2gW94/server-xray
1
0
Fork 0
mirror of https://github.com/samuelhbne/server-xray.git synced 2025-12-17 04:14:40 +03:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Initial gRPC support

Browse Source
This commit is contained in:
Samuel Huang
2021-08-17 10:49:02 +10:00
parent 58d04d92ea
commit d64e7deaaa
7 changed files with 222 additions and 41 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
.dockerignore
View File

@@ -4,3 +4,4 @@
# Allow only docker duild files # Allow only docker duild files
!Dockerfile.* !Dockerfile.*
!*.sh !*.sh
!*.tpl

2
Dockerfile.amd64
View File

@@ -18,6 +18,7 @@ RUN apk update && apk add bash nginx openssl curl socat jq moreutils
RUN cd /root; curl -sSL "https://github.com/acmesh-official/acme.sh/archive/refs/tags/2.9.0.tar.gz"|tar zxvf - RUN cd /root; curl -sSL "https://github.com/acmesh-official/acme.sh/archive/refs/tags/2.9.0.tar.gz"|tar zxvf -
RUN cd /root; mv acme.sh-2.9.0 .acme.sh RUN cd /root; mv acme.sh-2.9.0 .acme.sh
COPY site-ssl-grpc.conf.tpl /etc/nginx/http.d/
ADD run.sh /run.sh ADD run.sh /run.sh
ADD server-ltx.sh /server-ltx.sh ADD server-ltx.sh /server-ltx.sh
ADD server-ltt.sh /server-ltt.sh ADD server-ltt.sh /server-ltt.sh
@@ -26,6 +27,7 @@ ADD server-mtt.sh /server-mtt.sh
ADD server-mttw.sh /server-mttw.sh ADD server-mttw.sh /server-mttw.sh
ADD server-ttt.sh /server-ttt.sh ADD server-ttt.sh /server-ttt.sh
ADD server-tttw.sh /server-tttw.sh ADD server-tttw.sh /server-tttw.sh
ADD server-gttn.sh /server-gttn.sh
RUN chmod 755 /*.sh RUN chmod 755 /*.sh

2
Dockerfile.arm
View File

@@ -18,6 +18,7 @@ RUN apk update && apk add bash nginx openssl curl socat jq moreutils
RUN cd /root; curl -sSL "https://github.com/acmesh-official/acme.sh/archive/refs/tags/2.9.0.tar.gz"|tar zxvf - RUN cd /root; curl -sSL "https://github.com/acmesh-official/acme.sh/archive/refs/tags/2.9.0.tar.gz"|tar zxvf -
RUN cd /root; mv acme.sh-2.9.0 .acme.sh RUN cd /root; mv acme.sh-2.9.0 .acme.sh
COPY site-ssl-grpc.conf.tpl /etc/nginx/http.d/
ADD run.sh /run.sh ADD run.sh /run.sh
ADD server-ltx.sh /server-ltx.sh ADD server-ltx.sh /server-ltx.sh
ADD server-ltt.sh /server-ltt.sh ADD server-ltt.sh /server-ltt.sh
@@ -26,6 +27,7 @@ ADD server-mtt.sh /server-mtt.sh
ADD server-mttw.sh /server-mttw.sh ADD server-mttw.sh /server-mttw.sh
ADD server-ttt.sh /server-ttt.sh ADD server-ttt.sh /server-ttt.sh
ADD server-tttw.sh /server-tttw.sh ADD server-tttw.sh /server-tttw.sh
ADD server-gttn.sh /server-gttn.sh
RUN chmod 755 /*.sh RUN chmod 755 /*.sh

2
Dockerfile.arm64
View File

@@ -18,6 +18,7 @@ RUN apk update && apk add bash nginx openssl curl socat jq moreutils
RUN cd /root; curl -sSL "https://github.com/acmesh-official/acme.sh/archive/refs/tags/2.9.0.tar.gz"|tar zxvf - RUN cd /root; curl -sSL "https://github.com/acmesh-official/acme.sh/archive/refs/tags/2.9.0.tar.gz"|tar zxvf -
RUN cd /root; mv acme.sh-2.9.0 .acme.sh RUN cd /root; mv acme.sh-2.9.0 .acme.sh
COPY site-ssl-grpc.conf.tpl /etc/nginx/http.d/
ADD run.sh /run.sh ADD run.sh /run.sh
ADD server-ltx.sh /server-ltx.sh ADD server-ltx.sh /server-ltx.sh
ADD server-ltt.sh /server-ltt.sh ADD server-ltt.sh /server-ltt.sh
@@ -26,6 +27,7 @@ ADD server-mtt.sh /server-mtt.sh
ADD server-mttw.sh /server-mttw.sh ADD server-mttw.sh /server-mttw.sh
ADD server-ttt.sh /server-ttt.sh ADD server-ttt.sh /server-ttt.sh
ADD server-tttw.sh /server-tttw.sh ADD server-tttw.sh /server-tttw.sh
ADD server-gttn.sh /server-gttn.sh
RUN chmod 755 /*.sh RUN chmod 755 /*.sh

23
run.sh
View File

@@ -9,19 +9,20 @@ usage() {
echo " -k|--hook <hook-url> [Optional] DDNS update or notifing URL to be hit. Multiple allowed" echo " -k|--hook <hook-url> [Optional] DDNS update or notifing URL to be hit. Multiple allowed"
echo " -r|--request-domain <domain-name> [Optional] Domain name to request for letsencrypt cert. Multiple allowed" echo " -r|--request-domain <domain-name> [Optional] Domain name to request for letsencrypt cert. Multiple allowed"
echo " -c|--cert-path <cert-path-root> [Optional] Reading TLS certs from folder <cert-path-root>/<domain-name>/. Multiple allowed" echo " -c|--cert-path <cert-path-root> [Optional] Reading TLS certs from folder <cert-path-root>/<domain-name>/. Multiple allowed"
echo " --ltx <VLESS-TCP-XTLS option> p=1443,d=domain0.com,u=uuid[:level[:email]][,f=[fallback-host]:fb-port:[fb-path]]" echo " --ltx <VLESS-TCP-XTLS option> p=443,d=domain0.com,u=uuid[:level[:email]][,f=[fallback-host]:fb-port:[fb-path]]"
echo " --ltt <VLESS-TCP-TLS option> p=2443,d=domain1.com,u=uuid[:level[:email]][,f=[fallback-host]:fb-port:[fb-path]]" echo " --ltt <VLESS-TCP-TLS option> p=1443,d=domain1.com,u=uuid[:level[:email]][,f=[fallback-host]:fb-port:[fb-path]]"
echo " --lttw <VLESS-TCP-TLS-WS option> p=3443,d=domain2.com,u=uuid[:level[:email]][,f=[fallback-host]:fb-port:[fb-path]],w=/webpath" echo " --lttw <VLESS-TCP-TLS-WS option> p=2443,d=domain2.com,u=uuid[:level[:email]][,f=[fallback-host]:fb-port:[fb-path]],w=/webpath"
echo " --mtt <VMESS-TCP-TLS option> p=4443,d=domain3.com,u=uuid[:level[:email]][,f=[fallback-host]:fb-port:[fb-path]]" echo " --mtt <VMESS-TCP-TLS option> p=3443,d=domain3.com,u=uuid[:level[:email]][,f=[fallback-host]:fb-port:[fb-path]]"
echo " --mttw <VMESS-TCP-TLS-WS option> p=5443,d=domain4.com,u=uuid[:level[:email]][,f=[fallback-host]:fb-port:[fb-path]],w=/webpath" echo " --mttw <VMESS-TCP-TLS-WS option> p=4443,d=domain4.com,u=uuid[:level[:email]][,f=[fallback-host]:fb-port:[fb-path]],w=/webpath"
echo " --ttt <TROJAN-TCP-TLS option> p=6443,d=domain5.com,u=passwd[:email][,f=[fallback-host]:fb-port:[fb-path]]" echo " --ttt <TROJAN-TCP-TLS option> p=5443,d=domain5.com,u=passwd[:email][,f=[fallback-host]:fb-port:[fb-path]]"
echo " --tttw <TROJAN-TCP-TLS-WS option> p=7443,d=domain5.com,u=passwd[:email][,f=[fallback-host]:fb-port:[fb-path]],w=/webpath" echo " --tttw <TROJAN-TCP-TLS-WS option> p=6443,d=domain5.com,u=passwd[:email][,f=[fallback-host]:fb-port:[fb-path]],w=/webpath"
echo " --gttn <gRPC-TCP-TLS-NGINX option> p=7443,d=domain0.com,u=uuid[:level[:email]],s=svcname,g=grpcport"
# echo " --ssa <Shadowsocks-AEAD option> port=8443,user=password1:method1[,user=password2:method2]" # echo " --ssa <Shadowsocks-AEAD option> port=8443,user=password1:method1[,user=password2:method2]"
# echo " --sst <Shadowsocks-TCP option> port=9443,user=passwd,method=xxxx" # echo " --sst <Shadowsocks-TCP option> port=9443,user=passwd,method=xxxx"
echo " --stdin Read XRay config from stdin instead of auto generation" echo " --stdin Read XRay config from stdin instead of auto generation"
} }
TEMP=`getopt -o k:r:c:d --long hook:,request-domain:,cert-path:,ltx:,ltt:,lttw:,mtt:,mttw:,ttt:,tttw:,ssa:,sst:stdin,debug -n "$0" -- $@` TEMP=`getopt -o k:r:c:d --long hook:,request-domain:,cert-path:,ltx:,ltt:,lttw:,mtt:,mttw:,ttt:,tttw:,gttn:,ssa:,sst:stdin,debug -n "$0" -- $@`
if [ $? != 0 ] ; then usage; exit 1 ; fi if [ $? != 0 ] ; then usage; exit 1 ; fi
eval set -- "$TEMP" eval set -- "$TEMP"
@@ -43,7 +44,8 @@ while true ; do
DEBUG=1 DEBUG=1
shift 1 shift 1
;; ;;
--ltx|--ltt|--lttw|--mtt|--mttw|--ttt|--tttw) --ltx|--ltt|--lttw|--mtt|--mttw|--ttt|--tttw|--gttn)
if [ "$1" = "--gttn" ]; then NGINX=1; fi
SVC=`echo $1|tr -d '\-\-'` SVC=`echo $1|tr -d '\-\-'`
SVCMD+=("$DIR/server-${SVC}.sh $2") SVCMD+=("$DIR/server-${SVC}.sh $2")
shift 2 shift 2
@@ -114,12 +116,13 @@ if [ -n "${SVCMD}" ]; then
exit 1 exit 1
fi fi
done done
if [ "${DEBUG}" = 1 ]; then if [ "${DEBUG}" = "1" ]; then
cat $XCONF |jq '.log.loglevel |="debug"' |sponge $XCONF cat $XCONF |jq '.log.loglevel |="debug"' |sponge $XCONF
echo echo
cat $XCONF cat $XCONF
echo echo
fi fi
if [ "${NGINX}" = "1" ]; then nginx; fi
exec /usr/local/bin/xray -c $XCONF exec /usr/local/bin/xray -c $XCONF
else else
if [ "${STDINCONF}" = "1" ]; then if [ "${STDINCONF}" = "1" ]; then

146
server-gttn.sh Executable file
View File

@@ -0,0 +1,146 @@
#!/bin/bash
usage() {
echo "Usage: server-gttn <xconf=xray-config-file>,<certpath=cert-path-root>,<port=443>,<domain=mydomain.com>,<user=xxx-xxx[:0[:a@mail.com]]>,<service=svcname>,<gport=65443>"
}
options=(`echo $1 |tr ',' ' '`)
for option in "${options[@]}"
do
kv=(`echo $option |tr '=' ' '`)
case "${kv[0]}" in
x|xconf)
xconf="${kv[1]}"
;;
c|certpath)
certpath+=("${kv[1]}")
;;
p|port)
port="${kv[1]}"
;;
d|domain)
domain="${kv[1]}"
;;
u|user)
xuser+=("${kv[1]}")
;;
g|gport)
gport="${kv[1]}"
;;
s|service)
service="${kv[1]}"
;;
esac
done
if [ -z "${certpath}" ]; then
echo "Error: certpath undefined."
usage
exit 1
fi
if [ -z "${xconf}" ]; then
echo "Error: xconf undefined."
usage
exit 1
fi
if [ -z "${port}" ]; then
echo "Error: port undefined."
usage
exit 1
fi
if [ -z "${gport}" ]; then
echo "Error: gport undefined."
usage
exit 1
fi
if [ -z "${domain}" ]; then
echo "Error: domain undefined."
usage
exit 1
fi
if [ -z "${xuser}" ]; then
echo "Error: user undefined."
usage
exit 1
fi
XCONF=$xconf
cat $XCONF |jq --arg gport "${gport}" '.inbounds +=[{"port":($gport|tonumber), "protocol":"vless", "settings":{"clients":[]}}]' |sponge $XCONF
for xu in "${xuser[@]}"
do
IFS=':'
uopt=(${xu})
uopt=(${uopt[@]})
if [ -z "${uopt[0]}" ]; then
echo "Incorrect user format: ${xu}"
echo "Correct user format: user=<uuid>[:level:email]"
echo "Like: user=805b2209-c26f-48d6-ba52-07b7d894f962:0:me@g.cn"
echo "Like: user=805b2209-c26f-48d6-ba52-07b7d894f962::me@g.cn"
echo "Like: user=805b2209-c26f-48d6-ba52-07b7d894f962:0"
echo "Like: user=805b2209-c26f-48d6-ba52-07b7d894f962"
exit 1
fi
if [ -z "${uopt[1]}" ]; then
uopt[1]=0
fi
if [ -z "${uopt[2]}" ]; then
uopt[2]="nobody@g.cn"
fi
cat $XCONF |jq --arg gport "${gport}" --arg uid "${uopt[0]}" --arg level "${uopt[1]}" --arg email "${uopt[2]}" \
'( .inbounds[] | select(.port == ($gport|tonumber)) | .settings.clients ) += [ {"id":$uid, "level":($level|tonumber), "email":$email} ] ' \
|sponge $XCONF
done
cat $XCONF |jq --arg gport "${gport}" \
'( .inbounds[] | select(.port == ($gport|tonumber)) | .settings.decryption ) += "none" ' \
|sponge $XCONF
cat $XCONF |jq --arg gport "${gport}" --arg service "${service}" \
'( .inbounds[] | select(.port == ($gport|tonumber)) | .streamSettings ) += {"network":"grpc", "grpcSettings":{"serviceName":$service} } ' \
|sponge $XCONF
for certroot in "${certpath[@]}"
do
if [ -f "${certroot}/${domain}/fullchain.cer" ] && [ -f "${certroot}/${domain}/${domain}.key" ]; then
fullchain="${certroot}/${domain}/fullchain.cer"
prvkey="${certroot}/${domain}/${domain}.key"
break
fi
done
if [ ! -f "${fullchain}" ] || [ ! -f "${prvkey}" ]; then
echo "TLS cert missing?"
echo "Abort."
exit 2
fi
# Running as root to enable low port listening. Necessary for Fargate or k8s.
sed -i 's/^user nginx;$/user root;/g' /etc/nginx/nginx.conf
mkdir -p /run/nginx/
cd /etc/nginx/http.d/
if [ -f /etc/nginx/http.d/default.conf ]; then
mv default.conf default.conf.disable
fi
TPL="site-ssl-grpc.conf.tpl"
ESC_CERTFILE=$(printf '%s\n' "${fullchain}" | sed -e 's/[]\/$*.^[]/\\&/g')
ESC_PRVKEYFILE=$(printf '%s\n' "${prvkey}" | sed -e 's/[]\/$*.^[]/\\&/g')
ESC_GSVC=$(printf '%s\n' "${service}" | sed -e 's/[]\/$*.^[]/\\&/g')
cat ${TPL} \
| sed "s/CERTFILE/${ESC_CERTFILE}/g" \
| sed "s/PRVKEYFILE/${ESC_PRVKEYFILE}/g" \
| sed "s/NGDOMAIN/${domain}/g" \
| sed "s/NGPORT/${port}/g" \
| sed "s/GPORT/${gport}/g" \
| sed "s/GSVC/${ESC_GSVC}/g" \
>site-xray.conf

25
site-ssl-grpc.conf.tpl Normal file
View File

@@ -0,0 +1,25 @@
server {
listen NGPORT ssl http2;
listen [::]:NGPORT ssl http2;
server_name NGDOMAIN;
ssl_certificate CERTFILE;
ssl_certificate_key PRVKEYFILE;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
client_header_timeout 1071906480m;
keepalive_timeout 1071906480m;
location / {
return 404;
}
location GSVC {
if ($content_type !~ "application/grpc") {
return 404;
}
client_max_body_size 0;
client_body_timeout 1071906480m;
grpc_read_timeout 1071906480m;
grpc_pass grpc://127.0.0.1:GPORT;
}
}