diff --git a/README.md b/README.md index 1d2465d..592aa1f 100644 --- a/README.md +++ b/README.md @@ -77,7 +77,7 @@ server-xray -u|--user u=id0[:level[:email]][,u=id1][...] -k|--hook [Optional] DDNS update or notifing URL to be hit -r|--request-domain [Optional] Domain name to request for letsencrypt cert - -c|--cert-path [Optional] Reading TLS certs from folder // + -c|--cert-home [Optional] Reading TLS certs from folder // -i|--stdin [Optional] Read config from stdin instead of auto generation -d|--debug [Optional] Start in debug mode with verbose output ``` diff --git a/run.sh b/run.sh index d08aa57..cd9c373 100755 --- a/run.sh +++ b/run.sh @@ -1,7 +1,10 @@ #!/bin/bash +#while :; do sleep 2073600; done + DIR=`dirname $0` DIR="$(cd $DIR; pwd)" +CERTHOME="/root/.acme.sh" XCONF=/tmp/server-xray.json usage() { @@ -25,12 +28,12 @@ usage() { echo " -u|--user u=id0[:level[:email]][,u=id1][...]" echo " -k|--hook [Optional] DDNS update or notifing URL to be hit" echo " -r|--request-domain [Optional] Domain name to request for letsencrypt cert" - echo " -c|--cert-path [Optional] Reading TLS certs from folder //" + echo " -c|--cert-home [Optional] Reading TLS certs from folder //" echo " -i|--stdin [Optional] Read config from stdin instead of auto generation" echo " -d|--debug [Optional] Start in debug mode with verbose output" } -TEMP=`getopt -o u:k:r:c:di --long user:,hook:,request-domain:,cert-path:,ltx:,ltt:,lttw:,ltpw:,mtt:,mttw:,mtpw:,ttt:,tttw:,ttpw:,lttg:,ltpg:,ssa:,sst:,ng-opt:,ng-proxy:,stdin,debug -n "$0" -- $@` +TEMP=`getopt -o u:k:r:c:di --long user:,hook:,request-domain:,cert-home:,ltx:,ltt:,lttw:,ltpw:,mtt:,mttw:,mtpw:,ttt:,tttw:,ttpw:,lttg:,ltpg:,ssa:,sst:,ng-opt:,ng-proxy:,stdin,debug -n "$0" -- $@` if [ $? != 0 ] ; then usage; exit 1 ; fi eval set -- "$TEMP" @@ -44,8 +47,8 @@ while true ; do CERTDOMAIN+=("$2") shift 2 ;; - -c|--cert-path) - CERTPATH+=("$2") + -c|--cert-home) + CERTHOME="$2" shift 2 ;; -i|--stdin) @@ -100,10 +103,11 @@ if [ -n "${CERTDOMAIN}" ]; then for DOMAIN in "${CERTDOMAIN[@]}" do TRY=0 - while [ ! -f "/root/.acme.sh/${DOMAIN}/fullchain.cer" ] || [ ! -f "/root/.acme.sh/${DOMAIN}/${DOMAIN}.key" ] + while [ ! -f "/${CERTHOME}/${DOMAIN}/fullchain.cer" ] || [ ! -f "/${CERTHOME}/${DOMAIN}/${DOMAIN}.key" ] do echo "Requesting TLS cert for ${DOMAIN} ..." - /root/acme.sh/acme.sh --issue --standalone -d ${DOMAIN} --debug + echo "/root/acme.sh/acme.sh --cert-home ${CERTHOME} --issue --standalone -d ${DOMAIN} --debug" + /root/acme.sh/acme.sh --cert-home "${CERTHOME}" --issue --standalone -d ${DOMAIN} --debug ((TRY++)) if [ "${TRY}" -ge 3 ]; then echo "Requesting TLS cert for ${DOMAIN} failed. Check log please." @@ -118,11 +122,7 @@ fi echo '{"log":{"loglevel":"warning"}, "inbounds":[], "outbounds":[{"protocol":"freedom"}]}' |jq .|sponge $XCONF xopt="xconf=$XCONF" -CERTPATH+=("/root/.acme.sh") -for cp in "${CERTPATH[@]}" -do - xopt="$xopt,certpath=$cp" -done +xopt="$xopt,certhome=$CERTHOME" for uopt in "${UOPT[@]}" do xopt="$xopt,$uopt" @@ -158,6 +158,7 @@ if [ -n "${SVCMD}" ]; then ngcmd="${ngcmd} --ng-proxy ${ngproxy}" done $ngcmd + ret=$?; if [ $ret != 0 ] ; then echo "\nNon-zero result $ret from the following cmd:\n$ngcmd"; exit $ret ; fi nginx; fi diff --git a/server-ltt.sh b/server-ltt.sh index c3a9c77..14fd6e4 100755 --- a/server-ltt.sh +++ b/server-ltt.sh @@ -1,7 +1,7 @@ #!/bin/bash usage() { - echo "Usage: server-ltt ,,,,[,fallback=www.baidu.com:443:/html][,fallback=:2443:/websocket2]" + echo "Usage: server-ltt ,,,,[,fallback=www.baidu.com:443:/html][,fallback=:2443:/websocket2]" } options=(`echo $1 |tr ',' ' '`) @@ -12,8 +12,8 @@ do x|xconf) xconf="${kv[1]}" ;; - c|certpath) - certpath+=("${kv[1]}") + c|certhome) + certhome="${kv[1]}" ;; p|port) port="${kv[1]}" @@ -30,8 +30,8 @@ do esac done -if [ -z "${certpath}" ]; then - echo "Error: certpath undefined." +if [ -z "${certhome}" ]; then + echo "Error: certhome undefined." usage exit 1 fi @@ -139,14 +139,11 @@ cat $XCONF |jq --arg port "${port}" \ '( .inbounds[] | select(.port == ($port|tonumber)) | .streamSettings ) += {"tlsSettings":{"alpn":["http/1.1"]} } ' \ |sponge $XCONF -for certroot in "${certpath[@]}" -do - if [ -f "${certroot}/${domain}/fullchain.cer" ] && [ -f "${certroot}/${domain}/${domain}.key" ]; then - fullchain="${certroot}/${domain}/fullchain.cer" - prvkey="${certroot}/${domain}/${domain}.key" - break - fi -done +if [ -f "${certhome}/${domain}/fullchain.cer" ] && [ -f "${certhome}/${domain}/${domain}.key" ]; then + fullchain="${certhome}/${domain}/fullchain.cer" + prvkey="${certhome}/${domain}/${domain}.key" + break +fi if [ ! -f "${fullchain}" ] || [ ! -f "${prvkey}" ]; then echo "TLS cert missing?" diff --git a/server-lttg.sh b/server-lttg.sh index 8c558e7..78e96dc 100755 --- a/server-lttg.sh +++ b/server-lttg.sh @@ -1,7 +1,7 @@ #!/bin/bash usage() { - echo "Usage: server-lttg ,,,,," + echo "Usage: server-lttg ,,,,," } options=(`echo $1 |tr ',' ' '`) @@ -12,8 +12,8 @@ do x|xconf) xconf="${kv[1]}" ;; - c|certpath) - certpath+=("${kv[1]}") + c|certhome) + certhome="${kv[1]}" ;; p|port) port="${kv[1]}" @@ -30,8 +30,8 @@ do esac done -if [ -z "${certpath}" ]; then - echo "Error: certpath undefined." +if [ -z "${certhome}" ]; then + echo "Error: certhome undefined." usage exit 1 fi @@ -100,14 +100,11 @@ cat $XCONF |jq --arg port "${port}" \ '( .inbounds[] | select(.port == ($port|tonumber)) | .streamSettings ) += {"tlsSettings":{"alpn":["http/2"]}} ' \ |sponge $XCONF -for certroot in "${certpath[@]}" -do - if [ -f "${certroot}/${domain}/fullchain.cer" ] && [ -f "${certroot}/${domain}/${domain}.key" ]; then - fullchain="${certroot}/${domain}/fullchain.cer" - prvkey="${certroot}/${domain}/${domain}.key" - break - fi -done +if [ -f "${certhome}/${domain}/fullchain.cer" ] && [ -f "${certhome}/${domain}/${domain}.key" ]; then + fullchain="${certhome}/${domain}/fullchain.cer" + prvkey="${certhome}/${domain}/${domain}.key" + break +fi if [ ! -f "${fullchain}" ] || [ ! -f "${prvkey}" ]; then echo "TLS cert missing?" diff --git a/server-lttw.sh b/server-lttw.sh index f9921fa..5fde94b 100755 --- a/server-lttw.sh +++ b/server-lttw.sh @@ -1,7 +1,7 @@ #!/bin/bash usage() { - echo "Usage: server-lttw ,,,,,[,fallback=www.baidu.com:443:/html][,fallback=:2443:/websocket2]" + echo "Usage: server-lttw ,,,,,[,fallback=www.baidu.com:443:/html][,fallback=:2443:/websocket2]" } options=(`echo $1 |tr ',' ' '`) @@ -12,8 +12,8 @@ do x|xconf) xconf="${kv[1]}" ;; - c|certpath) - certpath+=("${kv[1]}") + c|certhome) + certhome="${kv[1]}" ;; p|port) port="${kv[1]}" @@ -33,8 +33,8 @@ do esac done -if [ -z "${certpath}" ]; then - echo "Error: certpath undefined." +if [ -z "${certhome}" ]; then + echo "Error: certhome undefined." usage exit 1 fi @@ -152,14 +152,11 @@ cat $XCONF |jq --arg port "${port}" --arg wspath "${wspath}" \ '( .inbounds[] | select(.port == ($port|tonumber)) | .streamSettings ) += {"wsSettings":{"path":$wspath}} ' \ |sponge $XCONF -for certroot in "${certpath[@]}" -do - if [ -f "${certroot}/${domain}/fullchain.cer" ] && [ -f "${certroot}/${domain}/${domain}.key" ]; then - fullchain="${certroot}/${domain}/fullchain.cer" - prvkey="${certroot}/${domain}/${domain}.key" - break - fi -done +if [ -f "${certhome}/${domain}/fullchain.cer" ] && [ -f "${certhome}/${domain}/${domain}.key" ]; then + fullchain="${certhome}/${domain}/fullchain.cer" + prvkey="${certhome}/${domain}/${domain}.key" + break +fi if [ ! -f "${fullchain}" ] || [ ! -f "${prvkey}" ]; then echo "TLS cert missing?" diff --git a/server-ltx.sh b/server-ltx.sh index abd0f5b..66b5787 100755 --- a/server-ltx.sh +++ b/server-ltx.sh @@ -1,7 +1,7 @@ #!/bin/bash usage() { - echo "Usage: server-ltx ,,,,[,fallback=www.baidu.com:443:/html][,fallback=:2443:/websocket2]" + echo "Usage: server-ltx ,,,,[,fallback=www.baidu.com:443:/html][,fallback=:2443:/websocket2]" } options=(`echo $1 |tr ',' ' '`) @@ -12,8 +12,8 @@ do x|xconf) xconf="${kv[1]}" ;; - c|certpath) - certpath+=("${kv[1]}") + c|certhome) + certhome="${kv[1]}" ;; p|port) port="${kv[1]}" @@ -30,8 +30,8 @@ do esac done -if [ -z "${certpath}" ]; then - echo "Error: certpath undefined." +if [ -z "${certhome}" ]; then + echo "Error: certhome undefined." usage exit 1 fi @@ -139,14 +139,11 @@ cat $XCONF |jq --arg port "${port}" \ '( .inbounds[] | select(.port == ($port|tonumber)) | .streamSettings ) += {"tlsSettings":{"alpn":["http/1.1"]} } ' \ |sponge $XCONF -for certroot in "${certpath[@]}" -do - if [ -f "${certroot}/${domain}/fullchain.cer" ] && [ -f "${certroot}/${domain}/${domain}.key" ]; then - fullchain="${certroot}/${domain}/fullchain.cer" - prvkey="${certroot}/${domain}/${domain}.key" - break - fi -done +if [ -f "${certhome}/${domain}/fullchain.cer" ] && [ -f "${certhome}/${domain}/${domain}.key" ]; then + fullchain="${certhome}/${domain}/fullchain.cer" + prvkey="${certhome}/${domain}/${domain}.key" + break +fi if [ ! -f "${fullchain}" ] || [ ! -f "${prvkey}" ]; then echo "TLS cert missing?" diff --git a/server-mtt.sh b/server-mtt.sh index 3ebef08..a783122 100755 --- a/server-mtt.sh +++ b/server-mtt.sh @@ -1,7 +1,7 @@ #!/bin/bash usage() { - echo "Usage: server-mtt ,,,,[,fallback=www.baidu.com:443:/html][,fallback=:2443:/websocket2]" + echo "Usage: server-mtt ,,,,[,fallback=www.baidu.com:443:/html][,fallback=:2443:/websocket2]" } options=(`echo $1 |tr ',' ' '`) @@ -12,8 +12,8 @@ do x|xconf) xconf="${kv[1]}" ;; - c|certpath) - certpath+=("${kv[1]}") + c|certhome) + certhome="${kv[1]}" ;; p|port) port="${kv[1]}" @@ -30,8 +30,8 @@ do esac done -if [ -z "${certpath}" ]; then - echo "Error: certpath undefined." +if [ -z "${certhome}" ]; then + echo "Error: certhome undefined." usage exit 1 fi @@ -139,14 +139,11 @@ cat $XCONF |jq --arg port "${port}" \ '( .inbounds[] | select(.port == ($port|tonumber)) | .streamSettings ) += {"tlsSettings":{"alpn":["http/1.1"]} } ' \ |sponge $XCONF -for certroot in "${certpath[@]}" -do - if [ -f "${certroot}/${domain}/fullchain.cer" ] && [ -f "${certroot}/${domain}/${domain}.key" ]; then - fullchain="${certroot}/${domain}/fullchain.cer" - prvkey="${certroot}/${domain}/${domain}.key" - break - fi -done +if [ -f "${certhome}/${domain}/fullchain.cer" ] && [ -f "${certhome}/${domain}/${domain}.key" ]; then + fullchain="${certhome}/${domain}/fullchain.cer" + prvkey="${certhome}/${domain}/${domain}.key" + break +fi if [ ! -f "${fullchain}" ] || [ ! -f "${prvkey}" ]; then echo "TLS cert missing?" diff --git a/server-mttw.sh b/server-mttw.sh index 0d87ea6..2ac6653 100755 --- a/server-mttw.sh +++ b/server-mttw.sh @@ -1,7 +1,7 @@ #!/bin/bash usage() { - echo "Usage: server-mttw ,,,,,[,fallback=www.baidu.com:443:/html][,fallback=:2443:/websocket2]" + echo "Usage: server-mttw ,,,,,[,fallback=www.baidu.com:443:/html][,fallback=:2443:/websocket2]" } options=(`echo $1 |tr ',' ' '`) @@ -12,8 +12,8 @@ do x|xconf) xconf="${kv[1]}" ;; - c|certpath) - certpath+=("${kv[1]}") + c|certhome) + certhome="${kv[1]}" ;; p|port) port="${kv[1]}" @@ -33,8 +33,8 @@ do esac done -if [ -z "${certpath}" ]; then - echo "Error: certpath undefined." +if [ -z "${certhome}" ]; then + echo "Error: certhome undefined." usage exit 1 fi @@ -152,14 +152,11 @@ cat $XCONF |jq --arg port "${port}" --arg wspath "${wspath}" \ '( .inbounds[] | select(.port == ($port|tonumber)) | .streamSettings ) += {"wsSettings":{"path":$wspath}} ' \ |sponge $XCONF -for certroot in "${certpath[@]}" -do - if [ -f "${certroot}/${domain}/fullchain.cer" ] && [ -f "${certroot}/${domain}/${domain}.key" ]; then - fullchain="${certroot}/${domain}/fullchain.cer" - prvkey="${certroot}/${domain}/${domain}.key" - break - fi -done +if [ -f "${certhome}/${domain}/fullchain.cer" ] && [ -f "${certhome}/${domain}/${domain}.key" ]; then + fullchain="${certhome}/${domain}/fullchain.cer" + prvkey="${certhome}/${domain}/${domain}.key" + break +fi if [ ! -f "${fullchain}" ] || [ ! -f "${prvkey}" ]; then echo "TLS cert missing?" diff --git a/server-nginx.sh b/server-nginx.sh index 0cd5262..e9c23ad 100755 --- a/server-nginx.sh +++ b/server-nginx.sh @@ -2,10 +2,11 @@ DIR=`dirname $0` DIR="$(cd $DIR; pwd)" +TPL="site-ssl.conf.tpl" usage() { - echo "server-nginx --ng-opt [,p=443] --ng-proxy [,h=127.0.0.1]" - echo " --ng-opt [,p=443]" + echo "server-nginx --ng-opt [,p=443] --ng-proxy [,h=127.0.0.1]" + echo " --ng-opt [,p=443]" echo " --ng-proxy [,h=127.0.0.1][,d=host-domain]" } @@ -48,14 +49,14 @@ fi for ngopt in "${NGOPT[@]}" do - unset certpath + unset certhome options=(`echo $ngopt |tr ',' ' '`) for option in "${options[@]}" do kv=(`echo $option |tr '=' ' '`) case "${kv[0]}" in - c|certpath) - certpath+=("${kv[1]}") + c|certhome) + certhome="${kv[1]}" ;; p|port) port="${kv[1]}" @@ -67,28 +68,19 @@ do esac done - if [ -z "${certpath}" ]; then echo "Error: certpath undefined."; usage; exit 1; fi + if [ -z "${certhome}" ]; then echo "Error: certhome undefined."; usage; exit 1; fi if [ -z "${domain}" ]; then echo "Error: domain undefined."; usage; exit 1; fi if [ -z "${port}" ]; then port=443; fi if ! [ "${port}" -eq "${port}" ] 2>/dev/null; then >&2 echo "Port number must be numeric"; exit 1; fi - for certroot in "${certpath[@]}" - do - if [ -f "${certroot}/${domain}/fullchain.cer" ] && [ -f "${certroot}/${domain}/${domain}.key" ]; then - fullchain="${certroot}/${domain}/fullchain.cer" - prvkey="${certroot}/${domain}/${domain}.key" - break - fi - done - + fullchain="${certhome}/${domain}/fullchain.cer" + prvkey="${certhome}/${domain}/${domain}.key" if [ ! -f "${fullchain}" ] || [ ! -f "${prvkey}" ]; then - echo "TLS cert missing?" + echo "${domain} TLS cert missing?" echo "Abort." exit 2 fi - TPL="site-ssl.conf.tpl" - ESC_CERTFILE=$(printf '%s\n' "${fullchain}" | sed -e 's/[]\/$*.^[]/\\&/g') ESC_PRVKEYFILE=$(printf '%s\n' "${prvkey}" | sed -e 's/[]\/$*.^[]/\\&/g') cat ${TPL} \ @@ -152,3 +144,4 @@ do sed -i "s/LOCATION/${ESC_LOCATION}/g" ${domain}.conf done done +exit 0 diff --git a/server-ttt.sh b/server-ttt.sh index f6ac8df..0859cad 100755 --- a/server-ttt.sh +++ b/server-ttt.sh @@ -1,7 +1,7 @@ #!/bin/bash usage() { - echo "Usage: server-ttt ,,,,[,fallback=www.baidu.com:443:/html][,fallback=:2443:/websocket2]" + echo "Usage: server-ttt ,,,,[,fallback=www.baidu.com:443:/html][,fallback=:2443:/websocket2]" } options=(`echo $1 |tr ',' ' '`) @@ -12,8 +12,8 @@ do x|xconf) xconf="${kv[1]}" ;; - c|certpath) - certpath+=("${kv[1]}") + c|certhome) + certhome="${kv[1]}" ;; p|port) port="${kv[1]}" @@ -30,8 +30,8 @@ do esac done -if [ -z "${certpath}" ]; then - echo "Error: certpath undefined." +if [ -z "${certhome}" ]; then + echo "Error: certhome undefined." usage exit 1 fi @@ -139,14 +139,11 @@ cat $XCONF |jq --arg port "${port}" \ '( .inbounds[] | select(.port == ($port|tonumber)) | .streamSettings ) += {"tlsSettings":{"alpn":["http/1.1"]} } ' \ |sponge $XCONF -for certroot in "${certpath[@]}" -do - if [ -f "${certroot}/${domain}/fullchain.cer" ] && [ -f "${certroot}/${domain}/${domain}.key" ]; then - fullchain="${certroot}/${domain}/fullchain.cer" - prvkey="${certroot}/${domain}/${domain}.key" - break - fi -done +if [ -f "${certhome}/${domain}/fullchain.cer" ] && [ -f "${certhome}/${domain}/${domain}.key" ]; then + fullchain="${certhome}/${domain}/fullchain.cer" + prvkey="${certhome}/${domain}/${domain}.key" + break +fi if [ ! -f "${fullchain}" ] || [ ! -f "${prvkey}" ]; then echo "TLS cert missing?" diff --git a/server-tttw.sh b/server-tttw.sh index 78fd361..e79317e 100755 --- a/server-tttw.sh +++ b/server-tttw.sh @@ -1,7 +1,7 @@ #!/bin/bash usage() { - echo "Usage: server-tttw ,,,,[,fallback=www.baidu.com:443:/html][,fallback=:2443:/websocket2]" + echo "Usage: server-tttw ,,,,[,fallback=www.baidu.com:443:/html][,fallback=:2443:/websocket2]" } options=(`echo $1 |tr ',' ' '`) @@ -12,8 +12,8 @@ do x|xconf) xconf="${kv[1]}" ;; - c|certpath) - certpath+=("${kv[1]}") + c|certhome) + certhome="${kv[1]}" ;; p|port) port="${kv[1]}" @@ -33,8 +33,8 @@ do esac done -if [ -z "${certpath}" ]; then - echo "Error: certpath undefined." +if [ -z "${certhome}" ]; then + echo "Error: certhome undefined." usage exit 1 fi @@ -152,14 +152,11 @@ cat $XCONF |jq --arg port "${port}" --arg wspath "${wspath}" \ '( .inbounds[] | select(.port == ($port|tonumber)) | .streamSettings ) += {"wsSettings":{"path":$wspath}} ' \ |sponge $XCONF -for certroot in "${certpath[@]}" -do - if [ -f "${certroot}/${domain}/fullchain.cer" ] && [ -f "${certroot}/${domain}/${domain}.key" ]; then - fullchain="${certroot}/${domain}/fullchain.cer" - prvkey="${certroot}/${domain}/${domain}.key" - break - fi -done +if [ -f "${certhome}/${domain}/fullchain.cer" ] && [ -f "${certhome}/${domain}/${domain}.key" ]; then + fullchain="${certhome}/${domain}/fullchain.cer" + prvkey="${certhome}/${domain}/${domain}.key" + break +fi if [ ! -f "${fullchain}" ] || [ ! -f "${prvkey}" ]; then echo "TLS cert missing?"