suderman · March 21, 2017 17:58
diff --git a/etc.init.d.nginx.sh b/etc.init.d.nginx.sh
 #!/bin/sh
 #/etc/init.d/nginx

 # chkconfig: 2345 55 25
 # Description: Nginx init.d script, put in /etc/init.d, chmod +x /etc/init.d/nginx
 #              For Debian, run: update-rc.d -f nginx defaults
 #              For CentOS, run: chkconfig --add nginx
 #
 ### BEGIN INIT INFO
 # Provides:          nginx
 # Required-Start:    $all
 # Required-Stop:     $all
 # Default-Start:     2 3 4 5
 # Default-Stop:      0 1 6
 # Short-Description: nginx init.d script
 # Description:       OpenResty (aka. ngx_openresty) is a full-fledged web application server by bundling the standard Nginx core, lots of 3rd-party Nginx modules, as well as most of their external dependencies.
 ### END INIT INFO
 #

 PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
 DESC="Nginx Daemon"
 NAME=nginx
 PREFIX=/usr/local/openresty/nginx
 DAEMON=$PREFIX/sbin/$NAME
 CONF=/$NAME/$NAME.conf
 PID=$PREFIX/logs/$NAME.pid
 SCRIPT=/etc/init.d/$NAME

 if [ ! -x "$DAEMON" ] || [ ! -f "$CONF" ]; then
    echo -e "\033[33m $DAEMON has no permission to run. \033[0m"
    echo -e "\033[33m Or $CONF doesn't exist. \033[0m"
    sleep 1
    exit 1
 fi

 do_start() {
    if [ -f $PID ]; then
        echo -e "\033[33m $PID already exists. \033[0m"
        echo -e "\033[33m $DESC is already running or crashed. \033[0m"
        echo -e "\033[32m $DESC Reopening $CONF ... \033[0m"
        $DAEMON -s reopen -c $CONF
        sleep 1
        echo -e "\033[36m $DESC reopened. \033[0m"
    else
        echo -e "\033[32m $DESC Starting $CONF ... \033[0m"
        $DAEMON -c $CONF
        sleep 1
        echo -e "\033[36m $DESC started. \033[0m"
    fi
 }

 do_stop() {
    if [ ! -f $PID ]; then
        echo -e "\033[33m $PID doesn't exist. \033[0m"
        echo -e "\033[33m $DESC isn't running. \033[0m"
    else
        echo -e "\033[32m $DESC Stopping $CONF ... \033[0m"
        $DAEMON -s stop -c $CONF
        sleep 1
        echo -e "\033[36m $DESC stopped. \033[0m"
    fi
 }

 do_reload() {
    if [ ! -f $PID ]; then
        echo -e "\033[33m $PID doesn't exist. \033[0m"
        echo -e "\033[33m $DESC isn't running. \033[0m"
        echo -e "\033[32m $DESC Starting $CONF ... \033[0m"
        $DAEMON -c $CONF
        sleep 1
        echo -e "\033[36m $DESC started. \033[0m"
    else
        echo -e "\033[32m $DESC Reloading $CONF ... \033[0m"
        $DAEMON -s reload -c $CONF
        sleep 1
        echo -e "\033[36m $DESC reloaded. \033[0m"
    fi
 }

 do_quit() {
    if [ ! -f $PID ]; then
        echo -e "\033[33m $PID doesn't exist. \033[0m"
        echo -e "\033[33m $DESC isn't running. \033[0m"
    else
        echo -e "\033[32m $DESC Quitting $CONF ... \033[0m"
        $DAEMON -s quit -c $CONF
        sleep 1
        echo -e "\033[36m $DESC quitted. \033[0m"
    fi
 }

 do_test() {
    echo -e "\033[32m $DESC Testing $CONF ... \033[0m"
    $DAEMON -t -c $CONF
 }

 do_info() {
    $DAEMON -V
 }

 case "$1" in
 start)
 do_start
 ;;
 stop)
 do_stop
 ;;
 reload)
 do_reload
 ;;
 restart)
 do_stop
 do_start
 ;;
 quit)
 do_quit
 ;;
 test)
 do_test
 ;;
 info)
 do_info
 ;;
 *)
 echo "Usage: $SCRIPT {start|stop|reload|restart|quit|test|info}"
 exit 2
 ;;
 esac

 exit 0
diff --git a/nginx.bin.certify.sh b/nginx.bin.certify.sh
 #!/bin/bash
 #/nginx/bin/certify
 eval "$(cat ~/.local/share/shelper.sh || curl suderman.github.io/shelper/shelper.sh)"

 if hasnt /usr/bin/letsencrypt; then
  msg "/usr/bin/letsencrypt is missing. Exiting."
  exit 0;
 fi

 if hasnt nginx; then
  msg "nginx is missing. Exiting."
  exit 0;
 fi

 # Get list of /nginx/hosts missing certificate from letsencrypt
 HOSTNAMES=("$(diff --brief /etc/letsencrypt/live /nginx/hosts | grep "Only in /nginx/hosts:")")
 HOSTNAMES=${HOSTNAMES//Only\ in\ \/nginx\/hosts\:\ /}
 HOSTNAMES=${HOSTNAMES//skynet.nonfiction.ca/}

 # Create letsencrypt certificate for any missing hostnames
 for HOSTNAME in $HOSTNAMES; do
  echo ""
  msg "Creating certificate with letsencrypt for $HOSTNAME and www.$HOSTNAME"
  echo "/usr/bin/letsencrypt certonly --webroot -w /nginx/html -d $HOSTNAME -d www.$HOSTNAME"
  /usr/bin/letsencrypt certonly --webroot -w /nginx/html -d $HOSTNAME -d www.$HOSTNAME
 done

 # Ensure all letencrypt hostnames are symlinked
 for HOSTNAME in $(ls /etc/letsencrypt/live); do

  if has /etc/letsencrypt/live/$HOSTNAME/fullchain.pem; then
    echo ""
    msg "Symlinking letsencrypt certificate at /nginx/certs/$HOSTNAME.crt"
    echo "ln -sf /etc/letsencrypt/live/$HOSTNAME/fullchain.pem /nginx/certs/$HOSTNAME.crt"
    ln -sf /etc/letsencrypt/live/$HOSTNAME/fullchain.pem /nginx/certs/$HOSTNAME.crt
  fi

  if has /etc/letsencrypt/live/$HOSTNAME/privkey.pem; then
    echo ""
    msg "Symlinking letsencrypt key at /nginx/certs/$HOSTNAME.key"
    echo "ln -sf /etc/letsencrypt/live/$HOSTNAME/privkey.pem /nginx/certs/$HOSTNAME.key"
    ln -sf /etc/letsencrypt/live/$HOSTNAME/privkey.pem /nginx/certs/$HOSTNAME.key
  fi

 done

 echo ""
 msg "Reloading nginx"
 echo "sudo service nginx reload"
 sudo service nginx reload

 echo ""
 msg "Done!"
diff --git a/nginx.bin.new.sh b/nginx.bin.new.sh
 #!/bin/bash
 #/nginx/bin/new
 eval "$(cat ~/.local/share/shelper.sh || curl suderman.github.io/shelper/shelper.sh)"

 if [ $# -lt 2 ]; then
  msg 'Usage: bin/new HOSTNAME UPSTREAM (example: bin/new nonfiction.ca n.bam.nonwebdev.com)'
  exit 0;
 fi

 HOSTNAME=$1
 UPSTREAM=$2

 if hasnt nginx; then
  msg "nginx is missing. Exiting."
  exit 0;
 fi

 if has /nginx/hosts/$HOSTNAME; then
  msg "nginx configuration \"$HOSTNAME\" already exists at \"/nginx/hosts/$HOSTNAME\". Exiting."
  exit 0;
 fi

 if has /nginx/certs/$HOSTNAME.crt; then
  msg "OpenSSL certificate \"$HOSTNAME.crt\" already exists at \"/nginx/certs/$HOSTNAME.crt\". Exiting."
  exit 0;
 fi

 if has /nginx/certs/$HOSTNAME.key; then
  msg "OpenSSL key \"$HOSTNAME.key\" already exists at \"/nginx/certs/$HOSTNAME.key\". Exiting."
  exit 0;
 fi

 echo ""
 msg "Creating host configuration at /nginx/hosts/$HOSTNAME"
 echo "cp /nginx/conf/template /nginx/hosts/$HOSTNAME"
 cp /nginx/conf/template /nginx/hosts/$HOSTNAME

 echo ""
 msg "Substituting variables HOSTNAME and UPSTREAM at /nginx/hosts/$HOSTNAME"
 echo "sed -i \"s=HOSTNAME=$HOSTNAME=g\" /nginx/hosts/$HOSTNAME"
 sed -i "s=HOSTNAME=$HOSTNAME=g" /nginx/hosts/$HOSTNAME
 echo "sed -i \"s=UPSTREAM=$UPSTREAM=g\" /nginx/hosts/$HOSTNAME"
 sed -i "s=UPSTREAM=$UPSTREAM=g" /nginx/hosts/$HOSTNAME

 echo ""
 msg "Symlinking placeholder certificate at /nginx/certs/$HOSTNAME.crt"
 echo "ln -s /nginx/certs/default.crt /nginx/certs/$HOSTNAME.crt"
 ln -s /nginx/certs/default.crt /nginx/certs/$HOSTNAME.crt

 echo ""
 msg "Symlinking placeholder key at /nginx/certs/$HOSTNAME.key"
 echo "ln -s /nginx/certs/default.key /nginx/certs/$HOSTNAME.key"
 ln -s /nginx/certs/default.key /nginx/certs/$HOSTNAME.key

 echo ""
 msg "Reloading nginx"
 echo "sudo service nginx reload"
 sudo service nginx reload

 echo ""
 msg "Done! When the DNS records for $HOSTNAME and www.$HOSTNAME point to skynet.nonfiction.ca (138.197.149.80), run /nginx/bin/certify to run letsencrypt."
diff --git a/nginx.conf b/nginx.conf
 # /nginx/nginx.conf

 user www-data;
 worker_processes 4;
 pid /var/run/nginx.pid;

 events {
  worker_connections 1024;
 }

 http {

  # Basic Settings
  sendfile on;
  tcp_nopush on;
  tcp_nodelay on;
  keepalive_timeout 65;
  types_hash_max_size 2048;

  include mime.types;
  default_type application/octet-stream;

  # Logging Settings
  access_log /var/log/nginx/access.log;
  error_log /var/log/nginx/error.log;

  # Gzip Settings
  gzip on;
  gzip_disable "msie6";
  gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;

  # DNS
  resolver 8.8.8.8 8.8.4.4 valid=300s;
  resolver_timeout 5s;

  # Allow big files
  client_max_body_size 100M;

  # Root directory
  root html;

  # Virtual Hosts and other configuration
  include hosts/*;
 }
diff --git a/nginx.conf.pagespeed b/nginx.conf.pagespeed
 # /nginx/conf/pagespeed

 pagespeed on;

 # Needs to exist and be writable by nginx.  Use tmpfs for best performance.
 pagespeed FileCachePath /var/ngx_pagespeed_cache;

 # Ensure requests for pagespeed optimized resources go to the pagespeed handler
 # and no extraneous headers get set.
 location ~ "\.pagespeed\.([a-z]\.)?[a-z]{2}\.[^.]{10}\.[^.]+" {
  add_header "" "";
 }
 location ~ "^/pagespeed_static/" { }
 location ~ "^/ngx_pagespeed_beacon$" { }

 pagespeed RewriteLevel CoreFilters;
diff --git a/nginx.conf.proxy b/nginx.conf.proxy
 # /nginx/conf/proxy

 # proxy_http_version 1.1;
 # proxy_set_header Upgrade $http_upgrade;
 # proxy_set_header Connection "upgrade";

 # proxy_set_header Host $host;
 proxy_set_header X-Real-IP $remote_addr;
 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
 proxy_set_header X-Forwarded-Proto $scheme;
diff --git a/nginx.conf.ssl b/nginx.conf.ssl
 # /nginx/conf/ssl

 ssl on;
 ssl_protocols             TLSv1 TLSv1.1 TLSv1.2;
 ssl_prefer_server_ciphers on;
 ssl_session_cache         shared:SSL:5m;
 ssl_session_timeout       5m;
 ssl_dhparam               certs/dhparam.pem;
 ssl_stapling              on;
 ssl_stapling_verify       on;
 ssl_ciphers               'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';

 add_header Strict-Transport-Security "max-age=15768000; includeSubdomains";
diff --git a/nginx.conf.template b/nginx.conf.template
 # /nginx/conf/template

 # Serve http
 server {
  listen 80;
  server_name HOSTNAME www.HOSTNAME;

  # Verify with letsencrypt
  include conf/verify;

  # Uncomment this after letsencrypt has created the certificate
  #!location / { rewrite 301 https://HOSTNAME$request_uri; }

  # Comment this after letsencrypt has created the certificate
  location / {
    include     conf/proxy;
    proxy_pass  http://UPSTREAM:80;
  }
 }


 # Serve https
 server {
  listen 443 ssl http2;
  server_name HOSTNAME www.HOSTNAME;

  include              conf/ssl;
  ssl_certificate      certs/HOSTNAME.crt;
  ssl_certificate_key  certs/HOSTNAME.key;

  location / {
    include     conf/proxy;
    proxy_pass  http://UPSTREAM:80;
  }
 }
diff --git a/nginx.conf.verify b/nginx.conf.verify
 # /nginx/conf/verify

 # Serve letsencrypt what they want
 location /.well-known {
  alias html/.well-known;
 }
diff --git a/nginx.hosts.skynet.conf b/nginx.hosts.skynet.conf
 # /nginx/hosts/skynet.nonfiction.ca

 server {
  listen 80;
  server_name skynet.nonfiction.ca;

  location / {
    alias html/;
  }
 }
diff --git a/nginx.html.well-known.index.html b/nginx.html.well-known.index.html
 <!DOCTYPE html>
 <!--- /nginx/html/.well-known/index.html -->
 <html>
 <head>
 <title>Welcome to nonfiction skynet</title>
 <style>
    body {
        width: 35em;
        margin: 0 auto;
        font-family: Tahoma, Verdana, Arial, sans-serif;
    }
 </style>
 </head>
 <body>
 <h1>Welcome to nonfiction skynet</h1>
 <p>If you see this page, the OpenResty web platform is successfully installed and
 working. Further configuration is required.</p>

 <p>For online documentation and support please refer to
 <a href="https://openresty.org/">openresty.org</a>.<br/>

 <p><em>Thank you for flying OpenResty.</em></p>
 </body>
 </html>
	#!/bin/sh
	#/etc/init.d/nginx

	# chkconfig: 2345 55 25
	# Description: Nginx init.d script, put in /etc/init.d, chmod +x /etc/init.d/nginx
	# For Debian, run: update-rc.d -f nginx defaults
	# For CentOS, run: chkconfig --add nginx
	#
	### BEGIN INIT INFO
	# Provides: nginx
	# Required-Start: $all
	# Required-Stop: $all
	# Default-Start: 2 3 4 5
	# Default-Stop: 0 1 6
	# Short-Description: nginx init.d script
	# Description: OpenResty (aka. ngx_openresty) is a full-fledged web application server by bundling the standard Nginx core, lots of 3rd-party Nginx modules, as well as most of their external dependencies.
	### END INIT INFO
	#

	PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
	DESC="Nginx Daemon"
	NAME=nginx
	PREFIX=/usr/local/openresty/nginx
	DAEMON=$PREFIX/sbin/$NAME
	CONF=/$NAME/$NAME.conf
	PID=$PREFIX/logs/$NAME.pid
	SCRIPT=/etc/init.d/$NAME

	if [ ! -x "$DAEMON" ] \|\| [ ! -f "$CONF" ]; then
	echo -e "\033[33m $DAEMON has no permission to run. \033[0m"
	echo -e "\033[33m Or $CONF doesn't exist. \033[0m"
	sleep 1
	exit 1
	fi

	do_start() {
	if [ -f $PID ]; then
	echo -e "\033[33m $PID already exists. \033[0m"
	echo -e "\033[33m $DESC is already running or crashed. \033[0m"
	echo -e "\033[32m $DESC Reopening $CONF ... \033[0m"
	$DAEMON -s reopen -c $CONF
	sleep 1
	echo -e "\033[36m $DESC reopened. \033[0m"
	else
	echo -e "\033[32m $DESC Starting $CONF ... \033[0m"
	$DAEMON -c $CONF
	sleep 1
	echo -e "\033[36m $DESC started. \033[0m"
	fi
	}

	do_stop() {
	if [ ! -f $PID ]; then
	echo -e "\033[33m $PID doesn't exist. \033[0m"
	echo -e "\033[33m $DESC isn't running. \033[0m"
	else
	echo -e "\033[32m $DESC Stopping $CONF ... \033[0m"
	$DAEMON -s stop -c $CONF
	sleep 1
	echo -e "\033[36m $DESC stopped. \033[0m"
	fi
	}

	do_reload() {
	if [ ! -f $PID ]; then
	echo -e "\033[33m $PID doesn't exist. \033[0m"
	echo -e "\033[33m $DESC isn't running. \033[0m"
	echo -e "\033[32m $DESC Starting $CONF ... \033[0m"
	$DAEMON -c $CONF
	sleep 1
	echo -e "\033[36m $DESC started. \033[0m"
	else
	echo -e "\033[32m $DESC Reloading $CONF ... \033[0m"
	$DAEMON -s reload -c $CONF
	sleep 1
	echo -e "\033[36m $DESC reloaded. \033[0m"
	fi
	}

	do_quit() {
	if [ ! -f $PID ]; then
	echo -e "\033[33m $PID doesn't exist. \033[0m"
	echo -e "\033[33m $DESC isn't running. \033[0m"
	else
	echo -e "\033[32m $DESC Quitting $CONF ... \033[0m"
	$DAEMON -s quit -c $CONF
	sleep 1
	echo -e "\033[36m $DESC quitted. \033[0m"
	fi
	}

	do_test() {
	echo -e "\033[32m $DESC Testing $CONF ... \033[0m"
	$DAEMON -t -c $CONF
	}

	do_info() {
	$DAEMON -V
	}

	case "$1" in
	start)
	do_start
	;;
	stop)
	do_stop
	;;
	reload)
	do_reload
	;;
	restart)
	do_stop
	do_start
	;;
	quit)
	do_quit
	;;
	test)
	do_test
	;;
	info)
	do_info
	;;
	*)
	echo "Usage: $SCRIPT {start\|stop\|reload\|restart\|quit\|test\|info}"
	exit 2
	;;
	esac

	exit 0
	#!/bin/bash
	#/nginx/bin/certify
	eval "$(cat ~/.local/share/shelper.sh \|\| curl suderman.github.io/shelper/shelper.sh)"

	if hasnt /usr/bin/letsencrypt; then
	msg "/usr/bin/letsencrypt is missing. Exiting."
	exit 0;
	fi

	if hasnt nginx; then
	msg "nginx is missing. Exiting."
	exit 0;
	fi

	# Get list of /nginx/hosts missing certificate from letsencrypt
	HOSTNAMES=("$(diff --brief /etc/letsencrypt/live /nginx/hosts \| grep "Only in /nginx/hosts:")")
	HOSTNAMES=${HOSTNAMES//Only\ in\ \/nginx\/hosts\:\ /}
	HOSTNAMES=${HOSTNAMES//skynet.nonfiction.ca/}

	# Create letsencrypt certificate for any missing hostnames
	for HOSTNAME in $HOSTNAMES; do
	echo ""
	msg "Creating certificate with letsencrypt for $HOSTNAME and www.$HOSTNAME"
	echo "/usr/bin/letsencrypt certonly --webroot -w /nginx/html -d $HOSTNAME -d www.$HOSTNAME"
	/usr/bin/letsencrypt certonly --webroot -w /nginx/html -d $HOSTNAME -d www.$HOSTNAME
	done

	# Ensure all letencrypt hostnames are symlinked
	for HOSTNAME in $(ls /etc/letsencrypt/live); do

	if has /etc/letsencrypt/live/$HOSTNAME/fullchain.pem; then
	echo ""
	msg "Symlinking letsencrypt certificate at /nginx/certs/$HOSTNAME.crt"
	echo "ln -sf /etc/letsencrypt/live/$HOSTNAME/fullchain.pem /nginx/certs/$HOSTNAME.crt"
	ln -sf /etc/letsencrypt/live/$HOSTNAME/fullchain.pem /nginx/certs/$HOSTNAME.crt
	fi

	if has /etc/letsencrypt/live/$HOSTNAME/privkey.pem; then
	echo ""
	msg "Symlinking letsencrypt key at /nginx/certs/$HOSTNAME.key"
	echo "ln -sf /etc/letsencrypt/live/$HOSTNAME/privkey.pem /nginx/certs/$HOSTNAME.key"
	ln -sf /etc/letsencrypt/live/$HOSTNAME/privkey.pem /nginx/certs/$HOSTNAME.key
	fi

	done

	echo ""
	msg "Reloading nginx"
	echo "sudo service nginx reload"
	sudo service nginx reload

	echo ""
	msg "Done!"
	#!/bin/bash
	#/nginx/bin/new
	eval "$(cat ~/.local/share/shelper.sh \|\| curl suderman.github.io/shelper/shelper.sh)"

	if [ $# -lt 2 ]; then
	msg 'Usage: bin/new HOSTNAME UPSTREAM (example: bin/new nonfiction.ca n.bam.nonwebdev.com)'
	exit 0;
	fi

	HOSTNAME=$1
	UPSTREAM=$2

	if hasnt nginx; then
	msg "nginx is missing. Exiting."
	exit 0;
	fi

	if has /nginx/hosts/$HOSTNAME; then
	msg "nginx configuration \"$HOSTNAME\" already exists at \"/nginx/hosts/$HOSTNAME\". Exiting."
	exit 0;
	fi

	if has /nginx/certs/$HOSTNAME.crt; then
	msg "OpenSSL certificate \"$HOSTNAME.crt\" already exists at \"/nginx/certs/$HOSTNAME.crt\". Exiting."
	exit 0;
	fi

	if has /nginx/certs/$HOSTNAME.key; then
	msg "OpenSSL key \"$HOSTNAME.key\" already exists at \"/nginx/certs/$HOSTNAME.key\". Exiting."
	exit 0;
	fi

	echo ""
	msg "Creating host configuration at /nginx/hosts/$HOSTNAME"
	echo "cp /nginx/conf/template /nginx/hosts/$HOSTNAME"
	cp /nginx/conf/template /nginx/hosts/$HOSTNAME

	echo ""
	msg "Substituting variables HOSTNAME and UPSTREAM at /nginx/hosts/$HOSTNAME"
	echo "sed -i \"s=HOSTNAME=$HOSTNAME=g\" /nginx/hosts/$HOSTNAME"
	sed -i "s=HOSTNAME=$HOSTNAME=g" /nginx/hosts/$HOSTNAME
	echo "sed -i \"s=UPSTREAM=$UPSTREAM=g\" /nginx/hosts/$HOSTNAME"
	sed -i "s=UPSTREAM=$UPSTREAM=g" /nginx/hosts/$HOSTNAME

	echo ""
	msg "Symlinking placeholder certificate at /nginx/certs/$HOSTNAME.crt"
	echo "ln -s /nginx/certs/default.crt /nginx/certs/$HOSTNAME.crt"
	ln -s /nginx/certs/default.crt /nginx/certs/$HOSTNAME.crt

	echo ""
	msg "Symlinking placeholder key at /nginx/certs/$HOSTNAME.key"
	echo "ln -s /nginx/certs/default.key /nginx/certs/$HOSTNAME.key"
	ln -s /nginx/certs/default.key /nginx/certs/$HOSTNAME.key

	echo ""
	msg "Reloading nginx"
	echo "sudo service nginx reload"
	sudo service nginx reload

	echo ""
	msg "Done! When the DNS records for $HOSTNAME and www.$HOSTNAME point to skynet.nonfiction.ca (138.197.149.80), run /nginx/bin/certify to run letsencrypt."
	# /nginx/nginx.conf

	user www-data;
	worker_processes 4;
	pid /var/run/nginx.pid;

	events {
	worker_connections 1024;
	}

	http {

	# Basic Settings
	sendfile on;
	tcp_nopush on;
	tcp_nodelay on;
	keepalive_timeout 65;
	types_hash_max_size 2048;

	include mime.types;
	default_type application/octet-stream;

	# Logging Settings
	access_log /var/log/nginx/access.log;
	error_log /var/log/nginx/error.log;

	# Gzip Settings
	gzip on;
	gzip_disable "msie6";
	gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;

	# DNS
	resolver 8.8.8.8 8.8.4.4 valid=300s;
	resolver_timeout 5s;

	# Allow big files
	client_max_body_size 100M;

	# Root directory
	root html;

	# Virtual Hosts and other configuration
	include hosts/*;
	}
	# /nginx/conf/pagespeed

	pagespeed on;

	# Needs to exist and be writable by nginx. Use tmpfs for best performance.
	pagespeed FileCachePath /var/ngx_pagespeed_cache;

	# Ensure requests for pagespeed optimized resources go to the pagespeed handler
	# and no extraneous headers get set.
	location ~ "\.pagespeed\.([a-z]\.)?[a-z]{2}\.[^.]{10}\.[^.]+" {
	add_header "" "";
	}
	location ~ "^/pagespeed_static/" { }
	location ~ "^/ngx_pagespeed_beacon$" { }

	pagespeed RewriteLevel CoreFilters;
	# /nginx/conf/proxy

	# proxy_http_version 1.1;
	# proxy_set_header Upgrade $http_upgrade;
	# proxy_set_header Connection "upgrade";

	# proxy_set_header Host $host;
	proxy_set_header X-Real-IP $remote_addr;
	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	proxy_set_header X-Forwarded-Proto $scheme;
	# /nginx/conf/ssl

	ssl on;
	ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
	ssl_prefer_server_ciphers on;
	ssl_session_cache shared:SSL:5m;
	ssl_session_timeout 5m;
	ssl_dhparam certs/dhparam.pem;
	ssl_stapling on;
	ssl_stapling_verify on;
	ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';

	add_header Strict-Transport-Security "max-age=15768000; includeSubdomains";
	# /nginx/conf/template

	# Serve http
	server {
	listen 80;
	server_name HOSTNAME www.HOSTNAME;

	# Verify with letsencrypt
	include conf/verify;

	# Uncomment this after letsencrypt has created the certificate
	#!location / { rewrite 301 https://HOSTNAME$request_uri; }

	# Comment this after letsencrypt has created the certificate
	location / {
	include conf/proxy;
	proxy_pass http://UPSTREAM:80;
	}
	}


	# Serve https
	server {
	listen 443 ssl http2;
	server_name HOSTNAME www.HOSTNAME;

	include conf/ssl;
	ssl_certificate certs/HOSTNAME.crt;
	ssl_certificate_key certs/HOSTNAME.key;

	location / {
	include conf/proxy;
	proxy_pass http://UPSTREAM:80;
	}
	}
	# /nginx/conf/verify

	# Serve letsencrypt what they want
	location /.well-known {
	alias html/.well-known;
	}
	# /nginx/hosts/skynet.nonfiction.ca

	server {
	listen 80;
	server_name skynet.nonfiction.ca;

	location / {
	alias html/;
	}
	}