kerrad/homelab-docs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

some fix

Browse Source
This commit is contained in:
Andrey
2026-02-25 21:01:06 +03:00
parent b0d2746490
commit b532527f32
12 changed files with 719 additions and 42 deletions
Download Patch File Download Diff File Expand all files Collapse all files

110
scripts/npm-add-proxy-vault.sh Normal file
View File

@@ -0,0 +1,110 @@
#!/bin/bash
# Add vault.katykhin.ru → 192.168.1.103:8280 via NPM API + Access List (LAN + VPN only)
# Usage: NPM_EMAIL=j3tears100@gmail.com NPM_PASSWORD=xxx ./npm-add-proxy-vault.sh
# Run from host that can reach NPM, or: ssh root@192.168.1.150 "pct exec 100 -- bash -s" < scripts/npm-add-proxy-vault.sh
# (then set NPM_URL=http://127.0.0.1:81 and NPM_EMAIL/NPM_PASSWORD in env or below)
# NPM credentials: see docs/containers/container-100.md
set -e
NPM_URL="${NPM_URL:-http://192.168.1.100:81}"
API="$NPM_URL/api"
NPM_EMAIL="${NPM_EMAIL:-j3tears100@gmail.com}"
NPM_PASSWORD="${NPM_PASSWORD:-kqEUubVq02DJTS8}"
echo "1. Getting token..."
TOKEN=$(curl -s -X POST "$API/tokens" \
-H "Content-Type: application/json" \
-d "{\"identity\":\"$NPM_EMAIL\",\"secret\":\"$NPM_PASSWORD\"}" \
| jq -r '.token // empty')
if [ -z "$TOKEN" ]; then
echo "Failed to get token"
exit 1
fi
ACCESS_LIST_ID=""
echo "2. Creating access list (LAN + VPN only)..."
# NPM backend may expect 0/1 for booleans; try minimal payload if 500
AL_PAYLOAD=$(jq -n \
--arg name "Vaultwarden LAN+VPN" \
'{ name: $name, satisfy_any: 0, pass_auth: 0 }')
AL_RESP=$(curl -s -w "\n%{http_code}" -X POST "$API/nginx/access-lists" \
-H "Authorization: Bearer $TOKEN" \
-H "Content-Type: application/json" \
-d "$AL_PAYLOAD")
AL_HTTP=$(echo "$AL_RESP" | tail -1)
AL_BODY=$(echo "$AL_RESP" | sed '$d')
if [ "$AL_HTTP" = "201" ] || [ "$AL_HTTP" = "200" ]; then
ACCESS_LIST_ID=$(echo "$AL_BODY" | jq -r '.id')
echo " Access list ID: $ACCESS_LIST_ID"
else
echo " Access list creation failed (HTTP $AL_HTTP): $AL_BODY"
echo " Creating proxy without access list; add list in NPM UI and attach to this proxy."
echo " In UI: Access Lists -> create 'Vaultwarden LAN+VPN', add Allow 192.168.1.0/24 and 10.10.99.0/24, then set it on vault.katykhin.ru proxy."
fi
# NPM API may not expose adding IP allow items via API; add 192.168.1.0/24 and 10.10.99.0/24 in UI.
echo "3. Finding certificate for vault.katykhin.ru..."
CERT_ID=$(curl -s -H "Authorization: Bearer $TOKEN" "$API/nginx/certificates" \
| jq -r '.[] | select(.domain_names[]? == "vault.katykhin.ru") | .id' | head -1)
if [ -z "$CERT_ID" ] || [ "$CERT_ID" = "null" ]; then
echo " Certificate not found in NPM. Adding from custom_ssl/npm-18..."
CERT_DIR="/opt/docker/nginx-proxy/data/custom_ssl/npm-18"
if [ -f "$CERT_DIR/fullchain.pem" ] && [ -f "$CERT_DIR/privkey.pem" ]; then
CERT_ESC=$(jq -Rs . < "$CERT_DIR/fullchain.pem")
KEY_ESC=$(jq -Rs . < "$CERT_DIR/privkey.pem")
CERT_RESP=$(curl -s -w "\n%{http_code}" -X POST "$API/nginx/certificates" \
-H "Authorization: Bearer $TOKEN" \
-H "Content-Type: application/json" \
-d "{\"provider\":\"other\",\"domain_names\":[\"vault.katykhin.ru\"],\"nice_name\":\"vault.katykhin.ru\",\"meta\":{\"certificate\":$CERT_ESC,\"certificate_key\":$KEY_ESC}}")
CERT_HTTP=$(echo "$CERT_RESP" | tail -1)
CERT_BODY=$(echo "$CERT_RESP" | sed '$d')
if [ "$CERT_HTTP" = "201" ]; then
CERT_ID=$(echo "$CERT_BODY" | jq -r '.id')
echo " Certificate added, ID: $CERT_ID"
else
echo " Failed to add certificate (HTTP $CERT_HTTP): $CERT_BODY"
CERT_ID=""
fi
else
echo " Skip: no cert files in $CERT_DIR (run from inside CT 100)"
fi
fi
echo "4. Creating proxy host vault.katykhin.ru -> 192.168.1.103:8280..."
PROXY_PAYLOAD=$(jq -n \
--arg cert "$CERT_ID" \
--arg alid "$ACCESS_LIST_ID" \
'{
domain_names: ["vault.katykhin.ru"],
forward_host: "192.168.1.103",
forward_port: "8280",
forward_scheme: "http",
enabled: true,
allow_websocket_upgrade: true,
http2_support: true,
block_exploits: true,
certificate_id: (if $cert != "" and $cert != "null" then ($cert | tonumber) else null end),
ssl_forced: ($cert != "" and $cert != "null"),
access_list_id: (if $alid != "" and $alid != "null" then ($alid | tonumber) else 0 end)
}')
RESP=$(curl -s -w "\n%{http_code}" -X POST "$API/nginx/proxy-hosts" \
-H "Authorization: Bearer $TOKEN" \
-H "Content-Type: application/json" \
-d "$PROXY_PAYLOAD")
HTTP_CODE=$(echo "$RESP" | tail -1)
BODY=$(echo "$RESP" | sed '$d')
if [ "$HTTP_CODE" = "201" ]; then
echo "Proxy host created: https://vault.katykhin.ru -> 192.168.1.103:8280 (Access List: LAN + VPN)"
echo "$BODY" | jq .
else
echo "Failed (HTTP $HTTP_CODE):"
echo "$BODY" | jq . 2>/dev/null || echo "$BODY"
exit 1
fi