nginx/nginx.sh

#!/usr/bin/env bash
unset backup_port addurl adddomains
set -e
clear

# Fill in the following variables
eff_email_address=          # eg, eff@web.com
appname=                    # eg, nextcloud
subdomain=                  # eg, cloud
domain=                     # eg, web.com
adddomains=()               # eg, web2.com web3.comf
host=                       # eg, 127.0.0.1
port=                       # eg, 65000
backup_port=                # eg, 65000 (defaults to localhost 127.0.0.1 as host)

# Grab URL
if [ ${subdomain} ]
then
    url=${subdomain}.${domain}
else
    url=${domain}
fi

# Grab URLs for extra domains
for add in ${adddomains[@]}
do
    addurl+=(${subdomain}.${add})
done

# Figure out nginx conf directory
if grep -q 'include.*conf.d' /etc/nginx/nginx.conf
then
    nginxdir=conf.d
elif grep -q 'include.*sites-enabled' /etc/nginx/nginx.conf
then
    nginxdir=sites-available
    sudo ln -s -f /etc/nginx/sites-available/${appname}.conf /etc/nginx/sites-enabled/
else
    echo "Missing nginx directory, exiting..."
    exit 1
fi

# Add backup directive to nginx.conf if supplied
if [ ${backup_port} ]
then
    sudo tee /etc/nginx/${nginxdir}/${appname}.conf >/dev/null <<- conf
	upstream ${appname} {
	    server ${host}:${port};

	    server 127.0.0.1:${backup_port} backup;
	}

	conf
else
    sudo tee /etc/nginx/${nginxdir}/${appname}.conf >/dev/null <<- conf
	upstream ${appname} {
	    server ${host}:${port};
	}

	conf
fi

# Nginx
sudo tee -a /etc/nginx/${nginxdir}/${appname}.conf >/dev/null <<- conf
server {
    server_name ${url};
    include http_upgrade;

    location / {
        proxy_pass http://${appname};
        include proxy_params;

        error_log  /var/log/nginx/${appname}_error.log;
        access_log /var/log/nginx/${appname}_access.log;
    }
}

conf

# Certbot
sudo certbot --nginx --non-interactive --agree-tos --no-eff-email --staple-ocsp --hsts --no-redirect \
    --email ${eff_email_address} \
    --domain ${url}

# Add extra domains
for url in ${addurl[@]}
do
    sudo tee -a /etc/nginx/${nginxdir}/${appname}.conf >/dev/null <<- conf
	server {
	    server_name ${url};
	    include http_upgrade;

	    location / {
	        proxy_pass http://${appname};
	        include proxy_params;

	        error_log  /var/log/nginx/${appname}_error.log;
	        access_log /var/log/nginx/${appname}_access.log;
	    }
	}

	conf

    # Certbot
    sudo certbot --nginx --non-interactive --agree-tos --no-eff-email --staple-ocsp --hsts --no-redirect \
        --email ${eff_email_address} \
        --domain ${url}
done

# Add http2 and http3 directives
sudo sed -e '/listen 80/d' \
    -e '/listen 443/a\
    listen 443 quic;\
    listen [::]:443 ssl;\
    listen [::]:443 quic;\
' -i /etc/nginx/${nginxdir}/${appname}.conf 
sudo systemctl reload nginx.service
First commit 2024-06-14 07:14:42 +00:00			`#!/usr/bin/env bash`
Update nginx.sh 2024-12-02 08:41:11 +00:00			`unset backup_port addurl adddomains`
Update nginx.sh 2025-01-09 22:45:52 +00:00			`set -e`
Update nginx.sh 2024-12-02 08:41:11 +00:00			`clear`
First commit 2024-06-14 07:14:42 +00:00
			`# Fill in the following variables`
Update nginx.sh 2025-01-09 22:45:52 +00:00			`eff_email_address= # eg, eff@web.com`
			`appname= # eg, nextcloud`
			`subdomain= # eg, cloud`
			`domain= # eg, web.com`
			`adddomains=() # eg, web2.com web3.comf`
			`host= # eg, 127.0.0.1`
			`port= # eg, 65000`
			`backup_port= # eg, 65000 (defaults to localhost 127.0.0.1 as host)`

			`# Grab URL`
Update nginx.sh 2024-12-02 08:41:11 +00:00			`if [ ${subdomain} ]`
First commit 2024-06-14 07:14:42 +00:00			`then`
Update nginx.sh 2024-12-02 08:41:11 +00:00			`url=${subdomain}.${domain}`
			`else`
			`url=${domain}`
			`fi`

Update nginx.sh 2025-01-09 22:45:52 +00:00			`# Grab URLs for extra domains`
			`for add in ${adddomains[@]}`
Update nginx.sh 2024-12-02 08:41:11 +00:00			`do`
Update nginx.sh 2025-01-09 22:45:52 +00:00			`addurl+=(${subdomain}.${add})`
Update nginx.sh 2024-12-02 08:41:11 +00:00			`done`

Update nginx.sh 2025-01-09 22:45:52 +00:00			`# Figure out nginx conf directory`
			`if grep -q 'include.*conf.d' /etc/nginx/nginx.conf`
			`then`
Update nginx.sh 2025-03-13 08:50:08 +00:00			`nginxdir=conf.d`
			`elif grep -q 'include.*sites-enabled' /etc/nginx/nginx.conf`
Update nginx.sh 2025-01-09 22:45:52 +00:00			`then`
Update nginx.sh 2025-03-13 08:50:08 +00:00			`nginxdir=sites-available`
Update nginx.sh 2025-01-09 22:45:52 +00:00			`sudo ln -s -f /etc/nginx/sites-available/${appname}.conf /etc/nginx/sites-enabled/`
			`else`
			`echo "Missing nginx directory, exiting..."`
			`exit 1`
			`fi`
Update nginx.sh 2024-12-02 08:41:11 +00:00
Update nginx.sh 2025-01-09 22:45:52 +00:00			`# Add backup directive to nginx.conf if supplied`
Update nginx.sh 2024-12-02 08:41:11 +00:00			`if [ ${backup_port} ]`
			`then`
Update nginx.sh 2025-01-09 22:45:52 +00:00			`sudo tee /etc/nginx/${nginxdir}/${appname}.conf >/dev/null <<- conf`
			`upstream ${appname} {`
			`server ${host}:${port};`
Update nginx.sh 2024-12-02 08:41:11 +00:00
Update nginx.sh 2025-01-09 22:45:52 +00:00			`server 127.0.0.1:${backup_port} backup;`
			`}`
Update nginx.sh 2024-12-02 08:41:11 +00:00
Update nginx.sh 2025-01-09 22:45:52 +00:00			`conf`
Update nginx.sh 2024-12-02 08:41:11 +00:00			`else`
Update nginx.sh 2025-01-09 22:45:52 +00:00			`sudo tee /etc/nginx/${nginxdir}/${appname}.conf >/dev/null <<- conf`
			`upstream ${appname} {`
Update nginx.sh 2025-03-13 09:06:15 +00:00			`server ${host}:${port};`
Update nginx.sh 2025-01-09 22:45:52 +00:00			`}`
Update nginx.sh 2024-12-02 08:41:11 +00:00
Update nginx.sh 2025-01-09 22:45:52 +00:00			`conf`
First commit 2024-06-14 07:14:42 +00:00			`fi`

Update nginx.sh 2025-01-09 22:45:52 +00:00			`# Nginx`
			`sudo tee -a /etc/nginx/${nginxdir}/${appname}.conf >/dev/null <<- conf`
First commit 2024-06-14 07:14:42 +00:00			`server {`
			`server_name ${url};`
Update nginx.sh 2025-01-09 22:45:52 +00:00			`include http_upgrade;`
First commit 2024-06-14 07:14:42 +00:00
			`location / {`
Update nginx.sh 2024-12-02 08:41:11 +00:00			`proxy_pass http://${appname};`
Update nginx.sh 2025-01-09 22:45:52 +00:00			`include proxy_params;`
First commit 2024-06-14 07:14:42 +00:00
			`error_log /var/log/nginx/${appname}_error.log;`
			`access_log /var/log/nginx/${appname}_access.log;`
			`}`
			`}`
Update nginx.sh 2024-12-02 08:41:11 +00:00
First commit 2024-06-14 07:14:42 +00:00			`conf`

Update nginx.sh 2025-01-09 22:45:52 +00:00			`# Certbot`
			`sudo certbot --nginx --non-interactive --agree-tos --no-eff-email --staple-ocsp --hsts --no-redirect \`
			`--email ${eff_email_address} \`
			`--domain ${url}`

			`# Add extra domains`
Update nginx.sh 2024-12-02 08:41:11 +00:00			`for url in ${addurl[@]}`
			`do`
Update nginx.sh 2025-01-09 22:45:52 +00:00			`sudo tee -a /etc/nginx/${nginxdir}/${appname}.conf >/dev/null <<- conf`
			`server {`
			`server_name ${url};`
			`include http_upgrade;`

			`location / {`
			`proxy_pass http://${appname};`
			`include proxy_params;`

			`error_log /var/log/nginx/${appname}_error.log;`
			`access_log /var/log/nginx/${appname}_access.log;`
			`}`
			`}`

			`conf`

			`# Certbot`
			`sudo certbot --nginx --non-interactive --agree-tos --no-eff-email --staple-ocsp --hsts --no-redirect \`
			`--email ${eff_email_address} \`
			`--domain ${url}`
Update nginx.sh 2024-12-02 08:41:11 +00:00			`done`
First commit 2024-06-14 07:14:42 +00:00
Update nginx.sh 2025-01-09 22:45:52 +00:00			`# Add http2 and http3 directives`
Update nginx.sh 2024-12-02 08:41:11 +00:00			`sudo sed -e '/listen 80/d' \`
			`-e '/listen 443/a\`
			`listen 443 quic;\`
			`listen [::]:443 ssl;\`
			`listen [::]:443 quic;\`
Update nginx.sh 2025-01-09 22:45:52 +00:00			`' -i /etc/nginx/${nginxdir}/${appname}.conf`
			`sudo systemctl reload nginx.service`