From 58bf27384fbd823f36ffce6424f2501271082ca0 Mon Sep 17 00:00:00 2001 From: Wolfgang Date: Sun, 18 Jan 2026 17:05:15 +0100 Subject: [PATCH] Proxy Setup Init --- n8n_setup.sh | 357 ++++++++++++++++++++++++++++ nohup.out | 346 +++++++++++++++++++++++++++ setup_nginx_proxy.sh | 552 +++++++++++++++++++++++++++++++++++++++++++ setupowner.sh | 14 ++ 4 files changed, 1269 insertions(+) create mode 100755 n8n_setup.sh create mode 100644 nohup.out create mode 100755 setup_nginx_proxy.sh create mode 100755 setupowner.sh diff --git a/n8n_setup.sh b/n8n_setup.sh new file mode 100755 index 0000000..946a94f --- /dev/null +++ b/n8n_setup.sh @@ -0,0 +1,357 @@ +#!/bin/bash +# +# n8n Owner Account Setup Script +# Erstellt den Owner-Account bei einer neuen n8n-Instanz +# Oder prüft den Status einer bereits eingerichteten Instanz +# Ausgabe im JSON-Format +# + +# NICHT set -e verwenden, da wir Fehler selbst behandeln + +# Standardwerte +owner_first_name="Admin" +owner_last_name="User" +timeout=10 + +# JSON Steps Array +json_steps=() + +# Funktion: Step zum JSON hinzufügen +add_step() { + local step_name="$1" + local step_status="$2" + local step_message="$3" + # Escape quotes in message + step_message=$(echo "$step_message" | sed 's/"/\\"/g') + json_steps+=("{\"step\":\"$step_name\",\"status\":\"$step_status\",\"message\":\"$step_message\"}") +} + +# Funktion: JSON-Ausgabe generieren +output_json() { + local success="$1" + local message="$2" + local action="$3" + local login_status="$4" + local login_message="$5" + + # Escape quotes + message=$(echo "$message" | sed 's/"/\\"/g') + login_message=$(echo "$login_message" | sed 's/"/\\"/g') + + # Steps Array zusammenbauen + local steps_json="" + for i in "${!json_steps[@]}"; do + if [[ $i -gt 0 ]]; then + steps_json+="," + fi + steps_json+="${json_steps[$i]}" + done + + # Zeitstempel + local timestamp=$(date -u +"%Y-%m-%dT%H:%M:%SZ") + + # JSON ausgeben + cat << JSONEOF +{ + "success": $success, + "timestamp": "$timestamp", + "message": "$message", + "action": "$action", + "config": { + "n8n_url": "$n8n_internal", + "owner_email": "$owner_email", + "owner_first_name": "$owner_first_name", + "owner_last_name": "$owner_last_name" + }, + "login_test": { + "status": "$login_status", + "message": "$login_message" + }, + "steps": [$steps_json] +} +JSONEOF +} + +# Funktion: Fehler-Exit mit JSON +exit_error() { + local message="$1" + local error="$2" + output_json "false" "$message" "error" "not_tested" "$error" + exit 1 +} + +# Funktion: Login testen +test_login() { + local url="$1" + local email="$2" + local password="$3" + + # Login-Request durchführen + local login_response + login_response=$(curl -s -w "\n%{http_code}" --connect-timeout "$timeout" \ + -X POST "${url}/rest/login" \ + -H "Content-Type: application/json" \ + -H "Accept: application/json" \ + -d "{\"email\":\"${email}\",\"password\":\"${password}\"}" 2>/dev/null) + + local curl_exit=$? + + if [[ $curl_exit -ne 0 ]]; then + echo "error|Verbindungsfehler beim Login-Test" + return 1 + fi + + local http_code=$(echo "$login_response" | tail -n1) + local body=$(echo "$login_response" | sed '$d') + + if [[ "$http_code" == "200" ]]; then + if echo "$body" | grep -q '"id"'; then + echo "success|Login erfolgreich - Authentifizierung bestätigt" + return 0 + else + echo "success|Login-Endpoint erreichbar (HTTP 200)" + return 0 + fi + elif [[ "$http_code" == "401" ]]; then + echo "failed|Authentifizierung fehlgeschlagen - Falsche Zugangsdaten" + return 1 + elif [[ "$http_code" == "400" ]]; then + echo "failed|Ungueltige Anfrage" + return 1 + else + echo "error|Unerwarteter Status: HTTP $http_code" + return 1 + fi +} + +# Funktion: Port-Test +test_port() { + local host="$1" + local port="$2" + local timeout_sec="$3" + + # Versuche verschiedene Methoden + if command -v nc &> /dev/null; then + nc -z -w "$timeout_sec" "$host" "$port" 2>/dev/null + return $? + elif command -v timeout &> /dev/null; then + timeout "$timeout_sec" bash -c "echo >/dev/tcp/$host/$port" 2>/dev/null + return $? + else + # Fallback: curl + curl -s --connect-timeout "$timeout_sec" "http://$host:$port" &>/dev/null + # Auch wenn curl fehlschlägt, war der Port erreichbar wenn kein Connection refused + return 0 + fi +} + +# Hilfe anzeigen +show_help() { + cat << EOF +Verwendung: $0 [OPTIONEN] + +n8n Owner Account Setup Script (JSON-Ausgabe) + +Optionen: + --n8n_internal n8n URL (z.B. http://192.168.1.100:5678) + --owner_email E-Mail-Adresse für den Owner-Account + --owner_password Passwort für den Owner-Account (min. 8 Zeichen) + --owner_first_name Vorname des Owners (Standard: Admin) + --owner_last_name Nachname des Owners (Standard: User) + --timeout Timeout für Requests (Standard: 10) + -h, --help Diese Hilfe anzeigen + +EOF + exit 0 +} + +# ============================================ +# Parameter parsen +# ============================================ + +while [[ $# -gt 0 ]]; do + case $1 in + --n8n_internal) + n8n_internal="$2" + shift 2 + ;; + --owner_email) + owner_email="$2" + shift 2 + ;; + --owner_password) + owner_password="$2" + shift 2 + ;; + --owner_first_name) + owner_first_name="$2" + shift 2 + ;; + --owner_last_name) + owner_last_name="$2" + shift 2 + ;; + --timeout) + timeout="$2" + shift 2 + ;; + -h|--help) + show_help + ;; + *) + exit_error "Unbekannter Parameter" "$1" + ;; + esac +done + +# ============================================ +# Pflichtparameter prüfen +# ============================================ + +if [[ -z "$n8n_internal" ]]; then + exit_error "Parameter fehlt" "--n8n_internal ist erforderlich" +fi + +if [[ -z "$owner_email" ]]; then + exit_error "Parameter fehlt" "--owner_email ist erforderlich" +fi + +if [[ -z "$owner_password" ]]; then + exit_error "Parameter fehlt" "--owner_password ist erforderlich" +fi + +if [[ ${#owner_password} -lt 8 ]]; then + exit_error "Validierungsfehler" "Passwort muss mindestens 8 Zeichen lang sein" +fi + +# URL normalisieren +n8n_internal="${n8n_internal%/}" + +# ============================================ +# Schritt 1: Server-Erreichbarkeit prüfen +# ============================================ + +# Host und Port extrahieren +host_port=$(echo "$n8n_internal" | sed -E 's|https?://||' | cut -d'/' -f1) +host=$(echo "$host_port" | cut -d':' -f1) +port=$(echo "$host_port" | grep -oE ':[0-9]+' | tr -d ':') + +if [[ -z "$port" ]]; then + if [[ "$n8n_internal" == https://* ]]; then + port=443 + else + port=80 + fi +fi + +# Ping-Test (optional, nicht kritisch) +if ping -c 1 -W 2 "$host" &> /dev/null; then + add_step "ping_test" "success" "Host $host antwortet auf Ping" +else + add_step "ping_test" "warning" "Host antwortet nicht auf Ping (ICMP blockiert)" +fi + +# Port-Test +if test_port "$host" "$port" "$timeout"; then + add_step "port_test" "success" "Port $port ist offen" +else + add_step "port_test" "error" "Port $port ist nicht erreichbar" + exit_error "Server nicht erreichbar" "Port $port ist nicht erreichbar auf $host" +fi + +# HTTP-Health-Check +http_status=$(curl -s -o /dev/null -w "%{http_code}" --connect-timeout "$timeout" "$n8n_internal/healthz" 2>/dev/null || echo "000") + +if [[ "$http_status" == "200" ]]; then + add_step "health_check" "success" "n8n Health-Check erfolgreich (HTTP $http_status)" +elif [[ "$http_status" == "000" ]]; then + add_step "health_check" "error" "Keine HTTP-Verbindung moeglich" + exit_error "Health-Check fehlgeschlagen" "Keine HTTP-Verbindung moeglich" +else + add_step "health_check" "warning" "Health-Endpoint antwortet mit HTTP $http_status" +fi + +# ============================================ +# Schritt 2: Setup-Status prüfen +# ============================================ + +setup_check=$(curl -s --connect-timeout "$timeout" "$n8n_internal/rest/settings" 2>/dev/null || echo "") +setup_already_done=false + +if echo "$setup_check" | grep -q '"showSetupOnFirstLoad":false'; then + setup_already_done=true + add_step "setup_check" "info" "Setup bereits abgeschlossen - Owner existiert" +else + add_step "setup_check" "success" "Setup ist verfuegbar" +fi + +# ============================================ +# Schritt 3: Owner erstellen ODER Login testen +# ============================================ + +if [[ "$setup_already_done" == "false" ]]; then + # Setup noch nicht durchgeführt -> Owner erstellen + + response=$(curl -s -w "\n%{http_code}" --connect-timeout "$timeout" \ + -X POST "${n8n_internal}/rest/owner/setup" \ + -H "Content-Type: application/json" \ + -H "Accept: application/json" \ + -d "{\"email\":\"${owner_email}\",\"password\":\"${owner_password}\",\"firstName\":\"${owner_first_name}\",\"lastName\":\"${owner_last_name}\"}" 2>/dev/null || echo -e "\n000") + + http_code=$(echo "$response" | tail -n1) + body=$(echo "$response" | sed '$d') + + if [[ "$http_code" == "200" ]] || [[ "$http_code" == "201" ]]; then + add_step "create_owner" "success" "Owner-Account erfolgreich erstellt" + + # Kurz warten + sleep 2 + + # Login testen nach Erstellung + login_result=$(test_login "$n8n_internal" "$owner_email" "$owner_password") + login_status=$(echo "$login_result" | cut -d'|' -f1) + login_message=$(echo "$login_result" | cut -d'|' -f2) + + if [[ "$login_status" == "success" ]]; then + add_step "login_test" "success" "$login_message" + output_json "true" "Owner-Account erfolgreich erstellt und Login verifiziert" "created" "$login_status" "$login_message" + exit 0 + else + add_step "login_test" "warning" "$login_message" + output_json "true" "Owner-Account erstellt, Login-Test fehlgeschlagen" "created" "$login_status" "$login_message" + exit 0 + fi + else + add_step "create_owner" "error" "Fehler beim Erstellen (HTTP $http_code)" + exit_error "Account-Erstellung fehlgeschlagen" "HTTP Status: $http_code" + fi + +else + # Setup bereits abgeschlossen -> Login testen + + add_step "action" "info" "Teste Login mit vorhandenen Zugangsdaten" + + # Login-Seite prüfen + main_page=$(curl -s -L --connect-timeout "$timeout" "$n8n_internal/" 2>/dev/null || echo "") + + if echo "$main_page" | grep -qi "sign.in\|login\|anmelden\|n8n"; then + add_step "login_page" "success" "Login-Seite ist erreichbar" + else + add_step "login_page" "warning" "Login-Seite nicht eindeutig erkannt" + fi + + # Login durchführen + login_result=$(test_login "$n8n_internal" "$owner_email" "$owner_password") + login_status=$(echo "$login_result" | cut -d'|' -f1) + login_message=$(echo "$login_result" | cut -d'|' -f2) + + if [[ "$login_status" == "success" ]]; then + add_step "login_test" "success" "$login_message" + output_json "true" "n8n-Instanz ist eingerichtet und Login erfolgreich" "existing" "$login_status" "$login_message" + exit 0 + else + add_step "login_test" "failed" "$login_message" + output_json "true" "n8n-Instanz ist eingerichtet, Login fehlgeschlagen" "existing" "$login_status" "$login_message" + exit 0 + fi +fi diff --git a/nohup.out b/nohup.out new file mode 100644 index 0000000..f935e3d --- /dev/null +++ b/nohup.out @@ -0,0 +1,346 @@ +[2026-01-14 21:36:08] INFO: Argument-Parsing OK +[2026-01-14 21:36:08] INFO: APT proxy enabled: http://192.168.45.2:3142 +[2026-01-14 21:36:10] WARN: pveam storage 'local-zfs' not available for templates; falling back to 'local' +[2026-01-14 21:36:10] INFO: Template OK: local:vztmpl/debian-12-standard_12.12-1_amd64.tar.zst +[2026-01-14 21:36:11] INFO: CTID selected: 768422970 +[2026-01-14 21:36:11] INFO: SCRIPT_DIR=/root/customer-installer +[2026-01-14 21:36:11] INFO: CT_HOSTNAME=sb-1768422970 +[2026-01-14 21:36:11] INFO: FQDN=sb-1768422970.userman.de +[2026-01-14 21:36:11] INFO: cores=4 memory=4096MB swap=512MB disk=50GB +[2026-01-14 21:36:11] INFO: bridge=vmbr0 storage=local-zfs ip=dhcp vlan=90 unprivileged=1 +[2026-01-14 21:36:11] INFO: Step 5: Create CT +[2026-01-14 21:36:11] INFO: Creating CT 768422970 (sb-1768422970) from local:vztmpl/debian-12-standard_12.12-1_amd64.tar.zst +extracting archive '/var/lib/vz/template/cache/debian-12-standard_12.12-1_amd64.tar.zst' +Total bytes read: 522782720 (499MiB, 228MiB/s) +Detected container architecture: amd64 +Setting up 'proxmox-regenerate-snakeoil.service' to regenerate snakeoil certificate.. +Creating SSH host key 'ssh_host_ecdsa_key' - this may take some time ... +done: SHA256:AYBSIYhUI08n1+A4rhSRDWvIy0yXsxEbO1GmnwfcVZo root@sb-1768422970 +Creating SSH host key 'ssh_host_rsa_key' - this may take some time ... +done: SHA256:20qUj1Khne5X5sxk4SFq3y89UeZ3xLZZZMkPj0/LOs4 root@sb-1768422970 +Creating SSH host key 'ssh_host_ed25519_key' - this may take some time ... +done: SHA256:kDSDpY7a/h0KF4bpuLIkl9yQDp83rMare6HVzsVJLsA root@sb-1768422970 +[2026-01-14 21:36:14] INFO: CT created (not started). Next step: start CT + wait for IP +[2026-01-14 21:36:14] INFO: Starting CT 768422970 +[2026-01-14 21:36:20] INFO: Step 5 OK: LXC erstellt + IP ermittelt +[2026-01-14 21:36:20] INFO: CT_HOSTNAME=sb-1768422970 +[2026-01-14 21:36:20] INFO: CT_IP=192.168.45.98 +[2026-01-14 21:36:20] INFO: Step 6: Provisioning im CT (Docker + Locales + Base) +Acquire::http::Proxy "http://192.168.45.2:3142"; +Acquire::https::Proxy "http://192.168.45.2:3142"; +Get:1 http://security.debian.org bookworm-security InRelease [48.0 kB] +Get:2 http://deb.debian.org/debian bookworm InRelease [151 kB] +Get:3 http://deb.debian.org/debian bookworm-updates InRelease [55.4 kB] +Get:4 http://security.debian.org bookworm-security/main amd64 Packages [291 kB] +Get:5 http://security.debian.org bookworm-security/main Translation-en [176 kB] +Get:6 http://security.debian.org bookworm-security/contrib Translation-en [652 B] +Get:7 http://deb.debian.org/debian bookworm/main amd64 Packages [8792 kB] +Get:8 http://deb.debian.org/debian bookworm/main Translation-en [6108 kB] +Get:9 http://deb.debian.org/debian bookworm/contrib amd64 Packages [53.5 kB] +Get:10 http://deb.debian.org/debian bookworm/contrib Translation-en [48.4 kB] +Get:11 http://deb.debian.org/debian bookworm-updates/main Translation-en [5448 B] +Fetched 15.7 MB in 2s (8185 kB/s) +Reading package lists... +Reading package lists... +Building dependency tree... +ca-certificates is already the newest version (20230311+deb12u1). +The following additional packages will be installed: + dirmngr gnupg-l10n gnupg-utils gpg gpg-agent gpg-wks-client gpg-wks-server + gpgconf gpgsm gpgv libassuan0 libcurl4 libksba8 libnpth0 pinentry-curses +Suggested packages: + dbus-user-session pinentry-gnome3 tor parcimonie xloadimage scdaemon + pinentry-doc +The following NEW packages will be installed: + curl dirmngr gnupg gnupg-l10n gnupg-utils gpg gpg-agent gpg-wks-client + gpg-wks-server gpgconf gpgsm libassuan0 libcurl4 libksba8 libnpth0 + lsb-release pinentry-curses +The following packages will be upgraded: + gpgv +1 upgraded, 17 newly installed, 0 to remove and 17 not upgraded. +Need to get 9247 kB of archives. +After this operation, 17.4 MB of additional disk space will be used. +Get:1 http://deb.debian.org/debian bookworm/main amd64 gpgv amd64 2.2.40-1.1+deb12u2 [649 kB] +Get:2 http://deb.debian.org/debian bookworm/main amd64 libcurl4 amd64 7.88.1-10+deb12u14 [392 kB] +Get:3 http://deb.debian.org/debian bookworm/main amd64 curl amd64 7.88.1-10+deb12u14 [316 kB] +Get:4 http://deb.debian.org/debian bookworm/main amd64 libassuan0 amd64 2.5.5-5 [48.5 kB] +Get:5 http://deb.debian.org/debian bookworm/main amd64 gpgconf amd64 2.2.40-1.1+deb12u2 [565 kB] +Get:6 http://deb.debian.org/debian bookworm/main amd64 libksba8 amd64 1.6.3-2 [128 kB] +Get:7 http://deb.debian.org/debian bookworm/main amd64 libnpth0 amd64 1.6-3 [19.0 kB] +Get:8 http://deb.debian.org/debian bookworm/main amd64 dirmngr amd64 2.2.40-1.1+deb12u2 [793 kB] +Get:9 http://deb.debian.org/debian bookworm/main amd64 gnupg-l10n all 2.2.40-1.1+deb12u2 [1093 kB] +Get:10 http://deb.debian.org/debian bookworm/main amd64 gnupg-utils amd64 2.2.40-1.1+deb12u2 [927 kB] +Get:11 http://deb.debian.org/debian bookworm/main amd64 gpg amd64 2.2.40-1.1+deb12u2 [950 kB] +Get:12 http://deb.debian.org/debian bookworm/main amd64 pinentry-curses amd64 1.2.1-1 [77.4 kB] +Get:13 http://deb.debian.org/debian bookworm/main amd64 gpg-agent amd64 2.2.40-1.1+deb12u2 [695 kB] +Get:14 http://deb.debian.org/debian bookworm/main amd64 gpg-wks-client amd64 2.2.40-1.1+deb12u2 [541 kB] +Get:15 http://deb.debian.org/debian bookworm/main amd64 gpg-wks-server amd64 2.2.40-1.1+deb12u2 [531 kB] +Get:16 http://deb.debian.org/debian bookworm/main amd64 gpgsm amd64 2.2.40-1.1+deb12u2 [671 kB] +Get:17 http://deb.debian.org/debian bookworm/main amd64 gnupg all 2.2.40-1.1+deb12u2 [846 kB] +Get:18 http://deb.debian.org/debian bookworm/main amd64 lsb-release all 12.0-1 [6416 B] +apt-listchanges: Can't set locale; make sure $LC_* and $LANG are correct! +apt-listchanges: Reading changelogs... +perl: warning: Setting locale failed. +perl: warning: Please check that your locale settings: + LANGUAGE = (unset), + LC_ALL = (unset), + LANG = "en_US.UTF-8" + are supported and installed on your system. +perl: warning: Falling back to the standard locale ("C"). +locale: Cannot set LC_CTYPE to default locale: No such file or directory +locale: Cannot set LC_MESSAGES to default locale: No such file or directory +locale: Cannot set LC_ALL to default locale: No such file or directory +Fetched 9247 kB in 0s (162 MB/s) +(Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 19144 files and directories currently installed.) +Preparing to unpack .../gpgv_2.2.40-1.1+deb12u2_amd64.deb ... +Unpacking gpgv (2.2.40-1.1+deb12u2) over (2.2.40-1.1+deb12u1) ... +Setting up gpgv (2.2.40-1.1+deb12u2) ... +Selecting previously unselected package libcurl4:amd64. +(Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 19144 files and directories currently installed.) +Preparing to unpack .../00-libcurl4_7.88.1-10+deb12u14_amd64.deb ... +Unpacking libcurl4:amd64 (7.88.1-10+deb12u14) ... +Selecting previously unselected package curl. +Preparing to unpack .../01-curl_7.88.1-10+deb12u14_amd64.deb ... +Unpacking curl (7.88.1-10+deb12u14) ... +Selecting previously unselected package libassuan0:amd64. +Preparing to unpack .../02-libassuan0_2.5.5-5_amd64.deb ... +Unpacking libassuan0:amd64 (2.5.5-5) ... +Selecting previously unselected package gpgconf. +Preparing to unpack .../03-gpgconf_2.2.40-1.1+deb12u2_amd64.deb ... +Unpacking gpgconf (2.2.40-1.1+deb12u2) ... +Selecting previously unselected package libksba8:amd64. +Preparing to unpack .../04-libksba8_1.6.3-2_amd64.deb ... +Unpacking libksba8:amd64 (1.6.3-2) ... +Selecting previously unselected package libnpth0:amd64. +Preparing to unpack .../05-libnpth0_1.6-3_amd64.deb ... +Unpacking libnpth0:amd64 (1.6-3) ... +Selecting previously unselected package dirmngr. +Preparing to unpack .../06-dirmngr_2.2.40-1.1+deb12u2_amd64.deb ... +Unpacking dirmngr (2.2.40-1.1+deb12u2) ... +Selecting previously unselected package gnupg-l10n. +Preparing to unpack .../07-gnupg-l10n_2.2.40-1.1+deb12u2_all.deb ... +Unpacking gnupg-l10n (2.2.40-1.1+deb12u2) ... +Selecting previously unselected package gnupg-utils. +Preparing to unpack .../08-gnupg-utils_2.2.40-1.1+deb12u2_amd64.deb ... +Unpacking gnupg-utils (2.2.40-1.1+deb12u2) ... +Selecting previously unselected package gpg. +Preparing to unpack .../09-gpg_2.2.40-1.1+deb12u2_amd64.deb ... +Unpacking gpg (2.2.40-1.1+deb12u2) ... +Selecting previously unselected package pinentry-curses. +Preparing to unpack .../10-pinentry-curses_1.2.1-1_amd64.deb ... +Unpacking pinentry-curses (1.2.1-1) ... +Selecting previously unselected package gpg-agent. +Preparing to unpack .../11-gpg-agent_2.2.40-1.1+deb12u2_amd64.deb ... +Unpacking gpg-agent (2.2.40-1.1+deb12u2) ... +Selecting previously unselected package gpg-wks-client. +Preparing to unpack .../12-gpg-wks-client_2.2.40-1.1+deb12u2_amd64.deb ... +Unpacking gpg-wks-client (2.2.40-1.1+deb12u2) ... +Selecting previously unselected package gpg-wks-server. +Preparing to unpack .../13-gpg-wks-server_2.2.40-1.1+deb12u2_amd64.deb ... +Unpacking gpg-wks-server (2.2.40-1.1+deb12u2) ... +Selecting previously unselected package gpgsm. +Preparing to unpack .../14-gpgsm_2.2.40-1.1+deb12u2_amd64.deb ... +Unpacking gpgsm (2.2.40-1.1+deb12u2) ... +Selecting previously unselected package gnupg. +Preparing to unpack .../15-gnupg_2.2.40-1.1+deb12u2_all.deb ... +Unpacking gnupg (2.2.40-1.1+deb12u2) ... +Selecting previously unselected package lsb-release. +Preparing to unpack .../16-lsb-release_12.0-1_all.deb ... +Unpacking lsb-release (12.0-1) ... +Setting up libksba8:amd64 (1.6.3-2) ... +Setting up libnpth0:amd64 (1.6-3) ... +Setting up libassuan0:amd64 (2.5.5-5) ... +Setting up gnupg-l10n (2.2.40-1.1+deb12u2) ... +Setting up gpgconf (2.2.40-1.1+deb12u2) ... +Setting up libcurl4:amd64 (7.88.1-10+deb12u14) ... +Setting up curl (7.88.1-10+deb12u14) ... +Setting up lsb-release (12.0-1) ... +Setting up gpg (2.2.40-1.1+deb12u2) ... +Setting up gnupg-utils (2.2.40-1.1+deb12u2) ... +Setting up pinentry-curses (1.2.1-1) ... +Setting up gpg-agent (2.2.40-1.1+deb12u2) ... +Created symlink /etc/systemd/user/sockets.target.wants/gpg-agent-browser.socket → /usr/lib/systemd/user/gpg-agent-browser.socket. +Created symlink /etc/systemd/user/sockets.target.wants/gpg-agent-extra.socket → /usr/lib/systemd/user/gpg-agent-extra.socket. +Created symlink /etc/systemd/user/sockets.target.wants/gpg-agent-ssh.socket → /usr/lib/systemd/user/gpg-agent-ssh.socket. +Created symlink /etc/systemd/user/sockets.target.wants/gpg-agent.socket → /usr/lib/systemd/user/gpg-agent.socket. +Setting up gpgsm (2.2.40-1.1+deb12u2) ... +Setting up dirmngr (2.2.40-1.1+deb12u2) ... +Created symlink /etc/systemd/user/sockets.target.wants/dirmngr.socket → /usr/lib/systemd/user/dirmngr.socket. +Setting up gpg-wks-server (2.2.40-1.1+deb12u2) ... +Setting up gpg-wks-client (2.2.40-1.1+deb12u2) ... +Setting up gnupg (2.2.40-1.1+deb12u2) ... +Processing triggers for man-db (2.11.2-2) ... +Processing triggers for libc-bin (2.36-9+deb12u13) ... +Hit:1 http://deb.debian.org/debian bookworm InRelease +Hit:2 http://security.debian.org bookworm-security InRelease +Hit:3 http://deb.debian.org/debian bookworm-updates InRelease +Reading package lists... +Reading package lists... +Building dependency tree... +Reading state information... +locales is already the newest version (2.36-9+deb12u13). +ca-certificates is already the newest version (20230311+deb12u1). +curl is already the newest version (7.88.1-10+deb12u14). +gnupg is already the newest version (2.2.40-1.1+deb12u2). +lsb-release is already the newest version (12.0-1). +0 upgraded, 0 newly installed, 0 to remove and 17 not upgraded. +Hit:1 http://deb.debian.org/debian bookworm InRelease +Hit:2 http://security.debian.org bookworm-security InRelease +Hit:3 http://deb.debian.org/debian bookworm-updates InRelease +Get:4 https://download.docker.com/linux/debian bookworm InRelease [46.6 kB] +Get:5 https://download.docker.com/linux/debian bookworm/stable amd64 Packages [59.1 kB] +Fetched 106 kB in 0s (277 kB/s) +Reading package lists... +Reading package lists... +Building dependency tree... +Reading state information... +The following additional packages will be installed: + apparmor dbus-user-session docker-ce-rootless-extras git git-man iptables + liberror-perl libglib2.0-0 libglib2.0-data libip6tc2 libnetfilter-conntrack3 + libnfnetlink0 libslirp0 patch pigz shared-mime-info slirp4netns + xdg-user-dirs +Suggested packages: + apparmor-profiles-extra apparmor-utils cgroupfs-mount | cgroup-lite + docker-model-plugin git-daemon-run | git-daemon-sysvinit git-doc git-email + git-gui gitk gitweb git-cvs git-mediawiki git-svn firewalld + low-memory-monitor ed diffutils-doc +The following NEW packages will be installed: + apparmor containerd.io dbus-user-session docker-buildx-plugin docker-ce + docker-ce-cli docker-ce-rootless-extras docker-compose-plugin git git-man + iptables liberror-perl libglib2.0-0 libglib2.0-data libip6tc2 + libnetfilter-conntrack3 libnfnetlink0 libslirp0 patch pigz shared-mime-info + slirp4netns xdg-user-dirs +0 upgraded, 23 newly installed, 0 to remove and 17 not upgraded. +Need to get 105 MB of archives. +After this operation, 437 MB of additional disk space will be used. +Get:1 http://deb.debian.org/debian bookworm/main amd64 libip6tc2 amd64 1.8.9-2 [19.4 kB] +Get:2 http://deb.debian.org/debian bookworm/main amd64 libnfnetlink0 amd64 1.0.2-2 [15.1 kB] +Get:3 http://deb.debian.org/debian bookworm/main amd64 libnetfilter-conntrack3 amd64 1.0.9-3 [40.7 kB] +Get:4 http://deb.debian.org/debian bookworm/main amd64 iptables amd64 1.8.9-2 [360 kB] +Get:5 http://deb.debian.org/debian bookworm/main amd64 pigz amd64 2.6-1 [64.0 kB] +Get:6 http://deb.debian.org/debian bookworm/main amd64 apparmor amd64 3.0.8-3 [616 kB] +Get:7 http://deb.debian.org/debian bookworm/main amd64 dbus-user-session amd64 1.14.10-1~deb12u1 [78.1 kB] +Get:8 http://deb.debian.org/debian bookworm/main amd64 liberror-perl all 0.17029-2 [29.0 kB] +Get:9 http://deb.debian.org/debian bookworm/main amd64 git-man all 1:2.39.5-0+deb12u3 [2,053 kB] +Get:10 http://deb.debian.org/debian bookworm/main amd64 git amd64 1:2.39.5-0+deb12u3 [7,264 kB] +Get:11 http://deb.debian.org/debian bookworm/main amd64 libglib2.0-0 amd64 2.74.6-2+deb12u8 [1,402 kB] +Get:12 http://deb.debian.org/debian bookworm/main amd64 libglib2.0-data all 2.74.6-2+deb12u8 [1,210 kB] +Get:13 http://deb.debian.org/debian bookworm/main amd64 libslirp0 amd64 4.7.0-1 [63.0 kB] +Get:14 http://deb.debian.org/debian bookworm/main amd64 patch amd64 2.7.6-7 [128 kB] +Get:15 http://deb.debian.org/debian bookworm/main amd64 shared-mime-info amd64 2.2-1 [729 kB] +Get:16 http://deb.debian.org/debian bookworm/main amd64 slirp4netns amd64 1.2.0-1 [37.5 kB] +Get:17 http://deb.debian.org/debian bookworm/main amd64 xdg-user-dirs amd64 0.18-1 [54.4 kB] +Get:18 https://download.docker.com/linux/debian bookworm/stable amd64 containerd.io amd64 2.2.1-1~debian.12~bookworm [23.4 MB] +Get:19 https://download.docker.com/linux/debian bookworm/stable amd64 docker-ce-cli amd64 5:29.1.4-1~debian.12~bookworm [16.3 MB] +Get:20 https://download.docker.com/linux/debian bookworm/stable amd64 docker-ce amd64 5:29.1.4-1~debian.12~bookworm [21.0 MB] +Get:21 https://download.docker.com/linux/debian bookworm/stable amd64 docker-buildx-plugin amd64 0.30.1-1~debian.12~bookworm [16.4 MB] +Get:22 https://download.docker.com/linux/debian bookworm/stable amd64 docker-ce-rootless-extras amd64 5:29.1.4-1~debian.12~bookworm [6,384 kB] +Get:23 https://download.docker.com/linux/debian bookworm/stable amd64 docker-compose-plugin amd64 5.0.1-1~debian.12~bookworm [7,713 kB] +Preconfiguring packages ... +Fetched 105 MB in 1s (84.4 MB/s) +Selecting previously unselected package containerd.io. +(Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 19417 files and directories currently installed.) +Preparing to unpack .../00-containerd.io_2.2.1-1~debian.12~bookworm_amd64.deb ... +Unpacking containerd.io (2.2.1-1~debian.12~bookworm) ... +Selecting previously unselected package docker-ce-cli. +Preparing to unpack .../01-docker-ce-cli_5%3a29.1.4-1~debian.12~bookworm_amd64.deb ... +Unpacking docker-ce-cli (5:29.1.4-1~debian.12~bookworm) ... +Selecting previously unselected package libip6tc2:amd64. +Preparing to unpack .../02-libip6tc2_1.8.9-2_amd64.deb ... +Unpacking libip6tc2:amd64 (1.8.9-2) ... +Selecting previously unselected package libnfnetlink0:amd64. +Preparing to unpack .../03-libnfnetlink0_1.0.2-2_amd64.deb ... +Unpacking libnfnetlink0:amd64 (1.0.2-2) ... +Selecting previously unselected package libnetfilter-conntrack3:amd64. +Preparing to unpack .../04-libnetfilter-conntrack3_1.0.9-3_amd64.deb ... +Unpacking libnetfilter-conntrack3:amd64 (1.0.9-3) ... +Selecting previously unselected package iptables. +Preparing to unpack .../05-iptables_1.8.9-2_amd64.deb ... +Unpacking iptables (1.8.9-2) ... +Selecting previously unselected package docker-ce. +Preparing to unpack .../06-docker-ce_5%3a29.1.4-1~debian.12~bookworm_amd64.deb ... +Unpacking docker-ce (5:29.1.4-1~debian.12~bookworm) ... +Selecting previously unselected package pigz. +Preparing to unpack .../07-pigz_2.6-1_amd64.deb ... +Unpacking pigz (2.6-1) ... +Selecting previously unselected package apparmor. +Preparing to unpack .../08-apparmor_3.0.8-3_amd64.deb ... +Unpacking apparmor (3.0.8-3) ... +Selecting previously unselected package dbus-user-session. +Preparing to unpack .../09-dbus-user-session_1.14.10-1~deb12u1_amd64.deb ... +Unpacking dbus-user-session (1.14.10-1~deb12u1) ... +Selecting previously unselected package docker-buildx-plugin. +Preparing to unpack .../10-docker-buildx-plugin_0.30.1-1~debian.12~bookworm_amd64.deb ... +Unpacking docker-buildx-plugin (0.30.1-1~debian.12~bookworm) ... +Selecting previously unselected package docker-ce-rootless-extras. +Preparing to unpack .../11-docker-ce-rootless-extras_5%3a29.1.4-1~debian.12~bookworm_amd64.deb ... +Unpacking docker-ce-rootless-extras (5:29.1.4-1~debian.12~bookworm) ... +Selecting previously unselected package docker-compose-plugin. +Preparing to unpack .../12-docker-compose-plugin_5.0.1-1~debian.12~bookworm_amd64.deb ... +Unpacking docker-compose-plugin (5.0.1-1~debian.12~bookworm) ... +Selecting previously unselected package liberror-perl. +Preparing to unpack .../13-liberror-perl_0.17029-2_all.deb ... +Unpacking liberror-perl (0.17029-2) ... +Selecting previously unselected package git-man. +Preparing to unpack .../14-git-man_1%3a2.39.5-0+deb12u3_all.deb ... +Unpacking git-man (1:2.39.5-0+deb12u3) ... +Selecting previously unselected package git. +Preparing to unpack .../15-git_1%3a2.39.5-0+deb12u3_amd64.deb ... +Unpacking git (1:2.39.5-0+deb12u3) ... +Selecting previously unselected package libglib2.0-0:amd64. +Preparing to unpack .../16-libglib2.0-0_2.74.6-2+deb12u8_amd64.deb ... +Unpacking libglib2.0-0:amd64 (2.74.6-2+deb12u8) ... +Selecting previously unselected package libglib2.0-data. +Preparing to unpack .../17-libglib2.0-data_2.74.6-2+deb12u8_all.deb ... +Unpacking libglib2.0-data (2.74.6-2+deb12u8) ... +Selecting previously unselected package libslirp0:amd64. +Preparing to unpack .../18-libslirp0_4.7.0-1_amd64.deb ... +Unpacking libslirp0:amd64 (4.7.0-1) ... +Selecting previously unselected package patch. +Preparing to unpack .../19-patch_2.7.6-7_amd64.deb ... +Unpacking patch (2.7.6-7) ... +Selecting previously unselected package shared-mime-info. +Preparing to unpack .../20-shared-mime-info_2.2-1_amd64.deb ... +Unpacking shared-mime-info (2.2-1) ... +Selecting previously unselected package slirp4netns. +Preparing to unpack .../21-slirp4netns_1.2.0-1_amd64.deb ... +Unpacking slirp4netns (1.2.0-1) ... +Selecting previously unselected package xdg-user-dirs. +Preparing to unpack .../22-xdg-user-dirs_0.18-1_amd64.deb ... +Unpacking xdg-user-dirs (0.18-1) ... +Setting up xdg-user-dirs (0.18-1) ... +Setting up libip6tc2:amd64 (1.8.9-2) ... +Setting up libglib2.0-0:amd64 (2.74.6-2+deb12u8) ... +No schema files found: doing nothing. +Setting up liberror-perl (0.17029-2) ... +Setting up apparmor (3.0.8-3) ... +Created symlink /etc/systemd/system/sysinit.target.wants/apparmor.service → /lib/systemd/system/apparmor.service. +Setting up dbus-user-session (1.14.10-1~deb12u1) ... +Setting up docker-buildx-plugin (0.30.1-1~debian.12~bookworm) ... +Setting up libglib2.0-data (2.74.6-2+deb12u8) ... +Setting up shared-mime-info (2.2-1) ... +Setting up containerd.io (2.2.1-1~debian.12~bookworm) ... +Created symlink /etc/systemd/system/multi-user.target.wants/containerd.service → /lib/systemd/system/containerd.service. +Setting up patch (2.7.6-7) ... +Setting up docker-compose-plugin (5.0.1-1~debian.12~bookworm) ... +Setting up docker-ce-cli (5:29.1.4-1~debian.12~bookworm) ... +Setting up libslirp0:amd64 (4.7.0-1) ... +Setting up pigz (2.6-1) ... +Setting up libnfnetlink0:amd64 (1.0.2-2) ... +Setting up git-man (1:2.39.5-0+deb12u3) ... +Setting up docker-ce-rootless-extras (5:29.1.4-1~debian.12~bookworm) ... +Setting up slirp4netns (1.2.0-1) ... +Setting up git (1:2.39.5-0+deb12u3) ... +Setting up libnetfilter-conntrack3:amd64 (1.0.9-3) ... +Setting up iptables (1.8.9-2) ... +update-alternatives: using /usr/sbin/iptables-legacy to provide /usr/sbin/iptables (iptables) in auto mode +update-alternatives: using /usr/sbin/ip6tables-legacy to provide /usr/sbin/ip6tables (ip6tables) in auto mode +update-alternatives: using /usr/sbin/iptables-nft to provide /usr/sbin/iptables (iptables) in auto mode +update-alternatives: using /usr/sbin/ip6tables-nft to provide /usr/sbin/ip6tables (ip6tables) in auto mode +update-alternatives: using /usr/sbin/arptables-nft to provide /usr/sbin/arptables (arptables) in auto mode +update-alternatives: using /usr/sbin/ebtables-nft to provide /usr/sbin/ebtables (ebtables) in auto mode +Setting up docker-ce (5:29.1.4-1~debian.12~bookworm) ... +Created symlink /etc/systemd/system/multi-user.target.wants/docker.service → /lib/systemd/system/docker.service. +Created symlink /etc/systemd/system/sockets.target.wants/docker.socket → /lib/systemd/system/docker.socket. +Processing triggers for man-db (2.11.2-2) ... +Processing triggers for libc-bin (2.36-9+deb12u13) ... +W: Operation was interrupted before it could finish diff --git a/setup_nginx_proxy.sh b/setup_nginx_proxy.sh new file mode 100755 index 0000000..e7acda0 --- /dev/null +++ b/setup_nginx_proxy.sh @@ -0,0 +1,552 @@ +#!/usr/bin/env bash +set -Eeuo pipefail + +# ============================================================================= +# OPNsense NGINX Reverse Proxy Setup Script +# ============================================================================= +# Dieses Script konfiguriert einen NGINX Reverse Proxy auf OPNsense +# für eine neue n8n-Instanz über die OPNsense API. +# ============================================================================= + +# Debug mode: 0 = nur JSON, 1 = Logs auf stderr +DEBUG="${DEBUG:-0}" +export DEBUG + +# Logging functions +log_ts() { date "+[%F %T]"; } +info() { [[ "$DEBUG" == "1" ]] && echo "$(log_ts) INFO: $*" >&2; return 0; } +warn() { [[ "$DEBUG" == "1" ]] && echo "$(log_ts) WARN: $*" >&2; return 0; } +die() { + if [[ "$DEBUG" == "1" ]]; then + echo "$(log_ts) ERROR: $*" >&2 + else + echo "{\"error\": \"$*\"}" + fi + exit 1 +} + +# ============================================================================= +# Configuration +# ============================================================================= +OPNSENSE_HOST="${OPNSENSE_HOST:-mediametzkabel.metz.tech}" +OPNSENSE_API_KEY="${OPNSENSE_API_KEY:-cUUs80IDkQelMJVgAVK2oUoDHrQf+cQPwXoPKNd3KDIgiCiEyEfMq38UTXeY5/VO/yWtCC7k9Y9kJ0Pn}" +OPNSENSE_API_SECRET="${OPNSENSE_API_SECRET:-2egxxFYCAUjBDp0OrgbJO3NBZmR4jpDm028jeS8Nq8OtCGu/0lAxt4YXWXbdZjcFVMS0Nrhru1I2R1si}" + +# Wildcard-Zertifikat UUID (muss in OPNsense nachgeschlagen werden) +# Kann über --certificate-uuid oder Umgebungsvariable gesetzt werden +CERTIFICATE_UUID="${CERTIFICATE_UUID:-}" + +# API Base URL +API_BASE="https://${OPNSENSE_HOST}/api" + +# ============================================================================= +# Usage +# ============================================================================= +usage() { + cat >&2 <<'EOF' +Usage: + bash setup_nginx_proxy.sh [options] + +Required options: + --ctid Container ID (used as description) + --hostname Hostname (e.g., sb-1768736636) + --fqdn Full domain name (e.g., sb-1768736636.userman.de) + --backend-ip Backend IP address (e.g., 192.168.45.135) + --backend-port Backend port (default: 5678) + +Optional: + --opnsense-host OPNsense hostname (default: mediametzkabel.metz.tech) + --certificate-uuid UUID of the SSL certificate in OPNsense + --list-certificates List available certificates and exit + --debug Enable debug mode + --help Show this help + +Example: + bash setup_nginx_proxy.sh --ctid 768736636 --hostname sb-1768736636 \ + --fqdn sb-1768736636.userman.de --backend-ip 192.168.45.135 +EOF +} + +# ============================================================================= +# Default values +# ============================================================================= +CTID="" +HOSTNAME="" +FQDN="" +BACKEND_IP="" +BACKEND_PORT="5678" +LIST_CERTIFICATES="0" + +# ============================================================================= +# Argument parsing +# ============================================================================= +while [[ $# -gt 0 ]]; do + case "$1" in + --ctid) CTID="${2:-}"; shift 2 ;; + --hostname) HOSTNAME="${2:-}"; shift 2 ;; + --fqdn) FQDN="${2:-}"; shift 2 ;; + --backend-ip) BACKEND_IP="${2:-}"; shift 2 ;; + --backend-port) BACKEND_PORT="${2:-}"; shift 2 ;; + --opnsense-host) OPNSENSE_HOST="${2:-}"; shift 2 ;; + --certificate-uuid) CERTIFICATE_UUID="${2:-}"; shift 2 ;; + --list-certificates) LIST_CERTIFICATES="1"; shift 1 ;; + --debug) DEBUG="1"; export DEBUG; shift 1 ;; + --help|-h) usage; exit 0 ;; + *) die "Unknown option: $1 (use --help)" ;; + esac +done + +# ============================================================================= +# List Certificates Function +# ============================================================================= +list_certificates() { + info "Fetching available certificates from OPNsense..." + + local response + response=$(api_request "GET" "/trust/cert/search") + + echo "Available SSL Certificates in OPNsense:" + echo "========================================" + echo "$response" | python3 -c " +import json, sys +try: + data = json.load(sys.stdin) + rows = data.get('rows', []) + for row in rows: + uuid = row.get('uuid', 'N/A') + descr = row.get('descr', 'N/A') + cn = row.get('cn', 'N/A') + print(f'UUID: {uuid}') + print(f' Description: {descr}') + print(f' Common Name: {cn}') + print() +except Exception as e: + print(f'Error parsing response: {e}', file=sys.stderr) + print('Raw response:', file=sys.stderr) + sys.exit(1) +" 2>&1 +} + +# ============================================================================= +# Validation +# ============================================================================= + +# Handle --list-certificates first +if [[ "$LIST_CERTIFICATES" == "1" ]]; then + list_certificates + exit 0 +fi + +[[ -n "$CTID" ]] || die "--ctid is required" +[[ -n "$HOSTNAME" ]] || die "--hostname is required" +[[ -n "$FQDN" ]] || die "--fqdn is required" +[[ -n "$BACKEND_IP" ]] || die "--backend-ip is required" + +info "Configuration:" +info " CTID: ${CTID}" +info " Hostname: ${HOSTNAME}" +info " FQDN: ${FQDN}" +info " Backend: ${BACKEND_IP}:${BACKEND_PORT}" +info " OPNsense: ${OPNSENSE_HOST}" +info " Certificate UUID: ${CERTIFICATE_UUID:-auto-detect}" + +# ============================================================================= +# API Helper Functions +# ============================================================================= + +# Make API request to OPNsense +api_request() { + local method="$1" + local endpoint="$2" + local data="${3:-}" + + local url="${API_BASE}${endpoint}" + local auth="${OPNSENSE_API_KEY}:${OPNSENSE_API_SECRET}" + + info "API ${method} ${endpoint}" + + local response + if [[ -n "$data" ]]; then + response=$(curl -s -k -X "${method}" \ + -u "${auth}" \ + -H "Content-Type: application/json" \ + -d "${data}" \ + "${url}" 2>&1) + else + response=$(curl -s -k -X "${method}" \ + -u "${auth}" \ + "${url}" 2>&1) + fi + + echo "$response" +} + +# Search for existing item by description +search_by_description() { + local endpoint="$1" + local description="$2" + + local response + response=$(api_request "GET" "${endpoint}/search") + + # Extract UUID where description matches + echo "$response" | python3 -c " +import json, sys +try: + data = json.load(sys.stdin) + rows = data.get('rows', []) + for row in rows: + if row.get('description', '') == '${description}': + print(row.get('uuid', '')) + sys.exit(0) +except: + pass +" 2>/dev/null || true +} + +# Find certificate by Common Name (CN) +find_certificate_by_cn() { + local cn_pattern="$1" + + local response + response=$(api_request "GET" "/trust/cert/search") + + # Extract UUID where CN contains the pattern (for wildcard certs) + echo "$response" | python3 -c " +import json, sys +pattern = '${cn_pattern}' +try: + data = json.load(sys.stdin) + rows = data.get('rows', []) + for row in rows: + cn = row.get('cn', '') + descr = row.get('descr', '') + # Match wildcard or exact domain + if pattern in cn or pattern in descr or '*.' + pattern.split('.')[-2] + '.' + pattern.split('.')[-1] in cn: + print(row.get('uuid', '')) + sys.exit(0) + # Also check for wildcard pattern + if cn.startswith('*.') and pattern.endswith(cn[1:]): + print(row.get('uuid', '')) + sys.exit(0) +except: + pass +" 2>/dev/null || true +} + +# ============================================================================= +# NGINX Configuration Steps +# ============================================================================= + +# Step 1: Create or update Upstream Server +create_upstream_server() { + local description="$1" + local server_ip="$2" + local server_port="$3" + + info "Step 1: Creating Upstream Server..." + + # Check if upstream server already exists + local existing_uuid + existing_uuid=$(search_by_description "/nginx/settings/upstream_server" "${description}") + + local data + data=$(cat </dev/null || true) + fi + + info "Upstream Server UUID: ${existing_uuid}" + echo "$existing_uuid" +} + +# Step 2: Create or update Upstream +create_upstream() { + local description="$1" + local server_uuid="$2" + + info "Step 2: Creating Upstream..." + + # Check if upstream already exists + local existing_uuid + existing_uuid=$(search_by_description "/nginx/settings/upstream" "${description}") + + local data + data=$(cat </dev/null || true) + fi + + info "Upstream UUID: ${existing_uuid}" + echo "$existing_uuid" +} + +# Step 3: Create or update Location +create_location() { + local description="$1" + local upstream_uuid="$2" + + info "Step 3: Creating Location..." + + # Check if location already exists + local existing_uuid + existing_uuid=$(search_by_description "/nginx/settings/location" "${description}") + + local data + data=$(cat </dev/null || true) + fi + + info "Location UUID: ${existing_uuid}" + echo "$existing_uuid" +} + +# Step 4: Create or update HTTP Server +create_http_server() { + local description="$1" + local server_name="$2" + local location_uuid="$3" + local cert_uuid="$4" + + info "Step 4: Creating HTTP Server..." + + # Check if HTTP server already exists + local existing_uuid + existing_uuid=$(search_by_description "/nginx/settings/http_server" "${description}") + + # Determine certificate configuration + local cert_config="" + local acme_config="0" + + if [[ -n "$cert_uuid" ]]; then + cert_config="\"certificate\": \"${cert_uuid}\"," + acme_config="0" + info "Using existing certificate: ${cert_uuid}" + else + cert_config="\"certificate\": \"\"," + acme_config="1" + info "Using ACME/Let's Encrypt for certificate" + fi + + local data + data=$(cat </dev/null || true) + fi + + info "HTTP Server UUID: ${existing_uuid}" + echo "$existing_uuid" +} + +# Step 5: Apply configuration +apply_config() { + info "Step 5: Applying NGINX configuration..." + + local response + response=$(api_request "POST" "/nginx/service/reconfigure" "{}") + + info "Reconfigure response: ${response}" + + # Check if successful + local status + status=$(echo "$response" | python3 -c "import json,sys; print(json.load(sys.stdin).get('status',''))" 2>/dev/null || echo "unknown") + + if [[ "$status" == "ok" ]]; then + info "NGINX configuration applied successfully" + return 0 + else + warn "NGINX reconfigure status: ${status}" + return 1 + fi +} + +# ============================================================================= +# Main +# ============================================================================= +main() { + info "Starting NGINX Reverse Proxy setup for CTID ${CTID}..." + + # Use CTID as description for all components + local description="${CTID}" + + # Step 1: Create Upstream Server + local upstream_server_uuid + upstream_server_uuid=$(create_upstream_server "${description}" "${BACKEND_IP}" "${BACKEND_PORT}") + [[ -n "$upstream_server_uuid" ]] || die "Failed to create Upstream Server" + + # Step 2: Create Upstream + local upstream_uuid + upstream_uuid=$(create_upstream "${description}" "${upstream_server_uuid}") + [[ -n "$upstream_uuid" ]] || die "Failed to create Upstream" + + # Step 3: Create Location + local location_uuid + location_uuid=$(create_location "${description}" "${upstream_uuid}") + [[ -n "$location_uuid" ]] || die "Failed to create Location" + + # Auto-detect certificate if not provided + local cert_uuid="${CERTIFICATE_UUID}" + if [[ -z "$cert_uuid" ]]; then + info "Auto-detecting wildcard certificate for userman.de..." + cert_uuid=$(find_certificate_by_cn "userman.de") + if [[ -n "$cert_uuid" ]]; then + info "Found certificate: ${cert_uuid}" + else + warn "No wildcard certificate found, will use ACME/Let's Encrypt" + fi + fi + + # Step 4: Create HTTP Server + local http_server_uuid + http_server_uuid=$(create_http_server "${description}" "${FQDN}" "${location_uuid}" "${cert_uuid}") + [[ -n "$http_server_uuid" ]] || die "Failed to create HTTP Server" + + # Step 5: Apply configuration + apply_config || warn "Configuration may need manual verification" + + # Output result as JSON + local result + result=$(cat </dev/null || echo "$result" + fi +} + +main diff --git a/setupowner.sh b/setupowner.sh new file mode 100755 index 0000000..cc039ef --- /dev/null +++ b/setupowner.sh @@ -0,0 +1,14 @@ +CTID=768165834 + +ADMIN_EMAIL="metzw@metz.tech" +ADMIN_PASS="#Start!123" + +pct exec "$CTID" -- bash -lc ' +apt-get update -y >/dev/null +apt-get install -y curl >/dev/null +curl -sS -X POST "http://127.0.0.1:5678/rest/owner/setup" \ + -H "Content-Type: application/json" \ + -d "{\"email\":\"'"$ADMIN_EMAIL"'\",\"firstName\":\"Owner\",\"lastName\":\"Admin\",\"password\":\"'"$ADMIN_PASS"'\"}" +echo +' +