diff --git a/config/server/dynamic/http.json b/config/server/dynamic/http.json index f06a667..ad88409 100644 --- a/config/server/dynamic/http.json +++ b/config/server/dynamic/http.json @@ -126,32 +126,13 @@ "routing": { "domainStrategy": "IPOnDemand", "rules": [ - { - "type": "field", - "ip": [ - "0.0.0.0/8", - "10.0.0.0/8", - "100.64.0.0/10", - "127.0.0.0/8", - "169.254.0.0/16", - "172.16.0.0/12", - "192.0.0.0/24", - "192.0.2.0/24", - "192.168.0.0/16", - "198.18.0.0/15", - "198.51.100.0/24", - "203.0.113.0/24", - "::1/128", - "fc00::/7", - "fe80::/10" - ], - "outboundTag": "blocked" - }, - { - "type": "field", - "inboundTag": ["tg-in"], - "outboundTag": "tg-out" - } + { + "type": "field", + "ip": [ + "geoip:private" + ], + "outboundTag": "blocked" + } //include_ban_xx //include_ban_bt //include_ban_ad diff --git a/config/server/dynamic/kcp.json b/config/server/dynamic/kcp.json index d72f86c..7117eaa 100644 --- a/config/server/dynamic/kcp.json +++ b/config/server/dynamic/kcp.json @@ -98,32 +98,13 @@ "routing": { "domainStrategy": "IPOnDemand", "rules": [ - { - "type": "field", - "ip": [ - "0.0.0.0/8", - "10.0.0.0/8", - "100.64.0.0/10", - "127.0.0.0/8", - "169.254.0.0/16", - "172.16.0.0/12", - "192.0.0.0/24", - "192.0.2.0/24", - "192.168.0.0/16", - "198.18.0.0/15", - "198.51.100.0/24", - "203.0.113.0/24", - "::1/128", - "fc00::/7", - "fe80::/10" - ], - "outboundTag": "blocked" - }, - { - "type": "field", - "inboundTag": ["tg-in"], - "outboundTag": "tg-out" - } + { + "type": "field", + "ip": [ + "geoip:private" + ], + "outboundTag": "blocked" + } //include_ban_xx //include_ban_bt //include_ban_ad diff --git a/config/server/dynamic/quic.json b/config/server/dynamic/quic.json index 83e98f3..0030e84 100644 --- a/config/server/dynamic/quic.json +++ b/config/server/dynamic/quic.json @@ -100,32 +100,13 @@ "routing": { "domainStrategy": "IPOnDemand", "rules": [ - { - "type": "field", - "ip": [ - "0.0.0.0/8", - "10.0.0.0/8", - "100.64.0.0/10", - "127.0.0.0/8", - "169.254.0.0/16", - "172.16.0.0/12", - "192.0.0.0/24", - "192.0.2.0/24", - "192.168.0.0/16", - "198.18.0.0/15", - "198.51.100.0/24", - "203.0.113.0/24", - "::1/128", - "fc00::/7", - "fe80::/10" - ], - "outboundTag": "blocked" - }, - { - "type": "field", - "inboundTag": ["tg-in"], - "outboundTag": "tg-out" - } + { + "type": "field", + "ip": [ + "geoip:private" + ], + "outboundTag": "blocked" + } //include_ban_xx //include_ban_bt //include_ban_ad diff --git a/config/server/dynamic/tcp.json b/config/server/dynamic/tcp.json index d1eeca3..b6d943e 100644 --- a/config/server/dynamic/tcp.json +++ b/config/server/dynamic/tcp.json @@ -85,32 +85,13 @@ "routing": { "domainStrategy": "IPOnDemand", "rules": [ - { - "type": "field", - "ip": [ - "0.0.0.0/8", - "10.0.0.0/8", - "100.64.0.0/10", - "127.0.0.0/8", - "169.254.0.0/16", - "172.16.0.0/12", - "192.0.0.0/24", - "192.0.2.0/24", - "192.168.0.0/16", - "198.18.0.0/15", - "198.51.100.0/24", - "203.0.113.0/24", - "::1/128", - "fc00::/7", - "fe80::/10" - ], - "outboundTag": "blocked" - }, - { - "type": "field", - "inboundTag": ["tg-in"], - "outboundTag": "tg-out" - } + { + "type": "field", + "ip": [ + "geoip:private" + ], + "outboundTag": "blocked" + } //include_ban_xx //include_ban_bt //include_ban_ad diff --git a/config/server/dynamic/ws.json b/config/server/dynamic/ws.json index bd99b35..a984524 100644 --- a/config/server/dynamic/ws.json +++ b/config/server/dynamic/ws.json @@ -88,32 +88,13 @@ "routing": { "domainStrategy": "IPOnDemand", "rules": [ - { - "type": "field", - "ip": [ - "0.0.0.0/8", - "10.0.0.0/8", - "100.64.0.0/10", - "127.0.0.0/8", - "169.254.0.0/16", - "172.16.0.0/12", - "192.0.0.0/24", - "192.0.2.0/24", - "192.168.0.0/16", - "198.18.0.0/15", - "198.51.100.0/24", - "203.0.113.0/24", - "::1/128", - "fc00::/7", - "fe80::/10" - ], - "outboundTag": "blocked" - }, - { - "type": "field", - "inboundTag": ["tg-in"], - "outboundTag": "tg-out" - } + { + "type": "field", + "ip": [ + "geoip:private" + ], + "outboundTag": "blocked" + } //include_ban_xx //include_ban_bt //include_ban_ad diff --git a/config/server/h2.json b/config/server/h2.json index ddadb9f..d754d57 100644 --- a/config/server/h2.json +++ b/config/server/h2.json @@ -24,15 +24,6 @@ "233blog.com" ], "path": "/233blog" - }, - "security": "tls", - "tlsSettings": { - "certificates": [ - { - "certificateFile": "/etc/v2ray/233boy/v2ray/config/233blog.com.cer", - "keyFile": "/etc/v2ray/233boy/v2ray/config/233blog.com.key" - } - ] } }, "sniffing": { @@ -81,32 +72,13 @@ "routing": { "domainStrategy": "IPOnDemand", "rules": [ - { - "type": "field", - "ip": [ - "0.0.0.0/8", - "10.0.0.0/8", - "100.64.0.0/10", - "127.0.0.0/8", - "169.254.0.0/16", - "172.16.0.0/12", - "192.0.0.0/24", - "192.0.2.0/24", - "192.168.0.0/16", - "198.18.0.0/15", - "198.51.100.0/24", - "203.0.113.0/24", - "::1/128", - "fc00::/7", - "fe80::/10" - ], - "outboundTag": "blocked" - }, - { - "type": "field", - "inboundTag": ["tg-in"], - "outboundTag": "tg-out" - } + { + "type": "field", + "ip": [ + "geoip:private" + ], + "outboundTag": "blocked" + } //include_ban_xx //include_ban_bt //include_ban_ad diff --git a/config/server/http.json b/config/server/http.json index fa4b5c4..8d6051a 100644 --- a/config/server/http.json +++ b/config/server/http.json @@ -99,32 +99,13 @@ "routing": { "domainStrategy": "IPOnDemand", "rules": [ - { - "type": "field", - "ip": [ - "0.0.0.0/8", - "10.0.0.0/8", - "100.64.0.0/10", - "127.0.0.0/8", - "169.254.0.0/16", - "172.16.0.0/12", - "192.0.0.0/24", - "192.0.2.0/24", - "192.168.0.0/16", - "198.18.0.0/15", - "198.51.100.0/24", - "203.0.113.0/24", - "::1/128", - "fc00::/7", - "fe80::/10" - ], - "outboundTag": "blocked" - }, - { - "type": "field", - "inboundTag": ["tg-in"], - "outboundTag": "tg-out" - } + { + "type": "field", + "ip": [ + "geoip:private" + ], + "outboundTag": "blocked" + } //include_ban_xx //include_ban_bt //include_ban_ad diff --git a/config/server/kcp.json b/config/server/kcp.json index 45cd3e9..d938f9c 100644 --- a/config/server/kcp.json +++ b/config/server/kcp.json @@ -71,32 +71,13 @@ "routing": { "domainStrategy": "IPOnDemand", "rules": [ - { - "type": "field", - "ip": [ - "0.0.0.0/8", - "10.0.0.0/8", - "100.64.0.0/10", - "127.0.0.0/8", - "169.254.0.0/16", - "172.16.0.0/12", - "192.0.0.0/24", - "192.0.2.0/24", - "192.168.0.0/16", - "198.18.0.0/15", - "198.51.100.0/24", - "203.0.113.0/24", - "::1/128", - "fc00::/7", - "fe80::/10" - ], - "outboundTag": "blocked" - }, - { - "type": "field", - "inboundTag": ["tg-in"], - "outboundTag": "tg-out" - } + { + "type": "field", + "ip": [ + "geoip:private" + ], + "outboundTag": "blocked" + } //include_ban_xx //include_ban_bt //include_ban_ad diff --git a/config/server/quic.json b/config/server/quic.json index e0344f4..f0e24a8 100644 --- a/config/server/quic.json +++ b/config/server/quic.json @@ -72,32 +72,13 @@ "routing": { "domainStrategy": "IPOnDemand", "rules": [ - { - "type": "field", - "ip": [ - "0.0.0.0/8", - "10.0.0.0/8", - "100.64.0.0/10", - "127.0.0.0/8", - "169.254.0.0/16", - "172.16.0.0/12", - "192.0.0.0/24", - "192.0.2.0/24", - "192.168.0.0/16", - "198.18.0.0/15", - "198.51.100.0/24", - "203.0.113.0/24", - "::1/128", - "fc00::/7", - "fe80::/10" - ], - "outboundTag": "blocked" - }, - { - "type": "field", - "inboundTag": ["tg-in"], - "outboundTag": "tg-out" - } + { + "type": "field", + "ip": [ + "geoip:private" + ], + "outboundTag": "blocked" + } //include_ban_xx //include_ban_bt //include_ban_ad diff --git a/config/server/tcp.json b/config/server/tcp.json index 1e36266..e7d28b3 100644 --- a/config/server/tcp.json +++ b/config/server/tcp.json @@ -66,32 +66,13 @@ "routing": { "domainStrategy": "IPOnDemand", "rules": [ - { - "type": "field", - "ip": [ - "0.0.0.0/8", - "10.0.0.0/8", - "100.64.0.0/10", - "127.0.0.0/8", - "169.254.0.0/16", - "172.16.0.0/12", - "192.0.0.0/24", - "192.0.2.0/24", - "192.168.0.0/16", - "198.18.0.0/15", - "198.51.100.0/24", - "203.0.113.0/24", - "::1/128", - "fc00::/7", - "fe80::/10" - ], - "outboundTag": "blocked" - }, - { - "type": "field", - "inboundTag": ["tg-in"], - "outboundTag": "tg-out" - } + { + "type": "field", + "ip": [ + "geoip:private" + ], + "outboundTag": "blocked" + } //include_ban_xx //include_ban_bt //include_ban_ad diff --git a/config/server/vless_ws.json b/config/server/vless_ws.json index 04da3d4..7169a0c 100644 --- a/config/server/vless_ws.json +++ b/config/server/vless_ws.json @@ -68,32 +68,13 @@ "routing": { "domainStrategy": "IPOnDemand", "rules": [ - { - "type": "field", - "ip": [ - "0.0.0.0/8", - "10.0.0.0/8", - "100.64.0.0/10", - "127.0.0.0/8", - "169.254.0.0/16", - "172.16.0.0/12", - "192.0.0.0/24", - "192.0.2.0/24", - "192.168.0.0/16", - "198.18.0.0/15", - "198.51.100.0/24", - "203.0.113.0/24", - "::1/128", - "fc00::/7", - "fe80::/10" - ], - "outboundTag": "blocked" - }, - { - "type": "field", - "inboundTag": ["tg-in"], - "outboundTag": "tg-out" - } + { + "type": "field", + "ip": [ + "geoip:private" + ], + "outboundTag": "blocked" + } //include_ban_xx //include_ban_bt //include_ban_ad diff --git a/config/server/ws.json b/config/server/ws.json index c32190e..788b8fe 100644 --- a/config/server/ws.json +++ b/config/server/ws.json @@ -66,32 +66,13 @@ "routing": { "domainStrategy": "IPOnDemand", "rules": [ - { - "type": "field", - "ip": [ - "0.0.0.0/8", - "10.0.0.0/8", - "100.64.0.0/10", - "127.0.0.0/8", - "169.254.0.0/16", - "172.16.0.0/12", - "192.0.0.0/24", - "192.0.2.0/24", - "192.168.0.0/16", - "198.18.0.0/15", - "198.51.100.0/24", - "203.0.113.0/24", - "::1/128", - "fc00::/7", - "fe80::/10" - ], - "outboundTag": "blocked" - }, - { - "type": "field", - "inboundTag": ["tg-in"], - "outboundTag": "tg-out" - } + { + "type": "field", + "ip": [ + "geoip:private" + ], + "outboundTag": "blocked" + } //include_ban_xx //include_ban_bt //include_ban_ad diff --git a/src/caddy-config.sh b/src/caddy-config.sh index b7ed92b..77392a4 100644 --- a/src/caddy-config.sh +++ b/src/caddy-config.sh @@ -5,14 +5,12 @@ case $v2ray_transport in if [[ $is_path ]]; then cat >/etc/caddy/Caddyfile <<-EOF $domain { - gzip - timeouts none - proxy / $proxy_site { - except /${path} + reverse_proxy $proxy_site { + header_up Host {upstream_hostport} + header_up X-Forwarded-Host {host} } - proxy /${path} 127.0.0.1:${v2ray_port} { - without /${path} - websocket + handle_path /${path} { + reverse_proxy 127.0.0.1:${v2ray_port} } } import sites/* @@ -20,10 +18,7 @@ import sites/* else cat >/etc/caddy/Caddyfile <<-EOF $domain { - timeouts none - proxy / 127.0.0.1:${v2ray_port} { - websocket - } + reverse_proxy 127.0.0.1:${v2ray_port} } import sites/* EOF @@ -33,28 +28,18 @@ import sites/* if [[ $is_path ]]; then cat >/etc/caddy/Caddyfile <<-EOF $domain { - gzip - timeouts none - proxy / $proxy_site { - except /${path} - } - proxy /${path} https://127.0.0.1:${v2ray_port} { - header_upstream Host {host} - header_upstream X-Forwarded-Proto {scheme} - insecure_skip_verify + reverse_proxy $proxy_site { + header_up Host {upstream_hostport} + header_up X-Forwarded-Host {host} } + reverse_proxy /${path} h2c://127.0.0.1:${v2ray_port} } import sites/* EOF else cat >/etc/caddy/Caddyfile <<-EOF $domain { - timeouts none - proxy / https://127.0.0.1:${v2ray_port} { - header_upstream Host {host} - header_upstream X-Forwarded-Proto {scheme} - insecure_skip_verify - } + reverse_proxy h2c://127.0.0.1:${v2ray_port} } import sites/* EOF diff --git a/src/download-caddy.sh b/src/download-caddy.sh index 0f889ec..dd20bb4 100644 --- a/src/download-caddy.sh +++ b/src/download-caddy.sh @@ -6,7 +6,8 @@ _download_caddy_file() { echo -e "$red 获取 Caddy 下载参数失败!$none" && exit 1 fi # local caddy_download_link="https://caddyserver.com/download/linux/${caddy_arch}?license=personal" - local caddy_download_link="https://github.com/caddyserver/caddy/releases/download/v1.0.4/caddy_v1.0.4_linux_${caddy_arch}.tar.gz" + # local caddy_download_link="https://github.com/caddyserver/caddy/releases/download/v1.0.4/caddy_v1.0.4_linux_${caddy_arch}.tar.gz" + local caddy_download_link="https://github.com/caddyserver/caddy/releases/download/v2.5.1/caddy_2.5.1_linux_${caddy_arch}.tar.gz" mkdir -p $caddy_tmp @@ -43,30 +44,25 @@ _install_caddy_service() { #### 。。。。。 use root user run caddy... cat >/lib/systemd/system/caddy.service <<-EOF +#https://github.com/caddyserver/dist/blob/master/init/caddy.service [Unit] -Description=Caddy HTTP/2 web server -Documentation=https://caddyserver.com/docs -After=network.target -Wants=network.target +Description=Caddy +Documentation=https://caddyserver.com/docs/ +After=network.target network-online.target +Requires=network-online.target [Service] -Restart=on-abnormal +Type=notify User=root Group=root -Environment=CADDYPATH=/etc/ssl/caddy -ExecStart=/usr/local/bin/caddy -log stdout -log-timestamps=false -agree=true -conf=/etc/caddy/Caddyfile -root=/var/tmp -ExecReload=/bin/kill -USR1 \$MAINPID -KillMode=mixed -KillSignal=SIGQUIT +ExecStart=/usr/local/bin/caddy run --environ --config /etc/caddy/Caddyfile +ExecReload=/usr/local/bin/caddy reload --config /etc/caddy/Caddyfile TimeoutStopSec=5s LimitNOFILE=1048576 LimitNPROC=512 PrivateTmp=true -PrivateDevices=false -ProtectHome=true ProtectSystem=full -ReadWritePaths=/etc/ssl/caddy -ReadWriteDirectories=/etc/ssl/caddy +#AmbientCapabilities=CAP_NET_BIND_SERVICE [Install] WantedBy=multi-user.target diff --git a/v2ray.sh b/v2ray.sh index 8f3b6de..f585fd8 100644 --- a/v2ray.sh +++ b/v2ray.sh @@ -10,7 +10,7 @@ none='\e[0m' # Root [[ $(id -u) != 0 ]] && echo -e " 哎呀……请使用 ${red}root ${none}用户运行 ${yellow}~(^_^) ${none}" && exit 1 -_version="v3.53" +_version="v3.54" cmd="apt-get" @@ -96,6 +96,23 @@ if [[ ! $(grep 'v2ray.vmess.aead.forced=false' /lib/systemd/system/v2ray.service systemctl restart v2ray fi +# fix caddy2 config +if [[ $caddy ]]; then + /usr/local/bin/caddy version >/dev/null 2>&1 + if [[ $? == 1 ]]; then + echo -e "\n $yellow 警告: 脚本将自动更新 Caddy 版本。 $none \n" + systemctl stop caddy + _load download-caddy.sh + _download_caddy_file + _install_caddy_service + systemctl daemon-reload + _load caddy-config.sh + systemctl restart caddy + echo -e "\n $green 更新 Caddy 版本完成, 要是出问题了你可以重装解决。 $none \n" + exit 0 + fi +fi + if [[ $v2ray_ver != v* ]]; then v2ray_ver="v$v2ray_ver" fi @@ -1737,7 +1754,7 @@ change_proxy_site_config() { } domain_check() { # test_domain=$(dig $new_domain +short) - test_domain=$(ping $new_domain -c 1 -4 -W 2| grep -oE -m1 "([0-9]{1,3}\.){3}[0-9]{1,3}") + test_domain=$(ping $new_domain -c 1 -4 -W 2 | grep -oE -m1 "([0-9]{1,3}\.){3}[0-9]{1,3}") # test_domain=$(wget -qO- --header='accept: application/dns-json' "https://cloudflare-dns.com/dns-query?name=$new_domain&type=A" | grep -oE "([0-9]{1,3}\.){3}[0-9]{1,3}" | head -1) # test_domain=$(curl -sH 'accept: application/dns-json' "https://cloudflare-dns.com/dns-query?name=$new_domain&type=A" | grep -oE "([0-9]{1,3}\.){3}[0-9]{1,3}" | head -1) if [[ $test_domain != $ip ]]; then