Merge pull request #667 from Shellgate/sing-box-v.1.12
افزودن گواهی خود امضا
This commit is contained in:
Alireza Ahmadi
@@ -1,4 +1,3 @@
|
||||
|
||||
#!/bin/bash
|
||||
|
||||
red='\033[0;31m'
|
||||
@@ -6,7 +5,6 @@ green='\033[0;32m'
|
||||
yellow='\033[0;33m'
|
||||
plain='\033[0m'
|
||||
|
||||
#Add some basic function here
|
||||
function LOGD() {
|
||||
echo -e "${yellow}[DEG] $* ${plain}"
|
||||
}
|
||||
@@ -18,10 +16,9 @@ function LOGE() {
|
||||
function LOGI() {
|
||||
echo -e "${green}[INF] $* ${plain}"
|
||||
}
|
||||
# check root
|
||||
|
||||
[[ $EUID -ne 0 ]] && LOGE "ERROR: You must be root to run this script! \n" && exit 1
|
||||
|
||||
# Check OS and set release variable
|
||||
if [[ -f /etc/os-release ]]; then
|
||||
source /etc/os-release
|
||||
release=$ID
|
||||
@@ -35,7 +32,6 @@ fi
|
||||
|
||||
echo "The OS release is: $release"
|
||||
|
||||
|
||||
os_version=""
|
||||
os_version=$(grep -i version_id /etc/os-release | cut -d \" -f2 | cut -d . -f1)
|
||||
|
||||
@@ -54,8 +50,8 @@ elif [[ "${release}" == "centos" ]]; then
|
||||
echo -e "${red} Please use CentOS 8 or higher ${plain}\n" && exit 1
|
||||
fi
|
||||
elif [[ "${release}" == "ubuntu" ]]; then
|
||||
if [[ ${os_version} -lt 20 ]]; then
|
||||
echo -e "${red} Please use Ubuntu 20 or higher version!${plain}\n" && exit 1
|
||||
if [[ ${os_version} -lt 22 ]]; then
|
||||
echo -e "${red} Please use Ubuntu 22 or higher version!${plain}\n" && exit 1
|
||||
fi
|
||||
elif [[ "${release}" == "fedora" ]]; then
|
||||
if [[ ${os_version} -lt 36 ]]; then
|
||||
@@ -80,7 +76,7 @@ elif [[ "${release}" == "oracle" ]]; then
|
||||
else
|
||||
echo -e "${red}Your operating system is not supported by this script.${plain}\n"
|
||||
echo "Please ensure you are using one of the following supported operating systems:"
|
||||
echo "- Ubuntu 20.04+"
|
||||
echo "- Ubuntu 22.04+"
|
||||
echo "- Debian 11+"
|
||||
echo "- CentOS 8+"
|
||||
echo "- Fedora 36+"
|
||||
@@ -93,7 +89,6 @@ else
|
||||
echo "- Oracle Linux 8+"
|
||||
echo "- OpenSUSE Tumbleweed"
|
||||
exit 1
|
||||
|
||||
fi
|
||||
|
||||
confirm() {
|
||||
@@ -164,7 +159,6 @@ custom_version() {
|
||||
|
||||
download_link="https://raw.githubusercontent.com/alireza0/s-ui/master/install.sh"
|
||||
|
||||
# Use the entered panel version in the download link
|
||||
install_command="bash <(curl -Ls $download_link) $panel_version"
|
||||
|
||||
echo "Downloading and installing panel version $panel_version..."
|
||||
@@ -232,13 +226,11 @@ set_setting() {
|
||||
echo -e "Enter the ${yellow}panel path${plain} (leave blank for existing/default value):"
|
||||
read config_path
|
||||
|
||||
# Sub configuration
|
||||
echo -e "Enter the ${yellow}subscription port${plain} (leave blank for existing/default value):"
|
||||
read config_subPort
|
||||
echo -e "Enter the ${yellow}subscription path${plain} (leave blank for existing/default value):"
|
||||
read config_subPath
|
||||
|
||||
# Set configs
|
||||
echo -e "${yellow}Initializing, please wait...${plain}"
|
||||
params=""
|
||||
[ -z "$config_port" ] || params="$params -port $config_port"
|
||||
@@ -373,7 +365,6 @@ update_shell() {
|
||||
fi
|
||||
}
|
||||
|
||||
# 0: running, 1: not running, 2: not installed
|
||||
check_status() {
|
||||
if [[ ! -f "/etc/systemd/system/$1.service" ]]; then
|
||||
return 2
|
||||
@@ -487,20 +478,13 @@ bbr_menu() {
|
||||
}
|
||||
|
||||
disable_bbr() {
|
||||
|
||||
if ! grep -q "net.core.default_qdisc=fq" /etc/sysctl.conf || ! grep -q "net.ipv4.tcp_congestion_control=bbr" /etc/sysctl.conf; then
|
||||
echo -e "${yellow}BBR is not currently enabled.${plain}"
|
||||
exit 0
|
||||
fi
|
||||
|
||||
# Replace BBR with CUBIC configurations
|
||||
sed -i 's/net.core.default_qdisc=fq/net.core.default_qdisc=pfifo_fast/' /etc/sysctl.conf
|
||||
sed -i 's/net.ipv4.tcp_congestion_control=bbr/net.ipv4.tcp_congestion_control=cubic/' /etc/sysctl.conf
|
||||
|
||||
# Apply changes
|
||||
sysctl -p
|
||||
|
||||
# Verify that BBR is replaced with CUBIC
|
||||
if [[ $(sysctl net.ipv4.tcp_congestion_control | awk '{print $3}') == "cubic" ]]; then
|
||||
echo -e "${green}BBR has been replaced with CUBIC successfully.${plain}"
|
||||
else
|
||||
@@ -513,8 +497,6 @@ enable_bbr() {
|
||||
echo -e "${green}BBR is already enabled!${plain}"
|
||||
exit 0
|
||||
fi
|
||||
|
||||
# Check the OS and install necessary packages
|
||||
case "${release}" in
|
||||
ubuntu | debian | armbian)
|
||||
apt-get update && apt-get install -yqq --no-install-recommends ca-certificates
|
||||
@@ -533,15 +515,9 @@ enable_bbr() {
|
||||
exit 1
|
||||
;;
|
||||
esac
|
||||
|
||||
# Enable BBR
|
||||
echo "net.core.default_qdisc=fq" | tee -a /etc/sysctl.conf
|
||||
echo "net.ipv4.tcp_congestion_control=bbr" | tee -a /etc/sysctl.conf
|
||||
|
||||
# Apply changes
|
||||
sysctl -p
|
||||
|
||||
# Verify that BBR is enabled
|
||||
if [[ $(sysctl net.ipv4.tcp_congestion_control | awk '{print $3}') == "bbr" ]]; then
|
||||
echo -e "${green}BBR has been enabled successfully.${plain}"
|
||||
else
|
||||
@@ -566,6 +542,7 @@ ssl_cert_issue_main() {
|
||||
echo -e "${green}\t1.${plain} Get SSL"
|
||||
echo -e "${green}\t2.${plain} Revoke"
|
||||
echo -e "${green}\t3.${plain} Force Renew"
|
||||
echo -e "${green}\t4.${plain} Self-signed Certificate"
|
||||
read -p "Choose an option: " choice
|
||||
case "$choice" in
|
||||
1) ssl_cert_issue ;;
|
||||
@@ -579,12 +556,14 @@ ssl_cert_issue_main() {
|
||||
local domain=""
|
||||
read -p "Please enter your domain name to forcefully renew an SSL certificate: " domain
|
||||
~/.acme.sh/acme.sh --renew -d ${domain} --force ;;
|
||||
4)
|
||||
generate_self_signed_cert
|
||||
;;
|
||||
*) echo "Invalid choice" ;;
|
||||
esac
|
||||
}
|
||||
|
||||
ssl_cert_issue() {
|
||||
# check for acme.sh first
|
||||
if ! command -v ~/.acme.sh/acme.sh &>/dev/null; then
|
||||
echo "acme.sh could not be found. we will install it"
|
||||
install_acme
|
||||
@@ -593,7 +572,6 @@ ssl_cert_issue() {
|
||||
exit 1
|
||||
fi
|
||||
fi
|
||||
# install socat second
|
||||
case "${release}" in
|
||||
ubuntu | debian | armbian)
|
||||
apt update && apt install socat -y
|
||||
@@ -619,11 +597,9 @@ ssl_cert_issue() {
|
||||
LOGI "install socat succeed..."
|
||||
fi
|
||||
|
||||
# get the domain here,and we need verify it
|
||||
local domain=""
|
||||
read -p "Please enter your domain name:" domain
|
||||
LOGD "your domain is:${domain},check it..."
|
||||
# here we need to judge whether there exists cert already
|
||||
local currentCert=$(~/.acme.sh/acme.sh --list | tail -1 | awk '{print $1}')
|
||||
|
||||
if [ ${currentCert} == ${domain} ]; then
|
||||
@@ -635,7 +611,6 @@ ssl_cert_issue() {
|
||||
LOGI "your domain is ready for issuing cert now..."
|
||||
fi
|
||||
|
||||
# create a directory for install cert
|
||||
certPath="/root/cert/${domain}"
|
||||
if [ ! -d "$certPath" ]; then
|
||||
mkdir -p "$certPath"
|
||||
@@ -644,15 +619,12 @@ ssl_cert_issue() {
|
||||
mkdir -p "$certPath"
|
||||
fi
|
||||
|
||||
# get needed port here
|
||||
local WebPort=80
|
||||
read -p "please choose which port do you use,default will be 80 port:" WebPort
|
||||
if [[ ${WebPort} -gt 65535 || ${WebPort} -lt 1 ]]; then
|
||||
LOGE "your input ${WebPort} is invalid,will use default port"
|
||||
fi
|
||||
LOGI "will use port:${WebPort} to issue certs,please make sure this port is open..."
|
||||
# NOTE:This should be handled by user
|
||||
# open the port and kill the occupied progress
|
||||
~/.acme.sh/acme.sh --set-default-ca --server letsencrypt
|
||||
~/.acme.sh/acme.sh --issue -d ${domain} --standalone --httpport ${WebPort}
|
||||
if [ $? -ne 0 ]; then
|
||||
@@ -662,7 +634,6 @@ ssl_cert_issue() {
|
||||
else
|
||||
LOGE "issue certs succeed,installing certs..."
|
||||
fi
|
||||
# install cert
|
||||
~/.acme.sh/acme.sh --installcert -d ${domain} \
|
||||
--key-file /root/cert/${domain}/privkey.pem \
|
||||
--fullchain-file /root/cert/${domain}/fullchain.pem
|
||||
@@ -804,6 +775,61 @@ ssl_cert_issue_CF() {
|
||||
esac
|
||||
}
|
||||
|
||||
generate_self_signed_cert() {
|
||||
cert_dir="/etc/sing-box"
|
||||
mkdir -p "$cert_dir"
|
||||
LOGI "Choose certificate type:"
|
||||
echo -e "${green}\t1.${plain} Ed25519 (*recommended*)"
|
||||
echo -e "${green}\t2.${plain} RSA 2048"
|
||||
echo -e "${green}\t3.${plain} RSA 4096"
|
||||
echo -e "${green}\t4.${plain} ECDSA prime256v1"
|
||||
echo -e "${green}\t5.${plain} ECDSA secp384r1"
|
||||
read -p "Enter your choice [1-5, default 1]: " cert_type
|
||||
cert_type=${cert_type:-1}
|
||||
|
||||
case "$cert_type" in
|
||||
1)
|
||||
algo="ed25519"
|
||||
key_opt="-newkey ed25519"
|
||||
;;
|
||||
2)
|
||||
algo="rsa"
|
||||
key_opt="-newkey rsa:2048"
|
||||
;;
|
||||
3)
|
||||
algo="rsa"
|
||||
key_opt="-newkey rsa:4096"
|
||||
;;
|
||||
4)
|
||||
algo="ecdsa"
|
||||
key_opt="-newkey ec -pkeyopt ec_paramgen_curve:prime256v1"
|
||||
;;
|
||||
5)
|
||||
algo="ecdsa"
|
||||
key_opt="-newkey ec -pkeyopt ec_paramgen_curve:secp384r1"
|
||||
;;
|
||||
*)
|
||||
algo="ed25519"
|
||||
key_opt="-newkey ed25519"
|
||||
;;
|
||||
esac
|
||||
|
||||
LOGI "Generating self-signed certificate ($algo)..."
|
||||
sudo openssl req -x509 -nodes -days 3650 $key_opt \
|
||||
-keyout "${cert_dir}/self.key" \
|
||||
-out "${cert_dir}/self.crt" \
|
||||
-subj "/CN=myserver"
|
||||
if [[ $? -eq 0 ]]; then
|
||||
sudo chmod 600 "${cert_dir}/self."*
|
||||
LOGI "Self-signed certificate generated successfully!"
|
||||
LOGI "Certificate path: ${cert_dir}/self.crt"
|
||||
LOGI "Key path: ${cert_dir}/self.key"
|
||||
else
|
||||
LOGE "Failed to generate self-signed certificate."
|
||||
fi
|
||||
before_show_menu
|
||||
}
|
||||
|
||||
show_usage() {
|
||||
echo -e "S-UI Control Menu Usage"
|
||||
echo -e "------------------------------------------"
|
||||
|
||||
Reference in New Issue
Block a user