proxmox/scripts/nginx-proxy-manager/add-studio-sankofa-npmplus-proxy.sh

#!/usr/bin/env bash
# Add NPMplus proxy host for Sankofa Studio: studio.sankofa.nexus → 192.168.11.72:8000
#
# Usage: NPM_PASSWORD=xxx bash scripts/nginx-proxy-manager/add-studio-sankofa-npmplus-proxy.sh
# Or: source .env && bash scripts/nginx-proxy-manager/add-studio-sankofa-npmplus-proxy.sh
#
# Prerequisites: NPM_PASSWORD (and optionally NPM_URL, NPM_EMAIL) in .env or env.
set -euo pipefail

SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
PROJECT_ROOT="$(cd "$SCRIPT_DIR/../.." && pwd)"
source "$PROJECT_ROOT/config/ip-addresses.conf" 2>/dev/null || true
[ -f "$PROJECT_ROOT/.env" ] && set +u && source "$PROJECT_ROOT/.env" 2>/dev/null || true && set -u

DOMAIN="studio.sankofa.nexus"
IP_SANKOFA_STUDIO="${IP_SANKOFA_STUDIO:-192.168.11.72}"
PORT=8000
NPM_URL="${NPM_URL:-https://192.168.11.167:81}"
NPM_EMAIL="${NPM_EMAIL:-admin@example.org}"
NPM_PASSWORD="${NPM_PASSWORD:-}"

if [ -z "$NPM_PASSWORD" ]; then
  echo "❌ NPM_PASSWORD required. Set in .env or: NPM_PASSWORD=xxx $0"
  exit 1
fi

echo "Adding NPMplus proxy: $DOMAIN → http://${IP_SANKOFA_STUDIO}:${PORT}"
echo "NPMplus URL: $NPM_URL"
echo ""

AUTH_JSON=$(jq -n --arg identity "$NPM_EMAIL" --arg secret "$NPM_PASSWORD" '{identity:$identity,secret:$secret}')
TOKEN_RESPONSE=$(curl -s -k -X POST "$NPM_URL/api/tokens" -H "Content-Type: application/json" -d "$AUTH_JSON")
TOKEN=$(echo "$TOKEN_RESPONSE" | jq -r '.token // .accessToken // .access_token // empty' 2>/dev/null)

if [ -z "$TOKEN" ] || [ "$TOKEN" = "null" ]; then
  echo "❌ NPMplus authentication failed. Check NPM_URL, NPM_EMAIL, NPM_PASSWORD."
  echo "$TOKEN_RESPONSE" | jq -r '.message // .error // "unknown"' 2>/dev/null || echo "$TOKEN_RESPONSE"
  exit 1
fi

PROXY_HOSTS_JSON=$(curl -s -k -X GET "$NPM_URL/api/nginx/proxy-hosts" -H "Authorization: Bearer $TOKEN")
EXISTING_ID=$(echo "$PROXY_HOSTS_JSON" | jq -r ".[] | select(.domain_names[]? == \"$DOMAIN\") | .id" 2>/dev/null | head -1)

if [ -n "$EXISTING_ID" ] && [ "$EXISTING_ID" != "null" ]; then
  echo "✓ Proxy host for $DOMAIN already exists (ID: $EXISTING_ID). Updating target to ${IP_SANKOFA_STUDIO}:${PORT}..."
  PAYLOAD=$(jq -n \
    --arg domain "$DOMAIN" \
    --arg host "$IP_SANKOFA_STUDIO" \
    --argjson port "$PORT" \
    '{
      domain_names: [$domain],
      forward_scheme: "http",
      forward_host: $host,
      forward_port: $port,
      allow_websocket_upgrade: false,
      block_exploits: false,
      certificate_id: null,
      ssl_forced: false
    }')
  RESP=$(curl -s -k -X PUT "$NPM_URL/api/nginx/proxy-hosts/$EXISTING_ID" \
    -H "Authorization: Bearer $TOKEN" \
    -H "Content-Type: application/json" \
    -d "$PAYLOAD")
  if echo "$RESP" | jq -e '.id' >/dev/null 2>&1; then
    echo "✓ Updated $DOMAIN → http://${IP_SANKOFA_STUDIO}:${PORT}"
  else
    echo "❌ Update failed: $(echo "$RESP" | jq -r '.message // .error // "unknown"' 2>/dev/null)"
    exit 1
  fi
else
  PAYLOAD=$(jq -n \
    --arg domain "$DOMAIN" \
    --arg host "$IP_SANKOFA_STUDIO" \
    --argjson port "$PORT" \
    '{
      domain_names: [$domain],
      forward_scheme: "http",
      forward_host: $host,
      forward_port: $port,
      allow_websocket_upgrade: false,
      block_exploits: false,
      certificate_id: null,
      ssl_forced: false
    }')
  RESP=$(curl -s -k -X POST "$NPM_URL/api/nginx/proxy-hosts" \
    -H "Authorization: Bearer $TOKEN" \
    -H "Content-Type: application/json" \
    -d "$PAYLOAD")
  NEW_ID=$(echo "$RESP" | jq -r '.id // empty' 2>/dev/null)
  if [ -n "$NEW_ID" ] && [ "$NEW_ID" != "null" ]; then
    echo "✓ Created proxy host: $DOMAIN → http://${IP_SANKOFA_STUDIO}:${PORT} (ID: $NEW_ID)"
  else
    echo "❌ Create failed: $(echo "$RESP" | jq -r '.message // .error // "unknown"' 2>/dev/null)"
    exit 1
  fi
fi
echo ""
echo "Next: Request SSL in NPMplus UI for $DOMAIN and enable Force SSL."
echo "DNS: Ensure studio.sankofa.nexus resolves (e.g. run scripts/cloudflare/add-studio-sankofa-dns.sh)."