update

defaults.inc

@@ -48,6 +48,7 @@ if [ -f ${NM_FOLDER}/defaults.local.inc ]; then
 	
 			
 	for ntype in "${NM_NODE_TYPES[@]}"; do
+		echo "NTYPE: $ntype"
 		arr ${ntype}_HOSTS
 		arr ${ntype}_SERVICES_CHECK
 		arr ${ntype}_DOCKERS_CHECK

inc/certs.inc

@@ -18,32 +18,22 @@ NEWCERT(){
 		echo -e "${idsCL[LightGreen]}Requesting Certificate for '${idsCL[Yellow]}${NEW_CERT}${idsCL[LightGreen]}'...${idsCL[Default]}"
 		echo 
 		
-		# echo -en "${idsCL[LightYellow]}Stopping other Webservers... ${idsCL[Default]}"
-		# for nip in "${WEB_HOSTS[@]}"; do
-		# 	if [[ $(/sbin/ip -o -4 addr list eth0 | awk '{print $4}' | cut -d/ -f1) != *"${nip}"* ]]; then
-		# 		# `ssh root@${nip} service nginx stop`
-		# 		# SERVICE nginx stop ${nip}
-		# 	fi
-		# done
-		# echo -e "${idsCL[Green]}Completed${idsCL[Default]}"
-		# echo
-		
 		$CERT_DAEMON certonly --webroot -w /opt/lb-data/letsencrypt-acme-challenge -d ${NEW_CERT}
 		# $CERT_DAEMON certonly --dry-run --webroot -w /var/www/html -d ${NEW_CERT}
 		
-		chown -R root:le /opt/lb-data/letsencrypt
-		chmod -R 6775 /opt/lb-data/letsencrypt
+		chown -R root:le ${NM_CERTPATH}
+		chmod -R 6775 ${NM_CERTPATH}
 		
-		if [ -d /opt/lb-data/letsencrypt/live/${MAIN_CERT} ]; then
+		if [ -d ${NM_CERTPATH}/live/${MAIN_CERT} ]; then
 
-			touch /opt/lb-data/letsencrypt/live/${MAIN_CERT}/newcert
+			touch ${NM_CERTPATH}/live/${MAIN_CERT}/newcert
 			if [ -f /opt/lb-data/nginx/sites-enabled/${MAIN_CERT}.conf ]; then
 				rm -f  ${NM_FOLDER}/cert-request.lastrun
 				daterun=`date +%Y-%m-%d-%H-%M-%S`
 				echo -e "${NEW_CERT}\n${daterun}" > ${NM_FOLDER}/cert-request.lastrun
-				yes | cp -rfH ${NM_FOLDER}/cert-request.lastrun /opt/lb-data/letsencrypt/cert-request.lastrun
+				yes | cp -rfH ${NM_FOLDER}/cert-request.lastrun ${NM_CERTPATH}/cert-request.lastrun
 				DIVIDER true
-				if [ "${2}" != "newsite" ]; then
+				if [ "${2}" != "newsite" ] && [ "${NM_HOSTS['LB']}" != "" ]; then
 					echo -e -n "${idsCL[LightCyan]}Reload NGINX on LB Nodes (Y/n): ${idsCL[Default]}"
 					read -n 1 NGINXRELOAD
 					if [[ ${NGINXRELOAD} =~ ^[Nn]$ ]]; then
@@ -57,12 +47,12 @@ NEWCERT(){
 								if [[ $(/sbin/ip -o -4 addr list eth0 | awk '{print $4}' | cut -d/ -f1) != *"${nip}"* ]]; then
 									checked=false
 									until [ "${checked}" = "" ]; do
-										checked=`ssh root@${nip} "[ ! -f /opt/lb-data/letsencrypt/live/${MAIN_CERT}/newcert ] && echo '.'"`
+										checked=`ssh root@${nip} "[ ! -f ${NM_CERTPATH}/live/${MAIN_CERT}/newcert ] && echo '.'"`
 									done
 								fi
 							fi
 						done
-						rm -f /opt/lb-data/letsencrypt/live/${MAIN_CERT}/newcert
+						rm -f ${NM_CERTPATH}/live/${MAIN_CERT}/newcert
 						echo -e "${idsCL[Green]}Completed${idsCL[Default]}"
 				
 						echo
@@ -110,14 +100,14 @@ DEL-SSL(){
 		DEL_SSL=${1}
 	fi
 	if [ ! -z ${DEL_SSL+x} ] && [ "${DEL_SSL}" != "" ]; then
-		if [ -d /etc/letsencrypt/live/${DEL_SSL} ]; then 
+		if [ -d ${NM_CERTPATH}/live/${DEL_SSL} ]; then 
 			echo -e "${idsCL[LightRed]}Deleting the SSL certificates for '${idsCL[Red]}${DEL_SSL}${idsCL[LightRed]}'...${idsCL[Default]}"
 			echo 
 	
 			echo -en "${idsCL[LightRed]}Removing Files and Folders... ${idsCL[Default]}"
-			rm -rf /etc/letsencrypt/archive/${DEL_SSL}
-			rm -rf /etc/letsencrypt/live/${DEL_SSL}
-			rm -f /etc/letsencrypt/renewal/${DEL_SSL}.conf
+			rm -rf ${NM_CERTPATH}/archive/${DEL_SSL}
+			rm -rf ${NM_CERTPATH}/live/${DEL_SSL}
+			rm -f ${NM_CERTPATH}/renewal/${DEL_SSL}.conf
 			echo -e "${idsCL[Green]}OK${idsCL[Default]}"
 			echo 
 		
@@ -147,11 +137,11 @@ CERTRENEW(){
 	# $CERT_DAEMON renew --force-renewal  --preferred-chain "ISRG Root X1" --webroot -w /var/www/html 2>&1 | tee ${NM_FOLDER}/cert-renewal.lastrun
     # $CERT_DAEMON --dry-run  --preferred-chain "ISRG Root X1" renew --webroot -w /var/www/html 2>&1 | tee ${NM_FOLDER}/cert-renewal.lastrun
 	CONCAT_SSL
-	chown -R root:letsencrypt /etc/letsencrypt 2>&1 | tee -a ${NM_FOLDER}/cert-renewal.lastrun
-	chmod -R 6775 /etc/letsencrypt 2>&1 | tee -a ${NM_FOLDER}/cert-renewal.lastrun
-	yes | cp -rfH ${NM_FOLDER}/cert-renewal.lastrun /etc/letsencrypt/cert-renewal.lastrun
+	chown -R root:letsencrypt ${NM_CERTPATH} 2>&1 | tee -a ${NM_FOLDER}/cert-renewal.lastrun
+	chmod -R 6775 ${NM_CERTPATH} 2>&1 | tee -a ${NM_FOLDER}/cert-renewal.lastrun
+	yes | cp -rfH ${NM_FOLDER}/cert-renewal.lastrun ${NM_CERTPATH}/cert-renewal.lastrun
 	daterun=`date +%Y-%m-%d-%H-%M-%S`
-	echo -e "${daterun}" >> /etc/letsencrypt/cert-renewal.lastrun
+	echo -e "${daterun}" >> ${NM_CERTPATH}/cert-renewal.lastrun
 	DIVIDER true
 	echo -en "${idsCL[LightCyan]}Starting Webserver-Node2 Back up...${idsCL[Default]}"
 	ssh root@webserver-node2.scity.us service nginx start
@@ -171,18 +161,18 @@ NIGHTLYRENEW(){
 	sleep 5
 	$CERT_DAEMON renew --webroot -w /var/www/html &>> ${NM_FOLDER}/cert-renewal.lastrun
 	CONCAT_SSL
-	chown -R root:letsencrypt /etc/letsencrypt &>> ${NM_FOLDER}/cert-renewal.lastrun
-	chmod -R 6775 /etc/letsencrypt &>> ${NM_FOLDER}/cert-renewal.lastrun
-	yes | cp -rfH ${NM_FOLDER}/cert-renewal.lastrun /etc/letsencrypt/cert-renewal.lastrun
+	chown -R root:letsencrypt ${NM_CERTPATH} &>> ${NM_FOLDER}/cert-renewal.lastrun
+	chmod -R 6775 ${NM_CERTPATH} &>> ${NM_FOLDER}/cert-renewal.lastrun
+	yes | cp -rfH ${NM_FOLDER}/cert-renewal.lastrun ${NM_CERTPATH}/cert-renewal.lastrun
 	daterun=`date +%Y-%m-%d-%H-%M-%S`
-	echo -e "${daterun}" >> /etc/letsencrypt/cert-renewal.lastrun
+	echo -e "${daterun}" >> ${NM_CERTPATH}/cert-renewal.lastrun
 	ssh root@webserver-node2.scity.us service nginx start
 	SERVICE nginx reload web &>> ${NM_FOLDER}/cert-renewal.lastrun
 }
 
 CONCAT_SSL(){
 	rm -f /tmp/ssllist
-	for certdir in /etc/letsencrypt/live/*/ ; do echo $certdir; done > /tmp/ssllist
+	for certdir in ${NM_CERTPATH}/live/*/ ; do echo $certdir; done > /tmp/ssllist
 	for certdir in $(</tmp/ssllist); do
 		rm -f ${certdir}fullcert.pem
 		cat ${certdir}privkey.pem ${certdir}fullchain.pem > ${certdir}fullcert.pem
@@ -203,11 +193,11 @@ LISTCERTS(){
 	if [ ! -z ${LOCAL_SERVICES+x} ]; then
 		NCMD="ssh root@${LB_HOSTS[0]}"
 		#${NCMD} rm -f /tmp/ssllist
-		#${NCMD} 'for certdir in /etc/letsencrypt/live/*/ ; do echo $certdir; done' > /tmp/ssllist
+		#${NCMD} 'for certdir in ${NM_CERTPATH}/live/*/ ; do echo $certdir; done' > /tmp/ssllist
 	else
 		NCMD=''
 		rm -f /tmp/ssllist
-		#for certdir in /etc/letsencrypt/live/*/ ; do echo $certdir; done > /tmp/ssllist
+		#for certdir in ${NM_CERTPATH}/live/*/ ; do echo $certdir; done > /tmp/ssllist
 	fi
 	if [ -z $action ] || [ "${action}" = "gui" ]; then
 		DIVIDER true
@@ -222,7 +212,7 @@ LISTCERTS(){
 	c=0; spc2=''; until [ $c = ${cw} ]; do spc2="${spc2} "; c=`expr $c + 1`; done
 	
 	#ssldir=$(${NCMD} find /opt/nginx-proxy/ssl/* -type l)
-	ssldir=$(${NCMD} find /opt/lb-data/letsencrypt/live/* -type d)
+	ssldir=$(${NCMD} find ${NM_CERTPATH}/live/* -type d)
 	for certdir in ${ssldir[@]}; do
 		SUBJECT=$(${NCMD} openssl x509 -in ${certdir}/cert.pem -noout -subject|grep -oP '(?<=CN = )[^,]+'|sort -uV)
 		SUBJECTNAMES=$(${NCMD} openssl x509 -in ${certdir}/cert.pem -noout -text|grep -oP '(?<=DNS:|IP Address:)[^,]+'|sort -uV)

inc/sites.inc

@@ -47,9 +47,9 @@ DELSITE(){
 		ssh root@10.10.1.120 rm -f /etc/nginx/sites-enabled/${DEL_SITE}* >/dev/null 2>&1
 		ssh root@10.10.10.80 rm -f /etc/nginx/sites-enabled/${DEL_SITE}* >/dev/null 2>&1
 		if [ "${DEL_SSL}" == "yes" ]; then
-			ssh root@10.10.10.80 rm -rf /etc/letsencrypt/archive/${DEL_SITE} >/dev/null 2>&1
-			ssh root@10.10.10.80 rm -rf /etc/letsencrypt/live/${DEL_SITE} >/dev/null 2>&1
-			ssh root@10.10.10.80 rm -f /etc/letsencrypt/renewal/${DEL_SITE}.conf >/dev/null 2>&1
+			ssh root@10.10.10.80 rm -rf ${NM_CERTPATH}/archive/${DEL_SITE} >/dev/null 2>&1
+			ssh root@10.10.10.80 rm -rf ${NM_CERTPATH}/live/${DEL_SITE} >/dev/null 2>&1
+			ssh root@10.10.10.80 rm -f ${NM_CERTPATH}/renewal/${DEL_SITE}.conf >/dev/null 2>&1
 		fi
 		echo -e "${idsCL[Green]}Done${idsCL[Default]}"
 		echo
@@ -82,9 +82,9 @@ DELSITE(){
 		# 			${NCMD} rm -rf /var/www/${DEL_SITE}
 		# 			#fi
 		# 		if [ "${DEL_SSL}" = "yes" ]; then
-		# 			${NCMD} rm -rf /etc/letsencrypt/archive/${DEL_SITE}
-		# 			${NCMD} rm -rf /etc/letsencrypt/live/${DEL_SITE}
-		# 			${NCMD} rm -f /etc/letsencrypt/renewal/${DEL_SITE}.conf
+		# 			${NCMD} rm -rf ${NM_CERTPATH}/archive/${DEL_SITE}
+		# 			${NCMD} rm -rf ${NM_CERTPATH}/live/${DEL_SITE}
+		# 			${NCMD} rm -f ${NM_CERTPATH}/renewal/${DEL_SITE}.conf
 		# 		fi
 		# 		echo -e "${idsCL[Green]}OK${idsCL[Default]}"
 		# 	else
@@ -366,8 +366,8 @@ NEWSITE(){
 
 				if [ "${CREATE_SSL}" = "yes" ]; then
 					echo -e "
-	ssl_certificate_key /etc/letsencrypt/live/${MAIN_SITE}/fullchain.pem;
-	ssl_certificate_key /etc/letsencrypt/live/${MAIN_SITE}/privkey.pem;
+	ssl_certificate_key ${NM_CERTPATH}/live/${MAIN_SITE}/fullchain.pem;
+	ssl_certificate_key ${NM_CERTPATH}/live/${MAIN_SITE}/privkey.pem;
 	include conf.d/include/ssl-ciphers.conf;" >> ${nginxconfig}
 				fi
 				echo -e "
@@ -464,7 +464,7 @@ NEWSITE(){
 				# 		fi
 				# 	fi
 				# done
-				# rm -f /opt/lb-data/letsencrypt/live/${MAIN_CERT}/newcert
+				# rm -f ${NM_CERTPATH}/live/${MAIN_CERT}/newcert
 				# echo -e "${idsCL[Green]}Completed${idsCL[Default]}"
 		
 				echo

nodemgmt-scripts.sh

@@ -138,8 +138,8 @@ SET-PERMISSIONS(){
 					fi
 					echo -e "${idsCL[Yellow]}Setting folder permissions for MySQL-Node${nid} (${nip})${idsCL[Default]}"
 					echo -en "${idsCL[Cyan]}LetsEncrypt Certs    ${idsCL[Default]}"
-					${NCMD} chown -R root:letsencrypt /etc/letsencrypt
-					${NCMD} chmod -R 6775 /etc/letsencrypt
+					${NCMD} chown -R root:letsencrypt ${NM_CERTPATH}
+					${NCMD} chmod -R 6775 ${NM_CERTPATH}
 					echo -e "${idsCL[Green]}Complete${idsCL[Default]}"
 					echo 
 				fi
@@ -178,8 +178,8 @@ SET-PERMISSIONS(){
 					${NCMD} chmod -R 750 /home/git
 					echo -e "${idsCL[Green]}Complete${idsCL[Def ault]}"
 					echo -en "${idsCL[Cyan]}LetsEncrypt Certs    ${idsCL[Default]}"
-					${NCMD} chown -R root:letsencrypt /etc/letsencrypt
-					${NCMD} chmod -R 6775 /etc/letsencrypt
+					${NCMD} chown -R root:letsencrypt ${NM_CERTPATH}
+					${NCMD} chmod -R 6775 ${NM_CERTPATH}
 					echo -e "${idsCL[Green]}Complete${idsCL[Default]}"
 					echo -en "${idsCL[Cyan]}PowerDNS-Admin       ${idsCL[Default]}"
 					${NCMD} chown -R www-data:www-data /opt/powerdns-admin
@@ -405,7 +405,7 @@ NODEUPDATE() {
 
 VCENTER-SSL(){
 	VCHOSTNAME='vcenter.scity.us'
-	#BASECERTDIR="/etc/letsencrypt/live"
+	#BASECERTDIR="${NM_CERTPATH}/live"
 	BASECERTDIR="/opt/nginx-proxy/ssl"
 	CERTDIR="${BASECERTDIR}/${VCHOSTNAME}"
 	SERVER="https://${VCHOSTNAME}"

templates/nginx.proxy.site

@@ -12,8 +12,8 @@ server {
 
 	include conf.d/include/letsencrypt-acme-challenge.conf;
 	include conf.d/include/ssl-ciphers.conf;
-	#ssl_certificate /opt/lb-data/letsencrypt/live/<<MAIN_SITE>>/fullchain.pem;
-	#ssl_certificate_key /opt/lb-data/letsencrypt/live/<<MAIN_SITE>>/privkey.pem;
+	#ssl_certificate ${NM_CERTPATH}/live/<<MAIN_SITE>>/fullchain.pem;
+	#ssl_certificate_key ${NM_CERTPATH}/live/<<MAIN_SITE>>/privkey.pem;
 
 	access_log /var/log/nginx/<<MAIN_SITE>>.proxy.log proxy;
 	error_log /var/log/nginx/<<MAIN_SITE>>.error.log warn;

templates/nginx.ssl.site

@@ -9,8 +9,8 @@ server {
 	access_log  /var/log/nginx/<<HOSTNAME>>-access.log;
 	error_log  /var/log/nginx/<<HOSTNAME>>-error.log warn;
 
-	ssl_certificate /etc/letsencrypt/live/<<HOSTNAME>>/fullchain.pem;
-	ssl_certificate_key /etc/letsencrypt/live/<<HOSTNAME>>/privkey.pem;
+	ssl_certificate ${NM_CERTPATH}/live/<<HOSTNAME>>/fullchain.pem;
+	ssl_certificate_key ${NM_CERTPATH}/live/<<HOSTNAME>>/privkey.pem;
 	include conf.d/include/ssl-ciphers.conf;
 
 	index index.php index.html index.htm;