#!/usr/bin/env bash # Add NPMplus proxy hosts for Gov Portals dev subdomain (*.xom-dev.phoenix.sankofa.nexus) # Domains: dbis, iccc, omnl, xom → gov-portals-dev VM (7804) on ports 3001-3004 # # Usage: NPM_PASSWORD=xxx bash scripts/nginx-proxy-manager/add-gov-portals-xom-dev-proxy-hosts.sh # Or source .env and run (NPM_EMAIL, NPM_PASSWORD from proxmox root .env) # # Prerequisites: LXC 7804 (gov-portals-dev) must be running at IP_GOV_PORTALS_DEV # DNS: Add A records for dbis/iccc/omnl/xom.xom-dev.phoenix.sankofa.nexus → 76.53.10.36 # Or wildcard: *.xom-dev.phoenix.sankofa.nexus → 76.53.10.36 set -euo pipefail SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" PROJECT_ROOT="$(cd "$SCRIPT_DIR/../.." && pwd)" source "$PROJECT_ROOT/config/ip-addresses.conf" 2>/dev/null || true [ -f "$PROJECT_ROOT/.env" ] && set +u && source "$PROJECT_ROOT/.env" 2>/dev/null || true && set -u # Gov Portals dev VM (7804) - see scripts/deployment/deploy-gov-portals-to-7804.sh IP_GOV_PORTALS_DEV="${IP_GOV_PORTALS_DEV:-192.168.11.54}" NPM_URL="${NPM_URL:-https://192.168.11.167:81}" NPM_EMAIL="${NPM_EMAIL:-admin@example.org}" NPM_PASSWORD="${NPM_PASSWORD:-}" if [ -z "$NPM_PASSWORD" ]; then echo "Set NPM_PASSWORD (from proxmox .env or export)" exit 1 fi echo "Adding Gov Portals xom-dev proxy hosts to NPMplus at $NPM_URL..." echo "Target: $IP_GOV_PORTALS_DEV (ports 3001-3004)" COOKIE_JAR="/tmp/npm_gov_portals_cookies_$$" cleanup_cookies() { rm -f "$COOKIE_JAR"; } trap cleanup_cookies EXIT AUTH_JSON=$(jq -n --arg identity "$NPM_EMAIL" --arg secret "$NPM_PASSWORD" '{identity:$identity,secret:$secret}') TOKEN_RESPONSE=$(curl -s -k -X POST "$NPM_URL/api/tokens" -H "Content-Type: application/json" -d "$AUTH_JSON" -c "$COOKIE_JAR") TOKEN=$(echo "$TOKEN_RESPONSE" | jq -r '.token // .accessToken // .access_token // .data.token // empty' 2>/dev/null) USE_COOKIE_AUTH=0 if [ -z "$TOKEN" ] || [ "$TOKEN" = "null" ]; then if echo "$TOKEN_RESPONSE" | jq -e '.expires' >/dev/null 2>&1; then USE_COOKIE_AUTH=1 echo "Using cookie-based auth (NPM 2 style)." else echo "Authentication failed" echo "$TOKEN_RESPONSE" | jq -r '.message // .error // "unknown"' 2>/dev/null || echo "$TOKEN_RESPONSE" exit 1 fi fi curl_auth() { if [ "$USE_COOKIE_AUTH" = "1" ]; then curl -s -k -b "$COOKIE_JAR" "$@" else curl -s -k -H "Authorization: Bearer $TOKEN" "$@" fi } add_proxy_host() { local domain=$1 local fwd_port=$2 local payload payload=$(jq -n \ --arg domain "$domain" \ --arg host "$IP_GOV_PORTALS_DEV" \ --argjson port "$fwd_port" \ '{ domain_names: [$domain], forward_scheme: "http", forward_host: $host, forward_port: $port, allow_websocket_upgrade: false, block_exploits: false, certificate_id: null, ssl_forced: false }') local resp resp=$(curl_auth -X POST "$NPM_URL/api/nginx/proxy-hosts" \ -H "Content-Type: application/json" \ -d "$payload") local id id=$(echo "$resp" | jq -r '.id // empty' 2>/dev/null) if [ -n "$id" ] && [ "$id" != "null" ]; then echo " Added: $domain -> $IP_GOV_PORTALS_DEV:$fwd_port" return 0 else echo " Skip (may exist): $domain - $(echo "$resp" | jq -r '.message // .error // "unknown"' 2>/dev/null)" return 1 fi } # Four portals on xom-dev.phoenix.sankofa.nexus add_proxy_host "dbis.xom-dev.phoenix.sankofa.nexus" 3001 || true add_proxy_host "iccc.xom-dev.phoenix.sankofa.nexus" 3002 || true add_proxy_host "omnl.xom-dev.phoenix.sankofa.nexus" 3003 || true add_proxy_host "xom.xom-dev.phoenix.sankofa.nexus" 3004 || true echo "" echo "Done. Request Let's Encrypt certs in NPMplus UI for: dbis/iccc/omnl/xom.xom-dev.phoenix.sankofa.nexus" echo "Ensure DNS A records point *.xom-dev.phoenix.sankofa.nexus → 76.53.10.36"