tony
/
mb-admin
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
mb-admin/scripts/ssl-manager/ssl_remover.sh

160 lines
4.5 KiB
Bash
Raw Blame History

#!/bin/bash
set -euo pipefail
# Log file setup
LOG_DIR="/var/log/mb-ssl"
LOG_FILE="$LOG_DIR/ssl-remover.log"
mkdir -p "$LOG_DIR"
chmod 0755 "$LOG_DIR"
exec > >(tee -a "$LOG_FILE") 2>&1
# Function to log messages
log() {
echo "$(date '+%Y-%m-%d %H:%M:%S') $1"
}
# Email function (same as in ssl_manager.sh)
send_email() {
local subject="$1"
local body="$2"
local recipient="${EMAIL:-}"
[[ -n "$recipient" ]] && {
log "Sending email notification to $recipient..."
curl -s "https://api.postmarkapp.com/email" \
-X POST \
-H "Accept: application/json" \
-H "Content-Type: application/json" \
-H "X-Postmark-Server-Token: d88b25c4-2fdb-43d3-9097-f6c655a9742b" \
-d "{
\"From\": \"admin@mightybox.io\",
\"To\": \"$recipient\",
\"Subject\": \"$subject\",
\"HtmlBody\": \"$body\",
\"MessageStream\": \"outbound\"
}" > /dev/null && log "Email sent." || log "Email failed."
}
}
# Backup configuration with timestamp
backup_config() {
local config_file="/var/www/conf/httpd_config.xml"
local backup_dir="/var/www/conf/backups"
local timestamp=$(date +%Y%m%d%H%M%S)
mkdir -p "$backup_dir"
cp "$config_file" "$backup_dir/httpd_config.pre-removal-$timestamp.xml"
log "Config backup saved to $backup_dir/httpd_config.pre-removal-$timestamp.xml"
}
# Remove certificate using Certbot
remove_certificate() {
local domain="$1"
if certbot certificates | grep -q "Domains: $domain"; then
log "Removing certificate for $domain..."
certbot delete --cert-name "$domain" --non-interactive
rm -rf "/etc/letsencrypt/live/$domain"*
log "Certificate removed for $domain"
else
log "No certificate found for $domain"
fi
}
# Remove listeners and associated configurations
cleanup_listeners() {
local domain="$1"
local config_file="/var/www/conf/httpd_config.xml"
local temp_file
log "Cleaning up listeners for $domain..."
# Remove listeners
sed -i "/<name>HTTPS-$domain<\/name>/,/<\/listener>/d" "$config_file"
# Remove vhostMap entries
sed -i "/<domain>$domain<\/domain>/,/<\/vhostMap>/d" "$config_file"
# Remove related virtual host
local vhost_name="${domain//./_}"
sed -i "/<name>$vhost_name<\/name>/,/<\/virtualHost>/d" "$config_file"
# Cleanup empty listenerList tags
temp_file=$(mktemp)
awk '/<listenerList>/ {flag=1; print; next} /<\/listenerList>/ {flag=0; print; next} flag && /^[[:space:]]*$/ {next} {print}' "$config_file" > "$temp_file"
mv "$temp_file" "$config_file"
}
# Validate XML configuration
validate_xml() {
local config_file="/var/www/conf/httpd_config.xml"
if command -v xmllint >/dev/null; then
log "Validating XML configuration..."
if ! xmllint --noout "$config_file"; then
log "ERROR: Invalid XML configuration after cleanup. Check backups."
return 1
fi
fi
return 0
}
# Restart LiteSpeed if needed
restart_litespeed() {
log "Restarting LiteSpeed..."
systemctl restart lsws && log "LiteSpeed restarted successfully." || log "LiteSpeed restart failed."
}
# Main execution
main() {
declare -a DOMAINS
# Parse parameters
while [[ $# -gt 0 ]]; do
case "$1" in
--domains=*)
IFS=',' read -ra DOMAINS <<< "${1#*=}"
shift
;;
--email=*)
EMAIL="${1#*=}"
shift
;;
*)
echo "Invalid parameter: $1"
exit 1
;;
esac
done
# Validate input
if [[ ${#DOMAINS[@]} -eq 0 ]]; then
echo "Error: --domains parameter is required"
exit 1
fi
backup_config
for domain in "${DOMAINS[@]}"; do
log "Processing domain: $domain"
# Validate domain format
[[ "$domain" =~ ^([a-zA-Z0-9](-*[a-zA-Z0-9])*\.)+[a-zA-Z]{2,}$ ]] || {
log "Invalid domain: $domain"
continue
}
remove_certificate "$domain"
cleanup_listeners "$domain"
done
if validate_xml; then
restart_litespeed
send_email "SSL Removal Complete" "Successfully removed SSL for domains: ${DOMAINS[*]}"
else
send_email "SSL Removal Warning" "SSL removed but configuration validation failed for domains: ${DOMAINS[*]}"
exit 1
fi
}
main "$@"
Reference in New Issue View Git Blame Copy Permalink