingshuoTrojan() {218 console $GREEN "配置 tro-go.xingshuo.me"219 cat > /etc/trojan-go/config.json <<-"EOF"220{221 "run_type": "server",222 "local_addr": "0.0.0.0",223 "local_port": 11443,224 "remote_addr": "127.0.0.1",225 "remote_port": 80,226 "password": [227 "pwd",228 ],229 "ssl": {230 "cert": "/etc/nginx/ssl/tro-go.xingshuo.me.fullchain.cer",231 "key": "/etc/nginx/ssl/tro-go.xingshuo.me.key"232 },233 "mux": {234 "enabled": true,235 "concurrency": 8,236 "idle_timeout": 60237 },238 "router": {239 "enabled": true,240 "block": [241 "geoip:private"242 ],243 "geoip": "/etc/trojan-go/geoip.dat",244 "geosite": "/etc/trojan-go/geosite.dat"245 }246}247EOF248 console $GREEN "启动Trojan-Go服务"249 systemctl restart trojan-go250}251252configXingBaifangNginx() {253 console $GREEN "配置 xingbaifang.com Nginx"254 cat > /etc/nginx/nginx.conf<<-"EOF"255 load_module /usr/lib64/nginx/modules/ngx_stream_module.so;256 user root;257 worker_processes auto;258 error_log /var/log/nginx/error.log notice;259 pid /var/log/nginx/nginx.pid;260 events {261 worker_connections 1024;262 }263 stream {264 map $ssl_preread_server_name $backend_name {265 tro-go.xingbaifang.com 127.0.0.1:11443;266 xingbaifang.com 127.0.0.1:10443;267 }268 server {269 listen 443 reuseport;270 listen [::]:443 reuseport;271 proxy_pass $backend_name;272 ssl_preread on;273 }274 }275 http {276 include /etc/nginx/mime.types;277 default_type application/octet-stream;278 log_format main '$remote_addr - $remote_user [$time_local] "$request" '279 '$status $body_bytes_sent "$http_referer" '280 '"$http_user_agent" "$http_x_forwarded_for"';281 access_log /var/log/nginx/access.log main;282283 sendfile on;284 keepalive_timeout 65;285 gzip on;286 gzip_min_length 1k;287 gzip_buffers 4 16k;288 gzip_http_version 1.0;289 gzip_comp_level 2;290 gzip_types text/plain application/x-javascript text/css application/xml;291 gzip_vary on;292 # ssl common config293 ssl_session_timeout 1d;294 ssl_session_cache shared:SSL:50m;295 ssl_session_tickets off;296 ssl_protocols TLSv1.1 TLSv1.2;297 ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4:!DH:!DHE';298 ssl_prefer_server_ciphers on;299 add_header Strict-Transport-Securit max-age=15768000;300 ssl_stapling on;301 ssl_stapling_verify on;302 server {303 listen 80;304 server_name localhost;305 root /opt/site/js-garden;306 location / {307 index index.html;308 }309 }310 include /etc/nginx/conf.d/*.conf;311 }312EOF313cat > /etc/nginx/conf.d/xingbaifang.com.conf<<-"EOF"314server {315 listen 80;316 server_name xingbaifang.com www.xingbaifang.com;317 return 301 https://$host$request_uri;318}319server {320 listen 10443 ssl http2;321 server_name xingbaifang.com www.xingbaifang.com;322 ssl_certificate /etc/nginx/ssl/xingbaifang.com.fullchain.cer;323 ssl_certificate_key /etc/nginx/ssl/xingbaifang.com.key;324 location / {325 proxy_pass <http://xingshuo.me:9055>;326 proxy_set_header HOST $host;327 proxy_set_header X-Forwarded-Proto $scheme;328 proxy_set_header X-Real-IP $remote_addr;329 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;330 }331 location /test {332 default_type text/html;333 return 200 "hello world! ";334 }335 client_max_body_size 1024m;336}337EOF338 console $GREEN "重启 Nginx"339 nginx -s reload340}341342configXingshuoNginx() {343 console $GREEN "配置 xingshuo.me Nginx"344 cat > /etc/nginx/nginx.conf<<-"EOF"345 load_module /usr/lib64/nginx/modules/ngx_stream_module.so;346 user root;347 worker_processes auto;348 error_log /var/log/nginx/error.log notice;349 pid /var/log/nginx/nginx.pid;350 events {351 worker_connections 1024;352 }353 stream {354 map $ssl_preread_server_name $backend_name {355 tro-go.xingshuo.me 127.0.0.1:14443;356 x.xingshuo.me 127.0.0.1:13443;357 frp.xingshuo.me 127.0.0.1:12443;358 trojan.xingshuo.me 127.0.0.1:11443;359 xingshuo.me 127.0.0.1:10443;360 }361 server {362 listen 443 reuseport;363 listen [::]:443 reuseport;364 proxy_pass $backend_name;365 ssl_preread on;366 }367 }368 http {369 include mime.types;370 default_type application/octet-stream;371 log_format main '$remote_addr - $remote_user [$time_local] "$request" '372 '$status $body_bytes_sent "$http_referer" '373 '"$http_user_agent" "$http_x_forwarded_for"';374 access_log logs/access.log main;375 sendfile on;376 server_tokens off;377 keepalive_timeout 65;378 gzip on;379 gzip_min_length 1k;380 gzip_buffers 4 16k;381 gzip_http_version 1.0;382 gzip_comp_level 2;383 gzip_types text/plain application/x-javascript text/css application/xml;384 gzip_vary on;385 # ssl common config386 ssl_session_timeout 1d;387 ssl_session_cache shared:SSL:50m;388 ssl_session_tickets off;389 ssl_protocols TLSv1.1 TLSv1.2;390 ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4:!DH:!DHE';391 ssl_prefer_server_ciphers on;392 add_header Strict-Transport-Securit max-age=15768000;393 ssl_stapling on;394 ssl_stapling_verify on;395 server {396 listen 80;397 server_name localhost;398 root /opt/site/js-garden;399 location / {400 index index.html;401 }402 }403 include /etc/nginx/conf.d/*.conf;404 }405EOF406cat > /etc/nginx/conf.d/xingshuo.me.conf<<-"EOF"407 server {408 listen 80;409 server_name xingshuo.me www.xingshuo.me;410 return 301 https://$host$request_uri;411 }412 server {413 listen 10443 ssl http2;414 server_name xingshuo.me www.xingshuo.me;415 root /opt/site/js-garden;416 ssl_certificate /etc/nginx/ssl/xingshuo.me.fullchain.cer;417 ssl_certificate_key /etc/nginx/ssl/xingshuo.me.key;418 location / {419 index index.html;420 }421 location /test {422 default_type text/html;423 return 200 "hello world! ";424 }425 # v2ray426 location /2dhcp {427 limit_req zone=mylimit burst=4 nodelay;428 proxy_redirect off;429 proxy_pass <http://127.0.0.1:9527>;430 proxy_http_version 1.1;431 proxy_set_header Upgrade $http_upgrade;432 proxy_set_header Connection "upgrade";433 # Show realip in v2ray access.log434 proxy_set_header X-Real-IP $remote_addr;435 proxy_set_header Host $host;436 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;437 }438 client_max_body_size 50m;439 }440EOF441cat > /etc/nginx/conf.d/frp.xingshuo.me.conf<<-"EOF"442server {443 listen 80;444 server_name frp.xingshuo.me;445 return 301 https://$host$request_uri;446}447server {448 listen 12443 ssl http2;449 server_name frp.xingshuo.me;450 ssl_certificate /etc/nginx/ssl/frp.xingshuo.me.fullchain.cer;451 ssl_certificate_key /etc/nginx/ssl/frp.xingshuo.me.key;452 location / {453 proxy_set_header Host $host;454 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;455 proxy_redirect off;456 proxy_buffering off;457 proxy_pass <http://127.0.0.1:9500>;458 }459 client_max_body_size 50m;460}461EOF462cat > /etc/nginx/conf.d/wildcard.frp.xingshuo.me.conf<<-"EOF"463upstream adguard {464 server 127.0.0.1:9043;465}466server {467 listen 80;468 server_name *.frp.xingshuo.me;469 location / {470 proxy_set_header Host $host;471 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;472 proxy_redirect off;473 proxy_buffering off;474 if ( $host ~* (.*)\\.frp\\.xingshuo\\.me ) {475 set $prefix $1;476 }477 proxy_pass <http://$prefix>;478 }479 client_max_body_size 50m;480}481EOF482 console $GREEN "重启 Nginx"483 nginx -s reload484}485486installBasePackage() {487 resetTimezone488 updateSystem489 startFirewall490 cloneJSGardenSite491 installNginx492 installACME493 installTrojanGo494 installFrps495}496497menu() {498 clear499 echo "#############################################################"500 echo -e " ${GREEN}1.${PLAIN} 安装基础服务(更新系统/Nginx/ACME/Trojan-Go/JSGardenSite/Frps)"501 echo -e " ${GREEN}2.${PLAIN} 配置 frps"502 echo -e " ${GREEN}3.${PLAIN} 安装 xingbaifang.com 证书且配置 Nginx 和 Trojan-Go"503 echo -e " ${GREEN}4.${PLAIN} 安装 xingshuo.me 证书且配置 Nginx 和 Trojan-Go"504 echo -e " ${GREEN}0.${PLAIN} 退出"505 echo "#############################################################"506 echo507508 read -p " 请选择操作[0-4]:" answer509 case $answer in510 0)511 exit 0512 ;;513 1)514 installBasePackage515 ;;516 2)517 configFrps518 ;;519 3)520 buildXingBaifangSSL521 configXingBaifangTrojan522 configXingBaifangNginx523 ;;524 4)525 buildXingshuoSSL526 configXingshuoTrojan527 configXingshuoNginx528 ;;529 *)530 echo -e "$RED 请选择正确的操作!${PLAIN}"531 exit 1532 ;;533 esac534}535536action=$1537[[ -z $1 ]] && action=menu538case "$action" in539 menu)540 ${action}541 ;;542 *)543 echo " 参数错误"544 echo " 用法: `basename $0` [menu]"545 ;;546esac