voltron/NodeMgmt
1
1
Fork 0
Code Issues Pull Requests Releases 1 Activity
Files
9fd2be9a753d93fe7be7c7a8ccf4ab286d66e2cf
NodeMgmt/inc/sites.inc
David Schroeder 9fd2be9a75 update
2023-11-11 23:12:38 -06:00

853 lines
32 KiB
Bash
Executable File
Raw Blame History

#!/usr/bin/env bash
DELSITE(){
while [ $# -gt 0 ]; do
case "$1" in
-site) DEL_SITE=${2};;
-ssl) DEL_SSL=${2};;
-list) DELSITES; exit 0;;
-*)
echo "Invalid option: '${1}' requires an argument" 1>&2
echo
echo -e "Usage: ${idsCL[Yellow]}nodemgmt delsite${idsCL[Default]} {"
width=33
printf "%-${width}s- %s\n" " -site {FQDN address}" "(*required)"
printf "%-${width}s- %s\n" " -ssl {yes or [no]}" "Delete SSL certs as well"
printf "%-${width}s- %s\n" " -list" "List sites (same as running nodemgmt delsites)"
echo "}"
exit 1;;
esac
shift
done
if [ -z ${DEL_SITE+x} ]; then
echo -en "${idsCL[LightCyan]}Delete what site address: ${idsCL[Default]}"
read DEL_SITE
echo
fi
if [[ $DEL_SSL =~ ^[Nn]$ ]]; then
DEL_SSL=no
elif [[ $DEL_SSL =~ ^[Yy]$ ]]; then
DEL_SSL=yes
elif [ -z ${DEL_SSL+x} ]; then
echo -en "${idsCL[LightRed]}Do you also want to delete the certs for '${DEL_SITE}' as well? [y/N]${idsCL[Default]} "
read DEL_SSL
if [[ $DEL_SSL =~ ^[Nn]$ ]]; then
DEL_SSL=no
elif [[ $DEL_SSL =~ ^[Yy]$ ]]; then
DEL_SSL=yes
fi
fi
if [ ! -z ${DEL_SITE+x} ] && [ "${DEL_SITE}" != "" ]; then
echo -e "${idsCL[LightRed]}Deleting site '${idsCL[Red]}${DEL_SITE^^}${idsCL[LightRed]}'...${idsCL[Default]}"
echo
echo -e "${idsCL[LightRed]}[[Removing Files and Folders]]${idsCL[Default]}"
echo -e "${idsCL[LightRed]}-------------------------------------------${idsCL[Default]}"
echo
echo -en "${idsCL[LightCyan]}Removing NGINX files ... ${idsCL[Default]}"
rm -f ${NM_NGINXPATH}/sites-enabled/${DEL_SITE}* >/dev/null 2>&1
echo -e "${idsCL[Green]}Done${idsCL[Default]}"
echo
if [ "${DEL_SSL}" == "yes" ]; then
DEL-SSL ${DEL_SITE}
echo
fi
[ "${NM_AUTHELIA_IP}" != "" ] && ssh root@${NM_AUTHELIA_IP} sed -i "/${DEL_SITE}/d" ${NM_DOCKER_COMPOSE_LOC['authelia']}/config/configuration.yml
SERVICE nginx restart
echo -e "${idsCL[LightRed]}Site has been deleted.${idsCL[Default]}\n"
else
echo "Missing arguments"
echo
echo -e "Usage: ${idsCL[Yellow]}nodemgmt delsite${idsCL[Default]} {"
width=33
printf "%-${width}s- %s\n" " -site {FQDN address}" "Site to delete"
printf "%-${width}s- %s\n" " -ssl {yes or [no]}" "Delete SSL certs as well"
printf "%-${width}s- %s\n" " -list" "List sites (same as running nodemgmt delsites)"
echo "}"
exit 1
fi
}
DELSITES(){
echo
echo -e "${idsCL[Red]}Select a site to delete...${idsCL[Default]}"
DIVIDER true
sid=1
# filels="( $(ssh root@${NM_HOSTS['LB'][0]} ls ${NM_NGINXPATH}/sites-enabled/*) )"
filels="( $(ls ${NM_NGINXPATH}/sites-enabled/*) )"
# IFS='\n'
for siteconf in $filels; do
# for siteconf in "${NM_NGINXPATH}/sites-enabled/*" ; do
# [ -e "$siteconf" ] || continue
if [ ${siteconf:0:1} == '/' ]; then
IFS='/'; site_conf=(${siteconf}); unset IFS
[ "${site_conf[3]}" == "sites-enabled" ] && SITES[${sid}]=${site_conf[4]/.conf/} || [ "${site_conf[4]}" == "sites-enabled" ] && SITES[${sid}]=${site_conf[5]/.conf/}
sid=`expr $sid + 1`
fi
done
for s in "${!SITES[@]}"; do
echo -e " [${idsCL[Yellow]}${s}${idsCL[Default]}] ${SITES[${s}]}"
done
echo
if [ -z $action ] || [ "${action}" = "gui" ]; then
echo " [B] Back"
fi
echo " [Q] Quit"
echo
echo -en "${idsCL[LightYellow]}Please select a site from above from above:${idsCL[Default]} "
read selsite
echo
if [ -z ${SITES[$selsite]} ] && [ "${selsite}" != "Q" ] && [ "${selsite}" != "q" ] && [ "${selsite}" != "B" ] && [ "${selsite}" != "b" ]; then
echo "Thats an invaild option,"
echo "please select a valid option only."
sleep 1
DELSITES
exit 0
elif [ "${selsite}" = "Q" ] || [ "${selsite}" = "q" ]; then
exit 0
elif [ "${selsite}" = "B" ] || [ "${selsite}" = "b" ]; then
GUI
else
while :
do
echo -en "${idsCL[LightRed]}Are you sure you want to delete '${idsCL[Red]}${SITES[${selsite}]^^}${idsCL[LightRed]}'? [y/N]${idsCL[Default]} "
read response
echo
if [[ $response =~ ^[Yy]$ ]]; then
echo -en "${idsCL[LightRed]}Do you also want to delete the certs for '${idsCL[Red]}${SITES[${selsite}]^^}${idsCL[LightRed]}', if they exist? [y/N]${idsCL[Default]} "
read sslresponse
DELSITE -site ${SITES[${selsite}]} -ssl ${sslresponse}
echo
DIVIDER
ENTER2CONTINUE
break
else
break
fi
done
DELSITES
exit 0
fi
if [ -z $action ] || [ "${action}" = "gui" ]; then
ENTER2CONTINUE
fi
}
LISTSITES(){
echo
echo -e "${idsCL[Red]}NGINX Site Config...${idsCL[Default]}"
DIVIDER true
# filels="( $(ssh root@${NM_HOSTS['LB'][0]} ls ${NM_NGINXPATH}/sites-enabled/*) )"
filels="( $(ls ${NM_NGINXPATH}/sites-enabled/*) )"
for siteconf in $filels; do
if [ ${siteconf:0:1} == '/' ]; then
IFS='/'; site_conf=(${siteconf}); unset IFS
[ "${site_conf[3]}" == "sites-enabled" ] && SITENAME=${site_conf[4]/.conf/} || [ "${site_conf[4]}" == "sites-enabled" ] && SITENAME=${site_conf[5]/.conf/}
[ grep -q "secure-access.conf" ${siteconf} ] && SECURE=Yes || SECURE=No
[ grep -q "websocket-support.conf" ${siteconf} ] && WEBSOCKET=Yes || WEBSOCKET=No
[ grep -q "hsts-support.conf" ${siteconf} ] && HSTS=Yes || HSTS=No
[ grep -q "block-exploits.conf" ${siteconf} ] && EXPLOITS=Yes || EXPLOITS=No
echo -e "${SITENAME} - ${SECURE} - ${WEBSOCKET} - ${HSTS} - ${EXPLOITS}"
fi
done
if [ -z $action ] || [ "${action}" = "gui" ]; then
ENTER2CONTINUE
fi
}
NEWSITE(){
NM_AUTHELIA_IP="$(GET_AUTHELIA_IP)"
CERTTEST=0
echo
while [ $# -gt 0 ]; do
case "$1" in
-test) CERTTEST=1;;
-site) NEW_SITE=${2};;
-type) SITE_TYPE=${2};;
-ssl) CREATE_SSL=${2};;
-proxy_scheme) PROXYSCHEME=${2};;
-proxy_host) PROXYHOST=${2};;
-proxy_port) PROXYPORT=${2};;
-websocket) WEBSOCKET=${2};;
-hsts) HSTS=${2};;
-exploits) EXPLOITS=${2};;
-secure) SECURE=${2};;
-h | -help | --help)
echo
echo -e "Usage: ${idsCL[Yellow]}nodemgmt newcert${idsCL[Default]} {"
width=33
printf "%-${width}s- %s\n" " -site {FQDN address(,es)}" "(new site and aliases, comma separated)"
printf "%-${width}s- %s\n" " -ssl {yes or no}" "(defaults to yes)"
printf "%-${width}s- %s\n" " -type {'local' or 'proxy'}" "(defaults to local)"
printf "%-${width}s- %s\n" " -proxy_port {host port}" "(proxy backend host)"
printf "%-${width}s- %s\n" " -proxy_host {IP or FQDN}" "(proxy backend port)"
printf "%-${width}s- %s\n" " -proxy_scheme {http or https}" "(proxy backend scheme)"
printf "%-${width}s- %s\n" " -websocket {yes or no}" "(websocket support)"
printf "%-${width}s- %s\n" " -hsts {yes or no}" "(hsts support)"
printf "%-${width}s- %s\n" " -exploits {yes or no}" "(block exploits)"
printf "%-${width}s- %s\n" " -secure {yes or no}" "(secure access [nginx/.htpasswd])"
echo "}"
exit 1;;
esac
shift
done
#if [ -z ${SITE_TYPE+x} ]; then SITE_TYPE=local; fi
#if [ -z ${CREATE_SSL+x} ]; then CREATE_SSL=true; fi
if [ -z ${NEW_SITE+x} ]; then
echo -en "${idsCL[LightCyan]}New site domain name (comma seperated for multiple): ${idsCL[Default]}"
read NEW_SITE
showdivide=yes
echo
fi
if [[ ${NEW_SITE} == *","* ]]; then
IFS=','; NEW_SITES=(${NEW_SITE}); unset IFS
MAIN_SITE=${NEW_SITES[0]}
NGINX_SERVERNAME=${NEW_SITE//[,]/ }
else
MAIN_SITE=${NEW_SITE}
NGINX_SERVERNAME=${NEW_SITE}
fi
nginxconfig=${NM_NGINXPATH}/sites-enabled/${MAIN_SITE}.conf
if [ -f ${nginxconfig} ]; then
echo -en "${idsCL[LightRed]}This site already exists, overwrite it? (y/N): ${idsCL[Default]}"
read overwrite
echo
if [[ ${overwrite} =~ ^[Nn]$ ]] || [ "${overwrite}" = "" ]; then
exit 0
elif [[ ${overwrite} =~ ^[Yy]$ ]]; then
rm -f ${nginxconfig} >/dev/null 2>&1
[ "${NM_AUTHELIA_IP}" != "" ] && ssh root@${NM_AUTHELIA_IP} sed -i "/${MAIN_SITE}/d" ${NM_DOCKER_COMPOSE_LOC['authelia']}/config/configuration.yml
else
exit 0
fi
fi
if [ -z ${CREATE_SSL+x} ]; then
echo -en "${idsCL[LightCyan]}Create SSL for site? [Y/n] ${idsCL[Default]}"
read CREATE_SSL
showdivide=yes
if [[ $CREATE_SSL =~ ^[Yy]$ ]] || [ "${CREATE_SSL}" = "" ]; then
CREATE_SSL=yes
else
CREATE_SSL=no
fi
echo
fi
if [ -z ${SITE_TYPE+x} ]; then
echo -en "${idsCL[LightCyan]}Site type (local/{proxy}): ${idsCL[Default]}"
read SITE_TYPE
showdivide=yes
if [ "${SITE_TYPE}" = "" ]; then
SITE_TYPE=proxy
fi
echo
fi
if [ "${SITE_TYPE}" = "proxy" ]; then
if [ -z ${PROXYHOST+x} ]; then
echo -en "${idsCL[LightCyan]}What is the proxy backend address (IP or FQDN): ${idsCL[Default]}"
read PROXYHOST
showdivide=yes
echo
fi
if [ -z ${PROXYPORT+x} ]; then
echo -en "${idsCL[LightCyan]}What is the proxy backend port (tcp port): ${idsCL[Default]}"
read PROXYPORT
showdivide=yes
echo
fi
if [ -z ${PROXYSCHEME+x} ]; then
echo -en "${idsCL[LightCyan]}What is the proxy backend scheme (http/https): ${idsCL[Default]}"
read PROXYSCHEME
showdivide=yes
echo
fi
if [ -z ${WEBSOCKET+x} ]; then
echo -en "${idsCL[LightCyan]}Enable Websocket Support (y/N): ${idsCL[Default]}"
read WEBSOCKET
showdivide=yes
if [[ ${WEBSOCKET} =~ ^[Nn]$ ]] || [ "${WEBSOCKET}" = "" ]; then
WEBSOCKET=no
elif [[ ${WEBSOCKET} =~ ^[Yy]$ ]]; then
WEBSOCKET=yes
else
WEBSOCKET=no
fi
echo
fi
if [ -z ${HSTS+x} ]; then
echo -en "${idsCL[LightCyan]}Enable HSTS Support (Y/n): ${idsCL[Default]}"
read HSTS
showdivide=yes
([[ ${HSTS} =~ ^[Yy]$ ]] || [ "${HSTS}" = "" ]) && HSTS=yes || HSTS=no
echo
fi
if [ -z ${EXPLOITS+x} ]; then
echo -en "${idsCL[LightCyan]}Block exploits (y/N): ${idsCL[Default]}"
read EXPLOITS
showdivide=yes
if [[ ${EXPLOITS} =~ ^[Nn]$ ]] || [ "${EXPLOITS}" = "" ]; then
EXPLOITS=no
elif [[ ${EXPLOITS} =~ ^[Yy]$ ]]; then
EXPLOITS=yes
else
EXPLOITS=no
fi
echo
fi
if [ -z ${SECURE+x} ]; then
echo -en "${idsCL[LightCyan]}Secure site with Authelia SSO (y/N): ${idsCL[Default]}"
read SECURE
showdivide=yes
if [[ ${SECURE} =~ ^[Nn]$ ]] || [ "${SECURE}" = "" ]; then
SECURE=no
elif [[ ${SECURE} =~ ^[Yy]$ ]]; then
echo -en "${idsCL[LightCyan]}Would you like to add a side of MFA with that SSO (Y/n): ${idsCL[Default]}"
read MFA
showdivide=yes
([[ ${MFA} =~ ^[Yy]$ ]] || [ "${MFA}" = "" ]) && SECURE="2FA" || SECURE="1FA"
else
SECURE=no
fi
echo
fi
fi
[ "${showdivide}" == "yes" ] && DIVIDER
echo
width=18
printf "%-${width}s: %s\n" "New site" "${NEW_SITE}"
printf "%-${width}s: %s\n" "Create SSL" "${CREATE_SSL}"
printf "%-${width}s: %s\n" "Site type" "${SITE_TYPE}"
if [ "${SITE_TYPE}" = "proxy" ]; then
printf "%-${width}s: %s\n" "Proxy host" "${PROXYHOST}"
printf "%-${width}s: %s\n" "Proxy port" "${PROXYPORT}"
printf "%-${width}s: %s\n" "Proxy scheme" "${PROXYSCHEME}"
printf "%-${width}s: %s\n" "Websocket Support" "${WEBSOCKET}"
printf "%-${width}s: %s\n" "HSTS Support" "${HSTS}"
printf "%-${width}s: %s\n" "Block Exploits" "${EXPLOITS}"
printf "%-${width}s: %s\n" "Secure Access" "${SECURE}"
fi
echo -en "${idsCL[LightRed]}Is this information correct? [Y/n]${idsCL[Default]} "
read -n 1 response
echo
if [[ $response =~ ^[Yy]$ ]] || [ "${response}" = "" ]; then
if [ "${SITE_TYPE}" = "proxy" ]; then
if [ ! -z ${PROXYSCHEME+x} ] && [ ! -z ${PROXYHOST+x} ] && [ ! -z ${PROXYPORT+x} ]; then GO=true; fi
else GO=true
fi
if [ "${GO}" = "true" ]; then
echo -e "${idsCL[LightGreen]}Setting up new site for '${idsCL[Yellow]}${MAIN_SITE}${idsCL[LightGreen]}' {${NGINX_SERVERNAME}}...${idsCL[Default]}"
echo
# [ "${WEBSOCKET}" == "yes" ] && WEBSOCKET="include conf.d\/include\/websocket-support.conf;" || WEBSOCKET=""
# [ "${HSTS}" == "yes" ] && HSTS="include conf.d\/include\/hsts-support.conf;" || HSTS=""
# [ "${EXPLOITS}" == "yes" ] && EXPLOITS="include conf.d\/include\/block-exploits.conf;" || EXPLOITS=""
if [[ "${SECURE}" = *"FA"* ]] && [ "${NM_DOCKER_COMPOSE_LOC['authelia']}" != "" ]; then
echo -e "${idsCL[LightGreen]}Configuring Authelia SSO for '${idsCL[Yellow]}${MAIN_SITE}${idsCL[LightGreen]}' {${NGINX_SERVERNAME}}...${idsCL[Default]}"
if [ "${SECURE}" == "2FA" ]; then
ssh root@${NM_AUTHELIA_IP} "sed -ie \"/domain: # Proxies needing 2 factor below/a ~~~ - \\\"${MAIN_SITE}\\\"\" ${NM_DOCKER_COMPOSE_LOC['authelia']}/config/configuration.yml"
else
ssh root@${NM_AUTHELIA_IP} "sed -ie \"/domain: # Proxies only requiring username and password/a ~~~ - \\\"${MAIN_SITE}\\\"\" ${NM_DOCKER_COMPOSE_LOC['authelia']}/config/configuration.yml"
fi
ssh root@${NM_AUTHELIA_IP} "sed -i \"s/~~~/ /g\" ${NM_DOCKER_COMPOSE_LOC['authelia']}/config/configuration.yml"
ssh root@${NM_AUTHELIA_IP} "/usr/bin/docker restart authelia >/dev/null 2>&1"
# else
# SECURE=""
fi
######################################### LOCAL
if [ "${SITE_TYPE}" = "local" ]; then
echo -e "server {
listen 80;" > ${nginxconfig}
if [ "${CREATE_SSL}" = "yes" ]; then
echo -e " listen 443 ssl http2;" >> ${nginxconfig}
fi
echo -e "
server_name ${NGINX_SERVERNAME};
set \$base /var/www/${MAIN_SITE};
root \$base/public_html;
access_log /var/log/nginx/${MAIN_SITE}-access.log;
error_log /var/log/nginx/${MAIN_SITE}-error.log warn;" >> ${nginxconfig}
if [ "${CREATE_SSL}" = "yes" ]; then
echo -e "
ssl_certificate_key ${NM_CERTPATH}/live/${MAIN_SITE}/fullchain.pem;
ssl_certificate_key ${NM_CERTPATH}/live/${MAIN_SITE}/privkey.pem;
include conf.d/include/ssl-ciphers.conf;" >> ${nginxconfig}
fi
echo -e "
index index.php;
location / {
try_files \$uri \$uri/ /index.php?\$query_string;" >> ${nginxconfig}
if [ "${CREATE_SSL}" = "yes" ]; then
echo -e " include conf.d/include/force-ssl.conf;" >> ${nginxconfig}
fi
echo -e " }
location ~ \.php\$ {
fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;
include conf.d/include/php_fastcgi.conf;
}
include conf.d/include/general.conf;" >> ${nginxconfig}
if [ "${CREATE_SSL}" = "yes" ]; then
echo -e " include conf.d/include/letsencrypt-acme-challenge.conf;" >> ${nginxconfig}
fi
echo -e "}" >> ${nginxconfig}
sudo -u www-data mkdir -p /var/www/${MAIN_SITE}/{public_html,nginx_logs}
######################################### PROXY
else
NEWPROXYSITE_CREATE ${MAIN_SITE} ${NGINX_SERVERNAME} ${PROXYHOST} ${PROXYPORT} ${PROXYSCHEME} ${WEBSOCKET} ${HSTS} ${EXPLOITS} ${SECURE} ${CREATE_SSL}
# cp ${NM_FOLDER}/templates/nginx.proxy.site ${nginxconfig}
# sed -i "s/<<SERVER_NAME>>/${NGINX_SERVERNAME}/g" ${nginxconfig}
# sed -i "s/<<MAIN_SITE>>/${MAIN_SITE}/g" ${nginxconfig}
# sed -i "s/<<PROXY_IP>>/${PROXYHOST}/g" ${nginxconfig}
# sed -i "s/<<PROXY_PORT>>/${PROXYPORT}/g" ${nginxconfig}
# sed -i "s/<<PROXY_SCHEME>>/${PROXYSCHEME}/g" ${nginxconfig}
# sed -i "s/<<WEBSOCKET>>/${WEBSOCKET}/g" ${nginxconfig}
# sed -i "s/<<HSTS>>/${HSTS}/g" ${nginxconfig}
# sed -i "s/<<EXPLOITS>>/${EXPLOITS}/g" ${nginxconfig}
# sed -i "s/<<SECURE>>/${SECURE}/g" ${nginxconfig}
# sed -i "s%<<NM_CERTPATH>>%${NM_CERTPATH}%g" ${nginxconfig}
fi
if [ "${CREATE_SSL}" = "yes" ]; then
[ -f ${NM_NGINXPATH}/sites-enabled/default* ] && SERVICE nginx restart >/dev/null 2>&1
NEWCERT ${NEW_SITE} newsite ${CERTTEST}
fi
rm -f ${NM_LOGFOLDER}/new-site.lastrun
daterun=`date +%Y-%m-%d-%H-%M-%S`
echo -e "${NEW_SITE}\n${daterun}" > ${NM_LOGFOLDER}/new-site.lastrun
# yes | cp -rfH ${NM_LOGFOLDER}/new-site.lastrun ${NM_NGINXPATH}/new-site.lastrun
# yes | cp -rfH ${NM_LOGFOLDER}/new-site.lastrun /var/www/new-site.lastrun
# daterun=`date +%Y-%m-%d-%H-%M-%S`
# echo -e "${daterun}" >> ${NM_NGINXPATH}/new-site.lastrun
DIVIDER true
echo
echo -e "${idsCL[LightGreen]}The new site for '${idsCL[LightGreen]}${NEW_SITE}${idsCL[Default]}' has been created.${idsCL[Default]}"
echo
if [ ! -f ${NM_NGINXPATH}/sites-enabled/default* ]; then
echo -en "${idsCL[LightCyan]}Restart NGINX on all Nodes (Y/n): ${idsCL[Default]}"
read -n 1 NGINXRELOAD
if [[ ${NGINXRELOAD} =~ ^[Nn]$ ]]; then
echo
else
SERVICE nginx restart
fi
else
SERVICE nginx restart
fi
else
echo "Missing proxy arguments"
exit 1
fi
else
${NM_SCRIPT} newsite
exit 0
fi
echo
}
NEWPROXYSITE_CREATE(){
SITENAME=${1}
SERVERNAMES=${2}
PROXYHOST=${3}
PROXYPORT=${4}
PROXYSCHEME=${5}
WEBSOCKET=${6}
HSTS=${7}
EXPLOITS=${8}
SECURE=${9}
SSL=${10}
if [[ ${SERVERNAMES} == *","* ]]; then
NGINX_SERVERNAME=${SERVERNAMES}
IFS=','; SERVERNAMES=(${SERVERNAMES}); unset IFS
MAIN_SITE=${SERVERNAMES[0]}
else
MAIN_SITE=${SERVERNAMES}
NGINX_SERVERNAME=${SERVERNAMES}
fi
nginxconfig=${NM_NGINXPATH}/sites-enabled/${SITENAME}.conf
if [ "${MAIN_SITE}" != "${SITENAME}" ] && [ -f ${nginxconfig} ]; then
echo -e "\n${idsCL[LightRed]}New site name already exists!${idsCL[Default]}\n"
exit 1
else
[ "${MAIN_SITE}" != "${SITENAME}" ] && [ -f ${NM_NGINXPATH}/sites-enabled/${SITENAME}.conf ] && mv ${NM_NGINXPATH}/sites-enabled/${SITENAME}.conf ${nginxconfig}
if [ ! -f ${nginxconfig} ]; then
cp ${NM_FOLDER}/templates/nginx.proxy.site ${nginxconfig}
sed -i "s/<<SERVER_NAME>>/${NGINX_SERVERNAME//,/ }/g" ${nginxconfig}
sed -i "s/<<MAIN_SITE>>/${MAIN_SITE}/g" ${nginxconfig}
sed -i "s/<<PROXY_IP>>/${PROXYHOST}/g" ${nginxconfig}
sed -i "s/<<PROXY_PORT>>/${PROXYPORT}/g" ${nginxconfig}
sed -i "s/<<PROXY_SCHEME>>/${PROXYSCHEME}/g" ${nginxconfig}
sed -i "s%<<NM_CERTPATH>>%${NM_CERTPATH}%g" ${nginxconfig}
else
oldservernames=$(grep 'server_name' ${nginxconfig});oldservernames=${oldservernames//;/};oldservernames=${oldservernames#* };oldservernames=${oldservernames// /,}
if [ "${MAIN_SITE}" != "${SITENAME}" ]; then
echo -en "\n${idsCL[LightCyan]}Removing old SSL Cert ... "
DEL-SSL ${SITENAME} >/dev/null 2>&1
echo -e "${idsCL[LightGreen]}Done${idsCL[Default]}\n"
echo -en "\n${idsCL[LightCyan]}Requesting new SSL Cert ... "
NEWCERT ${NGINX_SERVERNAME} >/dev/null 2>&1
echo -e "${idsCL[LightGreen]}Done${idsCL[Default]}\n"
sed -i "s/live\/${SITENAME}\//live\/${MAIN_SITE}\//g" ${nginxconfig}
elif [ "${oldservernames}" != "${NGINX_SERVERNAME}" ]; then
echo -e "\n${idsCL[LightCyan]}Updating SSL Cert for hostname changes, select 'E'xpand when prompted:"
NEWCERT ${NGINX_SERVERNAME}
echo -e "${idsCL[LightGreen]}Done${idsCL[Default]}\n"
fi
sed -i "/set \$forward_scheme/d" ${nginxconfig}; sed -i "/server {/a\\\tset \$forward_scheme ${PROXYSCHEME};" ${nginxconfig}
sed -i "/set \$server/d" ${nginxconfig}; sed -i "/set \$forward_scheme/a\\\tset \$server \"${PROXYHOST}\";" ${nginxconfig}
sed -i "/set \$port/d" ${nginxconfig}; sed -i "/set \$server/a\\\tset \$port ${PROXYPORT};" ${nginxconfig}
sed -i "/server_name/,+1 d" ${nginxconfig}; sed -i "/set \$port/a\\\n\tserver_name ${NGINX_SERVERNAME//,/ };" ${nginxconfig}
fi
if [ "${SSL^^}" == "YES" ]; then
sed -i "s/#ssl_certificate/ssl_certificate/g" ${nginxconfig}
sed -i "s/#listen 443/listen 443/g" ${nginxconfig}
sed -i "s/#include conf.d\/include\/ssl-ciphers.conf/include conf.d\/include\/ssl-ciphers.conf/g" ${nginxconfig}
sed -i "s/#include conf.d\/include\/force-ssl.conf/include conf.d\/include\/force-ssl.conf/g" ${nginxconfig}
else
sed -i "s/ssl_certificate/#ssl_certificate/g" ${nginxconfig}
sed -i "s/listen 443/#listen 443/g" ${nginxconfig}
sed -i "s/include conf.d\/include\/ssl-ciphers.conf/#include conf.d\/include\/ssl-ciphers.conf/g" ${nginxconfig}
sed -i "s/include conf.d\/include\/force-ssl.conf/#include conf.d\/include\/force-ssl.conf/g" ${nginxconfig}
fi
if [[ "${SECURE}" = *"FA"* ]]; then
sed -i "s/#include conf.d\/include\/secure-access.conf/include conf.d\/include\/secure-access.conf/g" ${nginxconfig}
ssh root@${NM_AUTHELIA_IP} sed -i "/${SITENAME}/d" ${NM_DOCKER_COMPOSE_LOC['authelia']}/config/configuration.yml
if [ "${SECURE}" == "2FA" ]; then
ssh root@${NM_AUTHELIA_IP} "sed -ie \"/domain: # Proxies needing 2 factor below/a ~~~ - \\\"${MAIN_SITE}\\\"\" ${NM_DOCKER_COMPOSE_LOC['authelia']}/config/configuration.yml"
else
ssh root@${NM_AUTHELIA_IP} "sed -ie \"/domain: # Proxies only requiring username and password/a ~~~ - \\\"${MAIN_SITE}\\\"\" ${NM_DOCKER_COMPOSE_LOC['authelia']}/config/configuration.yml"
fi
ssh root@${NM_AUTHELIA_IP} "sed -i \"s/~~~/ /g\" ${NM_DOCKER_COMPOSE_LOC['authelia']}/config/configuration.yml"
ssh root@${NM_AUTHELIA_IP} "/usr/bin/docker restart authelia >/dev/null 2>&1"
else
sed -i "s/include conf.d\/include\/secure-access.conf/#include conf.d\/include\/secure-access.conf/g" ${nginxconfig}
[ "${NM_AUTHELIA_IP}" != "" ] && ssh root@${NM_AUTHELIA_IP} sed -i "/${SITENAME}/d" ${NM_DOCKER_COMPOSE_LOC['authelia']}/config/configuration.yml
fi
if [ "${WEBSOCKET^^}" == "YES" ]; then
sed -i "s/#include conf.d\/include\/websocket-support.conf/include conf.d\/include\/websocket-support.conf/g" ${nginxconfig}
else
sed -i "s/include conf.d\/include\/websocket-support.conf/#include conf.d\/include\/websocket-support.conf/g" ${nginxconfig}
fi
if [ "${HSTS^^}" == "YES" ]; then
sed -i "s/#include conf.d\/include\/hsts-support.conf/include conf.d\/include\/hsts-support.conf/g" ${nginxconfig}
else
sed -i "s/include conf.d\/include\/hsts-support.conf/#include conf.d\/include\/hsts-support.conf/g" ${nginxconfig}
fi
if [ "${EXPLOITS^^}" == "YES" ]; then
sed -i "s/#include conf.d\/include\/block-exploits.conf/include conf.d\/include\/block-exploits.conf/g" ${nginxconfig}
else
sed -i "s/include conf.d\/include\/block-exploits.conf/#include conf.d\/include\/block-exploits.conf/g" ${nginxconfig}
fi
sed -i "s/##include/#include/g" ${nginxconfig}
sed -i "s/##ssl_/#ssl_/g" ${nginxconfig}
fi
}
SITEINFO(){
# start=`date +%s`
dl=105
if [ "${1}" == "edit" ]; then
[ "${2}" == "" ] && echo -e "${idsCL[LightGreen]}Choose a site from the list below to edit: ${idsCL[Default]}"
else
echo -e "${idsCL[LightGreen]}Local NGINX Sites ${idsCL[Default]}"
fi
gosite=${NM_NGINXPATH[${RUN_NODE_TYPE}]}/sites-enabled
declare -A SITELIST
if [ "${gosite}" != "" ]; then
sites=$(find ${gosite}/*.conf); i=0
if [ "${1}" == "" ] || ([ "${1}" == "edit" ] && [ "${2}" == "" ]); then
for sitefile in ${sites[@]}; do
site=${sitefile##*/}; site=${site/.conf/}
if (( i % 12 == 0 )) || [ $i = 0 ]; then
DIVIDER false yellow ${dl}
[ "${1}" == "edit" ] && msg1='##) Site Address' || msg1='Site Address'
echo -en "${idsST[Bold]}${idsCL[LightCyan]}"
if [ "${1}" == "edit" ]; then
printf "%-32s %-8s %-6s %-6s %-6s %-6s %-6s %-8s\n" "${msg1}" "Type" "SSL" "HSTS" "WBSKT" "EXPLT" "LOCK" "Proxy Connection"
else
printf "%-28s %-8s %-6s %-6s %-6s %-6s %-6s %-8s\n" "${msg1}" "Type" "SSL" "HSTS" "WBSKT" "EXPLT" "LOCK" "Proxy Connection"
fi
echo -en "${idsST[Reset]}${idsCL[Default]}"
DIVIDER false yellow ${dl}
else
DIVIDER false darkGray ${dl}
fi
if [ "$(grep include/proxy.conf ${sitefile})" != "" ]; then
type='Proxy'
server=$(grep 'set $server' ${sitefile})
server=${server#*\"}; server=${server%\"*}
scheme=$(grep 'set $forward_scheme' ${sitefile})
scheme=${scheme##* }; scheme=${scheme%;*}
port=$(grep 'set $port' ${sitefile})
port=${port##* }; port=${port%;*}
proxyhost="${scheme}://${server}:${port}"
else
type='HTTP'
proxyhost=''
fi
[ "$(grep \#ssl_certificate ${sitefile})" != "" ] && ssl='' || ssl='Yes'
[ "$(grep '\#include conf.d/include/hsts-support.conf' ${sitefile})" != "" ] && hsts='' || hsts='Yes'
[ "$(grep '\#include conf.d/include/websocket-support.conf' ${sitefile})" != "" ] && wbskt='' || wbskt='Yes'
[ "$(grep '\#include conf.d/include/block-exploits.conf' ${sitefile})" != "" ] && explt='' || explt='Yes'
[ "$(grep '\#include conf.d/include/secure-access.conf' ${sitefile})" != "" ] && lock='' || lock='Yes'
if [ "$(grep '\#include conf.d/include/secure-access.conf' ${sitefile})" == "" ]; then
if [ "${onefacline}" == "" ]; then
onefacline=$(ssh root@${NM_AUTHELIA_IP} grep -Fn one_factor /mnt/web-data/authelia/config/configuration.yml | sort | tail -n1)
onefacline=${onefacline%%:*}
twofacline=$(ssh root@${NM_AUTHELIA_IP} grep -Fn two_factor /mnt/web-data/authelia/config/configuration.yml | sort | tail -n1)
twofacline=${twofacline%%:*}
fi
sitefacline=$(ssh root@${NM_AUTHELIA_IP} grep -Fn ${site} /mnt/web-data/authelia/config/configuration.yml | sort | tail -n1)
sitefacline=${onefacline%%:*}
if "${sitefacline}" == "" ]; then
lock='error'
elif [ ${sitefacline} -lt ${onefacline} ]; then
lock='1FA'
elif [ ${sitefacline} -lt ${twofacline} ]; then
lock='2FA'
fi
else
lock='-'
fi
[ ${i} -lt 10 ] && ii=" ${i}" || ii=${i}
[ "${1}" == "edit" ] && msg1="${ii}) ${site}" || msg1="${site}"
if [ "${1}" == "edit" ]; then
printf "%-32s %-8s %-6s %-6s %-6s %-6s %-6s %-14s\n" "${msg1}" "${type}" "${ssl}" "${hsts}" "${wbskt}" "${explt}" "${lock}" "${proxyhost}"
else
printf "%-28s %-8s %-6s %-6s %-6s %-6s %-6s %-14s\n" "${msg1}" "${type}" "${ssl}" "${hsts}" "${wbskt}" "${explt}" "${lock}" "${proxyhost}"
fi
SITELIST[${i}]=${site}
i=`expr $i + 1`
done
else
i=0
for sitefile in ${sites[@]}; do
site=${sitefile##*/}; site=${site/.conf/}
SITELIST[${i}]=${site}
i=`expr $i + 1`
done
fi
if [ "${1}" == "edit" ]; then
while [ "${edit^}" != "E" ]; do
if [ "${2}" == "" ]; then
echo -en "\n${idsCL[LightCyan]}Enter the site number you want to edit: ${idsCL[Default]}"
read siteid
echo
elif [ "${siteid}" == "" ]; then
siteid=${2}
fi
site=${SITELIST[${siteid}]}
sitefile=${gosite}/${site}.conf
if [ "$(grep \#ssl_certificate ${sitefile})" != "" ]; then
ssl='-'
SUBJECTNAMES=""
else
ssl='Yes'
certpath=$(grep ssl_certificate_key ${sitefile})
certpath=${certpath%/*}; certpath=${certpath#* }
SUBJECTNAMES=$(openssl x509 -in ${certpath}/cert.pem -noout -text|grep -oP '(?<=DNS:|IP Address:)[^,]+'|sort -uV)
CERTEXPIRE=$(date -d "$(: | openssl x509 -in ${certpath}/cert.pem -text | grep 'Not After' |awk '{print $4,$5,$7}')" '+%s');
SUBJECTNAMES=${SUBJECTNAMES//$'\n'/, }
fi
if [ "$(grep include/proxy.conf ${sitefile})" != "" ]; then
type='Proxy'
server=$(grep 'set $server' ${sitefile})
server=${server#*\"}; server=${server%\"*}
servernames=$(grep 'server_name' ${sitefile})
servernames=${servernames//;/}
servernames=${servernames#* }
servernames=${servernames// /,}
scheme=$(grep 'set $forward_scheme' ${sitefile})
scheme=${scheme##* }; scheme=${scheme%;*}
port=$(grep 'set $port' ${sitefile})
port=${port##* }; port=${port%;*}
else
type='HTTP'
fi
[ "$(grep '\#include conf.d/include/hsts-support.conf' ${sitefile})" != "" ] && hsts='-' || hsts='Yes'
[ "$(grep '\#include conf.d/include/websocket-support.conf' ${sitefile})" != "" ] && wbskt='-' || wbskt='Yes'
[ "$(grep '\#include conf.d/include/block-exploits.conf' ${sitefile})" != "" ] && explt='-' || explt='Yes'
# [ "$(grep '\#include conf.d/include/secure-access.conf' ${sitefile})" != "" ] && lock='-' || lock='Yes'
if [ "$(grep '\#include conf.d/include/secure-access.conf' ${sitefile})" == "" ]; then
sitefacline=$(ssh root@${NM_AUTHELIA_IP} grep -Fn ${site} /mnt/web-data/authelia/config/configuration.yml | sort | tail -n1)
sitefacline=${onefacline%%:*}
if "${sitefacline}" == "" ]; then
lock='error'
elif [ ${sitefacline} -lt ${onefacline} ]; then
lock='1FA'
elif [ ${sitefacline} -lt ${twofacline} ]; then
lock='2FA'
fi
else
lock='-'
fi
f=0
until [ "${edit}" = "c" ]; do
echo -e "\033[K${idsCL[White]}0) Site Address(es): ${idsCL[Cyan]}${idsST[Bold]}${servernames}${idsST[Reset]}"
echo -e "\033[K${idsCL[White]}1) Site Type: ${idsCL[Cyan]}${idsST[Bold]}${type}${idsST[Reset]}"
echo -en "\033[K${idsCL[White]}2) SSL Secure: ${idsCL[Cyan]}${idsST[Bold]}${ssl}${idsST[Reset]}"
[ "${SUBJECTNAMES}" != "" ] && echo -e " ${idsCL[Cyan]}[SSL Names: ${idsCL[Yellow]}${SUBJECTNAMES}${idsCL[Cyan]}; expires ${idsCL[Yellow]}$(date -d @${CERTEXPIRE} '+%m-%d-%Y')${idsCL[Cyan]}]" || echo
echo -e "\033[K${idsCL[White]}3) HSTS Enabled ${idsCL[Cyan]}${idsST[Bold]}${hsts}${idsST[Reset]}"
echo -e "\033[K${idsCL[White]}4) Web Sockets: ${idsCL[Cyan]}${idsST[Bold]}${wbskt}${idsST[Reset]}"
echo -e "\033[K${idsCL[White]}5) Exploits Block: ${idsCL[Cyan]}${idsST[Bold]}${explt}${idsST[Reset]}"
echo -e "\033[K${idsCL[White]}6) Secured Access: ${idsCL[Cyan]}${idsST[Bold]}${lock}${idsST[Reset]}"
if [ "${type}" == "Proxy" ]; then
echo -e "\033[K${idsCL[White]}7) Proxy Address: ${idsCL[Cyan]}${idsST[Bold]}${server}${idsST[Reset]}"
echo -e "\033[K${idsCL[White]}8) Proxy Scheme: ${idsCL[Cyan]}${idsST[Bold]}${scheme}${idsST[Reset]}"
echo -e "\033[K${idsCL[White]}9) Proxy Port: ${idsCL[Cyan]}${idsST[Bold]}${port}${idsST[Reset]}"
else
echo -e "\033[K"
echo -e "\033[K"
echo -e "\033[K"
fi
if [ "${edit}" != "s" ]; then
# if [ $f -eq 0 ]; then
echo -e "\033[K"
echo -e "\033[K"
echo -e "\033[K"
echo -e "\033[K (${idsCL[Green]}s${idsCL[Default]})ave, (${idsCL[Red]}c${idsCL[Default]})ancel, (${idsCL[Green]}e${idsCL[Default]})xit"
echo -e "\033[K"
echo -e "\033[K"
echo -e "\033[7A"
# fi
echo -en "\n\033[K${idsCL[LightCyan]}Enter the line number to edit: ${idsCL[Default]}"
read -n 1 edit
case "${edit}" in
0) echo -e "\033[K\n\033[K"
echo -en "\033[KEnter new Server Names (comma seperated): "
read -i "${servernames}" -e servernames
servernames=${servernames//, /,}
echo -e "\033[5A"; for (( c=1; c<=5; c++ )); do echo -e "\033[K"; done; echo -e "\033[5A"
;;
1) [ "${type}" == "HTTP" ] && type='Proxy' || type='HTTP';;
2) [ "${ssl}" == "-" ] && ssl='Yes' || ssl='-';;
3) [ "${hsts}" == "-" ] && hsts='Yes' || hsts='-';;
4) [ "${wbskt}" == "-" ] && wbskt='Yes' || wbskt='-';;
5) [ "${explt}" == "-" ] && explt='Yes' || explt='-';;
6) [ "${lock}" == "-" ] && lock='1FA'
[ "${lock}" == "1FA" ] && lock='2FA'
[ "${lock}" == "2FA" ] && lock='-'
;;
7) echo -e "\033[K\n\033[K"
echo -en "\033[KEnter new Proxy Address: "
read -i "${server}" -e server
echo -e "\033[5A"; for (( c=1; c<=5; c++ )); do echo -e "\033[K"; done; echo -e "\033[5A"
# echo -e "\033[5A"; echo -e "\033[K"; echo -e "\033[K"; echo -e "\033[K"; echo -e "\033[K"; echo -e "\033[K"; echo -e "\033[5A"
;;
8) [ "${scheme}" == "http" ] && scheme='https' || scheme='http';;
9) echo -e "\033[K\n\033[K"
echo -en "\033[KEnter new Proxy Port: "
read -i "${port}" -e port
echo -e "\033[5A"; for (( c=1; c<=5; c++ )); do echo -e "\033[K"; done; echo -e "\033[5A"
# echo -e "\033[5A"; echo -e "\033[K"; echo -e "\033[K"; echo -e "\033[K"; echo -e "\033[K"; echo -e "\033[K"; echo -e "\033[5A"
;;
[Ee])
echo -e "\n\033[K\n\033[K"
exit 0
;;
[Cc])
# echo -e "\n\033[K\033[6A";
# echo -e "\033[K\n\033[K\n\033[K\n\033[K\n\033[K\n\033[K";
# echo -e "\033[6A"
break 3
;;
*) ;;
esac
# [ "$edit" = "7" ] && echo -e "\033[5A"; echo -e "\033[K"; echo -e "\033[K"; echo -e "\033[K"; echo -e "\033[K"; echo -e "\033[K"; echo -e "\033[5A"
[ "${edit}" == "" ] && echo -e "\033[13A" || echo -e "\033[12A"
else
echo -en "\n\033[K${idsCL[LightCyan]}Confirm changes (Y/n): ${idsCL[Default]}"
read -n 1 confirm
case "${confirm}" in
[Nn])
edit=''
echo -e "\033[12A"
;;
*)
echo -e "\n\033[K\n\033[K"
NEWPROXYSITE_CREATE ${site} ${servernames} ${server} ${port} ${scheme} ${wbskt} ${hsts} ${explt} ${lock} ${ssl}
break 3
;;
esac
fi
f=1
done
done
echo
fi
else
echo -e "\nNo site information found for this node"
fi
echo
# end=`date +%s`
# runtime=$((end-start))
# echo "runtime: ${runtime}"
# echo
}
Reference in New Issue View Git Blame Copy Permalink