Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Auto Nginx Configuration for Rengine
#!/bin/bash
#Installing Rengine with Nginx + SSL, to do on a clean VPS Doing a clean VPS ;
#Tested on Debian 10 ;
#You just need to have a domain pointing to your server and change the two variables below
#Variables
domain='test.domain.tld'
email='contact@domain.tld'
#Update / Upgrade & Install docker
apt-get update && apt-get upgrade -y
apt install apt-transport-https ca-certificates curl software-properties-common certbot nginx -y
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | apt-key add -
add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu focal stable"
apt update
apt install docker-ce
curl -L "https://github.com/docker/compose/releases/download/1.26.0/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
chmod +x /usr/local/bin/docker-compose
#Grab Nginx config
echo 'H4sIABvdG18CA+1ae2/buhXP3/4UXNqut92VZNmOHdgIgiBNmwDNGtQd0GF3E2iJsnkjkRpJ+dG5++w7pN5+NHePGru4ZmJb5nnwkDw850fSbErZ0vY5C0++W2lDGQwG5hPK5mf3rNM/cbuDdn9w1u91uycZu4vaJwcoqVRYIHTyGy3P0DvCiMCKBGiyQky7g/YGOrUpbz1DM6USOXScxWJhB3RKFY64TzADl4kdeMUpo2rlKM4j6Rjpy4DHmDJpt21JxJwIO6u4UEQqLfb7LQZBAiqIr8bpJKddhDiSpMZp7LAjouQN88UqUTdAiYzOF722UR2KGn8yS/RrS48g0KAkD4IvV40vF0qkexkT/f6ApbzQdrzoXr3ovIV/tzMAzrbtQs05eG2rlUKP0GaBsbMCrPColdBgi4ockbJs6Gygj1oLLh6J8KBNn0hJpGHCqeIlSUQ0pspjPKQRQf2zs+7ZqNUCg5mS6B8tzR+nkaIe9n2SqLwdzkaGlCuBWWYw5pQzWaj42mrp/uUq/BmGAVBNY1MVWueZHklYYAyol6IR5SdgX5LK2V5iQCK82iZmPuEp/kiYLIlhmFEjPgVR5YU8ZcEWVa0SIr0ZljMvxktP0i9gXafdyy32IwpDZEgTHqwyutu/h8HT5Gfo/u7+xjxS5kdp0OwaimlMbNNEpi4gIYZh9nRVyYSTJKI+1uPqcF8RZUklCI7LNt7zKcz11HzT8yOlB52q+8McCweqMp9wMh4bKrJWiRBcbIhsyhgeLYIWWLCy6fH4fTbEMvLAsSTY6CnoFE9hlt1gtEX0sT8zXZPgCyQYgoKh245HO7T4j7A286nIm3tDw5AS65ZEUYwZSrDAMVGwQEIu0JvbG+TTZAaLLKWwfkuVwcww1vpGlJ/3K6fZCanG855/oVGE0R0D1TFEEohlKAthqTDzUKqGJaW4D5GqUP3p/Xju2p38s1v1K7esMuLmGgy24H18ZV3djN3OufXu+t4a3151zvrDjPrxG7RSEqoKave815TcScskr2+v4L/Tth4+vP+z222f1SS3afut2dtaOZ4frscPaKwwuHHupWai84rt5VojerBwabiqiIJIHs03QqJrmz/4NLETndvmz3z27B6s13O7P7A7nY5+VV/b+oXmOKLBRb8tmy1UfgylI2urDQe5N8j9K7vmYprXDpzXBhONfpGI1P5rEYYnEQFJiKO/nvyf2Y7nkEy1+U6RpP+XkPAJ/OcOXHcD/7ndXu+I/w4y/ybb5hk/olIRto1Qer2uXucGDHZG32T9y3D41+EO/jyrM8gADf7C3/LVzLlCO4pJbwCjSvd0knQCaXZnZvOJUDTUOZg0V6tGjyRDj05E55WzO2EaRQB3KMsyyw5N3iNZ/RJNiaBzYG3qAWgJoxU0LHtCT82avIuS+KkArL0/JEFp4nenkMmDWa6JsoAsNTrOVcG3HWNecpVyOSRGBg3naCxDOsjJPUgXQ/YSQMvGAWDzUOLkoUbJo1bVRNmLDcONjloI/lrYgIOA6hZxlEf1xnBsaJmarU2U6wEdz9Dtp08PqNhvtPZ6/3l7282NaxeEuj83fbg+NRv21Ka7PiM7R1EQlQqGum233IMV7TwX5O8pPHswt8XwfP2v4n+Ru75H9H8y/pvnZvzvtAd9AAK27Xz3/PQbj/9PeOhB5t/tnm3m/57b7Rzz/0HOf66u728sSDdRRNiUtMpg9Ld/IsdewN7NemR8wWAfGpOKrwhVJmOX6dmr+c+vCgafHNf/NmA4UPx3Id5v4393cFz/B1n/xZSjGcEB4LsWQCwve0afrbf6zMb6kGTnhFU5HV/d33z4ePfu7o+nCEcLvII9d0Py83hsPQiusjPGmqQ7QjEPyMUEQs3jHuFrzgB3KevTKmm0fsq4ZDQMd4p9JCERggjrgcPeYFW3lnFLFNTFjDArgJA2FSC2U1PR/Dgfm0rjaX7oZ0nho5eSROHLDOXmKA3pg94hgr5NhuhlyiQOiUVZRBl5ubOpsRLUh44KzGTCRdUmOo3x0sJTctF1z7p9DZwLbDlOJ2+yg+pKJWBbG+njWFmFcIjgP9k/XP6uiuKv8rAdELYC0egYpI/xf9+O6VD43+32t/Bft9M+nv8cJv6HeE5hum14qyLHBXJq9cUGuXH3Ul66NC8xTLXZags+4Uraaqkaeqvq/0wtlhJA5o/IHPXXYt1rpGPd0Jfyh5/sGCevLtc/1x4TcjldJ2y6ntJwDX1aQ5Rdzwj11wsySdYKksrlOk6667iH1xj7az6drmMa0Mv1As+B0lvHfK6ZY/iilcH4ANN8HUZQHc9fPc/7Q5YJFdm13SDY6kvVETmf/ohCyDRyuxdA+3K5ViqEF5gCn4Sr9QKEO5dlQ7UscmUaMGlT8Mi6iiK+sD4ICqsbnb4+Hf1bhk2/0KSl3zYv9nSdB1h/tVmnj2soMfdxmK3yStilJ7AhmJMI9fMqc3lWHPwtlZNEkMSyR5i37GEZR41LtJ8ljEujAs+x9AVNVKNaSPmHTVmseGwqaQyJ1IFR1d9Gx7C/L/5X526H+/2H627H/86g1z3G/wOU7LBWY1d9eScbSL26rxu1Mj5zH+xNVuZwd7M8N1rSxMBqA0jNjyfKfUWmAoJ3EbT+lLHuV7ElcV3+ZqFE9jnz6Q7uWy7VpolQtYPzs/WR4Mi6e6g4BYlh7+JBjBU7Bd5yscAiIIF+0gIZj47JS0hlOVE/PSGu90gcPZcwsjF5gjfr0f5e1LTCVgI482NqvbGozUh+V1pMSf5LkMYValnMTWvRFAt2MzX5BJjzTb5j2P2/Kf8Cl1xsmwAoAAA=' | base64 --decode | tee /etc/nginx/nginxconfig.io-test.com.tar.gz > /dev/null
#Backup actual Nginx config
cd /etc/nginx
tar -czvf nginx_$(date +'%F_%H-%M-%S').tar.gz nginx.conf sites-available/ sites-enabled/ nginxconfig.io/
#Extract the new compressed configuration archive
tar -xzvf nginxconfig.io-test.com.tar.gz
#Generate Diffie-Hellman keys
openssl dhparam -out /etc/nginx/dhparam.pem 2048
#Create a common ACME-challenge directory (for Let's Encryp
mkdir -p /var/www/_letsencrypt
chown www-data /var/www/_letsencrypt
#Replace the "test domain" by the real domain
rm /etc/nginx/sites-enabled/test.com.conf
mv /etc/nginx/sites-available/test.com.conf /etc/nginx/sites-available/$domain.conf
sed -i 's/test.com/'"$domain"'/' /etc/nginx/sites-available/$domain.conf
ln -s /etc/nginx/sites-available/$domain.conf /etc/nginx/sites-enabled/$domain.conf
#Comment out SSL related directives in the configuratio
sed -i -r 's/(listen .*443)/\1;#/g; s/(ssl_(certificate|certificate_key|trusted_certificate) )/#;#\1/g' /etc/nginx/sites-available/$domain.conf
#CSS is not loaded without that
sed -i -r '13,17d' /etc/nginx/nginxconfig.io/general.conf
#Nginx reload
nginx -t && systemctl reload nginx
#Get SSL certificates from Let's Encrypt
certbot certonly --webroot -d $domain --email $email -w /var/www/_letsencrypt -n --agree-tos --force-renewal
#Uncomment SSL related directives in the configuration
sed -i -r 's/#?;#//g' /etc/nginx/sites-available/$domain.conf
#Nginx reload
nginx -t && systemctl reload nginx
#Configure Certbot to reload NGINX when it successfully renews certificates
echo -e '#!/bin/bash\nnginx -t && systemctl reload nginx' | tee /etc/letsencrypt/renewal-hooks/post/nginx-reload.sh
chmod a+x /etc/letsencrypt/renewal-hooks/post/nginx-reload.sh
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.