nginx/nginx.sh

#!/usr/bin/env bash
unset backup_port addurl adddomains
clear

# Fill in the following variables
eff_email_address=

appname=

subdomain=
domain=
adddomains=()

host=
port=
backup_port=


if [ ${subdomain} ]
then
    url=${subdomain}.${domain}
else
    url=${domain}
fi

for i in ${adddomains[@]}
do
    addurl+=(${subdomain}.${i})
done

sudo rm -f /etc/nginx/conf.d/${appname}.conf

if [ ${backup_port} ]
then
    sudo tee /etc/nginx/conf.d/${appname}.conf >/dev/null <<- conf
upstream ${appname} {
    server ${host}:${port};

    server 127.0.0.1:${backup_port} backup;
}

conf
else
    sudo tee /etc/nginx/conf.d/${appname}.conf >/dev/null <<- conf
upstream ${appname} {
    server ${host}:${port};
}

conf
fi

sudo tee -a /etc/nginx/conf.d/${appname}.conf >/dev/null <<- conf
server {
    server_name ${url};
    include local/http_upgrade;

    location / {
        proxy_pass http://${appname};
        include local/proxy_params;

        error_log  /var/log/nginx/${appname}_error.log;
        access_log /var/log/nginx/${appname}_access.log;
    }
}

conf

sudo certbot --nginx --non-interactive --agree-tos --no-eff-email -m ${eff_email_address} -d ${url} \
    --staple-ocsp --hsts --no-redirect
    
for url in ${addurl[@]}
do
    sudo tee -a /etc/nginx/conf.d/${appname}.conf >/dev/null <<- conf
server {
    server_name ${url};
    include local/http_upgrade;

    location / {
        proxy_pass http://${appname};
        include local/proxy_params;

        error_log  /var/log/nginx/${appname}_error.log;
        access_log /var/log/nginx/${appname}_access.log;
    }
}

conf

    sudo certbot --nginx --non-interactive --agree-tos --no-eff-email -m ${eff_email_address} -d ${url} \
        --staple-ocsp --hsts --no-redirect
done

sudo sed -e '/listen 80/d' \
    -e '/listen 443/a\
    listen 443 quic;\
    listen [::]:443 ssl;\
    listen [::]:443 quic;\
' -i /etc/nginx/conf.d/${appname}.conf 
sudo systemctl reload nginx.service