voltron/NodeMgmt
1
1
Fork 0
Code Issues Pull Requests Releases 1 Activity

Update sites.inc

Browse Source
This commit is contained in:
David Schroeder
2023-11-14 17:51:54 -06:00
parent 08a17456ca
commit b44f0834f8
1 changed files with 98 additions and 95 deletions
Download Patch File Download Diff File Expand all files Collapse all files

193
inc/sites.inc
View File

@@ -157,15 +157,15 @@ NEWSITE(){
echo -e "Usage: ${idsCL[LightYellow]}[nodemgmt or nmg] newsite ${idsCL[Yellow]}{flags}${idsCL[Default]} {"
width=35
printf "%-${width}s- %s\n" " -site {FQDN address(,es)}" "(new site and aliases, comma separated)"
printf "%-${width}s- %s\n" " -ssl {yes or no}" "(defaults to yes)"
printf "%-${width}s- %s\n" " -type {'local' or 'proxy'}" "(defaults to local)"
printf "%-${width}s- %s\n" " -ssl {yes or no}" "(create and enable ssl; default=yes)"
printf "%-${width}s- %s\n" " -type {'local' or 'proxy'}" "(defaults to proxy)"
printf "%-${width}s- %s\n" " -proxy_port {host port}" "(proxy backend host)"
printf "%-${width}s- %s\n" " -proxy_host {IP or FQDN}" "(proxy backend port)"
printf "%-${width}s- %s\n" " -proxy_scheme {http or https}" "(proxy backend scheme)"
printf "%-${width}s- %s\n" " -websocket {yes or no}" "(websocket support)"
printf "%-${width}s- %s\n" " -hsts {yes or no}" "(hsts support)"
printf "%-${width}s- %s\n" " -exploits {yes or no}" "(block exploits)"
printf "%-${width}s- %s\n" " -secure {yes or no}" "(secure access [nginx/.htpasswd])"
printf "%-${width}s- %s\n" " -websocket {yes or no}" "(websocket support; default=no)"
printf "%-${width}s- %s\n" " -hsts {yes or no}" "(hsts support; default=yes)"
printf "%-${width}s- %s\n" " -exploits {yes or no}" "(block exploits; default=no)"
printf "%-${width}s- %s\n" " -secure {1FA, 2FA or no}" "(SSO secure access; default=no)"
printf "%-${width}s- %s\n" " -t|-test" "(enables dry-run mode for CertBot)"
echo "}"
exit 0;;
@@ -632,7 +632,7 @@ SITEINFO(){
i=1
for sitefile in ${sites[@]}; do
site=${sitefile##*/}; site=${site/.conf/}
SITENAME=${sitefile##*/}; SITENAME=${SITENAME/.conf/}
siteconfig=$(cat ${sitefile})
if (( i % 12 == 0 )) || [ $i = 1 ]; then
DIVIDER false yellow ${dl}
@@ -652,56 +652,58 @@ SITEINFO(){
if [ "$(echo "${siteconfig}" | grep include/proxy.conf)" != "" ] || [ "$(echo "${siteconfig}" | grep proxy_pass)" != "" ]; then
type='Proxy'
if [ "$(echo "${siteconfig}" | grep include/proxy.conf)" != "" ]; then
server=$(echo "${siteconfig}" | grep 'set $server')
server=${server#*\"}; server=${server%\"*}
scheme=$(echo "${siteconfig}" | grep 'set $forward_scheme')
scheme=${scheme##* }; scheme=${scheme%;*}
port=$(echo "${siteconfig}" | grep 'set $port')
port=${port##* }; port=${port%;*}
proxyhost="${scheme}://${server}:${port}"
PROXYHOST=$(echo "${siteconfig}" | grep 'set $server')
PROXYHOST=${PROXYHOST#*\"}; PROXYHOST=${PROXYHOST%\"*}
PROXYSCHEME=$(echo "${siteconfig}" | grep 'set $forward_scheme')
PROXYSCHEME=${PROXYSCHEME##* }; PROXYSCHEME=${PROXYSCHEME%;*}
PROXYPORT=$(echo "${siteconfig}" | grep 'set $port')
PROXYPORT=${PROXYPORT##* }; PROXYPORT=${PROXYPORT%;*}
PROXYHOST_FULL="${PROXYSCHEME}://${PROXYHOST}:${PROXYPORT}"
else
proxyhost="[ custom proxy_pass ]"
PROXYHOST_FULL="[ custom proxy_pass ]"
fi
else
type='HTTP'
proxyhost=''
PROXYHOST_FULL=''
fi
server=$(echo "${siteconfig}" | grep 'set $port')
[ "$(echo "${siteconfig}" | grep \#ssl_certificate)" != "" ] && ssl='' || ssl='Yes'
[ "$(echo "${siteconfig}" | grep '\#include conf.d/include/hsts-support.conf')" != "" ] && hsts='' || hsts='Yes'
[ "$(echo "${siteconfig}" | grep '\#include conf.d/include/websocket-support.conf')" != "" ] && wbskt='' || wbskt='Yes'
[ "$(echo "${siteconfig}" | grep '\#include conf.d/include/block-exploits.conf')" != "" ] && explt='' || explt='Yes'
[ "$(echo "${siteconfig}" | grep \#ssl_certificate)" != "" ] && SSL='' || SSL='Yes'
[ "$(echo "${siteconfig}" | grep '\#include conf.d/include/hsts-support.conf')" != "" ] && HSTS='' || HSTS='Yes'
[ "$(echo "${siteconfig}" | grep '\#include conf.d/include/websocket-support.conf')" != "" ] && WEBSOCKET='' || WEBSOCKET='Yes'
[ "$(echo "${siteconfig}" | grep '\#include conf.d/include/block-exploits.conf')" != "" ] && EXPLOITS='' || EXPLOITS='Yes'
if [ "$(echo "${siteconfig}" | grep '\#include conf.d/include/secure-access.conf')" == "" ]; then
sitefacline=$(echo "${autheliaconfig}" | grep -Fn ${site})
sitefacline=$(echo "${autheliaconfig}" | grep -Fn ${SITENAME})
sitefacline=${sitefacline%%:*}
if [ "${sitefacline}" == "" ]; then
lock='error'
# ssh root@${NM_AUTHELIA_IP} "sed -ie \"/domain: # Proxies only requiring username and password/a ~~~ - \\\"${site}\\\"\" ${NM_DOCKER_COMPOSE_LOC['authelia']}/config/configuration.yml"
SECURE='error'
# ssh root@${NM_AUTHELIA_IP} "sed -ie \"/domain: # Proxies only requiring username and password/a ~~~ - \\\"${SITENAME}\\\"\" ${NM_DOCKER_COMPOSE_LOC['authelia']}/config/configuration.yml"
# ssh root@${NM_AUTHELIA_IP} "sed -i \"s/~~~/ /g\" ${NM_DOCKER_COMPOSE_LOC['authelia']}/config/configuration.yml"
elif [ ${sitefacline} -lt ${onefacline} ]; then
lock='1FA'
SECURE='1FA'
elif [ ${sitefacline} -lt ${twofacline} ]; then
lock='2FA'
SECURE='2FA'
fi
else
lock=''
SECURE=''
fi
[ ${i} -lt 10 ] && ii=" ${i}" || ii=${i}
[ ${EDIT} -eq 1 ] && msg1="${ii}) ${site}" || msg1="${site}"
[ ${EDIT} -eq 1 ] && msg1="${ii}) ${SITENAME}" || msg1="${SITENAME}"
if [ ${EDIT} -eq 1 ]; then
printf "%-32s %-8s %-6s %-6s %-6s %-6s %-6s %-14s\n" "${msg1}" "${type}" "${ssl}" "${hsts}" "${wbskt}" "${explt}" "${lock}" "${proxyhost}"
printf "%-32s %-8s %-6s %-6s %-6s %-6s %-6s %-14s\n" "${msg1}" "${SITE_TYPE}" "${SSL}" "${HSTS}" "${WEBSOCKET}" "${EXPLOITS}" "${SECURE}" "${PROXYHOST_FULL}"
else
printf "%-28s %-8s %-6s %-6s %-6s %-6s %-6s %-14s\n" "${msg1}" "${type}" "${ssl}" "${hsts}" "${wbskt}" "${explt}" "${lock}" "${proxyhost}"
printf "%-28s %-8s %-6s %-6s %-6s %-6s %-6s %-14s\n" "${msg1}" "${SITE_TYPE}" "${SSL}" "${HSTS}" "${WEBSOCKET}" "${EXPLOITS}" "${SECURE}" "${PROXYHOST_FULL}"
fi
SITELIST[${i}]=${site}
SITELIST[${i}]=${SITENAME}
i=`expr $i + 1`
done
echo
if [ ${EDIT} -eq 1 ]; then
DIVIDER . yellow ${dl}
@@ -761,15 +763,15 @@ SITEINFO(){
EDITSITE(){
site=${SITELIST[${siteid}]}
sitefile=${gosite}/${site}.conf
SITENAME=${SITELIST[${siteid}]}
sitefile=${gosite}/${SITENAME}.conf
if [ -f ${sitefile} ]; then
siteconfig=$(cat ${sitefile})
if [ "$(echo "${siteconfig}" | grep \#ssl_certificate)" != "" ]; then
ssl='-'
SSL='-'
SUBJECTNAMES=""
else
ssl='Yes'
SSL='Yes'
certpath=$(echo "${siteconfig}" | grep ssl_certificate_key)
certpath=${certpath%/*}
@@ -780,65 +782,67 @@ EDITSITE(){
fi
if [ "$(echo "${siteconfig}" | grep include/proxy.conf)" != "" ]; then
type='Proxy'
server=$(echo "${siteconfig}" | grep 'set $server')
server=${server#*\"}; server=${server%\"*}
servernames=$(echo "${siteconfig}" | grep 'server_name')
servernames=${servernames//;/}
servernames=${servernames#* }
servernames=${servernames// /,}
scheme=$(echo "${siteconfig}" | grep 'set $forward_scheme')
scheme=${scheme##* }; scheme=${scheme%;*}
port=$(echo "${siteconfig}" | grep 'set $port')
port=${port##* }; port=${port%;*}
SITE_TYPE='Proxy'
PROXYHOST=$(echo "${siteconfig}" | grep 'set $server')
PROXYHOST=${PROXYHOST#*\"}; PROXYHOST=${PROXYHOST%\"*}
SERVERNAMES=$(echo "${siteconfig}" | grep 'server_name')
SERVERNAMES=${SERVERNAMES//;/}
SERVERNAMES=${SERVERNAMES#* }
SERVERNAMES=${SERVERNAMES// /,}
PROXYSCHEME=$(echo "${siteconfig}" | grep 'set $forward_scheme')
PROXYSCHEME=${PROXYSCHEME##* }; PROXYSCHEME=${PROXYSCHEME%;*}
PROXYPORT=$(echo "${siteconfig}" | grep 'set $port')
PROXYPORT=${PROXYPORT##* }; PROXYPORT=${PROXYPORT%;*}
else
type='HTTP'
SITE_TYPE='HTTP'
fi
[ "$(echo "${siteconfig}" | grep '\#include conf.d/include/hsts-support.conf')" != "" ] && hsts='-' || hsts='Yes'
[ "$(echo "${siteconfig}" | grep '\#include conf.d/include/websocket-support.conf')" != "" ] && wbskt='-' || wbskt='Yes'
[ "$(echo "${siteconfig}" | grep '\#include conf.d/include/block-exploits.conf')" != "" ] && explt='-' || explt='Yes'
[ "$(echo "${siteconfig}" | grep '\#include conf.d/include/hsts-support.conf')" != "" ] && HSTS='-' || HSTS='Yes'
[ "$(echo "${siteconfig}" | grep '\#include conf.d/include/websocket-support.conf')" != "" ] && WEBSOCKET='-' || WEBSOCKET='Yes'
[ "$(echo "${siteconfig}" | grep '\#include conf.d/include/block-exploits.conf')" != "" ] && EXPLOITS='-' || EXPLOITS='Yes'
if [ "$(echo "${siteconfig}" | grep '\#include conf.d/include/secure-access.conf')" == "" ]; then
sitefacline=$(echo "${autheliaconfig}" | grep -Fn ${site} | sort | tail -n1)
sitefacline=$(echo "${autheliaconfig}" | grep -Fn ${SITENAME} | sort | tail -n1)
sitefacline=${sitefacline%%:*}
if [ "${sitefacline}" == "" ]; then
lock='error'
SECURE='error'
elif [ ${sitefacline} -lt ${onefacline} ]; then
lock='1FA'
SECURE='1FA'
elif [ ${sitefacline} -lt ${twofacline} ]; then
lock='2FA'
SECURE='2FA'
fi
else
lock='-'
SECURE='-'
fi
else
site=${MAIN_SITE}
type=${SITE_TYPE^}
servernames=${NEW_SITE}
server=${PROXYHOST}
scheme=${PROXYSCHEME}
port=${PROXYPORT}
ssl='Yes'
hsts='Yes'
wbskt='-'
explt='-'
lock='-'
SITENAME=${MAIN_SITE}
SITE_TYPE=${SITE_TYPE^}
SERVERNAMES=${NEW_SITE}
PROXYHOST=${PROXYHOST}
PROXYSCHEME=${PROXYSCHEME}
PROXYPORT=${PROXYPORT}
SSL='Yes'
HSTS='Yes'
WEBSOCKET='-'
EXPLOITS='-'
SECURE='-'
fi
editc=0
until [ "${editc^}" = "C" ]; do
echo -e "\033[K${idsCL[White]}0) Site Address(es): ${idsCL[Cyan]}${idsST[Bold]}${servernames//,/, }${idsST[Reset]}"
echo -e "\033[K${idsCL[White]}1) Site Type: ${idsCL[Cyan]}${idsST[Bold]}${type}${idsST[Reset]}"
echo -en "\033[K${idsCL[White]}2) SSL Secure: ${idsCL[Cyan]}${idsST[Bold]}${ssl}${idsST[Reset]}"
echo -e "\033[K${idsCL[White]}0) Site Address(es): ${idsCL[Cyan]}${idsST[Bold]}${SERVERNAMES//,/, }${idsST[Reset]}"
echo -e "\033[K${idsCL[White]}1) Site Type: ${idsCL[Cyan]}${idsST[Bold]}${SITE_TYPE}${idsST[Reset]}"
echo -en "\033[K${idsCL[White]}2) SSL Secure: ${idsCL[Cyan]}${idsST[Bold]}${SSL}${idsST[Reset]}"
[ "${SUBJECTNAMES}" != "" ] && echo -e " ${idsCL[Cyan]}[SSL Names: ${idsCL[Yellow]}${SUBJECTNAMES}${idsCL[Cyan]}; expires ${idsCL[Yellow]}$(date -d @${CERTEXPIRE} '+%m-%d-%Y')${idsCL[Cyan]}]" || echo
echo -e "\033[K${idsCL[White]}3) HSTS Enabled: ${idsCL[Cyan]}${idsST[Bold]}${hsts}${idsST[Reset]}"
echo -e "\033[K${idsCL[White]}4) Web Sockets: ${idsCL[Cyan]}${idsST[Bold]}${wbskt}${idsST[Reset]}"
echo -e "\033[K${idsCL[White]}5) Exploits Block: ${idsCL[Cyan]}${idsST[Bold]}${explt}${idsST[Reset]}"
echo -e "\033[K${idsCL[White]}6) Secured Access: ${idsCL[Cyan]}${idsST[Bold]}${lock}${idsST[Reset]}"
if [ "${type}" == "Proxy" ]; then
echo -e "\033[K${idsCL[White]}7) Proxy Address: ${idsCL[Cyan]}${idsST[Bold]}${server}${idsST[Reset]}"
echo -e "\033[K${idsCL[White]}8) Proxy Scheme: ${idsCL[Cyan]}${idsST[Bold]}${scheme}${idsST[Reset]}"
echo -e "\033[K${idsCL[White]}9) Proxy Port: ${idsCL[Cyan]}${idsST[Bold]}${port}${idsST[Reset]}"
echo -e "\033[K${idsCL[White]}3) HSTS Enabled: ${idsCL[Cyan]}${idsST[Bold]}${HSTS}${idsST[Reset]}"
echo -e "\033[K${idsCL[White]}4) Web Sockets: ${idsCL[Cyan]}${idsST[Bold]}${WEBSOCKET}${idsST[Reset]}"
echo -e "\033[K${idsCL[White]}5) Exploits Block: ${idsCL[Cyan]}${idsST[Bold]}${EXPLOITS}${idsST[Reset]}"
echo -e "\033[K${idsCL[White]}6) Secured Access: ${idsCL[Cyan]}${idsST[Bold]}${SECURE}${idsST[Reset]}"
if [ "${SITE_TYPE}" == "Proxy" ]; then
echo -e "\033[K${idsCL[White]}7) Proxy Address: ${idsCL[Cyan]}${idsST[Bold]}${PROXYHOST}${idsST[Reset]}"
echo -e "\033[K${idsCL[White]}8) Proxy Scheme: ${idsCL[Cyan]}${idsST[Bold]}${PROXYSCHEME}${idsST[Reset]}"
echo -e "\033[K${idsCL[White]}9) Proxy Port: ${idsCL[Cyan]}${idsST[Bold]}${PROXYPORT}${idsST[Reset]}"
else
echo -e "\033[K"
echo -e "\033[K"
@@ -859,32 +863,32 @@ EDITSITE(){
case "${editc}" in
0) echo -e "\033[K\n\033[K"
echo -en "\033[KEnter new Server Names (comma seperated): "
read -i "${servernames}" -e servernames
servernames=${servernames//, /,}
read -i "${SERVERNAMES}" -e SERVERNAMES
SERVERNAMES=${SERVERNAMES//, /,}
echo -e "\033[5A"; for (( c=1; c<=5; c++ )); do echo -e "\033[K"; done; echo -e "\033[5A"
;;
1) [ "${type}" == "HTTP" ] && type='Proxy' || type='HTTP';;
2) [ "${ssl}" == "-" ] && ssl='Yes' || ssl='-';;
3) [ "${hsts}" == "-" ] && hsts='Yes' || hsts='-';;
4) [ "${wbskt}" == "-" ] && wbskt='Yes' || wbskt='-';;
5) [ "${explt}" == "-" ] && explt='Yes' || explt='-';;
6) if [ "${lock}" == "-" ]; then
lock='1FA'
elif [ "${lock}" == "1FA" ]; then
lock='2FA'
elif [ "${lock}" == "2FA" ]; then
lock='-'
1) [ "${SITE_TYPE}" == "HTTP" ] && SITE_TYPE='Proxy' || SITE_TYPE='HTTP';;
2) [ "${SSL}" == "-" ] && SSL='Yes' || SSL='-';;
3) [ "${HSTS}" == "-" ] && HSTS='Yes' || HSTS='-';;
4) [ "${WEBSOCKET}" == "-" ] && WEBSOCKET='Yes' || WEBSOCKET='-';;
5) [ "${EXPLOITS}" == "-" ] && EXPLOITS='Yes' || EXPLOITS='-';;
6) if [ "${SECURE}" == "-" ]; then
SECURE='1FA'
elif [ "${SECURE}" == "1FA" ]; then
SECURE='2FA'
elif [ "${SECURE}" == "2FA" ]; then
SECURE='-'
fi
;;
7) echo -e "\033[K\n\033[K"
echo -en "\033[KEnter new Proxy Address: "
read -i "${server}" -e server
read -i "${PROXYHOST}" -e PROXYHOST
echo -e "\033[5A"; for (( c=1; c<=5; c++ )); do echo -e "\033[K"; done; echo -e "\033[5A"
;;
8) [ "${scheme}" == "http" ] && scheme='https' || scheme='http';;
8) [ "${PROXYSCHEME}" == "http" ] && PROXYSCHEME='https' || PROXYSCHEME='http';;
9) echo -e "\033[K\n\033[K"
echo -en "\033[KEnter new Proxy Port: "
read -i "${port}" -e port
read -i "${PROXYPORT}" -e PROXYPORT
echo -e "\033[5A"; for (( c=1; c<=5; c++ )); do echo -e "\033[K"; done; echo -e "\033[5A"
;;
@@ -900,7 +904,7 @@ EDITSITE(){
case "${delconfirm}" in
[Yy])
echo -en "\n\n${idsCL[LightCyan]}Removing site ... "
DELSITE -site ${site} -ssl yes >/dev/null 2>&1
DELSITE -site ${SITENAME} -ssl yes >/dev/null 2>&1
echo -e "${idsCL[LightGreen]}Done\n${idsCL[Default]}"
[ "${SEARCH}" != "0" ] && SITEINFO -edit -search ${SEARCH} || SITEINFO -edit
exit 0
@@ -937,7 +941,7 @@ EDITSITE(){
echo
fi
echo -en "\033[1A\033[K\r${idsCL[LightCyan]}Configuring changes ... ${idsCL[Default]}"
NEWPROXYSITE_CREATE ${site} ${servernames} ${server} ${port} ${scheme} ${wbskt} ${hsts} ${explt} ${lock} ${ssl} ${CERTTEST} >/dev/null 2>&1
NEWPROXYSITE_CREATE ${SITENAME} ${SERVERNAMES} ${PROXYHOST} ${PROXYPORT} ${PROXYSCHEME} ${WEBSOCKET} ${HSTS} ${EXPLOITS} ${SECURE} ${SSL} ${CERTTEST} >/dev/null 2>&1
echo -e "${idsCL[LightGreen]}Done${idsCL[Default]}"
echo
@@ -972,4 +976,3 @@ EDITSITE(){