proxmox/scripts/nginx-proxy-manager/add-dapp-proxy-host-via-ssh.sh

#!/usr/bin/env bash
# Run the NPM add-dapp-proxy-host logic on a Proxmox host (so it can reach NPMplus at 192.168.11.167).
# Usage: From project root, source .env then:
#   bash scripts/nginx-proxy-manager/add-dapp-proxy-host-via-ssh.sh
#   Or: PROXMOX_HOST=192.168.11.12 NPM_EMAIL=... NPM_PASSWORD=... bash scripts/nginx-proxy-manager/add-dapp-proxy-host-via-ssh.sh
set -euo pipefail
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
PROJECT_ROOT="$(cd "$SCRIPT_DIR/../.." && pwd)"
source "$PROJECT_ROOT/config/ip-addresses.conf" 2>/dev/null || true
[ -f "$PROJECT_ROOT/.env" ] && set +u && source "$PROJECT_ROOT/.env" 2>/dev/null || true && set -u

# Host that can reach NPMplus (192.168.11.167:81). Try NPMPLUS_SSH_HOST if default cannot reach it (e.g. NPMplus VM itself).
PROXMOX_HOST="${NPMPLUS_SSH_HOST:-${PROXMOX_HOST_R630_02:-192.168.11.12}}"
NPM_EMAIL="${NPM_EMAIL:-admin@example.org}"
NPM_PASSWORD="${NPM_PASSWORD:-}"
DAPP_IP="${IP_DAPP_LXC:-192.168.11.58}"
NPM_URL="${NPM_URL:-https://192.168.11.167:81}"

[ -z "$NPM_PASSWORD" ] && echo "Set NPM_PASSWORD (e.g. source .env)" && exit 1

# Remote script: no jq required (Proxmox host may not have it)
REMOTE_SCRIPT='
set -euo pipefail
[ -z "${NPM_PASSWORD:-}" ] && echo "NPM_PASSWORD not set on remote" && exit 1
AUTH_JSON="{\"identity\":\"$NPM_EMAIL\",\"secret\":\"$NPM_PASSWORD\"}"
TOKEN_RESP=$(curl -sk -X POST "$NPM_URL/api/tokens" -H "Content-Type: application/json" -d "$AUTH_JSON")
TOKEN=$(echo "$TOKEN_RESP" | sed -n "s/.*\"token\"[[:space:]]*:[[:space:]]*\"\([^\"]*\)\".*/\1/p" | head -1)
[ -z "$TOKEN" ] && TOKEN=$(echo "$TOKEN_RESP" | sed -n "s/.*\"accessToken\"[[:space:]]*:[[:space:]]*\"\([^\"]*\)\".*/\1/p" | head -1)
[ -z "$TOKEN" ] && echo "Auth failed. Response: $TOKEN_RESP" && exit 1
BODY="{\"domain_names\":[\"dapp.d-bis.org\"],\"forward_scheme\":\"http\",\"forward_host\":\"$DAPP_IP\",\"forward_port\":80,\"allow_websocket_upgrade\":true,\"certificate_id\":null,\"ssl_forced\":false}"
resp=$(curl -sk -X POST "$NPM_URL/api/nginx/proxy-hosts" -H "Authorization: Bearer $TOKEN" -H "Content-Type: application/json" -d "$BODY")
if echo "$resp" | grep -q "\"id\""; then echo "Added: dapp.d-bis.org -> $DAPP_IP:80"; else echo "Create failed: $resp"; exit 1; fi
echo "Request SSL in NPMplus UI for dapp.d-bis.org and enable Force SSL."
'

echo "Running NPM add proxy host from Proxmox host $PROXMOX_HOST (must be on same LAN as NPMplus 192.168.11.167)..."
# Escape single quotes in password for remote export: ' -> '\''
PASS_ESC="${NPM_PASSWORD//\'/\'\\\'\'}"
OUTPUT=$(ssh -o ConnectTimeout=10 -o StrictHostKeyChecking=accept-new root@"$PROXMOX_HOST" \
  "export NPM_EMAIL='${NPM_EMAIL//\'/\'\\\'\'}' NPM_PASSWORD='$PASS_ESC' NPM_URL='$NPM_URL' DAPP_IP='$DAPP_IP'; bash -s" <<< "$REMOTE_SCRIPT" 2>&1) || true
echo "$OUTPUT"
if ! echo "$OUTPUT" | grep -q "Added: dapp.d-bis.org"; then
  echo "Failed. Ensure this machine can SSH to $PROXMOX_HOST and that host can reach $NPM_URL (same LAN)." >&2
  exit 1
fi