Self signed SSL certificates and NGINX conf creation.

ssl.sh

#!/bin/sh

[ -z "$1" ] && echo "Usage: ssl <hostname>" && exit 1

# Create the certs
rm -rf /mnt/certs/$1
mkdir /mnt/certs/$1
cd /mnt/certs/$1
openssl genrsa -des3 -out server.key 1024
openssl req -new -key server.key -out server.csr
cp server.key server.key.org
openssl rsa -in server.key.org -out server.key
openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt

# Write the vhost file to /mnt/vhosts/$1.conf
cat > "/mnt/vhosts/$1.conf" <<END
server {
    listen         80;
    server_name    $1 www.$1;
    access_log     off;
    return         301 https://\$server_name\$request_uri;
}

server {
    listen         443 ssl;
    server_name    $1 www.$1;
    access_log     off;
    # add Strict-Transport-Security to prevent man in the middle attacks
    add_header Strict-Transport-Security "max-age=31536000";
    # proxy_set_header X-Forwarded-Proto 'https';

    ssl on;
    ssl_certificate /mnt/certs/$1/server.crt;
    ssl_certificate_key /mnt/certs/$1/server.key;

    include /mnt/nginx/security.conf;
    location / {
        proxy_pass http://webservers;
    }
}
END

# Set up Wordpress
wp plugin activate wordpress-https --url=$1 --path=/path/to/wp/install --allow-root
wp search-replace 'http://' 'https://' --url=$1 --path=/path/to/wp/install --allow-root

echo "All Done."
echo "Make sure you add this to your wp-config.php file: define( 'FORCE_SSL_ADMIN', true );"
echo "You'll also need to reload your nginx configuration files: service nginx reload"