Update s-ui.sh
This commit is contained in:
Shellgate
@@ -1,4 +1,3 @@
|
|||||||
|
|
||||||
#!/bin/bash
|
#!/bin/bash
|
||||||
|
|
||||||
red='\033[0;31m'
|
red='\033[0;31m'
|
||||||
@@ -6,7 +5,6 @@ green='\033[0;32m'
|
|||||||
yellow='\033[0;33m'
|
yellow='\033[0;33m'
|
||||||
plain='\033[0m'
|
plain='\033[0m'
|
||||||
|
|
||||||
#Add some basic function here
|
|
||||||
function LOGD() {
|
function LOGD() {
|
||||||
echo -e "${yellow}[DEG] $* ${plain}"
|
echo -e "${yellow}[DEG] $* ${plain}"
|
||||||
}
|
}
|
||||||
@@ -18,10 +16,9 @@ function LOGE() {
|
|||||||
function LOGI() {
|
function LOGI() {
|
||||||
echo -e "${green}[INF] $* ${plain}"
|
echo -e "${green}[INF] $* ${plain}"
|
||||||
}
|
}
|
||||||
# check root
|
|
||||||
[[ $EUID -ne 0 ]] && LOGE "ERROR: You must be root to run this script! \n" && exit 1
|
[[ $EUID -ne 0 ]] && LOGE "ERROR: You must be root to run this script! \n" && exit 1
|
||||||
|
|
||||||
# Check OS and set release variable
|
|
||||||
if [[ -f /etc/os-release ]]; then
|
if [[ -f /etc/os-release ]]; then
|
||||||
source /etc/os-release
|
source /etc/os-release
|
||||||
release=$ID
|
release=$ID
|
||||||
@@ -35,7 +32,6 @@ fi
|
|||||||
|
|
||||||
echo "The OS release is: $release"
|
echo "The OS release is: $release"
|
||||||
|
|
||||||
|
|
||||||
os_version=""
|
os_version=""
|
||||||
os_version=$(grep -i version_id /etc/os-release | cut -d \" -f2 | cut -d . -f1)
|
os_version=$(grep -i version_id /etc/os-release | cut -d \" -f2 | cut -d . -f1)
|
||||||
|
|
||||||
@@ -54,8 +50,8 @@ elif [[ "${release}" == "centos" ]]; then
|
|||||||
echo -e "${red} Please use CentOS 8 or higher ${plain}\n" && exit 1
|
echo -e "${red} Please use CentOS 8 or higher ${plain}\n" && exit 1
|
||||||
fi
|
fi
|
||||||
elif [[ "${release}" == "ubuntu" ]]; then
|
elif [[ "${release}" == "ubuntu" ]]; then
|
||||||
if [[ ${os_version} -lt 20 ]]; then
|
if [[ ${os_version} -lt 22 ]]; then
|
||||||
echo -e "${red} Please use Ubuntu 20 or higher version!${plain}\n" && exit 1
|
echo -e "${red} Please use Ubuntu 22 or higher version!${plain}\n" && exit 1
|
||||||
fi
|
fi
|
||||||
elif [[ "${release}" == "fedora" ]]; then
|
elif [[ "${release}" == "fedora" ]]; then
|
||||||
if [[ ${os_version} -lt 36 ]]; then
|
if [[ ${os_version} -lt 36 ]]; then
|
||||||
@@ -80,7 +76,7 @@ elif [[ "${release}" == "oracle" ]]; then
|
|||||||
else
|
else
|
||||||
echo -e "${red}Your operating system is not supported by this script.${plain}\n"
|
echo -e "${red}Your operating system is not supported by this script.${plain}\n"
|
||||||
echo "Please ensure you are using one of the following supported operating systems:"
|
echo "Please ensure you are using one of the following supported operating systems:"
|
||||||
echo "- Ubuntu 20.04+"
|
echo "- Ubuntu 22.04+"
|
||||||
echo "- Debian 11+"
|
echo "- Debian 11+"
|
||||||
echo "- CentOS 8+"
|
echo "- CentOS 8+"
|
||||||
echo "- Fedora 36+"
|
echo "- Fedora 36+"
|
||||||
@@ -93,7 +89,6 @@ else
|
|||||||
echo "- Oracle Linux 8+"
|
echo "- Oracle Linux 8+"
|
||||||
echo "- OpenSUSE Tumbleweed"
|
echo "- OpenSUSE Tumbleweed"
|
||||||
exit 1
|
exit 1
|
||||||
|
|
||||||
fi
|
fi
|
||||||
|
|
||||||
confirm() {
|
confirm() {
|
||||||
@@ -164,7 +159,6 @@ custom_version() {
|
|||||||
|
|
||||||
download_link="https://raw.githubusercontent.com/alireza0/s-ui/master/install.sh"
|
download_link="https://raw.githubusercontent.com/alireza0/s-ui/master/install.sh"
|
||||||
|
|
||||||
# Use the entered panel version in the download link
|
|
||||||
install_command="bash <(curl -Ls $download_link) $panel_version"
|
install_command="bash <(curl -Ls $download_link) $panel_version"
|
||||||
|
|
||||||
echo "Downloading and installing panel version $panel_version..."
|
echo "Downloading and installing panel version $panel_version..."
|
||||||
@@ -232,13 +226,11 @@ set_setting() {
|
|||||||
echo -e "Enter the ${yellow}panel path${plain} (leave blank for existing/default value):"
|
echo -e "Enter the ${yellow}panel path${plain} (leave blank for existing/default value):"
|
||||||
read config_path
|
read config_path
|
||||||
|
|
||||||
# Sub configuration
|
|
||||||
echo -e "Enter the ${yellow}subscription port${plain} (leave blank for existing/default value):"
|
echo -e "Enter the ${yellow}subscription port${plain} (leave blank for existing/default value):"
|
||||||
read config_subPort
|
read config_subPort
|
||||||
echo -e "Enter the ${yellow}subscription path${plain} (leave blank for existing/default value):"
|
echo -e "Enter the ${yellow}subscription path${plain} (leave blank for existing/default value):"
|
||||||
read config_subPath
|
read config_subPath
|
||||||
|
|
||||||
# Set configs
|
|
||||||
echo -e "${yellow}Initializing, please wait...${plain}"
|
echo -e "${yellow}Initializing, please wait...${plain}"
|
||||||
params=""
|
params=""
|
||||||
[ -z "$config_port" ] || params="$params -port $config_port"
|
[ -z "$config_port" ] || params="$params -port $config_port"
|
||||||
@@ -373,7 +365,6 @@ update_shell() {
|
|||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
# 0: running, 1: not running, 2: not installed
|
|
||||||
check_status() {
|
check_status() {
|
||||||
if [[ ! -f "/etc/systemd/system/$1.service" ]]; then
|
if [[ ! -f "/etc/systemd/system/$1.service" ]]; then
|
||||||
return 2
|
return 2
|
||||||
@@ -487,20 +478,13 @@ bbr_menu() {
|
|||||||
}
|
}
|
||||||
|
|
||||||
disable_bbr() {
|
disable_bbr() {
|
||||||
|
|
||||||
if ! grep -q "net.core.default_qdisc=fq" /etc/sysctl.conf || ! grep -q "net.ipv4.tcp_congestion_control=bbr" /etc/sysctl.conf; then
|
if ! grep -q "net.core.default_qdisc=fq" /etc/sysctl.conf || ! grep -q "net.ipv4.tcp_congestion_control=bbr" /etc/sysctl.conf; then
|
||||||
echo -e "${yellow}BBR is not currently enabled.${plain}"
|
echo -e "${yellow}BBR is not currently enabled.${plain}"
|
||||||
exit 0
|
exit 0
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Replace BBR with CUBIC configurations
|
|
||||||
sed -i 's/net.core.default_qdisc=fq/net.core.default_qdisc=pfifo_fast/' /etc/sysctl.conf
|
sed -i 's/net.core.default_qdisc=fq/net.core.default_qdisc=pfifo_fast/' /etc/sysctl.conf
|
||||||
sed -i 's/net.ipv4.tcp_congestion_control=bbr/net.ipv4.tcp_congestion_control=cubic/' /etc/sysctl.conf
|
sed -i 's/net.ipv4.tcp_congestion_control=bbr/net.ipv4.tcp_congestion_control=cubic/' /etc/sysctl.conf
|
||||||
|
|
||||||
# Apply changes
|
|
||||||
sysctl -p
|
sysctl -p
|
||||||
|
|
||||||
# Verify that BBR is replaced with CUBIC
|
|
||||||
if [[ $(sysctl net.ipv4.tcp_congestion_control | awk '{print $3}') == "cubic" ]]; then
|
if [[ $(sysctl net.ipv4.tcp_congestion_control | awk '{print $3}') == "cubic" ]]; then
|
||||||
echo -e "${green}BBR has been replaced with CUBIC successfully.${plain}"
|
echo -e "${green}BBR has been replaced with CUBIC successfully.${plain}"
|
||||||
else
|
else
|
||||||
@@ -513,8 +497,6 @@ enable_bbr() {
|
|||||||
echo -e "${green}BBR is already enabled!${plain}"
|
echo -e "${green}BBR is already enabled!${plain}"
|
||||||
exit 0
|
exit 0
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Check the OS and install necessary packages
|
|
||||||
case "${release}" in
|
case "${release}" in
|
||||||
ubuntu | debian | armbian)
|
ubuntu | debian | armbian)
|
||||||
apt-get update && apt-get install -yqq --no-install-recommends ca-certificates
|
apt-get update && apt-get install -yqq --no-install-recommends ca-certificates
|
||||||
@@ -533,15 +515,9 @@ enable_bbr() {
|
|||||||
exit 1
|
exit 1
|
||||||
;;
|
;;
|
||||||
esac
|
esac
|
||||||
|
|
||||||
# Enable BBR
|
|
||||||
echo "net.core.default_qdisc=fq" | tee -a /etc/sysctl.conf
|
echo "net.core.default_qdisc=fq" | tee -a /etc/sysctl.conf
|
||||||
echo "net.ipv4.tcp_congestion_control=bbr" | tee -a /etc/sysctl.conf
|
echo "net.ipv4.tcp_congestion_control=bbr" | tee -a /etc/sysctl.conf
|
||||||
|
|
||||||
# Apply changes
|
|
||||||
sysctl -p
|
sysctl -p
|
||||||
|
|
||||||
# Verify that BBR is enabled
|
|
||||||
if [[ $(sysctl net.ipv4.tcp_congestion_control | awk '{print $3}') == "bbr" ]]; then
|
if [[ $(sysctl net.ipv4.tcp_congestion_control | awk '{print $3}') == "bbr" ]]; then
|
||||||
echo -e "${green}BBR has been enabled successfully.${plain}"
|
echo -e "${green}BBR has been enabled successfully.${plain}"
|
||||||
else
|
else
|
||||||
@@ -566,6 +542,7 @@ ssl_cert_issue_main() {
|
|||||||
echo -e "${green}\t1.${plain} Get SSL"
|
echo -e "${green}\t1.${plain} Get SSL"
|
||||||
echo -e "${green}\t2.${plain} Revoke"
|
echo -e "${green}\t2.${plain} Revoke"
|
||||||
echo -e "${green}\t3.${plain} Force Renew"
|
echo -e "${green}\t3.${plain} Force Renew"
|
||||||
|
echo -e "${green}\t4.${plain} Self-signed Certificate"
|
||||||
read -p "Choose an option: " choice
|
read -p "Choose an option: " choice
|
||||||
case "$choice" in
|
case "$choice" in
|
||||||
1) ssl_cert_issue ;;
|
1) ssl_cert_issue ;;
|
||||||
@@ -579,12 +556,14 @@ ssl_cert_issue_main() {
|
|||||||
local domain=""
|
local domain=""
|
||||||
read -p "Please enter your domain name to forcefully renew an SSL certificate: " domain
|
read -p "Please enter your domain name to forcefully renew an SSL certificate: " domain
|
||||||
~/.acme.sh/acme.sh --renew -d ${domain} --force ;;
|
~/.acme.sh/acme.sh --renew -d ${domain} --force ;;
|
||||||
|
4)
|
||||||
|
generate_self_signed_cert
|
||||||
|
;;
|
||||||
*) echo "Invalid choice" ;;
|
*) echo "Invalid choice" ;;
|
||||||
esac
|
esac
|
||||||
}
|
}
|
||||||
|
|
||||||
ssl_cert_issue() {
|
ssl_cert_issue() {
|
||||||
# check for acme.sh first
|
|
||||||
if ! command -v ~/.acme.sh/acme.sh &>/dev/null; then
|
if ! command -v ~/.acme.sh/acme.sh &>/dev/null; then
|
||||||
echo "acme.sh could not be found. we will install it"
|
echo "acme.sh could not be found. we will install it"
|
||||||
install_acme
|
install_acme
|
||||||
@@ -593,7 +572,6 @@ ssl_cert_issue() {
|
|||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
# install socat second
|
|
||||||
case "${release}" in
|
case "${release}" in
|
||||||
ubuntu | debian | armbian)
|
ubuntu | debian | armbian)
|
||||||
apt update && apt install socat -y
|
apt update && apt install socat -y
|
||||||
@@ -619,11 +597,9 @@ ssl_cert_issue() {
|
|||||||
LOGI "install socat succeed..."
|
LOGI "install socat succeed..."
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# get the domain here,and we need verify it
|
|
||||||
local domain=""
|
local domain=""
|
||||||
read -p "Please enter your domain name:" domain
|
read -p "Please enter your domain name:" domain
|
||||||
LOGD "your domain is:${domain},check it..."
|
LOGD "your domain is:${domain},check it..."
|
||||||
# here we need to judge whether there exists cert already
|
|
||||||
local currentCert=$(~/.acme.sh/acme.sh --list | tail -1 | awk '{print $1}')
|
local currentCert=$(~/.acme.sh/acme.sh --list | tail -1 | awk '{print $1}')
|
||||||
|
|
||||||
if [ ${currentCert} == ${domain} ]; then
|
if [ ${currentCert} == ${domain} ]; then
|
||||||
@@ -635,7 +611,6 @@ ssl_cert_issue() {
|
|||||||
LOGI "your domain is ready for issuing cert now..."
|
LOGI "your domain is ready for issuing cert now..."
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# create a directory for install cert
|
|
||||||
certPath="/root/cert/${domain}"
|
certPath="/root/cert/${domain}"
|
||||||
if [ ! -d "$certPath" ]; then
|
if [ ! -d "$certPath" ]; then
|
||||||
mkdir -p "$certPath"
|
mkdir -p "$certPath"
|
||||||
@@ -644,15 +619,12 @@ ssl_cert_issue() {
|
|||||||
mkdir -p "$certPath"
|
mkdir -p "$certPath"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# get needed port here
|
|
||||||
local WebPort=80
|
local WebPort=80
|
||||||
read -p "please choose which port do you use,default will be 80 port:" WebPort
|
read -p "please choose which port do you use,default will be 80 port:" WebPort
|
||||||
if [[ ${WebPort} -gt 65535 || ${WebPort} -lt 1 ]]; then
|
if [[ ${WebPort} -gt 65535 || ${WebPort} -lt 1 ]]; then
|
||||||
LOGE "your input ${WebPort} is invalid,will use default port"
|
LOGE "your input ${WebPort} is invalid,will use default port"
|
||||||
fi
|
fi
|
||||||
LOGI "will use port:${WebPort} to issue certs,please make sure this port is open..."
|
LOGI "will use port:${WebPort} to issue certs,please make sure this port is open..."
|
||||||
# NOTE:This should be handled by user
|
|
||||||
# open the port and kill the occupied progress
|
|
||||||
~/.acme.sh/acme.sh --set-default-ca --server letsencrypt
|
~/.acme.sh/acme.sh --set-default-ca --server letsencrypt
|
||||||
~/.acme.sh/acme.sh --issue -d ${domain} --standalone --httpport ${WebPort}
|
~/.acme.sh/acme.sh --issue -d ${domain} --standalone --httpport ${WebPort}
|
||||||
if [ $? -ne 0 ]; then
|
if [ $? -ne 0 ]; then
|
||||||
@@ -662,7 +634,6 @@ ssl_cert_issue() {
|
|||||||
else
|
else
|
||||||
LOGE "issue certs succeed,installing certs..."
|
LOGE "issue certs succeed,installing certs..."
|
||||||
fi
|
fi
|
||||||
# install cert
|
|
||||||
~/.acme.sh/acme.sh --installcert -d ${domain} \
|
~/.acme.sh/acme.sh --installcert -d ${domain} \
|
||||||
--key-file /root/cert/${domain}/privkey.pem \
|
--key-file /root/cert/${domain}/privkey.pem \
|
||||||
--fullchain-file /root/cert/${domain}/fullchain.pem
|
--fullchain-file /root/cert/${domain}/fullchain.pem
|
||||||
@@ -804,6 +775,61 @@ ssl_cert_issue_CF() {
|
|||||||
esac
|
esac
|
||||||
}
|
}
|
||||||
|
|
||||||
|
generate_self_signed_cert() {
|
||||||
|
cert_dir="/etc/sing-box"
|
||||||
|
mkdir -p "$cert_dir"
|
||||||
|
LOGI "Choose certificate type:"
|
||||||
|
echo -e "${green}\t1.${plain} Ed25519 (*recommended*)"
|
||||||
|
echo -e "${green}\t2.${plain} RSA 2048"
|
||||||
|
echo -e "${green}\t3.${plain} RSA 4096"
|
||||||
|
echo -e "${green}\t4.${plain} ECDSA prime256v1"
|
||||||
|
echo -e "${green}\t5.${plain} ECDSA secp384r1"
|
||||||
|
read -p "Enter your choice [1-5, default 1]: " cert_type
|
||||||
|
cert_type=${cert_type:-1}
|
||||||
|
|
||||||
|
case "$cert_type" in
|
||||||
|
1)
|
||||||
|
algo="ed25519"
|
||||||
|
key_opt="-newkey ed25519"
|
||||||
|
;;
|
||||||
|
2)
|
||||||
|
algo="rsa"
|
||||||
|
key_opt="-newkey rsa:2048"
|
||||||
|
;;
|
||||||
|
3)
|
||||||
|
algo="rsa"
|
||||||
|
key_opt="-newkey rsa:4096"
|
||||||
|
;;
|
||||||
|
4)
|
||||||
|
algo="ecdsa"
|
||||||
|
key_opt="-newkey ec -pkeyopt ec_paramgen_curve:prime256v1"
|
||||||
|
;;
|
||||||
|
5)
|
||||||
|
algo="ecdsa"
|
||||||
|
key_opt="-newkey ec -pkeyopt ec_paramgen_curve:secp384r1"
|
||||||
|
;;
|
||||||
|
*)
|
||||||
|
algo="ed25519"
|
||||||
|
key_opt="-newkey ed25519"
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
|
||||||
|
LOGI "Generating self-signed certificate ($algo)..."
|
||||||
|
sudo openssl req -x509 -nodes -days 3650 $key_opt \
|
||||||
|
-keyout "${cert_dir}/self.key" \
|
||||||
|
-out "${cert_dir}/self.crt" \
|
||||||
|
-subj "/CN=myserver"
|
||||||
|
if [[ $? -eq 0 ]]; then
|
||||||
|
sudo chmod 600 "${cert_dir}/self."*
|
||||||
|
LOGI "Self-signed certificate generated successfully!"
|
||||||
|
LOGI "Certificate path: ${cert_dir}/self.crt"
|
||||||
|
LOGI "Key path: ${cert_dir}/self.key"
|
||||||
|
else
|
||||||
|
LOGE "Failed to generate self-signed certificate."
|
||||||
|
fi
|
||||||
|
before_show_menu
|
||||||
|
}
|
||||||
|
|
||||||
show_usage() {
|
show_usage() {
|
||||||
echo -e "S-UI Control Menu Usage"
|
echo -e "S-UI Control Menu Usage"
|
||||||
echo -e "------------------------------------------"
|
echo -e "------------------------------------------"
|
||||||
|
|||||||
Reference in New Issue
Block a user