kccsl/s-ui
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update s-ui.sh

Browse Source
This commit is contained in:
Shellgate
2025-07-13 20:19:09 +03:30
committed by GitHub
parent 349d490a65
commit 1d23f5a1df
1 changed files with 63 additions and 37 deletions
Download Patch File Download Diff File Expand all files Collapse all files
s-ui.sh
+63 -37
View File
@@ -1,4 +1,3 @@
#!/bin/bash
red='\033[0;31m'
@@ -6,7 +5,6 @@ green='\033[0;32m'
yellow='\033[0;33m'
plain='\033[0m'
#Add some basic function here
function LOGD() {
echo -e "${yellow}[DEG] $* ${plain}"
}
@@ -18,10 +16,9 @@ function LOGE() {
function LOGI() {
echo -e "${green}[INF] $* ${plain}"
}
# check root
[[ $EUID -ne 0 ]] && LOGE "ERROR: You must be root to run this script! \n" && exit 1
# Check OS and set release variable
if [[ -f /etc/os-release ]]; then
source /etc/os-release
release=$ID
@@ -35,7 +32,6 @@ fi
echo "The OS release is: $release"
os_version=""
os_version=$(grep -i version_id /etc/os-release | cut -d \" -f2 | cut -d . -f1)
@@ -54,8 +50,8 @@ elif [[ "${release}" == "centos" ]]; then
echo -e "${red} Please use CentOS 8 or higher ${plain}\n" && exit 1
fi
elif [[ "${release}" == "ubuntu" ]]; then
if [[ ${os_version} -lt 20 ]]; then
echo -e "${red} Please use Ubuntu 20 or higher version!${plain}\n" && exit 1
if [[ ${os_version} -lt 22 ]]; then
echo -e "${red} Please use Ubuntu 22 or higher version!${plain}\n" && exit 1
fi
elif [[ "${release}" == "fedora" ]]; then
if [[ ${os_version} -lt 36 ]]; then
@@ -80,7 +76,7 @@ elif [[ "${release}" == "oracle" ]]; then
else
echo -e "${red}Your operating system is not supported by this script.${plain}\n"
echo "Please ensure you are using one of the following supported operating systems:"
echo "- Ubuntu 20.04+"
echo "- Ubuntu 22.04+"
echo "- Debian 11+"
echo "- CentOS 8+"
echo "- Fedora 36+"
@@ -93,7 +89,6 @@ else
echo "- Oracle Linux 8+"
echo "- OpenSUSE Tumbleweed"
exit 1
fi
confirm() {
@@ -164,7 +159,6 @@ custom_version() {
download_link="https://raw.githubusercontent.com/alireza0/s-ui/master/install.sh"
# Use the entered panel version in the download link
install_command="bash <(curl -Ls $download_link) $panel_version"
echo "Downloading and installing panel version $panel_version..."
@@ -232,13 +226,11 @@ set_setting() {
echo -e "Enter the ${yellow}panel path${plain} (leave blank for existing/default value):"
read config_path
# Sub configuration
echo -e "Enter the ${yellow}subscription port${plain} (leave blank for existing/default value):"
read config_subPort
echo -e "Enter the ${yellow}subscription path${plain} (leave blank for existing/default value):"
read config_subPath
# Set configs
echo -e "${yellow}Initializing, please wait...${plain}"
params=""
[ -z "$config_port" ] || params="$params -port $config_port"
@@ -373,7 +365,6 @@ update_shell() {
fi
}
# 0: running, 1: not running, 2: not installed
check_status() {
if [[ ! -f "/etc/systemd/system/$1.service" ]]; then
return 2
@@ -487,20 +478,13 @@ bbr_menu() {
}
disable_bbr() {
if ! grep -q "net.core.default_qdisc=fq" /etc/sysctl.conf || ! grep -q "net.ipv4.tcp_congestion_control=bbr" /etc/sysctl.conf; then
echo -e "${yellow}BBR is not currently enabled.${plain}"
exit 0
fi
# Replace BBR with CUBIC configurations
sed -i 's/net.core.default_qdisc=fq/net.core.default_qdisc=pfifo_fast/' /etc/sysctl.conf
sed -i 's/net.ipv4.tcp_congestion_control=bbr/net.ipv4.tcp_congestion_control=cubic/' /etc/sysctl.conf
# Apply changes
sysctl -p
# Verify that BBR is replaced with CUBIC
if [[ $(sysctl net.ipv4.tcp_congestion_control | awk '{print $3}') == "cubic" ]]; then
echo -e "${green}BBR has been replaced with CUBIC successfully.${plain}"
else
@@ -513,8 +497,6 @@ enable_bbr() {
echo -e "${green}BBR is already enabled!${plain}"
exit 0
fi
# Check the OS and install necessary packages
case "${release}" in
ubuntu | debian | armbian)
apt-get update && apt-get install -yqq --no-install-recommends ca-certificates
@@ -533,15 +515,9 @@ enable_bbr() {
exit 1
;;
esac
# Enable BBR
echo "net.core.default_qdisc=fq" | tee -a /etc/sysctl.conf
echo "net.ipv4.tcp_congestion_control=bbr" | tee -a /etc/sysctl.conf
# Apply changes
sysctl -p
# Verify that BBR is enabled
if [[ $(sysctl net.ipv4.tcp_congestion_control | awk '{print $3}') == "bbr" ]]; then
echo -e "${green}BBR has been enabled successfully.${plain}"
else
@@ -566,6 +542,7 @@ ssl_cert_issue_main() {
echo -e "${green}\t1.${plain} Get SSL"
echo -e "${green}\t2.${plain} Revoke"
echo -e "${green}\t3.${plain} Force Renew"
echo -e "${green}\t4.${plain} Self-signed Certificate"
read -p "Choose an option: " choice
case "$choice" in
1) ssl_cert_issue ;;
@@ -579,12 +556,14 @@ ssl_cert_issue_main() {
local domain=""
read -p "Please enter your domain name to forcefully renew an SSL certificate: " domain
~/.acme.sh/acme.sh --renew -d ${domain} --force ;;
4)
generate_self_signed_cert
;;
*) echo "Invalid choice" ;;
esac
}
ssl_cert_issue() {
# check for acme.sh first
if ! command -v ~/.acme.sh/acme.sh &>/dev/null; then
echo "acme.sh could not be found. we will install it"
install_acme
@@ -593,7 +572,6 @@ ssl_cert_issue() {
exit 1
fi
fi
# install socat second
case "${release}" in
ubuntu | debian | armbian)
apt update && apt install socat -y
@@ -619,11 +597,9 @@ ssl_cert_issue() {
LOGI "install socat succeed..."
fi
# get the domain here,and we need verify it
local domain=""
read -p "Please enter your domain name:" domain
LOGD "your domain is:${domain},check it..."
# here we need to judge whether there exists cert already
local currentCert=$(~/.acme.sh/acme.sh --list | tail -1 | awk '{print $1}')
if [ ${currentCert} == ${domain} ]; then
@@ -635,7 +611,6 @@ ssl_cert_issue() {
LOGI "your domain is ready for issuing cert now..."
fi
# create a directory for install cert
certPath="/root/cert/${domain}"
if [ ! -d "$certPath" ]; then
mkdir -p "$certPath"
@@ -644,15 +619,12 @@ ssl_cert_issue() {
mkdir -p "$certPath"
fi
# get needed port here
local WebPort=80
read -p "please choose which port do you use,default will be 80 port:" WebPort
if [[ ${WebPort} -gt 65535 || ${WebPort} -lt 1 ]]; then
LOGE "your input ${WebPort} is invalid,will use default port"
fi
LOGI "will use port:${WebPort} to issue certs,please make sure this port is open..."
# NOTE:This should be handled by user
# open the port and kill the occupied progress
~/.acme.sh/acme.sh --set-default-ca --server letsencrypt
~/.acme.sh/acme.sh --issue -d ${domain} --standalone --httpport ${WebPort}
if [ $? -ne 0 ]; then
@@ -662,7 +634,6 @@ ssl_cert_issue() {
else
LOGE "issue certs succeed,installing certs..."
fi
# install cert
~/.acme.sh/acme.sh --installcert -d ${domain} \
--key-file /root/cert/${domain}/privkey.pem \
--fullchain-file /root/cert/${domain}/fullchain.pem
@@ -804,6 +775,61 @@ ssl_cert_issue_CF() {
esac
}
generate_self_signed_cert() {
cert_dir="/etc/sing-box"
mkdir -p "$cert_dir"
LOGI "Choose certificate type:"
echo -e "${green}\t1.${plain} Ed25519 (*recommended*)"
echo -e "${green}\t2.${plain} RSA 2048"
echo -e "${green}\t3.${plain} RSA 4096"
echo -e "${green}\t4.${plain} ECDSA prime256v1"
echo -e "${green}\t5.${plain} ECDSA secp384r1"
read -p "Enter your choice [1-5, default 1]: " cert_type
cert_type=${cert_type:-1}
case "$cert_type" in
1)
algo="ed25519"
key_opt="-newkey ed25519"
;;
2)
algo="rsa"
key_opt="-newkey rsa:2048"
;;
3)
algo="rsa"
key_opt="-newkey rsa:4096"
;;
4)
algo="ecdsa"
key_opt="-newkey ec -pkeyopt ec_paramgen_curve:prime256v1"
;;
5)
algo="ecdsa"
key_opt="-newkey ec -pkeyopt ec_paramgen_curve:secp384r1"
;;
*)
algo="ed25519"
key_opt="-newkey ed25519"
;;
esac
LOGI "Generating self-signed certificate ($algo)..."
sudo openssl req -x509 -nodes -days 3650 $key_opt \
-keyout "${cert_dir}/self.key" \
-out "${cert_dir}/self.crt" \
-subj "/CN=myserver"
if [[ $? -eq 0 ]]; then
sudo chmod 600 "${cert_dir}/self."*
LOGI "Self-signed certificate generated successfully!"
LOGI "Certificate path: ${cert_dir}/self.crt"
LOGI "Key path: ${cert_dir}/self.key"
else
LOGE "Failed to generate self-signed certificate."
fi
before_show_menu
}
show_usage() {
echo -e "S-UI Control Menu Usage"
echo -e "------------------------------------------"