alvin2ye · June 21, 2019 03:30
diff --git a/register_centos_https b/register_centos_https
 #!/bin/bash

 set -e

 echo "=== init folder ==="

 mkdir -p /var/www/letsencrypt
 mkdir -p /root/ssl

 echo "=== <%= domain %>.conf ==="

 cat <<EOF >> /etc/nginx/conf.d/<%= domain %>.conf
 server {
  listen 80;
  server_name <%= domain %>;

  location ^~ /.well-known/acme-challenge/ {
      default_type "text/plain";
      root /var/www/letsencrypt;
  }

  location / {
   return 301 https://<%= domain %>\$request_uri;
  }
 }
 EOF

 echo "=== nginx ==="

 nginx -s reload
 sleep 2


 echo "=== renew ssl ==="

 /root/.acme.sh/acme.sh --issue -d <%= domain %> -w /var/www/letsencrypt --issue -d <%= domain %> -w /var/www/letsencrypt

 echo "=== copy ssl cert ==="

 /root/.acme.sh/acme.sh --issue -d <%= domain %> -w /var/www/letsencrypt --installcert -d <%= domain %> \
 --keypath       /root/ssl/<%= domain %>.key  \
 --fullchainpath /root/ssl/<%= domain %>.key.pem \
 --reloadcmd     "nginx -s reload"

 echo "=== append https to nginx config ==="

 cat <<EOF >> /etc/nginx/sites-enabled/<%= domain %>.conf

 server {
  server_name <%= domain %>;
  listen 443 ssl;

  gzip on;
  gzip_proxied any;
  gzip_types text/css text/javascript text/xml text/plain application/javascript application/x-javascript application/json;

  ssl_protocols TLSv1.2;
  ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
  ssl_prefer_server_ciphers on;

  ssl_certificate /root/ssl/<%= domain %>.key.pem;
  ssl_certificate_key /root/ssl/<%= domain %>.key;
  ssl_session_cache shared:SSL:10m;
  ssl_session_timeout 10m;

  # buffer larger messages
  client_max_body_size 0;
  
  location / {
    proxy_http_version 1.1;
    
    proxy_set_header   Host \$http_host;
    proxy_set_header   Upgrade \$http_upgrade;
    proxy_set_header   Connection "Upgrade";
    proxy_set_header   X-Forwarded-Proto \$scheme;
    proxy_set_header   X-Forwarded-Ssl on;
    proxy_set_header   X-Real-IP \$remote_addr;
    proxy_pass  http://localhost:<%= docker_http_port %>;
  }
 }
 EOF

 echo "=== nginx reload ==="

 nginx -s reload
 sleep 2

 echo "=== test ==="

 curl -I https://<%= domain %>
 echo ""
	#!/bin/bash

	set -e

	echo "=== init folder ==="

	mkdir -p /var/www/letsencrypt
	mkdir -p /root/ssl

	echo "=== <%= domain %>.conf ==="

	cat <<EOF >> /etc/nginx/conf.d/<%= domain %>.conf
	server {
	listen 80;
	server_name <%= domain %>;

	location ^~ /.well-known/acme-challenge/ {
	default_type "text/plain";
	root /var/www/letsencrypt;
	}

	location / {
	return 301 https://<%= domain %>\$request_uri;
	}
	}
	EOF

	echo "=== nginx ==="

	nginx -s reload
	sleep 2


	echo "=== renew ssl ==="

	/root/.acme.sh/acme.sh --issue -d <%= domain %> -w /var/www/letsencrypt --issue -d <%= domain %> -w /var/www/letsencrypt

	echo "=== copy ssl cert ==="

	/root/.acme.sh/acme.sh --issue -d <%= domain %> -w /var/www/letsencrypt --installcert -d <%= domain %> \
	--keypath /root/ssl/<%= domain %>.key \
	--fullchainpath /root/ssl/<%= domain %>.key.pem \
	--reloadcmd "nginx -s reload"

	echo "=== append https to nginx config ==="

	cat <<EOF >> /etc/nginx/sites-enabled/<%= domain %>.conf

	server {
	server_name <%= domain %>;
	listen 443 ssl;

	gzip on;
	gzip_proxied any;
	gzip_types text/css text/javascript text/xml text/plain application/javascript application/x-javascript application/json;

	ssl_protocols TLSv1.2;
	ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
	ssl_prefer_server_ciphers on;

	ssl_certificate /root/ssl/<%= domain %>.key.pem;
	ssl_certificate_key /root/ssl/<%= domain %>.key;
	ssl_session_cache shared:SSL:10m;
	ssl_session_timeout 10m;

	# buffer larger messages
	client_max_body_size 0;

	location / {
	proxy_http_version 1.1;

	proxy_set_header Host \$http_host;
	proxy_set_header Upgrade \$http_upgrade;
	proxy_set_header Connection "Upgrade";
	proxy_set_header X-Forwarded-Proto \$scheme;
	proxy_set_header X-Forwarded-Ssl on;
	proxy_set_header X-Real-IP \$remote_addr;
	proxy_pass http://localhost:<%= docker_http_port %>;
	}
	}
	EOF

	echo "=== nginx reload ==="

	nginx -s reload
	sleep 2

	echo "=== test ==="

	curl -I https://<%= domain %>
	echo ""