HEX
Server: nginx/1.29.3
System: Linux 11979.bigscoots-wpo.com 6.8.0-88-generic #89-Ubuntu SMP PREEMPT_DYNAMIC Sat Oct 11 01:02:46 UTC 2025 x86_64
User: nginx (1068)
PHP: 7.4.33
Disabled: exec,system,passthru,shell_exec,proc_open,proc_close,popen,show_source,cmd# Do not modify this line # 1684243876
$ pwd: /bigscoots/wpo/extras/
Upload Files
File: //bigscoots/wpo/extras/set_hostname.sh
#!/usr/bin/env bash
set -euo pipefail

# =========================================================
# BigScoots: Issue & Install Hostname SSL + Config Fixups
# - Sets system hostname
# - Ensures server_name in virtual.conf and phpmyadmin_ssl.conf
# - Ensures include line in virtual.conf
# - Issues & installs certs with acme.sh
# =========================================================

# -----------------------------
# Config / defaults
# -----------------------------
VCONF="/usr/local/nginx/conf/conf.d/virtual.conf"
INCLUDE_LINE='include /bigscoots/wpo/nginx/catchallssl.conf;'
WEBROOT="/usr/local/nginx/html"
SSL_DIR="/usr/local/nginx/conf/ssl"
ACME="/root/.acme.sh/acme.sh"
PHPMYADMIN_CONF="/usr/local/nginx/conf/conf.d/phpmyadmin_ssl.conf"
PHPMYADMIN_INSTALLER="/bigscoots/wpo/extras/phpmyadmin.sh"

# -----------------------------
# Helpers
# -----------------------------
msg() { printf "\033[1;32m[+] %s\033[0m\n" "$*"; }
warn() { printf "\033[1;33m[!] %s\033[0m\n" "$*"; }
err() { printf "\033[1;31m[✗] %s\033[0m\n" "$*" >&2; exit 1; }

need_bin() { command -v "$1" >/dev/null 2>&1 || err "Missing required binary: $1"; }

backup_file() {
  local f="$1"
  [[ -f "$f" ]] || return 0
  cp -a "$f" "${f}.$(date +%Y%m%d-%H%M%S).bak"
}

reload_nginx() {
  if nginx -t; then
    msg "NGINX config valid. Reloading…"
    systemctl reload nginx
  else
    err "NGINX config test failed."
  fi
}

# -----------------------------
# Determine DOMAIN (prefer arg; fallback to virtual.conf)
# -----------------------------
DOMAIN="${1:-}"

if [[ -z "${DOMAIN}" ]]; then
  [[ -f "$VCONF" ]] || err "Cannot find $VCONF and no domain argument provided."
  DOMAIN="$(awk '
    /server_name[ \t]+/ {
      for (i=2;i<=NF;i++) { gsub(/;/,"",$i); print $i; exit }
    }' "$VCONF" | head -n1)"
  [[ -n "$DOMAIN" ]] || err "Unable to parse server_name from $VCONF; pass DOMAIN as an argument."
fi

msg "Using domain: $DOMAIN"

# Paths for installed certs (final naming)
CERT_FILE="$SSL_DIR/${DOMAIN}.crt"  # (fullchain -> .crt)
KEY_FILE="$SSL_DIR/${DOMAIN}.key"

# -----------------------------
# Pre-flight checks
# -----------------------------
need_bin nginx
need_bin awk
need_bin sed
need_bin systemctl
need_bin hostnamectl
[[ -x "$ACME" ]] || err "acme.sh not found at $ACME"
[[ -d "$WEBROOT" ]] || err "Webroot $WEBROOT not found"
mkdir -p "$SSL_DIR"

# -----------------------------
# Set system hostname
# -----------------------------
CURRENT_HOST="$(hostnamectl --static status 2>/dev/null | awk 'NR==1{print $3}')"
if [[ "$CURRENT_HOST" != "$DOMAIN" ]]; then
  msg "Setting system hostname to ${DOMAIN}"
  hostnamectl set-hostname "$DOMAIN"
else
  msg "System hostname already set to ${DOMAIN}"
fi

# -----------------------------
# Ensure include line is present ABOVE first 'location /' in virtual.conf
# and ensure server_name matches DOMAIN in virtual.conf
# -----------------------------
[[ -f "$VCONF" ]] || err "Missing $VCONF"
backup_done=0
changed_vconf=0

# Insert include if missing
if ! grep -qF "$INCLUDE_LINE" "$VCONF"; then
  msg "Adding include to $VCONF (above the first 'location /' line)"
  backup_file "$VCONF"; backup_done=1

  if grep -qE '^[[:space:]]*location[[:space:]]*/' "$VCONF"; then
    awk -v inc="$INCLUDE_LINE" '
      BEGIN{done=0}
      {
        if (!done && $0 ~ /^[[:space:]]*location[[:space:]]*\//) {
          print inc
          done=1
        }
        print
      }
    ' "$VCONF" > "${VCONF}.tmp"
  else
    awk -v inc="$INCLUDE_LINE" '
      BEGIN{done=0}
      {
        print
        if (!done && $0 ~ /^[[:space:]]*server[[:space:]]*\{/){
          print inc
          done=1
        }
      }
    ' "$VCONF" > "${VCONF}.tmp"
  fi
  mv "${VCONF}.tmp" "$VCONF"
  changed_vconf=1
else
  msg "Include already present in $VCONF"
fi

# Ensure server_name in virtual.conf is exactly the DOMAIN
if grep -qE '^\s*server_name\s+' "$VCONF"; then
  if ! grep -qE "^\s*server_name\s+${DOMAIN};" "$VCONF"; then
    msg "Updating server_name in $VCONF to ${DOMAIN}"
    [[ $backup_done -eq 1 ]] || { backup_file "$VCONF"; backup_done=1; }
    sed -i -E "s~^\s*server_name\s+[^;]+;~    server_name ${DOMAIN};~" "$VCONF"
    changed_vconf=1
  else
    msg "server_name in $VCONF already matches ${DOMAIN}"
  fi
else
  msg "Adding server_name ${DOMAIN} to $VCONF"
  [[ $backup_done -eq 1 ]] || { backup_file "$VCONF"; backup_done=1; }
  awk -v dom="$DOMAIN" '
    BEGIN{done=0}
    {
      print
      if (!done && $0 ~ /^[[:space:]]*server[[:space:]]*\{/){
        print "    server_name " dom ";"
        done=1
      }
    }
  ' "$VCONF" > "${VCONF}.tmp" && mv "${VCONF}.tmp" "$VCONF"
  changed_vconf=1
fi

# Reload nginx if virtual.conf changed
if [[ $changed_vconf -eq 1 ]]; then
  reload_nginx
fi

# -----------------------------
# Issue certificate with acme.sh
# -----------------------------
msg "Issuing certificate via acme.sh (webroot: $WEBROOT)"
# Use ECC. Remove --ecc on both lines if you want RSA.
"$ACME" --issue --domain "$DOMAIN" --webroot "$WEBROOT" --ecc

msg "Installing certificate to $SSL_DIR"
# Write both --cert-file and --fullchain-file to the same .crt path (we use fullchain as nginx ssl_certificate)
"$ACME" --install-cert -d "$DOMAIN" --ecc \
  --cert-file "$CERT_FILE" \
  --key-file "$KEY_FILE" \
  --fullchain-file "$CERT_FILE" \
  --reloadcmd "systemctl reload nginx"

# Sanity check files
[[ -s "$CERT_FILE" && -s "$KEY_FILE" ]] || err "Installed cert/key not found or empty."

msg "Certs installed:"
ls -l "$CERT_FILE" "$KEY_FILE" || true

# -----------------------------
# Ensure phpMyAdmin SSL conf exists
# -----------------------------
if [[ ! -f "$PHPMYADMIN_CONF" ]]; then
  warn "$PHPMYADMIN_CONF not found. Running installer…"
  [[ -x "$PHPMYADMIN_INSTALLER" ]] || err "Installer not found/executable: $PHPMYADMIN_INSTALLER"
  bash "$PHPMYADMIN_INSTALLER" install
  [[ -f "$PHPMYADMIN_CONF" ]] || err "Installer ran but $PHPMYADMIN_CONF still not present."
fi

# -----------------------------
# Update phpMyAdmin SSL cert paths and server_name
# -----------------------------
msg "Updating phpMyAdmin SSL config: $PHPMYADMIN_CONF"
backup_file "$PHPMYADMIN_CONF"

# Replace or append ssl_certificate lines
sed -i -E "s~^\s*ssl_certificate\s+[^;]+;~    ssl_certificate ${CERT_FILE};~" "$PHPMYADMIN_CONF" || true
sed -i -E "s~^\s*ssl_certificate_key\s+[^;]+;~    ssl_certificate_key ${KEY_FILE};~" "$PHPMYADMIN_CONF" || true

if ! grep -qE '^\s*ssl_certificate\s+' "$PHPMYADMIN_CONF"; then
  echo "    ssl_certificate ${CERT_FILE};" >> "$PHPMYADMIN_CONF"
fi
if ! grep -qE '^\s*ssl_certificate_key\s+' "$PHPMYADMIN_CONF"; then
  echo "    ssl_certificate_key ${KEY_FILE};" >> "$PHPMYADMIN_CONF"
fi

# Ensure server_name matches DOMAIN
if grep -qE '^\s*server_name\s+' "$PHPMYADMIN_CONF"; then
  if ! grep -qE "^\s*server_name\s+${DOMAIN};" "$PHPMYADMIN_CONF"; then
    msg "Updating server_name in phpMyAdmin conf to ${DOMAIN}"
    sed -i -E "s~^\s*server_name\s+[^;]+;~    server_name ${DOMAIN};~" "$PHPMYADMIN_CONF"
  else
    msg "server_name in phpMyAdmin conf already ${DOMAIN}"
  fi
else
  msg "Adding server_name ${DOMAIN} to phpMyAdmin conf"
  awk -v dom="$DOMAIN" '
    BEGIN{done=0}
    {
      print
      if (!done && $0 ~ /^[[:space:]]*server[[:space:]]*\{/){
        print "    server_name " dom ";"
        done=1
      }
    }
  ' "$PHPMYADMIN_CONF" > "${PHPMYADMIN_CONF}.tmp" && mv "${PHPMYADMIN_CONF}.tmp" "$PHPMYADMIN_CONF"
fi

# -----------------------------
# Final nginx test and reload
# -----------------------------
reload_nginx

msg "All done. Hostname set to ${DOMAIN}, SSL installed, and nginx reloaded."
@ Telegram