mirror of
https://git.myvelabs.com/lab/nginx.git
synced 2025-12-17 21:26:13 +00:00
Update nginx.sh
This commit is contained in:
myve
parent
08ea8f1a14
commit
9eb885e581
1 changed files with 71 additions and 53 deletions
124
nginx.sh
124
nginx.sh
|
|
@ -1,21 +1,19 @@
|
||||||
#!/usr/bin/env bash
|
#!/usr/bin/env bash
|
||||||
unset backup_port addurl adddomains
|
unset backup_port addurl adddomains
|
||||||
|
set -e
|
||||||
clear
|
clear
|
||||||
|
|
||||||
# Fill in the following variables
|
# Fill in the following variables
|
||||||
eff_email_address=
|
eff_email_address= # eg, eff@web.com
|
||||||
|
appname= # eg, nextcloud
|
||||||
appname=
|
subdomain= # eg, cloud
|
||||||
|
domain= # eg, web.com
|
||||||
subdomain=
|
adddomains=() # eg, web2.com web3.comf
|
||||||
domain=
|
host= # eg, 127.0.0.1
|
||||||
adddomains=()
|
port= # eg, 65000
|
||||||
|
backup_port= # eg, 65000 (defaults to localhost 127.0.0.1 as host)
|
||||||
host=
|
|
||||||
port=
|
|
||||||
backup_port=
|
|
||||||
|
|
||||||
|
|
||||||
|
# Grab URL
|
||||||
if [ ${subdomain} ]
|
if [ ${subdomain} ]
|
||||||
then
|
then
|
||||||
url=${subdomain}.${domain}
|
url=${subdomain}.${domain}
|
||||||
|
|
@ -23,40 +21,54 @@ else
|
||||||
url=${domain}
|
url=${domain}
|
||||||
fi
|
fi
|
||||||
|
|
||||||
for i in ${adddomains[@]}
|
# Grab URLs for extra domains
|
||||||
|
for add in ${adddomains[@]}
|
||||||
do
|
do
|
||||||
addurl+=(${subdomain}.${i})
|
addurl+=(${subdomain}.${add})
|
||||||
done
|
done
|
||||||
|
|
||||||
sudo rm -f /etc/nginx/conf.d/${appname}.conf
|
# Figure out nginx conf directory
|
||||||
|
if grep -q 'include.*conf.d' /etc/nginx/nginx.conf
|
||||||
if [ ${backup_port} ]
|
|
||||||
then
|
then
|
||||||
sudo tee /etc/nginx/conf.d/${appname}.conf >/dev/null <<- conf
|
nginxdir=/etc/nginx/conf.d
|
||||||
upstream ${appname} {
|
elif grep -q 'include.*sites-available' /etc/nginx/nginx.conf
|
||||||
server ${host}:${port};
|
then
|
||||||
|
nginxdir=/etc/nginx/sites-available
|
||||||
server 127.0.0.1:${backup_port} backup;
|
sudo ln -s -f /etc/nginx/sites-available/${appname}.conf /etc/nginx/sites-enabled/
|
||||||
}
|
|
||||||
|
|
||||||
conf
|
|
||||||
else
|
else
|
||||||
sudo tee /etc/nginx/conf.d/${appname}.conf >/dev/null <<- conf
|
echo "Missing nginx directory, exiting..."
|
||||||
upstream ${appname} {
|
exit 1
|
||||||
server ${host}:${port};
|
|
||||||
}
|
|
||||||
|
|
||||||
conf
|
|
||||||
fi
|
fi
|
||||||
|
|
||||||
sudo tee -a /etc/nginx/conf.d/${appname}.conf >/dev/null <<- conf
|
# Add backup directive to nginx.conf if supplied
|
||||||
|
if [ ${backup_port} ]
|
||||||
|
then
|
||||||
|
sudo tee /etc/nginx/${nginxdir}/${appname}.conf >/dev/null <<- conf
|
||||||
|
upstream ${appname} {
|
||||||
|
server ${host}:${port};
|
||||||
|
|
||||||
|
server 127.0.0.1:${backup_port} backup;
|
||||||
|
}
|
||||||
|
|
||||||
|
conf
|
||||||
|
else
|
||||||
|
sudo tee /etc/nginx/${nginxdir}/${appname}.conf >/dev/null <<- conf
|
||||||
|
upstream ${appname} {
|
||||||
|
server ${host}:${port};
|
||||||
|
}
|
||||||
|
|
||||||
|
conf
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Nginx
|
||||||
|
sudo tee -a /etc/nginx/${nginxdir}/${appname}.conf >/dev/null <<- conf
|
||||||
server {
|
server {
|
||||||
server_name ${url};
|
server_name ${url};
|
||||||
include local/http_upgrade;
|
include http_upgrade;
|
||||||
|
|
||||||
location / {
|
location / {
|
||||||
proxy_pass http://${appname};
|
proxy_pass http://${appname};
|
||||||
include local/proxy_params;
|
include proxy_params;
|
||||||
|
|
||||||
error_log /var/log/nginx/${appname}_error.log;
|
error_log /var/log/nginx/${appname}_error.log;
|
||||||
access_log /var/log/nginx/${appname}_access.log;
|
access_log /var/log/nginx/${appname}_access.log;
|
||||||
|
|
@ -65,35 +77,41 @@ server {
|
||||||
|
|
||||||
conf
|
conf
|
||||||
|
|
||||||
sudo certbot --nginx --non-interactive --agree-tos --no-eff-email -m ${eff_email_address} -d ${url} \
|
# Certbot
|
||||||
--staple-ocsp --hsts --no-redirect
|
sudo certbot --nginx --non-interactive --agree-tos --no-eff-email --staple-ocsp --hsts --no-redirect \
|
||||||
|
--email ${eff_email_address} \
|
||||||
|
--domain ${url}
|
||||||
|
|
||||||
|
# Add extra domains
|
||||||
for url in ${addurl[@]}
|
for url in ${addurl[@]}
|
||||||
do
|
do
|
||||||
sudo tee -a /etc/nginx/conf.d/${appname}.conf >/dev/null <<- conf
|
sudo tee -a /etc/nginx/${nginxdir}/${appname}.conf >/dev/null <<- conf
|
||||||
server {
|
server {
|
||||||
server_name ${url};
|
server_name ${url};
|
||||||
include local/http_upgrade;
|
include http_upgrade;
|
||||||
|
|
||||||
location / {
|
location / {
|
||||||
proxy_pass http://${appname};
|
proxy_pass http://${appname};
|
||||||
include local/proxy_params;
|
include proxy_params;
|
||||||
|
|
||||||
error_log /var/log/nginx/${appname}_error.log;
|
error_log /var/log/nginx/${appname}_error.log;
|
||||||
access_log /var/log/nginx/${appname}_access.log;
|
access_log /var/log/nginx/${appname}_access.log;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
conf
|
conf
|
||||||
|
|
||||||
sudo certbot --nginx --non-interactive --agree-tos --no-eff-email -m ${eff_email_address} -d ${url} \
|
# Certbot
|
||||||
--staple-ocsp --hsts --no-redirect
|
sudo certbot --nginx --non-interactive --agree-tos --no-eff-email --staple-ocsp --hsts --no-redirect \
|
||||||
|
--email ${eff_email_address} \
|
||||||
|
--domain ${url}
|
||||||
done
|
done
|
||||||
|
|
||||||
|
# Add http2 and http3 directives
|
||||||
sudo sed -e '/listen 80/d' \
|
sudo sed -e '/listen 80/d' \
|
||||||
-e '/listen 443/a\
|
-e '/listen 443/a\
|
||||||
listen 443 quic;\
|
listen 443 quic;\
|
||||||
listen [::]:443 ssl;\
|
listen [::]:443 ssl;\
|
||||||
listen [::]:443 quic;\
|
listen [::]:443 quic;\
|
||||||
' -i /etc/nginx/conf.d/${appname}.conf
|
' -i /etc/nginx/${nginxdir}/${appname}.conf
|
||||||
sudo systemctl reload nginx.service
|
sudo systemctl reload nginx.service
|
||||||
Loading…
Add table
Add a link
Reference in a new issue