Show warning if PasswordAuthentication is enable in ssh

common/jinja.py

@@ -3,7 +3,7 @@
 import json5
 import json
 import subprocess
-with open('/opt/hiddify-server/current.json') as f:
+with open('c:/users/me/desktop/current.json') as f:
     configs = json.load(f)
 
 
@@ -16,11 +16,10 @@ def exec(command):
         print(e.output)
     return ""
 
-
 def render_j2_templates(start_path):
     # Set up the Jinja2 environment
     env = Environment(loader=FileSystemLoader('/'))
-
+    
     for root, dirs, files in os.walk(start_path):
         for file in files:
             if file.endswith('.j2'):
@@ -42,11 +41,11 @@ def render_j2_templates(start_path):
                     except Exception as e:
                         print(f"Error parsing json: {e}")
 
-                with open(output_file_path, 'w') as output_file:
+                with open(output_file_path, 'w',encoding='utf-8') as output_file:
                     output_file.write(rendered_content)
 
                 # print(f'Rendered and stored: {output_file_path}')
 
 
-start_path = '/opt/hiddify-server/'
+start_path = '/Users/me/Hiddify-Server/other/telegram/tgo/'
 render_j2_templates(start_path)

common/run.sh

@@ -101,6 +101,31 @@ for PORT in "${TCP_PORTS[@]}"; do
   allow_port $PORT
 done
 
+# Check if PasswordAuthentication is enabled 
+if grep -Fxq "PasswordAuthentication yes" /etc/ssh/sshd_config; then
+
+  # Set ssh warning banner
+  if [ ! -f /etc/ssh/hiddify-warning]; then
+    # @hiddify/@iam54r1n4 make a better message with a link to why should disable pass-auth
+    MSG="WARNING: Please disable PasswordAuthentication in your ssh config file !!!"
+    source ./utils.sh
+    error $MSG > /etc/ssh/hiddify-warning 2>&1
+  fi
+
+  if ! grep -Fxq "Banner /etc/ssh/hiddify-warning" /etc/ssh/sshd_config; then
+    # Enable banner in sshd_config
+    echo "Banner /etc/ssh/hiddify-warning" >> /etc/ssh/sshd_config
+  fi
+
+else
+  # Disable banner in sshd_config
+  if grep -Fxq "Banner /etc/ssh/hiddify-warning" /etc/ssh/sshd_config; then
+    sed -i "s|Banner /etc/ssh/hiddify-warning||g" /etc/ssh/sshd_config
+fi
+# Restart sshd/ssh
+sudo systemctl restart sshd.service
+sudo systemctl restart ssh.service
+
 if [[ $ENABLE_FIREWALL == true ]]; then
   iptables -P INPUT DROP
   ip6tables -P INPUT DROP

nginx/conf.d/singbox-base.conf.template → nginx/conf.d/singbox-base.conf.j2

@@ -3,21 +3,21 @@ server {
     set_real_ip_from unix:;
     real_ip_header proxy_protocol;
 
-    location /PATH_VLESSPATH_GRPC {
+    location /{{ hconfigs['path_vless']}}{{ hconfigs['path_grpc']}} {
         include /opt/hiddify-server/nginx/parts/grpc.conf;
         grpc_pass 127.0.0.1:2023;
     }
-    location /PATH_VMESSPATH_GRPC {
+    location /{{ hconfigs['path_vmess']}}{{ hconfigs['path_grpc']}} {
         include /opt/hiddify-server/nginx/parts/grpc.conf;
         grpc_pass 127.0.0.1:2033;
     }
-    location /PATH_SSPATH_GRPC {
+    location /{{ hconfigs['path_ss']}}{{ hconfigs['path_grpc']}} {
         include /opt/hiddify-server/nginx/parts/grpc.conf;
         grpc_pass unix:/opt/hiddify-server/xray/run/ssg.sock;
     }
-    location /PATH_TROJANPATH_GRPC {
+    location /{{ hconfigs['path_trojan']}}{{ hconfigs['path_grpc']}} {
         include /opt/hiddify-server/nginx/parts/grpc.conf;
         grpc_pass 127.0.0.1:2013;
     }
-    include /opt/GITHUB_REPOSITORY/nginx/parts/hiddify.conf;
+    include /opt/hiddify-server/nginx/parts/hiddify.conf;
 }

nginx/conf.d/speedtest.conf.template → nginx/conf.d/speedtest.conf.j2

@@ -31,7 +31,7 @@ server_name _ localhost;
         # Otherwise you will see abnormal Upload Speeds.
         # Nginx Server Windows SSL Performance was very poor! Better use Linux if you need SSL support.
 
-        root /opt/GITHUB_REPOSITORY/other/speedtest/;
+        root /opt/hiddify-server/other/speedtest/;
         index index.html;
         client_max_body_size 10000M;
         error_page  405     =200 $uri;

nginx/conf.d/xray-base.conf.template → nginx/conf.d/xray-base.conf.j2

@@ -2,15 +2,15 @@
 #     listen 501 proxy_protocol default_server;
 #     listen 502 http2 proxy_protocol default_server;
 #     server_name _;
-#     include /opt/GITHUB_REPOSITORY/nginx/hiddify.conf;
+#     include /opt/hiddify-server/nginx/hiddify.conf;
 # } #Restrict domain name access (prohibit access to the website by IP) and return 400
 
 # HTTP1 UDS listener
 server {
     listen 127.0.0.1:501 proxy_protocol; #HTTP/1.1 server monitor process and enable PROXY protocol reception
     listen unix:/opt/hiddify-server/nginx/run/h1.sock proxy_protocol;
     server_name _;
-    include /opt/GITHUB_REPOSITORY/nginx/parts/hiddify.conf;
+    include /opt/hiddify-server/nginx/parts/hiddify.conf;
     set_real_ip_from unix:;
     real_ip_header proxy_protocol;
 }
@@ -22,10 +22,10 @@ server {
     server_name _;
     set_real_ip_from unix:;
     real_ip_header proxy_protocol;
-    include /opt/GITHUB_REPOSITORY/nginx/parts/proxy_path.conf;
+    include /opt/hiddify-server/nginx/parts/proxy_path.conf;
 
     # Decoy website
-    include /opt/GITHUB_REPOSITORY/nginx/parts/hiddify.conf;
+    include /opt/hiddify-server/nginx/parts/hiddify.conf;
 }
 
 server {
@@ -34,7 +34,7 @@ server {
 
     set_real_ip_from unix:;
     real_ip_header "X-Real-IP";
-    include /opt/GITHUB_REPOSITORY/nginx/parts/proxy_path.conf;   
+    include /opt/hiddify-server/nginx/parts/proxy_path.conf;   
     # Decoy website
-    include /opt/GITHUB_REPOSITORY/nginx/parts/hiddify.conf;
+    include /opt/hiddify-server/nginx/parts/hiddify.conf;
 }

nginx/parts/common.conf.template → nginx/parts/common.conf.j2

@@ -1,76 +1,76 @@
 
-# location ~* "/BASE_PROXY_PATH/(?<guid1>\w{8})[\-]?(?<guid2>\w{4})[\-]?(?<guid3>\w{4})[\-]?(?<guid4>\w{4})[\-]?(?<guid5>\w{12})/(?<path>.*)" {
+# location ~* "/{{ hconfigs['proxy_path'] }}/(?<guid1>\w{8})[\-]?(?<guid2>\w{4})[\-]?(?<guid3>\w{4})[\-]?(?<guid4>\w{4})[\-]?(?<guid5>\w{12})/(?<path>.*)" {
 #   set $guid "$guid1-$guid2-$guid3-$guid4-$guid5";
 #   set $usersecret "$guid1$guid2$guid3$guid4$guid5";
-#   proxy_pass http://localhost:9000/BASE_PROXY_PATH/$guid/$path; 
+#   proxy_pass http://localhost:9000//{{ hconfigs['proxy_path'] }}/$guid/$path; 
 # }
-if ($request_uri ~ "^/BASE_PROXY_PATH/redirect/(.*)(%3A%2F%2F|://)(.*)$") {
+if ($request_uri ~ "^/{{ hconfigs['proxy_path'] }}/redirect/(.*)(%3A%2F%2F|://)(.*)$") {
   return 307 $1://$3;
 }
-location /BASE_PROXY_PATH/ADMIN_SECRET/admin/netdata/ {
+location /{{ hconfigs['proxy_path'] }}/{{ hconfigs['admin_secret'] }}/admin/netdata/ {
 	proxy_pass  http://localhost:19999/;
 	error_page 301 302 307 = @handle_redirect;
 }
-location /BASE_PROXY_PATH/ADMIN_SECRET/admin/stats/ {
+location /{{ hconfigs['proxy_path'] }}/{{ hconfigs['admin_secret'] }}/admin/stats/ {
 	proxy_pass  http://localhost:8181/;
   sub_filter '="/' '="';
   sub_filter_once off;
 	error_page 301 302 307 = @handle_redirect;
 }
 
-location /BASE_PROXY_PATH/ghr/ {
+location /{{ hconfigs['proxy_path'] }}/ghr/ {
   #for proxy github raw
   proxy_set_header Host raw.githubusercontent.com;
   set $upstream https://raw.githubusercontent.com:443/;
   proxy_pass $upstream;
 }
 
-location /BASE_PROXY_PATH/gho/ {
+location /{{ hconfigs['proxy_path'] }}/gho/ {
   #for proxy github object
   proxy_set_header Host objects.githubusercontent.com;
   set $upstream https://objects.githubusercontent.com:443/;
   proxy_pass $upstream;
 }
 
-location /BASE_PROXY_PATH/gh/ {
+location /{{ hconfigs['proxy_path'] }}/gh/ {
   #for proxy github
   resolver 8.8.8.8;
   proxy_set_header Host github.com;
   proxy_pass https://github.com:443/;
   #proxy_pass $upstream;
-  proxy_redirect https://raw.githubusercontent.com/ https://$host/BASE_PROXY_PATH/ghr/;
-  proxy_redirect https://objects.githubusercontent.com/ https://$host/BASE_PROXY_PATH/gho/;
+  proxy_redirect https://raw.githubusercontent.com/ https://$host/{{ hconfigs['proxy_path'] }}/ghr/;
+  proxy_redirect https://objects.githubusercontent.com/ https://$host/{{ hconfigs['proxy_path'] }}/gho/;
 
   proxy_set_header Accept-Encoding "";
   sub_filter_once off;
-  sub_filter    https://github.com/ /BASE_PROXY_PATH/gh/;
-  sub_filter    href="/ href="/BASE_PROXY_PATH/gh/;
-  sub_filter    src="/ src="/BASE_PROXY_PATH/gh/;
+  sub_filter    https://github.com/ /{{ hconfigs['proxy_path'] }}/gh/;
+  sub_filter    href="/ href="/{{ hconfigs['proxy_path'] }}/gh/;
+  sub_filter    src="/ src="/{{ hconfigs['proxy_path'] }}/gh/;
 }
 
 
 
 
-location /BASE_PROXY_PATH/clash/ {
+location /{{ hconfigs['proxy_path'] }}/clash/ {
   #for clash configs
-   alias /opt/GITHUB_REPOSITORY/clash/;
+   alias /opt/hiddify-server/clash/;
    types { }   default_type "text/plain";
    sub_filter_types text/plain;
-   #include /opt/GITHUB_REPOSITORY/nginx/replace.conf;
+   #include /opt/hiddify-server/nginx/replace.conf;
    sub_filter_once off;
 }
 
-location /BASE_PROXY_PATH/dns/ {
-  # use it in your browser as https://defaultserverhost/BASE_PROXY_PATH/dns/dns-query{?dns}
+location /{{ hconfigs['proxy_path'] }}/dns/ {
+  # use it in your browser as https://defaultserverhost/{{ hconfigs['proxy_path'] }}/dns/dns-query{?dns}
   set $upstream https://dns.google:443/; 
   proxy_pass $upstream;
 
 }
-location /BASE_PROXY_PATH/speedtest/ {
+location /{{ hconfigs['proxy_path'] }}/speedtest/ {
   client_max_body_size 10000M;
   proxy_pass          http://localhost:438/;
 }
-location /BASE_PROXY_PATH/static {
+location /{{ hconfigs['proxy_path'] }}/static {
   tcp_nodelay       on;
   keepalive_timeout 65;
   add_header X-Robots-Tag "noindex, nofollow";
@@ -80,14 +80,14 @@ location /BASE_PROXY_PATH/static {
   add_header Cache-Control "public, no-transform";
   alias PANEL_STATIC_ROOT;
 }
-location /BASE_PROXY_PATH/ {
+location /{{ hconfigs['proxy_path'] }}/ {
   proxy_set_header Host $host;
   proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
   proxy_set_header X-Real-IP $remote_addr;
   add_header X-Robots-Tag "noindex, nofollow";
 
-  #proxy_pass http://localhost:9000/BASE_PROXY_PATH/; 
-  #proxy_pass http://unix:/run/hiddifypanel.sock:/BASE_PROXY_PATH/;
+  #proxy_pass http://localhost:9000/{{ hconfigs['proxy_path'] }}/; 
+  #proxy_pass http://unix:/run/hiddifypanel.sock:/{{ hconfigs['proxy_path'] }}/;
   include uwsgi_params;
   uwsgi_pass localhost:9001;
   error_page 301 302 307 = @handle_redirect;

nginx/parts/def-link.conf.template → nginx/parts/def-link.conf.j2

@@ -1,14 +1,21 @@
 location = / {
-	if ($time_iso8601 ~ "^TEMP_LINK_VALID_TIME" ) { 
-		add_header Content-Type text/html;
-		return 200 "BASE_PROXY_PATH/ADMIN_SECRET/admin/quick-setup/ <script> document.location='BASE_PROXY_PATH/ADMIN_SECRET/admin/quick-setup/'</script>";
-		#return 307  ADMIN_SECRET/config;
-	}
+
+	{% if hconfigs['first_setup']%}
+		{% set  nextH=exec("printf '%02d' $(($(date '+%H') + 1))") %}
+		{% set  nowDatetime=exec('date "+%Y-%m-%dT(%H|"') %}
+		{% set  TEMP_LINK_VALID_TIME= nowDatetime + nextH + ")"%}
+		if ($time_iso8601 ~ "^{{TEMP_LINK_VALID_TIME}}" ) {
+			add_header Content-Type text/html;
+			return 200 "{{ hconfigs['proxy_path'] }}/{{ hconfigs['admin_secret'] }}/admin/quick-setup/ <script> document.location='{{ hconfigs['proxy_path'] }}/{{ hconfigs['admin_secret'] }}/admin/quick-setup/'</script>";
+			#return 307  {{ hconfigs['admin_secret'] }}/config;
+		}
+	{% endif %}
+
 	# proxy_redirect / /;
     #proxy_intercept_errors on;
 	error_page 301 302 307 = @handle_redirect;
-	proxy_set_header Host DECOY_DOMAIN;
-	set $upstream DECOY_DOMAIN;
+	proxy_set_header Host {{ hconfigs['decoy_domain'] }};
+	set $upstream {{ hconfigs['decoy_domain'] }};
 	proxy_pass https://$upstream;
         proxy_ssl_server_name on;
         proxy_ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
@@ -24,8 +31,8 @@ location / {
 	# proxy_redirect / /; 
     proxy_intercept_errors on;
 	error_page 301 302 307 = @handle_redirect;
-	proxy_set_header Host DECOY_DOMAIN;
-	set $upstream DECOY_DOMAIN;
+	proxy_set_header Host {{ hconfigs['decoy_domain'] }};
+	set $upstream {{ hconfigs['decoy_domain'] }};
 	proxy_pass https://$upstream;
         proxy_ssl_server_name on;
         proxy_ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

nginx/parts/hiddify.conf.j2

@@ -0,0 +1,16 @@
+# set_real_ip_from unix:;
+# set_real_ip_from 127.0.0.1;
+# real_ip_header proxy_protocol;
+#access_log /opt/hiddify-server/log/nginx.log proxy;
+#include /opt/hiddify-server/nginx/ar_real_ip.conf;
+
+location @handle_redirect {
+    set $saved_redirect_location '$upstream_http_location';
+    proxy_pass $saved_redirect_location;
+}
+include /opt/hiddify-server/nginx/parts/acme.conf;
+include /opt/hiddify-server/nginx/parts/def-link.conf;
+include /opt/hiddify-server/nginx/parts/common.conf;
+include /opt/hiddify-server/nginx/parts/short-link.conf;
+
+