From 18949f31ba1a0076dba84f8549994f32ed0d3670 Mon Sep 17 00:00:00 2001 From: Joywayer Date: Wed, 8 Apr 2026 15:19:49 +0800 Subject: [PATCH] =?UTF-8?q?=E5=A2=9E=E5=8A=A0vps-xray=E9=83=A8=E7=BD=B2?= =?UTF-8?q?=E7=9B=B8=E5=85=B3=E8=84=9A=E6=9C=AC?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- vps-xray/.env.example | 16 ++ vps-xray/README.md | 264 +++++++++++++++++++++++++ vps-xray/backup.sh | 62 ++++++ vps-xray/deploy.sh | 433 ++++++++++++++++++++++++++++++++++++++++++ vps-xray/uninstall.sh | 146 ++++++++++++++ 5 files changed, 921 insertions(+) create mode 100644 vps-xray/.env.example create mode 100644 vps-xray/README.md create mode 100644 vps-xray/backup.sh create mode 100644 vps-xray/deploy.sh create mode 100644 vps-xray/uninstall.sh diff --git a/vps-xray/.env.example b/vps-xray/.env.example new file mode 100644 index 0000000..90dc38a --- /dev/null +++ b/vps-xray/.env.example @@ -0,0 +1,16 @@ +# Xray 部署配置模板 +# deploy.sh 运行后会自动生成 .env,通常无需手动创建 +# 如需预配置,复制此文件为 .env 后修改 + +# 部署模式: reality (推荐) / fast +# XRAY_MODE=reality + +# 监听端口(默认 443,建议不改) +# XRAY_PORT=443 + +# Reality 伪装目标(留空则自动选择延迟最低的) +# REALITY_DEST=www.microsoft.com +# REALITY_SNI=www.microsoft.com + +# 备份目录 +# BACKUP_DIR=/var/backups/xray diff --git a/vps-xray/README.md b/vps-xray/README.md new file mode 100644 index 0000000..2b79755 --- /dev/null +++ b/vps-xray/README.md @@ -0,0 +1,264 @@ +# Xray VPS 部署指南 + +> 一键部署 Xray 代理,支持 VLESS-Reality(抗封锁)和 VLESS TCP(极速)两种模式。无需域名和证书。 + +## 功能特性 + +- 两种部署模式可选:Reality(推荐)/ Fast TCP +- 自动安装 Xray + 生成密钥 + 配置防火墙 +- BBR 拥塞控制 + TCP 深度调优 +- 自动选择延迟最低的 Reality 伪装目标 +- 部署完成自动输出 VLESS 分享链接 +- 一键备份 / 卸载脚本 + +## 模式对比 + +| 特性 | Reality(推荐) | Fast TCP | +|------|-----------------|----------| +| **加密** | Reality TLS 1.3 | 无,明文传输 | +| **抗检测** | 伪装为真实 HTTPS 流量 | 极易被 DPI 识别 | +| **需要域名** | 否 | 否 | +| **需要证书** | 否 | 否 | +| **速度** | Vision 流控避免双重加密,差距 < 5% | 裸 TCP 无开销,理论最快 | +| **被封风险** | 极低 | 极高 | + +## 技术栈 + +| 组件 | 说明 | +|------|------| +| Xray | VLESS 代理核心 | +| BBR | TCP 拥塞控制算法 | +| ufw / firewalld | 防火墙 | + +## 前置条件 + +1. 一台境外 Linux VPS(Debian 12 推荐) +2. root 权限 +3. 服务器 443 端口可从外网访问 + +### 推荐配置 + +| 项目 | 最低 | 推荐 | +|------|------|------| +| CPU | 1 核 | 1 核 | +| 内存 | 256 MB | 512 MB | +| 硬盘 | 5 GB | 10 GB | +| 带宽 | 200 Mbps | 1 Gbps | +| 流量 | 500 GB/月 | 1 TB+/月 | +| 位置 | — | 日本 / 新加坡 / 美西 | + +## 目录结构 + +``` +vps-xray/ +├── deploy.sh # 一键部署脚本 +├── backup.sh # 备份脚本 +├── uninstall.sh # 完全卸载脚本 +├── .env.example # 配置模板 +├── README.md # 本文件 +├── vps-xray-optimized.md # Reality 方案详细文档 +└── vps-xray-fast.md # Fast TCP 方案详细文档 +``` + +服务器上的文件位置: + +``` +/usr/local/bin/xray # Xray 可执行文件 +/usr/local/etc/xray/config.json # Xray 配置文件 +/etc/sysctl.d/99-xray-turbo.conf # 网络调优参数 +/var/backups/xray/ # 备份文件 +``` + +## 快速部署 + +### 第一步:上传文件到 VPS + +```bash +scp -r vps-xray/ root@:/opt/vps-xray +``` + +### 第二步:登录 VPS 执行部署 + +```bash +ssh root@ +cd /opt/vps-xray + +# Reality 模式部署(推荐) +bash deploy.sh + +# 或者 Fast TCP 模式 +bash deploy.sh --mode fast +``` + +部署完成后会输出: +- 连接参数(IP、端口、UUID、密钥等) +- VLESS 分享链接(可直接导入客户端) + +> **⚠️ 请妥善保存输出的连接信息!密钥仅显示一次。**凭据同时保存在 `/opt/vps-xray/.env` 中。 + +### 第三步:客户端配置 + +将部署脚本输出的 `vless://` 链接导入客户端即可: + +| 平台 | 推荐客户端 | +|------|-----------| +| Windows | v2rayN(6.x+) | +| macOS | V2BOX / NekoRay | +| iOS | Shadowrocket / Streisand | +| Android | v2rayNG | + +详细的 Clash Meta / Sing-Box 配置参见 [vps-xray-optimized.md](vps-xray-optimized.md)。 + +## 日常运维 + +### 查看状态 / 日志 + +```bash +systemctl status xray +journalctl -u xray -f +journalctl -u xray --tail 100 +``` + +### 备份 + +```bash +cd /opt/vps-xray +bash backup.sh +``` + +备份内容包括: +- Xray 配置文件(`config.json`) +- 部署配置(`.env` + 脚本) +- 网络调优参数 + +备份文件保存在 `/var/backups/xray/`,自动清理 30 天前的旧备份。 + +### 恢复备份 + +```bash +# 查看可用备份 +ls /var/backups/xray/ + +# 恢复 Xray 配置 +tar xzf /var/backups/xray/xray_config_<日期>.tar.gz -C /usr/local/etc/ + +# 恢复网络调优 +cp /var/backups/xray/sysctl_<日期>.conf /etc/sysctl.d/99-xray-turbo.conf +sysctl --system + +# 重启服务 +systemctl restart xray +``` + +### 更新 Xray + +```bash +# 备份当前配置 +cd /opt/vps-xray && bash backup.sh + +# 更新 Xray 核心(配置文件保留) +bash <(curl -fsSL https://raw.githubusercontent.com/XTLS/Xray-install/main/install-release.sh) + +# 重启服务 +systemctl restart xray +``` + +### 重启 / 停止 + +```bash +systemctl restart xray # 重启 +systemctl stop xray # 停止 +systemctl start xray # 启动 +``` + +### 验证 + +```bash +# 确认 BBR 启用 +sysctl net.ipv4.tcp_congestion_control + +# 确认端口监听 +ss -tlnp | grep 443 + +# 测试配置语法 +/usr/local/bin/xray run -test -config /usr/local/etc/xray/config.json +``` + +## 完全卸载 + +```bash +cd /opt/vps-xray +bash uninstall.sh +``` + +脚本会**交互式确认**每个危险操作: + +| 步骤 | 操作 | 确认方式 | +|------|------|----------| +| 0 | 卸载前备份(可选) | y/N | +| 1 | 停止并禁用 Xray 服务 | 输入 YES | +| 2 | 卸载 Xray 程序 + 删除配置 | 自动 | +| 3 | 移除网络调优配置 | 自动 | +| 4 | 关闭防火墙端口 | 自动 | +| 5 | 删除部署目录 `/opt/vps-xray` | y/N | + +**备份目录 `/var/backups/xray/` 始终保留**。 + +## 多用户 + +在 Xray 配置的 `clients` 数组中添加更多用户: + +```bash +vi /usr/local/etc/xray/config.json +``` + +```json +"clients": [ + { "id": "原始-uuid", "flow": "xtls-rprx-vision" }, + { "id": "新用户-uuid", "flow": "xtls-rprx-vision" } +] +``` + +生成新 UUID:`cat /proc/sys/kernel/random/uuid` + +修改后重启:`systemctl restart xray` + +## 故障排查 + +### 客户端连接失败 + +```bash +# 确认 Xray 运行 +systemctl status xray + +# 确认端口监听 +ss -tlnp | grep 443 + +# 查看错误日志 +journalctl -u xray --tail 50 +``` + +### 速度慢 + +```bash +# 确认 BBR 启用 +sysctl net.ipv4.tcp_congestion_control +# 应输出: net.ipv4.tcp_congestion_control = bbr + +# 确认网络调优生效 +sysctl net.core.rmem_max +# 应输出: net.core.rmem_max = 16777216 +``` + +### IP 被封 + +Reality 能大幅降低被封概率,但如果 IP 已被墙: +1. 更换 VPS IP +2. 重新部署:`bash deploy.sh` + +## 安全说明 + +- `PrivateKey` 只存在服务端配置中,切勿泄露 +- `PublicKey` 是客户端参数,可公开 +- `.env` 文件权限已设为 600(仅 root 可读) +- BT 流量已在路由规则中屏蔽,降低 VPS 被投诉风险 diff --git a/vps-xray/backup.sh b/vps-xray/backup.sh new file mode 100644 index 0000000..7b99670 --- /dev/null +++ b/vps-xray/backup.sh @@ -0,0 +1,62 @@ +#!/usr/bin/env bash +set -euo pipefail + +# ============================================ +# Xray 备份脚本 +# 备份内容:Xray 配置 + .env 凭据 + 网络调优 +# 定时执行: crontab -e → 0 3 * * 0 /opt/vps-xray/backup.sh +# ============================================ + +SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" +cd "$SCRIPT_DIR" + +# 加载配置 +if [ -f .env ]; then + sed -i 's/\r$//' .env + set -a; source .env; set +a +fi + +BACKUP_DIR="${BACKUP_DIR:-/var/backups/xray}" +DATE=$(date +%Y%m%d_%H%M%S) +KEEP_DAYS=30 + +log() { echo "[$(date '+%Y-%m-%d %H:%M:%S')] $*"; } + +mkdir -p "$BACKUP_DIR" + +# 1. 备份 Xray 配置 +log "正在备份 Xray 配置..." +if [ -f /usr/local/etc/xray/config.json ]; then + tar czf "${BACKUP_DIR}/xray_config_${DATE}.tar.gz" \ + -C /usr/local/etc xray/ + log "Xray 配置备份完成: xray_config_${DATE}.tar.gz" +else + log "警告: Xray 配置文件不存在,跳过" +fi + +# 2. 备份部署配置(.env + 脚本) +log "正在备份部署配置..." +tar czf "${BACKUP_DIR}/deploy_config_${DATE}.tar.gz" \ + -C "$SCRIPT_DIR" \ + $(ls .env deploy.sh backup.sh uninstall.sh 2>/dev/null) +log "部署配置备份完成: deploy_config_${DATE}.tar.gz" + +# 3. 备份网络调优配置 +if [ -f /etc/sysctl.d/99-xray-turbo.conf ]; then + log "正在备份网络调优配置..." + cp /etc/sysctl.d/99-xray-turbo.conf "${BACKUP_DIR}/sysctl_${DATE}.conf" + log "网络调优备份完成: sysctl_${DATE}.conf" +fi + +# 4. 清理过期备份 +log "清理 ${KEEP_DAYS} 天前的备份..." +deleted=$(find "$BACKUP_DIR" -type f -mtime +${KEEP_DAYS} -print -delete | wc -l) +log "已清理 ${deleted} 个过期文件" + +# 5. 输出备份摘要 +echo "" +log "===== 备份完成 =====" +log "备份目录: ${BACKUP_DIR}/" +ls -lh "${BACKUP_DIR}/"*"${DATE}"* 2>/dev/null || true +echo "" +log "总备份空间占用: $(du -sh "${BACKUP_DIR}" | cut -f1)" diff --git a/vps-xray/deploy.sh b/vps-xray/deploy.sh new file mode 100644 index 0000000..8d2d3a3 --- /dev/null +++ b/vps-xray/deploy.sh @@ -0,0 +1,433 @@ +#!/usr/bin/env bash +set -euo pipefail + +# ============================================ +# Xray VPS 一键部署脚本 +# 支持模式:reality (VLESS-Reality) / fast (VLESS TCP 无 TLS) +# 适用于 Debian 11+ / Ubuntu 20.04+ +# ============================================ + +SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" +cd "$SCRIPT_DIR" + +RED='\033[0;31m' +GREEN='\033[0;32m' +YELLOW='\033[1;33m' +CYAN='\033[0;36m' +NC='\033[0m' + +log() { echo -e "${GREEN}[INFO]${NC} $*"; } +warn() { echo -e "${YELLOW}[WARN]${NC} $*"; } +error() { echo -e "${RED}[ERROR]${NC} $*" >&2; } +step() { echo -e "\n${CYAN}========== $* ==========${NC}"; } + +# ===== 使用说明 ===== +usage() { + echo "用法: bash deploy.sh [选项]" + echo "" + echo "选项:" + echo " --mode reality VLESS-Reality 模式(默认,推荐,抗封锁)" + echo " --mode fast VLESS TCP 模式(无 TLS,极速但易被检测)" + echo " -h, --help 显示帮助" + exit 0 +} + +# ===== 解析参数 ===== +MODE="reality" +while [[ $# -gt 0 ]]; do + case $1 in + --mode) MODE="$2"; shift 2 ;; + -h|--help) usage ;; + *) error "未知参数: $1"; usage ;; + esac +done + +if [[ "$MODE" != "reality" && "$MODE" != "fast" ]]; then + error "无效模式: $MODE(支持 reality / fast)" + exit 1 +fi + +# ===== 检查 root ===== +if [ "$(id -u)" -ne 0 ]; then + error "请使用 root 用户运行: sudo bash deploy.sh" + exit 1 +fi + +# ===== 加载现有配置(如存在)===== +if [ -f .env ]; then + sed -i 's/\r$//' .env + set -a; source .env; set +a +fi + +XRAY_PORT="${XRAY_PORT:-443}" + +# ===== 1. 安装 Xray ===== +install_xray() { + step "1/5 安装 Xray" + + if command -v xray &>/dev/null || [ -x /usr/local/bin/xray ]; then + log "Xray 已安装: $(/usr/local/bin/xray version | head -1)" + log "将更新到最新版本..." + fi + + bash <(curl -fsSL https://raw.githubusercontent.com/XTLS/Xray-install/main/install-release.sh) + log "Xray 安装完成: $(/usr/local/bin/xray version | head -1)" +} + +# ===== 2. 生成密钥 ===== +generate_keys() { + step "2/5 生成密钥" + + XRAY_UUID=$(cat /proc/sys/kernel/random/uuid) + log "UUID: ${XRAY_UUID}" + + if [ "$MODE" = "reality" ]; then + local keys + keys=$(/usr/local/bin/xray x25519 2>&1) + XRAY_PRIVATE_KEY=$(echo "$keys" | grep -i 'private' | awk -F': ' '{print $2}' | tr -d '[:space:]') + XRAY_PUBLIC_KEY=$(echo "$keys" | grep -i 'public' | awk -F': ' '{print $2}' | tr -d '[:space:]') + XRAY_SHORT_ID=$(openssl rand -hex 8) + + if [ -z "$XRAY_PRIVATE_KEY" ] || [ -z "$XRAY_PUBLIC_KEY" ]; then + error "密钥生成失败!xray x25519 输出:" + echo "$keys" + exit 1 + fi + log "x25519 密钥对已生成" + log "ShortId: ${XRAY_SHORT_ID}" + fi +} + +# ===== 3. 选择 Reality 伪装目标 ===== +select_reality_dest() { + if [ "$MODE" != "reality" ]; then + return + fi + + step "3/5 选择 Reality 伪装目标" + + local candidates=("www.microsoft.com" "dl.google.com" "www.apple.com" "www.amazon.com") + REALITY_DEST="${REALITY_DEST:-}" + REALITY_SNI="${REALITY_SNI:-}" + + if [ -n "$REALITY_DEST" ] && [ -n "$REALITY_SNI" ]; then + log "使用 .env 中指定的伪装目标: ${REALITY_DEST}" + return + fi + + local best_dest="www.microsoft.com" + local best_ms=9999 + + for site in "${candidates[@]}"; do + local ms + ms=$(curl -so /dev/null -w '%{time_connect}' --max-time 3 "https://${site}" 2>/dev/null \ + | awk '{printf "%d", $1*1000}') || true + if [ -n "$ms" ] && [ "$ms" -lt "$best_ms" ] 2>/dev/null; then + best_ms=$ms + best_dest=$site + fi + done + + REALITY_DEST="$best_dest" + REALITY_SNI="$best_dest" + log "伪装目标: ${REALITY_DEST} (延迟 ${best_ms}ms)" +} + +# ===== 4. 写入 Xray 配置 ===== +write_config() { + if [ "$MODE" = "reality" ]; then + write_config_reality + else + write_config_fast + fi +} + +write_config_reality() { + step "3/5 写入 Xray 配置 (Reality)" + + cat > /usr/local/etc/xray/config.json << EOF +{ + "log": { + "loglevel": "warning" + }, + "inbounds": [ + { + "listen": "0.0.0.0", + "port": ${XRAY_PORT}, + "protocol": "vless", + "settings": { + "clients": [ + { + "id": "${XRAY_UUID}", + "flow": "xtls-rprx-vision" + } + ], + "decryption": "none" + }, + "streamSettings": { + "network": "tcp", + "security": "reality", + "realitySettings": { + "show": false, + "dest": "${REALITY_DEST}:443", + "xver": 0, + "serverNames": [ + "${REALITY_SNI}" + ], + "privateKey": "${XRAY_PRIVATE_KEY}", + "shortIds": [ + "${XRAY_SHORT_ID}" + ] + } + }, + "sniffing": { + "enabled": true, + "destOverride": ["http", "tls", "quic"], + "routeOnly": true + } + } + ], + "outbounds": [ + { + "protocol": "freedom", + "tag": "direct" + }, + { + "protocol": "blackhole", + "tag": "block" + } + ], + "routing": { + "rules": [ + { + "type": "field", + "outboundTag": "block", + "protocol": ["bittorrent"] + } + ] + } +} +EOF + + log "配置已写入: /usr/local/etc/xray/config.json" +} + +write_config_fast() { + step "3/5 写入 Xray 配置 (Fast TCP)" + + cat > /usr/local/etc/xray/config.json << EOF +{ + "log": { + "loglevel": "warning" + }, + "inbounds": [ + { + "listen": "0.0.0.0", + "port": ${XRAY_PORT}, + "protocol": "vless", + "settings": { + "clients": [ + { + "id": "${XRAY_UUID}" + } + ], + "decryption": "none" + }, + "streamSettings": { + "network": "tcp", + "security": "none" + }, + "sniffing": { + "enabled": true, + "destOverride": ["http", "tls", "quic"], + "routeOnly": true + } + } + ], + "outbounds": [ + { + "protocol": "freedom", + "tag": "direct" + }, + { + "protocol": "blackhole", + "tag": "block" + } + ], + "routing": { + "rules": [ + { + "type": "field", + "outboundTag": "block", + "protocol": ["bittorrent"] + } + ] + } +} +EOF + + log "配置已写入: /usr/local/etc/xray/config.json" +} + +# ===== 5. 防火墙 ===== +configure_firewall() { + step "4/5 配置防火墙" + + if command -v ufw &>/dev/null; then + ufw allow "${XRAY_PORT}/tcp" + ufw allow 22/tcp + ufw --force enable + log "ufw 已放行端口 ${XRAY_PORT}/tcp" + elif command -v firewall-cmd &>/dev/null; then + firewall-cmd --permanent --add-port="${XRAY_PORT}/tcp" + firewall-cmd --reload + log "firewalld 已放行端口 ${XRAY_PORT}/tcp" + else + warn "未检测到防火墙工具,请手动放行端口 ${XRAY_PORT}/tcp" + fi +} + +# ===== 6. BBR + 网络调优 ===== +tune_network() { + step "5/5 BBR + 网络调优" + + cat > /etc/sysctl.d/99-xray-turbo.conf << 'SYSEOF' +# BBR 拥塞控制 +net.core.default_qdisc=fq +net.ipv4.tcp_congestion_control=bbr + +# TCP 缓冲区(提升大文件 / 视频流吞吐量) +net.core.rmem_max=16777216 +net.core.wmem_max=16777216 +net.ipv4.tcp_rmem=4096 87380 16777216 +net.ipv4.tcp_wmem=4096 65536 16777216 + +# 连接优化 +net.ipv4.tcp_fastopen=3 +net.ipv4.tcp_slow_start_after_idle=0 +net.ipv4.tcp_mtu_probing=1 +net.ipv4.tcp_fin_timeout=15 +net.ipv4.tcp_keepalive_time=300 +net.ipv4.tcp_keepalive_intvl=30 +net.ipv4.tcp_keepalive_probes=5 +net.ipv4.tcp_max_tw_buckets=5000 +net.ipv4.tcp_max_syn_backlog=8192 +net.core.somaxconn=8192 +net.core.netdev_max_backlog=8192 +SYSEOF + + sysctl --system > /dev/null 2>&1 + log "BBR 已启用,网络参数已优化" +} + +# ===== 7. 启动服务 ===== +start_service() { + systemctl daemon-reload + systemctl restart xray + systemctl enable xray + + sleep 2 + if systemctl is-active --quiet xray; then + log "Xray 服务已启动 ✅" + else + error "Xray 启动失败,请检查: journalctl -u xray -f" + exit 1 + fi +} + +# ===== 8. 保存配置到 .env ===== +save_env() { + cat > "$SCRIPT_DIR/.env" << EOF +# Xray 部署配置(由 deploy.sh 自动生成) +# 生成时间: $(date '+%Y-%m-%d %H:%M:%S') + +XRAY_MODE=${MODE} +XRAY_PORT=${XRAY_PORT} +XRAY_UUID=${XRAY_UUID} +EOF + + if [ "$MODE" = "reality" ]; then + cat >> "$SCRIPT_DIR/.env" << EOF +XRAY_PRIVATE_KEY=${XRAY_PRIVATE_KEY} +XRAY_PUBLIC_KEY=${XRAY_PUBLIC_KEY} +XRAY_SHORT_ID=${XRAY_SHORT_ID} +REALITY_DEST=${REALITY_DEST} +REALITY_SNI=${REALITY_SNI} +EOF + fi + + chmod 600 "$SCRIPT_DIR/.env" + log "配置已保存到 .env(权限 600)" +} + +# ===== 9. 输出连接信息 ===== +print_result() { + local server_ip + server_ip=$(curl -s --max-time 5 ipv4.ip.sb || curl -s --max-time 5 ifconfig.me || echo "获取失败") + + echo "" + echo "==========================================================" + + if [ "$MODE" = "reality" ]; then + echo " Xray VLESS-Reality 部署完成 ✅" + echo "==========================================================" + echo "" + echo " IP : ${server_ip}" + echo " 端口 : ${XRAY_PORT}" + echo " 协议 : VLESS" + echo " UUID : ${XRAY_UUID}" + echo " 流控 : xtls-rprx-vision" + echo " 传输 : tcp" + echo " 安全 : reality" + echo " SNI : ${REALITY_SNI}" + echo " Fingerprint : chrome" + echo " PublicKey : ${XRAY_PUBLIC_KEY}" + echo " ShortId : ${XRAY_SHORT_ID}" + echo "" + echo "==========================================================" + echo "" + echo ">>> VLESS 分享链接(可直接导入客户端):" + echo "" + echo "vless://${XRAY_UUID}@${server_ip}:${XRAY_PORT}?encryption=none&flow=xtls-rprx-vision&security=reality&sni=${REALITY_SNI}&fp=chrome&pbk=${XRAY_PUBLIC_KEY}&sid=${XRAY_SHORT_ID}&type=tcp#VPS-Reality" + else + echo " Xray VLESS TCP 部署完成 ✅" + echo "==========================================================" + echo "" + echo " IP : ${server_ip}" + echo " 端口 : ${XRAY_PORT}" + echo " 协议 : VLESS" + echo " UUID : ${XRAY_UUID}" + echo " 传输 : tcp" + echo " 安全 : none" + fi + + echo "" + echo "==========================================================" + echo "" + echo "⚠️ 请妥善保存以上信息!" + echo " 配置文件: /usr/local/etc/xray/config.json" + echo " 凭据备份: ${SCRIPT_DIR}/.env" + echo " 查看日志: journalctl -u xray -f" + echo " 重启服务: systemctl restart xray" + echo "==========================================================" +} + +# ===== 主流程 ===== +main() { + echo "" + log "部署模式: ${MODE}" + [ "$MODE" = "reality" ] && log "VLESS-Reality(推荐,抗封锁)" || log "VLESS TCP(极速,无 TLS)" + echo "" + + install_xray + generate_keys + select_reality_dest + write_config + configure_firewall + tune_network + start_service + save_env + print_result +} + +main diff --git a/vps-xray/uninstall.sh b/vps-xray/uninstall.sh new file mode 100644 index 0000000..e4b519f --- /dev/null +++ b/vps-xray/uninstall.sh @@ -0,0 +1,146 @@ +#!/usr/bin/env bash +set -euo pipefail + +# ============================================ +# Xray 卸载脚本 +# 停止服务 → 备份 → 清理配置/防火墙/调优 +# ============================================ + +SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" +cd "$SCRIPT_DIR" + +RED='\033[0;31m' +GREEN='\033[0;32m' +YELLOW='\033[1;33m' +NC='\033[0m' + +log() { echo -e "${GREEN}[INFO]${NC} $*"; } +warn() { echo -e "${YELLOW}[WARN]${NC} $*"; } +error() { echo -e "${RED}[ERROR]${NC} $*" >&2; } + +# ===== 检查 root ===== +if [ "$(id -u)" -ne 0 ]; then + error "请使用 root 用户运行: sudo bash uninstall.sh" + exit 1 +fi + +# ===== 加载配置 ===== +if [ -f .env ]; then + sed -i 's/\r$//' .env + set -a; source .env; set +a +fi + +XRAY_PORT="${XRAY_PORT:-443}" +BACKUP_DIR="${BACKUP_DIR:-/var/backups/xray}" + +# ===== 确认操作 ===== +echo "" +echo -e "${RED}╔══════════════════════════════════════════════════╗${NC}" +echo -e "${RED}║ ⚠ 即将卸载 Xray 及所有配置 ⚠ ║${NC}" +echo -e "${RED}╚══════════════════════════════════════════════════╝${NC}" +echo "" +echo "将执行以下操作:" +echo " 1. 停止并禁用 Xray 服务" +echo " 2. 卸载 Xray 程序" +echo " 3. 删除 Xray 配置文件" +echo " 4. 移除网络调优配置" +echo " 5. 关闭防火墙端口 ${XRAY_PORT}" +echo "" +echo "涉及的目录:" +echo " 配置目录: /usr/local/etc/xray/" +echo " 备份目录: ${BACKUP_DIR}(保留)" +echo " 部署目录: ${SCRIPT_DIR}" +echo "" +echo -e "${YELLOW}备份目录将保留,不会被删除。${NC}" +echo "" +read -r -p "确定要继续卸载吗?输入 YES 确认: " confirm +if [ "$confirm" != "YES" ]; then + log "已取消卸载" + exit 0 +fi + +# ===== 卸载前备份 ===== +echo "" +read -r -p "是否在卸载前执行一次备份?(y/N): " do_backup +if [[ "$do_backup" =~ ^[Yy]$ ]]; then + if [ -f backup.sh ]; then + log "正在执行备份..." + bash backup.sh + log "备份完成" + else + warn "backup.sh 不存在,跳过备份" + fi +fi + +# ===== 1. 停止并禁用 Xray 服务 ===== +echo "" +log "正在停止 Xray 服务..." +if systemctl is-active --quiet xray 2>/dev/null; then + systemctl stop xray + log "Xray 服务已停止" +else + log "Xray 服务未运行" +fi +systemctl disable xray 2>/dev/null || true + +# ===== 2. 卸载 Xray ===== +log "正在卸载 Xray..." +if [ -f /usr/local/bin/xray ]; then + # 使用官方卸载方式 + bash <(curl -fsSL https://raw.githubusercontent.com/XTLS/Xray-install/main/install-release.sh) --remove 2>/dev/null || true + # 手动清理残留 + rm -f /usr/local/bin/xray + rm -rf /usr/local/etc/xray + rm -rf /usr/local/share/xray + rm -f /etc/systemd/system/xray.service + rm -f /etc/systemd/system/xray@.service + systemctl daemon-reload + log "Xray 已卸载" +else + log "Xray 未安装,跳过" +fi + +# ===== 3. 移除网络调优配置 ===== +log "正在移除网络调优配置..." +if [ -f /etc/sysctl.d/99-xray-turbo.conf ]; then + rm -f /etc/sysctl.d/99-xray-turbo.conf + sysctl --system > /dev/null 2>&1 + log "网络调优配置已移除" +else + log "网络调优配置不存在,跳过" +fi + +# ===== 4. 关闭防火墙端口 ===== +log "正在关闭防火墙端口 ${XRAY_PORT}..." +if command -v ufw &>/dev/null; then + ufw delete allow "${XRAY_PORT}/tcp" 2>/dev/null || true + ufw reload 2>/dev/null || true + log "ufw 已关闭端口 ${XRAY_PORT}/tcp" +elif command -v firewall-cmd &>/dev/null; then + firewall-cmd --permanent --remove-port="${XRAY_PORT}/tcp" 2>/dev/null || true + firewall-cmd --reload 2>/dev/null || true + log "firewalld 已关闭端口 ${XRAY_PORT}/tcp" +else + warn "未检测到防火墙工具,请手动关闭端口 ${XRAY_PORT}/tcp" +fi + +# ===== 5. 删除部署目录 ===== +echo "" +read -r -p "是否删除部署目录 ${SCRIPT_DIR}?(y/N): " del_deploy +if [[ "$del_deploy" =~ ^[Yy]$ ]]; then + cd /opt + rm -rf "$SCRIPT_DIR" + log "已删除部署目录" +else + warn "保留部署目录: ${SCRIPT_DIR}" +fi + +# ===== 完成 ===== +echo "" +log "Xray 卸载完成" +echo "" +echo "保留的内容:" +echo " 备份目录: ${BACKUP_DIR}" +[[ ! "$del_deploy" =~ ^[Yy]$ ]] && echo " 部署目录: ${SCRIPT_DIR}" +echo "" +echo "如需恢复,请参考 README.md 中的「恢复备份」章节。"