diff --git a/mbadmin.jps b/mbadmin.jps index 337e6ab..e50aa7b 100644 --- a/mbadmin.jps +++ b/mbadmin.jps @@ -143,6 +143,22 @@ menu: action: remove_ssl_cert settings: sslRemoveConfig successText: "SSL certificate for '${settings.domain}' has been successfully removed." + - confirmText: Do you want to fix LiteSpeed configuration XML tags? + loadingText: Fixing LiteSpeed Configuration... + caption: Fix LiteSpeed XML + action: fix_litespeed_xml + successText: "LiteSpeed configuration XML tags have been fixed." + - confirmText: Do you want to analyze the LiteSpeed configuration? + loadingText: Analyzing LiteSpeed configuration... + caption: Diagnose LiteSpeed Config + action: diagnose_litespeed_config + successText: "LiteSpeed configuration analysis complete." + - confirmText: Clean up certificate references in shared listeners? + loadingText: Cleaning up certificate references... + caption: Clean Certificate References + action: clean_cert_references + settings: cleanCertConfig + successText: "Certificate references have been cleaned up." settings: checkDomainConfig: @@ -263,6 +279,13 @@ settings: caption: Email Address required: true sslRemoveConfig: + submitUnchanged: true + fields: + - name: domainremove + type: text + caption: Domain Name + required: true + cleanCertConfig: submitUnchanged: true fields: - name: domain @@ -587,16 +610,131 @@ actions: - cmd[cp]: user: root commands: - - bash /home/litespeed/mbmanager/ssl-manager/ssl_manager.sh --domain="${settings.domain}" --remove-cert=yes --confirm=yes + - bash /home/litespeed/mbmanager/ssl-manager/ssl_manager.sh --domain="${settings.domainremove}" --remove-cert=yes --confirm=yes - if: ${response.exitcode} == 0 return: type: success - message: "SSL certificate for '${settings.domain}' has been successfully removed." + message: "SSL certificate for '${settings.domainremove}' has been successfully removed." - else: return: type: error message: "Failed to remove SSL certificate: ${response.out}" + fix_litespeed_xml: + - cmd[cp]: + user: root + commands: + - CONF_FILE="/var/www/conf/httpd_config.xml" + - echo "Backing up LiteSpeed configuration..." + - cp "$CONF_FILE" "${CONF_FILE}.backup.$(date +%Y%m%d%H%M%S)" + - echo "Fixing XML tag inconsistencies..." + - awk '{gsub(//, ""); gsub(/<\/n>/, ""); print}' "$CONF_FILE" > "${CONF_FILE}.new" + - cat "${CONF_FILE}.new" > "$CONF_FILE" + - rm "${CONF_FILE}.new" + - systemctl restart lsws + - return: + type: success + message: "LiteSpeed configuration XML tags have been normalized. The web server has been restarted." + diagnose_litespeed_config: + - cmd[cp]: + user: root + commands: + - | + CONF_FILE="/var/www/conf/httpd_config.xml" + echo "Analyzing LiteSpeed configuration tags..." + echo "-----------------------------------" + echo "Number of tags: $(grep -c "" $CONF_FILE)" + echo "Number of tags: $(grep -c "" $CONF_FILE)" + echo "Number of tags: $(grep -c "" $CONF_FILE)" + echo "Number of tags: $(grep -c "" $CONF_FILE)" + echo "-----------------------------------" + echo "First 5 instances of tags:" + grep -n "" $CONF_FILE | head -5 + echo "-----------------------------------" + echo "Testing sed command effectiveness:" + cp $CONF_FILE /tmp/test_config.xml + sed -i 's///g' /tmp/test_config.xml + sed -i 's/<\/n>/<\/name>/g' /tmp/test_config.xml + echo "After sed, remaining tags: $(grep -c "" /tmp/test_config.xml)" + echo "After sed, remaining tags: $(grep -c "" /tmp/test_config.xml)" + echo "-----------------------------------" + - return: + type: info + message: "${response.out}" + clean_cert_references: + - cmd[cp]: + user: root + commands: + - | + DOMAIN="${settings.domain}" + CONF_FILE="/var/www/conf/httpd_config.xml" + BACKUP_FILE="${CONF_FILE}.bak.$(date +%Y%m%d%H%M%S)" + + # Create backup + cp "$CONF_FILE" "$BACKUP_FILE" + echo "Created backup at $BACKUP_FILE" + + # Create temp file for processing + TEMP_FILE=$(mktemp) + + # Clean up certificate references + echo "Cleaning up certificate references for $DOMAIN..." + + # Use awk to process the file + awk -v domain="$DOMAIN" ' + BEGIN { in_listener = 0; is_shared = 0; } + + // { + in_listener = 1; + print; + next; + } + + in_listener && (/HTTPS<\/name>/ || /HTTPS-ipv6<\/name>/) { + is_shared = 1; + print; + next; + } + + in_listener && is_shared && /.*live\/'"$DOMAIN"'\/.*<\/keyFile>/ { + print " /var/www/conf/default.key"; + next; + } + + in_listener && is_shared && /.*live\/'"$DOMAIN"'\/.*<\/certFile>/ { + print " /var/www/conf/default.crt"; + next; + } + + /<\/listener>/ { + in_listener = 0; + is_shared = 0; + print; + next; + } + + { print; } + ' "$CONF_FILE" > "$TEMP_FILE" + + # Verify the file is valid + if grep -q "" "$TEMP_FILE" && grep -q "" "$TEMP_FILE"; then + # Apply changes + cat "$TEMP_FILE" > "$CONF_FILE" + rm -f "$TEMP_FILE" + echo "Certificate references cleaned up successfully." + + # Restart LiteSpeed + echo "Restarting LiteSpeed..." + systemctl restart lsws + else + echo "ERROR: Generated config is invalid. Keeping original configuration." + rm -f "$TEMP_FILE" + exit 1 + fi + + - return: + type: success + message: "Certificate references for '${settings.domain}' have been cleaned up from shared listeners." responses: enableSuccess: diff --git a/scripts/ssl-manager/ssl_manager.sh b/scripts/ssl-manager/ssl_manager.sh index c102735..2627d0d 100644 --- a/scripts/ssl-manager/ssl_manager.sh +++ b/scripts/ssl-manager/ssl_manager.sh @@ -122,16 +122,26 @@ update_litespeed_config() { cp "$config_file" "$backup_file" log "Created backup of LiteSpeed configuration at $backup_file" + # Normalize XML tags - replace with throughout the config + log "Normalizing XML tags in configuration..." + if grep -q "" "$config_file"; then + log "Found tags in config, normalizing to ..." + sed -i 's///g' "$config_file" + sed -i 's/<\/n>/<\/name>/g' "$config_file" + fi + # Clean up any redundant listeners for this domain cleanup_redundant_listeners "$config_file" "$DOMAIN" - # Create domain-specific virtual host + # Create domain-specific virtual host - MUST create before listener so it exists + log "Creating domain-specific virtual host for $DOMAIN..." if ! create_domain_virtual_host "$DOMAIN"; then log "ERROR: Failed to create virtual host for $DOMAIN. Aborting configuration update." return 1 fi - # Create domain-specific listener + # Create domain-specific listener - depends on virtual host already existing + log "Creating domain-specific listener for $DOMAIN..." if ! create_domain_listener "$DOMAIN"; then log "ERROR: Failed to create listener for $DOMAIN. Aborting configuration update." return 1 @@ -839,6 +849,53 @@ remove_ssl_certificate() { { print; } ' "${temp_file}.new" > "${temp_file}.final" + # 4a. Clean up certificate references in shared listeners + log "Cleaning up certificate references in shared listeners..." + local cert_path="/etc/letsencrypt/live/$domain/" + + # Create a temporary file for processing + local cert_cleanup_temp=$(mktemp) + + # Replace certificate paths in shared listeners + awk -v domain="$domain" -v cert_path="$cert_path" ' + # Inside a listener section + //,/<\/listener>/ { + # Look for HTTPS or HTTPS-ipv6 listeners (shared listeners) + if ($0 ~ /(HTTPS|HTTPS-ipv6)<\/name>/ || $0 ~ /(HTTPS|HTTPS-ipv6)<\/n>/) { + in_shared_listener = 1; + } + + # If in shared listener and line contains certificate paths for this domain, replace them + if (in_shared_listener && $0 ~ cert_path) { + if ($0 ~ /keyFile/) { + print " /var/www/conf/default.key"; + next; + } + if ($0 ~ /certFile/) { + print " /var/www/conf/default.crt"; + next; + } + } + + # End of listener section + if ($0 ~ /<\/listener>/) { + in_shared_listener = 0; + } + } + + # Print all other lines unchanged + { print; } + ' "${temp_file}.final" > "$cert_cleanup_temp" + + # If the temporary file is valid, use it + if [ -s "$cert_cleanup_temp" ] && grep -q "" "$cert_cleanup_temp"; then + mv "$cert_cleanup_temp" "${temp_file}.final" + log "Certificate references in shared listeners cleaned up." + else + log "WARNING: Failed to clean up certificate references. Keeping original configuration." + rm -f "$cert_cleanup_temp" + fi + # Verify the processed file is valid if [ ! -s "${temp_file}.final" ]; then log "ERROR: Generated configuration is empty. Keeping original configuration." @@ -1035,6 +1092,11 @@ install_xml_tools if $CERTBOT_CMD; then log "SSL certificate issued successfully for $DOMAIN." + # Fix any inconsistent XML tags first + log "Ensuring XML tag consistency in LiteSpeed configuration..." + sed -i 's///g' /var/www/conf/httpd_config.xml + sed -i 's/<\/n>/<\/name>/g' /var/www/conf/httpd_config.xml + # Update LiteSpeed config with enhanced safety if update_litespeed_config; then restart_litespeed