feat: add web admin panel for node management

Add Flask panel with login, add/delete nodes, and share link copy.
Generate sing-box config from SQLite; add uninstall script and clean install flow.
Panel served at https://DOMAIN:8444 via nginx.

Co-authored-by: Cursor <cursoragent@cursor.com>
This commit is contained in:
dekun
2026-06-16 09:10:19 +08:00
parent e8631a0e10
commit bccf6cfdce
21 changed files with 1069 additions and 305 deletions
+2 -2
View File
@@ -6,8 +6,8 @@ DOMAIN=66.hyf2.cc
ACME_EMAIL=admin@hyf2.cc
REALITY_SERVER_NAME=www.microsoft.com
UUID=42f5b04d-292d-4f13-b892-b70553a714d5
PANEL_USERNAME=admin
REALITY_PRIVATE_KEY=IPKtaw1aVb4fS0TPcimu8zwaVGml-JJ5H1rj-_TFQHM
REALITY_PUBLIC_KEY=51H_ikqYdDRgCpjq3pvMYNbqrX8S3zuow1UEjqTN-nI
REALITY_SHORT_ID=e126b4ef9d36adfc
HY2_PASSWORD=npDFaGfRzAPLS3Hh7iM6TEOk
+6 -4
View File
@@ -4,7 +4,7 @@
# VPS 公网 IP
VPS_IP=47.76.87.111
# 域名(Hysteria2 证书
# 域名(Hysteria2 证书 + 管理面板
DOMAIN=66.hyf2.cc
# Let's Encrypt 申请证书邮箱
@@ -13,9 +13,11 @@ ACME_EMAIL=admin@hyf2.cc
# Reality 伪装目标(真实大站,不要用你自己的域名)
REALITY_SERVER_NAME=www.microsoft.com
# 以下由 scripts/generate-keys.sh 自动生成,也可手动填写
# UUID=
# 管理面板登录(安装完成后访问 https://域名:8444
PANEL_USERNAME=admin
# 以下由 scripts/generate-keys.sh 自动生成
# REALITY_PRIVATE_KEY=
# REALITY_PUBLIC_KEY=
# REALITY_SHORT_ID=
# HY2_PASSWORD=
# PANEL_PASSWORD=
+3 -1
View File
@@ -1,5 +1,7 @@
# 部署生成的客户端配置
# 部署生成的客户端配置与运行时数据
client/generated/
data/
panel/venv/
# 临时文件
*.log
.DS_Store
+31 -31
View File
@@ -1,6 +1,6 @@
# jiedian — VPS 自建节点
个人/家庭自用的 **VLESS + Reality(主力)** + **Hysteria2(备用)** 双栈方案,基于 [sing-box](https://github.com/SagerNet/sing-box)。
个人/家庭自用的 **VLESS + Reality(主力)** + **Hysteria2(备用)** 双栈方案,基于 [sing-box](https://github.com/SagerNet/sing-box),带 **Web 管理面板**
**仓库**https://git.bz121.com/dekun/jiedian.git
**部署路径**`/opt/jiedian`Ubuntu
@@ -9,6 +9,7 @@
|------|-----|
| VPS IP | `47.76.87.111` |
| 域名 | `66.hyf2.cc` |
| 管理面板 | `https://66.hyf2.cc:8444` |
> 完整部署步骤见 **[docs/DEPLOY.md](docs/DEPLOY.md)**
@@ -25,50 +26,42 @@ cd /opt/jiedian
bash scripts/install.sh
```
安装完成后
```bash
cat /opt/jiedian/client/generated/share-links.txt
```
客户端导入见 [docs/client-import.md](docs/client-import.md)。
安装完成后会显示面板地址、用户名和密码。登录面板即可 **添加节点、复制分享链接**
---
## 架构
```
浏览器 ──► Nginx:8444 ──► Web 管理面板(登录、添加节点)
sing-box 配置重载
客户端 (Win/iOS/Android)
TCP 443 ─► sing-box VLESS+Reality ──► 直连出站
└─ UDP 8443 ─► sing-box Hysteria2 ─────► 直连出站
├─ TCP 443 ──► sing-box VLESS+Reality
UDP 8443 ─► sing-box Hysteria2
Nginx 127.0.0.1:8080 ← 伪装静态页(fallback
```
详细选型见 [docs/STACK.md](docs/STACK.md)。
---
## 目录结构
```
/opt/jiedian/
├── .env # 环境变量(IP/域名/密钥,已预填)
├── .env # VPS / Reality / 面板账号配置
├── data/nodes.db # 节点数据库(安装后生成)
├── panel/ # Web 管理面板(Flask
├── scripts/
│ ├── generate-keys.sh # 生成 UUID / Reality 密钥 / Hy2 密码
│ ├── install.sh # 一键部署
── render-client.sh # 本地渲染客户端配置
├── server/
── sing-box.json.template
│ └── nginx/ # fallback 伪装站
├── client/
│ └── sing-box-client.json.template
── uninstall.sh # 卸载后重装
│ ├── generate-keys.sh # 生成 Reality 密钥与面板密码
── render-server.py # 根据数据库生成 sing-box 配置
└── docs/
├── DEPLOY.md # Ubuntu 部署指南(主文档)
── client-import.md # 客户端导入
└── troubleshooting.md # 故障排查
├── DEPLOY.md
── client-import.md
```
---
@@ -78,19 +71,26 @@ Nginx 127.0.0.1:8080 ← 伪装静态页(fallback
| 端口 | 协议 | 用途 |
|------|------|------|
| 22 | TCP | SSH |
| 80 | TCP | HTTPLet's Encrypt 证书验证) |
| 80 | TCP | HTTPLet's Encrypt 验证) |
| 443 | TCP | VLESS + Reality |
| 8443 | UDP | Hysteria2 |
| 8444 | TCP | **Web 管理面板(HTTPS** |
---
## 常用运维
```bash
systemctl status sing-box
journalctl -u sing-box -f
sing-box check -c /etc/sing-box/config.json && systemctl restart sing-box
/root/.acme.sh/acme.sh --renew -d 66.hyf2.cc --force
# 面板 / 节点
https://66.hyf2.cc:8444
# 服务状态
systemctl status sing-box jiedian-panel
# 卸载后干净重装
bash scripts/uninstall.sh
bash scripts/generate-keys.sh # 可选:重置密钥与面板密码
bash scripts/install.sh
```
---
@@ -100,7 +100,7 @@ sing-box check -c /etc/sing-box/config.json && systemctl restart sing-box
1. 不要公开分享节点链接
2. Reality SNI 使用 `www.microsoft.com`,不要用 `66.hyf2.cc`
3. 客户端开启 uTLS / chrome 指纹
4. 被封后:换 serverName → 换 IP → 换 VPS 地区
4. 面板密码请妥善保管,安装后可在 `.env` 查看 `PANEL_PASSWORD`
---
+51 -103
View File
@@ -6,6 +6,7 @@
|------|-----|
| VPS IP | `47.76.87.111` |
| 域名 | `66.hyf2.cc` |
| 管理面板 | `https://66.hyf2.cc:8444` |
| 部署目录 | `/opt/jiedian` |
| 系统 | Ubuntu 22.04 / 24.04 |
@@ -15,127 +16,88 @@
### 1. DNS 解析
在域名控制台添加 **A 记录**
```
66.hyf2.cc → 47.76.87.111
```
验证(本地或 VPS 上执行)
验证:
```bash
dig +short A 66.hyf2.cc
# 应返回 47.76.87.111
```
### 2. SSH 登录 VPS
### 2. 阿里云安全组
```bash
ssh root@47.76.87.111
```
放行:`22``80``443/TCP``8443/UDP``8444/TCP`
---
## 一键部署(推荐)
在 VPS 上以 **root** 执行:
```bash
# 安装 git
apt update && apt install -y git
# 克隆到 /opt/jiedian
git clone https://git.bz121.com/dekun/jiedian.git /opt/jiedian
cd /opt/jiedian
# .env 已预填 IP/域名/密钥,直接安装
bash scripts/install.sh
```
安装完成后查看节点链接:
```bash
cat /opt/jiedian/client/generated/share-links.txt
```
---
## 分步部署(如需手动控制)
## 一键部署
```bash
apt update && apt install -y git
git clone https://git.bz121.com/dekun/jiedian.git /opt/jiedian
cd /opt/jiedian
# 检查 .env(已预配置,一般无需修改)
cat .env
# 若需重新生成密钥
bash scripts/generate-keys.sh
# 执行安装
bash scripts/install.sh
```
安装结束会输出:
```
管理面板: https://66.hyf2.cc:8444
用户名: admin
密码: xxxxx
```
浏览器打开面板 → 登录 → **添加节点** → 复制 VLESS / Hysteria2 链接到客户端。
---
## 卸载后重装(推荐流程)
若之前部署混乱,先卸载再装:
```bash
cd /opt/jiedian
git pull
bash scripts/uninstall.sh
bash scripts/generate-keys.sh # 重新生成 Reality 密钥与面板密码
bash scripts/install.sh
```
`uninstall.sh` 会停止服务并清理配置,**保留** `/opt/jiedian` 代码与 `.env` 基础字段。
---
## 安装脚本做了什么
1. 安装 sing-box、nginx、ufw
2. 防火墙放行`22/tcp``443/tcp``8443/udp`
3. Nginx 伪装站监听 `127.0.0.1:8080`
4. acme.sh 为 `66.hyf2.cc` 申请 Let's Encrypt 证书
5. 生成 `/etc/sing-box/config.json` 并启动 systemd 服务
6. 输出客户端分享链接到 `client/generated/share-links.txt`
1. 安装 sing-box、nginx、Python 面板依赖
2. 防火墙放行 22/80/443/8443/8444
3. acme.sh 申请 `66.hyf2.cc` 证书
4. 初始化 SQLite 节点库 + 默认管理员
5. 生成 sing-box 配置并启动服务
6. Nginx 8444 端口提供 HTTPS 管理面板
---
## 节点信息
## 管理面板功能
| 节点 | 协议 | 地址 | 端口 |
|------|------|------|------|
| 主力 | VLESS + Reality | `47.76.87.111` | 443/TCP |
| 备用 | Hysteria2 | `66.hyf2.cc` | 8443/UDP |
Reality 伪装 SNI`www.microsoft.com`(不是你的域名)
| 功能 | 说明 |
|------|------|
| 登录 | `.env``PANEL_USERNAME` / `PANEL_PASSWORD` |
| 添加节点 | 自动生成 UUID + Hy2 密码,更新 sing-box |
| 复制链接 | VLESS Reality + Hysteria2 分享链接 |
| 删除节点 | 至少保留 1 个节点 |
---
## 部署后验证
```bash
# sing-box 运行状态
systemctl status sing-box
# 端口监听
ss -tlnp | grep 443
systemctl status sing-box jiedian-panel
ss -tlnp | grep -E '443|8444'
ss -ulnp | grep 8443
# 配置语法检查
sing-box check -c /etc/sing-box/config.json
# 查看日志
journalctl -u sing-box -f
```
客户端导入见 [client-import.md](client-import.md)。
---
## 常用运维
```bash
cd /opt/jiedian
# 拉取最新配置(若仓库有更新)
git pull
# 重新安装/更新
bash scripts/install.sh
# 证书手动续期
/root/.acme.sh/acme.sh --renew -d 66.hyf2.cc --force
systemctl restart sing-box
curl -k -I https://66.hyf2.cc:8444/login
```
---
@@ -144,23 +106,9 @@ systemctl restart sing-box
| 问题 | 处理 |
|------|------|
| `set: pipefail: invalid option` | Windows 换行符问题,执行:`sed -i 's/\r$//' scripts/*.sh .env` 后重试 |
| `dig` 未返回正确 IP | 等待 DNS 生效或检查解析记录 |
| acme 证书失败 | 确认 80 端口可访问:`curl http://66.hyf2.cc/.well-known/acme-challenge/test`;检查 nginx acme 站点是否启用 |
| sing-box 启动失败 | `journalctl -u sing-box -n 50` 查看报错 |
| 客户端连不上 | 核对 `share-links.txt``.env` 中密钥一致 |
| apt 锁被占用 | 等待自动更新结束,或 `bash scripts/install.sh` 会自动等待 |
| sing-box 443 被占用 | `ss -tlnp \| grep 443`,停止占用进程后重装 |
| 忘记面板密码 | `grep PANEL_PASSWORD /opt/jiedian/.env` 或重新 `generate-keys.sh` |
| SSH 主机密钥变更 | 重装系统后本地执行 `ssh-keygen -R 47.76.87.111` |
更多见 [troubleshooting.md](troubleshooting.md)。
---
## 更新仓库(本地开发机)
```bash
cd 节点
git add .
git commit -m "update config"
git push origin main
```
VPS 上 `git pull` 后重新运行 `bash scripts/install.sh` 即可同步。
+167
View File
@@ -0,0 +1,167 @@
#!/usr/bin/env python3
"""jiedian 管理面板:登录、添加/删除节点、复制分享链接。"""
from __future__ import annotations
import os
import secrets
import subprocess
from functools import wraps
from pathlib import Path
from flask import (
Flask,
jsonify,
redirect,
render_template,
request,
session,
url_for,
)
from db import add_node, delete_node, list_nodes, node_count, verify_admin
from links import build_links, load_env
ROOT = Path(os.environ.get("JIEDIAN_ROOT", Path(__file__).resolve().parents[1]))
SECRET_FILE = ROOT / "data" / ".panel_secret"
RENDER_SCRIPT = ROOT / "scripts" / "render-server.py"
def _secret_key() -> str:
if SECRET_FILE.exists():
return SECRET_FILE.read_text(encoding="utf-8").strip()
SECRET_FILE.parent.mkdir(parents=True, exist_ok=True)
key = secrets.token_hex(32)
SECRET_FILE.write_text(key, encoding="utf-8")
SECRET_FILE.chmod(0o600)
return key
app = Flask(__name__)
app.secret_key = _secret_key()
app.config.update(
SESSION_COOKIE_HTTPONLY=True,
SESSION_COOKIE_SAMESITE="Lax",
PERMANENT_SESSION_LIFETIME=86400 * 7,
)
def login_required(view):
@wraps(view)
def wrapped(*args, **kwargs):
if not session.get("user"):
if request.path.startswith("/api/"):
return jsonify({"error": "未登录"}), 401
return redirect(url_for("login"))
return view(*args, **kwargs)
return wrapped
def apply_singbox() -> tuple[bool, str]:
env = os.environ.copy()
env["JIEDIAN_ROOT"] = str(ROOT)
proc = subprocess.run(
["python3", str(RENDER_SCRIPT)],
capture_output=True,
text=True,
env=env,
)
if proc.returncode != 0:
return False, proc.stderr or proc.stdout or "配置生成失败"
restart = subprocess.run(["systemctl", "restart", "sing-box"], capture_output=True, text=True)
if restart.returncode != 0:
return False, restart.stderr or restart.stdout or "sing-box 重启失败"
return True, "ok"
@app.route("/login", methods=["GET", "POST"])
def login():
if session.get("user"):
return redirect(url_for("dashboard"))
error = None
if request.method == "POST":
username = request.form.get("username", "").strip()
password = request.form.get("password", "")
if verify_admin(username, password):
session.permanent = True
session["user"] = username
return redirect(url_for("dashboard"))
error = "用户名或密码错误"
return render_template("login.html", error=error)
@app.route("/logout")
def logout():
session.clear()
return redirect(url_for("login"))
@app.route("/")
@login_required
def dashboard():
env = load_env()
nodes = []
for node in list_nodes():
item = dict(node)
item["links"] = build_links(node, env)
nodes.append(item)
return render_template(
"dashboard.html",
nodes=nodes,
domain=env.get("DOMAIN", ""),
vps_ip=env.get("VPS_IP", ""),
)
@app.route("/api/nodes", methods=["GET"])
@login_required
def api_list_nodes():
env = load_env()
data = []
for node in list_nodes():
item = {
"id": node["id"],
"name": node["name"],
"uuid": node["uuid"],
"created_at": node["created_at"],
"links": build_links(node, env),
}
data.append(item)
return jsonify(data)
@app.route("/api/nodes", methods=["POST"])
@login_required
def api_add_node():
body = request.get_json(silent=True) or {}
name = (body.get("name") or request.form.get("name") or "新节点").strip()
node = add_node(name)
ok, msg = apply_singbox()
if not ok:
delete_node(node["id"])
return jsonify({"error": msg}), 500
env = load_env()
return jsonify(
{
"id": node["id"],
"name": node["name"],
"links": build_links(node, env),
}
)
@app.route("/api/nodes/<int:node_id>", methods=["DELETE"])
@login_required
def api_delete_node(node_id: int):
if node_count() <= 1:
return jsonify({"error": "至少保留一个节点"}), 400
if not delete_node(node_id):
return jsonify({"error": "节点不存在"}), 404
ok, msg = apply_singbox()
if not ok:
return jsonify({"error": msg}), 500
return jsonify({"ok": True})
if __name__ == "__main__":
app.run(host="127.0.0.1", port=5080)
+124
View File
@@ -0,0 +1,124 @@
"""SQLite 数据库:管理员账号与节点。"""
from __future__ import annotations
import os
import secrets
import sqlite3
import subprocess
from pathlib import Path
from werkzeug.security import check_password_hash, generate_password_hash
ROOT = Path(os.environ.get("JIEDIAN_ROOT", Path(__file__).resolve().parents[1]))
DB_FILE = ROOT / "data" / "nodes.db"
def connect() -> sqlite3.Connection:
DB_FILE.parent.mkdir(parents=True, exist_ok=True)
conn = sqlite3.connect(DB_FILE)
conn.row_factory = sqlite3.Row
conn.execute("PRAGMA foreign_keys = ON")
return conn
def init_db(env: dict[str, str]) -> None:
conn = connect()
conn.executescript(
"""
CREATE TABLE IF NOT EXISTS admin (
id INTEGER PRIMARY KEY,
username TEXT UNIQUE NOT NULL,
password_hash TEXT NOT NULL
);
CREATE TABLE IF NOT EXISTS nodes (
id INTEGER PRIMARY KEY AUTOINCREMENT,
name TEXT NOT NULL,
uuid TEXT NOT NULL UNIQUE,
hy2_password TEXT NOT NULL,
enabled INTEGER NOT NULL DEFAULT 1,
created_at TEXT NOT NULL DEFAULT (datetime('now'))
);
"""
)
username = env.get("PANEL_USERNAME", "admin")
password = env.get("PANEL_PASSWORD")
if not password:
raise SystemExit("请在 .env 中设置 PANEL_PASSWORD(运行 generate-keys.sh 可自动生成)")
row = conn.execute("SELECT id FROM admin WHERE username = ?", (username,)).fetchone()
if row is None:
conn.execute(
"INSERT INTO admin (username, password_hash) VALUES (?, ?)",
(username, generate_password_hash(password)),
)
count = conn.execute("SELECT COUNT(*) AS c FROM nodes").fetchone()["c"]
if count == 0:
uuid, hy2 = _generate_credentials()
conn.execute(
"INSERT INTO nodes (name, uuid, hy2_password) VALUES (?, ?, ?)",
("默认节点", uuid, hy2),
)
conn.commit()
conn.close()
def verify_admin(username: str, password: str) -> bool:
conn = connect()
row = conn.execute(
"SELECT password_hash FROM admin WHERE username = ?", (username,)
).fetchone()
conn.close()
if row is None:
return False
return check_password_hash(row["password_hash"], password)
def list_nodes() -> list[dict]:
conn = connect()
rows = conn.execute(
"SELECT id, name, uuid, hy2_password, enabled, created_at "
"FROM nodes ORDER BY id DESC"
).fetchall()
conn.close()
return [dict(row) for row in rows]
def add_node(name: str) -> dict:
name = name.strip() or "未命名节点"
uuid, hy2 = _generate_credentials()
conn = connect()
cur = conn.execute(
"INSERT INTO nodes (name, uuid, hy2_password) VALUES (?, ?, ?)",
(name, uuid, hy2),
)
node_id = cur.lastrowid
row = conn.execute("SELECT * FROM nodes WHERE id = ?", (node_id,)).fetchone()
conn.commit()
conn.close()
return dict(row)
def delete_node(node_id: int) -> bool:
conn = connect()
cur = conn.execute("DELETE FROM nodes WHERE id = ?", (node_id,))
conn.commit()
deleted = cur.rowcount > 0
conn.close()
return deleted
def node_count() -> int:
conn = connect()
count = conn.execute("SELECT COUNT(*) AS c FROM nodes").fetchone()["c"]
conn.close()
return count
def _generate_credentials() -> tuple[str, str]:
sb = "sing-box"
uuid = subprocess.check_output([sb, "generate", "uuid"], text=True).strip()
hy2 = secrets.token_urlsafe(18)[:24]
return uuid, hy2
+30
View File
@@ -0,0 +1,30 @@
#!/usr/bin/env python3
"""初始化 SQLite 数据库与默认管理员。"""
from __future__ import annotations
import os
import sys
from pathlib import Path
ROOT = Path(__file__).resolve().parents[1]
sys.path.insert(0, str(ROOT / "panel"))
os.environ.setdefault("JIEDIAN_ROOT", str(ROOT))
from db import init_db # noqa: E402
def load_env() -> dict[str, str]:
env: dict[str, str] = {}
for line in (ROOT / ".env").read_text(encoding="utf-8").splitlines():
line = line.strip()
if not line or line.startswith("#") or "=" not in line:
continue
key, _, value = line.partition("=")
env[key.strip()] = value.strip()
return env
if __name__ == "__main__":
init_db(load_env())
print("数据库初始化完成")
+37
View File
@@ -0,0 +1,37 @@
"""分享链接生成。"""
from __future__ import annotations
import os
from pathlib import Path
from urllib.parse import quote
def load_env() -> dict[str, str]:
root = Path(os.environ.get("JIEDIAN_ROOT", Path(__file__).resolve().parents[1]))
env: dict[str, str] = {}
for line in (root / ".env").read_text(encoding="utf-8").splitlines():
line = line.strip()
if not line or line.startswith("#") or "=" not in line:
continue
key, _, value = line.partition("=")
env[key.strip()] = value.strip()
return env
def build_links(node: dict, env: dict | None = None) -> dict[str, str]:
env = env or load_env()
vps_ip = env["VPS_IP"]
domain = env["DOMAIN"]
reality_sni = env.get("REALITY_SERVER_NAME", "www.microsoft.com")
public_key = env["REALITY_PUBLIC_KEY"]
short_id = env["REALITY_SHORT_ID"]
name = quote(node["name"])
vless = (
f"vless://{node['uuid']}@{vps_ip}:443"
f"?encryption=none&flow=xtls-rprx-vision&security=reality"
f"&sni={reality_sni}&fp=chrome&pbk={public_key}&sid={short_id}"
f"&type=tcp#{name}"
)
hy2 = f"hy2://{node['hy2_password']}@{domain}:8443?sni={domain}#{name}-Hy2"
return {"vless": vless, "hy2": hy2}
+2
View File
@@ -0,0 +1,2 @@
flask>=3.0,<4
werkzeug>=3.0,<4
+74
View File
@@ -0,0 +1,74 @@
function toast(msg) {
const el = document.getElementById("toast");
el.textContent = msg;
el.classList.remove("hidden");
setTimeout(() => el.classList.add("hidden"), 2200);
}
document.querySelectorAll("[data-copy]").forEach((btn) => {
btn.addEventListener("click", async () => {
const text = btn.dataset.copy;
try {
await navigator.clipboard.writeText(text);
toast("已复制到剪贴板");
} catch {
toast("复制失败,请手动选择文本");
}
});
});
const modal = document.getElementById("modal");
const addBtn = document.getElementById("addBtn");
const cancelBtn = document.getElementById("cancelBtn");
const confirmAddBtn = document.getElementById("confirmAddBtn");
const nodeName = document.getElementById("nodeName");
if (addBtn) {
addBtn.addEventListener("click", () => {
nodeName.value = "";
modal.classList.remove("hidden");
nodeName.focus();
});
}
if (cancelBtn) {
cancelBtn.addEventListener("click", () => modal.classList.add("hidden"));
}
if (confirmAddBtn) {
confirmAddBtn.addEventListener("click", async () => {
const name = nodeName.value.trim() || "新节点";
confirmAddBtn.disabled = true;
try {
const res = await fetch("/api/nodes", {
method: "POST",
headers: { "Content-Type": "application/json" },
body: JSON.stringify({ name }),
});
const data = await res.json();
if (!res.ok) throw new Error(data.error || "创建失败");
location.reload();
} catch (err) {
toast(err.message);
} finally {
confirmAddBtn.disabled = false;
}
});
}
document.querySelectorAll(".delete-btn").forEach((btn) => {
btn.addEventListener("click", async () => {
const id = btn.dataset.id;
if (!confirm("确定删除该节点?删除后对应链接将失效。")) return;
btn.disabled = true;
try {
const res = await fetch(`/api/nodes/${id}`, { method: "DELETE" });
const data = await res.json();
if (!res.ok) throw new Error(data.error || "删除失败");
location.reload();
} catch (err) {
toast(err.message);
btn.disabled = false;
}
});
});
+171
View File
@@ -0,0 +1,171 @@
:root {
--bg: #0f1419;
--card: #1a2332;
--border: #2a3544;
--text: #e7ecf3;
--muted: #8b98a8;
--primary: #3b82f6;
--danger: #ef4444;
--radius: 12px;
}
* { box-sizing: border-box; }
body {
margin: 0;
font-family: "Segoe UI", system-ui, sans-serif;
background: var(--bg);
color: var(--text);
min-height: 100vh;
}
.auth-wrap {
min-height: 100vh;
display: grid;
place-items: center;
padding: 24px;
}
.auth-card, .modal-card, .node-card {
background: var(--card);
border: 1px solid var(--border);
border-radius: var(--radius);
padding: 24px;
}
.auth-card { width: min(420px, 100%); }
.auth-card h1 { margin: 0 0 8px; font-size: 1.5rem; }
.topbar {
display: flex;
justify-content: space-between;
align-items: center;
padding: 16px 24px;
border-bottom: 1px solid var(--border);
background: rgba(26, 35, 50, 0.8);
backdrop-filter: blur(8px);
position: sticky;
top: 0;
}
.container { max-width: 960px; margin: 0 auto; padding: 24px; }
.hero {
display: flex;
justify-content: space-between;
align-items: center;
gap: 16px;
margin-bottom: 24px;
}
.hero h1 { margin: 0 0 8px; }
.muted { color: var(--muted); }
.form label, .field label {
display: block;
margin: 12px 0 6px;
color: var(--muted);
font-size: 0.9rem;
}
input[type="text"],
input[type="password"],
input[readonly] {
width: 100%;
padding: 10px 12px;
border-radius: 8px;
border: 1px solid var(--border);
background: #111827;
color: var(--text);
}
.btn {
border: 1px solid var(--border);
background: #111827;
color: var(--text);
padding: 8px 14px;
border-radius: 8px;
cursor: pointer;
text-decoration: none;
display: inline-block;
}
.btn:hover { border-color: var(--primary); }
.btn.primary {
background: var(--primary);
border-color: var(--primary);
color: white;
}
.btn.ghost { background: transparent; }
.btn.danger {
color: var(--danger);
border-color: rgba(239, 68, 68, 0.4);
}
.node-list { display: grid; gap: 16px; }
.node-head {
display: flex;
justify-content: space-between;
align-items: center;
margin-bottom: 12px;
}
.node-head h2 { margin: 0; font-size: 1.1rem; }
.tag {
font-size: 0.8rem;
color: var(--muted);
background: #111827;
padding: 4px 8px;
border-radius: 999px;
}
.copy-row {
display: grid;
grid-template-columns: 1fr auto;
gap: 8px;
}
.node-actions { margin-top: 16px; text-align: right; }
.alert {
background: rgba(239, 68, 68, 0.15);
border: 1px solid rgba(239, 68, 68, 0.35);
padding: 10px 12px;
border-radius: 8px;
margin: 12px 0;
}
.toast {
position: fixed;
right: 24px;
bottom: 24px;
background: var(--card);
border: 1px solid var(--border);
padding: 12px 16px;
border-radius: 8px;
z-index: 20;
}
.hidden { display: none !important; }
.modal {
position: fixed;
inset: 0;
background: rgba(0, 0, 0, 0.55);
display: grid;
place-items: center;
padding: 24px;
z-index: 10;
}
.modal-card { width: min(420px, 100%); }
.modal-actions {
display: flex;
justify-content: flex-end;
gap: 8px;
margin-top: 20px;
}
@media (max-width: 640px) {
.hero { flex-direction: column; align-items: flex-start; }
.copy-row { grid-template-columns: 1fr; }
}
+13
View File
@@ -0,0 +1,13 @@
<!DOCTYPE html>
<html lang="zh-CN">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>{% block title %}jiedian 面板{% endblock %}</title>
<link rel="stylesheet" href="{{ url_for('static', filename='style.css') }}">
</head>
<body>
{% block body %}{% endblock %}
{% block scripts %}{% endblock %}
</body>
</html>
+65
View File
@@ -0,0 +1,65 @@
{% extends "base.html" %}
{% block title %}节点管理 · jiedian{% endblock %}
{% block body %}
<header class="topbar">
<div>
<strong>jiedian 面板</strong>
<span class="muted"> · {{ domain }}</span>
</div>
<a class="btn ghost" href="{{ url_for('logout') }}">退出</a>
</header>
<main class="container">
<section class="hero">
<div>
<h1>节点列表</h1>
<p class="muted">VPS {{ vps_ip }} · Reality 443 · Hysteria2 8443</p>
</div>
<button id="addBtn" class="btn primary">+ 添加节点</button>
</section>
<div id="toast" class="toast hidden"></div>
<div id="nodeList" class="node-list">
{% for node in nodes %}
<article class="node-card" data-id="{{ node.id }}">
<div class="node-head">
<h2>{{ node.name }}</h2>
<span class="tag">{{ node.created_at[:10] }}</span>
</div>
<div class="field">
<label>VLESS + Reality</label>
<div class="copy-row">
<input readonly value="{{ node.links.vless }}">
<button class="btn" data-copy="{{ node.links.vless }}">复制</button>
</div>
</div>
<div class="field">
<label>Hysteria2</label>
<div class="copy-row">
<input readonly value="{{ node.links.hy2 }}">
<button class="btn" data-copy="{{ node.links.hy2 }}">复制</button>
</div>
</div>
<div class="node-actions">
<button class="btn danger delete-btn" data-id="{{ node.id }}">删除</button>
</div>
</article>
{% endfor %}
</div>
</main>
<div id="modal" class="modal hidden">
<div class="modal-card">
<h3>添加节点</h3>
<label>节点名称</label>
<input id="nodeName" type="text" placeholder="例如:手机、电脑">
<div class="modal-actions">
<button id="cancelBtn" class="btn ghost">取消</button>
<button id="confirmAddBtn" class="btn primary">创建</button>
</div>
</div>
</div>
{% endblock %}
{% block scripts %}
<script src="{{ url_for('static', filename='app.js') }}"></script>
{% endblock %}
+20
View File
@@ -0,0 +1,20 @@
{% extends "base.html" %}
{% block title %}登录 · jiedian{% endblock %}
{% block body %}
<div class="auth-wrap">
<div class="auth-card">
<h1>jiedian 管理面板</h1>
<p class="muted">登录后管理节点与分享链接</p>
{% if error %}
<div class="alert">{{ error }}</div>
{% endif %}
<form method="post" class="form">
<label>用户名</label>
<input type="text" name="username" autocomplete="username" required autofocus>
<label>密码</label>
<input type="password" name="password" autocomplete="current-password" required>
<button type="submit" class="btn primary">登录</button>
</form>
</div>
</div>
{% endblock %}
+2 -96
View File
@@ -1,97 +1,3 @@
#!/usr/bin/env bash
# 证书已申请但 sing-box 未安装完成时,执行本脚本补全部署
set -euo pipefail
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
ROOT_DIR="$(dirname "$SCRIPT_DIR")"
ENV_FILE="${ROOT_DIR}/.env"
[[ $EUID -eq 0 ]] || { echo "请使用 root 运行"; exit 1; }
[[ -f "$ENV_FILE" ]] || { echo "缺少 .env"; exit 1; }
# shellcheck disable=SC1090
source "$ENV_FILE"
: "${DOMAIN:?}"
: "${UUID:?}"
: "${REALITY_PRIVATE_KEY:?}"
: "${REALITY_SHORT_ID:?}"
: "${HY2_PASSWORD:?}"
: "${REALITY_PUBLIC_KEY:?}"
if ! command -v sing-box &>/dev/null; then
echo "sing-box 未安装,请先运行: bash scripts/install.sh"
exit 1
fi
mkdir -p /etc/sing-box/certs
if [[ ! -f /etc/sing-box/certs/fullchain.pem ]]; then
echo "安装证书..."
/root/.acme.sh/acme.sh --install-cert -d "$DOMAIN" \
--key-file /etc/sing-box/certs/privkey.pem \
--fullchain-file /etc/sing-box/certs/fullchain.pem \
--reloadcmd "systemctl restart sing-box || true"
fi
echo "生成 sing-box 配置..."
sed -e "s|\${UUID}|${UUID}|g" \
-e "s|\${REALITY_SERVER_NAME}|${REALITY_SERVER_NAME:-www.microsoft.com}|g" \
-e "s|\${REALITY_PRIVATE_KEY}|${REALITY_PRIVATE_KEY}|g" \
-e "s|\${REALITY_SHORT_ID}|${REALITY_SHORT_ID}|g" \
-e "s|\${HY2_PASSWORD}|${HY2_PASSWORD}|g" \
-e "s|\${DOMAIN}|${DOMAIN}|g" \
"$ROOT_DIR/server/sing-box.json.template" > /etc/sing-box/config.json
sing-box check -c /etc/sing-box/config.json
cat > /etc/systemd/system/sing-box.service <<'UNIT'
[Unit]
Description=sing-box service
After=network-online.target nginx.service
Wants=network-online.target
[Service]
Type=simple
ExecStart=/usr/local/bin/sing-box run -c /etc/sing-box/config.json
Restart=on-failure
RestartSec=5
LimitNOFILE=1048576
[Install]
WantedBy=multi-user.target
UNIT
systemctl daemon-reload
systemctl enable sing-box
systemctl restart sing-box
CLIENT_DIR="${ROOT_DIR}/client/generated"
mkdir -p "$CLIENT_DIR"
sed -e "s|\${VPS_IP}|${VPS_IP}|g" \
-e "s|\${DOMAIN}|${DOMAIN}|g" \
-e "s|\${UUID}|${UUID}|g" \
-e "s|\${REALITY_SERVER_NAME}|${REALITY_SERVER_NAME:-www.microsoft.com}|g" \
-e "s|\${REALITY_PUBLIC_KEY}|${REALITY_PUBLIC_KEY}|g" \
-e "s|\${REALITY_SHORT_ID}|${REALITY_SHORT_ID}|g" \
-e "s|\${HY2_PASSWORD}|${HY2_PASSWORD}|g" \
"$ROOT_DIR/client/sing-box-client.json.template" > "$CLIENT_DIR/sing-box-client.json"
cat > "$CLIENT_DIR/share-links.txt" <<EOF
========== VLESS + Reality (主力) ==========
vless://${UUID}@${VPS_IP}:443?encryption=none&flow=xtls-rprx-vision&security=reality&sni=${REALITY_SERVER_NAME:-www.microsoft.com}&fp=chrome&pbk=${REALITY_PUBLIC_KEY}&sid=${REALITY_SHORT_ID}&type=tcp#Reality-Main
========== Hysteria2 (备用) ==========
hy2://${HY2_PASSWORD}@${DOMAIN}:8443?sni=${DOMAIN}#Hysteria2-Backup
EOF
/root/.acme.sh/acme.sh --install-cert -d "$DOMAIN" \
--key-file /etc/sing-box/certs/privkey.pem \
--fullchain-file /etc/sing-box/certs/fullchain.pem \
--reloadcmd "systemctl restart sing-box" \
|| echo "警告: acme reloadcmd 注册失败,sing-box 已在运行,可忽略"
echo ""
echo "完成!sing-box 状态:"
systemctl status sing-box --no-pager
echo ""
cat "$CLIENT_DIR/share-links.txt"
# 已合并到 install.sh,保留此入口以兼容旧文档
exec bash "$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)/install.sh" "$@"
+8 -9
View File
@@ -1,12 +1,11 @@
#!/usr/bin/env bash
# 生成 Reality 与 Hysteria2 所需密钥,输出到 stdout 并写入 .env
# 生成 Reality 密钥与面板登录密码,写入 .env
set -euo pipefail
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
ROOT_DIR="$(dirname "$SCRIPT_DIR")"
ENV_FILE="${ROOT_DIR}/.env"
# 依赖 sing-box 生成 reality 密钥对
if ! command -v sing-box &>/dev/null; then
echo "sing-box 未安装,使用临时下载..." >&2
TMP="$(mktemp -d)"
@@ -16,31 +15,28 @@ if ! command -v sing-box &>/dev/null; then
aarch64) SB_ARCH="arm64" ;;
*) echo "不支持的架构: $ARCH" >&2; exit 1 ;;
esac
curl -fsSL "https://github.com/SagerNet/sing-box/releases/latest/download/sing-box-1.11.0-linux-${SB_ARCH}.tar.gz" \
curl -fsSL "https://github.com/SagerNet/sing-box/releases/download/v1.11.0/sing-box-1.11.0-linux-${SB_ARCH}.tar.gz" \
| tar -xz -C "$TMP" --strip-components=1
SB="$TMP/sing-box"
else
SB="sing-box"
fi
UUID="$("$SB" generate uuid)"
KEYPAIR="$("$SB" generate reality-keypair)"
PRIVATE_KEY="$(echo "$KEYPAIR" | grep 'PrivateKey:' | awk '{print $2}')"
PUBLIC_KEY="$(echo "$KEYPAIR" | grep 'PublicKey:' | awk '{print $2}')"
SHORT_ID="$("$SB" generate rand --hex 8)"
HY2_PASSWORD="$("$SB" generate rand --base64 32 | tr -d '/+=' | head -c 24)"
PANEL_PASSWORD="$("$SB" generate rand --base64 32 | tr -d '/+=' | head -c 20)"
echo "========== 生成的密钥 =========="
echo "UUID: $UUID"
echo "REALITY_PRIVATE_KEY: $PRIVATE_KEY"
echo "REALITY_PUBLIC_KEY: $PUBLIC_KEY"
echo "REALITY_SHORT_ID: $SHORT_ID"
echo "HY2_PASSWORD: $HY2_PASSWORD"
echo "PANEL_PASSWORD: $PANEL_PASSWORD"
echo "================================"
if [[ -f "$ENV_FILE" ]]; then
# 更新或追加 .env 中的密钥字段
for var in UUID REALITY_PRIVATE_KEY REALITY_PUBLIC_KEY REALITY_SHORT_ID HY2_PASSWORD; do
for var in REALITY_PRIVATE_KEY REALITY_PUBLIC_KEY REALITY_SHORT_ID PANEL_PASSWORD; do
val="${!var}"
if grep -q "^${var}=" "$ENV_FILE" 2>/dev/null; then
sed -i "s|^${var}=.*|${var}=${val}|" "$ENV_FILE"
@@ -48,6 +44,9 @@ if [[ -f "$ENV_FILE" ]]; then
echo "${var}=${val}" >> "$ENV_FILE"
fi
done
if ! grep -q "^PANEL_USERNAME=" "$ENV_FILE" 2>/dev/null; then
echo "PANEL_USERNAME=admin" >> "$ENV_FILE"
fi
echo "已写入 $ENV_FILE"
else
echo "提示: 先复制 .env.example 为 .env 并填写 VPS_IP、DOMAIN 等,再重新运行本脚本" >&2
+81 -59
View File
@@ -1,6 +1,5 @@
#!/usr/bin/env bash
# VPS 一键部署:sing-box (Reality + Hysteria2) + Nginx fallback
# 适用:Ubuntu 22.04/24.04、Debian 12
# VPS 一键部署:sing-box + Web 管理面板
# 用法:sudo bash scripts/install.sh
set -euo pipefail
@@ -15,6 +14,20 @@ NC='\033[0m'
log() { echo -e "${GREEN}[+]${NC} $*"; }
err() { echo -e "${RED}[!]${NC} $*" >&2; exit 1; }
wait_for_apt() {
local i=0
while fuser /var/lib/dpkg/lock-frontend >/dev/null 2>&1; do
if (( i == 0 )); then
log "等待 apt 锁释放(系统自动更新中)..."
fi
(( i++ )) || true
if (( i > 120 )); then
err "apt 锁等待超时,请稍后重试: bash scripts/install.sh"
fi
sleep 5
done
}
[[ $EUID -eq 0 ]] || err "请使用 root 运行: sudo bash scripts/install.sh"
[[ -f "$ENV_FILE" ]] || err "缺少 .env 文件,请先: cp .env.example .env 并填写"
@@ -25,17 +38,30 @@ source "$ENV_FILE"
: "${DOMAIN:?请在 .env 中设置 DOMAIN}"
: "${ACME_EMAIL:?请在 .env 中设置 ACME_EMAIL}"
: "${REALITY_SERVER_NAME:=www.microsoft.com}"
: "${PANEL_USERNAME:=admin}"
if [[ -z "${UUID:-}" || -z "${REALITY_PRIVATE_KEY:-}" ]]; then
log "未检测到密钥,运行 generate-keys.sh ..."
if [[ -z "${REALITY_PRIVATE_KEY:-}" ]]; then
log "未检测到 Reality 密钥,运行 generate-keys.sh ..."
bash "$SCRIPT_DIR/generate-keys.sh"
source "$ENV_FILE"
fi
: "${UUID:?}"
if [[ -z "${PANEL_PASSWORD:-}" ]]; then
PANEL_PASSWORD="$(sing-box generate rand --base64 32 | tr -d '/+=' | head -c 20)"
if grep -q "^PANEL_PASSWORD=" "$ENV_FILE" 2>/dev/null; then
sed -i "s|^PANEL_PASSWORD=.*|PANEL_PASSWORD=${PANEL_PASSWORD}|" "$ENV_FILE"
else
echo "PANEL_PASSWORD=${PANEL_PASSWORD}" >> "$ENV_FILE"
fi
source "$ENV_FILE"
fi
: "${REALITY_PRIVATE_KEY:?}"
: "${REALITY_PUBLIC_KEY:?}"
: "${REALITY_SHORT_ID:?}"
: "${HY2_PASSWORD:?}"
: "${PANEL_PASSWORD:?}"
export JIEDIAN_ROOT="$ROOT_DIR"
ARCH="$(uname -m)"
case "$ARCH" in
@@ -47,10 +73,11 @@ esac
SB_VERSION="1.11.0"
SB_URL="https://github.com/SagerNet/sing-box/releases/download/v${SB_VERSION}/sing-box-${SB_VERSION}-linux-${SB_ARCH}.tar.gz"
wait_for_apt
log "更新系统包 ..."
export DEBIAN_FRONTEND=noninteractive
apt-get update -qq
apt-get install -y -qq curl wget nginx ufw ca-certificates
apt-get install -y -qq curl wget nginx ufw ca-certificates python3 python3-venv python3-pip
log "安装 sing-box ${SB_VERSION} ..."
TMP="$(mktemp -d)"
@@ -66,6 +93,7 @@ ufw allow 22/tcp comment 'SSH'
ufw allow 80/tcp comment 'HTTP-ACME'
ufw allow 443/tcp comment 'Reality'
ufw allow 8443/udp comment 'Hysteria2'
ufw allow 8444/tcp comment 'Panel-HTTPS'
ufw --force enable
log "部署 Nginx fallback 站点 ..."
@@ -80,7 +108,6 @@ mkdir -p /var/www/acme
sed "s|__DOMAIN__|${DOMAIN}|g" "$ROOT_DIR/server/nginx/acme.conf.template" \
> /etc/nginx/sites-available/acme
ln -sf /etc/nginx/sites-available/acme /etc/nginx/sites-enabled/acme
nginx -t && systemctl enable nginx && systemctl restart nginx
log "申请 TLS 证书 (Let's Encrypt) ..."
mkdir -p /etc/sing-box/certs
@@ -90,7 +117,6 @@ fi
# shellcheck disable=SC1091
source /root/.acme.sh/acme.sh.env || true
# 确保域名已解析到本机
CURRENT_IP="$(curl -4 -fsSL ifconfig.me 2>/dev/null || curl -4 -fsSL ip.sb)"
if [[ "$CURRENT_IP" != "$VPS_IP" ]]; then
err "域名 $DOMAIN 需先解析到 VPS IP ($VPS_IP),当前 VPS 出口 IP 为 $CURRENT_IP"
@@ -106,19 +132,23 @@ log "安装 TLS 证书到 sing-box ..."
--key-file /etc/sing-box/certs/privkey.pem \
--fullchain-file /etc/sing-box/certs/fullchain.pem
log "部署管理面板 Nginx (8444) ..."
sed "s|__DOMAIN__|${DOMAIN}|g" "$ROOT_DIR/server/nginx/panel.conf.template" \
> /etc/nginx/sites-available/panel
ln -sf /etc/nginx/sites-available/panel /etc/nginx/sites-enabled/panel
nginx -t && systemctl enable nginx && systemctl restart nginx
log "安装 Python 面板依赖 ..."
python3 -m venv "$ROOT_DIR/panel/venv"
"$ROOT_DIR/panel/venv/bin/pip" install -q -r "$ROOT_DIR/panel/requirements.txt"
log "初始化节点数据库 ..."
python3 "$ROOT_DIR/panel/init_db.py"
log "生成 sing-box 服务端配置 ..."
mkdir -p /etc/sing-box/certs
sed -e "s|\${UUID}|${UUID}|g" \
-e "s|\${REALITY_SERVER_NAME}|${REALITY_SERVER_NAME}|g" \
-e "s|\${REALITY_PRIVATE_KEY}|${REALITY_PRIVATE_KEY}|g" \
-e "s|\${REALITY_SHORT_ID}|${REALITY_SHORT_ID}|g" \
-e "s|\${HY2_PASSWORD}|${HY2_PASSWORD}|g" \
-e "s|\${DOMAIN}|${DOMAIN}|g" \
"$ROOT_DIR/server/sing-box.json.template" > /etc/sing-box/config.json
python3 "$ROOT_DIR/scripts/render-server.py"
sing-box check -c /etc/sing-box/config.json
log "创建 systemd 服务 ..."
log "创建 sing-box systemd 服务 ..."
cat > /etc/systemd/system/sing-box.service <<'UNIT'
[Unit]
Description=sing-box service
@@ -136,54 +166,46 @@ LimitNOFILE=1048576
WantedBy=multi-user.target
UNIT
log "创建管理面板 systemd 服务 ..."
cat > /etc/systemd/system/jiedian-panel.service <<UNIT
[Unit]
Description=jiedian admin panel
After=network.target sing-box.service
[Service]
Type=simple
WorkingDirectory=${ROOT_DIR}/panel
Environment=JIEDIAN_ROOT=${ROOT_DIR}
ExecStart=${ROOT_DIR}/panel/venv/bin/python app.py
Restart=on-failure
RestartSec=5
[Install]
WantedBy=multi-user.target
UNIT
systemctl daemon-reload
systemctl enable sing-box
systemctl enable sing-box jiedian-panel
log "注册证书续期 reload 命令 ..."
/root/.acme.sh/acme.sh --install-cert -d "$DOMAIN" \
--key-file /etc/sing-box/certs/privkey.pem \
--fullchain-file /etc/sing-box/certs/fullchain.pem \
--reloadcmd "systemctl restart sing-box" \
|| log "acme reloadcmd 注册失败,可忽略(服务已配置)"
|| log "acme reloadcmd 注册失败,可忽略"
systemctl restart sing-box
log "生成客户端配置 ..."
CLIENT_DIR="${ROOT_DIR}/client/generated"
mkdir -p "$CLIENT_DIR"
: "${REALITY_PUBLIC_KEY:?请在 .env 中设置 REALITY_PUBLIC_KEY(运行 generate-keys.sh 可自动生成)}"
sed -e "s|\${VPS_IP}|${VPS_IP}|g" \
-e "s|\${DOMAIN}|${DOMAIN}|g" \
-e "s|\${UUID}|${UUID}|g" \
-e "s|\${REALITY_SERVER_NAME}|${REALITY_SERVER_NAME}|g" \
-e "s|\${REALITY_PUBLIC_KEY}|${REALITY_PUBLIC_KEY}|g" \
-e "s|\${REALITY_SHORT_ID}|${REALITY_SHORT_ID}|g" \
-e "s|\${HY2_PASSWORD}|${HY2_PASSWORD}|g" \
"$ROOT_DIR/client/sing-box-client.json.template" > "$CLIENT_DIR/sing-box-client.json"
# 生成分享链接
cat > "$CLIENT_DIR/share-links.txt" <<EOF
========== VLESS + Reality (主力) ==========
vless://${UUID}@${VPS_IP}:443?encryption=none&flow=xtls-rprx-vision&security=reality&sni=${REALITY_SERVER_NAME}&fp=chrome&pbk=${REALITY_PUBLIC_KEY}&sid=${REALITY_SHORT_ID}&type=tcp#Reality-Main
========== Hysteria2 (备用) ==========
hy2://${HY2_PASSWORD}@${DOMAIN}:8443?sni=${DOMAIN}#Hysteria2-Backup
========== 参数明细 ==========
VPS IP: ${VPS_IP}
UUID: ${UUID}
Reality SNI: ${REALITY_SERVER_NAME}
Reality PublicKey: ${REALITY_PUBLIC_KEY}
Reality ShortId: ${REALITY_SHORT_ID}
Hysteria2 域名: ${DOMAIN}
Hysteria2 密码: ${HY2_PASSWORD}
EOF
systemctl restart sing-box jiedian-panel
log "部署完成!"
echo ""
cat "$CLIENT_DIR/share-links.txt"
echo "=========================================="
echo " 管理面板: https://${DOMAIN}:8444"
echo " 用户名: ${PANEL_USERNAME}"
echo " 密码: ${PANEL_PASSWORD}"
echo "=========================================="
echo ""
log "客户端配置文件: ${CLIENT_DIR}/sing-box-client.json"
log "sing-box 状态: systemctl status sing-box"
log "查看日志: journalctl -u sing-box -f"
echo "节点链接请在面板中添加/复制。"
echo ""
log "sing-box: systemctl status sing-box"
log "面板: systemctl status jiedian-panel"
log "卸载重装: bash scripts/uninstall.sh && bash scripts/install.sh"
+125
View File
@@ -0,0 +1,125 @@
#!/usr/bin/env python3
"""根据 data/nodes.db 与 .env 生成 sing-box 服务端配置。"""
from __future__ import annotations
import json
import os
import sqlite3
import subprocess
import sys
from pathlib import Path
ROOT = Path(os.environ.get("JIEDIAN_ROOT", Path(__file__).resolve().parents[1]))
ENV_FILE = ROOT / ".env"
DB_FILE = ROOT / "data" / "nodes.db"
OUT_FILE = Path("/etc/sing-box/config.json")
def load_env(path: Path) -> dict[str, str]:
env: dict[str, str] = {}
if not path.exists():
raise SystemExit(f"缺少 .env: {path}")
for line in path.read_text(encoding="utf-8").splitlines():
line = line.strip()
if not line or line.startswith("#") or "=" not in line:
continue
key, _, value = line.partition("=")
env[key.strip()] = value.strip()
return env
def load_nodes(db_path: Path) -> list[dict]:
if not db_path.exists():
raise SystemExit(f"缺少节点数据库: {db_path},请先运行 install.sh")
conn = sqlite3.connect(db_path)
conn.row_factory = sqlite3.Row
rows = conn.execute(
"SELECT id, name, uuid, hy2_password FROM nodes WHERE enabled = 1 ORDER BY id"
).fetchall()
conn.close()
if not rows:
raise SystemExit("没有可用节点,请在管理面板中添加节点")
return [dict(row) for row in rows]
def build_config(env: dict[str, str], nodes: list[dict]) -> dict:
required = [
"REALITY_PRIVATE_KEY",
"REALITY_SHORT_ID",
"REALITY_SERVER_NAME",
"DOMAIN",
]
for key in required:
if not env.get(key):
raise SystemExit(f".env 缺少 {key}")
vless_users = [{"uuid": n["uuid"], "flow": "xtls-rprx-vision"} for n in nodes]
hy2_users = [{"password": n["hy2_password"]} for n in nodes]
return {
"log": {"level": "warn", "timestamp": True},
"inbounds": [
{
"type": "vless",
"tag": "vless-reality-in",
"listen": "0.0.0.0",
"listen_port": 443,
"users": vless_users,
"tls": {
"enabled": True,
"server_name": env["REALITY_SERVER_NAME"],
"reality": {
"enabled": True,
"handshake": {
"server": env["REALITY_SERVER_NAME"],
"server_port": 443,
},
"private_key": env["REALITY_PRIVATE_KEY"],
"short_id": [env["REALITY_SHORT_ID"]],
},
},
},
{
"type": "hysteria2",
"tag": "hysteria2-in",
"listen": "0.0.0.0",
"listen_port": 8443,
"users": hy2_users,
"tls": {
"enabled": True,
"server_name": env["DOMAIN"],
"certificate_path": "/etc/sing-box/certs/fullchain.pem",
"key_path": "/etc/sing-box/certs/privkey.pem",
},
},
],
"outbounds": [{"type": "direct", "tag": "direct"}],
"route": {
"rules": [{"ip_is_private": True, "action": "reject"}],
"final": "direct",
},
}
def main() -> None:
env = load_env(ENV_FILE)
nodes = load_nodes(DB_FILE)
config = build_config(env, nodes)
OUT_FILE.parent.mkdir(parents=True, exist_ok=True)
OUT_FILE.write_text(json.dumps(config, indent=2, ensure_ascii=False) + "\n", encoding="utf-8")
check = subprocess.run(
["sing-box", "check", "-c", str(OUT_FILE)],
capture_output=True,
text=True,
)
if check.returncode != 0:
sys.stderr.write(check.stderr or check.stdout)
raise SystemExit(check.returncode)
print(f"已生成 {OUT_FILE}{len(nodes)} 个节点)")
if __name__ == "__main__":
main()
+39
View File
@@ -0,0 +1,39 @@
#!/usr/bin/env bash
# 卸载 jiediansing-box + 管理面板 + nginx 站点)
# 用法:sudo bash scripts/uninstall.sh
set -euo pipefail
[[ $EUID -eq 0 ]] || { echo "请使用 root 运行"; exit 1; }
echo "[*] 停止服务 ..."
systemctl stop jiedian-panel sing-box 2>/dev/null || true
systemctl disable jiedian-panel sing-box 2>/dev/null || true
echo "[*] 删除 systemd 单元 ..."
rm -f /etc/systemd/system/jiedian-panel.service
rm -f /etc/systemd/system/sing-box.service
systemctl daemon-reload
echo "[*] 删除 sing-box 配置 ..."
rm -rf /etc/sing-box
echo "[*] 删除 nginx 站点 ..."
rm -f /etc/nginx/sites-enabled/panel
rm -f /etc/nginx/sites-available/panel
rm -f /etc/nginx/sites-enabled/acme
rm -f /etc/nginx/sites-available/acme
rm -f /etc/nginx/sites-enabled/fallback
rm -f /etc/nginx/sites-available/fallback
nginx -t && systemctl reload nginx 2>/dev/null || true
echo "[*] 清理本地数据(保留 .env 与代码)..."
ROOT="$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd)"
rm -rf "${ROOT}/data"
rm -rf "${ROOT}/panel/venv"
rm -rf "${ROOT}/client/generated"
echo ""
echo "卸载完成。重新安装:"
echo " cd ${ROOT}"
echo " bash scripts/generate-keys.sh # 可选,重置 Reality 密钥与面板密码"
echo " bash scripts/install.sh"
+18
View File
@@ -0,0 +1,18 @@
server {
listen 8444 ssl;
listen [::]:8444 ssl;
server_name __DOMAIN__;
ssl_certificate /etc/sing-box/certs/fullchain.pem;
ssl_certificate_key /etc/sing-box/certs/privkey.pem;
ssl_protocols TLSv1.2 TLSv1.3;
location / {
proxy_pass http://127.0.0.1:5080;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}