* Now I can supply whatever backend I want
* Changed retrieve SSL certificate message * Place all certs in /etc/ssl * Added a new function cmd_exists to bootstrap.sh * Properly check for response code * Added Debug command line arguement * Refactor code
This commit is contained in:
parent
f25ed84a60
commit
97199fc9f5
10
bootstrap.sh
10
bootstrap.sh
|
@ -127,7 +127,7 @@ function run_cmd {
|
||||||
fi
|
fi
|
||||||
|
|
||||||
## Check if command exists on system
|
## Check if command exists on system
|
||||||
if ! command -v $1; then
|
if ! cmd_exists $1; then
|
||||||
err "$1: command not found"
|
err "$1: command not found"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
@ -154,3 +154,11 @@ function run_cmd {
|
||||||
|
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
function cmd_exists
|
||||||
|
{
|
||||||
|
if ! command -v $1 > /dev/null 2>&1; then
|
||||||
|
return 1
|
||||||
|
fi
|
||||||
|
return 0
|
||||||
|
}
|
131
createVhosts.sh
131
createVhosts.sh
|
@ -12,13 +12,17 @@ function usage
|
||||||
echo " Domain to use when creating vhost"
|
echo " Domain to use when creating vhost"
|
||||||
echo " --root /var/www/html"
|
echo " --root /var/www/html"
|
||||||
echo " Root directory of this vhost"
|
echo " Root directory of this vhost"
|
||||||
echo " --backend http://127.0.0.1"
|
echo " --backend http://127.0.0.1:80"
|
||||||
echo " Hostname of the backend server to pass traffic to"
|
echo " URI of the backend server"
|
||||||
echo " Note: Do not specify a port"
|
echo " Note: port must be specified"
|
||||||
echo " --listenip x.x.x.x"
|
echo " --listenip x.x.x.x"
|
||||||
echo " IP to bind to when listening"
|
echo " IP to bind to when listening"
|
||||||
echo " --desc x.x.x.x"
|
echo " --desc x.x.x.x"
|
||||||
echo " Description of VHosts"
|
echo " Description of VHosts"
|
||||||
|
echo " --denotredirect"
|
||||||
|
echo " Do not redirect HTTP to HTTPS"
|
||||||
|
echo " -d | --debug"
|
||||||
|
echo " Enable debug logging"
|
||||||
echo " -h | --help"
|
echo " -h | --help"
|
||||||
echo " Show this usage"
|
echo " Show this usage"
|
||||||
|
|
||||||
|
@ -32,28 +36,30 @@ function get_cert
|
||||||
if [ "$DEBUG" = "1" ]; then
|
if [ "$DEBUG" = "1" ]; then
|
||||||
_debug_arg="--debug"
|
_debug_arg="--debug"
|
||||||
fi
|
fi
|
||||||
/root/.acme.sh/acme.sh --issue --domain $_domain --webroot /srv/http-content-combined/ --cert-file /etc/nginx/ssl/${_domain}.crt --key-file /etc/nginx/ssl/${_domain}.key --fullchain-file /etc/nginx/ssl/${_domain}-fullchain.crt $_debug_arg
|
/root/.acme.sh/acme.sh --issue --domain $_domain --webroot /srv/http-content-combined/ --cert-file /etc/ssl/${_domain}.crt --key-file /etc/ssl/${_domain}.key --fullchain-file /etc/ssl/${_domain}-fullchain.crt $_debug_arg
|
||||||
return $?
|
return $?
|
||||||
}
|
}
|
||||||
|
|
||||||
function reload_nginx
|
function reload_nginx
|
||||||
{
|
{
|
||||||
echo -n "Reloading Nginx..."
|
echo -n "Reloading Nginx..."
|
||||||
if systemctl reload nginx; then
|
if systemctl reload nginx > /dev/null 2>&1; then
|
||||||
echo "Success"
|
echo "Success"
|
||||||
else
|
else
|
||||||
echo "Failed"
|
echo "Failed"
|
||||||
|
return 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Wait for nginx to reload
|
# Wait for nginx to reload
|
||||||
sleep 0.5
|
sleep 0.5
|
||||||
|
return 0
|
||||||
}
|
}
|
||||||
|
|
||||||
function clean_up
|
function clean_up
|
||||||
{
|
{
|
||||||
debug "Removing Nginx configuration and logs..."
|
debug "Removing Nginx configuration and logs..."
|
||||||
rm $_vhost_conf_file
|
rm $_vhost_conf_file
|
||||||
rm /var/log/nginx/$_domain.*
|
rm /var/log/nginx/$_domain.* > /dev/null 2>&1
|
||||||
reload_nginx
|
reload_nginx
|
||||||
err $1
|
err $1
|
||||||
}
|
}
|
||||||
|
@ -64,7 +70,7 @@ function verify_vhost
|
||||||
local verify_path=/srv/http-content-combined/.well-known/
|
local verify_path=/srv/http-content-combined/.well-known/
|
||||||
local verify_file_name=verify.$_domain.html
|
local verify_file_name=verify.$_domain.html
|
||||||
local verify_full_path=$verify_path$verify_file_name
|
local verify_full_path=$verify_path$verify_file_name
|
||||||
local http_resp
|
local http_code
|
||||||
|
|
||||||
if test -n "$_listenip"; then
|
if test -n "$_listenip"; then
|
||||||
target=$_listenip
|
target=$_listenip
|
||||||
|
@ -72,12 +78,13 @@ function verify_vhost
|
||||||
|
|
||||||
mkdir -p $verify_path
|
mkdir -p $verify_path
|
||||||
touch $verify_full_path
|
touch $verify_full_path
|
||||||
http_resp=$(curl -I -H "Host: $_domain" http://$target/.well-known/$verify_file_name 2> /dev/null | grep 'HTTP/1.1 200 OK')
|
http_code=$(curl -I -H "Host: $_domain" http://$target/.well-known/$verify_file_name 2> /dev/null | grep 'HTTP/1.1' | cut -d " " -f 2)
|
||||||
rm $verify_full_path
|
|
||||||
if test -z "$http_resp"; then
|
if [[ $http_code = '200' ]]; then
|
||||||
return 1
|
|
||||||
else
|
|
||||||
return 0
|
return 0
|
||||||
|
else
|
||||||
|
debug "Expected HTTP response code '200' but got '$http_code' instead!"
|
||||||
|
return 1
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -94,10 +101,15 @@ else
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
# check if we have the binaries we need to run
|
||||||
|
if ! cmd_exists curl; then
|
||||||
|
err "Missing dependency: curl. Please run 'dnf install -y curl'"
|
||||||
|
fi
|
||||||
|
|
||||||
# gain priviledges
|
# gain priviledges
|
||||||
become "$@"
|
become "$@"
|
||||||
|
|
||||||
OPTS=$(getopt -o h -l domain:,root:,backend:,listenip:,desc:,donotredirect -n 'createVhosts' -- "$@")
|
OPTS=$(getopt -o h,d -l domain:,root:,backend:,listenip:,desc:,donotredirect,debug -n 'createVhosts' -- "$@")
|
||||||
if [ "$?" -gt '0' ]; then
|
if [ "$?" -gt '0' ]; then
|
||||||
echo 'Failed to set command line arguments'
|
echo 'Failed to set command line arguments'
|
||||||
exit 1;
|
exit 1;
|
||||||
|
@ -110,6 +122,7 @@ _donotredirect=false
|
||||||
_root=""
|
_root=""
|
||||||
_backend=""
|
_backend=""
|
||||||
_listenip=""
|
_listenip=""
|
||||||
|
_debug=false
|
||||||
while true; do
|
while true; do
|
||||||
case "$1" in
|
case "$1" in
|
||||||
--domain )
|
--domain )
|
||||||
|
@ -129,6 +142,9 @@ while true; do
|
||||||
shift ;;
|
shift ;;
|
||||||
--donotredirect )
|
--donotredirect )
|
||||||
_donotredirect=true
|
_donotredirect=true
|
||||||
|
shift ;;
|
||||||
|
-d | --debug )
|
||||||
|
_debug=true
|
||||||
shift ;;
|
shift ;;
|
||||||
-h | --help ) usage; shift ;;
|
-h | --help ) usage; shift ;;
|
||||||
-- ) shift; break ;;
|
-- ) shift; break ;;
|
||||||
|
@ -136,6 +152,15 @@ while true; do
|
||||||
esac
|
esac
|
||||||
done
|
done
|
||||||
|
|
||||||
|
##
|
||||||
|
## Begin processing command line arguments
|
||||||
|
###########################################
|
||||||
|
|
||||||
|
# Enable debugging
|
||||||
|
if [[ $_debug = true ]]; then
|
||||||
|
DEBUG=1
|
||||||
|
fi
|
||||||
|
|
||||||
if [[ $_domain = false ]]; then
|
if [[ $_domain = false ]]; then
|
||||||
err "You must set domain"
|
err "You must set domain"
|
||||||
fi
|
fi
|
||||||
|
@ -156,41 +181,43 @@ _locationblock_http=""
|
||||||
_locationblock_https=""
|
_locationblock_https=""
|
||||||
if test -n "$_backend"; then
|
if test -n "$_backend"; then
|
||||||
echo "Verifying backend(s)..."
|
echo "Verifying backend(s)..."
|
||||||
_https_backend=$(echo $_backend | sed 's/http/https/')
|
if ! validate_host $_backend; then
|
||||||
if validate_host $_https_backend:443; then
|
|
||||||
|
|
||||||
#<<<<<<HEREDOC
|
|
||||||
_locationblock_https=$(cat <<- EOF
|
|
||||||
proxy_pass $_https_backend:443;
|
|
||||||
include proxy_params;
|
|
||||||
EOF
|
|
||||||
)
|
|
||||||
#<<<<<<HEREDOC
|
|
||||||
|
|
||||||
else
|
|
||||||
_check_host=failed
|
_check_host=failed
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Include backend for HTTP traffic if donotredirect is enabled
|
# Include backend for HTTP traffic if donotredirect is enabled
|
||||||
#
|
#
|
||||||
if [ "$_donotredirect" = "true" ]; then
|
if [ "$_donotredirect" = "true" ]; then
|
||||||
_http_backend=$(echo $_backend | sed 's/https/http/')
|
##Begin HEREDOC
|
||||||
if validate_host $_http_backend:80; then
|
|
||||||
|
|
||||||
#<<<<<<HEREDOC
|
|
||||||
_locationblock_http=$(cat <<- EOF
|
_locationblock_http=$(cat <<- EOF
|
||||||
proxy_pass $_http_backend:80;
|
proxy_pass $_backend;
|
||||||
include proxy_params;
|
include proxy_params;
|
||||||
EOF
|
EOF
|
||||||
)
|
)
|
||||||
#<<<<<<HEREDOC
|
##End HEREDOC
|
||||||
|
|
||||||
else
|
|
||||||
_check_host=failed
|
|
||||||
fi
|
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [ "$_check_host" = "failed" ]; then
|
if [ "$_check_host" = "success" ]; then
|
||||||
|
# Include backend for HTTP traffic if donotredirect is enabled
|
||||||
|
#
|
||||||
|
if [ "$_donotredirect" = "true" ]; then
|
||||||
|
##Begin HEREDOC
|
||||||
|
_locationblock_http=$(cat <<- EOF
|
||||||
|
proxy_pass $_backend;
|
||||||
|
include proxy_params;
|
||||||
|
EOF
|
||||||
|
)
|
||||||
|
##End HEREDOC
|
||||||
|
fi
|
||||||
|
|
||||||
|
##Begin HEREDOC
|
||||||
|
_locationblock_https=$(cat <<- EOF
|
||||||
|
proxy_pass $_backend;
|
||||||
|
include proxy_params;
|
||||||
|
EOF
|
||||||
|
)
|
||||||
|
##End HEREDOC
|
||||||
|
else
|
||||||
err "Invalid hostname: $_backend. Not resolvable!"
|
err "Invalid hostname: $_backend. Not resolvable!"
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
|
@ -208,14 +235,6 @@ if test -z "$_root" -a -z "$_backend"; then
|
||||||
err "You must specify either --root or --backend!"
|
err "You must specify either --root or --backend!"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
echo -n "Checking if /srv/http-content-combined/ exists?"
|
|
||||||
if ! test -d /srv/http-content-combined; then
|
|
||||||
echo " Creating..."
|
|
||||||
mkdir -p /srv/http-content-combined/
|
|
||||||
else
|
|
||||||
echo " Yes!"
|
|
||||||
fi
|
|
||||||
|
|
||||||
echo -n "Checking if we should redirect?"
|
echo -n "Checking if we should redirect?"
|
||||||
if [ "$_donotredirect" = "false" ]; then
|
if [ "$_donotredirect" = "false" ]; then
|
||||||
echo " Yes, enabling redirect!"
|
echo " Yes, enabling redirect!"
|
||||||
|
@ -224,6 +243,22 @@ else
|
||||||
echo " No!"
|
echo " No!"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
##
|
||||||
|
## End processing command line arguments
|
||||||
|
###########################################
|
||||||
|
|
||||||
|
##
|
||||||
|
## Begin issuing certificate
|
||||||
|
###########################################
|
||||||
|
|
||||||
|
echo -n "Checking if /srv/http-content-combined/ exists?"
|
||||||
|
if ! test -d /srv/http-content-combined; then
|
||||||
|
echo " Creating..."
|
||||||
|
mkdir -p /srv/http-content-combined/
|
||||||
|
else
|
||||||
|
echo " Yes!"
|
||||||
|
fi
|
||||||
|
|
||||||
_vhost_conf_file=/etc/nginx/conf.d/${_domain}.conf
|
_vhost_conf_file=/etc/nginx/conf.d/${_domain}.conf
|
||||||
|
|
||||||
echo -n "Checking if $_vhost_conf_file exists? "
|
echo -n "Checking if $_vhost_conf_file exists? "
|
||||||
|
@ -261,7 +296,9 @@ EOF
|
||||||
echo "Setting permissions on conf file..."
|
echo "Setting permissions on conf file..."
|
||||||
setfacl -m user:sysadmin:rw $_vhost_conf_file
|
setfacl -m user:sysadmin:rw $_vhost_conf_file
|
||||||
|
|
||||||
reload_nginx
|
if ! reload_nginx; then
|
||||||
|
clean_up "Failed to reload Nginx"
|
||||||
|
fi
|
||||||
|
|
||||||
echo "Verifying vhost..."
|
echo "Verifying vhost..."
|
||||||
if ! verify_vhost; then
|
if ! verify_vhost; then
|
||||||
|
@ -283,8 +320,8 @@ server {
|
||||||
error_log /var/log/nginx/${_domain}.error.log;
|
error_log /var/log/nginx/${_domain}.error.log;
|
||||||
access_log /var/log/nginx/${_domain}.access.log main;
|
access_log /var/log/nginx/${_domain}.access.log main;
|
||||||
|
|
||||||
ssl_certificate ssl/${_domain}-fullchain.crt;
|
ssl_certificate /etc/ssl/${_domain}-fullchain.crt;
|
||||||
ssl_certificate_key ssl/${_domain}.key;
|
ssl_certificate_key /etc/ssl/${_domain}.key;
|
||||||
|
|
||||||
location / {
|
location / {
|
||||||
${_locationblock_https}
|
${_locationblock_https}
|
||||||
|
|
Loading…
Reference in New Issue