|
|
@@ -26,16 +26,22 @@ init_var() {
|
|
|
|
|
|
# Caddy
|
|
|
CADDY_DATA="/tpdata/caddy/"
|
|
|
- CADDY_Caddyfile="/tpdata/caddy/Caddyfile"
|
|
|
+ CADDY_Config="/tpdata/caddy/config.json"
|
|
|
CADDY_SRV="/tpdata/caddy/srv/"
|
|
|
- CADDY_ACME="/tpdata/caddy/acme/"
|
|
|
+ CADDY_CERT="/tpdata/caddy/cert/"
|
|
|
DOMAIN_FILE="/tpdata/caddy/domain.lock"
|
|
|
+ CADDY_CRT_DIR="/tpdata/caddy/cert/certificates/acme-v02.api.letsencrypt.org-directory/"
|
|
|
+ CADDY_KEY_DIR="/tpdata/caddy/cert/certificates/acme-v02.api.letsencrypt.org-directory/"
|
|
|
domain=""
|
|
|
caddy_remote_port=8863
|
|
|
- your_email="[email protected]"
|
|
|
+ your_email=""
|
|
|
+ ssl_option=1
|
|
|
+ ssl_module_type=1
|
|
|
+ ssl_module="acme"
|
|
|
crt_path=""
|
|
|
key_path=""
|
|
|
- ssl_option=1
|
|
|
+ caddy_crt_path="/tpdata/caddy/cert/server.crt"
|
|
|
+ caddy_key_path="/tpdata/caddy/cert/server.key"
|
|
|
|
|
|
# trojanGFW
|
|
|
TROJANGFW_DATA="/tpdata/trojanGFW/"
|
|
|
@@ -104,9 +110,9 @@ mkdir_tools() {
|
|
|
|
|
|
# Caddy
|
|
|
mkdir -p ${CADDY_DATA}
|
|
|
- touch ${CADDY_Caddyfile}
|
|
|
+ touch ${CADDY_Config}
|
|
|
mkdir -p ${CADDY_SRV}
|
|
|
- mkdir -p ${CADDY_ACME}
|
|
|
+ mkdir -p ${CADDY_CERT}
|
|
|
|
|
|
# trojanGFW
|
|
|
mkdir -p ${TROJANGFW_DATA}
|
|
|
@@ -241,9 +247,10 @@ install_caddy_tls() {
|
|
|
wget --no-check-certificate -O ${CADDY_DATA}html.tar.gz ${STATIC_HTML} &&
|
|
|
tar -zxvf ${CADDY_DATA}html.tar.gz -C ${CADDY_SRV}
|
|
|
|
|
|
- read -r -p "请输入Caddy的转发端口(用于申请证书,默认:8863): " caddy_remote_port
|
|
|
+ read -r -p "请输入Caddy的转发端口(默认:8863): " caddy_remote_port
|
|
|
[[ -z "${caddy_remote_port}" ]] && caddy_remote_port=8863
|
|
|
|
|
|
+ echo_content yellow "提示:请确认域名已经解析到本机 否则可能安装失败"
|
|
|
while read -r -p "请输入你的域名(必填): " domain; do
|
|
|
if [[ -z "${domain}" ]]; then
|
|
|
echo_content red "域名不能为空"
|
|
|
@@ -252,91 +259,202 @@ install_caddy_tls() {
|
|
|
fi
|
|
|
done
|
|
|
|
|
|
- mkdir "${CADDY_ACME}${domain}"
|
|
|
+ read -r -p "请输入你的邮箱(可选): " your_email
|
|
|
|
|
|
while read -r -p "请选择设置证书的方式?(1/自动申请和续签证书 2/手动设置证书路径 默认:1/自动申请和续签证书): " ssl_option; do
|
|
|
if [[ -z ${ssl_option} || ${ssl_option} == 1 ]]; then
|
|
|
-
|
|
|
- echo_content yellow "正在检测域名,请稍后..."
|
|
|
- ping_ip=$(ping "${domain}" -s1 -c1 | grep "ttl=" | head -n1 | cut -d"(" -f2 | cut -d")" -f1)
|
|
|
- curl_ip=$(curl ifconfig.me)
|
|
|
- if [[ "${ping_ip}" != "${curl_ip}" ]]; then
|
|
|
- echo_content yellow "你的域名没有解析到本机IP,请稍后再试"
|
|
|
- echo_content red "---> Caddy安装失败"
|
|
|
- exit 0
|
|
|
- fi
|
|
|
-
|
|
|
- read -r -p "请输入你的邮箱(用于申请证书,默认:[email protected]): " your_email
|
|
|
- [[ -z "${your_email}" ]] && your_email="[email protected]"
|
|
|
-
|
|
|
- cat >${CADDY_Caddyfile} <<EOF
|
|
|
-http://${domain}:80 {
|
|
|
- redir https://${domain}:${caddy_remote_port}{url}
|
|
|
-}
|
|
|
-https://${domain}:${caddy_remote_port} {
|
|
|
- gzip
|
|
|
- tls ${your_email}
|
|
|
- root ${CADDY_SRV}
|
|
|
-}
|
|
|
-EOF
|
|
|
+ while read -r -p "请选择申请证书的方式(1/acme 2/zerossl 默认:1/acme): " ssl_module_type; do
|
|
|
+ if [[ -z "${ssl_module_type}" || ${ssl_module_type} == 1 ]]; then
|
|
|
+ ssl_module="acme"
|
|
|
+ CADDY_CRT_DIR="/tpdata/caddy/cert/certificates/acme-v02.api.letsencrypt.org-directory/"
|
|
|
+ CADDY_KEY_DIR="/tpdata/caddy/cert/certificates/acme-v02.api.letsencrypt.org-directory/"
|
|
|
+ break
|
|
|
+ elif [[ ${ssl_module_type} == 2 ]]; then
|
|
|
+ ssl_module="zerossl"
|
|
|
+ CADDY_CRT_DIR="/tpdata/caddy/cert/certificates/acme.zerossl.com-v2-dv90/"
|
|
|
+ CADDY_KEY_DIR="/tpdata/caddy/cert/certificates/acme.zerossl.com-v2-dv90/"
|
|
|
+ break
|
|
|
+ else
|
|
|
+ echo_content red "不可以输入除1和2之外的其他字符"
|
|
|
+ fi
|
|
|
+ done
|
|
|
break
|
|
|
- else
|
|
|
- if [[ ${ssl_option} != 2 ]]; then
|
|
|
- echo_content red "不可以输入除1和2之外的其他字符"
|
|
|
- else
|
|
|
-
|
|
|
- while read -r -p "请输入证书的.crt文件路径(必填): " crt_path; do
|
|
|
- if [[ -z "${crt_path}" ]]; then
|
|
|
- echo_content red "路径不能为空"
|
|
|
+ elif [[ ${ssl_option} == 2 ]]; then
|
|
|
+ while read -r -p "请输入证书的.crt文件路径(必填): " crt_path; do
|
|
|
+ if [[ -z "${crt_path}" ]]; then
|
|
|
+ echo_content red "路径不能为空"
|
|
|
+ else
|
|
|
+ if [[ ! -f "${crt_path}" ]]; then
|
|
|
+ echo_content red "证书的.crt文件路径不存在"
|
|
|
else
|
|
|
- if [[ ! -f "${crt_path}" ]]; then
|
|
|
- echo_content red "证书的.crt文件路径不存在"
|
|
|
- else
|
|
|
- cp "${crt_path}" "${CADDY_ACME}${domain}/${domain}.crt"
|
|
|
- break
|
|
|
- fi
|
|
|
+ cp "${crt_path}" "${caddy_crt_path}"
|
|
|
+ break
|
|
|
fi
|
|
|
- done
|
|
|
-
|
|
|
- while read -r -p "请输入证书的.key文件路径(必填): " key_path; do
|
|
|
- if [[ -z "${key_path}" ]]; then
|
|
|
- echo_content red "路径不能为空"
|
|
|
+ fi
|
|
|
+ done
|
|
|
+
|
|
|
+ while read -r -p "请输入证书的.key文件路径(必填): " key_path; do
|
|
|
+ if [[ -z "${key_path}" ]]; then
|
|
|
+ echo_content red "路径不能为空"
|
|
|
+ else
|
|
|
+ if [[ ! -f "${key_path}" ]]; then
|
|
|
+ echo_content red "证书的.key文件路径不存在"
|
|
|
else
|
|
|
- if [[ ! -f "${key_path}" ]]; then
|
|
|
- echo_content red "证书的.key文件路径不存在"
|
|
|
- else
|
|
|
- cp "${key_path}" "${CADDY_ACME}${domain}/${domain}.key"
|
|
|
- break
|
|
|
- fi
|
|
|
+ cp "${key_path}" "${caddy_key_path}"
|
|
|
+ break
|
|
|
fi
|
|
|
- done
|
|
|
+ fi
|
|
|
+ done
|
|
|
+ break
|
|
|
+ else
|
|
|
+ echo_content red "不可以输入除1和2之外的其他字符"
|
|
|
+ fi
|
|
|
+ done
|
|
|
|
|
|
- cat >${CADDY_Caddyfile} <<EOF
|
|
|
-http://${domain}:80 {
|
|
|
- redir https://${domain}:${caddy_remote_port}{url}
|
|
|
-}
|
|
|
-https://${domain}:${caddy_remote_port} {
|
|
|
- gzip
|
|
|
- tls /root/.caddy/acme/acme-v02.api.letsencrypt.org/sites/${domain}/${domain}.crt /root/.caddy/acme/acme-v02.api.letsencrypt.org/sites/${domain}/${domain}.key
|
|
|
- root ${CADDY_SRV}
|
|
|
+ cat >${CADDY_Config} <<EOF
|
|
|
+{
|
|
|
+ "admin": {
|
|
|
+ "disabled": true
|
|
|
+ },
|
|
|
+ "logging": {
|
|
|
+ "sink": {
|
|
|
+ "writer": {
|
|
|
+ "output": "discard"
|
|
|
+ }
|
|
|
+ },
|
|
|
+ "logs": {
|
|
|
+ "default": {
|
|
|
+ "writer": {
|
|
|
+ "output": "discard"
|
|
|
+ }
|
|
|
+ }
|
|
|
+ }
|
|
|
+ },
|
|
|
+ "storage": {
|
|
|
+ "module": "file_system",
|
|
|
+ "root": "${CADDY_CERT}"
|
|
|
+ },
|
|
|
+ "apps": {
|
|
|
+ "http": {
|
|
|
+ "servers": {
|
|
|
+ "srv0": {
|
|
|
+ "listen": [
|
|
|
+ ":80"
|
|
|
+ ],
|
|
|
+ "routes": [
|
|
|
+ {
|
|
|
+ "match": [
|
|
|
+ {
|
|
|
+ "host": [
|
|
|
+ "${domain}"
|
|
|
+ ]
|
|
|
+ }
|
|
|
+ ],
|
|
|
+ "handle": [
|
|
|
+ {
|
|
|
+ "handler": "static_response",
|
|
|
+ "headers": {
|
|
|
+ "Location": [
|
|
|
+ "https://{http.request.host}:${caddy_remote_port}{http.request.uri}"
|
|
|
+ ]
|
|
|
+ },
|
|
|
+ "status_code": 301
|
|
|
+ }
|
|
|
+ ]
|
|
|
+ }
|
|
|
+ ]
|
|
|
+ },
|
|
|
+ "srv1": {
|
|
|
+ "listen": [
|
|
|
+ ":${caddy_remote_port}"
|
|
|
+ ],
|
|
|
+ "routes": [
|
|
|
+ {
|
|
|
+ "handle": [
|
|
|
+ {
|
|
|
+ "handler": "subroute",
|
|
|
+ "routes": [
|
|
|
+ {
|
|
|
+ "match": [
|
|
|
+ {
|
|
|
+ "host": [
|
|
|
+ "${domain}"
|
|
|
+ ]
|
|
|
+ }
|
|
|
+ ],
|
|
|
+ "handle": [
|
|
|
+ {
|
|
|
+ "handler": "file_server",
|
|
|
+ "root": "${CADDY_SRV}",
|
|
|
+ "index_names": [
|
|
|
+ "index.html",
|
|
|
+ "index.htm"
|
|
|
+ ]
|
|
|
+ }
|
|
|
+ ],
|
|
|
+ "terminal": true
|
|
|
+ }
|
|
|
+ ]
|
|
|
+ }
|
|
|
+ ]
|
|
|
+ }
|
|
|
+ ],
|
|
|
+ "tls_connection_policies": [
|
|
|
+ {
|
|
|
+ "match": {
|
|
|
+ "sni": [
|
|
|
+ "${domain}"
|
|
|
+ ]
|
|
|
+ }
|
|
|
+ }
|
|
|
+ ],
|
|
|
+ "automatic_https": {
|
|
|
+ "disable": true
|
|
|
+ }
|
|
|
+ }
|
|
|
+ }
|
|
|
+ },
|
|
|
+ "tls": {
|
|
|
+ "certificates": {
|
|
|
+ "automate": [
|
|
|
+ "${domain}"
|
|
|
+ ],
|
|
|
+ "load_files": [
|
|
|
+ {
|
|
|
+ "certificate": "${CADDY_CRT_DIR}${domain}/${domain}.crt",
|
|
|
+ "key": "${CADDY_KEY_DIR}${domain}/${domain}.key"
|
|
|
+ }
|
|
|
+ ]
|
|
|
+ },
|
|
|
+ "automation": {
|
|
|
+ "policies": [
|
|
|
+ {
|
|
|
+ "issuers": [
|
|
|
+ {
|
|
|
+ "module": "${ssl_module}",
|
|
|
+ "email": "${your_email}"
|
|
|
+ }
|
|
|
+ ]
|
|
|
+ }
|
|
|
+ ]
|
|
|
+ }
|
|
|
+ }
|
|
|
+ }
|
|
|
}
|
|
|
EOF
|
|
|
- break
|
|
|
- fi
|
|
|
- fi
|
|
|
- done
|
|
|
|
|
|
if [[ -n $(lsof -i:80,443 -t) ]]; then
|
|
|
kill -9 "$(lsof -i:80,443 -t)"
|
|
|
fi
|
|
|
|
|
|
- docker pull teddysun/caddy:1.0.5 &&
|
|
|
+ docker pull caddy:2.6.2 &&
|
|
|
docker run -d --name trojan-panel-caddy --restart always \
|
|
|
--network=host \
|
|
|
- -v ${CADDY_Caddyfile}:"/etc/caddy/Caddyfile" \
|
|
|
- -v ${CADDY_ACME}:"/root/.caddy/acme/acme-v02.api.letsencrypt.org/sites/" \
|
|
|
+ -v "${CADDY_Config}":"${CADDY_Config}" \
|
|
|
+ -v ${caddy_crt_path}:"${CADDY_CRT_DIR}${domain}/${domain}.crt" \
|
|
|
+ -v ${caddy_key_path}:"${CADDY_KEY_DIR}${domain}/${domain}.key" \
|
|
|
-v ${CADDY_SRV}:${CADDY_SRV} \
|
|
|
- teddysun/caddy:1.0.5
|
|
|
+ caddy:2.6.2 caddy run --config ${CADDY_Config}
|
|
|
|
|
|
if [[ -n $(docker ps -q -f "name=^trojan-panel-caddy$" -f "status=running") ]]; then
|
|
|
cat >${DOMAIN_FILE} <<EOF
|
|
|
@@ -380,8 +498,8 @@ install_trojan_gfw_standalone() {
|
|
|
],
|
|
|
"log_level": 1,
|
|
|
"ssl": {
|
|
|
- "cert": "${CADDY_ACME}${domain}/${domain}.crt",
|
|
|
- "key": "${CADDY_ACME}${domain}/${domain}.key",
|
|
|
+ "cert": "${caddy_key_path}",
|
|
|
+ "key": "${caddy_key_path}",
|
|
|
"key_password": "",
|
|
|
"cipher": "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384",
|
|
|
"cipher_tls13": "TLS_AES_128_GCM_SHA256:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384",
|
|
|
@@ -425,7 +543,7 @@ EOF
|
|
|
docker run -d --name trojan-panel-trojanGFW-standalone --restart always \
|
|
|
--network=host \
|
|
|
-v ${TROJANGFW_STANDALONE_CONFIG}:"/config/config.json" \
|
|
|
- -v ${CADDY_ACME}:${CADDY_ACME} \
|
|
|
+ -v ${CADDY_CERT}:${CADDY_CERT} \
|
|
|
trojangfw/trojan
|
|
|
|
|
|
if [[ -n $(docker ps -q -f "name=^trojan-panel-trojanGFW-standalone$" -f "status=running") ]]; then
|
|
|
@@ -546,8 +664,8 @@ install_trojanGO_standalone() {
|
|
|
"ssl": {
|
|
|
"verify": true,
|
|
|
"verify_hostname": true,
|
|
|
- "cert": "${CADDY_ACME}${domain}/${domain}.crt",
|
|
|
- "key": "${CADDY_ACME}${domain}/${domain}.key",
|
|
|
+ "cert": "${caddy_key_path}",
|
|
|
+ "key": "${caddy_crt_path}",
|
|
|
"key_password": "",
|
|
|
"cipher": "",
|
|
|
"curves": "",
|
|
|
@@ -599,7 +717,7 @@ EOF
|
|
|
docker run -d --name trojan-panel-trojanGO-standalone --restart=always \
|
|
|
--network=host \
|
|
|
-v ${TROJANGO_STANDALONE_CONFIG}:"/etc/trojan-go/config.json" \
|
|
|
- -v ${CADDY_ACME}:${CADDY_ACME} \
|
|
|
+ -v ${CADDY_CERT}:${CADDY_CERT} \
|
|
|
p4gefau1t/trojan-go
|
|
|
|
|
|
if [[ -n $(docker ps -q -f "name=^trojan-panel-trojanGO-standalone$" -f "status=running") ]]; then
|
|
|
@@ -609,7 +727,7 @@ EOF
|
|
|
echo_content yellow "域名: ${domain}"
|
|
|
echo_content yellow "TrojanGO的端口: ${trojanGO_port}"
|
|
|
echo_content yellow "TrojanGO的密码: ${trojan_pas}"
|
|
|
- echo_content yellow "TrojanGO私钥和证书目录: ${CADDY_ACME}${domain}/"
|
|
|
+ echo_content yellow "TrojanGO私钥和证书目录: ${CADDY_CERT}"
|
|
|
if [[ ${trojanGO_websocket_enable} == true ]]; then
|
|
|
echo_content yellow "Websocket路径: ${trojanGO_websocket_path}"
|
|
|
fi
|
|
|
@@ -666,8 +784,8 @@ install_hysteria_standalone() {
|
|
|
{
|
|
|
"listen": ":${hysteria_port}",
|
|
|
"protocol": "${hysteria_protocol}",
|
|
|
- "cert": "${CADDY_ACME}${domain}/${domain}.crt",
|
|
|
- "key": "${CADDY_ACME}${domain}/${domain}.key",
|
|
|
+ "cert": "${caddy_crt_path}",
|
|
|
+ "key": "${caddy_key_path}",
|
|
|
"up_mbps": ${hysteria_up_mbps},
|
|
|
"down_mbps": ${hysteria_down_mbps},
|
|
|
"obfs": "${hysteria_password}"
|
|
|
@@ -678,7 +796,7 @@ EOF
|
|
|
docker run -d --name trojan-panel-hysteria-standalone --restart=always \
|
|
|
--network=host \
|
|
|
-v ${HYSTERIA_STANDALONE_CONFIG}:/etc/hysteria.json \
|
|
|
- -v ${CADDY_ACME}:${CADDY_ACME} \
|
|
|
+ -v ${CADDY_CERT}:${CADDY_CERT} \
|
|
|
tobyxdd/hysteria -c /etc/hysteria.json server
|
|
|
|
|
|
if [[ -n $(docker ps -q -f "name=^trojan-panel-hysteria-standalone$" -f "status=running") ]]; then
|
|
|
@@ -688,7 +806,7 @@ EOF
|
|
|
echo_content yellow "域名: ${domain}"
|
|
|
echo_content yellow "Hysteria的端口: ${hysteria_port}"
|
|
|
echo_content yellow "Hysteria的密码: ${hysteria_password}"
|
|
|
- echo_content yellow "Hysteria私钥和证书目录: ${CADDY_ACME}${domain}/"
|
|
|
+ echo_content yellow "Hysteria私钥和证书目录: ${CADDY_CERT}"
|
|
|
echo_content red "\n=============================================================="
|
|
|
else
|
|
|
echo_content red "---> Hysteria 安装失败或运行异常,请尝试修复或卸载重装"
|
|
|
@@ -809,8 +927,8 @@ install_navieproxy_standalone() {
|
|
|
"certificates": {
|
|
|
"load_files": [
|
|
|
{
|
|
|
- "certificate": "${CADDY_ACME}${domain}/${domain}.crt",
|
|
|
- "key": "${CADDY_ACME}${domain}/${domain}.key"
|
|
|
+ "certificate": "${caddy_crt_path}",
|
|
|
+ "key": "${caddy_key_path}"
|
|
|
}
|
|
|
]
|
|
|
}
|
|
|
@@ -822,7 +940,7 @@ EOF
|
|
|
docker run -d --name trojan-panel-navieproxy-standalone --restart=always \
|
|
|
--network=host \
|
|
|
-v ${NAIVEPROXY_STANDALONE_CONFIG}:"/caddy-forwardproxy/config/config.json" \
|
|
|
- -v ${CADDY_ACME}:${CADDY_ACME} \
|
|
|
+ -v ${CADDY_CERT}:${CADDY_CERT} \
|
|
|
jonssonyan/caddy-forwardproxy
|
|
|
|
|
|
if [[ -n $(docker ps -q -f "name=^trojan-panel-navieproxy-standalone$" -f "status=running") ]]; then
|
|
|
@@ -833,7 +951,7 @@ EOF
|
|
|
echo_content yellow "NaiveProxy的端口: ${naiveproxy_port}"
|
|
|
echo_content yellow "NaiveProxy的用户名: ${naiveproxy_username}"
|
|
|
echo_content yellow "NaiveProxy的密码: ${naiveproxy_pass}"
|
|
|
- echo_content yellow "NaiveProxy私钥和证书目录: ${CADDY_ACME}${domain}/"
|
|
|
+ echo_content yellow "NaiveProxy私钥和证书目录: ${CADDY_CERT}"
|
|
|
echo_content red "\n=============================================================="
|
|
|
else
|
|
|
echo_content red "---> NaiveProxy(Caddy+ForwardProxy) 安装失败或运行异常,请尝试修复或卸载重装"
|
|
|
@@ -940,7 +1058,7 @@ failure_testing() {
|
|
|
echo_content red "---> Caddy TLS运行异常"
|
|
|
fi
|
|
|
domain=$(cat "${DOMAIN_FILE}")
|
|
|
- if [[ -z $(cat "${DOMAIN_FILE}") || ! -d "${CADDY_ACME}${domain}" || ! -f "${CADDY_ACME}${domain}/${domain}.crt" ]]; then
|
|
|
+ if [[ -z $(cat "${DOMAIN_FILE}") || ! -d "${CADDY_CERT}" || ! -f "${caddy_crt_path}" ]]; then
|
|
|
echo_content red "---> 证书申请异常,请尝试重启服务器将重新申请证书或者重新搭建选择自定义证书选项"
|
|
|
fi
|
|
|
fi
|
jonssonyan