|
|
@@ -26,16 +26,22 @@ init_var() {
|
|
|
|
|
|
# Caddy
|
|
|
CADDY_DATA="/tpdata/caddy/"
|
|
|
- CADDY_Caddyfile="/tpdata/caddy/Caddyfile"
|
|
|
+ CADDY_Config="/tpdata/caddy/config.json"
|
|
|
CADDY_SRV="/tpdata/caddy/srv/"
|
|
|
- CADDY_ACME="/tpdata/caddy/acme/"
|
|
|
+ CADDY_CERT="/tpdata/caddy/cert/"
|
|
|
DOMAIN_FILE="/tpdata/caddy/domain.lock"
|
|
|
+ CADDY_CRT_DIR="/tpdata/caddy/cert/certificates/acme-v02.api.letsencrypt.org-directory/"
|
|
|
+ CADDY_KEY_DIR="/tpdata/caddy/cert/certificates/acme.zerossl.com-v2-dv90/"
|
|
|
domain=""
|
|
|
caddy_remote_port=8863
|
|
|
- your_email="[email protected]"
|
|
|
+ your_email=""
|
|
|
+ ssl_option=1
|
|
|
+ ssl_module_type=1
|
|
|
+ ssl_module="acme"
|
|
|
crt_path=""
|
|
|
key_path=""
|
|
|
- ssl_option=1
|
|
|
+ caddy_crt_path="/tpdata/caddy/cert/server.crt"
|
|
|
+ caddy_key_path="/tpdata/caddy/cert/server.key"
|
|
|
|
|
|
# MariaDB
|
|
|
MARIA_DATA="/tpdata/mariadb/"
|
|
|
@@ -109,9 +115,9 @@ mkdir_tools() {
|
|
|
|
|
|
# Caddy
|
|
|
mkdir -p ${CADDY_DATA}
|
|
|
- touch ${CADDY_Caddyfile}
|
|
|
+ touch ${CADDY_Config}
|
|
|
mkdir -p ${CADDY_SRV}
|
|
|
- mkdir -p ${CADDY_ACME}
|
|
|
+ mkdir -p ${CADDY_CERT}
|
|
|
|
|
|
# MariaDB
|
|
|
mkdir -p ${MARIA_DATA}
|
|
|
@@ -250,9 +256,10 @@ install_caddy_tls() {
|
|
|
wget --no-check-certificate -O ${CADDY_DATA}html.tar.gz ${STATIC_HTML} &&
|
|
|
tar -zxvf ${CADDY_DATA}html.tar.gz -C ${CADDY_SRV}
|
|
|
|
|
|
- read -r -p "请输入Caddy的转发端口(用于申请证书,默认:8863): " caddy_remote_port
|
|
|
+ read -r -p "请输入Caddy的转发端口(默认:8863): " caddy_remote_port
|
|
|
[[ -z "${caddy_remote_port}" ]] && caddy_remote_port=8863
|
|
|
|
|
|
+ echo_content yellow "提示:请确认域名已经解析到本机 否则可能安装失败"
|
|
|
while read -r -p "请输入你的域名(必填): " domain; do
|
|
|
if [[ -z "${domain}" ]]; then
|
|
|
echo_content red "域名不能为空"
|
|
|
@@ -261,91 +268,198 @@ install_caddy_tls() {
|
|
|
fi
|
|
|
done
|
|
|
|
|
|
- mkdir "${CADDY_ACME}${domain}"
|
|
|
+ read -r -p "请输入你的邮箱(可选): " your_email
|
|
|
|
|
|
while read -r -p "请选择设置证书的方式?(1/自动申请和续签证书 2/手动设置证书路径 默认:1/自动申请和续签证书): " ssl_option; do
|
|
|
if [[ -z ${ssl_option} || ${ssl_option} == 1 ]]; then
|
|
|
-
|
|
|
- echo_content yellow "正在检测域名,请稍后..."
|
|
|
- ping_ip=$(ping "${domain}" -s1 -c1 | grep "ttl=" | head -n1 | cut -d"(" -f2 | cut -d")" -f1)
|
|
|
- curl_ip=$(curl ifconfig.me)
|
|
|
- if [[ "${ping_ip}" != "${curl_ip}" ]]; then
|
|
|
- echo_content yellow "你的域名没有解析到本机IP,请稍后再试"
|
|
|
- echo_content red "---> Caddy安装失败"
|
|
|
- exit 0
|
|
|
- fi
|
|
|
-
|
|
|
- read -r -p "请输入你的邮箱(用于申请证书,默认:[email protected]): " your_email
|
|
|
- [[ -z "${your_email}" ]] && your_email="[email protected]"
|
|
|
-
|
|
|
- cat >${CADDY_Caddyfile} <<EOF
|
|
|
-http://${domain}:80 {
|
|
|
- redir https://${domain}:${caddy_remote_port}{url}
|
|
|
-}
|
|
|
-https://${domain}:${caddy_remote_port} {
|
|
|
- gzip
|
|
|
- tls ${your_email}
|
|
|
- root ${CADDY_SRV}
|
|
|
-}
|
|
|
-EOF
|
|
|
+ while read -r -p "请选择申请证书的方式(1/acme 2/zerossl 默认:1/acme): " ssl_module_type; do
|
|
|
+ if [[ -z "${ssl_module_type}" || ${ssl_module_type} == 1 ]]; then
|
|
|
+ ssl_module="acme"
|
|
|
+ break
|
|
|
+ elif [[ ${ssl_module_type} == 2 ]]; then
|
|
|
+ ssl_module="zerossl"
|
|
|
+ break
|
|
|
+ else
|
|
|
+ echo_content red "不可以输入除1和2之外的其他字符"
|
|
|
+ fi
|
|
|
+ done
|
|
|
break
|
|
|
- else
|
|
|
- if [[ ${ssl_option} != 2 ]]; then
|
|
|
- echo_content red "不可以输入除1和2之外的其他字符"
|
|
|
- else
|
|
|
-
|
|
|
- while read -r -p "请输入证书的.crt文件路径(必填): " crt_path; do
|
|
|
- if [[ -z "${crt_path}" ]]; then
|
|
|
- echo_content red "路径不能为空"
|
|
|
+ elif [[ ${ssl_option} == 2 ]]; then
|
|
|
+ while read -r -p "请输入证书的.crt文件路径(必填): " crt_path; do
|
|
|
+ if [[ -z "${crt_path}" ]]; then
|
|
|
+ echo_content red "路径不能为空"
|
|
|
+ else
|
|
|
+ if [[ ! -f "${crt_path}" ]]; then
|
|
|
+ echo_content red "证书的.crt文件路径不存在"
|
|
|
else
|
|
|
- if [[ ! -f "${crt_path}" ]]; then
|
|
|
- echo_content red "证书的.crt文件路径不存在"
|
|
|
- else
|
|
|
- cp "${crt_path}" "${CADDY_ACME}${domain}/${domain}.crt"
|
|
|
- break
|
|
|
- fi
|
|
|
+ cp "${crt_path}" "${caddy_crt_path}"
|
|
|
+ break
|
|
|
fi
|
|
|
- done
|
|
|
-
|
|
|
- while read -r -p "请输入证书的.key文件路径(必填): " key_path; do
|
|
|
- if [[ -z "${key_path}" ]]; then
|
|
|
- echo_content red "路径不能为空"
|
|
|
+ fi
|
|
|
+ done
|
|
|
+
|
|
|
+ while read -r -p "请输入证书的.key文件路径(必填): " key_path; do
|
|
|
+ if [[ -z "${key_path}" ]]; then
|
|
|
+ echo_content red "路径不能为空"
|
|
|
+ else
|
|
|
+ if [[ ! -f "${key_path}" ]]; then
|
|
|
+ echo_content red "证书的.key文件路径不存在"
|
|
|
else
|
|
|
- if [[ ! -f "${key_path}" ]]; then
|
|
|
- echo_content red "证书的.key文件路径不存在"
|
|
|
- else
|
|
|
- cp "${key_path}" "${CADDY_ACME}${domain}/${domain}.key"
|
|
|
- break
|
|
|
- fi
|
|
|
+ cp "${key_path}" "${caddy_key_path}"
|
|
|
+ break
|
|
|
fi
|
|
|
- done
|
|
|
+ fi
|
|
|
+ done
|
|
|
+ break
|
|
|
+ else
|
|
|
+ echo_content red "不可以输入除1和2之外的其他字符"
|
|
|
+ fi
|
|
|
+ done
|
|
|
|
|
|
- cat >${CADDY_Caddyfile} <<EOF
|
|
|
-http://${domain}:80 {
|
|
|
- redir https://${domain}:${caddy_remote_port}{url}
|
|
|
-}
|
|
|
-https://${domain}:${caddy_remote_port} {
|
|
|
- gzip
|
|
|
- tls /root/.caddy/acme/acme-v02.api.letsencrypt.org/sites/${domain}/${domain}.crt /root/.caddy/acme/acme-v02.api.letsencrypt.org/sites/${domain}/${domain}.key
|
|
|
- root ${CADDY_SRV}
|
|
|
+ cat >${CADDY_Config} <<EOF
|
|
|
+{
|
|
|
+ "admin": {
|
|
|
+ "disabled": true
|
|
|
+ },
|
|
|
+ "logging": {
|
|
|
+ "sink": {
|
|
|
+ "writer": {
|
|
|
+ "output": "discard"
|
|
|
+ }
|
|
|
+ },
|
|
|
+ "logs": {
|
|
|
+ "default": {
|
|
|
+ "writer": {
|
|
|
+ "output": "discard"
|
|
|
+ }
|
|
|
+ }
|
|
|
+ }
|
|
|
+ },
|
|
|
+ "storage": {
|
|
|
+ "module": "file_system",
|
|
|
+ "root": "${CADDY_CERT}"
|
|
|
+ },
|
|
|
+ "apps": {
|
|
|
+ "http": {
|
|
|
+ "servers": {
|
|
|
+ "srv0": {
|
|
|
+ "listen": [
|
|
|
+ ":80"
|
|
|
+ ],
|
|
|
+ "routes": [
|
|
|
+ {
|
|
|
+ "match": [
|
|
|
+ {
|
|
|
+ "host": [
|
|
|
+ "${domain}"
|
|
|
+ ]
|
|
|
+ }
|
|
|
+ ],
|
|
|
+ "handle": [
|
|
|
+ {
|
|
|
+ "handler": "static_response",
|
|
|
+ "headers": {
|
|
|
+ "Location": [
|
|
|
+ "https://{http.request.host}:${caddy_remote_port}{http.request.uri}"
|
|
|
+ ]
|
|
|
+ },
|
|
|
+ "status_code": 301
|
|
|
+ }
|
|
|
+ ]
|
|
|
+ }
|
|
|
+ ]
|
|
|
+ },
|
|
|
+ "srv1": {
|
|
|
+ "listen": [
|
|
|
+ ":${caddy_remote_port}"
|
|
|
+ ],
|
|
|
+ "routes": [
|
|
|
+ {
|
|
|
+ "handle": [
|
|
|
+ {
|
|
|
+ "handler": "subroute",
|
|
|
+ "routes": [
|
|
|
+ {
|
|
|
+ "match": [
|
|
|
+ {
|
|
|
+ "host": [
|
|
|
+ "${domain}"
|
|
|
+ ]
|
|
|
+ }
|
|
|
+ ],
|
|
|
+ "handle": [
|
|
|
+ {
|
|
|
+ "handler": "file_server",
|
|
|
+ "root": "${CADDY_SRV}",
|
|
|
+ "index_names": [
|
|
|
+ "index.html",
|
|
|
+ "index.htm"
|
|
|
+ ]
|
|
|
+ }
|
|
|
+ ],
|
|
|
+ "terminal": true
|
|
|
+ }
|
|
|
+ ]
|
|
|
+ }
|
|
|
+ ]
|
|
|
+ }
|
|
|
+ ],
|
|
|
+ "tls_connection_policies": [
|
|
|
+ {
|
|
|
+ "match": {
|
|
|
+ "sni": [
|
|
|
+ "${domain}"
|
|
|
+ ]
|
|
|
+ }
|
|
|
+ }
|
|
|
+ ],
|
|
|
+ "automatic_https": {
|
|
|
+ "disable": true
|
|
|
+ }
|
|
|
+ }
|
|
|
+ }
|
|
|
+ },
|
|
|
+ "tls": {
|
|
|
+ "certificates": {
|
|
|
+ "automate": [
|
|
|
+ "${domain}"
|
|
|
+ ],
|
|
|
+ "load_files": [
|
|
|
+ {
|
|
|
+ "certificate": "${caddy_crt_path}",
|
|
|
+ "key": "${caddy_key_path}"
|
|
|
+ }
|
|
|
+ ]
|
|
|
+ },
|
|
|
+ "automation": {
|
|
|
+ "policies": [
|
|
|
+ {
|
|
|
+ "issuers": [
|
|
|
+ {
|
|
|
+ "module": "${ssl_module}",
|
|
|
+ "email": "${your_email}"
|
|
|
+ }
|
|
|
+ ]
|
|
|
+ }
|
|
|
+ ]
|
|
|
+ }
|
|
|
+ }
|
|
|
+ }
|
|
|
}
|
|
|
EOF
|
|
|
- break
|
|
|
- fi
|
|
|
- fi
|
|
|
- done
|
|
|
|
|
|
if [[ -n $(lsof -i:80,443 -t) ]]; then
|
|
|
kill -9 "$(lsof -i:80,443 -t)"
|
|
|
fi
|
|
|
|
|
|
- docker pull teddysun/caddy:1.0.5 &&
|
|
|
+ docker pull caddy:2.6.2 &&
|
|
|
docker run -d --name trojan-panel-caddy --restart always \
|
|
|
--network=host \
|
|
|
- -v ${CADDY_Caddyfile}:"/etc/caddy/Caddyfile" \
|
|
|
- -v ${CADDY_ACME}:"/root/.caddy/acme/acme-v02.api.letsencrypt.org/sites/" \
|
|
|
+ -v "${CADDY_Config}":"${CADDY_Config}" \
|
|
|
+ -v ${caddy_crt_path}:"${CADDY_CRT_DIR}${domain}/${domain}.crt" \
|
|
|
+ -v ${caddy_key_path}:"${CADDY_KEY_DIR}${domain}/${domain}.key" \
|
|
|
-v ${CADDY_SRV}:${CADDY_SRV} \
|
|
|
- teddysun/caddy:1.0.5
|
|
|
+ caddy:2.6.2 caddy run --config ${CADDY_Config}
|
|
|
|
|
|
if [[ -n $(docker ps -q -f "name=^trojan-panel-caddy$" -f "status=running") ]]; then
|
|
|
cat >${DOMAIN_FILE} <<EOF
|
|
|
@@ -533,8 +647,8 @@ server {
|
|
|
|
|
|
#强制ssl
|
|
|
ssl on;
|
|
|
- ssl_certificate ${CADDY_ACME}${domain}/${domain}.crt;
|
|
|
- ssl_certificate_key ${CADDY_ACME}${domain}/${domain}.key;
|
|
|
+ ssl_certificate ${caddy_crt_path};
|
|
|
+ ssl_certificate_key ${caddy_key_path};
|
|
|
#缓存有效期
|
|
|
ssl_session_timeout 5m;
|
|
|
#安全链接可选的加密协议
|
|
|
@@ -603,7 +717,7 @@ EOF
|
|
|
docker run -d --name trojan-panel-ui --restart always \
|
|
|
--network=host \
|
|
|
-v ${NGINX_CONFIG}:/etc/nginx/conf.d/default.conf \
|
|
|
- -v ${CADDY_ACME}"${domain}":${CADDY_ACME}"${domain}" \
|
|
|
+ -v ${CADDY_CERT}:${CADDY_CERT} \
|
|
|
jonssonyan/trojan-panel-ui
|
|
|
|
|
|
if [[ -n $(docker ps -q -f "name=^trojan-panel-ui$" -f "status=running") ]]; then
|
|
|
@@ -624,7 +738,7 @@ EOF
|
|
|
echo_content yellow "Redis的密码(请妥善保存): ${redis_pass}"
|
|
|
echo_content yellow "管理面板地址: ${https_flag}://${domain}:${trojan_panel_ui_port}"
|
|
|
echo_content yellow "系统管理员 默认用户名: sysadmin 默认密码: 123456 请及时登陆管理面板修改密码"
|
|
|
- echo_content yellow "Trojan Panel私钥和证书目录: ${CADDY_ACME}${domain}/"
|
|
|
+ echo_content yellow "Trojan Panel私钥和证书目录: ${CADDY_CERT}"
|
|
|
echo_content red "\n=============================================================="
|
|
|
}
|
|
|
|
|
|
@@ -673,7 +787,7 @@ install_trojan_panel_core() {
|
|
|
-v ${TROJAN_PANEL_CORE_DATA}bin/hysteria/config:${TROJAN_PANEL_CORE_DATA}bin/hysteria/config \
|
|
|
-v ${TROJAN_PANEL_CORE_DATA}bin/naiveproxy/config:${TROJAN_PANEL_CORE_DATA}bin/naiveproxy/config \
|
|
|
-v ${TROJAN_PANEL_CORE_LOGS}:${TROJAN_PANEL_CORE_LOGS} \
|
|
|
- -v ${CADDY_ACME}:${CADDY_ACME} \
|
|
|
+ -v ${CADDY_CERT}:${CADDY_CERT} \
|
|
|
-v ${CADDY_SRV}:${CADDY_SRV} \
|
|
|
-v /etc/localtime:/etc/localtime \
|
|
|
-e "mariadb_ip=${mariadb_ip}" \
|
|
|
@@ -685,8 +799,8 @@ install_trojan_panel_core() {
|
|
|
-e "redis_host=${redis_host}" \
|
|
|
-e "redis_port=${redis_port}" \
|
|
|
-e "redis_pass=${redis_pass}" \
|
|
|
- -e "crt_path=${CADDY_ACME}${domain}/${domain}.crt" \
|
|
|
- -e "key_path=${CADDY_ACME}${domain}/${domain}.key" \
|
|
|
+ -e "crt_path=${caddy_crt_path}" \
|
|
|
+ -e "key_path=${caddy_key_path}" \
|
|
|
jonssonyan/trojan-panel-core
|
|
|
if [[ -n $(docker ps -q -f "name=^trojan-panel-core$" -f "status=running") ]]; then
|
|
|
echo_content skyBlue "---> Trojan Panel Core安装完成"
|
|
|
@@ -703,7 +817,7 @@ install_trojan_panel_core() {
|
|
|
update__trojan_panel_database() {
|
|
|
echo_content skyBlue "---> 更新Trojan Panel数据结构"
|
|
|
|
|
|
- if [[ "${trojan_panel_current_version}" == "1.3.0" ]]; then
|
|
|
+ if [[ "${trojan_panel_current_version}" == "1.3.0" ]]; then
|
|
|
docker exec trojan-panel-mariadb mysql -h"${mariadb_ip}" -P"${mariadb_port}" -u"${mariadb_user}" -p"${mariadb_pas}" -e "${tp_sql_130_131}" &>/dev/null &&
|
|
|
trojan_panel_current_version="1.3.1"
|
|
|
fi
|
|
|
@@ -802,7 +916,7 @@ update_trojan_panel() {
|
|
|
docker run -d --name trojan-panel-ui --restart always \
|
|
|
--network=host \
|
|
|
-v ${NGINX_CONFIG}:/etc/nginx/conf.d/default.conf \
|
|
|
- -v ${CADDY_ACME}"${domain}":${CADDY_ACME}"${domain}" \
|
|
|
+ -v ${CADDY_CERT}:${CADDY_CERT} \
|
|
|
jonssonyan/trojan-panel-ui
|
|
|
|
|
|
if [[ -n $(docker ps -q -f "name=^trojan-panel-ui$" -f "status=running") ]]; then
|
|
|
@@ -879,7 +993,7 @@ update_trojan_panel_core() {
|
|
|
--network=host \
|
|
|
-v ${TROJAN_PANEL_CORE_DATA}bin:${TROJAN_PANEL_CORE_DATA}bin \
|
|
|
-v ${TROJAN_PANEL_CORE_LOGS}:${TROJAN_PANEL_CORE_LOGS} \
|
|
|
- -v ${CADDY_ACME}:${CADDY_ACME} \
|
|
|
+ -v ${CADDY_CERT}:${CADDY_CERT} \
|
|
|
-v /etc/localtime:/etc/localtime \
|
|
|
-e "mariadb_ip=${mariadb_ip}" \
|
|
|
-e "mariadb_port=${mariadb_port}" \
|
|
|
@@ -890,6 +1004,8 @@ update_trojan_panel_core() {
|
|
|
-e "redis_host=${redis_host}" \
|
|
|
-e "redis_port=${redis_port}" \
|
|
|
-e "redis_pass=${redis_pass}" \
|
|
|
+ -e "crt_path=${caddy_crt_path}" \
|
|
|
+ -e "key_path=${caddy_key_path}" \
|
|
|
jonssonyan/trojan-panel-core
|
|
|
|
|
|
if [[ "$?" == "0" ]]; then
|
|
|
@@ -1066,7 +1182,7 @@ failure_testing() {
|
|
|
echo_content red "---> Caddy TLS运行异常"
|
|
|
fi
|
|
|
domain=$(cat "${DOMAIN_FILE}")
|
|
|
- if [[ -z $(cat "${DOMAIN_FILE}") || ! -d "${CADDY_ACME}${domain}" || ! -f "${CADDY_ACME}${domain}/${domain}.crt" ]]; then
|
|
|
+ if [[ -z $(cat "${DOMAIN_FILE}") || ! -d "${CADDY_CERT}" || ! -f "${caddy_crt_path}" ]]; then
|
|
|
echo_content red "---> 证书申请异常,请尝试重启服务器将重新申请证书或者重新搭建选择自定义证书选项"
|
|
|
fi
|
|
|
fi
|
jonssonyan