fix: prevent decoy site activation when no decoy path provided
This commit is contained in:
Whispering Wind
@ -6,29 +6,23 @@ CADDY_CONFIG_FILE="/etc/hysteria/core/scripts/webpanel/Caddyfile"
|
|||||||
WEBPANEL_ENV_FILE="/etc/hysteria/core/scripts/webpanel/.env"
|
WEBPANEL_ENV_FILE="/etc/hysteria/core/scripts/webpanel/.env"
|
||||||
|
|
||||||
install_dependencies() {
|
install_dependencies() {
|
||||||
# Update system
|
|
||||||
sudo apt update -y > /dev/null 2>&1
|
sudo apt update -y > /dev/null 2>&1
|
||||||
|
|
||||||
# Install dependencies
|
|
||||||
sudo apt install -y debian-keyring debian-archive-keyring apt-transport-https curl > /dev/null 2>&1
|
sudo apt install -y debian-keyring debian-archive-keyring apt-transport-https curl > /dev/null 2>&1
|
||||||
|
|
||||||
# Add Caddy repository
|
|
||||||
curl -fsSL https://dl.cloudsmith.io/public/caddy/stable/gpg.key | sudo tee /etc/apt/trusted.gpg.d/caddy.asc > /dev/null 2>&1
|
curl -fsSL https://dl.cloudsmith.io/public/caddy/stable/gpg.key | sudo tee /etc/apt/trusted.gpg.d/caddy.asc > /dev/null 2>&1
|
||||||
echo "deb [signed-by=/etc/apt/trusted.gpg.d/caddy.asc] https://dl.cloudsmith.io/public/caddy/stable/deb/ubuntu/ $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/caddy-stable.list > /dev/null 2>&1
|
echo "deb [signed-by=/etc/apt/trusted.gpg.d/caddy.asc] https://dl.cloudsmith.io/public/caddy/stable/deb/ubuntu/ $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/caddy-stable.list > /dev/null 2>&1
|
||||||
|
|
||||||
# Update package index again with Caddy repo
|
|
||||||
sudo apt update -y > /dev/null 2>&1
|
sudo apt update -y > /dev/null 2>&1
|
||||||
|
|
||||||
apt install libnss3-tools -y > /dev/null 2>&1
|
apt install libnss3-tools -y > /dev/null 2>&1
|
||||||
|
|
||||||
# Install Caddy
|
|
||||||
sudo apt install -y caddy
|
sudo apt install -y caddy
|
||||||
if [ $? -ne 0 ]; then
|
if [ $? -ne 0 ]; then
|
||||||
echo -e "${red}Error: Failed to install Caddy. ${NC}"
|
echo -e "${red}Error: Failed to install Caddy. ${NC}"
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Stop and disable Caddy service
|
|
||||||
systemctl stop caddy > /dev/null 2>&1
|
systemctl stop caddy > /dev/null 2>&1
|
||||||
systemctl disable caddy > /dev/null 2>&1
|
systemctl disable caddy > /dev/null 2>&1
|
||||||
|
|
||||||
@ -59,7 +53,7 @@ ADMIN_PASSWORD=$admin_password_hash
|
|||||||
EXPIRATION_MINUTES=$expiration_minutes
|
EXPIRATION_MINUTES=$expiration_minutes
|
||||||
EOL
|
EOL
|
||||||
|
|
||||||
if [ -n "$decoy_path" ]; then
|
if [ -n "$decoy_path" ] && [ "$decoy_path" != "None" ]; then
|
||||||
echo "DECOY_PATH=$decoy_path" >> /etc/hysteria/core/scripts/webpanel/.env
|
echo "DECOY_PATH=$decoy_path" >> /etc/hysteria/core/scripts/webpanel/.env
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
@ -67,31 +61,21 @@ EOL
|
|||||||
update_caddy_file() {
|
update_caddy_file() {
|
||||||
source /etc/hysteria/core/scripts/webpanel/.env
|
source /etc/hysteria/core/scripts/webpanel/.env
|
||||||
|
|
||||||
# Ensure all required variables are set
|
|
||||||
if [ -z "$DOMAIN" ] || [ -z "$ROOT_PATH" ] || [ -z "$PORT" ]; then
|
if [ -z "$DOMAIN" ] || [ -z "$ROOT_PATH" ] || [ -z "$PORT" ]; then
|
||||||
echo -e "${red}Error: One or more environment variables are missing.${NC}"
|
echo -e "${red}Error: One or more environment variables are missing.${NC}"
|
||||||
return 1
|
return 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [ -n "$DECOY_PATH" ] && [ "$PORT" -eq 443 ]; then
|
if [ -n "$DECOY_PATH" ] && [ "$DECOY_PATH" != "None" ] && [ "$PORT" -eq 443 ]; then
|
||||||
cat <<EOL > "$CADDY_CONFIG_FILE"
|
cat <<EOL > "$CADDY_CONFIG_FILE"
|
||||||
# Global configuration
|
|
||||||
{
|
{
|
||||||
# Disable admin panel of the Caddy
|
|
||||||
admin off
|
admin off
|
||||||
# Disable automatic HTTP to HTTPS redirects so the Caddy won't listen on port 80 (We need this port for other parts of the project)
|
|
||||||
auto_https disable_redirects
|
auto_https disable_redirects
|
||||||
}
|
}
|
||||||
|
|
||||||
# Listen for incoming requests on the specified domain and port
|
|
||||||
$DOMAIN:$PORT {
|
$DOMAIN:$PORT {
|
||||||
# Define a route to handle all requests starting with ROOT_PATH('/$ROOT_PATH/')
|
|
||||||
route /$ROOT_PATH/* {
|
route /$ROOT_PATH/* {
|
||||||
# We don't strip the ROOT_PATH('/$ROOT_PATH/') from the request
|
|
||||||
# uri strip_prefix /$ROOT_PATH
|
|
||||||
|
|
||||||
# We are proxying all requests under the ROOT_PATH to FastAPI at 127.0.0.1:28260
|
|
||||||
# FastAPI handles these requests because we set the 'root_path' parameter in the FastAPI instance.
|
|
||||||
reverse_proxy http://127.0.0.1:28260
|
reverse_proxy http://127.0.0.1:28260
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -109,9 +93,7 @@ EOL
|
|||||||
cat <<EOL > "$CADDY_CONFIG_FILE"
|
cat <<EOL > "$CADDY_CONFIG_FILE"
|
||||||
# Global configuration
|
# Global configuration
|
||||||
{
|
{
|
||||||
# Disable admin panel of the Caddy
|
|
||||||
admin off
|
admin off
|
||||||
# Disable automatic HTTP to HTTPS redirects so the Caddy won't listen on port 80 (We need this port for other parts of the project)
|
|
||||||
auto_https disable_redirects
|
auto_https disable_redirects
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -137,7 +119,7 @@ $DOMAIN:$PORT {
|
|||||||
}
|
}
|
||||||
EOL
|
EOL
|
||||||
|
|
||||||
if [ -n "$DECOY_PATH" ] && [ "$PORT" -ne 443 ]; then
|
if [ -n "$DECOY_PATH" ] && [ "$DECOY_PATH" != "None" ] && [ "$PORT" -ne 443 ]; then
|
||||||
cat <<EOL >> "$CADDY_CONFIG_FILE"
|
cat <<EOL >> "$CADDY_CONFIG_FILE"
|
||||||
|
|
||||||
# Decoy site on port 443
|
# Decoy site on port 443
|
||||||
@ -199,29 +181,24 @@ start_service() {
|
|||||||
local debug=$6
|
local debug=$6
|
||||||
local decoy_path=$7
|
local decoy_path=$7
|
||||||
|
|
||||||
# Install required dependencies
|
|
||||||
install_dependencies
|
install_dependencies
|
||||||
|
|
||||||
# Update environment file
|
|
||||||
update_env_file "$domain" "$port" "$admin_username" "$admin_password" "$expiration_minutes" "$debug" "$decoy_path"
|
update_env_file "$domain" "$port" "$admin_username" "$admin_password" "$expiration_minutes" "$debug" "$decoy_path"
|
||||||
if [ $? -ne 0 ]; then
|
if [ $? -ne 0 ]; then
|
||||||
echo -e "${red}Error: Failed to update the environment file.${NC}"
|
echo -e "${red}Error: Failed to update the environment file.${NC}"
|
||||||
return 1
|
return 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Create the web panel service file
|
|
||||||
create_webpanel_service_file
|
create_webpanel_service_file
|
||||||
if [ $? -ne 0 ]; then
|
if [ $? -ne 0 ]; then
|
||||||
echo -e "${red}Error: Failed to create the webpanel service file.${NC}"
|
echo -e "${red}Error: Failed to create the webpanel service file.${NC}"
|
||||||
return 1
|
return 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Reload systemd and enable webpanel service
|
|
||||||
systemctl daemon-reload
|
systemctl daemon-reload
|
||||||
systemctl enable hysteria-webpanel.service > /dev/null 2>&1
|
systemctl enable hysteria-webpanel.service > /dev/null 2>&1
|
||||||
systemctl start hysteria-webpanel.service > /dev/null 2>&1
|
systemctl start hysteria-webpanel.service > /dev/null 2>&1
|
||||||
|
|
||||||
# Check if the web panel is running
|
|
||||||
if systemctl is-active --quiet hysteria-webpanel.service; then
|
if systemctl is-active --quiet hysteria-webpanel.service; then
|
||||||
echo -e "${green}Hysteria web panel setup completed. The web panel is running locally on: http://127.0.0.1:28260/${NC}"
|
echo -e "${green}Hysteria web panel setup completed. The web panel is running locally on: http://127.0.0.1:28260/${NC}"
|
||||||
else
|
else
|
||||||
@ -229,7 +206,6 @@ start_service() {
|
|||||||
return 1
|
return 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Update Caddy configuration
|
|
||||||
update_caddy_file
|
update_caddy_file
|
||||||
if [ $? -ne 0 ]; then
|
if [ $? -ne 0 ]; then
|
||||||
echo -e "${red}Error: Failed to update the Caddyfile.${NC}"
|
echo -e "${red}Error: Failed to update the Caddyfile.${NC}"
|
||||||
@ -242,7 +218,6 @@ start_service() {
|
|||||||
return 1
|
return 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Reload systemd and enable/start Caddy service
|
|
||||||
systemctl daemon-reload
|
systemctl daemon-reload
|
||||||
systemctl enable hysteria-caddy.service
|
systemctl enable hysteria-caddy.service
|
||||||
systemctl start hysteria-caddy.service
|
systemctl start hysteria-caddy.service
|
||||||
@ -251,13 +226,12 @@ start_service() {
|
|||||||
return 1
|
return 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Check if the web panel is still running after Caddy restart
|
|
||||||
if systemctl is-active --quiet hysteria-webpanel.service; then
|
if systemctl is-active --quiet hysteria-webpanel.service; then
|
||||||
source /etc/hysteria/core/scripts/webpanel/.env
|
source /etc/hysteria/core/scripts/webpanel/.env
|
||||||
local webpanel_url="http://$domain:$port/$ROOT_PATH/"
|
local webpanel_url="http://$domain:$port/$ROOT_PATH/"
|
||||||
echo -e "${green}Hysteria web panel is now running. The service is accessible on: $webpanel_url ${NC}"
|
echo -e "${green}Hysteria web panel is now running. The service is accessible on: $webpanel_url ${NC}"
|
||||||
|
|
||||||
if [ -n "$decoy_path" ]; then
|
if [ -n "$DECOY_PATH" ] && [ "$DECOY_PATH" != "None" ]; then
|
||||||
if [ "$port" -eq 443 ]; then
|
if [ "$port" -eq 443 ]; then
|
||||||
echo -e "${green}Decoy site is configured on the same port (443) and will handle non-webpanel paths.${NC}"
|
echo -e "${green}Decoy site is configured on the same port (443) and will handle non-webpanel paths.${NC}"
|
||||||
else
|
else
|
||||||
@ -313,7 +287,7 @@ stop_decoy_site() {
|
|||||||
|
|
||||||
source /etc/hysteria/core/scripts/webpanel/.env
|
source /etc/hysteria/core/scripts/webpanel/.env
|
||||||
|
|
||||||
if [ -z "$DECOY_PATH" ]; then
|
if [ -z "$DECOY_PATH" ] || [ "$DECOY_PATH" = "None" ]; then
|
||||||
echo -e "${yellow}No decoy site is currently configured.${NC}"
|
echo -e "${yellow}No decoy site is currently configured.${NC}"
|
||||||
return 0
|
return 0
|
||||||
fi
|
fi
|
||||||
|
|||||||
Reference in New Issue
Block a user