· 7 years ago · Apr 27, 2019, 02:04 PM
1#!/bin/bash
2# Author: yeho <lj2007331 AT gmail.com>
3# BLOG: https://blog.linuxeye.cn
4#
5# Notes: OneinStack for CentOS/RedHat 6+ Debian 7+ and Ubuntu 12+
6# Install SS Server
7#
8# Project home page:
9# https://oneinstack.com
10# https://github.com/oneinstack/oneinstack
11
12export PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin
13clear
14printf "
15#######################################################################
16# OneinStack for CentOS/RedHat 6+ Debian 7+ and Ubuntu 12+ #
17# Install SS Server #
18# For more information please visit https://oneinstack.com #
19#######################################################################
20"
21# Check if user is root
22[ $(id -u) != '0' ] && { echo "${CFAILURE}Error: You must be root to run this script${CEND}"; exit 1; }
23
24oneinstack_dir=$(dirname "`readlink -f $0`")
25pushd ${oneinstack_dir}/src > /dev/null
26. ../options.conf
27. ../versions.txt
28. ../include/color.sh
29. ../include/check_os.sh
30. ../include/download.sh
31. ../include/python.sh
32
33PUBLIC_IPADDR=$(../include/get_public_ipaddr.py)
34
35Show_Help() {
36 echo
37 echo "Usage: $0 command ...[parameters]....
38 --help, -h Show this help message
39 --quiet, -q quiet operation
40 --install, -i Install
41 --uninstall, -u Uninstall
42 --libev shadowsocks-libev
43 --python shadowsocks-python
44 --adduser Add shadowsocks account
45 --password [password] shadowsocks password
46 --port [port] shadowsocks port
47 "
48}
49ARG_NUM=$#
50TEMP=`getopt -o hqiu --long help,quiet,install,uninstall,libev,python,adduser,password:,port: -- "$@" 2>/dev/null`
51[ $? != 0 ] && echo "${CWARNING}ERROR: unknown argument! ${CEND}" && Show_Help && exit 1
52eval set -- "${TEMP}"
53while :; do
54 [ -z "$1" ] && break;
55 case "$1" in
56 -h|--help)
57 Show_Help; exit 0
58 ;;
59 -q|--quiet)
60 quiet_flag=y; shift 1
61 ;;
62 -i|--install)
63 install_flag=y; shift 1
64 ;;
65 -u|--uninstall)
66 uninstall_flag=y; shift 1
67 ;;
68 --libev)
69 libev_queit=y; ss_option=1; shift 1
70 ;;
71 --python)
72 python_queit=y; ss_option=2; shift 1
73 ;;
74 --adduser)
75 adduser_flag=y; shift 1
76 ;;
77 --password)
78 password_queit=y; SS_password=$2; shift 2
79 ;;
80 --port)
81 port_queit=y; SS_port=$2; shift 2
82 ;;
83 --)
84 shift
85 ;;
86 *)
87 echo "${CWARNING}ERROR: unknown argument! ${CEND}" && Show_Help && exit 1
88 ;;
89 esac
90done
91
92[ "${CentOS_ver}" == '5' ] && { echo "${CWARNING}SS only support CentOS6,7 or Debian or Ubuntu! ${CEND}"; exit 1; }
93
94Check_SS() {
95 [ -f /usr/local/bin/ss-server ] && ss_option=1
96 [ -f ${python_install_dir}/bin/ssserver ] && ss_option=2
97}
98
99AddUser_SS() {
100 while :; do echo
101 [ "${password_queit}" != 'y' ] && read -e -p "Please input password for SS: " SS_password
102 [ -n "$(echo ${SS_password} | grep '[+|&]')" ] && { echo "${CWARNING}input error,not contain a plus sign (+) and & ${CEND}"; continue; }
103 (( ${#SS_password} >= 5 )) && break || echo "${CWARNING}SS password least 5 characters! ${CEND}"
104 done
105}
106
107Iptables() {
108 if [ -e '/etc/sysconfig/iptables' ]; then
109 SS_Already_port=$(grep -oE '9[0-9][0-9][0-9]' /etc/sysconfig/iptables | head -n 1)
110 elif [ -e '/etc/iptables/rules.v4' ]; then
111 SS_Already_port=$(grep -oE '9[0-9][0-9][0-9]' /etc/iptables/rules.v4 | head -n 1)
112 elif [ -e '/etc/iptables.up.rules' ]; then
113 SS_Already_port=$(grep -oE '9[0-9][0-9][0-9]' /etc/iptables.up.rules | head -n 1)
114 fi
115
116 if [ -n "${SS_Already_port}" ]; then
117 let SS_Default_port="${SS_Already_port}+1"
118 else
119 SS_Default_port=9001
120 fi
121
122 while :; do echo
123 [ "${port_queit}" != 'y' ] && read -e -p "Please input SS port(Default: ${SS_Default_port}): " SS_port
124 SS_port=${SS_port:-${SS_Default_port}}
125 if [ ${SS_port} -ge 1 >/dev/null 2>&1 -a ${SS_port} -le 65535 >/dev/null 2>&1 ]; then
126 [ -z "$(netstat -tpln | grep :${SS_port}$)" ] && break || echo "${CWARNING}This port is already used! ${CEND}"
127 else
128 echo "${CWARNING}input error! Input range: 1~65535${CEND}"
129 fi
130 done
131
132 if [ "${PM}" == 'yum' ]; then
133 if [ -n "`grep 'dport 80 ' /etc/sysconfig/iptables`" ] && [ -z "$(grep -E ${SS_port} /etc/sysconfig/iptables)" ]; then
134 iptables -I INPUT 4 -p udp -m state --state NEW -m udp --dport ${SS_port} -j ACCEPT
135 iptables -I INPUT 4 -p tcp -m state --state NEW -m tcp --dport ${SS_port} -j ACCEPT
136 service iptables save
137 ip6tables -I INPUT 4 -p udp -m state --state NEW -m udp --dport ${SS_port} -j ACCEPT
138 ip6tables -I INPUT 4 -p tcp -m state --state NEW -m tcp --dport ${SS_port} -j ACCEPT
139 service ip6tables save
140 fi
141 elif [ "${PM}" == 'apt-get' ]; then
142 if [ -e '/etc/iptables/rules.v4' ]; then
143 if [ -n "`grep 'dport 80 ' /etc/iptables/rules.v4`" ] && [ -z "$(grep -E ${SS_port} /etc/iptables/rules.v4)" ]; then
144 iptables -I INPUT 4 -p udp -m state --state NEW -m udp --dport ${SS_port} -j ACCEPT
145 iptables -I INPUT 4 -p tcp -m state --state NEW -m tcp --dport ${SS_port} -j ACCEPT
146 iptables-save > /etc/iptables/rules.v4
147 ip6tables -I INPUT 4 -p udp -m state --state NEW -m udp --dport ${SS_port} -j ACCEPT
148 ip6tables -I INPUT 4 -p tcp -m state --state NEW -m tcp --dport ${SS_port} -j ACCEPT
149 ip6tables-save > /etc/iptables/rules.v6
150 fi
151 elif [ -e '/etc/iptables.up.rules' ]; then
152 if [ -n "`grep 'dport 80 ' /etc/iptables.up.rules`" ] && [ -z "$(grep -E ${SS_port} /etc/iptables.up.rules)" ]; then
153 iptables -I INPUT 4 -p udp -m state --state NEW -m udp --dport ${SS_port} -j ACCEPT
154 iptables -I INPUT 4 -p tcp -m state --state NEW -m tcp --dport ${SS_port} -j ACCEPT
155 iptables-save > /etc/iptables.up.rules
156 fi
157 fi
158 fi
159}
160
161Def_parameter() {
162 while :; do echo
163 if [ "${libev_queit}" != 'y' -a "${python_queit}" != 'y' ]; then
164 echo "Please select SS server version:"
165 echo -e "\t${CMSG}1${CEND}. Install SS-libev"
166 echo -e "\t${CMSG}2${CEND}. Install SS-python"
167 read -e -p "Please input a number:(Default 1 press Enter) " ss_option
168 fi
169 ss_option=${ss_option:-1}
170 if [[ ! "${ss_option}" =~ ^[1-2]$ ]]; then
171 echo "${CWARNING}input error! Please only input number 1~2${CEND}"
172 else
173 break
174 fi
175 done
176 AddUser_SS
177 Iptables
178 if [ "${PM}" == 'yum' ]; then
179 pkgList="wget unzip openssl-devel gcc swig autoconf libtool libevent automake make curl curl-devel zlib-devel perl perl-devel cpio expat-devel gettext-devel git asciidoc xmlto c-ares-devel pcre-devel udns-devel libev-devel"
180 for Package in ${pkgList}; do
181 yum -y install ${Package}
182 done
183 elif [ "${PM}" == 'apt-get' ]; then
184 apt-get -y update
185 pkgList="curl wget unzip gcc swig automake make perl cpio git libudns-dev libev-dev gettext build-essential autoconf libtool libpcre3-dev asciidoc xmlto libc-ares-dev"
186 for Package in ${pkgList}; do
187 apt-get -y install $Package
188 done
189 fi
190}
191
192Install_SS_python() {
193 Install_Python
194 ${python_install_dir}/bin/pip install M2Crypto
195 ${python_install_dir}/bin/pip install greenlet
196 ${python_install_dir}/bin/pip install gevent
197 ${python_install_dir}/bin/pip install git+https://github.com/shadowsocks/shadowsocks.git@master
198 if [ -f ${python_install_dir}/bin/ssserver ]; then
199 if [ -e /bin/systemctl ]; then
200 /bin/cp ../init.d/SS-python.service /lib/systemd/system/shadowsocks.service
201 sed -i "s@/usr/local/python@${python_install_dir}@g" /lib/systemd/system/shadowsocks.service
202 systemctl enable shadowsocks
203 else
204 /bin/cp ../init.d/SS-python-init /etc/init.d/shadowsocks
205 sed -i "s@SS_bin=.*@SS_bin=${python_install_dir}/bin/ssserver@" /etc/init.d/shadowsocks
206 chmod +x /etc/init.d/shadowsocks
207 [ "${PM}" == 'yum' ] && { chkconfig --add shadowsocks; chkconfig shadowsocks on; }
208 [ "${PM}" == 'apt-get' ] && update-rc.d shadowsocks defaults
209 fi
210 else
211 echo
212 echo "${CQUESTION}SS-python install failed! Please visit https://oneinstack.com${CEND}"
213 exit 1
214 fi
215}
216
217Install_SS_libev() {
218 src_url=http://mirrors.linuxeye.com/oneinstack/src/shadowsocks-libev-3.2.3.tar.gz && Download_src
219 src_url=http://mirrors.linuxeye.com/oneinstack/src/libsodium-${libsodium_ver}.tar.gz && Download_src
220 src_url=http://mirrors.linuxeye.com/oneinstack/src/mbedtls-2.16.0-apache.tgz && Download_src
221 if [ ! -e "/usr/local/lib/libsodium.la" ]; then
222 tar xzf libsodium-${libsodium_ver}.tar.gz
223 pushd libsodium-${libsodium_ver} > /dev/null
224 ./configure --disable-dependency-tracking --enable-minimal
225 make -j ${THREAD} && make install
226 popd > /dev/null
227 rm -rf libsodium-${libsodium_ver}
228 fi
229 tar xzf mbedtls-2.16.0-apache.tgz
230 pushd mbedtls-2.16.0 > /dev/null
231 make SHARED=1 CFLAGS=-fPIC
232 make DESTDIR=/usr install
233 popd > /dev/null
234 tar xzf shadowsocks-libev-3.2.3.tar.gz
235 pushd shadowsocks-libev-3.2.3 > /dev/null
236 make clean
237 ./configure
238 make -j ${THREAD} && make install
239 popd > /dev/null
240 [ -z "`grep /usr/local/lib /etc/ld.so.conf.d/*.conf`" ] && echo '/usr/local/lib' > /etc/ld.so.conf.d/local.conf
241 ldconfig
242 if [ -f /usr/local/bin/ss-server ]; then
243 if [ -e /bin/systemctl ]; then
244 /bin/cp ../init.d/SS-libev.service /lib/systemd/system/shadowsocks.service
245 systemctl enable shadowsocks
246 else
247 if [ "${PM}" == 'yum' ]; then
248 /bin/cp ../init.d/SS-libev-init-CentOS /etc/init.d/shadowsocks
249 chkconfig --add shadowsocks
250 chkconfig shadowsocks on
251 elif [ "${PM}" == 'apt-get' ]; then
252 /bin/cp ../init.d/SS-libev-init-Ubuntu /etc/init.d/shadowsocks
253 update-rc.d shadowsocks defaults
254 fi
255 fi
256 else
257 echo
258 echo "${CQUESTION}SS-libev install failed! Please visit https://oneinstack.com${CEND}"
259 exit 1
260 fi
261}
262
263Uninstall_SS() {
264 while :; do echo
265 [ "${quiet_flag}" != 'y' ] && read -e -p "Do you want to uninstall SS? [y/n]: " uninstall_flag
266 if [[ ! "${uninstall_flag}" =~ ^[y,n]$ ]]; then
267 echo "${CWARNING}input error! Please only input 'y' or 'n'${CEND}"
268 else
269 break
270 fi
271 done
272
273 if [ "${uninstall_flag}" == 'y' ]; then
274 [ -n "$(ps -ef | grep -v grep | grep -iE "ssserver|ss-server")" ] && service shadowsocks stop
275 [ -e /lib/systemd/system/shadowsocks.service ] && { systemctl disable shadowsocks; rm -f /lib/systemd/system/shadowsocks.service; }
276 [ "${PM}" == 'yum' ] && chkconfig --del shadowsocks
277 [ "${PM}" == 'apt-get' ] && update-rc.d -f shadowsocks remove
278 rm -rf /etc/shadowsocks /var/run/shadowsocks.pid /etc/init.d/shadowsocks
279 if [ "${ss_option}" == '1' ]; then
280 rm -f /usr/local/bin/{ss-local,ss-tunnel,ss-server,ss-manager,ss-redir}
281 rm -f /usr/local/lib/libshadowsocks.*
282 rm -f /usr/local/include/shadowsocks.h
283 rm -f /usr/local/lib/pkgconfig/shadowsocks-libev.pc
284 rm -f /usr/local/share/man/man1/{ss-local.1,ss-tunnel.1,ss-server.1,ss-manager.1,ss-redir.1,shadowsocks.8}
285 if [ $? -eq 0 ]; then
286 echo "${CSUCCESS}SS-libev uninstall successful! ${CEND}"
287 else
288 echo "${CFAILURE}SS-libev uninstall failed! ${CEND}"
289 fi
290 elif [ "${ss_option}" == '2' ]; then
291 ${python_install_dir}/bin/pip uninstall -y shadowsocks
292 if [ $? -eq 0 ]; then
293 echo "${CSUCCESS}SS-python uninstall successful! ${CEND}"
294 else
295 echo "${CFAILURE}SS-python uninstall failed! ${CEND}"
296 fi
297 fi
298 fi
299}
300
301Config_SS() {
302 [ ! -d "/etc/shadowsocks" ] && mkdir /etc/shadowsocks
303 [ "${ss_option}" == '1' ] && cat > /etc/shadowsocks/config.json << EOF
304{
305 "server":"0.0.0.0",
306 "server_port":${SS_port},
307 "local_port":1080,
308 "password":"${SS_password}",
309 "timeout":300,
310 "method":"aes-256-cfb"
311}
312EOF
313
314 [ "${ss_option}" == '2' ] && cat > /etc/shadowsocks/config.json << EOF
315{
316 "server":"0.0.0.0",
317 "local_address":"127.0.0.1",
318 "local_port":1080,
319 "port_password":{
320 "${SS_port}":"${SS_password}"
321 },
322 "timeout":300,
323 "method":"aes-256-cfb",
324 "fast_open":false
325}
326EOF
327}
328
329AddUser_Config_SS() {
330 [ ! -e /etc/shadowsocks/config.json ] && { echo "${CFAILURE}SS is not installed! ${CEND}"; exit 1; }
331 [ -z "$(grep \"${SS_port}\" /etc/shadowsocks/config.json)" ] && sed -i "s@\"port_password\":{@\"port_password\":{\n\t\"${SS_port}\":\"${SS_password}\",@" /etc/shadowsocks/config.json || { echo "${CWARNING}This port is already in /etc/shadowsocks/config.json${CEND}"; exit 1; }
332}
333
334Print_User_SS() {
335 printf "
336Your Server IP: ${CMSG}${PUBLIC_IPADDR}${CEND}
337Your Server Port: ${CMSG}${SS_port}${CEND}
338Your Password: ${CMSG}${SS_password}${CEND}
339Your Local IP: ${CMSG}127.0.0.1${CEND}
340Your Local Port: ${CMSG}1080${CEND}
341Your Encryption Method: ${CMSG}aes-256-cfb${CEND}
342"
343}
344
345if [ "${install_flag}" == 'y' -o "${ARG_NUM}" == '0' ]; then
346 Def_parameter
347 [ "${ss_option}" == '1' ] && Install_SS_libev
348 [ "${ss_option}" == '2' ] && Install_SS_python
349 Config_SS
350 service shadowsocks start
351 Print_User_SS
352fi
353
354if [ "${adduser_flag}" == 'y' ]; then
355 Check_SS
356 if [ "${ss_option}" == '2' ]; then
357 AddUser_SS
358 Iptables
359 AddUser_Config_SS
360 service shadowsocks restart
361 Print_User_SS
362 elif [ "${ss_option}" == '2' ]; then
363 printf "
364 Sorry, we have no plan to support multi port configuration. Actually you can use multiple instances instead. For example:
365 ss-server -c /etc/shadowsocks/config1.json -f /var/run/shadowsocks-server/pid1
366 ss-server -c /etc/shadowsocks/config2.json -f /var/run/shadowsocks-server/pid2
367 "
368 fi
369fi
370
371if [ "${uninstall_flag}" == 'y' ]; then
372 Check_SS
373 Uninstall_SS
374fi