From f25ed84a6015dc4eef866db834f00bc1330bc03b Mon Sep 17 00:00:00 2001 From: Lutchy Horace Date: Mon, 8 Nov 2021 16:54:54 -0500 Subject: [PATCH 1/6] Reworded message to be agnostic --- createVhosts.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/createVhosts.sh b/createVhosts.sh index 42685cc..e72c2ff 100755 --- a/createVhosts.sh +++ b/createVhosts.sh @@ -268,7 +268,7 @@ if ! verify_vhost; then clean_up "Failed to verify vhost" fi -echo "Retrieving Let's Encrypt Certificate..." +echo "Retrieving SSL Certificate..." if ! get_cert; then clean_up "Failed to retrieve certificate!" fi From 97199fc9f5d34e4909b146abb63a6a8b4c4f726c Mon Sep 17 00:00:00 2001 From: Lutchy Horace Date: Tue, 9 Nov 2021 01:52:55 -0500 Subject: [PATCH 2/6] * Now I can supply whatever backend I want * Changed retrieve SSL certificate message * Place all certs in /etc/ssl * Added a new function cmd_exists to bootstrap.sh * Properly check for response code * Added Debug command line arguement * Refactor code --- bootstrap.sh | 10 +++- createVhosts.sh | 131 +++++++++++++++++++++++++++++++----------------- 2 files changed, 93 insertions(+), 48 deletions(-) diff --git a/bootstrap.sh b/bootstrap.sh index 62cf12a..7f5b2c6 100644 --- a/bootstrap.sh +++ b/bootstrap.sh @@ -127,7 +127,7 @@ function run_cmd { fi ## Check if command exists on system - if ! command -v $1; then + if ! cmd_exists $1; then err "$1: command not found" fi @@ -154,3 +154,11 @@ function run_cmd { } + +function cmd_exists +{ + if ! command -v $1 > /dev/null 2>&1; then + return 1 + fi + return 0 +} \ No newline at end of file diff --git a/createVhosts.sh b/createVhosts.sh index e72c2ff..46a5175 100755 --- a/createVhosts.sh +++ b/createVhosts.sh @@ -12,13 +12,17 @@ function usage echo " Domain to use when creating vhost" echo " --root /var/www/html" echo " Root directory of this vhost" - echo " --backend http://127.0.0.1" - echo " Hostname of the backend server to pass traffic to" - echo " Note: Do not specify a port" + echo " --backend http://127.0.0.1:80" + echo " URI of the backend server" + echo " Note: port must be specified" echo " --listenip x.x.x.x" echo " IP to bind to when listening" echo " --desc x.x.x.x" echo " Description of VHosts" + echo " --denotredirect" + echo " Do not redirect HTTP to HTTPS" + echo " -d | --debug" + echo " Enable debug logging" echo " -h | --help" echo " Show this usage" @@ -32,28 +36,30 @@ function get_cert if [ "$DEBUG" = "1" ]; then _debug_arg="--debug" fi - /root/.acme.sh/acme.sh --issue --domain $_domain --webroot /srv/http-content-combined/ --cert-file /etc/nginx/ssl/${_domain}.crt --key-file /etc/nginx/ssl/${_domain}.key --fullchain-file /etc/nginx/ssl/${_domain}-fullchain.crt $_debug_arg + /root/.acme.sh/acme.sh --issue --domain $_domain --webroot /srv/http-content-combined/ --cert-file /etc/ssl/${_domain}.crt --key-file /etc/ssl/${_domain}.key --fullchain-file /etc/ssl/${_domain}-fullchain.crt $_debug_arg return $? } function reload_nginx { echo -n "Reloading Nginx..." - if systemctl reload nginx; then + if systemctl reload nginx > /dev/null 2>&1; then echo "Success" else echo "Failed" + return 1 fi # Wait for nginx to reload sleep 0.5 + return 0 } function clean_up { debug "Removing Nginx configuration and logs..." rm $_vhost_conf_file - rm /var/log/nginx/$_domain.* + rm /var/log/nginx/$_domain.* > /dev/null 2>&1 reload_nginx err $1 } @@ -64,7 +70,7 @@ function verify_vhost local verify_path=/srv/http-content-combined/.well-known/ local verify_file_name=verify.$_domain.html local verify_full_path=$verify_path$verify_file_name - local http_resp + local http_code if test -n "$_listenip"; then target=$_listenip @@ -72,12 +78,13 @@ function verify_vhost mkdir -p $verify_path touch $verify_full_path - http_resp=$(curl -I -H "Host: $_domain" http://$target/.well-known/$verify_file_name 2> /dev/null | grep 'HTTP/1.1 200 OK') - rm $verify_full_path - if test -z "$http_resp"; then - return 1 - else + http_code=$(curl -I -H "Host: $_domain" http://$target/.well-known/$verify_file_name 2> /dev/null | grep 'HTTP/1.1' | cut -d " " -f 2) + + if [[ $http_code = '200' ]]; then return 0 + else + debug "Expected HTTP response code '200' but got '$http_code' instead!" + return 1 fi } @@ -94,10 +101,15 @@ else exit 1 fi +# check if we have the binaries we need to run +if ! cmd_exists curl; then + err "Missing dependency: curl. Please run 'dnf install -y curl'" +fi + # gain priviledges become "$@" -OPTS=$(getopt -o h -l domain:,root:,backend:,listenip:,desc:,donotredirect -n 'createVhosts' -- "$@") +OPTS=$(getopt -o h,d -l domain:,root:,backend:,listenip:,desc:,donotredirect,debug -n 'createVhosts' -- "$@") if [ "$?" -gt '0' ]; then echo 'Failed to set command line arguments' exit 1; @@ -110,6 +122,7 @@ _donotredirect=false _root="" _backend="" _listenip="" +_debug=false while true; do case "$1" in --domain ) @@ -129,6 +142,9 @@ while true; do shift ;; --donotredirect ) _donotredirect=true + shift ;; + -d | --debug ) + _debug=true shift ;; -h | --help ) usage; shift ;; -- ) shift; break ;; @@ -136,6 +152,15 @@ while true; do esac done +## +## Begin processing command line arguments +########################################### + +# Enable debugging +if [[ $_debug = true ]]; then + DEBUG=1 +fi + if [[ $_domain = false ]]; then err "You must set domain" fi @@ -156,41 +181,43 @@ _locationblock_http="" _locationblock_https="" if test -n "$_backend"; then echo "Verifying backend(s)..." - _https_backend=$(echo $_backend | sed 's/http/https/') - if validate_host $_https_backend:443; then - -#<<<<< Date: Tue, 9 Nov 2021 08:20:22 -0500 Subject: [PATCH 3/6] * Hopefully fixed spacing * Added --servicename argument --- createVhosts.sh | 36 +++++++++++++++++++++--------------- 1 file changed, 21 insertions(+), 15 deletions(-) diff --git a/createVhosts.sh b/createVhosts.sh index 46a5175..53e462d 100755 --- a/createVhosts.sh +++ b/createVhosts.sh @@ -7,24 +7,26 @@ function usage { - echo "Usage: ${0}" - echo " --domain domain.tld" - echo " Domain to use when creating vhost" + echo "Usage: ${0}" + echo " --domain domain.tld" + echo " Domain to use when creating vhost" echo " --root /var/www/html" - echo " Root directory of this vhost" - echo " --backend http://127.0.0.1:80" - echo " URI of the backend server" + echo " Root directory of this vhost" + echo " --backend http://127.0.0.1:80" + echo " URI of the backend server" echo " Note: port must be specified" - echo " --listenip x.x.x.x" - echo " IP to bind to when listening" - echo " --desc x.x.x.x" - echo " Description of VHosts" + echo " --listenip x.x.x.x" + echo " IP to bind to when listening" + echo " --desc x.x.x.x" + echo " Description of VHosts" echo " --denotredirect" echo " Do not redirect HTTP to HTTPS" + echo " --servicename" + echo " The Nginx server service name to use to reload" echo " -d | --debug" echo " Enable debug logging" - echo " -h | --help" - echo " Show this usage" + echo " -h | --help" + echo " Show this usage" exit 0 } @@ -42,8 +44,8 @@ function get_cert function reload_nginx { - echo -n "Reloading Nginx..." - if systemctl reload nginx > /dev/null 2>&1; then + echo -n "Reloading ${_servicename}..." + if systemctl reload ${_servicename} > /dev/null 2>&1; then echo "Success" else echo "Failed" @@ -109,7 +111,7 @@ fi # gain priviledges become "$@" -OPTS=$(getopt -o h,d -l domain:,root:,backend:,listenip:,desc:,donotredirect,debug -n 'createVhosts' -- "$@") +OPTS=$(getopt -o h,d -l domain:,root:,backend:,listenip:,desc:,donotredirect,servicename:,debug -n 'createVhosts' -- "$@") if [ "$?" -gt '0' ]; then echo 'Failed to set command line arguments' exit 1; @@ -123,6 +125,7 @@ _root="" _backend="" _listenip="" _debug=false +_servicename=nginx while true; do case "$1" in --domain ) @@ -143,6 +146,9 @@ while true; do --donotredirect ) _donotredirect=true shift ;; + --servicename ) + _servicename=$2 + shift ;; -d | --debug ) _debug=true shift ;; From 45b8e87546b70205c087a4d30b1cecaa33682ec5 Mon Sep 17 00:00:00 2001 From: Lutchy Horace Date: Tue, 9 Nov 2021 09:08:20 -0500 Subject: [PATCH 4/6] * Fix spacing so more * Added confpath --- createVhosts.sh | 50 ++++++++++++++++++++++++++++++------------------- 1 file changed, 31 insertions(+), 19 deletions(-) diff --git a/createVhosts.sh b/createVhosts.sh index 53e462d..88fdfc4 100755 --- a/createVhosts.sh +++ b/createVhosts.sh @@ -38,14 +38,14 @@ function get_cert if [ "$DEBUG" = "1" ]; then _debug_arg="--debug" fi - /root/.acme.sh/acme.sh --issue --domain $_domain --webroot /srv/http-content-combined/ --cert-file /etc/ssl/${_domain}.crt --key-file /etc/ssl/${_domain}.key --fullchain-file /etc/ssl/${_domain}-fullchain.crt $_debug_arg + /root/.acme.sh/acme.sh --issue --domain "$_domain" --webroot /srv/http-content-combined/ --cert-file /etc/ssl/"${_domain}".crt --key-file /etc/ssl/"${_domain}".key --fullchain-file /etc/ssl/"${_domain}"-fullchain.crt $_debug_arg return $? } function reload_nginx { echo -n "Reloading ${_servicename}..." - if systemctl reload ${_servicename} > /dev/null 2>&1; then + if systemctl reload "${_servicename}" > /dev/null 2>&1; then echo "Success" else echo "Failed" @@ -60,10 +60,10 @@ function reload_nginx function clean_up { debug "Removing Nginx configuration and logs..." - rm $_vhost_conf_file - rm /var/log/nginx/$_domain.* > /dev/null 2>&1 + rm "$_vhost_conf_file" + rm /var/log/nginx/"$_domain".* > /dev/null 2>&1 reload_nginx - err $1 + err "$1" } function verify_vhost @@ -80,7 +80,7 @@ function verify_vhost mkdir -p $verify_path touch $verify_full_path - http_code=$(curl -I -H "Host: $_domain" http://$target/.well-known/$verify_file_name 2> /dev/null | grep 'HTTP/1.1' | cut -d " " -f 2) + http_code=$(curl -I -H "Host: $_domain" http://"$target"/.well-known/"$verify_file_name" 2> /dev/null | grep 'HTTP/1.1' | cut -d " " -f 2) if [[ $http_code = '200' ]]; then return 0 @@ -96,8 +96,8 @@ _bb_myname=$(basename "$0") _bb_mypath=$(realpath $BASH_SOURCE) # Init script -if test -f $_bootstrap; then - source $_bootstrap 2> /dev/null +if test -f "$_bootstrap"; then + source "$_bootstrap" 2> /dev/null else echo "Unable to parse BOOTSTRAP: $_bootstrap" exit 1 @@ -111,7 +111,7 @@ fi # gain priviledges become "$@" -OPTS=$(getopt -o h,d -l domain:,root:,backend:,listenip:,desc:,donotredirect,servicename:,debug -n 'createVhosts' -- "$@") +OPTS=$(getopt -o h,d -l domain:,root:,backend:,listenip:,desc:,donotredirect,servicename:,confpath:,debug -n 'createVhosts' -- "$@") if [ "$?" -gt '0' ]; then echo 'Failed to set command line arguments' exit 1; @@ -149,6 +149,9 @@ while true; do --servicename ) _servicename=$2 shift ;; + --confpath ) + _confpath=$2 + shift ;; -d | --debug ) _debug=true shift ;; @@ -173,9 +176,9 @@ fi if test -n "$_root"; then echo -n "Checking if $_root exists?" - if ! test -d $_root; then + if ! test -d "$_root"; then echo " Creating..." - mkdir -p $_root + mkdir -p "$_root" else echo " Yes!" fi @@ -187,7 +190,7 @@ _locationblock_http="" _locationblock_https="" if test -n "$_backend"; then echo "Verifying backend(s)..." - if ! validate_host $_backend; then + if ! validate_host "$_backend"; then _check_host=failed fi @@ -229,7 +232,7 @@ EOF fi if test -n "$_listenip"; then - if ! validate_ip $_listenip; then + if ! validate_ip "$_listenip"; then err "Invalid IP: $_listenip" fi _listenip="$_listenip:" @@ -249,6 +252,15 @@ else echo " No!" fi +echo -n "Checking if conf path '$_confpath' exists? " +if test -d "$_confpath"; then + echo "Yes!" + clean_up +else + echo "No!" + clean_up +fi + ## ## End processing command line arguments ########################################### @@ -265,18 +277,18 @@ else echo " Yes!" fi -_vhost_conf_file=/etc/nginx/conf.d/${_domain}.conf +_vhost_conf_file=$_confpath/conf.d/${_domain}.conf echo -n "Checking if $_vhost_conf_file exists? " -if test -f $_vhost_conf_file; then +if test -f "$_vhost_conf_file"; then echo "Removing!" - rm $_vhost_conf_file + rm "$_vhost_conf_file" else echo "No!" fi echo "Creating Nginx configuration..." -cat << EOF > $_vhost_conf_file +cat << EOF > "$_vhost_conf_file" #### Description ## Type: HTTP ## VHost: $_domain @@ -300,7 +312,7 @@ $_locationblock_http EOF echo "Setting permissions on conf file..." -setfacl -m user:sysadmin:rw $_vhost_conf_file +setfacl -m user:sysadmin:rw "$_vhost_conf_file" if ! reload_nginx; then clean_up "Failed to reload Nginx" @@ -316,7 +328,7 @@ if ! get_cert; then clean_up "Failed to retrieve certificate!" fi -cat << EOF >> $_vhost_conf_file +cat << EOF >> "$_vhost_conf_file" server { listen ${_listenip}443 http2 ssl; From dce6be06012b5046ecd23916e81c9baf5e00c9ae Mon Sep 17 00:00:00 2001 From: Lutchy Horace Date: Wed, 10 Nov 2021 12:55:41 -0500 Subject: [PATCH 5/6] * Fixup wording * Removed clean_up from the if block --- createVhosts.sh | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/createVhosts.sh b/createVhosts.sh index 88fdfc4..7f54588 100755 --- a/createVhosts.sh +++ b/createVhosts.sh @@ -60,7 +60,7 @@ function reload_nginx function clean_up { debug "Removing Nginx configuration and logs..." - rm "$_vhost_conf_file" + rm "$_vhost_conf_file" 2> /dev/null rm /var/log/nginx/"$_domain".* > /dev/null 2>&1 reload_nginx err "$1" @@ -237,7 +237,7 @@ if test -n "$_listenip"; then fi _listenip="$_listenip:" else - warn "Listen ip not specified, listening on all interfaces." + warn "No listen ip specified, listening on all interfaces." fi if test -z "$_root" -a -z "$_backend"; then @@ -255,7 +255,6 @@ fi echo -n "Checking if conf path '$_confpath' exists? " if test -d "$_confpath"; then echo "Yes!" - clean_up else echo "No!" clean_up From 6f757f2ab793d1cea8c4e0278d94cd0d6eda05c8 Mon Sep 17 00:00:00 2001 From: Lutchy Horace Date: Thu, 11 Nov 2021 17:13:39 -0500 Subject: [PATCH 6/6] Let's keep spaces consistent --- createVhosts.sh | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/createVhosts.sh b/createVhosts.sh index 7f54588..74735cc 100755 --- a/createVhosts.sh +++ b/createVhosts.sh @@ -175,12 +175,12 @@ if [[ $_domain = false ]]; then fi if test -n "$_root"; then - echo -n "Checking if $_root exists?" + echo -n "Checking if $_root exists? " if ! test -d "$_root"; then - echo " Creating..." + echo "Creating..." mkdir -p "$_root" else - echo " Yes!" + echo "Yes!" fi _rootpath="root $_root;" fi @@ -244,12 +244,12 @@ if test -z "$_root" -a -z "$_backend"; then err "You must specify either --root or --backend!" fi -echo -n "Checking if we should redirect?" +echo -n "Checking if we should redirect? " if [ "$_donotredirect" = "false" ]; then - echo " Yes, enabling redirect!" + echo "Yes, enabling redirect!" _locationblock_http=" return 302 https://${_domain}\$request_uri;" else - echo " No!" + echo "No!" fi echo -n "Checking if conf path '$_confpath' exists? " @@ -268,12 +268,12 @@ fi ## Begin issuing certificate ########################################### -echo -n "Checking if /srv/http-content-combined/ exists?" +echo -n "Checking if /srv/http-content-combined/ exists? " if ! test -d /srv/http-content-combined; then - echo " Creating..." + echo "Creating..." mkdir -p /srv/http-content-combined/ else - echo " Yes!" + echo "Yes!" fi _vhost_conf_file=$_confpath/conf.d/${_domain}.conf