From fc087d56c3f0276e863ee3a3268d3d509b0d8633 Mon Sep 17 00:00:00 2001 From: David Schroeder Date: Sat, 17 Jun 2023 13:10:19 -0500 Subject: [PATCH] update --- defaults.inc | 2 +- inc/certs.inc | 45 ++++++++++++------------ inc/sites.inc | 95 ++++++++++++++++++++++++++++++++------------------- 3 files changed, 85 insertions(+), 57 deletions(-) diff --git a/defaults.inc b/defaults.inc index d0481b69..a1e122bb 100755 --- a/defaults.inc +++ b/defaults.inc @@ -1,6 +1,6 @@ #!/usr/bin/env bash -VERS='4.7.108-05282023' +VERS='4.7.110-06172023' # NODETYPES=WEB NODETYPES=LB,LPD,MM,MYSQL,NC,PW,WPD,WM,WEB diff --git a/inc/certs.inc b/inc/certs.inc index f84626ed..96ddc48d 100755 --- a/inc/certs.inc +++ b/inc/certs.inc @@ -44,30 +44,33 @@ NEWCERT(){ echo -e "${NEW_CERT}\n${daterun}" > ${FOLDER}/cert-request.lastrun yes | cp -rfH ${FOLDER}/cert-request.lastrun /opt/lb-data/letsencrypt/cert-request.lastrun DIVIDER true - echo -e -n "${idsCL[LightCyan]}Reload NGINX on LB Nodes (Y/n): ${idsCL[Default]}" - read -n 1 NGINXRELOAD - if [[ ${NGINXRELOAD} =~ ^[Nn]$ ]]; then - tmp='' - else - echo - echo -en "${idsCL[LightYellow]}Waiting for Cert replication across the nodes... ${idsCL[Default]}" - for nip in "${LB_HOSTS[@]}"; do - checkhost=$(CHECK_HOST ${nip}) - if [ "${checkhost}" != "false" ]; then - if [[ $(/sbin/ip -o -4 addr list eth0 | awk '{print $4}' | cut -d/ -f1) != *"${nip}"* ]]; then - checked=false - until [ "${checked}" = "" ]; do - checked=`ssh root@${nip} "[ ! -f /opt/lb-data/letsencrypt/live/${MAIN_CERT}/newcert ] && echo '.'"` - done + if [ "${2}" != "newsite" ]; then + echo -e -n "${idsCL[LightCyan]}Reload NGINX on LB Nodes (Y/n): ${idsCL[Default]}" + read -n 1 NGINXRELOAD + if [[ ${NGINXRELOAD} =~ ^[Nn]$ ]]; then + tmp='' + else + echo + echo -en "${idsCL[LightYellow]}Waiting for Cert replication across the nodes... ${idsCL[Default]}" + for nip in "${LB_HOSTS[@]}"; do + checkhost=$(CHECK_HOST ${nip}) + if [ "${checkhost}" != "false" ]; then + if [[ $(/sbin/ip -o -4 addr list eth0 | awk '{print $4}' | cut -d/ -f1) != *"${nip}"* ]]; then + checked=false + until [ "${checked}" = "" ]; do + checked=`ssh root@${nip} "[ ! -f /opt/lb-data/letsencrypt/live/${MAIN_CERT}/newcert ] && echo '.'"` + done + fi fi - fi - done - rm -f /opt/lb-data/letsencrypt/live/${MAIN_CERT}/newcert - echo -e "${idsCL[Green]}Completed${idsCL[Default]}" + done + rm -f /opt/lb-data/letsencrypt/live/${MAIN_CERT}/newcert + echo -e "${idsCL[Green]}Completed${idsCL[Default]}" - echo - SERVICE nginx restart + echo + SERVICE nginx restart + fi fi + fi echo echo -e "${idsCL[Green]}Certificate has been successfully created for '${idsCL[Yellow]}${NEW_CERT}${idsCL[Green]}'...${idsCL[Default]}" diff --git a/inc/sites.inc b/inc/sites.inc index ad8f72f9..5098edac 100755 --- a/inc/sites.inc +++ b/inc/sites.inc @@ -305,8 +305,9 @@ NEWSITE(){ echo -e -n "${idsCL[LightRed]}Is this information correct? [Y/n]${idsCL[Default]} " read -n 1 response echo - if [[ $response =~ ^[Yy]$ ]] || [ "${response}" = "" ]; then - + if [[ $response =~ ^[Yy]$ ]] || [ "${response}" = "" ]; then + + nginxconfig=/etc/nginx/sites-enabled/${MAIN_SITE} if [[ ${NEW_SITE} == *","* ]]; then IFS=','; NEW_SITES=(${NEW_SITE}); unset IFS @@ -334,9 +335,9 @@ NEWSITE(){ ######################################### LOCAL if [ "${SITE_TYPE}" = "local" ]; then echo -e "server { - listen 80;" > /etc/nginx/sites-available/${MAIN_SITE} + listen 80;" > ${nginxconfig} if [ "${CREATE_SSL}" = "yes" ]; then - echo -e " listen 443 ssl http2;" >> /etc/nginx/sites-available/${MAIN_SITE} + echo -e " listen 443 ssl http2;" >> ${nginxconfig} fi echo -e " server_name ${NGINX_SERVERNAME}; @@ -345,21 +346,21 @@ NEWSITE(){ root \$base/public_html; access_log /var/log/nginx/${MAIN_SITE}-access.log; - error_log /var/log/nginx/${MAIN_SITE}-error.log warn;" >> /etc/nginx/sites-available/${MAIN_SITE} + error_log /var/log/nginx/${MAIN_SITE}-error.log warn;" >> ${nginxconfig} if [ "${CREATE_SSL}" = "yes" ]; then echo -e " ssl_certificate_key /etc/letsencrypt/live/${MAIN_SITE}/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/${MAIN_SITE}/privkey.pem; - include conf.d/include/ssl-ciphers.conf;" >> /etc/nginx/sites-available/${MAIN_SITE} + include conf.d/include/ssl-ciphers.conf;" >> ${nginxconfig} fi echo -e " index index.php; location / { - try_files \$uri \$uri/ /index.php?\$query_string;" >> /etc/nginx/sites-available/${MAIN_SITE} + try_files \$uri \$uri/ /index.php?\$query_string;" >> ${nginxconfig} if [ "${CREATE_SSL}" = "yes" ]; then - echo -e " include conf.d/include/force-ssl.conf;" >> /etc/nginx/sites-available/${MAIN_SITE} + echo -e " include conf.d/include/force-ssl.conf;" >> ${nginxconfig} fi echo -e " } @@ -368,11 +369,11 @@ NEWSITE(){ include conf.d/include/php_fastcgi.conf; } - include conf.d/include/general.conf;" >> /etc/nginx/sites-available/${MAIN_SITE} + include conf.d/include/general.conf;" >> ${nginxconfig} if [ "${CREATE_SSL}" = "yes" ]; then - echo -e " include conf.d/include/letsencrypt-acme-challenge.conf;" >> /etc/nginx/sites-available/${MAIN_SITE} + echo -e " include conf.d/include/letsencrypt-acme-challenge.conf;" >> ${nginxconfig} fi - echo -e "}" >> /etc/nginx/sites-available/${MAIN_SITE} + echo -e "}" >> ${nginxconfig} sudo -u www-data mkdir -p /var/www/${MAIN_SITE}/{public_html,nginx_logs} @@ -399,22 +400,22 @@ NEWSITE(){ ######################################### PROXY else - cp ${FOLDER}/templates/nginx.proxy.site /etc/nginx/sites-enabled/${MAIN_SITE}.conf - sed -i "s/<>/${NGINX_SERVERNAME}/g" /etc/nginx/sites-enabled/${MAIN_SITE}.conf - sed -i "s/<>/${MAIN_SITE}/g" /etc/nginx/sites-enabled/${MAIN_SITE}.conf - sed -i "s/<>/${PROXYHOST}/g" /etc/nginx/sites-enabled/${MAIN_SITE}.conf - sed -i "s/<>/${PROXYPORT}/g" /etc/nginx/sites-enabled/${MAIN_SITE}.conf - sed -i "s/<>/${PROXYSCHEME}/g" /etc/nginx/sites-enabled/${MAIN_SITE}.conf - sed -i "s/<>/${WEBSOCKET}/g" /etc/nginx/sites-enabled/${MAIN_SITE}.conf - sed -i "s/<>/${HSTS}/g" /etc/nginx/sites-enabled/${MAIN_SITE}.conf - sed -i "s/<>/${EXPLOITS}/g" /etc/nginx/sites-enabled/${MAIN_SITE}.conf - sed -i "s/<>/${SECURE}/g" /etc/nginx/sites-enabled/${MAIN_SITE}.conf + cp ${FOLDER}/templates/nginx.proxy.site ${nginxconfig} + sed -i "s/<>/${NGINX_SERVERNAME}/g" ${nginxconfig} + sed -i "s/<>/${MAIN_SITE}/g" ${nginxconfig} + sed -i "s/<>/${PROXYHOST}/g" ${nginxconfig} + sed -i "s/<>/${PROXYPORT}/g" ${nginxconfig} + sed -i "s/<>/${PROXYSCHEME}/g" ${nginxconfig} + sed -i "s/<>/${WEBSOCKET}/g" ${nginxconfig} + sed -i "s/<>/${HSTS}/g" ${nginxconfig} + sed -i "s/<>/${EXPLOITS}/g" ${nginxconfig} + sed -i "s/<>/${SECURE}/g" ${nginxconfig} fi if [ "${CREATE_SSL}" = "yes" ]; then - [ "${ssladd}" != "" ] && NEWCERT ${NEW_SITE},${ssladd} || NEWCERT ${NEW_SITE} + [ "${ssladd}" != "" ] && NEWCERT ${NEW_SITE},${ssladd} newsite || NEWCERT ${NEW_SITE} newsite # if [ "${SITE_TYPE}" == "proxy" ]; then - sed -i "s/#ssl_certificate/ssl_certificate/g" /etc/nginx/sites-enabled/${MAIN_SITE}.conf + sed -i "s/#ssl_certificate/ssl_certificate/g" ${nginxconfig} # fi fi @@ -426,9 +427,33 @@ NEWSITE(){ # daterun=`date +%Y-%m-%d-%H-%M-%S` # echo -e "${daterun}" >> /etc/nginx/new-site.lastrun DIVIDER true - echo "" + echo echo -e "${idsCL[LightGreen]}The new site for '${idsCL[LightGreen]}${NEW_SITE}${idsCL[Default]}' has been created.${idsCL[Default]}" - echo "" + echo + echo -e -n "${idsCL[LightCyan]}Reload NGINX on LB Nodes (Y/n): ${idsCL[Default]}" + read -n 1 NGINXRELOAD + if [[ ${NGINXRELOAD} =~ ^[Nn]$ ]]; then + tmp='' + else + echo + echo -en "${idsCL[LightYellow]}Verifying '${NEW_SITE}' replication across the nodes... ${idsCL[Default]}" + for nip in "${LB_HOSTS[@]}"; do + checkhost=$(CHECK_HOST ${nip}) + if [ "${checkhost}" != "false" ]; then + if [[ $(/sbin/ip -o -4 addr list eth0 | awk '{print $4}' | cut -d/ -f1) != *"${nip}"* ]]; then + checked=false + until [ "${checked}" = "" ]; do + checked=`ssh root@${nip} "[ ! -f ${nginxconfig} ] && echo '.'"` + done + fi + fi + done + rm -f /opt/lb-data/letsencrypt/live/${MAIN_CERT}/newcert + echo -e "${idsCL[Green]}Completed${idsCL[Default]}" + + echo + SERVICE nginx restart + fi else echo "Missing proxy arguments" Exit 1 @@ -459,16 +484,16 @@ NEWPROXYSITE_CREATE(){ # NGINX_SERVERNAME=${SITENAME} # fi - # cp ${FOLDER}/templates/nginx.proxy.site /etc/nginx/sites-enabled/${MAIN_SITE}.conf - # sed -i "s/<>/${NGINX_SERVERNAME}/g" /etc/nginx/sites-enabled/${MAIN_SITE}.conf - # sed -i "s/<>/${MAIN_SITE}/g" /etc/nginx/sites-enabled/${MAIN_SITE}.conf - # sed -i "s/<>/${PROXYHOST}/g" /etc/nginx/sites-enabled/${MAIN_SITE}.conf - # sed -i "s/<>/${PROXYPORT}/g" /etc/nginx/sites-enabled/${MAIN_SITE}.conf - # sed -i "s/<>/${PROXYSCHEME}/g" /etc/nginx/sites-enabled/${MAIN_SITE}.conf - # sed -i "s/<>/${WEBSOCKET}/g" /etc/nginx/sites-enabled/${MAIN_SITE}.conf - # sed -i "s/<>/${HSTS}/g" /etc/nginx/sites-enabled/${MAIN_SITE}.conf - # sed -i "s/<>/${EXPLOITS}/g" /etc/nginx/sites-enabled/${MAIN_SITE}.conf - # sed -i "s/<>/${SECURE}/g" /etc/nginx/sites-enabled/${MAIN_SITE}.conf + # cp ${FOLDER}/templates/nginx.proxy.site ${nginxconfig} + # sed -i "s/<>/${NGINX_SERVERNAME}/g" ${nginxconfig} + # sed -i "s/<>/${MAIN_SITE}/g" ${nginxconfig} + # sed -i "s/<>/${PROXYHOST}/g" ${nginxconfig} + # sed -i "s/<>/${PROXYPORT}/g" ${nginxconfig} + # sed -i "s/<>/${PROXYSCHEME}/g" ${nginxconfig} + # sed -i "s/<>/${WEBSOCKET}/g" ${nginxconfig} + # sed -i "s/<>/${HSTS}/g" ${nginxconfig} + # sed -i "s/<>/${EXPLOITS}/g" ${nginxconfig} + # sed -i "s/<>/${SECURE}/g" ${nginxconfig} } SITEINFO(){