diff --git a/install.sh b/install.sh new file mode 100644 index 0000000..b8a69ae --- /dev/null +++ b/install.sh @@ -0,0 +1,211 @@ +#!/bin/bash + +# 检查是否以 root 权限运行 +if [ "$EUID" -ne 0 ]; then + echo "错误:请以 root 权限运行此脚本(使用 sudo)" + exit 1 +fi + +# 检查网络连接 +echo "检查网络连接..." +if ! ping -c 3 8.8.8.8 > /dev/null 2>&1; then + echo "错误:无法连接到网络,请检查网络状态后重试" + exit 1 +fi + +# 更新系统并安装必要的工具 +echo "更新系统并安装必要工具..." +if ! apt update; then + echo "错误:apt update 失败,请检查网络或软件源配置" + exit 1 +fi +if ! apt upgrade -y; then + echo "警告:apt upgrade 失败,继续执行后续步骤..." +fi +if ! apt install -y wget tar iptables; then + echo "错误:安装 wget、tar 或 iptables 失败" + exit 1 +fi + +# 检测系统架构 +echo "检测系统架构..." +ARCH=$(uname -m) +OS=$(uname -s | tr '[:upper:]' '[:lower:]') +case "$ARCH" in + x86_64) + ARCH="amd64" + ;; + aarch64) + ARCH="arm64" + ;; + armv7l) + ARCH="armv7" + ;; + i386|i686) + ARCH="386" + ;; + *) + echo "错误:不支持的系统架构:$ARCH" + exit 1 + ;; +esac +echo "检测到系统架构:$OS-$ARCH" + +# 设置 sing-box 版本和下载地址 +SINGBOX_VERSION="1.11.4" +SINGBOX_BASE_URL="https://gh.sageer.me/github.com/SagerNet/sing-box/releases/download" +SINGBOX_URL="${SINGBOX_BASE_URL}/v${SINGBOX_VERSION}/sing-box-${SINGBOX_VERSION}-${OS}-${ARCH}.tar.gz" +echo "sing-box 下载地址:$SINGBOX_URL" + +# 下载并安装 sing-box +echo "下载并安装 sing-box..." +if ! wget -O sing-box.tar.gz "$SINGBOX_URL"; then + echo "错误:下载 sing-box 失败,请检查网络或 URL 是否有效" + exit 1 +fi +if ! tar -xzf sing-box.tar.gz; then + echo "错误:解压 sing-box.tar.gz 失败,文件可能损坏" + exit 1 +fi +if [ ! -f sing-box-${SINGBOX_VERSION}-${OS}-${ARCH}/sing-box ]; then + echo "错误:解压后未找到 sing-box 可执行文件" + exit 1 +fi +mv sing-box-${SINGBOX_VERSION}-${OS}-${ARCH}/sing-box /usr/local/bin/ +chmod +x /usr/local/bin/sing-box +rm -rf sing-box.tar.gz sing-box-${SINGBOX_VERSION}-${OS}-${ARCH} + +# 检查 sing-box 是否安装成功 +if ! command -v sing-box > /dev/null 2>&1; then + echo "错误:sing-box 安装失败,无法找到可执行文件" + exit 1 +fi + +# 下载 sing-box 配置文件 +echo "下载 sing-box 配置文件..." +CONFIG_URL="https://sub.hechunyu.com/config-zz-realip-route" +mkdir -p /etc/sing-box +if ! wget -O /etc/sing-box/config.json "$CONFIG_URL"; then + echo "错误:下载配置文件失败,请检查网络或 URL 是否有效" + exit 1 +fi + +# 创建 sing-box systemd 服务文件 +echo "配置 sing-box 为系统服务..." +cat << EOF > /etc/systemd/system/sing-box.service +[Unit] +Description=Sing-box Service +After=network.target + +[Service] +Type=simple +ExecStart=/usr/local/bin/sing-box run -c /etc/sing-box/config.json +Restart=on-failure +User=root + +[Install] +WantedBy=multi-user.target +EOF + +# 检查 systemd 是否可用并启用服务 +if ! systemctl daemon-reload; then + echo "错误:systemctl daemon-reload 失败" + exit 1 +fi +if ! systemctl enable sing-box; then + echo "错误:启用 sing-box 服务失败" + exit 1 +fi +if ! systemctl start sing-box; then + echo "错误:启动 sing-box 服务失败,请检查配置文件" + exit 1 +fi + +# 停止并禁用 systemd-resolved 服务 +echo "停止并禁用 systemd-resolved 服务..." +if systemctl is-active systemd-resolved > /dev/null 2>&1; then + systemctl stop systemd-resolved + systemctl disable systemd-resolved +else + echo "警告:systemd-resolved 服务未运行,跳过此步骤" +fi + +# 检查并处理 /etc/resolv.conf +echo "检查并配置 /etc/resolv.conf..." +if [ -L /etc/resolv.conf ]; then + echo "/etc/resolv.conf 是一个软连接,正在删除并重建..." + rm -f /etc/resolv.conf + echo "nameserver 127.0.0.1" > /etc/resolv.conf +elif [ -f /etc/resolv.conf ]; then + echo "/etc/resolv.conf 不是软连接,直接覆盖内容..." + echo "nameserver 127.0.0.1" > /etc/resolv.conf +else + echo "/etc/resolv.conf 不存在,正在创建..." + echo "nameserver 127.0.0.1" > /etc/resolv.conf +fi +if ! chattr +i /etc/resolv.conf; then + echo "警告:无法锁定 /etc/resolv.conf,可能被其他程序覆盖" +fi + +# 启用 IP 转发 +echo "启用 IP 转发..." +if ! sysctl -w net.ipv4.ip_forward=1 || ! sysctl -w net.ipv6.conf.all.forwarding=1; then + echo "错误:启用 IP 转发失败" + exit 1 +fi +echo "net.ipv4.ip_forward=1" >> /etc/sysctl.conf +echo "net.ipv6.conf.all.forwarding=1" >> /etc/sysctl.conf + +# 配置 iptables 规则 +echo "配置 iptables 规则..." +if ! iptables -F || ! iptables -t nat -F; then + echo "错误:清理 iptables 规则失败" + exit 1 +fi +iptables -A INPUT -p udp --dport 53 -j ACCEPT +iptables -A FORWARD -i end0 -j ACCEPT +iptables -t nat -A POSTROUTING -o end0 -j MASQUERADE + +# 检查并保存 iptables 规则 +echo "检查并保存 iptables 规则..." +if [ -d /etc/iptables ]; then + if [ -f /etc/iptables/rules.v4 ]; then + echo "/etc/iptables/rules.v4 已存在,正在备份..." + mv /etc/iptables/rules.v4 /etc/iptables/rules.v4.bak-$(date +%F-%T) + fi +else + echo "/etc/iptables 目录不存在,正在创建..." + mkdir -p /etc/iptables +fi +if ! iptables-save > /etc/iptables/rules.v4; then + echo "错误:保存 iptables 规则失败" + exit 1 +fi + +# 配置 iptables 持久化 +echo "安装 iptables-persistent 并保存规则..." +if ! echo "iptables-persistent iptables-persistent/autosave_v4 boolean true" | debconf-set-selections || \ + ! echo "iptables-persistent iptables-persistent/autosave_v6 boolean true" | debconf-set-selections || \ + ! apt install -y iptables-persistent; then + echo "错误:安装 iptables-persistent 失败" + exit 1 +fi + +# 重启网络服务以应用更改 +echo "重启网络服务..." +if ! systemctl restart networking; then + echo "警告:重启网络服务失败,可能需要手动重启" +fi + +# 检查服务状态 +echo "检查服务状态..." +if systemctl status sing-box > /dev/null 2>&1; then + echo "sing-box 服务运行正常" +else + echo "错误:sing-box 服务未正常运行" +fi +iptables -L -v -n +iptables -t nat -L -v -n + +echo "部署完成!请将其他设备的网关和 DNS 指向此设备的 IP(192.168.1.3)。" +