nflaig · December 26, 2019 21:13
diff --git a/nginx-setup.sh b/nginx-setup.sh
 #! /bin/bash

 # Script has to be run as root
 if [ "$EUID" -ne 0 ]; then
    echo "Please run as root"
    exit 1
 fi

 domain_name=
 app_name=
 app_port=

 parse_args() {
    for i in "$@" ; do
        case $i in
            --domain_name=*)
                domain_name="${i#*=}"
                shift
                ;;
            --app_name=*)
                app_name="${i#*=}"
                shift
                ;;
            --app_port=*)
                app_port="${i#*=}"
                shift
                ;;
            -*)
                echo_err "Unknown option: $i"
                exit 1
                ;;
            *)
                echo_err "Invalid argument: $i"
                exit 1
                ;;
        esac
    done
 }

 parse_args $@

 # User input
 if [[ "$domain_name" == "" ]]; then
    read -p "Enter domain name (e.g. example.com): " domain_name
 fi
 if [[ "$app_name" == "" ]]; then
    read -p "Enter name of application: " app_name
 fi
 if [[ "$app_port" == "" ]]; then
    read -p "Enter port of application: " app_port
 fi

 echo "########  Summary  ##################"
 echo "domain_name : $domain_name"
 echo "app_name    : $app_name"
 echo "app_port    : $app_port"
 echo "#####################################"

 echo ""
 echo "#####################################"
 echo "Starting nginx setup in 5 seconds"
 echo "press CTRL + C to cancel installation"
 echo "#####################################"
 echo ""
 sleep 5

 # Install nginx
 add-apt-repository ppa:nginx/stable -y && apt-get update && apt-get install nginx -y

 # Create config file
 touch /etc/nginx/sites-available/$app_name

 # Create symlink
 ln -s /etc/nginx/sites-available/$app_name /etc/nginx/sites-enabled/$app_name

 # Remove default file
 rm /etc/nginx/sites-enabled/default

 # Write to config file
 cat > /etc/nginx/sites-available/$app_name << EOM
 server {
        listen                          80;
        server_name                     $domain_name;

        location / {
                proxy_pass                            http://localhost:$app_port/;
                proxy_buffering                       off;
                proxy_set_header Host                 \$http_host;
                proxy_set_header X-Real-IP            \$remote_addr;
                proxy_set_header X-Forwarded-For      \$proxy_add_x_forwarded_for;
                proxy_set_header X-Forwarded-Proto    \$scheme;
        }
 }
 EOM

 # Restart nginx
 nginx -t && service nginx restart

 # Install certbot
 apt-get update
 apt-get install software-properties-common -y
 add-apt-repository universe -y
 add-apt-repository ppa:certbot/certbot -y
 apt-get update
 apt-get install certbot python-certbot-nginx -y

 # Create certificate
 certbot certonly --nginx

 # Generate random name for req_zone to avoid collisions
 req_zone="$(openssl rand -hex 6)"

 # Update config file
 cat > /etc/nginx/sites-available/$app_name << EOM
 limit_req_zone \$binary_remote_addr zone=$req_zone:10m rate=100r/s;

 server {
    listen                          80;
    server_name                     $domain_name;
    return 301                      https://\$server_name\$request_uri;
 }

 server {
    listen                          443 ssl;
    server_name                     $domain_name;
    ssl_certificate                 /etc/letsencrypt/live/$domain_name/fullchain.pem;
    ssl_certificate_key             /etc/letsencrypt/live/$domain_name/privkey.pem;
    add_header                      Strict-Transport-Security "max-age=31536000";

    location / {
        limit_req                             zone=$req_zone burst=50 nodelay;
        proxy_pass                            http://localhost:$app_port/;
        proxy_buffering                       off;
        proxy_set_header Host                 \$http_host;
        proxy_set_header X-Real-IP            \$remote_addr;
        proxy_set_header X-Forwarded-For      \$proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto    \$scheme;
    }
 }
 EOM

 # Restart nginx
 nginx -t && service nginx restart

 # Install ufw
 apt-get install ufw -y

 # Configure ufw
 ufw default deny incoming
 ufw default allow outgoing

 # default ssh port
 ufw allow ssh

 # default http/s ports
 ufw allow http
 ufw allow https

 # Enable ufw
 yes | ufw enable
 systemctl enable ufw
	#! /bin/bash

	# Script has to be run as root
	if [ "$EUID" -ne 0 ]; then
	echo "Please run as root"
	exit 1
	fi

	domain_name=
	app_name=
	app_port=

	parse_args() {
	for i in "$@" ; do
	case $i in
	--domain_name=*)
	domain_name="${i#*=}"
	shift
	;;
	--app_name=*)
	app_name="${i#*=}"
	shift
	;;
	--app_port=*)
	app_port="${i#*=}"
	shift
	;;
	-*)
	echo_err "Unknown option: $i"
	exit 1
	;;
	*)
	echo_err "Invalid argument: $i"
	exit 1
	;;
	esac
	done
	}

	parse_args $@

	# User input
	if [[ "$domain_name" == "" ]]; then
	read -p "Enter domain name (e.g. example.com): " domain_name
	fi
	if [[ "$app_name" == "" ]]; then
	read -p "Enter name of application: " app_name
	fi
	if [[ "$app_port" == "" ]]; then
	read -p "Enter port of application: " app_port
	fi

	echo "######## Summary ##################"
	echo "domain_name : $domain_name"
	echo "app_name : $app_name"
	echo "app_port : $app_port"
	echo "#####################################"

	echo ""
	echo "#####################################"
	echo "Starting nginx setup in 5 seconds"
	echo "press CTRL + C to cancel installation"
	echo "#####################################"
	echo ""
	sleep 5

	# Install nginx
	add-apt-repository ppa:nginx/stable -y && apt-get update && apt-get install nginx -y

	# Create config file
	touch /etc/nginx/sites-available/$app_name

	# Create symlink
	ln -s /etc/nginx/sites-available/$app_name /etc/nginx/sites-enabled/$app_name

	# Remove default file
	rm /etc/nginx/sites-enabled/default

	# Write to config file
	cat > /etc/nginx/sites-available/$app_name << EOM
	server {
	listen 80;
	server_name $domain_name;

	location / {
	proxy_pass http://localhost:$app_port/;
	proxy_buffering off;
	proxy_set_header Host \$http_host;
	proxy_set_header X-Real-IP \$remote_addr;
	proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
	proxy_set_header X-Forwarded-Proto \$scheme;
	}
	}
	EOM

	# Restart nginx
	nginx -t && service nginx restart

	# Install certbot
	apt-get update
	apt-get install software-properties-common -y
	add-apt-repository universe -y
	add-apt-repository ppa:certbot/certbot -y
	apt-get update
	apt-get install certbot python-certbot-nginx -y

	# Create certificate
	certbot certonly --nginx

	# Generate random name for req_zone to avoid collisions
	req_zone="$(openssl rand -hex 6)"

	# Update config file
	cat > /etc/nginx/sites-available/$app_name << EOM
	limit_req_zone \$binary_remote_addr zone=$req_zone:10m rate=100r/s;

	server {
	listen 80;
	server_name $domain_name;
	return 301 https://\$server_name\$request_uri;
	}

	server {
	listen 443 ssl;
	server_name $domain_name;
	ssl_certificate /etc/letsencrypt/live/$domain_name/fullchain.pem;
	ssl_certificate_key /etc/letsencrypt/live/$domain_name/privkey.pem;
	add_header Strict-Transport-Security "max-age=31536000";

	location / {
	limit_req zone=$req_zone burst=50 nodelay;
	proxy_pass http://localhost:$app_port/;
	proxy_buffering off;
	proxy_set_header Host \$http_host;
	proxy_set_header X-Real-IP \$remote_addr;
	proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
	proxy_set_header X-Forwarded-Proto \$scheme;
	}
	}
	EOM

	# Restart nginx
	nginx -t && service nginx restart

	# Install ufw
	apt-get install ufw -y

	# Configure ufw
	ufw default deny incoming
	ufw default allow outgoing

	# default ssh port
	ufw allow ssh

	# default http/s ports
	ufw allow http
	ufw allow https

	# Enable ufw
	yes \| ufw enable
	systemctl enable ufw