commit 0784a11c19820e4019b30b3b37e4eaa00fae6b64 Author: openclaw Date: Mon May 18 17:06:42 2026 +0800 init: fork of kejilion/sh with certbot host-network fix - Replace 'docker run -p 80:80' with '--network host' for certbot standalone HTTP-01 to avoid timeout in environments where Docker NAT port-publish breaks LE inbound traffic but host port 80 is reachable. - Applies to kejilion.sh (all locale variants) and auto_cert_renewal.sh. - README install command points to this Gitea mirror. diff --git a/.github/workflows/translate.yml b/.github/workflows/translate.yml new file mode 100644 index 0000000..01c152f --- /dev/null +++ b/.github/workflows/translate.yml @@ -0,0 +1,160 @@ +name: Weekly Translation Workflow + +on: + schedule: + - cron: '0 2 * * 0' + workflow_dispatch: + +permissions: + contents: write + +jobs: + translate: + runs-on: ubuntu-latest + + steps: + - name: Checkout repository + uses: actions/checkout@v4 + with: + fetch-depth: 0 + + - name: Set up Python + uses: actions/setup-python@v4 + with: + python-version: '3.9' + + - name: Install dependencies + run: | + python -m pip install --upgrade pip + pip install deep-translator + + - name: Create translation directories + run: | + mkdir -p en tw kr jp + + - name: Create translation script + run: | + cat > translate.py << 'EOF' + #!/usr/bin/env python3 + # -*- coding: utf-8 -*- + from deep_translator import GoogleTranslator + import re + import os + import sys + + def is_chinese(text): + return bool(re.search(r'[\u4e00-\u9fff]', text)) + + def translate_text(text, target_lang): + if not text.strip() or not is_chinese(text): + return text + try: + # 过滤掉一些不该翻译的特殊符号 + clean_text = text.strip() + result = GoogleTranslator(source='zh-CN', target=target_lang).translate(clean_text) + return result + except Exception as e: + print(f"\n[Error] {e}") + return text + + def process_content_with_vars(content, target_lang): + """ + 核心逻辑:保护 ${var} 和 $var,翻译其中的中文部分 + """ + # 匹配 ${var} 或 $var (字母数字下划线) + parts = re.split(r'(\$\{\w+\}|\$\w+)', content) + translated_parts = [] + for p in parts: + if p.startswith('$'): # 变量部分,保持原样 + translated_parts.append(p) + elif is_chinese(p): # 中文部分,翻译 + translated_parts.append(translate_text(p, target_lang)) + else: # 其他英文/符号,保持原样 + translated_parts.append(p) + return "".join(translated_parts) + + def universal_translator(line, target_lang): + """ + 通用翻译引擎:识别行内所有引号内容并翻译 + """ + # 1. 保护注释行 + leading_space = re.match(r'^(\s*)', line).group(1) + stripped = line.strip() + if stripped.startswith('#'): + comment_content = stripped[1:].strip() + if is_chinese(comment_content): + return f"{leading_space}# {translate_text(comment_content, target_lang)}\n" + return line + + # 2. 识别所有引号内的内容 (双引号或单引号) + # 使用正则匹配引号对,同时处理转义引号 \" + def replacer(match): + quote_type = match.group(1) # ' 或 " + content = match.group(2) # 引号内的文本内容 + if is_chinese(content): + # 翻译内容,但保护里面的变量 + translated = process_content_with_vars(content, target_lang) + return f"{quote_type}{translated}{quote_type}" + return match.group(0) + + # 匹配 "content" 或 'content' + new_line = re.sub(r'([\'"])(.*?)(?> $GITHUB_OUTPUT + + - name: Commit and push changes + if: steps.check_changes.outputs.has_changes == 'true' + run: | + git config --local user.email "action@github.com" + git config --local user.name "GitHub Action" + git commit -m "🌐 Weekly translation update - $(date +'%Y-%m-%d %H:%M:%S')" + git push + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + - name: Create summary + if: always() + run: | + echo "## Translation Summary 📊" >> $GITHUB_STEP_SUMMARY + echo "| Language | Status |" >> $GITHUB_STEP_SUMMARY + echo "|----------|--------|" >> $GITHUB_STEP_SUMMARY + for dir in en tw kr jp; do + [ -f "$dir/kejilion.sh" ] && status="✅ Success" || status="❌ Failed" + echo "| $dir | $status |" >> $GITHUB_STEP_SUMMARY + done diff --git a/CF-Under-Attack.sh b/CF-Under-Attack.sh new file mode 100644 index 0000000..42291e4 --- /dev/null +++ b/CF-Under-Attack.sh @@ -0,0 +1,67 @@ +#!/bin/bash + +# 设置变量 +EMAIL="AAAA" +API_KEY="BBBB" +ZONE_ID="CCCC" +LOAD_THRESHOLD=5.0 # 设置高负载阈值 + +TELEGRAM_BOT_TOKEN="输入TG机器人API" +CHAT_ID="输入TG用户ID" + + +# 获取当前系统负载 +CURRENT_LOAD=$(uptime | awk -F'load average:' '{ print $2 }' | cut -d, -f1 | awk '{print $1}') + +echo "当前系统负载: $CURRENT_LOAD" + + +send_tg_notification() { + local MESSAGE=$1 + curl -s -X POST "https://api.telegram.org/bot$TELEGRAM_BOT_TOKEN/sendMessage" -d "chat_id=$CHAT_ID" -d "text=$MESSAGE" +} + + + +# 获取当前的“Under Attack”模式状态 +STATUS=$(curl -s -X GET "https://api.cloudflare.com/client/v4/zones/$ZONE_ID/settings/security_level" \ + -H "X-Auth-Email: $EMAIL" \ + -H "X-Auth-Key: $API_KEY" \ + -H "Content-Type: application/json" | jq -r '.result.value') + +echo "当前的Under Attack模式状态: $STATUS" + +# 检查系统负载是否高于阈值 +if (( $(echo "$CURRENT_LOAD > $LOAD_THRESHOLD" | bc -l) )); then + if [ "$STATUS" != "under_attack" ]; then + echo "系统负载高于阈值,开启Under Attack模式" + # send_tg_notification "系统负载高于阈值,开启Under Attack模式" + NEW_STATUS="under_attack" + else + echo "系统负载高,但Under Attack模式已经开启" + exit 0 + fi +else + if [ "$STATUS" == "under_attack" ]; then + echo "系统负载低于阈值,关闭Under Attack模式" + # send_tg_notification "系统负载低于阈值,关闭Under Attack模式" + NEW_STATUS="high" + else + echo "系统负载低,Under Attack模式已经关闭" + exit 0 + fi +fi + +# 更新“Under Attack”模式状态 +RESPONSE=$(curl -s -X PATCH "https://api.cloudflare.com/client/v4/zones/$ZONE_ID/settings/security_level" \ + -H "X-Auth-Email: $EMAIL" \ + -H "X-Auth-Key: $API_KEY" \ + -H "Content-Type: application/json" \ + --data "{\"value\":\"$NEW_STATUS\"}") + +if [[ $(echo $RESPONSE | jq -r '.success') == "true" ]]; then + echo "成功更新Under Attack模式状态为: $NEW_STATUS" +else + echo "更新Under Attack模式状态失败" + echo "响应: $RESPONSE" +fi diff --git a/LICENSE b/LICENSE new file mode 100644 index 0000000..261eeb9 --- /dev/null +++ b/LICENSE @@ -0,0 +1,201 @@ + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright [yyyy] [name of copyright owner] + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. diff --git a/Limiting_Shut_down.sh b/Limiting_Shut_down.sh new file mode 100644 index 0000000..3bccd63 --- /dev/null +++ b/Limiting_Shut_down.sh @@ -0,0 +1,33 @@ +#!/bin/bash + +# 获取总的接收和发送流量 +output=$(awk 'BEGIN { rx_total = 0; tx_total = 0 } + $1 ~ /^(eth|ens|enp|eno)[0-9]+/ { rx_total += $2; tx_total += $10 } + END { + printf("%.0f Bytes %.0f Bytes", rx_total, tx_total); + }' /proc/net/dev) + + +# 获取接收和发送的流量数据 +rx=$(echo "$output" | awk '{print $1}') +tx=$(echo "$output" | awk '{print $3}') + +# 显示当前流量使用情况 +echo "当前接收流量: $rx" +echo "当前发送流量: $tx" + +threshold_gb=110 + +# 将GB转换为字节 +threshold=$((threshold_gb * 1024 * 1024 * 1024)) + +# 检查是否达到流量阈值 +if (( $rx > $threshold || $tx > $threshold )); then + echo "流量达到${threshold},正在关闭服务器..." + # 在此处执行关闭服务器的命令,例如: + shutdown -h now + # 或者 + # systemctl poweroff +else + echo "当前流量未达到${threshold},继续监视..." +fi diff --git a/Limiting_Shut_down1.sh b/Limiting_Shut_down1.sh new file mode 100644 index 0000000..d970abd --- /dev/null +++ b/Limiting_Shut_down1.sh @@ -0,0 +1,48 @@ +#!/bin/bash + +# 获取总的接收流量(只统计公网网卡) +rx_output=$(awk 'BEGIN { rx_total = 0 } + $1 ~ /^(eth|ens|enp|eno)[0-9]+/ { rx_total += $2 } + END { + printf("%.0f Bytes", rx_total); + }' /proc/net/dev) + +# 获取总的发送流量(只统计公网网卡) +tx_output=$(awk 'BEGIN { tx_total = 0 } + $1 ~ /^(eth|ens|enp|eno)[0-9]+/ { tx_total += $10 } + END { + printf("%.0f Bytes", tx_total); + }' /proc/net/dev) + +# 获取接收流量数据 +rx=$(echo "$rx_output" | awk '{print $1}') + +# 获取发送流量数据 +tx=$(echo "$tx_output" | awk '{print $1}') + +# 显示当前流量使用情况 +echo "当前接收流量: $rx Bytes" +echo "当前发送流量: $tx Bytes" + +rx_threshold_gb=110 +tx_threshold_gb=120 + +# 将GB转换为字节 +rx_threshold=$((rx_threshold_gb * 1024 * 1024 * 1024)) +tx_threshold=$((tx_threshold_gb * 1024 * 1024 * 1024)) + +# 检查是否达到接收流量阈值 +if (( rx > rx_threshold )); then + echo "接收流量达到${rx_threshold_gb}GB (${rx_threshold} Bytes),正在关闭服务器..." + shutdown -h now +else + echo "当前接收流量未达到${rx_threshold_gb}GB (${rx_threshold} Bytes),继续监视..." +fi + +# 检查是否达到发送流量阈值 +if (( tx > tx_threshold )); then + echo "发送流量达到${tx_threshold_gb}GB (${tx_threshold} Bytes),正在关闭服务器..." + shutdown -h now +else + echo "当前发送流量未达到${tx_threshold_gb}GB (${tx_threshold} Bytes),继续监视..." +fi diff --git a/PandoraNext/config.json b/PandoraNext/config.json new file mode 100644 index 0000000..85a307c --- /dev/null +++ b/PandoraNext/config.json @@ -0,0 +1,32 @@ +{ + "bind": "0.0.0.0:8181", + "tls": { + "enabled": false, + "cert_file": "", + "key_file": "" + }, + "timeout": 600, + "proxy_url": "", + "license_id": "github", + "public_share": false, + "site_password": "", + "setup_password": "webgptpasswd", + "server_tokens": true, + "proxy_api_prefix": "", + "isolated_conv_title": "*", + "disable_signup": false, + "auto_conv_arkose": false, + "proxy_file_service": false, + "custom_doh_host": "", + "captcha": { + "provider": "", + "site_key": "", + "site_secret": "", + "site_login": false, + "setup_login": false, + "oai_username": false, + "oai_password": false, + "oai_signup": false + }, + "whitelist": null +} diff --git a/PandoraNext/tokens.json b/PandoraNext/tokens.json new file mode 100644 index 0000000..8a7428e --- /dev/null +++ b/PandoraNext/tokens.json @@ -0,0 +1,17 @@ +{ + "test-1": { + "token": "access token / session token / refresh token", + "shared": true, + "show_user_info": false + }, + "test-2": { + "token": "access token / session token / refresh token", + "shared": true, + "show_user_info": true, + "plus": true + }, + "test2": { + "token": "access token / session token / refresh token / share token / username & password", + "password": "12345" + } +} diff --git a/README.fa.md b/README.fa.md new file mode 100644 index 0000000..6d03a04 --- /dev/null +++ b/README.fa.md @@ -0,0 +1,10 @@ +## 📜 معرفی (معرفی اسکریپت) + +ابزار اسکریپت KejiLion یک جعبه‌ابزار همه‌کاره برای مدیریت، نظارت و تست سیستم‌های لینوکس است. این ابزار با هدف ارائه راه‌حل‌های ساده و کارآمد برای کاربران مبتدی و حرفه‌ای طراحی شده است. از جمله ویژگی‌های برجسته آن می‌توان به مدیریت پیشرفته Docker، استقرار خودکار LNMP (Linux + Nginx + MySQL + PHP)، بهینه‌سازی امنیتی سایت‌ها، ابزارهای تست شبکه و پشتیبان‌گیری/بازیابی کامل اشاره کرد. همچنین این اسکریپت با پشتیبانی از نصب پنل‌ها و ابزارهای محبوب، نگهداری سیستم را بسیار آسان می‌کند. + +هدف ما تبدیل شدن به بهترین ابزار اسکریپت لینوکس با نصب یک‌کلیکی در سراسر اینترنت است تا پشتیبانی فنی سریع، ساده و حرفه‌ای برای کاربران فراهم شود. + +## 🚀 نصب با یک کلیک (One-Click Installation) FA + +```bash +bash <(curl -sL kejilion.sh) ir diff --git a/README.ja.md b/README.ja.md new file mode 100644 index 0000000..16a0d59 --- /dev/null +++ b/README.ja.md @@ -0,0 +1,65 @@ + +# ワンクリック スクリプト ツール (kejilion.sh) + +## 📜 はじめに +TechLion のシェル スクリプト ツールは、Linux の監視、テスト、管理用に設計されたオールインワンのスクリプト ツールボックスです。初心者でも経験豊富なユーザーでも、このツールは便利なソリューションを提供します。オリジナルの Docker 管理機能を統合しており、コンテナ化されたアプリケーションを簡単に管理できます。 LNMP ウェブサイト構築ソリューションは、ウェブサイトを迅速に構築するのに役立ち、サイトの最適化、防御、バックアップ、復元、移行などの機能が完全に装備されています。また、さまざまなシステム ツール パネルのインストールと使用を統合し、システムのメンテナンスを容易にします。私たちの目標は、ネットワーク全体で最高の Linux ワンクリック スクリプト ツールとなり、ユーザーに効率的で便利な技術サポートを提供することです。 + +*** + +## 🌐 サポートされているシステム +>Ubuntu +>Debian +>CentOS +>Alpine +>Kali +>Arch +>RedHat +>Fedora +>Alma +>Rocky +*** + +## 🚀 ワンクリックインストール +```bash +bash <(curl -sL kejilion.sh) jp +``` + +*** +## 🖼️ 実際のスクリーンショット + +日本語版プレビュー + + +*** + +## 📦 コア機能 + +- **システム情報概要**: CPU、メモリ、ディスク、帯域幅などの動作状態をすばやく表示します。 + +- **ネットワーク テスト ツール**: 統合速度テスト、バックホール、遅延、パケット損失検出など。 + +- **Docker コンテナ管理**: 独自のコンテナ可視化 + 強化されたコンテナ制御コマンド + +- **LNMPワンクリックデプロイメント**: Nginx + MySQL + PHPサイトを簡単に構築 + +- **ウェブサイトの防御と最適化**:CC対策、クローラー対策、ファイアウォールの自動構成、パフォーマンスの最適化 + +- **バックアップと移行**: サイトとデータベースのワンクリックバックアップ/復元/リモート移行 + +- **BBRアクセラレーション最適化**:カーネルアクセラレーション、ネットワーク輻輳制御インテリジェントスイッチング + +- **アプリケーションマーケット統合**: 主流のツールとパネルが組み込まれており、一般的なサービスのワンクリックインストールをサポートします。 + +- **自動更新メカニズム**: スクリプトのバージョンを定期的にチェックして、最新かつ安定した状態を維持します + +*** + +## 💖 私たちをサポートしてください +脚本は大丈夫だと思います。 USTD TRC20報酬 + +TCP3PLGUTG9Z4z4tnHHSLbw5bgp8NXhTT3 + +*** + +## スターの歴史 +[![星の歴史チャート](https://api.star-history.com/svg?repos=kejilion/sh&type=Date)](https://star-history.com/#kejilion/sh&Date) diff --git a/README.kr.md b/README.kr.md new file mode 100644 index 0000000..38ff36c --- /dev/null +++ b/README.kr.md @@ -0,0 +1,68 @@ + +# 원클릭 스크립트 도구(kejilion.sh) + +## 📜 소개 +TechLion의 Shell Script Tool은 Linux 모니터링, 테스트, 관리를 위해 설계된 올인원 스크립팅 툴박스입니다. 초보자든 숙련된 사용자든, 이 도구는 편리한 솔루션을 제공할 수 있습니다. 원래의 Docker 관리 기능을 통합하여 컨테이너화된 애플리케이션을 쉽게 관리할 수 있습니다. LNMP 웹사이트 구축 솔루션은 웹사이트를 빠르게 구축하는 데 도움이 되며, 사이트 최적화, 방어, 백업, 복구 및 마이그레이션 기능을 완벽하게 갖추고 있습니다. 다양한 시스템 도구 패널의 설치와 사용을 통합하여 시스템 유지관리를 더욱 쉽게 만들어줍니다. 저희의 목표는 전체 네트워크 상에서 최고의 Linux 원클릭 스크립팅 도구가 되어 사용자에게 효율적이고 편리한 기술 지원을 제공하는 것입니다. + +*** + +## 🌐 지원 시스템 +>Ubuntu +>Debian +>CentOS +>Alpine +>Kali +>Arch +>RedHat +>Fedora +>Alma +>Rocky +*** + + +## 🚀 원클릭 설치 +```bash +bash <(curl -sL kejilion.sh) kr +``` +*** + +## 🖼️ 실제 화면 미리보기 (Preview) + +한국어 버전 미리보기 + + + + + +*** +## 📦 핵심 기능 + +- **시스템 정보 개요**: CPU, 메모리, 디스크, 대역폭 등의 작동 상태를 빠르게 표시합니다. + +- **네트워크 테스트 도구**: 통합 속도 테스트, 백홀, 지연, 패킷 손실 감지 등 + +- **Docker 컨테이너 관리**: 독점적인 컨테이너 시각화 + 향상된 컨테이너 제어 명령 + +- **LNMP 원클릭 배포**: Nginx + MySQL + PHP 사이트를 쉽게 구축 + +- **웹사이트 방어 및 최적화**: CC 차단, 크롤러 차단, 방화벽 자동 구성 및 성능 최적화 + +- **백업 및 마이그레이션**: 사이트 및 데이터베이스의 원클릭 백업/복원/원격 마이그레이션 + +- **BBR 가속 최적화**: 커널 가속, 네트워크 혼잡 제어 지능형 스위칭 + +- **애플리케이션 마켓 통합**: 기본 제공 도구 및 패널, 공통 서비스의 원클릭 설치 지원 + +- **자동 업데이트 메커니즘**: 스크립트 버전을 정기적으로 확인하여 최신 상태로 유지하고 안정성을 유지합니다. + +*** + +## 💖 저희를 지원해주세요 +대본은 괜찮은 것 같아요. USTD TRC20 보상 + +TCP3PLGUTG9Z4z4tnHHSLbw5bgp8NXhTT3 + +*** + +## 스타 역사 +[![별 역사 차트](https://api.star-history.com/svg?repos=kejilion/sh&type=Date)](https://star-history.com/#kejilion/sh&Date) diff --git a/README.md b/README.md new file mode 100644 index 0000000..5798c85 --- /dev/null +++ b/README.md @@ -0,0 +1,154 @@ +


+
+ logo +
+ +
+

KEJILION.SH - 科技lion一键脚本工具

+
+ + +

+ + 简体中文 + + + 繁體中文 + + + English + + + 한국어 + + + 日本語 + + + Русский + + + فارسی + +

+ + + +


+ + +## 📜 介绍 (Introduction) +科技Lion 的 Shell 脚本工具是一款全能脚本工具箱,专为 Linux 监控、测试和管理而设计。无论您是初学者还是经验丰富的用户,该工具都能为您提供便捷的解决方案。集成了独创的 Docker 管理功能,让您轻松管理容器化应用;LNMP建站解决方案能帮助您快速搭建网站,站点优化、防御、备份还原迁移一应俱全;并且整合了各类系统工具面板的安装及使用,使系统维护变得更加简单。我们的目标是成为全网最优秀的 Linux 一键脚本工具,为用户提供高效、便捷的科技支持。 + +KejiLion's Shell script tool is an all-in-one script toolbox designed for Linux monitoring, testing, and management. Whether you are a beginner or an experienced user, this tool offers convenient solutions. It integrates unique Docker management features, enabling easy containerized application management. The LNMP site-building solution helps you quickly set up websites, covering optimization, defense, backup, restoration, and migration. It also includes the installation and use of various system tool panels, making system maintenance simpler. Our goal is to become the best Linux one-click script tool on the internet, providing users with efficient and convenient tech support. + +

+ + +## 🌐 支持系统 (Supported Systems) + +

+ + Ubuntu + + + Debian + + + CentOS + + + alpinelinux + + + Kali + + + Arch + + + RedHat + + + Fedora + + + almalinux + + + Rocky + +

+ + + +

+ +> **🔱 Fork 说明**:本仓库 fork 自 [kejilion/sh](https://github.com/kejilion/sh),主要修复 certbot standalone 在部分服务器上因 Docker NAT 端口映射 (`-p 80:80`) 导致 Let's Encrypt HTTP-01 验证超时的问题,改用 `--network host` 直接占用宿主机 80 端口完成验证。其余逻辑与上游保持一致。 + +## 🚀 一键安装 (One-Click Installation) CN +```bash +bash <(curl -sL https://gitea.mygoband.com/openclaw/sh/raw/branch/main/kejilion.sh) +``` + +## 🚀 一键安装 (One-Click Installation) EN +```bash +bash <(curl -sL https://gitea.mygoband.com/openclaw/sh/raw/branch/main/kejilion.sh) en +``` + +

+ +## 🖼️ 效果图预览 (Preview) +

+ 中文版 + English Version +

+ + + + + +

+## 📦 核心功能 (Core Features) + +- **系统信息概览**:快速展示 CPU、内存、磁盘、带宽等运行状态 + *System status overview: CPU, memory, disk, bandwidth and more*
+ +- **网络测试工具**:集成测速、回程、延迟、丢包检测等 + *Network tools: speed test, route trace, latency, packet loss test*
+ +- **Docker 容器管理**:独家容器可视化 + 容器控制增强命令 + *Advanced Docker management with enhanced commands and visualization*
+ +- **LNMP 一键部署**:轻松搭建 Nginx + MySQL + PHP 站点 + *One-click LNMP stack deployment (Nginx, MySQL, PHP)*
+ +- **网站防御与优化**:防CC、防爬虫,自动配置防火墙与性能优化 + *Site defense and optimization: anti-CC, anti-crawler, firewall and tuning*
+ +- **备份与迁移**:站点与数据库一键备份/恢复/远程迁移 + *Backup & migration: one-click site/database backup and remote restore*
+ +- **BBR 加速优化**:内核加速、网络拥塞控制智能切换 + *Network acceleration: BBR/tcp congestion control optimization*
+ +- **应用市场集成**:内置主流工具与面板,支持一键安装常用服务 + *App Store integration: built-in panels and tools for one-click deployment*
+ +- **自动更新机制**:定时检测脚本版本,保持最新最稳定 + *Auto-update engine: ensure you're always running the latest version*
+ + +

+ +## 💖 支持我们 (Support Us) +觉得脚本还可以 USTD TRC20 打赏 + +Feel free to support us with USTD TRC20 donations. + +TCP3PLGUTG9Z4z4tnHHSLbw5bgp8NXhTT3 + +

+ +## ⭐ Star History +[![Star History Chart](https://api.star-history.com/svg?repos=kejilion/sh&type=Date)](https://star-history.com/#kejilion/sh&Date) diff --git a/README.ru.md b/README.ru.md new file mode 100644 index 0000000..28f14d5 --- /dev/null +++ b/README.ru.md @@ -0,0 +1,127 @@ +


+
+логотип +
+ +
+

KEJILION.SH - инструмент для создания скриптов Technology Lion с одним ключом

+
+ + + +

+ + 简体中文 + + + 繁體中文 + + + English + + + 한국어 + + + 日本語 + + + Русский + + + فارسی + +

+ + + + +


+ + +## 📜 Введение) +Shell Script Tool от TechLion — это комплексный набор инструментов для написания скриптов, предназначенный для мониторинга, тестирования и управления Linux. Независимо от того, являетесь ли вы новичком или опытным пользователем, этот инструмент может предоставить вам удобное решение. Он интегрирует оригинальную функцию управления Docker, позволяя вам легко управлять контейнеризированными приложениями; Решение для создания веб-сайтов LNMP поможет вам быстро создать веб-сайт, оно полностью оснащено функциями оптимизации, защиты, резервного копирования, восстановления и миграции сайта; и интегрирует установку и использование различных панелей системных инструментов для упрощения обслуживания системы. Наша цель — стать лучшим инструментом для создания скриптов Linux в один клик во всей сети и предоставить пользователям эффективную и удобную технологическую поддержку. + +

+ +## 🌐 Система поддержки + +

+ +Ubuntu + + +Debian + + +CentOS + + +alpinelinux + + +Kali + + +Arch + + +RedHat + + +Fedora + + +almalinux + + +Rocky + + + + + +

+ +## 🚀 Установка в один клик +```bash +bash <(curl -sL kejilion.sh) ru +``` +

+ +## 🖼️ Предпросмотр интерфейса +Предпросмотр русской версии + + + +

+## 📦 Основные характеристики + +- **Обзор информации о системе**: быстрое отображение рабочего состояния ЦП, памяти, диска, пропускной способности и т. д. + +- **Инструменты тестирования сети**: интегрированный тест скорости, транзитная связь, задержка, обнаружение потери пакетов и т. д. + +- **Управление контейнерами Docker**: эксклюзивная визуализация контейнеров + улучшенные команды управления контейнерами + +- **Развертывание LNMP в один клик**: простая сборка сайта Nginx + MySQL + PHP + +- **Защита и оптимизация веб-сайта**: защита от CC, защита от сканеров, автоматическая настройка брандмауэра и оптимизация производительности + +- **Резервное копирование и миграция**: резервное копирование/восстановление/удаленная миграция сайтов и баз данных в один клик + +- **Оптимизация ускорения BBR**: ускорение ядра, интеллектуальное переключение управления перегрузками сети + +- **Интеграция с рынком приложений**: встроенные основные инструменты и панели, поддержка установки распространенных служб одним щелчком мыши + +- **Механизм автоматического обновления**: регулярное определение версий скриптов для поддержания последних и наиболее стабильных версий + +

+ +## 💖 Поддержите нас +Я думаю, что сценарий хорош. Награда USTD TRC20 +TCP3PLGUTG9Z4z4tnHHSLbw5bgp8NXhTT3 + +

+ +## ⭐ Звездные тренды +[![Таблица истории звезд](https://api.star-history.com/svg?repos=kejilion/sh&type=Date)](https://star-history.com/#kejilion/sh&Date) diff --git a/README.tw.md b/README.tw.md new file mode 100644 index 0000000..3f5eaad --- /dev/null +++ b/README.tw.md @@ -0,0 +1,67 @@ +# 一鍵腳本工具 (kejilion.sh) + +## 📜 介紹 (Introduction) +科技Lion 的 Shell 腳本工具是一款全能腳本工具箱,專為 Linux 監控、測試和管理而設計。無論您是初學者還是經驗豐富的用戶,該工具都能為您提供便利的解決方案。整合了獨創的 Docker 管理功能,讓您輕鬆管理容器化應用;LNMP建站解決方案可協助您快速建置網站,網站最佳化、防禦、備份還原遷移一應俱全;並且整合了各類系統工具面板的安裝及使用,使系統維護變得更加簡單。我們的目標是成為全網最優秀的 Linux 一鍵腳本工具,提供使用者高效、便利的科技支援。 + +*** + +## 🌐 支援系統 +>Ubuntu +>Debian +>CentOS +>Alpine +>Kali +>Arch +>RedHat +>Fedora +>Alma +>Rocky +*** + +## 🚀 一鍵安裝 +```bash +bash <(curl -sL kejilion.sh) tw +``` + +*** + +## 🖼️ 실제 화면 미리보기 (Preview) + +한국어 버전 미리보기 + + + + + +*** +## 📦 核心功能 + +- **系統資訊概覽**:快速展示 CPU、記憶體、磁碟、頻寬等運作狀態 + +- **網路測試工具**:整合測速、回程、延遲、丟包偵測等 + +- **Docker 容器管理**:獨家容器視覺化 + 容器控制增強指令 + +- **LNMP 一鍵部署**:輕鬆建立 Nginx + MySQL + PHP 站點 + +- **網站防禦與最佳化**:防CC、防爬蟲,自動設定防火牆與效能最佳化 + +- **備份與遷移**:網站與資料庫一鍵備份/還原/遠端遷移 + +- **BBR 加速優化**:核心加速、網路擁塞控制智慧切換 + +- **應用市場整合**:內建主流工具與面板,支援一鍵安裝常用服務 + +- **自動更新機制**:定時偵測腳本版本,保持最新最穩定 + +*** + +## 💖 支持我們 +覺得腳本還可以 USTD TRC20 打賞 + +TCP3PLGUTG9Z4z4tnHHSLbw5bgp8NXhTT3 + +*** + +## Star History +[![Star History Chart](https://api.star-history.com/svg?repos=kejilion/sh&type=Date)](https://star-history.com/#kejilion/sh&Date) diff --git a/TG-SSH-check-notify.sh b/TG-SSH-check-notify.sh new file mode 100644 index 0000000..bf9030b --- /dev/null +++ b/TG-SSH-check-notify.sh @@ -0,0 +1,29 @@ +#!/bin/bash + + + + +# 获取登录信息 +country=$(curl -s ipinfo.io/$public_ip/country) +isp_info=$(curl -s ipinfo.io/org | sed -e 's/\"//g' | awk -F' ' '{print $2}') + +ipv4_address=$(curl -s ipv4.ip.sb) +masked_ip=$(echo $ipv4_address | awk -F'.' '{print "*."$3"."$4}') + + +IP=$(echo $SSH_CONNECTION | awk '{print $1}') +TIME=$(date +"%Y年%m月%d日 %H:%M:%S") +# 查询IP地址对应的地区信息 +#LOCATION=$(curl -s https://ipapi.co/$IP/json/ | jq -r '.city') + LOCATION=$(curl -s "http://opendata.baidu.com/api.php?query=$IP&co=&resource_id=6006&oe=utf8&format=json" | jq -r '.data[0].location') +# 获取当前用户名 + USERNAME=$(whoami) +# 发送Telegram消息 +MESSAGE="ℹ️ 登录信息: +登录机器:${isp_info}-${country}-${masked_ip} +登录名:$USERNAME +登录IP:$IP +登录时间:$TIME +登录地区:$LOCATION" + +curl -s -X POST "https://api.telegram.org/bot$TELEGRAM_BOT_TOKEN/sendMessage" -d "chat_id=$CHAT_ID&text=$MESSAGE" > /dev/null 2>&1 \ No newline at end of file diff --git a/TG-check-notify.sh b/TG-check-notify.sh new file mode 100644 index 0000000..4c11df0 --- /dev/null +++ b/TG-check-notify.sh @@ -0,0 +1,102 @@ +#!/bin/bash + +# 你需要配置Telegram Bot Token和Chat ID +TELEGRAM_BOT_TOKEN="输入TG的机器人API" +CHAT_ID="输入TG的接收通知的账号ID" + + +# 你可以修改监控阈值设置 +CPU_THRESHOLD=70 +MEMORY_THRESHOLD=70 +DISK_THRESHOLD=70 +NETWORK_THRESHOLD_GB=1000 + + + +# 获取设备信息的变量 +country=$(curl -s ipinfo.io/$public_ip/country) +isp_info=$(curl -s ipinfo.io/org | sed -e 's/\"//g' | awk -F' ' '{print $2}') + +ipv4_address=$(curl -s ipv4.ip.sb) +masked_ip=$(echo $ipv4_address | awk -F'.' '{print "*."$3"."$4}') + +# 发送Telegram通知的函数 +send_tg_notification() { + local MESSAGE=$1 + curl -s -X POST "https://api.telegram.org/bot$TELEGRAM_BOT_TOKEN/sendMessage" -d "chat_id=$CHAT_ID" -d "text=$MESSAGE" +} + + +# 获取CPU使用率 +get_cpu_usage() { + awk '{u=$2+$4; t=$2+$4+$5; if (NR==1){u1=u; t1=t;} else printf "%.0f\n", (($2+$4-u1) * 100 / (t-t1))}' \ + <(grep 'cpu ' /proc/stat) <(sleep 1; grep 'cpu ' /proc/stat) +} + +# 获取内存使用率 +get_memory_usage() { + free | awk '/Mem/ {printf("%.0f"), $3/$2 * 100}' +} + +# 获取硬盘使用率 +get_disk_usage() { + df / | awk 'NR==2 {print $5}' | sed 's/%//' +} + +# 获取总的接收流量(以 GB 为单位) +get_rx_bytes() { + awk 'BEGIN { rx_total = 0 } + # 匹配常见的公网网卡命名: eth*, ens*, enp*, eno* + $1 ~ /^(eth|ens|enp|eno)[0-9]+/ { rx_total += $2 } + END { + printf("%.2f", rx_total / (1024 * 1024 * 1024)); + }' /proc/net/dev +} + +# 获取总的发送流量(以 GB 为单位) +get_tx_bytes() { + awk 'BEGIN { tx_total = 0 } + # 匹配常见的公网网卡命名: eth*, ens*, enp*, eno* + $1 ~ /^(eth|ens|enp|eno)[0-9]+/ { tx_total += $10 } + END { + printf("%.2f", tx_total / (1024 * 1024 * 1024)); + }' /proc/net/dev +} + +# 检查并发送通知 +check_and_notify() { + local USAGE=$1 + local TYPE=$2 + local THRESHOLD=$3 + local CURRENT_VALUE=$4 + + if (( $(echo "$USAGE > $THRESHOLD" | bc -l) )); then + send_tg_notification "警告: ${isp_info}-${country}-${masked_ip} 的 $TYPE 使用率已达到 $USAGE%,超过阈值 $THRESHOLD%。" + fi +} + +# 主循环 +while true; do + CPU_USAGE=$(get_cpu_usage) + MEMORY_USAGE=$(get_memory_usage) + DISK_USAGE=$(get_disk_usage) + RX_GB=$(get_rx_bytes) + TX_GB=$(get_tx_bytes) + + check_and_notify $CPU_USAGE "CPU" $CPU_THRESHOLD $CPU_USAGE + check_and_notify $MEMORY_USAGE "内存" $MEMORY_THRESHOLD $MEMORY_USAGE + check_and_notify $DISK_USAGE "硬盘" $DISK_THRESHOLD $DISK_USAGE + + # 检查入站流量是否超过阈值 + if (( $(echo "$RX_GB > $NETWORK_THRESHOLD_GB" | bc -l) )); then + send_tg_notification "警告: ${isp_info}-${country}-${masked_ip} 的入站流量已达到 ${RX_GB}GB,超过阈值 ${NETWORK_THRESHOLD_GB}GB。" + fi + + # 检查出站流量是否超过阈值 + if (( $(echo "$TX_GB > $NETWORK_THRESHOLD_GB" | bc -l) )); then + send_tg_notification "警告: ${isp_info}-${country}-${masked_ip} 的出站流量已达到 ${TX_GB}GB,超过阈值 ${NETWORK_THRESHOLD_GB}GB。" + fi + + # 休眠5分钟 + sleep 300 +done diff --git a/apps/README.md b/apps/README.md new file mode 100644 index 0000000..e238e51 --- /dev/null +++ b/apps/README.md @@ -0,0 +1,4 @@ +# 🚀 开发者应用入驻指南 (kejilion.sh) + +https://github.com/kejilion/apps + diff --git a/archive.key b/archive.key new file mode 100644 index 0000000..69a288c --- /dev/null +++ b/archive.key @@ -0,0 +1,30 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- +Version: GnuPG v2 + +mQENBFhxW04BCAC61HuxBVf1XJiQjXu/DSAtVcnuK38geDoDjcqFtHskFy32NgJG +X118EFNym6noF+oibaSftI9yjHthWvMnYZ/+DPwd7YZhbAjBvxMIQCsP6cFVxrgc +VV8g+uh4TCfbpalDBFoncRhQCgkmDN9Vd4kIWRh6BHJuzpKB/h2KxUHZVEKgWlK2 +dR1xUtbrc+kp8gLwPbxTgC3tZ4x2uMMMlnbyCMSRa5oJ/AvoW4W1XphKL9ivsFHM +PSQkUBDvgv2RPw+0XBxPy8SYE0r0onx0ZIpjJRTODt3bSV6/0owwlpNogV9bT8HY +kl3+w3mTwax6S1akHZuJtLkZS0uUBz1BHt5bABEBAAG0IVhhbk1vZCBLZXJuZWwg +PGtlcm5lbEB4YW5tb2Qub3JnPokBNwQTAQgAIQUCWHFbTgIbAwULCQgHAgYVCAkK +CwIEFgIDAQIeAQIXgAAKCRCG99Ce5zTmIwTmB/9/S4rmwU6efDgEaBDwBDbOfLBA +P2+kDpabjG4K+V4NSvDqlPN49KrI7C21jHghAa2VuTPbSZVQ9ziUd5DjX9OuXov8 +CYVG+rrlG1UadHS8SBpgw0gNylEvo9/U6u0hl8mrbVOlpzu+eE+e4cMTHax2y580 +fC2xmnM8wKgyRFEyVc6ilWU+UNTAeUFlg0YfU3cV1Ut4DzVFfamtNYg0p7Q/9MSy +VgFpt5C2U5prk4wi++51OgrtaNhMrUhzYXLINWVF6IrXhQ+mkI/FWXUZ0oyVo55v ++dQzuds/gos90q+tKyE514pYAmwQSftSjf+RmHOMpPQyMZZKSywrz4vlfveDuQEN +BFhxW04BCACs5bXq73MDb2+AsvNL2XkkbnzmE4K3k0gejB9OxrO+puAZn3wWyYIk +b0Op8qVUh+/FIiW/uFfmdFD8BypC3YkCNfg6e74f5TT3qQciccpMGy62teo3jfhT +T8E1OL1i76ALq7eNbByJKiKLBrTUDM6BDIeRZBWXQMase4+aqUAP47Kd/ByPsmCh +/pzb6yPdDPKwkspELssdPXYI7enddjQsCPoBko0j8CTPgKqMTeCuKMXCtD2gtRBN +eoVj4cbjZoZvBh8oJktzbYA8FX8eKdxIXhSP9MoVOPSWhxIQdwzkzUPK+0vUV8jA +NBTnGOkrRJPOHGPJWFWnTUGrzvcwi7czABEBAAGJAR8EGAEIAAkFAlhxW04CGwwA +CgkQhvfQnuc05iMIswgAmzSpCHFGKdkFLdC673FidJcL8adKFTO5Mpyholc5N8vG +ROJbpso+DpssF14NKoBfBWqPRgHxYzHakxHiNf0R2+EEwXH3rblzpx3PXzB0OgNe +T9T0UStrGgc9nZ8nZVURHZZ2z5zakEWS+rB2TiSxz3YArR3wiTHQW49G09uZvfp6 +5Mim2w+eUxbQ689eT0DlDI1d2eDP/j5lrv1elsg3kBE2Awzdvi8DdGUpMFrSsYJw +WS85uZrwbeAs/nPO62wNIvAbbRsWnDg3AV3vc02eRvy52tTBY1W/67N02M4AxgPd +ukDDFZMifwa03yTHD/a57O4dFOnzsEVojBnbzQ7W7w== +=HKlF +-----END PGP PUBLIC KEY BLOCK----- diff --git a/auto_cert_renewal-1.sh b/auto_cert_renewal-1.sh new file mode 100644 index 0000000..bf1a90c --- /dev/null +++ b/auto_cert_renewal-1.sh @@ -0,0 +1,66 @@ +# 定义证书存储目录 +certs_directory="/etc/letsencrypt/live/" + +days_before_expiry=5 # 设置在证书到期前几天触发续签 + +# 遍历所有证书文件 +for cert_dir in $certs_directory*; do + # 获取域名 + domain=$(basename "$cert_dir") + + # 忽略 README 目录 + if [ "$domain" = "README" ]; then + continue + fi + + # 输出正在检查的证书信息 + echo "检查证书过期日期: ${domain}" + + # 获取fullchain.pem文件路径 + cert_file="${cert_dir}/fullchain.pem" + + # 获取证书过期日期 + expiration_date=$(openssl x509 -enddate -noout -in "${cert_file}" | cut -d "=" -f 2-) + + # 输出证书过期日期 + echo "过期日期: ${expiration_date}" + + # 将日期转换为时间戳 + expiration_timestamp=$(date -d "${expiration_date}" +%s) + current_timestamp=$(date +%s) + + # 计算距离过期还有几天 + days_until_expiry=$(( ($expiration_timestamp - $current_timestamp) / 86400 )) + + # 检查是否需要续签(在满足续签条件的情况下) + if [ $days_until_expiry -le $days_before_expiry ]; then + echo "证书将在${days_before_expiry}天内过期,正在进行自动续签。" + + # 停止 Nginx + docker stop nginx + + iptables -P INPUT ACCEPT + iptables -P FORWARD ACCEPT + iptables -P OUTPUT ACCEPT + iptables -F + + ip6tables -P INPUT ACCEPT + ip6tables -P FORWARD ACCEPT + ip6tables -P OUTPUT ACCEPT + ip6tables -F + + # 续签证书 + certbot certonly --standalone -d $domain --email your@email.com --agree-tos --no-eff-email --force-renewal + + # 启动 Nginx + docker start nginx + + echo "证书已成功续签。" + else + # 若未满足续签条件,则输出证书仍然有效 + echo "证书仍然有效,距离过期还有 ${days_until_expiry} 天。" + fi + + # 输出分隔线 + echo "--------------------------" +done diff --git a/auto_cert_renewal.sh b/auto_cert_renewal.sh new file mode 100644 index 0000000..fe638a2 --- /dev/null +++ b/auto_cert_renewal.sh @@ -0,0 +1,93 @@ +# 定义证书存储目录 +certs_directory="/home/web/certs/" +days_before_expiry=15 # 设置在证书到期前几天触发续签 + +# 遍历所有证书文件 +for cert_file in $certs_directory*_cert.pem; do + # 获取域名 + yuming=$(basename "$cert_file" "_cert.pem") + + # 输出正在检查的证书信息 + echo "检查证书过期日期: ${yuming}" + + # 获取证书过期日期 + expiration_date=$(openssl x509 -enddate -noout -in "${certs_directory}${yuming}_cert.pem" | cut -d "=" -f 2-) + + # 输出证书过期日期 + echo "过期日期: ${expiration_date}" + + # 将日期转换为时间戳 + expiration_timestamp=$(date -d "${expiration_date}" +%s) + current_timestamp=$(date +%s) + + # 计算距离过期还有几天 + days_until_expiry=$(( ($expiration_timestamp - $current_timestamp) / 86400 )) + + if [ $days_until_expiry -le $days_before_expiry ]; then + + echo "证书将在${days_before_expiry}天内过期,正在进行自动续签。" + + # 1. 检查目录是否存在 + docker exec nginx [ -d /var/www/letsencrypt ] && DIR_OK=true || DIR_OK=false + + # 2. 检查配置文件是否包含关键字 + # 假设你的配置文件在容器内的 /etc/nginx/conf.d/ 目录下(这是 Nginx 容器的默认路径) + docker exec nginx grep -q "letsencrypt" /etc/nginx/conf.d/$yuming.conf && CONF_OK=true || CONF_OK=false + + # 输出结果 + echo "--- 自动化环境检测报告 ---" + if [ "$DIR_OK" = true ]; then echo "✅ 目录检测:/var/www/letsencrypt 存在"; else echo "❌ 目录检测:/var/www/letsencrypt 不存在"; fi + if [ "$CONF_OK" = true ]; then echo "✅ 配置检测:$yuming.conf 已包含续签规则"; else echo "❌ 配置检测:$yuming.conf 未发现 letsencrypt 字样"; fi + + if [ "$DIR_OK" = true ] && [ "$CONF_OK" = true ]; then + docker run --rm -v /etc/letsencrypt/:/etc/letsencrypt certbot/certbot delete --cert-name "$yuming" -n + + docker run --rm \ + -v "/etc/letsencrypt:/etc/letsencrypt" \ + -v "/home/web/letsencrypt:/var/www/letsencrypt" \ + certbot/certbot certonly \ + --webroot \ + -w /var/www/letsencrypt \ + -d "$yuming" \ + --email your@email.com \ + --agree-tos \ + --no-eff-email \ + --key-type ecdsa \ + --force-renewal + + mkdir -p /home/web/certs/ + cp /etc/letsencrypt/live/$yuming/fullchain.pem /home/web/certs/${yuming}_cert.pem > /dev/null 2>&1 + cp /etc/letsencrypt/live/$yuming/privkey.pem /home/web/certs/${yuming}_key.pem > /dev/null 2>&1 + + openssl rand -out /home/web/certs/ticket12.key 48 + openssl rand -out /home/web/certs/ticket13.key 80 + + docker exec nginx nginx -t && docker exec nginx nginx -s reload + + else + docker run --rm -v /etc/letsencrypt/:/etc/letsencrypt certbot/certbot delete --cert-name "$yuming" -n + + docker stop nginx > /dev/null 2>&1 + + docker run --rm --network host -v /etc/letsencrypt/:/etc/letsencrypt certbot/certbot certonly --standalone --http-01-address 0.0.0.0 --http-01-port 80 -d $yuming --email your@email.com --agree-tos --no-eff-email --force-renewal --key-type ecdsa + + mkdir -p /home/web/certs/ + cp /etc/letsencrypt/live/$yuming/fullchain.pem /home/web/certs/${yuming}_cert.pem > /dev/null 2>&1 + cp /etc/letsencrypt/live/$yuming/privkey.pem /home/web/certs/${yuming}_key.pem > /dev/null 2>&1 + + openssl rand -out /home/web/certs/ticket12.key 48 + openssl rand -out /home/web/certs/ticket13.key 80 + + docker start nginx > /dev/null 2>&1 + + fi + + echo "证书已成功续签。" + else + # 若未满足续签条件,则输出证书仍然有效 + echo "证书仍然有效,距离过期还有 ${days_until_expiry} 天。" + fi + + # 输出分隔线 + echo "--------------------------" +done diff --git a/beifen.sh b/beifen.sh new file mode 100644 index 0000000..d54de85 --- /dev/null +++ b/beifen.sh @@ -0,0 +1,10 @@ +#!/bin/bash + +# Create a tar archive of the web directory +cd /home/ && tar czvf web_$(date +"%Y%m%d%H%M%S").tar.gz web + +# Transfer the tar archive to another VPS +cd /home/ && ls -t /home/*.tar.gz | head -1 | xargs -I {} sshpass -p 123456 scp -o StrictHostKeyChecking=no -P 22 {} root@0.0.0.0:/home/ + +# Keep only 5 tar archives and delete the rest +cd /home/ && ls -t /home/*.tar.gz | tail -n +4 | xargs -I {} rm {} diff --git a/check_x86-64_psabi.sh b/check_x86-64_psabi.sh new file mode 100644 index 0000000..cf3a572 --- /dev/null +++ b/check_x86-64_psabi.sh @@ -0,0 +1,11 @@ +#!/usr/bin/awk -f + +BEGIN { + while (!/flags/) if (getline < "/proc/cpuinfo" != 1) exit 1 + if (/lm/&&/cmov/&&/cx8/&&/fpu/&&/fxsr/&&/mmx/&&/syscall/&&/sse2/) level = 1 + if (level == 1 && /cx16/&&/lahf/&&/popcnt/&&/sse4_1/&&/sse4_2/&&/ssse3/) level = 2 + if (level == 2 && /avx/&&/avx2/&&/bmi1/&&/bmi2/&&/f16c/&&/fma/&&/abm/&&/movbe/&&/xsave/) level = 3 + if (level == 3 && /avx512f/&&/avx512bw/&&/avx512cd/&&/avx512dq/&&/avx512vl/) level = 3 + if (level > 0) { print "CPU supports x86-64-v" level; exit level + 1 } + exit 1 +} diff --git a/cloudflare.conf b/cloudflare.conf new file mode 100644 index 0000000..633bb83 --- /dev/null +++ b/cloudflare.conf @@ -0,0 +1,88 @@ +# +# Author: Mike Rushton +# +# IMPORTANT +# +# Please set jail.local's permission to 640 because it contains your CF API key. +# +# This action depends on curl (and optionally jq). +# Referenced from http://www.normyee.net/blog/2012/02/02/adding-cloudflare-support-to-fail2ban by NORM YEE +# +# To get your CloudFlare API Key: https://www.cloudflare.com/a/account/my-account +# +# CloudFlare API error codes: https://www.cloudflare.com/docs/host-api.html#s4.2 + +[Definition] + +# Option: actionstart +# Notes.: command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false). +# Values: CMD +# +actionstart = + +# Option: actionstop +# Notes.: command executed at the stop of jail (or at the end of Fail2Ban) +# Values: CMD +# +actionstop = + +# Option: actioncheck +# Notes.: command executed once before each actionban command +# Values: CMD +# +actioncheck = + +# Option: actionban +# Notes.: command executed when banning an IP. Take care that the +# command is executed with Fail2Ban user rights. +# Tags: IP address +# number of failures +#