77 lines
3.1 KiB
Bash
Executable File
77 lines
3.1 KiB
Bash
Executable File
#!/usr/bin/env bash
|
|
# Create NPMplus proxy host for cybersecur.d-bis.org → static upstream (default: MIM web nginx IP).
|
|
# Prerequisites: DNS A record for cybersecur.d-bis.org (Cloudflare → origin); static files on upstream (see CyberSecur-Global/deploy/).
|
|
set -euo pipefail
|
|
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
|
|
PROJECT_ROOT="$(cd "$SCRIPT_DIR/../.." && pwd)"
|
|
# shellcheck disable=1091
|
|
source "${PROJECT_ROOT}/config/ip-addresses.conf" 2>/dev/null || true
|
|
_orig_npm_url="${NPM_URL:-}"
|
|
_orig_npm_email="${NPM_EMAIL:-}"
|
|
_orig_npm_password="${NPM_PASSWORD:-}"
|
|
if [[ -f "${PROJECT_ROOT}/.env" ]]; then
|
|
set +u
|
|
set -a
|
|
# shellcheck disable=1091
|
|
source "${PROJECT_ROOT}/.env" 2>/dev/null || true
|
|
set +a
|
|
set -u
|
|
[[ -n "$_orig_npm_url" ]] && NPM_URL="$_orig_npm_url"
|
|
[[ -n "$_orig_npm_email" ]] && NPM_EMAIL="$_orig_npm_email"
|
|
[[ -n "$_orig_npm_password" ]] && NPM_PASSWORD="$_orig_npm_password"
|
|
fi
|
|
|
|
NPM_URL="${NPM_URL:-https://${IP_NPMPLUS:-192.168.11.167}:81}"
|
|
NPM_EMAIL="${NPM_EMAIL:?Set NPM_EMAIL}"
|
|
NPM_PASSWORD="${NPM_PASSWORD:?Set NPM_PASSWORD}"
|
|
|
|
DOMAIN="${CYBERSECUR_DOMAIN:-cybersecur.d-bis.org}"
|
|
FORWARD_HOST="${CYBERSECUR_FORWARD_HOST:-${IP_MIM_WEB:-192.168.11.37}}"
|
|
FORWARD_PORT="${CYBERSECUR_FORWARD_PORT:-80}"
|
|
|
|
curl_npm() { curl -s -k -L --connect-timeout 10 --max-time "${NPM_CURL_MAX_TIME:-120}" "$@"; }
|
|
|
|
AUTH_JSON=$(jq -n --arg identity "$NPM_EMAIL" --arg secret "$NPM_PASSWORD" '{identity:$identity,secret:$secret}')
|
|
TOKEN_RESPONSE=$(curl_npm -X POST "$NPM_URL/api/tokens" -H "Content-Type: application/json" -d "$AUTH_JSON")
|
|
TOKEN=$(echo "$TOKEN_RESPONSE" | jq -r '.token // empty' 2>/dev/null || true)
|
|
if [[ -z "$TOKEN" || "$TOKEN" == "null" ]]; then
|
|
echo "❌ NPM authentication failed" >&2
|
|
exit 1
|
|
fi
|
|
|
|
PROXY_HOSTS_JSON=$(curl_npm -X GET "$NPM_URL/api/nginx/proxy-hosts" -H "Authorization: Bearer $TOKEN")
|
|
HOST_ID=$(echo "$PROXY_HOSTS_JSON" | jq -r --arg d "$DOMAIN" '.[] | select(.domain_names[]? == $d) | .id' 2>/dev/null | head -1 || true)
|
|
|
|
if [[ -n "${HOST_ID:-}" && "$HOST_ID" != "null" ]]; then
|
|
echo "✓ Proxy host already exists: $DOMAIN (id=$HOST_ID)"
|
|
exit 0
|
|
fi
|
|
|
|
CREATE_PAYLOAD=$(jq -n \
|
|
--arg domain "$DOMAIN" \
|
|
--arg forward_host "$FORWARD_HOST" \
|
|
--argjson forward_port "$FORWARD_PORT" \
|
|
'{
|
|
domain_names: [$domain],
|
|
forward_scheme: "http",
|
|
forward_host: $forward_host,
|
|
forward_port: ($forward_port | tonumber),
|
|
allow_websocket_upgrade: false,
|
|
certificate_id: null,
|
|
ssl_forced: false
|
|
}')
|
|
|
|
RESPONSE=$(curl_npm -X POST "$NPM_URL/api/nginx/proxy-hosts" \
|
|
-H "Authorization: Bearer $TOKEN" \
|
|
-H "Content-Type: application/json" \
|
|
-d "$CREATE_PAYLOAD")
|
|
|
|
NEW_ID=$(echo "$RESPONSE" | jq -r '.id // empty' 2>/dev/null || true)
|
|
if [[ -n "$NEW_ID" && "$NEW_ID" != "null" ]]; then
|
|
echo "✓ Created $DOMAIN → http://${FORWARD_HOST}:${FORWARD_PORT} (proxy host id=$NEW_ID)"
|
|
echo " Next: deploy static files to upstream (see CyberSecur-Global/deploy/) and request SSL in NPM or run request-npmplus-certificates.sh"
|
|
else
|
|
echo "❌ Failed: $(echo "$RESPONSE" | jq -c . 2>/dev/null || echo "$RESPONSE")" >&2
|
|
exit 1
|
|
fi
|