Alex-Devera/3x-ui
1
0
Fork 0
mirror of https://github.com/MHSanaei/3x-ui.git synced 2026-04-16 12:35:54 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

fix: add cron to default package installation and improve SSL certificate handling

Browse source
This commit is contained in:
Kookiejarz 2026-04-07 17:33:15 -04:00
parent 09d3447cb6
commit 99ce1fcba5
No known key found for this signature in database
GPG key ID: 4014DA977709E11F
3 changed files with 120 additions and 90 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

56
install.sh
View file

@ -79,26 +79,26 @@ install_base() {
apt-get update && apt-get install -y -q cron curl tar tzdata socat ca-certificates openssl apt-get update && apt-get install -y -q cron curl tar tzdata socat ca-certificates openssl
;; ;;
fedora | amzn | virtuozzo | rhel | almalinux | rocky | ol) fedora | amzn | virtuozzo | rhel | almalinux | rocky | ol)
dnf -y update && dnf install -y -q curl tar tzdata socat ca-certificates openssl dnf -y update && dnf install -y -q cronie curl tar tzdata socat ca-certificates openssl
;; ;;
centos) centos)
if [[ "${VERSION_ID}" =~ ^7 ]]; then if [[ "${VERSION_ID}" =~ ^7 ]]; then
yum -y update && yum install -y curl tar tzdata socat ca-certificates openssl yum -y update && yum install -y cronie curl tar tzdata socat ca-certificates openssl
else else
dnf -y update && dnf install -y -q curl tar tzdata socat ca-certificates openssl dnf -y update && dnf install -y -q cronie curl tar tzdata socat ca-certificates openssl
fi fi
;; ;;
arch | manjaro | parch) arch | manjaro | parch)
pacman -Syu && pacman -Syu --noconfirm curl tar tzdata socat ca-certificates openssl pacman -Syu && pacman -Syu --noconfirm cronie curl tar tzdata socat ca-certificates openssl
;; ;;
opensuse-tumbleweed | opensuse-leap) opensuse-tumbleweed | opensuse-leap)
zypper refresh && zypper -q install -y curl tar timezone socat ca-certificates openssl zypper refresh && zypper -q install -y cron curl tar timezone socat ca-certificates openssl
;; ;;
alpine) alpine)
apk update && apk add curl tar tzdata socat ca-certificates openssl apk update && apk add dcron curl tar tzdata socat ca-certificates openssl
;; ;;
*) *)
apt-get update && apt-get install -y -q curl tar tzdata socat ca-certificates openssl apt-get update && apt-get install -y -q cron curl tar tzdata socat ca-certificates openssl
;; ;;
esac esac
} }
@ -379,15 +379,15 @@ ssl_cert_issue() {
break break
done done
echo -e "${green}Your domain is: ${domain}, checking it...${plain}" echo -e "${green}Your domain is: ${domain}, checking it...${plain}"
SSL_ISSUED_DOMAIN="${domain}"
# check if there already exists a certificate # detect existing certificate and reuse it if present
local currentCert=$(~/.acme.sh/acme.sh --list | tail -1 | awk '{print $1}') local cert_exists=0
if [ "${currentCert}" == "${domain}" ]; then if ~/.acme.sh/acme.sh --list 2>/dev/null | awk '{print $1}' | grep -Fxq "${domain}"; then
local certInfo=$(~/.acme.sh/acme.sh --list) cert_exists=1
echo -e "${red}System already has certificates for this domain. Cannot issue again.${plain}" local certInfo=$(~/.acme.sh/acme.sh --list 2>/dev/null | grep -F "${domain}")
echo -e "${yellow}Current certificate details:${plain}" echo -e "${yellow}Existing certificate found for ${domain}, will reuse it.${plain}"
echo "$certInfo" [[ -n "${certInfo}" ]] && echo "$certInfo"
return 1
else else
echo -e "${green}Your domain is ready for issuing certificates now...${plain}" echo -e "${green}Your domain is ready for issuing certificates now...${plain}"
fi fi
@ -414,6 +414,7 @@ ssl_cert_issue() {
echo -e "${yellow}Stopping panel temporarily...${plain}" echo -e "${yellow}Stopping panel temporarily...${plain}"
systemctl stop x-ui 2>/dev/null || rc-service x-ui stop 2>/dev/null systemctl stop x-ui 2>/dev/null || rc-service x-ui stop 2>/dev/null
if [[ ${cert_exists} -eq 0 ]]; then
# issue the certificate # issue the certificate
~/.acme.sh/acme.sh --set-default-ca --server letsencrypt --force ~/.acme.sh/acme.sh --set-default-ca --server letsencrypt --force
~/.acme.sh/acme.sh --issue -d ${domain} --listen-v6 --standalone --httpport ${WebPort} --force ~/.acme.sh/acme.sh --issue -d ${domain} --listen-v6 --standalone --httpport ${WebPort} --force
@ -425,6 +426,9 @@ ssl_cert_issue() {
else else
echo -e "${green}Issuing certificate succeeded, installing certificates...${plain}" echo -e "${green}Issuing certificate succeeded, installing certificates...${plain}"
fi fi
else
echo -e "${green}Using existing certificate, installing certificates...${plain}"
fi
# Setup reload command # Setup reload command
reloadCmd="systemctl restart x-ui || rc-service x-ui restart" reloadCmd="systemctl restart x-ui || rc-service x-ui restart"
@ -453,17 +457,18 @@ ssl_cert_issue() {
fi fi
# install the certificate # install the certificate
# acme.sh may exit non-zero when reloadcmd fails even if cert files are installed.
~/.acme.sh/acme.sh --installcert -d ${domain} \ ~/.acme.sh/acme.sh --installcert -d ${domain} \
--key-file /root/cert/${domain}/privkey.pem \ --key-file /root/cert/${domain}/privkey.pem \
--fullchain-file /root/cert/${domain}/fullchain.pem --reloadcmd "${reloadCmd}" --fullchain-file /root/cert/${domain}/fullchain.pem --reloadcmd "${reloadCmd}" 2>&1 || true
if [ $? -ne 0 ]; then if [[ -f "/root/cert/${domain}/privkey.pem" && -f "/root/cert/${domain}/fullchain.pem" ]]; then
echo -e "${green}Installing certificate succeeded, enabling auto renew...${plain}"
else
echo -e "${red}Installing certificate failed, exiting.${plain}" echo -e "${red}Installing certificate failed, exiting.${plain}"
rm -rf ~/.acme.sh/${domain} rm -rf ~/.acme.sh/${domain}
systemctl start x-ui 2>/dev/null || rc-service x-ui start 2>/dev/null systemctl start x-ui 2>/dev/null || rc-service x-ui start 2>/dev/null
return 1 return 1
else
echo -e "${green}Installing certificate succeeded, enabling auto renew...${plain}"
fi fi
# enable auto-renew # enable auto-renew
@ -536,9 +541,12 @@ prompt_and_setup_ssl() {
1) 1)
# User chose Let's Encrypt domain option # User chose Let's Encrypt domain option
echo -e "${green}Using Let's Encrypt for domain certificate...${plain}" echo -e "${green}Using Let's Encrypt for domain certificate...${plain}"
ssl_cert_issue if ssl_cert_issue; then
# Extract the domain that was used from the certificate local cert_domain="${SSL_ISSUED_DOMAIN}"
local cert_domain=$(~/.acme.sh/acme.sh --list 2>/dev/null | tail -1 | awk '{print $1}') if [[ -z "${cert_domain}" ]]; then
cert_domain=$(~/.acme.sh/acme.sh --list 2>/dev/null | tail -1 | awk '{print $1}')
fi
if [[ -n "${cert_domain}" ]]; then if [[ -n "${cert_domain}" ]]; then
SSL_HOST="${cert_domain}" SSL_HOST="${cert_domain}"
echo -e "${green}✓ SSL certificate configured successfully with domain: ${cert_domain}${plain}" echo -e "${green}✓ SSL certificate configured successfully with domain: ${cert_domain}${plain}"
@ -546,6 +554,10 @@ prompt_and_setup_ssl() {
echo -e "${yellow}SSL setup may have completed, but domain extraction failed${plain}" echo -e "${yellow}SSL setup may have completed, but domain extraction failed${plain}"
SSL_HOST="${server_ip}" SSL_HOST="${server_ip}"
fi fi
else
echo -e "${red}SSL certificate setup failed for domain mode.${plain}"
SSL_HOST="${server_ip}"
fi
;; ;;
2) 2)
# User chose Let's Encrypt IP certificate option # User chose Let's Encrypt IP certificate option

58
update.sh
View file

@ -109,29 +109,29 @@ install_base() {
echo -e "${green}Updating and install dependency packages...${plain}" echo -e "${green}Updating and install dependency packages...${plain}"
case "${release}" in case "${release}" in
ubuntu | debian | armbian) ubuntu | debian | armbian)
apt-get update >/dev/null 2>&1 && apt-get install -y -q curl tar tzdata socat openssl >/dev/null 2>&1 apt-get update >/dev/null 2>&1 && apt-get install -y -q cron curl tar tzdata socat openssl >/dev/null 2>&1
;; ;;
fedora | amzn | virtuozzo | rhel | almalinux | rocky | ol) fedora | amzn | virtuozzo | rhel | almalinux | rocky | ol)
dnf -y update >/dev/null 2>&1 && dnf install -y -q curl tar tzdata socat openssl >/dev/null 2>&1 dnf -y update >/dev/null 2>&1 && dnf install -y -q cronie curl tar tzdata socat openssl >/dev/null 2>&1
;; ;;
centos) centos)
if [[ "${VERSION_ID}" =~ ^7 ]]; then if [[ "${VERSION_ID}" =~ ^7 ]]; then
yum -y update >/dev/null 2>&1 && yum install -y -q curl tar tzdata socat openssl >/dev/null 2>&1 yum -y update >/dev/null 2>&1 && yum install -y -q cronie curl tar tzdata socat openssl >/dev/null 2>&1
else else
dnf -y update >/dev/null 2>&1 && dnf install -y -q curl tar tzdata socat openssl >/dev/null 2>&1 dnf -y update >/dev/null 2>&1 && dnf install -y -q cronie curl tar tzdata socat openssl >/dev/null 2>&1
fi fi
;; ;;
arch | manjaro | parch) arch | manjaro | parch)
pacman -Syu >/dev/null 2>&1 && pacman -Syu --noconfirm curl tar tzdata socat openssl >/dev/null 2>&1 pacman -Syu >/dev/null 2>&1 && pacman -Syu --noconfirm cronie curl tar tzdata socat openssl >/dev/null 2>&1
;; ;;
opensuse-tumbleweed | opensuse-leap) opensuse-tumbleweed | opensuse-leap)
zypper refresh >/dev/null 2>&1 && zypper -q install -y curl tar timezone socat openssl >/dev/null 2>&1 zypper refresh >/dev/null 2>&1 && zypper -q install -y cron curl tar timezone socat openssl >/dev/null 2>&1
;; ;;
alpine) alpine)
apk update >/dev/null 2>&1 && apk add curl tar tzdata socat openssl>/dev/null 2>&1 apk update >/dev/null 2>&1 && apk add dcron curl tar tzdata socat openssl>/dev/null 2>&1
;; ;;
*) *)
apt-get update >/dev/null 2>&1 && apt install -y -q curl tar tzdata socat openssl >/dev/null 2>&1 apt-get update >/dev/null 2>&1 && apt install -y -q cron curl tar tzdata socat openssl >/dev/null 2>&1
;; ;;
esac esac
} }
@ -402,15 +402,15 @@ ssl_cert_issue() {
break break
done done
echo -e "${green}Your domain is: ${domain}, checking it...${plain}" echo -e "${green}Your domain is: ${domain}, checking it...${plain}"
SSL_ISSUED_DOMAIN="${domain}"
# check if there already exists a certificate # detect existing certificate and reuse it if present
local currentCert=$(~/.acme.sh/acme.sh --list | tail -1 | awk '{print $1}') local cert_exists=0
if [ "${currentCert}" == "${domain}" ]; then if ~/.acme.sh/acme.sh --list 2>/dev/null | awk '{print $1}' | grep -Fxq "${domain}"; then
local certInfo=$(~/.acme.sh/acme.sh --list) cert_exists=1
echo -e "${red}System already has certificates for this domain. Cannot issue again.${plain}" local certInfo=$(~/.acme.sh/acme.sh --list 2>/dev/null | grep -F "${domain}")
echo -e "${yellow}Current certificate details:${plain}" echo -e "${yellow}Existing certificate found for ${domain}, will reuse it.${plain}"
echo "$certInfo" [[ -n "${certInfo}" ]] && echo "$certInfo"
return 1
else else
echo -e "${green}Your domain is ready for issuing certificates now...${plain}" echo -e "${green}Your domain is ready for issuing certificates now...${plain}"
fi fi
@ -437,6 +437,7 @@ ssl_cert_issue() {
echo -e "${yellow}Stopping panel temporarily...${plain}" echo -e "${yellow}Stopping panel temporarily...${plain}"
systemctl stop x-ui 2>/dev/null || rc-service x-ui stop 2>/dev/null systemctl stop x-ui 2>/dev/null || rc-service x-ui stop 2>/dev/null
if [[ ${cert_exists} -eq 0 ]]; then
# issue the certificate # issue the certificate
~/.acme.sh/acme.sh --set-default-ca --server letsencrypt --force ~/.acme.sh/acme.sh --set-default-ca --server letsencrypt --force
~/.acme.sh/acme.sh --issue -d ${domain} --listen-v6 --standalone --httpport ${WebPort} --force ~/.acme.sh/acme.sh --issue -d ${domain} --listen-v6 --standalone --httpport ${WebPort} --force
@ -448,6 +449,9 @@ ssl_cert_issue() {
else else
echo -e "${green}Issuing certificate succeeded, installing certificates...${plain}" echo -e "${green}Issuing certificate succeeded, installing certificates...${plain}"
fi fi
else
echo -e "${green}Using existing certificate, installing certificates...${plain}"
fi
# Setup reload command # Setup reload command
reloadCmd="systemctl restart x-ui || rc-service x-ui restart" reloadCmd="systemctl restart x-ui || rc-service x-ui restart"
@ -476,17 +480,18 @@ ssl_cert_issue() {
fi fi
# install the certificate # install the certificate
# acme.sh may exit non-zero when reloadcmd fails even if cert files are installed.
~/.acme.sh/acme.sh --installcert -d ${domain} \ ~/.acme.sh/acme.sh --installcert -d ${domain} \
--key-file /root/cert/${domain}/privkey.pem \ --key-file /root/cert/${domain}/privkey.pem \
--fullchain-file /root/cert/${domain}/fullchain.pem --reloadcmd "${reloadCmd}" --fullchain-file /root/cert/${domain}/fullchain.pem --reloadcmd "${reloadCmd}" 2>&1 || true
if [ $? -ne 0 ]; then if [[ -f "/root/cert/${domain}/privkey.pem" && -f "/root/cert/${domain}/fullchain.pem" ]]; then
echo -e "${green}Installing certificate succeeded, enabling auto renew...${plain}"
else
echo -e "${red}Installing certificate failed, exiting.${plain}" echo -e "${red}Installing certificate failed, exiting.${plain}"
rm -rf ~/.acme.sh/${domain} rm -rf ~/.acme.sh/${domain}
systemctl start x-ui 2>/dev/null || rc-service x-ui start 2>/dev/null systemctl start x-ui 2>/dev/null || rc-service x-ui start 2>/dev/null
return 1 return 1
else
echo -e "${green}Installing certificate succeeded, enabling auto renew...${plain}"
fi fi
# enable auto-renew # enable auto-renew
@ -556,9 +561,12 @@ prompt_and_setup_ssl() {
1) 1)
# User chose Let's Encrypt domain option # User chose Let's Encrypt domain option
echo -e "${green}Using Let's Encrypt for domain certificate...${plain}" echo -e "${green}Using Let's Encrypt for domain certificate...${plain}"
ssl_cert_issue if ssl_cert_issue; then
# Extract the domain that was used from the certificate local cert_domain="${SSL_ISSUED_DOMAIN}"
local cert_domain=$(~/.acme.sh/acme.sh --list 2>/dev/null | tail -1 | awk '{print $1}') if [[ -z "${cert_domain}" ]]; then
cert_domain=$(~/.acme.sh/acme.sh --list 2>/dev/null | tail -1 | awk '{print $1}')
fi
if [[ -n "${cert_domain}" ]]; then if [[ -n "${cert_domain}" ]]; then
SSL_HOST="${cert_domain}" SSL_HOST="${cert_domain}"
echo -e "${green}✓ SSL certificate configured successfully with domain: ${cert_domain}${plain}" echo -e "${green}✓ SSL certificate configured successfully with domain: ${cert_domain}${plain}"
@ -566,6 +574,10 @@ prompt_and_setup_ssl() {
echo -e "${yellow}SSL setup may have completed, but domain extraction failed${plain}" echo -e "${yellow}SSL setup may have completed, but domain extraction failed${plain}"
SSL_HOST="${server_ip}" SSL_HOST="${server_ip}"
fi fi
else
echo -e "${red}SSL certificate setup failed for domain mode.${plain}"
SSL_HOST="${server_ip}"
fi
;; ;;
2) 2)
# User chose Let's Encrypt IP certificate option # User chose Let's Encrypt IP certificate option

28
x-ui.sh
View file

@ -1371,14 +1371,15 @@ ssl_cert_issue() {
break break
done done
LOGD "Your domain is: ${domain}, checking it..." LOGD "Your domain is: ${domain}, checking it..."
SSL_ISSUED_DOMAIN="${domain}"
# check if there already exists a certificate # detect existing certificate and reuse it if present
local currentCert=$(~/.acme.sh/acme.sh --list | tail -1 | awk '{print $1}') local cert_exists=0
if [ "${currentCert}" == "${domain}" ]; then if ~/.acme.sh/acme.sh --list 2>/dev/null | awk '{print $1}' | grep -Fxq "${domain}"; then
local certInfo=$(~/.acme.sh/acme.sh --list) cert_exists=1
LOGE "System already has certificates for this domain. Cannot issue again. Current certificate details:" local certInfo=$(~/.acme.sh/acme.sh --list 2>/dev/null | grep -F "${domain}")
LOGI "$certInfo" LOGI "Existing certificate found for ${domain}, will reuse it."
exit 1 [[ -n "${certInfo}" ]] && LOGI "${certInfo}"
else else
LOGI "Your domain is ready for issuing certificates now..." LOGI "Your domain is ready for issuing certificates now..."
fi fi
@ -1401,6 +1402,7 @@ ssl_cert_issue() {
fi fi
LOGI "Will use port: ${WebPort} to issue certificates. Please make sure this port is open." LOGI "Will use port: ${WebPort} to issue certificates. Please make sure this port is open."
if [[ ${cert_exists} -eq 0 ]]; then
# issue the certificate # issue the certificate
~/.acme.sh/acme.sh --set-default-ca --server letsencrypt --force ~/.acme.sh/acme.sh --set-default-ca --server letsencrypt --force
~/.acme.sh/acme.sh --issue -d ${domain} --listen-v6 --standalone --httpport ${WebPort} --force ~/.acme.sh/acme.sh --issue -d ${domain} --listen-v6 --standalone --httpport ${WebPort} --force
@ -1411,6 +1413,9 @@ ssl_cert_issue() {
else else
LOGE "Issuing certificate succeeded, installing certificates..." LOGE "Issuing certificate succeeded, installing certificates..."
fi fi
else
LOGI "Using existing certificate, installing certificates..."
fi
reloadCmd="x-ui restart" reloadCmd="x-ui restart"
@ -1439,16 +1444,17 @@ ssl_cert_issue() {
fi fi
# install the certificate # install the certificate
# acme.sh may exit non-zero when reloadcmd fails even if cert files are installed.
~/.acme.sh/acme.sh --installcert -d ${domain} \ ~/.acme.sh/acme.sh --installcert -d ${domain} \
--key-file /root/cert/${domain}/privkey.pem \ --key-file /root/cert/${domain}/privkey.pem \
--fullchain-file /root/cert/${domain}/fullchain.pem --reloadcmd "${reloadCmd}" --fullchain-file /root/cert/${domain}/fullchain.pem --reloadcmd "${reloadCmd}" 2>&1 || true
if [ $? -ne 0 ]; then if [[ -f "/root/cert/${domain}/privkey.pem" && -f "/root/cert/${domain}/fullchain.pem" ]]; then
LOGI "Installing certificate succeeded, enabling auto renew..."
else
LOGE "Installing certificate failed, exiting." LOGE "Installing certificate failed, exiting."
rm -rf ~/.acme.sh/${domain} rm -rf ~/.acme.sh/${domain}
exit 1 exit 1
else
LOGI "Installing certificate succeeded, enabling auto renew..."
fi fi
# enable auto-renew # enable auto-renew