MediaMetz/boti
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add setup_nginx_proxy.sh; update README and CLAUDE.md

Browse Source 
Documents OPNsense NGINX proxy setup script (upstream server, upstream,
location, HTTP server creation via OPNsense API with wildcard cert
auto-detection). Marks reverse proxy automation as complete.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
root
2026-03-07 19:49:40 +01:00
parent 6bb3a1d137
commit e4a70fff83
3 changed files with 790 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

771
setup_nginx_proxy.sh Executable file
View File

@@ -0,0 +1,771 @@
#!/usr/bin/env bash
set -Eeuo pipefail
# =============================================================================
# OPNsense NGINX Reverse Proxy Setup Script
# =============================================================================
# Dieses Script konfiguriert einen NGINX Reverse Proxy auf OPNsense
# für eine neue n8n-Instanz über die OPNsense API.
# =============================================================================
SCRIPT_VERSION="1.0.8"
# Debug mode: 0 = nur JSON, 1 = Logs auf stderr
DEBUG="${DEBUG:-0}"
export DEBUG
# Logging functions
log_ts() { date "+[%F %T]"; }
info() { [[ "$DEBUG" == "1" ]] && echo "$(log_ts) INFO: $*" >&2; return 0; }
warn() { [[ "$DEBUG" == "1" ]] && echo "$(log_ts) WARN: $*" >&2; return 0; }
die() {
if [[ "$DEBUG" == "1" ]]; then
echo "$(log_ts) ERROR: $*" >&2
else
echo "{\"error\": \"$*\"}"
fi
exit 1
}
# =============================================================================
# Default Configuration
# =============================================================================
# OPNsense kann über Hostname ODER IP angesprochen werden
# Port 4444 ist der Standard-Port für die OPNsense WebUI/API
OPNSENSE_HOST="${OPNSENSE_HOST:-192.168.45.1}"
OPNSENSE_PORT="${OPNSENSE_PORT:-4444}"
OPNSENSE_API_KEY="${OPNSENSE_API_KEY:-cUUs80IDkQelMJVgAVK2oUoDHrQf+cQPwXoPKNd3KDIgiCiEyEfMq38UTXeY5/VO/yWtCC7k9Y9kJ0Pn}"
OPNSENSE_API_SECRET="${OPNSENSE_API_SECRET:-2egxxFYCAUjBDp0OrgbJO3NBZmR4jpDm028jeS8Nq8OtCGu/0lAxt4YXWXbdZjcFVMS0Nrhru1I2R1si}"
# Wildcard-Zertifikat UUID (muss in OPNsense nachgeschlagen werden)
# Kann über --certificate-uuid oder Umgebungsvariable gesetzt werden
CERTIFICATE_UUID="${CERTIFICATE_UUID:-}"
# =============================================================================
# Usage
# =============================================================================
usage() {
cat >&2 <<'EOF'
Usage:
bash setup_nginx_proxy.sh [options]
Required options (for proxy setup):
--ctid <id> Container ID (used as description)
--hostname <name> Hostname (e.g., sb-1768736636)
--fqdn <domain> Full domain name (e.g., sb-1768736636.userman.de)
--backend-ip <ip> Backend IP address (e.g., 192.168.45.135)
--backend-port <port> Backend port (default: 5678)
Optional:
--opnsense-host <ip> OPNsense IP or hostname (default: 192.168.45.1)
--opnsense-port <port> OPNsense WebUI/API port (default: 4444)
--certificate-uuid <uuid> UUID of the SSL certificate in OPNsense
--list-certificates List available certificates and exit
--test-connection Test API connection and exit
--debug Enable debug mode
--help Show this help
Examples:
# List certificates:
bash setup_nginx_proxy.sh --list-certificates --debug
# Test API connection:
bash setup_nginx_proxy.sh --test-connection --debug
# Setup proxy:
bash setup_nginx_proxy.sh --ctid 768736636 --hostname sb-1768736636 \
--fqdn sb-1768736636.userman.de --backend-ip 192.168.45.135
# With custom OPNsense IP:
bash setup_nginx_proxy.sh --opnsense-host 192.168.45.1 --list-certificates
EOF
}
# =============================================================================
# Default values for arguments
# =============================================================================
CTID=""
HOSTNAME=""
FQDN=""
BACKEND_IP=""
BACKEND_PORT="5678"
LIST_CERTIFICATES="0"
TEST_CONNECTION="0"
# =============================================================================
# Argument parsing
# =============================================================================
while [[ $# -gt 0 ]]; do
case "$1" in
--ctid) CTID="${2:-}"; shift 2 ;;
--hostname) HOSTNAME="${2:-}"; shift 2 ;;
--fqdn) FQDN="${2:-}"; shift 2 ;;
--backend-ip) BACKEND_IP="${2:-}"; shift 2 ;;
--backend-port) BACKEND_PORT="${2:-}"; shift 2 ;;
--opnsense-host) OPNSENSE_HOST="${2:-}"; shift 2 ;;
--opnsense-port) OPNSENSE_PORT="${2:-}"; shift 2 ;;
--certificate-uuid) CERTIFICATE_UUID="${2:-}"; shift 2 ;;
--list-certificates) LIST_CERTIFICATES="1"; shift 1 ;;
--test-connection) TEST_CONNECTION="1"; shift 1 ;;
--debug) DEBUG="1"; export DEBUG; shift 1 ;;
--help|-h) usage; exit 0 ;;
*) die "Unknown option: $1 (use --help)" ;;
esac
done
# =============================================================================
# API Base URL (nach Argument-Parsing setzen!)
# =============================================================================
API_BASE="https://${OPNSENSE_HOST}:${OPNSENSE_PORT}/api"
# =============================================================================
# API Helper Functions (MÜSSEN VOR list_certificates definiert werden!)
# =============================================================================
# Make API request to OPNsense
api_request() {
local method="$1"
local endpoint="$2"
local data="${3:-}"
local url="${API_BASE}${endpoint}"
local auth="${OPNSENSE_API_KEY}:${OPNSENSE_API_SECRET}"
info "API ${method} ${url}"
local response
local http_code
if [[ -n "$data" ]]; then
response=$(curl -s -k -w "\n%{http_code}" -X "${method}" \
-u "${auth}" \
-H "Content-Type: application/json" \
-d "${data}" \
"${url}" 2>&1)
else
response=$(curl -s -k -w "\n%{http_code}" -X "${method}" \
-u "${auth}" \
"${url}" 2>&1)
fi
# Extract HTTP code from last line
http_code=$(echo "$response" | tail -n1)
response=$(echo "$response" | sed '$d')
# Check for permission errors
if [[ "$http_code" == "401" ]]; then
warn "API Error 401: Unauthorized - Check API key and secret"
elif [[ "$http_code" == "403" ]]; then
warn "API Error 403: Forbidden - API user lacks permission for ${endpoint}"
elif [[ "$http_code" == "404" ]]; then
warn "API Error 404: Not Found - Endpoint ${endpoint} does not exist"
elif [[ "$http_code" -ge 400 ]]; then
warn "API Error ${http_code} for ${endpoint}"
fi
echo "$response"
}
# Check API response for errors and return status
# Usage: if check_api_response "$response" "endpoint_name"; then ... fi
check_api_response() {
local response="$1"
local endpoint_name="$2"
# Check for JSON error responses
local status
status=$(echo "$response" | python3 -c "import json,sys; d=json.load(sys.stdin); print(d.get('status', 'ok'))" 2>/dev/null || echo "ok")
if [[ "$status" == "403" ]]; then
die "Permission denied for ${endpoint_name}. Please add the required API permission in OPNsense: System > Access > Users > [API User] > Effective Privileges"
elif [[ "$status" == "401" ]]; then
die "Authentication failed for ${endpoint_name}. Check your API key and secret."
fi
# Check for validation errors
local validation_error
validation_error=$(echo "$response" | python3 -c "
import json,sys
try:
d=json.load(sys.stdin)
if 'validations' in d and d['validations']:
for field, errors in d['validations'].items():
print(f'{field}: {errors}')
except:
pass
" 2>/dev/null || true)
if [[ -n "$validation_error" ]]; then
warn "Validation errors: ${validation_error}"
return 1
fi
# Check for result status
local result
result=$(echo "$response" | python3 -c "import json,sys; d=json.load(sys.stdin); print(d.get('result', 'unknown'))" 2>/dev/null || echo "unknown")
if [[ "$result" == "failed" ]]; then
local message
message=$(echo "$response" | python3 -c "import json,sys; d=json.load(sys.stdin); print(d.get('message', 'Unknown error'))" 2>/dev/null || echo "Unknown error")
warn "API operation failed: ${message}"
return 1
fi
return 0
}
# Search for existing item by description
# OPNsense NGINX API uses "search<Type>" format, e.g., searchUpstreamServer
search_by_description() {
local search_endpoint="$1"
local description="$2"
local response
response=$(api_request "GET" "${search_endpoint}")
# Extract UUID where description matches
echo "$response" | python3 -c "
import json, sys
try:
data = json.load(sys.stdin)
rows = data.get('rows', [])
for row in rows:
if row.get('description', '') == '${description}':
print(row.get('uuid', ''))
sys.exit(0)
except:
pass
" 2>/dev/null || true
}
# Search for existing HTTP Server by servername
# HTTP Servers don't have a description field, they use servername
search_http_server_by_servername() {
local servername="$1"
local response
response=$(api_request "GET" "/nginx/settings/searchHttpServer")
# Extract UUID where servername matches
echo "$response" | python3 -c "
import json, sys
try:
data = json.load(sys.stdin)
rows = data.get('rows', [])
for row in rows:
if row.get('servername', '') == '${servername}':
print(row.get('uuid', ''))
sys.exit(0)
except:
pass
" 2>/dev/null || true
}
# Find certificate by Common Name (CN) or Description
# Returns the certificate ID used by NGINX API (not the full UUID)
find_certificate_by_cn() {
local cn_pattern="$1"
# First, get the certificate list from the HTTP Server schema
# This gives us the correct certificate IDs that NGINX expects
local response
response=$(api_request "GET" "/nginx/settings/getHttpServer")
# Extract certificate ID where description contains the pattern
echo "$response" | python3 -c "
import json, sys
pattern = '${cn_pattern}'.lower()
try:
data = json.load(sys.stdin)
certs = data.get('httpserver', {}).get('certificate', {})
for cert_id, cert_info in certs.items():
if cert_id: # Skip empty key
value = cert_info.get('value', '').lower()
if pattern in value:
print(cert_id)
sys.exit(0)
except Exception as e:
print(f'Error: {e}', file=sys.stderr)
" 2>/dev/null || true
}
# =============================================================================
# Utility Functions
# =============================================================================
# Test API connection
test_connection() {
info "Testing API connection to OPNsense at ${OPNSENSE_HOST}:${OPNSENSE_PORT}..."
echo "Testing various API endpoints..."
echo ""
# Test 1: Firmware status (general API access)
echo "1. Testing /core/firmware/status..."
local response
response=$(api_request "GET" "/core/firmware/status")
if echo "$response" | python3 -c "import json,sys; d=json.load(sys.stdin); print('OK' if 'product' in d or 'connection' in d else 'FAIL')" 2>/dev/null | grep -q "OK"; then
echo " ✓ Firmware API: OK"
else
echo " ✗ Firmware API: FAILED"
echo " Response: $response"
fi
# Test 2: NGINX settings (required for this script)
echo ""
echo "2. Testing /nginx/settings/searchHttpServer..."
response=$(api_request "GET" "/nginx/settings/searchHttpServer")
if echo "$response" | python3 -c "import json,sys; d=json.load(sys.stdin); print('OK' if 'rows' in d or 'rowCount' in d else 'FAIL')" 2>/dev/null | grep -q "OK"; then
echo " ✓ NGINX HTTP Server API: OK"
local count
count=$(echo "$response" | python3 -c "import json,sys; d=json.load(sys.stdin); print(d.get('rowCount', len(d.get('rows', []))))" 2>/dev/null || echo "?")
echo " Found ${count} HTTP Server(s)"
else
echo " ✗ NGINX HTTP Server API: FAILED"
echo " Response: $response"
fi
# Test 3: NGINX upstream servers
echo ""
echo "3. Testing /nginx/settings/searchUpstreamServer..."
response=$(api_request "GET" "/nginx/settings/searchUpstreamServer")
if echo "$response" | python3 -c "import json,sys; d=json.load(sys.stdin); print('OK' if 'rows' in d or 'rowCount' in d else 'FAIL')" 2>/dev/null | grep -q "OK"; then
echo " ✓ NGINX Upstream Server API: OK"
local count
count=$(echo "$response" | python3 -c "import json,sys; d=json.load(sys.stdin); print(d.get('rowCount', len(d.get('rows', []))))" 2>/dev/null || echo "?")
echo " Found ${count} Upstream Server(s)"
else
echo " ✗ NGINX Upstream Server API: FAILED"
echo " Response: $response"
fi
# Test 4: Trust/Certificates (optional)
echo ""
echo "4. Testing /trust/cert/search (optional)..."
response=$(api_request "GET" "/trust/cert/search")
if echo "$response" | python3 -c "import json,sys; d=json.load(sys.stdin); print('OK' if 'rows' in d else 'FAIL')" 2>/dev/null | grep -q "OK"; then
echo " ✓ Trust/Cert API: OK"
else
local status
status=$(echo "$response" | python3 -c "import json,sys; d=json.load(sys.stdin); print(d.get('status', 'unknown'))" 2>/dev/null || echo "unknown")
if [[ "$status" == "403" ]]; then
echo " ⚠ Trust/Cert API: 403 Forbidden (API user needs 'System: Trust: Certificates' permission)"
echo " Note: You can still use --certificate-uuid to specify the certificate manually"
else
echo " ✗ Trust/Cert API: FAILED"
echo " Response: $response"
fi
fi
echo ""
echo "Connection test complete."
return 0
}
# List available certificates
list_certificates() {
info "Fetching available certificates from OPNsense at ${OPNSENSE_HOST}:${OPNSENSE_PORT}..."
local response
response=$(api_request "GET" "/trust/cert/search")
echo "Available SSL Certificates in OPNsense (${OPNSENSE_HOST}:${OPNSENSE_PORT}):"
echo "============================================================"
echo "$response" | python3 -c "
import json, sys
try:
data = json.load(sys.stdin)
rows = data.get('rows', [])
if not rows:
print('No certificates found.')
print('Raw response:', data)
for row in rows:
uuid = row.get('uuid', 'N/A')
descr = row.get('descr', 'N/A')
cn = row.get('cn', 'N/A')
print(f'UUID: {uuid}')
print(f' Description: {descr}')
print(f' Common Name: {cn}')
print()
except Exception as e:
print(f'Error parsing response: {e}', file=sys.stderr)
print(f'Raw response: {sys.stdin.read()}', file=sys.stderr)
sys.exit(1)
" 2>&1
}
# =============================================================================
# Handle special commands first (before validation)
# =============================================================================
if [[ "$TEST_CONNECTION" == "1" ]]; then
test_connection
exit $?
fi
if [[ "$LIST_CERTIFICATES" == "1" ]]; then
list_certificates
exit 0
fi
# =============================================================================
# Validation (nur für Proxy-Setup)
# =============================================================================
[[ -n "$CTID" ]] || die "--ctid is required"
[[ -n "$HOSTNAME" ]] || die "--hostname is required"
[[ -n "$FQDN" ]] || die "--fqdn is required"
[[ -n "$BACKEND_IP" ]] || die "--backend-ip is required"
info "Script Version: ${SCRIPT_VERSION}"
info "Configuration:"
info " CTID: ${CTID}"
info " Hostname: ${HOSTNAME}"
info " FQDN: ${FQDN}"
info " Backend: ${BACKEND_IP}:${BACKEND_PORT}"
info " OPNsense: ${OPNSENSE_HOST}:${OPNSENSE_PORT}"
info " Certificate UUID: ${CERTIFICATE_UUID:-auto-detect}"
# =============================================================================
# NGINX Configuration Steps
# =============================================================================
# Step 1: Create or update Upstream Server
create_upstream_server() {
local description="$1"
local server_ip="$2"
local server_port="$3"
info "Step 1: Creating Upstream Server..."
# Check if upstream server already exists
local existing_uuid
existing_uuid=$(search_by_description "/nginx/settings/searchUpstreamServer" "${description}")
# Note: OPNsense API expects specific values
# no_use: empty string means "use this server" (not "0")
local data
data=$(cat <<EOF
{
"upstream_server": {
"description": "${description}",
"server": "${server_ip}",
"port": "${server_port}",
"priority": "1",
"max_conns": "",
"max_fails": "",
"fail_timeout": ""
}
}
EOF
)
local response
if [[ -n "$existing_uuid" ]]; then
info "Upstream Server exists (UUID: ${existing_uuid}), updating..."
response=$(api_request "POST" "/nginx/settings/setUpstreamServer/${existing_uuid}" "$data")
else
info "Creating new Upstream Server..."
response=$(api_request "POST" "/nginx/settings/addUpstreamServer" "$data")
info "API Response: ${response}"
# OPNsense returns {"uuid":"xxx"} or {"result":"saved","uuid":"xxx"}
existing_uuid=$(echo "$response" | python3 -c "
import json,sys
try:
d = json.load(sys.stdin)
# Try different response formats
uuid = d.get('uuid', '')
if not uuid and 'rows' in d:
# Sometimes returns in rows format
uuid = d['rows'][0].get('uuid', '') if d['rows'] else ''
print(uuid)
except Exception as e:
print('', file=sys.stderr)
" 2>/dev/null || true)
fi
info "Upstream Server UUID: ${existing_uuid}"
echo "$existing_uuid"
}
# Step 2: Create or update Upstream
create_upstream() {
local description="$1"
local server_uuid="$2"
info "Step 2: Creating Upstream..."
# Check if upstream already exists
local existing_uuid
existing_uuid=$(search_by_description "/nginx/settings/searchUpstream" "${description}")
local data
data=$(cat <<EOF
{
"upstream": {
"description": "${description}",
"serverentries": "${server_uuid}",
"load_balancing_algorithm": "",
"tls_enable": "0",
"tls_client_certificate": "",
"tls_name_override": "",
"tls_protocol_versions": "",
"tls_session_reuse": "1",
"tls_trusted_certificate": ""
}
}
EOF
)
local response
if [[ -n "$existing_uuid" ]]; then
info "Upstream exists (UUID: ${existing_uuid}), updating..."
response=$(api_request "POST" "/nginx/settings/setUpstream/${existing_uuid}" "$data")
else
info "Creating new Upstream..."
response=$(api_request "POST" "/nginx/settings/addUpstream" "$data")
existing_uuid=$(echo "$response" | python3 -c "import json,sys; print(json.load(sys.stdin).get('uuid',''))" 2>/dev/null || true)
fi
info "Upstream UUID: ${existing_uuid}"
echo "$existing_uuid"
}
# Step 3: Create or update Location
create_location() {
local description="$1"
local upstream_uuid="$2"
info "Step 3: Creating Location..."
# Check if location already exists
local existing_uuid
existing_uuid=$(search_by_description "/nginx/settings/searchLocation" "${description}")
local data
data=$(cat <<EOF
{
"location": {
"description": "${description}",
"urlpattern": "/",
"matchtype": "",
"enable_secrules": "0",
"enable_learning_mode": "0",
"xss_block_score": "",
"sqli_block_score": "",
"custom_policy": "",
"rewrites": "",
"upstream": "${upstream_uuid}",
"path_prefix": "",
"websocket": "1",
"php_enable": "0",
"php_override": "",
"advanced_acl": "0",
"force_https": "1",
"honeypot": "0",
"http_cache": "0",
"http_cache_validity": "",
"authbasic": "0",
"authbasicuserfile": "",
"satisfy": "",
"naxsi_rules": "",
"limit_request_connections": "",
"limit_request_connections_burst": "",
"limit_request_connections_nodelay": "0"
}
}
EOF
)
local response
if [[ -n "$existing_uuid" ]]; then
info "Location exists (UUID: ${existing_uuid}), updating..."
response=$(api_request "POST" "/nginx/settings/setLocation/${existing_uuid}" "$data")
else
info "Creating new Location..."
response=$(api_request "POST" "/nginx/settings/addLocation" "$data")
existing_uuid=$(echo "$response" | python3 -c "import json,sys; print(json.load(sys.stdin).get('uuid',''))" 2>/dev/null || true)
fi
info "Location UUID: ${existing_uuid}"
echo "$existing_uuid"
}
# Step 4: Create or update HTTP Server
create_http_server() {
local description="$1"
local server_name="$2"
local location_uuid="$3"
local cert_uuid="$4"
info "Step 4: Creating HTTP Server..."
# Check if HTTP server already exists (by servername, not description)
local existing_uuid
existing_uuid=$(search_http_server_by_servername "${server_name}")
# Determine certificate configuration
local cert_config=""
local acme_config="0"
if [[ -n "$cert_uuid" ]]; then
cert_config="\"certificate\": \"${cert_uuid}\","
acme_config="0"
info "Using existing certificate: ${cert_uuid}"
else
cert_config="\"certificate\": \"\","
acme_config="1"
info "Using ACME/Let's Encrypt for certificate"
fi
# HTTP Server configuration
# Note: API uses "httpserver" not "http_server"
# Required fields based on API schema
# listen_http_address: "80" and listen_https_address: "443" for standard ports
local data
if [[ -n "$cert_uuid" ]]; then
data=$(cat <<EOF
{
"httpserver": {
"servername": "${server_name}",
"listen_http_address": "80",
"listen_https_address": "443",
"locations": "${location_uuid}",
"certificate": "${cert_uuid}",
"verify_client": "off",
"access_log_format": "main",
"https_only": "1",
"http2": "1",
"sendfile": "1"
}
}
EOF
)
else
# Without certificate, enable ACME support
data=$(cat <<EOF
{
"httpserver": {
"servername": "${server_name}",
"listen_http_address": "80",
"listen_https_address": "443",
"locations": "${location_uuid}",
"enable_acme_support": "1",
"verify_client": "off",
"access_log_format": "main",
"https_only": "1",
"http2": "1",
"sendfile": "1"
}
}
EOF
)
fi
local response
if [[ -n "$existing_uuid" ]]; then
info "HTTP Server exists (UUID: ${existing_uuid}), updating..."
response=$(api_request "POST" "/nginx/settings/setHttpServer/${existing_uuid}" "$data")
else
info "Creating new HTTP Server..."
response=$(api_request "POST" "/nginx/settings/addHttpServer" "$data")
info "API Response: ${response}"
existing_uuid=$(echo "$response" | python3 -c "import json,sys; d=json.load(sys.stdin); print(d.get('uuid',''))" 2>/dev/null || true)
fi
info "HTTP Server UUID: ${existing_uuid}"
echo "$existing_uuid"
}
# Step 5: Apply configuration
apply_config() {
info "Step 5: Applying NGINX configuration..."
local response
response=$(api_request "POST" "/nginx/service/reconfigure" "{}")
info "Reconfigure response: ${response}"
# Check if successful
local status
status=$(echo "$response" | python3 -c "import json,sys; print(json.load(sys.stdin).get('status',''))" 2>/dev/null || echo "unknown")
if [[ "$status" == "ok" ]]; then
info "NGINX configuration applied successfully"
return 0
else
warn "NGINX reconfigure status: ${status}"
return 1
fi
}
# =============================================================================
# Main
# =============================================================================
main() {
info "Starting NGINX Reverse Proxy setup for CTID ${CTID}..."
# Use CTID as description for all components
local description="${CTID}"
# Step 1: Create Upstream Server
local upstream_server_uuid
upstream_server_uuid=$(create_upstream_server "${description}" "${BACKEND_IP}" "${BACKEND_PORT}")
[[ -n "$upstream_server_uuid" ]] || die "Failed to create Upstream Server"
# Step 2: Create Upstream
local upstream_uuid
upstream_uuid=$(create_upstream "${description}" "${upstream_server_uuid}")
[[ -n "$upstream_uuid" ]] || die "Failed to create Upstream"
# Step 3: Create Location
local location_uuid
location_uuid=$(create_location "${description}" "${upstream_uuid}")
[[ -n "$location_uuid" ]] || die "Failed to create Location"
# Auto-detect certificate if not provided
local cert_uuid="${CERTIFICATE_UUID}"
if [[ -z "$cert_uuid" ]]; then
info "Auto-detecting wildcard certificate for userman.de..."
cert_uuid=$(find_certificate_by_cn "userman.de")
if [[ -n "$cert_uuid" ]]; then
info "Found certificate: ${cert_uuid}"
else
warn "No wildcard certificate found, will use ACME/Let's Encrypt"
fi
fi
# Step 4: Create HTTP Server
local http_server_uuid
http_server_uuid=$(create_http_server "${description}" "${FQDN}" "${location_uuid}" "${cert_uuid}")
[[ -n "$http_server_uuid" ]] || die "Failed to create HTTP Server"
# Step 5: Apply configuration
apply_config || warn "Configuration may need manual verification"
# Output result as JSON
local result
result=$(cat <<EOF
{
"success": true,
"ctid": "${CTID}",
"fqdn": "${FQDN}",
"backend": "${BACKEND_IP}:${BACKEND_PORT}",
"nginx": {
"upstream_server_uuid": "${upstream_server_uuid}",
"upstream_uuid": "${upstream_uuid}",
"location_uuid": "${location_uuid}",
"http_server_uuid": "${http_server_uuid}"
}
}
EOF
)
if [[ "$DEBUG" == "1" ]]; then
echo "$result"
else
# Compact JSON
echo "$result" | python3 -c "import json,sys; print(json.dumps(json.load(sys.stdin)))" 2>/dev/null || echo "$result"
fi
}
main