From 602f47fbbe2039eb0890dafe78eaddbbae21ad3c Mon Sep 17 00:00:00 2001
From: Randall <randall@randallanjie.com>
Date: Tue, 1 Apr 2025 11:30:54 +0800
Subject: [PATCH] =?UTF-8?q?=E6=96=B0=E5=A2=9E=E9=80=82=E9=85=8Dhy2?=
 =?UTF-8?q?=E5=90=8E=E7=AB=AF=E7=9A=84v2b=E7=9A=84=E5=90=8E=E7=AB=AF?=
 =?UTF-8?q?=E8=84=9A=E6=9C=AC?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 vpn/set_hy2_backend/add_hy2_backend.sh | 136 +++++++++++++++++++++++++
 1 file changed, 136 insertions(+)
 create mode 100644 vpn/set_hy2_backend/add_hy2_backend.sh

diff --git a/vpn/set_hy2_backend/add_hy2_backend.sh b/vpn/set_hy2_backend/add_hy2_backend.sh
new file mode 100644
index 0000000..6b05617
--- /dev/null
+++ b/vpn/set_hy2_backend/add_hy2_backend.sh
@@ -0,0 +1,136 @@
+#!/bin/bash
+
+# 检查是否提供了必要的参数
+if [ -z "$1" ] || [ -z "$2" ] || [ -z "$3" ] || [ -z "$4" ] || [ -z "$5" ] || [ -z "$6" ] || [ -z "$7" ]; then
+  echo "Usage: $0 --doname <DONAME> --cfemail <CF_Email> --cfken <CF_Key> --apihost <API_HOST> --apikey <API_KEY> --nodeid <NODE_ID> --nodeport <NODE_PORT>"
+  exit 1
+fi
+
+# 解析命令行参数
+while [[ $# -gt 0 ]]; do
+  case $1 in
+    --doname)
+      DONAME="$2"
+      shift 2
+      ;;
+    --cfemail)
+      CF_Email="$2"
+      shift 2
+      ;;
+    --cfken)
+      CF_Key="$2"
+      shift 2
+      ;;
+    --apihost)
+      API_HOST="$2"
+      shift 2
+      ;;
+    --apikey)
+      API_KEY="$2"
+      shift 2
+      ;;
+    --nodeid)
+      NODE_ID="$2"
+      shift 2
+      ;;
+    --nodeport)
+      NODE_PORT="$2"
+      shift 2
+      ;;
+    *)
+      echo "Unknown parameter: $1"
+      exit 1
+      ;;
+  esac
+done
+
+# 更新系统并安装必要的软件包
+sudo apt update && sudo apt upgrade -y && sudo apt install vim wget curl net-tools socat -y
+
+# 设置主机名
+sudo hostnamectl set-hostname "$DONAME"
+
+# 运行acme脚本安装acme
+curl https://get.acme.sh | sh -s email="$DONAME@randallanjie.com"
+
+# 添加或更新环境变量到.acme.sh/acme.sh.env文件
+ENV_FILE="$HOME/.acme.sh/acme.sh.env"
+grep -q '^export CF_Key=' $ENV_FILE && sed -i "s/^export CF_Key=.*/export CF_Key=\"$CF_Key\"/" $ENV_FILE || echo "export CF_Key=\"$CF_Key\"" >> $ENV_FILE
+grep -q '^export CF_Email=' $ENV_FILE && sed -i "s/^export CF_Email=.*/export CF_Email=\"$CF_Email\"/" $ENV_FILE || echo "export CF_Email=\"$CF_Email\"" >> $ENV_FILE
+
+# 直接导出环境变量到当前会话
+export CF_Key="$CF_Key"
+export CF_Email="$CF_Email"
+
+# 设置acme并申请证书
+~/.acme.sh/acme.sh --upgrade --auto-upgrade
+~/.acme.sh/acme.sh --set-default-ca --server letsencrypt
+~/.acme.sh/acme.sh --issue -d "$DONAME" --dns dns_cf --dnssleep
+
+# 创建必要的目录
+sudo mkdir -p /etc/hysteria/cert
+
+# 安装证书
+~/.acme.sh/acme.sh --installcert -d "$DONAME" --key-file /etc/hysteria/cert/cert.key --fullchain-file /etc/hysteria/cert/fullchain.cer
+
+# 创建server.yaml配置文件
+sudo tee /etc/hysteria/server.yaml > /dev/null << EOF
+v2board:
+  apiHost: $API_HOST
+  apiKey: $API_KEY
+  nodeID: $NODE_ID
+tls:
+  type: tls
+  cert: /etc/hysteria/cert/fullchain.cer
+  key: /etc/hysteria/cert/cert.key
+auth:
+  type: v2board
+trafficStats:
+  listen: 0.0.0.0:$NODE_PORT
+acl: 
+  inline: 
+    - reject(10.0.0.0/8)
+    - reject(172.16.0.0/12)
+    - reject(192.168.0.0/16)
+    - reject(127.0.0.0/8)
+    - reject(fc00::/7)
+EOF
+
+# 检测系统架构
+ARCH=$(uname -m)
+if [ "$ARCH" = "x86_64" ]; then
+    HYSTERIA_URL="https://github.com/cedar2025/hysteria/releases/download/app%2Fv1.0.3/hysteria-linux-amd64"
+elif [ "$ARCH" = "aarch64" ]; then
+    HYSTERIA_URL="https://github.com/cedar2025/hysteria/releases/download/app%2Fv1.0.3/hysteria-linux-arm64"
+else
+    echo "Unsupported architecture: $ARCH"
+    exit 1
+fi
+
+# 下载hysteria
+sudo wget -O /etc/hysteria/hysteriabackend "$HYSTERIA_URL"
+sudo chmod +x /etc/hysteria/hysteriabackend
+
+# 创建systemd服务文件
+sudo tee /lib/systemd/system/hy2backend.service > /dev/null << EOF
+[Unit]
+Description = v2board hy2 backend
+After = network.target syslog.target
+Wants = network.target
+
+[Service]
+Type = simple
+WorkingDirectory = /etc/hysteria/
+ExecStart = /etc/hysteria/hysteriabackend server -c /etc/hysteria/server.yaml
+
+[Install]
+WantedBy = multi-user.target
+EOF
+
+# 重新加载systemd并启动服务
+sudo systemctl daemon-reload
+sudo systemctl enable hy2backend
+sudo systemctl start hy2backend
+
+echo "Setup complete for $DONAME"
+