Last active
June 4, 2019 13:13
-
-
Save amiad/1e58a9393a26ee5acbaa45511016696e to your computer and use it in GitHub Desktop.
Adding domain to nginx include https
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Usage: ./nginx_add_domain.sh <domain> <webroot_directory> [<configuration_file>] | |
| add_server(){ | |
| if [ ! -z $3 ]; then | |
| echo "$4" >> "$3" | |
| else | |
| echo "add this block to nginx configuration file in http block" | |
| echo "" | |
| echo "$4" | |
| echo "" | |
| echo "Press enter after adding the block to continue..." | |
| read | |
| fi | |
| } | |
| sock=$(ls /run/php*/*.sock) | |
| server80="server { | |
| listen 80; | |
| server_name $1 www.$1; | |
| #return 301 https://\$server_name\$request_uri; | |
| root $2; | |
| index index.php index.html index.htm; | |
| try_files \$uri \$uri/ =404; | |
| #try_files \$uri \$uri/ /index.php?\$args; #wordpress | |
| location ~ \.php$ { | |
| fastcgi_pass unix:$sock; | |
| include fastcgi.conf; | |
| fastcgi_param PHP_VALUE open_basedir=\$document_root:/tmp:/var/tmp:/usr/local/lib/php; | |
| } | |
| }" | |
| server443="server { | |
| listen 443 ssl http2; | |
| server_name $1 www.$1; | |
| root $2; | |
| index index.php index.html index.htm; | |
| try_files \$uri \$uri/ =404; | |
| #try_files \$uri \$uri/ /index.php?\$args; #wordpress | |
| add_header X-Frame-Options SAMEORIGIN; | |
| add_header X-XSS-Protection \"1; mode=block\"; | |
| add_header X-Content-Type-Options \"nosniff\"; | |
| ssl on; | |
| ssl_certificate /etc/letsencrypt/live/$1/fullchain.pem; | |
| ssl_certificate_key /etc/letsencrypt/live/$1/privkey.pem; | |
| ssl_session_timeout 5m; | |
| ssl_session_cache shared:SSL:50m; | |
| ssl_protocols TLSv1.2 TLSv1.3; | |
| ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256'; | |
| ssl_prefer_server_ciphers on; | |
| add_header Strict-Transport-Security \"max-age=63072000; includeSubDomains; preload\"; | |
| ssl_dhparam ssl/dhparam.pem; | |
| location ~ \.php$ { | |
| fastcgi_pass unix:$sock; | |
| include fastcgi.conf; | |
| fastcgi_param PHP_VALUE open_basedir=\$document_root:/tmp:/var/tmp:/usr/local/lib/php; | |
| } | |
| location ~* \.(?:ico|css|js|gif|jpe?g|png|woff2?|ttf)$ { | |
| expires 30d; | |
| add_header Pragma public; | |
| add_header Cache-Control "public"; | |
| } | |
| }" | |
| if [ -z $2 ]; then | |
| echo "parameters missed!" | |
| exit | |
| fi | |
| if [ ! $(command -v certbot) ]; then | |
| echo "certbot not installed!" | |
| exit | |
| fi | |
| add_server "$1" "$2" "$3" "$server80" | |
| systemctl reload nginx | |
| if [ ! -d /etc/letsencrypt/live/$1 ]; then | |
| certbot certonly --webroot -w $2 -d $1,www.$1 | |
| fi | |
| if [ ! -f /etc/nginx/ssl/dhparam.pem ]; then | |
| mkdir -p /etc/nginx/ssl/ | |
| openssl dhparam -out /etc/nginx/ssl/dhparam.pem 4096 | |
| fi | |
| add_server "$1" "$2" "$3" "$server443" | |
| if [ -z $3 ] || [ $(grep -c "#return 301 http://\$server_name\$request_uri;" $3) -gt 1 ]; then | |
| echo "uncomment the line of \"#return 301 https://\$server_name\$request_uri;\" and press Enter..." | |
| read | |
| else | |
| sed -i "/\s*#return/s/#//" $3 | |
| fi | |
| systemctl reload nginx | |
| echo "The domain $1 added!" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment