Last active
September 15, 2024 20:23
-
-
Save AliKhadivi/f8fdb21fa7039c90a1711bc36e59577d to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # ---------------------------------- | |
| # Colors | |
| # ---------------------------------- | |
| NC='\033[0m' | |
| RED='\033[0;31m' | |
| GREEN='\033[0;32m' | |
| ORANGE='\033[0;33m' | |
| BLUE='\033[0;34m' | |
| PURPLE='\033[0;35m' | |
| CYAN='\033[0;36m' | |
| LIGHTGRAY='\033[0;37m' | |
| DARKGRAY='\033[1;30m' | |
| LIGHTRED='\033[1;31m' | |
| LIGHTGREEN='\033[1;32m' | |
| YELLOW='\033[1;33m' | |
| LIGHTBLUE='\033[1;34m' | |
| LIGHTPURPLE='\033[1;35m' | |
| LIGHTCYAN='\033[1;36m' | |
| WHITE='\033[1;37m' | |
| LINE="${YELLOW}|${NC}" | |
| ARROW="${CYAN}->${NC}" | |
| echo -e "${LINE}${ORANGE} ----------------------------------------------- ${NC}${LINE}" | |
| echo -e "${LINE}${ORANGE} ${GREEN}Welcome to Jalgo Nginx config creator${NC} ${NC}${LINE}" | |
| echo -e "${LINE}${ORANGE} ${BLUE}Version:${NC} ${CYAN}3.3.0${NC} ${NC}${LINE}" | |
| echo -e "${LINE}${ORANGE} ${PURPLE}POWERED BY JALGO.IR ( Ali Khadivi )${NC} ${NC}${LINE}" | |
| echo -e "${LINE}${ORANGE} ----------------------------------------------- ${NC}${LINE}" | |
| echo "" | |
| echo -e " ${PURPLE}Lets GO${NC} ${ARROW}" | |
| echo "" | |
| if [[ "$EUID" -ne 0 ]]; then | |
| echo -e "${RED}Please run as root${NC}" | |
| exit 1 | |
| fi | |
| if ! [ -x "$(command -v nginx)" ]; then | |
| echo -e "${RED}Nginx is not installed!${NC}" | |
| echo -e "${BLUE}Use this command for install Nginx:${NC}" | |
| echo "sudo apt update && sudo apt install nginx -y" | |
| exit 1 | |
| fi | |
| # Define the main directory | |
| MAIN_DIR="/etc/cert-manager/" | |
| DHPARAM_FILE="${MAIN_DIR}ssl-dhparams.pem" | |
| OPTIONS_FILE="${MAIN_DIR}options-ssl-nginx.conf" | |
| check_certbot() { | |
| if ! [ -x "$(command -v certbot)" ]; then | |
| echo -e "${RED}Certbot is not installed!${NC}" | |
| echo -e "${BLUE}Use this command for install Certbot:${NC}" | |
| echo "sudo snap install certbot --classic" | |
| exit 1 | |
| fi | |
| } | |
| # Define a function to display the help message | |
| display_help() { | |
| echo -e "${YELLOW}Usage:${NC} $0 ${GREEN}-d|--domain <domain>${NC} ${GREEN}-t|--type <config_type (proxy/static/redirect)>${NC} ${ORANGE}[--www]${NC} ${ORANGE}[-s|--ssl <ssl_type (none/auto/lcustom/custom/cert-manager)>]${NC} ${ORANGE}[-P|--ssl-private-key <file>]${NC} ${ORANGE}[-C|--ssl-certificate <file>]${NC} ${ORANGE}[-D|--ssl-domain <domain>]${NC} ${ORANGE}[-u|--url <redirect-url>]${NC} ${ORANGE}[-i|--ip <proxy_ip>]${NC} ${ORANGE}[-p|--port <proxy_port>]${NC} ${BLUE}[--init]${NC} ${BLUE}[-h|--help]${NC}" | |
| echo "" | |
| echo -e "${YELLOW}Options:${NC}" | |
| echo -e " ${GREEN}-d, --domain <domain>${NC} Specify the main domain for the Nginx configuration." | |
| echo -e " ${GREEN}-t, --type <config_type>${NC} Specify the type of configuration (proxy/static/redirect)." | |
| echo -e " ${ORANGE}--www${NC} Include this flag to enable www subdomain setup." | |
| echo -e " ${ORANGE}-s, --ssl <ssl_type>${NC} Specify the SSL type (none/auto/lcustom/custom/cert-manager)." | |
| echo -e " ${ORANGE}-P, --ssl-private-key <file>${NC} Specify the file path to the SSL private key." | |
| echo -e " ${ORANGE}-C, --ssl-certificate <file>${NC} Specify the file path to the SSL certificate." | |
| echo -e " ${ORANGE}-D, --ssl-domain <domain>${NC} Specify a custom SSL domain (used with 'lcustom' or 'cert-manager' SSL type)." | |
| echo -e " ${ORANGE}-u, --url <redirect-url>${NC} Specify the URL for redirection (used with 'redirect' config type)." | |
| echo -e " ${ORANGE}-i, --ip <ip>${NC} Specify the reverse proxy IP (used with 'proxy' config type)." | |
| echo -e " ${ORANGE}-p, --port <port>${NC} Specify the reverse proxy port (used with 'proxy' config type)." | |
| echo -e " ${ORANGE}-b, --backend-port <port>${NC} Specify the reverse proxy port of backend server (optional option and only./ used with 'proxy' config type)." | |
| echo -e " ${BLUE}--init <dhparam-size>${NC} Initialaize. (Default size: 2048)" | |
| echo -e " ${BLUE}-h, --help${NC} Display this help message and exit." | |
| echo "" | |
| echo -e "${YELLOW}Example usages:${NC}" | |
| echo " $0 --init" | |
| echo " $0 -d example.com -t proxy --www -s auto -i 127.0.0.1 -p 8080" | |
| echo " $0 -d mywebsite.com -t static" | |
| echo " $0 -d example.com -t redirect -u https://newdomain.com" | |
| echo " $0 -d example.com -t proxy -s lcustom -D customdomain.com -i 192.168.1.100 -p 8888" | |
| } | |
| setup_check() { | |
| # Check if the main directory exists, and if not, create it | |
| if [ ! -d "$MAIN_DIR" ]; then | |
| echo -e " ${RED}You must initialize the program with the --init parameter before using it.${NC}" | |
| echo -e " ${BLUE}Please Run this command:${NC}" | |
| echo -e "$0 --init" | |
| exit 1 | |
| fi | |
| # Check if the dhparam file exists, and if not, generate it | |
| if [ ! -f "$DHPARAM_FILE" ]; then | |
| echo -e " ${RED}You must initialize the program with the --init parameter before using it.${NC}" | |
| echo -e " ${BLUE}Please Run this command:${NC}" | |
| echo -e "$0 --init" | |
| exit 1 | |
| fi | |
| # Check if the options file exists, and if not, create it | |
| if [ ! -f "$OPTIONS_FILE" ]; then | |
| echo -e " ${RED}You must initialize the program with the --init parameter before using it.${NC}" | |
| echo -e " ${BLUE}Please Run this command:${NC}" | |
| echo -e "$0 --init" | |
| exit 1 | |
| fi | |
| echo -e " ${GREEN}Program initialize detected.${NC}" | |
| } | |
| setup_configs() { | |
| # Define the main directory | |
| MAIN_DIR="/etc/cert-manager/" | |
| DHPARAM_FILE="${MAIN_DIR}ssl-dhparams.pem" | |
| OPTIONS_FILE="${MAIN_DIR}options-ssl-nginx.conf" | |
| # Check if the main directory exists, and if not, create it | |
| if [ ! -d "$MAIN_DIR" ]; then | |
| echo -e "${ARROW} ${LIGHTGREEN}Creating${NC} ${MAIN_DIR}..." | |
| sudo mkdir -p "$MAIN_DIR" | |
| echo -e "${LIGHTGREEN}Certificate Manager directory created.${NC}" | |
| fi | |
| # Check if the dhparam file exists, and if not, generate it | |
| if [ ! -f "$DHPARAM_FILE" ]; then | |
| echo -e "${ARROW} ${LIGHTGREEN}Generating${NC} ${DHPARAM_FILE}..." | |
| openssl dhparam -out "$DHPARAM_FILE" ${dhparam_size:-2048} | |
| echo -e "${LIGHTGREEN}DHParam file generated.${NC}" | |
| fi | |
| # Check if the options file exists, and if not, create it | |
| if [ ! -f "$OPTIONS_FILE" ]; then | |
| echo -e "${ARROW} ${LIGHTGREEN}Creating${NC} ${OPTIONS_FILE}..." | |
| cat <<EOL > "$OPTIONS_FILE" | |
| ssl_session_cache shared:le_nginx_SSL:10m; | |
| ssl_session_timeout 1440m; | |
| ssl_session_tickets off; | |
| ssl_protocols TLSv1.2 TLSv1.3; | |
| ssl_prefer_server_ciphers off; | |
| ssl_ciphers "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384"; | |
| ssl_dhparam $DHPARAM_FILE; | |
| EOL | |
| echo -e "${LIGHTGREEN}Options file created.${NC}" | |
| fi | |
| echo -e "${ARROW} ${LIGHTGREEN}Setup completed.${NC}" | |
| } | |
| # Default Params | |
| ip=127.0.0.1 | |
| port=8080 | |
| config_type=static | |
| ssl_type=none | |
| dhparam_size=2048 | |
| while [[ $# -gt 0 ]]; do | |
| key="$1" | |
| case $key in | |
| -d|--domain) | |
| maindomain="$2" | |
| shift # past argument | |
| shift # past value | |
| ;; | |
| -t|--type) | |
| config_type="$2" | |
| shift # past argument | |
| shift # past value | |
| ;; | |
| --www) | |
| www="yes" | |
| shift # past argument | |
| ;; | |
| -s|--ssl) | |
| ssl_type="$2" | |
| shift # past argument | |
| shift # past value | |
| ;; | |
| -P|--ssl-private-key) | |
| ssl_certificate_key="$2" | |
| shift # past argument | |
| shift # past value | |
| ;; | |
| -C|--ssl-certificate) | |
| ssl_certificate="$2" | |
| shift # past argument | |
| shift # past value | |
| ;; | |
| -D|--cert-manager) | |
| ssl_domain="$2" | |
| shift # past argument | |
| shift # past value | |
| ;; | |
| -u|--url) | |
| redirect_path="$2" | |
| shift # past argument | |
| shift # past value | |
| ;; | |
| -i|--ip) | |
| ip="$2" | |
| shift # past argument | |
| shift # past value | |
| ;; | |
| -p|--port) | |
| port="$2" | |
| shift # past argument | |
| shift # past value | |
| ;; | |
| -b|--backend-port) # New backend port option | |
| backend_port="$2" | |
| shift # past argument | |
| shift # past value | |
| ;; | |
| --init) | |
| dhparam_size="$2" | |
| setup_configs | |
| exit 0 | |
| ;; | |
| -h|--help) | |
| display_help | |
| exit 0 | |
| ;; | |
| *) | |
| # unknown option | |
| echo -e "${RED}Unknown option:${NC} ${1}" | |
| exit 1 | |
| ;; | |
| esac | |
| done | |
| setup_check | |
| if [ -z "$maindomain" ]; then | |
| display_help | |
| exit 1 | |
| fi | |
| if [[ ${www,,} == "yes" ]]; then | |
| server_name="${maindomain} www.${maindomain}" | |
| certbot="-d ${maindomain} -d www.${maindomain}" | |
| else | |
| server_name="${maindomain}" | |
| certbot="-d ${maindomain}" | |
| fi | |
| if [[ ${config_type,,} == "proxy" ]]; then | |
| ip=${ip:-127.0.0.1} | |
| config_data="${BLUE}Reverse proxy address:${NC} ${CYAN}http://${ip}:${port}${NC}" | |
| location_config=$(echo " | |
| proxy_pass http://${ip}:${port}; | |
| proxy_set_header Host \$host; | |
| proxy_set_header X-Real-IP \$remote_addr; | |
| proxy_set_header X-Forwarded-Proto https; | |
| proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for; | |
| ### Optional options | |
| #proxy_set_header X-Forwarded-Port 443; | |
| #proxy_set_header Upgrade \$http_upgrade; | |
| #proxy_http_version 1.1; | |
| #proxy_buffering off; | |
| #proxy_read_timeout 90; | |
| #proxy_connect_timeout 90; | |
| #proxy_redirect off; | |
| ") | |
| if [ -n "$backend_port" ]; then | |
| backend_location_config=$(echo " | |
| location /api/ { | |
| client_max_body_size 100m; | |
| proxy_pass http://${ip}:${backend_port}; | |
| proxy_set_header Host \$host; | |
| proxy_set_header X-Real-IP \$remote_addr; | |
| proxy_set_header X-Forwarded-Proto https; | |
| proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for; | |
| ### Optional options | |
| #proxy_set_header X-Forwarded-Port 443; | |
| #proxy_set_header Upgrade \$http_upgrade; | |
| #proxy_http_version 1.1; | |
| #proxy_buffering off; | |
| #proxy_read_timeout 90; | |
| #proxy_connect_timeout 90; | |
| #proxy_redirect off; | |
| }") | |
| config_data="${BLUE}Reverse proxy address:${NC} ${CYAN}http://${ip}:${port}${NC} with backend port: ${backend_port}" | |
| fi | |
| elif [[ ${config_type,,} == "static" ]]; then | |
| if ! [[ -x $root_path ]]; then root_path="/var/www/$maindomain/"; fi | |
| config_data="${BLUE}location of directory:${NC} ${CYAN}${root_path}${NC}" | |
| root_config="root $root_path;" | |
| index_config="index index.html index.htm;" | |
| mkdir -p $root_path | |
| location_config=$( echo << EOF " | |
| try_files \$uri \$uri/ =404;" | |
| EOF | |
| ) | |
| elif [[ ${config_type,,} == "redirect" ]]; then | |
| config_data="${BLUE}Url for redirect:${NC} ${CYAN}${redirect_path}${NC}" | |
| location_config=$( echo << EOF " | |
| return 301 ${redirect_path};" | |
| EOF | |
| ) | |
| else | |
| echo -e "${RED}Bad input! Invalid config type:${NC} ${config_type,,}" | |
| exit 1 | |
| fi | |
| if [[ ${ssl_type,,} == "auto" ]]; then | |
| check_certbot | |
| ssl_data="${BLUE}SSL Type:${NC} ${CYAN}Automatic (Authomatic get ssl with certbot)${NC}" | |
| down_config=$( echo << EOF " | |
| listen 80; | |
| listen [::]:80; | |
| }" | |
| EOF | |
| ) | |
| elif [[ ${ssl_type,,} == "none" ]]; then | |
| ssl_data="${BLUE}SSL Type:${NC} ${CYAN}None${NC}" | |
| down_config=$( echo << EOF " | |
| listen 80; | |
| listen [::]:80; | |
| }" | |
| EOF | |
| ) | |
| elif [[ ${ssl_type,,} == "cert-manager" ]]; then | |
| if [ -z "$ssl_domain" ]; then | |
| ssl_domain="$(echo "$maindomain" | rev | cut -d'.' -f1,2 | rev)" | |
| fi | |
| ssl_certificate="/etc/cert-manager/certs.d/${ssl_domain}/certificate.pem" | |
| ssl_certificate_key="/etc/cert-manager/certs.d/${ssl_domain}/key.pem" | |
| ssl_data=$( echo << EOF "SSL: | |
| ${BLUE}location of SSL certificate:${NC} ${CYAN}$ssl_certificate${NC} | |
| ${BLUE}location of SSL certificate key:${NC} ${CYAN}$ssl_certificate_key${NC}" | |
| EOF | |
| ) | |
| if [[ ${www,,} == "yes" ]] | |
| then | |
| http_redirect=$( echo << EOF " | |
| if (\$host = www.${maindomain}) { | |
| return 301 https://\$host\$request_uri; | |
| } | |
| if (\$host = ${maindomain}) { | |
| return 301 https://\$host\$request_uri; | |
| } | |
| " | |
| EOF | |
| ) | |
| else | |
| http_redirect=$( echo << EOF " | |
| if (\$host = ${maindomain}) { | |
| return 301 https://\$host\$request_uri; | |
| } | |
| " | |
| EOF | |
| ) | |
| fi | |
| down_config=$( echo << EOF " | |
| listen 443 ssl; | |
| listen [::]:443 ssl; | |
| ssl_certificate $ssl_certificate; | |
| ssl_certificate_key $ssl_certificate_key; | |
| include /etc/cert-manager/options-ssl-nginx.conf; | |
| } | |
| server { | |
| listen 80; | |
| listen [::]:80; | |
| server_name $server_name; | |
| $http_redirect | |
| return 404; | |
| }" | |
| EOF | |
| ) | |
| elif [[ ${ssl_type,,} == "lcustom" ]]; then | |
| check_certbot | |
| if [ -z "$ssl_domain" ]; then | |
| ssl_domain="$(echo "$maindomain" | rev | cut -d'.' -f1,2 | rev)" | |
| fi | |
| ssl_certificate="/etc/letsencrypt/live/${ssl_domain}/fullchain.pem" | |
| ssl_certificate_key="/etc/letsencrypt/live/${ssl_domain}/privkey.pem" | |
| ssl_data=$( echo << EOF "SSL: | |
| ${BLUE}location of SSL certificate:${NC} ${CYAN}$ssl_certificate${NC} | |
| ${BLUE}location of SSL certificate key:${NC} ${CYAN}$ssl_certificate_key${NC}" | |
| EOF | |
| ) | |
| if [[ ${www,,} == "yes" ]] | |
| then | |
| http_redirect=$( echo << EOF " | |
| if (\$host = www.${maindomain}) { | |
| return 301 https://\$host\$request_uri; | |
| } | |
| if (\$host = ${maindomain}) { | |
| return 301 https://\$host\$request_uri; | |
| } | |
| " | |
| EOF | |
| ) | |
| else | |
| http_redirect=$( echo << EOF " | |
| if (\$host = ${maindomain}) { | |
| return 301 https://\$host\$request_uri; | |
| } | |
| " | |
| EOF | |
| ) | |
| fi | |
| down_config=$( echo << EOF " | |
| listen 443 ssl; | |
| listen [::]:443 ssl; | |
| ssl_certificate $ssl_certificate; | |
| ssl_certificate_key $ssl_certificate_key; | |
| include /etc/letsencrypt/options-ssl-nginx.conf; | |
| ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; | |
| } | |
| server { | |
| listen 80; | |
| listen [::]:80; | |
| server_name $server_name; | |
| $http_redirect | |
| return 404; | |
| }" | |
| EOF | |
| ) | |
| elif [[ ${ssl_type,,} == "custom" ]]; then | |
| ssl_data=$( echo << EOF "SSL: | |
| ${BLUE}location of SSL certificate:${NC} ${CYAN}$ssl_certificate${NC} | |
| ${BLUE}location of SSL certificate key:${NC} ${CYAN}$ssl_certificate_key${NC}" | |
| EOF | |
| ) | |
| if [[ ${www,,} == "yes" ]] | |
| then | |
| http_redirect=$( echo << EOF " | |
| if (\$host = www.${maindomain}) { | |
| return 301 https://\$host\$request_uri; | |
| } | |
| if (\$host = ${maindomain}) { | |
| return 301 https://\$host\$request_uri; | |
| } | |
| " | |
| EOF | |
| ) | |
| else | |
| http_redirect=$( echo << EOF " | |
| if (\$host = ${maindomain}) { | |
| return 301 https://\$host\$request_uri; | |
| } | |
| " | |
| EOF | |
| ) | |
| fi | |
| down_config=$( echo << EOF " | |
| listen 443 ssl; | |
| listen [::]:443 ssl; | |
| ssl_certificate $ssl_certificate; | |
| ssl_certificate_key $ssl_certificate_key; | |
| include /etc/cert-manager/options-ssl-nginx.conf; | |
| } | |
| server { | |
| listen 80; | |
| listen [::]:80; | |
| server_name $server_name; | |
| $http_redirect | |
| return 404; | |
| }" | |
| EOF | |
| ) | |
| else | |
| echo -e "${RED}Bad input! Invalid SSL type:${NC} ${ssl_type,,}" | |
| exit 1 | |
| fi | |
| echo "" | |
| echo -e "${BLUE}Domain:${NC} ${CYAN}${server_name}${NC}" | |
| echo -e "${config_data}" | |
| echo -e "${ssl_data}" | |
| echo "" | |
| config=$( echo << EOF "server { | |
| server_name $server_name; | |
| #client_max_body_size 0; | |
| ${index_config:-} | |
| ${root_config:-} | |
| ${backend_location_config:-} | |
| location / {$location_config | |
| } | |
| $down_config | |
| " | |
| EOF | |
| ) | |
| echo "$config" > "/etc/nginx/sites-available/$maindomain.conf" | |
| ln -s "/etc/nginx/sites-available/$maindomain.conf" "/etc/nginx/sites-enabled/$maindomain.conf" | |
| if nginx_out=$(nginx -t 2>&1); then | |
| echo -e "${GREEN}Nginx configured successfuly!${NC}" | |
| echo -e "${PURPLE}Reloading Nginx...${NC}" | |
| nginx -s reload | |
| echo -e "${GREEN}Nginx reloaded!${NC}" | |
| # echo "" | |
| # echo "Open your browser and go to https://$maindomain" | |
| # echo "" | |
| else | |
| echo -e "${RED}Nginx configuration failed!${NC}" | |
| echo -e "${RED}Detail:${NC}" | |
| echo "$nginx_out" | |
| exit 1 | |
| fi | |
| if [[ ${ssl_type,,} == "auto" ]]; then | |
| certbot --nginx $certbot | |
| fi | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment