From 97199fc9f5d34e4909b146abb63a6a8b4c4f726c Mon Sep 17 00:00:00 2001
From: Lutchy Horace <bugzbunny@lhpmail.us>
Date: Tue, 9 Nov 2021 01:52:55 -0500
Subject: [PATCH] * Now I can supply whatever backend I want

* Changed retrieve SSL certificate message

* Place all certs in /etc/ssl

* Added a new function cmd_exists to bootstrap.sh

* Properly check for response code

* Added Debug command line arguement

* Refactor code
---
 bootstrap.sh    |  10 +++-
 createVhosts.sh | 131 +++++++++++++++++++++++++++++++-----------------
 2 files changed, 93 insertions(+), 48 deletions(-)

diff --git a/bootstrap.sh b/bootstrap.sh
index 62cf12a..7f5b2c6 100644
--- a/bootstrap.sh
+++ b/bootstrap.sh
@@ -127,7 +127,7 @@ function run_cmd {
 	fi
 
 	## Check if command exists on system
-	if ! command -v $1; then
+	if ! cmd_exists $1; then
 		err "$1: command not found"
 	fi
 
@@ -154,3 +154,11 @@ function run_cmd {
 
 
 }
+
+function cmd_exists
+{
+	if ! command -v $1 > /dev/null 2>&1; then
+		return 1
+	fi
+	return 0
+}
\ No newline at end of file
diff --git a/createVhosts.sh b/createVhosts.sh
index e72c2ff..46a5175 100755
--- a/createVhosts.sh
+++ b/createVhosts.sh
@@ -12,13 +12,17 @@ function usage
 	echo "        Domain to use when creating vhost"
     echo "    --root /var/www/html"
 	echo "        Root directory of this vhost"
-	echo "    --backend http://127.0.0.1"
-	echo "        Hostname of the backend server to pass traffic to"
-    echo "        Note: Do not specify a port"
+	echo "    --backend http://127.0.0.1:80"
+	echo "        URI of the backend server"
+    echo "        Note: port must be specified"
 	echo "    --listenip x.x.x.x"
 	echo "        IP to bind to when listening"
 	echo "    --desc x.x.x.x"
 	echo "        Description of VHosts"
+    echo "    --denotredirect"
+    echo "        Do not redirect HTTP to HTTPS"
+    echo "    -d | --debug"
+    echo "        Enable debug logging"
 	echo "    -h | --help"
 	echo "        Show this usage"
 
@@ -32,28 +36,30 @@ function get_cert
     if [ "$DEBUG" = "1" ]; then
         _debug_arg="--debug"
     fi
-	/root/.acme.sh/acme.sh --issue --domain $_domain --webroot /srv/http-content-combined/ --cert-file /etc/nginx/ssl/${_domain}.crt --key-file /etc/nginx/ssl/${_domain}.key --fullchain-file /etc/nginx/ssl/${_domain}-fullchain.crt $_debug_arg
+	/root/.acme.sh/acme.sh --issue --domain $_domain --webroot /srv/http-content-combined/ --cert-file /etc/ssl/${_domain}.crt --key-file /etc/ssl/${_domain}.key --fullchain-file /etc/ssl/${_domain}-fullchain.crt $_debug_arg
     return $?
 }
 
 function reload_nginx
 {
     echo -n "Reloading Nginx..."
-    if systemctl reload nginx; then
+    if systemctl reload nginx > /dev/null 2>&1; then
         echo "Success"
     else
         echo "Failed"
+        return 1
     fi
 
     # Wait for nginx to reload
     sleep 0.5
+    return 0
 }
 
 function clean_up
 {
     debug "Removing Nginx configuration and logs..."
     rm $_vhost_conf_file
-    rm /var/log/nginx/$_domain.*
+    rm /var/log/nginx/$_domain.* > /dev/null 2>&1
     reload_nginx
     err $1
 }
@@ -64,7 +70,7 @@ function verify_vhost
     local verify_path=/srv/http-content-combined/.well-known/
     local verify_file_name=verify.$_domain.html
     local verify_full_path=$verify_path$verify_file_name
-    local http_resp
+    local http_code
 
     if test -n "$_listenip"; then
         target=$_listenip
@@ -72,12 +78,13 @@ function verify_vhost
 
     mkdir -p $verify_path
     touch $verify_full_path
-    http_resp=$(curl -I -H "Host: $_domain" http://$target/.well-known/$verify_file_name 2> /dev/null | grep 'HTTP/1.1 200 OK')
-    rm $verify_full_path
-    if test -z "$http_resp"; then
-        return 1
-    else
+    http_code=$(curl -I -H "Host: $_domain" http://$target/.well-known/$verify_file_name 2> /dev/null | grep 'HTTP/1.1' | cut -d " " -f 2)
+    
+    if [[ $http_code = '200' ]]; then
         return 0
+    else
+        debug "Expected HTTP response code '200' but got '$http_code' instead!"
+        return 1
     fi
 }
 
@@ -94,10 +101,15 @@ else
     exit 1
 fi
 
+# check if we have the binaries we need to run
+if ! cmd_exists curl; then
+    err "Missing dependency: curl. Please run 'dnf install -y curl'"
+fi
+
 # gain priviledges
 become "$@"
 
-OPTS=$(getopt -o h -l domain:,root:,backend:,listenip:,desc:,donotredirect -n 'createVhosts' -- "$@")
+OPTS=$(getopt -o h,d -l domain:,root:,backend:,listenip:,desc:,donotredirect,debug -n 'createVhosts' -- "$@")
 if [ "$?" -gt '0' ]; then
     echo 'Failed to set command line arguments'
     exit 1;
@@ -110,6 +122,7 @@ _donotredirect=false
 _root=""
 _backend=""
 _listenip=""
+_debug=false
 while true; do
 	case "$1" in
 		--domain )
@@ -129,6 +142,9 @@ while true; do
 			shift ;;
         --donotredirect )
             _donotredirect=true
+            shift ;;
+        -d | --debug )
+            _debug=true
             shift ;;
 		-h | --help ) usage; shift ;;
 		-- ) shift; break ;;
@@ -136,6 +152,15 @@ while true; do
 	esac
 done
 
+##
+## Begin processing command line arguments
+###########################################
+
+# Enable debugging
+if [[ $_debug = true ]]; then
+    DEBUG=1
+fi
+
 if [[ $_domain = false ]]; then
 	err "You must set domain"
 fi
@@ -156,41 +181,43 @@ _locationblock_http=""
 _locationblock_https=""
 if test -n "$_backend"; then
     echo "Verifying backend(s)..."
-    _https_backend=$(echo $_backend | sed 's/http/https/')
-	if  validate_host $_https_backend:443; then
-
-#<<<<<<HEREDOC
-_locationblock_https=$(cat  <<- EOF
-        proxy_pass $_https_backend:443;
-        include proxy_params;
-EOF
-)
-#<<<<<<HEREDOC
-
-    else
+	if ! validate_host $_backend; then
         _check_host=failed
     fi
 
     # Include backend for HTTP traffic if donotredirect is enabled
     #
     if [ "$_donotredirect" = "true" ]; then
-        _http_backend=$(echo $_backend | sed 's/https/http/')
-        if validate_host $_http_backend:80; then
-
-#<<<<<<HEREDOC
+##Begin HEREDOC
 _locationblock_http=$(cat  <<- EOF
-        proxy_pass $_http_backend:80;
+        proxy_pass $_backend;
         include proxy_params;
 EOF
 )
-#<<<<<<HEREDOC
-
-        else
-            _check_host=failed
-        fi
+##End HEREDOC
     fi
 
-    if [ "$_check_host" = "failed" ]; then
+    if [ "$_check_host" = "success" ]; then
+        # Include backend for HTTP traffic if donotredirect is enabled
+        #
+        if [ "$_donotredirect" = "true" ]; then
+##Begin HEREDOC
+_locationblock_http=$(cat  <<- EOF
+        proxy_pass $_backend;
+        include proxy_params;
+EOF
+)
+##End HEREDOC
+        fi
+
+##Begin HEREDOC
+_locationblock_https=$(cat  <<- EOF
+        proxy_pass $_backend;
+        include proxy_params;
+EOF
+)
+##End HEREDOC
+    else
         err "Invalid hostname: $_backend. Not resolvable!"
     fi
 fi
@@ -208,14 +235,6 @@ if test -z "$_root" -a -z "$_backend"; then
     err "You must specify either --root or --backend!"
 fi
 
-echo -n "Checking if /srv/http-content-combined/ exists?"
-if ! test -d /srv/http-content-combined; then
-	echo " Creating..."
-	mkdir -p /srv/http-content-combined/
-else
-	echo " Yes!"
-fi
-
 echo -n "Checking if we should redirect?"
 if [ "$_donotredirect" = "false" ]; then
     echo " Yes, enabling redirect!"
@@ -224,6 +243,22 @@ else
     echo " No!"
 fi
 
+##
+## End processing command line arguments
+###########################################
+
+##
+## Begin issuing certificate
+###########################################
+
+echo -n "Checking if /srv/http-content-combined/ exists?"
+if ! test -d /srv/http-content-combined; then
+    echo " Creating..."
+    mkdir -p /srv/http-content-combined/
+else
+    echo " Yes!"
+fi
+
 _vhost_conf_file=/etc/nginx/conf.d/${_domain}.conf
 
 echo -n "Checking if $_vhost_conf_file exists? "
@@ -261,7 +296,9 @@ EOF
 echo "Setting permissions on conf file..."
 setfacl -m user:sysadmin:rw $_vhost_conf_file
 
-reload_nginx
+if  ! reload_nginx; then
+    clean_up "Failed to reload Nginx"
+fi
 
 echo "Verifying vhost..."
 if ! verify_vhost; then
@@ -283,8 +320,8 @@ server {
     error_log /var/log/nginx/${_domain}.error.log;
     access_log /var/log/nginx/${_domain}.access.log main;
 
-    ssl_certificate ssl/${_domain}-fullchain.crt;
-    ssl_certificate_key ssl/${_domain}.key;
+    ssl_certificate /etc/ssl/${_domain}-fullchain.crt;
+    ssl_certificate_key /etc/ssl/${_domain}.key;
 
     location / {
 ${_locationblock_https}