Run certificate check in the background during Nginx config creation

Allow domain configuration deletion in Nginx script
Update basic authentication messages in Nginx configuration script
2025-07-31 11:48:01 +02:00 · 2025-05-26 12:29:33 +02:00 · 2025-04-21 10:33:00 +02:00 · 2025-04-21 09:42:47 +02:00 · 2025-04-15 09:29:42 +02:00 · 2025-04-15 08:31:25 +02:00
22 changed files with 1405 additions and 417 deletions
--- a/.drone.yml
+++ b/.drone.yml
@@ -0,0 +1,50 @@
+kind: pipeline
+type: kubernetes
+name: default
+
+node_selector:
+  physical-node: dev2
+
+trigger:
+  branch:
+    - master
+  event:
+    - push
+workspace:
+  path: /drone/src
+
+steps:
+  - name: build multiarch proxy-scheduler
+    image: docker.io/owncloudci/drone-docker-buildx:4
+    privileged: true
+    environment:
+      BUILDKIT_NO_HTTP2: "1" 
+    settings:
+      cache-from: [ "registry.dev.format.hu/proxy-scheduler" ]
+      registry: registry.dev.format.hu
+      repo: registry.dev.format.hu/proxy-scheduler
+      tags: latest
+      dockerfile: Dockerfile
+      username:
+        from_secret: dev-hu-registry-username
+      password: 
+        from_secret: dev-hu-registry-password
+      platforms:
+        - linux/amd64
+        - linux/arm64
+    
+  - name: pull image to dockerhub
+    image: docker.io/owncloudci/drone-docker-buildx:4
+    privileged: true
+    settings:
+      cache-from: [ "safebox/proxy-scheduler" ]
+      repo: safebox/proxy-scheduler
+      tags: latest
+      username:
+        from_secret: dockerhub-username
+      password: 
+        from_secret: dockerhub-password
+      platforms:
+        - linux/amd64
+        - linux/arm64
+        
--- a/5
+++ b/5
@@ -1,5 +1,6 @@
-FROM proxy-scheduler:latest
-
+FROM alpine
+RUN apk add --update --no-cache docker-cli inotify-tools openssl jq curl ca-certificates busybox-extras
 COPY scripts /scripts
+COPY firewall-letsencrypt.json /firewall-files/

 ENTRYPOINT ["/scripts/scheduler.sh"]
--- a/README.md
+++ b/README.md
@@ -0,0 +1,22 @@
+The proxy-scheduler is an file change intendent solution to control proxy services via docker containers (at the moment).
+
+It has two parts, one for loadbalancer service which it is necessary for a backend proxy solution.
+
+All the proxy services needed the proxy.json configuration file with proper content.
+
+The proxy-scheduler use inotify kernel solution to watch changes and execute action in the proxy processes at all.
+
+The proxy scheduler use Let's Encrypt service to certifying domains
+
+## PROXY.JSON keys explanation ##
+
+The proxy.json file must be filled in almost, exept two cases:
+1. "PROXY_TYPE" must be filled when the loadbalancer service use Haproxy applications in the backend (the configuration generating is another)
+2. "LETSENCRYPT_SERVICE_NAME": if it is empty, self signed certificates will made only
+
+| KEY| VALUE|
+|-|-|
+| DOCKER_REGISTRY_URL| Docker image pathes, not mandatory|
+| PROXY_TYPE| Filled as "haproxy" when it is a public loadbalancer|
+| LETSENCRYPT_URL| Path for letsencrypt service image|
+| LETSENCRYPT_SERVICE_NAME| Let's encrypt service name| 
--- a/domain.sample
+++ b/domain.sample
@@ -0,0 +1,29 @@
+{
+"DEBUG": "true",
+"DOMAIN": "same_name_as_the_file",
+"ALIASES_HTTP": [ ],
+"ALIASES_HTTPS": [ ],
+"LOCAL_IP": "mandatory_IP",
+"HTTP_PORT": "",
+"HTTPS_PORT": "mandatory",
+"ERROR_PAGE": "",
+"REDIRECT_HTTP": "",
+"REDIRECT_HTTPS": "",
+"MAX_BODY_SIZE": "if_not_set_it_will_be_unlimited",
+"ALLOWED_NETWORK": [ "IP/subnet_if_not_32", "IP/subnet_if_not_32" ],
+"ALTERNATE_LOCATION_PATH":         
+	{
+        "LOCAL_PATH": "",
+        "LOCAL_IP": "mandatory_if_path_exists",
+        "LOCAL_PORT": "default_80_if_empty",
+	"LOCAL_ALLOWED_NETWORK": [ "IP/subnet_if_not_32", "IP/subnet_if_not_32" ]
+        },
+        {
+        "LOCAL_PATH": "",
+        "LOCAL_IP": "mandatory_if_path_exists",
+        "LOCAL_PORT": "default_80_if_empty",
+	"LOCAL_ALLOWED_NETWORK": [ "IP/subnet_if_not_32", "IP/subnet_if_not_32" ]
+        }
+	]
+
+}
--- a/firewall-letsencrypt.json
+++ b/firewall-letsencrypt.json
@@ -0,0 +1,70 @@
+{
+    "main": {
+        "SERVICE_NAME": "firewalls",
+        "DOMAIN": "null"
+    },
+    "containers": [
+        {
+            "IMAGE": "safebox/firewall",
+            "NAME": "firewall",
+            "MEMORY": "64M",
+            "NETWORK": "host",
+            "SCALE": "0",
+            "VOLUMES": [
+                {
+                    "SOURCE": "/run/",
+                    "DEST": "/run/",
+                    "TYPE": "rw"
+                },
+                {
+                    "SOURCE": "/etc/user/config/services",
+                    "DEST": "/services",
+                    "TYPE": "ro"
+                },
+                {
+                    "SOURCE": "/etc/system/data/dns/hosts.local",
+                    "DEST": "/etc/dns/hosts.local",
+                    "TYPE": "ro"
+                }
+            ],
+            "PORTS": [],
+            "READYNESS": [
+                {
+                    "tcp": ""
+                },
+                {
+                    "HTTP": ""
+                },
+                {
+                    "EXEC": "/ready.sh"
+                }
+            ],
+            "ENVS": [
+                {
+                    "CHAIN": "DOCKER-USER"
+                },
+                {
+                    "SOURCE": "smarthostloadbalancer"
+                },
+                {
+                    "TARGET": "letsencrypt"
+                },
+                {
+                    "TYPE": "tcp"
+                },
+                {
+                    "TARGET_PORT": "80"
+                },
+                {
+                    "COMMENT": "letsencrypt"
+                }
+            ],
+            "EXTRA": "--privileged --rm",
+            "DEPEND": "null",
+            "START_ON_BOOT": "false",
+            "CMD": "null",
+            "PRE_START": "null",
+            "POST_START": "null"
+        }
+    ]
+}
--- a/letsencrypt.json
+++ b/letsencrypt.json
@@ -0,0 +1,64 @@
+{
+    "main": {
+        "SERVICE_NAME": "letsencrypt",
+        "DOMAIN": "null"
+    },
+    "networks": [
+        {
+            "NAME": "letsencrypt",
+            "DRIVER": "bridge",
+            "SUBNET": "172.18.254.0/24",
+            "RANGE": "172.18.254.0/24",
+            "GATEWAY": "172.18.254.1"
+        }
+    ],
+    "containers": [
+        {
+            "IMAGE": "safebox/letsencrypt",
+            "NAME": "letsencrypt",
+            "MEMORY": "64M",
+            "IP": "172.18.254.254",
+            "NETWORK": "letsencrypt",
+            "VOLUMES": [
+                {
+                    "SOURCE": "/etc/system/data/ssl/keys/",
+                    "DEST": "/acme.sh/",
+                    "TYPE": "rw"
+                },
+                {
+                    "SOURCE": "SHARED",
+                    "DEST": "/var/tmp/shared",
+                    "TYPE": "rw"
+                },
+                {
+                    "SOURCE": "/etc/user/config/domains",
+                    "DEST": "/domains",
+                    "TYPE": "ro"
+                }
+            ],
+            "PORTS": [],
+            "ENV_FILES": [
+                "/etc/user/config/user.json"
+            ],
+            "READYNESS": [
+                {
+                    "tcp": ""
+                },
+                {
+                    "HTTP": ""
+                },
+                {
+                    "EXEC": "/ready.sh"
+                }
+            ],
+            "EXTRA": "",
+            "DEPEND": "null",
+            "START_ON_BOOT": "false",
+            "CMD": "null",
+            "PRE_START": "null",
+            "POST_START": [
+                "firewall-letsencrypt"
+            ]
+        }
+    ]
+}
--- a/proxy-scheduler.json
+++ b/proxy-scheduler.json
@@ -1,81 +1,82 @@
 {
-        "main": {
-                "SERVICE_NAME": "proxy-scheduler",
-                "DOMAIN": "null"
-        },
-        "networks": [
+    "main": {
+        "SERVICE_NAME": "proxy-scheduler",
+        "DOMAIN": "null"
+    },
+    "containers": [
+        {
+            "IMAGE": "safebox/proxy-scheduler:latest",
+            "NAME": "proxy_scheduler",
+            "MEMORY": "64M",
+            "IP": "null",
+            "NETWORK": "host",
+            "VOLUMES": [
                {
-                        "NAME": "null",
-                        "DRIVER": "null",
-                        "SUBNET": "null",
-                        "RANGE": "null",
-                        "GATEWAY": "null"
-                }
-        ],
-        "containers": [
+                    "SOURCE": "SHARED",
+                    "DEST": "/var/tmp/shared",
+                    "TYPE": "rw"
+                },
                {
-                        "IMAGE": "registry.format.hu/proxy-scheduler:latest",
-                        "NAME": "proxy_scheduler-ifhiwhhg",
-                        "MEMORY": "64M",
-                        "IP": "null",
-                        "NETWORK": "host",
-                        "VOLUMES": [
-                                {
-                                "SOURCE": "/etc/user/config/domains",
-                                "DEST": "/domains",
-                                "TYPE": "ro"
-                                },
-                                {
-                                "SOURCE": "/tmp/keys",
-                                "DEST": "/keys",
-                                "TYPE": "ro"
-                                },
-                                {
-                                "SOURCE": "/etc/system/config/public-proxy/nginx",
-                                "DEST": "/proxy_config",
-                                "TYPE": "rw"
-                                },
-                                {
-                                "SOURCE": "/etc/user/config/services/public-proxy.json",
-                                "DEST": "/public-proxy.json",
-                                "TYPE": "ro"
-                                },
-                                {
-                                "SOURCE": "/etc/ssl/certs",
-                                "DEST": "/etc/ssl/certs",
-                                "TYPE": "ro"
-                                },
-                                {
-                                "SOURCE": "/var/run/docker.sock",
-                                "DEST": "/var/run/docker.sock",
-                                "TYPE": "rw"
-                                },
-                                {
-                                "SOURCE": "/usr/bin/docker",
-                                "DEST": "/usr/bin/docker",
-                                "TYPE": "ro"
-                                },
-                                {
-                                "SOURCE": "/home/gyurix/proxy-scheduler/scripts/scheduler.sh",
-                                "DEST": "/scripts/scheduler.sh",
-                                "TYPE": "ro"
-                                }
-                                ],
-                        "PORTS": [ ],
-                        "READYNESS": [
-                                {"tcp": ""},
-                                {"HTTP": ""},
-                                {"EXEC": "/ready.sh"}
-                                ],
-                        "ENVS": [
-				 ],
-			"ENV_FILES": [ "/etc/system/config/proxy.json" ],
-                        "EXTRA": "null",
-                        "DEPEND": "null",
-                        "START_ON_BOOT": "true",
-                        "CMD": "null",
-                        "PRE_START": "null",
-                        "POST_START": "null"
+                    "SOURCE": "/etc/user/config/services",
+                    "DEST": "/etc/user/config/services",
+                    "TYPE": "rw"
+                },
+                {
+                    "SOURCE": "/etc/user/config/domains",
+                    "DEST": "/domains",
+                    "TYPE": "ro"
+                },
+                {
+                    "SOURCE": "/etc/system/data/ssl/keys",
+                    "DEST": "/keys",
+                    "TYPE": "rw"
+                },
+                {
+                    "SOURCE": "/etc/system/data/ssl/certs/",
+                    "DEST": "/etc/ssl/certs/",
+                    "TYPE": "ro"
+                },
+                {
+                    "SOURCE": "/etc/system/config/public-proxy/nginx",
+                    "DEST": "/proxy_config",
+                    "TYPE": "rw"
+                },
+                {
+                    "SOURCE": "/etc/user/config/services/public-proxy.json",
+                    "DEST": "/public-proxy.json",
+                    "TYPE": "ro"
+                },
+                {
+                    "SOURCE": "/var/run/docker.sock",
+                    "DEST": "/var/run/docker.sock",
+                    "TYPE": "rw"
                }
-        ]
+            ],
+            "PORTS": [],
+            "READYNESS": [
+                {
+                    "tcp": ""
+                },
+                {
+                    "HTTP": ""
+                },
+                {
+                    "EXEC": "/ready.sh"
+                }
+            ],
+            "ENVS": [],
+            "ENV_FILES": [
+                "/etc/system/config/proxy.json"
+            ],
+            "EXTRA": "null",
+            "DEPEND": [
+                "public-proxy.networks.loadbalancer",
+                "public-proxy.containers.loadbalancer-27dhuwdh"
+            ],
+            "START_ON_BOOT": "true",
+            "CMD": "null",
+            "PRE_START": "null",
+            "POST_START": "null"
+        }
+    ]
 }
--- a/proxy.json
+++ b/proxy.json
@@ -1,35 +1,49 @@
 {
-	"firewall_loadbalancer_wireguard_prerouting": {
-		"NAME": "wireguard_proxy_client",
-		"PREROUTING": "true",
-		"TARGET_IP": "172.18.100.2",
-		"TYPE": "tcp",
-		"SOURCE_PORT_1": "80",
-		"SOURCE_PORT_2": "443",
-		"TARGET_PORT_1": "80",
-		"TARGET_PORT_2": "443",
-		"COMMENT": "edeg3e98"
-		},
-	"firewall_loadbalancer_wireguard_postrouting": {
-		"NAME": "wireguard_proxy_client",
-		"POSTROUTING": "true",
-		"TARGET_IP": "172.18.100.0",
-		"TARGET_PORT_1": "80",
-		"TARGET_PORT_2": "443",
-		"TYPE": "tcp",
-		"COMMENT": "edeg3e98"
-		},
-	"proxy_scheduler": {
-		"DOCKER_REGISTRY_URL": "registry.format.hu",
-		"PROXY_TYPE": "",
-		"LETSENCRYPT_URL": "letsencrypt.org",
-		"CERT_DIR": "/keys",
-		"DOMAIN_DIR": "/domains",
-		"PROXY_SERVICE_FILE": "public-proxy.json",
-		"PROXY_CONFIG_DIR": "/proxy_config",
-		"TIMEOUT": "5",
-		"RESTART": "3",
-		"ROLE": "backend-proxy",
-		"SERVICE_NAME": "public-proxy"
-		}
+    "firewall_loadbalancer_wireguard_prerouting": {
+        "NAME": "wireguard_proxy_client",
+        "PREROUTING": "true",
+        "TARGET_IP": "172.18.100.2",
+        "TYPE": "tcp",
+        "SOURCE_PORT_1": "80",
+        "SOURCE_PORT_2": "443",
+        "TARGET_PORT_1": "80",
+        "TARGET_PORT_2": "443",
+        "COMMENT": "edeg3e98"
+    },
+    "firewall_loadbalancer_wireguard_postrouting": {
+        "NAME": "wireguard_proxy_client",
+        "POSTROUTING": "true",
+        "TARGET_IP": "172.18.100.0",
+        "TARGET_PORT_1": "80",
+        "TARGET_PORT_2": "443",
+        "TYPE": "tcp",
+        "COMMENT": "edeg3e98"
+    },
+    "proxy_scheduler": {
+        "DOCKER_REGISTRY_URL": "safebox",
+        "CERT_DIR": "/keys",
+        "DOMAIN_DIR": "/domains",
+        "PROXY_SERVICE_FILE": "public-proxy.json",
+        "PROXY_CONFIG_DIR": "/proxy_config",
+        "PROXY_TYPE": "haproxy",
+        "TIMEOUT": "5",
+        "RESTART": "10",
+        "ROLE": "backend-proxy",
+        "SERVICE_NAME": "public-proxy"
+    },
+    "proxy_scheduler_local": {
+        "DOCKER_REGISTRY_URL": "safebox",
+        "PROXY_TYPE": "",
+        "GENERATE_CERTIFICATE": "true",
+        "LETSENCRYPT_URL": "letsencrypt.org",
+        "LETSENCRYPT_SERVICE_NAME": "letsencrypt.json",
+        "CERT_DIR": "/keys",
+        "DOMAIN_DIR": "/domains",
+        "PROXY_SERVICE_FILE": "public-proxy.json",
+        "PROXY_CONFIG_DIR": "/proxy_config",
+        "TIMEOUT": "5",
+        "RESTART": "3",
+        "ROLE": "backend-proxy",
+        "SERVICE_NAME": "public-proxy"
+    }
 }
--- a/scripts/awk
+++ b/scripts/awk
@@ -0,0 +1 @@
+awk '/-----BEGIN CERTIFICATE-----/ {show=1} /-----END CERTIFICATE-----/ {show=1} show {print}' keys/$ovpn.crt >> result
--- a/scripts/check_certificates.sh
+++ b/scripts/check_certificates.sh
@@ -2,76 +2,218 @@

 # Set env variables

-	DOCKER_REGISTRY_URL=$DOCKER_REGISTRY_URL
-	LETSENCRYPT_URL=$LETSENCRYPT_URL
-	DOMAIN_DIR=$DOMAIN_DIR
-	DOMAIN=$1
-	DOMAIN_CERT_DIR=$CERT_DIR/$DOMAIN
+SERVICE_FILES=$SERVICE_FILES
+GENERATE_CERTIFICATE=$GENERATE_CERTIFICATE
+DOCKER_REGISTRY_URL=$DOCKER_REGISTRY_URL
+LETSENCRYPT_URL=$LETSENCRYPT_URL
+LETSENCRYPT_SERVICE_NAME=$LETSENCRYPT_SERVICE_NAME
+CERT_DIR=$CERT_DIR
+DOMAIN_DIR=$DOMAIN_DIR
+DOMAIN=$1
+DOMAIN_CERT_DIR=$CERT_DIR/$DOMAIN
+TIMEOUT=$TIMEOUT
+RESTART=$RESTART
+
+SETUP_VERSION=${SETUP_VERSION:-latest}
+LOG_DIR=/var/tmp/shared/output
+LOG_FILE=$LOG_DIR/letsencrypt.txt
+LETSENCRYPT_OUTPUT=$LOG_DIR/letsencrypt.json
+DATE=$(date +"%Y-%m-%d-%H-%M")
+
+create_json() {
+
+    if [ ! -f $LETSENCRYPT_OUTPUT ]; then
+        install -m 664 -g 65534 /dev/null $LETSENCRYPT_OUTPUT
+        echo '{}' >$LETSENCRYPT_OUTPUT
+    fi
+
+    TMP_FILE=$(mktemp)
+    jq '
+      if . == null or . == [] then 
+        {"'$DOMAIN'":{"date": "'$DATE'", "status": "'$STATUS'", "log": "'$LOG'"}}
+    else 
+      . + {"'$DOMAIN'": {"date": "'$DATE'", "status": "'$STATUS'", "log": "'$LOG'"}}
+      end
+    ' $LETSENCRYPT_OUTPUT >$TMP_FILE
+    cat $TMP_FILE >$LETSENCRYPT_OUTPUT
+    rm $TMP_FILE
+}
+
+# Setting service files path
+if [ "$SERVICE_FILES" == "" ]; then
+    SERVICE_FILES=/etc/user/config/services
+fi
+
+if [ "$SOURCE" == "" ]; then
+    SOURCE=/etc/user/config
+fi

 # Setup docker registry url path
-
-if [[ ! -n "$DOCKER_REGISTRY_URL" && "$DOCKER_REGISTRY_URL" != "null" ]] ; then
-	SETUP="'/setup'";
+if [[ -n "$DOCKER_REGISTRY_URL" && "$DOCKER_REGISTRY_URL" != "null" ]]; then
+    SETUP="/setup"
 else
-	SETUP="setup";
-	DOCKER_REGISTRY_URL="";
+    SETUP="setup"
+    DOCKER_REGISTRY_URL=""
+fi
+
+if [ "$SETUP_VERSION" == "latest" ]; then
+    VOLUME_MOUNTS="
+--mount src=SYSTEM_DATA,dst=/etc/ssl/certs,volume-subpath=ssl/certs,ro \
+--mount src=SYSTEM_DATA,dst=/etc/dns/hosts.local,volume-subpath=dns/hosts.local,ro \
+--mount src=USER_CONFIG,dst=/services,volume-subpath=services/tmp \
+--mount src=USER_CONFIG,dst=/etc/user/config/system.json,volume-subpath=system.json,ro \
+--mount src=USER_CONFIG,dst=/etc/user/config/user.json,volume-subpath=user.json,ro \
+"
+else
+    VOLUME_MOUNTS="
+ -v /etc/system/data/dns:/etc/dns:rw \
+ -v /etc/ssl/certs:/etc/ssl/certs:ro \
+ -v /etc/user/config/user.json:/etc/user/config/user.json:ro \
+ -v /etc/user/config/system.json:/etc/user/config/system.json:ro \
+ -v /etc/user/config/services/:/services/:ro \
+ -v /etc/user/config/services/tmp:/services/tmp:rw \
+"
 fi

 service_exec="docker run --rm \
- -v /etc/user/config/user.json:/etc/user/config/user.json:ro \
- -v /etc/user/config/services/:/services/:ro \
- -v /var/run/docker.sock:/var/run/docker.sock \
- -v /usr/bin/docker:/usr/bin/docker:ro $DOCKER_REGISTRY_URL$SETUP /scripts/service-exec"
+-w /services/ \
+$VOLUME_MOUNTS
+-v /var/run/docker.sock:/var/run/docker.sock \
+--env DOCKER_REGISTRY_URL=$DOCKER_REGISTRY_URL \
+$DOCKER_REGISTRY_URL$SETUP:$SETUP_VERSION"

 letsencrypt_certificates() {

-	local RUNNING_CONTAINERS;
+    #cd /

-	cd /
+    for retries in $(seq 0 $((RESTART + 1))); do
+        if [[ $retries -le $RESTART ]]; then

-	# Check services with running containers by roles
-	for CONTAINER in $(jq -r --arg ROLE $ROLE '.containers[] | select(.ROLES==$ROLE)' /$PROXY_SERVICE_FILE | jq -r .NAME) ; do
-		UP=$(docker ps | grep $CONTAINER | grep Up | wc -l)
-		RUNNING_CONTAINERS=$((RUNNING_CONTAINERS + UP))
-	done;
+            LETS_ENCRYPT_VALUE="$(docker ps | grep letsencrypt | grep Up | wc -l)"
+            if [[ $LETS_ENCRYPT_VALUE -eq 0 ]]; then
+                echo "Starting letsencrypt process"
+                mkdir -p $SERVICE_FILES/tmp/tmp
+                cp -av /firewall-files/firewall-letsencrypt.json $SERVICE_FILES/tmp/
+                LETSENCRYPT_TEMP_SERVICE_FILE=$(mktemp -p $SERVICE_FILES/tmp/)
+                ENVS='[                                                              
+                                        {"DOMAIN": "'$DOMAIN'"},                                     
+                                        {"TIMEOUT": "'$TIMEOUT'"},                                   
+                                        {"RESTART": "'$RESTART'"}                                    
+                                ]'
+                VOLUMES='                                                            
+                                        {                                                            
+                                                "SOURCE": "/etc/user/config/user.json",              
+                                                "DEST": "/etc/user/config/user.json",                
+                                                "TYPE": "ro"                                         
+                                        }                                                            
+                                '
+                jq '.containers[0].ENVS |='"$ENVS"' | .containers[0].VOLUMES[.containers[0].VOLUMES|length]|='"$VOLUMES" $SERVICE_FILES/$LETSENCRYPT_SERVICE_NAME >$LETSENCRYPT_TEMP_SERVICE_FILE.json
+                $service_exec $(basename $LETSENCRYPT_TEMP_SERVICE_FILE) start info prechecked
+                rm -v $SERVICE_FILES/tmp/firewall-letsencrypt.json
+                break
+            else
+                echo "Waiting "$TIMEOUT" second for previous letsencrypt process ending"
+                sleep $TIMEOUT

-	# In case of no running proxies found, try to start the service
-	if [[ "$RUNNING_CONTAINERS" -eq 0 ]] ; then 
-		echo "No running proxies found, create self signed cetificate";
-		create_self_signed_certificate;
-	fi;
+                echo "Not reached number of restart limit: "$RESTART" sleep "$TIMEOUT" and try again to start lets encrypt process."
+            fi
+        else
+            echo "Reached retrying limit: "$RESTART" ,giving up to start lets encrypt process, try self sign the certificate"
+        fi
+
+    done

-	$service_exec /services/letsencrypt.json start
 }

 create_self_signed_certificate() {

-# generate key
-openssl req -x509 -newkey rsa:4096 -keyout $DOMAIN_CERT_DIR/key.pem -out $DOMAIN_CERT_DIR/cert.pem -days 365 -sha256 -nodes -subj "/CN=$DOMAIN";
-cp -a $DOMAIN_CERT_DIR/cert.pem $DOMAIN_CERT_DIR/fullchain.pem;
+    # Check any certificate exists
+
+    if [[ ! -f $DOMAIN_CERT_DIR/key.pem && ! -f $DOMAIN_CERT_DIR/fullchain.pem && ! -f $DOMAIN_CERT_DIR/cert.pem ]]; then
+
+        # generate key
+        echo "No any certificates found, generate self signed"
+        openssl req -x509 -newkey rsa:4096 -keyout $DOMAIN_CERT_DIR/key.pem -out $DOMAIN_CERT_DIR/cert.pem -days 365 -sha256 -nodes -subj "/CN=$DOMAIN"
+        cp -a $DOMAIN_CERT_DIR/cert.pem $DOMAIN_CERT_DIR/fullchain.pem
+
+    fi

 }

 if [ ! -d "$DOMAIN_CERT_DIR" ]; then
-	echo "$DOMAIN not contains certificates, creates new."
-	mkdir -p $DOMAIN_CERT_DIR;
+    echo "$DOMAIN not contains certificates, creates new."
+    mkdir -p $DOMAIN_CERT_DIR
 fi

 if [ ! -f "$DOMAIN_CERT_DIR/dhparam.pem" ]; then
-	# generate dhparam file
-	openssl dhparam -dsaparam -out $DOMAIN_CERT_DIR/dhparam.pem 4096; 
+    # generate dhparam file
+    openssl dhparam -dsaparam -out $DOMAIN_CERT_DIR/dhparam.pem 4096
+    create_self_signed_certificate
+
+    PROXY_NAMES=""
+    # Check services with running containers by roles
+    for CONTAINER in $(jq -r --arg ROLE $ROLE '.containers[] | select(.ROLES==$ROLE)' /$PROXY_SERVICE_FILE | jq -r .NAME); do
+        PROXY_NAMES=$PROXY_NAMES" "$CONTAINER
+    done
+
+    for NAME in $(echo $PROXY_NAMES); do
+        RUNNING_CONTAINER=$(docker ps | grep $NAME | grep Up)
+        if [ "$RUNNING_CONTAINER" != "" ]; then
+            echo "Restarting $NAME"
+            docker restart $NAME
+        else
+            echo "Starting $NAME"
+            docker start $NAME
+        fi
+        docker ps | grep $NAME
+    done
+
 fi

-CURL_CHECK="curl -s -o /dev/null -w "%{http_code}" https://$LETSENCRYPT_URL";
+if [ "$GENERATE_CERTIFICATE" == "true" ] && [ "$DOMAIN" != "localhost" ]; then
+
+    CURL_CHECK="curl -s -o /dev/null -w "%{http_code}" https://$LETSENCRYPT_URL"
+
+    if [[ "$(eval $CURL_CHECK)" == "200" ]]; then
+
+        file="$DOMAIN_CERT_DIR/letsencrypt"
+        {
+            echo "{ \"DOMAIN\": \"$DOMAIN\" }"
+        } >>"$file"
+
+        if [ ! -f $LETSENCRYPT_OUTPUT ]; then
+            install -m 664 -g 65534 /dev/null $LETSENCRYPT_OUTPUT
+            echo '{}' >$LETSENCRYPT_OUTPUT
+        fi
+        DOMAIN_CHECK="curl -s -o /dev/null -w "%{http_code}" http://$DOMAIN"
+        if [[ "$(eval $DOMAIN_CHECK)" == "200" || "$(eval $DOMAIN_CHECK)" == "301" ]]; then
+            echo "DOMAIN CHECK: $(eval $DOMAIN_CHECK)"
+            letsencrypt_certificates
+            echo "Started letsencrypt for domain: $DOMAIN first time"
+        else
+            echo "Not starting letsencrypt, waiting $TIMEOUT seconds"
+            for retries in $(seq 0 $((RESTART + 1))); do
+                if [[ $retries -le $RESTART ]]; then
+                    sleep $TIMEOUT
+                    echo "Starting letsencrypt process again"
+                    if [[ "$(eval $DOMAIN_CHECK)" == "200" || "$(eval $DOMAIN_CHECK)" == "301" ]]; then
+                        echo "DOMAIN CHECK: $(eval $DOMAIN_CHECK)"
+                        letsencrypt_certificates
+                        echo "Started letsencrypt for domain: $DOMAIN second time"
+                        break
+                    else
+                        echo "Waiting "$TIMEOUT" second for starting proxies"
+                        sleep $TIMEOUT
+                        echo "Not reached number of restart limit: "$RESTART" sleep "$TIMEOUT" and try again to start lets encrypt process."
+                    fi
+                else
+                    LOG=$(echo "The domain '$DOMAIN' could not reachable. Reached retrying limit: '$RESTART', giving up to start lets encrypt process, try self sign the certificate" | base64 -w0)
+                    STATUS="failed"
+                    create_json $DOMAIN $STATUS "$LOG"
+                fi
+
+            done
+        fi
+    fi

-if [[ "$(eval $CURL_CHECK)" != "200" ]] ; then
-	create_self_signed_certificate;
-else
-	file="$DOMAIN_CERT_DIR/letsencrypt"
-	{
-	echo "{ \"DOMAIN\": \"$DOMAIN\" }"
-	} >> "$file"
-	letsencrypt_certificates;
 fi
-
-
--- a/scripts/check_proxy_state.sh
+++ b/scripts/check_proxy_state.sh
@@ -7,51 +7,116 @@ RESTART_COUNTER=0
 REGISTRY_URL=$DOCKER_REGISTRY_URL

 # Set env variables
-DOMAIN="$1"
+FILENAME="$1"
+DOMAIN_DIR=$DOMAIN_DIR
+if [ -f $DOMAIN_DIR"/"$FILENAME ]; then
+	DOMAIN=$(jq -r .DOMAIN $DOMAIN_DIR"/"$FILENAME)
+else
+	# in case of CERT_DIR
+	DOMAIN=$FILENAME
+fi;
 PROXY_SERVICE_FILE=$PROXY_SERVICE_FILE
 ROLE=$ROLE
 SERVICE_NAME=$SERVICE_NAME
 PROXY_CONFIG_DIR=$PROXY_CONFIG_DIR

+SETUP_VERSION=${SETUP_VERSION:-latest};
+
 # Setup docker registry url path

-if [[ $REGISTRY_URL != "" ]] || [[ $REGISTRY_URL != "null" ]] ; then
-        SETUP="/setup";
+if [[ -n "$DOCKER_REGISTRY_URL" && "$DOCKER_REGISTRY_URL" != "null" ]] ; then
+	SETUP="/setup";
 else
+	SETUP="setup";
+	DOCKER_REGISTRY_URL="";
+fi
+# SPECIAL MOUNTS CHEKING

-        echo "Docker registry URL not defined in configuration";
-	exit;
+DNS_DIR=$DNS_DIR
+if [ "$DNS_DIR" == "" ] ; then
+        DNS_DIR="/etc/system/data/dns";
+else
+        DNS="--env DNS_DIR=$DNS_DIR";
+        DNS_PATH="--volume $DNS_DIR:/etc/dns:rw";
 fi

-service_exec="docker run --rm -v /etc/user/config/services/:/services/:ro -v /var/run/docker.sock:/var/run/docker.sock -v /usr/bin/docker:/usr/bin/docker:ro $REGISTRY_URL$SETUP /scripts/service-exec"
+USER_INIT_PATH=$USER_INIT_PATH
+
+if [ "$USER_INIT_PATH" == "" ]; then
+        USER_INIT_PATH=/etc/user/config;
+else
+        USER_ENV="--env $USER_INIT_PATH=/etc/user/config";
+        USER_PATH="--volume $USER_INIT_PATH:/etc/user/config:ro";
+fi
+
+# Setting service files path
+
+SERVICE_FILES=$SERVICE_FILES
+
+if [ "$SERVICE_FILES" == "" ]; then
+        SERVICE_FILES=/etc/user/config/services
+fi
+
+CA_PATH=$CA_PATH
+if [ "$CA_PATH" == "" ]; then
+        CA_PATH=/etc/ssl/certs;
+else
+        CA="--env CA_PATH=$CA_PATH";
+        CA_FILE="--volume $CA_PATH:$CA_PATH:ro";
+fi
+
+
+service_exec="docker run --rm \
+ $DNS $DNS_PATH \
+ $CA $CA_FILE \
+ $USER_ENV $USER_PATH \
+ -w /services/ \
+ -v $SERVICE_FILES/:/services/:ro \
+ -v $SERVICE_FILES/tmp/:/services/tmp/:rw \
+ -w /services/ \
+ -v /etc/user/config/services/:/services/:ro \
+ -v /etc/user/config/services/tmp/:/services/tmp/:rw \
+ -v /var/run/docker.sock:/var/run/docker.sock \
+ --env DOCKER_REGISTRY_URL=$DOCKER_REGISTRY_URL \
+ $DOCKER_REGISTRY_URL$SETUP:$SETUP_VERSION"

 do_proxy_restart() { 

        local NAMES="$1"

-	for proxies in $NAMES ; do 
-		docker stop $proxies;
-		sleep $TIMEOUT;
-		$service_exec $SERVICE_NAME.containers.$proxies start
-		if docker ps | grep $proxies ; then
-			if [ -z "$DOMAIN" ] ; then
-				echo "$proxies restarted successful";
+
+	for PROXY_NAME in $NAMES ; do 
+		
+		DO_RESTART="true";
+		if [ "$FORCE_RESTART" != "true" ]; then
+			docker stop $PROXY_NAME;
+			docker start $PROXY_NAME;
+			sleep $TIMEOUT;
+			
+			if docker ps | grep $PROXY_NAME | grep Up ; then
+				echo "$PROXY_NAME restarted successful";
+				DO_RESTART="false";
 			fi
-		else 
-			PROXY_NAME=$proxies
+		fi
+		
+		if [ "$DO_RESTART" == "true" ]; then
 			for retries in $(seq 0 $((RESTART + 1))); do
 				if [[ $retries -le $RESTART ]] ; then
 					echo "Proxy "$PROXY_NAME" restarting in progress";
-					docker stop $PROXY_NAME;
-					sleep $TIMEOUT;
+					$service_exec $SERVICE_NAME.containers.$PROXY_NAME stop force;
+					
+					## finding network name for starting affected network
+					#NETWORK_NAME=$(jq -r --arg NAME $PROXY_NAME '.containers[] | select(.NAME==$NAME)' $PROXY_SERVICE_FILE | jq -r .NETWORK)
+					#$service_exec $SERVICE_NAME.networks.$NETWORK_NAME start
+					
 					$service_exec $SERVICE_NAME.containers.$PROXY_NAME start
-						if docker ps | grep $PROXY_NAME ; then
-							echo "$PROXY_NAME restarted successful";
-							break ;
-						else	
-							echo "Restarting number is only: "$retries" so try again"
-							sleep $TIMEOUT;
-						fi
+					sleep $TIMEOUT;
+					if docker ps | grep $PROXY_NAME | grep Up ; then
+						echo "$PROXY_NAME restarted successful";
+						break ;
+					else	
+						echo "Restarting number is only: "$retries" so try again"
+					fi
 				else
 					echo "Reached retrying limit: "$RESTART" ,giving up, starting recocer previous state"
 					recover_process;
@@ -59,20 +124,11 @@ do_proxy_restart() {
 			done
 		fi
 	done
-	
-	# in case of new proxy configuration generated needed to copy the domain name  to the configs file.then remove new_config flag.
-	if [[ -f $PROXY_CONFIG_DIR/new_config ]] ; then 
-		if [[ ! -f $PROXY_CONFIG_DIR/config || "$(grep $DOMAIN $PROXY_CONFIG_DIR/config 2>/dev/null)" == "" ]] ; then 
-			cat $PROXY_CONFIG_DIR/new_config >> $PROXY_CONFIG_DIR/config;
-		fi
-		
-		rm $PROXY_CONFIG_DIR/new_config;
-	fi
 }

 check_domain() {
 	echo "Checking $DOMAIN name";
-	CURL_CHECK="curl -s -o /dev/null -w "%{http_code}" https://$DOMAIN";
+	CURL_CHECK="curl -m 5 -s -o /dev/null -w "%{http_code}" https://$DOMAIN";
 	if [[ "$(eval $CURL_CHECK)" == "200" ]] ; then 
 		echo "$DOMAIN accessed successful";
 	else 
@@ -80,7 +136,15 @@ check_domain() {
 	fi
 }

-recover_process() { echo "Recovering previous state"
+recover_process() { 
+	echo "Recovering previous state";
+	rm $DOMAIN_DIR/$FILENAME;
+
+	echo "#############################################################################"
+	echo "########    DOMAIN    #####    $DOMAIN   ####   DELETED      ################"
+	echo "#############################################################################"
+	exit;
+		
 }

 send_error_msg () { echo "Sending error messages"
@@ -117,12 +181,11 @@ if [[ "$RUNNING_CONTAINERS" == "$CONTAINERS_BY_ROLE" || "$RUNNING_CONTAINERS" -g
 elif [[ "$RUNNING_CONTAINERS" -eq 0 ]] ; then 
 	echo "No running proxies found, starting all";
 	
-	$service_exec /services/$SERVICE_NAME.json stop;
-	$service_exec /services/$SERVICE_NAME.json start;
+	do_proxy_restart "$CONTAINERS";
 	
 	for proxies in $CONTAINERS ; do 

-		if docker ps | grep $proxies ; then
+		if docker ps | grep $proxies | grep Up; then
 			echo "$proxies started successful";
 		else 
 			echo "$proxies starting was unsuccesful";
@@ -140,7 +203,7 @@ elif [[ "$RUNNING_CONTAINERS" -eq 1 ]] ; then
 			
 			do_proxy_restart $proxies;
 			
-			if docker ps | grep $proxies ; then
+			if docker ps | grep $proxies | grep Up ; then
 				echo "$proxies started successful";
 			else 
 				echo "$proxies starting was unsuccesful";
@@ -155,7 +218,7 @@ elif [[ "$RUNNING_CONTAINERS" -eq 1 ]] ; then
 	# At last need to restart the only one running proxy when the others started successful.
 	for CHECK_PROXIES in $CONTAINERS ; do
 		if [[ $CHECK_PROXIES != $ONLY_RUNNING_PROXY_NAME ]] ; then
-			if docker ps | grep $CHECK_PROXIES ; then
+			if docker ps | grep $CHECK_PROXIES | grep Up ; then
 				echo "Not running proxies successfuly started, let's start the only running one.";
 				do_proxy_restart $ONLY_RUNNING_PROXY_NAME;
 			else
@@ -171,6 +234,16 @@ fi
 # call method
 check_proxy_state

+echo "PROXY RESTARTED SUCCESSFULY"
+# in case of new proxy configuration generated needed to copy the domain name  to the configs file.then remove new_config flag.
+if [[ -f $PROXY_CONFIG_DIR/new_config ]] ; then 
+	if [[ ! -f $PROXY_CONFIG_DIR/config || "$(grep $DOMAIN $PROXY_CONFIG_DIR/config 2>/dev/null)" == "" ]] ; then 
+		cat $PROXY_CONFIG_DIR/new_config >> $PROXY_CONFIG_DIR/config;
+	fi
+	
+	rm $PROXY_CONFIG_DIR/new_config;
+fi
+
 # At last check the previously settings of domain.
 check_domain

--- a/scripts/config_haproxy_create.sh
+++ b/scripts/config_haproxy_create.sh
@@ -1,7 +1,7 @@
 #!/bin/sh

 # Initial parameters
-DATE=`date +%F-%H-%M-%S`
+DATE=$(date +%F-%H-%M-%S)

 DOMAIN=$1

@@ -19,113 +19,162 @@ cp -a /scripts/haproxy_template.cfg $PROXY_CONFIG_DIR/haproxy.cfg

 {

-echo "frontend http
-";
+    echo "frontend http
+"

-cat "$global_http"
-echo 
+    cat "$global_http"
+    echo

-#echo "acl letsencrypt path_beg /.well-known/acme-challenge/";
+    #echo "acl letsencrypt path_beg /.well-known/acme-challenge/";

-echo 
+    echo

-for i in `ls $DOMAIN_DIR|cut -d / -f2` ;  do
+    for i in $(ls $DOMAIN_DIR | cut -d / -f2); do

-        if [[ "$(jq -r .REDIRECT_HTTPS $i)" != "" && "$(jq -r .HTTP_PORT $i)" != "" && "$(jq -r .DOMAIN $i)" != "letsencrypt" ]]
-        then    
-            echo "redirect prefix https://$(jq -r .REDIRECT_HTTPS $i) code 301 if { hdr(host) -i $(jq -r .DOMAIN $i) }";
+        DOMAIN_NAME=$(jq -r .DOMAIN $i)
+        if [[ "$(jq -r .REDIRECT_HTTPS $i)" != "" && "$(jq -r .HTTP_PORT $i)" != "" && "$DOMAIN_NAME" != "letsencrypt" ]]; then
+            echo "redirect prefix https://$(jq -r .REDIRECT_HTTPS $i) code 301 if { hdr(host) -i $DOMAIN_NAME }"
        fi
-done
-echo
+    done
+    echo

-for i in `ls $DOMAIN_DIR|cut -d / -f2` ;  do
+    for i in $(ls $DOMAIN_DIR | cut -d / -f2); do

-	if [[ "$(jq -r .DOMAIN $i)" != "" && "$(jq -r .HTTP_PORT $i)" != "" && "$(jq -r .DOMAIN $i)" != "letsencrypt" ]]
-	then
-		echo "acl $(jq -r .DOMAIN $i)_http hdr(host) -i $(jq -r .DOMAIN $i)";
-	fi
+        DOMAIN_NAME=$(jq -r .DOMAIN $i)
+        if [[ "$DOMAIN_NAME" != "" && "$(jq -r .HTTP_PORT $i)" != "" && "$DOMAIN_NAME" != "letsencrypt" ]]; then

-	if [[ "$(jq -r .DOMAIN $i)" != "letsencrypt"  && "$(jq -r .HTTP_PORT $i)" != "" && "$(jq -r .ALIASES_HTTP[] $i)" != "" ]]
-	then
-		ALIASES_LIST=$(jq -r .ALIASES_HTTP[] $i)
-		for ALIAS in $ALIASES_LIST
-		do
-		 	echo "acl $(jq -r .DOMAIN $i)_http hdr(host) -i $ALIAS";
-		done
-	fi
+            TLD="$(echo $DOMAIN_NAME | rev | cut -d '.' -f1 | rev)"
+            WILDCARD=$(echo $DOMAIN_NAME | grep '*')

-done
+            if [ "$WILDCARD" != "" ]; then
+                HOST=$(echo $DOMAIN_NAME | rev | cut -d '.' -f2- | rev | cut -d '.' -f2-)
+                echo "acl $HOST."$TLD"_http hdr(host) -m reg -i ^[^\.]+\."$HOST"\."$TLD"$"
+            else
+                echo "acl "$DOMAIN_NAME"_http hdr(host) -i $DOMAIN_NAME"
+            fi
+        fi

-echo 
+        if [[ "$DOMAIN_NAME" != "letsencrypt" && "$(jq -r .HTTP_PORT $i)" != "" && "$(jq -r .ALIASES_HTTP[] $i)" != "" ]]; then
+            ALIASES_LIST=$(jq -r .ALIASES_HTTP[] $i)
+            for ALIAS in $ALIASES_LIST; do
+                echo "acl "$DOMAIN_NAME"_http hdr(host) -i $ALIAS"
+            done
+        fi

-#echo "use_backend letsencrypt_http if letsencrypt"
+    done

-for i in `ls $DOMAIN_DIR|cut -d / -f2` ;  do
+    echo

-	if [[ "$(jq -r .DOMAIN $i)" != "" && "$(jq -r .HTTP_PORTS $i)" != "" && "$(jq -r .DOMAIN $i)" != "letsencrypt" ]]
-	then
-		echo "use_backend $(jq -r .DOMAIN $i)_http if $(jq -r .DOMAIN $i)_http"; 
-	fi
-done
+    #echo "use_backend letsencrypt_http if letsencrypt"

-echo
+    for i in $(ls $DOMAIN_DIR | cut -d / -f2); do

-for i in `ls $DOMAIN_DIR|cut -d / -f2` ;  do
+        DOMAIN_NAME=$(jq -r .DOMAIN $i)
+        TLD="$(echo $DOMAIN_NAME | rev | cut -d '.' -f1 | rev)"
+        WILDCARD=$(echo $DOMAIN_NAME | grep '*')

-      	if [[ "$(jq -r .DOMAIN $i)" != "" && "$(jq -r .HTTP_PORT $i)" != "" ]]
-      	then
-      		echo "backend $(jq -r .DOMAIN $i)_http";
-		echo "	mode http";
-		echo "	server $(jq -r .DOMAIN $i) $(jq -r .LOCAL_IP $i):$(jq -r .HTTP_PORT $i)";
-	fi
-done
+        if [[ "$DOMAIN_NAME" != "" && "$(jq -r .HTTP_PORT $i)" != "" && "$DOMAIN_NAME" != "letsencrypt" ]]; then
+            if [ "$WILDCARD" != "" ]; then
+                HOST=$(echo $DOMAIN_NAME | rev | cut -d '.' -f2- | rev | cut -d '.' -f2-)
+                echo "use_backend $HOST."$TLD"_http if $HOST."$TLD"_http"
+            else
+                echo "use_backend "$DOMAIN_NAME"_http if "$DOMAIN_NAME"_http"
+            fi
+        fi
+    done

-echo
+    echo

-echo "frontend https
-";
+    for i in $(ls $DOMAIN_DIR | cut -d / -f2); do

-cat "$global_https"
-echo 
+        DOMAIN_NAME=$(jq -r .DOMAIN $i)
+        TLD="$(echo $DOMAIN_NAME | rev | cut -d '.' -f1 | rev)"
+        WILDCARD=$(echo $DOMAIN_NAME | grep '*')

-for i in `ls $DOMAIN_DIR|cut -d / -f2` ;  do
+        if [[ "$DOMAIN_NAME" != "" && "$(jq -r .HTTP_PORT $i)" != "" ]]; then
+            if [ "$WILDCARD" != "" ]; then
+                HOST=$(echo $DOMAIN_NAME | rev | cut -d '.' -f2- | rev | cut -d '.' -f2-)
+                echo "backend $HOST."$TLD"_http"
+                echo " mode http"
+                echo " server $HOST.$TLD $(jq -r .LOCAL_NAME $i):$(jq -r .HTTP_PORT $i) send-proxy"
+            else
+                echo "backend "$DOMAIN_NAME"_http"
+                echo " mode http"
+                echo " server $DOMAIN_NAME $(jq -r .LOCAL_NAME $i):$(jq -r .HTTP_PORT $i) send-proxy"
+            fi
+        fi
+    done

-	if [[ "$(jq -r .DOMAIN $i)" != "" && "$(jq -r .HTTPS_PORT $i)" != "" && "$(jq -r .DOMAIN $i)" != "letsencrypt" ]]
-	then
-		echo "acl $(jq -r .DOMAIN $i)_https req_ssl_sni -i $(jq -r .DOMAIN $i)";
-	fi
-	if [[ "$(jq -r .HTTPS_PORT $i)" != "" && "$(jq -r .ALIASES_HTTPS[] $i)" != "" ]]
-	then
-		 ALIASES_LIST=$(jq -r .ALIASES_HTTPS[] $i)
-	         for ALIAS in $ALIASES_LIST
-	         do
-	                   echo "acl $(jq -r .DOMAIN $i)_https req_ssl_sni -i $ALIAS";
-	         done
-	 fi
-done
+    echo

-echo 
+    echo "frontend https"

-for i in `ls $DOMAIN_DIR|cut -d / -f2` ;  do
+    echo

-	if [[ "$(jq -r .DOMAIN $i)" != "" && "$(jq -r .HTTPS_PORT $i)" != "" && "$(jq -r .DOMAIN $i)" != "letsencrypt" ]]
-	then
-		echo "use_backend $(jq -r .DOMAIN $i)_https if $(jq -r .DOMAIN $i)_https"; 
-	fi
-done
+    cat "$global_https"
+    echo

-echo 
+    for i in $(ls $DOMAIN_DIR | cut -d / -f2); do
+        DOMAIN_NAME=$(jq -r .DOMAIN $i)
+        TLD="$(echo $DOMAIN_NAME | rev | cut -d '.' -f1 | rev)"
+        WILDCARD=$(echo $DOMAIN_NAME | grep '*')

-for i in `ls $DOMAIN_DIR|cut -d / -f2` ;  do
+        if [[ "$DOMAIN_NAME" != "" && "$(jq -r .HTTPS_PORT $i)" != "" && "$DOMAIN_NAME" != "letsencrypt" ]]; then

-      	if [[ "$(jq -r .DOMAIN $i)" != "" && "$(jq -r .HTTPS_PORT $i)" != "" && "$(jq -r .DOMAIN $i)" != "letsencrypt" ]]
-      	then
-      		echo "backend $(jq -r .DOMAIN $i)_https";
-		echo "	option ssl-hello-chk";
-		echo "	mode tcp";
-		echo "	server $(jq -r .DOMAIN $i) $(jq -r .LOCAL_IP $i):$(jq -r .HTTPS_PORT $i) check";
-	fi
-done
+            if [ "$WILDCARD" != "" ]; then
+                HOST=$(echo $DOMAIN_NAME | rev | cut -d '.' -f2- | rev | cut -d '.' -f2-)
+                echo "acl $HOST."$TLD"_https req_ssl_sni -i ^[^\.]+\.$HOST\."$TLD"$"
+            else
+                echo "acl "$DOMAIN_NAME"_https req_ssl_sni -i $DOMAIN_NAME"
+            fi
+        fi
+        if [[ "$(jq -r .HTTPS_PORT $i)" != "" && "$(jq -r .ALIASES_HTTPS[] $i)" != "" ]]; then
+            ALIASES_LIST=$(jq -r .ALIASES_HTTPS[] $i)
+            for ALIAS in $ALIASES_LIST; do
+                echo "acl $HOST."$TLD"_https req_ssl_sni -i $ALIAS"
+            done
+        fi
+    done

-} >> "$file";
-echo "$DOMAIN" >> $PROXY_CONFIG_DIR/new_config
+    echo
+
+    for i in $(ls $DOMAIN_DIR | cut -d / -f2); do
+        DOMAIN_NAME=$(jq -r .DOMAIN $i)
+        TLD="$(echo $DOMAIN_NAME | rev | cut -d '.' -f1 | rev)"
+        WILDCARD=$(echo $DOMAIN_NAME | grep '*')
+
+        if [[ "$DOMAIN_NAME" != "" && "$(jq -r .HTTPS_PORT $i)" != "" && "$DOMAIN_NAME" != "letsencrypt" ]]; then
+            if [ "$WILDCARD" != "" ]; then
+                HOST=$(echo $DOMAIN_NAME | rev | cut -d '.' -f2- | rev | cut -d '.' -f2-)
+                echo "use_backend $HOST."$TLD"_https if $HOST."$TLD"_https"
+            else
+                echo "use_backend "$DOMAIN_NAME"_https if "$DOMAIN_NAME"_https"
+            fi
+        fi
+    done
+
+    echo
+
+    for i in $(ls $DOMAIN_DIR | cut -d / -f2); do
+
+        if [[ "$DOMAIN_NAME" != "" && "$(jq -r .HTTPS_PORT $i)" != "" && "$DOMAIN_NAME" != "letsencrypt" ]]; then
+            DOMAIN_NAME=$(jq -r .DOMAIN $i)
+            TLD="$(echo $DOMAIN_NAME | rev | cut -d '.' -f1 | rev)"
+            WILDCARD=$(echo $DOMAIN_NAME | grep '*')
+            if [ "$WILDCARD" != "" ]; then
+                HOST=$(echo $DOMAIN_NAME | rev | cut -d '.' -f2- | rev | cut -d '.' -f2-)
+                echo "backend $HOST."$TLD"_https"
+                echo "	option ssl-hello-chk"
+                echo "	mode tcp"
+                echo "	server $HOST.$TLD $(jq -r .LOCAL_NAME $i):$(jq -r .HTTPS_PORT $i) check send-proxy"
+            else
+                echo "backend "$DOMAIN_NAME"_https"
+                echo "	option ssl-hello-chk"
+                echo "	mode tcp"
+                echo "	server $DOMAIN_NAME $(jq -r .LOCAL_NAME $i):$(jq -r .HTTPS_PORT $i) check send-proxy"
+            fi
+        fi
+    done
+
+} >>"$file"
+echo "$DOMAIN" >>$PROXY_CONFIG_DIR/new_config
--- a/scripts/domain.example.conf
+++ b/scripts/domain.example.conf
@@ -0,0 +1,87 @@
+server {
+listen 80 proxy_protocol;
+server_name domain.example;
+set_real_ip_from 0.0.0.0/0;
+real_ip_header proxy_protocol;
+rewrite_log on;
+return 301 https://domain.example;
+}
+server {
+listen 443 ssl proxy_protocol;
+set_real_ip_from 0.0.0.0/0;
+real_ip_header proxy_protocol;
+server_name domain.example;
+client_max_body_size 0;
+rewrite_log on;
+proxy_ssl_server_name on; 
+ ssl_dhparam /etc/ssl/keys/domain.example/dhparam.pem;
+ssl_certificate /etc/ssl/keys/fullchain.pem;
+ ssl_certificate_key /etc/ssl/keys/key.pem;
+ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
+ ssl_prefer_server_ciphers on;
+ ssl_ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS !RC4 !kDHE";
+ssl_session_cache shared:SSL:50m;
+ssl_session_timeout 5m;
+ssl_stapling on;
+location / {
+ limit_except GET HEAD {
+ 	allow 192.168.109.1;
+ 	allow 192.168.109.2;
+ 	deny  all;
+ }
+ proxy_pass http://domain-app:80;
+ proxy_set_header Host $http_host;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_set_header X-Forwarded-Proto $scheme;
+ proxy_set_header Upgrade $http_upgrade;
+ proxy_cookie_path / /;
+ proxy_set_header Connection $http_connection;
+ proxy_connect_timeout      300;
+ proxy_send_timeout         300;
+ proxy_read_timeout         300;
+ proxy_next_upstream off;
+ proxy_redirect off;
+ proxy_buffering off;
+}
+location example2 {
+ proxy_pass http://example-app2-modified:80;
+ proxy_set_header Host $http_host;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_set_header X-Forwarded-Proto $scheme;
+ proxy_set_header Upgrade $http_upgrade;
+ proxy_cookie_path example2 example2;
+ proxy_set_header Connection $http_connection;
+ proxy_connect_timeout      300;
+ proxy_send_timeout         300;
+ proxy_read_timeout         300;
+ proxy_next_upstream off;
+ proxy_redirect off;
+ proxy_buffering off;
+}
+# location end
+location example {
+ limit_except GET HEAD {
+ 	allow 192.168.105.1
+ 	allow 192.168.106.1
+ 	allow 192.168.107.1
+ 	deny all;
+ }
+ proxy_pass http://example-app:80;
+ proxy_set_header Host $http_host;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_set_header X-Forwarded-Proto $scheme;
+ proxy_set_header Upgrade $http_upgrade;
+ proxy_cookie_path example example;
+ proxy_set_header Connection $http_connection;
+ proxy_connect_timeout      300;
+ proxy_send_timeout         300;
+ proxy_read_timeout         300;
+ proxy_next_upstream off;
+ proxy_redirect off;
+ proxy_buffering off;
+}
+# location end
+}
--- a/scripts/domains/app.domain.example
+++ b/scripts/domains/app.domain.example
@@ -0,0 +1,23 @@
+{
+"DEBUG": "true",
+"DOMAIN": "domain.example",
+"ALIASES_HTTP": [ ],
+"ALIASES_HTTPS": [ ],
+"LOCAL_NAME": "domain-app",
+"HTTP_PORT": "",
+"HTTPS_PORT": "80",
+"ERROR_PAGE": "",
+"REDIRECT_HTTP": "",
+"REDIRECT_HTTPS": "",
+"MAX_BODY_SIZE": "",
+"ALLOWED_NETWORK": [ "192.168.109.1", "192.168.109.2", "192.168.110.2" ],
+"OPERATION": "CREATE",
+"ALTERNATE_LOCATION_PATH": [
+	{
+        "LOCAL_PATH": "example",
+        "LOCAL_NAME": "example-app",
+        "LOCAL_PORT": "",
+	"LOCAL_ALLOWED_NETWORK": [ "192.168.105.1", "192.168.106.1", "192.168.107.1" ]
+        }
+]
+}
--- a/scripts/domains/app2.domain.example
+++ b/scripts/domains/app2.domain.example
@@ -0,0 +1,24 @@
+{
+"DEBUG": "true",
+"DOMAIN": "domain.example",
+"ALIASES_HTTP": [ ],
+"ALIASES_HTTPS": [ ],
+"LOCAL_NAME": "domain-app2",
+"HTTP_PORT": "",
+"HTTPS_PORT": "80",
+"ERROR_PAGE": "",
+"REDIRECT_HTTP": "",
+"REDIRECT_HTTPS": "",
+"MAX_BODY_SIZE": "",
+"ALLOWED_NETWORK": [ ],
+"OPERATION": "MODIFY",
+"ALTERNATE_LOCATION_PATH": [
+	{
+        "LOCAL_PATH": "example2",
+        "LOCAL_NAME": "example-app2-modified",
+        "LOCAL_PORT": "",
+	"LOCAL_ALLOWED_NETWORK": [ ]
+        }
+	]
+
+}
--- a/scripts/domains/app3.domain.example
+++ b/scripts/domains/app3.domain.example
@@ -0,0 +1,23 @@
+{
+"DEBUG": "true",
+"DOMAIN": "domain.example",
+"ALIASES_HTTP": [ ],
+"ALIASES_HTTPS": [ ],
+"LOCAL_NAME": "domain-app",
+"HTTP_PORT": "",
+"HTTPS_PORT": "80",
+"ERROR_PAGE": "",
+"REDIRECT_HTTP": "",
+"REDIRECT_HTTPS": "",
+"MAX_BODY_SIZE": "",
+"ALLOWED_NETWORK": [ ],
+"ALTERNATE_LOCATION_PATH": [
+	{
+        "LOCAL_PATH": "example3",
+        "LOCAL_NAME": "example-app3",
+        "LOCAL_PORT": "",
+	"LOCAL_ALLOWED_NETWORK": [ ]
+        }
+	]
+
+}
--- a/scripts/domains/domain.sample
+++ b/scripts/domains/domain.sample
@@ -0,0 +1,13 @@
+{
+"DEBUG": "true",
+"DOMAIN": "domain.example",
+"ALIASES_HTTP": [ ],
+"ALIASES_HTTPS": [ ],
+"LOCAL_NAME": "domain-app",
+"HTTP_PORT": "",
+"HTTPS_PORT": "80",
+"ERROR_PAGE": "",
+"REDIRECT_HTTP": "",
+"REDIRECT_HTTPS": "",
+"MAX_BODY_SIZE": ""
+}
--- a/scripts/global_http
+++ b/scripts/global_http
@@ -1,4 +1,4 @@
-bind :80
+bind :80 accept-proxy
  mode http
  option forwardfor  
  option httplog
--- a/scripts/global_https
+++ b/scripts/global_https
@@ -1,4 +1,4 @@
-bind :443
+bind :443 accept-proxy
  mode tcp
  option tcplog
  option dontlognull
--- a/scripts/haproxy_template.cfg
+++ b/scripts/haproxy_template.cfg
@@ -1,11 +1,13 @@
 global
-  log stdout format raw local0 debug
+  log stdout format raw local0 info
 defaults
-  timeout client 30s
-  timeout server 30s
-  timeout connect 5s
  mode http
  option redispatch
  option http-server-close
  log global
+  timeout connect 5s
+  timeout client 24h
+  timeout server 24h
+  option srvtcpka
+  option clitcpka

--- a/scripts/nginx_config_create.sh
+++ b/scripts/nginx_config_create.sh
@@ -1,135 +1,440 @@
 #!/bin/sh

+GENERATE_CERTIFICATE=$GENERATE_CERTIFICATE
+
 cd /proxy_config

-DOMAIN=$1
-if [ -n "$2" ]; then
-	echo "$DOMAIN DELETED";
-	rm $DOMAIN.conf;
-	exit;
-fi
-
-DOMAIN_SOURCE=/domains/$DOMAIN
+FILENAME="$1"

+DOMAIN_SOURCE=/domains/$FILENAME
+#DOMAIN_SOURCE=./domains/$FILENAME #TEMP
 DOMAIN_NAME=$(jq -r .DOMAIN $DOMAIN_SOURCE)
 HTTP_PORT=$(jq -r .HTTP_PORT $DOMAIN_SOURCE)
 HTTPS_PORT=$(jq -r .HTTPS_PORT $DOMAIN_SOURCE)
-LOCAL_IP=$(jq -r .LOCAL_IP $DOMAIN_SOURCE)
-ALIASES_HTTP=$(jq -r .ALIASES_HTTP $DOMAIN_SOURCE)
-ALIASES_HTTPS=$(jq -r .ALIASES_HTTPS $DOMAIN_SOURCE)
+ALIASES_HTTP=$(jq -r '.ALIASES_HTTP | select(.!="null") | join(" ")' $DOMAIN_SOURCE)
+ALIASES_HTTPS=$(jq -r '.ALIASES_HTTPS | select(.!="null") | join(" ")' $DOMAIN_SOURCE)
 REDIRECT_HTTP=$(jq -r .REDIRECT_HTTP $DOMAIN_SOURCE)
 REDIRECT_HTTPS=$(jq -r .REDIRECT_HTTPS $DOMAIN_SOURCE)
 ERROR_PAGE=$(jq -r .ERROR_PAGE $DOMAIN_SOURCE)
+MAX_BODY_SIZE=$(jq -r .MAX_BODY_SIZE $DOMAIN_SOURCE)
+DEBUG=$(jq -r .DEBUG $DOMAIN_SOURCE)
+ALLOWED_NETWORK=$(jq -r '.ALLOWED_NETWORK | select(.!="null") | join(" ")' $DOMAIN_SOURCE)
+OPERATION=$(jq -r '.OPERATION' $DOMAIN_SOURCE)
+BASIC_AUTH=$(jq -r .BASIC_AUTH $DOMAIN_SOURCE)
+ALTERNATE_LOCATION_PATH=$(jq -r .ALTERNATE_LOCATION_PATH $DOMAIN_SOURCE)
+LOCAL_NAME=$(jq -r .LOCAL_NAME $DOMAIN_SOURCE 2>/dev/null)
+if [[ "$LOCAL_NAME" == "" || "$LOCAL_NAME" == "null" ]]; then
+    LOCAL_NAME=$(jq -r .LOCAL_IP $DOMAIN_SOURCE 2>/dev/null)
+fi
+RELOAD_LOCATIONS=""

-# check whether certificates exist or not
-
-if [[ $HTTPS_PORT != "" ]]; then
-	/scripts/check_certificates.sh "$DOMAIN";
+if [ -n "$2" ] || [ "$OPERATION" == "DELETE" ]; then
+    echo "$DOMAIN_NAME DELETED"
+    rm $DOMAIN_NAME.conf
+    exit
 fi

-echo "created domain name: "$DOMAIN;
+add_alternate_location() {
+    {
+        cat $DOMAIN_NAME.conf | head -n -1
+        add_location
+        echo "}"

-file="/tmp/$DOMAIN.conf"
+    } >>"$file"
+}

-#cp -a /scripts/nginx_template.conf /tmp/$DOMAIN.conf
+add_location() {

-{
+    if [[ "$ALTERNATE_LOCATION_PATH" != "" ]]; then

-if [[ $HTTP_PORT != "" ]]; then
-	echo "server {
-listen $HTTP_PORT;
-server_name $DOMAIN_NAME;
-rewrite_log on;"
+        ALP_IDX=$(jq -r '.ALTERNATE_LOCATION_PATH | length' $DOMAIN_SOURCE)
+        ALP_IDX=$(($ALP_IDX - 1))

+        for i in $(seq 0 $ALP_IDX); do
+            ALP=$(jq -r .ALTERNATE_LOCATION_PATH[$i] $DOMAIN_SOURCE)

-	if [[ $REDIRECT_HTTP != "" && $HTTP_PORT != "" ]]; then
-		echo "return 301 $REDIRECT_HTTP;"
+            ALP_LOCAL_PATH=$(echo $ALP | jq -rc .LOCAL_PATH)
+            ALP_LOCAL_NAME=$(echo $ALP | jq -rc .LOCAL_NAME)
+            ALP_LOCAL_PORT=$(echo $ALP | jq -rc .LOCAL_PORT)
+            ALP_LOCAL_ALLOWED_NETWORK=$(echo $ALP | jq -rc '.LOCAL_ALLOWED_NETWORK | select(.!="null") | join(" ")')

+            # do not duplicate locations
+            EXISTS=$(grep -rn "location $ALP_LOCAL_PATH {" -m 1 $DOMAIN_NAME.conf)
+            if [ -n "$EXISTS" ]; then
+                ROW_NUMBER=$(echo $EXISTS | cut -d ':' -f1)
+                START=$(($ROW_NUMBER + 2))
+                OFFSET=$(tail -n+$START $DOMAIN_NAME.conf | grep -n '}' -m 1 | cut -d ':' -f1)
+                OFFSET=$(($OFFSET - 2))
+                ALP_ALLOWED=$(echo $(tail -n+$START $DOMAIN_NAME.conf | head -n $OFFSET | awk '{print $2}')) # echo removes space at the end
+                if [ "$ALP_LOCAL_ALLOWED_NETWORK" != "$ALP_ALLOWED" ]; then
+                    RELOAD_LOCATIONS=$RELOAD_LOCATIONS$ALP_LOCAL_PATH" "
+                fi
+                # skip if exists
+                continue
+            fi

-	else
-		echo "location / {"
+            if [[ "$ALP_LOCAL_NAME" = "" ]]; then
+                ALP_LOCAL_NAME=$LOCAL_NAME
+            fi

-		if [[ $HTTP_PORT != "" ]]; then
- 			echo "proxy_pass http://$LOCAL_IP:$HTTP_PORT;"
-		else
- 			echo "proxy_pass http://$LOCAL_IP:80;"
-		fi
+            if [[ "$ALP_LOCAL_PORT" = "" ]]; then
+                ALP_LOCAL_PORT=$HTTP_PORT
+            fi

-		 echo "proxy_redirect off;
-		 proxy_buffering off;
-		 proxy_set_header X-Forwarded-For "'$proxy_add_x_forwarded_for'";
-		 proxy_set_header Upgrade "'$http_upgrade'";
-		 proxy_set_header Connection "'$http_connection'";
-		 proxy_cookie_path / /;
-		 access_log off;"
+            echo "location $ALP_LOCAL_PATH {"

-			if [[ $ERROR_PAGE != "" && $HTTP_PORT != "" ]]; then
-				echo "error_page 404 /$ERROR_PAGE;
+            if [ "$BASIC_AUTH" == "TRUE" ]; then
+                echo '  auth_basic           "SAFEBOX AUTHORIZATION";
+     auth_basic_user_file htpasswd;
+                        '
+            fi
+
+            if [[ "$ALP_LOCAL_ALLOWED_NETWORK" != "" ]]; then
+                echo " limit_except GET HEAD {"
+                for i in $(echo $ALP_LOCAL_ALLOWED_NETWORK); do
+                    echo " 	allow $i"
+                done
+                echo " 	deny all;"
+                echo " }"
+            fi
+
+            if [[ "$ALP_LOCAL_PORT" != "" ]]; then
+                echo " proxy_pass http://$ALP_LOCAL_NAME:$ALP_LOCAL_PORT/;"
+            else
+                echo " proxy_pass http://$ALP_LOCAL_NAME:80;"
+            fi
+
+            echo " proxy_set_header Host "'$http_host'";
+ proxy_set_header X-Real-IP "'$remote_addr'";
+ proxy_set_header X-Forwarded-For "'$proxy_add_x_forwarded_for'";
+ proxy_set_header X-Forwarded-Proto "'$scheme'";
+ proxy_set_header Upgrade "'$http_upgrade;'"
+ proxy_cookie_path $ALP_LOCAL_PATH $ALP_LOCAL_PATH;
+ proxy_set_header Connection "'$http_connection'";
+ proxy_connect_timeout      300;
+ proxy_send_timeout         300;
+ proxy_read_timeout         300;
+ proxy_next_upstream off;"
+
+            if [[ "$DEBUG" != "true" ]]; then
+                echo " access_log off;"
+            fi
+            echo " proxy_redirect off;"
+            echo " proxy_buffering off;"
+            echo "}"
+            echo "# location end"
+        done
+    fi
+
+}
+
+remove_alternate_location() {
+
+    if [[ "$ALTERNATE_LOCATION_PATH" != "" ]]; then
+
+        ALP_IDX=$(jq -r '.ALTERNATE_LOCATION_PATH | length' $DOMAIN_SOURCE)
+        ALP_IDX=$(($ALP_IDX - 1))
+
+        for i in $(seq 0 $ALP_IDX); do
+            ALP=$(jq -r .ALTERNATE_LOCATION_PATH[$i] $DOMAIN_SOURCE)
+            ALP_LOCAL_PATH=$(echo $ALP | jq -rc .LOCAL_PATH)
+            remove_location $ALP_LOCAL_PATH
+        done
+    fi
+}
+
+remove_location() {
+    local LOCATION=$1
+
+    LOCATION_ROW="location $LOCATION {"
+    ROW_NUMBER=$(grep -rn "$LOCATION_ROW" $DOMAIN_NAME.conf | cut -d ':' -f1)
+    if [ -n "$ROW_NUMBER" ]; then
+        OFFSET=$(tail -n+$ROW_NUMBER $DOMAIN_NAME.conf | grep -n '# location end' -m 1 | cut -d ':' -f1)
+        START=$(($ROW_NUMBER - 1))
+        END=$(($ROW_NUMBER + $OFFSET))
+
+        {
+            head -n$START $DOMAIN_NAME.conf
+            tail -n+$END $DOMAIN_NAME.conf
+        } >>$file
+
+        mv $file $DOMAIN_NAME.conf
+    fi
+}
+
+# create new nginx config
+create_new_config() {
+    {
+
+        REGENERATE="$1"
+
+        if [[ "$HTTP_PORT" != "80" ]]; then
+            echo "server {
+listen 80 proxy_protocol;"
+            if [[ "$ALIASES_HTTP" != "" ]]; then
+                echo "server_name $DOMAIN_NAME $ALIASES_HTTP;"
+            else
+                echo "server_name $DOMAIN_NAME;"
+            fi
+            echo "set_real_ip_from 0.0.0.0/0;
+real_ip_header proxy_protocol;
+rewrite_log on;
+return 301 https://$DOMAIN_NAME;
+}"
+
+        fi
+
+        if [[ "$HTTP_PORT" != "" && "$HTTP_PORT" != "80" ]]; then
+            echo "server {
+	listen $HTTP_PORT proxy_protocol;
+	set_real_ip_from 0.0.0.0/0;
+	real_ip_header proxy_protocol;"
+
+            if [[ "$ALIASES_HTTP" != "" ]]; then
+                echo "server_name $DOMAIN_NAME $ALIASES_HTTP;"
+            else
+                echo "server_name $DOMAIN_NAME;"
+            fi
+
+            if [[ "$MAX_BODY_SIZE" != "" ]]; then
+                echo "client_max_body_size "$MAX_BODY_SIZE";"
+
+            else
+
+                echo "client_max_body_size 0;"
+            fi
+
+            echo "rewrite_log on;"
+
+            if [[ "$REDIRECT_HTTP" != "" ]]; then
+                echo "return 301 $REDIRECT_HTTP;"
+            elif [[ "$HTTP_PORT" == "" ]]; then
+                echo "return 301 https://"$DOMAIN_NAME
+
+            else
+                echo "location / {"
+
+                if [ "$BASIC_AUTH" == "TRUE" ]; then
+                    echo '  auth_basic           "SAFEBOX AUTHORIZATION";
+     auth_basic_user_file htpasswd;
+                        '
+                fi
+
+                if [[ "$ALLOWED_NETWORK" != "" ]]; then
+                    ALLOWED_NETWORK_IDX=$(jq -r '.ALLOWED_NETWORK | length' $DOMAIN_SOURCE)
+                    ALLOWED_NETWORK_IDX=$(($ALLOWED_NETWORK_IDX - 1))
+
+                    echo " limit_except GET HEAD {"
+                    for i in $(seq 0 $ALLOWED_NETWORK_IDX); do
+                        AN=$(jq -r .ALLOWED_NETWORK[$i] $DOMAIN_SOURCE)
+                        echo " 	allow "$AN";"
+                    done
+                    echo " 	deny  all;"
+                    echo " }"
+                fi
+
+                if [[ "$HTTP_PORT" != "" ]]; then
+                    echo " proxy_pass http://$LOCAL_NAME:$HTTP_PORT;"
+                fi
+
+                echo " proxy_set_header Host "'$http_host'";
+	 proxy_set_header X-Real-IP "'$remote_addr'";
+	 proxy_set_header X-Forwarded-For "'$proxy_add_x_forwarded_for'";
+	 proxy_set_header X-Forwarded-Proto "'$scheme'";
+	 proxy_set_header Upgrade "'$http_upgrade;'"
+	 proxy_cookie_path / /;
+	 proxy_set_header Connection "'$http_connection'" ;"
+
+                if [[ "$DEBUG" != "true" ]]; then
+                    echo " access_log off;"
+                fi
+                echo " proxy_redirect off;"
+                echo " proxy_buffering off;"
+                echo "}"
+
+                if [[ "$ERROR_PAGE" != "" && "$HTTP_PORT" != "" ]]; then
+                    echo "error_page 404 /$ERROR_PAGE;
 				location = /$ERROR_PAGE {
 				      root    html;
 				      allow   all;
 				      index   404.html;
 				      rewrite ^ "'$scheme'" http://$ERROR_PAGE"'$request_uri'" permanent;
 					      }"
-			fi
-		echo "}"
-	fi
-echo "}"
-fi
+                fi
+            fi
+            echo "}"
+        fi

-if [[ $HTTPS_PORT != "" ]]; then
-	echo "server {
-listen $HTTPS_PORT ssl;
-server_name $DOMAIN_NAME;
-rewrite_log on;
+        if [[ "$HTTPS_PORT" != "" ]]; then
+            echo "server {
+listen 443 ssl proxy_protocol;
+set_real_ip_from 0.0.0.0/0;
+real_ip_header proxy_protocol;"
+
+            if [[ "$ALIASES_HTTPS" != "" ]]; then
+                echo "server_name $DOMAIN_NAME $ALIASES_HTTPS;"
+            else
+                echo "server_name $DOMAIN_NAME;"
+            fi
+
+            if [[ "$MAX_BODY_SIZE" != "" ]]; then
+                echo "client_max_body_size "$MAX_BODY_SIZE";"
+            else
+                echo "client_max_body_size 0;"
+            fi
+
+            echo "rewrite_log on;
 proxy_ssl_server_name on; 
- ssl_dhparam /etc/ssl/keys/$DOMAIN/dhparam.pem;
- ssl_certificate /etc/ssl/keys/$DOMAIN/fullchain.pem;
- ssl_certificate_key /etc/ssl/keys/$DOMAIN/key.pem;
- ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
+ ssl_dhparam /etc/ssl/keys/$DOMAIN_NAME/dhparam.pem;"
+
+            if [ "$GENERATE_CERTIFICATE" == "true" ]; then
+
+                echo "ssl_certificate /etc/ssl/keys/$DOMAIN_NAME/fullchain.pem;
+ ssl_certificate_key /etc/ssl/keys/$DOMAIN_NAME/key.pem;"
+
+            else
+                echo "ssl_certificate /etc/ssl/keys/fullchain.pem;
+ ssl_certificate_key /etc/ssl/keys/key.pem;"
+
+            fi
+
+            echo "ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
 ssl_prefer_server_ciphers on;
 ssl_ciphers "'"EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS !RC4 !kDHE"'";
 ssl_session_cache shared:SSL:50m;
 ssl_session_timeout 5m;
 ssl_stapling on;"

-
-	if [[ $ERROR_PAGE != "" && $HTTPS_PORT != "" ]]; then
-		echo "error_page 404 /$ERROR_PAGE;
+            if [[ "$ERROR_PAGE" != "" && "$HTTPS_PORT" != "" ]]; then
+                echo "error_page 404 /$ERROR_PAGE;
 location = /$ERROR_PAGE {
      root    html;
      allow   all;
      index   404.html;
-      rewrite ^ "'$scheme'":http://$ERROR_PAGE"'$request_uri'" permanent;
+      rewrite ^ "'$scheme' "http://$ERROR_PAGE"'$request_uri'" permanent;
 	      }"
-	fi
+            fi

-	if [[ $REDIRECT_HTTPS != ""  ]]; then
-		echo "return 301 $REDIRECT_HTTPS;"
-	else 
-		echo "location / {"
+            if [[ "$REDIRECT_HTTPS" != "" ]]; then
+                echo "return 301 $REDIRECT_HTTPS;"
+            else
+                echo "location / {"

-			if [[ $HTTP_PORT != "" ]]; then
-				echo "proxy_pass http://$LOCAL_IP:$HTTP_PORT;"
-			else
-				echo "proxy_pass http://$LOCAL_IP:80;"
-			fi
+                if [ "$BASIC_AUTH" == "TRUE" ]; then
+                    echo '  auth_basic           "SAFEBOX AUTHORIZATION";
+     auth_basic_user_file htpasswd;
+                        '
+                fi

-		echo "proxy_redirect off;
- proxy_buffering off;
+                if [[ "$ALLOWED_NETWORK" != "" ]]; then
+                    ALLOWED_NETWORK_IDX=$(jq -r '.ALLOWED_NETWORK | length' $DOMAIN_SOURCE)
+                    ALLOWED_NETWORK_IDX=$(($ALLOWED_NETWORK_IDX - 1))
+
+                    echo " limit_except GET HEAD {"
+                    for i in $(seq 0 $ALLOWED_NETWORK_IDX); do
+                        AN=$(jq -r .ALLOWED_NETWORK[$i] $DOMAIN_SOURCE)
+                        echo " 	allow "$AN";"
+                    done
+                    echo " 	deny  all;"
+                    echo " }"
+                fi
+                echo " proxy_pass http://$LOCAL_NAME:$HTTPS_PORT;"
+
+                echo " proxy_set_header Host "'$http_host'";
+ proxy_set_header X-Real-IP "'$remote_addr'";
 proxy_set_header X-Forwarded-For "'$proxy_add_x_forwarded_for'";
- proxy_set_header Upgrade "'$http_upgrade'";
- proxy_set_header Connection "'$http_connection'";
+ proxy_set_header X-Forwarded-Proto "'$scheme'";
+ proxy_set_header Upgrade "'$http_upgrade;'"
 proxy_cookie_path / /;
- access_log off;
-}"
-	fi
+ proxy_set_header Connection "'$http_connection'";
+ proxy_connect_timeout      300;
+ proxy_send_timeout         300;
+ proxy_read_timeout         300;
+ proxy_next_upstream off;"

-echo "}"
+                if [[ "$DEBUG" != "true" ]]; then
+                    echo " access_log off;"
+                fi
+                echo " proxy_redirect off;"
+                echo " proxy_buffering off;"
+                echo "}"

+                echo "# first location end"
+
+                add_location
+
+            fi
+
+            if [ "$REGENERATE" == "" ]; then
+                echo "}"
+            fi
+
+        fi
+
+    } >>"$file"
+}
+
+regenerate_config() {
+
+    mv $file $DOMAIN_NAME.conf
+
+    # regenerates nginx config into $file
+    create_new_config "regenerate"
+
+    #  append existing alternate locations to new config file
+    OFFSET=$(cat $DOMAIN_NAME.conf | grep -n '# first location end' -m 1 | cut -d ':' -f1)
+    OFFSET=$(($OFFSET + 1))
+    {
+        tail -n+$OFFSET $DOMAIN_NAME.conf
+    } >>$file
+}
+
+file="/tmp/$DOMAIN_NAME.conf"
+
+# check whether certificates exist or not
+
+echo "created domain name: "$DOMAIN_NAME
+
+#cp -a /scripts/nginx_template.conf /tmp/$DOMAIN.conf
+
+# if domain already exists as a config file append alternate location there
+if [ -f $DOMAIN_NAME.conf ]; then
+
+    if [ "$OPERATION" = "DELETE" ]; then
+        remove_alternate_location
+    elif [ "$OPERATION" = "MODIFY" ]; then
+        # must be before create_new_config
+        remove_alternate_location
+        add_alternate_location
+
+        regenerate_config
+
+    else
+        # default CREATE, append location
+        add_alternate_location
+
+        regenerate_config
+
+        # reload alternate locations if allowed networks has changed
+        if [ -n "$RELOAD_LOCATIONS" ]; then
+            rm $file
+            remove_alternate_location
+            add_alternate_location
+        fi
+    fi
+else
+
+    # rewrite operation if nginx config file doesn't exists
+    OPERATION="CREATE"
+    create_new_config
+
+fi # end of create new nginx config
+
+if [ "$OPERATION" != "DELETE" ]; then
+    mv $file $DOMAIN_NAME.conf
 fi
+echo "$DOMAIN" >>new_config

-} >> "$file"
-
-mv /tmp/$DOMAIN.conf $DOMAIN.conf;
-echo "$DOMAIN" >> new_config
+if [ "$HTTPS_PORT" != "" ]; then
+    /scripts/check_certificates.sh "$DOMAIN_NAME" &
+fi
--- a/scripts/scheduler.sh
+++ b/scripts/scheduler.sh
@@ -10,70 +10,65 @@ DOMAIN_DIR=$DOMAIN_DIR
 CERT_DIR=$CERT_DIR
 PROXY_CONFIG_DIR=$PROXY_CONFIG_DIR

+# If not exits CERT_DIR, create it
+mkdir -p $CERT_DIR
+
 # Triggers by certificate or domain config changes

 unset IFS

-inotifywait --exclude .sw -m -e CREATE,CLOSE_WRITE,DELETE -r $DOMAIN_DIR $CERT_DIR | \
+inotifywait --exclude "\.(swp|tmp)" -m -e CREATE,CLOSE_WRITE,DELETE,MOVED_TO -r $DOMAIN_DIR $CERT_DIR $PROXY_CONFIG_DIR | \
 while read dir op file

 do 

+ echo "DEBUG: $dir $file $op";
+
 parent="/"$(echo $dir|cut -d / -f2)

 if [[ "${parent}" == "${CERT_DIR}" && "${op}" == "CLOSE_WRITE,CLOSE" ]] ; then
 		DOMAIN=$(echo $dir|cut -d / -f3);
-		if [[ -f $CERT_DIR/$DOMAIN/renew_certificate && ! -f $PROXY_CONFIG_DIR/new_config ]]; then
-			rm $CERT_DIR/$DOMAIN/renew_certificate;
-			echo "New cert created: '$DOMAIN'";
-			echo "newcert check proxy";
-			/scripts/check_proxy_state.sh $DOMAIN;
-		
-		elif [[ -f $CERT_DIR/$DOMAIN/new_certificate && ! -f $PROXY_CONFIG_DIR/new_config ]]; then
+		if [[ -f $CERT_DIR/$DOMAIN/new_certificate ]]; then
 			rm $CERT_DIR/$DOMAIN/new_certificate;
 			echo "New cert created: '$DOMAIN'";
 			echo "newcert check proxy";
 			/scripts/check_proxy_state.sh $DOMAIN;
 		fi
 
- elif [[ "${parent}" == "${DOMAIN_DIR}" && "${op}" == "CLOSE_WRITE,CLOSE" ]]; then
-		DOMAIN=$(echo $file);
+ elif [ "${parent}" == "${DOMAIN_DIR}" ] && [[ "${op}" == "CLOSE_WRITE,CLOSE" || "${op}" == "MOVED_TO" ]]; then

 	if [[ "${PROXY_TYPE}" == "haproxy" ]]; then                                               
-		echo "haproxy config created, changed";                                           
-		/scripts/config_haproxy_create.sh $DOMAIN;                                                
-		
-		if [ -f "$PROXY_CONFIG_DIR/new_config" ] ; then                                   
-			/scripts/check_proxy_state.sh "$DOMAIN";                                  
-		fi                                                                                
+		DOMAIN=$(cat $DOMAIN_DIR"/"$file | jq -r .DOMAIN);
+		if [ "$DOMAIN" == "$file" ]; then
+			echo "haproxy config created, changed";                                           
+			/scripts/config_haproxy_create.sh $file; 
+		fi;
 	else                                                                                      
 		echo "domain config created, changed";
-		/scripts/nginx_config_create.sh "$DOMAIN";                                        
+		/scripts/nginx_config_create.sh "$file";
+	fi	

+elif [[ "${parent}" == "${PROXY_CONFIG_DIR}" && "${op}" == "CLOSE_WRITE,CLOSE" ]]; then
+
+	if [[ $file != "new_config" && $file != "config" ]]; then
+		DOMAIN=$(echo "${file%.*}");
 		if [ -f "$PROXY_CONFIG_DIR/new_config" ] ; then                                   
 			/scripts/check_proxy_state.sh "$DOMAIN";                                  
 		fi 
-	fi
+	fi;

- elif [[ "${parent}" == "${DOMAIN_DIR}" && "${op}" == "DELETE" ]] ; then
-		DOMAIN=$(echo $file);
-		echo "domain deleted";
+elif [[ "${parent}" == "${DOMAIN_DIR}" && "${op}" == "DELETE" ]] ; then
+
+	echo "domain file: $file deleted";
 		
 	if [[ "${PROXY_TYPE}" == "haproxy" ]]; then                                               
 		echo "haproxy config deleted";                                           
 		/scripts/config_haproxy_create.sh;

-		if [ -f "$PROXY_CONFIG_DIR/new_config" ] ; then                                   
-			/scripts/check_proxy_state.sh;                                  
-		fi                                                                                
-	else                                                                                      
-		if [ ! -f "$DOMAIN_DIR/$DOMAIN" ]; then
-			/scripts/nginx_config_create.sh "$DOMAIN" "DEL";
-			/scripts/check_proxy_state.sh "$DOMAIN" "DEL";
- 		fi
-	fi
-
- fi
-
+	elif [ ! -f "$DOMAIN_DIR/$file" ]; then
+		/scripts/nginx_config_create.sh "$file" "DEL";
+		/scripts/check_proxy_state.sh "$file" "DEL";
+ 	fi
+fi

 done
Author	SHA1	Message	Date
gyurix	c3d881122c	Run certificate check in the background during Nginx config creation All checks were successful continuous-integration/drone/push Build is passing Details	2025-07-31 11:48:01 +02:00
gyurix	b5676c8ce6	Allow domain configuration deletion in Nginx script All checks were successful continuous-integration/drone/push Build is passing Details	2025-05-26 12:29:33 +02:00
gyurix	8f23ff58ac	Update basic authentication messages in Nginx configuration script All checks were successful continuous-integration/drone/push Build is passing Details	2025-04-21 10:33:00 +02:00
gyurix	18ff17af6a	Enhance error handling in certificate generation and improve logging for better debugging All checks were successful continuous-integration/drone/push Build is passing Details	2025-04-21 09:42:47 +02:00
gyurix	61047a8913	Add BUILDKIT_NO_HTTP2 environment variable and improve domain check logging in certificate script All checks were successful continuous-integration/drone/push Build is passing Details	2025-04-15 09:29:42 +02:00
gyurix	67ea15291c	Increase restart attempts in proxy configuration and add domain check logging in certificate script All checks were successful continuous-integration/drone/push Build is passing Details	2025-04-15 08:31:25 +02:00
gyurix	9ebbed0696	Restrict certificate generation to non-localhost domains All checks were successful continuous-integration/drone/push Build is passing Details	2025-04-14 12:20:01 +02:00
Gyorgy Berenyi	0c841706a8	Update letsencrypt.json All checks were successful continuous-integration/drone/push Build is passing Details	2025-03-30 06:44:12 +00:00
gyurix	4b86c3067f	Update LETSENCRYPT_OUTPUT initialization to use empty JSON object for improved structure All checks were successful continuous-integration/drone/push Build is passing Details	2025-03-18 08:58:19 +01:00
gyurix	c402e960be	Refactor JSON handling in check_certificates.sh to simplify domain entry updates All checks were successful continuous-integration/drone/push Build is passing Details	2025-03-15 00:20:02 +01:00
gyurix	6f2a6ed610	Refactor JSON creation in check_certificates.sh to use from_entries for improved data structure All checks were successful continuous-integration/drone/push Build is passing Details	2025-03-14 20:37:53 +01:00
gyurix	6359f9a4cf	Refactor JSON output structure in check_certificates.sh for improved data handling All checks were successful continuous-integration/drone/push Build is passing Details	2025-03-14 18:15:40 +01:00
gyurix	9073684f44	Remove base64 encoding of log content in check_certificates.sh for improved clarity All checks were successful continuous-integration/drone/push Build is passing Details	2025-03-13 08:39:01 +01:00
gyurix	9a96b891f8	Enhance check_certificates.sh to initialize output file and improve JSON handling for domain status logging All checks were successful continuous-integration/drone/push Build is passing Details	2025-03-12 23:12:12 +01:00
Gyorgy Berenyi	bf94d01c0f	Update scripts/check_certificates.sh All checks were successful continuous-integration/drone/push Build is passing Details	2025-03-12 20:05:33 +00:00
gyurix	3100110e23	adding debug volume and log conent All checks were successful continuous-integration/drone/push Build is passing Details	2025-03-12 07:52:12 +01:00
gyurix	ba3be0fbd0	merged All checks were successful continuous-integration/drone/push Build is passing Details Merge branch 'master' of https://git.format.hu/format/proxy-scheduler	2025-03-05 23:06:03 +01:00
gyurix	3dded502e7	update letsencrypt and firewall configurations to use 'safebox' registry and improve formatting	2025-03-05 23:05:39 +01:00
Gyorgy Berenyi	86d57693f6	Update .drone.yml All checks were successful continuous-integration/drone/push Build is passing Details	2025-03-05 10:42:38 +00:00
Gyorgy Berenyi	e443266f75	Update .drone.yml	2025-03-05 10:41:59 +00:00
Gyorgy Berenyi	435237009a	add drone.yml	2025-03-05 10:41:16 +00:00
Gyurix	f4f696ccd6	VOLUME_MOUNTS	2025-03-03 17:16:48 +01:00
hael	e3371457f3	SETUP_VERSION	2025-03-03 17:11:06 +01:00
gyurix	4f048de3bc	missing variable check	2024-11-25 14:38:49 +01:00
gyurix	abb46b2426	typo	2024-11-25 14:32:54 +01:00
gyurix	f8e2aab2c4	removed host_ tag	2024-11-25 14:22:37 +01:00
gyurix	390d2cad75	correcting some typo	2024-11-25 13:20:17 +01:00
gyurix	9318cea882	corrected domain name variable usage even it contains asterisk character	2024-11-25 12:22:44 +01:00
Gyurix	3466187280	added external volume mounts and removes some	2024-11-23 12:40:45 +01:00
gyurix	4e8db26524	added force create mode	2024-10-17 11:53:33 +02:00
Gyurix	196d1d0bb9	corrected ssl content path	2024-10-14 13:30:31 +02:00
Gyurix	061e0b8099	removed docker binary mounts	2024-09-09 16:47:05 +02:00
gyurix	d9eaf7bfac	format syntax for statement	2024-01-05 10:10:47 +00:00
gyurix	afab68d7de	format syntax error	2024-01-05 10:58:18 +01:00
gyurix	0cbc75473b	Added individual domain flag if user uses wildcard domain	2024-01-05 10:52:11 +01:00
gyurix	c50e1a6ff4	added asterisk character manage to haproxy config create	2024-01-05 10:18:40 +01:00
Gyorgy Berenyi	5a9a72275c	Update proxy-scheduler.json	2023-12-11 07:16:48 +00:00
Gyorgy Berenyi	158cc48e92	Update proxy-scheduler.json	2023-11-09 06:54:26 +00:00
gyurix	a3f616e326	Added prechecked flag to service file start	2023-11-08 16:28:26 +00:00
gyurix	ce45a3545e	Added json arg to service file	2023-11-08 16:22:43 +00:00
Gyorgy Berenyi	4a94d1d4fe	Update scripts/check_certificates.sh	2023-11-07 13:10:35 +00:00
Gyorgy Berenyi	6034b81758	Update scripts/check_certificates.sh	2023-11-07 12:51:23 +00:00
gyurix	783fb41830	Added exact pattern for excluding changes	2023-08-17 11:48:41 +00:00
gyurix	30d094b442	Added exact pattern for excluding changes	2023-08-17 11:37:08 +00:00
Gyorgy Berenyi	5f92463d69	Update 'scripts/check_proxy_state.sh' Check whether containers in running but not up state	2023-08-01 20:16:15 +00:00
gyurix	3be0ce5c32	Added firewall service file	2023-06-13 11:30:05 +00:00
gyurix	8b9d83fff7	Added firewall service file	2023-06-13 11:29:19 +00:00
gyurix	eb446cefed	Added multiple arrays into temporary service file	2023-06-13 09:18:29 +00:00
gyurix	23beab8a6d	Added multiple arrays into temporary service file	2023-06-13 09:01:21 +00:00
gyurix	fd3d8cf1db	Added letsencrypt additional values	2023-06-12 14:06:48 +00:00
gyurix	653ae296ab	Added letsencrypt additional values	2023-06-12 13:52:42 +00:00
gyurix	2f56105ec5	Added letsencrypt additional values	2023-06-12 13:35:40 +00:00
gyurix	e7ab2f7ea2	Added letsencrypt additional values	2023-06-12 13:26:02 +00:00
gyurix	8bc47ad120	Added letsencrypt additional values	2023-06-12 13:03:16 +00:00
gyurix	4657296579	Added letsencrypt additional values	2023-06-11 08:46:58 +00:00
gyurix	8f2a9e50cb	restarting proxies when any certificate created	2023-06-09 07:51:34 +00:00
gyurix	9c51ea802e	restarting proxies when any certificate created	2023-06-08 14:37:35 +00:00
gyurix	2e64b67aaf	restarting proxies when any certificate created	2023-06-08 14:25:03 +00:00
Gyorgy Berenyi	9fc8949429	Update 'scripts/check_certificates.sh' Added exit rule once self signed certificate created at first time and added self sign certificate create when no any backend proxies found	2023-06-08 07:38:10 +00:00
hael	a744f92f9f	rewrite operation if nginx config file doesn't exists	2023-05-16 19:04:34 +00:00
root	7abe197967	MODIFY base data	2023-04-17 06:17:05 +00:00
Gyorgy Berenyi	55f06298df	Update 'scripts/check_proxy_state.sh' Removed network restart process	2023-04-11 09:40:40 +00:00
gyurix	c600c78d76	Change statement when proxies restarting	2023-03-13 20:48:38 +00:00
gyurix	33356f4b98	Introducing FORCE_RESTART variable and manage the proxy restart processes	2023-03-13 08:23:24 +00:00
hael	dbf7bc82ea	sample files for testing	2023-02-22 11:44:05 +00:00
hael	55f0ebdd89	if allowed networks has changed then do not skip duplicated location but replace it (limit_except GET HEAD) remove_location: remove / tmp filename fix	2023-02-22 09:37:45 +00:00
hael	8c59ed2ce9	remove leading / in duplicate check	2023-02-14 13:48:43 +00:00
gyurix	aa6a84090a	Completing proxy pass url with a hash	2023-02-03 11:39:50 +00:00
gyurix	853755533a	Merge fix Merge branch 'master' of ssh://git.format.hu:20202/format/proxy-scheduler	2023-02-03 11:36:42 +00:00
gyurix	e9aa324cf0	Fix	2023-02-03 11:26:56 +00:00
hael	21e2b063ee	Remove and modify alternate locations	2023-02-02 14:04:21 +00:00
hael	b7ffad16d1	add_alternate_location	2023-02-01 06:54:05 +00:00
gyurix	29e637e54f	Changed LOCAL_IP to LOCAL_NAME in nginx config create	2023-01-26 12:28:23 +00:00
gyurix	ed6d539e95	Added missing per symbol to alternate location path entry	2023-01-25 10:25:19 +00:00
gyurix	9373f2ba3b	Removed cross origin header add lines	2022-12-14 08:41:08 +00:00
gyurix	b52f04347c	Added cross origin parameters to nginx location parts	2022-12-09 11:55:23 +00:00
gyurix	aff9c5efd6	Changing letsencrypt check value within restart cycle	2022-11-23 16:14:08 +00:00
gyurix	a295ec57d5	Added debug lines for check certificate script	2022-11-08 07:25:38 +00:00
gyurix	5c4f072dd7	Correcting cerificates directory path	2022-11-06 21:48:35 +00:00
gyurix	46ee936f3a	Checking any certificate exists for domain	2022-11-06 09:43:57 +00:00
gyurix	ab7bf3a1e1	Fixing validity error	2022-11-03 10:53:25 +00:00
gyurix	cf884be97b	Added domain check cycle for script of generating certificates	2022-11-03 10:30:34 +00:00
gyurix	c0284d9cb8	Added domain check cycle for script of generating certificates	2022-11-03 07:45:32 +00:00
gyurix	ba1772f4aa	Adding server name line when 80 http port not defined	2022-10-28 22:38:52 +00:00
gyurix	8bf5736043	Checking generate certificate and create dhparam file if proxy dir not exists and finalize recovering process with domain delete from domain dir if any error happened	2022-10-26 12:22:29 +00:00
gyurix	6801a7b83c	Check certificate path	2022-10-25 08:53:56 +00:00
gyurix	a19a5c63a7	Added GENERATE_CERTIFICATE variable and check and updated the proxy.json list also	2022-10-21 13:22:12 +00:00
gyurix	acd5903fd1	Fixing http section when variable empty	2022-09-30 12:40:34 +00:00
gyurix	1902534bf0	Fixing http section when variable empty	2022-09-30 09:52:46 +00:00
gyurix	3de68bf07b	Fixing HTTP empty string and HTTPS_PORT variable usage cases	2022-09-20 10:27:54 +00:00
gyurix	0b16b57551	Added MOVED_TO event to inotify watch line	2022-09-10 15:47:19 +00:00
gyurix	7679670a61	Added MOVED_TO event to inotify watch line	2022-09-10 15:40:41 +00:00
gyurix	4922bebdc8	Find and use network name when restarting force the affected backend proxy	2022-09-10 06:19:28 +00:00
gyurix	c6343a976a	Fixing listen ports in nginx config generation script to 80 and 443	2022-08-26 16:28:22 +00:00
gyurix	fdbe2be769	Avoiding proxy config wihtout port 80 listening server section	2022-08-23 11:30:26 +00:00
gyurix	9c0d9c0fc7	Added timeout for curl response	2022-08-16 12:57:59 +00:00
gyurix	cc23487f7a	Changing proxy restart method	2022-08-16 12:32:41 +00:00
gyurix	6dd9a1d976	In case of CERT_DIR directory not exists create it	2022-07-27 08:58:42 +00:00
gyurix	33e90d2ce7	In case of some directories not exist create it	2022-07-27 08:46:22 +00:00
gyurix	75235785fe	Wrong haproxy timeout definitions correcting.	2022-06-24 07:21:49 +00:00
gyurix	9431dbe98e	Haproxy template and nginx default timeout settings were modified.	2022-06-24 06:44:13 +00:00
gyurix	319ef1a381	Setting 300s timeout values in haproxy global template.	2022-06-23 11:26:52 +00:00
gyurix	93c007b73a	Merge remote-tracking branch 'refs/remotes/origin/master'	2022-06-16 08:55:17 +00:00
gyurix	7d9a18e5db	Correcting domain name variable in check_proxy_state method	2022-06-16 08:52:09 +00:00
Gyorgy Berenyi	e11cfcaeeb	Update 'README.md'	2022-06-09 11:38:35 +00:00
Gyorgy Berenyi	1e260d75f4	Update 'README.md'	2022-06-09 11:33:23 +00:00
Gyorgy Berenyi	b9a71da421	Update 'README.md'	2022-06-09 11:32:00 +00:00
Gyorgy Berenyi	760f3a0b49	Update 'README.md'	2022-06-09 11:30:02 +00:00
Gyorgy Berenyi	34bf0dd843	Update 'README.md'	2022-06-09 11:26:05 +00:00
Gyorgy Berenyi	ca09176aba	Update 'README.md'	2022-06-09 11:25:43 +00:00
Gyorgy Berenyi	9e74344b0e	Add 'README.md'	2022-06-09 11:21:42 +00:00
gyurix	9e588d156d	Implement proxy protocol into haproxy configuration	2022-06-01 20:59:19 +00:00
gyurix	7f33c6400b	Correcting nginx_config_create script and the domain.sample skeleton json	2022-05-31 15:47:45 +00:00
gyurix	cd807f16dc	Implementing LOCAL_ALLOWED_NETWORK in NGINX proxy location definitions at all. Added domain.sample skeleton file also.	2022-05-31 12:55:26 +00:00
gyurix	5cdffeaee6	Implementing proxy pathes in nginx config generate	2022-05-27 10:10:31 +00:00
gyurix	86a72657a4	Change default client max body size in nginx conf and implemented MAX_BODY_SIZE variable	2022-05-11 10:18:47 +00:00
gyurix	e86a62f2e8	Correcting event of self signed certitifacte create	2022-05-06 05:45:58 +00:00
gyurix	8ccc13a9e6	Fixing few mistype in ngnix config create script	2022-05-06 05:33:59 +00:00
gyurix	89e2b9203d	Coorecting the letsencrypt image name in letsencrypt.json file.	2022-05-05 16:29:30 +00:00
gyurix	b707133107	Added server alias values to nginx proxy config.	2022-05-03 19:32:50 +00:00
Berenyi Gyorgy	95bb030193	Minor bugfix in template json.	2022-04-09 11:40:54 +02:00
gyurix	8b7b1b5f12	Inserting letsencrypt service name variable, and correcting proxy variables and public (actually smarthost) proxy service file.	2022-04-03 20:12:29 +00:00
gyurix	9bba9f7494	Creating "new_certificate" file in case self signed certificate created	2022-03-29 10:00:05 +00:00
Gyorgy Berenyi	34fd63927b	Update 'scripts/scheduler.sh' Simplifying scheduler process to three options and their sub processes options	2022-03-29 07:28:00 +00:00
gyurix	3194573e2e	Adding letsencyt json for manage depend service helping	2022-03-28 09:16:08 +00:00
gyurix	f21a253ad0	Correcting inotify watched directories path	2022-03-28 09:11:24 +00:00
gyurix	ef6b1d7495	Correcting docker run command and other parameters within	2022-03-26 14:52:22 +00:00
gyurix	6618dfbd1b	Missed proxy.json file merge Merge remote-tracking branch 'refs/remotes/origin/master'	2022-03-26 14:31:26 +00:00
gyurix	ac7efbb918	Docker registry url mistype	2022-03-26 14:30:13 +00:00
				`@@ -0,0 +1 @@`
				`awk '/-----BEGIN CERTIFICATE-----/ {show=1} /-----END CERTIFICATE-----/ {show=1} show {print}' keys/$ovpn.crt >> result`