#!/bin/bash # # Create Vhosts on VPS3 # DEBUG=0 #set -e function usage { echo "Usage: ${0}" echo " --domain domain.tld" echo " Domain to use when creating vhost" echo " --root /var/www/html" echo " Root directory of this vhost" echo " --backend http://127.0.0.1:80" echo " Hostname of the backend server to pass traffic to" echo " --listenip x.x.x.x" echo " IP to bind to when listening" echo " --desc x.x.x.x" echo " Description of VHosts" echo " -h | --help" echo " Show this usage" exit 0 } function get_cert { /root/.acme.sh/acme.sh --issue --domain $_domain --webroot /srv/http-content-combined/ --cert-file /etc/nginx/ssl/${_domain}.crt --key-file /etc/nginx/ssl/${_domain}.key --fullchain-file /etc/nginx/ssl/${_domain}-fullchain.crt return $? } function reload_nginx { systemctl reload nginx } _cwd="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" _bootstrap=${_cwd}/bootstrap.sh _bb_myname=$(basename "$0") _bb_mypath=$(realpath $BASH_SOURCE) # Init script if test -f $_bootstrap; then source $_bootstrap 2> /dev/null else echo "Unable to parse BOOTSTRAP: $_bootstrap" exit 1 fi # gain priviledges become "$@" OPTS=$(getopt -o h -l domain:,root:,backend:,listenip:,desc: -n 'createVhosts' -- "$@") if [ "$?" -gt '0' ]; then echo 'Failed to set command line arguments' exit 1; fi eval set -- "$OPTS" _domain=false _root="" _backend="" _listenip="" while true; do case "$1" in --domain ) _domain=$2 shift ;; --root ) _root=$2 shift ;; --backend ) _backend=$2 shift ;; --listenip ) _listenip=$2 shift ;; --desc ) _desc=$2 shift ;; -h | --help ) usage; shift ;; -- ) shift; break ;; * ) shift;; esac done if [[ $_domain = false ]]; then err "You must set domain" fi echo -n "Checking if $_root exists?" if test -n "$_root"; then if ! test -d $_root; then echo " Creating..." mkdir -p $_root else echo " Yes!" fi _rootpath="root $_root;" fi if test -n "$_backend"; then echo "Verifying backend..." if ! validate_host $_backend; then err "Invalid hostname: $_backend. Not resolvable!" fi _locationblock=$(cat <<- EOF proxy_pass $_backend; include proxy_params; EOF ) fi if test -n "$_listenip"; then if ! validate_ip $_listenip; then err "Invalid IP: $_listenip" fi _listenip="$_listenip:" else warn "Listen ip not specified, listening on all interfaces." fi if test -z "$_root" -a -z "$_backend"; then err "You must specify either --root or --backend!" fi echo -n "Checking if /srv/http-content-combined/ exists?" if ! test -d /srv/http-content-combined; then echo " Creating..." mkdir -p /srv/http-content-combined/ else echo " Yes!" fi _vhost_conf_file=/etc/nginx/conf.d/${_domain}.conf echo -n "Checking if $_vhost_conf_file exists? " if test -f $_vhost_conf_file; then echo "Removing!" rm $_vhost_conf_file else echo "No!" fi echo "Creating Nginx configuration..." cat << EOF > $_vhost_conf_file #### Description ## Type: HTTP ## VHost: $_domain ## $_desc server { listen ${_listenip}80; server_name $_domain; location /.well-known { root /srv/http-content-combined/; autoindex on; } location / { return 302 https://${_domain}\$request_uri; } } EOF echo "Setting permissions on conf file..." setfacl -m user:sysadmin:rw $_vhost_conf_file echo "Reloading Nginx..." reload_nginx echo "Retrieving Let's Encrypt Certificate..." if ! get_cert; then rm $_vhost_conf_file reload_nginx err "Failed to retrieve certificate!" fi cat << EOF >> $_vhost_conf_file server { listen ${_listenip}443 http2 ssl; server_name $_domain; $_rootpath error_log /var/log/nginx/${_domain}.error.log; access_log /var/log/nginx/${_domain}.access.log main; ssl_certificate ssl/${_domain}-fullchain.crt; ssl_certificate_key ssl/${_domain}.key; location / { ${_locationblock} } } EOF echo "Reloading Nginx..." reload_nginx