%PDF- %PDF-
Mini Shell

Mini Shell

Direktori : /opt/webdir/bin/menu/08_web/
Upload File :
Create Path :
Current File : //opt/webdir/bin/menu/08_web/04_manage_certificates.sh

PROGNAME=$(basename $0)
PROGPATH=$(dirname $0)
[[ -z $DEBUG ]] && DEBUG=0

. $PROGPATH/functions.sh || exit 1
site_menu_dir=$BIN_DIR/menu/06_site
site_menu_fnc=$site_menu_dir/functions.sh
. $site_menu_fnc || exit 1

logo=$(get_logo)

sites_related_by_cert(){
    https_cert="${1}"
    [[ -z $https_cert ]] && return 255

    # get related status
    SITES_LINKED_BY_CERT=

    sites_https_info=$($bx_sites_script -a list | \
        grep ':https:' | grep -v ":$site_name:" | sed -e 's/^bxSite:https://' | \
        grep ":$https_cert:")
    if [[ -n $sites_https_info ]]; then
        SITES_LINKED_BY_CERT=$(echo "$sites_https_info" | awk -F':' '{printf "%s,", $1}')
    fi

    # push-server
    if [[ -z $PUSH_SSL ]]; then
        cache_push_servers_status
    fi
    if [[ $PUSH_SSL == "$https_cert" ]]; then
        SITES_LINKED_BY_CERT=$SITES_LINKED_BY_CERT"push-server,"
    fi

    if [[ $DEBUG -gt 0 ]]; then
        echo "Related sites: $SITES_LINKED_BY_CERT"
    fi
}

# return 
# 1     - LE
# 2     - Own
# 3     - Standart
# 255   - Site doesn't exist
# 0     - Not configured
site_https_status() {
    site_name="${1:-default}"
    cache_pool_sites
    POOL_SITES_KERNEL_LIST=$(echo "$POOL_SITES_KERNEL_LIST" | grep -v ':ext_kernel:')
    POOL_SITES_KERNEL_COUNT=$(echo "$POOL_SITES_KERNEL_LIST" | grep -vc '^$')

    POOL_SITES_LIST="$POOL_SITES_KERNEL_LIST
$POOL_SITES_LINK_LIST"
    if [[ $(echo "$POOL_SITES_LIST" | grep -c "^$site_name:") -eq 0 ]]; then
        return 255
    fi

    # get site status
    site_root=$(echo "$POOL_SITES_LIST" | grep "^$site_name:" | awk -F':' '{print $6}')
    site_https_info=$($bx_sites_script -a status --site $site_name -r $site_root | \
        grep ':https:' | sed -e 's/^bxSite:https://')
    https_cert=$(echo "$site_https_info" | awk -F':' '{print $4}' | \
        sed -e "s:/etc/nginx/::")
    https_key=$(echo "$site_https_info" | awk -F':' '{print $5}' | \
        sed -e "s:/etc/nginx/::")
    if [[ $DEBUG -gt 0 ]]; then
        echo "Site:  $site_name"
        echo "Root:  $site_root"
        echo "Cert:  $https_cert"
        echo "Key:   $https_key"
    fi


    if [[ ( $https_cert == "$https_key" ) && ( $https_cert == 'ssl/cert.pem' ) ]]; then
        return 3
    fi

    if [[ $(echo "$https_cert" | grep -wc "dehydrated") -gt 0 ]]; then
       sites_related_by_cert "$https_cert"
       return 1
    fi

    if [[ ( -n $https_cert ) && ( -n $https_key ) ]]; then
        return 2
    fi

    return 0
}

certs_status(){
    cert_path="${1}"
    [[ -z $cert_path ]] && return 255
    SITES_LIST=

    cert_info=$($bx_sites_script -a cert_status --certificate "$cert_path")
    site_certs_count=$(echo "$cert_info" | grep 'site_certs_count:' | awk -F':' '{print $2}')
    if [[ $site_certs_count -eq 0 ]]; then
        return 1
    fi
    SITES_LIST=$(echo "$cert_info" | grep 'site_certs:' | \
        awk -F':' '{print $3}')
    return 0
 
}

sites_https_status() {
    site_list="${1:-default}"
    sites_https_status_rtn=0
    sites_https_cnt=0

    IFS_BAK=$IFS
    IFS=','
    for sn in $site_list; do
        sn=$(echo "$sn" | sed -e "s/\s\+//g")
        if [[ $sn == "push-server" ]]; then
            continue
        fi
        site_https_status "$sn"
        site_https_status_rtn=$?
        [[ $site_https_status_rtn -gt $sites_https_status_rtn ]] && \
            sites_https_status_rtn=$site_https_status_rtn
        sites_https_cnt=$(( $sites_https_cnt + 1 ))
    done
    IFS=$IFS_BAK
    IFS_BAK=
    return $sites_https_status_rtn
}

configure_le() {
    print_message "$WEB0037" \
        "$WEB0038" \
        '' SITE_NAME "default"
    print_message "$WEB0039" \
        "$WEB0040" \
        '' DNS_NAMES 
    print_message "$WEB0041" \
        '' '' EMAIL

    if [[ -z $DNS_NAMES ]]; then
        print_message "$WEB0200" \
            $WEB0042 "" any_key
        return 1
    fi

    if [[ -z $EMAIL ]]; then
        print_message "$WEB0200" \
            "$WEB0043" "" any_key
        return 1
    fi
    
    if [[ $DEBUG -gt 0 ]]; then
        echo "Site:  $SITE_NAME"
        echo "DNS:   $DNS_NAMES"
        echo "Email: $EMAIL"
    fi

    sites_https_status "$SITE_NAME"
    site_https_status_rtn=$?
    if [[ $DEBUG -gt 0 ]]; then
        echo "Check:  $site_https_status_rtn"
    fi

    if [[ $site_https_status_rtn -eq 255 ]]; then
        print_message "$WEB0200" \
            "$WEB0044 $SITE_NAME" \
            "" any_key
        return 1
    fi

    if [[ $(echo "$SITE_NAME" | grep -c "push-server" ) && $sites_https_cnt -eq 0  ]]; then
        print_message  "$WEB0068" "$WEB0069" \
            "" any_key
        return 1
    fi

    if [[ ( $site_https_status_rtn -eq 1 ) || ( $site_https_status_rtn -eq 2 ) ]]; then
        print_message "$WEB0045" \
            "Sites: $SITE_NAME" "" any_key "n"
    else
        print_message "$WEB0046" \
            "Sites: $SITE_NAME" "" any_key "y"
    fi

    if [[ $(echo "$any_key" | grep -wci "y") -gt 0   ]]; then
        task_exec="$bx_sites_script -a configure_le --site \"$SITE_NAME\" -r $site_root"
        task_exec="$task_exec --email \"$EMAIL\" --dns \"$DNS_NAMES\"" 
        [[ $DEBUG -gt 0 ]] && \
            echo "task_exec=$task_exec"
        exec_pool_task "$task_exec" "$WEB0047"
    fi
}

configure_own_cert() {
    NGINX_CERT_DIR=/etc/nginx/certs
    print_message "$WEB0037" \
        "$WEB0038" \
        '' SITE_NAME "default"

    sites_https_status "$SITE_NAME"
    site_https_status_rtn=$?
    if [[ $DEBUG -gt 0 ]]; then
        echo "Check:  $site_https_status_rtn"
    fi

    if [[ $site_https_status_rtn -eq 255 ]]; then
        print_message "$WEB0200" \
            "$WEB0044 $SITE_NAME" \
            "" any_key
        return 1
    fi

    print_color_text "$(get_text "$WEB0048" "$NGINX_CERT_DIR")"
    print_message "$WEB0049" "" "" PrivateKey
    print_message "$WEB0050" "" "" Certificate
    print_message "$WEB0051" "" "" CertificateChain

    if [[ $DEBUG -gt 0 ]]; then
        echo "Site:              $SITE_NAME"
        echo "Private Key:       $PrivateKey"
        echo "Certificate:       $Certificate"
        echo "Certificate Chain: $CertificateChain"
    fi

    # test options
    if [[ ( -z $PrivateKey ) || ( -z $Certificate ) ]]; then
        print_message "$WEB0200" \
            "$WEB0052" \
            "" any_key
        return 1
    fi

    if [[ ! ( -f $PrivateKey ) && ! ( -f $NGINX_CERT_DIR/$PrivateKey ) ]]; then
        print_message "$WEB0200" \
            "$WEB0053 $PrivateKey" \
            "" any_key
        return 1
    fi

    if [[ ! ( -f $Certificate ) && ! ( -f $NGINX_CERT_DIR/$Certificate ) ]]; then
        print_message "$WEB0200" \
            "$WEB0054 $Certificate" \
            "" any_key
        return 1
    fi

    if [[ ( -n $CertificateChain ) && \
        ( ! ( -f $CertificateChain ) && ! ( -f $NGINX_CERT_DIR/$CertificateChain ) ) ]]; then
        print_message "$WEB0200" \
            "$WEB0055 $CertificateChain" \
            "" any_key
        return 1
    fi
 

    if [[ ( $site_https_status_rtn -eq 1 ) || ( $site_https_status_rtn -eq 2 ) ]]; then
        print_message "$WEB0045" \
            "Sites: $SITE_NAME" "" any_key "n"
    else
        print_message "$WEB0046" \
            "Sites: $SITE_NAME" "" any_key "y"
    fi

    if [[ $(echo "$any_key" | grep -wci "y") -gt 0   ]]; then
        task_exec="$bx_sites_script -a configure_cert --site \"$SITE_NAME\" -r $site_root"
        task_exec="$task_exec --private_key $PrivateKey" 
        task_exec="$task_exec --certificate $Certificate"
        [[ -n $CertificateChain ]] && \
            task_exec="$task_exec --certificate_chain $CertificateChain"

        [[ $DEBUG -gt 0 ]] && \
            echo "task_exec=$task_exec"
        exec_pool_task "$task_exec" "$WEB0056"
    fi
}

reset_cert() {
    NGINX_CERT_DIR=/etc/nginx/certs
    print_message "$WEB0070" \
        "" "" CERT_PATH

    certs_status "$CERT_PATH"
    if [[ $? -gt 0 ]]; then
        print_message "$WEB0200" \
            "$(get_text "$WEB0072" "$CERT_PATH")"
        return 1
    fi

    if [[ $CERT_PATH == "/etc/nginx/ssl/cert.pem" ]]; then
        print_message "$WEB0200" \
            "$(get_text "$WEB0073" "$SITES_LIST")"
        return 1
    fi

    SITE_NAME="$SITES_LIST"

    sites_https_status "$SITE_NAME"
    site_https_status_rtn=$?
    if [[ $DEBUG -gt 0 ]]; then
        echo "Check:  $site_https_status_rtn"
    fi

    if [[ $site_https_status_rtn -eq 255 ]]; then
        print_message "$WEB0200" \
            "$WEB0044 $SITE_NAME" \
            "" any_key
        return 1
    fi

    if [[ $(echo "$SITE_NAME" | grep -wc "push-server") -gt 0 && \
        -n "$PUSH_TYPE" && $PUSH_TYPE == "Custom" ]]; then
        site_https_status_rtn=1
    fi

    if [[ ( $site_https_status_rtn -eq 1 ) || \
        ( $site_https_status_rtn -eq 2 ) ]]; then
        print_message "$WEB0057" \
            "Sites: $SITE_NAME" "" any_key "n"
    else
        print_message "$WEB0200" \
            "$WEB0058 Sites: $SITE_NAME" "" any_key
        return 1
    fi

    if [[ $(echo "$any_key" | grep -wci "y") -gt 0   ]]; then
        task_exec="$bx_sites_script -a reset_cert --site \"$SITE_NAME\""

        [[ $DEBUG -gt 0 ]] && \
            echo "task_exec=$task_exec"
        exec_pool_task "$task_exec" "$WEB0157"
    fi
}


sub_menu(){
    menu_00="$WEB0201"
    menu_01="$WEB0158"
    menu_02="$WEB0059"
    menu_03="$WEB0060"



    MENU_SELECT=
    until [[ -n "$MENU_SELECT" ]]; do

        menu_logo="$WEB0056"
        print_menu_header

        # print sites 
        #set -x
        print_site_list_point_https

        # task info
        get_task_by_type '(mysql|site)' POOL_TASK_LOCK POOL_TASK_INFO
        print_task_by_type '(mysql|site)' "$POOL_TASK_LOCK" "$POOL_TASK_INFO"

        # background task or not found free servers in the pool
        if [[ ( $POOL_TASK_LOCK -eq 1 ) ]]; then
            menu_list="\n\t$menu_00"
        else
            menu_list="\n\t$menu_01\n\t$menu_02\n\t$menu_03\n\t$menu_00"
        fi
        
        print_menu

        if [[ $POOL_TASK_LOCK -gt 0 ]]; then
            print_message "$WEB0202" '' '' MENU_SELECT 0
        else
            print_message "$WEB0205" '' '' MENU_SELECT 
        fi

        case "$MENU_SELECT" in
            0) exit ;;
            1) configure_le ;;
            2) configure_own_cert ;;
            3) reset_cert ;;
        esac
        MENU_SELECT=
    done
}

sub_menu

Zerion Mini Shell 1.0