Update installer, Allow install old versions and uninstall.

masterking32 · masterking32 · commit 1bc74543c835 · 2026-05-04T15:40:42.000+03:30
diff --git a/server_linux_install.sh b/server_linux_install.sh
@@ -50,47 +50,120 @@ detect_legacy_linux() {
       ;;
   esac
 }
-select_release_artifact() {
+print_usage() {
+  cat <<'USAGE'
+MasterDnsVPN Server Linux Installer
+
+Usage:
+  bash <(curl -Ls https://raw.githubusercontent.com/masterking32/MasterDnsVPN/main/server_linux_install.sh) [OPTIONS]
+
+Options:
+  -v, --version <VERSION>   Install a specific MasterDnsVPN release (tag), e.g. v1.2.3.
+                            If omitted, the latest release is installed.
+  -u, --uninstall           Uninstall MasterDnsVPN: stop and remove the systemd
+                            service, drop kernel/limit tunings, and clean up
+                            binaries and config files in the install directory.
+  -h, --help                Show this help message and exit.
+
+Examples:
+  # Install the latest release (default behavior):
+  bash <(curl -Ls https://raw.githubusercontent.com/masterking32/MasterDnsVPN/main/server_linux_install.sh)
+
+  # Install a specific release version:
+  bash <(curl -Ls https://raw.githubusercontent.com/masterking32/MasterDnsVPN/main/server_linux_install.sh) --version v1.2.3
+
+  # Uninstall MasterDnsVPN:
+  bash <(curl -Ls https://raw.githubusercontent.com/masterking32/MasterDnsVPN/main/server_linux_install.sh) --uninstall
+USAGE
+}select_release_artifact() {
   local arch="$1"
+  local version="${2:-}"
   local legacy=0
   if detect_legacy_linux; then
     legacy=1
     log_info "Legacy system detected (broader Linux compatibility mode)."
   fi
 
+  local base_url
+  if [[ -n "$version" ]]; then
+    base_url="https://github.com/masterking32/MasterDnsVPN/releases/download/${version}"
+    log_info "Targeting MasterDnsVPN release: ${version}"
+  else
+    base_url="https://github.com/masterking32/MasterDnsVPN/releases/latest/download"
+  fi
+
   case "$arch" in
     aarch64|arm64)
       if [[ $legacy -eq 1 ]]; then
-        URL="https://github.com/masterking32/MasterDnsVPN/releases/latest/download/MasterDnsVPN_Server_Linux-Legacy_ARM64.zip"
         PREFIX="MasterDnsVPN_Server_Linux-Legacy_ARM64"
       else
-        URL="https://github.com/masterking32/MasterDnsVPN/releases/latest/download/MasterDnsVPN_Server_Linux_ARM64.zip"
         PREFIX="MasterDnsVPN_Server_Linux_ARM64"
       fi
       ;;
     armv7l|armv7|armhf)
-      URL="https://github.com/masterking32/MasterDnsVPN/releases/latest/download/MasterDnsVPN_Server_Linux_ARMV7.zip"
       PREFIX="MasterDnsVPN_Server_Linux_ARMV7"
       ;;
     x86_64|amd64)
       if [[ $legacy -eq 1 ]]; then
-        URL="https://github.com/masterking32/MasterDnsVPN/releases/latest/download/MasterDnsVPN_Server_Linux-Legacy_AMD64.zip"
         PREFIX="MasterDnsVPN_Server_Linux-Legacy_AMD64"
       else
-        URL="https://github.com/masterking32/MasterDnsVPN/releases/latest/download/MasterDnsVPN_Server_Linux_AMD64.zip"
         PREFIX="MasterDnsVPN_Server_Linux_AMD64"
       fi
       ;;
     i386|i486|i586|i686|x86)
-      URL="https://github.com/masterking32/MasterDnsVPN/releases/latest/download/MasterDnsVPN_Server_Linux_X86.zip"
       PREFIX="MasterDnsVPN_Server_Linux_X86"
       ;;
     *)
       log_error "Unsupported architecture: $arch"
       ;;
   esac
+
+  URL="${base_url}/${PREFIX}.zip"
 }
 
+ACTION="install"
+TARGET_VERSION=""
+while [[ $# -gt 0 ]]; do
+  case "$1" in
+    -v|--version)
+      [[ $# -ge 2 ]] || { echo "Error: $1 requires a value" >&2; print_usage; exit 2; }
+      TARGET_VERSION="$2"
+      shift 2
+      ;;
+    --version=*)
+      TARGET_VERSION="${1#*=}"
+      shift
+      ;;
+    -u|--uninstall)
+      ACTION="uninstall"
+      shift
+      ;;
+    -h|--help)
+      print_usage
+      exit 0
+      ;;
+    --)
+      shift
+      break
+      ;;
+    *)
+      echo "Error: unknown option: $1" >&2
+      print_usage
+      exit 2
+      ;;
+  esac
+done
+
+if [[ "$ACTION" == "uninstall" && -n "$TARGET_VERSION" ]]; then
+  echo "Error: --version cannot be combined with --uninstall" >&2
+  exit 2
+fi
+
+if [[ -n "$TARGET_VERSION" && ! "$TARGET_VERSION" =~ ^[A-Za-z0-9._+-]+$ ]]; then
+  echo "Error: invalid version tag: $TARGET_VERSION" >&2
+  exit 2
+fi
+
 if [[ "${EUID}" -ne 0 ]]; then
   log_error "Run this script as root (sudo)."
 fi
@@ -120,7 +193,11 @@ echo " | \  / | __ _ ___| |_ ___ _ __ | |  | |  \| | (___  "
 echo " | |\/| |/ _\` / __| __/ _ \ '__|| |  | | . \ |\___ \ "
 echo " | |  | | (_| \__ \ ||  __/ |   | |__| | |\  |____) |"
 echo " |_|  |_|\__,_|___/\__\___|_|   |_____/|_| \_|_____/ "
-echo -e "           MasterDnsVPN Server Auto-Installer${NC}"
+if [[ "$ACTION" == "uninstall" ]]; then
+  echo -e "          MasterDnsVPN Server Auto-Uninstaller${NC}"
+else
+  echo -e "           MasterDnsVPN Server Auto-Installer${NC}"
+fi
 echo -e "${CYAN}------------------------------------------------------${NC}"
 
 TMP_LOG="init_logs.tmp"
@@ -298,6 +375,85 @@ remove_port53_forward_rules() {
   remove_nft_port53_redirects
 }
 
+do_uninstall() {
+  log_header "Uninstalling MasterDnsVPN"
+
+  if systemctl list-unit-files --all 2>/dev/null | grep -q '^masterdnsvpn\.service'; then
+    log_info "Stopping and disabling masterdnsvpn service..."
+    systemctl stop masterdnsvpn 2>/dev/null || true
+    systemctl disable masterdnsvpn >/dev/null 2>&1 || true
+    systemctl reset-failed masterdnsvpn 2>/dev/null || true
+  else
+    log_info "No masterdnsvpn systemd unit found."
+  fi
+
+  if [[ -f /etc/systemd/system/masterdnsvpn.service ]]; then
+    rm -f /etc/systemd/system/masterdnsvpn.service
+    log_success "Removed /etc/systemd/system/masterdnsvpn.service"
+  fi
+  systemctl daemon-reload 2>/dev/null || true
+
+  local pid cmdline
+  while IFS= read -r pid; do
+    [[ -z "$pid" ]] && continue
+    cmdline="$(ps -p "$pid" -o cmd= 2>/dev/null || true)"
+    if echo "$cmdline" | grep -qiE 'masterdnsvpn'; then
+      log_warn "Terminating stray MasterDnsVPN process (PID: $pid)..."
+      kill "$pid" 2>/dev/null || true
+      sleep 1
+      if kill -0 "$pid" 2>/dev/null; then
+        kill -9 "$pid" 2>/dev/null || true
+      fi
+    fi
+  done < <(pgrep -fi 'masterdnsvpn' 2>/dev/null || true)
+
+  if [[ -f /etc/sysctl.d/99-masterdnsvpn.conf ]]; then
+    rm -f /etc/sysctl.d/99-masterdnsvpn.conf
+    sysctl --system >/dev/null 2>&1 || true
+    log_success "Removed kernel tuning (/etc/sysctl.d/99-masterdnsvpn.conf)."
+  fi
+  if [[ -f /etc/security/limits.d/99-masterdnsvpn.conf ]]; then
+    rm -f /etc/security/limits.d/99-masterdnsvpn.conf
+    log_success "Removed file descriptor limits (/etc/security/limits.d/99-masterdnsvpn.conf)."
+  fi
+
+  if [[ -f /etc/systemd/resolved.conf.bak && -f /etc/systemd/resolved.conf ]]; then
+    log_info "Restoring original /etc/systemd/resolved.conf from backup..."
+    mv -f /etc/systemd/resolved.conf.bak /etc/systemd/resolved.conf
+    systemctl restart systemd-resolved 2>/dev/null || true
+  fi
+
+  log_header "Cleaning Install Directory"
+  log_info "Install directory: $INSTALL_DIR"
+  shopt -s nullglob
+  local removed=0
+  for f in \
+    "$INSTALL_DIR"/MasterDnsVPN_Server_Linux*_v* \
+    "$INSTALL_DIR"/server_config.toml \
+    "$INSTALL_DIR"/server_config.toml.backup \
+    "$INSTALL_DIR"/server_config.toml.bak \
+    "$INSTALL_DIR"/server_config_*.toml \
+    "$INSTALL_DIR"/encrypt_key.txt \
+    "$INSTALL_DIR"/init_logs.tmp \
+    "$INSTALL_DIR"/*.spec; do
+    if [[ -e "$f" ]]; then
+      rm -f -- "$f"
+      log_info "Removed: $f"
+      removed=1
+    fi
+  done
+  shopt -u nullglob
+  if [[ $removed -eq 0 ]]; then
+    log_warn "No MasterDnsVPN files found in $INSTALL_DIR. If you installed elsewhere, run the uninstaller from that directory."
+  fi
+
+  echo -e "\n${CYAN}======================================================${NC}"
+  echo -e " ${GREEN}${BOLD}        MASTERDNSVPN UNINSTALL COMPLETED${NC}"
+  echo -e "${CYAN}======================================================${NC}"
+  echo -e "${YELLOW}Note:${NC} Firewall rules for port 53 (UDP/TCP) were left in place."
+  echo -e "      Remove them manually if no longer needed."
+}
+
 stop_existing_masterdnsvpn_service() {
   local unit_present=0
   if systemctl list-unit-files --all 2>/dev/null | grep -q '^masterdnsvpn\.service'; then
@@ -337,6 +493,11 @@ stop_existing_masterdnsvpn_service() {
   done <<< "$(get_port53_pids)"
 }
 
+if [[ "$ACTION" == "uninstall" ]]; then
+  do_uninstall
+  exit 0
+fi
+
 log_header "Stopping Existing MasterDnsVPN"
 stop_existing_masterdnsvpn_service
 
@@ -349,7 +510,9 @@ if check_port53; then
 
   if systemctl is-active --quiet systemd-resolved; then
     log_info "Configuring systemd-resolved DNSStubListener=no ..."
-    backup_file_once /etc/systemd/resolved.conf
+    if [[ -f /etc/systemd/resolved.conf && ! -f /etc/systemd/resolved.conf.bak ]]; then
+      cp -a /etc/systemd/resolved.conf /etc/systemd/resolved.conf.bak
+    fi
     if grep -q '^#\?DNSStubListener=' /etc/systemd/resolved.conf; then
       sed -i 's/^#\?DNSStubListener=.*/DNSStubListener=no/' /etc/systemd/resolved.conf || true
     else
@@ -470,9 +633,13 @@ root hard nofile 1048576
 EOF
 log_success "Kernel and file descriptor limits configured."
 
-log_header "Fetching Latest Release"
+if [[ -n "$TARGET_VERSION" ]]; then
+  log_header "Fetching Release ${TARGET_VERSION}"
+else
+  log_header "Fetching Latest Release"
+fi
 ARCH="$(uname -m)"
-select_release_artifact "$ARCH"
+select_release_artifact "$ARCH" "$TARGET_VERSION"
 
 if [[ -f "server_config.toml" ]]; then
   mv -f server_config.toml server_config.toml.backup
@@ -545,10 +712,39 @@ fi
 
 log_header "Security Initialization"
 log_info "Starting server once to generate encryption key..."
-if ! ./"$EXECUTABLE" -genkey -nowait > "$TMP_LOG" 2>&1; then
-  log_warn "Initialization log tail:"
-  tail -n 20 "$TMP_LOG" || true
-  log_error "Could not verify key generation."
+EXECUTABLE_ARGS="-genkey -nowait"
+KEY_GENERATED=false
+
+# Try with -genkey -nowait (newest versions)
+if ./"$EXECUTABLE" $EXECUTABLE_ARGS > "$TMP_LOG" 2>&1; then
+  log_success "Key generated!"
+  KEY_GENERATED=true
+fi
+
+# Try running normally to trigger key generation (older versions)
+if [[ "$KEY_GENERATED" != true ]]; then
+  ./"$EXECUTABLE" > "$TMP_LOG" 2>&1 &
+  APP_PID=$!
+  READY=false
+  for _ in {1..10}; do
+    if grep -q "Active Encryption Key" "$TMP_LOG" 2>/dev/null; then
+      READY=true
+      break
+    fi
+    sleep 1
+  done
+  kill "$APP_PID" 2>/dev/null || true
+  wait "$APP_PID" 2>/dev/null || true
+  
+  if [[ "$READY" == true ]]; then
+    log_success "Key generated."
+    EXECUTABLE_ARGS=""
+    KEY_GENERATED=true
+  else
+    log_warn "Initialization log tail:"
+    tail -n 20 "$TMP_LOG" || true
+    log_error "Could not verify key generation."
+  fi
 fi
 
 echo -e "${GREEN}${BOLD}------------------------------------------------------"
@@ -567,7 +763,7 @@ StartLimitIntervalSec=0
 [Service]
 Type=simple
 WorkingDirectory=$INSTALL_DIR
-ExecStart=$INSTALL_DIR/$EXECUTABLE -nowait
+ExecStart=$INSTALL_DIR/$EXECUTABLE $EXECUTABLE_ARGS
 Restart=always
 RestartSec=3
 User=root
