1
0

x-ui.sh 54 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865866867868869870871872873874875876877878879880881882883884885886887888889890891892893894895896897898899900901902903904905906907908909910911912913914915916917918919920921922923924925926927928929930931932933934935936937938939940941942943944945946947948949950951952953954955956957958959960961962963964965966967968969970971972973974975976977978979980981982983984985986987988989990991992993994995996997998999100010011002100310041005100610071008100910101011101210131014101510161017101810191020102110221023102410251026102710281029103010311032103310341035103610371038103910401041104210431044104510461047104810491050105110521053105410551056105710581059106010611062106310641065106610671068106910701071107210731074107510761077107810791080108110821083108410851086108710881089109010911092109310941095109610971098109911001101110211031104110511061107110811091110111111121113111411151116111711181119112011211122112311241125112611271128112911301131113211331134113511361137113811391140114111421143114411451146114711481149115011511152115311541155115611571158115911601161116211631164116511661167116811691170117111721173117411751176117711781179118011811182118311841185118611871188118911901191119211931194119511961197119811991200120112021203120412051206120712081209121012111212121312141215121612171218121912201221122212231224122512261227122812291230123112321233123412351236123712381239124012411242124312441245124612471248124912501251125212531254125512561257125812591260126112621263126412651266126712681269127012711272127312741275127612771278127912801281128212831284128512861287128812891290129112921293129412951296129712981299130013011302130313041305130613071308130913101311131213131314131513161317131813191320132113221323132413251326132713281329133013311332133313341335133613371338133913401341134213431344134513461347134813491350135113521353135413551356135713581359136013611362136313641365136613671368136913701371137213731374137513761377137813791380138113821383138413851386138713881389139013911392139313941395139613971398139914001401140214031404140514061407140814091410141114121413141414151416141714181419142014211422142314241425142614271428142914301431143214331434143514361437143814391440144114421443144414451446144714481449145014511452145314541455145614571458145914601461146214631464146514661467146814691470147114721473147414751476147714781479148014811482148314841485148614871488148914901491149214931494149514961497149814991500150115021503150415051506150715081509151015111512151315141515151615171518151915201521152215231524152515261527152815291530153115321533153415351536153715381539154015411542154315441545154615471548154915501551155215531554155515561557155815591560156115621563156415651566156715681569157015711572157315741575157615771578157915801581158215831584158515861587158815891590159115921593159415951596159715981599160016011602160316041605160616071608160916101611161216131614161516161617161816191620162116221623162416251626162716281629163016311632163316341635163616371638163916401641164216431644164516461647164816491650165116521653165416551656165716581659166016611662166316641665166616671668166916701671167216731674167516761677167816791680168116821683168416851686168716881689169016911692169316941695169616971698169917001701170217031704170517061707170817091710171117121713171417151716171717181719172017211722172317241725172617271728172917301731173217331734173517361737173817391740174117421743174417451746174717481749175017511752175317541755175617571758175917601761
  1. #!/bin/bash
  2. red='\033[0;31m'
  3. green='\033[0;32m'
  4. yellow='\033[0;33m'
  5. plain='\033[0m'
  6. #Add some basic function here
  7. function LOGD() {
  8. echo -e "${yellow}[DEG] $* ${plain}"
  9. }
  10. function LOGE() {
  11. echo -e "${red}[ERR] $* ${plain}"
  12. }
  13. function LOGI() {
  14. echo -e "${green}[INF] $* ${plain}"
  15. }
  16. # check root
  17. [[ $EUID -ne 0 ]] && LOGE "ERROR: You must be root to run this script! \n" && exit 1
  18. # Check OS and set release variable
  19. if [[ -f /etc/os-release ]]; then
  20. source /etc/os-release
  21. release=$ID
  22. elif [[ -f /usr/lib/os-release ]]; then
  23. source /usr/lib/os-release
  24. release=$ID
  25. else
  26. echo "Failed to check the system OS, please contact the author!" >&2
  27. exit 1
  28. fi
  29. echo "The OS release is: $release"
  30. os_version=""
  31. os_version=$(grep "^VERSION_ID" /etc/os-release | cut -d '=' -f2 | tr -d '"' | tr -d '.')
  32. if [[ "${release}" == "arch" ]]; then
  33. echo "Your OS is Arch Linux"
  34. elif [[ "${release}" == "parch" ]]; then
  35. echo "Your OS is Parch Linux"
  36. elif [[ "${release}" == "manjaro" ]]; then
  37. echo "Your OS is Manjaro"
  38. elif [[ "${release}" == "armbian" ]]; then
  39. echo "Your OS is Armbian"
  40. elif [[ "${release}" == "alpine" ]]; then
  41. echo "Your OS is Alpine Linux"
  42. elif [[ "${release}" == "opensuse-tumbleweed" ]]; then
  43. echo "Your OS is OpenSUSE Tumbleweed"
  44. elif [[ "${release}" == "openEuler" ]]; then
  45. if [[ ${os_version} -lt 2203 ]]; then
  46. echo -e "${red} Please use OpenEuler 22.03 or higher ${plain}\n" && exit 1
  47. fi
  48. elif [[ "${release}" == "centos" ]]; then
  49. if [[ ${os_version} -lt 8 ]]; then
  50. echo -e "${red} Please use CentOS 8 or higher ${plain}\n" && exit 1
  51. fi
  52. elif [[ "${release}" == "ubuntu" ]]; then
  53. if [[ ${os_version} -lt 2004 ]]; then
  54. echo -e "${red} Please use Ubuntu 20 or higher version!${plain}\n" && exit 1
  55. fi
  56. elif [[ "${release}" == "fedora" ]]; then
  57. if [[ ${os_version} -lt 36 ]]; then
  58. echo -e "${red} Please use Fedora 36 or higher version!${plain}\n" && exit 1
  59. fi
  60. elif [[ "${release}" == "amzn" ]]; then
  61. if [[ ${os_version} != "2023" ]]; then
  62. echo -e "${red} Please use Amazon Linux 2023!${plain}\n" && exit 1
  63. fi
  64. elif [[ "${release}" == "debian" ]]; then
  65. if [[ ${os_version} -lt 11 ]]; then
  66. echo -e "${red} Please use Debian 11 or higher ${plain}\n" && exit 1
  67. fi
  68. elif [[ "${release}" == "almalinux" ]]; then
  69. if [[ ${os_version} -lt 80 ]]; then
  70. echo -e "${red} Please use AlmaLinux 8.0 or higher ${plain}\n" && exit 1
  71. fi
  72. elif [[ "${release}" == "rocky" ]]; then
  73. if [[ ${os_version} -lt 8 ]]; then
  74. echo -e "${red} Please use Rocky Linux 8 or higher ${plain}\n" && exit 1
  75. fi
  76. elif [[ "${release}" == "ol" ]]; then
  77. if [[ ${os_version} -lt 8 ]]; then
  78. echo -e "${red} Please use Oracle Linux 8 or higher ${plain}\n" && exit 1
  79. fi
  80. else
  81. echo -e "${red}Your operating system is not supported by this script.${plain}\n"
  82. echo "Please ensure you are using one of the following supported operating systems:"
  83. echo "- Ubuntu 20.04+"
  84. echo "- Debian 11+"
  85. echo "- CentOS 8+"
  86. echo "- OpenEuler 22.03+"
  87. echo "- Fedora 36+"
  88. echo "- Arch Linux"
  89. echo "- Parch Linux"
  90. echo "- Manjaro"
  91. echo "- Armbian"
  92. echo "- AlmaLinux 8.0+"
  93. echo "- Rocky Linux 8+"
  94. echo "- Oracle Linux 8+"
  95. echo "- OpenSUSE Tumbleweed"
  96. echo "- Amazon Linux 2023"
  97. exit 1
  98. fi
  99. # Declare Variables
  100. log_folder="${XUI_LOG_FOLDER:=/var/log}"
  101. iplimit_log_path="${log_folder}/3xipl.log"
  102. iplimit_banned_log_path="${log_folder}/3xipl-banned.log"
  103. confirm() {
  104. if [[ $# > 1 ]]; then
  105. echo && read -p "$1 [Default $2]: " temp
  106. if [[ "${temp}" == "" ]]; then
  107. temp=$2
  108. fi
  109. else
  110. read -p "$1 [y/n]: " temp
  111. fi
  112. if [[ "${temp}" == "y" || "${temp}" == "Y" ]]; then
  113. return 0
  114. else
  115. return 1
  116. fi
  117. }
  118. confirm_restart() {
  119. confirm "Restart the panel, Attention: Restarting the panel will also restart xray" "y"
  120. if [[ $? == 0 ]]; then
  121. restart
  122. else
  123. show_menu
  124. fi
  125. }
  126. before_show_menu() {
  127. echo && echo -n -e "${yellow}Press enter to return to the main menu: ${plain}" && read temp
  128. show_menu
  129. }
  130. install() {
  131. bash <(curl -Ls https://raw.githubusercontent.com/MHSanaei/3x-ui/main/install.sh)
  132. if [[ $? == 0 ]]; then
  133. if [[ $# == 0 ]]; then
  134. start
  135. else
  136. start 0
  137. fi
  138. fi
  139. }
  140. update() {
  141. confirm "This function will forcefully reinstall the latest version, and the data will not be lost. Do you want to continue?" "y"
  142. if [[ $? != 0 ]]; then
  143. LOGE "Cancelled"
  144. if [[ $# == 0 ]]; then
  145. before_show_menu
  146. fi
  147. return 0
  148. fi
  149. bash <(curl -Ls https://raw.githubusercontent.com/MHSanaei/3x-ui/main/install.sh)
  150. if [[ $? == 0 ]]; then
  151. LOGI "Update is complete, Panel has automatically restarted "
  152. before_show_menu
  153. fi
  154. }
  155. update_menu() {
  156. echo -e "${yellow}Updating Menu${plain}"
  157. confirm "This function will update the menu to the latest changes." "y"
  158. if [[ $? != 0 ]]; then
  159. LOGE "Cancelled"
  160. if [[ $# == 0 ]]; then
  161. before_show_menu
  162. fi
  163. return 0
  164. fi
  165. wget --no-check-certificate -O /usr/bin/x-ui https://raw.githubusercontent.com/MHSanaei/3x-ui/main/x-ui.sh
  166. chmod +x /usr/local/x-ui/x-ui.sh
  167. chmod +x /usr/bin/x-ui
  168. if [[ $? == 0 ]]; then
  169. echo -e "${green}Update successful. The panel has automatically restarted.${plain}"
  170. before_show_menu
  171. else
  172. echo -e "${red}Failed to update the menu.${plain}"
  173. return 1
  174. fi
  175. }
  176. legacy_version() {
  177. echo "Enter the panel version (like 2.4.0):"
  178. read tag_version
  179. if [ -z "$tag_version" ]; then
  180. echo "Panel version cannot be empty. Exiting."
  181. exit 1
  182. fi
  183. # Use the entered panel version in the download link
  184. install_command="bash <(curl -Ls "https://raw.githubusercontent.com/mhsanaei/3x-ui/v$tag_version/install.sh") v$tag_version"
  185. echo "Downloading and installing panel version $tag_version..."
  186. eval $install_command
  187. }
  188. # Function to handle the deletion of the script file
  189. delete_script() {
  190. rm "$0" # Remove the script file itself
  191. exit 1
  192. }
  193. uninstall() {
  194. confirm "Are you sure you want to uninstall the panel? xray will also uninstalled!" "n"
  195. if [[ $? != 0 ]]; then
  196. if [[ $# == 0 ]]; then
  197. show_menu
  198. fi
  199. return 0
  200. fi
  201. systemctl stop x-ui
  202. systemctl disable x-ui
  203. rm /etc/systemd/system/x-ui.service -f
  204. systemctl daemon-reload
  205. systemctl reset-failed
  206. rm /etc/x-ui/ -rf
  207. rm /usr/local/x-ui/ -rf
  208. echo ""
  209. echo -e "Uninstalled Successfully.\n"
  210. echo "If you need to install this panel again, you can use below command:"
  211. echo -e "${green}bash <(curl -Ls https://raw.githubusercontent.com/mhsanaei/3x-ui/master/install.sh)${plain}"
  212. echo ""
  213. # Trap the SIGTERM signal
  214. trap delete_script SIGTERM
  215. delete_script
  216. }
  217. reset_user() {
  218. confirm "Are you sure to reset the username and password of the panel?" "n"
  219. if [[ $? != 0 ]]; then
  220. if [[ $# == 0 ]]; then
  221. show_menu
  222. fi
  223. return 0
  224. fi
  225. read -rp "Please set the login username [default is a random username]: " config_account
  226. [[ -z $config_account ]] && config_account=$(date +%s%N | md5sum | cut -c 1-8)
  227. read -rp "Please set the login password [default is a random password]: " config_password
  228. [[ -z $config_password ]] && config_password=$(date +%s%N | md5sum | cut -c 1-8)
  229. /usr/local/x-ui/x-ui setting -username ${config_account} -password ${config_password} >/dev/null 2>&1
  230. /usr/local/x-ui/x-ui setting -remove_secret >/dev/null 2>&1
  231. echo -e "Panel login username has been reset to: ${green} ${config_account} ${plain}"
  232. echo -e "Panel login password has been reset to: ${green} ${config_password} ${plain}"
  233. echo -e "${yellow} Panel login secret token disabled ${plain}"
  234. echo -e "${green} Please use the new login username and password to access the X-UI panel. Also remember them! ${plain}"
  235. confirm_restart
  236. }
  237. gen_random_string() {
  238. local length="$1"
  239. local random_string=$(LC_ALL=C tr -dc 'a-zA-Z0-9' </dev/urandom | fold -w "$length" | head -n 1)
  240. echo "$random_string"
  241. }
  242. reset_webbasepath() {
  243. echo -e "${yellow}Resetting Web Base Path${plain}"
  244. read -rp "Are you sure you want to reset the web base path? (y/n): " confirm
  245. if [[ $confirm != "y" && $confirm != "Y" ]]; then
  246. echo -e "${yellow}Operation canceled.${plain}"
  247. return
  248. fi
  249. config_webBasePath=$(gen_random_string 10)
  250. # Apply the new web base path setting
  251. /usr/local/x-ui/x-ui setting -webBasePath "${config_webBasePath}" >/dev/null 2>&1
  252. echo -e "Web base path has been reset to: ${green}${config_webBasePath}${plain}"
  253. echo -e "${green}Please use the new web base path to access the panel.${plain}"
  254. restart
  255. }
  256. reset_config() {
  257. confirm "Are you sure you want to reset all panel settings, Account data will not be lost, Username and password will not change" "n"
  258. if [[ $? != 0 ]]; then
  259. if [[ $# == 0 ]]; then
  260. show_menu
  261. fi
  262. return 0
  263. fi
  264. /usr/local/x-ui/x-ui setting -reset
  265. echo -e "All panel settings have been reset to default."
  266. restart
  267. }
  268. check_config() {
  269. local info=$(/usr/local/x-ui/x-ui setting -show true)
  270. if [[ $? != 0 ]]; then
  271. LOGE "get current settings error, please check logs"
  272. show_menu
  273. return
  274. fi
  275. LOGI "${info}"
  276. local existing_webBasePath=$(echo "$info" | grep -Eo 'webBasePath: .+' | awk '{print $2}')
  277. local existing_port=$(echo "$info" | grep -Eo 'port: .+' | awk '{print $2}')
  278. local server_ip=$(curl -s https://api.ipify.org)
  279. echo -e "${green}Access URL: http://${server_ip}:${existing_port}${existing_webBasePath}${plain}"
  280. }
  281. set_port() {
  282. echo && echo -n -e "Enter port number[1-65535]: " && read port
  283. if [[ -z "${port}" ]]; then
  284. LOGD "Cancelled"
  285. before_show_menu
  286. else
  287. /usr/local/x-ui/x-ui setting -port ${port}
  288. echo -e "The port is set, Please restart the panel now, and use the new port ${green}${port}${plain} to access web panel"
  289. confirm_restart
  290. fi
  291. }
  292. start() {
  293. check_status
  294. if [[ $? == 0 ]]; then
  295. echo ""
  296. LOGI "Panel is running, No need to start again, If you need to restart, please select restart"
  297. else
  298. systemctl start x-ui
  299. sleep 2
  300. check_status
  301. if [[ $? == 0 ]]; then
  302. LOGI "x-ui Started Successfully"
  303. else
  304. LOGE "panel Failed to start, Probably because it takes longer than two seconds to start, Please check the log information later"
  305. fi
  306. fi
  307. if [[ $# == 0 ]]; then
  308. before_show_menu
  309. fi
  310. }
  311. stop() {
  312. check_status
  313. if [[ $? == 1 ]]; then
  314. echo ""
  315. LOGI "Panel stopped, No need to stop again!"
  316. else
  317. systemctl stop x-ui
  318. sleep 2
  319. check_status
  320. if [[ $? == 1 ]]; then
  321. LOGI "x-ui and xray stopped successfully"
  322. else
  323. LOGE "Panel stop failed, Probably because the stop time exceeds two seconds, Please check the log information later"
  324. fi
  325. fi
  326. if [[ $# == 0 ]]; then
  327. before_show_menu
  328. fi
  329. }
  330. restart() {
  331. systemctl restart x-ui
  332. sleep 2
  333. check_status
  334. if [[ $? == 0 ]]; then
  335. LOGI "x-ui and xray Restarted successfully"
  336. else
  337. LOGE "Panel restart failed, Probably because it takes longer than two seconds to start, Please check the log information later"
  338. fi
  339. if [[ $# == 0 ]]; then
  340. before_show_menu
  341. fi
  342. }
  343. status() {
  344. systemctl status x-ui -l
  345. if [[ $# == 0 ]]; then
  346. before_show_menu
  347. fi
  348. }
  349. enable() {
  350. systemctl enable x-ui
  351. if [[ $? == 0 ]]; then
  352. LOGI "x-ui Set to boot automatically on startup successfully"
  353. else
  354. LOGE "x-ui Failed to set Autostart"
  355. fi
  356. if [[ $# == 0 ]]; then
  357. before_show_menu
  358. fi
  359. }
  360. disable() {
  361. systemctl disable x-ui
  362. if [[ $? == 0 ]]; then
  363. LOGI "x-ui Autostart Cancelled successfully"
  364. else
  365. LOGE "x-ui Failed to cancel autostart"
  366. fi
  367. if [[ $# == 0 ]]; then
  368. before_show_menu
  369. fi
  370. }
  371. show_log() {
  372. echo -e "${green}\t1.${plain} Debug Log"
  373. echo -e "${green}\t2.${plain} Clear All logs"
  374. echo -e "${green}\t0.${plain} Back to Main Menu"
  375. read -p "Choose an option: " choice
  376. case "$choice" in
  377. 0)
  378. show_menu
  379. ;;
  380. 1)
  381. journalctl -u x-ui -e --no-pager -f -p debug
  382. if [[ $# == 0 ]]; then
  383. before_show_menu
  384. fi
  385. ;;
  386. 2)
  387. sudo journalctl --rotate
  388. sudo journalctl --vacuum-time=1s
  389. echo "All Logs cleared."
  390. restart
  391. ;;
  392. *)
  393. echo -e "${red}Invalid option. Please select a valid number.${plain}\n"
  394. show_log
  395. ;;
  396. esac
  397. }
  398. show_banlog() {
  399. local system_log="/var/log/fail2ban.log"
  400. echo -e "${green}Checking ban logs...${plain}\n"
  401. if ! systemctl is-active --quiet fail2ban; then
  402. echo -e "${red}Fail2ban service is not running!${plain}\n"
  403. return 1
  404. fi
  405. if [[ -f "$system_log" ]]; then
  406. echo -e "${green}Recent system ban activities from fail2ban.log:${plain}"
  407. grep "3x-ipl" "$system_log" | grep -E "Ban|Unban" | tail -n 10 || echo -e "${yellow}No recent system ban activities found${plain}"
  408. echo ""
  409. fi
  410. if [[ -f "${iplimit_banned_log_path}" ]]; then
  411. echo -e "${green}3X-IPL ban log entries:${plain}"
  412. if [[ -s "${iplimit_banned_log_path}" ]]; then
  413. grep -v "INIT" "${iplimit_banned_log_path}" | tail -n 10 || echo -e "${yellow}No ban entries found${plain}"
  414. else
  415. echo -e "${yellow}Ban log file is empty${plain}"
  416. fi
  417. else
  418. echo -e "${red}Ban log file not found at: ${iplimit_banned_log_path}${plain}"
  419. fi
  420. echo -e "\n${green}Current jail status:${plain}"
  421. fail2ban-client status 3x-ipl || echo -e "${yellow}Unable to get jail status${plain}"
  422. }
  423. bbr_menu() {
  424. echo -e "${green}\t1.${plain} Enable BBR"
  425. echo -e "${green}\t2.${plain} Disable BBR"
  426. echo -e "${green}\t0.${plain} Back to Main Menu"
  427. read -p "Choose an option: " choice
  428. case "$choice" in
  429. 0)
  430. show_menu
  431. ;;
  432. 1)
  433. enable_bbr
  434. bbr_menu
  435. ;;
  436. 2)
  437. disable_bbr
  438. bbr_menu
  439. ;;
  440. *)
  441. echo -e "${red}Invalid option. Please select a valid number.${plain}\n"
  442. bbr_menu
  443. ;;
  444. esac
  445. }
  446. disable_bbr() {
  447. if ! grep -q "net.core.default_qdisc=fq" /etc/sysctl.conf || ! grep -q "net.ipv4.tcp_congestion_control=bbr" /etc/sysctl.conf; then
  448. echo -e "${yellow}BBR is not currently enabled.${plain}"
  449. before_show_menu
  450. fi
  451. # Replace BBR with CUBIC configurations
  452. sed -i 's/net.core.default_qdisc=fq/net.core.default_qdisc=pfifo_fast/' /etc/sysctl.conf
  453. sed -i 's/net.ipv4.tcp_congestion_control=bbr/net.ipv4.tcp_congestion_control=cubic/' /etc/sysctl.conf
  454. # Apply changes
  455. sysctl -p
  456. # Verify that BBR is replaced with CUBIC
  457. if [[ $(sysctl net.ipv4.tcp_congestion_control | awk '{print $3}') == "cubic" ]]; then
  458. echo -e "${green}BBR has been replaced with CUBIC successfully.${plain}"
  459. else
  460. echo -e "${red}Failed to replace BBR with CUBIC. Please check your system configuration.${plain}"
  461. fi
  462. }
  463. enable_bbr() {
  464. if grep -q "net.core.default_qdisc=fq" /etc/sysctl.conf && grep -q "net.ipv4.tcp_congestion_control=bbr" /etc/sysctl.conf; then
  465. echo -e "${green}BBR is already enabled!${plain}"
  466. before_show_menu
  467. fi
  468. # Check the OS and install necessary packages
  469. case "${release}" in
  470. ubuntu | debian | armbian)
  471. apt-get update && apt-get install -yqq --no-install-recommends ca-certificates
  472. ;;
  473. centos | almalinux | rocky | ol)
  474. yum -y update && yum -y install ca-certificates
  475. ;;
  476. fedora | amzn)
  477. dnf -y update && dnf -y install ca-certificates
  478. ;;
  479. arch | manjaro | parch)
  480. pacman -Sy --noconfirm ca-certificates
  481. ;;
  482. *)
  483. echo -e "${red}Unsupported operating system. Please check the script and install the necessary packages manually.${plain}\n"
  484. exit 1
  485. ;;
  486. esac
  487. # Enable BBR
  488. echo "net.core.default_qdisc=fq" | tee -a /etc/sysctl.conf
  489. echo "net.ipv4.tcp_congestion_control=bbr" | tee -a /etc/sysctl.conf
  490. # Apply changes
  491. sysctl -p
  492. # Verify that BBR is enabled
  493. if [[ $(sysctl net.ipv4.tcp_congestion_control | awk '{print $3}') == "bbr" ]]; then
  494. echo -e "${green}BBR has been enabled successfully.${plain}"
  495. else
  496. echo -e "${red}Failed to enable BBR. Please check your system configuration.${plain}"
  497. fi
  498. }
  499. update_shell() {
  500. wget -O /usr/bin/x-ui -N --no-check-certificate https://github.com/MHSanaei/3x-ui/raw/main/x-ui.sh
  501. if [[ $? != 0 ]]; then
  502. echo ""
  503. LOGE "Failed to download script, Please check whether the machine can connect Github"
  504. before_show_menu
  505. else
  506. chmod +x /usr/bin/x-ui
  507. LOGI "Upgrade script succeeded, Please rerun the script"
  508. before_show_menu
  509. fi
  510. }
  511. # 0: running, 1: not running, 2: not installed
  512. check_status() {
  513. if [[ ! -f /etc/systemd/system/x-ui.service ]]; then
  514. return 2
  515. fi
  516. temp=$(systemctl status x-ui | grep Active | awk '{print $3}' | cut -d "(" -f2 | cut -d ")" -f1)
  517. if [[ "${temp}" == "running" ]]; then
  518. return 0
  519. else
  520. return 1
  521. fi
  522. }
  523. check_enabled() {
  524. temp=$(systemctl is-enabled x-ui)
  525. if [[ "${temp}" == "enabled" ]]; then
  526. return 0
  527. else
  528. return 1
  529. fi
  530. }
  531. check_uninstall() {
  532. check_status
  533. if [[ $? != 2 ]]; then
  534. echo ""
  535. LOGE "Panel installed, Please do not reinstall"
  536. if [[ $# == 0 ]]; then
  537. before_show_menu
  538. fi
  539. return 1
  540. else
  541. return 0
  542. fi
  543. }
  544. check_install() {
  545. check_status
  546. if [[ $? == 2 ]]; then
  547. echo ""
  548. LOGE "Please install the panel first"
  549. if [[ $# == 0 ]]; then
  550. before_show_menu
  551. fi
  552. return 1
  553. else
  554. return 0
  555. fi
  556. }
  557. show_status() {
  558. check_status
  559. case $? in
  560. 0)
  561. echo -e "Panel state: ${green}Running${plain}"
  562. show_enable_status
  563. ;;
  564. 1)
  565. echo -e "Panel state: ${yellow}Not Running${plain}"
  566. show_enable_status
  567. ;;
  568. 2)
  569. echo -e "Panel state: ${red}Not Installed${plain}"
  570. ;;
  571. esac
  572. show_xray_status
  573. }
  574. show_enable_status() {
  575. check_enabled
  576. if [[ $? == 0 ]]; then
  577. echo -e "Start automatically: ${green}Yes${plain}"
  578. else
  579. echo -e "Start automatically: ${red}No${plain}"
  580. fi
  581. }
  582. check_xray_status() {
  583. count=$(ps -ef | grep "xray-linux" | grep -v "grep" | wc -l)
  584. if [[ count -ne 0 ]]; then
  585. return 0
  586. else
  587. return 1
  588. fi
  589. }
  590. show_xray_status() {
  591. check_xray_status
  592. if [[ $? == 0 ]]; then
  593. echo -e "xray state: ${green}Running${plain}"
  594. else
  595. echo -e "xray state: ${red}Not Running${plain}"
  596. fi
  597. }
  598. firewall_menu() {
  599. echo -e "${green}\t1.${plain} Install Firewall & open ports"
  600. echo -e "${green}\t2.${plain} Allowed List"
  601. echo -e "${green}\t3.${plain} Delete Ports from List"
  602. echo -e "${green}\t4.${plain} Disable Firewall"
  603. echo -e "${green}\t0.${plain} Back to Main Menu"
  604. read -p "Choose an option: " choice
  605. case "$choice" in
  606. 0)
  607. show_menu
  608. ;;
  609. 1)
  610. open_ports
  611. firewall_menu
  612. ;;
  613. 2)
  614. sudo ufw status
  615. firewall_menu
  616. ;;
  617. 3)
  618. delete_ports
  619. firewall_menu
  620. ;;
  621. 4)
  622. sudo ufw disable
  623. firewall_menu
  624. ;;
  625. *)
  626. echo -e "${red}Invalid option. Please select a valid number.${plain}\n"
  627. firewall_menu
  628. ;;
  629. esac
  630. }
  631. open_ports() {
  632. if ! command -v ufw &>/dev/null; then
  633. echo "ufw firewall is not installed. Installing now..."
  634. apt-get update
  635. apt-get install -y ufw
  636. else
  637. echo "ufw firewall is already installed"
  638. fi
  639. # Check if the firewall is inactive
  640. if ufw status | grep -q "Status: active"; then
  641. echo "Firewall is already active"
  642. else
  643. echo "Activating firewall..."
  644. # Open the necessary ports
  645. ufw allow ssh
  646. ufw allow http
  647. ufw allow https
  648. ufw allow 2053/tcp
  649. # Enable the firewall
  650. ufw --force enable
  651. fi
  652. # Prompt the user to enter a list of ports
  653. read -p "Enter the ports you want to open (e.g. 80,443,2053 or range 400-500): " ports
  654. # Check if the input is valid
  655. if ! [[ $ports =~ ^([0-9]+|[0-9]+-[0-9]+)(,([0-9]+|[0-9]+-[0-9]+))*$ ]]; then
  656. echo "Error: Invalid input. Please enter a comma-separated list of ports or a range of ports (e.g. 80,443,2053 or 400-500)." >&2
  657. exit 1
  658. fi
  659. # Open the specified ports using ufw
  660. IFS=',' read -ra PORT_LIST <<<"$ports"
  661. for port in "${PORT_LIST[@]}"; do
  662. if [[ $port == *-* ]]; then
  663. # Split the range into start and end ports
  664. start_port=$(echo $port | cut -d'-' -f1)
  665. end_port=$(echo $port | cut -d'-' -f2)
  666. ufw allow $start_port:$end_port/tcp
  667. ufw allow $start_port:$end_port/udp
  668. else
  669. ufw allow "$port"
  670. fi
  671. done
  672. # Confirm that the ports are open
  673. echo "The following ports are now open:"
  674. ufw status | grep "ALLOW" | grep -Eo "[0-9]+(/[a-z]+)?"
  675. echo "Firewall status:"
  676. ufw status verbose
  677. }
  678. delete_ports() {
  679. # Prompt the user to enter the ports they want to delete
  680. read -p "Enter the ports you want to delete (e.g. 80,443,2053 or range 400-500): " ports
  681. # Check if the input is valid
  682. if ! [[ $ports =~ ^([0-9]+|[0-9]+-[0-9]+)(,([0-9]+|[0-9]+-[0-9]+))*$ ]]; then
  683. echo "Error: Invalid input. Please enter a comma-separated list of ports or a range of ports (e.g. 80,443,2053 or 400-500)." >&2
  684. exit 1
  685. fi
  686. # Delete the specified ports using ufw
  687. IFS=',' read -ra PORT_LIST <<<"$ports"
  688. for port in "${PORT_LIST[@]}"; do
  689. if [[ $port == *-* ]]; then
  690. # Split the range into start and end ports
  691. start_port=$(echo $port | cut -d'-' -f1)
  692. end_port=$(echo $port | cut -d'-' -f2)
  693. # Delete the port range
  694. ufw delete allow $start_port:$end_port/tcp
  695. ufw delete allow $start_port:$end_port/udp
  696. else
  697. ufw delete allow "$port"
  698. fi
  699. done
  700. # Confirm that the ports are deleted
  701. echo "Deleted the specified ports:"
  702. for port in "${PORT_LIST[@]}"; do
  703. if [[ $port == *-* ]]; then
  704. start_port=$(echo $port | cut -d'-' -f1)
  705. end_port=$(echo $port | cut -d'-' -f2)
  706. # Check if the port range has been successfully deleted
  707. (ufw status | grep -q "$start_port:$end_port") || echo "$start_port-$end_port"
  708. else
  709. # Check if the individual port has been successfully deleted
  710. (ufw status | grep -q "$port") || echo "$port"
  711. fi
  712. done
  713. }
  714. update_geo() {
  715. echo -e "${green}\t1.${plain} Loyalsoldier (geoip.dat, geosite.dat)"
  716. echo -e "${green}\t2.${plain} chocolate4u (geoip_IR.dat, geosite_IR.dat)"
  717. echo -e "${green}\t3.${plain} vuong2023 (geoip_VN.dat, geosite_VN.dat)"
  718. echo -e "${green}\t0.${plain} Back to Main Menu"
  719. read -p "Choose an option: " choice
  720. systemctl stop x-ui
  721. cd /usr/local/x-ui/bin
  722. case "$choice" in
  723. 0)
  724. show_menu
  725. ;;
  726. 1)
  727. rm -f geoip.dat geosite.dat
  728. wget -N https://github.com/Loyalsoldier/v2ray-rules-dat/releases/latest/download/geoip.dat
  729. wget -N https://github.com/Loyalsoldier/v2ray-rules-dat/releases/latest/download/geosite.dat
  730. echo -e "${green}Loyalsoldier datasets have been updated successfully!${plain}"
  731. restart
  732. ;;
  733. 2)
  734. rm -f geoip_IR.dat geosite_IR.dat
  735. wget -O geoip_IR.dat -N https://github.com/chocolate4u/Iran-v2ray-rules/releases/latest/download/geoip.dat
  736. wget -O geosite_IR.dat -N https://github.com/chocolate4u/Iran-v2ray-rules/releases/latest/download/geosite.dat
  737. echo -e "${green}chocolate4u datasets have been updated successfully!${plain}"
  738. restart
  739. ;;
  740. 3)
  741. rm -f geoip_VN.dat geosite_VN.dat
  742. wget -O geoip_VN.dat -N https://github.com/vuong2023/vn-v2ray-rules/releases/latest/download/geoip.dat
  743. wget -O geosite_VN.dat -N https://github.com/vuong2023/vn-v2ray-rules/releases/latest/download/geosite.dat
  744. echo -e "${green}vuong2023 datasets have been updated successfully!${plain}"
  745. restart
  746. ;;
  747. *)
  748. echo -e "${red}Invalid option. Please select a valid number.${plain}\n"
  749. update_geo
  750. ;;
  751. esac
  752. systemctl start x-ui
  753. before_show_menu
  754. }
  755. install_acme() {
  756. # Check if acme.sh is already installed
  757. if command -v ~/.acme.sh/acme.sh &>/dev/null; then
  758. LOGI "acme.sh is already installed."
  759. return 0
  760. fi
  761. LOGI "Installing acme.sh..."
  762. cd ~ || return 1 # Ensure you can change to the home directory
  763. curl -s https://get.acme.sh | sh
  764. if [ $? -ne 0 ]; then
  765. LOGE "Installation of acme.sh failed."
  766. return 1
  767. else
  768. LOGI "Installation of acme.sh succeeded."
  769. fi
  770. return 0
  771. }
  772. ssl_cert_issue_main() {
  773. echo -e "${green}\t1.${plain} Get SSL"
  774. echo -e "${green}\t2.${plain} Revoke"
  775. echo -e "${green}\t3.${plain} Force Renew"
  776. echo -e "${green}\t4.${plain} Show Existing Domains"
  777. echo -e "${green}\t5.${plain} Set Cert paths for the panel"
  778. echo -e "${green}\t0.${plain} Back to Main Menu"
  779. read -p "Choose an option: " choice
  780. case "$choice" in
  781. 0)
  782. show_menu
  783. ;;
  784. 1)
  785. ssl_cert_issue
  786. ssl_cert_issue_main
  787. ;;
  788. 2)
  789. local domains=$(find /root/cert/ -mindepth 1 -maxdepth 1 -type d -exec basename {} \;)
  790. if [ -z "$domains" ]; then
  791. echo "No certificates found to revoke."
  792. else
  793. echo "Existing domains:"
  794. echo "$domains"
  795. read -p "Please enter a domain from the list to revoke the certificate: " domain
  796. if echo "$domains" | grep -qw "$domain"; then
  797. ~/.acme.sh/acme.sh --revoke -d ${domain}
  798. LOGI "Certificate revoked for domain: $domain"
  799. else
  800. echo "Invalid domain entered."
  801. fi
  802. fi
  803. ssl_cert_issue_main
  804. ;;
  805. 3)
  806. local domains=$(find /root/cert/ -mindepth 1 -maxdepth 1 -type d -exec basename {} \;)
  807. if [ -z "$domains" ]; then
  808. echo "No certificates found to renew."
  809. else
  810. echo "Existing domains:"
  811. echo "$domains"
  812. read -p "Please enter a domain from the list to renew the SSL certificate: " domain
  813. if echo "$domains" | grep -qw "$domain"; then
  814. ~/.acme.sh/acme.sh --renew -d ${domain} --force
  815. LOGI "Certificate forcefully renewed for domain: $domain"
  816. else
  817. echo "Invalid domain entered."
  818. fi
  819. fi
  820. ssl_cert_issue_main
  821. ;;
  822. 4)
  823. local domains=$(find /root/cert/ -mindepth 1 -maxdepth 1 -type d -exec basename {} \;)
  824. if [ -z "$domains" ]; then
  825. echo "No certificates found."
  826. else
  827. echo "Existing domains and their paths:"
  828. for domain in $domains; do
  829. local cert_path="/root/cert/${domain}/fullchain.pem"
  830. local key_path="/root/cert/${domain}/privkey.pem"
  831. if [[ -f "${cert_path}" && -f "${key_path}" ]]; then
  832. echo -e "Domain: ${domain}"
  833. echo -e "\tCertificate Path: ${cert_path}"
  834. echo -e "\tPrivate Key Path: ${key_path}"
  835. else
  836. echo -e "Domain: ${domain} - Certificate or Key missing."
  837. fi
  838. done
  839. fi
  840. ssl_cert_issue_main
  841. ;;
  842. 5)
  843. local domains=$(find /root/cert/ -mindepth 1 -maxdepth 1 -type d -exec basename {} \;)
  844. if [ -z "$domains" ]; then
  845. echo "No certificates found."
  846. else
  847. echo "Available domains:"
  848. echo "$domains"
  849. read -p "Please choose a domain to set the panel paths: " domain
  850. if echo "$domains" | grep -qw "$domain"; then
  851. local webCertFile="/root/cert/${domain}/fullchain.pem"
  852. local webKeyFile="/root/cert/${domain}/privkey.pem"
  853. if [[ -f "${webCertFile}" && -f "${webKeyFile}" ]]; then
  854. /usr/local/x-ui/x-ui cert -webCert "$webCertFile" -webCertKey "$webKeyFile"
  855. echo "Panel paths set for domain: $domain"
  856. echo " - Certificate File: $webCertFile"
  857. echo " - Private Key File: $webKeyFile"
  858. restart
  859. else
  860. echo "Certificate or private key not found for domain: $domain."
  861. fi
  862. else
  863. echo "Invalid domain entered."
  864. fi
  865. fi
  866. ssl_cert_issue_main
  867. ;;
  868. *)
  869. echo -e "${red}Invalid option. Please select a valid number.${plain}\n"
  870. ssl_cert_issue_main
  871. ;;
  872. esac
  873. }
  874. ssl_cert_issue() {
  875. local existing_webBasePath=$(/usr/local/x-ui/x-ui setting -show true | grep -Eo 'webBasePath: .+' | awk '{print $2}')
  876. local existing_port=$(/usr/local/x-ui/x-ui setting -show true | grep -Eo 'port: .+' | awk '{print $2}')
  877. # check for acme.sh first
  878. if ! command -v ~/.acme.sh/acme.sh &>/dev/null; then
  879. echo "acme.sh could not be found. we will install it"
  880. install_acme
  881. if [ $? -ne 0 ]; then
  882. LOGE "install acme failed, please check logs"
  883. exit 1
  884. fi
  885. fi
  886. # install socat second
  887. case "${release}" in
  888. ubuntu | debian | armbian)
  889. apt update && apt install socat -y
  890. ;;
  891. centos | almalinux | rocky | ol)
  892. yum -y update && yum -y install socat
  893. ;;
  894. fedora | amzn)
  895. dnf -y update && dnf -y install socat
  896. ;;
  897. arch | manjaro | parch)
  898. pacman -Sy --noconfirm socat
  899. ;;
  900. *)
  901. echo -e "${red}Unsupported operating system. Please check the script and install the necessary packages manually.${plain}\n"
  902. exit 1
  903. ;;
  904. esac
  905. if [ $? -ne 0 ]; then
  906. LOGE "install socat failed, please check logs"
  907. exit 1
  908. else
  909. LOGI "install socat succeed..."
  910. fi
  911. # get the domain here, and we need to verify it
  912. local domain=""
  913. read -p "Please enter your domain name: " domain
  914. LOGD "Your domain is: ${domain}, checking it..."
  915. # check if there already exists a certificate
  916. local currentCert=$(~/.acme.sh/acme.sh --list | tail -1 | awk '{print $1}')
  917. if [ "${currentCert}" == "${domain}" ]; then
  918. local certInfo=$(~/.acme.sh/acme.sh --list)
  919. LOGE "System already has certificates for this domain. Cannot issue again. Current certificate details:"
  920. LOGI "$certInfo"
  921. exit 1
  922. else
  923. LOGI "Your domain is ready for issuing certificates now..."
  924. fi
  925. # create a directory for the certificate
  926. certPath="/root/cert/${domain}"
  927. if [ ! -d "$certPath" ]; then
  928. mkdir -p "$certPath"
  929. else
  930. rm -rf "$certPath"
  931. mkdir -p "$certPath"
  932. fi
  933. # get the port number for the standalone server
  934. local WebPort=80
  935. read -p "Please choose which port to use (default is 80): " WebPort
  936. if [[ ${WebPort} -gt 65535 || ${WebPort} -lt 1 ]]; then
  937. LOGE "Your input ${WebPort} is invalid, will use default port 80."
  938. WebPort=80
  939. fi
  940. LOGI "Will use port: ${WebPort} to issue certificates. Please make sure this port is open."
  941. # issue the certificate
  942. ~/.acme.sh/acme.sh --set-default-ca --server letsencrypt
  943. ~/.acme.sh/acme.sh --issue -d ${domain} --listen-v6 --standalone --httpport ${WebPort}
  944. if [ $? -ne 0 ]; then
  945. LOGE "Issuing certificate failed, please check logs."
  946. rm -rf ~/.acme.sh/${domain}
  947. exit 1
  948. else
  949. LOGE "Issuing certificate succeeded, installing certificates..."
  950. fi
  951. # install the certificate
  952. ~/.acme.sh/acme.sh --installcert -d ${domain} \
  953. --key-file /root/cert/${domain}/privkey.pem \
  954. --fullchain-file /root/cert/${domain}/fullchain.pem
  955. if [ $? -ne 0 ]; then
  956. LOGE "Installing certificate failed, exiting."
  957. rm -rf ~/.acme.sh/${domain}
  958. exit 1
  959. else
  960. LOGI "Installing certificate succeeded, enabling auto renew..."
  961. fi
  962. # enable auto-renew
  963. ~/.acme.sh/acme.sh --upgrade --auto-upgrade
  964. if [ $? -ne 0 ]; then
  965. LOGE "Auto renew failed, certificate details:"
  966. ls -lah cert/*
  967. chmod 755 $certPath/*
  968. exit 1
  969. else
  970. LOGI "Auto renew succeeded, certificate details:"
  971. ls -lah cert/*
  972. chmod 755 $certPath/*
  973. fi
  974. # Prompt user to set panel paths after successful certificate installation
  975. read -p "Would you like to set this certificate for the panel? (y/n): " setPanel
  976. if [[ "$setPanel" == "y" || "$setPanel" == "Y" ]]; then
  977. local webCertFile="/root/cert/${domain}/fullchain.pem"
  978. local webKeyFile="/root/cert/${domain}/privkey.pem"
  979. if [[ -f "$webCertFile" && -f "$webKeyFile" ]]; then
  980. /usr/local/x-ui/x-ui cert -webCert "$webCertFile" -webCertKey "$webKeyFile"
  981. LOGI "Panel paths set for domain: $domain"
  982. LOGI " - Certificate File: $webCertFile"
  983. LOGI " - Private Key File: $webKeyFile"
  984. echo -e "${green}Access URL: https://${domain}:${existing_port}${existing_webBasePath}${plain}"
  985. restart
  986. else
  987. LOGE "Error: Certificate or private key file not found for domain: $domain."
  988. fi
  989. else
  990. LOGI "Skipping panel path setting."
  991. fi
  992. }
  993. ssl_cert_issue_CF() {
  994. echo -E ""
  995. LOGD "******Instructions for use******"
  996. LOGI "This Acme script requires the following data:"
  997. LOGI "1.Cloudflare Registered e-mail"
  998. LOGI "2.Cloudflare Global API Key"
  999. LOGI "3.The domain name that has been resolved dns to the current server by Cloudflare"
  1000. LOGI "4.The script applies for a certificate. The default installation path is /root/cert "
  1001. confirm "Confirmed?[y/n]" "y"
  1002. if [ $? -eq 0 ]; then
  1003. # check for acme.sh first
  1004. if ! command -v ~/.acme.sh/acme.sh &>/dev/null; then
  1005. echo "acme.sh could not be found. we will install it"
  1006. install_acme
  1007. if [ $? -ne 0 ]; then
  1008. LOGE "install acme failed, please check logs"
  1009. exit 1
  1010. fi
  1011. fi
  1012. CF_Domain=""
  1013. CF_GlobalKey=""
  1014. CF_AccountEmail=""
  1015. certPath=/root/cert
  1016. if [ ! -d "$certPath" ]; then
  1017. mkdir $certPath
  1018. else
  1019. rm -rf $certPath
  1020. mkdir $certPath
  1021. fi
  1022. LOGD "Please set a domain name:"
  1023. read -p "Input your domain here:" CF_Domain
  1024. LOGD "Your domain name is set to:${CF_Domain}"
  1025. LOGD "Please set the API key:"
  1026. read -p "Input your key here:" CF_GlobalKey
  1027. LOGD "Your API key is:${CF_GlobalKey}"
  1028. LOGD "Please set up registered email:"
  1029. read -p "Input your email here:" CF_AccountEmail
  1030. LOGD "Your registered email address is:${CF_AccountEmail}"
  1031. ~/.acme.sh/acme.sh --set-default-ca --server letsencrypt
  1032. if [ $? -ne 0 ]; then
  1033. LOGE "Default CA, Lets'Encrypt fail, script exiting..."
  1034. exit 1
  1035. fi
  1036. export CF_Key="${CF_GlobalKey}"
  1037. export CF_Email=${CF_AccountEmail}
  1038. ~/.acme.sh/acme.sh --issue --dns dns_cf -d ${CF_Domain} -d *.${CF_Domain} --log
  1039. if [ $? -ne 0 ]; then
  1040. LOGE "Certificate issuance failed, script exiting..."
  1041. exit 1
  1042. else
  1043. LOGI "Certificate issued Successfully, Installing..."
  1044. fi
  1045. ~/.acme.sh/acme.sh --installcert -d ${CF_Domain} -d *.${CF_Domain} --ca-file /root/cert/ca.cer \
  1046. --cert-file /root/cert/${CF_Domain}.cer --key-file /root/cert/${CF_Domain}.key \
  1047. --fullchain-file /root/cert/fullchain.cer
  1048. if [ $? -ne 0 ]; then
  1049. LOGE "Certificate installation failed, script exiting..."
  1050. exit 1
  1051. else
  1052. LOGI "Certificate installed Successfully,Turning on automatic updates..."
  1053. fi
  1054. ~/.acme.sh/acme.sh --upgrade --auto-upgrade
  1055. if [ $? -ne 0 ]; then
  1056. LOGE "Auto update setup Failed, script exiting..."
  1057. ls -lah cert
  1058. chmod 755 $certPath
  1059. exit 1
  1060. else
  1061. LOGI "The certificate is installed and auto-renewal is turned on, Specific information is as follows"
  1062. ls -lah cert
  1063. chmod 755 $certPath
  1064. fi
  1065. else
  1066. show_menu
  1067. fi
  1068. }
  1069. run_speedtest() {
  1070. # Check if Speedtest is already installed
  1071. if ! command -v speedtest &>/dev/null; then
  1072. # If not installed, install it
  1073. local pkg_manager=""
  1074. local speedtest_install_script=""
  1075. if command -v dnf &>/dev/null; then
  1076. pkg_manager="dnf"
  1077. speedtest_install_script="https://packagecloud.io/install/repositories/ookla/speedtest-cli/script.rpm.sh"
  1078. elif command -v yum &>/dev/null; then
  1079. pkg_manager="yum"
  1080. speedtest_install_script="https://packagecloud.io/install/repositories/ookla/speedtest-cli/script.rpm.sh"
  1081. elif command -v apt-get &>/dev/null; then
  1082. pkg_manager="apt-get"
  1083. speedtest_install_script="https://packagecloud.io/install/repositories/ookla/speedtest-cli/script.deb.sh"
  1084. elif command -v apt &>/dev/null; then
  1085. pkg_manager="apt"
  1086. speedtest_install_script="https://packagecloud.io/install/repositories/ookla/speedtest-cli/script.deb.sh"
  1087. fi
  1088. if [[ -z $pkg_manager ]]; then
  1089. echo "Error: Package manager not found. You may need to install Speedtest manually."
  1090. return 1
  1091. else
  1092. curl -s $speedtest_install_script | bash
  1093. $pkg_manager install -y speedtest
  1094. fi
  1095. fi
  1096. # Run Speedtest
  1097. speedtest
  1098. }
  1099. create_iplimit_jails() {
  1100. # Use default bantime if not passed => 15 minutes
  1101. local bantime="${1:-15}"
  1102. # Uncomment 'allowipv6 = auto' in fail2ban.conf
  1103. sed -i 's/#allowipv6 = auto/allowipv6 = auto/g' /etc/fail2ban/fail2ban.conf
  1104. # On Debian 12+ fail2ban's default backend should be changed to systemd
  1105. if [[ "${release}" == "debian" && ${os_version} -ge 12 ]]; then
  1106. sed -i '0,/action =/s/backend = auto/backend = systemd/' /etc/fail2ban/jail.conf
  1107. fi
  1108. cat << EOF > /etc/fail2ban/jail.d/3x-ipl.conf
  1109. [3x-ipl]
  1110. enabled=true
  1111. backend=auto
  1112. filter=3x-ipl
  1113. action = %(known/action)s[name=%(__name__)s, protocol="%(protocol)s", chain="%(chain)s"]
  1114. logpath=${iplimit_log_path}
  1115. maxretry=2
  1116. findtime=32
  1117. bantime=${bantime}m
  1118. EOF
  1119. cat << EOF > /etc/fail2ban/filter.d/3x-ipl.conf
  1120. [Definition]
  1121. datepattern = ^%%Y/%%m/%%d %%H:%%M:%%S
  1122. failregex = \[LIMIT_IP\]\s*Email\s*=\s*<F-USER>.+</F-USER>\s*\|\|\s*SRC\s*=\s*<ADDR>
  1123. ignoreregex =
  1124. EOF
  1125. cat << EOF > /etc/fail2ban/action.d/3x-ipl.conf
  1126. [INCLUDES]
  1127. before = iptables-common.conf
  1128. [Definition]
  1129. actionstart = <iptables> -N f2b-<name>
  1130. <iptables> -A f2b-<name> -j <returntype>
  1131. <iptables> -I <chain> -p <protocol> -j f2b-<name>
  1132. actionstop = <iptables> -D <chain> -p <protocol> -j f2b-<name>
  1133. <actionflush>
  1134. <iptables> -X f2b-<name>
  1135. actioncheck = <iptables> -n -L <chain> | grep -q 'f2b-<name>[ \t]'
  1136. actionban = <iptables> -I f2b-<name> 1 -s <ip> -j <blocktype>
  1137. echo "\$(date +"%%Y/%%m/%%d %%H:%%M:%%S") BAN [Email] = <F-USER> [IP] = <ip> banned for <bantime> seconds." >> ${iplimit_banned_log_path}
  1138. actionunban = <iptables> -D f2b-<name> -s <ip> -j <blocktype>
  1139. echo "\$(date +"%%Y/%%m/%%d %%H:%%M:%%S") UNBAN [Email] = <F-USER> [IP] = <ip> unbanned." >> ${iplimit_banned_log_path}
  1140. [Init]
  1141. # Use default settings from iptables-common.conf
  1142. # This will automatically handle both IPv4 and IPv6
  1143. name = default
  1144. protocol = tcp
  1145. chain = INPUT
  1146. EOF
  1147. echo -e "${green}Ip Limit jail files created with a bantime of ${bantime} minutes.${plain}"
  1148. }
  1149. iplimit_remove_conflicts() {
  1150. local jail_files=(
  1151. /etc/fail2ban/jail.conf
  1152. /etc/fail2ban/jail.local
  1153. )
  1154. for file in "${jail_files[@]}"; do
  1155. # Check for [3x-ipl] config in jail file then remove it
  1156. if test -f "${file}" && grep -qw '3x-ipl' ${file}; then
  1157. sed -i "/\[3x-ipl\]/,/^$/d" ${file}
  1158. echo -e "${yellow}Removing conflicts of [3x-ipl] in jail (${file})!${plain}\n"
  1159. fi
  1160. done
  1161. }
  1162. iplimit_main() {
  1163. echo -e "\n${green}\t1.${plain} Install Fail2ban and configure IP Limit"
  1164. echo -e "${green}\t2.${plain} Change Ban Duration"
  1165. echo -e "${green}\t3.${plain} Unban Everyone"
  1166. echo -e "${green}\t4.${plain} Ban Logs"
  1167. echo -e "${green}\t5.${plain} Real-Time Logs"
  1168. echo -e "${green}\t6.${plain} Service Status"
  1169. echo -e "${green}\t7.${plain} Service Restart"
  1170. echo -e "${green}\t8.${plain} Uninstall Fail2ban and IP Limit"
  1171. echo -e "${green}\t0.${plain} Back to Main Menu"
  1172. read -p "Choose an option: " choice
  1173. case "$choice" in
  1174. 0)
  1175. show_menu
  1176. ;;
  1177. 1)
  1178. confirm "Proceed with installation of Fail2ban & IP Limit?" "y"
  1179. if [[ $? == 0 ]]; then
  1180. install_iplimit
  1181. else
  1182. iplimit_main
  1183. fi
  1184. ;;
  1185. 2)
  1186. read -rp "Please enter new Ban Duration in Minutes [default 30]: " NUM
  1187. if [[ $NUM =~ ^[0-9]+$ ]]; then
  1188. create_iplimit_jails ${NUM}
  1189. systemctl restart fail2ban
  1190. else
  1191. echo -e "${red}${NUM} is not a number! Please, try again.${plain}"
  1192. fi
  1193. iplimit_main
  1194. ;;
  1195. 3)
  1196. confirm "Proceed with Unbanning everyone from IP Limit jail?" "y"
  1197. if [[ $? == 0 ]]; then
  1198. fail2ban-client reload --restart --unban 3x-ipl
  1199. truncate -s 0 "${iplimit_banned_log_path}"
  1200. echo -e "${green}All users Unbanned successfully.${plain}"
  1201. iplimit_main
  1202. else
  1203. echo -e "${yellow}Cancelled.${plain}"
  1204. fi
  1205. iplimit_main
  1206. ;;
  1207. 4)
  1208. show_banlog
  1209. iplimit_main
  1210. ;;
  1211. 5)
  1212. tail -f /var/log/fail2ban.log
  1213. iplimit_main
  1214. ;;
  1215. 6)
  1216. service fail2ban status
  1217. iplimit_main
  1218. ;;
  1219. 7)
  1220. systemctl restart fail2ban
  1221. iplimit_main
  1222. ;;
  1223. 8)
  1224. remove_iplimit
  1225. iplimit_main
  1226. ;;
  1227. *)
  1228. echo -e "${red}Invalid option. Please select a valid number.${plain}\n"
  1229. iplimit_main
  1230. ;;
  1231. esac
  1232. }
  1233. install_iplimit() {
  1234. if ! command -v fail2ban-client &>/dev/null; then
  1235. echo -e "${green}Fail2ban is not installed. Installing now...!${plain}\n"
  1236. # Check the OS and install necessary packages
  1237. case "${release}" in
  1238. ubuntu)
  1239. if [[ "${os_version}" -ge 24 ]]; then
  1240. apt update && apt install python3-pip -y
  1241. python3 -m pip install pyasynchat --break-system-packages
  1242. fi
  1243. apt update && apt install fail2ban -y
  1244. ;;
  1245. debian | armbian)
  1246. apt update && apt install fail2ban -y
  1247. ;;
  1248. centos | almalinux | rocky | ol)
  1249. yum update -y && yum install epel-release -y
  1250. yum -y install fail2ban
  1251. ;;
  1252. fedora | amzn)
  1253. dnf -y update && dnf -y install fail2ban
  1254. ;;
  1255. arch | manjaro | parch)
  1256. pacman -Syu --noconfirm fail2ban
  1257. ;;
  1258. *)
  1259. echo -e "${red}Unsupported operating system. Please check the script and install the necessary packages manually.${plain}\n"
  1260. exit 1
  1261. ;;
  1262. esac
  1263. if ! command -v fail2ban-client &>/dev/null; then
  1264. echo -e "${red}Fail2ban installation failed.${plain}\n"
  1265. exit 1
  1266. fi
  1267. echo -e "${green}Fail2ban installed successfully!${plain}\n"
  1268. else
  1269. echo -e "${yellow}Fail2ban is already installed.${plain}\n"
  1270. fi
  1271. echo -e "${green}Configuring IP Limit...${plain}\n"
  1272. # make sure there's no conflict for jail files
  1273. iplimit_remove_conflicts
  1274. # Check if log file exists
  1275. if ! test -f "${iplimit_banned_log_path}"; then
  1276. touch ${iplimit_banned_log_path}
  1277. fi
  1278. # Check if service log file exists so fail2ban won't return error
  1279. if ! test -f "${iplimit_log_path}"; then
  1280. touch ${iplimit_log_path}
  1281. fi
  1282. # Create the iplimit jail files
  1283. # we didn't pass the bantime here to use the default value
  1284. create_iplimit_jails
  1285. # Launching fail2ban
  1286. if ! systemctl is-active --quiet fail2ban; then
  1287. systemctl start fail2ban
  1288. systemctl enable fail2ban
  1289. else
  1290. systemctl restart fail2ban
  1291. fi
  1292. systemctl enable fail2ban
  1293. echo -e "${green}IP Limit installed and configured successfully!${plain}\n"
  1294. before_show_menu
  1295. }
  1296. remove_iplimit() {
  1297. echo -e "${green}\t1.${plain} Only remove IP Limit configurations"
  1298. echo -e "${green}\t2.${plain} Uninstall Fail2ban and IP Limit"
  1299. echo -e "${green}\t0.${plain} Back to Main Menu"
  1300. read -p "Choose an option: " num
  1301. case "$num" in
  1302. 1)
  1303. rm -f /etc/fail2ban/filter.d/3x-ipl.conf
  1304. rm -f /etc/fail2ban/action.d/3x-ipl.conf
  1305. rm -f /etc/fail2ban/jail.d/3x-ipl.conf
  1306. systemctl restart fail2ban
  1307. echo -e "${green}IP Limit removed successfully!${plain}\n"
  1308. before_show_menu
  1309. ;;
  1310. 2)
  1311. rm -rf /etc/fail2ban
  1312. systemctl stop fail2ban
  1313. case "${release}" in
  1314. ubuntu | debian | armbian)
  1315. apt-get remove -y fail2ban
  1316. apt-get purge -y fail2ban -y
  1317. apt-get autoremove -y
  1318. ;;
  1319. centos | almalinux | rocky | ol)
  1320. yum remove fail2ban -y
  1321. yum autoremove -y
  1322. ;;
  1323. fedora | amzn)
  1324. dnf remove fail2ban -y
  1325. dnf autoremove -y
  1326. ;;
  1327. arch | manjaro | parch)
  1328. pacman -Rns --noconfirm fail2ban
  1329. ;;
  1330. *)
  1331. echo -e "${red}Unsupported operating system. Please uninstall Fail2ban manually.${plain}\n"
  1332. exit 1
  1333. ;;
  1334. esac
  1335. echo -e "${green}Fail2ban and IP Limit removed successfully!${plain}\n"
  1336. before_show_menu
  1337. ;;
  1338. 0)
  1339. show_menu
  1340. ;;
  1341. *)
  1342. echo -e "${red}Invalid option. Please select a valid number.${plain}\n"
  1343. remove_iplimit
  1344. ;;
  1345. esac
  1346. }
  1347. SSH_port_forwarding() {
  1348. local server_ip=$(curl -s https://api.ipify.org)
  1349. local existing_webBasePath=$(/usr/local/x-ui/x-ui setting -show true | grep -Eo 'webBasePath: .+' | awk '{print $2}')
  1350. local existing_port=$(/usr/local/x-ui/x-ui setting -show true | grep -Eo 'port: .+' | awk '{print $2}')
  1351. local existing_listenIP=$(/usr/local/x-ui/x-ui setting -getListen true | grep -Eo 'listenIP: .+' | awk '{print $2}')
  1352. local existing_cert=$(/usr/local/x-ui/x-ui setting -getCert true | grep -Eo 'cert: .+' | awk '{print $2}')
  1353. local existing_key=$(/usr/local/x-ui/x-ui setting -getCert true | grep -Eo 'key: .+' | awk '{print $2}')
  1354. local config_listenIP=""
  1355. local listen_choice=""
  1356. if [[ -n "$existing_cert" && -n "$existing_key" ]]; then
  1357. echo -e "${green}Panel is secure with SSL.${plain}"
  1358. before_show_menu
  1359. fi
  1360. if [[ -z "$existing_cert" && -z "$existing_key" && (-z "$existing_listenIP" || "$existing_listenIP" == "0.0.0.0") ]]; then
  1361. echo -e "\n${red}Warning: No Cert and Key found! The panel is not secure.${plain}"
  1362. echo "Please obtain a certificate or set up SSH port forwarding."
  1363. fi
  1364. if [[ -n "$existing_listenIP" && "$existing_listenIP" != "0.0.0.0" && (-z "$existing_cert" && -z "$existing_key") ]]; then
  1365. echo -e "\n${green}Current SSH Port Forwarding Configuration:${plain}"
  1366. echo -e "Standard SSH command:"
  1367. echo -e "${yellow}ssh -L 2222:${existing_listenIP}:${existing_port} root@${server_ip}${plain}"
  1368. echo -e "\nIf using SSH key:"
  1369. echo -e "${yellow}ssh -i <sshkeypath> -L 2222:${existing_listenIP}:${existing_port} root@${server_ip}${plain}"
  1370. echo -e "\nAfter connecting, access the panel at:"
  1371. echo -e "${yellow}http://localhost:2222${existing_webBasePath}${plain}"
  1372. fi
  1373. echo -e "\nChoose an option:"
  1374. echo -e "${green}1.${plain} Set listen IP"
  1375. echo -e "${green}2.${plain} Clear listen IP"
  1376. echo -e "${green}0.${plain} Back to Main Menu"
  1377. read -p "Choose an option: " num
  1378. case "$num" in
  1379. 1)
  1380. if [[ -z "$existing_listenIP" || "$existing_listenIP" == "0.0.0.0" ]]; then
  1381. echo -e "\nNo listenIP configured. Choose an option:"
  1382. echo -e "1. Use default IP (127.0.0.1)"
  1383. echo -e "2. Set a custom IP"
  1384. read -p "Select an option (1 or 2): " listen_choice
  1385. config_listenIP="127.0.0.1"
  1386. [[ "$listen_choice" == "2" ]] && read -p "Enter custom IP to listen on: " config_listenIP
  1387. /usr/local/x-ui/x-ui setting -listenIP "${config_listenIP}" >/dev/null 2>&1
  1388. echo -e "${green}listen IP has been set to ${config_listenIP}.${plain}"
  1389. echo -e "\n${green}SSH Port Forwarding Configuration:${plain}"
  1390. echo -e "Standard SSH command:"
  1391. echo -e "${yellow}ssh -L 2222:${config_listenIP}:${existing_port} root@${server_ip}${plain}"
  1392. echo -e "\nIf using SSH key:"
  1393. echo -e "${yellow}ssh -i <sshkeypath> -L 2222:${config_listenIP}:${existing_port} root@${server_ip}${plain}"
  1394. echo -e "\nAfter connecting, access the panel at:"
  1395. echo -e "${yellow}http://localhost:2222${existing_webBasePath}${plain}"
  1396. restart
  1397. else
  1398. config_listenIP="${existing_listenIP}"
  1399. echo -e "${green}Current listen IP is already set to ${config_listenIP}.${plain}"
  1400. fi
  1401. ;;
  1402. 2)
  1403. /usr/local/x-ui/x-ui setting -listenIP 0.0.0.0 >/dev/null 2>&1
  1404. echo -e "${green}Listen IP has been cleared.${plain}"
  1405. restart
  1406. ;;
  1407. 0)
  1408. show_menu
  1409. ;;
  1410. *)
  1411. echo -e "${red}Invalid option. Please select a valid number.${plain}\n"
  1412. SSH_port_forwarding
  1413. ;;
  1414. esac
  1415. }
  1416. show_usage() {
  1417. echo "x-ui control menu usages: "
  1418. echo "------------------------------------------"
  1419. echo -e "SUBCOMMANDS:"
  1420. echo -e "x-ui - Admin Management Script"
  1421. echo -e "x-ui start - Start"
  1422. echo -e "x-ui stop - Stop"
  1423. echo -e "x-ui restart - Restart"
  1424. echo -e "x-ui status - Current Status"
  1425. echo -e "x-ui settings - Current Settings"
  1426. echo -e "x-ui enable - Enable Autostart on OS Startup"
  1427. echo -e "x-ui disable - Disable Autostart on OS Startup"
  1428. echo -e "x-ui log - Check logs"
  1429. echo -e "x-ui banlog - Check Fail2ban ban logs"
  1430. echo -e "x-ui update - Update"
  1431. echo -e "x-ui custom - custom version"
  1432. echo -e "x-ui install - Install"
  1433. echo -e "x-ui uninstall - Uninstall"
  1434. echo "------------------------------------------"
  1435. }
  1436. show_menu() {
  1437. echo -e "
  1438. ${green}3X-UI Panel Management Script${plain}
  1439. ${green}0.${plain} Exit Script
  1440. ————————————————
  1441. ${green}1.${plain} Install
  1442. ${green}2.${plain} Update
  1443. ${green}3.${plain} Update Menu
  1444. ${green}4.${plain} Legacy Version
  1445. ${green}5.${plain} Uninstall
  1446. ————————————————
  1447. ${green}6.${plain} Reset Username & Password & Secret Token
  1448. ${green}7.${plain} Reset Web Base Path
  1449. ${green}8.${plain} Reset Settings
  1450. ${green}9.${plain} Change Port
  1451. ${green}10.${plain} View Current Settings
  1452. ————————————————
  1453. ${green}11.${plain} Start
  1454. ${green}12.${plain} Stop
  1455. ${green}13.${plain} Restart
  1456. ${green}14.${plain} Check Status
  1457. ${green}15.${plain} Logs Management
  1458. ————————————————
  1459. ${green}16.${plain} Enable Autostart
  1460. ${green}17.${plain} Disable Autostart
  1461. ————————————————
  1462. ${green}18.${plain} SSL Certificate Management
  1463. ${green}19.${plain} Cloudflare SSL Certificate
  1464. ${green}20.${plain} IP Limit Management
  1465. ${green}21.${plain} Firewall Management
  1466. ${green}22.${plain} SSH Port Forwarding Management
  1467. ————————————————
  1468. ${green}23.${plain} Enable BBR
  1469. ${green}24.${plain} Update Geo Files
  1470. ${green}25.${plain} Speedtest by Ookla
  1471. "
  1472. show_status
  1473. echo && read -p "Please enter your selection [0-25]: " num
  1474. case "${num}" in
  1475. 0)
  1476. exit 0
  1477. ;;
  1478. 1)
  1479. check_uninstall && install
  1480. ;;
  1481. 2)
  1482. check_install && update
  1483. ;;
  1484. 3)
  1485. check_install && update_menu
  1486. ;;
  1487. 4)
  1488. check_install && legacy_version
  1489. ;;
  1490. 5)
  1491. check_install && uninstall
  1492. ;;
  1493. 6)
  1494. check_install && reset_user
  1495. ;;
  1496. 7)
  1497. check_install && reset_webbasepath
  1498. ;;
  1499. 8)
  1500. check_install && reset_config
  1501. ;;
  1502. 9)
  1503. check_install && set_port
  1504. ;;
  1505. 10)
  1506. check_install && check_config
  1507. ;;
  1508. 11)
  1509. check_install && start
  1510. ;;
  1511. 12)
  1512. check_install && stop
  1513. ;;
  1514. 13)
  1515. check_install && restart
  1516. ;;
  1517. 14)
  1518. check_install && status
  1519. ;;
  1520. 15)
  1521. check_install && show_log
  1522. ;;
  1523. 16)
  1524. check_install && enable
  1525. ;;
  1526. 17)
  1527. check_install && disable
  1528. ;;
  1529. 18)
  1530. ssl_cert_issue_main
  1531. ;;
  1532. 19)
  1533. ssl_cert_issue_CF
  1534. ;;
  1535. 20)
  1536. iplimit_main
  1537. ;;
  1538. 21)
  1539. firewall_menu
  1540. ;;
  1541. 22)
  1542. SSH_port_forwarding
  1543. ;;
  1544. 23)
  1545. bbr_menu
  1546. ;;
  1547. 24)
  1548. update_geo
  1549. ;;
  1550. 25)
  1551. run_speedtest
  1552. ;;
  1553. *)
  1554. LOGE "Please enter the correct number [0-25]"
  1555. ;;
  1556. esac
  1557. }
  1558. if [[ $# > 0 ]]; then
  1559. case $1 in
  1560. "start")
  1561. check_install 0 && start 0
  1562. ;;
  1563. "stop")
  1564. check_install 0 && stop 0
  1565. ;;
  1566. "restart")
  1567. check_install 0 && restart 0
  1568. ;;
  1569. "status")
  1570. check_install 0 && status 0
  1571. ;;
  1572. "settings")
  1573. check_install 0 && check_config 0
  1574. ;;
  1575. "enable")
  1576. check_install 0 && enable 0
  1577. ;;
  1578. "disable")
  1579. check_install 0 && disable 0
  1580. ;;
  1581. "log")
  1582. check_install 0 && show_log 0
  1583. ;;
  1584. "banlog")
  1585. check_install 0 && show_banlog 0
  1586. ;;
  1587. "update")
  1588. check_install 0 && update 0
  1589. ;;
  1590. "legacy")
  1591. check_install 0 && legacy_version 0
  1592. ;;
  1593. "install")
  1594. check_uninstall 0 && install 0
  1595. ;;
  1596. "uninstall")
  1597. check_install 0 && uninstall 0
  1598. ;;
  1599. *) show_usage ;;
  1600. esac
  1601. else
  1602. show_menu
  1603. fi