ruili-station
/
readme


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155
							#!/bin/bash

if [ "$1" = "xxx" ]; then
    echo "请填写站名简称和编号"
    # 在这里可以添加其他需要执行的命令
    exit 1  # 结束执行
fi

# 项目名称
proj=$1
# 透传编号
if [ "$2" -ge 10 ]; then
  port=$2
else
  port="0$2"
fi

# 判断内网穿透服务
create_frpc=false
if ! sudo docker ps -q -f name="frpc" | grep -q .; then
    create_frpc=true
else
    read -p "frpc容器已经存在,是否删除？ (y/n): " confirm_frpc
    # 判断用户的回答
    if [ "$confirm_frpc" == "y" ] || [ "$confirm_frpc" == "Y" ]; then
        sudo docker rm -f frpc
        create_frpc=true
    fi
fi
# 1. 视频NRV录像机穿透
# 2. VPN穿透
# 3. SSH穿透,仅供阿里云内网使用
if $create_frpc; then
if [ ! -e "frpc.ini" ]; then
cat <<EOF > frpc.ini
[common]
server_addr = 120.27.243.131
server_port = 7000

[nvr-$proj]
type = tcp
local_ip = 192.168.3.200
local_port = 554 
remote_port = 119$port

[vpn-$proj]
type = udp
local_ip = 0.0.0.0
local_port = 101$port
remote_port = 101$port

[ssh-$proj]
type = tcp
local_ip = 0.0.0.0
local_port = 22
remote_port = 220$port

[ptr-$proj]
type = tcp
local_ip = 0.0.0.0
local_port = 9001
remote_port = 290$port

[node-$proj]
type = tcp
local_ip = 0.0.0.0
local_port = 9100
remote_port = 230$port
EOF
fi
cat <<EOF > Dockerfile
FROM snowdreamtech/frpc:0.50.0
COPY frpc.ini /etc/frp/frpc.ini
EOF
sudo docker build -t frpc .
rm -rf frpc.ini Dockerfile
sudo docker run --name frpc --restart always --network host -d frpc
fi

# VPN搭建
# 判断内网穿透服务
create_vpn=false
if ! sudo docker ps -q -f name="vpn" | grep -q .; then
    create_vpn=true
else
    read -p "VPN容器已经存在,是否删除？ (y/n): " confirm_vpn
    # 判断用户的回答
    if [ "$confirm_vpn" == "y" ] || [ "$confirm_vpn" == "Y" ]; then
        sudo docker rm -f vpn
        sudo docker volume rm openvpn
        create_vpn=true
    fi
fi
if $create_vpn; then
sudo docker volume create --name openvpn

if ! grep -q "net.ipv6.conf.default.forwarding=1" /etc/sysctl.conf; then
  sudo echo net.ipv6.conf.default.forwarding=1 >> /etc/sysctl.conf
  sudo echo net.ipv6.conf.all.forwarding=1 >> /etc/sysctl.conf
  sudo sysctl -p
fi

ip -o link show | awk -F': ' '{print $2}' | while read interface; do
    # 处理192.168.3网段的网卡
    mac=$(ip link show dev "$interface" | awk '/link\/ether/ {print $2}')
    ip=$(ip addr show dev "$interface" | awk '/inet 192.168.6/ {print $2}')
    if [ -n "$ip" ] && [ -n "$mac" ]; then
        subnet=$(echo "$ip" | awk -F'/' '{print $1}' | awk -F'.' '{print $1"."$2"."$3}')
        echo "网卡名称: $interface，MAC地址: $mac，IP地址: $(echo $ip | cut -d '/' -f 1), subnet: $subnet"
        sudo docker run -v openvpn:/etc/openvpn --privileged --rm jaikuai/openvpn-tap:1.0.1 ovpn_genconfig -u udp://120.27.243.131:101$port \
        -t -B -D -d -b \
        --bridge-name 'br0' \
        --bridge-eth-if $interface \
        --bridge-eth-ip $(echo $ip | cut -d '/' -f 1) \
        --bridge-eth-subnet '255.255.255.0' \
        --bridge-eth-broadcast "$subnet.255" \
        --bridge-eth-mac $mac \
        --bridge-eth-gateway "$subnet.1" \
        --bridge-dhcp-start "$subnet.180" \
        --bridge-dhcp-end "$subnet.189"
        if ip route | grep "default via $subnet.1 dev br0"; then
            # 如果存在，则删除路由
            sudo ip route del default via $subnet.1 dev br0
            echo "已删除指定路由."
        else
            echo "指定路由不存在."
        fi
        sudo sed -i "s/192.168.255.0/$subnet.0/g" /var/lib/docker/volumes/openvpn/_data/openvpn.conf
    fi
done

# 密码: qx123456
sudo docker run -v openvpn:/etc/openvpn --rm -it jaikuai/openvpn-tap:1.0.1 ovpn_initpki
sudo docker run -v openvpn:/etc/openvpn --privileged --network host --cap-add=NET_ADMIN --restart=always --name vpn -d jaikuai/openvpn-tap:1.0.1

# 单网卡补充默认路由 
# sudo ip route add default via 192.168.0.1

cat <<EOF > vpn-user.sh
#!/bin/sh

user=\$1
array=(\${user//,/ })
for item in \${array[@]}
do
    sudo docker run -v openvpn:/etc/openvpn --rm -it jaikuai/openvpn-tap:1.0.1 easyrsa build-client-full \$item-$proj nopass
    sudo docker run -v openvpn:/etc/openvpn --log-driver=none --rm jaikuai/openvpn-tap:1.0.1 ovpn_getclient \$item-$proj > \$item-$proj.ovpn
done

EOF

sudo chmod a+x vpn-user.sh
echo "# 执行 ./vpn-user.sh 即可生成客户端配置文件."
echo "# bash vpn-user.sh hzw,jxt"
fi