update
This commit is contained in:
@@ -1,5 +1,5 @@
|
||||
|
||||
VERS='4.9.14-07162023'
|
||||
VERS='4.10.1-07162023'
|
||||
|
||||
noheader=' service status-check nightlyrephp7.3-fpm,new backup report check checkcerts gitea update-nodes copynpmcerts singleservercheck update-dyndns '
|
||||
CERT_DAEMON='/snap/bin/certbot'
|
||||
@@ -34,6 +34,7 @@ if [ -f ${NM_FOLDER}/defaults.local.inc ]; then
|
||||
declare -A NM_SINGLESRVR_SERVICES
|
||||
declare -A NM_SINGLESRVR_DOCKERS
|
||||
declare -A NM_SINGLESRVR_IP
|
||||
declare -A NM_CERTPATHS
|
||||
|
||||
source ${NM_FOLDER}/defaults.local.inc
|
||||
|
||||
@@ -129,6 +130,9 @@ for NTYPE in "${NM_NODE_TYPES[@]}"; do
|
||||
done
|
||||
done
|
||||
|
||||
[ "${NM_REPL_NGINX_PATHS[${RUN_NODE_TYPE}]}" != "" ] && NM_NGINXPATH=${NM_REPL_NGINX_PATHS[${RUN_NODE_TYPE}]} || NM_NGINXPATH=/etc/nginx
|
||||
[ "${NM_CERTPATHS[${RUN_NODE_TYPE}]}" != "" ] && NM_CERTPATH=${NM_CERTPATHS[${RUN_NODE_TYPE}]} || NM_CERTPATH=/etc/letsencrypt
|
||||
|
||||
declare -A NM_SRVCOPTS
|
||||
NM_SRVCOPTS['status']='Status'
|
||||
NM_SRVCOPTS['start']='Start'
|
||||
@@ -140,7 +144,7 @@ NM_SRVCOPTS['disable']='Disabl'
|
||||
NM_SRVCOPTS['daemon-reload']='Daemon-Reload'
|
||||
|
||||
declare -A NM_BACKUP_ITEMS
|
||||
NM_BACKUP_ITEMS['nginx-settings']=/etc/nginx
|
||||
NM_BACKUP_ITEMS['nginx-settings']=${NM_NGINXPATH}
|
||||
NM_BACKUP_ITEMS['nginx-logs']=/var/log/nginx
|
||||
NM_BACKUP_ITEMS['letsencrypt-certs']=/etc/letsencrypt
|
||||
NM_BACKUP_ITEMS['webserver-files']=/var/www
|
||||
|
||||
@@ -18,7 +18,7 @@ NEWCERT(){
|
||||
echo -e "${idsCL[LightGreen]}Requesting Certificate for '${idsCL[Yellow]}${NEW_CERT}${idsCL[LightGreen]}'...${idsCL[Default]}"
|
||||
echo
|
||||
|
||||
$CERT_DAEMON certonly --webroot -w /opt/lb-data/letsencrypt-acme-challenge -d ${NEW_CERT}
|
||||
$CERT_DAEMON certonly --webroot -w ${NM_CERTPATH}/letsencrypt-acme-challenge -d ${NEW_CERT}
|
||||
# $CERT_DAEMON certonly --dry-run --webroot -w /var/www/html -d ${NEW_CERT}
|
||||
|
||||
chown -R root:le ${NM_CERTPATH}
|
||||
@@ -27,7 +27,7 @@ NEWCERT(){
|
||||
if [ -d ${NM_CERTPATH}/live/${MAIN_CERT} ]; then
|
||||
|
||||
touch ${NM_CERTPATH}/live/${MAIN_CERT}/newcert
|
||||
if [ -f /opt/lb-data/nginx/sites-enabled/${MAIN_CERT}.conf ]; then
|
||||
if [ -f ${NM_NGINXPATH}/sites-enabled/${MAIN_CERT}.conf ]; then
|
||||
rm -f ${NM_FOLDER}/cert-request.lastrun
|
||||
daterun=`date +%Y-%m-%d-%H-%M-%S`
|
||||
echo -e "${NEW_CERT}\n${daterun}" > ${NM_FOLDER}/cert-request.lastrun
|
||||
@@ -120,15 +120,14 @@ DEL-SSL(){
|
||||
echo -e "${idsCL[Green]}Completed${idsCL[Default]}"
|
||||
fi
|
||||
echo
|
||||
# SERVICE nginx reload
|
||||
echo -e "${idsCL[LightRed]}The SSL certificate has been removed fromt be nodes.${idsCL[Default]}"
|
||||
fi
|
||||
}
|
||||
|
||||
CERTRENEW(){
|
||||
echo -en "${idsCL[LightCyan]}Stopping Webserver-Node2...${idsCL[Default]}"
|
||||
ssh root@webserver-node2.scity.us service nginx stop
|
||||
echo -e "${idsCL[LightGreen]} Completed${idsCL[Default]}"
|
||||
# echo -en "${idsCL[LightCyan]}Stopping Webserver-Node2...${idsCL[Default]}"
|
||||
# ssh root@webserver-node2.scity.us service nginx stop
|
||||
# echo -e "${idsCL[LightGreen]} Completed${idsCL[Default]}"
|
||||
echo
|
||||
echo -e "${idsCL[LightGreen]}Renewing Certificates...${idsCL[Default]}"
|
||||
echo
|
||||
@@ -137,15 +136,15 @@ CERTRENEW(){
|
||||
# $CERT_DAEMON renew --force-renewal --preferred-chain "ISRG Root X1" --webroot -w /var/www/html 2>&1 | tee ${NM_FOLDER}/cert-renewal.lastrun
|
||||
# $CERT_DAEMON --dry-run --preferred-chain "ISRG Root X1" renew --webroot -w /var/www/html 2>&1 | tee ${NM_FOLDER}/cert-renewal.lastrun
|
||||
CONCAT_SSL
|
||||
chown -R root:letsencrypt ${NM_CERTPATH} 2>&1 | tee -a ${NM_FOLDER}/cert-renewal.lastrun
|
||||
chown -R root:le ${NM_CERTPATH} 2>&1 | tee -a ${NM_FOLDER}/cert-renewal.lastrun
|
||||
chmod -R 6775 ${NM_CERTPATH} 2>&1 | tee -a ${NM_FOLDER}/cert-renewal.lastrun
|
||||
yes | cp -rfH ${NM_FOLDER}/cert-renewal.lastrun ${NM_CERTPATH}/cert-renewal.lastrun
|
||||
daterun=`date +%Y-%m-%d-%H-%M-%S`
|
||||
echo -e "${daterun}" >> ${NM_CERTPATH}/cert-renewal.lastrun
|
||||
DIVIDER true
|
||||
echo -en "${idsCL[LightCyan]}Starting Webserver-Node2 Back up...${idsCL[Default]}"
|
||||
ssh root@webserver-node2.scity.us service nginx start
|
||||
echo -e "${idsCL[LightGreen]} Completed${idsCL[Default]}"
|
||||
# echo -en "${idsCL[LightCyan]}Starting Webserver-Node2 Back up...${idsCL[Default]}"
|
||||
# ssh root@webserver-node2.scity.us service nginx start
|
||||
# echo -e "${idsCL[LightGreen]} Completed${idsCL[Default]}"
|
||||
echo
|
||||
SERVICE nginx restart 2>&1 | tee -a ${NM_FOLDER}/cert-renewal.lastrun
|
||||
echo -e "${idsCL[LightGreen]}The certificates have been renewed.${idsCL[Default]}"
|
||||
@@ -156,17 +155,17 @@ CERTRENEW(){
|
||||
fi
|
||||
}
|
||||
NIGHTLYRENEW(){
|
||||
rm -f ${NM_FOLDER}/cert-renewal.lastrun
|
||||
ssh root@webserver-node2.scity.us service nginx stop
|
||||
sleep 5
|
||||
# rm -f ${NM_FOLDER}/cert-renewal.lastrun
|
||||
# ssh root@webserver-node2.scity.us service nginx stop
|
||||
# sleep 5
|
||||
$CERT_DAEMON renew --webroot -w /var/www/html &>> ${NM_FOLDER}/cert-renewal.lastrun
|
||||
CONCAT_SSL
|
||||
chown -R root:letsencrypt ${NM_CERTPATH} &>> ${NM_FOLDER}/cert-renewal.lastrun
|
||||
chown -R root:le ${NM_CERTPATH} &>> ${NM_FOLDER}/cert-renewal.lastrun
|
||||
chmod -R 6775 ${NM_CERTPATH} &>> ${NM_FOLDER}/cert-renewal.lastrun
|
||||
yes | cp -rfH ${NM_FOLDER}/cert-renewal.lastrun ${NM_CERTPATH}/cert-renewal.lastrun
|
||||
daterun=`date +%Y-%m-%d-%H-%M-%S`
|
||||
echo -e "${daterun}" >> ${NM_CERTPATH}/cert-renewal.lastrun
|
||||
ssh root@webserver-node2.scity.us service nginx start
|
||||
# ssh root@webserver-node2.scity.us service nginx start
|
||||
SERVICE nginx reload web &>> ${NM_FOLDER}/cert-renewal.lastrun
|
||||
}
|
||||
|
||||
|
||||
@@ -43,22 +43,19 @@ DELSITE(){
|
||||
echo -e "${idsCL[LightRed]}[[Removing Files and Folders]]${idsCL[Default]}"
|
||||
echo -e "${idsCL[LightRed]}-------------------------------------------${idsCL[Default]}"
|
||||
echo
|
||||
echo -en "${idsCL[LightCyan]}Removing files from all Nodes ... ${idsCL[Default]}"
|
||||
ssh root@10.10.1.120 rm -f /etc/nginx/sites-enabled/${DEL_SITE}* >/dev/null 2>&1
|
||||
ssh root@10.10.10.80 rm -f /etc/nginx/sites-enabled/${DEL_SITE}* >/dev/null 2>&1
|
||||
if [ "${DEL_SSL}" == "yes" ]; then
|
||||
ssh root@10.10.10.80 rm -rf ${NM_CERTPATH}/archive/${DEL_SITE} >/dev/null 2>&1
|
||||
ssh root@10.10.10.80 rm -rf ${NM_CERTPATH}/live/${DEL_SITE} >/dev/null 2>&1
|
||||
ssh root@10.10.10.80 rm -f ${NM_CERTPATH}/renewal/${DEL_SITE}.conf >/dev/null 2>&1
|
||||
fi
|
||||
echo -en "${idsCL[LightCyan]}Removing NGINX files ... ${idsCL[Default]}"
|
||||
rm -f ${NM_NGINXPATH}/sites-enabled/${DEL_SITE}* >/dev/null 2>&1
|
||||
echo -e "${idsCL[Green]}Done${idsCL[Default]}"
|
||||
echo
|
||||
if [ "${DEL_SSL}" == "yes" ]; then
|
||||
DEL-SSL ${DEL_SITE}
|
||||
echo
|
||||
fi
|
||||
|
||||
ssh root@${NM_SINGLESRVR_IP['WEB']} sed -i "/${DEL_SITE}/d" ${NM_DOCKER_COMPOSE_LOC['authelia']}/config/configuration.yml
|
||||
|
||||
echo -en "${idsCL[LightCyan]}Reloading NGINX ... ${idsCL[Default]}"
|
||||
ssh root@10.10.10.80 nodemgmt service nginx reload >/dev/null 2>&1
|
||||
ssh root@10.10.1.120 nodemgmt service nginx reload >/dev/null 2>&1
|
||||
SERVICE nginx reload >/dev/null 2>&1
|
||||
echo -e "${idsCL[Green]}Done${idsCL[Default]}"
|
||||
|
||||
# nid=1
|
||||
@@ -74,9 +71,9 @@ DELSITE(){
|
||||
# checkhost=$(CHECK_HOST ${nip})
|
||||
# fi
|
||||
# if [ "${checkhost}" != "false" ]; then
|
||||
# #if [ -f /etc/nginx/sites-available/${DEL_SITE} ]; then
|
||||
# ${NCMD} rm -f /etc/nginx/sites-available/${DEL_SITE}*
|
||||
# ${NCMD} rm -f /etc/nginx/sites-enabled/${DEL_SITE}*
|
||||
# #if [ -f ${NM_NGINXPATH}/sites-available/${DEL_SITE} ]; then
|
||||
# ${NCMD} rm -f ${NM_NGINXPATH}/sites-available/${DEL_SITE}*
|
||||
# ${NCMD} rm -f ${NM_NGINXPATH}/sites-enabled/${DEL_SITE}*
|
||||
# #fi
|
||||
# #if [ -d /var/www/${DEL_SITE} ]; then
|
||||
# ${NCMD} rm -rf /var/www/${DEL_SITE}
|
||||
@@ -113,10 +110,10 @@ DELSITES(){
|
||||
echo -e "${idsCL[Red]}Select a site to delete...${idsCL[Default]}"
|
||||
DIVIDER true
|
||||
sid=1
|
||||
filels="( $(ssh root@${WEB_HOSTS[0]} ls '/etc/nginx/sites-available/*') )"
|
||||
filels="( $(ssh root@${WEB_HOSTS[0]} ls '${NM_NGINXPATH}/sites-available/*') )"
|
||||
# IFS='\n'
|
||||
for siteconf in $filels; do
|
||||
# for siteconf in /etc/nginx/sites-available/* ; do
|
||||
# for siteconf in ${NM_NGINXPATH}/sites-available/* ; do
|
||||
# [ -e "$siteconf" ] || continue
|
||||
if [ ${siteconf:0:1} == '/' ]; then
|
||||
IFS='/'; site_conf=(${siteconf}); unset IFS
|
||||
@@ -324,7 +321,7 @@ NEWSITE(){
|
||||
NGINX_SERVERNAME=${NEW_SITE}
|
||||
|
||||
fi
|
||||
nginxconfig=/etc/nginx/sites-enabled/${MAIN_SITE}.conf
|
||||
nginxconfig=${NM_NGINXPATH}/sites-enabled/${MAIN_SITE}.conf
|
||||
|
||||
if [ "${SITE_TYPE}" = "proxy" ]; then
|
||||
if [ ! -z ${PROXYSCHEME+x} ] && [ ! -z ${PROXYHOST+x} ] && [ ! -z ${PROXYPORT+x} ]; then GO=true; fi
|
||||
@@ -438,10 +435,10 @@ NEWSITE(){
|
||||
rm -f ${NM_FOLDER}/new-site.lastrun
|
||||
daterun=`date +%Y-%m-%d-%H-%M-%S`
|
||||
echo -e "${NEW_SITE}\n${daterun}" > ${NM_FOLDER}/new-site.lastrun
|
||||
# yes | cp -rfH ${NM_FOLDER}/new-site.lastrun /etc/nginx/new-site.lastrun
|
||||
# yes | cp -rfH ${NM_FOLDER}/new-site.lastrun ${NM_NGINXPATH}/new-site.lastrun
|
||||
# yes | cp -rfH ${NM_FOLDER}/new-site.lastrun /var/www/new-site.lastrun
|
||||
# daterun=`date +%Y-%m-%d-%H-%M-%S`
|
||||
# echo -e "${daterun}" >> /etc/nginx/new-site.lastrun
|
||||
# echo -e "${daterun}" >> ${NM_NGINXPATH}/new-site.lastrun
|
||||
DIVIDER true
|
||||
echo
|
||||
echo -e "${idsCL[LightGreen]}The new site for '${idsCL[LightGreen]}${NEW_SITE}${idsCL[Default]}' has been created.${idsCL[Default]}"
|
||||
|
||||
@@ -138,7 +138,7 @@ SET-PERMISSIONS(){
|
||||
fi
|
||||
echo -e "${idsCL[Yellow]}Setting folder permissions for MySQL-Node${nid} (${nip})${idsCL[Default]}"
|
||||
echo -en "${idsCL[Cyan]}LetsEncrypt Certs ${idsCL[Default]}"
|
||||
${NCMD} chown -R root:letsencrypt ${NM_CERTPATH}
|
||||
${NCMD} chown -R root:le ${NM_CERTPATH}
|
||||
${NCMD} chmod -R 6775 ${NM_CERTPATH}
|
||||
echo -e "${idsCL[Green]}Complete${idsCL[Default]}"
|
||||
echo
|
||||
@@ -178,7 +178,7 @@ SET-PERMISSIONS(){
|
||||
${NCMD} chmod -R 750 /home/git
|
||||
echo -e "${idsCL[Green]}Complete${idsCL[Def ault]}"
|
||||
echo -en "${idsCL[Cyan]}LetsEncrypt Certs ${idsCL[Default]}"
|
||||
${NCMD} chown -R root:letsencrypt ${NM_CERTPATH}
|
||||
${NCMD} chown -R root:le ${NM_CERTPATH}
|
||||
${NCMD} chmod -R 6775 ${NM_CERTPATH}
|
||||
echo -e "${idsCL[Green]}Complete${idsCL[Default]}"
|
||||
echo -en "${idsCL[Cyan]}PowerDNS-Admin ${idsCL[Default]}"
|
||||
@@ -405,8 +405,8 @@ NODEUPDATE() {
|
||||
|
||||
VCENTER-SSL(){
|
||||
VCHOSTNAME='vcenter.scity.us'
|
||||
#BASECERTDIR="${NM_CERTPATH}/live"
|
||||
BASECERTDIR="/opt/nginx-proxy/ssl"
|
||||
BASECERTDIR="${NM_CERTPATH}/live"
|
||||
# BASECERTDIR="/opt/nginx-proxy/ssl"
|
||||
CERTDIR="${BASECERTDIR}/${VCHOSTNAME}"
|
||||
SERVER="https://${VCHOSTNAME}"
|
||||
CRED="administrator@scity.vs:$(pass iDSVC)"
|
||||
|
||||
Reference in New Issue
Block a user