lhp/scripts
1
0
Fork 0
Code Issues 3 Pull requests Projects Releases Packages Wiki Activity

Compare commits

base: lhp:94835e5a3c45f9dafa32de31f72eedafe5ea2d76
Branches Tags
lhp:master
..
compare: lhp:dce6be06012b5046ecd23916e81c9baf5e00c9ae
Branches Tags
lhp:master

No commits in common. "94835e5a3c45f9dafa32de31f72eedafe5ea2d76" and "dce6be06012b5046ecd23916e81c9baf5e00c9ae" have entirely different histories.
94835e5a3c ... dce6be0601

2 changed files with 35 additions and 141 deletions
Show stats Expand all files Collapse all files

89
createVhosts.sh
View file

@ -23,12 +23,6 @@ function usage
echo " Do not redirect HTTP to HTTPS"
echo " --servicename"
echo " The Nginx server service name to use to reload"
echo " --standalone"
echo " Instead of webroot, use acme.sh builtin server"
echo " --bindaddress"
echo " Listening address for acme.sh builtin server. Default is 0.0.0.0"
echo " --bindport"
echo " Listening port for acme.sh builtin server. Default is 8999"
echo " -d | --debug"
echo " Enable debug logging"
echo " -h | --help"
@ -44,14 +38,7 @@ function get_cert
if [ "$DEBUG" = "1" ]; then
_debug_arg="--debug"
fi
# set args for what mode acme.sh is going to run in
if [ "$_standalone" = true ]; then
_mode="--standalone --local-address $_bindaddress --httpport $_bindport"
else
_mode="--webroot $web_root"
fi
/root/.acme.sh/acme.sh --issue --domain "$_domain" $_mode --cert-file /etc/ssl/"${_domain}".crt --key-file /etc/ssl/"${_domain}".key --fullchain-file /etc/ssl/"${_domain}"-fullchain.crt --server letsencrypt $_debug_arg
/root/.acme.sh/acme.sh --issue --domain "$_domain" --webroot /srv/http-content-combined/ --cert-file /etc/ssl/"${_domain}".crt --key-file /etc/ssl/"${_domain}".key --fullchain-file /etc/ssl/"${_domain}"-fullchain.crt $_debug_arg
return $?
}
@ -82,7 +69,7 @@ function clean_up
function verify_vhost
{
local target=127.0.0.1
local verify_path=$web_root/.well-known/
local verify_path=/srv/http-content-combined/.well-known/
local verify_file_name=verify.$_domain.html
local verify_full_path=$verify_path$verify_file_name
local http_code
@ -103,12 +90,10 @@ function verify_vhost
fi
}
## define varables
_cwd="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
_bootstrap=${_cwd}/bootstrap.sh
_bb_myname=$(basename "$0")
_bb_mypath=$(realpath $BASH_SOURCE)
web_root=/srv/www/webroot
# Init script
if test -f "$_bootstrap"; then
@ -126,7 +111,7 @@ fi
# gain priviledges
become "$@"
OPTS=$(getopt -o h,d -l domain:,root:,backend:,listenip:,desc:,donotredirect,servicename:,confpath:,standalone,bindaddress:,bindport:,debug -n 'createVhosts' -- "$@")
OPTS=$(getopt -o h,d -l domain:,root:,backend:,listenip:,desc:,donotredirect,servicename:,confpath:,debug -n 'createVhosts' -- "$@")
if [ "$?" -gt '0' ]; then
echo 'Failed to set command line arguments'
exit 1;
@ -141,10 +126,6 @@ _backend=""
_listenip=""
_debug=false
_servicename=nginx
_confpath=/etc/nginx
_standalone=false
_bindaddress=0.0.0.0
_bindport=8999
while true; do
case "$1" in
--domain )
@ -171,15 +152,6 @@ while true; do
--confpath )
_confpath=$2
shift ;;
--standalone )
_standalone=true
shift ;;
--bindaddress )
_bindaddress=$2
shift ;;
--bindport )
_bindport=$2
shift ;;
-d | --debug )
_debug=true
shift ;;
@ -203,30 +175,28 @@ if [[ $_domain = false ]]; then
fi
if test -n "$_root"; then
echo -n "Checking if $_root exists? "
echo -n "Checking if $_root exists?"
if ! test -d "$_root"; then
echo "Creating..."
echo " Creating..."
mkdir -p "$_root"
else
echo "Yes!"
echo " Yes!"
fi
_rootpath="root $_root;"
fi
_check_host=failed
_check_host=success
_locationblock_http=""
_locationblock_https=""
if test -n "$_backend"; then
echo "Verifying backend(s)..."
if validate_host "$_backend"; then
_check_host=success
if ! validate_host "$_backend"; then
_check_host=failed
fi
if [ "$_check_host" = "success" ]; then
# Include backend for HTTP traffic if donotredirect is enabled
#
if [ "$_donotredirect" = "true" ]; then
# Include backend for HTTP traffic if donotredirect is enabled
#
if [ "$_donotredirect" = "true" ]; then
##Begin HEREDOC
_locationblock_http=$(cat <<- EOF
proxy_pass $_backend;
@ -234,7 +204,19 @@ _locationblock_http=$(cat <<- EOF
EOF
)
##End HEREDOC
fi
if [ "$_check_host" = "success" ]; then
# Include backend for HTTP traffic if donotredirect is enabled
#
if [ "$_donotredirect" = "true" ]; then
##Begin HEREDOC
_locationblock_http=$(cat <<- EOF
proxy_pass $_backend;
include proxy_params;
EOF
)
##End HEREDOC
fi
##Begin HEREDOC
@ -243,8 +225,7 @@ _locationblock_https=$(cat <<- EOF
include proxy_params;
EOF
)
##End HEREDOC
##End HEREDOC
else
err "Invalid hostname: $_backend. Not resolvable!"
fi
@ -263,12 +244,12 @@ if test -z "$_root" -a -z "$_backend"; then
err "You must specify either --root or --backend!"
fi
echo -n "Checking if we should redirect? "
echo -n "Checking if we should redirect?"
if [ "$_donotredirect" = "false" ]; then
echo "Yes, enabling redirect!"
echo " Yes, enabling redirect!"
_locationblock_http=" return 302 https://${_domain}\$request_uri;"
else
echo "No!"
echo " No!"
fi
echo -n "Checking if conf path '$_confpath' exists? "
@ -276,7 +257,7 @@ if test -d "$_confpath"; then
echo "Yes!"
else
echo "No!"
clean_up "Conf path doesn't exists!"
clean_up
fi
##
@ -287,12 +268,12 @@ fi
## Begin issuing certificate
###########################################
echo -n "Checking if $web_root exists? "
if ! test -d $web_root; then
echo "Creating..."
mkdir -p $web_root
echo -n "Checking if /srv/http-content-combined/ exists?"
if ! test -d /srv/http-content-combined; then
echo " Creating..."
mkdir -p /srv/http-content-combined/
else
echo "Yes!"
echo " Yes!"
fi
_vhost_conf_file=$_confpath/conf.d/${_domain}.conf
@ -319,7 +300,7 @@ server {
access_log /var/log/nginx/${_domain}.access.log main;
location /.well-known {
root $web_root;
root /srv/http-content-combined/;
autoindex on;
}

87
update_firewall.sh
View file

@ -1,87 +0,0 @@
#!/usr/bin/env bash
# Copyright (C) 2021 by LHProjects <copyright@lhpmail.us>
#
# Permission is granted to use, copy, modify, and/or distribute this work for any purpose with or without fee. This work is offered as-is, with absolutely no warranty whatsoever. The author is not responsible for any damages that result from using this work.
#
#
# Updates FirewallD when my home IP address changes.
#
# Define variables
CACHE_IP_FILE=/var/cache/update_firewall.cache
get_home_ip () {
tmpfile=$(mktemp)
for i in {1..5};
do
host fwgw.lhprojects.net 1.1.1.1 > $tmpfile && s=0 && break || s=1 && sleep 3;
done
if [ $s -eq 0 ]; then
HOME_IP=$(cat $tmpfile | cut -d ' ' -f 4 | xargs)
else
echo "Error: Can't resolve fwgw.lhprojects.net"
rm $tmpfile
exit 1
fi
rm $tmpfile
}
remove_ip () {
# remove old entry
firewall-cmd --permanent --ipset=node_ips --remove-entry=$1 &> /dev/null
# reload firewall
firewall-cmd --reload &> /dev/null
}
add_ip () {
# add new entry
firewall-cmd --permanent --ipset=node_ips --add-entry=$1 &> /dev/null
# reload firewall
firewall-cmd --reload &> /dev/null
}
write_ip_cache () {
echo "$1" > $CACHE_IP_FILE
}
update_firewall () {
# check if cache IP is in the ipset entries
ipset_entries=$(firewall-cmd --ipset=node_ips --get-entries 2> /dev/null)
found=false
for ip in $ipset_entries; do
if [ "$ip" = "$1" ]; then
found=true
fi
done
if [ "$found" = false ]; then
echo "Error: IP '$1' not found in firewall entries."
echo "Info: Updating IP in firewall."
add_ip $HOME_IP
fi
}
# Get home ip
get_home_ip
# Check if we have cache IP
if test -f $CACHE_IP_FILE; then
CACHE_IP=$(cat $CACHE_IP_FILE)
if [ -z "$CACHE_IP" ]; then
update_firewall $HOME_IP
write_ip_cache $HOME_IP
elif [ "$HOME_IP" != "$CACHE_IP" ]; then
remove_ip $CACHE_IP
update_firewall $HOME_IP
write_ip_cache $HOME_IP
fi
else
update_firewall $HOME_IP
write_ip_cache $HOME_IP
fi
exit 0