first commit

2_append_more_with_hot_reload_at_runtime.sh

@@ -1,72 +1,94 @@
 #!/usr/bin/env bash
 set -Eeuo pipefail
 
-# --- tweak here ---
-CONF="/etc/nginx/sites-available/lan-proxy.conf"
-PROXY_IP="192.168.1.202"                 # Nginx box LAN IP
-ID_BACKEND="192.168.1.202:21118"         # id.generalinfinity.cloud
-RELAY_BACKEND="192.168.1.202:21119"      # relay.generalinfinity.cloud
-GITEA_BACKEND="192.168.1.203:3100"       # github.generalinfinity.cloud (HTTP only)
-# -------------------
+# Detect this proxy’s IP (override with: PROXY_IP_OVERRIDE=1.2.3.4 ./fix.sh)
+PROXY_IP="${PROXY_IP_OVERRIDE:-$(hostname -I | awk '{print $1}')}"
+BACKEND_IP="${BACKEND_IP:-192.168.1.202}"      # where hbbs/hbbr run
+GITEA_BACKEND="192.168.1.203:3100"
 
-STAMP="$(date +%F-%H%M%S)"
-sudo install -d /etc/nginx/sites-available /etc/nginx/sites-enabled
-sudo touch "$CONF"
-sudo cp -a "$CONF" "${CONF}.bak-${STAMP}"
+# RustDesk ports
+ID_TCP1=21115; ID_TCP2=21116; ID_UDP=21116; RELAY_TCP=21117
+ID_TCP_CUSTOM=21118; RELAY_TCP_CUSTOM=21119
 
-# 1) Disable any existing SSL lines (keep them but comment out)
-sudo sed -i \
-  -e 's/^\s*listen\s\+443\(.*\)$/# DISABLED_SSL &/I' \
-  -e 's/^\s*ssl_certificate_key\s\+.*$/# DISABLED_SSL &/I' \
-  -e 's/^\s*ssl_certificate\s\+.*$/# DISABLED_SSL &/I' \
-  -e 's/^\s*ssl_protocols\s\+.*$/# DISABLED_SSL &/I' \
-  "$CONF"
+NGX_MAIN="/etc/nginx/nginx.conf"
+SITES_AVAIL="/etc/nginx/sites-available"
+SITES_EN="/etc/nginx/sites-enabled"
+STREAMS_EN="/etc/nginx/streams-enabled"
+HTTP_FILE="$SITES_AVAIL/lan-proxy-web.conf"
+STREAM_FILE="$STREAMS_EN/rustdesk.conf"
 
-append_http_block() {
-  local name="$1" backend="$2"
-  if ! sudo grep -q "server_name[[:space:]]\+$name" "$CONF" || ! sudo grep -q "listen 80" "$CONF"; then
-    sudo tee -a "$CONF" >/dev/null <<EOF
+sudo install -d "$SITES_AVAIL" "$SITES_EN" "$STREAMS_EN"
+
+echo "==> 0) Clean up duplicate stream module + bad stream blocks"
+sudo cp -a "$NGX_MAIN" "$NGX_MAIN.bak.$(date +%s)"
+
+# Remove any manual load_module line; Ubuntu loads it via /etc/nginx/modules-enabled/*
+sudo sed -i '/ngx_stream_module\.so/d' "$NGX_MAIN"
+
+# Remove any stray stream{} blocks, then add a single clean one at top level
+sudo sed -i '/^\s*stream\s*{/,/^\s*}\s*$/d' "$NGX_MAIN"
+printf '\nstream {\n    include /etc/nginx/streams-enabled/*;\n}\n' | \
+  sudo tee -a "$NGX_MAIN" >/dev/null
+
+echo "==> 1) Replace broken HTTP site with a clean file"
+sudo rm -f "$SITES_EN/lan-proxy.conf" 2>/dev/null || true
+sudo tee "$HTTP_FILE" >/dev/null <<EOF
 server {
   listen 80;
-  server_name $name;
-
+  server_name github.generalinfinity.cloud;
   location / {
-    proxy_pass http://$backend;
+    proxy_pass http://$GITEA_BACKEND;
     proxy_set_header Host \$host;
     proxy_set_header X-Real-IP \$remote_addr;
     proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
     proxy_set_header X-Forwarded-Proto \$scheme;
-    proxy_set_header Upgrade \$http_upgrade;
-    proxy_set_header Connection "upgrade";
   }
 }
+# Optional landing so hitting RustDesk names over HTTP doesn't 404
+server {
+  listen 80;
+  server_name id.generalinfinity.cloud relay.generalinfinity.cloud;
+  return 200 "RustDesk uses TCP/UDP ports, not HTTP.\n";
+}
 EOF
-  fi
-}
+sudo ln -sf "$HTTP_FILE" "$SITES_EN/lan-proxy-web.conf"
 
-# 2) Ensure HTTP-only vhosts exist
-append_http_block "id.generalinfinity.cloud"     "$ID_BACKEND"
-append_http_block "relay.generalinfinity.cloud"  "$RELAY_BACKEND"
-append_http_block "github.generalinfinity.cloud" "$GITEA_BACKEND"
+echo "==> 2) Create proper L4 proxies for RustDesk under stream/"
+sudo tee "$STREAM_FILE" >/dev/null <<EOF
+# hbbs (ID)
+server { listen ${ID_TCP1};              proxy_pass ${BACKEND_IP}:${ID_TCP1};              proxy_timeout 10m; }
+server { listen ${ID_TCP2};              proxy_pass ${BACKEND_IP}:${ID_TCP2};              proxy_timeout 10m; }
+server { listen ${ID_UDP} udp reuseport; proxy_pass ${BACKEND_IP}:${ID_UDP};               proxy_timeout 10m; }
+# hbbr (relay)
+server { listen ${RELAY_TCP};            proxy_pass ${BACKEND_IP}:${RELAY_TCP};            proxy_timeout 10m; }
+# custom extras you used before
+server { listen ${ID_TCP_CUSTOM};        proxy_pass ${BACKEND_IP}:${ID_TCP_CUSTOM};        proxy_timeout 10m; }
+server { listen ${RELAY_TCP_CUSTOM};     proxy_pass ${BACKEND_IP}:${RELAY_TCP_CUSTOM};     proxy_timeout 10m; }
+EOF
 
-# 3) Enable site & hot-reload
-sudo ln -sf "$CONF" /etc/nginx/sites-enabled/lan-proxy.conf
-if sudo nginx -t; then
-  sudo systemctl reload nginx
-else
-  echo "❌ nginx test failed; restoring backup"
-  sudo mv "${CONF}.bak-${STAMP}" "$CONF"
-  exit 1
-fi
+echo "==> 3) Open firewall (one rule per port)"
+sudo ufw allow ${ID_TCP1}/tcp   || true
+sudo ufw allow ${ID_TCP2}/tcp   || true
+sudo ufw allow ${RELAY_TCP}/tcp || true
+sudo ufw allow ${ID_TCP_CUSTOM}/tcp   || true
+sudo ufw allow ${RELAY_TCP_CUSTOM}/tcp|| true
+sudo ufw allow ${ID_UDP}/udp    || true
+sudo ufw allow "Nginx Full"     || true
 
-# 4) Ensure local DNS → proxy (HTTP only)
-grep -q 'id.generalinfinity.cloud' /etc/hosts    || echo "$PROXY_IP id.generalinfinity.cloud"    | sudo tee -a /etc/hosts
-grep -q 'relay.generalinfinity.cloud' /etc/hosts || echo "$PROXY_IP relay.generalinfinity.cloud" | sudo tee -a /etc/hosts
-grep -q 'github.generalinfinity.cloud' /etc/hosts|| echo "$PROXY_IP github.generalinfinity.cloud"| sudo tee -a /etc/hosts
+echo "==> 4) Ensure DNS on THIS box points to THIS proxy"
+for h in id.generalinfinity.cloud relay.generalinfinity.cloud github.generalinfinity.cloud; do
+  grep -q " $h" /etc/hosts || echo "$PROXY_IP $h" | sudo tee -a /etc/hosts >/dev/null
+done
+echo "PROXY_IP=$PROXY_IP  BACKEND_IP=$BACKEND_IP"
 
-# 5) Quick tests (HTTP only)
-curl -I http://id.generalinfinity.cloud    || true
-curl -I http://relay.generalinfinity.cloud || true
-curl -I http://github.generalinfinity.cloud || true
+echo "==> 5) Validate & reload"
+sudo nginx -t && sudo systemctl reload nginx
 
-echo "✅ HTTP-only vhosts active. No SSL/certs used."
+echo "==> 6) Quick tests"
+command -v nc >/dev/null || sudo apt-get install -y netcat-openbsd >/dev/null
+nc -vz "$PROXY_IP" ${ID_TCP2}            || true
+nc -vz "$PROXY_IP" ${RELAY_TCP}          || true
+nc -uvz "$PROXY_IP" ${ID_UDP}            || true
+curl -I -H "Host: github.generalinfinity.cloud" "http://$PROXY_IP/" | sed -n '1,5p' || true
+
+echo "✅ Fixed: single stream block, no duplicate module load, HTTP site clean, RustDesk L4 in place."