Skip to content

Commit 32b6ac7

Browse files
eGamesAPIeGamesAPI
committed
update
1 parent 8fe402b commit 32b6ac7

1 file changed

Lines changed: 96 additions & 73 deletions

File tree

src/caddy/install_node.sh

Lines changed: 96 additions & 73 deletions
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
#!/bin/bash
2-
# Module: Install Node
2+
# Module: Install Node Only
33

4-
install_node_caddy() {
4+
install_node_nginx() {
55
# Load selfsteal templates module
66
load_selfsteal_templates_module
77

@@ -49,7 +49,11 @@ install_node_caddy() {
4949
exit 1
5050
fi
5151

52-
cat > docker-compose.yml <<EOL
52+
SELFSTEAL_BASE_DOMAIN=$(extract_domain "$SELFSTEAL_DOMAIN")
53+
54+
unique_domains["$SELFSTEAL_BASE_DOMAIN"]=1
55+
56+
cat > docker-compose.yml <<EOL
5357
x-common: &common
5458
ulimits:
5559
nofile:
@@ -65,85 +69,104 @@ x-logging: &logging
6569
max-file: 5
6670
6771
services:
68-
caddy:
69-
image: caddy:2.11.2
70-
container_name: caddy-remnawave
71-
hostname: caddy-remnawave
72-
<<: [*common, *logging]
73-
network_mode: host
74-
volumes:
75-
- ./Caddyfile:/etc/caddy/Caddyfile
76-
- /var/www/html:/var/www/html:ro
77-
- /dev/shm:/dev/shm:rw
78-
- caddy_data:/data
79-
command: sh -c 'rm -f /dev/shm/nginx.sock && caddy run --config /etc/caddy/Caddyfile --adapter caddyfile'
80-
environment:
81-
- CADDY_SOCKET_PATH=/dev/shm/nginx.sock
82-
- SELF_STEAL_DOMAIN=${SELFSTEAL_DOMAIN}
83-
healthcheck:
84-
test: ["CMD", "test", "-S", "/dev/shm/nginx.sock"]
85-
interval: 2s
86-
timeout: 5s
87-
retries: 15
88-
start_period: 5s
89-
90-
remnanode:
91-
image: remnawave/node:latest
92-
container_name: remnanode
93-
hostname: remnanode
94-
<<: [*common, *logging]
95-
network_mode: host
96-
cap_add:
97-
- NET_ADMIN
98-
environment:
99-
- NODE_PORT=2222
100-
- SECRET_KEY=$(echo -e "$CERTIFICATE")
101-
volumes:
102-
- /dev/shm:/dev/shm:rw
103-
104-
volumes:
105-
caddy_data:
106-
name: caddy_data
107-
driver: local
108-
external: false
72+
remnawave-nginx:
73+
image: nginx:1.28
74+
container_name: remnawave-nginx
75+
hostname: remnawave-nginx
76+
<<: [*common, *logging]
77+
network_mode: host
78+
volumes:
79+
- ./nginx.conf:/etc/nginx/conf.d/default.conf:ro
10980
EOL
110-
111-
cat > /opt/remnanode/Caddyfile <<EOL
112-
{
113-
admin off
114-
servers {
115-
listener_wrappers {
116-
proxy_protocol
117-
tls
118-
}
119-
}
120-
auto_https disable_redirects
12181
}
12282

123-
http://{\$SELF_STEAL_DOMAIN} {
124-
bind 0.0.0.0
125-
redir https://{\$SELF_STEAL_DOMAIN}{uri} permanent
83+
installation_node() {
84+
echo -e "${COLOR_YELLOW}${LANG[INSTALLING_NODE]}${COLOR_RESET}"
85+
sleep 1
86+
87+
declare -A unique_domains
88+
install_node_nginx
89+
90+
declare -A domains_to_check
91+
domains_to_check["$SELFSTEAL_DOMAIN"]=1
92+
93+
handle_certificates domains_to_check "$CERT_METHOD" "$LETSENCRYPT_EMAIL"
94+
95+
if [ -z "$CERT_METHOD" ]; then
96+
local base_domain=$(extract_domain "$SELFSTEAL_DOMAIN")
97+
if [ -d "/etc/letsencrypt/live/$base_domain" ] && is_wildcard_cert "$base_domain"; then
98+
CERT_METHOD="1"
99+
else
100+
CERT_METHOD="2"
101+
fi
102+
fi
103+
104+
if [ "$CERT_METHOD" == "1" ]; then
105+
local base_domain=$(extract_domain "$SELFSTEAL_DOMAIN")
106+
NODE_CERT_DOMAIN="$base_domain"
107+
else
108+
NODE_CERT_DOMAIN="$SELFSTEAL_DOMAIN"
109+
fi
110+
111+
cat >> /opt/remnanode/docker-compose.yml <<EOL
112+
- /dev/shm:/dev/shm:rw
113+
- /var/www/html:/var/www/html:ro
114+
command: sh -c 'rm -f /dev/shm/nginx.sock && exec nginx -g "daemon off;"'
115+
116+
remnanode:
117+
image: remnawave/node:latest
118+
container_name: remnanode
119+
hostname: remnanode
120+
<<: [*common, *logging]
121+
network_mode: host
122+
cap_add:
123+
- NET_ADMIN
124+
environment:
125+
- NODE_PORT=2222
126+
- SECRET_KEY=$(echo -e "$CERTIFICATE")
127+
volumes:
128+
- /dev/shm:/dev/shm:rw
129+
EOL
130+
131+
cat > /opt/remnanode/nginx.conf <<EOL
132+
server_names_hash_bucket_size 64;
133+
134+
map \$http_upgrade \$connection_upgrade {
135+
default upgrade;
136+
"" close;
126137
}
127138
128-
https://{\$SELF_STEAL_DOMAIN} {
129-
bind unix/{\$CADDY_SOCKET_PATH}
130-
root * /var/www/html
131-
try_files {path} /index.html
132-
file_server
139+
ssl_protocols TLSv1.2 TLSv1.3;
140+
ssl_ecdh_curve X25519:prime256v1:secp384r1;
141+
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305;
142+
ssl_prefer_server_ciphers on;
143+
ssl_session_timeout 1d;
144+
ssl_session_cache shared:MozSSL:10m;
145+
ssl_session_tickets off;
146+
147+
server {
148+
server_name $SELFSTEAL_DOMAIN;
149+
listen unix:/dev/shm/nginx.sock ssl proxy_protocol;
150+
http2 on;
151+
152+
ssl_certificate "/etc/nginx/ssl/$NODE_CERT_DOMAIN/fullchain.pem";
153+
ssl_certificate_key "/etc/nginx/ssl/$NODE_CERT_DOMAIN/privkey.pem";
154+
ssl_trusted_certificate "/etc/nginx/ssl/$NODE_CERT_DOMAIN/fullchain.pem";
155+
156+
root /var/www/html;
157+
index index.html;
158+
add_header X-Robots-Tag "noindex, nofollow, noarchive, nosnippet, noimageindex" always;
133159
}
134160
135-
:80 {
136-
bind 0.0.0.0
137-
respond 204
161+
server {
162+
listen unix:/dev/shm/nginx.sock ssl proxy_protocol default_server;
163+
server_name _;
164+
add_header X-Robots-Tag "noindex, nofollow, noarchive, nosnippet, noimageindex" always;
165+
ssl_reject_handshake on;
166+
return 444;
138167
}
139168
EOL
140-
}
141169

142-
installation_node_caddy() {
143-
echo -e "${COLOR_YELLOW}${LANG[INSTALLING_NODE]}${COLOR_RESET}"
144-
install_node_caddy
145-
146-
ufw allow 80/tcp comment 'HTTP' > /dev/null 2>&1
147170
ufw allow from $PANEL_IP to any port 2222 > /dev/null 2>&1
148171
ufw reload > /dev/null 2>&1
149172

@@ -177,4 +200,4 @@ installation_node_caddy() {
177200
fi
178201
((attempt++))
179202
done
180-
}
203+
}

0 commit comments

Comments
 (0)