#!/usr/bin/env bash # Add NPMplus proxy host for Sankofa Studio: studio.sankofa.nexus → 192.168.11.72:8000 # # Usage: NPM_PASSWORD=xxx bash scripts/nginx-proxy-manager/add-studio-sankofa-npmplus-proxy.sh # Or: source .env && bash scripts/nginx-proxy-manager/add-studio-sankofa-npmplus-proxy.sh # # Prerequisites: NPM_PASSWORD (and optionally NPM_URL, NPM_EMAIL) in .env or env. set -euo pipefail SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" PROJECT_ROOT="$(cd "$SCRIPT_DIR/../.." && pwd)" source "$PROJECT_ROOT/config/ip-addresses.conf" 2>/dev/null || true [ -f "$PROJECT_ROOT/.env" ] && set +u && source "$PROJECT_ROOT/.env" 2>/dev/null || true && set -u DOMAIN="studio.sankofa.nexus" IP_SANKOFA_STUDIO="${IP_SANKOFA_STUDIO:-192.168.11.72}" PORT=8000 NPM_URL="${NPM_URL:-https://192.168.11.167:81}" NPM_EMAIL="${NPM_EMAIL:-admin@example.org}" NPM_PASSWORD="${NPM_PASSWORD:-}" if [ -z "$NPM_PASSWORD" ]; then echo "❌ NPM_PASSWORD required. Set in .env or: NPM_PASSWORD=xxx $0" exit 1 fi echo "Adding NPMplus proxy: $DOMAIN → http://${IP_SANKOFA_STUDIO}:${PORT}" echo "NPMplus URL: $NPM_URL" echo "" AUTH_JSON=$(jq -n --arg identity "$NPM_EMAIL" --arg secret "$NPM_PASSWORD" '{identity:$identity,secret:$secret}') TOKEN_RESPONSE=$(curl -s -k -X POST "$NPM_URL/api/tokens" -H "Content-Type: application/json" -d "$AUTH_JSON") TOKEN=$(echo "$TOKEN_RESPONSE" | jq -r '.token // .accessToken // .access_token // empty' 2>/dev/null) if [ -z "$TOKEN" ] || [ "$TOKEN" = "null" ]; then echo "❌ NPMplus authentication failed. Check NPM_URL, NPM_EMAIL, NPM_PASSWORD." echo "$TOKEN_RESPONSE" | jq -r '.message // .error // "unknown"' 2>/dev/null || echo "$TOKEN_RESPONSE" exit 1 fi PROXY_HOSTS_JSON=$(curl -s -k -X GET "$NPM_URL/api/nginx/proxy-hosts" -H "Authorization: Bearer $TOKEN") EXISTING_ID=$(echo "$PROXY_HOSTS_JSON" | jq -r ".[] | select(.domain_names[]? == \"$DOMAIN\") | .id" 2>/dev/null | head -1) if [ -n "$EXISTING_ID" ] && [ "$EXISTING_ID" != "null" ]; then echo "✓ Proxy host for $DOMAIN already exists (ID: $EXISTING_ID). Updating target to ${IP_SANKOFA_STUDIO}:${PORT}..." PAYLOAD=$(jq -n \ --arg domain "$DOMAIN" \ --arg host "$IP_SANKOFA_STUDIO" \ --argjson port "$PORT" \ '{ domain_names: [$domain], forward_scheme: "http", forward_host: $host, forward_port: $port, allow_websocket_upgrade: false, block_exploits: false, certificate_id: null, ssl_forced: false }') RESP=$(curl -s -k -X PUT "$NPM_URL/api/nginx/proxy-hosts/$EXISTING_ID" \ -H "Authorization: Bearer $TOKEN" \ -H "Content-Type: application/json" \ -d "$PAYLOAD") if echo "$RESP" | jq -e '.id' >/dev/null 2>&1; then echo "✓ Updated $DOMAIN → http://${IP_SANKOFA_STUDIO}:${PORT}" else echo "❌ Update failed: $(echo "$RESP" | jq -r '.message // .error // "unknown"' 2>/dev/null)" exit 1 fi else PAYLOAD=$(jq -n \ --arg domain "$DOMAIN" \ --arg host "$IP_SANKOFA_STUDIO" \ --argjson port "$PORT" \ '{ domain_names: [$domain], forward_scheme: "http", forward_host: $host, forward_port: $port, allow_websocket_upgrade: false, block_exploits: false, certificate_id: null, ssl_forced: false }') RESP=$(curl -s -k -X POST "$NPM_URL/api/nginx/proxy-hosts" \ -H "Authorization: Bearer $TOKEN" \ -H "Content-Type: application/json" \ -d "$PAYLOAD") NEW_ID=$(echo "$RESP" | jq -r '.id // empty' 2>/dev/null) if [ -n "$NEW_ID" ] && [ "$NEW_ID" != "null" ]; then echo "✓ Created proxy host: $DOMAIN → http://${IP_SANKOFA_STUDIO}:${PORT} (ID: $NEW_ID)" else echo "❌ Create failed: $(echo "$RESP" | jq -r '.message // .error // "unknown"' 2>/dev/null)" exit 1 fi fi echo "" echo "Next: Request SSL in NPMplus UI for $DOMAIN and enable Force SSL." echo "DNS: Ensure studio.sankofa.nexus resolves (e.g. run scripts/cloudflare/add-studio-sankofa-dns.sh)."