-
Notifications
You must be signed in to change notification settings - Fork 3.6k
/
i.sh
executable file
·256 lines (200 loc) · 5.31 KB
/
i.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
#!/usr/bin/env bash
{ # this ensures the entire script is downloaded #
JSPROXY_VER=0.1.0
OPENRESTY_VER=1.15.8.1
SRC_URL=https://raw.githubusercontent.com/EtherDream/jsproxy/$JSPROXY_VER
BIN_URL=https://raw.githubusercontent.com/EtherDream/jsproxy-bin/master
ZIP_URL=https://codeload.github.com/EtherDream/jsproxy/tar.gz
SUPPORTED_OS="Linux-x86_64"
OS="$(uname)-$(uname -m)"
USER=$(whoami)
INSTALL_DIR=/home/jsproxy
NGX_DIR=$INSTALL_DIR/openresty
DOMAIN_SUFFIX=(
xip.io
nip.io
sslip.io
)
GET_IP_API=(
https://api.ipify.org
https://bot.whatismyipaddress.com/
)
COLOR_RESET="\033[0m"
COLOR_RED="\033[31m"
COLOR_GREEN="\033[32m"
COLOR_YELLOW="\033[33m"
output() {
local color=$1
shift 1
local sdata=$@
local stime=$(date "+%H:%M:%S")
printf "$color[jsproxy $stime]$COLOR_RESET $sdata\n"
}
log() {
output $COLOR_GREEN $1
}
warn() {
output $COLOR_YELLOW $1
}
err() {
output $COLOR_RED $1
}
gen_cert() {
local ip=""
for i in ${GET_IP_API[@]}; do
log "服务器公网 IP 获取中,通过接口 $i"
ip=$(curl -s $i)
if [[ ! $ip ]]; then
warn "获取失败"
continue
fi
if ! grep -qP "^\d+\.\d+\.\d+\.\d+$" <<< $ip; then
warn "无效 IP:$ip"
continue
fi
break
done
if [[ $ip ]]; then
log "服务器公网 IP: $ip"
else
err "服务器公网 IP 获取失败,无法申请证书"
exit 1
fi
log "安装 acme.sh 脚本 ..."
curl https://raw.githubusercontent.com/Neilpang/acme.sh/master/acme.sh | INSTALLONLINE=1 sh
local acme=~/.acme.sh/acme.sh
local domains=()
if [[ $@ ]]; then
for i in $@; do
domains+=($i)
done
else
warn "未指定域名,使用公共测试域名"
for i in ${DOMAIN_SUFFIX[@]}; do
domains+=($ip.$i)
done
fi
for domain in ${domains[@]}; do
echo "校验域名 $domain ..."
local ret=$(getent ahosts $domain | head -n1 | awk '{print $1}')
if [[ $ret != $ip ]]; then
err "域名 $domain 解析结果: $ret,非本机公网 IP: $ip"
continue
fi
log "尝试为域名 $domain 申请证书 ..."
local dist=server/cert/$domain
mkdir -p $dist
$acme \
--issue \
-d $domain \
--keylength ec-256 \
--webroot server/acme
$acme \
--install-cert \
-d $domain \
--ecc \
--key-file $dist/ecc.key \
--fullchain-file $dist/ecc.cer
if [ -s $dist/ecc.key ] && [ -s $dist/ecc.cer ]; then
echo "# generated by i.sh
listen 8443 ssl http2;
ssl_certificate cert/$domain/ecc.cer;
ssl_certificate_key cert/$domain/ecc.key;
" > server/cert/cert.conf
local url=https://$domain:8443
echo "
$url 'mysite';" >> server/allowed-sites.conf
log "证书申请完成,重启服务 ..."
server/run.sh reload
log "在线预览: $url"
break
fi
err "证书申请失败!(80 端口是否添加到防火墙)"
rm -rf $dist
done
}
install() {
cd $INSTALL_DIR
log "下载 nginx 程序 ..."
curl -O $BIN_URL/$OS/openresty-$OPENRESTY_VER.tar.gz
tar zxf openresty-$OPENRESTY_VER.tar.gz
rm -f openresty-$OPENRESTY_VER.tar.gz
local ngx_exe=$NGX_DIR/nginx/sbin/nginx
local ngx_ver=$($ngx_exe -v 2>&1)
if [[ "$ngx_ver" != *"nginx version:"* ]]; then
err "$ngx_exe 无法执行!尝试编译安装"
exit 1
fi
log "$ngx_ver"
log "nginx path: $NGX_DIR"
log "下载代理服务 ..."
curl -o jsproxy.tar.gz $ZIP_URL/$JSPROXY_VER
tar zxf jsproxy.tar.gz
rm -f jsproxy.tar.gz
log "下载静态资源 ..."
curl -o www.tar.gz $ZIP_URL/gh-pages
tar zxf www.tar.gz -C jsproxy-$JSPROXY_VER/www --strip-components=1
rm -f www.tar.gz
if [ -x server/run.sh ]; then
warn "尝试停止当前服务 ..."
server/run.sh quit
fi
if [ -d server ]; then
local backup="$INSTALL_DIR/bak/$(date +%Y_%m_%d_%H_%M_%S)"
warn "当前 server 目录备份到 $backup"
mkdir -p $backup
mv server $backup
fi
mv jsproxy-$JSPROXY_VER server
log "启动服务 ..."
server/run.sh
log "服务已开启"
shift 1
gen_cert $@
}
main() {
log "自动安装脚本开始执行"
if [[ "$SUPPORTED_OS" != *"$OS"* ]]; then
err "当前系统 $OS 不支持自动安装。尝试编译安装"
exit 1
fi
if [[ "$USER" != "root" ]]; then
err "自动安装需要 root 权限。如果无法使用 root,尝试编译安装"
exit 1
fi
local cmd
if [[ $0 == *"i.sh" ]]; then
warn "本地调试模式"
local dst=/home/jsproxy/i.sh
cp $0 $dst
chown jsproxy:nobody $dst
if [[ $1 == "-s" ]]; then
shift 1
fi
cmd="bash $dst install $@"
else
cmd="curl -s $SRC_URL/i.sh | bash -s install $@"
fi
iptables \
-t nat \
-I PREROUTING 1 \
-p tcp --dport 80 \
-j REDIRECT \
--to-ports 8080
if ! id -u jsproxy > /dev/null 2>&1 ; then
log "创建用户 jsproxy ..."
groupadd nobody > /dev/null 2>&1
useradd jsproxy -g nobody --create-home
fi
log "切换到 jsproxy 用户,执行安装脚本 ..."
su - jsproxy -c "$cmd"
local line=$(iptables -t nat -nL --line-numbers | grep "tcp dpt:80 redir ports 8080")
iptables -t nat -D PREROUTING ${line%% *}
log "安装完成。后续维护参考 https://github.com/EtherDream/jsproxy"
}
if [[ $1 == "install" ]]; then
install $@
else
main $@
fi
} # this ensures the entire script is downloaded #