From 9eb885e581e127ccae1ff9d0ea8d4620ecf701a3 Mon Sep 17 00:00:00 2001
From: myve <myve@noreply.git.myvelabs.com>
Date: Thu, 9 Jan 2025 22:45:52 +0000
Subject: [PATCH] Update nginx.sh

---
 nginx.sh | 124 +++++++++++++++++++++++++++++++------------------------
 1 file changed, 71 insertions(+), 53 deletions(-)

diff --git a/nginx.sh b/nginx.sh
index 89cc6e9..d31b42d 100644
--- a/nginx.sh
+++ b/nginx.sh
@@ -1,21 +1,19 @@
 #!/usr/bin/env bash
 unset backup_port addurl adddomains
+set -e
 clear
 
 # Fill in the following variables
-eff_email_address=
-
-appname=
-
-subdomain=
-domain=
-adddomains=()
-
-host=
-port=
-backup_port=
-
+eff_email_address=          # eg, eff@web.com
+appname=                    # eg, nextcloud
+subdomain=                  # eg, cloud
+domain=                     # eg, web.com
+adddomains=()               # eg, web2.com web3.comf
+host=                       # eg, 127.0.0.1
+port=                       # eg, 65000
+backup_port=                # eg, 65000 (defaults to localhost 127.0.0.1 as host)
 
+# Grab URL
 if [ ${subdomain} ]
 then
     url=${subdomain}.${domain}
@@ -23,40 +21,54 @@ else
     url=${domain}
 fi
 
-for i in ${adddomains[@]}
+# Grab URLs for extra domains
+for add in ${adddomains[@]}
 do
-    addurl+=(${subdomain}.${i})
+    addurl+=(${subdomain}.${add})
 done
 
-sudo rm -f /etc/nginx/conf.d/${appname}.conf
-
-if [ ${backup_port} ]
+# Figure out nginx conf directory
+if grep -q 'include.*conf.d' /etc/nginx/nginx.conf
 then
-    sudo tee /etc/nginx/conf.d/${appname}.conf >/dev/null <<- conf
-upstream ${appname} {
-    server ${host}:${port};
-
-    server 127.0.0.1:${backup_port} backup;
-}
-
-conf
+    nginxdir=/etc/nginx/conf.d
+elif grep -q 'include.*sites-available' /etc/nginx/nginx.conf
+then
+    nginxdir=/etc/nginx/sites-available
+    sudo ln -s -f /etc/nginx/sites-available/${appname}.conf /etc/nginx/sites-enabled/
 else
-    sudo tee /etc/nginx/conf.d/${appname}.conf >/dev/null <<- conf
-upstream ${appname} {
-    server ${host}:${port};
-}
-
-conf
+    echo "Missing nginx directory, exiting..."
+    exit 1
 fi
 
-sudo tee -a /etc/nginx/conf.d/${appname}.conf >/dev/null <<- conf
+# Add backup directive to nginx.conf if supplied
+if [ ${backup_port} ]
+then
+    sudo tee /etc/nginx/${nginxdir}/${appname}.conf >/dev/null <<- conf
+	upstream ${appname} {
+	    server ${host}:${port};
+
+	    server 127.0.0.1:${backup_port} backup;
+	}
+
+	conf
+else
+    sudo tee /etc/nginx/${nginxdir}/${appname}.conf >/dev/null <<- conf
+	upstream ${appname} {
+        server ${host}:${port};
+	}
+
+	conf
+fi
+
+# Nginx
+sudo tee -a /etc/nginx/${nginxdir}/${appname}.conf >/dev/null <<- conf
 server {
     server_name ${url};
-    include local/http_upgrade;
+    include http_upgrade;
 
     location / {
         proxy_pass http://${appname};
-        include local/proxy_params;
+        include proxy_params;
 
         error_log  /var/log/nginx/${appname}_error.log;
         access_log /var/log/nginx/${appname}_access.log;
@@ -65,35 +77,41 @@ server {
 
 conf
 
-sudo certbot --nginx --non-interactive --agree-tos --no-eff-email -m ${eff_email_address} -d ${url} \
-    --staple-ocsp --hsts --no-redirect
-    
+# Certbot
+sudo certbot --nginx --non-interactive --agree-tos --no-eff-email --staple-ocsp --hsts --no-redirect \
+    --email ${eff_email_address} \
+    --domain ${url}
+
+# Add extra domains
 for url in ${addurl[@]}
 do
-    sudo tee -a /etc/nginx/conf.d/${appname}.conf >/dev/null <<- conf
-server {
-    server_name ${url};
-    include local/http_upgrade;
+    sudo tee -a /etc/nginx/${nginxdir}/${appname}.conf >/dev/null <<- conf
+	server {
+	    server_name ${url};
+	    include http_upgrade;
 
-    location / {
-        proxy_pass http://${appname};
-        include local/proxy_params;
+	    location / {
+	        proxy_pass http://${appname};
+	        include proxy_params;
 
-        error_log  /var/log/nginx/${appname}_error.log;
-        access_log /var/log/nginx/${appname}_access.log;
-    }
-}
+	        error_log  /var/log/nginx/${appname}_error.log;
+	        access_log /var/log/nginx/${appname}_access.log;
+	    }
+	}
 
-conf
+	conf
 
-    sudo certbot --nginx --non-interactive --agree-tos --no-eff-email -m ${eff_email_address} -d ${url} \
-        --staple-ocsp --hsts --no-redirect
+    # Certbot
+    sudo certbot --nginx --non-interactive --agree-tos --no-eff-email --staple-ocsp --hsts --no-redirect \
+        --email ${eff_email_address} \
+        --domain ${url}
 done
 
+# Add http2 and http3 directives
 sudo sed -e '/listen 80/d' \
     -e '/listen 443/a\
     listen 443 quic;\
     listen [::]:443 ssl;\
     listen [::]:443 quic;\
-' -i /etc/nginx/conf.d/${appname}.conf 
-sudo systemctl reload nginx.service
+' -i /etc/nginx/${nginxdir}/${appname}.conf 
+sudo systemctl reload nginx.service
\ No newline at end of file