From c07b2c73d7bd969daf2a59fa17a6297dc8518ff6 Mon Sep 17 00:00:00 2001 From: MHSanaei Date: Sun, 2 Apr 2023 18:12:00 +0330 Subject: enable firewall + open port + update geo files --- x-ui.sh | 74 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++---- 1 file changed, 70 insertions(+), 4 deletions(-) (limited to 'x-ui.sh') diff --git a/x-ui.sh b/x-ui.sh index 341e8a02..77a11393 100644 --- a/x-ui.sh +++ b/x-ui.sh @@ -454,6 +454,64 @@ ssl_cert_issue() { fi } +open_ports() { + + # Check if the firewall is inactive + if sudo ufw status | grep -q "Status: active"; then + echo "firewall is already active" + else + # Open the necessary ports + sudo ufw allow ssh + sudo ufw allow http + sudo ufw allow https + sudo ufw allow 2053/tcp + + # Enable the firewall + sudo ufw --force enable + fi + + # Prompt the user to enter a list of ports + read -p "Enter the ports you want to open (e.g. 80,443,2053 or range 400-500): " ports + + # Check if the input is valid + if ! [[ $ports =~ ^([0-9]+|[0-9]+-[0-9]+)(,([0-9]+|[0-9]+-[0-9]+))*$ ]]; then + echo "Error: Invalid input. Please enter a comma-separated list of ports or a range of ports (e.g. 80,443,2053 or 400-500)." >&2; exit 1 + fi + + # Open the specified ports using ufw + IFS=',' read -ra PORT_LIST <<< "$ports" + for port in "${PORT_LIST[@]}"; do + if [[ $port == *-* ]]; then + # Split the range into start and end ports + start_port=$(echo $port | cut -d'-' -f1) + end_port=$(echo $port | cut -d'-' -f2) + # Loop through the range and open each port + for ((i=start_port; i<=end_port; i++)); do + sudo ufw allow $i + done + else + sudo ufw allow "$port" + fi + done + + # Confirm that the ports are open + sudo ufw status | grep $ports +} + + + +update_geo(){ + systemctl stop x-ui + cd /usr/local/x-ui/bin + rm -f geoip.dat geosite.dat iran.dat + wget -N https://github.com/Loyalsoldier/v2ray-rules-dat/releases/latest/download/geoip.dat + wget -N https://github.com/Loyalsoldier/v2ray-rules-dat/releases/latest/download/geosite.dat + wget -N https://github.com/bootmortis/iran-hosted-domains/releases/latest/download/iran.dat + systemctl start x-ui + echo -e "${green}Geosite and Geoip have been updated successfully!${plain}" +before_show_menu +} + install_acme() { cd ~ LOGI "install acme..." @@ -532,8 +590,8 @@ ssl_cert_issue_standalone() { fi #install cert ~/.acme.sh/acme.sh --installcert -d ${domain} --ca-file /root/cert/ca.cer \ - --cert-file /root/cert/${domain}.cer --key-file /root/cert/${domain}.key \ - --fullchain-file /root/cert/fullchain.cer + --cert-file /root/cert/${domain}.cer --key-file /root/cert/privkey.pem \ + --fullchain-file /root/cert/fullchain.pem if [ $? -ne 0 ]; then LOGE "install certs failed,exit" @@ -682,9 +740,11 @@ show_menu() { ———————————————— ${green}15.${plain} Enable BBR ${green}16.${plain} Issuse Certs + ${green}17.${plain} Update Geoip and Geosite + ${green}18.${plain} Enable Firewall and open Ports " show_status - echo && read -p "Please enter your selection [0-16]: " num + echo && read -p "Please enter your selection [0-18]: " num case "${num}" in 0) @@ -738,8 +798,14 @@ show_menu() { 16) ssl_cert_issue ;; + 17) + update_geo + ;; + 18) + open_ports + ;; *) - LOGE "Please enter the correct number [0-16]" + LOGE "Please enter the correct number [0-18]" ;; esac } -- cgit v1.2.3 From e51c59995c9ffacce1f05495cbc3a8cb986923c9 Mon Sep 17 00:00:00 2001 From: MHSanaei Date: Sun, 2 Apr 2023 21:01:08 +0330 Subject: fixed - multi domain ssl path --- x-ui.sh | 101 +++++++++++++++++++++++++++++++++++----------------------------- 1 file changed, 55 insertions(+), 46 deletions(-) (limited to 'x-ui.sh') diff --git a/x-ui.sh b/x-ui.sh index 77a11393..ebda157c 100644 --- a/x-ui.sh +++ b/x-ui.sh @@ -548,14 +548,7 @@ ssl_cert_issue_standalone() { else LOGI "install socat succeed..." fi - #creat a directory for install cert - certPath=/root/cert - if [ ! -d "$certPath" ]; then - mkdir $certPath - else - rm -rf $certPath - mkdir $certPath - fi + #get the domain here,and we need verify it local domain="" read -p "please input your domain:" domain @@ -570,6 +563,16 @@ ssl_cert_issue_standalone() { else LOGI "your domain is ready for issuing cert now..." fi + + #create a directory for install cert + certPath="/root/cert/${domain}" + if [ ! -d "$certPath" ]; then + mkdir -p "$certPath" + else + rm -rf "$certPath" + mkdir -p "$certPath" + fi + #get needed port here local WebPort=80 read -p "please choose which port do you use,default will be 80 port:" WebPort @@ -589,9 +592,9 @@ ssl_cert_issue_standalone() { LOGE "issue certs succeed,installing certs..." fi #install cert - ~/.acme.sh/acme.sh --installcert -d ${domain} --ca-file /root/cert/ca.cer \ - --cert-file /root/cert/${domain}.cer --key-file /root/cert/privkey.pem \ - --fullchain-file /root/cert/fullchain.pem + ~/.acme.sh/acme.sh --installcert -d ${domain} \ + --key-file /root/cert/${domain}/privkey.pem \ + --fullchain-file /root/cert/${domain}/fullchain.pem if [ $? -ne 0 ]; then LOGE "install certs failed,exit" @@ -600,17 +603,18 @@ ssl_cert_issue_standalone() { else LOGI "install certs succeed,enable auto renew..." fi - ~/.acme.sh/acme.sh --upgrade --auto-upgrade - if [ $? -ne 0 ]; then - LOGE "auto renew failed,certs details:" - ls -lah cert - chmod 755 $certPath - exit 1 - else - LOGI "auto renew succeed,certs details:" - ls -lah cert - chmod 755 $certPath - fi + + ~/.acme.sh/acme.sh --upgrade --auto-upgrade + if [ $? -ne 0 ]; then + LOGE "auto renew failed, certs details:" + ls -lah cert/* + chmod 755 $certPath/* + exit 1 + else + LOGI "auto renew succeed, certs details:" + ls -lah cert/* + chmod 755 $certPath/* + fi } @@ -631,13 +635,7 @@ ssl_cert_issue_by_cloudflare() { CF_Domain="" CF_GlobalKey="" CF_AccountEmail="" - certPath=/root/cert - if [ ! -d "$certPath" ]; then - mkdir $certPath - else - rm -rf $certPath - mkdir $certPath - fi + LOGD "please input your domain:" read -p "Input your domain here:" CF_Domain LOGD "your domain is:${CF_Domain},check it..." @@ -651,6 +649,16 @@ ssl_cert_issue_by_cloudflare() { else LOGI "your domain is ready for issuing cert now..." fi + + #create a directory for install cert + certPath="/root/cert/${CF_Domain}" + if [ ! -d "$certPath" ]; then + mkdir -p "$certPath" + else + rm -rf "$certPath" + mkdir -p "$certPath" + fi + LOGD "please inout your cloudflare global API key:" read -p "Input your key here:" CF_GlobalKey LOGD "your cloudflare global API key is:${CF_GlobalKey}" @@ -672,9 +680,10 @@ ssl_cert_issue_by_cloudflare() { else LOGI "Certificate issued Successfully, Installing..." fi - ~/.acme.sh/acme.sh --installcert -d ${CF_Domain} -d *.${CF_Domain} --ca-file /root/cert/ca.cer \ - --cert-file /root/cert/${CF_Domain}.cer --key-file /root/cert/${CF_Domain}.key \ - --fullchain-file /root/cert/fullchain.cer + ~/.acme.sh/acme.sh --installcert -d ${CF_Domain} -d *.${CF_Domain} \ + --key-file /root/cert/${CF_Domain}/privkey.pem \ + --fullchain-file /root/cert/${CF_Domain}/fullchain.pem + if [ $? -ne 0 ]; then LOGE "install cert failed,exit" rm -rf ~/.acme.sh/${CF_Domain} @@ -682,17 +691,17 @@ ssl_cert_issue_by_cloudflare() { else LOGI "Certificate installed Successfully,Turning on automatic updates..." fi - ~/.acme.sh/acme.sh --upgrade --auto-upgrade - if [ $? -ne 0 ]; then - LOGE "Auto update setup Failed, script exiting..." - ls -lah cert - chmod 755 $certPath - exit 1 - else - LOGI "The certificate is installed and auto-renewal is turned on, Specific information is as follows" - ls -lah cert - chmod 755 $certPath - fi + ~/.acme.sh/acme.sh --upgrade --auto-upgrade + if [ $? -ne 0 ]; then + LOGE "auto renew failed, certs details:" + ls -lah cert/* + chmod 755 $certPath/* + exit 1 + else + LOGI "auto renew succeed, certs details:" + ls -lah cert/* + chmod 755 $certPath/* + fi else show_menu fi @@ -739,9 +748,9 @@ show_menu() { ${green}14.${plain} Disabel x-ui On System Startup ———————————————— ${green}15.${plain} Enable BBR - ${green}16.${plain} Issuse Certs - ${green}17.${plain} Update Geoip and Geosite - ${green}18.${plain} Enable Firewall and open Ports + ${green}16.${plain} Apply for an SSL Certificate + ${green}17.${plain} Update Geo Files + ${green}18.${plain} Active Firewall and open ports " show_status echo && read -p "Please enter your selection [0-18]: " num -- cgit v1.2.3 From 7c980343f1f25dd66c7a7081b37ded5ff1be48be Mon Sep 17 00:00:00 2001 From: MHSanaei Date: Mon, 3 Apr 2023 19:22:23 +0330 Subject: new option - speedtest + google recaptcha --- x-ui.sh | 57 ++++++++++++++++++++++++++++++++++++++++++--------------- 1 file changed, 42 insertions(+), 15 deletions(-) (limited to 'x-ui.sh') diff --git a/x-ui.sh b/x-ui.sh index ebda157c..4ab64c3c 100644 --- a/x-ui.sh +++ b/x-ui.sh @@ -677,20 +677,20 @@ ssl_cert_issue_by_cloudflare() { LOGE "issue cert failed,exit" rm -rf ~/.acme.sh/${CF_Domain} exit 1 - else - LOGI "Certificate issued Successfully, Installing..." - fi - ~/.acme.sh/acme.sh --installcert -d ${CF_Domain} -d *.${CF_Domain} \ - --key-file /root/cert/${CF_Domain}/privkey.pem \ - --fullchain-file /root/cert/${CF_Domain}/fullchain.pem + else + LOGI "Certificate issued Successfully, Installing..." + fi + ~/.acme.sh/acme.sh --installcert -d ${CF_Domain} -d *.${CF_Domain} \ + --key-file /root/cert/${CF_Domain}/privkey.pem \ + --fullchain-file /root/cert/${CF_Domain}/fullchain.pem - if [ $? -ne 0 ]; then - LOGE "install cert failed,exit" - rm -rf ~/.acme.sh/${CF_Domain} - exit 1 - else - LOGI "Certificate installed Successfully,Turning on automatic updates..." - fi + if [ $? -ne 0 ]; then + LOGE "install cert failed,exit" + rm -rf ~/.acme.sh/${CF_Domain} + exit 1 + else + LOGI "Certificate installed Successfully,Turning on automatic updates..." + fi ~/.acme.sh/acme.sh --upgrade --auto-upgrade if [ $? -ne 0 ]; then LOGE "auto renew failed, certs details:" @@ -706,6 +706,25 @@ ssl_cert_issue_by_cloudflare() { show_menu fi } +google_recaptcha() { + curl -O https://raw.githubusercontent.com/jinwyp/one_click_script/master/install_kernel.sh && chmod +x ./install_kernel.sh && ./install_kernel.sh + echo "" + before_show_menu +} + +run_speedtest() { + # Check if Speedtest is already installed + if ! command -v speedtest &> /dev/null; then + # If not installed, install it + sudo apt-get update && sudo apt-get install -y curl + curl -s https://install.speedtest.net/app/cli/install.deb.sh | sudo bash + sudo apt-get install -y speedtest + fi + + # Run Speedtest + speedtest +} + show_usage() { echo "x-ui control menu usages: " @@ -751,9 +770,11 @@ show_menu() { ${green}16.${plain} Apply for an SSL Certificate ${green}17.${plain} Update Geo Files ${green}18.${plain} Active Firewall and open ports + ${green}19.${plain} Fixing Google reCAPTCHA + ${green}20.${plain} Speedtest by Ookla " show_status - echo && read -p "Please enter your selection [0-18]: " num + echo && read -p "Please enter your selection [0-20]: " num case "${num}" in 0) @@ -813,8 +834,14 @@ show_menu() { 18) open_ports ;; + 19) + google_recaptcha + ;; + 20) + run_speedtest + ;; *) - LOGE "Please enter the correct number [0-18]" + LOGE "Please enter the correct number [0-20]" ;; esac } -- cgit v1.2.3 From 0e5de1aec8f3b090fce14638d7e0030ff7b7f40f Mon Sep 17 00:00:00 2001 From: MHSanaei Date: Tue, 4 Apr 2023 00:00:29 +0330 Subject: speedtest install option --- x-ui.sh | 24 +++++++++++++++++++++--- 1 file changed, 21 insertions(+), 3 deletions(-) (limited to 'x-ui.sh') diff --git a/x-ui.sh b/x-ui.sh index 4ab64c3c..b2a1f8fa 100644 --- a/x-ui.sh +++ b/x-ui.sh @@ -716,9 +716,26 @@ run_speedtest() { # Check if Speedtest is already installed if ! command -v speedtest &> /dev/null; then # If not installed, install it - sudo apt-get update && sudo apt-get install -y curl - curl -s https://install.speedtest.net/app/cli/install.deb.sh | sudo bash - sudo apt-get install -y speedtest + if command -v dnf &> /dev/null; then + sudo dnf install -y curl + curl -s https://install.speedtest.net/app/cli/install.rpm.sh | sudo bash + sudo dnf install -y speedtest + elif command -v yum &> /dev/null; then + sudo yum install -y curl + curl -s https://install.speedtest.net/app/cli/install.rpm.sh | sudo bash + sudo yum install -y speedtest + elif command -v apt-get &> /dev/null; then + sudo apt-get update && sudo apt-get install -y curl + curl -s https://install.speedtest.net/app/cli/install.deb.sh | sudo bash + sudo apt-get install -y speedtest + elif command -v apt &> /dev/null; then + sudo apt update && sudo apt install -y curl + curl -s https://install.speedtest.net/app/cli/install.deb.sh | sudo bash + sudo apt install -y speedtest + else + echo "Error: Package manager not found. You may need to install Speedtest manually." + return 1 + fi fi # Run Speedtest @@ -726,6 +743,7 @@ run_speedtest() { } + show_usage() { echo "x-ui control menu usages: " echo "------------------------------------------" -- cgit v1.2.3