#!/usr/bin/env bash # 严格模式 set -eo pipefail # --- DEBUG: 打印具体失败的行号和命令(systemd 下非常关键) --- trap 'rc=$?; echo "[ERR] rc=$rc line=$LINENO cmd=$BASH_COMMAND" >&2' ERR # 如需更详细:取消下一行注释 # set -x # --- DEBUG end --- ############################################ # Clash for Linux - start.sh (Full Version) # - systemd 模式下订阅失败/下载失败:不退出,使用 conf/config.yaml(必要时从 conf/fallback_config.yaml 拷贝)兜底启动 # - 非 systemd 模式:订阅失败/下载失败直接退出(保持手动执行的强约束) ############################################ # 加载系统函数库(Only for RHEL Linux) [ -f /etc/init.d/functions ] && source /etc/init.d/functions #################### 脚本初始化任务 #################### # 获取脚本工作目录绝对路径 export Server_Dir Server_Dir="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" # 加载.env变量文件 # shellcheck disable=SC1090 # --- source .env(不可信输入,必须放宽) --- if [ -f "$Server_Dir/.env" ]; then set +u source "$Server_Dir/.env" || echo "[WARN] failed to source .env" >&2 set -u fi # systemd 模式开关(必须在 set -u 下安全) SYSTEMD_MODE="${SYSTEMD_MODE:-false}" # 给二进制启动程序、脚本等添加可执行权限 chmod +x "$Server_Dir/bin/"* 2>/dev/null || true chmod +x "$Server_Dir/scripts/"* 2>/dev/null || true if [ -f "$Server_Dir/tools/subconverter/subconverter" ]; then chmod +x "$Server_Dir/tools/subconverter/subconverter" 2>/dev/null || true fi #################### 变量设置 #################### Conf_Dir="$Server_Dir/conf" # systemd + 非 root 运行(clash 用户)时,临时目录与日志目录必须可写 if [ "${SYSTEMD_MODE:-false}" = "true" ] && [ "$(id -u)" -ne 0 ]; then Temp_Dir="/tmp/clash-for-linux" Log_Dir="/tmp/clash-for-linux/logs" else Temp_Dir="$Server_Dir/temp" Log_Dir="$Server_Dir/logs" fi mkdir -p "$Conf_Dir" "$Temp_Dir" "$Log_Dir" || { echo "[ERR] cannot create dirs: Conf_Dir=$Conf_Dir Temp_Dir=$Temp_Dir Log_Dir=$Log_Dir" exit 2 } # 再做一次可写性检查,避免后面玄学 exit touch "$Temp_Dir/.write_test" 2>/dev/null || { echo "[ERR] Temp_Dir not writable: $Temp_Dir"; exit 2; } rm -f "$Temp_Dir/.write_test" 2>/dev/null || true PID_FILE="${CLASH_PID_FILE:-$Temp_Dir/clash.pid}" is_running() { if [ -f "$PID_FILE" ]; then local pid pid="$(cat "$PID_FILE" 2>/dev/null || true)" if [ -n "${pid:-}" ] && kill -0 "$pid" 2>/dev/null; then return 0 fi fi return 1 } if is_running; then echo -e "\n[OK] Clash 已在运行 (pid=$(cat "$PID_FILE")),跳过重复启动\n" exit 0 fi # 统一订阅变量 URL="${CLASH_URL:-}" # 清理可能的 CRLF(Windows 写 .env 很常见) URL="$(printf '%s' "$URL" | tr -d '\r')" # 只有在“需要在线更新订阅”的模式下才强制要求 URL if [ -z "$URL" ] && [ "${SYSTEMD_MODE:-false}" != "true" ]; then echo "[ERR] CLASH_URL 为空(未配置订阅地址)" exit 2 fi # 获取 CLASH_SECRET 值:优先 .env;其次读取旧 config;占位符视为无效;最后生成随机值 Secret="${CLASH_SECRET:-}" # 尝试从旧 config.yaml 读取(仅当 .env 未提供) if [ -z "$Secret" ] && [ -f "$Conf_Dir/config.yaml" ]; then Secret="$(awk -F': *' '/^secret:/{gsub(/"/,"",$2); print $2; exit}' "$Conf_Dir/config.yaml" || true)" fi # 若读取到的是占位符(如 ${CLASH_SECRET}),视为无效 if [[ "$Secret" =~ ^\$\{.*\}$ ]]; then Secret="" fi # 兜底生成随机 secret if [ -z "$Secret" ]; then if command -v openssl >/dev/null 2>&1; then Secret="$(openssl rand -hex 32)" else # 32 bytes -> 64 hex chars Secret="$(head -c 32 /dev/urandom | od -An -tx1 | tr -d ' \n')" fi fi # 强制写入 secret 到指定配置文件(存在则替换,不存在则追加) force_write_secret() { local file="$1" [ -f "$file" ] || return 0 if grep -qE '^[[:space:]]*secret:' "$file"; then # 替换整行 secret(无论原来是啥,包括 SECRET_PLACEHOLDER / "${CLASH_SECRET}") sed -i -E "s|^[[:space:]]*secret:.*$|secret: ${Secret}|g" "$file" else # 没有 secret 行就追加到文件末尾 printf "\nsecret: %s\n" "$Secret" >> "$file" fi } # 设置默认值 CLASH_HTTP_PORT="${CLASH_HTTP_PORT:-7890}" CLASH_SOCKS_PORT="${CLASH_SOCKS_PORT:-7891}" CLASH_REDIR_PORT="${CLASH_REDIR_PORT:-7892}" CLASH_LISTEN_IP="${CLASH_LISTEN_IP:-127.0.0.1}" CLASH_ALLOW_LAN="${CLASH_ALLOW_LAN:-false}" EXTERNAL_CONTROLLER_ENABLED="${EXTERNAL_CONTROLLER_ENABLED:-true}" EXTERNAL_CONTROLLER="${EXTERNAL_CONTROLLER:-127.0.0.1:9090}" ALLOW_INSECURE_TLS="${ALLOW_INSECURE_TLS:-false}" # 端口与配置工具 # shellcheck disable=SC1090 source "$Server_Dir/scripts/port_utils.sh" CLASH_HTTP_PORT="$(resolve_port_value "HTTP" "$CLASH_HTTP_PORT")" CLASH_SOCKS_PORT="$(resolve_port_value "SOCKS" "$CLASH_SOCKS_PORT")" CLASH_REDIR_PORT="$(resolve_port_value "REDIR" "$CLASH_REDIR_PORT")" EXTERNAL_CONTROLLER="$(resolve_host_port "External Controller" "$EXTERNAL_CONTROLLER" "127.0.0.1")" # shellcheck disable=SC1090 source "$Server_Dir/scripts/config_utils.sh" #################### 函数定义 #################### # 自定义action函数,实现通用action功能(兼容 journald;关键错误会额外 echo 到 stderr) success() { echo -en "\033[60G[\033[1;32m OK \033[0;39m]\r" return 0 } failure() { local rc=$? echo -en "\033[60G[\033[1;31mFAILED\033[0;39m]\r" [ -x /bin/plymouth ] && /bin/plymouth --details return "$rc" } action() { local STRING STRING=$1 shift # 执行命令本身的成功/失败,不应让 UI 输出影响返回码 if "$@"; then success $"$STRING" || true return 0 else failure $"$STRING" || true return 1 fi } # 判断命令是否正常执行 # - 手动模式:失败直接 exit # - systemd 模式:只打印状态,不影响退出码 if_success() { local ok_msg=$1 local fail_msg=$2 local rc=$3 if [ "$rc" -eq 0 ]; then action "$ok_msg" /bin/true || true return 0 fi # rc != 0 action "$fail_msg" /bin/false || true if [ "${SYSTEMD_MODE:-false}" = "true" ]; then # systemd 下不允许在 UI 函数中 exit return "$rc" else exit "$rc" fi } #################### 任务执行 #################### ## 获取CPU架构信息 # shellcheck disable=SC1090 source "$Server_Dir/scripts/get_cpu_arch.sh" if [[ -z "${CpuArch:-}" ]]; then echo "[ERROR] Failed to obtain CPU architecture" >&2 exit 2 fi # shellcheck disable=SC1090 source "$Server_Dir/scripts/resolve_clash.sh" ## 临时取消环境变量 unset http_proxy https_proxy no_proxy HTTP_PROXY HTTPS_PROXY NO_PROXY || true ######################################################## # systemd 兜底:如果没有可用订阅 URL,则确保有 config.yaml ######################################################## ensure_fallback_config() { # conf/config.yaml 为空或不存在,则从 fallback 拷贝 if [ ! -s "$Conf_Dir/config.yaml" ]; then if [ -s "$Server_Dir/conf/fallback_config.yaml" ]; then cp -f "$Server_Dir/conf/fallback_config.yaml" "$Conf_Dir/config.yaml" echo -e "\033[33m[WARN]\033[0m 已复制 fallback_config.yaml -> conf/config.yaml(兜底)" else echo -e "\033[31m[ERROR]\033[0m 未找到可用的 conf/fallback_config.yaml,无法兜底启动" >&2 if [ "${SYSTEMD_MODE:-false}" = "true" ]; then return 1 else exit 1 fi fi fi # 强制写入真实 secret(失败时也遵循同样规则) if ! force_write_secret "$Conf_Dir/config.yaml"; then echo -e "\033[31m[ERROR]\033[0m 写入 secret 失败:$Conf_Dir/config.yaml" >&2 if [ "${SYSTEMD_MODE:-false}" = "true" ]; then return 1 else exit 1 fi fi return 0 } SKIP_CONFIG_REBUILD=false # systemd 模式下若 URL 为空:直接兜底启动 if [ "${SYSTEMD_MODE}" = "true" ] && [ -z "${URL:-}" ]; then echo -e "\033[33m[WARN]\033[0m SYSTEMD_MODE=true 且 CLASH_URL 为空,跳过订阅更新,使用本地兜底配置启动" ensure_fallback_config || true SKIP_CONFIG_REBUILD=true fi #################### Clash 订阅地址检测及配置文件下载 #################### if [ "$SKIP_CONFIG_REBUILD" != "true" ]; then echo -e '\n正在检测订阅地址...' Text1="Clash订阅地址可访问!" Text2="Clash订阅地址不可访问!" CHECK_CMD=(curl -o /dev/null -L -sS --retry 5 -m 10 --connect-timeout 10 -w "%{http_code}") if [ "$ALLOW_INSECURE_TLS" = "true" ]; then CHECK_CMD+=(-k) echo -e "\033[33m[WARN]\033[0m 已启用不安全的 TLS 下载(跳过证书校验)" fi if [ -n "${CLASH_HEADERS:-}" ]; then CHECK_CMD+=(-H "$CLASH_HEADERS") fi CHECK_CMD+=("$URL") # 不让 set -e 干扰获取状态码 set +e status_code="$("${CHECK_CMD[@]}")" curl_rc=$? set -e # curl 本身失败,视为不可用 if [ "$curl_rc" -ne 0 ]; then status_code="" ReturnStatus=1 else echo "$status_code" | grep -E '^[23][0-9]{2}$' &>/dev/null ReturnStatus=$? fi if [ "$ReturnStatus" -eq 0 ]; then action "$Text1" /bin/true || true else if [ "$SYSTEMD_MODE" = "true" ]; then action "$Text2(systemd 模式不退出,尝试使用旧配置/兜底配置)" /bin/false || true echo -e "\033[33m[WARN]\033[0m Subscribe check failed: http_code=${status_code:-unknown}, url=${URL}" >&2 ensure_fallback_config || true SKIP_CONFIG_REBUILD=true else if_success "$Text1" "$Text2" "$ReturnStatus" fi fi fi #################### 下载订阅并生成 config.yaml(非兜底路径) #################### if [ "$SKIP_CONFIG_REBUILD" != "true" ]; then echo -e '\n正在下载Clash配置文件...' Text3="配置文件clash.yaml下载成功!" Text4="配置文件clash.yaml下载失败!" # --- DBG: 显式打印并验证临时目录可写(systemd 下常见权限问题) --- echo "[DBG] uid=$(id -u) user=$(id -un) SYSTEMD_MODE=${SYSTEMD_MODE:-}" echo "[DBG] Server_Dir=$Server_Dir Conf_Dir=$Conf_Dir Temp_Dir=$Temp_Dir Log_Dir=$Log_Dir" echo "[DBG] URL=$(printf '%q' "$URL")" mkdir -p "$Temp_Dir" 2>/dev/null || true touch "$Temp_Dir/.write_test" 2>/dev/null || { echo "[ERR] Temp_Dir not writable: $Temp_Dir" >&2; exit 2; } rm -f "$Temp_Dir/.write_test" 2>/dev/null || true # --- DBG end --- CURL_CMD=(curl -fL -S --retry 2 --connect-timeout 10 -m 30 -o "$Temp_Dir/clash.yaml") if [ "$ALLOW_INSECURE_TLS" = "true" ]; then CURL_CMD+=(-k) fi if [ -n "${CLASH_HEADERS:-}" ]; then CURL_CMD+=(-H "$CLASH_HEADERS") fi CURL_CMD+=("$URL") set +e CURL_ERR="$Temp_Dir/curl.err" : > "$CURL_ERR" "${CURL_CMD[@]}" 2>>"$CURL_ERR" ReturnStatus=$? set -e echo "[DBG] curl rc=$ReturnStatus" if [ -s "$CURL_ERR" ]; then echo "[DBG] curl stderr (last 50 lines):" tail -n 50 "$CURL_ERR" fi if [ "$ReturnStatus" -ne 0 ]; then WGET_CMD=(wget -q -O "$Temp_Dir/clash.yaml") if [ "$ALLOW_INSECURE_TLS" = "true" ]; then WGET_CMD+=(--no-check-certificate) fi if [ -n "${CLASH_HEADERS:-}" ]; then WGET_CMD+=(--header="$CLASH_HEADERS") fi WGET_CMD+=("$URL") for _ in {1..10}; do set +e "${WGET_CMD[@]}" ReturnStatus=$? set -e if [ "$ReturnStatus" -eq 0 ]; then break fi done fi # --- GUARANTEE: make sure runtime config exists after download --- CONFIG_FILE="${CONFIG_FILE:-$Temp_Dir/config.yaml}" mkdir -p "$Temp_Dir" || true if [ "$ReturnStatus" -eq 0 ] && [ -s "$Temp_Dir/clash.yaml" ]; then # 默认将订阅当作完整配置写入运行态 config cp -f "$Temp_Dir/clash.yaml" "$CONFIG_FILE" force_write_secret "$CONFIG_FILE" || true echo "[INFO] Runtime config generated: $CONFIG_FILE (size=$(wc -c <"$CONFIG_FILE" 2>/dev/null || echo 0))" else echo "[WARN] Download did not produce clash.yaml (rc=$ReturnStatus), skip runtime config generation" >&2 fi if [ "$ReturnStatus" -eq 0 ]; then action "$Text3" /bin/true || true else if [ "$SYSTEMD_MODE" = "true" ]; then action "$Text4(systemd 模式:下载失败,使用旧配置/兜底配置继续启动)" /bin/false || true echo -e "\033[33m[WARN]\033[0m Download failed, will fallback. url=${URL}" >&2 ensure_fallback_config || true SKIP_CONFIG_REBUILD=true else if_success "$Text3" "$Text4(退出启动)" "$ReturnStatus" fi fi fi # ========================================================= # 判断订阅是否已是完整 Clash YAML(Meta / Mihomo / Premium) # 若是完整配置,则直接使用,跳过后续代理拆解与拼接 # ========================================================= if [ "$SKIP_CONFIG_REBUILD" != "true" ]; then if grep -qE '^(proxies:|proxy-providers:|mixed-port:|port:)' "$Temp_Dir/clash.yaml"; then echo "[INFO] subscription is a full Clash config, use it directly" cp -f "$Temp_Dir/clash.yaml" "$Conf_Dir/config.yaml" force_write_secret "$Conf_Dir/config.yaml" SKIP_CONFIG_REBUILD=true fi fi #################### 订阅转换/拼接(非兜底路径) #################### if [ "$SKIP_CONFIG_REBUILD" != "true" ]; then # 运行期配置文件:默认用 Temp_Dir(systemd + clash 用户可写) CONFIG_FILE="$Temp_Dir/config.yaml" # 1) 重命名订阅文件 \cp -a "$Temp_Dir/clash.yaml" "$Temp_Dir/clash_config.yaml" # 2) 判断订阅内容是否符合 clash 配置文件标准,尝试转换(需 subconverter) # shellcheck disable=SC1090 source "$Server_Dir/scripts/resolve_subconverter.sh" if [ "${Subconverter_Ready:-false}" = "true" ]; then echo -e '\n判断订阅内容是否符合clash配置文件标准:' export SUBCONVERTER_BIN="$Subconverter_Bin" bash "$Server_Dir/scripts/clash_profile_conversion.sh" sleep 1 else echo -e "\033[33m[WARN]\033[0m 未检测到可用的 subconverter,跳过订阅转换" fi # 3) 订阅形态判断: # - 如果已经是完整 Clash 配置(Meta/Mihomo 常见 mixed-port / proxy-providers 等),直接用它作为运行配置 # - 否则才走 “proxies: 抽取 + template 拼接” if grep -qE '^(mixed-port:|port:|proxy-providers:|proxies:)' "$Temp_Dir/clash_config.yaml"; then # 情况 A:完整配置(优先) if grep -q '^proxies:' "$Temp_Dir/clash_config.yaml" || grep -q '^proxy-providers:' "$Temp_Dir/clash_config.yaml" || grep -q '^mixed-port:' "$Temp_Dir/clash_config.yaml" || grep -q '^port:' "$Temp_Dir/clash_config.yaml"; then echo "[INFO] subscription looks like a full Clash config, use it directly" cp -f "$Temp_Dir/clash_config.yaml" "$CONFIG_FILE" # 写入 secret(运行态) force_write_secret "$CONFIG_FILE" # 直接跳过后续拼接流程 SKIP_CONFIG_REBUILD=true fi fi # 情况 B:不是完整配置,才尝试抽取 proxies 并拼接 if [ "$SKIP_CONFIG_REBUILD" != "true" ]; then if grep -q '^proxies:' "$Temp_Dir/clash_config.yaml"; then sed -n '/^proxies:/,$p' "$Temp_Dir/clash_config.yaml" > "$Temp_Dir/proxy.txt" else echo "[ERROR] subscription is not a full config and also has no 'proxies:'; cannot build config." >&2 # systemd 模式:兜底继续;非 systemd:退出 if [ "${SYSTEMD_MODE:-false}" = "true" ]; then ensure_fallback_config || true SKIP_CONFIG_REBUILD=true else exit 2 fi fi fi # 4) 合并形成新的 config,并替换配置占位符 if [ "$SKIP_CONFIG_REBUILD" != "true" ]; then cat "$Temp_Dir/templete_config.yaml" > "$CONFIG_FILE" cat "$Temp_Dir/proxy.txt" >> "$CONFIG_FILE" sed -i "s/CLASH_HTTP_PORT_PLACEHOLDER/${CLASH_HTTP_PORT}/g" "$CONFIG_FILE" sed -i "s/CLASH_SOCKS_PORT_PLACEHOLDER/${CLASH_SOCKS_PORT}/g" "$CONFIG_FILE" sed -i "s/CLASH_REDIR_PORT_PLACEHOLDER/${CLASH_REDIR_PORT}/g" "$CONFIG_FILE" sed -i "s/CLASH_LISTEN_IP_PLACEHOLDER/${CLASH_LISTEN_IP}/g" "$CONFIG_FILE" sed -i "s/CLASH_ALLOW_LAN_PLACEHOLDER/${CLASH_ALLOW_LAN}/g" "$CONFIG_FILE" fi # 5) 配置 external-controller if [ "$EXTERNAL_CONTROLLER_ENABLED" = "true" ]; then sed -i "s/EXTERNAL_CONTROLLER_PLACEHOLDER/${EXTERNAL_CONTROLLER}/g" "$CONFIG_FILE" else sed -i "s/external-controller: 'EXTERNAL_CONTROLLER_PLACEHOLDER'/# external-controller: disabled/g" "$CONFIG_FILE" fi apply_tun_config "$CONFIG_FILE" apply_mixin_config "$CONFIG_FILE" "$Server_Dir" # 6) 是否同步到 conf(root/非 systemd 时才做;systemd+非root跳过) if [ "${SYSTEMD_MODE:-false}" = "true" ] && [ "$(id -u)" -ne 0 ]; then echo "[WARN] systemd(non-root): skip copying config to $Conf_Dir" else \cp "$CONFIG_FILE" "$Conf_Dir/" fi # 7) Dashboard external-ui(systemd+非root:把 ui 放 Temp_Dir 下,避免写 conf) Work_Dir="$(cd "$(dirname "$0")" && pwd)" Dashboard_Src="${Work_Dir}/dashboard/public" if [ "$EXTERNAL_CONTROLLER_ENABLED" = "true" ]; then if [ "${SYSTEMD_MODE:-false}" = "true" ] && [ "$(id -u)" -ne 0 ]; then # runtime ui path (writable) Dashboard_Link="$Temp_Dir/ui" if [ -d "$Dashboard_Src" ]; then ln -sfn "$Dashboard_Src" "$Dashboard_Link" 2>/dev/null || true fi else # conf ui path (root can manage) Dashboard_Link="${Conf_Dir}/ui" if [ -d "$Dashboard_Src" ]; then ln -sfn "$Dashboard_Src" "$Dashboard_Link" || true else echo -e "\033[33m[WARN]\033[0m Dashboard source not found: $Dashboard_Src (external-ui may not work)" fi fi # ensure external-ui points to Dashboard_Link if grep -qE '^[[:space:]]*external-ui:' "$CONFIG_FILE"; then sed -i -E "s|^[[:space:]]*external-ui:.*$|external-ui: ${Dashboard_Link}|g" "$CONFIG_FILE" else printf "\nexternal-ui: %s\n" "$Dashboard_Link" >> "$CONFIG_FILE" fi fi # 8) 写入 secret(写到 runtime config) force_write_secret "$CONFIG_FILE" else # 兜底路径:尽量也写入 secret(conf/config.yaml 可写时) if grep -qE '^secret:\s*' "$Conf_Dir/config.yaml" 2>/dev/null; then force_write_secret "$Conf_Dir/config.yaml" else echo "secret: ${Secret}" >> "$Conf_Dir/config.yaml" || true fi fi #################### 启动Clash服务 #################### # 选择运行期配置文件与工作目录 # - systemd + 非 root(通常 User=clash):用 Temp_Dir 下的运行态配置,工作目录也用 Temp_Dir(可写) # - 其他情况:用 Conf_Dir/config.yaml,工作目录用 Conf_Dir if [ "${SYSTEMD_MODE:-false}" = "true" ] && [ "$(id -u)" -ne 0 ]; then CONFIG_FILE="${CONFIG_FILE:-$Temp_Dir/config.yaml}" RUNTIME_DIR="${Temp_Dir}" else CONFIG_FILE="${CONFIG_FILE:-$Conf_Dir/config.yaml}" RUNTIME_DIR="${Conf_Dir}" fi # 启动前确保配置文件存在且非空 if [ ! -s "$CONFIG_FILE" ]; then echo -e "\033[31m[ERROR]\033[0m config 不存在或为空:$CONFIG_FILE,无法启动 Clash" >&2 exit 2 fi # 最终护栏:禁止未渲染的占位符进入运行态 if grep -q '\${' "$CONFIG_FILE"; then echo "[ERROR] config contains unresolved placeholders (\${...}): $CONFIG_FILE" >&2 exit 2 fi # 确保运行目录存在且可写(clash/mihomo 可能会写 cache/geo 数据) mkdir -p "$RUNTIME_DIR" 2>/dev/null || true touch "$RUNTIME_DIR/.write_test" 2>/dev/null || { echo "[ERROR] runtime dir not writable: $RUNTIME_DIR (uid=$(id -u))" >&2 exit 2 } rm -f "$RUNTIME_DIR/.write_test" 2>/dev/null || true echo -e '\n正在启动Clash服务...' Text5="服务启动成功!" Text6="服务启动失败!" Clash_Bin="$(resolve_clash_bin "$Server_Dir" "$CpuArch")" ReturnStatus=$? if [ "$ReturnStatus" -eq 0 ]; then if [ "${SYSTEMD_MODE:-false}" = "true" ]; then echo "[INFO] SYSTEMD_MODE=true,前台启动交给 systemd 监管" echo "[INFO] Using config: $CONFIG_FILE" echo "[INFO] Using runtime dir: $RUNTIME_DIR" # systemd 前台:只用 -f 指定配置文件,-d 作为工作目录 exec "$Clash_Bin" -f "$CONFIG_FILE" -d "$RUNTIME_DIR" else echo "[INFO] 后台启动 (nohup)" echo "[INFO] Using config: $CONFIG_FILE" echo "[INFO] Using runtime dir: $RUNTIME_DIR" nohup "$Clash_Bin" -f "$CONFIG_FILE" -d "$RUNTIME_DIR" >>"$Log_Dir/clash.log" 2>&1 & PID=$! ReturnStatus=$? if [ "$ReturnStatus" -eq 0 ]; then echo "$PID" > "$PID_FILE" fi fi fi if [ "${SYSTEMD_MODE:-false}" = "true" ]; then if_success "$Text5" "$Text6" "$ReturnStatus" || true else if_success "$Text5" "$Text6" "$ReturnStatus" fi #################### 输出信息 #################### echo '' if [ "$EXTERNAL_CONTROLLER_ENABLED" = "true" ]; then echo -e "Clash Dashboard 访问地址: http://${EXTERNAL_CONTROLLER}/ui" SHOW_SECRET="${CLASH_SHOW_SECRET:-false}" SHOW_SECRET_MASKED="${CLASH_SHOW_SECRET_MASKED:-true}" if [ "$SHOW_SECRET" = "true" ]; then echo -e "Secret: ${Secret}" elif [ "$SHOW_SECRET_MASKED" = "true" ]; then # 脱敏:前4后4 masked="${Secret:0:4}****${Secret: -4}" echo -e "Secret: ${masked} (set CLASH_SHOW_SECRET=true to show full)" else echo -e "Secret: 已生成(未显示)。查看:/opt/clash-for-linux/conf/config.yaml 或 .env" fi else echo -e "External Controller (Dashboard) 已禁用" fi echo '' #################### 写入代理环境变量文件 #################### Env_File="${CLASH_ENV_FILE:-}" if [ "$Env_File" = "off" ] || [ "$Env_File" = "disabled" ]; then echo -e "\033[33m[WARN]\033[0m 已关闭环境变量文件生成" else if [ -z "$Env_File" ]; then if [ -w /etc/profile.d ]; then Env_File="/etc/profile.d/clash-for-linux.sh" else Env_File="$Temp_Dir/clash-for-linux.sh" fi fi if [ -f /etc/profile.d/clash.sh ]; then echo -e "\033[33m[WARN]\033[0m 检测到旧版环境变量文件 /etc/profile.d/clash.sh,建议确认是否需要清理" fi mkdir -p "$(dirname "$Env_File")" cat >"$Env_File"<