Instantly share code, notes, and snippets.

Embed
What would you like to do?
This script generate a yourdomain.conf in /etc/nginx/sites-enabled/ and generate a Let's Encrypt certificate with certbot (You have to install certbot manually!)
#!/bin/bash
# Shell script to add a subdomain to nginx with let's encrypt
DOMAIN=""
PROXY=false
DOCROOT="/var/www/html/"
function usage()
{
echo "This script generate a yourdomain.conf in /etc/nginx/sites-enabled/ and generate a Let's Encrypt certificate with certbot (You have to install certbot manually!)"
echo ""
echo "./add_domain.sh"
echo "\t-h --help"
echo "\t--domain=yourdomain.org"
echo "\t--proxy=1 or 0"
echo "\t--port=ProxyPort"
echo "\t--docroot=/var/www/html/"
echo ""
}
#root check (root is necessary for certbot)
if (($EUID != 0)); then
echo "Please run with sudo or run as root :)"
exit
fi
while [ "$1" != "" ]; do
PARAM=`echo $1 | awk -F= '{print $1}'`
VALUE=`echo $1 | awk -F= '{print $2}'`
case $PARAM in
-h | --help)
usage
exit
;;
--domain)
DOMAIN=$VALUE
;;
--proxy)
PROXY=$VALUE
;;
--port)
PORT=$VALUE
;;
--docroot)
DOCROOT=$VALUE
;;
*)
echo "ERROR: unknown parameter \"$PARAM\""
usage
exit 1
;;
esac
shift
done
INTERNLOCATION="ERROR"
if ((PROXY != 0)); then
INTERNLOCATION=$(cat <<-END
proxy_set_header X-Real-IP \$remote_addr;
proxy_set_header Host \$host;
proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
proxy_pass http://127.0.0.1:$PORT;
END
)
fi
if ((PROXY != 1)); then
INTERNLOCATION="root $DOCROOT;"
fi
echo "Running certbot for $DOMAIN...."
certbot --nginx certonly -d $DOMAIN
echo "Generate /etc/nginx/sites-enabled/$DOMAIN.conf...."
cat > /etc/nginx/sites-enabled/$DOMAIN.conf <<DELIM
## http://$DOMAIN redirects to https://$DOMAIN
server {
listen 80;
listen [::]:80;
server_name $DOMAIN www.$DOMAIN;
location / {
return 301 https://$DOMAIN$request_uri;
}
}
## https://www.$DOMAIN redirects to https://$DOMAIN
server {
listen 443 ssl http2;
server_name www.$DOMAIN;
ssl_certificate /etc/letsencrypt/live/$DOMAIN/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/$DOMAIN/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/$DOMAIN/fullchain.pem;
include /etc/nginx/snippets/le.conf;
location / {
return 301 https://$DOMAIN$request_uri;
}
}
## Serves https://$DOMAIN
server {
server_name $DOMAIN;
listen 443 ssl http2;
ssl_certificate /etc/letsencrypt/live/$DOMAIN/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/$DOMAIN/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/$DOMAIN/fullchain.pem;
include /etc/nginx/snippets/le.conf;
location / {
$INTERNLOCATION
}
}
DELIM
echo "Reloading nginx config...."
sudo service nginx reload
echo "Domain $DOMAIN successfully added!!"
exit 1
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:50m;
ssl_session_tickets off;
ssl_protocols TLSv1.2;
ssl_ciphers EECDH+AESGCM:EECDH+AES;
ssl_ecdh_curve secp384r1;
ssl_prefer_server_ciphers on;
ssl_stapling on;
ssl_stapling_verify on;
add_header Strict-Transport-Security "max-age=15768000; includeSubdomains; preload";
add_header X-Frame-Options SAMEORIGIN;
add_header X-Content-Type-Options nosniff;
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment