957 lines
37 KiB
Bash
Executable File
957 lines
37 KiB
Bash
Executable File
#!/usr/bin/env bash
|
|
DELSITE(){
|
|
while [ $# -gt 0 ]; do
|
|
case "$1" in
|
|
-site) DEL_SITE=${2};;
|
|
-ssl) DEL_SSL=${2};;
|
|
-*)
|
|
[ "${1}" != "-h" ] && echo "Invalid option: '${1}' requires an argument" 1>&2
|
|
echo -e "Usage: ${idsCL[Yellow]}[nodemgmt or nmg] delsite${idsCL[Default]} {"
|
|
width=35
|
|
printf "%-${width}s- %s\n" " -site {FQDN address}" "(*required)"
|
|
printf "%-${width}s- %s\n" " -ssl {yes or [no]}" "Delete SSL certs as well"
|
|
printf "%-${width}s- %s\n" " -list" "List sites (same as running nodemgmt delsites)"
|
|
echo -e "}\n"
|
|
exit 0
|
|
;;
|
|
esac
|
|
shift
|
|
done
|
|
if [ -z ${DEL_SITE+x} ]; then
|
|
until [ "${DEL_SITE}" != "" ]; do
|
|
echo -en "${idsCL[LightCyan]}Delete what site address: ${idsCL[Default]}"
|
|
read DEL_SITE
|
|
echo
|
|
done
|
|
fi
|
|
if [[ $DEL_SSL =~ ^[Nn]$ ]]; then
|
|
DEL_SSL=no
|
|
elif [[ $DEL_SSL =~ ^[Yy]$ ]]; then
|
|
DEL_SSL=yes
|
|
elif [ -z ${DEL_SSL+x} ]; then
|
|
echo -en "${idsCL[LightRed]}Do you also want to delete the certs for '${DEL_SITE}' as well? [y/N]${idsCL[Default]} "
|
|
read DEL_SSL
|
|
if [[ $DEL_SSL =~ ^[Nn]$ ]]; then
|
|
DEL_SSL=no
|
|
elif [[ $DEL_SSL =~ ^[Yy]$ ]]; then
|
|
DEL_SSL=yes
|
|
fi
|
|
fi
|
|
if [ ! -z ${DEL_SITE+x} ] && [ "${DEL_SITE}" != "" ]; then
|
|
echo -e "${idsCL[LightRed]}Deleting site '${idsCL[Red]}${DEL_SITE^^}${idsCL[LightRed]}'...${idsCL[Default]}"
|
|
echo
|
|
|
|
echo -e "${idsCL[LightRed]}[[Removing Files and Folders]]${idsCL[Default]}"
|
|
echo -e "${idsCL[LightRed]}-------------------------------------------${idsCL[Default]}"
|
|
echo
|
|
echo -en "${idsCL[LightCyan]}Removing NGINX files ... ${idsCL[Default]}"
|
|
rm -f ${NM_NGINXPATH}/sites-available/${DEL_SITE}* >/dev/null 2>&1
|
|
rm -f ${NM_NGINXPATH}/sites-enabled/${DEL_SITE}* >/dev/null 2>&1
|
|
echo -e "${idsCL[Green]}Done${idsCL[Default]}"
|
|
echo
|
|
if [ "${DEL_SSL}" == "yes" ]; then
|
|
DEL-SSL ${DEL_SITE}
|
|
echo
|
|
fi
|
|
|
|
[ "${NM_AUTHELIA_IP}" != "" ] && ${SSHCMD} root@${NM_AUTHELIA_IP} sed -i "/${DEL_SITE}/d" ${NM_DOCKER_COMPOSE_LOC['authelia']}/config/configuration.yml
|
|
|
|
# if [[ "${RUN_NODE_IP}" != "10.6.1"* ]]; then
|
|
SERVICE_MGMT nginx restart
|
|
# else
|
|
# /bin/systemctl restart nginx
|
|
# fi
|
|
echo -e "${idsCL[LightRed]}Site has been deleted.${idsCL[Default]}\n"
|
|
else
|
|
echo "Missing arguments"
|
|
echo
|
|
echo -e "Usage: ${idsCL[Yellow]}[nodemgmt or nmg] delsite${idsCL[Default]} {"
|
|
width=35
|
|
printf "%-${width}s- %s\n" " -site {FQDN address}" "Site to delete"
|
|
printf "%-${width}s- %s\n" " -ssl {yes or [no]}" "Delete SSL certs as well"
|
|
printf "%-${width}s- %s\n" " -list" "List sites (same as running nodemgmt delsites)"
|
|
echo "}"
|
|
exit 1
|
|
fi
|
|
}
|
|
|
|
NEWSITE(){
|
|
CERTTEST=0
|
|
echo
|
|
while [ $# -gt 0 ]; do
|
|
case "$1" in
|
|
-t|-test) CERTTEST=1;;
|
|
-site) NEW_SITE=${2};;
|
|
-type) SITE_TYPE=${2};;
|
|
-ssl) CREATE_SSL=${2};;
|
|
-proxy_scheme) PROXYSCHEME=${2};;
|
|
-proxy_host) PROXYHOST=${2};;
|
|
-proxy_port) PROXYPORT=${2};;
|
|
-websocket) WEBSOCKET=${2};;
|
|
-hsts) HSTS=${2};;
|
|
-exploits) EXPLOITS=${2};;
|
|
-secure) SECURE=${2};;
|
|
-h | -help | --help)
|
|
echo -e "Usage: ${idsCL[LightYellow]}[nodemgmt or nmg] newsite ${idsCL[Yellow]}{flags}${idsCL[Default]} {"
|
|
width=35
|
|
printf "%-${width}s- %s\n" " -site {FQDN address(,es)}" "(new site and aliases, comma separated)"
|
|
printf "%-${width}s- %s\n" " -ssl {yes or no}" "(create and enable ssl)"
|
|
printf "%-${width}s- %s\n" " -type {'local' or 'proxy'}" "(defaults to proxy)"
|
|
printf "%-${width}s- %s\n" " -proxy_port {host port}" "(proxy backend host)"
|
|
printf "%-${width}s- %s\n" " -proxy_host {IP or FQDN}" "(proxy backend port)"
|
|
printf "%-${width}s- %s\n" " -proxy_scheme {http or https}" "(proxy backend scheme)"
|
|
printf "%-${width}s- %s\n" " -websocket {yes or no}" "(websocket support)"
|
|
printf "%-${width}s- %s\n" " -hsts {yes or no}" "(hsts support)"
|
|
printf "%-${width}s- %s\n" " -exploits {yes or no}" "(block exploits)"
|
|
printf "%-${width}s- %s\n" " -secure {1FA, 2FA or no}" "(SSO secure access)"
|
|
printf "%-${width}s- %s\n" " -t|-test" "(enables dry-run mode for CertBot)"
|
|
echo "}"
|
|
echo
|
|
exit 0;;
|
|
esac
|
|
shift
|
|
done
|
|
if [ ${CERTTEST} -eq 1 ]; then
|
|
echo -e "${idsCL[LightYellow]}${idsST[Bold]}### REQUESTING CERT IN TEST MODE ###${idsST[Reset]}${idsCL[Default]}"
|
|
echo
|
|
fi
|
|
if [ -z ${NEW_SITE+x} ]; then
|
|
until [ "${NEW_SITE}" != "" ]; do
|
|
echo -en "${idsCL[LightCyan]}New site domain name (comma seperated for multiple): ${idsCL[Default]}"
|
|
read NEW_SITE
|
|
echo
|
|
done
|
|
showdivide=yes
|
|
fi
|
|
if [[ ${NEW_SITE} == *","* ]]; then
|
|
IFS=','; NEW_SITES=(${NEW_SITE}); unset IFS
|
|
MAIN_SITE=${NEW_SITES[0]}
|
|
NGINX_SERVERNAME=${NEW_SITE//[,]/ }
|
|
else
|
|
MAIN_SITE=${NEW_SITE}
|
|
NGINX_SERVERNAME=${NEW_SITE}
|
|
|
|
fi
|
|
nginxconfig=${NM_NGINXPATH}/sites-available/${MAIN_SITE}.conf
|
|
|
|
if [ -f ${nginxconfig} ]; then
|
|
echo -en "${idsCL[LightRed]}This site already exists, overwrite it? (y/N): ${idsCL[Default]}"
|
|
read overwrite
|
|
echo
|
|
if [[ ${overwrite} =~ ^[Nn]$ ]] || [ "${overwrite}" = "" ]; then
|
|
exit 0
|
|
elif [[ ${overwrite} =~ ^[Yy]$ ]]; then
|
|
rm -f ${nginxconfig} >/dev/null 2>&1
|
|
[ "${NM_AUTHELIA_IP}" != "" ] && ${SSHCMD} root@${NM_AUTHELIA_IP} sed -i "/${MAIN_SITE}/d" ${NM_DOCKER_COMPOSE_LOC['authelia']}/config/configuration.yml
|
|
else
|
|
exit 0
|
|
fi
|
|
fi
|
|
# if [ -z ${CREATE_SSL+x} ]; then
|
|
# echo -en "${idsCL[LightCyan]}Create SSL for site? [Y/n] ${idsCL[Default]}"
|
|
# read CREATE_SSL
|
|
# showdivide=yes
|
|
# if [[ $CREATE_SSL =~ ^[Yy]$ ]] || [ "${CREATE_SSL}" = "" ]; then
|
|
# CREATE_SSL=yes
|
|
# else
|
|
# CREATE_SSL=no
|
|
# fi
|
|
# echo
|
|
# fi
|
|
if [ -z ${SITE_TYPE+x} ]; then
|
|
until [ "${SITE_TYPE}" == "proxy" ]; do
|
|
echo -en "${idsCL[LightCyan]}Site type (local/{proxy}): ${idsCL[Default]}"
|
|
read SITE_TYPE
|
|
if [ "${SITE_TYPE}" == "" ]; then
|
|
SITE_TYPE=proxy
|
|
else
|
|
SITE_TYPE=${SITE_TYPE,,}
|
|
fi
|
|
echo
|
|
done
|
|
showdivide=yes
|
|
fi
|
|
if [ "${SITE_TYPE}" = "proxy" ]; then
|
|
if [ -z ${PROXYHOST+x} ]; then
|
|
until [ "${PROXYHOST}" != "" ]; do
|
|
echo -en "${idsCL[LightCyan]}What is the proxy backend address (IP or FQDN): ${idsCL[Default]}"
|
|
read PROXYHOST
|
|
echo
|
|
done
|
|
showdivide=yes
|
|
fi
|
|
if [ -z ${PROXYPORT+x} ]; then
|
|
until [ "${PROXYPORT}" != "" ]; do
|
|
echo -en "${idsCL[LightCyan]}What is the proxy backend port (tcp port): ${idsCL[Default]}"
|
|
read PROXYPORT
|
|
echo
|
|
done
|
|
showdivide=yes
|
|
fi
|
|
if [ -z ${PROXYSCHEME+x} ]; then
|
|
until [ "${PROXYSCHEME}" == "http" ] || [ "${PROXYSCHEME}" == "https" ]; do
|
|
echo -en "${idsCL[LightCyan]}What is the proxy backend scheme (http/https): ${idsCL[Default]}"
|
|
read PROXYSCHEME
|
|
[ "${PROXYSCHEME}" != "" ] && PROXYSCHEME=${PROXYSCHEME,,}
|
|
echo
|
|
done
|
|
showdivide=yes
|
|
fi
|
|
# if [ -z ${WEBSOCKET+x} ]; then
|
|
# echo -en "${idsCL[LightCyan]}Enable Websocket Support (y/N): ${idsCL[Default]}"
|
|
# read WEBSOCKET
|
|
# showdivide=yes
|
|
# if [[ ${WEBSOCKET} =~ ^[Nn]$ ]] || [ "${WEBSOCKET}" = "" ]; then
|
|
# WEBSOCKET=no
|
|
# elif [[ ${WEBSOCKET} =~ ^[Yy]$ ]]; then
|
|
# WEBSOCKET=yes
|
|
# else
|
|
# WEBSOCKET=no
|
|
# fi
|
|
# echo
|
|
# fi
|
|
# if [ -z ${HSTS+x} ]; then
|
|
# echo -en "${idsCL[LightCyan]}Enable HSTS Support (Y/n): ${idsCL[Default]}"
|
|
# read HSTS
|
|
# showdivide=yes
|
|
# ([[ ${HSTS} =~ ^[Yy]$ ]] || [ "${HSTS}" = "" ]) && HSTS=yes || HSTS=no
|
|
# echo
|
|
# fi
|
|
# if [ -z ${EXPLOITS+x} ]; then
|
|
# echo -en "${idsCL[LightCyan]}Block exploits (y/N): ${idsCL[Default]}"
|
|
# read EXPLOITS
|
|
# showdivide=yes
|
|
# if [[ ${EXPLOITS} =~ ^[Nn]$ ]] || [ "${EXPLOITS}" = "" ]; then
|
|
# EXPLOITS=no
|
|
# elif [[ ${EXPLOITS} =~ ^[Yy]$ ]]; then
|
|
# EXPLOITS=yes
|
|
# else
|
|
# EXPLOITS=no
|
|
# fi
|
|
# echo
|
|
# fi
|
|
# if [ -z ${SECURE+x} ]; then
|
|
# echo -en "${idsCL[LightCyan]}Secure site with Authelia SSO (y/N): ${idsCL[Default]}"
|
|
# read SECURE
|
|
# showdivide=yes
|
|
# if [[ ${SECURE} =~ ^[Nn]$ ]] || [ "${SECURE}" = "" ]; then
|
|
# SECURE=no
|
|
# elif [[ ${SECURE} =~ ^[Yy]$ ]]; then
|
|
# echo -en "${idsCL[LightCyan]}Would you like to add a side of MFA with that SSO (Y/n): ${idsCL[Default]}"
|
|
# read MFA
|
|
# showdivide=yes
|
|
# ([[ ${MFA} =~ ^[Yy]$ ]] || [ "${MFA}" = "" ]) && SECURE="2FA" || SECURE="1FA"
|
|
# else
|
|
# SECURE=no
|
|
# fi
|
|
# echo
|
|
# fi
|
|
fi
|
|
[ "${showdivide}" == "yes" ] && DIVIDER
|
|
echo
|
|
|
|
|
|
NEWSITE=true
|
|
EDITSITE
|
|
|
|
|
|
# width=18
|
|
# printf "%-${width}s: %s\n" "New site" "${NEW_SITE}"
|
|
# printf "%-${width}s: %s\n" "Create SSL" "${CREATE_SSL}"
|
|
# printf "%-${width}s: %s\n" "Site type" "${SITE_TYPE}"
|
|
# if [ "${SITE_TYPE}" = "proxy" ]; then
|
|
# printf "%-${width}s: %s\n" "Proxy host" "${PROXYHOST}"
|
|
# printf "%-${width}s: %s\n" "Proxy port" "${PROXYPORT}"
|
|
# printf "%-${width}s: %s\n" "Proxy scheme" "${PROXYSCHEME}"
|
|
# printf "%-${width}s: %s\n" "Websocket Support" "${WEBSOCKET}"
|
|
# printf "%-${width}s: %s\n" "HSTS Support" "${HSTS}"
|
|
# printf "%-${width}s: %s\n" "Block Exploits" "${EXPLOITS}"
|
|
# printf "%-${width}s: %s\n" "Secure Access" "${SECURE}"
|
|
# fi
|
|
# echo
|
|
# echo -en "${idsCL[LightGreen]}Is this information correct? [Y/n]${idsCL[Default]} "
|
|
# read -n 1 response
|
|
# echo
|
|
|
|
if [[ $response =~ ^[Yy]$ ]] || [ "${response}" = "" ]; then
|
|
if [ "${SITE_TYPE}" = "proxy" ]; then
|
|
if [ ! -z ${PROXYSCHEME+x} ] && [ ! -z ${PROXYHOST+x} ] && [ ! -z ${PROXYPORT+x} ]; then GO=true; fi
|
|
else GO=true
|
|
fi
|
|
if [ "${GO}" = "true" ]; then
|
|
echo -e "${idsCL[LightGreen]}Setting up new site for '${idsCL[Yellow]}${MAIN_SITE}${idsCL[LightGreen]}' {${NGINX_SERVERNAME}}...${idsCL[Default]}"
|
|
echo
|
|
if [[ "${SECURE}" = *"FA"* ]] && [ "${NM_DOCKER_COMPOSE_LOC['authelia']}" != "" ]; then
|
|
echo -e "${idsCL[LightGreen]}Configuring Authelia SSO for '${idsCL[Yellow]}${MAIN_SITE}${idsCL[LightGreen]}' {${NGINX_SERVERNAME}}...${idsCL[Default]}"
|
|
|
|
if [ "${SECURE}" == "2FA" ]; then
|
|
${SSHCMD} root@${NM_AUTHELIA_IP} "sed -ie \"/domain: # Proxies needing 2 factor below/a ~~~ - \\\"${MAIN_SITE}\\\"\" ${NM_DOCKER_COMPOSE_LOC['authelia']}/config/configuration.yml"
|
|
else
|
|
${SSHCMD} root@${NM_AUTHELIA_IP} "sed -ie \"/domain: # Proxies only requiring username and password/a ~~~ - \\\"${MAIN_SITE}\\\"\" ${NM_DOCKER_COMPOSE_LOC['authelia']}/config/configuration.yml"
|
|
fi
|
|
${SSHCMD} root@${NM_AUTHELIA_IP} "sed -i \"s/~~~/ /g\" ${NM_DOCKER_COMPOSE_LOC['authelia']}/config/configuration.yml"
|
|
${SSHCMD} root@${NM_AUTHELIA_IP} "/usr/bin/docker restart authelia >/dev/null 2>&1"
|
|
fi
|
|
|
|
######################################### LOCAL
|
|
if [ "${SITE_TYPE}" = "local" ]; then
|
|
echo -e "server {
|
|
listen 80;" > ${nginxconfig}
|
|
if [ "${CREATE_SSL}" = "yes" ]; then
|
|
echo -e " listen 443 ssl http2;" >> ${nginxconfig}
|
|
fi
|
|
echo -e "
|
|
server_name ${NGINX_SERVERNAME};
|
|
|
|
set \$base ${NM_WWWPATH}/${MAIN_SITE};
|
|
root \$base/public_html;
|
|
|
|
access_log /var/log/nginx/${MAIN_SITE}-access.log;
|
|
error_log /var/log/nginx/${MAIN_SITE}-error.log warn;" >> ${nginxconfig}
|
|
|
|
if [ "${CREATE_SSL}" = "yes" ]; then
|
|
echo -e "
|
|
ssl_certificate_key ${NM_CERTPATH}/live/${MAIN_SITE}/fullchain.pem;
|
|
ssl_certificate_key ${NM_CERTPATH}/live/${MAIN_SITE}/privkey.pem;
|
|
include conf.d/include/ssl-ciphers.conf;" >> ${nginxconfig}
|
|
fi
|
|
echo -e "
|
|
index index.php;
|
|
|
|
location / {
|
|
try_files \$uri \$uri/ /index.php?\$query_string;" >> ${nginxconfig}
|
|
if [ "${CREATE_SSL}" = "yes" ]; then
|
|
echo -e " include conf.d/include/force-ssl.conf;" >> ${nginxconfig}
|
|
fi
|
|
echo -e " }
|
|
|
|
location ~ \.php\$ {
|
|
fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;
|
|
include conf.d/include/php_fastcgi.conf;
|
|
}
|
|
|
|
include conf.d/include/general.conf;" >> ${nginxconfig}
|
|
if [ "${CREATE_SSL}" = "yes" ]; then
|
|
echo -e " include conf.d/include/letsencrypt-acme-challenge.conf;" >> ${nginxconfig}
|
|
fi
|
|
echo -e "}" >> ${nginxconfig}
|
|
|
|
sudo -u www-data mkdir -p ${NM_WWWPATH}/${MAIN_SITE}/{public_html,nginx_logs}
|
|
|
|
|
|
######################################### PROXY
|
|
else
|
|
NEWPROXYSITE_CREATE ${MAIN_SITE} ${NGINX_SERVERNAME} ${PROXYHOST} ${PROXYPORT} ${PROXYSCHEME} ${WEBSOCKET} ${HSTS} ${EXPLOITS} ${SECURE} ${CREATE_SSL} ${CERTTEST} NEWSITE
|
|
|
|
fi
|
|
|
|
daterun=`date +%Y-%m-%d-%H-%M-%S`
|
|
echo -e "${NEW_SITE}\n${daterun}" >| ${NM_LOGFOLDER}/new-site.lastrun
|
|
DIVIDER true
|
|
echo
|
|
echo -e "${idsCL[LightGreen]}The new site for '${idsCL[LightGreen]}${NEW_SITE}${idsCL[Default]}' has been created.${idsCL[Default]}"
|
|
echo
|
|
if [ ! -f ${NM_NGINXPATH}/sites-available/default* ]; then
|
|
echo -en "${idsCL[LightCyan]}Restart NGINX on all Nodes (Y/n): ${idsCL[Default]}"
|
|
read -n 1 NGINXRELOAD
|
|
if [[ ${NGINXRELOAD} =~ ^[Nn]$ ]]; then
|
|
echo
|
|
else
|
|
# if [[ "${RUN_NODE_IP}" != "10.6.1"* ]]; then
|
|
SERVICE_MGMT nginx restart
|
|
# else
|
|
# /bin/systemctl restart nginx
|
|
# fi
|
|
fi
|
|
else
|
|
# if [[ "${RUN_NODE_IP}" != "10.6.1"* ]]; then
|
|
SERVICE_MGMT nginx restart
|
|
# else
|
|
# /bin/systemctl restart nginx
|
|
# fi
|
|
fi
|
|
else
|
|
echo "Missing proxy arguments"
|
|
exit 1
|
|
fi
|
|
|
|
else
|
|
${NM_SCRIPT} newsite
|
|
exit 0
|
|
fi
|
|
echo
|
|
}
|
|
|
|
NEWPROXYSITE_CREATE(){
|
|
SITENAME=${1}
|
|
SERVERNAMES=${2}
|
|
PROXYHOST=${3}
|
|
PROXYPORT=${4}
|
|
PROXYSCHEME=${5}
|
|
WEBSOCKET=${6}
|
|
HSTS=${7}
|
|
EXPLOITS=${8}
|
|
SECURE=${9}
|
|
SSL=${10}
|
|
CERTTEST=${11}
|
|
[ "${12}" == "NEWSITE" ] && NEWSITE=1 || NEWSITE=0
|
|
|
|
[ "${CERTTEST}" == "1" ] && CERTTEST='-test ' || CERTTEST=''
|
|
|
|
if [[ ${SERVERNAMES} == *","* ]]; then
|
|
NGINX_SERVERNAME=${SERVERNAMES}
|
|
IFS=','; SERVERNAMES=(${SERVERNAMES}); unset IFS
|
|
MAIN_SITE=${SERVERNAMES[0]}
|
|
else
|
|
MAIN_SITE=${SERVERNAMES}
|
|
NGINX_SERVERNAME=${SERVERNAMES}
|
|
fi
|
|
nginxconfig=${NM_NGINXPATH}/sites-available/${SITENAME,,}.conf
|
|
if [ "${MAIN_SITE}" != "${SITENAME}" ] && [ -f ${nginxconfig} ]; then
|
|
echo -e "\n${idsCL[LightRed]}New site name already exists!${idsCL[Default]}\n"
|
|
exit 1
|
|
else
|
|
[ "${MAIN_SITE}" != "${SITENAME}" ] && [ -f ${NM_NGINXPATH}/sites-available/${SITENAME}.conf ] && mv ${NM_NGINXPATH}/sites-available/${SITENAME}.conf ${nginxconfig}
|
|
if [ ! -f ${nginxconfig} ]; then
|
|
echo -en "${idsCL[LightCyan]}Configuring initial NGINX Site config ... "
|
|
cp ${NM_FOLDER}/templates/nginx.proxy.site ${nginxconfig}
|
|
sed -i "s/<<SERVER_NAME>>/${NGINX_SERVERNAME//,/ }/g" ${nginxconfig}
|
|
sed -i "s/<<MAIN_SITE>>/${MAIN_SITE}/g" ${nginxconfig}
|
|
sed -i "s/<<PROXY_IP>>/${PROXYHOST}/g" ${nginxconfig}
|
|
sed -i "s/<<PROXY_PORT>>/${PROXYPORT}/g" ${nginxconfig}
|
|
sed -i "s/<<PROXY_SCHEME>>/${PROXYSCHEME}/g" ${nginxconfig}
|
|
sed -i "s%<<NM_CERTPATH>>%${NM_CERTPATH}%g" ${nginxconfig}
|
|
echo -e "${idsCL[LightGreen]}Done${idsCL[Default]}"
|
|
|
|
else
|
|
oldservernames=$(grep 'server_name' ${nginxconfig});oldservernames=${oldservernames//;/};oldservernames=${oldservernames#* };oldservernames=${oldservernames// /,}
|
|
if [ "${MAIN_SITE}" != "${SITENAME}" ]; then
|
|
echo -e "${idsCL[LightCyan]}Detected MAIN_SITE name change, making necesary adjustments ... "
|
|
echo -en "\n${idsCL[LightCyan]}Removing old SSL Cert ... "
|
|
DEL-SSL ${SITENAME} >/dev/null 2>&1
|
|
echo -e "${idsCL[LightGreen]}Done${idsCL[Default]}\n"
|
|
echo -en "\n${idsCL[LightCyan]}Requesting new SSL Cert ... "
|
|
NEWCERT ${CERTTEST}-expand -nnr -newsite ${NGINX_SERVERNAME} ###>/dev/null 2>&1
|
|
echo -e "${idsCL[LightGreen]}Done${idsCL[Default]}\n"
|
|
# sed -i "s/live\/${SITENAME}\//live\/${MAIN_SITE}\//g" ${nginxconfig}
|
|
sed -i "s/\/${SITENAME}/\/${MAIN_SITE}/g" ${nginxconfig}
|
|
|
|
elif [ "${oldservernames}" != "${NGINX_SERVERNAME}" ]; then
|
|
echo -en "\n${idsCL[LightCyan]}Updating SSL Cert for hostname changes ... "
|
|
NEWCERT ${CERTTEST}-expand -nnr -newsite ${NGINX_SERVERNAME} ###>/dev/null 2>&1
|
|
echo -e "${idsCL[LightGreen]}Done${idsCL[Default]}\n"
|
|
|
|
fi
|
|
echo -en "\n${idsCL[LightCyan]}Configuring NGINX proxy for site ... "
|
|
sed -i "/set \$forward_scheme/d" ${nginxconfig}; sed -i "/server {/a\\\tset \$forward_scheme ${PROXYSCHEME};" ${nginxconfig}
|
|
sed -i "/set \$server/d" ${nginxconfig}; sed -i "/set \$forward_scheme/a\\\tset \$server \"${PROXYHOST}\";" ${nginxconfig}
|
|
sed -i "/set \$port/d" ${nginxconfig}; sed -i "/set \$server/a\\\tset \$port ${PROXYPORT};" ${nginxconfig}
|
|
sed -i "/server_name/,+1 d" ${nginxconfig}; sed -i "/set \$port/a\\\n\tserver_name ${NGINX_SERVERNAME//,/ };" ${nginxconfig}
|
|
echo -e "${idsCL[LightGreen]}Done${idsCL[Default]}\n"
|
|
fi
|
|
echo "about to create SSL..."
|
|
if [ "${SSL^^}" == "YES" ]; then
|
|
echo -en "${idsCL[LightCyan]}Enabling SSL ... "
|
|
if [ ! -f ${NM_CERTPATH}/live/${MAIN_SITE}/cert.pem ]; then
|
|
echo -e "\n${idsCL[LightCyan]}No SSL cert detected, will generate one now ... "
|
|
NEWCERT ${CERTTEST}-newsite -nnr ${NGINX_SERVERNAME}
|
|
echo
|
|
fi
|
|
if [ -f ${NM_CERTPATH}/live/${MAIN_SITE}/cert.pem ]; then
|
|
sed -i "s/#ssl_certificate/ssl_certificate/g" ${nginxconfig}
|
|
sed -i "s/#listen 443/listen 443/g" ${nginxconfig}
|
|
sed -i "s/#include conf.d\/include\/ssl-ciphers.conf/include conf.d\/include\/ssl-ciphers.conf/g" ${nginxconfig}
|
|
sed -i "s/#include conf.d\/include\/force-ssl.conf/include conf.d\/include\/force-ssl.conf/g" ${nginxconfig}
|
|
echo
|
|
echo -e "${idsCL[LightGreen]}Done${idsCL[Default]}"
|
|
else
|
|
echo -e "${idsCL[LightRed]}Awww shit ERROR: Cert not created, run for the hills!!${idsCL[Default]}"
|
|
fi
|
|
else
|
|
echo -en "${idsCL[LightCyan]}Disabling SSL ... "
|
|
sed -i "s/ssl_certificate/#ssl_certificate/g" ${nginxconfig}
|
|
sed -i "s/listen 443/#listen 443/g" ${nginxconfig}
|
|
sed -i "s/include conf.d\/include\/ssl-ciphers.conf/#include conf.d\/include\/ssl-ciphers.conf/g" ${nginxconfig}
|
|
sed -i "s/include conf.d\/include\/force-ssl.conf/#include conf.d\/include\/force-ssl.conf/g" ${nginxconfig}
|
|
echo -e "${idsCL[LightGreen]}Done${idsCL[Default]}"
|
|
echo
|
|
fi
|
|
if [[ "${SECURE}" = *"FA"* ]]; then
|
|
echo -en "${idsCL[LightCyan]}Enabling ${SECURE} SSO access ... "
|
|
sed -i "s/#include conf.d\/include\/secure-access.conf/include conf.d\/include\/secure-access.conf/g" ${nginxconfig}
|
|
${SSHCMD} root@${NM_AUTHELIA_IP} sed -i "/${SITENAME}/d" ${NM_DOCKER_COMPOSE_LOC['authelia']}/config/configuration.yml
|
|
if [ "${SECURE}" == "2FA" ]; then
|
|
${SSHCMD} root@${NM_AUTHELIA_IP} "sed -ie \"/domain: # Proxies needing 2 factor below/a ~~~ - \\\"${MAIN_SITE}\\\"\" ${NM_DOCKER_COMPOSE_LOC['authelia']}/config/configuration.yml"
|
|
else
|
|
${SSHCMD} root@${NM_AUTHELIA_IP} "sed -ie \"/domain: # Proxies only requiring username and password/a ~~~ - \\\"${MAIN_SITE}\\\"\" ${NM_DOCKER_COMPOSE_LOC['authelia']}/config/configuration.yml"
|
|
fi
|
|
${SSHCMD} root@${NM_AUTHELIA_IP} "sed -i \"s/~~~/ /g\" ${NM_DOCKER_COMPOSE_LOC['authelia']}/config/configuration.yml"
|
|
${SSHCMD} root@${NM_AUTHELIA_IP} "/usr/bin/docker restart authelia >/dev/null 2>&1"
|
|
echo -e "${idsCL[LightGreen]}Done${idsCL[Default]}"
|
|
echo
|
|
else
|
|
echo -en "${idsCL[LightCyan]}Disabling SSO access ... "
|
|
sed -i "s/include conf.d\/include\/secure-access.conf/#include conf.d\/include\/secure-access.conf/g" ${nginxconfig}
|
|
[ "${NM_AUTHELIA_IP}" != "" ] && ${SSHCMD} root@${NM_AUTHELIA_IP} sed -i "/${SITENAME}/d" ${NM_DOCKER_COMPOSE_LOC['authelia']}/config/configuration.yml
|
|
echo -e "${idsCL[LightGreen]}Done${idsCL[Default]}"
|
|
echo
|
|
fi
|
|
if [ "${WEBSOCKET^^}" == "YES" ]; then
|
|
echo -en "${idsCL[LightCyan]}Enabling Websocket Support ... "
|
|
sed -i "s/#include conf.d\/include\/websocket-support.conf/include conf.d\/include\/websocket-support.conf/g" ${nginxconfig}
|
|
else
|
|
echo -en "${idsCL[LightCyan]}Disabling Websocket Support ... "
|
|
sed -i "s/include conf.d\/include\/websocket-support.conf/#include conf.d\/include\/websocket-support.conf/g" ${nginxconfig}
|
|
fi
|
|
echo -e "${idsCL[LightGreen]}Done${idsCL[Default]}"
|
|
echo
|
|
if [ "${HSTS^^}" == "YES" ]; then
|
|
echo -en "${idsCL[LightCyan]}Enabling HSTS Support ... "
|
|
sed -i "s/#include conf.d\/include\/hsts-support.conf/include conf.d\/include\/hsts-support.conf/g" ${nginxconfig}
|
|
else
|
|
echo -en "${idsCL[LightCyan]}Disabling HSTS Support ... "
|
|
sed -i "s/include conf.d\/include\/hsts-support.conf/#include conf.d\/include\/hsts-support.conf/g" ${nginxconfig}
|
|
fi
|
|
echo -e "${idsCL[LightGreen]}Done${idsCL[Default]}"
|
|
echo
|
|
if [ "${EXPLOITS^^}" == "YES" ]; then
|
|
echo -en "${idsCL[LightCyan]}Enabling Web Exploit Blocks ... "
|
|
sed -i "s/#include conf.d\/include\/block-exploits.conf/include conf.d\/include\/block-exploits.conf/g" ${nginxconfig}
|
|
else
|
|
echo -en "${idsCL[LightCyan]}Disabling Web Exploit Blocks ... "
|
|
sed -i "s/include conf.d\/include\/block-exploits.conf/#include conf.d\/include\/block-exploits.conf/g" ${nginxconfig}
|
|
fi
|
|
echo -e "${idsCL[LightGreen]}Done${idsCL[Default]}"
|
|
echo
|
|
if [ "${LIVE^^}" == "YES" ]; then
|
|
echo -en "${idsCL[LightCyan]}Enabling Site ... "
|
|
ln -s ${nginxconfig} ${NM_NGINXPATH}/sites-enabled/${SITENAME,,}.conf
|
|
else
|
|
echo -en "${idsCL[LightCyan]}Disabling Site ... "
|
|
rm -f ${NM_NGINXPATH}/sites-enabled/${SITENAME,,}.conf
|
|
fi
|
|
echo -e "${idsCL[LightGreen]}Done${idsCL[Default]}"
|
|
echo
|
|
|
|
sed -i "s/##include/#include/g" ${nginxconfig}
|
|
sed -i "s/##ssl_/#ssl_/g" ${nginxconfig}
|
|
|
|
echo -e "${idsCL[LightGreen]}Site Configuration Complete${idsCL[Default]}"
|
|
|
|
fi
|
|
|
|
}
|
|
|
|
SITEINFO(){
|
|
# start=`date +%s`
|
|
dl=105
|
|
EDIT=0; SEARCH=0
|
|
while [ $# -gt 0 ]; do
|
|
case "${1}" in
|
|
-e|-edit) EDIT=1;;
|
|
-s|-search) SEARCH=${2};;
|
|
-h | -help | --help)
|
|
echo -e "Usage: ${idsCL[LightYellow]}[nodemgmt or nmg] sites ${idsCL[Yellow]}{flags}${idsCL[Default]} {"
|
|
width=35
|
|
printf "%-${width}s- %s\n" " -e|-edit" "(enables edit mode)"
|
|
printf "%-${width}s- %s\n" " -s|-search {search}" "(narrows list to hostnames containing {search})"
|
|
echo -e "}\n"
|
|
exit 0;;
|
|
esac
|
|
shift
|
|
done
|
|
|
|
if [ "${onefacline}" == "" ]; then
|
|
[ "$(${NCMD} ip addr show $(ip route | awk '/default/ { print $5 }') | grep "inet" | awk '/inet/ {print $2}' | cut -d'/' -f1)" != "${NM_AUTHELIA_IP}" ] && ACMD="${SSHCMD} root@${NM_AUTHELIA_IP}" || ACMD=""
|
|
autheliaconfig=$(${ACMD} cat ${NM_DOCKER_COMPOSE_LOC['authelia']}/config/configuration.yml)
|
|
onefacline=$(echo "${autheliaconfig}" | grep -Fn one_factor | sort | tail -n1)
|
|
onefacline=${onefacline%%:*}
|
|
twofacline=$(echo "${autheliaconfig}" | grep -Fn two_factor | sort | tail -n1)
|
|
twofacline=${twofacline%%:*}
|
|
fi
|
|
|
|
[ "${SEARCH}" != "0" ] && echo -e "${idsCL[Yellow]}Narrowing list to names containing '${idsCL[LightYellow]}${SEARCH,,}${idsCL[Yellow]}' ${idsCL[Default]}\n"
|
|
|
|
if [ ${EDIT} -eq 1 ]; then
|
|
[ "${2}" == "" ] && echo -e "${idsCL[LightGreen]}Choose a site from the list below to edit: ${idsCL[Default]}"
|
|
else
|
|
echo -e "${idsCL[LightGreen]}Local NGINX Sites ${idsCL[Default]}"
|
|
fi
|
|
gosite=${NM_NGINXPATH[${RUN_NODE_TYPE}]}/sites-available
|
|
declare -A SITELIST
|
|
if [ "${gosite}" != "" ]; then
|
|
[ "${SEARCH}" != "0" ] && files=$(shopt -s nullglob dotglob; echo ${gosite}/*${SEARCH,,}*.conf) || files=$(shopt -s nullglob dotglob; echo ${gosite}/*.conf)
|
|
if (( ${#files} )); then
|
|
[ "${SEARCH}" != "0" ] && siteslist=$(find ${gosite}/*${SEARCH,,}*.conf) || siteslist=$(find ${gosite}/*.conf)
|
|
i=1
|
|
for sitefile in ${siteslist[@]}; do
|
|
SITENAME=${sitefile##*/}; SITENAME=${SITENAME/.conf/}
|
|
siteconfig=$(cat ${sitefile})
|
|
if (( i % 12 == 0 )) || [ $i = 1 ]; then
|
|
DIVIDER false yellow ${dl}
|
|
[ ${EDIT} -eq 1 ] && msg1='##) Site Hostname' || msg1='Site Hostname'
|
|
echo -en "${idsCL[Yellow]}"
|
|
if [ ${EDIT} -eq 1 ]; then
|
|
printf "%-32s %-5s %-7s %-5s %-5s %-5s %-5s %-5s %-8s\n" "${msg1}" "Live" "Type" "SSL" "HSTS" "WBSKT" "EXPLT" "LOCK" "Proxy Connection"
|
|
else
|
|
printf "%-28s %-5s %-7s %-5s %-5s %-5s %-5s %-5s %-8s\n" "${msg1}" "Live" "Type" "SSL" "HSTS" "WBSKT" "EXPLT" "LOCK" "Proxy Connection"
|
|
fi
|
|
echo -en "${idsCL[Default]}"
|
|
DIVIDER false yellow ${dl}
|
|
else
|
|
DIVIDER false darkGray ${dl}
|
|
fi
|
|
#twofacline=$(echo "${autheliaconfig}" | grep -Fn two_factor | sort | tail -n1)
|
|
if [ "$(echo "${siteconfig}" | grep include/proxy.conf)" != "" ] || [ "$(echo "${siteconfig}" | grep proxy_pass)" != "" ]; then
|
|
SITE_TYPE='Proxy'
|
|
if [ "$(echo "${siteconfig}" | grep include/proxy.conf)" != "" ]; then
|
|
PROXYHOST=$(echo "${siteconfig}" | grep 'set $server')
|
|
PROXYHOST=${PROXYHOST#*\"}; PROXYHOST=${PROXYHOST%\"*}
|
|
PROXYSCHEME=$(echo "${siteconfig}" | grep 'set $forward_scheme')
|
|
PROXYSCHEME=${PROXYSCHEME##* }; PROXYSCHEME=${PROXYSCHEME%;*}
|
|
PROXYPORT=$(echo "${siteconfig}" | grep 'set $port')
|
|
PROXYPORT=${PROXYPORT##* }; PROXYPORT=${PROXYPORT%;*}
|
|
PROXYHOST_FULL="${PROXYSCHEME}://${PROXYHOST}:${PROXYPORT}"
|
|
else
|
|
PROXYHOST_FULL="[ custom proxy_pass ]"
|
|
fi
|
|
else
|
|
SITE_TYPE='HTTP'
|
|
PROXYHOST_FULL=''
|
|
fi
|
|
|
|
server=$(echo "${siteconfig}" | grep 'set $port')
|
|
|
|
[ "$(echo "${siteconfig}" | grep \#ssl_certificate)" != "" ] && SSL='' || SSL='Yes'
|
|
[ "$(echo "${siteconfig}" | grep '\#include conf.d/include/hsts-support.conf')" != "" ] && HSTS='' || HSTS='Yes'
|
|
[ "$(echo "${siteconfig}" | grep '\#include conf.d/include/websocket-support.conf')" != "" ] && WEBSOCKET='' || WEBSOCKET='Yes'
|
|
[ "$(echo "${siteconfig}" | grep '\#include conf.d/include/block-exploits.conf')" != "" ] && EXPLOITS='' || EXPLOITS='Yes'
|
|
|
|
if [ "$(echo "${siteconfig}" | grep '\#include conf.d/include/secure-access.conf')" == "" ]; then
|
|
sitefacline=$(echo "${autheliaconfig}" | grep -Fn ${SITENAME})
|
|
sitefacline=${sitefacline%%:*}
|
|
if [ "${sitefacline}" == "" ]; then
|
|
SECURE='error'
|
|
# ${SSHCMD} root@${NM_AUTHELIA_IP} "sed -ie \"/domain: # Proxies only requiring username and password/a ~~~ - \\\"${SITENAME}\\\"\" ${NM_DOCKER_COMPOSE_LOC['authelia']}/config/configuration.yml"
|
|
# ${SSHCMD} root@${NM_AUTHELIA_IP} "sed -i \"s/~~~/ /g\" ${NM_DOCKER_COMPOSE_LOC['authelia']}/config/configuration.yml"
|
|
elif [ ${sitefacline} -lt ${onefacline} ]; then
|
|
SECURE='1FA'
|
|
elif [ ${sitefacline} -lt ${twofacline} ]; then
|
|
SECURE='2FA'
|
|
fi
|
|
else
|
|
SECURE=''
|
|
fi
|
|
|
|
[ -f ${NM_NGINXPATH[${RUN_NODE_TYPE}]}/sites-enabled/${SITENAME}.conf ] && LIVE='Yes' || LIVE=''
|
|
|
|
|
|
[ ${i} -lt 10 ] && ii=" ${i}" || ii=${i}
|
|
[ ${EDIT} -eq 1 ] && msg1="${ii}) ${SITENAME}" || msg1="${SITENAME}"
|
|
[ "${LIVE}" == "Yes" ] && echo -en "${idsCL[White]}" || echo -en "${idsCL[DarkGray]}"
|
|
if [ ${EDIT} -eq 1 ]; then
|
|
printf "%-32s %-5s %-7s %-5s %-5s %-5s %-5s %-5s %-14s\n" "${msg1}" "${LIVE}" "${SITE_TYPE}" "${SSL}" "${HSTS}" "${WEBSOCKET}" "${EXPLOITS}" "${SECURE}" "${PROXYHOST_FULL}"
|
|
else
|
|
printf "%-28s %-5s %-7s %-5s %-5s %-5s %-5s %-5s %-14s\n" "${msg1}" "${LIVE}" "${SITE_TYPE}" "${SSL}" "${HSTS}" "${WEBSOCKET}" "${EXPLOITS}" "${SECURE}" "${PROXYHOST_FULL}"
|
|
fi
|
|
echo -en "${idsCL[Default]}"
|
|
SITELIST[${i}]=${SITENAME}
|
|
i=`expr $i + 1`
|
|
done
|
|
else
|
|
echo -e "\n${idsCL[LightRed]}No sites were found matching '${SEARCH}'${idsCL[Default]}"
|
|
fi
|
|
|
|
|
|
echo
|
|
if [ ${EDIT} -eq 1 ]; then
|
|
DIVIDER . yellow ${dl}
|
|
function exitspacing {
|
|
echo -e "\n\033[K\n\033[K"
|
|
exit 0
|
|
}
|
|
trap exitspacing EXIT
|
|
|
|
while [ "${editc^}" != "Q" ]; do
|
|
echo -e "\033[K"
|
|
echo -e "\033[K"
|
|
echo -e "\033[K (${idsCL[Green]}A${idsCL[Default]})dd New Site, (${idsCL[Green]}R${idsCL[Default]})eload, (${idsCL[Yellow]}Q${idsCL[Default]})uit"
|
|
echo -e "\033[K"
|
|
echo -e "\033[K"
|
|
echo -e "\033[K"
|
|
echo -e "\033[7A"
|
|
echo -en "${idsCL[LightCyan]}Enter the site number you want to edit: ${idsCL[Default]}"
|
|
read siteid
|
|
echo
|
|
|
|
if [ "${siteid^}" == "Q" ]; then
|
|
echo -e "\033[K"
|
|
exit 0
|
|
|
|
elif [ "${siteid^}" == "A" ]; then
|
|
echo -en "\033[1A\033[K\r"
|
|
${NM_SCRIPT} newsite
|
|
[ "${SEARCH}" != "0" ] && SITEINFO -edit -search ${SEARCH} || SITEINFO -edit
|
|
exit 0
|
|
|
|
elif [ "${siteid^}" == "R" ]; then
|
|
[ "${SEARCH}" != "0" ] && SITEINFO -edit -search ${SEARCH} || SITEINFO -edit
|
|
exit 0
|
|
|
|
elif [ "${SITELIST[${siteid}]}" != "" ]; then
|
|
|
|
EDITSITE
|
|
|
|
else #no site
|
|
echo -e "\033[3A"; for (( c=1; c<=3; c++ )); do echo -e "\r\033[K"; done; echo -e "\033[4A"
|
|
[ "${siteid}" == "" ] && echo -e "\033[2A"
|
|
fi
|
|
done
|
|
echo
|
|
fi
|
|
else
|
|
echo -e "\nNo site information found for this node"
|
|
fi
|
|
|
|
echo
|
|
|
|
# end=`date +%s`
|
|
# runtime=$((end-start))
|
|
# echo "runtime: ${runtime}"
|
|
# echo
|
|
}
|
|
|
|
|
|
EDITSITE(){
|
|
SITENAME=${SITELIST[${siteid}]}
|
|
sitefile=${gosite}/${SITENAME}.conf
|
|
if [ -f ${sitefile} ]; then
|
|
siteconfig=$(cat ${sitefile})
|
|
if [ "$(echo "${siteconfig}" | grep \#ssl_certificate)" != "" ]; then
|
|
SSL='-'
|
|
SUBJECTNAMES=""
|
|
else
|
|
SSL='Yes'
|
|
|
|
certpath=$(echo "${siteconfig}" | grep ssl_certificate_key)
|
|
certpath=${certpath%/*}
|
|
certpath=${certpath#* }
|
|
SUBJECTNAMES=$(openssl x509 -in ${certpath}/cert.pem -noout -text|grep -oP '(?<=DNS:|IP Address:)[^,]+'|sort -uV)
|
|
CERTEXPIRE=$(date -d "$(: | openssl x509 -in ${certpath}/cert.pem -text | grep 'Not After' |awk '{print $4,$5,$7}')" '+%s');
|
|
SUBJECTNAMES=${SUBJECTNAMES//$'\n'/, }
|
|
fi
|
|
|
|
if [ "$(echo "${siteconfig}" | grep include/proxy.conf)" != "" ]; then
|
|
SITE_TYPE='Proxy'
|
|
PROXYHOST=$(echo "${siteconfig}" | grep 'set $server')
|
|
PROXYHOST=${PROXYHOST#*\"}; PROXYHOST=${PROXYHOST%\"*}
|
|
SERVERNAMES=$(echo "${siteconfig}" | grep 'server_name')
|
|
SERVERNAMES=${SERVERNAMES//;/}
|
|
SERVERNAMES=${SERVERNAMES#* }
|
|
SERVERNAMES=${SERVERNAMES// /,}
|
|
PROXYSCHEME=$(echo "${siteconfig}" | grep 'set $forward_scheme')
|
|
PROXYSCHEME=${PROXYSCHEME##* }; PROXYSCHEME=${PROXYSCHEME%;*}
|
|
PROXYPORT=$(echo "${siteconfig}" | grep 'set $port')
|
|
PROXYPORT=${PROXYPORT##* }; PROXYPORT=${PROXYPORT%;*}
|
|
|
|
|
|
else
|
|
SITE_TYPE='HTTP'
|
|
fi
|
|
[ "$(echo "${siteconfig}" | grep '\#include conf.d/include/hsts-support.conf')" != "" ] && HSTS='-' || HSTS='Yes'
|
|
[ "$(echo "${siteconfig}" | grep '\#include conf.d/include/websocket-support.conf')" != "" ] && WEBSOCKET='-' || WEBSOCKET='Yes'
|
|
[ "$(echo "${siteconfig}" | grep '\#include conf.d/include/block-exploits.conf')" != "" ] && EXPLOITS='-' || EXPLOITS='Yes'
|
|
if [ "$(echo "${siteconfig}" | grep '\#include conf.d/include/secure-access.conf')" == "" ]; then
|
|
sitefacline=$(echo "${autheliaconfig}" | grep -Fn ${SITENAME} | sort | tail -n1)
|
|
sitefacline=${sitefacline%%:*}
|
|
if [ "${sitefacline}" == "" ]; then
|
|
SECURE='error'
|
|
elif [ ${sitefacline} -lt ${onefacline} ]; then
|
|
SECURE='1FA'
|
|
elif [ ${sitefacline} -lt ${twofacline} ]; then
|
|
SECURE='2FA'
|
|
fi
|
|
else
|
|
SECURE='-'
|
|
fi
|
|
|
|
[ -f ${NM_NGINXPATH[${RUN_NODE_TYPE}]}/sites-enabled/${SITENAME}.conf ] && LIVE='Yes' || LIVE='-'
|
|
|
|
else
|
|
LIVE='Yes'
|
|
SITENAME=${MAIN_SITE}
|
|
SITE_TYPE=${SITE_TYPE^}
|
|
SERVERNAMES=${NEW_SITE}
|
|
PROXYHOST=${PROXYHOST}
|
|
PROXYSCHEME=${PROXYSCHEME}
|
|
PROXYPORT=${PROXYPORT}
|
|
SSL='Yes'
|
|
HSTS='Yes'
|
|
WEBSOCKET='-'
|
|
EXPLOITS='-'
|
|
SECURE='-'
|
|
|
|
fi
|
|
|
|
editc=0
|
|
until [ "${editc^}" = "C" ]; do
|
|
echo -e "\033[K${idsCL[White]}E) Site Enabled: ${idsCL[Cyan]}${idsST[Bold]}${LIVE}${idsST[Reset]}"
|
|
echo -e "\033[K${idsCL[White]}0) Site Address(es): ${idsCL[Cyan]}${idsST[Bold]}${SERVERNAMES//,/, }${idsST[Reset]}"
|
|
echo -e "\033[K${idsCL[White]}1) Site Type: ${idsCL[Cyan]}${idsST[Bold]}${SITE_TYPE}${idsST[Reset]}"
|
|
echo -en "\033[K${idsCL[White]}2) SSL Secure: ${idsCL[Cyan]}${idsST[Bold]}${SSL}${idsST[Reset]}"
|
|
[ "${SUBJECTNAMES}" != "" ] && echo -e " ${idsCL[Cyan]}[SSL Names: ${idsCL[Yellow]}${SUBJECTNAMES}${idsCL[Cyan]}; expires ${idsCL[Yellow]}$(date -d @${CERTEXPIRE} '+%m-%d-%Y')${idsCL[Cyan]}]" || echo
|
|
echo -e "\033[K${idsCL[White]}3) HSTS Enabled: ${idsCL[Cyan]}${idsST[Bold]}${HSTS}${idsST[Reset]}"
|
|
echo -e "\033[K${idsCL[White]}4) Web Sockets: ${idsCL[Cyan]}${idsST[Bold]}${WEBSOCKET}${idsST[Reset]}"
|
|
echo -e "\033[K${idsCL[White]}5) Exploits Block: ${idsCL[Cyan]}${idsST[Bold]}${EXPLOITS}${idsST[Reset]}"
|
|
echo -e "\033[K${idsCL[White]}6) Secured Access: ${idsCL[Cyan]}${idsST[Bold]}${SECURE}${idsST[Reset]}"
|
|
if [ "${SITE_TYPE}" == "Proxy" ]; then
|
|
echo -e "\033[K${idsCL[White]}7) Proxy Address: ${idsCL[Cyan]}${idsST[Bold]}${PROXYHOST}${idsST[Reset]}"
|
|
echo -e "\033[K${idsCL[White]}8) Proxy Scheme: ${idsCL[Cyan]}${idsST[Bold]}${PROXYSCHEME}${idsST[Reset]}"
|
|
echo -e "\033[K${idsCL[White]}9) Proxy Port: ${idsCL[Cyan]}${idsST[Bold]}${PROXYPORT}${idsST[Reset]}"
|
|
else
|
|
echo -e "\033[K"
|
|
echo -e "\033[K"
|
|
echo -e "\033[K"
|
|
fi
|
|
if [ "${editc}" != "s" ]; then
|
|
echo -e "\033[K"
|
|
echo -e "\033[K"
|
|
echo -e "\033[K"
|
|
echo -e "\033[K (${idsCL[Green]}S${idsCL[Default]})ave Site, (${idsCL[Red]}D${idsCL[Default]})elete Site, (${idsCL[Yellow]}C${idsCL[Default]})ancel, (${idsCL[Yellow]}Q${idsCL[Default]})uit"
|
|
echo -e "\033[K"
|
|
echo -e "\033[K"
|
|
echo -e "\033[7A"
|
|
|
|
echo -en "\033[K\n\033[K\r${idsCL[LightCyan]}Enter the item number to edit: ${idsCL[Default]}"
|
|
read -n 1 editc
|
|
|
|
case "${editc}" in
|
|
0) echo -e "\033[K\n\033[K"
|
|
echo -en "\033[KEnter new Server Names (comma seperated): "
|
|
read -i "${SERVERNAMES}" -e SERVERNAMES
|
|
SERVERNAMES=${SERVERNAMES//, /,}
|
|
echo -e "\033[5A"; for (( c=1; c<=5; c++ )); do echo -e "\033[K"; done; echo -e "\033[5A"
|
|
;;
|
|
1) [ "${SITE_TYPE}" == "HTTP" ] && SITE_TYPE='Proxy' || SITE_TYPE='HTTP';;
|
|
2) [ "${SSL}" == "-" ] && SSL='Yes' || SSL='-';;
|
|
3) [ "${HSTS}" == "-" ] && HSTS='Yes' || HSTS='-';;
|
|
4) [ "${WEBSOCKET}" == "-" ] && WEBSOCKET='Yes' || WEBSOCKET='-';;
|
|
5) [ "${EXPLOITS}" == "-" ] && EXPLOITS='Yes' || EXPLOITS='-';;
|
|
6) if [ "${SECURE}" == "-" ]; then
|
|
SECURE='1FA'
|
|
elif [ "${SECURE}" == "1FA" ]; then
|
|
SECURE='2FA'
|
|
elif [ "${SECURE}" == "2FA" ]; then
|
|
SECURE='-'
|
|
fi
|
|
;;
|
|
7) echo -e "\033[K\n\033[K"
|
|
echo -en "\033[KEnter new Proxy Address: "
|
|
read -i "${PROXYHOST}" -e PROXYHOST
|
|
echo -e "\033[5A"; for (( c=1; c<=5; c++ )); do echo -e "\033[K"; done; echo -e "\033[5A"
|
|
;;
|
|
8) [ "${PROXYSCHEME}" == "http" ] && PROXYSCHEME='https' || PROXYSCHEME='http';;
|
|
9) echo -e "\033[K\n\033[K"
|
|
echo -en "\033[KEnter new Proxy Port: "
|
|
read -i "${PROXYPORT}" -e PROXYPORT
|
|
echo -e "\033[5A"; for (( c=1; c<=5; c++ )); do echo -e "\033[K"; done; echo -e "\033[5A"
|
|
;;
|
|
|
|
[Cc])
|
|
echo -e "\r\033[K\n\r\033[K\n\r\033[K"
|
|
echo -e "\033[16A"; for (( c=1; c<=16; c++ )); do echo -e "\r\033[K"; done; echo -e "\033[16A"
|
|
echo -e "\n\n\n\n\n\n\n\n"
|
|
;;
|
|
[Dd])
|
|
echo -e "\033[K\n\033[K"
|
|
echo -en "\033[K${idsCL[LightCyan]}Are you sure you wish to delete the site and associated SSL if applicable (y/N): ${idsCL[Default]}"
|
|
read -n 1 delconfirm
|
|
case "${delconfirm}" in
|
|
[Yy])
|
|
echo -en "\n\n${idsCL[LightCyan]}Removing site ... "
|
|
DELSITE -site ${SITENAME} -ssl yes >/dev/null 2>&1
|
|
echo -e "${idsCL[LightGreen]}Done\n${idsCL[Default]}"
|
|
[ "${SEARCH}" != "0" ] && SITEINFO -edit -search ${SEARCH} || SITEINFO -edit
|
|
exit 0
|
|
;;
|
|
*)
|
|
[ "${delconfirm}" != "" ] && echo
|
|
echo -e "\033[5A"; for (( c=1; c<=5; c++ )); do echo -e "\033[K"; done; echo -e "\033[5A"
|
|
;;
|
|
esac
|
|
;;
|
|
[Ee]) [ "${LIVE}" == "-" ] && LIVE='Yes' || LIVE='-';;
|
|
[Qq])
|
|
echo -e "\033[K"
|
|
exit 0
|
|
;;
|
|
|
|
*) ;;
|
|
esac
|
|
[ "${editc}" == "" ] && echo -e "\033[14A" || echo -e "\033[13A"
|
|
else
|
|
for (( c=1; c<=6; c++ )); do echo -e "\033[K"; done; echo -e "\033[7A"
|
|
echo -en "\n\033[K${idsCL[LightCyan]}Confirm changes (Y/n): ${idsCL[Default]}"
|
|
read -n 1 confirm
|
|
case "${confirm}" in
|
|
[Nn])
|
|
editc=C
|
|
echo -e "\r\033[K\n\r\033[K\n\r\033[K"
|
|
echo -e "\033[15A"; for (( c=1; c<=15; c++ )); do echo -e "\r\033[K"; done; echo -e "\033[19A"
|
|
;;
|
|
*)
|
|
[ "${confirm}" != "" ] && echo
|
|
if [ "${CERTTEST}" != "" ] && [ "${CERTTEST}" != "0" ]; then
|
|
echo -e "${idsCL[LightYellow]}${idsST[Bold]}### REQUESTING CERT IN TEST MODE ###${idsST[Reset]}${idsCL[Default]}"
|
|
echo
|
|
fi
|
|
if [ "${NEWSITE}" == "true" ]; then
|
|
echo -en "\033[1A\033[K\r${idsCL[LightCyan]}Creating new site ... ${idsCL[Default]}"
|
|
else
|
|
echo -en "\033[1A\033[K\r${idsCL[LightCyan]}Configuring changes ... ${idsCL[Default]}"
|
|
fi
|
|
NEWPROXYSITE_CREATE ${SITENAME} ${SERVERNAMES} ${PROXYHOST} ${PROXYPORT} ${PROXYSCHEME} ${WEBSOCKET} ${HSTS} ${EXPLOITS} ${SECURE} ${SSL} ${CERTTEST} ###>/dev/null 2>&1
|
|
echo -e "${idsCL[LightGreen]}Done${idsCL[Default]}"
|
|
echo
|
|
|
|
echo -en "\033[1A\033[K\r${idsCL[LightCyan]}Restarting NGINX on all '${RUN_NODE_TYPE}' Nodes ... ${idsCL[Default]}"
|
|
# if [[ "${RUN_NODE_IP}" != "10.6.1"* ]]; then
|
|
SERVICE_MGMT nginx restart
|
|
# else
|
|
# /bin/systemctl restart nginx
|
|
# fi
|
|
echo -e "${idsCL[LightGreen]}Done${idsCL[Default]}"
|
|
echo
|
|
|
|
if [ "${NEWSITE}" == "true" ]; then
|
|
exit 0
|
|
else
|
|
echo -en "\033[K\r${idsCL[LightCyan]}Continue or Exit (C/e): ${idsCL[Default]}"
|
|
read -n1 con
|
|
case "${con}" in
|
|
[Ee])
|
|
# echo -e "\n\033[K\n\033[K"
|
|
exit 0
|
|
;;
|
|
*)
|
|
editc=C
|
|
echo -e "\r\033[K\n\r\033[K\n\r\033[K"
|
|
echo -e "\033[19A"; for (( c=1; c<=19; c++ )); do echo -e "\r\033[K"; done; echo -e "\033[22A"
|
|
[ "${SEARCH}" != "0" ] && SITEINFO -edit -search ${SEARCH} || LISTCERTS -edit
|
|
exit 0
|
|
;;
|
|
esac
|
|
fi
|
|
;;
|
|
esac
|
|
|
|
fi
|
|
done
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|