-
Notifications
You must be signed in to change notification settings - Fork 19
/
Copy path4-nginx.sh
85 lines (70 loc) · 2.58 KB
/
4-nginx.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
#!/bin/bash
# Check if running as root
if [ "$(id -u)" != "0" ]; then
echo "This script must be run as root" >&2
exit 1
fi
# Install necessary packages
echo "Installing Nginx and Certbot for SSL..."
apt-get update -qq
apt-get install -y nginx certbot python3-certbot-nginx snapd
# Ask user for the server name
read -p "Enter the server name (subdomain): " SERVER_NAME
# Prompt the user for their email address for Let's Encrypt
read -p "Enter your email address for Let's Encrypt notifications: " LETSENCRYPT_EMAIL
# Update firewall rules as requested
echo "Updating firewall rules..."
ufw allow 3000/tcp
ufw allow 6379/tcp
ufw allow 5432/tcp
ufw allow 8080/tcp
ufw allow 10000/tcp
ufw allow 'Nginx Full'
ufw allow OpenSSH
ufw --force enable
# Obtain SSL certificates from Let's Encrypt
echo "Obtaining SSL certificates from Let's Encrypt for $SERVER_NAME using email $LETSENCRYPT_EMAIL..."
certbot --nginx -d $SERVER_NAME --non-interactive --agree-tos --email $LETSENCRYPT_EMAIL --redirect
# Check if the SSL certificate was successfully obtained and nginx config was adjusted
if [ $? -ne 0 ]; then
echo "Failed to obtain SSL certificate."
exit 1
fi
# Create Nginx configuration for your application
CONFIG_PATH="/etc/nginx/sites-available/$SERVER_NAME"
ln -s $CONFIG_PATH /etc/nginx/sites-enabled/
# Update the Nginx configuration
echo "Configuring Nginx to serve your application over SSL..."
cat > $CONFIG_PATH <<EOF
server {
listen 443 ssl;
server_name $SERVER_NAME;
ssl_certificate /etc/letsencrypt/live/$SERVER_NAME/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/$SERVER_NAME/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
location / {
proxy_pass http://127.0.0.1:8080;
proxy_http_version 1.1;
proxy_set_header Upgrade \$http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host \$host;
proxy_set_header X-Real-IP \$remote_addr;
proxy_set_header X-Forwarded-Proto \$scheme;
proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
proxy_cache_bypass \$http_upgrade;
}
}
EOF
# Check for syntax errors and restart Nginx
echo "Checking Nginx configuration for syntax errors..."
sudo rm /etc/nginx/sites-enabled/default
sudo systemctl reload nginx
nginx -t && systemctl restart nginx
if [ $? -ne 0 ]; then
echo "Nginx configuration error. Check your configuration!"
exit 1
else
echo "Nginx is configured and restarted successfully."
fi
echo "Installation and configuration completed successfully."