-
Notifications
You must be signed in to change notification settings - Fork 10
/
install-server-on-Arch.sh-example
executable file
·90 lines (75 loc) · 2.67 KB
/
install-server-on-Arch.sh-example
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
#!/bin/bash
### NOT TESTED!
echo "EDIT variables before and run as root" && exit
MY_DOMAIN=domain.tld
CLOUDFLARE_EMAIL=mail@domain.tld
CLOUDFLARE_API_KEY=31337
SS_PASSWORD=""
SS_ROOT="/etc/shadowsocks"
#CHOWN_USER="shadowsocks"
CHOWN_USER="nobody"
DAEMON_CERT_ROOT="/etc/shadowsocks/certs"
INI_FILE="cloudflare.ini"
CERTBOT_INI_DIR="/root/.secrets/certbot"
CERTBOT_DEPLOY_HOOKS_DIR="/etc/letsencrypt/renewal-hooks/deploy"
CERTBOT_DEPLOY_HOOK_NAME="deploy"
CERTBOT_LIVE_DIR="/etc/letsencrypt/live"
# INSTALL
pacman -S \
shadowsocks-libev \
shadowsocks-v2ray-plugin \
certbot \
certbot-dns-cloudflare
# V2RAY permissions
# https://bugs.archlinux.org/task/62416
setcap cap_net_bind_service+ep /usr/bin/v2ray-plugin
cd $(dirname "$0")
# CERT
mkdir -p $CERTBOT_INI_DIR
cat >$CERTBOT_INI_DIR/$INI_FILE <<EOL
dns_cloudflare_email = $CLOUDFLARE_EMAIL
dns_cloudflare_api_key = $CLOUDFLARE_API_KEY
EOL
chmod 600 $CERTBOT_INI_DIR/$INI_FILE
certbot certonly \
--dns-cloudflare \
--dns-cloudflare-credentials $CERTBOT_INI_DIR/$INI_FILE \
--dns-cloudflare-propagation-seconds 120 \
-d $MY_DOMAIN
cp "$CERTBOT_LIVE_DIR/$MY_DOMAIN/fullchain.pem" "$DAEMON_CERT_ROOT/$MY_DOMAIN.cert"
cp "$CERTBOT_LIVE_DIR/$MY_DOMAIN/privkey.pem" "$DAEMON_CERT_ROOT/$MY_DOMAIN.key"
chown "$CHOWN_USER:" \
"$DAEMON_CERT_ROOT/$MY_DOMAIN.cert" \
"$DAEMON_CERT_ROOT/$MY_DOMAIN.key"
chmod 400 \
"$DAEMON_CERT_ROOT/$MY_DOMAIN.cert" \
"$DAEMON_CERT_ROOT/$MY_DOMAIN.key"
# CERT DEPLOY HOOK
mkdir -p $CERTBOT_DEPLOY_HOOKS_DIR
cp certbot-renewal-hook-deploy $CERTBOT_DEPLOY_HOOKS_DIR/$CERTBOT_DEPLOY_HOOK_NAME
sed -i \
-e "s/<MY_DOMAIN>/$MY_DOMAIN/" \
-e "s/<CHOWN_USER>/$CHOWN_USER/" \
$CERTBOT_DEPLOY_HOOKS_DIR/$CERTBOT_DEPLOY_HOOK_NAME
# CRON
echo -e "@daily\t\tcertbot renew" >> /var/spool/cron/root
chmod 600 /var/spool/cron/root
# SHADOWSOCKS CONFIG
cp shadowsocks-server.json $SS_ROOT/$MY_DOMAIN.json
sed -i \
-e "s/<SS_PASSWORD>/$SS_PASSWORD/" \
-e "s/<MY_DOMAIN>/$MY_DOMAIN/g" \
$SS_ROOT/$MY_DOMAIN.json
# Я уже забыл зачем мне нужно было создавать пользователя shadowsocks вместо nobody,
# возможно это лишняя операция
# ADD SHADOWSOCKS USER
# useradd --system --user-group --home $SS_ROOT shadowsocks
# chown $CHOWN_USER: -R $SS_ROOT
# SYSTEMD SHADOWSOCKS USER
# sudo cp /usr/lib/systemd/system/shadowsocks-libev-server@.service \
# /etc/systemd/system/shadowsocks-libev-server@$MY_DOMAIN.service
# sed -i "s/nobody/shadowsocks/" \
# /etc/systemd/system/shadowsocks-libev-server@$MY_DOMAIN.service
# SYSTEMD ENABLE SERVICE
systemctl enable shadowsocks-libev-server@$MY_DOMAIN
systemctl start shadowsocks-libev-server@$MY_DOMAIN