Created
November 13, 2019 07:18
-
-
Save gongzili456/ba500418b4e6bfffc9b610a6c519755c to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# Ubuntu 18.04 系统环境 | |
# 1. 安装并开启 BBR 拥塞控制算法 | |
# 2. 安装 Docker CE | |
# 3. 安装 certbot | |
# 4. 安装 gost | |
# 5. 配置自动任务 | |
update_core(){ | |
echo "更新系统内核" | |
sudo apt install -y -qq --install-recommends linux-generic-hwe-18.04 | |
sudo apt autoremove | |
echo "内核更新完成,重新启动机器。。。" | |
sudo reboot | |
} | |
check_bbr(){ | |
has_bbr=$(lsmod | grep bbr) | |
# 如果已经发现 bbr 进程 | |
if [ -n "$has_bbr" ] ;then | |
echo "TCP BBR 拥塞控制算法已经启动" | |
else | |
start_bbr | |
fi | |
} | |
start_bbr(){ | |
echo "启动 TCP BBR 拥塞控制算法" | |
sudo modprobe tcp_bbr | |
echo "tcp_bbr" | sudo tee --append /etc/modules-load.d/modules.conf | |
echo "net.core.default_qdisc=fq" | sudo tee --append /etc/sysctl.conf | |
echo "net.ipv4.tcp_congestion_control=bbr" | sudo tee --append /etc/sysctl.conf | |
sudo sysctl -p | |
sysctl net.ipv4.tcp_available_congestion_control | |
sysctl net.ipv4.tcp_congestion_control | |
} | |
install_docker() { | |
echo "开始安装 Docker CE" | |
curl -fsSL https://mirrors.ustc.edu.cn/docker-ce/linux/ubuntu/gpg | sudo apt-key add - | |
sudo add-apt-repository \ | |
"deb [arch=amd64] https://mirrors.ustc.edu.cn/docker-ce/linux/ubuntu \ | |
$(lsb_release -cs) \ | |
stable" | |
sudo apt-get update -qq | |
sudo apt-get install -y docker-ce | |
} | |
install_certbot() { | |
echo "开始安装 certbot" | |
sudo apt-get update -qq | |
sudo apt-get install -y software-properties-common | |
sudo add-apt-repository universe | |
sudo add-apt-repository ppa:certbot/certbot | |
sudo apt-get update -qq | |
sudo apt-get install -y certbot | |
} | |
create_cert() { | |
sudo certbot certonly --standalone -d $1 | |
} | |
install_gost() { | |
DOMAIN=$1 | |
USER=$2 | |
PASS=$3 | |
PORT=443 | |
BIND_IP=0.0.0.0 | |
CERT_DIR=/etc/letsencrypt/ | |
CERT=${CERT_DIR}/live/${DOMAIN}/fullchain.pem | |
KEY=${CERT_DIR}/live/${DOMAIN}/privkey.pem | |
docker run -d --name gost \ | |
-v ${CERT_DIR}:${CERT_DIR}:ro \ | |
--net=host ginuerzh/gost \ | |
-L "http2://${USER}:${PASS}@${BIND_IP}:${PORT}?cert=${CERT}&key=${KEY}&probe_resist=code:404" | |
} | |
create_cront_job(){ | |
echo "0 0 1 * * /usr/bin/certbot renew --force-renewal" >> /var/spool/cron/crontabs/root | |
echo "5 0 1 * * /usr/bin/docker restart gost" >> /var/spool/cron/crontabs/root | |
} | |
init(){ | |
VERSION_CURR=$(uname -r | awk -F '-' '{print $1}') | |
VERSION_MIN="4.9.0" | |
# 如果内核版本号满足最小要求 | |
if [ $VERSION_CURR > $VERSION_MIN ]; then | |
check_bbr | |
else | |
update_core | |
fi | |
install_docker | |
install_certbot | |
echo "开始生成 SSL 证书" | |
read -p "请输入你要使用的域名: " domain | |
create_cert $domain | |
echo "准备启动 Gost 代理程序,为了安全,需要使用用户名与密码进行认证。" | |
read -p "请输入你要使用的用户名: " username | |
read -p "请输入你要使用的密码: " password | |
install_gost $domain $username $password | |
create_cront_job | |
} | |
init |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Right!