forked from Weera1234/DNS-AGN
-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathhysteria.sh
173 lines (149 loc) · 4.22 KB
/
hysteria.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
#!/bin/sh
#Do not forget to set this variables
DOMAIN=udpserv.khaledagn.com
CF_KEY=54578812da59c595d6e83fa90022544888fae
CF_ZONE=695a6007808a2b1a03e505235e5f4dd9
MYIP=$(wget -qO- icanhazip.com);
server_ip=$(curl -s https://api.ipify.org)
timedatectl set-timezone Asia/Riyadh
install_require () {
clear
echo 'Installing dependencies.'
{
export DEBIAN_FRONTEND=noninteractive
apt update
apt install -y gnupg openssl
apt install -y iptables socat
apt install -y netcat httpie php neofetch vnstat
apt install -y screen gnutls-bin python
apt install -y dos2unix nano unzip jq virt-what net-tools default-mysql-client
apt install -y build-essential
clear
}
clear
}
install_hysteria(){
clear
echo 'Installing hysteria.'
{
wget https://raw.githubusercontent.com/apernet/hysteria/master/install_server.sh; chmod +x install_server.sh; ./install_server.sh
}
}
modify_hysteria(){
clear
echo 'Modifying Hysteria.'
{
rm -f /etc/hysteria/config.json
echo '{
"listen": ":1080",
"cert": "/etc/hysteria/hysteria.crt",
"key": "/etc/hysteria/hysteria.key",
"up_mbps": 100,
"down_mbps": 100,
"disable_udp": false,
"obfs": "agnudp",
"auth": {
"mode": "passwords",
"config": ["agnudp", "agnudps"]
}
}
' >> /etc/hysteria/config.json
chmod 755 /etc/hysteria/config.json
chmod 755 /etc/hysteria/hysteria.crt
chmod 755 /etc/hysteria/hysteria.key
}
}
install_letsencrypt()
{
clear
echo "Installing letsencrypt."
{
apt remove apache2 -y
echo "$DOMAIN" > /root/domain
domain=$(cat /root/domain)
curl https://get.acme.sh | sh
~/.acme.sh/acme.sh --register-account -m [email protected] --server zerossl
~/.acme.sh/acme.sh --issue -d "${domain}" --standalone -k ec-256
~/.acme.sh/acme.sh --installcert -d "${domain}" --fullchainpath /etc/hysteria/hysteria.crt --keypath /etc/hysteria/hysteria.key --ecc
chmod 755 /etc/hysteria/hysteria.crt
chmod 755 755 /etc/hysteria/hysteria.key
}
}
installBBR() {
echo "net.core.default_qdisc=fq" >> /etc/sysctl.conf
echo "net.ipv4.tcp_congestion_control=bbr" >> /etc/sysctl.conf
sysctl -p
apt install -y linux-generic-hwe-20.04
grub-set-default 0
echo "tcp_bbr" >> /etc/modules-load.d/modules.conf
INSTALL_BBR=true
}
install_firewall_kvm () {
clear
echo "Installing iptables."
sysctl -p
{
iptables -t nat -A PREROUTING -i $(ip -4 route ls|grep default|grep -Po '(?<=dev )(\S+)'|head -1) -p udp --dport 20000:50000 -j DNAT --to-destination :1080
ip6tables -t nat -A PREROUTING -i $(ip -4 route ls|grep default|grep -Po '(?<=dev )(\S+)'|head -1) -p udp --dport 20000:50000 -j DNAT --to-destination :1080
sysctl net.ipv4.conf.all.rp_filter=0
sysctl net.ipv4.conf.eth0.rp_filter=0
echo "net.ipv4.ip_forward = 1
net.ipv4.conf.all.rp_filter=0
net.ipv4.conf.eth0.rp_filter=0" > /etc/sysctl.conf
sysctl -p
echo iptables-persistent iptables-persistent/autosave_v4 boolean true | sudo debconf-set-selections
echo iptables-persistent iptables-persistent/autosave_v6 boolean true | sudo debconf-set-selections
iptables-save > /etc/iptables_rules.v4
ip6tables-save > /etc/iptables_rules.v6
}
}
install_rclocal(){
{
echo "[Unit]
Description=firenet service
Documentation=http://firenetvpn.com
[Service]
Type=oneshot
ExecStart=/bin/bash /etc/rc.local
RemainAfterExit=yes
[Install]
WantedBy=multi-user.target" >> /etc/systemd/system/firenet.service
echo '#!/bin/sh -e
iptables-restore < /etc/iptables_rules.v4
ip6tables-restore < /etc/iptables_rules.v6
sysctl -p
service hysteria-server restart
exit 0' >> /etc/rc.local
sudo chmod +x /etc/rc.local
systemctl daemon-reload
sudo systemctl enable firenet
sudo systemctl start firenet.service
}
}
start_service () {
clear
echo 'Starting..'
{
sudo crontab -l | { echo "7 0 * * * /root/.acme.sh/acme.sh --cron --home /root/.acme.sh > /dev/null"; } | crontab -
sudo systemctl restart cron
}
clear
echo '++++++++++++++++++++++++++++++++++'
echo '* HYSTERIA Is Ready! *'
echo '+++++++++++************+++++++++++'
echo -e "[IP] : $server_ip\n[Hysteria Port] : 1080\n"
history -c;
echo 'Server will secure this server and reboot after 20 seconds'
sleep 20
reboot
}
install_require
install_hysteria
install_letsencrypt
install_firewall_kvm
modify_hysteria
installBBR
install_rclocal
start_service