#!/bin/bash # README # This script is specifically designed to work on Alpine Linux but # may work with other distributions by including a $HOME/.enable_sites.conf. # # See example .enable_sites.conf.example in this repo. # # This script will create a vhost under Nginx DEBUG=0 set -e [ $DEBUG -gt 1 ] && set -x function usage { echo -e "$0 domain.tld [disable-php|false] [enable-le]" } function cleanup { test -n "$DRY_RUN" && rm $VHOST_CONF_FILE } function reload_nginx { echo "${_DRY_RUN}Reloading Nginx" if [ -z "$DRY_RUN" ]; then nginx -t $NGINX_SVC_RESTART else echo "Skipping..." fi } # Init variables _conf=$HOME/.enable_site.conf _cwd="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" _bootstrap=${_cwd}/bootstrap.sh # Init script if test -f $_boostrap; then source $_bootstrap 2> /dev/null else echo "Unable to parse BOOTSTRAP: $_bootstrap" exit 1 fi test -f $_conf && source $_conf || debug "Unable to parse configuration: $_conf, using defaults" NGINX_USER=${NGINX_USER:-nginx} NGINX_DIR=${NGINX_DIR:-/etc/nginx} NGINX_CONF_D=$NGINX_DIR/conf.d NGINX_SVC_RESTART=${NGINX_SVC_RESTART:-rc-service nginx reload} NGINX_SSL_DIR=$NGINX_DIR/ssl VHOSTS_DIR=${VHOSTS_DIR:-/srv/vhosts} SSL_CRT=/etc/nginx/webserver.crt SSL_KEY=/etc/nginx/webserver.key if test -z "$1"; then usage exit 0 fi # VHOST dir _vhost_dir=$VHOSTS_DIR/$1/htdocs if [ -z "$DRY_RUN" ]; then # Check domain is a valid domain host $1 &> /dev/null || err "Invalid domain: $1" echo "Creating $_vhost_dir" mkdir -p $_vhost_dir else echo "DRY_RUN detected" _DRY_RUN="DRY_RUN: " echo "${_DRY_RUN}Creating $_vhost_dir" fi # Check if we should enable php [ "$2" != "true" ] && [ "$2" != "disable-php" ] && _enable_php='include php.conf;' echo "${_DRY_RUN}Creating NGINX configuration for $1" VHOST_CONF_FILE=$NGINX_CONF_D/$1.conf if [ -n "$DRY_RUN" ]; then VHOST_CONF_FILE=/tmp/$1.conf debug "${_DRY_RUN}Redirecting to $VHOST_CONF_FILE" fi # Set listen ip if provided test -n "$NGINX_LISTEN_IP" && _v_listen_ip="$NGINX_LISTEN_IP:" # set default listening port to 80 _v_listen=${_v_listen_ip}80 # Redirect plain-text to SSL if [ "$3" = "enable-le" ]; then # Change default listening port to 443 _v_listen="${_v_listen_ip}443 ssl" # set ssl configuration _v_ssl=$(cat << EOF ssl_certificate ssl/$1.pem; ssl_certificate_key ssl/$1.key; EOF ) # write the plain-text virtual host so # we authenticate with Let's encrypt and # redirect plain-text to SSL cat << EOF > $VHOST_CONF_FILE server { listen ${_v_listen_ip}80; server_name $1; root $_vhost_dir; location /.well-known { autoindex on; } location / { return 302 https://$1\$request_uri; } } EOF reload_nginx echo "${_DRY_RUN}Requesting a Let's Encrypt certificate" if [ -z "$DRY_RUN" ]; then certbot certonly --webroot --webroot-path=$_vhost_dir -d $1 fi _le_path=/etc/letsencrypt/live _le_crt="$_le_path/$1/fullchain.pem $NGINX_SSL_DIR/$1.pem" _le_key="$_le_path/$1/privkey.pem $NGINX_SSL_DIR/$1.key" echo "${_DRY_RUN}Creating symlink $_le_crt" [ -z "$DRY_RUN" ] && ln -s $_le_crt echo "${_DRY_RUN}Creating symlink $_le_key" [ -z "$DRY_RUN" ] && ln -s $_le_key fi cat << EOF >> $VHOST_CONF_FILE $rd server { listen $_v_listen; server_name $1; root $_vhost_dir; index index.php index.html index.html; error_log /var/log/nginx/$1.error.log; access_log /var/log/nginx/$1.access.log main; $_v_ssl location / { } $_enable_php } EOF if [ -n "$DRY_RUN" ]; then echo -e "${_DRY_RUN}I would have wrote this: \n" cat $VHOST_CONF_FILE fi reload_nginx echo "Success!" cleanup