Domů Procházet Nápověda
Přihlásit se
txlyre
/
3x-ui
zrcadlo https://github.com/MHSanaei/3x-ui
1
0
Rozštěpit 0
Soubory Úkoly 0 Wiki
Strom: d6d2085d60
Větve Značky
3x-ui
/
DockerEntrypoint.sh

DockerEntrypoint.sh 2.5 KB
Historie Surový

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172 
  1. #!/bin/sh
    2. 

  2. 

  3. # Start fail2ban with the 3x-ipl jail
    4. 

  4. if [ "$XUI_ENABLE_FAIL2BAN" = "true" ]; then
    5. 

  5.     LOG_FOLDER="${XUI_LOG_FOLDER:-/var/log/x-ui}"
    6. 

  6.     mkdir -p "$LOG_FOLDER"
    7. 

  7.     touch "$LOG_FOLDER/3xipl.log" "$LOG_FOLDER/3xipl-banned.log"
    8. 

  8. 

  9.     mkdir -p /etc/fail2ban/jail.d /etc/fail2ban/filter.d /etc/fail2ban/action.d
    10. 

  10. 

  11.     cat > /etc/fail2ban/jail.d/3x-ipl.conf << EOF
    12. 

  12. [3x-ipl]
    13. 

  13. enabled=true
    14. 

  14. backend=auto
    15. 

  15. filter=3x-ipl
    16. 

  16. action=3x-ipl
    17. 

  17. logpath=$LOG_FOLDER/3xipl.log
    18. 

  18. maxretry=1
    19. 

  19. findtime=32
    20. 

  20. bantime=30m
    21. 

  21. EOF
    22. 

  22. 

  23.     cat > /etc/fail2ban/filter.d/3x-ipl.conf << 'EOF'
    24. 

  24. [Definition]
    25. 

  25. datepattern = ^%%Y/%%m/%%d %%H:%%M:%%S
    26. 

  26. failregex   = \[LIMIT_IP\]\s*Email\s*=\s*<F-USER>.+</F-USER>\s*\|\|\s*Disconnecting OLD IP\s*=\s*<ADDR>\s*\|\|\s*Timestamp\s*=\s*\d+
    27. 

  27. ignoreregex =
    28. 

  28. EOF
    29. 

  29. 

  30.     # Ports to exempt from the ban so an over-limit proxy client can never lock
    31. 

  31.     # the administrator out of SSH or the panel. The ban still covers every other
    32. 

  32.     # TCP port (including all Xray inbounds), so IP-limit keeps working for inbounds
    33. 

  33.     # added later without regenerating these files.
    34. 

  34.     SSH_PORTS=$(grep -oE '^[[:space:]]*Port[[:space:]]+[0-9]+' /etc/ssh/sshd_config 2>/dev/null | grep -oE '[0-9]+' | paste -sd, -)
    35. 

  35.     [ -z "$SSH_PORTS" ] && SSH_PORTS="22"
    36. 

  36.     PANEL_PORT=$(/app/x-ui setting -show true 2>/dev/null | grep -Eo 'port: .+' | awk '{print $2}')
    37. 

  37.     EXEMPT_PORTS="$SSH_PORTS"
    38. 

  38.     [ -n "$PANEL_PORT" ] && EXEMPT_PORTS="$EXEMPT_PORTS,$PANEL_PORT"
    39. 

  39. 

  40.     cat > /etc/fail2ban/action.d/3x-ipl.conf << EOF
    41. 

  41. [INCLUDES]
    42. 

  42. before = iptables-allports.conf
    43. 

  43. 

  44. [Definition]
    45. 

  45. actionstart = <iptables> -N f2b-<name>
    46. 

  46.               <iptables> -A f2b-<name> -j <returntype>
    47. 

  47.               <iptables> -I <chain> -p <protocol> -j f2b-<name>
    48. 

  48. 

  49. actionstop = <iptables> -D <chain> -p <protocol> -j f2b-<name>
    50. 

  50.              <actionflush>
    51. 

  51.              <iptables> -X f2b-<name>
    52. 

  52. 

  53. actioncheck = <iptables> -n -L <chain> | grep -q 'f2b-<name>[ \t]'
    54. 

  54. 

  55. actionban = <iptables> -I f2b-<name> 1 -s <ip> -p <protocol> -m multiport ! --dports <exemptports> -j <blocktype>
    56. 

  56.             echo "\$(date +"%%Y/%%m/%%d %%H:%%M:%%S")   BAN   [Email] = <F-USER> [IP] = <ip> banned for <bantime> seconds." >> $LOG_FOLDER/3xipl-banned.log
    57. 

  57. 

  58. actionunban = <iptables> -D f2b-<name> -s <ip> -p <protocol> -m multiport ! --dports <exemptports> -j <blocktype>
    59. 

  59.               echo "\$(date +"%%Y/%%m/%%d %%H:%%M:%%S")   UNBAN   [Email] = <F-USER> [IP] = <ip> unbanned." >> $LOG_FOLDER/3xipl-banned.log
    60. 

  60. 

  61. [Init]
    62. 

  62. name = default
    63. 

  63. protocol = tcp
    64. 

  64. chain = INPUT
    65. 

  65. exemptports = $EXEMPT_PORTS
    66. 

  66. EOF
    67. 

  67. 

  68.     fail2ban-client -x start
    69. 

  69. fi
    70. 

  70. 

  71. # Run x-ui
    72. 

  72. exec /app/x-ui
    73.