2019-05-20 08:53:44 +00:00
|
|
|
|
#!/usr/bin/env bash
|
2019-05-14 09:08:37 +00:00
|
|
|
|
|
2019-05-30 01:18:15 +00:00
|
|
|
|
{ # this ensures the entire script is downloaded #
|
|
|
|
|
|
|
2019-09-29 06:27:52 +00:00
|
|
|
|
JSPROXY_VER=dev
|
2019-09-12 08:46:33 +00:00
|
|
|
|
OPENRESTY_VER=1.15.8.2
|
2019-05-30 03:48:28 +00:00
|
|
|
|
|
|
|
|
|
|
SRC_URL=https://raw.githubusercontent.com/EtherDream/jsproxy/$JSPROXY_VER
|
2019-05-30 01:18:15 +00:00
|
|
|
|
BIN_URL=https://raw.githubusercontent.com/EtherDream/jsproxy-bin/master
|
|
|
|
|
|
ZIP_URL=https://codeload.github.com/EtherDream/jsproxy/tar.gz
|
2019-05-14 09:08:37 +00:00
|
|
|
|
|
2019-05-20 08:53:44 +00:00
|
|
|
|
SUPPORTED_OS="Linux-x86_64"
|
|
|
|
|
|
OS="$(uname)-$(uname -m)"
|
2019-05-28 08:10:10 +00:00
|
|
|
|
USER=$(whoami)
|
|
|
|
|
|
|
|
|
|
|
|
INSTALL_DIR=/home/jsproxy
|
|
|
|
|
|
NGX_DIR=$INSTALL_DIR/openresty
|
|
|
|
|
|
|
|
|
|
|
|
DOMAIN_SUFFIX=(
|
|
|
|
|
|
xip.io
|
|
|
|
|
|
nip.io
|
|
|
|
|
|
sslip.io
|
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
|
|
GET_IP_API=(
|
|
|
|
|
|
https://api.ipify.org
|
|
|
|
|
|
https://bot.whatismyipaddress.com/
|
|
|
|
|
|
)
|
2019-05-20 08:53:44 +00:00
|
|
|
|
|
|
|
|
|
|
COLOR_RESET="\033[0m"
|
|
|
|
|
|
COLOR_RED="\033[31m"
|
|
|
|
|
|
COLOR_GREEN="\033[32m"
|
|
|
|
|
|
COLOR_YELLOW="\033[33m"
|
|
|
|
|
|
|
|
|
|
|
|
output() {
|
2019-05-21 01:12:15 +00:00
|
|
|
|
local color=$1
|
2019-05-20 08:53:44 +00:00
|
|
|
|
shift 1
|
2019-05-21 01:12:15 +00:00
|
|
|
|
local sdata=$@
|
|
|
|
|
|
local stime=$(date "+%H:%M:%S")
|
2019-05-20 08:53:44 +00:00
|
|
|
|
printf "$color[jsproxy $stime]$COLOR_RESET $sdata\n"
|
|
|
|
|
|
}
|
|
|
|
|
|
log() {
|
|
|
|
|
|
output $COLOR_GREEN $1
|
|
|
|
|
|
}
|
|
|
|
|
|
warn() {
|
|
|
|
|
|
output $COLOR_YELLOW $1
|
|
|
|
|
|
}
|
|
|
|
|
|
err() {
|
|
|
|
|
|
output $COLOR_RED $1
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2019-05-26 06:39:28 +00:00
|
|
|
|
gen_cert() {
|
2019-05-28 08:10:10 +00:00
|
|
|
|
local ip=""
|
|
|
|
|
|
|
|
|
|
|
|
for i in ${GET_IP_API[@]}; do
|
|
|
|
|
|
log "服务器公网 IP 获取中,通过接口 $i"
|
|
|
|
|
|
ip=$(curl -s $i)
|
|
|
|
|
|
|
|
|
|
|
|
if [[ ! $ip ]]; then
|
2019-07-15 12:20:24 +00:00
|
|
|
|
warn "获取失败"
|
2019-05-28 08:10:10 +00:00
|
|
|
|
continue
|
|
|
|
|
|
fi
|
2019-05-26 06:39:28 +00:00
|
|
|
|
|
2019-07-10 11:51:44 +00:00
|
|
|
|
if ! grep -qP "^\d+\.\d+\.\d+\.\d+$" <<< $ip; then
|
2019-05-28 08:10:10 +00:00
|
|
|
|
warn "无效 IP:$ip"
|
|
|
|
|
|
continue
|
|
|
|
|
|
fi
|
2019-05-26 06:39:28 +00:00
|
|
|
|
|
2019-05-28 08:10:10 +00:00
|
|
|
|
break
|
|
|
|
|
|
done
|
|
|
|
|
|
|
|
|
|
|
|
if [[ $ip ]]; then
|
|
|
|
|
|
log "服务器公网 IP: $ip"
|
|
|
|
|
|
else
|
|
|
|
|
|
err "服务器公网 IP 获取失败,无法申请证书"
|
|
|
|
|
|
exit 1
|
|
|
|
|
|
fi
|
2019-05-26 06:39:28 +00:00
|
|
|
|
|
|
|
|
|
|
log "安装 acme.sh 脚本 ..."
|
|
|
|
|
|
curl https://raw.githubusercontent.com/Neilpang/acme.sh/master/acme.sh | INSTALLONLINE=1 sh
|
|
|
|
|
|
|
|
|
|
|
|
local acme=~/.acme.sh/acme.sh
|
2019-05-27 08:39:48 +00:00
|
|
|
|
|
2019-07-10 11:51:44 +00:00
|
|
|
|
local domains=()
|
|
|
|
|
|
|
|
|
|
|
|
if [[ $@ ]]; then
|
|
|
|
|
|
for i in $@; do
|
|
|
|
|
|
domains+=($i)
|
|
|
|
|
|
done
|
|
|
|
|
|
else
|
|
|
|
|
|
warn "未指定域名,使用公共测试域名"
|
|
|
|
|
|
for i in ${DOMAIN_SUFFIX[@]}; do
|
|
|
|
|
|
domains+=($ip.$i)
|
|
|
|
|
|
done
|
|
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
|
|
for domain in ${domains[@]}; do
|
2019-09-12 08:46:33 +00:00
|
|
|
|
log "校验域名 $domain ..."
|
2019-07-10 11:51:44 +00:00
|
|
|
|
|
|
|
|
|
|
local ret=$(getent ahosts $domain | head -n1 | awk '{print $1}')
|
|
|
|
|
|
if [[ $ret != $ip ]]; then
|
|
|
|
|
|
err "域名 $domain 解析结果: $ret,非本机公网 IP: $ip"
|
|
|
|
|
|
continue
|
|
|
|
|
|
fi
|
|
|
|
|
|
|
2019-05-28 08:10:10 +00:00
|
|
|
|
log "尝试为域名 $domain 申请证书 ..."
|
|
|
|
|
|
|
|
|
|
|
|
local dist=server/cert/$domain
|
|
|
|
|
|
mkdir -p $dist
|
|
|
|
|
|
|
|
|
|
|
|
$acme \
|
|
|
|
|
|
--issue \
|
|
|
|
|
|
-d $domain \
|
|
|
|
|
|
--keylength ec-256 \
|
|
|
|
|
|
--webroot server/acme
|
|
|
|
|
|
|
|
|
|
|
|
$acme \
|
|
|
|
|
|
--install-cert \
|
|
|
|
|
|
-d $domain \
|
|
|
|
|
|
--ecc \
|
|
|
|
|
|
--key-file $dist/ecc.key \
|
|
|
|
|
|
--fullchain-file $dist/ecc.cer
|
|
|
|
|
|
|
|
|
|
|
|
if [ -s $dist/ecc.key ] && [ -s $dist/ecc.cer ]; then
|
|
|
|
|
|
echo "# generated by i.sh
|
2019-05-26 07:53:03 +00:00
|
|
|
|
listen 8443 ssl http2;
|
|
|
|
|
|
ssl_certificate cert/$domain/ecc.cer;
|
|
|
|
|
|
ssl_certificate_key cert/$domain/ecc.key;
|
2019-05-26 08:51:24 +00:00
|
|
|
|
" > server/cert/cert.conf
|
2019-05-26 07:53:03 +00:00
|
|
|
|
|
2019-05-31 05:14:44 +00:00
|
|
|
|
local url=https://$domain:8443
|
|
|
|
|
|
echo "
|
|
|
|
|
|
$url 'mysite';" >> server/allowed-sites.conf
|
|
|
|
|
|
|
2019-05-28 08:10:10 +00:00
|
|
|
|
log "证书申请完成,重启服务 ..."
|
|
|
|
|
|
server/run.sh reload
|
2019-05-26 06:39:28 +00:00
|
|
|
|
|
2019-05-31 05:14:44 +00:00
|
|
|
|
log "在线预览: $url"
|
2019-05-28 08:10:10 +00:00
|
|
|
|
break
|
|
|
|
|
|
fi
|
|
|
|
|
|
|
2019-07-10 11:51:44 +00:00
|
|
|
|
err "证书申请失败!(80 端口是否添加到防火墙)"
|
2019-05-28 08:10:10 +00:00
|
|
|
|
rm -rf $dist
|
|
|
|
|
|
done
|
2019-05-26 06:39:28 +00:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
2019-05-22 06:11:10 +00:00
|
|
|
|
install() {
|
2019-05-28 08:10:10 +00:00
|
|
|
|
cd $INSTALL_DIR
|
2019-05-26 08:51:24 +00:00
|
|
|
|
|
2019-05-22 06:11:10 +00:00
|
|
|
|
log "下载 nginx 程序 ..."
|
2019-05-27 08:39:48 +00:00
|
|
|
|
curl -O $BIN_URL/$OS/openresty-$OPENRESTY_VER.tar.gz
|
2019-05-22 06:11:10 +00:00
|
|
|
|
tar zxf openresty-$OPENRESTY_VER.tar.gz
|
|
|
|
|
|
rm -f openresty-$OPENRESTY_VER.tar.gz
|
|
|
|
|
|
|
2019-05-28 08:10:10 +00:00
|
|
|
|
local ngx_exe=$NGX_DIR/nginx/sbin/nginx
|
2019-05-21 01:12:15 +00:00
|
|
|
|
local ngx_ver=$($ngx_exe -v 2>&1)
|
2019-05-20 08:53:44 +00:00
|
|
|
|
|
2019-05-21 01:12:15 +00:00
|
|
|
|
if [[ "$ngx_ver" != *"nginx version:"* ]]; then
|
|
|
|
|
|
err "$ngx_exe 无法执行!尝试编译安装"
|
2019-05-20 08:53:44 +00:00
|
|
|
|
exit 1
|
|
|
|
|
|
fi
|
2019-05-21 01:12:15 +00:00
|
|
|
|
log "$ngx_ver"
|
2019-05-20 10:04:50 +00:00
|
|
|
|
log "nginx path: $NGX_DIR"
|
2019-05-20 08:53:44 +00:00
|
|
|
|
|
2019-05-20 10:04:50 +00:00
|
|
|
|
log "下载代理服务 ..."
|
2019-05-30 01:18:15 +00:00
|
|
|
|
curl -o jsproxy.tar.gz $ZIP_URL/$JSPROXY_VER
|
2019-05-26 08:19:57 +00:00
|
|
|
|
tar zxf jsproxy.tar.gz
|
|
|
|
|
|
rm -f jsproxy.tar.gz
|
2019-05-20 08:53:44 +00:00
|
|
|
|
|
2019-05-30 01:18:15 +00:00
|
|
|
|
log "下载静态资源 ..."
|
|
|
|
|
|
curl -o www.tar.gz $ZIP_URL/gh-pages
|
|
|
|
|
|
tar zxf www.tar.gz -C jsproxy-$JSPROXY_VER/www --strip-components=1
|
|
|
|
|
|
rm -f www.tar.gz
|
|
|
|
|
|
|
2019-05-26 08:51:24 +00:00
|
|
|
|
if [ -x server/run.sh ]; then
|
2019-05-20 13:11:51 +00:00
|
|
|
|
warn "尝试停止当前服务 ..."
|
2019-05-26 08:51:24 +00:00
|
|
|
|
server/run.sh quit
|
2019-05-20 10:04:50 +00:00
|
|
|
|
fi
|
|
|
|
|
|
|
2019-05-26 08:51:24 +00:00
|
|
|
|
if [ -d server ]; then
|
2019-06-14 06:26:12 +00:00
|
|
|
|
local backup="$INSTALL_DIR/bak/$(date +%Y_%m_%d_%H_%M_%S)"
|
2019-05-20 08:53:44 +00:00
|
|
|
|
warn "当前 server 目录备份到 $backup"
|
|
|
|
|
|
mkdir -p $backup
|
|
|
|
|
|
mv server $backup
|
|
|
|
|
|
fi
|
|
|
|
|
|
|
2019-05-26 08:19:57 +00:00
|
|
|
|
mv jsproxy-$JSPROXY_VER server
|
2019-05-20 08:53:44 +00:00
|
|
|
|
|
|
|
|
|
|
log "启动服务 ..."
|
2019-05-26 08:51:24 +00:00
|
|
|
|
server/run.sh
|
2019-05-20 08:53:44 +00:00
|
|
|
|
|
2019-05-26 06:39:28 +00:00
|
|
|
|
log "服务已开启"
|
2019-07-10 11:51:44 +00:00
|
|
|
|
|
|
|
|
|
|
shift 1
|
|
|
|
|
|
gen_cert $@
|
2019-05-20 08:53:44 +00:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
main() {
|
2019-05-26 08:51:24 +00:00
|
|
|
|
log "自动安装脚本开始执行"
|
2019-05-26 06:39:28 +00:00
|
|
|
|
|
2019-05-20 08:53:44 +00:00
|
|
|
|
if [[ "$SUPPORTED_OS" != *"$OS"* ]]; then
|
|
|
|
|
|
err "当前系统 $OS 不支持自动安装。尝试编译安装"
|
|
|
|
|
|
exit 1
|
|
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
|
|
if [[ "$USER" != "root" ]]; then
|
|
|
|
|
|
err "自动安装需要 root 权限。如果无法使用 root,尝试编译安装"
|
|
|
|
|
|
exit 1
|
|
|
|
|
|
fi
|
|
|
|
|
|
|
2019-07-10 11:51:44 +00:00
|
|
|
|
local cmd
|
|
|
|
|
|
if [[ $0 == *"i.sh" ]]; then
|
|
|
|
|
|
warn "本地调试模式"
|
|
|
|
|
|
|
|
|
|
|
|
local dst=/home/jsproxy/i.sh
|
|
|
|
|
|
cp $0 $dst
|
|
|
|
|
|
chown jsproxy:nobody $dst
|
|
|
|
|
|
if [[ $1 == "-s" ]]; then
|
|
|
|
|
|
shift 1
|
|
|
|
|
|
fi
|
|
|
|
|
|
cmd="bash $dst install $@"
|
|
|
|
|
|
else
|
|
|
|
|
|
cmd="curl -s $SRC_URL/i.sh | bash -s install $@"
|
2019-05-20 10:04:50 +00:00
|
|
|
|
fi
|
2019-05-20 08:53:44 +00:00
|
|
|
|
|
2019-05-26 06:39:28 +00:00
|
|
|
|
iptables \
|
2019-07-28 07:44:39 +00:00
|
|
|
|
-m comment --comment "jsproxy acme redir" \
|
2019-05-26 06:39:28 +00:00
|
|
|
|
-t nat \
|
|
|
|
|
|
-I PREROUTING 1 \
|
|
|
|
|
|
-p tcp --dport 80 \
|
|
|
|
|
|
-j REDIRECT \
|
2019-07-10 11:51:44 +00:00
|
|
|
|
--to-ports 8080
|
|
|
|
|
|
|
|
|
|
|
|
if ! id -u jsproxy > /dev/null 2>&1 ; then
|
|
|
|
|
|
log "创建用户 jsproxy ..."
|
|
|
|
|
|
groupadd nobody > /dev/null 2>&1
|
|
|
|
|
|
useradd jsproxy -g nobody --create-home
|
|
|
|
|
|
fi
|
2019-05-26 06:39:28 +00:00
|
|
|
|
|
2019-05-20 10:04:50 +00:00
|
|
|
|
log "切换到 jsproxy 用户,执行安装脚本 ..."
|
2019-07-10 11:51:44 +00:00
|
|
|
|
su - jsproxy -c "$cmd"
|
2019-05-26 06:39:28 +00:00
|
|
|
|
|
2019-07-28 07:44:39 +00:00
|
|
|
|
local line=$(iptables -t nat -nL --line-numbers | grep "jsproxy acme redir")
|
2019-05-26 06:39:28 +00:00
|
|
|
|
iptables -t nat -D PREROUTING ${line%% *}
|
|
|
|
|
|
|
|
|
|
|
|
log "安装完成。后续维护参考 https://github.com/EtherDream/jsproxy"
|
2019-05-20 08:53:44 +00:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
2019-07-10 11:51:44 +00:00
|
|
|
|
if [[ $1 == "install" ]]; then
|
|
|
|
|
|
install $@
|
|
|
|
|
|
else
|
|
|
|
|
|
main $@
|
|
|
|
|
|
fi
|
2019-05-30 01:18:15 +00:00
|
|
|
|
|
|
|
|
|
|
} # this ensures the entire script is downloaded #
|
