From 4eabf7ab7d7172b66c1c1a52ccedc9547fb96fe7 Mon Sep 17 00:00:00 2001 From: Erreur32 Date: Fri, 12 Jul 2024 21:43:35 +0200 Subject: [PATCH] Add --generate-cert --show-default + optimize --backup --- nginx_proxy_manager_cli.sh | 462 +++++++++++++++++++++++++++---------- 1 file changed, 339 insertions(+), 123 deletions(-) diff --git a/nginx_proxy_manager_cli.sh b/nginx_proxy_manager_cli.sh index 92b3393..96fa4b3 100755 --- a/nginx_proxy_manager_cli.sh +++ b/nginx_proxy_manager_cli.sh @@ -11,44 +11,49 @@ # ./nginx_proxy_manager_cli.sh [OPTIONS] # # Examples: -# ./nginx_proxy_manager_cli.sh -d example.com -i 192.168.1.10 -p 8080 -s true +# Backup Frist ! +# ./nginx_proxy_manager_cli.sh --backup +# +# ./nginx_proxy_manager_cli.sh -d example.com -i 192.168.1.10 -p 8080 (check default values below) +# ./nginx_proxy_manager_cli.sh --show-default # ./nginx_proxy_manager_cli.sh --create-user newuser password123 user@example.com # ./nginx_proxy_manager_cli.sh --delete-user 'username' # ./nginx_proxy_manager_cli.sh --list-hosts -# ./nginx_proxy_manager_cli.sh --backup + +# ./nginx_proxy_manager_cli.sh --generate-cert example.com user@example.com +# ./nginx_proxy_manager_cli.sh --ssl-host-enable 1 # # Advanced proxy tab example: # ./nginx_proxy_manager_cli.sh -d example.com -i 192.168.1.10 -p 8080 -a 'proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;' # # Options: -# -d DOMAIN_NAMES Domain name (required for creating/updating hosts) -# -i FORWARD_HOST IP address or domain name of the target server (required for creating/updating hosts) -# -p FORWARD_PORT Port of the target server (required for creating/updating hosts) -# -f FORWARD_SCHEME Scheme for forwarding (http/https, default: http) -# -s SSL_FORCED Force SSL (true/false, default: false) -# -c CACHING_ENABLED Enable caching (true/false, default: false) -# -b BLOCK_EXPLOITS Block exploits (true/false, default: true) -# -w ALLOW_WEBSOCKET_UPGRADE Allow WebSocket upgrade (true/false, default: true) -# -h HTTP2_SUPPORT Support HTTP/2 (true/false, default: true) -# -a ADVANCED_CONFIG Advanced configuration (block of configuration settings) -# -e LETS_ENCRYPT_AGREE Accept Let's Encrypt (true/false, default: false) -# -m LETS_ENCRYPT_EMAIL Email for Let's Encrypt (required if LETS_ENCRYPT_AGREE is true) -# -n DNS_CHALLENGE DNS challenge (true/false, default: false) -# -t TOKEN_EXPIRY Token expiry duration (default: 1y) -# --create-user user pass Create a user with a username and password -# --delete-user username Delete a user by username -# --delete-host id Delete a proxy host by ID -# --list-hosts List the names of all proxy hosts -# --list-hosts-full List all proxy hosts with full details -# --list-ssl-certificates List all SSL certificates -# --list-users List all users -# --search-host hostname Search for a proxy host by domain name -# --enable-host id Enable a proxy host by ID -# --disable-host id Disable a proxy host by ID -# --check-token Check if the current token is valid -# --backup Backup all configurations to a file -# --help Display this help - +# -d DOMAIN_NAMES Domain name (required for creating/updating hosts) +# -i FORWARD_HOST IP address or domain name of the target server (required for creating/updating hosts) +# -p FORWARD_PORT Port of the target server (required for creating/updating hosts) +# -f FORWARD_SCHEME Scheme for forwarding (http/https, default: http) +# -c CACHING_ENABLED Enable caching (true/false, default: false) +# -b BLOCK_EXPLOITS Block exploits (true/false, default: true) +# -w ALLOW_WEBSOCKET_UPGRADE Allow WebSocket upgrade (true/false, default: true) +# -a ADVANCED_CONFIG Advanced configuration (block of configuration settings) +# -t TOKEN_EXPIRY Token expiry duration (default: 1y) +# --backup Backup all configurations to a file +# --check-token Check if the current token is valid +# --create-user user pass email Create a user with a username, password and email +# --delete-user username Delete a user by username +# --delete-host id Delete a proxy host by ID +# --show-host id Show full details for a specific host by ID +# --show-default Show default settings for creating hosts +# --list-hosts List the names of all proxy hosts +# --list-hosts-full List all proxy hosts with full details +# --list-ssl-certificates List all SSL certificates +# --list-users List all users +# --search-host hostname Search for a proxy host by domain name +# --enable-host id Enable a proxy host by ID +# --disable-host id Disable a proxy host by ID +# --generate-cert domain email Generate a Let's Encrypt certificate for the given domain and email +# --ssl-host-enable id Enable SSL, HTTP/2, and HSTS for a proxy host (need --generate-cert first) +# --ssl-host-disable id Disable SSL, HTTP/2, and HSTS for a proxy host +# --help Display this help ################################ # Variables to Edit (required) # @@ -59,22 +64,13 @@ NGINX_IP="127.0.0.1" API_USER="user@nginx" API_PASS="pass nginx" - ################################# -# Variables to Edit (optionnal) # +# Variables to Edit (optional) # ################################# +# Will create backup directory automatically BACKUP_DIR="./backups" DATE=$(date +"%Y%m%d%H%M%S") -BACKUP_FILE="$BACKUP_DIR/backup_${NGINX_IP//./_}_$DATE.json" - -# Colors -COLOR_GREEN="\033[32m" -COLOR_RED="\033[41;1m" -COLOR_ORANGE="\033[38;5;202m" -COLOR_YELLOW="\033[93m" -COLOR_RESET="\033[0m" -WHITE_ON_GREEN="\033[97m\033[42m" # API Endpoints BASE_URL="http://$NGINX_IP:81/api" @@ -84,16 +80,18 @@ TOKEN_FILE="token_${NGINX_IP}.txt" TOKEN_EXPIRY="1y" # Default variables -SSL_FORCED=false CACHING_ENABLED=false BLOCK_EXPLOITS=true -ALLOW_WEBSOCKET_UPGRADE=true -HTTP2_SUPPORT=true +ALLOW_WEBSOCKET_UPGRADE=1 +HTTP2_SUPPORT=0 ADVANCED_CONFIG="" LETS_ENCRYPT_AGREE=false LETS_ENCRYPT_EMAIL="" -DNS_CHALLENGE=false FORWARD_SCHEME="http" +FORCE_CERT_CREATION=false +SSL_FORCED=0 +HSTS_ENABLED=0 +HSTS_SUBDOMAINS=0 # Control variables CREATE_USER=false @@ -108,12 +106,26 @@ ENABLE_HOST=false DISABLE_HOST=false CHECK_TOKEN=false BACKUP=false +GENERATE_CERT=false +ENABLE_SSL=false +DISABLE_SSL=false +SHOW_HOST=false +SHOW_DEFAULT=false + +# Colors +COLOR_GREEN="\033[32m" +COLOR_RED="\033[41;1m" +COLOR_ORANGE="\033[38;5;202m" +COLOR_YELLOW="\033[93m" +COLOR_RESET="\033[0m" +WHITE_ON_GREEN="\033[30;48;5;83m" +#WHITE_ON_GREEN="\033[97m\033[42m" # Check if necessary dependencies are installed check_dependencies() { local dependencies=("curl" "jq") for dep in "${dependencies[@]}"; do - if ! command -v $dep &> /dev/null; then + if ! command -v "$dep" &> /dev/null; then echo -e "${COLOR_RED}Dependency $dep is not installed. Please install it before running this script.${COLOR_RESET}" exit 1 fi @@ -124,47 +136,53 @@ check_dependencies # Display help usage() { - echo -e "\n${COLOR_YELLOW}Usage: $0 -d domain -i ip -p port [-f forward_scheme] [-s ssl_forced] [-c caching_enabled] [-b block_exploits] [-w allow_websocket_upgrade] [-h http2_support] [-a advanced_config] [-e lets_encrypt_agree] [-m lets_encrypt_email] [-n dns_challenge] [-t token_expiry] [--create-user username password] [--delete-user username] [--delete-host id] [--list-hosts] [--list-hosts-full] [--list-ssl-certificates] [--list-users] [--search-host hostname] [--enable-host id] [--disable-host id] [--check-token] [--backup] [--help]${COLOR_RESET}" + echo -e "\n${COLOR_YELLOW}Usage: $0 -d domain -i ip -p port [-f forward_scheme] [-c caching_enabled] [-b block_exploits] [-w allow_websocket_upgrade] [-a advanced_config] [-t token_expiry] [--create-user username password email] [--delete-user username] [--delete-host id] [--list-hosts] [--list-hosts-full] [--list-ssl-certificates] [--list-users] [--search-host hostname] [--enable-host id] [--disable-host id] [--check-token] [--backup] [--generate-cert domain email] [--ssl-host-enable id] [--ssl-host-disable id] [--show-host id] [--show-default] [--help]${COLOR_RESET}" echo "" echo -e "Examples:" - echo -e " Backup First before do anything ;)" + echo -e "\n Backup First before do anything ;)" echo -e " ./nginx_proxy_manager_cli.sh --backup" - echo -e " Host Creation" - echo -e " ./nginx_proxy_manager_cli.sh -d example.com -i 192.168.1.10 -p 8080 -s true" - echo -e " ./nginx_proxy_manager_cli.sh --create-user newuser password123" - echo -e " ./nginx_proxy_manager_cli.sh --delete-user 'username'" + echo -e "\n Host Creation" + echo -e " ./nginx_proxy_manager_cli.sh --show-default" + echo -e " ./nginx_proxy_manager_cli.sh -d example.com -i 192.168.1.10 -p 8080" echo -e " ./nginx_proxy_manager_cli.sh --list-hosts" - echo -e " Advanced example:" - echo -e " ./nginx_proxy_manager_cli.sh -d example.com -i 192.168.1.10 -p 8080 -a 'proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;'" - echo "" + echo -e " ./nginx_proxy_manager_cli.sh --show-host id" + echo -e "\n User Creation" + echo -e " ./nginx_proxy_manager_cli.sh --create-user newuser password123 user@example.com" + echo -e " ./nginx_proxy_manager_cli.sh --delete-user 'username'" + + echo -e "\n Advanced example:" + echo -e " ./nginx_proxy_manager_cli.sh -d example.com -i 192.168.1.10 -p 8080 -a 'proxy_set_header X-Real-IP \$remote_addr; proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;'" + echo -e " ./nginx_proxy_manager_cli.sh --generate-cert example.com user@example.com" + echo -e " ./nginx_proxy_manager_cli.sh --ssl-host-enable 1 (Must have generated a cert before !! --generate-cert)" + echo -e "" echo -e "Options:" - echo -e " -d ${COLOR_ORANGE}DOMAIN_NAMES${COLOR_RESET} Domain name (${COLOR_RED}required${COLOR_RESET})" - echo -e " -i ${COLOR_ORANGE}FORWARD_HOST${COLOR_RESET} IP address or domain name of the target server (${COLOR_RED}required${COLOR_RESET})" - echo -e " -p ${COLOR_ORANGE}FORWARD_PORT${COLOR_RESET} Port of the target server (${COLOR_RED}required${COLOR_RESET})" - echo -e " -f FORWARD_SCHEME Scheme for forwarding (http/https, default: http)" - echo -e " -s SSL_FORCED Force SSL (true/false, default: $(colorize_boolean $SSL_FORCED))" - echo -e " -c CACHING_ENABLED Enable caching (true/false, default: $(colorize_boolean $CACHING_ENABLED))" - echo -e " -b BLOCK_EXPLOITS Block exploits (true/false, default: $(colorize_boolean $BLOCK_EXPLOITS))" - echo -e " -w ALLOW_WEBSOCKET_UPGRADE Allow WebSocket upgrade (true/false, default: $(colorize_boolean $ALLOW_WEBSOCKET_UPGRADE))" - echo -e " -h HTTP2_SUPPORT Support HTTP/2 (true/false, default: $(colorize_boolean $HTTP2_SUPPORT))" - echo -e " -a ADVANCED_CONFIG Advanced configuration (string)" - echo -e " -e LETS_ENCRYPT_AGREE Accept Let's Encrypt (true/false, default: $(colorize_boolean $LETS_ENCRYPT_AGREE))" - echo -e " -m LETS_ENCRYPT_EMAIL Email for Let's Encrypt (${COLOR_ORANGE}required${COLOR_RESET} if LETS_ENCRYPT_AGREE is true)" - echo -e " -n DNS_CHALLENGE DNS challenge (true/false, default: $(colorize_boolean $DNS_CHALLENGE))" - echo -e " -t TOKEN_EXPIRY Token expiry duration (default: ${COLOR_YELLOW}1y${COLOR_RESET})" - echo -e " --create-user user pass Create a user with a username and password" - echo -e " --delete-user username Delete a user by username" - echo -e " --delete-host id Delete a proxy host by ID" - echo -e " --list-hosts List the names of all proxy hosts" - echo -e " --list-hosts-full List all proxy hosts with full details" - echo -e " --list-ssl-certificates List all SSL certificates" - echo -e " --list-users List all users" - echo -e " --search-host hostname Search for a proxy host by domain name" - echo -e " --enable-host id Enable a proxy host by ID" - echo -e " --disable-host id Disable a proxy host by ID" - echo -e " --check-token Check if the current token is valid" - echo -e " --backup Backup all configurations to a file" - echo -e " --help Display this help" + echo -e " -d ${COLOR_ORANGE}DOMAIN_NAMES${COLOR_RESET} Domain name (${COLOR_RED}required${COLOR_RESET})" + echo -e " -i ${COLOR_ORANGE}FORWARD_HOST${COLOR_RESET} IP address or domain name of the target server (${COLOR_RED}required${COLOR_RESET})" + echo -e " -p ${COLOR_ORANGE}FORWARD_PORT${COLOR_RESET} Port of the target server (${COLOR_RED}required${COLOR_RESET})" + echo -e " -f FORWARD_SCHEME Scheme for forwarding (http/https, default: http)" + echo -e " -c CACHING_ENABLED Enable caching (true/false, default: $(colorize_boolean $CACHING_ENABLED))" + echo -e " -b BLOCK_EXPLOITS Block exploits (true/false, default: $(colorize_boolean $BLOCK_EXPLOITS))" + echo -e " -w ALLOW_WEBSOCKET_UPGRADE Allow WebSocket upgrade (true/false, default: $(colorize_boolean $ALLOW_WEBSOCKET_UPGRADE))" + echo -e " -a ADVANCED_CONFIG Advanced configuration (string)" + echo -e " -t TOKEN_EXPIRY Token expiry duration (default: ${COLOR_YELLOW}1y${COLOR_RESET})" + echo -e " --backup Backup all configurations to a file" + echo -e " --check-token Check if the current token is valid" + echo -e " --create-user user pass email Create a user with a username, password and email" + echo -e " --delete-user username Delete a user by username" + echo -e " --delete-host id Delete a proxy host by ID" + echo -e " --show-default Show default settings for creating hosts" + echo -e " --show-host id Show full details for a specific host by ID" + echo -e " --list-hosts List the names of all proxy hosts" + echo -e " --list-hosts-full List all proxy hosts with full details" + echo -e " --list-ssl-certificates List all SSL certificates" + echo -e " --list-users List all users" + echo -e " --search-host hostname Search for a proxy host by domain name" + echo -e " --enable-host id Enable a proxy host by ID" + echo -e " --disable-host id Disable a proxy host by ID" + echo -e " --generate-cert domain email Generate a Let's Encrypt certificate for the given domain and email" + echo -e " --ssl-host-enable id Enable SSL, HTTP/2, and HSTS for a proxy host" + echo -e " --ssl-host-disable id Disable SSL, HTTP/2, and HSTS for a proxy host" + echo -e " --help Display this help" echo exit 0 } @@ -180,21 +198,16 @@ colorize_boolean() { } # Parse options -while getopts "d:i:p:f:s:c:b:w:h:a:e:m:n:t:-:" opt; do +while getopts "d:i:p:f:c:b:w:a:t:-:" opt; do case $opt in d) DOMAIN_NAMES="$OPTARG" ;; i) FORWARD_HOST="$OPTARG" ;; p) FORWARD_PORT="$OPTARG" ;; f) FORWARD_SCHEME="$OPTARG" ;; - s) SSL_FORCED="$OPTARG" ;; c) CACHING_ENABLED="$OPTARG" ;; b) BLOCK_EXPLOITS="$OPTARG" ;; w) ALLOW_WEBSOCKET_UPGRADE="$OPTARG" ;; - h) HTTP2_SUPPORT="$OPTARG" ;; a) ADVANCED_CONFIG="$OPTARG" ;; - e) LETS_ENCRYPT_AGREE="$OPTARG" ;; - m) LETS_ENCRYPT_EMAIL="$OPTARG" ;; - n) DNS_CHALLENGE="$OPTARG" ;; t) TOKEN_EXPIRY="$OPTARG" ;; -) case "${OPTARG}" in @@ -231,6 +244,29 @@ while getopts "d:i:p:f:s:c:b:w:h:a:e:m:n:t:-:" opt; do ;; check-token) CHECK_TOKEN=true ;; backup) BACKUP=true ;; + generate-cert) + GENERATE_CERT=true + DOMAIN="${!OPTIND}"; shift + EMAIL="${!OPTIND}"; shift + ;; + ssl-host-enable) + ENABLE_SSL=true + HOST_ID="${!OPTIND}"; shift + ;; + ssl-host-disable) + DISABLE_SSL=true + HOST_ID="${!OPTIND}"; shift + ;; + show-default) + SHOW_DEFAULT=true + ;; + show-host) + SHOW_HOST=true + HOST_ID="${!OPTIND}"; shift + ;; + force-cert-creation) + FORCE_CERT_CREATION=true + ;; *) echo "Unknown option --${OPTARG}" ; usage ;; esac ;; *) usage ;; @@ -263,12 +299,12 @@ generate_token() { -H "Content-Type: application/json; charset=UTF-8" \ --data-raw "{\"identity\":\"$API_USER\",\"secret\":\"$API_PASS\",\"expiry\":\"$TOKEN_EXPIRY\"}") - token=$(echo $response | jq -r '.token') - expires=$(echo $response | jq -r '.expires') + token=$(echo "$response" | jq -r '.token') + expires=$(echo "$response" | jq -r '.expires') if [ "$token" != "null" ]; then - echo $token > $TOKEN_FILE - echo $expires > $EXPIRY_FILE + echo "$token" > $TOKEN_FILE + echo "$expires" > $EXPIRY_FILE echo "Token: $token" echo "Expiry: $expires" else @@ -289,10 +325,10 @@ validate_token() { current_time=$(date -u +"%Y-%m-%dT%H:%M:%SZ") if [[ "$current_time" < "$expires" ]]; then - echo -e " ${COLOR_GREEN}The token is valid. Expiry: $expires${COLOR_RESET}" + echo -e " ✅ ${COLOR_GREEN}The token is valid. Expiry: $expires${COLOR_RESET}" return 0 else - echo -e " ${COLOR_RED}The token is invalid. Expiry: $expires${COLOR_RESET}" + echo -e " ⛔ ${COLOR_RED}The token is invalid. Expiry: $expires${COLOR_RESET}" return 1 fi } @@ -318,7 +354,7 @@ check_existing_proxy_host() { read -p " Do you want to update it with the new configuration? (y/n): " -r if [[ $REPLY =~ ^[Yy]$ ]]; then HOST_ID=$(echo "$EXISTING_HOST" | jq -r '.id') - update_proxy_host $HOST_ID + update_proxy_host "$HOST_ID" else echo -e "${COLOR_RESET} No changes made." exit 0 @@ -346,16 +382,14 @@ update_proxy_host() { "block_exploits": %s, "advanced_config": "%s", "meta": { - "letsencrypt_agree": %s, - "dns_challenge": %s, - "letsencrypt_email": "%s" + "dns_challenge": %s }, "allow_websocket_upgrade": %s, "http2_support": %s, "forward_scheme": "%s", "enabled": true, "locations": [] -}' "$DOMAIN_NAMES" "$FORWARD_HOST" "$FORWARD_PORT" "$SSL_FORCED" "$CACHING_ENABLED" "$BLOCK_EXPLOITS" "$ADVANCED_CONFIG_ESCAPED" "$LETS_ENCRYPT_AGREE" "$DNS_CHALLENGE" "$LETS_ENCRYPT_EMAIL" "$ALLOW_WEBSOCKET_UPGRADE" "$HTTP2_SUPPORT" "$FORWARD_SCHEME") +}' "$DOMAIN_NAMES" "$FORWARD_HOST" "$FORWARD_PORT" "$SSL_FORCED" "$CACHING_ENABLED" "$BLOCK_EXPLOITS" "$ADVANCED_CONFIG_ESCAPED" "$DNS_CHALLENGE" "$ALLOW_WEBSOCKET_UPGRADE" "$HTTP2_SUPPORT" "$FORWARD_SCHEME") echo -e "Request Data: $DATA" @@ -372,7 +406,7 @@ update_proxy_host() { echo -e "Response: $RESPONSE" - if [ $(echo "$RESPONSE" | jq -r '.error | length') -eq 0 ]; then + if [ "$(echo "$RESPONSE" | jq -r '.error | length')" -eq 0 ]; then echo -e " ✅ ${COLOR_GREEN}Proxy host updated successfully!${COLOR_RESET} " else echo -e " ⛔ ${COLOR_RED}Failed to update proxy host. Error: $(echo "$RESPONSE" | jq -r '.message')${COLOR_RESET}" @@ -388,14 +422,12 @@ create_new_proxy_host() { "forward_port": '"$FORWARD_PORT"', "access_list_id": null, "certificate_id": null, - "ssl_forced": '"$SSL_FORCED"', + "ssl_forced": false, "caching_enabled": '"$CACHING_ENABLED"', "block_exploits": '"$BLOCK_EXPLOITS"', "advanced_config": "'"$ADVANCED_CONFIG"'", "meta": { - "letsencrypt_agree": '"$LETS_ENCRYPT_AGREE"', - "dns_challenge": '"$DNS_CHALLENGE"', - "letsencrypt_email": "'"$LETS_ENCRYPT_EMAIL"'" + "dns_challenge": '"$DNS_CHALLENGE"' }, "allow_websocket_upgrade": '"$ALLOW_WEBSOCKET_UPGRADE"', "http2_support": '"$HTTP2_SUPPORT"', @@ -408,7 +440,7 @@ create_new_proxy_host() { -H "Authorization: Bearer $(cat $TOKEN_FILE)" \ -H "Content-Type: application/json; charset=UTF-8" \ --data-raw "$DATA") - if [ $(echo "$RESPONSE" | jq -r '.error | length') -eq 0 ]; then + if [ "$(echo "$RESPONSE" | jq -r '.error | length')" -eq 0 ]; then echo -e " ✅ ${COLOR_GREEN}Proxy host created successfully!${COLOR_RESET}" else echo -e " ⛔ ${COLOR_RED}Failed to create proxy host. Error: $(echo "$RESPONSE" | jq -r '.message')${COLOR_RESET}" @@ -418,11 +450,7 @@ create_new_proxy_host() { # Create or update a proxy host based on the existence of the domain create_or_update_proxy_host() { if [ -z "$DOMAIN_NAMES" ] || [ -z "$FORWARD_HOST" ] || [ -z "$FORWARD_PORT" ]; then - echo "The -d, -i, and -p options are required to create or update a proxy host." - usage - fi - if $LETS_ENCRYPT_AGREE && [ -z "$LETS_ENCRYPT_EMAIL" ]; then - echo "The -m option is required when -e is true." + echo " The -d, -i, and -p options are required to create or update a proxy host." usage fi @@ -432,10 +460,10 @@ create_or_update_proxy_host() { # Delete a proxy host by ID delete_proxy_host() { if [ -z "$HOST_ID" ]; then - echo "The --delete-host option requires a host ID." + echo " The --delete-host option requires a host ID." usage fi - echo "Deleting proxy host ID: $HOST_ID..." + echo " Deleting proxy host ID: $HOST_ID..." RESPONSE=$(curl -s -X DELETE "$BASE_URL/nginx/proxy-hosts/$HOST_ID" \ -H "Authorization: Bearer $(cat $TOKEN_FILE)") @@ -447,7 +475,6 @@ delete_proxy_host() { fi } - # List all proxy hosts with basic details list_proxy_hosts() { echo -e "\n${COLOR_ORANGE} 👉 List of proxy hosts (simple)${COLOR_RESET}" @@ -476,10 +503,23 @@ list_proxy_hosts_full() { done } +# Show full details for a specific host by ID +show_host() { + if [ -z "$HOST_ID" ]; then + echo " The --show-host option requires a host ID." + usage + fi + echo -e "\n${COLOR_ORANGE} 👉 Full details for proxy host ID: $HOST_ID...${COLOR_RESET}\n" + RESPONSE=$(curl -s -X GET "$BASE_URL/nginx/proxy-hosts/$HOST_ID" \ + -H "Authorization: Bearer $(cat $TOKEN_FILE)") + + echo "$RESPONSE" | jq . +} + # Search for a proxy host by domain name search_proxy_host() { if [ -z "$SEARCH_HOSTNAME" ]; then - echo "The --search-host option requires a domain name." + echo " The --search-host option requires a domain name." usage fi echo -e "\nSearching for proxy host for $SEARCH_HOSTNAME..." @@ -513,10 +553,10 @@ list_users() { # Create a new user create_user() { if [ -z "$USERNAME" ] || [ -z "$PASSWORD" ] || [ -z "$EMAIL" ]; then - echo "The username, password, and email parameters are required to create a user." + echo " The username, password, and email parameters are required to create a user." usage fi - echo "Creating user $USERNAME..." + echo " Creating user $USERNAME..." DATA=$(jq -n --arg username "$USERNAME" --arg password "$PASSWORD" --arg email "$EMAIL" --arg name "$USERNAME" --arg nickname "$USERNAME" --arg secret "$PASSWORD" '{ name: $name, @@ -551,10 +591,10 @@ create_user() { # Delete a user by username delete_user() { if [ -z "$USERNAME" ]; then - echo "The --delete-user option requires a username." + echo " The --delete-user option requires a username." usage fi - echo "Deleting user $USERNAME..." + echo " Deleting user $USERNAME..." # Fetch the user ID based on the username USER_ID=$(curl -s -X GET "$BASE_URL/users" \ @@ -580,10 +620,10 @@ delete_user() { # Enable a proxy host by ID enable_proxy_host() { if [ -z "$HOST_ID" ]; then - echo "The --enable-host option requires a host ID." + echo " The --enable-host option requires a host ID." usage fi - echo "Enabling proxy host ID: $HOST_ID..." + echo " Enabling proxy host ID: $HOST_ID..." # Check if the proxy host exists before enabling CHECK_RESPONSE=$(curl -s -X GET "$BASE_URL/nginx/proxy-hosts/$HOST_ID" \ @@ -615,10 +655,10 @@ enable_proxy_host() { # Disable a proxy host by ID disable_proxy_host() { if [ -z "$HOST_ID" ]; then - echo "The --disable-host option requires a host ID." + echo " The --disable-host option requires a host ID." usage fi - echo "Disabling proxy host ID: $HOST_ID..." + echo " Disabling proxy host ID: $HOST_ID..." # Check if the proxy host exists before disabling CHECK_RESPONSE=$(curl -s -X GET "$BASE_URL/nginx/proxy-hosts/$HOST_ID" \ @@ -647,6 +687,171 @@ disable_proxy_host() { fi } +# Generate Let's Encrypt certificate if not exists +generate_certificate() { + if [ -z "$DOMAIN" ] || [ -z "$EMAIL" ]; then + echo " The --generate-cert option requires a domain and email." + usage + fi + echo " Checking if Let's Encrypt certificate for domain: $DOMAIN exists..." + + RESPONSE=$(curl -s -X GET "$BASE_URL/nginx/certificates" \ + -H "Authorization: Bearer $(cat $TOKEN_FILE)") + + EXISTING_CERT=$(echo "$RESPONSE" | jq -r --arg DOMAIN "$DOMAIN" '.[] | select(.domain_names[] == $DOMAIN)') + + if [ -n "$EXISTING_CERT" ] && ! $FORCE_CERT_CREATION; then + EXPIRES_ON=$(echo "$EXISTING_CERT" | jq -r '.expires_on') + echo -e " 🔔 Certificate for $DOMAIN already exists and is valid until $EXPIRES_ON." + exit 0 + fi + + echo " Generating Let's Encrypt certificate for domain: $DOMAIN..." + + DATA=$(jq -n --arg domain "$DOMAIN" --arg email "$EMAIL" --argjson agree true '{ + provider: "letsencrypt", + domain_names: [$domain], + meta: { + letsencrypt_agree: $agree, + letsencrypt_email: $email + } + }') + + echo -e " Please WAIT until validation or not!! \n Data being sent: $DATA" # Log the data being sent + + HTTP_RESPONSE=$(curl -s -w "HTTPSTATUS:%{http_code}" -X POST "$BASE_URL/nginx/certificates" \ + -H "Authorization: Bearer $(cat $TOKEN_FILE)" \ + -H "Content-Type: application/json; charset=UTF-8" \ + --data-raw "$DATA") + + HTTP_BODY=$(echo "$HTTP_RESPONSE" | sed -e 's/HTTPSTATUS\:.*//g') + HTTP_STATUS=$(echo "$HTTP_RESPONSE" | tr -d '\n' | sed -e 's/.*HTTPSTATUS://') + + if [ "$HTTP_STATUS" -eq 201 ]; then + echo -e " ✅ ${COLOR_GREEN}Certificate generated successfully!${COLOR_RESET}" + else + echo " Data sent: $DATA" # Log the data sent + echo -e " ⛔ ${COLOR_RED}Failed to generate certificate. HTTP status: $HTTP_STATUS. Response: $HTTP_BODY${COLOR_RESET}" + fi +} + +# Enable SSL, HTTP/2, and HSTS for a proxy host +enable_ssl() { + if [ -z "$HOST_ID" ]; then + echo " The --ssl-host-enable option requires a host ID." + usage + fi + echo " Enabling SSL, HTTP/2, and HSTS for proxy host ID: $HOST_ID..." + + CHECK_RESPONSE=$(curl -s -X GET "$BASE_URL/nginx/proxy-hosts/$HOST_ID" \ + -H "Authorization: Bearer $(cat $TOKEN_FILE)") + + CERTIFICATE_ID=$(echo "$CHECK_RESPONSE" | jq -r '.certificate_id') + if [ "$CERTIFICATE_ID" == "null" ]; then + echo " No certificate associated with this host." + exit 0 + else + CERTIFICATE_ID=$(curl -s -X GET "$BASE_URL/nginx/certificates" \ + -H "Authorization: Bearer $(cat $TOKEN_FILE)" | jq -r --arg DOMAIN "$DOMAIN" '.[] | select(.domain_names[] == $DOMAIN) | .id') + fi + + DATA=$(jq -n --argjson cert_id "$CERTIFICATE_ID" '{ + ssl_forced: true, + http2_support: true, + hsts_enabled: true, + hsts_subdomains: true, + certificate_id: $cert_id + }') + + HTTP_RESPONSE=$(curl -s -w "HTTPSTATUS:%{http_code}" -X PUT "$BASE_URL/nginx/proxy-hosts/$HOST_ID" \ + -H "Authorization: Bearer $(cat $TOKEN_FILE)" \ + -H "Content-Type: application/json; charset=UTF-8" \ + --data-raw "$DATA") + + HTTP_BODY=$(echo "$HTTP_RESPONSE" | sed -e 's/HTTPSTATUS\:.*//g') + HTTP_STATUS=$(echo "$HTTP_RESPONSE" | tr -d '\n' | sed -e 's/.*HTTPSTATUS://') + + if [ "$HTTP_STATUS" -eq 200 ]; then + echo -e " ✅ ${COLOR_GREEN}SSL, HTTP/2, and HSTS enabled successfully!${COLOR_RESET}" + else + echo " Data sent: $DATA" # Log the data sent + echo -e " ⛔ ${COLOR_RED}Failed to enable SSL, HTTP/2, and HSTS. HTTP status: $HTTP_STATUS. Response: $HTTP_BODY${COLOR_RESET}" + fi +} + +# Function to disable SSL for a proxy host +disable_ssl() { + if [ -z "$HOST_ID" ]; then + echo " The --ssl-host-disable option requires a host ID." + usage + fi + echo " Disabling SSL for proxy host ID: $HOST_ID..." + + CHECK_RESPONSE=$(curl -s -X GET "$BASE_URL/nginx/proxy-hosts/$HOST_ID" \ + -H "Authorization: Bearer $(cat $TOKEN_FILE)") + + CERTIFICATE_ID=$(echo "$CHECK_RESPONSE" | jq -r '.certificate_id') + if [ "$CERTIFICATE_ID" != "null" ]; then + CERTIFICATE_ID=null + fi + + DATA=$(jq -n --argjson cert_id "$CERTIFICATE_ID" '{ + letsencrypt_agree: false, + dns_challenge: false, + allow_websocket_upgrade: 0, + http2_support: 0, + hsts_enabled: 0, + hsts_subdomains: 0, + ssl_forced: 0, + certificate_id: $cert_id + }') + + HTTP_RESPONSE=$(curl -s -w "HTTPSTATUS:%{http_code}" -X PUT "$BASE_URL/nginx/proxy-hosts/$HOST_ID" \ + -H "Authorization: Bearer $(cat $TOKEN_FILE)" \ + -H "Content-Type: application/json; charset=UTF-8" \ + --data-raw "$DATA") + + HTTP_BODY=$(echo "$HTTP_RESPONSE" | sed -e 's/HTTPSTATUS\:.*//g') + HTTP_STATUS=$(echo "$HTTP_RESPONSE" | tr -d '\n' | sed -e 's/.*HTTPSTATUS://') + + if [ "$HTTP_STATUS" -eq 200 ]; then + echo -e " ✅ ${COLOR_GREEN}SSL disabled successfully!${COLOR_RESET}" + else + echo " Data sent: $DATA" # Log the data sent + echo -e " ⛔ ${COLOR_RED}Failed to disable SSL. HTTP status: $HTTP_STATUS. Response: $HTTP_BODY${COLOR_RESET}" + fi +} + +# Function to show full details for a specific host by ID +show_host() { + if [ -z "$HOST_ID" ]; then + echo " The --show-host option requires a host ID." + usage + fi + echo -e "\n${COLOR_ORANGE} 👉 Full details for proxy host ID: $HOST_ID...${COLOR_RESET}\n" + RESPONSE=$(curl -s -X GET "$BASE_URL/nginx/proxy-hosts/$HOST_ID" \ + -H "Authorization: Bearer $(cat $TOKEN_FILE)") + + echo "$RESPONSE" | jq . +} + +# Display default settings for creating hosts +show_default() { + echo -e "\n 🛠 ${COLOR_YELLOW}Default settings for creating hosts (Changed to your needs):${COLOR_RESET}" + echo -e " - FORWARD_SCHEME: ${COLOR_ORANGE}${FORWARD_SCHEME}${COLOR_RESET}" + echo -e " - SSL_FORCED: ${COLOR_ORANGE}${SSL_FORCED}${COLOR_RESET}" + echo -e " - CACHING_ENABLED: ${COLOR_ORANGE}${CACHING_ENABLED}${COLOR_RESET}" + echo -e " - BLOCK_EXPLOITS: ${COLOR_ORANGE}${BLOCK_EXPLOITS}${COLOR_RESET}" + echo -e " - ALLOW_WEBSOCKET_UPGRADE: ${COLOR_ORANGE}${ALLOW_WEBSOCKET_UPGRADE}${COLOR_RESET}" + echo -e " - HTTP2_SUPPORT: ${COLOR_ORANGE}${HTTP2_SUPPORT}${COLOR_RESET}" + echo -e " - HSTS_ENABLED: ${COLOR_ORANGE}${HSTS_ENABLED}${COLOR_RESET}" + echo -e " - HSTS_SUBDOMAINS: ${COLOR_ORANGE}${HSTS_SUBDOMAINS}${COLOR_RESET}" + echo -e " - ADVANCED_CONFIG: ${COLOR_ORANGE}${ADVANCED_CONFIG}${COLOR_RESET}" + echo -e " - TOKEN_EXPIRY: ${COLOR_ORANGE}${TOKEN_EXPIRY}${COLOR_RESET}" + echo + exit 0 +} + # Perform a full backup of all configurations full_backup() { mkdir -p "$BACKUP_DIR" @@ -676,9 +881,10 @@ full_backup() { -H "Authorization: Bearer $(cat $TOKEN_FILE)") echo "$RESPONSE" | jq '.' > "$BACKUP_DIR/settings_${NGINX_IP//./_}_$DATE.json" - echo -e " ✅ ${COLOR_GREEN}Full backup completed successfully!${COLOR_RESET}" + echo -e " ✅ ${COLOR_GREEN}Full backup completed successfully in 📂 '$BACKUP_DIR' ${COLOR_RESET}" } +# Main logic if [ "$CREATE_USER" = true ]; then create_user elif [ "$DELETE_USER" = true ]; then @@ -689,6 +895,8 @@ elif [ "$LIST_HOSTS" = true ]; then list_proxy_hosts elif [ "$LIST_HOSTS_FULL" = true ]; then list_proxy_hosts_full +elif [ "$SHOW_HOST" = true ]; then + show_host elif [ "$LIST_SSL_CERTIFICATES" = true ]; then list_ssl_certificates elif [ "$LIST_USERS" = true ]; then @@ -703,6 +911,14 @@ elif [ "$CHECK_TOKEN" = true ]; then validate_token elif [ "$BACKUP" = true ]; then full_backup +elif [ "$GENERATE_CERT" = true ]; then + generate_certificate +elif [ "$ENABLE_SSL" = true ]; then + enable_ssl +elif [ "$DISABLE_SSL" = true ]; then + disable_ssl +elif [ "$SHOW_DEFAULT" = true ]; then + show_default else create_or_update_proxy_host fi