nginx-basic/setup.sh

360 lines
12 KiB
Bash
Raw Normal View History

2019-01-04 22:04:29 -07:00
#!/bin/bash
#######
### Update NGINX configuration '<tags>' with proper values and optionally copy
### to updated directory structure
#######
### text formatting ansi codes
2019-01-04 22:04:29 -07:00
err="\e[1;31m"
ok="\e[1;32m"
warn="\e[93m"
mag="\e[95m"
cyan="\e[96m"
norm="\e[0m"
### set variables
unset IP4
unset useCertbot
unset CertbotDomain
unset CertPath
2019-01-04 22:56:24 -07:00
unset KeyPath
unset CAChainPath
2019-01-04 23:21:44 -07:00
unset DHPath
certbotFiles=(cert.pem chain.pem fullchain.pem privkey.pem)
2019-01-04 22:04:29 -07:00
detectedIP=$(ip route get 1 | sed -n 's/^.*src \([0-9.]*\) .*$/\1/p')
regexIP4="(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])"
regexHostname="(([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]*[a-zA-Z0-9])\.)*([A-Za-z0-9]|[A-Za-z0-9][A-Za-z0-9\-]*[A-Za-z0-9])"
2019-01-04 22:04:29 -07:00
### quick intro for the user
2019-01-04 22:04:29 -07:00
echo -e "\n${mag}This script will customize the provided NGINX template files for your"
echo "environment. You will be prompted for all necessary information. After that,"
echo "default error pages will be copied to your webroot and your NGINX configuration"
echo -e "directory structure will be customized.${norm}\n"
echo -e "${warn}You may accept the default option (listed in brackets) by simply"
echo "pressing ENTER (i.e. no answer)."
echo -e "You may exit this script at any prompt by typing 'X'${norm}\n"
2019-01-04 22:06:05 -07:00
### get local IP address
while true; do
read -p "What is this NGINX machine's primary local IP4 address? (${detectedIP}) " inputIP
case "${inputIP}" in
'')
IP4="${detectedIP}"
break
;;
[Xx]*)
echo -e "\n${cyan}---exiting---\n${norm}"
exit 1
;;
*)
# check IP for validity
if [[ "${inputIP}" =~ ^${regexIP4}$ ]]; then
IP4="${inputIP}"
break
else
echo -e "\n${err}Invalid IP4 format (xxx.xxx.xxx.xxx)${norm}"
fi
;;
esac
done
2019-01-04 22:04:29 -07:00
### SSL related options
# using certbot?
while true; do
read -p "Are you using Certbot to handle your SSL certificates? (default: NO) " yn
case "${yn}" in
[Yy]*)
useCertbot=1
break
;;
[Nn]|'')
useCertbot=0
unset CertbotDomain
break
;;
[Xx]*)
echo -e "\n${cyan}---exiting---\n${norm}"
exit 1
;;
*)
echo -e "\n${err}Please answer (Y)es, (N)o, e(X)it or accept default${norm}"
;;
esac
done
# using Certbot: get primary domain name since that how Certbot determines paths
if [ "${useCertbot}" -eq 1 ]; then
while true; do
read -p "What is the primary domain for your Certbot Certificates? " inputCertbotDomain
case "${inputCertbotDomain}" in
'')
echo -e "\n${err}You cannot have an empty domain name${norm}"
;;
[Xx]*)
echo -e "\n${cyan}---exiting---\n${norm}"
exit 1
;;
*)
# check hostname for validity
if [[ ! "${inputCertbotDomain}" =~ ^${regexHostname}$ ]]; then
echo -e "\n${err}Invalid hostname${norm}"
else
# check if Certbot files exist in path implied from hostname
echo -e "\n${cyan}Verifying Certbot files..."
echo -e "(/etc/letsencrypt/live/${inputCertbotDomain}/...)${norm}"
certbotBadFile=()
for certbotFile in "${certbotFiles[@]}"; do
if [ -f "/etc/letsencrypt/live/${inputCertbotDomain}/$certbotFile" ]; then
echo -e "File: ${certbotFile} -- ${ok}OK${norm}"
else
echo -e "File: ${certbotFile} -- ${err}X${norm}"
certbotBadFile+=("${certbotFile}")
fi
done
if [ -z "${certbotBadFile}" ]; then
2019-01-05 00:36:29 -07:00
echo -e "${cyan}Certbot files seem intact${norm}\n"
CertbotDomain="${inputCertbotDomain}"
break
else
echo -e "\n${err}The following files are missing from ${inputCertbotDomain}:"
echo -e "${warn}${certbotBadFile[@]}${norm}"
echo -e "${err}These files are all required for proper SSL operation of NGINX using Certbot.${norm}\n"
while true; do
read -p "Do you want to use these settings anyways? " yn
case "${yn}" in
[Yy]*)
CertbotDomain="${inputCertbotDomain}"
break
;;
[Nn]*)
break
;;
*)
;;
esac
done
fi
if [ -n "${CertbotDomain}" ]; then
break
fi
fi
;;
esac
done
fi
2019-01-04 23:32:56 -07:00
# Generate paths from CertbotDomain
if [ "${useCertbot}" -eq 1 ]; then
CertPath="/etc/letsencrypt/live/${CertbotDomain}/fullchain.pem"
KeyPath="/etc/letsencrypt/live/${CertbotDomain}/privkey.pem"
CAChainPath="/etc/letsencrypt/live/${CertbotDomain}/chain.pem"
2019-01-04 23:32:56 -07:00
fi
# only process manual certificate paths if NOT using Certbot
if [ "${useCertbot}" -eq 0 ]; then
# not using Certbot: get location of certificate
while true; do
read -p "What is the path to your primary SSL certificate? " inputCertPath
case "${inputCertPath}" in
'')
echo -e "\n${err}You cannot have an empty path to your SSL certificate${norm}"
;;
[Xx]*)
echo -e "\n${cyan}---exiting---\n${norm}"
exit 1
;;
*)
# validate path
if [ -f "${inputCertPath}" ]; then
CertPath="${inputCertPath}"
2019-01-04 22:50:24 -07:00
break
else
echo -e "\n${warn}The file you specified doesn't exist${norm}"
while true; do
read -p "Do you want to use this path anyways? " yn
case $yn in
[Yy]*)
CertPath="${inputCertPath}"
break
;;
[Nn]*)
break
;;
*)
;;
esac
done
if [ -n "${CertPath}" ]; then
break
fi
2019-01-04 22:50:24 -07:00
fi
;;
esac
done
2019-01-04 22:50:24 -07:00
# not using Certbot: get location of private key
while true; do
read -p "What is the path to your primary SSL private key? " inputKeyPath
case "${inputKeyPath}" in
'')
echo -e "\n${err}You cannot have an empty path to your SSL private key${norm}"
;;
[Xx]*)
echo -e "\n${cyan}---exiting---\n${norm}"
exit 1
;;
*)
# validate path
if [ -f "${inputKeyPath}" ]; then
KeyPath="${inputKeyPath}"
2019-01-04 22:56:24 -07:00
break
else
echo -e "\n${warn}The file you specified doesn't exist${norm}"
while true; do
read -p "Do you want to use this path anyways? " yn
case $yn in
[Yy]*)
KeyPath="${inputKeyPath}"
break
;;
[Nn]*)
break
;;
*)
;;
esac
done
if [ -n "${KeyPath}" ]; then
break
fi
2019-01-04 22:56:24 -07:00
fi
;;
esac
done
2019-01-04 23:21:44 -07:00
2019-01-04 23:40:05 -07:00
# not using Certbot: get location of CA Certificate Chain
while true; do
read -p "What is the path to your primary SSL CA Chain certificate? " inputCAChainPath
case "${inputCAChainPath}" in
'')
echo -e "\n${err}You cannot have an empty path to your SSL CA Chain certificate${norm}"
;;
[Xx]*)
echo -e "\n${cyan}---exiting---\n${norm}"
exit 1
;;
*)
# validate path
if [ -f "${inputCAChainPath}" ]; then
CAChainPath="${inputCAChainPath}"
break
else
echo -e "\n${warn}The file you specified doesn't exist${norm}"
while true; do
read -p "Do you want to use this path anyways? " yn
case $yn in
[Yy]*)
CAChainPath="${inputCAChainPath}"
break
;;
[Nn]*)
break
;;
*)
;;
esac
done
if [ -n "${CAChainPath}" ]; then
break
fi
fi
;;
esac
done
fi
2019-01-04 23:40:05 -07:00
# dhparam: get location of DH Parameters file
while true; do
read -p "What is the path to your DH Parameters file? (default: /etc/ssl/certs/dhparam.pem) " inputDHPath
case "${inputDHPath}" in
'')
# verify default path exists
inputDHPath="/etc/ssl/certs/dhparam.pem"
if [ -f "${inputDHPath}" ]; then
DHPath="${inputDHPath}"
break
else
echo -e "\n${warn}The file you specified doesn't exist${norm}"
while true; do
read -p "Do you want to use this path anyways? " yn
case $yn in
[Yy]*)
DHPath="${inputDHPath}"
break
;;
[Nn]*)
break
;;
*)
;;
esac
done
if [ -n "${DHPath}" ]; then
2019-01-04 23:21:44 -07:00
break
fi
fi
;;
[Xx]*)
echo -e "\n${cyan}---exiting---\n${norm}"
exit 1
;;
*)
# validate path
if [ -f "${inputDHPath}" ]; then
DHPath="${inputDHPath}"
break
else
echo -e "\n${warn}The file you specified doesn't exist${norm}"
while true; do
read -p "Do you want to use this path anyways? " yn
case $yn in
[Yy]*)
DHPath="${inputDHPath}"
break
;;
[Nn]*)
break
;;
*)
;;
esac
done
if [ -n "${DHPath}" ]; then
2019-01-04 23:21:44 -07:00
break
fi
fi
;;
esac
done
# debug section
2019-01-05 00:36:29 -07:00
echo -e "\n${mag}---------------------${norm}"
echo "Local IP4: $IP4"
echo "Using Certbot: $useCertbot"
echo "CertbotDomain: $CertbotDomain"
2019-01-04 22:50:24 -07:00
echo "CertPath: $CertPath"
2019-01-04 22:56:24 -07:00
echo "KeyPath: $KeyPath"
2019-01-04 23:40:05 -07:00
echo "CA-Chain: $CAChainPath"
2019-01-04 23:21:44 -07:00
echo "DHPath: $DHPath"
2019-01-04 22:04:29 -07:00
exit 0