#!/bin/bash
#查看系统时间
date -R
#修改时取
tzselect
#更新系统
sudo apt update
#安装curl
sudo apt install curl
#下载一键安装搅拌
sudo curl -O https://raw.githubusercontent.com/
v2fly/fhs-install-v2ray/master/install-release.sh
#执行安装脚本
sudo bash install-release.sh
#运行
sudo systemctl start v2ray
sudo systemctl status v2ray
#停止
sudo systemctl stop v2ray
#设置开机自启动 V2Ray:
sudo systemctl enable v2ray
#配置文件
sudo nano /usr/local/etc/v2ray/config.json
#删除安装包
sudo apt purge curl unzip
#安装TLS证书
#安装certbot
sudo snap install --classic certbot
#设置环境变量
sudo ln -s /snap/bin/certbot /usr/bin/certbot
#自动获取证书
sudo certbot certonly --standalone #Certbot启动一个临时服务器验证
sudo certbot certonly --webroot #已经在使用端口80端口根目录验证
# run
sudo certbot certonly --standalone
#--------------------------------------------------------------
#Successfully received certificate.
#Certificate is saved at: /etc/letsencrypt/live/www.xxx.cn/
# fullchain.pem
#Key is saved at: /etc/letsencrypt/live/www.xxx.cn/
# privkey.pem
#This certificate expires on 2022-11-28.
#These files will be updated when the certificate renews.
#Certbot has set up a scheduled task to automatically renew this
#certificate in the background.
#We were unable to subscribe you the EFF mailing list because your e-mail
# address appears to be invalid. You can try again later by visiting
#https://act.eff.org.
#--------------------------------------------------------------
#自动续订
sudo certbot renew --dry-run
#创建 V2Ray 专用的证书文档目录:
sudo install -d -o nobody -g nogroup /etc/ssl/v2ray/
#将证书文档以指定权限部署到指定路径:
sudo install -m 644 -o nobody -g nogroup
/etc/letsencrypt/live/www.timethief.cn/fullchain.pem
-t /etc/ssl/v2ray/
sudo install -m 600 -o nobody -g nogroup
/etc/letsencrypt/live/www.timethief.cn/privkey.pem
-t /etc/ssl/v2ray/
#为在后续 renew 中自动重新部署,需要一个脚本
#vim /etc/letsencrypt/renewal-hooks/deploy/v2ray.sh
#!/bin/bash
V2RAY_DOMAIN='www.xxx.cn'
if [[ "$RENEWED_LINEAGE" == "/etc/letsencrypt/live/$V2RAY_DOMAIN" ]]; then
install -m 644 -o nobody -g nogroup "/etc/letsencrypt/
live/$V2RAY_DOMAIN/fullchain.pem" -t /etc/ssl/v2ray/
install -m 600 -o nobody -g nogroup "/etc/letsencrypt/
live/$V2RAY_DOMAIN/privkey.pem" -t /etc/ssl/v2ray/
sleep "$((RANDOM % 2048))"
systemctl restart v2ray.service
fi
{
"log": {
"access": "/var/log/v2ray/access.log",
"error": "/var/log/v2ray/error.log",
"loglevel": "warning"
},
"inbound": {
"port": 443,
"protocol": "vmess",
"listen": "127.0.0.1",
"settings": {
"clients": [
{
"id": "xxxxx",
"level": 1,
"alterId": 100
}
]
},
"streamSettings": {
"network": "kcp",
"security": "tls",
"tlsSettings": {
"serverName": "www.xxxxx.cn",
"certificates": [
{
"certificateFile": "/etc/ssl/v2ray/fullchain.pem",
"keyFile": "/etc/ssl/v2ray/privkey.pem"
}
]
}
}
},
"outbound": {
"protocol": "freedom",
"settings": {}
},
"inboundDetour": [],
"outboundDetour": [
{
"protocol": "blackhole",
"settings": {},
"tag": "blocked"
}
],
"routing": {
"strategy": "rules",
"settings": {
"rules": [
{
"type": "field",
"ip": [
"0.0.0.0/8",
"10.0.0.0/8",
"100.64.0.0/10",
"127.0.0.0/8",
"169.254.0.0/16",
"172.16.0.0/12",
"192.0.0.0/24",
"192.0.2.0/24",
"192.168.0.0/16",
"198.18.0.0/15",
"198.51.100.0/24",
"203.0.113.0/24",
"::1/128",
"fc00::/7",
"fe80::/10"
],
"outboundTag": "blocked"
}
]
}
}
}
