Add --generate-cert --show-default + optimize --backup

This commit is contained in:
Erreur32 2024-07-12 21:43:35 +02:00
parent 661c042f40
commit 4eabf7ab7d

View file

@ -11,44 +11,49 @@
# ./nginx_proxy_manager_cli.sh [OPTIONS] # ./nginx_proxy_manager_cli.sh [OPTIONS]
# #
# Examples: # Examples:
# ./nginx_proxy_manager_cli.sh -d example.com -i 192.168.1.10 -p 8080 -s true # Backup Frist !
# ./nginx_proxy_manager_cli.sh --backup
#
# ./nginx_proxy_manager_cli.sh -d example.com -i 192.168.1.10 -p 8080 (check default values below)
# ./nginx_proxy_manager_cli.sh --show-default
# ./nginx_proxy_manager_cli.sh --create-user newuser password123 user@example.com # ./nginx_proxy_manager_cli.sh --create-user newuser password123 user@example.com
# ./nginx_proxy_manager_cli.sh --delete-user 'username' # ./nginx_proxy_manager_cli.sh --delete-user 'username'
# ./nginx_proxy_manager_cli.sh --list-hosts # ./nginx_proxy_manager_cli.sh --list-hosts
# ./nginx_proxy_manager_cli.sh --backup
# ./nginx_proxy_manager_cli.sh --generate-cert example.com user@example.com
# ./nginx_proxy_manager_cli.sh --ssl-host-enable 1
# #
# Advanced proxy tab example: # Advanced proxy tab example:
# ./nginx_proxy_manager_cli.sh -d example.com -i 192.168.1.10 -p 8080 -a 'proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;' # ./nginx_proxy_manager_cli.sh -d example.com -i 192.168.1.10 -p 8080 -a 'proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;'
# #
# Options: # Options:
# -d DOMAIN_NAMES Domain name (required for creating/updating hosts) # -d DOMAIN_NAMES Domain name (required for creating/updating hosts)
# -i FORWARD_HOST IP address or domain name of the target server (required for creating/updating hosts) # -i FORWARD_HOST IP address or domain name of the target server (required for creating/updating hosts)
# -p FORWARD_PORT Port of the target server (required for creating/updating hosts) # -p FORWARD_PORT Port of the target server (required for creating/updating hosts)
# -f FORWARD_SCHEME Scheme for forwarding (http/https, default: http) # -f FORWARD_SCHEME Scheme for forwarding (http/https, default: http)
# -s SSL_FORCED Force SSL (true/false, default: false) # -c CACHING_ENABLED Enable caching (true/false, default: false)
# -c CACHING_ENABLED Enable caching (true/false, default: false) # -b BLOCK_EXPLOITS Block exploits (true/false, default: true)
# -b BLOCK_EXPLOITS Block exploits (true/false, default: true) # -w ALLOW_WEBSOCKET_UPGRADE Allow WebSocket upgrade (true/false, default: true)
# -w ALLOW_WEBSOCKET_UPGRADE Allow WebSocket upgrade (true/false, default: true) # -a ADVANCED_CONFIG Advanced configuration (block of configuration settings)
# -h HTTP2_SUPPORT Support HTTP/2 (true/false, default: true) # -t TOKEN_EXPIRY Token expiry duration (default: 1y)
# -a ADVANCED_CONFIG Advanced configuration (block of configuration settings) # --backup Backup all configurations to a file
# -e LETS_ENCRYPT_AGREE Accept Let's Encrypt (true/false, default: false) # --check-token Check if the current token is valid
# -m LETS_ENCRYPT_EMAIL Email for Let's Encrypt (required if LETS_ENCRYPT_AGREE is true) # --create-user user pass email Create a user with a username, password and email
# -n DNS_CHALLENGE DNS challenge (true/false, default: false) # --delete-user username Delete a user by username
# -t TOKEN_EXPIRY Token expiry duration (default: 1y) # --delete-host id Delete a proxy host by ID
# --create-user user pass Create a user with a username and password # --show-host id Show full details for a specific host by ID
# --delete-user username Delete a user by username # --show-default Show default settings for creating hosts
# --delete-host id Delete a proxy host by ID # --list-hosts List the names of all proxy hosts
# --list-hosts List the names of all proxy hosts # --list-hosts-full List all proxy hosts with full details
# --list-hosts-full List all proxy hosts with full details # --list-ssl-certificates List all SSL certificates
# --list-ssl-certificates List all SSL certificates # --list-users List all users
# --list-users List all users # --search-host hostname Search for a proxy host by domain name
# --search-host hostname Search for a proxy host by domain name # --enable-host id Enable a proxy host by ID
# --enable-host id Enable a proxy host by ID # --disable-host id Disable a proxy host by ID
# --disable-host id Disable a proxy host by ID # --generate-cert domain email Generate a Let's Encrypt certificate for the given domain and email
# --check-token Check if the current token is valid # --ssl-host-enable id Enable SSL, HTTP/2, and HSTS for a proxy host (need --generate-cert first)
# --backup Backup all configurations to a file # --ssl-host-disable id Disable SSL, HTTP/2, and HSTS for a proxy host
# --help Display this help # --help Display this help
################################ ################################
# Variables to Edit (required) # # Variables to Edit (required) #
@ -59,22 +64,13 @@ NGINX_IP="127.0.0.1"
API_USER="user@nginx" API_USER="user@nginx"
API_PASS="pass nginx" API_PASS="pass nginx"
################################# #################################
# Variables to Edit (optionnal) # # Variables to Edit (optional) #
################################# #################################
# Will create backup directory automatically
BACKUP_DIR="./backups" BACKUP_DIR="./backups"
DATE=$(date +"%Y%m%d%H%M%S") DATE=$(date +"%Y%m%d%H%M%S")
BACKUP_FILE="$BACKUP_DIR/backup_${NGINX_IP//./_}_$DATE.json"
# Colors
COLOR_GREEN="\033[32m"
COLOR_RED="\033[41;1m"
COLOR_ORANGE="\033[38;5;202m"
COLOR_YELLOW="\033[93m"
COLOR_RESET="\033[0m"
WHITE_ON_GREEN="\033[97m\033[42m"
# API Endpoints # API Endpoints
BASE_URL="http://$NGINX_IP:81/api" BASE_URL="http://$NGINX_IP:81/api"
@ -84,16 +80,18 @@ TOKEN_FILE="token_${NGINX_IP}.txt"
TOKEN_EXPIRY="1y" TOKEN_EXPIRY="1y"
# Default variables # Default variables
SSL_FORCED=false
CACHING_ENABLED=false CACHING_ENABLED=false
BLOCK_EXPLOITS=true BLOCK_EXPLOITS=true
ALLOW_WEBSOCKET_UPGRADE=true ALLOW_WEBSOCKET_UPGRADE=1
HTTP2_SUPPORT=true HTTP2_SUPPORT=0
ADVANCED_CONFIG="" ADVANCED_CONFIG=""
LETS_ENCRYPT_AGREE=false LETS_ENCRYPT_AGREE=false
LETS_ENCRYPT_EMAIL="" LETS_ENCRYPT_EMAIL=""
DNS_CHALLENGE=false
FORWARD_SCHEME="http" FORWARD_SCHEME="http"
FORCE_CERT_CREATION=false
SSL_FORCED=0
HSTS_ENABLED=0
HSTS_SUBDOMAINS=0
# Control variables # Control variables
CREATE_USER=false CREATE_USER=false
@ -108,12 +106,26 @@ ENABLE_HOST=false
DISABLE_HOST=false DISABLE_HOST=false
CHECK_TOKEN=false CHECK_TOKEN=false
BACKUP=false BACKUP=false
GENERATE_CERT=false
ENABLE_SSL=false
DISABLE_SSL=false
SHOW_HOST=false
SHOW_DEFAULT=false
# Colors
COLOR_GREEN="\033[32m"
COLOR_RED="\033[41;1m"
COLOR_ORANGE="\033[38;5;202m"
COLOR_YELLOW="\033[93m"
COLOR_RESET="\033[0m"
WHITE_ON_GREEN="\033[30;48;5;83m"
#WHITE_ON_GREEN="\033[97m\033[42m"
# Check if necessary dependencies are installed # Check if necessary dependencies are installed
check_dependencies() { check_dependencies() {
local dependencies=("curl" "jq") local dependencies=("curl" "jq")
for dep in "${dependencies[@]}"; do for dep in "${dependencies[@]}"; do
if ! command -v $dep &> /dev/null; then if ! command -v "$dep" &> /dev/null; then
echo -e "${COLOR_RED}Dependency $dep is not installed. Please install it before running this script.${COLOR_RESET}" echo -e "${COLOR_RED}Dependency $dep is not installed. Please install it before running this script.${COLOR_RESET}"
exit 1 exit 1
fi fi
@ -124,47 +136,53 @@ check_dependencies
# Display help # Display help
usage() { usage() {
echo -e "\n${COLOR_YELLOW}Usage: $0 -d domain -i ip -p port [-f forward_scheme] [-s ssl_forced] [-c caching_enabled] [-b block_exploits] [-w allow_websocket_upgrade] [-h http2_support] [-a advanced_config] [-e lets_encrypt_agree] [-m lets_encrypt_email] [-n dns_challenge] [-t token_expiry] [--create-user username password] [--delete-user username] [--delete-host id] [--list-hosts] [--list-hosts-full] [--list-ssl-certificates] [--list-users] [--search-host hostname] [--enable-host id] [--disable-host id] [--check-token] [--backup] [--help]${COLOR_RESET}" echo -e "\n${COLOR_YELLOW}Usage: $0 -d domain -i ip -p port [-f forward_scheme] [-c caching_enabled] [-b block_exploits] [-w allow_websocket_upgrade] [-a advanced_config] [-t token_expiry] [--create-user username password email] [--delete-user username] [--delete-host id] [--list-hosts] [--list-hosts-full] [--list-ssl-certificates] [--list-users] [--search-host hostname] [--enable-host id] [--disable-host id] [--check-token] [--backup] [--generate-cert domain email] [--ssl-host-enable id] [--ssl-host-disable id] [--show-host id] [--show-default] [--help]${COLOR_RESET}"
echo "" echo ""
echo -e "Examples:" echo -e "Examples:"
echo -e " Backup First before do anything ;)" echo -e "\n Backup First before do anything ;)"
echo -e " ./nginx_proxy_manager_cli.sh --backup" echo -e " ./nginx_proxy_manager_cli.sh --backup"
echo -e " Host Creation" echo -e "\n Host Creation"
echo -e " ./nginx_proxy_manager_cli.sh -d example.com -i 192.168.1.10 -p 8080 -s true" echo -e " ./nginx_proxy_manager_cli.sh --show-default"
echo -e " ./nginx_proxy_manager_cli.sh --create-user newuser password123" echo -e " ./nginx_proxy_manager_cli.sh -d example.com -i 192.168.1.10 -p 8080"
echo -e " ./nginx_proxy_manager_cli.sh --delete-user 'username'"
echo -e " ./nginx_proxy_manager_cli.sh --list-hosts" echo -e " ./nginx_proxy_manager_cli.sh --list-hosts"
echo -e " Advanced example:" echo -e " ./nginx_proxy_manager_cli.sh --show-host id"
echo -e " ./nginx_proxy_manager_cli.sh -d example.com -i 192.168.1.10 -p 8080 -a 'proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;'" echo -e "\n User Creation"
echo "" echo -e " ./nginx_proxy_manager_cli.sh --create-user newuser password123 user@example.com"
echo -e " ./nginx_proxy_manager_cli.sh --delete-user 'username'"
echo -e "\n Advanced example:"
echo -e " ./nginx_proxy_manager_cli.sh -d example.com -i 192.168.1.10 -p 8080 -a 'proxy_set_header X-Real-IP \$remote_addr; proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;'"
echo -e " ./nginx_proxy_manager_cli.sh --generate-cert example.com user@example.com"
echo -e " ./nginx_proxy_manager_cli.sh --ssl-host-enable 1 (Must have generated a cert before !! --generate-cert)"
echo -e ""
echo -e "Options:" echo -e "Options:"
echo -e " -d ${COLOR_ORANGE}DOMAIN_NAMES${COLOR_RESET} Domain name (${COLOR_RED}required${COLOR_RESET})" echo -e " -d ${COLOR_ORANGE}DOMAIN_NAMES${COLOR_RESET} Domain name (${COLOR_RED}required${COLOR_RESET})"
echo -e " -i ${COLOR_ORANGE}FORWARD_HOST${COLOR_RESET} IP address or domain name of the target server (${COLOR_RED}required${COLOR_RESET})" echo -e " -i ${COLOR_ORANGE}FORWARD_HOST${COLOR_RESET} IP address or domain name of the target server (${COLOR_RED}required${COLOR_RESET})"
echo -e " -p ${COLOR_ORANGE}FORWARD_PORT${COLOR_RESET} Port of the target server (${COLOR_RED}required${COLOR_RESET})" echo -e " -p ${COLOR_ORANGE}FORWARD_PORT${COLOR_RESET} Port of the target server (${COLOR_RED}required${COLOR_RESET})"
echo -e " -f FORWARD_SCHEME Scheme for forwarding (http/https, default: http)" echo -e " -f FORWARD_SCHEME Scheme for forwarding (http/https, default: http)"
echo -e " -s SSL_FORCED Force SSL (true/false, default: $(colorize_boolean $SSL_FORCED))" echo -e " -c CACHING_ENABLED Enable caching (true/false, default: $(colorize_boolean $CACHING_ENABLED))"
echo -e " -c CACHING_ENABLED Enable caching (true/false, default: $(colorize_boolean $CACHING_ENABLED))" echo -e " -b BLOCK_EXPLOITS Block exploits (true/false, default: $(colorize_boolean $BLOCK_EXPLOITS))"
echo -e " -b BLOCK_EXPLOITS Block exploits (true/false, default: $(colorize_boolean $BLOCK_EXPLOITS))" echo -e " -w ALLOW_WEBSOCKET_UPGRADE Allow WebSocket upgrade (true/false, default: $(colorize_boolean $ALLOW_WEBSOCKET_UPGRADE))"
echo -e " -w ALLOW_WEBSOCKET_UPGRADE Allow WebSocket upgrade (true/false, default: $(colorize_boolean $ALLOW_WEBSOCKET_UPGRADE))" echo -e " -a ADVANCED_CONFIG Advanced configuration (string)"
echo -e " -h HTTP2_SUPPORT Support HTTP/2 (true/false, default: $(colorize_boolean $HTTP2_SUPPORT))" echo -e " -t TOKEN_EXPIRY Token expiry duration (default: ${COLOR_YELLOW}1y${COLOR_RESET})"
echo -e " -a ADVANCED_CONFIG Advanced configuration (string)" echo -e " --backup Backup all configurations to a file"
echo -e " -e LETS_ENCRYPT_AGREE Accept Let's Encrypt (true/false, default: $(colorize_boolean $LETS_ENCRYPT_AGREE))" echo -e " --check-token Check if the current token is valid"
echo -e " -m LETS_ENCRYPT_EMAIL Email for Let's Encrypt (${COLOR_ORANGE}required${COLOR_RESET} if LETS_ENCRYPT_AGREE is true)" echo -e " --create-user user pass email Create a user with a username, password and email"
echo -e " -n DNS_CHALLENGE DNS challenge (true/false, default: $(colorize_boolean $DNS_CHALLENGE))" echo -e " --delete-user username Delete a user by username"
echo -e " -t TOKEN_EXPIRY Token expiry duration (default: ${COLOR_YELLOW}1y${COLOR_RESET})" echo -e " --delete-host id Delete a proxy host by ID"
echo -e " --create-user user pass Create a user with a username and password" echo -e " --show-default Show default settings for creating hosts"
echo -e " --delete-user username Delete a user by username" echo -e " --show-host id Show full details for a specific host by ID"
echo -e " --delete-host id Delete a proxy host by ID" echo -e " --list-hosts List the names of all proxy hosts"
echo -e " --list-hosts List the names of all proxy hosts" echo -e " --list-hosts-full List all proxy hosts with full details"
echo -e " --list-hosts-full List all proxy hosts with full details" echo -e " --list-ssl-certificates List all SSL certificates"
echo -e " --list-ssl-certificates List all SSL certificates" echo -e " --list-users List all users"
echo -e " --list-users List all users" echo -e " --search-host hostname Search for a proxy host by domain name"
echo -e " --search-host hostname Search for a proxy host by domain name" echo -e " --enable-host id Enable a proxy host by ID"
echo -e " --enable-host id Enable a proxy host by ID" echo -e " --disable-host id Disable a proxy host by ID"
echo -e " --disable-host id Disable a proxy host by ID" echo -e " --generate-cert domain email Generate a Let's Encrypt certificate for the given domain and email"
echo -e " --check-token Check if the current token is valid" echo -e " --ssl-host-enable id Enable SSL, HTTP/2, and HSTS for a proxy host"
echo -e " --backup Backup all configurations to a file" echo -e " --ssl-host-disable id Disable SSL, HTTP/2, and HSTS for a proxy host"
echo -e " --help Display this help" echo -e " --help Display this help"
echo echo
exit 0 exit 0
} }
@ -180,21 +198,16 @@ colorize_boolean() {
} }
# Parse options # Parse options
while getopts "d:i:p:f:s:c:b:w:h:a:e:m:n:t:-:" opt; do while getopts "d:i:p:f:c:b:w:a:t:-:" opt; do
case $opt in case $opt in
d) DOMAIN_NAMES="$OPTARG" ;; d) DOMAIN_NAMES="$OPTARG" ;;
i) FORWARD_HOST="$OPTARG" ;; i) FORWARD_HOST="$OPTARG" ;;
p) FORWARD_PORT="$OPTARG" ;; p) FORWARD_PORT="$OPTARG" ;;
f) FORWARD_SCHEME="$OPTARG" ;; f) FORWARD_SCHEME="$OPTARG" ;;
s) SSL_FORCED="$OPTARG" ;;
c) CACHING_ENABLED="$OPTARG" ;; c) CACHING_ENABLED="$OPTARG" ;;
b) BLOCK_EXPLOITS="$OPTARG" ;; b) BLOCK_EXPLOITS="$OPTARG" ;;
w) ALLOW_WEBSOCKET_UPGRADE="$OPTARG" ;; w) ALLOW_WEBSOCKET_UPGRADE="$OPTARG" ;;
h) HTTP2_SUPPORT="$OPTARG" ;;
a) ADVANCED_CONFIG="$OPTARG" ;; a) ADVANCED_CONFIG="$OPTARG" ;;
e) LETS_ENCRYPT_AGREE="$OPTARG" ;;
m) LETS_ENCRYPT_EMAIL="$OPTARG" ;;
n) DNS_CHALLENGE="$OPTARG" ;;
t) TOKEN_EXPIRY="$OPTARG" ;; t) TOKEN_EXPIRY="$OPTARG" ;;
-) -)
case "${OPTARG}" in case "${OPTARG}" in
@ -231,6 +244,29 @@ while getopts "d:i:p:f:s:c:b:w:h:a:e:m:n:t:-:" opt; do
;; ;;
check-token) CHECK_TOKEN=true ;; check-token) CHECK_TOKEN=true ;;
backup) BACKUP=true ;; backup) BACKUP=true ;;
generate-cert)
GENERATE_CERT=true
DOMAIN="${!OPTIND}"; shift
EMAIL="${!OPTIND}"; shift
;;
ssl-host-enable)
ENABLE_SSL=true
HOST_ID="${!OPTIND}"; shift
;;
ssl-host-disable)
DISABLE_SSL=true
HOST_ID="${!OPTIND}"; shift
;;
show-default)
SHOW_DEFAULT=true
;;
show-host)
SHOW_HOST=true
HOST_ID="${!OPTIND}"; shift
;;
force-cert-creation)
FORCE_CERT_CREATION=true
;;
*) echo "Unknown option --${OPTARG}" ; usage ;; *) echo "Unknown option --${OPTARG}" ; usage ;;
esac ;; esac ;;
*) usage ;; *) usage ;;
@ -263,12 +299,12 @@ generate_token() {
-H "Content-Type: application/json; charset=UTF-8" \ -H "Content-Type: application/json; charset=UTF-8" \
--data-raw "{\"identity\":\"$API_USER\",\"secret\":\"$API_PASS\",\"expiry\":\"$TOKEN_EXPIRY\"}") --data-raw "{\"identity\":\"$API_USER\",\"secret\":\"$API_PASS\",\"expiry\":\"$TOKEN_EXPIRY\"}")
token=$(echo $response | jq -r '.token') token=$(echo "$response" | jq -r '.token')
expires=$(echo $response | jq -r '.expires') expires=$(echo "$response" | jq -r '.expires')
if [ "$token" != "null" ]; then if [ "$token" != "null" ]; then
echo $token > $TOKEN_FILE echo "$token" > $TOKEN_FILE
echo $expires > $EXPIRY_FILE echo "$expires" > $EXPIRY_FILE
echo "Token: $token" echo "Token: $token"
echo "Expiry: $expires" echo "Expiry: $expires"
else else
@ -289,10 +325,10 @@ validate_token() {
current_time=$(date -u +"%Y-%m-%dT%H:%M:%SZ") current_time=$(date -u +"%Y-%m-%dT%H:%M:%SZ")
if [[ "$current_time" < "$expires" ]]; then if [[ "$current_time" < "$expires" ]]; then
echo -e " ${COLOR_GREEN}The token is valid. Expiry: $expires${COLOR_RESET}" echo -e " ${COLOR_GREEN}The token is valid. Expiry: $expires${COLOR_RESET}"
return 0 return 0
else else
echo -e " ${COLOR_RED}The token is invalid. Expiry: $expires${COLOR_RESET}" echo -e " ${COLOR_RED}The token is invalid. Expiry: $expires${COLOR_RESET}"
return 1 return 1
fi fi
} }
@ -318,7 +354,7 @@ check_existing_proxy_host() {
read -p " Do you want to update it with the new configuration? (y/n): " -r read -p " Do you want to update it with the new configuration? (y/n): " -r
if [[ $REPLY =~ ^[Yy]$ ]]; then if [[ $REPLY =~ ^[Yy]$ ]]; then
HOST_ID=$(echo "$EXISTING_HOST" | jq -r '.id') HOST_ID=$(echo "$EXISTING_HOST" | jq -r '.id')
update_proxy_host $HOST_ID update_proxy_host "$HOST_ID"
else else
echo -e "${COLOR_RESET} No changes made." echo -e "${COLOR_RESET} No changes made."
exit 0 exit 0
@ -346,16 +382,14 @@ update_proxy_host() {
"block_exploits": %s, "block_exploits": %s,
"advanced_config": "%s", "advanced_config": "%s",
"meta": { "meta": {
"letsencrypt_agree": %s, "dns_challenge": %s
"dns_challenge": %s,
"letsencrypt_email": "%s"
}, },
"allow_websocket_upgrade": %s, "allow_websocket_upgrade": %s,
"http2_support": %s, "http2_support": %s,
"forward_scheme": "%s", "forward_scheme": "%s",
"enabled": true, "enabled": true,
"locations": [] "locations": []
}' "$DOMAIN_NAMES" "$FORWARD_HOST" "$FORWARD_PORT" "$SSL_FORCED" "$CACHING_ENABLED" "$BLOCK_EXPLOITS" "$ADVANCED_CONFIG_ESCAPED" "$LETS_ENCRYPT_AGREE" "$DNS_CHALLENGE" "$LETS_ENCRYPT_EMAIL" "$ALLOW_WEBSOCKET_UPGRADE" "$HTTP2_SUPPORT" "$FORWARD_SCHEME") }' "$DOMAIN_NAMES" "$FORWARD_HOST" "$FORWARD_PORT" "$SSL_FORCED" "$CACHING_ENABLED" "$BLOCK_EXPLOITS" "$ADVANCED_CONFIG_ESCAPED" "$DNS_CHALLENGE" "$ALLOW_WEBSOCKET_UPGRADE" "$HTTP2_SUPPORT" "$FORWARD_SCHEME")
echo -e "Request Data: $DATA" echo -e "Request Data: $DATA"
@ -372,7 +406,7 @@ update_proxy_host() {
echo -e "Response: $RESPONSE" echo -e "Response: $RESPONSE"
if [ $(echo "$RESPONSE" | jq -r '.error | length') -eq 0 ]; then if [ "$(echo "$RESPONSE" | jq -r '.error | length')" -eq 0 ]; then
echo -e "${COLOR_GREEN}Proxy host updated successfully!${COLOR_RESET} " echo -e "${COLOR_GREEN}Proxy host updated successfully!${COLOR_RESET} "
else else
echo -e "${COLOR_RED}Failed to update proxy host. Error: $(echo "$RESPONSE" | jq -r '.message')${COLOR_RESET}" echo -e "${COLOR_RED}Failed to update proxy host. Error: $(echo "$RESPONSE" | jq -r '.message')${COLOR_RESET}"
@ -388,14 +422,12 @@ create_new_proxy_host() {
"forward_port": '"$FORWARD_PORT"', "forward_port": '"$FORWARD_PORT"',
"access_list_id": null, "access_list_id": null,
"certificate_id": null, "certificate_id": null,
"ssl_forced": '"$SSL_FORCED"', "ssl_forced": false,
"caching_enabled": '"$CACHING_ENABLED"', "caching_enabled": '"$CACHING_ENABLED"',
"block_exploits": '"$BLOCK_EXPLOITS"', "block_exploits": '"$BLOCK_EXPLOITS"',
"advanced_config": "'"$ADVANCED_CONFIG"'", "advanced_config": "'"$ADVANCED_CONFIG"'",
"meta": { "meta": {
"letsencrypt_agree": '"$LETS_ENCRYPT_AGREE"', "dns_challenge": '"$DNS_CHALLENGE"'
"dns_challenge": '"$DNS_CHALLENGE"',
"letsencrypt_email": "'"$LETS_ENCRYPT_EMAIL"'"
}, },
"allow_websocket_upgrade": '"$ALLOW_WEBSOCKET_UPGRADE"', "allow_websocket_upgrade": '"$ALLOW_WEBSOCKET_UPGRADE"',
"http2_support": '"$HTTP2_SUPPORT"', "http2_support": '"$HTTP2_SUPPORT"',
@ -408,7 +440,7 @@ create_new_proxy_host() {
-H "Authorization: Bearer $(cat $TOKEN_FILE)" \ -H "Authorization: Bearer $(cat $TOKEN_FILE)" \
-H "Content-Type: application/json; charset=UTF-8" \ -H "Content-Type: application/json; charset=UTF-8" \
--data-raw "$DATA") --data-raw "$DATA")
if [ $(echo "$RESPONSE" | jq -r '.error | length') -eq 0 ]; then if [ "$(echo "$RESPONSE" | jq -r '.error | length')" -eq 0 ]; then
echo -e "${COLOR_GREEN}Proxy host created successfully!${COLOR_RESET}" echo -e "${COLOR_GREEN}Proxy host created successfully!${COLOR_RESET}"
else else
echo -e "${COLOR_RED}Failed to create proxy host. Error: $(echo "$RESPONSE" | jq -r '.message')${COLOR_RESET}" echo -e "${COLOR_RED}Failed to create proxy host. Error: $(echo "$RESPONSE" | jq -r '.message')${COLOR_RESET}"
@ -418,11 +450,7 @@ create_new_proxy_host() {
# Create or update a proxy host based on the existence of the domain # Create or update a proxy host based on the existence of the domain
create_or_update_proxy_host() { create_or_update_proxy_host() {
if [ -z "$DOMAIN_NAMES" ] || [ -z "$FORWARD_HOST" ] || [ -z "$FORWARD_PORT" ]; then if [ -z "$DOMAIN_NAMES" ] || [ -z "$FORWARD_HOST" ] || [ -z "$FORWARD_PORT" ]; then
echo "The -d, -i, and -p options are required to create or update a proxy host." echo " The -d, -i, and -p options are required to create or update a proxy host."
usage
fi
if $LETS_ENCRYPT_AGREE && [ -z "$LETS_ENCRYPT_EMAIL" ]; then
echo "The -m option is required when -e is true."
usage usage
fi fi
@ -432,10 +460,10 @@ create_or_update_proxy_host() {
# Delete a proxy host by ID # Delete a proxy host by ID
delete_proxy_host() { delete_proxy_host() {
if [ -z "$HOST_ID" ]; then if [ -z "$HOST_ID" ]; then
echo "The --delete-host option requires a host ID." echo " The --delete-host option requires a host ID."
usage usage
fi fi
echo "Deleting proxy host ID: $HOST_ID..." echo " Deleting proxy host ID: $HOST_ID..."
RESPONSE=$(curl -s -X DELETE "$BASE_URL/nginx/proxy-hosts/$HOST_ID" \ RESPONSE=$(curl -s -X DELETE "$BASE_URL/nginx/proxy-hosts/$HOST_ID" \
-H "Authorization: Bearer $(cat $TOKEN_FILE)") -H "Authorization: Bearer $(cat $TOKEN_FILE)")
@ -447,7 +475,6 @@ delete_proxy_host() {
fi fi
} }
# List all proxy hosts with basic details # List all proxy hosts with basic details
list_proxy_hosts() { list_proxy_hosts() {
echo -e "\n${COLOR_ORANGE} 👉 List of proxy hosts (simple)${COLOR_RESET}" echo -e "\n${COLOR_ORANGE} 👉 List of proxy hosts (simple)${COLOR_RESET}"
@ -476,10 +503,23 @@ list_proxy_hosts_full() {
done done
} }
# Show full details for a specific host by ID
show_host() {
if [ -z "$HOST_ID" ]; then
echo " The --show-host option requires a host ID."
usage
fi
echo -e "\n${COLOR_ORANGE} 👉 Full details for proxy host ID: $HOST_ID...${COLOR_RESET}\n"
RESPONSE=$(curl -s -X GET "$BASE_URL/nginx/proxy-hosts/$HOST_ID" \
-H "Authorization: Bearer $(cat $TOKEN_FILE)")
echo "$RESPONSE" | jq .
}
# Search for a proxy host by domain name # Search for a proxy host by domain name
search_proxy_host() { search_proxy_host() {
if [ -z "$SEARCH_HOSTNAME" ]; then if [ -z "$SEARCH_HOSTNAME" ]; then
echo "The --search-host option requires a domain name." echo " The --search-host option requires a domain name."
usage usage
fi fi
echo -e "\nSearching for proxy host for $SEARCH_HOSTNAME..." echo -e "\nSearching for proxy host for $SEARCH_HOSTNAME..."
@ -513,10 +553,10 @@ list_users() {
# Create a new user # Create a new user
create_user() { create_user() {
if [ -z "$USERNAME" ] || [ -z "$PASSWORD" ] || [ -z "$EMAIL" ]; then if [ -z "$USERNAME" ] || [ -z "$PASSWORD" ] || [ -z "$EMAIL" ]; then
echo "The username, password, and email parameters are required to create a user." echo " The username, password, and email parameters are required to create a user."
usage usage
fi fi
echo "Creating user $USERNAME..." echo " Creating user $USERNAME..."
DATA=$(jq -n --arg username "$USERNAME" --arg password "$PASSWORD" --arg email "$EMAIL" --arg name "$USERNAME" --arg nickname "$USERNAME" --arg secret "$PASSWORD" '{ DATA=$(jq -n --arg username "$USERNAME" --arg password "$PASSWORD" --arg email "$EMAIL" --arg name "$USERNAME" --arg nickname "$USERNAME" --arg secret "$PASSWORD" '{
name: $name, name: $name,
@ -551,10 +591,10 @@ create_user() {
# Delete a user by username # Delete a user by username
delete_user() { delete_user() {
if [ -z "$USERNAME" ]; then if [ -z "$USERNAME" ]; then
echo "The --delete-user option requires a username." echo " The --delete-user option requires a username."
usage usage
fi fi
echo "Deleting user $USERNAME..." echo " Deleting user $USERNAME..."
# Fetch the user ID based on the username # Fetch the user ID based on the username
USER_ID=$(curl -s -X GET "$BASE_URL/users" \ USER_ID=$(curl -s -X GET "$BASE_URL/users" \
@ -580,10 +620,10 @@ delete_user() {
# Enable a proxy host by ID # Enable a proxy host by ID
enable_proxy_host() { enable_proxy_host() {
if [ -z "$HOST_ID" ]; then if [ -z "$HOST_ID" ]; then
echo "The --enable-host option requires a host ID." echo " The --enable-host option requires a host ID."
usage usage
fi fi
echo "Enabling proxy host ID: $HOST_ID..." echo " Enabling proxy host ID: $HOST_ID..."
# Check if the proxy host exists before enabling # Check if the proxy host exists before enabling
CHECK_RESPONSE=$(curl -s -X GET "$BASE_URL/nginx/proxy-hosts/$HOST_ID" \ CHECK_RESPONSE=$(curl -s -X GET "$BASE_URL/nginx/proxy-hosts/$HOST_ID" \
@ -615,10 +655,10 @@ enable_proxy_host() {
# Disable a proxy host by ID # Disable a proxy host by ID
disable_proxy_host() { disable_proxy_host() {
if [ -z "$HOST_ID" ]; then if [ -z "$HOST_ID" ]; then
echo "The --disable-host option requires a host ID." echo " The --disable-host option requires a host ID."
usage usage
fi fi
echo "Disabling proxy host ID: $HOST_ID..." echo " Disabling proxy host ID: $HOST_ID..."
# Check if the proxy host exists before disabling # Check if the proxy host exists before disabling
CHECK_RESPONSE=$(curl -s -X GET "$BASE_URL/nginx/proxy-hosts/$HOST_ID" \ CHECK_RESPONSE=$(curl -s -X GET "$BASE_URL/nginx/proxy-hosts/$HOST_ID" \
@ -647,6 +687,171 @@ disable_proxy_host() {
fi fi
} }
# Generate Let's Encrypt certificate if not exists
generate_certificate() {
if [ -z "$DOMAIN" ] || [ -z "$EMAIL" ]; then
echo " The --generate-cert option requires a domain and email."
usage
fi
echo " Checking if Let's Encrypt certificate for domain: $DOMAIN exists..."
RESPONSE=$(curl -s -X GET "$BASE_URL/nginx/certificates" \
-H "Authorization: Bearer $(cat $TOKEN_FILE)")
EXISTING_CERT=$(echo "$RESPONSE" | jq -r --arg DOMAIN "$DOMAIN" '.[] | select(.domain_names[] == $DOMAIN)')
if [ -n "$EXISTING_CERT" ] && ! $FORCE_CERT_CREATION; then
EXPIRES_ON=$(echo "$EXISTING_CERT" | jq -r '.expires_on')
echo -e " 🔔 Certificate for $DOMAIN already exists and is valid until $EXPIRES_ON."
exit 0
fi
echo " Generating Let's Encrypt certificate for domain: $DOMAIN..."
DATA=$(jq -n --arg domain "$DOMAIN" --arg email "$EMAIL" --argjson agree true '{
provider: "letsencrypt",
domain_names: [$domain],
meta: {
letsencrypt_agree: $agree,
letsencrypt_email: $email
}
}')
echo -e " Please WAIT until validation or not!! \n Data being sent: $DATA" # Log the data being sent
HTTP_RESPONSE=$(curl -s -w "HTTPSTATUS:%{http_code}" -X POST "$BASE_URL/nginx/certificates" \
-H "Authorization: Bearer $(cat $TOKEN_FILE)" \
-H "Content-Type: application/json; charset=UTF-8" \
--data-raw "$DATA")
HTTP_BODY=$(echo "$HTTP_RESPONSE" | sed -e 's/HTTPSTATUS\:.*//g')
HTTP_STATUS=$(echo "$HTTP_RESPONSE" | tr -d '\n' | sed -e 's/.*HTTPSTATUS://')
if [ "$HTTP_STATUS" -eq 201 ]; then
echo -e "${COLOR_GREEN}Certificate generated successfully!${COLOR_RESET}"
else
echo " Data sent: $DATA" # Log the data sent
echo -e "${COLOR_RED}Failed to generate certificate. HTTP status: $HTTP_STATUS. Response: $HTTP_BODY${COLOR_RESET}"
fi
}
# Enable SSL, HTTP/2, and HSTS for a proxy host
enable_ssl() {
if [ -z "$HOST_ID" ]; then
echo " The --ssl-host-enable option requires a host ID."
usage
fi
echo " Enabling SSL, HTTP/2, and HSTS for proxy host ID: $HOST_ID..."
CHECK_RESPONSE=$(curl -s -X GET "$BASE_URL/nginx/proxy-hosts/$HOST_ID" \
-H "Authorization: Bearer $(cat $TOKEN_FILE)")
CERTIFICATE_ID=$(echo "$CHECK_RESPONSE" | jq -r '.certificate_id')
if [ "$CERTIFICATE_ID" == "null" ]; then
echo " No certificate associated with this host."
exit 0
else
CERTIFICATE_ID=$(curl -s -X GET "$BASE_URL/nginx/certificates" \
-H "Authorization: Bearer $(cat $TOKEN_FILE)" | jq -r --arg DOMAIN "$DOMAIN" '.[] | select(.domain_names[] == $DOMAIN) | .id')
fi
DATA=$(jq -n --argjson cert_id "$CERTIFICATE_ID" '{
ssl_forced: true,
http2_support: true,
hsts_enabled: true,
hsts_subdomains: true,
certificate_id: $cert_id
}')
HTTP_RESPONSE=$(curl -s -w "HTTPSTATUS:%{http_code}" -X PUT "$BASE_URL/nginx/proxy-hosts/$HOST_ID" \
-H "Authorization: Bearer $(cat $TOKEN_FILE)" \
-H "Content-Type: application/json; charset=UTF-8" \
--data-raw "$DATA")
HTTP_BODY=$(echo "$HTTP_RESPONSE" | sed -e 's/HTTPSTATUS\:.*//g')
HTTP_STATUS=$(echo "$HTTP_RESPONSE" | tr -d '\n' | sed -e 's/.*HTTPSTATUS://')
if [ "$HTTP_STATUS" -eq 200 ]; then
echo -e "${COLOR_GREEN}SSL, HTTP/2, and HSTS enabled successfully!${COLOR_RESET}"
else
echo " Data sent: $DATA" # Log the data sent
echo -e "${COLOR_RED}Failed to enable SSL, HTTP/2, and HSTS. HTTP status: $HTTP_STATUS. Response: $HTTP_BODY${COLOR_RESET}"
fi
}
# Function to disable SSL for a proxy host
disable_ssl() {
if [ -z "$HOST_ID" ]; then
echo " The --ssl-host-disable option requires a host ID."
usage
fi
echo " Disabling SSL for proxy host ID: $HOST_ID..."
CHECK_RESPONSE=$(curl -s -X GET "$BASE_URL/nginx/proxy-hosts/$HOST_ID" \
-H "Authorization: Bearer $(cat $TOKEN_FILE)")
CERTIFICATE_ID=$(echo "$CHECK_RESPONSE" | jq -r '.certificate_id')
if [ "$CERTIFICATE_ID" != "null" ]; then
CERTIFICATE_ID=null
fi
DATA=$(jq -n --argjson cert_id "$CERTIFICATE_ID" '{
letsencrypt_agree: false,
dns_challenge: false,
allow_websocket_upgrade: 0,
http2_support: 0,
hsts_enabled: 0,
hsts_subdomains: 0,
ssl_forced: 0,
certificate_id: $cert_id
}')
HTTP_RESPONSE=$(curl -s -w "HTTPSTATUS:%{http_code}" -X PUT "$BASE_URL/nginx/proxy-hosts/$HOST_ID" \
-H "Authorization: Bearer $(cat $TOKEN_FILE)" \
-H "Content-Type: application/json; charset=UTF-8" \
--data-raw "$DATA")
HTTP_BODY=$(echo "$HTTP_RESPONSE" | sed -e 's/HTTPSTATUS\:.*//g')
HTTP_STATUS=$(echo "$HTTP_RESPONSE" | tr -d '\n' | sed -e 's/.*HTTPSTATUS://')
if [ "$HTTP_STATUS" -eq 200 ]; then
echo -e "${COLOR_GREEN}SSL disabled successfully!${COLOR_RESET}"
else
echo " Data sent: $DATA" # Log the data sent
echo -e "${COLOR_RED}Failed to disable SSL. HTTP status: $HTTP_STATUS. Response: $HTTP_BODY${COLOR_RESET}"
fi
}
# Function to show full details for a specific host by ID
show_host() {
if [ -z "$HOST_ID" ]; then
echo " The --show-host option requires a host ID."
usage
fi
echo -e "\n${COLOR_ORANGE} 👉 Full details for proxy host ID: $HOST_ID...${COLOR_RESET}\n"
RESPONSE=$(curl -s -X GET "$BASE_URL/nginx/proxy-hosts/$HOST_ID" \
-H "Authorization: Bearer $(cat $TOKEN_FILE)")
echo "$RESPONSE" | jq .
}
# Display default settings for creating hosts
show_default() {
echo -e "\n 🛠 ${COLOR_YELLOW}Default settings for creating hosts (Changed to your needs):${COLOR_RESET}"
echo -e " - FORWARD_SCHEME: ${COLOR_ORANGE}${FORWARD_SCHEME}${COLOR_RESET}"
echo -e " - SSL_FORCED: ${COLOR_ORANGE}${SSL_FORCED}${COLOR_RESET}"
echo -e " - CACHING_ENABLED: ${COLOR_ORANGE}${CACHING_ENABLED}${COLOR_RESET}"
echo -e " - BLOCK_EXPLOITS: ${COLOR_ORANGE}${BLOCK_EXPLOITS}${COLOR_RESET}"
echo -e " - ALLOW_WEBSOCKET_UPGRADE: ${COLOR_ORANGE}${ALLOW_WEBSOCKET_UPGRADE}${COLOR_RESET}"
echo -e " - HTTP2_SUPPORT: ${COLOR_ORANGE}${HTTP2_SUPPORT}${COLOR_RESET}"
echo -e " - HSTS_ENABLED: ${COLOR_ORANGE}${HSTS_ENABLED}${COLOR_RESET}"
echo -e " - HSTS_SUBDOMAINS: ${COLOR_ORANGE}${HSTS_SUBDOMAINS}${COLOR_RESET}"
echo -e " - ADVANCED_CONFIG: ${COLOR_ORANGE}${ADVANCED_CONFIG}${COLOR_RESET}"
echo -e " - TOKEN_EXPIRY: ${COLOR_ORANGE}${TOKEN_EXPIRY}${COLOR_RESET}"
echo
exit 0
}
# Perform a full backup of all configurations # Perform a full backup of all configurations
full_backup() { full_backup() {
mkdir -p "$BACKUP_DIR" mkdir -p "$BACKUP_DIR"
@ -676,9 +881,10 @@ full_backup() {
-H "Authorization: Bearer $(cat $TOKEN_FILE)") -H "Authorization: Bearer $(cat $TOKEN_FILE)")
echo "$RESPONSE" | jq '.' > "$BACKUP_DIR/settings_${NGINX_IP//./_}_$DATE.json" echo "$RESPONSE" | jq '.' > "$BACKUP_DIR/settings_${NGINX_IP//./_}_$DATE.json"
echo -e "${COLOR_GREEN}Full backup completed successfully!${COLOR_RESET}" echo -e "${COLOR_GREEN}Full backup completed successfully in 📂 '$BACKUP_DIR' ${COLOR_RESET}"
} }
# Main logic
if [ "$CREATE_USER" = true ]; then if [ "$CREATE_USER" = true ]; then
create_user create_user
elif [ "$DELETE_USER" = true ]; then elif [ "$DELETE_USER" = true ]; then
@ -689,6 +895,8 @@ elif [ "$LIST_HOSTS" = true ]; then
list_proxy_hosts list_proxy_hosts
elif [ "$LIST_HOSTS_FULL" = true ]; then elif [ "$LIST_HOSTS_FULL" = true ]; then
list_proxy_hosts_full list_proxy_hosts_full
elif [ "$SHOW_HOST" = true ]; then
show_host
elif [ "$LIST_SSL_CERTIFICATES" = true ]; then elif [ "$LIST_SSL_CERTIFICATES" = true ]; then
list_ssl_certificates list_ssl_certificates
elif [ "$LIST_USERS" = true ]; then elif [ "$LIST_USERS" = true ]; then
@ -703,6 +911,14 @@ elif [ "$CHECK_TOKEN" = true ]; then
validate_token validate_token
elif [ "$BACKUP" = true ]; then elif [ "$BACKUP" = true ]; then
full_backup full_backup
elif [ "$GENERATE_CERT" = true ]; then
generate_certificate
elif [ "$ENABLE_SSL" = true ]; then
enable_ssl
elif [ "$DISABLE_SSL" = true ]; then
disable_ssl
elif [ "$SHOW_DEFAULT" = true ]; then
show_default
else else
create_or_update_proxy_host create_or_update_proxy_host
fi fi