2gW94/server-xray
1
0
Fork 0
mirror of https://github.com/samuelhbne/server-xray.git synced 2025-12-17 04:14:40 +03:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Initial multiple Nginx domain support

Browse Source
This commit is contained in:
Samuel Huang
2021-09-22 21:48:05 +10:00
parent 9ea2691808
commit 6161f1b64c
2 changed files with 102 additions and 79 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
run.sh
View File

@@ -21,7 +21,7 @@ usage() {
# echo " --ssa <Shadowsocks-AEAD option> [port=443,]user=password1:method1[,user=password2:method2]" # echo " --ssa <Shadowsocks-AEAD option> [port=443,]user=password1:method1[,user=password2:method2]"
# echo " --sst <Shadowsocks-TCP option> [port=443,]user=passwd,method=xxxx" # echo " --sst <Shadowsocks-TCP option> [port=443,]user=passwd,method=xxxx"
echo " --ng-opt <nginx-options> [p=443,]d=domain.com" echo " --ng-opt <nginx-options> [p=443,]d=domain.com"
echo " --ng-proxy <nginx-proxy-options> [h=127.0.0.1,]p=8443,l=location,n=ws|grpc" echo " --ng-proxy <nginx-proxy-options> [d=domain.com,][h=127.0.0.1,]p=8443,l=location,n=ws|grpc"
echo " -k|--hook <hook-url> [Optional] DDNS update or notifing URL to be hit" echo " -k|--hook <hook-url> [Optional] DDNS update or notifing URL to be hit"
echo " -r|--request-domain <domain-name> [Optional] Domain name to request for letsencrypt cert" echo " -r|--request-domain <domain-name> [Optional] Domain name to request for letsencrypt cert"
echo " -c|--cert-path <cert-path-root> [Optional] Reading TLS certs from folder <cert-path-root>/<domain-name>/" echo " -c|--cert-path <cert-path-root> [Optional] Reading TLS certs from folder <cert-path-root>/<domain-name>/"
@@ -61,19 +61,19 @@ while true ; do
shift 2 shift 2
;; ;;
--ng-opt) --ng-opt)
NGOPT=$2 NGOPT+=("$2")
shift 2 shift 2
;; ;;
--ng-proxy) --ng-proxy)
NGPROXY+=("$2") NGPROXY+=("$2")
shift 2 shift 2
;; ;;
--) --)
shift shift
break break
;; ;;
*) *)
echo "Get: $1" echo "Unknown option: $1"
usage; usage;
exit 1 exit 1
;; ;;
@@ -139,7 +139,11 @@ if [ -n "${SVCMD}" ]; then
fi fi
if [ -n "${NGOPT}" ]; then if [ -n "${NGOPT}" ]; then
ngcmd="${DIR}server-nginx.sh --ng-opt ${NGOPT},$xopt" ngcmd="${DIR}server-nginx.sh"
for ngopt in "${NGOPT[@]}"
do
ngcmd="${ngcmd} --ng-opt ${ngopt},$xopt"
done
for ngproxy in "${NGPROXY[@]}" for ngproxy in "${NGPROXY[@]}"
do do
ngcmd="${ngcmd} --ng-proxy ${ngproxy}" ngcmd="${ngcmd} --ng-proxy ${ngproxy}"

161
server-nginx.sh
View File

@@ -14,7 +14,7 @@ eval set -- "$TEMP"
while true ; do while true ; do
case "$1" in case "$1" in
-o|--ng-opt) -o|--ng-opt)
NGOPT="$2" NGOPT+=("$2")
shift 2 shift 2
;; ;;
-x|--ng-proxy) -x|--ng-proxy)
@@ -33,76 +33,88 @@ while true ; do
esac esac
done done
options=(`echo $NGOPT |tr ',' ' '`) if [ -z "${NGOPT}" ]; then
for option in "${options[@]}" echo "Missing --ng-opt option"
do usage;
kv=(`echo $option |tr '=' ' '`)
case "${kv[0]}" in
c|certpath)
certpath+=("${kv[1]}")
;;
p|port)
port="${kv[1]}"
;;
d|domain)
domain="${kv[1]}"
;;
esac
done
if [ -z "${certpath}" ]; then
echo "Error: certpath undefined."
usage
exit 1 exit 1
fi fi
if [ -z "${port}" ]; then if [ -z "${NGPROXY}" ]; then
port=443 echo "Missing --ng-proxy option"
fi usage;
if [ -z "${domain}" ]; then
echo "Error: domain undefined."
usage
exit 1 exit 1
fi fi
if ! [ "${port}" -eq "${port}" ] 2>/dev/null; then >&2 echo "Port number must be numeric"; exit 1; fi
for certroot in "${certpath[@]}"
do
if [ -f "${certroot}/${domain}/fullchain.cer" ] && [ -f "${certroot}/${domain}/${domain}.key" ]; then
fullchain="${certroot}/${domain}/fullchain.cer"
prvkey="${certroot}/${domain}/${domain}.key"
break
fi
done
if [ ! -f "${fullchain}" ] || [ ! -f "${prvkey}" ]; then
echo "TLS cert missing?"
echo "Abort."
exit 2
fi
# Running as root to enable low port listening. Necessary for Fargate or k8s. # Running as root to enable low port listening. Necessary for Fargate or k8s.
sed -i 's/^user nginx;$/user root;/g' /etc/nginx/nginx.conf sed -i 's/^user nginx;$/user root;/g' /etc/nginx/nginx.conf
mkdir -p /run/nginx/ mkdir -p /run/nginx/
cd /etc/nginx/http.d/ cd /etc/nginx/http.d/
if [ -f /etc/nginx/http.d/default.conf ]; then if [ -f /etc/nginx/http.d/default.conf ]; then
mv default.conf default.conf.disable mv default.conf default.conf.disable
fi fi
TPL="site-ssl.conf.tpl" for ngopt in "${NGOPT[@]}"
do
unset certpath
options=(`echo $ngopt |tr ',' ' '`)
for option in "${options[@]}"
do
kv=(`echo $option |tr '=' ' '`)
case "${kv[0]}" in
c|certpath)
certpath+=("${kv[1]}")
;;
p|port)
port="${kv[1]}"
;;
d|domain)
domain="${kv[1]}"
DOMAIN+=("${kv[1]}")
;;
esac
done
ESC_CERTFILE=$(printf '%s\n' "${fullchain}" | sed -e 's/[]\/$*.^[]/\\&/g') if [ -z "${certpath}" ]; then
ESC_PRVKEYFILE=$(printf '%s\n' "${prvkey}" | sed -e 's/[]\/$*.^[]/\\&/g') echo "Error: certpath undefined."
cat ${TPL} \ usage
| sed "s/CERTFILE/${ESC_CERTFILE}/g" \ exit 1
| sed "s/PRVKEYFILE/${ESC_PRVKEYFILE}/g" \ fi
| sed "s/NGDOMAIN/${domain}/g" \
| sed "s/NGPORT/${port}/g" \ if [ -z "${domain}" ]; then
>site-xray.conf echo "Error: domain undefined."
usage
exit 1
fi
if [ -z "${port}" ]; then port=443; fi
if ! [ "${port}" -eq "${port}" ] 2>/dev/null; then >&2 echo "Port number must be numeric"; exit 1; fi
for certroot in "${certpath[@]}"
do
if [ -f "${certroot}/${domain}/fullchain.cer" ] && [ -f "${certroot}/${domain}/${domain}.key" ]; then
fullchain="${certroot}/${domain}/fullchain.cer"
prvkey="${certroot}/${domain}/${domain}.key"
break
fi
done
if [ ! -f "${fullchain}" ] || [ ! -f "${prvkey}" ]; then
echo "TLS cert missing?"
echo "Abort."
exit 2
fi
TPL="site-ssl.conf.tpl"
ESC_CERTFILE=$(printf '%s\n' "${fullchain}" | sed -e 's/[]\/$*.^[]/\\&/g')
ESC_PRVKEYFILE=$(printf '%s\n' "${prvkey}" | sed -e 's/[]\/$*.^[]/\\&/g')
cat ${TPL} \
| sed "s/CERTFILE/${ESC_CERTFILE}/g" \
| sed "s/PRVKEYFILE/${ESC_PRVKEYFILE}/g" \
| sed "s/NGDOMAIN/${domain}/g" \
| sed "s/NGPORT/${port}/g" \
>"${domain}.conf"
done
for ngproxy in "${NGPROXY[@]}" for ngproxy in "${NGPROXY[@]}"
do do
@@ -111,6 +123,9 @@ do
do do
kv=(`echo $option |tr '=' ' '`) kv=(`echo $option |tr '=' ' '`)
case "${kv[0]}" in case "${kv[0]}" in
d|domain)
xdomain+=("${kv[1]}")
;;
h|host) h|host)
xhost="${kv[1]}" xhost="${kv[1]}"
;; ;;
@@ -127,20 +142,24 @@ do
done done
if [ -z "${xhost}" ]; then xhost="127.0.0.1"; fi if [ -z "${xhost}" ]; then xhost="127.0.0.1"; fi
if [ -z "${xdomain}" ]; then xdomain=("${DOMAIN[@]}"); fi
# Replace the last(only) single line '}' with specific tpl file, hence insert a new section into the Nginx config file for domain in "${xdomain[@]}"
case "${xnetwork}" in do
ws|websocket) # Replace the last(only) single line '}' with specific tpl file, hence insert a new section into the Nginx config file
sed -i -e "/^\}$/r ws.tpl" -e "/^\}$/d" site-xray.conf case "${xnetwork}" in
;; ws|websocket)
grpc) sed -i -e "/^\}$/r ws.tpl" -e "/^\}$/d" ${domain}.conf
sed -i -e "/^\}$/r grpc.tpl" -e "/^\}$/d" site-xray.conf ;;
;; grpc)
esac sed -i -e "/^\}$/r grpc.tpl" -e "/^\}$/d" ${domain}.conf
# Then add '}' to the end of the Nginx config file ;;
echo -e "\n}" >> site-xray.conf esac
ESC_LOCATION=$(printf '%s\n' "${xlocation}" | sed -e 's/[]\/$*.^[]/\\&/g') # Then add '}' to the end of the Nginx config file
sed -i "s/HOST/${xhost}/g" site-xray.conf echo -e "\n}" >> ${domain}.conf
sed -i "s/PORT/${xport}/g" site-xray.conf ESC_LOCATION=$(printf '%s\n' "${xlocation}" | sed -e 's/[]\/$*.^[]/\\&/g')
sed -i "s/LOCATION/${ESC_LOCATION}/g" site-xray.conf sed -i "s/HOST/${xhost}/g" ${domain}.conf
sed -i "s/PORT/${xport}/g" ${domain}.conf
sed -i "s/LOCATION/${ESC_LOCATION}/g" ${domain}.conf
done
done done