scripts/createVhosts.sh

371 lines
8.2 KiB
Bash
Raw Permalink Normal View History

2021-03-17 16:10:32 -04:00
#!/bin/bash
2021-01-21 16:58:32 -05:00
#
# Create Vhosts on VPS3
#
2021-03-17 16:10:32 -04:00
#set -e
2021-01-21 16:58:32 -05:00
2021-02-17 11:24:46 -05:00
function usage
{
echo "Usage: ${0}"
echo " --domain domain.tld"
echo " Domain to use when creating vhost"
2021-02-17 11:24:46 -05:00
echo " --root /var/www/html"
echo " Root directory of this vhost"
echo " --backend http://127.0.0.1:80"
echo " URI of the backend server"
echo " Note: port must be specified"
echo " --listenip x.x.x.x"
echo " IP to bind to when listening"
echo " --desc x.x.x.x"
echo " Description of VHosts"
echo " --denotredirect"
echo " Do not redirect HTTP to HTTPS"
echo " --servicename"
echo " The Nginx server service name to use to reload"
2023-08-28 20:57:01 -04:00
echo " --confpath"
echo " The location of Nginx conf directory"
echo " --standalone"
echo " Instead of webroot, use acme.sh builtin server"
echo " --bindaddress"
echo " Listening address for acme.sh builtin server. Default is 0.0.0.0"
echo " --bindport"
echo " Listening port for acme.sh builtin server. Default is 8999"
echo " -d | --debug"
echo " Enable debug logging"
echo " -h | --help"
echo " Show this usage"
2021-01-21 16:58:32 -05:00
exit 0
}
function get_cert
{
2021-03-19 11:48:38 -04:00
# should we enable verbose
_debug_arg=""
if [ "$DEBUG" = "1" ]; then
_debug_arg="--debug"
fi
# set args for what mode acme.sh is going to run in
if [ "$_standalone" = true ]; then
_mode="--standalone --local-address $_bindaddress --httpport $_bindport"
else
_mode="--webroot $web_root"
fi
2023-06-07 07:29:13 -04:00
/root/.acme.sh/acme.sh --issue --domain "$_domain" $_mode --cert-file /etc/ssl/"${_domain}".crt --key-file /etc/ssl/"${_domain}".key --fullchain-file /etc/ssl/"${_domain}"-fullchain.crt --server letsencrypt $_debug_arg
return $?
2021-01-21 16:58:32 -05:00
}
2021-02-17 12:47:48 -05:00
function reload_nginx
{
echo -n "Reloading ${_servicename}..."
2021-11-09 09:08:20 -05:00
if systemctl reload "${_servicename}" > /dev/null 2>&1; then
echo "Success"
else
echo "Failed"
return 1
fi
# Wait for nginx to reload
sleep 0.5
return 0
}
2021-03-24 16:39:37 -04:00
function clean_up
{
debug "Removing Nginx configuration and logs..."
rm "$_vhost_conf_file" 2> /dev/null
2021-11-09 09:08:20 -05:00
rm /var/log/nginx/"$_domain".* > /dev/null 2>&1
2021-03-24 16:39:37 -04:00
reload_nginx
2021-11-09 09:08:20 -05:00
err "$1"
2021-03-24 16:39:37 -04:00
}
function verify_vhost
{
local target=127.0.0.1
local verify_path=$web_root/.well-known/
local verify_file_name=verify.$_domain.html
local verify_full_path=$verify_path$verify_file_name
local http_code
if test -n "$_listenip"; then
target=$_listenip
fi
mkdir -p $verify_path
touch $verify_full_path
2021-11-09 09:08:20 -05:00
http_code=$(curl -I -H "Host: $_domain" http://"$target"/.well-known/"$verify_file_name" 2> /dev/null | grep 'HTTP/1.1' | cut -d " " -f 2)
if [[ $http_code = '200' ]]; then
return 0
else
debug "Expected HTTP response code '200' but got '$http_code' instead!"
return 1
fi
}
## define varables
2021-01-21 16:58:32 -05:00
_cwd="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
_bootstrap=${_cwd}/bootstrap.sh
2021-03-17 16:10:32 -04:00
_bb_myname=$(basename "$0")
_bb_mypath=$(realpath $BASH_SOURCE)
web_root=/srv/www/webroot
2021-01-21 16:58:32 -05:00
# Init script
2021-11-09 09:08:20 -05:00
if test -f "$_bootstrap"; then
source "$_bootstrap" 2> /dev/null
2021-02-17 11:24:46 -05:00
else
echo "Unable to parse BOOTSTRAP: $_bootstrap"
exit 1
2021-01-21 16:58:32 -05:00
fi
# check if we have the binaries we need to run
if ! cmd_exists curl; then
err "Missing dependency: curl. Please run 'dnf install -y curl'"
fi
2021-03-17 17:59:23 -04:00
# gain priviledges
become "$@"
OPTS=$(getopt -o h,d -l domain:,root:,backend:,listenip:,desc:,donotredirect,servicename:,confpath:,standalone,bindaddress:,bindport:,debug -n 'createVhosts' -- "$@")
2021-01-21 16:58:32 -05:00
if [ "$?" -gt '0' ]; then
echo 'Failed to set command line arguments'
exit 1;
fi
eval set -- "$OPTS"
_domain=false
2021-03-17 17:47:19 -04:00
_donotredirect=false
2021-02-17 11:24:46 -05:00
_root=""
_backend=""
_listenip=""
_debug=false
_servicename=nginx
_confpath=/etc/nginx
_standalone=false
_bindaddress=0.0.0.0
_bindport=8999
2021-01-21 16:58:32 -05:00
while true; do
case "$1" in
--domain )
_domain=$2
shift ;;
2021-02-17 11:24:46 -05:00
--root )
_root=$2
shift ;;
--backend )
_backend=$2
2021-01-21 16:58:32 -05:00
shift ;;
--listenip )
_listenip=$2
shift ;;
--desc )
_desc=$2
shift ;;
2021-03-17 17:47:19 -04:00
--donotredirect )
_donotredirect=true
shift ;;
--servicename )
_servicename=$2
shift ;;
2021-11-09 09:08:20 -05:00
--confpath )
_confpath=$2
shift ;;
--standalone )
_standalone=true
shift ;;
--bindaddress )
_bindaddress=$2
shift ;;
--bindport )
_bindport=$2
shift ;;
-d | --debug )
_debug=true
2021-03-17 17:47:19 -04:00
shift ;;
2021-01-21 16:58:32 -05:00
-h | --help ) usage; shift ;;
-- ) shift; break ;;
* ) shift;;
esac
done
##
## Begin processing command line arguments
###########################################
# Enable debugging
if [[ $_debug = true ]]; then
DEBUG=1
fi
2021-01-21 16:58:32 -05:00
if [[ $_domain = false ]]; then
err "You must set domain"
fi
2021-02-17 11:24:46 -05:00
if test -n "$_root"; then
2021-11-11 17:13:39 -05:00
echo -n "Checking if $_root exists? "
2021-11-09 09:08:20 -05:00
if ! test -d "$_root"; then
2021-11-11 17:13:39 -05:00
echo "Creating..."
2021-11-09 09:08:20 -05:00
mkdir -p "$_root"
2021-03-17 16:10:32 -04:00
else
2021-11-11 17:13:39 -05:00
echo "Yes!"
2021-02-17 11:24:46 -05:00
fi
_rootpath="root $_root;"
fi
_check_host=failed
2021-03-17 17:47:19 -04:00
_locationblock_http=""
_locationblock_https=""
2021-02-17 11:24:46 -05:00
if test -n "$_backend"; then
2021-03-17 17:47:19 -04:00
echo "Verifying backend(s)..."
if validate_host "$_backend"; then
_check_host=success
fi
2021-03-17 17:47:19 -04:00
if [ "$_check_host" = "success" ]; then
# Include backend for HTTP traffic if donotredirect is enabled
#
if [ "$_donotredirect" = "true" ]; then
##Begin HEREDOC
_locationblock_http=$(cat <<- EOF
proxy_pass $_backend;
include proxy_params;
EOF
)
##End HEREDOC
2021-03-17 17:47:19 -04:00
fi
##Begin HEREDOC
_locationblock_https=$(cat <<- EOF
proxy_pass $_backend;
include proxy_params;
EOF
)
##End HEREDOC
else
2021-03-17 17:47:19 -04:00
err "Invalid hostname: $_backend. Not resolvable!"
fi
2021-02-17 11:24:46 -05:00
fi
if test -n "$_listenip"; then
2021-11-09 09:08:20 -05:00
if ! validate_ip "$_listenip"; then
2021-02-17 11:24:46 -05:00
err "Invalid IP: $_listenip"
fi
_listenip="$_listenip:"
else
warn "No listen ip specified, listening on all interfaces."
2021-01-21 16:58:32 -05:00
fi
2021-02-17 11:24:46 -05:00
if test -z "$_root" -a -z "$_backend"; then
err "You must specify either --root or --backend!"
2021-01-21 16:58:32 -05:00
fi
2021-11-11 17:13:39 -05:00
echo -n "Checking if we should redirect? "
2021-03-17 17:47:19 -04:00
if [ "$_donotredirect" = "false" ]; then
2021-11-11 17:13:39 -05:00
echo "Yes, enabling redirect!"
2021-03-17 17:47:19 -04:00
_locationblock_http=" return 302 https://${_domain}\$request_uri;"
else
2021-11-11 17:13:39 -05:00
echo "No!"
2021-03-17 17:47:19 -04:00
fi
2021-11-09 09:08:20 -05:00
echo -n "Checking if conf path '$_confpath' exists? "
if test -d "$_confpath"; then
echo "Yes!"
else
echo "No!"
clean_up "Conf path doesn't exists!"
2021-11-09 09:08:20 -05:00
fi
##
## End processing command line arguments
###########################################
##
## Begin issuing certificate
###########################################
echo -n "Checking if $web_root exists? "
if ! test -d $web_root; then
2021-11-11 17:13:39 -05:00
echo "Creating..."
mkdir -p $web_root
else
2021-11-11 17:13:39 -05:00
echo "Yes!"
fi
2021-11-09 09:08:20 -05:00
_vhost_conf_file=$_confpath/conf.d/${_domain}.conf
2021-02-17 12:47:48 -05:00
echo -n "Checking if $_vhost_conf_file exists? "
2021-11-09 09:08:20 -05:00
if test -f "$_vhost_conf_file"; then
2021-02-17 12:47:48 -05:00
echo "Removing!"
2021-11-09 09:08:20 -05:00
rm "$_vhost_conf_file"
2021-02-17 12:47:48 -05:00
else
echo "No!"
fi
2021-03-17 16:10:32 -04:00
echo "Creating Nginx configuration..."
2021-11-09 09:08:20 -05:00
cat << EOF > "$_vhost_conf_file"
2021-01-21 16:58:32 -05:00
#### Description
## Type: HTTP
## VHost: $_domain
## $_desc
server {
2021-02-17 11:24:46 -05:00
listen ${_listenip}80;
2021-01-21 16:58:32 -05:00
server_name $_domain;
2021-02-17 11:24:46 -05:00
2021-03-19 11:42:32 -04:00
error_log /var/log/nginx/${_domain}.error.log;
access_log /var/log/nginx/${_domain}.access.log main;
2021-01-21 16:58:32 -05:00
location /.well-known {
root $web_root;
2021-01-21 16:58:32 -05:00
autoindex on;
}
2021-02-17 11:24:46 -05:00
2021-01-21 16:58:32 -05:00
location / {
2021-03-17 17:47:19 -04:00
$_locationblock_http
2021-01-21 16:58:32 -05:00
}
}
2021-02-17 12:47:48 -05:00
EOF
echo "Setting permissions on conf file..."
2021-11-09 09:08:20 -05:00
setfacl -m user:sysadmin:rw "$_vhost_conf_file"
2021-02-17 12:47:48 -05:00
if ! reload_nginx; then
clean_up "Failed to reload Nginx"
fi
2021-02-17 12:47:48 -05:00
echo "Verifying vhost..."
if ! verify_vhost; then
2021-03-24 16:39:37 -04:00
clean_up "Failed to verify vhost"
fi
2021-11-08 16:54:54 -05:00
echo "Retrieving SSL Certificate..."
if ! get_cert; then
2021-03-24 16:39:37 -04:00
clean_up "Failed to retrieve certificate!"
fi
2021-02-17 12:47:48 -05:00
2021-11-09 09:08:20 -05:00
cat << EOF >> "$_vhost_conf_file"
2021-01-21 16:58:32 -05:00
server {
2021-02-17 11:24:46 -05:00
listen ${_listenip}443 http2 ssl;
2021-01-21 16:58:32 -05:00
server_name $_domain;
2021-02-17 11:24:46 -05:00
$_rootpath
2021-01-21 16:58:32 -05:00
error_log /var/log/nginx/${_domain}.error.log;
access_log /var/log/nginx/${_domain}.access.log main;
2021-02-17 11:24:46 -05:00
ssl_certificate /etc/ssl/${_domain}-fullchain.crt;
ssl_certificate_key /etc/ssl/${_domain}.key;
2021-02-17 11:24:46 -05:00
2021-01-21 16:58:32 -05:00
location / {
2021-03-17 17:47:19 -04:00
${_locationblock_https}
2021-01-21 16:58:32 -05:00
}
}
EOF
2021-02-17 12:47:48 -05:00
reload_nginx