123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336 |
- #!/bin/bash
- # Check root
- if [[ $EUID -ne 0 ]]; then
- echo "This script must be run as root!"
- exit 1
- fi
- if [ "$(systemd-detect-virt)" == "openvz" ]; then
- echo "OpenVZ is not supported!"
- exit 1
- fi
- # Get domain
- clear
- echo -e "Install variant :"
- echo -e " [1] Xray - Faster (443)"
- echo -e " [2] V2Ray - Support no-TLS (443 & 80)"
- echo -e ""
- until [[ ${variant} =~ ^[1-2]$ ]]; do
- read -rp "Select an option [1-2]: " variant
- done
- echo -e ""
- read -p "Please enter your domain : " domain
- echo -e ""
- ip=$(wget -qO- ipv4.icanhazip.com)
- domain_ip=$(ping "${domain}" -c 1 | sed '1{s/[^(]*(//;s/).*//;q}')
- if [[ ${domain_ip} == "${ip}" ]]; then
- echo -e "IP matched with the server. The installation will continue."
- sleep 2
- clear
- else
- echo -e "IP does not match with the server. Make sure to point A record to your server."
- echo -e ""
- exit 1
- fi
- # Update & Upgrade
- apt update
- apt upgrade -y
- # Remove unused dependencies
- apt autoremove -y
- # Set timezone
- ln -sf /usr/share/zoneinfo/Asia/Kuala_Lumpur /etc/localtime
- # Disable IPv6
- sysctl -w net.ipv6.conf.all.disable_ipv6=1
- sysctl -w net.ipv6.conf.default.disable_ipv6=1
- sysctl -w net.ipv6.conf.lo.disable_ipv6=1
- echo -e "net.ipv6.conf.all.disable_ipv6 = 1
- net.ipv6.conf.default.disable_ipv6 = 1
- net.ipv6.conf.lo.disable_ipv6 = 1" >> /etc/sysctl.conf
- # Install BBR+FQ
- echo -e "net.core.default_qdisc=fq
- net.ipv4.tcp_congestion_control=bbr" >> /etc/sysctl.conf
- sysctl -p
- # Configure UFW
- apt install -y ufw
- sed -i "s/IPV6=yes/IPV6=no/g" /etc/default/ufw
- ufw allow 22
- ufw allow 85
- ufw allow 465
- ufw allow 8080
- ufw allow 1194
- ufw allow 80
- ufw allow 443
- ufw allow 51820
- ufw allow 7300
- ufw allow 8000
- ufw allow 3128
- ufw reload
- echo -e "y" | ufw enable
- # Install tools
- apt install -y net-tools vnstat unzip curl screen
- # Install screenfetch
- wget -qO /usr/bin/screenfetch "https://notabug.org/irwanmohi/aidanvpn/raw/master/FILES/screenfetch.sh"
- chmod +x /usr/bin/screenfetch
- echo -e "clear
- screenfetch
- echo" >> .profile
- # Configure SSH
- echo -e "AllowUsers root" >> /etc/ssh/sshd_config
- wget -qO /etc/issue.net "https://notabug.org/irwanmohi/aidanvpn/raw/master/FILES/issue.net"
- sed -i "s/#Banner none/Banner \/etc\/issue.net/g" /etc/ssh/sshd_config
- service ssh restart
- # Install Dropbear
- apt install -y dropbear
- sed -i "s/NO_START=1/NO_START=0/g" /etc/default/dropbear
- sed -i "s/DROPBEAR_PORT=22/DROPBEAR_PORT=85/g" /etc/default/dropbear
- echo -e "/bin/false" >> /etc/shells
- wget -qO /etc/dropbear_issue.net "https://notabug.org/irwanmohi/aidanvpn/raw/master/FILES/dropbear_issue.net"
- sed -i 's|DROPBEAR_BANNER=""|DROPBEAR_BANNER="/etc/dropbear_issue.net"|g' /etc/default/dropbear
- service dropbear restart
- # Install Stunnel
- apt install -y stunnel4
- sed -i "s/ENABLED=0/ENABLED=1/g" /etc/default/stunnel4
- openssl req -new -newkey rsa:2048 -days 3650 -nodes -x509 -sha256 -subj "/CN=AidanVPN/emailAddress=irwan@aidan.my/O=Aidan VPN/OU=Aidan VPN Premium/C=MY" -keyout /etc/stunnel/stunnel.pem -out /etc/stunnel/stunnel.pem
- wget -qO /etc/stunnel/stunnel.conf "https://notabug.org/irwanmohi/aidanvpn/raw/master/FILES/stunnel.conf"
- service stunnel4 restart
- # Install Squid3
- apt install -y squid3
- wget -qO /etc/squid/squid.conf "https://notabug.org/irwanmohi/aidanvpn/raw/master/FILES/squid.conf"
- sed -i "s/xx/$domain/g" /etc/squid/squid.conf
- sed -i "s/ip/$ip/g" /etc/squid/squid.conf
- service squid restart
- # Install OpenVPN
- apt install -y openvpn
- wget -q "https://notabug.org/irwanmohi/aidanvpn/raw/master/FILES/openvpn/EasyRSA-3.0.8.tgz"
- tar xvf EasyRSA-3.0.8.tgz
- rm EasyRSA-3.0.8.tgz
- mv EasyRSA-3.0.8 /etc/openvpn/easy-rsa
- cp /etc/openvpn/easy-rsa/vars.example /etc/openvpn/easy-rsa/vars
- sed -i 's/#set_var EASYRSA_REQ_COUNTRY\t"US"/set_var EASYRSA_REQ_COUNTRY\t"MY"/g' /etc/openvpn/easy-rsa/vars
- sed -i 's/#set_var EASYRSA_REQ_PROVINCE\t"California"/set_var EASYRSA_REQ_PROVINCE\t"Selangor"/g' /etc/openvpn/easy-rsa/vars
- sed -i 's/#set_var EASYRSA_REQ_CITY\t"San Francisco"/set_var EASYRSA_REQ_CITY\t"Gombak"/g' /etc/openvpn/easy-rsa/vars
- sed -i 's/#set_var EASYRSA_REQ_ORG\t"Copyleft Certificate Co"/set_var EASYRSA_REQ_ORG\t\t"Aidan Technology"/g' /etc/openvpn/easy-rsa/vars
- sed -i 's/#set_var EASYRSA_REQ_EMAIL\t"me@example.net"/set_var EASYRSA_REQ_EMAIL\t"irwan@aidan.my"/g' /etc/openvpn/easy-rsa/vars
- sed -i 's/#set_var EASYRSA_REQ_OU\t\t"My Organizational Unit"/set_var EASYRSA_REQ_OU\t\t"Aidan Staff Only"/g' /etc/openvpn/easy-rsa/vars
- sed -i 's/#set_var EASYRSA_CA_EXPIRE\t3650/set_var EASYRSA_CA_EXPIRE\t3650/g' /etc/openvpn/easy-rsa/vars
- sed -i 's/#set_var EASYRSA_CERT_EXPIRE\t825/set_var EASYRSA_CERT_EXPIRE\t3650/g' /etc/openvpn/easy-rsa/vars
- sed -i 's/#set_var EASYRSA_REQ_CN\t\t"ChangeMe"/set_var EASYRSA_REQ_CN\t\t"Aidan VPN"/g' /etc/openvpn/easy-rsa/vars
- cd /etc/openvpn/easy-rsa
- ./easyrsa --batch init-pki
- ./easyrsa --batch build-ca nopass
- ./easyrsa gen-dh
- ./easyrsa build-server-full server nopass
- cd
- mkdir /etc/openvpn/key
- cp /etc/openvpn/easy-rsa/pki/issued/server.crt /etc/openvpn/key/
- cp /etc/openvpn/easy-rsa/pki/ca.crt /etc/openvpn/key/
- cp /etc/openvpn/easy-rsa/pki/dh.pem /etc/openvpn/key/
- cp /etc/openvpn/easy-rsa/pki/private/server.key /etc/openvpn/key/
- wget -qO /etc/openvpn/server-udp.conf "https://notabug.org/irwanmohi/aidanvpn/raw/master/FILES/openvpn/server-udp.conf"
- wget -qO /etc/openvpn/server-tcp.conf "https://notabug.org/irwanmohi/aidanvpn/raw/master/FILES/openvpn/server-tcp.conf"
- sed -i "s/#AUTOSTART="all"/AUTOSTART="all"/g" /etc/default/openvpn
- echo -e "net.ipv4.ip_forward = 1" >> /etc/sysctl.conf
- sysctl -p
- echo -e "\n# START OPENVPN RULES
- # NAT table rules
- *nat
- # Allow traffic from OpenVPN client to eth0
- # END OPENVPN RULES" >> /etc/ufw/before.rules
- ufw reload
- systemctl start openvpn@server-udp
- systemctl start openvpn@server-tcp
- systemctl enable openvpn@server-udp
- systemctl enable openvpn@server-tcp
- # Configure OpenVPN client configuration
- mkdir -p /aidan/openvpn
- wget -qO /aidan/openvpn/client-udp.ovpn "https://notabug.org/irwanmohi/aidanvpn/raw/master/FILES/openvpn/client-udp.ovpn"
- wget -qO /aidan/openvpn/client-tcp.ovpn "https://notabug.org/irwanmohi/aidanvpn/raw/master/FILES/openvpn/client-tcp.ovpn"
- sed -i "s/xx/$ip/g" /aidan/openvpn/client-udp.ovpn
- sed -i "s/xx/$ip/g" /aidan/openvpn/client-tcp.ovpn
- echo -e "\n<ca>" >> /aidan/openvpn/client-tcp.ovpn
- cat "/etc/openvpn/key/ca.crt" >> /aidan/openvpn/client-tcp.ovpn
- echo -e "</ca>" >> /aidan/openvpn/client-tcp.ovpn
- echo -e "\n<ca>" >> /aidan/openvpn/client-udp.ovpn
- cat "/etc/openvpn/key/ca.crt" >> /aidan/openvpn/client-udp.ovpn
- echo -e "</ca>" >> /aidan/openvpn/client-udp.ovpn
- # Install variant
- if [ "$variant" == 1 ]; then
- # Install Xray
- apt-get install -y lsb-release gnupg2 wget lsof tar unzip curl libpcre3 libpcre3-dev zlib1g-dev openssl libssl-dev jq nginx uuid-runtime
- curl -L https://github.com/XTLS/Xray-install/raw/main/install-release.sh | bash -s -- install
- echo $domain > /usr/local/etc/xray/domain
- wget -qO /usr/local/etc/xray/config.json "https://notabug.org/irwanmohi/aidanvpn/raw/master/FILES/xray/xray.json"
- wget -qO /etc/nginx/conf.d/${domain}.conf "https://notabug.org/irwanmohi/aidanvpn/raw/master/FILES/xray/web.conf"
- sed -i "s/xxx/${domain}/g" /etc/nginx/conf.d/${domain}.conf
- wget -qO web.tar.gz "https://notabug.org/irwanmohi/aidanvpn/raw/master/FILES/web.tar.gz"
- rm -rf /var/www/html/*
- tar xzf web.tar.gz -C /var/www/html
- rm -f web.tar.gz
- mkdir /aidan/xray
- curl -L get.acme.sh | bash
- /root/.acme.sh/acme.sh --set-default-ca --server letsencrypt
- sed -i "6s/^/#/" /etc/nginx/conf.d/${domain}.conf
- sed -i "6a\\\troot /var/www/html/;" /etc/nginx/conf.d/${domain}.conf
- systemctl restart nginx
- /root/.acme.sh/acme.sh --issue -d "${domain}" --webroot "/var/www/html/" -k ec-256 --force
- /root/.acme.sh/acme.sh --installcert -d "${domain}" --fullchainpath /aidan/xray/xray.crt --keypath /aidan/xray/xray.key --reloadcmd "systemctl restart xray" --ecc --force
- sed -i "7d" /etc/nginx/conf.d/${domain}.conf
- sed -i "6s/#//" /etc/nginx/conf.d/${domain}.conf
- chown -R nobody.nogroup /aidan/xray/xray.crt
- chown -R nobody.nogroup /aidan/xray/xray.key
- touch /aidan/xray/xray-clients.txt
- sed -i "s/\tinclude \/etc\/nginx\/sites-enabled\/\*;/\t# include \/etc\/nginx\/sites-enabled\/\*;asd/g" /etc/nginx/nginx.conf
- mkdir /etc/systemd/system/nginx.service.d
- printf "[Service]\nExecStartPost=/bin/sleep 0.1\n" | tee /etc/systemd/system/nginx.service.d/override.conf
- systemctl daemon-reload
- systemctl restart nginx
- systemctl restart xray
- elif [[ "$variant" == 2 ]]; then
- # Install V2Ray
- apt-get install -y jq uuid-runtime socat
- bash <(curl -L https://raw.githubusercontent.com/v2fly/fhs-install-v2ray/master/install-release.sh)
- echo $domain > /usr/local/etc/v2ray/domain
- wget -qO /usr/local/etc/v2ray/ws-tls.json "https://notabug.org/irwanmohi/aidanvpn/raw/master/FILES/v2ray/v2ray-ws-tls.json"
- wget -qO /usr/local/etc/v2ray/ws.json "https://notabug.org/irwanmohi/aidanvpn/raw/master/FILES/v2ray/v2ray-ws.json"
- sed -i "s/xx/${domain}/g" /usr/local/etc/v2ray/ws-tls.json
- sed -i "s/xx/${domain}/g" /usr/local/etc/v2ray/ws.json
- mkdir /aidan/v2ray
- curl -L get.acme.sh | bash
- /root/.acme.sh/acme.sh --set-default-ca --server letsencrypt
- /root/.acme.sh/acme.sh --issue -d "${domain}" --standalone -k ec-256 --force
- /root/.acme.sh/acme.sh --installcert -d "${domain}" --fullchainpath /aidan/v2ray/v2ray.crt --keypath /aidan/v2ray/v2ray.key --ecc --force
- chown -R nobody.nogroup /aidan/v2ray/v2ray.crt
- chown -R nobody.nogroup /aidan/v2ray/v2ray.key
- touch /aidan/v2ray/v2ray-clients.txt
- systemctl enable v2ray@ws-tls
- systemctl enable v2ray@ws
- systemctl start v2ray@ws-tls
- systemctl start v2ray@ws
- fi
- # Install WireGuard
- echo -e "deb http://ftp.debian.org/debian buster-backports main" >> /etc/apt/sources.list.d/buster-backports.list
- apt update
- apt install -y wireguard iptables resolvconf qrencode
- server_priv_key=$(wg genkey)
- server_pub_key=$(echo "${server_priv_key}" | wg pubkey)
- echo -e "ip=${ip}
- server_priv_key=${server_priv_key}
- server_pub_key=${server_pub_key}" > /etc/wireguard/params
- source /etc/wireguard/params
- echo -e "[Interface]
- Address =
- ListenPort = 51820
- PrivateKey = ${server_priv_key}
- PostUp = iptables -A FORWARD -i eth0 -o wg0 -j ACCEPT; iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
- PostDown = iptables -D FORWARD -i eth0 -o wg0 -j ACCEPT; iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE" >> /etc/wireguard/wg0.conf
- systemctl start "wg-quick@wg0"
- systemctl enable "wg-quick@wg0"
- mkdir /aidan/wireguard
- touch /aidan/wireguard/wireguard-clients.txt
- # Install OHP
- wget -qO /usr/bin/ohpserver "https://notabug.org/irwanmohi/aidanvpn/raw/master/FILES/ohpserver"
- chmod +x /usr/bin/ohpserver
- screen -AmdS ohp-dropbear ohpserver -port 3128 -proxy -tunnel
- screen -AmdS ohp-openvpn ohpserver -port 8000 -proxy -tunnel
- # Install BadVPN UDPGw
- cd
- apt install -y cmake
- wget -qO badvpn.zip "https://notabug.org/irwanmohi/aidanvpn/raw/master/FILES/badvpn.zip"
- unzip badvpn.zip
- cd badvpn-master
- mkdir build-badvpn
- cd build-badvpn
- make install
- cd
- rm -r badvpn-master
- rm badvpn.zip
- screen -AmdS badvpn badvpn-udpgw --listen-addr
- # Install Speedtest cli
- curl -s https://install.speedtest.net/app/cli/install.deb.sh | bash
- apt install speedtest
- # Install fail2ban
- apt install -y fail2ban
- service fail2ban restart
- # Install DDoS Deflate
- apt install -y dnsutils tcpdump dsniff grepcidr
- wget -qO ddos.zip "https://notabug.org/irwanmohi/aidanvpn/raw/master/FILES/ddos-deflate.zip"
- unzip ddos.zip
- cd ddos-deflate
- chmod +x install.sh
- ./install.sh
- cd
- rm -rf ddos.zip ddos-deflate
- # Configure script
- wget -qO /usr/bin/menu "https://notabug.org/irwanmohi/aidanvpn/raw/master/FILES/menu/menu.sh"
- wget -qO /usr/bin/ssh-vpn-script "https://notabug.org/irwanmohi/aidanvpn/raw/master/FILES/menu/ssh-vpn-script.sh"
- if [[ "$variant" == 1 ]]; then
- wget -qO /usr/bin/menu "https://notabug.org/irwanmohi/aidanvpn/raw/master/FILES/menu/menu-xray.sh"
- wget -qO /usr/bin/xray-script "https://notabug.org/irwanmohi/aidanvpn/raw/master/FILES/menu/xray-script.sh"
- chmod +x /usr/bin/xray-script
- elif [[ "$variant" == 2 ]]; then
- wget -qO /usr/bin/menu "https://notabug.org/irwanmohi/aidanvpn/raw/master/FILES/menu/menu-v2ray.sh"
- wget -qO /usr/bin/v2ray-script "https://notabug.org/irwanmohi/aidanvpn/raw/master/FILES/menu/v2ray-script.sh"
- chmod +x /usr/bin/v2ray-script
- fi
- wget -qO /usr/bin/wireguard-script "https://notabug.org/irwanmohi/aidanvpn/raw/master/FILES/menu/wireguard-script.sh"
- wget -qO /usr/bin/script-info "https://notabug.org/irwanmohi/aidanvpn/raw/master/FILES/menu/script-info.sh"
- wget -qO /usr/bin/script-1 "https://notabug.org/irwanmohi/aidanvpn/raw/master/FILES/cron/script-1.sh"
- if [[ "$variant" == 1 ]]; then
- wget -qO /usr/bin/script-2 "https://notabug.org/irwanmohi/aidanvpn/raw/master/FILES/cron/script-2-xray.sh"
- elif [[ "$variant" == 2 ]]; then
- wget -qO /usr/bin/script-2 "https://notabug.org/irwanmohi/aidanvpn/raw/master/FILES/cron/script-2-v2ray.sh"
- fi
- wget -qO /usr/bin/script-3 "https://notabug.org/irwanmohi/aidanvpn/raw/master/FILES/cron/script-3.sh"
- chmod +x /usr/bin/{menu,ssh-vpn-script,wireguard-script,script-info,script-1,script-2,script-3}
- # Configure rc.local
- wget -qO /etc/rc.local "https://notabug.org/irwanmohi/aidanvpn/raw/master/FILES/rc.local"
- chmod +x /etc/rc.local
- # Configure crontab
- echo "0 0 * * * root reboot" >> /etc/crontab
- echo "55 23 * * * root script-2" >> /etc/crontab
- # Configure block all connections
- echo off >> /aidan/block-status
- # Cleanup and reboot
- rm -f /root/install.sh
- cp /dev/null /root/.bash_history
- clear
- echo -e ""
- echo -e "Script executed succesfully."
- echo -e ""
- read -n 1 -r -s -p $"Press enter to reboot..."
- echo -e ""
- reboot