d-bis/proxmox
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
59006f520ac76448b03fcac4424aee37cced0aec
proxmox/scripts/nginx-proxy-manager/add-dapp-proxy-host-via-ssh.sh
defiQUG dbd517b279 Sync workspace: config, docs, scripts, CI, operator rules, and submodule pointers. 
- Update dbis_core, cross-chain-pmm-lps, explorer-monorepo, metamask-integration, pr-workspace/chains
- Omit embedded publish git dirs and empty placeholders from index

Made-with: Cursor
2026-04-12 06:12:20 -07:00

102 lines
4.3 KiB
Bash
Raw Blame History

#!/usr/bin/env bash
# Run the NPM add-dapp-proxy-host logic on a Proxmox host (so it can reach NPMplus at 192.168.11.167).
# Usage: From project root, source .env then:
# bash scripts/nginx-proxy-manager/add-dapp-proxy-host-via-ssh.sh
# Or: PROXMOX_HOST=192.168.11.12 NPM_EMAIL=... NPM_PASSWORD=... bash scripts/nginx-proxy-manager/add-dapp-proxy-host-via-ssh.sh
set -euo pipefail
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
PROJECT_ROOT="$(cd "$SCRIPT_DIR/../.." && pwd)"
source "$PROJECT_ROOT/config/ip-addresses.conf" 2>/dev/null || true
[ -f "$PROJECT_ROOT/.env" ] && set +u && source "$PROJECT_ROOT/.env" 2>/dev/null || true && set -u
# Host that can reach NPMplus (192.168.11.167:81). Try NPMPLUS_SSH_HOST if default cannot reach it (e.g. NPMplus VM itself).
PROXMOX_HOST="${NPMPLUS_SSH_HOST:-${PROXMOX_HOST_R630_02:-192.168.11.12}}"
NPM_EMAIL="${NPM_EMAIL:-admin@example.org}"
NPM_PASSWORD="${NPM_PASSWORD:-}"
DAPP_IP="${IP_DAPP_LXC:-192.168.11.58}"
NPM_URL="${NPM_URL:-https://192.168.11.167:81}"
[ -z "$NPM_PASSWORD" ] && echo "Set NPM_PASSWORD (e.g. source .env)" && exit 1
# Remote script: use Python's JSON parser so reruns are idempotent and preserve cert / Force SSL state.
REMOTE_SCRIPT='
set -euo pipefail
python3 - <<'"'"'PY'"'"'
import json
import os
import subprocess
import sys
def curl(*args):
return subprocess.check_output(["curl", "-skS", *args], text=True)
npm_password = os.environ.get("NPM_PASSWORD", "")
if not npm_password:
print("NPM_PASSWORD not set on remote")
sys.exit(1)
auth_payload = json.dumps({
"identity": os.environ.get("NPM_EMAIL", "admin@example.org"),
"secret": npm_password,
})
token_resp = json.loads(curl("-X", "POST", f"{os.environ['NPM_URL']}/api/tokens", "-H", "Content-Type: application/json", "-d", auth_payload))
token = token_resp.get("token") or token_resp.get("accessToken") or (token_resp.get("data") or {}).get("token")
if not token:
print(f"Auth failed. Response: {json.dumps(token_resp)}")
sys.exit(1)
auth_header = ["-H", f"Authorization: Bearer {token}"]
hosts_resp = json.loads(curl("-X", "GET", f"{os.environ['NPM_URL']}/api/nginx/proxy-hosts", *auth_header))
if isinstance(hosts_resp, dict):
hosts = hosts_resp.get("data") or hosts_resp.get("proxy_hosts") or []
else:
hosts = hosts_resp
existing = None
for host in hosts:
if "dapp.d-bis.org" in (host.get("domain_names") or []):
existing = host
break
payload = {
"domain_names": ["dapp.d-bis.org"],
"forward_scheme": "http",
"forward_host": os.environ["DAPP_IP"],
"forward_port": 80,
"allow_websocket_upgrade": True,
"block_exploits": False,
}
if existing:
payload["certificate_id"] = existing.get("certificate_id")
payload["ssl_forced"] = existing.get("ssl_forced", False)
resp = json.loads(curl("-X", "PUT", f"{os.environ['NPM_URL']}/api/nginx/proxy-hosts/{existing['id']}", *auth_header, "-H", "Content-Type: application/json", "-d", json.dumps(payload)))
if resp.get("id"):
print(f"Updated: dapp.d-bis.org -> {os.environ['DAPP_IP']}:80")
sys.exit(0)
print(f"Update failed: {json.dumps(resp)}")
sys.exit(1)
payload["certificate_id"] = None
payload["ssl_forced"] = False
resp = json.loads(curl("-X", "POST", f"{os.environ['NPM_URL']}/api/nginx/proxy-hosts", *auth_header, "-H", "Content-Type: application/json", "-d", json.dumps(payload)))
if resp.get("id"):
print(f"Added: dapp.d-bis.org -> {os.environ['DAPP_IP']}:80")
print("Request SSL in NPMplus UI for dapp.d-bis.org and enable Force SSL if this is a new host.")
sys.exit(0)
print(f"Create failed: {json.dumps(resp)}")
sys.exit(1)
PY
'
echo "Running NPM add proxy host from Proxmox host $PROXMOX_HOST (must be on same LAN as NPMplus 192.168.11.167)..."
# Escape single quotes in password for remote export: ' -> '\''
PASS_ESC="${NPM_PASSWORD//\'/\'\\\'\'}"
OUTPUT=$(ssh -o ConnectTimeout=10 -o StrictHostKeyChecking=accept-new root@"$PROXMOX_HOST" \
"export NPM_EMAIL='${NPM_EMAIL//\'/\'\\\'\'}' NPM_PASSWORD='$PASS_ESC' NPM_URL='$NPM_URL' DAPP_IP='$DAPP_IP'; bash -s" <<< "$REMOTE_SCRIPT" 2>&1) || true
echo "$OUTPUT"
if ! echo "$OUTPUT" | grep -qE "Added: dapp.d-bis.org|Updated: dapp.d-bis.org"; then
echo "Failed. Ensure this machine can SSH to $PROXMOX_HOST and that host can reach $NPM_URL (same LAN)." >&2
exit 1
fi
Reference in New Issue View Git Blame Copy Permalink