Added Domain IP Checker
parent
919369eecc
commit
dfed8a18c2
28
mbadmin.jps
28
mbadmin.jps
|
|
@ -30,7 +30,8 @@ onInstall:
|
|||
-OL https://deploy-proxy.mightybox.io/tony/mb-admin/raw/branch/main/scripts/relay/uninstall_relay.sh)
|
||||
- chmod +x /home/litespeed/mbmanager/relay/*.sh
|
||||
# Download SSL manager script
|
||||
- (cd /home/litespeed/mbmanager/ssl-manager && curl -OL https://deploy-proxy.mightybox.io/tony/mb-admin/raw/branch/main/scripts/ssl-manager/ssl_manager.sh)
|
||||
- (cd /home/litespeed/mbmanager/ssl-manager && curl -OL https://deploy-proxy.mightybox.io/tony/mb-admin/raw/branch/main/scripts/ssl-manager/ssl_manager.sh \
|
||||
-OL https://deploy-proxy.mightybox.io/tony/mb-admin/raw/branch/main/scripts/ssl-manager/ipchecker.sh)
|
||||
- chmod +x /home/litespeed/mbmanager/ssl-manager/*.sh
|
||||
# Install Certbot for AlmaLinux
|
||||
- dnf install -y certbot
|
||||
|
|
@ -128,8 +129,25 @@ menu:
|
|||
action: issue_ssl_cert
|
||||
settings: sslCertConfig
|
||||
successText: "SSL certificate for '${settings.domain}' has been issued successfully."
|
||||
- confirmText: Check if the domain is resolving to the expected IP address?
|
||||
loadingText: Checking Domain...
|
||||
caption: Check Domain IP
|
||||
action: check_domain_ip
|
||||
settings: checkDomainConfig
|
||||
successText: "${response.out}"
|
||||
|
||||
settings:
|
||||
checkDomainConfig:
|
||||
submitUnchanged: true
|
||||
fields:
|
||||
- name: domain
|
||||
type: text
|
||||
caption: Domain Name
|
||||
required: true
|
||||
- name: public_ip
|
||||
type: text
|
||||
caption: Public IP Address
|
||||
required: true
|
||||
wpCliConfig:
|
||||
submitUnchanged: true
|
||||
fields:
|
||||
|
|
@ -542,6 +560,14 @@ actions:
|
|||
- return:
|
||||
type: info
|
||||
message: "SSL certificate for '${settings.domain}' has been issued successfully."
|
||||
check_domain_ip:
|
||||
- cmd[cp]:
|
||||
user: root
|
||||
commands:
|
||||
- bash /home/litespeed/mbmanager/ssl-manager/ipchecker.sh -d "${settings.domain}" -i "${settings.public_ip}"
|
||||
- return:
|
||||
type: info
|
||||
message: "${response.out}"
|
||||
|
||||
responses:
|
||||
enableSuccess:
|
||||
|
|
|
|||
|
|
@ -0,0 +1,75 @@
|
|||
#!/bin/bash
|
||||
|
||||
# Usage function
|
||||
display_usage() {
|
||||
echo "Usage: $0 -d <domain> -i <expected_ip> [-t <timeout>]"
|
||||
exit 1
|
||||
}
|
||||
|
||||
# Parse arguments
|
||||
while getopts "d:i:t:" opt; do
|
||||
case ${opt} in
|
||||
d) DOMAIN=${OPTARG} ;;
|
||||
i) EXPECTED_IP=${OPTARG} ;;
|
||||
t) TIMEOUT=${OPTARG} ;;
|
||||
*) display_usage ;;
|
||||
esac
|
||||
done
|
||||
|
||||
# Validate required arguments
|
||||
if [[ -z "$DOMAIN" || -z "$EXPECTED_IP" ]]; then
|
||||
display_usage
|
||||
fi
|
||||
|
||||
# Set default timeout if not provided
|
||||
TIMEOUT=${TIMEOUT:-5}
|
||||
|
||||
# Check A record using multiple resolvers
|
||||
GLOBAL_A_RECORD=$(dig +short A "$DOMAIN" @8.8.8.8 | tail -n1)
|
||||
CLOUDFLARE_A_RECORD=$(dig +short A "$DOMAIN" @1.1.1.1 | tail -n1)
|
||||
OPENDNS_A_RECORD=$(dig +short A "$DOMAIN" @208.67.222.222 | tail -n1)
|
||||
CNAME_RECORD=$(dig +short CNAME "$DOMAIN" @1.1.1.1)
|
||||
|
||||
if [[ "$GLOBAL_A_RECORD" == "$EXPECTED_IP" || "$CLOUDFLARE_A_RECORD" == "$EXPECTED_IP" || "$OPENDNS_A_RECORD" == "$EXPECTED_IP" ]]; then
|
||||
echo "Domain $DOMAIN is globally resolving to $EXPECTED_IP."
|
||||
exit 0
|
||||
fi
|
||||
|
||||
# Detect Cloudflare Proxy
|
||||
if [[ -n "$CNAME_RECORD" ]]; then
|
||||
echo "Cloudflare proxy detected! Domain is proxied via CNAME: $CNAME_RECORD"
|
||||
fi
|
||||
|
||||
# Check for DNS challenge (Let's Encrypt)
|
||||
DNS_CHALLENGE=$(dig +short TXT "_acme-challenge.$DOMAIN")
|
||||
if [[ ! -z "$DNS_CHALLENGE" ]]; then
|
||||
echo "DNS challenge found: $DNS_CHALLENGE. Domain might be using a proxy."
|
||||
fi
|
||||
|
||||
# Check for HTTP challenge
|
||||
ROOT_FOLDER="/var/www/webroot/ROOT"
|
||||
HTTP_RESPONSE=$(curl -s --max-time $TIMEOUT "http://$DOMAIN/.well-known/acme-challenge/test" --output "$ROOT_FOLDER/http_challenge_response.txt")
|
||||
if [[ ! -z "$HTTP_RESPONSE" ]]; then
|
||||
echo "HTTP challenge response found: $HTTP_RESPONSE. Domain might be using a proxy."
|
||||
fi
|
||||
|
||||
# Direct verification using forced connection
|
||||
echo "Verifying domain reaches expected server via direct connection..."
|
||||
HTTP_TEST=$(curl -s --max-time $TIMEOUT --connect-to "$DOMAIN:443:$EXPECTED_IP" "https://$DOMAIN" -H "Host: $DOMAIN" -k | grep -o "VALID_RESPONSE_MARKER")
|
||||
|
||||
if [[ "$HTTP_TEST" == "VALID_RESPONSE_MARKER" ]]; then
|
||||
echo "Domain is correctly routing to expected server at $EXPECTED_IP. (Proxy bypass successful)"
|
||||
exit 0
|
||||
fi
|
||||
|
||||
# Test direct TCP connection using telnet
|
||||
echo "Testing direct TCP connection to backend..."
|
||||
echo -e "HEAD / HTTP/1.1\nHost: $DOMAIN\n\n" | timeout $TIMEOUT telnet "$EXPECTED_IP" 80 &>/dev/null
|
||||
if [[ $? -eq 0 ]]; then
|
||||
echo "Successfully connected to expected server at $EXPECTED_IP via TCP."
|
||||
exit 0
|
||||
fi
|
||||
|
||||
# Final failure message
|
||||
echo "Domain does not resolve to the expected server. Cloudflare proxy might be active."
|
||||
exit 1
|
||||
Loading…
Reference in New Issue