ganey/after.sh

## after.sh
#!/bin/sh

# By default, nginx & apache both use port 80/443 so can't run at the same time
# apache services will be updated, port 80 to 3888 and 443 to 3444
# nginx will proxy all requests by default over to apache ports
# nginx will also use ssl certs for each apache site via the 0-default_server config using the $ssl_server_name
# no homestead.yaml changes should be required for the nginx catch-all proxy to work

# This will also allow you to use nginx as a proxy to pm2 / node services via Homestead.yaml
# check nginx version
command="nginx -v"
nginxvstring=$( ${command} 2>&1 )
nginxv=$(echo $nginxvstring | grep -o '\.[0-9]*\.' | grep -o '[0-9]*')

if [ "$nginxv" lt "16" ]
    then
        # Update nginx past 1.15.8 for variable SSL cert support
        sudo add-apt-repository ppa:nginx/stable
        sudo apt-get update
        sudo apt-get install nginx -y
fi

# allow nginx cert access
sudo chmod 0644 /etc/nginx/ssl/*.key
sudo chmod 0644 /etc/nginx/ssl/*.crt

# Replace ports in default apache config so it doesn't block nginx by running on 80/443
sudo sed -i 's/80/3888/g' /etc/apache2/ports.conf
sudo sed -i 's/443/3444/g' /etc/apache2/ports.conf

# Replace ports in apache sites-available
# Alternatively set the port for each site in homestead yaml to 3888 / ssl:3444
FILES=$(find /etc/apache2/sites-available/ -type f -name '*.conf')
for file in $FILES
do
    sudo sed -i 's/80/3888/' "$file"
    sudo sed -i 's/443/3444/' "$file"
done

## Start any pm2 services found in the ecosystem folder (optional)
#FILES=$(find "$HOME"/ecosystem/ -type f -name '*.json')
#for file in $FILES
#do
#    pm2 start "$file"
#done

block='server {
    listen 80 default_server;
    server_name _;

    location / {
        proxy_pass http://127.0.0.1:3888;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }
}
server {
    listen 443 ssl http2 default_server;
    listen [::]:443 ssl http2 default_server;
    server_name _;

    location / {
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;

        proxy_pass https://127.0.0.1:3444;
        proxy_ssl_name $host;
        proxy_ssl_server_name on;
        proxy_ssl_protocols  TLSv1 TLSv1.1 TLSv1.2;
        proxy_ssl_session_reuse off;
    }

    ssl_certificate /etc/nginx/ssl/$ssl_server_name.crt;
    ssl_certificate_key /etc/nginx/ssl/$ssl_server_name.key;
    ssl_ecdh_curve prime256v1;

    ssl_session_cache  builtin:1000  shared:SSL:10m;
    ssl_protocols  TLSv1 TLSv1.1 TLSv1.2;
}'

echo "$block" | sudo tee "/etc/nginx/sites-available/0-default_server"
sudo ln -fs "/etc/nginx/sites-available/0-default_server" "/etc/nginx/sites-enabled/0-default_server"

sudo service apache2 restart
sudo service nginx restart
	#!/bin/sh

	# By default, nginx & apache both use port 80/443 so can't run at the same time
	# apache services will be updated, port 80 to 3888 and 443 to 3444
	# nginx will proxy all requests by default over to apache ports
	# nginx will also use ssl certs for each apache site via the 0-default_server config using the $ssl_server_name
	# no homestead.yaml changes should be required for the nginx catch-all proxy to work

	# This will also allow you to use nginx as a proxy to pm2 / node services via Homestead.yaml
	# check nginx version
	command="nginx -v"
	nginxvstring=$( ${command} 2>&1 )
	nginxv=$(echo $nginxvstring \| grep -o '\.[0-9]\.' \| grep -o '[0-9]')

	if [ "$nginxv" lt "16" ]
	then
	# Update nginx past 1.15.8 for variable SSL cert support
	sudo add-apt-repository ppa:nginx/stable
	sudo apt-get update
	sudo apt-get install nginx -y
	fi

	# allow nginx cert access
	sudo chmod 0644 /etc/nginx/ssl/*.key
	sudo chmod 0644 /etc/nginx/ssl/*.crt

	# Replace ports in default apache config so it doesn't block nginx by running on 80/443
	sudo sed -i 's/80/3888/g' /etc/apache2/ports.conf
	sudo sed -i 's/443/3444/g' /etc/apache2/ports.conf

	# Replace ports in apache sites-available
	# Alternatively set the port for each site in homestead yaml to 3888 / ssl:3444
	FILES=$(find /etc/apache2/sites-available/ -type f -name '*.conf')
	for file in $FILES
	do
	sudo sed -i 's/80/3888/' "$file"
	sudo sed -i 's/443/3444/' "$file"
	done

	## Start any pm2 services found in the ecosystem folder (optional)
	#FILES=$(find "$HOME"/ecosystem/ -type f -name '*.json')
	#for file in $FILES
	#do
	# pm2 start "$file"
	#done

	block='server {
	listen 80 default_server;
	server_name _;

	location / {
	proxy_pass http://127.0.0.1:3888;
	proxy_set_header Host $host;
	proxy_set_header X-Real-IP $remote_addr;
	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	proxy_set_header X-Forwarded-Proto $scheme;
	}
	}
	server {
	listen 443 ssl http2 default_server;
	listen [::]:443 ssl http2 default_server;
	server_name _;

	location / {
	proxy_set_header Host $host;
	proxy_set_header X-Real-IP $remote_addr;
	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	proxy_set_header X-Forwarded-Proto $scheme;

	proxy_pass https://127.0.0.1:3444;
	proxy_ssl_name $host;
	proxy_ssl_server_name on;
	proxy_ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
	proxy_ssl_session_reuse off;
	}

	ssl_certificate /etc/nginx/ssl/$ssl_server_name.crt;
	ssl_certificate_key /etc/nginx/ssl/$ssl_server_name.key;
	ssl_ecdh_curve prime256v1;

	ssl_session_cache builtin:1000 shared:SSL:10m;
	ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
	}'

	echo "$block" \| sudo tee "/etc/nginx/sites-available/0-default_server"
	sudo ln -fs "/etc/nginx/sites-available/0-default_server" "/etc/nginx/sites-enabled/0-default_server"

	sudo service apache2 restart
	sudo service nginx restart