-
Notifications
You must be signed in to change notification settings - Fork 223
/
OneClickCDN.sh
1465 lines (1394 loc) · 50.9 KB
/
OneClickCDN.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
#!/bin/bash
#################################################################
# One-click CDN Installation Script v0.1.0 #
# Written by shc (https://qing.su) #
# Github link: https://github.com/Har-Kuun/OneClickCDN #
# Contact me: https://t.me/hsun94 E-mail: [email protected] #
# #
# This script is distributed in the hope that it will be #
# useful, but ABSOLUTELY WITHOUT ANY WARRANTY. #
# #
# Thank you for using this script. #
#################################################################
#You can change the Traffic Server source file download link here.
#Check https://www.apache.org/dyn/closer.cgi/trafficserver for the latest stable version.
TS_DOWNLOAD_LINK="https://downloads.apache.org/trafficserver/trafficserver-8.1.5.tar.bz2"
TS_VERSION="8.1.5"
#You can enable an experimental feature: reverse proxy for any website.
#Please note that this feature is kind of buggy; you might have to manually modify some mapping rules if necessary.
#If you wish to turn on this feature, set the value for the variable below to ON, and use the special key in the main function to add reverse proxy instances.
REVERSE_PROXY_MODE_ENABLED=OFF
#By default, this script only works on Ubuntu 20, Debian 10/11, and CentOS 7/8.
#You can disable the OS check switch below and tweak the code yourself to try to install it in other OS versions.
#Please do note that if you choose to use this script on OS other than Ubuntu 20, Debian 10, or CentOS 7/8, you might mess up your OS. Please keep a backup of your server before installation.
OS_CHECK_ENABLED=ON
#########################################################################
# Functions start here. #
# Do not change anything below unless you know what you are doing. #
#########################################################################
function check_OS
{
if [ -f /etc/lsb-release ]
then
cat /etc/lsb-release | grep "DISTRIB_RELEASE=18." >/dev/null
if [ $? = 0 ]
then
OS=UBUNTU18
echo "Support of Ubuntu 18 is experimental. You may get error in TLS handshakes."
echo "Please consider upgrading to Ubuntu 20 (simply run \"do-release-upgrade -d\")."
echo "Please tweak the OS_CHECK_ENABLED setting if you still wish to install on Ubuntu 18."
echo
exit 1
else
cat /etc/lsb-release | grep "DISTRIB_RELEASE=20." >/dev/null
if [ $? = 0 ]
then
OS=UBUNTU20
else
say "Sorry, this script only supports Ubuntu 20 and Debian 10/11." red
echo
exit 1
fi
fi
elif [ -f /etc/debian_version ] ; then
cat /etc/debian_version | grep "^10." >/dev/null
if [ $? = 0 ] ; then
OS=DEBIAN10
echo "Support of Debian 10 is experimental. Please report bugs."
echo
else
cat /etc/debian_version | grep "^9." >/dev/null
if [ $? = 0 ] ; then
OS=DEBIAN9
echo "Support of Debian 9 is experimental. You may get error in TLS handshakes."
echo "Please tweak the OS_CHECK_ENABLED setting if you still wish to install on Debian 9."
echo
exit 1
else
cat /etc/debian_version | grep "^11." >/dev/null
if [ $? = 0 ] ; then
OS=DEBIAN11
echo "Support of Debian 11 is experimental. Please report bugs."
echo
else
say "Sorry, this script only supports Ubuntu 20 and Debian 10/11." red
echo
exit 1
fi
fi
fi
elif [ -f /etc/redhat-release ] ; then
cat /etc/redhat-release | grep " 8." >/dev/null
if [ $? = 0 ] ; then
OS=CENTOS8
echo "Support of CentOS 8 is experimental. Please report bugs."
echo "Please try disabling selinux or firewalld if you cannot visit your website."
echo
else
cat /etc/redhat-release | grep " 7." >/dev/null
if [ $? = 0 ] ; then
OS=CENTOS7
echo "Support of CentOS 7 is experimental. Please report bugs."
echo "Please try disabling selinux or firewalld if you cannot visit your website."
echo
else
echo "Sorry, this script only supports Ubuntu 20, Debian 10/11, and CentOS 7/8."
echo
exit 1
fi
fi
else
echo "Sorry, this script only supports Ubuntu 20, Debian 10/11, and CentOS 7/8."
echo
exit 1
fi
}
function check_TS
{
if [ -f /usr/local/bin/trafficserver ] ; then
TS_INSTALLED=1
else
TS_INSTALLED=0
fi
}
function install_TS
{
say @B"Starting Traffic Server installation..." green
echo "..."
echo "..."
echo "Removing Nginx and Apache..."
apt-get remove nginx apache -y
echo "Installing depedencies..."
apt-get update && apt-get upgrade -y
apt-get install wget curl tar certbot automake libtool pkg-config libmodule-install-perl gcc g++ libssl-dev tcl-dev libpcre3-dev libcap-dev libhwloc-dev libncurses5-dev libcurl4-openssl-dev flex autotools-dev bison debhelper dh-apparmor gettext intltool-debian libbison-dev libexpat1-dev libfl-dev libsigsegv2 libsqlite3-dev m4 po-debconf tcl8.6-dev zlib1g-dev -y
wget $TS_DOWNLOAD_LINK
tar xjf trafficserver-${TS_VERSION}.tar.bz2
rm -f trafficserver-${TS_VERSION}.tar.bz2
cd ${current_dir}/trafficserver-${TS_VERSION}
echo "Start building Traffic Server from source..."
./configure --enable-experimental-plugins
if [ -f ${current_dir}/trafficserver-${TS_VERSION}/config.status ] ; then
say @B"Dependencies met!" green
say @B"Compiling now..." green
echo
else
echo
say "Missing dependencies." red
echo "Please check log, install required dependencies, and run this script again."
echo "Please also consider to report your log here https://github.com/Har-Kuun/OneClickCDN/issues so that I can fix this issue."
echo "Thank you!"
echo
exit 1
fi
make
make install
if [ -f /usr/local/bin/traffic_manager ] ; then
echo
say @B"Traffic Server successfully installed!" green
echo
else
echo
say "Traffic Server installation failed." red
echo "Please check the above log for reasons."
echo "Please also consider to report your log here https://github.com/Har-Kuun/OneClickCDN/issues so that I can fix this issue."
echo "Thank you!"
echo
exit 1
fi
ln -s /usr/local/etc/trafficserver /etc/trafficserver
mkdir /etc/trafficserver/ssl
chown nobody /etc/trafficserver/ssl
chmod 0760 /etc/trafficserver/ssl
cd ${current_dir}
ldconfig
trafficserver start
echo
say @B"Traffic Server successfully started!" green
echo "Domain Type(CDN/RevProxy) OriginIP" > /etc/trafficserver/hostsavailable.sun
# echo "trafficserver start" >> /etc/rc.local
run_on_startup
echo
}
function install_TS_CentOS
{
say @B"Starting Traffic Server installation..." green
echo "..."
echo "..."
echo "Removing Nginx and Apache..."
yum remove httpd nginx -y
echo "Installing depedencies..."
yum update -y
if [ "x$OS" = "xCENTOS7" ] ; then
yum install centos-release-scl -y
yum install devtoolset-8 -y
scl enable devtoolset-8
yum install wget curl tar openssl-devel pcre-devel tcl-devel gcc-c++ expat-devel libcap-devel hwloc ncurses-devel libcurl-devel pcre-devel tcl-devel expat-devel openssl-devel perl-ExtUtils-MakeMaker bzip2 -y
yum install https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm -y
yum install certbot -y
source /opt/rh/devtoolset-8/enable
else
dnf -y group install "Development Tools"
dnf -y install wget curl tar openssl-devel pcre-devel tcl-devel expat-devel libcap-devel hwloc ncurses-devel bzip2 libcurl-devel pcre-devel tcl-devel expat-devel openssl-devel perl-ExtUtils-MakeMaker
yum -y install https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm
dnf -y install certbot
dnf config-manager --set-enabled PowerTools
fi
wget $TS_DOWNLOAD_LINK
tar xjf trafficserver-${TS_VERSION}.tar.bz2
rm -f trafficserver-${TS_VERSION}.tar.bz2
cd ${current_dir}/trafficserver-${TS_VERSION}
echo "Start building Traffic Server from source..."
./configure --enable-experimental-plugins
if [ -f ${current_dir}/trafficserver-${TS_VERSION}/config.status ] ; then
say @B"Dependencies met!" green
say @B"Compiling now..." green
echo
else
echo
say "Missing dependencies." red
echo "Please check log, install required dependencies, and run this script again."
echo "Please also consider to report your log here https://github.com/Har-Kuun/OneClickCDN/issues so that I can fix this issue."
echo "Thank you!"
echo
exit 1
fi
make
make install
if [ -f /usr/local/bin/traffic_manager ] ; then
echo
say @B"Traffic Server successfully installed!" green
echo
else
echo
say "Traffic Server installation failed." red
echo "Please check the above log for reasons."
echo "Please also consider to report your log here https://github.com/Har-Kuun/OneClickCDN/issues so that I can fix this issue."
echo "Thank you!"
echo
exit 1
fi
ln -s /usr/local/etc/trafficserver /etc/trafficserver
mkdir /etc/trafficserver/ssl
chown nobody /etc/trafficserver/ssl
chmod 0760 /etc/trafficserver/ssl
cd ${current_dir}
ldconfig
/usr/local/bin/trafficserver start
echo
say @B"Traffic Server successfully started!" green
echo "Domain Type(CDN/RevProxy) OriginIP" > /etc/trafficserver/hostsavailable.sun
run_on_startup
echo
}
function config_main_records
{
cat > /etc/trafficserver/records.config <<END
CONFIG proxy.config.exec_thread.autoconfig INT 1
CONFIG proxy.config.exec_thread.autoconfig.scale FLOAT 1.5
CONFIG proxy.config.exec_thread.limit INT 2
CONFIG proxy.config.accept_threads INT 1
CONFIG proxy.config.task_threads INT 2
CONFIG proxy.config.cache.threads_per_disk INT 8
CONFIG proxy.config.exec_thread.affinity INT 1
CONFIG proxy.config.http.server_ports STRING 80 443:proto=http2;http:ssl
CONFIG proxy.config.http.insert_request_via_str INT 1
CONFIG proxy.config.http.insert_response_via_str INT 2
CONFIG proxy.config.http.response_via_str STRING ATS
CONFIG proxy.config.http.parent_proxy_routing_enable INT 0
CONFIG proxy.config.http.parent_proxy.retry_time INT 300
CONFIG proxy.config.http.parent_proxy.connect_attempts_timeout INT 30
CONFIG proxy.config.http.forward.proxy_auth_to_parent INT 0
CONFIG proxy.config.http.uncacheable_requests_bypass_parent INT 1
CONFIG proxy.config.http.keep_alive_no_activity_timeout_in INT 120
CONFIG proxy.config.http.keep_alive_no_activity_timeout_out INT 120
CONFIG proxy.config.http.transaction_no_activity_timeout_in INT 30
CONFIG proxy.config.http.transaction_no_activity_timeout_out INT 30
CONFIG proxy.config.http.transaction_active_timeout_in INT 900
CONFIG proxy.config.http.transaction_active_timeout_out INT 0
CONFIG proxy.config.http.accept_no_activity_timeout INT 120
CONFIG proxy.config.net.default_inactivity_timeout INT 86400
CONFIG proxy.config.http.connect_attempts_max_retries INT 3
CONFIG proxy.config.http.connect_attempts_max_retries_dead_server INT 1
CONFIG proxy.config.http.connect_attempts_rr_retries INT 3
CONFIG proxy.config.http.connect_attempts_timeout INT 30
CONFIG proxy.config.http.post_connect_attempts_timeout INT 1800
CONFIG proxy.config.http.down_server.cache_time INT 60
CONFIG proxy.config.http.down_server.abort_threshold INT 10
CONFIG proxy.config.http.negative_caching_enabled INT 0
CONFIG proxy.config.http.negative_caching_lifetime INT 1800
CONFIG proxy.config.http.insert_client_ip INT 1
CONFIG proxy.config.http.insert_squid_x_forwarded_for INT 1
CONFIG proxy.config.http.push_method_enabled INT 1
CONFIG proxy.config.http.cache.http INT 1
CONFIG proxy.config.http.cache.ignore_client_cc_max_age INT 1
CONFIG proxy.config.http.normalize_ae INT 1
CONFIG proxy.config.http.cache.cache_responses_to_cookies INT 1
CONFIG proxy.config.http.cache.when_to_revalidate INT 0
CONFIG proxy.config.http.cache.required_headers INT 2
CONFIG proxy.config.http.cache.ignore_client_no_cache INT 1
CONFIG proxy.config.http.cache.heuristic_min_lifetime INT 3600
CONFIG proxy.config.http.cache.heuristic_max_lifetime INT 86400
CONFIG proxy.config.http.cache.heuristic_lm_factor FLOAT 0.10
CONFIG proxy.config.net.connections_throttle INT 30000
CONFIG proxy.config.net.max_connections_in INT 30000
CONFIG proxy.config.net.max_connections_active_in INT 10000
CONFIG proxy.config.cache.ram_cache_cutoff INT 4194304
CONFIG proxy.config.cache.limits.http.max_alts INT 5
CONFIG proxy.config.cache.max_doc_size INT 0
CONFIG proxy.config.cache.min_average_object_size INT 8000
CONFIG proxy.config.log.logging_enabled INT 3
CONFIG proxy.config.log.max_space_mb_for_logs INT 25000
CONFIG proxy.config.log.max_space_mb_headroom INT 1000
CONFIG proxy.config.log.rolling_enabled INT 1
CONFIG proxy.config.log.rolling_interval_sec INT 86400
CONFIG proxy.config.log.rolling_size_mb INT 10
CONFIG proxy.config.log.auto_delete_rolled_files INT 1
CONFIG proxy.config.log.periodic_tasks_interval INT 5
CONFIG proxy.config.url_remap.remap_required INT 1
CONFIG proxy.config.url_remap.pristine_host_hdr INT 1
CONFIG proxy.config.reverse_proxy.enabled INT 1
CONFIG proxy.config.ssl.client.verify.server INT 0
CONFIG proxy.config.ssl.client.CA.cert.filename STRING NULL
CONFIG proxy.config.ssl.server.cipher_suite STRING ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-DSS-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
CONFIG proxy.config.diags.debug.enabled INT 0
CONFIG proxy.config.diags.debug.tags STRING http|dns
CONFIG proxy.config.dump_mem_info_frequency INT 0
CONFIG proxy.config.http.slow.log.threshold INT 0
CONFIG proxy.config.ssl.server.cert.path STRING /etc/trafficserver/ssl/
CONFIG proxy.config.ssl.server.private_key.path STRING /etc/trafficserver/ssl/
CONFIG proxy.config.cache.enable_read_while_writer INT 1
CONFIG proxy.config.http.background_fill_active_timeout INT 0
CONFIG proxy.config.http.background_fill_completed_threshold FLOAT 0.000000
CONFIG proxy.config.cache.max_doc_size INT 0
CONFIG proxy.config.cache.read_while_writer.max_retries INT 10
CONFIG proxy.config.cache.read_while_writer_retry.delay INT 50
CONFIG proxy.config.http.congestion_control.enabled INT 1
CONFIG proxy.config.http.cache.max_open_read_retries INT 5
CONFIG proxy.config.http.cache.open_read_retry_time INT 10
CONFIG proxy.config.cache.ram_cache.compress INT 1
CONFIG proxy.config.ssl.ocsp.enabled INT 1
END
}
function config_cache_rules
{
cat > /etc/trafficserver/cache.config <<END
url_regex=.* suffix=xml ttl-in-cache=5d
url_regex=.* suffix=ts ttl-in-cache=5d
url_regex=.* suffix=jpeg ttl-in-cache=5d
url_regex=.* suffix=mp4 ttl-in-cache=5d
url_regex=.* suffix=zip ttl-in-cache=5d
url_regex=.* suffix=gif ttl-in-cache=5d
url_regex=.* suffix=ppt ttl-in-cache=5d
url_regex=.* suffix=jpg ttl-in-cache=5d
url_regex=.* suffix=swf ttl-in-cache=5d
url_regex=.* scheme=https ttl-in-cache=1h
url_regex=.* scheme=http ttl-in-cache=1h
url_regex=.* suffix=m3u8 ttl-in-cache=5d
url_regex=.* suffix=js ttl-in-cache=5d
url_regex=.* suffix=css ttl-in-cache=5d
url_regex=.* suffix=html ttl-in-cache=5d
END
}
function config_cache_storage
{
valid_integer=0
while [ ${valid_integer} != 1 ]
do
ram_cache_size=
echo
echo "Please specify RAM cache size."
echo "The unit is MB. Please type an integer only."
echo "The recommended value is 200 per GB of RAM on your server."
echo
read ram_cache_size
re='^[0-9]+$'
if ! [[ ${ram_cache_size} =~ $re ]] ; then
say @B"Please type an integer only." yellow
else
valid_integer=1
fi
done
if [ $ram_cache_size -lt 50 ] ; then
ram_cache_size=50
fi
echo
say @B"RAM cache size set to ${ram_cache_size}M." green
echo
echo "CONFIG proxy.config.cache.ram_cache.size INT ${ram_cache_size}M" >> /etc/trafficserver/records.config
valid_integer=0
while [ ${valid_integer} != 1 ]
do
disk_cache_size=
echo
echo "Please specify disk cache size."
echo "The unit is MB. Please type an integer only."
echo "The recommended value is at least 2048."
echo
read disk_cache_size
if ! [[ ${disk_cache_size} =~ $re ]] ; then
say @B"please type an integer only." yellow
else
valid_integer=1
fi
done
if [ $disk_cache_size -gt 256 ] ; then
echo
say @B"Disk cache size set to ${disk_cache_size}M." green
echo
echo "var/trafficserver ${disk_cache_size}M" > /etc/trafficserver/storage.config
else
echo
say @B"Disk cache size set to 256M." green
echo
fi
}
function config_cache_partitioning
{
echo
echo "Performing disk cache partitioning..."
for i in 1 2 3 4
do
echo "volume=${i} scheme=http size=25%" >> /etc/trafficserver/volume.config
done
echo "hostname=* volume=1,2,3,4" > /etc/trafficserver/hosting.config
say @B"Disk cache partitioned." green
echo
}
function config_cache_dynamic_content
{
echo
echo "CONFIG proxy.config.http.cache.cache_urls_that_look_dynamic INT 1" >> /etc/trafficserver/records.config
say @B"Cache rules updated!" green
say @B"Traffic Server will cache dynamic content." green
echo
}
function config_mapping_reverse_proxy
{
proxy_hostname=$1
origin_hostname=$2
origin_scheme=$3
echo
echo "Adding mapping rules for ${proxy_hostname} as a reverse proxy of ${origin_hostname}..."
echo "redirect http://${proxy_hostname}/ https://${proxy_hostname}/" >> /etc/trafficserver/remap.config
echo "map https://${proxy_hostname}/ ${origin_scheme}://${origin_hostname}/" >> /etc/trafficserver/remap.config
echo "reverse_map ${origin_scheme}://${origin_hostname}/ https://${proxy_hostname}/" >> /etc/trafficserver/remap.config
say @B"3 rules added." green
echo
}
function config_mapping_cdn
{
cdn_hostname=$1
origin_ip=$2
origin_scheme=$3
origin_port=$4
echo
echo "Adding mapping rules for ${cdn_hostname}..."
if [ "$origin_scheme" = "https" ] ; then
echo "redirect http://${cdn_hostname}/ https://${cdn_hostname}/" >> /etc/trafficserver/remap.config
echo "map https://${cdn_hostname}/ ${origin_scheme}://${origin_ip}:${origin_port}/" >> /etc/trafficserver/remap.config
else
echo "map http://${cdn_hostname}/ ${origin_scheme}://${origin_ip}:${origin_port}/" >> /etc/trafficserver/remap.config
fi
say @B"2 rules added." green
echo
}
function add_reverse_proxy
{
echo
echo "Please specify your proxy domain name (e.g., proxy.example.com):"
read proxy_hostname_add
echo "Please specify the origin website domain name (e.g., origin.example.com):"
read origin_hostname_add
echo "Please specify the origin website IP address (e.g., 88.88.88.88). If it has multiple IPs, any would work:"
read origin_ip_add
echo "Is the origin website using HTTPS or HTTP? Type 1 for HTTPS, or 2 for HTTP. If both works, then either is fine:"
read isHTTPS
if [ $isHTTPS = 1 ] ; then
config_mapping_reverse_proxy $proxy_hostname_add $origin_hostname_add https
else
config_mapping_reverse_proxy $proxy_hostname_add $origin_hostname_add http
fi
echo "${proxy_hostname_add} RevProxy ${origin_hostname_add}" >> /etc/trafficserver/hostsavailable.sun
echo "Would you like to configure SSL certificates for domain name ${proxy_hostname_add} now?"
echo "We can set up SSL with your own certificates, or can issue a free Let's Encrypt SSL certificate for you, if you have already pointed your domain to this server."
echo "How would you like to proceed?"
echo "1: I know the absolute path to my certificate files (private key, certificate, CA chain (optional))."
echo "2: I have pointed my domain name to this server, and I want a free Let's Encrypt certificate."
echo "3: I forgot the path to my certificate files, so I need to go back to SSH and find them; or I do not need SSL certificate for this domain."
echo "Please select 1, 2, or 3:"
read choice_ssl
case $choice_ssl in
1 ) config_ssl_non_le $proxy_hostname_add $origin_ip_add
;;
2 ) config_ssl_le $proxy_hostname_add $origin_ip_add
;;
3 ) config_ssl_later
;;
* ) echo "Error!"
exit 1
;;
esac
}
function add_cdn
{
echo
echo "Please specify your website domain name (e.g., example.com):"
read cdn_hostname_add
echo "Please specify the origin website IP address (e.g., 88.88.88.88). If it has multiple IPs, any would work:"
read origin_ip_add
echo "Is the origin website using HTTPS or HTTP? Type 1 for HTTPS, or 2 for HTTP. If both works, then either is fine:"
read isHTTPS
if [ $isHTTPS = 1 ] ; then
cdn_port=443
config_mapping_cdn $cdn_hostname_add $origin_ip_add https 443
else
cdn_port=80
config_mapping_cdn $cdn_hostname_add $origin_ip_add http 80
fi
echo
echo "${cdn_hostname_add} CDN ${origin_ip_add}:${cdn_port}" >> /etc/trafficserver/hostsavailable.sun
echo "Would you like to configure SSL certificates for domain name ${cdn_hostname_add} now?"
echo
echo "We can set up SSL with your own certificates, or can issue a free Let's Encrypt SSL certificate for you, if you have already pointed your domain to this server."
echo "How would you like to proceed?"
echo
echo "1: I know the absolute path to my certificate files (private key, certificate, CA chain (optional))."
echo "2: I have pointed my domain name to this server, and I want a free Let's Encrypt certificate."
echo "3: I forgot the path to my certificate files, so I need to go back to SSH and find them; or I do not need SSL certificate for this domain."
echo "Please select 1, 2, or 3:"
read choice_ssl
case $choice_ssl in
1 ) config_ssl_non_le $cdn_hostname_add $origin_ip_add
;;
2 ) config_ssl_le $cdn_hostname_add $origin_ip_add
;;
3 ) config_ssl_later
;;
* ) say "Error!" red
exit 1
;;
esac
}
function config_ssl_selection
{
# this function is only called from menu option 4.
echo "We can set up SSL with your own certificates, or can issue a free Let's Encrypt SSL certificate for you, if you have already pointed your domain to this server."
echo "How would you like to proceed?"
echo
echo "1: I know the absolute path to my certificate files (private key, certificate, CA chain (optional))."
echo "2: I have pointed my domain name to this server, and I want a free Let's Encrypt certificate."
echo "3: I forgot the path to my certificate files, so I need to go back to SSH and find them; or I do not need SSL certificate for this domain."
echo "Please select 1, 2, or 3:"
read choice_ssl
if [ $choice_ssl = 3 ] ; then
config_ssl_later
else
echo
echo "Please specify your domain name (e.g., qing.su): "
read ssl_hostname_add
echo "Please specify the origin server IP address (e.g., 88.88.88.88): "
read ssl_ip_add
case $choice_ssl in
1 ) config_ssl_non_le $ssl_hostname_add $ssl_ip_add
;;
2 ) config_ssl_le $ssl_hostname_add $ssl_ip_add
;;
3 ) config_ssl_later
;;
* ) say "Error!" red
exit 1
;;
esac
fi
}
function config_ssl_later
{
echo
echo "No problem! Please take your time and find your certificates."
echo "You can always run this script again and set up SSL certificates for your instances later."
echo "Simply choose Option 4 in the main menu."
/usr/local/bin/trafficserver restart
echo "Thank you for using this script! Have a nice day!"
exit 0
}
function display_license
{
echo
echo '*******************************************************************'
echo '* One-click CDN installation script *'
echo '* Version 0.1.0 *'
echo '* Author: shc (Har-Kuun) https://qing.su *'
echo '* https://github.com/Har-Kuun/OneClickCDN *'
echo '* Thank you for using this script. E-mail: [email protected] *'
echo '*******************************************************************'
}
function config_ssl_non_le
{
echo
echo "Please specify your private key file location (e.g., /etc/certs/qing.su.key): "
read priv_key_file
echo "Please specify your certificate file location (e.g., /etc/certs/qing.su.crt): "
read cert_file
echo "Is your certificate chained? (i.e., are CA-certficates already included in your certificate file?) [Y/N]:"
read is_chained
if [ "x${is_chained}" != "xY" ] && [ "x${is_chained}" != "xy" ]
then
echo "Please specify your CA-certificates file location (e.g., /etc/certs/qing.su.ca-bundle): "
read ca_cert_file
fi
# $1 is hostname and $2 is IP
echo "Configuring SSL certificates for $2..."
cp $priv_key_file /etc/trafficserver/ssl/$1.key
cp $cert_file /etc/trafficserver/ssl/$1.crt
if [ -f /etc/trafficserver/ssl/$1.crt ] && [ -f /etc/trafficserver/ssl/$1.key ] ; then
if [ "x${is_chained}" = "xY" ] || [ "x${is_chained}" = "xy" ] ; then
echo "dest_ip=$2 ssl_cert_name=$1.crt ssl_key_name=$1.key" >> /etc/trafficserver/ssl_multicert.config
else
cp $ca_cert_file /etc/trafficserver/ssl/$1.ca.crt
echo "dest_ip=$2 ssl_cert_name=$1.crt ssl_key_name=$1.key ssl_ca_name=$1.ca.crt" >> /etc/trafficserver/ssl_multicert.config
fi
say @B"SSL certificates successfully configured." green
echo "Origin IP: $2"
echo "Private key file: /etc/trafficserver/ssl/$1.key"
echo "Certificate file: /etc/trafficserver/ssl/$1.crt"
if [ "x${is_chained}" != "xY" ] ; then
echo "Intermediate certificate: /etc/trafficserver/ssl/$1.ca.crt"
fi
echo
else
say "SSL configuration failed!" red
echo "Please check the above log."
echo
exit 1
fi
chown -R nobody /etc/trafficserver/ssl/
chmod -R 0760 /etc/trafficserver/ssl/
echo
}
function config_ssl_le
{
origin_ip=$2
hostname_le=$1
echo
echo "Starting to issue free certificate from Let's Encrypt..."
echo "Please keep in mind that this feature is experimental..."
echo
echo "Stopping trafficserver..."
echo "Please input your e-mail address: "
read email_le
/usr/local/bin/trafficserver stop
systemctl stop trafficserver
certbot certonly --standalone --agree-tos --email $email_le -d $hostname_le
cp /etc/letsencrypt/live/${hostname_le}/fullchain.pem /etc/trafficserver/ssl/${hostname_le}.crt
cp /etc/letsencrypt/live/${hostname_le}/privkey.pem /etc/trafficserver/ssl/${hostname_le}.key
if [ -f /etc/trafficserver/ssl/${hostname_le}.key ] ; then
echo "dest_ip=${origin_ip} ssl_cert_name=${hostname_le}.crt ssl_key_name=${hostname_le}.key" >> /etc/trafficserver/ssl_multicert.config
say @B"SSL certificates successfully configured." green
echo "Origin IP: ${origin_ip}"
echo "Private key file: /etc/trafficserver/ssl/${hostname_le}.key"
echo "Certificate file: /etc/trafficserver/ssl/${hostname_le}.crt"
echo
else
say "Let's Encrypt SSL configuration failed!" red
echo "Please check the above log."
echo
exit 1
fi
chown -R nobody /etc/trafficserver/ssl/
chmod -R 0760 /etc/trafficserver/ssl/
systemctl start trafficserver
/usr/local/bin/trafficserver start
echo
}
function display_config_locations
{
echo
echo "General configurations: /etc/trafficserver/records.config"
echo "SSL: /etc/trafficserver/ssl_multicert.config"
echo "Mapping rules: /etc/trafficserver/remap.config"
echo "Cache rules: /etc/trafficserver/cache.config"
echo "Disk cache size: /etc/trafficserver/storage.config"
echo
echo "Log files location: /usr/local/var/log/trafficserver"
echo
echo "For other configurations, check the official wiki:"
echo "https://docs.trafficserver.apache.org/en/latest/admin-guide/files/records.config.en.html#configuration-variables"
echo
echo "Do not forget to restart Traffic Server after modifying config files."
echo "Simply run: \"trafficserver restart\""
echo "Thank you. Press return key to continue."
read catch_all_variable
echo
}
function view_stats
{
cat /etc/trafficserver/hostsavailable.sun
echo
echo "Please specify the website that you would like to check stats."
echo "Note: type in the Origin IP:Port of the origin website."
echo "For example, 88.88.88.88:443."
echo "Please specify:"
read view_stats_host
traffic_logstats -o $view_stats_host
echo
}
function display_useful_commands
{
echo
echo "View Traffic Server stats: traffic_top"
echo "Start/stop/restart Traffic Server: trafficserver start/stop/restart"
echo "Check whether Traffic Server is running: trafficserver status"
echo "Decode via header: traffic_via '[xXxXxX]'"
echo "Reload Traffic Server config files: traffic_ctl config reload"
echo
echo "You can always run this script again to add a CDN website, configure SSL certificates, check stats, etc."
echo
echo "Press return key to continue."
read catch_all_variable
}
function enable_header_rewriter
{
echo
echo "Setting up header rewriter..."
echo "header_rewrite.so /etc/trafficserver/header_rewrite.config" > /etc/trafficserver/plugin.config
touch /etc/trafficserver/header_rewrite.config
say @B"Header rewriter plugin enabled!" green
echo
}
function enable_CORS
{
echo
echo "Setting up cross-origin resource sharing headers..."
echo "rm-header Access-Control-Allow-Origin *" >> /etc/trafficserver/header_rewrite.config
echo "add-header Access-Control-Allow-Origin *" >> /etc/trafficserver/header_rewrite.config
say @B"CORS header added!" green
echo
}
function customize_server_header
{
echo
echo "How would you like your server to be called?"
read cdn_server_header
echo "OK. Setting server header now..."
echo "cond %\{SEND_RESPONSE_HDR_HOOK\} [AND]" >> /etc/trafficserver/header_rewrite.config
echo "cond %{HEADER:server} =ATS/${TS_VERSION}" >> /etc/trafficserver/header_rewrite.config
echo "set-header server \"${cdn_server_header}\"" >> /etc/trafficserver/header_rewrite.config
say @B"Server header set!" green
echo
}
function clear_all_cache
{
echo
echo "Stopping Traffic Server..."
/usr/local/bin/trafficserver stop
echo "Purging all cache..."
traffic_server -Cclear
say @B"Cache purged successfully." green
echo "Starting Traffic Server..."
/usr/local/bin/trafficserver start
echo
}
function purge_single_object
{
echo
echo "Please input the URL to the object that you'd like to purge from cache."
say @B"Please INCLUDE \"http://\" or \"https://\"." yellow
echo
read purge_object_url
read purge_object_domain_name <<< $(echo "$purge_object_url" | awk -F/ '{print $3}')
read purge_object_domain_name_protocol <<< $(echo "$purge_object_url" | awk -F: '{print $1}')
echo
cat /etc/trafficserver/hostsavailable.sun | grep $purge_object_domain_name >/dev/null
if [ $? = 0 ] ; then
if [ "x$purge_object_domain_name_protocol" = "xhttp" ] ; then
purge_object_result=$(curl -vX PURGE --resolve ${purge_object_domain_name}:80:127.0.0.1 ${purge_object_url} 2>&1 | grep " 200")
else
purge_object_result=$(curl -vX PURGE --resolve ${purge_object_domain_name}:443:127.0.0.1 ${purge_object_url} 2>&1 | grep " 200")
fi
if [ -n "$purge_object_result" ] ; then
say @B"Object ${purge_object_url} successfully purged from cache!" green
else
say "Purging ${purge_object_url} failed." red
say "Object not exist or already purged from cache." red
fi
else
say "Error!" red
say "Domain name $purge_object_domain_name does not exist on this server." red
fi
echo "Press enter to return to the main menu."
read catch_all_variable
echo
}
function purge_list_of_objects
{
echo
echo "You are about to purge a list of objects from cache."
say @B"Please specify the absolute path to the file containing the URL of objects." yellow
echo "One URL per line. Please include \"http://\" or \"https://\"."
read purge_object_list_file
echo
if [ -f $purge_object_list_file ] ; then
purge_object_list_result_file="${purge_object_list_file}_result"
printf "%-10s %-12s %s\n" "Type" "Status" "URL" > $purge_object_list_result_file
while read line; do
if [ "x$line" = "x" ] ; then
continue
fi
read purge_object_domain_name <<< $(echo "$line" | awk -F/ '{print $3}')
read purge_object_domain_name_protocol <<< $(echo "$line" | awk -F: '{print $1}')
cat /etc/trafficserver/hostsavailable.sun | grep $purge_object_domain_name >/dev/null
if [ $? = 0 ] ; then
if [ "x$purge_object_domain_name_protocol" = "xhttp" ] ; then
purge_object_result=$(curl -vX PURGE --resolve ${purge_object_domain_name}:80:127.0.0.1 ${line} 2>&1 | grep " 200")
else
purge_object_result=$(curl -vX PURGE --resolve ${purge_object_domain_name}:443:127.0.0.1 ${line} 2>&1 | grep " 200")
fi
if [ -n "$purge_object_result" ] ; then
say @B"PURGE SUCCESS ${line}" green
say @B"PURGE SUCCESS ${line}" green >> $purge_object_list_result_file
else
say "PURGE FAILURE ${line}" red
say "PURGE FAILURE ${line}" red >> $purge_object_list_result_file
fi
else
say "PURGE WRONG DOMAIN ${line}" red
say "PURGE WRONG DOMAIN ${line}" red >> $purge_object_list_result_file
fi
done < $purge_object_list_file
say @B"Completed!" green
say @B"Purging results have been saved to ${purge_object_list_result_file}." green
say @B"You can use \"cat ${purge_object_list_result_file}\" to display the result file." green
else
say "The file you specified does not exist." red
say "Please check." red
fi
echo "Press enter to return to the main menu."
read catch_all_variable
echo
}
function push_single_object
{
echo
echo "Please input the URL to the object that you'd like to push into cache."
say @B"Please INCLUDE \"http://\" or \"https://\"." yellow
echo
read push_object_url
read push_object_domain_name <<< $(echo "$push_object_url" | awk -F/ '{print $3}')
echo
cat /etc/trafficserver/hostsavailable.sun | grep $push_object_domain_name >/dev/null
if [ $? = 0 ] ; then
curl -s -i -o temp "$push_object_url"
cat temp | grep " 200" >/dev/null
if [ $? = 0 ] ; then
curl -s -o /dev/null -X PUSH --data-binary temp "$push_object_url"
say @B"Object $push_object_url successfully pushed into cache!" green
rm -f temp
else
say "Pushing $push_object_url failed." red
say @B"The requested URL cannot be fetched from the Origin server." red
rm -f temp
fi
else
say "Error!" red
say "Domain name $push_object_domain_name does not exist on this server." red
fi
echo "Press enter to return to the main menu."
read catch_all_variable
echo
}
function push_list_of_objects
{
echo
echo "You are about to push a list of objects into cache."
say @B"Please specify the absolute path to the file containing the URL of objects." yellow
echo "One URL per line. Please include \"http://\" or \"https://\"."
read push_object_list_file
echo
if [ -f $push_object_list_file ] ; then
push_object_list_result_file="${push_object_list_file}_result"
printf "%-10s %-12s %s\n" "Type" "Status" "URL" > $push_object_list_result_file
while read line; do
if [ "x$line" = "x" ] ; then
continue
fi
read push_object_domain_name <<< $(echo "$line" | awk -F/ '{print $3}')
cat /etc/trafficserver/hostsavailable.sun | grep $push_object_domain_name >/dev/null
if [ $? = 0 ] ; then
curl -s -i -o temp "$line"
cat temp | grep " 200" >/dev/null
if [ $? = 0 ] ; then
curl -s -o /dev/null -X PUSH --data-binary temp "$line"
say @B"PUSH SUCCESS ${line}" green
say @B"PUSH SUCCESS ${line}" green >> $push_object_list_result_file
rm -f temp
else
say "PUSH FAILURE ${line}" red
say "PUSH FAILURE ${line}" red >> $push_object_list_result_file
rm -f temp
fi
else
say "PUSH WRONG DOMAIN ${line}" red
say "PUSH WRONG DOMAIN ${line}" red >> $push_object_list_result_file
fi
done < $push_object_list_file
say @B"Completed!" green
say @B"Pushing results have been saved to ${push_object_list_result_file}." green
say @B"You can use \"cat ${push_object_list_result_file}\" to display the result file." green
else
say "The file you specified does not exist." red
say "Please check." red
fi
echo "Press enter to return to the main menu."
read catch_all_variable
echo
}
function advanced_cache_control
{
echo
echo "This submenu allows you to add/remove objects to/from cache."
while [ $key != 0 ] ; do
echo
say @B"Advanced cache control." cyan
echo "1 - Purge all cache."
echo "2 - Remove a single object from cache."
echo "3 - Remove a list of objects from cache."
# echo "4 - Push a single object into cache. (experimental)"
# echo "5 - Push a list of objects into cache. (experimental)"
echo "0 - Return to main menu."
echo "Please select 1/2/3/4/5/0: "
read cache_menu_key
case $cache_menu_key in
1 ) clear_all_cache
;;
2 ) purge_single_object
;;
3 ) purge_list_of_objects
;;
4 ) push_single_object
;;
5 ) push_list_of_objects
;;
0 ) break
;;
esac
done
echo
}
function change_cdn_ip
{
echo
echo "Please tell me your old Origin server IP. No domain name required."
read old_ip
echo "OK. Then tell me your new Origin server IP. No domain name required."
read new_ip
sed -i "s/$old_ip/$new_ip/g" /etc/trafficserver/hostsavailable.sun
sed -i "s/$old_ip/$new_ip/g" /etc/trafficserver/ssl_multicert.config
sed -i "s/$old_ip/$new_ip/g" /etc/trafficserver/remap.config
say @B"IP changed from ${old_ip} to ${new_ip}" green