chg: fix bug & refactor code & less logs

hiddify · Apr 26, 2024 · 22e6b34 · 22e6b34
1 parent 1d7ad80
commit 22e6b34
Show file tree

Hide file tree

Showing 35 changed files with 273 additions and 249 deletions.
diff --git a/acme.sh/install.sh b/acme.sh/install.sh
@@ -4,10 +4,10 @@ remove_package certbot
 
 mkdir -p /opt/hiddify-manager/acme.sh/lib/
 if ! is_installed ./lib/acme.sh; then
-    curl -L https://get.acme.sh | sh -s -- home /opt/hiddify-manager/acme.sh/lib \
-        --config-home /opt/hiddify-manager/acme.sh/lib/data \
-        --cert-home /opt/hiddify-manager/acme.sh/lib/certs --nocron
-
+    curl -s -L https://get.acme.sh | sh -s -- home /opt/hiddify-manager/acme.sh/lib \
+    --config-home /opt/hiddify-manager/acme.sh/lib/data \
+    --cert-home /opt/hiddify-manager/acme.sh/lib/certs --nocron
+    
     sed -i 's|_sleep_overload_retry_sec=$_retryafter|_sleep_overload_retry_sec=$_retryafter; if [[ "$_retryafter" > 20 ]];then return 10; fi|g' lib/acme.sh
 fi
 

diff --git a/common/downgrade.sh b/common/downgrade.sh
@@ -1,14 +1,17 @@
 cd /opt/hiddify-manager/hiddify-panel
-python3 -m hiddifypanel downgrade
+
+source /opt/hiddify-manager/common/utils.sh
+activate_python_venv
+
+python -m hiddifypanel downgrade
 if [ ! -f hiddifypanel.db ] && [ -f hiddifypanel.db.old ]; then
     mv hiddifypanel.db.old hiddifypanel.db
 fi
 cd ..
 
-source common/utils.sh
 
 pip install hiddifypanel==$(get_release_version hiddify-panel)
-curl -L -o hiddify-manager.zip https://github.com/hiddify/hiddify-manager/releases/latest/download/hiddify-manager.zip
+curl -L -s -o hiddify-manager.zip https://github.com/hiddify/hiddify-manager/releases/latest/download/hiddify-manager.zip
 unzip -o hiddify-manager.zip
 rm hiddify-manager.zip
 ln -s /opt/hiddify-manager /opt/hiddify-config

diff --git a/common/download_install.sh b/common/download_install.sh
@@ -56,18 +56,16 @@ apt update
 #apt -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" upgrade
 
 apt install -y curl unzip
-# pip3 install lastversion "requests<=2.29.0"
-# pip install lastversion "requests<=2.29.0"
 mkdir -p /opt/$GITHUB_REPOSITORY
 cd /opt/$GITHUB_REPOSITORY
-curl -L -o $GITHUB_REPOSITORY.zip https://github.com/hiddify/$GITHUB_REPOSITORY/releases/download/v10.5.73/$GITHUB_REPOSITORY.zip
-unzip -o $GITHUB_REPOSITORY.zip
+curl -L -s -o $GITHUB_REPOSITORY.zip https://github.com/hiddify/$GITHUB_REPOSITORY/releases/download/v10.5.73/$GITHUB_REPOSITORY.zip
+unzip -o $GITHUB_REPOSITORY.zip > /dev/null
 rm $GITHUB_REPOSITORY.zip
 rm -f xray/configs/*.json
 rm -f singbox/configs/*.json
 source /opt/hiddify-config/common/utils.sh
 install_python
-install_pypi_package pip==24.0 # pip install -U pip
+install_pypi_package pip==24.0
 pip install -U hiddifypanel==8.8.99
 bash install.sh --no-gui
 # exit 0

diff --git a/common/hiddify_installer.sh b/common/hiddify_installer.sh
@@ -84,7 +84,7 @@ function install_panel() {
         echo "/opt/hiddify-manager/menu.sh" >>~/.bashrc
         echo "cd /opt/hiddify-manager/" >>~/.bashrc
     fi
-    install_python
+    activate_python_venv
     install_package jq wireguard libev-dev libevdev2 default-libmysqlclient-dev build-essential pkg-config
     update_panel "$package_mode" "$force"
     panel_update=$?
@@ -279,7 +279,7 @@ function update_from_github() {
     local file_type=${file_name##*.}
     mkdir -p /opt/hiddify-manager
     cd /opt/hiddify-manager
-    curl -L -o "$file_name" "$url"
+    curl -sL -o "$file_name" "$url"
 
     if [[ "$file_type" == "zip" ]]; then
         install_package unzip

diff --git a/common/install.sh b/common/install.sh
@@ -3,17 +3,18 @@ source utils.sh
 
 remove_package apache2 needrestart needrestart-session
 install_package apt-transport-https at ca-certificates cron curl dnsutils git gnupg2 gnupg-agent iptables jq less libssl-dev locales lsb-release lsof qrencode software-properties-common ubuntu-keyring wget whiptail build-essential
-python3 -m pip config set global.index-url https://pypi.org/simple
+activate_python_venv
+python -m pip config set global.index-url https://pypi.org/simple > /dev/null
 remove_package resolvconf
 # rm /etc/resolv.conf
 # ln -s /run/systemd/resolve/stub-resolv.conf /etc/resolv.conf
 
 if [[ $COUNTRY == 'cn' ]]; then
-  sudo timedatectl set-timezone Asia/Shanghai
+    sudo timedatectl set-timezone Asia/Shanghai
 elif [[ $COUNTRY == 'ru' ]]; then
-  sudo timedatectl set-timezone Asia/Moscow
+    sudo timedatectl set-timezone Asia/Moscow
 else
-  sudo timedatectl set-timezone Asia/Tehran
+    sudo timedatectl set-timezone Asia/Tehran
 fi
 
 # rm /run/resolvconf/interface/*
@@ -24,48 +25,51 @@ fi
 #resolvconf -u
 sudo systemctl unmask --now systemd-resolved.service
 systemctl enable --now systemd-resolved >/dev/null 2>&1
-python3 change_dns.py 8.8.8.8 1.1.1.1
 
-ln -sf $(pwd)/sysctl.conf /etc/sysctl.d/ss-opt.conf
+# install requirements for change_dns.py
+install_pypi_package pyyaml > /dev/null
+python change_dns.py 8.8.8.8 1.1.1.1
 
-sysctl --system
+ln -sf $(pwd)/sysctl.conf /etc/sysctl.d/hiddify.conf
+
+sysctl --system > /dev/null
 
 if [[ "$ONLY_IPV4" != true ]]; then
-  sysctl -w net.ipv6.conf.all.disable_ipv6=0
-  sysctl -w net.ipv6.conf.default.disable_ipv6=0
-  sysctl -w net.ipv6.conf.lo.disable_ipv6=0
-
-  curl --connect-timeout 1 -s http://ipv6.google.com 2>&1 >/dev/null
-  if [ $? != 0 ]; then
-    ONLY_IPV4=true1
-  fi
+    sysctl -w net.ipv6.conf.all.disable_ipv6=0
+    sysctl -w net.ipv6.conf.default.disable_ipv6=0
+    sysctl -w net.ipv6.conf.lo.disable_ipv6=0
+    
+    curl --connect-timeout 1 -s http://ipv6.google.com 2>&1 >/dev/null
+    if [ $? != 0 ]; then
+        ONLY_IPV4=true1
+    fi
 fi
 
 INT_STAT=0
 INT_STAT_STR='Enable'
 if [[ "$ONLY_IPV4" == true ]]; then
-  INT_STAT=1
-  INT_STAT_STR="Disable"
+    INT_STAT=1
+    INT_STAT_STR="Disable"
 fi
 
 declare -a excluded_interfaces=("warp" "lo")
 
 for interface_name in $(ip link | awk -F': ' '$2 ~ /^[[:alnum:]]+$/ {print $2}'); do
-  if [[ " ${excluded_interfaces[@]} " =~ " ${interface_name} " ]]; then
-    continue
-  fi
-
-  # Disable IPv6 for the current interface
-  sysctl -q -w "net.ipv6.conf.$interface_name.disable_ipv6=$INT_STAT"
-
-  if [ $? -eq 0 ]; then
-    echo "IPv6 ${INT_STAT_STR}d for $interface_name"
-  else
-    echo "Failed to $INT_STAT_STR IPv6 for $interface_name"
-  fi
+    if [[ " ${excluded_interfaces[@]} " =~ " ${interface_name} " ]]; then
+        continue
+    fi
+    
+    # Disable IPv6 for the current interface
+    sysctl -q -w "net.ipv6.conf.$interface_name.disable_ipv6=$INT_STAT"
+    
+    if [ $? -eq 0 ]; then
+        echo "IPv6 ${INT_STAT_STR}d for $interface_name"
+    else
+        echo "Failed to $INT_STAT_STR IPv6 for $interface_name"
+    fi
 done
 
-bash google-bbr.sh
+bash google-bbr.sh > /dev/null
 
 
 echo "@reboot root /opt/hiddify-manager/install.sh --no-gui --no-log >> /opt/hiddify-manager/log/system/reboot.log 2>&1" >/etc/cron.d/hiddify_reinstall_on_reboot

diff --git a/common/replace_variables.sh b/common/replace_variables.sh
@@ -1,4 +1,8 @@
+cd $(dirname -- "$0")
+source ./utils.sh
+activate_python_venv
+
 python -c "import json5;import jinja2" || pip install json5 jinja2
 # rm -f /opt/hiddify-manager/singbox/configs/*.json
 # rm -f /opt/hiddify-manager/xray/configs/*.json
-python3 /opt/hiddify-manager/common/jinja.py $MODE
+python /opt/hiddify-manager/common/jinja.py $MODE
diff --git a/common/run.sh.j2 b/common/run.sh.j2
@@ -1,12 +1,14 @@
 source /opt/hiddify-manager/common/utils.sh
 
+# open essential ports
 allow_port "tcp" 22
 allow_port "tcp" 80
 allow_port "tcp" 443
 allow_port "udp" 443
 allow_port "udp" 53
 allow_port "tcp" 53
 # allow_port "udp" 3478
+
 allow_port "udp" {{hconfigs['wireguard_port']}} #wireguard
 
 
@@ -50,13 +52,13 @@ add2iptables46 "INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT"
 
 # Check if SSH server should be enabled
 {% if hconfigs['ssh_server_enable'] %}
-  allow_port "tcp" {{hconfigs['ssh_server_port']}} #ssh_server
+allow_port "tcp" {{hconfigs['ssh_server_port']}} #ssh_server
 {%else%}
-  remove_port "tcp" {{hconfigs['ssh_server_port']}}  #ssh_server
+remove_port "tcp" {{hconfigs['ssh_server_port']}}  #ssh_server
 {%endif%}
 
 {% for port in (hconfigs['tls_ports']+","+ hconfigs['http_ports']).split(',') if port %}
-  allow_port "tcp" {{port}} #panel ports
+allow_port "tcp" {{port}} #panel ports
 {%endfor%}
 {# {% for port in (hconfigs['tls_ports']).split(',') if port %}
   allow_port "udp" {{port}}
@@ -85,31 +87,32 @@ else
     mv /etc/motd.org /etc/motd
   fi
 fi
+
 # Restart sshd/ssh
 sudo systemctl restart sshd.service
 sudo systemctl restart ssh.service
 
 {% if hconfigs['firewall'] %}
-  iptables -P INPUT DROP
-  iptables -P FORWARD DROP
-  ip6tables -P INPUT DROP
-  ip6tables -P FORWARD DROP
+iptables -P INPUT DROP
+iptables -P FORWARD DROP
+ip6tables -P INPUT DROP
+ip6tables -P FORWARD DROP
 {%else%}
-  iptables -P INPUT ACCEPT
-  iptables -P FORWARD ACCEPT
-  ip6tables -P FORWARD ACCEPT
-  ip6tables -P INPUT ACCEPT
+iptables -P INPUT ACCEPT
+iptables -P FORWARD ACCEPT
+ip6tables -P FORWARD ACCEPT
+ip6tables -P INPUT ACCEPT
 {%endif%}
 
 save_firewall
 
 #add2iptables "INPUT -p tcp --dport 9000 -j DROP"
 
 {% if hconfigs['auto_update'] %}
-  echo "0 3 * * * root $(pwd)/../update.sh --no-gui --no-log" >/etc/cron.d/hiddify_auto_update
-  service cron reload
+echo "0 3 * * * root $(pwd)/../update.sh --no-gui --no-log" >/etc/cron.d/hiddify_auto_update
+service cron reload
 {%else%}
-  rm -rf /etc/cron.d/hiddify_auto_update
-  service cron reload
+rm -rf /etc/cron.d/hiddify_auto_update
+service cron reload
 {%endif%}
 
diff --git a/common/sysctl.conf b/common/sysctl.conf
@@ -24,8 +24,6 @@ net.ipv4.tcp_mtu_probing = 1
 # net.ipv4.tcp_congestion_control=bbr
 
 # Additional settings
-net.ipv4.ip_local_port_range = 10000 65000
-net.ipv4.tcp_mem = "24600 51200 102400"
 net.ipv4.ip_forward = 1
 net.netfilter.nf_conntrack_max = 2097152
 net.netfilter.nf_conntrack_tcp_timeout_close_wait = 60

diff --git a/common/utils.sh b/common/utils.sh
@@ -33,7 +33,8 @@ function get_release_version() {
 }
 
 function hiddifypanel_path() {
-    python3 -c "import os,hiddifypanel;print(os.path.dirname(hiddifypanel.__file__),end='')"
+    activate_python_venv
+    python -c "import os,hiddifypanel;print(os.path.dirname(hiddifypanel.__file__),end='')"
 }
 function get_installed_panel_version() {
     version=$(cat "$(hiddifypanel_path)/VERSION")
@@ -53,8 +54,8 @@ function get_installed_config_version() {
 
 function get_package_mode() {
     cd /opt/hiddify-manager/hiddify-panel || exit
-
-    python3 -m hiddifypanel all-configs | jq -r '.chconfigs["0"].package_mode'
+    activate_python_venv
+    python -m hiddifypanel all-configs | jq -r '.chconfigs["0"].package_mode'
 }
 
 function error() {
@@ -115,6 +116,7 @@ function update_progress() {
 }
 
 function is_installed_pypi_package() {
+    activate_python_venv
     package_name="$1"
 
     if pip list --format=freeze --disable-pip-version-check | grep -E "^$package_name" >/dev/null; then
@@ -126,6 +128,7 @@ function is_installed_pypi_package() {
 }
 
 function install_pypi_package() {
+    activate_python_venv
     for package in $@; do
         if ! is_installed_pypi_package $package; then
             pip install -U $package
@@ -216,9 +219,10 @@ function msg() {
 }
 
 function hiddify_api() {
+    activate_python_venv
     data=$(
         cd /opt/hiddify-manager/hiddify-panel || exit
-        python3 -m hiddifypanel "$1"
+        python -m hiddifypanel "$1"
     )
     echo "$data"
     return 0
@@ -259,14 +263,16 @@ function create_python_venv() {
     fi
 }
 function activate_python_venv() {
+    venv_path="/opt/hiddify-manager/.venv"
     if [ -z "$VIRTUAL_ENV" ]; then
-        echo "Activating virtual environment..."
+        #echo "Activating virtual environment..."
         source "$venv_path/bin/activate"
     fi
 }
 
 function check_hiddify_panel() {
     if [ "$MODE" != "apply_users" ]; then
+        activate_python_venv
         (cd /opt/hiddify-manager/hiddify-panel && python3 -m hiddifypanel all-configs) >/opt/hiddify-manager/current.json
         chmod 600 /opt/hiddify-manager/current.json
         if [[ $? != 0 ]]; then
@@ -352,18 +358,21 @@ function remove_port() { #allow_port "tcp" "80"
 }
 
 function allow_apps_ports() {
-    service_name=$1
-    ports=$(ss -tulpn | grep "$service_name" | awk '{print $5}' | cut -d':' -f2)
+    local service_name=$1
+
+    # Get ports and paths for the service
+    local ports=$(ss -tulpn | grep "$service_name" | awk '{print $5}' | cut -d':' -f2)
+    local paths=$(pgrep -f "$service_name" | while read -r pid; do readlink -f /proc/"$pid"/exe; done | awk '!seen[$0]++')
 
     if [[ -z $ports ]]; then
         echo "Service not found or not running"
     else
-        path=$(ps -aux | grep "$service_name" | awk '{print $11}')
-
         IFS=' ' read -ra portArray <<<"$ports"
         for p in "${portArray[@]}"; do
-            echo "Service is running on port $p and path $path"
-            allow_port "tcp" "$p"
+            for path in $paths; do
+                echo "Service is running on port $p and path $path"
+                allow_port "tcp" "$p"
+            done
         done
     fi
 }

diff --git a/hiddify-panel/backup.sh b/hiddify-panel/backup.sh
@@ -1,7 +1,9 @@
 #!/bin/bash
-
 cd $( dirname -- "$0"; )
+source ../common/utils.sh
+
 function main(){
+    activate_python_venv
     python3 -m hiddifypanel backup
 }
 main |& tee -a ../log/system/backup.log