lhp
/
scripts
1
0
Fork 0
Code Issues 3 Pull Requests Packages Projects Releases Wiki Activity

Merge branch '4-refactor-createvhosts-sh' into 'master' 

Resolve "Refactor createVhosts.sh"

Closes #4

See merge request lhprojects-information-network/scripts!3
This commit is contained in:
Lutchy Horace 2021-11-11 22:29:14 +00:00
parent 45a108ac1a 6f757f2ab7
commit a44a673758
2 changed files with 142 additions and 80 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
bootstrap.sh
View File

@ -127,7 +127,7 @@ function run_cmd {
fi fi
## Check if command exists on system ## Check if command exists on system
if ! command -v $1; then if ! cmd_exists $1; then
err "$1: command not found" err "$1: command not found"
fi fi
@ -154,3 +154,11 @@ function run_cmd {
} }
function cmd_exists
{
if ! command -v $1 > /dev/null 2>&1; then
return 1
fi
return 0
}

192
createVhosts.sh
View File

@ -12,13 +12,19 @@ function usage
echo " Domain to use when creating vhost" echo " Domain to use when creating vhost"
echo " --root /var/www/html" echo " --root /var/www/html"
echo " Root directory of this vhost" echo " Root directory of this vhost"
echo " --backend http://127.0.0.1" echo " --backend http://127.0.0.1:80"
echo " Hostname of the backend server to pass traffic to" echo " URI of the backend server"
echo " Note: Do not specify a port" echo " Note: port must be specified"
echo " --listenip x.x.x.x" echo " --listenip x.x.x.x"
echo " IP to bind to when listening" echo " IP to bind to when listening"
echo " --desc x.x.x.x" echo " --desc x.x.x.x"
echo " Description of VHosts" echo " Description of VHosts"
echo " --denotredirect"
echo " Do not redirect HTTP to HTTPS"
echo " --servicename"
echo " The Nginx server service name to use to reload"
echo " -d | --debug"
echo " Enable debug logging"
echo " -h | --help" echo " -h | --help"
echo " Show this usage" echo " Show this usage"
@ -32,30 +38,32 @@ function get_cert
if [ "$DEBUG" = "1" ]; then if [ "$DEBUG" = "1" ]; then
_debug_arg="--debug" _debug_arg="--debug"
fi fi
/root/.acme.sh/acme.sh --issue --domain $_domain --webroot /srv/http-content-combined/ --cert-file /etc/nginx/ssl/${_domain}.crt --key-file /etc/nginx/ssl/${_domain}.key --fullchain-file /etc/nginx/ssl/${_domain}-fullchain.crt $_debug_arg /root/.acme.sh/acme.sh --issue --domain "$_domain" --webroot /srv/http-content-combined/ --cert-file /etc/ssl/"${_domain}".crt --key-file /etc/ssl/"${_domain}".key --fullchain-file /etc/ssl/"${_domain}"-fullchain.crt $_debug_arg
return $? return $?
} }
function reload_nginx function reload_nginx
{ {
echo -n "Reloading Nginx..." echo -n "Reloading ${_servicename}..."
if systemctl reload nginx; then if systemctl reload "${_servicename}" > /dev/null 2>&1; then
echo "Success" echo "Success"
else else
echo "Failed" echo "Failed"
return 1
fi fi
# Wait for nginx to reload # Wait for nginx to reload
sleep 0.5 sleep 0.5
return 0
} }
function clean_up function clean_up
{ {
debug "Removing Nginx configuration and logs..." debug "Removing Nginx configuration and logs..."
rm $_vhost_conf_file rm "$_vhost_conf_file" 2> /dev/null
rm /var/log/nginx/$_domain.* rm /var/log/nginx/"$_domain".* > /dev/null 2>&1
reload_nginx reload_nginx
err $1 err "$1"
} }
function verify_vhost function verify_vhost
@ -64,7 +72,7 @@ function verify_vhost
local verify_path=/srv/http-content-combined/.well-known/ local verify_path=/srv/http-content-combined/.well-known/
local verify_file_name=verify.$_domain.html local verify_file_name=verify.$_domain.html
local verify_full_path=$verify_path$verify_file_name local verify_full_path=$verify_path$verify_file_name
local http_resp local http_code
if test -n "$_listenip"; then if test -n "$_listenip"; then
target=$_listenip target=$_listenip
@ -72,12 +80,13 @@ function verify_vhost
mkdir -p $verify_path mkdir -p $verify_path
touch $verify_full_path touch $verify_full_path
http_resp=$(curl -I -H "Host: $_domain" http://$target/.well-known/$verify_file_name 2> /dev/null | grep 'HTTP/1.1 200 OK') http_code=$(curl -I -H "Host: $_domain" http://"$target"/.well-known/"$verify_file_name" 2> /dev/null | grep 'HTTP/1.1' | cut -d " " -f 2)
rm $verify_full_path
if test -z "$http_resp"; then if [[ $http_code = '200' ]]; then
return 1
else
return 0 return 0
else
debug "Expected HTTP response code '200' but got '$http_code' instead!"
return 1
fi fi
} }
@ -87,17 +96,22 @@ _bb_myname=$(basename "$0")
_bb_mypath=$(realpath $BASH_SOURCE) _bb_mypath=$(realpath $BASH_SOURCE)
# Init script # Init script
if test -f $_bootstrap; then if test -f "$_bootstrap"; then
source $_bootstrap 2> /dev/null source "$_bootstrap" 2> /dev/null
else else
echo "Unable to parse BOOTSTRAP: $_bootstrap" echo "Unable to parse BOOTSTRAP: $_bootstrap"
exit 1 exit 1
fi fi
# check if we have the binaries we need to run
if ! cmd_exists curl; then
err "Missing dependency: curl. Please run 'dnf install -y curl'"
fi
# gain priviledges # gain priviledges
become "$@" become "$@"
OPTS=$(getopt -o h -l domain:,root:,backend:,listenip:,desc:,donotredirect -n 'createVhosts' -- "$@") OPTS=$(getopt -o h,d -l domain:,root:,backend:,listenip:,desc:,donotredirect,servicename:,confpath:,debug -n 'createVhosts' -- "$@")
if [ "$?" -gt '0' ]; then if [ "$?" -gt '0' ]; then
echo 'Failed to set command line arguments' echo 'Failed to set command line arguments'
exit 1; exit 1;
@ -110,6 +124,8 @@ _donotredirect=false
_root="" _root=""
_backend="" _backend=""
_listenip="" _listenip=""
_debug=false
_servicename=nginx
while true; do while true; do
case "$1" in case "$1" in
--domain ) --domain )
@ -129,6 +145,15 @@ while true; do
shift ;; shift ;;
--donotredirect ) --donotredirect )
_donotredirect=true _donotredirect=true
shift ;;
--servicename )
_servicename=$2
shift ;;
--confpath )
_confpath=$2
shift ;;
-d | --debug )
_debug=true
shift ;; shift ;;
-h | --help ) usage; shift ;; -h | --help ) usage; shift ;;
-- ) shift; break ;; -- ) shift; break ;;
@ -136,17 +161,26 @@ while true; do
esac esac
done done
##
## Begin processing command line arguments
###########################################
# Enable debugging
if [[ $_debug = true ]]; then
DEBUG=1
fi
if [[ $_domain = false ]]; then if [[ $_domain = false ]]; then
err "You must set domain" err "You must set domain"
fi fi
if test -n "$_root"; then if test -n "$_root"; then
echo -n "Checking if $_root exists?" echo -n "Checking if $_root exists? "
if ! test -d $_root; then if ! test -d "$_root"; then
echo " Creating..." echo "Creating..."
mkdir -p $_root mkdir -p "$_root"
else else
echo " Yes!" echo "Yes!"
fi fi
_rootpath="root $_root;" _rootpath="root $_root;"
fi fi
@ -156,86 +190,104 @@ _locationblock_http=""
_locationblock_https="" _locationblock_https=""
if test -n "$_backend"; then if test -n "$_backend"; then
echo "Verifying backend(s)..." echo "Verifying backend(s)..."
_https_backend=$(echo $_backend | sed 's/http/https/') if ! validate_host "$_backend"; then
if validate_host $_https_backend:443; then
#<<<<<<HEREDOC
_locationblock_https=$(cat <<- EOF
proxy_pass $_https_backend:443;
include proxy_params;
EOF
)
#<<<<<<HEREDOC
else
_check_host=failed _check_host=failed
fi fi
# Include backend for HTTP traffic if donotredirect is enabled # Include backend for HTTP traffic if donotredirect is enabled
# #
if [ "$_donotredirect" = "true" ]; then if [ "$_donotredirect" = "true" ]; then
_http_backend=$(echo $_backend | sed 's/https/http/') ##Begin HEREDOC
if validate_host $_http_backend:80; then
#<<<<<<HEREDOC
_locationblock_http=$(cat <<- EOF _locationblock_http=$(cat <<- EOF
proxy_pass $_http_backend:80; proxy_pass $_backend;
include proxy_params; include proxy_params;
EOF EOF
) )
#<<<<<<HEREDOC ##End HEREDOC
fi
if [ "$_check_host" = "success" ]; then
# Include backend for HTTP traffic if donotredirect is enabled
#
if [ "$_donotredirect" = "true" ]; then
##Begin HEREDOC
_locationblock_http=$(cat <<- EOF
proxy_pass $_backend;
include proxy_params;
EOF
)
##End HEREDOC
fi
##Begin HEREDOC
_locationblock_https=$(cat <<- EOF
proxy_pass $_backend;
include proxy_params;
EOF
)
##End HEREDOC
else else
_check_host=failed
fi
fi
if [ "$_check_host" = "failed" ]; then
err "Invalid hostname: $_backend. Not resolvable!" err "Invalid hostname: $_backend. Not resolvable!"
fi fi
fi fi
if test -n "$_listenip"; then if test -n "$_listenip"; then
if ! validate_ip $_listenip; then if ! validate_ip "$_listenip"; then
err "Invalid IP: $_listenip" err "Invalid IP: $_listenip"
fi fi
_listenip="$_listenip:" _listenip="$_listenip:"
else else
warn "Listen ip not specified, listening on all interfaces." warn "No listen ip specified, listening on all interfaces."
fi fi
if test -z "$_root" -a -z "$_backend"; then if test -z "$_root" -a -z "$_backend"; then
err "You must specify either --root or --backend!" err "You must specify either --root or --backend!"
fi fi
echo -n "Checking if /srv/http-content-combined/ exists?" echo -n "Checking if we should redirect? "
if ! test -d /srv/http-content-combined; then
echo " Creating..."
mkdir -p /srv/http-content-combined/
else
echo " Yes!"
fi
echo -n "Checking if we should redirect?"
if [ "$_donotredirect" = "false" ]; then if [ "$_donotredirect" = "false" ]; then
echo " Yes, enabling redirect!" echo "Yes, enabling redirect!"
_locationblock_http=" return 302 https://${_domain}\$request_uri;" _locationblock_http=" return 302 https://${_domain}\$request_uri;"
else else
echo " No!" echo "No!"
fi fi
_vhost_conf_file=/etc/nginx/conf.d/${_domain}.conf echo -n "Checking if conf path '$_confpath' exists? "
if test -d "$_confpath"; then
echo "Yes!"
else
echo "No!"
clean_up
fi
##
## End processing command line arguments
###########################################
##
## Begin issuing certificate
###########################################
echo -n "Checking if /srv/http-content-combined/ exists? "
if ! test -d /srv/http-content-combined; then
echo "Creating..."
mkdir -p /srv/http-content-combined/
else
echo "Yes!"
fi
_vhost_conf_file=$_confpath/conf.d/${_domain}.conf
echo -n "Checking if $_vhost_conf_file exists? " echo -n "Checking if $_vhost_conf_file exists? "
if test -f $_vhost_conf_file; then if test -f "$_vhost_conf_file"; then
echo "Removing!" echo "Removing!"
rm $_vhost_conf_file rm "$_vhost_conf_file"
else else
echo "No!" echo "No!"
fi fi
echo "Creating Nginx configuration..." echo "Creating Nginx configuration..."
cat << EOF > $_vhost_conf_file cat << EOF > "$_vhost_conf_file"
#### Description #### Description
## Type: HTTP ## Type: HTTP
## VHost: $_domain ## VHost: $_domain
@ -259,21 +311,23 @@ $_locationblock_http
EOF EOF
echo "Setting permissions on conf file..." echo "Setting permissions on conf file..."
setfacl -m user:sysadmin:rw $_vhost_conf_file setfacl -m user:sysadmin:rw "$_vhost_conf_file"
reload_nginx if ! reload_nginx; then
clean_up "Failed to reload Nginx"
fi
echo "Verifying vhost..." echo "Verifying vhost..."
if ! verify_vhost; then if ! verify_vhost; then
clean_up "Failed to verify vhost" clean_up "Failed to verify vhost"
fi fi
echo "Retrieving Let's Encrypt Certificate..." echo "Retrieving SSL Certificate..."
if ! get_cert; then if ! get_cert; then
clean_up "Failed to retrieve certificate!" clean_up "Failed to retrieve certificate!"
fi fi
cat << EOF >> $_vhost_conf_file cat << EOF >> "$_vhost_conf_file"
server { server {
listen ${_listenip}443 http2 ssl; listen ${_listenip}443 http2 ssl;
@ -283,8 +337,8 @@ server {
error_log /var/log/nginx/${_domain}.error.log; error_log /var/log/nginx/${_domain}.error.log;
access_log /var/log/nginx/${_domain}.access.log main; access_log /var/log/nginx/${_domain}.access.log main;
ssl_certificate ssl/${_domain}-fullchain.crt; ssl_certificate /etc/ssl/${_domain}-fullchain.crt;
ssl_certificate_key ssl/${_domain}.key; ssl_certificate_key /etc/ssl/${_domain}.key;
location / { location / {
${_locationblock_https} ${_locationblock_https}