#!/bin/bash # Ensure jq and qrencode are installed if ! command -v jq &> /dev/null || ! command -v qrencode &> /dev/null; then echo "Necessary packages are not installed. Please wait while they are being installed..." apt-get update -qq && apt-get install jq qrencode -y >/dev/null 2>&1 fi # Step 1: Install Hysteria2 echo "Installing Hysteria2..." bash <(curl -fsSL https://get.hy2.sh/) >/dev/null 2>&1 # Step 2: Create hysteria directory and navigate into it mkdir -p /etc/hysteria && cd /etc/hysteria/ # Step 3: Generate CA key and certificate and download geo data echo "Generating CA key and certificate..." openssl ecparam -genkey -name prime256v1 -out ca.key >/dev/null 2>&1 openssl req -new -x509 -days 36500 -key ca.key -out ca.crt -subj "/CN=bing.com" >/dev/null 2>&1 echo "Downloading geo data..." wget -O /etc/hysteria/geosite.dat https://raw.githubusercontent.com/Chocolate4U/Iran-v2ray-rules/release/geosite.dat >/dev/null 2>&1 wget -O /etc/hysteria/geoip.dat https://raw.githubusercontent.com/Chocolate4U/Iran-v2ray-rules/release/geoip.dat >/dev/null 2>&1 # Step 4: Extract the SHA-256 fingerprint fingerprint=$(openssl x509 -noout -fingerprint -sha256 -inform pem -in ca.crt | sed 's/.*=//;s/://g') # Step 5: Generate the base64 encoded SHA-256 fingerprint echo "Generating base64 encoded SHA-256 fingerprint..." echo "import re, base64, binascii hex_string = \"$fingerprint\" binary_data = binascii.unhexlify(hex_string) base64_encoded = base64.b64encode(binary_data).decode('utf-8') print(\"sha256/\" + base64_encoded)" > generate.py sha256=$(python3 generate.py) # Step 6: Download the config.json file echo "Downloading config.json..." wget https://raw.githubusercontent.com/H-Return/Hysteria2/main/config.json -O /etc/hysteria/config.json >/dev/null 2>&1 echo -e "\n" # Step 7: Ask for the port number and validate input while true; do read -p "Enter the port number you want to use (1-65535): " port if [[ $port =~ ^[0-9]+$ ]] && [ "$port" -ge 1 ] && [ "$port" -le 65535 ]; then break else echo "Invalid port number. Please enter a number between 1 and 65535." fi done # Step 8: Generate required passwords and UUID echo "Generating passwords and UUID..." obfspassword=$(curl -s "https://api.genratr.com/?length=32&uppercase&lowercase&numbers" | jq -r '.password') authpassword=$(curl -s "https://api.genratr.com/?length=32&uppercase&lowercase&numbers" | jq -r '.password') UUID=$(curl -s https://www.uuidgenerator.net/api/version4) # Step 9: Adjust file permissions for Hysteria service chown hysteria:hysteria /etc/hysteria/ca.key /etc/hysteria/ca.crt chmod 640 /etc/hysteria/ca.key /etc/hysteria/ca.crt # Create hysteria user without login permissions if ! id -u hysteria &> /dev/null; then useradd -r -s /usr/sbin/nologin hysteria fi # Get the default network interface networkdef=$(ip route | grep "^default" | awk '{print $5}') # Step 10: Customize the config.json file echo "Customizing config.json..." jq --arg port "$port" \ --arg sha256 "$sha256" \ --arg obfspassword "$obfspassword" \ --arg authpassword "$authpassword" \ --arg UUID "$UUID" \ --arg networkdef "$networkdef" \ '.listen = ":\($port)" | .tls.cert = "/etc/hysteria/ca.crt" | .tls.key = "/etc/hysteria/ca.key" | .tls.pinSHA256 = $sha256 | .obfs.salamander.password = $obfspassword | .auth.password = $authpassword | .trafficStats.secret = $UUID | .outbounds[0].direct.bindDevice = $networkdef' /etc/hysteria/config.json > /etc/hysteria/config_temp.json && mv /etc/hysteria/config_temp.json /etc/hysteria/config.json # Step 11: Modify the systemd service file to use config.json echo "Updating hysteria-server.service to use config.json..." sed -i 's|/etc/hysteria/config.yaml|/etc/hysteria/config.json|' /etc/systemd/system/hysteria-server.service sleep 1 # Step 12: Start and enable the Hysteria service echo "Starting and enabling Hysteria service..." systemctl daemon-reload >/dev/null 2>&1 systemctl start hysteria-server.service >/dev/null 2>&1 systemctl enable hysteria-server.service >/dev/null 2>&1 systemctl restart hysteria-server.service >/dev/null 2>&1 # Step 13: Check if the hysteria-server.service is active if systemctl is-active --quiet hysteria-server.service; then # Step 14: Generate URI Scheme echo "Generating URI Scheme..." IP=$(curl -4 ip.sb) IP6=$(curl -6 ip.sb) URI="hy2://$authpassword@$IP:$port?obfs=salamander&obfs-password=$obfspassword&pinSHA256=$sha256&insecure=1&sni=bing.com#Hysteria2-IPv4" URI6="hy2://$authpassword@[$IP6]:$port?obfs=salamander&obfs-password=$obfspassword&pinSHA256=$sha256&insecure=1&sni=bing.com#Hysteria2-IPv6" # Step 15: Generate and display QR Code in the center of the terminal cols=$(tput cols) rows=$(tput lines) qr1=$(echo -n "$URI" | qrencode -t UTF8 -s 3 -m 2) qr2=$(echo -n "$URI6" | qrencode -t UTF8 -s 3 -m 2) clear echo -e "\nIPv4:\n" echo "$qr1" | while IFS= read -r line; do printf "%*s\n" $(( (${#line} + cols) / 2)) "$line" done echo -e "\nIPv6:\n" echo "$qr2" | while IFS= read -r line; do printf "%*s\n" $(( (${#line} + cols) / 2)) "$line" done echo -e "\n\n" # Output the URI scheme echo "IPv4: $URI" echo echo "IPv6: $URI6" echo else echo "Error: hysteria-server.service is not active." fi