tony
/
mb-admin
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: tony:bafe7c4092fb67782a27108112a263bf8eb14d27
Branches Tags
tony:main
..
compare: tony:a4e76194c4ad014558a8ec4517da5219babb4ea3
Branches Tags
tony:main

2 Commits
bafe7c4092 ... a4e76194c4

Author SHA1 Message Date
Anthony a4e76194c4 Updated and optimized scripts 2025-03-25 21:09:26 +08:00
Anthony af62765c85 Optimized JPS script 2025-03-25 20:55:20 +08:00
2 changed files with 173 additions and 155 deletions
Show Stats Expand all files Collapse all files

99
mbadmin.jps
View File

@ -591,6 +591,105 @@ actions:
- return:
type: info
message: "${response.out}"
diagnose_litespeed_config:
- cmd[cp]:
user: root
commands:
- |
CONF_FILE="/var/www/conf/httpd_config.xml"
echo "Analyzing LiteSpeed configuration tags..."
echo "-----------------------------------"
grep -c '<n>' "${CONF_FILE}" | { echo "Number of <n> tags: $(cat)"; }
grep -c '</n>' "${CONF_FILE}" | { echo "Number of </n> tags: $(cat)"; }
grep -c '<name>' "${CONF_FILE}" | { echo "Number of <name> tags: $(cat)"; }
grep -c '</name>' "${CONF_FILE}" | { echo "Number of </name> tags: $(cat)"; }
echo "-----------------------------------"
echo "First 5 instances of <n> tags:"
grep -n '<n>' "${CONF_FILE}" | head -5
echo "-----------------------------------"
echo "Testing sed command effectiveness:"
cp "${CONF_FILE}" /tmp/test_config.xml
sed -i 's|<n>|<name>|g' /tmp/test_config.xml
sed -i 's|</n>|</name>|g' /tmp/test_config.xml
echo "After sed, remaining <n> tags: $(grep -c '<n>' /tmp/test_config.xml)"
echo "After sed, remaining </n> tags: $(grep -c '</n>' /tmp/test_config.xml)"
echo "-----------------------------------"
- return:
type: info
message: "${response.out}"
clean_cert_references:
- cmd[cp]:
user: root
commands:
- |
DOMAIN="${settings.domain}"
CONF_FILE="/var/www/conf/httpd_config.xml"
BACKUP_FILE="${CONF_FILE}.bak.$(date +%Y%m%d%H%M%S)"
# Create backup
cp "${CONF_FILE}" "${BACKUP_FILE}"
echo "Created backup at ${BACKUP_FILE}"
# Create temp file for processing
TEMP_FILE=$(mktemp)
# Clean up certificate references
echo "Cleaning up certificate references for ${DOMAIN}..."
# Use awk with proper quoting and domain variable handling
awk -v domain="${DOMAIN}" '
BEGIN { in_listener = 0; is_shared = 0; }
/<listener>/ {
in_listener = 1;
print;
next;
}
in_listener && (/<name>HTTPS<\/name>/ || /<name>HTTPS-ipv6<\/name>/) {
is_shared = 1;
print;
next;
}
in_listener && is_shared && /<keyFile>.*live\/'"${DOMAIN}"'\/.*<\/keyFile>/ {
print " <keyFile>/var/www/conf/default.key</keyFile>";
next;
}
in_listener && is_shared && /<certFile>.*live\/'"${DOMAIN}"'\/.*<\/certFile>/ {
print " <certFile>/var/www/conf/default.crt</certFile>";
next;
}
/<\/listener>/ {
in_listener = 0;
is_shared = 0;
print;
next;
}
{ print; }
' "${CONF_FILE}" > "${TEMP_FILE}"
# Verify the file is valid
if grep -q "<httpServerConfig>" "${TEMP_FILE}" && grep -q "</httpServerConfig>" "${TEMP_FILE}"; then
# Apply changes
cat "${TEMP_FILE}" > "${CONF_FILE}"
rm -f "${TEMP_FILE}"
echo "Certificate references cleaned up successfully."
# Restart LiteSpeed
echo "Restarting LiteSpeed..."
systemctl restart lsws
else
echo "ERROR: Generated config is invalid. Keeping original configuration."
rm -f "${TEMP_FILE}"
exit 1
fi
- return:
type: info
message: "${response.out}"
responses:
enableSuccess:

229
scripts/ssl-manager/ssl_manager.sh
View File

@ -188,55 +188,24 @@ validate_xml_config() {
log "Validating XML configuration..."
# Check if xmllint is available
if ! command -v xmllint >/dev/null 2>&1; then
log "WARNING: xmllint not available. Skipping XML validation."
return 0 # Return success and continue
# Check basic tag balance first
local open_listeners=$(grep -c '<listener>' "$config_file")
local close_listeners=$(grep -c '</listener>' "$config_file")
if [ "$open_listeners" -ne "$close_listeners" ]; then
log "ERROR: Listener tag mismatch (${open_listeners} open vs ${close_listeners} close)"
return 1
fi
# Create a temporary validation copy (don't modify the original yet)
local validate_file=$(mktemp)
if [ ! -f "$validate_file" ]; then
log "Error: Failed to create temporary file for validation."
return 0 # Continue without validation rather than failing
# Use xmllint if available
if command -v xmllint >/dev/null; then
if ! xmllint --noout "$config_file"; then
log "ERROR: XML validation failed with xmllint"
return 1
fi
fi
# Copy the file - don't try to fix formatting
cp "$config_file" "$validate_file"
# Try basic validation first
if xmllint --noout "$validate_file" 2>/dev/null; then
log "XML configuration validation passed."
rm -f "$validate_file"
return 0
fi
# Validation failed - attempt a simple check to see if main tags are balanced
local open_http=$(grep -c "<httpServerConfig>" "$config_file")
local close_http=$(grep -c "</httpServerConfig>" "$config_file")
local open_listeners=$(grep -c "<listener>" "$config_file")
local close_listeners=$(grep -c "</listener>" "$config_file")
if [ "$open_http" -eq "$close_http" ] && [ "$open_listeners" -eq "$close_listeners" ]; then
log "WARNING: XML syntax validation failed but basic structure seems intact. Proceeding with caution."
rm -f "$validate_file"
return 0 # Continue anyway - LiteSpeed may be more forgiving than xmllint
fi
# If we reach here, validation failed and basic structure check failed
log "ERROR: XML validation failed. Configuration file may be corrupted."
log "Found $open_http opening and $close_http closing httpServerConfig tags"
log "Found $open_listeners opening and $close_listeners closing listener tags"
rm -f "$validate_file"
if [ -f "$backup_file" ]; then
log "Restoring from backup..."
cp "$backup_file" "$config_file"
log "Backup restored. Please check your configuration manually."
fi
return 1
return 0
}
# Function to clean up redundant listeners with more reliable pattern matching
@ -429,96 +398,67 @@ create_domain_listener() {
local cert_file="/etc/letsencrypt/live/$domain/fullchain.pem"
local timestamp=$(date +%Y%m%d%H%M%S)
local backup_file="${config_file}.backup.${timestamp}"
log "Creating/updating domain-specific HTTPS listener for $domain..."
# Create backup if not already done
if [ ! -f "$backup_file" ]; then
cp "$config_file" "$backup_file"
log "Created backup of LiteSpeed configuration at $backup_file"
fi
# Check if listener already exists
[ -f "$backup_file" ] || cp "$config_file" "$backup_file"
# Check for existing listener
if grep -q "<name>HTTPS-$domain</name>" "$config_file"; then
log "HTTPS listener for $domain already exists, updating configuration..."
# Update certificate paths in existing listener
sed -i "/<name>HTTPS-$domain<\/name>/,/<\/listener>/ s|<keyFile>.*</keyFile>|<keyFile>$key_file</keyFile>|" "$config_file"
sed -i "/<name>HTTPS-$domain<\/name>/,/<\/listener>/ s|<certFile>.*</certFile>|<certFile>$cert_file</certFile>|" "$config_file"
# Verify updates were applied
if grep -A5 "<name>HTTPS-$domain</name>" "$config_file" | grep -q "$key_file"; then
log "Certificate paths updated successfully for $domain listener."
else
log "ERROR: Failed to update certificate paths for $domain listener."
return 1
fi
log "Updating existing listener for $domain..."
# Use full XML scope for replacements
sed -i "/<name>HTTPS-$domain<\/name>/,/<\/listener>/ {
s|<keyFile>.*</keyFile>|<keyFile>$key_file</keyFile>|;
s|<certFile>.*</certFile>|<certFile>$cert_file</certFile>|;
}" "$config_file"
return 0
fi
log "Creating new HTTPS listener for $domain..."
# Create a temporary file for XML editing
local temp_file=$(mktemp)
if [ ! -f "$temp_file" ]; then
log "ERROR: Failed to create temporary file for configuration update."
return 1
fi
# Insert new listener into configuration before listenerList end tag
awk -v domain="$domain" -v vhost="$vhost_name" -v key="$key_file" -v cert="$cert_file" '
# Generate properly indented XML block
listener_xml=$(cat <<EOF
<listener>
<name>HTTPS-${domain}</name>
<address>*:443</address>
<secure>1</secure>
<vhostMapList>
<vhostMap>
<vhost>${vhost_name}</vhost>
<domain>${domain}</domain>
</vhostMap>
</vhostMapList>
<keyFile>${key_file}</keyFile>
<certFile>${cert_file}</certFile>
<sslProtocol>24</sslProtocol>
<ciphers>ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384</ciphers>
</listener>
EOF
)
# Insert new listener before the listenerList closing tag
awk -v xml="$listener_xml" '
/<\/listenerList>/ {
print " <listener>"
print " <name>HTTPS-" domain "</name>"
print " <address>*:443</address>"
print " <secure>1</secure>"
print " <vhostMapList>"
print " <vhostMap>"
print " <vhost>" vhost "</vhost>"
print " <domain>" domain "</domain>"
print " </vhostMap>"
print " </vhostMapList>"
print " <keyFile>" key "</keyFile>"
print " <certFile>" cert "</certFile>"
print " <certChain>1</certChain>"
print " <sslProtocol>24</sslProtocol>"
print " <ciphers>ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384</ciphers>"
print " <sslSessionCache>1</sslSessionCache>"
print " <sslSessionTickets>1</sslSessionTickets>"
print " <enableSpdy>15</enableSpdy>"
print " </listener>"
print xml
print $0
inserted=1
next
}
{ print }
' "$config_file" > "$temp_file"
# Validate the temporary file
if [ ! -s "$temp_file" ]; then
log "ERROR: Generated configuration is empty. Keeping original configuration."
rm -f "$temp_file"
END {
if (!inserted) {
print "ERROR: Failed to find listenerList closing tag"
exit 1
}
}' "$config_file" > "${config_file}.tmp" && mv "${config_file}.tmp" "$config_file"
# Validate XML structure after modification
if ! validate_xml_config "$config_file" "$backup_file"; then
log "ERROR: Failed to create valid listener for $domain"
return 1
fi
# Check for basic XML validity
if ! grep -q "<httpServerConfig>" "$temp_file" || ! grep -q "</httpServerConfig>" "$temp_file"; then
log "ERROR: Generated configuration appears invalid. Keeping original configuration."
rm -f "$temp_file"
return 1
fi
# Apply changes
cp "$temp_file" "$config_file"
if [ $? -ne 0 ]; then
log "ERROR: Failed to update configuration file. Keeping original configuration."
rm -f "$temp_file"
return 1
fi
# Clean up temp file
rm -f "$temp_file"
log "Domain-specific HTTPS listener for $domain created successfully."
return 0
}
@ -674,46 +614,25 @@ remove_domain_from_shared_listeners() {
return 0
}
# Restart LiteSpeed with extra verification
# Revised service restart with pre-check
restart_litespeed() {
log "Restarting LiteSpeed web server..."
# Verify configuration before restart
if command -v /usr/local/lsws/bin/lshttpd > /dev/null; then
log "Verifying LiteSpeed configuration before restart..."
/usr/local/lsws/bin/lshttpd -t
if [ $? -ne 0 ]; then
log "ERROR: LiteSpeed configuration test failed. Not restarting server."
return 1
fi
log "LiteSpeed configuration verified successfully."
# Configuration test first
if /usr/local/lsws/bin/lshttpd -t 2>&1 | grep -q "Configuration file check failed"; then
log "ERROR: Configuration test failed, not restarting"
return 1
fi
# Now restart the service
if systemctl is-active --quiet lsws; then
systemctl restart lsws
if [ $? -ne 0 ]; then
log "ERROR: Failed to restart LiteSpeed. Please check logs."
return 1
fi
# Verify LiteSpeed is running after restart
sleep 2
if ! systemctl is-active --quiet lsws; then
log "ERROR: LiteSpeed failed to start after restart. Please check logs."
return 1
fi
log "LiteSpeed successfully restarted."
else
systemctl start lsws
if [ $? -ne 0 ]; then
log "ERROR: Failed to start LiteSpeed. Please check logs."
return 1
fi
log "LiteSpeed was not running. Started the service."
systemctl restart lsws
sleep 2
if ! systemctl is-active --quiet lsws; then
log "ERROR: LiteSpeed failed to start"
return 1
fi
log "LiteSpeed successfully restarted"
return 0
}