Skip to content

Instantly share code, notes, and snippets.

@gongzili456

gongzili456/gost_vps.init

Created November 13, 2019 07:18
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save gongzili456/ba500418b4e6bfffc9b610a6c519755c to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save gongzili456/ba500418b4e6bfffc9b610a6c519755c to your computer and use it in GitHub Desktop.
Download ZIP

Revisions

  1. gongzili456 created this gist Nov 13, 2019.
    115 changes: 115 additions & 0 deletions gost_vps.init
    View file
    Original file line number Diff line number Diff line change
    @@ -0,0 +1,115 @@
    #!/bin/bash

    # Ubuntu 18.04 系统环境
    # 1. 安装并开启 BBR 拥塞控制算法
    # 2. 安装 Docker CE
    # 3. 安装 certbot
    # 4. 安装 gost
    # 5. 配置自动任务

    update_core(){
    echo "更新系统内核"
    sudo apt install -y -qq --install-recommends linux-generic-hwe-18.04
    sudo apt autoremove

    echo "内核更新完成,重新启动机器。。。"
    sudo reboot
    }

    check_bbr(){
    has_bbr=$(lsmod | grep bbr)

    # 如果已经发现 bbr 进程
    if [ -n "$has_bbr" ] ;then
    echo "TCP BBR 拥塞控制算法已经启动"
    else
    start_bbr
    fi
    }

    start_bbr(){
    echo "启动 TCP BBR 拥塞控制算法"
    sudo modprobe tcp_bbr
    echo "tcp_bbr" | sudo tee --append /etc/modules-load.d/modules.conf
    echo "net.core.default_qdisc=fq" | sudo tee --append /etc/sysctl.conf
    echo "net.ipv4.tcp_congestion_control=bbr" | sudo tee --append /etc/sysctl.conf
    sudo sysctl -p
    sysctl net.ipv4.tcp_available_congestion_control
    sysctl net.ipv4.tcp_congestion_control
    }

    install_docker() {
    echo "开始安装 Docker CE"
    curl -fsSL https://mirrors.ustc.edu.cn/docker-ce/linux/ubuntu/gpg | sudo apt-key add -
    sudo add-apt-repository \
    "deb [arch=amd64] https://mirrors.ustc.edu.cn/docker-ce/linux/ubuntu \
    $(lsb_release -cs) \
    stable"
    sudo apt-get update -qq
    sudo apt-get install -y docker-ce
    }

    install_certbot() {
    echo "开始安装 certbot"
    sudo apt-get update -qq
    sudo apt-get install -y software-properties-common
    sudo add-apt-repository universe
    sudo add-apt-repository ppa:certbot/certbot
    sudo apt-get update -qq
    sudo apt-get install -y certbot
    }

    create_cert() {
    sudo certbot certonly --standalone -d $1
    }

    install_gost() {
    DOMAIN=$1
    USER=$2
    PASS=$3
    PORT=443
    BIND_IP=0.0.0.0
    CERT_DIR=/etc/letsencrypt/
    CERT=${CERT_DIR}/live/${DOMAIN}/fullchain.pem
    KEY=${CERT_DIR}/live/${DOMAIN}/privkey.pem

    docker run -d --name gost \
    -v ${CERT_DIR}:${CERT_DIR}:ro \
    --net=host ginuerzh/gost \
    -L "http2://${USER}:${PASS}@${BIND_IP}:${PORT}?cert=${CERT}&key=${KEY}&probe_resist=code:404"
    }

    create_cront_job(){
    echo "0 0 1 * * /usr/bin/certbot renew --force-renewal" >> /var/spool/cron/crontabs/root
    echo "5 0 1 * * /usr/bin/docker restart gost" >> /var/spool/cron/crontabs/root
    }

    init(){
    VERSION_CURR=$(uname -r | awk -F '-' '{print $1}')
    VERSION_MIN="4.9.0"

    # 如果内核版本号满足最小要求
    if [ $VERSION_CURR > $VERSION_MIN ]; then
    check_bbr
    else
    update_core
    fi

    install_docker
    install_certbot

    echo "开始生成 SSL 证书"
    read -p "请输入你要使用的域名: " domain

    create_cert $domain

    echo "准备启动 Gost 代理程序,为了安全,需要使用用户名与密码进行认证。"
    read -p "请输入你要使用的用户名: " username
    read -p "请输入你要使用的密码: " password

    install_gost $domain $username $password

    create_cront_job
    }

    init