v2ray-agent/shell/init_tls.sh

203 lines
6.6 KiB
Bash
Raw Blame History

This file contains ambiguous Unicode characters!

This file contains ambiguous Unicode characters that may be confused with others in your current locale. If your use case is intentional and legitimate, you can safely ignore this warning. Use the Escape button to highlight these characters.

#!/usr/bin/env bash
installType='yum -y install'
removeType='yum -y remove'
upgrade="yum -y update"
echoType='echo -e'
cp=`which cp`
# 打印
echoColor(){
case $1 in
# 红色
"red")
${echoType} "\033[31m$2 \033[0m"
;;
# 天蓝色
"skyBlue")
${echoType} "\033[36m$2 \033[0m"
;;
# 绿色
"green")
${echoType} "\033[32m$2 \033[0m"
;;
# 白色
"white")
${echoType} "\033[37m$2 \033[0m"
;;
"magenta")
${echoType} "\033[31m$2 \033[0m"
;;
"skyBlue")
${echoType} "\033[36m$2 \033[0m"
;;
# 黄色
"yellow")
${echoType} "\033[33m$2 \033[0m"
;;
esac
}
# 选择系统执行工具
checkSystem(){
if [[ ! -z `find /etc -name "redhat-release"` ]] || [[ ! -z `cat /proc/version | grep -i "centos" | grep -v grep ` ]] || [[ ! -z `cat /proc/version | grep -i "red hat" | grep -v grep ` ]] || [[ ! -z `cat /proc/version | grep -i "redhat" | grep -v grep ` ]]
then
release="centos"
installType='yum -y install'
removeType='yum -y remove'
upgrade="yum update -y"
elif [[ ! -z `cat /etc/issue | grep -i "debian" | grep -v grep` ]] || [[ ! -z `cat /proc/version | grep -i "debian" | grep -v grep` ]]
then
release="debian"
installType='apt -y install'
upgrade="apt update -y"
removeType='apt -y autoremove'
elif [[ ! -z `cat /etc/issue | grep -i "ubuntu" | grep -v grep` ]] || [[ ! -z `cat /proc/version | grep -i "ubuntu" | grep -v grep` ]]
then
release="ubuntu"
installType='apt -y install'
upgrade="apt update -y"
removeType='apt --purge remove'
fi
if [[ -z ${release} ]]
then
echoContent red "本脚本不支持此系统,请将下方日志反馈给开发者"
cat /etc/issue
cat /proc/version
exit 0;
fi
}
# 安装工具包
installTools(){
echoColor yellow "更新"
${upgrade}
if [[ -z `find /usr/bin/ -executable -name "socat"` ]]
then
echoColor yellow "\nsocat未安装安装中\n"
${installType} socat >/dev/null
echoColor green "socat安装完毕"
fi
echoColor yellow "\n检测是否安装Nginx"
if [[ -z `find /sbin/ -executable -name 'nginx'` ]]
then
echoColor yellow "nginx未安装安装中\n"
${installType} nginx >/dev/null
echoColor green "nginx安装完毕"
else
echoColor green "nginx已安装\n"
fi
echoColor yellow "检测是否安装acme.sh"
if [[ -z `find ~/.acme.sh/ -name "acme.sh"` ]]
then
echoColor yellow "\nacme.sh未安装安装中\n"
curl -s https://get.acme.sh | sh >/dev/null
echoColor green "acme.sh安装完毕\n"
else
echoColor green "acme.sh已安装\n"
fi
}
# 恢复配置
resetNginxConfig(){
`cp -Rrf /tmp/mack-a/nginx/nginx.conf /etc/nginx/nginx.conf`
rm -rf /etc/nginx/conf.d/5NX2O9XQKP.conf
echoColor green "\n恢复配置完毕"
}
# 备份
bakConfig(){
mkdir -p /tmp/mack-a/nginx
`cp -Rrf /etc/nginx/nginx.conf /tmp/mack-a/nginx/nginx.conf`
}
# 安装证书
installTLS(){
echoColor yellow "请输入域名【例:blog.v2ray-agent.com】"
read domain
if [[ -z ${domain} ]]
then
echoColor red "域名未填写\n"
installTLS
fi
# 备份
bakConfig
# 替换原始文件中的域名
if [[ ! -z `cat /etc/nginx/nginx.conf|grep -v grep|grep "${domain}"` ]]
then
sed -i "s/${domain}/X655Y0M9UM9/g" `grep "${domain}" -rl /etc/nginx/nginx.conf`
fi
touch /etc/nginx/conf.d/6GFV1ES52V2.conf
echo "server {listen 80;server_name ${domain};root /usr/share/nginx/html;location ~ /.well-known {allow all;}location /test {return 200 '5NX2O9XQKP';}}" > /etc/nginx/conf.d/5NX2O9XQKP.conf
nginxStatus=1;
if [[ ! -z `ps -ef|grep -v grep|grep nginx` ]]
then
nginxStatus=2;
ps -ef|grep -v grep|grep nginx|awk '{print $2}'|xargs kill -9
sleep 0.5
nginx
else
nginx
fi
echoColor yellow "\n验证域名以及服务器是否可用"
if [[ ! -z `curl -s ${domain}/test|grep 5NX2O9XQKP` ]]
then
ps -ef|grep -v grep|grep nginx|awk '{print $2}'|xargs kill -9
sleep 0.5
echoColor green "服务可用生成TLS中请等待\n"
else
echoColor red "服务不可用请检测dns配置是否正确"
# 恢复备份
resetNginxConfig
exit 0;
fi
sudo ~/.acme.sh/acme.sh --issue -d ${domain} --standalone -k ec-256 >/dev/null
~/.acme.sh/acme.sh --installcert -d ${domain} --fullchainpath /tmp/mack-a/nginx/${domain}.crt --keypath /tmp/mack-a/nginx/${domain}.key --ecc >/dev/null
if [[ -z `cat /tmp/mack-a/nginx/${domain}.key` ]]
then
echoColor red "证书key生成失败请重新运行"
resetNginxConfig
exit
elif [[ -z `cat /tmp/mack-a/nginx/${domain}.crt` ]]
then
echoColor red "证书crt生成失败请重新运行"
resetNginxConfig
exit
fi
echoColor green "证书生成成功"
echoColor green "证书目录/tmp/mack-a/nginx"
ls /tmp/mack-a/nginx
resetNginxConfig
if [[ ${nginxStatus} = 2 ]]
then
nginx
fi
}
init(){
echoColor red "\n=============================="
echoColor yellow "此脚本注意事项"
echoColor green " 1.会安装依赖所需依赖"
echoColor green " 2.会把Nginx配置文件备份"
echoColor green " 3.会安装Nginx、acme.sh如果已安装则使用已经存在的"
echoColor green " 4.安装完毕或者安装失败会自动恢复备份,请不要手动关闭脚本"
echoColor green " 5.执行期间请不要重启机器"
echoColor green " 6.备份文件和证书文件都在/tmp下面请注意留存"
echoColor green " 7.如果多次执行则将上次生成备份和生成的证书强制覆盖"
echoColor green " 8.证书默认ec-256"
echoColor green " 9.下个版本会加入通配符证书生成[todo]"
echoColor green " 10.可以生成多个不同域名的证书[包含子域名],具体速率请查看[https://letsencrypt.org/zh-cn/docs/rate-limits/]"
echoColor green " 11.兼容Centos、Ubuntu、Debian"
echoColor green " 12.Github[https://github.com/mack-a]"
echoColor red "=============================="
echoColor yellow "请输入[y]执行脚本,[任意]结束:"
read isExecStatus
if [[ ${isExecStatus} = "y" ]]
then
installTools
installTLS
else
echoColor green "欢迎下次使用"
exit
fi
}
checkSystem
init