s3proxy.sh

1. #! /bin/bash
2. #
3. # $PROG: s3proxy.sh
4. # $description: install HTTPS/SSL proxy on [NAT IPv4 Share|Dedicated IPv4] VPS(OpenVZ)
5. #       Stunnel4 + 3proxy with user authentication
6. # $Usage: $0 {-n|-s}
7. #     -n : NAT IPv4 Share VPS   -s : Dedicated IPv4 VPS
8. # Works on Debian 7/8 and Ubuntu 14.04/15.04
9. # Public domain use as your own risk!
10.  
11. trap cleanup INT
12.  
13. cleanup(){
14.     kill $(ps aux | grep 3proxy | grep -v grep | awk '{print $2}') 2> /dev/null
15.     rm -rf "$HOME/3proxy"
16.     rm -rf /usr/local/etc/3proxy/ 2> /dev/null
17.     update-rc.d -f 3proxyinit remove 2> /dev/null
18.     rm -f /etc/init.d/3proxyinit 2> /dev/null
19.     mv -f /etc/default/stunnel4.bak /etc/default/stunnel4 2> /dev/null
20.     rm -f "$HOME/publickey.pem" 2> /dev/null
21.     rm -f "$HOME/privatekey.pem" 2> /dev/null
22.     rm -f "$HOME/publickey.crt" 2> /dev/null
23.     rm -f /etc/stunnel/stunnel.conf 2> /dev/null
24.     apt-get purge stunnel4 -y
25.     exit 1
26. }
27.  
28. export PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
29. export LANGUAGE=C
30. export LC_ALL=C
31.  
32. [ $UID -ne 0 ] && {
33.     echo "This script must be executed by root." >&2
34.     exit 1
35. }
36.  
37. [ $(pwd) != "/root" ] && cd "$HOME"
38.  
39. myip=$(wget -qO - v4.ifconfig.co)
40.  
41. 3proxy_install(){
42.     git clone https://github.com/z3APA3A/3proxy.git ;
43.     [ $? -eq 0 ] || {
44.         echo "Clone 3proxy.git failed.exiting..." >&2 ;
45.         exit 1 ;
46.     }
47.     cd 3proxy/ || {
48.         echo "Cannot change to 3proxy directory." >&2 ;
49.         exit 1 ;
50.     }
51.     make -f Makefile.Linux ;
52.     [ $? -eq 0 ] && cd src/ ;
53.     mkdir -p /usr/local/etc/3proxy/bin/ ;
54.     install 3proxy /usr/local/etc/3proxy/bin/3proxy ;
55.     install mycrypt /usr/local/etc/3proxy/bin/mycrypt ;
56.     touch /usr/local/etc/3proxy/3proxy.cfg ;
57.     mkdir -p /usr/local/etc/3proxy/log/ ;
58.     chown -R root:root /usr/local/etc/3proxy/ ;
59.     chown -R 65535 /usr/local/etc/3proxy/log/ ;
60.     touch /usr/local/etc/3proxy/3proxy.pid ;
61.     chown 65535 /usr/local/etc/3proxy/3proxy.pid ;
62.     local cfg
63.     cfg="/usr/local/etc/3proxy/3proxy.cfg"
64.     cat >"$cfg"<<EOF
65. nscache 65536
66. nserver 8.8.8.8
67. nserver 8.8.4.4
68. timeouts 1 5 30 60 180 1800 15 60
69. daemon
70. pidfile 3proxy.pid
71. config 3proxy.cfg
72. monitor 3proxy.cfg
73. log log/3proxy.log D
74. logformat "L%d-%m-%Y %H:%M:%S %z %N.%p %E %U %C:%c %R:%r %O %I %h %T"
75. rotate 30
76. allow * * * 80-88,8080-8088
77. allow * * * 443,8443
78. allow * * * 5222,5223,5228
79. allow * * * 465,587,995
80. proxy -i127.0.0.1 -a -p3128
81. flush
82. chroot /usr/local/etc/3proxy/
83. setgid 65535
84. setuid 65535
85. auth strong
86. users ${username}:CL:${pass}
87.  
88. EOF
89.  
90.     cd /etc/init.d/ || {
91.         echo "Cannot change to /etc/init.d/ directory." >&2 ;
92.         exit 1 ;
93.     }
94.     cat >3proxyinit<<EOF
95. #! /bin/sh
96. #
97. ### BEGIN INIT INFO
98. # Provides: 3Proxy
99. # Required-Start: \$remote_fs \$syslog
100. # Required-Stop: \$remote_fs \$syslog
101. # Default-Start: 2 3 4 5
102. # Default-Stop: 0 1 6
103. # Short-Description: Initialize 3proxy server
104. # Description: starts 3proxy
105. ### END INIT INFO
106.  
107. cd /usr/local/etc/3proxy/
108. case "\$1" in
109.     start)  echo "Starting 3Proxy" ;
110.         /usr/local/etc/3proxy/bin/3proxy /usr/local/etc/3proxy/3proxy.cfg
111.          ;;
112.      stop)  echo "Stopping 3Proxy" ;
113.         kill \`ps aux | grep 3proxy | grep -v grep | awk '{print \$2}'\`
114.         ;;
115.         *)  echo Usage: \\\$0 "{start|stop}" ;
116.         exit 1 ;
117.         ;;
118. esac
119. exit 0
120.  
121. EOF
122.  
123.     if [ -e 3proxyinit ] ; then
124.         bash -n 3proxyinit > /dev/null 2>&1 ;
125.         [ $? -eq 0 ] && {
126.             chmod +x 3proxyinit ;
127.             update-rc.d 3proxyinit defaults ;
128.         } || {
129.             echo "3proxyinit script is something wrong." >&2 ;
130.             exit 1 ;
131.         }
132.         cd "$HOME" ;
133.         /etc/init.d/3proxyinit start ;
134.     else
135.         echo "3proxyinit script is not exist." >&2 ;
136.         exit 1
137.     fi
138. }
139.  
140. username_gen(){
141.     local uletter digit ulength dlength i username pick
142.     uletter="ABCDEFGHIJKLMNOPQRSTUVWXYZ"
143.     digit="123456789"
144.     ulength=${#uletter}
145.     dlength=${#digit}
146.     for ((i=1 ; i<=2 ; i++)) ; do
147.         pick=${uletter:$((RANDOM%ulength-1)):1}${digit:$((RANDOM%dlength-1)):1}
148.         username="$username$pick"
149.     done
150.     echo "$username"
151. }
152.  
153. password_gen(){
154.         local matrix pw count pick i howmany
155.     howmany=10
156.         matrix="123456789aAbBcCdDeEfFgGhHiIjJkKLmMnNpPqQrRsStTuUvVwWxXyYzZ"
157.         count="${#matrix}"
158.         for ((i=1 ; i<=howmany ;i++)) ; do
159.                 pick=${matrix:$((RANDOM%count-1)):1}
160.                 pw="$pw$pick"
161.         done
162.         echo "$pw"
163. }
164.  
165. gen_self_cert(){
166.     openssl genrsa -out privatekey.pem 2048
167.     openssl req -new -x509 -key privatekey.pem -subj \
168.     "/C=CN/ST=MyTunnel/L=Mytunnel/O=$myip/CN=$myip" \
169.     -out publickey.pem -days 1095
170. }
171.  
172. stunnel_install(){
173.     apt-get install stunnel4 -y
174.     gen_self_cert
175.     [ $? -eq 0 ] && {
176.         cat privatekey.pem publickey.pem > /etc/stunnel/stunnel.pem
177.         cat publickey.pem > publickey.crt
178. }
179.  
180.     cat >stunnel.conf<<EOF
181. client = no
182. debug = 7
183. output = /var/log/stunnel4/stunnel.log
184. [3proxy]
185. accept = $port
186. connect = 127.0.0.1:3128
187. cert = /etc/stunnel/stunnel.pem
188.  
189. EOF
190.  
191.     mv -f stunnel.conf /etc/stunnel/
192.     cp -f /etc/default/stunnel4 /etc/default/stunnel4.bak
193.     sed -i 's/^ENABLED=0$/ENABLED=1/' /etc/default/stunnel4
194.     service stunnel4 restart
195. }
196.  
197. username=$(username_gen)
198. pass=$(password_gen)
199.  
200. case "$1" in
201.     -n) flag=0 ;;
202.     -s) flag=1 ;;
203.      *) echo "Usage: ${0##*/} {-n|-s}" >&2 ;
204.         echo "-n : install HTTPS/SSL proxy on NAT IPv4 Share VPS." >&2 ;
205.         echo "-s : install HTTPS/SSL proxy on Dedicated IPv4 VPS." >&2 ;
206.         exit 1
207.             ;;
208. esac
209.  
210. if [ $flag -eq 0 ] ; then
211.     internal_ip=$(ifconfig venet0:0 \
212.         | awk -F: '$2 ~ /[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+/{print $2}' \
213.         | cut -d" " -f1)
214.     port=${internal_ip##*.}20
215. else
216.     pick=($(for i in {18801..18999} ;do echo $i ;done))
217.     count=${#pick[@]}
218.     port=${pick[$((RANDOM%count-1))]}  
219. fi
220.  
221. apt-get update && apt-get upgrade -y
222. apt-get install openssl git build-essential libssl-dev -y
223. 3proxy_install
224. stunnel_install
225.  
226. if netstat -nlp | grep -iq '3proxy' && netstat -nlp | grep -iq 'stunnel4'
227.     then
228.         echo "HTTPS/SSL Proxy is running."
229.         echo "Copy publickey.crt and import to browser."
230.         echo ""
231.         echo "Public IP: $myip"
232.         echo "Port: $port"
233.         echo "User: $username"
234.         echo "Password: $pass"
235.         echo ""
236.         echo "Enjoy."
237.     else
238.         echo "Install HTTPS/SSL proxy failed." >&2
239.         cleanup
240. fi
241. exit 0