mirror of
https://git.myvelabs.com/lab/nginx.git
synced 2025-12-17 21:26:13 +00:00
Update nginx.sh
This commit is contained in:
myve
parent
08ea8f1a14
commit
9eb885e581
1 changed files with 71 additions and 53 deletions
124
nginx.sh
124
nginx.sh
|
|
@ -1,21 +1,19 @@
|
|||
#!/usr/bin/env bash
|
||||
unset backup_port addurl adddomains
|
||||
set -e
|
||||
clear
|
||||
|
||||
# Fill in the following variables
|
||||
eff_email_address=
|
||||
|
||||
appname=
|
||||
|
||||
subdomain=
|
||||
domain=
|
||||
adddomains=()
|
||||
|
||||
host=
|
||||
port=
|
||||
backup_port=
|
||||
|
||||
eff_email_address= # eg, eff@web.com
|
||||
appname= # eg, nextcloud
|
||||
subdomain= # eg, cloud
|
||||
domain= # eg, web.com
|
||||
adddomains=() # eg, web2.com web3.comf
|
||||
host= # eg, 127.0.0.1
|
||||
port= # eg, 65000
|
||||
backup_port= # eg, 65000 (defaults to localhost 127.0.0.1 as host)
|
||||
|
||||
# Grab URL
|
||||
if [ ${subdomain} ]
|
||||
then
|
||||
url=${subdomain}.${domain}
|
||||
|
|
@ -23,40 +21,54 @@ else
|
|||
url=${domain}
|
||||
fi
|
||||
|
||||
for i in ${adddomains[@]}
|
||||
# Grab URLs for extra domains
|
||||
for add in ${adddomains[@]}
|
||||
do
|
||||
addurl+=(${subdomain}.${i})
|
||||
addurl+=(${subdomain}.${add})
|
||||
done
|
||||
|
||||
sudo rm -f /etc/nginx/conf.d/${appname}.conf
|
||||
|
||||
if [ ${backup_port} ]
|
||||
# Figure out nginx conf directory
|
||||
if grep -q 'include.*conf.d' /etc/nginx/nginx.conf
|
||||
then
|
||||
sudo tee /etc/nginx/conf.d/${appname}.conf >/dev/null <<- conf
|
||||
upstream ${appname} {
|
||||
server ${host}:${port};
|
||||
|
||||
server 127.0.0.1:${backup_port} backup;
|
||||
}
|
||||
|
||||
conf
|
||||
nginxdir=/etc/nginx/conf.d
|
||||
elif grep -q 'include.*sites-available' /etc/nginx/nginx.conf
|
||||
then
|
||||
nginxdir=/etc/nginx/sites-available
|
||||
sudo ln -s -f /etc/nginx/sites-available/${appname}.conf /etc/nginx/sites-enabled/
|
||||
else
|
||||
sudo tee /etc/nginx/conf.d/${appname}.conf >/dev/null <<- conf
|
||||
upstream ${appname} {
|
||||
server ${host}:${port};
|
||||
}
|
||||
|
||||
conf
|
||||
echo "Missing nginx directory, exiting..."
|
||||
exit 1
|
||||
fi
|
||||
|
||||
sudo tee -a /etc/nginx/conf.d/${appname}.conf >/dev/null <<- conf
|
||||
# Add backup directive to nginx.conf if supplied
|
||||
if [ ${backup_port} ]
|
||||
then
|
||||
sudo tee /etc/nginx/${nginxdir}/${appname}.conf >/dev/null <<- conf
|
||||
upstream ${appname} {
|
||||
server ${host}:${port};
|
||||
|
||||
server 127.0.0.1:${backup_port} backup;
|
||||
}
|
||||
|
||||
conf
|
||||
else
|
||||
sudo tee /etc/nginx/${nginxdir}/${appname}.conf >/dev/null <<- conf
|
||||
upstream ${appname} {
|
||||
server ${host}:${port};
|
||||
}
|
||||
|
||||
conf
|
||||
fi
|
||||
|
||||
# Nginx
|
||||
sudo tee -a /etc/nginx/${nginxdir}/${appname}.conf >/dev/null <<- conf
|
||||
server {
|
||||
server_name ${url};
|
||||
include local/http_upgrade;
|
||||
include http_upgrade;
|
||||
|
||||
location / {
|
||||
proxy_pass http://${appname};
|
||||
include local/proxy_params;
|
||||
include proxy_params;
|
||||
|
||||
error_log /var/log/nginx/${appname}_error.log;
|
||||
access_log /var/log/nginx/${appname}_access.log;
|
||||
|
|
@ -65,35 +77,41 @@ server {
|
|||
|
||||
conf
|
||||
|
||||
sudo certbot --nginx --non-interactive --agree-tos --no-eff-email -m ${eff_email_address} -d ${url} \
|
||||
--staple-ocsp --hsts --no-redirect
|
||||
|
||||
# Certbot
|
||||
sudo certbot --nginx --non-interactive --agree-tos --no-eff-email --staple-ocsp --hsts --no-redirect \
|
||||
--email ${eff_email_address} \
|
||||
--domain ${url}
|
||||
|
||||
# Add extra domains
|
||||
for url in ${addurl[@]}
|
||||
do
|
||||
sudo tee -a /etc/nginx/conf.d/${appname}.conf >/dev/null <<- conf
|
||||
server {
|
||||
server_name ${url};
|
||||
include local/http_upgrade;
|
||||
sudo tee -a /etc/nginx/${nginxdir}/${appname}.conf >/dev/null <<- conf
|
||||
server {
|
||||
server_name ${url};
|
||||
include http_upgrade;
|
||||
|
||||
location / {
|
||||
proxy_pass http://${appname};
|
||||
include local/proxy_params;
|
||||
location / {
|
||||
proxy_pass http://${appname};
|
||||
include proxy_params;
|
||||
|
||||
error_log /var/log/nginx/${appname}_error.log;
|
||||
access_log /var/log/nginx/${appname}_access.log;
|
||||
}
|
||||
}
|
||||
error_log /var/log/nginx/${appname}_error.log;
|
||||
access_log /var/log/nginx/${appname}_access.log;
|
||||
}
|
||||
}
|
||||
|
||||
conf
|
||||
conf
|
||||
|
||||
sudo certbot --nginx --non-interactive --agree-tos --no-eff-email -m ${eff_email_address} -d ${url} \
|
||||
--staple-ocsp --hsts --no-redirect
|
||||
# Certbot
|
||||
sudo certbot --nginx --non-interactive --agree-tos --no-eff-email --staple-ocsp --hsts --no-redirect \
|
||||
--email ${eff_email_address} \
|
||||
--domain ${url}
|
||||
done
|
||||
|
||||
# Add http2 and http3 directives
|
||||
sudo sed -e '/listen 80/d' \
|
||||
-e '/listen 443/a\
|
||||
listen 443 quic;\
|
||||
listen [::]:443 ssl;\
|
||||
listen [::]:443 quic;\
|
||||
' -i /etc/nginx/conf.d/${appname}.conf
|
||||
sudo systemctl reload nginx.service
|
||||
' -i /etc/nginx/${nginxdir}/${appname}.conf
|
||||
sudo systemctl reload nginx.service
|
||||
Loading…
Add table
Add a link
Reference in a new issue