Skip to content

Instantly share code, notes, and snippets.

@AliKhadivi

AliKhadivi/nginx-config-proxy.sh

Last active April 30, 2024 17:09
Show Gist options
  • Save AliKhadivi/f8fdb21fa7039c90a1711bc36e59577d to your computer and use it in GitHub Desktop.
Save AliKhadivi/f8fdb21fa7039c90a1711bc36e59577d to your computer and use it in GitHub Desktop.
Download ZIP
Raw
nginx-config-proxy.sh
#!/bin/bash
# ----------------------------------
# Colors
# ----------------------------------
NC='\033[0m'
RED='\033[0;31m'
GREEN='\033[0;32m'
ORANGE='\033[0;33m'
BLUE='\033[0;34m'
PURPLE='\033[0;35m'
CYAN='\033[0;36m'
LIGHTGRAY='\033[0;37m'
DARKGRAY='\033[1;30m'
LIGHTRED='\033[1;31m'
LIGHTGREEN='\033[1;32m'
YELLOW='\033[1;33m'
LIGHTBLUE='\033[1;34m'
LIGHTPURPLE='\033[1;35m'
LIGHTCYAN='\033[1;36m'
WHITE='\033[1;37m'
LINE="${YELLOW}|${NC}"
ARROW="${CYAN}->${NC}"
echo -e "${LINE}${ORANGE} ----------------------------------------------- ${NC}${LINE}"
echo -e "${LINE}${ORANGE} ${GREEN}Welcome to Jalgo Nginx config creator${NC} ${NC}${LINE}"
echo -e "${LINE}${ORANGE} ${BLUE}Version:${NC} ${CYAN}3.1.1${NC} ${NC}${LINE}"
echo -e "${LINE}${ORANGE} ${PURPLE}POWERED BY JALGO.IR ( Ali Khadivi )${NC} ${NC}${LINE}"
echo -e "${LINE}${ORANGE} ----------------------------------------------- ${NC}${LINE}"
echo ""
echo -e " ${PURPLE}Lets GO${NC} ${ARROW}"
echo ""
if [[ "$EUID" -ne 0 ]]; then
echo -e "${RED}Please run as root${NC}"
exit 1
fi
if ! [ -x "$(command -v nginx)" ]; then
echo -e "${RED}Nginx is not installed!${NC}"
echo -e "${BLUE}Use this command for install Nginx:${NC}"
echo "sudo apt update && sudo apt install nginx -y"
exit 1
fi
# Define the main directory
MAIN_DIR="/etc/cert-manager/"
DHPARAM_FILE="${MAIN_DIR}ssl-dhparams.pem"
OPTIONS_FILE="${MAIN_DIR}options-ssl-nginx.conf"
check_certbot() {
if ! [ -x "$(command -v certbot)" ]; then
echo -e "${RED}Certbot is not installed!${NC}"
echo -e "${BLUE}Use this command for install Certbot:${NC}"
echo "sudo snap install certbot --classic"
exit 1
fi
}
# Define a function to display the help message
display_help() {
echo -e "${YELLOW}Usage:${NC} $0 ${GREEN}-d|--domain <domain>${NC} ${GREEN}-t|--type <config_type (proxy/static/redirect)>${NC} ${ORANGE}[--www]${NC} ${ORANGE}[-s|--ssl <ssl_type (none/auto/lcustom/custom/cert-manager)>]${NC} ${ORANGE}[-P|--ssl-private-key <file>]${NC} ${ORANGE}[-C|--ssl-certificate <file>]${NC} ${ORANGE}[-D|--ssl-domain <domain>]${NC} ${ORANGE}[-u|--url <redirect-url>]${NC} ${ORANGE}[-i|--ip <proxy_ip>]${NC} ${ORANGE}[-p|--port <proxy_port>]${NC} ${BLUE}[--init]${NC} ${BLUE}[-h|--help]${NC}"
echo ""
echo -e "${YELLOW}Options:${NC}"
echo -e " ${GREEN}-d, --domain <domain>${NC} Specify the main domain for the Nginx configuration."
echo -e " ${GREEN}-t, --type <config_type>${NC} Specify the type of configuration (proxy/static/redirect)."
echo -e " ${ORANGE}--www${NC} Include this flag to enable www subdomain setup."
echo -e " ${ORANGE}-s, --ssl <ssl_type>${NC} Specify the SSL type (none/auto/lcustom/custom/cert-manager)."
echo -e " ${ORANGE}-P, --ssl-private-key <file>${NC} Specify the file path to the SSL private key."
echo -e " ${ORANGE}-C, --ssl-certificate <file>${NC} Specify the file path to the SSL certificate."
echo -e " ${ORANGE}-D, --ssl-domain <domain>${NC} Specify a custom SSL domain (used with 'lcustom' or 'cert-manager' SSL type)."
echo -e " ${ORANGE}-u, --url <redirect-url>${NC} Specify the URL for redirection (used with 'redirect' config type)."
echo -e " ${ORANGE}-i, --ip <proxy_ip>${NC} Specify the reverse proxy IP (used with 'proxy' config type)."
echo -e " ${ORANGE}-p, --port <proxy_port>${NC} Specify the reverse proxy port (used with 'proxy' config type)."
echo -e " ${BLUE}--init <dhparam-size>${NC} Initialaize. (Default size: 2048)"
echo -e " ${BLUE}-h, --help${NC} Display this help message and exit."
echo ""
echo -e "${YELLOW}Example usages:${NC}"
echo " $0 --init"
echo " $0 -d example.com -t proxy --www -s auto -i 127.0.0.1 -p 8080"
echo " $0 -d mywebsite.com -t static"
echo " $0 -d example.com -t redirect -u https://newdomain.com"
echo " $0 -d example.com -t proxy -s lcustom -D customdomain.com -i 192.168.1.100 -p 8888"
}
setup_check() {
# Check if the main directory exists, and if not, create it
if [ ! -d "$MAIN_DIR" ]; then
echo -e " ${RED}You must initialize the program with the --init parameter before using it.${NC}"
echo -e " ${BLUE}Please Run this command:${NC}"
echo -e "$0 --init"
exit 1
fi
# Check if the dhparam file exists, and if not, generate it
if [ ! -f "$DHPARAM_FILE" ]; then
echo -e " ${RED}You must initialize the program with the --init parameter before using it.${NC}"
echo -e " ${BLUE}Please Run this command:${NC}"
echo -e "$0 --init"
exit 1
fi
# Check if the options file exists, and if not, create it
if [ ! -f "$OPTIONS_FILE" ]; then
echo -e " ${RED}You must initialize the program with the --init parameter before using it.${NC}"
echo -e " ${BLUE}Please Run this command:${NC}"
echo -e "$0 --init"
exit 1
fi
echo -e " ${GREEN}Program initialize detected.${NC}"
}
setup_configs() {
# Define the main directory
MAIN_DIR="/etc/cert-manager/"
DHPARAM_FILE="${MAIN_DIR}ssl-dhparams.pem"
OPTIONS_FILE="${MAIN_DIR}options-ssl-nginx.conf"
# Check if the main directory exists, and if not, create it
if [ ! -d "$MAIN_DIR" ]; then
echo -e "${ARROW} ${LIGHTGREEN}Creating${NC} ${MAIN_DIR}..."
sudo mkdir -p "$MAIN_DIR"
echo -e "${LIGHTGREEN}Certificate Manager directory created.${NC}"
fi
# Check if the dhparam file exists, and if not, generate it
if [ ! -f "$DHPARAM_FILE" ]; then
echo -e "${ARROW} ${LIGHTGREEN}Generating${NC} ${DHPARAM_FILE}..."
openssl dhparam -out "$DHPARAM_FILE" ${dhparam_size:-2048}
echo -e "${LIGHTGREEN}DHParam file generated.${NC}"
fi
# Check if the options file exists, and if not, create it
if [ ! -f "$OPTIONS_FILE" ]; then
echo -e "${ARROW} ${LIGHTGREEN}Creating${NC} ${OPTIONS_FILE}..."
cat <<EOL > "$OPTIONS_FILE"
ssl_session_cache shared:le_nginx_SSL:10m;
ssl_session_timeout 1440m;
ssl_session_tickets off;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers off;
ssl_ciphers "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384";
ssl_dhparam $DHPARAM_FILE;
EOL
echo -e "${LIGHTGREEN}Options file created.${NC}"
fi
echo -e "${ARROW} ${LIGHTGREEN}Setup completed.${NC}"
}
# Default Params
ip=127.0.0.1
port=8080
config_type=static
ssl_type=none
dhparam_size=2048
while [[ $# -gt 0 ]]; do
key="$1"
case $key in
-d|--domain)
maindomain="$2"
shift # past argument
shift # past value
;;
-t|--type)
config_type="$2"
shift # past argument
shift # past value
;;
--www)
www="yes"
shift # past argument
;;
-s|--ssl)
ssl_type="$2"
shift # past argument
shift # past value
;;
-P|--ssl-private-key)
ssl_certificate_key="$2"
shift # past argument
shift # past value
;;
-C|--ssl-certificate)
ssl_certificate="$2"
shift # past argument
shift # past value
;;
-D|--cert-manager)
ssl_domain="$2"
shift # past argument
shift # past value
;;
-u|--url)
redirect_path="$2"
shift # past argument
shift # past value
;;
-i|--ip)
ip="$2"
shift # past argument
shift # past value
;;
-p|--port)
port="$2"
shift # past argument
shift # past value
;;
--init)
dhparam_size="$2"
setup_configs
exit 0
;;
-h|--help)
display_help
exit 0
;;
*)
# unknown option
echo -e "${RED}Unknown option:${NC} ${1}"
exit 1
;;
esac
done
setup_check
if [ -z "$maindomain" ]; then
display_help
exit 1
fi
if [[ ${www,,} == "yes" ]]; then
server_name="${maindomain} www.${maindomain}"
certbot="-d ${maindomain} -d www.${maindomain}"
else
server_name="${maindomain}"
certbot="-d ${maindomain}"
fi
if [[ ${config_type,,} == "proxy" ]]; then
ip=${ip:-127.0.0.1}
config_data="${BLUE}Reverse proxy address:${NC} ${CYAN}http://${ip}:${port}${NC}"
location_config=$( echo << EOF "
proxy_pass http://${ip:-127.0.0.1}:$port;
proxy_set_header Host \$host;
proxy_set_header Upgrade \$http_upgrade;
proxy_set_header X-Real-IP \$remote_addr;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Port 443;
### Optional options
#proxy_set_header Proxy "";
#proxy_http_version 1.1;
#proxy_buffering off;
#proxy_read_timeout 90;
#proxy_connect_timeout 90;
#proxy_redirect off;"
EOF
)
elif [[ ${config_type,,} == "static" ]]; then
if ! [[ -x $root_path ]]; then root_path="/var/www/$maindomain/"; fi
config_data="${BLUE}location of directory:${NC} ${CYAN}${root_path}${NC}"
root_config="root $root_path;"
index_config="index index.html index.htm;"
mkdir -p $root_path
location_config=$( echo << EOF "
try_files \$uri \$uri/ =404;"
EOF
)
elif [[ ${config_type,,} == "redirect" ]]; then
config_data="${BLUE}Url for redirect:${NC} ${CYAN}${redirect_path}${NC}"
location_config=$( echo << EOF "
return 301 ${redirect_path};"
EOF
)
else
echo -e "${RED}Bad input! Invalid config type:${NC} ${config_type,,}"
exit 1
fi
if [[ ${ssl_type,,} == "auto" ]]; then
check_certbot
ssl_data="${BLUE}SSL Type:${NC} ${CYAN}Automatic (Authomatic get ssl with certbot)${NC}"
down_config=$( echo << EOF "
listen 80;
listen [::]:80;
}"
EOF
)
elif [[ ${ssl_type,,} == "none" ]]; then
ssl_data="${BLUE}SSL Type:${NC} ${CYAN}None${NC}"
down_config=$( echo << EOF "
listen 80;
listen [::]:80;
}"
EOF
)
elif [[ ${ssl_type,,} == "cert-manager" ]]; then
if [ -z "$ssl_domain" ]; then
ssl_domain="$(echo "$maindomain" | rev | cut -d'.' -f1,2 | rev)"
fi
ssl_certificate="/etc/cert-manager/certs.d/${ssl_domain}/certificate.pem"
ssl_certificate_key="/etc/cert-manager/certs.d/${ssl_domain}/key.pem"
ssl_data=$( echo << EOF "SSL:
${BLUE}location of SSL certificate:${NC} ${CYAN}$ssl_certificate${NC}
${BLUE}location of SSL certificate key:${NC} ${CYAN}$ssl_certificate_key${NC}"
EOF
)
if [[ ${www,,} == "yes" ]]
then
http_redirect=$( echo << EOF "
if (\$host = www.${maindomain}) {
return 301 https://\$host\$request_uri;
}
if (\$host = ${maindomain}) {
return 301 https://\$host\$request_uri;
}
"
EOF
)
else
http_redirect=$( echo << EOF "
if (\$host = ${maindomain}) {
return 301 https://\$host\$request_uri;
}
"
EOF
)
fi
down_config=$( echo << EOF "
listen 443 ssl;
listen [::]:443 ssl;
ssl_certificate $ssl_certificate;
ssl_certificate_key $ssl_certificate_key;
include /etc/cert-manager/options-ssl-nginx.conf;
}
server {
listen 80;
listen [::]:80;
server_name $server_name;
$http_redirect
return 404;
}"
EOF
)
elif [[ ${ssl_type,,} == "lcustom" ]]; then
check_certbot
if [ -z "$ssl_domain" ]; then
ssl_domain="$(echo "$maindomain" | rev | cut -d'.' -f1,2 | rev)"
fi
ssl_certificate="/etc/letsencrypt/live/${ssl_domain}/fullchain.pem"
ssl_certificate_key="/etc/letsencrypt/live/${ssl_domain}/privkey.pem"
ssl_data=$( echo << EOF "SSL:
${BLUE}location of SSL certificate:${NC} ${CYAN}$ssl_certificate${NC}
${BLUE}location of SSL certificate key:${NC} ${CYAN}$ssl_certificate_key${NC}"
EOF
)
if [[ ${www,,} == "yes" ]]
then
http_redirect=$( echo << EOF "
if (\$host = www.${maindomain}) {
return 301 https://\$host\$request_uri;
}
if (\$host = ${maindomain}) {
return 301 https://\$host\$request_uri;
}
"
EOF
)
else
http_redirect=$( echo << EOF "
if (\$host = ${maindomain}) {
return 301 https://\$host\$request_uri;
}
"
EOF
)
fi
down_config=$( echo << EOF "
listen 443 ssl;
listen [::]:443 ssl;
ssl_certificate $ssl_certificate;
ssl_certificate_key $ssl_certificate_key;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
}
server {
listen 80;
listen [::]:80;
server_name $server_name;
$http_redirect
return 404;
}"
EOF
)
elif [[ ${ssl_type,,} == "custom" ]]; then
ssl_data=$( echo << EOF "SSL:
${BLUE}location of SSL certificate:${NC} ${CYAN}$ssl_certificate${NC}
${BLUE}location of SSL certificate key:${NC} ${CYAN}$ssl_certificate_key${NC}"
EOF
)
if [[ ${www,,} == "yes" ]]
then
http_redirect=$( echo << EOF "
if (\$host = www.${maindomain}) {
return 301 https://\$host\$request_uri;
}
if (\$host = ${maindomain}) {
return 301 https://\$host\$request_uri;
}
"
EOF
)
else
http_redirect=$( echo << EOF "
if (\$host = ${maindomain}) {
return 301 https://\$host\$request_uri;
}
"
EOF
)
fi
down_config=$( echo << EOF "
listen 443 ssl;
listen [::]:443 ssl;
ssl_certificate $ssl_certificate;
ssl_certificate_key $ssl_certificate_key;
include /etc/cert-manager/options-ssl-nginx.conf;
}
server {
listen 80;
listen [::]:80;
server_name $server_name;
$http_redirect
return 404;
}"
EOF
)
else
echo -e "${RED}Bad input! Invalid SSL type:${NC} ${ssl_type,,}"
exit 1
fi
echo ""
echo -e "${BLUE}Domain:${NC} ${CYAN}${server_name}${NC}"
echo -e "${config_data}"
echo -e "${ssl_data}"
echo ""
config=$( echo << EOF "server {
server_name $server_name;
#client_max_body_size 0;
${index_config:-}
${root_config:-}
location / {$location_config
}
$down_config
"
EOF
)
echo "$config" > "/etc/nginx/sites-available/$maindomain.conf"
ln -fs "/etc/nginx/sites-available/$maindomain.conf" "/etc/nginx/sites-enabled/$maindomain.conf"
if nginx_out=$(nginx -t 2>&1); then
echo -e "${GREEN}Nginx configured successfuly!${NC}"
echo -e "${PURPLE}Reloading Nginx...${NC}"
nginx -s reload
echo -e "${GREEN}Nginx reloaded!${NC}"
# echo ""
# echo "Open your browser and go to https://$maindomain"
# echo ""
else
echo -e "${RED}Nginx configuration failed!${NC}"
echo -e "${RED}Detail:${NC}"
echo "$nginx_out"
exit 1
fi
if [[ ${ssl_type,,} == "auto" ]]; then
certbot --nginx $certbot
fi
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment