2gW94/server-xray
1
0
Fork 0
mirror of https://github.com/samuelhbne/server-xray.git synced 2025-12-16 20:07:06 +03:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Squashed commit of the following:

Browse Source 
commit 8c90a783b6
Author: Samuel Huang <samuelh2006@gmail.com>
Date:   Fri Oct 4 20:37:19 2024 +1000

    Trivy compliant

commit 05857d2008
Author: Samuel Huang <samuelh2006@gmail.com>
Date:   Thu Oct 3 21:44:08 2024 +1000

    Add workflow_dispatch to Codacy

commit 4d3a971d17
Author: Samuel Huang <samuelh2006@gmail.com>
Date:   Thu Oct 3 21:36:40 2024 +1000

    Trivy compliant

commit a9c25bbf1f
Author: Samuel Huang <samuelh2006@gmail.com>
Date:   Thu Oct 3 20:56:44 2024 +1000

    Update trivy scanner

commit 368a9c36e0
Author: Samuel Huang <samuelh2006@gmail.com>
Date:   Tue Oct 1 08:20:43 2024 +1000

    Codacy compliant
This commit is contained in:
Samuel Huang
2024-10-04 21:07:51 +10:00
parent 614d53e540
commit b5d63799c0
20 changed files with 63 additions and 62 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
.github/workflows/codacy.yml vendored
View File

@@ -14,6 +14,7 @@
name: Codacy Security Scan
on:
workflow_dispatch:
push:
branches: [ "master", "dev" ]
pull_request:

12
.github/workflows/trivy-scan.yml vendored
View File

@@ -1,6 +1,7 @@
name: Trivy-scanning
on:
workflow_dispatch:
push:
branches:
- master
@@ -12,21 +13,20 @@ jobs:
steps:
-
name: Checkout
uses: actions/checkout@v2
uses: actions/checkout@v4
with:
ref: ${{ github.ref }}
-
name: Run Trivy fs vulnerability scanner
uses: anandg112/trivy-action@feat/add-skip-dirs-option
name: Run Trivy fs vulnerability scanner in fs mode
uses: aquasecurity/trivy-action@0.20.0
with:
scan-type: 'fs'
ignore-unfixed: true
format: 'template'
template: '@/contrib/sarif.tpl'
format: 'sarif'
output: 'trivy-results.sarif'
#severity: 'CRITICAL'
-
name: Upload Trivy scan results to GitHub Security tab
uses: github/codeql-action/upload-sarif@v2
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: 'trivy-results.sarif'

50
Dockerfile
View File

@@ -9,21 +9,22 @@ RUN git clone https://github.com/XTLS/Xray-core.git . && \
git checkout ${XRAYVER} && \
go build -o xray -trimpath -ldflags "-s -w -buildid=" ./main
RUN cd /tmp; curl -sSLO https://github.com/Loyalsoldier/v2ray-rules-dat/releases/latest/download/geoip.dat
RUN cd /tmp; curl -sSLO https://github.com/Loyalsoldier/v2ray-rules-dat/releases/latest/download/geosite.dat
RUN curl -sSLO https://github.com/Loyalsoldier/v2ray-rules-dat/releases/latest/download/geoip.dat
RUN curl -sSLO https://github.com/Loyalsoldier/v2ray-rules-dat/releases/latest/download/geosite.dat
FROM nginx:stable-alpine3.20
ARG ACMEVER='2.9.0'
COPY --from=builder /go/src/XTLS/Xray-core/xray /usr/local/bin/
COPY --from=builder /tmp/geosite.dat /usr/local/bin/
COPY --from=builder /tmp/geoip.dat /usr/local/bin/
COPY --from=builder /go/src/XTLS/Xray-core/xray /usr/local/bin/
COPY --from=builder /go/src/XTLS/Xray-core/geoip.dat /usr/local/bin/
COPY --from=builder /go/src/XTLS/Xray-core/geosite.dat /usr/local/bin/
WORKDIR /root
RUN apk add --no-cache bash openssl curl socat jq moreutils libcap-setcap
RUN cd /root; curl -sSL "https://github.com/acmesh-official/acme.sh/archive/refs/tags/${ACMEVER}.tar.gz"|tar zxvf -
RUN cd /root; ln -s acme.sh-${ACMEVER} acme.sh; mkdir .acme.sh
RUN curl -sSL "https://github.com/acmesh-official/acme.sh/archive/refs/tags/${ACMEVER}.tar.gz"|tar zxvf -
RUN ln -s acme.sh-${ACMEVER} acme.sh; mkdir .acme.sh
RUN setcap CAP_NET_BIND_SERVICE=+eip /usr/sbin/nginx
COPY nginx-site.tpl /etc/nginx/conf.d/
@@ -31,33 +32,32 @@ COPY nginx-stream.tpl /etc/nginx/conf.d/
COPY nginx-proxy.tpl /etc/nginx/conf.d/
COPY nginx-grpc.tpl /etc/nginx/conf.d/
COPY nginx-ws.tpl /etc/nginx/conf.d/
COPY proxy-log-fmt.tpl /etc/nginx/conf.d/000-proxy-log-fmt.conf
ADD server-lgp.sh /server-lgp.sh
ADD server-lgr.sh /server-lgr.sh
ADD server-lgt.sh /server-lgt.sh
COPY server-lgp.sh /server-lgp.sh
COPY server-lgr.sh /server-lgr.sh
COPY server-lgt.sh /server-lgt.sh
ADD server-lsp.sh /server-lsp.sh
ADD server-lst.sh /server-lst.sh
COPY server-lsp.sh /server-lsp.sh
COPY server-lst.sh /server-lst.sh
ADD server-ltr.sh /server-ltr.sh
ADD server-ltt.sh /server-ltt.sh
COPY server-ltr.sh /server-ltr.sh
COPY server-ltt.sh /server-ltt.sh
ADD server-lwp.sh /server-lwp.sh
ADD server-lwt.sh /server-lwt.sh
COPY server-lwp.sh /server-lwp.sh
COPY server-lwt.sh /server-lwt.sh
ADD server-mtt.sh /server-mtt.sh
ADD server-mwp.sh /server-mwp.sh
ADD server-mwt.sh /server-mwt.sh
COPY server-mtt.sh /server-mtt.sh
COPY server-mwp.sh /server-mwp.sh
COPY server-mwt.sh /server-mwt.sh
ADD server-twp.sh /server-twp.sh
ADD server-ttt.sh /server-ttt.sh
ADD server-twt.sh /server-twt.sh
COPY server-twp.sh /server-twp.sh
COPY server-ttt.sh /server-ttt.sh
COPY server-twt.sh /server-twt.sh
ADD server-nginx.sh /server-nginx.sh
COPY server-nginx.sh /server-nginx.sh
ADD run.sh /run.sh
COPY run.sh /run.sh
RUN chmod 755 /*.sh

6
run.sh
View File

@@ -78,13 +78,13 @@ while true ; do
;;
--lgp|--lgr|--lgt|--lsp|--lst|--ltr|--ltt|--lwp|--lwt|--mtt|--mwp|--mwt|--ttt|--twp|--twt)
# Alias options
SVC=$(echo $1|tr -d '\-\-')
SVC=$(echo "$1"|tr -d "\-\-")
SVCMD+=("${DIR}/server-${SVC}.sh $2")
shift 2
;;
--ltrx|--lttx)
# Alias options
SVC=$(echo $1|tr -d '\-\-'|tr -d x)
SVC=$(echo "$1"|tr -d "\-\-"|tr -d "x")
SVCMD+=("${DIR}/server-${SVC}.sh $2,xtls")
shift 2
;;
@@ -156,7 +156,7 @@ if [ "${#CERTDOMAIN[@]}" -gt 0 ]; then
do
echo "Requesting TLS cert for ${DOMAIN} ..."
echo "/root/acme.sh/acme.sh --cert-home ${CERTHOME} --issue --standalone -d ${DOMAIN} --debug"
/root/acme.sh/acme.sh --cert-home "${CERTHOME}" --issue --standalone -d ${DOMAIN} --debug
/root/acme.sh/acme.sh --cert-home "${CERTHOME}" --issue --standalone -d "${DOMAIN}" --debug
((TRY++))
if [ "${TRY}" -ge 3 ]; then
echo "Requesting TLS cert for ${DOMAIN} failed. Check log please."

2
server-lgp.sh
View File

@@ -89,7 +89,7 @@ inbound=$(echo $inbound| jq -c '.streamSettings += {"security":"none"}')
# Fallback settings
for fb in "${fallback[@]}"
do
IFS=':'; fopt=(${fb}); fopt=(${fopt[@]})
IFS=':'; fopt=("${fb}"); fopt=("${fopt[@]}")
fhost="${fopt[0]}"; fport="${fopt[1]}"; fpath="${fopt[2]}"
unset IFS
if [ -z "${fport}" ]; then >&2 echo -e "Incorrect fallback format: $fb\n"; usage; exit 1; fi

2
server-lgr.sh
View File

@@ -126,7 +126,7 @@ inbound=$(echo $inbound| jq -c --argjson JshortIds "${JshortIds}" '.streamSettin
# Fallback settings
for fb in "${fallback[@]}"
do
IFS=':'; fopt=(${fb}); fopt=(${fopt[@]})
IFS=':'; fopt=("${fb}"); fopt=("${fopt[@]}")
fhost="${fopt[0]}"; fport="${fopt[1]}"; fpath="${fopt[2]}"
unset IFS
if [ -z "${fport}" ]; then >&2 echo -e "Incorrect fallback format: $fb\n"; usage; exit 1; fi

2
server-lgt.sh
View File

@@ -107,7 +107,7 @@ inbound=$(echo $inbound| jq -c --arg fullchain "${fullchain}" --arg prvkey "${pr
# Fallback settings
for fb in "${fallback[@]}"
do
IFS=':'; fopt=(${fb}); fopt=(${fopt[@]})
IFS=':'; fopt=("${fb}"); fopt=("${fopt[@]}")
fhost="${fopt[0]}"; fport="${fopt[1]}"; fpath="${fopt[2]}"
unset IFS
if [ -z "${fport}" ]; then >&2 echo -e "Incorrect fallback format: $fb\n"; usage; exit 1; fi

2
server-lsp.sh
View File

@@ -89,7 +89,7 @@ inbound=$(echo $inbound| jq -c '.streamSettings += {"security":"none"}')
# Fallback settings
for fb in "${fallback[@]}"
do
IFS=':'; fopt=(${fb}); fopt=(${fopt[@]})
IFS=':'; fopt=("${fb}"); fopt=("${fopt[@]}")
fhost="${fopt[0]}"; fport="${fopt[1]}"; fpath="${fopt[2]}"
unset IFS
if [ -z "${fport}" ]; then >&2 echo -e "Incorrect fallback format: $fb\n"; usage; exit 1; fi

2
server-lst.sh
View File

@@ -107,7 +107,7 @@ inbound=$(echo $inbound| jq -c --arg fullchain "${fullchain}" --arg prvkey "${pr
# Fallback settings
for fb in "${fallback[@]}"
do
IFS=':'; fopt=(${fb}); fopt=(${fopt[@]})
IFS=':'; fopt=("${fb}"); fopt=("${fopt[@]}")
fhost="${fopt[0]}"; fport="${fopt[1]}"; fpath="${fopt[2]}"
unset IFS
if [ -z "${fport}" ]; then >&2 echo -e "Incorrect fallback format: $fb\n"; usage; exit 1; fi

2
server-ltr.sh
View File

@@ -118,7 +118,7 @@ inbound=$(echo $inbound| jq -c --argjson JshortIds "${JshortIds}" '.streamSettin
# Fallback settings
for fb in "${fallback[@]}"
do
IFS=':'; fopt=(${fb}); fopt=(${fopt[@]})
IFS=':'; fopt=("${fb}"); fopt=("${fopt[@]}")
fhost="${fopt[0]}"; fport="${fopt[1]}"; fpath="${fopt[2]}"
unset IFS
if [ -z "${fport}" ]; then >&2 echo -e "Incorrect fallback format: $fb\n"; usage; exit 1; fi

2
server-ltt.sh
View File

@@ -99,7 +99,7 @@ inbound=$(echo $inbound| jq -c --arg fullchain "${fullchain}" --arg prvkey "${pr
# Fallback settings
for fb in "${fallback[@]}"
do
IFS=':'; fopt=(${fb}); fopt=(${fopt[@]})
IFS=':'; fopt=("${fb}"); fopt=("${fopt[@]}")
fhost="${fopt[0]}"; fport="${fopt[1]}"; fpath="${fopt[2]}"
unset IFS
if [ -z "${fport}" ]; then >&2 echo -e "Incorrect fallback format: $fb\n"; usage; exit 1; fi

2
server-lwp.sh
View File

@@ -89,7 +89,7 @@ inbound=$(echo $inbound| jq -c '.streamSettings += {"security":"none"}')
# Fallback settings
for fb in "${fallback[@]}"
do
IFS=':'; fopt=(${fb}); fopt=(${fopt[@]})
IFS=':'; fopt=("${fb}"); fopt=("${fopt[@]}")
fhost="${fopt[0]}"; fport="${fopt[1]}"; fpath="${fopt[2]}"
unset IFS
if [ -z "${fport}" ]; then >&2 echo -e "Incorrect fallback format: $fb\n"; usage; exit 1; fi

2
server-lwt.sh
View File

@@ -107,7 +107,7 @@ inbound=$(echo $inbound| jq -c --arg fullchain "${fullchain}" --arg prvkey "${pr
# Fallback settings
for fb in "${fallback[@]}"
do
IFS=':'; fopt=(${fb}); fopt=(${fopt[@]})
IFS=':'; fopt=("${fb}"); fopt=("${fopt[@]}")
fhost="${fopt[0]}"; fport="${fopt[1]}"; fpath="${fopt[2]}"
unset IFS
if [ -z "${fport}" ]; then >&2 echo -e "Incorrect fallback format: $fb\n"; usage; exit 1; fi

2
server-mtt.sh
View File

@@ -99,7 +99,7 @@ inbound=$(echo $inbound| jq -c --arg fullchain "${fullchain}" --arg prvkey "${pr
# Fallback settings
for fb in "${fallback[@]}"
do
IFS=':'; fopt=(${fb}); fopt=(${fopt[@]})
IFS=':'; fopt=("${fb}"); fopt=("${fopt[@]}")
fhost="${fopt[0]}"; fport="${fopt[1]}"; fpath="${fopt[2]}"
unset IFS
if [ -z "${fport}" ]; then >&2 echo -e "Incorrect fallback format: $fb\n"; usage; exit 1; fi

2
server-mwp.sh
View File

@@ -89,7 +89,7 @@ inbound=$(echo $inbound| jq -c '.streamSettings += {"security":"none"}')
# Fallback settings
for fb in "${fallback[@]}"
do
IFS=':'; fopt=(${fb}); fopt=(${fopt[@]})
IFS=':'; fopt=("${fb}"); fopt=("${fopt[@]}")
fhost="${fopt[0]}"; fport="${fopt[1]}"; fpath="${fopt[2]}"
unset IFS
if [ -z "${fport}" ]; then

2
server-mwt.sh
View File

@@ -107,7 +107,7 @@ inbound=$(echo $inbound| jq -c --arg fullchain "${fullchain}" --arg prvkey "${pr
# Fallback settings
for fb in "${fallback[@]}"
do
IFS=':'; fopt=(${fb}); fopt=(${fopt[@]})
IFS=':'; fopt=("${fb}"); fopt=("${fopt[@]}")
fhost="${fopt[0]}"; fport="${fopt[1]}"; fpath="${fopt[2]}"
unset IFS
if [ -z "${fport}" ]; then

26
server-nginx.sh
View File

@@ -114,18 +114,18 @@ if [ -n "${STSVR}" ]; then
done
# Adding map.conf down to #XMAP_TAG tag
sed -i '/#XMAP_TAG/r /tmp/stmap.conf' $NGCONF
sed -i '/#XMAP_TAG/r /tmp/stmap.conf' "$NGCONF"
# Adding ups.conf down to #XUPSTREAM_TAG tag
sed -i '/#XUPSTREAM_TAG/r /tmp/stups.conf' $NGCONF
sed -i "s/STPORT/${STPORT}/g" $NGCONF
sed -i '/#XUPSTREAM_TAG/r /tmp/stups.conf' "$NGCONF"
sed -i "s/STPORT/${STPORT}/g" "$NGCONF"
# Adding "proxy_protocol=on" down to #STPROXY_PASS_TAG tag
if [ -n "${STPROXY_PASS}" ]; then
echo " proxy_protocol on;" >/tmp/stproxy.conf
sed -i '/#STPROXY_PASS_TAG/r /tmp/stproxy.conf' $NGCONF
sed -i '/#STPROXY_PASS_TAG/r /tmp/stproxy.conf' "$NGCONF"
fi
rm -rf /tmp/stmap.conf; rm -rf /tmp/stups.conf; rm -rf /tmp/stproxy.conf
echo "Generated $NGCONF ====>"
cat $NGCONF
cat "$NGCONF"
fi
# Generating Nginx site server configurations.
@@ -194,7 +194,7 @@ do
sed -i 's/proxy_add_x_forwarded_for/proxy_protocol_addr/g' "${site_domain}.conf"
fi
echo "Generated /etc/nginx/conf.d/${site_domain}.conf ====>"
cat /etc/nginx/conf.d/${site_domain}.conf
cat "/etc/nginx/conf.d/${site_domain}.conf"
done
done
@@ -239,19 +239,19 @@ do
# Add tpl file content down to #LOCATION tag
case "${xnetwork}" in
ws|websocket)
sed -i '/#XLOCATION_TAG/r nginx-ws.tpl' ${xdomain}.conf
sed -i '/#XLOCATION_TAG/r nginx-ws.tpl' "${xdomain}.conf"
;;
grpc)
sed -i '/#XLOCATION_TAG/r nginx-grpc.tpl' ${xdomain}.conf
sed -i '/#XLOCATION_TAG/r nginx-grpc.tpl' "${xdomain}.conf"
;;
splt|proxy)
sed -i '/#XLOCATION_TAG/r nginx-proxy.tpl' ${xdomain}.conf
sed -i '/#XLOCATION_TAG/r nginx-proxy.tpl' "${xdomain}.conf"
;;
esac
ESC_LOCATION=$(printf '%s\n' "${xlocation}" | sed -e 's/[]\/$*.^[]/\\&/g')
sed -i "s/HOST/${xhost}/g" ${xdomain}.conf
sed -i "s/PORT/${xport}/g" ${xdomain}.conf
sed -i "s/WEBPATH/${ESC_LOCATION}/g" ${xdomain}.conf
sed -i "s/HOST/${xhost}/g" "${xdomain}.conf"
sed -i "s/PORT/${xport}/g" "${xdomain}.conf"
sed -i "s/WEBPATH/${ESC_LOCATION}/g" "${xdomain}.conf"
# Applying proxy log format instead of main format when --ng-server proxy_pass was set
if [ -n "${NGPROTOCOL}" ]; then
sed -i '/access_log/s/main/proxy/' "${xdomain}.conf"
@@ -259,7 +259,7 @@ do
sed -i 's/proxy_add_x_forwarded_for/proxy_protocol_addr/g' "${xdomain}.conf"
fi
echo "Generated /etc/nginx/conf.d/${xdomain}.conf ====>"
cat /etc/nginx/conf.d/${xdomain}.conf
cat "/etc/nginx/conf.d/${xdomain}.conf"
done
done
exit 0

2
server-ttt.sh
View File

@@ -99,7 +99,7 @@ inbound=$(echo $inbound| jq -c --arg fullchain "${fullchain}" --arg prvkey "${pr
# Fallback settings
for fb in "${fallback[@]}"
do
IFS=':'; fopt=(${fb}); fopt=(${fopt[@]})
IFS=':'; fopt=("${fb}"); fopt=("${fopt[@]}")
fhost="${fopt[0]}"; fport="${fopt[1]}"; fpath="${fopt[2]}"
unset IFS
if [ -z "${fport}" ]; then >&2 echo -e "Incorrect fallback format: $fb\n"; usage; exit 1; fi

2
server-twp.sh
View File

@@ -89,7 +89,7 @@ inbound=$(echo $inbound| jq -c '.streamSettings += {"security":"none"}')
# Fallback settings
for fb in "${fallback[@]}"
do
IFS=':'; fopt=(${fb}); fopt=(${fopt[@]})
IFS=':'; fopt=("${fb}"); fopt=("${fopt[@]}")
fhost="${fopt[0]}"; fport="${fopt[1]}"; fpath="${fopt[2]}"
unset IFS
if [ -z "${fport}" ]; then

2
server-twt.sh
View File

@@ -107,7 +107,7 @@ inbound=$(echo $inbound| jq -c --arg fullchain "${fullchain}" --arg prvkey "${pr
# Fallback settings
for fb in "${fallback[@]}"
do
IFS=':'; fopt=(${fb}); fopt=(${fopt[@]})
IFS=':'; fopt=("${fb}"); fopt=("${fopt[@]}")
fhost="${fopt[0]}"; fport="${fopt[1]}"; fpath="${fopt[2]}"
unset IFS
if [ -z "${fport}" ]; then