47 lines
1.7 KiB
Bash
47 lines
1.7 KiB
Bash
#!/bin/bash
|
|
# Make sure the 'essentials' are installed
|
|
# We use `nginx` as the script assumes the script for using nginx.org APT repos has been used (https://git.io/nginx-debian)
|
|
# Using `nginx-full` would in this case use the Debian/Ubuntu repos, which are a few versions behind.
|
|
sudo apt install -y nginx openssl curl
|
|
|
|
# Get acme.sh for issuing certificates
|
|
curl -L https://get.acme.sh/ | sudo bash
|
|
|
|
GIST="https://gist.github.com/Decicus/2f09db5d30f4f24e39de3792bba75b72/raw"
|
|
NGINX="/etc/nginx"
|
|
SSL_BASE="/srv/ssl"
|
|
|
|
# Create preferred base directory for storing SSL certificates
|
|
mkdir -p $SSL_BASE
|
|
chown -R root:root $SSL_BASE
|
|
chmod -R 600 $SSL_BASE
|
|
|
|
# Now the fun starts
|
|
|
|
# I have bash scripts that interact with acme.sh
|
|
# But I use zsh as the main shell
|
|
# Therefore I need a shared "environment file" that loads acme.sh
|
|
# And related environment variables
|
|
curl -L "$GIST/.acmeenv" > "$HOME/.acmeenv"
|
|
|
|
# Get the alias config for Let's Encrypt challenges:
|
|
curl -L "$GIST/letsencrypt.conf" > "$NGINX/letsencrypt.conf"
|
|
|
|
# Get the base SSL configuration
|
|
curl -L "$GIST/ssl_params.conf" > "$NGINX/ssl_params.conf"
|
|
|
|
# Get the base reverse proxy configuration
|
|
curl -L "$GIST/proxy_params" > "$NGINX/proxy_params"
|
|
|
|
# Get the PHP 7.4 FPM configuration (not enabled by default)
|
|
# You also need to install PHP before enabling it.
|
|
curl -L "$GIST/phpfpm.conf" > "$NGINX/phpfpm.conf"
|
|
|
|
# Get the dhparams file generation script, and execute.
|
|
curl -L "$GIST/generate-dhparams.sh" | sudo bash
|
|
|
|
# Add to ZSH/Bash config files
|
|
echo '. "$HOME/.acmeenv"' >> "$HOME/.zshrc";
|
|
echo '. "$HOME/.acmeenv"' >> "$HOME/.bashrc";
|
|
|
|
echo "Base setup done. Open this link for a base nginx site configuration: $GIST/000-default.conf" |