zfc/sub2api
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
sub2api/antigravity/maintenance/setup-node3-us-landing.sh
win f5abc62fd3
Some checks failed
CI / test (push) Failing after 12s
Details
CI / golangci-lint (push) Failing after 6s
Details
Security Scan / backend-security (push) Failing after 5s
Details
Security Scan / frontend-security (push) Failing after 5s
Details
fix: 三节点部署脚本修复 + sub2api 容器代理透传 
- GOST 下载 URL 修复:补全版本号 (gost_3.2.6_linux_amd64.tar.gz)
- CN 中转机服务名改为 gost-sub2api-relay,避免与现有 gost-relay 冲突
- CN 中转机监听协议改为 http(兼容 node-tls-proxy 的 HTTP CONNECT)
- 美国落地机服务名改为 gost-sub2api-exit
- sub2api 容器透传 HTTPS_PROXY/HTTP_PROXY 环境变量(解决 OAuth 超时)
- ops_cleanup 日志字段名避免触发 ERROR 误判
- 添加密码重置脚本和 SOCKS5 服务文件
2026-03-26 12:09:05 +08:00

145 lines
5.6 KiB
Bash
Executable File
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

#!/bin/bash
# =============================================================
# 节点 3美国落地机Debian 12洛杉矶
# 部署GOST 出口 + TCP 指纹伪装
# 接收 CN中转 relay+tls :8443 → 直连 Anthropic/Google
# =============================================================
# 用法sudo bash setup-node3-us-landing.sh
set -euo pipefail
GREEN='\033[0;32m' YELLOW='\033[1;33m' RED='\033[0;31m' NC='\033[0m'
ok() { echo -e "${GREEN}$*${NC}"; }
info() { echo -e "${YELLOW} $*${NC}"; }
fail() { echo -e "${RED}$*${NC}"; }
GOST_USER="${GOST_USER:-gostuser}"
GOST_PASS="${GOST_PASS:-}" # 与 CN中转机相同启动时填写
LISTEN_PORT="${LISTEN_PORT:-8443}"
echo "================================================"
echo " 节点3美国落地机 部署Debian 12 / LA"
echo "================================================"
[ "$(id -u)" != "0" ] && { fail "请用 sudo 执行"; exit 1; }
# ── 1. 系统更新 ─────────────────────────────────────
info "更新系统包..."
apt-get update -qq && apt-get upgrade -y -qq
ok "系统已更新"
# ── 2. TCP 指纹伪装macOS 特征)──────────────────────
info "应用 TCP 指纹伪装..."
# 实时生效
sysctl -w net.ipv4.ip_default_ttl=64 # TTL=64macOS 标准)
sysctl -w net.ipv4.tcp_timestamps=0 # 禁用 TCP 时间戳(防 uptime 推算)
sysctl -w net.ipv4.tcp_window_scaling=1 # 窗口扩展macOS 开启)
sysctl -w net.ipv4.tcp_rmem="4096 65535 6291456" # 接收窗口65535macOS默认
sysctl -w net.ipv4.tcp_wmem="4096 65535 6291456" # 发送窗口65535
sysctl -w net.ipv6.conf.all.disable_ipv6=1
sysctl -w net.ipv6.conf.default.disable_ipv6=1
# BBR 拥塞控制(降低丢包,提高吞吐)
sysctl -w net.core.default_qdisc=fq
sysctl -w net.ipv4.tcp_congestion_control=bbr
# 持久化到 sysctl.conf
cat >> /etc/sysctl.conf << 'EOF'
# ── Antigravity macOS TCP Fingerprint ──
net.ipv4.ip_default_ttl=64
net.ipv4.tcp_timestamps=0
net.ipv4.tcp_window_scaling=1
net.ipv4.tcp_rmem=4096 65535 6291456
net.ipv4.tcp_wmem=4096 65535 6291456
net.ipv6.conf.all.disable_ipv6=1
net.ipv6.conf.default.disable_ipv6=1
net.core.default_qdisc=fq
net.ipv4.tcp_congestion_control=bbr
EOF
sysctl -p > /dev/null 2>&1 || true
ok "TCP 指纹伪装已应用TTL=64, Window=65535, 时间戳禁用)"
# ── 3. 时区(洛杉矶,匹配落地 IP 地理位置)─────────────
timedatectl set-timezone America/Los_Angeles
ok "时区已设置: $(date)"
# ── 4. 安装 GOST ────────────────────────────────────
if ! command -v gost &>/dev/null; then
info "安装 GOST..."
ARCH=$(uname -m)
[ "$ARCH" = "x86_64" ] && GARCH="amd64" || GARCH="arm64"
LATEST=$(curl -sf https://api.github.com/repos/go-gost/gost/releases/latest \
| grep '"tag_name"' | cut -d'"' -f4)
VER="${LATEST#v}"
wget -qO /tmp/gost.tar.gz \
"https://github.com/go-gost/gost/releases/download/${LATEST}/gost_${VER}_linux_${GARCH}.tar.gz"
tar xzf /tmp/gost.tar.gz -C /tmp/
mv /tmp/gost /usr/local/bin/gost
chmod +x /usr/local/bin/gost
fi
ok "GOST $(gost -V 2>/dev/null | head -1 || echo '已安装')"
# ── 5. 填写 GOST 密码 ──────────────────────────────
if [ -z "$GOST_PASS" ]; then
read -rp "请输入 GOST 密码(与 CN中转机相同: " GOST_PASS
fi
# ── 6. 创建 GOST 出口服务 ──────────────────────────
# 落地机职责:监听 CN中转机 relay+tls 连接,直接出口到 Anthropic/Google
cat > /etc/systemd/system/gost-sub2api-exit.service << EOF
[Unit]
Description=GOST sub2api US Landing Exit - 接收中转,直连 Anthropic/Google
After=network.target
[Service]
Type=simple
User=nobody
# 监听 CN中转机的连接透传到最终目标relay 模式自动解析目标地址)
ExecStart=/usr/local/bin/gost -L "relay+tls://${GOST_USER}:${GOST_PASS}@:${LISTEN_PORT}"
Restart=always
RestartSec=5
LimitNOFILE=65536
[Install]
WantedBy=multi-user.target
EOF
systemctl daemon-reload
systemctl enable gost-sub2api-exit
systemctl restart gost-sub2api-exit
sleep 2
ok "GOST 出口服务已启动"
# ── 7. 防火墙 ──────────────────────────────────────
if command -v ufw &>/dev/null; then
ufw allow ssh
ufw allow "${LISTEN_PORT}/tcp" comment "GOST from CN Relay"
ufw --force enable
ok "防火墙已配置(只开放 SSH + $LISTEN_PORT"
fi
# ── 8. 验证 ───────────────────────────────────────
echo ""
echo "================================================"
echo " 节点3 部署完成"
echo "================================================"
echo ""
echo "【验证指纹伪装】"
echo " TTL: $(sysctl -n net.ipv4.ip_default_ttl) (应为 64"
echo " TCP 时间戳: $(sysctl -n net.ipv4.tcp_timestamps) (应为 0"
echo " 时区: $(timedatectl show -p Timezone --value)"
echo " 当前时间: $(date)"
echo ""
echo "【GOST 服务状态】"
systemctl status gost-sub2api-exit --no-pager -l | tail -5
echo ""
echo "【出口 IP 信息】"
curl -sf ipinfo.io 2>/dev/null | python3 -c "
import json,sys
d=json.load(sys.stdin)
print(f' IP: {d.get(\"ip\")}')
print(f' ISP: {d.get(\"org\")}')
print(f' 城市: {d.get(\"city\")}, {d.get(\"region\")}')
" || echo " (获取 IP 信息失败)"
Reference in New Issue View Git Blame Copy Permalink