update

2025-12-31 06:02:09 +08:00
parent 82a700508e
commit a9fdfbb08c
9 changed files with 15 additions and 6259 deletions
--- a/dev/README.md
+++ b/dev/README.md
@@ -59,10 +59,10 @@ iwr -useb https://ghproxy.net/https://raw.githubusercontent.com/sky22333/shell/m
 #### 一键修改root密码：
 ```
-bash <(curl -sSL https://github.com/sky22333/shell/raw/main/dev/root.sh)
+bash <(curl -sSL https://raw.githubusercontent.com/sky22333/shell/main/dev/root.sh)
 ```
 ```
-bash <(curl -sSL https://cdn.jsdelivr.net/gh/sky22333/shell@main/dev/root.sh)
+bash <(curl -sSL https://cdn.jsdmirror.com/gh/sky22333/shell@main/dev/root.sh)
 ```
 > 部分机器修改不生效，请打开查找`/etc/ssh/sshd_config.d/xxxx.conf`类似文件
 > 
--- a/dev/cf-setup.ps1
+++ b/dev/cf-setup.ps1
@@ -74,7 +74,7 @@ function Test-AdminRights {
 Write-Host "====== CloudFlared Tunnel Setup Tool ======" -ForegroundColor Cyan
 Write-Host "Initializing..." -ForegroundColor Yellow
-$cloudflaredUrl = "https://github.com/cloudflare/cloudflared/releases/download/2025.8.0/cloudflared-windows-amd64.exe"
+$cloudflaredUrl = "https://github.com/cloudflare/cloudflared/releases/download/2025.11.1/cloudflared-windows-amd64.exe"
 $installDir = "$env:ProgramData\cloudflared"
 $cloudflaredBin = Join-Path $installDir "cloudflared.exe"
 $logPath = Join-Path $installDir "cloudflared.log"
--- a/dev/cf-tunnel-mac
+++ b/dev/cf-tunnel-mac
@@ -17,9 +17,9 @@ ARCH=$(uname -m)
 if [[ "$OS_TYPE" == "Darwin" ]]; then
    # macOS 配置
    if [[ "$ARCH" == "arm64" ]]; then
-        CLOUDFLARED_URL="https://github.com/cloudflare/cloudflared/releases/download/2025.8.0/cloudflared-darwin-arm64.tgz"
+        CLOUDFLARED_URL="https://github.com/cloudflare/cloudflared/releases/download/2025.11.1/cloudflared-darwin-arm64.tgz"
    else
-        CLOUDFLARED_URL="https://github.com/cloudflare/cloudflared/releases/download/2025.8.0/cloudflared-darwin-amd64.tgz"
+        CLOUDFLARED_URL="https://github.com/cloudflare/cloudflared/releases/download/2025.11.1/cloudflared-darwin-amd64.tgz"
    fi
    CLOUDFLARED_BIN="/usr/local/bin/cloudflared"
    SERVICE_PATH="$HOME/Library/LaunchAgents/com.cloudflare.cloudflared.plist"
@@ -28,9 +28,9 @@ if [[ "$OS_TYPE" == "Darwin" ]]; then
 else
    # Linux 配置
    if [[ "$ARCH" == "aarch64" || "$ARCH" == "arm64" ]]; then
-        CLOUDFLARED_URL="https://github.com/cloudflare/cloudflared/releases/download/2025.8.0/cloudflared-linux-arm64"
+        CLOUDFLARED_URL="https://github.com/cloudflare/cloudflared/releases/download/2025.11.1/cloudflared-linux-arm64"
    else
-        CLOUDFLARED_URL="https://github.com/cloudflare/cloudflared/releases/download/2025.8.0/cloudflared-linux-amd64"
+        CLOUDFLARED_URL="https://github.com/cloudflare/cloudflared/releases/download/2025.11.1/cloudflared-linux-amd64"
    fi
    CLOUDFLARED_BIN="/usr/local/bin/cloudflared"
    SERVICE_PATH="/etc/systemd/system/cloudflared-tunnel.service"
--- a/dev/cf-tunnel.sh
+++ b/dev/cf-tunnel.sh
@@ -11,9 +11,9 @@ NC='\033[0m' # 清除颜色
 LOC=$(curl -s https://www.cloudflare.com/cdn-cgi/trace | grep 'loc=' | cut -d= -f2)
 if [[ "$LOC" == "CN" ]]; then
-    CLOUDFLARED_URL="https://gh-proxy.com/https://github.com/cloudflare/cloudflared/releases/download/2025.9.1/cloudflared-linux-amd64"
+    CLOUDFLARED_URL="https://gh-proxy.com/https://github.com/cloudflare/cloudflared/releases/download/2025.11.1/cloudflared-linux-amd64"
 else
-    CLOUDFLARED_URL="https://github.com/cloudflare/cloudflared/releases/download/2025.9.1/cloudflared-linux-amd64"
+    CLOUDFLARED_URL="https://github.com/cloudflare/cloudflared/releases/download/2025.11.1/cloudflared-linux-amd64"
 fi
 CLOUDFLARED_BIN="/usr/local/bin/cloudflared"
--- a/dev/check_ntpdate.sh
+++ b/dev/check_ntpdate.sh
@@ -1,12 +1,8 @@
 #!/bin/bash
 # 封装脚本过期函数
 check_ntpdate() {
    # 设置过期时间
    local expire_date="2025-10-10 12:00:00"
    # date -d "$(curl -sI https://www.bing.com | grep -i '^date:' | cut -d' ' -f2-)" +'%Y-%m-%d %H:%M:%S UTC+8'
    # 获取时间戳（从 https://www.cloudflare.com/cdn-cgi/trace 获取）
    timestamp=$(curl -s https://www.cloudflare.com/cdn-cgi/trace | grep -oP 'ts=\K\d+')
    # 如果获取时间戳失败，则停止运行脚本
@@ -18,12 +14,10 @@ check_ntpdate() {
    # 转换时间戳为 YYYY-MM-DD HH:MM:SS 格式（北京时间）
    current_time=$(TZ="Asia/Shanghai" date -d @$timestamp "+%Y-%m-%d %H:%M:%S")
    # 判断当前时间是否超过过期日期
    if [[ "$current_time" > "$expire_date" ]]; then
        echo "当前脚本已过期，请联系开发者。"
        exit 1
    fi
 }
 # 调用函数执行检查
 check_ntpdate
--- a/k8s/README.md
+++ b/k8s/README.md
@@ -52,31 +52,6 @@ apt update && apt install -y helm
 helm version
 ```
 ## 安装traefik
 traefik 是反向代理和证书管理工具：
 ```bash
 # 添加 Traefik Helm 仓库
 helm repo add traefik https://traefik.github.io/charts
 helm repo update
 # 创建 traefik 命名空间
 kubectl create namespace traefik
 # 安装 Traefik
 helm install traefik traefik/traefik \
  --namespace traefik --create-namespace \
  --set deployment.replicas=1 \
  --set service.type=LoadBalancer \
  --set ports.websecure.tls=true \
  --set ingressClass.enabled=true \
  --set ingressClass.isDefaultClass=true
 # 验证 Traefik 安装
 kubectl get pods -n traefik
 ```
 ## 常用操作命令
 ```bash
--- a/l2tp/README.md
+++ b/l2tp/README.md
@@ -19,7 +19,6 @@ GOOS=linux GOARCH=amd64 CGO_ENABLED=0 go build -ldflags="-s -w" -o l2tp
 $env:GOOS="linux"; $env:GOARCH="amd64"; $env:CGO_ENABLED="0"; go build -ldflags="-s -w" -o l2tp
 ```
 ### 卸载
 ```
 # 停止服务
@@ -41,65 +40,4 @@ ps aux | egrep 'xl2tpd|strongswan|pptpd' | grep -v grep
 3x-ui则使用`tunnel`入站，打开`Follow Redirect`，打开`Sockopt`中的`TProxy`，然后同样的使用源IP路由到指定出站。
-**然后使用`iptables`在系统层面拦截`10.10.10.0/24`网段访问公网的流量，交给 Sing-box 处理，按照以下步骤配置**
+然后使用`iptables`在系统层面拦截`10.10.10.0/24`网段访问公网的流量，交给 Sing-box 处理。
 1：配置 Linux 内核策略路由，将打标流量重定向到本地。
 ```
 # 配置策略路由：凡是防火墙标记 (fwmark) 为 1 的流量，查路由表 100
 /bin/ip rule add fwmark 1 table 100
 # 配置路由表 100：将所有流量重定向到本地回环接口
 /bin/ip route add local 0.0.0.0/0 dev lo table 100
 ```
 2：新建一个链 SINGBOX
 ```
 iptables -t mangle -N SINGBOX
 ```
 3：绕过局域网和私有地址（不代理内部通信）
 ```
 iptables -t mangle -A SINGBOX -d 0.0.0.0/8 -j RETURN
 iptables -t mangle -A SINGBOX -d 10.0.0.0/8 -j RETURN
 iptables -t mangle -A SINGBOX -d 127.0.0.0/8 -j RETURN
 iptables -t mangle -A SINGBOX -d 169.254.0.0/16 -j RETURN
 iptables -t mangle -A SINGBOX -d 172.16.0.0/12 -j RETURN
 iptables -t mangle -A SINGBOX -d 192.168.0.0/16 -j RETURN
 iptables -t mangle -A SINGBOX -d 224.0.0.0/4 -j RETURN
 iptables -t mangle -A SINGBOX -d 240.0.0.0/4 -j RETURN
 ```
 4：核心拦截规则：仅拦截来自 L2TP 网段`10.10.10.0/24`的流量，TProxy 端口为`12345`
 ```
 iptables -t mangle -A SINGBOX -s 10.10.10.0/24 -p tcp -j TPROXY --on-port 12345 --tproxy-mark 1
 iptables -t mangle -A SINGBOX -s 10.10.10.0/24 -p udp -j TPROXY --on-port 12345 --tproxy-mark 1
 ```
 5：应用到 PREROUTING 链
 ```
 iptables -t mangle -A PREROUTING -j SINGBOX
 ```
 6：不允许公网访问透明代理端口
 ```
 iptables -I INPUT -p tcp --dport 12345 -j DROP
 iptables -I INPUT -p udp --dport 12345 -j DROP
 ```
 #### 清理流量规则（按顺序执行）
 ```
 # 清理 iptables 规则
 iptables -t mangle -D PREROUTING -j SINGBOX
 iptables -t mangle -F SINGBOX
 iptables -t mangle -X SINGBOX
 ```
 ```
 # 清理策略路由和路由表
 /bin/ip route del local 0.0.0.0/0 dev lo table 100
 /bin/ip rule del fwmark 1 table 100
 ```
 ```
 # 放行透明代理端口
 iptables -D INPUT -p tcp --dport 12345 -j DROP
 iptables -D INPUT -p udp --dport 12345 -j DROP
 ```
--- a/proxy/README.md
+++ b/proxy/README.md
@@ -4,11 +4,11 @@ bash -c "$(curl -L https://github.com/XTLS/Xray-install/raw/main/install-release
 ```
 - 一键安装L2TP
 国外安装
 ```
-bash <(curl -sSL https://github.com/sky22333/shell/raw/main/proxy/l2tp.sh)
+bash <(curl -sSL https://raw.githubusercontent.com/sky22333/shell/main/proxy/l2tp.sh)
 ```
-
+国内安装
 - singbox全家桶脚本
 ```
 bash <(curl -sSL https://github.com/sky22333/shell/raw/main/proxy/singbox.sh)
 ```
 bash <(curl -sSL https://cdn.jsdmirror.com/gh/sky22333/shell@main/proxy/l2tp.sh)
 ```
--- a/proxy/singbox.sh
+++ b/proxy/singbox.sh