@@ -70,37 +70,37 @@ check_glibc_version
7070install_base () {
7171 case " ${release} " in
7272 ubuntu | debian | armbian)
73- apt-get update && apt-get install -y -q wget curl tar tzdata socat
73+ apt-get update && apt-get install -y -q wget curl tar tzdata socat openssl
7474 ;;
7575 centos | rhel | almalinux | rocky | ol)
76- yum -y update && yum install -y -q wget curl tar tzdata socat
76+ yum -y update && yum install -y -q wget curl tar tzdata socat openssl
7777 ;;
7878 fedora | amzn)
79- dnf -y update && dnf install -y -q wget curl tar tzdata socat
79+ dnf -y update && dnf install -y -q wget curl tar tzdata socat openssl
8080 ;;
8181 arch | manjaro | parch)
82- pacman -Syu && pacman -Syu --noconfirm wget curl tar tzdata socat
82+ pacman -Syu && pacman -Syu --noconfirm wget curl tar tzdata socat openssl
8383 ;;
8484 opensuse-tumbleweed | opensuse)
85- zypper refresh && zypper -q install -y wget curl tar timezone socat
85+ zypper refresh && zypper -q install -y wget curl tar timezone socat openssl
8686 ;;
8787 alpine)
88- apk update && apk add wget curl tar tzdata socat
88+ apk update && apk add wget curl tar tzdata socat openssl
8989 ;;
9090 gentoo)
91- emerge --sync && emerge --ask --quiet wget curl tar tzdata socat
91+ emerge --sync && emerge --ask --quiet wget curl tar tzdata socat openssl
9292 ;;
9393 clearlinux)
94- swupd update && swupd bundle-add wget curl tar tzdata socat
94+ swupd update && swupd bundle-add wget curl tar tzdata socat openssl
9595 ;;
9696 void)
97- xbps-install -S && xbps-install -y wget curl tar tzdata socat
97+ xbps-install -S && xbps-install -y wget curl tar tzdata socat openssl
9898 ;;
9999 solus)
100- eopkg update && eopkg install -y wget curl tar tzdata socat
100+ eopkg update && eopkg install -y wget curl tar tzdata socat openssl
101101 ;;
102102 * )
103- apt-get update && apt install -y -q wget curl tar tzdata socat
103+ apt-get update && apt install -y -q wget curl tar tzdata socat openssl
104104 ;;
105105 esac
106106}
@@ -115,140 +115,166 @@ config_after_install() {
115115 local existing_hasDefaultCredential=$( /usr/local/x-ui/x-ui setting -show true | grep -Eo ' hasDefaultCredential: .+' | awk ' {print $2}' )
116116 local existing_webBasePath=$( /usr/local/x-ui/x-ui setting -show true | grep -Eo ' webBasePath: .+' | awk ' {print $2}' )
117117 local existing_port=$( /usr/local/x-ui/x-ui setting -show true | grep -Eo ' port: .+' | awk ' {print $2}' )
118- local server_ip=$( hostname -I | awk ' {print $1}' )
119- # check for acme.sh first
120- if ! command -v ~ /.acme.sh/acme.sh & > /dev/null; then
121- echo " acme.sh could not be found. we will install it"
122- LOGI " Installing acme.sh..."
123- cd ~ || return 1 # Ensure you can change to the home directory
124- curl -s https://get.acme.sh | sh
125- if [ $? -ne 0 ]; then
126- LOGE " Installation of acme.sh failed."
127- return 1
128- else
129- LOGI " Installation of acme.sh succeeded."
130- fi
131- fi
132118
133119 if [[ ${# existing_webBasePath} -lt 4 ]]; then
134120 if [[ " $existing_hasDefaultCredential " == " true" ; then
135121 local config_webBasePath=$( gen_random_string 15)
136122 local config_username=$( gen_random_string 10)
137123 local config_password=$( gen_random_string 10)
138124
139- # get the domain here, and we need to verify it
140- local domain=" "
141- read -p " Please enter your domain name (or press Enter to skip): "
142- if [ -z " $domain " ; then
143- LOGI " No domain entered. Skipping domain and certificate setup."
144- else
145- LOGD " Your domain is: ${domain} , checking it..."
146-
147- # check if there already exists a certificate
148- local currentCert=$( ~/.acme.sh/acme.sh --list | tail -1 | awk ' {print $1}' )
149- if [ " ${currentCert} " == " ${domain} " ; then
150- LOGI " System already has certificates for this domain. trying to remove"
151- rm -rf ~ /.acme.sh/${currentCert} *
152- else
153- LOGI " Your domain is ready for issuing certificates now..."
154- fi
155-
156- # create a directory for the certificate
157- certPath=" /root/cert/${domain} "
158- if [ ! -d " $certPath " ; then
159- mkdir -p " $certPath "
160- else
161- rm -rf " $certPath "
162- mkdir -p " $certPath "
163- fi
164-
165- # get the port number for the standalone server
166- local WebPort=80
167- read -p " Please choose which port to use (default is 80): "
168- if [[ ${WebPort} -gt 65535 || ${WebPort} -lt 1 ]]; then
169- LOGE " Your input ${WebPort} is invalid, will use default port 80."
170- WebPort=80
171- fi
172- LOGI " Will use port: ${WebPort} to issue certificates. Please make sure this port is open."
173-
174- # issue the certificate
175- ~ /.acme.sh/acme.sh --set-default-ca --server letsencrypt
176- ~ /.acme.sh/acme.sh --issue -d ${domain} --listen-v6 --standalone --httpport ${WebPort}
177- if [ $? -ne 0 ]; then
178- LOGE " Issuing certificate failed, please check logs."
179- rm -rf ~ /.acme.sh/${domain}
125+ echo -e " ${yellow} Choose an option for SSL certificate:${plain} "
126+ echo -e " 1. Generate a self-signed certificate"
127+ echo -e " 2. Get a certificate from a domain name using acme.sh"
128+ read -p " Enter your choice [1-2]: "
129+
130+ case $choice in
131+ 1)
132+ # get the ip here
133+ local server_ip=$( curl -s https://api.ipify.org)
134+ LOGI " Using IP address: ${server_ip} "
135+
136+ LOGD " Generating self-signed certificate for IP: ${server_ip} ..."
137+
138+ # create a directory for the certificate
139+ certPath=" /root/cert/${server_ip} "
140+ if [ ! -d " $certPath " ; then
141+ mkdir -p " $certPath "
142+ else
143+ rm -rf " $certPath "
144+ mkdir -p " $certPath "
145+ fi
146+
147+ # generate self-signed cert
148+ openssl req -x509 -newkey rsa:4096 -keyout /root/cert/${server_ip} /privkey.pem -out /root/cert/${server_ip} /fullchain.pem -days 365 -nodes -subj " /CN=${server_ip} "
149+ if [ $? -ne 0 ]; then
150+ LOGE " Generating self-signed certificate failed."
151+ else
152+ LOGI " Generating self-signed certificate succeeded."
153+ fi
154+
155+ # Set panel paths after successful certificate installation
156+ local webCertFile=" /root/cert/${server_ip} /fullchain.pem"
157+ local webKeyFile=" /root/cert/${server_ip} /privkey.pem"
158+
159+ if [[ -f " $webCertFile " && -f " $webKeyFile " ; then
160+ /usr/local/x-ui/x-ui cert -webCert " $webCertFile " " $webKeyFile "
161+ LOGI " Panel paths set for IP: $server_ip "
162+ LOGI " - Certificate File: $webCertFile "
163+ LOGI " - Private Key File: $webKeyFile "
164+ else
165+ LOGE " Error: Certificate or private key file not found for IP: $server_ip ."
166+ fi
167+ local access_url=" https://${server_ip} "
168+ ;;
169+ 2)
170+ # check for acme.sh first
171+ if ! command -v ~ /.acme.sh/acme.sh & > /dev/null; then
172+ echo " acme.sh could not be found. we will install it"
173+ LOGI " Installing acme.sh..."
174+ cd ~ || return 1 # Ensure you can change to the home directory
175+ curl -s https://get.acme.sh | sh
176+ if [ $? -ne 0 ]; then
177+ LOGE " Installation of acme.sh failed."
178+ else
179+ LOGI " Installation of acme.sh succeeded."
180+ fi
181+ fi
182+
183+ read -p " Enter your domain name: "
184+ LOGI " Using domain: ${domain} "
185+
186+ LOGD " Your domain is: ${domain} , trying to issue a certificate..."
187+
188+ # create a directory for the certificate
189+ certPath=" /root/cert/${domain} "
190+ if [ ! -d " $certPath " ; then
191+ mkdir -p " $certPath "
192+ else
193+ rm -rf " $certPath "
194+ mkdir -p " $certPath "
195+ fi
196+
197+ # issue the certificate
198+ if command -v ~ /.acme.sh/acme.sh & > /dev/null; then
199+ ~ /.acme.sh/acme.sh --set-default-ca --server letsencrypt
200+ ~ /.acme.sh/acme.sh --issue -d ${domain} --listen-v6 --standalone --httpport 80
201+ if [ $? -ne 0 ]; then
202+ LOGE " Issuing certificate with acme.sh failed, falling back to self-signed certificate."
203+ rm -rf ~ /.acme.sh/${domain}
204+
205+ # generate self-signed cert
206+ openssl req -x509 -newkey rsa:4096 -keyout /root/cert/${domain} /privkey.pem -out /root/cert/${domain} /fullchain.pem -days 365 -nodes -subj " /CN=${domain} "
207+ if [ $? -ne 0 ]; then
208+ LOGE " Generating self-signed certificate failed."
209+ else
210+ LOGI " Generating self-signed certificate succeeded."
211+ fi
212+ else
213+ LOGI " Issuing certificate succeeded, installing certificates..."
214+ # install the certificate
215+ ~ /.acme.sh/acme.sh --installcert -d ${domain} \
216+ --key-file /root/cert/${domain} /privkey.pem \
217+ --fullchain-file /root/cert/${domain} /fullchain.pem
218+
219+ if [ $? -ne 0 ]; then
220+ LOGE " Installing certificate failed."
221+ rm -rf ~ /.acme.sh/${domain}
222+ else
223+ LOGI " Installing certificate succeeded, enabling auto renew..."
224+ # enable auto-renew
225+ ~ /.acme.sh/acme.sh --upgrade --auto-upgrade
226+ fi
227+ fi
228+ else
229+ LOGE " acme.sh is not installed, falling back to self-signed certificate."
230+ openssl req -x509 -newkey rsa:4096 -keyout /root/cert/${domain} /privkey.pem -out /root/cert/${domain} /fullchain.pem -days 365 -nodes -subj " /CN=${domain} "
231+ if [ $? -ne 0 ]; then
232+ LOGE " Generating self-signed certificate failed."
233+ else
234+ LOGI " Generating self-signed certificate succeeded."
235+ fi
236+ fi
237+
238+ # Set panel paths after successful certificate installation
239+ local webCertFile=" /root/cert/${domain} /fullchain.pem"
240+ local webKeyFile=" /root/cert/${domain} /privkey.pem"
241+
242+ if [[ -f " $webCertFile " && -f " $webKeyFile " ; then
243+ /usr/local/x-ui/x-ui cert -webCert " $webCertFile " " $webKeyFile "
244+ LOGI " Panel paths set for domain: $domain "
245+ LOGI " - Certificate File: $webCertFile "
246+ LOGI " - Private Key File: $webKeyFile "
247+ else
248+ LOGE " Error: Certificate or private key file not found for domain: $domain ."
249+ fi
250+ local access_url=" https://${domain} "
251+ ;;
252+ * )
253+ echo " Invalid choice. Exiting."
180254 exit 1
181- else
182- LOGE " Issuing certificate succeeded, installing certificates..."
183- fi
184-
185- # install the certificate
186- ~ /.acme.sh/acme.sh --installcert -d ${domain} \
187- --key-file /root/cert/${domain} /privkey.pem \
188- --fullchain-file /root/cert/${domain} /fullchain.pem
189-
190- if [ $? -ne 0 ]; then
191- LOGE " Installing certificate failed, exiting."
192- rm -rf ~ /.acme.sh/${domain}
193- exit 1
194- else
195- LOGI " Installing certificate succeeded, enabling auto renew..."
196- fi
197-
198- # enable auto-renew
199- ~ /.acme.sh/acme.sh --upgrade --auto-upgrade
200- if [ $? -ne 0 ]; then
201- LOGE " Auto renew failed, certificate details:"
202- ls -lah cert/*
203- chmod 755 $certPath /*
204- exit 1
205- else
206- LOGI " Auto renew succeeded, certificate details:"
207- ls -lah cert/*
208- chmod 755 $certPath /*
209- fi
210-
211- # Set panel paths after successful certificate installation
212- local webCertFile=" /root/cert/${domain} /fullchain.pem"
213- local webKeyFile=" /root/cert/${domain} /privkey.pem"
214-
215- if [[ -f " $webCertFile " && -f " $webKeyFile " ; then
216- /usr/local/x-ui/x-ui cert -webCert " $webCertFile " " $webKeyFile "
217- LOGI " Panel paths set for domain: $domain "
218- LOGI " - Certificate File: $webCertFile "
219- LOGI " - Private Key File: $webKeyFile "
220- echo -e " ${green} Access URL: https://${domain} :${existing_port}${existing_webBasePath}${plain} "
221- # restart service if needed
222- else
223- LOGE " Error: Certificate or private key file not found for domain: $domain ."
224- fi
225-
226- read -p " Would you like to customize the Panel Port settings? (If not, a random port will be applied) [y/n]: "
227- local config_port
228- if [[ " ${config_confirm} " == " y" || " ${config_confirm} " == " Y" ; then
229- read -p " Please set up the panel port: "
230- echo -e " ${yellow} Your Panel Port is: ${config_port}${plain} "
231- else
232- config_port=$( shuf -i 1024-62000 -n 1)
233- echo -e " ${yellow} Generated random port: ${config_port}${plain} "
234- fi
235-
236- /usr/local/x-ui/x-ui setting -username " ${config_username} " " ${config_password} " " ${config_port} " " ${config_webBasePath} "
237- echo -e " This is a fresh installation, generating random login info for security concerns:"
238- echo -e " ###############################################"
239- echo -e " ${green} Username: ${config_username}${plain} "
240- echo -e " ${green} Password: ${config_password}${plain} "
241- echo -e " ${green} Port: ${config_port}${plain} "
242- echo -e " ${green} WebBasePath: ${config_webBasePath}${plain} "
243- echo -e " ${green} Access URL: https://${domain} :${config_port} /${config_webBasePath}${plain} "
244- echo -e " ###############################################"
245- fi
255+ ;;
256+ esac
257+
258+ local config_port
259+ config_port=$( shuf -i 1024-62000 -n 1)
260+ echo -e " ${yellow} Generated random port: ${config_port}${plain} "
261+
262+ /usr/local/x-ui/x-ui setting -username " ${config_username} " " ${config_password} " " ${config_port} " " ${config_webBasePath} "
263+ echo -e " This is a fresh installation, generating random login info for security concerns:"
264+ echo -e " ###############################################"
265+ echo -e " ${green} Username: ${config_username}${plain} "
266+ echo -e " ${green} Password: ${config_password}${plain} "
267+ echo -e " ${green} Port: ${config_port}${plain} "
268+ echo -e " ${green} WebBasePath: ${config_webBasePath}${plain} "
269+ echo -e " ${green} Access URL: ${access_url} :${config_port} /${config_webBasePath}${plain} "
270+ echo -e " ###############################################"
246271 else
247272 local config_webBasePath=$( gen_random_string 15)
248273 echo -e " ${yellow} WebBasePath is missing or too short. Generating a new one...${plain} "
249274 /usr/local/x-ui/x-ui setting -webBasePath " ${config_webBasePath} "
250275 echo -e " ${green} New WebBasePath: ${config_webBasePath}${plain} "
251- echo -e " ${green} Access URL: https://${domain} :${existing_port} /${config_webBasePath}${plain} "
276+ local server_ip=$( curl -s https://api.ipify.org)
277+ echo -e " ${green} Access URL: http://${server_ip} :${existing_port} /${config_webBasePath}${plain} "
252278 fi
253279 else
254280 if [[ " $existing_hasDefaultCredential " == " true" ; then
0 commit comments