#!/usr/bin/env bash # 证书已申请但 sing-box 未安装完成时,执行本脚本补全部署 set -euo pipefail SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" ROOT_DIR="$(dirname "$SCRIPT_DIR")" ENV_FILE="${ROOT_DIR}/.env" [[ $EUID -eq 0 ]] || { echo "请使用 root 运行"; exit 1; } [[ -f "$ENV_FILE" ]] || { echo "缺少 .env"; exit 1; } # shellcheck disable=SC1090 source "$ENV_FILE" : "${DOMAIN:?}" : "${UUID:?}" : "${REALITY_PRIVATE_KEY:?}" : "${REALITY_SHORT_ID:?}" : "${HY2_PASSWORD:?}" : "${REALITY_PUBLIC_KEY:?}" if ! command -v sing-box &>/dev/null; then echo "sing-box 未安装,请先运行: bash scripts/install.sh" exit 1 fi mkdir -p /etc/sing-box/certs if [[ ! -f /etc/sing-box/certs/fullchain.pem ]]; then echo "安装证书..." /root/.acme.sh/acme.sh --install-cert -d "$DOMAIN" \ --key-file /etc/sing-box/certs/privkey.pem \ --fullchain-file /etc/sing-box/certs/fullchain.pem \ --reloadcmd "systemctl restart sing-box || true" fi echo "生成 sing-box 配置..." sed -e "s|\${UUID}|${UUID}|g" \ -e "s|\${REALITY_SERVER_NAME}|${REALITY_SERVER_NAME:-www.microsoft.com}|g" \ -e "s|\${REALITY_PRIVATE_KEY}|${REALITY_PRIVATE_KEY}|g" \ -e "s|\${REALITY_SHORT_ID}|${REALITY_SHORT_ID}|g" \ -e "s|\${HY2_PASSWORD}|${HY2_PASSWORD}|g" \ -e "s|\${DOMAIN}|${DOMAIN}|g" \ "$ROOT_DIR/server/sing-box.json.template" > /etc/sing-box/config.json sing-box check -c /etc/sing-box/config.json cat > /etc/systemd/system/sing-box.service <<'UNIT' [Unit] Description=sing-box service After=network-online.target nginx.service Wants=network-online.target [Service] Type=simple ExecStart=/usr/local/bin/sing-box run -c /etc/sing-box/config.json Restart=on-failure RestartSec=5 LimitNOFILE=1048576 [Install] WantedBy=multi-user.target UNIT systemctl daemon-reload systemctl enable sing-box systemctl restart sing-box CLIENT_DIR="${ROOT_DIR}/client/generated" mkdir -p "$CLIENT_DIR" sed -e "s|\${VPS_IP}|${VPS_IP}|g" \ -e "s|\${DOMAIN}|${DOMAIN}|g" \ -e "s|\${UUID}|${UUID}|g" \ -e "s|\${REALITY_SERVER_NAME}|${REALITY_SERVER_NAME:-www.microsoft.com}|g" \ -e "s|\${REALITY_PUBLIC_KEY}|${REALITY_PUBLIC_KEY}|g" \ -e "s|\${REALITY_SHORT_ID}|${REALITY_SHORT_ID}|g" \ -e "s|\${HY2_PASSWORD}|${HY2_PASSWORD}|g" \ "$ROOT_DIR/client/sing-box-client.json.template" > "$CLIENT_DIR/sing-box-client.json" cat > "$CLIENT_DIR/share-links.txt" <