#!/bin/bash # V2Ray 一键安装脚本 # 基于 https://ericclose.github.io/V2Ray-TLS-WebSocket-Nginx-with-Cloudflare.html # 颜色定义 RED="\033[31m" GREEN="\033[32m" YELLOW="\033[33m" BLUE="\033[36m" PLAIN="\033[0m" # 检查是否为root用户 if [[ $EUID -ne 0 ]]; then echo -e "${RED}错误: 请使用root用户运行此脚本${PLAIN}" exit 1 fi # 系统检测 if [ -f /etc/redhat-release ]; then OS="centos" elif [ -f /etc/debian_version ]; then OS="debian" elif [ -f /etc/lsb-release ]; then OS="ubuntu" else echo -e "${RED}不支持的操作系统!${PLAIN}" exit 1 fi # 检查系统位数 if [ $(getconf WORD_BIT) = '32' ] && [ $(getconf LONG_BIT) = '64' ]; then MACHINE='x64' else MACHINE='x86' fi # 生成随机字符串 generate_random_string() { cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w ${1:-16} | head -n 1 } # 生成UUID generate_uuid() { uuid=$(cat /proc/sys/kernel/random/uuid) echo "$uuid" } # 显示菜单 show_menu() { echo -e " ${GREEN}V2Ray 一键安装脚本${PLAIN} ———————————————————————————————— ${GREEN}1.${PLAIN} 安装 V2Ray (WebSocket + TLS + Web + Cloudflare) ${GREEN}2.${PLAIN} 更新 V2Ray ${GREEN}3.${PLAIN} 卸载 V2Ray ${GREEN}4.${PLAIN} 查看 V2Ray 配置 ${GREEN}5.${PLAIN} 退出 ———————————————————————————————— " echo && read -p "请输入选择 [1-5]: " num case "${num}" in 1) install_v2ray ;; 2) update_v2ray ;; 3) uninstall_v2ray ;; 4) view_v2ray_config ;; 5) exit 0 ;; *) echo -e "${RED}请输入正确的数字 [1-5]${PLAIN}" && exit 1 ;; esac } # 安装依赖 install_dependencies() { echo -e "${BLUE}正在安装依赖...${PLAIN}" if [ "$OS" == "centos" ]; then yum update -y yum install -y epel-release yum install -y wget curl unzip vim openssl socat else apt update -y apt install -y wget curl unzip vim openssl socat fi } # 时间校准 time_sync() { echo -e "${BLUE}正在同步系统时间...${PLAIN}" if [ "$OS" == "centos" ]; then yum install -y chrony systemctl enable chronyd systemctl start chronyd chronyc sourcestats -v chronyc tracking -v else apt install -y ntp systemctl enable ntp systemctl start ntp fi timedatectl set-ntp true ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime hwclock --systohc echo -e "${GREEN}时间同步完成,当前时间:$(date -R)${PLAIN}" } # 安装防火墙 install_firewall() { echo -e "${BLUE}正在配置防火墙...${PLAIN}" if [ "$OS" == "centos" ]; then systemctl enable firewalld systemctl start firewalld firewall-cmd --zone=public --add-port=22/tcp --permanent firewall-cmd --zone=public --add-port=80/tcp --permanent firewall-cmd --zone=public --add-port=443/tcp --permanent firewall-cmd --reload else apt install -y ufw ufw enable ufw allow 'OpenSSH' ufw allow 'Nginx Full' fi } # 安装V2Ray install_v2ray() { echo -e "${BLUE}开始安装V2Ray...${PLAIN}" # 获取用户输入的域名 echo -e "${YELLOW}请输入您的域名 (例如: example.com)${PLAIN}" read -p "域名: " domain if [ -z "$domain" ]; then echo -e "${RED}错误: 域名不能为空${PLAIN}" exit 1 fi # 安装依赖 install_dependencies # 时间校准 time_sync # 安装防火墙 install_firewall # 下载V2Ray安装脚本 echo -e "${BLUE}下载V2Ray安装脚本...${PLAIN}" curl -O https://raw.githubusercontent.com/v2fly/fhs-install-v2ray/master/install-release.sh curl -O https://raw.githubusercontent.com/v2fly/fhs-install-v2ray/master/install-dat-release.sh # 安装V2Ray主程序 echo -e "${BLUE}安装V2Ray主程序...${PLAIN}" bash install-release.sh # 安装最新发行的geoip.dat和geosite.dat echo -e "${BLUE}安装最新发行的geoip.dat和geosite.dat...${PLAIN}" bash install-dat-release.sh # 生成UUID uuid=$(generate_uuid) # 配置V2Ray echo -e "${BLUE}配置V2Ray...${PLAIN}" cat > /usr/local/etc/v2ray/config.json << EOF { "log":{ "loglevel":"warning" }, "routing":{ "domainStrategy":"AsIs", "rules":[ { "type":"field", "ip":[ "geoip:private" ], "outboundTag":"block" } ] }, "inbounds":[ { "listen":"127.0.0.1", "port":10000, "protocol":"vmess", "settings":{ "clients":[ { "id":"${uuid}", "alterId":0 } ] }, "streamSettings":{ "network":"ws", "wsSettings":{ "path":"/ray" } } } ], "outbounds":[ { "protocol":"freedom", "tag":"direct" }, { "protocol":"blackhole", "tag":"block" } ] } EOF # 安装Nginx echo -e "${BLUE}安装Nginx...${PLAIN}" if [ "$OS" == "centos" ]; then yum install -y nginx systemctl enable nginx else apt install -y nginx systemctl enable nginx fi # 配置Nginx echo -e "${BLUE}配置Nginx...${PLAIN}" # 创建网站目录 mkdir -p /var/www/${domain}/html # 设置目录权限 chown -R $USER:$USER /var/www/${domain}/html chmod -R 755 /var/www/${domain} # 创建示例页面 cat > /var/www/${domain}/html/index.html << EOF Welcome

Success! Your Nginx server is successfully configured.

This is a sample page.

EOF # 创建Nginx配置目录(如果不存在) mkdir -p /etc/nginx/conf.d # 创建Nginx配置文件 cat > /etc/nginx/conf.d/${domain}.conf << EOF server { listen 80; listen [::]:80; server_name ${domain} www.${domain}; return 301 https://\$host\$request_uri; } server { listen 443 ssl http2; listen [::]:443 ssl http2; ssl_certificate /etc/ssl/cert.pem; ssl_certificate_key /etc/ssl/key.pem; ssl_session_timeout 1d; ssl_session_cache shared:MozSSL:10m; ssl_session_tickets off; # intermediate configuration ssl_protocols TLSv1.2 TLSv1.3; ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384; ssl_prefer_server_ciphers off; # HSTS (ngx_http_headers_module is required) (63072000 seconds) add_header Strict-Transport-Security "max-age=63072000" always; server_name ${domain} www.${domain}; root /var/www/${domain}/html; index index.html index.htm index.nginx-debian.html; # 增加错误页面,防止直接访问产生错误 error_page 404 /404.html; # 增加WebSocket超时设置 proxy_connect_timeout 60s; proxy_read_timeout 60s; proxy_send_timeout 60s; location / { try_files \$uri \$uri/ =404; } location /ray { if (\$http_upgrade != "websocket") { return 404; } proxy_redirect off; proxy_pass http://127.0.0.1:10000; proxy_http_version 1.1; proxy_set_header Upgrade \$http_upgrade; proxy_set_header Connection "upgrade"; proxy_set_header Host \$host; proxy_set_header X-Real-IP \$remote_addr; proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for; # 增加WebSocket专用配置 proxy_read_timeout 300s; proxy_send_timeout 300s; proxy_buffer_size 64k; proxy_buffers 4 64k; proxy_busy_buffers_size 64k; } } EOF # 创建404错误页面 cat > /var/www/${domain}/html/404.html << EOF 404 Not Found

404 Not Found

The page you are looking for does not exist.

EOF # 调整nginx.conf if grep -q "server_names_hash_bucket_size" /etc/nginx/nginx.conf; then sed -i 's/#server_names_hash_bucket_size 64;/server_names_hash_bucket_size 64;/g' /etc/nginx/nginx.conf fi # 提示用户配置TLS证书 echo -e "${YELLOW}请注意:${PLAIN}" echo -e "${YELLOW}1. 您需要在Cloudflare上配置您的域名${PLAIN}" echo -e "${YELLOW}2. 在Cloudflare的SSL/TLS -> Origin Server中创建证书${PLAIN}" echo -e "${YELLOW}3. 脚本将自动下载并配置证书和私钥${PLAIN}" echo -e "${YELLOW}4. 将SSL/TLS加密模式设置为Full (strict)${PLAIN}" echo -e "${YELLOW}准备好后按回车继续...${PLAIN}" read -p "" # 下载证书和私钥文件 echo -e "${BLUE}正在下载证书和私钥文件...${PLAIN}" curl -s -o /etc/ssl/cert.pem https://img.cdn.18g.me/cloudflare/1.pem curl -s -o /etc/ssl/key.pem https://img.cdn.18g.me/cloudflare/1.key if [ ! -f /etc/ssl/cert.pem ] || [ ! -f /etc/ssl/key.pem ]; then echo -e "${RED}证书或私钥下载失败,请检查网络连接或手动配置证书和私钥${PLAIN}" exit 1 fi echo -e "${GREEN}证书和私钥文件下载成功!${PLAIN}" # 设置证书和私钥的权限 chmod 644 /etc/ssl/cert.pem chmod 600 /etc/ssl/key.pem # 启动服务 echo -e "${BLUE}启动V2Ray和Nginx服务...${PLAIN}" systemctl daemon-reload systemctl enable v2ray --now systemctl enable nginx --now # 等待服务启动 echo -e "${BLUE}等待服务启动...${PLAIN}" sleep 2 # 检查服务状态 v2ray_status=$(systemctl is-active v2ray) nginx_status=$(systemctl is-active nginx) if [ "$v2ray_status" = "active" ] && [ "$nginx_status" = "active" ]; then echo -e "${GREEN}V2Ray和Nginx服务已成功启动!${PLAIN}" # 显示客户端配置信息 show_client_info "${domain}" "${uuid}" # 检查时间同步 check_time_sync # 启用BBR加速 echo -e "${BLUE}正在启用BBR加速...${PLAIN}" echo "net.core.default_qdisc=fq" >> /etc/sysctl.conf echo "net.ipv4.tcp_congestion_control=bbr" >> /etc/sysctl.conf sysctl -p echo -e "${GREEN}BBR加速已启用${PLAIN}" # 生成客户端配置 cat > v2ray_client_config.json << EOF { "inbounds": [ { "port": 1080, "listen": "127.0.0.1", "protocol": "socks", "settings": { "udp": true } } ], "outbounds": [ { "protocol": "vmess", "settings": { "vnext": [ { "address": "${domain}", "port": 443, "users": [ { "id": "${uuid}", "alterId": 0, "security": "auto" } ] } ] }, "streamSettings": { "network": "ws", "security": "tls", "wsSettings": { "path": "/ray" }, "tlsSettings": { "allowInsecure": false } } } ] } EOF echo -e "${GREEN}客户端配置已保存到 v2ray_client_config.json${PLAIN}" # 显示V2Ray状态并查看可能的错误 echo -e "${BLUE}查看V2Ray运行状态和最近日志...${PLAIN}" systemctl status v2ray --no-pager if [ -f /var/log/v2ray/error.log ]; then echo -e "${BLUE}最近的错误日志:${PLAIN}" tail -n 10 /var/log/v2ray/error.log fi # 提供故障排除指南 echo -e "${GREEN}如果您遇到连接问题,请检查:${PLAIN}" echo -e "${YELLOW}1. 客户端和服务器的时间是否同步${PLAIN}" echo -e "${YELLOW}2. 客户端的UUID是否正确配置${PLAIN}" echo -e "${YELLOW}3. WebSocket路径是否为 /ray${PLAIN}" echo -e "${YELLOW}4. 是否启用了TLS${PLAIN}" echo -e "${YELLOW}5. 防火墙是否允许443端口通信${PLAIN}" # WebSocket连接问题解决方案 echo -e "${BLUE}如果出现WebSocket连接关闭错误,可尝试以下解决方案:${PLAIN}" echo -e "${YELLOW}1. 重启Nginx和V2Ray:${PLAIN}" echo -e "${YELLOW} systemctl restart nginx v2ray${PLAIN}" echo -e "${YELLOW}2. 检查Nginx错误日志:${PLAIN}" echo -e "${YELLOW} tail -n 30 /var/log/nginx/error.log${PLAIN}" echo -e "${YELLOW}3. 确认SSL证书有效:${PLAIN}" echo -e "${YELLOW} openssl x509 -text -in /etc/ssl/cert.pem${PLAIN}" echo -e "${GREEN}安装完成!${PLAIN}" else echo -e "${RED}安装失败,请检查错误信息${PLAIN}" if [ "$v2ray_status" != "active" ]; then echo -e "${RED}V2Ray服务未能成功启动${PLAIN}" systemctl status v2ray fi if [ "$nginx_status" != "active" ]; then echo -e "${RED}Nginx服务未能成功启动${PLAIN}" systemctl status nginx fi fi } # 显示客户端配置详情 show_client_info() { local domain=$1 local uuid=$2 echo -e "${GREEN}V2Ray配置信息:${PLAIN}" echo -e "${YELLOW}-----------------------------${PLAIN}" echo -e "${YELLOW}地址 (Address): ${domain}${PLAIN}" echo -e "${YELLOW}端口 (Port): 443${PLAIN}" echo -e "${YELLOW}用户ID (UUID): ${uuid}${PLAIN}" echo -e "${YELLOW}额外ID (AlterId): 0${PLAIN}" echo -e "${YELLOW}加密方式 (Security): auto${PLAIN}" echo -e "${YELLOW}传输协议 (Network): ws${PLAIN}" echo -e "${YELLOW}WebSocket路径 (Path): /ray${PLAIN}" echo -e "${YELLOW}TLS: 开启${PLAIN}" echo -e "${YELLOW}-----------------------------${PLAIN}" # 生成VMess链接 generate_vmess_link "${domain}" "${uuid}" echo -e "${GREEN}提示:请确保客户端和服务器的时间误差在90秒内${PLAIN}" echo -e "${GREEN} 如果无法连接,可以尝试重启V2Ray服务:${PLAIN}" echo -e "${GREEN} systemctl restart v2ray${PLAIN}" echo -e "${YELLOW}-----------------------------${PLAIN}" } # 生成VMess链接 generate_vmess_link() { local domain=$1 local uuid=$2 local remark="v2ray_${domain}" # 备注名称 # 构建VMess配置JSON local vmess_json="{\"v\":\"2\",\"ps\":\"${remark}\",\"add\":\"${domain}\",\"port\":\"443\",\"id\":\"${uuid}\",\"aid\":\"0\",\"net\":\"ws\",\"type\":\"none\",\"host\":\"${domain}\",\"path\":\"/ray\",\"tls\":\"tls\"}" # Base64编码(确保适用于URL) local vmess_link="" if [ -x "$(command -v base64)" ]; then # Linux标准base64命令 vmess_link=$(echo -n "${vmess_json}" | base64 -w 0) else # Fallback到简化版本(不处理换行) vmess_link=$(echo -n "${vmess_json}" | base64) fi # 输出VMess链接 echo -e "${GREEN}VMess链接 (可直接导入V2Ray客户端):${PLAIN}" echo -e "${BLUE}vmess://${vmess_link}${PLAIN}" # 输出导入提示 echo -e "${GREEN}使用方法:${PLAIN}" echo -e "${YELLOW}1. 复制上面的VMess链接${PLAIN}" echo -e "${YELLOW}2. 在V2Ray客户端中选择\"从剪贴板导入\"${PLAIN}" echo -e "${YELLOW}3. 或扫描下方二维码${PLAIN}" # 如果有qrencode命令,则生成二维码 if [ -x "$(command -v qrencode)" ]; then qrencode -t ANSI "vmess://${vmess_link}" else echo -e "${YELLOW}提示:安装qrencode可显示配置二维码${PLAIN}" echo -e "${YELLOW} apt install qrencode 或 yum install qrencode${PLAIN}" fi } # 检查时间同步状态 check_time_sync() { echo -e "${BLUE}检查系统时间同步状态...${PLAIN}" # 显示当前时间 current_time=$(date -R) echo -e "${YELLOW}当前系统时间: ${current_time}${PLAIN}" # 尝试同步时间的多种方法 echo -e "${BLUE}尝试同步系统时间...${PLAIN}" # 方法1: 使用timedatectl(如果可用) if command -v timedatectl &> /dev/null; then timedatectl set-ntp true if [ $? -ne 0 ]; then echo -e "${YELLOW}timedatectl设置NTP失败,尝试其他方法${PLAIN}" else echo -e "${GREEN}已通过timedatectl启用时间同步${PLAIN}" return fi fi # 方法2: 使用ntpd或chronyd(如果已安装) if command -v ntpd &> /dev/null; then if [ "$OS" == "centos" ]; then systemctl restart ntpd echo -e "${GREEN}已重启ntpd服务${PLAIN}" else systemctl restart ntp echo -e "${GREEN}已重启ntp服务${PLAIN}" fi return fi if command -v chronyd &> /dev/null; then systemctl restart chronyd echo -e "${GREEN}已重启chronyd服务${PLAIN}" return fi # 方法3: 手动使用ntpdate(如果已安装) if command -v ntpdate &> /dev/null; then echo -e "${BLUE}使用ntpdate手动同步时间...${PLAIN}" ntpdate -u time.google.com || ntpdate -u time.windows.com || ntpdate -u pool.ntp.org if [ $? -eq 0 ]; then echo -e "${GREEN}时间同步成功${PLAIN}" else echo -e "${YELLOW}ntpdate同步失败${PLAIN}" fi return fi # 方法4: 使用rdate(如果已安装) if command -v rdate &> /dev/null; then echo -e "${BLUE}使用rdate同步时间...${PLAIN}" rdate -s time-a.nist.gov || rdate -s time-b.nist.gov if [ $? -eq 0 ]; then echo -e "${GREEN}时间同步成功${PLAIN}" else echo -e "${YELLOW}rdate同步失败${PLAIN}" fi return fi # 如果以上方法都失败,尝试安装时间同步工具 echo -e "${YELLOW}未找到可用的时间同步工具,尝试安装...${PLAIN}" if [ "$OS" == "centos" ]; then yum install -y ntpdate ntpdate -u pool.ntp.org else apt update apt install -y ntpdate ntpdate -u pool.ntp.org fi # 最后提示用户 echo -e "${YELLOW}重要提示: V2Ray要求服务器和客户端的时间差在90秒内${PLAIN}" echo -e "${YELLOW}请确保您的系统时间是准确的${PLAIN}" echo -e "${YELLOW}当前时间: $(date -R)${PLAIN}" } # 更新V2Ray update_v2ray() { echo -e "${BLUE}正在更新V2Ray...${PLAIN}" bash <(curl -L https://raw.githubusercontent.com/v2fly/fhs-install-v2ray/master/install-release.sh) systemctl restart v2ray echo -e "${GREEN}V2Ray已更新至最新版本${PLAIN}" } # 卸载V2Ray uninstall_v2ray() { echo -e "${YELLOW}确定要卸载V2Ray吗?(y/n)${PLAIN}" read -p "" answer if [ "$answer" != "y" ]; then return fi echo -e "${BLUE}正在卸载V2Ray...${PLAIN}" systemctl stop v2ray systemctl disable v2ray # 卸载V2Ray bash <(curl -L https://raw.githubusercontent.com/v2fly/fhs-install-v2ray/master/install-release.sh) --remove # 删除配置文件 rm -rf /usr/local/etc/v2ray echo -e "${GREEN}V2Ray已卸载${PLAIN}" echo -e "${YELLOW}是否要卸载Nginx?(y/n)${PLAIN}" read -p "" answer if [ "$answer" = "y" ]; then echo -e "${BLUE}正在卸载Nginx...${PLAIN}" systemctl stop nginx systemctl disable nginx if [ "$OS" == "centos" ]; then yum remove -y nginx else apt remove -y nginx fi rm -rf /etc/nginx/conf.d rm -rf /var/www echo -e "${GREEN}Nginx已卸载${PLAIN}" fi } # 查看V2Ray配置 view_v2ray_config() { echo -e "${BLUE}V2Ray配置信息:${PLAIN}" cat /usr/local/etc/v2ray/config.json echo -e "\n${BLUE}Nginx配置信息:${PLAIN}" ls -l /etc/nginx/conf.d/ echo -e "\n${BLUE}V2Ray运行状态:${PLAIN}" systemctl status v2ray echo -e "\n${BLUE}Nginx运行状态:${PLAIN}" systemctl status nginx } # 主程序 main() { clear echo -e "${GREEN}V2Ray一键安装脚本${PLAIN}" echo -e "${GREEN}支持:${PLAIN}${YELLOW}Debian / Ubuntu / CentOS${PLAIN}" echo -e "${GREEN}网站:${PLAIN}${YELLOW}https://ericclose.github.io/V2Ray-TLS-WebSocket-Nginx-with-Cloudflare.html${PLAIN}" echo -e "—————————————————————————————————————" show_menu } main