368 lines
12 KiB
Bash
368 lines
12 KiB
Bash
#!/bin/bash
|
|
|
|
#######
|
|
### Update NGINX configuration '<tags>' with proper values and optionally copy
|
|
### to updated directory structure
|
|
#######
|
|
|
|
|
|
### text formatting ansi codes
|
|
err="\e[1;31m"
|
|
ok="\e[1;32m"
|
|
warn="\e[93m"
|
|
mag="\e[95m"
|
|
cyan="\e[96m"
|
|
norm="\e[0m"
|
|
|
|
|
|
### set variables
|
|
|
|
unset IP4
|
|
unset useCertbot
|
|
unset CertbotDomain
|
|
unset CertPath
|
|
unset KeyPath
|
|
unset CAChainPath
|
|
unset DHPath
|
|
|
|
certbotFiles=(cert.pem chain.pem fullchain.pem privkey.pem)
|
|
detectedIP=$(ip route get 1 | sed -n 's/^.*src \([0-9.]*\) .*$/\1/p')
|
|
regexIP4="(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])"
|
|
regexHostname="(([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]*[a-zA-Z0-9])\.)*([A-Za-z0-9]|[A-Za-z0-9][A-Za-z0-9\-]*[A-Za-z0-9])"
|
|
|
|
|
|
### quick intro for the user
|
|
echo -e "\n${mag}This script will customize the provided NGINX template files for your"
|
|
echo "environment. You will be prompted for all necessary information. After that,"
|
|
echo "default error pages will be copied to your webroot and your NGINX configuration"
|
|
echo -e "directory structure will be customized.${norm}\n"
|
|
echo -e "${warn}You may accept the default option (listed in brackets) by simply"
|
|
echo "pressing ENTER (i.e. no answer)."
|
|
echo -e "You may exit this script at any prompt by typing 'X'${norm}\n"
|
|
|
|
|
|
### get local IP address
|
|
while true; do
|
|
read -p "What is this NGINX machine's primary local IP4 address? (${detectedIP}) " inputIP
|
|
case "${inputIP}" in
|
|
'')
|
|
IP4="${detectedIP}"
|
|
break
|
|
;;
|
|
[Xx]*)
|
|
echo -e "\n${cyan}---exiting---\n${norm}"
|
|
exit 1
|
|
;;
|
|
*)
|
|
# check IP for validity
|
|
if [[ "${inputIP}" =~ ^${regexIP4}$ ]]; then
|
|
IP4="${inputIP}"
|
|
break
|
|
else
|
|
echo -e "\n${err}Invalid IP4 format (xxx.xxx.xxx.xxx)${norm}"
|
|
fi
|
|
;;
|
|
esac
|
|
done
|
|
|
|
|
|
### SSL related options
|
|
# using certbot?
|
|
while true; do
|
|
read -p "Are you using Certbot to handle your SSL certificates? (default: NO) " yn
|
|
case "${yn}" in
|
|
[Yy]*)
|
|
useCertbot=1
|
|
break
|
|
;;
|
|
[Nn]|'')
|
|
useCertbot=0
|
|
unset CertbotDomain
|
|
break
|
|
;;
|
|
[Xx]*)
|
|
echo -e "\n${cyan}---exiting---\n${norm}"
|
|
exit 1
|
|
;;
|
|
*)
|
|
echo -e "\n${err}Please answer (Y)es, (N)o, e(X)it or accept default${norm}"
|
|
;;
|
|
esac
|
|
done
|
|
|
|
# using Certbot: get primary domain name since that how Certbot determines paths
|
|
if [ "${useCertbot}" -eq 1 ]; then
|
|
while true; do
|
|
read -p "What is the primary domain for your Certbot Certificates? " inputCertbotDomain
|
|
case "${inputCertbotDomain}" in
|
|
'')
|
|
echo -e "\n${err}You cannot have an empty domain name${norm}"
|
|
;;
|
|
[Xx]*)
|
|
echo -e "\n${cyan}---exiting---\n${norm}"
|
|
exit 1
|
|
;;
|
|
*)
|
|
# check hostname for validity
|
|
if [[ ! "${inputCertbotDomain}" =~ ^${regexHostname}$ ]]; then
|
|
echo -e "\n${err}Invalid hostname${norm}"
|
|
else
|
|
# check if Certbot files exist in path implied from hostname
|
|
echo -e "\n${cyan}Verifying Certbot files..."
|
|
echo -e "(/etc/letsencrypt/live/${inputCertbotDomain}/...)${norm}"
|
|
certbotBadFile=()
|
|
for certbotFile in "${certbotFiles[@]}"; do
|
|
if [ -f "/etc/letsencrypt/live/${inputCertbotDomain}/$certbotFile" ]; then
|
|
echo -e "File: ${certbotFile} -- ${ok}OK${norm}"
|
|
else
|
|
echo -e "File: ${certbotFile} -- ${err}X${norm}"
|
|
certbotBadFile+=("${certbotFile}")
|
|
fi
|
|
done
|
|
if [ -z "${certbotBadFile}" ]; then
|
|
echo -e "${cyan}Certbot files seem intact${norm}\n"
|
|
CertbotDomain="${inputCertbotDomain}"
|
|
break
|
|
else
|
|
echo -e "\n${err}The following files are missing from ${inputCertbotDomain}:"
|
|
echo -e "${warn}${certbotBadFile[@]}${norm}"
|
|
echo -e "${err}These files are all required for proper SSL operation of NGINX using Certbot.${norm}\n"
|
|
while true; do
|
|
read -p "Do you want to use these settings anyways? " yn
|
|
case "${yn}" in
|
|
[Yy]*)
|
|
CertbotDomain="${inputCertbotDomain}"
|
|
break
|
|
;;
|
|
[Nn]*)
|
|
break
|
|
;;
|
|
*)
|
|
;;
|
|
esac
|
|
done
|
|
fi
|
|
if [ -n "${CertbotDomain}" ]; then
|
|
break
|
|
fi
|
|
fi
|
|
;;
|
|
esac
|
|
done
|
|
fi
|
|
|
|
# Generate paths from CertbotDomain
|
|
if [ "${useCertbot}" -eq 1 ]; then
|
|
CertPath="/etc/letsencrypt/live/${CertbotDomain}/fullchain.pem"
|
|
KeyPath="/etc/letsencrypt/live/${CertbotDomain}/privkey.pem"
|
|
CAChainPath="/etc/letsencrypt/live/${CertbotDomain}/chain.pem"
|
|
fi
|
|
|
|
# only process manual certificate paths if NOT using Certbot
|
|
if [ "${useCertbot}" -eq 0 ]; then
|
|
# not using Certbot: get location of certificate
|
|
while true; do
|
|
read -p "What is the path to your primary SSL certificate? " inputCertPath
|
|
case "${inputCertPath}" in
|
|
'')
|
|
echo -e "\n${err}You cannot have an empty path to your SSL certificate${norm}"
|
|
;;
|
|
[Xx]*)
|
|
echo -e "\n${cyan}---exiting---\n${norm}"
|
|
exit 1
|
|
;;
|
|
*)
|
|
# validate path
|
|
if [ -f "${inputCertPath}" ]; then
|
|
CertPath="${inputCertPath}"
|
|
break
|
|
else
|
|
echo -e "\n${warn}The file you specified doesn't exist${norm}"
|
|
while true; do
|
|
read -p "Do you want to use this path anyways? " yn
|
|
case $yn in
|
|
[Yy]*)
|
|
CertPath="${inputCertPath}"
|
|
break
|
|
;;
|
|
[Nn]*)
|
|
break
|
|
;;
|
|
*)
|
|
;;
|
|
esac
|
|
done
|
|
if [ -n "${CertPath}" ]; then
|
|
break
|
|
fi
|
|
fi
|
|
;;
|
|
esac
|
|
done
|
|
|
|
# not using Certbot: get location of private key
|
|
while true; do
|
|
read -p "What is the path to your primary SSL private key? " inputKeyPath
|
|
case "${inputKeyPath}" in
|
|
'')
|
|
echo -e "\n${err}You cannot have an empty path to your SSL private key${norm}"
|
|
;;
|
|
[Xx]*)
|
|
echo -e "\n${cyan}---exiting---\n${norm}"
|
|
exit 1
|
|
;;
|
|
*)
|
|
# validate path
|
|
if [ -f "${inputKeyPath}" ]; then
|
|
KeyPath="${inputKeyPath}"
|
|
break
|
|
else
|
|
echo -e "\n${warn}The file you specified doesn't exist${norm}"
|
|
while true; do
|
|
read -p "Do you want to use this path anyways? " yn
|
|
case $yn in
|
|
[Yy]*)
|
|
KeyPath="${inputKeyPath}"
|
|
break
|
|
;;
|
|
[Nn]*)
|
|
break
|
|
;;
|
|
*)
|
|
;;
|
|
esac
|
|
done
|
|
if [ -n "${KeyPath}" ]; then
|
|
break
|
|
fi
|
|
fi
|
|
;;
|
|
esac
|
|
done
|
|
|
|
# not using Certbot: get location of CA Certificate Chain
|
|
while true; do
|
|
read -p "What is the path to your primary SSL CA Chain certificate? " inputCAChainPath
|
|
case "${inputCAChainPath}" in
|
|
'')
|
|
echo -e "\n${err}You cannot have an empty path to your SSL CA Chain certificate${norm}"
|
|
;;
|
|
[Xx]*)
|
|
echo -e "\n${cyan}---exiting---\n${norm}"
|
|
exit 1
|
|
;;
|
|
*)
|
|
# validate path
|
|
if [ -f "${inputCAChainPath}" ]; then
|
|
CAChainPath="${inputCAChainPath}"
|
|
break
|
|
else
|
|
echo -e "\n${warn}The file you specified doesn't exist${norm}"
|
|
while true; do
|
|
read -p "Do you want to use this path anyways? " yn
|
|
case $yn in
|
|
[Yy]*)
|
|
CAChainPath="${inputCAChainPath}"
|
|
break
|
|
;;
|
|
[Nn]*)
|
|
break
|
|
;;
|
|
*)
|
|
;;
|
|
esac
|
|
done
|
|
if [ -n "${CAChainPath}" ]; then
|
|
break
|
|
fi
|
|
fi
|
|
;;
|
|
esac
|
|
done
|
|
fi
|
|
|
|
# dhparam: get location of DH Parameters file
|
|
while true; do
|
|
read -p "What is the path to your DH Parameters file? (default: /etc/ssl/certs/dhparam.pem) " inputDHPath
|
|
case "${inputDHPath}" in
|
|
'')
|
|
# verify default path exists
|
|
inputDHPath="/etc/ssl/certs/dhparam.pem"
|
|
if [ -f "${inputDHPath}" ]; then
|
|
DHPath="${inputDHPath}"
|
|
break
|
|
else
|
|
echo -e "\n${warn}The file you specified doesn't exist${norm}"
|
|
while true; do
|
|
read -p "Do you want to use this path anyways? " yn
|
|
case $yn in
|
|
[Yy]*)
|
|
DHPath="${inputDHPath}"
|
|
break
|
|
;;
|
|
[Nn]*)
|
|
break
|
|
;;
|
|
*)
|
|
;;
|
|
esac
|
|
done
|
|
if [ -n "${DHPath}" ]; then
|
|
break
|
|
fi
|
|
fi
|
|
;;
|
|
[Xx]*)
|
|
echo -e "\n${cyan}---exiting---\n${norm}"
|
|
exit 1
|
|
;;
|
|
*)
|
|
# validate path
|
|
if [ -f "${inputDHPath}" ]; then
|
|
DHPath="${inputDHPath}"
|
|
break
|
|
else
|
|
echo -e "\n${warn}The file you specified doesn't exist${norm}"
|
|
while true; do
|
|
read -p "Do you want to use this path anyways? " yn
|
|
case $yn in
|
|
[Yy]*)
|
|
DHPath="${inputDHPath}"
|
|
break
|
|
;;
|
|
[Nn]*)
|
|
break
|
|
;;
|
|
*)
|
|
;;
|
|
esac
|
|
done
|
|
if [ -n "${DHPath}" ]; then
|
|
break
|
|
fi
|
|
fi
|
|
;;
|
|
esac
|
|
done
|
|
|
|
|
|
# debug section
|
|
echo -e "\n${mag}---------------------${norm}"
|
|
echo "Local IP4: $IP4"
|
|
echo -e "${cyan}--------------------${norm}"
|
|
echo "Using Certbot: $useCertbot"
|
|
echo "CertbotDomain: $CertbotDomain"
|
|
echo -e "${cyan}--------------------${norm}"
|
|
echo "CertPath: $CertPath"
|
|
echo "KeyPath: $KeyPath"
|
|
echo "CA-Chain: $CAChainPath"
|
|
echo "DHPath: $DHPath"
|
|
echo -e "${cyan}--------------------${norm}"
|
|
echo "usePHP: $usePHP"
|
|
echo "PHP Version: $phpVersion"
|
|
echo -e "${mag}---------------------${norm}\n"
|
|
|
|
|
|
|
|
exit 0
|