voltron/NodeMgmt
1
1
Fork 0
Code Issues Pull Requests Releases 1 Activity

Update sites.inc

Browse Source
This commit is contained in:
David Schroeder
2023-11-14 08:57:25 -06:00
parent a1a5a43a29
commit 86dc78c45d
1 changed files with 138 additions and 124 deletions
Download Patch File Download Diff File Expand all files Collapse all files

262
inc/sites.inc
View File

@@ -197,9 +197,7 @@ NEWSITE(){
esac
shift
done
#if [ -z ${SITE_TYPE+x} ]; then SITE_TYPE=local; fi
#if [ -z ${CREATE_SSL+x} ]; then CREATE_SSL=true; fi
if [ -z ${NEW_SITE+x} ]; then
until [ "${NEW_SITE}" != "" ]; do
echo -en "${idsCL[LightCyan]}New site domain name (comma seperated for multiple): ${idsCL[Default]}"
@@ -208,7 +206,6 @@ NEWSITE(){
done
showdivide=yes
fi
if [[ ${NEW_SITE} == *","* ]]; then
IFS=','; NEW_SITES=(${NEW_SITE}); unset IFS
MAIN_SITE=${NEW_SITES[0]}
@@ -233,19 +230,17 @@ NEWSITE(){
exit 0
fi
fi
if [ -z ${CREATE_SSL+x} ]; then
echo -en "${idsCL[LightCyan]}Create SSL for site? [Y/n] ${idsCL[Default]}"
read CREATE_SSL
showdivide=yes
if [[ $CREATE_SSL =~ ^[Yy]$ ]] || [ "${CREATE_SSL}" = "" ]; then
CREATE_SSL=yes
else
CREATE_SSL=no
fi
echo
fi
# if [ -z ${CREATE_SSL+x} ]; then
# echo -en "${idsCL[LightCyan]}Create SSL for site? [Y/n] ${idsCL[Default]}"
# read CREATE_SSL
# showdivide=yes
# if [[ $CREATE_SSL =~ ^[Yy]$ ]] || [ "${CREATE_SSL}" = "" ]; then
# CREATE_SSL=yes
# else
# CREATE_SSL=no
# fi
# echo
# fi
if [ -z ${SITE_TYPE+x} ]; then
echo -en "${idsCL[LightCyan]}Site type (local/{proxy}): ${idsCL[Default]}"
read SITE_TYPE
@@ -280,75 +275,81 @@ NEWSITE(){
done
showdivide=yes
fi
if [ -z ${WEBSOCKET+x} ]; then
echo -en "${idsCL[LightCyan]}Enable Websocket Support (y/N): ${idsCL[Default]}"
read WEBSOCKET
showdivide=yes
if [[ ${WEBSOCKET} =~ ^[Nn]$ ]] || [ "${WEBSOCKET}" = "" ]; then
WEBSOCKET=no
elif [[ ${WEBSOCKET} =~ ^[Yy]$ ]]; then
WEBSOCKET=yes
else
WEBSOCKET=no
fi
echo
fi
if [ -z ${HSTS+x} ]; then
echo -en "${idsCL[LightCyan]}Enable HSTS Support (Y/n): ${idsCL[Default]}"
read HSTS
showdivide=yes
([[ ${HSTS} =~ ^[Yy]$ ]] || [ "${HSTS}" = "" ]) && HSTS=yes || HSTS=no
echo
fi
if [ -z ${EXPLOITS+x} ]; then
echo -en "${idsCL[LightCyan]}Block exploits (y/N): ${idsCL[Default]}"
read EXPLOITS
showdivide=yes
if [[ ${EXPLOITS} =~ ^[Nn]$ ]] || [ "${EXPLOITS}" = "" ]; then
EXPLOITS=no
elif [[ ${EXPLOITS} =~ ^[Yy]$ ]]; then
EXPLOITS=yes
else
EXPLOITS=no
fi
echo
fi
if [ -z ${SECURE+x} ]; then
echo -en "${idsCL[LightCyan]}Secure site with Authelia SSO (y/N): ${idsCL[Default]}"
read SECURE
showdivide=yes
if [[ ${SECURE} =~ ^[Nn]$ ]] || [ "${SECURE}" = "" ]; then
SECURE=no
elif [[ ${SECURE} =~ ^[Yy]$ ]]; then
echo -en "${idsCL[LightCyan]}Would you like to add a side of MFA with that SSO (Y/n): ${idsCL[Default]}"
read MFA
showdivide=yes
([[ ${MFA} =~ ^[Yy]$ ]] || [ "${MFA}" = "" ]) && SECURE="2FA" || SECURE="1FA"
else
SECURE=no
fi
echo
fi
# if [ -z ${WEBSOCKET+x} ]; then
# echo -en "${idsCL[LightCyan]}Enable Websocket Support (y/N): ${idsCL[Default]}"
# read WEBSOCKET
# showdivide=yes
# if [[ ${WEBSOCKET} =~ ^[Nn]$ ]] || [ "${WEBSOCKET}" = "" ]; then
# WEBSOCKET=no
# elif [[ ${WEBSOCKET} =~ ^[Yy]$ ]]; then
# WEBSOCKET=yes
# else
# WEBSOCKET=no
# fi
# echo
# fi
# if [ -z ${HSTS+x} ]; then
# echo -en "${idsCL[LightCyan]}Enable HSTS Support (Y/n): ${idsCL[Default]}"
# read HSTS
# showdivide=yes
# ([[ ${HSTS} =~ ^[Yy]$ ]] || [ "${HSTS}" = "" ]) && HSTS=yes || HSTS=no
# echo
# fi
# if [ -z ${EXPLOITS+x} ]; then
# echo -en "${idsCL[LightCyan]}Block exploits (y/N): ${idsCL[Default]}"
# read EXPLOITS
# showdivide=yes
# if [[ ${EXPLOITS} =~ ^[Nn]$ ]] || [ "${EXPLOITS}" = "" ]; then
# EXPLOITS=no
# elif [[ ${EXPLOITS} =~ ^[Yy]$ ]]; then
# EXPLOITS=yes
# else
# EXPLOITS=no
# fi
# echo
# fi
# if [ -z ${SECURE+x} ]; then
# echo -en "${idsCL[LightCyan]}Secure site with Authelia SSO (y/N): ${idsCL[Default]}"
# read SECURE
# showdivide=yes
# if [[ ${SECURE} =~ ^[Nn]$ ]] || [ "${SECURE}" = "" ]; then
# SECURE=no
# elif [[ ${SECURE} =~ ^[Yy]$ ]]; then
# echo -en "${idsCL[LightCyan]}Would you like to add a side of MFA with that SSO (Y/n): ${idsCL[Default]}"
# read MFA
# showdivide=yes
# ([[ ${MFA} =~ ^[Yy]$ ]] || [ "${MFA}" = "" ]) && SECURE="2FA" || SECURE="1FA"
# else
# SECURE=no
# fi
# echo
# fi
fi
[ "${showdivide}" == "yes" ] && DIVIDER
echo
width=18
printf "%-${width}s: %s\n" "New site" "${NEW_SITE}"
printf "%-${width}s: %s\n" "Create SSL" "${CREATE_SSL}"
printf "%-${width}s: %s\n" "Site type" "${SITE_TYPE}"
if [ "${SITE_TYPE}" = "proxy" ]; then
printf "%-${width}s: %s\n" "Proxy host" "${PROXYHOST}"
printf "%-${width}s: %s\n" "Proxy port" "${PROXYPORT}"
printf "%-${width}s: %s\n" "Proxy scheme" "${PROXYSCHEME}"
printf "%-${width}s: %s\n" "Websocket Support" "${WEBSOCKET}"
printf "%-${width}s: %s\n" "HSTS Support" "${HSTS}"
printf "%-${width}s: %s\n" "Block Exploits" "${EXPLOITS}"
printf "%-${width}s: %s\n" "Secure Access" "${SECURE}"
fi
echo
echo -en "${idsCL[LightGreen]}Is this information correct? [Y/n]${idsCL[Default]} "
read -n 1 response
echo
NEWSITE=1
EDITSITE
# width=18
# printf "%-${width}s: %s\n" "New site" "${NEW_SITE}"
# printf "%-${width}s: %s\n" "Create SSL" "${CREATE_SSL}"
# printf "%-${width}s: %s\n" "Site type" "${SITE_TYPE}"
# if [ "${SITE_TYPE}" = "proxy" ]; then
# printf "%-${width}s: %s\n" "Proxy host" "${PROXYHOST}"
# printf "%-${width}s: %s\n" "Proxy port" "${PROXYPORT}"
# printf "%-${width}s: %s\n" "Proxy scheme" "${PROXYSCHEME}"
# printf "%-${width}s: %s\n" "Websocket Support" "${WEBSOCKET}"
# printf "%-${width}s: %s\n" "HSTS Support" "${HSTS}"
# printf "%-${width}s: %s\n" "Block Exploits" "${EXPLOITS}"
# printf "%-${width}s: %s\n" "Secure Access" "${SECURE}"
# fi
# echo
# echo -en "${idsCL[LightGreen]}Is this information correct? [Y/n]${idsCL[Default]} "
# read -n 1 response
# echo
if [[ $response =~ ^[Yy]$ ]] || [ "${response}" = "" ]; then
if [ "${SITE_TYPE}" = "proxy" ]; then
@@ -761,7 +762,6 @@ SITEINFO(){
EDITSITE
else #no site
echo -e "\033[3A"; for (( c=1; c<=3; c++ )); do echo -e "\r\033[K"; done; echo -e "\033[4A"
fi
@@ -784,53 +784,67 @@ SITEINFO(){
EDITSITE(){
site=${SITELIST[${siteid}]}
sitefile=${gosite}/${site}.conf
siteconfig=$(cat ${sitefile})
if [ "$(echo "${siteconfig}" | grep \#ssl_certificate)" != "" ]; then
ssl='-'
SUBJECTNAMES=""
else
ssl='Yes'
if [ -f ${sitefile} ]; then
siteconfig=$(cat ${sitefile})
if [ "$(echo "${siteconfig}" | grep \#ssl_certificate)" != "" ]; then
ssl='-'
SUBJECTNAMES=""
else
ssl='Yes'
certpath=$(echo "${siteconfig}" | grep ssl_certificate_key)
certpath=${certpath%/*}
certpath=${certpath#* }
SUBJECTNAMES=$(openssl x509 -in ${certpath}/cert.pem -noout -text|grep -oP '(?<=DNS:|IP Address:)[^,]+'|sort -uV)
CERTEXPIRE=$(date -d "$(: | openssl x509 -in ${certpath}/cert.pem -text | grep 'Not After' |awk '{print $4,$5,$7}')" '+%s');
SUBJECTNAMES=${SUBJECTNAMES//$'\n'/, }
fi
certpath=$(echo "${siteconfig}" | grep ssl_certificate_key)
certpath=${certpath%/*}
certpath=${certpath#* }
SUBJECTNAMES=$(openssl x509 -in ${certpath}/cert.pem -noout -text|grep -oP '(?<=DNS:|IP Address:)[^,]+'|sort -uV)
CERTEXPIRE=$(date -d "$(: | openssl x509 -in ${certpath}/cert.pem -text | grep 'Not After' |awk '{print $4,$5,$7}')" '+%s');
SUBJECTNAMES=${SUBJECTNAMES//$'\n'/, }
fi
if [ "$(echo "${siteconfig}" | grep include/proxy.conf)" != "" ]; then
type='Proxy'
server=$(echo "${siteconfig}" | grep 'set $server')
server=${server#*\"}; server=${server%\"*}
servernames=$(echo "${siteconfig}" | grep 'server_name')
servernames=${servernames//;/}
servernames=${servernames#* }
servernames=${servernames// /,}
scheme=$(echo "${siteconfig}" | grep 'set $forward_scheme')
scheme=${scheme##* }; scheme=${scheme%;*}
port=$(echo "${siteconfig}" | grep 'set $port')
port=${port##* }; port=${port%;*}
if [ "$(echo "${siteconfig}" | grep include/proxy.conf)" != "" ]; then
type='Proxy'
server=$(echo "${siteconfig}" | grep 'set $server')
server=${server#*\"}; server=${server%\"*}
servernames=$(echo "${siteconfig}" | grep 'server_name')
servernames=${servernames//;/}
servernames=${servernames#* }
servernames=${servernames// /,}
scheme=$(echo "${siteconfig}" | grep 'set $forward_scheme')
scheme=${scheme##* }; scheme=${scheme%;*}
port=$(echo "${siteconfig}" | grep 'set $port')
port=${port##* }; port=${port%;*}
else
type='HTTP'
fi
[ "$(echo "${siteconfig}" | grep '\#include conf.d/include/hsts-support.conf')" != "" ] && hsts='-' || hsts='Yes'
[ "$(echo "${siteconfig}" | grep '\#include conf.d/include/websocket-support.conf')" != "" ] && wbskt='-' || wbskt='Yes'
[ "$(echo "${siteconfig}" | grep '\#include conf.d/include/block-exploits.conf')" != "" ] && explt='-' || explt='Yes'
if [ "$(echo "${siteconfig}" | grep '\#include conf.d/include/secure-access.conf')" == "" ]; then
sitefacline=$(echo "${autheliaconfig}" | grep -Fn ${site} | sort | tail -n1)
sitefacline=${sitefacline%%:*}
if [ "${sitefacline}" == "" ]; then
lock='error'
elif [ ${sitefacline} -lt ${onefacline} ]; then
lock='1FA'
elif [ ${sitefacline} -lt ${twofacline} ]; then
lock='2FA'
else
type='HTTP'
fi
[ "$(echo "${siteconfig}" | grep '\#include conf.d/include/hsts-support.conf')" != "" ] && hsts='-' || hsts='Yes'
[ "$(echo "${siteconfig}" | grep '\#include conf.d/include/websocket-support.conf')" != "" ] && wbskt='-' || wbskt='Yes'
[ "$(echo "${siteconfig}" | grep '\#include conf.d/include/block-exploits.conf')" != "" ] && explt='-' || explt='Yes'
if [ "$(echo "${siteconfig}" | grep '\#include conf.d/include/secure-access.conf')" == "" ]; then
sitefacline=$(echo "${autheliaconfig}" | grep -Fn ${site} | sort | tail -n1)
sitefacline=${sitefacline%%:*}
if [ "${sitefacline}" == "" ]; then
lock='error'
elif [ ${sitefacline} -lt ${onefacline} ]; then
lock='1FA'
elif [ ${sitefacline} -lt ${twofacline} ]; then
lock='2FA'
fi
else
lock='-'
fi
else
type=${SITE_TYPE}
servernames=${NEW_SITE}
server=${PROXYHOST}
scheme=${PROXYSCHEME}
port=${PROXYPORT}
ssl='Yes'
hsts='Yes'
wbskt='-'
explt='-'
lock='-'
fi
editc=0
until [ "${editc^}" = "C" ]; do
echo -e "\033[K${idsCL[White]}0) Site Address(es): ${idsCL[Cyan]}${idsST[Bold]}${servernames//,/, }${idsST[Reset]}"