#!/bin/bash
#
# Create Vhosts on VPS3
#

#set -e

function usage
{
	echo "Usage: ${0}"
	echo "    --domain domain.tld"
	echo "        Domain to use when creating vhost"
    echo "    --root /var/www/html"
	echo "        Root directory of this vhost"
	echo "    --backend http://127.0.0.1"
	echo "        Hostname of the backend server to pass traffic to"
    echo "        Note: Do not specify a port"
	echo "    --listenip x.x.x.x"
	echo "        IP to bind to when listening"
	echo "    --desc x.x.x.x"
	echo "        Description of VHosts"
	echo "    -h | --help"
	echo "        Show this usage"

	exit 0
}

function get_cert
{
	/root/.acme.sh/acme.sh --issue --domain $_domain --webroot /srv/http-content-combined/ --cert-file /etc/nginx/ssl/${_domain}.crt --key-file /etc/nginx/ssl/${_domain}.key --fullchain-file /etc/nginx/ssl/${_domain}-fullchain.crt
}

function reload_nginx
{
    systemctl reload nginx
}

_cwd="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
_bootstrap=${_cwd}/bootstrap.sh
_bb_myname=$(basename "$0")
_bb_mypath=$(realpath $BASH_SOURCE)

# Init script
if test -f $_bootstrap; then
    source $_bootstrap 2> /dev/null
else
    echo "Unable to parse BOOTSTRAP: $_bootstrap"
    exit 1
fi

# gain priviledges
become "$@"

OPTS=$(getopt -o h -l domain:,root:,backend:,listenip:,desc:,donotredirect -n 'createVhosts' -- "$@")
if [ "$?" -gt '0' ]; then
    echo 'Failed to set command line arguments'
    exit 1;
fi

eval set -- "$OPTS"

_domain=false
_donotredirect=false
_root=""
_backend=""
_listenip=""
while true; do
	case "$1" in
		--domain )
			_domain=$2
			shift ;;
        --root )
        	_root=$2
        	shift ;;
		--backend )
			_backend=$2
			shift ;;
		--listenip )
			_listenip=$2
			shift ;;
		--desc )
			_desc=$2
			shift ;;
        --donotredirect )
            _donotredirect=true
            shift ;;
		-h | --help ) usage; shift ;;
		-- ) shift; break ;;
		* ) shift;;
	esac
done

if [[ $_domain = false ]]; then
	err "You must set domain"
fi

if test -n "$_root"; then
    echo -n "Checking if $_root exists?"
    if ! test -d $_root; then
        echo " Creating..."
        mkdir -p $_root
    else
        echo " Yes!"
    fi
    _rootpath="root $_root;"
fi

_check_host=success
_locationblock_http=""
_locationblock_https=""
if test -n "$_backend"; then
    echo "Verifying backend(s)..."
    _https_backend=$(echo $_backend | sed 's/http/https/')
	if  validate_host $_https_backend:443; then

#<<<<<<HEREDOC
_locationblock_https=$(cat  <<- EOF
        proxy_pass $_https_backend:443;
        include proxy_params;
EOF
)
#<<<<<<HEREDOC

    else
        _check_host=failed
    fi

    # Include backend for HTTP traffic if donotredirect is enabled
    #
    if [ "$_donotredirect" = "true" ]; then
        _http_backend=$(echo $_backend | sed 's/https/http/')
        if validate_host $_http_backend:80; then

#<<<<<<HEREDOC
_locationblock_http=$(cat  <<- EOF
        proxy_pass $_http_backend:80;
        include proxy_params;
EOF
)
#<<<<<<HEREDOC

        else
            _check_host=failed
        fi
    fi

    if [ "$_check_host" = "failed" ]; then
        err "Invalid hostname: $_backend. Not resolvable!"
    fi
fi

if test -n "$_listenip"; then
    if ! validate_ip $_listenip; then
        err "Invalid IP: $_listenip"
    fi
    _listenip="$_listenip:"
else
    warn "Listen ip not specified, listening on all interfaces."
fi

if test -z "$_root" -a -z "$_backend"; then
    err "You must specify either --root or --backend!"
fi

echo -n "Checking if /srv/http-content-combined/ exists?"
if ! test -d /srv/http-content-combined; then
	echo " Creating..."
	mkdir -p /srv/http-content-combined/
else
	echo " Yes!"
fi

echo -n "Checking if we should redirect?"
if [ "$_donotredirect" = "false" ]; then
    echo " Yes, enabling redirect!"
    _locationblock_http="       return 302 https://${_domain}\$request_uri;"
else
    echo " No!"
fi

_vhost_conf_file=/etc/nginx/conf.d/${_domain}.conf

echo -n "Checking if $_vhost_conf_file exists? "
if test -f $_vhost_conf_file; then
    echo "Removing!"
    rm $_vhost_conf_file
else
    echo "No!"
fi

echo "Creating Nginx configuration..."
cat << EOF > $_vhost_conf_file
#### Description
## Type: HTTP
## VHost: $_domain
## $_desc
server {
    listen ${_listenip}80;
    server_name $_domain;

    location /.well-known {
        root /srv/http-content-combined/;
        autoindex on;
    }

    location / {
$_locationblock_http
    }
}
EOF

echo "Setting permissions on conf file..."
setfacl -m user:sysadmin:rw $_vhost_conf_file

echo "Reloading Nginx..."
reload_nginx

echo "Retrieving Let's Encrypt Certificate..."
get_cert

cat << EOF >> $_vhost_conf_file

server {
    listen ${_listenip}443 http2 ssl;
    server_name $_domain;
    $_rootpath

    error_log /var/log/nginx/${_domain}.error.log;
    access_log /var/log/nginx/${_domain}.access.log main;

    ssl_certificate ssl/${_domain}-fullchain.crt;
    ssl_certificate_key ssl/${_domain}.key;

    location / {
${_locationblock_https}
    }
}
EOF

echo "Reloading Nginx..."
reload_nginx