diff --git a/defaults.inc b/defaults.inc index 9c07fa17..d5705b74 100755 --- a/defaults.inc +++ b/defaults.inc @@ -1,6 +1,6 @@ #!/usr/bin/env bash # VERS='4.12.120-11102023' -VERS='4.12.120-KYLEUPGRADE' +VERS='4.12.122-KYLEUPGRADEv2' noheader=' service status-check nightlyrephp7.3-fpm,new backup report check checkcerts gitea update-nodes copynpmcerts singleservercheck update-dyndns backup-offsitepfsense gui nightlyreview update ' CERT_DAEMON='/snap/bin/certbot' diff --git a/inc/sites.inc b/inc/sites.inc index 237c0cfb..060ded83 100755 --- a/inc/sites.inc +++ b/inc/sites.inc @@ -19,7 +19,7 @@ DELSITE(){ shift done if [ -z ${DEL_SITE+x} ]; then - echo -e -n "${idsCL[LightCyan]}Delete what site address: ${idsCL[Default]}" + echo -en "${idsCL[LightCyan]}Delete what site address: ${idsCL[Default]}" read DEL_SITE echo fi @@ -28,7 +28,7 @@ DELSITE(){ elif [[ $DEL_SSL =~ ^[Yy]$ ]]; then DEL_SSL=yes elif [ -z ${DEL_SSL+x} ]; then - echo -e -n "${idsCL[LightRed]}Do you also want to delete the certs for '${DEL_SITE}' as well? [y/N]${idsCL[Default]} " + echo -en "${idsCL[LightRed]}Do you also want to delete the certs for '${DEL_SITE}' as well? [y/N]${idsCL[Default]} " read DEL_SSL if [[ $DEL_SSL =~ ^[Nn]$ ]]; then DEL_SSL=no @@ -131,7 +131,7 @@ DELSITES(){ fi echo " [Q] Quit" echo - echo -e -n "${idsCL[LightYellow]}Please select a site from above from above:${idsCL[Default]} " + echo -en "${idsCL[LightYellow]}Please select a site from above from above:${idsCL[Default]} " read selsite echo if [ -z ${SITES[$selsite]} ] && [ "${selsite}" != "Q" ] && [ "${selsite}" != "q" ] && [ "${selsite}" != "B" ] && [ "${selsite}" != "b" ]; then @@ -147,11 +147,11 @@ DELSITES(){ else while : do - echo -e -n "${idsCL[LightRed]}Are you sure you want to delete '${idsCL[Red]}${SITES[${selsite}]^^}${idsCL[LightRed]}'? [y/N]${idsCL[Default]} " + echo -en "${idsCL[LightRed]}Are you sure you want to delete '${idsCL[Red]}${SITES[${selsite}]^^}${idsCL[LightRed]}'? [y/N]${idsCL[Default]} " read response echo if [[ $response =~ ^[Yy]$ ]]; then - echo -e -n "${idsCL[LightRed]}Do you also want to delete the certs for '${idsCL[Red]}${SITES[${selsite}]^^}${idsCL[LightRed]}', if they exist? [y/N]${idsCL[Default]} " + echo -en "${idsCL[LightRed]}Do you also want to delete the certs for '${idsCL[Red]}${SITES[${selsite}]^^}${idsCL[LightRed]}', if they exist? [y/N]${idsCL[Default]} " read sslresponse DELSITE -site ${SITES[${selsite}]} -ssl ${sslresponse} echo @@ -233,50 +233,56 @@ NEWSITE(){ #if [ -z ${SITE_TYPE+x} ]; then SITE_TYPE=local; fi #if [ -z ${CREATE_SSL+x} ]; then CREATE_SSL=true; fi if [ -z ${NEW_SITE+x} ]; then - echo -e -n "${idsCL[LightCyan]}New site domain name (comma seperated for multiple) : ${idsCL[Default]}" + echo -en "${idsCL[LightCyan]}New site domain name (comma seperated for multiple): ${idsCL[Default]}" read NEW_SITE showdivide=yes + echo fi if [ -z ${CREATE_SSL+x} ]; then - echo -e -n "${idsCL[LightCyan]}Create SSL for site? [Y/n] ${idsCL[Default]}" + echo -en "${idsCL[LightCyan]}Create SSL for site? [Y/n] ${idsCL[Default]}" read CREATE_SSL showdivide=yes if [[ $CREATE_SSL =~ ^[Yy]$ ]] || [ "${CREATE_SSL}" = "" ]; then CREATE_SSL=yes - # echo -e -n "${idsCL[LightCyan]}Add additonal domain names to the SSL cert (comma seperated)? : ${idsCL[Default]}" + # echo -en "${idsCL[LightCyan]}Add additonal domain names to the SSL cert (comma seperated)? : ${idsCL[Default]}" # read ssladd else CREATE_SSL=no fi + echo fi if [ -z ${SITE_TYPE+x} ]; then - echo -e -n "${idsCL[LightCyan]}Site type (local/{proxy}): ${idsCL[Default]}" + echo -en "${idsCL[LightCyan]}Site type (local/{proxy}): ${idsCL[Default]}" read SITE_TYPE showdivide=yes if [ "${SITE_TYPE}" = "" ]; then SITE_TYPE=proxy fi + echo fi if [ "${SITE_TYPE}" = "proxy" ]; then if [ -z ${PROXYHOST+x} ]; then - echo -e -n "${idsCL[LightCyan]}What is the proxy backend address (IP or FQDN): ${idsCL[Default]}" + echo -en "${idsCL[LightCyan]}What is the proxy backend address (IP or FQDN): ${idsCL[Default]}" read PROXYHOST showdivide=yes + echo fi if [ -z ${PROXYPORT+x} ]; then - echo -e -n "${idsCL[LightCyan]}What is the proxy backend port (tcp port): ${idsCL[Default]}" + echo -en "${idsCL[LightCyan]}What is the proxy backend port (tcp port): ${idsCL[Default]}" read PROXYPORT showdivide=yes + echo fi if [ -z ${PROXYSCHEME+x} ]; then - echo -e -n "${idsCL[LightCyan]}What is the proxy backend scheme (http/https): ${idsCL[Default]}" + echo -en "${idsCL[LightCyan]}What is the proxy backend scheme (http/https): ${idsCL[Default]}" read PROXYSCHEME showdivide=yes + echo fi if [ -z ${WEBSOCKET+x} ]; then - echo -e -n "${idsCL[LightCyan]}Enable Websocket Support (y/N): ${idsCL[Default]}" + echo -en "${idsCL[LightCyan]}Enable Websocket Support (y/N): ${idsCL[Default]}" read WEBSOCKET showdivide=yes if [[ ${WEBSOCKET} =~ ^[Nn]$ ]] || [ "${WEBSOCKET}" = "" ]; then @@ -286,15 +292,17 @@ NEWSITE(){ else WEBSOCKET=no fi + echo fi if [ -z ${HSTS+x} ]; then - echo -e -n "${idsCL[LightCyan]}Enable HSTS Support (Y/n): ${idsCL[Default]}" + echo -en "${idsCL[LightCyan]}Enable HSTS Support (Y/n): ${idsCL[Default]}" read HSTS showdivide=yes [[ ${HSTS} =~ ^[Yy]$ ]] || [ "${HSTS}" = "" ] &&HSTS=yes || HSTS=no + echo fi if [ -z ${EXPLOITS+x} ]; then - echo -e -n "${idsCL[LightCyan]}Block exploits (y/N): ${idsCL[Default]}" + echo -en "${idsCL[LightCyan]}Block exploits (y/N): ${idsCL[Default]}" read EXPLOITS showdivide=yes if [[ ${EXPLOITS} =~ ^[Nn]$ ]] || [ "${EXPLOITS}" = "" ]; then @@ -304,19 +312,21 @@ NEWSITE(){ else EXPLOITS=no fi + echo fi if [ -z ${SECURE+x} ]; then - echo -e -n "${idsCL[LightCyan]}Secure site with Authelia SSO (y/N): ${idsCL[Default]}" + echo -en "${idsCL[LightCyan]}Secure site with Authelia SSO (y/N): ${idsCL[Default]}" read SECURE showdivide=yes - if [[ ${SECURE} =~ ^[Nn]$ ]] || [ "${SECURE}" = "" ]; then - SECURE=no - elif [[ ${SECURE} =~ ^[Yy]$ ]]; then - SECURE=yes - + if [[ ${SECURE} =~ ^[Yy]$ ]]; then + echo -en "${idsCL[LightCyan]}Would you like a side of MFA with that SSO (Y/n): ${idsCL[Default]}" + read MFA + showdivide=yes + [[ ${MFA} =~ ^[Yy]$ ]] && SECURE=2FA || SECURE=1FA else SECURE=no fi + echo fi fi [ "${showdivide}" == "yes" ] && DIVIDER @@ -334,7 +344,7 @@ NEWSITE(){ printf "%-${width}s: %s\n" "Block Exploits" "${EXPLOITS}" printf "%-${width}s: %s\n" "Secure Access" "${SECURE}" fi - echo -e -n "${idsCL[LightRed]}Is this information correct? [Y/n]${idsCL[Default]} " + echo -en "${idsCL[LightRed]}Is this information correct? [Y/n]${idsCL[Default]} " read -n 1 response echo if [[ $response =~ ^[Yy]$ ]] || [ "${response}" = "" ]; then @@ -361,18 +371,22 @@ NEWSITE(){ [ "${WEBSOCKET}" == "yes" ] && WEBSOCKET="include conf.d\/include\/websocket-support.conf;" || WEBSOCKET="" [ "${HSTS}" == "yes" ] && HSTS="include conf.d\/include\/hsts-support.conf;" || HSTS="" [ "${EXPLOITS}" == "yes" ] && EXPLOITS="include conf.d\/include\/block-exploits.conf;" || EXPLOITS="" - if [ "${SECURE}" == "yes" ] && [ "${NM_DOCKER_COMPOSE_LOC['authelia']}" != "" ]; then + if [[ "${SECURE}" = *"FA"* ]] && [ "${NM_DOCKER_COMPOSE_LOC['authelia']}" != "" ]; then + echo -e "${idsCL[LightGreen]}Configuring Authelia SSO for '${idsCL[Yellow]}${MAIN_SITE}${idsCL[LightGreen]}' {${NGINX_SERVERNAME}}...${idsCL[Default]}" SECURE="include conf.d\/include\/secure-access.conf;" for NTYPE in "${NM_NODE_TYPES[@]}"; do if [[ "${NM_DOCKERS_CHECK[${NTYPE}]}" == *"authelia"* ]]; then NM_AUTHELIA_IP=${NM_SINGLESRVR_IP[${NTYPE}]} break fi - done - ssh root@${NM_AUTHELIA_IP} "sed -ie \"/domain: # Proxies only requiring username and password/a ~~~ - \\\"${MAIN_SITE}\\\"\" ${NM_DOCKER_COMPOSE_LOC['authelia']}/config/configuration.yml" + done + if [ "${SECURE}" == "2FA" ]; then + ssh root@${NM_AUTHELIA_IP} "sed -ie \"/domain: # Proxies needing 2 factor below/a ~~~ - \\\"${MAIN_SITE}\\\"\" ${NM_DOCKER_COMPOSE_LOC['authelia']}/config/configuration.yml" + else + ssh root@${NM_AUTHELIA_IP} "sed -ie \"/domain: # Proxies only requiring username and password/a ~~~ - \\\"${MAIN_SITE}\\\"\" ${NM_DOCKER_COMPOSE_LOC['authelia']}/config/configuration.yml" + fi ssh root@${NM_AUTHELIA_IP} "sed -i \"s/~~~/ /g\" ${NM_DOCKER_COMPOSE_LOC['authelia']}/config/configuration.yml" - - ssh root@${NM_AUTHELIA_IP} "/usr/bin/docker restart authelia" + ssh root@${NM_AUTHELIA_IP} "/usr/bin/docker restart authelia >/dev/null 2>&1" else SECURE="" @@ -478,7 +492,7 @@ NEWSITE(){ echo echo -e "${idsCL[LightGreen]}The new site for '${idsCL[LightGreen]}${NEW_SITE}${idsCL[Default]}' has been created.${idsCL[Default]}" echo - echo -e -n "${idsCL[LightCyan]}Restart NGINX on all Nodes (Y/n): ${idsCL[Default]}" + echo -en "${idsCL[LightCyan]}Restart NGINX on all Nodes (Y/n): ${idsCL[Default]}" read -n 1 NGINXRELOAD if [[ ${NGINXRELOAD} =~ ^[Nn]$ ]]; then tmp=''