diff --git a/run.sh b/run.sh index c575414..06d5972 100755 --- a/run.sh +++ b/run.sh @@ -21,7 +21,7 @@ usage() { # echo " --ssa [port=443,]user=password1:method1[,user=password2:method2]" # echo " --sst [port=443,]user=passwd,method=xxxx" echo " --ng-opt [p=443,]d=domain.com" - echo " --ng-proxy [h=127.0.0.1,]p=8443,l=location,n=ws|grpc" + echo " --ng-proxy [d=domain.com,][h=127.0.0.1,]p=8443,l=location,n=ws|grpc" echo " -k|--hook [Optional] DDNS update or notifing URL to be hit" echo " -r|--request-domain [Optional] Domain name to request for letsencrypt cert" echo " -c|--cert-path [Optional] Reading TLS certs from folder //" @@ -61,19 +61,19 @@ while true ; do shift 2 ;; --ng-opt) - NGOPT=$2 + NGOPT+=("$2") shift 2 ;; --ng-proxy) NGPROXY+=("$2") shift 2 ;; - --) - shift - break - ;; + --) + shift + break + ;; *) - echo "Get: $1" + echo "Unknown option: $1" usage; exit 1 ;; @@ -139,7 +139,11 @@ if [ -n "${SVCMD}" ]; then fi if [ -n "${NGOPT}" ]; then - ngcmd="${DIR}server-nginx.sh --ng-opt ${NGOPT},$xopt" + ngcmd="${DIR}server-nginx.sh" + for ngopt in "${NGOPT[@]}" + do + ngcmd="${ngcmd} --ng-opt ${ngopt},$xopt" + done for ngproxy in "${NGPROXY[@]}" do ngcmd="${ngcmd} --ng-proxy ${ngproxy}" diff --git a/server-nginx.sh b/server-nginx.sh index 76a5c04..f9db3c6 100755 --- a/server-nginx.sh +++ b/server-nginx.sh @@ -14,7 +14,7 @@ eval set -- "$TEMP" while true ; do case "$1" in -o|--ng-opt) - NGOPT="$2" + NGOPT+=("$2") shift 2 ;; -x|--ng-proxy) @@ -33,76 +33,88 @@ while true ; do esac done -options=(`echo $NGOPT |tr ',' ' '`) -for option in "${options[@]}" -do - kv=(`echo $option |tr '=' ' '`) - case "${kv[0]}" in - c|certpath) - certpath+=("${kv[1]}") - ;; - p|port) - port="${kv[1]}" - ;; - d|domain) - domain="${kv[1]}" - ;; - esac -done - -if [ -z "${certpath}" ]; then - echo "Error: certpath undefined." - usage +if [ -z "${NGOPT}" ]; then + echo "Missing --ng-opt option" + usage; exit 1 fi -if [ -z "${port}" ]; then - port=443 -fi - -if [ -z "${domain}" ]; then - echo "Error: domain undefined." - usage +if [ -z "${NGPROXY}" ]; then + echo "Missing --ng-proxy option" + usage; exit 1 fi -if ! [ "${port}" -eq "${port}" ] 2>/dev/null; then >&2 echo "Port number must be numeric"; exit 1; fi - -for certroot in "${certpath[@]}" -do - if [ -f "${certroot}/${domain}/fullchain.cer" ] && [ -f "${certroot}/${domain}/${domain}.key" ]; then - fullchain="${certroot}/${domain}/fullchain.cer" - prvkey="${certroot}/${domain}/${domain}.key" - break - fi -done - -if [ ! -f "${fullchain}" ] || [ ! -f "${prvkey}" ]; then - echo "TLS cert missing?" - echo "Abort." - exit 2 -fi - # Running as root to enable low port listening. Necessary for Fargate or k8s. sed -i 's/^user nginx;$/user root;/g' /etc/nginx/nginx.conf mkdir -p /run/nginx/ - cd /etc/nginx/http.d/ - if [ -f /etc/nginx/http.d/default.conf ]; then mv default.conf default.conf.disable fi -TPL="site-ssl.conf.tpl" +for ngopt in "${NGOPT[@]}" +do + unset certpath + options=(`echo $ngopt |tr ',' ' '`) + for option in "${options[@]}" + do + kv=(`echo $option |tr '=' ' '`) + case "${kv[0]}" in + c|certpath) + certpath+=("${kv[1]}") + ;; + p|port) + port="${kv[1]}" + ;; + d|domain) + domain="${kv[1]}" + DOMAIN+=("${kv[1]}") + ;; + esac + done -ESC_CERTFILE=$(printf '%s\n' "${fullchain}" | sed -e 's/[]\/$*.^[]/\\&/g') -ESC_PRVKEYFILE=$(printf '%s\n' "${prvkey}" | sed -e 's/[]\/$*.^[]/\\&/g') -cat ${TPL} \ - | sed "s/CERTFILE/${ESC_CERTFILE}/g" \ - | sed "s/PRVKEYFILE/${ESC_PRVKEYFILE}/g" \ - | sed "s/NGDOMAIN/${domain}/g" \ - | sed "s/NGPORT/${port}/g" \ - >site-xray.conf + if [ -z "${certpath}" ]; then + echo "Error: certpath undefined." + usage + exit 1 + fi + + if [ -z "${domain}" ]; then + echo "Error: domain undefined." + usage + exit 1 + fi + + if [ -z "${port}" ]; then port=443; fi + if ! [ "${port}" -eq "${port}" ] 2>/dev/null; then >&2 echo "Port number must be numeric"; exit 1; fi + + for certroot in "${certpath[@]}" + do + if [ -f "${certroot}/${domain}/fullchain.cer" ] && [ -f "${certroot}/${domain}/${domain}.key" ]; then + fullchain="${certroot}/${domain}/fullchain.cer" + prvkey="${certroot}/${domain}/${domain}.key" + break + fi + done + + if [ ! -f "${fullchain}" ] || [ ! -f "${prvkey}" ]; then + echo "TLS cert missing?" + echo "Abort." + exit 2 + fi + + TPL="site-ssl.conf.tpl" + + ESC_CERTFILE=$(printf '%s\n' "${fullchain}" | sed -e 's/[]\/$*.^[]/\\&/g') + ESC_PRVKEYFILE=$(printf '%s\n' "${prvkey}" | sed -e 's/[]\/$*.^[]/\\&/g') + cat ${TPL} \ + | sed "s/CERTFILE/${ESC_CERTFILE}/g" \ + | sed "s/PRVKEYFILE/${ESC_PRVKEYFILE}/g" \ + | sed "s/NGDOMAIN/${domain}/g" \ + | sed "s/NGPORT/${port}/g" \ + >"${domain}.conf" +done for ngproxy in "${NGPROXY[@]}" do @@ -111,6 +123,9 @@ do do kv=(`echo $option |tr '=' ' '`) case "${kv[0]}" in + d|domain) + xdomain+=("${kv[1]}") + ;; h|host) xhost="${kv[1]}" ;; @@ -127,20 +142,24 @@ do done if [ -z "${xhost}" ]; then xhost="127.0.0.1"; fi + if [ -z "${xdomain}" ]; then xdomain=("${DOMAIN[@]}"); fi - # Replace the last(only) single line '}' with specific tpl file, hence insert a new section into the Nginx config file - case "${xnetwork}" in - ws|websocket) - sed -i -e "/^\}$/r ws.tpl" -e "/^\}$/d" site-xray.conf - ;; - grpc) - sed -i -e "/^\}$/r grpc.tpl" -e "/^\}$/d" site-xray.conf - ;; - esac - # Then add '}' to the end of the Nginx config file - echo -e "\n}" >> site-xray.conf - ESC_LOCATION=$(printf '%s\n' "${xlocation}" | sed -e 's/[]\/$*.^[]/\\&/g') - sed -i "s/HOST/${xhost}/g" site-xray.conf - sed -i "s/PORT/${xport}/g" site-xray.conf - sed -i "s/LOCATION/${ESC_LOCATION}/g" site-xray.conf + for domain in "${xdomain[@]}" + do + # Replace the last(only) single line '}' with specific tpl file, hence insert a new section into the Nginx config file + case "${xnetwork}" in + ws|websocket) + sed -i -e "/^\}$/r ws.tpl" -e "/^\}$/d" ${domain}.conf + ;; + grpc) + sed -i -e "/^\}$/r grpc.tpl" -e "/^\}$/d" ${domain}.conf + ;; + esac + # Then add '}' to the end of the Nginx config file + echo -e "\n}" >> ${domain}.conf + ESC_LOCATION=$(printf '%s\n' "${xlocation}" | sed -e 's/[]\/$*.^[]/\\&/g') + sed -i "s/HOST/${xhost}/g" ${domain}.conf + sed -i "s/PORT/${xport}/g" ${domain}.conf + sed -i "s/LOCATION/${ESC_LOCATION}/g" ${domain}.conf + done done