bachir/debion-web-server
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

letsencrypt install + ssl nginx conf vhost

Browse Source
This commit is contained in:
Bachir Soussi Chiadmi
2018-04-06 19:15:20 +02:00
parent 10738b8897
commit 9677df40ab
7 changed files with 341 additions and 81 deletions
Download Patch File Download Diff File Expand all files Collapse all files

78
install-debian-server.sh
View File

@@ -433,44 +433,82 @@ if [ "$lemp" = "y" ]; then
done
if [ "$vh" = "y" ]; then
while [ "$_host_name" = "" ]
while [ "$_domain" = "" ]
do
read -p "enter a hostname ? " _host_name
if [ "$_host_name" != "" ]; then
read -p "is hostname $_host_name correcte [y|n] " validated
read -p "enter a hostname ? " _domain
if [ "$_domain" != "" ]; then
read -p "is hostname $_domain correcte [y|n] " validated
if [ "$validated" = "y" ]; then
break
else
_host_name=""
_domain=""
fi
fi
done
# TODO ask for simple php conf or drupal conf
# ask for simple php conf or drupal conf
while [ "$_drupal" != "yes" ] && [ "$_drupal" != "no" ]
do
echo -n "Is your site is a drupal one? [yes|no] "
read _drupal
done
# ask for let's encrypt
while [ "$_letsencrypt" != "yes" ] && [ "$_letsencrypt" != "no" ]
do
echo "Let's encrypt"
echo "Let's encrypt needs a public registered domain name with proper DNS records ( A records or CNAME records for subdomains pointing to your server)."
echo -n "Should we install let's encrypt certificate with $_domain? [yes|no] "
read _letsencrypt
done
cp "$_cwd"/assets/simple-phpfpm.nginxconf /etc/nginx/sites-available/"$_host_name".conf
sed -ir "s/yourdomain\.ltd/$_host_name/g" /etc/nginx/sites-available/"$_host_name".conf
# lets'encrypt
# https://certbot.eff.org/lets-encrypt/debianstretch-nginx
if [ "$_letsencrypt" = "yes" ]; then
apt-get install certbot
certbot certonly --cert-name "$_domain" --standalone d "$_domain"
openssl dhparam out /etc/nginx/dhparam.pem 2048
# TODO renewing
touch /var/spool/crontab/root
crontab -l > mycron
echo "0 3 * * * certbot renew --pre-hook 'systemctl stop nginx' --post-hook 'systemctl start nginx' --cert-name $_domain" >> mycron
crontab mycron
rm mycron
fi
mkdir -p /var/www/"$_host_name"/public_html
mkdir /var/www/"$_host_name"/logs
if [ "$_drupal" = "yes" ]; then
if [ "$_letsencrypt" = "yes" ]; then
_conffile = "drupal-ssl.nginxconf"
else
_conffile = "drupal.nginxconf"
fi
else
if [ "$_letsencrypt" = "yes" ]; then
_conffile = "simple-phpfpm-ssl.nginxconf"
else
_conffile = "simple-phpfpm.nginxconf"
fi
fi
cp "$_cwd"/assets/"$_conffile" /etc/nginx/sites-available/"$_domain".conf
sed -ir "s/DOMAIN\.LTD/$_domain/g" /etc/nginx/sites-available/"$_domain".conf
mkdir -p /var/www/"$_domain"/public_html
mkdir /var/www/"$_domain"/logs
#set proper right to user will handle the app
chown -R root:admin /var/www/"$_host_name"/
chmod -R g+w /var/www/"$_host_name"/
chmod -R g+r /var/www/"$_host_name"/
chown -R root:admin /var/www/"$_domain"/
chmod -R g+w /var/www/"$_domain"/
chmod -R g+r /var/www/"$_domain"/
# create a shortcut to the site
mkdir /home/"$user"/www/
chown "$user":admin /home/"$user"/www/
ln -s /var/www/"$_host_name" /home/"$user"/www/"$_host_name"
ln -s /var/www/"$_domain" /home/"$user"/www/"$_domain"
# activate the vhost
ln -s /etc/nginx/sites-available/"$_host_name".conf /etc/nginx/sites-enabled/"$_host_name".conf
# TODO : lets'encrypt
# https://certbot.eff.org/lets-encrypt/debianstretch-nginx
ln -s /etc/nginx/sites-available/"$_domain".conf /etc/nginx/sites-enabled/"$_domain".conf
# restart nginx
systemctl restart nginx
echo "\033[92;1mvhost $_host_name configured\033[Om"
echo "\033[92;1mvhost $_domain configured\033[Om"
else
echo "Vhost installation aborted"
fi
@@ -569,7 +607,7 @@ if [ "$lemp" = "y" ]; then
# # Configure AWStats
# temp=`grep -i sitedomain /etc/awstats/awstats.conf.local | wc -l`
# if [ $temp -lt 1 ]; then
# echo SiteDomain="$_host_name" >> /etc/awstats/awstats.conf.local
# echo SiteDomain="$_domain" >> /etc/awstats/awstats.conf.local
# fi
# # Disable Awstats from executing every 10 minutes. Put a hash in front of any line.
# sed -i 's/^[^#]/#&/' /etc/cron.d/awstats