added skips for questions when not using SSL

2019-01-06 04:39:36 -07:00 · 2019-01-06 04:39:36 -07:00 · 5e03527996
commit 5e03527996
parent a539c547da
2 changed files with 47 additions and 20 deletions
--- a/.vscode/numbered-bookmarks.json
+++ b/.vscode/numbered-bookmarks.json
@ -5,14 +5,14 @@
 			"bookmarks": [
 				-1,
 				31,
-				44,
-				677,
+				45,
+				704,
 				-1,
 				-1,
 				-1,
 				-1,
 				-1,
-				354
+				179
 			]
 		}
 	]
--- a/setup.sh
+++ b/setup.sh
@ -33,6 +33,7 @@ unset noOSCP
 regexIP4="(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])"
 regexIP6="(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:)|fe80:(:[0-9a-fA-F]{0,4}){0,4}%[0-9a-zA-Z]{1,}|::(ffff(:0{1,4}){0,1}:){0,1}((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])|([0-9a-fA-F]{1,4}:){1,4}:((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9]))"
 regexHostname="(([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]*[a-zA-Z0-9])\.)*([A-Za-z0-9]|[A-Za-z0-9][A-Za-z0-9\-]*[A-Za-z0-9])"
+useSSL=1
 serverNames_working=()
 serverNames=()
 detectedIP=$(ip route get 1 | sed -n 's/^.*src \([0-9.]*\) .*$/\1/p')
@ -155,24 +156,16 @@ done


 ### SSL related options
-# using certbot?
-echo -e "\n${mag}If you are using Certbot, you only need to provide the primary domain name"
-echo "of your certificate and the script will auto-generate the paths NGINX needs to"
-echo "make everything work."
-echo -e "\nIf you haven't run Certbot yet, you can enter the domain you intend to use"
-echo "as your primary domain and the paths generated by this script will work after"
-echo -e "you run Certbot.  In that case, you will have to answer ${warn}'yes'${mag} when asked"
-echo -e "${warn}'Do you want to use this domain setting anyways?'${norm}\n"
+# enable SSL?
 while true; do
-    read -p "Are you using Certbot to handle your SSL certificates? (default: No) " yn
+    read -p "Do you want to enable SSL on this server? (default: Yes)" yn
    case "${yn}" in
-        [Yy]*)
-            useCertbot=1
+        [Yy]*|'')
+            usingSSL=1
            break
            ;;
-        [Nn]|'')
-            useCertbot=0
-            unset CertbotDomain
+        [Nn]*)
+            usingSSL=0
            break
            ;;
        [Xx]*)
@ -183,7 +176,39 @@ while true; do
            echo -e "\n${err}Please answer (Y)es, (N)o, e(X)it or accept default${norm}"
            ;;
    esac
-done            
+done
+
+# using certbot?
+if [ "${usingSSL}" -eq 1 ]; then
+    echo -e "\n${mag}If you are using Certbot, you only need to provide the primary domain name"
+    echo "of your certificate and the script will auto-generate the paths NGINX needs to"
+    echo "make everything work."
+    echo -e "\nIf you haven't run Certbot yet, you can enter the domain you intend to use"
+    echo "as your primary domain and the paths generated by this script will work after"
+    echo -e "you run Certbot.  In that case, you will have to answer ${warn}'yes'${mag} when asked"
+    echo -e "${warn}'Do you want to use this domain setting anyways?'${norm}\n"
+    while true; do
+        read -p "Are you using Certbot to handle your SSL certificates? (default: No) " yn
+        case "${yn}" in
+            [Yy]*)
+                useCertbot=1
+                break
+                ;;
+            [Nn]|'')
+                useCertbot=0
+                unset CertbotDomain
+                break
+                ;;
+            [Xx]*)
+                echo -e "\n${cyan}---exiting---\n${norm}"
+                exit 1
+                ;;
+            *)
+                echo -e "\n${err}Please answer (Y)es, (N)o, e(X)it or accept default${norm}"
+                ;;
+        esac
+    done
+fi

 # using Certbot: get primary domain name since that how Certbot determines paths
 if [ "${useCertbot}" -eq 1 ]; then
@ -253,8 +278,8 @@ if [ "${useCertbot}" -eq 1 ]; then
    CAChainPath="/etc/letsencrypt/live/${CertbotDomain}/chain.pem"
 fi

-# only process manual certificate paths if NOT using Certbot
-if [ "${useCertbot}" -eq 0 ]; then
+# only process manual certificate paths if using SSL and NOT using Certbot
+if [ "${useSSL}" -eq 1 ] && [ "${useCertbot}" -eq 0 ]; then
    echo -e "\n${mag}NGINX requires the full paths to your PEM formatted certificates, private keys"
    echo "and your CA-chain in order to serve pages securely and properly over SSL."
    echo "If you haven't generated/copied your certificates yet, you can enter the"
@ -390,6 +415,7 @@ if [ "${useCertbot}" -eq 0 ]; then
 fi

 # dhparam: get location of DH Parameters file
+if [ "${useSSL}" -eq 1 ]; then
 echo -e "\n${mag}Having your own unique Diffie-Hellman Parameters file makes your SSL"
 echo "communication more secure by helping to generate unique safe large prime"
 echo "numbers.  You shouldn't use any pre-installed dhparam.pem files. You should"
@ -462,6 +488,7 @@ while true; do
            ;;
    esac
 done
+fi


 ### PHP-FPM related options