William/tuic_docker
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

增加开放端口步骤

Browse Source
This commit is contained in:
Olia Lisa 2026-01-23 17:55:18 +08:00
parent 811c351e8a
commit 83d0c83c8a
2 changed files with 94 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

83
bin/update_port.sh
View File

@ -73,6 +73,88 @@ find_free_port() {
return 1 return 1
} }
# ==========================================
# 函数名: manage_port
# 参数1: allow 或 deny (操作类型)
# 参数2: 端口号
# --- 使用示例 ---
# 开启端口 8888
# manage_port allow 8888
# 关闭端口 8888
# manage_port deny 8888
# ==========================================
manage_port() {
local ACTION=$1
local PORT=$2
if [[ -z "$PORT" ]]; then
echo "错误: 未提供端口号"
return 1
fi
# 统一转换为小写,增强鲁棒性
ACTION=$(echo "$ACTION" | tr '[:upper:]' '[:lower:]')
echo "--- 正在对端口 $PORT 执行 $ACTION 操作 ---"
# 1. 防火墙 (Firewall) 逻辑处理
if command -v firewall-cmd >/dev/null 2>&1 && systemctl is-active --quiet firewalld; then
# CentOS/RHEL/Fedora (firewalld)
if [ "$ACTION" == "allow" ]; then
sudo firewall-cmd --zone=public --add-port=${PORT}/tcp --permanent
sudo firewall-cmd --zone=public --add-port=${PORT}/udp --permanent
elif [ "$ACTION" == "deny" ]; then
sudo firewall-cmd --zone=public --remove-port=${PORT}/tcp --permanent
sudo firewall-cmd --zone=public --remove-port=${PORT}/udp --permanent
fi
sudo firewall-cmd --reload
echo "[OK] firewalld 规则已更新 ($ACTION)"
elif command -v ufw >/dev/null 2>&1 && systemctl is-active --quiet ufw; then
# Ubuntu/Debian (ufw)
if [ "$ACTION" == "allow" ]; then
sudo ufw allow ${PORT}/tcp
sudo ufw allow ${PORT}/udp
elif [ "$ACTION" == "deny" ]; then
sudo ufw delete allow ${PORT}/tcp
sudo ufw delete allow ${PORT}/udp
fi
echo "[OK] ufw 规则已更新 ($ACTION)"
else
# 兜底方案 (iptables)
# allow 使用 -I (Insert) 插入到规则首行deny 使用 -D (Delete)
local FLAG=$([ "$ACTION" == "allow" ] && echo "-I" || echo "-D")
sudo iptables $FLAG INPUT -p tcp --dport ${PORT} -j ACCEPT 2>/dev/null
sudo iptables $FLAG INPUT -p udp --dport ${PORT} -j ACCEPT 2>/dev/null
echo "[OK] iptables 规则已执行 ($ACTION)"
fi
# 2. SELinux 逻辑处理
if command -v getenforce >/dev/null 2>&1; then
local SELINUX_STATUS=$(getenforce)
if [ "$SELINUX_STATUS" == "Enforcing" ]; then
if command -v semanage >/dev/null 2>&1; then
if [ "$ACTION" == "allow" ]; then
# 尝试添加,若存在则尝试修改
sudo semanage port -a -t http_port_t -p tcp ${PORT} 2>/dev/null || \
sudo semanage port -m -t http_port_t -p tcp ${PORT}
elif [ "$ACTION" == "deny" ]; then
sudo semanage port -d -t http_port_t -p tcp ${PORT} 2>/dev/null
fi
echo "[OK] SELinux 端口权限已更新 ($ACTION)"
else
# 如果没装 semanage在 allow 时开启全局布尔值deny 时通常保持不变以防影响其他业务
if [ "$ACTION" == "allow" ]; then
echo "[!] 警告: 未找到 semanage尝试开启全局网络连接开关..."
sudo setsebool -P httpd_can_network_connect 1
fi
fi
fi
fi
}
update_port(){ update_port(){
local script_dir="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" # 脚本文件夹绝对路径 local script_dir="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" # 脚本文件夹绝对路径
@ -80,6 +162,7 @@ update_port(){
local port=$(find_free_port) local port=$(find_free_port)
modify_json_file "$config_dir/config.json" ".inbounds[0].listen_port" "$port" modify_json_file "$config_dir/config.json" ".inbounds[0].listen_port" "$port"
manage_port allow "$port"
echo "设置端口成功" echo "设置端口成功"
} }

9
install.sh
View File

@ -37,6 +37,12 @@ install(){
} }
get_listen_port(){
local port=$(jq ./config/config.json ".inbounds[0].listen_port")
echo $port
}
main(){ main(){
# 显示菜单 # 显示菜单
echo "请选择一个操作:" echo "请选择一个操作:"
@ -59,12 +65,14 @@ main(){
# 一键部署 # 一键部署
install install
create_config create_config
prot_manage allow $(get_listen_port)
run run
print_share_link print_share_link
;; ;;
2) 2)
# 生成配置 / 重置配置 # 生成配置 / 重置配置
create_config create_config
prot_manage allow $(get_listen_port)
;; ;;
3) 3)
# 查看分享链接 # 查看分享链接
@ -81,6 +89,7 @@ main(){
# 修改端口 # 修改端口
check_config_file check_config_file
update_port update_port
prot_manage allow $(get_listen_port)
restart_docker restart_docker
;; ;;
6) 6)