From 353ab5902824abed44da5554af8c5265d27666de Mon Sep 17 00:00:00 2001
From: wulabing <wulabing@gmail.com>
Date: Mon, 15 Feb 2021 11:31:00 +0800
Subject: [PATCH] xray-0.0.2
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

[bugfix] 证书泄露修复 by 玖柒
[del] 删除 nginx 无用配置
[modify] 依赖调整
---
 config/web.conf                   |  9 ---------
 config/xray_xtls-rprx-direct.json |  4 ++++
 install.sh                        | 24 +++++++++++++++++++++---
 3 files changed, 25 insertions(+), 12 deletions(-)

diff --git a/config/web.conf b/config/web.conf
index 303aa1e..d84dcce 100644
--- a/config/web.conf
+++ b/config/web.conf
@@ -9,15 +9,6 @@ server
         error_log  /dev/null;
 }
 
-server
-{
-	listen 60000 default_server;
-	listen [::]:60000 default_server;
-	listen 60001 http2 default_server;
-	listen [::]:60001 http2 default_server;
-
-	return 444;
-}
 server
 {
         listen 127.0.0.1:60000 proxy_protocol;
diff --git a/config/xray_xtls-rprx-direct.json b/config/xray_xtls-rprx-direct.json
index 8461122..d31c1fe 100644
--- a/config/xray_xtls-rprx-direct.json
+++ b/config/xray_xtls-rprx-direct.json
@@ -36,6 +36,10 @@
           "allowInsecure": false,
           "minVersion": "1.2",
           "certificates": [
+            {
+              "certificateFile": "/usr/local/etc/xray/self_signed_cert.pem",
+              "keyFile": "/usr/local/etc/xray/self_signed_key.pem"
+            },
             {
               "certificateFile": "/ssl/xray.crt",
               "keyFile": "/ssl/xray.key"
diff --git a/install.sh b/install.sh
index 7de500a..a2fb741 100644
--- a/install.sh
+++ b/install.sh
@@ -23,6 +23,8 @@ xray_conf_dir="/usr/local/etc/xray"
 website_dir="/www/xray_web/"
 xray_access_log="/var/log/xray/access.log"
 xray_error_log="/var/log/xray/error.log"
+cert_dir="/usr/local/etc/xray"
+
 VERSION=$(echo "${VERSION}" | awk -F "[()]" '{print $2}')
 
 function print_ok() {
@@ -91,8 +93,8 @@ function nginx_install() {
   fi
 }
 function dependency_install() {
-  ${INS} wget git lsof
-  judge "安装 wget git lsof"
+  ${INS} wget lsof
+  judge "安装 wget lsof"
 
   if [[ "${ID}" == "centos" ]]; then
     ${INS} crontabs
@@ -120,6 +122,10 @@ function dependency_install() {
   ${INS} curl
   judge "安装 curl"
 
+  ${INS} openssl openssl-devel
+  judge "安装 openssl"
+
+
 # Nginx 后置 无需编译 不再需要
 #  if [[ "${ID}" == "centos" ]]; then
 #    yum -y groupinstall "Development tools"
@@ -131,7 +137,7 @@ function dependency_install() {
   if [[ "${ID}" == "centos" ]]; then
     ${INS} pcre pcre-devel zlib-devel epel-release
   else
-    ${INS} libpcre3 libpcre3-dev zlib1g-dev dbus
+    ${INS} libpcre3 libpcre3-dev zlib1g-dev
   fi
 
   ${INS} jq
@@ -322,6 +328,17 @@ function ssl_judge_and_install() {
   chown -R nobody.nobody /ssl/*
 }
 
+generate_certificate() {
+	openssl genrsa -des3 -passout pass:xxxx -out server.pass.key 2048
+	openssl rsa -passin pass:xxxx -in server.pass.key -out "$cert_dir/self_signed_key.pem"
+	rm -rf server.pass.key
+	openssl req -new -key "$cert_dir/self_signed_key.pem" -out server.csr -subj "/CN=$local_ip"
+	openssl x509 -req -days 3650 -in server.csr -signkey "$cert_dir/self_signed_key.pem" -out "$cert_dir/self_signed_cert.pem"
+	rm -rf server.csr
+	[[ ! -f "$cert_dir/self_signed_cert.pem" || ! -f "$cert_dir/self_signed_key.pem" ]] && print_error "生成自签名证书失败"
+	print_ok "生成自签名证书成功"
+}
+
 function configure_web() {
   rm -rf /www/xray_web
   mkdir -p /www/xray_web
@@ -372,6 +389,7 @@ function install_xray() {
   nginx_install
   configure_nginx
   configure_web
+  generate_certificate
   ssl_judge_and_install
   #  xray_qr_config
   basic_information