#!/bin/bash # Comprehensive deployment verification script # Run this on the VPS after setup to verify all services and configurations set -e echo "==========================================" echo "SSLH Multiplex Lab - Deployment Verification" echo "==========================================" echo "" echo "=== 1. System Information ===" echo "Hostname: $(hostname)" echo "IP Address: $(hostname -I | awk '{print $1}')" echo "Uptime: $(uptime -p)" echo "" echo "=== 2. User Accounts ===" echo "demouser exists: $(id demouser >/dev/null 2>&1 && echo 'YES' || echo 'NO')" echo "testuser exists: $(id testuser >/dev/null 2>&1 && echo 'YES' || echo 'NO')" echo "" echo "=== 3. SSH Service ===" if systemctl is-active --quiet sshd; then echo "SSH service: RUNNING" systemctl status sshd --no-pager -l | head -5 else echo "SSH service: NOT RUNNING" systemctl status sshd --no-pager -l || true fi echo "SSH listening on port 22: $(ss -tlnp | grep ':22 ' && echo 'YES' || echo 'NO')" echo "" echo "=== 4. Nginx Service ===" if systemctl is-active --quiet nginx; then echo "Nginx service: RUNNING" systemctl status nginx --no-pager -l | head -5 else echo "Nginx service: NOT RUNNING" systemctl status nginx --no-pager -l || true fi echo "Nginx listening on port 8444: $(ss -tlnp | grep ':8444 ' && echo 'YES' || echo 'NO')" echo "Nginx listening on port 80: $(ss -tlnp | grep ':80 ' && echo 'YES' || echo 'NO')" echo "" echo "=== 5. Nginx Configuration ===" if [ -f /etc/nginx/sites-available/sslh-proxy ]; then echo "sslh-proxy config: EXISTS" echo "Config file size: $(wc -l < /etc/nginx/sites-available/sslh-proxy) lines" if [ -L /etc/nginx/sites-enabled/sslh-proxy ]; then echo "sslh-proxy config: ENABLED" else echo "sslh-proxy config: NOT ENABLED (symlink missing)" fi else echo "sslh-proxy config: MISSING" fi if [ -f /etc/nginx/sites-available/acme-challenge ]; then echo "acme-challenge config: EXISTS" if [ -L /etc/nginx/sites-enabled/acme-challenge ]; then echo "acme-challenge config: ENABLED" else echo "acme-challenge config: NOT ENABLED (symlink missing)" fi else echo "acme-challenge config: MISSING" fi echo "Default nginx configs removed:" [ -f /etc/nginx/sites-enabled/default ] && echo " WARNING: default still exists" || echo " OK: default removed" [ -f /etc/nginx/sites-enabled/000-default ] && echo " WARNING: 000-default still exists" || echo " OK: 000-default removed" [ -f /etc/nginx/conf.d/default.conf ] && echo " WARNING: conf.d/default.conf still exists" || echo " OK: conf.d/default.conf removed" echo "" echo "=== 6. Nginx Configuration Test ===" if nginx -t 2>&1; then echo "Nginx configuration: VALID" else echo "Nginx configuration: INVALID" fi echo "" echo "=== 7. SSLH Service ===" if systemctl is-active --quiet sslh; then echo "SSLH service: RUNNING" systemctl status sslh --no-pager -l | head -10 else echo "SSLH service: NOT RUNNING" echo "SSLH status:" systemctl status sslh --no-pager -l || true echo "" echo "Recent SSLH logs:" journalctl -u sslh -n 20 --no-pager || true fi echo "SSLH listening on port 443: $(ss -tlnp | grep ':443 ' && echo 'YES' || echo 'NO')" echo "" echo "=== 8. SSLH Configuration ===" if [ -f /etc/sslh.cfg ]; then echo "SSLH config file: EXISTS" echo "Config file size: $(wc -l < /etc/sslh.cfg) lines" echo "Config file contents:" cat /etc/sslh.cfg echo "" else echo "SSLH config file: MISSING" fi echo "" echo "=== 9. Let's Encrypt Certificates ===" if [ -d /etc/letsencrypt/live ]; then echo "Let's Encrypt directory: EXISTS" for domain_dir in /etc/letsencrypt/live/*/; do if [ -d "$domain_dir" ]; then domain=$(basename "$domain_dir") echo " Domain: $domain" if [ -f "$domain_dir/fullchain.pem" ]; then echo " fullchain.pem: EXISTS ($(stat -c%s "$domain_dir/fullchain.pem") bytes)" else echo " fullchain.pem: MISSING" fi if [ -f "$domain_dir/privkey.pem" ]; then echo " privkey.pem: EXISTS ($(stat -c%s "$domain_dir/privkey.pem") bytes)" else echo " privkey.pem: MISSING" fi fi done else echo "Let's Encrypt directory: NOT FOUND (using self-signed certificates)" fi echo "" echo "=== 10. Demo Page ===" if [ -d /var/www/demo ]; then echo "Demo directory: EXISTS" if [ -f /var/www/demo/index.html ]; then echo "Demo page: EXISTS" echo "Demo page content (first 5 lines):" head -5 /var/www/demo/index.html else echo "Demo page: MISSING" fi else echo "Demo directory: MISSING" fi echo "" echo "=== 11. Local Service Tests ===" echo "Testing HTTP (port 80):" if curl -s http://127.0.0.1:80/ 2>&1 | head -1; then echo " HTTP: RESPONDING" else echo " HTTP: NOT RESPONDING" fi echo "Testing HTTPS (port 8444):" if curl -k -s https://127.0.0.1:8444/ 2>&1 | head -1; then echo " HTTPS: RESPONDING" else echo " HTTPS: NOT RESPONDING" fi echo "Testing SSLH -> Nginx (port 443 -> 8444):" if timeout 2 bash -c '/dev/null; then echo " SSLH can reach Nginx: YES" else echo " SSLH can reach Nginx: NO (connection refused)" fi echo "" echo "=== 12. SMB Service ===" if systemctl is-active --quiet smbd 2>/dev/null || systemctl is-active --quiet samba 2>/dev/null; then echo "SMB service: RUNNING" else echo "SMB service: NOT RUNNING" fi echo "SMB listening on port 445: $(ss -tlnp | grep ':445 ' && echo 'YES' || echo 'NO')" echo "" echo "=== 13. Firewall (UFW) ===" if command -v ufw >/dev/null 2>&1; then echo "UFW status:" ufw status | head -10 else echo "UFW: NOT INSTALLED" fi echo "" echo "=== 14. Cloud-init Status ===" if [ -f /var/lib/cloud/instance/boot-finished ]; then echo "Cloud-init: COMPLETED" if [ -f /var/log/cloud-init.log ]; then echo "Last 10 lines of cloud-init.log:" tail -10 /var/log/cloud-init.log fi else echo "Cloud-init: STILL RUNNING" fi echo "" echo "=== 15. Listening Ports Summary ===" echo "All listening TCP ports:" ss -tlnp | grep LISTEN | awk '{print $4}' | sort -u echo "" echo "==========================================" echo "Verification Complete" echo "=========================================="