d-bis/proxmox
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
7b47d42cecc613dd51ebb5cb212955b4ed2c98da
proxmox/scripts/cloudflare/configure-explorer-d-bis-dns-wan.sh
defiQUG 76253586e7 feat(cloudflare): explorer.d-bis WAN DNS helper + d-bis.org SSL full mode 
- configure-explorer-d-bis-dns-wan.sh: PATCH explorer A (default 76.53.10.36), preserve proxied unless EXPLORER_D_BIS_CF_PROXIED set
- set-d-bis-org-zone-ssl-mode.sh: same SSL API as sankofa script for d-bis.org (fixes Flexible+NPM loops)
- TOKEN_AGGREGATION_REPORT_API_RUNBOOK: operator sequence for 502/522/loops + LAN fallback pointer

Made-with: Cursor
2026-04-13 22:26:26 -07:00

88 lines
4.0 KiB
Bash
Executable File
Raw Blame History

#!/usr/bin/env bash
# Point explorer.d-bis.org (Cloudflare A) at a WAN IP that forwards cleanly to NPM for
# long paths like /token-aggregation/api/v1/* (see TOKEN_AGGREGATION_REPORT_API_RUNBOOK.md §1.1).
#
# Default A record content is 76.53.10.36 (primary WAN / NPM in repo defaults). Override with EXPLORER_D_BIS_WAN_A
# (e.g. 76.53.10.34 from ip-addresses.conf PUBLIC_IP_ER605_WAN1 if port-forward differs on the primary IP).
# Proxied: if EXPLORER_D_BIS_CF_PROXIED is set, use it; else preserve the existing Cloudflare value when updating;
# else false for a new record. After changing proxy mode, run: bash scripts/cloudflare/set-d-bis-org-zone-ssl-mode.sh full
#
# Usage: bash scripts/cloudflare/configure-explorer-d-bis-dns-wan.sh
# Requires: .env with Cloudflare auth + CLOUDFLARE_ZONE_ID_D_BIS_ORG (or CLOUDFLARE_ZONE_ID).
set -euo pipefail
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
PROJECT_ROOT="$(cd "$SCRIPT_DIR/../.." && pwd)"
cd "$PROJECT_ROOT"
# shellcheck source=/dev/null
source config/ip-addresses.conf 2>/dev/null || true
[ -f .env ] && set +u && source .env 2>/dev/null || true && set -u
ZONE_ID="${CLOUDFLARE_ZONE_ID:-${CLOUDFLARE_ZONE_ID_D_BIS_ORG:-}}"
HOSTNAME="explorer.d-bis.org"
NAME_LABEL="explorer"
TARGET_IP="${EXPLORER_D_BIS_WAN_A:-76.53.10.36}"
if [ -n "${CLOUDFLARE_API_TOKEN:-}" ]; then
AUTH_H=(-H "Authorization: Bearer $CLOUDFLARE_API_TOKEN")
elif [ -n "${CLOUDFLARE_API_KEY:-}" ] && [ -n "${CLOUDFLARE_EMAIL:-}" ]; then
AUTH_H=(-H "X-Auth-Email: $CLOUDFLARE_EMAIL" -H "X-Auth-Key: $CLOUDFLARE_API_KEY")
else
echo "Set CLOUDFLARE_API_TOKEN or (CLOUDFLARE_EMAIL + CLOUDFLARE_API_KEY) in .env" >&2
exit 1
fi
[ -z "${ZONE_ID:-}" ] && { echo "Set CLOUDFLARE_ZONE_ID or CLOUDFLARE_ZONE_ID_D_BIS_ORG in .env" >&2; exit 1; }
EXISTING=$(curl -s -X GET "https://api.cloudflare.com/client/v4/zones/${ZONE_ID}/dns_records?name=${HOSTNAME}" \
"${AUTH_H[@]}" -H "Content-Type: application/json")
RECORD_ID=$(echo "$EXISTING" | jq -r '.result[0].id // empty')
CURRENT_CONTENT=$(echo "$EXISTING" | jq -r '.result[0].content // empty')
CURRENT_PROXIED=$(echo "$EXISTING" | jq -r '.result[0].proxied // false')
if [[ -v EXPLORER_D_BIS_CF_PROXIED ]]; then
if [[ "${EXPLORER_D_BIS_CF_PROXIED}" == "true" ]] || [[ "${EXPLORER_D_BIS_CF_PROXIED}" == "1" ]]; then
_CF_PROXIED_JSON="true"
else
_CF_PROXIED_JSON="false"
fi
elif [ -n "$RECORD_ID" ] && [ "$RECORD_ID" != "null" ]; then
[[ "${CURRENT_PROXIED}" == "true" ]] && _CF_PROXIED_JSON="true" || _CF_PROXIED_JSON="false"
else
_CF_PROXIED_JSON="false"
fi
DATA=$(jq -n \
--arg name "$NAME_LABEL" \
--arg content "$TARGET_IP" \
--argjson proxied "${_CF_PROXIED_JSON}" \
'{type:"A",name:$name,content:$content,ttl:1,proxied:$proxied}')
echo "explorer.d-bis.org A → ${TARGET_IP} (proxied=${_CF_PROXIED_JSON})"
if [ -n "$RECORD_ID" ] && [ "$RECORD_ID" != "null" ]; then
if [ "$CURRENT_CONTENT" = "$TARGET_IP" ] && [[ "${CURRENT_PROXIED}" == "${_CF_PROXIED_JSON}" ]]; then
echo " ${HOSTNAME}: OK (already A → ${TARGET_IP}, proxied=${_CF_PROXIED_JSON})"
exit 0
fi
UPD=$(curl -s -X PUT "https://api.cloudflare.com/client/v4/zones/${ZONE_ID}/dns_records/${RECORD_ID}" \
"${AUTH_H[@]}" -H "Content-Type: application/json" -d "$DATA")
if echo "$UPD" | jq -e '.success == true' >/dev/null 2>&1; then
echo " ${HOSTNAME}: Updated A → ${TARGET_IP} (proxied=${_CF_PROXIED_JSON})"
else
echo " ${HOSTNAME}: Update failed ($(echo "$UPD" | jq -c '.errors' 2>/dev/null))" >&2
exit 1
fi
else
CR=$(curl -s -X POST "https://api.cloudflare.com/client/v4/zones/${ZONE_ID}/dns_records" \
"${AUTH_H[@]}" -H "Content-Type: application/json" -d "$DATA")
if echo "$CR" | jq -e '.success == true' >/dev/null 2>&1; then
echo " ${HOSTNAME}: Created A → ${TARGET_IP} (proxied=${_CF_PROXIED_JSON})"
else
echo " ${HOSTNAME}: Create failed ($(echo "$CR" | jq -c '.errors' 2>/dev/null))" >&2
exit 1
fi
fi
echo "If browsers or curl show redirect loops on HTTPS, set d-bis.org SSL to Full: bash scripts/cloudflare/set-d-bis-org-zone-ssl-mode.sh full"
Reference in New Issue View Git Blame Copy Permalink