From 7654c45531cff422e94cefde2341e532a4267a48 Mon Sep 17 00:00:00 2001 From: deadcxap Date: Tue, 17 Mar 2026 15:11:59 +0300 Subject: [PATCH] =?UTF-8?q?=D0=BF=D0=B5=D1=80=D0=B5=D0=B5=D0=B7=D0=B4=20?= =?UTF-8?q?=D0=B2=20=D0=BF=D0=B0=D0=BF=D0=BA=D1=83=20=D0=BA=D0=BE=D0=BC?= =?UTF-8?q?=D0=BF=D0=BE=D0=B7=D0=B0,=20logrotate?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- node/remnawave/docker-compose.yml | 10 ++--- node/remnawave/init.sh | 66 +++++++++++++++++++++++-------- setup.sh | 2 +- 3 files changed, 56 insertions(+), 22 deletions(-) diff --git a/node/remnawave/docker-compose.yml b/node/remnawave/docker-compose.yml index 193c06f..597ec67 100644 --- a/node/remnawave/docker-compose.yml +++ b/node/remnawave/docker-compose.yml @@ -6,10 +6,10 @@ services: restart: always volumes: - ./nginx.conf:/etc/nginx/conf.d/default.conf:ro - - /etc/certwardenclient/certchain.pem:/etc/nginx/ssl/site/fullchain.pem:ro - - /etc/certwardenclient/key.pem:/etc/nginx/ssl/site/privkey.pem:ro + - ./certs/certchain.pem:/etc/nginx/ssl/site/fullchain.pem:ro + - ./certs/key.pem:/etc/nginx/ssl/site/privkey.pem:ro - /dev/shm:/dev/shm:rw - - /var/www/html:/var/www/html:ro + - ./site:/var/www/html:ro command: sh -c 'rm -f /dev/shm/nginx.sock && nginx -g "daemon off;"' network_mode: host depends_on: @@ -36,7 +36,7 @@ services: - path: /opt/remnawave/.env-node volumes: - /dev/shm:/dev/shm:rw - - /var/log/remnanode:/var/log/remnanode + - ./logs:/var/log/remnanode ulimits: nofile: soft: 1048576 @@ -58,7 +58,7 @@ services: env_file: - .env-node volumes: - - /etc/certwardenclient:/opt/certwarden/certs + - ./certs:/opt/certwarden/certs - /var/run/docker.sock:/var/run/docker.sock logging: driver: 'json-file' diff --git a/node/remnawave/init.sh b/node/remnawave/init.sh index ab00200..37e352d 100644 --- a/node/remnawave/init.sh +++ b/node/remnawave/init.sh @@ -16,6 +16,17 @@ SELF_PATH="$(readlink -f "$0" 2>/dev/null || realpath "$0" 2>/dev/null || printf SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" COMPOSE_FILE="$SCRIPT_DIR/docker-compose.yml" +SITE_DIR="$SCRIPT_DIR/site" +SITE_BAC_DIR="$SCRIPT_DIR/site_bac" +CERT_DIR="$SITE_DIR/certs" +CERT_FILE="$CERT_DIR/certchain.pem" +KEY_FILE="$CERT_DIR/key.pem" +ENV_FILE="$SCRIPT_DIR/.env-node" +NGINX_TEMPLATE="$SCRIPT_DIR/nginx.conf.template" +NGINX_CONF="$SCRIPT_DIR/nginx.conf" +LOG_DIR="$SCRIPT_DIR/logs" +LOGROTATE_DIR="/etc/logrotate.d" +LOGROTATE_CONF="$LOGROTATE_DIR/remnanode" # --- Шаг 1: загрузка случайного шаблона сайта --- TMP_DIR=$(mktemp -d) @@ -23,15 +34,15 @@ trap 'rm -rf "$TMP_DIR"' EXIT git clone --depth 1 https://github.com/distillium/sni-templates "$TMP_DIR" >/dev/null 2>&1 TEMPLATE_DIR=$(find "$TMP_DIR" -mindepth 1 -maxdepth 1 -type d ! -name '.git' | shuf -n 1) -if [ -d /var/www/html ] && [ "$(ls -A /var/www/html 2>/dev/null)" ]; then - rm -rf /var/www/html_bac - mv /var/www/html /var/www/html_bac +if [ -d $SITE_DIR ] && [ "$(ls -A $SITE_DIR 2>/dev/null)" ]; then + rm -rf $SITE_BAC_DIR + mv $SITE_DIR $SITE_BAC_DIR else - rm -rf /var/www/html + rm -rf $SITE_DIR fi -mkdir -p /var/www/html -cp -R "$TEMPLATE_DIR"/. /var/www/html/ -rm -rf /var/www/html/.git +mkdir -p $SITE_DIR +cp -R "$TEMPLATE_DIR"/. $SITE_DIR +rm -rf $SITE_DIR/.git # --- Шаг 2: создание докер-сети --- # N=$(awk '/^networks:/,/^[^[:space:]]/{if($1=="name:"){print $2; exit}}' "$COMPOSE_FILE"); N=${N:-proxy} @@ -45,7 +56,6 @@ read -rp "CW_CLIENT_AES_KEY_BASE64: " CW_CLIENT_AES_KEY_BASE64 read -rp "CW_CLIENT_KEY_APIKEY: " CW_CLIENT_KEY_APIKEY read -rp "CW_CLIENT_CERT_APIKEY: " CW_CLIENT_CERT_APIKEY -ENV_FILE="$SCRIPT_DIR/.env-node" touch "$ENV_FILE" update_env_var() { @@ -63,8 +73,6 @@ update_env_var CW_CLIENT_AES_KEY_BASE64 "$CW_CLIENT_AES_KEY_BASE64" update_env_var CW_CLIENT_KEY_APIKEY "$CW_CLIENT_KEY_APIKEY" update_env_var CW_CLIENT_CERT_APIKEY "$CW_CLIENT_CERT_APIKEY" -NGINX_TEMPLATE="$SCRIPT_DIR/nginx.conf.template" -NGINX_CONF="$SCRIPT_DIR/nginx.conf" sed \ -e "s|__NODE_DOMAIN__|$NODE_DOMAIN|g" \ "$NGINX_TEMPLATE" > "$NGINX_CONF" @@ -73,18 +81,12 @@ sed \ read -rp "IP или домен центрального сервера: " CENTRAL_HOST CENTRAL_IP=$(getent ahosts "$CENTRAL_HOST" | awk '{print $1; exit}') if [ -n "$CENTRAL_IP" ]; then -# iptables -C INPUT -p tcp -s "$CENTRAL_IP" --dport "$NODE_PORT" -j ACCEPT 2>/dev/null \ -# || iptables -I INPUT -p tcp -s "$CENTRAL_IP" --dport "$NODE_PORT" -j ACCEPT ufw allow from "$CENTRAL_IP" to any port "$NODE_PORT" proto tcp comment "PANEL" && ufw reload fi # --- Шаг 5: запуск docker compose --- docker compose -f "$COMPOSE_FILE" up -d certwardenclient -CERT_DIR="/etc/certwardenclient" -CERT_FILE="$CERT_DIR/certchain.pem" -KEY_FILE="$CERT_DIR/key.pem" - echo "Ждём появления сертификатов..." for i in {1..120}; do @@ -107,5 +109,37 @@ fi docker compose -f "$COMPOSE_FILE" up -d +# логи +mkdir -p "$LOG_DIR" +sudo mkdir -p $LOGROTATE_DIR + +TMP_LOGROTATE_CONF="$(mktemp)" +cat > "$TMP_LOGROTATE_CONF" </dev/null < "$TMP_LOGROTATE_CONF" + fi +else + echo "creating logrotate config: $LOGROTATE_CONF" + sudo tee "$LOGROTATE_CONF" >/dev/null < "$TMP_LOGROTATE_CONF" +fi +trap 'rm -rf "$TMP_LOGROTATE_CONF"' EXIT + +sudo logrotate -vf /etc/logrotate.d/remnanode + echo "Инициализация завершена успешно" rm -f -- "$SELF_PATH" \ No newline at end of file diff --git a/setup.sh b/setup.sh index d678401..94b667f 100644 --- a/setup.sh +++ b/setup.sh @@ -312,7 +312,7 @@ dcur() { docker compose pull && docker compose down && docker compose up -d && docker compose logs -f -t } alias ..='cd ..' -alias ll='eza -lahgF --icons --group-directories-first' +alias lll='eza -lahgF --icons --group-directories-first' alias bat='batcat' EOF # /etc/profile подхватывает readable *.sh из /etc/profile.d для всех пользователей