* Now I can supply whatever backend I want

* Changed retrieve SSL certificate message * Place all certs in /etc/ssl * Added a new function cmd_exists to bootstrap.sh * Properly check for response code * Added Debug command line arguement * Refactor code
2021-11-09 01:52:55 -05:00 · 2021-11-09 01:52:55 -05:00 · 97199fc9f5
parent f25ed84a60
commit 97199fc9f5
2 changed files with 93 additions and 48 deletions
--- a/bootstrap.sh
+++ b/bootstrap.sh
@ -127,7 +127,7 @@ function run_cmd {
 	fi

 	## Check if command exists on system
-	if ! command -v $1; then
+	if ! cmd_exists $1; then
 		err "$1: command not found"
 	fi

@ -154,3 +154,11 @@ function run_cmd {


 }
+
+function cmd_exists
+{
+	if ! command -v $1 > /dev/null 2>&1; then
+		return 1
+	fi
+	return 0
+}
--- a/createVhosts.sh
+++ b/createVhosts.sh
@ -12,13 +12,17 @@ function usage
 	echo "        Domain to use when creating vhost"
    echo "    --root /var/www/html"
 	echo "        Root directory of this vhost"
-	echo "    --backend http://127.0.0.1"
-	echo "        Hostname of the backend server to pass traffic to"
-    echo "        Note: Do not specify a port"
+	echo "    --backend http://127.0.0.1:80"
+	echo "        URI of the backend server"
+    echo "        Note: port must be specified"
 	echo "    --listenip x.x.x.x"
 	echo "        IP to bind to when listening"
 	echo "    --desc x.x.x.x"
 	echo "        Description of VHosts"
+    echo "    --denotredirect"
+    echo "        Do not redirect HTTP to HTTPS"
+    echo "    -d | --debug"
+    echo "        Enable debug logging"
 	echo "    -h | --help"
 	echo "        Show this usage"

@ -32,28 +36,30 @@ function get_cert
    if [ "$DEBUG" = "1" ]; then
        _debug_arg="--debug"
    fi
-	/root/.acme.sh/acme.sh --issue --domain $_domain --webroot /srv/http-content-combined/ --cert-file /etc/nginx/ssl/${_domain}.crt --key-file /etc/nginx/ssl/${_domain}.key --fullchain-file /etc/nginx/ssl/${_domain}-fullchain.crt $_debug_arg
+	/root/.acme.sh/acme.sh --issue --domain $_domain --webroot /srv/http-content-combined/ --cert-file /etc/ssl/${_domain}.crt --key-file /etc/ssl/${_domain}.key --fullchain-file /etc/ssl/${_domain}-fullchain.crt $_debug_arg
    return $?
 }

 function reload_nginx
 {
    echo -n "Reloading Nginx..."
-    if systemctl reload nginx; then
+    if systemctl reload nginx > /dev/null 2>&1; then
        echo "Success"
    else
        echo "Failed"
+        return 1
    fi

    # Wait for nginx to reload
    sleep 0.5
+    return 0
 }

 function clean_up
 {
    debug "Removing Nginx configuration and logs..."
    rm $_vhost_conf_file
-    rm /var/log/nginx/$_domain.*
+    rm /var/log/nginx/$_domain.* > /dev/null 2>&1
    reload_nginx
    err $1
 }
@ -64,7 +70,7 @@ function verify_vhost
    local verify_path=/srv/http-content-combined/.well-known/
    local verify_file_name=verify.$_domain.html
    local verify_full_path=$verify_path$verify_file_name
-    local http_resp
+    local http_code

    if test -n "$_listenip"; then
        target=$_listenip
@ -72,12 +78,13 @@ function verify_vhost

    mkdir -p $verify_path
    touch $verify_full_path
-    http_resp=$(curl -I -H "Host: $_domain" http://$target/.well-known/$verify_file_name 2> /dev/null | grep 'HTTP/1.1 200 OK')
-    rm $verify_full_path
-    if test -z "$http_resp"; then
-        return 1
-    else
+    http_code=$(curl -I -H "Host: $_domain" http://$target/.well-known/$verify_file_name 2> /dev/null | grep 'HTTP/1.1' | cut -d " " -f 2)
+    
+    if [[ $http_code = '200' ]]; then
        return 0
+    else
+        debug "Expected HTTP response code '200' but got '$http_code' instead!"
+        return 1
    fi
 }

@ -94,10 +101,15 @@ else
    exit 1
 fi

+# check if we have the binaries we need to run
+if ! cmd_exists curl; then
+    err "Missing dependency: curl. Please run 'dnf install -y curl'"
+fi
+
 # gain priviledges
 become "$@"

-OPTS=$(getopt -o h -l domain:,root:,backend:,listenip:,desc:,donotredirect -n 'createVhosts' -- "$@")
+OPTS=$(getopt -o h,d -l domain:,root:,backend:,listenip:,desc:,donotredirect,debug -n 'createVhosts' -- "$@")
 if [ "$?" -gt '0' ]; then
    echo 'Failed to set command line arguments'
    exit 1;
@ -110,6 +122,7 @@ _donotredirect=false
 _root=""
 _backend=""
 _listenip=""
+_debug=false
 while true; do
 	case "$1" in
 		--domain )
@ -129,6 +142,9 @@ while true; do
 			shift ;;
        --donotredirect )
            _donotredirect=true
+            shift ;;
+        -d | --debug )
+            _debug=true
            shift ;;
 		-h | --help ) usage; shift ;;
 		-- ) shift; break ;;
@ -136,6 +152,15 @@ while true; do
 	esac
 done

+##
+## Begin processing command line arguments
+###########################################
+
+# Enable debugging
+if [[ $_debug = true ]]; then
+    DEBUG=1
+fi
+
 if [[ $_domain = false ]]; then
 	err "You must set domain"
 fi
@ -156,41 +181,43 @@ _locationblock_http=""
 _locationblock_https=""
 if test -n "$_backend"; then
    echo "Verifying backend(s)..."
-    _https_backend=$(echo $_backend | sed 's/http/https/')
-	if  validate_host $_https_backend:443; then
-
-#<<<<<<HEREDOC
-_locationblock_https=$(cat  <<- EOF
-        proxy_pass $_https_backend:443;
-        include proxy_params;
-EOF
-)
-#<<<<<<HEREDOC
-
-    else
+	if ! validate_host $_backend; then
        _check_host=failed
    fi

    # Include backend for HTTP traffic if donotredirect is enabled
    #
    if [ "$_donotredirect" = "true" ]; then
-        _http_backend=$(echo $_backend | sed 's/https/http/')
-        if validate_host $_http_backend:80; then
-
-#<<<<<<HEREDOC
+##Begin HEREDOC
 _locationblock_http=$(cat  <<- EOF
-        proxy_pass $_http_backend:80;
+        proxy_pass $_backend;
        include proxy_params;
 EOF
 )
-#<<<<<<HEREDOC
-
-        else
-            _check_host=failed
-        fi
+##End HEREDOC
    fi

-    if [ "$_check_host" = "failed" ]; then
+    if [ "$_check_host" = "success" ]; then
+        # Include backend for HTTP traffic if donotredirect is enabled
+        #
+        if [ "$_donotredirect" = "true" ]; then
+##Begin HEREDOC
+_locationblock_http=$(cat  <<- EOF
+        proxy_pass $_backend;
+        include proxy_params;
+EOF
+)
+##End HEREDOC
+        fi
+
+##Begin HEREDOC
+_locationblock_https=$(cat  <<- EOF
+        proxy_pass $_backend;
+        include proxy_params;
+EOF
+)
+##End HEREDOC
+    else
        err "Invalid hostname: $_backend. Not resolvable!"
    fi
 fi
@ -208,14 +235,6 @@ if test -z "$_root" -a -z "$_backend"; then
    err "You must specify either --root or --backend!"
 fi

-echo -n "Checking if /srv/http-content-combined/ exists?"
-if ! test -d /srv/http-content-combined; then
-	echo " Creating..."
-	mkdir -p /srv/http-content-combined/
-else
-	echo " Yes!"
-fi
-
 echo -n "Checking if we should redirect?"
 if [ "$_donotredirect" = "false" ]; then
    echo " Yes, enabling redirect!"
@ -224,6 +243,22 @@ else
    echo " No!"
 fi

+##
+## End processing command line arguments
+###########################################
+
+##
+## Begin issuing certificate
+###########################################
+
+echo -n "Checking if /srv/http-content-combined/ exists?"
+if ! test -d /srv/http-content-combined; then
+    echo " Creating..."
+    mkdir -p /srv/http-content-combined/
+else
+    echo " Yes!"
+fi
+
 _vhost_conf_file=/etc/nginx/conf.d/${_domain}.conf

 echo -n "Checking if $_vhost_conf_file exists? "
@ -261,7 +296,9 @@ EOF
 echo "Setting permissions on conf file..."
 setfacl -m user:sysadmin:rw $_vhost_conf_file

-reload_nginx
+if  ! reload_nginx; then
+    clean_up "Failed to reload Nginx"
+fi

 echo "Verifying vhost..."
 if ! verify_vhost; then
@ -283,8 +320,8 @@ server {
    error_log /var/log/nginx/${_domain}.error.log;
    access_log /var/log/nginx/${_domain}.access.log main;

-    ssl_certificate ssl/${_domain}-fullchain.crt;
-    ssl_certificate_key ssl/${_domain}.key;
+    ssl_certificate /etc/ssl/${_domain}-fullchain.crt;
+    ssl_certificate_key /etc/ssl/${_domain}.key;

    location / {
 ${_locationblock_https}