diff --git a/zerotier-setup.sh b/zerotier-setup.sh new file mode 100644 index 0000000..bddc6e7 --- /dev/null +++ b/zerotier-setup.sh @@ -0,0 +1,161 @@ +#!/bin/bash + +# Check if script is run as root +if [ "$EUID" -ne 0 ]; then + echo "Please run as root" + exit 1 +fi + +# Variables +CLOUDPANEL_PORT="8443" +SSH_PORT="22" +SFTP_PORT="22" +DB_PATH="/home/clp/htdocs/app/data/db.sq3" +NGINX_CONF="/home/clp/services/nginx/sites-enabled/cloudpanel.conf" +MAX_TRIES=12 + +# Prompt for ZeroTier Network ID +echo -n "Please enter your ZeroTier Network ID: " +read ZEROTIER_NETWORK_ID + +# Validate Network ID format (16 character hex) +if ! [[ $ZEROTIER_NETWORK_ID =~ ^[0-9a-fA-F]{16}$ ]]; then + echo "Error: Invalid ZeroTier Network ID format. It should be a 16-character hexadecimal string." + echo "Example: a1b2c3d4e5f67890" + exit 1 +fi + +echo "Using ZeroTier Network ID: $ZEROTIER_NETWORK_ID" + +# Install ZeroTier if not already installed +if ! command -v zerotier-cli &> /dev/null; then + echo "Installing ZeroTier..." + curl -s https://install.zerotier.com | bash +fi + +# Join ZeroTier network if not already joined +if ! zerotier-cli listnetworks | grep -q "$ZEROTIER_NETWORK_ID"; then + echo "Joining ZeroTier network..." + zerotier-cli join $ZEROTIER_NETWORK_ID +fi + +# Function to get ZeroTier IP - using multiple methods +get_zerotier_ip() { + # Method 1: Direct interface check + local ip1=$(ip addr show zt0 2>/dev/null | grep -Po 'inet \K[\d.]+') + + # Method 2: ZeroTier CLI check + local ip2=$(zerotier-cli listnetworks | grep $ZEROTIER_NETWORK_ID | grep -Po '\s\K[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+') + + # Return the first successful result + if [ ! -z "$ip1" ]; then + echo "$ip1" + elif [ ! -z "$ip2" ]; then + echo "$ip2" + else + echo "" + fi +} + +# Debug information +echo "Current ZeroTier Status:" +zerotier-cli status +echo -e "\nNetwork Information:" +zerotier-cli listnetworks +echo -e "\nInterface Information:" +ip addr show zt0 +echo -e "\nWaiting for ZeroTier IP assignment..." + +# Wait for network connection and IP assignment +ZEROTIER_IP="" +COUNTER=0 + +while [ -z "$ZEROTIER_IP" ] && [ $COUNTER -lt $MAX_TRIES ]; do + ZEROTIER_IP=$(get_zerotier_ip) + if [ -z "$ZEROTIER_IP" ]; then + echo "Attempt $((COUNTER+1))/$MAX_TRIES: Waiting for IP assignment..." + echo "Please make sure to authorize this node in your ZeroTier Central dashboard!" + sleep 10 + COUNTER=$((COUNTER+1)) + else + echo "Found ZeroTier IP: $ZEROTIER_IP" + fi +done + +if [ -z "$ZEROTIER_IP" ]; then + echo "Failed to get ZeroTier IP after $MAX_TRIES attempts." + echo "Current network status:" + zerotier-cli listnetworks + echo -e "\nPlease verify:" + echo "1. Network ID is correct: $ZEROTIER_NETWORK_ID" + echo "2. Node is authorized in ZeroTier Central" + echo "3. Network interface exists:" + ip link show zt0 + exit 1 +fi + +# Confirm with user before proceeding +echo -e "\nFound ZeroTier IP: $ZEROTIER_IP" +echo "Would you like to proceed with the firewall and nginx configuration? (y/n)" +read -r response + +if [[ ! $response =~ ^[Yy]$ ]]; then + echo "Setup cancelled by user" + exit 0 +fi + +# Backup original files +echo "Creating backups..." +cp "$NGINX_CONF" "${NGINX_CONF}.backup.$(date +%Y%m%d%H%M%S)" +sqlite3 "$DB_PATH" ".backup '${DB_PATH}.backup.$(date +%Y%m%d%H%M%S)'" + +# Update CloudPanel nginx configuration +echo "Updating nginx configuration..." +sed -i.bak "s/listen 8443 ssl;/listen $ZEROTIER_IP:8443 ssl;/" "$NGINX_CONF" + +# Update firewall rules in SQLite database +echo "Updating firewall rules..." +sqlite3 "$DB_PATH" << EOF +BEGIN TRANSACTION; + +-- Remove existing rules for these ports +DELETE FROM firewall_rule WHERE port_range IN ('22', '80', '443', '8443'); + +-- Add new rules for SSH (ZeroTier only) +INSERT INTO firewall_rule (created_at, updated_at, port_range, source, description) +VALUES +(datetime('now'), datetime('now'), '22', '${ZEROTIER_IP}/32', 'SSH via ZeroTier'); + +-- Add new rules for HTTP/HTTPS (open to all) +INSERT INTO firewall_rule (created_at, updated_at, port_range, source, description) +VALUES +(datetime('now'), datetime('now'), '80', '0.0.0.0/0', 'HTTP open to all'), +(datetime('now'), datetime('now'), '443', '0.0.0.0/0', 'HTTPS open to all'); + +-- Add new rule for CloudPanel UI (ZeroTier only) +INSERT INTO firewall_rule (created_at, updated_at, port_range, source, description) +VALUES +(datetime('now'), datetime('now'), '8443', '${ZEROTIER_IP}/32', 'CloudPanel UI via ZeroTier'); + +COMMIT; +EOF + +# Restart services +echo "Restarting services..." +systemctl restart nginx +systemctl restart ufw + +# Final status check +echo -e "\nFinal ZeroTier Status:" +zerotier-cli status +echo -e "\nNetwork Status:" +zerotier-cli listnetworks + +echo -e "\nSetup complete! Please verify the following:" +echo "1. SSH access via ZeroTier IP: ${ZEROTIER_IP}" +echo "2. CloudPanel UI access: https://${ZEROTIER_IP}:8443" +echo "3. HTTP/HTTPS (80/443) are open to all IPs" +echo "" +echo "Backup files created:" +echo "- Nginx config: ${NGINX_CONF}.backup.*" +echo "- Database: ${DB_PATH}.backup.*" \ No newline at end of file