admin tools

Site folder now is named according to the domain:port assigned. Fixed error with HSTS header for admin tools site.
QROkes · Dec 4, 2022 · b5f38cc · b5f38cc
1 parent a56dfc8
commit b5f38cc
Show file tree

Hide file tree

Showing 14 changed files with 250 additions and 154 deletions.
diff --git a/lib/bkp b/lib/bkp
@@ -620,9 +620,9 @@ export_server() {
 
 	# Create TAR file
 	[[ -d /var/www/html ]] && local exclude="--exclude=/var/www/html" || local exclude=""
-	[[ -d /var/www/$(conf_read tools-port) ]] && local exclude="$exclude --exclude=/var/www/$(conf_read tools-port)"
-	[[ -f /etc/nginx/sites-available/$(conf_read tools-port) ]] && local exclude="$exclude --exclude=/etc/nginx/sites-available/$(conf_read tools-port)"
-	[[ -L /etc/nginx/sites-enabled/$(conf_read tools-port) ]] && local exclude="$exclude --exclude=/etc/nginx/sites-enabled/$(conf_read tools-port)"
+	[[ -d /var/www/$ADMIN_TOOLS_SITE ]] && local exclude="$exclude --exclude=/var/www/$ADMIN_TOOLS_SITE"
+	[[ -f /etc/nginx/sites-available/$ADMIN_TOOLS_SITE ]] && local exclude="$exclude --exclude=/etc/nginx/sites-available/$ADMIN_TOOLS_SITE"
+	[[ -L /etc/nginx/sites-enabled/$ADMIN_TOOLS_SITE ]] && local exclude="$exclude --exclude=/etc/nginx/sites-enabled/$ADMIN_TOOLS_SITE"
 	[[ -f /etc/nginx/sites-available/default ]] && local exclude="$exclude --exclude=/etc/nginx/sites-available/default"
 	[[ -L /etc/nginx/sites-enabled/default ]] && local exclude="$exclude --exclude=/etc/nginx/sites-enabled/default"
 

diff --git a/lib/datadog b/lib/datadog
@@ -4,7 +4,7 @@
 dd_nginx_purge() {
 	if [[ -f /etc/datadog-agent/conf.d/nginx.d/conf.yaml ]]; then
 		if [[ ! -f /etc/datadog-agent/conf.d/php_fpm.d/conf.yaml ]]; then
-			sudo sed -i '/WebinolyLocalhostStart/,/WebinolyLocalhostEnd/{/.*/d}' /etc/nginx/sites-available/$(conf_read tools-port)
+			sudo sed -i '/WebinolyLocalhostStart/,/WebinolyLocalhostEnd/{/.*/d}' /etc/nginx/sites-available/$ADMIN_TOOLS_SITE
 		fi
 
 		sudo rm -rf /etc/datadog-agent/conf.d/nginx.d/conf.yaml
@@ -18,7 +18,7 @@ dd_nginx_purge() {
 dd_fpm_purge() {
 	if [[ -f /etc/datadog-agent/conf.d/php_fpm.d/conf.yaml ]]; then
 		if [[ ! -f /etc/datadog-agent/conf.d/nginx.d/conf.yaml ]]; then
-			sudo sed -i '/WebinolyLocalhostStart/,/WebinolyLocalhostEnd/{/.*/d}' /etc/nginx/sites-available/$(conf_read tools-port)
+			sudo sed -i '/WebinolyLocalhostStart/,/WebinolyLocalhostEnd/{/.*/d}' /etc/nginx/sites-available/$ADMIN_TOOLS_SITE
 		fi
 
 		sudo rm -rf /etc/datadog-agent/conf.d/php_fpm.d/conf.yaml
@@ -262,8 +262,8 @@ logs:
 
 dd_nginx() {
 	if [[ ! -f /etc/datadog-agent/conf.d/nginx.d/conf.yaml ]]; then
-		if [[ -z $(grep -F "WebinolyLocalhostStart" /etc/nginx/sites-available/$(conf_read tools-port)) ]]; then
-			sudo sed -i '/Webinoly Admin-Tools NGINX CONFIGURATION/r /opt/webinoly/templates/general/tools-site-localhost' /etc/nginx/sites-available/$(conf_read tools-port)
+		if [[ -z $(grep -F "WebinolyLocalhostStart" /etc/nginx/sites-available/$ADMIN_TOOLS_SITE) ]]; then
+			sudo sed -i '/Webinoly Admin-Tools NGINX CONFIGURATION/r /opt/webinoly/templates/general/tools-site-localhost' /etc/nginx/sites-available/$ADMIN_TOOLS_SITE
 		fi
 
 		sudo touch /etc/datadog-agent/conf.d/nginx.d/conf.yaml
@@ -297,8 +297,8 @@ instances:
 
 dd_fpm() {
 	if [[ ! -f /etc/datadog-agent/conf.d/php_fpm.d/conf.yaml ]]; then
-		if [[ -z $(grep -F "WebinolyLocalhostStart" /etc/nginx/sites-available/$(conf_read tools-port)) ]]; then
-			sudo sed -i '/Webinoly Admin-Tools NGINX CONFIGURATION/r /opt/webinoly/templates/general/tools-site-localhost' /etc/nginx/sites-available/$(conf_read tools-port)
+		if [[ -z $(grep -F "WebinolyLocalhostStart" /etc/nginx/sites-available/$ADMIN_TOOLS_SITE) ]]; then
+			sudo sed -i '/Webinoly Admin-Tools NGINX CONFIGURATION/r /opt/webinoly/templates/general/tools-site-localhost' /etc/nginx/sites-available/$ADMIN_TOOLS_SITE
 		fi
 
 		sudo touch /etc/datadog-agent/conf.d/php_fpm.d/conf.yaml
@@ -413,7 +413,7 @@ dd_purge() {
 		sudo rm -rf /usr/share/keyrings/datadog-archive-keyring.gpg*
 		sudo rm -rf /etc/apt/sources.list.d/datadog.list
 
-		[[ -f /etc/nginx/sites-available/$(conf_read tools-port) ]] && sudo sed -i '/WebinolyLocalhostStart/,/WebinolyLocalhostEnd/{/.*/d}' /etc/nginx/sites-available/$(conf_read tools-port)
+		[[ -f /etc/nginx/sites-available/$ADMIN_TOOLS_SITE ]] && sudo sed -i '/WebinolyLocalhostStart/,/WebinolyLocalhostEnd/{/.*/d}' /etc/nginx/sites-available/$ADMIN_TOOLS_SITE
 		echo "${gre}Datadog Agent has been removed successfully from your server!${end}"
 	else
 		echo "${red}[ERROR] Datadog Agent is not installed on your server!${end}"

diff --git a/lib/general b/lib/general
@@ -70,6 +70,28 @@ conf_write() {
 # ***********************************************
 # Useful variables   ****************************
 # ***********************************************
+
+
+# STOP and exit if not root or sudo.
+if [[ $(whoami) != "root" ]]; then
+	echo "${red}Please run this script as root or using sudo.${end}"
+	exit 1
+fi
+
+# Check for BASH Shell
+# This is a very "shity" method, but checking if file exists is very reliable
+# If modified: this same script is in installer, general lib and verify
+if [[ $(conf_read shell-check) != "false" && -n $(echo $(tty) | grep -Eo "pts/[0-9]+") && -n $(logname) ]]; then
+	pre_pid=$(ps -au | grep -E "pts/[0-9]+[ ]+S[s]?[ ]+" | sed '/sudo/d' | tail -n 1)	
+	[[ -n $pre_pid ]] && shell_pid=$(echo $pre_pid | awk '{print $2}')
+	[[ -n $shell_pid && -f /proc/$shell_pid/cmdline ]] && shell_current=$(tr -d '\000' < /proc/$shell_pid/cmdline)
+	[[ -n $shell_pid && -f /proc/$shell_pid/status ]] && shell_status=$(grep -Eo '^Name:.*bash.*' /proc/$shell_pid/status) # Double check!!!
+
+	if [[ -n $shell_current && $shell_current != *"bash"* && -z $shell_status ]]; then
+		echo "${red}[WARNING] Seems like you are using an interactive shell different than BASH! ${dim}($(echo $pre_pid | awk '{print $1}'):${shell_current}) ${end}"
+	fi
+fi
+
 # MySQL folder
 if [[ $(conf_read db-engine) == "mysql" ]]; then
 	readonly MYSQL_CONF_PATH="/etc/mysql/mysql.conf.d"
@@ -88,26 +110,18 @@ else
 	readonly CURRENT_USER="root"
 fi
 
-# Check for BASH Shell
-# This is a very "shity" method, but checking if file exists is very reliable
-# If modified: this same script is in installer, general lib and verify
-if [[ $(conf_read shell-check) != "false" && -n $(echo $(tty) | grep -Eo "pts/[0-9]+") && -n $(logname) ]]; then
-	pre_pid=$(ps -au | grep -E "pts/[0-9]+[ ]+S[s]?[ ]+" | sed '/sudo/d' | tail -n 1)	
-	[[ -n $pre_pid ]] && shell_pid=$(echo $pre_pid | awk '{print $2}')
-	[[ -n $shell_pid && -f /proc/$shell_pid/cmdline ]] && shell_current=$(tr -d '\000' < /proc/$shell_pid/cmdline)
-	[[ -n $shell_pid && -f /proc/$shell_pid/status ]] && shell_status=$(grep -Eo '^Name:.*bash.*' /proc/$shell_pid/status) # Double check!!!
-
-	if [[ -n $shell_current && $shell_current != *"bash"* && -z $shell_status ]]; then
-		echo "${red}[WARNING] Seems like you are using an interactive shell different than BASH! ${dim}($(echo $pre_pid | awk '{print $1}'):${shell_current}) ${end}"
+# Admin Tools Path
+if [[ -n $(conf_read tools-port) && -n $(conf_read tools-site) && -f /etc/nginx/sites-available/$(conf_read tools-site) ]]; then
+	readonly ADMIN_TOOLS_SITE="$(conf_read tools-site):$(conf_read tools-port)"
+else
+	if [[ -n $(conf_read tools-port) ]]; then
+		readonly ADMIN_TOOLS_SITE="default:$(conf_read tools-port)"
+	else
+		# Fresh installation, dynvar is empty!
+		readonly ADMIN_TOOLS_SITE="default:${tools_port_default}"
 	fi
 fi
 
-# STOP and exit if not root or sudo.
-if [[ $(whoami) != "root" ]]; then
-	echo "${red}Please run this script as root or using sudo.${end}"
-	exit 1
-fi
-
 
 # ***********************************************
 # General Functions   ***************************
@@ -328,13 +342,11 @@ check_mysql_connection() {
 	elif [[ ${1,,} == "localhost" && $(conf_read mysql) == "true" ]]; then
 		# In case of custom DB user
 		if [[ -n $2 && -n $3 ]]; then
-			local dbu=$2
-			local dbp=$3
 			[[ -n $4 ]] && local query="use $4"
-			sudo mysql --connect-timeout=10 --user=$dbu -p$dbp -e "$query" 2>/dev/null
+			sudo mysql --connect-timeout=10 --user=$2 -p$3 -e "$query" 2>/dev/null
 			[[ $? != "0" ]] && echo "false" || echo "true"
 		else
-			sudo mysql --connect-timeout=10 --user=$dbu -e "$query"
+			sudo mysql --connect-timeout=10 --user=admin -e "$query"
 			if [[ $? != "0" ]]; then
 				echo "${red}============================================" >&2
 				echo "    [Error]  Database conection failed." >&2
@@ -590,16 +602,26 @@ remove_nginx_default_server() {
 
 
 check_for_parameters() {
-	# Global variables: domain, tld, subdomain, main_domain, sub_domain, empty_param
+	# Global variables: domain, domain_name, domain_port, tld, subdomain, main_domain, sub_domain, empty_param
+	# Note: domain and domain_name are the same except when port is present (example.com:22), then port is removed from domain_name (example.com)
 
 	# Check for domain parameter if is first parameter and have no hyphen at the begining.
 	if [[ -n $1 && $(echo $1 | cut -c-1) != "-" ]]; then
 		domain=$1
+		domain_name=$1
 		shift
 
+		# Check for port and remove it!
+		domain_port=$(echo $domain | cut -d':' -f 2- -s)
+		if [[ $domain_port =~ ^[0-9]+$ && $domain_port -ge 0 && $domain_port -le 65535 ]]; then
+			domain_name=$(echo $domain | cut -d':' -f 1 -s)
+		else
+			unset domain_port
+		fi
+
 		local count=1
 		while true; do
-			tld=$(echo $domain | cut -d'.' -f ${count}- -s)
+			tld=$(echo $domain_name | cut -d'.' -f ${count}- -s)
 			if grep -Fxq "$tld" /opt/webinoly/lib/public_suffix_list.dat || [ -z $tld ]; then
 				break
 			fi
@@ -608,8 +630,8 @@ check_for_parameters() {
 		[[ $count -gt 2 ]] && subdomain="true" || subdomain="false"
 
 		if [[ $subdomain == "true" && -n $tld ]]; then
-			main_domain=$(echo $domain | cut -d'.' -f $[$count-1]- -s)
-			sub_domain=$(echo $domain | cut -d'.' -f -$[$count-2] -s)
+			main_domain=$(echo $domain_name | cut -d'.' -f $[$count-1]- -s)
+			sub_domain=$(echo $domain_name | cut -d'.' -f -$[$count-2] -s)
 		fi
 	fi
 

diff --git a/lib/install b/lib/install
@@ -504,48 +504,49 @@ nginx_tool_site() {
 	[[ -z $(conf_read tools-port) ]] && conf_write tools-port $tools_port_default
 
 	# Don't overwrite in case that exist (after purge with keep-data, for instance)
-	if [[ ! -f /etc/nginx/sites-available/$(conf_read tools-port) ]]; then
-		sudo site $(conf_read tools-port) -empty > /dev/null 2>&1
-		sudo cp /opt/webinoly/templates/general/admin_tools.conf /etc/nginx/sites-available/$(conf_read tools-port)
-		sudo sed -i "s/<port>/$(conf_read tools-port)/g"  /etc/nginx/sites-available/$(conf_read tools-port)
+	if [[ ! -f /etc/nginx/sites-available/$ADMIN_TOOLS_SITE ]]; then
+		sudo site $ADMIN_TOOLS_SITE -empty > /dev/null 2>&1
+		sudo cp /opt/webinoly/templates/general/admin_tools.conf /etc/nginx/sites-available/$ADMIN_TOOLS_SITE
+		sudo sed -i "s/<port>/$(conf_read tools-port)/g"  /etc/nginx/sites-available/$ADMIN_TOOLS_SITE
+		sudo sed -i "s/<admin_tools_sitename>/$ADMIN_TOOLS_SITE/g"  /etc/nginx/sites-available/$ADMIN_TOOLS_SITE
 		sudo nginx -t && sudo systemctl reload nginx
 	fi
 
 	# Don't overwrite in case that exist (after purge with keep-data, for instance)
-	if [[ ! -f /var/www/$(conf_read tools-port)/htdocs ]]; then
+	if [[ ! -f /var/www/$ADMIN_TOOLS_SITE/htdocs ]]; then
 		# Nginx Status Page
-		sudo touch /var/www/$(conf_read tools-port)/htdocs/nginx_status	
+		sudo touch /var/www/$ADMIN_TOOLS_SITE/htdocs/nginx_status	
 
 		# Robots.txt file in case someone remove HTTP Auth
-		sudo touch /var/www/$(conf_read tools-port)/htdocs/robots.txt
+		sudo touch /var/www/$ADMIN_TOOLS_SITE/htdocs/robots.txt
 		echo '# Just in case someone remove HTTP Auth protection.
-	Disallow: /' > /var/www/$(conf_read tools-port)/htdocs/robots.txt
-		sudo chmod 644 /var/www/$(conf_read tools-port)/htdocs/robots.txt
-		sudo chown -R www-data:www-data /var/www/$(conf_read tools-port)/htdocs
+	Disallow: /' > /var/www/$ADMIN_TOOLS_SITE/htdocs/robots.txt
+		sudo chmod 644 /var/www/$ADMIN_TOOLS_SITE/htdocs/robots.txt
+		sudo chown -R www-data:www-data /var/www/$ADMIN_TOOLS_SITE/htdocs
 	fi
 
 	# in case php was installed before nginx
-	[[ $(conf_read php) == "true" && ! -f /var/www/$(conf_read tools-port)/htdocs/php/index.php ]] && php_tool_site
+	[[ $(conf_read php) == "true" && ! -f /var/www/$ADMIN_TOOLS_SITE/htdocs/php/index.php ]] && php_tool_site
 }
 
 
 php_tool_site() {
 	[[ $(conf_read nginx) != "true" ]] && return
 
 	# Just for legacy support when tools site were created only with PHP support, today is created since Nginx always.
-	[[ ! -f /etc/nginx/sites-available/$(conf_read tools-port) ]] && nginx_tool_site
+	[[ ! -f /etc/nginx/sites-available/$ADMIN_TOOLS_SITE ]] && nginx_tool_site
 
 	# Add PHP options in tools site.
 
 	# Status pages
-	sudo touch /var/www/$(conf_read tools-port)/htdocs/ping
-	sudo touch /var/www/$(conf_read tools-port)/htdocs/status
+	sudo touch /var/www/$ADMIN_TOOLS_SITE/htdocs/ping
+	sudo touch /var/www/$ADMIN_TOOLS_SITE/htdocs/status
 
 	#PHP info site
-	sudo mkdir -p /var/www/$(conf_read tools-port)/htdocs/php
-	sudo touch /var/www/$(conf_read tools-port)/htdocs/php/index.php
-	sudo echo '<?php phpinfo(); ?>' >> /var/www/$(conf_read tools-port)/htdocs/php/index.php
-	sudo chown -R www-data:www-data /var/www/$(conf_read tools-port)/htdocs
+	sudo mkdir -p /var/www/$ADMIN_TOOLS_SITE/htdocs/php
+	sudo touch /var/www/$ADMIN_TOOLS_SITE/htdocs/php/index.php
+	sudo echo '<?php phpinfo(); ?>' >> /var/www/$ADMIN_TOOLS_SITE/htdocs/php/index.php
+	sudo chown -R www-data:www-data /var/www/$ADMIN_TOOLS_SITE/htdocs
 }
 
 
@@ -659,22 +660,22 @@ mysql_tool_pma() {
 	api-events_update im7
 
 	echo "${blu}${dim}Downloading phpMyAdmin...${end}"
-	sudo mkdir -p /var/www/$(conf_read tools-port)/htdocs/pma
-	sudo wget --timeout=15 -t 1 -qrO /var/www/$(conf_read tools-port)/htdocs/pma.tar.xz https://www.phpmyadmin.net/downloads/phpMyAdmin-latest-all-languages.tar.xz
-
-	if [[ -s /var/www/$(conf_read tools-port)/htdocs/pma.tar.xz ]]; then	
-		sudo tar -xf /var/www/$(conf_read tools-port)/htdocs/pma.tar.xz -C /var/www/$(conf_read tools-port)/htdocs/pma
-		sudo mv /var/www/$(conf_read tools-port)/htdocs/pma/phpMyAdmin-*-all-languages/* /var/www/$(conf_read tools-port)/htdocs/pma/
-		sudo rm -rf /var/www/$(conf_read tools-port)/htdocs/pma/phpMyAdmin-*-all-languages
-		sudo rm -rf /var/www/$(conf_read tools-port)/htdocs/pma/test
-		sudo rm -rf /var/www/$(conf_read tools-port)/htdocs/pma/setup
-		sudo rm /var/www/$(conf_read tools-port)/htdocs/pma.tar.xz
-
-		sudo cp /var/www/$(conf_read tools-port)/htdocs/pma/config.sample.inc.php /var/www/$(conf_read tools-port)/htdocs/pma/config.inc.php
-		sudo sed -i "/blowfish_secret/c \$cfg['blowfish_secret'] = '$(pwgen -s -1 32)';" /var/www/$(conf_read tools-port)/htdocs/pma/config.inc.php
-		sudo chown -R www-data:www-data /var/www/$(conf_read tools-port)/htdocs/pma
-		sudo find /var/www/$(conf_read tools-port)/htdocs/pma -type f -print0 | sudo xargs -r -0 chmod 644
-		sudo find /var/www/$(conf_read tools-port)/htdocs/pma -type d -print0 | sudo xargs -r -0 chmod 755
+	sudo mkdir -p /var/www/$ADMIN_TOOLS_SITE/htdocs/pma
+	sudo wget --timeout=15 -t 1 -qrO /var/www/$ADMIN_TOOLS_SITE/htdocs/pma.tar.xz https://www.phpmyadmin.net/downloads/phpMyAdmin-latest-all-languages.tar.xz
+
+	if [[ -s /var/www/$ADMIN_TOOLS_SITE/htdocs/pma.tar.xz ]]; then	
+		sudo tar -xf /var/www/$ADMIN_TOOLS_SITE/htdocs/pma.tar.xz -C /var/www/$ADMIN_TOOLS_SITE/htdocs/pma
+		sudo mv /var/www/$ADMIN_TOOLS_SITE/htdocs/pma/phpMyAdmin-*-all-languages/* /var/www/$ADMIN_TOOLS_SITE/htdocs/pma/
+		sudo rm -rf /var/www/$ADMIN_TOOLS_SITE/htdocs/pma/phpMyAdmin-*-all-languages
+		sudo rm -rf /var/www/$ADMIN_TOOLS_SITE/htdocs/pma/test
+		sudo rm -rf /var/www/$ADMIN_TOOLS_SITE/htdocs/pma/setup
+		sudo rm /var/www/$ADMIN_TOOLS_SITE/htdocs/pma.tar.xz
+
+		sudo cp /var/www/$ADMIN_TOOLS_SITE/htdocs/pma/config.sample.inc.php /var/www/$ADMIN_TOOLS_SITE/htdocs/pma/config.inc.php
+		sudo sed -i "/blowfish_secret/c \$cfg['blowfish_secret'] = '$(pwgen -s -1 32)';" /var/www/$ADMIN_TOOLS_SITE/htdocs/pma/config.inc.php
+		sudo chown -R www-data:www-data /var/www/$ADMIN_TOOLS_SITE/htdocs/pma
+		sudo find /var/www/$ADMIN_TOOLS_SITE/htdocs/pma -type f -print0 | sudo xargs -r -0 chmod 644
+		sudo find /var/www/$ADMIN_TOOLS_SITE/htdocs/pma -type d -print0 | sudo xargs -r -0 chmod 755
 
 		conf_write mysql-tool-pma true
 		echo "${gre}phpMyAdmin has been installed successfully! ${end}"

diff --git a/lib/site-ssl b/lib/site-ssl
@@ -12,7 +12,6 @@ ssl_nginx() {
 	# Headers
 	sudo sed -i '/header.conf;/c \	include common/headers.conf;' /etc/nginx/sites-available/$domain
 	sudo sed -i '/headers-http.conf/a \	include common/headers-https.conf;' /etc/nginx/sites-available/$domain # In case of Force-Redirect!
-	[[ -f /etc/nginx/sites-available/$(conf_read tools-port) ]] && sudo sed -i '/header.conf;/c \	include common/headers.conf;' /etc/nginx/sites-available/$(conf_read tools-port)
 	for pxy in "/etc/nginx/apps.d/${domain}"*-proxy.conf
 	do
 		[[ -f $pxy ]] && sudo sed -i '/headers-http.conf;/a \		include common/headers-https.conf;' $pxy
@@ -248,7 +247,6 @@ site_ssl_off() {
 	# Headers
 	sudo sed -i '/headers.conf;/c \	include common/header.conf;' /etc/nginx/sites-available/$domain
 	sudo sed -i '/WebinolyWWWredirectStart/,/WebinolyWWWredirectEnd/{/headers-https.conf;/d}' /etc/nginx/sites-available/$domain # In case of Force-Redirect
-	[[ -f /etc/nginx/sites-available/$(conf_read tools-port) ]] && sudo sed -i '/headers.conf;/c \	include common/header.conf;' /etc/nginx/sites-available/$(conf_read tools-port)
 	for pxy in "/etc/nginx/apps.d/${domain}"*-proxy.conf
 	do
 		[[ -f $pxy ]] && sudo sed -i '/CacheStaticFiles/,/expires max;/{/headers-https.conf;/d}' $pxy