feat: add option to use existing custom SSL certificates (#3688)

Refactor URL construction to use pre-configured URIs if available, otherwise fallback to default scheme and host.

install.sh

@@ -521,12 +521,13 @@ prompt_and_setup_ssl() {
     echo -e "${yellow}Choose SSL certificate setup method:${plain}"
     echo -e "${green}1.${plain} Let's Encrypt for Domain (90-day validity, auto-renews)"
     echo -e "${green}2.${plain} Let's Encrypt for IP Address (6-day validity, auto-renews)"
-    echo -e "${blue}Note:${plain} Both options require port 80 open. IP certs use shortlived profile."
+    echo -e "${green}3.${plain} Custom SSL Certificate (Path to existing files)"
+    echo -e "${blue}Note:${plain} Options 1 & 2 require port 80 open. Option 3 requires manual paths."
     read -rp "Choose an option (default 2 for IP): " ssl_choice
     ssl_choice="${ssl_choice// /}"  # Trim whitespace
     
-    # Default to 2 (IP cert) if not 1
-    if [[ "$ssl_choice" != "1" ]]; then
+    # Default to 2 (IP cert) if input is empty or invalid (not 1 or 3)
+    if [[ "$ssl_choice" != "1" && "$ssl_choice" != "3" ]]; then
         ssl_choice="2"
     fi
 
@@ -569,7 +570,66 @@ prompt_and_setup_ssl() {
             echo -e "${red}✗ IP certificate setup failed. Please check port 80 is open.${plain}"
             SSL_HOST="${server_ip}"
         fi
+        ;;
+    3)
+        # User chose Custom Paths (User Provided) option
+        echo -e "${green}Using custom existing certificate...${plain}"
+        local custom_cert=""
+        local custom_key=""
+        local custom_domain=""
+
+        # 3.1 Request Domain to compose Panel URL later
+        read -rp "Please enter domain name certificate issued for: " custom_domain
+        custom_domain="${custom_domain// /}" # Убираем пробелы
+
+        # 3.2 Loop for Certificate Path
+        while true; do
+            read -rp "Input certificate path (keywords: .crt / fullchain): " custom_cert
+            # Strip quotes if present
+            custom_cert=$(echo "$custom_cert" | tr -d '"' | tr -d "'")
+
+            if [[ -f "$custom_cert" && -r "$custom_cert" && -s "$custom_cert" ]]; then
+                break
+            elif [[ ! -f "$custom_cert" ]]; then
+                echo -e "${red}Error: File does not exist! Try again.${plain}"
+            elif [[ ! -r "$custom_cert" ]]; then
+                echo -e "${red}Error: File exists but is not readable (check permissions)!${plain}"
+            else
+                echo -e "${red}Error: File is empty!${plain}"
+            fi
+        done
+
+        # 3.3 Loop for Private Key Path
+        while true; do
+            read -rp "Input private key path (keywords: .key / privatekey): " custom_key
+            # Strip quotes if present
+            custom_key=$(echo "$custom_key" | tr -d '"' | tr -d "'")
+
+            if [[ -f "$custom_key" && -r "$custom_key" && -s "$custom_key" ]]; then
+                break
+            elif [[ ! -f "$custom_key" ]]; then
+                echo -e "${red}Error: File does not exist! Try again.${plain}"
+            elif [[ ! -r "$custom_key" ]]; then
+                echo -e "${red}Error: File exists but is not readable (check permissions)!${plain}"
+            else
+                echo -e "${red}Error: File is empty!${plain}"
+            fi
+        done
+
+        # 3.4 Apply Settings via x-ui binary
+        ${xui_folder}/x-ui cert -webCert "$custom_cert" -webCertKey "$custom_key" >/dev/null 2>&1
         
+        # Set SSL_HOST for composing Panel URL
+        if [[ -n "$custom_domain" ]]; then
+            SSL_HOST="$custom_domain"
+        else
+            SSL_HOST="${server_ip}"
+        fi
+
+        echo -e "${green}✓ Custom certificate paths applied.${plain}"
+        echo -e "${yellow}Note: You are responsible for renewing these files externally.${plain}"
+
+        systemctl restart x-ui >/dev/null 2>&1 || rc-service x-ui restart >/dev/null 2>&1
         ;;
     *)
         echo -e "${red}Invalid option. Skipping SSL setup.${plain}"

update.sh

@@ -541,12 +541,13 @@ prompt_and_setup_ssl() {
     echo -e "${yellow}Choose SSL certificate setup method:${plain}"
     echo -e "${green}1.${plain} Let's Encrypt for Domain (90-day validity, auto-renews)"
     echo -e "${green}2.${plain} Let's Encrypt for IP Address (6-day validity, auto-renews)"
-    echo -e "${blue}Note:${plain} Both options require port 80 open. IP certs use shortlived profile."
+    echo -e "${green}3.${plain} Custom SSL Certificate (Path to existing files)"
+    echo -e "${blue}Note:${plain} Options 1 & 2 require port 80 open. Option 3 requires manual paths."
     read -rp "Choose an option (default 2 for IP): " ssl_choice
     ssl_choice="${ssl_choice// /}"  # Trim whitespace
     
-    # Default to 2 (IP cert) if not 1
-    if [[ "$ssl_choice" != "1" ]]; then
+    # Default to 2 (IP cert) if input is empty or invalid (not 1 or 3)
+    if [[ "$ssl_choice" != "1" && "$ssl_choice" != "3" ]]; then
         ssl_choice="2"
     fi
 
@@ -596,6 +597,67 @@ prompt_and_setup_ssl() {
         else
             systemctl restart x-ui >/dev/null 2>&1
         fi
+
+        ;;
+    3)
+        # User chose Custom Paths (User Provided) option
+        echo -e "${green}Using custom existing certificate...${plain}"
+        local custom_cert=""
+        local custom_key=""
+        local custom_domain=""
+
+        # 3.1 Request Domain to compose Panel URL later
+        read -rp "Please enter domain name certificate issued for: " custom_domain
+        custom_domain="${custom_domain// /}" # Убираем пробелы
+
+        # 3.2 Loop for Certificate Path
+        while true; do
+            read -rp "Input certificate path (keywords: .crt / fullchain): " custom_cert
+            # Strip quotes if present
+            custom_cert=$(echo "$custom_cert" | tr -d '"' | tr -d "'")
+
+            if [[ -f "$custom_cert" && -r "$custom_cert" && -s "$custom_cert" ]]; then
+                break
+            elif [[ ! -f "$custom_cert" ]]; then
+                echo -e "${red}Error: File does not exist! Try again.${plain}"
+            elif [[ ! -r "$custom_cert" ]]; then
+                echo -e "${red}Error: File exists but is not readable (check permissions)!${plain}"
+            else
+                echo -e "${red}Error: File is empty!${plain}"
+            fi
+        done
+
+        # 3.3 Loop for Private Key Path
+        while true; do
+            read -rp "Input private key path (keywords: .key / privatekey): " custom_key
+            # Strip quotes if present
+            custom_key=$(echo "$custom_key" | tr -d '"' | tr -d "'")
+
+            if [[ -f "$custom_key" && -r "$custom_key" && -s "$custom_key" ]]; then
+                break
+            elif [[ ! -f "$custom_key" ]]; then
+                echo -e "${red}Error: File does not exist! Try again.${plain}"
+            elif [[ ! -r "$custom_key" ]]; then
+                echo -e "${red}Error: File exists but is not readable (check permissions)!${plain}"
+            else
+                echo -e "${red}Error: File is empty!${plain}"
+            fi
+        done
+
+        # 3.4 Apply Settings via x-ui binary
+        ${xui_folder}/x-ui cert -webCert "$custom_cert" -webCertKey "$custom_key" >/dev/null 2>&1
+
+        # Set SSL_HOST for composing Panel URL
+        if [[ -n "$custom_domain" ]]; then
+            SSL_HOST="$custom_domain"
+        else
+            SSL_HOST="${server_ip}"
+        fi
+
+        echo -e "${green}✓ Custom certificate paths applied.${plain}"
+        echo -e "${yellow}Note: You are responsible for renewing these files externally.${plain}"
+
+        systemctl restart x-ui >/dev/null 2>&1 || rc-service x-ui restart >/dev/null 2>&1
         ;;
     *)
         echo -e "${red}Invalid option. Skipping SSL setup.${plain}"

web/html/form/outbound.html

@@ -772,7 +772,7 @@
     <a-space direction="vertical" :size="10" :style="{ marginTop: '10px' }">
       <a-input addon-before='{{ i18n "pages.xray.outbound.link" }}'
         v-model.trim="outModal.link"
-        placeholder="vmess:// vless:// trojan:// ss://">
+        placeholder="vmess:// vless:// trojan:// ss:// hysteria2://">
         <a-icon slot="addonAfter" type="form" @click="convertLink"></a-icon>
       </a-input>
       <textarea :style="{ position: 'absolute', left: '-800px' }"

web/service/tgbot.go

@@ -2267,6 +2267,8 @@ func (t *Tgbot) buildSubscriptionURLs(email string) (string, string, error) {
 	}
 
 	// Gather settings to construct absolute URLs
+	subURI, _ := t.settingService.GetSubURI()
+	subJsonURI, _ := t.settingService.GetSubJsonURI()
 	subDomain, _ := t.settingService.GetSubDomain()
 	subPort, _ := t.settingService.GetSubPort()
 	subPath, _ := t.settingService.GetSubPath()
@@ -2314,8 +2316,29 @@ func (t *Tgbot) buildSubscriptionURLs(email string) (string, string, error) {
 		subJsonPath = subJsonPath + "/"
 	}
 
-	subURL := fmt.Sprintf("%s://%s%s%s", scheme, host, subPath, client.SubID)
-	subJsonURL := fmt.Sprintf("%s://%s%s%s", scheme, host, subJsonPath, client.SubID)
+	var subURL string
+	var subJsonURL string
+
+	// If pre-configured URIs are available, use them directly
+	if subURI != "" {
+		if !strings.HasSuffix(subURI, "/") {
+			subURI = subURI + "/" 
+		}
+		subURL = fmt.Sprintf("%s%s", subURI, client.SubID) 
+	} else {
+		subURL = fmt.Sprintf("%s://%s%s%s", scheme, host, subPath, client.SubID)
+	}
+
+	if subJsonURI != "" {
+		if !strings.HasSuffix(subJsonURI, "/") {
+			subJsonURI = subJsonURI + "/"
+		}
+		subJsonURL = fmt.Sprintf("%s%s", subJsonURI, client.SubID) 
+	} else {
+
+		subJsonURL = fmt.Sprintf("%s://%s%s%s", scheme, host, subJsonPath, client.SubID)
+	}
+
 	if !subJsonEnable {
 		subJsonURL = ""
 	}