diff --git a/server/proxy/service/subscription-server.js b/server/proxy/service/subscription-server.js index b1a1426a..5fdbb19a 100644 --- a/server/proxy/service/subscription-server.js +++ b/server/proxy/service/subscription-server.js @@ -560,9 +560,21 @@ const server = http.createServer((req, res) => { res.end('Not Found'); }); -server.listen(PORT, '0.0.0.0', () => { - console.log(`🌐 铸渊专线订阅服务已启动: http://0.0.0.0:${PORT}`); +server.listen(PORT, '127.0.0.1', () => { + console.log(`🌐 铸渊专线订阅服务已启动: http://127.0.0.1:${PORT}`); console.log(` 订阅端点: /sub/{token}`); console.log(` 配额查询: /quota`); console.log(` 健康检查: /health`); }); + +// Graceful shutdown +function gracefulShutdown(signal) { + console.log(`\n${signal} received. Shutting down gracefully...`); + server.close(() => { + console.log('Server closed.'); + process.exit(0); + }); + setTimeout(() => { process.exit(1); }, 5000); +} +process.on('SIGTERM', () => gracefulShutdown('SIGTERM')); +process.on('SIGINT', () => gracefulShutdown('SIGINT')); diff --git a/server/proxy/setup/generate-keys.sh b/server/proxy/setup/generate-keys.sh index 3c81af78..5866c55a 100644 --- a/server/proxy/setup/generate-keys.sh +++ b/server/proxy/setup/generate-keys.sh @@ -18,6 +18,11 @@ set -uo pipefail # 注意: 不使用 set -e,手动处理错误以确保密钥生成的健壮性 +# 清理临时文件 +_TMPFILES=() +cleanup_tmp() { for f in "${_TMPFILES[@]}"; do rm -f "$f" 2>/dev/null; done; } +trap cleanup_tmp EXIT + # 工具函数: 将二进制数据转为base64url编码 to_base64url() { base64 | tr '+/' '-_' | tr -d '=' @@ -46,6 +51,7 @@ if command -v xray &>/dev/null; then # 捕获stdout和stderr分别处理 KEYS_STDERR_FILE=$(mktemp) + _TMPFILES+=("$KEYS_STDERR_FILE") KEYS_OUTPUT=$(xray x25519 2>"$KEYS_STDERR_FILE") || true KEYS_STDERR=$(cat "$KEYS_STDERR_FILE" 2>/dev/null) || true rm -f "$KEYS_STDERR_FILE" @@ -117,13 +123,24 @@ fi if [ -z "$PRIVATE_KEY" ]; then echo " ⚠️ 所有X25519生成方法均失败,使用随机占位密钥" echo " ⚠️ 请在服务器上手动运行: xray x25519" + echo " ⚠️ Reality公钥为占位符,VPN不可用直到手动替换" PRIVATE_KEY=$(openssl rand 32 | to_base64url | head -c 43) PUBLIC_KEY="PLACEHOLDER_REGENERATE_WITH_XRAY_X25519" HAS_ERROR=1 fi +echo "" echo "ZY_PROXY_REALITY_PRIVATE_KEY=$PRIVATE_KEY" -echo "ZY_PROXY_REALITY_PUBLIC_KEY=$PUBLIC_KEY" +if [ "$PUBLIC_KEY" = "PLACEHOLDER_REGENERATE_WITH_XRAY_X25519" ]; then + echo "ZY_PROXY_REALITY_PUBLIC_KEY=$PUBLIC_KEY" + echo "" + echo "❌ 公钥生成失败!请在服务器上手动执行以下步骤:" + echo " 1. SSH到服务器: ssh root@your-server" + echo " 2. 运行: xray x25519" + echo " 3. 将输出的Public key添加到GitHub Secrets: ZY_PROXY_REALITY_PUBLIC_KEY" +else + echo "ZY_PROXY_REALITY_PUBLIC_KEY=$PUBLIC_KEY" +fi # ── 生成ShortId ────────────────────────────── SHORT_ID=$(openssl rand -hex 8 || head -c 8 /dev/urandom | xxd -p)