diff --git a/README.md b/README.md
index 9cb364c..0ee67ce 100644
--- a/README.md
+++ b/README.md
@@ -19,7 +19,6 @@
- 默认将管理面板仅绑定到本机(`127.0.0.1:9090`),如需对外访问请在`.env`中自行配置并确保`CLASH_SECRET`足够复杂。
- 默认开启 TLS 证书校验,若确需跳过校验请在`.env`中设置`ALLOW_INSECURE_TLS=true`(不推荐)。
- 如从旧版本升级,若存在 `/etc/profile.d/clash.sh` 请按需清理或改用新的 `/etc/profile.d/clash-for-linux.sh`。
-
- 当前在RHEL系列和Debian系列Linux系统中测试过,其他系列可能需要适当修改脚本。
- 支持 x86_64/aarch64 平台
@@ -117,6 +116,20 @@ https_proxy=http://127.0.0.1:7890
> **注意:**
> 重启脚本 `restart.sh` 不会更新订阅信息。
+如需更新订阅并重启,可执行:
+
+```bash
+$ sudo bash restart.sh --update
+```
+
+## 更新订阅
+
+如只需更新订阅配置但不重启服务,可执行:
+
+```bash
+$ sudo bash update.sh
+```
+
## 停止程序
@@ -142,6 +155,30 @@ $ proxy_off
然后检查程序端口、进程以及环境变量`http_proxy|https_proxy`,若都没则说明服务正常关闭。
+
+
+## systemd 服务
+
+将仓库中的 `systemd/clash-for-linux.service` 复制到 `/etc/systemd/system/`,并根据实际路径修改 `WorkingDirectory` 与脚本路径:
+
+```bash
+$ sudo cp systemd/clash-for-linux.service /etc/systemd/system/
+$ sudo vim /etc/systemd/system/clash-for-linux.service
+```
+
+启用并启动服务:
+
+```bash
+$ sudo systemctl daemon-reload
+$ sudo systemctl enable --now clash-for-linux.service
+```
+
+停止服务:
+
+```bash
+$ sudo systemctl stop clash-for-linux.service
+```
+
diff --git a/restart.sh b/restart.sh
index 191ad4a..31f33b0 100644
--- a/restart.sh
+++ b/restart.sh
@@ -40,26 +40,52 @@ if_success() {
Server_Dir=$(cd $(dirname "${BASH_SOURCE[0]}") && pwd)
Conf_Dir="$Server_Dir/conf"
Log_Dir="$Server_Dir/logs"
+Temp_Dir="$Server_Dir/temp"
+PID_FILE="$Temp_Dir/clash.pid"
+
+if [ "$1" = "--update" ]; then
+ bash "$Server_Dir/update.sh" || exit 1
+fi
## 关闭clash服务
Text1="服务关闭成功!"
Text2="服务关闭失败!"
# 查询并关闭程序进程
-PIDS=$(pgrep -f "clash-linux-")
-if [ -n "$PIDS" ]; then
- kill $PIDS
- ReturnStatus=$?
- for i in {1..5}; do
- sleep 1
- if ! pgrep -f "clash-linux-" >/dev/null; then
- break
+if [ -f "$PID_FILE" ]; then
+ PID=$(cat "$PID_FILE")
+ if [ -n "$PID" ]; then
+ kill "$PID"
+ ReturnStatus=$?
+ for i in {1..5}; do
+ sleep 1
+ if ! kill -0 "$PID" 2>/dev/null; then
+ break
+ fi
+ done
+ if kill -0 "$PID" 2>/dev/null; then
+ kill -9 "$PID"
fi
- done
- if pgrep -f "clash-linux-" >/dev/null; then
- kill -9 $PIDS
+ else
+ ReturnStatus=1
fi
+ rm -f "$PID_FILE"
else
- ReturnStatus=0
+ PIDS=$(pgrep -f "clash-linux-")
+ if [ -n "$PIDS" ]; then
+ kill $PIDS
+ ReturnStatus=$?
+ for i in {1..5}; do
+ sleep 1
+ if ! pgrep -f "clash-linux-" >/dev/null; then
+ break
+ fi
+ done
+ if pgrep -f "clash-linux-" >/dev/null; then
+ kill -9 $PIDS
+ fi
+ else
+ ReturnStatus=0
+ fi
fi
if_success $Text1 $Text2 $ReturnStatus
@@ -82,15 +108,27 @@ Text5="服务启动成功!"
Text6="服务启动失败!"
if [[ $CpuArch =~ "x86_64" ]]; then
nohup $Server_Dir/bin/clash-linux-amd64 -d $Conf_Dir &> $Log_Dir/clash.log &
+ PID=$!
ReturnStatus=$?
+ if [ $ReturnStatus -eq 0 ]; then
+ echo "$PID" > "$PID_FILE"
+ fi
if_success $Text5 $Text6 $ReturnStatus
elif [[ $CpuArch =~ "aarch64" || $CpuArch =~ "arm64" ]]; then
nohup $Server_Dir/bin/clash-linux-arm64 -d $Conf_Dir &> $Log_Dir/clash.log &
+ PID=$!
ReturnStatus=$?
+ if [ $ReturnStatus -eq 0 ]; then
+ echo "$PID" > "$PID_FILE"
+ fi
if_success $Text5 $Text6 $ReturnStatus
elif [[ $CpuArch =~ "armv7" ]]; then
nohup $Server_Dir/bin/clash-linux-armv7 -d $Conf_Dir &> $Log_Dir/clash.log &
+ PID=$!
ReturnStatus=$?
+ if [ $ReturnStatus -eq 0 ]; then
+ echo "$PID" > "$PID_FILE"
+ fi
if_success $Text5 $Text6 $ReturnStatus
else
echo -e "\033[31m\n[ERROR] Unsupported CPU Architecture!\033[0m"
diff --git a/shutdown.sh b/shutdown.sh
index e9b6184..535cf18 100644
--- a/shutdown.sh
+++ b/shutdown.sh
@@ -1,17 +1,37 @@
#!/bin/bash
# 关闭clash服务
-PIDS=$(pgrep -f "clash-linux-")
-if [ -n "$PIDS" ]; then
- kill $PIDS
- for i in {1..5}; do
- sleep 1
- if ! pgrep -f "clash-linux-" >/dev/null; then
- break
+Server_Dir=$(cd $(dirname "${BASH_SOURCE[0]}") && pwd)
+Temp_Dir="$Server_Dir/temp"
+PID_FILE="$Temp_Dir/clash.pid"
+if [ -f "$PID_FILE" ]; then
+ PID=$(cat "$PID_FILE")
+ if [ -n "$PID" ]; then
+ kill "$PID"
+ for i in {1..5}; do
+ sleep 1
+ if ! kill -0 "$PID" 2>/dev/null; then
+ break
+ fi
+ done
+ if kill -0 "$PID" 2>/dev/null; then
+ kill -9 "$PID"
+ fi
+ fi
+ rm -f "$PID_FILE"
+else
+ PIDS=$(pgrep -f "clash-linux-")
+ if [ -n "$PIDS" ]; then
+ kill $PIDS
+ for i in {1..5}; do
+ sleep 1
+ if ! pgrep -f "clash-linux-" >/dev/null; then
+ break
+ fi
+ done
+ if pgrep -f "clash-linux-" >/dev/null; then
+ kill -9 $PIDS
fi
- done
- if pgrep -f "clash-linux-" >/dev/null; then
- kill -9 $PIDS
fi
fi
diff --git a/start.sh b/start.sh
index 667a546..4d84485 100644
--- a/start.sh
+++ b/start.sh
@@ -23,6 +23,7 @@ chmod +x $Server_Dir/tools/subconverter/subconverter
Conf_Dir="$Server_Dir/conf"
Temp_Dir="$Server_Dir/temp"
Log_Dir="$Server_Dir/logs"
+PID_FILE="$Temp_Dir/clash.pid"
# 将 CLASH_URL 变量的值赋给 URL 变量,并检查 CLASH_URL 是否为空
URL=${CLASH_URL:?Error: CLASH_URL variable is not set or empty}
@@ -173,11 +174,13 @@ if_success $Text3 $Text4 $ReturnStatus
\cp -a $Temp_Dir/clash.yaml $Temp_Dir/clash_config.yaml
-## 判断订阅内容是否符合clash配置文件标准,尝试转换(当前不支持对 x86_64 以外的CPU架构服务器进行clash配置文件检测和转换,此功能将在后续添加)
-if [[ $CpuArch =~ "x86_64" || $CpuArch =~ "amd64" ]]; then
+## 判断订阅内容是否符合clash配置文件标准,尝试转换(需 subconverter 可执行文件支持)
+if [ -x "$Server_Dir/tools/subconverter/subconverter" ]; then
echo -e '\n判断订阅内容是否符合clash配置文件标准:'
bash $Server_Dir/scripts/clash_profile_conversion.sh
sleep 3
+else
+ echo -e "\033[33m[WARN] 未检测到可用的 subconverter,跳过订阅转换\033[0m"
fi
@@ -222,15 +225,27 @@ Text5="服务启动成功!"
Text6="服务启动失败!"
if [[ $CpuArch =~ "x86_64" || $CpuArch =~ "amd64" ]]; then
nohup $Server_Dir/bin/clash-linux-amd64 -d $Conf_Dir &> $Log_Dir/clash.log &
+ PID=$!
ReturnStatus=$?
+ if [ $ReturnStatus -eq 0 ]; then
+ echo "$PID" > "$PID_FILE"
+ fi
if_success $Text5 $Text6 $ReturnStatus
elif [[ $CpuArch =~ "aarch64" || $CpuArch =~ "arm64" ]]; then
nohup $Server_Dir/bin/clash-linux-arm64 -d $Conf_Dir &> $Log_Dir/clash.log &
+ PID=$!
ReturnStatus=$?
+ if [ $ReturnStatus -eq 0 ]; then
+ echo "$PID" > "$PID_FILE"
+ fi
if_success $Text5 $Text6 $ReturnStatus
elif [[ $CpuArch =~ "armv7" ]]; then
nohup $Server_Dir/bin/clash-linux-armv7 -d $Conf_Dir &> $Log_Dir/clash.log &
+ PID=$!
ReturnStatus=$?
+ if [ $ReturnStatus -eq 0 ]; then
+ echo "$PID" > "$PID_FILE"
+ fi
if_success $Text5 $Text6 $ReturnStatus
else
echo -e "\033[31m\n[ERROR] Unsupported CPU Architecture!\033[0m"
diff --git a/systemd/clash-for-linux.service b/systemd/clash-for-linux.service
new file mode 100644
index 0000000..5589ec3
--- /dev/null
+++ b/systemd/clash-for-linux.service
@@ -0,0 +1,16 @@
+[Unit]
+Description=Clash for Linux
+After=network.target
+
+[Service]
+Type=simple
+WorkingDirectory=/opt/clash-for-linux
+ExecStart=/bin/bash /opt/clash-for-linux/start.sh
+ExecStop=/bin/bash /opt/clash-for-linux/shutdown.sh
+Restart=on-failure
+RestartSec=5
+User=root
+PIDFile=/opt/clash-for-linux/temp/clash.pid
+
+[Install]
+WantedBy=multi-user.target
diff --git a/update.sh b/update.sh
new file mode 100644
index 0000000..df7a044
--- /dev/null
+++ b/update.sh
@@ -0,0 +1,195 @@
+#!/bin/bash
+
+#################### 脚本初始化任务 ####################
+
+# 获取脚本工作目录绝对路径
+export Server_Dir=$(cd $(dirname "${BASH_SOURCE[0]}") && pwd)
+
+# 加载.env变量文件
+source $Server_Dir/.env
+
+#################### 变量设置 ####################
+
+Conf_Dir="$Server_Dir/conf"
+Temp_Dir="$Server_Dir/temp"
+Log_Dir="$Server_Dir/logs"
+
+# 将 CLASH_URL 变量的值赋给 URL 变量,并检查 CLASH_URL 是否为空
+URL=${CLASH_URL:?Error: CLASH_URL variable is not set or empty}
+
+# 获取 CLASH_SECRET 值,若未设置则尝试读取旧配置,否则生成随机数
+Secret=${CLASH_SECRET:-}
+if [ -z "$Secret" ] && [ -f "$Conf_Dir/config.yaml" ]; then
+ Secret=$(awk -F': ' '/^secret:/{print $2; exit}' "$Conf_Dir/config.yaml")
+fi
+if [ -z "$Secret" ]; then
+ Secret=$(openssl rand -hex 32)
+fi
+
+# 设置默认值
+CLASH_HTTP_PORT=${CLASH_HTTP_PORT:-7890}
+CLASH_SOCKS_PORT=${CLASH_SOCKS_PORT:-7891}
+CLASH_REDIR_PORT=${CLASH_REDIR_PORT:-7892}
+CLASH_LISTEN_IP=${CLASH_LISTEN_IP:-0.0.0.0}
+CLASH_ALLOW_LAN=${CLASH_ALLOW_LAN:-false}
+EXTERNAL_CONTROLLER_ENABLED=${EXTERNAL_CONTROLLER_ENABLED:-true}
+EXTERNAL_CONTROLLER=${EXTERNAL_CONTROLLER:-127.0.0.1:9090}
+ALLOW_INSECURE_TLS=${ALLOW_INSECURE_TLS:-false}
+
+#################### 函数定义 ####################
+
+# 自定义action函数,实现通用action功能
+success() {
+ echo -en "\\033[60G[\\033[1;32m OK \\033[0;39m]\r"
+ return 0
+}
+
+failure() {
+ local rc=$?
+ echo -en "\\033[60G[\\033[1;31mFAILED\\033[0;39m]\r"
+ [ -x /bin/plymouth ] && /bin/plymouth --details
+ return $rc
+}
+
+action() {
+ local STRING rc
+
+ STRING=$1
+ echo -n "$STRING "
+ shift
+ "$@" && success $"$STRING" || failure $"$STRING"
+ rc=$?
+ echo
+ return $rc
+}
+
+# 判断命令是否正常执行 函数
+if_success() {
+ local ReturnStatus=$3
+ if [ $ReturnStatus -eq 0 ]; then
+ action "$1" /bin/true
+ else
+ action "$2" /bin/false
+ exit 1
+ fi
+}
+
+#################### 任务执行 ####################
+
+## 临时取消环境变量
+unset http_proxy
+unset https_proxy
+unset no_proxy
+unset HTTP_PROXY
+unset HTTPS_PROXY
+unset NO_PROXY
+
+## Clash 订阅地址检测及配置文件下载
+echo -e '\n正在检测订阅地址...'
+Text1="Clash订阅地址可访问!"
+Text2="Clash订阅地址不可访问!"
+
+# 构建检测 curl 命令,添加自定义请求头
+CHECK_CMD=(curl -o /dev/null -L -sS --retry 5 -m 10 --connect-timeout 10 -w "%{http_code}")
+if [ "$ALLOW_INSECURE_TLS" = "true" ]; then
+ CHECK_CMD+=(-k)
+ echo -e "\033[33m[WARN] 已启用不安全的 TLS 下载(跳过证书校验)\033[0m"
+fi
+if [ -n "$CLASH_HEADERS" ]; then
+ CHECK_CMD+=(-H "$CLASH_HEADERS")
+fi
+CHECK_CMD+=("$URL")
+
+# 检查订阅地址
+status_code=$("${CHECK_CMD[@]}")
+echo "$status_code" | grep -E '^[23][0-9]{2}$' &>/dev/null
+ReturnStatus=$?
+if_success $Text1 $Text2 $ReturnStatus
+
+# 拉取更新config.yml文件
+echo -e '\n正在下载Clash配置文件...'
+Text3="配置文件config.yaml下载成功!"
+Text4="配置文件config.yaml下载失败,退出更新!"
+
+# 构建 curl 命令,添加自定义请求头
+CURL_CMD=(curl -L -sS --retry 5 -m 10 -o "$Temp_Dir/clash.yaml")
+if [ "$ALLOW_INSECURE_TLS" = "true" ]; then
+ CURL_CMD+=(-k)
+fi
+if [ -n "$CLASH_HEADERS" ]; then
+ CURL_CMD+=(-H "$CLASH_HEADERS")
+fi
+CURL_CMD+=("$URL")
+
+# 尝试使用curl进行下载
+"${CURL_CMD[@]}"
+ReturnStatus=$?
+if [ $ReturnStatus -ne 0 ]; then
+ # 如果使用curl下载失败,尝试使用wget进行下载
+ WGET_CMD=(wget -q -O "$Temp_Dir/clash.yaml")
+ if [ "$ALLOW_INSECURE_TLS" = "true" ]; then
+ WGET_CMD+=(--no-check-certificate)
+ fi
+ if [ -n "$CLASH_HEADERS" ]; then
+ WGET_CMD+=(--header="$CLASH_HEADERS")
+ fi
+ WGET_CMD+=("$URL")
+
+ for i in {1..10}
+ do
+ "${WGET_CMD[@]}"
+ ReturnStatus=$?
+ if [ $ReturnStatus -eq 0 ]; then
+ break
+ else
+ continue
+ fi
+ done
+fi
+if_success $Text3 $Text4 $ReturnStatus
+
+# 重命名clash配置文件
+\cp -a $Temp_Dir/clash.yaml $Temp_Dir/clash_config.yaml
+
+## 判断订阅内容是否符合clash配置文件标准,尝试转换(需 subconverter 可执行文件支持)
+if [ -x "$Server_Dir/tools/subconverter/subconverter" ]; then
+ echo -e '\n判断订阅内容是否符合clash配置文件标准:'
+ bash $Server_Dir/scripts/clash_profile_conversion.sh
+ sleep 3
+else
+ echo -e "\033[33m[WARN] 未检测到可用的 subconverter,跳过订阅转换\033[0m"
+fi
+
+## Clash 配置文件重新格式化及配置
+sed -n '/^proxies:/,$p' $Temp_Dir/clash_config.yaml > $Temp_Dir/proxy.txt
+
+# 合并形成新的config.yaml,并替换配置占位符
+cat $Temp_Dir/templete_config.yaml > $Temp_Dir/config.yaml
+cat $Temp_Dir/proxy.txt >> $Temp_Dir/config.yaml
+
+# 替换配置文件中的占位符为环境变量值
+sed -i "s/CLASH_HTTP_PORT_PLACEHOLDER/${CLASH_HTTP_PORT}/g" $Temp_Dir/config.yaml
+sed -i "s/CLASH_SOCKS_PORT_PLACEHOLDER/${CLASH_SOCKS_PORT}/g" $Temp_Dir/config.yaml
+sed -i "s/CLASH_REDIR_PORT_PLACEHOLDER/${CLASH_REDIR_PORT}/g" $Temp_Dir/config.yaml
+sed -i "s/CLASH_LISTEN_IP_PLACEHOLDER/${CLASH_LISTEN_IP}/g" $Temp_Dir/config.yaml
+sed -i "s/CLASH_ALLOW_LAN_PLACEHOLDER/${CLASH_ALLOW_LAN}/g" $Temp_Dir/config.yaml
+
+# 配置 external-controller
+if [ "$EXTERNAL_CONTROLLER_ENABLED" = "true" ]; then
+ sed -i "s/EXTERNAL_CONTROLLER_PLACEHOLDER/${EXTERNAL_CONTROLLER}/g" $Temp_Dir/config.yaml
+else
+ # 如果禁用 external-controller,则注释掉该行
+ sed -i "s/external-controller: 'EXTERNAL_CONTROLLER_PLACEHOLDER'/# external-controller: disabled/g" $Temp_Dir/config.yaml
+fi
+
+\cp $Temp_Dir/config.yaml $Conf_Dir/
+
+# Configure Clash Dashboard
+Work_Dir=$(cd $(dirname $0); pwd)
+Dashboard_Dir="${Work_Dir}/dashboard/public"
+if [ "$EXTERNAL_CONTROLLER_ENABLED" = "true" ]; then
+ sed -ri "s@^# external-ui:.*@external-ui: ${Dashboard_Dir}@g" $Conf_Dir/config.yaml
+fi
+sed -r -i '/^secret: /s@(secret: ).*@\1'${Secret}'@g' $Conf_Dir/config.yaml
+
+echo -e "\n订阅更新完成,如需生效请执行: bash restart.sh\n"