From 10616673e7e56780fc548288dc35d4cb2a453e9b Mon Sep 17 00:00:00 2001
From: dhruv <yuvrajyuvrajkukreja@gmail.com>
Date: Sun, 16 Nov 2025 22:33:39 +0530
Subject: [PATCH] first commit

---
 2_append_more_with_hot_reload_at_runtime.sh | 85 +++++++++------------
 1 file changed, 37 insertions(+), 48 deletions(-)
 mode change 100755 => 100644 2_append_more_with_hot_reload_at_runtime.sh

diff --git a/2_append_more_with_hot_reload_at_runtime.sh b/2_append_more_with_hot_reload_at_runtime.sh
old mode 100755
new mode 100644
index 0164ecb..1688f4b
--- a/2_append_more_with_hot_reload_at_runtime.sh
+++ b/2_append_more_with_hot_reload_at_runtime.sh
@@ -1,69 +1,56 @@
 #!/usr/bin/env bash
 set -Eeuo pipefail
 
-# --- config you can tweak ---
+# --- tweak here ---
 CONF="/etc/nginx/sites-available/lan-proxy.conf"
-PROXY_IP="192.168.1.202"          # Nginx box LAN IP
-ID_BACKEND="192.168.1.202:21118"  # id.generalinfinity.cloud target
-RELAY_BACKEND="192.168.1.202:21119" # relay.generalinfinity.cloud target
-# ----------------------------
+PROXY_IP="192.168.1.202"                 # Nginx box LAN IP
+ID_BACKEND="192.168.1.202:21118"         # id.generalinfinity.cloud
+RELAY_BACKEND="192.168.1.202:21119"      # relay.generalinfinity.cloud
+GITEA_BACKEND="192.168.1.203:3100"       # github.generalinfinity.cloud (HTTP only)
+# -------------------
 
 STAMP="$(date +%F-%H%M%S)"
-
 sudo install -d /etc/nginx/sites-available /etc/nginx/sites-enabled
 sudo touch "$CONF"
-
-# backup
 sudo cp -a "$CONF" "${CONF}.bak-${STAMP}"
 
-# append id.generalinfinity.cloud if missing
-if ! sudo grep -q 'server_name id.generalinfinity.cloud' "$CONF"; then
-  sudo tee -a "$CONF" >/dev/null <<EOF
+# 1) Disable any existing SSL lines (keep them but comment out)
+sudo sed -i \
+  -e 's/^\s*listen\s\+443\(.*\)$/# DISABLED_SSL &/I' \
+  -e 's/^\s*ssl_certificate_key\s\+.*$/# DISABLED_SSL &/I' \
+  -e 's/^\s*ssl_certificate\s\+.*$/# DISABLED_SSL &/I' \
+  -e 's/^\s*ssl_protocols\s\+.*$/# DISABLED_SSL &/I' \
+  "$CONF"
+
+append_http_block() {
+  local name="$1" backend="$2"
+  if ! sudo grep -q "server_name[[:space:]]\+$name" "$CONF" || ! sudo grep -q "listen 80" "$CONF"; then
+    sudo tee -a "$CONF" >/dev/null <<EOF
 server {
-  listen 443 ssl;
-  server_name id.generalinfinity.cloud;
-  ssl_certificate /etc/nginx/local.crt;
-  ssl_certificate_key /etc/nginx/local.key;
+  listen 80;
+  server_name $name;
 
   location / {
-    proxy_pass http://$ID_BACKEND;
+    proxy_pass http://$backend;
     proxy_set_header Host \$host;
     proxy_set_header X-Real-IP \$remote_addr;
+    proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
+    proxy_set_header X-Forwarded-Proto \$scheme;
     proxy_set_header Upgrade \$http_upgrade;
     proxy_set_header Connection "upgrade";
   }
 }
 EOF
-fi
-
-# append relay.generalinfinity.cloud if missing
-if ! sudo grep -q 'server_name relay.generalinfinity.cloud' "$CONF"; then
-  sudo tee -a "$CONF" >/dev/null <<EOF
-server {
-  listen 443 ssl;
-  server_name relay.generalinfinity.cloud;
-  ssl_certificate /etc/nginx/local.crt;
-  ssl_certificate_key /etc/nginx/local.key;
-
-  location / {
-    proxy_pass http://$RELAY_BACKEND;
-    proxy_set_header Host \$host;
-    proxy_set_header X-Real-IP \$remote_addr;
-    proxy_set_header Upgrade \$http_upgrade;
-    proxy_set_header Connection "upgrade";
-  }
+  fi
 }
-EOF
-fi
 
-# refresh self-signed cert to include ALL hostnames (SAN)
-sudo openssl req -x509 -nodes -newkey rsa:2048 \
-  -keyout /etc/nginx/local.key -out /etc/nginx/local.crt -days 365 \
-  -subj "/CN=github.generalinfinity.cloud" \
-  -addext "subjectAltName=DNS:github.generalinfinity.cloud,DNS:call.generalinfinity.cloud,DNS:id.generalinfinity.cloud,DNS:relay.generalinfinity.cloud" \
-  >/dev/null 2>&1
+# 2) Ensure HTTP-only vhosts exist
+append_http_block "id.generalinfinity.cloud"     "$ID_BACKEND"
+append_http_block "relay.generalinfinity.cloud"  "$RELAY_BACKEND"
+append_http_block "github.generalinfinity.cloud" "$GITEA_BACKEND"
 
-# validate and hot-reload (zero downtime)
+# 3) Enable site & hot-reload
+sudo ln -sf "$CONF" /etc/nginx/sites-enabled/lan-proxy.conf
 if sudo nginx -t; then
   sudo systemctl reload nginx
 else
@@ -72,12 +59,14 @@ else
   exit 1
 fi
 
-# ensure local name resolution to the proxy
+# 4) Ensure local DNS → proxy (HTTP only)
 grep -q 'id.generalinfinity.cloud' /etc/hosts    || echo "$PROXY_IP id.generalinfinity.cloud"    | sudo tee -a /etc/hosts
 grep -q 'relay.generalinfinity.cloud' /etc/hosts || echo "$PROXY_IP relay.generalinfinity.cloud" | sudo tee -a /etc/hosts
+grep -q 'github.generalinfinity.cloud' /etc/hosts|| echo "$PROXY_IP github.generalinfinity.cloud"| sudo tee -a /etc/hosts
 
-# quick tests (ignore trust; use -k)
-curl -kI https://id.generalinfinity.cloud    || true
-curl -kI https://relay.generalinfinity.cloud || true
+# 5) Quick tests (HTTP only)
+curl -I http://id.generalinfinity.cloud    || true
+curl -I http://relay.generalinfinity.cloud || true
+curl -I http://github.generalinfinity.cloud || true
 
-echo "✅ Done. Nginx reloaded without interruption."
+echo "✅ HTTP-only vhosts active. No SSL/certs used."