#!/usr/bin/env bash DELSITE(){ while [ $# -gt 0 ]; do case "$1" in -site) DEL_SITE=${2};; -ssl) DEL_SSL=${2};; -list) DELSITES; exit 0;; -*) echo "Invalid option: '${1}' requires an argument" 1>&2 echo echo -e "Usage: ${idsCL[Yellow]}[nodemgmt or nmg] delsite${idsCL[Default]} {" width=35 printf "%-${width}s- %s\n" " -site {FQDN address}" "(*required)" printf "%-${width}s- %s\n" " -ssl {yes or [no]}" "Delete SSL certs as well" printf "%-${width}s- %s\n" " -list" "List sites (same as running nodemgmt delsites)" echo "}" exit 1;; esac shift done if [ -z ${DEL_SITE+x} ]; then echo -en "${idsCL[LightCyan]}Delete what site address: ${idsCL[Default]}" read DEL_SITE echo fi if [[ $DEL_SSL =~ ^[Nn]$ ]]; then DEL_SSL=no elif [[ $DEL_SSL =~ ^[Yy]$ ]]; then DEL_SSL=yes elif [ -z ${DEL_SSL+x} ]; then echo -en "${idsCL[LightRed]}Do you also want to delete the certs for '${DEL_SITE}' as well? [y/N]${idsCL[Default]} " read DEL_SSL if [[ $DEL_SSL =~ ^[Nn]$ ]]; then DEL_SSL=no elif [[ $DEL_SSL =~ ^[Yy]$ ]]; then DEL_SSL=yes fi fi if [ ! -z ${DEL_SITE+x} ] && [ "${DEL_SITE}" != "" ]; then echo -e "${idsCL[LightRed]}Deleting site '${idsCL[Red]}${DEL_SITE^^}${idsCL[LightRed]}'...${idsCL[Default]}" echo echo -e "${idsCL[LightRed]}[[Removing Files and Folders]]${idsCL[Default]}" echo -e "${idsCL[LightRed]}-------------------------------------------${idsCL[Default]}" echo echo -en "${idsCL[LightCyan]}Removing NGINX files ... ${idsCL[Default]}" rm -f ${NM_NGINXPATH}/sites-enabled/${DEL_SITE}* >/dev/null 2>&1 echo -e "${idsCL[Green]}Done${idsCL[Default]}" echo if [ "${DEL_SSL}" == "yes" ]; then DEL-SSL ${DEL_SITE} echo fi [ "${NM_AUTHELIA_IP}" != "" ] && ssh root@${NM_AUTHELIA_IP} sed -i "/${DEL_SITE}/d" ${NM_DOCKER_COMPOSE_LOC['authelia']}/config/configuration.yml SERVICE nginx restart echo -e "${idsCL[LightRed]}Site has been deleted.${idsCL[Default]}\n" else echo "Missing arguments" echo echo -e "Usage: ${idsCL[Yellow]}[nodemgmt or nmg] delsite${idsCL[Default]} {" width=35 printf "%-${width}s- %s\n" " -site {FQDN address}" "Site to delete" printf "%-${width}s- %s\n" " -ssl {yes or [no]}" "Delete SSL certs as well" printf "%-${width}s- %s\n" " -list" "List sites (same as running nodemgmt delsites)" echo "}" exit 1 fi } DELSITES(){ echo echo -e "${idsCL[Red]}Select a site to delete...${idsCL[Default]}" DIVIDER true sid=1 # filels="( $(ssh root@${NM_HOSTS['LB'][0]} ls ${NM_NGINXPATH}/sites-enabled/*) )" filels="( $(ls ${NM_NGINXPATH}/sites-enabled/*) )" # IFS='\n' for siteconf in $filels; do # for siteconf in "${NM_NGINXPATH}/sites-enabled/*" ; do # [ -e "$siteconf" ] || continue if [ ${siteconf:0:1} == '/' ]; then IFS='/'; site_conf=(${siteconf}); unset IFS [ "${site_conf[3]}" == "sites-enabled" ] && SITES[${sid}]=${site_conf[4]/.conf/} || [ "${site_conf[4]}" == "sites-enabled" ] && SITES[${sid}]=${site_conf[5]/.conf/} sid=`expr $sid + 1` fi done for s in "${!SITES[@]}"; do echo -e " [${idsCL[Yellow]}${s}${idsCL[Default]}] ${SITES[${s}]}" done echo if [ -z $action ] || [ "${action}" = "gui" ]; then echo " [B] Back" fi echo " [Q] Quit" echo echo -en "${idsCL[LightYellow]}Please select a site from above from above:${idsCL[Default]} " read selsite echo if [ -z ${SITES[$selsite]} ] && [ "${selsite}" != "Q" ] && [ "${selsite}" != "q" ] && [ "${selsite}" != "B" ] && [ "${selsite}" != "b" ]; then echo "Thats an invaild option," echo "please select a valid option only." sleep 1 DELSITES exit 0 elif [ "${selsite}" = "Q" ] || [ "${selsite}" = "q" ]; then exit 0 elif [ "${selsite}" = "B" ] || [ "${selsite}" = "b" ]; then GUI else while : do echo -en "${idsCL[LightRed]}Are you sure you want to delete '${idsCL[Red]}${SITES[${selsite}]^^}${idsCL[LightRed]}'? [y/N]${idsCL[Default]} " read response echo if [[ $response =~ ^[Yy]$ ]]; then echo -en "${idsCL[LightRed]}Do you also want to delete the certs for '${idsCL[Red]}${SITES[${selsite}]^^}${idsCL[LightRed]}', if they exist? [y/N]${idsCL[Default]} " read sslresponse DELSITE -site ${SITES[${selsite}]} -ssl ${sslresponse} echo DIVIDER ENTER2CONTINUE break else break fi done DELSITES exit 0 fi if [ -z $action ] || [ "${action}" = "gui" ]; then ENTER2CONTINUE fi } LISTSITES(){ echo echo -e "${idsCL[Red]}NGINX Site Config...${idsCL[Default]}" DIVIDER true # filels="( $(ssh root@${NM_HOSTS['LB'][0]} ls ${NM_NGINXPATH}/sites-enabled/*) )" filels="( $(ls ${NM_NGINXPATH}/sites-enabled/*) )" for siteconf in $filels; do if [ ${siteconf:0:1} == '/' ]; then IFS='/'; site_conf=(${siteconf}); unset IFS [ "${site_conf[3]}" == "sites-enabled" ] && SITENAME=${site_conf[4]/.conf/} || [ "${site_conf[4]}" == "sites-enabled" ] && SITENAME=${site_conf[5]/.conf/} [ grep -q "secure-access.conf" ${siteconf} ] && SECURE=Yes || SECURE=No [ grep -q "websocket-support.conf" ${siteconf} ] && WEBSOCKET=Yes || WEBSOCKET=No [ grep -q "hsts-support.conf" ${siteconf} ] && HSTS=Yes || HSTS=No [ grep -q "block-exploits.conf" ${siteconf} ] && EXPLOITS=Yes || EXPLOITS=No echo -e "${SITENAME} - ${SECURE} - ${WEBSOCKET} - ${HSTS} - ${EXPLOITS}" fi done if [ -z $action ] || [ "${action}" = "gui" ]; then ENTER2CONTINUE fi } NEWSITE(){ CERTTEST=0 echo while [ $# -gt 0 ]; do case "$1" in -t|-test) CERTTEST=1;; -site) NEW_SITE=${2};; -type) SITE_TYPE=${2};; -ssl) CREATE_SSL=${2};; -proxy_scheme) PROXYSCHEME=${2};; -proxy_host) PROXYHOST=${2};; -proxy_port) PROXYPORT=${2};; -websocket) WEBSOCKET=${2};; -hsts) HSTS=${2};; -exploits) EXPLOITS=${2};; -secure) SECURE=${2};; -h | -help | --help) echo echo -e "Usage: ${idsCL[LightYellow]}[nodemgmt or nmg] newsite ${idsCL[Yellow]}{flags}${idsCL[Default]} {" width=35 printf "%-${width}s- %s\n" " -site {FQDN address(,es)}" "(new site and aliases, comma separated)" printf "%-${width}s- %s\n" " -ssl {yes or no}" "(defaults to yes)" printf "%-${width}s- %s\n" " -type {'local' or 'proxy'}" "(defaults to local)" printf "%-${width}s- %s\n" " -proxy_port {host port}" "(proxy backend host)" printf "%-${width}s- %s\n" " -proxy_host {IP or FQDN}" "(proxy backend port)" printf "%-${width}s- %s\n" " -proxy_scheme {http or https}" "(proxy backend scheme)" printf "%-${width}s- %s\n" " -websocket {yes or no}" "(websocket support)" printf "%-${width}s- %s\n" " -hsts {yes or no}" "(hsts support)" printf "%-${width}s- %s\n" " -exploits {yes or no}" "(block exploits)" printf "%-${width}s- %s\n" " -secure {yes or no}" "(secure access [nginx/.htpasswd])" printf "%-${width}s- %s\n" " -t|-test" "(enables dry-run mode for CertBot)" echo "}" exit 0;; esac shift done #if [ -z ${SITE_TYPE+x} ]; then SITE_TYPE=local; fi #if [ -z ${CREATE_SSL+x} ]; then CREATE_SSL=true; fi if [ -z ${NEW_SITE+x} ]; then echo -en "${idsCL[LightCyan]}New site domain name (comma seperated for multiple): ${idsCL[Default]}" read NEW_SITE showdivide=yes echo fi if [[ ${NEW_SITE} == *","* ]]; then IFS=','; NEW_SITES=(${NEW_SITE}); unset IFS MAIN_SITE=${NEW_SITES[0]} NGINX_SERVERNAME=${NEW_SITE//[,]/ } else MAIN_SITE=${NEW_SITE} NGINX_SERVERNAME=${NEW_SITE} fi nginxconfig=${NM_NGINXPATH}/sites-enabled/${MAIN_SITE}.conf if [ -f ${nginxconfig} ]; then echo -en "${idsCL[LightRed]}This site already exists, overwrite it? (y/N): ${idsCL[Default]}" read overwrite echo if [[ ${overwrite} =~ ^[Nn]$ ]] || [ "${overwrite}" = "" ]; then exit 0 elif [[ ${overwrite} =~ ^[Yy]$ ]]; then rm -f ${nginxconfig} >/dev/null 2>&1 [ "${NM_AUTHELIA_IP}" != "" ] && ssh root@${NM_AUTHELIA_IP} sed -i "/${MAIN_SITE}/d" ${NM_DOCKER_COMPOSE_LOC['authelia']}/config/configuration.yml else exit 0 fi fi if [ -z ${CREATE_SSL+x} ]; then echo -en "${idsCL[LightCyan]}Create SSL for site? [Y/n] ${idsCL[Default]}" read CREATE_SSL showdivide=yes if [[ $CREATE_SSL =~ ^[Yy]$ ]] || [ "${CREATE_SSL}" = "" ]; then CREATE_SSL=yes else CREATE_SSL=no fi echo fi if [ -z ${SITE_TYPE+x} ]; then echo -en "${idsCL[LightCyan]}Site type (local/{proxy}): ${idsCL[Default]}" read SITE_TYPE showdivide=yes if [ "${SITE_TYPE}" = "" ]; then SITE_TYPE=proxy fi echo fi if [ "${SITE_TYPE}" = "proxy" ]; then if [ -z ${PROXYHOST+x} ]; then echo -en "${idsCL[LightCyan]}What is the proxy backend address (IP or FQDN): ${idsCL[Default]}" read PROXYHOST showdivide=yes echo fi if [ -z ${PROXYPORT+x} ]; then echo -en "${idsCL[LightCyan]}What is the proxy backend port (tcp port): ${idsCL[Default]}" read PROXYPORT showdivide=yes echo fi if [ -z ${PROXYSCHEME+x} ]; then echo -en "${idsCL[LightCyan]}What is the proxy backend scheme (http/https): ${idsCL[Default]}" read PROXYSCHEME showdivide=yes echo fi if [ -z ${WEBSOCKET+x} ]; then echo -en "${idsCL[LightCyan]}Enable Websocket Support (y/N): ${idsCL[Default]}" read WEBSOCKET showdivide=yes if [[ ${WEBSOCKET} =~ ^[Nn]$ ]] || [ "${WEBSOCKET}" = "" ]; then WEBSOCKET=no elif [[ ${WEBSOCKET} =~ ^[Yy]$ ]]; then WEBSOCKET=yes else WEBSOCKET=no fi echo fi if [ -z ${HSTS+x} ]; then echo -en "${idsCL[LightCyan]}Enable HSTS Support (Y/n): ${idsCL[Default]}" read HSTS showdivide=yes ([[ ${HSTS} =~ ^[Yy]$ ]] || [ "${HSTS}" = "" ]) && HSTS=yes || HSTS=no echo fi if [ -z ${EXPLOITS+x} ]; then echo -en "${idsCL[LightCyan]}Block exploits (y/N): ${idsCL[Default]}" read EXPLOITS showdivide=yes if [[ ${EXPLOITS} =~ ^[Nn]$ ]] || [ "${EXPLOITS}" = "" ]; then EXPLOITS=no elif [[ ${EXPLOITS} =~ ^[Yy]$ ]]; then EXPLOITS=yes else EXPLOITS=no fi echo fi if [ -z ${SECURE+x} ]; then echo -en "${idsCL[LightCyan]}Secure site with Authelia SSO (y/N): ${idsCL[Default]}" read SECURE showdivide=yes if [[ ${SECURE} =~ ^[Nn]$ ]] || [ "${SECURE}" = "" ]; then SECURE=no elif [[ ${SECURE} =~ ^[Yy]$ ]]; then echo -en "${idsCL[LightCyan]}Would you like to add a side of MFA with that SSO (Y/n): ${idsCL[Default]}" read MFA showdivide=yes ([[ ${MFA} =~ ^[Yy]$ ]] || [ "${MFA}" = "" ]) && SECURE="2FA" || SECURE="1FA" else SECURE=no fi echo fi fi [ "${showdivide}" == "yes" ] && DIVIDER echo width=18 printf "%-${width}s: %s\n" "New site" "${NEW_SITE}" printf "%-${width}s: %s\n" "Create SSL" "${CREATE_SSL}" printf "%-${width}s: %s\n" "Site type" "${SITE_TYPE}" if [ "${SITE_TYPE}" = "proxy" ]; then printf "%-${width}s: %s\n" "Proxy host" "${PROXYHOST}" printf "%-${width}s: %s\n" "Proxy port" "${PROXYPORT}" printf "%-${width}s: %s\n" "Proxy scheme" "${PROXYSCHEME}" printf "%-${width}s: %s\n" "Websocket Support" "${WEBSOCKET}" printf "%-${width}s: %s\n" "HSTS Support" "${HSTS}" printf "%-${width}s: %s\n" "Block Exploits" "${EXPLOITS}" printf "%-${width}s: %s\n" "Secure Access" "${SECURE}" fi echo -en "${idsCL[LightRed]}Is this information correct? [Y/n]${idsCL[Default]} " read -n 1 response echo if [[ $response =~ ^[Yy]$ ]] || [ "${response}" = "" ]; then if [ "${SITE_TYPE}" = "proxy" ]; then if [ ! -z ${PROXYSCHEME+x} ] && [ ! -z ${PROXYHOST+x} ] && [ ! -z ${PROXYPORT+x} ]; then GO=true; fi else GO=true fi if [ "${GO}" = "true" ]; then echo -e "${idsCL[LightGreen]}Setting up new site for '${idsCL[Yellow]}${MAIN_SITE}${idsCL[LightGreen]}' {${NGINX_SERVERNAME}}...${idsCL[Default]}" echo # [ "${WEBSOCKET}" == "yes" ] && WEBSOCKET="include conf.d\/include\/websocket-support.conf;" || WEBSOCKET="" # [ "${HSTS}" == "yes" ] && HSTS="include conf.d\/include\/hsts-support.conf;" || HSTS="" # [ "${EXPLOITS}" == "yes" ] && EXPLOITS="include conf.d\/include\/block-exploits.conf;" || EXPLOITS="" if [[ "${SECURE}" = *"FA"* ]] && [ "${NM_DOCKER_COMPOSE_LOC['authelia']}" != "" ]; then echo -e "${idsCL[LightGreen]}Configuring Authelia SSO for '${idsCL[Yellow]}${MAIN_SITE}${idsCL[LightGreen]}' {${NGINX_SERVERNAME}}...${idsCL[Default]}" if [ "${SECURE}" == "2FA" ]; then ssh root@${NM_AUTHELIA_IP} "sed -ie \"/domain: # Proxies needing 2 factor below/a ~~~ - \\\"${MAIN_SITE}\\\"\" ${NM_DOCKER_COMPOSE_LOC['authelia']}/config/configuration.yml" else ssh root@${NM_AUTHELIA_IP} "sed -ie \"/domain: # Proxies only requiring username and password/a ~~~ - \\\"${MAIN_SITE}\\\"\" ${NM_DOCKER_COMPOSE_LOC['authelia']}/config/configuration.yml" fi ssh root@${NM_AUTHELIA_IP} "sed -i \"s/~~~/ /g\" ${NM_DOCKER_COMPOSE_LOC['authelia']}/config/configuration.yml" ssh root@${NM_AUTHELIA_IP} "/usr/bin/docker restart authelia >/dev/null 2>&1" # else # SECURE="" fi ######################################### LOCAL if [ "${SITE_TYPE}" = "local" ]; then echo -e "server { listen 80;" > ${nginxconfig} if [ "${CREATE_SSL}" = "yes" ]; then echo -e " listen 443 ssl http2;" >> ${nginxconfig} fi echo -e " server_name ${NGINX_SERVERNAME}; set \$base /var/www/${MAIN_SITE}; root \$base/public_html; access_log /var/log/nginx/${MAIN_SITE}-access.log; error_log /var/log/nginx/${MAIN_SITE}-error.log warn;" >> ${nginxconfig} if [ "${CREATE_SSL}" = "yes" ]; then echo -e " ssl_certificate_key ${NM_CERTPATH}/live/${MAIN_SITE}/fullchain.pem; ssl_certificate_key ${NM_CERTPATH}/live/${MAIN_SITE}/privkey.pem; include conf.d/include/ssl-ciphers.conf;" >> ${nginxconfig} fi echo -e " index index.php; location / { try_files \$uri \$uri/ /index.php?\$query_string;" >> ${nginxconfig} if [ "${CREATE_SSL}" = "yes" ]; then echo -e " include conf.d/include/force-ssl.conf;" >> ${nginxconfig} fi echo -e " } location ~ \.php\$ { fastcgi_pass unix:/var/run/php/php7.2-fpm.sock; include conf.d/include/php_fastcgi.conf; } include conf.d/include/general.conf;" >> ${nginxconfig} if [ "${CREATE_SSL}" = "yes" ]; then echo -e " include conf.d/include/letsencrypt-acme-challenge.conf;" >> ${nginxconfig} fi echo -e "}" >> ${nginxconfig} sudo -u www-data mkdir -p /var/www/${MAIN_SITE}/{public_html,nginx_logs} ######################################### PROXY else NEWPROXYSITE_CREATE ${MAIN_SITE} ${NGINX_SERVERNAME} ${PROXYHOST} ${PROXYPORT} ${PROXYSCHEME} ${WEBSOCKET} ${HSTS} ${EXPLOITS} ${SECURE} ${CREATE_SSL} # cp ${NM_FOLDER}/templates/nginx.proxy.site ${nginxconfig} # sed -i "s/<>/${NGINX_SERVERNAME}/g" ${nginxconfig} # sed -i "s/<>/${MAIN_SITE}/g" ${nginxconfig} # sed -i "s/<>/${PROXYHOST}/g" ${nginxconfig} # sed -i "s/<>/${PROXYPORT}/g" ${nginxconfig} # sed -i "s/<>/${PROXYSCHEME}/g" ${nginxconfig} # sed -i "s/<>/${WEBSOCKET}/g" ${nginxconfig} # sed -i "s/<>/${HSTS}/g" ${nginxconfig} # sed -i "s/<>/${EXPLOITS}/g" ${nginxconfig} # sed -i "s/<>/${SECURE}/g" ${nginxconfig} # sed -i "s%<>%${NM_CERTPATH}%g" ${nginxconfig} fi if [ "${CREATE_SSL}" = "yes" ]; then [ -f ${NM_NGINXPATH}/sites-enabled/default* ] && SERVICE nginx restart >/dev/null 2>&1 NEWCERT ${NEW_SITE} newsite ${CERTTEST} fi rm -f ${NM_LOGFOLDER}/new-site.lastrun daterun=`date +%Y-%m-%d-%H-%M-%S` echo -e "${NEW_SITE}\n${daterun}" > ${NM_LOGFOLDER}/new-site.lastrun # yes | cp -rfH ${NM_LOGFOLDER}/new-site.lastrun ${NM_NGINXPATH}/new-site.lastrun # yes | cp -rfH ${NM_LOGFOLDER}/new-site.lastrun /var/www/new-site.lastrun # daterun=`date +%Y-%m-%d-%H-%M-%S` # echo -e "${daterun}" >> ${NM_NGINXPATH}/new-site.lastrun DIVIDER true echo echo -e "${idsCL[LightGreen]}The new site for '${idsCL[LightGreen]}${NEW_SITE}${idsCL[Default]}' has been created.${idsCL[Default]}" echo if [ ! -f ${NM_NGINXPATH}/sites-enabled/default* ]; then echo -en "${idsCL[LightCyan]}Restart NGINX on all Nodes (Y/n): ${idsCL[Default]}" read -n 1 NGINXRELOAD if [[ ${NGINXRELOAD} =~ ^[Nn]$ ]]; then echo else SERVICE nginx restart fi else SERVICE nginx restart fi else echo "Missing proxy arguments" exit 1 fi else ${NM_SCRIPT} newsite exit 0 fi echo } NEWPROXYSITE_CREATE(){ SITENAME=${1} SERVERNAMES=${2} PROXYHOST=${3} PROXYPORT=${4} PROXYSCHEME=${5} WEBSOCKET=${6} HSTS=${7} EXPLOITS=${8} SECURE=${9} SSL=${10} if [[ ${SERVERNAMES} == *","* ]]; then NGINX_SERVERNAME=${SERVERNAMES} IFS=','; SERVERNAMES=(${SERVERNAMES}); unset IFS MAIN_SITE=${SERVERNAMES[0]} else MAIN_SITE=${SERVERNAMES} NGINX_SERVERNAME=${SERVERNAMES} fi nginxconfig=${NM_NGINXPATH}/sites-enabled/${SITENAME,,}.conf if [ "${MAIN_SITE}" != "${SITENAME}" ] && [ -f ${nginxconfig} ]; then echo -e "\n${idsCL[LightRed]}New site name already exists!${idsCL[Default]}\n" exit 1 else [ "${MAIN_SITE}" != "${SITENAME}" ] && [ -f ${NM_NGINXPATH}/sites-enabled/${SITENAME}.conf ] && mv ${NM_NGINXPATH}/sites-enabled/${SITENAME}.conf ${nginxconfig} if [ ! -f ${nginxconfig} ]; then echo -en "${idsCL[LightCyan]}Configuring initial NGINX Site config ... " cp ${NM_FOLDER}/templates/nginx.proxy.site ${nginxconfig} sed -i "s/<>/${NGINX_SERVERNAME//,/ }/g" ${nginxconfig} sed -i "s/<>/${MAIN_SITE}/g" ${nginxconfig} sed -i "s/<>/${PROXYHOST}/g" ${nginxconfig} sed -i "s/<>/${PROXYPORT}/g" ${nginxconfig} sed -i "s/<>/${PROXYSCHEME}/g" ${nginxconfig} sed -i "s%<>%${NM_CERTPATH}%g" ${nginxconfig} echo -e "${idsCL[LightGreen]}CDone${idsCL[Default]}" else oldservernames=$(grep 'server_name' ${nginxconfig});oldservernames=${oldservernames//;/};oldservernames=${oldservernames#* };oldservernames=${oldservernames// /,} if [ "${MAIN_SITE}" != "${SITENAME}" ]; then echo -e "${idsCL[LightCyan]}Detected MAIN_SITE name change, making necesary adjustments ... " echo -en "\n${idsCL[LightCyan]}Removing old SSL Cert ... " DEL-SSL ${SITENAME} >/dev/null 2>&1 echo -e "${idsCL[LightGreen]}Done${idsCL[Default]}\n" echo -en "\n${idsCL[LightCyan]}Requesting new SSL Cert ... " NEWCERT -expand ${NGINX_SERVERNAME} >/dev/null 2>&1 echo -e "${idsCL[LightGreen]}Done${idsCL[Default]}\n" # sed -i "s/live\/${SITENAME}\//live\/${MAIN_SITE}\//g" ${nginxconfig} sed -i "s/\/${SITENAME}/\/${MAIN_SITE}/g" ${nginxconfig} elif [ "${oldservernames}" != "${NGINX_SERVERNAME}" ]; then echo -en "\n${idsCL[LightCyan]}Updating SSL Cert for hostname changes ... " NEWCERT -expand ${NGINX_SERVERNAME} >/dev/null 2>&1 echo -e "${idsCL[LightGreen]}Done${idsCL[Default]}\n" fi echo -en "\n${idsCL[LightCyan]}Configuring NGINX proxy for site ... " sed -i "/set \$forward_scheme/d" ${nginxconfig}; sed -i "/server {/a\\\tset \$forward_scheme ${PROXYSCHEME};" ${nginxconfig} sed -i "/set \$server/d" ${nginxconfig}; sed -i "/set \$forward_scheme/a\\\tset \$server \"${PROXYHOST}\";" ${nginxconfig} sed -i "/set \$port/d" ${nginxconfig}; sed -i "/set \$server/a\\\tset \$port ${PROXYPORT};" ${nginxconfig} sed -i "/server_name/,+1 d" ${nginxconfig}; sed -i "/set \$port/a\\\n\tserver_name ${NGINX_SERVERNAME//,/ };" ${nginxconfig} echo -e "${idsCL[LightGreen]}Done${idsCL[Default]}\n" fi if [ "${SSL^^}" == "YES" ]; then echo -en "${idsCL[LightCyan]}Enabling SSL ... " sed -i "s/#ssl_certificate/ssl_certificate/g" ${nginxconfig} sed -i "s/#listen 443/listen 443/g" ${nginxconfig} sed -i "s/#include conf.d\/include\/ssl-ciphers.conf/include conf.d\/include\/ssl-ciphers.conf/g" ${nginxconfig} sed -i "s/#include conf.d\/include\/force-ssl.conf/include conf.d\/include\/force-ssl.conf/g" ${nginxconfig} echo -e "${idsCL[LightGreen]}Done${idsCL[Default]}" echo if [ ! -f ${NM_CERTPATH}/live/${MAIN_SITE}/cert.pem ]; then echo -e "\n${idsCL[LightCyan]}No SSL cert detected, will generate one now ... " NEWCERT ${NGINX_SERVERNAME} echo fi else echo -en "${idsCL[LightCyan]}Disabling SSL ... " sed -i "s/ssl_certificate/#ssl_certificate/g" ${nginxconfig} sed -i "s/listen 443/#listen 443/g" ${nginxconfig} sed -i "s/include conf.d\/include\/ssl-ciphers.conf/#include conf.d\/include\/ssl-ciphers.conf/g" ${nginxconfig} sed -i "s/include conf.d\/include\/force-ssl.conf/#include conf.d\/include\/force-ssl.conf/g" ${nginxconfig} echo -e "${idsCL[LightGreen]}Done${idsCL[Default]}" echo fi if [[ "${SECURE}" = *"FA"* ]]; then echo -en "${idsCL[LightCyan]}Enabling ${SECURE} SSO access ... " sed -i "s/#include conf.d\/include\/secure-access.conf/include conf.d\/include\/secure-access.conf/g" ${nginxconfig} ssh root@${NM_AUTHELIA_IP} sed -i "/${SITENAME}/d" ${NM_DOCKER_COMPOSE_LOC['authelia']}/config/configuration.yml if [ "${SECURE}" == "2FA" ]; then ssh root@${NM_AUTHELIA_IP} "sed -ie \"/domain: # Proxies needing 2 factor below/a ~~~ - \\\"${MAIN_SITE}\\\"\" ${NM_DOCKER_COMPOSE_LOC['authelia']}/config/configuration.yml" else ssh root@${NM_AUTHELIA_IP} "sed -ie \"/domain: # Proxies only requiring username and password/a ~~~ - \\\"${MAIN_SITE}\\\"\" ${NM_DOCKER_COMPOSE_LOC['authelia']}/config/configuration.yml" fi ssh root@${NM_AUTHELIA_IP} "sed -i \"s/~~~/ /g\" ${NM_DOCKER_COMPOSE_LOC['authelia']}/config/configuration.yml" ssh root@${NM_AUTHELIA_IP} "/usr/bin/docker restart authelia >/dev/null 2>&1" echo -e "${idsCL[LightGreen]}Done${idsCL[Default]}" echo else echo -en "${idsCL[LightCyan]}Disabling SSO access ... " sed -i "s/include conf.d\/include\/secure-access.conf/#include conf.d\/include\/secure-access.conf/g" ${nginxconfig} [ "${NM_AUTHELIA_IP}" != "" ] && ssh root@${NM_AUTHELIA_IP} sed -i "/${SITENAME}/d" ${NM_DOCKER_COMPOSE_LOC['authelia']}/config/configuration.yml echo -e "${idsCL[LightGreen]}Done${idsCL[Default]}" echo fi if [ "${WEBSOCKET^^}" == "YES" ]; then echo -en "${idsCL[LightCyan]}Enabling Websocket Support ... " sed -i "s/#include conf.d\/include\/websocket-support.conf/include conf.d\/include\/websocket-support.conf/g" ${nginxconfig} else echo -en "${idsCL[LightCyan]}Disabling Websocket Support ... " sed -i "s/include conf.d\/include\/websocket-support.conf/#include conf.d\/include\/websocket-support.conf/g" ${nginxconfig} fi echo -e "${idsCL[LightGreen]}Done${idsCL[Default]}" echo if [ "${HSTS^^}" == "YES" ]; then echo -en "${idsCL[LightCyan]}Enabling HSTS Support ... " sed -i "s/#include conf.d\/include\/hsts-support.conf/include conf.d\/include\/hsts-support.conf/g" ${nginxconfig} else echo -en "${idsCL[LightCyan]}Disabling HSTS Support ... " sed -i "s/include conf.d\/include\/hsts-support.conf/#include conf.d\/include\/hsts-support.conf/g" ${nginxconfig} fi echo -e "${idsCL[LightGreen]}Done${idsCL[Default]}" echo if [ "${EXPLOITS^^}" == "YES" ]; then echo -en "${idsCL[LightCyan]}Enabling Web Exploit Blocks ... " sed -i "s/#include conf.d\/include\/block-exploits.conf/include conf.d\/include\/block-exploits.conf/g" ${nginxconfig} else echo -en "${idsCL[LightCyan]}Disabling Web Exploit Blocks ... " sed -i "s/include conf.d\/include\/block-exploits.conf/#include conf.d\/include\/block-exploits.conf/g" ${nginxconfig} fi echo -e "${idsCL[LightGreen]}Done${idsCL[Default]}" echo sed -i "s/##include/#include/g" ${nginxconfig} sed -i "s/##ssl_/#ssl_/g" ${nginxconfig} echo -e "${idsCL[LightGreen]}Site Configuration Complete${idsCL[Default]}" fi } SITEINFO(){ # start=`date +%s` dl=105 EDIT=0; SEARCH=0 while [ $# -gt 0 ]; do case "${1}" in -e|-edit) EDIT=1;; -s|-search) SEARCH=${2};; -h | -help | --help) echo -e "Usage: ${idsCL[LightYellow]}[nodemgmt or nmg] sites ${idsCL[Yellow]}{flags}${idsCL[Default]} {" width=35 printf "%-${width}s- %s\n" " -e|-edit" "(enables edit mode)" printf "%-${width}s- %s\n" " -s|-search {search}" "(narrows list to hostnames containing {search})" echo -e "}\n" exit 0;; esac shift done if [ "${onefacline}" == "" ]; then [ "$($NCMD /sbin/ip -o -4 addr list eth0 | awk '{print $4}' | cut -d/ -f1 | head -n1)" != "${NM_AUTHELIA_IP}" ] && ACMD="ssh root@${NM_AUTHELIA_IP}" || ACMD="" autheliaconfig=$(${ACMD} cat ${NM_DOCKER_COMPOSE_LOC['authelia']}/config/configuration.yml) onefacline=$(echo "${autheliaconfig}" | grep -Fn one_factor | sort | tail -n1) onefacline=${onefacline%%:*} twofacline=$(echo "${autheliaconfig}" | grep -Fn two_factor | sort | tail -n1) twofacline=${twofacline%%:*} fi [ "${SEARCH}" != "0" ] && echo -e "${idsCL[Yellow]}Narrowing list to names containing '${idsCL[LightYellow]}${SEARCH,,}${idsCL[Yellow]}' ${idsCL[Default]}\n" if [ ${EDIT} -eq 1 ]; then [ "${2}" == "" ] && echo -e "${idsCL[LightGreen]}Choose a site from the list below to edit: ${idsCL[Default]}" else echo -e "${idsCL[LightGreen]}Local NGINX Sites ${idsCL[Default]}" fi gosite=${NM_NGINXPATH[${RUN_NODE_TYPE}]}/sites-enabled declare -A SITELIST if [ "${gosite}" != "" ]; then if [ "${SEARCH}" != "0" ]; then sites=$(find ${gosite}/*${SEARCH,,}*.conf) else sites=$(find ${gosite}/*.conf) fi i=1 for sitefile in ${sites[@]}; do site=${sitefile##*/}; site=${site/.conf/} siteconfig=$(cat ${sitefile}) if (( i % 12 == 0 )) || [ $i = 1 ]; then DIVIDER false yellow ${dl} [ ${EDIT} -eq 1 ] && msg1='##) Site Hostname' || msg1='Site Hostname' echo -en "${idsST[Bold]}${idsCL[LightCyan]}" if [ ${EDIT} -eq 1 ]; then printf "%-32s %-8s %-6s %-6s %-6s %-6s %-6s %-8s\n" "${msg1}" "Type" "SSL" "HSTS" "WBSKT" "EXPLT" "LOCK" "Proxy Connection" else printf "%-28s %-8s %-6s %-6s %-6s %-6s %-6s %-8s\n" "${msg1}" "Type" "SSL" "HSTS" "WBSKT" "EXPLT" "LOCK" "Proxy Connection" fi echo -en "${idsST[Reset]}${idsCL[Default]}" DIVIDER false yellow ${dl} else DIVIDER false darkGray ${dl} fi #twofacline=$(echo "${autheliaconfig}" | grep -Fn two_factor | sort | tail -n1) if [ "$(echo "${siteconfig}" | grep include/proxy.conf)" != "" ] || [ "$(echo "${siteconfig}" | grep proxy_pass)" != "" ]; then type='Proxy' if [ "$(echo "${siteconfig}" | grep include/proxy.conf)" != "" ]; then server=$(echo "${siteconfig}" | grep 'set $server') server=${server#*\"}; server=${server%\"*} scheme=$(echo "${siteconfig}" | grep 'set $forward_scheme') scheme=${scheme##* }; scheme=${scheme%;*} port=$(echo "${siteconfig}" | grep 'set $port') port=${port##* }; port=${port%;*} proxyhost="${scheme}://${server}:${port}" else proxyhost="[ custom proxy_pass ]" fi else type='HTTP' proxyhost='' fi server=$(echo "${siteconfig}" | grep 'set $port') [ "$(echo "${siteconfig}" | grep \#ssl_certificate)" != "" ] && ssl='' || ssl='Yes' [ "$(echo "${siteconfig}" | grep '\#include conf.d/include/hsts-support.conf')" != "" ] && hsts='' || hsts='Yes' [ "$(echo "${siteconfig}" | grep '\#include conf.d/include/websocket-support.conf')" != "" ] && wbskt='' || wbskt='Yes' [ "$(echo "${siteconfig}" | grep '\#include conf.d/include/block-exploits.conf')" != "" ] && explt='' || explt='Yes' if [ "$(echo "${siteconfig}" | grep '\#include conf.d/include/secure-access.conf')" == "" ]; then sitefacline=$(echo "${autheliaconfig}" | grep -Fn ${site}) sitefacline=${sitefacline%%:*} if [ "${sitefacline}" == "" ]; then lock='error' # ssh root@${NM_AUTHELIA_IP} "sed -ie \"/domain: # Proxies only requiring username and password/a ~~~ - \\\"${site}\\\"\" ${NM_DOCKER_COMPOSE_LOC['authelia']}/config/configuration.yml" # ssh root@${NM_AUTHELIA_IP} "sed -i \"s/~~~/ /g\" ${NM_DOCKER_COMPOSE_LOC['authelia']}/config/configuration.yml" elif [ ${sitefacline} -lt ${onefacline} ]; then lock='1FA' elif [ ${sitefacline} -lt ${twofacline} ]; then lock='2FA' fi else lock='' fi [ ${i} -lt 10 ] && ii=" ${i}" || ii=${i} [ ${EDIT} -eq 1 ] && msg1="${ii}) ${site}" || msg1="${site}" if [ ${EDIT} -eq 1 ]; then printf "%-32s %-8s %-6s %-6s %-6s %-6s %-6s %-14s\n" "${msg1}" "${type}" "${ssl}" "${hsts}" "${wbskt}" "${explt}" "${lock}" "${proxyhost}" else printf "%-28s %-8s %-6s %-6s %-6s %-6s %-6s %-14s\n" "${msg1}" "${type}" "${ssl}" "${hsts}" "${wbskt}" "${explt}" "${lock}" "${proxyhost}" fi SITELIST[${i}]=${site} i=`expr $i + 1` done echo if [ ${EDIT} -eq 1 ]; then DIVIDER . yellow ${dl} function exitspacing { echo -e "\n\033[K\n\033[K" exit 0 } trap exitspacing EXIT while [ "${editc^}" != "E" ]; do echo -e "\033[K" echo -e "\033[K" echo -e "\033[K (${idsCL[Green]}A${idsCL[Default]})dd New Site, (${idsCL[Green]}R${idsCL[Default]})eload, (${idsCL[Yellow]}E${idsCL[Default]})xit" echo -e "\033[K" echo -e "\033[K" echo -e "\033[K" echo -e "\033[7A" echo -en "${idsCL[LightCyan]}Enter the site number you want to edit: ${idsCL[Default]}" read siteid echo if [ "${siteid^}" == "E" ]; then echo -e "\033[K" exit 0 elif [ "${siteid^}" == "A" ]; then echo -en "\033[1A\033[K\r" NEWSITE [ "${SEARCH}" != "0" ] && SITEINFO -edit -search ${SEARCH} || SITEINFO -edit exit 0 elif [ "${siteid^}" == "R" ]; then [ "${SEARCH}" != "0" ] && SITEINFO -edit -search ${SEARCH} || SITEINFO -edit exit 0 elif [ "${SITELIST[${siteid}]}" != "" ]; then site=${SITELIST[${siteid}]} sitefile=${gosite}/${site}.conf siteconfig=$(cat ${sitefile}) if [ "$(echo "${siteconfig}" | grep \#ssl_certificate)" != "" ]; then ssl='-' SUBJECTNAMES="" else ssl='Yes' certpath=$(echo "${siteconfig}" | grep ssl_certificate_key) certpath=${certpath%/*} certpath=${certpath#* } SUBJECTNAMES=$(openssl x509 -in ${certpath}/cert.pem -noout -text|grep -oP '(?<=DNS:|IP Address:)[^,]+'|sort -uV) CERTEXPIRE=$(date -d "$(: | openssl x509 -in ${certpath}/cert.pem -text | grep 'Not After' |awk '{print $4,$5,$7}')" '+%s'); SUBJECTNAMES=${SUBJECTNAMES//$'\n'/, } fi if [ "$(echo "${siteconfig}" | grep include/proxy.conf)" != "" ]; then type='Proxy' server=$(echo "${siteconfig}" | grep 'set $server') server=${server#*\"}; server=${server%\"*} servernames=$(echo "${siteconfig}" | grep 'server_name') servernames=${servernames//;/} servernames=${servernames#* } servernames=${servernames// /,} scheme=$(echo "${siteconfig}" | grep 'set $forward_scheme') scheme=${scheme##* }; scheme=${scheme%;*} port=$(echo "${siteconfig}" | grep 'set $port') port=${port##* }; port=${port%;*} else type='HTTP' fi [ "$(echo "${siteconfig}" | grep '\#include conf.d/include/hsts-support.conf')" != "" ] && hsts='-' || hsts='Yes' [ "$(echo "${siteconfig}" | grep '\#include conf.d/include/websocket-support.conf')" != "" ] && wbskt='-' || wbskt='Yes' [ "$(echo "${siteconfig}" | grep '\#include conf.d/include/block-exploits.conf')" != "" ] && explt='-' || explt='Yes' if [ "$(echo "${siteconfig}" | grep '\#include conf.d/include/secure-access.conf')" == "" ]; then sitefacline=$(echo "${autheliaconfig}" | grep -Fn ${site} | sort | tail -n1) sitefacline=${onefacline%%:*} if [ "${sitefacline}" == "" ]; then lock='error' elif [ ${sitefacline} -lt ${onefacline} ]; then lock='1FA' elif [ ${sitefacline} -lt ${twofacline} ]; then lock='2FA' fi else lock='-' fi editc=0 until [ "${editc^}" = "C" ]; do echo -e "\033[K${idsCL[White]}0) Site Address(es): ${idsCL[Cyan]}${idsST[Bold]}${servernames}${idsST[Reset]}" echo -e "\033[K${idsCL[White]}1) Site Type: ${idsCL[Cyan]}${idsST[Bold]}${type}${idsST[Reset]}" echo -en "\033[K${idsCL[White]}2) SSL Secure: ${idsCL[Cyan]}${idsST[Bold]}${ssl}${idsST[Reset]}" [ "${SUBJECTNAMES}" != "" ] && echo -e " ${idsCL[Cyan]}[SSL Names: ${idsCL[Yellow]}${SUBJECTNAMES}${idsCL[Cyan]}; expires ${idsCL[Yellow]}$(date -d @${CERTEXPIRE} '+%m-%d-%Y')${idsCL[Cyan]}]" || echo echo -e "\033[K${idsCL[White]}3) HSTS Enabled: ${idsCL[Cyan]}${idsST[Bold]}${hsts}${idsST[Reset]}" echo -e "\033[K${idsCL[White]}4) Web Sockets: ${idsCL[Cyan]}${idsST[Bold]}${wbskt}${idsST[Reset]}" echo -e "\033[K${idsCL[White]}5) Exploits Block: ${idsCL[Cyan]}${idsST[Bold]}${explt}${idsST[Reset]}" echo -e "\033[K${idsCL[White]}6) Secured Access: ${idsCL[Cyan]}${idsST[Bold]}${lock}${idsST[Reset]}" if [ "${type}" == "Proxy" ]; then echo -e "\033[K${idsCL[White]}7) Proxy Address: ${idsCL[Cyan]}${idsST[Bold]}${server}${idsST[Reset]}" echo -e "\033[K${idsCL[White]}8) Proxy Scheme: ${idsCL[Cyan]}${idsST[Bold]}${scheme}${idsST[Reset]}" echo -e "\033[K${idsCL[White]}9) Proxy Port: ${idsCL[Cyan]}${idsST[Bold]}${port}${idsST[Reset]}" else echo -e "\033[K" echo -e "\033[K" echo -e "\033[K" fi if [ "${editc}" != "s" ]; then echo -e "\033[K" echo -e "\033[K" echo -e "\033[K" echo -e "\033[K (${idsCL[Green]}S${idsCL[Default]})ave Site, (${idsCL[Red]}D${idsCL[Default]})elete Site, (${idsCL[Yellow]}C${idsCL[Default]})ancel, (${idsCL[Yellow]}E${idsCL[Default]})xit" echo -e "\033[K" echo -e "\033[K" echo -e "\033[7A" echo -en "\033[K\n\033[K\r${idsCL[LightCyan]}Enter the item number to edit: ${idsCL[Default]}" read -n 1 editc case "${editc}" in 0) echo -e "\033[K\n\033[K" echo -en "\033[KEnter new Server Names (comma seperated): " read -i "${servernames}" -e servernames servernames=${servernames//, /,} echo -e "\033[5A"; for (( c=1; c<=5; c++ )); do echo -e "\033[K"; done; echo -e "\033[5A" ;; 1) [ "${type}" == "HTTP" ] && type='Proxy' || type='HTTP';; 2) [ "${ssl}" == "-" ] && ssl='Yes' || ssl='-';; 3) [ "${hsts}" == "-" ] && hsts='Yes' || hsts='-';; 4) [ "${wbskt}" == "-" ] && wbskt='Yes' || wbskt='-';; 5) [ "${explt}" == "-" ] && explt='Yes' || explt='-';; 6) if [ "${lock}" == "-" ]; then lock='1FA' elif [ "${lock}" == "1FA" ]; then lock='2FA' elif [ "${lock}" == "2FA" ]; then lock='-' fi ;; 7) echo -e "\033[K\n\033[K" echo -en "\033[KEnter new Proxy Address: " read -i "${server}" -e server echo -e "\033[5A"; for (( c=1; c<=5; c++ )); do echo -e "\033[K"; done; echo -e "\033[5A" ;; 8) [ "${scheme}" == "http" ] && scheme='https' || scheme='http';; 9) echo -e "\033[K\n\033[K" echo -en "\033[KEnter new Proxy Port: " read -i "${port}" -e port echo -e "\033[5A"; for (( c=1; c<=5; c++ )); do echo -e "\033[K"; done; echo -e "\033[5A" ;; [Cc]) echo -e "\r\033[K\n\r\033[K\n\r\033[K" echo -e "\033[16A"; for (( c=1; c<=16; c++ )); do echo -e "\r\033[K"; done; echo -e "\033[16A" echo -e "\n\n\n\n\n\n\n\n" ;; [Dd]) echo -e "\033[K\n\033[K" echo -en "\033[K${idsCL[LightCyan]}Are you sure you wish to delete the site and associated SSL if applicable (y/N): ${idsCL[Default]}" read -n 1 delconfirm case "${delconfirm}" in [Yy]) echo -en "\n\n${idsCL[LightCyan]}Removing site ... " # DELSITE -site ${site} -ssl yes >/dev/null 2>&1 echo -e "${idsCL[LightGreen]}Done\n${idsCL[Default]}" [ "${SEARCH}" != "0" ] && SITEINFO -edit -search ${SEARCH} || SITEINFO -edit exit 0 ;; *) [ "${delconfirm}" != "" ] && echo echo -e "\033[5A"; for (( c=1; c<=5; c++ )); do echo -e "\033[K"; done; echo -e "\033[5A" ;; esac ;; [Ee]) echo -e "\033[K" exit 0 ;; *) ;; esac [ "${editc}" == "" ] && echo -e "\033[13A" || echo -e "\033[12A" else for (( c=1; c<=5; c++ )); do echo -e "\033[K"; done; echo -e "\033[6A" echo -en "\n\033[K${idsCL[LightCyan]}Confirm changes (Y/n): ${idsCL[Default]}" read -n 1 confirm case "${confirm}" in [Nn]) editc=C echo -e "\r\033[K\n\r\033[K\n\r\033[K" echo -e "\033[13A"; for (( c=1; c<=13; c++ )); do echo -e "\r\033[K"; done; echo -e "\033[17A" ;; *) echo -en "\033[1A\033[K\r${idsCL[LightCyan]}Configuring changes ... ${idsCL[Default]}" NEWPROXYSITE_CREATE ${site} ${servernames} ${server} ${port} ${scheme} ${wbskt} ${hsts} ${explt} ${lock} ${ssl} >/dev/null 2>&1 echo -e "${idsCL[LightGreen]}Done${idsCL[Default]}" echo echo -en "\033[K\r${idsCL[LightCyan]}Continue or Exit (C/e): ${idsCL[Default]}" read -n1 con case "${con}" in [Ee]) # echo -e "\n\033[K\n\033[K" exit 0 ;; *) editc=C echo -e "\r\033[K\n\r\033[K\n\r\033[K" echo -e "\033[17A"; for (( c=1; c<=17; c++ )); do echo -e "\r\033[K"; done; echo -e "\033[20A" ;; esac ;; esac fi done else #no site echo -e "\033[3A"; for (( c=1; c<=3; c++ )); do echo -e "\r\033[K"; done; echo -e "\033[4A" fi done echo fi else echo -e "\nNo site information found for this node" fi echo # end=`date +%s` # runtime=$((end-start)) # echo "runtime: ${runtime}" # echo }