| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256 |
- #!/usr/bin/env bash
- { # this ensures the entire script is downloaded #
- JSPROXY_VER=dev
- OPENRESTY_VER=1.15.8.1
- SRC_URL=https://raw.githubusercontent.com/EtherDream/jsproxy/$JSPROXY_VER
- BIN_URL=https://raw.githubusercontent.com/EtherDream/jsproxy-bin/master
- ZIP_URL=https://codeload.github.com/EtherDream/jsproxy/tar.gz
- SUPPORTED_OS="Linux-x86_64"
- OS="$(uname)-$(uname -m)"
- USER=$(whoami)
- INSTALL_DIR=/home/jsproxy
- NGX_DIR=$INSTALL_DIR/openresty
- DOMAIN_SUFFIX=(
- xip.io
- nip.io
- sslip.io
- )
- GET_IP_API=(
- https://api.ipify.org
- https://bot.whatismyipaddress.com/
- )
- COLOR_RESET="\033[0m"
- COLOR_RED="\033[31m"
- COLOR_GREEN="\033[32m"
- COLOR_YELLOW="\033[33m"
- output() {
- local color=$1
- shift 1
- local sdata=$@
- local stime=$(date "+%H:%M:%S")
- printf "$color[jsproxy $stime]$COLOR_RESET $sdata\n"
- }
- log() {
- output $COLOR_GREEN $1
- }
- warn() {
- output $COLOR_YELLOW $1
- }
- err() {
- output $COLOR_RED $1
- }
- gen_cert() {
- local ip=""
- for i in ${GET_IP_API[@]}; do
- log "服务器公网 IP 获取中,通过接口 $i"
- ip=$(curl -s $i)
- if [[ ! $ip ]]; then
- warn "�获取失败"
- continue
- fi
- if ! grep -qP "^\d+\.\d+\.\d+\.\d+$" <<< $ip; then
- warn "无效 IP:$ip"
- continue
- fi
- break
- done
- if [[ $ip ]]; then
- log "服务器公网 IP: $ip"
- else
- err "服务器公网 IP 获取失败,无法申请证书"
- exit 1
- fi
- log "安装 acme.sh 脚本 ..."
- curl https://raw.githubusercontent.com/Neilpang/acme.sh/master/acme.sh | INSTALLONLINE=1 sh
- local acme=~/.acme.sh/acme.sh
- local domains=()
- if [[ $@ ]]; then
- for i in $@; do
- domains+=($i)
- done
- else
- warn "未指定域名,使用公共测试域名"
- for i in ${DOMAIN_SUFFIX[@]}; do
- domains+=($ip.$i)
- done
- fi
- for domain in ${domains[@]}; do
- echo "校验域名 $domain ..."
- local ret=$(getent ahosts $domain | head -n1 | awk '{print $1}')
- if [[ $ret != $ip ]]; then
- err "域名 $domain 解析结果: $ret,非本机公网 IP: $ip"
- continue
- fi
- log "尝试为域名 $domain 申请证书 ..."
- local dist=server/cert/$domain
- mkdir -p $dist
- $acme \
- --issue \
- -d $domain \
- --keylength ec-256 \
- --webroot server/acme
- $acme \
- --install-cert \
- -d $domain \
- --ecc \
- --key-file $dist/ecc.key \
- --fullchain-file $dist/ecc.cer
- if [ -s $dist/ecc.key ] && [ -s $dist/ecc.cer ]; then
- echo "# generated by i.sh
- listen 8443 ssl http2;
- ssl_certificate cert/$domain/ecc.cer;
- ssl_certificate_key cert/$domain/ecc.key;
- " > server/cert/cert.conf
- local url=https://$domain:8443
- echo "
- $url 'mysite';" >> server/allowed-sites.conf
- log "证书申请完成,重启服务 ..."
- server/run.sh reload
- log "在线预览: $url"
- break
- fi
- err "证书申请失败!(80 端口是否添加到防火墙)"
- rm -rf $dist
- done
- }
- install() {
- cd $INSTALL_DIR
- log "下载 nginx 程序 ..."
- curl -O $BIN_URL/$OS/openresty-$OPENRESTY_VER.tar.gz
- tar zxf openresty-$OPENRESTY_VER.tar.gz
- rm -f openresty-$OPENRESTY_VER.tar.gz
- local ngx_exe=$NGX_DIR/nginx/sbin/nginx
- local ngx_ver=$($ngx_exe -v 2>&1)
- if [[ "$ngx_ver" != *"nginx version:"* ]]; then
- err "$ngx_exe 无法执行!尝试编译安装"
- exit 1
- fi
- log "$ngx_ver"
- log "nginx path: $NGX_DIR"
- log "下载代理服务 ..."
- curl -o jsproxy.tar.gz $ZIP_URL/$JSPROXY_VER
- tar zxf jsproxy.tar.gz
- rm -f jsproxy.tar.gz
- log "下载静态资源 ..."
- curl -o www.tar.gz $ZIP_URL/gh-pages
- tar zxf www.tar.gz -C jsproxy-$JSPROXY_VER/www --strip-components=1
- rm -f www.tar.gz
- if [ -x server/run.sh ]; then
- warn "尝试停止当前服务 ..."
- server/run.sh quit
- fi
- if [ -d server ]; then
- backup="$INSTALL_DIR/bak/$(date +%Y_%m_%d_%H_%M_%S)"
- warn "当前 server 目录备份到 $backup"
- mkdir -p $backup
- mv server $backup
- fi
- mv jsproxy-$JSPROXY_VER server
- log "启动服务 ..."
- server/run.sh
- log "服务已开启"
-
- shift 1
- gen_cert $@
- }
- main() {
- log "自动安装脚本开始执行"
- if [[ "$SUPPORTED_OS" != *"$OS"* ]]; then
- err "当前系统 $OS 不支持自动安装。尝试编译安装"
- exit 1
- fi
- if [[ "$USER" != "root" ]]; then
- err "自动安装需要 root 权限。如果无法使用 root,尝试编译安装"
- exit 1
- fi
- local cmd
- if [[ $0 == *"i.sh" ]]; then
- warn "本地调试模式"
- local dst=/home/jsproxy/i.sh
- cp $0 $dst
- chown jsproxy:nobody $dst
- if [[ $1 == "-s" ]]; then
- shift 1
- fi
- cmd="bash $dst install $@"
- else
- cmd="curl -s $SRC_URL/i.sh | bash -s install $@"
- fi
- iptables \
- -t nat \
- -I PREROUTING 1 \
- -p tcp --dport 80 \
- -j REDIRECT \
- --to-ports 8080
- if ! id -u jsproxy > /dev/null 2>&1 ; then
- log "创建用户 jsproxy ..."
- groupadd nobody > /dev/null 2>&1
- useradd jsproxy -g nobody --create-home
- fi
- log "切换到 jsproxy 用户,执行安装脚本 ..."
- su - jsproxy -c "$cmd"
- local line=$(iptables -t nat -nL --line-numbers | grep "tcp dpt:80 redir ports 8080")
- iptables -t nat -D PREROUTING ${line%% *}
- log "安装完成。后续维护参考 https://github.com/EtherDream/jsproxy"
- }
- if [[ $1 == "install" ]]; then
- install $@
- else
- main $@
- fi
- } # this ensures the entire script is downloaded #
|
