amiad/nginx_add_domain.sh

## nginx_add_domain.sh
#!/bin/bash
# Usage: ./nginx_add_domain.sh <domain> <webroot_directory> [<configuration_file>]

add_server(){
	if [ ! -z $3 ]; then
		echo "$4" >> "$3"
	else
		echo "add this block to nginx configuration file in http block"
		echo ""
		echo "$4"
		echo ""
		echo "Press enter after adding the block to continue..."
		read
	fi
}

sock=$(ls /run/php*/*.sock)

server80="server {
	listen 80;
	server_name $1 www.$1;

	#return 301 https://\$server_name\$request_uri;

	root $2;
	index index.php index.html index.htm;
	try_files \$uri \$uri/ =404;
	#try_files \$uri \$uri/ /index.php?\$args; #wordpress

	location ~ \.php$ {
		fastcgi_pass   unix:$sock;
		include        fastcgi.conf;
		fastcgi_param PHP_VALUE open_basedir=\$document_root:/tmp:/var/tmp:/usr/local/lib/php;
	}
}"

server443="server {
	listen 443 ssl http2;
	server_name $1 www.$1;

	root $2;
	index index.php index.html index.htm;
	try_files \$uri \$uri/ =404;
	#try_files \$uri \$uri/ /index.php?\$args; #wordpress

	add_header X-Frame-Options SAMEORIGIN;
	add_header X-XSS-Protection \"1; mode=block\";
	add_header X-Content-Type-Options \"nosniff\";

	ssl on;
	ssl_certificate  /etc/letsencrypt/live/$1/fullchain.pem;
	ssl_certificate_key  /etc/letsencrypt/live/$1/privkey.pem;

	ssl_session_timeout 5m;
	ssl_session_cache shared:SSL:50m;
	ssl_protocols TLSv1.2 TLSv1.3;
	ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';

	ssl_prefer_server_ciphers on;
	add_header Strict-Transport-Security \"max-age=63072000; includeSubDomains; preload\";
	ssl_dhparam ssl/dhparam.pem;

	location ~ \.php$ {
		fastcgi_pass   unix:$sock;
		include        fastcgi.conf;
		fastcgi_param PHP_VALUE open_basedir=\$document_root:/tmp:/var/tmp:/usr/local/lib/php;
	}

	location ~* \.(?:ico|css|js|gif|jpe?g|png|woff2?|ttf)$ {
		expires 30d;
		add_header Pragma public;
		add_header Cache-Control "public";
	}
}"

if [ -z $2 ]; then
	echo "parameters missed!"
	exit
fi

if [ ! $(command -v certbot) ]; then
	echo "certbot not installed!"
	exit
fi

add_server "$1" "$2" "$3" "$server80"
systemctl reload nginx

if [ ! -d /etc/letsencrypt/live/$1 ]; then
	certbot certonly --webroot -w $2 -d $1,www.$1
fi

if [ ! -f /etc/nginx/ssl/dhparam.pem ]; then
	mkdir -p /etc/nginx/ssl/
	openssl dhparam -out /etc/nginx/ssl/dhparam.pem 4096
fi

add_server "$1" "$2" "$3" "$server443"

if [ -z $3 ] || [ $(grep -c "#return 301 http://\$server_name\$request_uri;" $3) -gt 1 ]; then
	echo "uncomment the line of \"#return 301 https://\$server_name\$request_uri;\" and press Enter..."
	read
else
	sed -i "/\s*#return/s/#//" $3
fi

systemctl reload nginx

echo "The domain $1 added!"
	#!/bin/bash
	# Usage: ./nginx_add_domain.sh <domain> <webroot_directory> [<configuration_file>]

	add_server(){
	if [ ! -z $3 ]; then
	echo "$4" >> "$3"
	else
	echo "add this block to nginx configuration file in http block"
	echo ""
	echo "$4"
	echo ""
	echo "Press enter after adding the block to continue..."
	read
	fi
	}

	sock=$(ls /run/php/.sock)

	server80="server {
	listen 80;
	server_name $1 www.$1;

	#return 301 https://\$server_name\$request_uri;

	root $2;
	index index.php index.html index.htm;
	try_files \$uri \$uri/ =404;
	#try_files \$uri \$uri/ /index.php?\$args; #wordpress

	location ~ \.php$ {
	fastcgi_pass unix:$sock;
	include fastcgi.conf;
	fastcgi_param PHP_VALUE open_basedir=\$document_root:/tmp:/var/tmp:/usr/local/lib/php;
	}
	}"

	server443="server {
	listen 443 ssl http2;
	server_name $1 www.$1;

	root $2;
	index index.php index.html index.htm;
	try_files \$uri \$uri/ =404;
	#try_files \$uri \$uri/ /index.php?\$args; #wordpress

	add_header X-Frame-Options SAMEORIGIN;
	add_header X-XSS-Protection \"1; mode=block\";
	add_header X-Content-Type-Options \"nosniff\";

	ssl on;
	ssl_certificate /etc/letsencrypt/live/$1/fullchain.pem;
	ssl_certificate_key /etc/letsencrypt/live/$1/privkey.pem;

	ssl_session_timeout 5m;
	ssl_session_cache shared:SSL:50m;
	ssl_protocols TLSv1.2 TLSv1.3;
	ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';

	ssl_prefer_server_ciphers on;
	add_header Strict-Transport-Security \"max-age=63072000; includeSubDomains; preload\";
	ssl_dhparam ssl/dhparam.pem;

	location ~ \.php$ {
	fastcgi_pass unix:$sock;
	include fastcgi.conf;
	fastcgi_param PHP_VALUE open_basedir=\$document_root:/tmp:/var/tmp:/usr/local/lib/php;
	}

	location ~* \.(?:ico\|css\|js\|gif\|jpe?g\|png\|woff2?\|ttf)$ {
	expires 30d;
	add_header Pragma public;
	add_header Cache-Control "public";
	}
	}"

	if [ -z $2 ]; then
	echo "parameters missed!"
	exit
	fi

	if [ ! $(command -v certbot) ]; then
	echo "certbot not installed!"
	exit
	fi

	add_server "$1" "$2" "$3" "$server80"
	systemctl reload nginx

	if [ ! -d /etc/letsencrypt/live/$1 ]; then
	certbot certonly --webroot -w $2 -d $1,www.$1
	fi

	if [ ! -f /etc/nginx/ssl/dhparam.pem ]; then
	mkdir -p /etc/nginx/ssl/
	openssl dhparam -out /etc/nginx/ssl/dhparam.pem 4096
	fi

	add_server "$1" "$2" "$3" "$server443"

	if [ -z $3 ] \|\| [ $(grep -c "#return 301 http://\$server_name\$request_uri;" $3) -gt 1 ]; then
	echo "uncomment the line of \"#return 301 https://\$server_name\$request_uri;\" and press Enter..."
	read
	else
	sed -i "/\s*#return/s/#//" $3
	fi

	systemctl reload nginx

	echo "The domain $1 added!"