[agent] Alpine 系统增加 SSL/TLS加密 (--tls) 支持。 (#297)

2023-11-13 16:10:09 +08:00 · 2023-11-13 16:10:09 +08:00 · cb785e5031
commit cb785e5031
parent d8b1855989
2 changed files with 151 additions and 149 deletions
--- a/script/install.sh
+++ b/script/install.sh
@ -280,8 +280,10 @@ modify_agent_config() {
    if [ $# -lt 3 ]; then
        echo "请先在管理面板上添加Agent，记录下密钥" &&
        read -ep "请输入一个解析到面板所在IP的域名（不可套CDN）: " nz_grpc_host &&
-        read -ep "请输入面板RPC端口: (5555)" nz_grpc_port &&
-        read -ep "请输入Agent 密钥: " nz_client_secret
+        read -ep "请输入面板RPC端口 (默认值 5555): " nz_grpc_port &&
+        read -ep "请输入Agent 密钥: " nz_client_secret &&
+        read -ep "是否启用针对 gRPC 端口的 SSL/TLS加密 (--tls)，需要请按 [y]，默认是不需要，不理解用户可回车跳过: " nz_grpc_proxy
+        grep -qiw 'Y' <<< "${nz_grpc_proxy}" && args='--tls'
        if [[ -z "${nz_grpc_host}" || -z "${nz_client_secret}" ]]; then
            echo -e "${red}所有选项都不能为空${plain}"
            before_show_menu
@ -294,20 +296,19 @@ modify_agent_config() {
        nz_grpc_host=$1
        nz_grpc_port=$2
        nz_client_secret=$3
+        shift 3
+        if [ $# -gt 0 ]; then
+            args=" $*"
+        fi
    fi

    if [ "$os_alpine" != 1 ];then
        sed -i "s/nz_grpc_host/${nz_grpc_host}/" ${NZ_AGENT_SERVICE}
        sed -i "s/nz_grpc_port/${nz_grpc_port}/" ${NZ_AGENT_SERVICE}
        sed -i "s/nz_client_secret/${nz_client_secret}/" ${NZ_AGENT_SERVICE}
-        
-        shift 3
-        if [ $# -gt 0 ]; then
-            args=" $*"
-            sed -i "/ExecStart/ s/$/${args}/" ${NZ_AGENT_SERVICE}
-        fi
+        [ -n "${args}" ] && sed -i "/ExecStart/ s/$/ ${args}/" ${NZ_AGENT_SERVICE}
    else
-        echo "@reboot nohup ${NZ_AGENT_PATH}/nezha-agent -s ${nz_grpc_host}:${nz_grpc_port} -p ${nz_client_secret} >/dev/null 2>&1 &" >> /etc/crontabs/root
+        echo "@reboot ${NZ_AGENT_PATH}/nezha-agent -s ${nz_grpc_host}:${nz_grpc_port} -p ${nz_client_secret} ${args}" >> /etc/crontabs/root
        crond
    fi

@ -318,7 +319,7 @@ modify_agent_config() {
        systemctl enable nezha-agent
        systemctl restart nezha-agent
    else
-        nohup ${NZ_AGENT_PATH}/nezha-agent -s ${nz_grpc_host}:${nz_grpc_port} -p ${nz_client_secret} >/dev/null 2>&1 &
+        nohup ${NZ_AGENT_PATH}/nezha-agent -s ${nz_grpc_host}:${nz_grpc_port} -p ${nz_client_secret} ${args} >/dev/null 2>&1 &
    fi

    if [[ $# == 0 ]]; then
@ -516,8 +517,8 @@ uninstall_agent() {
        rm -rf $NZ_AGENT_SERVICE
        systemctl daemon-reload
    else
-        sed -i "/nezha-agent/d" /etc/crontabs/root
-        pkill nezha
+        grep -q 'nezha-agent' /var/spool/cron/crontabs/root && sed -i "/nezha-agent/d" /var/spool/cron/crontabs/root
+        pkill nezha-agent
    fi

    rm -rf $NZ_AGENT_PATH
--- a/script/install_en.sh
+++ b/script/install_en.sh
@ -279,8 +279,10 @@ modify_agent_config() {
    if [ $# -lt 3 ]; then
        echo "Please add Agent in the admin panel first, record the secret" &&
        read -ep "Please enter a domain that resolves to the IP where the panel is located (no CDN sets): " nz_grpc_host &&
-        read -ep "Please enter the panel RPC port: (5555)" nz_grpc_port &&
-        read -ep "Please enter the Agent secret: " nz_client_secret
+        read -ep "Please enter the panel RPC port (default 5555): " nz_grpc_port &&
+        read -ep "Please enter the Agent secret: " nz_client_secret &&
+        read -ep "Do you want to enable SSL/TLS encryption for the gRPC port (--tls)? Press [y] if yes, the default is not required, and users can press Enter to skip if you don't understand: " nz_grpc_proxy
+        grep -qiw 'Y' <<< "${nz_grpc_proxy}" && args='--tls'
        if [[ -z "${nz_grpc_host}" || -z "${nz_client_secret}" ]]; then
            echo -e "${red}All options cannot be empty${plain}"
            before_show_menu
@ -293,20 +295,19 @@ modify_agent_config() {
        nz_grpc_host=$1
        nz_grpc_port=$2
        nz_client_secret=$3
+        shift 3
+        if [ $# -gt 0 ]; then
+            args=" $*"
+        fi
    fi

    if [ "$os_alpine" != 1 ];then
        sed -i "s/nz_grpc_host/${nz_grpc_host}/" ${NZ_AGENT_SERVICE}
        sed -i "s/nz_grpc_port/${nz_grpc_port}/" ${NZ_AGENT_SERVICE}
        sed -i "s/nz_client_secret/${nz_client_secret}/" ${NZ_AGENT_SERVICE}
-        
-        shift 3
-        if [ $# -gt 0 ]; then
-            args=" $*"
-            sed -i "/ExecStart/ s/$/${args}/" ${NZ_AGENT_SERVICE}
-        fi
+        [ -n "${args}" ] && sed -i "/ExecStart/ s/$/ ${args}/" ${NZ_AGENT_SERVICE}
    else
-        echo "@reboot nohup ${NZ_AGENT_PATH}/nezha-agent -s ${nz_grpc_host}:${nz_grpc_port} -p ${nz_client_secret} >/dev/null 2>&1 &" >> /etc/crontabs/root
+        echo "@reboot ${NZ_AGENT_PATH}/nezha-agent -s ${nz_grpc_host}:${nz_grpc_port} -p ${nz_client_secret} ${args}" >> /etc/crontabs/root
        crond
    fi

@ -317,7 +318,7 @@ modify_agent_config() {
        systemctl enable nezha-agent
        systemctl restart nezha-agent
    else
-        nohup ${NZ_AGENT_PATH}/nezha-agent -s ${nz_grpc_host}:${nz_grpc_port} -p ${nz_client_secret} >/dev/null 2>&1 &
+        nohup ${NZ_AGENT_PATH}/nezha-agent -s ${nz_grpc_host}:${nz_grpc_port} -p ${nz_client_secret} ${args} >/dev/null 2>&1 &
    fi

    if [[ $# == 0 ]]; then
@ -514,8 +515,8 @@ uninstall_agent() {
        rm -rf $NZ_AGENT_SERVICE
        systemctl daemon-reload
    else
-        sed -i "/nezha-agent/d" /etc/crontabs/root
-        pkill nezha
+        grep -q 'nezha-agent' /var/spool/cron/crontabs/root && sed -i "/nezha-agent/d" /var/spool/cron/crontabs/root
+        pkill nezha-agent
    fi

    rm -rf $NZ_AGENT_PATH