Last active
March 18, 2020 12:45
-
-
Save drejohnson/73d794ee57c57d6cd86db62fe052a8c2 to your computer and use it in GitHub Desktop.
Revisions
-
drejohnson renamed this gist
Mar 18, 2020 . 1 changed file with 50 additions and 32 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -1,14 +1,21 @@ #!/bin/sh set -e # you may want upgrade netifd first # timezone TIMEZONE=HKT-8 # override shadowsocks server config METHOD=xchacha20-ietf-poly1305 HOST= PORT= KEY= # scripts path PATH_WATCHDOG=/usr/bin/ss-watchdog PATH_CHNROUTE=/usr/bin/update-chnroute # add openwrt dist repo @@ -38,30 +45,42 @@ fi opkg update echo === repo configured === # bypass china opkg install luci-app-chinadns luci-app-dns-forwarder luci-app-shadowsocks shadowsocks-libev iptables-mod-tproxy luci-compat # install https wget opkg install ca-certificates ca-bundle wget # apps opkg install luci-app-adblock luci-app-sqm luci-app-statistics luci-app-upnp collectd-mod-ping collectd-mod-dns echo === software installed === # create ip list update script cat > $PATH_CHNROUTE << 'EOF' #!/bin/sh wget -O- 'http://ftp.apnic.net/apnic/stats/apnic/delegated-apnic-latest' | awk -F\| '/CN\|ipv4/ { printf("%s/%d\n", $4, 32-log($5)/log(2)) }' > /etc/chinadns_chnroute.txt EOF chmod +x $PATH_CHNROUTE # create watchdog script cat > $PATH_WATCHDOG << 'EOF' #!/bin/sh LOGTIME=$(date "+%Y-%m-%d %H:%M:%S") TIMEOUT=3 TRIES=3 RATING_URL=https://www.google.com/ REFERENCE_URL=https://www.alipay.com/ network_probe () { wget --spider --quiet --tries=$TRIES --timeout=$TIMEOUT $1 echo $? } if [ `network_probe $RATING_URL` = 0 ]; then echo [$LOGTIME] No Problem exit 0 @@ -72,23 +91,8 @@ else echo [$LOGTIME] Network problem. Do nothing fi EOF chmod +x $PATH_WATCHDOG # config shadowsocks SERVER=`uci add shadowsocks servers` @@ -99,15 +103,19 @@ uci set shadowsocks.$SERVER.password=$KEY uci set shadowsocks.$SERVER.server=$HOST uci set shadowsocks.$SERVER.server_port=$PORT uci set shadowsocks.@transparent_proxy[0].main_server=$SERVER uci set shadowsocks.@access_control[0].wan_bp_list=/etc/chinadns_chnroute.txt uci set shadowsocks.@access_control[0].ipt_ext="-m multiport --dports 53,80,443" # timezone uci set system.@system[0].timezone=$TIMEZONE # dns uci set chinadns.@chinadns[0].enable=1 uci set chinadns.@chinadns[0].server=119.29.29.29,127.0.0.1#5300 uci set dns-forwarder.@dns-forwarder[0].enable=1 uci set network.wan.peerdns=0 uci set dhcp.@dnsmasq[0].noresolv=1 uci set dhcp.@dnsmasq[0].cachesize=10000 uci add_list dhcp.@dnsmasq[0].server=127.0.0.1#5353 @@ -121,32 +129,42 @@ uci set upnpd.config.enabled=1 uci set adblock.global.adb_enabled=1 uci set adblock.global.adb_fetchutil=wget uci set adblock.global.adb_trigger=timed uci set adblock.extra.adb_dnsflush=1 uci set adblock.extra.adb_nice=10 uci set adblock.extra.adb_triggerdelay=30 mkdir -p /root/adblock # config cron crontab - << 'EOF' # beware UTC # update chnroute at sunday 3:30am 30 3 * * 0 update-chnroute # Reboot at 4:30am every monday # Note: To avoid infinite reboot loop, wait 70 seconds # and touch a file in /etc so clock will be set # properly to 4:31 on reboot before cron starts. 30 4 * * 1 sleep 70 && touch /etc/banner && reboot # shadowsocks watchdog, check every 5 min */5 * * * * ss-watchdog >> /var/log/ss-watchdog.log 2>&1 # clean log every monday 0 1 * * 1 echo "" > /var/log/ss-watchdog.log EOF # apply changes uci commit luci-reload echo === config applied === # system update update-chnroute opkg list-upgradable | cut -f 1 -d ' ' | xargs opkg upgrade --force-maintainer echo === system upgraded === echo all done, congratulations! -
gengen1988 revised this gist
Nov 15, 2018 . 1 changed file with 1 addition and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -16,7 +16,7 @@ for a in $(opkg print-architecture | awk '{print $2}'); do case "$a" in all|noarch) ;; aarch64_armv8-a|arm_arm1176jzf-s_vfp|arm_arm926ej-s|arm_cortex-a15_neon-vfpv4|arm_cortex-a5|arm_cortex-a53_neon-vfpv4|arm_cortex-a7_neon-vfpv4|arm_cortex-a8_vfpv3|arm_cortex-a9|arm_cortex-a9_neon|arm_cortex-a9_vfpv3|arm_fa526|arm_mpcore|arm_mpcore_vfp|arm_xscale|armeb_xscale|i386_pentium|i386_pentium4|mips_24kc|mips_mips32|mips64_octeon|mipsel_24kc|mipsel_74kc|mipsel_mips32|powerpc_464fp|powerpc_8540|x86_64) ARCH=${a} ;; *) -
Nov 15, 2018 . No changes.There are no files selected for viewing
-
Nov 15, 2018 . 1 changed file with 1 addition and 0 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -126,6 +126,7 @@ uci set adblock.extra.adb_triggerdelay=60 uci set adblock.extra.adb_backup=1 uci set adblock.extra.adb_backupdir=/root/adblock uci set adblock.extra.adb_nice=10 uci set adblock.extra.adb_dnsflush=1 uci set adblock.reg_cn.enabled=1 -
Nov 15, 2018 . 1 changed file with 21 additions and 23 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -1,17 +1,22 @@ #!/bin/sh # you may want upgrade netifd first # override shadowsocks server config METHOD=xchacha20-ietf-poly1305 HOST= PORT= KEY= # add openwrt dist repo for a in $(opkg print-architecture | awk '{print $2}'); do case "$a" in all|noarch) ;; aarch64_armv8-a|arm_arm1176jzf-s_vfp|arm_arm926ej-s|arm_cortex-a15_neon-vfpv4|arm_cortex-a5|arm_cortex-a53_neon-vfpv4|arm_cortex-a7_neon-vfpv4|arm_cortex-a8_vfpv3|arm_cortex-a9|arm_cortex-a9_neon|arm_cortex-a9_vfpv3|arm_fa526|arm_mpcore|arm_mpcore_vfp|arm_xscale|armeb_xscale|i386_pentium|i386_pentium4|mips_24kc|mips_opkmips32|mips64_octeon|mipsel_24kc|mipsel_74kc|mipsel_mips32|powerpc_464fp|powerpc_8540|x86_64) ARCH=${a} ;; *) @@ -38,7 +43,7 @@ opkg install luci-app-chinadns luci-app-dns-forwarder luci-app-shadowsocks shado # install https wget opkg install ca-certificates ca-bundle wget # apps @@ -48,30 +53,23 @@ opkg install luci-app-adblock luci-app-sqm luci-app-statistics luci-app-upnp col # create util scripts cat > /usr/bin/ss-watchdog << 'EOF' #!/bin/sh LOGTIME=$(date "+%Y-%m-%d %H:%M:%S") TIMEOUT=3 TRIES=3 RATING_URL=https://www.google.com/ REFERENCE_URL=https://www.baidu.com/ network_probe () { wget --spider --quiet --tries=$TRIES --timeout=$TIMEOUT $1 echo $? } if [ `network_probe $RATING_URL` = 0 ]; then echo [$LOGTIME] No Problem exit 0 elif [ `network_probe $REFERENCE_URL` = 0 ]; then echo [$LOGTIME] Problem decteted. Restarting shadowsocks /etc/init.d/shadowsocks restart > /dev/null else echo [$LOGTIME] Network problem. Do nothing fi EOF @@ -83,6 +81,7 @@ EOF chmod +x /usr/bin/ss-watchdog chmod +x /usr/bin/update-chnroute update-chnroute mkdir -p /root/adblock echo new software installed @@ -92,12 +91,14 @@ opkg list-upgradable | cut -f 1 -d ' ' | xargs opkg upgrade --force-maintainer echo applying config # config shadowsocks SERVER=`uci add shadowsocks servers` uci set shadowsocks.$SERVER.encrypt_method=$METHOD uci set shadowsocks.$SERVER.fast_open=1 uci set shadowsocks.$SERVER.no_delay=1 uci set shadowsocks.$SERVER.password=$KEY uci set shadowsocks.$SERVER.server=$HOST uci set shadowsocks.$SERVER.server_port=$PORT uci set shadowsocks.@transparent_proxy[0].main_server=$SERVER uci set shadowsocks.@transparent_proxy[0].udp_relay_server=same uci set shadowsocks.@access_control[0].wan_bp_list=/etc/chinadns_chnroute.txt uci set shadowsocks.@access_control[0].ipt_ext="-m multiport --dports 53,80,443" @@ -123,24 +124,21 @@ uci set adblock.global.adb_trigger=timed uci set adblock.global.adb_dns=dnsmasq uci set adblock.extra.adb_triggerdelay=60 uci set adblock.extra.adb_backup=1 uci set adblock.extra.adb_backupdir=/root/adblock uci set adblock.extra.adb_nice=10 uci set adblock.reg_cn.enabled=1 # config cron crontab - << 'EOF' # beware UTC # update chnroute at sunday 3:30am 30 19 * * 0 update-chnroute # Reboot at 4:30am every monday # Note: To avoid infinite reboot loop, wait 70 seconds # and touch a file in /etc so clock will be set # properly to 4:31 on reboot before cron starts. 30 20 * * 1 sleep 70 && touch /etc/banner && reboot # shadowsocks watchdog, check every 5 min */5 * * * * ss-watchdog >> /var/log/ss-watchdog.log 2>&1 # clean log every monday @@ -150,4 +148,4 @@ EOF # apply changes uci commit luci-reload rm /etc/resolv.conf -
Nov 15, 2018 . 1 changed file with 10 additions and 7 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -32,11 +32,9 @@ if !(grep -q "openwrt_dist" /etc/opkg/customfeeds.conf); then fi opkg update # bypass china opkg install luci-app-chinadns luci-app-dns-forwarder luci-app-shadowsocks shadowsocks-libev iptables-mod-tproxy # install https wget @@ -84,7 +82,14 @@ EOF chmod +x /usr/bin/ss-watchdog chmod +x /usr/bin/update-chnroute update-chnroute echo new software installed # upgrade opkg list-upgradable | cut -f 1 -d ' ' | xargs opkg upgrade --force-maintainer echo applying config # config shadowsocks uci set shadowsocks.@servers[0].encrypt_method=xchacha20-ietf-poly1305 @@ -101,12 +106,11 @@ uci set shadowsocks.@access_control[0].ipt_ext="-m multiport --dports 53,80,443" # dns uci set chinadns.@chinadns[0].enable=1 uci set chinadns.@chinadns[0].server=119.29.29.29,127.0.0.1#5300 uci set dns-forwarder.@dns-forwarder[0].enable=1 uci set dhcp.@dnsmasq[0].noresolv=1 uci set dhcp.@dnsmasq[0].cachesize=10000 uci add_list dhcp.@dnsmasq[0].server=127.0.0.1#5353 # config upnp uci set upnpd.config.enabled=1 @@ -143,8 +147,7 @@ crontab - << 'EOF' 0 1 * * 1 echo "" > /var/log/ss-watchdog.log EOF # apply changes uci commit luci-reload rm /etc/resolv.conf -
Nov 13, 2018 . 1 changed file with 1 addition and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -36,7 +36,7 @@ opkg list-upgradable | cut -f 1 -d ' ' | xargs opkg upgrade --force-maintainer # bypass china opkg install luci-app-chinadns luci-app-dns-forwarder luci-app-shadowsocks iptables-mod-tproxy # install https wget -
Aug 15, 2018 . 1 changed file with 1 addition and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -44,7 +44,7 @@ opkg install ca-certificates ca-bundle wget libustream-mbedtls # apps opkg install luci-app-adblock luci-app-sqm luci-app-statistics luci-app-upnp collectd-mod-ping collectd-mod-dns # create util scripts -
Aug 15, 2018 . 1 changed file with 13 additions and 37 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -44,7 +44,7 @@ opkg install ca-certificates ca-bundle wget libustream-mbedtls # apps opkg install luci-app-adblock luci-app-sqm luci-app-statistics luci-app-upnp # create util scripts @@ -86,35 +86,23 @@ chmod +x /usr/bin/ss-watchdog chmod +x /usr/bin/update-chnroute # config shadowsocks uci set shadowsocks.@servers[0].encrypt_method=xchacha20-ietf-poly1305 uci set shadowsocks.@servers[0].fast_open=1 uci set shadowsocks.@servers[0].no_delay=1 # uci set shadowsocks.@servers[0].password=$KEY # uci set shadowsocks.@servers[0].server=$HOST # uci set shadowsocks.@servers[0].server_port=$PORT uci set shadowsocks.@transparent_proxy[0].udp_relay_server=same uci set shadowsocks.@access_control[0].wan_bp_list=/etc/chinadns_chnroute.txt uci set shadowsocks.@access_control[0].ipt_ext="-m multiport --dports 53,80,443" # dns uci set chinadns.@chinadns[0].enable=1 uci set chinadns.@chinadns[0].server=119.29.29.29,127.0.0.1#5300 uci set dhcp.@dnsmasq[0].noresolv=1 uci set dhcp.@dnsmasq[0].cachesize=10000 uci add_list dhcp.@dnsmasq[0].server=127.0.0.1#5353 rm /etc/resolv.conf @@ -136,18 +124,6 @@ uci set adblock.extra.adb_nice=10 uci set adblock.reg_cn.enabled=1 # config cron crontab - << 'EOF' # beware UTC -
Aug 15, 2018 . 1 changed file with 3 additions and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -44,7 +44,7 @@ opkg install ca-certificates ca-bundle wget libustream-mbedtls # apps opkg install luci-app-adblock luci-app-sqm luci-app-statistics luci-app-unbound luci-app-upnp unbound-control # create util scripts @@ -95,6 +95,8 @@ uci set unbound.@unbound[0].dhcp_link=dnsmasq uci set unbound.@unbound[0].resource=large uci set unbound.@unbound[0].recursion=aggressive uci set unbound.@unbound[0].query_minimize=1 uci set unbound.@unbound[0].unbound_control=1 uci set unbound.@unbound[0].extended_stats=1 CPU=`grep -c ^processor /proc/cpuinfo` -
Aug 15, 2018 . 1 changed file with 3 additions and 20 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -48,19 +48,6 @@ opkg install luci-app-adblock luci-app-sqm luci-app-statistics luci-app-unbound # create util scripts cat > /usr/bin/ss-watchdog << 'EOF' #!/bin/sh @@ -96,7 +83,6 @@ wget -O- 'http://ftp.apnic.net/apnic/stats/apnic/delegated-apnic-latest' | awk - EOF chmod +x /usr/bin/ss-watchdog chmod +x /usr/bin/update-chnroute @@ -107,11 +93,13 @@ uci set unbound.@unbound[0].validator=1 uci set unbound.@unbound[0].listen_port=5300 uci set unbound.@unbound[0].dhcp_link=dnsmasq uci set unbound.@unbound[0].resource=large uci set unbound.@unbound[0].recursion=aggressive uci set unbound.@unbound[0].query_minimize=1 CPU=`grep -c ^processor /proc/cpuinfo` cat >> /etc/unbound/unbound_srv.conf << EOF tcp-upstream: yes EOF cat >> /etc/unbound/unbound_ext.conf << EOF @@ -157,8 +145,6 @@ uci set shadowsocks.@transparent_proxy[0].udp_relay_server=same uci set shadowsocks.@access_control[0].wan_bp_list=/etc/chinadns_chnroute.txt uci set shadowsocks.@access_control[0].ipt_ext="-m multiport --dports 53,80,443" # config cron crontab - << 'EOF' @@ -173,9 +159,6 @@ crontab - << 'EOF' # properly to 4:31 on reboot before cron starts. 30 20 * * 1 sleep 70 && touch /etc/banner && reboot # shadowsocks watchdog, check every 5 min */5 * * * * ss-watchdog >> /var/log/ss-watchdog.log 2>&1 # clean log every monday -
Aug 2, 2018 . 1 changed file with 4 additions and 4 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -139,7 +139,7 @@ uci set adblock.global.adb_enabled=1 uci set adblock.global.adb_fetchutil=wget uci set adblock.global.adb_trigger=timed uci set adblock.global.adb_dns=dnsmasq uci set adblock.extra.adb_triggerdelay=60 uci set adblock.extra.adb_backup=1 uci set adblock.extra.adb_backupdir=/root uci set adblock.extra.adb_nice=10 @@ -150,9 +150,9 @@ uci set adblock.reg_cn.enabled=1 uci set shadowsocks.@servers[0].encrypt_method=xchacha20-ietf-poly1305 uci set shadowsocks.@servers[0].fast_open=1 uci set shadowsocks.@servers[0].no_delay=1 # uci set shadowsocks.@servers[0].password=$KEY # uci set shadowsocks.@servers[0].server=$HOST # uci set shadowsocks.@servers[0].server_port=$PORT uci set shadowsocks.@transparent_proxy[0].udp_relay_server=same uci set shadowsocks.@access_control[0].wan_bp_list=/etc/chinadns_chnroute.txt uci set shadowsocks.@access_control[0].ipt_ext="-m multiport --dports 53,80,443" -
Aug 2, 2018 . 1 changed file with 1 addition and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -139,7 +139,7 @@ uci set adblock.global.adb_enabled=1 uci set adblock.global.adb_fetchutil=wget uci set adblock.global.adb_trigger=timed uci set adblock.global.adb_dns=dnsmasq uci set adblock.extra.adb_triggerdelay=120 uci set adblock.extra.adb_backup=1 uci set adblock.extra.adb_backupdir=/root uci set adblock.extra.adb_nice=10 -
Aug 2, 2018 . 1 changed file with 4 additions and 7 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -106,6 +106,7 @@ uci set unbound.@unbound[0].extended_luci=1 uci set unbound.@unbound[0].validator=1 uci set unbound.@unbound[0].listen_port=5300 uci set unbound.@unbound[0].dhcp_link=dnsmasq uci set unbound.@unbound[0].resource=large CPU=`grep -c ^processor /proc/cpuinfo` cat >> /etc/unbound/unbound_srv.conf << EOF @@ -146,16 +147,12 @@ uci set adblock.reg_cn.enabled=1 # config shadowsocks uci set shadowsocks.@servers[0].encrypt_method=xchacha20-ietf-poly1305 uci set shadowsocks.@servers[0].fast_open=1 uci set shadowsocks.@servers[0].no_delay=1 # uci set shadowsocks.$SERVER.password=$KEY # uci set shadowsocks.$SERVER.server=$HOST # uci set shadowsocks.$SERVER.server_port=$PORT uci set shadowsocks.@transparent_proxy[0].udp_relay_server=same uci set shadowsocks.@access_control[0].wan_bp_list=/etc/chinadns_chnroute.txt uci set shadowsocks.@access_control[0].ipt_ext="-m multiport --dports 53,80,443" -
Aug 2, 2018 . 1 changed file with 17 additions and 0 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -48,6 +48,19 @@ opkg install luci-app-adblock luci-app-sqm luci-app-statistics luci-app-unbound # create util scripts cat > /usr/bin/unbound-watchdog << 'EOF' #!/bin/sh if nslookup www.google.com 127.0.0.1#5300 > /dev/null; then echo unbound successed else echo unbound failed, restart /etc/init.d/unbound restart fi EOF cat > /usr/bin/ss-watchdog << 'EOF' #!/bin/sh @@ -83,6 +96,7 @@ wget -O- 'http://ftp.apnic.net/apnic/stats/apnic/delegated-apnic-latest' | awk - EOF chmod +x /usr/bin/ss-watchdog chmod +x /usr/bin/unbound-watchdog chmod +x /usr/bin/update-chnroute @@ -162,6 +176,9 @@ crontab - << 'EOF' # properly to 4:31 on reboot before cron starts. 30 20 * * 1 sleep 70 && touch /etc/banner && reboot # unbound watchdog, check every 1 min */1 * * * * unbound-watchdog # shadowsocks watchdog, check every 5 min */5 * * * * ss-watchdog >> /var/log/ss-watchdog.log 2>&1 # clean log every monday -
Aug 2, 2018 .There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,175 @@ #!/bin/sh # override shadowsocks server config # HOST= # PORT= # KEY= # add openwrt dist repo for a in $(opkg print-architecture | awk '{print $2}'); do case "$a" in all|noarch) ;; aarch64_armv8-a|arm_arm1176jzf-s_vfp|arm_arm926ej-s|arm_cortex-a15_neon-vfpv4|arm_cortex-a5|arm_cortex-a53_neon-vfpv4|arm_cortex-a7_neon-vfpv4|arm_cortex-a8_vfpv3|arm_cortex-a9|arm_cortex-a9_neon|arm_cortex-a9_vfpv3|arm_fa526|arm_mpcore|arm_mpcore_vfp|arm_xscale|armeb_xscale|i386_pentium|i386_pentium4|mips_24kc|mips_mips32|mips64_octeon|mipsel_24kc|mipsel_74kc|mipsel_mips32|powerpc_464fp|powerpc_8540|x86_64) ARCH=${a} ;; *) echo "Architectures not support." exit 0 ;; esac done echo -e "\nTarget Arch:\033[32m $ARCH \033[0m\n" if !(grep -q "openwrt_dist" /etc/opkg/customfeeds.conf); then wget http://openwrt-dist.sourceforge.net/openwrt-dist.pub opkg-key add openwrt-dist.pub echo "src/gz openwrt_dist http://openwrt-dist.sourceforge.net/packages/base/$ARCH" >> /etc/opkg/customfeeds.conf echo "src/gz openwrt_dist_luci http://openwrt-dist.sourceforge.net/packages/luci" >> /etc/opkg/customfeeds.conf rm openwrt-dist.pub fi opkg update opkg list-upgradable | cut -f 1 -d ' ' | xargs opkg upgrade --force-maintainer # bypass china opkg install luci-app-chinadns ChinaDNS shadowsocks-libev luci-app-shadowsocks iptables-mod-tproxy # install https wget opkg install ca-certificates ca-bundle wget libustream-mbedtls # apps opkg install luci-app-adblock luci-app-sqm luci-app-statistics luci-app-unbound luci-app-upnp # create util scripts cat > /usr/bin/ss-watchdog << 'EOF' #!/bin/sh LOGTIME=$(date "+%Y-%m-%d %H:%M:%S") TIMEOUT=3 TRIES=3 RATING_URL=https://www.google.com/ REFERENCE_URL=https://www.baidu.com/ network_probe () { wget --spider --quiet --tries=$TRIES --timeout=$TIMEOUT $1 echo $? } if [ `network_probe $RATING_URL` = 0 ]; then echo [$LOGTIME] No Problem exit 0 elif [ `network_probe $REFERENCE_URL` = 0 ]; then echo [$LOGTIME] Problem decteted. Restarting shadowsocks /etc/init.d/shadowsocks restart > /dev/null else echo [$LOGTIME] Network problem. Do nothing fi EOF cat > /usr/bin/update-chnroute << 'EOF' #!/bin/sh wget -O- 'http://ftp.apnic.net/apnic/stats/apnic/delegated-apnic-latest' | awk -F\| '/CN\|ipv4/ { printf("%s/%d\n", $4, 32-log($5)/log(2)) }' > /etc/chinadns_chnroute.txt EOF chmod +x /usr/bin/ss-watchdog chmod +x /usr/bin/update-chnroute # config dns uci set unbound.@unbound[0].enabled=1 uci set unbound.@unbound[0].extended_luci=1 uci set unbound.@unbound[0].validator=1 uci set unbound.@unbound[0].listen_port=5300 uci set unbound.@unbound[0].dhcp_link=dnsmasq CPU=`grep -c ^processor /proc/cpuinfo` cat >> /etc/unbound/unbound_srv.conf << EOF tcp-upstream: yes num-threads: $CPU EOF cat >> /etc/unbound/unbound_ext.conf << EOF forward-zone: name: "." forward-addr: 8.8.8.8 forward-addr: 8.8.4.4 EOF uci set chinadns.@chinadns[0].enable=1 uci set chinadns.@chinadns[0].server=119.29.29.29,127.0.0.1#5300 uci set dhcp.@dnsmasq[0].noresolv=1 uci add_list dhcp.@dnsmasq[0].server=127.0.0.1#5353 rm /etc/resolv.conf # config upnp uci set upnpd.config.enabled=1 # config adblock uci set adblock.global.adb_enabled=1 uci set adblock.global.adb_fetchutil=wget uci set adblock.global.adb_trigger=timed uci set adblock.global.adb_dns=dnsmasq uci set adblock.extra.adb_triggerdelay=30 uci set adblock.extra.adb_backup=1 uci set adblock.extra.adb_backupdir=/root uci set adblock.extra.adb_nice=10 uci set adblock.reg_cn.enabled=1 # config shadowsocks SERVER=`uci add shadowsocks servers` uci delete shadowsocks.@servers[0] uci set shadowsocks.@general[0].startup_delay=10 uci set shadowsocks.$SERVER.encrypt_method=xchacha20-ietf-poly1305 uci set shadowsocks.$SERVER.fast_open=1 uci set shadowsocks.$SERVER.no_delay=1 # uci set shadowsocks.$SERVER.password=$KEY # uci set shadowsocks.$SERVER.server=$HOST # uci set shadowsocks.$SERVER.server_port=$PORT uci add_list shadowsocks.@transparent_proxy[0].main_server=$SERVER uci set shadowsocks.@transparent_proxy[0].udp_relay_server=same uci set shadowsocks.@access_control[0].wan_bp_list=/etc/chinadns_chnroute.txt uci set shadowsocks.@access_control[0].ipt_ext="-m multiport --dports 53,80,443" echo net.ipv4.tcp_fastopen=3 >> /etc/sysctl.conf # config cron crontab - << 'EOF' # beware UTC # update chnroute at sunday 3:30am 30 19 * * 0 update-chnroute # Reboot at 4:30am every monday # Note: To avoid infinite reboot loop, wait 70 seconds # and touch a file in /etc so clock will be set # properly to 4:31 on reboot before cron starts. 30 20 * * 1 sleep 70 && touch /etc/banner && reboot # shadowsocks watchdog, check every 5 min */5 * * * * ss-watchdog >> /var/log/ss-watchdog.log 2>&1 # clean log every monday 0 1 * * 1 echo "" > /var/log/ss-watchdog.log EOF # apply changes update-chnroute uci commit luci-reload