ai-workspace-infra/gitops
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
codex/implement-xcontrol-docker-playbook
gitops/scripts/netcheck.sh
Haitao Pan fae2d7b4d7 playbooks: add mail stack, firewall, and nodejs deployment 
Mail Stack Deployment:
- playbooks/deploy_mail_stack.yml: Complete mail server with chasquid + dovecot + firewall
  * Deploys chasquid SMTP server
  * Deploys dovecot IMAP server
  * Includes firewall configuration
  * Email test with swaks
  * Configurable domain, certificates, DKIM

- playbooks/deploy_mail_firewall.yml: Standalone firewall deployment
  * Just the firewall role
  * For servers that only need firewall rules
  * Customizable via variables

Node.js Deployment:
- playbooks/deploy_nodejs_vhosts.yml: Node.js runtime for vhosts
  * Installs Node.js 20.x from NodeSource
  * Configurable version and packages
  * Can install additional global npm packages
  * Supports Yarn installation

Inventory:
- playbooks/inventory.ini: Updated inventory file
  * Mail server and nodejs host groups
  * Example configuration

Scripts:
- scripts/netcheck.sh: Network connectivity check script

All playbooks:
- Use become: yes for privilege escalation
- Include comprehensive variable documentation
- Support customization via vars
- Include security best practices

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
2025-11-10 20:54:38 +08:00

63 lines
1.8 KiB
Bash
Raw Permalink Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

#!/usr/bin/env bash
# netcheck.sh — Diagnose DNS / TLS / Route problems for a given target
TARGET=${1:-fonts.gstatic.com} # 默认检测 fonts.gstatic.com也可自定义
PROXY=${https_proxy:-""}
if [ -z "$1" ]; then
echo "Usage: $0 <domain>"
echo "Example: $0 accounts.google.com"
echo
echo "No argument supplied, using default target: $TARGET"
fi
echo "=== 🌐 Network Diagnostic for $TARGET ==="
echo "Time: $(date)"
echo
echo "1⃣ Checking DNS resolution..."
dig +short "$TARGET" || nslookup "$TARGET"
echo
IP=$(dig +short "$TARGET" | grep -m1 -Eo '([0-9]{1,3}\.){3}[0-9]{1,3}')
if [ -z "$IP" ]; then
echo "❌ DNS failed — cannot resolve $TARGET"
exit 1
fi
echo "✅ DNS OK → $TARGET resolved to $IP"
echo
echo "2⃣ Checking basic connectivity..."
ping -c 3 -W 2 "$IP" >/dev/null 2>&1 && echo "✅ Ping reachable ($IP)" || echo "⚠️ Ping not reachable (may be ICMP blocked)"
echo
echo "3⃣ Checking route path..."
traceroute -m 15 -w 2 "$IP" || echo "⚠️ Traceroute failed — possibly blocked or proxied"
echo
echo "4⃣ Testing HTTPS handshake (TLS)..."
if [ -n "$PROXY" ]; then
echo "Using proxy: $PROXY"
fi
curl -v --connect-timeout 10 -4 -I "https://$TARGET" 2>&1 | egrep "Trying|Connected|SSL|error|subject|issuer|HTTP"
RC=$?
echo
if [ $RC -eq 0 ]; then
echo "✅ TLS handshake successful — outbound HTTPS working"
else
echo "❌ TLS handshake failed — outbound 443 likely filtered or intercepted"
fi
echo
echo "5⃣ Summary:"
if [ $RC -ne 0 ]; then
echo "→ Problem most likely in:"
echo " • DNS (if Step 1 failed)"
echo " • Firewall/Proxy (if Step 2/3 OK but Step 4 fails)"
echo " • TLS interception (if Step 4 shows certificate mismatch)"
else
echo "✅ Everything looks fine — network path and TLS normal"
fi
Reference in New Issue View Git Blame Copy Permalink