fix: cert bugs

hiddify · Jul 28, 2024 · 5f7ced8 · 5f7ced8
1 parent 740294a
commit 5f7ced8
Show file tree

Hide file tree

Showing 26 changed files with 35 additions and 35 deletions.
diff --git a/acme.sh/cert_utils.sh b/acme.sh/cert_utils.sh
@@ -19,7 +19,7 @@ function get_cert() {
     # ./lib/acme.sh --register-account -m [email protected]
 
     DOMAIN=$1
-    ssl_cert_path=../ssl
+    ssl_cert_path=/opt/hiddify-manager/ssl
     rm -f $ssl_cert_path/$DOMAIN.key
 
     if [ ${#DOMAIN} -le 64 ]; then
@@ -76,7 +76,7 @@ function get_cert() {
 }
 
 function has_valid_cert() {
-    certificate="../ssl/$1.crt"
+    certificate="/opt/hiddify-manager/ssl/$1.crt"
 }
 
 function get_self_signed_cert() {
@@ -86,34 +86,34 @@ function get_self_signed_cert() {
         echo "Domain length exceeds 64 characters. Truncating to the first 64 characters."
         d="${d:0:64}"
     fi
-    mkdir -p ../ssl
-    local certificate="../ssl/$d.crt"
-    local private_key="../ssl/$d.crt.key"
+    mkdir -p /opt/hiddify-manager/ssl
+    local certificate="/opt/hiddify-manager/ssl/$d.crt"
+    local private_key="/opt/hiddify-manager/ssl/$d.crt.key"
     local current_date=$(date +%s)
     local generate_new_cert=0
     # Check if the certificate file exists
     if [ ! -f "$certificate" ]; then
-        echo "Certificate $d file not found. Generating a new certificate."
+        echo "Certificate $d ($certificate) file not found. Generating a new certificate."
         generate_new_cert=1
     else
         local expire_date=$(openssl x509 -enddate -noout -in "$certificate" | cut -d= -f2-)
         # Convert the expire date to seconds since epoch
         local expire_date_seconds=$(date -d "$expire_date" +%s)
 
         if [ "$current_date" -ge "$expire_date_seconds" ]; then
-            echo "Certificate $d is expired. Generating a new certificate."
+            echo "Certificate $d ($certificate) is expired. Generating a new certificate."
             generate_new_cert=1
         fi
     fi
 
     # Check if the private key file exists
     if [ ! -f "$private_key" ]; then
-        echo "Private key file $d not found. Generating a new certificate."
+        echo "Private key file $d ($private_key) not found. Generating a new certificate."
         generate_new_cert=1
     else
         # Check if the private key is valid
         if ! openssl rsa -check -in "$private_key" >/dev/null && ! openssl ec -check -in "$private_key" >/dev/null; then
-            echo "Private key $d is invalid. Generating a new certificate."
+            echo "Private key $d ($private_key) is invalid. Generating a new certificate."
             generate_new_cert=1
         fi
     fi

diff --git a/common/jinja.py b/common/jinja.py
@@ -19,8 +19,9 @@ def exec(command):
         )
         return output
     except subprocess.CalledProcessError as e:
+        print(command)
         print(f"Command failed with exit code {e.returncode}:")
-        print(e.output)
+        print(e.output, e)
     return ""
 
 

diff --git a/common/replace_variables.sh b/common/replace_variables.sh
@@ -2,14 +2,13 @@ cd $(dirname -- "$0")
 source ./utils.sh
 activate_python_venv
 
-domains=$(cat ../current.json | jq -r '.domains[] | select(.mode | IN("direct", "cdn", "worker", "relay", "auto_cdn_ip", "old_xtls_direct", "sub_link_only", "fake")) | .domain')
+domains=$(cat ../current.json | jq -r '.domains[] | .domain' | tr '\n' ' ')
 
 
 # Loop over the .crt files
 for f in /opt/hiddify-manager/ssl/*.crt; do
     # Get the basename without the .crt extension
     d=$(basename "$f" .crt)
-
     # Check if $d is not in the list of domains
     if [[ ! " ${domains[@]} " =~ " ${d} " ]]; then
         # If $d is not in domains, remove the file
@@ -20,7 +19,7 @@ done
 
 # we need at least one ssl certificate to be able to run haproxy
 for d in $domains; do
-    bash /opt/hiddify-manager/acme.sh/generate_self_signed_cert.sh $d
+    (bash /opt/hiddify-manager/acme.sh/generate_self_signed_cert.sh $d >/dev/null 2>&1)
 done
 
 python -c "import json5;import jinja2" || pip install json5 jinja2

diff --git a/hiddify-panel/src b/hiddify-panel/src
diff --git a/singbox/configs/05_inbounds_10_ss_new.json.j2 b/singbox/configs/05_inbounds_10_ss_new.json.j2
@@ -18,7 +18,7 @@
 					{"name": "{{ u['uuid'] }}@hiddify.com", "password": "{{ u['uuid'].replace('-','')|b64encode}}"},
 				{% endfor%}
 				],
-				{% include "includes/multiplex.json.j2"%}
+				{% include "includes/multiplex.json.pj2"%}
 			}
 		]
 	{% endif %}

diff --git a/singbox/configs/05_inbounds_2011_trojan_new.json.j2 b/singbox/configs/05_inbounds_2011_trojan_new.json.j2
@@ -22,7 +22,7 @@
 					"idle_timeout": "15s",
 					"ping_timeout": "15s"
 				},
-				{% include "includes/multiplex.json.j2"%}
+				{% include "includes/multiplex.json.pj2"%}
 			}	  
 		]
 	{% endif %}

diff --git a/singbox/configs/05_inbounds_2012_trojan_ws_new.json.j2 b/singbox/configs/05_inbounds_2012_trojan_ws_new.json.j2
@@ -21,7 +21,7 @@
 					"path": "/{{ hconfigs['path_trojan'] }}{{ hconfigs['path_ws'] }}",
 					"early_data_header_name": "Sec-WebSocket-Protocol"
 				},
-				{% include "includes/multiplex.json.j2"%}
+				{% include "includes/multiplex.json.pj2"%}
 			}	  
 		]
 	{% endif %}

diff --git a/singbox/configs/05_inbounds_2013_trojan_grpc_new.json.j2 b/singbox/configs/05_inbounds_2013_trojan_grpc_new.json.j2
@@ -22,7 +22,7 @@
 					"idle_timeout": "15s",
 					"ping_timeout": "15s"
 				},
-				{% include "includes/multiplex.json.j2"%}
+				{% include "includes/multiplex.json.pj2"%}
 			}	  
 		]
 	{% endif %}

diff --git a/singbox/configs/05_inbounds_2014_trojan_httpupgrade.json.j2 b/singbox/configs/05_inbounds_2014_trojan_httpupgrade.json.j2
@@ -20,7 +20,7 @@
 					"type": "ws",
 					"path": "/{{ hconfigs['path_trojan'] }}{{ hconfigs['path_httpupgrade'] }}"
 				},
-				{% include "includes/multiplex.json.j2"%}
+				{% include "includes/multiplex.json.pj2"%}
 			}	  
 		]
 	{% endif %}

diff --git a/singbox/configs/05_inbounds_2021_vless_new.json.j2 b/singbox/configs/05_inbounds_2021_vless_new.json.j2
@@ -24,7 +24,7 @@
 					"idle_timeout": "15s",
 					"ping_timeout": "15s"
 				},
-				{% include "includes/multiplex.json.j2"%}
+				{% include "includes/multiplex.json.pj2"%}
 			}	  
 		]
 	{% endif %}

diff --git a/singbox/configs/05_inbounds_2022_vless_ws_new.json.j2 b/singbox/configs/05_inbounds_2022_vless_ws_new.json.j2
@@ -21,7 +21,7 @@
 					"path": "/{{ hconfigs['path_vless'] }}{{ hconfigs['path_ws'] }}",
 					"early_data_header_name": "Sec-WebSocket-Protocol"
 				},
-				{% include "includes/multiplex.json.j2"%}
+				{% include "includes/multiplex.json.pj2"%}
 			}	  
 		]
 	{% endif %}

diff --git a/singbox/configs/05_inbounds_2023_vless_grpc_new.json.j2 b/singbox/configs/05_inbounds_2023_vless_grpc_new.json.j2
@@ -22,7 +22,7 @@
 					"idle_timeout": "15s",
 					"ping_timeout": "15s"
 				},
-				{% include "includes/multiplex.json.j2"%}
+				{% include "includes/multiplex.json.pj2"%}
 			}	  
 		]
 	{% endif %}

diff --git a/singbox/configs/05_inbounds_2024_vless_httpupgrade.json.j2 b/singbox/configs/05_inbounds_2024_vless_httpupgrade.json.j2
@@ -19,7 +19,7 @@
 					"type": "httpupgrade",
 					"path": "/{{ hconfigs['path_vless'] }}{{ hconfigs['path_httpupgrade'] }}"
 				},
-				{% include "includes/multiplex.json.j2"%}
+				{% include "includes/multiplex.json.pj2"%}
 			}	  
 		]
 	{% endif %}

diff --git a/singbox/configs/05_inbounds_2031_vmess_new.json.j2 b/singbox/configs/05_inbounds_2031_vmess_new.json.j2
@@ -23,7 +23,7 @@
 					"idle_timeout": "15s",
 					"ping_timeout": "15s"
 				},
-				{% include "includes/multiplex.json.j2"%}
+				{% include "includes/multiplex.json.pj2"%}
 			}	  
 		]
 	{% endif %}

diff --git a/singbox/configs/05_inbounds_2032_vmess_ws_new.json.j2 b/singbox/configs/05_inbounds_2032_vmess_ws_new.json.j2
@@ -21,7 +21,7 @@
 					"path": "/{{ hconfigs['path_vmess'] }}{{ hconfigs['path_ws'] }}",
 					"early_data_header_name": "Sec-WebSocket-Protocol"
 				},
-				{% include "includes/multiplex.json.j2"%}
+				{% include "includes/multiplex.json.pj2"%}
 			}	  
 		]
 	{% endif %}

diff --git a/singbox/configs/05_inbounds_2033_vmess_grpc_new.json.j2 b/singbox/configs/05_inbounds_2033_vmess_grpc_new.json.j2
@@ -22,7 +22,7 @@
 					"idle_timeout": "15s",
 					"ping_timeout": "15s"
 				},
-				{% include "includes/multiplex.json.j2"%}
+				{% include "includes/multiplex.json.pj2"%}
 			}	  
 		]
 	{% endif %}

diff --git a/singbox/configs/05_inbounds_2034_vmess_httpupgrade.json.j2 b/singbox/configs/05_inbounds_2034_vmess_httpupgrade.json.j2
@@ -20,7 +20,7 @@
 					"type": "httpupgrade",
 					"path": "/{{ hconfigs['path_vmess'] }}{{ hconfigs['path_httpupgrade'] }}"
 				},
-				{% include "includes/multiplex.json.j2"%}
+				{% include "includes/multiplex.json.pj2"%}
 			}	  
 		]
 	{% endif %}

diff --git a/singbox/configs/05_inbounds_2039_vmess_new.json.j2 b/singbox/configs/05_inbounds_2039_vmess_new.json.j2
@@ -23,7 +23,7 @@
 					"idle_timeout": "15s",
 					"ping_timeout": "15s"
 				},
-				{% include "includes/multiplex.json.j2"%}
+				{% include "includes/multiplex.json.pj2"%}
 			}	  
 		]
 	{% endif %}

diff --git a/singbox/configs/05_inbounds_2061_reality_main.json.j2 b/singbox/configs/05_inbounds_2061_reality_main.json.j2
@@ -38,7 +38,7 @@
 						"max_time_difference": "2h"
 					}
 				},
-				{% include "includes/multiplex.json.j2"%}
+				{% include "includes/multiplex.json.pj2"%}
 			},
 			{%endfor %}
 		]

diff --git a/singbox/configs/05_inbounds_2071_realitygrpc_main.json.j2 b/singbox/configs/05_inbounds_2071_realitygrpc_main.json.j2
@@ -44,7 +44,7 @@
 						"max_time_difference": "2h"
 					}
 				},
-				{% include "includes/multiplex.json.j2"%}
+				{% include "includes/multiplex.json.pj2"%}
 			},
 			{%endfor %}
 		]

diff --git a/singbox/configs/05_inbounds_4010_tuic.json.j2 b/singbox/configs/05_inbounds_4010_tuic.json.j2
@@ -29,7 +29,7 @@
 					"alpn": ["h3"],
 					"min_version": "1.2",
 					"max_version": "1.3",
-					{% if exec("[ -f /opt/hiddify-manager/ssl/"+domain[0:64]+".crt ]&& echo -n 'true'")=='true' %}
+					{% if exec("[ -f /opt/hiddify-manager/ssl/"+domain[0:64]+".crt ]&& echo -n 'true' || echo -n 'false'")=='true' %}
 					"certificate_path": "/opt/hiddify-manager/ssl/{{domain[0:64]}}.crt",
 					"key_path": "/opt/hiddify-manager/ssl/{{domain[0:64]}}.crt.key",
 					{%else %}

diff --git a/singbox/configs/05_inbounds_4100_hysteria.json.j2 b/singbox/configs/05_inbounds_4100_hysteria.json.j2
@@ -29,7 +29,7 @@
 					"alpn": ["h3"],
 					"min_version": "1.2",
 					"max_version": "1.3",
-					{% if exec("[ -f /opt/hiddify-manager/ssl/"+domain[0:64]+".crt ]&& echo -n 'true'")=='true' %}
+					{% if exec("[ -f /opt/hiddify-manager/ssl/"+domain[0:64]+".crt ] && echo -n 'true' || echo -n 'false'")=='true' %}
 					"certificate_path": "/opt/hiddify-manager/ssl/{{domain[0:64]}}.crt",
 					"key_path": "/opt/hiddify-manager/ssl/{{domain[0:64]}}.crt.key",
 					{%else %}

diff --git a/singbox/configs/includes/multiplex.json.j2 → singbox/configs/includes/multiplex.json.pj2 b/singbox/configs/includes/multiplex.json.j2 → singbox/configs/includes/multiplex.json.pj2
diff --git a/xray/configs/05_inbounds_02_decoy.json.j2 b/xray/configs/05_inbounds_02_decoy.json.j2
@@ -31,7 +31,7 @@
 				"certificates": [
 				  {%for d in domains if d['need_valid_ssl']%}
 				  	{"ocspStapling": 3600, 
-					{% if exec("[ -f /opt/hiddify-manager/ssl/"+d.domain[0:64]+".crt ]&& echo -n 'true'")=='true' %}
+					{% if exec("[ -f /opt/hiddify-manager/ssl/"+d.domain[0:64]+".crt ]&& echo -n 'true' || echo -n 'false'")=='true' %}
 					"certificateFile": "/opt/hiddify-manager/ssl/{{d.domain[0:64]}}.crt", 
 					"keyFile": "/opt/hiddify-manager/ssl/{{d.domain[0:64]}}.crt.key",
 					{%else %}

diff --git a/xray/configs/05_inbounds_02_quic_main.json.j2 b/xray/configs/05_inbounds_02_quic_main.json.j2
@@ -28,7 +28,7 @@
 						"certificates": [
 						{%for d in domains if d['need_valid_ssl']%}
 							{"ocspStapling": 3600, 
-					{% if exec("[ -f /opt/hiddify-manager/ssl/"+d.domain[0:64]+".crt ]&& echo -n 'true'")=='true' %}
+					{% if exec("[ -f /opt/hiddify-manager/ssl/"+d.domain[0:64]+".crt ]&& echo -n 'true' || echo -n 'false'")=='true' %}
 					"certificateFile": "/opt/hiddify-manager/ssl/{{d.domain[0:64]}}.crt", 
 					"keyFile": "/opt/hiddify-manager/ssl/{{d.domain[0:64]}}.crt.key",
 					{%else %}

diff --git a/xray/configs/05_inbounds_02_xtls_main.json.j2 b/xray/configs/05_inbounds_02_xtls_main.json.j2
@@ -45,7 +45,7 @@
 					"certificates": [
 					{%for d in domains if d['need_valid_ssl']%}
 						{"ocspStapling": 3600, 
-					{% if exec("[ -f /opt/hiddify-manager/ssl/"+d.domain[0:64]+".crt ]&& echo -n 'true'")=='true' %}
+					{% if exec("[ -f /opt/hiddify-manager/ssl/"+d.domain[0:64]+".crt ]&& echo -n 'true' || echo -n 'false'")=='true' %}
 					"certificateFile": "/opt/hiddify-manager/ssl/{{d.domain[0:64]}}.crt", 
 					"keyFile": "/opt/hiddify-manager/ssl/{{d.domain[0:64]}}.crt.key",
 					{%else %}