242 lines
4.9 KiB
Bash
Executable File
242 lines
4.9 KiB
Bash
Executable File
#!/bin/bash
|
|
#
|
|
# Create Vhosts on VPS3
|
|
#
|
|
|
|
#set -e
|
|
|
|
function usage
|
|
{
|
|
echo "Usage: ${0}"
|
|
echo " --domain domain.tld"
|
|
echo " Domain to use when creating vhost"
|
|
echo " --root /var/www/html"
|
|
echo " Root directory of this vhost"
|
|
echo " --backend http://127.0.0.1"
|
|
echo " Hostname of the backend server to pass traffic to"
|
|
echo " Note: Do not specify a port"
|
|
echo " --listenip x.x.x.x"
|
|
echo " IP to bind to when listening"
|
|
echo " --desc x.x.x.x"
|
|
echo " Description of VHosts"
|
|
echo " -h | --help"
|
|
echo " Show this usage"
|
|
|
|
exit 0
|
|
}
|
|
|
|
function get_cert
|
|
{
|
|
/root/.acme.sh/acme.sh --issue --domain $_domain --webroot /srv/http-content-combined/ --cert-file /etc/nginx/ssl/${_domain}.crt --key-file /etc/nginx/ssl/${_domain}.key --fullchain-file /etc/nginx/ssl/${_domain}-fullchain.crt
|
|
}
|
|
|
|
function reload_nginx
|
|
{
|
|
systemctl reload nginx
|
|
}
|
|
|
|
_cwd="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
|
|
_bootstrap=${_cwd}/bootstrap.sh
|
|
_bb_myname=$(basename "$0")
|
|
_bb_mypath=$(realpath $BASH_SOURCE)
|
|
|
|
# Init script
|
|
if test -f $_bootstrap; then
|
|
source $_bootstrap 2> /dev/null
|
|
else
|
|
echo "Unable to parse BOOTSTRAP: $_bootstrap"
|
|
exit 1
|
|
fi
|
|
|
|
# gain priviledges
|
|
become "$@"
|
|
|
|
OPTS=$(getopt -o h -l domain:,root:,backend:,listenip:,desc:,donotredirect -n 'createVhosts' -- "$@")
|
|
if [ "$?" -gt '0' ]; then
|
|
echo 'Failed to set command line arguments'
|
|
exit 1;
|
|
fi
|
|
|
|
eval set -- "$OPTS"
|
|
|
|
_domain=false
|
|
_donotredirect=false
|
|
_root=""
|
|
_backend=""
|
|
_listenip=""
|
|
while true; do
|
|
case "$1" in
|
|
--domain )
|
|
_domain=$2
|
|
shift ;;
|
|
--root )
|
|
_root=$2
|
|
shift ;;
|
|
--backend )
|
|
_backend=$2
|
|
shift ;;
|
|
--listenip )
|
|
_listenip=$2
|
|
shift ;;
|
|
--desc )
|
|
_desc=$2
|
|
shift ;;
|
|
--donotredirect )
|
|
_donotredirect=true
|
|
shift ;;
|
|
-h | --help ) usage; shift ;;
|
|
-- ) shift; break ;;
|
|
* ) shift;;
|
|
esac
|
|
done
|
|
|
|
if [[ $_domain = false ]]; then
|
|
err "You must set domain"
|
|
fi
|
|
|
|
if test -n "$_root"; then
|
|
echo -n "Checking if $_root exists?"
|
|
if ! test -d $_root; then
|
|
echo " Creating..."
|
|
mkdir -p $_root
|
|
else
|
|
echo " Yes!"
|
|
fi
|
|
_rootpath="root $_root;"
|
|
fi
|
|
|
|
_check_host=success
|
|
_locationblock_http=""
|
|
_locationblock_https=""
|
|
if test -n "$_backend"; then
|
|
echo "Verifying backend(s)..."
|
|
_https_backend=$(echo $_backend | sed 's/http/https/')
|
|
if validate_host $_https_backend:443; then
|
|
|
|
#<<<<<<HEREDOC
|
|
_locationblock_https=$(cat <<- EOF
|
|
proxy_pass $_https_backend:443;
|
|
include proxy_params;
|
|
EOF
|
|
)
|
|
#<<<<<<HEREDOC
|
|
|
|
else
|
|
_check_host=failed
|
|
fi
|
|
|
|
# Include backend for HTTP traffic if donotredirect is enabled
|
|
#
|
|
if [ "$_donotredirect" = "true" ]; then
|
|
_http_backend=$(echo $_backend | sed 's/https/http/')
|
|
if validate_host $_http_backend:80; then
|
|
|
|
#<<<<<<HEREDOC
|
|
_locationblock_http=$(cat <<- EOF
|
|
proxy_pass $_http_backend:80;
|
|
include proxy_params;
|
|
EOF
|
|
)
|
|
#<<<<<<HEREDOC
|
|
|
|
else
|
|
_check_host=failed
|
|
fi
|
|
fi
|
|
|
|
if [ "$_check_host" = "failed" ]; then
|
|
err "Invalid hostname: $_backend. Not resolvable!"
|
|
fi
|
|
fi
|
|
|
|
if test -n "$_listenip"; then
|
|
if ! validate_ip $_listenip; then
|
|
err "Invalid IP: $_listenip"
|
|
fi
|
|
_listenip="$_listenip:"
|
|
else
|
|
warn "Listen ip not specified, listening on all interfaces."
|
|
fi
|
|
|
|
if test -z "$_root" -a -z "$_backend"; then
|
|
err "You must specify either --root or --backend!"
|
|
fi
|
|
|
|
echo -n "Checking if /srv/http-content-combined/ exists?"
|
|
if ! test -d /srv/http-content-combined; then
|
|
echo " Creating..."
|
|
mkdir -p /srv/http-content-combined/
|
|
else
|
|
echo " Yes!"
|
|
fi
|
|
|
|
echo -n "Checking if we should redirect?"
|
|
if [ "$_donotredirect" = "false" ]; then
|
|
echo " Yes, enabling redirect!"
|
|
_locationblock_http=" return 302 https://${_domain}\$request_uri;"
|
|
else
|
|
echo " No!"
|
|
fi
|
|
|
|
_vhost_conf_file=/etc/nginx/conf.d/${_domain}.conf
|
|
|
|
echo -n "Checking if $_vhost_conf_file exists? "
|
|
if test -f $_vhost_conf_file; then
|
|
echo "Removing!"
|
|
rm $_vhost_conf_file
|
|
else
|
|
echo "No!"
|
|
fi
|
|
|
|
echo "Creating Nginx configuration..."
|
|
cat << EOF > $_vhost_conf_file
|
|
#### Description
|
|
## Type: HTTP
|
|
## VHost: $_domain
|
|
## $_desc
|
|
server {
|
|
listen ${_listenip}80;
|
|
server_name $_domain;
|
|
|
|
location /.well-known {
|
|
root /srv/http-content-combined/;
|
|
autoindex on;
|
|
}
|
|
|
|
location / {
|
|
$_locationblock_http
|
|
}
|
|
}
|
|
EOF
|
|
|
|
echo "Setting permissions on conf file..."
|
|
setfacl -m user:sysadmin:rw $_vhost_conf_file
|
|
|
|
echo "Reloading Nginx..."
|
|
reload_nginx
|
|
|
|
echo "Retrieving Let's Encrypt Certificate..."
|
|
get_cert
|
|
|
|
cat << EOF >> $_vhost_conf_file
|
|
|
|
server {
|
|
listen ${_listenip}443 http2 ssl;
|
|
server_name $_domain;
|
|
$_rootpath
|
|
|
|
error_log /var/log/nginx/${_domain}.error.log;
|
|
access_log /var/log/nginx/${_domain}.access.log main;
|
|
|
|
ssl_certificate ssl/${_domain}-fullchain.crt;
|
|
ssl_certificate_key ssl/${_domain}.key;
|
|
|
|
location / {
|
|
${_locationblock_https}
|
|
}
|
|
}
|
|
EOF
|
|
|
|
echo "Reloading Nginx..."
|
|
reload_nginx
|