Modderajuda/M/trojan-go

#!/bin/bash
clear
#MIT License
#Copyright (c) 2020 h31105

#Permission is hereby granted, free of charge, to any person obtaining a copy
#of this software and associated documentation files (the "Software"), to deal
#in the Software without restriction, including without limitation the rights
#to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
#copies of the Software, and to permit persons to whom the Software is
#furnished to do so, subject to the following conditions:

#The above copyright notice and this permission notice shall be included in all
#copies or substantial portions of the Software.

#THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
#IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
#FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
#AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
#LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
#OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
#SOFTWARE.

#====================================================
# System Request:Debian 9+/Ubuntu 18.04+/Centos 7+
# Author: Miroku/h31105
# Dscription: TLS-Shunt-Proxy&Trojan-Go&V2Ray Script
# Official document:
# https://www.v2ray.com/
# https://github.com/p4gefau1t/trojan-go
# https://github.com/liberal-boy/tls-shunt-proxy
# https://www.docker.com/
# https://github.com/containrrr/watchtower
# https://github.com/portainer/portainer
# https://github.com/wulabing/V2Ray_ws-tls_bash_onekey
#====================================================

PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:~/bin
export PATH

cd "$(
    cd "$(dirname "$0")" || exit
    pwd
)" || exit

#Fonts Color
Green="\033[32m"
Red="\033[31m"
Yellow="\033[33m"
GreenBG="\033[42;30m"
RedBG="\033[41;30m"
Font="\033[0m"

#Notification Information
OK="${Green}[OK]${Font}"
WARN="${Yellow}[警告]${Font}"
Error="${Red}[错误]${Font}"

#版本、初始化变量
shell_version="1.183"
tsp_cfg_version="0.61.1"
#install_mode="docker"
upgrade_mode="none"
github_branch="master"
version_cmp="/tmp/version_cmp.tmp"
tsp_conf_dir="/etc/tls-shunt-proxy"
trojan_conf_dir="/etc/trojan-go"
v2ray_conf_dir="/etc/v2ray"
tsp_conf="${tsp_conf_dir}/config.yaml"
tsp_cert_dir="/etc/ssl/tls-shunt-proxy/certificates/acme-v02.api.letsencrypt.org-directory"
trojan_conf="${trojan_conf_dir}/config.json"
v2ray_conf="${v2ray_conf_dir}/config.json"
web_dir="/home/wwwroot"
random_num=$((RANDOM % 3 + 7))

#shellcheck disable=SC1091
source '/etc/os-release'

#从VERSION中提取发行版系统的英文名称
VERSION=$(echo "${VERSION}" | awk -F "[()]" '{print $2}')

check_system() {
    if [[ "${ID}" == "centos" && ${VERSION_ID} -eq 7 ]]; then
        echo -e "${OK} ${GreenBG} O sistema atual é Centos ${VERSION_ID} ${VERSION} ${Font}"
        INS="yum -y -q"
    elif [[ "${ID}" == "centos" && ${VERSION_ID} -ge 8 ]]; then
        echo -e "${OK} ${GreenBG} O sistema atual é Centos ${VERSION_ID} ${VERSION} ${Font}"
        INS="dnf -y"
    elif [[ "${ID}" == "debian" && ${VERSION_ID} -ge 8 ]]; then
        echo -e "${OK} ${GreenBG} O sistema atual é Debian ${VERSION_ID} ${VERSION} ${Font}"
        INS="apt -y -qq"
    elif [[ "${ID}" == "ubuntu" && $(echo "${VERSION_ID}" | cut -d '.' -f1) -ge 16 ]]; then
        echo -e "${OK} ${GreenBG} O sistema atual é Ubuntu ${VERSION_ID} ${UBUNTU_CODENAME} ${Font}"
        INS="apt -y -qq"
    else
        echo -e "${Error} ${RedBG} O sistema atual é ${ID} ${VERSION_ID} Não consta da lista de sistemas suportados, a instalação foi interrompida ${Font}"
        exit 1
    fi
}

is_root() {
    if [ 0 == $UID ]; then
        echo -e "${OK} ${GreenBG} O usuário atual é o usuário root, continue a executar ${Font}"
        sleep 1
    else
        echo -e "${Error} ${RedBG} O usuário atual não é o usuário root, mude para o usuário root e execute novamente o script ${Font}"
        exit 1
    fi
}

judge() {
    #shellcheck disable=SC2181
    if [[ 0 -eq $? ]]; then
        echo -e "${OK} ${GreenBG} $1 Terminar ${Font}"
        sleep 1
    else
        echo -e "${Error} ${RedBG} $1 falhou ${Font}"
        exit 1
    fi
}

urlEncode() {
    jq -R -r @uri <<<"$1"
}

chrony_install() {
    ${INS} install chrony
    judge "Instale o serviço de sincronização de tempo Chrony"
    timedatectl set-ntp true
    if [[ "${ID}" == "centos" ]]; then
        systemctl enable chronyd && systemctl restart chronyd
    else
        systemctl enable chrony && systemctl restart chrony
    fi
    judge "Chrony 启动"
    timedatectl set-timezone Asia/Shanghai
    echo -e "${OK} ${GreenBG} Esperando pela sincronização de tempo ${Font}"
    sleep 10
    chronyc sourcestats -v
    chronyc tracking -v
    date
    read -rp "Por favor, confirme se o tempo está correto, a faixa de erro é de ± 3 minutos (Y/N) [Y]: " chrony_install
    [[ -z ${chrony_install} ]] && chrony_install="Y"
    case $chrony_install in
    [yY][eE][sS] | [yY])
        echo -e "${GreenBG} Continue a execução ${Font}"
        sleep 2
        ;;
    *)
        echo -e "${RedBG} Terminar execução ${Font}"
        exit 2
        ;;
    esac
}

dependency_install() {
    if [[ "${ID}" == "centos" && ${VERSION_ID} -eq 7 ]]; then
        yum install epel-release -y -q
    elif [[ "${ID}" == "centos" && ${VERSION_ID} -ge 8 ]]; then
        dnf install epel-release -y -q
        dnf config-manager --set-enabled PowerTools
        dnf upgrade libseccomp
    elif [[ "${ID}" == "debian" && ${VERSION_ID} -ge 8 ]]; then
        $INS update
    elif [[ "${ID}" == "ubuntu" && $(echo "${VERSION_ID}" | cut -d '.' -f1) -ge 16 ]]; then
        $INS update
    fi
    $INS install dbus
    ${INS} install git lsof unzip
    judge "Instale dependências git lsof unzip"
    ${INS} install haveged
    systemctl start haveged && systemctl enable haveged
    command -v bc >/dev/null 2>&1 || ${INS} install bc
    judge "Instale dependências bc"
    command -v jq >/dev/null 2>&1 || ${INS} install jq
    judge "Instale dependências jq"
    command -v sponge >/dev/null 2>&1 || ${INS} install moreutils
    judge "Instale dependências moreutils"
    command -v qrencode >/dev/null 2>&1 || ${INS} install qrencode
    judge "Instale dependências qrencode"
}

basic_optimization() {
    # 最大文件打开数
    sed -i '/^\*\ *soft\ *nofile\ *[[:digit:]]*/d' /etc/security/limits.conf
    sed -i '/^\*\ *hard\ *nofile\ *[[:digit:]]*/d' /etc/security/limits.conf
    echo '* soft nofile 65536' >>/etc/security/limits.conf
    echo '* hard nofile 65536' >>/etc/security/limits.conf
    # 关闭 Selinux
    if [[ "${ID}" == "centos" ]]; then
        sed -i 's/^SELINUX=.*/SELINUX=disabled/' /etc/selinux/config
        setenforce 0
    fi
}

config_exist_check() {
    if [[ -f "$1" ]]; then
        echo -e "${OK} ${GreenBG} O arquivo de configuração antigo é detectado e o backup da configuração do arquivo antigo é feito automaticamente ${Font}"
        cp "$1" "$1.$(date +%Y%m%d%H)"
        echo -e "${OK} ${GreenBG} Foi feito backup da configuração antiga ${Font}"
    fi
}

domain_port_check() {
    read -rp "Insira a porta TLS (padrão 443):" tspport
    [[ -z ${tspport} ]] && tspport="443"
    read -rp "Insira as informações do seu nome de domínio (por exemplo, fk.gfw.com):" domain
    domain=$(echo "${domain}" | tr '[:upper:]' '[:lower:]')
    domain_ip=$(ping -q -c 1 -t 1 "${domain}" | grep PING | sed -e "s/).*//" | sed -e "s/.*(//")
    echo -e "${OK} ${GreenBG} Obtendo informações de IP de rede pública, aguarde pacientemente ${Font}"
    local_ip=$(curl -s https://api64.ipify.org)
    echo -e "IP de resolução de DNS de nome de domínio：${domain_ip}"
    echo -e "本机IP: ${local_ip}"
    sleep 2
    if [[ "${local_ip}" = "${domain_ip}" ]]; then
        echo -e "${OK} ${GreenBG} O IP de resolução DNS do nome de domínio corresponde ao IP local ${Font}"
        sleep 2
    else
        echo -e "${Error} ${RedBG} Certifique-se de que o registro A / AAAA correto seja adicionado ao nome de domínio, caso contrário, não será possível conectar-se normalmente ${Font}"
        echo -e "${Error} ${RedBG} Se o IP de resolução DNS do nome de domínio não corresponder ao IP da máquina, o aplicativo de certificado SSL falhará. Deseja continuar a instalação?（Y/N）[N]${Font}" && read -r install
        case $install in
        [yY][eE][sS] | [yY])
            echo -e "${GreenBG} Continue a instalar ${Font}"
            sleep 2
            ;;
        *)
            echo -e "${RedBG} Instalação encerrada ${Font}"
            exit 2
            ;;
        esac
    fi
}

port_exist_check() {
    if [[ 0 -eq $(lsof -i:"$1" | grep -i -c "listen") ]]; then
        echo -e "${OK} ${GreenBG} $1 A porta não está ocupada ${Font}"
        sleep 1
    else
        echo -e "${Error} ${RedBG} A porta $1 detectada está ocupada, segue-se a informação de ocupação da porta $1 ${Font}"
        lsof -i:"$1"
        echo -e "${OK} ${GreenBG} 5s Tentará matar automaticamente o processo ocupado ${Font}"
        sleep 5
        lsof -i:"$1" | awk '{print $2}' | grep -v "PID" | xargs kill -9
        echo -e "${OK} ${GreenBG} Kill Completo ${Font}"
        sleep 1
    fi
}

service_status_check() {
    if systemctl is-active "$1" &>/dev/null; then
        echo -e "${OK} ${GreenBG} $1 Começou ${Font}"
        if systemctl is-enabled "$1" &>/dev/null; then
            echo -e "${OK} ${GreenBG} $1 É um item de inicialização ${Font}"
        else
            echo -e "${WARN} ${Yellow} $1 Não é um item inicializável ${Font}"
            systemctl enable "$1"
            judge "Defina $1 para começar na inicialização"
        fi
    else
        echo -e "${Error} ${RedBG} Detectado que o serviço $1 não foi iniciado e está tentando iniciar... ${Font}"
        systemctl restart "$1" && systemctl enable "$1"
        judge "Tente começar $1 "
        sleep 5
        if systemctl is-active "$1" &>/dev/null; then
            echo -e "${OK} ${GreenBG} $1 Começou ${Font}"
        else
            echo -e "${WARN} ${Yellow} Tente reinstalar e reparar $1 e tente novamente ${Font}"
            exit 4
        fi
    fi
}

prereqcheck() {
    service_status_check docker
    if [[ -f ${tsp_conf} ]]; then
        service_status_check tls-shunt-proxy
    else
        echo -e "${Error} ${RedBG} A configuração TLS-Shunt-Proxy está anormal, tente reinstalar ${Font}"
        exit 4
    fi
}

trojan_reset() {
    config_exist_check ${trojan_conf}
    [[ -f ${trojan_conf} ]] && rm -rf ${trojan_conf}
    if [[ -f ${tsp_conf} ]]; then
        TSP_Domain=$(grep '#TSP_Domain' ${tsp_conf} | sed -r 's/.*: (.*) #.*/\1/') && echo -e "O nome de domínio TLS detectado é: ${TSP_Domain}"
    else
        echo -e "${Error} ${RedBG} A configuração TLS-Shunt-Proxy está anormal e as informações do nome de domínio TLS não podem ser detectadas. Reinstale e tente novamente ${Font}"
        exit 4
    fi
    read -rp "Por favor, digite a senha (Trojan-Go), ou padrão é aleatório :" tjpasswd
    [[ -z ${tjpasswd} ]] && tjpasswd=$(head -n 10 /dev/urandom | md5sum | head -c ${random_num})
    echo -e "${OK} ${GreenBG} Trojan-Go 密码: ${tjpasswd} ${Font}"
    read -rp "Deseja habilitar o suporte ao modo WebSocket (Y/N) [N]:" trojan_ws_mode
    [[ -z ${trojan_ws_mode} ]] && trojan_ws_mode=false
    case $trojan_ws_mode in
    [yY][eE][sS] | [yY])
        tjwspath="/trojan/$(head -n 10 /dev/urandom | md5sum | head -c ${random_num})/"
        echo -e "${OK} ${GreenBG} O modo Trojan-Go WebSocket está ativado, WSPATH: ${tjwspath} ${Font}"
        trojan_ws_mode=true
        ;;
    *)
        trojan_ws_mode=false
        ;;
    esac
    trojan_tcp_mode=true
    tjport=$((RANDOM % 6666 + 10000)) && echo -e "${OK} ${GreenBG} A porta de escuta do Trojan-Go é: $tjport ${Font}"
    mkdir -p $trojan_conf_dir
    cat >$trojan_conf <<-EOF
{
    "run_type": "server",
    "disable_http_check": true,
    "local_addr": "127.0.0.1",
    "local_port": ${tjport},
    "remote_addr": "1.1.1.1",
    "remote_port": 80,
    "fallback_addr": "1.1.1.1",
    "fallback_port": 443,
    "password": ["${tjpasswd}"],
    "transport_plugin": {
        "enabled": true,
        "type": "plaintext"
    },
    "websocket": {
        "enabled": ${trojan_ws_mode},
        "path": "${tjwspath}",
        "host": "${TSP_Domain}"
    }
}
EOF
    judge "Trojan-Go Geração de configuração"
    port_exist_check $tjport
    trojan_sync
    judge "Sincronizar as definições de configuração do Trojan-Go"
    systemctl restart tls-shunt-proxy && service_status_check tls-shunt-proxy
    judge "Configurações do aplicativo TLS-Shunt-Proxy"
}

modify_trojan() {
    deployed_status_check
    echo -e "${WARN} ${Yellow} Modificar a configuração do Trojan-Go redefinirá as informações de configuração do proxy existente, se deve continuar (Y/N) [N]? ${Font}"
    read -r modify_confirm
    [[ -z ${modify_confirm} ]] && modify_confirm="No"
    case $modify_confirm in
    [yY][eE][sS] | [yY])
        prereqcheck
        trojan_reset
        docker restart Trojan-Go
        ;;
    *) ;;
    esac
}

trojan_sync() {
    [[ -z $tjport ]] && tjport=40001
    [[ -z $tjwspath ]] && tjwspath=/trojan/none
    [[ -z $trojan_tcp_mode ]] && trojan_tcp_mode=none
    [[ -z $trojan_ws_mode ]] && trojan_ws_mode=none
    if [[ ${trojan_tcp_mode} = true ]]; then
        sed -i "/trojan: #Trojan_TCP/c \\    trojan: #Trojan_TCP" ${tsp_conf}
        sed -i "/handler: proxyPass #Trojan_TCP/c \\      handler: proxyPass #Trojan_TCP" ${tsp_conf}
        sed -i "/#Trojan_TCP_Port/c \\      args: 127.0.0.1:${tjport} #Trojan_TCP_Port:${trojan_tcp_mode}" ${tsp_conf}
    else
        sed -i "/trojan: #Trojan_TCP/c \\    #trojan: #Trojan_TCP" ${tsp_conf}
        sed -i "/handler: proxyPass #Trojan_TCP/c \\      #handler: proxyPass #Trojan_TCP" ${tsp_conf}
        sed -i "/#Trojan_TCP_Port/c \\      #args: 127.0.0.1:${tjport} #Trojan_TCP_Port:${trojan_tcp_mode}" ${tsp_conf}
    fi
    if [[ ${trojan_ws_mode} = true ]]; then
        sed -i "/#Trojan_WS_Path/c \\      - path: ${tjwspath} #Trojan_WS_Path" ${tsp_conf}
        sed -i "/handler: proxyPass #Trojan_WS/c \\        handler: proxyPass #Trojan_WS" ${tsp_conf}
        sed -i "/#Trojan_WS_Port/c \\        args: 127.0.0.1:${tjport} #Trojan_WS_Port:${trojan_ws_mode}" ${tsp_conf}
    else
        sed -i "/#Trojan_WS_Path/c \\      #- path: ${tjwspath} #Trojan_WS_Path" ${tsp_conf}
        sed -i "/handler: proxyPass #Trojan_WS/c \\        #handler: proxyPass #Trojan_WS" ${tsp_conf}
        sed -i "/#Trojan_WS_Port/c \\        #args: 127.0.0.1:${tjport} #Trojan_WS_Port:${trojan_ws_mode}" ${tsp_conf}
    fi
}

v2ray_mode_type() {
    read -rp "Selecione o tipo de protocolo do modo TCP V2Ray：VMess(M)/VLESS(L)，Pular por padrão，(M/L) [Skip]:" v2ray_tcp_mode
    [[ -z ${v2ray_tcp_mode} ]] && v2ray_tcp_mode="none"
    case $v2ray_tcp_mode in
    [mM])
        echo -e "${GreenBG} Protocolo de modo TCP selecionado VMess ${Font}"
        v2ray_tcp_mode="vmess"
        ;;
    [lL])
        echo -e "${GreenBG} Protocolo de modo TCP selecionado VLESS ${Font}"
        v2ray_tcp_mode="vless"
        ;;
    none)
        echo -e "${GreenBG} Pular implantação do modo TCP ${Font}"
        v2ray_tcp_mode="none"
        ;;
    *)
        echo -e "${RedBG} Por favor insira a letra correta (M/L) ${Font}"
        ;;
    esac
    read -rp "Selecione o tipo de protocolo do modo V2Ray WebSocket：VMess(M)/VLESS(L)，Pular por padrão，(M/L) [Skip]:" v2ray_ws_mode
    [[ -z ${v2ray_ws_mode} ]] && v2ray_ws_mode="none"
    case $v2ray_ws_mode in
    [mM])
        echo -e "${GreenBG} Modo WS selecionado VMess ${Font}"
        v2ray_ws_mode="vmess"
        ;;
    [lL])
        echo -e "${GreenBG} Modo WS selecionado VLESS ${Font}"
        v2ray_ws_mode="vless"
        ;;
    none)
        echo -e "${GreenBG} Pular implantação do modo WS ${Font}"
        v2ray_ws_mode="none"
        ;;
    *)
        echo -e "${RedBG} Por favor insira a letra correta (M/L) ${Font}"
        ;;
    esac
}

v2ray_reset() {
    config_exist_check ${v2ray_conf}
    [[ -f ${v2ray_conf} ]] && rm -rf ${v2ray_conf}
    mkdir -p $v2ray_conf_dir
    cat >$v2ray_conf <<-EOF
{
    "log": {
        "loglevel": "warning"
    },
    "inbounds":[
    ], 
    "outbounds": [
      {
        "protocol": "freedom", 
        "settings": {}, 
        "tag": "direct"
      }, 
      {
        "protocol": "blackhole", 
        "settings": {}, 
        "tag": "blocked"
      }
    ], 
    "dns": {
      "servers": [
        "https+local://1.1.1.1/dns-query",
	    "1.1.1.1",
	    "1.0.0.1",
	    "8.8.8.8",
	    "8.8.4.4",
	    "localhost"
      ]
    },
    "routing": {
      "rules": [
        {
            "ip": [
            "geoip:private"
            ],
            "outboundTag": "blocked",
            "type": "field"
        },
        {
          "type": "field",
          "outboundTag": "blocked",
          "protocol": ["bittorrent"]
        },
        {
          "type": "field",
          "inboundTag": [
          ],
          "outboundTag": "direct"
        }
      ]
    }
}
EOF
    if [[ "${v2ray_ws_mode}" = v*ess ]]; then
        UUID=$(cat /proc/sys/kernel/random/uuid)
        echo -e "${OK} ${GreenBG} UUID:${UUID} ${Font}"
        v2wspath="/v2ray/$(head -n 10 /dev/urandom | md5sum | head -c ${random_num})/"
        echo -e "${OK} ${GreenBG} Ligue o modo V2Ray WS，WSPATH: ${v2wspath} ${Font}"
        v2wsport=$((RANDOM % 6666 + 30000))
        echo -e "${OK} ${GreenBG} V2Ray WS 监听端口为 ${v2wsport} ${Font}"
        if [[ "${v2ray_ws_mode}" = "vmess" ]]; then
            #read -rp "请输入 WS 模式 AlterID（默认:10 仅允许填非0数字）:" alterID
            [[ -z ${alterID} ]] && alterID="10"
            jq '.inbounds += [{"sniffing":{"enabled":true,"destOverride":["http","tls"]},"port":'${v2wsport}',"listen":"127.0.0.1","tag":"vmess-ws-in","protocol":"vmess","settings":{"clients":[{"id":"'"${UUID}"'","alterId":'${alterID}'}]},"streamSettings":{"network":"ws","wsSettings":{"acceptProxyProtocol":true,"path":"'"${v2wspath}"'"}}}]' ${v2ray_conf} | sponge ${v2ray_conf} &&
                jq '.routing.rules[2].inboundTag += ["vmess-ws-in"]' ${v2ray_conf} | sponge ${v2ray_conf}
            judge "Geração de configuração V2Ray VMess WS"
        fi
        if [[ "${v2ray_ws_mode}" = "vless" ]]; then
            jq '.inbounds += [{"sniffing":{"enabled":true,"destOverride":["http","tls"]},"port":'${v2wsport}',"listen":"127.0.0.1","tag":"vless-ws-in","protocol":"vless","settings":{"clients":[{"id":"'"${UUID}"'","level":0}],"decryption":"none"},"streamSettings":{"network":"ws","wsSettings":{"acceptProxyProtocol":true,"path":"'"${v2wspath}"'"}}}]' ${v2ray_conf} | sponge ${v2ray_conf} &&
                jq '.routing.rules[2].inboundTag += ["vless-ws-in"]' ${v2ray_conf} | sponge ${v2ray_conf}
            judge "Geração de configuração V2Ray VLESS WS"
        fi
        port_exist_check ${v2wsport}
    fi
    if [[ "${v2ray_tcp_mode}" = v*ess ]]; then
        UUID=$(cat /proc/sys/kernel/random/uuid)
        echo -e "${OK} ${GreenBG} UUID:${UUID} ${Font}"
        v2port=$((RANDOM % 6666 + 20000))
        echo -e "${OK} ${GreenBG} A porta de escuta V2Ray TCP é ${v2port} ${Font}"
        if [[ "${v2ray_tcp_mode}" = "vmess" ]]; then
            #read -rp "请输入 TCP 模式 AlterID（默认:10 仅允许填非0数字）:" alterID
            [[ -z ${alterID} ]] && alterID="10"
            jq '.inbounds += [{"sniffing":{"enabled":true,"destOverride":["http","tls"]},"port":'${v2port}',"listen":"127.0.0.1","tag":"vmess-tcp-in","protocol":"vmess","settings":{"clients":[{"id":"'"${UUID}"'","alterId":'${alterID}'}]},"streamSettings":{"network":"tcp","tcpSettings":{"acceptProxyProtocol":true}}}]' ${v2ray_conf} | sponge ${v2ray_conf} &&
                jq '.routing.rules[2].inboundTag += ["vmess-tcp-in"]' ${v2ray_conf} | sponge ${v2ray_conf}
            judge "Geração de configuração V2Ray VMess TCP"
        fi
        if [[ "${v2ray_tcp_mode}" = "vless" ]]; then
            jq '.inbounds += [{"sniffing":{"enabled":true,"destOverride":["http","tls"]},"port":'${v2port}',"listen":"127.0.0.1","tag":"vless-tcp-in","protocol":"vless","settings":{"clients":[{"id":"'"${UUID}"'","level":0}],"decryption":"none"},"streamSettings":{"network":"tcp","tcpSettings":{"acceptProxyProtocol":true}}}]' ${v2ray_conf} | sponge ${v2ray_conf} &&
                jq '.routing.rules[2].inboundTag += ["vless-tcp-in"]' ${v2ray_conf} | sponge ${v2ray_conf}
            judge "Geração de configuração V2Ray VLESS TCP"
        fi
        port_exist_check ${v2port}
    fi
    if [[ -f ${tsp_conf} ]]; then
        v2ray_sync
        judge "Sincronizar configuração V2Ray"
        systemctl restart tls-shunt-proxy && service_status_check tls-shunt-proxy
        judge "Configurações do aplicativo TLS-Shunt-Proxy"
    else
        echo -e "${Error} ${RedBG} A configuração TLS-Shunt-Proxy está anormal, reinstale e tente novamente ${Font}"
        exit 4
    fi
}

modify_v2ray() {
    deployed_status_check
    echo -e "${WARN} ${Yellow} Modificar a configuração do V2Ray irá redefinir as informações de configuração do proxy existente, se deve continuar (Y/N) [N]? ${Font}"
    read -r modify_confirm
    [[ -z ${modify_confirm} ]] && modify_confirm="No"
    case $modify_confirm in
    [yY][eE][sS] | [yY])
        prereqcheck
        v2ray_mode_type
        [[ $v2ray_tcp_mode != "none" || $v2ray_ws_mode != "none" ]] && v2ray_reset
        docker restart V2Ray
        ;;
    *) ;;
    esac
}

v2ray_sync() {
    [[ -z $v2port ]] && v2port=40003
    [[ -z $v2wsport ]] && v2wsport=40002
    [[ -z $v2wspath ]] && v2wspath=/v2ray/none
    [[ -z $v2ray_tcp_mode ]] && v2ray_tcp_mode=none
    [[ -z $v2ray_ws_mode ]] && v2ray_ws_mode=none
    if [[ ${v2ray_tcp_mode} = v*ess ]]; then
        sed -i "/default: #V2Ray_TCP/c \\    default: #V2Ray_TCP" ${tsp_conf}
        sed -i "/handler: proxyPass #V2Ray_TCP/c \\      handler: proxyPass #V2Ray_TCP" ${tsp_conf}
        sed -i "/#V2Ray_TCP_Port/c \\      args: 127.0.0.1:${v2port};proxyProtocol #V2Ray_TCP_Port:${v2ray_tcp_mode}" ${tsp_conf}
    else
        sed -i "/default: #V2Ray_TCP/c \\    #default: #V2Ray_TCP" ${tsp_conf}
        sed -i "/handler: proxyPass #V2Ray_TCP/c \\      #handler: proxyPass #V2Ray_TCP" ${tsp_conf}
        sed -i "/#V2Ray_TCP_Port/c \\      #args: 127.0.0.1:${v2port};proxyProtocol #V2Ray_TCP_Port:${v2ray_tcp_mode}" ${tsp_conf}
    fi
    if [[ ${v2ray_ws_mode} = v*ess ]]; then
        sed -i "/#V2Ray_WS_Path/c \\      - path: ${v2wspath} #V2Ray_WS_Path" ${tsp_conf}
        sed -i "/handler: proxyPass #V2Ray_WS/c \\        handler: proxyPass #V2Ray_WS" ${tsp_conf}
        sed -i "/#V2Ray_WS_Port/c \\        args: 127.0.0.1:${v2wsport};proxyProtocol #V2Ray_WS_Port:${v2ray_ws_mode}" ${tsp_conf}
    else
        sed -i "/#V2Ray_WS_Path/c \\      #- path: ${v2wspath} #V2Ray_WS_Path" ${tsp_conf}
        sed -i "/handler: proxyPass #V2Ray_WS/c \\        #handler: proxyPass #V2Ray_WS" ${tsp_conf}
        sed -i "/#V2Ray_WS_Port/c \\        #args: 127.0.0.1:${v2wsport};proxyProtocol #V2Ray_WS_Port:${v2ray_ws_mode}" ${tsp_conf}
    fi
}

web_camouflage() {
    ##Observe que isso está em conflito com o caminho padrão do script LNMP. Não use este script em um ambiente onde o LNMP está instalado, caso contrário, você será responsável pelas consequências.
    rm -rf $web_dir
    mkdir -p $web_dir
    cd $web_dir || exit
    websites[0]="https://github.com/h31105/LodeRunner_TotalRecall.git"
    websites[1]="https://github.com/h31105/adarkroom.git"
    websites[2]="https://github.com/h31105/webosu"
    selectedwebsite=${websites[$RANDOM % ${#websites[@]}]}
    git clone ${selectedwebsite} web_camouflage
    judge "Disfarce de WebSite"
}

install_docker() {
    echo -e "${GreenBG} Comece a instalar a versão mais recente do Docker ... ${Font}"
    curl -fsSL https://get.docker.com -o /tmp/get-docker.sh
    sh /tmp/get-docker.sh
    judge "Instale o Docker"
    systemctl daemon-reload
    systemctl enable docker && systemctl restart docker
    judge "Início do Docker"
}

install_tsp() {
    bash <(curl -L -s https://raw.githubusercontent.com/liberal-boy/tls-shunt-proxy/master/dist/install.sh)
    judge "Instalar TLS-Shunt-Proxy"
    chown -R tls-shunt-proxy:tls-shunt-proxy /etc/ssl/tls-shunt-proxy
    command -v setcap >/dev/null 2>&1 && setcap "cap_net_bind_service=+ep" /usr/local/bin/tls-shunt-proxy
    config_exist_check ${tsp_conf}
    [[ -f ${tsp_conf} ]] && rm -rf ${tsp_conf}
    mkdir -p $tsp_conf_dir
    cat >$tsp_conf <<-EOF
#TSP_CFG_Ver:${tsp_cfg_version}
listen: 0.0.0.0:${tspport} #TSP_Port
redirecthttps: 0.0.0.0:80
inboundbuffersize: 4
outboundbuffersize: 32
vhosts:
  - name: ${domain} #TSP_Domain
    tlsoffloading: true
    managedcert: true
    keytype: p256
    alpn: h2,http/1.1
    protocols: tls12,tls13
    http:
      paths:
      #- path: /trojan/none #Trojan_WS_Path
        #handler: proxyPass #Trojan_WS
        #args: 127.0.0.1:40000 #Trojan_WS_Port:${trojan_ws_mode}
      #- path: /v2ray/none #V2Ray_WS_Path
        #handler: proxyPass #V2Ray_WS
        #args: 127.0.0.1:40002;proxyProtocol #V2Ray_WS_Port:${v2ray_ws_mode}
      handler: fileServer
      args: ${web_dir}/web_camouflage #Website_camouflage
    #trojan: #Trojan_TCP
      #handler: proxyPass #Trojan_TCP
      #args: 127.0.0.1:40001 #Trojan_TCP_Port:${trojan_tcp_mode}
    #default: #V2Ray_TCP
      #handler: proxyPass #V2Ray_TCP
      #args: 127.0.0.1:40003;proxyProtocol #V2Ray_TCP_Port:${v2ray_tcp_mode}
EOF
    judge "Configurar TLS-Shunt-Proxy"
    systemctl daemon-reload && systemctl reset-failed
    systemctl enable tls-shunt-proxy && systemctl restart tls-shunt-proxy
    judge "Iniciar TLS-Shunt-Proxy"
}

modify_tsp() {
    domain_port_check
    sed -i "/#TSP_Port/c \\listen: 0.0.0.0:${tspport} #TSP_Port" ${tsp_conf}
    sed -i "/#TSP_Domain/c \\  - name: ${domain} #TSP_Domain" ${tsp_conf}
    tsp_sync
}

tsp_sync() {
    echo -e "${OK} ${GreenBG} Detectar e sincronizar a configuração de proxy existente... ${Font}"
    if [[ $trojan_stat = "installed" && -f ${trojan_conf} ]]; then
        tjport="$(grep '"local_port"' ${trojan_conf} | sed -r 's/.*: (.*),.*/\1/')" && trojan_tcp_mode=true &&
            tjwspath="$(grep '"path":' ${trojan_conf} | awk -F '"' '{print $4}')" && trojan_ws_mode="$(jq -r '.websocket.enabled' ${trojan_conf})"
        judge "Detectar a configuração do Trojan-Go"
        [[ -z $tjport ]] && trojan_tcp_mode=false
        [[ $trojan_ws_mode = null ]] && trojan_ws_mode=false
        [[ -z $tjwspath ]] && tjwspath=/trojan/none
        echo -e "Detectado: proxy Trojan-Go：TCP：${Green}${trojan_tcp_mode}${Font} / WebSocket：${Green}${trojan_ws_mode}${Font} / porta：${Green}${tjport}${Font} / WebSocket Path：${Green}${tjwspath}${Font}"
    fi

    if [[ $v2ray_stat = "installed" && -f ${v2ray_conf} ]]; then
        sed -i '/\#\"/d' ${v2ray_conf}
        v2port="$(jq -r '[.inbounds[] | select(.streamSettings.network=="tcp") | .port][0]' ${v2ray_conf})" &&
            v2wsport="$(jq -r '[.inbounds[] | select(.streamSettings.network=="ws") | .port][0]' ${v2ray_conf})" &&
            v2ray_tcp_mode="$(jq -r '[.inbounds[] | select(.streamSettings.network=="tcp") | .protocol][0]' ${v2ray_conf})" &&
            v2ray_ws_mode="$(jq -r '[.inbounds[] | select(.streamSettings.network=="ws") | .protocol][0]' ${v2ray_conf})" &&
            v2wspath="$(jq -r '[.inbounds[] | select(.streamSettings.network=="ws") | .streamSettings.wsSettings.path][0]' ${v2ray_conf})"
        judge "Verifique a configuração V2Ray"
        [[ $v2port = null ]] && v2port=40003
        [[ $v2wsport = null ]] && v2wsport=40002
        [[ $v2ray_tcp_mode = null ]] && v2ray_tcp_mode=none
        [[ $v2ray_ws_mode = null ]] && v2ray_ws_mode=none
        [[ $v2wspath = null ]] && v2wspath=/v2ray/none
        echo -e "Detectado: proxy V2Ray：TCP：${Green}${v2ray_tcp_mode}${Font} porta：${Green}${v2port}${Font} / WebSocket：${Green}${v2ray_ws_mode}${Font} porta：${Green}${v2wsport}${Font} / WebSocket Path：${Green}${v2wspath}${Font}"
    fi

    if [[ -f ${tsp_conf} ]]; then
        trojan_sync
        v2ray_sync
        tsp_config_stat="synchronized"
        systemctl restart tls-shunt-proxy
        judge "Sincronização de configuração de shunt"
        menu_req_check tls-shunt-proxy
    else
        echo -e "${Error} ${RedBG} A configuração TLS-Shunt-Proxy está anormal, reinstale e tente novamente ${Font}"
        exit 4
    fi
}

install_trojan() {
    systemctl is-active "docker" &>/dev/null || install_docker
    prereqcheck
    trojan_reset
    docker pull teddysun/trojan-go
    docker run -d --network host --name Trojan-Go --restart=always -v /etc/trojan-go:/etc/trojan-go teddysun/trojan-go
    judge "Instalação do contêiner Trojan-Go"
}

install_v2ray() {
    systemctl is-active "docker" &>/dev/null || install_docker
    prereqcheck
    v2ray_mode_type
    [[ $v2ray_tcp_mode = "vmess" || $v2ray_ws_mode = "vmess" ]] && check_system && chrony_install
    if [[ $v2ray_tcp_mode != "none" || $v2ray_ws_mode != "none" ]]; then
        v2ray_reset
        docker pull teddysun/v2ray
        docker run -d --network host --name V2Ray --restart=always -v /etc/v2ray:/etc/v2ray teddysun/v2ray
        judge "Instalação do contêiner V2Ray"
    fi
}

install_watchtower() {
    docker pull containrrr/watchtower
    docker run -d --name WatchTower --restart=always -v /var/run/docker.sock:/var/run/docker.sock containrrr/watchtower --cleanup
    judge "Instalação do contêiner WatchTower"
}

install_portainer() {
    docker volume create portainer_data
    docker pull portainer/portainer-ce
    docker run -d -p 9080:9000 --name Portainer --restart=always -v /var/run/docker.sock:/var/run/docker.sock -v portainer_data:/data portainer/portainer-ce
    judge "Instalação do contêiner Portainer"
    echo -e "${OK} ${GreenBG} O endereço de gerenciamento do Portainer é http://$TSP_Domain:9080 Abra você mesmo a porta do firewall！ ${Font}"
}

install_tls_shunt_proxy() {
    check_system
    systemctl is-active "firewalld" &>/dev/null && systemctl stop firewalld && echo -e "${OK} ${GreenBG} Firewalld está desligado ${Font}"
    systemctl is-active "ufw" &>/dev/null && systemctl stop ufw && echo -e "${OK} ${GreenBG} UFW está fechado ${Font}"
    dependency_install
    basic_optimization
    domain_port_check
    port_exist_check "${tspport}"
    port_exist_check 80
    config_exist_check "${tsp_conf}"
    web_camouflage
    install_tsp
}

uninstall_all() {
    echo -e "${RedBG} !!!Esta operação excluirá TLS-Shunt-Proxy, plataforma Docker e os dados do contêiner instalados por este script!!! ${Font}"
    read -rp "Depois de confirmar, digite YES (diferencia maiúsculas de minúsculas):" uninstall
    [[ -z ${uninstall} ]] && uninstall="No"
    case $uninstall in
    YES)
        echo -e "${GreenBG} Comece a desinstalação ${Font}"
        sleep 2
        ;;
    *)
        echo -e "${RedBG} deixe-me pensar de novo ${Font}"
        exit 1
        ;;
    esac
    check_system
    uninstall_proxy_server
    uninstall_watchtower
    uninstall_portainer
    systemctl stop docker && systemctl disable docker
    if [[ "${ID}" == "centos" ]]; then
        ${INS} remove docker-ce docker-ce-cli containerd.io docker docker-client docker-client-latest docker-common docker-latest docker-latest-logrotate docker-logrotate docker-engine
    else
        ${INS} remove docker-ce docker-ce-cli containerd.io docker docker-engine docker.io containerd runc
    fi
    #rm -rf /var/lib/docker #Removes all docker data
    rm -rf /etc/systemd/system/docker.service
    uninstall_tsp
    echo -e "${OK} ${GreenBG} Todos os componentes foram desinstalados, bem-vindo para usar este script novamente! ${Font}"
    exit 0
}

uninstall_tsp() {
    systemctl stop tls-shunt-proxy && systemctl disable tls-shunt-proxy
    rm -rf /etc/systemd/system/tls-shunt-proxy.service
    rm -rf /usr/local/bin/tls-shunt-proxy
    rm -rf $tsp_conf_dir
    userdel -rf tls-shunt-proxy
    tsp_stat="none"
    rm -rf ${web_dir}/web_camouflage
    echo -e "${OK} ${GreenBG} Desinstalação do TLS-Shunt-Proxy concluída！${Font}"
    sleep 3
}

uninstall_proxy_server() {
    uninstall_trojan
    uninstall_v2ray
    echo -e "${OK} ${GreenBG} A desinstalação do proxy TCP / WS (Trojan-Go / V2Ray) está concluída! ${Font}"
    sleep 3
}

uninstall_trojan() {
    rm -rf $trojan_conf_dir
    trojan_ws_mode="none" && trojan_tcp_mode="none"
    [ -f ${tsp_conf} ] && trojan_sync
    systemctl start docker
    [[ $trojan_stat = "installed" ]] && docker stop Trojan-Go && docker rm -f Trojan-Go &&
        echo -e "${OK} ${GreenBG} A desinstalação do proxy TCP / WS Trojan-Go foi concluída！ ${Font}"
}

uninstall_v2ray() {
    rm -rf $v2ray_conf_dir
    v2ray_ws_mode="none" && v2ray_tcp_mode="none"
    [ -f ${tsp_conf} ] && v2ray_sync
    systemctl start docker
    [[ $v2ray_stat = "installed" ]] && docker stop V2Ray && docker rm -f V2Ray &&
        echo -e "${OK} ${GreenBG} Desinstalação do proxy TCP / WS V2Ray concluída！ ${Font}"
}
uninstall_watchtower() {
    docker stop WatchTower && docker rm -f WatchTower && watchtower_stat="none" &&
        echo -e "${OK} ${GreenBG} Desinstalação da WatchTower concluída！ ${Font}"
    sleep 3
}

uninstall_portainer() {
    docker stop Portainer && docker rm -fv Portainer && portainer_stat="none" &&
        echo -e "${OK} ${GreenBG} Desinstalação do Portainer concluída！ ${Font}"
    sleep 3
}

upgrade_tsp() {
    current_version="$(/usr/local/bin/tls-shunt-proxy --version 2>&1 | awk 'NR==1{gsub(/"/,"");print $3}')"
    echo -e "${GreenBG} Versão atual do TLS-Shunt-Proxy: ${current_version}，Comece a testar a versão mais recente... ${Font}"
    latest_version="$(wget --no-check-certificate -qO- https://api.github.com/repos/liberal-boy/tls-shunt-proxy/tags | grep 'name' | cut -d\" -f4 | head -1)"
    [[ -z ${latest_version} ]] && echo -e "${Error} Falha ao detectar a versão mais recente ! ${Font}" && menu
    if [[ ${latest_version} != "${current_version}" ]]; then
        echo -e "${OK} ${GreenBG} Versão Atual: ${current_version} A última versão de: ${latest_version}，Atualizar (Y/N) [N]? ${Font}"
        read -r update_confirm
        [[ -z ${update_confirm} ]] && update_confirm="No"
        case $update_confirm in
        [yY][eE][sS] | [yY])
            config_exist_check "${tsp_conf}"
            bash <(curl -L -s https://raw.githubusercontent.com/liberal-boy/tls-shunt-proxy/master/dist/install.sh)
            judge "Atualização TLS-Shunt-Proxy"
            systemctl daemon-reload && systemctl reset-failed
            systemctl enable tls-shunt-proxy && systemctl restart tls-shunt-proxy
            judge "Reinicialização de TLS-Shunt-Proxy"
            ;;
        *) ;;
        esac
    else
        echo -e "${OK} ${GreenBG} O TLS-Shunt-Proxy atual é a versão mais recente ${current_version} ${Font}"
    fi
}

update_sh() {
    command -v curl >/dev/null 2>&1 || ${INS} install curl
    judge "Instalar pacote de dependência curl"
    ol_version=$(curl -L -s https://raw.githubusercontent.com/h31105/trojan_v2_docker_onekey/${github_branch}/deploy.sh | grep "shell_version=" | head -1 | awk -F '=|"' '{print $3}')
    echo "$ol_version" >$version_cmp
    echo "$shell_version" >>$version_cmp
    if [[ "$shell_version" < "$(sort -rV $version_cmp | head -1)" ]]; then
        echo -e "${OK} ${GreenBG} atualizar conteúdo：${Font}"
        echo -e "${Yellow}$(curl --silent https://api.github.com/repos/h31105/trojan_v2_docker_onekey/releases/latest | grep body | head -n 1 | awk -F '"' '{print $4}')${Font}"
        echo -e "${OK} ${GreenBG} Há uma nova versão, seja para atualizar (Y/N) [N]? ${Font}"
        read -r update_confirm
        case $update_confirm in
        [yY][eE][sS] | [yY])
            wget -N --no-check-certificate https://raw.githubusercontent.com/h31105/trojan_v2_docker_onekey/${github_branch}/deploy.sh
            echo -e "${OK} ${GreenBG} A atualização está concluída, execute novamente o script：\n#./deploy.sh ${Font}"
            exit 0
            ;;
        *) ;;
        esac
    else
        echo -e "${OK} ${GreenBG} A versão atual é a versão mais recente ${Font}"
    fi
}

list() {
    case $1 in
    uninstall)
        deployed_status_check
        uninstall_all
        ;;
    sync)
        deployed_status_check
        tsp_sync
        ;;
    debug)
        debug="enable"
        #set -xv
        menu
        ;;
    *)
        menu
        ;;
    esac
}

deployed_status_check() {
    tsp_stat="none" && trojan_stat="none" && v2ray_stat="none" && watchtower_stat="none" && portainer_stat="none"
    trojan_tcp_mode="none" && v2ray_tcp_mode="none" && trojan_ws_mode="none" && v2ray_ws_mode="none"
    tsp_config_stat="synchronized" && chrony_stat="none"

    echo -e "${OK} ${GreenBG} Informações de configuração do shunt de detecção... ${Font}"
    [[ -f ${tsp_conf} || -f '/usr/local/bin/tls-shunt-proxy' ]] &&
        tsp_template_version=$(grep '#TSP_CFG_Ver' ${tsp_conf} | sed -r 's/.*TSP_CFG_Ver:(.*) */\1/') && tsp_stat="installed" &&
        TSP_Port=$(grep '#TSP_Port' ${tsp_conf} | sed -r 's/.*0:(.*) #.*/\1/') && TSP_Domain=$(grep '#TSP_Domain' ${tsp_conf} | sed -r 's/.*: (.*) #.*/\1/') &&
        trojan_tcp_port=$(grep '#Trojan_TCP_Port' ${tsp_conf} | sed -r 's/.*:(.*) #.*/\1/') &&
        trojan_tcp_mode=$(grep '#Trojan_TCP_Port' ${tsp_conf} | sed -r 's/.*Trojan_TCP_Port:(.*) */\1/') &&
        trojan_ws_port=$(grep '#Trojan_WS_Port' ${tsp_conf} | sed -r 's/.*:(.*) #.*/\1/') &&
        trojan_ws_mode=$(grep '#Trojan_WS_Port' ${tsp_conf} | sed -r 's/.*Trojan_WS_Port:(.*) */\1/') &&
        trojan_ws_path=$(grep '#Trojan_WS_Path' ${tsp_conf} | sed -r 's/.*: (.*) #.*/\1/') &&
        v2ray_tcp_port=$(grep '#V2Ray_TCP_Port' ${tsp_conf} | sed -r 's/.*:(.*);.*/\1/') &&
        v2ray_tcp_mode=$(grep '#V2Ray_TCP_Port' ${tsp_conf} | sed -r 's/.*V2Ray_TCP_Port:(.*) */\1/') &&
        v2ray_ws_port=$(grep '#V2Ray_WS_Port' ${tsp_conf} | sed -r 's/.*:(.*);.*/\1/') &&
        v2ray_ws_mode=$(grep '#V2Ray_WS_Port' ${tsp_conf} | sed -r 's/.*V2Ray_WS_Port:(.*) */\1/') &&
        v2ray_ws_path=$(grep '#V2Ray_WS_Path' ${tsp_conf} | sed -r 's/.*: (.*) #.*/\1/') &&
        menu_req_check tls-shunt-proxy

    echo -e "${OK} ${GreenBG} Verifique o status de implantação do componente... ${Font}"
    systemctl is-active "docker" &>/dev/null && docker ps -a | grep Trojan-Go &>/dev/null && trojan_stat="installed"
    systemctl is-active "docker" &>/dev/null && docker ps -a | grep V2Ray &>/dev/null && v2ray_stat="installed"
    systemctl is-active "docker" &>/dev/null && docker ps -a | grep WatchTower &>/dev/null && watchtower_stat="installed"
    systemctl is-active "docker" &>/dev/null && docker ps -a | grep Portainer &>/dev/null && portainer_stat="installed"

    echo -e "${OK} ${GreenBG} Informações de configuração do agente de detecção... ${Font}"

    if [[ -f ${trojan_conf} && $trojan_stat = "installed" ]]; then
        tjport=$(grep '"local_port"' ${trojan_conf} | sed -r 's/.*: (.*),.*/\1/')
        tjpassword=$(grep '"password"' ${trojan_conf} | awk -F '"' '{print $4}')
        [[ $trojan_ws_mode = true ]] && tjwspath=$(grep '"path":' ${trojan_conf} | awk -F '"' '{print $4}') &&
            tjwshost=$(grep '"host":' ${trojan_conf} | awk -F '"' '{print $4}')
        [[ $trojan_tcp_mode = true && $tjport != "$trojan_tcp_port" ]] && echo -e "${Error} ${RedBG} Detectada anormalidade na configuração do shunt da porta TCP do Trojan-Go ${Font}" && tsp_config_stat="mismatched"
        [[ $trojan_ws_mode = true && $tjport != "$trojan_ws_port" ]] && echo -e "${Error} ${RedBG} Detectada anormalidade de configuração de shunt de porta Trojan-Go WS ${Font}" && tsp_config_stat="mismatched"
        [[ $trojan_ws_mode = true && $tjwspath != "$trojan_ws_path" ]] && echo -e "${Error} ${RedBG} 检测到 Trojan-Go WS 路径分流配置异常 ${Font}" && tsp_config_stat="mismatched"
        [[ $tsp_config_stat = "mismatched" ]] && echo -e "${Error} ${RedBG} Uma configuração de shunt inconsistente é detectada e tentará sincronizar e reparar automaticamente... ${Font}" && tsp_sync
    fi

    if [[ -f ${v2ray_conf} && $v2ray_stat = "installed" ]]; then
        [[ $v2ray_tcp_mode = "vmess" ]] &&
            v2port=$(jq -r '[.inbounds[] | select(.protocol=="vmess") | select(.streamSettings.network=="tcp") | .port][0]' ${v2ray_conf}) &&
            VMTID=$(jq -r '[.inbounds[] | select(.protocol=="vmess") | select(.streamSettings.network=="tcp") | .settings.clients[].id][0]' ${v2ray_conf}) &&
            VMAID=$(jq -r '[.inbounds[] | select(.protocol=="vmess") | select(.streamSettings.network=="tcp") | .settings.clients[].alterId][0]' ${v2ray_conf})
        [[ $v2ray_tcp_mode = "vless" ]] &&
            v2port=$(jq -r '[.inbounds[] | select(.protocol=="vless") | select(.streamSettings.network=="tcp") | .port][0]' ${v2ray_conf}) &&
            VLTID=$(jq -r '[.inbounds[] | select(.protocol=="vless") | select(.streamSettings.network=="tcp") | .settings.clients[].id][0]' ${v2ray_conf})
        [[ $v2ray_ws_mode = "vmess" ]] &&
            v2wsport=$(jq -r '[.inbounds[] | select(.protocol=="vmess") | select(.streamSettings.network=="ws") | .port][0]' ${v2ray_conf}) &&
            v2wspath=$(jq -r '[.inbounds[] | select(.protocol=="vmess") | select(.streamSettings.network=="ws") | .streamSettings.wsSettings.path][0]' ${v2ray_conf}) &&
            VMWSID=$(jq -r '[.inbounds[] | select(.protocol=="vmess") | select(.streamSettings.network=="ws") | .settings.clients[].id][0]' ${v2ray_conf}) &&
            VMWSAID=$(jq -r '[.inbounds[] | select(.protocol=="vmess") | select(.streamSettings.network=="ws") | .settings.clients[].alterId][0]' ${v2ray_conf})
        [[ $v2ray_ws_mode = "vless" ]] &&
            v2wsport=$(jq -r '[.inbounds[] | select(.protocol=="vless") | select(.streamSettings.network=="ws") | .port][0]' ${v2ray_conf}) &&
            v2wspath=$(jq -r '[.inbounds[] | select(.protocol=="vless") | select(.streamSettings.network=="ws") | .streamSettings.wsSettings.path][0]' ${v2ray_conf}) &&
            VLWSID=$(jq -r '[.inbounds[] | select(.protocol=="vless") | select(.streamSettings.network=="ws") | .settings.clients[].id][0]' ${v2ray_conf})
        [[ $v2ray_tcp_mode = v*ess && $v2port != "$v2ray_tcp_port" ]] && echo -e "${Error} ${RedBG} Detectada anormalidade de configuração de shunt da porta TCP V2Ray ${Font}" && tsp_config_stat="mismatched"
        [[ $v2ray_ws_mode = v*ess && $v2wsport != "$v2ray_ws_port" ]] && echo -e "${Error} ${RedBG} Anormalidade de configuração de shunt de porta V2Ray WS detectada ${Font}" && tsp_config_stat="mismatched"
        [[ $v2ray_ws_mode = v*ess && $v2wspath != "$v2ray_ws_path" ]] && echo -e "${Error} ${RedBG} Anormalidade de configuração de shunt de caminho V2Ray WS detectada ${Font}" && tsp_config_stat="mismatched"
        [[ $tsp_config_stat = "mismatched" ]] && echo -e "${Error} ${RedBG} Uma configuração de shunt inconsistente é detectada e tentará sincronizar e reparar automaticamente... ${Font}" && tsp_sync
        if [[ $v2ray_tcp_mode = "vmess" || $v2ray_ws_mode = "vmess" ]]; then
            if [[ "${ID}" == "centos" ]]; then
                systemctl is-active "chronyd" &>/dev/null || chrony_stat=inactive
            else
                systemctl is-active "chrony" &>/dev/null || chrony_stat=inactive
            fi
            if [[ $chrony_stat = inactive ]]; then
                echo -e "${Error} ${RedBG} Foi detectado que o serviço de sincronização de tempo Chrony não foi iniciado. Se a hora do sistema for imprecisa, isso afetará seriamente a disponibilidade do protocolo V2Ray VMess ${Font}\n${WARN} ${Yellow} 当前系统时间: $(date)，请确认时间是否准确，误差范围±3分钟内（Y）或 尝试修复时间同步服务（R）[R]: ${Font}"
                read -r chrony_confirm
                [[ -z ${chrony_confirm} ]] && chrony_confirm="R"
                case $chrony_confirm in
                [rR])
                    echo -e "${GreenBG} Instale o serviço de sincronização de tempo Chrony ${Font}"
                    check_system
                    chrony_install
                    ;;
                *) ;;
                esac
            fi
        fi
    fi

    [[ -f ${trojan_conf} || -f ${v2ray_conf} || $trojan_stat = "installed" || $v2ray_stat = "installed" ]] && menu_req_check docker
    [[ $trojan_stat = "installed" && ! -f $trojan_conf ]] && echo -e "\n${Error} ${RedBG} Foi detectada anormalidade na configuração do proxy Trojan-Go, as seguintes opções serão bloqueadas, tente reinstalar o reparo e tente novamente ... ${Font}" &&
        echo -e "${WARN} ${Yellow}[Shield] Modificação da configuração do Trojan-Go${Font}"
    [[ $v2ray_stat = "installed" && ! -f $v2ray_conf ]] && echo -e "\n${Error} ${RedBG} Foi detectada anormalidade na configuração do proxy V2Ray, as seguintes opções serão bloqueadas, tente reinstalar e tente novamente... ${Font}" &&
        echo -e "${WARN} ${Yellow}[Shield] Modificação da configuração V2Ray${Font}"

    if [[ $tsp_stat = "installed" && $tsp_template_version != "${tsp_cfg_version}" ]]; then
        echo -e "${WARN} ${Yellow}Foi detectada uma atualização crítica de TLS-Shunt-Proxy. Para garantir que o script seja executado normalmente, confirme para realizar a atualização imediatamente（Y/N）[Y] ${Font}"
        read -r upgrade_confirm
        [[ -z ${upgrade_confirm} ]] && upgrade_confirm="Yes"
        case $upgrade_confirm in
        [yY][eE][sS] | [yY])
            uninstall_tsp
            install_tls_shunt_proxy
            tsp_sync
            deployed_status_check
            ;;
        *) ;;
        esac
    fi

    [[ $debug = "enable" ]] && echo -e "\n Proxy Trojan-Go：TCP：${Green}${trojan_tcp_mode}${Font} / WebSocket：${Green}${trojan_ws_mode}${Font}\n     Proxy V2Ray：TCP：${Green}${v2ray_tcp_mode}${Font} / WebSocket：${Green}${v2ray_ws_mode}${Font}" &&
        echo -e "\n Recipiente do agente: Trojan-Go：${Green}${trojan_stat}${Font} / V2Ray：${Green}${v2ray_stat}${Font}" &&
        echo -e " Outros recipientes: WatchTower：${Green}${watchtower_stat}${Font} / Portainer：${Green}${portainer_stat}${Font}\n"
}

info_config() {
    deployed_status_check
    cert_stat_check tls-shunt-proxy
    echo -e "\n————————————————————Informações de configuração do shunt————————————————————"
    if [ -f ${tsp_conf} ]; then
        echo -e "TLS-Shunt-Proxy $(/usr/local/bin/tls-shunt-proxy --version 2>&1 | awk 'NR==1{gsub(/"/,"");print $3}')" &&
            echo -e "Porta TLS do servidor: ${TSP_Port}" && echo -e "Nome de domínio TLS do servidor: ${TSP_Domain}"
        [[ $trojan_tcp_mode = true ]] && echo -e "Porta de descarregamento de TCP Trojan-Go: $trojan_tcp_port" && echo -e "Porta de escuta Trojan-Go: $tjport"
        [[ $trojan_ws_mode = true ]] && echo -e "Porta de toque Trojan-Go WebSocket: $trojan_ws_port" &&
            echo -e "Caminho de descarregamento do Trojan-Go WebSocket: $trojan_ws_path"
        [[ $v2ray_tcp_mode = v*ess ]] && echo -e "Porta shunt V2Ray TCP: $v2ray_tcp_port" && echo -e "Porta de escuta V2Ray TCP: $v2port"
        [[ $v2ray_ws_mode = v*ess ]] && echo -e "Porta de derivação V2Ray WebSocket: $v2ray_ws_port" && echo -e "Porta de escuta V2Ray WS: $v2wsport" &&
            echo -e "Caminho de shunt V2Ray WebSocket: $v2ray_ws_path"
    fi

    if [[ -f ${trojan_conf} && $trojan_stat = "installed" ]]; then
        echo -e "—————————————————— Implantação do Trojan-Go ——————————————————" &&
            echo -e "$(docker exec Trojan-Go sh -c 'trojan-go --version' 2>&1 | awk 'NR==1{gsub(/"/,"");print}')" &&
            echo -e "Porta do servidor: ${TSP_Port}" && echo -e "Endereço do servidor:: ${TSP_Domain}"
        [[ $trojan_tcp_mode = true ]] && echo -e "Senha do Trojan-Go: ${tjpassword}"
        [[ $trojan_ws_mode = true ]] &&
            echo -e "Trojan-Go WebSocket Path: ${tjwspath}" && echo -e "Trojan-Go WebSocket Host: ${tjwshost}"
    fi

    if [[ -f ${v2ray_conf} && $v2ray_stat = "installed" ]]; then
        echo -e "\n———————————————————— Configuração V2Ray ————————————————————" &&
            echo -e "$(docker exec V2Ray sh -c 'v2ray --version' 2>&1 | awk 'NR==1{gsub(/"/,"");print}')" &&
            echo -e "Porta do servidor: ${TSP_Port}" && echo -e "Endereço do servidor:: ${TSP_Domain}"
        [[ $v2ray_tcp_mode = "vmess" ]] && echo -e "\nVMess TCP UUID: ${VMTID}" &&
            echo -e "VMess AlterID: ${VMAID}" && echo -e "Método de criptografia VMess: Auto" && echo -e "VMess Host: ${TSP_Domain}"
        [[ $v2ray_tcp_mode = "vless" ]] && echo -e "\nVLESS TCP UUID: ${VLTID}" &&
            echo -e "Método de criptografia VLESS: none" && echo -e "VLESS Host: ${TSP_Domain}"
        [[ $v2ray_ws_mode = "vmess" ]] && echo -e "\nVMess WS UUID: ${VMWSID}" && echo -e "VMess AlterID: $VMWSAID" &&
            echo -e "Método de criptografia VMess: Auto" && echo -e "VMess WebSocket Host: ${TSP_Domain}" && echo -e "VMess WebSocket Path: ${v2wspath}"
        [[ $v2ray_ws_mode = "vless" ]] && echo -e "\nVLESS WS UUID: ${VLWSID}" &&
            echo -e "Método de criptografia VLESS: none" && echo -e "VLESS WebSocket Host: ${TSP_Domain}" && echo -e "VLESS WebSocket Path: ${v2wspath}"
    fi

    echo -e "————————————————————————————————————————————————————\n"
    read -t 60 -n 1 -s -rp "Pressione qualquer tecla para continuar（60s）..."
    clear
}

info_links() {
    deployed_status_check
    cert_stat_check tls-shunt-proxy
    if [[ -f ${trojan_conf} && $trojan_stat = "installed" ]]; then
        echo -e "———————————————— Link de compartilhamento do Trojan-Go ————————————————" &&
            [[ $trojan_tcp_mode = true ]] && echo -e "\n Link de compartilhamento TLS do Trojan-Go TCP:" &&
            echo -e " ${Yellow}Cliente Trojan：${Font}\n trojan://${tjpassword}@${TSP_Domain}:${TSP_Port}?sni=${TSP_Domain}&allowinsecure=0&mux=0#${HOSTNAME}-TCP" &&
            echo ""
	    echo -e " ${Yellow}Cliente Qv2ray (plug-in trojan-go necessário) ：${Font}\n trojan-go://${tjpassword}@${TSP_Domain}:${TSP_Port}/?sni=${TSP_Domain}&type=original&host=${TSP_Domain}#${HOSTNAME}-TCP" &&
            echo ""
	    echo -e " ${Yellow}Código QR Shadowrocket：" &&
            qrencode -t ANSIUTF8 -s 1 -m 2 "trojan://${tjpassword}@${TSP_Domain}:${TSP_Port}?sni=${TSP_Domain}&peer=${TSP_Domain}&allowinsecure=0&mux=0#${HOSTNAME}-TCP"
        [[ $trojan_ws_mode = true ]] && echo -e "\n Link de compartilhamento Trojan-Go WebSocket TLS：" &&
            echo -e " ${Yellow}Cliente Trojan-Qt5：${Font}\n trojan://${tjpassword}@${TSP_Domain}:${TSP_Port}?sni=${TSP_Domain}&peer=${TSP_Domain}&allowinsecure=0&mux=1&ws=1&wspath=${tjwspath}&wshost=${TSP_Domain}#${HOSTNAME}-WS" &&
            echo ""
	    echo -e " ${Yellow}Cliente Qv2ray (plug-in trojan-go necessário) ：${Font}\n trojan-go://${tjpassword}@${TSP_Domain}:${TSP_Port}/?sni=${TSP_Domain}&type=ws&host=${TSP_Domain}&path=${tjwspath}#${HOSTNAME}-WS" &&
            echo ""
	    echo -e " ${Yellow}Código QR Shadowrocket：" &&
            qrencode -t ANSIUTF8 -s 1 -m 2 "trojan://${tjpassword}@${TSP_Domain}:${TSP_Port}?peer=${TSP_Domain}&mux=1&plugin=obfs-local;obfs=websocket;obfs-host=${TSP_Domain};obfs-uri=${tjwspath}#${HOSTNAME}-WS"
        read -t 60 -n 1 -s -rp "Pressione qualquer tecla para continuar（60s）..."
    fi

    if [[ -f ${v2ray_conf} && $v2ray_stat = "installed" ]]; then
        echo -e "\n—————————————————— V2Ray compartilhar link ——————————————————" &&
            [[ $v2ray_tcp_mode = "vmess" ]] && echo -e "\n VMess TCP TLS compartilhar link：" &&
            echo -e " Formato V2RayN：\n vmess://$(echo "{\"add\":\"${TSP_Domain}\",\"aid\":\"0\",\"host\":\"${TSP_Domain}\",\"peer\":\"${TSP_Domain}\",\"id\":\"${VMTID}\",\"net\":\"tcp\",\"port\":\"${TSP_Port}\",\"ps\":\"${HOSTNAME}-TCP\",\"tls\":\"tls\",\"type\":\"none\",\"v\":\"2\"}" | base64 -w 0)" &&
            echo -e " Novo formato de VMess：\n vmess://tcp+tls:${VMTID}-0@${TSP_Domain}:${TSP_Port}/?tlsServerName=${TSP_Domain}#$(urlEncode "${HOSTNAME}-TCP")" &&
            echo -e " Código QR Shadowrocket：" &&
            qrencode -t ANSIUTF8 -s 1 -m 2 "vmess://$(echo "auto:${VMTID}@${TSP_Domain}:${TSP_Port}" | base64 -w 0)?tls=1&mux=1&peer=${TSP_Domain}&allowInsecure=0&tfo=0&remarks=${HOSTNAME}-TCP"
        [[ $v2ray_ws_mode = "vmess" ]] && echo -e "\n Link de compartilhamento VMess WebSocket TLS：" &&
            echo -e " Formato V2RayN：\n vmess://$(echo "{\"add\":\"${TSP_Domain}\",\"aid\":\"0\",\"host\":\"${TSP_Domain}\",\"peer\":\"${TSP_Domain}\",\"id\":\"${VMWSID}\",\"net\":\"ws\",\"path\":\"${v2wspath}\",\"port\":\"${TSP_Port}\",\"ps\":\"${HOSTNAME}-WS\",\"tls\":\"tls\",\"type\":\"none\",\"v\":\"2\"}" | base64 -w 0)" &&
            echo -e " Novo formato de VMess：\n vmess://ws+tls:${VMWSID}-0@${TSP_Domain}:${TSP_Port}/?path=$(urlEncode "${v2wspath}")&host=${TSP_Domain}&tlsServerName=${TSP_Domain}#$(urlEncode "${HOSTNAME}-WS")" &&
            echo -e " Código QR Shadowrocket：" &&
            qrencode -t ANSIUTF8 -s 1 -m 2 "vmess://$(echo "auto:${VMWSID}@${TSP_Domain}:${TSP_Port}" | base64 -w 0)?tls=1&mux=1&peer=${TSP_Domain}&allowInsecure=0&tfo=0&remarks=${HOSTNAME}-WS&obfs=websocket&obfsParam=${TSP_Domain}&path=${v2wspath}"
        [[ $v2ray_tcp_mode = "vless" ]] && echo -e "\n VLESS TCP TLS compartilhar link：" &&
            echo -e " Novo formato VLESS：\n vless://${VLTID}@${TSP_Domain}:${TSP_Port}?security=tls&sni=${TSP_Domain}#$(urlEncode "${HOSTNAME}-TCP")"
        [[ $v2ray_ws_mode = "vless" ]] && echo -e "\n VLESS WebSocket TLS compartilhar link：" &&
            echo -e " Novo formato VLESS：\n vless://${VLWSID}@${TSP_Domain}:${TSP_Port}?type=ws&security=tls&host=${TSP_Domain}&path=$(urlEncode "${v2wspath}")&sni=${TSP_Domain}#$(urlEncode "${HOSTNAME}-WS")"
        read -t 60 -n 1 -s -rp "Pressione qualquer tecla para continuar（60s）..."
    fi

    if [[ -f ${v2ray_conf} || -f ${trojan_conf} ]]; then
        echo -e "\n——————————————————— Inscreva-se para obter informações sobre o link ———————————————————"
        rm -rf "$(grep '#Website' ${tsp_conf} | sed -r 's/.*: (.*) #.*/\1/')"/subscribe*
        cat >"$(grep '#Website' ${tsp_conf} | sed -r 's/.*: (.*) #.*/\1/')"/robots.txt <<-EOF
User-agent: *
Disallow: /
EOF
        subscribe_file="$(head -n 10 /dev/urandom | md5sum | head -c ${random_num})"
        subscribe_links | base64 -w 0 >"$(grep '#Website' ${tsp_conf} | sed -r 's/.*: (.*) #.*/\1/')"/subscribe"${subscribe_file}"
        echo -e "Link de inscrição：\n https://${TSP_Domain}/subscribe${subscribe_file} \n${Yellow}Observação: O link de inscrição gerado pelo script contém todas as informações de configuração do protocolo proxy atualmente implantadas no servidor. Para considerações de segurança da informação, o endereço do link será atualizado aleatoriamente sempre que você visualizá-lo!！\nAlém disso, como diferentes clientes têm diferentes graus de compatibilidade e suporte para o protocolo de proxy, ajuste-se de acordo com a situação real！${Font}"
        read -t 60 -n 1 -s -rp "Pressione qualquer tecla para continuar（60s）..."
    fi

    clear
}

subscribe_links() {
    if [[ -f ${trojan_conf} && $trojan_stat = "installed" ]]; then
        [[ $trojan_tcp_mode = true ]] &&
            echo -e "trojan://${tjpassword}@${TSP_Domain}:${TSP_Port}?sni=${TSP_Domain}&peer=${TSP_Domain}&allowinsecure=0&mux=0#${HOSTNAME}-TCP" &&
            echo -e "trojan-go://${tjpassword}@${TSP_Domain}:${TSP_Port}/?sni=${TSP_Domain}&type=original&host=${TSP_Domain}#${HOSTNAME}-Trojan-Go-TCP"
        [[ $trojan_ws_mode = true ]] &&
            echo -e "trojan-go://${tjpassword}@${TSP_Domain}:${TSP_Port}/?sni=${TSP_Domain}&type=ws&host=${TSP_Domain}&path=${tjwspath}#${HOSTNAME}-Trojan-Go-WS" &&
            echo -e "trojan://${tjpassword}@${TSP_Domain}:${TSP_Port}?peer=${TSP_Domain}&mux=1&plugin=obfs-local;obfs=websocket;obfs-host=${TSP_Domain};obfs-uri=${tjwspath}#${HOSTNAME}-Trojan-Go-WS"
    fi

    if [[ -f ${v2ray_conf} && $v2ray_stat = "installed" ]]; then
        [[ $v2ray_tcp_mode = "vmess" ]] &&
            echo -e "vmess://$(echo "{\"add\":\"${TSP_Domain}\",\"aid\":\"0\",\"host\":\"${TSP_Domain}\",\"peer\":\"${TSP_Domain}\",\"id\":\"${VMTID}\",\"net\":\"tcp\",\"port\":\"${TSP_Port}\",\"ps\":\"${HOSTNAME}-TCP\",\"tls\":\"tls\",\"type\":\"none\",\"v\":\"2\"}" | base64 -w 0)" &&
            echo -e "vmess://tcp+tls:${VMTID}-0@${TSP_Domain}:${TSP_Port}/?tlsServerName=${TSP_Domain}#$(urlEncode "${HOSTNAME}-Novo formato - TCP")"
        [[ $v2ray_ws_mode = "vmess" ]] &&
            echo -e "vmess://$(echo "{\"add\":\"${TSP_Domain}\",\"aid\":\"0\",\"host\":\"${TSP_Domain}\",\"peer\":\"${TSP_Domain}\",\"id\":\"${VMWSID}\",\"net\":\"ws\",\"path\":\"${v2wspath}\",\"port\":\"${TSP_Port}\",\"ps\":\"${HOSTNAME}-WS\",\"tls\":\"tls\",\"type\":\"none\",\"v\":\"2\"}" | base64 -w 0)" &&
            echo -e "vmess://ws+tls:${VMWSID}-0@${TSP_Domain}:${TSP_Port}/?path=$(urlEncode "${v2wspath}")&host=${TSP_Domain}&tlsServerName=${TSP_Domain}#$(urlEncode "${HOSTNAME}-Novo formato-WS")"
        [[ $v2ray_tcp_mode = "vless" ]] &&
            echo -e "vless://${VLTID}@${TSP_Domain}:${TSP_Port}?security=tls&sni=${TSP_Domain}#$(urlEncode "${HOSTNAME}-TCP")"
        [[ $v2ray_ws_mode = "vless" ]] &&
            echo -e "vless://${VLWSID}@${TSP_Domain}:${TSP_Port}?type=ws&security=tls&host=${TSP_Domain}&path=$(urlEncode "${v2wspath}")&sni=${TSP_Domain}#$(urlEncode "${HOSTNAME}-WS")"
    fi
}

cert_stat_check() {
    echo -e "${OK} ${GreenBG} Verifique as informações de status do certificado... ${Font}"
    if systemctl is-active "$1" &>/dev/null; then
        [[ $1 = "tls-shunt-proxy" ]] && [[ ! -f ${tsp_cert_dir}/${TSP_Domain}/${TSP_Domain}.crt || ! -f ${tsp_cert_dir}/${TSP_Domain}/${TSP_Domain}.json || ! -f ${tsp_cert_dir}/${TSP_Domain}/${TSP_Domain}.key ]] &&
            echo -e "${Yellow}Nenhum certificado SSL válido foi detectado, execute o seguinte comando：\n#systemctl restart tls-shunt-proxy\n#journalctl -u tls-shunt-proxy.service\nVerifique o log e execute novamente o script depois que o aplicativo de certificado for concluído${Font}" && exit 4
    fi
}

menu_req_check() {
    if systemctl is-active "$1" &>/dev/null; then
        [[ $debug = "enable" ]] && echo -e "${OK} ${GreenBG} $1 Começou ${Font}"
    else
        echo -e "\n${Error} ${RedBG} Foi detectado que o serviço $1 não foi iniciado com sucesso. De acordo com a dependência, as seguintes opções serão bloqueadas, corrija e tente novamente... ${Font}"
        [[ $1 = "tls-shunt-proxy" ]] && echo -e "${Yellow}[Shield] Instalar proxy TCP / WS (Trojan-Go / V2Ray) \nModificação de configuração [Shield] (Trojan-Go / V2Ray) \n[Block] Ver informações de configuração${Font}"
        [[ $1 = "docker" ]] && echo -e "${Yellow}[Shield] Instalar / desinstalar WatchTower (atualizar automaticamente o contêiner) \n[Shield] Instalar / desinstalar Portainer（Contêiner de gerenciamento da web）${Font}"
        read -t 60 -n 1 -s -rp "Pressione qualquer tecla para continuar（60s）..."
    fi
}

menu() {
    deployed_status_check
    echo -e "\n${Green}     Versão do script de implantação TSP e Trojan-Go / V2Ray: ${shell_version} ${Font}"
    echo -e "——————————————————————Gerenciamento de implantação——————————————————————"
    if [[ $tsp_stat = "installed" ]]; then
        echo -e "${Green}1.${Font}  ${Yellow}Desinstalar${Font} TLS-Shunt-Proxy"
    else
        echo -e "${Green}1.${Font}  Instalar TLS-Shunt-Proxy（Certificado de gerenciamento de site e automático）"
    fi
    systemctl is-active "tls-shunt-proxy" &>/dev/null &&
        if [[ $trojan_stat = "none" ]]; then
            echo -e "${Green}2.${Font}  Instalar proxy TCP / WS Trojan-Go"
        else
            echo -e "${Green}2.${Font}  ${Yellow}Desinstalar${Font} Proxy Trojan-Go TCP / WS"
        fi
    systemctl is-active "tls-shunt-proxy" &>/dev/null &&
        if [[ $v2ray_stat = "none" ]]; then
            echo -e "${Green}3.${Font} Instalar proxy TCP / WS V2Ray"
        else
            echo -e "${Green}3.${Font}  ${Yellow}Desinstalar${Font} Proxy TCP / WS V2Ray"
        fi
    systemctl is-active "docker" &>/dev/null &&
        if [[ $watchtower_stat = "none" ]]; then
            echo -e "${Green}4.${Font}  Instalar WatchTower (atualizar automaticamente o contêiner)"
        else
            echo -e "${Green}4.${Font}  ${Yellow}Desinstalar${Font} WatchTower (atualiza automaticamente o contêiner)"
        fi
    systemctl is-active "docker" &>/dev/null &&
        if [[ $portainer_stat = "none" ]]; then
            echo -e "${Green}5.${Font}  Instalar Portainer (Web Management Container)"
        else
            echo -e "${Green}5.${Font}  ${Yellow}Desinstalar${Font} Portainer (contêiner de gerenciamento da Web)"
        fi
    systemctl is-active "tls-shunt-proxy" &>/dev/null &&
        echo -e "——————————————————————Modificação de configuração——————————————————————" &&
        echo -e "${Green}6.${Font}  Modificar porta TLS / nome de domínio" &&
        [[ $trojan_stat = "installed" && -f ${trojan_conf} ]] && echo -e "${Green}7.${Font}  Modificar a configuração do proxy Trojan-Go"
    systemctl is-active "tls-shunt-proxy" &>/dev/null &&
        [[ $v2ray_stat = "installed" && -f ${v2ray_conf} ]] && echo -e "${Green}8.${Font}  Modificar a configuração do proxy V2Ray"
    systemctl is-active "tls-shunt-proxy" &>/dev/null &&
        echo -e "——————————————————————Ver informação——————————————————————" &&
        echo -e "${Green}9.${Font}  Ver informações de configuração" &&
        [[ $trojan_stat = "installed" || $v2ray_stat = "installed" ]] && echo -e "${Green}10.${Font} Ver link compartilhar / assinar"
    echo -e "——————————————————————Gestão Diversa——————————————————————"
    [ -f ${tsp_conf} ] && echo -e "${Green}11.${Font} Atualizar plataforma base TLS-Shunt-Proxy / Docker" &&
        echo -e "${Green}12.${Font} ${Yellow}Desinstalar${Font} Todos os componentes instalados"
    echo -e "${Green}13.${Font} Instale o script 4 em 1 BBR Rui Su"
    echo -e "${Green}14.${Font} Execute o script de teste SuperSpeed"
    echo -e "${Green}0.${Font}  Sair do script "
    echo -e "————————————————————————————————————————————————————\n"
    read -rp "Por favor insira o número：" menu_num
    case "$menu_num" in
    1)
        if [[ $tsp_stat = "installed" ]]; then
            uninstall_tsp
        else
            install_tls_shunt_proxy
            tsp_sync
        fi
        ;;
    2)
        systemctl is-active "tls-shunt-proxy" &>/dev/null &&
            if [[ $trojan_stat = "none" ]]; then
                install_trojan
            else
                uninstall_trojan
            fi
        ;;
    3)
        systemctl is-active "tls-shunt-proxy" &>/dev/null &&
            if [[ $v2ray_stat = "none" ]]; then
                install_v2ray
            else
                uninstall_v2ray
            fi
        ;;
    4)
        systemctl is-active "docker" &>/dev/null &&
            if [[ $watchtower_stat = "none" ]]; then
                install_watchtower
            else
                uninstall_watchtower
            fi
        ;;
    5)
        systemctl is-active "docker" &>/dev/null &&
            if [[ $portainer_stat = "none" ]]; then
                install_portainer
            else
                uninstall_portainer
            fi
        ;;
    6)
        systemctl is-active "tls-shunt-proxy" &>/dev/null && modify_tsp
        ;;
    7)
        systemctl is-active "tls-shunt-proxy" &>/dev/null && [[ -f ${trojan_conf} && $trojan_stat = "installed" ]] && modify_trojan
        ;;
    8)
        systemctl is-active "tls-shunt-proxy" &>/dev/null && [[ -f ${v2ray_conf} && $v2ray_stat = "installed" ]] && modify_v2ray
        ;;
    9)
        systemctl is-active "tls-shunt-proxy" &>/dev/null && info_config
        ;;
    10)
        systemctl is-active "tls-shunt-proxy" &>/dev/null && info_links
        ;;
    11)
        [ -f ${tsp_conf} ] && read -rp "Confirme se deseja atualizar o componente shunt TLS-Shunt-Proxy，(Y/N) [N]:" upgrade_mode
        [[ -z ${upgrade_mode} ]] && upgrade_mode="none"
        case $upgrade_mode in
        [yY])
            echo -e "${GreenBG} Comece a atualizar o componente shunt TLS-Shunt-Proxy ${Font}"
            upgrade_mode="Tsp"
            sleep 1
            upgrade_tsp
            ;;
        *)
            echo -e "${GreenBG} Pule para atualizar o componente shunt TLS-Shunt-Proxy ${Font}"
            ;;
        esac
        [ -f ${tsp_conf} ] && read -rp "Confirme se deseja atualizar os componentes da plataforma Docker，(Y/N) [N]:" upgrade_mode
        [[ -z ${upgrade_mode} ]] && upgrade_mode="none"
        case $upgrade_mode in
        [yY])
            echo -e "${GreenBG} Comece a atualizar os componentes da plataforma Docker ${Font}"
            upgrade_mode="Docker"
            sleep 1
            install_docker
            ;;
        *)
            echo -e "${GreenBG} Pular a atualização dos componentes da plataforma Docker ${Font}"
            ;;
        esac
        ;;
    12)
        [ -f ${tsp_conf} ] && uninstall_all
        ;;
    13)
        kernel_change="YES"
        systemctl is-active "docker" &>/dev/null && echo -e "${RedBG} !!!Como o Docker está intimamente relacionado ao kernel do sistema, alterar o kernel do sistema pode fazer com que o Docker fique inutilizável!!! ${Font}\n${WARN} ${Yellow} 如果内核更换后 Docker 无法正常启动，请尝试通过 脚本 <选项10:升级 Docker> 修复 或 <选项11:完全卸载> 后重新部署 ${Font}" &&
            read -rp "Depois de confirmar, digite YES (diferencia maiúsculas de minúsculas):" kernel_change
        [[ -z ${kernel_change} ]] && kernel_change="no"
        case $kernel_change in
        YES)
            [ -f "tcp.sh" ] && rm -rf ./tcp.sh
            wget -N --no-check-certificate "https://raw.githubusercontent.com/ylx2016/Linux-NetSpeed/master/tcpx.sh" && chmod +x tcpx.sh && ./tcpx.sh
            ;;
        *)
            echo -e "${RedBG} Deixe-me pensar de novo ${Font}"
            exit 0
            ;;
        esac
        ;;
    14)
        bash <(curl -Lso- https://git.io/superspeed)
        ;;
    0)
        exit 0
        ;;
    *)
        echo -e "${RedBG} Por favor insira o número correto ${Font}"
        sleep 3
        ;;
    esac
    menu
}

clear
check_system
is_root
update_sh
list "$1"