Updated and optimized scripts

Optimized JPS script
2025-03-25 21:09:26 +08:00 · 2025-03-25 20:55:20 +08:00
2 changed files with 173 additions and 155 deletions
--- a/mbadmin.jps
+++ b/mbadmin.jps
@ -591,6 +591,105 @@ actions:
    - return:
        type: info
        message: "${response.out}"
  diagnose_litespeed_config:
    - cmd[cp]:
        user: root
        commands:
          - |
            CONF_FILE="/var/www/conf/httpd_config.xml"
            echo "Analyzing LiteSpeed configuration tags..."
            echo "-----------------------------------"
            grep -c '<n>' "${CONF_FILE}" | { echo "Number of <n> tags: $(cat)"; }
            grep -c '</n>' "${CONF_FILE}" | { echo "Number of </n> tags: $(cat)"; }
            grep -c '<name>' "${CONF_FILE}" | { echo "Number of <name> tags: $(cat)"; }
            grep -c '</name>' "${CONF_FILE}" | { echo "Number of </name> tags: $(cat)"; }
            echo "-----------------------------------"
            echo "First 5 instances of <n> tags:"
            grep -n '<n>' "${CONF_FILE}" | head -5
            echo "-----------------------------------"
            echo "Testing sed command effectiveness:"
            cp "${CONF_FILE}" /tmp/test_config.xml
            sed -i 's|<n>|<name>|g' /tmp/test_config.xml
            sed -i 's|</n>|</name>|g' /tmp/test_config.xml
            echo "After sed, remaining <n> tags: $(grep -c '<n>' /tmp/test_config.xml)"
            echo "After sed, remaining </n> tags: $(grep -c '</n>' /tmp/test_config.xml)"
            echo "-----------------------------------"
    - return:
        type: info
        message: "${response.out}"
  clean_cert_references:
    - cmd[cp]:
        user: root
        commands:
          - |
            DOMAIN="${settings.domain}"
            CONF_FILE="/var/www/conf/httpd_config.xml"
            BACKUP_FILE="${CONF_FILE}.bak.$(date +%Y%m%d%H%M%S)"
            # Create backup
            cp "${CONF_FILE}" "${BACKUP_FILE}"
            echo "Created backup at ${BACKUP_FILE}"
            # Create temp file for processing
            TEMP_FILE=$(mktemp)
            # Clean up certificate references
            echo "Cleaning up certificate references for ${DOMAIN}..."
            # Use awk with proper quoting and domain variable handling
            awk -v domain="${DOMAIN}" '
            BEGIN { in_listener = 0; is_shared = 0; }
            /<listener>/ { 
                in_listener = 1;
                print;
                next;
            }
            in_listener && (/<name>HTTPS<\/name>/ || /<name>HTTPS-ipv6<\/name>/) {
                is_shared = 1;
                print;
                next;
            }
            in_listener && is_shared && /<keyFile>.*live\/'"${DOMAIN}"'\/.*<\/keyFile>/ {
                print "      <keyFile>/var/www/conf/default.key</keyFile>";
                next;
            }
            in_listener && is_shared && /<certFile>.*live\/'"${DOMAIN}"'\/.*<\/certFile>/ {
                print "      <certFile>/var/www/conf/default.crt</certFile>";
                next;
            }
            /<\/listener>/ {
                in_listener = 0;
                is_shared = 0;
                print;
                next;
            }
            { print; }
            ' "${CONF_FILE}" > "${TEMP_FILE}"
            # Verify the file is valid
            if grep -q "<httpServerConfig>" "${TEMP_FILE}" && grep -q "</httpServerConfig>" "${TEMP_FILE}"; then
                # Apply changes
                cat "${TEMP_FILE}" > "${CONF_FILE}"
                rm -f "${TEMP_FILE}"
                echo "Certificate references cleaned up successfully."
                # Restart LiteSpeed
                echo "Restarting LiteSpeed..."
                systemctl restart lsws
            else
                echo "ERROR: Generated config is invalid. Keeping original configuration."
                rm -f "${TEMP_FILE}"
                exit 1
            fi
    - return:
        type: info
        message: "${response.out}"
 responses:
  enableSuccess:
--- a/scripts/ssl-manager/ssl_manager.sh
+++ b/scripts/ssl-manager/ssl_manager.sh
@ -188,55 +188,24 @@ validate_xml_config() {
    log "Validating XML configuration..."
-    # Check if xmllint is available
+    # Check basic tag balance first
-    if ! command -v xmllint >/dev/null 2>&1; then
+    local open_listeners=$(grep -c '<listener>' "$config_file")
-        log "WARNING: xmllint not available. Skipping XML validation."
+    local close_listeners=$(grep -c '</listener>' "$config_file")
-        return 0  # Return success and continue
+    
    if [ "$open_listeners" -ne "$close_listeners" ]; then
        log "ERROR: Listener tag mismatch (${open_listeners} open vs ${close_listeners} close)"
        return 1
    fi
-    # Create a temporary validation copy (don't modify the original yet)
+    # Use xmllint if available
-    local validate_file=$(mktemp)
+    if command -v xmllint >/dev/null; then
-    if [ ! -f "$validate_file" ]; then
+        if ! xmllint --noout "$config_file"; then
-        log "Error: Failed to create temporary file for validation."
+            log "ERROR: XML validation failed with xmllint"
-        return 0  # Continue without validation rather than failing
+            return 1
        fi
    fi
-    # Copy the file - don't try to fix formatting
+    return 0
    cp "$config_file" "$validate_file"
    # Try basic validation first
    if xmllint --noout "$validate_file" 2>/dev/null; then
        log "XML configuration validation passed."
        rm -f "$validate_file"
        return 0
    fi
    # Validation failed - attempt a simple check to see if main tags are balanced
    local open_http=$(grep -c "<httpServerConfig>" "$config_file")
    local close_http=$(grep -c "</httpServerConfig>" "$config_file")
    local open_listeners=$(grep -c "<listener>" "$config_file")
    local close_listeners=$(grep -c "</listener>" "$config_file")
    if [ "$open_http" -eq "$close_http" ] && [ "$open_listeners" -eq "$close_listeners" ]; then
        log "WARNING: XML syntax validation failed but basic structure seems intact. Proceeding with caution."
        rm -f "$validate_file"
        return 0  # Continue anyway - LiteSpeed may be more forgiving than xmllint
    fi
    # If we reach here, validation failed and basic structure check failed
    log "ERROR: XML validation failed. Configuration file may be corrupted."
    log "Found $open_http opening and $close_http closing httpServerConfig tags"
    log "Found $open_listeners opening and $close_listeners closing listener tags"
    rm -f "$validate_file"
    if [ -f "$backup_file" ]; then
        log "Restoring from backup..."
        cp "$backup_file" "$config_file"
        log "Backup restored. Please check your configuration manually."
    fi
    return 1
 }
 # Function to clean up redundant listeners with more reliable pattern matching
@ -433,92 +402,63 @@ create_domain_listener() {
    log "Creating/updating domain-specific HTTPS listener for $domain..."
    # Create backup if not already done
-    if [ ! -f "$backup_file" ]; then
+    [ -f "$backup_file" ] || cp "$config_file" "$backup_file"
        cp "$config_file" "$backup_file"
        log "Created backup of LiteSpeed configuration at $backup_file"
    fi
-    # Check if listener already exists
+    # Check for existing listener
    if grep -q "<name>HTTPS-$domain</name>" "$config_file"; then
-        log "HTTPS listener for $domain already exists, updating configuration..."
+        log "Updating existing listener for $domain..."
-        
+        # Use full XML scope for replacements
-        # Update certificate paths in existing listener
+        sed -i "/<name>HTTPS-$domain<\/name>/,/<\/listener>/ {
-        sed -i "/<name>HTTPS-$domain<\/name>/,/<\/listener>/ s|<keyFile>.*</keyFile>|<keyFile>$key_file</keyFile>|" "$config_file"
+            s|<keyFile>.*</keyFile>|<keyFile>$key_file</keyFile>|;
-        sed -i "/<name>HTTPS-$domain<\/name>/,/<\/listener>/ s|<certFile>.*</certFile>|<certFile>$cert_file</certFile>|" "$config_file"
+            s|<certFile>.*</certFile>|<certFile>$cert_file</certFile>|;
-        
+        }" "$config_file"
        # Verify updates were applied
        if grep -A5 "<name>HTTPS-$domain</name>" "$config_file" | grep -q "$key_file"; then
            log "Certificate paths updated successfully for $domain listener."
        else
            log "ERROR: Failed to update certificate paths for $domain listener."
            return 1
        fi
        return 0
    fi
    log "Creating new HTTPS listener for $domain..."
-    # Create a temporary file for XML editing
+    # Generate properly indented XML block
-    local temp_file=$(mktemp)
+    listener_xml=$(cat <<EOF
-    if [ ! -f "$temp_file" ]; then
+    <listener>
-        log "ERROR: Failed to create temporary file for configuration update."
+        <name>HTTPS-${domain}</name>
-        return 1
+        <address>*:443</address>
-    fi
+        <secure>1</secure>
        <vhostMapList>
            <vhostMap>
                <vhost>${vhost_name}</vhost>
                <domain>${domain}</domain>
            </vhostMap>
        </vhostMapList>
        <keyFile>${key_file}</keyFile>
        <certFile>${cert_file}</certFile>
        <sslProtocol>24</sslProtocol>
        <ciphers>ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384</ciphers>
    </listener>
 EOF
    )
-    # Insert new listener into configuration before listenerList end tag
+    # Insert new listener before the listenerList closing tag
-    awk -v domain="$domain" -v vhost="$vhost_name" -v key="$key_file" -v cert="$cert_file" '
+    awk -v xml="$listener_xml" '
    /<\/listenerList>/ {
-        print "    <listener>"
+        print xml
        print "      <name>HTTPS-" domain "</name>"
        print "      <address>*:443</address>"
        print "      <secure>1</secure>"
        print "      <vhostMapList>"
        print "        <vhostMap>"
        print "          <vhost>" vhost "</vhost>"
        print "          <domain>" domain "</domain>"
        print "        </vhostMap>"
        print "      </vhostMapList>"
        print "      <keyFile>" key "</keyFile>"
        print "      <certFile>" cert "</certFile>"
        print "      <certChain>1</certChain>"
        print "      <sslProtocol>24</sslProtocol>"
        print "      <ciphers>ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384</ciphers>"
        print "      <sslSessionCache>1</sslSessionCache>"
        print "      <sslSessionTickets>1</sslSessionTickets>"
        print "      <enableSpdy>15</enableSpdy>"
        print "    </listener>"
        print $0
        inserted=1
        next
    }
    { print }
-    ' "$config_file" > "$temp_file"
+    END {
        if (!inserted) {
            print "ERROR: Failed to find listenerList closing tag"
            exit 1
        }
    }' "$config_file" > "${config_file}.tmp" && mv "${config_file}.tmp" "$config_file"
-    # Validate the temporary file
+    # Validate XML structure after modification
-    if [ ! -s "$temp_file" ]; then
+    if ! validate_xml_config "$config_file" "$backup_file"; then
-        log "ERROR: Generated configuration is empty. Keeping original configuration."
+        log "ERROR: Failed to create valid listener for $domain"
        rm -f "$temp_file"
        return 1
    fi
    # Check for basic XML validity
    if ! grep -q "<httpServerConfig>" "$temp_file" || ! grep -q "</httpServerConfig>" "$temp_file"; then
        log "ERROR: Generated configuration appears invalid. Keeping original configuration."
        rm -f "$temp_file"
        return 1
    fi
    # Apply changes
    cp "$temp_file" "$config_file"
    if [ $? -ne 0 ]; then
        log "ERROR: Failed to update configuration file. Keeping original configuration."
        rm -f "$temp_file"
        return 1
    fi
    # Clean up temp file
    rm -f "$temp_file"
    log "Domain-specific HTTPS listener for $domain created successfully."
    return 0
 }
@ -674,46 +614,25 @@ remove_domain_from_shared_listeners() {
    return 0
 }
-# Restart LiteSpeed with extra verification
+# Revised service restart with pre-check
 restart_litespeed() {
    log "Restarting LiteSpeed web server..."
-    # Verify configuration before restart
+    # Configuration test first
-    if command -v /usr/local/lsws/bin/lshttpd > /dev/null; then
+    if /usr/local/lsws/bin/lshttpd -t 2>&1 | grep -q "Configuration file check failed"; then
-        log "Verifying LiteSpeed configuration before restart..."
+        log "ERROR: Configuration test failed, not restarting"
-        /usr/local/lsws/bin/lshttpd -t
+        return 1
        if [ $? -ne 0 ]; then
            log "ERROR: LiteSpeed configuration test failed. Not restarting server."
            return 1
        fi
        log "LiteSpeed configuration verified successfully."
    fi
-    # Now restart the service
+    systemctl restart lsws
-    if systemctl is-active --quiet lsws; then
+    sleep 2
        systemctl restart lsws
        if [ $? -ne 0 ]; then
            log "ERROR: Failed to restart LiteSpeed. Please check logs."
            return 1
        fi
-        # Verify LiteSpeed is running after restart
+    if ! systemctl is-active --quiet lsws; then
-        sleep 2
+        log "ERROR: LiteSpeed failed to start"
-        if ! systemctl is-active --quiet lsws; then
+        return 1
            log "ERROR: LiteSpeed failed to start after restart. Please check logs."
            return 1
        fi
        log "LiteSpeed successfully restarted."
    else
        systemctl start lsws
        if [ $? -ne 0 ]; then
            log "ERROR: Failed to start LiteSpeed. Please check logs."
            return 1
        fi
        log "LiteSpeed was not running. Started the service."
    fi
    log "LiteSpeed successfully restarted"
    return 0
 }
Author	SHA1	Message	Date
Anthony	a4e76194c4	Updated and optimized scripts	2025-03-25 21:09:26 +08:00
Anthony	af62765c85	Optimized JPS script	2025-03-25 20:55:20 +08:00