dbd517b279
- Update dbis_core, cross-chain-pmm-lps, explorer-monorepo, metamask-integration, pr-workspace/chains - Omit embedded publish git dirs and empty placeholders from index Made-with: Cursor
208 lines
6.8 KiB
Bash
Executable File
208 lines
6.8 KiB
Bash
Executable File
#!/usr/bin/env bash
|
|
# Add NPMplus proxy hosts for Gov Portals dev subdomain (*.xom-dev.phoenix.sankofa.nexus)
|
|
# Domains: dbis, iccc, omnl, xom → gov-portals-dev VM (7804) on ports 3001-3004
|
|
#
|
|
# Usage: NPM_PASSWORD=xxx bash scripts/nginx-proxy-manager/add-gov-portals-xom-dev-proxy-hosts.sh
|
|
# Or source .env and run (NPM_EMAIL, NPM_PASSWORD from proxmox root .env)
|
|
#
|
|
# Prerequisites: LXC 7804 (gov-portals-dev) must be running at IP_GOV_PORTALS_DEV
|
|
# DNS: Add A records for dbis/iccc/omnl/xom.xom-dev.phoenix.sankofa.nexus → 76.53.10.36
|
|
# Or wildcard: *.xom-dev.phoenix.sankofa.nexus → 76.53.10.36
|
|
set -euo pipefail
|
|
|
|
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
|
|
PROJECT_ROOT="$(cd "$SCRIPT_DIR/../.." && pwd)"
|
|
source "$PROJECT_ROOT/config/ip-addresses.conf" 2>/dev/null || true
|
|
[ -f "$PROJECT_ROOT/.env" ] && set +u && source "$PROJECT_ROOT/.env" 2>/dev/null || true && set -u
|
|
|
|
# Gov Portals dev VM (7804) - see scripts/deployment/deploy-gov-portals-to-7804.sh
|
|
IP_GOV_PORTALS_DEV="${IP_GOV_PORTALS_DEV:-192.168.11.54}"
|
|
NPM_URL="${NPM_URL:-https://192.168.11.167:81}"
|
|
NPM_EMAIL="${NPM_EMAIL:-admin@example.org}"
|
|
NPM_PASSWORD="${NPM_PASSWORD:-}"
|
|
|
|
if [ -z "$NPM_PASSWORD" ]; then
|
|
echo "Set NPM_PASSWORD (from proxmox .env or export)"
|
|
exit 1
|
|
fi
|
|
|
|
echo "Adding Gov Portals xom-dev proxy hosts to NPMplus at $NPM_URL..."
|
|
echo "Target: $IP_GOV_PORTALS_DEV (ports 3001-3004)"
|
|
|
|
COOKIE_JAR="/tmp/npm_gov_portals_cookies_$$"
|
|
cleanup_cookies() { rm -f "$COOKIE_JAR"; }
|
|
trap cleanup_cookies EXIT
|
|
|
|
AUTH_JSON=$(jq -n --arg identity "$NPM_EMAIL" --arg secret "$NPM_PASSWORD" '{identity:$identity,secret:$secret}')
|
|
TOKEN_RESPONSE=$(curl -s -k -X POST "$NPM_URL/api/tokens" -H "Content-Type: application/json" -d "$AUTH_JSON" -c "$COOKIE_JAR")
|
|
TOKEN=$(echo "$TOKEN_RESPONSE" | jq -r '.token // .accessToken // .access_token // .data.token // empty' 2>/dev/null)
|
|
|
|
USE_COOKIE_AUTH=0
|
|
if [ -z "$TOKEN" ] || [ "$TOKEN" = "null" ]; then
|
|
if echo "$TOKEN_RESPONSE" | jq -e '.expires' >/dev/null 2>&1; then
|
|
USE_COOKIE_AUTH=1
|
|
echo "Using cookie-based auth (NPM 2 style)."
|
|
else
|
|
echo "Authentication failed"
|
|
echo "$TOKEN_RESPONSE" | jq -r '.message // .error // "unknown"' 2>/dev/null || echo "$TOKEN_RESPONSE"
|
|
exit 1
|
|
fi
|
|
fi
|
|
|
|
curl_auth() {
|
|
if [ "$USE_COOKIE_AUTH" = "1" ]; then
|
|
curl -s -k -b "$COOKIE_JAR" "$@"
|
|
else
|
|
curl -s -k -H "Authorization: Bearer $TOKEN" "$@"
|
|
fi
|
|
}
|
|
|
|
fetch_proxy_hosts_json() {
|
|
curl_auth -X GET "$NPM_URL/api/nginx/proxy-hosts"
|
|
}
|
|
|
|
resolve_proxy_host_id() {
|
|
local domain=$1
|
|
local hosts_json=${2:-}
|
|
[ -z "$hosts_json" ] && hosts_json=$(fetch_proxy_hosts_json)
|
|
echo "$hosts_json" | jq -r --arg dom "$domain" '
|
|
if type == "array" then .
|
|
elif .data != null then .data
|
|
elif .proxy_hosts != null then .proxy_hosts
|
|
else []
|
|
end
|
|
| .[]
|
|
| select(.domain_names | type == "array")
|
|
| select(.domain_names[] == $dom)
|
|
| .id
|
|
' 2>/dev/null | head -n1
|
|
}
|
|
|
|
add_proxy_host() {
|
|
local domain=$1
|
|
local fwd_port=$2
|
|
local payload
|
|
payload=$(jq -n \
|
|
--arg domain "$domain" \
|
|
--arg host "$IP_GOV_PORTALS_DEV" \
|
|
--argjson port "$fwd_port" \
|
|
'{
|
|
domain_names: [$domain],
|
|
forward_scheme: "http",
|
|
forward_host: $host,
|
|
forward_port: $port,
|
|
allow_websocket_upgrade: false,
|
|
block_exploits: false,
|
|
certificate_id: null,
|
|
ssl_forced: false
|
|
}')
|
|
local resp
|
|
resp=$(curl_auth -X POST "$NPM_URL/api/nginx/proxy-hosts" \
|
|
-H "Content-Type: application/json" \
|
|
-d "$payload")
|
|
local id
|
|
id=$(echo "$resp" | jq -r '.id // empty' 2>/dev/null)
|
|
if [ -n "$id" ] && [ "$id" != "null" ]; then
|
|
echo " Added: $domain -> $IP_GOV_PORTALS_DEV:$fwd_port"
|
|
return 0
|
|
else
|
|
echo " Skip (may exist): $domain - $(echo "$resp" | jq -r '.message // .error // "unknown"' 2>/dev/null)"
|
|
return 1
|
|
fi
|
|
}
|
|
|
|
update_proxy_host() {
|
|
local domain=$1
|
|
local fwd_port=$2
|
|
local hosts_json
|
|
hosts_json=$(fetch_proxy_hosts_json)
|
|
local arr
|
|
arr=$(echo "$hosts_json" | jq -c '
|
|
if type == "array" then .
|
|
elif .data != null then .data
|
|
elif .proxy_hosts != null then .proxy_hosts
|
|
else []
|
|
end
|
|
' 2>/dev/null)
|
|
[ -z "$arr" ] && return 1
|
|
local id
|
|
id=$(echo "$arr" | jq -r --arg dom "$domain" '
|
|
.[]
|
|
| select(.domain_names | type == "array")
|
|
| select(.domain_names[] == $dom)
|
|
| .id
|
|
' 2>/dev/null | head -n1)
|
|
if [ -z "$id" ] || [ "$id" = "null" ]; then
|
|
return 1
|
|
fi
|
|
local payload
|
|
payload=$(jq -n \
|
|
--arg host "$IP_GOV_PORTALS_DEV" \
|
|
--argjson port "$fwd_port" \
|
|
'{ forward_scheme: "http", forward_host: $host, forward_port: $port, allow_websocket_upgrade: false, block_exploits: false }')
|
|
local resp
|
|
resp=$(curl_auth -X PUT "$NPM_URL/api/nginx/proxy-hosts/$id" -H "Content-Type: application/json" -d "$payload")
|
|
local out_id
|
|
out_id=$(echo "$resp" | jq -r '.id // empty' 2>/dev/null)
|
|
if [ -n "$out_id" ] && [ "$out_id" != "null" ]; then
|
|
echo " Updated: $domain -> $IP_GOV_PORTALS_DEV:$fwd_port"
|
|
return 0
|
|
fi
|
|
local host_obj
|
|
host_obj=$(echo "$arr" | jq -c --arg dom "$domain" '
|
|
.[]
|
|
| select(.domain_names | type == "array")
|
|
| select(.domain_names[] == $dom)
|
|
' 2>/dev/null | head -n1)
|
|
if [ -n "$host_obj" ]; then
|
|
payload=$(echo "$host_obj" | jq -c --arg host "$IP_GOV_PORTALS_DEV" --argjson port "$fwd_port" '
|
|
{
|
|
domain_names,
|
|
forward_scheme,
|
|
forward_host: $host,
|
|
forward_port: $port,
|
|
allow_websocket_upgrade,
|
|
block_exploits,
|
|
certificate_id,
|
|
ssl_forced,
|
|
caching_enabled,
|
|
advanced_config,
|
|
access_list_id,
|
|
enabled,
|
|
http2_support,
|
|
hsts_enabled,
|
|
hsts_subdomains
|
|
}
|
|
' 2>/dev/null)
|
|
if [ -n "$payload" ]; then
|
|
resp=$(curl_auth -X PUT "$NPM_URL/api/nginx/proxy-hosts/$id" -H "Content-Type: application/json" -d "$payload")
|
|
out_id=$(echo "$resp" | jq -r '.id // empty' 2>/dev/null)
|
|
if [ -n "$out_id" ] && [ "$out_id" != "null" ]; then
|
|
echo " Updated: $domain -> $IP_GOV_PORTALS_DEV:$fwd_port"
|
|
return 0
|
|
fi
|
|
fi
|
|
fi
|
|
echo " Warning: could not update $domain via API."
|
|
return 1
|
|
}
|
|
|
|
add_or_update_proxy_host() {
|
|
local domain=$1
|
|
local fwd_port=$2
|
|
if add_proxy_host "$domain" "$fwd_port"; then
|
|
return 0
|
|
fi
|
|
update_proxy_host "$domain" "$fwd_port"
|
|
}
|
|
|
|
# Four portals on xom-dev.phoenix.sankofa.nexus
|
|
add_or_update_proxy_host "dbis.xom-dev.phoenix.sankofa.nexus" 3001 || true
|
|
add_or_update_proxy_host "iccc.xom-dev.phoenix.sankofa.nexus" 3002 || true
|
|
add_or_update_proxy_host "omnl.xom-dev.phoenix.sankofa.nexus" 3003 || true
|
|
add_or_update_proxy_host "xom.xom-dev.phoenix.sankofa.nexus" 3004 || true
|
|
|
|
echo ""
|
|
echo "Done. Request Let's Encrypt certs in NPMplus UI for: dbis/iccc/omnl/xom.xom-dev.phoenix.sankofa.nexus"
|
|
echo "Ensure DNS A records point *.xom-dev.phoenix.sankofa.nexus → 76.53.10.36"
|