proxmox/scripts/nginx-proxy-manager/create-npmplus-defi-oracle-hosts.sh

#!/usr/bin/env bash
# Create NPMplus proxy hosts for rpc.defi-oracle.io and wss.defi-oracle.io if they don't exist.
# Uses .env for NPM_URL, NPM_EMAIL, NPM_PASSWORD. Run from repo root or script dir.
# Backend: VMID 2400 (${RPC_THIRDWEB_PRIMARY:-${RPC_THIRDWEB_PRIMARY:-192.168.11.240}}:443 HTTPS, WebSocket enabled).

set -euo pipefail

# Load IP configuration
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
PROJECT_ROOT="$(cd "$SCRIPT_DIR/.." && pwd)"
source "${PROJECT_ROOT}/config/ip-addresses.conf" 2>/dev/null || true


SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
PROJECT_ROOT="$(cd "$SCRIPT_DIR/../.." && pwd)"

# Preserve NPM credentials from environment so "export NPM_PASSWORD=...; ./script" works
_orig_npm_url="${NPM_URL:-}"
_orig_npm_email="${NPM_EMAIL:-}"
_orig_npm_password="${NPM_PASSWORD:-}"
if [ -f "$PROJECT_ROOT/.env" ]; then
  set +u
  set -a
  # shellcheck source=/dev/null
  source "$PROJECT_ROOT/.env"
  set +a
  set -u
  [ -n "$_orig_npm_url" ] && NPM_URL="$_orig_npm_url"
  [ -n "$_orig_npm_email" ] && NPM_EMAIL="$_orig_npm_email"
  [ -n "$_orig_npm_password" ] && NPM_PASSWORD="$_orig_npm_password"
fi

# Default .167: NPMplus (VMID 10233) reachable on ${IP_NPMPLUS:-${IP_NPMPLUS:-192.168.11.167}}:81; set NPM_URL in .env to override
NPM_URL="${NPM_URL:-https://${IP_NPMPLUS}:81}"
NPM_EMAIL="${NPM_EMAIL:-admin@example.org}"
NPM_PASSWORD="${NPM_PASSWORD:-}"

if [ -z "$NPM_PASSWORD" ]; then
  echo "❌ NPM_PASSWORD is required. Set it in .env"
  echo "   Example: NPM_PASSWORD=your-password in $PROJECT_ROOT/.env"
  exit 1
fi

# Authenticate (use jq to build JSON so password is safely escaped)
AUTH_JSON=$(jq -n --arg identity "$NPM_EMAIL" --arg secret "$NPM_PASSWORD" '{identity:$identity,secret:$secret}')
TOKEN_RESPONSE=$(curl -s -k -X POST "$NPM_URL/api/tokens" \
  -H "Content-Type: application/json" \
  -d "$AUTH_JSON")
TOKEN=$(echo "$TOKEN_RESPONSE" | jq -r '.token // empty' 2>/dev/null || true)

if [ -z "$TOKEN" ] || [ "$TOKEN" = "null" ]; then
  echo "❌ NPMplus authentication failed. Check NPM_URL, NPM_EMAIL, NPM_PASSWORD in .env"
  exit 1
fi

PROXY_HOSTS_JSON=$(curl -s -k -X GET "$NPM_URL/api/nginx/proxy-hosts" \
  -H "Authorization: Bearer $TOKEN")

# NPMplus API uses forward_host (IP string) for proxy host create/update
create_if_missing() {
  local domain=$1
  local forward_host=$2
  local forward_port=$3
  local scheme=$4
  local websocket=$5

  HOST_ID=$(echo "$PROXY_HOSTS_JSON" | jq -r ".[] | select(.domain_names | type == \"array\") | select(.domain_names[] == \"$domain\") | .id" 2>/dev/null | head -n1 || true)

  if [ -n "$HOST_ID" ] && [ "$HOST_ID" != "null" ]; then
    echo "  ✓ $domain already exists (ID: $HOST_ID)"
    return 0
  fi

  echo "  ➕ Creating proxy host: $domain → $scheme://$forward_host:$forward_port (WebSocket: $websocket)"
  # NPM API create accepts only specific properties; extra ones cause "data must NOT have additional properties"
  # Minimal set: domain_names, forward_scheme, forward_host, forward_port, allow_websocket_upgrade
  CREATE_PAYLOAD=$(jq -n \
    --arg domain "$domain" \
    --arg scheme "$scheme" \
    --arg forward_host "$forward_host" \
    --argjson forward_port "$forward_port" \
    --argjson websocket "$([ "$websocket" = "true" ] && echo true || echo false)" \
    '{
      domain_names: [$domain],
      forward_scheme: $scheme,
      forward_host: $forward_host,
      forward_port: $forward_port,
      allow_websocket_upgrade: $websocket
    }')
  RESPONSE=$(curl -s -k -X POST "$NPM_URL/api/nginx/proxy-hosts" \
    -H "Authorization: Bearer $TOKEN" \
    -H "Content-Type: application/json" \
    -d "$CREATE_PAYLOAD")

  NEW_ID=$(echo "$RESPONSE" | jq -r '.id // empty' 2>/dev/null || true)
  if [ -n "$NEW_ID" ] && [ "$NEW_ID" != "null" ]; then
    echo "  ✓ Created $domain (ID: $NEW_ID). Request SSL in NPMplus UI or run request-npmplus-certificates.sh for this host."
    return 0
  fi

  ERROR=$(echo "$RESPONSE" | jq -r '.message // .error // "Unknown error"' 2>/dev/null || echo "$RESPONSE")
  echo "  ❌ Failed to create $domain: $ERROR"
  return 1
}

echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
echo "🔧 Create NPMplus Defi Oracle RPC proxy hosts (from .env)"
echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
echo ""

# explorer.defi-oracle.io → same as explorer.d-bis.org (VMID 5000 @ ${IP_BLOCKSCOUT:-${IP_DEVICE_14:-${IP_DEVICE_14:-${IP_DEVICE_14:-${IP_DEVICE_14:-${IP_DEVICE_14:-192.168.11.14}}}}}0})
create_if_missing "explorer.defi-oracle.io" "${IP_BLOCKSCOUT:-${IP_DEVICE_14:-${IP_DEVICE_14:-${IP_DEVICE_14:-${IP_DEVICE_14:-${IP_DEVICE_14:-192.168.11.14}}}}}0}" "80" "http" "false" || true
# rpc.defi-oracle.io / wss.defi-oracle.io → same as rpc-http-pub / rpc-ws-pub (VMID 2201 @ ${RPC_PUBLIC_1:-${RPC_PUBLIC_1:-192.168.11.221}})
create_if_missing "rpc.defi-oracle.io" "${RPC_PUBLIC_1:-${RPC_PUBLIC_1:-192.168.11.221}}" "8545" "http" "true" || true
create_if_missing "wss.defi-oracle.io" "${RPC_PUBLIC_1:-${RPC_PUBLIC_1:-192.168.11.221}}" "8546" "http" "true" || true

echo ""
echo "Done. Run update-npmplus-proxy-hosts-api.sh to sync forward_host/port, then request SSL in NPMplus for new hosts if needed."
echo ""