一键安装sing-box 并配置好ss2022 + shadow-tls
[TOC]
一健脚本
Ctrl+C 复制 Ctrl+S 导出
bash <(curl -Ls https://alist.kong.vision/d/r2/ss/script/sb-kong.sh)1 行
脚本审查
Ctrl+C 复制 Ctrl+S 导出
#!/bin/bash<span class="line"> </span>
<span class="line"> </span><span class="line"> </span>
<span class="line"> </span># 检查是否为root用户<span class="line"> </span>
<span class="line"> </span>if [ "$(id -u)" != "0" ]; then<span class="line"> </span>
<span class="line"> </span> echo "此脚本需要root权限运行"<span class="line"> </span>
<span class="line"> </span> exit 1<span class="line"> </span>
<span class="line"> </span>fi<span class="line"> </span>
<span class="line"> </span><span class="line"> </span>
<span class="line"> </span># 检测系统类型并安装依赖<span class="line"> </span>
<span class="line"> </span>install_dependencies() {<span class="line"> </span>
<span class="line"> </span> if command -v apt-get &> /dev/null; then<span class="line"> </span>
<span class="line"> </span> # Debian/Ubuntu<span class="line"> </span>
<span class="line"> </span> apt-get update<span class="line"> </span>
<span class="line"> </span> apt-get install -y curl jq openssl nftables<span class="line"> </span>
<span class="line"> </span> elif command -v yum &> /dev/null; then<span class="line"> </span>
<span class="line"> </span> # CentOS/RHEL<span class="line"> </span>
<span class="line"> </span> yum install -y epel-release<span class="line"> </span>
<span class="line"> </span> yum install -y curl jq openssl nftables<span class="line"> </span>
<span class="line"> </span> elif command -v dnf &> /dev/null; then<span class="line"> </span>
<span class="line"> </span> # Fedora<span class="line"> </span>
<span class="line"> </span> dnf install -y curl jq openssl nftables<span class="line"> </span>
<span class="line"> </span> elif command -v pacman &> /dev/null; then<span class="line"> </span>
<span class="line"> </span> # Arch Linux<span class="line"> </span>
<span class="line"> </span> pacman -Sy --noconfirm curl jq openssl nftables<span class="line"> </span>
<span class="line"> </span> else<span class="line"> </span>
<span class="line"> </span> echo "不支持的系统类型"<span class="line"> </span>
<span class="line"> </span> exit 1<span class="line"> </span>
<span class="line"> </span> fi<span class="line"> </span>
<span class="line"> </span>}<span class="line"> </span>
<span class="line"> </span><span class="line"> </span>
<span class="line"> </span># 安装依赖<span class="line"> </span>
<span class="line"> </span>echo "正在安装必要的依赖..."<span class="line"> </span>
<span class="line"> </span>install_dependencies<span class="line"> </span>
<span class="line"> </span><span class="line"> </span>
<span class="line"> </span># 检查必要的命令<span class="line"> </span>
<span class="line"> </span>for cmd in curl jq openssl nft; do<span class="line"> </span>
<span class="line"> </span> if ! command -v $cmd &> /dev/null; then<span class="line"> </span>
<span class="line"> </span> echo "错误: 安装 $cmd 失败"<span class="line"> </span>
<span class="line"> </span> exit 1<span class="line"> </span>
<span class="line"> </span> fi<span class="line"> </span>
<span class="line"> </span>done<span class="line"> </span>
<span class="line"> </span><span class="line"> </span>
<span class="line"> </span># 生成随机端口 (10000-65535)<span class="line"> </span>
<span class="line"> </span>SHADOWTLS_PORT=$((RANDOM % 55535 + 10000))<span class="line"> </span>
<span class="line"> </span>SHADOWSOCKS_PORT=$((RANDOM % 55535 + 10000))<span class="line"> </span>
<span class="line"> </span><span class="line"> </span>
<span class="line"> </span># 生成随机密钥<span class="line"> </span>
<span class="line"> </span>SHADOWSOCKS_PASSWORD=$(openssl rand -base64 32)<span class="line"> </span>
<span class="line"> </span>SHADOWTLS_PASSWORD=$(openssl rand -base64 24)<span class="line"> </span>
<span class="line"> </span><span class="line"> </span>
<span class="line"> </span># 安装 sing-box<span class="line"> </span>
<span class="line"> </span>echo "正在安装 sing-box..."<span class="line"> </span>
<span class="line"> </span>if ! curl -fsSL https://sing-box.app/install.sh | sh; then<span class="line"> </span>
<span class="line"> </span> echo "sing-box 安装失败"<span class="line"> </span>
<span class="line"> </span> exit 1<span class="line"> </span>
<span class="line"> </span>fi<span class="line"> </span>
<span class="line"> </span><span class="line"> </span>
<span class="line"> </span># 创建配置目录(如果不存在)<span class="line"> </span>
<span class="line"> </span>mkdir -p /etc/sing-box<span class="line"> </span>
<span class="line"> </span><span class="line"> </span>
<span class="line"> </span># 备份原有配置文件(如果存在)<span class="line"> </span>
<span class="line"> </span>if [ -f /etc/sing-box/config.json ]; then<span class="line"> </span>
<span class="line"> </span> mv /etc/sing-box/config.json /etc/sing-box/config.json.bak<span class="line"> </span>
<span class="line"> </span>fi<span class="line"> </span>
<span class="line"> </span><span class="line"> </span>
<span class="line"> </span># 生成配置文件<span class="line"> </span>
<span class="line"> </span>tee /etc/sing-box/config.json > /dev/null << EOF<span class="line"> </span>
<span class="line"> </span>{<span class="line"> </span>
<span class="line"> </span> "inbounds": [<span class="line"> </span>
<span class="line"> </span> {<span class="line"> </span>
<span class="line"> </span> "type": "shadowtls",<span class="line"> </span>
<span class="line"> </span> "listen": "0.0.0.0",<span class="line"> </span>
<span class="line"> </span> "listen_port": ${SHADOWTLS_PORT},<span class="line"> </span>
<span class="line"> </span> "version": 3,<span class="line"> </span>
<span class="line"> </span> "users": [<span class="line"> </span>
<span class="line"> </span> {<span class="line"> </span>
<span class="line"> </span> "name": "Eyeseas",<span class="line"> </span>
<span class="line"> </span> "password": "${SHADOWTLS_PASSWORD}"<span class="line"> </span>
<span class="line"> </span> }<span class="line"> </span>
<span class="line"> </span> ],<span class="line"> </span>
<span class="line"> </span> "handshake": {<span class="line"> </span>
<span class="line"> </span> "server": "azure.microsoft.com",<span class="line"> </span>
<span class="line"> </span> "server_port": 443<span class="line"> </span>
<span class="line"> </span> },<span class="line"> </span>
<span class="line"> </span> "detour": "shadowsocks-in"<span class="line"> </span>
<span class="line"> </span> },<span class="line"> </span>
<span class="line"> </span> {<span class="line"> </span>
<span class="line"> </span> "type": "shadowsocks",<span class="line"> </span>
<span class="line"> </span> "tag": "shadowsocks-in",<span class="line"> </span>
<span class="line"> </span> "listen": "0.0.0.0",<span class="line"> </span>
<span class="line"> </span> "listen_port": ${SHADOWSOCKS_PORT},<span class="line"> </span>
<span class="line"> </span> "network": "tcp",<span class="line"> </span>
<span class="line"> </span> "method": "2022-blake3-aes-256-gcm",<span class="line"> </span>
<span class="line"> </span> "password": "${SHADOWSOCKS_PASSWORD}"<span class="line"> </span>
<span class="line"> </span> },<span class="line"> </span>
<span class="line"> </span> {<span class="line"> </span>
<span class="line"> </span> "type": "shadowsocks",<span class="line"> </span>
<span class="line"> </span> "tag": "shadowsocks-udp-in",<span class="line"> </span>
<span class="line"> </span> "listen": "0.0.0.0",<span class="line"> </span>
<span class="line"> </span> "listen_port": ${SHADOWSOCKS_PORT},<span class="line"> </span>
<span class="line"> </span> "network": "udp",<span class="line"> </span>
<span class="line"> </span> "method": "2022-blake3-aes-256-gcm",<span class="line"> </span>
<span class="line"> </span> "password": "${SHADOWSOCKS_PASSWORD}"<span class="line"> </span>
<span class="line"> </span> }<span class="line"> </span>
<span class="line"> </span> ],<span class="line"> </span>
<span class="line"> </span> "outbounds": [<span class="line"> </span>
<span class="line"> </span> {<span class="line"> </span>
<span class="line"> </span> "type": "direct",<span class="line"> </span>
<span class="line"> </span> "tag": "direct-out"<span class="line"> </span>
<span class="line"> </span> }<span class="line"> </span>
<span class="line"> </span> ],<span class="line"> </span>
<span class="line"> </span> "route": {<span class="line"> </span>
<span class="line"> </span> "rules": [<span class="line"> </span>
<span class="line"> </span> {<span class="line"> </span>
<span class="line"> </span> "action": "route",<span class="line"> </span>
<span class="line"> </span> "outbound": "direct-out"<span class="line"> </span>
<span class="line"> </span> }<span class="line"> </span>
<span class="line"> </span> ]<span class="line"> </span>
<span class="line"> </span> }<span class="line"> </span>
<span class="line"> </span>}<span class="line"> </span>
<span class="line"> </span>EOF<span class="line"> </span>
<span class="line"> </span><span class="line"> </span>
<span class="line"> </span># 启动 sing-box 服务<span class="line"> </span>
<span class="line"> </span>echo "正在启动 sing-box 服务..."<span class="line"> </span>
<span class="line"> </span>systemctl enable sing-box<span class="line"> </span>
<span class="line"> </span>systemctl restart sing-box<span class="line"> </span>
<span class="line"> </span><span class="line"> </span>
<span class="line"> </span># 检查服务状态<span class="line"> </span>
<span class="line"> </span>if systemctl is-active --quiet sing-box; then<span class="line"> </span>
<span class="line"> </span> echo "sing-box 服务已启动"<span class="line"> </span>
<span class="line"> </span>else<span class="line"> </span>
<span class="line"> </span> echo "sing-box 服务启动失败"<span class="line"> </span>
<span class="line"> </span> exit 1<span class="line"> </span>
<span class="line"> </span>fi<span class="line"> </span>
<span class="line"> </span><span class="line"> </span>
<span class="line"> </span># 配置 nftables 规则<span class="line"> </span>
<span class="line"> </span>echo "正在配置 nftables 规则..."<span class="line"> </span>
<span class="line"> </span><span class="line"> </span>
<span class="line"> </span># 获取主网卡名称<span class="line"> </span>
<span class="line"> </span>MAIN_INTERFACE=$(ip route | grep default | awk '{print $5}')<span class="line"> </span>
<span class="line"> </span><span class="line"> </span>
<span class="line"> </span># 重启 nftables 服务<span class="line"> </span>
<span class="line"> </span>echo "重启 nftables 服务..."<span class="line"> </span>
<span class="line"> </span>systemctl restart nftables<span class="line"> </span>
<span class="line"> </span><span class="line"> </span>
<span class="line"> </span># 初始化 nftables<span class="line"> </span>
<span class="line"> </span>nft flush ruleset<span class="line"> </span>
<span class="line"> </span><span class="line"> </span>
<span class="line"> </span># 创建 ss_udp_rule 表和链<span class="line"> </span>
<span class="line"> </span>nft add table inet ss_udp_rule<span class="line"> </span>
<span class="line"> </span>nft add chain inet ss_udp_rule prerouting { type nat hook prerouting priority filter \; policy accept \; }<span class="line"> </span>
<span class="line"> </span>nft add chain inet ss_udp_rule postrouting { type nat hook postrouting priority srcnat \; policy accept \; }<span class="line"> </span>
<span class="line"> </span><span class="line"> </span>
<span class="line"> </span># 添加规则<span class="line"> </span>
<span class="line"> </span>nft add rule inet ss_udp_rule prerouting iifname ${MAIN_INTERFACE} udp dport ${SHADOWTLS_PORT} dnat to :${SHADOWSOCKS_PORT}<span class="line"> </span>
<span class="line"> </span>nft add rule inet ss_udp_rule postrouting oifname ${MAIN_INTERFACE} udp dport ${SHADOWSOCKS_PORT} masquerade<span class="line"> </span>
<span class="line"> </span><span class="line"> </span>
<span class="line"> </span># 保存规则到配置文件<span class="line"> </span>
<span class="line"> </span>nft list ruleset > /etc/nftables.conf<span class="line"> </span>
<span class="line"> </span><span class="line"> </span>
<span class="line"> </span># 获取服务器IPv4地址<span class="line"> </span>
<span class="line"> </span>SERVER_IP=$(curl -s -4 ifconfig.me)<span class="line"> </span>
<span class="line"> </span>if [ -z "$SERVER_IP" ]; then<span class="line"> </span>
<span class="line"> </span> echo "无法获取服务器IPv4地址"<span class="line"> </span>
<span class="line"> </span> exit 1<span class="line"> </span>
<span class="line"> </span>fi<span class="line"> </span>
<span class="line"> </span><span class="line"> </span>
<span class="line"> </span>LOCATION=$(curl -s "http://ip-api.com/json/${SERVER_IP}" | jq -r '.country + "-" + .city' 2>/dev/null)<span class="line"> </span>
<span class="line"> </span><span class="line"> </span>
<span class="line"> </span># 获取主机名,如果获取失败则使用IP和位置信息<span class="line"> </span>
<span class="line"> </span>HOSTNAME=$(hostname 2>/dev/null)<span class="line"> </span>
<span class="line"> </span>if [ -z "$HOSTNAME" ] || [ "$HOSTNAME" = "localhost" ]; then<span class="line"> </span>
<span class="line"> </span> if [ -n "$LOCATION" ] && [ "$LOCATION" != "null-null" ]; then<span class="line"> </span>
<span class="line"> </span> HOSTNAME="${LOCATION}-${SERVER_IP}"<span class="line"> </span>
<span class="line"> </span> else<span class="line"> </span>
<span class="line"> </span> HOSTNAME="server-${SERVER_IP}"<span class="line"> </span>
<span class="line"> </span> fi<span class="line"> </span>
<span class="line"> </span>fi<span class="line"> </span>
<span class="line"> </span><span class="line"> </span>
<span class="line"> </span># 输出配置信息<span class="line"> </span>
<span class="line"> </span>echo "${HOSTNAME}=ss,${SERVER_IP},${SHADOWTLS_PORT},encrypt-method=2022-blake3-aes-256-gcm,password=\"${SHADOWSOCKS_PASSWORD}\",udp-relay=true,shadow-tls-password=${SHADOWTLS_PASSWORD},shadow-tls-sni=azure.microsoft.com,shadow-tls-version=3"181 行