From 2923cc3fa78d7bd8cfc3d153081c98eae31a1cc5 Mon Sep 17 00:00:00 2001 From: wnlen <62139570+wnlen@users.noreply.github.com> Date: Thu, 15 Jan 2026 00:23:45 +0800 Subject: [PATCH 1/8] Update start.sh --- start.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/start.sh b/start.sh index 3b5ba9a..a4c272b 100644 --- a/start.sh +++ b/start.sh @@ -103,7 +103,7 @@ source "$Server_Dir/scripts/port_utils.sh" CLASH_HTTP_PORT="$(resolve_port_value "HTTP" "$CLASH_HTTP_PORT")" CLASH_SOCKS_PORT="$(resolve_port_value "SOCKS" "$CLASH_SOCKS_PORT")" CLASH_REDIR_PORT="$(resolve_port_value "REDIR" "$CLASH_REDIR_PORT")" -EXTERNAL_CONTROLLER="$(resolve_host_port "External Controller" "$EXTERNAL_CONTROLLER" "0.0.0.0")" +EXTERNAL_CONTROLLER="$(resolve_host_port "External Controller" "$EXTERNAL_CONTROLLER" "127.0.0.1")" # shellcheck disable=SC1090 source "$Server_Dir/scripts/config_utils.sh" From bb3fc6e11ecb8a21cca795e9f4179bd03f6b32ee Mon Sep 17 00:00:00 2001 From: wnlen <62139570+wnlen@users.noreply.github.com> Date: Thu, 15 Jan 2026 00:26:04 +0800 Subject: [PATCH 2/8] Update start.sh --- start.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/start.sh b/start.sh index a4c272b..11044f5 100644 --- a/start.sh +++ b/start.sh @@ -89,7 +89,7 @@ force_write_secret() { CLASH_HTTP_PORT="${CLASH_HTTP_PORT:-7890}" CLASH_SOCKS_PORT="${CLASH_SOCKS_PORT:-7891}" CLASH_REDIR_PORT="${CLASH_REDIR_PORT:-7892}" -CLASH_LISTEN_IP="${CLASH_LISTEN_IP:-0.0.0.0}" +CLASH_LISTEN_IP="${CLASH_LISTEN_IP:-127.0.0.1}" CLASH_ALLOW_LAN="${CLASH_ALLOW_LAN:-false}" EXTERNAL_CONTROLLER_ENABLED="${EXTERNAL_CONTROLLER_ENABLED:-true}" From e5efca95d0735c3533ebc22d5c2d9f4e6561a746 Mon Sep 17 00:00:00 2001 From: wnlen <62139570+wnlen@users.noreply.github.com> Date: Thu, 15 Jan 2026 00:32:19 +0800 Subject: [PATCH 3/8] Update start.sh --- start.sh | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/start.sh b/start.sh index 11044f5..1071e2f 100644 --- a/start.sh +++ b/start.sh @@ -68,7 +68,12 @@ fi # 兜底生成随机 secret if [ -z "$Secret" ]; then - Secret="$(openssl rand -hex 32)" + if command -v openssl >/dev/null 2>&1; then + Secret="$(openssl rand -hex 32)" + else + # 32 bytes -> 64 hex chars + Secret="$(head -c 32 /dev/urandom | od -An -tx1 | tr -d ' \n')" + fi fi # 强制写入 secret 到指定配置文件(存在则替换,不存在则追加) From 812a80412f862c2b08daf7c6b70dbbbcedbf1eaf Mon Sep 17 00:00:00 2001 From: wnlen <62139570+wnlen@users.noreply.github.com> Date: Thu, 15 Jan 2026 00:41:32 +0800 Subject: [PATCH 4/8] Update fallback_config.yaml --- conf/fallback_config.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/conf/fallback_config.yaml b/conf/fallback_config.yaml index 250c095..55620a6 100644 --- a/conf/fallback_config.yaml +++ b/conf/fallback_config.yaml @@ -8,7 +8,6 @@ udp: true external-controller: 127.0.0.1:9090 external-ui: /opt/clash-for-linux/dashboard/public -secret: "" proxies: [] proxy-groups: [] From ddbaf6284125d7792bfd1ec21a261df461eaaa84 Mon Sep 17 00:00:00 2001 From: wnlen <62139570+wnlen@users.noreply.github.com> Date: Thu, 15 Jan 2026 00:41:41 +0800 Subject: [PATCH 5/8] Update config.yaml --- conf/config.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/conf/config.yaml b/conf/config.yaml index ab9cb7c..4e03bfa 100644 --- a/conf/config.yaml +++ b/conf/config.yaml @@ -8,7 +8,6 @@ udp: true external-controller: 127.0.0.1:9090 external-ui: /opt/clash-for-linux/dashboard/public -secret: "" proxies: [] proxy-groups: [] @@ -18,3 +17,4 @@ rules: + From aef7f733c80b823f62ad4c49a299682f7ec701fb Mon Sep 17 00:00:00 2001 From: wnlen <62139570+wnlen@users.noreply.github.com> Date: Thu, 15 Jan 2026 00:56:51 +0800 Subject: [PATCH 6/8] Update fallback_config.yaml --- conf/fallback_config.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/conf/fallback_config.yaml b/conf/fallback_config.yaml index 55620a6..6a296d7 100644 --- a/conf/fallback_config.yaml +++ b/conf/fallback_config.yaml @@ -7,7 +7,7 @@ ipv6: true udp: true external-controller: 127.0.0.1:9090 -external-ui: /opt/clash-for-linux/dashboard/public +external-ui: /opt/clash-for-linux/conf/ui proxies: [] proxy-groups: [] From 4cebc4a22bdbb03a8ee3b7d73bb59007d589ccf5 Mon Sep 17 00:00:00 2001 From: wnlen <62139570+wnlen@users.noreply.github.com> Date: Thu, 15 Jan 2026 00:59:01 +0800 Subject: [PATCH 7/8] Update start.sh --- start.sh | 20 ++++++++++++++++++-- 1 file changed, 18 insertions(+), 2 deletions(-) diff --git a/start.sh b/start.sh index 1071e2f..1e00052 100644 --- a/start.sh +++ b/start.sh @@ -343,9 +343,25 @@ if [ "$SKIP_CONFIG_REBUILD" != "true" ]; then # Configure Clash Dashboard Work_Dir="$(cd "$(dirname "$0")" && pwd)" - Dashboard_Dir="${Work_Dir}/dashboard/public" + + # SAFE_PATHS: only allow paths under $Conf_Dir, so place dashboard under conf via symlink + Dashboard_Src="${Work_Dir}/dashboard/public" + Dashboard_Link="${Conf_Dir}/ui" + if [ "$EXTERNAL_CONTROLLER_ENABLED" = "true" ]; then - sed -ri "s@^# external-ui:.*@external-ui: ${Dashboard_Dir}@g" "$Conf_Dir/config.yaml" || true + # create/update symlink + if [ -d "$Dashboard_Src" ]; then + ln -sfn "$Dashboard_Src" "$Dashboard_Link" + else + echo -e "\033[33m[WARN]\033[0m Dashboard source not found: $Dashboard_Src (external-ui may not work)" + fi + + # ensure external-ui points to conf subpath + if grep -qE '^[[:space:]]*external-ui:' "$Conf_Dir/config.yaml"; then + sed -i -E "s|^[[:space:]]*external-ui:.*$|external-ui: ${Dashboard_Link}|g" "$Conf_Dir/config.yaml" + else + printf "\nexternal-ui: %s\n" "$Dashboard_Link" >> "$Conf_Dir/config.yaml" + fi fi # 写入 secret From 8975a1bca4c696a8058374896b11d2bdda64a27c Mon Sep 17 00:00:00 2001 From: wnlen <62139570+wnlen@users.noreply.github.com> Date: Thu, 15 Jan 2026 01:03:15 +0800 Subject: [PATCH 8/8] Update config.yaml --- conf/config.yaml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/conf/config.yaml b/conf/config.yaml index 4e03bfa..7e37182 100644 --- a/conf/config.yaml +++ b/conf/config.yaml @@ -7,7 +7,7 @@ ipv6: true udp: true external-controller: 127.0.0.1:9090 -external-ui: /opt/clash-for-linux/dashboard/public +external-ui: /opt/clash-for-linux/conf/ui proxies: [] proxy-groups: [] @@ -18,3 +18,4 @@ rules: +