Merge pull request #5 from rebecca554owen/master

更新到2.2.3
cedar2025 · Jan 15, 2024 · 2206330 · 2206330
2 parents abe1d79 + 10afaa0
commit 2206330
Show file tree

Hide file tree

Showing 16 changed files with 302 additions and 91 deletions.
diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml
@@ -78,7 +78,7 @@ jobs:
           context: .
           push: true
           platforms: linux/amd64,linux/arm64
-          tags: ${{ env.REGISTRY }}/cedar2025/hysteria:latest,${{ env.REGISTRY }}/cedar2025/hysteria,${{ env.REGISTRY }}/cedar2025/hysteria:${{ steps.get_version.outputs.version }}
+          tags: ${{ env.REGISTRY }}/${{ github.repository }}:latest,${{ env.REGISTRY }}/${{ github.repository }},${{ env.REGISTRY }}/${{ github.repository }}:${{ steps.get_version.outputs.version }}
 
       # Sign the resulting Docker image digest except on PRs.
       # This will only write to the public Rekor transparency log when the Docker

diff --git a/.github/workflows/master.yml b/.github/workflows/master.yml
@@ -0,0 +1,52 @@
+name: "Build master branch"
+
+on:
+  push:
+    branches:
+      - master
+
+jobs:
+  build:
+    name: Build
+    runs-on: ubuntu-latest
+    env:
+      ACTIONS_ALLOW_UNSECURE_COMMANDS: true
+
+    steps:
+      - name: Check out
+        uses: actions/checkout@v4
+
+      - name: Setup Go
+        uses: actions/setup-go@v5
+        with:
+          go-version: "1.21"
+
+      - name: Setup Python # This is for the build script
+        uses: actions/setup-python@v5
+        with:
+          python-version: "3.11"
+
+      - uses: nttld/setup-ndk@v1
+        id: setup-ndk
+        with:
+          ndk-version: r26b
+          add-to-path: false
+
+      - name: Run build script
+        env:
+          ANDROID_NDK_HOME: ${{ steps.setup-ndk.outputs.ndk-path }}
+        run: |
+          export HY_APP_PLATFORMS=$(sed 's/\r$//' platforms.txt | awk '!/^#/ && !/^$/' | paste -sd ",")
+          python hyperbole.py build -r
+
+      - name: Generate hashes
+        run: |
+          for file in build/*; do
+            sha256sum $file >> build/hashes.txt
+          done
+
+      - name: Archive
+        uses: actions/upload-artifact@v4
+        with:
+          name: hysteria-master-${{ github.sha }}
+          path: build
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -21,12 +21,12 @@ jobs:
         run: echo "version=$(git describe --tags --always --match 'app/v*' | sed -n 's|app/\([^/-]*\)\(-.*\)\{0,1\}|\1|p')" >> $GITHUB_OUTPUT
 
       - name: Setup Go
-        uses: actions/setup-go@v4
+        uses: actions/setup-go@v5
         with:
           go-version: "1.21"
 
       - name: Setup Python # This is for the build script
-        uses: actions/setup-python@v4
+        uses: actions/setup-python@v5
         with:
           python-version: "3.11"
 

diff --git a/README.md b/README.md
@@ -1,40 +1,95 @@
 # ![Hysteria 2](logo.svg)
 
-# 支持对接V2board面板的Hysteria2后端
+# 支持对接 Xboard/V2board 面板的Hysteria2后端
 
 ### 项目说明
-本项目基于hysteria官方内核二次开发，添加了从v2b获取节点信息、用户鉴权信息与上报用户流量的功能。
+本项目基于hysteria官方内核二次开发，添加了从 Xboard/V2board 获取节点信息、用户鉴权信息与上报用户流量的功能。
 性能方面已经由hysteria2内核作者亲自指导优化过了。
 
 ### TG交流群
 欢迎加入交流群 [点击加入](https://t.me/+DcRt8AB2VbI2Yzc1)
 
+准备工作：默认在root目录下开始。
+配置ssl证书，使用acme配置证书要占用80端口，CentOS自行把`apt`改成`yum`。
+```
+apt install -y vim curl socat openssl && mkdir hysteria
+```
+```
+curl https://get.acme.sh | sh -s [email protected]
+```
+```
+~/.acme.sh/acme.sh --upgrade --auto-upgrade
+```
+可选：切换申请letsencrypt的证书，`~/.acme.sh/acme.sh --set-default-ca --server letsencrypt`
 
-### 示例配置
+每行第一个 example.com 换成你解析到 vps 的域名，后面的 example.com 不用改了。
+```
+~/.acme.sh/acme.sh --issue -d example.com --standalone
+~/.acme.sh/acme.sh --install-cert -d example.com --key-file /root/hysteria/example.com.key
+~/.acme.sh/acme.sh --install-cert -d example.com --fullchain-file /root/hysteria/example.com.crt
+```
+安装docker，docker compose
+```
+curl -fsSL https://get.docker.com | bash -s docker && systemctl start docker && systemctl enable docker
+```
+修改 docker-compose.yml, server.yaml 配置文件。  
+Finalshell 注意：直接新建文件，复制粘贴过去，用终端粘贴不了符号。
+```
+cd hysteria
+```
+
+---在ssh 终端复制命令写入docker-compose.yml 文件
+```
+cat > docker-compose.yml << EOF
+version: "3.9"
+services:
+  hysteria:
+    image: ghcr.io/rebecca554owen/hysteria:latest
+    container_name: hysteria
+    restart: always
+    network_mode: "host"
+    volumes:
+      - ./server.yaml:/etc/hysteria/server.yaml         # 这里不用改。
+      - ./example.com.crt:/etc/hysteria/example.com.crt # 这里不用改。
+      - ./example.com.key:/etc/hysteria/example.com.key # 这里不用改。
+    command: ["server", "-c", "/etc/hysteria/server.yaml"]
+EOF
+```
+---配置文件server.yaml参考
+```
+vim server.yaml
+```
 ```
 v2board:
-  apiHost: https://面板地址
-  apiKey: 面板节点密钥
-  nodeID: 节点ID
+  apiHost: https://example.com # xboard面板域名
+  apiKey: 123456789 # 通讯密钥
+  nodeID: 1 # Hysteria节点id
 tls:
   type: tls
-  cert: /etc/hysteria/tls.crt
-  key: /etc/hysteria/tls.key
+  cert: /etc/hysteria/example.com.crt # 这里不要改。
+  key: /etc/hysteria/example.com.key  # 这里不要改。
 auth:
   type: v2board
 trafficStats:
   listen: 127.0.0.1:7653
 acl: 
   inline: 
-    - reject(10.0.0.0/8)
-    - reject(172.16.0.0/12)
-    - reject(192.168.0.0/16)
-    - reject(127.0.0.0/8)
-    - reject(fc00::/7)
+    - reject(pincong.rocks) #acl规则自行查阅hysteria2文档
+```
+启动docker compose
+```
+docker compose up -d
+```
+停止docker compose(不用的话记得停止运行，避免删除Hysteria2节点后数据库v2_log存在大量报错记录)
+```
+docker compose down
 ```
-> 其他配置完全与hysteria文档的一致，可以查看hysteria2官方文档 [点击查看](https://hysteria.network/zh/docs/getting-started/Installation/) 
 
-### docker 仓库
+查看日志：
+```
+docker logs -f hysteria
+```
+更新，在 hysteria 目录执行。
 ```
-docker pull ghcr.io/cedar2025/hysteria:v1.0.5
+docker compose pull && docker compose up -d
 ```
diff --git a/app/cmd/client.go b/app/cmd/client.go
@@ -23,6 +23,7 @@ import (
 	"github.com/apernet/hysteria/app/internal/url"
 	"github.com/apernet/hysteria/app/internal/utils"
 	"github.com/apernet/hysteria/core/client"
+	"github.com/apernet/hysteria/extras/correctnet"
 	"github.com/apernet/hysteria/extras/obfs"
 	"github.com/apernet/hysteria/extras/transport/udphop"
 )
@@ -397,21 +398,19 @@ func runClient(cmd *cobra.Command, args []string) {
 	if err := viper.Unmarshal(&config); err != nil {
 		logger.Fatal("failed to parse client config", zap.Error(err))
 	}
-	hyConfig, err := config.Config()
-	if err != nil {
-		logger.Fatal("failed to load client config", zap.Error(err))
-	}
 
-	c, err := client.NewReconnectableClient(hyConfig, func(c client.Client, info *client.HandshakeInfo, count int) {
-		connectLog(info, count)
-		// On the client side, we start checking for updates after we successfully connect
-		// to the server, which, depending on whether lazy mode is enabled, may or may not
-		// be immediately after the client starts. We don't want the update check request
-		// to interfere with the lazy mode option.
-		if count == 1 && !disableUpdateCheck {
-			go runCheckUpdateClient(c)
-		}
-	}, config.Lazy)
+	c, err := client.NewReconnectableClient(
+		config.Config,
+		func(c client.Client, info *client.HandshakeInfo, count int) {
+			connectLog(info, count)
+			// On the client side, we start checking for updates after we successfully connect
+			// to the server, which, depending on whether lazy mode is enabled, may or may not
+			// be immediately after the client starts. We don't want the update check request
+			// to interfere with the lazy mode option.
+			if count == 1 && !disableUpdateCheck {
+				go runCheckUpdateClient(c)
+			}
+		}, config.Lazy)
 	if err != nil {
 		logger.Fatal("failed to initialize client", zap.Error(err))
 	}
@@ -504,7 +503,7 @@ func clientSOCKS5(config socks5Config, c client.Client) error {
 	if config.Listen == "" {
 		return configError{Field: "listen", Err: errors.New("listen address is empty")}
 	}
-	l, err := net.Listen("tcp", config.Listen)
+	l, err := correctnet.Listen("tcp", config.Listen)
 	if err != nil {
 		return configError{Field: "listen", Err: err}
 	}
@@ -529,7 +528,7 @@ func clientHTTP(config httpConfig, c client.Client) error {
 	if config.Listen == "" {
 		return configError{Field: "listen", Err: errors.New("listen address is empty")}
 	}
-	l, err := net.Listen("tcp", config.Listen)
+	l, err := correctnet.Listen("tcp", config.Listen)
 	if err != nil {
 		return configError{Field: "listen", Err: err}
 	}
@@ -562,7 +561,7 @@ func clientTCPForwarding(entries []tcpForwardingEntry, c client.Client) error {
 		if e.Remote == "" {
 			return configError{Field: "remote", Err: errors.New("remote address is empty")}
 		}
-		l, err := net.Listen("tcp", e.Listen)
+		l, err := correctnet.Listen("tcp", e.Listen)
 		if err != nil {
 			return configError{Field: "listen", Err: err}
 		}
@@ -589,7 +588,7 @@ func clientUDPForwarding(entries []udpForwardingEntry, c client.Client) error {
 		if e.Remote == "" {
 			return configError{Field: "remote", Err: errors.New("remote address is empty")}
 		}
-		l, err := net.ListenPacket("udp", e.Listen)
+		l, err := correctnet.ListenPacket("udp", e.Listen)
 		if err != nil {
 			return configError{Field: "listen", Err: err}
 		}

diff --git a/app/cmd/server.go b/app/cmd/server.go
@@ -24,6 +24,7 @@ import (
 	"github.com/apernet/hysteria/app/internal/utils"
 	"github.com/apernet/hysteria/core/server"
 	"github.com/apernet/hysteria/extras/auth"
+	"github.com/apernet/hysteria/extras/correctnet"
 	"github.com/apernet/hysteria/extras/masq"
 	"github.com/apernet/hysteria/extras/obfs"
 	"github.com/apernet/hysteria/extras/outbounds"
@@ -227,7 +228,7 @@ func (c *serverConfig) fillConn(hyConfig *server.Config) error {
 	if err != nil {
 		return configError{Field: "listen", Err: err}
 	}
-	conn, err := net.ListenUDP("udp", uAddr)
+	conn, err := correctnet.ListenUDP("udp", uAddr)
 	if err != nil {
 		return configError{Field: "listen", Err: err}
 	}
@@ -259,11 +260,12 @@ func (c *serverConfig) fillTLSConfig(hyConfig *server.Config) error {
 		if c.TLS.Cert == "" || c.TLS.Key == "" {
 			return configError{Field: "tls", Err: errors.New("empty cert or key path")}
 		}
-		cert, err := tls.LoadX509KeyPair(c.TLS.Cert, c.TLS.Key)
-		if err != nil {
-			return configError{Field: "tls", Err: err}
+		// Use GetCertificate instead of Certificates so that
+		// users can update the cert without restarting the server.
+		hyConfig.TLSConfig.GetCertificate = func(info *tls.ClientHelloInfo) (*tls.Certificate, error) {
+			cert, err := tls.LoadX509KeyPair(c.TLS.Cert, c.TLS.Key)
+			return &cert, err
 		}
-		hyConfig.TLSConfig.Certificates = []tls.Certificate{cert}
 	} else {
 		// ACME
 		dataDir := c.ACME.Dir
@@ -850,7 +852,7 @@ func runServer(cmd *cobra.Command, args []string) {
 
 func runTrafficStatsServer(listen string, handler http.Handler) {
 	logger.Info("traffic stats server up and running", zap.String("listen", listen))
-	if err := http.ListenAndServe(listen, handler); err != nil {
+	if err := correctnet.HTTPListenAndServe(listen, handler); err != nil {
 		logger.Fatal("failed to serve traffic stats", zap.Error(err))
 	}
 }

diff --git a/app/go.mod b/app/go.mod
@@ -47,12 +47,12 @@ require (
 	go.uber.org/atomic v1.11.0 // indirect
 	go.uber.org/mock v0.3.0 // indirect
 	go.uber.org/multierr v1.11.0 // indirect
-	golang.org/x/crypto v0.14.0 // indirect
+	golang.org/x/crypto v0.17.0 // indirect
 	golang.org/x/exp v0.0.0-20221205204356-47842c84f3db // indirect
 	golang.org/x/mod v0.12.0 // indirect
 	golang.org/x/net v0.17.0 // indirect
-	golang.org/x/sys v0.13.0 // indirect
-	golang.org/x/text v0.13.0 // indirect
+	golang.org/x/sys v0.15.0 // indirect
+	golang.org/x/text v0.14.0 // indirect
 	golang.org/x/tools v0.11.1 // indirect
 	google.golang.org/protobuf v1.28.1 // indirect
 	gopkg.in/ini.v1 v1.67.0 // indirect

diff --git a/app/go.sum b/app/go.sum
@@ -267,8 +267,8 @@ golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPh
 golang.org/x/crypto v0.0.0-20210421170649-83a5a9bb288b/go.mod h1:T9bdIzuCu7OtxOm1hfPfRQxPLYneinmdGuTeoZ9dtd4=
 golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
 golang.org/x/crypto v0.0.0-20211108221036-ceb1ce70b4fa/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
-golang.org/x/crypto v0.14.0 h1:wBqGXzWJW6m1XrIKlAH0Hs1JJ7+9KBwnIO8v66Q9cHc=
-golang.org/x/crypto v0.14.0/go.mod h1:MVFd36DqK4CsrnJYDkBA3VC4m2GkXAM0PvzMCn4JQf4=
+golang.org/x/crypto v0.17.0 h1:r8bRNjWL3GshPW3gkd+RpvzWrZAwPS49OmTGZ/uhM4k=
+golang.org/x/crypto v0.17.0/go.mod h1:gCAAfMLgwOJRpTjQ2zCCt2OcSfYMTeZVSRtQlPC7Nq4=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8=
@@ -411,8 +411,8 @@ golang.org/x/sys v0.0.0-20220704084225-05e143d24a9e/go.mod h1:oPkhp1MJrh7nUepCBc
 golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220908164124-27713097b956/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.13.0 h1:Af8nKPmuFypiUBjVoU9V20FiaFXOcuZI21p0ycVYYGE=
-golang.org/x/sys v0.13.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.15.0 h1:h48lPFYpsTvQJZF4EKyI4aLHaev3CxivZmv7yZig9pc=
+golang.org/x/sys v0.15.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc=
@@ -424,8 +424,8 @@ golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.4/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
 golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
-golang.org/x/text v0.13.0 h1:ablQoSUd0tRdKxZewP80B+BaqeKJuVhuRxj/dkrun3k=
-golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE=
+golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ=
+golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
 golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=