From b44f0834f8d5b4be5cf71e275971c9f07833cbb6 Mon Sep 17 00:00:00 2001 From: David Schroeder Date: Tue, 14 Nov 2023 17:51:54 -0600 Subject: [PATCH] Update sites.inc --- inc/sites.inc | 193 +++++++++++++++++++++++++------------------------- 1 file changed, 98 insertions(+), 95 deletions(-) diff --git a/inc/sites.inc b/inc/sites.inc index 0816a86e..4bfda735 100755 --- a/inc/sites.inc +++ b/inc/sites.inc @@ -157,15 +157,15 @@ NEWSITE(){ echo -e "Usage: ${idsCL[LightYellow]}[nodemgmt or nmg] newsite ${idsCL[Yellow]}{flags}${idsCL[Default]} {" width=35 printf "%-${width}s- %s\n" " -site {FQDN address(,es)}" "(new site and aliases, comma separated)" - printf "%-${width}s- %s\n" " -ssl {yes or no}" "(defaults to yes)" - printf "%-${width}s- %s\n" " -type {'local' or 'proxy'}" "(defaults to local)" + printf "%-${width}s- %s\n" " -ssl {yes or no}" "(create and enable ssl; default=yes)" + printf "%-${width}s- %s\n" " -type {'local' or 'proxy'}" "(defaults to proxy)" printf "%-${width}s- %s\n" " -proxy_port {host port}" "(proxy backend host)" printf "%-${width}s- %s\n" " -proxy_host {IP or FQDN}" "(proxy backend port)" printf "%-${width}s- %s\n" " -proxy_scheme {http or https}" "(proxy backend scheme)" - printf "%-${width}s- %s\n" " -websocket {yes or no}" "(websocket support)" - printf "%-${width}s- %s\n" " -hsts {yes or no}" "(hsts support)" - printf "%-${width}s- %s\n" " -exploits {yes or no}" "(block exploits)" - printf "%-${width}s- %s\n" " -secure {yes or no}" "(secure access [nginx/.htpasswd])" + printf "%-${width}s- %s\n" " -websocket {yes or no}" "(websocket support; default=no)" + printf "%-${width}s- %s\n" " -hsts {yes or no}" "(hsts support; default=yes)" + printf "%-${width}s- %s\n" " -exploits {yes or no}" "(block exploits; default=no)" + printf "%-${width}s- %s\n" " -secure {1FA, 2FA or no}" "(SSO secure access; default=no)" printf "%-${width}s- %s\n" " -t|-test" "(enables dry-run mode for CertBot)" echo "}" exit 0;; @@ -632,7 +632,7 @@ SITEINFO(){ i=1 for sitefile in ${sites[@]}; do - site=${sitefile##*/}; site=${site/.conf/} + SITENAME=${sitefile##*/}; SITENAME=${SITENAME/.conf/} siteconfig=$(cat ${sitefile}) if (( i % 12 == 0 )) || [ $i = 1 ]; then DIVIDER false yellow ${dl} @@ -652,56 +652,58 @@ SITEINFO(){ if [ "$(echo "${siteconfig}" | grep include/proxy.conf)" != "" ] || [ "$(echo "${siteconfig}" | grep proxy_pass)" != "" ]; then type='Proxy' if [ "$(echo "${siteconfig}" | grep include/proxy.conf)" != "" ]; then - server=$(echo "${siteconfig}" | grep 'set $server') - server=${server#*\"}; server=${server%\"*} - scheme=$(echo "${siteconfig}" | grep 'set $forward_scheme') - scheme=${scheme##* }; scheme=${scheme%;*} - port=$(echo "${siteconfig}" | grep 'set $port') - port=${port##* }; port=${port%;*} - proxyhost="${scheme}://${server}:${port}" + PROXYHOST=$(echo "${siteconfig}" | grep 'set $server') + PROXYHOST=${PROXYHOST#*\"}; PROXYHOST=${PROXYHOST%\"*} + PROXYSCHEME=$(echo "${siteconfig}" | grep 'set $forward_scheme') + PROXYSCHEME=${PROXYSCHEME##* }; PROXYSCHEME=${PROXYSCHEME%;*} + PROXYPORT=$(echo "${siteconfig}" | grep 'set $port') + PROXYPORT=${PROXYPORT##* }; PROXYPORT=${PROXYPORT%;*} + PROXYHOST_FULL="${PROXYSCHEME}://${PROXYHOST}:${PROXYPORT}" else - proxyhost="[ custom proxy_pass ]" + PROXYHOST_FULL="[ custom proxy_pass ]" fi else type='HTTP' - proxyhost='' + PROXYHOST_FULL='' fi server=$(echo "${siteconfig}" | grep 'set $port') - [ "$(echo "${siteconfig}" | grep \#ssl_certificate)" != "" ] && ssl='' || ssl='Yes' - [ "$(echo "${siteconfig}" | grep '\#include conf.d/include/hsts-support.conf')" != "" ] && hsts='' || hsts='Yes' - [ "$(echo "${siteconfig}" | grep '\#include conf.d/include/websocket-support.conf')" != "" ] && wbskt='' || wbskt='Yes' - [ "$(echo "${siteconfig}" | grep '\#include conf.d/include/block-exploits.conf')" != "" ] && explt='' || explt='Yes' + [ "$(echo "${siteconfig}" | grep \#ssl_certificate)" != "" ] && SSL='' || SSL='Yes' + [ "$(echo "${siteconfig}" | grep '\#include conf.d/include/hsts-support.conf')" != "" ] && HSTS='' || HSTS='Yes' + [ "$(echo "${siteconfig}" | grep '\#include conf.d/include/websocket-support.conf')" != "" ] && WEBSOCKET='' || WEBSOCKET='Yes' + [ "$(echo "${siteconfig}" | grep '\#include conf.d/include/block-exploits.conf')" != "" ] && EXPLOITS='' || EXPLOITS='Yes' if [ "$(echo "${siteconfig}" | grep '\#include conf.d/include/secure-access.conf')" == "" ]; then - sitefacline=$(echo "${autheliaconfig}" | grep -Fn ${site}) + sitefacline=$(echo "${autheliaconfig}" | grep -Fn ${SITENAME}) sitefacline=${sitefacline%%:*} if [ "${sitefacline}" == "" ]; then - lock='error' - # ssh root@${NM_AUTHELIA_IP} "sed -ie \"/domain: # Proxies only requiring username and password/a ~~~ - \\\"${site}\\\"\" ${NM_DOCKER_COMPOSE_LOC['authelia']}/config/configuration.yml" + SECURE='error' + # ssh root@${NM_AUTHELIA_IP} "sed -ie \"/domain: # Proxies only requiring username and password/a ~~~ - \\\"${SITENAME}\\\"\" ${NM_DOCKER_COMPOSE_LOC['authelia']}/config/configuration.yml" # ssh root@${NM_AUTHELIA_IP} "sed -i \"s/~~~/ /g\" ${NM_DOCKER_COMPOSE_LOC['authelia']}/config/configuration.yml" elif [ ${sitefacline} -lt ${onefacline} ]; then - lock='1FA' + SECURE='1FA' elif [ ${sitefacline} -lt ${twofacline} ]; then - lock='2FA' + SECURE='2FA' fi else - lock='' + SECURE='' fi [ ${i} -lt 10 ] && ii=" ${i}" || ii=${i} - [ ${EDIT} -eq 1 ] && msg1="${ii}) ${site}" || msg1="${site}" + [ ${EDIT} -eq 1 ] && msg1="${ii}) ${SITENAME}" || msg1="${SITENAME}" if [ ${EDIT} -eq 1 ]; then - printf "%-32s %-8s %-6s %-6s %-6s %-6s %-6s %-14s\n" "${msg1}" "${type}" "${ssl}" "${hsts}" "${wbskt}" "${explt}" "${lock}" "${proxyhost}" + printf "%-32s %-8s %-6s %-6s %-6s %-6s %-6s %-14s\n" "${msg1}" "${SITE_TYPE}" "${SSL}" "${HSTS}" "${WEBSOCKET}" "${EXPLOITS}" "${SECURE}" "${PROXYHOST_FULL}" else - printf "%-28s %-8s %-6s %-6s %-6s %-6s %-6s %-14s\n" "${msg1}" "${type}" "${ssl}" "${hsts}" "${wbskt}" "${explt}" "${lock}" "${proxyhost}" + printf "%-28s %-8s %-6s %-6s %-6s %-6s %-6s %-14s\n" "${msg1}" "${SITE_TYPE}" "${SSL}" "${HSTS}" "${WEBSOCKET}" "${EXPLOITS}" "${SECURE}" "${PROXYHOST_FULL}" fi - SITELIST[${i}]=${site} + SITELIST[${i}]=${SITENAME} i=`expr $i + 1` done + + echo if [ ${EDIT} -eq 1 ]; then DIVIDER . yellow ${dl} @@ -761,15 +763,15 @@ SITEINFO(){ EDITSITE(){ - site=${SITELIST[${siteid}]} - sitefile=${gosite}/${site}.conf + SITENAME=${SITELIST[${siteid}]} + sitefile=${gosite}/${SITENAME}.conf if [ -f ${sitefile} ]; then siteconfig=$(cat ${sitefile}) if [ "$(echo "${siteconfig}" | grep \#ssl_certificate)" != "" ]; then - ssl='-' + SSL='-' SUBJECTNAMES="" else - ssl='Yes' + SSL='Yes' certpath=$(echo "${siteconfig}" | grep ssl_certificate_key) certpath=${certpath%/*} @@ -780,65 +782,67 @@ EDITSITE(){ fi if [ "$(echo "${siteconfig}" | grep include/proxy.conf)" != "" ]; then - type='Proxy' - server=$(echo "${siteconfig}" | grep 'set $server') - server=${server#*\"}; server=${server%\"*} - servernames=$(echo "${siteconfig}" | grep 'server_name') - servernames=${servernames//;/} - servernames=${servernames#* } - servernames=${servernames// /,} - scheme=$(echo "${siteconfig}" | grep 'set $forward_scheme') - scheme=${scheme##* }; scheme=${scheme%;*} - port=$(echo "${siteconfig}" | grep 'set $port') - port=${port##* }; port=${port%;*} + SITE_TYPE='Proxy' + PROXYHOST=$(echo "${siteconfig}" | grep 'set $server') + PROXYHOST=${PROXYHOST#*\"}; PROXYHOST=${PROXYHOST%\"*} + SERVERNAMES=$(echo "${siteconfig}" | grep 'server_name') + SERVERNAMES=${SERVERNAMES//;/} + SERVERNAMES=${SERVERNAMES#* } + SERVERNAMES=${SERVERNAMES// /,} + PROXYSCHEME=$(echo "${siteconfig}" | grep 'set $forward_scheme') + PROXYSCHEME=${PROXYSCHEME##* }; PROXYSCHEME=${PROXYSCHEME%;*} + PROXYPORT=$(echo "${siteconfig}" | grep 'set $port') + PROXYPORT=${PROXYPORT##* }; PROXYPORT=${PROXYPORT%;*} + else - type='HTTP' + SITE_TYPE='HTTP' fi - [ "$(echo "${siteconfig}" | grep '\#include conf.d/include/hsts-support.conf')" != "" ] && hsts='-' || hsts='Yes' - [ "$(echo "${siteconfig}" | grep '\#include conf.d/include/websocket-support.conf')" != "" ] && wbskt='-' || wbskt='Yes' - [ "$(echo "${siteconfig}" | grep '\#include conf.d/include/block-exploits.conf')" != "" ] && explt='-' || explt='Yes' + [ "$(echo "${siteconfig}" | grep '\#include conf.d/include/hsts-support.conf')" != "" ] && HSTS='-' || HSTS='Yes' + [ "$(echo "${siteconfig}" | grep '\#include conf.d/include/websocket-support.conf')" != "" ] && WEBSOCKET='-' || WEBSOCKET='Yes' + [ "$(echo "${siteconfig}" | grep '\#include conf.d/include/block-exploits.conf')" != "" ] && EXPLOITS='-' || EXPLOITS='Yes' if [ "$(echo "${siteconfig}" | grep '\#include conf.d/include/secure-access.conf')" == "" ]; then - sitefacline=$(echo "${autheliaconfig}" | grep -Fn ${site} | sort | tail -n1) + sitefacline=$(echo "${autheliaconfig}" | grep -Fn ${SITENAME} | sort | tail -n1) sitefacline=${sitefacline%%:*} if [ "${sitefacline}" == "" ]; then - lock='error' + SECURE='error' elif [ ${sitefacline} -lt ${onefacline} ]; then - lock='1FA' + SECURE='1FA' elif [ ${sitefacline} -lt ${twofacline} ]; then - lock='2FA' + SECURE='2FA' fi else - lock='-' + SECURE='-' fi else - site=${MAIN_SITE} - type=${SITE_TYPE^} - servernames=${NEW_SITE} - server=${PROXYHOST} - scheme=${PROXYSCHEME} - port=${PROXYPORT} - ssl='Yes' - hsts='Yes' - wbskt='-' - explt='-' - lock='-' + SITENAME=${MAIN_SITE} + SITE_TYPE=${SITE_TYPE^} + SERVERNAMES=${NEW_SITE} + PROXYHOST=${PROXYHOST} + PROXYSCHEME=${PROXYSCHEME} + PROXYPORT=${PROXYPORT} + SSL='Yes' + HSTS='Yes' + WEBSOCKET='-' + EXPLOITS='-' + SECURE='-' + fi editc=0 until [ "${editc^}" = "C" ]; do - echo -e "\033[K${idsCL[White]}0) Site Address(es): ${idsCL[Cyan]}${idsST[Bold]}${servernames//,/, }${idsST[Reset]}" - echo -e "\033[K${idsCL[White]}1) Site Type: ${idsCL[Cyan]}${idsST[Bold]}${type}${idsST[Reset]}" - echo -en "\033[K${idsCL[White]}2) SSL Secure: ${idsCL[Cyan]}${idsST[Bold]}${ssl}${idsST[Reset]}" + echo -e "\033[K${idsCL[White]}0) Site Address(es): ${idsCL[Cyan]}${idsST[Bold]}${SERVERNAMES//,/, }${idsST[Reset]}" + echo -e "\033[K${idsCL[White]}1) Site Type: ${idsCL[Cyan]}${idsST[Bold]}${SITE_TYPE}${idsST[Reset]}" + echo -en "\033[K${idsCL[White]}2) SSL Secure: ${idsCL[Cyan]}${idsST[Bold]}${SSL}${idsST[Reset]}" [ "${SUBJECTNAMES}" != "" ] && echo -e " ${idsCL[Cyan]}[SSL Names: ${idsCL[Yellow]}${SUBJECTNAMES}${idsCL[Cyan]}; expires ${idsCL[Yellow]}$(date -d @${CERTEXPIRE} '+%m-%d-%Y')${idsCL[Cyan]}]" || echo - echo -e "\033[K${idsCL[White]}3) HSTS Enabled: ${idsCL[Cyan]}${idsST[Bold]}${hsts}${idsST[Reset]}" - echo -e "\033[K${idsCL[White]}4) Web Sockets: ${idsCL[Cyan]}${idsST[Bold]}${wbskt}${idsST[Reset]}" - echo -e "\033[K${idsCL[White]}5) Exploits Block: ${idsCL[Cyan]}${idsST[Bold]}${explt}${idsST[Reset]}" - echo -e "\033[K${idsCL[White]}6) Secured Access: ${idsCL[Cyan]}${idsST[Bold]}${lock}${idsST[Reset]}" - if [ "${type}" == "Proxy" ]; then - echo -e "\033[K${idsCL[White]}7) Proxy Address: ${idsCL[Cyan]}${idsST[Bold]}${server}${idsST[Reset]}" - echo -e "\033[K${idsCL[White]}8) Proxy Scheme: ${idsCL[Cyan]}${idsST[Bold]}${scheme}${idsST[Reset]}" - echo -e "\033[K${idsCL[White]}9) Proxy Port: ${idsCL[Cyan]}${idsST[Bold]}${port}${idsST[Reset]}" + echo -e "\033[K${idsCL[White]}3) HSTS Enabled: ${idsCL[Cyan]}${idsST[Bold]}${HSTS}${idsST[Reset]}" + echo -e "\033[K${idsCL[White]}4) Web Sockets: ${idsCL[Cyan]}${idsST[Bold]}${WEBSOCKET}${idsST[Reset]}" + echo -e "\033[K${idsCL[White]}5) Exploits Block: ${idsCL[Cyan]}${idsST[Bold]}${EXPLOITS}${idsST[Reset]}" + echo -e "\033[K${idsCL[White]}6) Secured Access: ${idsCL[Cyan]}${idsST[Bold]}${SECURE}${idsST[Reset]}" + if [ "${SITE_TYPE}" == "Proxy" ]; then + echo -e "\033[K${idsCL[White]}7) Proxy Address: ${idsCL[Cyan]}${idsST[Bold]}${PROXYHOST}${idsST[Reset]}" + echo -e "\033[K${idsCL[White]}8) Proxy Scheme: ${idsCL[Cyan]}${idsST[Bold]}${PROXYSCHEME}${idsST[Reset]}" + echo -e "\033[K${idsCL[White]}9) Proxy Port: ${idsCL[Cyan]}${idsST[Bold]}${PROXYPORT}${idsST[Reset]}" else echo -e "\033[K" echo -e "\033[K" @@ -859,32 +863,32 @@ EDITSITE(){ case "${editc}" in 0) echo -e "\033[K\n\033[K" echo -en "\033[KEnter new Server Names (comma seperated): " - read -i "${servernames}" -e servernames - servernames=${servernames//, /,} + read -i "${SERVERNAMES}" -e SERVERNAMES + SERVERNAMES=${SERVERNAMES//, /,} echo -e "\033[5A"; for (( c=1; c<=5; c++ )); do echo -e "\033[K"; done; echo -e "\033[5A" ;; - 1) [ "${type}" == "HTTP" ] && type='Proxy' || type='HTTP';; - 2) [ "${ssl}" == "-" ] && ssl='Yes' || ssl='-';; - 3) [ "${hsts}" == "-" ] && hsts='Yes' || hsts='-';; - 4) [ "${wbskt}" == "-" ] && wbskt='Yes' || wbskt='-';; - 5) [ "${explt}" == "-" ] && explt='Yes' || explt='-';; - 6) if [ "${lock}" == "-" ]; then - lock='1FA' - elif [ "${lock}" == "1FA" ]; then - lock='2FA' - elif [ "${lock}" == "2FA" ]; then - lock='-' + 1) [ "${SITE_TYPE}" == "HTTP" ] && SITE_TYPE='Proxy' || SITE_TYPE='HTTP';; + 2) [ "${SSL}" == "-" ] && SSL='Yes' || SSL='-';; + 3) [ "${HSTS}" == "-" ] && HSTS='Yes' || HSTS='-';; + 4) [ "${WEBSOCKET}" == "-" ] && WEBSOCKET='Yes' || WEBSOCKET='-';; + 5) [ "${EXPLOITS}" == "-" ] && EXPLOITS='Yes' || EXPLOITS='-';; + 6) if [ "${SECURE}" == "-" ]; then + SECURE='1FA' + elif [ "${SECURE}" == "1FA" ]; then + SECURE='2FA' + elif [ "${SECURE}" == "2FA" ]; then + SECURE='-' fi ;; 7) echo -e "\033[K\n\033[K" echo -en "\033[KEnter new Proxy Address: " - read -i "${server}" -e server + read -i "${PROXYHOST}" -e PROXYHOST echo -e "\033[5A"; for (( c=1; c<=5; c++ )); do echo -e "\033[K"; done; echo -e "\033[5A" ;; - 8) [ "${scheme}" == "http" ] && scheme='https' || scheme='http';; + 8) [ "${PROXYSCHEME}" == "http" ] && PROXYSCHEME='https' || PROXYSCHEME='http';; 9) echo -e "\033[K\n\033[K" echo -en "\033[KEnter new Proxy Port: " - read -i "${port}" -e port + read -i "${PROXYPORT}" -e PROXYPORT echo -e "\033[5A"; for (( c=1; c<=5; c++ )); do echo -e "\033[K"; done; echo -e "\033[5A" ;; @@ -900,7 +904,7 @@ EDITSITE(){ case "${delconfirm}" in [Yy]) echo -en "\n\n${idsCL[LightCyan]}Removing site ... " - DELSITE -site ${site} -ssl yes >/dev/null 2>&1 + DELSITE -site ${SITENAME} -ssl yes >/dev/null 2>&1 echo -e "${idsCL[LightGreen]}Done\n${idsCL[Default]}" [ "${SEARCH}" != "0" ] && SITEINFO -edit -search ${SEARCH} || SITEINFO -edit exit 0 @@ -937,7 +941,7 @@ EDITSITE(){ echo fi echo -en "\033[1A\033[K\r${idsCL[LightCyan]}Configuring changes ... ${idsCL[Default]}" - NEWPROXYSITE_CREATE ${site} ${servernames} ${server} ${port} ${scheme} ${wbskt} ${hsts} ${explt} ${lock} ${ssl} ${CERTTEST} >/dev/null 2>&1 + NEWPROXYSITE_CREATE ${SITENAME} ${SERVERNAMES} ${PROXYHOST} ${PROXYPORT} ${PROXYSCHEME} ${WEBSOCKET} ${HSTS} ${EXPLOITS} ${SECURE} ${SSL} ${CERTTEST} >/dev/null 2>&1 echo -e "${idsCL[LightGreen]}Done${idsCL[Default]}" echo @@ -972,4 +976,3 @@ EDITSITE(){ -