From 8a94b6b18309fa864bc54f87421217ab2a5794c5 Mon Sep 17 00:00:00 2001 From: wm Date: Sun, 18 Jan 2026 17:23:40 +0100 Subject: [PATCH] Update with BLACKBOXAI --- nohup.out | 346 ------------------------------------------- setup_nginx_proxy.sh | 174 ++++++++++++++-------- 2 files changed, 110 insertions(+), 410 deletions(-) delete mode 100644 nohup.out diff --git a/nohup.out b/nohup.out deleted file mode 100644 index f935e3d..0000000 --- a/nohup.out +++ /dev/null @@ -1,346 +0,0 @@ -[2026-01-14 21:36:08] INFO: Argument-Parsing OK -[2026-01-14 21:36:08] INFO: APT proxy enabled: http://192.168.45.2:3142 -[2026-01-14 21:36:10] WARN: pveam storage 'local-zfs' not available for templates; falling back to 'local' -[2026-01-14 21:36:10] INFO: Template OK: local:vztmpl/debian-12-standard_12.12-1_amd64.tar.zst -[2026-01-14 21:36:11] INFO: CTID selected: 768422970 -[2026-01-14 21:36:11] INFO: SCRIPT_DIR=/root/customer-installer -[2026-01-14 21:36:11] INFO: CT_HOSTNAME=sb-1768422970 -[2026-01-14 21:36:11] INFO: FQDN=sb-1768422970.userman.de -[2026-01-14 21:36:11] INFO: cores=4 memory=4096MB swap=512MB disk=50GB -[2026-01-14 21:36:11] INFO: bridge=vmbr0 storage=local-zfs ip=dhcp vlan=90 unprivileged=1 -[2026-01-14 21:36:11] INFO: Step 5: Create CT -[2026-01-14 21:36:11] INFO: Creating CT 768422970 (sb-1768422970) from local:vztmpl/debian-12-standard_12.12-1_amd64.tar.zst -extracting archive '/var/lib/vz/template/cache/debian-12-standard_12.12-1_amd64.tar.zst' -Total bytes read: 522782720 (499MiB, 228MiB/s) -Detected container architecture: amd64 -Setting up 'proxmox-regenerate-snakeoil.service' to regenerate snakeoil certificate.. -Creating SSH host key 'ssh_host_ecdsa_key' - this may take some time ... -done: SHA256:AYBSIYhUI08n1+A4rhSRDWvIy0yXsxEbO1GmnwfcVZo root@sb-1768422970 -Creating SSH host key 'ssh_host_rsa_key' - this may take some time ... -done: SHA256:20qUj1Khne5X5sxk4SFq3y89UeZ3xLZZZMkPj0/LOs4 root@sb-1768422970 -Creating SSH host key 'ssh_host_ed25519_key' - this may take some time ... -done: SHA256:kDSDpY7a/h0KF4bpuLIkl9yQDp83rMare6HVzsVJLsA root@sb-1768422970 -[2026-01-14 21:36:14] INFO: CT created (not started). Next step: start CT + wait for IP -[2026-01-14 21:36:14] INFO: Starting CT 768422970 -[2026-01-14 21:36:20] INFO: Step 5 OK: LXC erstellt + IP ermittelt -[2026-01-14 21:36:20] INFO: CT_HOSTNAME=sb-1768422970 -[2026-01-14 21:36:20] INFO: CT_IP=192.168.45.98 -[2026-01-14 21:36:20] INFO: Step 6: Provisioning im CT (Docker + Locales + Base) -Acquire::http::Proxy "http://192.168.45.2:3142"; -Acquire::https::Proxy "http://192.168.45.2:3142"; -Get:1 http://security.debian.org bookworm-security InRelease [48.0 kB] -Get:2 http://deb.debian.org/debian bookworm InRelease [151 kB] -Get:3 http://deb.debian.org/debian bookworm-updates InRelease [55.4 kB] -Get:4 http://security.debian.org bookworm-security/main amd64 Packages [291 kB] -Get:5 http://security.debian.org bookworm-security/main Translation-en [176 kB] -Get:6 http://security.debian.org bookworm-security/contrib Translation-en [652 B] -Get:7 http://deb.debian.org/debian bookworm/main amd64 Packages [8792 kB] -Get:8 http://deb.debian.org/debian bookworm/main Translation-en [6108 kB] -Get:9 http://deb.debian.org/debian bookworm/contrib amd64 Packages [53.5 kB] -Get:10 http://deb.debian.org/debian bookworm/contrib Translation-en [48.4 kB] -Get:11 http://deb.debian.org/debian bookworm-updates/main Translation-en [5448 B] -Fetched 15.7 MB in 2s (8185 kB/s) -Reading package lists... -Reading package lists... -Building dependency tree... -ca-certificates is already the newest version (20230311+deb12u1). -The following additional packages will be installed: - dirmngr gnupg-l10n gnupg-utils gpg gpg-agent gpg-wks-client gpg-wks-server - gpgconf gpgsm gpgv libassuan0 libcurl4 libksba8 libnpth0 pinentry-curses -Suggested packages: - dbus-user-session pinentry-gnome3 tor parcimonie xloadimage scdaemon - pinentry-doc -The following NEW packages will be installed: - curl dirmngr gnupg gnupg-l10n gnupg-utils gpg gpg-agent gpg-wks-client - gpg-wks-server gpgconf gpgsm libassuan0 libcurl4 libksba8 libnpth0 - lsb-release pinentry-curses -The following packages will be upgraded: - gpgv -1 upgraded, 17 newly installed, 0 to remove and 17 not upgraded. -Need to get 9247 kB of archives. -After this operation, 17.4 MB of additional disk space will be used. -Get:1 http://deb.debian.org/debian bookworm/main amd64 gpgv amd64 2.2.40-1.1+deb12u2 [649 kB] -Get:2 http://deb.debian.org/debian bookworm/main amd64 libcurl4 amd64 7.88.1-10+deb12u14 [392 kB] -Get:3 http://deb.debian.org/debian bookworm/main amd64 curl amd64 7.88.1-10+deb12u14 [316 kB] -Get:4 http://deb.debian.org/debian bookworm/main amd64 libassuan0 amd64 2.5.5-5 [48.5 kB] -Get:5 http://deb.debian.org/debian bookworm/main amd64 gpgconf amd64 2.2.40-1.1+deb12u2 [565 kB] -Get:6 http://deb.debian.org/debian bookworm/main amd64 libksba8 amd64 1.6.3-2 [128 kB] -Get:7 http://deb.debian.org/debian bookworm/main amd64 libnpth0 amd64 1.6-3 [19.0 kB] -Get:8 http://deb.debian.org/debian bookworm/main amd64 dirmngr amd64 2.2.40-1.1+deb12u2 [793 kB] -Get:9 http://deb.debian.org/debian bookworm/main amd64 gnupg-l10n all 2.2.40-1.1+deb12u2 [1093 kB] -Get:10 http://deb.debian.org/debian bookworm/main amd64 gnupg-utils amd64 2.2.40-1.1+deb12u2 [927 kB] -Get:11 http://deb.debian.org/debian bookworm/main amd64 gpg amd64 2.2.40-1.1+deb12u2 [950 kB] -Get:12 http://deb.debian.org/debian bookworm/main amd64 pinentry-curses amd64 1.2.1-1 [77.4 kB] -Get:13 http://deb.debian.org/debian bookworm/main amd64 gpg-agent amd64 2.2.40-1.1+deb12u2 [695 kB] -Get:14 http://deb.debian.org/debian bookworm/main amd64 gpg-wks-client amd64 2.2.40-1.1+deb12u2 [541 kB] -Get:15 http://deb.debian.org/debian bookworm/main amd64 gpg-wks-server amd64 2.2.40-1.1+deb12u2 [531 kB] -Get:16 http://deb.debian.org/debian bookworm/main amd64 gpgsm amd64 2.2.40-1.1+deb12u2 [671 kB] -Get:17 http://deb.debian.org/debian bookworm/main amd64 gnupg all 2.2.40-1.1+deb12u2 [846 kB] -Get:18 http://deb.debian.org/debian bookworm/main amd64 lsb-release all 12.0-1 [6416 B] -apt-listchanges: Can't set locale; make sure $LC_* and $LANG are correct! -apt-listchanges: Reading changelogs... -perl: warning: Setting locale failed. -perl: warning: Please check that your locale settings: - LANGUAGE = (unset), - LC_ALL = (unset), - LANG = "en_US.UTF-8" - are supported and installed on your system. -perl: warning: Falling back to the standard locale ("C"). -locale: Cannot set LC_CTYPE to default locale: No such file or directory -locale: Cannot set LC_MESSAGES to default locale: No such file or directory -locale: Cannot set LC_ALL to default locale: No such file or directory -Fetched 9247 kB in 0s (162 MB/s) -(Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 19144 files and directories currently installed.) -Preparing to unpack .../gpgv_2.2.40-1.1+deb12u2_amd64.deb ... -Unpacking gpgv (2.2.40-1.1+deb12u2) over (2.2.40-1.1+deb12u1) ... -Setting up gpgv (2.2.40-1.1+deb12u2) ... -Selecting previously unselected package libcurl4:amd64. -(Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 19144 files and directories currently installed.) -Preparing to unpack .../00-libcurl4_7.88.1-10+deb12u14_amd64.deb ... -Unpacking libcurl4:amd64 (7.88.1-10+deb12u14) ... -Selecting previously unselected package curl. -Preparing to unpack .../01-curl_7.88.1-10+deb12u14_amd64.deb ... -Unpacking curl (7.88.1-10+deb12u14) ... -Selecting previously unselected package libassuan0:amd64. -Preparing to unpack .../02-libassuan0_2.5.5-5_amd64.deb ... -Unpacking libassuan0:amd64 (2.5.5-5) ... -Selecting previously unselected package gpgconf. -Preparing to unpack .../03-gpgconf_2.2.40-1.1+deb12u2_amd64.deb ... -Unpacking gpgconf (2.2.40-1.1+deb12u2) ... -Selecting previously unselected package libksba8:amd64. -Preparing to unpack .../04-libksba8_1.6.3-2_amd64.deb ... -Unpacking libksba8:amd64 (1.6.3-2) ... -Selecting previously unselected package libnpth0:amd64. -Preparing to unpack .../05-libnpth0_1.6-3_amd64.deb ... -Unpacking libnpth0:amd64 (1.6-3) ... -Selecting previously unselected package dirmngr. -Preparing to unpack .../06-dirmngr_2.2.40-1.1+deb12u2_amd64.deb ... -Unpacking dirmngr (2.2.40-1.1+deb12u2) ... -Selecting previously unselected package gnupg-l10n. -Preparing to unpack .../07-gnupg-l10n_2.2.40-1.1+deb12u2_all.deb ... -Unpacking gnupg-l10n (2.2.40-1.1+deb12u2) ... -Selecting previously unselected package gnupg-utils. -Preparing to unpack .../08-gnupg-utils_2.2.40-1.1+deb12u2_amd64.deb ... -Unpacking gnupg-utils (2.2.40-1.1+deb12u2) ... -Selecting previously unselected package gpg. -Preparing to unpack .../09-gpg_2.2.40-1.1+deb12u2_amd64.deb ... -Unpacking gpg (2.2.40-1.1+deb12u2) ... -Selecting previously unselected package pinentry-curses. -Preparing to unpack .../10-pinentry-curses_1.2.1-1_amd64.deb ... -Unpacking pinentry-curses (1.2.1-1) ... -Selecting previously unselected package gpg-agent. -Preparing to unpack .../11-gpg-agent_2.2.40-1.1+deb12u2_amd64.deb ... -Unpacking gpg-agent (2.2.40-1.1+deb12u2) ... -Selecting previously unselected package gpg-wks-client. -Preparing to unpack .../12-gpg-wks-client_2.2.40-1.1+deb12u2_amd64.deb ... -Unpacking gpg-wks-client (2.2.40-1.1+deb12u2) ... -Selecting previously unselected package gpg-wks-server. -Preparing to unpack .../13-gpg-wks-server_2.2.40-1.1+deb12u2_amd64.deb ... -Unpacking gpg-wks-server (2.2.40-1.1+deb12u2) ... -Selecting previously unselected package gpgsm. -Preparing to unpack .../14-gpgsm_2.2.40-1.1+deb12u2_amd64.deb ... -Unpacking gpgsm (2.2.40-1.1+deb12u2) ... -Selecting previously unselected package gnupg. -Preparing to unpack .../15-gnupg_2.2.40-1.1+deb12u2_all.deb ... -Unpacking gnupg (2.2.40-1.1+deb12u2) ... -Selecting previously unselected package lsb-release. -Preparing to unpack .../16-lsb-release_12.0-1_all.deb ... -Unpacking lsb-release (12.0-1) ... -Setting up libksba8:amd64 (1.6.3-2) ... -Setting up libnpth0:amd64 (1.6-3) ... -Setting up libassuan0:amd64 (2.5.5-5) ... -Setting up gnupg-l10n (2.2.40-1.1+deb12u2) ... -Setting up gpgconf (2.2.40-1.1+deb12u2) ... -Setting up libcurl4:amd64 (7.88.1-10+deb12u14) ... -Setting up curl (7.88.1-10+deb12u14) ... -Setting up lsb-release (12.0-1) ... -Setting up gpg (2.2.40-1.1+deb12u2) ... -Setting up gnupg-utils (2.2.40-1.1+deb12u2) ... -Setting up pinentry-curses (1.2.1-1) ... -Setting up gpg-agent (2.2.40-1.1+deb12u2) ... -Created symlink /etc/systemd/user/sockets.target.wants/gpg-agent-browser.socket → /usr/lib/systemd/user/gpg-agent-browser.socket. -Created symlink /etc/systemd/user/sockets.target.wants/gpg-agent-extra.socket → /usr/lib/systemd/user/gpg-agent-extra.socket. -Created symlink /etc/systemd/user/sockets.target.wants/gpg-agent-ssh.socket → /usr/lib/systemd/user/gpg-agent-ssh.socket. -Created symlink /etc/systemd/user/sockets.target.wants/gpg-agent.socket → /usr/lib/systemd/user/gpg-agent.socket. -Setting up gpgsm (2.2.40-1.1+deb12u2) ... -Setting up dirmngr (2.2.40-1.1+deb12u2) ... -Created symlink /etc/systemd/user/sockets.target.wants/dirmngr.socket → /usr/lib/systemd/user/dirmngr.socket. -Setting up gpg-wks-server (2.2.40-1.1+deb12u2) ... -Setting up gpg-wks-client (2.2.40-1.1+deb12u2) ... -Setting up gnupg (2.2.40-1.1+deb12u2) ... -Processing triggers for man-db (2.11.2-2) ... -Processing triggers for libc-bin (2.36-9+deb12u13) ... -Hit:1 http://deb.debian.org/debian bookworm InRelease -Hit:2 http://security.debian.org bookworm-security InRelease -Hit:3 http://deb.debian.org/debian bookworm-updates InRelease -Reading package lists... -Reading package lists... -Building dependency tree... -Reading state information... -locales is already the newest version (2.36-9+deb12u13). -ca-certificates is already the newest version (20230311+deb12u1). -curl is already the newest version (7.88.1-10+deb12u14). -gnupg is already the newest version (2.2.40-1.1+deb12u2). -lsb-release is already the newest version (12.0-1). -0 upgraded, 0 newly installed, 0 to remove and 17 not upgraded. -Hit:1 http://deb.debian.org/debian bookworm InRelease -Hit:2 http://security.debian.org bookworm-security InRelease -Hit:3 http://deb.debian.org/debian bookworm-updates InRelease -Get:4 https://download.docker.com/linux/debian bookworm InRelease [46.6 kB] -Get:5 https://download.docker.com/linux/debian bookworm/stable amd64 Packages [59.1 kB] -Fetched 106 kB in 0s (277 kB/s) -Reading package lists... -Reading package lists... -Building dependency tree... -Reading state information... -The following additional packages will be installed: - apparmor dbus-user-session docker-ce-rootless-extras git git-man iptables - liberror-perl libglib2.0-0 libglib2.0-data libip6tc2 libnetfilter-conntrack3 - libnfnetlink0 libslirp0 patch pigz shared-mime-info slirp4netns - xdg-user-dirs -Suggested packages: - apparmor-profiles-extra apparmor-utils cgroupfs-mount | cgroup-lite - docker-model-plugin git-daemon-run | git-daemon-sysvinit git-doc git-email - git-gui gitk gitweb git-cvs git-mediawiki git-svn firewalld - low-memory-monitor ed diffutils-doc -The following NEW packages will be installed: - apparmor containerd.io dbus-user-session docker-buildx-plugin docker-ce - docker-ce-cli docker-ce-rootless-extras docker-compose-plugin git git-man - iptables liberror-perl libglib2.0-0 libglib2.0-data libip6tc2 - libnetfilter-conntrack3 libnfnetlink0 libslirp0 patch pigz shared-mime-info - slirp4netns xdg-user-dirs -0 upgraded, 23 newly installed, 0 to remove and 17 not upgraded. -Need to get 105 MB of archives. -After this operation, 437 MB of additional disk space will be used. -Get:1 http://deb.debian.org/debian bookworm/main amd64 libip6tc2 amd64 1.8.9-2 [19.4 kB] -Get:2 http://deb.debian.org/debian bookworm/main amd64 libnfnetlink0 amd64 1.0.2-2 [15.1 kB] -Get:3 http://deb.debian.org/debian bookworm/main amd64 libnetfilter-conntrack3 amd64 1.0.9-3 [40.7 kB] -Get:4 http://deb.debian.org/debian bookworm/main amd64 iptables amd64 1.8.9-2 [360 kB] -Get:5 http://deb.debian.org/debian bookworm/main amd64 pigz amd64 2.6-1 [64.0 kB] -Get:6 http://deb.debian.org/debian bookworm/main amd64 apparmor amd64 3.0.8-3 [616 kB] -Get:7 http://deb.debian.org/debian bookworm/main amd64 dbus-user-session amd64 1.14.10-1~deb12u1 [78.1 kB] -Get:8 http://deb.debian.org/debian bookworm/main amd64 liberror-perl all 0.17029-2 [29.0 kB] -Get:9 http://deb.debian.org/debian bookworm/main amd64 git-man all 1:2.39.5-0+deb12u3 [2,053 kB] -Get:10 http://deb.debian.org/debian bookworm/main amd64 git amd64 1:2.39.5-0+deb12u3 [7,264 kB] -Get:11 http://deb.debian.org/debian bookworm/main amd64 libglib2.0-0 amd64 2.74.6-2+deb12u8 [1,402 kB] -Get:12 http://deb.debian.org/debian bookworm/main amd64 libglib2.0-data all 2.74.6-2+deb12u8 [1,210 kB] -Get:13 http://deb.debian.org/debian bookworm/main amd64 libslirp0 amd64 4.7.0-1 [63.0 kB] -Get:14 http://deb.debian.org/debian bookworm/main amd64 patch amd64 2.7.6-7 [128 kB] -Get:15 http://deb.debian.org/debian bookworm/main amd64 shared-mime-info amd64 2.2-1 [729 kB] -Get:16 http://deb.debian.org/debian bookworm/main amd64 slirp4netns amd64 1.2.0-1 [37.5 kB] -Get:17 http://deb.debian.org/debian bookworm/main amd64 xdg-user-dirs amd64 0.18-1 [54.4 kB] -Get:18 https://download.docker.com/linux/debian bookworm/stable amd64 containerd.io amd64 2.2.1-1~debian.12~bookworm [23.4 MB] -Get:19 https://download.docker.com/linux/debian bookworm/stable amd64 docker-ce-cli amd64 5:29.1.4-1~debian.12~bookworm [16.3 MB] -Get:20 https://download.docker.com/linux/debian bookworm/stable amd64 docker-ce amd64 5:29.1.4-1~debian.12~bookworm [21.0 MB] -Get:21 https://download.docker.com/linux/debian bookworm/stable amd64 docker-buildx-plugin amd64 0.30.1-1~debian.12~bookworm [16.4 MB] -Get:22 https://download.docker.com/linux/debian bookworm/stable amd64 docker-ce-rootless-extras amd64 5:29.1.4-1~debian.12~bookworm [6,384 kB] -Get:23 https://download.docker.com/linux/debian bookworm/stable amd64 docker-compose-plugin amd64 5.0.1-1~debian.12~bookworm [7,713 kB] -Preconfiguring packages ... -Fetched 105 MB in 1s (84.4 MB/s) -Selecting previously unselected package containerd.io. -(Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 19417 files and directories currently installed.) -Preparing to unpack .../00-containerd.io_2.2.1-1~debian.12~bookworm_amd64.deb ... -Unpacking containerd.io (2.2.1-1~debian.12~bookworm) ... -Selecting previously unselected package docker-ce-cli. -Preparing to unpack .../01-docker-ce-cli_5%3a29.1.4-1~debian.12~bookworm_amd64.deb ... -Unpacking docker-ce-cli (5:29.1.4-1~debian.12~bookworm) ... -Selecting previously unselected package libip6tc2:amd64. -Preparing to unpack .../02-libip6tc2_1.8.9-2_amd64.deb ... -Unpacking libip6tc2:amd64 (1.8.9-2) ... -Selecting previously unselected package libnfnetlink0:amd64. -Preparing to unpack .../03-libnfnetlink0_1.0.2-2_amd64.deb ... -Unpacking libnfnetlink0:amd64 (1.0.2-2) ... -Selecting previously unselected package libnetfilter-conntrack3:amd64. -Preparing to unpack .../04-libnetfilter-conntrack3_1.0.9-3_amd64.deb ... -Unpacking libnetfilter-conntrack3:amd64 (1.0.9-3) ... -Selecting previously unselected package iptables. -Preparing to unpack .../05-iptables_1.8.9-2_amd64.deb ... -Unpacking iptables (1.8.9-2) ... -Selecting previously unselected package docker-ce. -Preparing to unpack .../06-docker-ce_5%3a29.1.4-1~debian.12~bookworm_amd64.deb ... -Unpacking docker-ce (5:29.1.4-1~debian.12~bookworm) ... -Selecting previously unselected package pigz. -Preparing to unpack .../07-pigz_2.6-1_amd64.deb ... -Unpacking pigz (2.6-1) ... -Selecting previously unselected package apparmor. -Preparing to unpack .../08-apparmor_3.0.8-3_amd64.deb ... -Unpacking apparmor (3.0.8-3) ... -Selecting previously unselected package dbus-user-session. -Preparing to unpack .../09-dbus-user-session_1.14.10-1~deb12u1_amd64.deb ... -Unpacking dbus-user-session (1.14.10-1~deb12u1) ... -Selecting previously unselected package docker-buildx-plugin. -Preparing to unpack .../10-docker-buildx-plugin_0.30.1-1~debian.12~bookworm_amd64.deb ... -Unpacking docker-buildx-plugin (0.30.1-1~debian.12~bookworm) ... -Selecting previously unselected package docker-ce-rootless-extras. -Preparing to unpack .../11-docker-ce-rootless-extras_5%3a29.1.4-1~debian.12~bookworm_amd64.deb ... -Unpacking docker-ce-rootless-extras (5:29.1.4-1~debian.12~bookworm) ... -Selecting previously unselected package docker-compose-plugin. -Preparing to unpack .../12-docker-compose-plugin_5.0.1-1~debian.12~bookworm_amd64.deb ... -Unpacking docker-compose-plugin (5.0.1-1~debian.12~bookworm) ... -Selecting previously unselected package liberror-perl. -Preparing to unpack .../13-liberror-perl_0.17029-2_all.deb ... -Unpacking liberror-perl (0.17029-2) ... -Selecting previously unselected package git-man. -Preparing to unpack .../14-git-man_1%3a2.39.5-0+deb12u3_all.deb ... -Unpacking git-man (1:2.39.5-0+deb12u3) ... -Selecting previously unselected package git. -Preparing to unpack .../15-git_1%3a2.39.5-0+deb12u3_amd64.deb ... -Unpacking git (1:2.39.5-0+deb12u3) ... -Selecting previously unselected package libglib2.0-0:amd64. -Preparing to unpack .../16-libglib2.0-0_2.74.6-2+deb12u8_amd64.deb ... -Unpacking libglib2.0-0:amd64 (2.74.6-2+deb12u8) ... -Selecting previously unselected package libglib2.0-data. -Preparing to unpack .../17-libglib2.0-data_2.74.6-2+deb12u8_all.deb ... -Unpacking libglib2.0-data (2.74.6-2+deb12u8) ... -Selecting previously unselected package libslirp0:amd64. -Preparing to unpack .../18-libslirp0_4.7.0-1_amd64.deb ... -Unpacking libslirp0:amd64 (4.7.0-1) ... -Selecting previously unselected package patch. -Preparing to unpack .../19-patch_2.7.6-7_amd64.deb ... -Unpacking patch (2.7.6-7) ... -Selecting previously unselected package shared-mime-info. -Preparing to unpack .../20-shared-mime-info_2.2-1_amd64.deb ... -Unpacking shared-mime-info (2.2-1) ... -Selecting previously unselected package slirp4netns. -Preparing to unpack .../21-slirp4netns_1.2.0-1_amd64.deb ... -Unpacking slirp4netns (1.2.0-1) ... -Selecting previously unselected package xdg-user-dirs. -Preparing to unpack .../22-xdg-user-dirs_0.18-1_amd64.deb ... -Unpacking xdg-user-dirs (0.18-1) ... -Setting up xdg-user-dirs (0.18-1) ... -Setting up libip6tc2:amd64 (1.8.9-2) ... -Setting up libglib2.0-0:amd64 (2.74.6-2+deb12u8) ... -No schema files found: doing nothing. -Setting up liberror-perl (0.17029-2) ... -Setting up apparmor (3.0.8-3) ... -Created symlink /etc/systemd/system/sysinit.target.wants/apparmor.service → /lib/systemd/system/apparmor.service. -Setting up dbus-user-session (1.14.10-1~deb12u1) ... -Setting up docker-buildx-plugin (0.30.1-1~debian.12~bookworm) ... -Setting up libglib2.0-data (2.74.6-2+deb12u8) ... -Setting up shared-mime-info (2.2-1) ... -Setting up containerd.io (2.2.1-1~debian.12~bookworm) ... -Created symlink /etc/systemd/system/multi-user.target.wants/containerd.service → /lib/systemd/system/containerd.service. -Setting up patch (2.7.6-7) ... -Setting up docker-compose-plugin (5.0.1-1~debian.12~bookworm) ... -Setting up docker-ce-cli (5:29.1.4-1~debian.12~bookworm) ... -Setting up libslirp0:amd64 (4.7.0-1) ... -Setting up pigz (2.6-1) ... -Setting up libnfnetlink0:amd64 (1.0.2-2) ... -Setting up git-man (1:2.39.5-0+deb12u3) ... -Setting up docker-ce-rootless-extras (5:29.1.4-1~debian.12~bookworm) ... -Setting up slirp4netns (1.2.0-1) ... -Setting up git (1:2.39.5-0+deb12u3) ... -Setting up libnetfilter-conntrack3:amd64 (1.0.9-3) ... -Setting up iptables (1.8.9-2) ... -update-alternatives: using /usr/sbin/iptables-legacy to provide /usr/sbin/iptables (iptables) in auto mode -update-alternatives: using /usr/sbin/ip6tables-legacy to provide /usr/sbin/ip6tables (ip6tables) in auto mode -update-alternatives: using /usr/sbin/iptables-nft to provide /usr/sbin/iptables (iptables) in auto mode -update-alternatives: using /usr/sbin/ip6tables-nft to provide /usr/sbin/ip6tables (ip6tables) in auto mode -update-alternatives: using /usr/sbin/arptables-nft to provide /usr/sbin/arptables (arptables) in auto mode -update-alternatives: using /usr/sbin/ebtables-nft to provide /usr/sbin/ebtables (ebtables) in auto mode -Setting up docker-ce (5:29.1.4-1~debian.12~bookworm) ... -Created symlink /etc/systemd/system/multi-user.target.wants/docker.service → /lib/systemd/system/docker.service. -Created symlink /etc/systemd/system/sockets.target.wants/docker.socket → /lib/systemd/system/docker.socket. -Processing triggers for man-db (2.11.2-2) ... -Processing triggers for libc-bin (2.36-9+deb12u13) ... -W: Operation was interrupted before it could finish diff --git a/setup_nginx_proxy.sh b/setup_nginx_proxy.sh index e7acda0..3f2a84b 100755 --- a/setup_nginx_proxy.sh +++ b/setup_nginx_proxy.sh @@ -26,9 +26,10 @@ die() { } # ============================================================================= -# Configuration +# Default Configuration # ============================================================================= -OPNSENSE_HOST="${OPNSENSE_HOST:-mediametzkabel.metz.tech}" +# OPNsense kann über Hostname ODER IP angesprochen werden +OPNSENSE_HOST="${OPNSENSE_HOST:-192.168.45.1}" OPNSENSE_API_KEY="${OPNSENSE_API_KEY:-cUUs80IDkQelMJVgAVK2oUoDHrQf+cQPwXoPKNd3KDIgiCiEyEfMq38UTXeY5/VO/yWtCC7k9Y9kJ0Pn}" OPNSENSE_API_SECRET="${OPNSENSE_API_SECRET:-2egxxFYCAUjBDp0OrgbJO3NBZmR4jpDm028jeS8Nq8OtCGu/0lAxt4YXWXbdZjcFVMS0Nrhru1I2R1si}" @@ -36,9 +37,6 @@ OPNSENSE_API_SECRET="${OPNSENSE_API_SECRET:-2egxxFYCAUjBDp0OrgbJO3NBZmR4jpDm028j # Kann über --certificate-uuid oder Umgebungsvariable gesetzt werden CERTIFICATE_UUID="${CERTIFICATE_UUID:-}" -# API Base URL -API_BASE="https://${OPNSENSE_HOST}/api" - # ============================================================================= # Usage # ============================================================================= @@ -47,7 +45,7 @@ usage() { Usage: bash setup_nginx_proxy.sh [options] -Required options: +Required options (for proxy setup): --ctid Container ID (used as description) --hostname Hostname (e.g., sb-1768736636) --fqdn Full domain name (e.g., sb-1768736636.userman.de) @@ -55,20 +53,31 @@ Required options: --backend-port Backend port (default: 5678) Optional: - --opnsense-host OPNsense hostname (default: mediametzkabel.metz.tech) + --opnsense-host OPNsense IP or hostname (default: 192.168.45.1) --certificate-uuid UUID of the SSL certificate in OPNsense --list-certificates List available certificates and exit + --test-connection Test API connection and exit --debug Enable debug mode --help Show this help -Example: +Examples: + # List certificates: + bash setup_nginx_proxy.sh --list-certificates --debug + + # Test API connection: + bash setup_nginx_proxy.sh --test-connection --debug + + # Setup proxy: bash setup_nginx_proxy.sh --ctid 768736636 --hostname sb-1768736636 \ --fqdn sb-1768736636.userman.de --backend-ip 192.168.45.135 + + # With custom OPNsense IP: + bash setup_nginx_proxy.sh --opnsense-host 192.168.45.1 --list-certificates EOF } # ============================================================================= -# Default values +# Default values for arguments # ============================================================================= CTID="" HOSTNAME="" @@ -76,6 +85,7 @@ FQDN="" BACKEND_IP="" BACKEND_PORT="5678" LIST_CERTIFICATES="0" +TEST_CONNECTION="0" # ============================================================================= # Argument parsing @@ -90,6 +100,7 @@ while [[ $# -gt 0 ]]; do --opnsense-host) OPNSENSE_HOST="${2:-}"; shift 2 ;; --certificate-uuid) CERTIFICATE_UUID="${2:-}"; shift 2 ;; --list-certificates) LIST_CERTIFICATES="1"; shift 1 ;; + --test-connection) TEST_CONNECTION="1"; shift 1 ;; --debug) DEBUG="1"; export DEBUG; shift 1 ;; --help|-h) usage; exit 0 ;; *) die "Unknown option: $1 (use --help)" ;; @@ -97,61 +108,12 @@ while [[ $# -gt 0 ]]; do done # ============================================================================= -# List Certificates Function +# API Base URL (nach Argument-Parsing setzen!) # ============================================================================= -list_certificates() { - info "Fetching available certificates from OPNsense..." - - local response - response=$(api_request "GET" "/trust/cert/search") - - echo "Available SSL Certificates in OPNsense:" - echo "========================================" - echo "$response" | python3 -c " -import json, sys -try: - data = json.load(sys.stdin) - rows = data.get('rows', []) - for row in rows: - uuid = row.get('uuid', 'N/A') - descr = row.get('descr', 'N/A') - cn = row.get('cn', 'N/A') - print(f'UUID: {uuid}') - print(f' Description: {descr}') - print(f' Common Name: {cn}') - print() -except Exception as e: - print(f'Error parsing response: {e}', file=sys.stderr) - print('Raw response:', file=sys.stderr) - sys.exit(1) -" 2>&1 -} +API_BASE="https://${OPNSENSE_HOST}/api" # ============================================================================= -# Validation -# ============================================================================= - -# Handle --list-certificates first -if [[ "$LIST_CERTIFICATES" == "1" ]]; then - list_certificates - exit 0 -fi - -[[ -n "$CTID" ]] || die "--ctid is required" -[[ -n "$HOSTNAME" ]] || die "--hostname is required" -[[ -n "$FQDN" ]] || die "--fqdn is required" -[[ -n "$BACKEND_IP" ]] || die "--backend-ip is required" - -info "Configuration:" -info " CTID: ${CTID}" -info " Hostname: ${HOSTNAME}" -info " FQDN: ${FQDN}" -info " Backend: ${BACKEND_IP}:${BACKEND_PORT}" -info " OPNsense: ${OPNSENSE_HOST}" -info " Certificate UUID: ${CERTIFICATE_UUID:-auto-detect}" - -# ============================================================================= -# API Helper Functions +# API Helper Functions (MÜSSEN VOR list_certificates definiert werden!) # ============================================================================= # Make API request to OPNsense @@ -163,7 +125,7 @@ api_request() { local url="${API_BASE}${endpoint}" local auth="${OPNSENSE_API_KEY}:${OPNSENSE_API_SECRET}" - info "API ${method} ${endpoint}" + info "API ${method} ${url}" local response if [[ -n "$data" ]]; then @@ -222,11 +184,11 @@ try: cn = row.get('cn', '') descr = row.get('descr', '') # Match wildcard or exact domain - if pattern in cn or pattern in descr or '*.' + pattern.split('.')[-2] + '.' + pattern.split('.')[-1] in cn: + if pattern in cn or pattern in descr: print(row.get('uuid', '')) sys.exit(0) # Also check for wildcard pattern - if cn.startswith('*.') and pattern.endswith(cn[1:]): + if cn.startswith('*.') and pattern.endswith(cn[2:]): print(row.get('uuid', '')) sys.exit(0) except: @@ -234,6 +196,90 @@ except: " 2>/dev/null || true } +# ============================================================================= +# Utility Functions +# ============================================================================= + +# Test API connection +test_connection() { + info "Testing API connection to OPNsense at ${OPNSENSE_HOST}..." + + local response + response=$(api_request "GET" "/core/firmware/status") + + if echo "$response" | python3 -c "import json,sys; d=json.load(sys.stdin); print('OK' if 'product' in d or 'status' in d else 'FAIL')" 2>/dev/null | grep -q "OK"; then + echo "✓ API connection successful to ${OPNSENSE_HOST}" + echo "Response: $(echo "$response" | python3 -c "import json,sys; d=json.load(sys.stdin); print(json.dumps(d, indent=2)[:500])" 2>/dev/null || echo "$response")" + return 0 + else + echo "✗ API connection failed to ${OPNSENSE_HOST}" + echo "Response: $response" + return 1 + fi +} + +# List available certificates +list_certificates() { + info "Fetching available certificates from OPNsense at ${OPNSENSE_HOST}..." + + local response + response=$(api_request "GET" "/trust/cert/search") + + echo "Available SSL Certificates in OPNsense (${OPNSENSE_HOST}):" + echo "============================================================" + echo "$response" | python3 -c " +import json, sys +try: + data = json.load(sys.stdin) + rows = data.get('rows', []) + if not rows: + print('No certificates found.') + print('Raw response:', data) + for row in rows: + uuid = row.get('uuid', 'N/A') + descr = row.get('descr', 'N/A') + cn = row.get('cn', 'N/A') + print(f'UUID: {uuid}') + print(f' Description: {descr}') + print(f' Common Name: {cn}') + print() +except Exception as e: + print(f'Error parsing response: {e}', file=sys.stderr) + print(f'Raw response: {sys.stdin.read()}', file=sys.stderr) + sys.exit(1) +" 2>&1 +} + +# ============================================================================= +# Handle special commands first (before validation) +# ============================================================================= + +if [[ "$TEST_CONNECTION" == "1" ]]; then + test_connection + exit $? +fi + +if [[ "$LIST_CERTIFICATES" == "1" ]]; then + list_certificates + exit 0 +fi + +# ============================================================================= +# Validation (nur für Proxy-Setup) +# ============================================================================= +[[ -n "$CTID" ]] || die "--ctid is required" +[[ -n "$HOSTNAME" ]] || die "--hostname is required" +[[ -n "$FQDN" ]] || die "--fqdn is required" +[[ -n "$BACKEND_IP" ]] || die "--backend-ip is required" + +info "Configuration:" +info " CTID: ${CTID}" +info " Hostname: ${HOSTNAME}" +info " FQDN: ${FQDN}" +info " Backend: ${BACKEND_IP}:${BACKEND_PORT}" +info " OPNsense: ${OPNSENSE_HOST}" +info " Certificate UUID: ${CERTIFICATE_UUID:-auto-detect}" + # ============================================================================= # NGINX Configuration Steps # =============================================================================