shadowsocks v2ray-plugin cloudflare-wss ubuntu.sh

ss+v2ray+cf-wss+ubuntu.sh

#!/bin/sh -e
# For Ubuntu 18.04
# How to launch:
# $ curl https://gist.githubusercontent.com/whoizit/5d29de6161270c7eb20c079add6019d2/raw/ss+v2ray+cf-wss+ubuntu.sh
# $ sh ss+v2ray+cf-wss+ubuntu.sh

[ ${EUID:-$(id -u)} -eq 0 ] && {
  echo "This script must NOT be run as root"
  exit
}

[ $# -eq 0 ] && {
  echo -e "\
1. Sing up for:
  freenom.com (FN)
  cloudflare.com (CF)
  Create new domain on FN for free on 12 months
2. Add domain to CF like:
  'A @ domain.tld VPS_ipv4_address Proxied'
  'AAAA @ domain.tld VPS_ipv6_address Proxied'
3. Add CF-NS servers to FN>Services>My Domains>Manage Domain>Management Tools>Nameservers>
  Use custom nameservers
4. dash.cloudflare.com>DOMAIN>SSL/TLS>Overview>
  Your SSL/TLS encryption mode is Full (strict)
5. dash.cloudflare.com>DOMAIN>SSL/TLS>Overview>Edge Certificates>
  Minimum TLS Version=TLS 1.3
6. dash.cloudflare.com>DOMAIN>Firewall>Settings>
  Security Level=Essentially Off
  Browser Integrity Check=Off
  Privacy Pass Support=Off
7. CF_API_KEY=dash.cloudflare.com>DOMAIN>
  Get your API token>Global API Key

DOMAIN=example.com CF_EMAIL=example@domain.tld CF_API_KEY=asdfghjkl sh $0 'ShAdoWsOcKs-PaSsWoRd777'
\b"
exit
}

sudo apt update && sudo apt upgrade --yes

sudo apt install --yes shadowsocks-libev qrencode
sudo systemctl stop shadowsocks-libev
sudo systemctl disable shadowsocks-libev

curl https://get.acme.sh | sh

curl -kSL \
  $(curl -skSL \
    "https://circleci.com/api/v1.1/project/github/shadowsocks/v2ray-plugin/latest/artifacts?branch=master" \
    | sed -n '/url.*linux-amd64/{s/.*\(https:.*tar.gz\).*/\1/p}'
   ) \
  | tar xz \
&& {
  sudo mv v2ray-plugin_linux_amd64 /usr/local/bin/v2ray-plugin
  sudo setcap cap_net_bind_service+ep /usr/local/bin/v2ray-plugin
}

cat >config.json <<EOL
{
  "server": "0.0.0.0",
  "server_port": 443,
  "password": "$1",
  "method": "xchacha20-ietf-poly1305",
  "plugin": "v2ray-plugin",
  "plugin_opts": "server;tls;host=$DOMAIN;path=/wss;cert=$HOME/.acme.sh/$DOMAIN/fullchain.cer;key=$HOME/.acme.sh/$DOMAIN/$DOMAIN.key;loglevel=none",
  "timeout": 300,
  "mptcp": true,
  "reuse_port": true,
  "fast_open": true,
  "ipv6_first": true
}
EOL

sudo mv config.json /etc/shadowsocks-libev/

CF_Key="$CF_API_KEY" CF_Email="$CF_EMAIL" .acme.sh/acme.sh --issue --dns dns_cf -d $DOMAIN

sudo mkdir -p /etc/systemd/system/shadowsocks-libev-server@config.service.d

cat >user.conf <<EOL
[Service]
User=$USER
Group=$USER
EOL

sudo mv user.conf /etc/systemd/system/shadowsocks-libev-server@config.service.d/

sudo systemctl daemon-reload
sudo systemctl start shadowsocks-libev-server@config
sudo systemctl enable shadowsocks-libev-server@config

cat >client.conf <<EOL
{
  "server": "'$DOMAIN'",
  "server_port": 443,
  "local_address": "127.0.0.1",
  "local_port": 8443,
  "password": "'$1'",
  "method": "xchacha20-ietf-poly1305",
  "plugin": "v2ray-plugin",
  "plugin_opts": "tls;host='$DOMAIN';path=/wss;loglevel=none",
  "timeout": 300,
  "mptcp": true,
  "reuse_port": true,
  "fast_open": true,
  "ipv6_first": true
}
EOL

echo 'client config:'
cat client.conf

URL=ss://$(echo -n xchacha20-ietf-poly1305:"$1" | base64 -w0 | tr -d '=')@$DOMAIN:443?plugin=v2ray%3Bpath%3D%2Fwss%3Bhost%3D$DOMAIN%3Btls

echo 'URL for shadowsocks-android:'
echo $URL

echo 'QR-code for shadowsocks-android:'
echo $URL | qrencode -t ansi256