voltron/NodeMgmt
1
1
Fork 0
Code Issues Pull Requests Releases 1 Activity
Files
eccc8dfcd5736c9ddc5f68cd8ebfdbe4b38b2b1d
NodeMgmt/inc/sites.inc
David Schroeder 67df734ca3 update
2023-08-06 18:16:20 -05:00

781 lines
27 KiB
Bash
Executable File
Raw Blame History

#!/usr/bin/env bash
DELSITE(){
while [ $# -gt 0 ]; do
case "$1" in
-site) DEL_SITE=${2};;
-ssl) DEL_SSL=${2};;
-list) DELSITES; exit 0;;
-*)
echo "Invalid option: '${1}' requires an argument" 1>&2
echo
echo -e "Usage: ${idsCL[Yellow]}nodemgmt delsite${idsCL[Default]} {"
width=33
printf "%-${width}s- %s\n" " -site {FQDN address}" "(*required)"
printf "%-${width}s- %s\n" " -ssl {yes or [no]}" "Delete SSL certs as well"
printf "%-${width}s- %s\n" " -list" "List sites (same as running nodemgmt delsites)"
echo "}"
exit 1;;
esac
shift
done
if [ -z ${DEL_SITE+x} ]; then
echo -e -n "${idsCL[LightCyan]}Delete what site address: ${idsCL[Default]}"
read DEL_SITE
echo
fi
if [[ $DEL_SSL =~ ^[Nn]$ ]]; then
DEL_SSL=no
elif [[ $DEL_SSL =~ ^[Yy]$ ]]; then
DEL_SSL=yes
elif [ -z ${DEL_SSL+x} ]; then
echo -e -n "${idsCL[LightRed]}Do you also want to delete the certs for '${DEL_SITE}' as well? [y/N]${idsCL[Default]} "
read DEL_SSL
if [[ $DEL_SSL =~ ^[Nn]$ ]]; then
DEL_SSL=no
elif [[ $DEL_SSL =~ ^[Yy]$ ]]; then
DEL_SSL=yes
fi
fi
if [ ! -z ${DEL_SITE+x} ] && [ "${DEL_SITE}" != "" ]; then
echo -e "${idsCL[LightRed]}Deleting site '${idsCL[Red]}${DEL_SITE^^}${idsCL[LightRed]}'...${idsCL[Default]}"
echo
echo -e "${idsCL[LightRed]}[[Removing Files and Folders]]${idsCL[Default]}"
echo -e "${idsCL[LightRed]}-------------------------------------------${idsCL[Default]}"
echo
echo -en "${idsCL[LightCyan]}Removing NGINX files ... ${idsCL[Default]}"
rm -f ${NM_NGINXPATH}/sites-enabled/${DEL_SITE}* >/dev/null 2>&1
echo -e "${idsCL[Green]}Done${idsCL[Default]}"
echo
if [ "${DEL_SSL}" == "yes" ]; then
DEL-SSL ${DEL_SITE}
echo
fi
ssh root@${NM_SINGLESRVR_IP['WEB']} sed -i "/${DEL_SITE}/d" ${NM_DOCKER_COMPOSE_LOC['authelia']}/config/configuration.yml
# echo -en "${idsCL[LightCyan]}Reloading NGINX ... ${idsCL[Default]}"
SERVICE nginx reload
# echo -e "${idsCL[Green]}Done${idsCL[Default]}"
# nid=1
# for nip in "${WEB_HOSTS[@]}"; do
# if [[ $(/sbin/ip -o -4 addr list eth0 | awk '{print $4}' | cut -d/ -f1) == *"${nip}"* ]]; then
# nip='localhost '
# NCMD=''
# else
# NCMD="ssh root@${nip}"
# fi
# echo -en "Removing from Webserver-Node${nid} ($nip)... ${idsCL[Default]}"
# if [ "${NCMD}" != "" ]; then
# checkhost=$(CHECK_HOST ${nip})
# fi
# if [ "${checkhost}" != "false" ]; then
# #if [ -f ${NM_NGINXPATH}/sites-available/${DEL_SITE} ]; then
# ${NCMD} rm -f ${NM_NGINXPATH}/sites-available/${DEL_SITE}*
# ${NCMD} rm -f ${NM_NGINXPATH}/sites-enabled/${DEL_SITE}*
# #fi
# #if [ -d /var/www/${DEL_SITE} ]; then
# ${NCMD} rm -rf /var/www/${DEL_SITE}
# #fi
# if [ "${DEL_SSL}" = "yes" ]; then
# ${NCMD} rm -rf ${NM_CERTPATH}/archive/${DEL_SITE}
# ${NCMD} rm -rf ${NM_CERTPATH}/live/${DEL_SITE}
# ${NCMD} rm -f ${NM_CERTPATH}/renewal/${DEL_SITE}.conf
# fi
# echo -e "${idsCL[Green]}OK${idsCL[Default]}"
# else
# echo -e "${idsCL[Red]}Node is down${idsCL[Default]}"
# fi
# nid=`expr $nid + 1`
# done
# echo
# SERVICE nginx reload ns
echo -e "${idsCL[LightRed]}Site has been deleted.${idsCL[Default]}"
else
echo "Missing arguments"
echo
echo -e "Usage: ${idsCL[Yellow]}nodemgmt delsite${idsCL[Default]} {"
width=33
printf "%-${width}s- %s\n" " -site {FQDN address}" "Site to delete"
printf "%-${width}s- %s\n" " -ssl {yes or [no]}" "Delete SSL certs as well"
printf "%-${width}s- %s\n" " -list" "List sites (same as running nodemgmt delsites)"
echo "}"
exit 1
fi
}
DELSITES(){
echo
echo -e "${idsCL[Red]}Select a site to delete...${idsCL[Default]}"
DIVIDER true
sid=1
# filels="( $(ssh root@${LB_HOSTS[0]} ls ${NM_NGINXPATH}/sites-enabled/*) )"
filels="( $(ls ${NM_NGINXPATH}/sites-enabled/*) )"
# IFS='\n'
for siteconf in $filels; do
# for siteconf in "${NM_NGINXPATH}/sites-enabled/*" ; do
# [ -e "$siteconf" ] || continue
if [ ${siteconf:0:1} == '/' ]; then
IFS='/'; site_conf=(${siteconf}); unset IFS
[ "${site_conf[3]}" == "sites-enabled" ] && SITES[${sid}]=${site_conf[4]/.conf/} || [ "${site_conf[4]}" == "sites-enabled" ] && SITES[${sid}]=${site_conf[5]/.conf/}
sid=`expr $sid + 1`
fi
done
for s in "${!SITES[@]}"; do
echo -e " [${idsCL[Yellow]}${s}${idsCL[Default]}] ${SITES[${s}]}"
done
echo
if [ -z $action ] || [ "${action}" = "gui" ]; then
echo " [B] Back"
fi
echo " [Q] Quit"
echo
echo -e -n "${idsCL[LightYellow]}Please select a site from above from above:${idsCL[Default]} "
read selsite
echo
if [ -z ${SITES[$selsite]} ] && [ "${selsite}" != "Q" ] && [ "${selsite}" != "q" ] && [ "${selsite}" != "B" ] && [ "${selsite}" != "b" ]; then
echo "Thats an invaild option,"
echo "please select a valid option only."
sleep 1
DELSITES
exit 0
elif [ "${selsite}" = "Q" ] || [ "${selsite}" = "q" ]; then
exit 0
elif [ "${selsite}" = "B" ] || [ "${selsite}" = "b" ]; then
GUI
else
while :
do
echo -e -n "${idsCL[LightRed]}Are you sure you want to delete '${idsCL[Red]}${SITES[${selsite}]^^}${idsCL[LightRed]}'? [y/N]${idsCL[Default]} "
read response
echo
if [[ $response =~ ^[Yy]$ ]]; then
echo -e -n "${idsCL[LightRed]}Do you also want to delete the certs for '${idsCL[Red]}${SITES[${selsite}]^^}${idsCL[LightRed]}', if they exist? [y/N]${idsCL[Default]} "
read sslresponse
DELSITE -site ${SITES[${selsite}]} -ssl ${sslresponse}
echo
DIVIDER
ENTER2CONTINUE
break
else
break
fi
done
DELSITES
exit 0
fi
if [ -z $action ] || [ "${action}" = "gui" ]; then
ENTER2CONTINUE
fi
}
LISTSITES(){
echo
echo -e "${idsCL[Red]}NGINX Site Config...${idsCL[Default]}"
DIVIDER true
# filels="( $(ssh root@${LB_HOSTS[0]} ls ${NM_NGINXPATH}/sites-enabled/*) )"
filels="( $(ls ${NM_NGINXPATH}/sites-enabled/*) )"
for siteconf in $filels; do
if [ ${siteconf:0:1} == '/' ]; then
IFS='/'; site_conf=(${siteconf}); unset IFS
[ "${site_conf[3]}" == "sites-enabled" ] && SITENAME=${site_conf[4]/.conf/} || [ "${site_conf[4]}" == "sites-enabled" ] && SITENAME=${site_conf[5]/.conf/}
[ grep -q "secure-access.conf" ${siteconf} ] && SECURE=Yes || SECURE=No
[ grep -q "websocket-support.conf" ${siteconf} ] && WEBSOCKET=Yes || WEBSOCKET=No
[ grep -q "hsts-support.conf" ${siteconf} ] && HSTS=Yes || HSTS=No
[ grep -q "block-exploits.conf" ${siteconf} ] && EXPLOITS=Yes || EXPLOITS=No
echo -e "${SITENAME} - ${SECURE} - ${WEBSOCKET} - ${HSTS} - ${EXPLOITS}"
fi
done
if [ -z $action ] || [ "${action}" = "gui" ]; then
ENTER2CONTINUE
fi
}
NEWSITE(){
echo
while [ $# -gt 0 ]; do
case "$1" in
-site) NEW_SITE=${2};;
-type) SITE_TYPE=${2};;
-ssl) CREATE_SSL=${2};;
-proxy_scheme) PROXYSCHEME=${2};;
-proxy_host) PROXYHOST=${2};;
-proxy_port) PROXYPORT=${2};;
-websocket) WEBSOCKET=${2};;
-hsts) HSTS=${2};;
-exploits) EXPLOITS=${2};;
-secure) SECURE=${2};;
-h | -help | --help)
echo
echo -e "Usage: ${idsCL[Yellow]}nodemgmt newcert${idsCL[Default]} {"
width=33
printf "%-${width}s- %s\n" " -site {FQDN address(,es)}" "(new site and aliases, comma separated)"
printf "%-${width}s- %s\n" " -ssl {yes or no}" "(defaults to yes)"
printf "%-${width}s- %s\n" " -type {'local' or 'proxy'}" "(defaults to local)"
printf "%-${width}s- %s\n" " -proxy_port {host port}" "(proxy backend host)"
printf "%-${width}s- %s\n" " -proxy_host {IP or FQDN}" "(proxy backend port)"
printf "%-${width}s- %s\n" " -proxy_scheme {http or https}" "(proxy backend scheme)"
printf "%-${width}s- %s\n" " -websocket {yes or no}" "(websocket support)"
printf "%-${width}s- %s\n" " -hsts {yes or no}" "(hsts support)"
printf "%-${width}s- %s\n" " -exploits {yes or no}" "(block exploits)"
printf "%-${width}s- %s\n" " -secure {yes or no}" "(secure access [nginx/.htpasswd])"
echo "}"
exit 1;;
esac
shift
done
#if [ -z ${SITE_TYPE+x} ]; then SITE_TYPE=local; fi
#if [ -z ${CREATE_SSL+x} ]; then CREATE_SSL=true; fi
if [ -z ${NEW_SITE+x} ]; then
echo -e -n "${idsCL[LightCyan]}New site domain name (comma seperated for multiple) : ${idsCL[Default]}"
read NEW_SITE
showdivide=yes
fi
if [ -z ${CREATE_SSL+x} ]; then
echo -e -n "${idsCL[LightCyan]}Create SSL for site? [Y/n] ${idsCL[Default]}"
read CREATE_SSL
showdivide=yes
if [[ $CREATE_SSL =~ ^[Yy]$ ]] || [ "${CREATE_SSL}" = "" ]; then
CREATE_SSL=yes
# echo -e -n "${idsCL[LightCyan]}Add additonal domain names to the SSL cert (comma seperated)? : ${idsCL[Default]}"
# read ssladd
else
CREATE_SSL=no
fi
fi
if [ -z ${SITE_TYPE+x} ]; then
echo -e -n "${idsCL[LightCyan]}Site type (local/{proxy}): ${idsCL[Default]}"
read SITE_TYPE
showdivide=yes
if [ "${SITE_TYPE}" = "" ]; then
SITE_TYPE=proxy
fi
fi
if [ "${SITE_TYPE}" = "proxy" ]; then
if [ -z ${PROXYHOST+x} ]; then
echo -e -n "${idsCL[LightCyan]}What is the proxy backend address (IP or FQDN): ${idsCL[Default]}"
read PROXYHOST
showdivide=yes
fi
if [ -z ${PROXYPORT+x} ]; then
echo -e -n "${idsCL[LightCyan]}What is the proxy backend port (tcp port): ${idsCL[Default]}"
read PROXYPORT
showdivide=yes
fi
if [ -z ${PROXYSCHEME+x} ]; then
echo -e -n "${idsCL[LightCyan]}What is the proxy backend scheme (http/https): ${idsCL[Default]}"
read PROXYSCHEME
showdivide=yes
fi
if [ -z ${WEBSOCKET+x} ]; then
echo -e -n "${idsCL[LightCyan]}Enable Websocket Support (y/N): ${idsCL[Default]}"
read WEBSOCKET
showdivide=yes
if [[ ${WEBSOCKET} =~ ^[Nn]$ ]] || [ "${WEBSOCKET}" = "" ]; then
WEBSOCKET=no
elif [[ ${WEBSOCKET} =~ ^[Yy]$ ]]; then
WEBSOCKET=yes
else
WEBSOCKET=no
fi
fi
if [ -z ${HSTS+x} ]; then
echo -e -n "${idsCL[LightCyan]}Enable HSTS Support (Y/n): ${idsCL[Default]}"
read HSTS
showdivide=yes
[[ ${HSTS} =~ ^[Yy]$ ]] || [ "${HSTS}" = "" ] &&HSTS=yes || HSTS=no
fi
if [ -z ${EXPLOITS+x} ]; then
echo -e -n "${idsCL[LightCyan]}Block exploits (y/N): ${idsCL[Default]}"
read EXPLOITS
showdivide=yes
if [[ ${EXPLOITS} =~ ^[Nn]$ ]] || [ "${EXPLOITS}" = "" ]; then
EXPLOITS=no
elif [[ ${EXPLOITS} =~ ^[Yy]$ ]]; then
EXPLOITS=yes
else
EXPLOITS=no
fi
fi
if [ -z ${SECURE+x} ]; then
echo -e -n "${idsCL[LightCyan]}Secure site with Authelia SSO (y/N): ${idsCL[Default]}"
read SECURE
showdivide=yes
if [[ ${SECURE} =~ ^[Nn]$ ]] || [ "${SECURE}" = "" ]; then
SECURE=no
elif [[ ${SECURE} =~ ^[Yy]$ ]]; then
SECURE=yes
else
SECURE=no
fi
fi
fi
[ "${showdivide}" == "yes" ] && DIVIDER
echo
width=14
printf "%-${width}s: %s\n" "New site" "${NEW_SITE}"
printf "%-${width}s: %s\n" "Create SSL" "${CREATE_SSL}"
printf "%-${width}s: %s\n" "Site type" "${SITE_TYPE}"
if [ "${SITE_TYPE}" = "proxy" ]; then
printf "%-${width}s: %s\n" "Proxy host" "${PROXYHOST}"
printf "%-${width}s: %s\n" "Proxy port" "${PROXYPORT}"
printf "%-${width}s: %s\n" "Proxy scheme" "${PROXYSCHEME}"
printf "%-${width}s: %s\n" "Websocket Support" "${WEBSOCKET}"
printf "%-${width}s: %s\n" "HSTS Support" "${HSTS}"
printf "%-${width}s: %s\n" "Block Exploits" "${EXPLOITS}"
printf "%-${width}s: %s\n" "Secure Access" "${SECURE}"
fi
echo -e -n "${idsCL[LightRed]}Is this information correct? [Y/n]${idsCL[Default]} "
read -n 1 response
echo
if [[ $response =~ ^[Yy]$ ]] || [ "${response}" = "" ]; then
if [[ ${NEW_SITE} == *","* ]]; then
IFS=','; NEW_SITES=(${NEW_SITE}); unset IFS
MAIN_SITE=${NEW_SITES[0]}
NGINX_SERVERNAME=${NEW_SITE//[,]/ }
else
MAIN_SITE=${NEW_SITE}
NGINX_SERVERNAME=${NEW_SITE}
fi
nginxconfig=${NM_NGINXPATH}/sites-enabled/${MAIN_SITE}.conf
if [ "${SITE_TYPE}" = "proxy" ]; then
if [ ! -z ${PROXYSCHEME+x} ] && [ ! -z ${PROXYHOST+x} ] && [ ! -z ${PROXYPORT+x} ]; then GO=true; fi
else GO=true
fi
if [ "${GO}" = "true" ]; then
echo -e "${idsCL[LightGreen]}Setting up new site for '${idsCL[Yellow]}${MAIN_SITE}${idsCL[LightGreen]}' {${NGINX_SERVERNAME}}...${idsCL[Default]}"
echo
[ "${WEBSOCKET}" == "yes" ] && WEBSOCKET="include conf.d\/include\/websocket-support.conf;" || WEBSOCKET=""
[ "${HSTS}" == "yes" ] && HSTS="include conf.d\/include\/hsts-support.conf;" || HSTS=""
[ "${EXPLOITS}" == "yes" ] && EXPLOITS="include conf.d\/include\/block-exploits.conf;" || EXPLOITS=""
if [ "${SECURE}" == "yes" ]; then
SECURE="include conf.d\/include\/secure-access.conf;"
ssh root@${NM_SINGLESRVR_IP['WEB']} "sed -ie \"/domain: # Proxies only requiring username and password/a ~~~ - \\\"${MAIN_SITE}\\\"\" ${NM_DOCKER_COMPOSE_LOC['authelia']}/config/configuration.yml"
ssh root@${NM_SINGLESRVR_IP['WEB']} "sed -i \"s/~~~/ /g\" ${NM_DOCKER_COMPOSE_LOC['authelia']}/config/configuration.yml"
ssh root@${NM_SINGLESRVR_IP['WEB']} "/usr/bin/docker restart authelia"
else
SECURE=""
fi
######################################### LOCAL
if [ "${SITE_TYPE}" = "local" ]; then
echo -e "server {
listen 80;" > ${nginxconfig}
if [ "${CREATE_SSL}" = "yes" ]; then
echo -e " listen 443 ssl http2;" >> ${nginxconfig}
fi
echo -e "
server_name ${NGINX_SERVERNAME};
set \$base /var/www/${MAIN_SITE};
root \$base/public_html;
access_log /var/log/nginx/${MAIN_SITE}-access.log;
error_log /var/log/nginx/${MAIN_SITE}-error.log warn;" >> ${nginxconfig}
if [ "${CREATE_SSL}" = "yes" ]; then
echo -e "
ssl_certificate_key ${NM_CERTPATH}/live/${MAIN_SITE}/fullchain.pem;
ssl_certificate_key ${NM_CERTPATH}/live/${MAIN_SITE}/privkey.pem;
include conf.d/include/ssl-ciphers.conf;" >> ${nginxconfig}
fi
echo -e "
index index.php;
location / {
try_files \$uri \$uri/ /index.php?\$query_string;" >> ${nginxconfig}
if [ "${CREATE_SSL}" = "yes" ]; then
echo -e " include conf.d/include/force-ssl.conf;" >> ${nginxconfig}
fi
echo -e " }
location ~ \.php\$ {
fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;
include conf.d/include/php_fastcgi.conf;
}
include conf.d/include/general.conf;" >> ${nginxconfig}
if [ "${CREATE_SSL}" = "yes" ]; then
echo -e " include conf.d/include/letsencrypt-acme-challenge.conf;" >> ${nginxconfig}
fi
echo -e "}" >> ${nginxconfig}
sudo -u www-data mkdir -p /var/www/${MAIN_SITE}/{public_html,nginx_logs}
# echo -en "${idsCL[LightYellow]}Waiting for folder replication across the webserver nodes... ${idsCL[Default]}"
# for nip in "${WEB_HOSTS[@]}"; do
# checkhost=$(CHECK_HOST ${nip})
# if [ "${checkhost}" != "false" ]; then
# if [[ $(/sbin/ip -o -4 addr list eth0 | awk '{print $4}' | cut -d/ -f1) != *"${nip}"* ]]; then
# checked=false
# until [ "${checked}" = "" ]; do
# checked=`ssh root@${nip} "[ ! -d /var/www/${MAIN_SITE} ] && echo does not exist"`
# done
# fi
# fi
# done
# echo -e "${idsCL[Green]}Completed${idsCL[Default]}"
#
# echo -en "${idsCL[LightYellow]}Setting folder permissions... ${idsCL[Default]}"
# SET-PERMISSIONS ${MAIN_SITE}
# echo -e "${idsCL[Green]}Completed${idsCL[Default]}"
######################################### PROXY
else
cp ${NM_FOLDER}/templates/nginx.proxy.site ${nginxconfig}
sed -i "s/<<SERVER_NAME>>/${NGINX_SERVERNAME}/g" ${nginxconfig}
sed -i "s/<<MAIN_SITE>>/${MAIN_SITE}/g" ${nginxconfig}
sed -i "s/<<PROXY_IP>>/${PROXYHOST}/g" ${nginxconfig}
sed -i "s/<<PROXY_PORT>>/${PROXYPORT}/g" ${nginxconfig}
sed -i "s/<<PROXY_SCHEME>>/${PROXYSCHEME}/g" ${nginxconfig}
sed -i "s/<<WEBSOCKET>>/${WEBSOCKET}/g" ${nginxconfig}
sed -i "s/<<HSTS>>/${HSTS}/g" ${nginxconfig}
sed -i "s/<<EXPLOITS>>/${EXPLOITS}/g" ${nginxconfig}
sed -i "s/<<SECURE>>/${SECURE}/g" ${nginxconfig}
sed -i "s%<<NM_CERTPATH>>%${NM_CERTPATH}%g" ${nginxconfig}
fi
if [ "${CREATE_SSL}" = "yes" ]; then
[ "${ssladd}" != "" ] && NEWCERT ${NEW_SITE},${ssladd} newsite || NEWCERT ${NEW_SITE} newsite
# if [ "${SITE_TYPE}" == "proxy" ]; then
sed -i "s/#ssl_certificate/ssl_certificate/g" ${nginxconfig}
# fi
fi
rm -f ${NM_FOLDER}/new-site.lastrun
daterun=`date +%Y-%m-%d-%H-%M-%S`
echo -e "${NEW_SITE}\n${daterun}" > ${NM_FOLDER}/new-site.lastrun
# yes | cp -rfH ${NM_FOLDER}/new-site.lastrun ${NM_NGINXPATH}/new-site.lastrun
# yes | cp -rfH ${NM_FOLDER}/new-site.lastrun /var/www/new-site.lastrun
# daterun=`date +%Y-%m-%d-%H-%M-%S`
# echo -e "${daterun}" >> ${NM_NGINXPATH}/new-site.lastrun
DIVIDER true
echo
echo -e "${idsCL[LightGreen]}The new site for '${idsCL[LightGreen]}${NEW_SITE}${idsCL[Default]}' has been created.${idsCL[Default]}"
echo
echo -e -n "${idsCL[LightCyan]}Reload NGINX on LB Nodes (Y/n): ${idsCL[Default]}"
read -n 1 NGINXRELOAD
if [[ ${NGINXRELOAD} =~ ^[Nn]$ ]]; then
tmp=''
else
# echo
# echo -en "${idsCL[LightYellow]}Verifying '${NEW_SITE}' replication across the nodes... ${idsCL[Default]}"
# for nip in "${LB_HOSTS[@]}"; do
# checkhost=$(CHECK_HOST ${nip})
# if [ "${checkhost}" != "false" ]; then
# if [[ $(/sbin/ip -o -4 addr list eth0 | awk '{print $4}' | cut -d/ -f1) != *"${nip}"* ]]; then
# checked=false
# until [ "${checked}" = "" ]; do
# checked=`ssh root@${nip} "[ ! -f ${nginxconfig} ] && echo '.'"`
# done
# fi
# fi
# done
# rm -f ${NM_CERTPATH}/live/${MAIN_CERT}/newcert
# echo -e "${idsCL[Green]}Completed${idsCL[Default]}"
echo
SERVICE nginx restart
fi
else
echo "Missing proxy arguments"
Exit 1
fi
else
${NM_SCRIPT} newsite
exit 0
fi
}
NEWPROXYSITE_CREATE(){
SITENAME=${1}
PROXYHOST=${2}
PROXYPORT=${3}
PROXYSCHEME=${4}
WEBSOCKET=${5}
HSTS=${6}
EXPLOITS=${7}
SECURE=${8}
# if [[ ${SITENAME} == *","* ]]; then
# IFS=','; ${SITENAMES}=(${SITENAME}); unset IFS
# MAIN_SITE=${SITENAMES[0]}
# NGINX_SERVERNAME=${SITENAMES//[,]/ }
# else
# MAIN_SITE=${SITENAME}
# NGINX_SERVERNAME=${SITENAME}
# fi
# cp ${NM_FOLDER}/templates/nginx.proxy.site ${nginxconfig}
# sed -i "s/<<SERVER_NAME>>/${NGINX_SERVERNAME}/g" ${nginxconfig}
# sed -i "s/<<MAIN_SITE>>/${MAIN_SITE}/g" ${nginxconfig}
# sed -i "s/<<PROXY_IP>>/${PROXYHOST}/g" ${nginxconfig}
# sed -i "s/<<PROXY_PORT>>/${PROXYPORT}/g" ${nginxconfig}
# sed -i "s/<<PROXY_SCHEME>>/${PROXYSCHEME}/g" ${nginxconfig}
# sed -i "s/<<WEBSOCKET>>/${WEBSOCKET}/g" ${nginxconfig}
# sed -i "s/<<HSTS>>/${HSTS}/g" ${nginxconfig}
# sed -i "s/<<EXPLOITS>>/${EXPLOITS}/g" ${nginxconfig}
# sed -i "s/<<SECURE>>/${SECURE}/g" ${nginxconfig}
}
SITEINFO(){
# start=`date +%s`
cw_spc1=30
cw_spc2=10
cw_spc3=7
cw_spc4=7
cw_spc5=7
cw_spc6=8
cw_spc7=15
dl=110
if [ "${1}" == "edit" ]; then
[ "${2}" == "" ] && echo -e "${idsCL[LightGreen]}Choose a site from the list below to edit: ${idsCL[Default]}"
else
echo -e "${idsCL[LightGreen]}Local NGINX Sites ${idsCL[Default]}"
fi
gosite=${NM_NGINXPATH[${RUN_NODE_TYPE}]}/sites-enabled
declare -A SITELIST
if [ "${gosite}" != "" ]; then
sites=$(find ${gosite}/*); i=0
if [ "${1}" == "" ] || ([ "${1}" == "edit" ] && [ "${2}" == "" ]); then
for sitefile in ${sites[@]}; do
site=${sitefile##*/}; site=${site/.conf/}
if (( i % 12 == 0 )) || [ $i = 0 ]; then
DIVIDER false yellow ${dl}
[ "${1}" == "edit" ] && msg1='##) Site Address' || msg1='Site Address'
echo -en "${idsST[Bold]}${idsCL[LightCyan]}"
printf "%-30s %-10s %-7s %-7s %-7s %-7s %-8s %-15s\n" "${msg1}" "Type" "SSL" "HSTS" "WBSKT" "EXPLT" "LOCK" "Proxy Connection"
echo -en "${idsST[Reset]}${idsCL[Default]}"
DIVIDER false yellow ${dl}
else
DIVIDER false darkGray ${dl}
fi
if [ "$(grep include/proxy.conf ${sitefile})" != "" ]; then
type='Proxy'
server=$(grep 'set $server' ${sitefile})
server=${server#*\"}; server=${server%\"*}
scheme=$(grep 'set $forward_scheme' ${sitefile})
scheme=${scheme##* }; scheme=${scheme%;*}
port=$(grep 'set $port' ${sitefile})
port=${port##* }; port=${port%;*}
c=0; spc7=''; spct=$((${cw_spc7}-${#server})); until [ $c = ${spct} ]; do spc7="${spc7} "; c=`expr $c + 1`; done
proxyhost="${scheme}://${server}:${port}"
else
type='HTTP'
proxyhost=''
fi
[ "$(grep ssl_certificate_key ${sitefile})" != "" ] && ssl='Yes' || ssl=''
[ "$(grep include/hsts-support.conf ${sitefile})" != "" ] && hsts='Yes' || hsts=''
[ "$(grep include/websocket-support.conf ${sitefile})" != "" ] && wbskt='Yes' || wbskt=''
[ "$(grep include/block-exploits.conf ${sitefile})" != "" ] && explt='Yes' || explt=''
[ "$(grep include/secure-access.conf ${sitefile})" != "" ] && lock='Yes' || lock=''
[ ${i} -lt 10 ] && ii=" ${i}" || ii=${i}
[ "${1}" == "edit" ] && msg1="${ii}) ${site}" || msg1="${site}"
printf "%-30s %-10s %-7s %-7s %-7s %-7s %-8s %-15s\n" "${msg1}" "${type}" "${ssl}" "${hsts}" "${wbskt}" "${explt}" "${lock}" "${proxyhost}"
SITELIST[${i}]=${site}
i=`expr $i + 1`
done
else
i=0
for sitefile in ${sites[@]}; do
site=${sitefile##*/}; site=${site/.conf/}
SITELIST[${i}]=${site}
i=`expr $i + 1`
done
fi
if [ "${1}" == "edit" ]; then
while [ "${edit^}" != "E" ]; do
if [ "${2}" == "" ]; then
echo -en "\n${idsCL[LightCyan]}Enter the site number you want to edit: ${idsCL[Default]}"
read siteid
echo
else
siteid=${2}
fi
site=${SITELIST[${siteid}]}
sitefile=${gosite}/${site}.conf
certpath=$(grep ssl_certificate_key ${sitefile})
if [ "${certpath}" != "" ]; then
ssl='Yes'
certpath=${certpath%/*}; certpath=${certpath#* }
SUBJECTNAMES=$(openssl x509 -in ${certpath}/cert.pem -noout -text|grep -oP '(?<=DNS:|IP Address:)[^,]+'|sort -uV)
CERTEXPIRE=$(date -d "$(: | openssl x509 -in ${certpath}/cert.pem -text | grep 'Not After' |awk '{print $4,$5,$7}')" '+%s');
SUBJECTNAMES=${SUBJECTNAMES//$'\n'/, }
else
ssl='-'
fi
if [ "$(grep include/proxy.conf ${sitefile})" != "" ]; then
type='Proxy'
server=$(grep 'set $server' ${sitefile})
server=${server#*\"}; server=${server%\"*}
scheme=$(grep 'set $forward_scheme' ${sitefile})
scheme=${scheme##* }; scheme=${scheme%;*}
port=$(grep 'set $port' ${sitefile})
port=${port##* }; port=${port%;*}
c=0; spc7=''; spct=$((${cw_spc7}-${#server})); until [ $c = ${spct} ]; do spc7="${spc7} "; c=`expr $c + 1`; done
proxyhost="${server}${spc7}:${port}"
else
type='HTTP'
proxyhost=''
fi
[ "$(grep include/hsts-support.conf ${sitefile})" != "" ] && hsts='Yes' || hsts='-'
[ "$(grep include/websocket-support.conf ${sitefile})" != "" ] && wbskt='Yes' || wbskt='-'
[ "$(grep include/block-exploits.conf ${sitefile})" != "" ] && explt='Yes' || explt='-'
[ "$(grep include/secure-access.conf ${sitefile})" != "" ] && lock='Yes' || lock='-'
f=0
until [ "${edit}" = "c" ]; do
echo -e "\033[K${idsCL[White]}0) Site Address: ${idsCL[Cyan]}${idsST[Bold]}${site}${idsST[Reset]}"
echo -e "\033[K${idsCL[White]}1) Site Type: ${idsCL[Cyan]}${idsST[Bold]}${type}${idsST[Reset]}"
echo -e "\033[K${idsCL[White]}2) SSL Secure: ${idsCL[Cyan]}${idsST[Bold]}${ssl}${idsST[Reset]} - ${idsCL[LightCyan]}(${SUBJECTNAMES})"
echo -e "\033[K${idsCL[White]}3) HSTS Enabled ${idsCL[Cyan]}${idsST[Bold]}${hsts}${idsST[Reset]}"
echo -e "\033[K${idsCL[White]}4) Web Sockets: ${idsCL[Cyan]}${idsST[Bold]}${wbskt}${idsST[Reset]}"
echo -e "\033[K${idsCL[White]}5) Exploits Block: ${idsCL[Cyan]}${idsST[Bold]}${explt}${idsST[Reset]}"
echo -e "\033[K${idsCL[White]}6) Secured Access: ${idsCL[Cyan]}${idsST[Bold]}${lock}${idsST[Reset]}"
if [ "${type}" == "Proxy" ]; then
echo -e "\033[K${idsCL[White]}7) Proxy Address: ${idsCL[Cyan]}${idsST[Bold]}${server}${idsST[Reset]}"
echo -e "\033[K${idsCL[White]}8) Proxy Scheme: ${idsCL[Cyan]}${idsST[Bold]}${scheme}${idsST[Reset]}"
echo -e "\033[K${idsCL[White]}9) Proxy Port: ${idsCL[Cyan]}${idsST[Bold]}${port}${idsST[Reset]}"
else
echo -e "\033[K"
echo -e "\033[K"
echo -e "\033[K"
fi
if [ "${edit}" != "s" ]; then
if [ $f -eq 0 ]; then
echo -e "\033[K"
echo -e "\033[K"
echo -e "\033[K (${idsCL[Green]}s${idsCL[Default]})ave, (${idsCL[Red]}c${idsCL[Default]})ancel, (${idsCL[Green]}e${idsCL[Default]})xit"
echo -e "\033[K"
echo -e "\033[K"
echo -e "\033[K"
echo -e "\033[7A"
fi
echo -en "\n\033[K${idsCL[LightCyan]}Enter the line number to edit: ${idsCL[Default]}"
read -n 1 edit
case "${edit}" in
0) ;;
1) [ "${type}" == "HTTP" ] && type='Proxy' || type='HTTP';;
2) ;;
3) [ "${hsts}" == "-" ] && hsts='Yes' || hsts='-';;
4) [ "${wbskt}" == "-" ] && wbskt='Yes' || wbskt='-';;
5) [ "${explt}" == "-" ] && explt='Yes' || explt='-';;
6) [ "${lock}" == "-" ] && lock='Yes' || lock='-';;
7)
echo -e "\033[K\n\033[K"
echo -en "\033[KEnter new Proxy Address: "
read server
echo -e "\033[5A"; echo -e "\033[K"; echo -e "\033[K"; echo -e "\033[K"; echo -e "\033[K"; echo -e "\033[K"; echo -e "\033[5A"
;;
8) [ "${scheme}" == "http" ] && scheme='https' || scheme='http';;
# 8)
# echo -e "\033[K\n\033[K"
# echo -en "\033[KEnter new Proxy Scheme (http/https): "
# read scheme
# echo -e "\033[5A"; echo -e "\033[K"; echo -e "\033[K"; echo -e "\033[K"; echo -e "\033[K"; echo -e "\033[K"; echo -e "\033[5A"
# ;;
9)
echo -e "\033[K\n\033[K"
echo -en "\033[KEnter new Proxy Port: "
read port
echo -e "\033[5A"; echo -e "\033[K"; echo -e "\033[K"; echo -e "\033[K"; echo -e "\033[K"; echo -e "\033[K"; echo -e "\033[5A"
;;
[Ee])
echo -e "\n\n\n"
exit 0
;;
[Cc])
echo -e "\n\033[K\033[6A";
echo -e "\033[K\n\033[K\n\033[K\n\033[K\n\033[K\n\033[K";
echo -e "\033[6A"
;;
esac
# [ "$edit" = "7" ] && echo -e "\033[5A"; echo -e "\033[K"; echo -e "\033[K"; echo -e "\033[K"; echo -e "\033[K"; echo -e "\033[K"; echo -e "\033[5A"
echo -e "\033[12A"
else
echo -en "\n\033[K${idsCL[LightCyan]}Confirm changes (Y/n): ${idsCL[Default]}"
read -n 1 confirm
case "${confirm}" in
[Nn])
edit=''
echo -e "\033[12A"
;;
*)
echo -e "\n\n\n"
# NEWPROXYSITE_CREATE ${site} ${server} ${port} ${scheme} ${wbskt} ${hsts} ${explt} ${lock}
# SITENAME=${1}
# PROXYHOST=${2}
# PROXYPORT=${3}
# PROXYSCHEME=${4}
# WEBSOCKET=${5}
# HSTS=${6}
# EXPLOITS=${7}
# SECURE=${8}
edit=c
;;
esac
fi
f=1
done
done
echo
fi
else
echo -e "\nNo site information found for this node"
fi
echo
# end=`date +%s`
# runtime=$((end-start))
# echo "runtime: ${runtime}"
# echo
}
Reference in New Issue View Git Blame Copy Permalink