diff options
| author | MHSanaei <ho3ein.sanaei@gmail.com> | 2023-04-30 00:27:15 +0300 |
|---|---|---|
| committer | MHSanaei <ho3ein.sanaei@gmail.com> | 2023-04-30 00:27:15 +0300 |
| commit | 5100bbba52ef3c8dd554ebf314b7f273d25be76e (patch) | |
| tree | 53aa1e09204ec1a8838532a49154c1ca6bd7cae8 | |
| parent | f93d9126440c6ef49d7a1ae0595b39bfc4815a98 (diff) | |
simplify ssl cert
| -rw-r--r-- | install.sh | 2 | ||||
| -rw-r--r-- | x-ui.sh | 128 |
2 files changed, 8 insertions, 122 deletions
@@ -73,7 +73,7 @@ config_after_install() { /usr/local/x-ui/x-ui migrate echo -e "${yellow}Install/update finished! For security it's recommended to modify panel settings ${plain}" read -p "Do you want to continue with the modification [y/n]? ": config_confirm - if [[ x"${config_confirm}" == x"y" || x"${config_confirm}" == x"Y" ]]; then + if [[ "${config_confirm}" == "y" || "${config_confirm}" == "Y" ]]; then read -p "Please set up your username:" config_account echo -e "${yellow}Your username will be:${config_account}${plain}" read -p "Please set up your password:" config_password @@ -59,13 +59,13 @@ fi confirm() { if [[ $# > 1 ]]; then echo && read -p "$1 [Default $2]: " temp - if [[ x"${temp}" == x"" ]]; then + if [[ "${temp}" == "" ]]; then temp=$2 fi else read -p "$1 [y/n]: " temp fi - if [[ x"${temp}" == x"y" || x"${temp}" == x"Y" ]]; then + if [[ "${temp}" == "y" || "${temp}" == "Y" ]]; then return 0 else return 1 @@ -342,7 +342,7 @@ check_status() { return 2 fi temp=$(systemctl status x-ui | grep Active | awk '{print $3}' | cut -d "(" -f2 | cut -d ")" -f1) - if [[ x"${temp}" == x"running" ]]; then + if [[ "${temp}" == "running" ]]; then return 0 else return 1 @@ -351,7 +351,7 @@ check_status() { check_enabled() { temp=$(systemctl is-enabled x-ui) - if [[ x"${temp}" == x"enabled" ]]; then + if [[ "${temp}" == "enabled" ]]; then return 0 else return 1 @@ -431,32 +431,6 @@ show_xray_status() { fi } -#this will be an entrance for ssl cert issue -#here we can provide two different methods to issue cert -#first.standalone mode second.DNS API mode -ssl_cert_issue() { - local method="" - echo -E "" - LOGD "********Usage********" - LOGI "this shell script will use acme to help issue certs." - LOGI "here we provide two methods for issuing certs:" - LOGI "method 1:acme standalone mode,need to keep port:80 open" - LOGI "method 2:acme DNS API mode,need provide Cloudflare Global API Key" - LOGI "recommend method 2 first,if it fails,you can try method 1." - LOGI "certs will be installed in /root/cert directory" - read -p "please choose which method do you want,type 1 or 2": method - LOGI "you choosed method:${method}" - - if [ "${method}" == "1" ]; then - ssl_cert_issue_standalone - elif [ "${method}" == "2" ]; then - ssl_cert_issue_by_cloudflare - else - LOGE "invalid input,please check it..." - exit 1 - fi -} - open_ports() { if ! command -v ufw &> /dev/null then @@ -544,7 +518,7 @@ install_acme() { } #method for standalone mode -ssl_cert_issue_standalone() { +ssl_cert_issue() { #check for acme.sh first if ! command -v ~/.acme.sh/acme.sh &>/dev/null; then echo "acme.sh could not be found. we will install it" @@ -555,7 +529,7 @@ ssl_cert_issue_standalone() { fi fi #install socat second - if [[ x"${release}" == x"centos" ]]; then + if [[ "${release}" == "centos" ]] || [[ "${release}" == "fedora" ]] ; then yum install socat -y else apt install socat -y @@ -569,7 +543,7 @@ ssl_cert_issue_standalone() { #get the domain here,and we need verify it local domain="" - read -p "please input your domain:" domain + read -p "Please enter your domain name:" domain LOGD "your domain is:${domain},check it..." #here we need to judge whether there exists cert already local currentCert=$(~/.acme.sh/acme.sh --list | tail -1 | awk '{print $1}') @@ -636,94 +610,6 @@ ssl_cert_issue_standalone() { } -#method for DNS API mode -ssl_cert_issue_by_cloudflare() { - echo -E "" - LOGD "******Preconditions******" - LOGI "1.need Cloudflare account associated email" - LOGI "2.need Cloudflare Global API Key" - LOGI "3.your domain use Cloudflare as resolver" - confirm "I have confirmed all these info above[y/n]" "y" - if [ $? -eq 0 ]; then - install_acme - if [ $? -ne 0 ]; then - LOGE "install acme failed,please check logs" - exit 1 - fi - CF_Domain="" - CF_GlobalKey="" - CF_AccountEmail="" - - LOGD "please input your domain:" - read -p "Input your domain here:" CF_Domain - LOGD "your domain is:${CF_Domain},check it..." - #here we need to judge whether there exists cert already - local currentCert=$(~/.acme.sh/acme.sh --list | tail -1 | awk '{print $1}') - if [ ${currentCert} == ${CF_Domain} ]; then - local certInfo=$(~/.acme.sh/acme.sh --list) - LOGE "system already have certs here,can not issue again,current certs details:" - LOGI "$certInfo" - exit 1 - else - LOGI "your domain is ready for issuing cert now..." - fi - - #create a directory for install cert - certPath="/root/cert/${CF_Domain}" - if [ ! -d "$certPath" ]; then - mkdir -p "$certPath" - else - rm -rf "$certPath" - mkdir -p "$certPath" - fi - - LOGD "please inout your cloudflare global API key:" - read -p "Input your key here:" CF_GlobalKey - LOGD "your cloudflare global API key is:${CF_GlobalKey}" - LOGD "please input your cloudflare account email:" - read -p "Input your email here:" CF_AccountEmail - LOGD "your cloudflare account email:${CF_AccountEmail}" - ~/.acme.sh/acme.sh --set-default-ca --server letsencrypt - if [ $? -ne 0 ]; then - LOGE "change the default CA to Lets'Encrypt failed,exit" - exit 1 - fi - export CF_Key="${CF_GlobalKey}" - export CF_Email=${CF_AccountEmail} - ~/.acme.sh/acme.sh --issue --dns dns_cf -d ${CF_Domain} -d *.${CF_Domain} --log - if [ $? -ne 0 ]; then - LOGE "issue cert failed,exit" - rm -rf ~/.acme.sh/${CF_Domain} - exit 1 - else - LOGI "Certificate issued Successfully, Installing..." - fi - ~/.acme.sh/acme.sh --installcert -d ${CF_Domain} -d *.${CF_Domain} \ - --key-file /root/cert/${CF_Domain}/privkey.pem \ - --fullchain-file /root/cert/${CF_Domain}/fullchain.pem - - if [ $? -ne 0 ]; then - LOGE "install cert failed,exit" - rm -rf ~/.acme.sh/${CF_Domain} - exit 1 - else - LOGI "Certificate installed Successfully,Turning on automatic updates..." - fi - ~/.acme.sh/acme.sh --upgrade --auto-upgrade - if [ $? -ne 0 ]; then - LOGE "auto renew failed, certs details:" - ls -lah cert/* - chmod 755 $certPath/* - exit 1 - else - LOGI "auto renew succeed, certs details:" - ls -lah cert/* - chmod 755 $certPath/* - fi - else - show_menu - fi -} warp_fixchatgpt() { curl -fsSL https://gist.githubusercontent.com/hamid-gh98/dc5dd9b0cc5b0412af927b1ccdb294c7/raw/install_warp_proxy.sh | bash |