116 lines
3.4 KiB
Bash
116 lines
3.4 KiB
Bash
#!/bin/bash
|
|
|
|
INSTALL_ACMESH=0;
|
|
DOWNLOAD_DEFAULT=0;
|
|
|
|
GIST="https://gist.github.com/Decicus/2f09db5d30f4f24e39de3792bba75b72/raw"
|
|
NGINX="/etc/nginx"
|
|
SSL_BASE="/srv/ssl"
|
|
DEFAULT_DIR="$NGINX/conf.d";
|
|
DEFAULT_NAME="000-default.conf";
|
|
DH_PARAMS_BITS=2048;
|
|
|
|
help()
|
|
{
|
|
cat << EOF
|
|
usage: $0
|
|
Install the \`nginx\` package via apt and add extra configuration files.
|
|
OPTIONS:
|
|
-h Shows helptext
|
|
-a Installs acme.sh and downloads "bootstrapping" files.
|
|
-d Downloads the $DEFAULT_NAME file into $DEFAULT_DIR
|
|
-b Use 4096 bits for dhparams (default: $DH_PARAMS_BITS)
|
|
EOF
|
|
}
|
|
|
|
while getopts "hadb" opt; do
|
|
case $opt in
|
|
h)
|
|
help
|
|
exit 0
|
|
;;
|
|
a)
|
|
INSTALL_ACMESH=1;
|
|
echo "Installing and bootstrapping \`acme.sh\`";
|
|
;;
|
|
d)
|
|
DOWNLOAD_DEFAULT=1;
|
|
echo "Downloading 000-default.conf to /etc/nginx/conf.d";
|
|
;;
|
|
b)
|
|
DH_PARAMS_BITS=4096;
|
|
echo "Using 4096 bits for dhparams";
|
|
;;
|
|
\?)
|
|
echo "Invalid option: -$OPTARG" >&2
|
|
exit 1
|
|
;;
|
|
:)
|
|
echo "Option -$OPTARG requires an argument." >&2
|
|
exit 1
|
|
;;
|
|
esac
|
|
done
|
|
|
|
# Make sure the 'essentials' are installed
|
|
# We use `nginx` as the script assumes the script for using nginx.org APT repos has been used (https://git.io/nginx-debian)
|
|
# Using `nginx-full` would in this case use the Debian/Ubuntu repos, which are a few versions behind.
|
|
sudo apt install -y nginx openssl curl
|
|
|
|
if [[ $INSTALL_ACMESH != 0 ]]; then
|
|
# Get acme.sh for issuing certificates
|
|
curl -L https://get.acme.sh/ | sudo bash
|
|
fi
|
|
|
|
# Create preferred base directory for storing SSL certificates
|
|
mkdir -p $SSL_BASE
|
|
chown -R root:root $SSL_BASE
|
|
chmod -R 600 $SSL_BASE
|
|
|
|
# Now the fun starts
|
|
|
|
# I have bash scripts that interact with acme.sh
|
|
# But I use zsh as the main shell
|
|
# Therefore I need a shared "environment file" that loads acme.sh
|
|
# And related environment variables
|
|
if [[ $INSTALL_ACMESH != 0 ]]; then
|
|
# Add to ZSH/Bash config files
|
|
curl -L "$GIST/.acmeenv" > "$HOME/.acmeenv"
|
|
echo '. "$HOME/.acmeenv"' >> "$HOME/.zshrc";
|
|
echo '. "$HOME/.acmeenv"' >> "$HOME/.bashrc";
|
|
fi
|
|
|
|
# Get the alias config for Let's Encrypt challenges:
|
|
curl -L "$GIST/letsencrypt.conf" > "$NGINX/letsencrypt.conf"
|
|
|
|
# Get the base SSL configuration
|
|
curl -L "$GIST/ssl_params.conf" > "$NGINX/ssl_params.conf"
|
|
|
|
# Get the base reverse proxy configuration
|
|
curl -L "$GIST/proxy_params" > "$NGINX/proxy_params"
|
|
|
|
# Get the PHP 8.1 FPM configuration (not enabled by default)
|
|
# You also need to install PHP before enabling it.
|
|
curl -L "$GIST/phpfpm.conf" > "$NGINX/phpfpm.conf"
|
|
|
|
# Get the dhparams file generation script, and execute.
|
|
DH_PARAMS_TEMP="$(mktemp)";
|
|
curl -L "$GIST/generate-dhparams.sh" -o "${DH_PARAMS_TEMP}";
|
|
sudo bash "${DH_PARAMS_TEMP}" $DH_PARAMS_BITS;
|
|
rm "${DH_PARAMS_TEMP}";
|
|
|
|
# Check if systemd is installed and enable the service.
|
|
# Since I usually just install stock Debian with systemd, this may not be required.
|
|
CHECK_SYSTEMD=$(whereis systemctl)
|
|
if [[ $? -eq 0 ]]; then
|
|
systemctl enable --now nginx
|
|
fi
|
|
|
|
if [[ $DOWNLOAD_DEFAULT != 0 ]]; then
|
|
curl -L "$GIST/$DEFAULT_NAME" > "$DEFAULT_DIR/$DEFAULT_NAME"
|
|
|
|
# Remove the default configuration included when installing nginx.
|
|
rm /etc/nginx/conf.d/default.conf
|
|
fi
|
|
|
|
echo "Base setup done. Open this link for a base nginx site configuration: $GIST/$DEFAULT_NAME" |