Michael Schiemer
e30753ba0e
- Fix RedisCache driver to handle MGET failures gracefully with fallback - Add comprehensive discovery context comparison debug tools - Identify root cause: WEB context discovery missing 166 items vs CLI - WEB context missing RequestFactory class entirely (52 vs 69 commands) - Improved exception handling with detailed binding diagnostics
140 lines
4.4 KiB
Bash
Executable File
140 lines
4.4 KiB
Bash
Executable File
#!/bin/bash
|
|
|
|
#
|
|
# SSL Test Script for michaelschiemer.de
|
|
# Quick verification of SSL certificate and HTTPS connectivity
|
|
#
|
|
|
|
DOMAIN="michaelschiemer.de"
|
|
SERVER_IP="94.16.110.151"
|
|
|
|
# Colors
|
|
GREEN="\e[32m"
|
|
YELLOW="\e[33m"
|
|
RED="\e[31m"
|
|
BLUE="\e[34m"
|
|
RESET="\e[0m"
|
|
|
|
log_info() { echo -e "${BLUE}[INFO]${RESET} $1"; }
|
|
log_success() { echo -e "${GREEN}[SUCCESS]${RESET} $1"; }
|
|
log_warning() { echo -e "${YELLOW}[WARNING]${RESET} $1"; }
|
|
log_error() { echo -e "${RED}[ERROR]${RESET} $1"; }
|
|
|
|
echo "=== SSL Test for $DOMAIN ==="
|
|
echo
|
|
|
|
# Test 1: DNS Resolution
|
|
log_info "Testing DNS resolution..."
|
|
resolved_ip=$(dig +short "$DOMAIN" | head -1)
|
|
if [[ "$resolved_ip" == "$SERVER_IP" ]]; then
|
|
log_success "DNS: $DOMAIN → $resolved_ip ✓"
|
|
else
|
|
log_warning "DNS: $DOMAIN → $resolved_ip (expected: $SERVER_IP)"
|
|
fi
|
|
echo
|
|
|
|
# Test 2: Port Connectivity
|
|
log_info "Testing port connectivity..."
|
|
if nc -z "$DOMAIN" 443 2>/dev/null; then
|
|
log_success "Port 443: Accessible ✓"
|
|
else
|
|
log_error "Port 443: Not accessible ✗"
|
|
fi
|
|
|
|
if nc -z "$DOMAIN" 80 2>/dev/null; then
|
|
log_success "Port 80: Accessible ✓"
|
|
else
|
|
log_error "Port 80: Not accessible ✗"
|
|
fi
|
|
echo
|
|
|
|
# Test 3: HTTP to HTTPS Redirect
|
|
log_info "Testing HTTP to HTTPS redirect..."
|
|
http_response=$(curl -I -s "http://$DOMAIN" | head -1)
|
|
if echo "$http_response" | grep -q "301\|302"; then
|
|
log_success "HTTP Redirect: Working ✓"
|
|
curl -I -s "http://$DOMAIN" | grep -i "location:" || true
|
|
else
|
|
log_warning "HTTP Redirect: $http_response"
|
|
fi
|
|
echo
|
|
|
|
# Test 4: HTTPS Connection
|
|
log_info "Testing HTTPS connection..."
|
|
if curl -sSf "https://$DOMAIN" > /dev/null 2>&1; then
|
|
log_success "HTTPS Connection: Working ✓"
|
|
else
|
|
log_error "HTTPS Connection: Failed ✗"
|
|
log_info "Trying with --insecure flag..."
|
|
if curl -sSf --insecure "https://$DOMAIN" > /dev/null 2>&1; then
|
|
log_warning "HTTPS works with --insecure (certificate issue)"
|
|
else
|
|
log_error "HTTPS completely broken"
|
|
fi
|
|
fi
|
|
echo
|
|
|
|
# Test 5: SSL Certificate Details
|
|
log_info "Checking SSL certificate..."
|
|
cert_info=$(echo | openssl s_client -servername "$DOMAIN" -connect "$DOMAIN:443" 2>/dev/null | openssl x509 -noout -text 2>/dev/null)
|
|
|
|
if [[ -n "$cert_info" ]]; then
|
|
echo "Certificate Details:"
|
|
echo | openssl s_client -servername "$DOMAIN" -connect "$DOMAIN:443" 2>/dev/null | openssl x509 -noout -dates 2>/dev/null
|
|
|
|
# Check if Let's Encrypt
|
|
if echo "$cert_info" | grep -q "Let's Encrypt"; then
|
|
log_success "Certificate: Let's Encrypt ✓"
|
|
else
|
|
log_warning "Certificate: Not Let's Encrypt (might be self-signed)"
|
|
fi
|
|
|
|
# Check expiration
|
|
exp_date=$(echo | openssl s_client -servername "$DOMAIN" -connect "$DOMAIN:443" 2>/dev/null | openssl x509 -noout -enddate 2>/dev/null | cut -d= -f2)
|
|
if [[ -n "$exp_date" ]]; then
|
|
exp_timestamp=$(date -d "$exp_date" +%s 2>/dev/null || echo "")
|
|
current_timestamp=$(date +%s)
|
|
if [[ -n "$exp_timestamp" ]] && [[ $exp_timestamp -gt $current_timestamp ]]; then
|
|
days_left=$(( (exp_timestamp - current_timestamp) / 86400 ))
|
|
if [[ $days_left -gt 30 ]]; then
|
|
log_success "Certificate Expiry: $days_left days remaining ✓"
|
|
else
|
|
log_warning "Certificate Expiry: $days_left days remaining (renew soon)"
|
|
fi
|
|
else
|
|
log_error "Certificate: Expired or invalid ✗"
|
|
fi
|
|
fi
|
|
else
|
|
log_error "Could not retrieve certificate information"
|
|
fi
|
|
echo
|
|
|
|
# Test 6: SSL Labs Grade (optional, requires internet)
|
|
log_info "SSL Labs test available at:"
|
|
echo "https://www.ssllabs.com/ssltest/analyze.html?d=$DOMAIN"
|
|
echo
|
|
|
|
# Test 7: Framework Health Check
|
|
log_info "Testing framework health endpoint..."
|
|
health_status=$(curl -s -o /dev/null -w "%{http_code}" "https://$DOMAIN/ping" 2>/dev/null)
|
|
if [[ "$health_status" == "200" ]]; then
|
|
log_success "Framework Health: OK ✓"
|
|
elif [[ "$health_status" == "404" ]]; then
|
|
log_warning "Framework Health: Endpoint not found (might be disabled)"
|
|
else
|
|
log_error "Framework Health: HTTP $health_status ✗"
|
|
fi
|
|
|
|
# Summary
|
|
echo
|
|
echo "=== Test Summary ==="
|
|
echo "Domain: $DOMAIN"
|
|
echo "Target IP: $SERVER_IP"
|
|
echo
|
|
echo "Next steps if issues found:"
|
|
echo "1. Check DNS: dig +short $DOMAIN"
|
|
echo "2. Check firewall: nmap -p 80,443 $DOMAIN"
|
|
echo "3. Check containers: ssh deploy@$SERVER_IP 'docker compose ps'"
|
|
echo "4. Check nginx logs: ssh deploy@$SERVER_IP 'docker compose logs web'"
|
|
echo "5. Regenerate SSL: ./setup-production-ssl.sh" |