jsproxy/i.sh
2019-09-29 14:27:52 +08:00

258 lines
5.3 KiB
Bash
Executable File
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

#!/usr/bin/env bash
{ # this ensures the entire script is downloaded #
JSPROXY_VER=dev
OPENRESTY_VER=1.15.8.2
SRC_URL=https://raw.githubusercontent.com/EtherDream/jsproxy/$JSPROXY_VER
BIN_URL=https://raw.githubusercontent.com/EtherDream/jsproxy-bin/master
ZIP_URL=https://codeload.github.com/EtherDream/jsproxy/tar.gz
SUPPORTED_OS="Linux-x86_64"
OS="$(uname)-$(uname -m)"
USER=$(whoami)
INSTALL_DIR=/home/jsproxy
NGX_DIR=$INSTALL_DIR/openresty
DOMAIN_SUFFIX=(
xip.io
nip.io
sslip.io
)
GET_IP_API=(
https://api.ipify.org
https://bot.whatismyipaddress.com/
)
COLOR_RESET="\033[0m"
COLOR_RED="\033[31m"
COLOR_GREEN="\033[32m"
COLOR_YELLOW="\033[33m"
output() {
local color=$1
shift 1
local sdata=$@
local stime=$(date "+%H:%M:%S")
printf "$color[jsproxy $stime]$COLOR_RESET $sdata\n"
}
log() {
output $COLOR_GREEN $1
}
warn() {
output $COLOR_YELLOW $1
}
err() {
output $COLOR_RED $1
}
gen_cert() {
local ip=""
for i in ${GET_IP_API[@]}; do
log "服务器公网 IP 获取中,通过接口 $i"
ip=$(curl -s $i)
if [[ ! $ip ]]; then
warn "获取失败"
continue
fi
if ! grep -qP "^\d+\.\d+\.\d+\.\d+$" <<< $ip; then
warn "无效 IP$ip"
continue
fi
break
done
if [[ $ip ]]; then
log "服务器公网 IP: $ip"
else
err "服务器公网 IP 获取失败,无法申请证书"
exit 1
fi
log "安装 acme.sh 脚本 ..."
curl https://raw.githubusercontent.com/Neilpang/acme.sh/master/acme.sh | INSTALLONLINE=1 sh
local acme=~/.acme.sh/acme.sh
local domains=()
if [[ $@ ]]; then
for i in $@; do
domains+=($i)
done
else
warn "未指定域名,使用公共测试域名"
for i in ${DOMAIN_SUFFIX[@]}; do
domains+=($ip.$i)
done
fi
for domain in ${domains[@]}; do
log "校验域名 $domain ..."
local ret=$(getent ahosts $domain | head -n1 | awk '{print $1}')
if [[ $ret != $ip ]]; then
err "域名 $domain 解析结果: $ret,非本机公网 IP: $ip"
continue
fi
log "尝试为域名 $domain 申请证书 ..."
local dist=server/cert/$domain
mkdir -p $dist
$acme \
--issue \
-d $domain \
--keylength ec-256 \
--webroot server/acme
$acme \
--install-cert \
-d $domain \
--ecc \
--key-file $dist/ecc.key \
--fullchain-file $dist/ecc.cer
if [ -s $dist/ecc.key ] && [ -s $dist/ecc.cer ]; then
echo "# generated by i.sh
listen 8443 ssl http2;
ssl_certificate cert/$domain/ecc.cer;
ssl_certificate_key cert/$domain/ecc.key;
" > server/cert/cert.conf
local url=https://$domain:8443
echo "
$url 'mysite';" >> server/allowed-sites.conf
log "证书申请完成,重启服务 ..."
server/run.sh reload
log "在线预览: $url"
break
fi
err "证书申请失败80 端口是否添加到防火墙)"
rm -rf $dist
done
}
install() {
cd $INSTALL_DIR
log "下载 nginx 程序 ..."
curl -O $BIN_URL/$OS/openresty-$OPENRESTY_VER.tar.gz
tar zxf openresty-$OPENRESTY_VER.tar.gz
rm -f openresty-$OPENRESTY_VER.tar.gz
local ngx_exe=$NGX_DIR/nginx/sbin/nginx
local ngx_ver=$($ngx_exe -v 2>&1)
if [[ "$ngx_ver" != *"nginx version:"* ]]; then
err "$ngx_exe 无法执行!尝试编译安装"
exit 1
fi
log "$ngx_ver"
log "nginx path: $NGX_DIR"
log "下载代理服务 ..."
curl -o jsproxy.tar.gz $ZIP_URL/$JSPROXY_VER
tar zxf jsproxy.tar.gz
rm -f jsproxy.tar.gz
log "下载静态资源 ..."
curl -o www.tar.gz $ZIP_URL/gh-pages
tar zxf www.tar.gz -C jsproxy-$JSPROXY_VER/www --strip-components=1
rm -f www.tar.gz
if [ -x server/run.sh ]; then
warn "尝试停止当前服务 ..."
server/run.sh quit
fi
if [ -d server ]; then
local backup="$INSTALL_DIR/bak/$(date +%Y_%m_%d_%H_%M_%S)"
warn "当前 server 目录备份到 $backup"
mkdir -p $backup
mv server $backup
fi
mv jsproxy-$JSPROXY_VER server
log "启动服务 ..."
server/run.sh
log "服务已开启"
shift 1
gen_cert $@
}
main() {
log "自动安装脚本开始执行"
if [[ "$SUPPORTED_OS" != *"$OS"* ]]; then
err "当前系统 $OS 不支持自动安装。尝试编译安装"
exit 1
fi
if [[ "$USER" != "root" ]]; then
err "自动安装需要 root 权限。如果无法使用 root尝试编译安装"
exit 1
fi
local cmd
if [[ $0 == *"i.sh" ]]; then
warn "本地调试模式"
local dst=/home/jsproxy/i.sh
cp $0 $dst
chown jsproxy:nobody $dst
if [[ $1 == "-s" ]]; then
shift 1
fi
cmd="bash $dst install $@"
else
cmd="curl -s $SRC_URL/i.sh | bash -s install $@"
fi
iptables \
-m comment --comment "jsproxy acme redir" \
-t nat \
-I PREROUTING 1 \
-p tcp --dport 80 \
-j REDIRECT \
--to-ports 8080
if ! id -u jsproxy > /dev/null 2>&1 ; then
log "创建用户 jsproxy ..."
groupadd nobody > /dev/null 2>&1
useradd jsproxy -g nobody --create-home
fi
log "切换到 jsproxy 用户,执行安装脚本 ..."
su - jsproxy -c "$cmd"
local line=$(iptables -t nat -nL --line-numbers | grep "jsproxy acme redir")
iptables -t nat -D PREROUTING ${line%% *}
log "安装完成。后续维护参考 https://github.com/EtherDream/jsproxy"
}
if [[ $1 == "install" ]]; then
install $@
else
main $@
fi
} # this ensures the entire script is downloaded #