Alex-Devera/3x-ui
1
0
Fork 0
mirror of https://github.com/MHSanaei/3x-ui.git synced 2026-06-06 21:24:10 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 4

更新 install_zh_cn.sh

Browse source
This commit is contained in:
消失的星球 2026-05-15 05:05:36 +08:00 committed by GitHub
parent f9c32efaa8
commit bb11078ee1
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 160 additions and 157 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

317
install_zh_cn.sh
View file

@ -12,9 +12,9 @@ xui_folder="${XUI_MAIN_FOLDER:=/usr/local/x-ui}"
xui_service="${XUI_SERVICE:=/etc/systemd/system}"
# 检查 root 权限
[[ $EUID -ne 0 ]] && echo -e "${red}致命错误: ${plain} 请使用 root 权限运行此脚本 \n " && exit 1
[[ $EUID -ne 0 ]] && echo -e "${red}致命错误${plain} 请以 root 权限运行此脚本 \n " && exit 1
# 检查操作系统并设置 release 变量
# Check OS and set release variable
if [[ -f /etc/os-release ]]; then
source /etc/os-release
release=$ID
@ -25,7 +25,7 @@ else
echo "无法检查系统操作系统,请联系作者!" >&2
exit 1
fi
echo "操作系统发行版: $release"
echo "操作系统版本为:$release"
arch() {
case "$(uname -m)" in
@ -40,9 +40,9 @@ arch() {
esac
}
echo "CPU 架构: $(arch)"
echo "架构:$(arch)"
# 简单辅助函数
# Simple helpers
is_ipv4() {
[[ "$1" =~ ^([0-9]{1,3}\.){3}[0-9]{1,3}$ ]] && return 0 || return 1
}
@ -56,7 +56,7 @@ is_domain() {
[[ "$1" =~ ^([A-Za-z0-9](-*[A-Za-z0-9])*\.)+(xn--[a-z0-9]{2,}|[A-Za-z]{2,})$ ]] && return 0 || return 1
}
# 端口辅助函数
# Port helpers
is_port_in_use() {
local port="$1"
if command -v ss > /dev/null 2>&1; then
@ -140,27 +140,27 @@ setup_ssl_certificate() {
fi
fi
# 创建证书目录
# Create certificate directory
local certPath="/root/cert/${domain}"
mkdir -p "$certPath"
# 发证书
echo -e "${green}正在为 ${domain} 发 SSL 证书...${plain}"
echo -e "${yellow}注意: 端口 80 必须开放并可从互联网访问${plain}"
# 发证书
echo -e "${green}正在为 ${domain} 发 SSL 证书...${plain}"
echo -e "${yellow}注意端口 80 必须开放并可从互联网访问${plain}"
~/.acme.sh/acme.sh --set-default-ca --server letsencrypt --force > /dev/null 2>&1
~/.acme.sh/acme.sh --issue -d ${domain} --listen-v6 --standalone --httpport 80 --force
if [ $? -ne 0 ]; then
echo -e "${yellow}${domain} 发证书失败${plain}"
echo -e "${yellow}签发证书失败,请稍后使用 x-ui 命令重试${plain}"
echo -e "${yellow}${domain} 发证书失败${plain}"
echo -e "${yellow}请确保端口 80 已开放,稍后使用 x-ui 重试${plain}"
rm -rf ~/.acme.sh/${domain} 2> /dev/null
rm -rf "$certPath" 2> /dev/null
return 1
fi
# 安装证书
~/.acme.sh/acme.sh --installcert -d ${domain} \\
# Install certificate
~/.acme.sh/acme.sh --installcert -d ${domain} \
--key-file /root/cert/${domain}/privkey.pem \
--fullchain-file /root/cert/${domain}/fullchain.pem \
--reloadcmd "systemctl restart x-ui" > /dev/null 2>&1
@ -176,13 +176,13 @@ setup_ssl_certificate() {
chmod 600 $certPath/privkey.pem 2> /dev/null
chmod 644 $certPath/fullchain.pem 2> /dev/null
# 设置面板证书
# 为面板设置证书
local webCertFile="/root/cert/${domain}/fullchain.pem"
local webKeyFile="/root/cert/${domain}/privkey.pem"
if [[ -f "$webCertFile" && -f "$webKeyFile" ]]; then
${xui_folder}/x-ui cert -webCert "$webCertFile" -webCertKey "$webKeyFile" > /dev/null 2>&1
echo -e "${green}SSL 证书已成功安装配置!${plain}"
echo -e "${green}SSL 证书已成功安装配置!${plain}"
return 0
else
echo -e "${yellow}未找到证书文件${plain}"
@ -190,15 +190,15 @@ setup_ssl_certificate() {
fi
}
# 使用短期配置文件签发 Let's Encrypt IP 证书(有效期约 6 天
# 需要 acme.sh 和开放的端口 80 用于 HTTP-01 验证
# 使用短期配置文件颁发 Let's Encrypt IP 证书(约 6 天有效期
# 需要 acme.sh 且端口 80 开放用于 HTTP-01 验证
setup_ip_certificate() {
local ipv4="$1"
local ipv6="$2" # 可选
echo -e "${green}正在设置 Let's Encrypt IP 证书(短期配置文件)...${plain}"
echo -e "${yellow}注意: IP 证书有效期约 6 天,将自动续期。${plain}"
echo -e "${yellow}默认监听端口 80。如果选择其他端口,请确保外部端口 80 转发到该端口。${plain}"
echo -e "${yellow}注意IP 证书有效期约 6 天,将自动续期。${plain}"
echo -e "${yellow}默认监听器为端口 80。如果选择其他端口请确保外部端口 80 转发到该端口。${plain}"
# 检查 acme.sh
if ! command -v ~/.acme.sh/acme.sh &> /dev/null; then
@ -211,12 +211,12 @@ setup_ip_certificate() {
# 验证 IP 地址
if [[ -z "$ipv4" ]]; then
echo -e "${red}IPv4 地址是必需的${plain}"
echo -e "${red}需要 IPv4 地址${plain}"
return 1
fi
if ! is_ipv4 "$ipv4"; then
echo -e "${red}无效的 IPv4 地址: $ipv4${plain}"
echo -e "${red}无效的 IPv4 地址$ipv4${plain}"
return 1
fi
@ -228,15 +228,15 @@ setup_ip_certificate() {
local domain_args="-d ${ipv4}"
if [[ -n "$ipv6" ]] && is_ipv6 "$ipv6"; then
domain_args="${domain_args} -d ${ipv6}"
echo -e "${green}包含 IPv6 地址: ${ipv6}${plain}"
echo -e "${green}包含 IPv6 地址${ipv6}${plain}"
fi
# 设置自动续期的重载命令(添加 || true 以避免首次安装时失败)
# 设置自动续期的重载命令(添加 || true 以便在首次安装时不失败)
local reloadCmd="systemctl restart x-ui 2>/dev/null || rc-service x-ui restart 2>/dev/null || true"
# 选择 HTTP-01 监听端口(默认 80提示覆盖)
# 选择 HTTP-01 监听器的端口(默认 80提示覆盖
local WebPort=""
read -rp "用于 ACME HTTP-01 监听器的端口(默认 80: " WebPort
read -rp "用于 ACME HTTP-01 监听器的端口(默认 80" WebPort
WebPort="${WebPort:-80}"
if ! [[ "${WebPort}" =~ ^[0-9]+$ ]] || ((WebPort < 1 || WebPort > 65535)); then
echo -e "${red}提供的端口无效。回退到 80。${plain}"
@ -244,19 +244,19 @@ setup_ip_certificate() {
fi
echo -e "${green}使用端口 ${WebPort} 进行独立验证。${plain}"
if [[ "${WebPort}" -ne 80 ]]; then
echo -e "${yellow}提醒: Let's Encrypt 仍然连接端口 80;将外部端口 80 转发到 ${WebPort}${plain}"
echo -e "${yellow}提醒Let's Encrypt 仍然通过端口 80 连接;将外部端口 80 转发到 ${WebPort}${plain}"
fi
# 确保选端口可用
# 确保择的端口可用
while true; do
if is_port_in_use "${WebPort}"; then
echo -e "${yellow}端口 ${WebPort} 正在使用中。${plain}"
local alt_port=""
read -rp "为 acme.sh 独立监听器输入另一个端口(留空以中止): " alt_port
read -rp "输入另一个用于 acme.sh 独立监听器的端口(留空以中止):" alt_port
alt_port="${alt_port// /}"
if [[ -z "${alt_port}" ]]; then
echo -e "${red}端口 ${WebPort} ;无法继续。${plain}"
echo -e "${red}端口 ${WebPort} 忙;无法继续。${plain}"
return 1
fi
if ! [[ "${alt_port}" =~ ^[0-9]+$ ]] || ((alt_port < 1 || alt_port > 65535)); then
@ -266,13 +266,13 @@ setup_ip_certificate() {
WebPort="${alt_port}"
continue
else
echo -e "${green}端口 ${WebPort} 空闲,准备好进行独立验证。${plain}"
echo -e "${green}端口 ${WebPort} 空闲,准备好进行独立验证。${plain}"
break
fi
done
# 使用短期配置文件发证书
echo -e "${green}正在为 ${ipv4} 发 IP 证书...${plain}"
# 使用短期配置文件发证书
echo -e "${green}正在为 ${ipv4} 发 IP 证书...${plain}"
~/.acme.sh/acme.sh --set-default-ca --server letsencrypt --force > /dev/null 2>&1
~/.acme.sh/acme.sh --issue \
@ -285,29 +285,29 @@ setup_ip_certificate() {
--force
if [ $? -ne 0 ]; then
echo -e "${red}发 IP 证书失败${plain}"
echo -e "${red}发 IP 证书失败${plain}"
echo -e "${yellow}请确保端口 ${WebPort} 可访问(或从外部端口 80 转发)${plain}"
# 如果指定了则清理 acme.sh 的 IPv4 和 IPv6 数据
# 清理 acme.sh 数据(如果指定了 IPv4 和 IPv6
rm -rf ~/.acme.sh/${ipv4} 2> /dev/null
[[ -n "$ipv6" ]] && rm -rf ~/.acme.sh/${ipv6} 2> /dev/null
rm -rf ${certDir} 2> /dev/null
return 1
fi
echo -e "${green}证书发成功,正在安装...${plain}"
echo -e "${green}证书发成功,正在安装...${plain}"
# 安装证书
# 注意: 如果 reloadcmd 失败acme.sh 可能报告 "重载错误" 并以非零退出,
# 但证书文件仍然会安装。我们检查文件而不是退出代码。
# 注意:如果 reloadcmd 失败acme.sh 可能会报告“Reload error”并以非零退出,
# 但证书文件仍然已安装。我们检查文件而不是退出码。
~/.acme.sh/acme.sh --installcert -d ${ipv4} \
--key-file "${certDir}/privkey.pem" \
--fullchain-file "${certDir}/fullchain.pem" \
--reloadcmd "${reloadCmd}" 2>&1 || true
# 验证证书文件是否存在(不依赖退出码 - reloadcmd 失败会导致非零
# 验证证书文件是否存在(不依赖退出码 - reloadcmd 失败会导致非零)
if [[ ! -f "${certDir}/fullchain.pem" || ! -f "${certDir}/privkey.pem" ]]; then
echo -e "${red}安装后未找到证书文件${plain}"
# 如果指定了则清理 acme.sh 的 IPv4 和 IPv6 数据
# 清理 acme.sh 数据(如果指定了 IPv4 和 IPv6
rm -rf ~/.acme.sh/${ipv4} 2> /dev/null
[[ -n "$ipv6" ]] && rm -rf ~/.acme.sh/${ipv6} 2> /dev/null
rm -rf ${certDir} 2> /dev/null
@ -324,25 +324,25 @@ setup_ip_certificate() {
chmod 644 ${certDir}/fullchain.pem 2> /dev/null
# 配置面板使用证书
echo -e "${green}正在设置面板的证书路径...${plain}"
echo -e "${green}正在为面板设置证书路径...${plain}"
${xui_folder}/x-ui cert -webCert "${certDir}/fullchain.pem" -webCertKey "${certDir}/privkey.pem"
if [ $? -ne 0 ]; then
echo -e "${yellow}警告: 无法自动设置证书路径${plain}"
echo -e "${yellow}证书文件位于:${plain}"
echo -e " 证书: ${certDir}/fullchain.pem"
echo -e " 私钥: ${certDir}/privkey.pem"
echo -e "${yellow}警告无法自动设置证书路径${plain}"
echo -e "${yellow}证书文件位于${plain}"
echo -e " 证书${certDir}/fullchain.pem"
echo -e " 私钥${certDir}/privkey.pem"
else
echo -e "${green}证书路径配置成功${plain}"
fi
echo -e "${green}IP 证书已成功安装和配置!${plain}"
echo -e "${green}证书有效期约 6 天,通过 acme.sh cron 任务自动续期。${plain}"
echo -e "${yellow}acme.sh 将在到期前自动续期并重新加载 x-ui。${plain}"
echo -e "${green}证书有效期约 6 天,通过 acme.sh cron 作业自动续期。${plain}"
echo -e "${yellow}acme.sh 将在到期前自动续期并重载 x-ui。${plain}"
return 0
}
# 通过 acme.sh 进行全面的交互式 SSL 证书签
# 通过 acme.sh 进行全面的 SSL 证书手动颁
ssl_cert_issue() {
local existing_webBasePath=$(${xui_folder}/x-ui setting -show true | grep 'webBasePath:' | awk -F': ' '{print $2}' | tr -d '[:space:]' | sed 's#^/##')
local existing_port=$(${xui_folder}/x-ui setting -show true | grep 'port:' | awk -F': ' '{print $2}' | tr -d '[:space:]')
@ -360,11 +360,11 @@ ssl_cert_issue() {
fi
fi
# 获取域名,需要验证
# 获取域名,需要验证
local domain=""
while true; do
read -rp "请输入您的域名: " domain
domain="${domain// /}" # 去除空格
read -rp "请输入您的域名" domain
domain="${domain// /}" # 修剪空格
if [[ -z "$domain" ]]; then
echo -e "${red}域名不能为空。请重试。${plain}"
@ -372,13 +372,13 @@ ssl_cert_issue() {
fi
if ! is_domain "$domain"; then
echo -e "${red}无效的域名格式: ${domain}。请输入有效的域名。${plain}"
echo -e "${red}无效的域名格式${domain}。请输入有效的域名。${plain}"
continue
fi
break
done
echo -e "${green}您的域名是: ${domain},正在检查...${plain}"
echo -e "${green}您的域名为:${domain},正在检查...${plain}"
SSL_ISSUED_DOMAIN="${domain}"
# 检测现有证书,如果存在则重用
@ -389,7 +389,7 @@ ssl_cert_issue() {
echo -e "${yellow}找到 ${domain} 的现有证书,将重用它。${plain}"
[[ -n "${certInfo}" ]] && echo "$certInfo"
else
echo -e "${green}您的域名已准备好发证书...${plain}"
echo -e "${green}您的域名已准备好发证书...${plain}"
fi
# 为证书创建目录
@ -403,28 +403,28 @@ ssl_cert_issue() {
# 获取独立服务器的端口号
local WebPort=80
read -rp "请选择要使用的端口(默认 80: " WebPort
read -rp "请选择要使用的端口(默认 80" WebPort
if [[ ${WebPort} -gt 65535 || ${WebPort} -lt 1 ]]; then
echo -e "${yellow}输入 ${WebPort} 无效,将使用默认端口 80。${plain}"
echo -e "${yellow}输入 ${WebPort} 无效,将使用默认端口 80。${plain}"
WebPort=80
fi
echo -e "${green}将使用端口: ${WebPort}发证书。请确保此端口已开放。${plain}"
echo -e "${green}将使用端口${WebPort}发证书。请确保此端口已开放。${plain}"
# 时停止面板
echo -e "${yellow}正在时停止面板...${plain}"
# 时停止面板
echo -e "${yellow}正在时停止面板...${plain}"
systemctl stop x-ui 2> /dev/null || rc-service x-ui stop 2> /dev/null
if [[ ${cert_exists} -eq 0 ]]; then
# 发证书
# 发证书
~/.acme.sh/acme.sh --set-default-ca --server letsencrypt --force
~/.acme.sh/acme.sh --issue -d ${domain} --listen-v6 --standalone --httpport ${WebPort} --force
if [ $? -ne 0 ]; then
echo -e "${red}发证书失败,请检查日志。${plain}"
echo -e "${red}发证书失败,请检查日志。${plain}"
rm -rf ~/.acme.sh/${domain}
systemctl start x-ui 2> /dev/null || rc-service x-ui start 2> /dev/null
return 1
else
echo -e "${green}发证书成功,正在安装证书...${plain}"
echo -e "${green}发证书成功,正在安装证书...${plain}"
fi
else
echo -e "${green}使用现有证书,正在安装证书...${plain}"
@ -432,26 +432,26 @@ ssl_cert_issue() {
# 设置重载命令
reloadCmd="systemctl restart x-ui || rc-service x-ui restart"
echo -e "${green}ACME 的默认 --reloadcmd 是: ${yellow}systemctl restart x-ui || rc-service x-ui restart${plain}"
echo -e "${green}此命令将在每次证书签发和续期时运行。${plain}"
read -rp "您想修改 ACME 的 --reloadcmd 吗?(y/n): " setReloadcmd
echo -e "${green}ACME 的默认 --reloadcmd 为:${yellow}systemctl restart x-ui || rc-service x-ui restart${plain}"
echo -e "${green}此命令将在每次颁发和续期证书时运行。${plain}"
read -rp "您是否要修改 ACME 的 --reloadcmdy/n" setReloadcmd
if [[ "$setReloadcmd" == "y" || "$setReloadcmd" == "Y" ]]; then
echo -e "\n${green}\t1.${plain} 预设: systemctl reload nginx ; systemctl restart x-ui"
echo -e "\n${green}\t1.${plain} 预设systemctl reload nginx ; systemctl restart x-ui"
echo -e "${green}\t2.${plain} 输入自定义命令"
echo -e "${green}\t0.${plain} 保持默认重载命令"
read -rp "选择一个选项: " choice
echo -e "${green}\t0.${plain} 保持默认 reloadcmd"
read -rp "选择一个选项" choice
case "$choice" in
1)
echo -e "${green}重载命令是: systemctl reload nginx ; systemctl restart x-ui${plain}"
echo -e "${green}Reloadcmd 为:systemctl reload nginx ; systemctl restart x-ui${plain}"
reloadCmd="systemctl reload nginx ; systemctl restart x-ui"
;;
2)
echo -e "${yellow}建议将 x-ui 重启放在最后${plain}"
read -rp "请输入您的自定义重载命令: " reloadCmd
echo -e "${green}重载命令是: ${reloadCmd}${plain}"
echo -e "${yellow}建议将 x-ui restart 放在末尾${plain}"
read -rp "请输入您的自定义 reloadcmd" reloadCmd
echo -e "${green}Reloadcmd 为:${reloadCmd}${plain}"
;;
*)
echo -e "${green}保持默认重载命令${plain}"
echo -e "${green}保持默认 reloadcmd${plain}"
;;
esac
fi
@ -483,13 +483,13 @@ ssl_cert_issue() {
# 启用自动续期
~/.acme.sh/acme.sh --upgrade --auto-upgrade
if [ $? -ne 0 ]; then
echo -e "${yellow}自动续期设置出现问题,证书详情:${plain}"
echo -e "${yellow}自动续期设置出现问题,证书详情${plain}"
ls -lah /root/cert/${domain}/
# 安全权限:私钥仅所有者可读
chmod 600 $certPath/privkey.pem 2> /dev/null
chmod 644 $certPath/fullchain.pem 2> /dev/null
else
echo -e "${green}自动续期成功,证书详情:${plain}"
echo -e "${green}自动续期成功,证书详情${plain}"
ls -lah /root/cert/${domain}/
# 安全权限:私钥仅所有者可读
chmod 600 $certPath/privkey.pem 2> /dev/null
@ -499,8 +499,8 @@ ssl_cert_issue() {
# 启动面板
systemctl start x-ui 2> /dev/null || rc-service x-ui start 2> /dev/null
# 证书安装成功后提示用户设置面板路径
read -rp "您想为面板设置此证书吗?(y/n): " setPanel
# 证书安装成功后提示用户设置面板路径
read -rp "您是否要为面板设置此证书y/n" setPanel
if [[ "$setPanel" == "y" || "$setPanel" == "Y" ]]; then
local webCertFile="/root/cert/${domain}/fullchain.pem"
local webKeyFile="/root/cert/${domain}/privkey.pem"
@ -508,14 +508,14 @@ ssl_cert_issue() {
if [[ -f "$webCertFile" && -f "$webKeyFile" ]]; then
${xui_folder}/x-ui cert -webCert "$webCertFile" -webCertKey "$webKeyFile"
echo -e "${green}已为面板设置证书路径${plain}"
echo -e "${green}证书文件: $webCertFile${plain}"
echo -e "${green}私钥文件: $webKeyFile${plain}"
echo -e "${green}证书文件$webCertFile${plain}"
echo -e "${green}私钥文件$webKeyFile${plain}"
echo ""
echo -e "${green}访问 URL: https://${domain}:${existing_port}/${existing_webBasePath}${plain}"
echo -e "${green}访问 URLhttps://${domain}:${existing_port}/${existing_webBasePath}${plain}"
echo -e "${yellow}面板将重启以应用 SSL 证书...${plain}"
systemctl restart x-ui 2> /dev/null || rc-service x-ui restart 2> /dev/null
else
echo -e "${red}错误: 未找到域名 $domain 的证书或私钥文件。${plain}"
echo -e "${red}错误未找到域名 $domain 的证书或私钥文件。${plain}"
fi
else
echo -e "${yellow}跳过面板路径设置。${plain}"
@ -534,15 +534,15 @@ prompt_and_setup_ssl() {
local ssl_choice=""
SSL_SCHEME="https"
echo -e "${yellow}选择 SSL 证书设置方法:${plain}"
echo -e "${yellow}选择 SSL 证书设置方法${plain}"
echo -e "${green}1.${plain} Let's Encrypt 域名证书90 天有效期,自动续期)"
echo -e "${green}2.${plain} Let's Encrypt IP 地址证书6 天有效期,自动续期)"
echo -e "${green}3.${plain} 自定义 SSL 证书(现有文件路径)"
echo -e "${green}4.${plain} 跳过 SSL高级 — 仅反向代理 / SSH 隧道后使用)"
echo -e "${blue}注意:${plain} 选项 1 和 2 需要开放端口 80。选项 3 需要手动指定路径。"
echo -e "${blue}注意:${plain} 选项 4 通过纯 HTTP 提供面板服务 — 仅在 nginx/Caddy 或 SSH 隧道后安全。"
read -rp "选择一个选项(默认 2 为 IP 证书): " ssl_choice
ssl_choice="${ssl_choice// /}" # 去除空格
echo -e "${green}4.${plain} 跳过 SSL高级 — 仅反向代理 / SSH 隧道后使用)"
echo -e "${blue}注意${plain}选项 1 和 2 需要端口 80 开放。选项 3 需要手动指定路径。"
echo -e "${blue}注意${plain}选项 4 通过纯 HTTP 提供面板服务 — 仅在 nginx/Caddy 或 SSH 隧道后安全。"
read -rp "选择一个选项(默认为 2 用于 IP" ssl_choice
ssl_choice="${ssl_choice// /}" # 修剪空格
# 如果输入为空或无效(不是 1、3 或 4则默认为 2IP 证书)
if [[ "$ssl_choice" != "1" && "$ssl_choice" != "3" && "$ssl_choice" != "4" ]]; then
@ -552,7 +552,7 @@ prompt_and_setup_ssl() {
case "$ssl_choice" in
1)
# 用户选择了 Let's Encrypt 域名选项
echo -e "${green}正在使用 Let's Encrypt 签发域名证书...${plain}"
echo -e "${green}使用 Let's Encrypt 颁发域名证书...${plain}"
if ssl_cert_issue; then
local cert_domain="${SSL_ISSUED_DOMAIN}"
if [[ -z "${cert_domain}" ]]; then
@ -561,26 +561,26 @@ prompt_and_setup_ssl() {
if [[ -n "${cert_domain}" ]]; then
SSL_HOST="${cert_domain}"
echo -e "${green}✓ SSL 证书配置成功,域名: ${cert_domain}${plain}"
echo -e "${green}✓ SSL 证书配置成功,域名${cert_domain}${plain}"
else
echo -e "${yellow}SSL 设置可能已完成,但域名提取失败${plain}"
SSL_HOST="${server_ip}"
fi
else
echo -e "${red}域名模式 SSL 证书设置失败。${plain}"
echo -e "${red}域名模式 SSL 证书设置失败。${plain}"
SSL_HOST="${server_ip}"
fi
;;
2)
# 用户选择了 Let's Encrypt IP 证书选项
echo -e "${green}正在使用 Let's Encrypt 签发 IP 证书(短期配置文件)...${plain}"
echo -e "${green}使用 Let's Encrypt 颁发 IP 证书(短期配置文件)...${plain}"
# 询问可选的 IPv6
local ipv6_addr=""
read -rp "您有要包含的 IPv6 地址吗?(留空以跳过): " ipv6_addr
ipv6_addr="${ipv6_addr// /}" # 去除空格
read -rp "您是否有要包含的 IPv6 地址?(留空以跳过):" ipv6_addr
ipv6_addr="${ipv6_addr// /}" # 修剪空格
# 如果正在运行则停止面板(需要端口 80
# 如果面板正在运行则停止(需要端口 80
if [[ $release == "alpine" ]]; then
rc-service x-ui stop > /dev/null 2>&1
else
@ -598,50 +598,50 @@ prompt_and_setup_ssl() {
;;
3)
# 用户选择了自定义路径(用户提供)选项
echo -e "${green}正在使用自定义现有证书...${plain}"
echo -e "${green}使用自定义现有证书...${plain}"
local custom_cert=""
local custom_key=""
local custom_domain=""
# 3.1 请求域名以稍后组合面板 URL
read -rp "请输入证书颁发的域名: " custom_domain
custom_domain="${custom_domain// /}" # 除空格
read -rp "请输入证书颁发的域名" custom_domain
custom_domain="${custom_domain// /}" # 除空格
# 3.2 循环获取证书路径
while true; do
read -rp "输入证书路径(关键词: .crt / fullchain: " custom_cert
# 如果存在则去除引号
read -rp "输入证书路径(关键词.crt / fullchain" custom_cert
# 如果存在引号则删除
custom_cert=$(echo "$custom_cert" | tr -d '"' | tr -d "'")
if [[ -f "$custom_cert" && -r "$custom_cert" && -s "$custom_cert" ]]; then
break
elif [[ ! -f "$custom_cert" ]]; then
echo -e "${red}错误: 文件不存在!请重试。${plain}"
echo -e "${red}错误文件不存在!请重试。${plain}"
elif [[ ! -r "$custom_cert" ]]; then
echo -e "${red}错误: 文件存在但不可读(检查权限)!${plain}"
echo -e "${red}错误文件存在但不可读(检查权限)!${plain}"
else
echo -e "${red}错误: 文件为空!${plain}"
echo -e "${red}错误文件为空!${plain}"
fi
done
# 3.3 循环获取私钥路径
while true; do
read -rp "输入私钥路径(关键词: .key / privatekey: " custom_key
# 如果存在则去除引号
read -rp "输入私钥路径(关键词.key / privatekey" custom_key
# 如果存在引号则删除
custom_key=$(echo "$custom_key" | tr -d '"' | tr -d "'")
if [[ -f "$custom_key" && -r "$custom_key" && -s "$custom_key" ]]; then
break
elif [[ ! -f "$custom_key" ]]; then
echo -e "${red}错误: 文件不存在!请重试。${plain}"
echo -e "${red}错误文件不存在!请重试。${plain}"
elif [[ ! -r "$custom_key" ]]; then
echo -e "${red}错误: 文件存在但不可读(检查权限)!${plain}"
echo -e "${red}错误文件存在但不可读(检查权限)!${plain}"
else
echo -e "${red}错误: 文件为空!${plain}"
echo -e "${red}错误文件为空!${plain}"
fi
done
# 3.4 通过 x-ui 二进制文件应用设置
# 3.4 通过 x-ui 二进制应用设置
${xui_folder}/x-ui cert -webCert "$custom_cert" -webCertKey "$custom_key" > /dev/null 2>&1
# 设置 SSL_HOST 以组合面板 URL
@ -651,16 +651,16 @@ prompt_and_setup_ssl() {
SSL_HOST="${server_ip}"
fi
echo -e "${green}已应用自定义证书路径。${plain}"
echo -e "${yellow}注意: 您需要负责在外部续期这些文件。${plain}"
echo -e "${green}自定义证书路径已应用${plain}"
echo -e "${yellow}注意:您需要负责外部续期这些文件。${plain}"
systemctl restart x-ui > /dev/null 2>&1 || rc-service x-ui restart > /dev/null 2>&1
;;
4)
echo ""
echo -e "${red}⚠ 面板将在没有 SSL/TLS 的情况下安装。${plain}"
echo -e "${yellow}登录凭和 cookie 将以纯 HTTP 传输。${plain}"
echo -e "${yellow}仅在以下情况下安全:${plain}"
echo -e "${yellow}登录凭和 cookie 将以纯 HTTP 传输。${plain}"
echo -e "${yellow}仅在以下情况安全:${plain}"
echo -e "${yellow} • 反向代理nginx、Caddy、Traefik为您终止 TLS${plain}"
echo -e "${yellow} • 您仅通过 SSH 隧道访问面板${plain}"
echo ""
@ -669,23 +669,23 @@ prompt_and_setup_ssl() {
SSL_HOST="${server_ip}"
local bind_local=""
read -rp "将面板绑定到 127.0.0.1?(推荐 — 强制使用 SSH 隧道 / 反向代理访问)[y/N]: " bind_local
read -rp "将面板绑定到 127.0.0.1?(推荐 — 强制使用 SSH 隧道 / 反向代理访问)[y/N]" bind_local
if [[ "$bind_local" == "y" || "$bind_local" == "Y" ]]; then
${xui_folder}/x-ui setting -listenIP "127.0.0.1" > /dev/null 2>&1
SSL_HOST="127.0.0.1"
echo -e "${green}✓ 面板已绑定到 127.0.0.1。现在无法从公共互联网访问。${plain}"
echo -e "${green}✓ 面板已绑定到 127.0.0.1。现在无法从公共互联网访问。${plain}"
echo ""
echo -e "${green}SSH 端口转发 — 通过以下方式从本地计算机打开面板:${plain}"
echo -e " 标准 SSH 命令:"
echo -e "${green}SSH 端口转发 — 从本地计算机打开面板:${plain}"
echo -e " 标准 SSH 命令"
echo -e " ${yellow}ssh -L 2222:127.0.0.1:${panel_port} root@${server_ip}${plain}"
echo -e " 如果使用 SSH 密钥:"
echo -e " 如果使用 SSH 密钥"
echo -e " ${yellow}ssh -i <sshkeypath> -L 2222:127.0.0.1:${panel_port} root@${server_ip}${plain}"
echo -e " 然后在浏览器中打开:"
echo -e " 然后在浏览器中打开"
echo -e " ${yellow}http://localhost:2222/${web_base_path}${plain}"
echo ""
echo -e "${yellow}替代方案: 将反向代理nginx/Caddy指向 127.0.0.1:${panel_port} 并让它终止 TLS。${plain}"
echo -e "${yellow}替代方案将反向代理nginx/Caddy指向 127.0.0.1:${panel_port} 并让它终止 TLS。${plain}"
else
echo -e "${yellow}面板将通过纯 HTTP 在所有接口上监听。确保有其他东西在前面终止 TLS。${plain}"
echo -e "${yellow}面板将通过纯 HTTP 在所有接口上监听。确保前面有其他东西在终止 TLS。${plain}"
fi
systemctl restart x-ui > /dev/null 2>&1 || rc-service x-ui restart > /dev/null 2>&1
@ -726,7 +726,7 @@ config_after_install() {
if [[ -z "$server_ip" ]]; then
echo -e "${yellow}无法从任何提供商自动检测服务器 IP。${plain}"
while [[ -z "$server_ip" ]]; do
read -rp "请输入您服务器的公共 IPv4 地址: " server_ip
read -rp "请输入您服务器的公共 IPv4 地址" server_ip
server_ip="${server_ip// /}"
if [[ ! "$server_ip" =~ ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
echo -e "${red}无效的 IPv4 地址。请重试。${plain}"
@ -741,13 +741,13 @@ config_after_install() {
local config_username=$(gen_random_string 10)
local config_password=$(gen_random_string 10)
read -rp "您想自定义面板端口设置吗?(如果不想,将应用随机端口)[y/n]: " config_confirm
read -rp "您是否要自定义面板端口设置?(如果否,将应用随机端口)[y/n]" config_confirm
if [[ "${config_confirm}" == "y" || "${config_confirm}" == "Y" ]]; then
read -rp "请设置面板端口: " config_port
echo -e "${yellow}您的面板端口是: ${config_port}${plain}"
read -rp "请设置面板端口" config_port
echo -e "${yellow}您的面板端口为:${config_port}${plain}"
else
local config_port=$(shuf -i 1024-62000 -n 1)
echo -e "${yellow}生成的随机端口: ${config_port}${plain}"
echo -e "${yellow}生成的随机端口${config_port}${plain}"
fi
${xui_folder}/x-ui setting -username "${config_username}" -password "${config_password}" -port "${config_port}" -webBasePath "${config_webBasePath}"
@ -757,36 +757,40 @@ config_after_install() {
echo -e "${green} SSL 证书设置(推荐) ${plain}"
echo -e "${green}═══════════════════════════════════════════${plain}"
echo -e "${yellow}强烈建议使用 SSL。仅在反向代理${plain}"
echo -e "${yellow}或 SSH 隧道为您处理 TLS 时跳过。${plain}"
echo -e "${yellow}或 SSH 隧道为您处理 TLS 时跳过。${plain}"
echo -e "${yellow}Let's Encrypt 现在支持域名和 IP 地址!${plain}"
echo ""
prompt_and_setup_ssl "${config_port}" "${config_webBasePath}" "${server_ip}"
# 显示最终凭证和访问信息
# 获取 API 令牌以显示
local config_apiToken=$(${xui_folder}/x-ui setting -getApiToken true | grep -Eo 'apiToken: .+' | awk '{print $2}')
# 显示最终凭据和访问信息
echo ""
echo -e "${green}═══════════════════════════════════════════${plain}"
echo -e "${green} 面板安装完成! ${plain}"
echo -e "${green}═══════════════════════════════════════════${plain}"
echo -e "${green}用户名: ${config_username}${plain}"
echo -e "${green}密码: ${config_password}${plain}"
echo -e "${green}端口: ${config_port}${plain}"
echo -e "${green}访问路径: ${config_webBasePath}${plain}"
echo -e "${green}访问 URL: ${SSL_SCHEME}://${SSL_HOST}:${config_port}/${config_webBasePath}${plain}"
echo -e "${green}用户名: ${config_username}${plain}"
echo -e "${green}密码: ${config_password}${plain}"
echo -e "${green}端口: ${config_port}${plain}"
echo -e "${green}WebBasePath ${config_webBasePath}${plain}"
echo -e "${green}访问 URL ${SSL_SCHEME}://${SSL_HOST}:${config_port}/${config_webBasePath}${plain}"
echo -e "${green}API 令牌: ${config_apiToken}${plain}"
echo -e "${green}═══════════════════════════════════════════${plain}"
echo -e "${yellow}⚠ 重要提示: 请安全保存这些凭证${plain}"
echo -e "${yellow}⚠ 重要:请安全保存这些凭据${plain}"
if [[ "$SSL_SCHEME" == "https" ]]; then
echo -e "${yellow}⚠ SSL 证书: 已启用并配置${plain}"
echo -e "${yellow}⚠ SSL 证书已启用并配置${plain}"
else
echo -e "${yellow}⚠ SSL 证书: 已跳过 — 面板仅为 HTTP。请使用反向代理或 SSH 隧道。${plain}"
echo -e "${yellow}⚠ SSL 证书已跳过 — 面板仅为 HTTP。请使用反向代理或 SSH 隧道。${plain}"
fi
else
local config_webBasePath=$(gen_random_string 18)
echo -e "${yellow}WebBasePath 缺失或太短。正在生成新的...${plain}"
${xui_folder}/x-ui setting -webBasePath "${config_webBasePath}"
echo -e "${green}新的 WebBasePath: ${config_webBasePath}${plain}"
echo -e "${green}新的 WebBasePath${config_webBasePath}${plain}"
# 如果面板已安装但未配置证书,现在提示进行 SSL 设置
# 如果面板已安装但未配置证书,现在提示 SSL
if [[ -z "${existing_cert}" ]]; then
echo ""
echo -e "${green}═══════════════════════════════════════════${plain}"
@ -795,10 +799,10 @@ config_after_install() {
echo -e "${yellow}Let's Encrypt 现在支持域名和 IP 地址!${plain}"
echo ""
prompt_and_setup_ssl "${existing_port}" "${config_webBasePath}" "${server_ip}"
echo -e "${green}访问 URL: ${SSL_SCHEME}://${SSL_HOST}:${existing_port}/${config_webBasePath}${plain}"
echo -e "${green}访问 URL ${SSL_SCHEME}://${SSL_HOST}:${existing_port}/${config_webBasePath}${plain}"
else
# 如果证书已存在,仅显示访问 URL
echo -e "${green}访问 URL: https://${server_ip}:${existing_port}/${config_webBasePath}${plain}"
echo -e "${green}访问 URL https://${server_ip}:${existing_port}/${config_webBasePath}${plain}"
fi
fi
else
@ -806,18 +810,18 @@ config_after_install() {
local config_username=$(gen_random_string 10)
local config_password=$(gen_random_string 10)
echo -e "${yellow}检测到默认凭。需要安全更新...${plain}"
echo -e "${yellow}检测到默认凭。需要安全更新...${plain}"
${xui_folder}/x-ui setting -username "${config_username}" -password "${config_password}"
echo -e "生成了新的随机登录凭证:"
echo -e "生成了新的随机登录凭据:"
echo -e "###############################################"
echo -e "${green}用户名: ${config_username}${plain}"
echo -e "${green}密码: ${config_password}${plain}"
echo -e "${green}用户名${config_username}${plain}"
echo -e "${green}密码${config_password}${plain}"
echo -e "###############################################"
else
echo -e "${green}用户名、密码和 WebBasePath 已正确设置。${plain}"
fi
# 现有安装: 如果未配置证书,提示用户进行 SSL 设置
# 现有安装如果未配置证书,提示用户进行 SSL 设置
# 通过检查 cert: 行是否存在且后面有内容来正确检测空证书
existing_cert=$(${xui_folder}/x-ui setting -getCert true | grep 'cert:' | awk -F': ' '{print $2}' | tr -d '[:space:]')
if [[ -z "$existing_cert" ]]; then
@ -828,7 +832,7 @@ config_after_install() {
echo -e "${yellow}Let's Encrypt 现在支持域名和 IP 地址!${plain}"
echo ""
prompt_and_setup_ssl "${existing_port}" "${existing_webBasePath}" "${server_ip}"
echo -e "${green}访问 URL: ${SSL_SCHEME}://${SSL_HOST}:${existing_port}/${existing_webBasePath}${plain}"
echo -e "${green}访问 URL ${SSL_SCHEME}://${SSL_HOST}:${existing_port}/${existing_webBasePath}${plain}"
else
echo -e "${green}SSL 证书已配置。无需操作。${plain}"
fi
@ -851,7 +855,7 @@ install_x-ui() {
exit 1
fi
fi
echo -e "获取到 x-ui 最新版本: ${tag_version},开始安装..."
echo -e "获取到 x-ui 最新版本${tag_version},开始安装..."
curl -4fLRo ${xui_folder}-linux-$(arch).tar.gz https://github.com/MHSanaei/3x-ui/releases/download/${tag_version}/x-ui-linux-$(arch).tar.gz
if [[ $? -ne 0 ]]; then
echo -e "${red}下载 x-ui 失败,请确保您的服务器可以访问 GitHub ${plain}"
@ -897,7 +901,7 @@ install_x-ui() {
cd x-ui
chmod +x x-ui
chmod +x x-ui.sh
chmod +x x-ui_zh_cn.sh
# 检查系统架构并相应重命名文件
if [[ $(arch) == "armv5" || $(arch) == "armv6" || $(arch) == "armv7" ]]; then
@ -918,11 +922,11 @@ install_x-ui() {
if ! grep -q "x-ui/x-ui.db" "/etc/.gitignore"; then
echo "" >> "/etc/.gitignore"
echo "x-ui/x-ui.db" >> "/etc/.gitignore"
echo -e "${green}为 etckeeper 将 x-ui.db 添加到 /etc/.gitignore${plain}"
echo -e "${green}将 x-ui.db 添加到 /etc/.gitignore 以用于 etckeeper${plain}"
fi
else
echo "x-ui/x-ui.db" > "/etc/.gitignore"
echo -e "${green}已创建 /etc/.gitignore 并为 etckeeper 添加了 x-ui.db${plain}"
echo -e "${green}已创建 /etc/.gitignore 并添加 x-ui.db 以用于 etckeeper${plain}"
fi
fi
@ -979,9 +983,9 @@ install_x-ui() {
esac
fi
# 如果 tar.gz 中未找到服务文件,从 GitHub 下载
# 如果 tar.gz 中未找到服务文件,从 GitHub 下载
if [ "$service_installed" = false ]; then
echo -e "${yellow}在 tar.gz 中未找到服务文件,正在从 GitHub 下载...${plain}"
echo -e "${yellow}在 tar.gz 中未找到服务文件,从 GitHub 下载...${plain}"
case "${release}" in
ubuntu | debian | armbian)
curl -4fLRo ${xui_service}/x-ui.service https://raw.githubusercontent.com/MHSanaei/3x-ui/main/x-ui.service.debian > /dev/null 2>&1
@ -1016,9 +1020,8 @@ install_x-ui() {
echo -e "${green}x-ui ${tag_version}${plain} 安装完成,正在运行..."
echo -e ""
echo -e "
╔═══════════════════════════════════════════════════════╗
${blue}x-ui 控制菜单用法(子命令):${plain}
echo -e "╔═══════════════════════════════════════════════════════╗
${blue}x-ui 控制菜单用法(子命令):${plain}
║ ║
${blue}x-ui${plain} - 管理脚本 ║
${blue}x-ui start${plain} - 启动 ║
@ -1029,7 +1032,7 @@ install_x-ui() {
${blue}x-ui enable${plain} - 启用开机自启 ║
${blue}x-ui disable${plain} - 禁用开机自启 ║
${blue}x-ui log${plain} - 查看日志 ║
${blue}x-ui banlog${plain} - 查看 Fail2ban 禁止日志 ║
${blue}x-ui banlog${plain} - 查看 Fail2ban 禁止日志
${blue}x-ui update${plain} - 更新 ║
${blue}x-ui legacy${plain} - 旧版本 ║
${blue}x-ui install${plain} - 安装 ║
@ -1039,4 +1042,4 @@ install_x-ui() {
echo -e "${green}正在运行...${plain}"
install_base
install_x-ui $1
install_x-ui $1