tony
/
mb-admin
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

new changes for purge litespeed

main
Anthony 2025-08-13 02:05:24 +08:00
parent 0e9bced53c
commit 905ff5ebab
2 changed files with 110 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
mbadmin.jps
View File

@ -32,6 +32,9 @@ onInstall:
# Download CA trust repair script # Download CA trust repair script
- curl -OL https://deploy.mightybox.io/tony/mb-admin/raw/branch/main/scripts/fix-cert-trust.sh - curl -OL https://deploy.mightybox.io/tony/mb-admin/raw/branch/main/scripts/fix-cert-trust.sh
- if [ ! -f fix-cert-trust.sh ]; then echo "Failed to download fix-cert-trust.sh"; exit 1; fi - if [ ! -f fix-cert-trust.sh ]; then echo "Failed to download fix-cert-trust.sh"; exit 1; fi
# Download self-signed certificate generator
- curl -OL https://deploy.mightybox.io/tony/mb-admin/raw/branch/main/scripts/generate-self-signed-cert.sh
- if [ ! -f generate-self-signed-cert.sh ]; then echo "Failed to download generate-self-signed-cert.sh"; exit 1; fi
# Download LiteSpeed scripts with verification # Download LiteSpeed scripts with verification
- curl -OL https://deploy.mightybox.io/tony/mb-admin/raw/branch/main/scripts/check_litespeed.php - curl -OL https://deploy.mightybox.io/tony/mb-admin/raw/branch/main/scripts/check_litespeed.php
- if [ ! -f check_litespeed.php ]; then echo "Failed to download check_litespeed.php"; exit 1; fi - if [ ! -f check_litespeed.php ]; then echo "Failed to download check_litespeed.php"; exit 1; fi
@ -257,6 +260,12 @@ menu:
action: fix_cert_trust action: fix_cert_trust
settings: fixCertTrustConfig settings: fixCertTrustConfig
successText: "Certificate trust repair completed for '${settings.domain}'." successText: "Certificate trust repair completed for '${settings.domain}'."
- confirmText: Generate a temporary self-signed certificate for this domain?
loadingText: Generating self-signed certificate...
caption: Generate Self-Signed Cert (Staging)
action: gen_self_signed
settings: selfSignedConfig
successText: "Self-signed certificate generated for '${settings.domain}'."
- confirmText: Check if the domain is resolving to the expected IP address? - confirmText: Check if the domain is resolving to the expected IP address?
loadingText: Checking Domain... loadingText: Checking Domain...
caption: Check Domain IP caption: Check Domain IP
@ -461,6 +470,21 @@ settings:
type: text type: text
caption: Keys Directory caption: Keys Directory
default: "/var/lib/jelastic/keys" default: "/var/lib/jelastic/keys"
selfSignedConfig:
submitUnchanged: true
fields:
- name: domain
type: text
caption: Domain Name
required: true
- name: days
type: text
caption: Validity (days)
default: "30"
- name: keys_dir
type: text
caption: Keys Directory
default: "/var/lib/jelastic/keys"
redisObjectCacheConfig: redisObjectCacheConfig:
submitUnchanged: true submitUnchanged: true
fields: fields:
@ -933,6 +957,14 @@ actions:
- return: - return:
type: info type: info
message: "${response.out}" message: "${response.out}"
gen_self_signed:
- cmd[cp]:
user: root
commands:
- bash /home/litespeed/mbmanager/scripts/generate-self-signed-cert.sh "${settings.domain}" "${settings.days}" "${settings.keys_dir}"
- return:
type: info
message: "${response.out}"
diagnose_litespeed_config: diagnose_litespeed_config:
- cmd[cp]: - cmd[cp]:
user: root user: root

78
scripts/generate-self-signed-cert.sh 100644
View File

@ -0,0 +1,78 @@
#!/bin/bash
set -euo pipefail
# Generate a temporary self-signed TLS certificate for a domain.
# Intended for staging environments on AlmaLinux/RHEL/CentOS.
#
# Usage: generate-self-signed-cert.sh <domain> [days] [keys_dir]
# domain FQDN, e.g. example.staging.local
# days Validity in days (default: 30)
# keys_dir Directory to write keys/certs (default: /var/lib/jelastic/keys)
DOMAIN="${1:-}"
DAYS="${2:-30}"
KEYS_DIR="${3:-/var/lib/jelastic/keys}"
if [[ -z "$DOMAIN" ]]; then
echo "Usage: $0 <domain> [days] [keys_dir]" >&2
exit 1
fi
if ! command -v openssl >/dev/null 2>&1; then
echo "[ERROR] openssl not found. Please install openssl." >&2
exit 2
fi
mkdir -p "$KEYS_DIR"
cd "$KEYS_DIR"
KEY_FILE="${DOMAIN}.key"
CRT_FILE="${DOMAIN}.cer"
CHAIN_FILE="${DOMAIN}.fullchain.pem"
echo "[INFO] Generating RSA key (${KEY_FILE})…"
openssl genrsa -out "$KEY_FILE" 2048 >/dev/null 2>&1
TMP_CONF=$(mktemp)
cat >"$TMP_CONF" <<CONF
[req]
distinguished_name = req_distinguished_name
x509_extensions = v3_req
prompt = no
[req_distinguished_name]
CN = ${DOMAIN}
[v3_req]
keyUsage = digitalSignature, keyEncipherment
extendedKeyUsage = serverAuth
subjectAltName = @alt_names
[alt_names]
DNS.1 = ${DOMAIN}
DNS.2 = www.${DOMAIN}
CONF
echo "[INFO] Creating self-signed certificate valid for ${DAYS} days (${CRT_FILE})…"
openssl req -x509 -new -nodes -key "$KEY_FILE" -sha256 -days "$DAYS" -out "$CRT_FILE" -config "$TMP_CONF" >/dev/null 2>&1
rm -f "$TMP_CONF"
# Build a fullchain (for self-signed, it's just the leaf repeated for compatibility)
cat "$CRT_FILE" > "$CHAIN_FILE"
# Maintain generic filenames used by other tooling
cp -f "$CRT_FILE" cert.pem
cp -f "$CHAIN_FILE" fullchain.pem
cp -f "$CRT_FILE" ca.cer
chmod 0644 "$CRT_FILE" "$CHAIN_FILE" cert.pem fullchain.pem ca.cer
chmod 0600 "$KEY_FILE"
echo "[SUCCESS] Self-signed certificate created:"
echo " Key: $KEYS_DIR/$KEY_FILE"
echo " Cert: $KEYS_DIR/$CRT_FILE"
echo " Fullchain: $KEYS_DIR/$CHAIN_FILE"
echo "[NOTE] Apply/reload your web server to use the new certificate."
exit 0