create the ssr + bbr to bypass the gfw
#! /bin/bash
PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:~/bin
export PATH
#=================================================================#
# System Required: CentOS 6,7, Debian, Ubuntu #
# Description: One click Install ShadowsocksR Server and BBR #
# Thanks: @breakwa11 <https://twitter.com/breakwa11> #
# Thanks: @Teddysun <i@teddysun.com> #
# Thanks: @91yun https://www.91yun.org/archives/2079 #
# Improved by Suiyuanjian #
# Modified by LeafSummer #
#=================================================================#
red='\033[0;31m'
green='\033[0;32m'
yellow='\033[0;33m'
plain='\033[0m'
[[ -d "/proc/vz" ]] && echo -e "${red}Error:${plain} Your VPS is based on OpenVZ, not be supported." && exit 1
#Current folder
cur_dir=`pwd`
# Get public IP address
IP=$(ip addr | egrep -o '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' | egrep -v "^192\.168|^172\.1[6-9]\.|^172\.2[0-9]\.|^172\.3[0-2]\.|^10\.|^127\.|^255\.|^0\." | head -n 1)
if [[ "$IP" = "" ]]; then
IP=$(wget -qO- -t1 -T2 ipv4.icanhazip.com)
fi
# Make sure only root can run our script
function rootness(){
if [[ $EUID -ne 0 ]]; then
echo "${red}Error:${plain}This script must be run as root!" 1>&2
exit 1
fi
}
# Check OS
function checkos(){
if [ -f /etc/redhat-release ]; then
release="centos"
elif cat /etc/issue | grep -Eqi "debian"; then
release="debian"
elif cat /etc/issue | grep -Eqi "ubuntu"; then
release="ubuntu"
elif cat /etc/issue | grep -Eqi "centos|red hat|redhat"; then
release="centos"
elif cat /proc/version | grep -Eqi "debian"; then
release="debian"
elif cat /proc/version | grep -Eqi "ubuntu"; then
release="ubuntu"
elif cat /proc/version | grep -Eqi "centos|red hat|redhat"; then
release="centos"
fi
if [ -f /etc/redhat-release ];then
OS='CentOS'
elif [ ! -z "`cat /etc/issue | grep bian`" ];then
OS='Debian'
elif [ ! -z "`cat /etc/issue | grep Ubuntu`" ];then
OS='Ubuntu'
else
echo "Not support OS, Please reinstall OS and retry!"
exit 1
fi
}
#BBR get lastest version
get_latest_version() {
latest_version=$(wget -qO- http://kernel.ubuntu.com/~kernel-ppa/mainline/ | awk -F'\"v' '/v[4-9]./{print $2}' | cut -d/ -f1 | grep -v - | sort -V | tail -1)
[ -z ${latest_version} ] && return 1
if [[ `getconf WORD_BIT` == "32" && `getconf LONG_BIT` == "64" ]]; then
deb_name=$(wget -qO- http://kernel.ubuntu.com/~kernel-ppa/mainline/v${latest_version}/ | grep "linux-image" | grep "generic" | awk -F'\">' '/amd64.deb/{print $2}' | cut -d'<' -f1 | head -1)
deb_kernel_url="http://kernel.ubuntu.com/~kernel-ppa/mainline/v${latest_version}/${deb_name}"
deb_kernel_name="linux-image-${latest_version}-amd64.deb"
else
deb_name=$(wget -qO- http://kernel.ubuntu.com/~kernel-ppa/mainline/v${latest_version}/ | grep "linux-image" | grep "generic" | awk -F'\">' '/i386.deb/{print $2}' | cut -d'<' -f1 | head -1)
deb_kernel_url="http://kernel.ubuntu.com/~kernel-ppa/mainline/v${latest_version}/${deb_name}"
deb_kernel_name="linux-image-${latest_version}-i386.deb"
fi
[ ! -z ${deb_name} ] && return 0 || return 1
}
get_opsy() {
[ -f /etc/redhat-release ] && awk '{print ($1,$3~/^[0-9]/?$3:$4)}' /etc/redhat-release && return
[ -f /etc/os-release ] && awk -F'[= "]' '/PRETTY_NAME/{print $3,$4,$5}' /etc/os-release && return
[ -f /etc/lsb-release ] && awk -F'[="]+' '/DESCRIPTION/{print $2}' /etc/lsb-release && return
}
opsy=$( get_opsy )
arch=$( uname -m )
lbit=$( getconf LONG_BIT )
kern=$( uname -r )
get_char() {
SAVEDSTTY=`stty -g`
stty -echo
stty cbreak
dd if=/dev/tty bs=1 count=1 2> /dev/null
stty -raw
stty echo
stty $SAVEDSTTY
}
check_bbr_status() {
local param=$(sysctl net.ipv4.tcp_available_congestion_control | awk '{print $3}')
if uname -r | grep -Eqi "4.10."; then
if [[ "${param}" == "bbr" ]]; then
return 0
else
return 1
fi
else
return 1
fi
}
# Get version
function getversion(){
if [[ -s /etc/redhat-release ]];then
grep -oE "[0-9.]+" /etc/redhat-release
else
grep -oE "[0-9.]+" /etc/issue
fi
}
# CentOS version
function centosversion(){
local code=$1
local version="`getversion`"
local main_ver=${version%%.*}
if [ $main_ver == $code ];then
return 0
else
return 1
fi
}
install_elrepo() {
if centosversion 5; then
echo -e "${red}Error:${plain} not supported CentOS 5."
exit 1
fi
rpm --import https://www.elrepo.org/RPM-GPG-KEY-elrepo.org
if centosversion 6; then
rpm -Uvh http://www.elrepo.org/elrepo-release-6-6.el6.elrepo.noarch.rpm
elif centosversion 7; then
rpm -Uvh http://www.elrepo.org/elrepo-release-7.0-2.el7.elrepo.noarch.rpm
fi
if [ ! -f /etc/yum.repos.d/elrepo.repo ]; then
echo -e "${red}Error:${plain} Install elrepo failed, please check it."
exit 1
fi
}
install_config() {
if [[ "${release}" == "centos" ]]; then
if centosversion 6; then
if [ ! -f "/boot/grub/grub.conf" ]; then
echo -e "${red}Error:${plain} /boot/grub/grub.conf not found, please check it."
exit 1
fi
sed -i 's/^default=.*/default=0/g' /boot/grub/grub.conf
elif centosversion 7; then
if [ ! -f "/boot/grub2/grub.cfg" ]; then
echo -e "${red}Error:${plain} /boot/grub2/grub.cfg not found, please check it."
exit 1
fi
grub2-set-default 0
fi
elif [[ "${release}" == "debian" || "${release}" == "ubuntu" ]]; then
/usr/sbin/update-grub
fi
sed -i '/net.core.default_qdisc/d' /etc/sysctl.conf
sed -i '/net.ipv4.tcp_congestion_control/d' /etc/sysctl.conf
echo "net.core.default_qdisc = fq" >> /etc/sysctl.conf
echo "net.ipv4.tcp_congestion_control = bbr" >> /etc/sysctl.conf
sysctl -p >/dev/null 2>&1
}
# Disable selinux
function disable_selinux(){
if [ -s /etc/selinux/config ] && grep 'SELINUX=enforcing' /etc/selinux/config; then
sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config
setenforce 0
fi
}
install_bbr() {
check_bbr_status
if [ $? -eq 0 ]; then
echo
echo -e "${green}Info:${plain} TCP BBR has been successfully installed. nothing to do..."
exit
fi
if [[ "${release}" == "centos" ]]; then
install_elrepo
yum --enablerepo=elrepo-kernel -y install kernel-ml kernel-ml-devel
if [ $? -ne 0 ]; then
echo -e "${red}Error:${plain} Install latest kernel failed, please check it."
exit 1
fi
elif [[ "${release}" == "debian" || "${release}" == "ubuntu" ]]; then
[[ ! -e "/usr/bin/wget" ]] && apt-get -y update && apt-get -y install wget
get_latest_version
[ $? -ne 0 ] && echo -e "${red}Error:${plain} Get latest kernel version failed." && exit 1
wget -c -t3 -T60 -O ${deb_kernel_name} ${deb_kernel_url}
if [ $? -ne 0 ]; then
echo -e "${red}Error:${plain} Download ${deb_kernel_name} failed, please check it."
exit 1
fi
dpkg -i ${deb_kernel_name}
rm -fv ${deb_kernel_name}
else
echo -e "${red}Error:${plain} OS is not be supported, please change to CentOS/Debian/Ubuntu and try again."
exit 1
fi
install_config
}
# Pre-installation settings
function pre_install(){
# Not support CentOS 5
if centosversion 5; then
echo "Not support CentOS 5, please change OS to CentOS 6+/Debian 7+/Ubuntu 12+ and retry."
exit 1
fi
clear
echo "---------- System Information ----------"
echo " OS : $opsy"
echo " Arch : $arch ($lbit Bit)"
echo " Kernel : $kern"
echo "----------------------------------------"
echo " Auto install latest kernel for TCP BBR"
echo "----------------------------------------"
# Set ShadowsocksR config password
echo "And now please input password for ShadowsocksR:"
read -p "(Default password: suiyuanjian):" shadowsockspwd
[ -z "$shadowsockspwd" ] && shadowsockspwd="suiyuanjian"
echo
echo "---------------------------"
echo "password = $shadowsockspwd"
echo "---------------------------"
echo
# Set ShadowsocksR config port
while true
do
echo -e "Please input port for ShadowsocksR [1-65535]:"
read -p "(Default port: 8989):" shadowsocksport
[ -z "$shadowsocksport" ] && shadowsocksport="8989"
expr $shadowsocksport + 0 &>/dev/null
if [ $? -eq 0 ]; then
if [ $shadowsocksport -ge 1 ] && [ $shadowsocksport -le 65535 ]; then
echo
echo "---------------------------"
echo "port = $shadowsocksport"
echo "---------------------------"
echo
break
else
echo "Input error! Please input correct number."
fi
else
echo "Input error! Please input correct number."
fi
done
get_char(){
SAVEDSTTY=`stty -g`
stty -echo
stty cbreak
dd if=/dev/tty bs=1 count=1 2> /dev/null
stty -raw
stty echo
stty $SAVEDSTTY
}
echo
echo "Press any key to start...or Press Ctrl+C to cancel"
char=`get_char`
# Install necessary dependencies
if [ "$OS" == 'CentOS' ]; then
yum install -y wget unzip openssl-devel gcc swig python python-devel python-setuptools autoconf libtool libevent git ntpdate
yum install -y m2crypto automake make curl curl-devel zlib-devel perl perl-devel cpio expat-devel gettext-devel
else
apt-get -y update
apt-get -y install python python-dev python-pip python-m2crypto curl wget unzip gcc swig automake make perl cpio build-essential git ntpdate
fi
cd $cur_dir
}
# Download files
function download_files(){
# Download libsodium file
if ! wget --no-check-certificate -O libsodium-1.0.10.tar.gz https://github.com/jedisct1/libsodium/releases/download/1.0.10/libsodium-1.0.10.tar.gz; then
echo "Failed to download libsodium file!"
exit 1
fi
# Download ShadowsocksR file
# if ! wget --no-check-certificate -O manyuser.zip https://github.com/breakwa11/shadowsocks/archive/manyuser.zip; then
# echo "Failed to download ShadowsocksR file!"
# exit 1
# fi
# Download ShadowsocksR chkconfig file
if [ "$OS" == 'CentOS' ]; then
if ! wget --no-check-certificate https://raw.githubusercontent.com/91yun/shadowsocks_install/master/shadowsocksR -O /etc/init.d/shadowsocks; then
echo "Failed to download ShadowsocksR chkconfig file!"
exit 1
fi
else
if ! wget --no-check-certificate https://raw.githubusercontent.com/91yun/shadowsocks_install/master/shadowsocksR-debian -O /etc/init.d/shadowsocks; then
echo "Failed to download ShadowsocksR chkconfig file!"
exit 1
fi
fi
}
# firewall set
function firewall_set(){
echo "firewall set start..."
if centosversion 6; then
/etc/init.d/iptables status > /dev/null 2>&1
if [ $? -eq 0 ]; then
iptables -L -n | grep '${shadowsocksport}' | grep 'ACCEPT' > /dev/null 2>&1
if [ $? -ne 0 ]; then
iptables -I INPUT -m state --state NEW -m tcp -p tcp --dport ${shadowsocksport} -j ACCEPT
iptables -I INPUT -m state --state NEW -m udp -p udp --dport ${shadowsocksport} -j ACCEPT
/etc/init.d/iptables save
/etc/init.d/iptables restart
else
echo "port ${shadowsocksport} has been set up."
fi
else
echo "WARNING: iptables looks like shutdown or not installed, please manually set it if necessary."
fi
elif centosversion 7; then
systemctl status firewalld > /dev/null 2>&1
if [ $? -eq 0 ];then
firewall-cmd --permanent --zone=public --add-port=${shadowsocksport}/tcp
firewall-cmd --permanent --zone=public --add-port=${shadowsocksport}/udp
firewall-cmd --reload
else
/etc/init.d/iptables status > /dev/null 2>&1
if [ $? -eq 0 ]; then
iptables -L -n | grep '${shadowsocksport}' | grep 'ACCEPT' > /dev/null 2>&1
if [ $? -ne 0 ]; then
iptables -I INPUT -m state --state NEW -m tcp -p tcp --dport ${shadowsocksport} -j ACCEPT
iptables -I INPUT -m state --state NEW -m udp -p udp --dport ${shadowsocksport} -j ACCEPT
/etc/init.d/iptables save
/etc/init.d/iptables restart
else
echo "port ${shadowsocksport} has been set up."
fi
else
echo "WARNING: firewall like shutdown or not installed, please manually set it if necessary."
fi
fi
fi
echo "firewall set completed..."
}
# Config ShadowsocksR
function config_shadowsocks(){
cat > /etc/shadowsocks.json<<-EOF
{
"server": "0.0.0.0",
"server_ipv6": "::",
"server_port": ${shadowsocksport},
"local_address": "127.0.0.1",
"local_port": 1081,
"password": "${shadowsockspwd}",
"timeout": 120,
"udp_timeout": 60,
"method": "chacha20",
"protocol": "auth_sha1_v4_compatible",
"protocol_param": "",
"obfs": "tls1.2_ticket_auth_compatible",
"obfs_param": "",
"dns_ipv6": false,
"connect_verbose_info": 1,
"redirect": "",
"fast_open": false,
"workers": 1
}
EOF
}
# Install ShadowsocksR
function install_ss(){
# Install libsodium
tar zxf libsodium-1.0.10.tar.gz
cd $cur_dir/libsodium-1.0.10
./configure && make && make install
echo "/usr/local/lib" > /etc/ld.so.conf.d/local.conf
ldconfig
# Install ShadowsocksR
cd $cur_dir
# unzip -q manyuser.zip
# mv shadowsocks-manyuser/shadowsocks /usr/local/
git clone https://github.com/shadowsocksr-backup/shadowsocksr.git /usr/local/shadowsocks
cd /usr/local/shadowsocks && git checkout -b dev origin/dev
if [ -f /usr/local/shadowsocks/server.py ]; then
chmod +x /etc/init.d/shadowsocks
# Add run on system start up
if [ "$OS" == 'CentOS' ]; then
chkconfig --add shadowsocks
chkconfig shadowsocks on
else
update-rc.d -f shadowsocks defaults
fi
# Run ShadowsocksR in the background
/etc/init.d/shadowsocks start
clear
echo
echo "Congratulations, ShadowsocksR install completed!"
echo -e "Server IP: \033[41;37m ${IP} \033[0m"
echo -e "Server Port: \033[41;37m ${shadowsocksport} \033[0m"
echo -e "Password: \033[41;37m ${shadowsockspwd} \033[0m"
echo -e "Protocol: \033[41;37m auth_sha1_v4 \033[0m"
echo -e "obfs: \033[41;37m tls1.2_ticket_auth \033[0m"
echo -e "Encryption Method: \033[41;37m chacha20 \033[0m"
echo "Welcome to visit:http://www.suiyuanjian.com/"
echo "If you want to change protocol & obfs, reference URL:"
echo "https://github.com/breakwa11/shadowsocks-rss/wiki/Server-Setup"
echo
echo "Enjoy it!"
echo
read -p "Info: The system needs to be restart. Do you want to reboot? [y/n]" is_reboot
if [[ ${is_reboot} == "y" || ${is_reboot} == "Y" ]]; then
reboot
else
exit
fi
else
echo "Shadowsocks install failed!"
install_cleanup
exit 1
fi
}
# Install cleanup
function install_cleanup(){
cd $cur_dir
rm -f manyuser.zip
rm -rf shadowsocks-manyuser
rm -f libsodium-1.0.10.tar.gz
rm -rf libsodium-1.0.10
}
# Uninstall ShadowsocksR
function uninstall_shadowsocks(){
printf "Are you sure uninstall ShadowsocksR? (y/n) "
printf "\n"
read -p "(Default: n):" answer
if [ -z $answer ]; then
answer="n"
fi
if [ "$answer" = "y" ]; then
/etc/init.d/shadowsocks status > /dev/null 2>&1
if [ $? -eq 0 ]; then
/etc/init.d/shadowsocks stop
fi
checkos
if [ "$OS" == 'CentOS' ]; then
chkconfig --del shadowsocks
else
update-rc.d -f shadowsocks remove
fi
rm -f /etc/shadowsocks.json
rm -f /etc/init.d/shadowsocks
rm -rf /usr/local/shadowsocks
echo "ShadowsocksR uninstall success!"
else
echo "uninstall cancelled, Nothing to do"
fi
}
# Install ShadowsocksR
function install_shadowsocks(){
checkos
rootness
disable_selinux
pre_install
download_files
config_shadowsocks
install_bbr
install_ss
if [ "$OS" == 'CentOS' ]; then
firewall_set > /dev/null 2>&1
fi
#check_datetime
install_cleanup
}
# Initialization step
action=$1
[ -z $1 ] && action=install
case "$action" in
install)
install_shadowsocks
;;
uninstall)
uninstall_shadowsocks
;;
*)
echo "Arguments error! [${action} ]"
echo "Usage: `basename $0` {install|uninstall}"
;;
esac