romfast/ROMFASTSQL
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Reorganize proxmox documentation into subdirectories per LXC/VM

Browse Source 
- Create cluster/ for Proxmox cluster infrastructure (SSH guide, HA monitor, UPS)
- Create lxc108-oracle/ for Oracle Database documentation and scripts
- Create vm201-windows/ for Windows 11 VM docs and SSL certificate scripts
- Add SSL certificate monitoring scripts (check-ssl-certificates.ps1, monitor-ssl-certificates.sh)
- Remove archived VM107 references (decommissioned)
- Update all cross-references between files
- Update main README.md with new structure and navigation

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
Marius
2026-01-27 17:02:49 +02:00
parent 1da4c2347c
commit 4d51d5b2d2
33 changed files with 954 additions and 593 deletions
Download Patch File Download Diff File Expand all files Collapse all files

104
proxmox/vm201-windows/scripts/check-ssl-certificates.ps1 Normal file
View File

@@ -0,0 +1,104 @@
# Script: check-ssl-certificates.ps1
# Locatie: D:\kit\ssl\check-ssl-certificates.ps1
# Scop: Verifica certificatele SSL IIS si forteaza reinstalarea daca expira in < 14 zile
# Rulare: Task Scheduler zilnic sau manual
param(
[int]$DaysBeforeExpiry = 14,
[switch]$Force,
[switch]$Verbose
)
$ErrorActionPreference = "Stop"
$LogFile = "C:\Tools\win-acme\ssl-check.log"
function Write-Log {
param([string]$Message)
$timestamp = Get-Date -Format "yyyy-MM-dd HH:mm:ss"
$logMessage = "[$timestamp] $Message"
Add-Content -Path $LogFile -Value $logMessage
if ($Verbose) { Write-Host $logMessage }
}
# Domenii de verificat
$domains = @(
@{ SiteId = 1; Domain = "roa.romfast.ro" },
@{ SiteId = 2; Domain = "dokploy.romfast.ro" },
@{ SiteId = 3; Domain = "gitea.romfast.ro" },
@{ SiteId = 4; Domain = "roa2web.romfast.ro" }
)
Write-Log "========== Verificare certificate SSL =========="
$renewedCount = 0
$errorCount = 0
foreach ($site in $domains) {
$domain = $site.Domain
$siteId = $site.SiteId
try {
# Verifica certificatul curent via HTTPS
$request = [System.Net.HttpWebRequest]::Create("https://$domain")
$request.AllowAutoRedirect = $false
$request.Timeout = 10000
$request.ServerCertificateValidationCallback = { $true }
try {
$response = $request.GetResponse()
$response.Close()
} catch [System.Net.WebException] {
# Ignoram erorile HTTP, ne intereseaza certificatul
}
$cert = $request.ServicePoint.Certificate
if ($null -eq $cert) {
Write-Log "EROARE: Nu s-a putut obtine certificatul pentru $domain"
$errorCount++
continue
}
$cert2 = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2 $cert
$expiryDate = $cert2.NotAfter
$daysLeft = ($expiryDate - (Get-Date)).Days
Write-Log "$domain - Expira: $expiryDate (inca $daysLeft zile)"
# Verifica daca trebuie reinnoirea
if ($daysLeft -lt $DaysBeforeExpiry -or $Force) {
Write-Log "ACTIUNE: Fortez reinstalare certificat pentru $domain (Site ID: $siteId)"
Push-Location "C:\Tools\win-acme"
$output = & .\wacs.exe --target iis --siteid $siteId --installation iis --force 2>&1
Pop-Location
if ($LASTEXITCODE -eq 0) {
Write-Log "SUCCES: Certificat reinstalat pentru $domain"
$renewedCount++
} else {
Write-Log "EROARE: Reinstalare esuata pentru $domain"
Write-Log $output
$errorCount++
}
}
} catch {
Write-Log "EXCEPTIE pentru ${domain}: $($_.Exception.Message)"
$errorCount++
}
}
# Restart IIS daca am reinoit certificate
if ($renewedCount -gt 0) {
Write-Log "Restart IIS..."
iisreset /restart | Out-Null
Write-Log "IIS restartat"
}
Write-Log "========== Sumar: $renewedCount reinnoite, $errorCount erori =========="
# Exit code pentru monitorizare
if ($errorCount -gt 0) {
exit 1
} else {
exit 0
}

157
proxmox/vm201-windows/scripts/monitor-ssl-certificates.sh Normal file
View File

@@ -0,0 +1,157 @@
#!/bin/bash
# Script: monitor-ssl-certificates.sh
# Locatie: /opt/scripts/monitor-ssl-certificates.sh (pe pvemini)
# Scop: Verifica certificatele SSL extern si alerteaza/forteaza reinstalare
# Rulare: Cron zilnic sau la cerere
set -e
# Configurare
DAYS_WARNING=14
DAYS_CRITICAL=7
LOG_FILE="/var/log/ssl-monitor.log"
EMAIL_TO="root" # Proxmox trimite la adresa configurata
# Domenii de verificat
DOMAINS=(
"roa.romfast.ro"
"dokploy.romfast.ro"
"gitea.romfast.ro"
"roa2web.romfast.ro"
)
# Site IDs pentru fiecare domeniu (in aceeasi ordine)
SITE_IDS=(1 2 3 4)
log() {
echo "[$(date '+%Y-%m-%d %H:%M:%S')] $1" | tee -a "$LOG_FILE"
}
check_certificate() {
local domain=$1
local expiry_date expiry_epoch now_epoch days_left
# Obtine data expirare
expiry_date=$(echo | openssl s_client -servername "$domain" -connect "$domain:443" 2>/dev/null | \
openssl x509 -noout -enddate 2>/dev/null | cut -d= -f2)
if [[ -z "$expiry_date" ]]; then
echo "-1"
return
fi
# Calculeaza zilele ramase
expiry_epoch=$(date -d "$expiry_date" +%s 2>/dev/null)
now_epoch=$(date +%s)
days_left=$(( (expiry_epoch - now_epoch) / 86400 ))
echo "$days_left"
}
force_renew_certificate() {
local site_id=$1
local domain=$2
log "Fortez reinstalare certificat pentru $domain (Site ID: $site_id)..."
# Executa pe VM 201 prin Proxmox guest agent
result=$(qm guest exec 201 -- powershell -Command \
"cd C:\\Tools\\win-acme; .\\wacs.exe --target iis --siteid $site_id --installation iis --force" 2>&1)
if echo "$result" | grep -q '"exitcode" : 0'; then
log "SUCCES: Certificat reinstalat pentru $domain"
return 0
else
log "EROARE: Reinstalare esuata pentru $domain"
log "$result"
return 1
fi
}
restart_iis() {
log "Restart IIS..."
qm guest exec 201 -- cmd /c "iisreset" >/dev/null 2>&1
log "IIS restartat"
}
send_alert() {
local subject=$1
local body=$2
# Foloseste sistemul de notificari Proxmox
if command -v pvesh &>/dev/null; then
echo "$body" | mail -s "$subject" "$EMAIL_TO" 2>/dev/null || true
fi
log "ALERT: $subject"
}
# Main
log "========== Verificare certificate SSL =========="
warnings=()
criticals=()
renewed=0
for i in "${!DOMAINS[@]}"; do
domain="${DOMAINS[$i]}"
site_id="${SITE_IDS[$i]}"
days_left=$(check_certificate "$domain")
if [[ "$days_left" == "-1" ]]; then
log "EROARE: Nu pot verifica $domain"
criticals+=("$domain: Nu pot obtine certificatul")
continue
fi
log "$domain: $days_left zile ramase"
if [[ $days_left -lt 0 ]]; then
criticals+=("$domain: EXPIRAT!")
# Forteaza reinstalare
if force_renew_certificate "$site_id" "$domain"; then
((renewed++))
fi
elif [[ $days_left -lt $DAYS_CRITICAL ]]; then
criticals+=("$domain: expira in $days_left zile")
# Forteaza reinstalare
if force_renew_certificate "$site_id" "$domain"; then
((renewed++))
fi
elif [[ $days_left -lt $DAYS_WARNING ]]; then
warnings+=("$domain: expira in $days_left zile")
# Forteaza reinstalare preventiv
if force_renew_certificate "$site_id" "$domain"; then
((renewed++))
fi
fi
done
# Restart IIS daca am reinoit
if [[ $renewed -gt 0 ]]; then
restart_iis
fi
# Trimite alerte
if [[ ${#criticals[@]} -gt 0 ]]; then
body="Certificate SSL CRITICE:\n\n"
for msg in "${criticals[@]}"; do
body+="- $msg\n"
done
body+="\nActiuni intreprinse: $renewed certificate reinstalate"
send_alert "[CRITICAL] Certificate SSL expirate/aproape de expirare" "$body"
fi
if [[ ${#warnings[@]} -gt 0 && ${#criticals[@]} -eq 0 ]]; then
body="Certificate SSL WARNING:\n\n"
for msg in "${warnings[@]}"; do
body+="- $msg\n"
done
body+="\nActiuni intreprinse: $renewed certificate reinstalate"
send_alert "[WARNING] Certificate SSL aproape de expirare" "$body"
fi
log "========== Sumar: $renewed reinstalate, ${#warnings[@]} warnings, ${#criticals[@]} critice =========="
exit 0