2gW94/server-xray
1
0
Fork 0
mirror of https://github.com/samuelhbne/server-xray.git synced 2025-12-17 04:14:40 +03:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Initial multiple Nginx domain support

Browse Source
This commit is contained in:
Samuel Huang
2021-09-22 21:48:05 +10:00
parent 9ea2691808
commit 6161f1b64c
2 changed files with 102 additions and 79 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
run.sh
View File

@@ -21,7 +21,7 @@ usage() {
# echo " --ssa <Shadowsocks-AEAD option> [port=443,]user=password1:method1[,user=password2:method2]"
# echo " --sst <Shadowsocks-TCP option> [port=443,]user=passwd,method=xxxx"
echo " --ng-opt <nginx-options> [p=443,]d=domain.com"
echo " --ng-proxy <nginx-proxy-options> [h=127.0.0.1,]p=8443,l=location,n=ws|grpc"
echo " --ng-proxy <nginx-proxy-options> [d=domain.com,][h=127.0.0.1,]p=8443,l=location,n=ws|grpc"
echo " -k|--hook <hook-url> [Optional] DDNS update or notifing URL to be hit"
echo " -r|--request-domain <domain-name> [Optional] Domain name to request for letsencrypt cert"
echo " -c|--cert-path <cert-path-root> [Optional] Reading TLS certs from folder <cert-path-root>/<domain-name>/"
@@ -61,7 +61,7 @@ while true ; do
shift 2
;;
--ng-opt)
NGOPT=$2
NGOPT+=("$2")
shift 2
;;
--ng-proxy)
@@ -73,7 +73,7 @@ while true ; do
break
;;
*)
echo "Get: $1"
echo "Unknown option: $1"
usage;
exit 1
;;
@@ -139,7 +139,11 @@ if [ -n "${SVCMD}" ]; then
fi
if [ -n "${NGOPT}" ]; then
ngcmd="${DIR}server-nginx.sh --ng-opt ${NGOPT},$xopt"
ngcmd="${DIR}server-nginx.sh"
for ngopt in "${NGOPT[@]}"
do
ngcmd="${ngcmd} --ng-opt ${ngopt},$xopt"
done
for ngproxy in "${NGPROXY[@]}"
do
ngcmd="${ngcmd} --ng-proxy ${ngproxy}"

97
server-nginx.sh
View File

@@ -14,7 +14,7 @@ eval set -- "$TEMP"
while true ; do
case "$1" in
-o|--ng-opt)
NGOPT="$2"
NGOPT+=("$2")
shift 2
;;
-x|--ng-proxy)
@@ -33,9 +33,32 @@ while true ; do
esac
done
options=(`echo $NGOPT |tr ',' ' '`)
for option in "${options[@]}"
if [ -z "${NGOPT}" ]; then
echo "Missing --ng-opt option"
usage;
exit 1
fi
if [ -z "${NGPROXY}" ]; then
echo "Missing --ng-proxy option"
usage;
exit 1
fi
# Running as root to enable low port listening. Necessary for Fargate or k8s.
sed -i 's/^user nginx;$/user root;/g' /etc/nginx/nginx.conf
mkdir -p /run/nginx/
cd /etc/nginx/http.d/
if [ -f /etc/nginx/http.d/default.conf ]; then
mv default.conf default.conf.disable
fi
for ngopt in "${NGOPT[@]}"
do
unset certpath
options=(`echo $ngopt |tr ',' ' '`)
for option in "${options[@]}"
do
kv=(`echo $option |tr '=' ' '`)
case "${kv[0]}" in
c|certpath)
@@ -46,63 +69,52 @@ do
;;
d|domain)
domain="${kv[1]}"
DOMAIN+=("${kv[1]}")
;;
esac
done
done
if [ -z "${certpath}" ]; then
if [ -z "${certpath}" ]; then
echo "Error: certpath undefined."
usage
exit 1
fi
fi
if [ -z "${port}" ]; then
port=443
fi
if [ -z "${domain}" ]; then
if [ -z "${domain}" ]; then
echo "Error: domain undefined."
usage
exit 1
fi
fi
if ! [ "${port}" -eq "${port}" ] 2>/dev/null; then >&2 echo "Port number must be numeric"; exit 1; fi
if [ -z "${port}" ]; then port=443; fi
if ! [ "${port}" -eq "${port}" ] 2>/dev/null; then >&2 echo "Port number must be numeric"; exit 1; fi
for certroot in "${certpath[@]}"
do
for certroot in "${certpath[@]}"
do
if [ -f "${certroot}/${domain}/fullchain.cer" ] && [ -f "${certroot}/${domain}/${domain}.key" ]; then
fullchain="${certroot}/${domain}/fullchain.cer"
prvkey="${certroot}/${domain}/${domain}.key"
break
fi
done
done
if [ ! -f "${fullchain}" ] || [ ! -f "${prvkey}" ]; then
if [ ! -f "${fullchain}" ] || [ ! -f "${prvkey}" ]; then
echo "TLS cert missing?"
echo "Abort."
exit 2
fi
fi
# Running as root to enable low port listening. Necessary for Fargate or k8s.
sed -i 's/^user nginx;$/user root;/g' /etc/nginx/nginx.conf
mkdir -p /run/nginx/
TPL="site-ssl.conf.tpl"
cd /etc/nginx/http.d/
if [ -f /etc/nginx/http.d/default.conf ]; then
mv default.conf default.conf.disable
fi
TPL="site-ssl.conf.tpl"
ESC_CERTFILE=$(printf '%s\n' "${fullchain}" | sed -e 's/[]\/$*.^[]/\\&/g')
ESC_PRVKEYFILE=$(printf '%s\n' "${prvkey}" | sed -e 's/[]\/$*.^[]/\\&/g')
cat ${TPL} \
ESC_CERTFILE=$(printf '%s\n' "${fullchain}" | sed -e 's/[]\/$*.^[]/\\&/g')
ESC_PRVKEYFILE=$(printf '%s\n' "${prvkey}" | sed -e 's/[]\/$*.^[]/\\&/g')
cat ${TPL} \
| sed "s/CERTFILE/${ESC_CERTFILE}/g" \
| sed "s/PRVKEYFILE/${ESC_PRVKEYFILE}/g" \
| sed "s/NGDOMAIN/${domain}/g" \
| sed "s/NGPORT/${port}/g" \
>site-xray.conf
>"${domain}.conf"
done
for ngproxy in "${NGPROXY[@]}"
do
@@ -111,6 +123,9 @@ do
do
kv=(`echo $option |tr '=' ' '`)
case "${kv[0]}" in
d|domain)
xdomain+=("${kv[1]}")
;;
h|host)
xhost="${kv[1]}"
;;
@@ -127,20 +142,24 @@ do
done
if [ -z "${xhost}" ]; then xhost="127.0.0.1"; fi
if [ -z "${xdomain}" ]; then xdomain=("${DOMAIN[@]}"); fi
for domain in "${xdomain[@]}"
do
# Replace the last(only) single line '}' with specific tpl file, hence insert a new section into the Nginx config file
case "${xnetwork}" in
ws|websocket)
sed -i -e "/^\}$/r ws.tpl" -e "/^\}$/d" site-xray.conf
sed -i -e "/^\}$/r ws.tpl" -e "/^\}$/d" ${domain}.conf
;;
grpc)
sed -i -e "/^\}$/r grpc.tpl" -e "/^\}$/d" site-xray.conf
sed -i -e "/^\}$/r grpc.tpl" -e "/^\}$/d" ${domain}.conf
;;
esac
# Then add '}' to the end of the Nginx config file
echo -e "\n}" >> site-xray.conf
echo -e "\n}" >> ${domain}.conf
ESC_LOCATION=$(printf '%s\n' "${xlocation}" | sed -e 's/[]\/$*.^[]/\\&/g')
sed -i "s/HOST/${xhost}/g" site-xray.conf
sed -i "s/PORT/${xport}/g" site-xray.conf
sed -i "s/LOCATION/${ESC_LOCATION}/g" site-xray.conf
sed -i "s/HOST/${xhost}/g" ${domain}.conf
sed -i "s/PORT/${xport}/g" ${domain}.conf
sed -i "s/LOCATION/${ESC_LOCATION}/g" ${domain}.conf
done
done