proxmox/scripts/nginx-proxy-manager/update-npmplus-proxy-hosts-api.sh.bak

#!/bin/bash
set -euo pipefail

# Update existing NPMplus proxy hosts via API with correct VMIDs and IPs
# This script updates existing proxy hosts, not creates new ones

set -e

SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
PROJECT_ROOT="$(cd "$SCRIPT_DIR/../.." && pwd)"

# Preserve NPM credentials from environment so "export NPM_PASSWORD=...; ./script" works
_orig_npm_url="${NPM_URL:-}"
_orig_npm_email="${NPM_EMAIL:-}"
_orig_npm_password="${NPM_PASSWORD:-}"
if [ -f "$PROJECT_ROOT/.env" ]; then
  set +u
  # shellcheck source=/dev/null
  source "$PROJECT_ROOT/.env"
  set -u
  [ -n "$_orig_npm_url" ] && NPM_URL="$_orig_npm_url"
  [ -n "$_orig_npm_email" ] && NPM_EMAIL="$_orig_npm_email"
  [ -n "$_orig_npm_password" ] && NPM_PASSWORD="$_orig_npm_password"
fi

# Default .167: NPMplus (VMID 10233) reachable on 192.168.11.167:81; set NPM_URL in .env to override
NPM_URL="${NPM_URL:-https://192.168.11.167:81}"
NPM_EMAIL="${NPM_EMAIL:-nsatoshi2007@hotmail.com}"
NPM_PASSWORD="${NPM_PASSWORD:-}"

if [ -z "$NPM_PASSWORD" ]; then
  echo "❌ NPM_PASSWORD is required. Set it in .env or export NPM_PASSWORD=..."
  echo "   Example: echo 'NPM_PASSWORD=your-password' >> $PROJECT_ROOT/.env"
  exit 1
fi

echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
echo "🔄 Updating NPMplus Proxy Hosts via API"
echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
echo ""

# Authenticate (use jq to build JSON so password is safely escaped)
echo "🔐 Authenticating to NPMplus..."
AUTH_JSON=$(jq -n --arg identity "$NPM_EMAIL" --arg secret "$NPM_PASSWORD" '{identity:$identity,secret:$secret}')
TOKEN_RESPONSE=$(curl -s -k -X POST "$NPM_URL/api/tokens" \
  -H "Content-Type: application/json" \
  -d "$AUTH_JSON")

TOKEN=$(echo "$TOKEN_RESPONSE" | jq -r '.token // empty' 2>/dev/null || echo "")

if [ -z "$TOKEN" ] || [ "$TOKEN" = "null" ]; then
  ERROR_MSG=$(echo "$TOKEN_RESPONSE" | jq -r '.error.message // "Unknown error"' 2>/dev/null || echo "$TOKEN_RESPONSE")
  echo "❌ Authentication failed: $ERROR_MSG"
  exit 1
fi

echo "✅ Authentication successful"
echo ""

# Get all proxy hosts
echo "📋 Fetching existing proxy hosts..."
PROXY_HOSTS_JSON=$(curl -s -k -X GET "$NPM_URL/api/nginx/proxy-hosts" \
  -H "Authorization: Bearer $TOKEN")

if [ $? -ne 0 ]; then
  echo "❌ Failed to fetch proxy hosts"
  exit 1
fi

# Function to update proxy host
update_proxy_host() {
  local domain=$1
  local target=$2
  local websocket=$3
  
  # Parse target URL
  local scheme=$(echo "$target" | sed -E 's|^([^:]+):.*|\1|')
  local hostname=$(echo "$target" | sed -E 's|^[^/]+//([^:]+):.*|\1|')
  local port=$(echo "$target" | sed -E 's|^[^:]+://[^:]+:([0-9]+).*|\1|')
  
  # Handle https URLs
  if [[ "$target" == https://* ]]; then
    scheme="https"
    hostname=$(echo "$target" | sed -E 's|^https://([^:]+):.*|\1|')
    port=$(echo "$target" | sed -E 's|^https://[^:]+:([0-9]+).*|\1|' || echo "443")
  fi
  
  # Get host ID - domain_names is an array in the API response
  HOST_ID=$(echo "$PROXY_HOSTS_JSON" | jq -r ".[] | select(.domain_names | type == \"array\") | select(.domain_names[] == \"$domain\") | .id" 2>/dev/null | head -n1 || echo "")
  
  if [ -z "$HOST_ID" ] || [ "$HOST_ID" = "null" ]; then
    echo "⚠️  Domain $domain not found (skipping)"
    return 1
  fi
  
  echo "📋 Updating $domain (ID: $HOST_ID)..."
  
  # Create minimal update payload - NPMplus API only accepts specific fields
  # Must use forward_host (not forward_hostname) and locations must be array if present
  UPDATE_PAYLOAD=$(jq -n \
    --arg scheme "$scheme" \
    --arg hostname "$hostname" \
    --argjson port "$(echo "$port" | sed 's/[^0-9]//g')" \
    --argjson websocket "$websocket" \
    '{
      forward_scheme: $scheme,
      forward_host: $hostname,
      forward_port: $port,
      allow_websocket_upgrade: $websocket
    }' 2>/dev/null || echo "")
  
  UPDATE_RESPONSE=$(curl -s -k -X PUT "$NPM_URL/api/nginx/proxy-hosts/$HOST_ID" \
    -H "Authorization: Bearer $TOKEN" \
    -H "Content-Type: application/json" \
    -d "$UPDATE_PAYLOAD")
  
  UPDATE_ID=$(echo "$UPDATE_RESPONSE" | jq -r '.id // empty' 2>/dev/null || echo "")
  
  if [ -n "$UPDATE_ID" ] && [ "$UPDATE_ID" != "null" ]; then
    echo "  ✅ Updated: $scheme://$hostname:$port (WebSocket: $websocket)"
    return 0
  else
    ERROR=$(echo "$UPDATE_RESPONSE" | jq -r '.error.message // .error // "Unknown error"' 2>/dev/null || echo "$UPDATE_RESPONSE")
    echo "  ❌ Failed: $ERROR"
    return 1
  fi
}

# Update all domains
updated_count=0
failed_count=0

# Blockscout - Port 80 (nginx serves web UI, proxies /api/* to 4000 internally)
update_proxy_host "explorer.d-bis.org" "http://192.168.11.140:80" false && updated_count=$((updated_count + 1)) || failed_count=$((failed_count + 1))
update_proxy_host "rpc-http-pub.d-bis.org" "http://192.168.11.221:8545" true && updated_count=$((updated_count + 1)) || failed_count=$((failed_count + 1))
update_proxy_host "rpc-ws-pub.d-bis.org" "http://192.168.11.221:8546" true && updated_count=$((updated_count + 1)) || failed_count=$((failed_count + 1))
update_proxy_host "rpc-http-prv.d-bis.org" "http://192.168.11.211:8545" true && updated_count=$((updated_count + 1)) || failed_count=$((failed_count + 1))
update_proxy_host "rpc-ws-prv.d-bis.org" "http://192.168.11.211:8546" true && updated_count=$((updated_count + 1)) || failed_count=$((failed_count + 1))
update_proxy_host "rpc.public-0138.defi-oracle.io" "https://192.168.11.240:443" true && updated_count=$((updated_count + 1)) || failed_count=$((failed_count + 1))
# rpc.defi-oracle.io / wss.defi-oracle.io → same backend as rpc-http-pub / rpc-ws-pub (VMID 2201)
update_proxy_host "rpc.defi-oracle.io" "http://192.168.11.221:8545" true && updated_count=$((updated_count + 1)) || failed_count=$((failed_count + 1))
update_proxy_host "wss.defi-oracle.io" "http://192.168.11.221:8546" true && updated_count=$((updated_count + 1)) || failed_count=$((failed_count + 1))
# rpc.d-bis.org / rpc2.d-bis.org and WS variants → VMID 2201 (besu-rpc-public-1)
update_proxy_host "rpc.d-bis.org" "http://192.168.11.221:8545" true && updated_count=$((updated_count + 1)) || failed_count=$((failed_count + 1))
update_proxy_host "rpc2.d-bis.org" "http://192.168.11.221:8545" true && updated_count=$((updated_count + 1)) || failed_count=$((failed_count + 1))
update_proxy_host "ws.rpc.d-bis.org" "http://192.168.11.221:8546" true && updated_count=$((updated_count + 1)) || failed_count=$((failed_count + 1))
update_proxy_host "ws.rpc2.d-bis.org" "http://192.168.11.221:8546" true && updated_count=$((updated_count + 1)) || failed_count=$((failed_count + 1))
update_proxy_host "dbis-admin.d-bis.org" "http://192.168.11.130:80" false && updated_count=$((updated_count + 1)) || failed_count=$((failed_count + 1))
update_proxy_host "dbis-api.d-bis.org" "http://192.168.11.155:3000" false && updated_count=$((updated_count + 1)) || failed_count=$((failed_count + 1))
update_proxy_host "dbis-api-2.d-bis.org" "http://192.168.11.156:3000" false && updated_count=$((updated_count + 1)) || failed_count=$((failed_count + 1))
update_proxy_host "secure.d-bis.org" "http://192.168.11.130:80" false && updated_count=$((updated_count + 1)) || failed_count=$((failed_count + 1))
# MIM4U - VMID 7810 (mim-web-1) @ 192.168.11.37 - Web Frontend serves main site and proxies /api/* to 7811
update_proxy_host "mim4u.org" "http://192.168.11.37:80" false && updated_count=$((updated_count + 1)) || failed_count=$((failed_count + 1))
update_proxy_host "secure.mim4u.org" "http://192.168.11.37:80" false && updated_count=$((updated_count + 1)) || failed_count=$((failed_count + 1))
update_proxy_host "training.mim4u.org" "http://192.168.11.37:80" false && updated_count=$((updated_count + 1)) || failed_count=$((failed_count + 1))

echo ""
echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
echo "📊 Summary"
echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
echo "✅ Updated: $updated_count"
echo "❌ Failed: $failed_count"
echo ""