tony
/
mb-admin
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Added Domain IP Checker

main
Anthony 2025-01-30 22:06:16 +08:00
parent 919369eecc
commit dfed8a18c2
2 changed files with 102 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
mbadmin.jps
View File

@ -30,7 +30,8 @@ onInstall:
-OL https://deploy-proxy.mightybox.io/tony/mb-admin/raw/branch/main/scripts/relay/uninstall_relay.sh) -OL https://deploy-proxy.mightybox.io/tony/mb-admin/raw/branch/main/scripts/relay/uninstall_relay.sh)
- chmod +x /home/litespeed/mbmanager/relay/*.sh - chmod +x /home/litespeed/mbmanager/relay/*.sh
# Download SSL manager script # Download SSL manager script
- (cd /home/litespeed/mbmanager/ssl-manager && curl -OL https://deploy-proxy.mightybox.io/tony/mb-admin/raw/branch/main/scripts/ssl-manager/ssl_manager.sh) - (cd /home/litespeed/mbmanager/ssl-manager && curl -OL https://deploy-proxy.mightybox.io/tony/mb-admin/raw/branch/main/scripts/ssl-manager/ssl_manager.sh \
-OL https://deploy-proxy.mightybox.io/tony/mb-admin/raw/branch/main/scripts/ssl-manager/ipchecker.sh)
- chmod +x /home/litespeed/mbmanager/ssl-manager/*.sh - chmod +x /home/litespeed/mbmanager/ssl-manager/*.sh
# Install Certbot for AlmaLinux # Install Certbot for AlmaLinux
- dnf install -y certbot - dnf install -y certbot
@ -128,8 +129,25 @@ menu:
action: issue_ssl_cert action: issue_ssl_cert
settings: sslCertConfig settings: sslCertConfig
successText: "SSL certificate for '${settings.domain}' has been issued successfully." successText: "SSL certificate for '${settings.domain}' has been issued successfully."
- confirmText: Check if the domain is resolving to the expected IP address?
loadingText: Checking Domain...
caption: Check Domain IP
action: check_domain_ip
settings: checkDomainConfig
successText: "${response.out}"
settings: settings:
checkDomainConfig:
submitUnchanged: true
fields:
- name: domain
type: text
caption: Domain Name
required: true
- name: public_ip
type: text
caption: Public IP Address
required: true
wpCliConfig: wpCliConfig:
submitUnchanged: true submitUnchanged: true
fields: fields:
@ -542,6 +560,14 @@ actions:
- return: - return:
type: info type: info
message: "SSL certificate for '${settings.domain}' has been issued successfully." message: "SSL certificate for '${settings.domain}' has been issued successfully."
check_domain_ip:
- cmd[cp]:
user: root
commands:
- bash /home/litespeed/mbmanager/ssl-manager/ipchecker.sh -d "${settings.domain}" -i "${settings.public_ip}"
- return:
type: info
message: "${response.out}"
responses: responses:
enableSuccess: enableSuccess:

75
scripts/ssl-manager/ipchecker.sh 100644
View File

@ -0,0 +1,75 @@
#!/bin/bash
# Usage function
display_usage() {
echo "Usage: $0 -d <domain> -i <expected_ip> [-t <timeout>]"
exit 1
}
# Parse arguments
while getopts "d:i:t:" opt; do
case ${opt} in
d) DOMAIN=${OPTARG} ;;
i) EXPECTED_IP=${OPTARG} ;;
t) TIMEOUT=${OPTARG} ;;
*) display_usage ;;
esac
done
# Validate required arguments
if [[ -z "$DOMAIN" || -z "$EXPECTED_IP" ]]; then
display_usage
fi
# Set default timeout if not provided
TIMEOUT=${TIMEOUT:-5}
# Check A record using multiple resolvers
GLOBAL_A_RECORD=$(dig +short A "$DOMAIN" @8.8.8.8 | tail -n1)
CLOUDFLARE_A_RECORD=$(dig +short A "$DOMAIN" @1.1.1.1 | tail -n1)
OPENDNS_A_RECORD=$(dig +short A "$DOMAIN" @208.67.222.222 | tail -n1)
CNAME_RECORD=$(dig +short CNAME "$DOMAIN" @1.1.1.1)
if [[ "$GLOBAL_A_RECORD" == "$EXPECTED_IP" || "$CLOUDFLARE_A_RECORD" == "$EXPECTED_IP" || "$OPENDNS_A_RECORD" == "$EXPECTED_IP" ]]; then
echo "Domain $DOMAIN is globally resolving to $EXPECTED_IP."
exit 0
fi
# Detect Cloudflare Proxy
if [[ -n "$CNAME_RECORD" ]]; then
echo "Cloudflare proxy detected! Domain is proxied via CNAME: $CNAME_RECORD"
fi
# Check for DNS challenge (Let's Encrypt)
DNS_CHALLENGE=$(dig +short TXT "_acme-challenge.$DOMAIN")
if [[ ! -z "$DNS_CHALLENGE" ]]; then
echo "DNS challenge found: $DNS_CHALLENGE. Domain might be using a proxy."
fi
# Check for HTTP challenge
ROOT_FOLDER="/var/www/webroot/ROOT"
HTTP_RESPONSE=$(curl -s --max-time $TIMEOUT "http://$DOMAIN/.well-known/acme-challenge/test" --output "$ROOT_FOLDER/http_challenge_response.txt")
if [[ ! -z "$HTTP_RESPONSE" ]]; then
echo "HTTP challenge response found: $HTTP_RESPONSE. Domain might be using a proxy."
fi
# Direct verification using forced connection
echo "Verifying domain reaches expected server via direct connection..."
HTTP_TEST=$(curl -s --max-time $TIMEOUT --connect-to "$DOMAIN:443:$EXPECTED_IP" "https://$DOMAIN" -H "Host: $DOMAIN" -k | grep -o "VALID_RESPONSE_MARKER")
if [[ "$HTTP_TEST" == "VALID_RESPONSE_MARKER" ]]; then
echo "Domain is correctly routing to expected server at $EXPECTED_IP. (Proxy bypass successful)"
exit 0
fi
# Test direct TCP connection using telnet
echo "Testing direct TCP connection to backend..."
echo -e "HEAD / HTTP/1.1\nHost: $DOMAIN\n\n" | timeout $TIMEOUT telnet "$EXPECTED_IP" 80 &>/dev/null
if [[ $? -eq 0 ]]; then
echo "Successfully connected to expected server at $EXPECTED_IP via TCP."
exit 0
fi
# Final failure message
echo "Domain does not resolve to the expected server. Cloudflare proxy might be active."
exit 1