mirror of
https://github.com/DeBrosOfficial/orama.git
synced 2026-03-17 14:36:58 +00:00
50 lines
1.4 KiB
Bash
Executable File
50 lines
1.4 KiB
Bash
Executable File
#!/usr/bin/env bash
|
|
# Patch: Disable HTTP/3 (QUIC) in Caddy to free UDP 443 for TURN server.
|
|
# Run on each VPS node. Safe to run multiple times (idempotent).
|
|
#
|
|
# Usage: sudo bash disable-caddy-http3.sh
|
|
set -euo pipefail
|
|
|
|
CADDYFILE="/etc/caddy/Caddyfile"
|
|
|
|
if [ ! -f "$CADDYFILE" ]; then
|
|
echo "ERROR: $CADDYFILE not found"
|
|
exit 1
|
|
fi
|
|
|
|
# Check if already patched
|
|
if grep -q 'protocols h1 h2' "$CADDYFILE"; then
|
|
echo "Already patched — Caddyfile already has 'protocols h1 h2'"
|
|
else
|
|
# The global block looks like:
|
|
# {
|
|
# email admin@...
|
|
# }
|
|
#
|
|
# Insert 'servers { protocols h1 h2 }' after the email line.
|
|
sed -i '/^ email /a\
|
|
servers {\
|
|
protocols h1 h2\
|
|
}' "$CADDYFILE"
|
|
echo "Patched Caddyfile — added 'servers { protocols h1 h2 }'"
|
|
fi
|
|
|
|
# Validate the new config before reloading
|
|
if ! caddy validate --config "$CADDYFILE" --adapter caddyfile 2>/dev/null; then
|
|
echo "ERROR: Caddyfile validation failed! Reverting..."
|
|
sed -i '/^ servers {$/,/^ }$/d' "$CADDYFILE"
|
|
exit 1
|
|
fi
|
|
|
|
# Reload Caddy (graceful, no downtime)
|
|
systemctl reload caddy
|
|
echo "Caddy reloaded successfully"
|
|
|
|
# Verify UDP 443 is no longer bound by Caddy
|
|
sleep 1
|
|
if ss -ulnp | grep -q ':443.*caddy'; then
|
|
echo "WARNING: Caddy still binding UDP 443 — reload may need more time"
|
|
else
|
|
echo "Confirmed: UDP 443 is free for TURN"
|
|
fi
|