Update with BLACKBOXAI

setup_nginx_proxy.sh

@@ -26,9 +26,10 @@ die() {
 }
 
 # =============================================================================
-# Configuration
+# Default Configuration
 # =============================================================================
-OPNSENSE_HOST="${OPNSENSE_HOST:-mediametzkabel.metz.tech}"
+# OPNsense kann über Hostname ODER IP angesprochen werden
+OPNSENSE_HOST="${OPNSENSE_HOST:-192.168.45.1}"
 OPNSENSE_API_KEY="${OPNSENSE_API_KEY:-cUUs80IDkQelMJVgAVK2oUoDHrQf+cQPwXoPKNd3KDIgiCiEyEfMq38UTXeY5/VO/yWtCC7k9Y9kJ0Pn}"
 OPNSENSE_API_SECRET="${OPNSENSE_API_SECRET:-2egxxFYCAUjBDp0OrgbJO3NBZmR4jpDm028jeS8Nq8OtCGu/0lAxt4YXWXbdZjcFVMS0Nrhru1I2R1si}"
 
@@ -36,9 +37,6 @@ OPNSENSE_API_SECRET="${OPNSENSE_API_SECRET:-2egxxFYCAUjBDp0OrgbJO3NBZmR4jpDm028j
 # Kann über --certificate-uuid oder Umgebungsvariable gesetzt werden
 CERTIFICATE_UUID="${CERTIFICATE_UUID:-}"
 
-# API Base URL
-API_BASE="https://${OPNSENSE_HOST}/api"
-
 # =============================================================================
 # Usage
 # =============================================================================
@@ -47,7 +45,7 @@ usage() {
 Usage:
   bash setup_nginx_proxy.sh [options]
 
-Required options:
+Required options (for proxy setup):
   --ctid <id>              Container ID (used as description)
   --hostname <name>        Hostname (e.g., sb-1768736636)
   --fqdn <domain>          Full domain name (e.g., sb-1768736636.userman.de)
@@ -55,20 +53,31 @@ Required options:
   --backend-port <port>    Backend port (default: 5678)
 
 Optional:
-  --opnsense-host <host>   OPNsense hostname (default: mediametzkabel.metz.tech)
+  --opnsense-host <ip>     OPNsense IP or hostname (default: 192.168.45.1)
   --certificate-uuid <uuid> UUID of the SSL certificate in OPNsense
   --list-certificates      List available certificates and exit
+  --test-connection        Test API connection and exit
   --debug                  Enable debug mode
   --help                   Show this help
 
-Example:
+Examples:
+  # List certificates:
+  bash setup_nginx_proxy.sh --list-certificates --debug
+
+  # Test API connection:
+  bash setup_nginx_proxy.sh --test-connection --debug
+
+  # Setup proxy:
   bash setup_nginx_proxy.sh --ctid 768736636 --hostname sb-1768736636 \
     --fqdn sb-1768736636.userman.de --backend-ip 192.168.45.135
+
+  # With custom OPNsense IP:
+  bash setup_nginx_proxy.sh --opnsense-host 192.168.45.1 --list-certificates
 EOF
 }
 
 # =============================================================================
-# Default values
+# Default values for arguments
 # =============================================================================
 CTID=""
 HOSTNAME=""
@@ -76,6 +85,7 @@ FQDN=""
 BACKEND_IP=""
 BACKEND_PORT="5678"
 LIST_CERTIFICATES="0"
+TEST_CONNECTION="0"
 
 # =============================================================================
 # Argument parsing
@@ -90,6 +100,7 @@ while [[ $# -gt 0 ]]; do
     --opnsense-host) OPNSENSE_HOST="${2:-}"; shift 2 ;;
     --certificate-uuid) CERTIFICATE_UUID="${2:-}"; shift 2 ;;
     --list-certificates) LIST_CERTIFICATES="1"; shift 1 ;;
+    --test-connection) TEST_CONNECTION="1"; shift 1 ;;
     --debug) DEBUG="1"; export DEBUG; shift 1 ;;
     --help|-h) usage; exit 0 ;;
     *) die "Unknown option: $1 (use --help)" ;;
@@ -97,61 +108,12 @@ while [[ $# -gt 0 ]]; do
 done
 
 # =============================================================================
-# List Certificates Function
+# API Base URL (nach Argument-Parsing setzen!)
 # =============================================================================
-list_certificates() {
-  info "Fetching available certificates from OPNsense..."
-  
-  local response
-  response=$(api_request "GET" "/trust/cert/search")
-  
-  echo "Available SSL Certificates in OPNsense:"
-  echo "========================================"
-  echo "$response" | python3 -c "
-import json, sys
-try:
-    data = json.load(sys.stdin)
-    rows = data.get('rows', [])
-    for row in rows:
-        uuid = row.get('uuid', 'N/A')
-        descr = row.get('descr', 'N/A')
-        cn = row.get('cn', 'N/A')
-        print(f'UUID: {uuid}')
-        print(f'  Description: {descr}')
-        print(f'  Common Name: {cn}')
-        print()
-except Exception as e:
-    print(f'Error parsing response: {e}', file=sys.stderr)
-    print('Raw response:', file=sys.stderr)
-    sys.exit(1)
-" 2>&1
-}
+API_BASE="https://${OPNSENSE_HOST}/api"
 
 # =============================================================================
-# Validation
-# =============================================================================
-
-# Handle --list-certificates first
-if [[ "$LIST_CERTIFICATES" == "1" ]]; then
-  list_certificates
-  exit 0
-fi
-
-[[ -n "$CTID" ]] || die "--ctid is required"
-[[ -n "$HOSTNAME" ]] || die "--hostname is required"
-[[ -n "$FQDN" ]] || die "--fqdn is required"
-[[ -n "$BACKEND_IP" ]] || die "--backend-ip is required"
-
-info "Configuration:"
-info "  CTID: ${CTID}"
-info "  Hostname: ${HOSTNAME}"
-info "  FQDN: ${FQDN}"
-info "  Backend: ${BACKEND_IP}:${BACKEND_PORT}"
-info "  OPNsense: ${OPNSENSE_HOST}"
-info "  Certificate UUID: ${CERTIFICATE_UUID:-auto-detect}"
-
-# =============================================================================
-# API Helper Functions
+# API Helper Functions (MÜSSEN VOR list_certificates definiert werden!)
 # =============================================================================
 
 # Make API request to OPNsense
@@ -163,7 +125,7 @@ api_request() {
   local url="${API_BASE}${endpoint}"
   local auth="${OPNSENSE_API_KEY}:${OPNSENSE_API_SECRET}"
   
-  info "API ${method} ${endpoint}"
+  info "API ${method} ${url}"
   
   local response
   if [[ -n "$data" ]]; then
@@ -222,11 +184,11 @@ try:
         cn = row.get('cn', '')
         descr = row.get('descr', '')
         # Match wildcard or exact domain
-        if pattern in cn or pattern in descr or '*.' + pattern.split('.')[-2] + '.' + pattern.split('.')[-1] in cn:
+        if pattern in cn or pattern in descr:
             print(row.get('uuid', ''))
             sys.exit(0)
         # Also check for wildcard pattern
-        if cn.startswith('*.') and pattern.endswith(cn[1:]):
+        if cn.startswith('*.') and pattern.endswith(cn[2:]):
             print(row.get('uuid', ''))
             sys.exit(0)
 except:
@@ -234,6 +196,90 @@ except:
 " 2>/dev/null || true
 }
 
+# =============================================================================
+# Utility Functions
+# =============================================================================
+
+# Test API connection
+test_connection() {
+  info "Testing API connection to OPNsense at ${OPNSENSE_HOST}..."
+  
+  local response
+  response=$(api_request "GET" "/core/firmware/status")
+  
+  if echo "$response" | python3 -c "import json,sys; d=json.load(sys.stdin); print('OK' if 'product' in d or 'status' in d else 'FAIL')" 2>/dev/null | grep -q "OK"; then
+    echo "✓ API connection successful to ${OPNSENSE_HOST}"
+    echo "Response: $(echo "$response" | python3 -c "import json,sys; d=json.load(sys.stdin); print(json.dumps(d, indent=2)[:500])" 2>/dev/null || echo "$response")"
+    return 0
+  else
+    echo "✗ API connection failed to ${OPNSENSE_HOST}"
+    echo "Response: $response"
+    return 1
+  fi
+}
+
+# List available certificates
+list_certificates() {
+  info "Fetching available certificates from OPNsense at ${OPNSENSE_HOST}..."
+  
+  local response
+  response=$(api_request "GET" "/trust/cert/search")
+  
+  echo "Available SSL Certificates in OPNsense (${OPNSENSE_HOST}):"
+  echo "============================================================"
+  echo "$response" | python3 -c "
+import json, sys
+try:
+    data = json.load(sys.stdin)
+    rows = data.get('rows', [])
+    if not rows:
+        print('No certificates found.')
+        print('Raw response:', data)
+    for row in rows:
+        uuid = row.get('uuid', 'N/A')
+        descr = row.get('descr', 'N/A')
+        cn = row.get('cn', 'N/A')
+        print(f'UUID: {uuid}')
+        print(f'  Description: {descr}')
+        print(f'  Common Name: {cn}')
+        print()
+except Exception as e:
+    print(f'Error parsing response: {e}', file=sys.stderr)
+    print(f'Raw response: {sys.stdin.read()}', file=sys.stderr)
+    sys.exit(1)
+" 2>&1
+}
+
+# =============================================================================
+# Handle special commands first (before validation)
+# =============================================================================
+
+if [[ "$TEST_CONNECTION" == "1" ]]; then
+  test_connection
+  exit $?
+fi
+
+if [[ "$LIST_CERTIFICATES" == "1" ]]; then
+  list_certificates
+  exit 0
+fi
+
+# =============================================================================
+# Validation (nur für Proxy-Setup)
+# =============================================================================
+[[ -n "$CTID" ]] || die "--ctid is required"
+[[ -n "$HOSTNAME" ]] || die "--hostname is required"
+[[ -n "$FQDN" ]] || die "--fqdn is required"
+[[ -n "$BACKEND_IP" ]] || die "--backend-ip is required"
+
+info "Configuration:"
+info "  CTID: ${CTID}"
+info "  Hostname: ${HOSTNAME}"
+info "  FQDN: ${FQDN}"
+info "  Backend: ${BACKEND_IP}:${BACKEND_PORT}"
+info "  OPNsense: ${OPNSENSE_HOST}"
+info "  Certificate UUID: ${CERTIFICATE_UUID:-auto-detect}"
+
 # =============================================================================
 # NGINX Configuration Steps
 # =============================================================================