WillSams/setup-jenkins-nginx.sh

## setup-jenkins-nginx.sh
#!/bin/bash

set -o nounset                    # unset variables are errors

SCRIPTVERSION="2019.01.29-Debian"
SCRIPTNAME="setup-jenkins-nginx.sh"
SCRIPTFULLNAME="$0"
PORT='8080'
WEBNAME='jenkins.yourdomain'

echoerror() { printf "\033[1;31m * ERROR\033[0m: %s\\n" "$@" 1>&2; }

usage() {
  cat << EOT
    Usage :  ${SCRIPTNAME} [options]

    Options:
      -h  Display this message
      -v  Display script version
      -p  Http port number desired for the Jenkins instance.  Default is 8080.
      -w  Web name. Default is jenkins.yourdomain.
EOT
}   # ----------  end of function usage  ----------

while getopts ':hvp:s:' opt
do
  case "${opt}" in

    h )  usage; exit 0                                ;;
    v )  echo "$0 -- Version $SCRIPTVERSION"; exit 0  ;;
    p )  PORT=$OPTARG                                 ;;
    w )  WEBNAME=$OPTARG                              ;;

    \?)  echo
          echoerror "Option does not exist : $OPTARG"
          usage
          exit 1
        ;;

  esac    # --- end of case ---
done
shift $((OPTIND-1))

sudo bash -c "add-apt-repository ppa:certbot/certbot -y"
sudo bash -c "apt update -y && apt upgrade"
sudo bash -c "apt install python-certbot-nginx"

sudo bash -c "sudo certbot certonly -d $WEBNAME.com"
sudo bash -c "mkdir -p /etc/nginx/ssl"
sudo bash -c "openssl dhparam -out /etc/nginx/ssl/dhparam.pem 4096"

sudo bash -c "echo '####################################################################
server {
  listen 80;
  server_name $WEBNAME.com;
  return 301 https://$WEBNAME.com$request_uri;
}
server {
    listen 443 ssl default_server;
    server_name $WEBNAME.com;

    add_header                      X-Frame-Options SAMEORIGIN;
    add_header                      X-Content-Type-Options nosniff;
    add_header                      X-XSS-Protection "1; mode=block";

    ssl_certificate                 /etc/letsencrypt/live/$WEBNAME.com/fullchain.pem;
    ssl_certificate_key             /etc/letsencrypt/live/$WEBNAME.com/privkey.pem;

    ssl_prefer_server_ciphers       on;
    ssl_session_cache               shared:SSL:50m;
    ssl_session_timeout             5m;
    ssl_dhparam                     /etc/nginx/ssl/dhparam.pem;

    ssl_ciphers \"ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4\";

    location / {
        proxy_set_header        Host "'$host'";
        proxy_set_header        X-Real-IP "'$remote_addr'";
        proxy_set_header        X-Forwarded-For "'$proxy_add_x_forwarded_for'";
        proxy_set_header        X-Forwarded-Proto "'$scheme'";

        proxy_pass              http://127.0.0.1:$PORT;
        proxy_read_timeout      90;
        proxy_redirect          off;

        # Required for new HTTP-based CLI
        proxy_http_version 1.1;
        proxy_request_buffering off;

        # workaround for https://issues.jenkins-ci.org/browse/JENKINS-45651
        add_header 'X-SSH-Endpoint' 'ci.samswebs.com:50022' always;
    }

    client_max_body_size 4G;
    keepalive_timeout 10;
}
####################################################################' >> /etc/nginx/conf.d/default.conf"
sudo bash -c "usermod -a -G jenkins www-data"
sudo bash -c "sudo service nginx restart"

echo "$SCRIPTFULLNAME ($SCRIPTVERSION) complete.  Browse http://$WEBNAME.com to visit the Jenkins instance."
	#!/bin/bash

	set -o nounset # unset variables are errors

	SCRIPTVERSION="2019.01.29-Debian"
	SCRIPTNAME="setup-jenkins-nginx.sh"
	SCRIPTFULLNAME="$0"
	PORT='8080'
	WEBNAME='jenkins.yourdomain'

	echoerror() { printf "\033[1;31m * ERROR\033[0m: %s\\n" "$@" 1>&2; }

	usage() {
	cat << EOT
	Usage : ${SCRIPTNAME} [options]

	Options:
	-h Display this message
	-v Display script version
	-p Http port number desired for the Jenkins instance. Default is 8080.
	-w Web name. Default is jenkins.yourdomain.
	EOT
	} # ---------- end of function usage ----------

	while getopts ':hvp:s:' opt
	do
	case "${opt}" in

	h ) usage; exit 0 ;;
	v ) echo "$0 -- Version $SCRIPTVERSION"; exit 0 ;;
	p ) PORT=$OPTARG ;;
	w ) WEBNAME=$OPTARG ;;

	\?) echo
	echoerror "Option does not exist : $OPTARG"
	usage
	exit 1
	;;

	esac # --- end of case ---
	done
	shift $((OPTIND-1))

	sudo bash -c "add-apt-repository ppa:certbot/certbot -y"
	sudo bash -c "apt update -y && apt upgrade"
	sudo bash -c "apt install python-certbot-nginx"

	sudo bash -c "sudo certbot certonly -d $WEBNAME.com"
	sudo bash -c "mkdir -p /etc/nginx/ssl"
	sudo bash -c "openssl dhparam -out /etc/nginx/ssl/dhparam.pem 4096"

	sudo bash -c "echo '####################################################################
	server {
	listen 80;
	server_name $WEBNAME.com;
	return 301 https://$WEBNAME.com$request_uri;
	}
	server {
	listen 443 ssl default_server;
	server_name $WEBNAME.com;

	add_header X-Frame-Options SAMEORIGIN;
	add_header X-Content-Type-Options nosniff;
	add_header X-XSS-Protection "1; mode=block";

	ssl_certificate /etc/letsencrypt/live/$WEBNAME.com/fullchain.pem;
	ssl_certificate_key /etc/letsencrypt/live/$WEBNAME.com/privkey.pem;

	ssl_prefer_server_ciphers on;
	ssl_session_cache shared:SSL:50m;
	ssl_session_timeout 5m;
	ssl_dhparam /etc/nginx/ssl/dhparam.pem;

	ssl_ciphers \"ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4\";

	location / {
	proxy_set_header Host "'$host'";
	proxy_set_header X-Real-IP "'$remote_addr'";
	proxy_set_header X-Forwarded-For "'$proxy_add_x_forwarded_for'";
	proxy_set_header X-Forwarded-Proto "'$scheme'";

	proxy_pass http://127.0.0.1:$PORT;
	proxy_read_timeout 90;
	proxy_redirect off;

	# Required for new HTTP-based CLI
	proxy_http_version 1.1;
	proxy_request_buffering off;

	# workaround for https://issues.jenkins-ci.org/browse/JENKINS-45651
	add_header 'X-SSH-Endpoint' 'ci.samswebs.com:50022' always;
	}

	client_max_body_size 4G;
	keepalive_timeout 10;
	}
	####################################################################' >> /etc/nginx/conf.d/default.conf"
	sudo bash -c "usermod -a -G jenkins www-data"
	sudo bash -c "sudo service nginx restart"

	echo "$SCRIPTFULLNAME ($SCRIPTVERSION) complete. Browse http://$WEBNAME.com to visit the Jenkins instance."