Add SWAG (Secure Web Application Gateway)

tools/include/markdown/SWAG01-header.md

@@ -0,0 +1,19 @@
+SWAG - Secure Web Application Gateway sets up an Nginx webserver and reverse proxy with php support and a built-in certbot client that automates free SSL server certificate generation and renewal processes (Let's Encrypt). It also contains fail2ban for intrusion prevention.
+
+After entering required information, your server will have auto updating SSL secured website! To this website you can attach several services, for example: https://my.server.com/netdata will run [Netdata](https://www.netdata.cloud/) instance.
+
+=== "Requirements"
+
+    - this computer port 80 and 443 must be open to the internet
+    - your domain name (myserver.mydomain.com) DNS server should point to your router WAN address
+    - make sure to set additional .htpasswd username and password as you don't want to expose your services without password
+
+=== "Directories"
+
+    - Config directory: `/armbian/swag/config/`
+    - Website root folder: `/armbian/swag/config/www/`
+    - Reverse proxy configuration samples: `/armbian/swag/config/nginx/proxy-confs/`
+
+=== "Advanced setup"
+
+    - Please follow this comprehensive guide: <https://github.com/linuxserver/docker-swag>

tools/json/config.software.json

@@ -4,6 +4,53 @@
             "id": "Software",
             "description": "Run/Install 3rd party applications",
             "sub": [
+                {
+                    "id": "WebHosting",
+                    "description": "Web hosting",
+                    "status": "Stable",
+                    "sub": [
+                        {
+                            "id": "SWAG01",
+                            "description": "SWAG reverse proxy install",
+                            "command": [
+                                "module_swag install"
+                            ],
+                            "status": "Stable",
+                            "author": "@armbian",
+                            "condition": "! module_swag status"
+                        },
+                        {
+                            "id": "SWAG02",
+                            "description": "SWAG reverse proxy .htpasswd set",
+                            "command": [
+                                "module_swag password"
+                            ],
+                            "status": "Stable",
+                            "author": "@armbian",
+                            "condition": "module_swag status"
+                        },
+                        {
+                            "id": "SWAG03",
+                            "description": "SWAG reverse proxy remove",
+                            "command": [
+                                "module_swag remove"
+                            ],
+                            "status": "Stable",
+                            "author": "@armbian",
+                            "condition": "module_swag status"
+                        },
+                        {
+                            "id": "SWAG04",
+                            "description": "SWAG reverse proxy purge data folder",
+                            "command": [
+                                "module_swag purge"
+                            ],
+                            "status": "Stable",
+                            "author": "@igorpecovnik",
+                            "condition": "! module_swag status && [[ -d \"${SOFTWARE_FOLDER}/swag\" ]]"
+                        }
+                    ]
+                },
                 {
                     "id": "Desktops",
                     "description": "Desktop Environments",

tools/modules/software/install_swag.sh

@@ -0,0 +1,111 @@
+module_options+=(
+	["module_swag,author"]="@igorpecovnik"
+	["module_swag,feature"]="module_swag"
+	["module_swag,desc"]="Example module unattended interface."
+	["module_swag,example"]="install remove purge status password help"
+	["module_swag,status"]="Active"
+)
+
+function module_swag() {
+	local title="swag"
+	local condition=$(which "$title" 2>/dev/null)
+
+	if pkg_installed docker-ce; then
+		local container=$(docker container ls -a | mawk '/swag?( |$)/{print $1}')
+		local image=$(docker image ls -a | mawk '/swag?( |$)/{print $3}')
+	fi
+
+	local commands
+	IFS=' ' read -r -a commands <<< "${module_options["module_swag,example"]}"
+
+	SWAG_BASE="${SOFTWARE_FOLDER}/swag"
+
+	case "$1" in
+		"${commands[0]}")
+			SWAG_URL=$(dialog --title \
+			"Secure Web Application Gateway URL?" \
+			--inputbox "\nExamples: myhome.domain.org (port 80 and 443 must be exposed to internet)" \
+			8 80 "" 3>&1 1>&2 2>&3);
+
+			if [[ ${SWAG_URL} && $? -eq 0 ]]; then
+
+				# adjust hostname
+				hostnamectl set-hostname $(echo ${SWAG_URL} | sed -E 's/^\s*.*:\/\///g')
+				# install docker
+				pkg_installed docker-ce || install_docker
+				# add additional bridge where containers see each other
+				docker network create lsio 2> /dev/null
+
+				[[ -d "$SWAG_BASE" ]] || mkdir -p "$SWAG_BASE" || { echo "Couldn't create storage directory: $SWAG_BASE"; exit 1; }
+
+				docker run -d \
+				--name=swag \
+				--cap-add=NET_ADMIN \
+				--net=lsio \
+				-e PUID=1000 \
+				-e PGID=1000 \
+				-e TZ="$(cat /etc/timezone)" \
+				-e URL="${SWAG_URL}" \
+				-e VALIDATION=http \
+				-p 443:443 \
+				-p 80:80 \
+				-v "${SWAG_BASE}/config:/config" \
+				--restart unless-stopped \
+				lscr.io/linuxserver/swag
+				for i in $(seq 1 20); do
+					if docker inspect -f '{{ index .Config.Labels "build_version" }}' swag >/dev/null 2>&1 ; then
+						break
+					else
+						sleep 3
+					fi
+					if [ $i -eq 20 ] ; then
+						echo -e "\nTimed out waiting for ${title} to start, consult your container logs for more info (\`docker logs swag\`)"
+						exit 1
+					fi
+				done
+				# set password
+				${module_options["module_swag,feature"]} ${commands[4]}
+			else
+				show_message <<< "Entering fully qualified domain name is required!"
+			fi
+		;;
+		"${commands[1]}")
+			[[ "${container}" ]] && docker container rm -f "$container" >/dev/null
+			[[ "${image}" ]] && docker image rm "$image" >/dev/null
+		;;
+		"${commands[2]}")
+			[[ -n "${SWAG_BASE}" && "${SWAG_BASE}" != "/" ]] && rm -rf "${SWAG_BASE}"
+		;;
+		"${commands[3]}")
+			if [[ "${container}" && "${image}" ]]; then
+				return 0
+			else
+				return 1
+			fi
+		;;
+		"${commands[4]}")
+			SWAG_USER=$($DIALOG --title "Secure webserver with .htaccess username and password" \
+			--inputbox "\nHit enter for USERNAME defaults" 9 70 "armbian" 3>&1 1>&2 2>&3)
+			SWAG_PASSWORD=$($DIALOG --title "Enter new password for ${SWAG_USER}" \
+			--inputbox "\nHit enter for auto generated password" 9 70 "$(tr -dc 'A-Za-z0-9=' < /dev/urandom | head -c 10)" 3>&1 1>&2 2>&3)
+			if [[ "${SWAG_USER}" && "${SWAG_PASSWORD}" ]]; then
+				docker exec -it swag htpasswd -b -c /config/nginx/.htpasswd ${SWAG_USER} ${SWAG_PASSWORD} >/dev/null 2>&1
+				docker restart ${container} >/dev/null
+			fi
+		;;
+		"${commands[5]}")
+			echo -e "\nUsage: ${module_options["module_swag,feature"]} <command>"
+			echo -e "Commands:  ${module_options["module_swag,example"]}"
+			echo "Available commands:"
+			echo -e "\tinstall\t- Install $title."
+			echo -e "\tremove\t- Remove $title."
+			echo -e "\tpurge\t- Purge $title data folder."
+			echo -e "\tpassword\t- Set .htaccess password for $title."
+			echo -e "\tstatus\t- Installation status $title."
+			echo
+		;;
+		*)
+			${module_options["module_swag,feature"]} ${commands[5]}
+		;;
+	esac
+}