Testing removing LOGFILE
parent
0177c4e9e8
commit
29cf89a5b6
|
@ -18,10 +18,10 @@ fi & if ! [ -f "${CONFIG_FILE}" ]; then
|
|||
fi
|
||||
source "${CONFIG_FILE}"
|
||||
if ! [ -f "${SERVERS_FILE}" ]; then
|
||||
printf 'ERROR! %s could not find %s!\n' "${0}" "${SERVERS_FILE}" >>"${LOGFILE}"
|
||||
printf 'ERROR! %s could not find %s!\n' "${0}" "${SERVERS_FILE}" >&2
|
||||
"${LIB_DIR}/http_res" 500; exit
|
||||
fi & if ! [ -f "${TOKENS_FILE}" ]; then
|
||||
printf 'ERROR! %s could not find %s!\n' "${0}" "${TOKENS_FILE}" >>"${LOGFILE}"
|
||||
printf 'ERROR! %s could not find %s!\n' "${0}" "${TOKENS_FILE}" >&2
|
||||
"${LIB_DIR}/http_res" 500; exit
|
||||
fi
|
||||
ip="${1}"
|
||||
|
@ -29,33 +29,33 @@ qs="$(<<<"${2}" tr '&' '\n' | sed 's/?//')"
|
|||
|
||||
# Check hostname
|
||||
hostname="$(<<<"${qs}" grep -oP 'name=(.*)' | sed 's/^name//' | xargs | tr -dc 'a-z0-9' | head -c10)"
|
||||
printf '%s requested new peer with hostname %s\n' "${ip}" "${hostname}" >>"${LOGFILE}"
|
||||
printf '%s requested new peer with hostname %s\n' "${ip}" "${hostname}" >&2
|
||||
if ! [[ ${#hostname} -ge 3 ]]; then
|
||||
printf 'Rejecting hostname %s because it is too short.\n' "${hostname}" >>"${LOGFILE}"
|
||||
printf 'Rejecting hostname %s because it is too short.\n' "${hostname}" >&2
|
||||
printf 'Hostname too short\n' | "${LIB_DIR}/http_res" 400; exit
|
||||
fi
|
||||
|
||||
# Check token
|
||||
token_fail(){
|
||||
printf 'Rejecting %s request for new peer due to %s token\n' "${ip}" "${1}" >>"${LOGFILE}"
|
||||
printf 'Rejecting %s request for new peer due to %s token\n' "${ip}" "${1}" >&2
|
||||
printf 'Invalid token\n' | "${LIB_DIR}/http_res" 403; exit
|
||||
}
|
||||
saved_token="$(grep "${ip}" "${TOKENS_FILE}" | cut -f2)"
|
||||
[ "${saved_token}" == "" ] && token_fail 'missing' &
|
||||
<<<"${qs}" grep -qx "t=${saved_token}" || token_fail 'mismatched'
|
||||
printf '%s token was valid\n' "${ip}" >>"${LOGFILE}"
|
||||
printf '%s token was valid\n' "${ip}" >&2
|
||||
|
||||
# Check user
|
||||
username="$("${LIB_DIR}/ns_lookup_rdns" "${ip}" | cut -d'.' -f2)" || (
|
||||
printf 'User domains not found for %s\n' "${ip}" >>"${LOGFILE}"
|
||||
printf 'User domains not found for %s\n' "${ip}" >&2
|
||||
"${LIB_DIR}/http_res" 500; exit
|
||||
)
|
||||
printf '%s identified as %s\n' "${ip}" "${username}" >>"${LOGFILE}"
|
||||
printf '%s identified as %s\n' "${ip}" "${username}" >&2
|
||||
domain="${hostname}.${username}.${TLD}"
|
||||
|
||||
# Check if new peer already exists
|
||||
if "${LIB_DIR}/ns_lookup_send" "${domain}" >/dev/null; then
|
||||
printf '%s.%s.%s already exists!\n' "${hostname}" "${username}" "${TLD}" >>"${LOGFILE}"
|
||||
printf '%s.%s.%s already exists!\n' "${hostname}" "${username}" "${TLD}" >&2
|
||||
printf 'Hostname %s already exists!\n' "${hostname}" | "${LIB_DIR}/http_res" 409; exit
|
||||
fi
|
||||
|
||||
|
@ -65,27 +65,27 @@ printf 'New domain will be %s\n' "${domain}" >&2
|
|||
|
||||
# Get peer IP list
|
||||
if ! wg_output="$(sudo /usr/bin/wg show "${TLD}" allowed-ips)"; then
|
||||
printf 'ERROR! Wireguard failed!\n' >>"${LOGFILE}"
|
||||
printf 'ERROR! Wireguard failed!\n' >&2
|
||||
"${LIB_DIR}/http_res" 500; exit
|
||||
fi
|
||||
|
||||
# Filter out this user's
|
||||
user_peers="$(grep "${ip%[.:]*}" <<<"${wg_output}" 2>/dev/null)"
|
||||
if [ "${user_peers}" == "" ]; then
|
||||
printf "ERROR! %s accessed the dashboard but isn't on the network!\n" "${ip}" >>"${LOGFILE}"
|
||||
printf "ERROR! %s accessed the dashboard but isn't on the network!\n" "${ip}" >&2
|
||||
"${LIB_DIR}/http_res" 500; exit
|
||||
fi
|
||||
|
||||
# Get domains
|
||||
if ! peers="$("${LIB_DIR}/ips_to_peers" tsv <<<"${user_peers}")"; then
|
||||
printf 'ERROR! Failed to parse peers for %s!\n' "${ip}" >>"${LOGFILE}"
|
||||
printf 'ERROR! Failed to parse peers for %s!\n' "${ip}" >&2
|
||||
"${LIB_DIR}/http_res" 500; exit
|
||||
fi
|
||||
|
||||
# Make sure hostname isn't taken
|
||||
hostnames="$(<<<"${peers}" awk '{print $1}' | cut -d'.' -f1)"
|
||||
if <<<"${hostnames}" grep -x "${hostname}"; then
|
||||
printf 'User %s already has a host named %s!\n' "${username}" "${hostname}" >>"${LOGFILE}"
|
||||
printf 'User %s already has a host named %s!\n' "${username}" "${hostname}" >&2
|
||||
"${LIB_DIR}/http_res" 500; exit
|
||||
fi
|
||||
|
||||
|
@ -100,9 +100,8 @@ hostnumber=1; while <<<"${used_hostnumbers}" grep -q "${hostnumber}"
|
|||
done
|
||||
ipv4="${IPV4_NET%.*.*}.${usernumber}.${hostnumber}"
|
||||
ipv6="${IPV6_NET%:*:*}:${usernumber}:${hostnumber}"
|
||||
if ! printf 'IP addresses for %s created: %s %s\n' "${domain:?}" "${ipv4:?}" "${ipv6:?}" \
|
||||
>>"${LOGFILE}"; then
|
||||
printf 'ERROR! Failed to create IP addresses for %s!' "${domain}" >>"${LOGFILE}"
|
||||
if ! printf 'IP addresses for %s created: %s %s\n' "${domain:?}" "${ipv4:?}" "${ipv6:?}" >&2; then
|
||||
printf 'ERROR! Failed to create IP addresses for %s!' "${domain}" >&2
|
||||
"${LIB_DIR}/http_res" 500; exit
|
||||
fi
|
||||
|
||||
|
@ -113,14 +112,14 @@ address="${ipv4}/${IPV4_NET##*/},${ipv6}/${IPV6_NET##*/}"
|
|||
|
||||
# Update nameserver
|
||||
if "${LIB_DIR}/ns_update_add" "${domain:?}" "${ipv4:?}" "${ipv6:?}"
|
||||
then printf 'Successfully added %s to DNS server.\n' "${domain}" >>"${LOGFILE}"
|
||||
else printf 'ERROR! Failed to add %s %s %s to DNS server!\n' "${domain}" "${ipv4}" "${ipv6}" >>"${LOGFILE}"
|
||||
then printf 'Successfully added %s to DNS server.\n' "${domain}" >&2
|
||||
else printf 'ERROR! Failed to add %s %s %s to DNS server!\n' "${domain}" "${ipv4}" "${ipv6}" >&2
|
||||
fi &
|
||||
|
||||
# Create SSL cert
|
||||
if "${LIB_DIR}/ssl_peer_add" "${hostname:?}" "${username:?}" "IP:${ipv4},IP:${ipv6}"
|
||||
then printf 'Successfully signed SSL certs for %s\n' "${domain}" >>"${LOGFILE}"
|
||||
else printf 'ERROR! Failed to create certs for %s with IPS: %s %s!\n' "${domain}" "${ipv4}" "${ipv6}" >>"${LOGFILE}"
|
||||
then printf 'Successfully signed SSL certs for %s\n' "${domain}" >&2
|
||||
else printf 'ERROR! Failed to create certs for %s with IPS: %s %s!\n' "${domain}" "${ipv4}" "${ipv6}" >&2
|
||||
fi
|
||||
|
||||
# Do the wireguard and tell the user
|
||||
|
@ -133,9 +132,9 @@ while IFS=$'\t' read -r server_hostname server_ipv4 server_ipv6 server_pubkey se
|
|||
server_blocks="${server_blocks}\n[Peer] # ${server_hostname}.${TLD}\nPublicKey=${server_pubkey}\nPresharedKey=${server_psk}\nAllowedIPs=${server_ipv4}/${IPV4_NET#*/},${server_ipv6}/${IPV6_NET#*/}\nEndpoint=${server_endpoint}\n"
|
||||
# Add new user to local wireguard
|
||||
if "${LIB_DIR}/wg_peer_add" "${pubkey}" "${server_psk}" "${ipv4}/32,${ipv6}/128"; then
|
||||
printf 'Added %s to local wireguard server.\n' "${domain}" >>"${LOGFILE}"
|
||||
printf 'Added %s to local wireguard server.\n' "${domain}" >&2
|
||||
else
|
||||
printf 'ERROR! Failed to add %s to local wireguard server!\n' "${domain}" >>"${LOGFILE}"
|
||||
printf 'ERROR! Failed to add %s to local wireguard server!\n' "${domain}" >&2
|
||||
"${LIB_DIR}/http_res" 500; exit
|
||||
fi
|
||||
# Remote server
|
||||
|
@ -143,9 +142,9 @@ while IFS=$'\t' read -r server_hostname server_ipv4 server_ipv6 server_pubkey se
|
|||
server_blocks="${server_blocks}\n[Peer] # ${server_hostname}.${TLD}\nPublicKey=${server_pubkey}\nPresharedKey=${server_psk}\nAllowedIPs=${server_ipv4}/32,${server_ipv6}/128\nEndpoint=${server_endpoint}\n"
|
||||
# Send new user config to federated server
|
||||
if "${LIB_DIR}/fed_peer_add" "${server_admin}" "${pubkey}" "${server_psk}" "${ipv4}/32,${ipv6}/128" "${server_secret}"; then
|
||||
printf 'Sent %s to remote wireguard server %s.\n' "${domain}" "${server_hostname}" >>"${LOGFILE}"
|
||||
printf 'Sent %s to remote wireguard server %s.\n' "${domain}" "${server_hostname}" >&2
|
||||
else
|
||||
printf 'ERROR! Failed to send %s to remote wireguard server %s!\n' "${domain}" "${server_hostname}" >>"${LOGFILE}"
|
||||
printf 'ERROR! Failed to send %s to remote wireguard server %s!\n' "${domain}" "${server_hostname}" >&2
|
||||
fi
|
||||
fi
|
||||
done <"${SERVERS_FILE}"
|
||||
|
|
|
@ -20,7 +20,7 @@ services:
|
|||
volumes:
|
||||
- '/etc/ssl/private:/etc/ssl/private'
|
||||
- './etc:/etc/wgapi:ro'
|
||||
- '/var/log/wgapi:/var/log/wgapi'
|
||||
- '/var/log/wgapi:/var/log/apache2/error.log'
|
||||
|
||||
dashboard-frontend:
|
||||
build:
|
||||
|
@ -42,7 +42,7 @@ services:
|
|||
network_mode: host
|
||||
container_name: wgapi-admin-backend
|
||||
volumes:
|
||||
- '/var/log/wgapi:/var/log/wgapi'
|
||||
- '/var/log/wgapi:/var/log/apache2/error.log'
|
||||
- '/etc/ssl/private:/etc/ssl/private'
|
||||
- './etc:/etc/wgapi:ro'
|
||||
|
||||
|
@ -66,4 +66,4 @@ services:
|
|||
network_mode: host
|
||||
container_name: wgapi-fed-backend
|
||||
volumes:
|
||||
- '/var/log/wgapi:/var/log/wgapi'
|
||||
- '/var/log/wgapi:/var/log/apache2/error.log'
|
||||
|
|
Loading…
Reference in New Issue