first commit
This commit is contained in:
@@ -1,72 +1,94 @@
|
|||||||
#!/usr/bin/env bash
|
#!/usr/bin/env bash
|
||||||
set -Eeuo pipefail
|
set -Eeuo pipefail
|
||||||
|
|
||||||
# --- tweak here ---
|
# Detect this proxy’s IP (override with: PROXY_IP_OVERRIDE=1.2.3.4 ./fix.sh)
|
||||||
CONF="/etc/nginx/sites-available/lan-proxy.conf"
|
PROXY_IP="${PROXY_IP_OVERRIDE:-$(hostname -I | awk '{print $1}')}"
|
||||||
PROXY_IP="192.168.1.202" # Nginx box LAN IP
|
BACKEND_IP="${BACKEND_IP:-192.168.1.202}" # where hbbs/hbbr run
|
||||||
ID_BACKEND="192.168.1.202:21118" # id.generalinfinity.cloud
|
GITEA_BACKEND="192.168.1.203:3100"
|
||||||
RELAY_BACKEND="192.168.1.202:21119" # relay.generalinfinity.cloud
|
|
||||||
GITEA_BACKEND="192.168.1.203:3100" # github.generalinfinity.cloud (HTTP only)
|
|
||||||
# -------------------
|
|
||||||
|
|
||||||
STAMP="$(date +%F-%H%M%S)"
|
# RustDesk ports
|
||||||
sudo install -d /etc/nginx/sites-available /etc/nginx/sites-enabled
|
ID_TCP1=21115; ID_TCP2=21116; ID_UDP=21116; RELAY_TCP=21117
|
||||||
sudo touch "$CONF"
|
ID_TCP_CUSTOM=21118; RELAY_TCP_CUSTOM=21119
|
||||||
sudo cp -a "$CONF" "${CONF}.bak-${STAMP}"
|
|
||||||
|
|
||||||
# 1) Disable any existing SSL lines (keep them but comment out)
|
NGX_MAIN="/etc/nginx/nginx.conf"
|
||||||
sudo sed -i \
|
SITES_AVAIL="/etc/nginx/sites-available"
|
||||||
-e 's/^\s*listen\s\+443\(.*\)$/# DISABLED_SSL &/I' \
|
SITES_EN="/etc/nginx/sites-enabled"
|
||||||
-e 's/^\s*ssl_certificate_key\s\+.*$/# DISABLED_SSL &/I' \
|
STREAMS_EN="/etc/nginx/streams-enabled"
|
||||||
-e 's/^\s*ssl_certificate\s\+.*$/# DISABLED_SSL &/I' \
|
HTTP_FILE="$SITES_AVAIL/lan-proxy-web.conf"
|
||||||
-e 's/^\s*ssl_protocols\s\+.*$/# DISABLED_SSL &/I' \
|
STREAM_FILE="$STREAMS_EN/rustdesk.conf"
|
||||||
"$CONF"
|
|
||||||
|
|
||||||
append_http_block() {
|
sudo install -d "$SITES_AVAIL" "$SITES_EN" "$STREAMS_EN"
|
||||||
local name="$1" backend="$2"
|
|
||||||
if ! sudo grep -q "server_name[[:space:]]\+$name" "$CONF" || ! sudo grep -q "listen 80" "$CONF"; then
|
echo "==> 0) Clean up duplicate stream module + bad stream blocks"
|
||||||
sudo tee -a "$CONF" >/dev/null <<EOF
|
sudo cp -a "$NGX_MAIN" "$NGX_MAIN.bak.$(date +%s)"
|
||||||
|
|
||||||
|
# Remove any manual load_module line; Ubuntu loads it via /etc/nginx/modules-enabled/*
|
||||||
|
sudo sed -i '/ngx_stream_module\.so/d' "$NGX_MAIN"
|
||||||
|
|
||||||
|
# Remove any stray stream{} blocks, then add a single clean one at top level
|
||||||
|
sudo sed -i '/^\s*stream\s*{/,/^\s*}\s*$/d' "$NGX_MAIN"
|
||||||
|
printf '\nstream {\n include /etc/nginx/streams-enabled/*;\n}\n' | \
|
||||||
|
sudo tee -a "$NGX_MAIN" >/dev/null
|
||||||
|
|
||||||
|
echo "==> 1) Replace broken HTTP site with a clean file"
|
||||||
|
sudo rm -f "$SITES_EN/lan-proxy.conf" 2>/dev/null || true
|
||||||
|
sudo tee "$HTTP_FILE" >/dev/null <<EOF
|
||||||
server {
|
server {
|
||||||
listen 80;
|
listen 80;
|
||||||
server_name $name;
|
server_name github.generalinfinity.cloud;
|
||||||
|
|
||||||
location / {
|
location / {
|
||||||
proxy_pass http://$backend;
|
proxy_pass http://$GITEA_BACKEND;
|
||||||
proxy_set_header Host \$host;
|
proxy_set_header Host \$host;
|
||||||
proxy_set_header X-Real-IP \$remote_addr;
|
proxy_set_header X-Real-IP \$remote_addr;
|
||||||
proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
|
proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
|
||||||
proxy_set_header X-Forwarded-Proto \$scheme;
|
proxy_set_header X-Forwarded-Proto \$scheme;
|
||||||
proxy_set_header Upgrade \$http_upgrade;
|
|
||||||
proxy_set_header Connection "upgrade";
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
EOF
|
# Optional landing so hitting RustDesk names over HTTP doesn't 404
|
||||||
fi
|
server {
|
||||||
|
listen 80;
|
||||||
|
server_name id.generalinfinity.cloud relay.generalinfinity.cloud;
|
||||||
|
return 200 "RustDesk uses TCP/UDP ports, not HTTP.\n";
|
||||||
}
|
}
|
||||||
|
EOF
|
||||||
|
sudo ln -sf "$HTTP_FILE" "$SITES_EN/lan-proxy-web.conf"
|
||||||
|
|
||||||
# 2) Ensure HTTP-only vhosts exist
|
echo "==> 2) Create proper L4 proxies for RustDesk under stream/"
|
||||||
append_http_block "id.generalinfinity.cloud" "$ID_BACKEND"
|
sudo tee "$STREAM_FILE" >/dev/null <<EOF
|
||||||
append_http_block "relay.generalinfinity.cloud" "$RELAY_BACKEND"
|
# hbbs (ID)
|
||||||
append_http_block "github.generalinfinity.cloud" "$GITEA_BACKEND"
|
server { listen ${ID_TCP1}; proxy_pass ${BACKEND_IP}:${ID_TCP1}; proxy_timeout 10m; }
|
||||||
|
server { listen ${ID_TCP2}; proxy_pass ${BACKEND_IP}:${ID_TCP2}; proxy_timeout 10m; }
|
||||||
|
server { listen ${ID_UDP} udp reuseport; proxy_pass ${BACKEND_IP}:${ID_UDP}; proxy_timeout 10m; }
|
||||||
|
# hbbr (relay)
|
||||||
|
server { listen ${RELAY_TCP}; proxy_pass ${BACKEND_IP}:${RELAY_TCP}; proxy_timeout 10m; }
|
||||||
|
# custom extras you used before
|
||||||
|
server { listen ${ID_TCP_CUSTOM}; proxy_pass ${BACKEND_IP}:${ID_TCP_CUSTOM}; proxy_timeout 10m; }
|
||||||
|
server { listen ${RELAY_TCP_CUSTOM}; proxy_pass ${BACKEND_IP}:${RELAY_TCP_CUSTOM}; proxy_timeout 10m; }
|
||||||
|
EOF
|
||||||
|
|
||||||
# 3) Enable site & hot-reload
|
echo "==> 3) Open firewall (one rule per port)"
|
||||||
sudo ln -sf "$CONF" /etc/nginx/sites-enabled/lan-proxy.conf
|
sudo ufw allow ${ID_TCP1}/tcp || true
|
||||||
if sudo nginx -t; then
|
sudo ufw allow ${ID_TCP2}/tcp || true
|
||||||
sudo systemctl reload nginx
|
sudo ufw allow ${RELAY_TCP}/tcp || true
|
||||||
else
|
sudo ufw allow ${ID_TCP_CUSTOM}/tcp || true
|
||||||
echo "❌ nginx test failed; restoring backup"
|
sudo ufw allow ${RELAY_TCP_CUSTOM}/tcp|| true
|
||||||
sudo mv "${CONF}.bak-${STAMP}" "$CONF"
|
sudo ufw allow ${ID_UDP}/udp || true
|
||||||
exit 1
|
sudo ufw allow "Nginx Full" || true
|
||||||
fi
|
|
||||||
|
|
||||||
# 4) Ensure local DNS → proxy (HTTP only)
|
echo "==> 4) Ensure DNS on THIS box points to THIS proxy"
|
||||||
grep -q 'id.generalinfinity.cloud' /etc/hosts || echo "$PROXY_IP id.generalinfinity.cloud" | sudo tee -a /etc/hosts
|
for h in id.generalinfinity.cloud relay.generalinfinity.cloud github.generalinfinity.cloud; do
|
||||||
grep -q 'relay.generalinfinity.cloud' /etc/hosts || echo "$PROXY_IP relay.generalinfinity.cloud" | sudo tee -a /etc/hosts
|
grep -q " $h" /etc/hosts || echo "$PROXY_IP $h" | sudo tee -a /etc/hosts >/dev/null
|
||||||
grep -q 'github.generalinfinity.cloud' /etc/hosts|| echo "$PROXY_IP github.generalinfinity.cloud"| sudo tee -a /etc/hosts
|
done
|
||||||
|
echo "PROXY_IP=$PROXY_IP BACKEND_IP=$BACKEND_IP"
|
||||||
|
|
||||||
# 5) Quick tests (HTTP only)
|
echo "==> 5) Validate & reload"
|
||||||
curl -I http://id.generalinfinity.cloud || true
|
sudo nginx -t && sudo systemctl reload nginx
|
||||||
curl -I http://relay.generalinfinity.cloud || true
|
|
||||||
curl -I http://github.generalinfinity.cloud || true
|
|
||||||
|
|
||||||
echo "✅ HTTP-only vhosts active. No SSL/certs used."
|
echo "==> 6) Quick tests"
|
||||||
|
command -v nc >/dev/null || sudo apt-get install -y netcat-openbsd >/dev/null
|
||||||
|
nc -vz "$PROXY_IP" ${ID_TCP2} || true
|
||||||
|
nc -vz "$PROXY_IP" ${RELAY_TCP} || true
|
||||||
|
nc -uvz "$PROXY_IP" ${ID_UDP} || true
|
||||||
|
curl -I -H "Host: github.generalinfinity.cloud" "http://$PROXY_IP/" | sed -n '1,5p' || true
|
||||||
|
|
||||||
|
echo "✅ Fixed: single stream block, no duplicate module load, HTTP site clean, RustDesk L4 in place."
|
||||||
|
|||||||
Reference in New Issue
Block a user