diff --git a/scripts/finish-install.sh b/scripts/finish-install.sh new file mode 100644 index 0000000..d552e20 --- /dev/null +++ b/scripts/finish-install.sh @@ -0,0 +1,96 @@ +#!/usr/bin/env bash +# 证书已申请但 sing-box 未安装完成时,执行本脚本补全部署 +set -euo pipefail + +SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" +ROOT_DIR="$(dirname "$SCRIPT_DIR")" +ENV_FILE="${ROOT_DIR}/.env" + +[[ $EUID -eq 0 ]] || { echo "请使用 root 运行"; exit 1; } +[[ -f "$ENV_FILE" ]] || { echo "缺少 .env"; exit 1; } +# shellcheck disable=SC1090 +source "$ENV_FILE" + +: "${DOMAIN:?}" +: "${UUID:?}" +: "${REALITY_PRIVATE_KEY:?}" +: "${REALITY_SHORT_ID:?}" +: "${HY2_PASSWORD:?}" +: "${REALITY_PUBLIC_KEY:?}" + +if ! command -v sing-box &>/dev/null; then + echo "sing-box 未安装,请先运行: bash scripts/install.sh" + exit 1 +fi + +mkdir -p /etc/sing-box/certs + +if [[ ! -f /etc/sing-box/certs/fullchain.pem ]]; then + echo "安装证书..." + /root/.acme.sh/acme.sh --install-cert -d "$DOMAIN" \ + --key-file /etc/sing-box/certs/privkey.pem \ + --fullchain-file /etc/sing-box/certs/fullchain.pem \ + --reloadcmd "systemctl restart sing-box || true" +fi + +echo "生成 sing-box 配置..." +sed -e "s|\${UUID}|${UUID}|g" \ + -e "s|\${REALITY_SERVER_NAME}|${REALITY_SERVER_NAME:-www.microsoft.com}|g" \ + -e "s|\${REALITY_PRIVATE_KEY}|${REALITY_PRIVATE_KEY}|g" \ + -e "s|\${REALITY_SHORT_ID}|${REALITY_SHORT_ID}|g" \ + -e "s|\${HY2_PASSWORD}|${HY2_PASSWORD}|g" \ + -e "s|\${DOMAIN}|${DOMAIN}|g" \ + "$ROOT_DIR/server/sing-box.json.template" > /etc/sing-box/config.json + +sing-box check -c /etc/sing-box/config.json + +cat > /etc/systemd/system/sing-box.service <<'UNIT' +[Unit] +Description=sing-box service +After=network-online.target nginx.service +Wants=network-online.target + +[Service] +Type=simple +ExecStart=/usr/local/bin/sing-box run -c /etc/sing-box/config.json +Restart=on-failure +RestartSec=5 +LimitNOFILE=1048576 + +[Install] +WantedBy=multi-user.target +UNIT + +systemctl daemon-reload +systemctl enable sing-box +systemctl restart sing-box + +/root/.acme.sh/acme.sh --install-cert -d "$DOMAIN" \ + --key-file /etc/sing-box/certs/privkey.pem \ + --fullchain-file /etc/sing-box/certs/fullchain.pem \ + --reloadcmd "systemctl restart sing-box" + +CLIENT_DIR="${ROOT_DIR}/client/generated" +mkdir -p "$CLIENT_DIR" +sed -e "s|\${VPS_IP}|${VPS_IP}|g" \ + -e "s|\${DOMAIN}|${DOMAIN}|g" \ + -e "s|\${UUID}|${UUID}|g" \ + -e "s|\${REALITY_SERVER_NAME}|${REALITY_SERVER_NAME:-www.microsoft.com}|g" \ + -e "s|\${REALITY_PUBLIC_KEY}|${REALITY_PUBLIC_KEY}|g" \ + -e "s|\${REALITY_SHORT_ID}|${REALITY_SHORT_ID}|g" \ + -e "s|\${HY2_PASSWORD}|${HY2_PASSWORD}|g" \ + "$ROOT_DIR/client/sing-box-client.json.template" > "$CLIENT_DIR/sing-box-client.json" + +cat > "$CLIENT_DIR/share-links.txt" <