Skip to content

Instantly share code, notes, and snippets.

@faizzed

faizzed/create_nginx_server.sh

Last active August 11, 2020 15:34
Show Gist options
  • Save faizzed/46a285c0a98382266c5011a4c430fad1 to your computer and use it in GitHub Desktop.
Save faizzed/46a285c0a98382266c5011a4c430fad1 to your computer and use it in GitHub Desktop.
Download ZIP
This script creates a starter nginx server block, install ssl cert, setup a src directory and add entry to hosts file. Written for OSX.
Raw
create_nginx_server.sh
#!/usr/bin/env bash
printf "
---\n
This script will do the following:\n
- Make an nginx server config\n
- Create an ssl cert for it\n
- Add the cert to trusted cert db.\n
- Make a src folder ready to to be edited.\n\n
This is just to get started faster. Please make relevant edits.
--\n";
printf "Enter server name: "
read serverName
if [ "$serverName" == "" ]; then
printf "Cant proceed with an empty server name."
exit
fi
nginxFolder=/usr/local/etc/nginx/servers
srcFolder=$HOME/lab/html/$serverName
nginxLogsFolder=/usr/local/Cellar/nginx/1.19.1/logs/
mkdir $serverName
mkdir $srcFolder
touch $srcFolder/index.html
mkdir $nginxLogsFolder/$serverName
scheme='$scheme'
request_uri='$request_uri'
server_name='$server_name'
# Adding html source file..
echo "$(cat <<-END
<h1>$serverName</h1>
<p>Project starter template.</p>
END)" > $srcFolder/index.html
echo "$(cat <<-END
server {
listen 80;
listen 443 ssl http2;
listen [::]:443 ssl http2;
error_log logs/$serverName/error.log;
access_log logs/$serverName/access.log;
server_name $serverName;
root $srcFolder;
if ($scheme = "http") {
return 301 https://$server_name$request_uri;
}
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Content-Type-Options "nosniff";
index index.html;
charset utf-8;
}
END)" > $nginxFolder/$serverName
conf=$(cat <<-END
[req]
default_bits = 2048
default_keyfile = $serverName.key
distinguished_name = req_distinguished_name
req_extensions = req_ext
x509_extensions = v3_ca
[req_distinguished_name]
countryName = Country Name (2 letter code)
countryName_default = US
stateOrProvinceName = State or Province Name (full name)
stateOrProvinceName_default = New York
localityName = Locality Name (eg, city)
localityName_default = Rochester
organizationName = Organization Name (eg, company)
organizationName_default = $serverName
organizationalUnitName = organizationalunit
organizationalUnitName_default = Development
commonName = Common Name (e.g. server FQDN or YOUR name)
commonName_default = $serverName
commonName_max = 64
[req_ext]
subjectAltName = @alt_names
[v3_ca]
subjectAltName = @alt_names
[alt_names]
DNS.1 = $serverName
DNS.2 = 127.0.0.1
END)
echo "$conf" >> $serverName/$serverName.conf
sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout $serverName.key -out $serverName.crt -config $serverName/$serverName.conf
mv $serverName.key $serverName.crt $serverName
# add the cert entries to server.nginx.conf file
currentDir=/Users/fqayyum/lab/ssl/$serverName
certEntries=$(cat <<-END
ssl_certificate $currentDir/$serverName.crt;
ssl_certificate_key $currentDir/$serverName.key;
ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
END)
ed $nginxFolder/$serverName << END
6i
$certEntries
.
w
q
END
hostsFile=/etc/hosts
printf "\n\nWrote entries to $nginxFolder/$serverName\n\nAdding host entry to $hostsFile...\n\n";
echo "127.0.0.1 $serverName" | sudo tee -a /etc/hosts;
printf "\n\nRestarting nginx .. \n\n";
sudo nginx -s stop && nginx;
printf "Adding ssl cert to trusted db...\n\n";
if [[ "$OSTYPE" == "linux-gnu"* ]]; then
certDir=$HOME/.pki/nssdb
if [ ! -d "$certDir" ]; then
mkdir -p $certDir
certutil -d $certDir -N
fi
certutil -d sql:$certDir -A -t "P,," -n "$serverName" -i $serverName/$serverName.crt
elif [[ "$OSTYPE" == "darwin"* ]]; then
sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain $serverName/$serverName.crt
else
printf "Os not detected!~"
fi
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment