diff --git a/defaults.inc b/defaults.inc index 510cd081..8f4b555a 100755 --- a/defaults.inc +++ b/defaults.inc @@ -1,5 +1,5 @@ #!/usr/bin/env bash -VERS='4.13.1-11112023' +VERS='4.13.2-11112023' noheader=' service status-check nightlyrephp7.3-fpm,new backup report check checkcerts gitea update-nodes copynpmcerts singleservercheck update-dyndns backup-offsitepfsense gui nightlyreview update ' CERT_DAEMON='/snap/bin/certbot' @@ -168,8 +168,12 @@ NM_BACKUP_ITEMS['keepalived']=/etc/keepalived NM_BACKUP_ITEMS['fail2ban']=/etc/fail2ban # NM_BACKUP_ITEMS[nginx]=/ - - +for NTYPE in "${NM_NODE_TYPES[@]}"; do + if [[ "${NM_DOCKERS_CHECK[${NTYPE}]}" == *"authelia"* ]]; then + NM_AUTHELIA_IP=${NM_SINGLESRVR_IP[${NTYPE}]} + break + fi +done GET-CHECKCERT-DOMAINS(){ declare -A CHECKCERT_DOMAINS @@ -212,15 +216,6 @@ CERT-CHECK(){ fi } -GET_AUTHELIA_IP(){ - for NTYPE in "${NM_NODE_TYPES[@]}"; do - if [[ "${NM_DOCKERS_CHECK[${NTYPE}]}" == *"authelia"* ]]; then - echo ${NM_SINGLESRVR_IP[${NTYPE}]} - break - fi - done -} - SENDNOTICE(){ [ "${PUSHOVER_USER_TOKEN}" != "" ] && PUSH_TO_MOBILE "${2} diff --git a/inc/sites.inc b/inc/sites.inc index 5971bb77..66ca5d61 100755 --- a/inc/sites.inc +++ b/inc/sites.inc @@ -49,7 +49,6 @@ DELSITE(){ echo if [ "${DEL_SSL}" == "yes" ]; then DEL-SSL ${DEL_SITE} - NM_AUTHELIA_IP="$(GET_AUTHELIA_IP)" echo fi @@ -540,10 +539,19 @@ NEWPROXYSITE_CREATE(){ sed -i "s/include conf.d\/include\/ssl-ciphers.conf/#include conf.d\/include\/ssl-ciphers.conf/g" ${nginxconfig} sed -i "s/include conf.d\/include\/force-ssl.conf/#include conf.d\/include\/force-ssl.conf/g" ${nginxconfig} fi - if [ "${SECURE^^}" == "YES" ] || [[ "${SECURE}" = *"FA"* ]]; then + if [[ "${SECURE}" = *"FA"* ]]; then sed -i "s/#include conf.d\/include\/secure-access.conf/include conf.d\/include\/secure-access.conf/g" ${nginxconfig} + ssh root@${NM_AUTHELIA_IP} sed -i "/${SITENAME}/d" ${NM_DOCKER_COMPOSE_LOC['authelia']}/config/configuration.yml + if [ "${SECURE}" == "2FA" ]; then + ssh root@${NM_AUTHELIA_IP} "sed -ie \"/domain: # Proxies needing 2 factor below/a ~~~ - \\\"${MAIN_SITE}\\\"\" ${NM_DOCKER_COMPOSE_LOC['authelia']}/config/configuration.yml" + else + ssh root@${NM_AUTHELIA_IP} "sed -ie \"/domain: # Proxies only requiring username and password/a ~~~ - \\\"${MAIN_SITE}\\\"\" ${NM_DOCKER_COMPOSE_LOC['authelia']}/config/configuration.yml" + fi + ssh root@${NM_AUTHELIA_IP} "sed -i \"s/~~~/ /g\" ${NM_DOCKER_COMPOSE_LOC['authelia']}/config/configuration.yml" + ssh root@${NM_AUTHELIA_IP} "/usr/bin/docker restart authelia >/dev/null 2>&1" else sed -i "s/include conf.d\/include\/secure-access.conf/#include conf.d\/include\/secure-access.conf/g" ${nginxconfig} + [ "${NM_AUTHELIA_IP}" != "" ] && ssh root@${NM_AUTHELIA_IP} sed -i "/${SITENAME}/d" ${NM_DOCKER_COMPOSE_LOC['authelia']}/config/configuration.yml fi if [ "${WEBSOCKET^^}" == "YES" ]; then sed -i "s/#include conf.d\/include\/websocket-support.conf/include conf.d\/include\/websocket-support.conf/g" ${nginxconfig} @@ -619,6 +627,26 @@ SITEINFO(){ [ "$(grep '\#include conf.d/include/block-exploits.conf' ${sitefile})" != "" ] && explt='' || explt='Yes' [ "$(grep '\#include conf.d/include/secure-access.conf' ${sitefile})" != "" ] && lock='' || lock='Yes' + if [ "$(grep '\#include conf.d/include/secure-access.conf' ${sitefile})" == "" ]; then + if [ "${onefacline}" == "" ]; then + onefacline=$(ssh root@${NM_AUTHELIA_IP} grep -Fn one_factor /mnt/web-data/authelia/config/configuration.yml | sort | tail -n1) + onefacline=${onefacline%%:*} + twofacline=$(ssh root@${NM_AUTHELIA_IP} grep -Fn two_factor /mnt/web-data/authelia/config/configuration.yml | sort | tail -n1) + twofacline=${twofacline%%:*} + fi + sitefacline=$(ssh root@${NM_AUTHELIA_IP} grep -Fn ${site} /mnt/web-data/authelia/config/configuration.yml | sort | tail -n1) + sitefacline=${onefacline%%:*} + if "${sitefacline}" == "" ]; then + lock='error' + elif [ ${sitefacline} -lt ${onefacline} ]; then + lock='1FA' + elif [ ${sitefacline} -lt ${twofacline} ]; then + lock='2FA' + fi + else + lock='-' + fi + [ ${i} -lt 10 ] && ii=" ${i}" || ii=${i} [ "${1}" == "edit" ] && msg1="${ii}) ${site}" || msg1="${site}" @@ -686,7 +714,20 @@ SITEINFO(){ [ "$(grep '\#include conf.d/include/hsts-support.conf' ${sitefile})" != "" ] && hsts='-' || hsts='Yes' [ "$(grep '\#include conf.d/include/websocket-support.conf' ${sitefile})" != "" ] && wbskt='-' || wbskt='Yes' [ "$(grep '\#include conf.d/include/block-exploits.conf' ${sitefile})" != "" ] && explt='-' || explt='Yes' - [ "$(grep '\#include conf.d/include/secure-access.conf' ${sitefile})" != "" ] && lock='-' || lock='Yes' + # [ "$(grep '\#include conf.d/include/secure-access.conf' ${sitefile})" != "" ] && lock='-' || lock='Yes' + if [ "$(grep '\#include conf.d/include/secure-access.conf' ${sitefile})" == "" ]; then + sitefacline=$(ssh root@${NM_AUTHELIA_IP} grep -Fn ${site} /mnt/web-data/authelia/config/configuration.yml | sort | tail -n1) + sitefacline=${onefacline%%:*} + if "${sitefacline}" == "" ]; then + lock='error' + elif [ ${sitefacline} -lt ${onefacline} ]; then + lock='1FA' + elif [ ${sitefacline} -lt ${twofacline} ]; then + lock='2FA' + fi + else + lock='-' + fi f=0 until [ "${edit}" = "c" ]; do echo -e "\033[K${idsCL[White]}0) Site Address(es): ${idsCL[Cyan]}${idsST[Bold]}${servernames}${idsST[Reset]}" @@ -732,7 +773,10 @@ SITEINFO(){ 3) [ "${hsts}" == "-" ] && hsts='Yes' || hsts='-';; 4) [ "${wbskt}" == "-" ] && wbskt='Yes' || wbskt='-';; 5) [ "${explt}" == "-" ] && explt='Yes' || explt='-';; - 6) [ "${lock}" == "-" ] && lock='Yes' || lock='-';; + 6) [ "${lock}" == "-" ] && lock='1FA' + [ "${lock}" == "1FA" ] && lock='2FA' + [ "${lock}" == "2FA" ] && lock='-' + ;; 7) echo -e "\033[K\n\033[K" echo -en "\033[KEnter new Proxy Address: " read -i "${server}" -e server @@ -740,14 +784,7 @@ SITEINFO(){ # echo -e "\033[5A"; echo -e "\033[K"; echo -e "\033[K"; echo -e "\033[K"; echo -e "\033[K"; echo -e "\033[K"; echo -e "\033[5A" ;; 8) [ "${scheme}" == "http" ] && scheme='https' || scheme='http';; - # 8) - # echo -e "\033[K\n\033[K" - # echo -en "\033[KEnter new Proxy Scheme (http/https): " - # read scheme - # echo -e "\033[5A"; echo -e "\033[K"; echo -e "\033[K"; echo -e "\033[K"; echo -e "\033[K"; echo -e "\033[K"; echo -e "\033[5A" - # ;; - 9) - echo -e "\033[K\n\033[K" + 9) echo -e "\033[K\n\033[K" echo -en "\033[KEnter new Proxy Port: " read -i "${port}" -e port echo -e "\033[5A"; for (( c=1; c<=5; c++ )); do echo -e "\033[K"; done; echo -e "\033[5A" diff --git a/inc/status.inc b/inc/status.inc index 160dff36..c00e7624 100755 --- a/inc/status.inc +++ b/inc/status.inc @@ -187,7 +187,6 @@ STATUS(){ srvcstotest="$(join_by " " ${!srvcs})" [ "${NTYPE}" != "OFW" ] && srvctst=(`${NCMD} "systemctl is-active ${srvcstotest}"`) sr=0 - [ "${NM_AUTHELIA_IP}" == "" ] && NM_AUTHELIA_IP="$(GET_AUTHELIA_IP)" for srvc in "${!srvcs}"; do [ "${srvc}" == "gitea" ] && [ "${NTYPE}" == "WEB" ] && [[ $($NCMD /sbin/ip -o -4 addr list eth0 | awk '{print $4}' | cut -d/ -f1) != *${NM_AUTHELIA_IP}* ]] && NOGOCHK=false || NOGOCHK=true [ "${srvc}" == "headscale" ] && [ "${NTYPE}" == "HS" ] && [[ $($NCMD /sbin/ip -o -4 addr list eth0 | awk '{print $4}' | cut -d/ -f1) != *${NM_SINGLESRVR_IP['HS']}* ]] && NOGOCHK=false @@ -351,7 +350,6 @@ STATUS(){ echo -e "${idsCL[Yellow]} Docker Service(s) Status${idsCL[Default]}" echo -e "${idsCL[Yellow]}----------------------------------------------------${idsCL[Default]}" fi - [ "${NM_AUTHELIA_IP}" != "" ] && NM_AUTHELIA_IP="$(GET_AUTHELIA_IP)" for docker in "${!dockers}"; do if [ "${NTYPE}" == "WEB" ]; then ([ "${docker}" == "vaultwarden" ] || [ "${docker}" == "heimdall" ] || [ "${docker}" == "authelia" ]) && [[ $($NCMD /sbin/ip -o -4 addr list eth0 | awk '{print $4}' | cut -d/ -f1) != *${NM_AUTHELIA_IP}* ]] && NOGOCHK=false || NOGOCHK=true