#!/usr/bin/env bash # Verify NPMplus Mifos (10237) container and proxy host for mifos.d-bis.org. # Uses NPM_EMAIL + NPM_PASSWORD from .env (same as other NPMplus). Run from project root. set -euo pipefail SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" PROJECT_ROOT="$(cd "$SCRIPT_DIR/../.." && pwd)" cd "$PROJECT_ROOT" source config/ip-addresses.conf 2>/dev/null || true [ -f .env ] && set +u && source .env 2>/dev/null || true && set -u HOST="${PROXMOX_HOST_R630_02:-192.168.11.12}" VMID="${NPMPLUS_MIFOS_VMID:-10237}" IP="${IP_NPMPLUS_MIFOS:-192.168.11.171}" NPM_URL="https://${IP}:81" EXPECT_DOMAIN="mifos.d-bis.org" EXPECT_FORWARD_IP="192.168.11.85" EXPECT_FORWARD_PORT=80 echo "=== NPMplus Mifos (10237) config check ===" echo "" # 1. Container and Docker echo "1. Container $VMID on $HOST:" STATUS=$(ssh -o ConnectTimeout=10 -o StrictHostKeyChecking=no root@$HOST "pct status $VMID 2>/dev/null" || true) echo " $STATUS" if ! echo "$STATUS" | grep -q "running"; then echo " FAIL: container not running" exit 1 fi echo " OK: running" echo "" echo "2. Docker (npmplus) in 10237:" DOCKER=$(ssh -o ConnectTimeout=10 root@$HOST "pct exec $VMID -- docker ps --filter name=npmplus --format '{{.Status}}' 2>/dev/null" || true) echo " $DOCKER" if ! echo "$DOCKER" | grep -qE "Up|healthy"; then echo " FAIL: npmplus container not up" exit 1 fi echo " OK: npmplus running" # 2. Local ports (from inside 10237) echo "" echo "3. Ports 80/81/443 from inside 10237:" for port in 80 81 443; do CODE=$(ssh -o ConnectTimeout=10 root@$HOST "pct exec $VMID -- curl -sk -o /dev/null -w '%{http_code}' --connect-timeout 2 http://127.0.0.1:$port 2>/dev/null" || echo "000") echo " port $port: HTTP $CODE" done # 3. NPM API — proxy hosts (requires NPM_PASSWORD in .env and reachable 192.168.11.171) echo "" echo "4. NPM API proxy hosts (mifos.d-bis.org):" if [ -z "${NPM_PASSWORD:-}" ]; then echo " SKIP: NPM_PASSWORD not set in .env (cannot authenticate to NPM API)" echo " To verify proxy host in UI: https://${IP}:81 (same NPM_EMAIL/NPM_PASSWORD as other NPMplus)" exit 0 fi if ! curl -sk -o /dev/null --connect-timeout 3 "$NPM_URL/" 2>/dev/null; then echo " SKIP: cannot reach $NPM_URL (run from LAN or use SSH tunnel)" exit 0 fi AUTH_JSON=$(jq -n --arg identity "${NPM_EMAIL:-admin@example.org}" --arg secret "$NPM_PASSWORD" '{identity:$identity,secret:$secret}') TOKEN_RESP=$(curl -sk -X POST "$NPM_URL/api/tokens" -H "Content-Type: application/json" -d "$AUTH_JSON") TOKEN=$(echo "$TOKEN_RESP" | jq -r '.token // empty' 2>/dev/null) if [ -z "$TOKEN" ]; then echo " FAIL: NPM API auth failed (check NPM_EMAIL/NPM_PASSWORD in .env)" echo " NPMplus Mifos uses the same credentials as other NPMplus. If this is a fresh install, set the admin password in https://${IP}:81 to match NPM_PASSWORD in .env." exit 1 fi HOSTS_JSON=$(curl -sk -X GET "$NPM_URL/api/nginx/proxy-hosts" -H "Authorization: Bearer $TOKEN") COUNT=$(echo "$HOSTS_JSON" | jq -r 'length' 2>/dev/null || echo "0") MIFOS=$(echo "$HOSTS_JSON" | jq -r --arg d "$EXPECT_DOMAIN" '.[] | select(.domain_names[]? == $d) | {domain: .domain_names[0], forward_host: .forward_host, forward_port: .forward_port, ssl_forced: .ssl_forced}' 2>/dev/null | head -20) if [ -z "$MIFOS" ]; then echo " FAIL: no proxy host found for $EXPECT_DOMAIN" echo " Add in NPM UI: https://${IP}:81 → Proxy Hosts → Domain $EXPECT_DOMAIN → Forward $EXPECT_FORWARD_IP:$EXPECT_FORWARD_PORT" exit 1 fi echo "$MIFOS" | while read -r line; do echo " $line"; done FORWARD_HOST=$(echo "$HOSTS_JSON" | jq -r --arg d "$EXPECT_DOMAIN" '.[] | select(.domain_names[]? == $d) | .forward_host' 2>/dev/null | head -1) FORWARD_PORT=$(echo "$HOSTS_JSON" | jq -r --arg d "$EXPECT_DOMAIN" '.[] | select(.domain_names[]? == $d) | .forward_port' 2>/dev/null | head -1) if [ "$FORWARD_HOST" != "$EXPECT_FORWARD_IP" ] || [ "$FORWARD_PORT" != "$EXPECT_FORWARD_PORT" ]; then echo " FAIL: expected forward $EXPECT_FORWARD_IP:$EXPECT_FORWARD_PORT, got $FORWARD_HOST:$FORWARD_PORT" exit 1 fi echo " OK: mifos.d-bis.org → $FORWARD_HOST:$FORWARD_PORT"