proxmox/scripts/verify/verify-npmplus-mifos-config.sh

#!/usr/bin/env bash
# Verify NPMplus Mifos (10237) container and proxy host for mifos.d-bis.org.
# Uses NPM_EMAIL + NPM_PASSWORD from .env (same as other NPMplus). Run from project root.
set -euo pipefail

SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
PROJECT_ROOT="$(cd "$SCRIPT_DIR/../.." && pwd)"
cd "$PROJECT_ROOT"
source config/ip-addresses.conf 2>/dev/null || true
[ -f .env ] && set +u && source .env 2>/dev/null || true && set -u

HOST="${PROXMOX_HOST_R630_02:-192.168.11.12}"
VMID="${NPMPLUS_MIFOS_VMID:-10237}"
IP="${IP_NPMPLUS_MIFOS:-192.168.11.171}"
NPM_URL="https://${IP}:81"
EXPECT_DOMAIN="mifos.d-bis.org"
EXPECT_FORWARD_IP="192.168.11.85"
EXPECT_FORWARD_PORT=80

echo "=== NPMplus Mifos (10237) config check ==="
echo ""

# 1. Container and Docker
echo "1. Container $VMID on $HOST:"
STATUS=$(ssh -o ConnectTimeout=10 -o StrictHostKeyChecking=no root@$HOST "pct status $VMID 2>/dev/null" || true)
echo "   $STATUS"
if ! echo "$STATUS" | grep -q "running"; then
  echo "   FAIL: container not running"
  exit 1
fi
echo "   OK: running"

echo ""
echo "2. Docker (npmplus) in 10237:"
DOCKER=$(ssh -o ConnectTimeout=10 root@$HOST "pct exec $VMID -- docker ps --filter name=npmplus --format '{{.Status}}' 2>/dev/null" || true)
echo "   $DOCKER"
if ! echo "$DOCKER" | grep -qE "Up|healthy"; then
  echo "   FAIL: npmplus container not up"
  exit 1
fi
echo "   OK: npmplus running"

# 2. Local ports (from inside 10237)
echo ""
echo "3. Ports 80/81/443 from inside 10237:"
for port in 80 81 443; do
  CODE=$(ssh -o ConnectTimeout=10 root@$HOST "pct exec $VMID -- curl -sk -o /dev/null -w '%{http_code}' --connect-timeout 2 http://127.0.0.1:$port 2>/dev/null" || echo "000")
  echo "   port $port: HTTP $CODE"
done

# 3. NPM API — proxy hosts (requires NPM_PASSWORD in .env and reachable 192.168.11.171)
echo ""
echo "4. NPM API proxy hosts (mifos.d-bis.org):"
if [ -z "${NPM_PASSWORD:-}" ]; then
  echo "   SKIP: NPM_PASSWORD not set in .env (cannot authenticate to NPM API)"
  echo "   To verify proxy host in UI: https://${IP}:81 (same NPM_EMAIL/NPM_PASSWORD as other NPMplus)"
  exit 0
fi

if ! curl -sk -o /dev/null --connect-timeout 3 "$NPM_URL/" 2>/dev/null; then
  echo "   SKIP: cannot reach $NPM_URL (run from LAN or use SSH tunnel)"
  exit 0
fi

AUTH_JSON=$(jq -n --arg identity "${NPM_EMAIL:-admin@example.org}" --arg secret "$NPM_PASSWORD" '{identity:$identity,secret:$secret}')
TOKEN_RESP=$(curl -sk -X POST "$NPM_URL/api/tokens" -H "Content-Type: application/json" -d "$AUTH_JSON")
TOKEN=$(echo "$TOKEN_RESP" | jq -r '.token // empty' 2>/dev/null)
if [ -z "$TOKEN" ]; then
  echo "   FAIL: NPM API auth failed (check NPM_EMAIL/NPM_PASSWORD in .env)"
  echo "   NPMplus Mifos uses the same credentials as other NPMplus. If this is a fresh install, set the admin password in https://${IP}:81 to match NPM_PASSWORD in .env."
  exit 1
fi

HOSTS_JSON=$(curl -sk -X GET "$NPM_URL/api/nginx/proxy-hosts" -H "Authorization: Bearer $TOKEN")
COUNT=$(echo "$HOSTS_JSON" | jq -r 'length' 2>/dev/null || echo "0")
MIFOS=$(echo "$HOSTS_JSON" | jq -r --arg d "$EXPECT_DOMAIN" '.[] | select(.domain_names[]? == $d) | {domain: .domain_names[0], forward_host: .forward_host, forward_port: .forward_port, ssl_forced: .ssl_forced}' 2>/dev/null | head -20)

if [ -z "$MIFOS" ]; then
  echo "   FAIL: no proxy host found for $EXPECT_DOMAIN"
  echo "   Add in NPM UI: https://${IP}:81 → Proxy Hosts → Domain $EXPECT_DOMAIN → Forward $EXPECT_FORWARD_IP:$EXPECT_FORWARD_PORT"
  exit 1
fi

echo "$MIFOS" | while read -r line; do echo "   $line"; done
FORWARD_HOST=$(echo "$HOSTS_JSON" | jq -r --arg d "$EXPECT_DOMAIN" '.[] | select(.domain_names[]? == $d) | .forward_host' 2>/dev/null | head -1)
FORWARD_PORT=$(echo "$HOSTS_JSON" | jq -r --arg d "$EXPECT_DOMAIN" '.[] | select(.domain_names[]? == $d) | .forward_port' 2>/dev/null | head -1)

if [ "$FORWARD_HOST" != "$EXPECT_FORWARD_IP" ] || [ "$FORWARD_PORT" != "$EXPECT_FORWARD_PORT" ]; then
  echo "   FAIL: expected forward $EXPECT_FORWARD_IP:$EXPECT_FORWARD_PORT, got $FORWARD_HOST:$FORWARD_PORT"
  exit 1
fi
echo "   OK: mifos.d-bis.org → $FORWARD_HOST:$FORWARD_PORT"