new changes for purge litespeed
parent
0e9bced53c
commit
905ff5ebab
32
mbadmin.jps
32
mbadmin.jps
|
|
@ -32,6 +32,9 @@ onInstall:
|
|||
# Download CA trust repair script
|
||||
- curl -OL https://deploy.mightybox.io/tony/mb-admin/raw/branch/main/scripts/fix-cert-trust.sh
|
||||
- if [ ! -f fix-cert-trust.sh ]; then echo "Failed to download fix-cert-trust.sh"; exit 1; fi
|
||||
# Download self-signed certificate generator
|
||||
- curl -OL https://deploy.mightybox.io/tony/mb-admin/raw/branch/main/scripts/generate-self-signed-cert.sh
|
||||
- if [ ! -f generate-self-signed-cert.sh ]; then echo "Failed to download generate-self-signed-cert.sh"; exit 1; fi
|
||||
# Download LiteSpeed scripts with verification
|
||||
- curl -OL https://deploy.mightybox.io/tony/mb-admin/raw/branch/main/scripts/check_litespeed.php
|
||||
- if [ ! -f check_litespeed.php ]; then echo "Failed to download check_litespeed.php"; exit 1; fi
|
||||
|
|
@ -257,6 +260,12 @@ menu:
|
|||
action: fix_cert_trust
|
||||
settings: fixCertTrustConfig
|
||||
successText: "Certificate trust repair completed for '${settings.domain}'."
|
||||
- confirmText: Generate a temporary self-signed certificate for this domain?
|
||||
loadingText: Generating self-signed certificate...
|
||||
caption: Generate Self-Signed Cert (Staging)
|
||||
action: gen_self_signed
|
||||
settings: selfSignedConfig
|
||||
successText: "Self-signed certificate generated for '${settings.domain}'."
|
||||
- confirmText: Check if the domain is resolving to the expected IP address?
|
||||
loadingText: Checking Domain...
|
||||
caption: Check Domain IP
|
||||
|
|
@ -461,6 +470,21 @@ settings:
|
|||
type: text
|
||||
caption: Keys Directory
|
||||
default: "/var/lib/jelastic/keys"
|
||||
selfSignedConfig:
|
||||
submitUnchanged: true
|
||||
fields:
|
||||
- name: domain
|
||||
type: text
|
||||
caption: Domain Name
|
||||
required: true
|
||||
- name: days
|
||||
type: text
|
||||
caption: Validity (days)
|
||||
default: "30"
|
||||
- name: keys_dir
|
||||
type: text
|
||||
caption: Keys Directory
|
||||
default: "/var/lib/jelastic/keys"
|
||||
redisObjectCacheConfig:
|
||||
submitUnchanged: true
|
||||
fields:
|
||||
|
|
@ -933,6 +957,14 @@ actions:
|
|||
- return:
|
||||
type: info
|
||||
message: "${response.out}"
|
||||
gen_self_signed:
|
||||
- cmd[cp]:
|
||||
user: root
|
||||
commands:
|
||||
- bash /home/litespeed/mbmanager/scripts/generate-self-signed-cert.sh "${settings.domain}" "${settings.days}" "${settings.keys_dir}"
|
||||
- return:
|
||||
type: info
|
||||
message: "${response.out}"
|
||||
diagnose_litespeed_config:
|
||||
- cmd[cp]:
|
||||
user: root
|
||||
|
|
|
|||
|
|
@ -0,0 +1,78 @@
|
|||
#!/bin/bash
|
||||
set -euo pipefail
|
||||
|
||||
# Generate a temporary self-signed TLS certificate for a domain.
|
||||
# Intended for staging environments on AlmaLinux/RHEL/CentOS.
|
||||
#
|
||||
# Usage: generate-self-signed-cert.sh <domain> [days] [keys_dir]
|
||||
# domain FQDN, e.g. example.staging.local
|
||||
# days Validity in days (default: 30)
|
||||
# keys_dir Directory to write keys/certs (default: /var/lib/jelastic/keys)
|
||||
|
||||
DOMAIN="${1:-}"
|
||||
DAYS="${2:-30}"
|
||||
KEYS_DIR="${3:-/var/lib/jelastic/keys}"
|
||||
|
||||
if [[ -z "$DOMAIN" ]]; then
|
||||
echo "Usage: $0 <domain> [days] [keys_dir]" >&2
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if ! command -v openssl >/dev/null 2>&1; then
|
||||
echo "[ERROR] openssl not found. Please install openssl." >&2
|
||||
exit 2
|
||||
fi
|
||||
|
||||
mkdir -p "$KEYS_DIR"
|
||||
cd "$KEYS_DIR"
|
||||
|
||||
KEY_FILE="${DOMAIN}.key"
|
||||
CRT_FILE="${DOMAIN}.cer"
|
||||
CHAIN_FILE="${DOMAIN}.fullchain.pem"
|
||||
|
||||
echo "[INFO] Generating RSA key (${KEY_FILE})…"
|
||||
openssl genrsa -out "$KEY_FILE" 2048 >/dev/null 2>&1
|
||||
|
||||
TMP_CONF=$(mktemp)
|
||||
cat >"$TMP_CONF" <<CONF
|
||||
[req]
|
||||
distinguished_name = req_distinguished_name
|
||||
x509_extensions = v3_req
|
||||
prompt = no
|
||||
|
||||
[req_distinguished_name]
|
||||
CN = ${DOMAIN}
|
||||
|
||||
[v3_req]
|
||||
keyUsage = digitalSignature, keyEncipherment
|
||||
extendedKeyUsage = serverAuth
|
||||
subjectAltName = @alt_names
|
||||
|
||||
[alt_names]
|
||||
DNS.1 = ${DOMAIN}
|
||||
DNS.2 = www.${DOMAIN}
|
||||
CONF
|
||||
|
||||
echo "[INFO] Creating self-signed certificate valid for ${DAYS} days (${CRT_FILE})…"
|
||||
openssl req -x509 -new -nodes -key "$KEY_FILE" -sha256 -days "$DAYS" -out "$CRT_FILE" -config "$TMP_CONF" >/dev/null 2>&1
|
||||
rm -f "$TMP_CONF"
|
||||
|
||||
# Build a fullchain (for self-signed, it's just the leaf repeated for compatibility)
|
||||
cat "$CRT_FILE" > "$CHAIN_FILE"
|
||||
|
||||
# Maintain generic filenames used by other tooling
|
||||
cp -f "$CRT_FILE" cert.pem
|
||||
cp -f "$CHAIN_FILE" fullchain.pem
|
||||
cp -f "$CRT_FILE" ca.cer
|
||||
|
||||
chmod 0644 "$CRT_FILE" "$CHAIN_FILE" cert.pem fullchain.pem ca.cer
|
||||
chmod 0600 "$KEY_FILE"
|
||||
|
||||
echo "[SUCCESS] Self-signed certificate created:"
|
||||
echo " Key: $KEYS_DIR/$KEY_FILE"
|
||||
echo " Cert: $KEYS_DIR/$CRT_FILE"
|
||||
echo " Fullchain: $KEYS_DIR/$CHAIN_FILE"
|
||||
echo "[NOTE] Apply/reload your web server to use the new certificate."
|
||||
|
||||
exit 0
|
||||
|
||||
Loading…
Reference in New Issue