mirror/clash-for-linux
1
0
Fork 0
mirror of https://github.com/wnlen/clash-for-linux.git synced 2026-02-04 10:11:28 +08:00
Code Issues Packages Projects Releases Wiki Activity

Update start.sh

Browse Source
This commit is contained in:
wnlen
2026-01-14 17:30:08 +08:00
committed by GitHub
parent ec047dd2f2
commit 7cd4d8427f
1 changed files with 205 additions and 114 deletions
Download Patch File Download Diff File Expand all files Collapse all files

319
start.sh
View File

@ -1,15 +1,35 @@
#!/usr/bin/env bash
set -euo pipefail
############################################
# Clash for Linux - start.sh (Full Version)
# - systemd 模式下订阅失败/下载失败:不退出,使用 conf/config.yaml必要时从 conf/fallback_config.yaml 拷贝)兜底启动
# - 非 systemd 模式:订阅失败/下载失败直接退出(保持手动执行的强约束)
############################################
# 加载系统函数库(Only for RHEL Linux)
[ -f /etc/init.d/functions ] && source /etc/init.d/functions
#################### 脚本初始化任务 ####################
# 获取脚本工作目录绝对路径
export Server_Dir="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
export Server_Dir
Server_Dir="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
# 加载.env变量文件
# shellcheck disable=SC1090
source "$Server_Dir/.env"
# systemd 模式开关(必须在 set -u 下安全)
SYSTEMD_MODE="${SYSTEMD_MODE:-false}"
# 给二进制启动程序、脚本等添加可执行权限
chmod +x "$Server_Dir/bin/"* 2>/dev/null || true
chmod +x "$Server_Dir/scripts/"* 2>/dev/null || true
if [ -f "$Server_Dir/tools/subconverter/subconverter" ]; then
chmod +x "$Server_Dir/tools/subconverter/subconverter" 2>/dev/null || true
fi
#################### 变量设置 ####################
Conf_Dir="$Server_Dir/conf"
@ -21,9 +41,14 @@ mkdir -p "$Conf_Dir" "$Temp_Dir" "$Log_Dir"
PID_FILE="${CLASH_PID_FILE:-$Temp_Dir/clash.pid}"
# 将 CLASH_URL 变量的值赋给 URL 变量,并检查 CLASH_URL 是否为空
URL="${CLASH_URL:?Error: CLASH_URL variable is not set or empty}"
# systemd 模式:允许为空(用兜底配置启动)
if [ "${SYSTEMD_MODE}" = "true" ]; then
URL="${CLASH_URL:-}"
else
URL=${CLASH_URL:?Error: CLASH_URL variable is not set or empty}
fi
# 获取 CLASH_SECRET 值,若未设置则尝试读取旧配置,否则生成随机数
# 获取 CLASH_SECRET 值:优先 .env否则尝试读取旧 config否则生成随机数
Secret="${CLASH_SECRET:-}"
if [ -z "$Secret" ] && [ -f "$Conf_Dir/config.yaml" ]; then
Secret="$(awk -F': ' '/^secret:/{print $2; exit}' "$Conf_Dir/config.yaml" || true)"
@ -38,15 +63,13 @@ CLASH_SOCKS_PORT="${CLASH_SOCKS_PORT:-7891}"
CLASH_REDIR_PORT="${CLASH_REDIR_PORT:-7892}"
CLASH_LISTEN_IP="${CLASH_LISTEN_IP:-0.0.0.0}"
CLASH_ALLOW_LAN="${CLASH_ALLOW_LAN:-false}"
EXTERNAL_CONTROLLER_ENABLED="${EXTERNAL_CONTROLLER_ENABLED:-true}"
EXTERNAL_CONTROLLER="${EXTERNAL_CONTROLLER:-127.0.0.1:9090}"
ALLOW_INSECURE_TLS="${ALLOW_INSECURE_TLS:-false}"
CLASH_HEADERS="${CLASH_HEADERS:-}"
# systemd 模式:订阅失败时不 exit避免服务无限重启默认 false手动运行严格失败
SYSTEMD_MODE="${SYSTEMD_MODE:-false}"
# 端口工具
# 端口与配置工具
# shellcheck disable=SC1090
source "$Server_Dir/scripts/port_utils.sh"
CLASH_HTTP_PORT="$(resolve_port_value "HTTP" "$CLASH_HTTP_PORT")"
@ -54,23 +77,22 @@ CLASH_SOCKS_PORT="$(resolve_port_value "SOCKS" "$CLASH_SOCKS_PORT")"
CLASH_REDIR_PORT="$(resolve_port_value "REDIR" "$CLASH_REDIR_PORT")"
EXTERNAL_CONTROLLER="$(resolve_host_port "External Controller" "$EXTERNAL_CONTROLLER" "0.0.0.0")"
# 配置工具
# shellcheck disable=SC1090
source "$Server_Dir/scripts/config_utils.sh"
#################### 函数定义 ####################
# 自定义action函数实现通用action功能
# 自定义action函数实现通用action功能(兼容 journald关键错误会额外 echo 到 stderr
success() {
echo -en "\\033[60G[\\033[1;32m OK \\033[0;39m]\r"
echo -en "\033[60G[\033[1;32m OK \033[0;39m]\r"
return 0
}
failure() {
local rc=$?
echo -en "\\033[60G[\\033[1;31mFAILED\\033[0;39m]\r"
echo -en "\033[60G[\033[1;31mFAILED\033[0;39m]\r"
[ -x /bin/plymouth ] && /bin/plymouth --details
return $rc
return "$rc"
}
action() {
@ -81,16 +103,18 @@ action() {
"$@" && success $"$STRING" || failure $"$STRING"
rc=$?
echo
return $rc
return "$rc"
}
# 判断命令是否正常执行 函数
# 判断命令是否正常执行手动模式失败退出systemd 模式:由调用处决定)
if_success() {
local ReturnStatus=$3
if [ "$ReturnStatus" -eq 0 ]; then
action "$1" /bin/true
local ok_msg=$1
local fail_msg=$2
local rc=$3
if [ "$rc" -eq 0 ]; then
action "$ok_msg" /bin/true
else
action "$2" /bin/false
action "$fail_msg" /bin/false
exit 1
fi
}
@ -102,110 +126,148 @@ if_success() {
source "$Server_Dir/scripts/get_cpu_arch.sh"
if [[ -z "${CpuArch:-}" ]]; then
echo "Failed to obtain CPU architecture"
echo "[ERROR] Failed to obtain CPU architecture" >&2
exit 1
fi
# shellcheck disable=SC1090
source "$Server_Dir/scripts/resolve_clash.sh"
## 临时取消环境变量(避免自身代理影响下载)
## 临时取消环境变量
unset http_proxy https_proxy no_proxy HTTP_PROXY HTTPS_PROXY NO_PROXY || true
#################### Clash 订阅地址检测及配置文件下载 ####################
echo -e '\n正在检测订阅地址...'
Text1="Clash订阅地址可访问"
Text2="Clash订阅地址不可访问"
CHECK_CMD=(curl -o /dev/null -L -sS --retry 5 -m 10 --connect-timeout 10 -w "%{http_code}")
if [ "$ALLOW_INSECURE_TLS" = "true" ]; then
CHECK_CMD+=(-k)
echo -e "\033[33m[WARN] 已启用不安全的 TLS 下载(跳过证书校验)\033[0m"
fi
if [ -n "$CLASH_HEADERS" ]; then
CHECK_CMD+=(-H "$CLASH_HEADERS")
fi
CHECK_CMD+=("$URL")
status_code="$("${CHECK_CMD[@]}")"
echo "$status_code" | grep -E '^[23][0-9]{2}$' &>/dev/null
ReturnStatus=$?
if [ "$ReturnStatus" -eq 0 ]; then
action "$Text1" /bin/true
else
if [ "$SYSTEMD_MODE" = "true" ]; then
action "$Text2systemd 模式不退出,尝试使用旧配置/等待下次重试)" /bin/false
else
if_success "$Text1" "$Text2" "$ReturnStatus"
fi
fi
echo -e '\n正在下载Clash配置文件...'
Text3="配置文件config.yaml下载成功"
Text4="配置文件config.yaml下载失败退出启动"
CURL_CMD=(curl -L -sS --retry 5 -m 10 -o "$Temp_Dir/clash.yaml")
if [ "$ALLOW_INSECURE_TLS" = "true" ]; then
CURL_CMD+=(-k)
fi
if [ -n "$CLASH_HEADERS" ]; then
CURL_CMD+=(-H "$CLASH_HEADERS")
fi
CURL_CMD+=("$URL")
# 尝试使用curl进行下载失败不直接退出交给 ReturnStatus 判定)
set +e
"${CURL_CMD[@]}"
ReturnStatus=$?
set -e
if [ "$ReturnStatus" -ne 0 ]; then
WGET_CMD=(wget -q -O "$Temp_Dir/clash.yaml")
if [ "$ALLOW_INSECURE_TLS" = "true" ]; then
WGET_CMD+=(--no-check-certificate)
fi
if [ -n "$CLASH_HEADERS" ]; then
WGET_CMD+=(--header="$CLASH_HEADERS")
fi
WGET_CMD+=("$URL")
for _ in {1..10}; do
set +e
"${WGET_CMD[@]}"
ReturnStatus=$?
set -e
if [ "$ReturnStatus" -eq 0 ]; then
break
fi
done
fi
SKIP_CONFIG_REBUILD=false
if [ "$ReturnStatus" -eq 0 ]; then
action "$Text3" /bin/true
else
if [ "$SYSTEMD_MODE" = "true" ]; then
if [ -f "$Conf_Dir/config.yaml" ] && [ -s "$Conf_Dir/config.yaml" ]; then
action "$Text4systemd 模式:下载失败,使用旧配置继续启动)" /bin/false
SKIP_CONFIG_REBUILD=true
########################################################
# systemd 兜底:如果没有可用订阅 URL则确保有 config.yaml
########################################################
ensure_fallback_config() {
# conf/config.yaml 为空或不存在,则从 fallback 拷贝
if [ ! -s "$Conf_Dir/config.yaml" ]; then
if [ -s "$Server_Dir/conf/fallback_config.yaml" ]; then
cp -f "$Server_Dir/conf/fallback_config.yaml" "$Conf_Dir/config.yaml"
echo -e "\033[33m[WARN]\033[0m 已复制 fallback_config.yaml -> conf/config.yaml兜底"
else
action "$Text4systemd 模式:且无旧配置,仍需退出)" /bin/false
echo -e "\033[31m[ERROR]\033[0m 未找到可用的 conf/fallback_config.yaml无法兜底启动" >&2
exit 1
fi
fi
}
SKIP_CONFIG_REBUILD=false
# systemd 模式下若 URL 为空:直接兜底启动
if [ "${SYSTEMD_MODE}" = "true" ] && [ -z "${URL:-}" ]; then
echo -e "\033[33m[WARN]\033[0m SYSTEMD_MODE=true 且 CLASH_URL 为空,跳过订阅更新,使用本地兜底配置启动"
ensure_fallback_config
SKIP_CONFIG_REBUILD=true
fi
#################### Clash 订阅地址检测及配置文件下载 ####################
if [ "$SKIP_CONFIG_REBUILD" != "true" ]; then
echo -e '\n正在检测订阅地址...'
Text1="Clash订阅地址可访问"
Text2="Clash订阅地址不可访问"
CHECK_CMD=(curl -o /dev/null -L -sS --retry 5 -m 10 --connect-timeout 10 -w "%{http_code}")
if [ "$ALLOW_INSECURE_TLS" = "true" ]; then
CHECK_CMD+=(-k)
echo -e "\033[33m[WARN]\033[0m 已启用不安全的 TLS 下载(跳过证书校验)"
fi
if [ -n "${CLASH_HEADERS:-}" ]; then
CHECK_CMD+=(-H "$CLASH_HEADERS")
fi
CHECK_CMD+=("$URL")
# 不让 set -e 干扰获取状态码
set +e
status_code="$("${CHECK_CMD[@]}")"
curl_rc=$?
set -e
# curl 本身失败,视为不可用
if [ "$curl_rc" -ne 0 ]; then
status_code=""
ReturnStatus=1
else
if_success "$Text3" "$Text4" "$ReturnStatus"
echo "$status_code" | grep -E '^[23][0-9]{2}$' &>/dev/null
ReturnStatus=$?
fi
if [ "$ReturnStatus" -eq 0 ]; then
action "$Text1" /bin/true
else
# systemd 模式:不退出,尝试使用旧配置/兜底配置继续启动
if [ "$SYSTEMD_MODE" = "true" ]; then
action "$Text2systemd 模式不退出,尝试使用旧配置/兜底配置)" /bin/false
echo -e "\033[33m[WARN]\033[0m Subscribe check failed: http_code=${status_code:-unknown}, url=${URL}" >&2
ensure_fallback_config
SKIP_CONFIG_REBUILD=true
else
if_success "$Text1" "$Text2" "$ReturnStatus"
fi
fi
fi
#################### 配置生成(可跳过 ####################
#################### 下载订阅并生成 config.yaml非兜底路径 ####################
if [ "$SKIP_CONFIG_REBUILD" != "true" ]; then
# 重命名clash配置文件
echo -e '\n正在下载Clash配置文件...'
Text3="配置文件clash.yaml下载成功"
Text4="配置文件clash.yaml下载失败"
CURL_CMD=(curl -L -sS --retry 5 -m 10 -o "$Temp_Dir/clash.yaml")
if [ "$ALLOW_INSECURE_TLS" = "true" ]; then
CURL_CMD+=(-k)
fi
if [ -n "${CLASH_HEADERS:-}" ]; then
CURL_CMD+=(-H "$CLASH_HEADERS")
fi
CURL_CMD+=("$URL")
set +e
"${CURL_CMD[@]}"
ReturnStatus=$?
set -e
if [ "$ReturnStatus" -ne 0 ]; then
WGET_CMD=(wget -q -O "$Temp_Dir/clash.yaml")
if [ "$ALLOW_INSECURE_TLS" = "true" ]; then
WGET_CMD+=(--no-check-certificate)
fi
if [ -n "${CLASH_HEADERS:-}" ]; then
WGET_CMD+=(--header="$CLASH_HEADERS")
fi
WGET_CMD+=("$URL")
for _ in {1..10}; do
set +e
"${WGET_CMD[@]}"
ReturnStatus=$?
set -e
if [ "$ReturnStatus" -eq 0 ]; then
break
fi
done
fi
if [ "$ReturnStatus" -eq 0 ]; then
action "$Text3" /bin/true
else
if [ "$SYSTEMD_MODE" = "true" ]; then
action "$Text4systemd 模式:下载失败,使用旧配置/兜底配置继续启动)" /bin/false
echo -e "\033[33m[WARN]\033[0m Download failed, will fallback. url=${URL}" >&2
ensure_fallback_config
SKIP_CONFIG_REBUILD=true
else
if_success "$Text3" "$Text4(退出启动)" "$ReturnStatus"
fi
fi
fi
#################### 订阅转换/拼接(非兜底路径) ####################
if [ "$SKIP_CONFIG_REBUILD" != "true" ]; then
# 重命名订阅文件
\cp -a "$Temp_Dir/clash.yaml" "$Temp_Dir/clash_config.yaml"
## 判断订阅内容是否符合clash配置文件标准尝试转换需 subconverter 可执行文件支持)
# 判断订阅内容是否符合clash配置文件标准尝试转换需 subconverter 可执行文件支持)
# shellcheck disable=SC1090
source "$Server_Dir/scripts/resolve_subconverter.sh"
@ -213,23 +275,26 @@ if [ "$SKIP_CONFIG_REBUILD" != "true" ]; then
echo -e '\n判断订阅内容是否符合clash配置文件标准:'
export SUBCONVERTER_BIN="$Subconverter_Bin"
bash "$Server_Dir/scripts/clash_profile_conversion.sh"
sleep 3
sleep 1
else
echo -e "\033[33m[WARN] 未检测到可用的 subconverter跳过订阅转换\033[0m"
echo -e "\033[33m[WARN]\033[0m 未检测到可用的 subconverter跳过订阅转换"
fi
## Clash 配置文件重新格式化及配置
# 取出代理相关配置
sed -n '/^proxies:/,$p' "$Temp_Dir/clash_config.yaml" > "$Temp_Dir/proxy.txt"
# 合并形成新的config.yaml并替换配置占位符
cat "$Temp_Dir/templete_config.yaml" > "$Temp_Dir/config.yaml"
cat "$Temp_Dir/proxy.txt" >> "$Temp_Dir/config.yaml"
# 替换配置文件中的占位符为环境变量值
sed -i "s/CLASH_HTTP_PORT_PLACEHOLDER/${CLASH_HTTP_PORT}/g" "$Temp_Dir/config.yaml"
sed -i "s/CLASH_SOCKS_PORT_PLACEHOLDER/${CLASH_SOCKS_PORT}/g" "$Temp_Dir/config.yaml"
sed -i "s/CLASH_REDIR_PORT_PLACEHOLDER/${CLASH_REDIR_PORT}/g" "$Temp_Dir/config.yaml"
sed -i "s/CLASH_LISTEN_IP_PLACEHOLDER/${CLASH_LISTEN_IP}/g" "$Temp_Dir/config.yaml"
sed -i "s/CLASH_ALLOW_LAN_PLACEHOLDER/${CLASH_ALLOW_LAN}/g" "$Temp_Dir/config.yaml"
# 配置 external-controller
if [ "$EXTERNAL_CONTROLLER_ENABLED" = "true" ]; then
sed -i "s/EXTERNAL_CONTROLLER_PLACEHOLDER/${EXTERNAL_CONTROLLER}/g" "$Temp_Dir/config.yaml"
else
@ -239,22 +304,34 @@ if [ "$SKIP_CONFIG_REBUILD" != "true" ]; then
apply_tun_config "$Temp_Dir/config.yaml"
apply_mixin_config "$Temp_Dir/config.yaml" "$Server_Dir"
\cp "$Temp_Dir/config.yaml" "$Conf_Dir/config.yaml"
\cp "$Temp_Dir/config.yaml" "$Conf_Dir/"
# Configure Clash Dashboard
Work_Dir="$(cd "$(dirname "$0")" && pwd)"
Dashboard_Dir="${Work_Dir}/dashboard/public"
if [ "$EXTERNAL_CONTROLLER_ENABLED" = "true" ]; then
sed -ri "s@^# external-ui:.*@external-ui: ${Dashboard_Dir}@g" "$Conf_Dir/config.yaml" || true
fi
# 写入 secretSecret 为 hex 一般无需转义,这里保持你原 sed 方式)
# 写入 secret
sed -r -i "/^secret: /s@(secret: ).*@\1${Secret}@g" "$Conf_Dir/config.yaml" || true
else
# 兜底路径:尽量也写入 secret若 config 里有 secret: 行就替换;没有就追加)
if grep -qE '^secret:\s*' "$Conf_Dir/config.yaml" 2>/dev/null; then
sed -r -i "/^secret: /s@(secret: ).*@\1${Secret}@g" "$Conf_Dir/config.yaml" || true
else
echo "secret: ${Secret}" >> "$Conf_Dir/config.yaml" || true
fi
fi
#################### 启动Clash服务 ####################
# 启动前确保 config.yaml 存在且非空
if [ ! -s "$Conf_Dir/config.yaml" ]; then
echo -e "\033[31m[ERROR]\033[0m conf/config.yaml 不存在或为空,无法启动 Clash" >&2
exit 1
fi
echo -e '\n正在启动Clash服务...'
Text5="服务启动成功!"
Text6="服务启动失败!"
@ -273,6 +350,8 @@ fi
if_success "$Text5" "$Text6" "$ReturnStatus"
#################### 输出信息 ####################
echo ''
if [ "$EXTERNAL_CONTROLLER_ENABLED" = "true" ]; then
echo -e "Clash Dashboard 访问地址: http://${EXTERNAL_CONTROLLER}/ui"
@ -282,10 +361,12 @@ else
fi
echo ''
# 添加环境变量 - 使用配置的端口
#################### 写入代理环境变量文件 ####################
Env_File="${CLASH_ENV_FILE:-}"
if [ "$Env_File" = "off" ] || [ "$Env_File" = "disabled" ]; then
echo -e "\033[33m[WARN] 已关闭环境变量文件生成\033[0m"
echo -e "\033[33m[WARN]\033[0m 已关闭环境变量文件生成"
else
if [ -z "$Env_File" ]; then
if [ -w /etc/profile.d ]; then
@ -295,7 +376,12 @@ else
fi
fi
if [ -f /etc/profile.d/clash.sh ]; then
echo -e "\033[33m[WARN]\033[0m 检测到旧版环境变量文件 /etc/profile.d/clash.sh建议确认是否需要清理"
fi
mkdir -p "$(dirname "$Env_File")"
cat >"$Env_File"<<EOF
# 开启系统代理
function proxy_on() {
@ -310,7 +396,12 @@ function proxy_on() {
# 关闭系统代理
function proxy_off() {
unset http_proxy https_proxy no_proxy HTTP_PROXY HTTPS_PROXY NO_PROXY
unset http_proxy
unset https_proxy
unset no_proxy
unset HTTP_PROXY
unset HTTPS_PROXY
unset NO_PROXY
echo -e "\033[31m[×] 已关闭代理\033[0m"
}
EOF