From 864841ef3ca793132774d007686317e3a614318d Mon Sep 17 00:00:00 2001 From: wnlen <62139570+wnlen@users.noreply.github.com> Date: Tue, 13 Jan 2026 23:17:27 +0800 Subject: [PATCH] Add update flow, pidfile handling, and systemd unit --- README.md | 45 +++++++- restart.sh | 60 ++++++++-- shutdown.sh | 39 ++++++- start.sh | 74 ++++++++---- systemd/clash-for-linux.service | 16 +++ update.sh | 195 ++++++++++++++++++++++++++++++++ 6 files changed, 392 insertions(+), 37 deletions(-) create mode 100644 systemd/clash-for-linux.service create mode 100644 update.sh diff --git a/README.md b/README.md index d56148f..0ee67ce 100644 --- a/README.md +++ b/README.md @@ -16,6 +16,9 @@ - 本项目是基于 [clash](https://github.com/Dreamacro/clash) 、[yacd](https://github.com/haishanh/yacd) 进行的配置整合,关于clash、yacd的详细配置请去原项目查看。 - 此项目不提供任何订阅信息,请自行准备Clash订阅地址。 - 运行前请手动更改`.env`文件中的`CLASH_URL`变量值,否则无法正常运行。 +- 默认将管理面板仅绑定到本机(`127.0.0.1:9090`),如需对外访问请在`.env`中自行配置并确保`CLASH_SECRET`足够复杂。 +- 默认开启 TLS 证书校验,若确需跳过校验请在`.env`中设置`ALLOW_INSECURE_TLS=true`(不推荐)。 +- 如从旧版本升级,若存在 `/etc/profile.d/clash.sh` 请按需清理或改用新的 `/etc/profile.d/clash-for-linux.sh`。 - 当前在RHEL系列和Debian系列Linux系统中测试过,其他系列可能需要适当修改脚本。 - 支持 x86_64/aarch64 平台 @@ -71,7 +74,7 @@ Clash订阅地址可访问! [ OK ] Clash Dashboard 访问地址:http://:9090/ui Secret:xxxxxxxxxxxxx -请执行以下命令加载环境变量: source /etc/profile.d/clash.sh +请执行以下命令加载环境变量: source /etc/profile.d/clash-for-linux.sh 请执行以下命令开启系统代理: proxy_on @@ -80,7 +83,7 @@ Secret:xxxxxxxxxxxxx ``` ```bash -$ source /etc/profile.d/clash.sh +$ source /etc/profile.d/clash-for-linux.sh $ proxy_on ``` @@ -113,6 +116,20 @@ https_proxy=http://127.0.0.1:7890 > **注意:** > 重启脚本 `restart.sh` 不会更新订阅信息。 +如需更新订阅并重启,可执行: + +```bash +$ sudo bash restart.sh --update +``` + +## 更新订阅 + +如只需更新订阅配置但不重启服务,可执行: + +```bash +$ sudo bash update.sh +``` +
## 停止程序 @@ -138,6 +155,30 @@ $ proxy_off 然后检查程序端口、进程以及环境变量`http_proxy|https_proxy`,若都没则说明服务正常关闭。 +
+ +## systemd 服务 + +将仓库中的 `systemd/clash-for-linux.service` 复制到 `/etc/systemd/system/`,并根据实际路径修改 `WorkingDirectory` 与脚本路径: + +```bash +$ sudo cp systemd/clash-for-linux.service /etc/systemd/system/ +$ sudo vim /etc/systemd/system/clash-for-linux.service +``` + +启用并启动服务: + +```bash +$ sudo systemctl daemon-reload +$ sudo systemctl enable --now clash-for-linux.service +``` + +停止服务: + +```bash +$ sudo systemctl stop clash-for-linux.service +``` +
diff --git a/restart.sh b/restart.sh index 5a2aa7c..31f33b0 100644 --- a/restart.sh +++ b/restart.sh @@ -40,17 +40,52 @@ if_success() { Server_Dir=$(cd $(dirname "${BASH_SOURCE[0]}") && pwd) Conf_Dir="$Server_Dir/conf" Log_Dir="$Server_Dir/logs" +Temp_Dir="$Server_Dir/temp" +PID_FILE="$Temp_Dir/clash.pid" + +if [ "$1" = "--update" ]; then + bash "$Server_Dir/update.sh" || exit 1 +fi ## 关闭clash服务 Text1="服务关闭成功!" Text2="服务关闭失败!" # 查询并关闭程序进程 -PID_NUM=`ps -ef | grep [c]lash-linux-a | wc -l` -PID=`ps -ef | grep [c]lash-linux-a | awk '{print $2}'` -if [ $PID_NUM -ne 0 ]; then - kill -9 $PID - ReturnStatus=$? - # ps -ef | grep [c]lash-linux-a | awk '{print $2}' | xargs kill -9 +if [ -f "$PID_FILE" ]; then + PID=$(cat "$PID_FILE") + if [ -n "$PID" ]; then + kill "$PID" + ReturnStatus=$? + for i in {1..5}; do + sleep 1 + if ! kill -0 "$PID" 2>/dev/null; then + break + fi + done + if kill -0 "$PID" 2>/dev/null; then + kill -9 "$PID" + fi + else + ReturnStatus=1 + fi + rm -f "$PID_FILE" +else + PIDS=$(pgrep -f "clash-linux-") + if [ -n "$PIDS" ]; then + kill $PIDS + ReturnStatus=$? + for i in {1..5}; do + sleep 1 + if ! pgrep -f "clash-linux-" >/dev/null; then + break + fi + done + if pgrep -f "clash-linux-" >/dev/null; then + kill -9 $PIDS + fi + else + ReturnStatus=0 + fi fi if_success $Text1 $Text2 $ReturnStatus @@ -73,18 +108,29 @@ Text5="服务启动成功!" Text6="服务启动失败!" if [[ $CpuArch =~ "x86_64" ]]; then nohup $Server_Dir/bin/clash-linux-amd64 -d $Conf_Dir &> $Log_Dir/clash.log & + PID=$! ReturnStatus=$? + if [ $ReturnStatus -eq 0 ]; then + echo "$PID" > "$PID_FILE" + fi if_success $Text5 $Text6 $ReturnStatus elif [[ $CpuArch =~ "aarch64" || $CpuArch =~ "arm64" ]]; then nohup $Server_Dir/bin/clash-linux-arm64 -d $Conf_Dir &> $Log_Dir/clash.log & + PID=$! ReturnStatus=$? + if [ $ReturnStatus -eq 0 ]; then + echo "$PID" > "$PID_FILE" + fi if_success $Text5 $Text6 $ReturnStatus elif [[ $CpuArch =~ "armv7" ]]; then nohup $Server_Dir/bin/clash-linux-armv7 -d $Conf_Dir &> $Log_Dir/clash.log & + PID=$! ReturnStatus=$? + if [ $ReturnStatus -eq 0 ]; then + echo "$PID" > "$PID_FILE" + fi if_success $Text5 $Text6 $ReturnStatus else echo -e "\033[31m\n[ERROR] Unsupported CPU Architecture!\033[0m" exit 1 fi - diff --git a/shutdown.sh b/shutdown.sh index c2ba4e7..535cf18 100644 --- a/shutdown.sh +++ b/shutdown.sh @@ -1,14 +1,41 @@ #!/bin/bash # 关闭clash服务 -PID_NUM=`ps -ef | grep [c]lash-linux-a | wc -l` -PID=`ps -ef | grep [c]lash-linux-a | awk '{print $2}'` -if [ $PID_NUM -ne 0 ]; then - kill -9 $PID - # ps -ef | grep [c]lash-linux-a | awk '{print $2}' | xargs kill -9 +Server_Dir=$(cd $(dirname "${BASH_SOURCE[0]}") && pwd) +Temp_Dir="$Server_Dir/temp" +PID_FILE="$Temp_Dir/clash.pid" +if [ -f "$PID_FILE" ]; then + PID=$(cat "$PID_FILE") + if [ -n "$PID" ]; then + kill "$PID" + for i in {1..5}; do + sleep 1 + if ! kill -0 "$PID" 2>/dev/null; then + break + fi + done + if kill -0 "$PID" 2>/dev/null; then + kill -9 "$PID" + fi + fi + rm -f "$PID_FILE" +else + PIDS=$(pgrep -f "clash-linux-") + if [ -n "$PIDS" ]; then + kill $PIDS + for i in {1..5}; do + sleep 1 + if ! pgrep -f "clash-linux-" >/dev/null; then + break + fi + done + if pgrep -f "clash-linux-" >/dev/null; then + kill -9 $PIDS + fi + fi fi # 清除环境变量 -> /etc/profile.d/clash.sh +> /etc/profile.d/clash-for-linux.sh echo -e "\n服务关闭成功,请执行以下命令关闭系统代理:proxy_off\n" diff --git a/start.sh b/start.sh index 24709d1..4d84485 100644 --- a/start.sh +++ b/start.sh @@ -23,6 +23,7 @@ chmod +x $Server_Dir/tools/subconverter/subconverter Conf_Dir="$Server_Dir/conf" Temp_Dir="$Server_Dir/temp" Log_Dir="$Server_Dir/logs" +PID_FILE="$Temp_Dir/clash.pid" # 将 CLASH_URL 变量的值赋给 URL 变量,并检查 CLASH_URL 是否为空 URL=${CLASH_URL:?Error: CLASH_URL variable is not set or empty} @@ -35,9 +36,10 @@ CLASH_HTTP_PORT=${CLASH_HTTP_PORT:-7890} CLASH_SOCKS_PORT=${CLASH_SOCKS_PORT:-7891} CLASH_REDIR_PORT=${CLASH_REDIR_PORT:-7892} CLASH_LISTEN_IP=${CLASH_LISTEN_IP:-0.0.0.0} -CLASH_ALLOW_LAN=${CLASH_ALLOW_LAN:-true} +CLASH_ALLOW_LAN=${CLASH_ALLOW_LAN:-false} EXTERNAL_CONTROLLER_ENABLED=${EXTERNAL_CONTROLLER_ENABLED:-true} -EXTERNAL_CONTROLLER=${EXTERNAL_CONTROLLER:-0.0.0.0:9090} +EXTERNAL_CONTROLLER=${EXTERNAL_CONTROLLER:-127.0.0.1:9090} +ALLOW_INSECURE_TLS=${ALLOW_INSECURE_TLS:-false} @@ -110,14 +112,19 @@ Text1="Clash订阅地址可访问!" Text2="Clash订阅地址不可访问!" # 构建检测 curl 命令,添加自定义请求头 -CHECK_CMD="curl -o /dev/null -L -k -sS --retry 5 -m 10 --connect-timeout 10 -w \"%{http_code}\"" -if [ -n "$CLASH_HEADERS" ]; then - CHECK_CMD="$CHECK_CMD -H '$CLASH_HEADERS'" +CHECK_CMD=(curl -o /dev/null -L -sS --retry 5 -m 10 --connect-timeout 10 -w "%{http_code}") +if [ "$ALLOW_INSECURE_TLS" = "true" ]; then + CHECK_CMD+=(-k) + echo -e "\033[33m[WARN] 已启用不安全的 TLS 下载(跳过证书校验)\033[0m" fi -CHECK_CMD="$CHECK_CMD $URL" +if [ -n "$CLASH_HEADERS" ]; then + CHECK_CMD+=(-H "$CLASH_HEADERS") +fi +CHECK_CMD+=("$URL") # 检查订阅地址 -eval $CHECK_CMD | grep -E '^[23][0-9]{2}$' &>/dev/null +status_code=$("${CHECK_CMD[@]}") +echo "$status_code" | grep -E '^[23][0-9]{2}$' &>/dev/null ReturnStatus=$? if_success $Text1 $Text2 $ReturnStatus @@ -127,26 +134,32 @@ Text3="配置文件config.yaml下载成功!" Text4="配置文件config.yaml下载失败,退出启动!" # 构建 curl 命令,添加自定义请求头 -CURL_CMD="curl -L -k -sS --retry 5 -m 10 -o $Temp_Dir/clash.yaml" -if [ -n "$CLASH_HEADERS" ]; then - CURL_CMD="$CURL_CMD -H '$CLASH_HEADERS'" +CURL_CMD=(curl -L -sS --retry 5 -m 10 -o "$Temp_Dir/clash.yaml") +if [ "$ALLOW_INSECURE_TLS" = "true" ]; then + CURL_CMD+=(-k) fi -CURL_CMD="$CURL_CMD $URL" +if [ -n "$CLASH_HEADERS" ]; then + CURL_CMD+=(-H "$CLASH_HEADERS") +fi +CURL_CMD+=("$URL") # 尝试使用curl进行下载 -eval $CURL_CMD +"${CURL_CMD[@]}" ReturnStatus=$? if [ $ReturnStatus -ne 0 ]; then # 如果使用curl下载失败,尝试使用wget进行下载 - WGET_CMD="wget -q --no-check-certificate -O $Temp_Dir/clash.yaml" - if [ -n "$CLASH_HEADERS" ]; then - WGET_CMD="$WGET_CMD --header='$CLASH_HEADERS'" + WGET_CMD=(wget -q -O "$Temp_Dir/clash.yaml") + if [ "$ALLOW_INSECURE_TLS" = "true" ]; then + WGET_CMD+=(--no-check-certificate) fi - WGET_CMD="$WGET_CMD $URL" + if [ -n "$CLASH_HEADERS" ]; then + WGET_CMD+=(--header="$CLASH_HEADERS") + fi + WGET_CMD+=("$URL") for i in {1..10} do - eval $WGET_CMD + "${WGET_CMD[@]}" ReturnStatus=$? if [ $ReturnStatus -eq 0 ]; then break @@ -161,11 +174,13 @@ if_success $Text3 $Text4 $ReturnStatus \cp -a $Temp_Dir/clash.yaml $Temp_Dir/clash_config.yaml -## 判断订阅内容是否符合clash配置文件标准,尝试转换(当前不支持对 x86_64 以外的CPU架构服务器进行clash配置文件检测和转换,此功能将在后续添加) -if [[ $CpuArch =~ "x86_64" || $CpuArch =~ "amd64" ]]; then +## 判断订阅内容是否符合clash配置文件标准,尝试转换(需 subconverter 可执行文件支持) +if [ -x "$Server_Dir/tools/subconverter/subconverter" ]; then echo -e '\n判断订阅内容是否符合clash配置文件标准:' bash $Server_Dir/scripts/clash_profile_conversion.sh sleep 3 +else + echo -e "\033[33m[WARN] 未检测到可用的 subconverter,跳过订阅转换\033[0m" fi @@ -210,15 +225,27 @@ Text5="服务启动成功!" Text6="服务启动失败!" if [[ $CpuArch =~ "x86_64" || $CpuArch =~ "amd64" ]]; then nohup $Server_Dir/bin/clash-linux-amd64 -d $Conf_Dir &> $Log_Dir/clash.log & + PID=$! ReturnStatus=$? + if [ $ReturnStatus -eq 0 ]; then + echo "$PID" > "$PID_FILE" + fi if_success $Text5 $Text6 $ReturnStatus elif [[ $CpuArch =~ "aarch64" || $CpuArch =~ "arm64" ]]; then nohup $Server_Dir/bin/clash-linux-arm64 -d $Conf_Dir &> $Log_Dir/clash.log & + PID=$! ReturnStatus=$? + if [ $ReturnStatus -eq 0 ]; then + echo "$PID" > "$PID_FILE" + fi if_success $Text5 $Text6 $ReturnStatus elif [[ $CpuArch =~ "armv7" ]]; then nohup $Server_Dir/bin/clash-linux-armv7 -d $Conf_Dir &> $Log_Dir/clash.log & + PID=$! ReturnStatus=$? + if [ $ReturnStatus -eq 0 ]; then + echo "$PID" > "$PID_FILE" + fi if_success $Text5 $Text6 $ReturnStatus else echo -e "\033[31m\n[ERROR] Unsupported CPU Architecture!\033[0m" @@ -236,7 +263,10 @@ fi echo '' # 添加环境变量(root权限) - 使用配置的端口 -cat>/etc/profile.d/clash.sh</etc/profile.d/clash-for-linux.sh</dev/null +ReturnStatus=$? +if_success $Text1 $Text2 $ReturnStatus + +# 拉取更新config.yml文件 +echo -e '\n正在下载Clash配置文件...' +Text3="配置文件config.yaml下载成功!" +Text4="配置文件config.yaml下载失败,退出更新!" + +# 构建 curl 命令,添加自定义请求头 +CURL_CMD=(curl -L -sS --retry 5 -m 10 -o "$Temp_Dir/clash.yaml") +if [ "$ALLOW_INSECURE_TLS" = "true" ]; then + CURL_CMD+=(-k) +fi +if [ -n "$CLASH_HEADERS" ]; then + CURL_CMD+=(-H "$CLASH_HEADERS") +fi +CURL_CMD+=("$URL") + +# 尝试使用curl进行下载 +"${CURL_CMD[@]}" +ReturnStatus=$? +if [ $ReturnStatus -ne 0 ]; then + # 如果使用curl下载失败,尝试使用wget进行下载 + WGET_CMD=(wget -q -O "$Temp_Dir/clash.yaml") + if [ "$ALLOW_INSECURE_TLS" = "true" ]; then + WGET_CMD+=(--no-check-certificate) + fi + if [ -n "$CLASH_HEADERS" ]; then + WGET_CMD+=(--header="$CLASH_HEADERS") + fi + WGET_CMD+=("$URL") + + for i in {1..10} + do + "${WGET_CMD[@]}" + ReturnStatus=$? + if [ $ReturnStatus -eq 0 ]; then + break + else + continue + fi + done +fi +if_success $Text3 $Text4 $ReturnStatus + +# 重命名clash配置文件 +\cp -a $Temp_Dir/clash.yaml $Temp_Dir/clash_config.yaml + +## 判断订阅内容是否符合clash配置文件标准,尝试转换(需 subconverter 可执行文件支持) +if [ -x "$Server_Dir/tools/subconverter/subconverter" ]; then + echo -e '\n判断订阅内容是否符合clash配置文件标准:' + bash $Server_Dir/scripts/clash_profile_conversion.sh + sleep 3 +else + echo -e "\033[33m[WARN] 未检测到可用的 subconverter,跳过订阅转换\033[0m" +fi + +## Clash 配置文件重新格式化及配置 +sed -n '/^proxies:/,$p' $Temp_Dir/clash_config.yaml > $Temp_Dir/proxy.txt + +# 合并形成新的config.yaml,并替换配置占位符 +cat $Temp_Dir/templete_config.yaml > $Temp_Dir/config.yaml +cat $Temp_Dir/proxy.txt >> $Temp_Dir/config.yaml + +# 替换配置文件中的占位符为环境变量值 +sed -i "s/CLASH_HTTP_PORT_PLACEHOLDER/${CLASH_HTTP_PORT}/g" $Temp_Dir/config.yaml +sed -i "s/CLASH_SOCKS_PORT_PLACEHOLDER/${CLASH_SOCKS_PORT}/g" $Temp_Dir/config.yaml +sed -i "s/CLASH_REDIR_PORT_PLACEHOLDER/${CLASH_REDIR_PORT}/g" $Temp_Dir/config.yaml +sed -i "s/CLASH_LISTEN_IP_PLACEHOLDER/${CLASH_LISTEN_IP}/g" $Temp_Dir/config.yaml +sed -i "s/CLASH_ALLOW_LAN_PLACEHOLDER/${CLASH_ALLOW_LAN}/g" $Temp_Dir/config.yaml + +# 配置 external-controller +if [ "$EXTERNAL_CONTROLLER_ENABLED" = "true" ]; then + sed -i "s/EXTERNAL_CONTROLLER_PLACEHOLDER/${EXTERNAL_CONTROLLER}/g" $Temp_Dir/config.yaml +else + # 如果禁用 external-controller,则注释掉该行 + sed -i "s/external-controller: 'EXTERNAL_CONTROLLER_PLACEHOLDER'/# external-controller: disabled/g" $Temp_Dir/config.yaml +fi + +\cp $Temp_Dir/config.yaml $Conf_Dir/ + +# Configure Clash Dashboard +Work_Dir=$(cd $(dirname $0); pwd) +Dashboard_Dir="${Work_Dir}/dashboard/public" +if [ "$EXTERNAL_CONTROLLER_ENABLED" = "true" ]; then + sed -ri "s@^# external-ui:.*@external-ui: ${Dashboard_Dir}@g" $Conf_Dir/config.yaml +fi +sed -r -i '/^secret: /s@(secret: ).*@\1'${Secret}'@g' $Conf_Dir/config.yaml + +echo -e "\n订阅更新完成,如需生效请执行: bash restart.sh\n"