feat: add web admin panel for node management
Add Flask panel with login, add/delete nodes, and share link copy. Generate sing-box config from SQLite; add uninstall script and clean install flow. Panel served at https://DOMAIN:8444 via nginx. Co-authored-by: Cursor <cursoragent@cursor.com>
This commit is contained in:
@@ -6,8 +6,8 @@ DOMAIN=66.hyf2.cc
|
|||||||
ACME_EMAIL=admin@hyf2.cc
|
ACME_EMAIL=admin@hyf2.cc
|
||||||
REALITY_SERVER_NAME=www.microsoft.com
|
REALITY_SERVER_NAME=www.microsoft.com
|
||||||
|
|
||||||
UUID=42f5b04d-292d-4f13-b892-b70553a714d5
|
PANEL_USERNAME=admin
|
||||||
|
|
||||||
REALITY_PRIVATE_KEY=IPKtaw1aVb4fS0TPcimu8zwaVGml-JJ5H1rj-_TFQHM
|
REALITY_PRIVATE_KEY=IPKtaw1aVb4fS0TPcimu8zwaVGml-JJ5H1rj-_TFQHM
|
||||||
REALITY_PUBLIC_KEY=51H_ikqYdDRgCpjq3pvMYNbqrX8S3zuow1UEjqTN-nI
|
REALITY_PUBLIC_KEY=51H_ikqYdDRgCpjq3pvMYNbqrX8S3zuow1UEjqTN-nI
|
||||||
REALITY_SHORT_ID=e126b4ef9d36adfc
|
REALITY_SHORT_ID=e126b4ef9d36adfc
|
||||||
HY2_PASSWORD=npDFaGfRzAPLS3Hh7iM6TEOk
|
|
||||||
|
|||||||
+6
-4
@@ -4,7 +4,7 @@
|
|||||||
# VPS 公网 IP
|
# VPS 公网 IP
|
||||||
VPS_IP=47.76.87.111
|
VPS_IP=47.76.87.111
|
||||||
|
|
||||||
# 域名(Hysteria2 证书用)
|
# 域名(Hysteria2 证书 + 管理面板)
|
||||||
DOMAIN=66.hyf2.cc
|
DOMAIN=66.hyf2.cc
|
||||||
|
|
||||||
# Let's Encrypt 申请证书邮箱
|
# Let's Encrypt 申请证书邮箱
|
||||||
@@ -13,9 +13,11 @@ ACME_EMAIL=admin@hyf2.cc
|
|||||||
# Reality 伪装目标(真实大站,不要用你自己的域名)
|
# Reality 伪装目标(真实大站,不要用你自己的域名)
|
||||||
REALITY_SERVER_NAME=www.microsoft.com
|
REALITY_SERVER_NAME=www.microsoft.com
|
||||||
|
|
||||||
# 以下由 scripts/generate-keys.sh 自动生成,也可手动填写
|
# 管理面板登录(安装完成后访问 https://域名:8444)
|
||||||
# UUID=
|
PANEL_USERNAME=admin
|
||||||
|
|
||||||
|
# 以下由 scripts/generate-keys.sh 自动生成
|
||||||
# REALITY_PRIVATE_KEY=
|
# REALITY_PRIVATE_KEY=
|
||||||
# REALITY_PUBLIC_KEY=
|
# REALITY_PUBLIC_KEY=
|
||||||
# REALITY_SHORT_ID=
|
# REALITY_SHORT_ID=
|
||||||
# HY2_PASSWORD=
|
# PANEL_PASSWORD=
|
||||||
|
|||||||
+3
-1
@@ -1,5 +1,7 @@
|
|||||||
# 部署生成的客户端配置
|
# 部署生成的客户端配置与运行时数据
|
||||||
client/generated/
|
client/generated/
|
||||||
|
data/
|
||||||
|
panel/venv/
|
||||||
# 临时文件
|
# 临时文件
|
||||||
*.log
|
*.log
|
||||||
.DS_Store
|
.DS_Store
|
||||||
|
|||||||
@@ -1,6 +1,6 @@
|
|||||||
# jiedian — VPS 自建节点
|
# jiedian — VPS 自建节点
|
||||||
|
|
||||||
个人/家庭自用的 **VLESS + Reality(主力)** + **Hysteria2(备用)** 双栈方案,基于 [sing-box](https://github.com/SagerNet/sing-box)。
|
个人/家庭自用的 **VLESS + Reality(主力)** + **Hysteria2(备用)** 双栈方案,基于 [sing-box](https://github.com/SagerNet/sing-box),带 **Web 管理面板**。
|
||||||
|
|
||||||
**仓库**:https://git.bz121.com/dekun/jiedian.git
|
**仓库**:https://git.bz121.com/dekun/jiedian.git
|
||||||
**部署路径**:`/opt/jiedian`(Ubuntu)
|
**部署路径**:`/opt/jiedian`(Ubuntu)
|
||||||
@@ -9,6 +9,7 @@
|
|||||||
|------|-----|
|
|------|-----|
|
||||||
| VPS IP | `47.76.87.111` |
|
| VPS IP | `47.76.87.111` |
|
||||||
| 域名 | `66.hyf2.cc` |
|
| 域名 | `66.hyf2.cc` |
|
||||||
|
| 管理面板 | `https://66.hyf2.cc:8444` |
|
||||||
|
|
||||||
> 完整部署步骤见 **[docs/DEPLOY.md](docs/DEPLOY.md)**
|
> 完整部署步骤见 **[docs/DEPLOY.md](docs/DEPLOY.md)**
|
||||||
|
|
||||||
@@ -25,50 +26,42 @@ cd /opt/jiedian
|
|||||||
bash scripts/install.sh
|
bash scripts/install.sh
|
||||||
```
|
```
|
||||||
|
|
||||||
安装完成后:
|
安装完成后会显示面板地址、用户名和密码。登录面板即可 **添加节点、复制分享链接**。
|
||||||
|
|
||||||
```bash
|
|
||||||
cat /opt/jiedian/client/generated/share-links.txt
|
|
||||||
```
|
|
||||||
|
|
||||||
客户端导入见 [docs/client-import.md](docs/client-import.md)。
|
|
||||||
|
|
||||||
---
|
---
|
||||||
|
|
||||||
## 架构
|
## 架构
|
||||||
|
|
||||||
```
|
```
|
||||||
|
浏览器 ──► Nginx:8444 ──► Web 管理面板(登录、添加节点)
|
||||||
|
│
|
||||||
|
▼
|
||||||
|
sing-box 配置重载
|
||||||
|
|
||||||
客户端 (Win/iOS/Android)
|
客户端 (Win/iOS/Android)
|
||||||
│
|
├─ TCP 443 ──► sing-box VLESS+Reality
|
||||||
├─ TCP 443 ──► sing-box VLESS+Reality ──► 直连出站
|
└─ UDP 8443 ─► sing-box Hysteria2
|
||||||
│
|
|
||||||
└─ UDP 8443 ─► sing-box Hysteria2 ─────► 直连出站
|
|
||||||
|
|
||||||
Nginx 127.0.0.1:8080 ← 伪装静态页(fallback)
|
Nginx 127.0.0.1:8080 ← 伪装静态页(fallback)
|
||||||
```
|
```
|
||||||
|
|
||||||
详细选型见 [docs/STACK.md](docs/STACK.md)。
|
|
||||||
|
|
||||||
---
|
---
|
||||||
|
|
||||||
## 目录结构
|
## 目录结构
|
||||||
|
|
||||||
```
|
```
|
||||||
/opt/jiedian/
|
/opt/jiedian/
|
||||||
├── .env # 环境变量(IP/域名/密钥,已预填)
|
├── .env # VPS / Reality / 面板账号配置
|
||||||
|
├── data/nodes.db # 节点数据库(安装后生成)
|
||||||
|
├── panel/ # Web 管理面板(Flask)
|
||||||
├── scripts/
|
├── scripts/
|
||||||
│ ├── generate-keys.sh # 生成 UUID / Reality 密钥 / Hy2 密码
|
|
||||||
│ ├── install.sh # 一键部署
|
│ ├── install.sh # 一键部署
|
||||||
│ └── render-client.sh # 本地渲染客户端配置
|
│ ├── uninstall.sh # 卸载后重装
|
||||||
├── server/
|
│ ├── generate-keys.sh # 生成 Reality 密钥与面板密码
|
||||||
│ ├── sing-box.json.template
|
│ └── render-server.py # 根据数据库生成 sing-box 配置
|
||||||
│ └── nginx/ # fallback 伪装站
|
|
||||||
├── client/
|
|
||||||
│ └── sing-box-client.json.template
|
|
||||||
└── docs/
|
└── docs/
|
||||||
├── DEPLOY.md # Ubuntu 部署指南(主文档)
|
├── DEPLOY.md
|
||||||
├── client-import.md # 客户端导入
|
└── client-import.md
|
||||||
└── troubleshooting.md # 故障排查
|
|
||||||
```
|
```
|
||||||
|
|
||||||
---
|
---
|
||||||
@@ -78,19 +71,26 @@ Nginx 127.0.0.1:8080 ← 伪装静态页(fallback)
|
|||||||
| 端口 | 协议 | 用途 |
|
| 端口 | 协议 | 用途 |
|
||||||
|------|------|------|
|
|------|------|------|
|
||||||
| 22 | TCP | SSH |
|
| 22 | TCP | SSH |
|
||||||
| 80 | TCP | HTTP(Let's Encrypt 证书验证) |
|
| 80 | TCP | HTTP(Let's Encrypt 验证) |
|
||||||
| 443 | TCP | VLESS + Reality |
|
| 443 | TCP | VLESS + Reality |
|
||||||
| 8443 | UDP | Hysteria2 |
|
| 8443 | UDP | Hysteria2 |
|
||||||
|
| 8444 | TCP | **Web 管理面板(HTTPS)** |
|
||||||
|
|
||||||
---
|
---
|
||||||
|
|
||||||
## 常用运维
|
## 常用运维
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
systemctl status sing-box
|
# 面板 / 节点
|
||||||
journalctl -u sing-box -f
|
https://66.hyf2.cc:8444
|
||||||
sing-box check -c /etc/sing-box/config.json && systemctl restart sing-box
|
|
||||||
/root/.acme.sh/acme.sh --renew -d 66.hyf2.cc --force
|
# 服务状态
|
||||||
|
systemctl status sing-box jiedian-panel
|
||||||
|
|
||||||
|
# 卸载后干净重装
|
||||||
|
bash scripts/uninstall.sh
|
||||||
|
bash scripts/generate-keys.sh # 可选:重置密钥与面板密码
|
||||||
|
bash scripts/install.sh
|
||||||
```
|
```
|
||||||
|
|
||||||
---
|
---
|
||||||
@@ -100,7 +100,7 @@ sing-box check -c /etc/sing-box/config.json && systemctl restart sing-box
|
|||||||
1. 不要公开分享节点链接
|
1. 不要公开分享节点链接
|
||||||
2. Reality SNI 使用 `www.microsoft.com`,不要用 `66.hyf2.cc`
|
2. Reality SNI 使用 `www.microsoft.com`,不要用 `66.hyf2.cc`
|
||||||
3. 客户端开启 uTLS / chrome 指纹
|
3. 客户端开启 uTLS / chrome 指纹
|
||||||
4. 被封后:换 serverName → 换 IP → 换 VPS 地区
|
4. 面板密码请妥善保管,安装后可在 `.env` 查看 `PANEL_PASSWORD`
|
||||||
|
|
||||||
---
|
---
|
||||||
|
|
||||||
|
|||||||
+51
-103
@@ -6,6 +6,7 @@
|
|||||||
|------|-----|
|
|------|-----|
|
||||||
| VPS IP | `47.76.87.111` |
|
| VPS IP | `47.76.87.111` |
|
||||||
| 域名 | `66.hyf2.cc` |
|
| 域名 | `66.hyf2.cc` |
|
||||||
|
| 管理面板 | `https://66.hyf2.cc:8444` |
|
||||||
| 部署目录 | `/opt/jiedian` |
|
| 部署目录 | `/opt/jiedian` |
|
||||||
| 系统 | Ubuntu 22.04 / 24.04 |
|
| 系统 | Ubuntu 22.04 / 24.04 |
|
||||||
|
|
||||||
@@ -15,127 +16,88 @@
|
|||||||
|
|
||||||
### 1. DNS 解析
|
### 1. DNS 解析
|
||||||
|
|
||||||
在域名控制台添加 **A 记录**:
|
|
||||||
|
|
||||||
```
|
```
|
||||||
66.hyf2.cc → 47.76.87.111
|
66.hyf2.cc → 47.76.87.111
|
||||||
```
|
```
|
||||||
|
|
||||||
验证(本地或 VPS 上执行):
|
验证:
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
dig +short A 66.hyf2.cc
|
dig +short A 66.hyf2.cc
|
||||||
# 应返回 47.76.87.111
|
|
||||||
```
|
```
|
||||||
|
|
||||||
### 2. SSH 登录 VPS
|
### 2. 阿里云安全组
|
||||||
|
|
||||||
```bash
|
放行:`22`、`80`、`443/TCP`、`8443/UDP`、`8444/TCP`
|
||||||
ssh root@47.76.87.111
|
|
||||||
```
|
|
||||||
|
|
||||||
---
|
---
|
||||||
|
|
||||||
## 一键部署(推荐)
|
## 一键部署
|
||||||
|
|
||||||
在 VPS 上以 **root** 执行:
|
|
||||||
|
|
||||||
```bash
|
|
||||||
# 安装 git
|
|
||||||
apt update && apt install -y git
|
|
||||||
|
|
||||||
# 克隆到 /opt/jiedian
|
|
||||||
git clone https://git.bz121.com/dekun/jiedian.git /opt/jiedian
|
|
||||||
cd /opt/jiedian
|
|
||||||
|
|
||||||
# .env 已预填 IP/域名/密钥,直接安装
|
|
||||||
bash scripts/install.sh
|
|
||||||
```
|
|
||||||
|
|
||||||
安装完成后查看节点链接:
|
|
||||||
|
|
||||||
```bash
|
|
||||||
cat /opt/jiedian/client/generated/share-links.txt
|
|
||||||
```
|
|
||||||
|
|
||||||
---
|
|
||||||
|
|
||||||
## 分步部署(如需手动控制)
|
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
apt update && apt install -y git
|
apt update && apt install -y git
|
||||||
git clone https://git.bz121.com/dekun/jiedian.git /opt/jiedian
|
git clone https://git.bz121.com/dekun/jiedian.git /opt/jiedian
|
||||||
cd /opt/jiedian
|
cd /opt/jiedian
|
||||||
|
|
||||||
# 检查 .env(已预配置,一般无需修改)
|
|
||||||
cat .env
|
|
||||||
|
|
||||||
# 若需重新生成密钥
|
|
||||||
bash scripts/generate-keys.sh
|
|
||||||
|
|
||||||
# 执行安装
|
|
||||||
bash scripts/install.sh
|
bash scripts/install.sh
|
||||||
```
|
```
|
||||||
|
|
||||||
|
安装结束会输出:
|
||||||
|
|
||||||
|
```
|
||||||
|
管理面板: https://66.hyf2.cc:8444
|
||||||
|
用户名: admin
|
||||||
|
密码: xxxxx
|
||||||
|
```
|
||||||
|
|
||||||
|
浏览器打开面板 → 登录 → **添加节点** → 复制 VLESS / Hysteria2 链接到客户端。
|
||||||
|
|
||||||
|
---
|
||||||
|
|
||||||
|
## 卸载后重装(推荐流程)
|
||||||
|
|
||||||
|
若之前部署混乱,先卸载再装:
|
||||||
|
|
||||||
|
```bash
|
||||||
|
cd /opt/jiedian
|
||||||
|
git pull
|
||||||
|
bash scripts/uninstall.sh
|
||||||
|
bash scripts/generate-keys.sh # 重新生成 Reality 密钥与面板密码
|
||||||
|
bash scripts/install.sh
|
||||||
|
```
|
||||||
|
|
||||||
|
`uninstall.sh` 会停止服务并清理配置,**保留** `/opt/jiedian` 代码与 `.env` 基础字段。
|
||||||
|
|
||||||
---
|
---
|
||||||
|
|
||||||
## 安装脚本做了什么
|
## 安装脚本做了什么
|
||||||
|
|
||||||
1. 安装 sing-box、nginx、ufw
|
1. 安装 sing-box、nginx、Python 面板依赖
|
||||||
2. 防火墙放行:`22/tcp`、`443/tcp`、`8443/udp`
|
2. 防火墙放行 22/80/443/8443/8444
|
||||||
3. Nginx 伪装站监听 `127.0.0.1:8080`
|
3. acme.sh 申请 `66.hyf2.cc` 证书
|
||||||
4. acme.sh 为 `66.hyf2.cc` 申请 Let's Encrypt 证书
|
4. 初始化 SQLite 节点库 + 默认管理员
|
||||||
5. 生成 `/etc/sing-box/config.json` 并启动 systemd 服务
|
5. 生成 sing-box 配置并启动服务
|
||||||
6. 输出客户端分享链接到 `client/generated/share-links.txt`
|
6. Nginx 8444 端口提供 HTTPS 管理面板
|
||||||
|
|
||||||
---
|
---
|
||||||
|
|
||||||
## 节点信息
|
## 管理面板功能
|
||||||
|
|
||||||
| 节点 | 协议 | 地址 | 端口 |
|
| 功能 | 说明 |
|
||||||
|------|------|------|------|
|
|------|------|
|
||||||
| 主力 | VLESS + Reality | `47.76.87.111` | 443/TCP |
|
| 登录 | `.env` 中 `PANEL_USERNAME` / `PANEL_PASSWORD` |
|
||||||
| 备用 | Hysteria2 | `66.hyf2.cc` | 8443/UDP |
|
| 添加节点 | 自动生成 UUID + Hy2 密码,更新 sing-box |
|
||||||
|
| 复制链接 | VLESS Reality + Hysteria2 分享链接 |
|
||||||
Reality 伪装 SNI:`www.microsoft.com`(不是你的域名)
|
| 删除节点 | 至少保留 1 个节点 |
|
||||||
|
|
||||||
---
|
---
|
||||||
|
|
||||||
## 部署后验证
|
## 部署后验证
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
# sing-box 运行状态
|
systemctl status sing-box jiedian-panel
|
||||||
systemctl status sing-box
|
ss -tlnp | grep -E '443|8444'
|
||||||
|
|
||||||
# 端口监听
|
|
||||||
ss -tlnp | grep 443
|
|
||||||
ss -ulnp | grep 8443
|
ss -ulnp | grep 8443
|
||||||
|
curl -k -I https://66.hyf2.cc:8444/login
|
||||||
# 配置语法检查
|
|
||||||
sing-box check -c /etc/sing-box/config.json
|
|
||||||
|
|
||||||
# 查看日志
|
|
||||||
journalctl -u sing-box -f
|
|
||||||
```
|
|
||||||
|
|
||||||
客户端导入见 [client-import.md](client-import.md)。
|
|
||||||
|
|
||||||
---
|
|
||||||
|
|
||||||
## 常用运维
|
|
||||||
|
|
||||||
```bash
|
|
||||||
cd /opt/jiedian
|
|
||||||
|
|
||||||
# 拉取最新配置(若仓库有更新)
|
|
||||||
git pull
|
|
||||||
|
|
||||||
# 重新安装/更新
|
|
||||||
bash scripts/install.sh
|
|
||||||
|
|
||||||
# 证书手动续期
|
|
||||||
/root/.acme.sh/acme.sh --renew -d 66.hyf2.cc --force
|
|
||||||
systemctl restart sing-box
|
|
||||||
```
|
```
|
||||||
|
|
||||||
---
|
---
|
||||||
@@ -144,23 +106,9 @@ systemctl restart sing-box
|
|||||||
|
|
||||||
| 问题 | 处理 |
|
| 问题 | 处理 |
|
||||||
|------|------|
|
|------|------|
|
||||||
| `set: pipefail: invalid option` | Windows 换行符问题,执行:`sed -i 's/\r$//' scripts/*.sh .env` 后重试 |
|
| apt 锁被占用 | 等待自动更新结束,或 `bash scripts/install.sh` 会自动等待 |
|
||||||
| `dig` 未返回正确 IP | 等待 DNS 生效或检查解析记录 |
|
| sing-box 443 被占用 | `ss -tlnp \| grep 443`,停止占用进程后重装 |
|
||||||
| acme 证书失败 | 确认 80 端口可访问:`curl http://66.hyf2.cc/.well-known/acme-challenge/test`;检查 nginx acme 站点是否启用 |
|
| 忘记面板密码 | `grep PANEL_PASSWORD /opt/jiedian/.env` 或重新 `generate-keys.sh` |
|
||||||
| sing-box 启动失败 | `journalctl -u sing-box -n 50` 查看报错 |
|
| SSH 主机密钥变更 | 重装系统后本地执行 `ssh-keygen -R 47.76.87.111` |
|
||||||
| 客户端连不上 | 核对 `share-links.txt` 与 `.env` 中密钥一致 |
|
|
||||||
|
|
||||||
更多见 [troubleshooting.md](troubleshooting.md)。
|
更多见 [troubleshooting.md](troubleshooting.md)。
|
||||||
|
|
||||||
---
|
|
||||||
|
|
||||||
## 更新仓库(本地开发机)
|
|
||||||
|
|
||||||
```bash
|
|
||||||
cd 节点
|
|
||||||
git add .
|
|
||||||
git commit -m "update config"
|
|
||||||
git push origin main
|
|
||||||
```
|
|
||||||
|
|
||||||
VPS 上 `git pull` 后重新运行 `bash scripts/install.sh` 即可同步。
|
|
||||||
|
|||||||
+167
@@ -0,0 +1,167 @@
|
|||||||
|
#!/usr/bin/env python3
|
||||||
|
"""jiedian 管理面板:登录、添加/删除节点、复制分享链接。"""
|
||||||
|
from __future__ import annotations
|
||||||
|
|
||||||
|
import os
|
||||||
|
import secrets
|
||||||
|
import subprocess
|
||||||
|
from functools import wraps
|
||||||
|
from pathlib import Path
|
||||||
|
|
||||||
|
from flask import (
|
||||||
|
Flask,
|
||||||
|
jsonify,
|
||||||
|
redirect,
|
||||||
|
render_template,
|
||||||
|
request,
|
||||||
|
session,
|
||||||
|
url_for,
|
||||||
|
)
|
||||||
|
|
||||||
|
from db import add_node, delete_node, list_nodes, node_count, verify_admin
|
||||||
|
from links import build_links, load_env
|
||||||
|
|
||||||
|
ROOT = Path(os.environ.get("JIEDIAN_ROOT", Path(__file__).resolve().parents[1]))
|
||||||
|
SECRET_FILE = ROOT / "data" / ".panel_secret"
|
||||||
|
RENDER_SCRIPT = ROOT / "scripts" / "render-server.py"
|
||||||
|
|
||||||
|
|
||||||
|
def _secret_key() -> str:
|
||||||
|
if SECRET_FILE.exists():
|
||||||
|
return SECRET_FILE.read_text(encoding="utf-8").strip()
|
||||||
|
SECRET_FILE.parent.mkdir(parents=True, exist_ok=True)
|
||||||
|
key = secrets.token_hex(32)
|
||||||
|
SECRET_FILE.write_text(key, encoding="utf-8")
|
||||||
|
SECRET_FILE.chmod(0o600)
|
||||||
|
return key
|
||||||
|
|
||||||
|
|
||||||
|
app = Flask(__name__)
|
||||||
|
app.secret_key = _secret_key()
|
||||||
|
app.config.update(
|
||||||
|
SESSION_COOKIE_HTTPONLY=True,
|
||||||
|
SESSION_COOKIE_SAMESITE="Lax",
|
||||||
|
PERMANENT_SESSION_LIFETIME=86400 * 7,
|
||||||
|
)
|
||||||
|
|
||||||
|
|
||||||
|
def login_required(view):
|
||||||
|
@wraps(view)
|
||||||
|
def wrapped(*args, **kwargs):
|
||||||
|
if not session.get("user"):
|
||||||
|
if request.path.startswith("/api/"):
|
||||||
|
return jsonify({"error": "未登录"}), 401
|
||||||
|
return redirect(url_for("login"))
|
||||||
|
return view(*args, **kwargs)
|
||||||
|
|
||||||
|
return wrapped
|
||||||
|
|
||||||
|
|
||||||
|
def apply_singbox() -> tuple[bool, str]:
|
||||||
|
env = os.environ.copy()
|
||||||
|
env["JIEDIAN_ROOT"] = str(ROOT)
|
||||||
|
proc = subprocess.run(
|
||||||
|
["python3", str(RENDER_SCRIPT)],
|
||||||
|
capture_output=True,
|
||||||
|
text=True,
|
||||||
|
env=env,
|
||||||
|
)
|
||||||
|
if proc.returncode != 0:
|
||||||
|
return False, proc.stderr or proc.stdout or "配置生成失败"
|
||||||
|
restart = subprocess.run(["systemctl", "restart", "sing-box"], capture_output=True, text=True)
|
||||||
|
if restart.returncode != 0:
|
||||||
|
return False, restart.stderr or restart.stdout or "sing-box 重启失败"
|
||||||
|
return True, "ok"
|
||||||
|
|
||||||
|
|
||||||
|
@app.route("/login", methods=["GET", "POST"])
|
||||||
|
def login():
|
||||||
|
if session.get("user"):
|
||||||
|
return redirect(url_for("dashboard"))
|
||||||
|
error = None
|
||||||
|
if request.method == "POST":
|
||||||
|
username = request.form.get("username", "").strip()
|
||||||
|
password = request.form.get("password", "")
|
||||||
|
if verify_admin(username, password):
|
||||||
|
session.permanent = True
|
||||||
|
session["user"] = username
|
||||||
|
return redirect(url_for("dashboard"))
|
||||||
|
error = "用户名或密码错误"
|
||||||
|
return render_template("login.html", error=error)
|
||||||
|
|
||||||
|
|
||||||
|
@app.route("/logout")
|
||||||
|
def logout():
|
||||||
|
session.clear()
|
||||||
|
return redirect(url_for("login"))
|
||||||
|
|
||||||
|
|
||||||
|
@app.route("/")
|
||||||
|
@login_required
|
||||||
|
def dashboard():
|
||||||
|
env = load_env()
|
||||||
|
nodes = []
|
||||||
|
for node in list_nodes():
|
||||||
|
item = dict(node)
|
||||||
|
item["links"] = build_links(node, env)
|
||||||
|
nodes.append(item)
|
||||||
|
return render_template(
|
||||||
|
"dashboard.html",
|
||||||
|
nodes=nodes,
|
||||||
|
domain=env.get("DOMAIN", ""),
|
||||||
|
vps_ip=env.get("VPS_IP", ""),
|
||||||
|
)
|
||||||
|
|
||||||
|
|
||||||
|
@app.route("/api/nodes", methods=["GET"])
|
||||||
|
@login_required
|
||||||
|
def api_list_nodes():
|
||||||
|
env = load_env()
|
||||||
|
data = []
|
||||||
|
for node in list_nodes():
|
||||||
|
item = {
|
||||||
|
"id": node["id"],
|
||||||
|
"name": node["name"],
|
||||||
|
"uuid": node["uuid"],
|
||||||
|
"created_at": node["created_at"],
|
||||||
|
"links": build_links(node, env),
|
||||||
|
}
|
||||||
|
data.append(item)
|
||||||
|
return jsonify(data)
|
||||||
|
|
||||||
|
|
||||||
|
@app.route("/api/nodes", methods=["POST"])
|
||||||
|
@login_required
|
||||||
|
def api_add_node():
|
||||||
|
body = request.get_json(silent=True) or {}
|
||||||
|
name = (body.get("name") or request.form.get("name") or "新节点").strip()
|
||||||
|
node = add_node(name)
|
||||||
|
ok, msg = apply_singbox()
|
||||||
|
if not ok:
|
||||||
|
delete_node(node["id"])
|
||||||
|
return jsonify({"error": msg}), 500
|
||||||
|
env = load_env()
|
||||||
|
return jsonify(
|
||||||
|
{
|
||||||
|
"id": node["id"],
|
||||||
|
"name": node["name"],
|
||||||
|
"links": build_links(node, env),
|
||||||
|
}
|
||||||
|
)
|
||||||
|
|
||||||
|
|
||||||
|
@app.route("/api/nodes/<int:node_id>", methods=["DELETE"])
|
||||||
|
@login_required
|
||||||
|
def api_delete_node(node_id: int):
|
||||||
|
if node_count() <= 1:
|
||||||
|
return jsonify({"error": "至少保留一个节点"}), 400
|
||||||
|
if not delete_node(node_id):
|
||||||
|
return jsonify({"error": "节点不存在"}), 404
|
||||||
|
ok, msg = apply_singbox()
|
||||||
|
if not ok:
|
||||||
|
return jsonify({"error": msg}), 500
|
||||||
|
return jsonify({"ok": True})
|
||||||
|
|
||||||
|
|
||||||
|
if __name__ == "__main__":
|
||||||
|
app.run(host="127.0.0.1", port=5080)
|
||||||
+124
@@ -0,0 +1,124 @@
|
|||||||
|
"""SQLite 数据库:管理员账号与节点。"""
|
||||||
|
from __future__ import annotations
|
||||||
|
|
||||||
|
import os
|
||||||
|
import secrets
|
||||||
|
import sqlite3
|
||||||
|
import subprocess
|
||||||
|
from pathlib import Path
|
||||||
|
|
||||||
|
from werkzeug.security import check_password_hash, generate_password_hash
|
||||||
|
|
||||||
|
ROOT = Path(os.environ.get("JIEDIAN_ROOT", Path(__file__).resolve().parents[1]))
|
||||||
|
DB_FILE = ROOT / "data" / "nodes.db"
|
||||||
|
|
||||||
|
|
||||||
|
def connect() -> sqlite3.Connection:
|
||||||
|
DB_FILE.parent.mkdir(parents=True, exist_ok=True)
|
||||||
|
conn = sqlite3.connect(DB_FILE)
|
||||||
|
conn.row_factory = sqlite3.Row
|
||||||
|
conn.execute("PRAGMA foreign_keys = ON")
|
||||||
|
return conn
|
||||||
|
|
||||||
|
|
||||||
|
def init_db(env: dict[str, str]) -> None:
|
||||||
|
conn = connect()
|
||||||
|
conn.executescript(
|
||||||
|
"""
|
||||||
|
CREATE TABLE IF NOT EXISTS admin (
|
||||||
|
id INTEGER PRIMARY KEY,
|
||||||
|
username TEXT UNIQUE NOT NULL,
|
||||||
|
password_hash TEXT NOT NULL
|
||||||
|
);
|
||||||
|
CREATE TABLE IF NOT EXISTS nodes (
|
||||||
|
id INTEGER PRIMARY KEY AUTOINCREMENT,
|
||||||
|
name TEXT NOT NULL,
|
||||||
|
uuid TEXT NOT NULL UNIQUE,
|
||||||
|
hy2_password TEXT NOT NULL,
|
||||||
|
enabled INTEGER NOT NULL DEFAULT 1,
|
||||||
|
created_at TEXT NOT NULL DEFAULT (datetime('now'))
|
||||||
|
);
|
||||||
|
"""
|
||||||
|
)
|
||||||
|
|
||||||
|
username = env.get("PANEL_USERNAME", "admin")
|
||||||
|
password = env.get("PANEL_PASSWORD")
|
||||||
|
if not password:
|
||||||
|
raise SystemExit("请在 .env 中设置 PANEL_PASSWORD(运行 generate-keys.sh 可自动生成)")
|
||||||
|
|
||||||
|
row = conn.execute("SELECT id FROM admin WHERE username = ?", (username,)).fetchone()
|
||||||
|
if row is None:
|
||||||
|
conn.execute(
|
||||||
|
"INSERT INTO admin (username, password_hash) VALUES (?, ?)",
|
||||||
|
(username, generate_password_hash(password)),
|
||||||
|
)
|
||||||
|
|
||||||
|
count = conn.execute("SELECT COUNT(*) AS c FROM nodes").fetchone()["c"]
|
||||||
|
if count == 0:
|
||||||
|
uuid, hy2 = _generate_credentials()
|
||||||
|
conn.execute(
|
||||||
|
"INSERT INTO nodes (name, uuid, hy2_password) VALUES (?, ?, ?)",
|
||||||
|
("默认节点", uuid, hy2),
|
||||||
|
)
|
||||||
|
|
||||||
|
conn.commit()
|
||||||
|
conn.close()
|
||||||
|
|
||||||
|
|
||||||
|
def verify_admin(username: str, password: str) -> bool:
|
||||||
|
conn = connect()
|
||||||
|
row = conn.execute(
|
||||||
|
"SELECT password_hash FROM admin WHERE username = ?", (username,)
|
||||||
|
).fetchone()
|
||||||
|
conn.close()
|
||||||
|
if row is None:
|
||||||
|
return False
|
||||||
|
return check_password_hash(row["password_hash"], password)
|
||||||
|
|
||||||
|
|
||||||
|
def list_nodes() -> list[dict]:
|
||||||
|
conn = connect()
|
||||||
|
rows = conn.execute(
|
||||||
|
"SELECT id, name, uuid, hy2_password, enabled, created_at "
|
||||||
|
"FROM nodes ORDER BY id DESC"
|
||||||
|
).fetchall()
|
||||||
|
conn.close()
|
||||||
|
return [dict(row) for row in rows]
|
||||||
|
|
||||||
|
|
||||||
|
def add_node(name: str) -> dict:
|
||||||
|
name = name.strip() or "未命名节点"
|
||||||
|
uuid, hy2 = _generate_credentials()
|
||||||
|
conn = connect()
|
||||||
|
cur = conn.execute(
|
||||||
|
"INSERT INTO nodes (name, uuid, hy2_password) VALUES (?, ?, ?)",
|
||||||
|
(name, uuid, hy2),
|
||||||
|
)
|
||||||
|
node_id = cur.lastrowid
|
||||||
|
row = conn.execute("SELECT * FROM nodes WHERE id = ?", (node_id,)).fetchone()
|
||||||
|
conn.commit()
|
||||||
|
conn.close()
|
||||||
|
return dict(row)
|
||||||
|
|
||||||
|
|
||||||
|
def delete_node(node_id: int) -> bool:
|
||||||
|
conn = connect()
|
||||||
|
cur = conn.execute("DELETE FROM nodes WHERE id = ?", (node_id,))
|
||||||
|
conn.commit()
|
||||||
|
deleted = cur.rowcount > 0
|
||||||
|
conn.close()
|
||||||
|
return deleted
|
||||||
|
|
||||||
|
|
||||||
|
def node_count() -> int:
|
||||||
|
conn = connect()
|
||||||
|
count = conn.execute("SELECT COUNT(*) AS c FROM nodes").fetchone()["c"]
|
||||||
|
conn.close()
|
||||||
|
return count
|
||||||
|
|
||||||
|
|
||||||
|
def _generate_credentials() -> tuple[str, str]:
|
||||||
|
sb = "sing-box"
|
||||||
|
uuid = subprocess.check_output([sb, "generate", "uuid"], text=True).strip()
|
||||||
|
hy2 = secrets.token_urlsafe(18)[:24]
|
||||||
|
return uuid, hy2
|
||||||
@@ -0,0 +1,30 @@
|
|||||||
|
#!/usr/bin/env python3
|
||||||
|
"""初始化 SQLite 数据库与默认管理员。"""
|
||||||
|
from __future__ import annotations
|
||||||
|
|
||||||
|
import os
|
||||||
|
import sys
|
||||||
|
from pathlib import Path
|
||||||
|
|
||||||
|
ROOT = Path(__file__).resolve().parents[1]
|
||||||
|
sys.path.insert(0, str(ROOT / "panel"))
|
||||||
|
|
||||||
|
os.environ.setdefault("JIEDIAN_ROOT", str(ROOT))
|
||||||
|
|
||||||
|
from db import init_db # noqa: E402
|
||||||
|
|
||||||
|
|
||||||
|
def load_env() -> dict[str, str]:
|
||||||
|
env: dict[str, str] = {}
|
||||||
|
for line in (ROOT / ".env").read_text(encoding="utf-8").splitlines():
|
||||||
|
line = line.strip()
|
||||||
|
if not line or line.startswith("#") or "=" not in line:
|
||||||
|
continue
|
||||||
|
key, _, value = line.partition("=")
|
||||||
|
env[key.strip()] = value.strip()
|
||||||
|
return env
|
||||||
|
|
||||||
|
|
||||||
|
if __name__ == "__main__":
|
||||||
|
init_db(load_env())
|
||||||
|
print("数据库初始化完成")
|
||||||
@@ -0,0 +1,37 @@
|
|||||||
|
"""分享链接生成。"""
|
||||||
|
from __future__ import annotations
|
||||||
|
|
||||||
|
import os
|
||||||
|
from pathlib import Path
|
||||||
|
from urllib.parse import quote
|
||||||
|
|
||||||
|
|
||||||
|
def load_env() -> dict[str, str]:
|
||||||
|
root = Path(os.environ.get("JIEDIAN_ROOT", Path(__file__).resolve().parents[1]))
|
||||||
|
env: dict[str, str] = {}
|
||||||
|
for line in (root / ".env").read_text(encoding="utf-8").splitlines():
|
||||||
|
line = line.strip()
|
||||||
|
if not line or line.startswith("#") or "=" not in line:
|
||||||
|
continue
|
||||||
|
key, _, value = line.partition("=")
|
||||||
|
env[key.strip()] = value.strip()
|
||||||
|
return env
|
||||||
|
|
||||||
|
|
||||||
|
def build_links(node: dict, env: dict | None = None) -> dict[str, str]:
|
||||||
|
env = env or load_env()
|
||||||
|
vps_ip = env["VPS_IP"]
|
||||||
|
domain = env["DOMAIN"]
|
||||||
|
reality_sni = env.get("REALITY_SERVER_NAME", "www.microsoft.com")
|
||||||
|
public_key = env["REALITY_PUBLIC_KEY"]
|
||||||
|
short_id = env["REALITY_SHORT_ID"]
|
||||||
|
name = quote(node["name"])
|
||||||
|
|
||||||
|
vless = (
|
||||||
|
f"vless://{node['uuid']}@{vps_ip}:443"
|
||||||
|
f"?encryption=none&flow=xtls-rprx-vision&security=reality"
|
||||||
|
f"&sni={reality_sni}&fp=chrome&pbk={public_key}&sid={short_id}"
|
||||||
|
f"&type=tcp#{name}"
|
||||||
|
)
|
||||||
|
hy2 = f"hy2://{node['hy2_password']}@{domain}:8443?sni={domain}#{name}-Hy2"
|
||||||
|
return {"vless": vless, "hy2": hy2}
|
||||||
@@ -0,0 +1,2 @@
|
|||||||
|
flask>=3.0,<4
|
||||||
|
werkzeug>=3.0,<4
|
||||||
@@ -0,0 +1,74 @@
|
|||||||
|
function toast(msg) {
|
||||||
|
const el = document.getElementById("toast");
|
||||||
|
el.textContent = msg;
|
||||||
|
el.classList.remove("hidden");
|
||||||
|
setTimeout(() => el.classList.add("hidden"), 2200);
|
||||||
|
}
|
||||||
|
|
||||||
|
document.querySelectorAll("[data-copy]").forEach((btn) => {
|
||||||
|
btn.addEventListener("click", async () => {
|
||||||
|
const text = btn.dataset.copy;
|
||||||
|
try {
|
||||||
|
await navigator.clipboard.writeText(text);
|
||||||
|
toast("已复制到剪贴板");
|
||||||
|
} catch {
|
||||||
|
toast("复制失败,请手动选择文本");
|
||||||
|
}
|
||||||
|
});
|
||||||
|
});
|
||||||
|
|
||||||
|
const modal = document.getElementById("modal");
|
||||||
|
const addBtn = document.getElementById("addBtn");
|
||||||
|
const cancelBtn = document.getElementById("cancelBtn");
|
||||||
|
const confirmAddBtn = document.getElementById("confirmAddBtn");
|
||||||
|
const nodeName = document.getElementById("nodeName");
|
||||||
|
|
||||||
|
if (addBtn) {
|
||||||
|
addBtn.addEventListener("click", () => {
|
||||||
|
nodeName.value = "";
|
||||||
|
modal.classList.remove("hidden");
|
||||||
|
nodeName.focus();
|
||||||
|
});
|
||||||
|
}
|
||||||
|
|
||||||
|
if (cancelBtn) {
|
||||||
|
cancelBtn.addEventListener("click", () => modal.classList.add("hidden"));
|
||||||
|
}
|
||||||
|
|
||||||
|
if (confirmAddBtn) {
|
||||||
|
confirmAddBtn.addEventListener("click", async () => {
|
||||||
|
const name = nodeName.value.trim() || "新节点";
|
||||||
|
confirmAddBtn.disabled = true;
|
||||||
|
try {
|
||||||
|
const res = await fetch("/api/nodes", {
|
||||||
|
method: "POST",
|
||||||
|
headers: { "Content-Type": "application/json" },
|
||||||
|
body: JSON.stringify({ name }),
|
||||||
|
});
|
||||||
|
const data = await res.json();
|
||||||
|
if (!res.ok) throw new Error(data.error || "创建失败");
|
||||||
|
location.reload();
|
||||||
|
} catch (err) {
|
||||||
|
toast(err.message);
|
||||||
|
} finally {
|
||||||
|
confirmAddBtn.disabled = false;
|
||||||
|
}
|
||||||
|
});
|
||||||
|
}
|
||||||
|
|
||||||
|
document.querySelectorAll(".delete-btn").forEach((btn) => {
|
||||||
|
btn.addEventListener("click", async () => {
|
||||||
|
const id = btn.dataset.id;
|
||||||
|
if (!confirm("确定删除该节点?删除后对应链接将失效。")) return;
|
||||||
|
btn.disabled = true;
|
||||||
|
try {
|
||||||
|
const res = await fetch(`/api/nodes/${id}`, { method: "DELETE" });
|
||||||
|
const data = await res.json();
|
||||||
|
if (!res.ok) throw new Error(data.error || "删除失败");
|
||||||
|
location.reload();
|
||||||
|
} catch (err) {
|
||||||
|
toast(err.message);
|
||||||
|
btn.disabled = false;
|
||||||
|
}
|
||||||
|
});
|
||||||
|
});
|
||||||
@@ -0,0 +1,171 @@
|
|||||||
|
:root {
|
||||||
|
--bg: #0f1419;
|
||||||
|
--card: #1a2332;
|
||||||
|
--border: #2a3544;
|
||||||
|
--text: #e7ecf3;
|
||||||
|
--muted: #8b98a8;
|
||||||
|
--primary: #3b82f6;
|
||||||
|
--danger: #ef4444;
|
||||||
|
--radius: 12px;
|
||||||
|
}
|
||||||
|
|
||||||
|
* { box-sizing: border-box; }
|
||||||
|
body {
|
||||||
|
margin: 0;
|
||||||
|
font-family: "Segoe UI", system-ui, sans-serif;
|
||||||
|
background: var(--bg);
|
||||||
|
color: var(--text);
|
||||||
|
min-height: 100vh;
|
||||||
|
}
|
||||||
|
|
||||||
|
.auth-wrap {
|
||||||
|
min-height: 100vh;
|
||||||
|
display: grid;
|
||||||
|
place-items: center;
|
||||||
|
padding: 24px;
|
||||||
|
}
|
||||||
|
|
||||||
|
.auth-card, .modal-card, .node-card {
|
||||||
|
background: var(--card);
|
||||||
|
border: 1px solid var(--border);
|
||||||
|
border-radius: var(--radius);
|
||||||
|
padding: 24px;
|
||||||
|
}
|
||||||
|
|
||||||
|
.auth-card { width: min(420px, 100%); }
|
||||||
|
.auth-card h1 { margin: 0 0 8px; font-size: 1.5rem; }
|
||||||
|
|
||||||
|
.topbar {
|
||||||
|
display: flex;
|
||||||
|
justify-content: space-between;
|
||||||
|
align-items: center;
|
||||||
|
padding: 16px 24px;
|
||||||
|
border-bottom: 1px solid var(--border);
|
||||||
|
background: rgba(26, 35, 50, 0.8);
|
||||||
|
backdrop-filter: blur(8px);
|
||||||
|
position: sticky;
|
||||||
|
top: 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
.container { max-width: 960px; margin: 0 auto; padding: 24px; }
|
||||||
|
|
||||||
|
.hero {
|
||||||
|
display: flex;
|
||||||
|
justify-content: space-between;
|
||||||
|
align-items: center;
|
||||||
|
gap: 16px;
|
||||||
|
margin-bottom: 24px;
|
||||||
|
}
|
||||||
|
|
||||||
|
.hero h1 { margin: 0 0 8px; }
|
||||||
|
|
||||||
|
.muted { color: var(--muted); }
|
||||||
|
|
||||||
|
.form label, .field label {
|
||||||
|
display: block;
|
||||||
|
margin: 12px 0 6px;
|
||||||
|
color: var(--muted);
|
||||||
|
font-size: 0.9rem;
|
||||||
|
}
|
||||||
|
|
||||||
|
input[type="text"],
|
||||||
|
input[type="password"],
|
||||||
|
input[readonly] {
|
||||||
|
width: 100%;
|
||||||
|
padding: 10px 12px;
|
||||||
|
border-radius: 8px;
|
||||||
|
border: 1px solid var(--border);
|
||||||
|
background: #111827;
|
||||||
|
color: var(--text);
|
||||||
|
}
|
||||||
|
|
||||||
|
.btn {
|
||||||
|
border: 1px solid var(--border);
|
||||||
|
background: #111827;
|
||||||
|
color: var(--text);
|
||||||
|
padding: 8px 14px;
|
||||||
|
border-radius: 8px;
|
||||||
|
cursor: pointer;
|
||||||
|
text-decoration: none;
|
||||||
|
display: inline-block;
|
||||||
|
}
|
||||||
|
|
||||||
|
.btn:hover { border-color: var(--primary); }
|
||||||
|
.btn.primary {
|
||||||
|
background: var(--primary);
|
||||||
|
border-color: var(--primary);
|
||||||
|
color: white;
|
||||||
|
}
|
||||||
|
.btn.ghost { background: transparent; }
|
||||||
|
.btn.danger {
|
||||||
|
color: var(--danger);
|
||||||
|
border-color: rgba(239, 68, 68, 0.4);
|
||||||
|
}
|
||||||
|
|
||||||
|
.node-list { display: grid; gap: 16px; }
|
||||||
|
.node-head {
|
||||||
|
display: flex;
|
||||||
|
justify-content: space-between;
|
||||||
|
align-items: center;
|
||||||
|
margin-bottom: 12px;
|
||||||
|
}
|
||||||
|
.node-head h2 { margin: 0; font-size: 1.1rem; }
|
||||||
|
.tag {
|
||||||
|
font-size: 0.8rem;
|
||||||
|
color: var(--muted);
|
||||||
|
background: #111827;
|
||||||
|
padding: 4px 8px;
|
||||||
|
border-radius: 999px;
|
||||||
|
}
|
||||||
|
|
||||||
|
.copy-row {
|
||||||
|
display: grid;
|
||||||
|
grid-template-columns: 1fr auto;
|
||||||
|
gap: 8px;
|
||||||
|
}
|
||||||
|
|
||||||
|
.node-actions { margin-top: 16px; text-align: right; }
|
||||||
|
|
||||||
|
.alert {
|
||||||
|
background: rgba(239, 68, 68, 0.15);
|
||||||
|
border: 1px solid rgba(239, 68, 68, 0.35);
|
||||||
|
padding: 10px 12px;
|
||||||
|
border-radius: 8px;
|
||||||
|
margin: 12px 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
.toast {
|
||||||
|
position: fixed;
|
||||||
|
right: 24px;
|
||||||
|
bottom: 24px;
|
||||||
|
background: var(--card);
|
||||||
|
border: 1px solid var(--border);
|
||||||
|
padding: 12px 16px;
|
||||||
|
border-radius: 8px;
|
||||||
|
z-index: 20;
|
||||||
|
}
|
||||||
|
|
||||||
|
.hidden { display: none !important; }
|
||||||
|
|
||||||
|
.modal {
|
||||||
|
position: fixed;
|
||||||
|
inset: 0;
|
||||||
|
background: rgba(0, 0, 0, 0.55);
|
||||||
|
display: grid;
|
||||||
|
place-items: center;
|
||||||
|
padding: 24px;
|
||||||
|
z-index: 10;
|
||||||
|
}
|
||||||
|
|
||||||
|
.modal-card { width: min(420px, 100%); }
|
||||||
|
.modal-actions {
|
||||||
|
display: flex;
|
||||||
|
justify-content: flex-end;
|
||||||
|
gap: 8px;
|
||||||
|
margin-top: 20px;
|
||||||
|
}
|
||||||
|
|
||||||
|
@media (max-width: 640px) {
|
||||||
|
.hero { flex-direction: column; align-items: flex-start; }
|
||||||
|
.copy-row { grid-template-columns: 1fr; }
|
||||||
|
}
|
||||||
@@ -0,0 +1,13 @@
|
|||||||
|
<!DOCTYPE html>
|
||||||
|
<html lang="zh-CN">
|
||||||
|
<head>
|
||||||
|
<meta charset="UTF-8">
|
||||||
|
<meta name="viewport" content="width=device-width, initial-scale=1.0">
|
||||||
|
<title>{% block title %}jiedian 面板{% endblock %}</title>
|
||||||
|
<link rel="stylesheet" href="{{ url_for('static', filename='style.css') }}">
|
||||||
|
</head>
|
||||||
|
<body>
|
||||||
|
{% block body %}{% endblock %}
|
||||||
|
{% block scripts %}{% endblock %}
|
||||||
|
</body>
|
||||||
|
</html>
|
||||||
@@ -0,0 +1,65 @@
|
|||||||
|
{% extends "base.html" %}
|
||||||
|
{% block title %}节点管理 · jiedian{% endblock %}
|
||||||
|
{% block body %}
|
||||||
|
<header class="topbar">
|
||||||
|
<div>
|
||||||
|
<strong>jiedian 面板</strong>
|
||||||
|
<span class="muted"> · {{ domain }}</span>
|
||||||
|
</div>
|
||||||
|
<a class="btn ghost" href="{{ url_for('logout') }}">退出</a>
|
||||||
|
</header>
|
||||||
|
|
||||||
|
<main class="container">
|
||||||
|
<section class="hero">
|
||||||
|
<div>
|
||||||
|
<h1>节点列表</h1>
|
||||||
|
<p class="muted">VPS {{ vps_ip }} · Reality 443 · Hysteria2 8443</p>
|
||||||
|
</div>
|
||||||
|
<button id="addBtn" class="btn primary">+ 添加节点</button>
|
||||||
|
</section>
|
||||||
|
|
||||||
|
<div id="toast" class="toast hidden"></div>
|
||||||
|
<div id="nodeList" class="node-list">
|
||||||
|
{% for node in nodes %}
|
||||||
|
<article class="node-card" data-id="{{ node.id }}">
|
||||||
|
<div class="node-head">
|
||||||
|
<h2>{{ node.name }}</h2>
|
||||||
|
<span class="tag">{{ node.created_at[:10] }}</span>
|
||||||
|
</div>
|
||||||
|
<div class="field">
|
||||||
|
<label>VLESS + Reality</label>
|
||||||
|
<div class="copy-row">
|
||||||
|
<input readonly value="{{ node.links.vless }}">
|
||||||
|
<button class="btn" data-copy="{{ node.links.vless }}">复制</button>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
<div class="field">
|
||||||
|
<label>Hysteria2</label>
|
||||||
|
<div class="copy-row">
|
||||||
|
<input readonly value="{{ node.links.hy2 }}">
|
||||||
|
<button class="btn" data-copy="{{ node.links.hy2 }}">复制</button>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
<div class="node-actions">
|
||||||
|
<button class="btn danger delete-btn" data-id="{{ node.id }}">删除</button>
|
||||||
|
</div>
|
||||||
|
</article>
|
||||||
|
{% endfor %}
|
||||||
|
</div>
|
||||||
|
</main>
|
||||||
|
|
||||||
|
<div id="modal" class="modal hidden">
|
||||||
|
<div class="modal-card">
|
||||||
|
<h3>添加节点</h3>
|
||||||
|
<label>节点名称</label>
|
||||||
|
<input id="nodeName" type="text" placeholder="例如:手机、电脑">
|
||||||
|
<div class="modal-actions">
|
||||||
|
<button id="cancelBtn" class="btn ghost">取消</button>
|
||||||
|
<button id="confirmAddBtn" class="btn primary">创建</button>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
{% endblock %}
|
||||||
|
{% block scripts %}
|
||||||
|
<script src="{{ url_for('static', filename='app.js') }}"></script>
|
||||||
|
{% endblock %}
|
||||||
@@ -0,0 +1,20 @@
|
|||||||
|
{% extends "base.html" %}
|
||||||
|
{% block title %}登录 · jiedian{% endblock %}
|
||||||
|
{% block body %}
|
||||||
|
<div class="auth-wrap">
|
||||||
|
<div class="auth-card">
|
||||||
|
<h1>jiedian 管理面板</h1>
|
||||||
|
<p class="muted">登录后管理节点与分享链接</p>
|
||||||
|
{% if error %}
|
||||||
|
<div class="alert">{{ error }}</div>
|
||||||
|
{% endif %}
|
||||||
|
<form method="post" class="form">
|
||||||
|
<label>用户名</label>
|
||||||
|
<input type="text" name="username" autocomplete="username" required autofocus>
|
||||||
|
<label>密码</label>
|
||||||
|
<input type="password" name="password" autocomplete="current-password" required>
|
||||||
|
<button type="submit" class="btn primary">登录</button>
|
||||||
|
</form>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
{% endblock %}
|
||||||
@@ -1,97 +1,3 @@
|
|||||||
#!/usr/bin/env bash
|
#!/usr/bin/env bash
|
||||||
# 证书已申请但 sing-box 未安装完成时,执行本脚本补全部署
|
# 已合并到 install.sh,保留此入口以兼容旧文档
|
||||||
set -euo pipefail
|
exec bash "$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)/install.sh" "$@"
|
||||||
|
|
||||||
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
|
|
||||||
ROOT_DIR="$(dirname "$SCRIPT_DIR")"
|
|
||||||
ENV_FILE="${ROOT_DIR}/.env"
|
|
||||||
|
|
||||||
[[ $EUID -eq 0 ]] || { echo "请使用 root 运行"; exit 1; }
|
|
||||||
[[ -f "$ENV_FILE" ]] || { echo "缺少 .env"; exit 1; }
|
|
||||||
# shellcheck disable=SC1090
|
|
||||||
source "$ENV_FILE"
|
|
||||||
|
|
||||||
: "${DOMAIN:?}"
|
|
||||||
: "${UUID:?}"
|
|
||||||
: "${REALITY_PRIVATE_KEY:?}"
|
|
||||||
: "${REALITY_SHORT_ID:?}"
|
|
||||||
: "${HY2_PASSWORD:?}"
|
|
||||||
: "${REALITY_PUBLIC_KEY:?}"
|
|
||||||
|
|
||||||
if ! command -v sing-box &>/dev/null; then
|
|
||||||
echo "sing-box 未安装,请先运行: bash scripts/install.sh"
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
|
|
||||||
mkdir -p /etc/sing-box/certs
|
|
||||||
|
|
||||||
if [[ ! -f /etc/sing-box/certs/fullchain.pem ]]; then
|
|
||||||
echo "安装证书..."
|
|
||||||
/root/.acme.sh/acme.sh --install-cert -d "$DOMAIN" \
|
|
||||||
--key-file /etc/sing-box/certs/privkey.pem \
|
|
||||||
--fullchain-file /etc/sing-box/certs/fullchain.pem \
|
|
||||||
--reloadcmd "systemctl restart sing-box || true"
|
|
||||||
fi
|
|
||||||
|
|
||||||
echo "生成 sing-box 配置..."
|
|
||||||
sed -e "s|\${UUID}|${UUID}|g" \
|
|
||||||
-e "s|\${REALITY_SERVER_NAME}|${REALITY_SERVER_NAME:-www.microsoft.com}|g" \
|
|
||||||
-e "s|\${REALITY_PRIVATE_KEY}|${REALITY_PRIVATE_KEY}|g" \
|
|
||||||
-e "s|\${REALITY_SHORT_ID}|${REALITY_SHORT_ID}|g" \
|
|
||||||
-e "s|\${HY2_PASSWORD}|${HY2_PASSWORD}|g" \
|
|
||||||
-e "s|\${DOMAIN}|${DOMAIN}|g" \
|
|
||||||
"$ROOT_DIR/server/sing-box.json.template" > /etc/sing-box/config.json
|
|
||||||
|
|
||||||
sing-box check -c /etc/sing-box/config.json
|
|
||||||
|
|
||||||
cat > /etc/systemd/system/sing-box.service <<'UNIT'
|
|
||||||
[Unit]
|
|
||||||
Description=sing-box service
|
|
||||||
After=network-online.target nginx.service
|
|
||||||
Wants=network-online.target
|
|
||||||
|
|
||||||
[Service]
|
|
||||||
Type=simple
|
|
||||||
ExecStart=/usr/local/bin/sing-box run -c /etc/sing-box/config.json
|
|
||||||
Restart=on-failure
|
|
||||||
RestartSec=5
|
|
||||||
LimitNOFILE=1048576
|
|
||||||
|
|
||||||
[Install]
|
|
||||||
WantedBy=multi-user.target
|
|
||||||
UNIT
|
|
||||||
|
|
||||||
systemctl daemon-reload
|
|
||||||
systemctl enable sing-box
|
|
||||||
systemctl restart sing-box
|
|
||||||
|
|
||||||
CLIENT_DIR="${ROOT_DIR}/client/generated"
|
|
||||||
mkdir -p "$CLIENT_DIR"
|
|
||||||
sed -e "s|\${VPS_IP}|${VPS_IP}|g" \
|
|
||||||
-e "s|\${DOMAIN}|${DOMAIN}|g" \
|
|
||||||
-e "s|\${UUID}|${UUID}|g" \
|
|
||||||
-e "s|\${REALITY_SERVER_NAME}|${REALITY_SERVER_NAME:-www.microsoft.com}|g" \
|
|
||||||
-e "s|\${REALITY_PUBLIC_KEY}|${REALITY_PUBLIC_KEY}|g" \
|
|
||||||
-e "s|\${REALITY_SHORT_ID}|${REALITY_SHORT_ID}|g" \
|
|
||||||
-e "s|\${HY2_PASSWORD}|${HY2_PASSWORD}|g" \
|
|
||||||
"$ROOT_DIR/client/sing-box-client.json.template" > "$CLIENT_DIR/sing-box-client.json"
|
|
||||||
|
|
||||||
cat > "$CLIENT_DIR/share-links.txt" <<EOF
|
|
||||||
========== VLESS + Reality (主力) ==========
|
|
||||||
vless://${UUID}@${VPS_IP}:443?encryption=none&flow=xtls-rprx-vision&security=reality&sni=${REALITY_SERVER_NAME:-www.microsoft.com}&fp=chrome&pbk=${REALITY_PUBLIC_KEY}&sid=${REALITY_SHORT_ID}&type=tcp#Reality-Main
|
|
||||||
|
|
||||||
========== Hysteria2 (备用) ==========
|
|
||||||
hy2://${HY2_PASSWORD}@${DOMAIN}:8443?sni=${DOMAIN}#Hysteria2-Backup
|
|
||||||
EOF
|
|
||||||
|
|
||||||
/root/.acme.sh/acme.sh --install-cert -d "$DOMAIN" \
|
|
||||||
--key-file /etc/sing-box/certs/privkey.pem \
|
|
||||||
--fullchain-file /etc/sing-box/certs/fullchain.pem \
|
|
||||||
--reloadcmd "systemctl restart sing-box" \
|
|
||||||
|| echo "警告: acme reloadcmd 注册失败,sing-box 已在运行,可忽略"
|
|
||||||
|
|
||||||
echo ""
|
|
||||||
echo "完成!sing-box 状态:"
|
|
||||||
systemctl status sing-box --no-pager
|
|
||||||
echo ""
|
|
||||||
cat "$CLIENT_DIR/share-links.txt"
|
|
||||||
|
|||||||
@@ -1,12 +1,11 @@
|
|||||||
#!/usr/bin/env bash
|
#!/usr/bin/env bash
|
||||||
# 生成 Reality 与 Hysteria2 所需密钥,输出到 stdout 并写入 .env
|
# 生成 Reality 密钥与面板登录密码,写入 .env
|
||||||
set -euo pipefail
|
set -euo pipefail
|
||||||
|
|
||||||
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
|
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
|
||||||
ROOT_DIR="$(dirname "$SCRIPT_DIR")"
|
ROOT_DIR="$(dirname "$SCRIPT_DIR")"
|
||||||
ENV_FILE="${ROOT_DIR}/.env"
|
ENV_FILE="${ROOT_DIR}/.env"
|
||||||
|
|
||||||
# 依赖 sing-box 生成 reality 密钥对
|
|
||||||
if ! command -v sing-box &>/dev/null; then
|
if ! command -v sing-box &>/dev/null; then
|
||||||
echo "sing-box 未安装,使用临时下载..." >&2
|
echo "sing-box 未安装,使用临时下载..." >&2
|
||||||
TMP="$(mktemp -d)"
|
TMP="$(mktemp -d)"
|
||||||
@@ -16,31 +15,28 @@ if ! command -v sing-box &>/dev/null; then
|
|||||||
aarch64) SB_ARCH="arm64" ;;
|
aarch64) SB_ARCH="arm64" ;;
|
||||||
*) echo "不支持的架构: $ARCH" >&2; exit 1 ;;
|
*) echo "不支持的架构: $ARCH" >&2; exit 1 ;;
|
||||||
esac
|
esac
|
||||||
curl -fsSL "https://github.com/SagerNet/sing-box/releases/latest/download/sing-box-1.11.0-linux-${SB_ARCH}.tar.gz" \
|
curl -fsSL "https://github.com/SagerNet/sing-box/releases/download/v1.11.0/sing-box-1.11.0-linux-${SB_ARCH}.tar.gz" \
|
||||||
| tar -xz -C "$TMP" --strip-components=1
|
| tar -xz -C "$TMP" --strip-components=1
|
||||||
SB="$TMP/sing-box"
|
SB="$TMP/sing-box"
|
||||||
else
|
else
|
||||||
SB="sing-box"
|
SB="sing-box"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
UUID="$("$SB" generate uuid)"
|
|
||||||
KEYPAIR="$("$SB" generate reality-keypair)"
|
KEYPAIR="$("$SB" generate reality-keypair)"
|
||||||
PRIVATE_KEY="$(echo "$KEYPAIR" | grep 'PrivateKey:' | awk '{print $2}')"
|
PRIVATE_KEY="$(echo "$KEYPAIR" | grep 'PrivateKey:' | awk '{print $2}')"
|
||||||
PUBLIC_KEY="$(echo "$KEYPAIR" | grep 'PublicKey:' | awk '{print $2}')"
|
PUBLIC_KEY="$(echo "$KEYPAIR" | grep 'PublicKey:' | awk '{print $2}')"
|
||||||
SHORT_ID="$("$SB" generate rand --hex 8)"
|
SHORT_ID="$("$SB" generate rand --hex 8)"
|
||||||
HY2_PASSWORD="$("$SB" generate rand --base64 32 | tr -d '/+=' | head -c 24)"
|
PANEL_PASSWORD="$("$SB" generate rand --base64 32 | tr -d '/+=' | head -c 20)"
|
||||||
|
|
||||||
echo "========== 生成的密钥 =========="
|
echo "========== 生成的密钥 =========="
|
||||||
echo "UUID: $UUID"
|
|
||||||
echo "REALITY_PRIVATE_KEY: $PRIVATE_KEY"
|
echo "REALITY_PRIVATE_KEY: $PRIVATE_KEY"
|
||||||
echo "REALITY_PUBLIC_KEY: $PUBLIC_KEY"
|
echo "REALITY_PUBLIC_KEY: $PUBLIC_KEY"
|
||||||
echo "REALITY_SHORT_ID: $SHORT_ID"
|
echo "REALITY_SHORT_ID: $SHORT_ID"
|
||||||
echo "HY2_PASSWORD: $HY2_PASSWORD"
|
echo "PANEL_PASSWORD: $PANEL_PASSWORD"
|
||||||
echo "================================"
|
echo "================================"
|
||||||
|
|
||||||
if [[ -f "$ENV_FILE" ]]; then
|
if [[ -f "$ENV_FILE" ]]; then
|
||||||
# 更新或追加 .env 中的密钥字段
|
for var in REALITY_PRIVATE_KEY REALITY_PUBLIC_KEY REALITY_SHORT_ID PANEL_PASSWORD; do
|
||||||
for var in UUID REALITY_PRIVATE_KEY REALITY_PUBLIC_KEY REALITY_SHORT_ID HY2_PASSWORD; do
|
|
||||||
val="${!var}"
|
val="${!var}"
|
||||||
if grep -q "^${var}=" "$ENV_FILE" 2>/dev/null; then
|
if grep -q "^${var}=" "$ENV_FILE" 2>/dev/null; then
|
||||||
sed -i "s|^${var}=.*|${var}=${val}|" "$ENV_FILE"
|
sed -i "s|^${var}=.*|${var}=${val}|" "$ENV_FILE"
|
||||||
@@ -48,6 +44,9 @@ if [[ -f "$ENV_FILE" ]]; then
|
|||||||
echo "${var}=${val}" >> "$ENV_FILE"
|
echo "${var}=${val}" >> "$ENV_FILE"
|
||||||
fi
|
fi
|
||||||
done
|
done
|
||||||
|
if ! grep -q "^PANEL_USERNAME=" "$ENV_FILE" 2>/dev/null; then
|
||||||
|
echo "PANEL_USERNAME=admin" >> "$ENV_FILE"
|
||||||
|
fi
|
||||||
echo "已写入 $ENV_FILE"
|
echo "已写入 $ENV_FILE"
|
||||||
else
|
else
|
||||||
echo "提示: 先复制 .env.example 为 .env 并填写 VPS_IP、DOMAIN 等,再重新运行本脚本" >&2
|
echo "提示: 先复制 .env.example 为 .env 并填写 VPS_IP、DOMAIN 等,再重新运行本脚本" >&2
|
||||||
|
|||||||
+81
-59
@@ -1,6 +1,5 @@
|
|||||||
#!/usr/bin/env bash
|
#!/usr/bin/env bash
|
||||||
# VPS 一键部署:sing-box (Reality + Hysteria2) + Nginx fallback
|
# VPS 一键部署:sing-box + Web 管理面板
|
||||||
# 适用:Ubuntu 22.04/24.04、Debian 12
|
|
||||||
# 用法:sudo bash scripts/install.sh
|
# 用法:sudo bash scripts/install.sh
|
||||||
set -euo pipefail
|
set -euo pipefail
|
||||||
|
|
||||||
@@ -15,6 +14,20 @@ NC='\033[0m'
|
|||||||
log() { echo -e "${GREEN}[+]${NC} $*"; }
|
log() { echo -e "${GREEN}[+]${NC} $*"; }
|
||||||
err() { echo -e "${RED}[!]${NC} $*" >&2; exit 1; }
|
err() { echo -e "${RED}[!]${NC} $*" >&2; exit 1; }
|
||||||
|
|
||||||
|
wait_for_apt() {
|
||||||
|
local i=0
|
||||||
|
while fuser /var/lib/dpkg/lock-frontend >/dev/null 2>&1; do
|
||||||
|
if (( i == 0 )); then
|
||||||
|
log "等待 apt 锁释放(系统自动更新中)..."
|
||||||
|
fi
|
||||||
|
(( i++ )) || true
|
||||||
|
if (( i > 120 )); then
|
||||||
|
err "apt 锁等待超时,请稍后重试: bash scripts/install.sh"
|
||||||
|
fi
|
||||||
|
sleep 5
|
||||||
|
done
|
||||||
|
}
|
||||||
|
|
||||||
[[ $EUID -eq 0 ]] || err "请使用 root 运行: sudo bash scripts/install.sh"
|
[[ $EUID -eq 0 ]] || err "请使用 root 运行: sudo bash scripts/install.sh"
|
||||||
[[ -f "$ENV_FILE" ]] || err "缺少 .env 文件,请先: cp .env.example .env 并填写"
|
[[ -f "$ENV_FILE" ]] || err "缺少 .env 文件,请先: cp .env.example .env 并填写"
|
||||||
|
|
||||||
@@ -25,17 +38,30 @@ source "$ENV_FILE"
|
|||||||
: "${DOMAIN:?请在 .env 中设置 DOMAIN}"
|
: "${DOMAIN:?请在 .env 中设置 DOMAIN}"
|
||||||
: "${ACME_EMAIL:?请在 .env 中设置 ACME_EMAIL}"
|
: "${ACME_EMAIL:?请在 .env 中设置 ACME_EMAIL}"
|
||||||
: "${REALITY_SERVER_NAME:=www.microsoft.com}"
|
: "${REALITY_SERVER_NAME:=www.microsoft.com}"
|
||||||
|
: "${PANEL_USERNAME:=admin}"
|
||||||
|
|
||||||
if [[ -z "${UUID:-}" || -z "${REALITY_PRIVATE_KEY:-}" ]]; then
|
if [[ -z "${REALITY_PRIVATE_KEY:-}" ]]; then
|
||||||
log "未检测到密钥,运行 generate-keys.sh ..."
|
log "未检测到 Reality 密钥,运行 generate-keys.sh ..."
|
||||||
bash "$SCRIPT_DIR/generate-keys.sh"
|
bash "$SCRIPT_DIR/generate-keys.sh"
|
||||||
source "$ENV_FILE"
|
source "$ENV_FILE"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
: "${UUID:?}"
|
if [[ -z "${PANEL_PASSWORD:-}" ]]; then
|
||||||
|
PANEL_PASSWORD="$(sing-box generate rand --base64 32 | tr -d '/+=' | head -c 20)"
|
||||||
|
if grep -q "^PANEL_PASSWORD=" "$ENV_FILE" 2>/dev/null; then
|
||||||
|
sed -i "s|^PANEL_PASSWORD=.*|PANEL_PASSWORD=${PANEL_PASSWORD}|" "$ENV_FILE"
|
||||||
|
else
|
||||||
|
echo "PANEL_PASSWORD=${PANEL_PASSWORD}" >> "$ENV_FILE"
|
||||||
|
fi
|
||||||
|
source "$ENV_FILE"
|
||||||
|
fi
|
||||||
|
|
||||||
: "${REALITY_PRIVATE_KEY:?}"
|
: "${REALITY_PRIVATE_KEY:?}"
|
||||||
|
: "${REALITY_PUBLIC_KEY:?}"
|
||||||
: "${REALITY_SHORT_ID:?}"
|
: "${REALITY_SHORT_ID:?}"
|
||||||
: "${HY2_PASSWORD:?}"
|
: "${PANEL_PASSWORD:?}"
|
||||||
|
|
||||||
|
export JIEDIAN_ROOT="$ROOT_DIR"
|
||||||
|
|
||||||
ARCH="$(uname -m)"
|
ARCH="$(uname -m)"
|
||||||
case "$ARCH" in
|
case "$ARCH" in
|
||||||
@@ -47,10 +73,11 @@ esac
|
|||||||
SB_VERSION="1.11.0"
|
SB_VERSION="1.11.0"
|
||||||
SB_URL="https://github.com/SagerNet/sing-box/releases/download/v${SB_VERSION}/sing-box-${SB_VERSION}-linux-${SB_ARCH}.tar.gz"
|
SB_URL="https://github.com/SagerNet/sing-box/releases/download/v${SB_VERSION}/sing-box-${SB_VERSION}-linux-${SB_ARCH}.tar.gz"
|
||||||
|
|
||||||
|
wait_for_apt
|
||||||
log "更新系统包 ..."
|
log "更新系统包 ..."
|
||||||
export DEBIAN_FRONTEND=noninteractive
|
export DEBIAN_FRONTEND=noninteractive
|
||||||
apt-get update -qq
|
apt-get update -qq
|
||||||
apt-get install -y -qq curl wget nginx ufw ca-certificates
|
apt-get install -y -qq curl wget nginx ufw ca-certificates python3 python3-venv python3-pip
|
||||||
|
|
||||||
log "安装 sing-box ${SB_VERSION} ..."
|
log "安装 sing-box ${SB_VERSION} ..."
|
||||||
TMP="$(mktemp -d)"
|
TMP="$(mktemp -d)"
|
||||||
@@ -66,6 +93,7 @@ ufw allow 22/tcp comment 'SSH'
|
|||||||
ufw allow 80/tcp comment 'HTTP-ACME'
|
ufw allow 80/tcp comment 'HTTP-ACME'
|
||||||
ufw allow 443/tcp comment 'Reality'
|
ufw allow 443/tcp comment 'Reality'
|
||||||
ufw allow 8443/udp comment 'Hysteria2'
|
ufw allow 8443/udp comment 'Hysteria2'
|
||||||
|
ufw allow 8444/tcp comment 'Panel-HTTPS'
|
||||||
ufw --force enable
|
ufw --force enable
|
||||||
|
|
||||||
log "部署 Nginx fallback 站点 ..."
|
log "部署 Nginx fallback 站点 ..."
|
||||||
@@ -80,7 +108,6 @@ mkdir -p /var/www/acme
|
|||||||
sed "s|__DOMAIN__|${DOMAIN}|g" "$ROOT_DIR/server/nginx/acme.conf.template" \
|
sed "s|__DOMAIN__|${DOMAIN}|g" "$ROOT_DIR/server/nginx/acme.conf.template" \
|
||||||
> /etc/nginx/sites-available/acme
|
> /etc/nginx/sites-available/acme
|
||||||
ln -sf /etc/nginx/sites-available/acme /etc/nginx/sites-enabled/acme
|
ln -sf /etc/nginx/sites-available/acme /etc/nginx/sites-enabled/acme
|
||||||
nginx -t && systemctl enable nginx && systemctl restart nginx
|
|
||||||
|
|
||||||
log "申请 TLS 证书 (Let's Encrypt) ..."
|
log "申请 TLS 证书 (Let's Encrypt) ..."
|
||||||
mkdir -p /etc/sing-box/certs
|
mkdir -p /etc/sing-box/certs
|
||||||
@@ -90,7 +117,6 @@ fi
|
|||||||
# shellcheck disable=SC1091
|
# shellcheck disable=SC1091
|
||||||
source /root/.acme.sh/acme.sh.env || true
|
source /root/.acme.sh/acme.sh.env || true
|
||||||
|
|
||||||
# 确保域名已解析到本机
|
|
||||||
CURRENT_IP="$(curl -4 -fsSL ifconfig.me 2>/dev/null || curl -4 -fsSL ip.sb)"
|
CURRENT_IP="$(curl -4 -fsSL ifconfig.me 2>/dev/null || curl -4 -fsSL ip.sb)"
|
||||||
if [[ "$CURRENT_IP" != "$VPS_IP" ]]; then
|
if [[ "$CURRENT_IP" != "$VPS_IP" ]]; then
|
||||||
err "域名 $DOMAIN 需先解析到 VPS IP ($VPS_IP),当前 VPS 出口 IP 为 $CURRENT_IP"
|
err "域名 $DOMAIN 需先解析到 VPS IP ($VPS_IP),当前 VPS 出口 IP 为 $CURRENT_IP"
|
||||||
@@ -106,19 +132,23 @@ log "安装 TLS 证书到 sing-box ..."
|
|||||||
--key-file /etc/sing-box/certs/privkey.pem \
|
--key-file /etc/sing-box/certs/privkey.pem \
|
||||||
--fullchain-file /etc/sing-box/certs/fullchain.pem
|
--fullchain-file /etc/sing-box/certs/fullchain.pem
|
||||||
|
|
||||||
|
log "部署管理面板 Nginx (8444) ..."
|
||||||
|
sed "s|__DOMAIN__|${DOMAIN}|g" "$ROOT_DIR/server/nginx/panel.conf.template" \
|
||||||
|
> /etc/nginx/sites-available/panel
|
||||||
|
ln -sf /etc/nginx/sites-available/panel /etc/nginx/sites-enabled/panel
|
||||||
|
nginx -t && systemctl enable nginx && systemctl restart nginx
|
||||||
|
|
||||||
|
log "安装 Python 面板依赖 ..."
|
||||||
|
python3 -m venv "$ROOT_DIR/panel/venv"
|
||||||
|
"$ROOT_DIR/panel/venv/bin/pip" install -q -r "$ROOT_DIR/panel/requirements.txt"
|
||||||
|
|
||||||
|
log "初始化节点数据库 ..."
|
||||||
|
python3 "$ROOT_DIR/panel/init_db.py"
|
||||||
|
|
||||||
log "生成 sing-box 服务端配置 ..."
|
log "生成 sing-box 服务端配置 ..."
|
||||||
mkdir -p /etc/sing-box/certs
|
python3 "$ROOT_DIR/scripts/render-server.py"
|
||||||
sed -e "s|\${UUID}|${UUID}|g" \
|
|
||||||
-e "s|\${REALITY_SERVER_NAME}|${REALITY_SERVER_NAME}|g" \
|
|
||||||
-e "s|\${REALITY_PRIVATE_KEY}|${REALITY_PRIVATE_KEY}|g" \
|
|
||||||
-e "s|\${REALITY_SHORT_ID}|${REALITY_SHORT_ID}|g" \
|
|
||||||
-e "s|\${HY2_PASSWORD}|${HY2_PASSWORD}|g" \
|
|
||||||
-e "s|\${DOMAIN}|${DOMAIN}|g" \
|
|
||||||
"$ROOT_DIR/server/sing-box.json.template" > /etc/sing-box/config.json
|
|
||||||
|
|
||||||
sing-box check -c /etc/sing-box/config.json
|
log "创建 sing-box systemd 服务 ..."
|
||||||
|
|
||||||
log "创建 systemd 服务 ..."
|
|
||||||
cat > /etc/systemd/system/sing-box.service <<'UNIT'
|
cat > /etc/systemd/system/sing-box.service <<'UNIT'
|
||||||
[Unit]
|
[Unit]
|
||||||
Description=sing-box service
|
Description=sing-box service
|
||||||
@@ -136,54 +166,46 @@ LimitNOFILE=1048576
|
|||||||
WantedBy=multi-user.target
|
WantedBy=multi-user.target
|
||||||
UNIT
|
UNIT
|
||||||
|
|
||||||
|
log "创建管理面板 systemd 服务 ..."
|
||||||
|
cat > /etc/systemd/system/jiedian-panel.service <<UNIT
|
||||||
|
[Unit]
|
||||||
|
Description=jiedian admin panel
|
||||||
|
After=network.target sing-box.service
|
||||||
|
|
||||||
|
[Service]
|
||||||
|
Type=simple
|
||||||
|
WorkingDirectory=${ROOT_DIR}/panel
|
||||||
|
Environment=JIEDIAN_ROOT=${ROOT_DIR}
|
||||||
|
ExecStart=${ROOT_DIR}/panel/venv/bin/python app.py
|
||||||
|
Restart=on-failure
|
||||||
|
RestartSec=5
|
||||||
|
|
||||||
|
[Install]
|
||||||
|
WantedBy=multi-user.target
|
||||||
|
UNIT
|
||||||
|
|
||||||
systemctl daemon-reload
|
systemctl daemon-reload
|
||||||
systemctl enable sing-box
|
systemctl enable sing-box jiedian-panel
|
||||||
|
|
||||||
log "注册证书续期 reload 命令 ..."
|
log "注册证书续期 reload 命令 ..."
|
||||||
/root/.acme.sh/acme.sh --install-cert -d "$DOMAIN" \
|
/root/.acme.sh/acme.sh --install-cert -d "$DOMAIN" \
|
||||||
--key-file /etc/sing-box/certs/privkey.pem \
|
--key-file /etc/sing-box/certs/privkey.pem \
|
||||||
--fullchain-file /etc/sing-box/certs/fullchain.pem \
|
--fullchain-file /etc/sing-box/certs/fullchain.pem \
|
||||||
--reloadcmd "systemctl restart sing-box" \
|
--reloadcmd "systemctl restart sing-box" \
|
||||||
|| log "acme reloadcmd 注册失败,可忽略(服务已配置)"
|
|| log "acme reloadcmd 注册失败,可忽略"
|
||||||
|
|
||||||
systemctl restart sing-box
|
systemctl restart sing-box jiedian-panel
|
||||||
|
|
||||||
log "生成客户端配置 ..."
|
|
||||||
CLIENT_DIR="${ROOT_DIR}/client/generated"
|
|
||||||
mkdir -p "$CLIENT_DIR"
|
|
||||||
: "${REALITY_PUBLIC_KEY:?请在 .env 中设置 REALITY_PUBLIC_KEY(运行 generate-keys.sh 可自动生成)}"
|
|
||||||
|
|
||||||
sed -e "s|\${VPS_IP}|${VPS_IP}|g" \
|
|
||||||
-e "s|\${DOMAIN}|${DOMAIN}|g" \
|
|
||||||
-e "s|\${UUID}|${UUID}|g" \
|
|
||||||
-e "s|\${REALITY_SERVER_NAME}|${REALITY_SERVER_NAME}|g" \
|
|
||||||
-e "s|\${REALITY_PUBLIC_KEY}|${REALITY_PUBLIC_KEY}|g" \
|
|
||||||
-e "s|\${REALITY_SHORT_ID}|${REALITY_SHORT_ID}|g" \
|
|
||||||
-e "s|\${HY2_PASSWORD}|${HY2_PASSWORD}|g" \
|
|
||||||
"$ROOT_DIR/client/sing-box-client.json.template" > "$CLIENT_DIR/sing-box-client.json"
|
|
||||||
|
|
||||||
# 生成分享链接
|
|
||||||
cat > "$CLIENT_DIR/share-links.txt" <<EOF
|
|
||||||
========== VLESS + Reality (主力) ==========
|
|
||||||
vless://${UUID}@${VPS_IP}:443?encryption=none&flow=xtls-rprx-vision&security=reality&sni=${REALITY_SERVER_NAME}&fp=chrome&pbk=${REALITY_PUBLIC_KEY}&sid=${REALITY_SHORT_ID}&type=tcp#Reality-Main
|
|
||||||
|
|
||||||
========== Hysteria2 (备用) ==========
|
|
||||||
hy2://${HY2_PASSWORD}@${DOMAIN}:8443?sni=${DOMAIN}#Hysteria2-Backup
|
|
||||||
|
|
||||||
========== 参数明细 ==========
|
|
||||||
VPS IP: ${VPS_IP}
|
|
||||||
UUID: ${UUID}
|
|
||||||
Reality SNI: ${REALITY_SERVER_NAME}
|
|
||||||
Reality PublicKey: ${REALITY_PUBLIC_KEY}
|
|
||||||
Reality ShortId: ${REALITY_SHORT_ID}
|
|
||||||
Hysteria2 域名: ${DOMAIN}
|
|
||||||
Hysteria2 密码: ${HY2_PASSWORD}
|
|
||||||
EOF
|
|
||||||
|
|
||||||
log "部署完成!"
|
log "部署完成!"
|
||||||
echo ""
|
echo ""
|
||||||
cat "$CLIENT_DIR/share-links.txt"
|
echo "=========================================="
|
||||||
|
echo " 管理面板: https://${DOMAIN}:8444"
|
||||||
|
echo " 用户名: ${PANEL_USERNAME}"
|
||||||
|
echo " 密码: ${PANEL_PASSWORD}"
|
||||||
|
echo "=========================================="
|
||||||
echo ""
|
echo ""
|
||||||
log "客户端配置文件: ${CLIENT_DIR}/sing-box-client.json"
|
echo "节点链接请在面板中添加/复制。"
|
||||||
log "sing-box 状态: systemctl status sing-box"
|
echo ""
|
||||||
log "查看日志: journalctl -u sing-box -f"
|
log "sing-box: systemctl status sing-box"
|
||||||
|
log "面板: systemctl status jiedian-panel"
|
||||||
|
log "卸载重装: bash scripts/uninstall.sh && bash scripts/install.sh"
|
||||||
|
|||||||
@@ -0,0 +1,125 @@
|
|||||||
|
#!/usr/bin/env python3
|
||||||
|
"""根据 data/nodes.db 与 .env 生成 sing-box 服务端配置。"""
|
||||||
|
from __future__ import annotations
|
||||||
|
|
||||||
|
import json
|
||||||
|
import os
|
||||||
|
import sqlite3
|
||||||
|
import subprocess
|
||||||
|
import sys
|
||||||
|
from pathlib import Path
|
||||||
|
|
||||||
|
ROOT = Path(os.environ.get("JIEDIAN_ROOT", Path(__file__).resolve().parents[1]))
|
||||||
|
ENV_FILE = ROOT / ".env"
|
||||||
|
DB_FILE = ROOT / "data" / "nodes.db"
|
||||||
|
OUT_FILE = Path("/etc/sing-box/config.json")
|
||||||
|
|
||||||
|
|
||||||
|
def load_env(path: Path) -> dict[str, str]:
|
||||||
|
env: dict[str, str] = {}
|
||||||
|
if not path.exists():
|
||||||
|
raise SystemExit(f"缺少 .env: {path}")
|
||||||
|
for line in path.read_text(encoding="utf-8").splitlines():
|
||||||
|
line = line.strip()
|
||||||
|
if not line or line.startswith("#") or "=" not in line:
|
||||||
|
continue
|
||||||
|
key, _, value = line.partition("=")
|
||||||
|
env[key.strip()] = value.strip()
|
||||||
|
return env
|
||||||
|
|
||||||
|
|
||||||
|
def load_nodes(db_path: Path) -> list[dict]:
|
||||||
|
if not db_path.exists():
|
||||||
|
raise SystemExit(f"缺少节点数据库: {db_path},请先运行 install.sh")
|
||||||
|
conn = sqlite3.connect(db_path)
|
||||||
|
conn.row_factory = sqlite3.Row
|
||||||
|
rows = conn.execute(
|
||||||
|
"SELECT id, name, uuid, hy2_password FROM nodes WHERE enabled = 1 ORDER BY id"
|
||||||
|
).fetchall()
|
||||||
|
conn.close()
|
||||||
|
if not rows:
|
||||||
|
raise SystemExit("没有可用节点,请在管理面板中添加节点")
|
||||||
|
return [dict(row) for row in rows]
|
||||||
|
|
||||||
|
|
||||||
|
def build_config(env: dict[str, str], nodes: list[dict]) -> dict:
|
||||||
|
required = [
|
||||||
|
"REALITY_PRIVATE_KEY",
|
||||||
|
"REALITY_SHORT_ID",
|
||||||
|
"REALITY_SERVER_NAME",
|
||||||
|
"DOMAIN",
|
||||||
|
]
|
||||||
|
for key in required:
|
||||||
|
if not env.get(key):
|
||||||
|
raise SystemExit(f".env 缺少 {key}")
|
||||||
|
|
||||||
|
vless_users = [{"uuid": n["uuid"], "flow": "xtls-rprx-vision"} for n in nodes]
|
||||||
|
hy2_users = [{"password": n["hy2_password"]} for n in nodes]
|
||||||
|
|
||||||
|
return {
|
||||||
|
"log": {"level": "warn", "timestamp": True},
|
||||||
|
"inbounds": [
|
||||||
|
{
|
||||||
|
"type": "vless",
|
||||||
|
"tag": "vless-reality-in",
|
||||||
|
"listen": "0.0.0.0",
|
||||||
|
"listen_port": 443,
|
||||||
|
"users": vless_users,
|
||||||
|
"tls": {
|
||||||
|
"enabled": True,
|
||||||
|
"server_name": env["REALITY_SERVER_NAME"],
|
||||||
|
"reality": {
|
||||||
|
"enabled": True,
|
||||||
|
"handshake": {
|
||||||
|
"server": env["REALITY_SERVER_NAME"],
|
||||||
|
"server_port": 443,
|
||||||
|
},
|
||||||
|
"private_key": env["REALITY_PRIVATE_KEY"],
|
||||||
|
"short_id": [env["REALITY_SHORT_ID"]],
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"type": "hysteria2",
|
||||||
|
"tag": "hysteria2-in",
|
||||||
|
"listen": "0.0.0.0",
|
||||||
|
"listen_port": 8443,
|
||||||
|
"users": hy2_users,
|
||||||
|
"tls": {
|
||||||
|
"enabled": True,
|
||||||
|
"server_name": env["DOMAIN"],
|
||||||
|
"certificate_path": "/etc/sing-box/certs/fullchain.pem",
|
||||||
|
"key_path": "/etc/sing-box/certs/privkey.pem",
|
||||||
|
},
|
||||||
|
},
|
||||||
|
],
|
||||||
|
"outbounds": [{"type": "direct", "tag": "direct"}],
|
||||||
|
"route": {
|
||||||
|
"rules": [{"ip_is_private": True, "action": "reject"}],
|
||||||
|
"final": "direct",
|
||||||
|
},
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
def main() -> None:
|
||||||
|
env = load_env(ENV_FILE)
|
||||||
|
nodes = load_nodes(DB_FILE)
|
||||||
|
config = build_config(env, nodes)
|
||||||
|
|
||||||
|
OUT_FILE.parent.mkdir(parents=True, exist_ok=True)
|
||||||
|
OUT_FILE.write_text(json.dumps(config, indent=2, ensure_ascii=False) + "\n", encoding="utf-8")
|
||||||
|
|
||||||
|
check = subprocess.run(
|
||||||
|
["sing-box", "check", "-c", str(OUT_FILE)],
|
||||||
|
capture_output=True,
|
||||||
|
text=True,
|
||||||
|
)
|
||||||
|
if check.returncode != 0:
|
||||||
|
sys.stderr.write(check.stderr or check.stdout)
|
||||||
|
raise SystemExit(check.returncode)
|
||||||
|
|
||||||
|
print(f"已生成 {OUT_FILE}({len(nodes)} 个节点)")
|
||||||
|
|
||||||
|
|
||||||
|
if __name__ == "__main__":
|
||||||
|
main()
|
||||||
@@ -0,0 +1,39 @@
|
|||||||
|
#!/usr/bin/env bash
|
||||||
|
# 卸载 jiedian(sing-box + 管理面板 + nginx 站点)
|
||||||
|
# 用法:sudo bash scripts/uninstall.sh
|
||||||
|
set -euo pipefail
|
||||||
|
|
||||||
|
[[ $EUID -eq 0 ]] || { echo "请使用 root 运行"; exit 1; }
|
||||||
|
|
||||||
|
echo "[*] 停止服务 ..."
|
||||||
|
systemctl stop jiedian-panel sing-box 2>/dev/null || true
|
||||||
|
systemctl disable jiedian-panel sing-box 2>/dev/null || true
|
||||||
|
|
||||||
|
echo "[*] 删除 systemd 单元 ..."
|
||||||
|
rm -f /etc/systemd/system/jiedian-panel.service
|
||||||
|
rm -f /etc/systemd/system/sing-box.service
|
||||||
|
systemctl daemon-reload
|
||||||
|
|
||||||
|
echo "[*] 删除 sing-box 配置 ..."
|
||||||
|
rm -rf /etc/sing-box
|
||||||
|
|
||||||
|
echo "[*] 删除 nginx 站点 ..."
|
||||||
|
rm -f /etc/nginx/sites-enabled/panel
|
||||||
|
rm -f /etc/nginx/sites-available/panel
|
||||||
|
rm -f /etc/nginx/sites-enabled/acme
|
||||||
|
rm -f /etc/nginx/sites-available/acme
|
||||||
|
rm -f /etc/nginx/sites-enabled/fallback
|
||||||
|
rm -f /etc/nginx/sites-available/fallback
|
||||||
|
nginx -t && systemctl reload nginx 2>/dev/null || true
|
||||||
|
|
||||||
|
echo "[*] 清理本地数据(保留 .env 与代码)..."
|
||||||
|
ROOT="$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd)"
|
||||||
|
rm -rf "${ROOT}/data"
|
||||||
|
rm -rf "${ROOT}/panel/venv"
|
||||||
|
rm -rf "${ROOT}/client/generated"
|
||||||
|
|
||||||
|
echo ""
|
||||||
|
echo "卸载完成。重新安装:"
|
||||||
|
echo " cd ${ROOT}"
|
||||||
|
echo " bash scripts/generate-keys.sh # 可选,重置 Reality 密钥与面板密码"
|
||||||
|
echo " bash scripts/install.sh"
|
||||||
@@ -0,0 +1,18 @@
|
|||||||
|
server {
|
||||||
|
listen 8444 ssl;
|
||||||
|
listen [::]:8444 ssl;
|
||||||
|
server_name __DOMAIN__;
|
||||||
|
|
||||||
|
ssl_certificate /etc/sing-box/certs/fullchain.pem;
|
||||||
|
ssl_certificate_key /etc/sing-box/certs/privkey.pem;
|
||||||
|
ssl_protocols TLSv1.2 TLSv1.3;
|
||||||
|
|
||||||
|
location / {
|
||||||
|
proxy_pass http://127.0.0.1:5080;
|
||||||
|
proxy_http_version 1.1;
|
||||||
|
proxy_set_header Host $host;
|
||||||
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
|
proxy_set_header X-Forwarded-Proto $scheme;
|
||||||
|
}
|
||||||
|
}
|
||||||
Reference in New Issue
Block a user