#!/bin/bash # # Create Vhosts on VPS3 # #set -e function usage { echo "Usage: ${0}" echo " --domain domain.tld" echo " Domain to use when creating vhost" echo " --root /var/www/html" echo " Root directory of this vhost" echo " --backend http://127.0.0.1" echo " Hostname of the backend server to pass traffic to" echo " Note: Do not specify a port" echo " --listenip x.x.x.x" echo " IP to bind to when listening" echo " --desc x.x.x.x" echo " Description of VHosts" echo " -h | --help" echo " Show this usage" exit 0 } function get_cert { # should we enable verbose _debug_arg="" if [ "$DEBUG" = "1" ]; then _debug_arg="--debug" fi /root/.acme.sh/acme.sh --issue --domain $_domain --webroot /srv/http-content-combined/ --cert-file /etc/nginx/ssl/${_domain}.crt --key-file /etc/nginx/ssl/${_domain}.key --fullchain-file /etc/nginx/ssl/${_domain}-fullchain.crt $_debug_arg return $? } function reload_nginx { echo -n "Reloading Nginx..." if systemctl reload nginx; then echo "Success" else echo "Failed" fi # Wait for nginx to reload sleep 0.5 } function clean_up { debug "Removing Nginx configuration and logs..." rm $_vhost_conf_file rm /var/log/nginx/$_domain.* reload_nginx err $1 } function verify_vhost { local target=127.0.0.1 local verify_path=/srv/http-content-combined/.well-known/ local verify_file_name=verify.$_domain.html local verify_full_path=$verify_path$verify_file_name local http_resp if test -n "$_listenip"; then target=$_listenip fi mkdir -p $verify_path touch $verify_full_path http_resp=$(curl -I -H "Host: $_domain" http://$target/.well-known/$verify_file_name 2> /dev/null | grep 'HTTP/1.1 200 OK') rm $verify_full_path if test -z "$http_resp"; then return 1 else return 0 fi } _cwd="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" _bootstrap=${_cwd}/bootstrap.sh _bb_myname=$(basename "$0") _bb_mypath=$(realpath $BASH_SOURCE) # Init script if test -f $_bootstrap; then source $_bootstrap 2> /dev/null else echo "Unable to parse BOOTSTRAP: $_bootstrap" exit 1 fi # gain priviledges become "$@" OPTS=$(getopt -o h -l domain:,root:,backend:,listenip:,desc:,donotredirect -n 'createVhosts' -- "$@") if [ "$?" -gt '0' ]; then echo 'Failed to set command line arguments' exit 1; fi eval set -- "$OPTS" _domain=false _donotredirect=false _root="" _backend="" _listenip="" while true; do case "$1" in --domain ) _domain=$2 shift ;; --root ) _root=$2 shift ;; --backend ) _backend=$2 shift ;; --listenip ) _listenip=$2 shift ;; --desc ) _desc=$2 shift ;; --donotredirect ) _donotredirect=true shift ;; -h | --help ) usage; shift ;; -- ) shift; break ;; * ) shift;; esac done if [[ $_domain = false ]]; then err "You must set domain" fi if test -n "$_root"; then echo -n "Checking if $_root exists?" if ! test -d $_root; then echo " Creating..." mkdir -p $_root else echo " Yes!" fi _rootpath="root $_root;" fi _check_host=success _locationblock_http="" _locationblock_https="" if test -n "$_backend"; then echo "Verifying backend(s)..." _https_backend=$(echo $_backend | sed 's/http/https/') if validate_host $_https_backend:443; then #<<<<< $_vhost_conf_file #### Description ## Type: HTTP ## VHost: $_domain ## $_desc server { listen ${_listenip}80; server_name $_domain; error_log /var/log/nginx/${_domain}.error.log; access_log /var/log/nginx/${_domain}.access.log main; location /.well-known { root /srv/http-content-combined/; autoindex on; } location / { $_locationblock_http } } EOF echo "Setting permissions on conf file..." setfacl -m user:sysadmin:rw $_vhost_conf_file reload_nginx echo "Verifying vhost..." if ! verify_vhost; then clean_up "Failed to verify vhost" fi echo "Retrieving SSL Certificate..." if ! get_cert; then clean_up "Failed to retrieve certificate!" fi cat << EOF >> $_vhost_conf_file server { listen ${_listenip}443 http2 ssl; server_name $_domain; $_rootpath error_log /var/log/nginx/${_domain}.error.log; access_log /var/log/nginx/${_domain}.access.log main; ssl_certificate ssl/${_domain}-fullchain.crt; ssl_certificate_key ssl/${_domain}.key; location / { ${_locationblock_https} } } EOF reload_nginx