dhruv/local_dns_version_2
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

first commit

Browse Source
This commit is contained in:
dhruv
2025-11-16 22:33:39 +05:30
parent 56d3f945fd
commit 10616673e7
1 changed files with 37 additions and 48 deletions
Download Patch File Download Diff File Expand all files Collapse all files

85
2_append_more_with_hot_reload_at_runtime.sh Executable file → Normal file
View File

@@ -1,69 +1,56 @@
#!/usr/bin/env bash #!/usr/bin/env bash
set -Eeuo pipefail set -Eeuo pipefail
# --- config you can tweak --- # --- tweak here ---
CONF="/etc/nginx/sites-available/lan-proxy.conf" CONF="/etc/nginx/sites-available/lan-proxy.conf"
PROXY_IP="192.168.1.202" # Nginx box LAN IP PROXY_IP="192.168.1.202" # Nginx box LAN IP
ID_BACKEND="192.168.1.202:21118" # id.generalinfinity.cloud target ID_BACKEND="192.168.1.202:21118" # id.generalinfinity.cloud
RELAY_BACKEND="192.168.1.202:21119" # relay.generalinfinity.cloud target RELAY_BACKEND="192.168.1.202:21119" # relay.generalinfinity.cloud
# ---------------------------- GITEA_BACKEND="192.168.1.203:3100" # github.generalinfinity.cloud (HTTP only)
# -------------------
STAMP="$(date +%F-%H%M%S)" STAMP="$(date +%F-%H%M%S)"
sudo install -d /etc/nginx/sites-available /etc/nginx/sites-enabled sudo install -d /etc/nginx/sites-available /etc/nginx/sites-enabled
sudo touch "$CONF" sudo touch "$CONF"
# backup
sudo cp -a "$CONF" "${CONF}.bak-${STAMP}" sudo cp -a "$CONF" "${CONF}.bak-${STAMP}"
# append id.generalinfinity.cloud if missing # 1) Disable any existing SSL lines (keep them but comment out)
if ! sudo grep -q 'server_name id.generalinfinity.cloud' "$CONF"; then sudo sed -i \
sudo tee -a "$CONF" >/dev/null <<EOF -e 's/^\s*listen\s\+443\(.*\)$/# DISABLED_SSL &/I' \
-e 's/^\s*ssl_certificate_key\s\+.*$/# DISABLED_SSL &/I' \
-e 's/^\s*ssl_certificate\s\+.*$/# DISABLED_SSL &/I' \
-e 's/^\s*ssl_protocols\s\+.*$/# DISABLED_SSL &/I' \
"$CONF"
append_http_block() {
local name="$1" backend="$2"
if ! sudo grep -q "server_name[[:space:]]\+$name" "$CONF" || ! sudo grep -q "listen 80" "$CONF"; then
sudo tee -a "$CONF" >/dev/null <<EOF
server { server {
listen 443 ssl; listen 80;
server_name id.generalinfinity.cloud; server_name $name;
ssl_certificate /etc/nginx/local.crt;
ssl_certificate_key /etc/nginx/local.key;
location / { location / {
proxy_pass http://$ID_BACKEND; proxy_pass http://$backend;
proxy_set_header Host \$host; proxy_set_header Host \$host;
proxy_set_header X-Real-IP \$remote_addr; proxy_set_header X-Real-IP \$remote_addr;
proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto \$scheme;
proxy_set_header Upgrade \$http_upgrade; proxy_set_header Upgrade \$http_upgrade;
proxy_set_header Connection "upgrade"; proxy_set_header Connection "upgrade";
} }
} }
EOF EOF
fi fi
# append relay.generalinfinity.cloud if missing
if ! sudo grep -q 'server_name relay.generalinfinity.cloud' "$CONF"; then
sudo tee -a "$CONF" >/dev/null <<EOF
server {
listen 443 ssl;
server_name relay.generalinfinity.cloud;
ssl_certificate /etc/nginx/local.crt;
ssl_certificate_key /etc/nginx/local.key;
location / {
proxy_pass http://$RELAY_BACKEND;
proxy_set_header Host \$host;
proxy_set_header X-Real-IP \$remote_addr;
proxy_set_header Upgrade \$http_upgrade;
proxy_set_header Connection "upgrade";
}
} }
EOF
fi
# refresh self-signed cert to include ALL hostnames (SAN) # 2) Ensure HTTP-only vhosts exist
sudo openssl req -x509 -nodes -newkey rsa:2048 \ append_http_block "id.generalinfinity.cloud" "$ID_BACKEND"
-keyout /etc/nginx/local.key -out /etc/nginx/local.crt -days 365 \ append_http_block "relay.generalinfinity.cloud" "$RELAY_BACKEND"
-subj "/CN=github.generalinfinity.cloud" \ append_http_block "github.generalinfinity.cloud" "$GITEA_BACKEND"
-addext "subjectAltName=DNS:github.generalinfinity.cloud,DNS:call.generalinfinity.cloud,DNS:id.generalinfinity.cloud,DNS:relay.generalinfinity.cloud" \
>/dev/null 2>&1
# validate and hot-reload (zero downtime) # 3) Enable site & hot-reload
sudo ln -sf "$CONF" /etc/nginx/sites-enabled/lan-proxy.conf
if sudo nginx -t; then if sudo nginx -t; then
sudo systemctl reload nginx sudo systemctl reload nginx
else else
@@ -72,12 +59,14 @@ else
exit 1 exit 1
fi fi
# ensure local name resolution to the proxy # 4) Ensure local DNS → proxy (HTTP only)
grep -q 'id.generalinfinity.cloud' /etc/hosts || echo "$PROXY_IP id.generalinfinity.cloud" | sudo tee -a /etc/hosts grep -q 'id.generalinfinity.cloud' /etc/hosts || echo "$PROXY_IP id.generalinfinity.cloud" | sudo tee -a /etc/hosts
grep -q 'relay.generalinfinity.cloud' /etc/hosts || echo "$PROXY_IP relay.generalinfinity.cloud" | sudo tee -a /etc/hosts grep -q 'relay.generalinfinity.cloud' /etc/hosts || echo "$PROXY_IP relay.generalinfinity.cloud" | sudo tee -a /etc/hosts
grep -q 'github.generalinfinity.cloud' /etc/hosts|| echo "$PROXY_IP github.generalinfinity.cloud"| sudo tee -a /etc/hosts
# quick tests (ignore trust; use -k) # 5) Quick tests (HTTP only)
curl -kI https://id.generalinfinity.cloud || true curl -I http://id.generalinfinity.cloud || true
curl -kI https://relay.generalinfinity.cloud || true curl -I http://relay.generalinfinity.cloud || true
curl -I http://github.generalinfinity.cloud || true
echo "✅ Done. Nginx reloaded without interruption." echo "✅ HTTP-only vhosts active. No SSL/certs used."