f5abc62fd3
- GOST 下载 URL 修复:补全版本号 (gost_3.2.6_linux_amd64.tar.gz) - CN 中转机服务名改为 gost-sub2api-relay,避免与现有 gost-relay 冲突 - CN 中转机监听协议改为 http(兼容 node-tls-proxy 的 HTTP CONNECT) - 美国落地机服务名改为 gost-sub2api-exit - sub2api 容器透传 HTTPS_PROXY/HTTP_PROXY 环境变量(解决 OAuth 超时) - ops_cleanup 日志字段名避免触发 ERROR 误判 - 添加密码重置脚本和 SOCKS5 服务文件
98 lines
3.9 KiB
Bash
Executable File
98 lines
3.9 KiB
Bash
Executable File
#!/bin/bash
|
||
# =============================================================
|
||
# 节点 2:海外 CN 中转机
|
||
# 部署:GOST 双向中转
|
||
# 接收上海: relay+tls :3456 → 转发到美国落地 :8443
|
||
# =============================================================
|
||
# 用法:bash setup-node2-cn-relay.sh
|
||
|
||
set -euo pipefail
|
||
GREEN='\033[0;32m' YELLOW='\033[1;33m' RED='\033[0;31m' NC='\033[0m'
|
||
ok() { echo -e "${GREEN}✅ $*${NC}"; }
|
||
info() { echo -e "${YELLOW}ℹ $*${NC}"; }
|
||
fail() { echo -e "${RED}❌ $*${NC}"; }
|
||
|
||
# ── 配置(修改这里)──────────────────────────────────
|
||
US_LANDING_IP="${US_LANDING_IP:-}" # 美国落地机 IP
|
||
GOST_USER="${GOST_USER:-gostuser}"
|
||
GOST_PASS="${GOST_PASS:-$(openssl rand -hex 8)}"
|
||
LISTEN_PORT_FROM_SH="${LISTEN_PORT_FROM_SH:-3456}" # 接收上海的端口
|
||
LISTEN_PORT_TO_US="${LISTEN_PORT_TO_US:-8443}" # 美国落地机监听端口
|
||
|
||
echo "================================================"
|
||
echo " 节点2:海外CN中转机 部署"
|
||
echo "================================================"
|
||
|
||
# 检查必填
|
||
if [ -z "$US_LANDING_IP" ]; then
|
||
read -rp "请输入美国落地机 IP: " US_LANDING_IP
|
||
fi
|
||
|
||
# ── 1. 安装 GOST ────────────────────────────────────
|
||
if ! command -v gost &>/dev/null; then
|
||
info "安装 GOST..."
|
||
ARCH=$(uname -m)
|
||
[ "$ARCH" = "x86_64" ] && GARCH="amd64" || GARCH="arm64"
|
||
LATEST=$(curl -sf https://api.github.com/repos/go-gost/gost/releases/latest | grep '"tag_name"' | cut -d'"' -f4)
|
||
VER="${LATEST#v}"
|
||
wget -qO /tmp/gost.tar.gz \
|
||
"https://github.com/go-gost/gost/releases/download/${LATEST}/gost_${VER}_linux_${GARCH}.tar.gz"
|
||
tar xzf /tmp/gost.tar.gz -C /tmp/
|
||
mv /tmp/gost /usr/local/bin/gost
|
||
chmod +x /usr/local/bin/gost
|
||
fi
|
||
ok "GOST $(gost -V 2>/dev/null | head -1 || echo '已安装')"
|
||
|
||
# ── 2. 创建 Systemd 服务 ────────────────────────────
|
||
# 中转机职责:
|
||
# - 接收上海 sub2api 发来的 relay+tls 连接(:3456)
|
||
# - 将流量通过 relay+tls 转发到美国落地机(:8443)
|
||
cat > /etc/systemd/system/gost-sub2api-relay.service << EOF
|
||
[Unit]
|
||
Description=GOST sub2api CN Relay - 接收上海转发到美国落地
|
||
After=network.target
|
||
|
||
[Service]
|
||
Type=simple
|
||
User=nobody
|
||
ExecStart=/usr/local/bin/gost \\
|
||
-L "http://${GOST_USER}:${GOST_PASS}@:${LISTEN_PORT_FROM_SH}" \\
|
||
-F "relay+tls://${GOST_USER}:${GOST_PASS}@${US_LANDING_IP}:${LISTEN_PORT_TO_US}"
|
||
Restart=always
|
||
RestartSec=5
|
||
LimitNOFILE=65536
|
||
|
||
[Install]
|
||
WantedBy=multi-user.target
|
||
EOF
|
||
|
||
systemctl daemon-reload
|
||
systemctl enable gost-sub2api-relay
|
||
systemctl restart gost-sub2api-relay
|
||
sleep 2
|
||
ok "GOST 中转服务已启动(服务名: gost-sub2api-relay,不影响现有 gost-relay)"
|
||
|
||
# ── 3. 防火墙开放端口 ───────────────────────────────
|
||
if command -v ufw &>/dev/null; then
|
||
ufw allow "${LISTEN_PORT_FROM_SH}/tcp" comment "GOST from Shanghai" 2>/dev/null || true
|
||
ufw allow ssh 2>/dev/null || true
|
||
ok "ufw 端口已开放"
|
||
fi
|
||
|
||
# ── 4. 输出上海配置 ─────────────────────────────────
|
||
MY_IP=$(curl -sf ipinfo.io/ip 2>/dev/null || echo '<本机IP>')
|
||
echo ""
|
||
echo "================================================"
|
||
echo " 节点2 部署完成"
|
||
echo "================================================"
|
||
echo ""
|
||
echo "【上海服务器 .env 填写以下值】"
|
||
echo " GATEWAY_NODE_TLS_PROXY_LISTEN_HOST=${MY_IP}"
|
||
echo " GATEWAY_NODE_TLS_PROXY_LISTEN_PORT=${LISTEN_PORT_FROM_SH}"
|
||
echo ""
|
||
echo "【GOST 认证信息(勿泄露)】"
|
||
echo " 用户名: ${GOST_USER}"
|
||
echo " 密码: ${GOST_PASS}"
|
||
echo ""
|
||
systemctl status gost-sub2api-relay --no-pager -l | tail -5
|