#!/usr/bin/env bash DELSITE(){ while [ $# -gt 0 ]; do case "$1" in -site) DEL_SITE=${2};; -ssl) DEL_SSL=${2};; -*) [ "${1}" != "-h" ] && echo "Invalid option: '${1}' requires an argument" 1>&2 echo -e "Usage: ${idsCL[Yellow]}[nodemgmt or nmg] delsite${idsCL[Default]} {" width=35 printf "%-${width}s- %s\n" " -site {FQDN address}" "(*required)" printf "%-${width}s- %s\n" " -ssl {yes or [no]}" "Delete SSL certs as well" printf "%-${width}s- %s\n" " -list" "List sites (same as running nodemgmt delsites)" echo -e "}\n" exit 0 ;; esac shift done if [ -z ${DEL_SITE+x} ]; then until [ "${DEL_SITE}" != "" ]; do echo -en "${idsCL[LightCyan]}Delete what site address: ${idsCL[Default]}" read DEL_SITE echo done fi if [[ $DEL_SSL =~ ^[Nn]$ ]]; then DEL_SSL=no elif [[ $DEL_SSL =~ ^[Yy]$ ]]; then DEL_SSL=yes elif [ -z ${DEL_SSL+x} ]; then echo -en "${idsCL[LightRed]}Do you also want to delete the certs for '${DEL_SITE}' as well? [y/N]${idsCL[Default]} " read DEL_SSL if [[ $DEL_SSL =~ ^[Nn]$ ]]; then DEL_SSL=no elif [[ $DEL_SSL =~ ^[Yy]$ ]]; then DEL_SSL=yes fi fi if [ ! -z ${DEL_SITE+x} ] && [ "${DEL_SITE}" != "" ]; then echo -e "${idsCL[LightRed]}Deleting site '${idsCL[Red]}${DEL_SITE^^}${idsCL[LightRed]}'...${idsCL[Default]}" echo echo -e "${idsCL[LightRed]}[[Removing Files and Folders]]${idsCL[Default]}" echo -e "${idsCL[LightRed]}-------------------------------------------${idsCL[Default]}" echo echo -en "${idsCL[LightCyan]}Removing NGINX files ... ${idsCL[Default]}" rm -f ${NM_NGINXPATH}/sites-available/${DEL_SITE}* >/dev/null 2>&1 rm -f ${NM_NGINXPATH}/sites-enabled/${DEL_SITE}* >/dev/null 2>&1 echo -e "${idsCL[Green]}Done${idsCL[Default]}" echo if [ "${DEL_SSL}" == "yes" ]; then DEL-SSL ${DEL_SITE} echo fi [ "${NM_AUTHELIA_IP}" != "" ] && ${SSHCMD} root@${NM_AUTHELIA_IP} sed -i "/${DEL_SITE}/d" ${NM_DOCKER_COMPOSE_LOC['authelia']}/config/configuration.yml # if [[ "${RUN_NODE_IP}" != "10.6.1"* ]]; then SERVICE_MGMT nginx restart # else # /bin/systemctl restart nginx # fi echo -e "${idsCL[LightRed]}Site has been deleted.${idsCL[Default]}\n" else echo "Missing arguments" echo echo -e "Usage: ${idsCL[Yellow]}[nodemgmt or nmg] delsite${idsCL[Default]} {" width=35 printf "%-${width}s- %s\n" " -site {FQDN address}" "Site to delete" printf "%-${width}s- %s\n" " -ssl {yes or [no]}" "Delete SSL certs as well" printf "%-${width}s- %s\n" " -list" "List sites (same as running nodemgmt delsites)" echo "}" exit 1 fi } NEWSITE(){ CERTTEST=0 echo while [ $# -gt 0 ]; do case "$1" in -t|-test) CERTTEST=1;; -site) NEW_SITE=${2};; -type) SITE_TYPE=${2};; -ssl) CREATE_SSL=${2};; -proxy_scheme) PROXYSCHEME=${2};; -proxy_host) PROXYHOST=${2};; -proxy_port) PROXYPORT=${2};; -websocket) WEBSOCKET=${2};; -hsts) HSTS=${2};; -exploits) EXPLOITS=${2};; -secure) SECURE=${2};; -h | -help | --help) echo -e "Usage: ${idsCL[LightYellow]}[nodemgmt or nmg] newsite ${idsCL[Yellow]}{flags}${idsCL[Default]} {" width=35 printf "%-${width}s- %s\n" " -site {FQDN address(,es)}" "(new site and aliases, comma separated)" printf "%-${width}s- %s\n" " -ssl {yes or no}" "(create and enable ssl)" printf "%-${width}s- %s\n" " -type {'local' or 'proxy'}" "(defaults to proxy)" printf "%-${width}s- %s\n" " -proxy_port {host port}" "(proxy backend host)" printf "%-${width}s- %s\n" " -proxy_host {IP or FQDN}" "(proxy backend port)" printf "%-${width}s- %s\n" " -proxy_scheme {http or https}" "(proxy backend scheme)" printf "%-${width}s- %s\n" " -websocket {yes or no}" "(websocket support)" printf "%-${width}s- %s\n" " -hsts {yes or no}" "(hsts support)" printf "%-${width}s- %s\n" " -exploits {yes or no}" "(block exploits)" printf "%-${width}s- %s\n" " -secure {1FA, 2FA or no}" "(SSO secure access)" printf "%-${width}s- %s\n" " -t|-test" "(enables dry-run mode for CertBot)" echo "}" echo exit 0;; esac shift done if [ ${CERTTEST} -eq 1 ]; then echo -e "${idsCL[LightYellow]}${idsST[Bold]}### REQUESTING CERT IN TEST MODE ###${idsST[Reset]}${idsCL[Default]}" echo fi if [ -z ${NEW_SITE+x} ]; then until [ "${NEW_SITE}" != "" ]; do echo -en "${idsCL[LightCyan]}New site domain name (comma seperated for multiple): ${idsCL[Default]}" read NEW_SITE echo done showdivide=yes fi if [[ ${NEW_SITE} == *","* ]]; then IFS=','; NEW_SITES=(${NEW_SITE}); unset IFS MAIN_SITE=${NEW_SITES[0]} NGINX_SERVERNAME=${NEW_SITE//[,]/ } else MAIN_SITE=${NEW_SITE} NGINX_SERVERNAME=${NEW_SITE} fi nginxconfig=${NM_NGINXPATH}/sites-available/${MAIN_SITE}.conf if [ -f ${nginxconfig} ]; then echo -en "${idsCL[LightRed]}This site already exists, overwrite it? (y/N): ${idsCL[Default]}" read overwrite echo if [[ ${overwrite} =~ ^[Nn]$ ]] || [ "${overwrite}" = "" ]; then exit 0 elif [[ ${overwrite} =~ ^[Yy]$ ]]; then rm -f ${nginxconfig} >/dev/null 2>&1 [ "${NM_AUTHELIA_IP}" != "" ] && ${SSHCMD} root@${NM_AUTHELIA_IP} sed -i "/${MAIN_SITE}/d" ${NM_DOCKER_COMPOSE_LOC['authelia']}/config/configuration.yml else exit 0 fi fi # if [ -z ${CREATE_SSL+x} ]; then # echo -en "${idsCL[LightCyan]}Create SSL for site? [Y/n] ${idsCL[Default]}" # read CREATE_SSL # showdivide=yes # if [[ $CREATE_SSL =~ ^[Yy]$ ]] || [ "${CREATE_SSL}" = "" ]; then # CREATE_SSL=yes # else # CREATE_SSL=no # fi # echo # fi if [ -z ${SITE_TYPE+x} ]; then until [ "${SITE_TYPE}" == "proxy" ]; do echo -en "${idsCL[LightCyan]}Site type (local/{proxy}): ${idsCL[Default]}" read SITE_TYPE if [ "${SITE_TYPE}" == "" ]; then SITE_TYPE=proxy else SITE_TYPE=${SITE_TYPE,,} fi echo done showdivide=yes fi if [ "${SITE_TYPE}" = "proxy" ]; then if [ -z ${PROXYHOST+x} ]; then until [ "${PROXYHOST}" != "" ]; do echo -en "${idsCL[LightCyan]}What is the proxy backend address (IP or FQDN): ${idsCL[Default]}" read PROXYHOST echo done showdivide=yes fi if [ -z ${PROXYPORT+x} ]; then until [ "${PROXYPORT}" != "" ]; do echo -en "${idsCL[LightCyan]}What is the proxy backend port (tcp port): ${idsCL[Default]}" read PROXYPORT echo done showdivide=yes fi if [ -z ${PROXYSCHEME+x} ]; then until [ "${PROXYSCHEME}" == "http" ] || [ "${PROXYSCHEME}" == "https" ]; do echo -en "${idsCL[LightCyan]}What is the proxy backend scheme (http/https): ${idsCL[Default]}" read PROXYSCHEME [ "${PROXYSCHEME}" != "" ] && PROXYSCHEME=${PROXYSCHEME,,} echo done showdivide=yes fi # if [ -z ${WEBSOCKET+x} ]; then # echo -en "${idsCL[LightCyan]}Enable Websocket Support (y/N): ${idsCL[Default]}" # read WEBSOCKET # showdivide=yes # if [[ ${WEBSOCKET} =~ ^[Nn]$ ]] || [ "${WEBSOCKET}" = "" ]; then # WEBSOCKET=no # elif [[ ${WEBSOCKET} =~ ^[Yy]$ ]]; then # WEBSOCKET=yes # else # WEBSOCKET=no # fi # echo # fi # if [ -z ${HSTS+x} ]; then # echo -en "${idsCL[LightCyan]}Enable HSTS Support (Y/n): ${idsCL[Default]}" # read HSTS # showdivide=yes # ([[ ${HSTS} =~ ^[Yy]$ ]] || [ "${HSTS}" = "" ]) && HSTS=yes || HSTS=no # echo # fi # if [ -z ${EXPLOITS+x} ]; then # echo -en "${idsCL[LightCyan]}Block exploits (y/N): ${idsCL[Default]}" # read EXPLOITS # showdivide=yes # if [[ ${EXPLOITS} =~ ^[Nn]$ ]] || [ "${EXPLOITS}" = "" ]; then # EXPLOITS=no # elif [[ ${EXPLOITS} =~ ^[Yy]$ ]]; then # EXPLOITS=yes # else # EXPLOITS=no # fi # echo # fi # if [ -z ${SECURE+x} ]; then # echo -en "${idsCL[LightCyan]}Secure site with Authelia SSO (y/N): ${idsCL[Default]}" # read SECURE # showdivide=yes # if [[ ${SECURE} =~ ^[Nn]$ ]] || [ "${SECURE}" = "" ]; then # SECURE=no # elif [[ ${SECURE} =~ ^[Yy]$ ]]; then # echo -en "${idsCL[LightCyan]}Would you like to add a side of MFA with that SSO (Y/n): ${idsCL[Default]}" # read MFA # showdivide=yes # ([[ ${MFA} =~ ^[Yy]$ ]] || [ "${MFA}" = "" ]) && SECURE="2FA" || SECURE="1FA" # else # SECURE=no # fi # echo # fi fi [ "${showdivide}" == "yes" ] && DIVIDER echo NEWSITE=true EDITSITE # width=18 # printf "%-${width}s: %s\n" "New site" "${NEW_SITE}" # printf "%-${width}s: %s\n" "Create SSL" "${CREATE_SSL}" # printf "%-${width}s: %s\n" "Site type" "${SITE_TYPE}" # if [ "${SITE_TYPE}" = "proxy" ]; then # printf "%-${width}s: %s\n" "Proxy host" "${PROXYHOST}" # printf "%-${width}s: %s\n" "Proxy port" "${PROXYPORT}" # printf "%-${width}s: %s\n" "Proxy scheme" "${PROXYSCHEME}" # printf "%-${width}s: %s\n" "Websocket Support" "${WEBSOCKET}" # printf "%-${width}s: %s\n" "HSTS Support" "${HSTS}" # printf "%-${width}s: %s\n" "Block Exploits" "${EXPLOITS}" # printf "%-${width}s: %s\n" "Secure Access" "${SECURE}" # fi # echo # echo -en "${idsCL[LightGreen]}Is this information correct? [Y/n]${idsCL[Default]} " # read -n 1 response # echo if [[ $response =~ ^[Yy]$ ]] || [ "${response}" = "" ]; then if [ "${SITE_TYPE}" = "proxy" ]; then if [ ! -z ${PROXYSCHEME+x} ] && [ ! -z ${PROXYHOST+x} ] && [ ! -z ${PROXYPORT+x} ]; then GO=true; fi else GO=true fi if [ "${GO}" = "true" ]; then echo -e "${idsCL[LightGreen]}Setting up new site for '${idsCL[Yellow]}${MAIN_SITE}${idsCL[LightGreen]}' {${NGINX_SERVERNAME}}...${idsCL[Default]}" echo if [[ "${SECURE}" = *"FA"* ]] && [ "${NM_DOCKER_COMPOSE_LOC['authelia']}" != "" ]; then echo -e "${idsCL[LightGreen]}Configuring Authelia SSO for '${idsCL[Yellow]}${MAIN_SITE}${idsCL[LightGreen]}' {${NGINX_SERVERNAME}}...${idsCL[Default]}" if [ "${SECURE}" == "2FA" ]; then ${SSHCMD} root@${NM_AUTHELIA_IP} "sed -ie \"/domain: # Proxies needing 2 factor below/a ~~~ - \\\"${MAIN_SITE}\\\"\" ${NM_DOCKER_COMPOSE_LOC['authelia']}/config/configuration.yml" else ${SSHCMD} root@${NM_AUTHELIA_IP} "sed -ie \"/domain: # Proxies only requiring username and password/a ~~~ - \\\"${MAIN_SITE}\\\"\" ${NM_DOCKER_COMPOSE_LOC['authelia']}/config/configuration.yml" fi ${SSHCMD} root@${NM_AUTHELIA_IP} "sed -i \"s/~~~/ /g\" ${NM_DOCKER_COMPOSE_LOC['authelia']}/config/configuration.yml" ${SSHCMD} root@${NM_AUTHELIA_IP} "/usr/bin/docker restart authelia >/dev/null 2>&1" fi ######################################### LOCAL if [ "${SITE_TYPE}" = "local" ]; then echo -e "server { listen 80;" > ${nginxconfig} if [ "${CREATE_SSL}" = "yes" ]; then echo -e " listen 443 ssl http2;" >> ${nginxconfig} fi echo -e " server_name ${NGINX_SERVERNAME}; set \$base ${NM_WWWPATH}/${MAIN_SITE}; root \$base/public_html; access_log /var/log/nginx/${MAIN_SITE}-access.log; error_log /var/log/nginx/${MAIN_SITE}-error.log warn;" >> ${nginxconfig} if [ "${CREATE_SSL}" = "yes" ]; then echo -e " ssl_certificate_key ${NM_CERTPATH}/live/${MAIN_SITE}/fullchain.pem; ssl_certificate_key ${NM_CERTPATH}/live/${MAIN_SITE}/privkey.pem; include conf.d/include/ssl-ciphers.conf;" >> ${nginxconfig} fi echo -e " index index.php; location / { try_files \$uri \$uri/ /index.php?\$query_string;" >> ${nginxconfig} if [ "${CREATE_SSL}" = "yes" ]; then echo -e " include conf.d/include/force-ssl.conf;" >> ${nginxconfig} fi echo -e " } location ~ \.php\$ { fastcgi_pass unix:/var/run/php/php7.2-fpm.sock; include conf.d/include/php_fastcgi.conf; } include conf.d/include/general.conf;" >> ${nginxconfig} if [ "${CREATE_SSL}" = "yes" ]; then echo -e " include conf.d/include/letsencrypt-acme-challenge.conf;" >> ${nginxconfig} fi echo -e "}" >> ${nginxconfig} sudo -u www-data mkdir -p ${NM_WWWPATH}/${MAIN_SITE}/{public_html,nginx_logs} ######################################### PROXY else NEWPROXYSITE_CREATE ${MAIN_SITE} ${NGINX_SERVERNAME} ${PROXYHOST} ${PROXYPORT} ${PROXYSCHEME} ${WEBSOCKET} ${HSTS} ${EXPLOITS} ${SECURE} ${CREATE_SSL} ${CERTTEST} NEWSITE fi daterun=`date +%Y-%m-%d-%H-%M-%S` echo -e "${NEW_SITE}\n${daterun}" >| ${NM_LOGFOLDER}/new-site.lastrun DIVIDER true echo echo -e "${idsCL[LightGreen]}The new site for '${idsCL[LightGreen]}${NEW_SITE}${idsCL[Default]}' has been created.${idsCL[Default]}" echo if [ ! -f ${NM_NGINXPATH}/sites-available/default* ]; then echo -en "${idsCL[LightCyan]}Restart NGINX on all Nodes (Y/n): ${idsCL[Default]}" read -n 1 NGINXRELOAD if [[ ${NGINXRELOAD} =~ ^[Nn]$ ]]; then echo else # if [[ "${RUN_NODE_IP}" != "10.6.1"* ]]; then SERVICE_MGMT nginx restart # else # /bin/systemctl restart nginx # fi fi else # if [[ "${RUN_NODE_IP}" != "10.6.1"* ]]; then SERVICE_MGMT nginx restart # else # /bin/systemctl restart nginx # fi fi else echo "Missing proxy arguments" exit 1 fi else ${NM_SCRIPT} newsite exit 0 fi echo } NEWPROXYSITE_CREATE(){ SITENAME=${1} SERVERNAMES=${2} PROXYHOST=${3} PROXYPORT=${4} PROXYSCHEME=${5} WEBSOCKET=${6} HSTS=${7} EXPLOITS=${8} SECURE=${9} SSL=${10} CERTTEST=${11} [ "${12}" == "NEWSITE" ] && NEWSITE=1 || NEWSITE=0 [ "${CERTTEST}" == "1" ] && CERTTEST='-test ' || CERTTEST='' if [[ ${SERVERNAMES} == *","* ]]; then NGINX_SERVERNAME=${SERVERNAMES} IFS=','; SERVERNAMES=(${SERVERNAMES}); unset IFS MAIN_SITE=${SERVERNAMES[0]} else MAIN_SITE=${SERVERNAMES} NGINX_SERVERNAME=${SERVERNAMES} fi nginxconfig=${NM_NGINXPATH}/sites-available/${SITENAME,,}.conf if [ "${MAIN_SITE}" != "${SITENAME}" ] && [ -f ${nginxconfig} ]; then echo -e "\n${idsCL[LightRed]}New site name already exists!${idsCL[Default]}\n" exit 1 else [ "${MAIN_SITE}" != "${SITENAME}" ] && [ -f ${NM_NGINXPATH}/sites-available/${SITENAME}.conf ] && mv ${NM_NGINXPATH}/sites-available/${SITENAME}.conf ${nginxconfig} if [ ! -f ${nginxconfig} ]; then echo -en "${idsCL[LightCyan]}Configuring initial NGINX Site config ... " cp ${NM_FOLDER}/templates/nginx.proxy.site ${nginxconfig} sed -i "s/<>/${NGINX_SERVERNAME//,/ }/g" ${nginxconfig} sed -i "s/<>/${MAIN_SITE}/g" ${nginxconfig} sed -i "s/<>/${PROXYHOST}/g" ${nginxconfig} sed -i "s/<>/${PROXYPORT}/g" ${nginxconfig} sed -i "s/<>/${PROXYSCHEME}/g" ${nginxconfig} sed -i "s%<>%${NM_CERTPATH}%g" ${nginxconfig} echo -e "${idsCL[LightGreen]}Done${idsCL[Default]}" else oldservernames=$(grep 'server_name' ${nginxconfig});oldservernames=${oldservernames//;/};oldservernames=${oldservernames#* };oldservernames=${oldservernames// /,} if [ "${MAIN_SITE}" != "${SITENAME}" ]; then echo -e "${idsCL[LightCyan]}Detected MAIN_SITE name change, making necesary adjustments ... " echo -en "\n${idsCL[LightCyan]}Removing old SSL Cert ... " DEL-SSL ${SITENAME} >/dev/null 2>&1 echo -e "${idsCL[LightGreen]}Done${idsCL[Default]}\n" echo -en "\n${idsCL[LightCyan]}Requesting new SSL Cert ... " NEWCERT ${CERTTEST}-expand -nnr -newsite ${NGINX_SERVERNAME} ###>/dev/null 2>&1 echo -e "${idsCL[LightGreen]}Done${idsCL[Default]}\n" # sed -i "s/live\/${SITENAME}\//live\/${MAIN_SITE}\//g" ${nginxconfig} sed -i "s/\/${SITENAME}/\/${MAIN_SITE}/g" ${nginxconfig} elif [ "${oldservernames}" != "${NGINX_SERVERNAME}" ]; then echo -en "\n${idsCL[LightCyan]}Updating SSL Cert for hostname changes ... " NEWCERT ${CERTTEST}-expand -nnr -newsite ${NGINX_SERVERNAME} ###>/dev/null 2>&1 echo -e "${idsCL[LightGreen]}Done${idsCL[Default]}\n" fi echo -en "\n${idsCL[LightCyan]}Configuring NGINX proxy for site ... " sed -i "/set \$forward_scheme/d" ${nginxconfig}; sed -i "/server {/a\\\tset \$forward_scheme ${PROXYSCHEME};" ${nginxconfig} sed -i "/set \$server/d" ${nginxconfig}; sed -i "/set \$forward_scheme/a\\\tset \$server \"${PROXYHOST}\";" ${nginxconfig} sed -i "/set \$port/d" ${nginxconfig}; sed -i "/set \$server/a\\\tset \$port ${PROXYPORT};" ${nginxconfig} sed -i "/server_name/,+1 d" ${nginxconfig}; sed -i "/set \$port/a\\\n\tserver_name ${NGINX_SERVERNAME//,/ };" ${nginxconfig} echo -e "${idsCL[LightGreen]}Done${idsCL[Default]}\n" fi echo "about to create SSL..." if [ "${SSL^^}" == "YES" ]; then echo -en "${idsCL[LightCyan]}Enabling SSL ... " if [ ! -f ${NM_CERTPATH}/live/${MAIN_SITE}/cert.pem ]; then echo -e "\n${idsCL[LightCyan]}No SSL cert detected, will generate one now ... " NEWCERT ${CERTTEST}-newsite -nnr ${NGINX_SERVERNAME} echo fi if [ -f ${NM_CERTPATH}/live/${MAIN_SITE}/cert.pem ]; then sed -i "s/#ssl_certificate/ssl_certificate/g" ${nginxconfig} sed -i "s/#listen 443/listen 443/g" ${nginxconfig} sed -i "s/#include conf.d\/include\/ssl-ciphers.conf/include conf.d\/include\/ssl-ciphers.conf/g" ${nginxconfig} sed -i "s/#include conf.d\/include\/force-ssl.conf/include conf.d\/include\/force-ssl.conf/g" ${nginxconfig} echo echo -e "${idsCL[LightGreen]}Done${idsCL[Default]}" else echo -e "${idsCL[LightRed]}Awww shit ERROR: Cert not created, run for the hills!!${idsCL[Default]}" fi else echo -en "${idsCL[LightCyan]}Disabling SSL ... " sed -i "s/ssl_certificate/#ssl_certificate/g" ${nginxconfig} sed -i "s/listen 443/#listen 443/g" ${nginxconfig} sed -i "s/include conf.d\/include\/ssl-ciphers.conf/#include conf.d\/include\/ssl-ciphers.conf/g" ${nginxconfig} sed -i "s/include conf.d\/include\/force-ssl.conf/#include conf.d\/include\/force-ssl.conf/g" ${nginxconfig} echo -e "${idsCL[LightGreen]}Done${idsCL[Default]}" echo fi if [[ "${SECURE}" = *"FA"* ]]; then echo -en "${idsCL[LightCyan]}Enabling ${SECURE} SSO access ... " sed -i "s/#include conf.d\/include\/secure-access.conf/include conf.d\/include\/secure-access.conf/g" ${nginxconfig} ${SSHCMD} root@${NM_AUTHELIA_IP} sed -i "/${SITENAME}/d" ${NM_DOCKER_COMPOSE_LOC['authelia']}/config/configuration.yml if [ "${SECURE}" == "2FA" ]; then ${SSHCMD} root@${NM_AUTHELIA_IP} "sed -ie \"/domain: # Proxies needing 2 factor below/a ~~~ - \\\"${MAIN_SITE}\\\"\" ${NM_DOCKER_COMPOSE_LOC['authelia']}/config/configuration.yml" else ${SSHCMD} root@${NM_AUTHELIA_IP} "sed -ie \"/domain: # Proxies only requiring username and password/a ~~~ - \\\"${MAIN_SITE}\\\"\" ${NM_DOCKER_COMPOSE_LOC['authelia']}/config/configuration.yml" fi ${SSHCMD} root@${NM_AUTHELIA_IP} "sed -i \"s/~~~/ /g\" ${NM_DOCKER_COMPOSE_LOC['authelia']}/config/configuration.yml" ${SSHCMD} root@${NM_AUTHELIA_IP} "/usr/bin/docker restart authelia >/dev/null 2>&1" echo -e "${idsCL[LightGreen]}Done${idsCL[Default]}" echo else echo -en "${idsCL[LightCyan]}Disabling SSO access ... " sed -i "s/include conf.d\/include\/secure-access.conf/#include conf.d\/include\/secure-access.conf/g" ${nginxconfig} [ "${NM_AUTHELIA_IP}" != "" ] && ${SSHCMD} root@${NM_AUTHELIA_IP} sed -i "/${SITENAME}/d" ${NM_DOCKER_COMPOSE_LOC['authelia']}/config/configuration.yml echo -e "${idsCL[LightGreen]}Done${idsCL[Default]}" echo fi if [ "${WEBSOCKET^^}" == "YES" ]; then echo -en "${idsCL[LightCyan]}Enabling Websocket Support ... " sed -i "s/#include conf.d\/include\/websocket-support.conf/include conf.d\/include\/websocket-support.conf/g" ${nginxconfig} else echo -en "${idsCL[LightCyan]}Disabling Websocket Support ... " sed -i "s/include conf.d\/include\/websocket-support.conf/#include conf.d\/include\/websocket-support.conf/g" ${nginxconfig} fi echo -e "${idsCL[LightGreen]}Done${idsCL[Default]}" echo if [ "${HSTS^^}" == "YES" ]; then echo -en "${idsCL[LightCyan]}Enabling HSTS Support ... " sed -i "s/#include conf.d\/include\/hsts-support.conf/include conf.d\/include\/hsts-support.conf/g" ${nginxconfig} else echo -en "${idsCL[LightCyan]}Disabling HSTS Support ... " sed -i "s/include conf.d\/include\/hsts-support.conf/#include conf.d\/include\/hsts-support.conf/g" ${nginxconfig} fi echo -e "${idsCL[LightGreen]}Done${idsCL[Default]}" echo if [ "${EXPLOITS^^}" == "YES" ]; then echo -en "${idsCL[LightCyan]}Enabling Web Exploit Blocks ... " sed -i "s/#include conf.d\/include\/block-exploits.conf/include conf.d\/include\/block-exploits.conf/g" ${nginxconfig} else echo -en "${idsCL[LightCyan]}Disabling Web Exploit Blocks ... " sed -i "s/include conf.d\/include\/block-exploits.conf/#include conf.d\/include\/block-exploits.conf/g" ${nginxconfig} fi echo -e "${idsCL[LightGreen]}Done${idsCL[Default]}" echo if [ "${LIVE^^}" == "YES" ]; then echo -en "${idsCL[LightCyan]}Enabling Site ... " ln -s ${nginxconfig} ${NM_NGINXPATH}/sites-enabled/${SITENAME,,}.conf else echo -en "${idsCL[LightCyan]}Disabling Site ... " rm -f ${NM_NGINXPATH}/sites-enabled/${SITENAME,,}.conf fi echo -e "${idsCL[LightGreen]}Done${idsCL[Default]}" echo sed -i "s/##include/#include/g" ${nginxconfig} sed -i "s/##ssl_/#ssl_/g" ${nginxconfig} echo -e "${idsCL[LightGreen]}Site Configuration Complete${idsCL[Default]}" fi } SITEINFO(){ # start=`date +%s` dl=105 EDIT=0; SEARCH=0 while [ $# -gt 0 ]; do case "${1}" in -e|-edit) EDIT=1;; -s|-search) SEARCH=${2};; -h | -help | --help) echo -e "Usage: ${idsCL[LightYellow]}[nodemgmt or nmg] sites ${idsCL[Yellow]}{flags}${idsCL[Default]} {" width=35 printf "%-${width}s- %s\n" " -e|-edit" "(enables edit mode)" printf "%-${width}s- %s\n" " -s|-search {search}" "(narrows list to hostnames containing {search})" echo -e "}\n" exit 0;; esac shift done if [ "${onefacline}" == "" ]; then [ "$(${NCMD} ip addr show $(ip route | awk '/default/ { print $5 }') | grep "inet" | awk '/inet/ {print $2}' | cut -d'/' -f1)" != "${NM_AUTHELIA_IP}" ] && ACMD="${SSHCMD} root@${NM_AUTHELIA_IP}" || ACMD="" autheliaconfig=$(${ACMD} cat ${NM_DOCKER_COMPOSE_LOC['authelia']}/config/configuration.yml) onefacline=$(echo "${autheliaconfig}" | grep -Fn one_factor | sort | tail -n1) onefacline=${onefacline%%:*} twofacline=$(echo "${autheliaconfig}" | grep -Fn two_factor | sort | tail -n1) twofacline=${twofacline%%:*} fi [ "${SEARCH}" != "0" ] && echo -e "${idsCL[Yellow]}Narrowing list to names containing '${idsCL[LightYellow]}${SEARCH,,}${idsCL[Yellow]}' ${idsCL[Default]}\n" if [ ${EDIT} -eq 1 ]; then [ "${2}" == "" ] && echo -e "${idsCL[LightGreen]}Choose a site from the list below to edit: ${idsCL[Default]}" else echo -e "${idsCL[LightGreen]}Local NGINX Sites ${idsCL[Default]}" fi gosite=${NM_NGINXPATH[${RUN_NODE_TYPE}]}/sites-available declare -A SITELIST if [ "${gosite}" != "" ]; then [ "${SEARCH}" != "0" ] && files=$(shopt -s nullglob dotglob; echo ${gosite}/*${SEARCH,,}*.conf) || files=$(shopt -s nullglob dotglob; echo ${gosite}/*.conf) if (( ${#files} )); then [ "${SEARCH}" != "0" ] && siteslist=$(find ${gosite}/*${SEARCH,,}*.conf) || siteslist=$(find ${gosite}/*.conf) i=1 for sitefile in ${siteslist[@]}; do SITENAME=${sitefile##*/}; SITENAME=${SITENAME/.conf/} siteconfig=$(cat ${sitefile}) if (( i % 12 == 0 )) || [ $i = 1 ]; then DIVIDER false yellow ${dl} [ ${EDIT} -eq 1 ] && msg1='##) Site Hostname' || msg1='Site Hostname' echo -en "${idsCL[Yellow]}" if [ ${EDIT} -eq 1 ]; then printf "%-32s %-5s %-7s %-5s %-5s %-5s %-5s %-5s %-8s\n" "${msg1}" "Live" "Type" "SSL" "HSTS" "WBSKT" "EXPLT" "LOCK" "Proxy Connection" else printf "%-28s %-5s %-7s %-5s %-5s %-5s %-5s %-5s %-8s\n" "${msg1}" "Live" "Type" "SSL" "HSTS" "WBSKT" "EXPLT" "LOCK" "Proxy Connection" fi echo -en "${idsCL[Default]}" DIVIDER false yellow ${dl} else DIVIDER false darkGray ${dl} fi #twofacline=$(echo "${autheliaconfig}" | grep -Fn two_factor | sort | tail -n1) if [ "$(echo "${siteconfig}" | grep include/proxy.conf)" != "" ] || [ "$(echo "${siteconfig}" | grep proxy_pass)" != "" ]; then SITE_TYPE='Proxy' if [ "$(echo "${siteconfig}" | grep include/proxy.conf)" != "" ]; then PROXYHOST=$(echo "${siteconfig}" | grep 'set $server') PROXYHOST=${PROXYHOST#*\"}; PROXYHOST=${PROXYHOST%\"*} PROXYSCHEME=$(echo "${siteconfig}" | grep 'set $forward_scheme') PROXYSCHEME=${PROXYSCHEME##* }; PROXYSCHEME=${PROXYSCHEME%;*} PROXYPORT=$(echo "${siteconfig}" | grep 'set $port') PROXYPORT=${PROXYPORT##* }; PROXYPORT=${PROXYPORT%;*} PROXYHOST_FULL="${PROXYSCHEME}://${PROXYHOST}:${PROXYPORT}" else PROXYHOST_FULL="[ custom proxy_pass ]" fi else SITE_TYPE='HTTP' PROXYHOST_FULL='' fi server=$(echo "${siteconfig}" | grep 'set $port') [ "$(echo "${siteconfig}" | grep \#ssl_certificate)" != "" ] && SSL='' || SSL='Yes' [ "$(echo "${siteconfig}" | grep '\#include conf.d/include/hsts-support.conf')" != "" ] && HSTS='' || HSTS='Yes' [ "$(echo "${siteconfig}" | grep '\#include conf.d/include/websocket-support.conf')" != "" ] && WEBSOCKET='' || WEBSOCKET='Yes' [ "$(echo "${siteconfig}" | grep '\#include conf.d/include/block-exploits.conf')" != "" ] && EXPLOITS='' || EXPLOITS='Yes' if [ "$(echo "${siteconfig}" | grep '\#include conf.d/include/secure-access.conf')" == "" ]; then sitefacline=$(echo "${autheliaconfig}" | grep -Fn ${SITENAME}) sitefacline=${sitefacline%%:*} if [ "${sitefacline}" == "" ]; then SECURE='error' # ${SSHCMD} root@${NM_AUTHELIA_IP} "sed -ie \"/domain: # Proxies only requiring username and password/a ~~~ - \\\"${SITENAME}\\\"\" ${NM_DOCKER_COMPOSE_LOC['authelia']}/config/configuration.yml" # ${SSHCMD} root@${NM_AUTHELIA_IP} "sed -i \"s/~~~/ /g\" ${NM_DOCKER_COMPOSE_LOC['authelia']}/config/configuration.yml" elif [ ${sitefacline} -lt ${onefacline} ]; then SECURE='1FA' elif [ ${sitefacline} -lt ${twofacline} ]; then SECURE='2FA' fi else SECURE='' fi [ -f ${NM_NGINXPATH[${RUN_NODE_TYPE}]}/sites-enabled/${SITENAME}.conf ] && LIVE='Yes' || LIVE='' [ ${i} -lt 10 ] && ii=" ${i}" || ii=${i} [ ${EDIT} -eq 1 ] && msg1="${ii}) ${SITENAME}" || msg1="${SITENAME}" [ "${LIVE}" == "Yes" ] && echo -en "${idsCL[White]}" || echo -en "${idsCL[DarkGray]}" if [ ${EDIT} -eq 1 ]; then printf "%-32s %-5s %-7s %-5s %-5s %-5s %-5s %-5s %-14s\n" "${msg1}" "${LIVE}" "${SITE_TYPE}" "${SSL}" "${HSTS}" "${WEBSOCKET}" "${EXPLOITS}" "${SECURE}" "${PROXYHOST_FULL}" else printf "%-28s %-5s %-7s %-5s %-5s %-5s %-5s %-5s %-14s\n" "${msg1}" "${LIVE}" "${SITE_TYPE}" "${SSL}" "${HSTS}" "${WEBSOCKET}" "${EXPLOITS}" "${SECURE}" "${PROXYHOST_FULL}" fi echo -en "${idsCL[Default]}" SITELIST[${i}]=${SITENAME} i=`expr $i + 1` done else echo -e "\n${idsCL[LightRed]}No sites were found matching '${SEARCH}'${idsCL[Default]}" fi echo if [ ${EDIT} -eq 1 ]; then DIVIDER . yellow ${dl} function exitspacing { echo -e "\n\033[K\n\033[K" exit 0 } trap exitspacing EXIT while [ "${editc^}" != "Q" ]; do echo -e "\033[K" echo -e "\033[K" echo -e "\033[K (${idsCL[Green]}A${idsCL[Default]})dd New Site, (${idsCL[Green]}R${idsCL[Default]})eload, (${idsCL[Yellow]}Q${idsCL[Default]})uit" echo -e "\033[K" echo -e "\033[K" echo -e "\033[K" echo -e "\033[7A" echo -en "${idsCL[LightCyan]}Enter the site number you want to edit: ${idsCL[Default]}" read siteid echo if [ "${siteid^}" == "Q" ]; then echo -e "\033[K" exit 0 elif [ "${siteid^}" == "A" ]; then echo -en "\033[1A\033[K\r" ${NM_SCRIPT} newsite [ "${SEARCH}" != "0" ] && SITEINFO -edit -search ${SEARCH} || SITEINFO -edit exit 0 elif [ "${siteid^}" == "R" ]; then [ "${SEARCH}" != "0" ] && SITEINFO -edit -search ${SEARCH} || SITEINFO -edit exit 0 elif [ "${SITELIST[${siteid}]}" != "" ]; then EDITSITE else #no site echo -e "\033[3A"; for (( c=1; c<=3; c++ )); do echo -e "\r\033[K"; done; echo -e "\033[4A" [ "${siteid}" == "" ] && echo -e "\033[2A" fi done echo fi else echo -e "\nNo site information found for this node" fi echo # end=`date +%s` # runtime=$((end-start)) # echo "runtime: ${runtime}" # echo } EDITSITE(){ SITENAME=${SITELIST[${siteid}]} sitefile=${gosite}/${SITENAME}.conf if [ -f ${sitefile} ]; then siteconfig=$(cat ${sitefile}) if [ "$(echo "${siteconfig}" | grep \#ssl_certificate)" != "" ]; then SSL='-' SUBJECTNAMES="" else SSL='Yes' certpath=$(echo "${siteconfig}" | grep ssl_certificate_key) certpath=${certpath%/*} certpath=${certpath#* } SUBJECTNAMES=$(openssl x509 -in ${certpath}/cert.pem -noout -text|grep -oP '(?<=DNS:|IP Address:)[^,]+'|sort -uV) CERTEXPIRE=$(date -d "$(: | openssl x509 -in ${certpath}/cert.pem -text | grep 'Not After' |awk '{print $4,$5,$7}')" '+%s'); SUBJECTNAMES=${SUBJECTNAMES//$'\n'/, } fi if [ "$(echo "${siteconfig}" | grep include/proxy.conf)" != "" ]; then SITE_TYPE='Proxy' PROXYHOST=$(echo "${siteconfig}" | grep 'set $server') PROXYHOST=${PROXYHOST#*\"}; PROXYHOST=${PROXYHOST%\"*} SERVERNAMES=$(echo "${siteconfig}" | grep 'server_name') SERVERNAMES=${SERVERNAMES//;/} SERVERNAMES=${SERVERNAMES#* } SERVERNAMES=${SERVERNAMES// /,} PROXYSCHEME=$(echo "${siteconfig}" | grep 'set $forward_scheme') PROXYSCHEME=${PROXYSCHEME##* }; PROXYSCHEME=${PROXYSCHEME%;*} PROXYPORT=$(echo "${siteconfig}" | grep 'set $port') PROXYPORT=${PROXYPORT##* }; PROXYPORT=${PROXYPORT%;*} else SITE_TYPE='HTTP' fi [ "$(echo "${siteconfig}" | grep '\#include conf.d/include/hsts-support.conf')" != "" ] && HSTS='-' || HSTS='Yes' [ "$(echo "${siteconfig}" | grep '\#include conf.d/include/websocket-support.conf')" != "" ] && WEBSOCKET='-' || WEBSOCKET='Yes' [ "$(echo "${siteconfig}" | grep '\#include conf.d/include/block-exploits.conf')" != "" ] && EXPLOITS='-' || EXPLOITS='Yes' if [ "$(echo "${siteconfig}" | grep '\#include conf.d/include/secure-access.conf')" == "" ]; then sitefacline=$(echo "${autheliaconfig}" | grep -Fn ${SITENAME} | sort | tail -n1) sitefacline=${sitefacline%%:*} if [ "${sitefacline}" == "" ]; then SECURE='error' elif [ ${sitefacline} -lt ${onefacline} ]; then SECURE='1FA' elif [ ${sitefacline} -lt ${twofacline} ]; then SECURE='2FA' fi else SECURE='-' fi [ -f ${NM_NGINXPATH[${RUN_NODE_TYPE}]}/sites-enabled/${SITENAME}.conf ] && LIVE='Yes' || LIVE='-' else LIVE='Yes' SITENAME=${MAIN_SITE} SITE_TYPE=${SITE_TYPE^} SERVERNAMES=${NEW_SITE} PROXYHOST=${PROXYHOST} PROXYSCHEME=${PROXYSCHEME} PROXYPORT=${PROXYPORT} SSL='Yes' HSTS='Yes' WEBSOCKET='-' EXPLOITS='-' SECURE='-' fi editc=0 until [ "${editc^}" = "C" ]; do echo -e "\033[K${idsCL[White]}E) Site Enabled: ${idsCL[Cyan]}${idsST[Bold]}${LIVE}${idsST[Reset]}" echo -e "\033[K${idsCL[White]}0) Site Address(es): ${idsCL[Cyan]}${idsST[Bold]}${SERVERNAMES//,/, }${idsST[Reset]}" echo -e "\033[K${idsCL[White]}1) Site Type: ${idsCL[Cyan]}${idsST[Bold]}${SITE_TYPE}${idsST[Reset]}" echo -en "\033[K${idsCL[White]}2) SSL Secure: ${idsCL[Cyan]}${idsST[Bold]}${SSL}${idsST[Reset]}" [ "${SUBJECTNAMES}" != "" ] && echo -e " ${idsCL[Cyan]}[SSL Names: ${idsCL[Yellow]}${SUBJECTNAMES}${idsCL[Cyan]}; expires ${idsCL[Yellow]}$(date -d @${CERTEXPIRE} '+%m-%d-%Y')${idsCL[Cyan]}]" || echo echo -e "\033[K${idsCL[White]}3) HSTS Enabled: ${idsCL[Cyan]}${idsST[Bold]}${HSTS}${idsST[Reset]}" echo -e "\033[K${idsCL[White]}4) Web Sockets: ${idsCL[Cyan]}${idsST[Bold]}${WEBSOCKET}${idsST[Reset]}" echo -e "\033[K${idsCL[White]}5) Exploits Block: ${idsCL[Cyan]}${idsST[Bold]}${EXPLOITS}${idsST[Reset]}" echo -e "\033[K${idsCL[White]}6) Secured Access: ${idsCL[Cyan]}${idsST[Bold]}${SECURE}${idsST[Reset]}" if [ "${SITE_TYPE}" == "Proxy" ]; then echo -e "\033[K${idsCL[White]}7) Proxy Address: ${idsCL[Cyan]}${idsST[Bold]}${PROXYHOST}${idsST[Reset]}" echo -e "\033[K${idsCL[White]}8) Proxy Scheme: ${idsCL[Cyan]}${idsST[Bold]}${PROXYSCHEME}${idsST[Reset]}" echo -e "\033[K${idsCL[White]}9) Proxy Port: ${idsCL[Cyan]}${idsST[Bold]}${PROXYPORT}${idsST[Reset]}" else echo -e "\033[K" echo -e "\033[K" echo -e "\033[K" fi if [ "${editc}" != "s" ]; then echo -e "\033[K" echo -e "\033[K" echo -e "\033[K" echo -e "\033[K (${idsCL[Green]}S${idsCL[Default]})ave Site, (${idsCL[Red]}D${idsCL[Default]})elete Site, (${idsCL[Yellow]}C${idsCL[Default]})ancel, (${idsCL[Yellow]}Q${idsCL[Default]})uit" echo -e "\033[K" echo -e "\033[K" echo -e "\033[7A" echo -en "\033[K\n\033[K\r${idsCL[LightCyan]}Enter the item number to edit: ${idsCL[Default]}" read -n 1 editc case "${editc}" in 0) echo -e "\033[K\n\033[K" echo -en "\033[KEnter new Server Names (comma seperated): " read -i "${SERVERNAMES}" -e SERVERNAMES SERVERNAMES=${SERVERNAMES//, /,} echo -e "\033[5A"; for (( c=1; c<=5; c++ )); do echo -e "\033[K"; done; echo -e "\033[5A" ;; 1) [ "${SITE_TYPE}" == "HTTP" ] && SITE_TYPE='Proxy' || SITE_TYPE='HTTP';; 2) [ "${SSL}" == "-" ] && SSL='Yes' || SSL='-';; 3) [ "${HSTS}" == "-" ] && HSTS='Yes' || HSTS='-';; 4) [ "${WEBSOCKET}" == "-" ] && WEBSOCKET='Yes' || WEBSOCKET='-';; 5) [ "${EXPLOITS}" == "-" ] && EXPLOITS='Yes' || EXPLOITS='-';; 6) if [ "${SECURE}" == "-" ]; then SECURE='1FA' elif [ "${SECURE}" == "1FA" ]; then SECURE='2FA' elif [ "${SECURE}" == "2FA" ]; then SECURE='-' fi ;; 7) echo -e "\033[K\n\033[K" echo -en "\033[KEnter new Proxy Address: " read -i "${PROXYHOST}" -e PROXYHOST echo -e "\033[5A"; for (( c=1; c<=5; c++ )); do echo -e "\033[K"; done; echo -e "\033[5A" ;; 8) [ "${PROXYSCHEME}" == "http" ] && PROXYSCHEME='https' || PROXYSCHEME='http';; 9) echo -e "\033[K\n\033[K" echo -en "\033[KEnter new Proxy Port: " read -i "${PROXYPORT}" -e PROXYPORT echo -e "\033[5A"; for (( c=1; c<=5; c++ )); do echo -e "\033[K"; done; echo -e "\033[5A" ;; [Cc]) echo -e "\r\033[K\n\r\033[K\n\r\033[K" echo -e "\033[16A"; for (( c=1; c<=16; c++ )); do echo -e "\r\033[K"; done; echo -e "\033[16A" echo -e "\n\n\n\n\n\n\n\n" ;; [Dd]) echo -e "\033[K\n\033[K" echo -en "\033[K${idsCL[LightCyan]}Are you sure you wish to delete the site and associated SSL if applicable (y/N): ${idsCL[Default]}" read -n 1 delconfirm case "${delconfirm}" in [Yy]) echo -en "\n\n${idsCL[LightCyan]}Removing site ... " DELSITE -site ${SITENAME} -ssl yes >/dev/null 2>&1 echo -e "${idsCL[LightGreen]}Done\n${idsCL[Default]}" [ "${SEARCH}" != "0" ] && SITEINFO -edit -search ${SEARCH} || SITEINFO -edit exit 0 ;; *) [ "${delconfirm}" != "" ] && echo echo -e "\033[5A"; for (( c=1; c<=5; c++ )); do echo -e "\033[K"; done; echo -e "\033[5A" ;; esac ;; [Ee]) [ "${LIVE}" == "-" ] && LIVE='Yes' || LIVE='-';; [Qq]) echo -e "\033[K" exit 0 ;; *) ;; esac [ "${editc}" == "" ] && echo -e "\033[14A" || echo -e "\033[13A" else for (( c=1; c<=6; c++ )); do echo -e "\033[K"; done; echo -e "\033[7A" echo -en "\n\033[K${idsCL[LightCyan]}Confirm changes (Y/n): ${idsCL[Default]}" read -n 1 confirm case "${confirm}" in [Nn]) editc=C echo -e "\r\033[K\n\r\033[K\n\r\033[K" echo -e "\033[15A"; for (( c=1; c<=15; c++ )); do echo -e "\r\033[K"; done; echo -e "\033[19A" ;; *) [ "${confirm}" != "" ] && echo if [ "${CERTTEST}" != "" ] && [ "${CERTTEST}" != "0" ]; then echo -e "${idsCL[LightYellow]}${idsST[Bold]}### REQUESTING CERT IN TEST MODE ###${idsST[Reset]}${idsCL[Default]}" echo fi if [ "${NEWSITE}" == "true" ]; then echo -en "\033[1A\033[K\r${idsCL[LightCyan]}Creating new site ... ${idsCL[Default]}" else echo -en "\033[1A\033[K\r${idsCL[LightCyan]}Configuring changes ... ${idsCL[Default]}" fi NEWPROXYSITE_CREATE ${SITENAME} ${SERVERNAMES} ${PROXYHOST} ${PROXYPORT} ${PROXYSCHEME} ${WEBSOCKET} ${HSTS} ${EXPLOITS} ${SECURE} ${SSL} ${CERTTEST} ###>/dev/null 2>&1 echo -e "${idsCL[LightGreen]}Done${idsCL[Default]}" echo echo -en "\033[1A\033[K\r${idsCL[LightCyan]}Restarting NGINX on all '${RUN_NODE_TYPE}' Nodes ... ${idsCL[Default]}" # if [[ "${RUN_NODE_IP}" != "10.6.1"* ]]; then SERVICE_MGMT nginx restart # else # /bin/systemctl restart nginx # fi echo -e "${idsCL[LightGreen]}Done${idsCL[Default]}" echo if [ "${NEWSITE}" == "true" ]; then exit 0 else echo -en "\033[K\r${idsCL[LightCyan]}Continue or Exit (C/e): ${idsCL[Default]}" read -n1 con case "${con}" in [Ee]) # echo -e "\n\033[K\n\033[K" exit 0 ;; *) editc=C echo -e "\r\033[K\n\r\033[K\n\r\033[K" echo -e "\033[19A"; for (( c=1; c<=19; c++ )); do echo -e "\r\033[K"; done; echo -e "\033[22A" [ "${SEARCH}" != "0" ] && SITEINFO -edit -search ${SEARCH} || LISTCERTS -edit exit 0 ;; esac fi ;; esac fi done }