vhost.sh 5.1 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168
  1. echo -e '\033[35m
  2. __ __
  3. _ __/ /_ ____ _____/ /_
  4. | | / / __ \/ __ \/ ___/ __/
  5. | |/ / / / / /_/ (__ ) /_
  6. |___/_/ /_/\____/____/\__/
  7. \033[0m'
  8. echo -e "\033[35;1mNginx VHOST install \033[0m"
  9. while [ "$vh" != "y" ] && [ "$vh" != "n" ]
  10. do
  11. echo -n "Should we install a vhost? [y|n] "
  12. read vh
  13. # vh=${vh:-y}
  14. done
  15. if [ "$vh" = "y" ]; then
  16. # get the current position
  17. _cwd="$(pwd)"
  18. # check for assets forlder
  19. _assets="$_cwd/assets"
  20. if [ ! -d "$_assets" ]; then
  21. _assets="$_cwd/../assets"
  22. if [ ! -d "$_assets" ]; then
  23. echo "!! can't find assets directory !!"
  24. exit
  25. fi
  26. fi
  27. _domain=""
  28. while [ "$_domain" = "" ]
  29. do
  30. read -p "enter a domain name ? " _domain
  31. if [ "$_domain" != "" ]; then
  32. read -p "is domain $_domain correcte [y|n] " validated
  33. if [ "$validated" = "y" ]; then
  34. break
  35. else
  36. _domain=""
  37. fi
  38. fi
  39. done
  40. # ask for simple php conf or drupal conf
  41. _drupal=""
  42. while [ "$_drupal" != "yes" ] && [ "$_drupal" != "no" ]
  43. do
  44. echo -n "Is your site is a drupal one? [yes|no] "
  45. read _drupal
  46. done
  47. # ask for let's encrypt
  48. _letsencrypt=""
  49. while [ "$_letsencrypt" != "yes" ] && [ "$_letsencrypt" != "no" ]
  50. do
  51. echo -e "\033[35;1mLet's encrypt \033[0m"
  52. echo "Let's encrypt needs a public registered domain name with proper DNS records ( A records or CNAME records for subdomains pointing to your server)."
  53. echo -n "Should we install let's encrypt certificate with $_domain? [yes|no] "
  54. read _letsencrypt
  55. done
  56. # lets'encrypt
  57. # https://certbot.eff.org/lets-encrypt/debianstretch-nginx
  58. if [ "$_letsencrypt" = "yes" ]; then
  59. apt-get --yes install certbot
  60. systemctl stop nginx
  61. certbot certonly --standalone -d "$_domain" --cert-name "$_domain"
  62. systemctl start nginx
  63. # TODO stop the whole process if letsencrypt faile
  64. mkdir -p /etc/nginx/ssl/certs/"$_domain"
  65. openssl dhparam -out /etc/nginx/ssl/certs/"$_domain"/dhparam.pem 2048
  66. # renewing
  67. touch /var/spool/cron/crontabs/root
  68. crontab -l > mycron
  69. echo "0 3 * * * certbot renew --pre-hook 'systemctl stop nginx' --post-hook 'systemctl start nginx' --cert-name $_domain" >> mycron
  70. crontab mycron
  71. rm mycron
  72. fi
  73. if [ "$_drupal" = "yes" ]; then
  74. if [ "$_letsencrypt" = "yes" ]; then
  75. _conffile="drupal-ssl.nginxconf"
  76. else
  77. _conffile="drupal.nginxconf"
  78. fi
  79. else
  80. if [ "$_letsencrypt" = "yes" ]; then
  81. _conffile="simple-phpfpm-ssl.nginxconf"
  82. else
  83. _conffile="simple-phpfpm.nginxconf"
  84. fi
  85. fi
  86. cp "$_assets/$_conffile" /etc/nginx/sites-available/"$_domain".conf
  87. sed -i -r "s/DOMAIN\.LTD/$_domain/g" /etc/nginx/sites-available/"$_domain".conf
  88. mkdir -p /var/www/"$_domain"/public_html
  89. mkdir /var/www/"$_domain"/log
  90. cp "$_assets/index.php" /var/www/"$_domain"/public_html/
  91. sed -i -r "s/DOMAIN\.LTD/$_domain/g" /var/www/"$_domain"/public_html/index.php
  92. #set proper right to user will handle the app
  93. chown -R root:admin /var/www/"$_domain"/
  94. chmod -R g+w /var/www/"$_domain"/
  95. chmod -R g+r /var/www/"$_domain"/
  96. #set fail2ban for vhost
  97. # https://stackoverflow.com/a/65552146
  98. cp "$_assets/fail2ban/jail.d/nginx-badbots.conf" "/etc/fail2ban/jail.d/nginx-badbots-$_domain.conf"
  99. sed -i -r "s/\[nginx-badbots\]/\[nginx-badbots-$_domain\]/g" "/etc/fail2ban/jail.d/nginx-badbots-$_domain.conf"
  100. sed -i -r "s/<FILTER>/\[nginx-badbots-$_domain\]/g" "/etc/fail2ban/jail.d/nginx-badbots-$_domain.conf"
  101. sed -i -r "s/<LOGPATH>/\/var\/www\/$_domain\/log\/error.log/g" "/etc/fail2ban/jail.d/nginx-badbots-$_domain.conf"
  102. cp "$_assets/fail2ban/filter.d/nginx-badbots.conf" "/etc/fail2ban/filter.d/nginx-badbots-$_domain.conf"
  103. sed -i -r "s/<HOST>/$_domain/g" "/etc/fail2ban/filter.d/nginx-badbots-$_domain.conf"
  104. # create a shortcut to the site
  105. echo -n "Should we install a shortcut for a user? [Y|n] "
  106. read yn
  107. yn=${yn:-y}
  108. if [ "$yn" = "Y" ] || [ "$yn" = "y" ]; then
  109. # if $user var does not exists (vhost.sh ran directly) ask for it
  110. user=""
  111. # if [ -z ${user+x} ]; then
  112. while [ "$user" = "" ]
  113. do
  114. read -p "enter an existing user name ? " user
  115. if [ "$user" != "" ]; then
  116. # check if user already exists
  117. if id "$user" >/dev/null 2>&1; then
  118. read -p "is user name $user correcte [y|n] " validated
  119. if [ "$validated" = "y" ]; then
  120. break
  121. else
  122. user=""
  123. fi
  124. else
  125. echo "user $user doesn't exists, you must provide an existing user"
  126. user=""
  127. fi
  128. fi
  129. done
  130. # fi
  131. echo "shortcut will be installed for '$user'";
  132. sleep 3
  133. mkdir /home/"$user"/www/
  134. chown "$user":admin /home/"$user"/www/
  135. ln -s /var/www/"$_domain" /home/"$user"/www/"$_domain"
  136. chown "$user":admin /home/"$user"/www/"$_domain"
  137. else
  138. echo 'no shortcut installed'
  139. fi
  140. # activate the vhost
  141. ln -s /etc/nginx/sites-available/"$_domain".conf /etc/nginx/sites-enabled/"$_domain".conf
  142. # restart nginx
  143. systemctl restart nginx
  144. echo -e "\033[92;1mvhost $_domain configured \033[Om"
  145. else
  146. echo "Vhost installation aborted"
  147. fi