增加重启机制
This commit is contained in:
@@ -1,62 +0,0 @@
|
||||
#!/usr/bin/env bash
|
||||
set -euo pipefail
|
||||
|
||||
# ============================================
|
||||
# Xray 备份脚本
|
||||
# 备份内容:Xray 配置 + .env 凭据 + 网络调优
|
||||
# 定时执行: crontab -e → 0 3 * * 0 /opt/vps-xray/backup.sh
|
||||
# ============================================
|
||||
|
||||
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
|
||||
cd "$SCRIPT_DIR"
|
||||
|
||||
# 加载配置
|
||||
if [ -f .env ]; then
|
||||
sed -i 's/\r$//' .env
|
||||
set -a; source .env; set +a
|
||||
fi
|
||||
|
||||
BACKUP_DIR="${BACKUP_DIR:-/var/backups/xray}"
|
||||
DATE=$(date +%Y%m%d_%H%M%S)
|
||||
KEEP_DAYS=30
|
||||
|
||||
log() { echo "[$(date '+%Y-%m-%d %H:%M:%S')] $*"; }
|
||||
|
||||
mkdir -p "$BACKUP_DIR"
|
||||
|
||||
# 1. 备份 Xray 配置
|
||||
log "正在备份 Xray 配置..."
|
||||
if [ -f /usr/local/etc/xray/config.json ]; then
|
||||
tar czf "${BACKUP_DIR}/xray_config_${DATE}.tar.gz" \
|
||||
-C /usr/local/etc xray/
|
||||
log "Xray 配置备份完成: xray_config_${DATE}.tar.gz"
|
||||
else
|
||||
log "警告: Xray 配置文件不存在,跳过"
|
||||
fi
|
||||
|
||||
# 2. 备份部署配置(.env + 脚本)
|
||||
log "正在备份部署配置..."
|
||||
tar czf "${BACKUP_DIR}/deploy_config_${DATE}.tar.gz" \
|
||||
-C "$SCRIPT_DIR" \
|
||||
$(ls .env deploy.sh backup.sh uninstall.sh 2>/dev/null)
|
||||
log "部署配置备份完成: deploy_config_${DATE}.tar.gz"
|
||||
|
||||
# 3. 备份网络调优配置
|
||||
if [ -f /etc/sysctl.d/99-xray-turbo.conf ]; then
|
||||
log "正在备份网络调优配置..."
|
||||
cp /etc/sysctl.d/99-xray-turbo.conf "${BACKUP_DIR}/sysctl_${DATE}.conf"
|
||||
log "网络调优备份完成: sysctl_${DATE}.conf"
|
||||
fi
|
||||
|
||||
# 4. 清理过期备份
|
||||
log "清理 ${KEEP_DAYS} 天前的备份..."
|
||||
deleted=$(find "$BACKUP_DIR" -type f -mtime +${KEEP_DAYS} -print -delete | wc -l)
|
||||
log "已清理 ${deleted} 个过期文件"
|
||||
|
||||
# 5. 输出备份摘要
|
||||
echo ""
|
||||
log "===== 备份完成 ====="
|
||||
log "备份目录: ${BACKUP_DIR}/"
|
||||
ls -lh "${BACKUP_DIR}/"*"${DATE}"* 2>/dev/null || true
|
||||
echo ""
|
||||
log "总备份空间占用: $(du -sh "${BACKUP_DIR}" | cut -f1)"
|
||||
@@ -310,7 +310,7 @@ net.ipv4.tcp_fin_timeout=15
|
||||
net.ipv4.tcp_keepalive_time=300
|
||||
net.ipv4.tcp_keepalive_intvl=30
|
||||
net.ipv4.tcp_keepalive_probes=5
|
||||
net.ipv4.tcp_max_tw_buckets=5000
|
||||
net.ipv4.tcp_max_tw_buckets=262144
|
||||
net.ipv4.tcp_max_syn_backlog=8192
|
||||
net.core.somaxconn=8192
|
||||
net.core.netdev_max_backlog=8192
|
||||
@@ -320,11 +320,61 @@ SYSEOF
|
||||
log "BBR 已启用,网络参数已优化"
|
||||
}
|
||||
|
||||
# ===== 新增:系统与服务加固 =====
|
||||
harden_system() {
|
||||
step "加固系统与服务"
|
||||
|
||||
# 文件描述符上限
|
||||
if ! grep -q '99-xray-nofile' /etc/security/limits.conf 2>/dev/null; then
|
||||
cat >> /etc/security/limits.conf << 'EOF'
|
||||
# 99-xray-nofile
|
||||
* soft nofile 1000000
|
||||
* hard nofile 1000000
|
||||
root soft nofile 1000000
|
||||
root hard nofile 1000000
|
||||
EOF
|
||||
fi
|
||||
|
||||
# systemd 服务加固
|
||||
mkdir -p /etc/systemd/system/xray.service.d
|
||||
cat > /etc/systemd/system/xray.service.d/override.conf << 'EOF'
|
||||
[Service]
|
||||
LimitNOFILE=1000000
|
||||
Restart=always
|
||||
RestartSec=3
|
||||
EOF
|
||||
|
||||
# 定时重启 timer(每日凌晨 4 点)
|
||||
cat > /etc/systemd/system/xray-restart.service << 'EOF'
|
||||
[Unit]
|
||||
Description=Daily restart of Xray
|
||||
After=network.target
|
||||
|
||||
[Service]
|
||||
Type=oneshot
|
||||
ExecStart=/bin/systemctl restart xray
|
||||
EOF
|
||||
|
||||
cat > /etc/systemd/system/xray-restart.timer << 'EOF'
|
||||
[Unit]
|
||||
Description=Daily restart Xray at 04:00 CST
|
||||
|
||||
[Timer]
|
||||
OnCalendar=*-*-* 04:00:00
|
||||
TimeZone=Asia/Shanghai
|
||||
Persistent=true
|
||||
|
||||
[Install]
|
||||
WantedBy=timers.target
|
||||
EOF
|
||||
}
|
||||
|
||||
# ===== 7. 启动服务 =====
|
||||
start_service() {
|
||||
systemctl daemon-reload
|
||||
systemctl restart xray
|
||||
systemctl enable xray
|
||||
systemctl enable --now xray-restart.timer
|
||||
|
||||
sleep 2
|
||||
if systemctl is-active --quiet xray; then
|
||||
@@ -425,6 +475,7 @@ main() {
|
||||
write_config
|
||||
configure_firewall
|
||||
tune_network
|
||||
harden_system
|
||||
start_service
|
||||
save_env
|
||||
print_result
|
||||
|
||||
@@ -3,6 +3,20 @@ allow-lan: false
|
||||
mode: rule
|
||||
log-level: info
|
||||
|
||||
dns:
|
||||
enable: true
|
||||
ipv6: false
|
||||
enhanced-mode: fake-ip
|
||||
nameserver:
|
||||
- 223.5.5.5
|
||||
- 119.29.29.29
|
||||
fallback:
|
||||
- 8.8.8.8
|
||||
- 1.1.1.1
|
||||
fallback-filter:
|
||||
geoip: true
|
||||
geoip-code: CN
|
||||
|
||||
proxies:
|
||||
- name: "VPS-Reality"
|
||||
type: vless
|
||||
|
||||
@@ -196,17 +196,62 @@ net.ipv4.tcp_fin_timeout=15
|
||||
net.ipv4.tcp_keepalive_time=300
|
||||
net.ipv4.tcp_keepalive_intvl=30
|
||||
net.ipv4.tcp_keepalive_probes=5
|
||||
net.ipv4.tcp_max_tw_buckets=5000
|
||||
net.ipv4.tcp_max_tw_buckets=262144
|
||||
net.ipv4.tcp_max_syn_backlog=8192
|
||||
net.core.somaxconn=8192
|
||||
net.core.netdev_max_backlog=8192
|
||||
SYSEOF
|
||||
sysctl --system > /dev/null 2>&1
|
||||
|
||||
# ======================== 文件描述符 + 服务加固 ========================
|
||||
# 防止长时间运行后 "too many open files" 导致新连接无法建立
|
||||
grep -q '99-xray-nofile' /etc/security/limits.conf 2>/dev/null || cat >> /etc/security/limits.conf << 'LIMITEOF'
|
||||
# 99-xray-nofile
|
||||
* soft nofile 1000000
|
||||
* hard nofile 1000000
|
||||
root soft nofile 1000000
|
||||
root hard nofile 1000000
|
||||
LIMITEOF
|
||||
|
||||
# systemd 服务:提升 fd 上限 + 崩溃自动重启
|
||||
mkdir -p /etc/systemd/system/xray.service.d
|
||||
cat > /etc/systemd/system/xray.service.d/override.conf << 'OVERRIDE'
|
||||
[Service]
|
||||
LimitNOFILE=1000000
|
||||
Restart=always
|
||||
RestartSec=3
|
||||
OVERRIDE
|
||||
|
||||
# ======================== 定时重启(每日凌晨 4 点)========================
|
||||
# 使用 systemd timer,释放内存碎片,防止长时间运行后性能衰退
|
||||
cat > /etc/systemd/system/xray-restart.service << 'RSVC'
|
||||
[Unit]
|
||||
Description=Daily restart of Xray
|
||||
After=network.target
|
||||
|
||||
[Service]
|
||||
Type=oneshot
|
||||
ExecStart=/bin/systemctl restart xray
|
||||
RSVC
|
||||
|
||||
cat > /etc/systemd/system/xray-restart.timer << 'RTMR'
|
||||
[Unit]
|
||||
Description=Daily restart Xray at 04:00 CST
|
||||
|
||||
[Timer]
|
||||
OnCalendar=*-*-* 04:00:00
|
||||
TimeZone=Asia/Shanghai
|
||||
Persistent=true
|
||||
|
||||
[Install]
|
||||
WantedBy=timers.target
|
||||
RTMR
|
||||
|
||||
# ======================== 启动服务 ========================
|
||||
systemctl daemon-reload
|
||||
systemctl restart xray
|
||||
systemctl enable xray
|
||||
systemctl enable --now xray-restart.timer
|
||||
|
||||
# ======================== 验证运行状态 ========================
|
||||
sleep 2
|
||||
@@ -274,6 +319,20 @@ allow-lan: false
|
||||
mode: rule
|
||||
log-level: info
|
||||
|
||||
dns:
|
||||
enable: true
|
||||
ipv6: false
|
||||
enhanced-mode: fake-ip
|
||||
nameserver:
|
||||
- 223.5.5.5
|
||||
- 119.29.29.29
|
||||
fallback:
|
||||
- 8.8.8.8
|
||||
- 1.1.1.1
|
||||
fallback-filter:
|
||||
geoip: true
|
||||
geoip-code: CN
|
||||
|
||||
proxies:
|
||||
- name: "VPS-Reality"
|
||||
type: vless
|
||||
@@ -383,6 +442,18 @@ sysctl net.ipv4.tcp_congestion_control
|
||||
|
||||
# 验证 443 端口监听
|
||||
ss -tlnp | grep 443
|
||||
|
||||
# 查看定时重启计划(下次执行时间)
|
||||
systemctl list-timers xray-restart.timer
|
||||
|
||||
# 手动触发一次定时重启任务
|
||||
systemctl start xray-restart.service
|
||||
|
||||
# 关闭定时重启
|
||||
systemctl disable --now xray-restart.timer
|
||||
|
||||
# 重新开启定时重启
|
||||
systemctl enable --now xray-restart.timer
|
||||
```
|
||||
|
||||
---
|
||||
|
||||
Reference in New Issue
Block a user