asif
/
nginx-basic
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

added skips for questions when not using SSL

This commit is contained in:
Asif Bacchus 2019-01-06 04:39:36 -07:00
parent a539c547da
commit 5e03527996
2 changed files with 47 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
.vscode/numbered-bookmarks.json vendored
View File

@ -5,14 +5,14 @@
"bookmarks": [ "bookmarks": [
-1, -1,
31, 31,
44, 45,
677, 704,
-1, -1,
-1, -1,
-1, -1,
-1, -1,
-1, -1,
354 179
] ]
} }
] ]

61
setup.sh
View File

@ -33,6 +33,7 @@ unset noOSCP
regexIP4="(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])" regexIP4="(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])"
regexIP6="(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:)|fe80:(:[0-9a-fA-F]{0,4}){0,4}%[0-9a-zA-Z]{1,}|::(ffff(:0{1,4}){0,1}:){0,1}((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])|([0-9a-fA-F]{1,4}:){1,4}:((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9]))" regexIP6="(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:)|fe80:(:[0-9a-fA-F]{0,4}){0,4}%[0-9a-zA-Z]{1,}|::(ffff(:0{1,4}){0,1}:){0,1}((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])|([0-9a-fA-F]{1,4}:){1,4}:((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9]))"
regexHostname="(([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]*[a-zA-Z0-9])\.)*([A-Za-z0-9]|[A-Za-z0-9][A-Za-z0-9\-]*[A-Za-z0-9])" regexHostname="(([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]*[a-zA-Z0-9])\.)*([A-Za-z0-9]|[A-Za-z0-9][A-Za-z0-9\-]*[A-Za-z0-9])"
useSSL=1
serverNames_working=() serverNames_working=()
serverNames=() serverNames=()
detectedIP=$(ip route get 1 | sed -n 's/^.*src \([0-9.]*\) .*$/\1/p') detectedIP=$(ip route get 1 | sed -n 's/^.*src \([0-9.]*\) .*$/\1/p')
@ -155,24 +156,16 @@ done
### SSL related options ### SSL related options
# using certbot? # enable SSL?
echo -e "\n${mag}If you are using Certbot, you only need to provide the primary domain name"
echo "of your certificate and the script will auto-generate the paths NGINX needs to"
echo "make everything work."
echo -e "\nIf you haven't run Certbot yet, you can enter the domain you intend to use"
echo "as your primary domain and the paths generated by this script will work after"
echo -e "you run Certbot. In that case, you will have to answer ${warn}'yes'${mag} when asked"
echo -e "${warn}'Do you want to use this domain setting anyways?'${norm}\n"
while true; do while true; do
read -p "Are you using Certbot to handle your SSL certificates? (default: No) " yn read -p "Do you want to enable SSL on this server? (default: Yes)" yn
case "${yn}" in case "${yn}" in
[Yy]*) [Yy]*|'')
useCertbot=1 usingSSL=1
break break
;; ;;
[Nn]|'') [Nn]*)
useCertbot=0 usingSSL=0
unset CertbotDomain
break break
;; ;;
[Xx]*) [Xx]*)
@ -183,7 +176,39 @@ while true; do
echo -e "\n${err}Please answer (Y)es, (N)o, e(X)it or accept default${norm}" echo -e "\n${err}Please answer (Y)es, (N)o, e(X)it or accept default${norm}"
;; ;;
esac esac
done done
# using certbot?
if [ "${usingSSL}" -eq 1 ]; then
echo -e "\n${mag}If you are using Certbot, you only need to provide the primary domain name"
echo "of your certificate and the script will auto-generate the paths NGINX needs to"
echo "make everything work."
echo -e "\nIf you haven't run Certbot yet, you can enter the domain you intend to use"
echo "as your primary domain and the paths generated by this script will work after"
echo -e "you run Certbot. In that case, you will have to answer ${warn}'yes'${mag} when asked"
echo -e "${warn}'Do you want to use this domain setting anyways?'${norm}\n"
while true; do
read -p "Are you using Certbot to handle your SSL certificates? (default: No) " yn
case "${yn}" in
[Yy]*)
useCertbot=1
break
;;
[Nn]|'')
useCertbot=0
unset CertbotDomain
break
;;
[Xx]*)
echo -e "\n${cyan}---exiting---\n${norm}"
exit 1
;;
*)
echo -e "\n${err}Please answer (Y)es, (N)o, e(X)it or accept default${norm}"
;;
esac
done
fi
# using Certbot: get primary domain name since that how Certbot determines paths # using Certbot: get primary domain name since that how Certbot determines paths
if [ "${useCertbot}" -eq 1 ]; then if [ "${useCertbot}" -eq 1 ]; then
@ -253,8 +278,8 @@ if [ "${useCertbot}" -eq 1 ]; then
CAChainPath="/etc/letsencrypt/live/${CertbotDomain}/chain.pem" CAChainPath="/etc/letsencrypt/live/${CertbotDomain}/chain.pem"
fi fi
# only process manual certificate paths if NOT using Certbot # only process manual certificate paths if using SSL and NOT using Certbot
if [ "${useCertbot}" -eq 0 ]; then if [ "${useSSL}" -eq 1 ] && [ "${useCertbot}" -eq 0 ]; then
echo -e "\n${mag}NGINX requires the full paths to your PEM formatted certificates, private keys" echo -e "\n${mag}NGINX requires the full paths to your PEM formatted certificates, private keys"
echo "and your CA-chain in order to serve pages securely and properly over SSL." echo "and your CA-chain in order to serve pages securely and properly over SSL."
echo "If you haven't generated/copied your certificates yet, you can enter the" echo "If you haven't generated/copied your certificates yet, you can enter the"
@ -390,6 +415,7 @@ if [ "${useCertbot}" -eq 0 ]; then
fi fi
# dhparam: get location of DH Parameters file # dhparam: get location of DH Parameters file
if [ "${useSSL}" -eq 1 ]; then
echo -e "\n${mag}Having your own unique Diffie-Hellman Parameters file makes your SSL" echo -e "\n${mag}Having your own unique Diffie-Hellman Parameters file makes your SSL"
echo "communication more secure by helping to generate unique safe large prime" echo "communication more secure by helping to generate unique safe large prime"
echo "numbers. You shouldn't use any pre-installed dhparam.pem files. You should" echo "numbers. You shouldn't use any pre-installed dhparam.pem files. You should"
@ -462,6 +488,7 @@ while true; do
;; ;;
esac esac
done done
fi
### PHP-FPM related options ### PHP-FPM related options