MediaMetz/customer-installer
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Proxy Setup Init

Browse Source
This commit is contained in:
Wolfgang
2026-01-18 17:05:15 +01:00
parent 0618e21cb0
commit 58bf27384f
4 changed files with 1269 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

357
n8n_setup.sh Executable file
View File

@@ -0,0 +1,357 @@
#!/bin/bash
#
# n8n Owner Account Setup Script
# Erstellt den Owner-Account bei einer neuen n8n-Instanz
# Oder prüft den Status einer bereits eingerichteten Instanz
# Ausgabe im JSON-Format
#
# NICHT set -e verwenden, da wir Fehler selbst behandeln
# Standardwerte
owner_first_name="Admin"
owner_last_name="User"
timeout=10
# JSON Steps Array
json_steps=()
# Funktion: Step zum JSON hinzufügen
add_step() {
local step_name="$1"
local step_status="$2"
local step_message="$3"
# Escape quotes in message
step_message=$(echo "$step_message" | sed 's/"/\\"/g')
json_steps+=("{\"step\":\"$step_name\",\"status\":\"$step_status\",\"message\":\"$step_message\"}")
}
# Funktion: JSON-Ausgabe generieren
output_json() {
local success="$1"
local message="$2"
local action="$3"
local login_status="$4"
local login_message="$5"
# Escape quotes
message=$(echo "$message" | sed 's/"/\\"/g')
login_message=$(echo "$login_message" | sed 's/"/\\"/g')
# Steps Array zusammenbauen
local steps_json=""
for i in "${!json_steps[@]}"; do
if [[ $i -gt 0 ]]; then
steps_json+=","
fi
steps_json+="${json_steps[$i]}"
done
# Zeitstempel
local timestamp=$(date -u +"%Y-%m-%dT%H:%M:%SZ")
# JSON ausgeben
cat << JSONEOF
{
"success": $success,
"timestamp": "$timestamp",
"message": "$message",
"action": "$action",
"config": {
"n8n_url": "$n8n_internal",
"owner_email": "$owner_email",
"owner_first_name": "$owner_first_name",
"owner_last_name": "$owner_last_name"
},
"login_test": {
"status": "$login_status",
"message": "$login_message"
},
"steps": [$steps_json]
}
JSONEOF
}
# Funktion: Fehler-Exit mit JSON
exit_error() {
local message="$1"
local error="$2"
output_json "false" "$message" "error" "not_tested" "$error"
exit 1
}
# Funktion: Login testen
test_login() {
local url="$1"
local email="$2"
local password="$3"
# Login-Request durchführen
local login_response
login_response=$(curl -s -w "\n%{http_code}" --connect-timeout "$timeout" \
-X POST "${url}/rest/login" \
-H "Content-Type: application/json" \
-H "Accept: application/json" \
-d "{\"email\":\"${email}\",\"password\":\"${password}\"}" 2>/dev/null)
local curl_exit=$?
if [[ $curl_exit -ne 0 ]]; then
echo "error|Verbindungsfehler beim Login-Test"
return 1
fi
local http_code=$(echo "$login_response" | tail -n1)
local body=$(echo "$login_response" | sed '$d')
if [[ "$http_code" == "200" ]]; then
if echo "$body" | grep -q '"id"'; then
echo "success|Login erfolgreich - Authentifizierung bestätigt"
return 0
else
echo "success|Login-Endpoint erreichbar (HTTP 200)"
return 0
fi
elif [[ "$http_code" == "401" ]]; then
echo "failed|Authentifizierung fehlgeschlagen - Falsche Zugangsdaten"
return 1
elif [[ "$http_code" == "400" ]]; then
echo "failed|Ungueltige Anfrage"
return 1
else
echo "error|Unerwarteter Status: HTTP $http_code"
return 1
fi
}
# Funktion: Port-Test
test_port() {
local host="$1"
local port="$2"
local timeout_sec="$3"
# Versuche verschiedene Methoden
if command -v nc &> /dev/null; then
nc -z -w "$timeout_sec" "$host" "$port" 2>/dev/null
return $?
elif command -v timeout &> /dev/null; then
timeout "$timeout_sec" bash -c "echo >/dev/tcp/$host/$port" 2>/dev/null
return $?
else
# Fallback: curl
curl -s --connect-timeout "$timeout_sec" "http://$host:$port" &>/dev/null
# Auch wenn curl fehlschlägt, war der Port erreichbar wenn kein Connection refused
return 0
fi
}
# Hilfe anzeigen
show_help() {
cat << EOF
Verwendung: $0 [OPTIONEN]
n8n Owner Account Setup Script (JSON-Ausgabe)
Optionen:
--n8n_internal <url> n8n URL (z.B. http://192.168.1.100:5678)
--owner_email <email> E-Mail-Adresse für den Owner-Account
--owner_password <pass> Passwort für den Owner-Account (min. 8 Zeichen)
--owner_first_name <name> Vorname des Owners (Standard: Admin)
--owner_last_name <name> Nachname des Owners (Standard: User)
--timeout <sekunden> Timeout für Requests (Standard: 10)
-h, --help Diese Hilfe anzeigen
EOF
exit 0
}
# ============================================
# Parameter parsen
# ============================================
while [[ $# -gt 0 ]]; do
case $1 in
--n8n_internal)
n8n_internal="$2"
shift 2
;;
--owner_email)
owner_email="$2"
shift 2
;;
--owner_password)
owner_password="$2"
shift 2
;;
--owner_first_name)
owner_first_name="$2"
shift 2
;;
--owner_last_name)
owner_last_name="$2"
shift 2
;;
--timeout)
timeout="$2"
shift 2
;;
-h|--help)
show_help
;;
*)
exit_error "Unbekannter Parameter" "$1"
;;
esac
done
# ============================================
# Pflichtparameter prüfen
# ============================================
if [[ -z "$n8n_internal" ]]; then
exit_error "Parameter fehlt" "--n8n_internal ist erforderlich"
fi
if [[ -z "$owner_email" ]]; then
exit_error "Parameter fehlt" "--owner_email ist erforderlich"
fi
if [[ -z "$owner_password" ]]; then
exit_error "Parameter fehlt" "--owner_password ist erforderlich"
fi
if [[ ${#owner_password} -lt 8 ]]; then
exit_error "Validierungsfehler" "Passwort muss mindestens 8 Zeichen lang sein"
fi
# URL normalisieren
n8n_internal="${n8n_internal%/}"
# ============================================
# Schritt 1: Server-Erreichbarkeit prüfen
# ============================================
# Host und Port extrahieren
host_port=$(echo "$n8n_internal" | sed -E 's|https?://||' | cut -d'/' -f1)
host=$(echo "$host_port" | cut -d':' -f1)
port=$(echo "$host_port" | grep -oE ':[0-9]+' | tr -d ':')
if [[ -z "$port" ]]; then
if [[ "$n8n_internal" == https://* ]]; then
port=443
else
port=80
fi
fi
# Ping-Test (optional, nicht kritisch)
if ping -c 1 -W 2 "$host" &> /dev/null; then
add_step "ping_test" "success" "Host $host antwortet auf Ping"
else
add_step "ping_test" "warning" "Host antwortet nicht auf Ping (ICMP blockiert)"
fi
# Port-Test
if test_port "$host" "$port" "$timeout"; then
add_step "port_test" "success" "Port $port ist offen"
else
add_step "port_test" "error" "Port $port ist nicht erreichbar"
exit_error "Server nicht erreichbar" "Port $port ist nicht erreichbar auf $host"
fi
# HTTP-Health-Check
http_status=$(curl -s -o /dev/null -w "%{http_code}" --connect-timeout "$timeout" "$n8n_internal/healthz" 2>/dev/null || echo "000")
if [[ "$http_status" == "200" ]]; then
add_step "health_check" "success" "n8n Health-Check erfolgreich (HTTP $http_status)"
elif [[ "$http_status" == "000" ]]; then
add_step "health_check" "error" "Keine HTTP-Verbindung moeglich"
exit_error "Health-Check fehlgeschlagen" "Keine HTTP-Verbindung moeglich"
else
add_step "health_check" "warning" "Health-Endpoint antwortet mit HTTP $http_status"
fi
# ============================================
# Schritt 2: Setup-Status prüfen
# ============================================
setup_check=$(curl -s --connect-timeout "$timeout" "$n8n_internal/rest/settings" 2>/dev/null || echo "")
setup_already_done=false
if echo "$setup_check" | grep -q '"showSetupOnFirstLoad":false'; then
setup_already_done=true
add_step "setup_check" "info" "Setup bereits abgeschlossen - Owner existiert"
else
add_step "setup_check" "success" "Setup ist verfuegbar"
fi
# ============================================
# Schritt 3: Owner erstellen ODER Login testen
# ============================================
if [[ "$setup_already_done" == "false" ]]; then
# Setup noch nicht durchgeführt -> Owner erstellen
response=$(curl -s -w "\n%{http_code}" --connect-timeout "$timeout" \
-X POST "${n8n_internal}/rest/owner/setup" \
-H "Content-Type: application/json" \
-H "Accept: application/json" \
-d "{\"email\":\"${owner_email}\",\"password\":\"${owner_password}\",\"firstName\":\"${owner_first_name}\",\"lastName\":\"${owner_last_name}\"}" 2>/dev/null || echo -e "\n000")
http_code=$(echo "$response" | tail -n1)
body=$(echo "$response" | sed '$d')
if [[ "$http_code" == "200" ]] || [[ "$http_code" == "201" ]]; then
add_step "create_owner" "success" "Owner-Account erfolgreich erstellt"
# Kurz warten
sleep 2
# Login testen nach Erstellung
login_result=$(test_login "$n8n_internal" "$owner_email" "$owner_password")
login_status=$(echo "$login_result" | cut -d'|' -f1)
login_message=$(echo "$login_result" | cut -d'|' -f2)
if [[ "$login_status" == "success" ]]; then
add_step "login_test" "success" "$login_message"
output_json "true" "Owner-Account erfolgreich erstellt und Login verifiziert" "created" "$login_status" "$login_message"
exit 0
else
add_step "login_test" "warning" "$login_message"
output_json "true" "Owner-Account erstellt, Login-Test fehlgeschlagen" "created" "$login_status" "$login_message"
exit 0
fi
else
add_step "create_owner" "error" "Fehler beim Erstellen (HTTP $http_code)"
exit_error "Account-Erstellung fehlgeschlagen" "HTTP Status: $http_code"
fi
else
# Setup bereits abgeschlossen -> Login testen
add_step "action" "info" "Teste Login mit vorhandenen Zugangsdaten"
# Login-Seite prüfen
main_page=$(curl -s -L --connect-timeout "$timeout" "$n8n_internal/" 2>/dev/null || echo "")
if echo "$main_page" | grep -qi "sign.in\|login\|anmelden\|n8n"; then
add_step "login_page" "success" "Login-Seite ist erreichbar"
else
add_step "login_page" "warning" "Login-Seite nicht eindeutig erkannt"
fi
# Login durchführen
login_result=$(test_login "$n8n_internal" "$owner_email" "$owner_password")
login_status=$(echo "$login_result" | cut -d'|' -f1)
login_message=$(echo "$login_result" | cut -d'|' -f2)
if [[ "$login_status" == "success" ]]; then
add_step "login_test" "success" "$login_message"
output_json "true" "n8n-Instanz ist eingerichtet und Login erfolgreich" "existing" "$login_status" "$login_message"
exit 0
else
add_step "login_test" "failed" "$login_message"
output_json "true" "n8n-Instanz ist eingerichtet, Login fehlgeschlagen" "existing" "$login_status" "$login_message"
exit 0
fi
fi

346
nohup.out Normal file
View File

@@ -0,0 +1,346 @@
[2026-01-14 21:36:08] INFO: Argument-Parsing OK
[2026-01-14 21:36:08] INFO: APT proxy enabled: http://192.168.45.2:3142
[2026-01-14 21:36:10] WARN: pveam storage 'local-zfs' not available for templates; falling back to 'local'
[2026-01-14 21:36:10] INFO: Template OK: local:vztmpl/debian-12-standard_12.12-1_amd64.tar.zst
[2026-01-14 21:36:11] INFO: CTID selected: 768422970
[2026-01-14 21:36:11] INFO: SCRIPT_DIR=/root/customer-installer
[2026-01-14 21:36:11] INFO: CT_HOSTNAME=sb-1768422970
[2026-01-14 21:36:11] INFO: FQDN=sb-1768422970.userman.de
[2026-01-14 21:36:11] INFO: cores=4 memory=4096MB swap=512MB disk=50GB
[2026-01-14 21:36:11] INFO: bridge=vmbr0 storage=local-zfs ip=dhcp vlan=90 unprivileged=1
[2026-01-14 21:36:11] INFO: Step 5: Create CT
[2026-01-14 21:36:11] INFO: Creating CT 768422970 (sb-1768422970) from local:vztmpl/debian-12-standard_12.12-1_amd64.tar.zst
extracting archive '/var/lib/vz/template/cache/debian-12-standard_12.12-1_amd64.tar.zst'
Total bytes read: 522782720 (499MiB, 228MiB/s)
Detected container architecture: amd64
Setting up 'proxmox-regenerate-snakeoil.service' to regenerate snakeoil certificate..
Creating SSH host key 'ssh_host_ecdsa_key' - this may take some time ...
done: SHA256:AYBSIYhUI08n1+A4rhSRDWvIy0yXsxEbO1GmnwfcVZo root@sb-1768422970
Creating SSH host key 'ssh_host_rsa_key' - this may take some time ...
done: SHA256:20qUj1Khne5X5sxk4SFq3y89UeZ3xLZZZMkPj0/LOs4 root@sb-1768422970
Creating SSH host key 'ssh_host_ed25519_key' - this may take some time ...
done: SHA256:kDSDpY7a/h0KF4bpuLIkl9yQDp83rMare6HVzsVJLsA root@sb-1768422970
[2026-01-14 21:36:14] INFO: CT created (not started). Next step: start CT + wait for IP
[2026-01-14 21:36:14] INFO: Starting CT 768422970
[2026-01-14 21:36:20] INFO: Step 5 OK: LXC erstellt + IP ermittelt
[2026-01-14 21:36:20] INFO: CT_HOSTNAME=sb-1768422970
[2026-01-14 21:36:20] INFO: CT_IP=192.168.45.98
[2026-01-14 21:36:20] INFO: Step 6: Provisioning im CT (Docker + Locales + Base)
Acquire::http::Proxy "http://192.168.45.2:3142";
Acquire::https::Proxy "http://192.168.45.2:3142";
Get:1 http://security.debian.org bookworm-security InRelease [48.0 kB]
Get:2 http://deb.debian.org/debian bookworm InRelease [151 kB]
Get:3 http://deb.debian.org/debian bookworm-updates InRelease [55.4 kB]
Get:4 http://security.debian.org bookworm-security/main amd64 Packages [291 kB]
Get:5 http://security.debian.org bookworm-security/main Translation-en [176 kB]
Get:6 http://security.debian.org bookworm-security/contrib Translation-en [652 B]
Get:7 http://deb.debian.org/debian bookworm/main amd64 Packages [8792 kB]
Get:8 http://deb.debian.org/debian bookworm/main Translation-en [6108 kB]
Get:9 http://deb.debian.org/debian bookworm/contrib amd64 Packages [53.5 kB]
Get:10 http://deb.debian.org/debian bookworm/contrib Translation-en [48.4 kB]
Get:11 http://deb.debian.org/debian bookworm-updates/main Translation-en [5448 B]
Fetched 15.7 MB in 2s (8185 kB/s)
Reading package lists...
Reading package lists...
Building dependency tree...
ca-certificates is already the newest version (20230311+deb12u1).
The following additional packages will be installed:
dirmngr gnupg-l10n gnupg-utils gpg gpg-agent gpg-wks-client gpg-wks-server
gpgconf gpgsm gpgv libassuan0 libcurl4 libksba8 libnpth0 pinentry-curses
Suggested packages:
dbus-user-session pinentry-gnome3 tor parcimonie xloadimage scdaemon
pinentry-doc
The following NEW packages will be installed:
curl dirmngr gnupg gnupg-l10n gnupg-utils gpg gpg-agent gpg-wks-client
gpg-wks-server gpgconf gpgsm libassuan0 libcurl4 libksba8 libnpth0
lsb-release pinentry-curses
The following packages will be upgraded:
gpgv
1 upgraded, 17 newly installed, 0 to remove and 17 not upgraded.
Need to get 9247 kB of archives.
After this operation, 17.4 MB of additional disk space will be used.
Get:1 http://deb.debian.org/debian bookworm/main amd64 gpgv amd64 2.2.40-1.1+deb12u2 [649 kB]
Get:2 http://deb.debian.org/debian bookworm/main amd64 libcurl4 amd64 7.88.1-10+deb12u14 [392 kB]
Get:3 http://deb.debian.org/debian bookworm/main amd64 curl amd64 7.88.1-10+deb12u14 [316 kB]
Get:4 http://deb.debian.org/debian bookworm/main amd64 libassuan0 amd64 2.5.5-5 [48.5 kB]
Get:5 http://deb.debian.org/debian bookworm/main amd64 gpgconf amd64 2.2.40-1.1+deb12u2 [565 kB]
Get:6 http://deb.debian.org/debian bookworm/main amd64 libksba8 amd64 1.6.3-2 [128 kB]
Get:7 http://deb.debian.org/debian bookworm/main amd64 libnpth0 amd64 1.6-3 [19.0 kB]
Get:8 http://deb.debian.org/debian bookworm/main amd64 dirmngr amd64 2.2.40-1.1+deb12u2 [793 kB]
Get:9 http://deb.debian.org/debian bookworm/main amd64 gnupg-l10n all 2.2.40-1.1+deb12u2 [1093 kB]
Get:10 http://deb.debian.org/debian bookworm/main amd64 gnupg-utils amd64 2.2.40-1.1+deb12u2 [927 kB]
Get:11 http://deb.debian.org/debian bookworm/main amd64 gpg amd64 2.2.40-1.1+deb12u2 [950 kB]
Get:12 http://deb.debian.org/debian bookworm/main amd64 pinentry-curses amd64 1.2.1-1 [77.4 kB]
Get:13 http://deb.debian.org/debian bookworm/main amd64 gpg-agent amd64 2.2.40-1.1+deb12u2 [695 kB]
Get:14 http://deb.debian.org/debian bookworm/main amd64 gpg-wks-client amd64 2.2.40-1.1+deb12u2 [541 kB]
Get:15 http://deb.debian.org/debian bookworm/main amd64 gpg-wks-server amd64 2.2.40-1.1+deb12u2 [531 kB]
Get:16 http://deb.debian.org/debian bookworm/main amd64 gpgsm amd64 2.2.40-1.1+deb12u2 [671 kB]
Get:17 http://deb.debian.org/debian bookworm/main amd64 gnupg all 2.2.40-1.1+deb12u2 [846 kB]
Get:18 http://deb.debian.org/debian bookworm/main amd64 lsb-release all 12.0-1 [6416 B]
apt-listchanges: Can't set locale; make sure $LC_* and $LANG are correct!
apt-listchanges: Reading changelogs...
perl: warning: Setting locale failed.
perl: warning: Please check that your locale settings:
LANGUAGE = (unset),
LC_ALL = (unset),
LANG = "en_US.UTF-8"
are supported and installed on your system.
perl: warning: Falling back to the standard locale ("C").
locale: Cannot set LC_CTYPE to default locale: No such file or directory
locale: Cannot set LC_MESSAGES to default locale: No such file or directory
locale: Cannot set LC_ALL to default locale: No such file or directory
Fetched 9247 kB in 0s (162 MB/s)
(Reading database ...
(Reading database ... 5%
(Reading database ... 10%
(Reading database ... 15%
(Reading database ... 20%
(Reading database ... 25%
(Reading database ... 30%
(Reading database ... 35%
(Reading database ... 40%
(Reading database ... 45%
(Reading database ... 50%
(Reading database ... 55%
(Reading database ... 60%
(Reading database ... 65%
(Reading database ... 70%
(Reading database ... 75%
(Reading database ... 80%
(Reading database ... 85%
(Reading database ... 90%
(Reading database ... 95%
(Reading database ... 100%
(Reading database ... 19144 files and directories currently installed.)
Preparing to unpack .../gpgv_2.2.40-1.1+deb12u2_amd64.deb ...
Unpacking gpgv (2.2.40-1.1+deb12u2) over (2.2.40-1.1+deb12u1) ...
Setting up gpgv (2.2.40-1.1+deb12u2) ...
Selecting previously unselected package libcurl4:amd64.
(Reading database ...
(Reading database ... 5%
(Reading database ... 10%
(Reading database ... 15%
(Reading database ... 20%
(Reading database ... 25%
(Reading database ... 30%
(Reading database ... 35%
(Reading database ... 40%
(Reading database ... 45%
(Reading database ... 50%
(Reading database ... 55%
(Reading database ... 60%
(Reading database ... 65%
(Reading database ... 70%
(Reading database ... 75%
(Reading database ... 80%
(Reading database ... 85%
(Reading database ... 90%
(Reading database ... 95%
(Reading database ... 100%
(Reading database ... 19144 files and directories currently installed.)
Preparing to unpack .../00-libcurl4_7.88.1-10+deb12u14_amd64.deb ...
Unpacking libcurl4:amd64 (7.88.1-10+deb12u14) ...
Selecting previously unselected package curl.
Preparing to unpack .../01-curl_7.88.1-10+deb12u14_amd64.deb ...
Unpacking curl (7.88.1-10+deb12u14) ...
Selecting previously unselected package libassuan0:amd64.
Preparing to unpack .../02-libassuan0_2.5.5-5_amd64.deb ...
Unpacking libassuan0:amd64 (2.5.5-5) ...
Selecting previously unselected package gpgconf.
Preparing to unpack .../03-gpgconf_2.2.40-1.1+deb12u2_amd64.deb ...
Unpacking gpgconf (2.2.40-1.1+deb12u2) ...
Selecting previously unselected package libksba8:amd64.
Preparing to unpack .../04-libksba8_1.6.3-2_amd64.deb ...
Unpacking libksba8:amd64 (1.6.3-2) ...
Selecting previously unselected package libnpth0:amd64.
Preparing to unpack .../05-libnpth0_1.6-3_amd64.deb ...
Unpacking libnpth0:amd64 (1.6-3) ...
Selecting previously unselected package dirmngr.
Preparing to unpack .../06-dirmngr_2.2.40-1.1+deb12u2_amd64.deb ...
Unpacking dirmngr (2.2.40-1.1+deb12u2) ...
Selecting previously unselected package gnupg-l10n.
Preparing to unpack .../07-gnupg-l10n_2.2.40-1.1+deb12u2_all.deb ...
Unpacking gnupg-l10n (2.2.40-1.1+deb12u2) ...
Selecting previously unselected package gnupg-utils.
Preparing to unpack .../08-gnupg-utils_2.2.40-1.1+deb12u2_amd64.deb ...
Unpacking gnupg-utils (2.2.40-1.1+deb12u2) ...
Selecting previously unselected package gpg.
Preparing to unpack .../09-gpg_2.2.40-1.1+deb12u2_amd64.deb ...
Unpacking gpg (2.2.40-1.1+deb12u2) ...
Selecting previously unselected package pinentry-curses.
Preparing to unpack .../10-pinentry-curses_1.2.1-1_amd64.deb ...
Unpacking pinentry-curses (1.2.1-1) ...
Selecting previously unselected package gpg-agent.
Preparing to unpack .../11-gpg-agent_2.2.40-1.1+deb12u2_amd64.deb ...
Unpacking gpg-agent (2.2.40-1.1+deb12u2) ...
Selecting previously unselected package gpg-wks-client.
Preparing to unpack .../12-gpg-wks-client_2.2.40-1.1+deb12u2_amd64.deb ...
Unpacking gpg-wks-client (2.2.40-1.1+deb12u2) ...
Selecting previously unselected package gpg-wks-server.
Preparing to unpack .../13-gpg-wks-server_2.2.40-1.1+deb12u2_amd64.deb ...
Unpacking gpg-wks-server (2.2.40-1.1+deb12u2) ...
Selecting previously unselected package gpgsm.
Preparing to unpack .../14-gpgsm_2.2.40-1.1+deb12u2_amd64.deb ...
Unpacking gpgsm (2.2.40-1.1+deb12u2) ...
Selecting previously unselected package gnupg.
Preparing to unpack .../15-gnupg_2.2.40-1.1+deb12u2_all.deb ...
Unpacking gnupg (2.2.40-1.1+deb12u2) ...
Selecting previously unselected package lsb-release.
Preparing to unpack .../16-lsb-release_12.0-1_all.deb ...
Unpacking lsb-release (12.0-1) ...
Setting up libksba8:amd64 (1.6.3-2) ...
Setting up libnpth0:amd64 (1.6-3) ...
Setting up libassuan0:amd64 (2.5.5-5) ...
Setting up gnupg-l10n (2.2.40-1.1+deb12u2) ...
Setting up gpgconf (2.2.40-1.1+deb12u2) ...
Setting up libcurl4:amd64 (7.88.1-10+deb12u14) ...
Setting up curl (7.88.1-10+deb12u14) ...
Setting up lsb-release (12.0-1) ...
Setting up gpg (2.2.40-1.1+deb12u2) ...
Setting up gnupg-utils (2.2.40-1.1+deb12u2) ...
Setting up pinentry-curses (1.2.1-1) ...
Setting up gpg-agent (2.2.40-1.1+deb12u2) ...
Created symlink /etc/systemd/user/sockets.target.wants/gpg-agent-browser.socket → /usr/lib/systemd/user/gpg-agent-browser.socket.
Created symlink /etc/systemd/user/sockets.target.wants/gpg-agent-extra.socket → /usr/lib/systemd/user/gpg-agent-extra.socket.
Created symlink /etc/systemd/user/sockets.target.wants/gpg-agent-ssh.socket → /usr/lib/systemd/user/gpg-agent-ssh.socket.
Created symlink /etc/systemd/user/sockets.target.wants/gpg-agent.socket → /usr/lib/systemd/user/gpg-agent.socket.
Setting up gpgsm (2.2.40-1.1+deb12u2) ...
Setting up dirmngr (2.2.40-1.1+deb12u2) ...
Created symlink /etc/systemd/user/sockets.target.wants/dirmngr.socket → /usr/lib/systemd/user/dirmngr.socket.
Setting up gpg-wks-server (2.2.40-1.1+deb12u2) ...
Setting up gpg-wks-client (2.2.40-1.1+deb12u2) ...
Setting up gnupg (2.2.40-1.1+deb12u2) ...
Processing triggers for man-db (2.11.2-2) ...
Processing triggers for libc-bin (2.36-9+deb12u13) ...
Hit:1 http://deb.debian.org/debian bookworm InRelease
Hit:2 http://security.debian.org bookworm-security InRelease
Hit:3 http://deb.debian.org/debian bookworm-updates InRelease
Reading package lists...
Reading package lists...
Building dependency tree...
Reading state information...
locales is already the newest version (2.36-9+deb12u13).
ca-certificates is already the newest version (20230311+deb12u1).
curl is already the newest version (7.88.1-10+deb12u14).
gnupg is already the newest version (2.2.40-1.1+deb12u2).
lsb-release is already the newest version (12.0-1).
0 upgraded, 0 newly installed, 0 to remove and 17 not upgraded.
Hit:1 http://deb.debian.org/debian bookworm InRelease
Hit:2 http://security.debian.org bookworm-security InRelease
Hit:3 http://deb.debian.org/debian bookworm-updates InRelease
Get:4 https://download.docker.com/linux/debian bookworm InRelease [46.6 kB]
Get:5 https://download.docker.com/linux/debian bookworm/stable amd64 Packages [59.1 kB]
Fetched 106 kB in 0s (277 kB/s)
Reading package lists...
Reading package lists...
Building dependency tree...
Reading state information...
The following additional packages will be installed:
apparmor dbus-user-session docker-ce-rootless-extras git git-man iptables
liberror-perl libglib2.0-0 libglib2.0-data libip6tc2 libnetfilter-conntrack3
libnfnetlink0 libslirp0 patch pigz shared-mime-info slirp4netns
xdg-user-dirs
Suggested packages:
apparmor-profiles-extra apparmor-utils cgroupfs-mount | cgroup-lite
docker-model-plugin git-daemon-run | git-daemon-sysvinit git-doc git-email
git-gui gitk gitweb git-cvs git-mediawiki git-svn firewalld
low-memory-monitor ed diffutils-doc
The following NEW packages will be installed:
apparmor containerd.io dbus-user-session docker-buildx-plugin docker-ce
docker-ce-cli docker-ce-rootless-extras docker-compose-plugin git git-man
iptables liberror-perl libglib2.0-0 libglib2.0-data libip6tc2
libnetfilter-conntrack3 libnfnetlink0 libslirp0 patch pigz shared-mime-info
slirp4netns xdg-user-dirs
0 upgraded, 23 newly installed, 0 to remove and 17 not upgraded.
Need to get 105 MB of archives.
After this operation, 437 MB of additional disk space will be used.
Get:1 http://deb.debian.org/debian bookworm/main amd64 libip6tc2 amd64 1.8.9-2 [19.4 kB]
Get:2 http://deb.debian.org/debian bookworm/main amd64 libnfnetlink0 amd64 1.0.2-2 [15.1 kB]
Get:3 http://deb.debian.org/debian bookworm/main amd64 libnetfilter-conntrack3 amd64 1.0.9-3 [40.7 kB]
Get:4 http://deb.debian.org/debian bookworm/main amd64 iptables amd64 1.8.9-2 [360 kB]
Get:5 http://deb.debian.org/debian bookworm/main amd64 pigz amd64 2.6-1 [64.0 kB]
Get:6 http://deb.debian.org/debian bookworm/main amd64 apparmor amd64 3.0.8-3 [616 kB]
Get:7 http://deb.debian.org/debian bookworm/main amd64 dbus-user-session amd64 1.14.10-1~deb12u1 [78.1 kB]
Get:8 http://deb.debian.org/debian bookworm/main amd64 liberror-perl all 0.17029-2 [29.0 kB]
Get:9 http://deb.debian.org/debian bookworm/main amd64 git-man all 1:2.39.5-0+deb12u3 [2,053 kB]
Get:10 http://deb.debian.org/debian bookworm/main amd64 git amd64 1:2.39.5-0+deb12u3 [7,264 kB]
Get:11 http://deb.debian.org/debian bookworm/main amd64 libglib2.0-0 amd64 2.74.6-2+deb12u8 [1,402 kB]
Get:12 http://deb.debian.org/debian bookworm/main amd64 libglib2.0-data all 2.74.6-2+deb12u8 [1,210 kB]
Get:13 http://deb.debian.org/debian bookworm/main amd64 libslirp0 amd64 4.7.0-1 [63.0 kB]
Get:14 http://deb.debian.org/debian bookworm/main amd64 patch amd64 2.7.6-7 [128 kB]
Get:15 http://deb.debian.org/debian bookworm/main amd64 shared-mime-info amd64 2.2-1 [729 kB]
Get:16 http://deb.debian.org/debian bookworm/main amd64 slirp4netns amd64 1.2.0-1 [37.5 kB]
Get:17 http://deb.debian.org/debian bookworm/main amd64 xdg-user-dirs amd64 0.18-1 [54.4 kB]
Get:18 https://download.docker.com/linux/debian bookworm/stable amd64 containerd.io amd64 2.2.1-1~debian.12~bookworm [23.4 MB]
Get:19 https://download.docker.com/linux/debian bookworm/stable amd64 docker-ce-cli amd64 5:29.1.4-1~debian.12~bookworm [16.3 MB]
Get:20 https://download.docker.com/linux/debian bookworm/stable amd64 docker-ce amd64 5:29.1.4-1~debian.12~bookworm [21.0 MB]
Get:21 https://download.docker.com/linux/debian bookworm/stable amd64 docker-buildx-plugin amd64 0.30.1-1~debian.12~bookworm [16.4 MB]
Get:22 https://download.docker.com/linux/debian bookworm/stable amd64 docker-ce-rootless-extras amd64 5:29.1.4-1~debian.12~bookworm [6,384 kB]
Get:23 https://download.docker.com/linux/debian bookworm/stable amd64 docker-compose-plugin amd64 5.0.1-1~debian.12~bookworm [7,713 kB]
Preconfiguring packages ...
Fetched 105 MB in 1s (84.4 MB/s)
Selecting previously unselected package containerd.io.
(Reading database ...
(Reading database ... 5%
(Reading database ... 10%
(Reading database ... 15%
(Reading database ... 20%
(Reading database ... 25%
(Reading database ... 30%
(Reading database ... 35%
(Reading database ... 40%
(Reading database ... 45%
(Reading database ... 50%
(Reading database ... 55%
(Reading database ... 60%
(Reading database ... 65%
(Reading database ... 70%
(Reading database ... 75%
(Reading database ... 80%
(Reading database ... 85%
(Reading database ... 90%
(Reading database ... 95%
(Reading database ... 100%
(Reading database ... 19417 files and directories currently installed.)
Preparing to unpack .../00-containerd.io_2.2.1-1~debian.12~bookworm_amd64.deb ...
Unpacking containerd.io (2.2.1-1~debian.12~bookworm) ...
Selecting previously unselected package docker-ce-cli.
Preparing to unpack .../01-docker-ce-cli_5%3a29.1.4-1~debian.12~bookworm_amd64.deb ...
Unpacking docker-ce-cli (5:29.1.4-1~debian.12~bookworm) ...
Selecting previously unselected package libip6tc2:amd64.
Preparing to unpack .../02-libip6tc2_1.8.9-2_amd64.deb ...
Unpacking libip6tc2:amd64 (1.8.9-2) ...
Selecting previously unselected package libnfnetlink0:amd64.
Preparing to unpack .../03-libnfnetlink0_1.0.2-2_amd64.deb ...
Unpacking libnfnetlink0:amd64 (1.0.2-2) ...
Selecting previously unselected package libnetfilter-conntrack3:amd64.
Preparing to unpack .../04-libnetfilter-conntrack3_1.0.9-3_amd64.deb ...
Unpacking libnetfilter-conntrack3:amd64 (1.0.9-3) ...
Selecting previously unselected package iptables.
Preparing to unpack .../05-iptables_1.8.9-2_amd64.deb ...
Unpacking iptables (1.8.9-2) ...
Selecting previously unselected package docker-ce.
Preparing to unpack .../06-docker-ce_5%3a29.1.4-1~debian.12~bookworm_amd64.deb ...
Unpacking docker-ce (5:29.1.4-1~debian.12~bookworm) ...
Selecting previously unselected package pigz.
Preparing to unpack .../07-pigz_2.6-1_amd64.deb ...
Unpacking pigz (2.6-1) ...
Selecting previously unselected package apparmor.
Preparing to unpack .../08-apparmor_3.0.8-3_amd64.deb ...
Unpacking apparmor (3.0.8-3) ...
Selecting previously unselected package dbus-user-session.
Preparing to unpack .../09-dbus-user-session_1.14.10-1~deb12u1_amd64.deb ...
Unpacking dbus-user-session (1.14.10-1~deb12u1) ...
Selecting previously unselected package docker-buildx-plugin.
Preparing to unpack .../10-docker-buildx-plugin_0.30.1-1~debian.12~bookworm_amd64.deb ...
Unpacking docker-buildx-plugin (0.30.1-1~debian.12~bookworm) ...
Selecting previously unselected package docker-ce-rootless-extras.
Preparing to unpack .../11-docker-ce-rootless-extras_5%3a29.1.4-1~debian.12~bookworm_amd64.deb ...
Unpacking docker-ce-rootless-extras (5:29.1.4-1~debian.12~bookworm) ...
Selecting previously unselected package docker-compose-plugin.
Preparing to unpack .../12-docker-compose-plugin_5.0.1-1~debian.12~bookworm_amd64.deb ...

552
setup_nginx_proxy.sh Executable file
View File

@@ -0,0 +1,552 @@
#!/usr/bin/env bash
set -Eeuo pipefail
# =============================================================================
# OPNsense NGINX Reverse Proxy Setup Script
# =============================================================================
# Dieses Script konfiguriert einen NGINX Reverse Proxy auf OPNsense
# für eine neue n8n-Instanz über die OPNsense API.
# =============================================================================
# Debug mode: 0 = nur JSON, 1 = Logs auf stderr
DEBUG="${DEBUG:-0}"
export DEBUG
# Logging functions
log_ts() { date "+[%F %T]"; }
info() { [[ "$DEBUG" == "1" ]] && echo "$(log_ts) INFO: $*" >&2; return 0; }
warn() { [[ "$DEBUG" == "1" ]] && echo "$(log_ts) WARN: $*" >&2; return 0; }
die() {
if [[ "$DEBUG" == "1" ]]; then
echo "$(log_ts) ERROR: $*" >&2
else
echo "{\"error\": \"$*\"}"
fi
exit 1
}
# =============================================================================
# Configuration
# =============================================================================
OPNSENSE_HOST="${OPNSENSE_HOST:-mediametzkabel.metz.tech}"
OPNSENSE_API_KEY="${OPNSENSE_API_KEY:-cUUs80IDkQelMJVgAVK2oUoDHrQf+cQPwXoPKNd3KDIgiCiEyEfMq38UTXeY5/VO/yWtCC7k9Y9kJ0Pn}"
OPNSENSE_API_SECRET="${OPNSENSE_API_SECRET:-2egxxFYCAUjBDp0OrgbJO3NBZmR4jpDm028jeS8Nq8OtCGu/0lAxt4YXWXbdZjcFVMS0Nrhru1I2R1si}"
# Wildcard-Zertifikat UUID (muss in OPNsense nachgeschlagen werden)
# Kann über --certificate-uuid oder Umgebungsvariable gesetzt werden
CERTIFICATE_UUID="${CERTIFICATE_UUID:-}"
# API Base URL
API_BASE="https://${OPNSENSE_HOST}/api"
# =============================================================================
# Usage
# =============================================================================
usage() {
cat >&2 <<'EOF'
Usage:
bash setup_nginx_proxy.sh [options]
Required options:
--ctid <id> Container ID (used as description)
--hostname <name> Hostname (e.g., sb-1768736636)
--fqdn <domain> Full domain name (e.g., sb-1768736636.userman.de)
--backend-ip <ip> Backend IP address (e.g., 192.168.45.135)
--backend-port <port> Backend port (default: 5678)
Optional:
--opnsense-host <host> OPNsense hostname (default: mediametzkabel.metz.tech)
--certificate-uuid <uuid> UUID of the SSL certificate in OPNsense
--list-certificates List available certificates and exit
--debug Enable debug mode
--help Show this help
Example:
bash setup_nginx_proxy.sh --ctid 768736636 --hostname sb-1768736636 \
--fqdn sb-1768736636.userman.de --backend-ip 192.168.45.135
EOF
}
# =============================================================================
# Default values
# =============================================================================
CTID=""
HOSTNAME=""
FQDN=""
BACKEND_IP=""
BACKEND_PORT="5678"
LIST_CERTIFICATES="0"
# =============================================================================
# Argument parsing
# =============================================================================
while [[ $# -gt 0 ]]; do
case "$1" in
--ctid) CTID="${2:-}"; shift 2 ;;
--hostname) HOSTNAME="${2:-}"; shift 2 ;;
--fqdn) FQDN="${2:-}"; shift 2 ;;
--backend-ip) BACKEND_IP="${2:-}"; shift 2 ;;
--backend-port) BACKEND_PORT="${2:-}"; shift 2 ;;
--opnsense-host) OPNSENSE_HOST="${2:-}"; shift 2 ;;
--certificate-uuid) CERTIFICATE_UUID="${2:-}"; shift 2 ;;
--list-certificates) LIST_CERTIFICATES="1"; shift 1 ;;
--debug) DEBUG="1"; export DEBUG; shift 1 ;;
--help|-h) usage; exit 0 ;;
*) die "Unknown option: $1 (use --help)" ;;
esac
done
# =============================================================================
# List Certificates Function
# =============================================================================
list_certificates() {
info "Fetching available certificates from OPNsense..."
local response
response=$(api_request "GET" "/trust/cert/search")
echo "Available SSL Certificates in OPNsense:"
echo "========================================"
echo "$response" | python3 -c "
import json, sys
try:
data = json.load(sys.stdin)
rows = data.get('rows', [])
for row in rows:
uuid = row.get('uuid', 'N/A')
descr = row.get('descr', 'N/A')
cn = row.get('cn', 'N/A')
print(f'UUID: {uuid}')
print(f' Description: {descr}')
print(f' Common Name: {cn}')
print()
except Exception as e:
print(f'Error parsing response: {e}', file=sys.stderr)
print('Raw response:', file=sys.stderr)
sys.exit(1)
" 2>&1
}
# =============================================================================
# Validation
# =============================================================================
# Handle --list-certificates first
if [[ "$LIST_CERTIFICATES" == "1" ]]; then
list_certificates
exit 0
fi
[[ -n "$CTID" ]] || die "--ctid is required"
[[ -n "$HOSTNAME" ]] || die "--hostname is required"
[[ -n "$FQDN" ]] || die "--fqdn is required"
[[ -n "$BACKEND_IP" ]] || die "--backend-ip is required"
info "Configuration:"
info " CTID: ${CTID}"
info " Hostname: ${HOSTNAME}"
info " FQDN: ${FQDN}"
info " Backend: ${BACKEND_IP}:${BACKEND_PORT}"
info " OPNsense: ${OPNSENSE_HOST}"
info " Certificate UUID: ${CERTIFICATE_UUID:-auto-detect}"
# =============================================================================
# API Helper Functions
# =============================================================================
# Make API request to OPNsense
api_request() {
local method="$1"
local endpoint="$2"
local data="${3:-}"
local url="${API_BASE}${endpoint}"
local auth="${OPNSENSE_API_KEY}:${OPNSENSE_API_SECRET}"
info "API ${method} ${endpoint}"
local response
if [[ -n "$data" ]]; then
response=$(curl -s -k -X "${method}" \
-u "${auth}" \
-H "Content-Type: application/json" \
-d "${data}" \
"${url}" 2>&1)
else
response=$(curl -s -k -X "${method}" \
-u "${auth}" \
"${url}" 2>&1)
fi
echo "$response"
}
# Search for existing item by description
search_by_description() {
local endpoint="$1"
local description="$2"
local response
response=$(api_request "GET" "${endpoint}/search")
# Extract UUID where description matches
echo "$response" | python3 -c "
import json, sys
try:
data = json.load(sys.stdin)
rows = data.get('rows', [])
for row in rows:
if row.get('description', '') == '${description}':
print(row.get('uuid', ''))
sys.exit(0)
except:
pass
" 2>/dev/null || true
}
# Find certificate by Common Name (CN)
find_certificate_by_cn() {
local cn_pattern="$1"
local response
response=$(api_request "GET" "/trust/cert/search")
# Extract UUID where CN contains the pattern (for wildcard certs)
echo "$response" | python3 -c "
import json, sys
pattern = '${cn_pattern}'
try:
data = json.load(sys.stdin)
rows = data.get('rows', [])
for row in rows:
cn = row.get('cn', '')
descr = row.get('descr', '')
# Match wildcard or exact domain
if pattern in cn or pattern in descr or '*.' + pattern.split('.')[-2] + '.' + pattern.split('.')[-1] in cn:
print(row.get('uuid', ''))
sys.exit(0)
# Also check for wildcard pattern
if cn.startswith('*.') and pattern.endswith(cn[1:]):
print(row.get('uuid', ''))
sys.exit(0)
except:
pass
" 2>/dev/null || true
}
# =============================================================================
# NGINX Configuration Steps
# =============================================================================
# Step 1: Create or update Upstream Server
create_upstream_server() {
local description="$1"
local server_ip="$2"
local server_port="$3"
info "Step 1: Creating Upstream Server..."
# Check if upstream server already exists
local existing_uuid
existing_uuid=$(search_by_description "/nginx/settings/upstream_server" "${description}")
local data
data=$(cat <<EOF
{
"upstream_server": {
"description": "${description}",
"server": "${server_ip}",
"port": "${server_port}",
"priority": "1",
"max_conns": "",
"max_fails": "",
"fail_timeout": "",
"no_use": "0"
}
}
EOF
)
local response
if [[ -n "$existing_uuid" ]]; then
info "Upstream Server exists (UUID: ${existing_uuid}), updating..."
response=$(api_request "POST" "/nginx/settings/setUpstreamServer/${existing_uuid}" "$data")
else
info "Creating new Upstream Server..."
response=$(api_request "POST" "/nginx/settings/addUpstreamServer" "$data")
existing_uuid=$(echo "$response" | python3 -c "import json,sys; print(json.load(sys.stdin).get('uuid',''))" 2>/dev/null || true)
fi
info "Upstream Server UUID: ${existing_uuid}"
echo "$existing_uuid"
}
# Step 2: Create or update Upstream
create_upstream() {
local description="$1"
local server_uuid="$2"
info "Step 2: Creating Upstream..."
# Check if upstream already exists
local existing_uuid
existing_uuid=$(search_by_description "/nginx/settings/upstream" "${description}")
local data
data=$(cat <<EOF
{
"upstream": {
"description": "${description}",
"serverentries": "${server_uuid}",
"load_balancing_algorithm": "",
"tls_enable": "0",
"tls_client_certificate": "",
"tls_name_override": "",
"tls_protocol_versions": "",
"tls_session_reuse": "1",
"tls_trusted_certificate": ""
}
}
EOF
)
local response
if [[ -n "$existing_uuid" ]]; then
info "Upstream exists (UUID: ${existing_uuid}), updating..."
response=$(api_request "POST" "/nginx/settings/setUpstream/${existing_uuid}" "$data")
else
info "Creating new Upstream..."
response=$(api_request "POST" "/nginx/settings/addUpstream" "$data")
existing_uuid=$(echo "$response" | python3 -c "import json,sys; print(json.load(sys.stdin).get('uuid',''))" 2>/dev/null || true)
fi
info "Upstream UUID: ${existing_uuid}"
echo "$existing_uuid"
}
# Step 3: Create or update Location
create_location() {
local description="$1"
local upstream_uuid="$2"
info "Step 3: Creating Location..."
# Check if location already exists
local existing_uuid
existing_uuid=$(search_by_description "/nginx/settings/location" "${description}")
local data
data=$(cat <<EOF
{
"location": {
"description": "${description}",
"urlpattern": "/",
"matchtype": "",
"enable_secrules": "0",
"enable_learning_mode": "0",
"xss_block_score": "",
"sqli_block_score": "",
"custom_policy": "",
"rewrites": "",
"upstream": "${upstream_uuid}",
"path_prefix": "",
"websocket": "1",
"php_enable": "0",
"php_override": "",
"advanced_acl": "0",
"force_https": "1",
"honeypot": "0",
"http_cache": "0",
"http_cache_validity": "",
"authbasic": "0",
"authbasicuserfile": "",
"satisfy": "",
"naxsi_rules": "",
"limit_request_connections": "",
"limit_request_connections_burst": "",
"limit_request_connections_nodelay": "0"
}
}
EOF
)
local response
if [[ -n "$existing_uuid" ]]; then
info "Location exists (UUID: ${existing_uuid}), updating..."
response=$(api_request "POST" "/nginx/settings/setLocation/${existing_uuid}" "$data")
else
info "Creating new Location..."
response=$(api_request "POST" "/nginx/settings/addLocation" "$data")
existing_uuid=$(echo "$response" | python3 -c "import json,sys; print(json.load(sys.stdin).get('uuid',''))" 2>/dev/null || true)
fi
info "Location UUID: ${existing_uuid}"
echo "$existing_uuid"
}
# Step 4: Create or update HTTP Server
create_http_server() {
local description="$1"
local server_name="$2"
local location_uuid="$3"
local cert_uuid="$4"
info "Step 4: Creating HTTP Server..."
# Check if HTTP server already exists
local existing_uuid
existing_uuid=$(search_by_description "/nginx/settings/http_server" "${description}")
# Determine certificate configuration
local cert_config=""
local acme_config="0"
if [[ -n "$cert_uuid" ]]; then
cert_config="\"certificate\": \"${cert_uuid}\","
acme_config="0"
info "Using existing certificate: ${cert_uuid}"
else
cert_config="\"certificate\": \"\","
acme_config="1"
info "Using ACME/Let's Encrypt for certificate"
fi
local data
data=$(cat <<EOF
{
"http_server": {
"description": "${description}",
"servername": "${server_name}",
"listen_http_address": "",
"listen_http_port": "",
"listen_https_address": "",
"listen_https_port": "443",
"locations": "${location_uuid}",
"rewrites": "",
"root": "",
${cert_config}
"ca": "",
"verify_client": "",
"access_log_format": "",
"enable_acme_plugin": "${acme_config}",
"charset": "",
"https_only": "1",
"block_nonpublic_data": "0",
"naxsi_extensive_log": "0",
"sendfile": "1",
"security_header": "",
"limit_request_connections": "",
"limit_request_connections_burst": "",
"limit_request_connections_nodelay": "0"
}
}
EOF
)
local response
if [[ -n "$existing_uuid" ]]; then
info "HTTP Server exists (UUID: ${existing_uuid}), updating..."
response=$(api_request "POST" "/nginx/settings/setHttpServer/${existing_uuid}" "$data")
else
info "Creating new HTTP Server..."
response=$(api_request "POST" "/nginx/settings/addHttpServer" "$data")
existing_uuid=$(echo "$response" | python3 -c "import json,sys; print(json.load(sys.stdin).get('uuid',''))" 2>/dev/null || true)
fi
info "HTTP Server UUID: ${existing_uuid}"
echo "$existing_uuid"
}
# Step 5: Apply configuration
apply_config() {
info "Step 5: Applying NGINX configuration..."
local response
response=$(api_request "POST" "/nginx/service/reconfigure" "{}")
info "Reconfigure response: ${response}"
# Check if successful
local status
status=$(echo "$response" | python3 -c "import json,sys; print(json.load(sys.stdin).get('status',''))" 2>/dev/null || echo "unknown")
if [[ "$status" == "ok" ]]; then
info "NGINX configuration applied successfully"
return 0
else
warn "NGINX reconfigure status: ${status}"
return 1
fi
}
# =============================================================================
# Main
# =============================================================================
main() {
info "Starting NGINX Reverse Proxy setup for CTID ${CTID}..."
# Use CTID as description for all components
local description="${CTID}"
# Step 1: Create Upstream Server
local upstream_server_uuid
upstream_server_uuid=$(create_upstream_server "${description}" "${BACKEND_IP}" "${BACKEND_PORT}")
[[ -n "$upstream_server_uuid" ]] || die "Failed to create Upstream Server"
# Step 2: Create Upstream
local upstream_uuid
upstream_uuid=$(create_upstream "${description}" "${upstream_server_uuid}")
[[ -n "$upstream_uuid" ]] || die "Failed to create Upstream"
# Step 3: Create Location
local location_uuid
location_uuid=$(create_location "${description}" "${upstream_uuid}")
[[ -n "$location_uuid" ]] || die "Failed to create Location"
# Auto-detect certificate if not provided
local cert_uuid="${CERTIFICATE_UUID}"
if [[ -z "$cert_uuid" ]]; then
info "Auto-detecting wildcard certificate for userman.de..."
cert_uuid=$(find_certificate_by_cn "userman.de")
if [[ -n "$cert_uuid" ]]; then
info "Found certificate: ${cert_uuid}"
else
warn "No wildcard certificate found, will use ACME/Let's Encrypt"
fi
fi
# Step 4: Create HTTP Server
local http_server_uuid
http_server_uuid=$(create_http_server "${description}" "${FQDN}" "${location_uuid}" "${cert_uuid}")
[[ -n "$http_server_uuid" ]] || die "Failed to create HTTP Server"
# Step 5: Apply configuration
apply_config || warn "Configuration may need manual verification"
# Output result as JSON
local result
result=$(cat <<EOF
{
"success": true,
"ctid": "${CTID}",
"fqdn": "${FQDN}",
"backend": "${BACKEND_IP}:${BACKEND_PORT}",
"nginx": {
"upstream_server_uuid": "${upstream_server_uuid}",
"upstream_uuid": "${upstream_uuid}",
"location_uuid": "${location_uuid}",
"http_server_uuid": "${http_server_uuid}"
}
}
EOF
)
if [[ "$DEBUG" == "1" ]]; then
echo "$result"
else
# Compact JSON
echo "$result" | python3 -c "import json,sys; print(json.dumps(json.load(sys.stdin)))" 2>/dev/null || echo "$result"
fi
}
main

14
setupowner.sh Executable file
View File

@@ -0,0 +1,14 @@
CTID=768165834
ADMIN_EMAIL="metzw@metz.tech"
ADMIN_PASS="#Start!123"
pct exec "$CTID" -- bash -lc '
apt-get update -y >/dev/null
apt-get install -y curl >/dev/null
curl -sS -X POST "http://127.0.0.1:5678/rest/owner/setup" \
-H "Content-Type: application/json" \
-d "{\"email\":\"'"$ADMIN_EMAIL"'\",\"firstName\":\"Owner\",\"lastName\":\"Admin\",\"password\":\"'"$ADMIN_PASS"'\"}"
echo
'