d-bis/proxmox
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
968d7388ca87c61234bae4f96adfb2bbd66e7fff
proxmox/scripts/nginx-proxy-manager/upsert-ccip-relay-mainnet-cw-proxy-host.sh
defiQUG dbd517b279 Sync workspace: config, docs, scripts, CI, operator rules, and submodule pointers. 
- Update dbis_core, cross-chain-pmm-lps, explorer-monorepo, metamask-integration, pr-workspace/chains
- Omit embedded publish git dirs and empty placeholders from index

Made-with: Cursor
2026-04-12 06:12:20 -07:00

95 lines
4.9 KiB
Bash
Executable File
Raw Blame History

#!/usr/bin/env bash
# Upsert only the NPMplus proxy host for CCIP mainnet-cw relay health (no full fleet update).
# Use when update-npmplus-proxy-hosts-api.sh is slow or you need a quick relay-only change.
#
# Tries POST (create) first so a new hostname does not require downloading the full proxy-host list
# (which can be slow or time out on large NPM instances).
#
# Env: NPM_URL, NPM_EMAIL, NPM_PASSWORD (from .env); optional:
# CCIP_RELAY_MAINNET_CW_PUBLIC_HOST (default relay-mainnet-cw.d-bis.org)
# CCIP_RELAY_MAINNET_CW_UPSTREAM_IP (default PROXMOX_HOST_R630_01 or 192.168.11.11)
# CCIP_RELAY_MAINNET_CW_UPSTREAM_PORT (default 9863)
# NPM_CURL_MAX_TIME (default 300)
set -euo pipefail
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
PROJECT_ROOT="$(cd "$SCRIPT_DIR/../.." && pwd)"
source "${PROJECT_ROOT}/config/ip-addresses.conf" 2>/dev/null || true
_orig_npm_url="${NPM_URL:-}"
_orig_npm_email="${NPM_EMAIL:-}"
_orig_npm_password="${NPM_PASSWORD:-}"
if [ -f "$PROJECT_ROOT/.env" ]; then set +u; source "$PROJECT_ROOT/.env"; set -u; fi
if [ -f "$PROJECT_ROOT/smom-dbis-138/.env" ]; then set +u; source "$PROJECT_ROOT/smom-dbis-138/.env"; set -u; fi
[ -n "$_orig_npm_url" ] && NPM_URL="$_orig_npm_url"
[ -n "$_orig_npm_email" ] && NPM_EMAIL="$_orig_npm_email"
[ -n "$_orig_npm_password" ] && NPM_PASSWORD="$_orig_npm_password"
source "${PROJECT_ROOT}/config/ip-addresses.conf" 2>/dev/null || true
# Default HTTPS — plain http:// on :81 often 301s to https:// and breaks token POST if curl -L downgrades body.
NPM_URL="${NPM_URL:-https://${IP_NPMPLUS}:81}"
NPM_EMAIL="${NPM_EMAIL:-nsatoshi2007@hotmail.com}"
NPM_PASSWORD="${NPM_PASSWORD:-}"
[ -z "$NPM_PASSWORD" ] && { echo "NPM_PASSWORD required (.env or export)"; exit 1; }
DOMAIN="${CCIP_RELAY_MAINNET_CW_PUBLIC_HOST:-relay-mainnet-cw.d-bis.org}"
UP_IP="${CCIP_RELAY_MAINNET_CW_UPSTREAM_IP:-${PROXMOX_HOST_R630_01:-192.168.11.11}}"
UP_PORT="${CCIP_RELAY_MAINNET_CW_UPSTREAM_PORT:-9863}"
NPM_CURL_MAX_TIME="${NPM_CURL_MAX_TIME:-300}"
curl_npm() { curl -s -k -L --http1.1 --connect-timeout 30 --max-time "$NPM_CURL_MAX_TIME" "$@"; }
try_connect() { curl -s -k -L -o /dev/null --connect-timeout 5 --max-time 20 "$1" 2>/dev/null; }
if ! try_connect "$NPM_URL/"; then
http_url="${NPM_URL/https:/http:}"
try_connect "$http_url/" && NPM_URL="$http_url"
fi
AUTH_JSON=$(jq -n --arg identity "$NPM_EMAIL" --arg secret "$NPM_PASSWORD" '{identity:$identity,secret:$secret}')
TOKEN=$(curl_npm -X POST "$NPM_URL/api/tokens" -H "Content-Type: application/json" -d "$AUTH_JSON" | jq -r '.token // empty')
[ -n "$TOKEN" ] && [ "$TOKEN" != "null" ] || { echo "NPM auth failed"; exit 1; }
ADV='add_header Referrer-Policy "strict-origin-when-cross-origin" always;'
PAYLOAD_ADD=$(jq -n \
--arg domain "$DOMAIN" \
--arg host "$UP_IP" \
--argjson port "$UP_PORT" \
--arg adv "$ADV" \
'{domain_names:[$domain],forward_scheme:"http",forward_host:$host,forward_port:$port,allow_websocket_upgrade:false,block_exploits:false,certificate_id:null,ssl_forced:false,advanced_config:$adv}')
echo "Trying create (POST) for $DOMAIN -> http://${UP_IP}:${UP_PORT}"
RESP=$(curl_npm -X POST "$NPM_URL/api/nginx/proxy-hosts" -H "Authorization: Bearer $TOKEN" -H "Content-Type: application/json" -d "$PAYLOAD_ADD")
if echo "$RESP" | jq -e '.id' >/dev/null 2>&1; then
echo "OK created id=$(echo "$RESP" | jq -r .id)"
exit 0
fi
ERR_MSG=$(echo "$RESP" | jq -r '.message // .error.message // .error // empty' 2>/dev/null || echo "")
if ! echo "$ERR_MSG" | grep -qiE 'already|in use|exist|duplicate|unique'; then
echo "Create failed (not a duplicate case): $ERR_MSG"
echo "$RESP" | jq . 2>/dev/null || echo "$RESP"
exit 1
fi
echo "Host exists or name in use; fetching proxy list for PUT ($ERR_MSG)"
PROXY_JSON=$(curl_npm -X GET "$NPM_URL/api/nginx/proxy-hosts" -H "Authorization: Bearer $TOKEN")
if [ -z "$PROXY_JSON" ] || [ "$PROXY_JSON" = "[]" ]; then
echo "Empty proxy list response (timeout or NPM error). Try NPM_CURL_MAX_TIME=600 or run from LAN."
exit 28
fi
HOST_ID=$(echo "$PROXY_JSON" | jq -r --arg d "$DOMAIN" '.[] | select(.domain_names | type == "array") | select(any(.domain_names[]; (. | tostring | ascii_downcase) == ($d | ascii_downcase))) | .id' | head -n1)
if [ -z "$HOST_ID" ] || [ "$HOST_ID" = "null" ]; then
echo "Could not resolve proxy host id for $DOMAIN after duplicate error."
exit 1
fi
echo "Updating proxy host $DOMAIN (id=$HOST_ID) -> http://${UP_IP}:${UP_PORT}"
PAYLOAD_PUT=$(jq -n \
--arg host "$UP_IP" \
--argjson port "$UP_PORT" \
--arg adv "$ADV" \
'{forward_scheme:"http",forward_host:$host,forward_port:$port,allow_websocket_upgrade:false,block_exploits:false,advanced_config:$adv}')
RESP=$(curl_npm -X PUT "$NPM_URL/api/nginx/proxy-hosts/$HOST_ID" -H "Authorization: Bearer $TOKEN" -H "Content-Type: application/json" -d "$PAYLOAD_PUT")
echo "$RESP" | jq -e '.id' >/dev/null && echo "OK updated" || { echo "$RESP" | jq . 2>/dev/null || echo "$RESP"; exit 1; }
Reference in New Issue View Git Blame Copy Permalink