feat: enable HTTPS admin panel on port 443 for new deployments
Add Nginx SSL panel config, enable-panel-https.sh, secure Flask cookies, and update docs for https login. Co-authored-by: Cursor <cursoragent@cursor.com>
This commit is contained in:
@@ -0,0 +1,60 @@
|
||||
#!/usr/bin/env bash
|
||||
# 为管理面板启用 Nginx HTTPS(443);install.sh 与新装/升级后调用
|
||||
set -euo pipefail
|
||||
|
||||
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
|
||||
ROOT_DIR="$(dirname "$SCRIPT_DIR")"
|
||||
ENV_FILE="${ROOT_DIR}/.env"
|
||||
|
||||
[[ -f "$ENV_FILE" ]] || { echo "缺少 $ENV_FILE"; exit 1; }
|
||||
# shellcheck disable=SC1090
|
||||
source "$ENV_FILE"
|
||||
|
||||
: "${DOMAIN:?}"
|
||||
: "${VPS_IP:?}"
|
||||
|
||||
normalize_panel_path() {
|
||||
local p="${1:-}"
|
||||
p="${p#/}"
|
||||
p="${p%/}"
|
||||
echo "$p"
|
||||
}
|
||||
|
||||
PANEL_PATH="$(normalize_panel_path "${PANEL_PATH:-}")"
|
||||
if [[ -z "$PANEL_PATH" ]]; then
|
||||
echo "缺少 PANEL_PATH,请先运行 install.sh 或写入 .env"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
PANEL_LOCATION="/${PANEL_PATH}/"
|
||||
PANEL_PREFIX="/${PANEL_PATH}"
|
||||
|
||||
PANEL_ALLOW_BLOCK=""
|
||||
if [[ -n "${PANEL_ALLOW_IP:-}" ]]; then
|
||||
PANEL_ALLOW_BLOCK=" allow ${PANEL_ALLOW_IP};
|
||||
deny all;"
|
||||
fi
|
||||
|
||||
if [[ ! -f /etc/sing-box/certs/fullchain.pem ]] || [[ ! -f /etc/sing-box/certs/privkey.pem ]]; then
|
||||
echo "缺少 TLS 证书,请先完成 install.sh 或 acme.sh 申请证书"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if command -v ufw &>/dev/null; then
|
||||
ufw allow 443/tcp comment 'Panel-HTTPS' 2>/dev/null || true
|
||||
fi
|
||||
|
||||
sed -e "s|__DOMAIN__|${DOMAIN}|g" \
|
||||
-e "s|__PANEL_LOCATION__|${PANEL_LOCATION}|g" \
|
||||
-e "s|__PANEL_PREFIX__|${PANEL_PREFIX}|g" \
|
||||
-e "s|__PANEL_ALLOW__|${PANEL_ALLOW_BLOCK}|g" \
|
||||
"$ROOT_DIR/server/nginx/panel.conf.template" \
|
||||
> /etc/nginx/sites-available/jiedian-panel
|
||||
|
||||
ln -sf /etc/nginx/sites-available/jiedian-panel /etc/nginx/sites-enabled/jiedian-panel
|
||||
rm -f /etc/nginx/sites-enabled/acme
|
||||
|
||||
nginx -t
|
||||
systemctl reload nginx
|
||||
|
||||
echo "面板 HTTPS 已启用: https://${DOMAIN}${PANEL_LOCATION}"
|
||||
+9
-8
@@ -115,7 +115,8 @@ ufw --force reset
|
||||
ufw default deny incoming
|
||||
ufw default allow outgoing
|
||||
ufw allow 22/tcp comment 'SSH'
|
||||
ufw allow 80/tcp comment 'HTTP-ACME-Panel'
|
||||
ufw allow 80/tcp comment 'HTTP-ACME'
|
||||
ufw allow 443/tcp comment 'Panel-HTTPS'
|
||||
ufw allow 8443:8499/udp comment 'Hysteria2-multi-node'
|
||||
ufw --force enable
|
||||
|
||||
@@ -126,13 +127,10 @@ cp "$ROOT_DIR/server/nginx/fallback.conf" /etc/nginx/sites-available/fallback
|
||||
ln -sf /etc/nginx/sites-available/fallback /etc/nginx/sites-enabled/fallback
|
||||
rm -f /etc/nginx/sites-enabled/default
|
||||
|
||||
log "部署 Nginx ACME + 管理面板反向代理 (80) ..."
|
||||
log "部署 Nginx ACME 验证站点 (80) ..."
|
||||
mkdir -p /var/www/acme
|
||||
sed -e "s|__DOMAIN__|${DOMAIN}|g" \
|
||||
-e "s|__PANEL_LOCATION__|${PANEL_LOCATION}|g" \
|
||||
-e "s|__PANEL_PREFIX__|${PANEL_PREFIX}|g" \
|
||||
-e "s|__PANEL_ALLOW__|${PANEL_ALLOW_BLOCK}|g" \
|
||||
"$ROOT_DIR/server/nginx/acme.conf.template" \
|
||||
"$ROOT_DIR/server/nginx/acme-bootstrap.conf.template" \
|
||||
> /etc/nginx/sites-available/acme
|
||||
ln -sf /etc/nginx/sites-available/acme /etc/nginx/sites-enabled/acme
|
||||
nginx -t && systemctl enable nginx && systemctl restart nginx
|
||||
@@ -160,8 +158,10 @@ log "安装 TLS 证书到 sing-box ..."
|
||||
--key-file /etc/sing-box/certs/privkey.pem \
|
||||
--fullchain-file /etc/sing-box/certs/fullchain.pem
|
||||
|
||||
log "部署 Nginx HTTPS 管理面板 (443) ..."
|
||||
bash "$ROOT_DIR/scripts/enable-panel-https.sh"
|
||||
|
||||
rm -f /etc/nginx/sites-enabled/panel /etc/nginx/sites-available/panel
|
||||
nginx -t && systemctl reload nginx
|
||||
|
||||
log "安装 Python 面板依赖 ..."
|
||||
python3 -m venv "$ROOT_DIR/panel/venv"
|
||||
@@ -229,7 +229,8 @@ systemctl restart sing-box jiedian-panel
|
||||
log "部署完成!"
|
||||
echo ""
|
||||
echo "=========================================="
|
||||
echo " 管理面板: http://${DOMAIN}${PANEL_LOCATION}"
|
||||
echo " 管理面板: https://${DOMAIN}${PANEL_LOCATION}"
|
||||
echo " (HTTP 会自动跳转到 HTTPS)"
|
||||
echo " 面板路径: ${PANEL_PATH} (见 .env 中 PANEL_PATH)"
|
||||
echo " 用户名: ${PANEL_USERNAME}"
|
||||
echo " 密码: ${PANEL_PASSWORD}"
|
||||
|
||||
+10
-8
@@ -1,5 +1,5 @@
|
||||
#!/usr/bin/env bash
|
||||
# 已有 VPS:停用 Xray/VLESS,仅保留 Hysteria2
|
||||
# 已有 VPS:停用 Xray/VLESS,并启用 HTTPS 管理面板
|
||||
set -euo pipefail
|
||||
|
||||
ROOT="$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd)"
|
||||
@@ -8,22 +8,24 @@ ROOT="$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd)"
|
||||
|
||||
export JIEDIAN_ROOT="$ROOT"
|
||||
|
||||
echo "[1/4] 停止并禁用 Xray ..."
|
||||
echo "[1/5] 停止并禁用 Xray ..."
|
||||
systemctl stop xray 2>/dev/null || true
|
||||
systemctl disable xray 2>/dev/null || true
|
||||
|
||||
echo "[2/4] 更新代码并重载 sing-box 配置 ..."
|
||||
echo "[2/5] 更新代码 ..."
|
||||
if [[ -d "$ROOT/.git" ]]; then
|
||||
git -C "$ROOT" pull --ff-only || echo "(git pull 跳过,请手动同步)"
|
||||
fi
|
||||
|
||||
echo "[3/5] 重载 sing-box 配置 ..."
|
||||
python3 "$ROOT/scripts/render-server.py"
|
||||
|
||||
echo "[3/4] 重启服务 ..."
|
||||
echo "[4/5] 启用 HTTPS 管理面板 ..."
|
||||
bash "$ROOT/scripts/enable-panel-https.sh"
|
||||
|
||||
echo "[5/5] 重启服务 ..."
|
||||
systemctl restart sing-box jiedian-panel
|
||||
|
||||
echo "[4/4] 可选:关闭防火墙 443(若不再需要) ..."
|
||||
ufw delete allow 443/tcp 2>/dev/null || true
|
||||
|
||||
echo ""
|
||||
echo "完成。VLESS 已停用,面板仅显示 Hysteria2 链接。"
|
||||
echo "完成。VLESS 已停用,面板请用 HTTPS 访问。"
|
||||
echo "客户端请删除旧 VLESS 节点,从面板复制 hy2:// 链接导入。"
|
||||
|
||||
Reference in New Issue
Block a user