#!/bin/bash # change root password if [ "$EUID" -ne 0 ]; then echo "please run as root" exit 1 fi echo "Please enter new root password: " passwd # set location echo "export LANG=en_US.UTF-8" >> ~/.bashrc echo "export LANGUAGE=en_US:en" >> ~/.bashrc echo "export LC_ALL=en_US.UTF-8" >> ~/.bashrc echo "export LC_TIME=en_US.UTF-8" >> ~/.bashrc source ~/.bashrc # enable Pubkey Authentication sed -i 's/^\(#\)\?PubkeyAuthentication.*/PubkeyAuthentication yes/' /etc/ssh/sshd_config systemctl restart sshd # add user to sudo apt update -y && apt install sudo -y # create a new user echo "Please enter new user name: " read username echo "Your new user name is $username" read -n 1 -s # if user already exists, enter a new username while id -u $username >/dev/null 2>&1; do echo "User $username already exists, please enter a new username: " read username # 如果username为空,则跳出while循环 if [ -z "$username" ]; then break fi done if [ -n $username ]; then useradd -m -G sudo -s /bin/bash $username echo "Please enter new user password: " passwd $username mkdir -p /home/$username/.ssh touch /home/$username/.ssh/authorized_keys chown $username:$username /home/$username/.ssh/authorized_keys chmod 600 /home/$username/.ssh/authorized_keys fi # disable root login in ssh sed -i 's/^\(#\)\?PermitRootLogin.*/PermitRootLogin no/' /etc/ssh/sshd_config # install caddy apt install curl -y apt install jq -y mkdir -p /tmp/caddy cd /tmp/caddy RELEASE=$(curl -s "https://api.github.com/repos/klzgrad/forwardproxy/releases/latest" | jq -r .tag_name) curl -sL "https://github.com/klzgrad/forwardproxy/releases/download/${RELEASE}/caddy-forwardproxy-naive.tar.xz" | tar xJf - mv caddy-forwardproxy-naive/caddy /usr/bin cd .. rm -rf caddy # caddy systemd echo "[Unit] Description=Caddy Documentation=https://caddyserver.com/docs/ After=network.target network-online.target Requires=network-online.target [Service] User=root ExecStart=/usr/bin/caddy run --environ --config /etc/caddy/Caddyfile ExecReload=/usr/bin/caddy reload --config /etc/caddy/Caddyfile TimeoutStopSec=5s LimitNOFILE=1048576 LimitNPROC=512 PrivateTmp=true ProtectSystem=full AmbientCapabilities=CAP_NET_BIND_SERVICE [Install] WantedBy=multi-user.target" > /etc/systemd/system/caddy.service systemctl enable caddy # caddy config mkdir -p /etc/caddy mkdir -p /var/www/html # input your domain and email read -p "Enter your domain: " domain echo "Your domain is $domain" read -p "Enter your email: " email # create caddyfile echo "Your email is $email" echo " { order forward_proxy before file_server } :443, $domain { tls $email forward_proxy { basic_auth user pass hide_ip hide_via probe_resistance } file_server { root /var/www/html } } " > /etc/caddy/Caddyfile systemctl restart caddy # check if caddy is running systemctl status caddy echo "Your caddy forward user and password is user:pass" echo "Press and enter to continue" read -n 1 -s # limit log file size sed -i 's/^\(#\)\?SystemMaxUse.*/SystemMaxUse=100M/' /etc/systemd/journald.conf systemctl restart systemd-journald