Apq
/
jsproxy
mirror of https://github.com/EtherDream/jsproxy.git


			
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256
							#!/usr/bin/env bash

{ # this ensures the entire script is downloaded #

JSPROXY_VER=0.1.0
OPENRESTY_VER=1.15.8.1

SRC_URL=https://raw.githubusercontent.com/EtherDream/jsproxy/$JSPROXY_VER
BIN_URL=https://raw.githubusercontent.com/EtherDream/jsproxy-bin/master
ZIP_URL=https://codeload.github.com/EtherDream/jsproxy/tar.gz

SUPPORTED_OS="Linux-x86_64"
OS="$(uname)-$(uname -m)"
USER=$(whoami)

INSTALL_DIR=/home/jsproxy
NGX_DIR=$INSTALL_DIR/openresty

DOMAIN_SUFFIX=(
  xip.io
  nip.io
  sslip.io
)

GET_IP_API=(
  https://api.ipify.org
  https://bot.whatismyipaddress.com/
)

COLOR_RESET="\033[0m"
COLOR_RED="\033[31m"
COLOR_GREEN="\033[32m"
COLOR_YELLOW="\033[33m"

output() {
  local color=$1
  shift 1
  local sdata=$@
  local stime=$(date "+%H:%M:%S")
  printf "$color[jsproxy $stime]$COLOR_RESET $sdata\n"
}
log() {
  output $COLOR_GREEN $1
}
warn() {
  output $COLOR_YELLOW $1
}
err() {
  output $COLOR_RED $1
}

gen_cert() {
  local ip=""

  for i in ${GET_IP_API[@]}; do
    log "服务器公网 IP 获取中，通过接口 $i"
    ip=$(curl -s $i)

    if [[ ! $ip ]]; then
      warn "获取失败"
      continue
    fi

    if ! grep -qP "^\d+\.\d+\.\d+\.\d+$" <<< $ip; then
      warn "无效 IP：$ip"
      continue
    fi

    break
  done

  if [[ $ip ]]; then
    log "服务器公网 IP: $ip"
  else
    err "服务器公网 IP 获取失败，无法申请证书"
    exit 1
  fi

  log "安装 acme.sh 脚本 ..."
  curl https://raw.githubusercontent.com/Neilpang/acme.sh/master/acme.sh | INSTALLONLINE=1  sh

  local acme=~/.acme.sh/acme.sh

  local domains=()

  if [[ $@ ]]; then
    for i in $@; do
      domains+=($i)
    done
  else
    warn "未指定域名，使用公共测试域名"
    for i in ${DOMAIN_SUFFIX[@]}; do
      domains+=($ip.$i)
    done
  fi

  for domain in ${domains[@]}; do
    echo "校验域名 $domain ..."

    local ret=$(getent ahosts $domain | head -n1 | awk '{print $1}')
    if [[ $ret != $ip ]]; then
      err "域名 $domain 解析结果: $ret，非本机公网 IP: $ip"
      continue
    fi

    log "尝试为域名 $domain 申请证书 ..."

    local dist=server/cert/$domain
    mkdir -p $dist

    $acme \
      --issue \
      -d $domain \
      --keylength ec-256 \
      --webroot server/acme

    $acme \
      --install-cert \
      -d $domain \
      --ecc \
      --key-file $dist/ecc.key \
      --fullchain-file $dist/ecc.cer

    if [ -s $dist/ecc.key ] && [ -s $dist/ecc.cer ]; then
      echo "# generated by i.sh
listen                8443 ssl http2;
ssl_certificate       cert/$domain/ecc.cer;
ssl_certificate_key   cert/$domain/ecc.key;
" > server/cert/cert.conf

      local url=https://$domain:8443
      echo "
$url  'mysite';" >> server/allowed-sites.conf

      log "证书申请完成，重启服务 ..."
      server/run.sh reload

      log "在线预览: $url"
      break
    fi

    err "证书申请失败！（80 端口是否添加到防火墙）"
    rm -rf $dist
  done
}


install() {
  cd $INSTALL_DIR

  log "下载 nginx 程序 ..."
  curl -O $BIN_URL/$OS/openresty-$OPENRESTY_VER.tar.gz
  tar zxf openresty-$OPENRESTY_VER.tar.gz
  rm -f openresty-$OPENRESTY_VER.tar.gz

  local ngx_exe=$NGX_DIR/nginx/sbin/nginx
  local ngx_ver=$($ngx_exe -v 2>&1)

  if [[ "$ngx_ver" != *"nginx version:"* ]]; then
    err "$ngx_exe 无法执行！尝试编译安装"
    exit 1
  fi
  log "$ngx_ver"
  log "nginx path: $NGX_DIR"

  log "下载代理服务 ..."
  curl -o jsproxy.tar.gz $ZIP_URL/$JSPROXY_VER
  tar zxf jsproxy.tar.gz
  rm -f jsproxy.tar.gz

  log "下载静态资源 ..."
  curl -o www.tar.gz $ZIP_URL/gh-pages
  tar zxf www.tar.gz -C jsproxy-$JSPROXY_VER/www --strip-components=1
  rm -f www.tar.gz

  if [ -x server/run.sh ]; then
    warn "尝试停止当前服务 ..."
    server/run.sh quit
  fi

  if [ -d server ]; then
    local backup="$INSTALL_DIR/bak/$(date +%Y_%m_%d_%H_%M_%S)"
    warn "当前 server 目录备份到 $backup"
    mkdir -p $backup
    mv server $backup
  fi

  mv jsproxy-$JSPROXY_VER server

  log "启动服务 ..."
  server/run.sh

  log "服务已开启"
  
  shift 1
  gen_cert $@
}

main() {
  log "自动安装脚本开始执行"

  if [[ "$SUPPORTED_OS" != *"$OS"* ]]; then
    err "当前系统 $OS 不支持自动安装。尝试编译安装"
    exit 1
  fi

  if [[ "$USER" != "root" ]]; then
    err "自动安装需要 root 权限。如果无法使用 root，尝试编译安装"
    exit 1
  fi

  local cmd
  if [[ $0 == *"i.sh" ]]; then
    warn "本地调试模式"

    local dst=/home/jsproxy/i.sh
    cp $0 $dst
    chown jsproxy:nobody $dst
    if [[ $1 == "-s" ]]; then
      shift 1
    fi
    cmd="bash $dst install $@"
  else
    cmd="curl -s $SRC_URL/i.sh | bash -s install $@"
  fi

  iptables \
    -t nat \
    -I PREROUTING 1 \
    -p tcp --dport 80 \
    -j REDIRECT \
    --to-ports 8080

  if ! id -u jsproxy > /dev/null 2>&1 ; then
    log "创建用户 jsproxy ..."
    groupadd nobody > /dev/null 2>&1
    useradd jsproxy -g nobody --create-home
  fi

  log "切换到 jsproxy 用户，执行安装脚本 ..."
  su - jsproxy -c "$cmd"

  local line=$(iptables -t nat -nL --line-numbers | grep "tcp dpt:80 redir ports 8080")
  iptables -t nat -D PREROUTING ${line%% *}

  log "安装完成。后续维护参考 https://github.com/EtherDream/jsproxy"
}


if [[ $1 == "install" ]]; then
  install $@
else
  main $@
fi

} # this ensures the entire script is downloaded #