ADD --delete-cert domain and modification of --host-ssl-enable id to enabled only when Certificat exist (if not exist you can make --generate-cert to create one)

This commit is contained in:
Erreur32 2024-09-28 15:03:17 +02:00
parent 395f1e040a
commit f6f622cf5a

View file

@ -4,7 +4,7 @@
# Github [ https://github.com/Erreur32/nginx-proxy-manager-Bash-API ] # Github [ https://github.com/Erreur32/nginx-proxy-manager-Bash-API ]
# Erreur32 July 2024 # Erreur32 July 2024
VERSION="2.4.2" VERSION="2.5.0"
# #
# This script allows you to manage Nginx Proxy Manager via the API. It provides # This script allows you to manage Nginx Proxy Manager via the API. It provides
@ -33,7 +33,7 @@ VERSION="2.4.2"
# ./nginx_proxy_manager_cli.sh -d example.com -i 192.168.1.10 -p 8080 -a 'proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;' # ./nginx_proxy_manager_cli.sh -d example.com -i 192.168.1.10 -p 8080 -a 'proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;'
# #
# 🔒 Custom Certificate: # 🔒 Custom Certificate:
# ./nginx_proxy_manager_cli.sh --generate-cert example.com user@example.com --custom # ./nginx_proxy_manager_cli.sh --generate-cert example.com user@example.com
# #
# 📂 Custom locations: # 📂 Custom locations:
# ./nginx_proxy_manager_cli.sh -d example.com -i 192.168.1.10 -p 8080 -l '[{"path":"/api","forward_host":"192.168.1.11","forward_port":8081}]' # ./nginx_proxy_manager_cli.sh -d example.com -i 192.168.1.10 -p 8080 -l '[{"path":"/api","forward_host":"192.168.1.11","forward_port":8081}]'
@ -54,8 +54,9 @@ VERSION="2.4.2"
# 📦 Backup and Restore: # 📦 Backup and Restore:
# --backup Backup all configurations to a file # --backup Backup all configurations to a file
# --backup-host id Backup a single host configuration and its certificate (if exists) # --backup-host id Backup a single host configuration and its certificate (if exists)
# --restore Restore configurations from a backup file #
# --restore-host (empty/name) Restore a single host configuration and its certificate (if exists) # DISABLE
# --restore commands DISABLED
# #
# 🔧 Miscellaneous: # 🔧 Miscellaneous:
# --check-token Check if the current token is valid # --check-token Check if the current token is valid
@ -66,14 +67,15 @@ VERSION="2.4.2"
# --show-default Show default settings for creating hosts # --show-default Show default settings for creating hosts
# --host-list List the names of all proxy hosts # --host-list List the names of all proxy hosts
# --host-list-full List all proxy hosts with full details # --host-list-full List all proxy hosts with full details
# --host-list-ssl-certificates List all SSL certificates
# --host-list-users List all users # --host-list-users List all users
# --host-search hostname Search for a proxy host by domain name # --host-search hostname Search for a proxy host by domain name
# --host-enable id Enable a proxy host by ID # --host-enable id Enable a proxy host by ID
# --host-disable id Disable a proxy host by ID # --host-disable id Disable a proxy host by ID
# --host-ssl-enable id Enable SSL, HTTP/2, and HSTS for a proxy host # --host-ssl-enable id Enable SSL, HTTP/2, and HSTS for a proxy host
# --host-ssl-disable id Disable SSL, HTTP/2, and HSTS for a proxy host # --host-ssl-disable id Disable SSL, HTTP/2, and HSTS for a proxy host
# --generate-cert domain email [--custom] Generate a Let's Encrypt or Custom certificate for the given domain and email # --list-ssl-certificates List All SSL certificates availables (JSON)
# --generate-cert domain email Generate certificate for the given domain and email
# --delete-cert domain Delete certificate for the given domain
# --help Display this help # --help Display this help
################################ ################################
@ -87,6 +89,7 @@ API_PASS="pass nginx"
# Path to store .txt files and Backups # Path to store .txt files and Backups
BASE_DIR="/path/nginx_proxy_script/data" BASE_DIR="/path/nginx_proxy_script/data"
################################# #################################
# Variables to Edit (optional) # # Variables to Edit (optional) #
################################# #################################
@ -140,7 +143,6 @@ ENABLE_SSL=false
DISABLE_SSL=false DISABLE_SSL=false
HOST_SHOW=false HOST_SHOW=false
SHOW_DEFAULT=false SHOW_DEFAULT=false
CUSTOM_CERT=false
# Colors Custom # Colors Custom
COLOR_GREEN="\033[32m" COLOR_GREEN="\033[32m"
@ -200,7 +202,7 @@ usage() {
echo -e " -d ${COLOR_ORANGE}DOMAIN_NAMES${COLOR_RESET} Domain name (${COLOR_RED}required${COLOR_RESET})" echo -e " -d ${COLOR_ORANGE}DOMAIN_NAMES${COLOR_RESET} Domain name (${COLOR_RED}required${COLOR_RESET})"
echo -e " -i ${COLOR_ORANGE}FORWARD_HOST${COLOR_RESET} IP address or domain name of the target server (${COLOR_RED}required${COLOR_RESET})" echo -e " -i ${COLOR_ORANGE}FORWARD_HOST${COLOR_RESET} IP address or domain name of the target server (${COLOR_RED}required${COLOR_RESET})"
echo -e " -p ${COLOR_ORANGE}FORWARD_PORT${COLOR_RESET} Port of the target server (${COLOR_RED}required${COLOR_RESET})" echo -e " -p ${COLOR_ORANGE}FORWARD_PORT${COLOR_RESET} Port of the target server (${COLOR_RED}required${COLOR_RESET})"
echo -e "\n (Check default settings, no need if already set!)" echo -e "\n (Check default settings,no argument needed if already set!)"
echo -e " -f FORWARD_SCHEME Scheme for forwarding (http/https, default: $(colorize_booleanh $FORWARD_SCHEME))" echo -e " -f FORWARD_SCHEME Scheme for forwarding (http/https, default: $(colorize_booleanh $FORWARD_SCHEME))"
echo -e " -c CACHING_ENABLED Enable caching (true/false, default: $(colorize_boolean $CACHING_ENABLED))" echo -e " -c CACHING_ENABLED Enable caching (true/false, default: $(colorize_boolean $CACHING_ENABLED))"
echo -e " -b BLOCK_EXPLOITS Block exploits (true/false, default: $(colorize_boolean $BLOCK_EXPLOITS))" echo -e " -b BLOCK_EXPLOITS Block exploits (true/false, default: $(colorize_boolean $BLOCK_EXPLOITS))"
@ -212,23 +214,25 @@ usage() {
echo -e " --show-default 🔍 ${COLOR_YELLOW}Show${COLOR_RESET} Default settings for creating hosts" echo -e " --show-default 🔍 ${COLOR_YELLOW}Show${COLOR_RESET} Default settings for creating hosts"
echo -e " --backup 📦 ${COLOR_GREEN}Backup${COLOR_RESET} All configurations to a different files in \$BACKUP_DIR" echo -e " --backup 📦 ${COLOR_GREEN}Backup${COLOR_RESET} All configurations to a different files in \$BACKUP_DIR"
echo -e " --backup-host id 📦 ${COLOR_GREEN}Backup${COLOR_RESET} Single host configuration and its certificate (if exists)" echo -e " --backup-host id 📦 ${COLOR_GREEN}Backup${COLOR_RESET} Single host configuration and its certificate (if exists)"
echo -e " --restore 📦 ${COLOR_GREEN}Restore${COLOR_RESET} All configurations from a backup file" #echo -e " --restore 📦 ${COLOR_GREEN}Restore${COLOR_RESET} All configurations from a backup file"
echo -e " --restore-host id 📦 ${COLOR_GREEN}Restore${COLOR_RESET} Restore single host with list with empty arguments or a Domain name" #echo -e " --restore-host id 📦 ${COLOR_GREEN}Restore${COLOR_RESET} Restore single host with list with empty arguments or a Domain name"
echo -e " --check-token 🔧 ${COLOR_YELLOW}Check${COLOR_RESET} If the current token is valid" echo -e " --check-token 🔧 ${COLOR_YELLOW}Check${COLOR_RESET} If the current token is valid"
echo -e " --create-user user pass email 👤 ${COLOR_GREEN}Create${COLOR_RESET} User with a ${COLOR_YELLOW}username, ${COLOR_YELLOW}password${COLOR_RESET} and ${COLOR_YELLOW}email${COLOR_RESET}" echo -e " --create-user user pass email 👤 ${COLOR_GREEN}Create${COLOR_RESET} User with a ${COLOR_YELLOW}username, ${COLOR_YELLOW}password${COLOR_RESET} and ${COLOR_YELLOW}email${COLOR_RESET}"
echo -e " --delete-user username 💣 ${COLOR_ORANGE}Delete${COLOR_RESET} User by ${COLOR_YELLOW}username${COLOR_RESET}" echo -e " --delete-user username 💣 ${COLOR_ORANGE}Delete${COLOR_RESET} User by ${COLOR_YELLOW}username${COLOR_RESET}"
echo -e " --host-delete id 💣 ${COLOR_ORANGE}Delete${COLOR_RESET} Proxy host by ${COLOR_YELLOW}ID${COLOR_RESET}" echo -e " --host-delete id 💣 ${COLOR_ORANGE}Delete${COLOR_RESET} Proxy host by ${COLOR_YELLOW}ID${COLOR_RESET}"
echo -e " --host-search hostname 🔍 ${COLOR_GREEN}Search${COLOR_RESET} Proxy host by domain name" echo -e " --host-search hostname 🔍 ${COLOR_GREEN}Search${COLOR_RESET} Proxy host by domain name"
echo -e " --host-show id 🔍 ${COLOR_YELLOW}Show${COLOR_RESET} Full details for a specific host by ${COLOR_YELLOW}ID${COLOR_RESET}" echo -e " --host-show id 🔍 ${COLOR_YELLOW}Show${COLOR_RESET} Full details for a specific host by ${COLOR_YELLOW}ID${COLOR_RESET}"
echo -e " --host-list 📋 ${COLOR_YELLOW}List${COLOR_RESET} All Proxy hosts (simple)" echo -e " --host-list 📋 ${COLOR_YELLOW}List${COLOR_RESET} All Proxy hosts (table form)"
echo -e " --host-list-full 📋 ${COLOR_YELLOW}List${COLOR_RESET} All Proxy hosts full details (JSON)" echo -e " --host-list-full 📋 ${COLOR_YELLOW}List${COLOR_RESET} All Proxy hosts full details (JSON)"
echo -e " --host-list-ssl-certificates 📋 ${COLOR_YELLOW}List${COLOR_RESET} All SSL certificates"
echo -e " --host-list-users 📋 ${COLOR_YELLOW}List${COLOR_RESET} All Users" echo -e " --host-list-users 📋 ${COLOR_YELLOW}List${COLOR_RESET} All Users"
echo -e " --host-enable id ✅ ${COLOR_GREEN}Enable${COLOR_RESET} Proxy host by ${COLOR_YELLOW}ID${COLOR_RESET}" echo -e " --host-enable id ✅ ${COLOR_GREEN}Enable${COLOR_RESET} Proxy host by ${COLOR_YELLOW}ID${COLOR_RESET}"
echo -e " --host-disable id ❌ ${COLOR_ORANGE}Disable${COLOR_RESET} Proxy host by ${COLOR_YELLOW}ID${COLOR_RESET}" echo -e " --host-disable id ❌ ${COLOR_ORANGE}Disable${COLOR_RESET} Proxy host by ${COLOR_YELLOW}ID${COLOR_RESET}"
echo -e " --host-ssl-enable id 🔒 ${COLOR_GREEN}Enable${COLOR_RESET} SSL, HTTP/2, and HSTS for a proxy host (Will generate Certificat auto if needed)" echo -e " --host-ssl-enable id 🔒 ${COLOR_GREEN}Enable${COLOR_RESET} SSL, HTTP/2, and HSTS for a proxy host (Enabled only if exist, check ${COLOR_ORANGE}--generate-cert${COLOR_RESET} to creating one)"
echo -e " --host-ssl-disable id 🔓 ${COLOR_ORANGE}Disable${COLOR_RESET} SSL, HTTP/2, and HSTS for a proxy host" echo -e " --host-ssl-disable id 🔓 ${COLOR_ORANGE}Disable${COLOR_RESET} SSL, HTTP/2, and HSTS for a proxy host"
echo -e " --generate-cert domain email [--custom]🛡️ ${COLOR_GREEN}Generate${COLOR_RESET} Custom certificate for the given domain and email (Only for Custom certificat)" echo -e " --list-ssl-certificates 📋 ${COLOR_YELLOW}List${COLOR_RESET} All SSL certificates availables (JSON)"
echo -e " --generate-cert domain email 🌀 ${COLOR_GREEN}Generate${COLOR_RESET} Certificate for the given '${COLOR_YELLOW}domain${COLOR_RESET}' and '${COLOR_YELLOW}email${COLOR_RESET}'"
echo -e " --delete-cert domain 💣 ${COLOR_ORANGE}Delete${COLOR_RESET} Certificate for the given '${COLOR_YELLOW}domain${COLOR_RESET}' "
echo -e " --examples 🔖 Examples commands, more explicits" echo -e " --examples 🔖 Examples commands, more explicits"
echo -e " --help" echo -e " --help"
echo "" echo ""
@ -237,14 +241,14 @@ usage() {
# Examples CLI Commands # Examples CLI Commands
examples_cli() { examples_cli() {
echo -e "\n${COLOR_YELLOW}Usage: ./nginx_proxy_manager_cli.sh -d domain -i ip -p port [-f forward_scheme] [-c caching_enabled] [-b block_exploits] [-w allow_websocket_upgrade] [-a advanced_config] [-t token_expiry] [--create-user username password email] [--delete-user username] [--host-delete id] [--host-list] [--host-list-full] [--host-list-ssl-certificates] [--host-list-users] [--host-search hostname] [--host-enable id] [--host-disable id] [--check-token] [--backup] [--backup-host id] [--restore] [--restore-host id] [--generate-cert domain email [--custom]] [--host-ssl-enable id] [--host-ssl-disable id] [--host-show id] [--show-default] [--help]${COLOR_RESET}" echo -e "\n${COLOR_YELLOW}Usage: ./nginx_proxy_manager_cli.sh -d domain -i ip -p port [-f forward_scheme] [-c caching_enabled] [-b block_exploits] [-w allow_websocket_upgrade] [-a advanced_config] [-t token_expiry] [--create-user username password email] [--delete-user username] [--host-delete id] [--host-list] [--host-list-full] [--host-list-certificates] [--host-list-users] [--host-search hostname] [--host-enable id] [--host-disable id] [--check-token] [--backup] [--backup-host id] [--restore] [--restore-host id] [--generate-cert domain email [--custom]] [--host-ssl-enable id] [--host-ssl-disable id] [--host-show id] [--show-default] [--help]${COLOR_RESET}"
echo -e "" echo -e ""
echo -e "Examples:" echo -e "Examples:"
echo -e "\n 📦 Backup First before doing anything!${COLOR_GREY}" echo -e "\n 📦 Backup First before doing anything!${COLOR_GREY}"
echo -e " ./nginx_proxy_manager_cli.sh --backup" echo -e " ./nginx_proxy_manager_cli.sh --backup"
echo -e " ./nginx_proxy_manager_cli.sh --backup-host 1" echo -e " ./nginx_proxy_manager_cli.sh --backup-host 1"
echo -e " ./nginx_proxy_manager_cli.sh --restore" # echo -e " ./nginx_proxy_manager_cli.sh --restore"
echo -e " ./nginx_proxy_manager_cli.sh --restore-host 1" # echo -e " ./nginx_proxy_manager_cli.sh --restore-host 1"
echo -e "\n ${COLOR_RESET}🌐 Host Creation${COLOR_GREY}" echo -e "\n ${COLOR_RESET}🌐 Host Creation${COLOR_GREY}"
echo -e " ./nginx_proxy_manager_cli.sh --show-default" echo -e " ./nginx_proxy_manager_cli.sh --show-default"
echo -e " ./nginx_proxy_manager_cli.sh -d example.com -i 192.168.1.10 -p 8080" echo -e " ./nginx_proxy_manager_cli.sh -d example.com -i 192.168.1.10 -p 8080"
@ -293,7 +297,7 @@ display_info() {
generate_token generate_token
fi fi
echo "" echo -e "\n --help (Show all commands)"
} }
@ -448,7 +452,6 @@ while getopts "d:i:p:f:c:b:w:a:l:-:" opt; do
;; ;;
host-list) LIST_HOSTS=true ;; host-list) LIST_HOSTS=true ;;
host-list-full) LIST_HOSTS_FULL=true ;; host-list-full) LIST_HOSTS_FULL=true ;;
host-list-ssl-certificates) LIST_SSL_CERTIFICATES=true ;;
host-list-users) LIST_USERS=true ;; host-list-users) LIST_USERS=true ;;
host-search) host-search)
SEARCH_HOST=true SEARCH_HOST=true
@ -468,7 +471,10 @@ while getopts "d:i:p:f:c:b:w:a:l:-:" opt; do
DOMAIN="${!OPTIND}"; shift DOMAIN="${!OPTIND}"; shift
EMAIL="${!OPTIND}"; shift EMAIL="${!OPTIND}"; shift
;; ;;
custom) CUSTOM_CERT=true ;; delete-cert)
DELETE_CERT=true
DOMAIN="${!OPTIND}"; shift
;;
host-ssl-enable) host-ssl-enable)
ENABLE_SSL=true ENABLE_SSL=true
HOST_ID="${!OPTIND}"; shift HOST_ID="${!OPTIND}"; shift
@ -478,6 +484,7 @@ while getopts "d:i:p:f:c:b:w:a:l:-:" opt; do
HOST_ID="${!OPTIND}"; shift HOST_ID="${!OPTIND}"; shift
;; ;;
force-cert-creation) FORCE_CERT_CREATION=true ;; force-cert-creation) FORCE_CERT_CREATION=true ;;
list-ssl-certificates) LIST_SSL_CERTIFICATES=true ;;
examples) examples_cli ;; examples) examples_cli ;;
info) display_info;echo; exit 0 ;; info) display_info;echo; exit 0 ;;
esac ;; esac ;;
@ -500,6 +507,7 @@ fi
# Function to check if the host ID exists # Function to check if the host ID exists
host-check-id() { host-check-id() {
local host_id=$1 local host_id=$1
# shellcheck disable=SC2155
local host_list=$(./nginx_proxy_manager_cli.sh --host-list) local host_list=$(./nginx_proxy_manager_cli.sh --host-list)
if echo "$host_list" | grep -q ""id": $host_id"; then if echo "$host_list" | grep -q ""id": $host_id"; then
@ -540,8 +548,10 @@ list_ssl_backup_files() {
regenerate_all_ssl_certificates() { regenerate_all_ssl_certificates() {
echo -e "\n🔄 Regenerating SSL certificates for all hosts..." echo -e "\n🔄 Regenerating SSL certificates for all hosts..."
# shellcheck disable=SC2155
local hosts=$(curl -s -X GET -H "Authorization: Bearer $TOKEN" "$NGINX_API_URL/nginx/proxy-hosts") local hosts=$(curl -s -X GET -H "Authorization: Bearer $TOKEN" "$NGINX_API_URL/nginx/proxy-hosts")
# shellcheck disable=SC2207
local host_ids=($(echo "$hosts" | jq -r '.[] | select(.ssl.enabled == true) | .id')) local host_ids=($(echo "$hosts" | jq -r '.[] | select(.ssl.enabled == true) | .id'))
if [ ${#host_ids[@]} -eq 0 ]; then if [ ${#host_ids[@]} -eq 0 ]; then
echo " ⛔ No hosts with SSL certificates found." echo " ⛔ No hosts with SSL certificates found."
@ -560,7 +570,7 @@ regenerate_all_ssl_certificates() {
done done
} }
# Function to restore SSL certificates from a backup file # Function to restore SSL certificates from a backup file (not used)
restore_ssl_certificates() { restore_ssl_certificates() {
echo -e "\n🩹 Restoring SSL certificates from backup..." echo -e "\n🩹 Restoring SSL certificates from backup..."
@ -950,10 +960,10 @@ pad() {
echo "$str$padding" echo "$str$padding"
} }
# List all proxy hosts with basic details # List all proxy hosts with basic details, including SSL certificate status and associated domain
list_proxy_hosts() { list_proxy_hosts() {
echo -e "\n${COLOR_ORANGE} 👉 List of proxy hosts (simple)${COLOR_RESET}" echo -e "\n${COLOR_ORANGE} 👉 List of proxy hosts (simple)${COLOR_RESET}"
printf " %-6s %-36s %-9s %-4s\n" "ID" "Domain" "Status" "SSL" printf " %-6s %-36s %-9s %-4s %-36s\n" "ID" "Domain" "Status" "SSL" "Certificate Domain"
RESPONSE=$(curl -s -X GET "$BASE_URL/nginx/proxy-hosts" \ RESPONSE=$(curl -s -X GET "$BASE_URL/nginx/proxy-hosts" \
-H "Authorization: Bearer $(cat $TOKEN_FILE)") -H "Authorization: Bearer $(cat $TOKEN_FILE)")
@ -961,26 +971,41 @@ list_proxy_hosts() {
# Clean the response to remove control characters # Clean the response to remove control characters
CLEANED_RESPONSE=$(echo "$RESPONSE" | tr -d '\000-\031') CLEANED_RESPONSE=$(echo "$RESPONSE" | tr -d '\000-\031')
echo "$CLEANED_RESPONSE" | jq -r '.[] | "\(.id) \(.domain_names | join(", ")) \(.enabled) \(.ssl_forced)"' | while read -r id domain enabled ssl_forced; do echo "$CLEANED_RESPONSE" | jq -r '.[] | "\(.id) \(.domain_names | join(", ")) \(.enabled) \(.certificate_id)"' | while read -r id domain enabled certificate_id; do
if [ "$enabled" -eq 1 ]; then if [ "$enabled" -eq 1 ]; then
status="$(echo -e "${WHITE_ON_GREEN} enabled ${COLOR_RESET}")" status="$(echo -e "${WHITE_ON_GREEN} enabled ${COLOR_RESET}")"
else else
status="$(echo -e "${COLOR_RED} disable ${COLOR_RESET}")" status="$(echo -e "${COLOR_RED} disable ${COLOR_RESET}")"
fi fi
if [ "$ssl_forced" -eq 1 ]; then # Default SSL status
ssl_status="✘"
cert_domain=""
# Check if a valid certificate ID is present and not null
if [ "$certificate_id" != "null" ] && [ -n "$certificate_id" ]; then
# Fetch the certificate details using the certificate_id
CERT_DETAILS=$(curl -s -X GET "$BASE_URL/nginx/certificates/$certificate_id" \
-H "Authorization: Bearer $(cat $TOKEN_FILE)")
# Check if the certificate details are valid and domain_names is not null
if [ "$(echo "$CERT_DETAILS" | jq -r '.domain_names')" != "null" ]; then
cert_domain=$(echo "$CERT_DETAILS" | jq -r '.domain_names | join(", ")')
ssl_status="✅" ssl_status="✅"
else else
ssl_status="✘" ssl_status="✘" # If no valid certificate domain is found
cert_domain=""
fi
fi fi
# Print the row with colors # Print the row with colors and certificate domain (if available)
printf " ${COLOR_YELLOW}%6s${COLOR_RESET} ${COLOR_GREEN}%-36s${COLOR_RESET} %-8s %-4s\n" \ printf " ${COLOR_YELLOW}%6s${COLOR_RESET} ${COLOR_GREEN}%-36s${COLOR_RESET} %-8s %-4s %-36s\n" \
"$(pad "$id" 6)" "$(pad "$domain" 36)" "$status" "$ssl_status" "$(pad "$id" 6)" "$(pad "$domain" 36)" "$status" "$ssl_status" "$cert_domain"
done done
echo "" echo ""
} }
# List all proxy hosts with full details # List all proxy hosts with full details
list_proxy_hosts_full() { list_proxy_hosts_full() {
echo -e "\n${COLOR_ORANGE} 👉 List of proxy hosts with full details...${COLOR_RESET}\n" echo -e "\n${COLOR_ORANGE} 👉 List of proxy hosts with full details...${COLOR_RESET}\n"
@ -1013,13 +1038,52 @@ search_proxy_host() {
} }
# List all SSL certificates # List all SSL certificates
list_ssl_certificates() { list_ssl_certificates_back() {
echo " 👉 List of SSL certificates..." echo " 👉 List of SSL certificates..."
RESPONSE=$(curl -s -X GET "$BASE_URL/nginx/certificates" \ RESPONSE=$(curl -s -X GET "$BASE_URL/nginx/certificates" \
-H "Authorization: Bearer $(cat $TOKEN_FILE)") -H "Authorization: Bearer $(cat $TOKEN_FILE)")
echo "$RESPONSE" | jq echo "$RESPONSE" | jq
} }
# Function to list all SSL certificates or filter by domain
list_ssl_certificates() {
DOMAIN="$1" # Capture the first argument passed to the function
if [ -n "$DOMAIN" ]; then
echo " 👉 Listing SSL certificates for domain: $DOMAIN..."
else
echo " 👉 Listing all SSL certificates..."
fi
# Fetch all certificates
RESPONSE=$(curl -s -X GET "$BASE_URL/nginx/certificates" \
-H "Authorization: Bearer $(cat $TOKEN_FILE)")
if [ -n "$DOMAIN" ]; then
# Filter certificates by domain name
CERTS_FOR_DOMAIN=$(echo "$RESPONSE" | jq -r --arg domain "$DOMAIN" \
'.[] | select(.domain_names[] == $domain) | {id: .id, provider: .provider, domain_names: .domain_names, valid_from: .valid_from, valid_to: .valid_to}')
if [ -z "$CERTS_FOR_DOMAIN" ]; then
echo " ⛔ No SSL certificates found for domain: $DOMAIN"
else
echo " ✅ SSL certificates found for domain: $DOMAIN"
echo "$CERTS_FOR_DOMAIN" | jq # Display the filtered certificates
fi
else
# List all certificates if no domain is specified
#echo "$RESPONSE" | jq -r '.[] | {id: .id, provider: .provider, domain_names: .domain_names, valid_from: .valid_from, valid_to: .valid_to}'
echo "$RESPONSE" | jq
fi
}
# List all users # List all users
list_users() { list_users() {
echo -e "\n 👉 List of users..." echo -e "\n 👉 List of users..."
@ -1101,6 +1165,13 @@ enable_proxy_host() {
echo -e "\n 💣 The --host-enable option requires a host ID." echo -e "\n 💣 The --host-enable option requires a host ID."
usage usage
fi fi
# Validate that HOST_ID is a number
if ! [[ "$HOST_ID" =~ ^[0-9]+$ ]]; then
echo -e "${COLOR_RED}Invalid host ID: $HOST_ID. It must be a numeric value.${COLOR_RESET}\n"
exit 1
fi
echo -e "\n ✅ Enabling 🌐 proxy host ID: $HOST_ID..." echo -e "\n ✅ Enabling 🌐 proxy host ID: $HOST_ID..."
# Check if the proxy host exists before enabling # Check if the proxy host exists before enabling
@ -1130,6 +1201,7 @@ enable_proxy_host() {
fi fi
} }
# Disable a proxy host by ID # Disable a proxy host by ID
disable_proxy_host() { disable_proxy_host() {
if [ -z "$HOST_ID" ]; then if [ -z "$HOST_ID" ]; then
@ -1153,6 +1225,56 @@ disable_proxy_host() {
fi fi
} }
# Delete a certificate in NPM
delete_certificate() {
if [ -z "$DOMAIN" ]; then
echo -e "\n 🛡️ The --delete-cert option requires a domain."
usage
fi
echo -e "\n 👀 Checking if certificate for domain: $DOMAIN exists..."
RESPONSE=$(curl -s -X GET "$BASE_URL/nginx/certificates" \
-H "Authorization: Bearer $(cat $TOKEN_FILE)")
# Search for the certificate for the specified domain
EXISTING_CERT=$(echo "$RESPONSE" | jq -r --arg DOMAIN "$DOMAIN" '.[] | select(.domain_names[] == $DOMAIN)')
if [ -z "$EXISTING_CERT" ]; then
echo -e " ⛔ No certificate found for domain: $DOMAIN. \n"
exit 0
fi
CERTIFICATE_ID=$(echo "$EXISTING_CERT" | jq -r '.id')
EXPIRES_ON=$(echo "$EXISTING_CERT" | jq -r '.expires_on')
PROVIDER=$(echo "$EXISTING_CERT" | jq -r '.provider')
echo -e " ✅ Certificate found for $DOMAIN (Provider: $PROVIDER, Expires on: $EXPIRES_ON)."
# Ask for confirmation before deleting the certificate
read -p "⚠️ Are you sure you want to delete the certificate for $DOMAIN? (y/n): " CONFIRM
if [[ "$CONFIRM" != "y" ]]; then
echo -e " ❌ Certificate deletion aborted."
exit 0
fi
echo -e " 🗑️ Deleting certificate for domain: $DOMAIN..."
# Send DELETE request to remove the certificate
HTTP_RESPONSE=$(curl -s -w "HTTPSTATUS:%{http_code}" -X DELETE "$BASE_URL/nginx/certificates/$CERTIFICATE_ID" \
-H "Authorization: Bearer $(cat $TOKEN_FILE)")
HTTP_BODY=$(echo "$HTTP_RESPONSE" | sed -e 's/HTTPSTATUS\:.*//g')
HTTP_STATUS=$(echo "$HTTP_RESPONSE" | tr -d '\n' | sed -e 's/.*HTTPSTATUS://')
if [ "$HTTP_STATUS" -eq 204 ] || ([ "$HTTP_STATUS" -eq 200 ] && [ "$HTTP_BODY" == "true" ]); then
echo -e "${COLOR_GREEN}Certificate deleted successfully!${COLOR_RESET}\n"
else
echo " Data sent: Certificate ID = $CERTIFICATE_ID" # Log the certificate ID being deleted
echo -e "${COLOR_RED}Failed to delete certificate. HTTP status: $HTTP_STATUS. Response: $HTTP_BODY${COLOR_RESET}\n"
fi
}
# Generate Let's Encrypt certificate if not exists # Generate Let's Encrypt certificate if not exists
generate_certificate() { generate_certificate() {
@ -1169,7 +1291,14 @@ generate_certificate() {
if [ -n "$EXISTING_CERT" ] && ! $FORCE_CERT_CREATION; then if [ -n "$EXISTING_CERT" ] && ! $FORCE_CERT_CREATION; then
EXPIRES_ON=$(echo "$EXISTING_CERT" | jq -r '.expires_on') EXPIRES_ON=$(echo "$EXISTING_CERT" | jq -r '.expires_on')
echo -e " 🔔 Certificate for $DOMAIN already exists and is valid until $EXPIRES_ON." echo -e " 🔔 Certificate for $DOMAIN already exists and is valid until $EXPIRES_ON.\n"
exit 0
fi
# Ask for confirmation before creating a new certificate
read -p "⚠️ No existing certificate found for $DOMAIN. Do you want to create a new Let's Encrypt certificate? (y/n): " CONFIRM
if [[ "$CONFIRM" != "y" ]]; then
echo -e " ❌ Certificate creation aborted."
exit 0 exit 0
fi fi
@ -1202,8 +1331,9 @@ generate_certificate() {
fi fi
} }
# enable_ssl function
enable_ssl() { # enable_ssl function adel
enable_ssl_old() {
if [ -z "$HOST_ID" ]; then if [ -z "$HOST_ID" ]; then
echo -e "\n 🛡️ The --host-ssl-enable option requires a host ID." echo -e "\n 🛡️ The --host-ssl-enable option requires a host ID."
usage usage
@ -1259,6 +1389,128 @@ enable_ssl() {
fi fi
} }
# enable_ssl function
enable_ssl() {
if [ -z "$HOST_ID" ]; then
echo -e "\n 🛡️ The --host-ssl-enable option requires a host ID."
usage
fi
# Validate that HOST_ID is a number
if ! [[ "$HOST_ID" =~ ^[0-9]+$ ]]; then
echo -e "${COLOR_RED}Invalid host ID: $HOST_ID. It must be a numeric value.${COLOR_RESET}\n"
echo -e "\n 🛡️ The --host-ssl-enable option requires a host ID."
list_proxy_hosts
exit 1
fi
echo -e "\n ✅ Enabling 🔒 SSL, HTTP/2, and HSTS for proxy host ID: $HOST_ID..."
# Check host details
CHECK_RESPONSE=$(curl -s -X GET "$BASE_URL/nginx/proxy-hosts/$HOST_ID" \
-H "Authorization: Bearer $(cat $TOKEN_FILE)")
DOMAIN_NAMES=$(echo "$CHECK_RESPONSE" | jq -r '.domain_names[]')
# Fetch all certificates (custom and Let's Encrypt)
CERTIFICATES=$(curl -s -X GET "$BASE_URL/nginx/certificates" \
-H "Authorization: Bearer $(cat $TOKEN_FILE)")
# Find all certificates for the given domain
DOMAIN_CERTS=$(echo "$CERTIFICATES" | jq -c --arg domain "$DOMAIN_NAMES" \
'.[] | select(.domain_names[] == $domain) | {id: .id, provider: .provider, valid_from: .valid_from, valid_to: .valid_to}')
# Count the number of certificates found
CERT_COUNT=$(echo "$DOMAIN_CERTS" | jq -s 'length')
# Ensure CERT_COUNT is treated as an integer
CERT_COUNT=${CERT_COUNT:-0}
if [ "$CERT_COUNT" -eq 0 ]; then
echo -e " ⛔ No certificate associated with this host.\n"
exit 1 # Exit if no certificate found
elif [ "$CERT_COUNT" -gt 1 ]; then
echo " ⚠️ Multiple certificates found for domain $DOMAIN_NAMES. Please select one:"
# Display the certificates with provider and validity dates
echo "$DOMAIN_CERTS" | jq -r 'to_entries[] | "\(.key + 1)) Provider: \(.value.provider), Valid From: \(.value.valid_from), Valid To: \(.value.valid_to)"'
# Ask the user to choose the certificate
read -p "Enter the number of the certificate you want to use: " CERT_INDEX
CERT_INDEX=$((CERT_INDEX - 1)) # Adjust for 0-index
CERTIFICATE_ID=$(echo "$DOMAIN_CERTS" | jq -r ".[$CERT_INDEX].id")
else
# Only one certificate found, use it
CERTIFICATE_ID=$(echo "$DOMAIN_CERTS" | jq -r '.id')
echo " ✅ Using certificate ID: $CERTIFICATE_ID"
fi
# Verify if CERTIFICATE_ID is empty
if [ -z "$CERTIFICATE_ID" ]; then
echo " ⛔ No valid certificate ID found. Aborting."
exit 1
fi
# Update the host with SSL enabled
DATA=$(jq -n --arg cert_id "$CERTIFICATE_ID" '{
certificate_id: $cert_id,
ssl_forced: true,
http2_support: true,
hsts_enabled: true,
hsts_subdomains: false
}')
echo -e "\n Data being sent for SSL enablement: $DATA" # Log the data being sent
HTTP_RESPONSE=$(curl -s -w "HTTPSTATUS:%{http_code}" -X PUT "$BASE_URL/nginx/proxy-hosts/$HOST_ID" \
-H "Authorization: Bearer $(cat $TOKEN_FILE)" \
-H "Content-Type: application/json; charset=UTF-8" \
--data-raw "$DATA")
HTTP_BODY=$(echo "$HTTP_RESPONSE" | sed -e 's/HTTPSTATUS\:.*//g')
HTTP_STATUS=$(echo "$HTTP_RESPONSE" | tr -d '\n' | sed -e 's/.*HTTPSTATUS://')
if [ "$HTTP_STATUS" -eq 200 ]; then
echo -e "\n ✅ ${COLOR_GREEN}SSL, HTTP/2, and HSTS enabled successfully!${COLOR_RESET}\n"
else
echo -e "\n 👉Data sent: $DATA" # Log the data sent
echo -e "\n ⛔ ${COLOR_RED}Failed to enable SSL, HTTP/2, and HSTS. HTTP status: $HTTP_STATUS. Response: $HTTP_BODY${COLOR_RESET}\n"
fi
}
# list_certificates function
list_certificates() {
if [ -z "$DOMAIN" ]; then
echo -e "\n 🌐 The --list-certificates option requires a domain name."
usage
fi
echo -e "\n 📜 Listing all certificates for domain: $DOMAIN..."
# Fetch all certificates (custom and Let's Encrypt)
CERTIFICATES=$(curl -s -X GET "$BASE_URL/nginx/certificates" \
-H "Authorization: Bearer $(cat $TOKEN_FILE)")
# Find all certificates for the given domain
DOMAIN_CERTS=$(echo "$CERTIFICATES" | jq -r --arg domain "$DOMAIN" \
'.[] | select(.domain_names[] == $domain) | {id: .id, provider: .provider, valid_from: .valid_from, valid_to: .valid_to}')
CERT_COUNT=$(echo "$DOMAIN_CERTS" | jq length)
if [ "$CERT_COUNT" -eq 0 ]; then
echo " ⛔ No certificates found for domain: $DOMAIN."
else
echo " ✅ Certificates found for domain $DOMAIN:"
# Display the certificates with provider and validity dates
echo "$DOMAIN_CERTS" | jq -r '. | "ID: \(.id), Provider: \(.provider), Valid From: \(.valid_from), Valid To: \(.valid_to)"'
fi
}
# disable_ssl # disable_ssl
# Function to disable SSL for a proxy host # Function to disable SSL for a proxy host
disable_ssl() { disable_ssl() {
@ -1508,7 +1760,13 @@ elif [ "$LIST_HOSTS_FULL" = true ]; then
elif [ "$HOST_SHOW" = true ]; then elif [ "$HOST_SHOW" = true ]; then
host_show host_show
elif [ "$LIST_SSL_CERTIFICATES" = true ]; then elif [ "$LIST_SSL_CERTIFICATES" = true ]; then
if [ -n "$DOMAIN_ARG" ]; then
list_ssl_certificates "$DOMAIN_ARG"
else
list_ssl_certificates list_ssl_certificates
fi
# elif [ "$LIST_SSL_CERTIFICATES" = true ]; then
# list_ssl_certificates
elif [ "$LIST_USERS" = true ]; then elif [ "$LIST_USERS" = true ]; then
list_users list_users
elif [ "$SEARCH_HOST" = true ]; then elif [ "$SEARCH_HOST" = true ]; then
@ -1529,6 +1787,8 @@ elif [ "$RESTORE_HOST" = true ]; then
restore-host restore-host
elif [ "$GENERATE_CERT" = true ]; then elif [ "$GENERATE_CERT" = true ]; then
generate_certificate generate_certificate
elif [ "$DELETE_CERT" = true ]; then
delete_certificate
elif [ "$ENABLE_SSL" = true ]; then elif [ "$ENABLE_SSL" = true ]; then
enable_ssl enable_ssl
elif [ "$DISABLE_SSL" = true ]; then elif [ "$DISABLE_SSL" = true ]; then