From 3eeaf5a046d46af4e8daf002defa8c537328f848 Mon Sep 17 00:00:00 2001 From: Michael S2pac Date: Fri, 16 Jan 2026 15:49:05 +0300 Subject: [PATCH] Excepted commits from origin --- lib/common.sh | 2 +- lib/geo.sh | 4 +++- lib/ssl.sh | 54 ++++++++++++++++++++++++++++++++++++++++++++++++--- 3 files changed, 55 insertions(+), 5 deletions(-) diff --git a/lib/common.sh b/lib/common.sh index ca1cc80d..3f442c79 100644 --- a/lib/common.sh +++ b/lib/common.sh @@ -39,7 +39,7 @@ is_ip() { } is_domain() { - [[ "$1" =~ ^([A-Za-z0-9](-*[A-Za-z0-9])*\.)+[A-Za-z]{2,}$ ]] && return 0 || return 1 + [[ "$1" =~ ^([A-Za-z0-9](-*[A-Za-z0-9])*\.)+(xn--[a-z0-9]{2,}|[A-Za-z]{2,})$ ]] && return 0 || return 1 } # Generate random string diff --git a/lib/geo.sh b/lib/geo.sh index 0280d691..5bb0dc57 100644 --- a/lib/geo.sh +++ b/lib/geo.sh @@ -22,8 +22,10 @@ update_geofiles() { "RU") dat_files=(geoip_RU geosite_RU); dat_source="runetfreedom/russia-v2ray-rules-dat";; esac for dat in "${dat_files[@]}"; do + # Remove suffix for remote filename (e.g., geoip_IR -> geoip) + remote_file="${dat%%_*}" curl -fLRo ${xui_folder}/bin/${dat}.dat -z ${xui_folder}/bin/${dat}.dat \ - https://github.com/${dat_source}/releases/latest/download/${dat%%_}.dat + https://github.com/${dat_source}/releases/latest/download/${remote_file}.dat done } diff --git a/lib/ssl.sh b/lib/ssl.sh index 5ba2bb19..6fefdfac 100644 --- a/lib/ssl.sh +++ b/lib/ssl.sh @@ -30,6 +30,23 @@ install_acme() { return 0 } +is_port_in_use() { + local port="$1" + if command -v ss >/dev/null 2>&1; then + ss -ltn 2>/dev/null | awk -v p=":${port}$" '$4 ~ p {exit 0} END {exit 1}' + return + fi + if command -v netstat >/dev/null 2>&1; then + netstat -lnt 2>/dev/null | awk -v p=":${port} " '$4 ~ p {exit 0} END {exit 1}' + return + fi + if command -v lsof >/dev/null 2>&1; then + lsof -nP -iTCP:${port} -sTCP:LISTEN >/dev/null 2>&1 && return 0 + fi + return 1 +} + + ssl_cert_issue_main() { echo -e "${green}\t1.${plain} Get SSL (Domain)" echo -e "${green}\t2.${plain} Revoke" @@ -224,10 +241,41 @@ ssl_cert_issue_for_ip() { LOGI "Including IPv6 address: ${ipv6_addr}" fi - # Use port 80 for certificate issuance - local WebPort=80 + # Choose port for HTTP-01 listener (default 80, allow override) + local WebPort="" + read -rp "Port to use for ACME HTTP-01 listener (default 80): " WebPort + WebPort="${WebPort:-80}" + if ! [[ "${WebPort}" =~ ^[0-9]+$ ]] || ((WebPort < 1 || WebPort > 65535)); then + LOGE "Invalid port provided. Falling back to 80." + WebPort=80 + fi LOGI "Using port ${WebPort} to issue certificate for IP: ${server_ip}" - LOGI "Make sure port ${WebPort} is open and not in use..." + if [[ "${WebPort}" -ne 80 ]]; then + LOGI "Reminder: Let's Encrypt still reaches port 80; forward external port 80 to ${WebPort} for validation." + fi + + while true; do + if is_port_in_use "${WebPort}"; then + LOGI "Port ${WebPort} is currently in use." + + local alt_port="" + read -rp "Enter another port for acme.sh standalone listener (leave empty to abort): " alt_port + alt_port="${alt_port// /}" + if [[ -z "${alt_port}" ]]; then + LOGE "Port ${WebPort} is busy; cannot proceed with issuance." + return 1 + fi + if ! [[ "${alt_port}" =~ ^[0-9]+$ ]] || ((alt_port < 1 || alt_port > 65535)); then + LOGE "Invalid port provided." + return 1 + fi + WebPort="${alt_port}" + continue + else + LOGI "Port ${WebPort} is free and ready for standalone validation." + break + fi + done # Reload command - restarts panel after renewal local reloadCmd="systemctl restart x-ui 2>/dev/null || rc-service x-ui restart 2>/dev/null"