fixes and improvements
- Fixed SSL for parked sites. - Fixed tools-port failong in some rare cases. - SH command removed. - blockip list standarized. - Smart httpauth command for nginx reloading.
This commit is contained in:
Cristhian Martínez Ochoa
parent
2c17867b40
commit
f7babc01f6
4 changed files with 23 additions and 9 deletions
|
|
@ -1,6 +1,6 @@
|
|||
#!/bin/bash
|
||||
|
||||
readonly app_version="1.9.0"
|
||||
readonly app_version="1.9.1"
|
||||
readonly svr_version="1.4"
|
||||
readonly os_ubuntu_supported=(xenial bionic)
|
||||
readonly php_supported=(7.1 7.2 7.3)
|
||||
|
|
|
|||
|
|
@ -63,7 +63,7 @@ if [[ -n $add ]]; then
|
|||
|
||||
exist=$( grep -E "^${user}:" /etc/nginx/$authfile )
|
||||
if [[ -z $exist ]]; then
|
||||
sudo sh -c "echo -n '$user:$(openssl passwd -1 $pass)\n' >> /etc/nginx/$authfile"
|
||||
echo "$user:$(openssl passwd -1 $pass)" >> /etc/nginx/$authfile
|
||||
echo "${gre}User '$user' has been added successfully!${end}"
|
||||
else
|
||||
echo "${red}[ERROR] Can not create '$user' user because already exist!${end}"
|
||||
|
|
@ -112,6 +112,7 @@ elif [[ -n $wp_admin ]]; then
|
|||
echo "${gre}WordPress Admin HTTP Authentication for ${blu}- $domain$subfolder -${gre} has been enabled! ${end}"
|
||||
else
|
||||
echo "${gre}WordPress Admin HTTP Authentication for ${blu}- $domain$subfolder -${gre} is already enabled! ${end}"
|
||||
nginx_not="true" # Nginx-Reload not-needed.
|
||||
fi
|
||||
|
||||
elif [[ $wp_admin == "off" && -n $domain ]]; then
|
||||
|
|
@ -125,13 +126,16 @@ elif [[ -n $wp_admin ]]; then
|
|||
echo "${gre}WordPress Admin HTTP Authentication for ${blu}- $domain$subfolder -${gre} has been disabled! ${end}"
|
||||
else
|
||||
echo "${gre}WordPress Admin HTTP Authentication for ${blu}- $domain$subfolder -${gre} is already disabled! ${end}"
|
||||
nginx_not="true" # Nginx-Reload not-needed.
|
||||
fi
|
||||
elif [[ $wp_admin == "on" ]]; then
|
||||
conf_write wp-admin-auth true
|
||||
echo "${gre}WordPress Admin HTTP Authentication has been enabled! (global)${end}"
|
||||
nginx_not="true" # Nginx-Reload not-needed.
|
||||
elif [[ $wp_admin == "off" ]]; then
|
||||
conf_write wp-admin-auth purged
|
||||
echo "${gre}WordPress Admin HTTP Authentication has been disabled! (global)${end}"
|
||||
nginx_not="true" # Nginx-Reload not-needed.
|
||||
else
|
||||
echo "${red}[ERROR] Invalid value for wp-admin! ${end}"
|
||||
exit 1
|
||||
|
|
@ -161,10 +165,11 @@ elif [[ -n $whitelist ]]; then
|
|||
fi
|
||||
exist=$( grep -E "^allow $whitelist;$" /etc/nginx/apps.d/whitelist-acl.conf )
|
||||
if [[ -z $exist ]]; then
|
||||
sh -c "echo -n 'allow ${whitelist};\n' >> /etc/nginx/apps.d/whitelist-acl.conf"
|
||||
echo "allow ${whitelist};" >> /etc/nginx/apps.d/whitelist-acl.conf
|
||||
echo "${gre}The IP address ${blu}'$whitelist'${gre} was successfully whitelisted!${end}"
|
||||
else
|
||||
echo "${gre}IP '$whitelist' is already whitelisted!${end}"
|
||||
nginx_not="true" # Nginx-Reload not-needed.
|
||||
fi
|
||||
else
|
||||
echo "${red}[ERROR] Please, enter a valid IP value!${end}"
|
||||
|
|
@ -205,6 +210,7 @@ elif [[ -n $path && -n $domain ]]; then
|
|||
echo "${gre}This path ${blu}'$path'${gre} was successfully protected!${end}"
|
||||
else
|
||||
echo "${gre}Path: ${blu}'$path'${gre} is already protected!${end}"
|
||||
nginx_not="true" # Nginx-Reload not-needed.
|
||||
fi
|
||||
elif [[ $(is_proxy $domain) == "true" ]]; then
|
||||
echo "${red}[ERROR] HTTP Authentication is not allowed in subfolders (only root '/' is allowed) for Reverse Proxy sites!${end}"
|
||||
|
|
@ -243,6 +249,7 @@ location $sign$path {
|
|||
echo "${gre}This path ${blu}'$path'${gre} was successfully protected!${end}"
|
||||
else
|
||||
echo "${gre}Path: ${blu}'$path'${gre} is already protected!${end}"
|
||||
nginx_not="true" # Nginx-Reload not-needed.
|
||||
fi
|
||||
else
|
||||
echo "${red}[ERROR] Please, enter a valid URL path!${end}"
|
||||
|
|
@ -290,6 +297,7 @@ elif [[ $list == "protected" && -n $domain ]]; then
|
|||
echo "[Empty] No protected paths were found!"
|
||||
fi
|
||||
[[ -n $raw ]] && echo "" || echo "${end}"
|
||||
nginx_not="true" # Nginx-Reload not-needed.
|
||||
|
||||
|
||||
elif [[ -n $list ]]; then
|
||||
|
|
@ -307,6 +315,7 @@ elif [[ -n $list ]]; then
|
|||
fi
|
||||
[[ ! -s /etc/nginx/$authfile && -z $raw && $list != "raw" ]] && echo "${blu}[Empty] No users were found!${end}"
|
||||
echo ""
|
||||
nginx_not="true" # Nginx-Reload not-needed.
|
||||
|
||||
|
||||
else
|
||||
|
|
@ -314,5 +323,5 @@ else
|
|||
exit 1
|
||||
fi
|
||||
|
||||
[[ $(conf_read nginx) == "true" ]] && sudo service nginx reload
|
||||
[[ $(conf_read nginx) == "true" && -z $nginx_not ]] && sudo service nginx reload
|
||||
api-events_update hae
|
||||
|
|
|
|||
|
|
@ -376,7 +376,7 @@ elif [[ -n $parked && -n $domain ]]; then
|
|||
sudo cat /etc/nginx/sites-available/$mapto > /etc/nginx/sites-available/$domain
|
||||
|
||||
# Prevent if SSL is enabled in main site and ssl data is copied to parked site causing an error.
|
||||
sudo site $domain -ssl-off=force > /dev/null 2>&1 &
|
||||
sudo site $domain -ssl=off -revoke=off > /dev/null 2>&1 &
|
||||
|
||||
sudo sed -i "/server_name/c \ $sername" /etc/nginx/sites-available/$domain
|
||||
sudo sed -i "s/$mapto/$domain/g" /etc/nginx/sites-available/$domain
|
||||
|
|
|
|||
|
|
@ -94,7 +94,11 @@ elif [[ -n $tools_port ]]; then
|
|||
[[ $tools_port != true ]] && tools_port $tools_port || tools_port
|
||||
newport="$(conf_read tools-port)"
|
||||
if [[ $oldport != $newport && $(conf_read nginx-tool) == "true" && $(conf_read nginx) == "true" ]]; then
|
||||
sudo mv /var/www/$oldport /var/www/$newport
|
||||
# MV in some edge cases fails to rename, specially when so much files are within the directories.
|
||||
sudo mkdir -p /var/www/$newport
|
||||
sudo cp -rp /var/www/$oldport/* /var/www/$newport
|
||||
sudo rm -rf /var/www/$oldport
|
||||
|
||||
sudo mv /etc/nginx/sites-available/$oldport /etc/nginx/sites-available/$newport
|
||||
sudo rm /etc/nginx/sites-enabled/$oldport
|
||||
sudo ln -s /etc/nginx/sites-available/$newport /etc/nginx/sites-enabled/$newport
|
||||
|
|
@ -440,9 +444,10 @@ elif [[ -n $blockip ]]; then
|
|||
check_for_nginx -ask
|
||||
if [[ -z $purge ]]; then
|
||||
if [[ -n $list ]]; then
|
||||
[[ $list == "raw" || -n $raw ]] && echo "" || echo "${blu}"
|
||||
echo ""
|
||||
[[ -n $raw ]] && sign="" || sign="${blu}+ "
|
||||
if [[ -s /etc/nginx/conf.d/blockips.conf ]]; then
|
||||
sudo sed -n 's/^deny //p;' /etc/nginx/conf.d/blockips.conf | sudo sed -n 's/;$//p'
|
||||
sudo sed -n "s/^deny /${sign}/p;" /etc/nginx/conf.d/blockips.conf | sudo sed -n 's/;$//p'
|
||||
else
|
||||
echo "[Empty] No IP's were found!"
|
||||
fi
|
||||
|
|
@ -457,7 +462,7 @@ elif [[ -n $blockip ]]; then
|
|||
fi
|
||||
exist=$( grep -E "^deny $blockip;$" /etc/nginx/conf.d/blockips.conf )
|
||||
if [[ -z $exist ]]; then
|
||||
sh -c "echo -n 'deny $blockip;\n' >> /etc/nginx/conf.d/blockips.conf"
|
||||
echo "deny $blockip;" >> /etc/nginx/conf.d/blockips.conf
|
||||
echo "${gre}The IP address ${blu}'$blockip'${gre} was successfully blocked!${end}"
|
||||
else
|
||||
echo "${gre}IP '$blockip' is already blocked!${end}"
|
||||
|
|
|
|||
Loading…
Reference in a new issue