VPS重装清单

VPS重装清单

性能测评

1
2
3
4
5
#NodeQuality
bash <(curl -sL https://run.NodeQuality.com)

#YABS.sh
curl -sL yabs.sh | bash -s -- -5

重装命令

1
2
3
4
5
6
7
8
# Alpine
bash <(wget -qO- 'https://raw.githubusercontent.com/bin456789/reinstall/main/reinstall.sh') alpine 3.21 --password 

# Debian12
bash <(wget -qO- 'https://raw.githubusercontent.com/bin456789/reinstall/main/reinstall.sh') debian 12 --password 

# Debian13 
bash <(wget -qO- 'https://raw.githubusercontent.com/bin456789/reinstall/main/reinstall.sh') debian 13 --password

系统工具安装命令

常用工具

1
2
3
4
5
# 适用于 Debian12 和 Debian13
apt update &&
apt install -y python3 &&
wget -q -O init.py https://raw.githubusercontent.com/flyflas/CommonScripts/refs/heads/main/Linux/install_debian.py &&
python3 init.py base

sing-box

1
2
# sing-box 安装命令
curl -fsSL https://sing-box.app/install.sh | sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
{
  "log": {
    "disabled": true,
    "level": "debug",
    "output": "/tmp/box.log",
    "timestamp": true
  },
  "dns": {
    "servers": [
      {
        "type": "local",
        "tag": "local"
      }
    ]
  },
  "inbounds": [
    {
      "type": "shadowsocks",
      "tag": "ss-in",
      "method": "aes-128-gcm",
      "password": "XXXXX",
                                    "_comment": "sing-box generate uuid",
      "listen": "::",
      "listen_port": 61254
    },
    {
      "tag": "reality",
      "type": "vless",
      "listen": "::",
      "listen_port": 8443,
                                    "_comment": "Port",
      "users": [
        {
          "uuid": "xxxx",
                                    "_comment": "sing-box generate uuid",
          "flow": "xtls-rprx-vision"
        }
      ],
      "tls": {
        "enabled": true,
        "server_name": "music.apple.com",
        "reality": {
          "enabled": true,
          "handshake": {
            "server": "music.apple.com",
            "server_port": 443
          },
          "private_key": "XXX",
                                    "_comment": "sing-box generate reality-keypair",
          "short_id": [
            "deac1a19f87791cd"
          ],
        }
      },
      "multiplex": {
        "enabled": true,
        "padding": true,
        "brutal": {
          "enabled": true,
          "up_mbps": 800,
          "down_mbps": 800
        }
      }
    },
    {
      "tag": "hy",
      "type": "hysteria2",
      "listen": "::",
      "listen_port": 54432,
      "up_mbps": 800,
      "down_mbps": 800,
      "users": [
        {
          "password": "XXX",
                                    "_comment": "sing-box generate uuid"
        }
      ],
      "tls": {
        "enabled": true,
        "alpn": [
          "h3"
        ],
        "certificate_path": "/path/fullchain.pem",
                                    "_comment_cert": "Path",
        "key_path": "/path/privkey.pem",
                                    "_comment_key": "Path"
      }
    }
  ],
  "outbounds": [
    {
      "type": "direct",
      "tag": "direct-out",
      "domain_resolver": {
        "server": "local",
        "strategy": "prefer_ipv6",
                                    "_comment": "dns解析优先级"
      }
    },
    {
      "type": "shadowsocks",
      "tag": "ss-out",
      "server": "XXX",
                                    "_comment_server": "IP",
      "server_port": "XXX",
                                    "_comment_port": "Port",
      "method": "aes-128-gcm",
      "password": "",
                                    "_comment_password": "sing-box generate uuid",
      "multiplex": {}
    }
  ],
  "route": { 
    "final": "direct-out"
  }
}

1
2
3
4
5
6
7
# 启动sing-box
systemctl start sing-box.service
systemctl status sing-box.service
systemctl enable sing-box.service

# 设置定时重启任务,防止内存溢出
(crontab -l 2>/dev/null; echo "0 4 * * * /bin/systemctl restart sing-box.service") | crontab -
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
# 设置防火墙规则,如果启用 Hysteria2
apt update &&
apt install nftables -y &&
mkdir -p /opt/script/nftables &&
cat > set_hy2_nftables.sh <<EOF
#!/usr/bin/env bash

nft add table inet nat
nft 'add chain inet nat prerouting { type nat hook prerouting priority 0; }'
nft add rule inet nat prerouting iif "ens5" udp dport 50000-60000 dnat to :54432
EOF

cd /opt/script/nftables &&
chmod +x set_hy2_nftables.sh &&
./set_hy2_nftables.sh

(crontab -l 2>/dev/null; echo "@reboot /usr/bin/bash /opt/script/nftables/set_hy2_nftables.sh") | crontab -