161 lines
No EOL
4.8 KiB
Bash
161 lines
No EOL
4.8 KiB
Bash
#!/bin/bash
|
|
|
|
# Check if script is run as root
|
|
if [ "$EUID" -ne 0 ]; then
|
|
echo "Please run as root"
|
|
exit 1
|
|
fi
|
|
|
|
# Variables
|
|
CLOUDPANEL_PORT="8443"
|
|
SSH_PORT="22"
|
|
SFTP_PORT="22"
|
|
DB_PATH="/home/clp/htdocs/app/data/db.sq3"
|
|
NGINX_CONF="/home/clp/services/nginx/sites-enabled/cloudpanel.conf"
|
|
MAX_TRIES=12
|
|
|
|
# Prompt for ZeroTier Network ID
|
|
echo -n "Please enter your ZeroTier Network ID: "
|
|
read ZEROTIER_NETWORK_ID
|
|
|
|
# Validate Network ID format (16 character hex)
|
|
if ! [[ $ZEROTIER_NETWORK_ID =~ ^[0-9a-fA-F]{16}$ ]]; then
|
|
echo "Error: Invalid ZeroTier Network ID format. It should be a 16-character hexadecimal string."
|
|
echo "Example: a1b2c3d4e5f67890"
|
|
exit 1
|
|
fi
|
|
|
|
echo "Using ZeroTier Network ID: $ZEROTIER_NETWORK_ID"
|
|
|
|
# Install ZeroTier if not already installed
|
|
if ! command -v zerotier-cli &> /dev/null; then
|
|
echo "Installing ZeroTier..."
|
|
curl -s https://install.zerotier.com | bash
|
|
fi
|
|
|
|
# Join ZeroTier network if not already joined
|
|
if ! zerotier-cli listnetworks | grep -q "$ZEROTIER_NETWORK_ID"; then
|
|
echo "Joining ZeroTier network..."
|
|
zerotier-cli join $ZEROTIER_NETWORK_ID
|
|
fi
|
|
|
|
# Function to get ZeroTier IP - using multiple methods
|
|
get_zerotier_ip() {
|
|
# Method 1: Direct interface check
|
|
local ip1=$(ip addr show zt0 2>/dev/null | grep -Po 'inet \K[\d.]+')
|
|
|
|
# Method 2: ZeroTier CLI check
|
|
local ip2=$(zerotier-cli listnetworks | grep $ZEROTIER_NETWORK_ID | grep -Po '\s\K[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+')
|
|
|
|
# Return the first successful result
|
|
if [ ! -z "$ip1" ]; then
|
|
echo "$ip1"
|
|
elif [ ! -z "$ip2" ]; then
|
|
echo "$ip2"
|
|
else
|
|
echo ""
|
|
fi
|
|
}
|
|
|
|
# Debug information
|
|
echo "Current ZeroTier Status:"
|
|
zerotier-cli status
|
|
echo -e "\nNetwork Information:"
|
|
zerotier-cli listnetworks
|
|
echo -e "\nInterface Information:"
|
|
ip addr show zt0
|
|
echo -e "\nWaiting for ZeroTier IP assignment..."
|
|
|
|
# Wait for network connection and IP assignment
|
|
ZEROTIER_IP=""
|
|
COUNTER=0
|
|
|
|
while [ -z "$ZEROTIER_IP" ] && [ $COUNTER -lt $MAX_TRIES ]; do
|
|
ZEROTIER_IP=$(get_zerotier_ip)
|
|
if [ -z "$ZEROTIER_IP" ]; then
|
|
echo "Attempt $((COUNTER+1))/$MAX_TRIES: Waiting for IP assignment..."
|
|
echo "Please make sure to authorize this node in your ZeroTier Central dashboard!"
|
|
sleep 10
|
|
COUNTER=$((COUNTER+1))
|
|
else
|
|
echo "Found ZeroTier IP: $ZEROTIER_IP"
|
|
fi
|
|
done
|
|
|
|
if [ -z "$ZEROTIER_IP" ]; then
|
|
echo "Failed to get ZeroTier IP after $MAX_TRIES attempts."
|
|
echo "Current network status:"
|
|
zerotier-cli listnetworks
|
|
echo -e "\nPlease verify:"
|
|
echo "1. Network ID is correct: $ZEROTIER_NETWORK_ID"
|
|
echo "2. Node is authorized in ZeroTier Central"
|
|
echo "3. Network interface exists:"
|
|
ip link show zt0
|
|
exit 1
|
|
fi
|
|
|
|
# Confirm with user before proceeding
|
|
echo -e "\nFound ZeroTier IP: $ZEROTIER_IP"
|
|
echo "Would you like to proceed with the firewall and nginx configuration? (y/n)"
|
|
read -r response
|
|
|
|
if [[ ! $response =~ ^[Yy]$ ]]; then
|
|
echo "Setup cancelled by user"
|
|
exit 0
|
|
fi
|
|
|
|
# Backup original files
|
|
echo "Creating backups..."
|
|
cp "$NGINX_CONF" "${NGINX_CONF}.backup.$(date +%Y%m%d%H%M%S)"
|
|
sqlite3 "$DB_PATH" ".backup '${DB_PATH}.backup.$(date +%Y%m%d%H%M%S)'"
|
|
|
|
# Update CloudPanel nginx configuration
|
|
echo "Updating nginx configuration..."
|
|
sed -i.bak "s/listen 8443 ssl;/listen $ZEROTIER_IP:8443 ssl;/" "$NGINX_CONF"
|
|
|
|
# Update firewall rules in SQLite database
|
|
echo "Updating firewall rules..."
|
|
sqlite3 "$DB_PATH" << EOF
|
|
BEGIN TRANSACTION;
|
|
|
|
-- Remove existing rules for these ports
|
|
DELETE FROM firewall_rule WHERE port_range IN ('22', '80', '443', '8443');
|
|
|
|
-- Add new rules for SSH (ZeroTier only)
|
|
INSERT INTO firewall_rule (created_at, updated_at, port_range, source, description)
|
|
VALUES
|
|
(datetime('now'), datetime('now'), '22', '${ZEROTIER_IP}/32', 'SSH via ZeroTier');
|
|
|
|
-- Add new rules for HTTP/HTTPS (open to all)
|
|
INSERT INTO firewall_rule (created_at, updated_at, port_range, source, description)
|
|
VALUES
|
|
(datetime('now'), datetime('now'), '80', '0.0.0.0/0', 'HTTP open to all'),
|
|
(datetime('now'), datetime('now'), '443', '0.0.0.0/0', 'HTTPS open to all');
|
|
|
|
-- Add new rule for CloudPanel UI (ZeroTier only)
|
|
INSERT INTO firewall_rule (created_at, updated_at, port_range, source, description)
|
|
VALUES
|
|
(datetime('now'), datetime('now'), '8443', '${ZEROTIER_IP}/32', 'CloudPanel UI via ZeroTier');
|
|
|
|
COMMIT;
|
|
EOF
|
|
|
|
# Restart services
|
|
echo "Restarting services..."
|
|
systemctl restart nginx
|
|
systemctl restart ufw
|
|
|
|
# Final status check
|
|
echo -e "\nFinal ZeroTier Status:"
|
|
zerotier-cli status
|
|
echo -e "\nNetwork Status:"
|
|
zerotier-cli listnetworks
|
|
|
|
echo -e "\nSetup complete! Please verify the following:"
|
|
echo "1. SSH access via ZeroTier IP: ${ZEROTIER_IP}"
|
|
echo "2. CloudPanel UI access: https://${ZEROTIER_IP}:8443"
|
|
echo "3. HTTP/HTTPS (80/443) are open to all IPs"
|
|
echo ""
|
|
echo "Backup files created:"
|
|
echo "- Nginx config: ${NGINX_CONF}.backup.*"
|
|
echo "- Database: ${DB_PATH}.backup.*" |