diff --git a/defaults.inc b/defaults.inc index 8f2839cd..81143f15 100755 --- a/defaults.inc +++ b/defaults.inc @@ -1,5 +1,5 @@ -VERS='4.9.14-07162023' +VERS='4.10.1-07162023' noheader=' service status-check nightlyrephp7.3-fpm,new backup report check checkcerts gitea update-nodes copynpmcerts singleservercheck update-dyndns ' CERT_DAEMON='/snap/bin/certbot' @@ -34,6 +34,7 @@ if [ -f ${NM_FOLDER}/defaults.local.inc ]; then declare -A NM_SINGLESRVR_SERVICES declare -A NM_SINGLESRVR_DOCKERS declare -A NM_SINGLESRVR_IP + declare -A NM_CERTPATHS source ${NM_FOLDER}/defaults.local.inc @@ -129,6 +130,9 @@ for NTYPE in "${NM_NODE_TYPES[@]}"; do done done +[ "${NM_REPL_NGINX_PATHS[${RUN_NODE_TYPE}]}" != "" ] && NM_NGINXPATH=${NM_REPL_NGINX_PATHS[${RUN_NODE_TYPE}]} || NM_NGINXPATH=/etc/nginx +[ "${NM_CERTPATHS[${RUN_NODE_TYPE}]}" != "" ] && NM_CERTPATH=${NM_CERTPATHS[${RUN_NODE_TYPE}]} || NM_CERTPATH=/etc/letsencrypt + declare -A NM_SRVCOPTS NM_SRVCOPTS['status']='Status' NM_SRVCOPTS['start']='Start' @@ -140,7 +144,7 @@ NM_SRVCOPTS['disable']='Disabl' NM_SRVCOPTS['daemon-reload']='Daemon-Reload' declare -A NM_BACKUP_ITEMS -NM_BACKUP_ITEMS['nginx-settings']=/etc/nginx +NM_BACKUP_ITEMS['nginx-settings']=${NM_NGINXPATH} NM_BACKUP_ITEMS['nginx-logs']=/var/log/nginx NM_BACKUP_ITEMS['letsencrypt-certs']=/etc/letsencrypt NM_BACKUP_ITEMS['webserver-files']=/var/www diff --git a/inc/certs.inc b/inc/certs.inc index 658d7825..ce43fd2f 100755 --- a/inc/certs.inc +++ b/inc/certs.inc @@ -18,7 +18,7 @@ NEWCERT(){ echo -e "${idsCL[LightGreen]}Requesting Certificate for '${idsCL[Yellow]}${NEW_CERT}${idsCL[LightGreen]}'...${idsCL[Default]}" echo - $CERT_DAEMON certonly --webroot -w /opt/lb-data/letsencrypt-acme-challenge -d ${NEW_CERT} + $CERT_DAEMON certonly --webroot -w ${NM_CERTPATH}/letsencrypt-acme-challenge -d ${NEW_CERT} # $CERT_DAEMON certonly --dry-run --webroot -w /var/www/html -d ${NEW_CERT} chown -R root:le ${NM_CERTPATH} @@ -27,7 +27,7 @@ NEWCERT(){ if [ -d ${NM_CERTPATH}/live/${MAIN_CERT} ]; then touch ${NM_CERTPATH}/live/${MAIN_CERT}/newcert - if [ -f /opt/lb-data/nginx/sites-enabled/${MAIN_CERT}.conf ]; then + if [ -f ${NM_NGINXPATH}/sites-enabled/${MAIN_CERT}.conf ]; then rm -f ${NM_FOLDER}/cert-request.lastrun daterun=`date +%Y-%m-%d-%H-%M-%S` echo -e "${NEW_CERT}\n${daterun}" > ${NM_FOLDER}/cert-request.lastrun @@ -120,15 +120,14 @@ DEL-SSL(){ echo -e "${idsCL[Green]}Completed${idsCL[Default]}" fi echo - # SERVICE nginx reload echo -e "${idsCL[LightRed]}The SSL certificate has been removed fromt be nodes.${idsCL[Default]}" fi } CERTRENEW(){ - echo -en "${idsCL[LightCyan]}Stopping Webserver-Node2...${idsCL[Default]}" - ssh root@webserver-node2.scity.us service nginx stop - echo -e "${idsCL[LightGreen]} Completed${idsCL[Default]}" + # echo -en "${idsCL[LightCyan]}Stopping Webserver-Node2...${idsCL[Default]}" + # ssh root@webserver-node2.scity.us service nginx stop + # echo -e "${idsCL[LightGreen]} Completed${idsCL[Default]}" echo echo -e "${idsCL[LightGreen]}Renewing Certificates...${idsCL[Default]}" echo @@ -137,15 +136,15 @@ CERTRENEW(){ # $CERT_DAEMON renew --force-renewal --preferred-chain "ISRG Root X1" --webroot -w /var/www/html 2>&1 | tee ${NM_FOLDER}/cert-renewal.lastrun # $CERT_DAEMON --dry-run --preferred-chain "ISRG Root X1" renew --webroot -w /var/www/html 2>&1 | tee ${NM_FOLDER}/cert-renewal.lastrun CONCAT_SSL - chown -R root:letsencrypt ${NM_CERTPATH} 2>&1 | tee -a ${NM_FOLDER}/cert-renewal.lastrun + chown -R root:le ${NM_CERTPATH} 2>&1 | tee -a ${NM_FOLDER}/cert-renewal.lastrun chmod -R 6775 ${NM_CERTPATH} 2>&1 | tee -a ${NM_FOLDER}/cert-renewal.lastrun yes | cp -rfH ${NM_FOLDER}/cert-renewal.lastrun ${NM_CERTPATH}/cert-renewal.lastrun daterun=`date +%Y-%m-%d-%H-%M-%S` echo -e "${daterun}" >> ${NM_CERTPATH}/cert-renewal.lastrun DIVIDER true - echo -en "${idsCL[LightCyan]}Starting Webserver-Node2 Back up...${idsCL[Default]}" - ssh root@webserver-node2.scity.us service nginx start - echo -e "${idsCL[LightGreen]} Completed${idsCL[Default]}" + # echo -en "${idsCL[LightCyan]}Starting Webserver-Node2 Back up...${idsCL[Default]}" + # ssh root@webserver-node2.scity.us service nginx start + # echo -e "${idsCL[LightGreen]} Completed${idsCL[Default]}" echo SERVICE nginx restart 2>&1 | tee -a ${NM_FOLDER}/cert-renewal.lastrun echo -e "${idsCL[LightGreen]}The certificates have been renewed.${idsCL[Default]}" @@ -156,17 +155,17 @@ CERTRENEW(){ fi } NIGHTLYRENEW(){ - rm -f ${NM_FOLDER}/cert-renewal.lastrun - ssh root@webserver-node2.scity.us service nginx stop - sleep 5 + # rm -f ${NM_FOLDER}/cert-renewal.lastrun + # ssh root@webserver-node2.scity.us service nginx stop + # sleep 5 $CERT_DAEMON renew --webroot -w /var/www/html &>> ${NM_FOLDER}/cert-renewal.lastrun CONCAT_SSL - chown -R root:letsencrypt ${NM_CERTPATH} &>> ${NM_FOLDER}/cert-renewal.lastrun + chown -R root:le ${NM_CERTPATH} &>> ${NM_FOLDER}/cert-renewal.lastrun chmod -R 6775 ${NM_CERTPATH} &>> ${NM_FOLDER}/cert-renewal.lastrun yes | cp -rfH ${NM_FOLDER}/cert-renewal.lastrun ${NM_CERTPATH}/cert-renewal.lastrun daterun=`date +%Y-%m-%d-%H-%M-%S` echo -e "${daterun}" >> ${NM_CERTPATH}/cert-renewal.lastrun - ssh root@webserver-node2.scity.us service nginx start + # ssh root@webserver-node2.scity.us service nginx start SERVICE nginx reload web &>> ${NM_FOLDER}/cert-renewal.lastrun } diff --git a/inc/sites.inc b/inc/sites.inc index 911a4d46..0e9eb8cc 100755 --- a/inc/sites.inc +++ b/inc/sites.inc @@ -43,22 +43,19 @@ DELSITE(){ echo -e "${idsCL[LightRed]}[[Removing Files and Folders]]${idsCL[Default]}" echo -e "${idsCL[LightRed]}-------------------------------------------${idsCL[Default]}" echo - echo -en "${idsCL[LightCyan]}Removing files from all Nodes ... ${idsCL[Default]}" - ssh root@10.10.1.120 rm -f /etc/nginx/sites-enabled/${DEL_SITE}* >/dev/null 2>&1 - ssh root@10.10.10.80 rm -f /etc/nginx/sites-enabled/${DEL_SITE}* >/dev/null 2>&1 - if [ "${DEL_SSL}" == "yes" ]; then - ssh root@10.10.10.80 rm -rf ${NM_CERTPATH}/archive/${DEL_SITE} >/dev/null 2>&1 - ssh root@10.10.10.80 rm -rf ${NM_CERTPATH}/live/${DEL_SITE} >/dev/null 2>&1 - ssh root@10.10.10.80 rm -f ${NM_CERTPATH}/renewal/${DEL_SITE}.conf >/dev/null 2>&1 - fi + echo -en "${idsCL[LightCyan]}Removing NGINX files ... ${idsCL[Default]}" + rm -f ${NM_NGINXPATH}/sites-enabled/${DEL_SITE}* >/dev/null 2>&1 echo -e "${idsCL[Green]}Done${idsCL[Default]}" echo + if [ "${DEL_SSL}" == "yes" ]; then + DEL-SSL ${DEL_SITE} + echo + fi ssh root@${NM_SINGLESRVR_IP['WEB']} sed -i "/${DEL_SITE}/d" ${NM_DOCKER_COMPOSE_LOC['authelia']}/config/configuration.yml echo -en "${idsCL[LightCyan]}Reloading NGINX ... ${idsCL[Default]}" - ssh root@10.10.10.80 nodemgmt service nginx reload >/dev/null 2>&1 - ssh root@10.10.1.120 nodemgmt service nginx reload >/dev/null 2>&1 + SERVICE nginx reload >/dev/null 2>&1 echo -e "${idsCL[Green]}Done${idsCL[Default]}" # nid=1 @@ -74,9 +71,9 @@ DELSITE(){ # checkhost=$(CHECK_HOST ${nip}) # fi # if [ "${checkhost}" != "false" ]; then - # #if [ -f /etc/nginx/sites-available/${DEL_SITE} ]; then - # ${NCMD} rm -f /etc/nginx/sites-available/${DEL_SITE}* - # ${NCMD} rm -f /etc/nginx/sites-enabled/${DEL_SITE}* + # #if [ -f ${NM_NGINXPATH}/sites-available/${DEL_SITE} ]; then + # ${NCMD} rm -f ${NM_NGINXPATH}/sites-available/${DEL_SITE}* + # ${NCMD} rm -f ${NM_NGINXPATH}/sites-enabled/${DEL_SITE}* # #fi # #if [ -d /var/www/${DEL_SITE} ]; then # ${NCMD} rm -rf /var/www/${DEL_SITE} @@ -113,10 +110,10 @@ DELSITES(){ echo -e "${idsCL[Red]}Select a site to delete...${idsCL[Default]}" DIVIDER true sid=1 - filels="( $(ssh root@${WEB_HOSTS[0]} ls '/etc/nginx/sites-available/*') )" + filels="( $(ssh root@${WEB_HOSTS[0]} ls '${NM_NGINXPATH}/sites-available/*') )" # IFS='\n' for siteconf in $filels; do - # for siteconf in /etc/nginx/sites-available/* ; do + # for siteconf in ${NM_NGINXPATH}/sites-available/* ; do # [ -e "$siteconf" ] || continue if [ ${siteconf:0:1} == '/' ]; then IFS='/'; site_conf=(${siteconf}); unset IFS @@ -324,7 +321,7 @@ NEWSITE(){ NGINX_SERVERNAME=${NEW_SITE} fi - nginxconfig=/etc/nginx/sites-enabled/${MAIN_SITE}.conf + nginxconfig=${NM_NGINXPATH}/sites-enabled/${MAIN_SITE}.conf if [ "${SITE_TYPE}" = "proxy" ]; then if [ ! -z ${PROXYSCHEME+x} ] && [ ! -z ${PROXYHOST+x} ] && [ ! -z ${PROXYPORT+x} ]; then GO=true; fi @@ -438,10 +435,10 @@ NEWSITE(){ rm -f ${NM_FOLDER}/new-site.lastrun daterun=`date +%Y-%m-%d-%H-%M-%S` echo -e "${NEW_SITE}\n${daterun}" > ${NM_FOLDER}/new-site.lastrun - # yes | cp -rfH ${NM_FOLDER}/new-site.lastrun /etc/nginx/new-site.lastrun + # yes | cp -rfH ${NM_FOLDER}/new-site.lastrun ${NM_NGINXPATH}/new-site.lastrun # yes | cp -rfH ${NM_FOLDER}/new-site.lastrun /var/www/new-site.lastrun # daterun=`date +%Y-%m-%d-%H-%M-%S` - # echo -e "${daterun}" >> /etc/nginx/new-site.lastrun + # echo -e "${daterun}" >> ${NM_NGINXPATH}/new-site.lastrun DIVIDER true echo echo -e "${idsCL[LightGreen]}The new site for '${idsCL[LightGreen]}${NEW_SITE}${idsCL[Default]}' has been created.${idsCL[Default]}" diff --git a/nodemgmt-scripts.sh b/nodemgmt-scripts.sh index 767160b6..6ee28d7e 100755 --- a/nodemgmt-scripts.sh +++ b/nodemgmt-scripts.sh @@ -138,7 +138,7 @@ SET-PERMISSIONS(){ fi echo -e "${idsCL[Yellow]}Setting folder permissions for MySQL-Node${nid} (${nip})${idsCL[Default]}" echo -en "${idsCL[Cyan]}LetsEncrypt Certs ${idsCL[Default]}" - ${NCMD} chown -R root:letsencrypt ${NM_CERTPATH} + ${NCMD} chown -R root:le ${NM_CERTPATH} ${NCMD} chmod -R 6775 ${NM_CERTPATH} echo -e "${idsCL[Green]}Complete${idsCL[Default]}" echo @@ -178,7 +178,7 @@ SET-PERMISSIONS(){ ${NCMD} chmod -R 750 /home/git echo -e "${idsCL[Green]}Complete${idsCL[Def ault]}" echo -en "${idsCL[Cyan]}LetsEncrypt Certs ${idsCL[Default]}" - ${NCMD} chown -R root:letsencrypt ${NM_CERTPATH} + ${NCMD} chown -R root:le ${NM_CERTPATH} ${NCMD} chmod -R 6775 ${NM_CERTPATH} echo -e "${idsCL[Green]}Complete${idsCL[Default]}" echo -en "${idsCL[Cyan]}PowerDNS-Admin ${idsCL[Default]}" @@ -405,8 +405,8 @@ NODEUPDATE() { VCENTER-SSL(){ VCHOSTNAME='vcenter.scity.us' - #BASECERTDIR="${NM_CERTPATH}/live" - BASECERTDIR="/opt/nginx-proxy/ssl" + BASECERTDIR="${NM_CERTPATH}/live" + # BASECERTDIR="/opt/nginx-proxy/ssl" CERTDIR="${BASECERTDIR}/${VCHOSTNAME}" SERVER="https://${VCHOSTNAME}" CRED="administrator@scity.vs:$(pass iDSVC)"