RomkaLTU/create_site.sh

## create_site.sh
#!/bin/bash

error() {
printf '\E[31m'; echo "$@"; printf '\E[0m'
}

if [[ $EUID > 0 ]]; then
    error "Run as root!"
    exit 1
fi

VH_NAME=$1
PHP_VERSION=$2
EMAIL=$3

mkdir -p "/home/web/www/$VH_NAME/public_html"
mkdir -p "/home/web/www/$VH_NAME/logs"

rm -rf "/etc/nginx/sites-enabled/$VH_NAME"
rm -rf "/etc/nginx/sites-available/$VH_NAME"
rm -rf "/etc/apache2/sites-enabled/$VH_NAME"
rm -rf "/etc/apache2/sites-available/$VH_NAME"
rm -rf "/etc/letsencrypt/archive/$VH_NAME"
rm -rf "/etc/letsencrypt/live/$VH_NAME"
rm -rf "/etc/letsencrypt/renewal/$VH_NAME"

service nginx reload
service apache2 reload

cat <<EOF >/home/web/www/$VH_NAME/public_html/robots.txt
User-agent: *
Disallow: /
EOF

cat <<EOF >/home/web/www/$VH_NAME/public_html/index.php
<?php phpinfo();
EOF

cat <<EOF >/etc/nginx/sites-enabled/$VH_NAME
server {
    listen 80;
    listen [::]:80;
    root /home/web/www/$VH_NAME/public_html;
    server_name $VH_NAME www.$VH_NAME;
}
EOF

systemctl reload nginx
systemctl reload apache2

certbot certonly --webroot -w "/home/web/www/$VH_NAME/public_html" -d $VH_NAME -d www.$VH_NAME -m $EMAIL

cat <<EOF >/etc/apache2/sites-available/$VH_NAME.conf
<VirtualHost *:8080>
    ServerName https://$VH_NAME
    ServerAlias https://www.$VH_NAME
    DocumentRoot /home/web/www/$VH_NAME/public_html
    ErrorLog /home/web/www/$VH_NAME/logs/apache_error.log
    CustomLog /home/web/www/$VH_NAME/logs/apache_access.log vhost_combined
    <Directory /home/web/www/$VH_NAME/public_html>
        Options -Indexes +FollowSymLinks +MultiViews
        AllowOverride All
        Require all granted
    </Directory>
    <FilesMatch \.php$>
        SetHandler "proxy:unix:/var/run/php/php$PHP_VERSION-fpm.sock|fcgi://localhost/"
    </FilesMatch>
</VirtualHost>
EOF

cat <<EOF >/etc/nginx/sites-available/$VH_NAME
server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;

    root /home/web/www/$VH_NAME/public_html;
    index index.php index.html;

    access_log off;

    server_name $VH_NAME www.$VH_NAME;

    include /etc/nginx/static.conf;

    location / {
        proxy_pass http://127.0.0.1:8080;
        include /etc/nginx/proxy.conf;
    }

    location ~ /\. {
        deny all;
    }

    ssl_certificate /etc/letsencrypt/live/$VH_NAME/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/$VH_NAME/privkey.pem;
    ssl_dhparam  /etc/nginx/ssl/dhparam.pem;
    ssl_session_cache shared:SSL:50m;
    ssl_session_timeout 1d;
    ssl_session_tickets off;
    ssl_prefer_server_ciphers on;
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_early_data on;
    ssl_ciphers 'TLS-CHACHA20-POLY1305-SHA256:TLS-AES-256-GCM-SHA384:TLS-AES-128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
    resolver 8.8.8.8 8.8.4.4;
    ssl_stapling on;
    ssl_stapling_verify on;
    add_header Strict-Transport-Security "max-age=31536000; includeSubdomains; preload";
}

server {
    listen          80;
    listen          [::]:80;
    server_name     $VH_NAME www.$VH_NAME;
    root /home/web/www/$VH_NAME/public_html;
    location / {  # the default location redirects to https
        return 301 https://\$server_name\$request_uri;
    }
    location /.well-known {}  # do not redirect this
}
EOF

rm -rf "/etc/nginx/sites-enabled/$VH_NAME"

ln -s "/etc/nginx/sites-available/$VH_NAME" "/etc/nginx/sites-enabled/$VH_NAME"
a2ensite $VH_NAME

systemctl reload nginx
systemctl reload apache2

cat <<EOF >/etc/logrotate.d/$VH_NAME
/home/web/www/$VH_NAME/logs/*.log {
    daily
    missingok
    rotate 14
    compress
    notifempty
    create 0640 rd rd
    sharedscripts
    postrotate
        systemctl reload apache2
        systemctl reload nginx
    endscript
}
EOF

systemctl reload nginx
systemctl reload apache2

chown -R web:web "/home/web/www/$VH_NAME"

echo "All done! https://$VH_NAME"
	#!/bin/bash

	error() {
	printf '\E[31m'; echo "$@"; printf '\E[0m'
	}

	if [[ $EUID > 0 ]]; then
	error "Run as root!"
	exit 1
	fi

	VH_NAME=$1
	PHP_VERSION=$2
	EMAIL=$3

	mkdir -p "/home/web/www/$VH_NAME/public_html"
	mkdir -p "/home/web/www/$VH_NAME/logs"

	rm -rf "/etc/nginx/sites-enabled/$VH_NAME"
	rm -rf "/etc/nginx/sites-available/$VH_NAME"
	rm -rf "/etc/apache2/sites-enabled/$VH_NAME"
	rm -rf "/etc/apache2/sites-available/$VH_NAME"
	rm -rf "/etc/letsencrypt/archive/$VH_NAME"
	rm -rf "/etc/letsencrypt/live/$VH_NAME"
	rm -rf "/etc/letsencrypt/renewal/$VH_NAME"

	service nginx reload
	service apache2 reload

	cat <<EOF >/home/web/www/$VH_NAME/public_html/robots.txt
	User-agent: *
	Disallow: /
	EOF

	cat <<EOF >/home/web/www/$VH_NAME/public_html/index.php
	<?php phpinfo();
	EOF

	cat <<EOF >/etc/nginx/sites-enabled/$VH_NAME
	server {
	listen 80;
	listen [::]:80;
	root /home/web/www/$VH_NAME/public_html;
	server_name $VH_NAME www.$VH_NAME;
	}
	EOF

	systemctl reload nginx
	systemctl reload apache2

	certbot certonly --webroot -w "/home/web/www/$VH_NAME/public_html" -d $VH_NAME -d www.$VH_NAME -m $EMAIL

	cat <<EOF >/etc/apache2/sites-available/$VH_NAME.conf
	<VirtualHost *:8080>
	ServerName https://$VH_NAME
	ServerAlias https://www.$VH_NAME
	DocumentRoot /home/web/www/$VH_NAME/public_html
	ErrorLog /home/web/www/$VH_NAME/logs/apache_error.log
	CustomLog /home/web/www/$VH_NAME/logs/apache_access.log vhost_combined
	<Directory /home/web/www/$VH_NAME/public_html>
	Options -Indexes +FollowSymLinks +MultiViews
	AllowOverride All
	Require all granted
	</Directory>
	<FilesMatch \.php$>
	SetHandler "proxy:unix:/var/run/php/php$PHP_VERSION-fpm.sock\|fcgi://localhost/"
	</FilesMatch>
	</VirtualHost>
	EOF

	cat <<EOF >/etc/nginx/sites-available/$VH_NAME
	server {
	listen 443 ssl http2;
	listen [::]:443 ssl http2;

	root /home/web/www/$VH_NAME/public_html;
	index index.php index.html;

	access_log off;

	server_name $VH_NAME www.$VH_NAME;

	include /etc/nginx/static.conf;

	location / {
	proxy_pass http://127.0.0.1:8080;
	include /etc/nginx/proxy.conf;
	}

	location ~ /\. {
	deny all;
	}

	ssl_certificate /etc/letsencrypt/live/$VH_NAME/fullchain.pem;
	ssl_certificate_key /etc/letsencrypt/live/$VH_NAME/privkey.pem;
	ssl_dhparam /etc/nginx/ssl/dhparam.pem;
	ssl_session_cache shared:SSL:50m;
	ssl_session_timeout 1d;
	ssl_session_tickets off;
	ssl_prefer_server_ciphers on;
	ssl_protocols TLSv1.2 TLSv1.3;
	ssl_early_data on;
	ssl_ciphers 'TLS-CHACHA20-POLY1305-SHA256:TLS-AES-256-GCM-SHA384:TLS-AES-128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
	resolver 8.8.8.8 8.8.4.4;
	ssl_stapling on;
	ssl_stapling_verify on;
	add_header Strict-Transport-Security "max-age=31536000; includeSubdomains; preload";
	}

	server {
	listen 80;
	listen [::]:80;
	server_name $VH_NAME www.$VH_NAME;
	root /home/web/www/$VH_NAME/public_html;
	location / { # the default location redirects to https
	return 301 https://\$server_name\$request_uri;
	}
	location /.well-known {} # do not redirect this
	}
	EOF

	rm -rf "/etc/nginx/sites-enabled/$VH_NAME"

	ln -s "/etc/nginx/sites-available/$VH_NAME" "/etc/nginx/sites-enabled/$VH_NAME"
	a2ensite $VH_NAME

	systemctl reload nginx
	systemctl reload apache2

	cat <<EOF >/etc/logrotate.d/$VH_NAME
	/home/web/www/$VH_NAME/logs/*.log {
	daily
	missingok
	rotate 14
	compress
	notifempty
	create 0640 rd rd
	sharedscripts
	postrotate
	systemctl reload apache2
	systemctl reload nginx
	endscript
	}
	EOF

	systemctl reload nginx
	systemctl reload apache2

	chown -R web:web "/home/web/www/$VH_NAME"

	echo "All done! https://$VH_NAME"