#!/bin/bash
# Nginx Proxy Manager CLI Script
# Github [ https://github.com/Erreur32/nginx-proxy-manager-Bash-API ]
# By Erreur32 - July 2024
# NPM api https://github.com/NginxProxyManager/nginx-proxy-manager/tree/develop/backend/schema
# https://github.com/NginxProxyManager/nginx-proxy-manager/tree/develop/backend/schema/components
VERSION="3.0.0"
#################################
# This script allows you to manage Nginx Proxy Manager via the API. It provides
# functionalities such as creating proxy hosts, managing users, listing hosts,
# backing up configurations, and more.
#
#################################
# PERSISTENT Config
#################################
# Create config file $SCRIPT_DIR/npm-api.conf and Edit Variables (required)
# NGINX_IP="127.0.0.1"
# NGINX_PORT="81"
# API_USER="admin@example.com"
# API_PASS="changeme"
#
# Optional (only if you want in other placer than script directory)
# DATA_DIR="/path/nginx_backup/dir"
#
################################
# Optional (for a future version, not use)
# NGINX_PATH_DOCKER="/home/docker/nginx_proxy/nginx"
#################################
# Common Examples
#
# 1. Create a new proxy host:
# ./npm-api.sh --host-create example.com -i 192.168.1.10 -p 8080
#
# 2. Enable SSL for a host:
# ./npm-api.sh --host-ssl-enable 1
#
# 3. Create a new user:
# ./npm-api.sh --user-create admin admin@example.com password123
#
# 4. List all proxy hosts:
# ./npm-api.sh --host-list
#
# 5. Generate SSL certificate:
# ./npm-api.sh --cert-generate *.example.com admin@example.com
#
# 6. Show host details:
# ./npm-api.sh --host-show 1
#
# debug version
set -eu -o pipefail
#set -x # Active dbog
#set -eu -o pipefail
# Check if config file npm-api.conf exist
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
CONFIG_FILE="$SCRIPT_DIR/npm-api.conf"
################################
# Variables to Edit (required) #
# or create a config file #
################################
# set default variables
DEFAULT_NGINX_IP="127.0.0.1"
DEFAULT_NGINX_PORT="81"
DEFAULT_API_USER="admin@example.com"
DEFAULT_API_PASS="changeme"
DEFAULT_NGINX_PATH_DOCKER="/path/docker/npm"
# default backup directoy (You can override with your path)
DEFAULT_DATA_DIR="$SCRIPT_DIR/data"
################################
# DON'T TOUCH BELOW !!! ;)
################################
# Colors Custom
COLOR_GREEN="\033[32m"
COLOR_GREEN_b="\e[92m"
COLOR_RED="\033[91m"
COLOR_RED_FULL="\033[41;1m"
COLOR_ORANGE="\033[38;5;202m"
COLOR_YELLOW="\033[93m"
COLOR_CYAN="\033[36m"
COLOR_GREY="\e[90m"
COLOR_GRAY=" \e[100m"
WHITE_ON_GREEN="\033[30;48;5;83m"
CoR="\033[0m"
# load config file if exists
if [ -f "$CONFIG_FILE" ]; then
# First set default values
NGINX_IP="$DEFAULT_NGINX_IP"
NGINX_PORT="$DEFAULT_NGINX_PORT"
API_USER="$DEFAULT_API_USER"
API_PASS="$DEFAULT_API_PASS"
DATA_DIR="$DEFAULT_DATA_DIR"
NGINX_PATH_DOCKER="$DEFAULT_NGINX_PATH_DOCKER"
# Then load config file which will override defaults
source "$CONFIG_FILE"
# Finally set variables as read only
declare -r NGINX_IP
declare -r NGINX_PORT
declare -r API_USER
declare -r API_PASS
#declare -r DATA_DIR
# NGINX_PATH_DOCKER is optional, only make it readonly if it was set in config
if [ -n "${NGINX_PATH_DOCKER+x}" ]; then
declare -r NGINX_PATH_DOCKER
fi
else
# Use default values
NGINX_IP="$DEFAULT_NGINX_IP"
NGINX_PORT="$DEFAULT_NGINX_PORT"
API_USER="$DEFAULT_API_USER"
API_PASS="$DEFAULT_API_PASS"
DATA_DIR="$DEFAULT_DATA_DIR"
NGINX_PATH_DOCKER="$DEFAULT_NGINX_PATH_DOCKER"
# Check if using default API user
if [ "$API_USER" = "$DEFAULT_API_USER" ]; then
echo -e "\nβ οΈ ${COLOR_RED}Using default API credentials - Please configure the script!${CoR}"
echo -e "\nπ Create configuration file: $CONFIG_FILE with content:"
echo -e "${COLOR_GREY}NGINX_IP=\"$NGINX_IP\"${CoR} ${COLOR_YELLOW}(current default)${CoR}"
echo -e "${COLOR_GREY}NGINX_PORT=\"$NGINX_PORT\"${CoR} ${COLOR_YELLOW}(current default)${CoR}"
echo -e "${COLOR_RED}API_USER=\"admin@example.com\"${CoR} ${COLOR_RED}(required)${CoR}"
echo -e "${COLOR_RED}API_PASS=\"your_password\"${CoR} ${COLOR_RED}(required)${CoR}"
echo -e "${COLOR_GREY}DATA_DIR=\"$DATA_DIR\"${CoR} ${COLOR_YELLOW}(current default)${CoR}"
echo -e "\nβ ${COLOR_RED}Cannot continue with default API credentials${CoR}\n"
exit 1
fi
fi
# API Endpoints
BASE_URL="http://$NGINX_IP:$NGINX_PORT/api"
# Set Token duration validity.
#TOKEN_EXPIRY="365d"
#TOKEN_EXPIRY="31536000s"
TOKEN_EXPIRY="1y"
# Default variables for creating a new proxy host (adapt to your needs)
CACHING_ENABLED=false
BLOCK_EXPLOITS=true
ALLOW_WEBSOCKET_UPGRADE=1
HTTP2_SUPPORT=0
ADVANCED_CONFIG=""
LETS_ENCRYPT_AGREE=false
LETS_ENCRYPT_EMAIL=""
FORWARD_SCHEME="http"
FORCE_CERT_CREATION=false
SSL_FORCED=0
HSTS_ENABLED=0
HSTS_SUBDOMAINS=0
#DNS_PROVIDER=""
#DNS_API_KEY=""
# Don't touch below that line (or you know ...)
DEFAULT_EMAIL="$API_USER"
DOMAIN=""
DOMAIN_NAMES=""
FORWARD_HOST=""
FORWARD_PORT=""
CUSTOM_LOCATIONS=""
USERNAME=""
PASSWORD=""
EMAIL=""
HOST_ID=""
FIELD=""
VALUE=""
FIELD_VALUE=""
# Control variables
AUTO_YES=false
CHECK_TOKEN=false
EXAMPLES=false
INFO=false
SHOW_HELP=false
SHOW_DEFAULT=false
USER_CREATE=false
USER_DELETE=false
USER_LIST=false
HOST_SHOW=false
HOST_LIST=false
HOST_LIST_FULL=false
HOST_SEARCH=false
HOST_UPDATE=false
HOST_ENABLE=false
HOST_SEARCHNAME=""
HOST_DISABLE=false
HOST_DELETE=false
HOST_ACL_ENABLE=false
HOST_ACL_DISABLE=false
HOST_CREATE=false
LIST_CERT_ALL=false
CERT_SHOW=false
CERT_GENERATE=false
CERT_DELETE=false
CERT_DOMAIN=""
CERT_EMAIL=""
DNS_PROVIDER=""
DNS_API_KEY=""
DOMAIN_EXISTS=""
HOST_SSL_ENABLE=false
HOST_SSL_DISABLE=false
SSL_RESTORE=false
ACCESS_LIST=false
ACCESS_LIST_CREATE=false
ACCESS_LIST_UPDATE=false
ACCESS_LIST_DELETE=false
ACCESS_LIST_SHOW=false
ACCESS_LIST_ID=""
AUTO_YES=false
BACKUP=false
BACKUP_LIST=false
### in progress
BACKUP_HOST=false
RESTORE_HOST=false
RESTORE_BACKUP=false
CLEAN_HOSTS=false
if [ $# -eq 0 ]; then
INFO=true
#SHOW_HELP=true
fi
###############################################
# Check if necessary dependencies are installed
################################
# Function to check and create required directories
# Usage: check_dependencies
# Returns: 0 if successful, exits with 1 if error
################################
check_dependencies() {
#echo -e "\n π ${COLOR_CYAN}Checking system dependencies and directories...${CoR}"
################################
# 1. Check System Dependencies #
################################
local dependencies=("curl" "jq")
local missing=()
for dep in "${dependencies[@]}"; do
if ! command -v "$dep" &> /dev/null; then
missing+=("$dep")
fi
done
if [ ${#missing[@]} -gt 0 ]; then
echo -e " β ${COLOR_RED}Missing dependencies. Please install:${CoR}"
printf " - %s\n" "${missing[@]}"
exit 1
fi
#return 0
}
#check_dependencies
# Check if the Nginx Proxy Manager API is accessible
check_nginx_access() {
local max_retries=3
local retry_count=0
local timeout=5
#echo -e "\nπ Checking NPM availability..."
#echo -e " β’ Attempting to connect to: ${COLOR_YELLOW}$BASE_URL${CoR}"
#echo -e "\n β
Loading variables from file $CONFIG_FILE"
while [ $retry_count -lt $max_retries ]; do
# Try to connect with timeout
if curl --output /dev/null --silent --head --fail --connect-timeout $timeout --max-redirs 0 "$BASE_URL"; then
#echo -e " β
NPM is accessible at: ${COLOR_GREEN}$BASE_URL${CoR}"
local version_info=$(curl -s --max-redirs 0 "${BASE_URL%/api}/version")
return 0
fi
((retry_count++))
# Show retry message if not last attempt
if [ $retry_count -lt $max_retries ]; then
echo -e " β³ Attempt $retry_count/$max_retries - Retrying in ${timeout}s..."
sleep $timeout
fi
done
# If we get here, all attempts failed
echo -e "\nβ ${COLOR_RED}ERROR: Cannot connect to NPM${CoR}"
echo -e "π Details:"
echo -e " β’ URL: ${COLOR_YELLOW}$BASE_URL${CoR}"
echo -e " β’ Host: ${COLOR_YELLOW}$NGINX_IP${CoR}"
echo -e " β’ Port: ${COLOR_YELLOW}${API_PORT}${CoR}"
echo -e "\nπ Troubleshooting:"
echo -e " 1. Check if NPM is running"
echo -e " 2. Verify network connectivity"
echo -e " 3. Confirm NPM IP and port settings"
echo -e " 4. Check NPM logs for errors"
echo -e "\nπ‘ Command to check NPM status:"
echo -e " $ docker ps | grep nginx-proxy-manager"
echo -e " $ docker logs nginx-proxy-manager\n"
exit 1
}
################################
# Generate and/or validate token
# $1: boolean - true pour afficher les messages, false pour mode silencieux
check_token() {
local verbose=${1:-false}
# PATH
###############################
[ "$verbose" = true ] && echo -e "\n π ${COLOR_CYAN}Checking system dependencies and directories...${CoR}"
check_dependencies
local ip_port_dir="${NGINX_IP//[.:]/_}_${NGINX_PORT}"
DATA_DIR_ID="$DATA_DIR/$ip_port_dir"
BACKUP_DIR="$DATA_DIR_ID/backups"
TOKEN_DIR="$DATA_DIR_ID/token"
TOKEN_FILE="$TOKEN_DIR/token.txt"
EXPIRY_FILE="$TOKEN_DIR/expiry.txt"
################################
# Create directories if they don't exist
################################
for dir in "$DATA_DIR_ID" "$TOKEN_DIR" "$BACKUP_DIR"; do
if [ ! -d "$dir" ]; then
[ "$verbose" = true ] && echo -e " π’ ${COLOR_YELLOW}Creating directory: $dir${CoR}"
if ! mkdir -p "$dir" 2>/dev/null; then
echo -e "\n ${COLOR_RED}Error: Failed to create directory $dir${CoR}"
exit 1
fi
# Set proper permissions
chmod 755 "$dir" 2>/dev/null
fi
done
[ "$verbose" = true ] && echo -e " β
${COLOR_GREEN}All dependencies and directories are properly set up${CoR}"
[ "$verbose" = true ] && echo -e " ${COLOR_GREY}βββ System tools: OK${CoR}"
[ "$verbose" = true ] && echo -e " ${COLOR_GREY}βββ Directories : OK${CoR}"
[ "$verbose" = true ] && echo -e " ${COLOR_GREY}βββ Permissions : OK${CoR}"
[ "$verbose" = true ] && echo -e "\n π Checking token validity..."
# Check if token files exist and are readable
if [ ! -f "$TOKEN_FILE" ] || [ ! -f "$EXPIRY_FILE" ] || \
[ ! -r "$TOKEN_FILE" ] || [ ! -r "$EXPIRY_FILE" ] || \
[ ! -s "$TOKEN_FILE" ] || [ ! -s "$EXPIRY_FILE" ]; then
[ "$verbose" = true ] && echo -e " β ${COLOR_RED}Token files missing or unreadable. Generating new token...${CoR}"
generate_new_token
# Ensure files were created and are readable
if [ ! -f "$TOKEN_FILE" ] || [ ! -f "$EXPIRY_FILE" ] || \
[ ! -r "$TOKEN_FILE" ] || [ ! -r "$EXPIRY_FILE" ]; then
echo -e "\n ${COLOR_RED}Error: Failed to create or read token files${CoR}"
exit 1
fi
return
fi
# Read token and expiry
token=$(cat "$TOKEN_FILE" 2>/dev/null)
expires=$(cat "$EXPIRY_FILE" 2>/dev/null)
current_time=$(date -u +"%Y-%m-%dT%H:%M:%SZ")
# Validate expiry date format
if ! date -d "$expires" >/dev/null 2>&1; then
[ "$verbose" = true ] && echo -e " β ${COLOR_RED}Invalid expiry date. Generating new token...${CoR}"
generate_new_token
return
fi
# Check if token is expired or will expire soon (1 hour)
local expiry_timestamp=$(date -d "$expires" +%s)
local current_timestamp=$(date -d "$current_time" +%s)
local time_diff=$((expiry_timestamp - current_timestamp))
if [ $time_diff -lt 3600 ]; then
[ "$verbose" = true ] && echo -e " β οΈ ${COLOR_YELLOW}Token expires soon. Generating new token...${CoR}"
generate_new_token
return
fi
# Test token with API call
local test_response
test_response=$(curl -s -w "HTTPSTATUS:%{http_code}" \
-H "Authorization: Bearer $token" \
--connect-timeout 5 \
"$BASE_URL/tokens")
local http_status=$(echo "$test_response" | tr -d '\n' | sed -e 's/.*HTTPSTATUS://')
if [ "$http_status" -eq 200 ]; then
[ "$verbose" = true ] && echo -e " β
${COLOR_GREEN}Token is valid${CoR}"
[ "$verbose" = true ] && echo -e " π
Expires: ${COLOR_YELLOW}$expires${CoR}\n"
else
[ "$verbose" = true ] && echo -e " β ${COLOR_RED}Token is invalid. Generating new token...${CoR}\n"
generate_new_token
fi
return 0
}
# validate_token not verbose
check_token_notverbose() {
check_token false
}
################################
# Generate a new API token
generate_new_token() {
echo -e "\n π ${COLOR_YELLOW}Generating a new API token...${CoR}"
# check if API credentials are missing
if [ -z "$API_USER" ] || [ -z "$API_PASS" ]; then
echo -e " β ${COLOR_RED}Error: API credentials are missing.${CoR}"
exit 1
fi
# check if NPM is accessible
if ! curl --output /dev/null --silent --head --fail --connect-timeout 5 "$BASE_URL"; then
echo -e "\nβ ${COLOR_RED}ERROR: Cannot connect to NPM to generate token${CoR}"
echo -e "π Please check if NPM is running and accessible at ${COLOR_YELLOW}$BASE_URL${CoR}\n"
exit 1
fi
# First get a temporary token
local temp_response=$(curl -s -w "\nHTTPSTATUS:%{http_code}" -X POST "$BASE_URL/tokens" \
-H "Content-Type: application/json" \
--data-raw "{\"identity\":\"$API_USER\",\"secret\":\"$API_PASS\"}")
local temp_body=$(echo "$temp_response" | sed -e 's/HTTPSTATUS\:.*//g')
local temp_status=$(echo "$temp_response" | tr -d '\n' | sed -e 's/.*HTTPSTATUS://')
if [ "$temp_status" -ne 200 ]; then
echo -e " β ${COLOR_RED}Failed to generate temporary token. Status: $temp_status${CoR}"
echo -e " π Response: $temp_body"
exit 1
fi
# Extract the temporary token
local temp_token=$(echo "$temp_body" | jq -r '.token')
# Now get a long-term token using the temporary one
local response=$(curl -s -w "\nHTTPSTATUS:%{http_code}" -X GET "$BASE_URL/tokens?expiry=$TOKEN_EXPIRY" \
-H "Authorization: Bearer $temp_token" \
-H "Accept: application/json")
local body=$(echo "$response" | sed -e 's/HTTPSTATUS\:.*//g')
local status=$(echo "$response" | tr -d '\n' | sed -e 's/.*HTTPSTATUS://')
if [ "$status" -ne 200 ]; then
echo -e " β ${COLOR_RED}Failed to generate long-term token. Status: $status${CoR}"
echo -e " π Response: $body"
exit 1
fi
# Extract token and expiry
local token=$(echo "$body" | jq -r '.token')
local expiry=$(echo "$body" | jq -r '.expires')
# Ensure token directory exists with proper permissions
if [ ! -d "$TOKEN_DIR" ]; then
mkdir -p "$TOKEN_DIR" 2>/dev/null
chmod 755 "$TOKEN_DIR" 2>/dev/null
fi
# Save token and expiry with proper permissions
echo "$token" > "$TOKEN_FILE"
echo "$expiry" > "$EXPIRY_FILE"
chmod 644 "$TOKEN_FILE" "$EXPIRY_FILE" 2>/dev/null
# Verify files were created successfully
if [ ! -f "$TOKEN_FILE" ] || [ ! -f "$EXPIRY_FILE" ] || \
[ ! -r "$TOKEN_FILE" ] || [ ! -r "$EXPIRY_FILE" ]; then
echo -e " β ${COLOR_RED}Failed to save token files${CoR}"
exit 1
fi
echo -e " β
${COLOR_GREEN}New token successfully generated and stored.${CoR}"
echo -e " π
Token expiry date: ${COLOR_YELLOW}$expiry${CoR}"
}
# Function to pad strings to a certain length
pad() {
local str="$1"
local len="$2"
local str_len=${#str}
local pad_len=$((len - str_len))
local padding=$(printf '%*s' "$pad_len" "")
echo "$str$padding"
}
################################
# Colorize boolean values for display
colorize_boolean() {
local value="$1"
if [ "$value" = "true" ]; then
echo "${COLOR_GREEN}true${CoR}"
elif [ "$value" = "false" ]; then
echo "${COLOR_RED}false${CoR}"
else
# If value is neither true nor false, convert to boolean
if [ "$value" = "1" ] || [ "$value" = "yes" ] || [ "$value" = "on" ]; then
echo "${COLOR_GREEN}true${CoR}"
else
echo "${COLOR_RED}false${CoR}"
fi
fi
}
################################
# Colorize other boolean values for display
colorize_booleanh() {
local value=$1
if [ "$value" = https ]; then
echo -e "${COLOR_GREEN}https${CoR}"
else
echo -e "${COLOR_YELLOW}http${CoR}"
fi
}
# Function to sanitize names for directory
sanitize_name() {
local name=$1
echo "${name//[^a-zA-Z0-9]/_}"
}
################################
# Function to validate JSON files
validate_json() {
local file=$1
if ! jq empty "$file" 2>/dev/null; then
echo -e "\n β Invalid JSON detected in file: $file"
cat "$file" # Afficher le contenu du fichier pour debug
return 1
fi
return 0
}
################################
# Display help
show_help() {
echo -e "\n Options available: ${COLOR_GREY}(see --examples for more details)${CoR}"
echo -e " -y Automatic ${COLOR_YELLOW}yes${CoR} prompts!"
echo -e " --info Display ${COLOR_GREY}Script Variables Information${CoR}"
echo -e " --show-default Show ${COLOR_GREY}Default settings for host creation${CoR}"
echo -e " --check-token Check ${COLOR_GREY}Check current token info${CoR}"
echo -e " --backup ${COLOR_GREEN}πΎ ${CoR}Backup ${COLOR_GREY}All configurations to a different files in \$DATA_DIR${CoR}"
#echo -e " --clean-hosts ${COLOR_GREEN}π₯ ${CoR}Reimport${CoR} ${COLOR_GREY}Clean Proxy ID and SSL ID in sqlite database ;)${CoR}"
#echo -e " --backup-host π¦ ${COLOR_GREEN}Backup${CoR} All proxy hosts and SSL certificates in Single file"
#echo -e " --backup-host 5 π¦ ${COLOR_GREEN}Backup${CoR} Proxy host ID 5 and its SSL certificate"
#echo -e " --host-list-full > backup.txt πΎ ${COLOR_YELLOW}Export${CoR} Full host configuration to file"
#echo -e " --restore π¦ ${COLOR_GREEN}Restore${CoR} All configurations from a backup file"
#echo -e " --restore-host id π¦ ${COLOR_GREEN}Restore${CoR} Restore single host with list with empty arguments or a Domain name"
echo ""
echo -e " Proxy Host Management:"
echo "ββββββββββββββββββββββββββββββββββββββββ"
echo -e " --host-search ${COLOR_CYAN}domain${CoR} Search ${COLOR_GREY}Proxy host by ${COLOR_YELLOW}domain name${CoR}"
echo -e " --host-list List ${COLOR_GREY}All Proxy hosts (to find ID)${CoR}"
#echo -e " --host-list-full π List ${COLOR_GREY}All Proxy hosts full details (JSON)${CoR}"
echo -e " --host-show ${COLOR_CYAN}π${CoR} Show ${COLOR_GREY}Full details for a specific host by ${COLOR_YELLOW}ID${CoR}"
echo ""
echo -e " --host-create ${COLOR_ORANGE}domain${CoR} ${COLOR_CYAN}-i ${COLOR_ORANGE}forward_host${CoR} ${COLOR_CYAN}-p ${COLOR_ORANGE}forward_port${CoR} [options]\n"
echo -e " ${COLOR_RED}Required:${CoR}"
echo -e " domain Domain name (${COLOR_RED}required${CoR})"
echo -e " ${COLOR_CYAN}-i${CoR} forward-host IP address or domain name of the target server (${COLOR_RED}required${CoR})"
echo -e " ${COLOR_CYAN}-p${CoR} forward-port Port of the target server (${COLOR_RED}required${CoR})\n"
echo -e " optional: ${COLOR_GREY}(Check default settings,no argument needed if already set!)${CoR}"
echo -e " ${COLOR_CYAN}-f ${COLOR_GREY}FORWARD_SCHEME${CoR} Scheme for forwarding (http/https, default: $(colorize_booleanh "$FORWARD_SCHEME"))"
echo -e " ${COLOR_CYAN}-c ${COLOR_GREY}CACHING_ENABLED${CoR} Enable caching (true/false, default: $(colorize_boolean "$CACHING_ENABLED"))"
echo -e " ${COLOR_CYAN}-b ${COLOR_GREY}BLOCK_EXPLOITS${CoR} Block exploits (true/false, default: $(colorize_boolean "$BLOCK_EXPLOITS"))"
echo -e " ${COLOR_CYAN}-w ${COLOR_GREY}ALLOW_WEBSOCKET_UPGRADE${CoR} Allow WebSocket upgrade (true/false, default: $(colorize_boolean "$ALLOW_WEBSOCKET_UPGRADE"))"
echo -e " ${COLOR_CYAN}-l ${COLOR_GREY}CUSTOM_LOCATIONS${CoR} Custom locations (${COLOR_YELLOW}JSON array${CoR} of location objects)"
echo -e " ${COLOR_CYAN}-a ${COLOR_GREY}ADVANCED_CONFIG${CoR} Advanced configuration (${COLOR_YELLOW}string${CoR})"
#echo -e " ${COLOR_CYAN}-h ${COLOR_GREY}HTTP2_SUPPORT${CoR} HTTP2 (true/false, default: $(colorize_boolean "$HTTP2_SUPPORT"))"
echo ""
echo -e " --host-enable ${COLOR_CYAN}π${CoR} Enable Proxy host by ${COLOR_YELLOW}ID${CoR}"
echo -e " --host-disable ${COLOR_CYAN}π${CoR} Disable Proxy host by ${COLOR_YELLOW}ID${CoR}"
echo -e " --host-delete ${COLOR_CYAN}π${CoR} Delete Proxy host by ${COLOR_YELLOW}ID${CoR}"
echo -e " --host-update ${COLOR_CYAN}π${CoR} ${COLOR_CYAN}[field]=value${CoR} Update One specific field of an existing proxy host by ${COLOR_YELLOW}ID${CoR}"
echo -e " (eg., --host-update 42 forward_host=foobar.local)${CoR}"
echo ""
echo -e " --host-acl-enable ${COLOR_CYAN}π${CoR} ${COLOR_CYAN}access_list_id${CoR} Enable ACL for Proxy host by ${COLOR_YELLOW}ID${CoR} with Access List ID"
echo -e " --host-acl-disable ${COLOR_CYAN}π${CoR} Disable ACL for Proxy host by ${COLOR_YELLOW}ID${CoR}"
echo -e " --host-ssl-enable ${COLOR_CYAN}π${CoR} ${COLOR_CYAN}[cert_id]${CoR} Enable SSL for host ID optionally using specific certificate ID"
echo -e " --host-ssl-disable ${COLOR_CYAN}π${CoR} Disable SSL, HTTP/2, and HSTS for a proxy host${CoR}"
echo ""
echo -e " --cert-list List ALL SSL certificates"
echo -e " --cert-show ${COLOR_CYAN}domain${CoR} Or ${COLOR_CYAN}π${CoR} List SSL certificates filtered by [domain name] (${COLOR_YELLOW}JSON${CoR})${CoR}"
echo -e " --cert-delete ${COLOR_CYAN}domain${CoR} Or ${COLOR_CYAN}π${CoR} Delete Certificate for the given '${COLOR_YELLOW}domain${CoR}'"
echo -e " --cert-generate ${COLOR_CYAN}domain${CoR} ${COLOR_CYAN}[email]${CoR} Generate Let's Encrypt Certificate or others Providers.${CoR}"
echo -e " β’ ${COLOR_YELLOW}Standard domains:${CoR} example.com, sub.example.com"
echo -e " β’ ${COLOR_YELLOW}Wildcard domains:${CoR} *.example.com (requires DNS challenge)${CoR}"
echo -e " β’ DNS Challenge:${CoR} Required for wildcard certificates"
echo -e " - ${COLOR_YELLOW}Format:${CoR} dns-provider PROVIDER dns-api-key KEY"
echo -e " - ${COLOR_YELLOW}Providers:${CoR} dynu, cloudflare, digitalocean, godaddy, namecheap, route53, ovh, gcloud, ..."
echo ""
echo -e " --user-list List All Users"
echo -e " --user-create ${COLOR_CYAN}username${CoR} ${COLOR_CYAN}password${CoR} ${COLOR_CYAN}email${CoR} Create User with a ${COLOR_YELLOW}username${CoR}, ${COLOR_YELLOW}password${CoR} and ${COLOR_YELLOW}email${CoR}"
echo -e " --user-delete ${COLOR_CYAN}π${CoR} Delete User by ${COLOR_YELLOW}username${CoR}"
echo ""
echo -e " --access-list List All available Access Lists (ID and Name)"
echo -e " --access-list-show ${COLOR_CYAN}π${CoR} Show detailed information for specific access list"
echo -e " --access-list-create Create Access Lists with options:"
echo -e " β’ ${COLOR_YELLOW}--satisfy [any|all]${CoR} Set access list satisfaction mode"
echo -e " β’ ${COLOR_YELLOW}--pass-auth [true|false]${CoR} Enable/disable password authentication"
echo -e " β’ ${COLOR_YELLOW}--users \"user1,user2\"${CoR} List of users (comma-separated)"
echo -e " β’ ${COLOR_YELLOW}--allow \"ip1,ip2\"${CoR} List of allowed IPs/ranges"
echo -e " β’ ${COLOR_YELLOW}--deny \"ip1,ip2\"${CoR} List of denied IPs/ranges"
echo -e " --access-list-delete ${COLOR_CYAN}π${CoR} Delete Access List by access ID"
echo -e " --access-list-update ${COLOR_CYAN}π${CoR} Update Access List by access ID with options:"
echo -e " β’ ${COLOR_YELLOW}--name \"new_name\"${CoR} New name for the access list"
echo -e " β’ ${COLOR_YELLOW}--satisfy [any|all]${CoR} Update satisfaction mode"
echo -e " β’ ${COLOR_YELLOW}--pass-auth [true|false]${CoR} Update password authentication"
echo -e " β’ ${COLOR_YELLOW}--users \"user1,user2\"${CoR} Update list of users"
echo -e " β’ ${COLOR_YELLOW}--allow \"ip1,ip2\"${CoR} Update allowed IPs/ranges"
echo -e " β’ ${COLOR_YELLOW}--deny \"ip1,ip2\"${CoR} Update denied IPs/ranges\n"
#echo -e "\n ${COLOR_CYAN}π${CoR} = ID Host Proxy"
echo "βββββββββββββββββββββββββββββββββββββββββ"
echo -e " --examples ${COLOR_ORANGE}π ${CoR}Examples ${COLOR_GREY}commands, more explicits${CoR}"
echo -e " --help ${COLOR_YELLOW}π ${COLOR_GREY}It's me${CoR}"
echo "βββββββββββββββββββββββββββββββββββββββββ"
exit 0
}
################################
# Examples CLI Commands
examples_cli() {
echo -e "\n${COLOR_YELLOW}π‘ Tips:${CoR}"
echo -e " β’ Use -y flag to skip confirmation prompts"
echo -e " β’ Check --help for complete command list"
echo -e " β’ Always backup before making major changes"
echo -e " β’ Use --host-list OR --host-search to find host IDs\n"
echo -e "\n${COLOR_YELLOW}π° Common Usage Examples:${CoR}"
# Basic commands
echo -e "\n${COLOR_GREEN}π Basic Commands:${CoR}"
echo -e "${COLOR_GREY} # List all hosts in table format${CoR}"
echo -e " $0 --host-list"
echo -e "${COLOR_GREY} # Show detailed information about a specific host${CoR}"
echo -e " $0 --host-show 42"
echo -e "${COLOR_GREY} # Display default settings${CoR}"
echo -e " $0 --show-default"
# Host Management
echo -e "\n${COLOR_GREEN}π Host Management:${CoR}"
echo -e "${COLOR_GREY} # Create new proxy host (basic)${CoR}"
echo -e " $0 --host-create example.com -i 192.168.1.10 -p 8080"
echo -e "${COLOR_GREY} # Create host with SSL and advanced config${CoR}"
echo -e " $0 --host-create example.com -i 127.0.0.1 -p 6666 -f https -b true -c true --cert-generate example.com --host-ssl-enable -y"
echo -e "${COLOR_GREY} # Create host with custom locations${CoR}"
echo -e " $0 --host-create example.com -i 192.168.1.10 -p 8080 -l '[{\"path\":\"/api\",\"forward_host\":\"192.168.1.11\",\"forward_port\":8081}]'"
# SSL Management
echo -e "\n${COLOR_GREEN}π SSL Certificate Management:${CoR}"
echo -e "${COLOR_GREY} # Generate new SSL certificate${CoR}"
echo -e " $0 --cert-generate example.com admin@example.com"
echo -e "${COLOR_GREY} # Enable SSL for existing host${CoR}"
echo -e " $0 --host-ssl-enable 42"
echo -e "${COLOR_GREY} # List all SSL certificates${CoR}"
echo -e " $0 --cert-show"
echo -e "${COLOR_GREY} # List all certificates${CoR}"
echo -e " $0 --cert-list"
echo -e "${COLOR_GREY} # Generate SSL certificate${CoR}"
echo -e " $0 --cert-generate example.com --cert-email admin@example.com"
# Add new section for Wildcard certificates
echo -e "\n ${COLOR_GREEN}π Wildcard SSL Certificates with DNS Providers:${CoR}"
echo -e "${COLOR_GREY} # Generate wildcard certificate with ${COLOR_CYAN}Cloudflare${CoR}"
echo -e " $0 --cert-generate \"*.example.com\" --cert-email admin@example.com \\"
echo -e " --dns-provider cloudflare \\"
echo -e " --dns-credentials '{\"dns_cloudflare_email\":\"your@email.com\",\"dns_cloudflare_api_key\":\"your_api_key\"}'${CoR}"
echo -e "\n${COLOR_GREY} # Generate wildcard certificate with ${COLOR_CYAN}DigitalOcean${CoR}"
echo -e " $0 --cert-generate \"*.example.com\" --cert-email admin@example.com \\"
echo -e " --dns-provider digitalocean \\"
echo -e " --dns-credentials '{\"dns_digitalocean_token\":\"your_token\"}'"
echo -e "${COLOR_GREY} # Generate wildcard certificate with ${COLOR_CYAN}GoDaddy${CoR}"
echo -e " $0 --cert-generate \"*.example.com\" --cert-email admin@example.com \\"
echo -e " --dns-provider godaddy \\"
echo -e " --dns-credentials '{\"dns_godaddy_key\":\"your_key\",\"dns_godaddy_secret\":\"your_secret\"}'"
echo -e "${COLOR_GREY} # Generate wildcard certificate with ${COLOR_CYAN}OVH${CoR}"
echo -e " $0 --cert-generate \"*.example.com\" --cert-email admin@example.com \\"
echo -e " --dns-provider ovh \\"
echo -e " --dns-credentials '{\"dns_ovh_endpoint\":\"ovh-eu\",\"dns_ovh_app_key\":\"key\",\"dns_ovh_app_secret\":\"secret\",\"dns_ovh_consumer_key\":\"consumer_key\"}'${CoR}"
echo -e "${COLOR_GREY} # Generate wildcard certificate with ${COLOR_CYAN}Dynu${CoR}"
echo -e " $0 --cert-generate \"*.example.com\" --cert-email admin@example.com \\"
echo -e " --dns-provider dynu \\"
echo -e " --dns-credentials '{\"dns_dynu_api_key\":\"your_key\"}'${CoR}"
# User Management
echo -e "\n${COLOR_GREEN}π€ User Management:${CoR}"
echo -e "${COLOR_GREY} # Create new user${CoR}"
echo -e " $0 --user-create john.doe secretpass john.doe@example.com"
echo -e "${COLOR_GREY} # List all users${CoR}"
echo -e " $0 --user-list"
# Access Control
echo -e "\n${COLOR_GREEN}π‘οΈ Access List Management Examples:${CoR}"
echo -e "${COLOR_GREY} # List all access lists${CoR}"
echo -e " $0 --access-list"
echo
echo -e "${COLOR_GREY} # Show detailed information for specific access list${CoR}"
echo -e " $0 --access-list-show 123"
echo
echo -e "${COLOR_GREY} # Create a basic access list${CoR}"
echo -e " $0 --access-list-create \"office\" --satisfy any"
echo
echo -e "${COLOR_GREY} # Create access list with authentication${CoR}"
echo -e " $0 --access-list-create \"secure_area\" --satisfy all --pass-auth true"
echo
echo -e "${COLOR_GREY} # Create access list with users${CoR}"
echo -e " $0 --access-list-create \"dev_team\" --users \"john,jane,bob\" --pass-auth true"
echo
echo -e "${COLOR_GREY} # Create access list with IP rules${CoR}"
echo -e " $0 --access-list-create \"internal\" --allow \"192.168.1.0/24\" --deny \"192.168.1.100\""
echo
echo -e "${COLOR_GREY} # Create comprehensive access list${CoR}"
echo -e " $0 --access-list-create \"full_config\" \\"
echo -e " --satisfy all \\"
echo -e " --pass-auth true \\"
echo -e " --users \"admin1,admin2\" \\"
echo -e " --allow \"10.0.0.0/8,172.16.0.0/12\" \\"
echo -e " --deny \"10.0.0.50,172.16.1.100\""
echo
echo -e "${COLOR_GREY} # Update existing access list${CoR}"
echo -e " $0 --access-list-update 123 --name \"new_name\" --satisfy any"
echo
echo -e "${COLOR_GREY} # Delete access list${CoR}"
echo -e " $0 --access-list-delete 123"
echo -e "${COLOR_GREY} # Enable ACL for a host${CoR}"
echo -e " $0 --host-acl-enable 42 2"
# Advanced Configuration
echo -e "${COLOR_GREY} # Create host with custom headers${CoR}"
echo -e " $0 --host-create example.com -i 192.168.1.10 -p 8080 -a 'proxy_set_header X-Real-IP \$remote_addr;'"
echo -e "${COLOR_GREY} # Update specific field of existing host${CoR}"
echo -e " $0 --host-update 42 forward_host=new.example.com"
echo -e "\n${COLOR_GREEN}βοΈ Advanced Configuration:${CoR}"
echo -e "${COLOR_GREY} # Create host with all options${CoR}"
echo -e " $0 --host-create example.com -i 192.168.1.10 -p 8080 \\"
echo -e " -f https \\"
echo -e " -c true \\"
echo -e " -b true \\"
echo -e " -w true \\"
echo -e " -h true \\"
echo -e " -s true \\"
echo -e " -a 'proxy_set_header X-Real-IP \$remote_addr;' \\"
echo -e " -l '[{\"path\":\"/api\",\"forward_host\":\"api.local\",\"forward_port\":3000}]'"
echo -e "\n${COLOR_YELLOW}π Command Parameters:${CoR}"
echo -e " domain : Domain name for the proxy host"
echo -e " -i, --forward-host : Target server (IP/hostname)"
echo -e " -p, --forward-port : Target port"
echo -e " -f, --forward-scheme : http/https"
echo -e " -c, --cache : Enable cache"
echo -e " -b, --block-exploits : Protection against exploits"
echo -e " -w, --websocket : WebSocket support"
echo -e " -h, --http2 : HTTP/2 support"
echo -e " -s, --ssl-force : Force SSL"
echo -e " -a, --advanced-config : Custom Nginx configuration"
echo -e " -l, --locations : Custom location rules (JSON)\n"
exit 0
}
################################
# Display script variables info
display_info() {
check_token true
echo -e "${COLOR_YELLOW}\n Script Info: ${COLOR_GREEN}${VERSION}${CoR}"
echo -e " ${COLOR_YELLOW}Script Variables Information:${CoR}"
#echo -e "\n ${COLOR_GREEN}DATA_DIR${CoR} ${DATA_DIR}"
echo -e " ${COLOR_GREEN}Config${CoR} : ${SCRIPT_DIR}/npm-api.conf"
echo -e " ${COLOR_GREEN}BASE URL${CoR} : ${BASE_URL}"
echo -e " ${COLOR_GREEN}NGINX IP${CoR} : ${NGINX_IP}"
echo -e " ${COLOR_GREEN}USER NPM${CoR} : ${API_USER}"
echo -e " ${COLOR_GREEN}BACKUP DIR ${CoR} : ${DATA_DIR_ID}"
#echo -e " ${COLOR_GREEN}DOCKER Path${CoR} : ${NGINX_PATH_DOCKER}"
DATE=$(date +"_%Y_%m_%d__%H_%M_%S")
BACKUP_PATH="$BACKUP_DIR"
# VΓ©rifier si le rΓ©pertoire existe et contient des fichiers
if [ -d "$BACKUP_PATH" ] && [ -n "$(find "$BACKUP_PATH" -mindepth 1 -print -quit 2>/dev/null)" ]; then
# Count backup files by type
local total_files=$(find "$BACKUP_PATH" -type f \( \
-name "*.json" -o \
-name "*.conf" -o \
-name "*.log" -o \
-name "*.pem" -o \
-name "*.key" \
\) 2>/dev/null | wc -l)
if [ "$total_files" -gt 0 ]; then
echo -e "\n ${COLOR_YELLOW}Backup Statistics:${CoR}"
local config_files=$(find "$BACKUP_PATH" -maxdepth 1 -type f -name "full_config*.json" 2>/dev/null | wc -l)
local proxy_files=$(find "$BACKUP_PATH/.Proxy_Hosts" -type f -name "proxy_config.json" 2>/dev/null | wc -l)
local ssl_files=$(find "$BACKUP_PATH" -type f \( \
-name "certificate*.json" -o \
-name "*.pem" -o \
-name "*.key" \
\) 2>/dev/null | wc -l)
local access_files=$(find "$BACKUP_PATH/.access_lists" -type f -name "*.json" 2>/dev/null | wc -l)
local settings_files=$(find "$BACKUP_PATH/.settings" -type f -name "*.json" 2>/dev/null | wc -l)
local user_files=$(find "$BACKUP_PATH/.user" -type f -name "*.json" 2>/dev/null | wc -l)
# Afficher les statistiques seulement s'il y a des fichiers
[ "$config_files" -gt 0 ] && echo -e " β’ Full Config Files : ${COLOR_CYAN}$config_files${CoR}"
[ "$proxy_files" -gt 0 ] && echo -e " β’ Proxy Host Files : ${COLOR_CYAN}$proxy_files${CoR}"
[ "$ssl_files" -gt 0 ] && echo -e " β’ SSL Files : ${COLOR_CYAN}$ssl_files${CoR}"
[ "$access_files" -gt 0 ] && echo -e " β’ Access Lists : ${COLOR_CYAN}$access_files${CoR}"
[ "$settings_files" -gt 0 ] && echo -e " β’ Settings Files : ${COLOR_CYAN}$settings_files${CoR}"
[ "$user_files" -gt 0 ] && echo -e " β’ User Files : ${COLOR_CYAN}$user_files${CoR}"
echo -e " β’ Total Files : ${COLOR_CYAN}$total_files${CoR}"
fi
fi
# Display backup locations
echo -e "\n π ${COLOR_YELLOW}Backup Locations:${CoR}"
echo -e " β’ Backup: ${COLOR_GREY}$BACKUP_PATH${CoR}"
echo -e " β’ Token: ${COLOR_GREY}$BACKUP_PATH/token/${CoR}"
display_dashboard
}
# Function to display dashboard
display_dashboard() {
#check_token_notverbose
echo -e "\n ${COLOR_CYAN}π NGINX - Proxy Manager - Dashboard π§ ${CoR}"
echo -e " ${COLOR_GREY}βββββββββββββββββββββββββββββββββββββββ${CoR}"
# Get all data first
local proxy_hosts=$(curl -s --max-redirs 0 -X GET "$BASE_URL/nginx/proxy-hosts" \
-H "Authorization: Bearer $(cat "$TOKEN_FILE")")
local redirection_hosts=$(curl -s --max-redirs 0 -X GET "$BASE_URL/nginx/redirection-hosts" \
-H "Authorization: Bearer $(cat "$TOKEN_FILE")")
local stream_hosts=$(curl -s --max-redirs 0 -X GET "$BASE_URL/nginx/streams" \
-H "Authorization: Bearer $(cat "$TOKEN_FILE")")
local certificates=$(curl -s --max-redirs 0 -X GET "$BASE_URL/nginx/certificates" \
-H "Authorization: Bearer $(cat "$TOKEN_FILE")")
local users=$(curl -s --max-redirs 0 -X GET "$BASE_URL/users" \
-H "Authorization: Bearer $(cat "$TOKEN_FILE")")
local access_lists=$(curl -s --max-redirs 0 -X GET "$BASE_URL/nginx/access-lists" \
-H "Authorization: Bearer $(cat "$TOKEN_FILE")")
# Calculate counts with error checking
local proxy_count=0
local enabled_proxy_count=0
local redirect_count=0
local stream_count=0
local cert_count=0
local expired_cert_count=0
local user_count=0
local access_list_count=0
# Check and calculate proxy hosts
if [ "$(echo "$proxy_hosts" | jq -r 'type')" == "array" ]; then
proxy_count=$(echo "$proxy_hosts" | jq '. | length')
enabled_proxy_count=$(echo "$proxy_hosts" | jq '[.[] | select(.enabled == true)] | length')
fi
local disabled_proxy_count=$((proxy_count - enabled_proxy_count))
# Check and calculate redirections
if [ "$(echo "$redirection_hosts" | jq -r 'type')" == "array" ]; then
redirect_count=$(echo "$redirection_hosts" | jq '. | length')
fi
# Check and calculate streams
if [ "$(echo "$stream_hosts" | jq -r 'type')" == "array" ]; then
stream_count=$(echo "$stream_hosts" | jq '. | length')
fi
# Check and calculate certificates
if [ "$(echo "$certificates" | jq -r 'type')" == "array" ]; then
cert_count=$(echo "$certificates" | jq '. | length')
expired_cert_count=$(echo "$certificates" | jq '[.[] | select(.expired == true)] | length')
fi
local valid_cert_count=$((cert_count - expired_cert_count))
# Check and calculate users
if [ "$(echo "$users" | jq -r 'type')" == "array" ]; then
user_count=$(echo "$users" | jq '. | length')
fi
# Check and calculate access lists
if [ "$(echo "$access_lists" | jq -r 'type')" == "array" ]; then
access_list_count=$(echo "$access_lists" | jq '. | length')
fi
# Get version and uptime
local uptime=$(uptime | sed 's/.*up \([^,]*\),.*/\1/')
local version_info=$(curl -s --max-redirs 0 -X GET "${BASE_URL%/api}/version")
local npm_version="Unknown"
if [[ "$version_info" =~ \?v=([0-9]+\.[0-9]+\.[0-9]+) ]]; then
npm_version="${BASH_REMATCH[1]}"
fi
print_row() {
local component="$1"
local status="$2"
local force_color="${3:-}" # Initialisation avec une valeur vide par dΓ©faut
local status_color=""
# Si une couleur est forcΓ©e, l'utiliser
if [ -n "$force_color" ]; then
status_color="$force_color"
# Sinon, appliquer la logique de coloration automatique
else
# Liste des composants qui ne doivent pas Γͺtre colorΓ©s en vert
case "$component" in
*"Disabled"* | *"Expired"* | *"Uptime"* | *"Version"*)
status_color=""
;;
*)
# Pour les autres, colorer en vert si > 0
if [[ "$status" =~ ^[0-9]+$ ]] && [ "$status" -gt 0 ]; then
status_color="$COLOR_GREEN"
fi
;;
esac
fi
# Calculate padding needed (20 is the max width of status column)
local status_length=${#status}
local padding=$((8 - status_length))
local spaces=$(printf '%*s' "$padding" '')
echo -e " ${COLOR_GREY}β${CoR} $component ${COLOR_GREY}β${CoR} ${status_color}$status${spaces}${CoR}${COLOR_GREY}β${CoR}"
}
echo -e " ${COLOR_GREY}βββββββββββββββββββ¬ββββββββββ${CoR}"
echo -e " ${COLOR_GREY}β${CoR} COMPONENT ${COLOR_GREY}β${CoR} STATUS ${COLOR_GREY}β${CoR}"
echo -e " ${COLOR_GREY}βββββββββββββββββββΌββββββββββ€${CoR}"
# Proxy Hosts
print_row "π Proxy Hosts " "$proxy_count" "$COLOR_YELLOW"
print_row "ββ Enabled " "$enabled_proxy_count"
print_row "ββ Disabled " "$disabled_proxy_count" "$COLOR_RED"
echo -e " ${COLOR_GREY}βββββββββββββββββββΌββββββββββ€${CoR}"
# SSL Certificates
print_row "π Certificates" "$cert_count" "$COLOR_YELLOW"
print_row "ββ Valid " "$valid_cert_count"
print_row "ββ Expired " "$expired_cert_count" "$COLOR_RED"
echo -e " ${COLOR_GREY}βββββββββββββββββββΌββββββββββ€${CoR}"
# Redirections & Streams
print_row "π Redirections" "$redirect_count"
print_row "π Stream Hosts" "$stream_count"
echo -e " ${COLOR_GREY}βββββββββββββββββββΌββββββββββ€${CoR}"
# Access Lists
print_row "π Access Lists" "$access_list_count"
echo -e " ${COLOR_GREY}βββββββββββββββββββΌββββββββββ€${CoR}"
# Users
print_row "π₯ Users " "$user_count"
echo -e " ${COLOR_GREY}βββββββββββββββββββΌββββββββββ€${CoR}"
# System
print_row "β±οΈ Uptime " "$uptime" "$COLOR_YELLOW"
print_row "π¦ NPM Version " "$npm_version" "$COLOR_YELLOW"
echo -e " ${COLOR_GREY}βββββββββββββββββββ΄ββββββββββ${CoR}"
echo -e "\n ${COLOR_YELLOW}π‘ Use --help to see available commands${CoR}"
echo -e " ${COLOR_GREY} Check --examples for more help examples${CoR}\n"
}
################################
# show_default
# Display default settings for creating hosts
show_default() {
check_token_notverbose
echo -e "\nπ ${COLOR_YELLOW}Default Settings for Creating Hosts:${CoR}"
echo -e "\n ${COLOR_GREEN}Basic Settings:${CoR}"
echo -e " Forward Scheme: $(colorize_booleanh "$FORWARD_SCHEME")"
echo -e " Caching Enabled: $(colorize_boolean "$CACHING_ENABLED")"
echo -e " Block Exploits: $(colorize_boolean "$BLOCK_EXPLOITS")"
echo -e " Allow Websocket Upgrade: $(colorize_boolean "$ALLOW_WEBSOCKET_UPGRADE")"
echo -e "\n ${COLOR_GREEN}SSL Settings:${CoR}"
echo -e " HTTP/2 Support: $(colorize_boolean "$HTTP2_SUPPORT")"
echo -e " SSL Forced: $(colorize_boolean "$SSL_FORCED")"
echo -e " HSTS Enabled: $(colorize_boolean "$HSTS_ENABLED")"
echo -e " HSTS Subdomains: $(colorize_boolean "$HSTS_SUBDOMAINS")"
echo -e "\n ${COLOR_GREEN}Advanced Settings:${CoR}"
if [ -n "$ADVANCED_CONFIG" ]; then
echo -e " Advanced Config: ${COLOR_YELLOW}$ADVANCED_CONFIG${CoR}"
else
echo -e " Advanced Config: ${COLOR_GREY}Not configured${CoR}"
fi
if [ -n "$CUSTOM_LOCATIONS" ]; then
echo -e " Custom Locations: ${COLOR_YELLOW}$CUSTOM_LOCATIONS${CoR}"
else
echo -e " Custom Locations: ${COLOR_GREY}Not configured${CoR}"
fi
echo -e "\n ${COLOR_GREEN}System Settings:${CoR}"
echo -e " Base URL: $BASE_URL"
echo -e " Base Directory: $DATA_DIR"
echo -e " Token Directory: $TOKEN_DIR"
echo -e " Backup Directory: $BACKUP_DIR"
echo -e " Token Expiry: $TOKEN_EXPIRY\n"
exit 0
}
#######################################################################################
################################
# List all users
user_list() {
check_token_notverbose
echo -e "\n π List of users..."
RESPONSE=$(curl -s -X GET "$BASE_URL/users" \
-H "Authorization: Bearer $(cat "$TOKEN_FILE")")
echo -e "\n $RESPONSE" | jq
exit 0
}
################################
# Create a new user
user_create() {
check_token_notverbose
if [ -z "$USERNAME" ] || [ -z "$PASSWORD" ] || [ -z "$EMAIL" ]; then
echo -e "\n π€ ${COLOR_RED}The --user-create option requires username, password, and email.${CoR}"
echo -e " Usage: ${COLOR_ORANGE}$0 --user-create username password email${CoR}"
echo -e " Example:"
echo -e " ${COLOR_GREEN}$0 --user-create john secretpass john@domain.com${CoR}\n"
return 1
fi
# check if user already exists
EXISTING_USERS=$(curl -s -X GET "$BASE_URL/users" \
-H "Authorization: Bearer $(cat "$TOKEN_FILE")")
# check if email already exists
if echo "$EXISTING_USERS" | jq -e --arg email "$EMAIL" '.[] | select(.email == $email)' > /dev/null; then
echo -e "\n β ${COLOR_RED}Error: A user with email $EMAIL already exists.${CoR}"
return 1
fi
# check if username already exists
if echo "$EXISTING_USERS" | jq -e --arg name "$USERNAME" '.[] | select(.name == $name)' > /dev/null; then
echo -e "\n β ${COLOR_RED}Error: A user with name $USERNAME already exists.${CoR}"
return 1
fi
# create user
echo -e "\n π€ Creating user ${COLOR_GREEN}$USERNAME${CoR}..."
DATA=$(jq -n \
--arg username "$USERNAME" \
--arg password "$PASSWORD" \
--arg email "$EMAIL" \
--arg name "$USERNAME" \
--arg nickname "$USERNAME" \
--arg secret "$PASSWORD" \
'{
name: $name,
nickname: $nickname,
email: $email,
roles: ["admin"],
is_disabled: false,
auth: {
type: "password",
secret: $secret
}
}')
# send data to API
RESPONSE=$(curl -s -w "HTTPSTATUS:%{http_code}" -X POST "$BASE_URL/users" \
-H "Authorization: Bearer $(cat "$TOKEN_FILE")" \
-H "Content-Type: application/json; charset=UTF-8" \
--data-raw "$DATA")
HTTP_BODY=${RESPONSE//HTTPSTATUS:*/}
HTTP_STATUS=${RESPONSE##*HTTPSTATUS:}
if [ "$HTTP_STATUS" -eq 201 ]; then
# debug
echo "Debug response: $HTTP_BODY" >> /tmp/npm_debug.log
# get user id
USERS_RESPONSE=$(curl -s -X GET "$BASE_URL/users" \
-H "Authorization: Bearer $(cat "$TOKEN_FILE")")
USER_ID=$(echo "$USERS_RESPONSE" | jq -r --arg email "$EMAIL" --arg name "$USERNAME" \
'.[] | select(.email == $email and .name == $name) | .id')
if [ -n "$USER_ID" ]; then
echo -e " β
${COLOR_GREEN}User $USERNAME created successfully!${CoR}"
echo -e " π§ Email: ${COLOR_YELLOW}$EMAIL${CoR}"
echo -e " π User ID: ${COLOR_YELLOW}$USER_ID${CoR}\n"
else
echo -e " β οΈ ${COLOR_GREEN}User created but couldn't fetch ID${CoR}"
echo -e " π§ Email: ${COLOR_YELLOW}$EMAIL${CoR}\n"
fi
return 0
else
echo -e " β ${COLOR_RED}Failed to create user. Status: $HTTP_STATUS${CoR}"
echo -e " Error: ${COLOR_RED}$HTTP_BODY${CoR}\n"
return 1
fi
}
################################
# Delete a user
# $1: user_id - ID of the user to delete
user_delete() {
local USER_ID="$1"
if [ -z "$USER_ID" ]; then
echo -e "\n β ${COLOR_RED}ERROR: User ID is required${CoR}"
echo -e " Usage : ${COLOR_ORANGE}$0 --user-delete <user_id> [-y]${CoR}"
echo -e " Example: ${COLOR_GREEN}$0 --user-delete 42${CoR}"
exit 1
fi
# Check if USER_ID is a number
if ! [[ "$USER_ID" =~ ^[0-9]+$ ]]; then
echo -e " β ${COLOR_RED}ERROR: Invalid user ID '$USER_ID' - must be a number${CoR}"
echo -e " Usage : ${COLOR_ORANGE}$0 --user-delete <user_id> [-y]${CoR}"
echo -e " Example: ${COLOR_GREEN}$0 --user-delete 42${CoR}"
exit 1
fi
check_token_notverbose
# Get user details first
local RESPONSE=$(curl -s -X GET "$BASE_URL/users/$USER_ID" \
-H "Authorization: Bearer $(cat "$TOKEN_FILE")")
if [ "$(echo "$RESPONSE" | jq -r '.error.code // empty')" = "404" ]; then
echo -e " β ${COLOR_RED}User ID $USER_ID not found${CoR}"
exit 1
fi
local USERNAME=$(echo "$RESPONSE" | jq -r '.name')
local EMAIL=$(echo "$RESPONSE" | jq -r '.email')
if [ "$AUTO_YES" = true ]; then
echo -e " π Auto-confirming deletion of user '$USERNAME' (ID: $USER_ID)..."
else
echo -e " ββββββββββββββββββββββββββββββββββββββββββββ"
echo -e " β ID: ${COLOR_YELLOW}$USER_ID${CoR}"
echo -e " β Name: ${COLOR_GREEN}$USERNAME${CoR}"
echo -e " β Email: ${COLOR_CYAN}$EMAIL${CoR}"
echo -e " ββββββββββββββββββββββββββββββββββββββββββββ"
echo -e " β οΈ ${COLOR_RED}WARNING: This action cannot be undone!${CoR}"
read -n 1 -r -p " π Confirm deletion? (y/n): " CONFIRM
echo
if [[ ! $CONFIRM =~ ^[Yy]$ ]]; then
echo -e " β ${COLOR_RED}Operation cancelled${CoR}"
exit 1
fi
fi
# Delete user
RESPONSE=$(curl -s -X DELETE "$BASE_URL/users/$USER_ID" \
-H "Authorization: Bearer $(cat "$TOKEN_FILE")")
if [ "$RESPONSE" = "true" ]; then
echo -e " β
${COLOR_GREEN}User '$USERNAME' (ID: $USER_ID) deleted successfully!${CoR}"
else
echo -e " β ${COLOR_RED}Failed to delete user.${CoR}"
if [ -n "$RESPONSE" ]; then
echo -e " Error: $RESPONSE"
fi
exit 1
fi
}
################################
# Check if a certificate exists and is valid
check_certificate_exists() {
local DOMAIN="$1"
local RESPONSE
local CERT_ID
RESPONSE=$(curl -s -X GET "$BASE_URL/nginx/certificates" \
-H "Authorization: Bearer $(cat "$TOKEN_FILE")")
if [[ "$DOMAIN" == \** ]]; then
CERT_ID=$(echo "$RESPONSE" | jq -r --arg domain "$DOMAIN" \
'.[] | select(.domain_names[] == $domain) | .id' | sort -n | tail -n1)
else
local BASE_DOMAIN="${DOMAIN#\*\.}"
CERT_ID=$(echo "$RESPONSE" | jq -r --arg domain "$BASE_DOMAIN" \
'.[] | select(
(.domain_names[] == $domain) or
(.domain_names[] | startswith("*.") and ($domain | endswith(.[2:]))) or
($domain | startswith("*.") and (.domain_names[] | endswith(.[2:])))
) | .id' | sort -n | tail -n1)
fi
if [ -n "$CERT_ID" ]; then
return 0
else
return 1
fi
}
##############################################################
# Function to delete all existing proxy hosts # DEBUG
##############################################################
# Delete all existing proxy hosts
delete_all_proxy_hosts() {
check_token_notverbose
echo -e "\n ποΈ ${COLOR_ORANGE}Deleting all existing proxy hosts...${CoR}"
# Get all host IDs
local existing_hosts=$(curl -s -X GET "$BASE_URL/nginx/proxy-hosts" \
-H "Authorization: Bearer $(cat "$TOKEN_FILE")" | jq -r '.[].id')
local count=0
for host_id in $existing_hosts; do
echo -e " β’ Deleting host ID ${COLOR_CYAN}$host_id${CoR}...${COLOR_GREEN}β${CoR}"
local response=$(curl -s -w "HTTPSTATUS:%{http_code}" -X DELETE "$BASE_URL/nginx/proxy-hosts/$host_id" \
-H "Authorization: Bearer $(cat "$TOKEN_FILE")")
local http_body=$(echo "$response" | sed -e 's/HTTPSTATUS\:.*//g')
local http_status=$(echo "$response" | tr -d '\n' | sed -e 's/.*HTTPSTATUS://')
if [ "$http_status" -ne 200 ]; then
echo -e " β ${COLOR_RED}Failed to delete host ID $host_id. HTTP status: $http_status. Response: $http_body${CoR}"
return 1
fi
((count++))
done
echo -e " β
${COLOR_GREEN}Successfully deleted $count proxy hosts!${CoR}"
return 0
}
################################
# --clean_hosts from_backup_file
# Function to reimport hosts from backup file
# Create a safety backup before major operations
create_safety_backup() {
check_token_notverbose
TIMESTAMP=$(date +%Y%m%d_%H%M%S)
SAFETY_BACKUP="$BACKUP_DIR/pre_reimport_SAFETY_BACKUP_${TIMESTAMP}.json"
echo -e "π¦ Creating safety backup..."
# Get the list of IDs
local host_ids=$(curl -s -X GET "$BASE_URL/nginx/proxy-hosts" \
-H "Authorization: Bearer $(cat "$TOKEN_FILE")" | jq -r '.[].id')
# Create a table to store the complete configurations
echo "[" > "$SAFETY_BACKUP"
local first=true
# Get the detailed configuration of each host
for id in $host_ids; do
if [ "$first" = true ]; then
first=false
else
echo "," >> "$SAFETY_BACKUP"
fi
curl -s -X GET "$BASE_URL/nginx/proxy-hosts/$id" \
-H "Authorization: Bearer $(cat "$TOKEN_FILE")" >> "$SAFETY_BACKUP"
done
echo "]" >> "$SAFETY_BACKUP"
# Verify that the backup is valid
if ! jq empty "$SAFETY_BACKUP" 2>/dev/null; then
echo -e " β ${COLOR_RED}Failed to create valid safety backup${CoR}"
exit 1
fi
echo -e " β
${COLOR_GREEN}Safety backup created: ${COLOR_CYAN}$SAFETY_BACKUP${CoR}"
return 0
}
################################
# Function to display import summary
display_import_summary() {
echo -e "\nπ ${COLOR_YELLOW}Import Summary:${CoR}"
echo -e " β’ Total hosts processed: ${COLOR_CYAN}$total${CoR}"
echo -e " β’ Successfully imported: ${COLOR_GREEN}$success${CoR}"
echo -e " β’ Failed imports: ${COLOR_RED}$failed${CoR}"
echo -e "\nπ SSL Certificates:"
echo -e " β’ Successfully configured: ${COLOR_GREEN}$ssl_success${CoR}"
echo -e " β’ Failed configurations: ${COLOR_RED}$ssl_failed${CoR}"
if [ ${#failed_ssl_domains[@]} -gt 0 ]; then
echo -e "\nβ οΈ ${COLOR_YELLOW}Domains with failed SSL setup:${CoR}"
for domain in "${failed_ssl_domains[@]}"; do
echo -e " β’ $domain"
done
fi
echo -e "\n⨠${COLOR_GREEN}Import process completed${CoR}"
}
################################
# Function to list SSL certificates by ID or domain
cert_show() {
local search_term="$1"
check_token_notverbose
# If no search term is provided, show usage
if [ -z "$search_term" ]; then
echo -e "\n β ${COLOR_RED}ERROR: Missing argument${CoR}"
echo -e " Usage: "
echo -e " ${COLOR_ORANGE}$0 --cert-show <domain>${CoR} π Search by domain name"
echo -e " ${COLOR_ORANGE}$0 --cert-show <id>${CoR} π’ Search by ID"
echo -e " ${COLOR_ORANGE}$0 --cert-show-all${CoR} π List all certificates\n"
exit 1
fi
# Get all certificates
RESPONSE=$(curl -s -X GET "$BASE_URL/nginx/certificates" \
-H "Authorization: Bearer $(cat "$TOKEN_FILE")")
if [ -z "$RESPONSE" ] || [ "$RESPONSE" == "null" ]; then
echo -e " β ${COLOR_RED}Error: Unable to retrieve certificates${CoR}"
exit 1
fi
# Search by ID if numeric
if [[ "$search_term" =~ ^[0-9]+$ ]]; then
echo -e "\n π Searching for certificate with ID: ${COLOR_YELLOW}$search_term${CoR}"
# Get specific certificate by ID
CERT_RESPONSE=$(curl -s -X GET "$BASE_URL/nginx/certificates/$search_term" \
-H "Authorization: Bearer $(cat "$TOKEN_FILE")")
if echo "$CERT_RESPONSE" | jq -e '.error' >/dev/null; then
echo -e " β ${COLOR_RED}Certificate not found with ID: $search_term${CoR}"
else
echo "$CERT_RESPONSE" | jq -r '" π ID: \(.id)\n β’ Domain(s): \(.domain_names | join(", "))\n β’ Provider : \(.provider)\n β’ Created on: \(.created_on // "N/A")\n β’ Expires on: \(.expires_on // "N/A")\n β’ Status: \(if .expired then "β EXPIRED" else if .expires_on then "β
VALID" else "β οΈ PENDING" end end)"' | while IFS= read -r line; do if [[ $line == *"β EXPIRED"* ]]; then echo -e "${line/β EXPIRED/${COLOR_RED}β EXPIRED${CoR}}"; elif [[ $line == *"β
VALID"* ]]; then echo -e "${line/β
VALID/${COLOR_GREEN}β
VALID${CoR}}"; elif [[ $line == *"β οΈ PENDING"* ]]; then echo -e "${line/β οΈ PENDING/${COLOR_YELLOW}β οΈ PENDING${CoR}}"; else echo -e "$line"; fi; done fi
echo ""
return 0
fi
# Search by domain name (partial match)
echo -e "\n π Searching certificates for domain: ${COLOR_YELLOW}$search_term${CoR}"
DOMAIN_CERTS=$(echo "$RESPONSE" | jq -r --arg domain "$search_term" \
'.[] | select(.domain_names[] | contains($domain))')
if [ -z "$DOMAIN_CERTS" ]; then
echo -e " βΉοΈ ${COLOR_YELLOW}No certificates found for domain: $search_term${CoR}"
else
echo "$DOMAIN_CERTS" | jq -r '" π ID: \(.id)\n β’ Domain(s): \(.domain_names | join(", "))\n β’ Provider : \(.provider)\n β’ Created on: \(.created_on // "N/A")\n β’ Expires on: \(.expires_on // "N/A")\n β’ Status: \(if .expired then "β EXPIRED" else if .expires_on then "β
VALID" else "β οΈ PENDING" end end)"' | while IFS= read -r line; do if [[ $line == *"β EXPIRED"* ]]; then echo -e "${line/β EXPIRED/${COLOR_RED}β EXPIRED${CoR}}"; elif [[ $line == *"β
VALID"* ]]; then echo -e "${line/β
VALID/${COLOR_GREEN}β
VALID${CoR}}"; elif [[ $line == *"β οΈ PENDING"* ]]; then echo -e "${line/β οΈ PENDING/${COLOR_YELLOW}β οΈ PENDING${CoR}}"; else echo -e "$line"; fi; done
echo ""
fi
}
################################
# Function to list all SSL certificates
list_cert_all() {
check_token_notverbose
# Get all certificates
RESPONSE=$(curl -s -X GET "$BASE_URL/nginx/certificates" \
-H "Authorization: Bearer $(cat "$TOKEN_FILE")")
if [ -z "$RESPONSE" ] || [ "$RESPONSE" == "null" ]; then
echo -e " β ${COLOR_RED}Error: Unable to retrieve certificates${CoR}"
exit 1
fi
echo -e "\n π SSL Certificates List:"
# Check if there are any certificates
if [ "$RESPONSE" = "[]" ]; then
echo -e " βΉοΈ ${COLOR_YELLOW}No certificates found${CoR}"
return 0
fi
# Process and display all certificates
echo "$RESPONSE" | jq -r '.[] | " π ID: \(.id)\n β’ Domain(s): \(.domain_names | join(", "))\n β’ Provider: \(.provider)\n β’ Created on: \(.created_on // "N/A")\n β’ Expires on: \(.expires_on // "N/A")\n β’ Status: \(if .expired then "β EXPIRED" else if .expires_on then "β
VALID" else "β οΈ PENDING" end end)"' | \
while IFS= read -r line; do
if [[ $line == *"β EXPIRED"* ]]; then
echo -e "${line/β EXPIRED/${COLOR_RED}β EXPIRED${CoR}}"
elif [[ $line == *"β
VALID"* ]]; then
echo -e "${line/β
VALID/${COLOR_GREEN}β
VALID${CoR}}"
elif [[ $line == *"β οΈ PENDING"* ]]; then
echo -e "${line/β οΈ PENDING/${COLOR_YELLOW}β οΈ PENDING${CoR}}"
else
echo -e "$line"
fi
done
# Display statistics
TOTAL_CERTS=$(echo "$RESPONSE" | jq '. | length')
# Check if expires_on is in the future
VALID_CERTS=$(echo "$RESPONSE" | jq '[.[] | select(.expires_on > now)] | length')
# Check if expires_on is in the past
EXPIRED_CERTS=$(echo "$RESPONSE" | jq '[.[] | select(.expires_on < now)] | length')
echo -e "\n π Statistics"
echo -e " Total certs: ${COLOR_YELLOW}$TOTAL_CERTS${CoR}"
echo -e " β’ ${COLOR_GREEN}Valid${CoR} : ${COLOR_GREEN}$VALID_CERTS${CoR}"
echo -e " β’ ${COLOR_RED}Expired${CoR} : ${COLOR_RED}$EXPIRED_CERTS${CoR}\n"
}
# Verify Cloudflare API Key validity
verify_cloudflare_api_key() {
local api_key="$1"
local email="$2"
echo -e " π Verifying Cloudflare API Key..."
# Test API call to Cloudflare
local response=$(curl -s -X GET "https://api.cloudflare.com/client/v4/user" \
-H "X-Auth-Email: $email" \
-H "X-Auth-Key: $api_key" \
-H "Content-Type: application/json")
# Check if the API call was successful
if [ "$(echo "$response" | jq -r '.success')" = "true" ]; then
local username=$(echo "$response" | jq -r '.result.username')
echo -e " β
${COLOR_GREEN}Cloudflare API Key is valid${CoR}"
echo -e " π€ Connected as: ${COLOR_CYAN}$username${CoR}"
return 0
else
local error_msg=$(echo "$response" | jq -r '.errors[0].message')
echo -e " β ${COLOR_RED}Invalid Cloudflare API Key${CoR}"
echo -e " β Error: $error_msg"
return 1
fi
}
###############################
# Create or update a proxy host based on the existence of the domain
create_or_update_proxy_host() {
# Add static variable to track execution
if [ "${FUNCTION_CALLED:-0}" -eq 1 ]; then
return 0
fi
FUNCTION_CALLED=1
# Check for wildcard domains in host creation
if [[ "$DOMAIN_NAMES" == \** ]]; then
echo -e "\n β ${COLOR_RED}ERROR: Wildcard domains (*.domain.com) are not allowed for host creation${CoR}"
echo -e " Wildcards are only supported for SSL certificates"
exit 1
fi
check_token_notverbose
# Check if the host already exists
#echo -e "\n π Checking if the host ${COLOR_RED}$DOMAIN_NAMES${CoR} already exists..."
RESPONSE=$(curl -s -X GET "$BASE_URL/nginx/proxy-hosts" \
-H "Authorization: Bearer $(cat "$TOKEN_FILE")")
EXISTING_HOST=$(echo "$RESPONSE" | jq -r --arg DOMAIN "$DOMAIN_NAMES" '.[] | select(.domain_names[] == $DOMAIN)')
HOST_ID=$(echo "$EXISTING_HOST" | jq -r '.id // empty')
# Prepare JSON data for API
if [[ -z "$CUSTOM_LOCATIONS" || "$CUSTOM_LOCATIONS" == "null" ]]; then
CUSTOM_LOCATIONS_ESCAPED="[]"
else
CUSTOM_LOCATIONS_ESCAPED=$(echo "$CUSTOM_LOCATIONS" | jq -c . 2>/dev/null || echo '[]')
fi
# Convert boolean to JSON
CACHING_ENABLED_JSON=$( [ "$CACHING_ENABLED" == "true" ] && echo true || echo false )
BLOCK_EXPLOITS_JSON=$( [ "$BLOCK_EXPLOITS" == "true" ] && echo true || echo false )
ALLOW_WEBSOCKET_UPGRADE_JSON=$( [ "$ALLOW_WEBSOCKET_UPGRADE" == "true" ] && echo true || echo false )
HTTP2_SUPPORT_JSON=$( [ "$HTTP2_SUPPORT" == "true" ] && echo true || echo false )
# Generate JSON
DATA=$(jq -n \
--arg domain "$DOMAIN_NAMES" \
--arg host "$FORWARD_HOST" \
--arg port "$FORWARD_PORT" \
--arg scheme "$FORWARD_SCHEME" \
--argjson caching "$CACHING_ENABLED_JSON" \
--argjson block_exploits "$BLOCK_EXPLOITS_JSON" \
--arg advanced_config "$ADVANCED_CONFIG" \
--argjson websocket_upgrade "$ALLOW_WEBSOCKET_UPGRADE_JSON" \
--argjson http2_support "$HTTP2_SUPPORT_JSON" \
--argjson enabled true \
--argjson locations "$CUSTOM_LOCATIONS_ESCAPED" \
'{
domain_names: [$domain],
forward_host: $host,
forward_port: ($port | tonumber),
access_list_id: null,
certificate_id: null,
ssl_forced: false,
caching_enabled: $caching,
block_exploits: $block_exploits,
advanced_config: $advanced_config,
meta: { dns_challenge: null },
allow_websocket_upgrade: $websocket_upgrade,
http2_support: $http2_support,
forward_scheme: $scheme,
enabled: $enabled,
locations: $locations
}')
# Check if the JSON is valid
if ! echo "$DATA" | jq empty > /dev/null 2>&1; then
echo -e " ${COLOR_RED}β ERROR: Invalid JSON generated:\n$DATA${CoR}"
exit 1
fi
if [ -n "$HOST_ID" ]; then
# Update existing HOST
#echo -e "\n ${COLOR_CYAN}π${CoR} Updating the proxy host for ${COLOR_GREEN}$DOMAIN_NAMES${CoR}"
if [ "$AUTO_YES" != "true" ]; then
echo -e " ${COLOR_YELLOW}π Do you want to update this host ${CoR} $DOMAIN_NAMES ${COLOR_YELLOW}?${CoR}"
read -n 1 -r -p " (y/n): " answer
echo
if [[ ! $answer =~ ^[OoYy]$ ]]; then
echo -e " ${COLOR_YELLOW}π« No changes made.${CoR}\n"
return 0
fi
fi
echo -e "${CoR}"
METHOD="PUT"
URL="$BASE_URL/nginx/proxy-hosts/$HOST_ID"
else
# Create NEW HOST
echo -e "\n ${COLOR_CYAN}π${CoR} Creating a new proxy host: ${COLOR_GREEN}$DOMAIN_NAMES${CoR}"
METHOD="POST"
URL="$BASE_URL/nginx/proxy-hosts"
fi
# Send API request
RESPONSE=$(curl -s -X "$METHOD" "$URL" \
-H "Authorization: Bearer $(cat "$TOKEN_FILE")" \
-H "Content-Type: application/json; charset=UTF-8" \
--data-raw "$DATA")
# Check API response
ERROR_MSG=$(echo "$RESPONSE" | jq -r '.error.message // empty')
if [ -z "$ERROR_MSG" ]; then
PROXY_ID=$(echo "$RESPONSE" | jq -r '.id // "unknown"')
# If certificate generation is requested
if [ "$CERT_GENERATE" = true ] ; then
#echo -e " ${COLOR_YELLOW}π Generate SSL certificate CREATE_OR_${CoR}"
# Check if it's a wildcard certificate
if [[ "$DOMAIN_NAMES" == *"*."* ]]; then
if [ -z "$DNS_PROVIDER" ] || [ -z "$DNS_API_KEY" ]; then
echo -e " β οΈ ${COLOR_YELLOW}Wildcard certificate requires DNS challenge${CoR}"
echo -e " π Please provide DNS provider and API key:"
read -p " DNS Provider (cloudflare, dynu, etc.): " DNS_PROVIDER
read -p " DNS API Key: " DNS_API_KEY
fi
# Verify Cloudflare API key if using Cloudflare
if [[ "${DNS_PROVIDER,,}" == "cloudflare" ]]; then
if ! verify_cloudflare_api_key "$DNS_API_KEY" "$CERT_EMAIL"; then
echo -e " β ${COLOR_RED}Cannot proceed with invalid Cloudflare API Key${CoR}"
return 1
fi
# Verify domain is managed by Cloudflare
local domain=${DOMAIN_NAMES#\*.}
local zone_check=$(curl -s -X GET "https://api.cloudflare.com/client/v4/zones?name=$domain" \
-H "X-Auth-Email: $CERT_EMAIL" \
-H "X-Auth-Key: $DNS_API_KEY" \
-H "Content-Type: application/json")
if [ "$(echo "$zone_check" | jq -r '.result | length')" -eq 0 ]; then
echo -e " β ${COLOR_RED}Domain $domain is not managed by Cloudflare${CoR}"
echo -e " π Please make sure your domain is added to your Cloudflare account"
return 1
fi
echo -e " β
${COLOR_GREEN}Domain verification successful${CoR}"
fi
fi
# Set default value for DNS_CREDENTIALS_JSON if not defined
DNS_CREDENTIALS_JSON=${DNS_CREDENTIALS_JSON:-"{}"}
# Generate the certificate
cert_generate "$CERT_DOMAIN" "$CERT_EMAIL" "$DNS_PROVIDER" "$DNS_CREDENTIALS_JSON" "$HOST_SSL_ENABLE" "$DOMAIN_NAMES"
# Check SSL creation
CERT_CHECK=$(curl -s -X GET "$BASE_URL/nginx/certificates" \
-H "Authorization: Bearer $(cat "$TOKEN_FILE")")
CERT_ID=$(echo "$CERT_CHECK" | jq -r --arg domain "$CERT_DOMAIN" \
'.[] | select(.domain_names[] == $domain) | .id' | sort -n | tail -n1)
if [ -n "$CERT_ID" ]; then
#echo -e "\n ${COLOR_YELLOW}β¨ Automatic SSL Activation${CoR} $CERT_DOMAIN "
# update certificat with HOST ID
UPDATE_DATA=$(jq -n \
--arg cert_id "$CERT_ID" \
'{
certificate_id: $cert_id,
ssl_forced: true,
http2_support: true,
hsts_enabled: false,
hsts_subdomains: false,
enabled: true
}')
UPDATE_RESPONSE=$(curl -s -w "HTTPSTATUS:%{http_code}" -X PUT \
"$BASE_URL/nginx/proxy-hosts/$PROXY_ID" \
-H "Authorization: Bearer $(cat "$TOKEN_FILE")" \
-H "Content-Type: application/json" \
--data "$UPDATE_DATA")
UPDATE_STATUS=${UPDATE_RESPONSE##*HTTPSTATUS:}
# Check if successfull
if [ "$UPDATE_STATUS" -eq 200 ]; then
echo -e "\n β
${COLOR_GREEN}SSL Configuration Complete ${CoR}π"
echo -e " π CHECK SSL Status for ${COLOR_GREEN}$DOMAIN_NAMES${CoR}:"
echo -e " ββ π SSL: ${COLOR_GREEN}Enabled${CoR}"
echo -e " ββ π Certificate ID: $CERT_ID"
echo -e " ββ π HTTP/2: ${COLOR_GREEN}Active${CoR}"
echo -e " ββ π‘οΈ HSTS: ${COLOR_RED}Disabled${CoR}"
echo -e " ββ π HSTS Subdomains: ${COLOR_RED}Disabled${CoR}\n"
exit 0
else
echo -e " β ${COLOR_RED}Failed to enable SSL. Status code: $UPDATE_STATUS${CoR}\n"
fi
else
echo -e " β ${COLOR_RED}Certificate not found after generation${CoR}\n"
fi
fi
if [ "$METHOD" = "PUT" ]; then
echo -e " β
${COLOR_GREEN}Proxy host π$DOMAIN_NAMES (ID: ${COLOR_YELLOW}$PROXY_ID${COLOR_GREEN}) OK${CoR}\n"
else
echo -e " β
${COLOR_GREEN}Proxy host π$DOMAIN_NAMES (ID: ${COLOR_YELLOW}$PROXY_ID${COLOR_GREEN}) created successfully! π${CoR}\n"
fi
else
echo -e " β ${COLOR_RED}Operation failed. Error: $ERROR_MSG${CoR}\n"
exit 1
fi
}
# List all proxy hosts with basic details, including SSL certificate status and associated domain
host_list() {
check_token_notverbose
echo -e "\n${COLOR_ORANGE} π List of proxy hosts ${CoR}\n"
printf " %4s %-36s %-9s %-6s %-36s\n" "ID" " DOMAIN" " STATUS" " SSL" " CERT DOMAIN"
RESPONSE=$(curl -s -X GET "$BASE_URL/nginx/proxy-hosts" \
-H "Authorization: Bearer $(cat "$TOKEN_FILE")")
# Clean the response to remove control characters
CLEANED_RESPONSE=$(echo "$RESPONSE" | tr -d '\000-\031')
echo "$CLEANED_RESPONSE" | jq -r '.[] | "\(.id) \(.domain_names | join(", ")) \(.enabled) \(.certificate_id)"' | while read -r id domain enabled certificate_id; do
if [ "$enabled" = "true" ]; then
status="$(echo -e "${WHITE_ON_GREEN} enabled ${CoR}")"
else
status="$(echo -e "${COLOR_RED} disable ${CoR}")"
fi
# Default SSL status
ssl_status="$(pad "β" 6)"
ssl_color="${COLOR_RED}"
cert_domain=""
# Check if a valid certificate ID is present and not null
if [ "$certificate_id" != "null" ] && [ -n "$certificate_id" ]; then
# Fetch the certificate details using the certificate_id
CERT_DETAILS=$(curl -s -X GET "$BASE_URL/nginx/certificates/$certificate_id" \
-H "Authorization: Bearer $(cat "$TOKEN_FILE")")
# Check if the certificate details are valid and domain_names is not null
if [ "$(echo "$CERT_DETAILS" | jq -r '.domain_names')" != "null" ]; then
cert_domain=$(echo "$CERT_DETAILS" | jq -r '.domain_names | join(", ")')
ssl_status="$(pad "$certificate_id" 6)"
ssl_color="${COLOR_CYAN}"
fi
fi
# Print the row with colors and certificate domain (if available)
printf " ${COLOR_YELLOW}%4s${CoR} ${COLOR_GREEN}%-36s${CoR} %-9s ${ssl_color}%-6s${CoR} ${COLOR_CYAN}%-36s${CoR}\n" \
"$id" "$(pad "$domain" 36)" "$status" "$ssl_status" "$cert_domain"
done
echo ""
exit 0
}
################################
# List all proxy hosts with full details
host_list_full() {
check_token_notverbose
RESPONSE=$(curl -s -X GET "$BASE_URL/nginx/proxy-hosts" \
-H "Authorization: Bearer $(cat "$TOKEN_FILE")")
echo "$RESPONSE" | jq -c '.[]' | while read -r proxy; do
echo "$proxy" | jq .
done
echo ""
exit 0
}
################################
# Update an existing proxy host
update_proxy_host() {
check_token_notverbose
HOST_ID=$1
echo -e "\n π Updating proxy host for $DOMAIN_NAMES..."
# π₯ check if the required parameters are set
if [ -z "$DOMAIN_NAMES" ] || [ -z "$FORWARD_HOST" ] || [ -z "$FORWARD_PORT" ] || [ -z "$FORWARD_SCHEME" ]; then
echo -e " β${COLOR_RED} ERROR: Missing required parameters (domain, forward host, forward port, forward scheme).${CoR}"
exit 1
fi
# π₯ check if the FORWARD_PORT is a number
if ! [[ "$FORWARD_PORT" =~ ^[0-9]+$ ]]; then
echo -e " β${COLOR_RED} ERROR: FORWARD_PORT is not a number! Value: '$FORWARD_PORT'${CoR}"
exit 1
fi
# π₯ Correct the CUSTOM_LOCATIONS
if [[ -z "$CUSTOM_LOCATIONS" || "$CUSTOM_LOCATIONS" == "null" ]]; then
CUSTOM_LOCATIONS_ESCAPED="[]"
else
CUSTOM_LOCATIONS_ESCAPED=$(echo "$CUSTOM_LOCATIONS" | jq -c . 2>/dev/null || echo '[]')
fi
# correct the boolean (true / false in JSON)
CACHING_ENABLED_JSON=$( [ "$CACHING_ENABLED" == "true" ] && echo true || echo false )
BLOCK_EXPLOITS_JSON=$( [ "$BLOCK_EXPLOITS" == "true" ] && echo true || echo false )
ALLOW_WEBSOCKET_UPGRADE_JSON=$( [ "$ALLOW_WEBSOCKET_UPGRADE" == "true" ] && echo true || echo false )
HTTP2_SUPPORT_JSON=$( [ "$HTTP2_SUPPORT" == "true" ] && echo true || echo false )
# π Debugging variables before JSON update:
debug_var
# π₯ generate the JSON properly
DATA=$(jq -n \
--arg domain "$DOMAIN_NAMES" \
--arg host "$FORWARD_HOST" \
--arg port "$FORWARD_PORT" \
--arg scheme "$FORWARD_SCHEME" \
--argjson caching "$CACHING_ENABLED_JSON" \
--argjson block_exploits "$BLOCK_EXPLOITS_JSON" \
--arg advanced_config "$ADVANCED_CONFIG" \
--argjson websocket_upgrade "$ALLOW_WEBSOCKET_UPGRADE_JSON" \
--argjson http2_support "$HTTP2_SUPPORT_JSON" \
--argjson enabled true \
--argjson locations "$CUSTOM_LOCATIONS_ESCAPED" \
'{
domain_names: [$domain],
forward_host: $host,
forward_port: ($port | tonumber),
access_list_id: null,
certificate_id: null,
ssl_forced: false,
caching_enabled: $caching,
block_exploits: $block_exploits,
advanced_config: $advanced_config,
meta: { dns_challenge: null },
allow_websocket_upgrade: $websocket_upgrade,
http2_support: $http2_support,
forward_scheme: $scheme,
enabled: $enabled,
locations: $locations
}'
)
# π check if the JSON is valid
if ! echo "$DATA" | jq empty > /dev/null 2>&1; then
echo -e " β${COLOR_RED} ERROR: Invalid JSON generated:\n$DATA ${CoR}"
exit 1
fi
# π send the API request for update
RESPONSE=$(curl -s -X PUT "$BASE_URL/nginx/proxy-hosts/$HOST_ID" \
-H "Authorization: Bearer $(cat "$TOKEN_FILE")" \
-H "Content-Type: application/json; charset=UTF-8" \
--data-raw "$DATA")
# π’ check if the response is valid
ERROR_MSG=$(echo "$RESPONSE" | jq -r '.error.message // empty')
if [ -z "$ERROR_MSG" ]; then
PROXY_ID=$(echo "$RESPONSE" | jq -r '.id // "unknown"')
echo -e "\n β
${COLOR_GREEN}SUCCESS: Proxy host π$DOMAIN_NAMES (ID: ${COLOR_YELLOW}$PROXY_ID${COLOR_GREEN}) was created successfully! π${CoR}\n"
else
echo -e " β ${COLOR_RED}Failed to create proxy host. Error: $ERROR_MSG ${CoR}"
exit 1
fi
}
################################
# Update field of existing proxy host
host_update() {
check_token_notverbose
HOST_ID="$1"
FIELD="$2"
NEW_VALUE="$3"
#echo -e "\n π DEBUG: host-update() function has started"
# echo -e " π HOST_ID: $HOST_ID"
# echo -e " π· FIELD: $FIELD"
# echo -e " βοΈ VALUE: $NEW_VALUE"
# 1) Vérifier que tous les paramètres sont fournis
if [ -z "$HOST_ID" ] || [ -z "$FIELD" ] || [ -z "$NEW_VALUE" ]; then
echo -e "\n β ${COLOR_RED}INVALID command: Missing required parameters.${CoR}"
echo -e " Usage: ${COLOR_ORANGE}$0 --host-update <host_id> <field=value>${CoR}"
exit 1
fi
# 2) RΓ©cupΓ©rer la configuration actuelle
CURRENT_DATA=$(curl -s -X GET "$BASE_URL/nginx/proxy-hosts/$HOST_ID" \
-H "Authorization: Bearer $(cat "$TOKEN_FILE")")
#echo -e "\n π DEBUG: API response (CURRENT_DATA):\n$CURRENT_DATA\n"
if ! echo "$CURRENT_DATA" | jq empty > /dev/null 2>&1; then
echo -e " β ${COLOR_RED}ERROR:${CoR} Failed to fetch current proxy configuration."
exit 1
fi
# 3) VΓ©rifier si le champ demandΓ© est modifiable
FILTERED_DATA=$(echo "$CURRENT_DATA" | jq '{
domain_names,
forward_host,
forward_port,
access_list_id,
certificate_id,
ssl_forced,
caching_enabled,
block_exploits,
advanced_config,
meta,
allow_websocket_upgrade,
http2_support,
forward_scheme,
enabled,
locations,
hsts_enabled,
hsts_subdomains
}')
#echo -e "\n π DEBUG: Filtered JSON before update:\n$FILTERED_DATA\n"
if ! echo "$FILTERED_DATA" | jq -e --arg field "$FIELD" 'has($field)' > /dev/null; then
echo -e " β ${COLOR_RED}ERROR:${CoR} The field '$FIELD' is not a valid field for update."
exit 1
fi
# 4) Modifier la configuration
if [ "$FIELD" = "forward_port" ]; then
UPDATED_DATA=$(echo "$FILTERED_DATA" \
| jq --argjson newVal "$(echo "$NEW_VALUE" | jq -R 'tonumber? // 0')" \
'.forward_port = $newVal')
else
UPDATED_DATA=$(echo "$FILTERED_DATA" \
| jq --arg newVal "$NEW_VALUE" \
".$FIELD = \$newVal")
fi
#echo -e "\n π DEBUG: JSON Sent to API:\n$UPDATED_DATA\n"
if ! echo "$UPDATED_DATA" | jq empty > /dev/null 2>&1; then
echo -e " β ${COLOR_RED}ERROR: Invalid JSON generated.${CoR}\n$UPDATED_DATA"
exit 1
fi
# Sending update request to API..."
RESPONSE=$(curl -s -X PUT "$BASE_URL/nginx/proxy-hosts/$HOST_ID" \
-H "Authorization: Bearer $(cat "$TOKEN_FILE")" \
-H "Content-Type: application/json; charset=UTF-8" \
--data-raw "$UPDATED_DATA")
#echo -e "\n π DEBUG: API Response:\n$RESPONSE\n"
ERROR_MSG=$(echo "$RESPONSE" | jq -r '.error.message // empty')
if [ -z "$ERROR_MSG" ]; then
echo -e "\n β
${COLOR_GREEN}SUCCESS:${CoR} Proxy host π $HOST_ID updated successfully! π"
SUMMARY=$(curl -s -X GET "$BASE_URL/nginx/proxy-hosts/$HOST_ID" \
-H "Authorization: Bearer $(cat "$TOKEN_FILE")")
if echo "$SUMMARY" | jq empty > /dev/null 2>&1; then
echo -e " New Value Proxy host π $HOST_ID $FIELD : $(echo "$SUMMARY" | jq -r --arg field "$FIELD" '.[$field]')\n"
echo -e " π ${COLOR_CYAN}Summary Proxy Host:${CoR}"
echo -e " Domaine(s) : $(echo "$SUMMARY" | jq -r '.domain_names | join(", ")')"
echo -e " Forward Host : $(echo "$SUMMARY" | jq -r '.forward_host')"
echo -e " Forward Port : $(echo "$SUMMARY" | jq -r '.forward_port')"
echo -e " Forward Scheme : $(echo "$SUMMARY" | jq -r '.forward_scheme')"
echo -e " SSL Forced : $(echo "$SUMMARY" | jq -r '.ssl_forced')\n"
else
echo -e "\n β οΈ ${COLOR_YELLOW}WARNING:${CoR} Error to get proxy host data."
fi
else
echo -e "\n β ${COLOR_RED}Failed to update proxy host. Error:${CoR} $ERROR_MSG"
exit 1
fi
}
################################
# Search for a proxy host by domain name
host_search() {
#check_token false
check_token_notverbose
if [ -z "$HOST_SEARCHNAME" ]; then
echo -e "\n β ${COLOR_RED}ERROR: The --host-enable option requires a <host domain>.${CoR}"
echo -e " Usage : ${COLOR_ORANGE}$0 --host-search domain_name${CoR}"
echo -e " Example: ${COLOR_GREEN}$0 --host-search example.com${CoR}\n"
exit 1
fi
echo -e "\n ${COLOR_CYAN}π${CoR} Searching proxy hosts for: ${COLOR_YELLOW}$HOST_SEARCHNAME${CoR}"
RESPONSE=$(curl -s -X GET "$BASE_URL/nginx/proxy-hosts" \
-H "Authorization: Bearer $(cat "$TOKEN_FILE")")
if [ -z "$RESPONSE" ] || [ "$RESPONSE" == "null" ]; then
echo -e " β ${COLOR_RED}Error: Unable to retrieve proxy host data.${CoR}"
exit 1
fi
MATCHES=$(echo "$RESPONSE" | jq -c --arg search "$HOST_SEARCHNAME" '.[] | select(.domain_names[] | contains($search))')
if [ -z "$MATCHES" ]; then
echo -e " β No proxy host found for: ${COLOR_YELLOW}$HOST_SEARCHNAME${CoR}"
else
echo "$MATCHES" | while IFS= read -r line; do
id=$(echo "$line" | jq -r '.id')
domain_names=$(echo "$line" | jq -r '.domain_names[]')
printf " ${COLOR_GREY}π${COLOR_YELLOW}%4s${CoR} ${COLOR_GREEN}%s${CoR}\n" "$id" "$domain_names"
done
fi
echo ""
exit 0
}
################################
# Enable a proxy host by ID
host_enable() {
local host_id="$1"
if [ -z "$host_id" ]; then
echo -e "\n β ${COLOR_RED}ERROR: The --host-enable option requires a host π.${CoR}"
echo -e " Usage : ${COLOR_ORANGE}$0 --host-enable <host_id>${CoR}"
echo -e " Example: ${COLOR_GREEN}$0 --host-enable 42${CoR}"
return 1
fi
check_token_notverbose
# Check if the proxy host exists and get its current configuration
CHECK_RESPONSE=$(curl -s -X GET "$BASE_URL/nginx/proxy-hosts/$host_id" \
-H "Authorization: Bearer $(cat "$TOKEN_FILE")")
if [ $? -eq 0 ] && [ -n "$CHECK_RESPONSE" ]; then
# Get domain name for display
DOMAIN_NAME=$(echo "$CHECK_RESPONSE" | jq -r '.domain_names[0]')
# Create minimal payload with only the enabled property
PAYLOAD='{"enabled":true}'
# Send PUT request with minimal payload
RESPONSE=$(curl -s -X PUT "$BASE_URL/nginx/proxy-hosts/$host_id" \
-H "Authorization: Bearer $(cat "$TOKEN_FILE")" \
-H "Content-Type: application/json" \
-d "$PAYLOAD")
if [ $? -eq 0 ] && ! echo "$RESPONSE" | jq -e '.error' > /dev/null 2>&1; then
if [ "$DOMAIN_NAME" != "null" ] && [ -n "$DOMAIN_NAME" ]; then
echo -e "\n ${COLOR_YELLOW}π Enabling proxy host ${CoR} π${COLOR_CYAN}$host_id${CoR} πDomain: ${COLOR_CYAN}$DOMAIN_NAME${CoR}"
echo -e " β
${COLOR_GREEN}Successfully enabled ${CoR}π${COLOR_CYAN}$host_id${CoR} πDomain: ${COLOR_CYAN}$DOMAIN_NAME${CoR}\n"
else
echo -e " βΉοΈ ${COLOR_YELLOW}No domain name associated with this host${CoR}"
fi
else
ERROR_MSG=$(echo "$RESPONSE" | jq -r '.error.message // "Unknown error"')
echo -e " β ${COLOR_RED}Failed to enable proxy host: $ERROR_MSG${CoR}"
fi
else
echo -e " β ${COLOR_RED}Proxy host with ID $host_id does not exist${CoR}"
fi
}
################################
# Disable a proxy host by ID
host_disable() {
local host_id="$1"
if [ -z "$host_id" ]; then
echo -e "\n β ${COLOR_RED}ERROR: The --host-disable option requires a host π.${CoR}"
echo -e " Usage : ${COLOR_ORANGE}$0 --host-disable <host_id>${CoR}"
echo -e " Example: ${COLOR_GREEN}$0 --host-disable 42${CoR}"
return 1
fi
check_token_notverbose
# Check if the proxy host exists and get its current configuration
CHECK_RESPONSE=$(curl -s -X GET "$BASE_URL/nginx/proxy-hosts/$host_id" \
-H "Authorization: Bearer $(cat "$TOKEN_FILE")")
if [ $? -eq 0 ] && [ -n "$CHECK_RESPONSE" ]; then
# Get domain name for display
DOMAIN_NAME=$(echo "$CHECK_RESPONSE" | jq -r '.domain_names[0]')
# Create minimal payload with only the enabled property
PAYLOAD='{"enabled":false}'
# Send PUT request with minimal payload
RESPONSE=$(curl -s -X PUT "$BASE_URL/nginx/proxy-hosts/$host_id" \
-H "Authorization: Bearer $(cat "$TOKEN_FILE")" \
-H "Content-Type: application/json" \
-d "$PAYLOAD")
if [ $? -eq 0 ] && ! echo "$RESPONSE" | jq -e '.error' > /dev/null 2>&1; then
if [ "$DOMAIN_NAME" != "null" ] && [ -n "$DOMAIN_NAME" ]; then
echo -e "\n ${COLOR_YELLOW}π Disabling proxy host ${CoR} π${COLOR_CYAN}$host_id${CoR} πDomain: ${COLOR_CYAN}$DOMAIN_NAME${CoR}"
echo -e " β
${COLOR_GREEN}Successfully disabled ${CoR}π${COLOR_CYAN}$host_id${CoR} πDomain: ${COLOR_CYAN}$DOMAIN_NAME${CoR}\n"
else
echo -e " βΉοΈ ${COLOR_YELLOW}No domain name associated with this host${CoR}\n"
fi
else
ERROR_MSG=$(echo "$RESPONSE" | jq -r '.error.message // "Unknown error"')
echo -e " β ${COLOR_RED}Failed to disable proxy host: $ERROR_MSG${CoR}\n"
fi
else
echo -e " β ${COLOR_RED}Proxy host with ID $host_id does not exist${CoR}\n"
fi
}
################################
# Delete a proxy host
# $1: host_id - ID of the host to delete
host_delete() {
local host_id="$1"
# Check if ID is provided
if [ -z "$HOST_ID" ]; then
echo -e "\n β ${COLOR_RED}ERROR: The --host-delete option requires a host π${CoR}"
echo -e " Usage : ${COLOR_ORANGE}$0 --host-delete <host_id>${CoR}"
echo -e " Example: ${COLOR_GREEN}$0 --host-delete 42${CoR}"
exit 1
fi
check_token_notverbose
# Check if host exists before attempting deletion
#echo -e "\n π Checking if host ID ${COLOR_GREEN}$HOST_ID${CoR} exists..."
CHECK_RESPONSE=$(curl -s -w "HTTPSTATUS:%{http_code}" \
"$BASE_URL/nginx/proxy-hosts/$HOST_ID" \
-H "Authorization: Bearer $(cat "$TOKEN_FILE")" 2>/dev/null)
CHECK_BODY=${CHECK_RESPONSE//HTTPSTATUS:*/}
CHECK_STATUS=${CHECK_RESPONSE##*HTTPSTATUS:}
# Verify host existence
if [ "$CHECK_STATUS" -eq 404 ]; then
echo -e " β ${COLOR_RED}ERROR: Host ID ${COLOR_GREEN}$HOST_ID${COLOR_RED} not found!${CoR}"
echo -e "\n ${COLOR_YELLOW}π‘ Tip: Use --host-list to see all available hosts and their IDs${CoR}"
exit 1
elif [ "$CHECK_STATUS" -ne 200 ]; then
echo -e " β ${COLOR_RED}ERROR: Failed to check host. Status: $CHECK_STATUS${CoR}"
if [ -n "$CHECK_BODY" ]; then
echo -e " π Error details: $CHECK_BODY"
fi
exit 1
fi
# Extract domain name for confirmation
DOMAIN_NAME=$(echo "$CHECK_BODY" | jq -r '.domain_names[0] // "unknown"')
# Show confirmation prompt unless AUTO_YES is set
if [ "$AUTO_YES" != true ]; then
echo -e " ββββββββββββββββββββββββββββββββββββββββββββ"
echo -e " β ID: ${COLOR_YELLOW}$HOST_ID${CoR}"
echo -e " β Domain: ${COLOR_GREEN}$DOMAIN_NAME${CoR}"
echo -e " ββββββββββββββββββββββββββββββββββββββββββββ"
echo -e " β οΈ ${COLOR_RED}WARNING: This action cannot be undone!${CoR}"
read -n 1 -r -p " π Confirm deletion? (y/n): " CONFIRM
echo
if [[ ! $CONFIRM =~ ^[Yy]$ ]]; then
echo -e " β ${COLOR_RED}Operation cancelled${CoR}"
exit 1
fi
echo -e " ποΈ Deleting proxy host ${COLOR_GREEN}$DOMAIN_NAME${CoR} (ID: ${COLOR_GREEN}$HOST_ID${CoR})"
else
echo -e "\n ${COLOR_YELLOW}π -y Auto-confirming deletion${CoR}"
echo -e " ποΈ Deleting proxy host ${COLOR_GREEN}$DOMAIN_NAME${CoR} (ID: ${COLOR_GREEN}$HOST_ID${CoR})..."
fi
# Perform deletion
RESPONSE=$(curl -s -w "HTTPSTATUS:%{http_code}" -X DELETE \
"$BASE_URL/nginx/proxy-hosts/$HOST_ID" \
-H "Authorization: Bearer $(cat "$TOKEN_FILE")" 2>/dev/null)
HTTP_BODY=${RESPONSE//HTTPSTATUS:*/}
HTTP_STATUS=${RESPONSE##*HTTPSTATUS:}
if [ "$HTTP_STATUS" -eq 200 ]; then
echo -e " β
${COLOR_GREEN}Proxy host ${COLOR_YELLOW}$DOMAIN_NAME${CoR} (ID: $HOST_ID) deleted successfully!${CoR}\n"
exit 0
else
echo -e " β ${COLOR_RED}Failed to delete proxy host. Status: $HTTP_STATUS${CoR}"
if [ -n "$HTTP_BODY" ]; then
echo -e " π Error details: $HTTP_BODY"
fi
exit 1
fi
}
################################
# ACL proxy host
host_acl_enable() {
# VΓ©rifier que les deux arguments sont fournis
if [ -z "$HOST_ID" ] || [ -z "$ACCESS_LIST_ID" ]; then
echo -e "\n β ${COLOR_RED}Error: HOST_ID and ACCESS_LIST_ID are required to enable the ACL.${CoR}"
echo -e " Usage: ${COLOR_ORANGE}$0 --host-acl-enable <host_id> <access_list_id>${CoR}"
echo -e " Example: ${COLOR_GREEN}$0 --host-acl-enable 42 5${CoR}"
exit 1
fi
check_token_notverbose
echo -e "\n ${COLOR_YELLOW}π Enabling ACL${CoR} host π${COLOR_CYAN}$HOST_ID${CoR} with access list π${COLOR_CYAN}$ACCESS_LIST_ID${CoR}"
DATA=$(jq -n \
--argjson access_list_id "$ACCESS_LIST_ID" \
--argjson enabled true \
'{
access_list_id: $access_list_id,
enabled: $enabled
}')
RESPONSE=$(curl -s -X PUT "$BASE_URL/nginx/proxy-hosts/$HOST_ID" \
-H "Authorization: Bearer $(cat "$TOKEN_FILE")" \
-H "Content-Type: application/json; charset=UTF-8" \
--data-raw "$DATA")
if [ "$(echo "$RESPONSE" | jq -r '.error | length')" -eq 0 ]; then
echo -e " β
${COLOR_GREEN}ACL successfully enabled access list ${CoR}π${COLOR_CYAN}$ACCESS_LIST_ID${CoR} for hostπ${COLOR_CYAN}$HOST_ID${CoR}\n"
else
echo -e " β ${COLOR_RED}Failed to enable ACL. Error: $(echo "$RESPONSE" | jq -r '.message')${CoR}\n"
fi
}
################################
# Disable ACL for a given proxy host
host_acl_disable() {
if [ -z "$HOST_ID" ]; then
echo -e "\n β ${COLOR_RED}Error: HOST_ID is required to disable the ACL.${CoR}"
echo -e " Usage: $0 --host-acl-disable <host_id>"
exit 1
fi
check_token_notverbose
DATA=$(jq -n \
--argjson access_list_id null \
--argjson enabled false \
'{
access_list_id: $access_list_id,
enabled: $enabled
}')
RESPONSE=$(curl -s -X PUT "$BASE_URL/nginx/proxy-hosts/$HOST_ID" \
-H "Authorization: Bearer $(cat "$TOKEN_FILE")" \
-H "Content-Type: application/json; charset=UTF-8" \
--data-raw "$DATA")
if [ "$(echo "$RESPONSE" | jq -r '.error | length')" -eq 0 ]; then
echo -e "\n π ${COLOR_ORANGE}Disabling ACL for host${CoR}π${COLOR_CYAN} $HOST_ID${CoR}"
echo -e " β
${COLOR_GREEN}ACL successfully disabled ACL for host ${CoR}π${COLOR_CYAN}$HOST_ID${CoR}\n"
else
echo -e "\n β ${COLOR_RED}Failed to disable ACL. Error: $(echo "$RESPONSE" | jq -r '.message')${CoR}\n"
fi
}
################################
# Show details of a specific proxy host
host_show() {
#local host_id="$1"
if [ -z "$host_id" ]; then
echo -e "\n β ${COLOR_RED}The --host-show option requires a host ID.${CoR}"
echo -e " Usage: ${COLOR_ORANGE}$0 --host-show <ID>${CoR}"
echo -e " To find ID Check with ${COLOR_ORANGE}$0 --host-list${CoR}\n"
return 1
fi
check_token_notverbose
echo -e "\n π Fetching details for proxy host ID: ${COLOR_YELLOW}$host_id${CoR}..."
# get host details
local response=$(curl -s -X GET "$BASE_URL/nginx/proxy-hosts/$host_id" \
-H "Authorization: Bearer $(cat "$TOKEN_FILE")")
# Check if the response contains an error
if echo "$response" | jq -e '.error' >/dev/null; then
echo -e " β ${COLOR_RED}Error: $(echo "$response" | jq -r '.error.message')${CoR}\n"
return 1
fi
# Formater et afficher les dΓ©tails
echo -e "\nπ ${COLOR_YELLOW}Host Details:${CoR}"
echo -e "ββββββββββββββββββββββββββββββββββββ"
echo -e "β π ID: ${COLOR_GREEN_b}$(echo "$response" | jq -r '.id')${CoR}"
echo -e "β π Domains: ${COLOR_GREEN_b}$(echo "$response" | jq -r '.domain_names[]' | tr '\n' ' ')${CoR}"
echo -e "β π Forward Configuration:"
echo -e "β β’ Host: ${COLOR_GREEN_b}$(echo "$response" | jq -r '.forward_host')${CoR}"
echo -e "β β’ Port: ${COLOR_GREEN_b}$(echo "$response" | jq -r '.forward_port')${CoR}"
echo -e "β β’ Scheme: $(colorize_boolean $(echo "$response" | jq -r '.forward_scheme'))"
echo -e "β β
Status: $(colorize_boolean $(echo "$response" | jq -r '.enabled | if . then "Enabled" else "Disabled" end'))"
echo -e "β π SSL Configuration:"
echo -e "β β’ Certificate ID: ${COLOR_ORANGE}$(echo "$response" | jq -r '.certificate_id')${CoR}"
echo -e "β β’ SSL Forced: $(colorize_boolean $(echo "$response" | jq -r '.ssl_forced | if . then "true" else "false" end'))"
echo -e "β β’ HTTP/2: $(colorize_boolean $(echo "$response" | jq -r '.http2_support | if . then "true" else "false" end'))"
echo -e "β β’ HSTS: $(colorize_boolean $(echo "$response" | jq -r '.hsts_enabled | if . then "true" else "false" end'))"
echo -e "β π οΈ Features:"
echo -e "β β’ Block Exploits: $(colorize_boolean $(echo "$response" | jq -r '.block_exploits | if . then "true" else "false" end'))"
echo -e "β β’ Caching: $(colorize_boolean $(echo "$response" | jq -r '.caching_enabled | if . then "true" else "false" end'))"
echo -e "β β’ Websocket Upgrade: $(colorize_boolean $(echo "$response" | jq -r '.websockets_enabled | if . then "true" else "false" end'))"
echo -e "β π Access List ID: ${COLOR_ORANGE}$(echo "$response" | jq -r '.access_list_id')${CoR}"
# VΓ©rifier et afficher la configuration avancΓ©e
if [ "$(echo "$response" | jq -r '.advanced_config')" != "null" ]; then
echo -e "β βοΈ Advanced Config: ${COLOR_GREEN}Yes${CoR}"
echo -e "β"
echo "$response" | jq -r '.advanced_config' | while IFS= read -r line; do
if [ -n "$line" ]; then
echo -e "β ${COLOR_GRAY}$line${CoR}"
else
echo -e "β"
fi
done
else
echo -e "β βοΈ Advanced Config: ${COLOR_RED}No${CoR}"
fi
echo -e "βββββββββββββββββββββββββββββββββββββ"
return 0
}
################################
# Delete a certificate in NPM
cert_delete() {
local CERT_IDENTIFIER="$1"
if [ -z "$CERT_IDENTIFIER" ]; then
echo -e "\n β ${COLOR_RED}Error: Please specify a domain or certificate ID${CoR}"
echo -e "Usage: --cert-delete <domain.com or ID>"
exit 1
fi
check_token_notverbose
# Get certificates list from API
CERTIFICATES=$(curl -s -X GET "$BASE_URL/nginx/certificates" \
-H "Authorization: Bearer $(cat "$TOKEN_FILE")")
# Check if input is a number (ID) or domain
if [[ "$CERT_IDENTIFIER" =~ ^[0-9]+$ ]]; then
# It's an ID
CERT_ID="$CERT_IDENTIFIER"
CERT_EXISTS=$(echo "$CERTIFICATES" | jq -r --arg id "$CERT_ID" '.[] | select(.id == ($id|tonumber)) | .id')
# Add verification for CERT_EXISTS
if [ -z "$CERT_EXISTS" ]; then
echo -e "\n β ${COLOR_RED}No certificate found with ID: $CERT_ID${CoR}"
exit 1
fi
#echo -e " β
Certificate ID $CERT_ID found"
else
# It's a domain - Get all matching certificates
MATCHING_CERTS=$(echo "$CERTIFICATES" | jq -r --arg domain "$CERT_IDENTIFIER" \
'[.[] | select(.domain_names[] == $domain or .nice_name == $domain)]')
CERT_COUNT=$(echo "$MATCHING_CERTS" | jq 'length')
if [ "$CERT_COUNT" -eq 0 ]; then
echo -e " β ${COLOR_RED}No certificates found for domain: $CERT_IDENTIFIER${CoR}"
exit 1
elif [ "$CERT_COUNT" -eq 1 ]; then
CERT_ID=$(echo "$MATCHING_CERTS" | jq -r '.[0].id')
else
# Multiple certificates found, let user choose
echo -e " π Multiple certificates found for $CERT_IDENTIFIER:"
echo "$MATCHING_CERTS" | jq -r '.[] | "ID: \(.id) - Provider: \(.provider) - Expires: \(.expires_on) - Domains: \(.domain_names|join(", "))"' | \
awk '{print NR ") " $0}'
if [ "$AUTO_YES" = true ]; then
echo -e " β οΈ Multiple certificates found with -y option. Please specify certificate ID instead."
exit 1
fi
read -r -p "Enter the number of the certificate to delete (1-$CERT_COUNT): " CHOICE
if ! [[ "$CHOICE" =~ ^[0-9]+$ ]] || [ "$CHOICE" -lt 1 ] || [ "$CHOICE" -gt "$CERT_COUNT" ]; then
echo -e " β ${COLOR_RED}Invalid selection${CoR}"
exit 1
fi
CERT_ID=$(echo "$MATCHING_CERTS" | jq -r --arg idx "$((CHOICE-1))" '.[$idx|tonumber].id')
fi
fi
if [ -z "$CERT_ID" ]; then
echo -e " β ${COLOR_RED}No valid certificate found${CoR}"
exit 1
fi
# Ask for confirmation unless AUTO_YES is set
if [ "$AUTO_YES" = true ]; then
#echo -e " π The -y option was provided. Skipping confirmation prompt..."
CONFIRM="y"
else
echo -e "${COLOR_YELLOW}"
read -n 1 -r -p " β οΈ Are you sure you want to delete certificate ID: $CERT_ID ? (y/n): " CONFIRM
echo -e "${CoR}"
fi
if [[ "$CONFIRM" != "y" ]]; then
echo -e "${COLOR_RED} β Certificate deletion aborted.${CoR}\n"
exit 1
fi
echo -e "\n ποΈ Deleting certificate ID: $CERT_ID..."
# Delete certificate through API
HTTP_RESPONSE=$(curl -s -w "HTTPSTATUS:%{http_code}" -X DELETE \
"$BASE_URL/nginx/certificates/$CERT_ID" \
-H "Authorization: Bearer $(cat "$TOKEN_FILE")")
HTTP_BODY=${HTTP_RESPONSE//HTTPSTATUS:*/}
HTTP_STATUS=${HTTP_RESPONSE##*HTTPSTATUS:}
if [ "$HTTP_STATUS" -eq 200 ]; then
echo -e " β
${COLOR_GREEN}Certificate successfully deleted!${CoR}\n"
else
echo -e " β ${COLOR_RED}Deletion failed. Status: $HTTP_STATUS. Response: $HTTP_BODY${CoR}\n"
fi
}
################################
# Generate Let's Encrypt certificate if not exists
cert_generate() {
# 1. Local variables
DOMAIN_NAMES="${1:-}"
DOMAIN=$DOMAIN_NAMES
EMAIL="${2:-}"
DNS_PROVIDER="${3:-}"
DNS_CREDENTIALS_JSON="${4:-}"
EXISTING_CERT=""
IS_WILDCARD=false
# 2. Basic validation
if [ -z "$DOMAIN_NAMES" ]; then
echo -e "\n ${COLOR_RED}β${CoR} Error: Domain is required $DOMAIN"
echo -e " Usage: $0 --cert-generate <domain> [email] [dns_provider] [dns_credentials]\n"
exit 1
fi
if [ -z "$EMAIL" ]; then
EMAIL="$DEFAULT_EMAIL"
echo -e "\n π§ Using default email: ${COLOR_YELLOW}$EMAIL${CoR}"
fi
check_token_notverbose
# 3. Check if wildcard and validate requirements
if [[ "$DOMAIN" == \** ]]; then
IS_WILDCARD=true
if [ -z "$DNS_PROVIDER" ] || [ -z "$DNS_CREDENTIALS_JSON" ]; then
echo -e " β ${COLOR_RED}DNS provider and credentials are required for wildcard certificates${CoR}\n"
exit 1
fi
# JSON format validation
if ! echo "$DNS_CREDENTIALS_JSON" | jq '.' >/dev/null 2>&1; then
echo -e " β ${COLOR_RED}Invalid JSON format for DNS credentials${CoR}\n"
exit 1
fi
else
# Seulement vΓ©rifier le domaine dans NPM si ce n'est pas un wildcard
PROXY_RESPONSE=$(curl -s -X GET "$BASE_URL/nginx/proxy-hosts" \
-H "Authorization: Bearer $(cat "$TOKEN_FILE")")
DOMAIN_EXISTS=$(echo "$PROXY_RESPONSE" | jq -r --arg DOMAIN "$DOMAIN" \
'.[] | select(.domain_names[] == $DOMAIN) | .id')
if [ -z "$DOMAIN_EXISTS" ]; then
echo -e "\n ${COLOR_RED}β${CoR} Domain ${COLOR_YELLOW}$DOMAIN${CoR} is not configured in NPM."
echo -e " ${COLOR_YELLOW}π‘${CoR} First create a proxy host with:"
echo -e " ${COLOR_CYAN}$0 --host-create $DOMAIN -i <forward_host> -p <forward_port>${CoR}\n"
exit 1
fi
fi
# Ensuite vΓ©rifier les certificats existants
RESPONSE=$(curl -s -X GET "$BASE_URL/nginx/certificates" \
-H "Authorization: Bearer $(cat "$TOKEN_FILE")")
EXISTING_CERT=$(echo "$RESPONSE" | jq -r --arg domain "$DOMAIN" \
'.[] | select(.domain_names[] == $domain) | select(.expired == false)')
if [ -n "$EXISTING_CERT" ]; then
CERT_ID=$(echo "$EXISTING_CERT" | jq -r '.id')
CERT_EXPIRES=$(echo "$EXISTING_CERT" | jq -r '.expires_on')
echo -e " ${COLOR_GREEN}π${CoR} Valid certificate found for ${COLOR_YELLOW}$DOMAIN${CoR} (Certificate ID: ${COLOR_ORANGE}$CERT_ID${CoR}, expires in ${COLOR_YELLOW}$(( ($(date -d "$CERT_EXPIRES" +%s) - $(date +%s)) / 86400 ))${CoR} days)"
return 0
fi
# 4. Check for existing certificate
RESPONSE=$(curl -s -X GET "$BASE_URL/nginx/certificates" \
-H "Authorization: Bearer $(cat "$TOKEN_FILE")")
EXISTING_CERT=$(echo "$RESPONSE" | jq -r --arg domain "$DOMAIN" \
'.[] | select(.domain_names[] == $domain) | select(.expired == false)')
if [ -n "$EXISTING_CERT" ]; then
CERT_ID=$(echo "$EXISTING_CERT" | jq -r '.id')
CERT_EXPIRES=$(echo "$EXISTING_CERT" | jq -r '.expires_on')
echo -e " ${COLOR_GREEN}π${CoR} Valid certificate found for ${COLOR_YELLOW}$DOMAIN${CoR} (Certificate ID: ${COLOR_ORANGE}$CERT_ID${CoR}, expires in ${COLOR_YELLOW}$(( ($(date -d "$CERT_EXPIRES" +%s) - $(date +%s)) / 86400 ))${CoR} days)"
return 0
fi
# 5. Display parameters and confirmation
echo -e "\n ${COLOR_CYAN}π${CoR} Certificate generation parameters:"
echo -e " β’ Domain: ${COLOR_YELLOW}$DOMAIN${CoR}"
echo -e " β’ Email: ${COLOR_YELLOW}$EMAIL${CoR}"
if [ -n "$DNS_PROVIDER" ]; then
echo -e " β’ DNS Provider: ${COLOR_YELLOW}$DNS_PROVIDER${CoR}"
fi
# 6. Confirmation
if [ "$AUTO_YES" = true ]; then
echo -e "\n ${COLOR_YELLOW}π The -y option was provided.${CoR} AUTO Yes activate.${CoR}"
CONFIRM="y"
else
echo -en " ${COLOR_RED}β${CoR} No existing certificate found for ${COLOR_YELLOW}$DOMAIN${CoR}. Create new Let's Encrypt certificate? (y/n): "
read -n 1 -r CONFIRM
echo # New line after response
CONFIRM=${CONFIRM:-y} # Default to 'y' if empty
CONFIRM=$(echo "$CONFIRM" | tr '[:upper:]' '[:lower:]') # Convert to lowercase
fi
if [[ "$CONFIRM" != "y" ]]; then
echo -e "${COLOR_RED} β Certificate creation aborted.${CoR}\n"
exit 0
fi
# 7. Prepare request data
echo -e " ${COLOR_YELLOW}π Initiating certificate generation ${COLOR_GREEN}$DOMAIN${CoR}"
echo -e " ${COLOR_CYAN}π Sending certificate generation request${CoR}"
echo -e " ${COLOR_ORANGE}β³ This process may take a few minutes...${CoR}"
if [ "$IS_WILDCARD" = true ]; then
echo -e " π Using DNS challenge with provider: $DNS_PROVIDER"
REQUEST_DATA=$(jq -n \
--arg domain "$DOMAIN" \
--arg email "$EMAIL" \
--arg dns_provider "$DNS_PROVIDER" \
--arg credentials "$DNS_CREDENTIALS_JSON" \
'{
provider: "letsencrypt",
domain_names: [$domain],
meta: {
dns_challenge: true,
dns_provider: $dns_provider,
dns_provider_credentials: $credentials,
letsencrypt_agree: true,
letsencrypt_email: $email,
propagation_seconds: 60
}
}')
else
REQUEST_DATA=$(jq -n \
--arg domain "$DOMAIN" \
--arg email "$EMAIL" \
'{
provider: "letsencrypt",
domain_names: [$domain],
meta: {
letsencrypt_agree: true,
letsencrypt_email: $email
}
}')
fi
# 8. Send request and handle response
HTTP_RESPONSE=$(curl -s -w "HTTPSTATUS:%{http_code}" -X POST "$BASE_URL/nginx/certificates" \
-H "Authorization: Bearer $(cat "$TOKEN_FILE")" \
-H "Content-Type: application/json" \
--data "$REQUEST_DATA")
HTTP_BODY=${HTTP_RESPONSE//HTTPSTATUS:*/}
HTTP_STATUS=${HTTP_RESPONSE##*HTTPSTATUS:}
if [ "$HTTP_STATUS" -eq 201 ]; then
CERT_ID=$(echo "$HTTP_BODY" | jq -r '.id')
echo -e "\n β
${COLOR_GREEN}Certificate generation initiated successfully!${CoR}"
echo -e " π Certificate Details:"
echo -e " β’ Certificate ID: ${COLOR_YELLOW}$CERT_ID${CoR}"
echo -e " β’ Status: ${COLOR_GREEN}Created${CoR}"
echo -e " β’ Domain: ${COLOR_YELLOW}$DOMAIN${CoR}"
echo -e " β’ Provider: ${COLOR_YELLOW}Let's Encrypt${CoR}\n"
# Export variables for host_ssl_enable
export GENERATED_CERT_ID="$CERT_ID"
export DOMAIN_EXISTS
if [ "$HOST_SSL_ENABLE" = true ]; then
echo -e "\n β³ ${COLOR_YELLOW}Waiting for certificate propagation (30 seconds)...${CoR}"
sleep 30
if ! check_certificate_exists "$DOMAIN"; then
echo -e "\n β ${COLOR_RED}ERROR: Certificate not found after generation${CoR}"
exit 1
fi
fi
#return 0
else
echo -e "\n β ${COLOR_RED}Certificate generation failed!${CoR}"
ERROR_MSG=$(echo "$HTTP_BODY" | jq -r '.error.message // "Unknown error"')
echo -e " β Error: ${COLOR_RED}$ERROR_MSG${CoR}"
DEBUG_STACK=$(echo "$HTTP_BODY" | jq -r '.debug.stack[]? // empty')
if [ -n "$DEBUG_STACK" ]; then
echo -e "\n π Debug Stack:"
echo "$DEBUG_STACK" | while read -r line; do
echo -e " β’ ${COLOR_YELLOW}$line${CoR}"
done
fi
echo -e "\n ${COLOR_CYAN}π${CoR} Troubleshooting suggestions:"
echo -e " β’ Verify domain DNS records are properly configured"
echo -e " β’ Ensure domain is accessible via HTTP/HTTPS"
echo -e " β’ Check if Let's Encrypt rate limits are not exceeded"
echo -e " β’ Verify Nginx Proxy Manager is properly configured"
echo -e " β’ Check if port 80 is open and accessible"
echo -e " β’ Ensure no firewall is blocking access"
echo -e " β’ Check Nginx Proxy Manager logs for more details"
echo -e "\n ${COLOR_CYAN}π‘${CoR} You can try:"
echo -e " β’ Wait a few minutes and try again (DNS propagation)"
echo -e " β’ Check Nginx Proxy Manager logs:"
echo -e " ${COLOR_GREEN}docker logs nginx-proxy-manager${CoR}"
echo -e " β’ Check Let's Encrypt logs:"
echo -e " ${COLOR_GREEN}docker exec nginx-proxy-manager cat /tmp/letsencrypt-log/letsencrypt.log${CoR}"
echo -e "\n π Debug Information:"
echo -e " β’ HTTP Status: $HTTP_STATUS"
echo -e " β’ Response: $HTTP_BODY"
echo -e " β’ Request Data: $REQUEST_DATA"
return 1
fi
}
################################
# Enable SSL for a proxy host
host_ssl_enable() {
local HOST_ID="${1:-}"
local CERT_ID="${2:-}"
if [ "$CERT_GENERATE" = true ]; then
if [ -z "$DOMAIN_EXISTS" ]; then
echo -e "\n β ${COLOR_RED}ERROR: No domain found in NPM${CoR}"
exit 1
fi
if [ -z "$GENERATED_CERT_ID" ]; then
echo -e "\n β ${COLOR_RED}ERROR: No certificate ID available${CoR}"
exit 1
fi
HOST_ID="$DOMAIN_EXISTS"
CERT_ID="$GENERATED_CERT_ID"
else
if [ -z "$HOST_ID" ]; then
echo -e "\n β ${COLOR_RED}ERROR : The --host-ssl-enable option requires a host π${CoR}"
echo -e " Usage : ${COLOR_ORANGE}$0 --host-ssl-enable <host_id> <cert_id>${CoR}"
echo -e " Example: ${COLOR_GREEN}$0 --host-ssl-enable 42 240${CoR}\n"
exit 1
fi
if [ -z "$CERT_ID" ]; then
echo -e "\n β ${COLOR_RED}ERROR: Certificate ID is required${CoR}"
echo -e " Usage : ${COLOR_ORANGE}$0 --host-ssl-enable <host_id> <cert_id>${CoR}"
echo -e " Example: ${COLOR_GREEN}$0 --host-ssl-enable 42 240${CoR}\n"
exit 1
fi
fi
# Quick check if host exists
check_token_notverbose
local CHECK_RESPONSE=$(curl -s -X GET "$BASE_URL/nginx/proxy-hosts/$HOST_ID" \
-H "Authorization: Bearer $(cat "$TOKEN_FILE")")
if [ "$(echo "$CHECK_RESPONSE" | jq -r .id)" = "null" ]; then
echo -e " ${COLOR_RED}β${CoR} Host ID $HOST_ID not found"
return 1
fi
# Get host domain and current certificate ID
local HOST_DOMAIN=$(echo "$CHECK_RESPONSE" | jq -r '.domain_names[0]')
# Update SSL configuration
local DATA=$(jq -n \
--arg cert_id "$CERT_ID" \
'{
"certificate_id": ($cert_id|tonumber),
"ssl_forced": true,
"http2_support": true
}')
local HTTP_RESPONSE=$(curl -s -w "HTTPSTATUS:%{http_code}" -X PUT "$BASE_URL/nginx/proxy-hosts/$HOST_ID" \
-H "Authorization: Bearer $(cat "$TOKEN_FILE")" \
-H "Content-Type: application/json; charset=UTF-8" \
--data-raw "$DATA")
local HTTP_BODY=${HTTP_RESPONSE//HTTPSTATUS:*/}
local HTTP_STATUS=${HTTP_RESPONSE##*HTTPSTATUS:}
if [ "$HTTP_STATUS" -eq 200 ]; then
echo -e "\n β
${COLOR_GREEN}SSL enabled successfully for${CoR} ${COLOR_YELLOW}$HOST_DOMAIN${CoR} (ID: ${COLOR_CYAN}$HOST_ID${CoR}) (Cert ID: ${COLOR_CYAN}$CERT_ID${CoR})\n"
return 0
#exit 0
else
echo -e "\n β ${COLOR_RED}Failed to enable SSL. HTTP status: $HTTP_STATUS${CoR}\n"
echo -e " π Error details: $HTTP_BODY \n"
return 1
fi
}
################################
# disable_ssl
host_ssl_disable() {
if [ -z "$HOST_ID" ]; then
echo -e "\n β ${COLOR_RED}INVALID command: Missing argument${CoR}"
echo -e " Usage : ${COLOR_ORANGE}$0 --host-ssl-disable <host_id>${CoR}"
echo -e " Find ID: ${COLOR_ORANGE}$0 --host-list${CoR}\n"
exit 1
fi
check_token_notverbose
CHECK_RESPONSE=$(curl -s -X GET "$BASE_URL/nginx/proxy-hosts/$HOST_ID" \
-H "Authorization: Bearer $(cat "$TOKEN_FILE")")
if echo "$CHECK_RESPONSE" | jq -e '.id' > /dev/null 2>&1; then
DATA=$(jq -n --argjson cert_id null '{
certificate_id: $cert_id,
ssl_forced: false,
http2_support: false,
hsts_enabled: false,
hsts_subdomains: false
}')
HTTP_RESPONSE=$(curl -s -w "HTTPSTATUS:%{http_code}" -X PUT "$BASE_URL/nginx/proxy-hosts/$HOST_ID" \
-H "Authorization: Bearer $(cat "$TOKEN_FILE")" \
-H "Content-Type: application/json; charset=UTF-8" \
--data-raw "$DATA")
HTTP_BODY=${HTTP_RESPONSE//HTTPSTATUS:*/}
HTTP_STATUS=${HTTP_RESPONSE##*HTTPSTATUS:}
if [ "$HTTP_STATUS" -eq 200 ]; then
echo -e "\n π« Disabling π SSL for proxy π${COLOR_YELLOW}$HOST_ID${CoR}"
echo -e " β
${COLOR_GREEN}SSL disabled successfully!${CoR} π${COLOR_CYAN}$HOST_ID${CoR}\n"
else
echo " Data sent: $DATA" # Log the data sent
echo -e " β ${COLOR_RED}Failed to disable SSL. HTTP status: $HTTP_STATUS. Response: $HTTP_BODY${CoR}\n"
fi
else
echo -e " β ${COLOR_RED}Proxy host with ID $HOST_ID does not exist.${CoR}\n"
fi
}
################################
# Create a new access list with various options
# Usage:
# access_list_create <name> [options]
# Options:
# --auth <username> <password> Add basic authentication
# --access allow|deny <ip> Add IP access rule
# --satisfy any|all Set satisfy condition (default: all)
# --pass-auth Enable pass auth
access_list_create() {
check_token_notverbose
if [ $# -lt 3 ]; then
echo -e "\n β ${COLOR_RED}ERROR: Arguments insuffisants${CoR}"
echo -e " ${COLOR_CYAN}Usage:${CoR}"
echo -e " 1. ${COLOR_GREEN}Basic Authentication:${CoR}"
echo -e " ${COLOR_ORANGE}$0 --access-list-create <name> --auth <username> <password> [--pass-auth] [--satisfy any|all]${CoR}"
echo -e " 2. ${COLOR_GREEN}IP Access Rules:${CoR}"
echo -e " ${COLOR_ORANGE}$0 --access-list-create <name> --access allow|deny <ip> [--satisfy any|all]${CoR}"
echo -e " 3. ${COLOR_GREEN}Combined Rules:${CoR}"
echo -e " ${COLOR_ORANGE}$0 --access-list-create <name> --auth <user> <pass> --access allow <ip> --satisfy any --pass-auth${CoR}"
echo -e "\n ${COLOR_CYAN}Examples:${CoR}"
echo -e " ${COLOR_GREEN}$0 --access-list-create secure_area --auth admin secret123${CoR}"
echo -e " ${COLOR_GREEN}$0 --access-list-create office --access allow 192.168.1.0/24${CoR}"
echo -e " ${COLOR_GREEN}$0 --access-list-create full_options --auth user1 pass1 --access allow 127.0.0.1 --satisfy any --pass-auth${CoR}\n"
return 1
fi
local NAME="$1"
shift
# Initialize variables
local SATISFY_ANY="false"
local PASS_AUTH="false"
local AUTH_ITEMS="[]"
local IP_CLIENTS="[]"
echo -e "\nπ Creating access list: ${COLOR_GREEN}$NAME${CoR}"
# Process all arguments
while [ $# -gt 0 ]; do
case "$1" in
--auth)
if [ $# -lt 3 ]; then
echo -e "\n β ${COLOR_RED}ERROR: --auth requires username and password${CoR}"
return 1
fi
AUTH_ITEMS=$(echo "$AUTH_ITEMS" | jq --arg user "$2" --arg pass "$3" '. + [{
username: $user,
password: $pass
}]')
shift 3
;;
--access)
if [ $# -lt 3 ]; then
echo -e "\n β ${COLOR_RED}ERROR: --access requires allow/deny and IP${CoR}"
return 1
fi
if [[ ! "$2" =~ ^(allow|deny)$ ]]; then
echo -e "\n β ${COLOR_RED}ERROR: Invalid access type. Must be 'allow' or 'deny'${CoR}"
return 1
fi
IP_CLIENTS=$(echo "$IP_CLIENTS" | jq --arg ip "$3" --arg dir "$2" '. + [{
address: $ip,
directive: $dir
}]')
shift 3
;;
--satisfy)
if [ $# -lt 2 ]; then
echo -e "\n β ${COLOR_RED}ERROR: --satisfy requires any/all${CoR}"
return 1
fi
if [ "$2" = "any" ]; then
SATISFY_ANY="true"
elif [ "$2" = "all" ]; then
SATISFY_ANY="false"
else
echo -e "\n β ${COLOR_RED}ERROR: Invalid satisfy value. Must be 'any' or 'all'${CoR}"
return 1
fi
shift 2
;;
--pass-auth)
PASS_AUTH="true"
shift
;;
*)
echo -e "\n β ${COLOR_RED}ERROR: Unknown option $1${CoR}"
return 1
;;
esac
done
# Vérifier qu'au moins une règle est définie
if [ "$AUTH_ITEMS" = "[]" ] && [ "$IP_CLIENTS" = "[]" ]; then
echo -e "\n β ${COLOR_RED}ERROR: At least one --auth or --access rule is required${CoR}"
return 1
fi
# Build payload
local PAYLOAD=$(jq -n \
--arg name "$NAME" \
--argjson satisfy_any "$SATISFY_ANY" \
--argjson pass_auth "$PASS_AUTH" \
--argjson items "$AUTH_ITEMS" \
--argjson clients "$IP_CLIENTS" \
'{
name: $name,
satisfy_any: $satisfy_any,
pass_auth: $pass_auth,
items: $items,
clients: $clients
}')
# Create access list via API
RESPONSE=$(curl -s -X POST "$BASE_URL/nginx/access-lists" \
-H "Authorization: Bearer $(cat "$TOKEN_FILE")" \
-H "Content-Type: application/json" \
-d "$PAYLOAD")
# Check for errors
if [ "$(echo "$RESPONSE" | jq -r '.error.message // empty')" != "" ]; then
echo -e " β ${COLOR_RED}Failed to create access list${CoR}"
echo -e " Error: $(echo "$RESPONSE" | jq -r '.error.message')"
return 1
fi
# Display results
local NEW_ID=$(echo "$RESPONSE" | jq -r '.id')
echo -e " β
${COLOR_GREEN}Access list created successfully!${CoR}"
echo -e " ββββββββββββββββββββββββββββββββββββββββββββ"
echo -e " β ID: ${COLOR_YELLOW}$NEW_ID${CoR}"
echo -e " β Name: ${COLOR_GREEN}$NAME${CoR}"
echo -e " β Satisfy: ${COLOR_CYAN}$([ "$SATISFY_ANY" = "true" ] && echo "any" || echo "all")${CoR}"
echo -e " β Pass Auth: ${COLOR_CYAN}$([ "$PASS_AUTH" = "true" ] && echo "yes" || echo "no")${CoR}"
if [ "$AUTH_ITEMS" != "[]" ]; then
echo -e " β π€ Authentication Rules:"
echo "$AUTH_ITEMS" | jq -r '.[] | " β β’ User: \(.username)"'
fi
if [ "$IP_CLIENTS" != "[]" ]; then
echo -e " β π Access Rules:"
echo "$IP_CLIENTS" | jq -r '.[] | " β β’ \(.directive) \(.address)"'
fi
echo -e " ββββββββββββββββββββββββββββββββββββββββββββ"
}
access_list_update() {
check_token_notverbose
echo -e "\nπ ${COLOR_CYAN}Updating access list...${CoR}"
echo -e "Enter the ID of the access list to update:"
read -r access_list_id
# Get the current access list details
local current_list=$(curl -s -X GET "$BASE_URL/nginx/access-lists/$access_list_id" \
-H "Authorization: Bearer $(cat "$TOKEN_FILE")")
if [ "$(echo "$current_list" | jq -r '.error | length')" -ne 0 ]; then
echo -e " β ${COLOR_RED}Failed to fetch access list details. Error: $(echo "$current_list" | jq -r '.error')${CoR}"
return 1
fi
# Extract current values
local current_name=$(echo "$current_list" | jq -r '.name')
local current_auth_type=$(echo "$current_list" | jq -r '.auth_type')
local current_satisfy=$(echo "$current_list" | jq -r '.satisfy')
local current_pass_auth=$(echo "$current_list" | jq -r '.pass_auth')
echo -e "\n${COLOR_CYAN}Current Access List Details:${CoR}"
echo -e "Name: $current_name"
echo -e "Auth Type: $current_auth_type"
echo -e "Satisfy Rule: $current_satisfy"
echo -e "Pass Auth: $current_pass_auth"
# Update name
echo -e "\nCurrent name is: ${COLOR_GREEN}$current_name${CoR}"
echo -e "Enter new name (or press Enter to keep current):"
read -r new_name
new_name=${new_name:-$current_name}
# Update auth type
echo -e "\nCurrent auth type is: ${COLOR_GREEN}$current_auth_type${CoR}"
echo -e "Select new authorization type:"
echo "1) Basic Authentication"
echo "2) None (Allow All)"
echo "3) Keep current"
read -r auth_type_choice
local auth_type="$current_auth_type"
local pass_auth=$current_pass_auth
local satisfy="$current_satisfy"
local clients=$(echo "$current_list" | jq '.clients')
local whitelist=$(echo "$current_list" | jq '.whitelist')
case $auth_type_choice in
1)
auth_type="basic"
pass_auth=true
;;
2)
auth_type="none"
pass_auth=false
clients="[]"
whitelist="[]"
;;
esac
if [ "$auth_type" = "basic" ]; then
# Update satisfy rule
echo -e "\nCurrent satisfy rule is: ${COLOR_GREEN}$current_satisfy${CoR}"
echo -e "Select new satisfy rule:"
echo "1) Any (OR) - Client needs to match any of the rules"
echo "2) All (AND) - Client needs to match all rules"
echo "3) Keep current"
read -r satisfy_choice
case $satisfy_choice in
1)
satisfy="any"
;;
2)
satisfy="all"
;;
esac
# Update basic auth users
echo -e "\nDo you want to modify basic auth users? (y/n)"
read -r modify_users
if [ "$modify_users" = "y" ]; then
echo -e "\nCurrent users:"
echo "$current_list" | jq -r '.clients[] | "Username: \(.username)"'
echo -e "\nDo you want to:"
echo "1) Add new users to existing ones"
echo "2) Replace all users"
echo "3) Keep current users"
read -r users_action
case $users_action in
1|2)
[ "$users_action" = "2" ] && clients="["
while true; do
echo -e "\nEnter username:"
read -r username
echo -e "Enter password:"
read -r -s password
if [ "$users_action" = "1" ]; then
clients=$(echo "$clients" | jq '. += [{"username":"'"$username"'","password":"'"$password"'"}]')
else
if [ "$clients" != "[" ]; then
clients="$clients,"
fi
clients="$clients{\"username\":\"$username\",\"password\":\"$password\"}"
fi
echo -e "\nAdd another user? (y/n)"
read -r more_users
[ "$more_users" != "y" ] && break
done
[ "$users_action" = "2" ] && clients="$clients]"
;;
esac
fi
# Update IP whitelist
echo -e "\nDo you want to modify IP whitelist? (y/n)"
read -r modify_ips
if [ "$modify_ips" = "y" ]; then
echo -e "\nCurrent whitelisted IPs:"
echo "$current_list" | jq -r '.whitelist[] | "IP: \(.address)"'
echo -e "\nDo you want to:"
echo "1) Add new IPs to existing ones"
echo "2) Replace all IPs"
echo "3) Keep current IPs"
read -r ips_action
case $ips_action in
1|2)
[ "$ips_action" = "2" ] && whitelist="["
while true; do
echo -e "\nEnter IP address (with optional CIDR, e.g., 192.168.1.0/24):"
read -r ip
if [ "$ips_action" = "1" ]; then
whitelist=$(echo "$whitelist" | jq '. += [{"address":"'"$ip"'","owner":"User"}]')
else
if [ "$whitelist" != "[" ]; then
whitelist="$whitelist,"
fi
whitelist="$whitelist{\"address\":\"$ip\",\"owner\":\"User\"}"
fi
echo -e "Add another IP address? (y/n)"
read -r more_ips
[ "$more_ips" != "y" ] && break
done
[ "$ips_action" = "2" ] && whitelist="$whitelist]"
;;
esac
fi
fi
# Prepare the JSON payload
local payload="{
\"name\": \"$new_name\",
\"satisfy\": \"$satisfy\",
\"pass_auth\": $pass_auth,
\"auth_type\": \"$auth_type\",
\"clients\": $clients,
\"whitelist\": $whitelist
}"
# Update the access list
local response=$(curl -s -X PUT "$BASE_URL/nginx/access-lists/$access_list_id" \
-H "Authorization: Bearer $(cat "$TOKEN_FILE")" \
-H "Content-Type: application/json; charset=UTF-8" \
-d "$payload")
if [ "$(echo "$response" | jq -r '.error | length')" -eq 0 ]; then
echo -e "\n β
${COLOR_GREEN}Access list updated successfully!${CoR}"
echo -e "\n${COLOR_CYAN}Updated Access List Details:${CoR}"
echo -e "ID: $access_list_id"
echo -e "Name: $new_name"
echo -e "Auth Type: $auth_type"
echo -e "Satisfy: $satisfy"
else
echo -e "\n β ${COLOR_RED}Failed to update access list. Error: $(echo "$response" | jq -r '.error')${CoR}"
fi
}
################################
# Delete an access list
access_list_delete() {
if [ -z "$ACCESS_LIST_ID" ]; then
echo -e "\n β ${COLOR_RED}Error: ACCESS_LIST_ID is required.${CoR}"
echo -e " Usage: $0 --access-list-delete <access_list_id> [-y]"
exit 1
fi
check_token_notverbose
echo -e " π Checking access list ID: ${COLOR_YELLOW}$ACCESS_LIST_ID${CoR}"
# Check if access list exists
RESPONSE=$(curl -s -X GET "$BASE_URL/nginx/access-lists/$ACCESS_LIST_ID" \
-H "Authorization: Bearer $(cat "$TOKEN_FILE")")
if [ "$(echo "$RESPONSE" | jq -r '.error.code')" = "404" ]; then
echo -e " β ${COLOR_RED}Access list ID $ACCESS_LIST_ID not found${CoR}"
exit 1
fi
# Show details before deletion
echo -e " ββββββββββββββββββββββββββββββββββββββββββββ"
echo -e " β ID: ${COLOR_YELLOW}$ACCESS_LIST_ID${CoR}"
echo -e " β Name: ${COLOR_GREEN}$(echo "$RESPONSE" | jq -r '.name')${CoR}"
echo -e " ββββββββββββββββββββββββββββββββββββββββββββ"
# Confirm unless AUTO_YES
if [ "$AUTO_YES" != true ]; then
echo -e " β οΈ ${COLOR_RED}WARNING: This action cannot be undone!${CoR}"
read -n 1 -r -p " π Confirm deletion? (y/n): " CONFIRM
echo
if [[ ! $CONFIRM =~ ^[Yy]$ ]]; then
echo -e " β ${COLOR_RED}Operation cancelled${CoR}"
exit 1
fi
fi
# Delete access list
RESPONSE=$(curl -s -X DELETE "$BASE_URL/nginx/access-lists/$ACCESS_LIST_ID" \
-H "Authorization: Bearer $(cat "$TOKEN_FILE")")
if [ "$RESPONSE" = "true" ]; then
echo -e " β
${COLOR_GREEN}Access list successfully deleted! ${CoR}ποΈ "
else
echo -e " β ${COLOR_RED}Failed to delete access list.${CoR}"
if [ -n "$RESPONSE" ]; then
echo -e " Error: $RESPONSE"
fi
exit 1
fi
}
################################
# Show all access lists with detailed information
################################
# Show all access lists with detailed information
access_list() {
check_token_notverbose
echo -e "\nπ ${COLOR_CYAN}Access Lists Management${CoR}\n"
# Get all access lists
RESPONSE=$(curl -s -X GET "$BASE_URL/nginx/access-lists" \
-H "Authorization: Bearer $(cat "$TOKEN_FILE")")
# Check for API errors
if [ "$(echo "$RESPONSE" | jq -r 'if type=="object" then .error.message else empty end')" != "" ]; then
echo -e " β ${COLOR_RED}Failed to fetch access lists${CoR}"
echo -e " Error: $(echo "$RESPONSE" | jq -r '.error.message')"
return 1
fi
# Display table header
echo "ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ"
echo -e "β ${COLOR_CYAN}ID β Name β Authorization β Access β Satisfy β Proxy Hosts ${CoR}β"
echo "ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€"
# Process each access list and format output
echo "$RESPONSE" | jq -r '.[] | "\(.id)|\(.name)|\(if .items then .items|length else 0 end) User\(if (.items|length//0) != 1 then "s" else "" end)|\(if .clients then .clients|length else 0 end) Rule\(if (.clients|length//0) != 1 then "s" else "" end)|\(.satisfy_any)|\(.proxy_host_count)"' | \
while IFS="|" read -r id name users rules satisfy proxy_hosts; do
# Format satisfy display (Any/All)
satisfy_display=$([ "$satisfy" = "true" ] && echo "Any" || echo "All")
# Print formatted line
printf "β %-3s β %-22s β %-13s β %-8s β %-7s β %d Proxy Hosts β\n" \
"$id" \
"$name" \
"$users" \
"$rules" \
"$satisfy_display" \
"$proxy_hosts"
done
# Close table
echo "ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ"
# Display creation date info
echo -e "\n${COLOR_CYAN}Note:${CoR} Use --access-list-show <id> to see detailed information about a specific access list\n"
}
################################
# Show detailed information for a specific access list
access_list_show() {
local id="$1"
check_token_notverbose
if [ -z "$id" ]; then
echo -e "\nβ ${COLOR_RED}Error: Access List ID is required${CoR}"
echo -e "Usage: $0 --access-list-show <id>"
return 1
fi
echo -e "\nπ ${COLOR_CYAN}Access List Details${CoR}"
# Get specific access list
local response=$(curl -s -X GET "$BASE_URL/nginx/access-lists/$id" \
-H "Authorization: Bearer $(cat "$TOKEN_FILE")")
# Check if response is valid JSON
if ! echo "$response" | jq empty 2>/dev/null; then
echo -e "\nβ ${COLOR_RED}Invalid response from API${CoR}"
return 1
fi
# Check if access list exists
if [ "$(echo "$response" | jq 'has("error")')" = "true" ]; then
echo -e "\nβ ${COLOR_RED}Access List not found${CoR}"
return 1
fi
# Create horizontal border
local h_border=$(printf '%*s' "80" '' | tr ' ' "=")
# Display basic information
echo -e "\n${COLOR_GREY}β$h_borderβ${CoR}"
echo -e "${COLOR_GREY}β${CoR} ${COLOR_CYAN}Basic Information${CoR}"
echo -e "${COLOR_GREY}β$h_borderβ€${CoR}"
echo -e "${COLOR_GREY}β${CoR} ID: ${COLOR_GREEN}$(echo "$response" | jq -r '.id')${CoR}"
echo -e "${COLOR_GREY}β${CoR} Name: ${COLOR_YELLOW}$(echo "$response" | jq -r '.name')${CoR}"
echo -e "${COLOR_GREY}β${CoR} Auth Type: ${COLOR_ORANGE}$(echo "$response" | jq -r '.auth_type // "none"')${CoR}"
# Display authentication settings
local pass_auth=$(echo "$response" | jq -r '.pass_auth')
local satisfy=$(echo "$response" | jq -r '.satisfy_any')
echo -e "${COLOR_GREY}β${CoR} Pass Auth: $([ "$pass_auth" = "true" ] && echo "${COLOR_GREEN}β${CoR}" || echo "${COLOR_RED}β${CoR}")"
echo -e "${COLOR_GREY}β${CoR} Satisfy: ${COLOR_YELLOW}$([ "$satisfy" = "true" ] && echo "Any" || echo "All")${CoR}"
# Display users
echo -e "${COLOR_GREY}β$h_borderβ€${CoR}"
echo -e "${COLOR_GREY}β${CoR} ${COLOR_CYAN}Authorized Users${CoR}"
echo -e "${COLOR_GREY}β$h_borderβ€${CoR}"
if [ "$(echo "$response" | jq 'has("items")')" = "true" ] && [ "$(echo "$response" | jq '.items != null')" = "true" ]; then
local users_count=$(echo "$response" | jq '.items | length')
if [ "$users_count" -gt 0 ]; then
echo "$response" | jq -r '.items[] | "β β’ \(.username)"'
else
echo -e "${COLOR_GREY}β${CoR} No users configured"
fi
else
echo -e "${COLOR_GREY}β${CoR} No users configured"
fi
# Display IP whitelist
echo -e "${COLOR_GREY}β$h_borderβ€${CoR}"
echo -e "${COLOR_GREY}β${CoR} ${COLOR_CYAN}IP Whitelist${CoR}"
echo -e "${COLOR_GREY}β$h_borderβ€${CoR}"
if [ "$(echo "$response" | jq 'has("clients")')" = "true" ] && [ "$(echo "$response" | jq '.clients != null')" = "true" ]; then
local ips_count=$(echo "$response" | jq '.clients | length')
if [ "$ips_count" -gt 0 ]; then
echo "$response" | jq -r '.clients[] | "β β’ \(.address) (\(.directive // "allow"))"' | \
while IFS= read -r line; do
if [[ $line == *"allow"* ]]; then
echo -e "${COLOR_GREY}β${CoR} β’ ${COLOR_GREEN}${line#* β’ }${CoR}"
else
echo -e "${COLOR_GREY}β${CoR} β’ ${COLOR_RED}${line#* β’ }${CoR}"
fi
done
else
echo -e "${COLOR_GREY}β${CoR} No IPs whitelisted"
fi
else
echo -e "${COLOR_GREY}β${CoR} No IPs whitelisted"
fi
# Close the box
echo -e "${COLOR_GREY}β$h_borderβ${CoR}"
# Display legend
echo -e "\n${COLOR_YELLOW}Legend:${CoR}"
echo -e " β’ Pass Auth: ${COLOR_GREEN}β${CoR} = Enabled, ${COLOR_RED}β${CoR} = Disabled"
echo -e " β’ IP Rules: ${COLOR_GREEN}allow${CoR} = Allowed, ${COLOR_RED}deny${CoR} = Denied\n"
}
################################
## backup
# Function to make a full backup
full_backup() {
check_dependencies
check_nginx_access
check_token_notverbose
DATE=$(date +"_%Y_%m_%d__%H_%M_%S")
echo -e "\nπ¦ ${COLOR_YELLOW}Starting full backup...${CoR}"
# Initialize counters
local users_count=0
local certs_count=0
local hosts_count=0
local custom_certs_count=0
local letsencrypt_certs_count=0
local access_lists_count=0
local success_count=0
local error_count=0
# Create main backup directory with timestamp
BACKUP_PATH="$BACKUP_DIR"
mkdir -p "$BACKUP_PATH"
# Create required subdirectories
echo -e "\nπ ${COLOR_CYAN}Creating backup directories...${CoR}"
for dir in ".user" ".settings" ".access_lists" ".Proxy_Hosts" ".ssl"; do
mkdir -p "$BACKUP_PATH/$dir" || {
echo -e " β ${COLOR_RED}Failed to create $dir directory${CoR}"
return 1
}
echo -e " β Created: ${COLOR_GREY}$BACKUP_PATH/$dir${CoR}"
done
# Initialize empty JSON for full configuration
echo "{}" > "$BACKUP_PATH/full_config${DATE}.json"
echo -e "\nπ ${COLOR_CYAN}Starting configuration backup...${CoR}"
# 1. Backup Users
# trap 'echo "Error on line $LINENO"' ERR
# set -x # Debug mode ON
echo -e "\nπ₯ ${COLOR_CYAN}Backing up users...${CoR}"
USERS_RESPONSE=$(curl -s -X GET "$BASE_URL/users" \
-H "Authorization: Bearer $(cat "$TOKEN_FILE")")
if [ -n "$USERS_RESPONSE" ] && echo "$USERS_RESPONSE" | jq empty 2>/dev/null; then
users_count=$(echo "$USERS_RESPONSE" | jq '. | length')
# Save users to dedicated file
echo "$USERS_RESPONSE" | jq '.' > "$BACKUP_PATH/.user/users_${NGINX_IP//./_}$DATE.json"
# Add users to full configuration
jq --argjson users "$USERS_RESPONSE" '. + {users: $users}' \
"$BACKUP_PATH/full_config${DATE}.json" > "$BACKUP_PATH/full_config${DATE}.json.tmp"
mv "$BACKUP_PATH/full_config${DATE}.json.tmp" "$BACKUP_PATH/full_config${DATE}.json"
echo -e " β
${COLOR_GREEN}Backed up $users_count users${CoR}"
success_count=$((success_count + 1))
else
echo -e " β οΈ ${COLOR_YELLOW}No users found or invalid response${CoR}"
error_count=$((error_count + 1))
fi
# trap - ERR # Reset trap
# set +x # Debug mode OFF
# 2. Backup settings
echo -e "\nβοΈ ${COLOR_CYAN}Backing up settings...${CoR}"
SETTINGS_RESPONSE=$(curl -s -X GET "$BASE_URL/settings" \
-H "Authorization: Bearer $(cat "$TOKEN_FILE")")
#echo -e "\nπ DEBUG Settings Response: $SETTINGS_RESPONSE" # Debug line
if [ -n "$SETTINGS_RESPONSE" ] && echo "$SETTINGS_RESPONSE" | jq empty 2>/dev/null; then
# Save settings to dedicated file
echo "$SETTINGS_RESPONSE" | jq '.' > "$BACKUP_PATH/.settings/settings_${NGINX_IP//./_}$DATE.json"
# Add settings to full configuration
jq --argjson settings "$SETTINGS_RESPONSE" '. + {settings: $settings}' \
"$BACKUP_PATH/full_config${DATE}.json" > "$BACKUP_PATH/full_config${DATE}.json.tmp"
mv "$BACKUP_PATH/full_config${DATE}.json.tmp" "$BACKUP_PATH/full_config${DATE}.json"
echo -e " β
${COLOR_GREEN}Settings backed up successfully${CoR}"
((success_count++))
else
echo -e " β οΈ ${COLOR_YELLOW}Invalid settings response${CoR}"
((error_count++))
fi
# 3. Backup access lists
echo -e "\nπ ${COLOR_CYAN}Backing up access lists...${CoR}"
ACCESS_LISTS_RESPONSE=$(curl -s -X GET "$BASE_URL/nginx/access-lists" \
-H "Authorization: Bearer $(cat "$TOKEN_FILE")")
if [ -n "$ACCESS_LISTS_RESPONSE" ] && echo "$ACCESS_LISTS_RESPONSE" | jq empty 2>/dev/null; then
access_lists_count=$(echo "$ACCESS_LISTS_RESPONSE" | jq '. | length')
# Save access lists to dedicated file
echo "$ACCESS_LISTS_RESPONSE" | jq '.' > "$BACKUP_PATH/.access_lists/access_lists_${NGINX_IP//./_}$DATE.json"
# Add access lists to full configuration
jq --argjson lists "$ACCESS_LISTS_RESPONSE" '. + {access_lists: $lists}' \
"$BACKUP_PATH/full_config${DATE}.json" > "$BACKUP_PATH/full_config${DATE}.json.tmp"
mv "$BACKUP_PATH/full_config${DATE}.json.tmp" "$BACKUP_PATH/full_config${DATE}.json"
echo -e " β
${COLOR_GREEN}Backed up $access_lists_count access lists${CoR}"
((success_count++))
else
echo -e " β οΈ ${COLOR_YELLOW}No access lists found or invalid response${CoR}"
((error_count++))
fi
# 4. Backup proxy hosts
echo -e "\nπ ${COLOR_CYAN}Backing up proxy hosts...${CoR}"
ALL_HOSTS_RESPONSE=$(curl -s -X GET "$BASE_URL/nginx/proxy-hosts" \
-H "Authorization: Bearer $(cat "$TOKEN_FILE")")
if [ -n "$ALL_HOSTS_RESPONSE" ] && echo "$ALL_HOSTS_RESPONSE" | jq empty 2>/dev/null; then
hosts_count=$(echo "$ALL_HOSTS_RESPONSE" | jq '. | length')
# Save all hosts metadata
echo "$ALL_HOSTS_RESPONSE" | jq '.' > "$BACKUP_PATH/.Proxy_Hosts/all_hosts_${NGINX_IP//./_}$DATE.json"
# Process each proxy host - Utiliser while read avec un pipe pour prΓ©server les variables
while IFS= read -r host; do
local host_id=$(echo "$host" | jq -r '.id')
local domain_name=$(echo "$host" | jq -r '.domain_names[0]' | sed 's/[^a-zA-Z0-9.]/_/g')
local cert_id=$(echo "$host" | jq -r '.certificate_id')
echo -e "\n π₯ Processing host: ${COLOR_GREEN}$domain_name${CoR} (ID: ${COLOR_YELLOW}$host_id${CoR})"
# Create directory for this proxy host
local PROXY_DIR="$BACKUP_PATH/.Proxy_Hosts/$domain_name"
mkdir -p "$PROXY_DIR/ssl" "$PROXY_DIR/logs"
# Save proxy host configuration
echo "$host" | jq '.' > "$PROXY_DIR/proxy_config.json"
# Get and save nginx configuration
local NGINX_CONFIG
NGINX_CONFIG=$(curl -s -X GET "$BASE_URL/nginx/proxy-hosts/$host_id/nginx" \
-H "Authorization: Bearer $(cat "$TOKEN_FILE")")
if [ -n "$NGINX_CONFIG" ]; then
echo "$NGINX_CONFIG" > "$PROXY_DIR/nginx.conf"
fi
# Get and save logs if they exist
curl -s -X GET "$BASE_URL/nginx/proxy-hosts/$host_id/access.log" \
-H "Authorization: Bearer $(cat "$TOKEN_FILE")" > "$PROXY_DIR/logs/access.log"
curl -s -X GET "$BASE_URL/nginx/proxy-hosts/$host_id/error.log" \
-H "Authorization: Bearer $(cat "$TOKEN_FILE")" > "$PROXY_DIR/logs/error.log"
# Process SSL certificate if exists
if [ -n "$cert_id" ] && [ "$cert_id" != "null" ] && [ "$cert_id" != "0" ]; then
echo -e " π Downloading SSL certificate (ID: $cert_id)"
# Get certificate metadata first
local CERT_META
CERT_META=$(curl -s -X GET "$BASE_URL/nginx/certificates/$cert_id" \
-H "Authorization: Bearer $(cat "$TOKEN_FILE")")
if [ -n "$CERT_META" ] && echo "$CERT_META" | jq empty 2>/dev/null; then
echo "$CERT_META" | jq '.' > "$PROXY_DIR/ssl/certificate_meta.json"
# Get certificate content
local CERT_CONTENT
CERT_CONTENT=$(curl -s -X GET "$BASE_URL/nginx/certificates/$cert_id/certificates" \
-H "Authorization: Bearer $(cat "$TOKEN_FILE")" \
-H "Accept: application/json")
if [ -n "$CERT_CONTENT" ] && echo "$CERT_CONTENT" | jq empty 2>/dev/null; then
# Save certificate files in proxy host directory
echo "$CERT_CONTENT" | jq -r '.certificate' > "$PROXY_DIR/ssl/certificate.pem"
echo "$CERT_CONTENT" | jq -r '.private' > "$PROXY_DIR/ssl/private.key"
chmod 600 "$PROXY_DIR/ssl/private.key"
if echo "$CERT_CONTENT" | jq -r '.intermediate' > /dev/null 2>&1; then
echo "$CERT_CONTENT" | jq -r '.intermediate' > "$PROXY_DIR/ssl/chain.pem"
fi
# Create centralized SSL directory structure
local CERT_NAME
CERT_NAME=$(echo "$CERT_META" | jq -r '.nice_name // .domain_names[0]' | sed 's/[^a-zA-Z0-9.]/_/g')
local CENTRAL_SSL_DIR="$BACKUP_PATH/.ssl/$CERT_NAME"
mkdir -p "$CENTRAL_SSL_DIR"
# Save metadata and create symbolic links
echo "$CERT_META" | jq '.' > "$CENTRAL_SSL_DIR/certificate_meta.json"
ln -sf "$PROXY_DIR/ssl/certificate.pem" "$CENTRAL_SSL_DIR/certificate.pem"
ln -sf "$PROXY_DIR/ssl/private.key" "$CENTRAL_SSL_DIR/private.key"
[ -f "$PROXY_DIR/ssl/chain.pem" ] && ln -sf "$PROXY_DIR/ssl/chain.pem" "$CENTRAL_SSL_DIR/chain.pem"
# Add symlink to latest version
ln -sf "$CENTRAL_SSL_DIR" "$BACKUP_PATH/.ssl/${CERT_NAME}_latest"
echo -e " β
${COLOR_GREEN}SSL certificate backed up successfully${CoR}"
((success_count++))
# Count certificate type - maintenant les compteurs fonctionneront
if echo "$CERT_META" | jq -e '.provider // empty | contains("letsencrypt")' >/dev/null 2>&1; then
letsencrypt_certs_count=$((letsencrypt_certs_count + 1))
else
custom_certs_count=$((custom_certs_count + 1))
fi
certs_count=$((certs_count + 1))
success_count=$((success_count + 1))
else
echo -e " β οΈ ${COLOR_YELLOW}Failed to download certificate content${CoR}"
((error_count++))
fi
else
echo -e " β οΈ ${COLOR_YELLOW}Failed to get certificate metadata${CoR}"
((error_count++))
fi
fi
echo -e " β
${COLOR_GREEN}Host $domain_name backed up successfully${CoR}"
done < <(echo "$ALL_HOSTS_RESPONSE" | jq -c '.[]')
# Create latest symlink for hosts
ln -sf "$BACKUP_PATH/.Proxy_Hosts/all_hosts_${NGINX_IP//./_}$DATE.json" \
"$BACKUP_PATH/.Proxy_Hosts/all_hosts_latest.json"
echo -e "\n β
${COLOR_GREEN}Backed up $hosts_count proxy hosts${CoR}"
else
echo -e " β οΈ ${COLOR_YELLOW}No proxy hosts found or invalid response${CoR}"
((error_count++))
fi
# Generate backup report and statistics
echo -e "\nπ ${COLOR_YELLOW}Backup Summary:${CoR}"
echo -e " β’ ${COLOR_CYAN}Users:${CoR} $users_count"
echo -e " β’ ${COLOR_CYAN}Proxy Hosts:${CoR} $hosts_count"
echo -e " β’ ${COLOR_CYAN}SSL Certificates:${CoR} $certs_count"
echo -e " ββ Custom: $custom_certs_count"
echo -e " ββ Let's Encrypt: $letsencrypt_certs_count"
echo -e " β’ ${COLOR_CYAN}Access Lists:${CoR} $access_lists_count"
echo -e " β’ ${COLOR_CYAN}Success/Error:${CoR} $success_count/$error_count"
# Count backup files by type
local total_files=$(find "$BACKUP_PATH" -type f \( \
-name "*.json" -o \
-name "*.conf" -o \
-name "*.log" -o \
-name "*.pem" -o \
-name "*.key" \
\) | wc -l)
local config_files=$(find "$BACKUP_PATH" -maxdepth 1 -type f -name "full_config*.json" | wc -l)
local proxy_files=$(find "$BACKUP_PATH/.Proxy_Hosts" -type f -name "proxy_config.json" | wc -l)
local ssl_files=$(find "$BACKUP_PATH" -type f \( \
-name "certificate*.json" -o \
-name "*.pem" -o \
-name "*.key" \
\) | wc -l)
local access_files=$(find "$BACKUP_PATH/.access_lists" -type f -name "*.json" | wc -l)
local settings_files=$(find "$BACKUP_PATH/.settings" -type f -name "*.json" | wc -l)
local user_files=$(find "$BACKUP_PATH/.user" -type f -name "*.json" | wc -l)
echo -e "\nπ ${COLOR_YELLOW}Backup Files Count:${CoR}"
echo -e " β’ Full Configurations: ${COLOR_GREY}$config_files files${CoR}"
echo -e " β’ Proxy Host Files: ${COLOR_GREY}$proxy_files files${CoR}"
echo -e " β’ SSL Certificate Files: ${COLOR_GREY}$ssl_files files${CoR}"
echo -e " β’ Access List Files: ${COLOR_GREY}$access_files files${CoR}"
echo -e " β’ Settings Files: ${COLOR_GREY}$settings_files files${CoR}"
echo -e " β’ User Files: ${COLOR_GREY}$user_files files${CoR}"
echo -e " β’ ${COLOR_GREEN}Total Backup Files: ${COLOR_GREY}$total_files files${CoR}"
# Display backup locations
echo -e "\nπ ${COLOR_YELLOW}Backup Locations:${CoR}"
echo -e " β’ Full config: ${COLOR_GREY}$BACKUP_PATH/full_config${DATE}.json${CoR}"
echo -e " β’ Latest symlink: ${COLOR_GREY}$BACKUP_PATH/full_config_latest.json${CoR}"
echo -e " β’ Proxy configs: ${COLOR_GREY}$BACKUP_PATH/.Proxy_Hosts/${CoR}"
echo -e " β’ Host list full: ${COLOR_GREY}$BACKUP_PATH/.Proxy_Hosts/all_hosts_latest.json${CoR}"
# Calculate and display total backup size
local backup_size=$(du -sh "$BACKUP_PATH" | cut -f1)
echo -e "\nπΎ ${COLOR_YELLOW}Backup Size:${CoR} ${COLOR_GREY}$backup_size${CoR}"
# Create latest symlink for full configuration
ln -sf "$BACKUP_PATH/full_config${DATE}.json" "$BACKUP_PATH/full_config_latest.json"
# Check for any errors during backup
if [ $error_count -gt 0 ]; then
echo -e "\nβ οΈ ${COLOR_YELLOW}Backup completed with $error_count errors${CoR}"
echo -e " Please check the logs above for details."
else
echo -e "\nβ
${COLOR_GREEN}Backup completed successfully!${CoR}"
fi
echo -e "\nπ ${COLOR_GREY}Backup completed at: $(date '+%Y-%m-%d %H:%M:%S')${CoR}\n"
return $error_count
}
######################################
# Main menu logic
######################################
for arg in "$@"; do
if [ "$arg" = "-y" ]; then
AUTO_YES=true
#echo "Debug global: Setting AUTO_YES=true"
break
fi
done
while [[ "$#" -gt 0 ]]; do
case "$1" in
-O) echo "todo" # WITHOUT output
shift
;;
-J) echo "todo" # JSON ouput
shift
;;
-y) AUTO_YES=true; shift;;
--help) SHOW_HELP=true; shift;;
--examples) EXAMPLES=true; shift;;
--info) INFO=true; shift;;
--show-default) SHOW_DEFAULT=true; shift;;
--check-token) CHECK_TOKEN=true; shift;;
--backup) BACKUP=true; shift;;
--backup-host)
shift
if [[ -n "$1" && "$1" != -* ]]; then
HOST_ID="$1"
shift
fi
BACKUP_HOST=true
;;
--backup-host-list) BACKUP_LIST=true; shift;;
--restore-host)
shift
if [[ -n "$1" && "$1" != -* ]]; then
DOMAIN="$1"
shift
else
list_backups
echo -n "Enter domain to restore: "
read -r DOMAIN
fi
RESTORE_HOST=true
;;
--restore-backup) RESTORE_BACKUP=true; shift;;
--clean-hosts)
exit 1 # not use !
CLEAN_HOSTS=true
shift
if [[ -n "$1" && "$1" != -* ]]; then
BACKUP_FILE="$1"
shift
else
BACKUP_FILE="$DEFAULT_BACKUP_FILE"
fi
;;
--user-list) USER_LIST=true; shift;;
--user-create)
shift
if [[ $# -lt 3 ]]; then
echo -e "\n π€ ${COLOR_RED}The --user-create option requires username, password, and email.${CoR}"
echo -e " Usage: ${COLOR_ORANGE}$0 --user-create <username> <password> <email>${CoR}"
echo -e " Example:"
echo -e " ${COLOR_GREEN}$0 --user-create john secretpass john@domain.com${CoR}\n"
exit 1
fi
USERNAME="$1"
PASSWORD="$2"
EMAIL="$3"
USER_CREATE=true
shift 3
;;
--user-delete)
shift
if [[ $# -eq 0 ]]; then
echo -e "\n β ${COLOR_RED}INVALID: The --user-delete option requires a user π.${CoR}"
echo -e " Usage: ${COLOR_ORANGE}$0 --user-delete <user_id>${CoR}"
exit 1
fi
USER_ID="$1"
USER_DELETE=true
shift
;;
--host-show)
shift
if [[ $# -eq 0 ]]; then
echo -e "\n β ${COLOR_RED}INVALID: The --host-show option requires a host ${CoR}π"
echo -e " Usage : ${COLOR_ORANGE}$0 --host-show <ID>${CoR}"
echo -e " Example: $0 --host-show 42"
echo -e " Find ID: $0 --host-list\n"
exit 1
fi
host_id="$1"
HOST_SHOW=true
shift
;;
--host-list) HOST_LIST=true; shift;;
--host-list-full) HOST_LIST_FULL=true; shift;;
--host-search)
shift
HOST_SEARCHNAME="${1:-}"
if [ -z "$HOST_SEARCHNAME" ]; then
echo -e "\n β ${COLOR_RED}INVALID: The --host-search option requires a host name.${CoR}"
echo -e " Usage : ${COLOR_ORANGE}$0 --host-search hostname${CoR}"
echo -e " Example: $0 --host-search domain.com ${COLOR_YELLOW}or${CoR} dom ${COLOR_YELLOW}or${CoR} .com"
echo -e " Find ID: $0 --host-list\n"
exit 1
fi
HOST_SEARCH=true
shift
;;
--host-enable)
shift
if [ $# -eq 0 ] || [[ "$1" == -* ]]; then
echo -e "\n β ${COLOR_RED}INVALID: The --host-enable option requires a host${CoR} π"
echo -e " Usage : ${COLOR_ORANGE}$0 --host-enable <host_id>${CoR}"
echo -e " Example: $0 --host-enable 42"
echo -e " Find ID: $0 --host-list\n"
exit 1
fi
HOST_ID="$1"
HOST_ENABLE=true
shift
;;
--host-disable)
shift
if [[ $# -eq 0 ]]; then
echo -e "\n β ${COLOR_RED}INVALID: The --host-disable option requires host${CoR} π"
echo -e " Usage : ${COLOR_GREEN}$0 --host-disable <host_id>${CoR}"
echo -e " Example: $0 --host-disable 42"
echo -e " Find ID: $0 --host-list\n"
exit 1
fi
HOST_ID="$1"
HOST_DISABLE=true
shift
;;
--host-delete)
shift
if [ $# -eq 0 ] || [[ "$1" == -* ]]; then
echo -e "\n β ${COLOR_RED}INVALID: The --host-delete option requires a host${CoR} π"
echo -e " ${COLOR_CYAN}Usage:${CoR}"
echo -e " ${COLOR_ORANGE}$0 --host-delete <host_id> [-y]${CoR}"
echo -e " ${COLOR_CYAN}Examples:${CoR}"
echo -e " ${COLOR_GREEN}$0 --host-delete 42${CoR}"
echo -e " ${COLOR_GREEN}$0 --host-delete 42 -y${CoR} ${COLOR_GREY}# Skip confirmation${CoR}"
echo -e "\n ${COLOR_YELLOW}π‘ Tip: Use --host-list to see all available hosts and their IDs${CoR}"
exit 1
fi
if [[ "$1" =~ ^[0-9]+$ ]]; then
HOST_ID="$1"
HOST_DELETE=true
shift
else
echo -e "\n β ${COLOR_RED}INVALID: Invalid host ID '$1' - must be a number${CoR}"
echo -e "\n${COLOR_CYAN}Example:${CoR}"
echo -e " ${COLOR_GREEN}$0 --host-delete 42${CoR}"
echo -e "\n${COLOR_YELLOW}π‘ Tip: Use --host-list to see all available hosts and their IDs${CoR}"
exit 1
fi
;;
--host-update)
if [[ "$#" -lt 3 ]]; then
echo -e "\n β ${COLOR_RED}INVALID: L'option --host-update requiert un host π et une paire field=value.${CoR}"
echo -e " Usage : ${COLOR_GREEN}$0 --host-update <host_id> <field=value>${CoR}"
echo -e " Find ID: $0 --host-list${CoR}\n"
exit 1
fi
# Check if $2 is a number
if [[ "$2" =~ ^[0-9]+$ ]]; then
HOST_ID="$2"
FIELD_VALUE="$3"
# On sΓ©pare FIELD et VALUE
if [[ "$FIELD_VALUE" == *"="* ]]; then
FIELD=$(echo "$FIELD_VALUE" | cut -d '=' -f1)
VALUE=$(echo "$FIELD_VALUE" | cut -d '=' -f2-)
HOST_UPDATE=true
else
echo -e "\n β ${COLOR_RED}INVALID: La paire field=value est incorrecte.${CoR}"
echo -e " Exemple: $0 --host-update 42 forward_host=new.backend.local"
exit 1
fi
shift 3
#host_update "$HOST_ID" "$FIELD" "$VALUE"
#HOST_UPDATE=true
else
echo -e "\n β ${COLOR_RED}INVALID: L'option --host-update requiert un host π valide (numΓ©rique).${CoR}"
exit 1
fi
;;
--host-create)
HOST_CREATE=true
shift
# Check if there are any remaining arguments after shift
if [ $# -eq 0 ]; then
echo -e "\n β ${COLOR_RED}INVALID: The --host-create option requires arguments${CoR}"
echo -e "\n Required options:"
echo -e " β’ Domain name ${COLOR_GREY}(positional argument)${CoR}"
echo -e " β’ -i, --forward-host ${COLOR_GREY}Forward host (e.g., 127.0.0.1)${CoR}"
echo -e " β’ -p, --forward-port ${COLOR_GREY}Forward port (e.g., 8080)${CoR}"
echo -e "\n Optional:"
echo -e " β’ -f, --forward-scheme ${COLOR_GREY}Protocol (http/https, default: http)${CoR}"
echo -e " β’ -b, --block-exploits ${COLOR_GREY}Block common exploits (true/false)${CoR}"
echo -e " β’ -c, --cache ${COLOR_GREY}Enable caching (true/false)${CoR}"
echo -e " β’ -w, --websocket ${COLOR_GREY}Allow websocket upgrade (true/false)${CoR}"
echo -e " β’ -h, --http2 ${COLOR_GREY}Enable HTTP/2 support (true/false)${CoR}"
echo -e " β’ -s, --ssl-force ${COLOR_GREY}Force SSL (true/false)${CoR}"
echo -e "\n Can be combined with:"
echo -e " β’ --cert-generate ${COLOR_GREY}Generate SSL certificate${CoR}"
echo -e " β’ --host-ssl-enable ${COLOR_GREY}Enable SSL after creation${CoR}"
echo -e " β’ -y ${COLOR_GREY}Skip all confirmations${CoR}"
echo -e "\n Examples:"
echo -e " ${COLOR_GREEN}$0 --host-create example.com -i 127.0.0.1 -p 8080${CoR}"
echo -e " ${COLOR_GREEN}$0 --host-create example.com -i 127.0.0.1 -p 8080 --cert-generate --host-ssl-enable -y${CoR}\n"
exit 1
fi
# Check if first argument is a valid domain (not starting with -)
if [[ "$1" == -* ]]; then
echo -e "\n β ${COLOR_RED}INVALID: First argument after --host-create must be a domain name${CoR}"
exit 1
fi
DOMAIN_NAMES="$1"
shift
# Process remaining options
while [[ $# -gt 0 ]]; do
case "$1" in
-i|--forward-host)
if [[ -n "$2" && "$2" != -* ]]; then
FORWARD_HOST="$2"
shift 2
else
echo -e "\n β ${COLOR_RED}INVALID: The --forward-host option requires a valid value${CoR}"
echo -e "\n Required options:"
echo -e " β’ Domain name ${COLOR_GREY}(positional argument)${CoR}"
echo -e " β’ -i, --forward-host ${COLOR_GREY}Forward host (e.g., 127.0.0.1)${CoR}"
echo -e " β’ -p, --forward-port ${COLOR_GREY}Forward port (e.g., 8080)${CoR}"
echo -e "\n Optional:"
echo -e " β’ -f, --forward-scheme ${COLOR_GREY}Protocol (http/https, default: http)${CoR}"
echo -e " β’ -b, --block-exploits ${COLOR_GREY}Block common exploits (true/false, default: false)${CoR}"
echo -e " β’ -c, --cache ${COLOR_GREY}Enable caching (true/false, default: false)${CoR}"
echo -e " β’ -w, --websocket ${COLOR_GREY}Allow websocket upgrade (true/false, default: false)${CoR}"
echo -e " β’ -h, --http2 ${COLOR_GREY}Enable HTTP/2 support (true/false, default: false)${CoR}"
echo -e " β’ -s, --ssl-force ${COLOR_GREY}Force SSL (true/false, default: false)${CoR}"
exit 1
fi
;;
-p|--forward-port)
if [[ -n "$2" && "$2" != -* && "$2" =~ ^[0-9]+$ ]]; then
FORWARD_PORT="$2"
shift 2
else
echo -e "\n β ${COLOR_RED}INVALID: The --forward-port option requires a valid number${CoR}"
echo -e "\n Required options:"
echo -e " β’ Domain name ${COLOR_GREY}(positional argument)${CoR}"
echo -e " β’ -i, --forward-host ${COLOR_GREY}Forward host (e.g., 127.0.0.1)${CoR}"
echo -e " β’ -p, --forward-port ${COLOR_GREY}Forward port (e.g., 8080)${CoR}"
exit 1
fi
;;
-f|--forward-scheme)
if [[ -n "$2" && "$2" != -* && "$2" =~ ^(http|https)$ ]]; then
FORWARD_SCHEME="$2"
shift 2
else
echo -e "\n β ${COLOR_RED}INVALID: The --forward-scheme option must be 'http' or 'https'${CoR}"
exit 1
fi
;;
-b|--block-exploits|-c|--cache|-w|--websocket|-h|--http2|-s|--ssl-force)
# Process boolean options
opt_name=${1#-?}
opt_name=${opt_name#--}
if [[ "$2" =~ ^(true|false)$ ]]; then
case "$opt_name" in
block-exploits) BLOCK_EXPLOITS="$2" ;;
cache) CACHE_ENABLED="$2" ;;
websocket) WEBSOCKET_SUPPORT="$2" ;;
http2) HTTP2_SUPPORT="$2" ;;
ssl-force) SSL_FORCED="$2" ;;
esac
shift 2
else
echo -e "\n β ${COLOR_RED}INVALID: The $1 option must be 'true' or 'false'${CoR}"
exit 1
fi
;;
# Support for chaining commands
--cert-generate|--host-ssl-enable|-y|--cert-email|--dns-provider|--dns-credentials)
# Just store these flags, they'll be processed later
case "$1" in
--cert-generate)
CERT_GENERATE=true
shift
if [ $# -gt 0 ] && [[ "$1" != --* ]]; then
CERT_DOMAIN="$1"
shift
else
# Si pas d'argument spΓ©cifique pour --cert-generate, utiliser le domaine du host
CERT_DOMAIN="$DOMAIN_NAMES"
fi
;;
--cert-email) shift; CERT_EMAIL="$1"; shift ;;
--dns-provider) shift; CERT_DNS_PROVIDER="$1"; shift ;;
--dns-credentials) shift; CERT_DNS_CREDENTIALS="$1"; shift ;;
--host-ssl-enable) HOST_SSL_ENABLE=true; shift ;;
-y) AUTO_YES=true; shift ;;
esac
;;
*)
if [[ "$1" == -* ]]; then
echo -e "\n β οΈ ${COLOR_YELLOW}WARNING: Unknown option ignored -> $1${CoR}"
fi
shift
;;
esac
done
# check settings
if [ -z "$FORWARD_HOST" ] || [ -z "$FORWARD_PORT" ]; then
echo -e "\n β ${COLOR_RED}INVALID: Missing required parameters${CoR}"
echo -e " Required options:"
echo -e " β’ Domain name: ${COLOR_GREEN}$DOMAIN_NAMES${CoR} ${COLOR_GREY}(provided)${CoR}"
[ -z "$FORWARD_HOST" ] && echo -e " β’ -i, --forward-host ${COLOR_RED}Missing${CoR}"
[ -z "$FORWARD_PORT" ] && echo -e " β’ -p, --forward-port ${COLOR_RED}Missing${CoR}"
echo -e "\n Example:"
echo -e " ${COLOR_GREEN}$0 --host-create example.com -i 127.0.0.1 -p 8080${CoR}\n"
exit 1
fi
# Create proxy host
create_or_update_proxy_host "$DOMAIN_NAMES" "$FORWARD_HOST" "$FORWARD_PORT" \
"${FORWARD_SCHEME:-http}" "${BLOCK_EXPLOITS:-false}" "${CACHE_ENABLED:-false}" \
"${WEBSOCKET_SUPPORT:-false}" "${HTTP2_SUPPORT:-false}" "${SSL_FORCED:-false}"
;;
--host-ssl-enable)
shift
if [ $# -eq 0 ] || [[ "$1" == -* ]]; then
echo -e "\n β ${COLOR_RED}The --host-ssl-enable option requires a host ID and certificate ID.${CoR}"
echo -e "\n ${COLOR_CYAN}Usage:${CoR}"
echo -e " ${COLOR_ORANGE}$0 --host-ssl-enable <host_id> <cert_id>${CoR}"
echo -e " ${COLOR_CYAN}Examples:${CoR}"
echo -e " ${COLOR_GREEN}$0 --host-ssl-enable 42 240${CoR}"
echo -e " ${COLOR_GREEN}$0 --host-ssl-enable 42 240 -y${CoR} ${COLOR_GREY}# Skip confirmation${CoR}"
echo -e " ${COLOR_YELLOW}π‘ Tips:${CoR}"
echo -e " β’ Use ${COLOR_GREEN}--host-list${CoR} to see all available hosts"
echo -e " β’ Use ${COLOR_GREEN}--cert-list${CoR} to see all available certificates\n"
exit 1
fi
if [[ "$1" =~ ^[0-9]+$ ]]; then
HOST_ID="$1"
shift
# Check for mandatory cert_id
if [ $# -gt 0 ] && [[ "$1" =~ ^[0-9]+$ ]]; then
CERT_ID="$1"
shift
else
echo -e "\n β ${COLOR_RED}ERROR: Certificate ID is required${CoR}"
echo -e " ${COLOR_CYAN}Usage:${CoR} $0 --host-ssl-enable <host_id> <cert_id>"
echo -e " ${COLOR_YELLOW}π‘ Use --cert-list to see all available certificates${CoR}\n"
exit 1
fi
HOST_SSL_ENABLE=true
else
echo -e "\n β ${COLOR_RED}ERROR: Invalid host ID '$1' - must be a number${CoR}"
echo -e " ${COLOR_CYAN}Usage:${CoR} $0 --host-ssl-enable <host_id> <cert_id>"
echo -e " ${COLOR_YELLOW}π‘ Use --host-list to see all available hosts${CoR}\n"
exit 1
fi
;;
--host-ssl-disable)
HOST_SSL_DISABLE=true
shift
if [ $# -gt 0 ]; then
HOST_ID="$1"
shift
else
echo -e "\n β ${COLOR_RED}INVALID command: Missing argument${CoR}"
echo -e " Usage : ${COLOR_ORANGE}$0 --host-ssl-disable <host_id>${CoR}"
echo -e " Find HostID: ${COLOR_GREEN}$0 --host-list${CoR}\n"
exit 1
fi
;;
--host-acl-enable)
HOST_ACL_ENABLE=true
shift
if [ $# -lt 2 ]; then
echo -e "\n β ${COLOR_RED}INVALID: The --host-acl-enable option requires two arguments: host_id and access_list_id${CoR}"
echo -e " Usage : ${COLOR_ORANGE}$0 --host-acl-enable <host_id> <access_list_id>${CoR}"
echo -e " Example: ${COLOR_GREEN}$0 --host-acl-enable 42 5${CoR}"
echo -e " Find ID: ${COLOR_ORANGE}$0 --host-list${CoR} AND ${COLOR_ORANGE}--access-list${CoR}\n"
exit 1
fi
HOST_ID="$1"
ACCESS_LIST_ID="$2"
shift 2
;;
--host-acl-disable)
HOST_ACL_DISABLE=true
shift
if [ $# -gt 0 ]; then
HOST_ID="$1"
shift
else
echo -e "\n β ${COLOR_RED}The --host-acl-disable option requires a host ID.${CoR}"
echo -e " Usage: $0 --host-acl-disable <host_id>\n"
exit 1
fi
#host_acl_disable "$HOST_ID"
;;
--cert-generate)
shift
if [ $# -eq 0 ] || [[ "$1" == -* ]]; then
echo -e "\n π‘οΈ ${COLOR_RED}The --cert-generate option requires a domain.${CoR}"
echo -e "\n ${COLOR_ORANGE}Usage: $0 --cert-generate domain [email] [dns-provider <provider>] [dns-credentials <json>]${CoR}"
echo -e "\n ${COLOR_YELLOW}Options${CoR}:"
echo -e " β’ --dns-provider <provider> : DNS provider for wildcard certificates"
echo -e " β’ --dns-credentials <json> : DNS credentials in JSON format"
echo -e " β’ --host-ssl-enable : Enable SSL after certificate generation"
echo -e " β’ -y : Skip confirmations"
echo -e " ${COLOR_YELLOW}Note${CoR}:\n β’ If email is not provided, default email ${COLOR_YELLOW}$DEFAULT_EMAIL${CoR} will be used"
echo -e " β’ For wildcard certificates (${COLOR_YELLOW}*.domain.com${CoR}), DNS challenge is required\n"
echo -e " Examples:"
echo -e " ${COLOR_GREEN}$0 --cert-generate example.com${CoR}"
echo -e " ${COLOR_GREEN}$0 --cert-generate example.com admin@example.com${CoR}"
echo -e " ${COLOR_GREEN}$0 --cert-generate *.example.com --dns-provider cloudflare --dns-credentials '{\"dns_cloudflare_email\":\"your@email.com\",\"dns_cloudflare_api_key\":\"your-api-key\"}'${CoR}\n"
exit 1
fi
# Store domain
CERT_DOMAIN="$1"
CERT_DNS_PROVIDER=""
CERT_DNS_CREDENTIALS=""
HOST_SSL_ENABLE=false
shift
# Check and store email
if [ $# -gt 0 ] && [[ "$1" != -* ]]; then
CERT_EMAIL="$1"
shift
else
CERT_EMAIL="$DEFAULT_EMAIL"
fi
# Parse DNS options
while [ $# -gt 0 ] && [[ "$1" == --* ]]; do
case "$1" in
--dns-provider)
shift
if [ $# -gt 0 ] && [[ "$1" != --* ]]; then
CERT_DNS_PROVIDER="$1"
shift
else
echo -e "\n β ${COLOR_RED}Missing DNS provider value${CoR}"
exit 1
fi
;;
--dns-credentials)
shift
if [ $# -gt 0 ] && [[ "$1" != --* ]]; then
CERT_DNS_CREDENTIALS="$1"
shift
else
echo -e "\n β ${COLOR_RED}Missing DNS credentials${CoR}"
exit 1
fi
;;
--host-ssl-enable)
HOST_SSL_ENABLE=true
shift
;;
*)
echo -e "\n β οΈ ${COLOR_YELLOW}Unknown option: $1${CoR}"
shift
;;
esac
done
# Validate wildcard certificate requirements
if [[ "$CERT_DOMAIN" == \** ]]; then
if [ -z "$CERT_DNS_PROVIDER" ] || [ -z "$CERT_DNS_CREDENTIALS" ]; then
echo -e "\n β ${COLOR_RED}Wildcard certificates require DNS challenge. Please provide --dns-provider and --dns-credentials.${CoR}"
echo -e " Example: ${COLOR_GREEN}$0 --cert-generate *.example.com --dns-provider cloudflare --dns-credentials '{\"dns_cloudflare_email\":\"your@email.com\",\"dns_cloudflare_api_key\":\"your-api-key\"}'${CoR}\n"
exit 1
fi
fi
# Set flag after validating all arguments
CERT_GENERATE=true
;;
--cert-delete)
shift
if [ $# -eq 0 ] || [[ "$1" == -* ]]; then
echo -e "\n β ${COLOR_RED}The --cert-delete option requires a certificate ID.${CoR}"
echo -e "\n ${COLOR_CYAN}Usage:${CoR}"
echo -e " ${COLOR_ORANGE}$0 --cert-delete <cert_id> [-y]${CoR}"
echo -e "\n ${COLOR_CYAN}Examples:${CoR}"
echo -e " ${COLOR_GREEN}$0 --cert-delete 240${CoR}"
echo -e " ${COLOR_GREEN}$0 --cert-delete 240 -y${CoR} ${COLOR_GREY}# Skip confirmation${CoR}"
echo -e "\n ${COLOR_YELLOW}π‘ Tips:${CoR}"
echo -e " β’ Use ${COLOR_GREEN}--cert-list${CoR} to see all certificates and their IDs\n"
exit 1
fi
CERT_DELETE=true
CERT_ID="$1"
shift
;;
--cert-show)
shift
search_term="${1:-}"
CERT_SHOW=true
if [ -n "$search_term" ]; then
shift
fi
;;
--cert-list) LIST_CERT_ALL=true; shift;;
--access-list) ACCESS_LIST=true; shift;;
--access-list-show)
ACCESS_LIST_SHOW=true
shift
ACCESS_LIST_ID="$1"
shift
;;
--access-list-create)
shift
if access_list_create "$@"; then
exit 0
else
exit 1
fi
;;
--access-list-update) ACCESS_LIST_UPDATE=true; shift ;;
--access-list-delete)
shift
if [ $# -eq 0 ] || [[ "$1" == -* ]]; then
echo -e "\n β ${COLOR_RED}The --access-list-delete option requires an access list ID.${CoR}"
echo -e " ${COLOR_CYAN}Usage:${CoR}"
echo -e " ${COLOR_ORANGE}$0 --access-list-delete <access_list_id> [-y]${CoR}"
echo -e " ${COLOR_CYAN}Examples:${CoR}"
echo -e " ${COLOR_GREEN}$0 --access-list-delete 42${CoR}"
echo -e " ${COLOR_GREEN}$0 --access-list-delete 42 -y${CoR} ${COLOR_GREY}# Skip confirmation${CoR}"
echo -e " ${COLOR_YELLOW}π‘ Tip: Use --access-list to see all available access lists${CoR}"
exit 1
fi
if [[ "$1" =~ ^[0-9]+$ ]]; then
ACCESS_LIST_ID="$1"
ACCESS_LIST_DELETE=true
shift
else
echo -e "\n β ${COLOR_RED}INVALID: Invalid access list ID '$1' - must be a number${CoR}"
echo -e " ${COLOR_CYAN}Examples:${CoR}"
echo -e " ${COLOR_GREEN}$0 --access-list-delete 42${CoR}"
echo -e " ${COLOR_GREEN}$0 --access-list-delete 42 -y${CoR} ${COLOR_GREY}# Skip confirmation${CoR}"
echo -e " ${COLOR_YELLOW}π‘ Tip: Use --access-list to see all available access lists${CoR}"
exit 1
fi
;;
*)
echo -e "\n ${COLOR_RED}β Unknown option:${CoR} $1"
echo -e " ${COLOR_GREY}Use --help to see available commands.${CoR}\n"
exit 1
;;
esac
#shift
done
##############################################################
# logic
##############################################################
#echo "Debug after case: ACCESS_LIST_DELETE=$ACCESS_LIST_DELETE ACCESS_LIST_ID=$ACCESS_LIST_ID AUTO_YES=$AUTO_YES"
if [ "$SHOW_HELP" = true ]; then
show_help
elif [ "$SHOW_DEFAULT" = true ]; then
show_default
elif [ "$EXAMPLES" = true ]; then
examples_cli
elif [ "$CHECK_TOKEN" = true ]; then
check_token true
# Actions users
elif [ "$USER_CREATE" = true ]; then
user_create "$USERNAME" "$PASSWORD" "$EMAIL"
elif [ "$USER_DELETE" = true ]; then
user_delete "$USER_ID"
elif [ "$USER_LIST" = true ]; then
user_list
elif [ "$CERT_DELETE" = true ]; then
cert_delete "$CERT_ID"
elif [ "$CERT_SHOW" = true ]; then
cert_show "$search_term"
elif [ "$LIST_CERT_ALL" = true ]; then
list_cert_all
elif [ "$ACCESS_LIST" = true ]; then
access_list
elif [ "$ACCESS_LIST_CREATE" = true ]; then
access_list_create
elif [ "$ACCESS_LIST_UPDATE" = true ]; then
access_list_update
elif [ "$ACCESS_LIST_DELETE" = true ]; then
access_list_delete
elif [ "$ACCESS_LIST_SHOW" = true ]; then
access_list_show "$ACCESS_LIST_ID"
# Actions hotes
elif [ "$HOST_LIST" = true ]; then
host_list
elif [ "$HOST_LIST_FULL" = true ]; then
host_list_full
elif [ "$HOST_SEARCH" = true ]; then
host_search
elif [ "$HOST_SHOW" = true ]; then
host_show "$HOST_ID"
elif [ "$HOST_CREATE" = true ]; then
create_or_update_proxy_host "$DOMAIN_NAMES" "$FORWARD_HOST" "$FORWARD_PORT"
# Set CERT_DOMAIN if cert generation is requested
if [ "$CERT_GENERATE" = true ]; then
cert_generate "$DOMAIN_NAMES" "$CERT_EMAIL" "$CERT_DNS_PROVIDER" "$CERT_DNS_CREDENTIALS"
if [ "$HOST_SSL_ENABLE" = true ]; then
echo "DEBUG: HOST_ID=$HOST_ID"
echo "DEBUG: GENERATED_CERT_ID=$GENERATED_CERT_ID"
host_ssl_enable "$HOST_ID" "$GENERATED_CERT_ID"
fi
fi
exit 0
# Actions SSL
elif [ "$CERT_GENERATE" = true ] && [ "$HOST_CREATE" != true ]; then # β
Ajout de la condition
cert_generate "$CERT_DOMAIN" "$CERT_EMAIL" "$CERT_DNS_PROVIDER" "$CERT_DNS_CREDENTIALS"
if [ "$HOST_SSL_ENABLE" = true ]; then
host_ssl_enable "$HOST_ID"
exit 0
fi
#elif [ "$CERT_GENERATE" = true ]; then
# cert_generate "$CERT_DOMAIN" "$CERT_EMAIL" "$CERT_DNS_PROVIDER" "$CERT_DNS_CREDENTIALS"
# If --host-ssl-enable
# if [ "$HOST_SSL_ENABLE" = true ]; then
# host_ssl_enable "$HOST_ID"
# exit 0
# fi
elif [ "$HOST_DELETE" = true ]; then
host_delete "$HOST_ID"
elif [ "$HOST_ENABLE" = true ]; then
host_enable "$HOST_ID"
elif [ "$HOST_DISABLE" = true ]; then
host_disable "$HOST_ID"
elif [ "$HOST_UPDATE" = true ]; then
host_update "$HOST_ID" "$FIELD" "$VALUE"
exit 0
# Actions ACL
elif [ "$HOST_ACL_ENABLE" = true ]; then
host_acl_enable
elif [ "$HOST_ACL_DISABLE" = true ]; then
host_acl_disable
elif [ "$HOST_SSL_ENABLE" = true ]; then
host_ssl_enable "$HOST_ID" "$CERT_ID"
elif [ "$HOST_SSL_DISABLE" = true ]; then
host_ssl_disable
elif [ "$SSL_RESTORE" = true ]; then
restore_ssl_certificates
# Actions backup/restore
elif [ "$BACKUP" = true ]; then
full_backup
elif [ "$BACKUP_HOST" = true ]; then
backup_host
elif [ "$BACKUP_LIST" = true ]; then
list_backups
# restore all configurations or specific domain or certificates only
elif [ "$RESTORE_BACKUP" = true ]; then
restore_backup
elif [ "$RESTORE_HOST" = true ]; then
restore_host
elif [ "$CLEAN_HOSTS" = true ]; then
clean-hosts
#reimport_hosts "$@"
#reimport_hosts "$BACKUP_FILE"
#exit $?
#check_validity_of_backup_file "$BACKUP_FILE"
else
display_info
exit 0
#
# echo -e "\n β ${COLOR_RED}No valid option provided${CoR}"
# echo -e " Use --help to see available commands."
# exit 1
fi