voltron/NodeMgmt
1
1
Fork 0
Code Issues Pull Requests Releases 1 Activity

update

Browse Source
This commit is contained in:
David Schroeder
2023-06-17 13:10:19 -05:00
parent 7979e28485
commit fc087d56c3
3 changed files with 85 additions and 57 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
defaults.inc
View File

@@ -1,6 +1,6 @@
#!/usr/bin/env bash #!/usr/bin/env bash
VERS='4.7.108-05282023' VERS='4.7.110-06172023'
# NODETYPES=WEB # NODETYPES=WEB
NODETYPES=LB,LPD,MM,MYSQL,NC,PW,WPD,WM,WEB NODETYPES=LB,LPD,MM,MYSQL,NC,PW,WPD,WM,WEB

45
inc/certs.inc
View File

@@ -44,30 +44,33 @@ NEWCERT(){
echo -e "${NEW_CERT}\n${daterun}" > ${FOLDER}/cert-request.lastrun echo -e "${NEW_CERT}\n${daterun}" > ${FOLDER}/cert-request.lastrun
yes | cp -rfH ${FOLDER}/cert-request.lastrun /opt/lb-data/letsencrypt/cert-request.lastrun yes | cp -rfH ${FOLDER}/cert-request.lastrun /opt/lb-data/letsencrypt/cert-request.lastrun
DIVIDER true DIVIDER true
echo -e -n "${idsCL[LightCyan]}Reload NGINX on LB Nodes (Y/n): ${idsCL[Default]}" if [ "${2}" != "newsite" ]; then
read -n 1 NGINXRELOAD echo -e -n "${idsCL[LightCyan]}Reload NGINX on LB Nodes (Y/n): ${idsCL[Default]}"
if [[ ${NGINXRELOAD} =~ ^[Nn]$ ]]; then read -n 1 NGINXRELOAD
tmp='' if [[ ${NGINXRELOAD} =~ ^[Nn]$ ]]; then
else tmp=''
echo else
echo -en "${idsCL[LightYellow]}Waiting for Cert replication across the nodes... ${idsCL[Default]}" echo
for nip in "${LB_HOSTS[@]}"; do echo -en "${idsCL[LightYellow]}Waiting for Cert replication across the nodes... ${idsCL[Default]}"
checkhost=$(CHECK_HOST ${nip}) for nip in "${LB_HOSTS[@]}"; do
if [ "${checkhost}" != "false" ]; then checkhost=$(CHECK_HOST ${nip})
if [[ $(/sbin/ip -o -4 addr list eth0 | awk '{print $4}' | cut -d/ -f1) != *"${nip}"* ]]; then if [ "${checkhost}" != "false" ]; then
checked=false if [[ $(/sbin/ip -o -4 addr list eth0 | awk '{print $4}' | cut -d/ -f1) != *"${nip}"* ]]; then
until [ "${checked}" = "" ]; do checked=false
checked=`ssh root@${nip} "[ ! -f /opt/lb-data/letsencrypt/live/${MAIN_CERT}/newcert ] && echo '.'"` until [ "${checked}" = "" ]; do
done checked=`ssh root@${nip} "[ ! -f /opt/lb-data/letsencrypt/live/${MAIN_CERT}/newcert ] && echo '.'"`
done
fi
fi fi
fi done
done rm -f /opt/lb-data/letsencrypt/live/${MAIN_CERT}/newcert
rm -f /opt/lb-data/letsencrypt/live/${MAIN_CERT}/newcert echo -e "${idsCL[Green]}Completed${idsCL[Default]}"
echo -e "${idsCL[Green]}Completed${idsCL[Default]}"
echo echo
SERVICE nginx restart SERVICE nginx restart
fi
fi fi
fi fi
echo echo
echo -e "${idsCL[Green]}Certificate has been successfully created for '${idsCL[Yellow]}${NEW_CERT}${idsCL[Green]}'...${idsCL[Default]}" echo -e "${idsCL[Green]}Certificate has been successfully created for '${idsCL[Yellow]}${NEW_CERT}${idsCL[Green]}'...${idsCL[Default]}"

95
inc/sites.inc
View File

@@ -305,8 +305,9 @@ NEWSITE(){
echo -e -n "${idsCL[LightRed]}Is this information correct? [Y/n]${idsCL[Default]} " echo -e -n "${idsCL[LightRed]}Is this information correct? [Y/n]${idsCL[Default]} "
read -n 1 response read -n 1 response
echo echo
if [[ $response =~ ^[Yy]$ ]] || [ "${response}" = "" ]; then if [[ $response =~ ^[Yy]$ ]] || [ "${response}" = "" ]; then
nginxconfig=/etc/nginx/sites-enabled/${MAIN_SITE}
if [[ ${NEW_SITE} == *","* ]]; then if [[ ${NEW_SITE} == *","* ]]; then
IFS=','; NEW_SITES=(${NEW_SITE}); unset IFS IFS=','; NEW_SITES=(${NEW_SITE}); unset IFS
@@ -334,9 +335,9 @@ NEWSITE(){
######################################### LOCAL ######################################### LOCAL
if [ "${SITE_TYPE}" = "local" ]; then if [ "${SITE_TYPE}" = "local" ]; then
echo -e "server { echo -e "server {
listen 80;" > /etc/nginx/sites-available/${MAIN_SITE} listen 80;" > ${nginxconfig}
if [ "${CREATE_SSL}" = "yes" ]; then if [ "${CREATE_SSL}" = "yes" ]; then
echo -e " listen 443 ssl http2;" >> /etc/nginx/sites-available/${MAIN_SITE} echo -e " listen 443 ssl http2;" >> ${nginxconfig}
fi fi
echo -e " echo -e "
server_name ${NGINX_SERVERNAME}; server_name ${NGINX_SERVERNAME};
@@ -345,21 +346,21 @@ NEWSITE(){
root \$base/public_html; root \$base/public_html;
access_log /var/log/nginx/${MAIN_SITE}-access.log; access_log /var/log/nginx/${MAIN_SITE}-access.log;
error_log /var/log/nginx/${MAIN_SITE}-error.log warn;" >> /etc/nginx/sites-available/${MAIN_SITE} error_log /var/log/nginx/${MAIN_SITE}-error.log warn;" >> ${nginxconfig}
if [ "${CREATE_SSL}" = "yes" ]; then if [ "${CREATE_SSL}" = "yes" ]; then
echo -e " echo -e "
ssl_certificate_key /etc/letsencrypt/live/${MAIN_SITE}/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/${MAIN_SITE}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/${MAIN_SITE}/privkey.pem; ssl_certificate_key /etc/letsencrypt/live/${MAIN_SITE}/privkey.pem;
include conf.d/include/ssl-ciphers.conf;" >> /etc/nginx/sites-available/${MAIN_SITE} include conf.d/include/ssl-ciphers.conf;" >> ${nginxconfig}
fi fi
echo -e " echo -e "
index index.php; index index.php;
location / { location / {
try_files \$uri \$uri/ /index.php?\$query_string;" >> /etc/nginx/sites-available/${MAIN_SITE} try_files \$uri \$uri/ /index.php?\$query_string;" >> ${nginxconfig}
if [ "${CREATE_SSL}" = "yes" ]; then if [ "${CREATE_SSL}" = "yes" ]; then
echo -e " include conf.d/include/force-ssl.conf;" >> /etc/nginx/sites-available/${MAIN_SITE} echo -e " include conf.d/include/force-ssl.conf;" >> ${nginxconfig}
fi fi
echo -e " } echo -e " }
@@ -368,11 +369,11 @@ NEWSITE(){
include conf.d/include/php_fastcgi.conf; include conf.d/include/php_fastcgi.conf;
} }
include conf.d/include/general.conf;" >> /etc/nginx/sites-available/${MAIN_SITE} include conf.d/include/general.conf;" >> ${nginxconfig}
if [ "${CREATE_SSL}" = "yes" ]; then if [ "${CREATE_SSL}" = "yes" ]; then
echo -e " include conf.d/include/letsencrypt-acme-challenge.conf;" >> /etc/nginx/sites-available/${MAIN_SITE} echo -e " include conf.d/include/letsencrypt-acme-challenge.conf;" >> ${nginxconfig}
fi fi
echo -e "}" >> /etc/nginx/sites-available/${MAIN_SITE} echo -e "}" >> ${nginxconfig}
sudo -u www-data mkdir -p /var/www/${MAIN_SITE}/{public_html,nginx_logs} sudo -u www-data mkdir -p /var/www/${MAIN_SITE}/{public_html,nginx_logs}
@@ -399,22 +400,22 @@ NEWSITE(){
######################################### PROXY ######################################### PROXY
else else
cp ${FOLDER}/templates/nginx.proxy.site /etc/nginx/sites-enabled/${MAIN_SITE}.conf cp ${FOLDER}/templates/nginx.proxy.site ${nginxconfig}
sed -i "s/<<SERVER_NAME>>/${NGINX_SERVERNAME}/g" /etc/nginx/sites-enabled/${MAIN_SITE}.conf sed -i "s/<<SERVER_NAME>>/${NGINX_SERVERNAME}/g" ${nginxconfig}
sed -i "s/<<MAIN_SITE>>/${MAIN_SITE}/g" /etc/nginx/sites-enabled/${MAIN_SITE}.conf sed -i "s/<<MAIN_SITE>>/${MAIN_SITE}/g" ${nginxconfig}
sed -i "s/<<PROXY_IP>>/${PROXYHOST}/g" /etc/nginx/sites-enabled/${MAIN_SITE}.conf sed -i "s/<<PROXY_IP>>/${PROXYHOST}/g" ${nginxconfig}
sed -i "s/<<PROXY_PORT>>/${PROXYPORT}/g" /etc/nginx/sites-enabled/${MAIN_SITE}.conf sed -i "s/<<PROXY_PORT>>/${PROXYPORT}/g" ${nginxconfig}
sed -i "s/<<PROXY_SCHEME>>/${PROXYSCHEME}/g" /etc/nginx/sites-enabled/${MAIN_SITE}.conf sed -i "s/<<PROXY_SCHEME>>/${PROXYSCHEME}/g" ${nginxconfig}
sed -i "s/<<WEBSOCKET>>/${WEBSOCKET}/g" /etc/nginx/sites-enabled/${MAIN_SITE}.conf sed -i "s/<<WEBSOCKET>>/${WEBSOCKET}/g" ${nginxconfig}
sed -i "s/<<HSTS>>/${HSTS}/g" /etc/nginx/sites-enabled/${MAIN_SITE}.conf sed -i "s/<<HSTS>>/${HSTS}/g" ${nginxconfig}
sed -i "s/<<EXPLOITS>>/${EXPLOITS}/g" /etc/nginx/sites-enabled/${MAIN_SITE}.conf sed -i "s/<<EXPLOITS>>/${EXPLOITS}/g" ${nginxconfig}
sed -i "s/<<SECURE>>/${SECURE}/g" /etc/nginx/sites-enabled/${MAIN_SITE}.conf sed -i "s/<<SECURE>>/${SECURE}/g" ${nginxconfig}
fi fi
if [ "${CREATE_SSL}" = "yes" ]; then if [ "${CREATE_SSL}" = "yes" ]; then
[ "${ssladd}" != "" ] && NEWCERT ${NEW_SITE},${ssladd} || NEWCERT ${NEW_SITE} [ "${ssladd}" != "" ] && NEWCERT ${NEW_SITE},${ssladd} newsite || NEWCERT ${NEW_SITE} newsite
# if [ "${SITE_TYPE}" == "proxy" ]; then # if [ "${SITE_TYPE}" == "proxy" ]; then
sed -i "s/#ssl_certificate/ssl_certificate/g" /etc/nginx/sites-enabled/${MAIN_SITE}.conf sed -i "s/#ssl_certificate/ssl_certificate/g" ${nginxconfig}
# fi # fi
fi fi
@@ -426,9 +427,33 @@ NEWSITE(){
# daterun=`date +%Y-%m-%d-%H-%M-%S` # daterun=`date +%Y-%m-%d-%H-%M-%S`
# echo -e "${daterun}" >> /etc/nginx/new-site.lastrun # echo -e "${daterun}" >> /etc/nginx/new-site.lastrun
DIVIDER true DIVIDER true
echo "" echo
echo -e "${idsCL[LightGreen]}The new site for '${idsCL[LightGreen]}${NEW_SITE}${idsCL[Default]}' has been created.${idsCL[Default]}" echo -e "${idsCL[LightGreen]}The new site for '${idsCL[LightGreen]}${NEW_SITE}${idsCL[Default]}' has been created.${idsCL[Default]}"
echo "" echo
echo -e -n "${idsCL[LightCyan]}Reload NGINX on LB Nodes (Y/n): ${idsCL[Default]}"
read -n 1 NGINXRELOAD
if [[ ${NGINXRELOAD} =~ ^[Nn]$ ]]; then
tmp=''
else
echo
echo -en "${idsCL[LightYellow]}Verifying '${NEW_SITE}' replication across the nodes... ${idsCL[Default]}"
for nip in "${LB_HOSTS[@]}"; do
checkhost=$(CHECK_HOST ${nip})
if [ "${checkhost}" != "false" ]; then
if [[ $(/sbin/ip -o -4 addr list eth0 | awk '{print $4}' | cut -d/ -f1) != *"${nip}"* ]]; then
checked=false
until [ "${checked}" = "" ]; do
checked=`ssh root@${nip} "[ ! -f ${nginxconfig} ] && echo '.'"`
done
fi
fi
done
rm -f /opt/lb-data/letsencrypt/live/${MAIN_CERT}/newcert
echo -e "${idsCL[Green]}Completed${idsCL[Default]}"
echo
SERVICE nginx restart
fi
else else
echo "Missing proxy arguments" echo "Missing proxy arguments"
Exit 1 Exit 1
@@ -459,16 +484,16 @@ NEWPROXYSITE_CREATE(){
# NGINX_SERVERNAME=${SITENAME} # NGINX_SERVERNAME=${SITENAME}
# fi # fi
# cp ${FOLDER}/templates/nginx.proxy.site /etc/nginx/sites-enabled/${MAIN_SITE}.conf # cp ${FOLDER}/templates/nginx.proxy.site ${nginxconfig}
# sed -i "s/<<SERVER_NAME>>/${NGINX_SERVERNAME}/g" /etc/nginx/sites-enabled/${MAIN_SITE}.conf # sed -i "s/<<SERVER_NAME>>/${NGINX_SERVERNAME}/g" ${nginxconfig}
# sed -i "s/<<MAIN_SITE>>/${MAIN_SITE}/g" /etc/nginx/sites-enabled/${MAIN_SITE}.conf # sed -i "s/<<MAIN_SITE>>/${MAIN_SITE}/g" ${nginxconfig}
# sed -i "s/<<PROXY_IP>>/${PROXYHOST}/g" /etc/nginx/sites-enabled/${MAIN_SITE}.conf # sed -i "s/<<PROXY_IP>>/${PROXYHOST}/g" ${nginxconfig}
# sed -i "s/<<PROXY_PORT>>/${PROXYPORT}/g" /etc/nginx/sites-enabled/${MAIN_SITE}.conf # sed -i "s/<<PROXY_PORT>>/${PROXYPORT}/g" ${nginxconfig}
# sed -i "s/<<PROXY_SCHEME>>/${PROXYSCHEME}/g" /etc/nginx/sites-enabled/${MAIN_SITE}.conf # sed -i "s/<<PROXY_SCHEME>>/${PROXYSCHEME}/g" ${nginxconfig}
# sed -i "s/<<WEBSOCKET>>/${WEBSOCKET}/g" /etc/nginx/sites-enabled/${MAIN_SITE}.conf # sed -i "s/<<WEBSOCKET>>/${WEBSOCKET}/g" ${nginxconfig}
# sed -i "s/<<HSTS>>/${HSTS}/g" /etc/nginx/sites-enabled/${MAIN_SITE}.conf # sed -i "s/<<HSTS>>/${HSTS}/g" ${nginxconfig}
# sed -i "s/<<EXPLOITS>>/${EXPLOITS}/g" /etc/nginx/sites-enabled/${MAIN_SITE}.conf # sed -i "s/<<EXPLOITS>>/${EXPLOITS}/g" ${nginxconfig}
# sed -i "s/<<SECURE>>/${SECURE}/g" /etc/nginx/sites-enabled/${MAIN_SITE}.conf # sed -i "s/<<SECURE>>/${SECURE}/g" ${nginxconfig}
} }
SITEINFO(){ SITEINFO(){