KAZ
/
kaz
3
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Browse Source

manage other domain

pull/3/head
François 2 years ago
parent
e7f68e4b5c
commit
65ece281a0
4 changed files with 133 additions and 38 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 63
      bin/dns.sh
  2. 100
      bin/init.sh
  3. 6
      bin/kazDockerNet.sh
  4. 2
      dockers/web/html/assets/html/footer.html

63
bin/dns.sh
View File

@ -9,7 +9,7 @@ setKazVars
export PRG="$0"
cd $(dirname $0)/..
export IP="127.75.65.90"
export IP="127.0.0.1"
export ETC_HOSTS="/etc/hosts"
. "${DOCKERS_ENV}"
@ -71,12 +71,11 @@ fi
waitNet () {
if [[ "${domain}" = "kaz.local" ]]; then
return
fi
### wait when error code 503
#fab
#TOTO="curl -H \"authorization: Apikey ${GANDI_KEY}\" --connect-timeout 2 -s -D - \"${GANDI_API}\""
#echo $TOTO
if [[ $(curl -H "authorization: Apikey ${GANDI_KEY}" --connect-timeout 2 -s -D - "${GANDI_API}" -o /dev/null 2>/dev/null | head -n1) != *200* ]]; then
echo "DNS not available. Please wait..."
while [[ $(curl -H "authorization: Apikey ${GANDI_KEY}" --connect-timeout 2 -s -D - "${GANDI_API}" -o /dev/null 2>/dev/null | head -n1) != *200* ]]
@ -88,13 +87,21 @@ waitNet () {
}
list(){
if [[ "${domain}" = "kaz.local" ]]; then
grep --perl-regex "^${IP}\s.*${domain}" "${ETC_HOSTS}" 2> /dev/null | sed -e "s|^${IP}\s*\([0-9a-z.-]${domain}\)$|\1|g"
return
fi
waitNet
trap 'rm -f "${TMPFILE}"' EXIT
TMPFILE="$(mktemp)" || exit 1
if [[ -n "${SIMU}" ]] ; then
${SIMU} curl -X GET "${GANDI_API}/records" -H "authorization: Apikey ${GANDI_KEY}"
else
curl -X GET "${GANDI_API}/records" -H "authorization: Apikey ${GANDI_KEY}" 2>/dev/null | sed "s/,{/\n/g" | sed 's/.*rrset_name":"\([^"]*\)".*rrset_values":\["\([^"]*\)".*/\1:\2/g'| grep -v '^[_@]'| grep -e 'dev$' -e 'kaz.bzh\.*$' > ${TMPFILE}
curl -X GET "${GANDI_API}/records" -H "authorization: Apikey ${GANDI_KEY}" 2>/dev/null | \
sed "s/,{/\n/g" | \
sed 's/.*rrset_name":"\([^"]*\)".*rrset_values":\["\([^"]*\)".*/\1:\2/g'| \
grep -v '^[_@]'| \
grep -e 'kaz.bzh\.*$' > ${TMPFILE}
fi
if [ $# -lt 1 ]; then
cat ${TMPFILE}
@ -112,14 +119,14 @@ saveDns () {
echo "${PRG}: old fasion style (remove .local at the end)"
usage;
fi
if [[ "${ARG}" =~ .dev$ ]] ; then
echo "${PRG}: old fasion style (remove .dev at the end)"
usage;
fi
if [[ "${ARG}" =~ .bzh$ ]] ; then
echo "${PRG}: old fasion style (remove .bzh at the end)"
usage;
fi
if [[ "${ARG}" =~ .dev$ ]] ; then
echo "${PRG}: old fasion style (remove .dev at the end)"
usage;
fi
done
if [[ "${domain}" = "kaz.local" ]]; then
return
@ -150,27 +157,19 @@ add(){
fi
case "${domain}" in
kaz.local )
if grep -q --perl-regex "^127.75.65.90.*[ \t]${ARG}.${domain}" "${ETC_HOSTS}" 2> /dev/null ; then
if grep -q --perl-regex "^${IP}.*[ \t]${ARG}.${domain}" "${ETC_HOSTS}" 2> /dev/null ; then
break
fi
if grep -q --perl-regex "^127.75.65.90[ \t]" "${ETC_HOSTS}" 2> /dev/null ; then
${SIMU} sudo sed -i -e "0,/^127.75.65.90[ \t]/s/^\(127.75.65.90[ \t]\)/\1${ARG}.${domain} /g" "${ETC_HOSTS}"
if grep -q --perl-regex "^${IP}[ \t]" "${ETC_HOSTS}" 2> /dev/null ; then
${SIMU} sudo sed -i -e "0,/^${IP}[ \t]/s/^\(${IP}[ \t]\)/\1${ARG}.${domain} /g" "${ETC_HOSTS}"
else
${SIMU} sudo sed -i -e "$ a 127.75.65.90\t${ARG}.${domain}" "${ETC_HOSTS}" 2> /dev/null
${SIMU} sudo sed -i -e "$ a ${IP}\t${ARG}.${domain}" "${ETC_HOSTS}" 2> /dev/null
fi
;;
dev.kaz.bzh )
${SIMU} curl -X POST "${GANDI_API}/records" -H "authorization: Apikey ${GANDI_KEY}" -H 'content-type: application/json' -d '{"rrset_type":"CNAME", "rrset_name":"'${ARG}.dev'", "rrset_values":["dev"]}'
echo
;;
kaz.bzh)
*)
${SIMU} curl -X POST "${GANDI_API}/records" -H "authorization: Apikey ${GANDI_KEY}" -H 'content-type: application/json' -d '{"rrset_type":"CNAME", "rrset_name":"'${ARG}'", "rrset_values":["kaz.bzh."]}'
echo
;;
*)
echo "domain environnement not set!"
usage
;;
esac
ADDED+=("${ARG}")
done
@ -191,24 +190,16 @@ del(){
fi
case "${domain}" in
kaz.local )
if !grep -q --perl-regex "^127.75.65.90.*[ \t]${ARG}.${domain}" "${ETC_HOSTS}" 2> /dev/null ; then
if !grep -q --perl-regex "^${IP}.*[ \t]${ARG}.${domain}" "${ETC_HOSTS}" 2> /dev/null ; then
break
fi
${SIMU} sudo sed -i -e "/^127.75.65.90[ \t]*${ARG}.${domain}[ \t]*$/d" \
-e "s|^\(127.75.65.90.*\)[ \t]${ARG}.${domain}|\1|g" "${ETC_HOSTS}"
;;
dev.kaz.bzh )
${SIMU} curl -X DELETE "${GANDI_API}/records/${ARG}.dev" -H "authorization: Apikey ${GANDI_KEY}"
echo
${SIMU} sudo sed -i -e "/^${IP}[ \t]*${ARG}.${domain}[ \t]*$/d" \
-e "s|^\(${IP}.*\)[ \t]${ARG}.${domain}|\1|g" "${ETC_HOSTS}"
;;
kaz.bzh )
* )
${SIMU} curl -X DELETE "${GANDI_API}/records/${ARG}" -H "authorization: Apikey ${GANDI_KEY}"
echo
;;
*)
echo "domain environnement not set!"
usage
;;
esac
REMOVED+=("${ARG}")
done

100
bin/init.sh
View File

@ -53,7 +53,8 @@ fi
DOMAIN="${DOMAIN}"
;;
* )
DOMAIN="${domain}"
# XXX ne conserver que .-0-9a-z
DOMAIN=$(sed 's/[^a-z0-9.-]//g' <<< "${domain}")
;;
esac
@ -165,6 +166,103 @@ fi
-e "s%^\s*jirafeauDir\s*=.*$%jirafeauDir=${JIRAFEAU_DIR}%"
}
./config/proxy/allow_ip.dev.kaz.bzh
./config/proxy/port.dev.kaz.bzh
./config/proxy/redirect.dev.kaz.bzh
for in service agora cloud garradin wiki wp; do
touch "${KAZ_CONF_PROXY_DIR}/${service}_kaz_map.${domain}"
touch "${KAZ_CONF_PROXY_DIR}/${service}_kaz_name.${domain}"
done
# update port
PROXY_PORT_CFG="${KAZ_CONF_PROXY_DIR}/port.${domain}"
if [ ! -f "${PROXY_PORT_CFG}" ]; then
case "${domain}" in
kaz.bzh)
SSL_CERT="/etc/ssl/certs/wildcard_${domain//./_}.chain.pem"
SSL_KEY="/etc/ssl/private/wildcard_${domain//./_}.key.pem"
;;
kaz.local)
SSL_CERT="/etc/letsencrypt/local/_wildcard.${domain}.pem"
SSL_KEY="/etc/letsencrypt/local/_wildcard.${domain}-key.pem"
;;
*)
SSL_CERT="/etc/letsencrypt/live/${domain}/fullchain.pem"
SSL_KEY="/etc/letsencrypt/live/${domain}/privkey.pem"
;;
esac
cat > "${PROXY_PORT_CFG}" <<EOF
listen 443 ssl http2;
ssl_certificate ${SSL_CERT};
ssl_certificate_key ${SSL_KEY};
ssl_session_timeout 1d;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_early_data on;
ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:50m;
ssl_stapling on;
ssl_stapling_verify on;
EOF
fi
# update redirect
PROXY_REDIRECT="${KAZ_CONF_PROXY_DIR}/redirect.${domain}"
if [ ! -f "${PROXY_REDIRECT}" ]; then
cat > "${PROXY_REDIRECT}" <<EOF
server {
listen 80;
return 301 https://\$host\$request_uri;
}
# file
server {
listen 80;
server_name file.${domain};
return 301 https://depot.${domain}\$request_uri;
}
# cacl
server {
listen 80;
server_name calc.${domain};
return 301 https://tableur.${domain}\$request_uri;
}
# date
server {
listen 80;
server_name date.${domain};
return 301 https://sondage.${domain}\$request_uri;
}
# cloud
server {
listen 80;
server_name bureau.${domain};
return 301 https://cloud.${domain}\$request_uri;
}
# mattermost
server {
listen 80;
server_name mattermost.${domain};
return 301 https://agora.${domain}\$request_uri;
}
# dokuwiki
server {
listen 80;
server_name dokuwiki.${domain};
return 301 https://wiki.${domain}\$request_uri;
}
EOF
fi
if [ ! -f "${KAZ_CONF_DIR}/container-mail.list" ]; then
cat > "${KAZ_CONF_DIR}/container-mail.list" <<EOF
# e-mail server composer

6
bin/kazDockerNet.sh
View File

@ -4,10 +4,16 @@
PRG=$(basename $0)
KAZ_ROOT=$(cd "$(dirname $0)/.."; pwd)
. "${KAZ_ROOT}/bin/.commonFunctions.sh"
setKazVars
usage () {
echo "Usage: ${PRG} [-n] [-h] list|add [netName]..."
echo " -n : simulation"
echo " -h|--help : help"
echo
echo " create all net : ${PRG} add $(${KAZ_BIN_DIR}/kazList.sh compose validate)"
exit 1
}

2
dockers/web/html/assets/html/footer.html
View File

@ -88,7 +88,7 @@ function updateAnchor(el) {
<b>Merci et à très bientôt!</b>
<!--
<form method="post" action="http://dev.kaz.bzh/cgi-bin/sendmail">
<form method="post" action="/cgi-bin/sendmail">
<div class="fields">
<div class="field half">
<input type="text" name="name" id="name" placeholder="Nom" />

Write Preview
Loading…
Cancel
Save