From 71444c16ece578c8639734811f55efa6c019511b Mon Sep 17 00:00:00 2001 From: lsy Date: Wed, 25 Sep 2024 00:51:25 +0800 Subject: [PATCH] =?UTF-8?q?=E4=BF=AE=E6=94=B9=E6=89=93=E5=8D=B0,=E4=BF=AE?= =?UTF-8?q?=E6=94=B9acme=E5=AE=89=E8=A3=85=E7=BC=BA=E5=B0=91=E7=BB=84?= =?UTF-8?q?=E4=BB=B6,=E6=96=B0=E5=A2=9Eweb=E5=92=8Cnginx?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- Config/Other/Language_set.sh | 1 + Config/Other/Reinstall.sh | 1 + Config/User/key.sh | 3 +- Config/User/ssh.sh | 3 +- Config/User/user.sh | 11 +- Config/{Other/acme_ssl.sh => Web/acme.sh} | 27 ++- Config/Web/nginx.sh | 200 ++++++++++++++++++++++ Menus/Docker.sh | 11 +- Menus/Web.sh | 21 +++ 9 files changed, 260 insertions(+), 18 deletions(-) rename Config/{Other/acme_ssl.sh => Web/acme.sh} (81%) create mode 100644 Config/Web/nginx.sh create mode 100644 Menus/Web.sh diff --git a/Config/Other/Language_set.sh b/Config/Other/Language_set.sh index 51a0e2b..ee2f940 100644 --- a/Config/Other/Language_set.sh +++ b/Config/Other/Language_set.sh @@ -1,5 +1,6 @@ #!/bin/bash declare lang +echo "========$(basename $0 .sh)========" echo "1.中文" echo "2.英文" read -p "请输入:" lang diff --git a/Config/Other/Reinstall.sh b/Config/Other/Reinstall.sh index e301c85..fbdb0b2 100644 --- a/Config/Other/Reinstall.sh +++ b/Config/Other/Reinstall.sh @@ -1,6 +1,7 @@ #!/bin/bash declare pick declare server +echo "========$(basename $0 .sh)========" echo "请选择下载服务器" echo "1.国内服务器" echo "2.国外服务器(默认)" diff --git a/Config/User/key.sh b/Config/User/key.sh index f4faf68..19a53f3 100644 --- a/Config/User/key.sh +++ b/Config/User/key.sh @@ -1,10 +1,9 @@ #!/bin/bash -echo "========key========" +echo "========$(basename $0 .sh)========" echo "1.生成密钥" echo "2.安装密钥" echo "输入其他返回主页" declare pick -echo "========key========" read -p "请输入要选择的命令:" pick function open_key() { diff --git a/Config/User/ssh.sh b/Config/User/ssh.sh index 26121d1..88cc7aa 100644 --- a/Config/User/ssh.sh +++ b/Config/User/ssh.sh @@ -1,10 +1,9 @@ #!/bin/bash declare pick -echo "========ssh========" +echo "========$(basename $0 .sh)========" echo "1.更换ssh端口" echo "2.修改ssh登录方式" echo "任意输入返回主菜单" -echo "========ssh========" read -p "请输入要使用的功能:" pick case $pick in diff --git a/Config/User/user.sh b/Config/User/user.sh index 8a61ecc..32109d7 100644 --- a/Config/User/user.sh +++ b/Config/User/user.sh @@ -1,13 +1,12 @@ #!/bin/bash declare pick -echo "========user========" +echo "========$(basename $0 .sh)========" echo "1.新建用户" echo "2.查看所有用户" echo "3.删除用户" echo "4.修改用户密码" echo "任意输入返回主菜单" -echo "========user========" read -p "请输入要使用的功能:" pick case $pick in @@ -86,18 +85,18 @@ case $pick in '4') declare password declare user_name - read -p "请输入需要修改密码的用户" user_name - if ! id $user_name;then + read -p "请输入需要修改密码的用户:" user_name + if ! id $user_name &> /dev/null;then echo "系统内没有该用户" exit fi - read -p "请输入${user_name}密码:" password + read -p "请输入${user_name}需要修改的密码:" password echo "${user_name}:${password}" |chpasswd if [[ ${user_name} == "root" ]]; then sed -i 's/^#\?PermitRootLogin.*/PermitRootLogin yes/g' /etc/ssh/sshd_config fi sed -i 's/^#\?PasswordAuthentication.*/PasswordAuthentication yes/g' /etc/ssh/sshd_config systemctl restart sshd.service - echo "修改成功,用户${user_name}密码为:${password}" + echo "修改成功,用户${user_name}的密码为:${password}" ;; esac \ No newline at end of file diff --git a/Config/Other/acme_ssl.sh b/Config/Web/acme.sh similarity index 81% rename from Config/Other/acme_ssl.sh rename to Config/Web/acme.sh index 32ad3e7..49fd947 100644 --- a/Config/Other/acme_ssl.sh +++ b/Config/Web/acme.sh @@ -1,5 +1,21 @@ #!/bin/bash +if ! command -v socat &> /dev/null; then + if [[ -f "/usr/bin/apt-get" ]];then + apt-get update -y + apt-get install socat -y + elif [[ -f "/usr/bin/apt" ]];then + apt update -y + apt install socat -y + elif [[ -f "/usr/bin/pacman" ]];then + pacman -Syu --noconfirm + pacman -Sy --noconfirm socat + else + echo "socat未安装" + exit + fi +fi + if [[ ! -f "${HOME}/.acme.sh/acme.sh" ]];then rm -rf ${HOME}/.acme.sh declare mail @@ -38,13 +54,20 @@ read -p "请选择验证模式:" pick_mode case $pick_mode in '1') - declare pick_start + declare mode + if ! command -v nginx &> /dev/null; then + mode="nginx" + elif ! command -v apache &> /dev/null; then + mode="apache" + else + mode="standalone" + fi echo "请到服务器将80和443端口开启,将域名解析到本机" read -p "解析完成请输入 y:" pick_start if [[ ! $pick_start =~ [Yy] ]];then exit fi - eval "${HOME}/.acme.sh/acme.sh --issue $domain_str --standalone" + eval "${HOME}/.acme.sh/acme.sh --issue ${domain_str} --${mode}" ;; '2') declare pick=0 diff --git a/Config/Web/nginx.sh b/Config/Web/nginx.sh new file mode 100644 index 0000000..9aa38c4 --- /dev/null +++ b/Config/Web/nginx.sh @@ -0,0 +1,200 @@ +#!/bin/bash + +if ! command -v nginx &> /dev/null; then + if [[ -f "/usr/bin/apt-get" ]];then + apt-get update -y + apt-get install nginx -y + elif [[ -f "/usr/bin/apt" ]];then + apt update -y + apt install nginx -y + elif [[ -f "/usr/bin/pacman" ]];then + pacman -Syu --noconfirm + pacman -Sy --noconfirm nginx + else + echo "nginx未安装" + exit + fi +fi + +declare pick +echo "========$(basename $0 .sh)========" +echo "1.新增站点配置文件" +echo "2.查看已有站点配置文件" +echo "3.删除站点配置文件" +read -p "请选择:" pick +case $pcik in +'1') + declare domain + read -p "请输入要绑定的域名多个用 空格 隔开:" domain + + declare ssl_certificate + declare ssl_certificate_key + declare ssl_domain=${echo "${domain}" | awk '{print $1}'} + + declare ssl_pick="" + echo "ssl证书地址" + echo "1.立即申请(默认)" + echo "2.手动输入" + read -p "请选择" pick + if [[ $pick == 2 ]]; then + echo "证书,默认 ${HOME}/.acme.sh/${ssl_domain}_ecc/fullchain.cer" + read -p "请输入证书地址:" ssl_certificate + if [[ -z $ssl_certificate ]];then + ssl_certificate="${HOME}/.acme.sh/${ssl_domain}_ecc/fullchain.cer" + fi + echo "密钥,默认 ${HOME}/.acme.sh/${ssl_domain}_ecc/${ssl_domain}.key" + + read -p "请输入密钥地址:" ssl_certificate_key + if [[ -z $ssl_certificate_key ]];then + ssl_certificate_key="${HOME}/.acme.sh/${ssl_domain}_ecc/${ssl_domain}.key" + fi + else + declare + echo "1.acme(默认)" + read -p "请输入:" ssl_pick + if [[ -z $ssl_pick || $ssl_pick == 1 ]];then + ssl_pick=1 + ssl_certificate="${HOME}/.acme.sh/${ssl_domain}_ecc/fullchain.cer" + ssl_certificate_key="${HOME}/.acme.sh/${ssl_domain}_ecc/${ssl_domain}.key" + fi + fi + declare name + read -p "请输入配置文件名,默认为网址:" name + if [[ -z $name ]]; then + name=$ssl_domain + fi + + echo "工作方式" + echo "1.反向代理(默认)" + echo "2.静态文件" + read -p "请选择:" pick + declare path + declare mode_pick + if [[ $pick == 2 ]]; then + read -p "请输入要代理的站点路径,如果只输入数字代表端口:" path + if [[ $path =~ [0-9]+ ]]; then + path="http://127.0.0.1:${path}" + fi + cat >> "/etc/nginx/sites-available/${name}.conf" << EOF +server { + listen 443 ssl http2; # 监听 443 端口,并启用 HTTP/2 + server_name ${domain}; # 替换为你的域名 + + # SSL 证书配置 + ssl_certificate ${ssl_certificate}; # 证书文件路径 + ssl_certificate_key ${ssl_certificate_key}; # 证书密钥文件路径 + ssl_protocols TLSv1.2 TLSv1.3; # 使用安全的 TLS 协议版本 + ssl_ciphers HIGH:!aNULL:!MD5; # 安全密码套件 + ssl_prefer_server_ciphers on; + + # 启用 SSL session 缓存和超时设置 + ssl_session_cache shared:SSL:10m; + ssl_session_timeout 10m; + + # 强制使用 HTTPS (HSTS) + add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; + + # 日志设置 + access_log /var/log/nginx/example.com_access.log; + error_log /var/log/nginx/example.com_error.log; + + # 反向代理到后台应用 + location / { + proxy_pass ${path}; # 反向代理到后端应用服务器 + proxy_set_header Host \$host; # 保持原始主机头 + proxy_set_header X-Real-IP \$remote_addr; # 传递客户端的真实 IP + proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for; # 传递代理链中的 IP + proxy_set_header X-Forwarded-Proto \$scheme; # 传递协议(HTTP 或 HTTPS) + + # 防止后端服务器返回不安全的内容 + proxy_redirect off; + + # 超时时间配置 + proxy_connect_timeout 60s; + proxy_send_timeout 60s; + proxy_read_timeout 60s; + send_timeout 60s; + } + + # 错误页面配置 + error_page 502 /502.html; + location = /502.html { + root /usr/share/nginx/html; # 错误页面路径 + } +} + +# HTTP 到 HTTPS 重定向 +server { + listen 80; # 监听 HTTP 80 端口 + server_name ${domain}; # 替换为你的域名 + + # 将所有 HTTP 请求重定向到 HTTPS + return 301 https://\$host\$request_uri; +} +EOF + else + read -p "请输入后端服务器的地址" path + cat >> "/etc/nginx/sites-available/${name}.conf" << EOF +server { + listen 443 ssl; # 监听 443 端口并启用 SSL + server_name ${domain}; # 替换为你的域名 + + # SSL 证书配置 + ssl_certificate ${ssl_certificate}; # 证书文件路径 + ssl_certificate_key ${ssl_certificate_key}; # 证书密钥文件路径 + ssl_protocols TLSv1.2 TLSv1.3; # 仅使用安全的 TLS 协议版本 + ssl_ciphers HIGH:!aNULL:!MD5; # 安全的密码套件 + ssl_prefer_server_ciphers on; # 优先使用服务器的密码套件 + ssl_session_cache shared:SSL:10m; + ssl_session_timeout 10m; + + # HTTP/2 支持(可选) + listen 443 ssl http2; + + # HSTS(HTTP 严格传输安全)强制浏览器使用 HTTPS + add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; + + # 静态文件目录 + root ${path}; + index index.html index.htm; + + # 日志 + access_log /var/log/nginx/example.com_access.log; + error_log /var/log/nginx/example.com_error.log; + + # 默认处理 + location / { + try_files \$uri \$uri/ =404; + } + + # 防止访问隐藏文件(如 .git) + location ~ /\. { + deny all; + } + + # 错误页面配置 + error_page 404 /404.html; + location = /404.html { + root /var/www/example.com/html; + } +} + +# HTTP 到 HTTPS 重定向 +server { + listen 80; # 监听 80 端口 + server_name ${domain}; + + # 将所有 HTTP 请求重定向到 HTTPS + return 301 https://\$host\$request_uri; +} +EOF + fi + case $ssl_pick in + 1) + ./acme + ;; + esac + nginx -s reload + echo "配置成功" + ;; +esac \ No newline at end of file diff --git a/Menus/Docker.sh b/Menus/Docker.sh index 2d357b5..eb2551e 100644 --- a/Menus/Docker.sh +++ b/Menus/Docker.sh @@ -11,7 +11,7 @@ declare pick_array declare pick_number=6 declare pick -echo "========Docker========" +echo "========$(basename $0 .sh)========" echo "1.换源" echo "2.清除所有未使用镜像" echo "-----一键搭建软件-----" @@ -22,7 +22,6 @@ for i in "${path_script}/Config/${file_name}"/*;do done echo "-----一键搭建软件-----" echo "任意输入返回主菜单" -echo "========Docker========" read -p "请输入要使用的功能:" pick clear @@ -42,9 +41,9 @@ if [[ $pick == '1' ]];then read -p "请输入要选择的镜像,也可直接输入镜像网站:" img_pick if [[ -z $img_pick ]];then declare url='https://docker.m.daocloud.io' - elif [[ $img_pick =~ ^[http] ]];then + elif [[ $img_pick =~ [\w\.]+ ]];then declare url=$img_pick - elif [[ ${img_pick} -le 0 || ${img_pick} -ge ${!img_dick[*]} ]];then + elif [[ ${img_pick} =~ [1-${!img_dick[*]}] ]];then img_pick=${img_number[$img_pick]} declare url=${img_dick[$img_pick]} else @@ -52,13 +51,13 @@ if [[ $pick == '1' ]];then exit fi echo "{\"registry-mirrors\": [\"${url}\"]}" > "/etc/docker/daemon.json" - systemctl restart docker 2>> /dev/null|| echo "docker 重启失败" + systemctl restart docker 2>> /dev/null|| echo "docker 重启失败"&&exit echo "换源成功" elif [[ $pick == '2' ]];then docker system prune -af echo "清理完成" -elif [[ "${pick}" -gt "$((${pick_number}-${#pick_array[*]}))" && "${pick}" -le "${pick_number}" ]];then +elif [[ "${pick}" =~ [${pick_number}-${#pick_array[*]}] ]];then declare file_path read -p "请输入软件储存位置,默认 /var/www/${pick_array[${pick}]} :" file_path if [[ -z ${file_path} ]];then diff --git a/Menus/Web.sh b/Menus/Web.sh new file mode 100644 index 0000000..b53f254 --- /dev/null +++ b/Menus/Web.sh @@ -0,0 +1,21 @@ +#!/bin/bash + +declare path_script=$1 +declare file_name=$(basename $0 .sh) + +declare print_array +declare print_number=0 +declare pick + +echo "========Web========" +for i in "${path_script}/Config/${file_name}"/*;do + print_number=$((print_number + 1)) + print_array[$print_number]=$(awk -F '.' '{print $1}' <<< "$(basename $i)") + echo "${print_number}.${print_array[$print_number]}" +done +echo "========Web========" +read -p "请输入要使用的功能:" pick + +if [[ "${pick}" =~ [1-${#print_array[*]}] ]];then + bash "${path_script}/Config/${file_name}/${print_array[${pick}]}.sh" +fi \ No newline at end of file