2024-07-10 14:03:57 +02:00
#!/bin/bash
2024-07-10 20:46:54 +02:00
# Nginx Proxy Manager CLI Script
# Erreur32 - July 2024
2024-07-10 14:03:57 +02:00
#
2024-07-11 11:50:09 +02:00
# This script allows you to manage Nginx Proxy Manager via the API. It provides
2024-07-12 13:07:09 +02:00
# functionalities such as creating proxy hosts, managing users, listing hosts,
# backing up configurations, and more.
2024-07-10 14:03:57 +02:00
#
# Usage:
# ./nginx_proxy_manager_cli.sh [OPTIONS]
#
# Examples:
2024-07-12 21:46:20 +02:00
# Backup First !
2024-07-12 21:43:35 +02:00
# ./nginx_proxy_manager_cli.sh --backup
#
# ./nginx_proxy_manager_cli.sh -d example.com -i 192.168.1.10 -p 8080 (check default values below)
# ./nginx_proxy_manager_cli.sh --show-default
2024-07-12 13:07:09 +02:00
# ./nginx_proxy_manager_cli.sh --create-user newuser password123 user@example.com
# ./nginx_proxy_manager_cli.sh --delete-user 'username'
2024-07-10 14:03:57 +02:00
# ./nginx_proxy_manager_cli.sh --list-hosts
2024-07-13 11:46:53 +02:00
#
2024-07-13 12:31:45 +02:00
# ./nginx_proxy_manager_cli.sh --generate-cert example.com user@example.com --custom
# ./nginx_proxy_manager_cli.sh --ssl-host-enable 1
2024-07-10 14:03:57 +02:00
#
2024-07-12 13:07:09 +02:00
# Advanced proxy tab example:
2024-07-12 13:25:40 +02:00
# ./nginx_proxy_manager_cli.sh -d example.com -i 192.168.1.10 -p 8080 -a 'proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;'
2024-07-12 13:07:09 +02:00
#
# Options:
2024-07-13 11:46:53 +02:00
# -d DOMAIN_NAMES Domain name (required for creating/updating hosts)
# -i FORWARD_HOST IP address or domain name of the target server (required for creating/updating hosts)
# -p FORWARD_PORT Port of the target server (required for creating/updating hosts)
# -f FORWARD_SCHEME Scheme for forwarding (http/https, default: http)
# -c CACHING_ENABLED Enable caching (true/false, default: false)
# -b BLOCK_EXPLOITS Block exploits (true/false, default: true)
# -w ALLOW_WEBSOCKET_UPGRADE Allow WebSocket upgrade (true/false, default: true)
# -a ADVANCED_CONFIG Advanced configuration (block of configuration settings)
# --backup Backup all configurations to a file
# --check-token Check if the current token is valid
# --create-user user pass email Create a user with a username, password and email
# --delete-user username Delete a user by username
# --delete-host id Delete a proxy host by ID
# --show-host id Show full details for a specific host by ID
# --show-default Show default settings for creating hosts
# --list-hosts List the names of all proxy hosts
# --list-hosts-full List all proxy hosts with full details
# --list-ssl-certificates List all SSL certificates
# --list-users List all users
# --search-host hostname Search for a proxy host by domain name
# --enable-host id Enable a proxy host by ID
# --disable-host id Disable a proxy host by ID
2024-07-13 12:31:45 +02:00
# --ssl-host-enable id Enable SSL, HTTP/2, and HSTS for a proxy host ( don't need to generate a custom cert. )
2024-07-13 11:46:53 +02:00
# --ssl-host-disable id Disable SSL, HTTP/2, and HSTS for a proxy host
2024-07-13 12:31:45 +02:00
# --generate-cert domain email [--custom] Generate a Let's Encrypt or Custom certificate for the given domain and email ( not finish )
2024-07-13 11:46:53 +02:00
# --help Display this help
2024-07-10 14:03:57 +02:00
2024-07-12 13:29:18 +02:00
################################
# Variables to Edit (required) #
################################
2024-07-10 20:46:54 +02:00
NGINX_IP = "127.0.0.1"
# Existing nginx user
API_USER = "user@nginx"
API_PASS = "pass nginx"
2024-07-10 14:03:57 +02:00
2024-07-13 11:46:53 +02:00
2024-07-12 13:29:18 +02:00
#################################
2024-07-12 21:43:35 +02:00
# Variables to Edit (optional) #
2024-07-12 13:29:18 +02:00
#################################
2024-07-12 21:43:35 +02:00
# Will create backup directory automatically
2024-07-12 13:07:09 +02:00
BACKUP_DIR = "./backups"
DATE = $( date +"%Y%m%d%H%M%S" )
2024-07-10 20:46:54 +02:00
# API Endpoints
2024-07-10 14:03:57 +02:00
BASE_URL = " http:// $NGINX_IP :81/api "
API_ENDPOINT = "/tokens"
2024-07-11 14:55:14 +02:00
EXPIRY_FILE = " expiry_ ${ NGINX_IP } .txt "
TOKEN_FILE = " token_ ${ NGINX_IP } .txt "
2024-07-10 20:46:54 +02:00
TOKEN_EXPIRY = "1y"
2024-07-10 14:03:57 +02:00
2024-07-10 20:46:54 +02:00
# Default variables
CACHING_ENABLED = false
BLOCK_EXPLOITS = true
2024-07-12 21:43:35 +02:00
ALLOW_WEBSOCKET_UPGRADE = 1
HTTP2_SUPPORT = 0
2024-07-10 20:46:54 +02:00
ADVANCED_CONFIG = ""
LETS_ENCRYPT_AGREE = false
LETS_ENCRYPT_EMAIL = ""
FORWARD_SCHEME = "http"
2024-07-12 21:43:35 +02:00
FORCE_CERT_CREATION = false
SSL_FORCED = 0
HSTS_ENABLED = 0
HSTS_SUBDOMAINS = 0
2024-07-10 14:03:57 +02:00
2024-07-10 20:46:54 +02:00
# Control variables
CREATE_USER = false
DELETE_USER = false
DELETE_HOST = false
LIST_HOSTS = false
LIST_HOSTS_FULL = false
LIST_SSL_CERTIFICATES = false
LIST_USERS = false
SEARCH_HOST = false
2024-07-11 11:50:09 +02:00
ENABLE_HOST = false
DISABLE_HOST = false
2024-07-12 13:07:09 +02:00
CHECK_TOKEN = false
BACKUP = false
2024-07-12 21:43:35 +02:00
GENERATE_CERT = false
ENABLE_SSL = false
DISABLE_SSL = false
SHOW_HOST = false
SHOW_DEFAULT = false
2024-07-13 11:46:53 +02:00
CUSTOM_CERT = false
2024-07-12 21:43:35 +02:00
# Colors
COLOR_GREEN = "\033[32m"
COLOR_RED = "\033[41;1m"
COLOR_ORANGE = "\033[38;5;202m"
COLOR_YELLOW = "\033[93m"
COLOR_RESET = "\033[0m"
WHITE_ON_GREEN = "\033[30;48;5;83m"
#WHITE_ON_GREEN="\033[97m\033[42m"
2024-07-10 14:03:57 +02:00
2024-07-10 20:46:54 +02:00
# Check if necessary dependencies are installed
check_dependencies( ) {
local dependencies = ( "curl" "jq" )
for dep in " ${ dependencies [@] } " ; do
2024-07-12 21:43:35 +02:00
if ! command -v " $dep " & > /dev/null; then
2024-07-10 20:46:54 +02:00
echo -e " ${ COLOR_RED } Dependency $dep is not installed. Please install it before running this script. ${ COLOR_RESET } "
exit 1
fi
done
2024-07-10 14:03:57 +02:00
}
2024-07-10 20:46:54 +02:00
check_dependencies
2024-07-10 14:03:57 +02:00
2024-07-10 16:41:36 +02:00
# Display help
2024-07-10 14:03:57 +02:00
usage( ) {
2024-07-13 11:46:53 +02:00
echo -e " \n ${ COLOR_YELLOW } Usage:./nginx_proxy_manager_cli.sh -d domain -i ip -p port [-f forward_scheme] [-c caching_enabled] [-b block_exploits] [-w allow_websocket_upgrade] [-a advanced_config] [-t token_expiry] [--create-user username password email] [--delete-user username] [--delete-host id] [--list-hosts] [--list-hosts-full] [--list-ssl-certificates] [--list-users] [--search-host hostname] [--enable-host id] [--disable-host id] [--check-token] [--backup] [--generate-cert domain email [--custom]] [--ssl-host-enable id] [--ssl-host-disable id] [--show-host id] [--show-default] [--help] ${ COLOR_RESET } "
2024-07-10 20:46:54 +02:00
echo ""
echo -e "Examples:"
2024-07-13 11:46:53 +02:00
echo -e "\n 📦 Backup First before doing anything!"
2024-07-12 13:18:30 +02:00
echo -e " ./nginx_proxy_manager_cli.sh --backup"
2024-07-13 11:46:53 +02:00
echo -e "\n 🌐 Host Creation"
2024-07-12 21:43:35 +02:00
echo -e " ./nginx_proxy_manager_cli.sh --show-default"
echo -e " ./nginx_proxy_manager_cli.sh -d example.com -i 192.168.1.10 -p 8080"
2024-07-10 20:46:54 +02:00
echo -e " ./nginx_proxy_manager_cli.sh --list-hosts"
2024-07-13 11:46:53 +02:00
echo -e " ./nginx_proxy_manager_cli.sh --show-host 1"
echo -e "\n 👤 User Management"
2024-07-12 21:43:35 +02:00
echo -e " ./nginx_proxy_manager_cli.sh --create-user newuser password123 user@example.com"
echo -e " ./nginx_proxy_manager_cli.sh --delete-user 'username'"
2024-07-13 11:46:53 +02:00
echo -e "\n 🔧 Advanced Example:"
2024-07-12 21:43:35 +02:00
echo -e " ./nginx_proxy_manager_cli.sh -d example.com -i 192.168.1.10 -p 8080 -a 'proxy_set_header X-Real-IP \$remote_addr; proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;'"
2024-07-13 11:46:53 +02:00
echo -e " ./nginx_proxy_manager_cli.sh --ssl-host-enable 32"
2024-07-13 12:31:45 +02:00
echo -e " ./nginx_proxy_manager_cli.sh --generate-cert example.com user@example.com --custom"
2024-07-12 21:43:35 +02:00
echo -e ""
2024-07-10 14:03:57 +02:00
echo -e "Options:"
2024-07-13 11:46:53 +02:00
echo -e " -d ${ COLOR_ORANGE } DOMAIN_NAMES ${ COLOR_RESET } Domain name ( ${ COLOR_RED } required ${ COLOR_RESET } ) "
echo -e " -i ${ COLOR_ORANGE } FORWARD_HOST ${ COLOR_RESET } IP address or domain name of the target server ( ${ COLOR_RED } required ${ COLOR_RESET } ) "
echo -e " -p ${ COLOR_ORANGE } FORWARD_PORT ${ COLOR_RESET } Port of the target server ( ${ COLOR_RED } required ${ COLOR_RESET } ) "
2024-07-13 12:31:45 +02:00
echo -e " -f FORWARD_SCHEME Scheme for forwarding (http/https, default: $( colorize_booleanh $FORWARD_SCHEME ) ) "
2024-07-13 11:46:53 +02:00
echo -e " -c CACHING_ENABLED Enable caching (true/false, default: $( colorize_boolean $CACHING_ENABLED ) ) "
echo -e " -b BLOCK_EXPLOITS Block exploits (true/false, default: $( colorize_boolean $BLOCK_EXPLOITS ) ) "
echo -e " -w ALLOW_WEBSOCKET_UPGRADE Allow WebSocket upgrade (true/false, default: $( colorize_boolean $ALLOW_WEBSOCKET_UPGRADE ) ) "
2024-07-13 12:31:45 +02:00
echo -e " -a ADVANCED_CONFIG Advanced configuration ( ${ COLOR_YELLOW } string ${ COLOR_RESET } ) "
echo -e " --backup ${ COLOR_GREEN } Backup ${ COLOR_RESET } all configurations to a differnts files in $BACKUP_DIR "
echo -e " --check-token ${ COLOR_YELLOW } Check ${ COLOR_RESET } if the current token is valid "
echo -e " --create-user user pass email ${ COLOR_GREEN } Create ${ COLOR_RESET } a user with a ${ COLOR_YELLOW } username, ${ COLOR_YELLOW } password ${ COLOR_RESET } and ${ COLOR_YELLOW } email ${ COLOR_RESET } "
echo -e " --delete-user username ${ COLOR_ORANGE } Delete ${ COLOR_RESET } a user by ${ COLOR_YELLOW } username ${ COLOR_RESET } "
echo -e " --delete-host id ${ COLOR_ORANGE } Delete ${ COLOR_RESET } a proxy host by ${ COLOR_YELLOW } ID ${ COLOR_RESET } "
echo -e " --show-default ${ COLOR_YELLOW } Show ${ COLOR_RESET } default settings for creating hosts "
echo -e " --show-host id ${ COLOR_YELLOW } Show ${ COLOR_RESET } full details for a specific host by ${ COLOR_YELLOW } ID ${ COLOR_RESET } "
echo -e " --list-hosts ${ COLOR_YELLOW } List ${ COLOR_RESET } the names of all proxy hosts "
echo -e " --list-hosts-full ${ COLOR_YELLOW } List ${ COLOR_RESET } all proxy hosts with full details "
echo -e " --list-ssl-certificates ${ COLOR_YELLOW } List ${ COLOR_RESET } all SSL certificates "
echo -e " --list-users ${ COLOR_YELLOW } List ${ COLOR_RESET } all users "
echo -e " --search-host hostname ${ COLOR_GREEN } Search ${ COLOR_RESET } for a proxy host by domain name "
echo -e " --enable-host id ${ COLOR_GREEN } Enable ${ COLOR_RESET } a proxy host by ${ COLOR_YELLOW } ID ${ COLOR_RESET } "
echo -e " --disable-host id ${ COLOR_ORANGE } Disable ${ COLOR_RESET } a proxy host by ${ COLOR_YELLOW } ID ${ COLOR_RESET } "
echo -e " --ssl-host-enable id ${ COLOR_GREEN } Enable ${ COLOR_RESET } SSL, HTTP/2, and HSTS for a proxy host ( Will generate Certificat auto if needed ) "
echo -e " --ssl-host-disable id ${ COLOR_ORANGE } Disable ${ COLOR_RESET } SSL, HTTP/2, and HSTS for a proxy host "
echo -e " --generate-cert domain email [--custom] Generate a Let's Encrypt [or] Custom certificate for the given domain and email ( don't use not finish )"
echo -e " --help ${ COLOR_YELLOW } Display ${ COLOR_RESET } this help "
2024-07-10 20:46:54 +02:00
echo
exit 0
2024-07-10 14:03:57 +02:00
}
2024-07-12 13:07:09 +02:00
# Colorize boolean values for display
2024-07-10 20:46:54 +02:00
colorize_boolean( ) {
local value = $1
if [ " $value " = true ] ; then
echo -e " ${ COLOR_GREEN } true ${ COLOR_RESET } "
else
echo -e " ${ COLOR_YELLOW } false ${ COLOR_RESET } "
fi
2024-07-13 12:31:45 +02:00
}
colorize_booleanh( ) {
local value = $1
if [ " $value " = https ] ; then
echo -e " ${ COLOR_GREEN } https ${ COLOR_RESET } "
else
echo -e " ${ COLOR_YELLOW } http ${ COLOR_RESET } "
fi
2024-07-10 20:46:54 +02:00
}
2024-07-10 14:03:57 +02:00
2024-07-12 13:07:09 +02:00
# Parse options
2024-07-12 21:43:35 +02:00
while getopts "d:i:p:f:c:b:w:a:t:-:" opt; do
2024-07-10 14:03:57 +02:00
case $opt in
d) DOMAIN_NAMES = " $OPTARG " ; ;
i) FORWARD_HOST = " $OPTARG " ; ;
p) FORWARD_PORT = " $OPTARG " ; ;
2024-07-10 16:41:36 +02:00
f) FORWARD_SCHEME = " $OPTARG " ; ;
2024-07-10 14:03:57 +02:00
c) CACHING_ENABLED = " $OPTARG " ; ;
b) BLOCK_EXPLOITS = " $OPTARG " ; ;
w) ALLOW_WEBSOCKET_UPGRADE = " $OPTARG " ; ;
a) ADVANCED_CONFIG = " $OPTARG " ; ;
-)
case " ${ OPTARG } " in
help ) usage ; ;
create-user)
CREATE_USER = true
USERNAME = " ${ !OPTIND } " ; shift
PASSWORD = " ${ !OPTIND } " ; shift
2024-07-12 13:07:09 +02:00
EMAIL = " ${ !OPTIND } " ; shift
2024-07-10 14:03:57 +02:00
; ;
delete-user)
DELETE_USER = true
USERNAME = " ${ !OPTIND } " ; shift
; ;
delete-host)
DELETE_HOST = true
HOST_ID = " ${ !OPTIND } " ; shift
; ;
list-hosts) LIST_HOSTS = true ; ;
list-hosts-full) LIST_HOSTS_FULL = true ; ;
list-ssl-certificates) LIST_SSL_CERTIFICATES = true ; ;
list-users) LIST_USERS = true ; ;
search-host)
SEARCH_HOST = true
SEARCH_HOSTNAME = " ${ !OPTIND } " ; shift
; ;
2024-07-11 11:50:09 +02:00
enable-host)
ENABLE_HOST = true
HOST_ID = " ${ !OPTIND } " ; shift
; ;
disable-host)
DISABLE_HOST = true
HOST_ID = " ${ !OPTIND } " ; shift
; ;
2024-07-12 13:07:09 +02:00
check-token) CHECK_TOKEN = true ; ;
backup) BACKUP = true ; ;
2024-07-12 21:43:35 +02:00
generate-cert)
GENERATE_CERT = true
DOMAIN = " ${ !OPTIND } " ; shift
EMAIL = " ${ !OPTIND } " ; shift
; ;
2024-07-13 11:46:53 +02:00
custom) CUSTOM_CERT = true ; ;
2024-07-12 21:43:35 +02:00
ssl-host-enable)
ENABLE_SSL = true
HOST_ID = " ${ !OPTIND } " ; shift
; ;
ssl-host-disable)
DISABLE_SSL = true
HOST_ID = " ${ !OPTIND } " ; shift
; ;
show-default)
SHOW_DEFAULT = true
; ;
show-host)
SHOW_HOST = true
HOST_ID = " ${ !OPTIND } " ; shift
; ;
force-cert-creation)
FORCE_CERT_CREATION = true
; ;
2024-07-10 16:41:36 +02:00
*) echo " Unknown option -- ${ OPTARG } " ; usage ; ;
2024-07-10 14:03:57 +02:00
esac ; ;
*) usage ; ;
esac
done
2024-07-12 13:07:09 +02:00
# If no arguments are provided, display usage
if [ $# -eq 0 ] ; then
usage
fi
# Check if the Nginx Proxy Manager API is accessible
2024-07-10 20:46:54 +02:00
check_nginx_access( ) {
if ping -c 2 -W 2 $NGINX_IP & > /dev/null; then
if curl --output /dev/null --silent --head --fail " $BASE_URL " ; then
2024-07-12 22:32:29 +02:00
echo -e " \n ✅ Nginx url: $BASE_URL "
2024-07-10 20:46:54 +02:00
else
2024-07-12 22:32:29 +02:00
echo -e " \n ⛔ Nginx url ⛔ $BASE_URL is NOT accessible. "
2024-07-10 20:46:54 +02:00
exit 1
fi
else
2024-07-12 22:01:59 +02:00
echo -e " \n ⛔ $NGINX_IP ⛔ is not responding. Houston, we have a problem. "
2024-07-10 20:46:54 +02:00
exit 1
fi
}
2024-07-12 13:07:09 +02:00
# Generate a new API token
2024-07-10 20:46:54 +02:00
generate_token( ) {
response = $( curl -s -X POST " $BASE_URL $API_ENDPOINT " \
-H "Content-Type: application/json; charset=UTF-8" \
--data-raw " {\"identity\":\" $API_USER \",\"secret\":\" $API_PASS \",\"expiry\":\" $TOKEN_EXPIRY \"} " )
2024-07-12 21:43:35 +02:00
token = $( echo " $response " | jq -r '.token' )
expires = $( echo " $response " | jq -r '.expires' )
2024-07-10 20:46:54 +02:00
if [ " $token " != "null" ] ; then
2024-07-12 21:43:35 +02:00
echo " $token " > $TOKEN_FILE
echo " $expires " > $EXPIRY_FILE
2024-07-10 20:46:54 +02:00
echo " Token: $token "
echo " Expiry: $expires "
else
echo -e " ${ COLOR_RED } Error generating token. ${ COLOR_RESET } "
2024-07-12 13:07:09 +02:00
echo -e "Check your [user] and [pass] and [IP]"
2024-07-10 20:46:54 +02:00
exit 1
fi
}
2024-07-12 13:07:09 +02:00
# Validate the existing token
2024-07-10 20:46:54 +02:00
validate_token( ) {
if [ ! -f " $TOKEN_FILE " ] || [ ! -f " $EXPIRY_FILE " ] ; then
return 1
fi
token = $( cat $TOKEN_FILE )
expires = $( cat $EXPIRY_FILE )
current_time = $( date -u +"%Y-%m-%dT%H:%M:%SZ" )
if [ [ " $current_time " < " $expires " ] ] ; then
2024-07-12 21:43:35 +02:00
echo -e " ✅ ${ COLOR_GREEN } The token is valid. Expiry: $expires ${ COLOR_RESET } "
2024-07-10 20:46:54 +02:00
return 0
else
2024-07-12 21:43:35 +02:00
echo -e " ⛔ ${ COLOR_RED } The token is invalid. Expiry: $expires ${ COLOR_RESET } "
2024-07-10 20:46:54 +02:00
return 1
fi
}
2024-07-12 13:07:09 +02:00
# Ensure Nginx access and token validity before proceeding
if [ [ ! " $1 " = ~ --help ] ] ; then
check_nginx_access
2024-07-10 20:46:54 +02:00
2024-07-12 13:07:09 +02:00
if ! validate_token; then
echo "No valid token found. Generating a new token..."
generate_token
fi
2024-07-10 14:03:57 +02:00
fi
2024-07-13 11:46:53 +02:00
2024-07-12 13:07:09 +02:00
# Check if a proxy host with the given domain names already exists
2024-07-10 16:41:36 +02:00
check_existing_proxy_host( ) {
RESPONSE = $( curl -s -X GET " $BASE_URL /nginx/proxy-hosts " \
-H " Authorization: Bearer $( cat $TOKEN_FILE ) " )
EXISTING_HOST = $( echo " $RESPONSE " | jq -r --arg DOMAIN " $DOMAIN_NAMES " '.[] | select(.domain_names[] == $DOMAIN)' )
if [ -n " $EXISTING_HOST " ] ; then
2024-07-10 20:46:54 +02:00
echo -e " \n 🔔 Proxy host for $DOMAIN_NAMES already exists. ${ COLOR_GREEN } "
read -p " Do you want to update it with the new configuration? (y/n): " -r
2024-07-10 16:41:36 +02:00
if [ [ $REPLY = ~ ^[ Yy] $ ] ] ; then
HOST_ID = $( echo " $EXISTING_HOST " | jq -r '.id' )
2024-07-12 21:43:35 +02:00
update_proxy_host " $HOST_ID "
2024-07-10 16:41:36 +02:00
else
2024-07-10 20:46:54 +02:00
echo -e " ${ COLOR_RESET } No changes made. "
2024-07-10 16:41:36 +02:00
exit 0
fi
2024-07-10 20:46:54 +02:00
else
create_new_proxy_host
2024-07-10 16:41:36 +02:00
fi
}
2024-07-12 13:07:09 +02:00
# Update an existing proxy host
2024-07-10 16:41:36 +02:00
update_proxy_host( ) {
HOST_ID = $1
2024-07-10 20:46:54 +02:00
echo -e " \n Updating proxy host for $DOMAIN_NAMES ... "
2024-07-10 16:41:36 +02:00
2024-07-12 13:07:09 +02:00
ADVANCED_CONFIG_ESCAPED = $( printf '%s' " $ADVANCED_CONFIG " | sed ':a;N;$!ba;s/\n/\\n/g' | sed 's/"/\\"/g' )
DATA = $( printf ' {
"domain_names" : [ "%s" ] ,
"forward_host" : "%s" ,
"forward_port" : %s,
"access_list_id" : null,
"certificate_id" : null,
"ssl_forced" : %s,
"caching_enabled" : %s,
"block_exploits" : %s,
"advanced_config" : "%s" ,
"meta" : {
2024-07-12 21:43:35 +02:00
"dns_challenge" : %s
2024-07-12 13:07:09 +02:00
} ,
"allow_websocket_upgrade" : %s,
"http2_support" : %s,
"forward_scheme" : "%s" ,
"enabled" : true,
"locations" : [ ]
2024-07-12 21:43:35 +02:00
} ' " $DOMAIN_NAMES " " $FORWARD_HOST " " $FORWARD_PORT " " $SSL_FORCED " " $CACHING_ENABLED " " $BLOCK_EXPLOITS " " $ADVANCED_CONFIG_ESCAPED " " $DNS_CHALLENGE " " $ALLOW_WEBSOCKET_UPGRADE " " $HTTP2_SUPPORT " " $FORWARD_SCHEME " )
2024-07-12 13:07:09 +02:00
echo -e " Request Data: $DATA "
echo " $DATA " | jq . > /dev/null 2>& 1
if [ $? -ne 0 ] ; then
echo -e " ${ COLOR_RED } Invalid JSON format ${ COLOR_RESET } "
exit 1
fi
RESPONSE = $( curl -v -s -X PUT " $BASE_URL /nginx/proxy-hosts/ $HOST_ID " \
2024-07-10 16:41:36 +02:00
-H " Authorization: Bearer $( cat $TOKEN_FILE ) " \
-H "Content-Type: application/json; charset=UTF-8" \
--data-raw " $DATA " )
2024-07-12 13:07:09 +02:00
echo -e " Response: $RESPONSE "
2024-07-12 21:43:35 +02:00
if [ " $( echo " $RESPONSE " | jq -r '.error | length' ) " -eq 0 ] ; then
2024-07-12 13:07:09 +02:00
echo -e " ✅ ${ COLOR_GREEN } Proxy host updated successfully! ${ COLOR_RESET } "
2024-07-10 20:46:54 +02:00
else
2024-07-12 13:07:09 +02:00
echo -e " ⛔ ${ COLOR_RED } Failed to update proxy host. Error: $( echo " $RESPONSE " | jq -r '.message' ) ${ COLOR_RESET } "
2024-07-10 16:41:36 +02:00
fi
2024-07-10 20:46:54 +02:00
}
2024-07-10 16:41:36 +02:00
2024-07-12 13:07:09 +02:00
# Create a new proxy host
2024-07-10 20:46:54 +02:00
create_new_proxy_host( ) {
2024-07-10 16:41:36 +02:00
echo " Creating proxy host for $DOMAIN_NAMES ... "
2024-07-10 14:03:57 +02:00
DATA = ' {
"domain_names" : [ "'" $DOMAIN_NAMES "'" ] ,
"forward_host" : "'" $FORWARD_HOST "'" ,
"forward_port" : '"$FORWARD_PORT"' ,
"access_list_id" : null,
"certificate_id" : null,
2024-07-12 21:43:35 +02:00
"ssl_forced" : false,
2024-07-10 14:03:57 +02:00
"caching_enabled" : '"$CACHING_ENABLED"' ,
"block_exploits" : '"$BLOCK_EXPLOITS"' ,
"advanced_config" : "'" $ADVANCED_CONFIG "'" ,
"meta" : {
2024-07-12 21:43:35 +02:00
"dns_challenge" : '"$DNS_CHALLENGE"'
2024-07-10 14:03:57 +02:00
} ,
"allow_websocket_upgrade" : '"$ALLOW_WEBSOCKET_UPGRADE"' ,
"http2_support" : '"$HTTP2_SUPPORT"' ,
2024-07-10 16:41:36 +02:00
"forward_scheme" : "'" $FORWARD_SCHEME "'" ,
2024-07-10 14:03:57 +02:00
"enabled" : true,
"locations" : [ ]
} '
RESPONSE = $( curl -s -X POST " $BASE_URL /nginx/proxy-hosts " \
-H " Authorization: Bearer $( cat $TOKEN_FILE ) " \
-H "Content-Type: application/json; charset=UTF-8" \
--data-raw " $DATA " )
2024-07-12 21:43:35 +02:00
if [ " $( echo " $RESPONSE " | jq -r '.error | length' ) " -eq 0 ] ; then
2024-07-12 13:07:09 +02:00
echo -e " ✅ ${ COLOR_GREEN } Proxy host created successfully! ${ COLOR_RESET } "
2024-07-10 20:46:54 +02:00
else
2024-07-12 13:07:09 +02:00
echo -e " ⛔ ${ COLOR_RED } Failed to create proxy host. Error: $( echo " $RESPONSE " | jq -r '.message' ) ${ COLOR_RESET } "
2024-07-10 20:46:54 +02:00
fi
}
2024-07-12 13:07:09 +02:00
# Create or update a proxy host based on the existence of the domain
2024-07-10 20:46:54 +02:00
create_or_update_proxy_host( ) {
if [ -z " $DOMAIN_NAMES " ] || [ -z " $FORWARD_HOST " ] || [ -z " $FORWARD_PORT " ] ; then
2024-07-12 21:43:35 +02:00
echo " The -d, -i, and -p options are required to create or update a proxy host."
2024-07-10 20:46:54 +02:00
usage
fi
check_existing_proxy_host
2024-07-10 14:03:57 +02:00
}
2024-07-12 13:07:09 +02:00
# Delete a proxy host by ID
2024-07-10 14:03:57 +02:00
delete_proxy_host( ) {
if [ -z " $HOST_ID " ] ; then
2024-07-12 21:43:35 +02:00
echo " The --delete-host option requires a host ID."
2024-07-10 14:03:57 +02:00
usage
fi
2024-07-12 21:43:35 +02:00
echo " Deleting proxy host ID: $HOST_ID ... "
2024-07-12 13:07:09 +02:00
2024-07-10 14:03:57 +02:00
RESPONSE = $( curl -s -X DELETE " $BASE_URL /nginx/proxy-hosts/ $HOST_ID " \
-H " Authorization: Bearer $( cat $TOKEN_FILE ) " )
2024-07-12 13:07:09 +02:00
if echo " $RESPONSE " | jq -e .error > /dev/null 2>& 1; then
echo -e " ⛔ ${ COLOR_RED } Failed to delete proxy host. Error: $( echo " $RESPONSE " | jq -r '.message' ) ${ COLOR_RESET } "
2024-07-10 20:46:54 +02:00
else
2024-07-12 13:07:09 +02:00
echo -e " ✅ ${ COLOR_GREEN } Proxy host deleted successfully! ${ COLOR_RESET } "
2024-07-10 20:46:54 +02:00
fi
2024-07-10 14:03:57 +02:00
}
2024-07-13 11:46:53 +02:00
# Function to pad strings to a certain length
pad( ) {
local str = " $1 "
local len = " $2 "
local str_len = ${# str }
local pad_len = $(( len - str_len))
local padding = $( printf '%*s' " $pad_len " "" )
echo " $str $padding "
}
2024-07-12 13:07:09 +02:00
# List all proxy hosts with basic details
2024-07-11 11:50:09 +02:00
list_proxy_hosts( ) {
2024-07-13 11:46:53 +02:00
echo -e " \n ${ COLOR_ORANGE } 👉 List of proxy hosts (simple) ${ COLOR_RESET } "
printf " %-6s %-36s %-9s %-4s\n" "ID" "Domain" "Status" "SSL"
RESPONSE = $( curl -s -X GET " $BASE_URL /nginx/proxy-hosts " \
-H " Authorization: Bearer $( cat $TOKEN_FILE ) " )
echo " $RESPONSE " | jq -r '.[] | "\(.id) \(.domain_names | join(", ")) \(.enabled) \(.ssl_forced)"' | while read -r id domain enabled ssl_forced; do
if [ " $enabled " -eq 1 ] ; then
#status="[${WHITE_ON_GREEN}enabled${COLOR_RESET} ]"
status = " $( echo -e " ${ WHITE_ON_GREEN } enabled ${ COLOR_RESET } " ) "
else
#status="[${COLOR_RED}disabled${COLOR_RESET}]"
status = " $( echo -e " ${ COLOR_RED } disable ${ COLOR_RESET } " ) "
fi
if [ " $ssl_forced " -eq 1 ] ; then
ssl_status = "✅"
else
ssl_status = "✘"
fi
# Print the row with colors
printf " ${ COLOR_YELLOW } %6s ${ COLOR_RESET } ${ COLOR_GREEN } %-36s ${ COLOR_RESET } %-8s %-4s\n " \
" $( pad " $id " 6) " " $( pad " $domain " 36) " " $status " " $ssl_status "
done
}
# List all proxy hosts with basic details
list_proxy_hosts_( ) {
2024-07-12 13:07:09 +02:00
echo -e " \n ${ COLOR_ORANGE } 👉 List of proxy hosts (simple) ${ COLOR_RESET } "
2024-07-11 11:50:09 +02:00
RESPONSE = $( curl -s -X GET " $BASE_URL /nginx/proxy-hosts " \
-H " Authorization: Bearer $( cat $TOKEN_FILE ) " )
echo " $RESPONSE " | jq -r '.[] | "\(.id) \(.domain_names | join(", ")) \(.enabled)"' | while read -r id domain enabled; do
if [ " $enabled " -eq 1 ] ; then
2024-07-11 12:36:09 +02:00
status = " [ ${ WHITE_ON_GREEN } enabled ${ COLOR_RESET } ] "
2024-07-11 11:50:09 +02:00
else
status = " [ ${ COLOR_RED } disabled ${ COLOR_RESET } ] "
fi
printf " id: ${ COLOR_YELLOW } %-4s ${ COLOR_RESET } ${ COLOR_GREEN } %-20s ${ COLOR_RESET } %b\n " " $id " " $domain " " $status "
done
}
2024-07-12 13:07:09 +02:00
# List all proxy hosts with full details
2024-07-10 14:03:57 +02:00
list_proxy_hosts_full( ) {
2024-07-12 13:07:09 +02:00
echo -e " \n ${ COLOR_ORANGE } 👉 List of proxy hosts with full details... ${ COLOR_RESET } \n "
2024-07-10 14:03:57 +02:00
RESPONSE = $( curl -s -X GET " $BASE_URL /nginx/proxy-hosts " \
-H " Authorization: Bearer $( cat $TOKEN_FILE ) " )
2024-07-12 13:07:09 +02:00
echo " $RESPONSE " | jq -c '.[]' | while read -r proxy; do
echo " $proxy " | jq .
2024-07-10 14:03:57 +02:00
done
}
2024-07-12 21:43:35 +02:00
# Show full details for a specific host by ID
show_host( ) {
if [ -z " $HOST_ID " ] ; then
echo " The --show-host option requires a host ID."
usage
fi
echo -e " \n ${ COLOR_ORANGE } 👉 Full details for proxy host ID: $HOST_ID ... ${ COLOR_RESET } \n "
RESPONSE = $( curl -s -X GET " $BASE_URL /nginx/proxy-hosts/ $HOST_ID " \
-H " Authorization: Bearer $( cat $TOKEN_FILE ) " )
echo " $RESPONSE " | jq .
}
2024-07-12 13:07:09 +02:00
# Search for a proxy host by domain name
2024-07-10 14:03:57 +02:00
search_proxy_host( ) {
if [ -z " $SEARCH_HOSTNAME " ] ; then
2024-07-12 21:43:35 +02:00
echo " The --search-host option requires a domain name."
2024-07-10 14:03:57 +02:00
usage
fi
2024-07-12 13:07:09 +02:00
echo -e " \nSearching for proxy host for $SEARCH_HOSTNAME ... "
2024-07-10 14:03:57 +02:00
RESPONSE = $( curl -s -X GET " $BASE_URL /nginx/proxy-hosts " \
-H " Authorization: Bearer $( cat $TOKEN_FILE ) " )
2024-07-10 21:39:11 +02:00
2024-07-10 14:03:57 +02:00
echo " $RESPONSE " | jq -c --arg search " $SEARCH_HOSTNAME " '.[] | select(.domain_names[] | contains($search))' | while IFS = read -r line; do
2024-07-10 21:39:11 +02:00
id = $( echo " $line " | jq -r '.id' )
2024-07-10 14:03:57 +02:00
domain_names = $( echo " $line " | jq -r '.domain_names[]' )
2024-07-11 11:50:09 +02:00
echo -e " id: ${ COLOR_YELLOW } $id ${ COLOR_RESET } ${ COLOR_GREEN } $domain_names ${ COLOR_RESET } "
2024-07-10 14:03:57 +02:00
done
}
2024-07-12 13:07:09 +02:00
# List all SSL certificates
2024-07-10 14:03:57 +02:00
list_ssl_certificates( ) {
2024-07-12 13:07:09 +02:00
echo " 👉 List of SSL certificates..."
2024-07-10 14:03:57 +02:00
RESPONSE = $( curl -s -X GET " $BASE_URL /nginx/certificates " \
-H " Authorization: Bearer $( cat $TOKEN_FILE ) " )
echo " $RESPONSE " | jq
}
2024-07-12 13:07:09 +02:00
# List all users
2024-07-10 14:03:57 +02:00
list_users( ) {
2024-07-12 13:07:09 +02:00
echo " 👉 List of users..."
2024-07-10 14:03:57 +02:00
RESPONSE = $( curl -s -X GET " $BASE_URL /users " \
-H " Authorization: Bearer $( cat $TOKEN_FILE ) " )
echo " $RESPONSE " | jq
}
2024-07-13 11:46:53 +02:00
2024-07-12 13:07:09 +02:00
# Create a new user
2024-07-10 14:03:57 +02:00
create_user( ) {
2024-07-12 13:07:09 +02:00
if [ -z " $USERNAME " ] || [ -z " $PASSWORD " ] || [ -z " $EMAIL " ] ; then
2024-07-12 21:43:35 +02:00
echo " The username, password, and email parameters are required to create a user."
2024-07-10 14:03:57 +02:00
usage
fi
2024-07-12 21:43:35 +02:00
echo " Creating user $USERNAME ... "
2024-07-12 13:07:09 +02:00
DATA = $( jq -n --arg username " $USERNAME " --arg password " $PASSWORD " --arg email " $EMAIL " --arg name " $USERNAME " --arg nickname " $USERNAME " --arg secret " $PASSWORD " ' {
name: $name ,
nickname: $nickname ,
email: $email ,
roles: [ "admin" ] ,
is_disabled: false,
auth: {
type: "password" ,
secret: $secret
}
} ' )
echo " Data being sent: $DATA " # Log the data being sent
HTTP_RESPONSE = $( curl -s -w "HTTPSTATUS:%{http_code}" -X POST " $BASE_URL /users " \
2024-07-10 14:03:57 +02:00
-H " Authorization: Bearer $( cat $TOKEN_FILE ) " \
-H "Content-Type: application/json; charset=UTF-8" \
2024-07-12 13:07:09 +02:00
--data-raw " $DATA " )
HTTP_BODY = $( echo " $HTTP_RESPONSE " | sed -e 's/HTTPSTATUS\:.*//g' )
HTTP_STATUS = $( echo " $HTTP_RESPONSE " | tr -d '\n' | sed -e 's/.*HTTPSTATUS://' )
if [ " $HTTP_STATUS " -eq 201 ] ; then
echo -e " ✅ ${ COLOR_GREEN } User created successfully! ${ COLOR_RESET } "
2024-07-10 20:46:54 +02:00
else
2024-07-12 13:07:09 +02:00
echo " Data sent: $DATA " # Log the data sent
echo -e " ⛔ ${ COLOR_RED } Failed to create user. HTTP status: $HTTP_STATUS . Response: $HTTP_BODY ${ COLOR_RESET } "
2024-07-10 20:46:54 +02:00
fi
2024-07-10 14:03:57 +02:00
}
2024-07-12 13:07:09 +02:00
# Delete a user by username
2024-07-10 14:03:57 +02:00
delete_user( ) {
if [ -z " $USERNAME " ] ; then
2024-07-12 21:43:35 +02:00
echo " The --delete-user option requires a username."
2024-07-10 14:03:57 +02:00
usage
fi
2024-07-12 21:43:35 +02:00
echo " Deleting user $USERNAME ... "
2024-07-12 13:07:09 +02:00
# Fetch the user ID based on the username
2024-07-10 14:03:57 +02:00
USER_ID = $( curl -s -X GET " $BASE_URL /users " \
2024-07-12 13:07:09 +02:00
-H " Authorization: Bearer $( cat $TOKEN_FILE ) " | jq -r --arg USERNAME " $USERNAME " '.[] | select(.nickname == $USERNAME) | .id' )
2024-07-10 14:03:57 +02:00
if [ -n " $USER_ID " ] ; then
2024-07-12 13:07:09 +02:00
HTTP_RESPONSE = $( curl -s -w "HTTPSTATUS:%{http_code}" -X DELETE " $BASE_URL /users/ $USER_ID " \
2024-07-10 14:03:57 +02:00
-H " Authorization: Bearer $( cat $TOKEN_FILE ) " )
2024-07-12 13:07:09 +02:00
HTTP_BODY = $( echo " $HTTP_RESPONSE " | sed -e 's/HTTPSTATUS\:.*//g' )
HTTP_STATUS = $( echo " $HTTP_RESPONSE " | tr -d '\n' | sed -e 's/.*HTTPSTATUS://' )
if [ " $HTTP_STATUS " -eq 200 ] ; then
echo -e " ✅ ${ COLOR_GREEN } User deleted successfully! ${ COLOR_RESET } "
2024-07-10 20:46:54 +02:00
else
2024-07-12 13:07:09 +02:00
echo -e " ⛔ ${ COLOR_RED } Failed to delete user. HTTP status: $HTTP_STATUS . Response: $HTTP_BODY ${ COLOR_RESET } "
2024-07-10 20:46:54 +02:00
fi
2024-07-10 14:03:57 +02:00
else
2024-07-12 13:07:09 +02:00
echo -e " ${ COLOR_RED } User not found: $USERNAME ${ COLOR_RESET } "
2024-07-10 14:03:57 +02:00
fi
}
2024-07-12 13:07:09 +02:00
# Enable a proxy host by ID
2024-07-11 11:50:09 +02:00
enable_proxy_host( ) {
if [ -z " $HOST_ID " ] ; then
2024-07-12 21:43:35 +02:00
echo " The --enable-host option requires a host ID."
2024-07-11 11:50:09 +02:00
usage
fi
2024-07-12 21:43:35 +02:00
echo " Enabling proxy host ID: $HOST_ID ... "
2024-07-12 13:07:09 +02:00
# Check if the proxy host exists before enabling
CHECK_RESPONSE = $( curl -s -X GET " $BASE_URL /nginx/proxy-hosts/ $HOST_ID " \
-H " Authorization: Bearer $( cat $TOKEN_FILE ) " )
if echo " $CHECK_RESPONSE " | jq -e '.id' > /dev/null 2>& 1; then
# Proxy host exists, proceed to enable
DATA = $( echo " $CHECK_RESPONSE " | jq '{enabled: 1}' )
HTTP_RESPONSE = $( curl -s -w "HTTPSTATUS:%{http_code}" -X PUT " $BASE_URL /nginx/proxy-hosts/ $HOST_ID " \
-H " Authorization: Bearer $( cat $TOKEN_FILE ) " \
-H "Content-Type: application/json; charset=UTF-8" \
--data-raw " $DATA " )
# Extract the body and the status
HTTP_BODY = $( echo " $HTTP_RESPONSE " | sed -e 's/HTTPSTATUS\:.*//g' )
HTTP_STATUS = $( echo " $HTTP_RESPONSE " | tr -d '\n' | sed -e 's/.*HTTPSTATUS://' )
if [ " $HTTP_STATUS " -eq 200 ] ; then
echo -e " ✅ ${ COLOR_GREEN } Proxy host enabled successfully! ${ COLOR_RESET } "
else
echo -e " ⛔ ${ COLOR_RED } Failed to enable proxy host. HTTP status: $HTTP_STATUS . Response: $HTTP_BODY ${ COLOR_RESET } "
fi
2024-07-11 11:50:09 +02:00
else
2024-07-12 13:07:09 +02:00
echo -e " ⛔ ${ COLOR_RED } Proxy host with ID $HOST_ID does not exist. ${ COLOR_RESET } "
2024-07-11 11:50:09 +02:00
fi
}
2024-07-12 13:07:09 +02:00
# Disable a proxy host by ID
2024-07-11 11:50:09 +02:00
disable_proxy_host( ) {
if [ -z " $HOST_ID " ] ; then
2024-07-12 21:43:35 +02:00
echo " The --disable-host option requires a host ID."
2024-07-11 11:50:09 +02:00
usage
fi
2024-07-12 21:43:35 +02:00
echo " Disabling proxy host ID: $HOST_ID ... "
2024-07-12 13:07:09 +02:00
# Check if the proxy host exists before disabling
CHECK_RESPONSE = $( curl -s -X GET " $BASE_URL /nginx/proxy-hosts/ $HOST_ID " \
-H " Authorization: Bearer $( cat $TOKEN_FILE ) " )
if echo " $CHECK_RESPONSE " | jq -e '.id' > /dev/null 2>& 1; then
# Proxy host exists, proceed to disable
DATA = $( echo " $CHECK_RESPONSE " | jq '{enabled: 0}' )
HTTP_RESPONSE = $( curl -s -w "HTTPSTATUS:%{http_code}" -X PUT " $BASE_URL /nginx/proxy-hosts/ $HOST_ID " \
-H " Authorization: Bearer $( cat $TOKEN_FILE ) " \
-H "Content-Type: application/json; charset=UTF-8" \
--data-raw " $DATA " )
# Extract the body and the status
HTTP_BODY = $( echo " $HTTP_RESPONSE " | sed -e 's/HTTPSTATUS\:.*//g' )
HTTP_STATUS = $( echo " $HTTP_RESPONSE " | tr -d '\n' | sed -e 's/.*HTTPSTATUS://' )
if [ " $HTTP_STATUS " -eq 200 ] ; then
echo -e " ✅ ${ COLOR_GREEN } Proxy host disabled successfully! ${ COLOR_RESET } "
else
echo -e " ⛔ ${ COLOR_RED } Failed to disable proxy host. HTTP status: $HTTP_STATUS . Response: $HTTP_BODY ${ COLOR_RESET } "
fi
2024-07-11 11:50:09 +02:00
else
2024-07-12 13:07:09 +02:00
echo -e " ⛔ ${ COLOR_RED } Proxy host with ID $HOST_ID does not exist. ${ COLOR_RESET } "
2024-07-11 11:50:09 +02:00
fi
}
2024-07-12 21:43:35 +02:00
# Generate Let's Encrypt certificate if not exists
generate_certificate( ) {
if [ -z " $DOMAIN " ] || [ -z " $EMAIL " ] ; then
2024-07-13 11:46:53 +02:00
echo -e "\n 🛡️ The --generate-cert option requires a domain and email."
2024-07-12 21:43:35 +02:00
usage
fi
2024-07-13 11:46:53 +02:00
echo -e " \n 👀 Checking if Let's Encrypt certificate for domain: $DOMAIN exists... "
2024-07-12 21:43:35 +02:00
RESPONSE = $( curl -s -X GET " $BASE_URL /nginx/certificates " \
-H " Authorization: Bearer $( cat $TOKEN_FILE ) " )
EXISTING_CERT = $( echo " $RESPONSE " | jq -r --arg DOMAIN " $DOMAIN " '.[] | select(.domain_names[] == $DOMAIN)' )
if [ -n " $EXISTING_CERT " ] && ! $FORCE_CERT_CREATION ; then
EXPIRES_ON = $( echo " $EXISTING_CERT " | jq -r '.expires_on' )
echo -e " 🔔 Certificate for $DOMAIN already exists and is valid until $EXPIRES_ON . "
exit 0
fi
2024-07-13 11:46:53 +02:00
echo -e " ⚙️ Generating Let's Encrypt certificate for domain: $DOMAIN ... "
2024-07-12 21:43:35 +02:00
DATA = $( jq -n --arg domain " $DOMAIN " --arg email " $EMAIL " --argjson agree true ' {
provider: "letsencrypt" ,
domain_names: [ $domain ] ,
meta: {
letsencrypt_agree: $agree ,
letsencrypt_email: $email
}
} ' )
2024-07-13 11:46:53 +02:00
echo -e " \n 🔔 Please WAIT until validation !!(or not)!! \n Data being sent: $DATA " # Log the data being sent
2024-07-12 21:43:35 +02:00
HTTP_RESPONSE = $( curl -s -w "HTTPSTATUS:%{http_code}" -X POST " $BASE_URL /nginx/certificates " \
-H " Authorization: Bearer $( cat $TOKEN_FILE ) " \
-H "Content-Type: application/json; charset=UTF-8" \
--data-raw " $DATA " )
HTTP_BODY = $( echo " $HTTP_RESPONSE " | sed -e 's/HTTPSTATUS\:.*//g' )
HTTP_STATUS = $( echo " $HTTP_RESPONSE " | tr -d '\n' | sed -e 's/.*HTTPSTATUS://' )
if [ " $HTTP_STATUS " -eq 201 ] ; then
echo -e " ✅ ${ COLOR_GREEN } Certificate generated successfully! ${ COLOR_RESET } "
else
echo " Data sent: $DATA " # Log the data sent
echo -e " ⛔ ${ COLOR_RED } Failed to generate certificate. HTTP status: $HTTP_STATUS . Response: $HTTP_BODY ${ COLOR_RESET } "
fi
}
2024-07-13 11:46:53 +02:00
# enable_ssl function
2024-07-12 21:43:35 +02:00
enable_ssl( ) {
if [ -z " $HOST_ID " ] ; then
2024-07-13 11:46:53 +02:00
echo -e "\n 🛡️ The --ssl-host-enable option requires a host ID."
2024-07-12 21:43:35 +02:00
usage
fi
2024-07-13 11:46:53 +02:00
echo -e " \n ✅ Enabling SSL, HTTP/2, and HSTS for proxy host ID: $HOST_ID ... "
2024-07-12 21:43:35 +02:00
2024-07-13 11:46:53 +02:00
# Check host details
2024-07-12 21:43:35 +02:00
CHECK_RESPONSE = $( curl -s -X GET " $BASE_URL /nginx/proxy-hosts/ $HOST_ID " \
-H " Authorization: Bearer $( cat $TOKEN_FILE ) " )
CERTIFICATE_ID = $( echo " $CHECK_RESPONSE " | jq -r '.certificate_id' )
2024-07-13 11:46:53 +02:00
DOMAIN_NAMES = $( echo " $CHECK_RESPONSE " | jq -r '.domain_names[]' )
# Check if a Let's Encrypt certificate exists
CERT_EXISTS = $( curl -s -X GET " $BASE_URL /nginx/certificates " \
-H " Authorization: Bearer $( cat $TOKEN_FILE ) " | jq -r --arg domain " $DOMAIN_NAMES " '.[] | select(.provider == "letsencrypt" and .domain_names[] == $domain) | .id' )
if [ -z " $CERT_EXISTS " ] ; then
echo " ⛔ No Let's Encrypt certificate associated with this host. Generating a new certificate..."
generate_certificate
2024-07-12 21:43:35 +02:00
CERTIFICATE_ID = $( curl -s -X GET " $BASE_URL /nginx/certificates " \
2024-07-13 11:46:53 +02:00
-H " Authorization: Bearer $( cat $TOKEN_FILE ) " | jq -r --arg domain " $DOMAIN_NAMES " '.[] | select(.provider == "letsencrypt" and .domain_names[] == $domain) | .id' )
else
echo " ✅ Existing Let's Encrypt certificate found. Using certificate ID: $CERT_EXISTS "
CERTIFICATE_ID = " $CERT_EXISTS "
2024-07-12 21:43:35 +02:00
fi
2024-07-13 11:46:53 +02:00
# Update the host with SSL enabled
DATA = $( jq -n --arg cert_id " $CERTIFICATE_ID " ' {
certificate_id: $cert_id ,
2024-07-12 21:43:35 +02:00
ssl_forced: true,
http2_support: true,
hsts_enabled: true,
2024-07-13 11:46:53 +02:00
hsts_subdomains: false
2024-07-12 21:43:35 +02:00
} ' )
2024-07-13 11:46:53 +02:00
echo -e " \n Data being sent for SSL enablement: $DATA " # Log the data being sent
2024-07-12 21:43:35 +02:00
HTTP_RESPONSE = $( curl -s -w "HTTPSTATUS:%{http_code}" -X PUT " $BASE_URL /nginx/proxy-hosts/ $HOST_ID " \
-H " Authorization: Bearer $( cat $TOKEN_FILE ) " \
-H "Content-Type: application/json; charset=UTF-8" \
--data-raw " $DATA " )
HTTP_BODY = $( echo " $HTTP_RESPONSE " | sed -e 's/HTTPSTATUS\:.*//g' )
HTTP_STATUS = $( echo " $HTTP_RESPONSE " | tr -d '\n' | sed -e 's/.*HTTPSTATUS://' )
if [ " $HTTP_STATUS " -eq 200 ] ; then
2024-07-13 11:46:53 +02:00
echo -e " \n ✅ ${ COLOR_GREEN } SSL, HTTP/2, and HSTS enabled successfully! ${ COLOR_RESET } \n "
2024-07-12 21:43:35 +02:00
else
2024-07-13 11:46:53 +02:00
echo -e " \n 👉Data sent: $DATA " # Log the data sent
echo -e " \n ⛔ ${ COLOR_RED } Failed to enable SSL, HTTP/2, and HSTS. HTTP status: $HTTP_STATUS . Response: $HTTP_BODY ${ COLOR_RESET } \n "
2024-07-12 21:43:35 +02:00
fi
}
2024-07-13 11:46:53 +02:00
2024-07-12 21:43:35 +02:00
# Function to disable SSL for a proxy host
disable_ssl( ) {
if [ -z " $HOST_ID " ] ; then
2024-07-13 11:46:53 +02:00
echo -e "\n 🛡️ The --ssl-host-disable option requires a host ID."
2024-07-12 21:43:35 +02:00
usage
fi
2024-07-13 11:46:53 +02:00
echo -e " \n 🚫 Disabling SSL for proxy host ID: $HOST_ID ... "
2024-07-12 21:43:35 +02:00
CHECK_RESPONSE = $( curl -s -X GET " $BASE_URL /nginx/proxy-hosts/ $HOST_ID " \
-H " Authorization: Bearer $( cat $TOKEN_FILE ) " )
CERTIFICATE_ID = $( echo " $CHECK_RESPONSE " | jq -r '.certificate_id' )
if [ " $CERTIFICATE_ID " != "null" ] ; then
CERTIFICATE_ID = null
fi
DATA = $( jq -n --argjson cert_id " $CERTIFICATE_ID " ' {
letsencrypt_agree: false,
dns_challenge: false,
allow_websocket_upgrade: 0,
http2_support: 0,
hsts_enabled: 0,
hsts_subdomains: 0,
ssl_forced: 0,
certificate_id: $cert_id
} ' )
HTTP_RESPONSE = $( curl -s -w "HTTPSTATUS:%{http_code}" -X PUT " $BASE_URL /nginx/proxy-hosts/ $HOST_ID " \
-H " Authorization: Bearer $( cat $TOKEN_FILE ) " \
-H "Content-Type: application/json; charset=UTF-8" \
--data-raw " $DATA " )
HTTP_BODY = $( echo " $HTTP_RESPONSE " | sed -e 's/HTTPSTATUS\:.*//g' )
HTTP_STATUS = $( echo " $HTTP_RESPONSE " | tr -d '\n' | sed -e 's/.*HTTPSTATUS://' )
if [ " $HTTP_STATUS " -eq 200 ] ; then
echo -e " ✅ ${ COLOR_GREEN } SSL disabled successfully! ${ COLOR_RESET } "
else
echo " Data sent: $DATA " # Log the data sent
echo -e " ⛔ ${ COLOR_RED } Failed to disable SSL. HTTP status: $HTTP_STATUS . Response: $HTTP_BODY ${ COLOR_RESET } "
fi
}
# Function to show full details for a specific host by ID
show_host( ) {
if [ -z " $HOST_ID " ] ; then
2024-07-13 11:46:53 +02:00
echo -e "\n ⛔ The --show-host option requires a host ID."
2024-07-12 21:43:35 +02:00
usage
fi
echo -e " \n ${ COLOR_ORANGE } 👉 Full details for proxy host ID: $HOST_ID ... ${ COLOR_RESET } \n "
RESPONSE = $( curl -s -X GET " $BASE_URL /nginx/proxy-hosts/ $HOST_ID " \
-H " Authorization: Bearer $( cat $TOKEN_FILE ) " )
echo " $RESPONSE " | jq .
}
# Display default settings for creating hosts
show_default( ) {
2024-07-13 11:46:53 +02:00
echo -e " \n ⭐ ${ COLOR_YELLOW } Default settings Token: ${ COLOR_RESET } "
echo -e " - TOKEN_EXPIRY: ${ COLOR_ORANGE } ${ TOKEN_EXPIRY } ${ COLOR_RESET } "
echo -e " \n ⭐ ${ COLOR_YELLOW } Default settings for creating hosts (change according to your needs): ${ COLOR_RESET } "
2024-07-12 21:43:35 +02:00
echo -e " - FORWARD_SCHEME: ${ COLOR_ORANGE } ${ FORWARD_SCHEME } ${ COLOR_RESET } "
echo -e " - SSL_FORCED: ${ COLOR_ORANGE } ${ SSL_FORCED } ${ COLOR_RESET } "
echo -e " - CACHING_ENABLED: ${ COLOR_ORANGE } ${ CACHING_ENABLED } ${ COLOR_RESET } "
echo -e " - BLOCK_EXPLOITS: ${ COLOR_ORANGE } ${ BLOCK_EXPLOITS } ${ COLOR_RESET } "
echo -e " - ALLOW_WEBSOCKET_UPGRADE: ${ COLOR_ORANGE } ${ ALLOW_WEBSOCKET_UPGRADE } ${ COLOR_RESET } "
echo -e " - HTTP2_SUPPORT: ${ COLOR_ORANGE } ${ HTTP2_SUPPORT } ${ COLOR_RESET } "
echo -e " - HSTS_ENABLED: ${ COLOR_ORANGE } ${ HSTS_ENABLED } ${ COLOR_RESET } "
echo -e " - HSTS_SUBDOMAINS: ${ COLOR_ORANGE } ${ HSTS_SUBDOMAINS } ${ COLOR_RESET } "
echo
exit 0
}
2024-07-12 13:07:09 +02:00
# Perform a full backup of all configurations
full_backup( ) {
mkdir -p " $BACKUP_DIR "
# Backup proxy hosts
RESPONSE = $( curl -s -X GET " $BASE_URL /nginx/proxy-hosts " \
-H " Authorization: Bearer $( cat $TOKEN_FILE ) " )
echo " $RESPONSE " | jq '.' > " $BACKUP_DIR /proxy_hosts_ ${ NGINX_IP //./_ } _ $DATE .json "
# Backup users
RESPONSE = $( curl -s -X GET " $BASE_URL /users " \
-H " Authorization: Bearer $( cat $TOKEN_FILE ) " )
echo " $RESPONSE " | jq '.' > " $BACKUP_DIR /users_ ${ NGINX_IP //./_ } _ $DATE .json "
# Backup SSL certificates
RESPONSE = $( curl -s -X GET " $BASE_URL /nginx/certificates " \
-H " Authorization: Bearer $( cat $TOKEN_FILE ) " )
echo " $RESPONSE " | jq '.' > " $BACKUP_DIR /ssl_certificates_ ${ NGINX_IP //./_ } _ $DATE .json "
# Backup access lists
RESPONSE = $( curl -s -X GET " $BASE_URL /nginx/access-lists " \
-H " Authorization: Bearer $( cat $TOKEN_FILE ) " )
echo " $RESPONSE " | jq '.' > " $BACKUP_DIR /access_lists_ ${ NGINX_IP //./_ } _ $DATE .json "
# Backup settings
RESPONSE = $( curl -s -X GET " $BASE_URL /nginx/settings " \
-H " Authorization: Bearer $( cat $TOKEN_FILE ) " )
echo " $RESPONSE " | jq '.' > " $BACKUP_DIR /settings_ ${ NGINX_IP //./_ } _ $DATE .json "
2024-07-12 21:43:35 +02:00
echo -e " ✅ ${ COLOR_GREEN } Full backup completed successfully in 📂 ' $BACKUP_DIR ' ${ COLOR_RESET } "
2024-07-12 13:07:09 +02:00
}
2024-07-12 21:43:35 +02:00
# Main logic
2024-07-10 14:03:57 +02:00
if [ " $CREATE_USER " = true ] ; then
create_user
elif [ " $DELETE_USER " = true ] ; then
delete_user
elif [ " $DELETE_HOST " = true ] ; then
delete_proxy_host
elif [ " $LIST_HOSTS " = true ] ; then
list_proxy_hosts
elif [ " $LIST_HOSTS_FULL " = true ] ; then
list_proxy_hosts_full
2024-07-12 21:43:35 +02:00
elif [ " $SHOW_HOST " = true ] ; then
show_host
2024-07-10 14:03:57 +02:00
elif [ " $LIST_SSL_CERTIFICATES " = true ] ; then
list_ssl_certificates
elif [ " $LIST_USERS " = true ] ; then
list_users
elif [ " $SEARCH_HOST " = true ] ; then
search_proxy_host
2024-07-11 11:50:09 +02:00
elif [ " $ENABLE_HOST " = true ] ; then
enable_proxy_host
elif [ " $DISABLE_HOST " = true ] ; then
disable_proxy_host
2024-07-12 13:07:09 +02:00
elif [ " $CHECK_TOKEN " = true ] ; then
validate_token
elif [ " $BACKUP " = true ] ; then
full_backup
2024-07-12 21:43:35 +02:00
elif [ " $GENERATE_CERT " = true ] ; then
generate_certificate
elif [ " $ENABLE_SSL " = true ] ; then
enable_ssl
elif [ " $DISABLE_SSL " = true ] ; then
disable_ssl
elif [ " $SHOW_DEFAULT " = true ] ; then
show_default
2024-07-10 14:03:57 +02:00
else
2024-07-10 20:46:54 +02:00
create_or_update_proxy_host
2024-07-13 12:31:45 +02:00
fi