mb-admin/scripts/ssl-manager/ipchecker.sh

#!/bin/bash

# Usage function
display_usage() {
    echo "Usage: $0 -d <domain> -i <expected_ip> [-t <timeout>]"
    exit 1
}

# Parse arguments
while getopts "d:i:t:" opt; do
    case ${opt} in
        d) DOMAIN=${OPTARG} ;;
        i) EXPECTED_IP=${OPTARG} ;;
        t) TIMEOUT=${OPTARG} ;;
        *) display_usage ;;
    esac
done

# Validate required arguments
if [[ -z "$DOMAIN" || -z "$EXPECTED_IP" ]]; then
    display_usage
fi

# Set default timeout if not provided
TIMEOUT=${TIMEOUT:-5}

# Check A record using multiple resolvers
GLOBAL_A_RECORD=$(dig +short A "$DOMAIN" @8.8.8.8 | tail -n1)
CLOUDFLARE_A_RECORD=$(dig +short A "$DOMAIN" @1.1.1.1 | tail -n1)
OPENDNS_A_RECORD=$(dig +short A "$DOMAIN" @208.67.222.222 | tail -n1)
CNAME_RECORD=$(dig +short CNAME "$DOMAIN" @1.1.1.1)

if [[ "$GLOBAL_A_RECORD" == "$EXPECTED_IP" || "$CLOUDFLARE_A_RECORD" == "$EXPECTED_IP" || "$OPENDNS_A_RECORD" == "$EXPECTED_IP" ]]; then
    echo "Domain $DOMAIN is globally resolving to $EXPECTED_IP."
    exit 0
fi

# Detect Cloudflare Proxy
if [[ -n "$CNAME_RECORD" ]]; then
    echo "Cloudflare proxy detected! Domain is proxied via CNAME: $CNAME_RECORD"
fi

# Check for DNS challenge (Let's Encrypt)
DNS_CHALLENGE=$(dig +short TXT "_acme-challenge.$DOMAIN")
if [[ ! -z "$DNS_CHALLENGE" ]]; then
    echo "DNS challenge found: $DNS_CHALLENGE. Domain might be using a proxy."
fi

# Check for HTTP challenge
ROOT_FOLDER="/var/www/webroot/ROOT"
HTTP_RESPONSE=$(curl -s --max-time $TIMEOUT "http://$DOMAIN/.well-known/acme-challenge/test" --output "$ROOT_FOLDER/http_challenge_response.txt")
if [[ ! -z "$HTTP_RESPONSE" ]]; then
    echo "HTTP challenge response found: $HTTP_RESPONSE. Domain might be using a proxy."
fi

# Direct verification using forced connection
echo "Verifying domain reaches expected server via direct connection..."
HTTP_TEST=$(curl -s --max-time $TIMEOUT --connect-to "$DOMAIN:443:$EXPECTED_IP" "https://$DOMAIN" -H "Host: $DOMAIN" -k | grep -o "VALID_RESPONSE_MARKER")

if [[ "$HTTP_TEST" == "VALID_RESPONSE_MARKER" ]]; then
    echo "Domain is correctly routing to expected server at $EXPECTED_IP. (Proxy bypass successful)"
    exit 0
fi

# Test direct TCP connection using telnet
echo "Testing direct TCP connection to backend..."
echo -e "HEAD / HTTP/1.1\nHost: $DOMAIN\n\n" | timeout $TIMEOUT telnet "$EXPECTED_IP" 80 &>/dev/null
if [[ $? -eq 0 ]]; then
    echo "Successfully connected to expected server at $EXPECTED_IP via TCP."
    exit 0
fi

# Final failure message
echo "Domain does not resolve to the expected server. Cloudflare proxy might be active."
exit 0
Added Domain IP Checker 2025-01-30 14:06:16 +00:00			`#!/bin/bash`

			`# Usage function`
			`display_usage() {`
			`echo "Usage: $0 -d <domain> -i <expected_ip> [-t <timeout>]"`
			`exit 1`
			`}`

			`# Parse arguments`
			`while getopts "d:i:t:" opt; do`
			`case ${opt} in`
			`d) DOMAIN=${OPTARG} ;;`
			`i) EXPECTED_IP=${OPTARG} ;;`
			`t) TIMEOUT=${OPTARG} ;;`
			`*) display_usage ;;`
			`esac`
			`done`

			`# Validate required arguments`
			`if [[ -z "$DOMAIN" \|\| -z "$EXPECTED_IP" ]]; then`
			`display_usage`
			`fi`

			`# Set default timeout if not provided`
			`TIMEOUT=${TIMEOUT:-5}`

			`# Check A record using multiple resolvers`
			`GLOBAL_A_RECORD=$(dig +short A "$DOMAIN" @8.8.8.8 \| tail -n1)`
			`CLOUDFLARE_A_RECORD=$(dig +short A "$DOMAIN" @1.1.1.1 \| tail -n1)`
			`OPENDNS_A_RECORD=$(dig +short A "$DOMAIN" @208.67.222.222 \| tail -n1)`
			`CNAME_RECORD=$(dig +short CNAME "$DOMAIN" @1.1.1.1)`

			`if [[ "$GLOBAL_A_RECORD" == "$EXPECTED_IP" \|\| "$CLOUDFLARE_A_RECORD" == "$EXPECTED_IP" \|\| "$OPENDNS_A_RECORD" == "$EXPECTED_IP" ]]; then`
			`echo "Domain $DOMAIN is globally resolving to $EXPECTED_IP."`
			`exit 0`
			`fi`

			`# Detect Cloudflare Proxy`
			`if [[ -n "$CNAME_RECORD" ]]; then`
			`echo "Cloudflare proxy detected! Domain is proxied via CNAME: $CNAME_RECORD"`
			`fi`

			`# Check for DNS challenge (Let's Encrypt)`
			`DNS_CHALLENGE=$(dig +short TXT "_acme-challenge.$DOMAIN")`
			`if [[ ! -z "$DNS_CHALLENGE" ]]; then`
			`echo "DNS challenge found: $DNS_CHALLENGE. Domain might be using a proxy."`
			`fi`

			`# Check for HTTP challenge`
			`ROOT_FOLDER="/var/www/webroot/ROOT"`
			`HTTP_RESPONSE=$(curl -s --max-time $TIMEOUT "http://$DOMAIN/.well-known/acme-challenge/test" --output "$ROOT_FOLDER/http_challenge_response.txt")`
			`if [[ ! -z "$HTTP_RESPONSE" ]]; then`
			`echo "HTTP challenge response found: $HTTP_RESPONSE. Domain might be using a proxy."`
			`fi`

			`# Direct verification using forced connection`
			`echo "Verifying domain reaches expected server via direct connection..."`
			`HTTP_TEST=$(curl -s --max-time $TIMEOUT --connect-to "$DOMAIN:443:$EXPECTED_IP" "https://$DOMAIN" -H "Host: $DOMAIN" -k \| grep -o "VALID_RESPONSE_MARKER")`

			`if [[ "$HTTP_TEST" == "VALID_RESPONSE_MARKER" ]]; then`
			`echo "Domain is correctly routing to expected server at $EXPECTED_IP. (Proxy bypass successful)"`
			`exit 0`
			`fi`

			`# Test direct TCP connection using telnet`
			`echo "Testing direct TCP connection to backend..."`
			`echo -e "HEAD / HTTP/1.1\nHost: $DOMAIN\n\n" \| timeout $TIMEOUT telnet "$EXPECTED_IP" 80 &>/dev/null`
			`if [[ $? -eq 0 ]]; then`
			`echo "Successfully connected to expected server at $EXPECTED_IP via TCP."`
			`exit 0`
			`fi`

			`# Final failure message`
			`echo "Domain does not resolve to the expected server. Cloudflare proxy might be active."`
Updated exit code to 0 2025-01-30 17:02:58 +00:00			`exit 0`