增加重启机制

vps-xray/backup.sh

@@ -1,62 +0,0 @@
-#!/usr/bin/env bash
-set -euo pipefail
-
-# ============================================
-# Xray 备份脚本
-# 备份内容：Xray 配置 + .env 凭据 + 网络调优
-# 定时执行: crontab -e → 0 3 * * 0 /opt/vps-xray/backup.sh
-# ============================================
-
-SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
-cd "$SCRIPT_DIR"
-
-# 加载配置
-if [ -f .env ]; then
-    sed -i 's/\r$//' .env
-    set -a; source .env; set +a
-fi
-
-BACKUP_DIR="${BACKUP_DIR:-/var/backups/xray}"
-DATE=$(date +%Y%m%d_%H%M%S)
-KEEP_DAYS=30
-
-log() { echo "[$(date '+%Y-%m-%d %H:%M:%S')] $*"; }
-
-mkdir -p "$BACKUP_DIR"
-
-# 1. 备份 Xray 配置
-log "正在备份 Xray 配置..."
-if [ -f /usr/local/etc/xray/config.json ]; then
-    tar czf "${BACKUP_DIR}/xray_config_${DATE}.tar.gz" \
-        -C /usr/local/etc xray/
-    log "Xray 配置备份完成: xray_config_${DATE}.tar.gz"
-else
-    log "警告: Xray 配置文件不存在，跳过"
-fi
-
-# 2. 备份部署配置（.env + 脚本）
-log "正在备份部署配置..."
-tar czf "${BACKUP_DIR}/deploy_config_${DATE}.tar.gz" \
-    -C "$SCRIPT_DIR" \
-    $(ls .env deploy.sh backup.sh uninstall.sh 2>/dev/null)
-log "部署配置备份完成: deploy_config_${DATE}.tar.gz"
-
-# 3. 备份网络调优配置
-if [ -f /etc/sysctl.d/99-xray-turbo.conf ]; then
-    log "正在备份网络调优配置..."
-    cp /etc/sysctl.d/99-xray-turbo.conf "${BACKUP_DIR}/sysctl_${DATE}.conf"
-    log "网络调优备份完成: sysctl_${DATE}.conf"
-fi
-
-# 4. 清理过期备份
-log "清理 ${KEEP_DAYS} 天前的备份..."
-deleted=$(find "$BACKUP_DIR" -type f -mtime +${KEEP_DAYS} -print -delete | wc -l)
-log "已清理 ${deleted} 个过期文件"
-
-# 5. 输出备份摘要
-echo ""
-log "===== 备份完成 ====="
-log "备份目录: ${BACKUP_DIR}/"
-ls -lh "${BACKUP_DIR}/"*"${DATE}"* 2>/dev/null || true
-echo ""
-log "总备份空间占用: $(du -sh "${BACKUP_DIR}" | cut -f1)"

vps-xray/deploy.sh

@@ -310,7 +310,7 @@ net.ipv4.tcp_fin_timeout=15
 net.ipv4.tcp_keepalive_time=300
 net.ipv4.tcp_keepalive_intvl=30
 net.ipv4.tcp_keepalive_probes=5
-net.ipv4.tcp_max_tw_buckets=5000
+net.ipv4.tcp_max_tw_buckets=262144
 net.ipv4.tcp_max_syn_backlog=8192
 net.core.somaxconn=8192
 net.core.netdev_max_backlog=8192
@@ -320,11 +320,61 @@ SYSEOF
     log "BBR 已启用，网络参数已优化"
 }
 
+# ===== 新增：系统与服务加固 =====
+harden_system() {
+    step "加固系统与服务"
+
+    # 文件描述符上限
+    if ! grep -q '99-xray-nofile' /etc/security/limits.conf 2>/dev/null; then
+        cat >> /etc/security/limits.conf << 'EOF'
+# 99-xray-nofile
+* soft nofile 1000000
+* hard nofile 1000000
+root soft nofile 1000000
+root hard nofile 1000000
+EOF
+    fi
+
+    # systemd 服务加固
+    mkdir -p /etc/systemd/system/xray.service.d
+    cat > /etc/systemd/system/xray.service.d/override.conf << 'EOF'
+[Service]
+LimitNOFILE=1000000
+Restart=always
+RestartSec=3
+EOF
+
+    # 定时重启 timer（每日凌晨 4 点）
+    cat > /etc/systemd/system/xray-restart.service << 'EOF'
+[Unit]
+Description=Daily restart of Xray
+After=network.target
+
+[Service]
+Type=oneshot
+ExecStart=/bin/systemctl restart xray
+EOF
+
+    cat > /etc/systemd/system/xray-restart.timer << 'EOF'
+[Unit]
+Description=Daily restart Xray at 04:00 CST
+
+[Timer]
+OnCalendar=*-*-* 04:00:00
+TimeZone=Asia/Shanghai
+Persistent=true
+
+[Install]
+WantedBy=timers.target
+EOF
+}
+
 # ===== 7. 启动服务 =====
 start_service() {
     systemctl daemon-reload
     systemctl restart xray
     systemctl enable xray
+    systemctl enable --now xray-restart.timer
 
     sleep 2
     if systemctl is-active --quiet xray; then
@@ -425,6 +475,7 @@ main() {
     write_config
     configure_firewall
     tune_network
+    harden_system
     start_service
     save_env
     print_result

vps-xray/vpn-vps-xray-optimized.yaml

@@ -3,6 +3,20 @@ allow-lan: false
 mode: rule
 log-level: info
 
+dns:
+  enable: true
+  ipv6: false
+  enhanced-mode: fake-ip
+  nameserver:
+    - 223.5.5.5
+    - 119.29.29.29
+  fallback:
+    - 8.8.8.8
+    - 1.1.1.1
+  fallback-filter:
+    geoip: true
+    geoip-code: CN
+
 proxies:
   - name: "VPS-Reality"
     type: vless

vps-xray/vps-xray-optimized.md

@@ -196,17 +196,62 @@ net.ipv4.tcp_fin_timeout=15
 net.ipv4.tcp_keepalive_time=300
 net.ipv4.tcp_keepalive_intvl=30
 net.ipv4.tcp_keepalive_probes=5
-net.ipv4.tcp_max_tw_buckets=5000
+net.ipv4.tcp_max_tw_buckets=262144
 net.ipv4.tcp_max_syn_backlog=8192
 net.core.somaxconn=8192
 net.core.netdev_max_backlog=8192
 SYSEOF
 sysctl --system > /dev/null 2>&1
 
+# ======================== 文件描述符 + 服务加固 ========================
+# 防止长时间运行后 "too many open files" 导致新连接无法建立
+grep -q '99-xray-nofile' /etc/security/limits.conf 2>/dev/null || cat >> /etc/security/limits.conf << 'LIMITEOF'
+# 99-xray-nofile
+* soft nofile 1000000
+* hard nofile 1000000
+root soft nofile 1000000
+root hard nofile 1000000
+LIMITEOF
+
+# systemd 服务：提升 fd 上限 + 崩溃自动重启
+mkdir -p /etc/systemd/system/xray.service.d
+cat > /etc/systemd/system/xray.service.d/override.conf << 'OVERRIDE'
+[Service]
+LimitNOFILE=1000000
+Restart=always
+RestartSec=3
+OVERRIDE
+
+# ======================== 定时重启（每日凌晨 4 点）========================
+# 使用 systemd timer，释放内存碎片，防止长时间运行后性能衰退
+cat > /etc/systemd/system/xray-restart.service << 'RSVC'
+[Unit]
+Description=Daily restart of Xray
+After=network.target
+
+[Service]
+Type=oneshot
+ExecStart=/bin/systemctl restart xray
+RSVC
+
+cat > /etc/systemd/system/xray-restart.timer << 'RTMR'
+[Unit]
+Description=Daily restart Xray at 04:00 CST
+
+[Timer]
+OnCalendar=*-*-* 04:00:00
+TimeZone=Asia/Shanghai
+Persistent=true
+
+[Install]
+WantedBy=timers.target
+RTMR
+
 # ======================== 启动服务 ========================
 systemctl daemon-reload
 systemctl restart xray
 systemctl enable xray
+systemctl enable --now xray-restart.timer
 
 # ======================== 验证运行状态 ========================
 sleep 2
@@ -274,6 +319,20 @@ allow-lan: false
 mode: rule
 log-level: info
 
+dns:
+  enable: true
+  ipv6: false
+  enhanced-mode: fake-ip
+  nameserver:
+    - 223.5.5.5
+    - 119.29.29.29
+  fallback:
+    - 8.8.8.8
+    - 1.1.1.1
+  fallback-filter:
+    geoip: true
+    geoip-code: CN
+
 proxies:
   - name: "VPS-Reality"
     type: vless
@@ -383,6 +442,18 @@ sysctl net.ipv4.tcp_congestion_control
 
 # 验证 443 端口监听
 ss -tlnp | grep 443
+
+# 查看定时重启计划（下次执行时间）
+systemctl list-timers xray-restart.timer
+
+# 手动触发一次定时重启任务
+systemctl start xray-restart.service
+
+# 关闭定时重启
+systemctl disable --now xray-restart.timer
+
+# 重新开启定时重启
+systemctl enable --now xray-restart.timer
 ```
 
 ---