144 lines
3.1 KiB
Bash
144 lines
3.1 KiB
Bash
|
#!/usr/bin/env bash
|
||
|
#
|
||
|
# Create Vhosts on VPS3
|
||
|
#
|
||
|
DEBUG=0
|
||
|
|
||
|
set -e
|
||
|
|
||
|
function usage
|
||
|
{
|
||
|
echo "Usage: ${0}"
|
||
|
echo " --domain domain.tld"
|
||
|
echo " Domain to use when creating vhost"
|
||
|
echo " --proxypass x.x.x.x"
|
||
|
echo " IP of the backend server to pass traffic to"
|
||
|
echo " --listenip x.x.x.x"
|
||
|
echo " IP to bind to when listening"
|
||
|
echo " --desc x.x.x.x"
|
||
|
echo " Description of VHosts"
|
||
|
echo " -h | --help"
|
||
|
echo " Show this usage"
|
||
|
|
||
|
exit 0
|
||
|
}
|
||
|
|
||
|
function stop_nginx
|
||
|
{
|
||
|
systemctl stop nginx
|
||
|
}
|
||
|
|
||
|
function start_nginx
|
||
|
{
|
||
|
systemctl start nginx
|
||
|
}
|
||
|
|
||
|
function get_cert
|
||
|
{
|
||
|
/root/.acme.sh/acme.sh --issue --domain $_domain --standalone --cert-file /etc/nginx/ssl/${_domain}.crt --key-file /etc/nginx/ssl/${_domain}.key --fullchain-file /etc/nginx/ssl/${_domain}-fullchain.crt
|
||
|
}
|
||
|
|
||
|
_cwd="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
|
||
|
_bootstrap=${_cwd}/bootstrap.sh
|
||
|
|
||
|
# Init script
|
||
|
if test -f $_bootstrap; then
|
||
|
source $_bootstrap 2> /dev/null
|
||
|
else
|
||
|
echo "Unable to parse BOOTSTRAP: $_bootstrap"
|
||
|
exit 1
|
||
|
fi
|
||
|
|
||
|
OPTS=$(getopt -o h -l domain:,proxypass:,listenip:,desc: -n 'createVhosts' -- "$@")
|
||
|
if [ "$?" -gt '0' ]; then
|
||
|
echo 'Failed to set command line arguments'
|
||
|
exit 1;
|
||
|
fi
|
||
|
|
||
|
eval set -- "$OPTS"
|
||
|
|
||
|
_domain=false
|
||
|
_proxyip=false
|
||
|
_listenip=false
|
||
|
while true; do
|
||
|
case "$1" in
|
||
|
--domain )
|
||
|
_domain=$2
|
||
|
shift ;;
|
||
|
--proxypass )
|
||
|
_proxyip=$2
|
||
|
shift ;;
|
||
|
--listenip )
|
||
|
_listenip=$2
|
||
|
shift ;;
|
||
|
--desc )
|
||
|
_desc=$2
|
||
|
shift ;;
|
||
|
-h | --help ) usage; shift ;;
|
||
|
-- ) shift; break ;;
|
||
|
* ) shift;;
|
||
|
esac
|
||
|
done
|
||
|
|
||
|
if [[ $_domain = false ]]; then
|
||
|
err "You must set domain"
|
||
|
fi
|
||
|
|
||
|
if [[ $_proxyip = false ]]; then
|
||
|
err "You must set the proxy pass IP"
|
||
|
fi
|
||
|
|
||
|
if [[ $_listenip = false ]]; then
|
||
|
err "You must set listen ip"
|
||
|
fi
|
||
|
|
||
|
echo "Creating Nginx Vhosts..."
|
||
|
_vhost_conf_file=/etc/nginx/conf.d/${_domain}.conf
|
||
|
|
||
|
cat << EOF > $_vhost_conf_file
|
||
|
#### Description
|
||
|
## Type: HTTP
|
||
|
## VHost: $_domain
|
||
|
## $_desc
|
||
|
server {
|
||
|
listen ${_listenip}:80;
|
||
|
server_name $_domain;
|
||
|
|
||
|
location /.well-known {
|
||
|
autoindex on;
|
||
|
}
|
||
|
|
||
|
location / {
|
||
|
return 302 https://${_domain}\$request_uri;
|
||
|
}
|
||
|
}
|
||
|
|
||
|
server {
|
||
|
listen ${_listenip}:443 http2 ssl;
|
||
|
server_name $_domain;
|
||
|
|
||
|
error_log /var/log/nginx/${_domain}.error.log;
|
||
|
access_log /var/log/nginx/${_domain}.access.log main;
|
||
|
|
||
|
ssl_certificate ssl/${_domain}-fullchain.crt;
|
||
|
ssl_certificate_key ssl/${_domain}.key;
|
||
|
|
||
|
location / {
|
||
|
proxy_pass https://${_proxyip}:443;
|
||
|
include proxy_params;
|
||
|
}
|
||
|
}
|
||
|
EOF
|
||
|
|
||
|
echo "Setting permissions on conf file..."
|
||
|
setfacl -m user:sysadmin:rw $_vhost_conf_file
|
||
|
|
||
|
echo "Stopping Nginx..."
|
||
|
stop_nginx
|
||
|
|
||
|
echo "Retrieving Let's Encrypt Certificate..."
|
||
|
get_cert
|
||
|
|
||
|
echo "Starting Nginx..."
|
||
|
start_nginx
|