2023-02-09 19:18:06 +00:00
|
|
|
#!/bin/bash
|
|
|
|
|
|
|
|
|
|
red='\033[0;31m'
|
|
|
|
|
green='\033[0;32m'
|
2024-12-20 17:33:27 +00:00
|
|
|
blue='\033[0;34m'
|
2023-02-09 19:18:06 +00:00
|
|
|
yellow='\033[0;33m'
|
|
|
|
|
plain='\033[0m'
|
|
|
|
|
|
|
|
|
|
cur_dir=$(pwd)
|
|
|
|
|
|
2026-01-03 02:57:19 +00:00
|
|
|
xui_folder="${XUI_MAIN_FOLDER:=/usr/local/x-ui}"
|
|
|
|
|
xui_service="${XUI_SERVICE:=/etc/systemd/system}"
|
|
|
|
|
|
2023-02-09 19:18:06 +00:00
|
|
|
# check root
|
2023-07-01 12:26:43 +00:00
|
|
|
[[ $EUID -ne 0 ]] && echo -e "${red}Fatal error: ${plain} Please run this script with root privilege \n " && exit 1
|
2023-02-09 19:18:06 +00:00
|
|
|
|
2023-03-11 15:05:35 +00:00
|
|
|
# Check OS and set release variable
|
|
|
|
|
if [[ -f /etc/os-release ]]; then
|
|
|
|
|
source /etc/os-release
|
|
|
|
|
release=$ID
|
2025-12-03 20:40:49 +00:00
|
|
|
elif [[ -f /usr/lib/os-release ]]; then
|
2023-03-11 15:05:35 +00:00
|
|
|
source /usr/lib/os-release
|
|
|
|
|
release=$ID
|
2023-02-09 19:18:06 +00:00
|
|
|
else
|
2023-03-11 15:05:35 +00:00
|
|
|
echo "Failed to check the system OS, please contact the author!" >&2
|
|
|
|
|
exit 1
|
2023-02-09 19:18:06 +00:00
|
|
|
fi
|
2023-03-11 15:05:35 +00:00
|
|
|
echo "The OS release is: $release"
|
2023-02-09 19:18:06 +00:00
|
|
|
|
2024-04-01 08:42:28 +00:00
|
|
|
arch() {
|
2023-04-21 15:30:14 +00:00
|
|
|
case "$(uname -m)" in
|
2025-12-03 20:40:49 +00:00
|
|
|
x86_64 | x64 | amd64) echo 'amd64' ;;
|
|
|
|
|
i*86 | x86) echo '386' ;;
|
|
|
|
|
armv8* | armv8 | arm64 | aarch64) echo 'arm64' ;;
|
|
|
|
|
armv7* | armv7 | arm) echo 'armv7' ;;
|
|
|
|
|
armv6* | armv6) echo 'armv6' ;;
|
|
|
|
|
armv5* | armv5) echo 'armv5' ;;
|
|
|
|
|
s390x) echo 's390x' ;;
|
|
|
|
|
*) echo -e "${green}Unsupported CPU architecture! ${plain}" && rm -f install.sh && exit 1 ;;
|
2023-04-21 15:30:14 +00:00
|
|
|
esac
|
|
|
|
|
}
|
2024-01-20 09:32:35 +00:00
|
|
|
|
2025-03-21 15:30:31 +00:00
|
|
|
echo "Arch: $(arch)"
|
2023-02-09 19:18:06 +00:00
|
|
|
|
2025-12-27 23:03:33 +00:00
|
|
|
# Simple helpers
|
|
|
|
|
is_ipv4() {
|
|
|
|
|
[[ "$1" =~ ^([0-9]{1,3}\.){3}[0-9]{1,3}$ ]] && return 0 || return 1
|
|
|
|
|
}
|
|
|
|
|
is_ipv6() {
|
|
|
|
|
[[ "$1" =~ : ]] && return 0 || return 1
|
|
|
|
|
}
|
|
|
|
|
is_ip() {
|
|
|
|
|
is_ipv4 "$1" || is_ipv6 "$1"
|
|
|
|
|
}
|
|
|
|
|
is_domain() {
|
2026-01-12 01:53:43 +00:00
|
|
|
[[ "$1" =~ ^([A-Za-z0-9](-*[A-Za-z0-9])*\.)+(xn--[a-z0-9]{2,}|[A-Za-z]{2,})$ ]] && return 0 || return 1
|
2026-01-11 14:28:43 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
# Port helpers
|
|
|
|
|
is_port_in_use() {
|
|
|
|
|
local port="$1"
|
|
|
|
|
if command -v ss >/dev/null 2>&1; then
|
|
|
|
|
ss -ltn 2>/dev/null | awk -v p=":${port}$" '$4 ~ p {exit 0} END {exit 1}'
|
|
|
|
|
return
|
|
|
|
|
fi
|
|
|
|
|
if command -v netstat >/dev/null 2>&1; then
|
|
|
|
|
netstat -lnt 2>/dev/null | awk -v p=":${port} " '$4 ~ p {exit 0} END {exit 1}'
|
|
|
|
|
return
|
|
|
|
|
fi
|
|
|
|
|
if command -v lsof >/dev/null 2>&1; then
|
|
|
|
|
lsof -nP -iTCP:${port} -sTCP:LISTEN >/dev/null 2>&1 && return 0
|
|
|
|
|
fi
|
|
|
|
|
return 1
|
2025-12-27 23:03:33 +00:00
|
|
|
}
|
|
|
|
|
|
2023-02-09 19:18:06 +00:00
|
|
|
install_base() {
|
2023-04-11 22:10:33 +00:00
|
|
|
case "${release}" in
|
2025-12-03 20:40:49 +00:00
|
|
|
ubuntu | debian | armbian)
|
2026-01-09 16:05:55 +00:00
|
|
|
apt-get update && apt-get install -y -q curl tar tzdata socat ca-certificates
|
2024-05-09 17:49:15 +00:00
|
|
|
;;
|
2025-12-03 20:40:49 +00:00
|
|
|
fedora | amzn | virtuozzo | rhel | almalinux | rocky | ol)
|
2026-01-09 16:05:55 +00:00
|
|
|
dnf -y update && dnf install -y -q curl tar tzdata socat ca-certificates
|
2024-01-20 13:08:54 +00:00
|
|
|
;;
|
2025-12-03 20:40:49 +00:00
|
|
|
centos)
|
|
|
|
|
if [[ "${VERSION_ID}" =~ ^7 ]]; then
|
2026-01-09 16:05:55 +00:00
|
|
|
yum -y update && yum install -y curl tar tzdata socat ca-certificates
|
2025-12-03 20:40:49 +00:00
|
|
|
else
|
2026-01-09 16:05:55 +00:00
|
|
|
dnf -y update && dnf install -y -q curl tar tzdata socat ca-certificates
|
2025-12-03 20:40:49 +00:00
|
|
|
fi
|
2024-01-20 13:08:54 +00:00
|
|
|
;;
|
2025-12-03 20:40:49 +00:00
|
|
|
arch | manjaro | parch)
|
2026-01-09 16:05:55 +00:00
|
|
|
pacman -Syu && pacman -Syu --noconfirm curl tar tzdata socat ca-certificates
|
2024-01-20 13:08:54 +00:00
|
|
|
;;
|
2025-12-03 20:40:49 +00:00
|
|
|
opensuse-tumbleweed | opensuse-leap)
|
2026-01-09 16:05:55 +00:00
|
|
|
zypper refresh && zypper -q install -y curl tar timezone socat ca-certificates
|
2024-05-07 10:03:32 +00:00
|
|
|
;;
|
2025-12-03 20:40:49 +00:00
|
|
|
alpine)
|
2026-01-09 16:05:55 +00:00
|
|
|
apk update && apk add curl tar tzdata socat ca-certificates
|
2025-09-22 19:56:43 +00:00
|
|
|
;;
|
2025-12-03 20:40:49 +00:00
|
|
|
*)
|
2026-01-09 16:05:55 +00:00
|
|
|
apt-get update && apt-get install -y -q curl tar tzdata socat ca-certificates
|
2024-01-20 13:08:54 +00:00
|
|
|
;;
|
2023-04-11 22:10:33 +00:00
|
|
|
esac
|
2023-02-09 19:18:06 +00:00
|
|
|
}
|
2023-04-03 15:51:37 +00:00
|
|
|
|
2024-06-24 12:43:39 +00:00
|
|
|
gen_random_string() {
|
|
|
|
|
local length="$1"
|
2024-07-27 12:56:37 +00:00
|
|
|
local random_string=$(LC_ALL=C tr -dc 'a-zA-Z0-9' </dev/urandom | fold -w "$length" | head -n 1)
|
2024-06-24 12:43:39 +00:00
|
|
|
echo "$random_string"
|
|
|
|
|
}
|
|
|
|
|
|
2025-12-27 23:03:33 +00:00
|
|
|
install_acme() {
|
|
|
|
|
echo -e "${green}Installing acme.sh for SSL certificate management...${plain}"
|
|
|
|
|
cd ~ || return 1
|
|
|
|
|
curl -s https://get.acme.sh | sh >/dev/null 2>&1
|
|
|
|
|
if [ $? -ne 0 ]; then
|
|
|
|
|
echo -e "${red}Failed to install acme.sh${plain}"
|
|
|
|
|
return 1
|
|
|
|
|
else
|
|
|
|
|
echo -e "${green}acme.sh installed successfully${plain}"
|
|
|
|
|
fi
|
|
|
|
|
return 0
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
setup_ssl_certificate() {
|
|
|
|
|
local domain="$1"
|
|
|
|
|
local server_ip="$2"
|
|
|
|
|
local existing_port="$3"
|
|
|
|
|
local existing_webBasePath="$4"
|
|
|
|
|
|
|
|
|
|
echo -e "${green}Setting up SSL certificate...${plain}"
|
|
|
|
|
|
|
|
|
|
# Check if acme.sh is installed
|
|
|
|
|
if ! command -v ~/.acme.sh/acme.sh &>/dev/null; then
|
|
|
|
|
install_acme
|
|
|
|
|
if [ $? -ne 0 ]; then
|
|
|
|
|
echo -e "${yellow}Failed to install acme.sh, skipping SSL setup${plain}"
|
|
|
|
|
return 1
|
|
|
|
|
fi
|
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
# Create certificate directory
|
|
|
|
|
local certPath="/root/cert/${domain}"
|
|
|
|
|
mkdir -p "$certPath"
|
|
|
|
|
|
|
|
|
|
# Issue certificate
|
|
|
|
|
echo -e "${green}Issuing SSL certificate for ${domain}...${plain}"
|
|
|
|
|
echo -e "${yellow}Note: Port 80 must be open and accessible from the internet${plain}"
|
|
|
|
|
|
# Pull Request: Connection Reporting System & Improvements for Restricted Networks
## Description
This PR introduces a comprehensive **Connection Reporting System** designed to improve the reliability and monitoring of connections, specifically tailored for environments with restricted internet access (e.g., active censorship, GFW).
### Key Changes
1. **New Reporting API (`/report`)**:
* Added `ReportController` and `ReportService` to handle incoming connection reports.
* Endpoint receives data such as `Latency`, `Success` status, `Protocol`, and Client Interface details.
* Data is persisted to the database via the new `ConnectionReport` model.
2. **Subscription Link Updates**:
* Modified `subService` to append a `reportUrl` parameter to generated subscription links (VLESS, VMess, etc.).
* This allows compatible clients to automatically discover the reporting endpoint and send feedback.
3. **Database Integration**:
* Added `ConnectionReport` schema to `database/model` and registered it in `database/db.go` for auto-migration.
## Why is this helpful for Restricted Internet Locations?
In regions with heavy internet censorship, connection stability is volatile.
* **Dynamic Reporting Endpoint**: The `reportUrl` parameter embedded in the subscription link explicitly tells the client *where* to send connection data.
* **Bypassing Blocking**: By decoupling the reporting URL from the node address, clients can ensure diagnostic data reaches the panel even if specific node IPs are being interfered with (assuming the panel itself is reachable).
* **Real-time Network Intelligence**: This mechanism enables the panel to aggregate "ground truth" data from clients inside the restricted network (e.g., latency, accessibility of specific protocols), allowing admins to react faster to blocking events.
* **Protocol Performance Tracking**: Allows comparison of different protocols (Reality vs. VLESS+TLS vs. Trojan) based on real-world latency and success rates from actual users.
* **Rapid Troubleshooting**: Administrators can see connection quality trends and rotate IPs/domains proactively when success rates drop, minimizing downtime for users.
## Technical Details
* **API Endpoint**: `POST /report`
* **Payload Format**: JSON containing `SystemInfo` (Interface), `ConnectionQuality` (Latency, Success), and `ProtocolInfo`.
* **Security**: Reports are tied to valid client request contexts (implementation detail: ensure endpoint is rate-limited or authenticated if necessary, though currently designed for open reporting from valid sub links).
## How to Test
1. Update the panel.
2. Generate a subscription link.
3. Observe the `reportUrl` parameter in the link.
4. Simulate a client POST to the report URL and verify the entry in the `ConnectionReports` table.
2026-02-04 10:00:00 +00:00
|
|
|
~/.acme.sh/acme.sh --set-default-ca --server letsencrypt >/dev/null 2>&1
|
2025-12-27 23:03:33 +00:00
|
|
|
~/.acme.sh/acme.sh --issue -d ${domain} --listen-v6 --standalone --httpport 80 --force
|
|
|
|
|
|
|
|
|
|
if [ $? -ne 0 ]; then
|
|
|
|
|
echo -e "${yellow}Failed to issue certificate for ${domain}${plain}"
|
|
|
|
|
echo -e "${yellow}Please ensure port 80 is open and try again later with: x-ui${plain}"
|
|
|
|
|
rm -rf ~/.acme.sh/${domain} 2>/dev/null
|
|
|
|
|
rm -rf "$certPath" 2>/dev/null
|
|
|
|
|
return 1
|
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
# Install certificate
|
|
|
|
|
~/.acme.sh/acme.sh --installcert -d ${domain} \
|
|
|
|
|
--key-file /root/cert/${domain}/privkey.pem \
|
|
|
|
|
--fullchain-file /root/cert/${domain}/fullchain.pem \
|
|
|
|
|
--reloadcmd "systemctl restart x-ui" >/dev/null 2>&1
|
|
|
|
|
|
|
|
|
|
if [ $? -ne 0 ]; then
|
|
|
|
|
echo -e "${yellow}Failed to install certificate${plain}"
|
|
|
|
|
return 1
|
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
# Enable auto-renew
|
|
|
|
|
~/.acme.sh/acme.sh --upgrade --auto-upgrade >/dev/null 2>&1
|
2026-01-05 04:28:02 +00:00
|
|
|
# Secure permissions: private key readable only by owner
|
|
|
|
|
chmod 600 $certPath/privkey.pem 2>/dev/null
|
|
|
|
|
chmod 644 $certPath/fullchain.pem 2>/dev/null
|
2025-12-27 23:03:33 +00:00
|
|
|
|
|
|
|
|
# Set certificate for panel
|
|
|
|
|
local webCertFile="/root/cert/${domain}/fullchain.pem"
|
|
|
|
|
local webKeyFile="/root/cert/${domain}/privkey.pem"
|
|
|
|
|
|
|
|
|
|
if [[ -f "$webCertFile" && -f "$webKeyFile" ]]; then
|
2026-01-03 02:57:19 +00:00
|
|
|
${xui_folder}/x-ui cert -webCert "$webCertFile" -webCertKey "$webKeyFile" >/dev/null 2>&1
|
2025-12-27 23:03:33 +00:00
|
|
|
echo -e "${green}SSL certificate installed and configured successfully!${plain}"
|
|
|
|
|
return 0
|
|
|
|
|
else
|
|
|
|
|
echo -e "${yellow}Certificate files not found${plain}"
|
|
|
|
|
return 1
|
|
|
|
|
fi
|
|
|
|
|
}
|
|
|
|
|
|
2026-01-05 04:28:02 +00:00
|
|
|
# Issue Let's Encrypt IP certificate with shortlived profile (~6 days validity)
|
|
|
|
|
# Requires acme.sh and port 80 open for HTTP-01 challenge
|
|
|
|
|
setup_ip_certificate() {
|
|
|
|
|
local ipv4="$1"
|
|
|
|
|
local ipv6="$2" # optional
|
2025-12-27 23:03:33 +00:00
|
|
|
|
2026-01-05 04:28:02 +00:00
|
|
|
echo -e "${green}Setting up Let's Encrypt IP certificate (shortlived profile)...${plain}"
|
|
|
|
|
echo -e "${yellow}Note: IP certificates are valid for ~6 days and will auto-renew.${plain}"
|
2026-01-11 14:28:43 +00:00
|
|
|
echo -e "${yellow}Default listener is port 80. If you choose another port, ensure external port 80 forwards to it.${plain}"
|
2025-12-27 23:03:33 +00:00
|
|
|
|
2026-01-05 04:28:02 +00:00
|
|
|
# Check for acme.sh
|
|
|
|
|
if ! command -v ~/.acme.sh/acme.sh &>/dev/null; then
|
|
|
|
|
install_acme
|
|
|
|
|
if [ $? -ne 0 ]; then
|
|
|
|
|
echo -e "${red}Failed to install acme.sh${plain}"
|
|
|
|
|
return 1
|
|
|
|
|
fi
|
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
# Validate IP address
|
|
|
|
|
if [[ -z "$ipv4" ]]; then
|
|
|
|
|
echo -e "${red}IPv4 address is required${plain}"
|
|
|
|
|
return 1
|
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
if ! is_ipv4 "$ipv4"; then
|
|
|
|
|
echo -e "${red}Invalid IPv4 address: $ipv4${plain}"
|
|
|
|
|
return 1
|
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
# Create certificate directory
|
|
|
|
|
local certDir="/root/cert/ip"
|
2025-12-27 23:03:33 +00:00
|
|
|
mkdir -p "$certDir"
|
|
|
|
|
|
2026-01-05 04:28:02 +00:00
|
|
|
# Build domain arguments
|
|
|
|
|
local domain_args="-d ${ipv4}"
|
|
|
|
|
if [[ -n "$ipv6" ]] && is_ipv6 "$ipv6"; then
|
|
|
|
|
domain_args="${domain_args} -d ${ipv6}"
|
|
|
|
|
echo -e "${green}Including IPv6 address: ${ipv6}${plain}"
|
2025-12-27 23:03:33 +00:00
|
|
|
fi
|
|
|
|
|
|
2026-01-05 04:28:02 +00:00
|
|
|
# Set reload command for auto-renewal (add || true so it doesn't fail during first install)
|
|
|
|
|
local reloadCmd="systemctl restart x-ui 2>/dev/null || rc-service x-ui restart 2>/dev/null || true"
|
2025-12-27 23:03:33 +00:00
|
|
|
|
2026-01-11 14:28:43 +00:00
|
|
|
# Choose port for HTTP-01 listener (default 80, prompt override)
|
|
|
|
|
local WebPort=""
|
|
|
|
|
read -rp "Port to use for ACME HTTP-01 listener (default 80): " WebPort
|
|
|
|
|
WebPort="${WebPort:-80}"
|
|
|
|
|
if ! [[ "${WebPort}" =~ ^[0-9]+$ ]] || ((WebPort < 1 || WebPort > 65535)); then
|
|
|
|
|
echo -e "${red}Invalid port provided. Falling back to 80.${plain}"
|
|
|
|
|
WebPort=80
|
|
|
|
|
fi
|
|
|
|
|
echo -e "${green}Using port ${WebPort} for standalone validation.${plain}"
|
|
|
|
|
if [[ "${WebPort}" -ne 80 ]]; then
|
|
|
|
|
echo -e "${yellow}Reminder: Let's Encrypt still connects on port 80; forward external port 80 to ${WebPort}.${plain}"
|
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
# Ensure chosen port is available
|
|
|
|
|
while true; do
|
|
|
|
|
if is_port_in_use "${WebPort}"; then
|
|
|
|
|
echo -e "${yellow}Port ${WebPort} is in use.${plain}"
|
|
|
|
|
|
|
|
|
|
local alt_port=""
|
|
|
|
|
read -rp "Enter another port for acme.sh standalone listener (leave empty to abort): " alt_port
|
|
|
|
|
alt_port="${alt_port// /}"
|
|
|
|
|
if [[ -z "${alt_port}" ]]; then
|
|
|
|
|
echo -e "${red}Port ${WebPort} is busy; cannot proceed.${plain}"
|
|
|
|
|
return 1
|
|
|
|
|
fi
|
|
|
|
|
if ! [[ "${alt_port}" =~ ^[0-9]+$ ]] || ((alt_port < 1 || alt_port > 65535)); then
|
|
|
|
|
echo -e "${red}Invalid port provided.${plain}"
|
|
|
|
|
return 1
|
|
|
|
|
fi
|
|
|
|
|
WebPort="${alt_port}"
|
|
|
|
|
continue
|
|
|
|
|
else
|
|
|
|
|
echo -e "${green}Port ${WebPort} is free and ready for standalone validation.${plain}"
|
|
|
|
|
break
|
|
|
|
|
fi
|
|
|
|
|
done
|
|
|
|
|
|
2026-01-05 04:28:02 +00:00
|
|
|
# Issue certificate with shortlived profile
|
|
|
|
|
echo -e "${green}Issuing IP certificate for ${ipv4}...${plain}"
|
# Pull Request: Connection Reporting System & Improvements for Restricted Networks
## Description
This PR introduces a comprehensive **Connection Reporting System** designed to improve the reliability and monitoring of connections, specifically tailored for environments with restricted internet access (e.g., active censorship, GFW).
### Key Changes
1. **New Reporting API (`/report`)**:
* Added `ReportController` and `ReportService` to handle incoming connection reports.
* Endpoint receives data such as `Latency`, `Success` status, `Protocol`, and Client Interface details.
* Data is persisted to the database via the new `ConnectionReport` model.
2. **Subscription Link Updates**:
* Modified `subService` to append a `reportUrl` parameter to generated subscription links (VLESS, VMess, etc.).
* This allows compatible clients to automatically discover the reporting endpoint and send feedback.
3. **Database Integration**:
* Added `ConnectionReport` schema to `database/model` and registered it in `database/db.go` for auto-migration.
## Why is this helpful for Restricted Internet Locations?
In regions with heavy internet censorship, connection stability is volatile.
* **Dynamic Reporting Endpoint**: The `reportUrl` parameter embedded in the subscription link explicitly tells the client *where* to send connection data.
* **Bypassing Blocking**: By decoupling the reporting URL from the node address, clients can ensure diagnostic data reaches the panel even if specific node IPs are being interfered with (assuming the panel itself is reachable).
* **Real-time Network Intelligence**: This mechanism enables the panel to aggregate "ground truth" data from clients inside the restricted network (e.g., latency, accessibility of specific protocols), allowing admins to react faster to blocking events.
* **Protocol Performance Tracking**: Allows comparison of different protocols (Reality vs. VLESS+TLS vs. Trojan) based on real-world latency and success rates from actual users.
* **Rapid Troubleshooting**: Administrators can see connection quality trends and rotate IPs/domains proactively when success rates drop, minimizing downtime for users.
## Technical Details
* **API Endpoint**: `POST /report`
* **Payload Format**: JSON containing `SystemInfo` (Interface), `ConnectionQuality` (Latency, Success), and `ProtocolInfo`.
* **Security**: Reports are tied to valid client request contexts (implementation detail: ensure endpoint is rate-limited or authenticated if necessary, though currently designed for open reporting from valid sub links).
## How to Test
1. Update the panel.
2. Generate a subscription link.
3. Observe the `reportUrl` parameter in the link.
4. Simulate a client POST to the report URL and verify the entry in the `ConnectionReports` table.
2026-02-04 10:00:00 +00:00
|
|
|
~/.acme.sh/acme.sh --set-default-ca --server letsencrypt >/dev/null 2>&1
|
2026-01-05 04:28:02 +00:00
|
|
|
|
|
|
|
|
~/.acme.sh/acme.sh --issue \
|
|
|
|
|
${domain_args} \
|
|
|
|
|
--standalone \
|
|
|
|
|
--server letsencrypt \
|
|
|
|
|
--certificate-profile shortlived \
|
|
|
|
|
--days 6 \
|
2026-01-11 14:28:43 +00:00
|
|
|
--httpport ${WebPort} \
|
2026-01-05 04:28:02 +00:00
|
|
|
--force
|
|
|
|
|
|
|
|
|
|
if [ $? -ne 0 ]; then
|
|
|
|
|
echo -e "${red}Failed to issue IP certificate${plain}"
|
2026-01-11 14:28:43 +00:00
|
|
|
echo -e "${yellow}Please ensure port ${WebPort} is reachable (or forwarded from external port 80)${plain}"
|
2026-01-05 04:28:02 +00:00
|
|
|
# Cleanup acme.sh data for both IPv4 and IPv6 if specified
|
|
|
|
|
rm -rf ~/.acme.sh/${ipv4} 2>/dev/null
|
|
|
|
|
[[ -n "$ipv6" ]] && rm -rf ~/.acme.sh/${ipv6} 2>/dev/null
|
|
|
|
|
rm -rf ${certDir} 2>/dev/null
|
|
|
|
|
return 1
|
2025-12-27 23:03:33 +00:00
|
|
|
fi
|
|
|
|
|
|
2026-01-05 04:28:02 +00:00
|
|
|
echo -e "${green}Certificate issued successfully, installing...${plain}"
|
|
|
|
|
|
|
|
|
|
# Install certificate
|
|
|
|
|
# Note: acme.sh may report "Reload error" and exit non-zero if reloadcmd fails,
|
|
|
|
|
# but the cert files are still installed. We check for files instead of exit code.
|
|
|
|
|
~/.acme.sh/acme.sh --installcert -d ${ipv4} \
|
|
|
|
|
--key-file "${certDir}/privkey.pem" \
|
|
|
|
|
--fullchain-file "${certDir}/fullchain.pem" \
|
|
|
|
|
--reloadcmd "${reloadCmd}" 2>&1 || true
|
|
|
|
|
|
|
|
|
|
# Verify certificate files exist (don't rely on exit code - reloadcmd failure causes non-zero)
|
2025-12-27 23:03:33 +00:00
|
|
|
if [[ ! -f "${certDir}/fullchain.pem" || ! -f "${certDir}/privkey.pem" ]]; then
|
2026-01-05 04:28:02 +00:00
|
|
|
echo -e "${red}Certificate files not found after installation${plain}"
|
|
|
|
|
# Cleanup acme.sh data for both IPv4 and IPv6 if specified
|
|
|
|
|
rm -rf ~/.acme.sh/${ipv4} 2>/dev/null
|
|
|
|
|
[[ -n "$ipv6" ]] && rm -rf ~/.acme.sh/${ipv6} 2>/dev/null
|
|
|
|
|
rm -rf ${certDir} 2>/dev/null
|
2025-12-27 23:03:33 +00:00
|
|
|
return 1
|
|
|
|
|
fi
|
2026-01-05 04:28:02 +00:00
|
|
|
|
|
|
|
|
echo -e "${green}Certificate files installed successfully${plain}"
|
|
|
|
|
|
|
|
|
|
# Enable auto-upgrade for acme.sh (ensures cron job runs)
|
|
|
|
|
~/.acme.sh/acme.sh --upgrade --auto-upgrade >/dev/null 2>&1
|
|
|
|
|
|
|
|
|
|
# Secure permissions: private key readable only by owner
|
|
|
|
|
chmod 600 ${certDir}/privkey.pem 2>/dev/null
|
|
|
|
|
chmod 644 ${certDir}/fullchain.pem 2>/dev/null
|
|
|
|
|
|
|
|
|
|
# Configure panel to use the certificate
|
|
|
|
|
echo -e "${green}Setting certificate paths for the panel...${plain}"
|
|
|
|
|
${xui_folder}/x-ui cert -webCert "${certDir}/fullchain.pem" -webCertKey "${certDir}/privkey.pem"
|
|
|
|
|
|
|
|
|
|
if [ $? -ne 0 ]; then
|
|
|
|
|
echo -e "${yellow}Warning: Could not set certificate paths automatically${plain}"
|
|
|
|
|
echo -e "${yellow}Certificate files are at:${plain}"
|
|
|
|
|
echo -e " Cert: ${certDir}/fullchain.pem"
|
|
|
|
|
echo -e " Key: ${certDir}/privkey.pem"
|
|
|
|
|
else
|
|
|
|
|
echo -e "${green}Certificate paths configured successfully${plain}"
|
|
|
|
|
fi
|
2025-12-27 23:03:33 +00:00
|
|
|
|
2026-01-05 04:28:02 +00:00
|
|
|
echo -e "${green}IP certificate installed and configured successfully!${plain}"
|
|
|
|
|
echo -e "${green}Certificate valid for ~6 days, auto-renews via acme.sh cron job.${plain}"
|
|
|
|
|
echo -e "${yellow}acme.sh will automatically renew and reload x-ui before expiry.${plain}"
|
2025-12-27 23:03:33 +00:00
|
|
|
return 0
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
# Comprehensive manual SSL certificate issuance via acme.sh
|
|
|
|
|
ssl_cert_issue() {
|
2026-01-03 02:57:19 +00:00
|
|
|
local existing_webBasePath=$(${xui_folder}/x-ui setting -show true | grep 'webBasePath:' | awk -F': ' '{print $2}' | tr -d '[:space:]' | sed 's#^/##')
|
|
|
|
|
local existing_port=$(${xui_folder}/x-ui setting -show true | grep 'port:' | awk -F': ' '{print $2}' | tr -d '[:space:]')
|
2025-12-27 23:03:33 +00:00
|
|
|
|
|
|
|
|
# check for acme.sh first
|
|
|
|
|
if ! command -v ~/.acme.sh/acme.sh &>/dev/null; then
|
|
|
|
|
echo "acme.sh could not be found. Installing now..."
|
|
|
|
|
cd ~ || return 1
|
|
|
|
|
curl -s https://get.acme.sh | sh
|
|
|
|
|
if [ $? -ne 0 ]; then
|
|
|
|
|
echo -e "${red}Failed to install acme.sh${plain}"
|
|
|
|
|
return 1
|
|
|
|
|
else
|
|
|
|
|
echo -e "${green}acme.sh installed successfully${plain}"
|
|
|
|
|
fi
|
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
# get the domain here, and we need to verify it
|
|
|
|
|
local domain=""
|
|
|
|
|
while true; do
|
|
|
|
|
read -rp "Please enter your domain name: " domain
|
|
|
|
|
domain="${domain// /}" # Trim whitespace
|
|
|
|
|
|
|
|
|
|
if [[ -z "$domain" ]]; then
|
|
|
|
|
echo -e "${red}Domain name cannot be empty. Please try again.${plain}"
|
|
|
|
|
continue
|
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
if ! is_domain "$domain"; then
|
|
|
|
|
echo -e "${red}Invalid domain format: ${domain}. Please enter a valid domain name.${plain}"
|
|
|
|
|
continue
|
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
break
|
|
|
|
|
done
|
|
|
|
|
echo -e "${green}Your domain is: ${domain}, checking it...${plain}"
|
|
|
|
|
|
|
|
|
|
# check if there already exists a certificate
|
|
|
|
|
local currentCert=$(~/.acme.sh/acme.sh --list | tail -1 | awk '{print $1}')
|
|
|
|
|
if [ "${currentCert}" == "${domain}" ]; then
|
|
|
|
|
local certInfo=$(~/.acme.sh/acme.sh --list)
|
|
|
|
|
echo -e "${red}System already has certificates for this domain. Cannot issue again.${plain}"
|
|
|
|
|
echo -e "${yellow}Current certificate details:${plain}"
|
|
|
|
|
echo "$certInfo"
|
|
|
|
|
return 1
|
|
|
|
|
else
|
|
|
|
|
echo -e "${green}Your domain is ready for issuing certificates now...${plain}"
|
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
# create a directory for the certificate
|
|
|
|
|
certPath="/root/cert/${domain}"
|
|
|
|
|
if [ ! -d "$certPath" ]; then
|
|
|
|
|
mkdir -p "$certPath"
|
|
|
|
|
else
|
|
|
|
|
rm -rf "$certPath"
|
|
|
|
|
mkdir -p "$certPath"
|
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
# get the port number for the standalone server
|
|
|
|
|
local WebPort=80
|
|
|
|
|
read -rp "Please choose which port to use (default is 80): " WebPort
|
|
|
|
|
if [[ ${WebPort} -gt 65535 || ${WebPort} -lt 1 ]]; then
|
|
|
|
|
echo -e "${yellow}Your input ${WebPort} is invalid, will use default port 80.${plain}"
|
|
|
|
|
WebPort=80
|
|
|
|
|
fi
|
|
|
|
|
echo -e "${green}Will use port: ${WebPort} to issue certificates. Please make sure this port is open.${plain}"
|
|
|
|
|
|
|
|
|
|
# Stop panel temporarily
|
|
|
|
|
echo -e "${yellow}Stopping panel temporarily...${plain}"
|
|
|
|
|
systemctl stop x-ui 2>/dev/null || rc-service x-ui stop 2>/dev/null
|
|
|
|
|
|
|
|
|
|
# issue the certificate
|
# Pull Request: Connection Reporting System & Improvements for Restricted Networks
## Description
This PR introduces a comprehensive **Connection Reporting System** designed to improve the reliability and monitoring of connections, specifically tailored for environments with restricted internet access (e.g., active censorship, GFW).
### Key Changes
1. **New Reporting API (`/report`)**:
* Added `ReportController` and `ReportService` to handle incoming connection reports.
* Endpoint receives data such as `Latency`, `Success` status, `Protocol`, and Client Interface details.
* Data is persisted to the database via the new `ConnectionReport` model.
2. **Subscription Link Updates**:
* Modified `subService` to append a `reportUrl` parameter to generated subscription links (VLESS, VMess, etc.).
* This allows compatible clients to automatically discover the reporting endpoint and send feedback.
3. **Database Integration**:
* Added `ConnectionReport` schema to `database/model` and registered it in `database/db.go` for auto-migration.
## Why is this helpful for Restricted Internet Locations?
In regions with heavy internet censorship, connection stability is volatile.
* **Dynamic Reporting Endpoint**: The `reportUrl` parameter embedded in the subscription link explicitly tells the client *where* to send connection data.
* **Bypassing Blocking**: By decoupling the reporting URL from the node address, clients can ensure diagnostic data reaches the panel even if specific node IPs are being interfered with (assuming the panel itself is reachable).
* **Real-time Network Intelligence**: This mechanism enables the panel to aggregate "ground truth" data from clients inside the restricted network (e.g., latency, accessibility of specific protocols), allowing admins to react faster to blocking events.
* **Protocol Performance Tracking**: Allows comparison of different protocols (Reality vs. VLESS+TLS vs. Trojan) based on real-world latency and success rates from actual users.
* **Rapid Troubleshooting**: Administrators can see connection quality trends and rotate IPs/domains proactively when success rates drop, minimizing downtime for users.
## Technical Details
* **API Endpoint**: `POST /report`
* **Payload Format**: JSON containing `SystemInfo` (Interface), `ConnectionQuality` (Latency, Success), and `ProtocolInfo`.
* **Security**: Reports are tied to valid client request contexts (implementation detail: ensure endpoint is rate-limited or authenticated if necessary, though currently designed for open reporting from valid sub links).
## How to Test
1. Update the panel.
2. Generate a subscription link.
3. Observe the `reportUrl` parameter in the link.
4. Simulate a client POST to the report URL and verify the entry in the `ConnectionReports` table.
2026-02-04 10:00:00 +00:00
|
|
|
~/.acme.sh/acme.sh --set-default-ca --server letsencrypt
|
2025-12-27 23:03:33 +00:00
|
|
|
~/.acme.sh/acme.sh --issue -d ${domain} --listen-v6 --standalone --httpport ${WebPort} --force
|
|
|
|
|
if [ $? -ne 0 ]; then
|
|
|
|
|
echo -e "${red}Issuing certificate failed, please check logs.${plain}"
|
|
|
|
|
rm -rf ~/.acme.sh/${domain}
|
|
|
|
|
systemctl start x-ui 2>/dev/null || rc-service x-ui start 2>/dev/null
|
|
|
|
|
return 1
|
|
|
|
|
else
|
|
|
|
|
echo -e "${green}Issuing certificate succeeded, installing certificates...${plain}"
|
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
# Setup reload command
|
|
|
|
|
reloadCmd="systemctl restart x-ui || rc-service x-ui restart"
|
|
|
|
|
echo -e "${green}Default --reloadcmd for ACME is: ${yellow}systemctl restart x-ui || rc-service x-ui restart${plain}"
|
|
|
|
|
echo -e "${green}This command will run on every certificate issue and renew.${plain}"
|
|
|
|
|
read -rp "Would you like to modify --reloadcmd for ACME? (y/n): " setReloadcmd
|
|
|
|
|
if [[ "$setReloadcmd" == "y" || "$setReloadcmd" == "Y" ]]; then
|
|
|
|
|
echo -e "\n${green}\t1.${plain} Preset: systemctl reload nginx ; systemctl restart x-ui"
|
|
|
|
|
echo -e "${green}\t2.${plain} Input your own command"
|
|
|
|
|
echo -e "${green}\t0.${plain} Keep default reloadcmd"
|
|
|
|
|
read -rp "Choose an option: " choice
|
|
|
|
|
case "$choice" in
|
|
|
|
|
1)
|
|
|
|
|
echo -e "${green}Reloadcmd is: systemctl reload nginx ; systemctl restart x-ui${plain}"
|
|
|
|
|
reloadCmd="systemctl reload nginx ; systemctl restart x-ui"
|
|
|
|
|
;;
|
|
|
|
|
2)
|
|
|
|
|
echo -e "${yellow}It's recommended to put x-ui restart at the end${plain}"
|
|
|
|
|
read -rp "Please enter your custom reloadcmd: " reloadCmd
|
|
|
|
|
echo -e "${green}Reloadcmd is: ${reloadCmd}${plain}"
|
|
|
|
|
;;
|
|
|
|
|
*)
|
|
|
|
|
echo -e "${green}Keeping default reloadcmd${plain}"
|
|
|
|
|
;;
|
|
|
|
|
esac
|
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
# install the certificate
|
|
|
|
|
~/.acme.sh/acme.sh --installcert -d ${domain} \
|
|
|
|
|
--key-file /root/cert/${domain}/privkey.pem \
|
|
|
|
|
--fullchain-file /root/cert/${domain}/fullchain.pem --reloadcmd "${reloadCmd}"
|
|
|
|
|
|
|
|
|
|
if [ $? -ne 0 ]; then
|
|
|
|
|
echo -e "${red}Installing certificate failed, exiting.${plain}"
|
|
|
|
|
rm -rf ~/.acme.sh/${domain}
|
|
|
|
|
systemctl start x-ui 2>/dev/null || rc-service x-ui start 2>/dev/null
|
|
|
|
|
return 1
|
|
|
|
|
else
|
|
|
|
|
echo -e "${green}Installing certificate succeeded, enabling auto renew...${plain}"
|
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
# enable auto-renew
|
|
|
|
|
~/.acme.sh/acme.sh --upgrade --auto-upgrade
|
|
|
|
|
if [ $? -ne 0 ]; then
|
|
|
|
|
echo -e "${yellow}Auto renew setup had issues, certificate details:${plain}"
|
|
|
|
|
ls -lah /root/cert/${domain}/
|
2026-01-05 04:28:02 +00:00
|
|
|
# Secure permissions: private key readable only by owner
|
|
|
|
|
chmod 600 $certPath/privkey.pem 2>/dev/null
|
|
|
|
|
chmod 644 $certPath/fullchain.pem 2>/dev/null
|
2025-12-27 23:03:33 +00:00
|
|
|
else
|
|
|
|
|
echo -e "${green}Auto renew succeeded, certificate details:${plain}"
|
|
|
|
|
ls -lah /root/cert/${domain}/
|
2026-01-05 04:28:02 +00:00
|
|
|
# Secure permissions: private key readable only by owner
|
|
|
|
|
chmod 600 $certPath/privkey.pem 2>/dev/null
|
|
|
|
|
chmod 644 $certPath/fullchain.pem 2>/dev/null
|
2025-12-27 23:03:33 +00:00
|
|
|
fi
|
|
|
|
|
|
2026-01-05 04:28:02 +00:00
|
|
|
# start panel
|
2025-12-27 23:03:33 +00:00
|
|
|
systemctl start x-ui 2>/dev/null || rc-service x-ui start 2>/dev/null
|
|
|
|
|
|
|
|
|
|
# Prompt user to set panel paths after successful certificate installation
|
|
|
|
|
read -rp "Would you like to set this certificate for the panel? (y/n): " setPanel
|
|
|
|
|
if [[ "$setPanel" == "y" || "$setPanel" == "Y" ]]; then
|
|
|
|
|
local webCertFile="/root/cert/${domain}/fullchain.pem"
|
|
|
|
|
local webKeyFile="/root/cert/${domain}/privkey.pem"
|
|
|
|
|
|
|
|
|
|
if [[ -f "$webCertFile" && -f "$webKeyFile" ]]; then
|
2026-01-03 02:57:19 +00:00
|
|
|
${xui_folder}/x-ui cert -webCert "$webCertFile" -webCertKey "$webKeyFile"
|
2025-12-27 23:03:33 +00:00
|
|
|
echo -e "${green}Certificate paths set for the panel${plain}"
|
|
|
|
|
echo -e "${green}Certificate File: $webCertFile${plain}"
|
|
|
|
|
echo -e "${green}Private Key File: $webKeyFile${plain}"
|
|
|
|
|
echo ""
|
|
|
|
|
echo -e "${green}Access URL: https://${domain}:${existing_port}/${existing_webBasePath}${plain}"
|
|
|
|
|
echo -e "${yellow}Panel will restart to apply SSL certificate...${plain}"
|
|
|
|
|
systemctl restart x-ui 2>/dev/null || rc-service x-ui restart 2>/dev/null
|
|
|
|
|
else
|
|
|
|
|
echo -e "${red}Error: Certificate or private key file not found for domain: $domain.${plain}"
|
|
|
|
|
fi
|
|
|
|
|
else
|
|
|
|
|
echo -e "${yellow}Skipping panel path setting.${plain}"
|
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
return 0
|
|
|
|
|
}
|
|
|
|
|
|
2026-01-05 04:28:02 +00:00
|
|
|
# Reusable interactive SSL setup (domain or IP)
|
2025-12-27 23:03:33 +00:00
|
|
|
# Sets global `SSL_HOST` to the chosen domain/IP for Access URL usage
|
|
|
|
|
prompt_and_setup_ssl() {
|
|
|
|
|
local panel_port="$1"
|
|
|
|
|
local web_base_path="$2" # expected without leading slash
|
|
|
|
|
local server_ip="$3"
|
|
|
|
|
|
|
|
|
|
local ssl_choice=""
|
|
|
|
|
|
|
|
|
|
echo -e "${yellow}Choose SSL certificate setup method:${plain}"
|
2026-01-05 04:28:02 +00:00
|
|
|
echo -e "${green}1.${plain} Let's Encrypt for Domain (90-day validity, auto-renews)"
|
|
|
|
|
echo -e "${green}2.${plain} Let's Encrypt for IP Address (6-day validity, auto-renews)"
|
2026-01-21 15:47:36 +00:00
|
|
|
echo -e "${green}3.${plain} Custom SSL Certificate (Path to existing files)"
|
|
|
|
|
echo -e "${blue}Note:${plain} Options 1 & 2 require port 80 open. Option 3 requires manual paths."
|
2026-01-05 04:28:02 +00:00
|
|
|
read -rp "Choose an option (default 2 for IP): " ssl_choice
|
2025-12-27 23:03:33 +00:00
|
|
|
ssl_choice="${ssl_choice// /}" # Trim whitespace
|
|
|
|
|
|
2026-01-21 15:47:36 +00:00
|
|
|
# Default to 2 (IP cert) if input is empty or invalid (not 1 or 3)
|
|
|
|
|
if [[ "$ssl_choice" != "1" && "$ssl_choice" != "3" ]]; then
|
2025-12-27 23:03:33 +00:00
|
|
|
ssl_choice="2"
|
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
case "$ssl_choice" in
|
|
|
|
|
1)
|
|
|
|
|
# User chose Let's Encrypt domain option
|
2026-01-05 04:28:02 +00:00
|
|
|
echo -e "${green}Using Let's Encrypt for domain certificate...${plain}"
|
2025-12-27 23:03:33 +00:00
|
|
|
ssl_cert_issue
|
|
|
|
|
# Extract the domain that was used from the certificate
|
|
|
|
|
local cert_domain=$(~/.acme.sh/acme.sh --list 2>/dev/null | tail -1 | awk '{print $1}')
|
|
|
|
|
if [[ -n "${cert_domain}" ]]; then
|
|
|
|
|
SSL_HOST="${cert_domain}"
|
|
|
|
|
echo -e "${green}✓ SSL certificate configured successfully with domain: ${cert_domain}${plain}"
|
|
|
|
|
else
|
|
|
|
|
echo -e "${yellow}SSL setup may have completed, but domain extraction failed${plain}"
|
|
|
|
|
SSL_HOST="${server_ip}"
|
|
|
|
|
fi
|
|
|
|
|
;;
|
|
|
|
|
2)
|
2026-01-05 04:28:02 +00:00
|
|
|
# User chose Let's Encrypt IP certificate option
|
|
|
|
|
echo -e "${green}Using Let's Encrypt for IP certificate (shortlived profile)...${plain}"
|
|
|
|
|
|
|
|
|
|
# Ask for optional IPv6
|
|
|
|
|
local ipv6_addr=""
|
|
|
|
|
read -rp "Do you have an IPv6 address to include? (leave empty to skip): " ipv6_addr
|
|
|
|
|
ipv6_addr="${ipv6_addr// /}" # Trim whitespace
|
|
|
|
|
|
|
|
|
|
# Stop panel if running (port 80 needed)
|
2025-12-27 23:03:33 +00:00
|
|
|
if [[ $release == "alpine" ]]; then
|
|
|
|
|
rc-service x-ui stop >/dev/null 2>&1
|
|
|
|
|
else
|
|
|
|
|
systemctl stop x-ui >/dev/null 2>&1
|
|
|
|
|
fi
|
2026-01-05 04:28:02 +00:00
|
|
|
|
|
|
|
|
setup_ip_certificate "${server_ip}" "${ipv6_addr}"
|
2025-12-27 23:03:33 +00:00
|
|
|
if [ $? -eq 0 ]; then
|
|
|
|
|
SSL_HOST="${server_ip}"
|
2026-01-05 04:28:02 +00:00
|
|
|
echo -e "${green}✓ Let's Encrypt IP certificate configured successfully${plain}"
|
2025-12-27 23:03:33 +00:00
|
|
|
else
|
2026-01-05 04:28:02 +00:00
|
|
|
echo -e "${red}✗ IP certificate setup failed. Please check port 80 is open.${plain}"
|
2025-12-27 23:03:33 +00:00
|
|
|
SSL_HOST="${server_ip}"
|
|
|
|
|
fi
|
2026-01-21 15:47:36 +00:00
|
|
|
;;
|
|
|
|
|
3)
|
|
|
|
|
# User chose Custom Paths (User Provided) option
|
|
|
|
|
echo -e "${green}Using custom existing certificate...${plain}"
|
|
|
|
|
local custom_cert=""
|
|
|
|
|
local custom_key=""
|
|
|
|
|
local custom_domain=""
|
|
|
|
|
|
|
|
|
|
# 3.1 Request Domain to compose Panel URL later
|
|
|
|
|
read -rp "Please enter domain name certificate issued for: " custom_domain
|
|
|
|
|
custom_domain="${custom_domain// /}" # Убираем пробелы
|
|
|
|
|
|
|
|
|
|
# 3.2 Loop for Certificate Path
|
|
|
|
|
while true; do
|
|
|
|
|
read -rp "Input certificate path (keywords: .crt / fullchain): " custom_cert
|
|
|
|
|
# Strip quotes if present
|
|
|
|
|
custom_cert=$(echo "$custom_cert" | tr -d '"' | tr -d "'")
|
|
|
|
|
|
|
|
|
|
if [[ -f "$custom_cert" && -r "$custom_cert" && -s "$custom_cert" ]]; then
|
|
|
|
|
break
|
|
|
|
|
elif [[ ! -f "$custom_cert" ]]; then
|
|
|
|
|
echo -e "${red}Error: File does not exist! Try again.${plain}"
|
|
|
|
|
elif [[ ! -r "$custom_cert" ]]; then
|
|
|
|
|
echo -e "${red}Error: File exists but is not readable (check permissions)!${plain}"
|
|
|
|
|
else
|
|
|
|
|
echo -e "${red}Error: File is empty!${plain}"
|
|
|
|
|
fi
|
|
|
|
|
done
|
|
|
|
|
|
|
|
|
|
# 3.3 Loop for Private Key Path
|
|
|
|
|
while true; do
|
|
|
|
|
read -rp "Input private key path (keywords: .key / privatekey): " custom_key
|
|
|
|
|
# Strip quotes if present
|
|
|
|
|
custom_key=$(echo "$custom_key" | tr -d '"' | tr -d "'")
|
|
|
|
|
|
|
|
|
|
if [[ -f "$custom_key" && -r "$custom_key" && -s "$custom_key" ]]; then
|
|
|
|
|
break
|
|
|
|
|
elif [[ ! -f "$custom_key" ]]; then
|
|
|
|
|
echo -e "${red}Error: File does not exist! Try again.${plain}"
|
|
|
|
|
elif [[ ! -r "$custom_key" ]]; then
|
|
|
|
|
echo -e "${red}Error: File exists but is not readable (check permissions)!${plain}"
|
|
|
|
|
else
|
|
|
|
|
echo -e "${red}Error: File is empty!${plain}"
|
|
|
|
|
fi
|
|
|
|
|
done
|
|
|
|
|
|
|
|
|
|
# 3.4 Apply Settings via x-ui binary
|
|
|
|
|
${xui_folder}/x-ui cert -webCert "$custom_cert" -webCertKey "$custom_key" >/dev/null 2>&1
|
2026-01-05 04:28:02 +00:00
|
|
|
|
2026-01-21 15:47:36 +00:00
|
|
|
# Set SSL_HOST for composing Panel URL
|
|
|
|
|
if [[ -n "$custom_domain" ]]; then
|
|
|
|
|
SSL_HOST="$custom_domain"
|
|
|
|
|
else
|
|
|
|
|
SSL_HOST="${server_ip}"
|
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
echo -e "${green}✓ Custom certificate paths applied.${plain}"
|
|
|
|
|
echo -e "${yellow}Note: You are responsible for renewing these files externally.${plain}"
|
|
|
|
|
|
|
|
|
|
systemctl restart x-ui >/dev/null 2>&1 || rc-service x-ui restart >/dev/null 2>&1
|
2025-12-27 23:03:33 +00:00
|
|
|
;;
|
|
|
|
|
*)
|
|
|
|
|
echo -e "${red}Invalid option. Skipping SSL setup.${plain}"
|
|
|
|
|
SSL_HOST="${server_ip}"
|
|
|
|
|
;;
|
|
|
|
|
esac
|
|
|
|
|
}
|
|
|
|
|
|
2023-02-09 19:18:06 +00:00
|
|
|
config_after_install() {
|
2026-01-03 02:57:19 +00:00
|
|
|
local existing_hasDefaultCredential=$(${xui_folder}/x-ui setting -show true | grep -Eo 'hasDefaultCredential: .+' | awk '{print $2}')
|
|
|
|
|
local existing_webBasePath=$(${xui_folder}/x-ui setting -show true | grep -Eo 'webBasePath: .+' | awk '{print $2}' | sed 's#^/##')
|
|
|
|
|
local existing_port=$(${xui_folder}/x-ui setting -show true | grep -Eo 'port: .+' | awk '{print $2}')
|
2025-12-27 23:03:33 +00:00
|
|
|
# Properly detect empty cert by checking if cert: line exists and has content after it
|
2026-01-03 02:57:19 +00:00
|
|
|
local existing_cert=$(${xui_folder}/x-ui setting -getCert true | grep 'cert:' | awk -F': ' '{print $2}' | tr -d '[:space:]')
|
2025-08-21 12:24:25 +00:00
|
|
|
local URL_lists=(
|
|
|
|
|
"https://api4.ipify.org"
|
2025-12-03 20:40:49 +00:00
|
|
|
"https://ipv4.icanhazip.com"
|
|
|
|
|
"https://v4.api.ipinfo.io/ip"
|
|
|
|
|
"https://ipv4.myexternalip.com/raw"
|
|
|
|
|
"https://4.ident.me"
|
|
|
|
|
"https://check-host.net/ip"
|
2025-08-21 12:24:25 +00:00
|
|
|
)
|
|
|
|
|
local server_ip=""
|
|
|
|
|
for ip_address in "${URL_lists[@]}"; do
|
|
|
|
|
server_ip=$(curl -s --max-time 3 "${ip_address}" 2>/dev/null | tr -d '[:space:]')
|
|
|
|
|
if [[ -n "${server_ip}" ]]; then
|
2025-07-27 15:24:11 +00:00
|
|
|
break
|
|
|
|
|
fi
|
|
|
|
|
done
|
2025-12-03 20:40:49 +00:00
|
|
|
|
2024-10-25 09:05:22 +00:00
|
|
|
if [[ ${#existing_webBasePath} -lt 4 ]]; then
|
2025-05-06 02:05:32 +00:00
|
|
|
if [[ "$existing_hasDefaultCredential" == "true" ]]; then
|
2025-07-22 21:28:56 +00:00
|
|
|
local config_webBasePath=$(gen_random_string 18)
|
2024-10-25 09:05:22 +00:00
|
|
|
local config_username=$(gen_random_string 10)
|
|
|
|
|
local config_password=$(gen_random_string 10)
|
2025-12-03 20:40:49 +00:00
|
|
|
|
2025-04-09 05:40:38 +00:00
|
|
|
read -rp "Would you like to customize the Panel Port settings? (If not, a random port will be applied) [y/n]: " config_confirm
|
2024-10-25 09:05:22 +00:00
|
|
|
if [[ "${config_confirm}" == "y" || "${config_confirm}" == "Y" ]]; then
|
2025-04-09 05:40:38 +00:00
|
|
|
read -rp "Please set up the panel port: " config_port
|
2024-10-25 09:05:22 +00:00
|
|
|
echo -e "${yellow}Your Panel Port is: ${config_port}${plain}"
|
|
|
|
|
else
|
|
|
|
|
local config_port=$(shuf -i 1024-62000 -n 1)
|
|
|
|
|
echo -e "${yellow}Generated random port: ${config_port}${plain}"
|
|
|
|
|
fi
|
2025-12-03 20:40:49 +00:00
|
|
|
|
2026-01-03 02:57:19 +00:00
|
|
|
${xui_folder}/x-ui setting -username "${config_username}" -password "${config_password}" -port "${config_port}" -webBasePath "${config_webBasePath}"
|
2025-12-27 23:03:33 +00:00
|
|
|
|
|
|
|
|
echo ""
|
|
|
|
|
echo -e "${green}═══════════════════════════════════════════${plain}"
|
|
|
|
|
echo -e "${green} SSL Certificate Setup (MANDATORY) ${plain}"
|
|
|
|
|
echo -e "${green}═══════════════════════════════════════════${plain}"
|
|
|
|
|
echo -e "${yellow}For security, SSL certificate is required for all panels.${plain}"
|
2026-01-05 04:28:02 +00:00
|
|
|
echo -e "${yellow}Let's Encrypt now supports both domains and IP addresses!${plain}"
|
2025-12-27 23:03:33 +00:00
|
|
|
echo ""
|
|
|
|
|
|
|
|
|
|
prompt_and_setup_ssl "${config_port}" "${config_webBasePath}" "${server_ip}"
|
|
|
|
|
|
|
|
|
|
# Display final credentials and access information
|
|
|
|
|
echo ""
|
|
|
|
|
echo -e "${green}═══════════════════════════════════════════${plain}"
|
|
|
|
|
echo -e "${green} Panel Installation Complete! ${plain}"
|
|
|
|
|
echo -e "${green}═══════════════════════════════════════════${plain}"
|
|
|
|
|
echo -e "${green}Username: ${config_username}${plain}"
|
|
|
|
|
echo -e "${green}Password: ${config_password}${plain}"
|
|
|
|
|
echo -e "${green}Port: ${config_port}${plain}"
|
2024-10-25 09:05:22 +00:00
|
|
|
echo -e "${green}WebBasePath: ${config_webBasePath}${plain}"
|
2025-12-27 23:03:33 +00:00
|
|
|
echo -e "${green}Access URL: https://${SSL_HOST}:${config_port}/${config_webBasePath}${plain}"
|
|
|
|
|
echo -e "${green}═══════════════════════════════════════════${plain}"
|
|
|
|
|
echo -e "${yellow}⚠ IMPORTANT: Save these credentials securely!${plain}"
|
|
|
|
|
echo -e "${yellow}⚠ SSL Certificate: Enabled and configured${plain}"
|
2024-10-25 09:05:22 +00:00
|
|
|
else
|
2025-07-22 10:53:12 +00:00
|
|
|
local config_webBasePath=$(gen_random_string 18)
|
2024-10-16 11:49:56 +00:00
|
|
|
echo -e "${yellow}WebBasePath is missing or too short. Generating a new one...${plain}"
|
2026-01-03 02:57:19 +00:00
|
|
|
${xui_folder}/x-ui setting -webBasePath "${config_webBasePath}"
|
2024-10-16 11:49:56 +00:00
|
|
|
echo -e "${green}New WebBasePath: ${config_webBasePath}${plain}"
|
2025-12-27 23:03:33 +00:00
|
|
|
|
|
|
|
|
# If the panel is already installed but no certificate is configured, prompt for SSL now
|
|
|
|
|
if [[ -z "${existing_cert}" ]]; then
|
|
|
|
|
echo ""
|
|
|
|
|
echo -e "${green}═══════════════════════════════════════════${plain}"
|
|
|
|
|
echo -e "${green} SSL Certificate Setup (RECOMMENDED) ${plain}"
|
|
|
|
|
echo -e "${green}═══════════════════════════════════════════${plain}"
|
2026-01-05 04:28:02 +00:00
|
|
|
echo -e "${yellow}Let's Encrypt now supports both domains and IP addresses!${plain}"
|
2025-12-27 23:03:33 +00:00
|
|
|
echo ""
|
|
|
|
|
prompt_and_setup_ssl "${existing_port}" "${config_webBasePath}" "${server_ip}"
|
|
|
|
|
echo -e "${green}Access URL: https://${SSL_HOST}:${existing_port}/${config_webBasePath}${plain}"
|
|
|
|
|
else
|
|
|
|
|
# If a cert already exists, just show the access URL
|
|
|
|
|
echo -e "${green}Access URL: https://${server_ip}:${existing_port}/${config_webBasePath}${plain}"
|
|
|
|
|
fi
|
2024-10-16 11:49:56 +00:00
|
|
|
fi
|
2024-10-24 19:17:00 +00:00
|
|
|
else
|
2025-05-06 02:05:32 +00:00
|
|
|
if [[ "$existing_hasDefaultCredential" == "true" ]]; then
|
2024-10-25 09:05:22 +00:00
|
|
|
local config_username=$(gen_random_string 10)
|
|
|
|
|
local config_password=$(gen_random_string 10)
|
2025-12-03 20:40:49 +00:00
|
|
|
|
2024-10-25 09:05:22 +00:00
|
|
|
echo -e "${yellow}Default credentials detected. Security update required...${plain}"
|
2026-01-03 02:57:19 +00:00
|
|
|
${xui_folder}/x-ui setting -username "${config_username}" -password "${config_password}"
|
2024-10-25 09:05:22 +00:00
|
|
|
echo -e "Generated new random login credentials:"
|
2023-02-20 17:29:55 +00:00
|
|
|
echo -e "###############################################"
|
2024-10-16 11:49:56 +00:00
|
|
|
echo -e "${green}Username: ${config_username}${plain}"
|
2024-10-09 09:15:37 +00:00
|
|
|
echo -e "${green}Password: ${config_password}${plain}"
|
2023-02-20 17:29:55 +00:00
|
|
|
echo -e "###############################################"
|
|
|
|
|
else
|
2025-12-27 23:03:33 +00:00
|
|
|
echo -e "${green}Username, Password, and WebBasePath are properly set.${plain}"
|
|
|
|
|
fi
|
|
|
|
|
|
2026-01-05 04:28:02 +00:00
|
|
|
# Existing install: if no cert configured, prompt user for SSL setup
|
2025-12-27 23:03:33 +00:00
|
|
|
# Properly detect empty cert by checking if cert: line exists and has content after it
|
2026-01-03 02:57:19 +00:00
|
|
|
existing_cert=$(${xui_folder}/x-ui setting -getCert true | grep 'cert:' | awk -F': ' '{print $2}' | tr -d '[:space:]')
|
2025-12-27 23:03:33 +00:00
|
|
|
if [[ -z "$existing_cert" ]]; then
|
|
|
|
|
echo ""
|
|
|
|
|
echo -e "${green}═══════════════════════════════════════════${plain}"
|
|
|
|
|
echo -e "${green} SSL Certificate Setup (RECOMMENDED) ${plain}"
|
|
|
|
|
echo -e "${green}═══════════════════════════════════════════${plain}"
|
2026-01-05 04:28:02 +00:00
|
|
|
echo -e "${yellow}Let's Encrypt now supports both domains and IP addresses!${plain}"
|
2025-12-27 23:03:33 +00:00
|
|
|
echo ""
|
|
|
|
|
prompt_and_setup_ssl "${existing_port}" "${existing_webBasePath}" "${server_ip}"
|
|
|
|
|
echo -e "${green}Access URL: https://${SSL_HOST}:${existing_port}/${existing_webBasePath}${plain}"
|
|
|
|
|
else
|
|
|
|
|
echo -e "${green}SSL certificate already configured. No action needed.${plain}"
|
2023-02-20 17:29:55 +00:00
|
|
|
fi
|
2023-02-09 19:18:06 +00:00
|
|
|
fi
|
2025-12-03 20:40:49 +00:00
|
|
|
|
2026-01-03 02:57:19 +00:00
|
|
|
${xui_folder}/x-ui migrate
|
2023-02-09 19:18:06 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
install_x-ui() {
|
2026-01-03 02:57:19 +00:00
|
|
|
cd ${xui_folder%/x-ui}/
|
2025-12-03 20:40:49 +00:00
|
|
|
|
2025-07-27 15:22:59 +00:00
|
|
|
# Download resources
|
2023-02-09 19:18:06 +00:00
|
|
|
if [ $# == 0 ]; then
|
2024-10-04 12:31:15 +00:00
|
|
|
tag_version=$(curl -Ls "https://api.github.com/repos/MHSanaei/3x-ui/releases/latest" | grep '"tag_name":' | sed -E 's/.*"([^"]+)".*/\1/')
|
|
|
|
|
if [[ ! -n "$tag_version" ]]; then
|
2025-09-25 12:34:12 +00:00
|
|
|
echo -e "${yellow}Trying to fetch version with IPv4...${plain}"
|
|
|
|
|
tag_version=$(curl -4 -Ls "https://api.github.com/repos/MHSanaei/3x-ui/releases/latest" | grep '"tag_name":' | sed -E 's/.*"([^"]+)".*/\1/')
|
|
|
|
|
if [[ ! -n "$tag_version" ]]; then
|
|
|
|
|
echo -e "${red}Failed to fetch x-ui version, it may be due to GitHub API restrictions, please try it later${plain}"
|
|
|
|
|
exit 1
|
|
|
|
|
fi
|
2023-02-09 19:18:06 +00:00
|
|
|
fi
|
2024-10-04 12:31:15 +00:00
|
|
|
echo -e "Got x-ui latest version: ${tag_version}, beginning the installation..."
|
2026-01-05 04:28:02 +00:00
|
|
|
curl -4fLRo ${xui_folder}-linux-$(arch).tar.gz https://github.com/MHSanaei/3x-ui/releases/download/${tag_version}/x-ui-linux-$(arch).tar.gz
|
2023-02-09 19:18:06 +00:00
|
|
|
if [[ $? -ne 0 ]]; then
|
2024-10-04 12:31:15 +00:00
|
|
|
echo -e "${red}Downloading x-ui failed, please be sure that your server can access GitHub ${plain}"
|
2023-02-09 19:18:06 +00:00
|
|
|
exit 1
|
|
|
|
|
fi
|
|
|
|
|
else
|
2024-10-04 12:31:15 +00:00
|
|
|
tag_version=$1
|
|
|
|
|
tag_version_numeric=${tag_version#v}
|
|
|
|
|
min_version="2.3.5"
|
2025-12-03 20:40:49 +00:00
|
|
|
|
2024-10-04 12:31:15 +00:00
|
|
|
if [[ "$(printf '%s\n' "$min_version" "$tag_version_numeric" | sort -V | head -n1)" != "$min_version" ]]; then
|
|
|
|
|
echo -e "${red}Please use a newer version (at least v2.3.5). Exiting installation.${plain}"
|
|
|
|
|
exit 1
|
|
|
|
|
fi
|
2025-12-03 20:40:49 +00:00
|
|
|
|
2024-10-04 12:31:15 +00:00
|
|
|
url="https://github.com/MHSanaei/3x-ui/releases/download/${tag_version}/x-ui-linux-$(arch).tar.gz"
|
2024-01-10 16:05:07 +00:00
|
|
|
echo -e "Beginning to install x-ui $1"
|
2026-01-05 04:28:02 +00:00
|
|
|
curl -4fLRo ${xui_folder}-linux-$(arch).tar.gz ${url}
|
2023-02-09 19:18:06 +00:00
|
|
|
if [[ $? -ne 0 ]]; then
|
2024-10-04 12:31:15 +00:00
|
|
|
echo -e "${red}Download x-ui $1 failed, please check if the version exists ${plain}"
|
2023-02-09 19:18:06 +00:00
|
|
|
exit 1
|
|
|
|
|
fi
|
|
|
|
|
fi
|
2026-01-03 05:41:40 +00:00
|
|
|
curl -4fLRo /usr/bin/x-ui-temp https://raw.githubusercontent.com/MHSanaei/3x-ui/main/x-ui.sh
|
2025-09-25 12:34:12 +00:00
|
|
|
if [[ $? -ne 0 ]]; then
|
|
|
|
|
echo -e "${red}Failed to download x-ui.sh${plain}"
|
|
|
|
|
exit 1
|
|
|
|
|
fi
|
2025-12-03 20:40:49 +00:00
|
|
|
|
2025-07-27 15:22:59 +00:00
|
|
|
# Stop x-ui service and remove old resources
|
2026-01-03 02:57:19 +00:00
|
|
|
if [[ -e ${xui_folder}/ ]]; then
|
2025-09-22 19:56:43 +00:00
|
|
|
if [[ $release == "alpine" ]]; then
|
|
|
|
|
rc-service x-ui stop
|
|
|
|
|
else
|
|
|
|
|
systemctl stop x-ui
|
|
|
|
|
fi
|
2026-01-03 02:57:19 +00:00
|
|
|
rm ${xui_folder}/ -rf
|
2023-02-09 19:18:06 +00:00
|
|
|
fi
|
2025-12-03 20:40:49 +00:00
|
|
|
|
2025-07-27 15:22:59 +00:00
|
|
|
# Extract resources and set permissions
|
2024-04-01 08:42:28 +00:00
|
|
|
tar zxvf x-ui-linux-$(arch).tar.gz
|
|
|
|
|
rm x-ui-linux-$(arch).tar.gz -f
|
2025-07-27 15:22:59 +00:00
|
|
|
|
2023-02-09 19:18:06 +00:00
|
|
|
cd x-ui
|
2024-01-16 00:01:15 +00:00
|
|
|
chmod +x x-ui
|
2025-07-27 15:22:59 +00:00
|
|
|
chmod +x x-ui.sh
|
2025-12-03 20:40:49 +00:00
|
|
|
|
2024-01-16 00:01:15 +00:00
|
|
|
# Check the system's architecture and rename the file accordingly
|
2024-04-01 08:42:28 +00:00
|
|
|
if [[ $(arch) == "armv5" || $(arch) == "armv6" || $(arch) == "armv7" ]]; then
|
|
|
|
|
mv bin/xray-linux-$(arch) bin/xray-linux-arm
|
2024-01-20 13:08:54 +00:00
|
|
|
chmod +x bin/xray-linux-arm
|
2024-01-16 00:01:15 +00:00
|
|
|
fi
|
2024-04-01 08:42:28 +00:00
|
|
|
chmod +x x-ui bin/xray-linux-$(arch)
|
2025-12-03 20:40:49 +00:00
|
|
|
|
2025-07-27 15:22:59 +00:00
|
|
|
# Update x-ui cli and se set permission
|
|
|
|
|
mv -f /usr/bin/x-ui-temp /usr/bin/x-ui
|
2023-02-09 19:18:06 +00:00
|
|
|
chmod +x /usr/bin/x-ui
|
2026-01-02 15:11:32 +00:00
|
|
|
mkdir -p /var/log/x-ui
|
2023-02-09 19:18:06 +00:00
|
|
|
config_after_install
|
2026-01-03 02:13:00 +00:00
|
|
|
|
|
|
|
|
# Etckeeper compatibility
|
|
|
|
|
if [ -d "/etc/.git" ]; then
|
|
|
|
|
if [ -f "/etc/.gitignore" ]; then
|
|
|
|
|
if ! grep -q "x-ui/x-ui.db" "/etc/.gitignore"; then
|
|
|
|
|
echo "" >> "/etc/.gitignore"
|
|
|
|
|
echo "x-ui/x-ui.db" >> "/etc/.gitignore"
|
|
|
|
|
echo -e "${green}Added x-ui.db to /etc/.gitignore for etckeeper${plain}"
|
|
|
|
|
fi
|
|
|
|
|
else
|
|
|
|
|
echo "x-ui/x-ui.db" > "/etc/.gitignore"
|
|
|
|
|
echo -e "${green}Created /etc/.gitignore and added x-ui.db for etckeeper${plain}"
|
|
|
|
|
fi
|
|
|
|
|
fi
|
2025-12-03 20:40:49 +00:00
|
|
|
|
2025-09-22 19:56:43 +00:00
|
|
|
if [[ $release == "alpine" ]]; then
|
2026-01-03 05:41:40 +00:00
|
|
|
curl -4fLRo /etc/init.d/x-ui https://raw.githubusercontent.com/MHSanaei/3x-ui/main/x-ui.rc
|
2025-09-25 12:34:12 +00:00
|
|
|
if [[ $? -ne 0 ]]; then
|
|
|
|
|
echo -e "${red}Failed to download x-ui.rc${plain}"
|
|
|
|
|
exit 1
|
|
|
|
|
fi
|
2025-09-22 19:56:43 +00:00
|
|
|
chmod +x /etc/init.d/x-ui
|
|
|
|
|
rc-update add x-ui
|
|
|
|
|
rc-service x-ui start
|
|
|
|
|
else
|
2026-01-03 06:27:39 +00:00
|
|
|
# Install systemd service file
|
|
|
|
|
service_installed=false
|
|
|
|
|
|
2026-01-03 02:37:48 +00:00
|
|
|
if [ -f "x-ui.service" ]; then
|
2026-01-03 06:27:39 +00:00
|
|
|
echo -e "${green}Found x-ui.service in extracted files, installing...${plain}"
|
|
|
|
|
cp -f x-ui.service ${xui_service}/ >/dev/null 2>&1
|
|
|
|
|
if [[ $? -eq 0 ]]; then
|
|
|
|
|
service_installed=true
|
|
|
|
|
fi
|
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
if [ "$service_installed" = false ]; then
|
|
|
|
|
case "${release}" in
|
|
|
|
|
ubuntu | debian | armbian)
|
|
|
|
|
if [ -f "x-ui.service.debian" ]; then
|
|
|
|
|
echo -e "${green}Found x-ui.service.debian in extracted files, installing...${plain}"
|
|
|
|
|
cp -f x-ui.service.debian ${xui_service}/x-ui.service >/dev/null 2>&1
|
|
|
|
|
if [[ $? -eq 0 ]]; then
|
|
|
|
|
service_installed=true
|
|
|
|
|
fi
|
|
|
|
|
fi
|
|
|
|
|
;;
|
2026-01-18 14:41:07 +00:00
|
|
|
arch | manjaro | parch)
|
|
|
|
|
if [ -f "x-ui.service.arch" ]; then
|
|
|
|
|
echo -e "${green}Found x-ui.service.arch in extracted files, installing...${plain}"
|
|
|
|
|
cp -f x-ui.service.arch ${xui_service}/x-ui.service >/dev/null 2>&1
|
|
|
|
|
if [[ $? -eq 0 ]]; then
|
|
|
|
|
service_installed=true
|
|
|
|
|
fi
|
|
|
|
|
fi
|
|
|
|
|
;;
|
2026-01-03 06:27:39 +00:00
|
|
|
*)
|
|
|
|
|
if [ -f "x-ui.service.rhel" ]; then
|
|
|
|
|
echo -e "${green}Found x-ui.service.rhel in extracted files, installing...${plain}"
|
|
|
|
|
cp -f x-ui.service.rhel ${xui_service}/x-ui.service >/dev/null 2>&1
|
|
|
|
|
if [[ $? -eq 0 ]]; then
|
|
|
|
|
service_installed=true
|
|
|
|
|
fi
|
|
|
|
|
fi
|
|
|
|
|
;;
|
|
|
|
|
esac
|
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
# If service file not found in tar.gz, download from GitHub
|
|
|
|
|
if [ "$service_installed" = false ]; then
|
|
|
|
|
echo -e "${yellow}Service files not found in tar.gz, downloading from GitHub...${plain}"
|
2026-01-03 02:37:48 +00:00
|
|
|
case "${release}" in
|
|
|
|
|
ubuntu | debian | armbian)
|
2026-01-03 06:27:39 +00:00
|
|
|
curl -4fLRo ${xui_service}/x-ui.service https://raw.githubusercontent.com/MHSanaei/3x-ui/main/x-ui.service.debian >/dev/null 2>&1
|
2026-01-03 02:37:48 +00:00
|
|
|
;;
|
2026-01-18 14:41:07 +00:00
|
|
|
arch | manjaro | parch)
|
|
|
|
|
curl -4fLRo ${xui_service}/x-ui.service https://raw.githubusercontent.com/MHSanaei/3x-ui/main/x-ui.service.arch >/dev/null 2>&1
|
|
|
|
|
;;
|
2026-01-03 02:37:48 +00:00
|
|
|
*)
|
2026-01-03 06:27:39 +00:00
|
|
|
curl -4fLRo ${xui_service}/x-ui.service https://raw.githubusercontent.com/MHSanaei/3x-ui/main/x-ui.service.rhel >/dev/null 2>&1
|
2026-01-03 02:37:48 +00:00
|
|
|
;;
|
|
|
|
|
esac
|
2026-01-03 06:27:39 +00:00
|
|
|
|
|
|
|
|
if [[ $? -ne 0 ]]; then
|
|
|
|
|
echo -e "${red}Failed to install x-ui.service from GitHub${plain}"
|
|
|
|
|
exit 1
|
|
|
|
|
fi
|
|
|
|
|
service_installed=true
|
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
if [ "$service_installed" = true ]; then
|
|
|
|
|
echo -e "${green}Setting up systemd unit...${plain}"
|
|
|
|
|
chown root:root ${xui_service}/x-ui.service >/dev/null 2>&1
|
|
|
|
|
chmod 644 ${xui_service}/x-ui.service >/dev/null 2>&1
|
|
|
|
|
systemctl daemon-reload
|
|
|
|
|
systemctl enable x-ui
|
|
|
|
|
systemctl start x-ui
|
|
|
|
|
else
|
|
|
|
|
echo -e "${red}Failed to install x-ui.service file${plain}"
|
|
|
|
|
exit 1
|
2026-01-03 02:37:48 +00:00
|
|
|
fi
|
2025-09-22 19:56:43 +00:00
|
|
|
fi
|
2025-12-03 20:40:49 +00:00
|
|
|
|
2024-10-04 12:31:15 +00:00
|
|
|
echo -e "${green}x-ui ${tag_version}${plain} installation finished, it is running now..."
|
2023-02-09 19:18:06 +00:00
|
|
|
echo -e ""
|
2024-12-20 17:33:27 +00:00
|
|
|
echo -e "┌───────────────────────────────────────────────────────┐
|
|
|
|
|
│ ${blue}x-ui control menu usages (subcommands):${plain} │
|
|
|
|
|
│ │
|
|
|
|
|
│ ${blue}x-ui${plain} - Admin Management Script │
|
|
|
|
|
│ ${blue}x-ui start${plain} - Start │
|
|
|
|
|
│ ${blue}x-ui stop${plain} - Stop │
|
|
|
|
|
│ ${blue}x-ui restart${plain} - Restart │
|
|
|
|
|
│ ${blue}x-ui status${plain} - Current Status │
|
|
|
|
|
│ ${blue}x-ui settings${plain} - Current Settings │
|
|
|
|
|
│ ${blue}x-ui enable${plain} - Enable Autostart on OS Startup │
|
|
|
|
|
│ ${blue}x-ui disable${plain} - Disable Autostart on OS Startup │
|
|
|
|
|
│ ${blue}x-ui log${plain} - Check logs │
|
|
|
|
|
│ ${blue}x-ui banlog${plain} - Check Fail2ban ban logs │
|
|
|
|
|
│ ${blue}x-ui update${plain} - Update │
|
2025-11-07 18:26:43 +00:00
|
|
|
│ ${blue}x-ui legacy${plain} - Legacy version │
|
2024-12-20 17:33:27 +00:00
|
|
|
│ ${blue}x-ui install${plain} - Install │
|
|
|
|
|
│ ${blue}x-ui uninstall${plain} - Uninstall │
|
2025-12-03 23:05:21 +00:00
|
|
|
└───────────────────────────────────────────────────────┘"
|
2023-02-09 19:18:06 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
echo -e "${green}Running...${plain}"
|
|
|
|
|
install_base
|
2025-02-04 10:27:58 +00:00
|
|
|
install_x-ui $1
|