voltron/NodeMgmt
1
1
Fork 0
Code Issues Pull Requests Releases 1 Activity

update

Browse Source
This commit is contained in:
David Schroeder
2023-11-13 08:19:27 -06:00
parent 5fea5f37be
commit 2141e9d208
2 changed files with 60 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

59
inc/certs.inc
View File

@@ -1,6 +1,6 @@
#!/usr/bin/env bash #!/usr/bin/env bash
NEWCERT(){ NEWCERT(){
CERTTEST=0 CERTTEST=0; CERTEXPAND=""
if [ "${3}" != "" ] && ([ ${3} -eq 0 ] || [ ${3} -eq 1 ]); then if [ "${3}" != "" ] && ([ ${3} -eq 0 ] || [ ${3} -eq 1 ]); then
NEW_CERT=${1} NEW_CERT=${1}
CERTTEST=${3} CERTTEST=${3}
@@ -8,6 +8,7 @@ NEWCERT(){
while [ $# -gt 0 ]; do while [ $# -gt 0 ]; do
case "${1}" in case "${1}" in
-test|-t) CERTTEST=1;; -test|-t) CERTTEST=1;;
-expand) CERTEXPAND='--expand';;
-h|-help|--help) -h|-help|--help)
echo -e "Usage: ${idsCL[Yellow]}nodemgmt / nmg newcert {hostname}${idsCL[Default]} {" echo -e "Usage: ${idsCL[Yellow]}nodemgmt / nmg newcert {hostname}${idsCL[Default]} {"
width=33 width=33
@@ -44,9 +45,9 @@ NEWCERT(){
# $CERT_DAEMON certonly --webroot -w ${NM_CERTPATH}/letsencrypt-acme-challenge -d ${NEW_CERT} # $CERT_DAEMON certonly --webroot -w ${NM_CERTPATH}/letsencrypt-acme-challenge -d ${NEW_CERT}
# $CERT_DAEMON certonly --webroot --preferred-chain "ISRG Root X1" -w ${NM_CERTPATH}/letsencrypt-acme-challenge -d ${NEW_CERT} # $CERT_DAEMON certonly --webroot --preferred-chain "ISRG Root X1" -w ${NM_CERTPATH}/letsencrypt-acme-challenge -d ${NEW_CERT}
if [ ${CERTTEST} -eq 1 ]; then if [ ${CERTTEST} -eq 1 ]; then
$CERT_DAEMON certonly --dry-run --webroot --preferred-chain "ISRG Root X1" -w ${NM_CERTPATH}/letsencrypt-acme-challenge -d ${NEW_CERT} $CERT_DAEMON certonly ${CERTEXPAND} --dry-run --webroot --preferred-chain "ISRG Root X1" -w ${NM_CERTPATH}/letsencrypt-acme-challenge -d ${NEW_CERT}
else else
$CERT_DAEMON certonly --webroot --preferred-chain "ISRG Root X1" -w ${NM_CERTPATH}/letsencrypt-acme-challenge -d ${NEW_CERT} $CERT_DAEMON certonly ${CERTEXPAND} --webroot --preferred-chain "ISRG Root X1" -w ${NM_CERTPATH}/letsencrypt-acme-challenge -d ${NEW_CERT}
fi fi
chown -R root:le ${NM_CERTPATH} chown -R root:le ${NM_CERTPATH}
@@ -194,6 +195,29 @@ LISTCERTS(){
done done
unset IFS unset IFS
fi fi
for c in ${!CHECKCERT_DOMAINS[@]}; do
echo "HERE1: ${c} = ${CHECKCERT_DOMAINS[${c}]}"
done
unset CHECKCERT_DOMAINS
declare -A CHECKCERT_DOMAINS
IFS=$'\n'
for LINE in `egrep -v '(^#|^$)' ${NM_FOLDER}/conf/ssl-domain-checks.conf`; do
HOST=${LINE%% *}
PORT=${LINE#* }
IFS=" "
oldCHECKCERT_DOMAINS[${HOST}]=${PORT}
done
unset IFS
readarray -td '' CHECKCERT_DOMAINS < <(printf '%s\0' "${oldCHECKCERT_DOMAINS[@]}" | sort -z)
for c in ${!CHECKCERT_DOMAINS[@]}; do
echo "HERE2: ${c} = ${CHECKCERT_DOMAINS[${c}]}"
done
# if [ ! -z ${LOCAL_SERVICES+x} ]; then # if [ ! -z ${LOCAL_SERVICES+x} ]; then
# NCMD="ssh root@${NM_HOSTS['LB'][0]}" # NCMD="ssh root@${NM_HOSTS['LB'][0]}"
# #${NCMD} rm -f /tmp/ssllist # #${NCMD} rm -f /tmp/ssllist
@@ -312,6 +336,7 @@ LISTCERTS(){
SUBJECTNAMES=$(echo $SUBJECTNAMES | sed "s/, ${SUBJECT}//g") SUBJECTNAMES=$(echo $SUBJECTNAMES | sed "s/, ${SUBJECT}//g")
SUBJECTNAMES=$(echo $SUBJECTNAMES | sed "s/${SUBJECT}//g") SUBJECTNAMES=$(echo $SUBJECTNAMES | sed "s/${SUBJECT}//g")
SUBJECTNAMES=${SUBJECTNAMES//, /,} SUBJECTNAMES=${SUBJECTNAMES//, /,}
oldSUBJECTNAMES=${SUBJECTNAMES}
[[ "$(declare -p CHECKCERT_DOMAINS)" =~ "declare -a" ]] && [ "${CHECKCERT_DOMAINS[${SUBJECT}]}" = "" ] && monitored='-' || monitored="Yes" [[ "$(declare -p CHECKCERT_DOMAINS)" =~ "declare -a" ]] && [ "${CHECKCERT_DOMAINS[${SUBJECT}]}" = "" ] && monitored='-' || monitored="Yes"
editc=0 editc=0
@@ -338,6 +363,7 @@ LISTCERTS(){
1) echo -e "\033[K\n\033[K" 1) echo -e "\033[K\n\033[K"
echo -en "\033[KEnter new Alternate Names: " echo -en "\033[KEnter new Alternate Names: "
read -i "${SUBJECTNAMES}" -e SUBJECTNAMES read -i "${SUBJECTNAMES}" -e SUBJECTNAMES
SUBJECTNAMES=${SUBJECTNAMES//, /,}
echo -e "\033[5A"; for (( c=1; c<=5; c++ )); do echo -e "\033[K"; done; echo -e "\033[5A" echo -e "\033[5A"; for (( c=1; c<=5; c++ )); do echo -e "\033[K"; done; echo -e "\033[5A"
;; ;;
2) [ "${monitored}" == "-" ] && monitored='Yes' || monitored='-';; 2) [ "${monitored}" == "-" ] && monitored='Yes' || monitored='-';;
@@ -384,7 +410,32 @@ LISTCERTS(){
*) *)
[ "${confirm}" != "" ] && echo -en "\n" [ "${confirm}" != "" ] && echo -en "\n"
echo -en "\033[1A\033[K\r${idsCL[LightCyan]}Configuring changes ... ${idsCL[Default]}" echo -en "\033[1A\033[K\r${idsCL[LightCyan]}Configuring changes ... ${idsCL[Default]}"
NEWCERT
[ "${SUBJECTNAMES}" != "${oldSUBJECTNAMES}" ] && NEWCERT -expand ${SUBJECT},${SUBJECTNAMES} #>/dev/null 2&>1
if [ "${monitored^^}" == "YES" ]; then
if [ "$(grep ${SUBJECT} ${NM_FOLDER}/conf/ssl-domain-checks.conf)" == "" ]; then
[ ! -f ${NM_FOLDER}/conf/ssl-domain-checks.conf ] && touch ${NM_FOLDER}/conf/ssl-domain-checks.conf
# echo "${SUBJECT} 443" >> ${NM_FOLDER}/conf/ssl-domain-checks.conf
unset CHECKCERT_DOMAINS
declare -A CHECKCERT_DOMAINS
IFS=$'\n'
for LINE in `egrep -v '(^#|^$)' ${NM_FOLDER}/conf/ssl-domain-checks.conf`; do
HOST=${LINE%% *}
PORT=${LINE#* }
IFS=" "
oldCHECKCERT_DOMAINS[${HOST}]=${PORT}
done
unset IFS
readarray -td '' CHECKCERT_DOMAINS < <(printf '%s\0' "${oldCHECKCERT_DOMAINS[@]}" | sort -z)
fi
else
sed -i "/${SUBJECT}/d" ${NM_FOLDER}/conf/ssl-domain-checks.conf
fi
echo -e "${idsCL[LightGreen]}Done${idsCL[Default]}" echo -e "${idsCL[LightGreen]}Done${idsCL[Default]}"
echo echo
echo -en "\033[K\r${idsCL[LightCyan]}Continue or Exit (C/e): ${idsCL[Default]}" echo -en "\033[K\r${idsCL[LightCyan]}Continue or Exit (C/e): ${idsCL[Default]}"

10
inc/sites.inc
View File

@@ -497,7 +497,7 @@ NEWPROXYSITE_CREATE(){
else else
[ "${MAIN_SITE}" != "${SITENAME}" ] && [ -f ${NM_NGINXPATH}/sites-enabled/${SITENAME}.conf ] && mv ${NM_NGINXPATH}/sites-enabled/${SITENAME}.conf ${nginxconfig} [ "${MAIN_SITE}" != "${SITENAME}" ] && [ -f ${NM_NGINXPATH}/sites-enabled/${SITENAME}.conf ] && mv ${NM_NGINXPATH}/sites-enabled/${SITENAME}.conf ${nginxconfig}
if [ ! -f ${nginxconfig} ]; then if [ ! -f ${nginxconfig} ]; then
echo -en "${idsCL[LightCyan]}Configuring initial NGINX Site config ... ${idsCL[Default]}" echo -en "${idsCL[LightCyan]}Configuring initial NGINX Site config ... "
cp ${NM_FOLDER}/templates/nginx.proxy.site ${nginxconfig} cp ${NM_FOLDER}/templates/nginx.proxy.site ${nginxconfig}
sed -i "s/<<SERVER_NAME>>/${NGINX_SERVERNAME//,/ }/g" ${nginxconfig} sed -i "s/<<SERVER_NAME>>/${NGINX_SERVERNAME//,/ }/g" ${nginxconfig}
sed -i "s/<<MAIN_SITE>>/${MAIN_SITE}/g" ${nginxconfig} sed -i "s/<<MAIN_SITE>>/${MAIN_SITE}/g" ${nginxconfig}
@@ -510,19 +510,19 @@ NEWPROXYSITE_CREATE(){
else else
oldservernames=$(grep 'server_name' ${nginxconfig});oldservernames=${oldservernames//;/};oldservernames=${oldservernames#* };oldservernames=${oldservernames// /,} oldservernames=$(grep 'server_name' ${nginxconfig});oldservernames=${oldservernames//;/};oldservernames=${oldservernames#* };oldservernames=${oldservernames// /,}
if [ "${MAIN_SITE}" != "${SITENAME}" ]; then if [ "${MAIN_SITE}" != "${SITENAME}" ]; then
echo -e "${idsCL[LightCyan]}Detected MAIN_SITE name change, making necesary adjustments ... ${idsCL[Default]}" echo -e "${idsCL[LightCyan]}Detected MAIN_SITE name change, making necesary adjustments ... "
echo -en "\n${idsCL[LightCyan]}Removing old SSL Cert ... " echo -en "\n${idsCL[LightCyan]}Removing old SSL Cert ... "
DEL-SSL ${SITENAME} >/dev/null 2>&1 DEL-SSL ${SITENAME} >/dev/null 2>&1
echo -e "${idsCL[LightGreen]}Done${idsCL[Default]}\n" echo -e "${idsCL[LightGreen]}Done${idsCL[Default]}\n"
echo -en "\n${idsCL[LightCyan]}Requesting new SSL Cert ... " echo -en "\n${idsCL[LightCyan]}Requesting new SSL Cert ... "
NEWCERT ${NGINX_SERVERNAME} >/dev/null 2>&1 NEWCERT -expand ${NGINX_SERVERNAME} >/dev/null 2>&1
echo -e "${idsCL[LightGreen]}Done${idsCL[Default]}\n" echo -e "${idsCL[LightGreen]}Done${idsCL[Default]}\n"
# sed -i "s/live\/${SITENAME}\//live\/${MAIN_SITE}\//g" ${nginxconfig} # sed -i "s/live\/${SITENAME}\//live\/${MAIN_SITE}\//g" ${nginxconfig}
sed -i "s/\/${SITENAME}/\/${MAIN_SITE}/g" ${nginxconfig} sed -i "s/\/${SITENAME}/\/${MAIN_SITE}/g" ${nginxconfig}
elif [ "${oldservernames}" != "${NGINX_SERVERNAME}" ]; then elif [ "${oldservernames}" != "${NGINX_SERVERNAME}" ]; then
echo -e "\n${idsCL[LightCyan]}Updating SSL Cert for hostname changes, select 'E'xpand when prompted:" echo -en "\n${idsCL[LightCyan]}Updating SSL Cert for hostname changes ... "
NEWCERT ${NGINX_SERVERNAME} NEWCERT -expand ${NGINX_SERVERNAME} >/dev/null 2>&1
echo -e "${idsCL[LightGreen]}Done${idsCL[Default]}\n" echo -e "${idsCL[LightGreen]}Done${idsCL[Default]}\n"
fi fi