zaourzag · March 18, 2021 21:18
diff --git a/generate.sh b/generate.sh
 SED=`which sed`
 CURRENT_DIR=`dirname $0`

 echo "What is the domain?"
 read DOMAIN

 # check the domain is valid!
 PATTERN="^(([a-zA-Z]|[a-zA-Z][a-zA-Z0-9\-]*[a-zA-Z0-9])\.)*([A-Za-z]|[A-Za-z][A-Za-z0-9\-]*[A-Za-z0-9])$";
 if [[ "$DOMAIN" =~ $PATTERN ]]; then
 	DOMAIN=`echo $DOMAIN | tr '[A-Z]' '[a-z]'`
 	echo "Creating hosting for:" $DOMAIN
 else
 	echo "invalid domain name"
 	exit 1
 fi

 echo "What is the public folder inside /var/www/$DOMAIN"
 read PUBLIC_FOLDER
 certbot certonly --standalone -d $DOMAIN --n
 CONFIG=$CURRENT_DIR/$DOMAIN
 sudo cp $CURRENT_DIR/template.stub $CONFIG
 sudo $SED -i "s/{{DOMAIN}}/$DOMAIN/g" $CONFIG
 sudo $SED -i "s/{{PUBLIC_FOLDER}}/$PUBLIC_FOLDER/g" $CONFIG
diff --git a/template.stub b/template.stub
 server {
  listen 80;
  server_name {{DOMAIN}};

  # Redirect all traffic to SSL
  rewrite ^ https://$server_name$request_uri? permanent;
 }

 server {
  listen 443 ssl default_server;

  # enables SSLv3/TLSv1, but not SSLv2 which is weak and should no longer be used.
  ssl_protocols SSLv3 TLSv1.2;
  
  # disables all weak ciphers
  ssl_ciphers ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM;

  server_name {{DOMAIN}};

  ## Access and error logs.
  access_log /var/log/nginx/access.log;
  error_log  /var/log/nginx/error.log info;

  ## Keep alive timeout set to a greater value for SSL/TLS.
  keepalive_timeout 75 75;

  ## See the keepalive_timeout directive in nginx.conf.
  ## Server certificate and key.
  ssl on;
  ssl_certificate     /etc/letsencrypt/live/{{DOMAIN}}/fullchain.pem;
  ssl_certificate_key  /etc/letsencrypt/live/{{DOMAIN}}/privkey.pem;

  ssl_session_timeout  5m;

  ## Strict Transport Security header for enhanced security. See
  ## http://www.chromium.org/sts. I've set it to 2 hours; set it to
  ## whichever age you want.
  add_header Strict-Transport-Security "max-age=7200";
  location ~ /(.*)$ {
 # change this client_max_body_size 0;
       client_max_body_size 0;
    gzip off;

    ## https://github.com/gitlabhq/gitlabhq/issues/694
    ## Some requests take more than 30 seconds.
    proxy_read_timeout      300;
    proxy_connect_timeout   300;
    proxy_redirect          off;

    proxy_http_version 1.1;

    proxy_set_header    Host                $http_host;
    proxy_set_header    X-Real-IP           $remote_addr;
    proxy_set_header    X-Forwarded-Ssl     on;
    proxy_set_header    X-Forwarded-For     $proxy_add_x_forwarded_for;
    proxy_set_header    X-Forwarded-Proto   $scheme;

 proxy_pass http://ima/$1;
       }
 }
	SED=`which sed`
	CURRENT_DIR=`dirname $0`

	echo "What is the domain?"
	read DOMAIN

	# check the domain is valid!
	PATTERN="^(([a-zA-Z]\|[a-zA-Z][a-zA-Z0-9\-][a-zA-Z0-9])\.)([A-Za-z]\|[A-Za-z][A-Za-z0-9\-]*[A-Za-z0-9])$";
	if [[ "$DOMAIN" =~ $PATTERN ]]; then
	DOMAIN=`echo $DOMAIN \| tr '[A-Z]' '[a-z]'`
	echo "Creating hosting for:" $DOMAIN
	else
	echo "invalid domain name"
	exit 1
	fi

	echo "What is the public folder inside /var/www/$DOMAIN"
	read PUBLIC_FOLDER
	certbot certonly --standalone -d $DOMAIN --n
	CONFIG=$CURRENT_DIR/$DOMAIN
	sudo cp $CURRENT_DIR/template.stub $CONFIG
	sudo $SED -i "s/{{DOMAIN}}/$DOMAIN/g" $CONFIG
	sudo $SED -i "s/{{PUBLIC_FOLDER}}/$PUBLIC_FOLDER/g" $CONFIG
	server {
	listen 80;
	server_name {{DOMAIN}};

	# Redirect all traffic to SSL
	rewrite ^ https://$server_name$request_uri? permanent;
	}

	server {
	listen 443 ssl default_server;

	# enables SSLv3/TLSv1, but not SSLv2 which is weak and should no longer be used.
	ssl_protocols SSLv3 TLSv1.2;

	# disables all weak ciphers
	ssl_ciphers ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM;

	server_name {{DOMAIN}};

	## Access and error logs.
	access_log /var/log/nginx/access.log;
	error_log /var/log/nginx/error.log info;

	## Keep alive timeout set to a greater value for SSL/TLS.
	keepalive_timeout 75 75;

	## See the keepalive_timeout directive in nginx.conf.
	## Server certificate and key.
	ssl on;
	ssl_certificate /etc/letsencrypt/live/{{DOMAIN}}/fullchain.pem;
	ssl_certificate_key /etc/letsencrypt/live/{{DOMAIN}}/privkey.pem;

	ssl_session_timeout 5m;

	## Strict Transport Security header for enhanced security. See
	## http://www.chromium.org/sts. I've set it to 2 hours; set it to
	## whichever age you want.
	add_header Strict-Transport-Security "max-age=7200";
	location ~ /(.*)$ {
	# change this client_max_body_size 0;
	client_max_body_size 0;
	gzip off;

	## https://github.com/gitlabhq/gitlabhq/issues/694
	## Some requests take more than 30 seconds.
	proxy_read_timeout 300;
	proxy_connect_timeout 300;
	proxy_redirect off;

	proxy_http_version 1.1;

	proxy_set_header Host $http_host;
	proxy_set_header X-Real-IP $remote_addr;
	proxy_set_header X-Forwarded-Ssl on;
	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	proxy_set_header X-Forwarded-Proto $scheme;

	proxy_pass http://ima/$1;
	}
	}