2gW94/server-xray
1
0
Fork 0
mirror of https://github.com/samuelhbne/server-xray.git synced 2025-12-17 12:24:39 +03:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity
Files
9404ea9b5d87831266a2ae6f12f220e6240e9d26
server-xray/server-nginx.sh
Samuel Huang 9404ea9b5d Fix xdomain list duplication
2021-09-23 17:25:00 +10:00

167 lines
4.3 KiB
Bash
Executable File
Raw Blame History

#!/bin/bash
DIR=`dirname $0`
DIR="$(cd $DIR; pwd)"
usage() {
echo "Usage: server-nginx --ng-opt <nginx-options> --ng-proxy <nginx-proxy-options>"
}
TEMP=`getopt -o o:x: --long ng-opt:,ng-proxy: -n "$0" -- $@`
if [ $? != 0 ] ; then usage; exit 1 ; fi
eval set -- "$TEMP"
while true ; do
case "$1" in
-o|--ng-opt)
NGOPT+=("$2")
shift 2
;;
-x|--ng-proxy)
NGPROXY+=("$2")
shift 2
;;
--)
shift
break
;;
*)
echo "Unrecogonised opt: $1"
usage;
exit 1
;;
esac
done
if [ -z "${NGOPT}" ]; then
echo "Missing --ng-opt option"
usage;
exit 1
fi
if [ -z "${NGPROXY}" ]; then
echo "Missing --ng-proxy option"
usage;
exit 1
fi
# Running as root to enable low port listening. Necessary for Fargate or k8s.
sed -i 's/^user nginx;$/user root;/g' /etc/nginx/nginx.conf
mkdir -p /run/nginx/
cd /etc/nginx/http.d/
if [ -f /etc/nginx/http.d/default.conf ]; then
mv default.conf default.conf.disable
fi
for ngopt in "${NGOPT[@]}"
do
unset certpath
options=(`echo $ngopt |tr ',' ' '`)
for option in "${options[@]}"
do
kv=(`echo $option |tr '=' ' '`)
case "${kv[0]}" in
c|certpath)
certpath+=("${kv[1]}")
;;
p|port)
port="${kv[1]}"
;;
d|domain)
domain="${kv[1]}"
DOMAIN+=("${kv[1]}")
;;
esac
done
if [ -z "${certpath}" ]; then
echo "Error: certpath undefined."
usage
exit 1
fi
if [ -z "${domain}" ]; then
echo "Error: domain undefined."
usage
exit 1
fi
if [ -z "${port}" ]; then port=443; fi
if ! [ "${port}" -eq "${port}" ] 2>/dev/null; then >&2 echo "Port number must be numeric"; exit 1; fi
for certroot in "${certpath[@]}"
do
if [ -f "${certroot}/${domain}/fullchain.cer" ] && [ -f "${certroot}/${domain}/${domain}.key" ]; then
fullchain="${certroot}/${domain}/fullchain.cer"
prvkey="${certroot}/${domain}/${domain}.key"
break
fi
done
if [ ! -f "${fullchain}" ] || [ ! -f "${prvkey}" ]; then
echo "TLS cert missing?"
echo "Abort."
exit 2
fi
TPL="site-ssl.conf.tpl"
ESC_CERTFILE=$(printf '%s\n' "${fullchain}" | sed -e 's/[]\/$*.^[]/\\&/g')
ESC_PRVKEYFILE=$(printf '%s\n' "${prvkey}" | sed -e 's/[]\/$*.^[]/\\&/g')
cat ${TPL} \
| sed "s/CERTFILE/${ESC_CERTFILE}/g" \
| sed "s/PRVKEYFILE/${ESC_PRVKEYFILE}/g" \
| sed "s/NGDOMAIN/${domain}/g" \
| sed "s/NGPORT/${port}/g" \
>"${domain}.conf"
done
for ngproxy in "${NGPROXY[@]}"
do
unset xdomain
options=(`echo $ngproxy |tr ',' ' '`)
for option in "${options[@]}"
do
kv=(`echo $option |tr '=' ' '`)
case "${kv[0]}" in
d|domain)
xdomain+=("${kv[1]}")
;;
h|host)
xhost="${kv[1]}"
;;
p|port)
xport="${kv[1]}"
;;
l|location)
xlocation="${kv[1]}"
;;
n|network)
xnetwork="${kv[1]}"
;;
esac
done
if [ -z "${xhost}" ]; then xhost="127.0.0.1"; fi
if [ -z "${xdomain}" ]; then xdomain=("${DOMAIN[@]}"); fi
for domain in "${xdomain[@]}"
do
# Replace the last(only) single line '}' with specific tpl file, hence insert a new section into the Nginx config file
case "${xnetwork}" in
ws|websocket)
sed -i -e "/^\}$/r ws.tpl" -e "/^\}$/d" ${domain}.conf
;;
grpc)
sed -i -e "/^\}$/r grpc.tpl" -e "/^\}$/d" ${domain}.conf
;;
esac
# Then add '}' to the end of the Nginx config file
echo -e "\n}" >> ${domain}.conf
ESC_LOCATION=$(printf '%s\n' "${xlocation}" | sed -e 's/[]\/$*.^[]/\\&/g')
sed -i "s/HOST/${xhost}/g" ${domain}.conf
sed -i "s/PORT/${xport}/g" ${domain}.conf
sed -i "s/LOCATION/${ESC_LOCATION}/g" ${domain}.conf
done
done
Reference in New Issue View Git Blame Copy Permalink