97 lines
3.7 KiB
Bash
Executable File
97 lines
3.7 KiB
Bash
Executable File
#!/bin/bash
|
||
# =============================================================
|
||
# 节点 2:海外 CN 中转机
|
||
# 部署:GOST 双向中转
|
||
# 接收上海: relay+tls :3456 → 转发到美国落地 :8443
|
||
# =============================================================
|
||
# 用法:bash setup-node2-cn-relay.sh
|
||
|
||
set -euo pipefail
|
||
GREEN='\033[0;32m' YELLOW='\033[1;33m' RED='\033[0;31m' NC='\033[0m'
|
||
ok() { echo -e "${GREEN}✅ $*${NC}"; }
|
||
info() { echo -e "${YELLOW}ℹ $*${NC}"; }
|
||
fail() { echo -e "${RED}❌ $*${NC}"; }
|
||
|
||
# ── 配置(修改这里)──────────────────────────────────
|
||
US_LANDING_IP="${US_LANDING_IP:-}" # 美国落地机 IP
|
||
GOST_USER="${GOST_USER:-gostuser}"
|
||
GOST_PASS="${GOST_PASS:-$(openssl rand -hex 8)}"
|
||
LISTEN_PORT_FROM_SH="${LISTEN_PORT_FROM_SH:-3456}" # 接收上海的端口
|
||
LISTEN_PORT_TO_US="${LISTEN_PORT_TO_US:-8443}" # 美国落地机监听端口
|
||
|
||
echo "================================================"
|
||
echo " 节点2:海外CN中转机 部署"
|
||
echo "================================================"
|
||
|
||
# 检查必填
|
||
if [ -z "$US_LANDING_IP" ]; then
|
||
read -rp "请输入美国落地机 IP: " US_LANDING_IP
|
||
fi
|
||
|
||
# ── 1. 安装 GOST ────────────────────────────────────
|
||
if ! command -v gost &>/dev/null; then
|
||
info "安装 GOST..."
|
||
ARCH=$(uname -m)
|
||
[ "$ARCH" = "x86_64" ] && GARCH="amd64" || GARCH="arm64"
|
||
LATEST=$(curl -sf https://api.github.com/repos/go-gost/gost/releases/latest | grep '"tag_name"' | cut -d'"' -f4)
|
||
wget -qO /tmp/gost.tar.gz \
|
||
"https://github.com/go-gost/gost/releases/download/${LATEST}/gost_linux_${GARCH}.tar.gz"
|
||
tar xzf /tmp/gost.tar.gz -C /tmp/
|
||
mv /tmp/gost /usr/local/bin/gost
|
||
chmod +x /usr/local/bin/gost
|
||
fi
|
||
ok "GOST $(gost -V 2>/dev/null | head -1 || echo '已安装')"
|
||
|
||
# ── 2. 创建 Systemd 服务 ────────────────────────────
|
||
# 中转机职责:
|
||
# - 接收上海 sub2api 发来的 relay+tls 连接(:3456)
|
||
# - 将流量通过 relay+tls 转发到美国落地机(:8443)
|
||
cat > /etc/systemd/system/gost-relay.service << EOF
|
||
[Unit]
|
||
Description=GOST CN Relay - 接收上海转发到美国落地
|
||
After=network.target
|
||
|
||
[Service]
|
||
Type=simple
|
||
User=nobody
|
||
ExecStart=/usr/local/bin/gost \\
|
||
-L "relay+tls://${GOST_USER}:${GOST_PASS}@:${LISTEN_PORT_FROM_SH}" \\
|
||
-F "relay+tls://${GOST_USER}:${GOST_PASS}@${US_LANDING_IP}:${LISTEN_PORT_TO_US}"
|
||
Restart=always
|
||
RestartSec=5
|
||
LimitNOFILE=65536
|
||
|
||
[Install]
|
||
WantedBy=multi-user.target
|
||
EOF
|
||
|
||
systemctl daemon-reload
|
||
systemctl enable gost-relay
|
||
systemctl restart gost-relay
|
||
sleep 2
|
||
ok "GOST 中转服务已启动"
|
||
|
||
# ── 3. 防火墙开放端口 ───────────────────────────────
|
||
if command -v ufw &>/dev/null; then
|
||
ufw allow "${LISTEN_PORT_FROM_SH}/tcp" comment "GOST from Shanghai" 2>/dev/null || true
|
||
ufw allow ssh 2>/dev/null || true
|
||
ok "ufw 端口已开放"
|
||
fi
|
||
|
||
# ── 4. 输出上海配置 ─────────────────────────────────
|
||
MY_IP=$(curl -sf ipinfo.io/ip 2>/dev/null || echo '<本机IP>')
|
||
echo ""
|
||
echo "================================================"
|
||
echo " 节点2 部署完成"
|
||
echo "================================================"
|
||
echo ""
|
||
echo "【上海服务器 .env 填写以下值】"
|
||
echo " GATEWAY_NODE_TLS_PROXY_LISTEN_HOST=${MY_IP}"
|
||
echo " GATEWAY_NODE_TLS_PROXY_LISTEN_PORT=${LISTEN_PORT_FROM_SH}"
|
||
echo ""
|
||
echo "【GOST 认证信息(勿泄露)】"
|
||
echo " 用户名: ${GOST_USER}"
|
||
echo " 密码: ${GOST_PASS}"
|
||
echo ""
|
||
systemctl status gost-relay --no-pager -l | tail -5
|