tony
/
mb-admin
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Revert Changes

main
Anthony 2025-03-22 02:11:15 +08:00
parent f58d45c72a
commit 4e72425579
2 changed files with 2 additions and 462 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

165
mbadmin.jps
View File

@ -137,28 +137,6 @@ menu:
action: check_domain_ip action: check_domain_ip
settings: checkDomainConfig settings: checkDomainConfig
successText: "${response.out}" successText: "${response.out}"
- confirmText: Are you sure you want to remove the SSL certificate for this domain?
loadingText: Removing SSL Certificate...
caption: Remove SSL Certificate
action: remove_ssl_cert
settings: sslRemoveConfig
successText: "SSL certificate for '${settings.domain}' has been successfully removed."
- confirmText: Do you want to fix LiteSpeed configuration XML tags?
loadingText: Fixing LiteSpeed Configuration...
caption: Fix LiteSpeed XML
action: fix_litespeed_xml
successText: "LiteSpeed configuration XML tags have been fixed."
- confirmText: Do you want to analyze the LiteSpeed configuration?
loadingText: Analyzing LiteSpeed configuration...
caption: Diagnose LiteSpeed Config
action: diagnose_litespeed_config
successText: "LiteSpeed configuration analysis complete."
- confirmText: Clean up certificate references in shared listeners?
loadingText: Cleaning up certificate references...
caption: Clean Certificate References
action: clean_cert_references
settings: cleanCertConfig
successText: "Certificate references have been cleaned up."
settings: settings:
checkDomainConfig: checkDomainConfig:
@ -278,20 +256,6 @@ settings:
type: text type: text
caption: Email Address caption: Email Address
required: true required: true
sslRemoveConfig:
submitUnchanged: true
fields:
- name: domainremove
type: text
caption: Domain Name
required: true
cleanCertConfig:
submitUnchanged: true
fields:
- name: domain
type: text
caption: Domain Name
required: true
actions: actions:
dynamic_wp_cli: dynamic_wp_cli:
@ -606,135 +570,6 @@ actions:
- return: - return:
type: info type: info
message: "${response.out}" message: "${response.out}"
remove_ssl_cert:
- cmd[cp]:
user: root
commands:
- bash /home/litespeed/mbmanager/ssl-manager/ssl_manager.sh --domain="${settings.domainremove}" --remove-cert=yes --confirm=yes
- if: ${response.exitcode} == 0
return:
type: success
message: "SSL certificate for '${settings.domainremove}' has been successfully removed."
- else:
return:
type: error
message: "Failed to remove SSL certificate: ${response.out}"
fix_litespeed_xml:
- cmd[cp]:
user: root
commands:
- CONF_FILE="/var/www/conf/httpd_config.xml"
- echo "Backing up LiteSpeed configuration..."
- cp "$CONF_FILE" "${CONF_FILE}.backup.$(date +%Y%m%d%H%M%S)"
- echo "Fixing XML tag inconsistencies..."
- awk '{gsub(/<n>/, "<name>"); gsub(/<\/n>/, "</name>"); print}' "$CONF_FILE" > "${CONF_FILE}.new"
- cat "${CONF_FILE}.new" > "$CONF_FILE"
- rm "${CONF_FILE}.new"
- systemctl restart lsws
- return:
type: success
message: "LiteSpeed configuration XML tags have been normalized. The web server has been restarted."
diagnose_litespeed_config:
- cmd[cp]:
user: root
commands:
- |
CONF_FILE="/var/www/conf/httpd_config.xml"
echo "Analyzing LiteSpeed configuration tags..."
echo "-----------------------------------"
echo "Number of <n> tags: $(grep -c "<n>" $CONF_FILE)"
echo "Number of </n> tags: $(grep -c "</n>" $CONF_FILE)"
echo "Number of <name> tags: $(grep -c "<name>" $CONF_FILE)"
echo "Number of </name> tags: $(grep -c "</name>" $CONF_FILE)"
echo "-----------------------------------"
echo "First 5 instances of <n> tags:"
grep -n "<n>" $CONF_FILE | head -5
echo "-----------------------------------"
echo "Testing sed command effectiveness:"
cp $CONF_FILE /tmp/test_config.xml
sed -i 's/<n>/<name>/g' /tmp/test_config.xml
sed -i 's/<\/n>/<\/name>/g' /tmp/test_config.xml
echo "After sed, remaining <n> tags: $(grep -c "<n>" /tmp/test_config.xml)"
echo "After sed, remaining </n> tags: $(grep -c "</n>" /tmp/test_config.xml)"
echo "-----------------------------------"
- return:
type: info
message: "${response.out}"
clean_cert_references:
- cmd[cp]:
user: root
commands:
- |
DOMAIN="${settings.domain}"
CONF_FILE="/var/www/conf/httpd_config.xml"
BACKUP_FILE="${CONF_FILE}.bak.$(date +%Y%m%d%H%M%S)"
# Create backup
cp "$CONF_FILE" "$BACKUP_FILE"
echo "Created backup at $BACKUP_FILE"
# Create temp file for processing
TEMP_FILE=$(mktemp)
# Clean up certificate references
echo "Cleaning up certificate references for $DOMAIN..."
# Use awk to process the file
awk -v domain="$DOMAIN" '
BEGIN { in_listener = 0; is_shared = 0; }
/<listener>/ {
in_listener = 1;
print;
next;
}
in_listener && (/<name>HTTPS<\/name>/ || /<name>HTTPS-ipv6<\/name>/) {
is_shared = 1;
print;
next;
}
in_listener && is_shared && /<keyFile>.*live\/'"$DOMAIN"'\/.*<\/keyFile>/ {
print " <keyFile>/var/www/conf/default.key</keyFile>";
next;
}
in_listener && is_shared && /<certFile>.*live\/'"$DOMAIN"'\/.*<\/certFile>/ {
print " <certFile>/var/www/conf/default.crt</certFile>";
next;
}
/<\/listener>/ {
in_listener = 0;
is_shared = 0;
print;
next;
}
{ print; }
' "$CONF_FILE" > "$TEMP_FILE"
# Verify the file is valid
if grep -q "<httpServerConfig>" "$TEMP_FILE" && grep -q "</httpServerConfig>" "$TEMP_FILE"; then
# Apply changes
cat "$TEMP_FILE" > "$CONF_FILE"
rm -f "$TEMP_FILE"
echo "Certificate references cleaned up successfully."
# Restart LiteSpeed
echo "Restarting LiteSpeed..."
systemctl restart lsws
else
echo "ERROR: Generated config is invalid. Keeping original configuration."
rm -f "$TEMP_FILE"
exit 1
fi
- return:
type: success
message: "Certificate references for '${settings.domain}' have been cleaned up from shared listeners."
responses: responses:
enableSuccess: enableSuccess:

299
scripts/ssl-manager/ssl_manager.sh
View File

@ -122,26 +122,16 @@ update_litespeed_config() {
cp "$config_file" "$backup_file" cp "$config_file" "$backup_file"
log "Created backup of LiteSpeed configuration at $backup_file" log "Created backup of LiteSpeed configuration at $backup_file"
# Normalize XML tags - replace <n> with <name> throughout the config
log "Normalizing XML tags in configuration..."
if grep -q "<n>" "$config_file"; then
log "Found <n> tags in config, normalizing to <name>..."
sed -i 's/<n>/<name>/g' "$config_file"
sed -i 's/<\/n>/<\/name>/g' "$config_file"
fi
# Clean up any redundant listeners for this domain # Clean up any redundant listeners for this domain
cleanup_redundant_listeners "$config_file" "$DOMAIN" cleanup_redundant_listeners "$config_file" "$DOMAIN"
# Create domain-specific virtual host - MUST create before listener so it exists # Create domain-specific virtual host
log "Creating domain-specific virtual host for $DOMAIN..."
if ! create_domain_virtual_host "$DOMAIN"; then if ! create_domain_virtual_host "$DOMAIN"; then
log "ERROR: Failed to create virtual host for $DOMAIN. Aborting configuration update." log "ERROR: Failed to create virtual host for $DOMAIN. Aborting configuration update."
return 1 return 1
fi fi
# Create domain-specific listener - depends on virtual host already existing # Create domain-specific listener
log "Creating domain-specific listener for $DOMAIN..."
if ! create_domain_listener "$DOMAIN"; then if ! create_domain_listener "$DOMAIN"; then
log "ERROR: Failed to create listener for $DOMAIN. Aborting configuration update." log "ERROR: Failed to create listener for $DOMAIN. Aborting configuration update."
return 1 return 1
@ -726,272 +716,6 @@ restart_litespeed() {
return 0 return 0
} }
# Function to remove SSL certificate and its configuration
remove_ssl_certificate() {
local domain="$1"
local confirm="${2:-no}"
if [[ -z "$domain" ]]; then
log "Error: Domain parameter is required for certificate removal."
return 1
fi
# Check if certificate exists
if [[ ! -d "/etc/letsencrypt/live/$domain" && ! -d "/etc/letsencrypt/archive/$domain" ]]; then
log "Certificate for $domain not found. Nothing to remove."
return 1
fi
# Confirm removal if not forced
if [[ "$confirm" != "yes" ]]; then
log "WARNING: This will remove the SSL certificate for $domain and update LiteSpeed configuration."
log "Please run again with --confirm=yes to proceed with removal."
return 1
fi
log "Starting removal of SSL certificate for $domain..."
# 1. Backup LiteSpeed configuration before making changes
local config_file="/var/www/conf/httpd_config.xml"
local vhost_config="/var/www/conf/vhconf.xml"
local timestamp=$(date +%Y%m%d%H%M%S)
local backup_file="${config_file}.removal.${timestamp}"
local vhost_backup="${vhost_config}.removal.${timestamp}"
cp "$config_file" "$backup_file"
log "Created backup of LiteSpeed configuration at $backup_file"
if [ -f "$vhost_config" ]; then
cp "$vhost_config" "$vhost_backup"
log "Created backup of virtual host configuration at $vhost_backup"
fi
# 2. Remove domain-specific listener from LiteSpeed configuration
log "Removing domain-specific listener from LiteSpeed configuration..."
local temp_file=$(mktemp)
if [ ! -f "$temp_file" ]; then
log "ERROR: Failed to create temporary file for configuration update."
return 1
fi
# Remove the HTTPS-domain listener section
local domain_pattern="HTTPS-${domain}"
awk -v domain="$domain" -v pattern="$domain_pattern" '
BEGIN { skip = 0; }
$0 ~ pattern,/<\/listener>/ {
if ($0 ~ pattern) {
skip = 1;
print "<!-- Listener for " domain " removed by ssl_manager.sh -->";
}
if ($0 ~ /<\/listener>/ && skip == 1) {
skip = 0;
next;
}
if (skip) next;
}
{ if (!skip) print; }
' "$config_file" > "$temp_file"
# 3. Remove from domain-specific virtual host if it exists
log "Removing domain-specific virtual host if it exists..."
local vhost_name="${domain//[.]/_}"
# Check if virtualhost exists (safer approach)
if grep -q "$vhost_name" "$config_file"; then
# Process only if virtual host might exist
local vhost_pattern="$vhost_name"
awk -v vhost="$vhost_name" -v pattern="$vhost_pattern" '
BEGIN { skip = 0; }
$0 ~ pattern,/<\/virtualHost>/ {
if ($0 ~ pattern) {
skip = 1;
print "<!-- VirtualHost for " vhost " removed by ssl_manager.sh -->";
}
if ($0 ~ /<\/virtualHost>/ && skip == 1) {
skip = 0;
next;
}
if (skip) next;
}
{ if (!skip) print; }
' "$temp_file" > "${temp_file}.new"
else
log "No virtual host found for ${vhost_name}, skipping this step.";
cp "$temp_file" "${temp_file}.new"
fi
# 4. Remove any domain mappings from shared listeners
log "Removing domain mappings from shared listeners..."
awk -v domain="$domain" '
BEGIN { in_vhostmap = 0; skip_vhostmap = 0; vhostmap_buffer = ""; }
/<vhostMap>/ {
in_vhostmap = 1;
vhostmap_buffer = $0 "\n";
next;
}
in_vhostmap == 1 {
vhostmap_buffer = vhostmap_buffer $0 "\n";
if ($0 ~ /<domain>'"$domain"'<\/domain>/) {
skip_vhostmap = 1;
}
if ($0 ~ /<\/vhostMap>/) {
if (skip_vhostmap == 0) {
printf "%s", vhostmap_buffer;
} else {
print "<!-- Domain mapping for " domain " removed -->";
}
in_vhostmap = 0;
skip_vhostmap = 0;
vhostmap_buffer = "";
}
next;
}
{ print; }
' "${temp_file}.new" > "${temp_file}.final"
# 4a. Clean up certificate references in shared listeners
log "Cleaning up certificate references in shared listeners..."
local cert_path="/etc/letsencrypt/live/$domain/"
# Create a temporary file for processing
local cert_cleanup_temp=$(mktemp)
# Replace certificate paths in shared listeners
awk -v domain="$domain" -v cert_path="$cert_path" '
# Inside a listener section
/<listener>/,/<\/listener>/ {
# Look for HTTPS or HTTPS-ipv6 listeners (shared listeners)
if ($0 ~ /<name>(HTTPS|HTTPS-ipv6)<\/name>/ || $0 ~ /<n>(HTTPS|HTTPS-ipv6)<\/n>/) {
in_shared_listener = 1;
}
# If in shared listener and line contains certificate paths for this domain, replace them
if (in_shared_listener && $0 ~ cert_path) {
if ($0 ~ /keyFile/) {
print " <keyFile>/var/www/conf/default.key</keyFile>";
next;
}
if ($0 ~ /certFile/) {
print " <certFile>/var/www/conf/default.crt</certFile>";
next;
}
}
# End of listener section
if ($0 ~ /<\/listener>/) {
in_shared_listener = 0;
}
}
# Print all other lines unchanged
{ print; }
' "${temp_file}.final" > "$cert_cleanup_temp"
# If the temporary file is valid, use it
if [ -s "$cert_cleanup_temp" ] && grep -q "<httpServerConfig>" "$cert_cleanup_temp"; then
mv "$cert_cleanup_temp" "${temp_file}.final"
log "Certificate references in shared listeners cleaned up."
else
log "WARNING: Failed to clean up certificate references. Keeping original configuration."
rm -f "$cert_cleanup_temp"
fi
# Verify the processed file is valid
if [ ! -s "${temp_file}.final" ]; then
log "ERROR: Generated configuration is empty. Keeping original configuration."
rm -f "$temp_file" "${temp_file}.new" "${temp_file}.final"
return 1
fi
# Check for basic XML validity (main structure tags)
if ! grep -q "<httpServerConfig>" "${temp_file}.final" || ! grep -q "</httpServerConfig>" "${temp_file}.final"; then
log "ERROR: Generated configuration appears invalid. Keeping original configuration."
rm -f "$temp_file" "${temp_file}.new" "${temp_file}.final"
return 1
fi
# Apply changes
cp "${temp_file}.final" "$config_file"
rm -f "$temp_file" "${temp_file}.new" "${temp_file}.final"
# 5. Clean up any references in vhconf.xml files
log "Cleaning up references in vhost configuration files..."
find /var/www/conf -name "vhconf.xml" -type f -exec grep -l "$domain" {} \; | while read vhconf_file; do
log "Cleaning references in $vhconf_file..."
sed -i "/$domain/d" "$vhconf_file"
done
# 6. Use certbot to revoke and delete the certificate
log "Revoking and removing certificate using Certbot..."
if certbot revoke --cert-name "$domain" --delete-after-revoke --non-interactive; then
log "Certificate for $domain successfully revoked and removed."
else
# If certbot revoke fails, try direct removal
log "Certbot revoke failed. Attempting direct removal of certificate files..."
rm -rf "/etc/letsencrypt/live/$domain" "/etc/letsencrypt/archive/$domain" "/etc/letsencrypt/renewal/$domain.conf"
# Remove any symlinks that might point to the domain
find /etc/letsencrypt -type l -exec ls -l {} \; | grep "$domain" | cut -d " " -f 9 | xargs -r rm
log "Certificate files for $domain removed directly."
fi
# 7. Clean up Apache configuration if exists (some servers might have Apache installed)
if [ -d "/etc/apache2" ]; then
log "Checking for Apache configuration references..."
find /etc/apache2 -name "*.conf" -type f -exec grep -l "$domain" {} \; | while read apache_conf; do
log "Cleaning references in $apache_conf..."
sed -i "/$domain/d" "$apache_conf"
done
elif [ -d "/etc/httpd" ]; then
log "Checking for Apache configuration references..."
find /etc/httpd -name "*.conf" -type f -exec grep -l "$domain" {} \; | while read apache_conf; do
log "Cleaning references in $apache_conf..."
sed -i "/$domain/d" "$apache_conf"
done
fi
# 8. Clean up LiteSpeed logs for this domain
log "Cleaning up log files for $domain..."
if [ -d "/var/log/lsws/" ]; then
find /var/log/lsws/ -name "*$domain*" -type f -delete 2>/dev/null || true
else
log "LiteSpeed log directory '/var/log/lsws/' not found, skipping log cleanup."
fi
# 9. Clean related cache files
log "Cleaning related cache files..."
if [ -d "/var/www/webroot/ROOT/.well-known/acme-challenge/" ]; then
find /var/www/webroot/ROOT/.well-known/acme-challenge/ -type f -delete 2>/dev/null || true
else
log "ACME challenge directory not found, skipping cache cleanup."
fi
# 10. Restart LiteSpeed only if it's running and configuration was changed
local config_changed=false
if grep -q "removed by ssl_manager.sh" "$config_file"; then
config_changed=true
fi
if $config_changed; then
log "Configuration changes detected. Restarting LiteSpeed to apply changes..."
if restart_litespeed; then
log "LiteSpeed restarted successfully after certificate removal."
else
log "WARNING: Failed to restart LiteSpeed after certificate removal. Manual restart may be required."
# Don't return error, continue with the successful certificate removal
fi
else
log "No configuration changes detected. Skipping LiteSpeed restart."
fi
# 11. Send email notification if configured
send_email "$domain SSL Certificate Removed" "The SSL certificate for $domain has been successfully removed from the server and all related configuration has been cleaned up."
log "SSL certificate removal completed successfully for $domain."
return 0
}
# Parse input parameters # Parse input parameters
for arg in "$@"; do for arg in "$@"; do
case $arg in case $arg in
@ -1004,12 +728,6 @@ for arg in "$@"; do
--email=*) --email=*)
EMAIL="${arg#*=}" EMAIL="${arg#*=}"
;; ;;
--remove-cert=*)
REMOVE_CERT="${arg#*=}"
;;
--confirm=*)
CONFIRM="${arg#*=}"
;;
*) *)
echo "Invalid argument: $arg" echo "Invalid argument: $arg"
exit 1 exit 1
@ -1017,14 +735,6 @@ for arg in "$@"; do
esac esac
done done
# Check for certificate removal request
if [[ -n "${REMOVE_CERT:-}" ]]; then
if [[ "${REMOVE_CERT}" == "yes" ]]; then
remove_ssl_certificate "${DOMAIN}" "${CONFIRM:-no}"
exit $?
fi
fi
# Input validation # Input validation
log "Validating inputs..." log "Validating inputs..."
if [[ -z "${PUBLIC_IP:-}" || -z "${DOMAIN:-}" ]]; then if [[ -z "${PUBLIC_IP:-}" || -z "${DOMAIN:-}" ]]; then
@ -1092,11 +802,6 @@ install_xml_tools
if $CERTBOT_CMD; then if $CERTBOT_CMD; then
log "SSL certificate issued successfully for $DOMAIN." log "SSL certificate issued successfully for $DOMAIN."
# Fix any inconsistent XML tags first
log "Ensuring XML tag consistency in LiteSpeed configuration..."
sed -i 's/<n>/<name>/g' /var/www/conf/httpd_config.xml
sed -i 's/<\/n>/<\/name>/g' /var/www/conf/httpd_config.xml
# Update LiteSpeed config with enhanced safety # Update LiteSpeed config with enhanced safety
if update_litespeed_config; then if update_litespeed_config; then
restart_litespeed restart_litespeed