lesstif/serve-tomcat.sh

## serve-tomcat.sh
#!/usr/bin/env bash

## Installation
# curl -o serve-tomcat.sh https://gist.githubusercontent.com/lesstif/4d162c4c8df756a65286/raw
# sudo mv serve-tomcat.sh /usr/local/bin/
# sudo chmod +x /usr/local/bin/serve-tomcat.sh

if [ "$#" -lt 2 ]; then
    echo "Error: missing required minimal 2 parameters.";
    echo "Usage: ";
    echo "  serve domain port [ssl]";
    exit 1;
fi

HOST=$1
PORT=$2
SSL=$3

## for RHEL derived distro
if [ ! -d "/etc/nginx/sites-available" ];then
    mkdir /etc/nginx/sites-available
fi

if [ ! -d "/etc/nginx/sites-enabled" ];then
    mkdir /etc/nginx/sites-enabled
fi

if [ ! -d "/etc/nginx/ssl" ];then
    mkdir /etc/nginx/ssl
fi

if [ "$SSL" != "" ];then
    mkdir /etc/nginx/ssl 2>/dev/null

    PATH_SSL="/etc/nginx/ssl"
    PATH_KEY="${PATH_SSL}/${1}.key"
    PATH_CSR="${PATH_SSL}/${1}.csr"
    PATH_CRT="${PATH_SSL}/${1}.crt"

    if [ ! -f "$PATH_KEY" ] || [ ! -f "$PATH_CSR" ] || [ ! -f "$PATH_CRT" ];then
      openssl genrsa -out "$PATH_KEY" 2048 2>/dev/null
      openssl req -new -key "$PATH_KEY" -out "$PATH_CSR" -subj "/CN=$1/O=Vagrant/C=UK" 2>/dev/null
      openssl x509 -req -days 365 -in "$PATH_CSR" -signkey "$PATH_KEY" -out "$PATH_CRT" 2>/dev/null
    fi
fi

block="##server {
    ##listen       80;
    ##server_name  ${HOST};
    ### root         html;

    ### proxy the PHP scripts to Apache listening on 127.0.0.1:80
    ###
    ##location / {
    ##    return 301 https://\$server_name\$request_uri;
    ##}
##}

# HTTPS server
#
server {
    listen       80;
    listen       443;
    server_name  ${HOST};
    root         html;

    server_tokens off;
    fastcgi_hide_header X-Powered-By;

    index index.html index.htm;
    charset utf-8;

    location = /favicon.ico { access_log off; log_not_found off; }
    location = /robots.txt  { access_log off; log_not_found off; }

    access_log /var/log/nginx/${HOST}-access.log combined;
    error_log  /var/log/nginx/${HOST}-error.log error;

    # Default is HTTP/1, keepalive is only enabled in HTTP/1.1
    proxy_http_version 1.1;

    # Remove the Connection header if the client sends it,
    # it could be "close" to close a keepalive connection
    proxy_set_header Connection \"\";

    ## Create a backup of <TOMCAT_INSTALL>/conf/server.xml before editing it.
    ## Edit the HTTPS connector so that it has the parameters that point to the key store:
    ## scheme="https" proxyName="your.host.com" proxyPort="443" secure="true"
    location / {
        proxy_pass   http://127.0.0.1:${PORT};

        proxy_set_header        Host                    \$host;

        ## if your web server using other port(for example, 6080 with port forwarding), you need append exposed port number;
        ## See https://wiki.jenkins.io/display/JENKINS/Jenkins+behind+an+NGinX+reverse+proxy
        # proxy_set_header        Host                    \$host:6080;
        # proxy_redirect        http://127.0.0.1:\${PORT}  https://jenkins.domain.tld:6080;

        proxy_set_header        X-Real-IP               \$remote_addr;
        proxy_set_header        X-Forwarded-For         \$proxy_add_x_forwarded_for;
        proxy_set_header        X-Forwarded-Proto       \$scheme;

        ## prevent 504 timeout. default 60s;
        proxy_connect_timeout       90;
        proxy_send_timeout          90;
        proxy_read_timeout          90;
        send_timeout                90;
    }
    sendfile off;
    client_max_body_size 100m;
    location ~ /\.ht {
        deny all;
    }

    #ssl                  on;
    #ssl_certificate     /etc/nginx/ssl/${HOST}.crt;
    #ssl_certificate_key /etc/nginx/ssl/${HOST}.key;

    ### RHEL/CentOS derived distro.
    # ssl_certificate     /etc/pki/tls/certs/${HOST}.crt;
    # ssl_certificate_key /etc/pki/tls/private/${HOST}.key;

    ssl_session_timeout  5m;

    ### Dropping SSLv3, ref: POODLE
    ### TLS 1.3 works only when nginx(1.13.0) and OpenSSL 1.1.1 with TLSv1.3 support option.
    # ssl_protocols TLSv1.3 TLSv1.2 TLSv1.1 TLSv1;
    # ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';

    ### HSTS(HTTP Strict Transport Security)
    # add_header Strict-Transport-Security \"max-age=86400; includeSubdomains; preload\";
}
"

echo "$block" > "/etc/nginx/sites-available/${HOST}"
ln -fs "/etc/nginx/sites-available/${HOST}" "/etc/nginx/sites-enabled/${HOST}"
service nginx restart

## check include sites-enabled directive
RED='\033[0;31m'
NC='\033[0m' # No Color

## detect distro
LSB_EXISTS=`command -v lsb_release`

if [[ ! -z "$LSB_EXISTS" ]];then
    DISTRO=$(lsb_release -i | cut -d: -f2 | sed s/'^\t'//|tr '[:lower:]' '[:upper:]')
else
#	echo "lsb_release not found"
    DISTRO=$(cat /etc/os-release | grep ^NAME | cut -d'=' -f2 | \
            cut -d'"' -f2|cut -d' ' -f1 | \
            tr '[:lower:]' '[:upper:]')
fi

if [ "$DISTRO" == "CENTOS" -o "$DISTRO" == "REDHAT" -o "$DISTRO" == "AMAZON LINUX AMI" ];then
    printf "\nyou must add '${RED}include /etc/nginx/sites-enabled/*;' into /etc/nginx/nginx.conf${NC}"
fi

if [ "$DISTRO" == "CENTOS" -o "$DISTRO" == "REDHAT" ];then
    printf  "\n\nSELinux user must adding port context. \n\n";
    printf "${RED}semanage port -a -p tcp -t http_port_t ${PORT}${NC}\n\n";
fi
	#!/usr/bin/env bash

	## Installation
	# curl -o serve-tomcat.sh https://gist.githubusercontent.com/lesstif/4d162c4c8df756a65286/raw
	# sudo mv serve-tomcat.sh /usr/local/bin/
	# sudo chmod +x /usr/local/bin/serve-tomcat.sh

	if [ "$#" -lt 2 ]; then
	echo "Error: missing required minimal 2 parameters.";
	echo "Usage: ";
	echo " serve domain port [ssl]";
	exit 1;
	fi

	HOST=$1
	PORT=$2
	SSL=$3

	## for RHEL derived distro
	if [ ! -d "/etc/nginx/sites-available" ];then
	mkdir /etc/nginx/sites-available
	fi

	if [ ! -d "/etc/nginx/sites-enabled" ];then
	mkdir /etc/nginx/sites-enabled
	fi

	if [ ! -d "/etc/nginx/ssl" ];then
	mkdir /etc/nginx/ssl
	fi

	if [ "$SSL" != "" ];then
	mkdir /etc/nginx/ssl 2>/dev/null

	PATH_SSL="/etc/nginx/ssl"
	PATH_KEY="${PATH_SSL}/${1}.key"
	PATH_CSR="${PATH_SSL}/${1}.csr"
	PATH_CRT="${PATH_SSL}/${1}.crt"

	if [ ! -f "$PATH_KEY" ] \|\| [ ! -f "$PATH_CSR" ] \|\| [ ! -f "$PATH_CRT" ];then
	openssl genrsa -out "$PATH_KEY" 2048 2>/dev/null
	openssl req -new -key "$PATH_KEY" -out "$PATH_CSR" -subj "/CN=$1/O=Vagrant/C=UK" 2>/dev/null
	openssl x509 -req -days 365 -in "$PATH_CSR" -signkey "$PATH_KEY" -out "$PATH_CRT" 2>/dev/null
	fi
	fi

	block="##server {
	##listen 80;
	##server_name ${HOST};
	### root html;

	### proxy the PHP scripts to Apache listening on 127.0.0.1:80
	###
	##location / {
	## return 301 https://\$server_name\$request_uri;
	##}
	##}

	# HTTPS server
	#
	server {
	listen 80;
	listen 443;
	server_name ${HOST};
	root html;

	server_tokens off;
	fastcgi_hide_header X-Powered-By;

	index index.html index.htm;
	charset utf-8;

	location = /favicon.ico { access_log off; log_not_found off; }
	location = /robots.txt { access_log off; log_not_found off; }

	access_log /var/log/nginx/${HOST}-access.log combined;
	error_log /var/log/nginx/${HOST}-error.log error;

	# Default is HTTP/1, keepalive is only enabled in HTTP/1.1
	proxy_http_version 1.1;

	# Remove the Connection header if the client sends it,
	# it could be "close" to close a keepalive connection
	proxy_set_header Connection \"\";

	## Create a backup of <TOMCAT_INSTALL>/conf/server.xml before editing it.
	## Edit the HTTPS connector so that it has the parameters that point to the key store:
	## scheme="https" proxyName="your.host.com" proxyPort="443" secure="true"
	location / {
	proxy_pass http://127.0.0.1:${PORT};

	proxy_set_header Host \$host;

	## if your web server using other port(for example, 6080 with port forwarding), you need append exposed port number;
	## See https://wiki.jenkins.io/display/JENKINS/Jenkins+behind+an+NGinX+reverse+proxy
	# proxy_set_header Host \$host:6080;
	# proxy_redirect http://127.0.0.1:\${PORT} https://jenkins.domain.tld:6080;

	proxy_set_header X-Real-IP \$remote_addr;
	proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
	proxy_set_header X-Forwarded-Proto \$scheme;

	## prevent 504 timeout. default 60s;
	proxy_connect_timeout 90;
	proxy_send_timeout 90;
	proxy_read_timeout 90;
	send_timeout 90;
	}
	sendfile off;
	client_max_body_size 100m;
	location ~ /\.ht {
	deny all;
	}

	#ssl on;
	#ssl_certificate /etc/nginx/ssl/${HOST}.crt;
	#ssl_certificate_key /etc/nginx/ssl/${HOST}.key;

	### RHEL/CentOS derived distro.
	# ssl_certificate /etc/pki/tls/certs/${HOST}.crt;
	# ssl_certificate_key /etc/pki/tls/private/${HOST}.key;

	ssl_session_timeout 5m;

	### Dropping SSLv3, ref: POODLE
	### TLS 1.3 works only when nginx(1.13.0) and OpenSSL 1.1.1 with TLSv1.3 support option.
	# ssl_protocols TLSv1.3 TLSv1.2 TLSv1.1 TLSv1;
	# ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';

	### HSTS(HTTP Strict Transport Security)
	# add_header Strict-Transport-Security \"max-age=86400; includeSubdomains; preload\";
	}
	"

	echo "$block" > "/etc/nginx/sites-available/${HOST}"
	ln -fs "/etc/nginx/sites-available/${HOST}" "/etc/nginx/sites-enabled/${HOST}"
	service nginx restart

	## check include sites-enabled directive
	RED='\033[0;31m'
	NC='\033[0m' # No Color

	## detect distro
	LSB_EXISTS=`command -v lsb_release`

	if [[ ! -z "$LSB_EXISTS" ]];then
	DISTRO=$(lsb_release -i \| cut -d: -f2 \| sed s/'^\t'//\|tr '[:lower:]' '[:upper:]')
	else
	# echo "lsb_release not found"
	DISTRO=$(cat /etc/os-release \| grep ^NAME \| cut -d'=' -f2 \| \
	cut -d'"' -f2\|cut -d' ' -f1 \| \
	tr '[:lower:]' '[:upper:]')
	fi

	if [ "$DISTRO" == "CENTOS" -o "$DISTRO" == "REDHAT" -o "$DISTRO" == "AMAZON LINUX AMI" ];then
	printf "\nyou must add '${RED}include /etc/nginx/sites-enabled/*;' into /etc/nginx/nginx.conf${NC}"
	fi

	if [ "$DISTRO" == "CENTOS" -o "$DISTRO" == "REDHAT" ];then
	printf "\n\nSELinux user must adding port context. \n\n";
	printf "${RED}semanage port -a -p tcp -t http_port_t ${PORT}${NC}\n\n";
	fi