diff --git a/s-ui.sh b/s-ui.sh index 43e7563..550b3ae 100644 --- a/s-ui.sh +++ b/s-ui.sh @@ -1,4 +1,3 @@ - #!/bin/bash red='\033[0;31m' @@ -6,7 +5,6 @@ green='\033[0;32m' yellow='\033[0;33m' plain='\033[0m' -#Add some basic function here function LOGD() { echo -e "${yellow}[DEG] $* ${plain}" } @@ -18,10 +16,9 @@ function LOGE() { function LOGI() { echo -e "${green}[INF] $* ${plain}" } -# check root + [[ $EUID -ne 0 ]] && LOGE "ERROR: You must be root to run this script! \n" && exit 1 -# Check OS and set release variable if [[ -f /etc/os-release ]]; then source /etc/os-release release=$ID @@ -35,7 +32,6 @@ fi echo "The OS release is: $release" - os_version="" os_version=$(grep -i version_id /etc/os-release | cut -d \" -f2 | cut -d . -f1) @@ -54,8 +50,8 @@ elif [[ "${release}" == "centos" ]]; then echo -e "${red} Please use CentOS 8 or higher ${plain}\n" && exit 1 fi elif [[ "${release}" == "ubuntu" ]]; then - if [[ ${os_version} -lt 20 ]]; then - echo -e "${red} Please use Ubuntu 20 or higher version!${plain}\n" && exit 1 + if [[ ${os_version} -lt 22 ]]; then + echo -e "${red} Please use Ubuntu 22 or higher version!${plain}\n" && exit 1 fi elif [[ "${release}" == "fedora" ]]; then if [[ ${os_version} -lt 36 ]]; then @@ -80,7 +76,7 @@ elif [[ "${release}" == "oracle" ]]; then else echo -e "${red}Your operating system is not supported by this script.${plain}\n" echo "Please ensure you are using one of the following supported operating systems:" - echo "- Ubuntu 20.04+" + echo "- Ubuntu 22.04+" echo "- Debian 11+" echo "- CentOS 8+" echo "- Fedora 36+" @@ -93,7 +89,6 @@ else echo "- Oracle Linux 8+" echo "- OpenSUSE Tumbleweed" exit 1 - fi confirm() { @@ -164,7 +159,6 @@ custom_version() { download_link="https://raw.githubusercontent.com/alireza0/s-ui/master/install.sh" - # Use the entered panel version in the download link install_command="bash <(curl -Ls $download_link) $panel_version" echo "Downloading and installing panel version $panel_version..." @@ -232,13 +226,11 @@ set_setting() { echo -e "Enter the ${yellow}panel path${plain} (leave blank for existing/default value):" read config_path - # Sub configuration echo -e "Enter the ${yellow}subscription port${plain} (leave blank for existing/default value):" read config_subPort echo -e "Enter the ${yellow}subscription path${plain} (leave blank for existing/default value):" read config_subPath - # Set configs echo -e "${yellow}Initializing, please wait...${plain}" params="" [ -z "$config_port" ] || params="$params -port $config_port" @@ -373,7 +365,6 @@ update_shell() { fi } -# 0: running, 1: not running, 2: not installed check_status() { if [[ ! -f "/etc/systemd/system/$1.service" ]]; then return 2 @@ -487,20 +478,13 @@ bbr_menu() { } disable_bbr() { - if ! grep -q "net.core.default_qdisc=fq" /etc/sysctl.conf || ! grep -q "net.ipv4.tcp_congestion_control=bbr" /etc/sysctl.conf; then echo -e "${yellow}BBR is not currently enabled.${plain}" exit 0 fi - - # Replace BBR with CUBIC configurations sed -i 's/net.core.default_qdisc=fq/net.core.default_qdisc=pfifo_fast/' /etc/sysctl.conf sed -i 's/net.ipv4.tcp_congestion_control=bbr/net.ipv4.tcp_congestion_control=cubic/' /etc/sysctl.conf - - # Apply changes sysctl -p - - # Verify that BBR is replaced with CUBIC if [[ $(sysctl net.ipv4.tcp_congestion_control | awk '{print $3}') == "cubic" ]]; then echo -e "${green}BBR has been replaced with CUBIC successfully.${plain}" else @@ -513,8 +497,6 @@ enable_bbr() { echo -e "${green}BBR is already enabled!${plain}" exit 0 fi - - # Check the OS and install necessary packages case "${release}" in ubuntu | debian | armbian) apt-get update && apt-get install -yqq --no-install-recommends ca-certificates @@ -533,15 +515,9 @@ enable_bbr() { exit 1 ;; esac - - # Enable BBR echo "net.core.default_qdisc=fq" | tee -a /etc/sysctl.conf echo "net.ipv4.tcp_congestion_control=bbr" | tee -a /etc/sysctl.conf - - # Apply changes sysctl -p - - # Verify that BBR is enabled if [[ $(sysctl net.ipv4.tcp_congestion_control | awk '{print $3}') == "bbr" ]]; then echo -e "${green}BBR has been enabled successfully.${plain}" else @@ -566,6 +542,7 @@ ssl_cert_issue_main() { echo -e "${green}\t1.${plain} Get SSL" echo -e "${green}\t2.${plain} Revoke" echo -e "${green}\t3.${plain} Force Renew" + echo -e "${green}\t4.${plain} Self-signed Certificate" read -p "Choose an option: " choice case "$choice" in 1) ssl_cert_issue ;; @@ -579,12 +556,14 @@ ssl_cert_issue_main() { local domain="" read -p "Please enter your domain name to forcefully renew an SSL certificate: " domain ~/.acme.sh/acme.sh --renew -d ${domain} --force ;; + 4) + generate_self_signed_cert + ;; *) echo "Invalid choice" ;; esac } ssl_cert_issue() { - # check for acme.sh first if ! command -v ~/.acme.sh/acme.sh &>/dev/null; then echo "acme.sh could not be found. we will install it" install_acme @@ -593,7 +572,6 @@ ssl_cert_issue() { exit 1 fi fi - # install socat second case "${release}" in ubuntu | debian | armbian) apt update && apt install socat -y @@ -619,11 +597,9 @@ ssl_cert_issue() { LOGI "install socat succeed..." fi - # get the domain here,and we need verify it local domain="" read -p "Please enter your domain name:" domain LOGD "your domain is:${domain},check it..." - # here we need to judge whether there exists cert already local currentCert=$(~/.acme.sh/acme.sh --list | tail -1 | awk '{print $1}') if [ ${currentCert} == ${domain} ]; then @@ -635,7 +611,6 @@ ssl_cert_issue() { LOGI "your domain is ready for issuing cert now..." fi - # create a directory for install cert certPath="/root/cert/${domain}" if [ ! -d "$certPath" ]; then mkdir -p "$certPath" @@ -644,15 +619,12 @@ ssl_cert_issue() { mkdir -p "$certPath" fi - # get needed port here local WebPort=80 read -p "please choose which port do you use,default will be 80 port:" WebPort if [[ ${WebPort} -gt 65535 || ${WebPort} -lt 1 ]]; then LOGE "your input ${WebPort} is invalid,will use default port" fi LOGI "will use port:${WebPort} to issue certs,please make sure this port is open..." - # NOTE:This should be handled by user - # open the port and kill the occupied progress ~/.acme.sh/acme.sh --set-default-ca --server letsencrypt ~/.acme.sh/acme.sh --issue -d ${domain} --standalone --httpport ${WebPort} if [ $? -ne 0 ]; then @@ -662,7 +634,6 @@ ssl_cert_issue() { else LOGE "issue certs succeed,installing certs..." fi - # install cert ~/.acme.sh/acme.sh --installcert -d ${domain} \ --key-file /root/cert/${domain}/privkey.pem \ --fullchain-file /root/cert/${domain}/fullchain.pem @@ -804,6 +775,61 @@ ssl_cert_issue_CF() { esac } +generate_self_signed_cert() { + cert_dir="/etc/sing-box" + mkdir -p "$cert_dir" + LOGI "Choose certificate type:" + echo -e "${green}\t1.${plain} Ed25519 (*recommended*)" + echo -e "${green}\t2.${plain} RSA 2048" + echo -e "${green}\t3.${plain} RSA 4096" + echo -e "${green}\t4.${plain} ECDSA prime256v1" + echo -e "${green}\t5.${plain} ECDSA secp384r1" + read -p "Enter your choice [1-5, default 1]: " cert_type + cert_type=${cert_type:-1} + + case "$cert_type" in + 1) + algo="ed25519" + key_opt="-newkey ed25519" + ;; + 2) + algo="rsa" + key_opt="-newkey rsa:2048" + ;; + 3) + algo="rsa" + key_opt="-newkey rsa:4096" + ;; + 4) + algo="ecdsa" + key_opt="-newkey ec -pkeyopt ec_paramgen_curve:prime256v1" + ;; + 5) + algo="ecdsa" + key_opt="-newkey ec -pkeyopt ec_paramgen_curve:secp384r1" + ;; + *) + algo="ed25519" + key_opt="-newkey ed25519" + ;; + esac + + LOGI "Generating self-signed certificate ($algo)..." + sudo openssl req -x509 -nodes -days 3650 $key_opt \ + -keyout "${cert_dir}/self.key" \ + -out "${cert_dir}/self.crt" \ + -subj "/CN=myserver" + if [[ $? -eq 0 ]]; then + sudo chmod 600 "${cert_dir}/self."* + LOGI "Self-signed certificate generated successfully!" + LOGI "Certificate path: ${cert_dir}/self.crt" + LOGI "Key path: ${cert_dir}/self.key" + else + LOGE "Failed to generate self-signed certificate." + fi + before_show_menu +} + show_usage() { echo -e "S-UI Control Menu Usage" echo -e "------------------------------------------"