@@ -72,195 +72,30 @@ buildCaddy(){
7272 mv ./caddy /usr/bin/caddy
7373}
7474
75- makesite (){
76- rm -rf /var/www/html
77- mkdir -p /var/www/html
78- cd /var/www/html
79- wget -N --no-check-certificate https://gitlab.com/misakablog/naiveproxy-script/-/raw/main/mikutap.zip
80- if [[ -z $( type -P unzip) ; then
81- if [[ ! $SYSTEM == " CentOS" ; then
82- ${PACKAGE_UPDATE[int]}
83- fi
84- ${PACKAGE_INSTALL[int]} unzip
85- fi
86- unzip mikutap.zip
87- }
88-
8975makeconfig (){
90- acmeDomain=$( bash ~ /.acme.sh/acme.sh --list | sed -n 2p | awk -F ' ' ' {print $1}' )
91- if [[ -n $acmeDomain ]]; then
92- domain=$acmeDomain
93- else
94- read -rp " 请输入需要用在NaiveProxy的域名:"
95- [[ -z $domain ]] && read -rp " 请输入需要用在NaiveProxy的域名:"
96-
97- if [[ ! $SYSTEM == " CentOS" ; then
98- ${PACKAGE_UPDATE[int]}
99- fi
100- ${PACKAGE_INSTALL[int]} curl wget sudo socat
101- if [[ $SYSTEM == " CentOS" ; then
102- ${PACKAGE_INSTALL[int]} cronie
103- systemctl start crond
104- systemctl enable crond
105- else
106- ${PACKAGE_INSTALL[int]} cron
107- systemctl start cron
108- systemctl enable cron
109- fi
76+ read -rp " 请输入需要用在NaiveProxy的域名:"
11077
111- curl https://get.acme.sh | sh -s email=$( date +%s%N | md5sum | cut -c 1-16)
112- source ~ /.bashrc
113- bash ~ /.acme.sh/acme.sh --upgrade --auto-upgrade
114- bash ~ /.acme.sh/acme.sh --set-default-ca --server letsencrypt
115-
116- WARPv4Status=$( curl -s4m8 https://www.cloudflare.com/cdn-cgi/trace -k | grep warp | cut -d= -f2)
117- WARPv6Status=$( curl -s6m8 https://www.cloudflare.com/cdn-cgi/trace -k | grep warp | cut -d= -f2)
118- domainIP=$( curl -sm8 ipget.net/? ip=" ${domain} " )
119- if [[ $WARPv4Status =~ on| plus ]] || [[ $WARPv6Status =~ on| plus ]]; then
120- wg-quick down wgcf > /dev/null 2>&1
121- ipv4=$( curl -s4m8 api64.ipify.org -k)
122- ipv6=$( curl -s6m8 api64.ipify.org -k)
123- wg-quick up wgcf > /dev/null 2>&1
124- else
125- ipv4=$( curl -s4m8 api64.ipify.org -k)
126- ipv6=$( curl -s6m8 api64.ipify.org -k)
127- fi
128-
129- if [[ $domainIP == $ipv6 ]]; then
130- bash ~ /.acme.sh/acme.sh --issue -d ${domain} --standalone -k ec-256 --listen-v6 --insecure
131- fi
132- if [[ $domainIP == $ipv4 ]]; then
133- bash ~ /.acme.sh/acme.sh --issue -d ${domain} --standalone -k ec-256 --insecure
134- fi
135- if [[ $domainIP != $ipv4 ]] && [[ $domainIP != $ipv6 ]]; then
136- red " 当前域名解析的IP与当前VPS使用的真实IP不匹配"
137- green " 建议如下:"
138- yellow " 1. 请确保CloudFlare小云朵为关闭状态(仅限DNS), 其他域名解析或CDN网站设置同理"
139- yellow " 2. 请检查DNS解析设置的IP是否为VPS的真实IP"
140- yellow " 3. 脚本可能跟不上时代, 建议截图发布到GitHub Issues、GitLab Issues、论坛或TG群询问"
141- exit 1
142- fi
143- bash ~ /.acme.sh/acme.sh --install-cert -d ${domain} --key-file /root/private.key --fullchain-file /root/cert.crt --ecc
144-
145- if [[ -f /root/cert.crt && -f /root/private.key ]]; then
146- if [[ -s /root/cert.crt && -s /root/private.key ]]; then
147- sed -i ' /--cron/d' > /dev/null 2>&1
148- echo " 0 0 * * * root bash /root/.acme.sh/acme.sh --cron -f >/dev/null 2>&1" >> /etc/crontab
149- green " 证书申请成功! 脚本申请到的证书 (cert.crt) 和私钥 (private.key) 文件已保存到 /root 文件夹下"
150- yellow " 证书crt文件路径如下: /root/cert.crt"
151- yellow " 私钥key文件路径如下: /root/private.key"
152- else
153- red " 很抱歉,证书申请失败"
154- green " 建议如下: "
155- yellow " 1. 自行检测防火墙是否打开, 如使用80端口申请模式时, 请关闭防火墙或放行80端口"
156- yellow " 2. 同一域名多次申请可能会触发Let's Encrypt官方风控, 请尝试使用脚本菜单的9选项更换证书颁发机构, 再重试申请证书, 或更换域名、或等待7天后再尝试执行脚本"
157- yellow " 3. 脚本可能跟不上时代, 建议截图发布到GitHub Issues询问"
158- exit 1
159- fi
160- fi
161- fi
16278 read -rp " 请输入NaiveProxy的用户名 [默认随机生成]:"
16379 [[ -z $proxyname ]] && proxyname=$( date +%s%N | md5sum | cut -c 1-8)
16480 read -rp " 请输入NaiveProxy的密码 [默认随机生成]:"
16581 [[ -z $proxypwd ]] && proxypwd=$( cat /proc/sys/kernel/random/uuid)
16682
16783 yellow " 正在写入配置文件,请稍等..."
16884 sleep 2
169- cat > /usr/bin/naive.json << EOF
170- {
171- "admin": {
172- "disabled": true
173- },
174- "logging": {
175- "sink": {
176- "writer": {
177- "output": "discard"
178- }
179- },
180- "logs": {
181- "default": {
182- "writer": {
183- "output": "discard"
184- }
185- }
186- }
187- },
188- "apps": {
189- "http": {
190- "servers": {
191- "srv0": {
192- "listen": [
193- ":443"
194- ],
195- "routes": [
196- {
197- "handle": [
198- {
199- "handler": "subroute",
200- "routes": [
201- {
202- "handle": [
203- {
204- "auth_pass_deprecated": "${proxypwd} ",
205- "auth_user_deprecated": "${proxyname} ",
206- "handler": "forward_proxy",
207- "hide_ip": true,
208- "hide_via": true,
209- "probe_resistance": {}
210- }
211- ]
212- },
213- {
214- "match": [
215- {
216- "host": [
217- "${domain} "
218- ]
219- }
220- ],
221- "handle": [
222- {
223- "handler": "file_server",
224- "root": "/var/www/html",
225- "index_names": [
226- "index.html"
227- ]
228- }
229- ],
230- "terminal": true
231- }
232- ]
233- }
234- ]
235- }
236- ],
237- "experimental_http3": true,
238- "tls_connection_policies": [
239- {
240- "match": {
241- "sni": [
242- "${domain} "
243- ]
244- }
245- }
246- ],
247- "automatic_https": {
248- "disable": true
249- }
250- }
251- }
252- },
253- "tls": {
254- "certificates": {
255- "load_files": [
256- {
257- "certificate": "/root/cert.crt",
258- "key": "/root/private.key"
259- }
260- ]
261- }
262- }
263- }
85+ cat > /usr/bin/Caddyfile << EOF
86+ :443, $domain
87+ tls example@example.com
88+ route {
89+ forward_proxy {
90+ basic_auth $proxyname $proxypwd
91+ hide_ip
92+ hide_via
93+ probe_resistance
94+ }
95+ reverse_proxy https://demo.cloudreve.org {
96+ header_up Host {upstream_hostport}
97+ header_up X-Forwarded-Host {host}
98+ }
26499}
265100EOF
266101
@@ -273,7 +108,7 @@ WantedBy=multi-user.target
273108[Service]
274109Type=simple
275110WorkingDirectory=/root
276- ExecStart=/usr/bin/caddy run -config /usr/bin/naive.json
111+ ExecStart=/usr/bin/caddy run
277112Restart=always
278113TEXT
279114
@@ -294,7 +129,6 @@ installProxy(){
294129 fi
295130 buildCaddy
296131 makeconfig
297- makesite
298132 systemctl start naiveproxy
299133 systemctl enable naiveproxy
300134 green " NaiveProxy 已安装成功!"
0 commit comments