tony
/
mb-admin
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Added ssl_manager and its meu, form and action

main
Anthony 2025-01-29 21:03:24 +08:00
parent 87080506c0
commit 919369eecc
2 changed files with 295 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

84
mbadmin.jps
View File

@ -1,6 +1,6 @@
type: update
id: mbadmin
version: '2.4'
version: '2.5'
name: MB Administration
description: Mighty Box Control Panel Administration
@ -11,22 +11,30 @@ onInstall:
- cmd[cp]:
user: root
commands:
# Ensure all directories exist
- mkdir -p /home/litespeed/mbmanager
- mkdir -p /home/litespeed/mbmanager/relay
- cd /home/litespeed/mbmanager
- curl -O https://deploy-proxy.mightybox.io/tony/mb-admin/raw/branch/main/scripts/litespeed_fetch_settings.sh
- curl -O https://deploy-proxy.mightybox.io/tony/mb-admin/raw/branch/main/scripts/litespeed_update_settings.sh
- curl -O https://deploy-proxy.mightybox.io/tony/mb-admin/raw/branch/main/scripts/update_opcache_settings.sh
- mkdir -p /home/litespeed/mbmanager/ssl-manager
# Download main scripts
- (cd /home/litespeed/mbmanager && curl -OL https://deploy-proxy.mightybox.io/tony/mb-admin/raw/branch/main/scripts/litespeed_fetch_settings.sh \
-OL https://deploy-proxy.mightybox.io/tony/mb-admin/raw/branch/main/scripts/litespeed_update_settings.sh \
-OL https://deploy-proxy.mightybox.io/tony/mb-admin/raw/branch/main/scripts/update_opcache_settings.sh)
- chmod +x /home/litespeed/mbmanager/*.sh
- cd /home/litespeed/mbmanager/relay
- curl -O https://deploy-proxy.mightybox.io/tony/mb-admin/raw/branch/main/scripts/relay/check_relay_installation.sh
- curl -O https://deploy-proxy.mightybox.io/tony/mb-admin/raw/branch/main/scripts/relay/check_relay_status.sh
- curl -O https://deploy-proxy.mightybox.io/tony/mb-admin/raw/branch/main/scripts/relay/disable_relay.sh
- curl -O https://deploy-proxy.mightybox.io/tony/mb-admin/raw/branch/main/scripts/relay/enable_relay.sh
- curl -O https://deploy-proxy.mightybox.io/tony/mb-admin/raw/branch/main/scripts/relay/flush_caches.sh
- curl -O https://deploy-proxy.mightybox.io/tony/mb-admin/raw/branch/main/scripts/relay/install_relay_ocp.sh
- curl -O https://deploy-proxy.mightybox.io/tony/mb-admin/raw/branch/main/scripts/relay/uninstall_relay.sh
# Download relay scripts
- (cd /home/litespeed/mbmanager/relay && curl -OL https://deploy-proxy.mightybox.io/tony/mb-admin/raw/branch/main/scripts/relay/check_relay_installation.sh \
-OL https://deploy-proxy.mightybox.io/tony/mb-admin/raw/branch/main/scripts/relay/check_relay_status.sh \
-OL https://deploy-proxy.mightybox.io/tony/mb-admin/raw/branch/main/scripts/relay/disable_relay.sh \
-OL https://deploy-proxy.mightybox.io/tony/mb-admin/raw/branch/main/scripts/relay/enable_relay.sh \
-OL https://deploy-proxy.mightybox.io/tony/mb-admin/raw/branch/main/scripts/relay/flush_caches.sh \
-OL https://deploy-proxy.mightybox.io/tony/mb-admin/raw/branch/main/scripts/relay/install_relay_ocp.sh \
-OL https://deploy-proxy.mightybox.io/tony/mb-admin/raw/branch/main/scripts/relay/uninstall_relay.sh)
- chmod +x /home/litespeed/mbmanager/relay/*.sh
# Download SSL manager script
- (cd /home/litespeed/mbmanager/ssl-manager && curl -OL https://deploy-proxy.mightybox.io/tony/mb-admin/raw/branch/main/scripts/ssl-manager/ssl_manager.sh)
- chmod +x /home/litespeed/mbmanager/ssl-manager/*.sh
# Install Certbot for AlmaLinux
- dnf install -y certbot
- dnf install -y python3-certbot-dns-cloudflare
menu:
- confirmText: Are you sure you want to execute this WP-CLI command?
@ -114,6 +122,12 @@ menu:
caption: DB Import Preparation
action: db_import_preparation
successText: "${response.out}"
- confirmText: Are you sure you want to issue an SSL certificate for this domain?
loadingText: Issuing SSL Certificate...
caption: Issue SSL Certificate
action: issue_ssl_cert
settings: sslCertConfig
successText: "SSL certificate for '${settings.domain}' has been issued successfully."
settings:
wpCliConfig:
@ -207,10 +221,26 @@ settings:
type: text
caption: TTL Feed (Seconds)
default: "7200"
sslCertConfig:
submitUnchanged: true
fields:
- name: public_ip
type: text
caption: Public IP Address
required: true
- name: domain
type: text
caption: Domain Name
required: true
- name: email
type: text
caption: Email Address
required: true
actions:
dynamic_wp_cli:
- cmd[cp]:
user: litespeed
commands:
- cd /var/www/webroot/ROOT/
- wp ${settings.wp_cli_command}
@ -226,6 +256,7 @@ actions:
message: "Directory synchronized successfully from '${settings.old_directory}' to '/var/www/webroot/ROOT/'."
search_replace_urls:
- cmd[cp]:
user: litespeed
commands:
- cd /var/www/webroot/ROOT/
- /home/litespeed/bin/wp search-replace '${settings.old_url}' '${settings.new_url}' --all-tables
@ -258,6 +289,7 @@ actions:
export_wp_db:
- cmd[cp]:
user: litespeed
commands:
- cd /var/www/webroot/ROOT/
- wp db export /var/www/webroot/ROOT/${settings.db_filename}.sql
@ -332,6 +364,7 @@ actions:
user: root
commands:
- bash /home/litespeed/mbmanager/update_opcache_settings.sh "${settings.memory_consumption}" "${settings.interned_strings_buffer}" "${settings.max_accelerated_files}" "${settings.revalidate_freq}"
- systemctl restart lsws
- restartNodes:
- nodeGroup: "cp"
reboot: true
@ -501,6 +534,14 @@ actions:
- return:
type: info
message: "${response.out}"
issue_ssl_cert:
- cmd[cp]:
user: root
commands:
- bash /home/litespeed/mbmanager/ssl-manager/ssl_manager.sh --public-ip="${settings.public_ip}" --domain="${settings.domain}" --email="${settings.email}"
- return:
type: info
message: "SSL certificate for '${settings.domain}' has been issued successfully."
responses:
enableSuccess:
@ -529,4 +570,17 @@ buttons:
- settings: litespeedConfig
action: litespeed_update_settings
caption: Update LiteSpeed Cache Settings
submitButtonText: Update Cache Settings
submitButtonText: Update Cache Settings
onUninstall:
- cmd[cp]:
user: root
commands:
# Remove all installed scripts
- rm -rf /home/litespeed/mbmanager/ssl-manager/*
- rm -rf /home/litespeed/mbmanager/relay/*
- rm -rf /home/litespeed/mbmanager/*
# Remove the parent directory if empty
- rmdir --ignore-fail-on-non-empty /home/litespeed/mbmanager || true
# Uninstall Certbot if no longer needed
- if command -v certbot > /dev/null; then dnf remove -y certbot python3-certbot-dns-cloudflare; fi

226
scripts/ssl-manager/ssl_manager.sh 100644
View File

@ -0,0 +1,226 @@
#!/bin/bash
set -euo pipefail
# Log file setup
LOG_DIR="/var/log/mb-ssl"
LOG_FILE="$LOG_DIR/ssl-manager.log"
mkdir -p "$LOG_DIR"
chmod 0755 "$LOG_DIR"
exec > >(tee -a "$LOG_FILE") 2>&1
# Function to log messages
log() {
echo "$(date '+%Y-%m-%d %H:%M:%S') $1"
}
# Function to send email via Postmark
send_email() {
local subject="$1"
local body="$2"
local recipient="${EMAIL:-}"
if [[ -n "$recipient" ]]; then
log "Sending email notification to $recipient..."
curl -s "https://api.postmarkapp.com/email" \
-X POST \
-H "Accept: application/json" \
-H "Content-Type: application/json" \
-H "X-Postmark-Server-Token: d88b25c4-2fdb-43d3-9097-f6c655a9742b" \
-d "{
\"From\": \"admin@mightybox.io\",
\"To\": \"$recipient\",
\"Subject\": \"$subject\",
\"HtmlBody\": \"$body\",
\"MessageStream\": \"outbound\"
}" > /dev/null && log "Email sent successfully." || log "Failed to send email."
else
log "Email not provided. Skipping email notification."
fi
}
# Function to validate IP address
validate_ip() {
local ip=$1
[[ "$ip" =~ ^([0-9]{1,3}\.){3}[0-9]{1,3}$ ]] && return 0 || return 1
}
# Function to validate domain
validate_domain() {
local domain=$1
[[ "$domain" =~ ^([a-zA-Z0-9](-*[a-zA-Z0-9])*\.)+[a-zA-Z]{2,}$ ]] && return 0 || return 1
}
# Function to validate email
validate_email() {
local email=$1
[[ "$email" =~ ^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}$ ]] && return 0 || return 1
}
# Function to validate DNS resolution
validate_dns_resolution() {
log "Validating DNS resolution for $DOMAIN..."
RESOLVED_IPS=$(dig +short "$DOMAIN" A)
if echo "$RESOLVED_IPS" | grep -q "$PUBLIC_IP"; then
log "DNS validation successful. $DOMAIN resolves to the expected public IP ($PUBLIC_IP)."
return 0
else
log "DNS validation failed. $DOMAIN does not resolve to the expected public IP ($PUBLIC_IP)."
return 1
fi
}
# Function to validate HTTP access
validate_http_access() {
log "Validating HTTP access for $DOMAIN..."
ACME_DIR="/var/www/webroot/ROOT/.well-known/acme-challenge"
mkdir -p "$ACME_DIR"
chmod 0755 "$ACME_DIR"
TOKEN=$(openssl rand -hex 16)
echo "$TOKEN" > "$ACME_DIR/test-token"
# Test HTTP access by retrieving the token
RESPONSE=$(curl -s "http://$DOMAIN/.well-known/acme-challenge/test-token")
if [[ "$RESPONSE" == "$TOKEN" ]]; then
log "HTTP validation successful. $DOMAIN is accessible."
return 0
else
log "HTTP validation failed. Unable to retrieve the test token from $DOMAIN."
return 1
fi
}
# Function to validate the domain connection
validate_domain_connection() {
if validate_dns_resolution; then
log "Domain validation succeeded via DNS."
return 0
elif validate_http_access; then
log "Domain validation succeeded via HTTP."
return 0
else
log "Domain validation failed. $DOMAIN does not point to the correct IP or is not accessible via HTTP."
send_email "SSL Setup Failed" "The domain $DOMAIN could not be validated. Ensure the DNS and HTTP settings are correct."
exit 1
fi
}
# Function to update LiteSpeed configuration
update_litespeed_config() {
local config_file="/var/www/conf/httpd_config.xml"
local key_file="/etc/letsencrypt/live/$DOMAIN/privkey.pem"
local cert_file="/etc/letsencrypt/live/$DOMAIN/fullchain.pem"
log "Updating LiteSpeed configuration..."
if grep -q "$DOMAIN" "$config_file"; then
log "Domain $DOMAIN already exists in the configuration. Updating..."
sed -i "/<listener>/,/<\/listener>/s|<keyFile>.*</keyFile>|<keyFile>$key_file</keyFile>|" "$config_file"
sed -i "/<listener>/,/<\/listener>/s|<certFile>.*</certFile>|<certFile>$cert_file</certFile>|" "$config_file"
else
log "Domain $DOMAIN not found in configuration. Adding new listener..."
sed -i "/<\/listenerList>/i\
<listener>\
<name>HTTPS-$DOMAIN</name>\
<address>*:443</address>\
<secure>1</secure>\
<keyFile>$key_file</keyFile>\
<certFile>$cert_file</certFile>\
<certChain>1</certChain>\
</listener>" "$config_file"
fi
log "LiteSpeed configuration updated successfully."
}
# Function to set up automatic renewal
setup_cron_job() {
log "Setting up cron job for Certbot renewal..."
# Ensure crond is running
if ! systemctl is-active --quiet crond; then
log "Starting crond service..."
sudo systemctl start crond
sudo systemctl enable crond
fi
# Add cron job for Certbot renewal
if ! crontab -l 2>/dev/null | grep -q "certbot renew"; then
(crontab -l 2>/dev/null; echo "0 3 * * * /usr/bin/certbot renew --quiet") | crontab -
log "Cron job added for Certbot renewal."
else
log "Cron job for Certbot renewal already exists."
fi
# Verify cron job
log "Verifying cron job..."
if crontab -l | grep -q "certbot renew"; then
log "Cron job successfully set up."
else
log "Failed to set up cron job. Please check manually."
exit 1
fi
}
# Parse input parameters
for arg in "$@"; do
case $arg in
--public-ip=*)
PUBLIC_IP="${arg#*=}"
;;
--domain=*)
DOMAIN="${arg#*=}"
;;
--email=*)
EMAIL="${arg#*=}"
;;
*)
echo "Invalid argument: $arg"
exit 1
;;
esac
done
# Input validation
log "Validating inputs..."
if [[ -z "${PUBLIC_IP:-}" || -z "${DOMAIN:-}" ]]; then
echo "Error: --public-ip and --domain are mandatory."
exit 1
fi
validate_ip "$PUBLIC_IP" || { echo "Invalid public IP: $PUBLIC_IP"; exit 1; }
validate_domain "$DOMAIN" || { echo "Invalid domain: $DOMAIN"; exit 1; }
if [[ -n "${EMAIL:-}" ]]; then
validate_email "$EMAIL" || { echo "Invalid email: $EMAIL"; exit 1; }
fi
# Validate the domain connection
validate_domain_connection
# Install Certbot
log "Installing Certbot..."
if ! command -v certbot > /dev/null; then
if [[ -f /etc/debian_version ]]; then
apt-get update && apt-get install -y certbot
elif [[ -f /etc/redhat-release ]]; then
yum install -y certbot
else
echo "Unsupported OS. Install Certbot manually."
exit 1
fi
fi
# Issue SSL certificate
CERTBOT_CMD="certbot certonly --webroot -w /var/www/webroot/ROOT -d $DOMAIN --agree-tos --non-interactive"
[[ -n "${EMAIL:-}" ]] && CERTBOT_CMD+=" --email $EMAIL"
if $CERTBOT_CMD; then
log "SSL certificate issued successfully for $DOMAIN."
update_litespeed_config
sudo systemctl reload lsws
send_email "$DOMAIN SSL Certificate Issued Successfully" "The SSL certificate for $DOMAIN has been successfully installed."
setup_cron_job
else
log "Certbot failed."
send_email "SSL Certificate Installation Failed" "An error occurred while installing the SSL certificate for $DOMAIN."
exit 1
fi