mirror of
https://git.myvelabs.com/lab/nginx.git
synced 2025-12-17 21:26:13 +00:00
117 lines
No EOL
2.7 KiB
Bash
117 lines
No EOL
2.7 KiB
Bash
#!/usr/bin/env bash
|
|
unset backup_port addurl adddomains
|
|
set -e
|
|
clear
|
|
|
|
# Fill in the following variables
|
|
eff_email_address= # eg, eff@web.com
|
|
appname= # eg, nextcloud
|
|
subdomain= # eg, cloud
|
|
domain= # eg, web.com
|
|
adddomains=() # eg, web2.com web3.comf
|
|
host= # eg, 127.0.0.1
|
|
port= # eg, 65000
|
|
backup_port= # eg, 65000 (defaults to localhost 127.0.0.1 as host)
|
|
|
|
# Grab URL
|
|
if [ ${subdomain} ]
|
|
then
|
|
url=${subdomain}.${domain}
|
|
else
|
|
url=${domain}
|
|
fi
|
|
|
|
# Grab URLs for extra domains
|
|
for add in ${adddomains[@]}
|
|
do
|
|
addurl+=(${subdomain}.${add})
|
|
done
|
|
|
|
# Figure out nginx conf directory
|
|
if grep -q 'include.*conf.d' /etc/nginx/nginx.conf
|
|
then
|
|
nginxdir=conf.d
|
|
elif grep -q 'include.*sites-enabled' /etc/nginx/nginx.conf
|
|
then
|
|
nginxdir=sites-available
|
|
sudo ln -s -f /etc/nginx/sites-available/${appname}.conf /etc/nginx/sites-enabled/
|
|
else
|
|
echo "Missing nginx directory, exiting..."
|
|
exit 1
|
|
fi
|
|
|
|
# Add backup directive to nginx.conf if supplied
|
|
if [ ${backup_port} ]
|
|
then
|
|
sudo tee /etc/nginx/${nginxdir}/${appname}.conf >/dev/null <<- conf
|
|
upstream ${appname} {
|
|
server ${host}:${port};
|
|
|
|
server 127.0.0.1:${backup_port} backup;
|
|
}
|
|
|
|
conf
|
|
else
|
|
sudo tee /etc/nginx/${nginxdir}/${appname}.conf >/dev/null <<- conf
|
|
upstream ${appname} {
|
|
server ${host}:${port};
|
|
}
|
|
|
|
conf
|
|
fi
|
|
|
|
# Nginx
|
|
sudo tee -a /etc/nginx/${nginxdir}/${appname}.conf >/dev/null <<- conf
|
|
server {
|
|
server_name ${url};
|
|
include http_upgrade;
|
|
|
|
location / {
|
|
proxy_pass http://${appname};
|
|
include proxy_params;
|
|
|
|
error_log /var/log/nginx/${appname}_error.log;
|
|
access_log /var/log/nginx/${appname}_access.log;
|
|
}
|
|
}
|
|
|
|
conf
|
|
|
|
# Certbot
|
|
sudo certbot --nginx --non-interactive --agree-tos --no-eff-email --staple-ocsp --hsts --no-redirect \
|
|
--email ${eff_email_address} \
|
|
--domain ${url}
|
|
|
|
# Add extra domains
|
|
for url in ${addurl[@]}
|
|
do
|
|
sudo tee -a /etc/nginx/${nginxdir}/${appname}.conf >/dev/null <<- conf
|
|
server {
|
|
server_name ${url};
|
|
include http_upgrade;
|
|
|
|
location / {
|
|
proxy_pass http://${appname};
|
|
include proxy_params;
|
|
|
|
error_log /var/log/nginx/${appname}_error.log;
|
|
access_log /var/log/nginx/${appname}_access.log;
|
|
}
|
|
}
|
|
|
|
conf
|
|
|
|
# Certbot
|
|
sudo certbot --nginx --non-interactive --agree-tos --no-eff-email --staple-ocsp --hsts --no-redirect \
|
|
--email ${eff_email_address} \
|
|
--domain ${url}
|
|
done
|
|
|
|
# Add http2 and http3 directives
|
|
sudo sed -e '/listen 80/d' \
|
|
-e '/listen 443/a\
|
|
listen 443 quic;\
|
|
listen [::]:443 ssl;\
|
|
listen [::]:443 quic;\
|
|
' -i /etc/nginx/${nginxdir}/${appname}.conf
|
|
sudo systemctl reload nginx.service |