proxmox/scripts/nginx-proxy-manager/add-dapp-proxy-host.sh

#!/usr/bin/env bash
# Add dapp.d-bis.org -> 192.168.11.58:80 to NPMplus primary (192.168.11.167:81)
# Usage: NPM_PASSWORD=xxx bash scripts/nginx-proxy-manager/add-dapp-proxy-host.sh
set -euo pipefail
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
PROJECT_ROOT="$(cd "$SCRIPT_DIR/../.." && pwd)"
source "$PROJECT_ROOT/config/ip-addresses.conf" 2>/dev/null || true
[ -f "$PROJECT_ROOT/.env" ] && set +u && source "$PROJECT_ROOT/.env" 2>/dev/null || true && set -u
NPM_URL="${NPM_URL:-https://192.168.11.167:81}"
NPM_EMAIL="${NPM_EMAIL:-admin@example.org}"
NPM_PASSWORD="${NPM_PASSWORD:-}"
DAPP_IP="${IP_DAPP_LXC:-192.168.11.58}"
[ -z "$NPM_PASSWORD" ] && echo "Set NPM_PASSWORD" && exit 1
COOKIE_JAR="/tmp/npm_dapp_$$"
trap "rm -f $COOKIE_JAR" EXIT
AUTH_JSON=$(jq -n --arg identity "$NPM_EMAIL" --arg secret "$NPM_PASSWORD" '{identity:$identity,secret:$secret}')
TOKEN_RESP=$(curl -sk -X POST "$NPM_URL/api/tokens" -H "Content-Type: application/json" -d "$AUTH_JSON" -c "$COOKIE_JAR")
TOKEN=$(echo "$TOKEN_RESP" | jq -r '.token // .accessToken // .data.token // empty')
if [ -z "$TOKEN" ]; then echo "Auth failed"; echo "$TOKEN_RESP" | jq . 2>/dev/null; exit 1; fi
PROXY_HOSTS_JSON=$(curl -sk -X GET "$NPM_URL/api/nginx/proxy-hosts" -H "Authorization: Bearer $TOKEN")
HOSTS_ARRAY=$(echo "$PROXY_HOSTS_JSON" | jq -c 'if type == "array" then . elif .data != null then .data elif .proxy_hosts != null then .proxy_hosts else [] end' 2>/dev/null)
EXISTING_ID=$(echo "$HOSTS_ARRAY" | jq -r '.[] | select(.domain_names[]? == "dapp.d-bis.org") | .id' 2>/dev/null | head -1)
EXISTING_HOST_JSON=$(echo "$HOSTS_ARRAY" | jq -c '.[] | select(.domain_names[]? == "dapp.d-bis.org")' 2>/dev/null | head -1)
if [ -n "$EXISTING_ID" ] && [ "$EXISTING_ID" != "null" ]; then
  PRESERVED_CERTIFICATE_ID=$(printf '%s' "$EXISTING_HOST_JSON" | jq -c '.certificate_id // null' 2>/dev/null || echo "null")
  PRESERVED_SSL_FORCED=$(printf '%s' "$EXISTING_HOST_JSON" | jq -c '.ssl_forced // false' 2>/dev/null || echo "false")
  BODY=$(jq -n --arg domain "dapp.d-bis.org" --arg host "$DAPP_IP" --argjson port 80 --argjson certificate_id "$PRESERVED_CERTIFICATE_ID" --argjson ssl_forced "$PRESERVED_SSL_FORCED" \
    '{domain_names:[$domain],forward_scheme:"http",forward_host:$host,forward_port:$port,allow_websocket_upgrade:true,block_exploits:false,certificate_id:$certificate_id,ssl_forced:$ssl_forced}')
  resp=$(curl -sk -X PUT "$NPM_URL/api/nginx/proxy-hosts/$EXISTING_ID" -H "Authorization: Bearer $TOKEN" -H "Content-Type: application/json" -d "$BODY")
  id=$(echo "$resp" | jq -r '.id // empty')
  if [ -n "$id" ] && [ "$id" != "null" ]; then
    echo "Updated: dapp.d-bis.org -> $DAPP_IP:80"
    exit 0
  fi
  echo "$resp" | jq . 2>/dev/null
  exit 1
fi
BODY=$(jq -n --arg domain "dapp.d-bis.org" --arg host "$DAPP_IP" --argjson port 80 \
  '{domain_names:[$domain],forward_scheme:"http",forward_host:$host,forward_port:$port,allow_websocket_upgrade:true,block_exploits:false,certificate_id:null,ssl_forced:false}')
resp=$(curl -sk -X POST "$NPM_URL/api/nginx/proxy-hosts" -H "Authorization: Bearer $TOKEN" -H "Content-Type: application/json" -d "$BODY")
id=$(echo "$resp" | jq -r '.id // empty')
if [ -n "$id" ]; then echo "Added: dapp.d-bis.org -> $DAPP_IP:80"; else echo "$resp" | jq . 2>/dev/null; exit 1; fi
echo "Request SSL in NPMplus UI for dapp.d-bis.org and enable Force SSL if this is a new host."