Merging my work nginx configuration repo
This commit is contained in:
parent
bf955951c7
commit
899739eb65
4
web-manage/nginx/setup/README.md
Normal file
4
web-manage/nginx/setup/README.md
Normal file
@ -0,0 +1,4 @@
|
|||||||
|
nginx-contegix
|
||||||
|
==============
|
||||||
|
|
||||||
|
Developing the new Nginx Contegix Standards
|
102
web-manage/nginx/setup/new_nginx_vhost.sh
Executable file
102
web-manage/nginx/setup/new_nginx_vhost.sh
Executable file
@ -0,0 +1,102 @@
|
|||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
|
||||||
|
## Title: new_nginx_vhost.sh
|
||||||
|
## Description: Deploy a new nginx vhost in the "Contegix" way, covers SSL vhosts as well
|
||||||
|
## Authors: Bradley McCrorey (initial script, in 2012)
|
||||||
|
## Kevin Dreyer ( update of script, altered deployment method and provided more structure to the deployment, created custom templates for use by script )
|
||||||
|
## Matt Burchett ( nginx modifications )
|
||||||
|
## Version: 0.1
|
||||||
|
##
|
||||||
|
## Usage:
|
||||||
|
# export FQDN=www.domain.com USESSL=Y/N INTERFACE=eth0/eth1; svn cat --username=your.username --no-auth-cache https://jira.com/svn/NSAK/trunk/toolbox/common/bin/new_nginx_vhost.sh | bash
|
||||||
|
|
||||||
|
echo -e "FQDN: $FQDN"
|
||||||
|
echo -e "USESSL: $USESSL"
|
||||||
|
echo -e "NET: $INTERFACE\n"
|
||||||
|
|
||||||
|
|
||||||
|
# Check to see if they set FQDN, if not ask for user input
|
||||||
|
if [ -z "$FQDN" ]; then
|
||||||
|
echo -e "No FQDN variable set. Please enter the FQDN (e.g. www.example.com), followed by [ENTER]:"
|
||||||
|
read FQDN
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Check to see if they set SSL, if not ask for user input
|
||||||
|
if [ -z "$USESSL" ]; then
|
||||||
|
echo -e "No SSL variable set. Do you want an SSL enabled vhost? Please enter Y or N, followed by [ENTER]:"
|
||||||
|
read USESSL
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Check to see if they set an interface, if not ask for user input
|
||||||
|
if [ -z "$INTERFACE" ]; then
|
||||||
|
echo -e "No interface set. Please enter the interface name (e.g. eth0, eth1, eth1:3), followed by [ENTER]:"
|
||||||
|
read INTERFACE
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Strip the FQDN down to its basic parts
|
||||||
|
set -- $(echo $FQDN |awk -F\. '{print $1,$2,$3}')
|
||||||
|
HOST_NAME=$1
|
||||||
|
DOMAIN_NAME="$2.$3"
|
||||||
|
|
||||||
|
|
||||||
|
# Extract the IP address out of ifconfig.
|
||||||
|
IPADDR=$(ifconfig $INTERFACE | grep 'inet addr:'| grep -v '127.0.0.1' | cut -d: -f2 | awk '{ print $1}' |tr -d '\n')
|
||||||
|
|
||||||
|
# Just in case, create directory structure
|
||||||
|
mkdir -p /etc/nginx/vhosts.d/includes/
|
||||||
|
|
||||||
|
# Do the thang.
|
||||||
|
cd /etc/nginx/vhosts.d
|
||||||
|
|
||||||
|
# Configure port 80 loader
|
||||||
|
cat /etc/nginx/templates.d/vhosts.d/vhost-template.conf | \
|
||||||
|
sed "s/IP_ADDRESS/${IPADDR}/g;s/DOMAIN_NAME/${DOMAIN_NAME}/g;s/HOST_NAME/${HOST_NAME}/g" \
|
||||||
|
> /etc/nginx/vhosts.d/${HOST_NAME}.${DOMAIN_NAME}.conf
|
||||||
|
|
||||||
|
# Configure port 443 loader
|
||||||
|
cat /etc/nginx/templates.d/vhosts.d/vhost-template-ssl.conf | \
|
||||||
|
sed "s/IP_ADDRESS/${IPADDR}/g;s/DOMAIN_NAME/${DOMAIN_NAME}/g;s/HOST_NAME/${HOST_NAME}/g" \
|
||||||
|
> /etc/nginx/vhosts.d/${HOST_NAME}.${DOMAIN_NAME}-ssl.conf
|
||||||
|
|
||||||
|
# Configure Main vhost
|
||||||
|
cat /etc/nginx/templates.d/vhosts.d/includes/vhost-template.conf | \
|
||||||
|
sed "s/IP_ADDRESS/${IPADDR}/g;s/DOMAIN_NAME/${DOMAIN_NAME}/g;s/HOST_NAME/${HOST_NAME}/g" \
|
||||||
|
> /etc/nginx/vhosts.d/includes/${HOST_NAME}.${DOMAIN_NAME}.conf
|
||||||
|
|
||||||
|
|
||||||
|
# create the dir structure under /var/www
|
||||||
|
mkdir -p /var/www/domains/${DOMAIN_NAME}/${HOST_NAME}/{htdocs,logs,cgi-bin,ssl}
|
||||||
|
|
||||||
|
if [ "$USESSL" = "Y" ] || [ "$USESSL" = "y" ] || [ "$USESSL" = "yes" ] || [ "$USESSL" = "Yes" ] || [ "$USESSL" = "YES" ]; then
|
||||||
|
export USESSL="Y"
|
||||||
|
echo -e "**************WITHSSL****************** \n"
|
||||||
|
echo -e "The basic vhost is configured, you will still need to create/upload a SSL cert, then fix the appropriate lines in \n"
|
||||||
|
echo -e "/etc/nginx/vhosts.d/${HOST_NAME}.${DOMAIN_NAME}-ssl.conf \n "
|
||||||
|
echo -e "The nginx -t that will run in a moment will likely fail until this is completed.\n \n"
|
||||||
|
else
|
||||||
|
echo -e "--------------NOSSL------------------- \n"
|
||||||
|
echo -e "SSL will not be in use. Disabling the SSL config file.\n"
|
||||||
|
echo -e "The port 443 loader has been renamed to *.OFF, simply rename to *.conf and kick nginx to re-enable\n"
|
||||||
|
mv /etc/nginx/vhosts.d/${HOST_NAME}.${DOMAIN_NAME}-ssl.conf{,.OFF}
|
||||||
|
fi
|
||||||
|
|
||||||
|
|
||||||
|
# Notify user what is expected now
|
||||||
|
|
||||||
|
if [ "$USESSL" = "Y" ]; then
|
||||||
|
echo -e "**************WITHSSL****************** \n"
|
||||||
|
echo -e "Now we will test the nginx configuration as-is. If you are using SSL but don't have the SSL certs in place yet, \n"
|
||||||
|
echo -e "This test will likely fail citing that as the reason. You can solve that by creating/uploading the SSL certs to the proper spot\n"
|
||||||
|
echo -e "Then ensuring the ssl vhost config points to those certs, then finally you can run the command again to test the config. \n"
|
||||||
|
echo -e "/usr/sbin/nginx -t \n"
|
||||||
|
else
|
||||||
|
echo -e "--------------NOSSL-------------------- \n"
|
||||||
|
echo "Now we will test the nginx configuration as-is. Since you are not utilizing SSL, it should result with no errors.\n"
|
||||||
|
fi
|
||||||
|
|
||||||
|
# check the nginx config
|
||||||
|
/usr/sbin/nginx -t 2>&1 && echo -e "\n nginx config looks good. restart nginx when ready.\n"
|
||||||
|
|
||||||
|
|
||||||
|
## EOF
|
16
web-manage/nginx/setup/nginx/scripts/generate-ssl-cert.sh
Executable file
16
web-manage/nginx/setup/nginx/scripts/generate-ssl-cert.sh
Executable file
@ -0,0 +1,16 @@
|
|||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
if [[ $# -ne 1 ]]; then
|
||||||
|
echo "Usage: $0 host.domain"
|
||||||
|
echo "eg. $0 www.contegix.com"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
HOSTNAME=$1
|
||||||
|
SERIAL=`date +%Y%m%d%H%M`
|
||||||
|
|
||||||
|
umask 077
|
||||||
|
|
||||||
|
openssl genrsa -out $HOSTNAME.key 2048
|
||||||
|
openssl req -new -set_serial $SERIAL -key $HOSTNAME.key -out $HOSTNAME.csr
|
||||||
|
openssl x509 -set_serial $SERIAL -req -days 3650 -in $HOSTNAME.csr -signkey $HOSTNAME.key -out $HOSTNAME.self.crt
|
80
web-manage/nginx/setup/nginx/scripts/lock_wordpress_site.sh
Executable file
80
web-manage/nginx/setup/nginx/scripts/lock_wordpress_site.sh
Executable file
@ -0,0 +1,80 @@
|
|||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
## lock_wordpress_site.sh
|
||||||
|
##
|
||||||
|
## Usage: cd /var/www/domains/test.com/www/htdocs && ~/lock_wordpress_site.sh
|
||||||
|
##
|
||||||
|
## This locks a wordpress site by chowning everything to root:root and chowns wp-content apache:apache
|
||||||
|
## Notes:
|
||||||
|
## - make sure you are cd'd into the correct directory prior to running this script
|
||||||
|
## - this script will check for certain files that should be in place in the working directory
|
||||||
|
## else it will exit and not change anything
|
||||||
|
|
||||||
|
|
||||||
|
WORKINGDIR=$(pwd)
|
||||||
|
FILECHECK="wp-login.php"
|
||||||
|
BASEDIR=$(basename "$WORKINGDIR")
|
||||||
|
GROUPNAME="wp"
|
||||||
|
VHOSTNAME="/etc/httpd/vhosts.d/includes/HOST_NAME.DOMAIN_NAME.conf"
|
||||||
|
|
||||||
|
if [ -f wp-login.php ];
|
||||||
|
then
|
||||||
|
if [[ "$WORKINGDIR" =~ "/var/www/domains" && ( "$BASEDIR" == "htdocs" || "$BASEDIR" == "current" || "$BASEDIR" =~ "wordpress*" ) ]];
|
||||||
|
then
|
||||||
|
echo "$FILECHECK file exists, proceeding to lock permissions from apache"
|
||||||
|
chown -R root:"$GROUPNAME" .
|
||||||
|
chown -R apache:"$GROUPNAME" wp-content
|
||||||
|
chown -R root:"$GROUPNAME" wp-content/plugins
|
||||||
|
find . -type f -exec chmod 0664 {} \;
|
||||||
|
find . -type d -exec chmod 0775 {} \;
|
||||||
|
find . -name wp-config.php -exec chmod 0644 {} \;
|
||||||
|
find . -name readme.html -exec chmod 0400 {} \;
|
||||||
|
|
||||||
|
# Wordpress Plugin-specific Mods. Any specific permissions for plugins put in this portion
|
||||||
|
if [[ -d "$WORKINGDIR/wp-content/plugins/gallery-bank" ]];
|
||||||
|
then
|
||||||
|
chown -R apache:"$GROUPNAME" "$WORKINGDIR/wp-content/plugins/gallery-bank/lib/cache"
|
||||||
|
fi
|
||||||
|
if [[ -d "$WORKINGDIR/wp-content/plugins/wp-security-scan" ]];
|
||||||
|
then
|
||||||
|
echo -e "WP Security Scan Plugin Installed, Fixing Backups Perms\n"
|
||||||
|
chown -R apache:"$GROUPNAME" "$WORKINGDIR/wp-content/plugins/wp-security-scan/res/backups"
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Fix Apache vhost
|
||||||
|
echo -e "Lockdown of Permissions complete, moving on to fixing the apache vhost, re-applying protective rewrites\n"
|
||||||
|
sed -i 's/#Include/Include/g' $VHOSTNAME
|
||||||
|
|
||||||
|
echo -e "Changes made, Reloading Apache to read in the updated configuration\n"
|
||||||
|
service httpd reload
|
||||||
|
if [ $? == 0 ]; then
|
||||||
|
echo -e "Apache reload successful, Permissions are now fixed and locked down.\n"
|
||||||
|
logger -p user.info -t WORDPRESS "Permissions for Wordpress Site at $WORKINGDIR Fixed and Locked Back Down by $USER"
|
||||||
|
exit 0
|
||||||
|
else
|
||||||
|
apachectl -t
|
||||||
|
echo -e "\n Apache Reload FAILED. You may have to apply changes manually.\n"
|
||||||
|
logger -p user.info -t WORDPRESS "Permissions for Wordpress Site at $WORKINGDIR FAILED to Revert due ot Apache Reload Fail, by $USER"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
else
|
||||||
|
echo "###############################################################"
|
||||||
|
echo "# Directory check failed! #"
|
||||||
|
echo "###############################################################"
|
||||||
|
echo "Your base directory is not htdocs, current, or wordpress*"
|
||||||
|
echo "Or you're not in /var/www/domains/*"
|
||||||
|
echo -e "\n $WORKINGDIR \n"
|
||||||
|
echo "Are you sure you're in the correct directory?"
|
||||||
|
logger -p user.err -t WORDPRESS "Permissions for Wordpress Site at $WORKINGDIR FAILED to be Fixed by $USER, Perms still OPEN - Bad Current Directory"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
else
|
||||||
|
echo "###############################################################"
|
||||||
|
echo "# Directory check failed! #"
|
||||||
|
echo "###############################################################"
|
||||||
|
echo "The $FILECHECK file does not exist in the current working directory:"
|
||||||
|
echo -e "\n $WORKINGDIR \n"
|
||||||
|
echo "Are you sure you're in the correct directory?"
|
||||||
|
logger -p user.err -t WORDPRESS "Permissions for Wordpress Site at $WORKINGDIR FAILED to be Fixed by $USER, Perms still OPEN - Bad Current Directory, no $FILECHECK"
|
||||||
|
exit 1
|
||||||
|
fi
|
62
web-manage/nginx/setup/nginx/scripts/unlock_wordpress_site.sh
Executable file
62
web-manage/nginx/setup/nginx/scripts/unlock_wordpress_site.sh
Executable file
@ -0,0 +1,62 @@
|
|||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
## unlock_wordpress_site.sh
|
||||||
|
##
|
||||||
|
## Usage: cd /var/www/domains/test.com/www/htdocs && ~/unlock_wordpress_site.sh
|
||||||
|
##
|
||||||
|
## This unlocks a wordpress site by chowning everything to apache:apache
|
||||||
|
## Notes:
|
||||||
|
## - make sure you are cd'd into the correct directory prior to running this script
|
||||||
|
## - this script will check for certain files that should be in place in the working directory
|
||||||
|
## else it will exit and not change anything
|
||||||
|
|
||||||
|
|
||||||
|
WORKINGDIR=$(pwd)
|
||||||
|
FILECHECK="wp-login.php"
|
||||||
|
BASEDIR=$(basename "$WORKINGDIR")
|
||||||
|
GROUPNAME="wp"
|
||||||
|
VHOSTNAME="/etc/httpd/vhosts.d/includes/HOST_NAME.DOMAIN_NAME.conf"
|
||||||
|
|
||||||
|
if [ -f wp-login.php ];
|
||||||
|
then
|
||||||
|
if [[ "$WORKINGDIR" =~ "/var/www/domains" && ( "$BASEDIR" == "htdocs" || "$BASEDIR" == "current" || "$BASEDIR" =~ "wordpress*" ) ]];
|
||||||
|
then
|
||||||
|
echo "$FILECHECK file exists, proceeding to grant full permissions to apache"
|
||||||
|
chown -R apache."$GROUPNAME" .
|
||||||
|
find . -type f -exec chmod 0664 {} \;
|
||||||
|
find . -type d -exec chmod 0775 {} \;
|
||||||
|
|
||||||
|
sed -i 's/Include/#Include/g' $VHOSTNAME
|
||||||
|
echo -e "Changes made, Reloading Apache to read in the updated configuration\n"
|
||||||
|
service httpd reload
|
||||||
|
if [ $? == 0 ]; then
|
||||||
|
echo "Apache Reload Successful. The Instance is now insecure and ready for modification."
|
||||||
|
logger -p user.info -t WORDPRESS "Permissions for Wordpress Site at $WORKINGDIR Unlocked and Opened Up by $USER"
|
||||||
|
exit 0
|
||||||
|
else
|
||||||
|
echo "Apache Reload FAILED. You may have to apply changes manually."
|
||||||
|
logger -p user.info -t WORDPRESS "Permissions for Wordpress Site at $WORKINGDIR FAILED to Unlock and Open Due to Apache Reload Fail, by $USER"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
else
|
||||||
|
echo "###############################################################"
|
||||||
|
echo "# Directory check failed! #"
|
||||||
|
echo "###############################################################"
|
||||||
|
echo "Your base directory is not htdocs, current, or wordpress*"
|
||||||
|
echo "Or you're not in /var/www/domains/*"
|
||||||
|
echo -e "\nWorking Directory: $WORKINGDIR \n"
|
||||||
|
echo -e "\nBase Directory: $BASEDIR \n"
|
||||||
|
echo "Are you sure you're in the correct directory?"
|
||||||
|
logger -p user.err -t WORDPRESS "Permissions for Wordpress Site at $WORKINGDIR FAILED to be Removed by $USER - Bad Current Directory"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
else
|
||||||
|
echo "###############################################################"
|
||||||
|
echo "# Directory check failed! #"
|
||||||
|
echo "###############################################################"
|
||||||
|
echo "The $FILECHECK file does not exist in the current working directory:"
|
||||||
|
echo -e "\n $WORKINGDIR \n"
|
||||||
|
echo "Are you sure you're in the correct directory?"
|
||||||
|
logger -p user.err -t WORDPRESS "Permissions for Wordpress Site at $WORKINGDIR FAILED to be Removed by $USER - Bad Current Directory, no $FILECHECK"
|
||||||
|
exit 1
|
||||||
|
fi
|
456
web-manage/nginx/setup/nginx_setup.sh
Executable file
456
web-manage/nginx/setup/nginx_setup.sh
Executable file
@ -0,0 +1,456 @@
|
|||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
|
||||||
|
## Title: nginx_setup.sh
|
||||||
|
## Description: Deploy base nginx configurations
|
||||||
|
## Authors: Matt Burchett (2015-03-28)
|
||||||
|
## Version: 0.6
|
||||||
|
##
|
||||||
|
|
||||||
|
# I've placed all the installation in a function called "redhat" just in case this gets developed for compatiblity with another distribution.
|
||||||
|
function redhatlinux {
|
||||||
|
|
||||||
|
#checking if epel repo is installed and enabled
|
||||||
|
|
||||||
|
if [ -z "`yum repolist | grep epel`" ]; then
|
||||||
|
echo "EPEL repo not installed, would you like to install it now? (y/N)"
|
||||||
|
read epelinstall
|
||||||
|
if [ "$epelinstall" = "y" ]; then
|
||||||
|
cd /tmp
|
||||||
|
echo "Downloading epel package."
|
||||||
|
wget http://mirror.pnl.gov/epel/6/i386/epel-release-6-8.noarch.rpm
|
||||||
|
echo "Installing Package."
|
||||||
|
yum localinstall epel-release-6-8.noarch.rpm
|
||||||
|
cd
|
||||||
|
else
|
||||||
|
echo "EPEL has to be enabled to install and setup nginx. Exiting."
|
||||||
|
exit
|
||||||
|
fi
|
||||||
|
else
|
||||||
|
echo "EPEL repo enabled. All good!"
|
||||||
|
fi
|
||||||
|
|
||||||
|
echo
|
||||||
|
sleep 1
|
||||||
|
|
||||||
|
#checking if nginx is installed
|
||||||
|
|
||||||
|
if [ -z "`rpm -qi nginx | grep URL`" ]; then
|
||||||
|
echo "nginx is not installed. Would you like to install it now? (y/N)"
|
||||||
|
read nginxinstall
|
||||||
|
if [ "$nginxinstall" = "y" ]; then
|
||||||
|
echo "Okay, installing nginx."
|
||||||
|
yum install nginx php-fpm
|
||||||
|
echo "Nginx installed. Enabling services by default."
|
||||||
|
chkconfig nginx on
|
||||||
|
chkconfig php-fpm on
|
||||||
|
echo "Services enabled."
|
||||||
|
else
|
||||||
|
echo "Wrong answer given. Exiting."
|
||||||
|
exit
|
||||||
|
fi
|
||||||
|
else
|
||||||
|
echo "nginx is already installed, moving on."
|
||||||
|
fi
|
||||||
|
|
||||||
|
#start PHP-FPM configuration
|
||||||
|
|
||||||
|
echo "Starting php-fpm configuration..."
|
||||||
|
|
||||||
|
echo
|
||||||
|
|
||||||
|
# change how it listens
|
||||||
|
echo "Changing php-fpm to listen on socket (unix:/var/run/php5-fpm.sock)..."
|
||||||
|
|
||||||
|
sed -i 's,listen = 127.0.0.1:9000, listen = /var/run/php5-fpm.sock,g' /etc/php-fpm.d/www.conf
|
||||||
|
|
||||||
|
if [ "`cat /etc/php-fpm.d/www.conf | grep 'var/run/php5-fpm.sock'`" ]; then
|
||||||
|
echo "Change successfully made."
|
||||||
|
cat /etc/php-fpm.d/www.conf | grep 'var/run/php5-fpm.sock'
|
||||||
|
|
||||||
|
else
|
||||||
|
echo "Change not made. Please edit the file manually and change listen = 127.0.0.1:9000 to listen = /var/run/php5-fpm.sock."
|
||||||
|
fi
|
||||||
|
|
||||||
|
echo
|
||||||
|
sleep 1
|
||||||
|
|
||||||
|
# change who it listens as
|
||||||
|
echo "Changing listen.owner to = apache..."
|
||||||
|
|
||||||
|
sed -i 's:;listen.owner = nobody:listen.owner = apache:g' /etc/php-fpm.d/www.conf
|
||||||
|
|
||||||
|
if [ "`cat /etc/php-fpm.d/www.conf | grep 'listen.owner = apache'`" ]; then
|
||||||
|
echo "Change successfully made."
|
||||||
|
cat /etc/php-fpm.d/www.conf | grep 'listen.owner = apache'
|
||||||
|
|
||||||
|
else
|
||||||
|
echo "Change not made. Please edit the file manually and uncomment listen.owner and set it's ownership to apache."
|
||||||
|
fi
|
||||||
|
|
||||||
|
echo
|
||||||
|
sleep 1
|
||||||
|
|
||||||
|
# group too
|
||||||
|
echo "Changing listen.group to = apache..."
|
||||||
|
|
||||||
|
sed -i 's:;listen.group = nobody:listen.group = apache:g' /etc/php-fpm.d/www.conf
|
||||||
|
|
||||||
|
if [ "`cat /etc/php-fpm.d/www.conf | grep 'listen.group = apache'`" ]; then
|
||||||
|
echo "Change successfully made."
|
||||||
|
cat /etc/php-fpm.d/www.conf | grep 'listen.group = apache'
|
||||||
|
|
||||||
|
else
|
||||||
|
echo "Change not made. Please edit the file manually and uncomment listen.group and set it's ownership to apache."
|
||||||
|
fi
|
||||||
|
|
||||||
|
echo
|
||||||
|
sleep 1
|
||||||
|
|
||||||
|
echo "Configuration of php-fpm complete."
|
||||||
|
#end php-fpm configuration
|
||||||
|
}
|
||||||
|
|
||||||
|
function tuning {
|
||||||
|
|
||||||
|
echo "Creating $FILE ..."
|
||||||
|
|
||||||
|
cat << EOF > $FILE
|
||||||
|
server_names_hash_bucket_size 64;
|
||||||
|
EOF
|
||||||
|
|
||||||
|
if [ -f $FILE ]; then
|
||||||
|
echo "$FILE created."
|
||||||
|
else
|
||||||
|
echo "Creation of $FILE failed, please create manually."
|
||||||
|
fi
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
function vhosts {
|
||||||
|
|
||||||
|
echo "Creating $FILE ..."
|
||||||
|
|
||||||
|
cat << EOF > $FILE
|
||||||
|
include /etc/nginx/vhosts.d/*.conf;
|
||||||
|
EOF
|
||||||
|
|
||||||
|
if [ -f $FILE ]; then
|
||||||
|
echo "$FILE created."
|
||||||
|
else
|
||||||
|
echo "Creation of $FILE failed, please create manually."
|
||||||
|
fi
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
function restrictions {
|
||||||
|
|
||||||
|
echo "Creating $FILE..."
|
||||||
|
|
||||||
|
cat << EOF > $FILE
|
||||||
|
location = /favicon.ico {
|
||||||
|
log_not_found off;
|
||||||
|
access_log off;
|
||||||
|
}
|
||||||
|
location = /robots.txt {
|
||||||
|
allow all;
|
||||||
|
log_not_found off;
|
||||||
|
access_log off;
|
||||||
|
}
|
||||||
|
location ~ /\. {
|
||||||
|
deny all;
|
||||||
|
}
|
||||||
|
location ~* /(?:uploads|files)/.*\.php$ {
|
||||||
|
|
||||||
|
deny all;
|
||||||
|
}
|
||||||
|
EOF
|
||||||
|
|
||||||
|
if [ -f $FILE ];then
|
||||||
|
echo "$FILE created."
|
||||||
|
else
|
||||||
|
echo "Creation of $FILE failed, please create manually."
|
||||||
|
fi
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
function wordpress {
|
||||||
|
|
||||||
|
echo "Creating $FILE..."
|
||||||
|
|
||||||
|
cat << EOF > $FILE
|
||||||
|
# Add trailing slash to */wp-admin requests.
|
||||||
|
|
||||||
|
rewrite /wp-admin\$ \$scheme://\$host\$uri/ permanent;
|
||||||
|
|
||||||
|
location ~* ^.+\.(ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|rss|atom|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf)\$ {
|
||||||
|
|
||||||
|
access_log off; log_not_found off; expires max;
|
||||||
|
|
||||||
|
}
|
||||||
|
EOF
|
||||||
|
|
||||||
|
if [ -f $FILE ];then
|
||||||
|
echo "$FILE created."
|
||||||
|
else
|
||||||
|
echo "Creation of $FILE failed, please create manually."
|
||||||
|
fi
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
#end functions
|
||||||
|
|
||||||
|
#this bit is bad, but valid for now to make sure we don't screw up another OS
|
||||||
|
if [ -f "/etc/redhat-release" ]; then
|
||||||
|
echo "RedHat (or variant) detected. Installing..."
|
||||||
|
redhatlinux
|
||||||
|
else
|
||||||
|
echo "Unsupported operating system, exiting..."
|
||||||
|
# exit
|
||||||
|
fi
|
||||||
|
|
||||||
|
echo
|
||||||
|
sleep 1
|
||||||
|
|
||||||
|
echo "Copying configuration files in place..."
|
||||||
|
|
||||||
|
#make the directories needed
|
||||||
|
mkdir -p /etc/nginx/{conf.d,vhosts.d/includes,templates.d/conf.d,templates.d/vhosts.d/includes}
|
||||||
|
|
||||||
|
echo
|
||||||
|
|
||||||
|
#create the tuning.conf and creating templates
|
||||||
|
|
||||||
|
if [ -f /etc/nginx/conf.d/tuning.conf ]; then
|
||||||
|
echo "Previous tuning.conf detected, not overwriting. Updating template..."
|
||||||
|
FILE=/etc/nginx/templates.d/conf.d/tuning.conf
|
||||||
|
tuning
|
||||||
|
else
|
||||||
|
echo "No previous tuning.conf detected, creating and making template..."
|
||||||
|
|
||||||
|
#/etc/nginx/conf.d/tuning.conf
|
||||||
|
FILE=/etc/nginx/conf.d/tuning.conf
|
||||||
|
tuning
|
||||||
|
|
||||||
|
#/etc/nginx/templates.d/conf.d/tuning.conf
|
||||||
|
FILE=/etc/nginx/templates.d/conf.d/tuning.conf
|
||||||
|
tuning
|
||||||
|
fi
|
||||||
|
|
||||||
|
echo
|
||||||
|
sleep 1
|
||||||
|
|
||||||
|
#create the vhost conf and creating templates
|
||||||
|
|
||||||
|
if [ -f /etc/nginx/conf.d/vhosts.conf ]; then
|
||||||
|
echo "Previous vhosts.conf detected, not overwriting. Updating template..."
|
||||||
|
FILE=/etc/nginx/templates.d/conf.d/vhosts.conf
|
||||||
|
vhosts
|
||||||
|
else
|
||||||
|
echo "No previous vhosts.conf detected, creating and making template..."
|
||||||
|
|
||||||
|
#/etc/nginx/conf.d/vhosts.conf
|
||||||
|
FILE=/etc/nginx/conf.d/vhosts.conf
|
||||||
|
vhosts
|
||||||
|
|
||||||
|
#/etc/nginx/templates.d/conf.d/vhosts.conf
|
||||||
|
FILE=/etc/nginx/templates.d/conf.d/vhosts.conf
|
||||||
|
vhosts
|
||||||
|
fi
|
||||||
|
|
||||||
|
echo
|
||||||
|
sleep 1
|
||||||
|
|
||||||
|
# create includes/restrictions.conf and creating templates
|
||||||
|
|
||||||
|
if [ -f /etc/nginx/vhosts.d/includes/restrictions.conf ]; then
|
||||||
|
echo "Previous restrictions detected, not overwriting. Updating template..."
|
||||||
|
FILE=/etc/nginx/templates.d/vhosts.d/includes/restrictions.conf
|
||||||
|
restrictions
|
||||||
|
else
|
||||||
|
echo "No previous restrictions.conf detected, creating and making template..."
|
||||||
|
|
||||||
|
#/etc/nginx/vhosts.d/includes/restrictions.conf
|
||||||
|
FILE=/etc/nginx/vhosts.d/includes/restrictions.conf
|
||||||
|
restrictions
|
||||||
|
|
||||||
|
#/etc/nginx/templates.d/vhosts.d/includes/restrictions.conf
|
||||||
|
FILE=/etc/nginx/templates.d/vhosts.d/includes/restrictions.conf
|
||||||
|
restrictions
|
||||||
|
fi
|
||||||
|
|
||||||
|
echo
|
||||||
|
sleep 1
|
||||||
|
|
||||||
|
# create includes/wordpress.conf and creating templates
|
||||||
|
if [ -f /etc/nginx/vhosts.d/includes/wordpress.conf ]; then
|
||||||
|
echo "Previous wordpress.conf detected, not overwriting. Updating template..."
|
||||||
|
FILE=/etc/nginx/templates.d/vhosts.d/includes/wordpress.conf
|
||||||
|
wordpress
|
||||||
|
else
|
||||||
|
echo "No previous wordpress.conf detected, creating and making template..."
|
||||||
|
|
||||||
|
#/etc/nginx/vhosts.d/includes/wordpress.conf
|
||||||
|
FILE=/etc/nginx/vhosts.d/includes/wordpress.conf
|
||||||
|
wordpress
|
||||||
|
|
||||||
|
#/etc/nginx/templates.d/vhosts.d/includes/wordpress.conf
|
||||||
|
FILE=/etc/nginx/templates.d/vhosts.d/includes/wordpress.conf
|
||||||
|
wordpress
|
||||||
|
fi
|
||||||
|
|
||||||
|
echo
|
||||||
|
sleep 1
|
||||||
|
|
||||||
|
#start creation of the vhost templates
|
||||||
|
echo "Configuration of nginx complete. Creating template files..."
|
||||||
|
|
||||||
|
echo
|
||||||
|
sleep 1
|
||||||
|
|
||||||
|
#main vhost template (not include)
|
||||||
|
echo "Creating vhost-template.conf..."
|
||||||
|
|
||||||
|
cat << EOF > /etc/nginx/templates.d/vhosts.d/vhost-template.conf
|
||||||
|
server {
|
||||||
|
listen 80;
|
||||||
|
server_name HOST_NAME.DOMAIN_NAME;
|
||||||
|
|
||||||
|
#To enable HTTPS, uncomment this line.
|
||||||
|
#rewrite ^(.*) https://\$server_name\$1 permanent;
|
||||||
|
|
||||||
|
include /etc/nginx/vhosts.d/includes/HOST_NAME.DOMAIN_NAME.conf;
|
||||||
|
|
||||||
|
}
|
||||||
|
EOF
|
||||||
|
|
||||||
|
if [ -f /etc/nginx/templates.d/vhosts.d/vhost-template.conf ];then
|
||||||
|
echo "vhost-template.conf created."
|
||||||
|
else
|
||||||
|
echo "Creation of vhost-template.conf failed, please create manually."
|
||||||
|
fi
|
||||||
|
|
||||||
|
echo
|
||||||
|
sleep 1
|
||||||
|
|
||||||
|
#ssl vhost template (not include)
|
||||||
|
echo "Creating vhost-template-ssl.conf..."
|
||||||
|
|
||||||
|
cat << EOF > /etc/nginx/templates.d/vhosts.d/vhost-template-ssl.conf
|
||||||
|
server {
|
||||||
|
listen 443 ssl;
|
||||||
|
server_name HOST_NAME.DOMAIN_NAME;
|
||||||
|
|
||||||
|
ssl on;
|
||||||
|
ssl_certificate /var/www/domains/DOMAIN_NAME/HOST_NAME/ssl/HOST_NAME.DOMAIN_NAME.crt;
|
||||||
|
ssl_certificate_key /var/www/domains/DOMAIN_NAME/HOST_NAME/ssl/HOST_NAME.DOMAIN_NAME.key;
|
||||||
|
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
|
||||||
|
ssl_prefer_server_ciphers on;
|
||||||
|
ssl_ciphers "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";
|
||||||
|
|
||||||
|
include /etc/nginx/vhosts.d/includes/HOST_NAME.DOMAIN_NAME.conf;
|
||||||
|
}
|
||||||
|
EOF
|
||||||
|
|
||||||
|
if [ -f /etc/nginx/templates.d/vhosts.d/vhost-template-ssl.conf ];then
|
||||||
|
echo "vhost-template-ssl.conf created."
|
||||||
|
else
|
||||||
|
echo "Creation of vhost-template-ssl.conf failed, please create manually."
|
||||||
|
fi
|
||||||
|
echo
|
||||||
|
sleep 1
|
||||||
|
|
||||||
|
#main vhost template (include) (SSL too)
|
||||||
|
echo "Creating includes/vhost-template.conf..."
|
||||||
|
|
||||||
|
cat << EOF > /etc/nginx/templates.d/vhosts.d/includes/vhost-template.conf
|
||||||
|
root /var/www/domains/DOMAIN_NAME/HOST_NAME/htdocs;
|
||||||
|
index index.html index.htm index.php;
|
||||||
|
access_log /var/www/domains/DOMAIN_NAME/HOST_NAME/logs/access_log;
|
||||||
|
error_log /var/www/domains/DOMAIN_NAME/HOST_NAME/logs/error_log;
|
||||||
|
|
||||||
|
#custom maintenance message
|
||||||
|
location @sorry502 {
|
||||||
|
return 502 "This site is currently undergoing maintenance. We apologize for the inconvenience.";
|
||||||
|
}
|
||||||
|
|
||||||
|
location @sorry503 {
|
||||||
|
return 503 "This site is currently undergoing maintenance. We apologize for the inconvenience.";
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
error_page 500 504 /50x.html;
|
||||||
|
error_page 502 @sorry502;
|
||||||
|
error_page 503 @sorry503;
|
||||||
|
|
||||||
|
location = /50x.html {
|
||||||
|
root /usr/share/nginx/html;
|
||||||
|
}
|
||||||
|
|
||||||
|
include /etc/nginx/vhosts.d/includes/restrictions.conf;
|
||||||
|
#If this is a Wordpress vhost, uncomment this line
|
||||||
|
#include /etc/nginx/vhosts.d/includes/wordpress.conf;
|
||||||
|
|
||||||
|
|
||||||
|
location ~ \.php$ {
|
||||||
|
try_files \$uri =404;
|
||||||
|
fastcgi_pass unix:/var/run/php5-fpm.sock;
|
||||||
|
fastcgi_index index.php;
|
||||||
|
fastcgi_param SCRIPT_FILENAME \$document_root\$fastcgi_script_name;
|
||||||
|
include fastcgi_params;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
# These are placeholders until I figure out how to make them work specifically.
|
||||||
|
# ScriptAlias /cgi-bin "/var/www/domains/DOMAIN_NAME/HOST_NAME/cgi-bin"
|
||||||
|
|
||||||
|
# <Directory "/var/www/domains/DOMAIN_NAME/HOST_NAME/cgi-bin">
|
||||||
|
# AllowOverride None
|
||||||
|
# Options None
|
||||||
|
# Order allow,deny
|
||||||
|
# Allow from all
|
||||||
|
# </Directory>
|
||||||
|
|
||||||
|
|
||||||
|
## If you will be installing any j2ee apps, e.g. Atlassian Jira, Confluence, Crowd, Fisheye, Bamboo, Stash, etc. you will need
|
||||||
|
## To uncomment the following Proxy* Lines and change appropriately.
|
||||||
|
## If this is a plain vhost, say for wordpress, you can leave them commented out.
|
||||||
|
## Currently, nginx does not have support out-of-the-box for AJP connectors, nginx would have to be custom compiled for support.
|
||||||
|
## HTTP connectors MUST be used.
|
||||||
|
|
||||||
|
# location / {
|
||||||
|
# proxy_read_timeout 300;
|
||||||
|
# proxy_connect_timeout 300;
|
||||||
|
# proxy_redirect off;
|
||||||
|
|
||||||
|
# proxy_set_header X-Forwarded-Proto \$scheme;
|
||||||
|
# proxy_set_header Host \$http_host;
|
||||||
|
# proxy_set_header X-Real-IP \$remote_addr;
|
||||||
|
|
||||||
|
# proxy_pass http://j2ee.HOST_NAME.DOMAIN_NAME:8009;
|
||||||
|
# }
|
||||||
|
|
||||||
|
|
||||||
|
EOF
|
||||||
|
|
||||||
|
if [ -f /etc/nginx/templates.d/vhosts.d/includes/vhost-template.conf ];then
|
||||||
|
echo "includes/vhost-template.conf created."
|
||||||
|
else
|
||||||
|
echo "Creation of includes/vhost-template.conf failed, please create manually."
|
||||||
|
fi
|
||||||
|
|
||||||
|
echo
|
||||||
|
|
||||||
|
sleep 1
|
||||||
|
|
||||||
|
#Check for problems.
|
||||||
|
echo "Checking nginx for errors."
|
||||||
|
nginx -t
|
||||||
|
|
||||||
|
echo "nginx configuration complete."
|
||||||
|
|
||||||
|
echo
|
||||||
|
|
||||||
|
#exit
|
||||||
|
echo "Complete."
|
||||||
|
exit
|
Loading…
Reference in New Issue
Block a user