tony
/
mb-admin
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: tony:bafe7c4092fb67782a27108112a263bf8eb14d27
Branches Tags
tony:main
..
compare: tony:4e72425579ed6db6cea1b1d32374dee65185f0a9
Branches Tags
tony:main

No commits in common. "bafe7c4092fb67782a27108112a263bf8eb14d27" and "4e72425579ed6db6cea1b1d32374dee65185f0a9" have entirely different histories.
bafe7c4092 ... 4e72425579

3 changed files with 74 additions and 273 deletions
Show Stats Expand all files Collapse all files

25
mbadmin.jps
View File

@ -137,12 +137,6 @@ menu:
action: check_domain_ip action: check_domain_ip
settings: checkDomainConfig settings: checkDomainConfig
successText: "${response.out}" successText: "${response.out}"
- confirmText: Are you sure you want to remove SSL certificate(s)?
loadingText: Removing SSL Certificate(s)...
caption: Remove SSL Certificate
action: remove_ssl_cert
settings: sslRemoveConfig
successText: "${response.out}"
settings: settings:
checkDomainConfig: checkDomainConfig:
@ -262,13 +256,6 @@ settings:
type: text type: text
caption: Email Address caption: Email Address
required: true required: true
sslRemoveConfig:
submitUnchanged: true
fields:
- name: domains
type: text
caption: Comma-separated Domains
required: true
actions: actions:
dynamic_wp_cli: dynamic_wp_cli:
@ -583,14 +570,6 @@ actions:
- return: - return:
type: info type: info
message: "${response.out}" message: "${response.out}"
remove_ssl_cert:
- cmd[cp]:
user: root
commands:
- bash /home/litespeed/mbmanager/ssl-manager/ssl_remover.sh --domains="${settings.domains}" ${EMAIL:+--email="${EMAIL}"}
- return:
type: info
message: "${response.out}"
responses: responses:
enableSuccess: enableSuccess:
@ -620,10 +599,6 @@ buttons:
action: litespeed_update_settings action: litespeed_update_settings
caption: Update LiteSpeed Cache Settings caption: Update LiteSpeed Cache Settings
submitButtonText: Update Cache Settings submitButtonText: Update Cache Settings
- settings: sslRemoveConfig
action: remove_ssl_cert
caption: Remove SSL Certificates
submitButtonText: Remove Certificates
onUninstall: onUninstall:
- cmd[cp]: - cmd[cp]:

42
scripts/ssl-manager/ssl_manager.sh
View File

@ -58,15 +58,14 @@ validate_email() {
# Function to validate DNS resolution # Function to validate DNS resolution
validate_dns_resolution() { validate_dns_resolution() {
local domain=$1 log "Validating DNS resolution for $DOMAIN..."
log "Validating DNS resolution for $domain..." RESOLVED_IPS=$(dig +short "$DOMAIN" A)
RESOLVED_IPS=$(dig +short "$domain" A)
if echo "$RESOLVED_IPS" | grep -q "$PUBLIC_IP"; then if echo "$RESOLVED_IPS" | grep -q "$PUBLIC_IP"; then
log "DNS validation successful. $domain resolves to the expected public IP ($PUBLIC_IP)." log "DNS validation successful. $DOMAIN resolves to the expected public IP ($PUBLIC_IP)."
return 0 return 0
else else
log "DNS validation failed. $domain does not resolve to the expected public IP ($PUBLIC_IP)." log "DNS validation failed. $DOMAIN does not resolve to the expected public IP ($PUBLIC_IP)."
return 1 return 1
fi fi
} }
@ -96,7 +95,7 @@ validate_http_access() {
# Function to validate the domain connection # Function to validate the domain connection
validate_domain_connection() { validate_domain_connection() {
if validate_dns_resolution "$DOMAIN"; then if validate_dns_resolution; then
log "Domain validation succeeded via DNS." log "Domain validation succeeded via DNS."
return 0 return 0
elif validate_http_access; then elif validate_http_access; then
@ -422,7 +421,7 @@ install_xml_tools() {
# Function to create or update a domain-specific HTTPS listener # Function to create or update a domain-specific HTTPS listener
create_domain_listener() { create_domain_listener() {
local domain=$1 local domain="$1"
local config_file="/var/www/conf/httpd_config.xml" local config_file="/var/www/conf/httpd_config.xml"
local vhost_name="${domain//[.]/_}" local vhost_name="${domain//[.]/_}"
local key_file="/etc/letsencrypt/live/$domain/privkey.pem" local key_file="/etc/letsencrypt/live/$domain/privkey.pem"
@ -718,15 +717,13 @@ restart_litespeed() {
} }
# Parse input parameters # Parse input parameters
declare -a DOMAINS
for arg in "$@"; do for arg in "$@"; do
case $arg in case $arg in
--public-ip=*) --public-ip=*)
PUBLIC_IP="${arg#*=}" PUBLIC_IP="${arg#*=}"
;; ;;
--domains=*) --domain=*)
IFS=',' read -ra DOMAINS <<< "${arg#*=}" DOMAIN="${arg#*=}"
PRIMARY_DOMAIN="${DOMAINS[0]}"
;; ;;
--email=*) --email=*)
EMAIL="${arg#*=}" EMAIL="${arg#*=}"
@ -740,22 +737,16 @@ done
# Input validation # Input validation
log "Validating inputs..." log "Validating inputs..."
if [[ -z "${PUBLIC_IP:-}" || ${#DOMAINS[@]} -eq 0 ]]; then if [[ -z "${PUBLIC_IP:-}" || -z "${DOMAIN:-}" ]]; then
echo "Error: --public-ip and --domain(s) are mandatory." echo "Error: --public-ip and --domain are mandatory."
exit 1 exit 1
fi fi
validate_ip "$PUBLIC_IP" || { echo "Invalid public IP: $PUBLIC_IP"; exit 1; } validate_ip "$PUBLIC_IP" || { echo "Invalid public IP: $PUBLIC_IP"; exit 1; }
for domain in "${DOMAINS[@]}"; do validate_domain "$DOMAIN" || { echo "Invalid domain: $DOMAIN"; exit 1; }
validate_domain "$domain" || { echo "Invalid domain: $domain"; exit 1; }
done
if [[ -n "${EMAIL:-}" ]]; then if [[ -n "${EMAIL:-}" ]]; then
validate_email "$EMAIL" || { echo "Invalid email: $EMAIL"; exit 1; } validate_email "$EMAIL" || { echo "Invalid email: $EMAIL"; exit 1; }
fi fi
# Main execution loop
for DOMAIN in "${DOMAINS[@]}"; do
log "Processing domain: $DOMAIN"
# Validate the domain connection # Validate the domain connection
validate_domain_connection validate_domain_connection
@ -794,18 +785,14 @@ for DOMAIN in "${DOMAINS[@]}"; do
log "Certificate still valid for $DAYS_LEFT days. Skipping renewal." log "Certificate still valid for $DAYS_LEFT days. Skipping renewal."
update_litespeed_config update_litespeed_config
setup_cron_job setup_cron_job
continue exit 0
else else
log "Certificate expires in $DAYS_LEFT days. Proceeding with renewal." log "Certificate expires in $DAYS_LEFT days. Proceeding with renewal."
fi fi
fi fi
# Modify Certbot command to include all domains # Issue SSL certificate
CERTBOT_CMD="certbot certonly --webroot -w /var/www/webroot/ROOT" CERTBOT_CMD="certbot certonly --webroot -w /var/www/webroot/ROOT -d $DOMAIN --agree-tos --non-interactive"
for domain in "${DOMAINS[@]}"; do
CERTBOT_CMD+=" -d $domain"
done
CERTBOT_CMD+=" --agree-tos --non-interactive"
[[ -n "${EMAIL:-}" ]] && CERTBOT_CMD+=" --email $EMAIL" [[ -n "${EMAIL:-}" ]] && CERTBOT_CMD+=" --email $EMAIL"
# After Certbot installation and before existing certificate check # After Certbot installation and before existing certificate check
@ -829,4 +816,3 @@ for DOMAIN in "${DOMAINS[@]}"; do
send_email "SSL Certificate Installation Failed" "An error occurred while installing the SSL certificate for $DOMAIN." send_email "SSL Certificate Installation Failed" "An error occurred while installing the SSL certificate for $DOMAIN."
exit 1 exit 1
fi fi
done

160
scripts/ssl-manager/ssl_remover.sh
View File

@ -1,160 +0,0 @@
#!/bin/bash
set -euo pipefail
# Log file setup
LOG_DIR="/var/log/mb-ssl"
LOG_FILE="$LOG_DIR/ssl-remover.log"
mkdir -p "$LOG_DIR"
chmod 0755 "$LOG_DIR"
exec > >(tee -a "$LOG_FILE") 2>&1
# Function to log messages
log() {
echo "$(date '+%Y-%m-%d %H:%M:%S') $1"
}
# Email function (same as in ssl_manager.sh)
send_email() {
local subject="$1"
local body="$2"
local recipient="${EMAIL:-}"
[[ -n "$recipient" ]] && {
log "Sending email notification to $recipient..."
curl -s "https://api.postmarkapp.com/email" \
-X POST \
-H "Accept: application/json" \
-H "Content-Type: application/json" \
-H "X-Postmark-Server-Token: d88b25c4-2fdb-43d3-9097-f6c655a9742b" \
-d "{
\"From\": \"admin@mightybox.io\",
\"To\": \"$recipient\",
\"Subject\": \"$subject\",
\"HtmlBody\": \"$body\",
\"MessageStream\": \"outbound\"
}" > /dev/null && log "Email sent." || log "Email failed."
}
}
# Backup configuration with timestamp
backup_config() {
local config_file="/var/www/conf/httpd_config.xml"
local backup_dir="/var/www/conf/backups"
local timestamp=$(date +%Y%m%d%H%M%S)
mkdir -p "$backup_dir"
cp "$config_file" "$backup_dir/httpd_config.pre-removal-$timestamp.xml"
log "Config backup saved to $backup_dir/httpd_config.pre-removal-$timestamp.xml"
}
# Remove certificate using Certbot
remove_certificate() {
local domain="$1"
if certbot certificates | grep -q "Domains: $domain"; then
log "Removing certificate for $domain..."
certbot delete --cert-name "$domain" --non-interactive
rm -rf "/etc/letsencrypt/live/$domain"*
log "Certificate removed for $domain"
else
log "No certificate found for $domain"
fi
}
# Remove listeners and associated configurations
cleanup_listeners() {
local domain="$1"
local config_file="/var/www/conf/httpd_config.xml"
local temp_file
log "Cleaning up listeners for $domain..."
# Remove listeners
sed -i "/<name>HTTPS-$domain<\/name>/,/<\/listener>/d" "$config_file"
# Remove vhostMap entries
sed -i "/<domain>$domain<\/domain>/,/<\/vhostMap>/d" "$config_file"
# Remove related virtual host
local vhost_name="${domain//./_}"
sed -i "/<name>$vhost_name<\/name>/,/<\/virtualHost>/d" "$config_file"
# Cleanup empty listenerList tags
temp_file=$(mktemp)
awk '/<listenerList>/ {flag=1; print; next} /<\/listenerList>/ {flag=0; print; next} flag && /^[[:space:]]*$/ {next} {print}' "$config_file" > "$temp_file"
mv "$temp_file" "$config_file"
}
# Validate XML configuration
validate_xml() {
local config_file="/var/www/conf/httpd_config.xml"
if command -v xmllint >/dev/null; then
log "Validating XML configuration..."
if ! xmllint --noout "$config_file"; then
log "ERROR: Invalid XML configuration after cleanup. Check backups."
return 1
fi
fi
return 0
}
# Restart LiteSpeed if needed
restart_litespeed() {
log "Restarting LiteSpeed..."
systemctl restart lsws && log "LiteSpeed restarted successfully." || log "LiteSpeed restart failed."
}
# Main execution
main() {
declare -a DOMAINS
# Parse parameters
while [[ $# -gt 0 ]]; do
case "$1" in
--domains=*)
IFS=',' read -ra DOMAINS <<< "${1#*=}"
shift
;;
--email=*)
EMAIL="${1#*=}"
shift
;;
*)
echo "Invalid parameter: $1"
exit 1
;;
esac
done
# Validate input
if [[ ${#DOMAINS[@]} -eq 0 ]]; then
echo "Error: --domains parameter is required"
exit 1
fi
backup_config
for domain in "${DOMAINS[@]}"; do
log "Processing domain: $domain"
# Validate domain format
[[ "$domain" =~ ^([a-zA-Z0-9](-*[a-zA-Z0-9])*\.)+[a-zA-Z]{2,}$ ]] || {
log "Invalid domain: $domain"
continue
}
remove_certificate "$domain"
cleanup_listeners "$domain"
done
if validate_xml; then
restart_litespeed
send_email "SSL Removal Complete" "Successfully removed SSL for domains: ${DOMAINS[*]}"
else
send_email "SSL Removal Warning" "SSL removed but configuration validation failed for domains: ${DOMAINS[*]}"
exit 1
fi
}
main "$@"