-
-
Notifications
You must be signed in to change notification settings - Fork 9
/
Copy pathnew
executable file
·82 lines (70 loc) · 2.08 KB
/
new
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
#!/bin/bash
domain=$1
# Check if args passed
if [ -z "$1" ]
then
# Ask for domain name
echo "Domain name:"
read domain
fi
echo "Location to files (default current directory):"
echo "Please note that the location must be readable by the nginx user."
echo "For best results use a directory in /var/www"
read location
# if location is empty, use current directory
if [ -z "$location" ]
then
location=$PWD
fi
# Install nginx
sudo apt update
sudo apt install nginx -y
# Setup NGINX config
printf "server {
listen 80;
listen [::]:80;
root $location;
index index.html;
server_name $domain *.$domain;
location / {
try_files \$uri \$uri/ @htmlext;
}
location ~ \.html$ {
try_files \$uri =404;
}
location @htmlext {
rewrite ^(.*)$ \$1.html last;
}
error_page 404 /404.html;
location = /404.html {
internal;
}
location = /.well-known/wallets/HNS {
add_header Cache-Control 'must-revalidate';
add_header Content-Type text/plain;
}
listen 443 ssl;
ssl_certificate /etc/ssl/$domain.crt;
ssl_certificate_key /etc/ssl/$domain.key;
}
" > /etc/nginx/sites-available/$domain
sudo ln -s /etc/nginx/sites-available/$domain /etc/nginx/sites-enabled/$domain
#generate ssl certificate
openssl req -x509 -newkey rsa:4096 -sha256 -days 365 -nodes \
-keyout cert.key -out cert.crt -extensions ext -config \
<(echo "[req]";
echo distinguished_name=req;
echo "[ext]";
echo "keyUsage=critical,digitalSignature,keyEncipherment";
echo "extendedKeyUsage=serverAuth";
echo "basicConstraints=critical,CA:FALSE";
echo "subjectAltName=DNS:$domain,DNS:*.$domain";
) -subj "/CN=*.$domain"
# Print TLSA record and store in file in case of lost output
echo "Add this TLSA Record to your DNS:"
echo -n "3 1 1 " && openssl x509 -in cert.crt -pubkey -noout | openssl pkey -pubin -outform der | openssl dgst -sha256 -binary | xxd -p -u -c 32
sudo mv cert.key /etc/ssl/$domain.key
sudo mv cert.crt /etc/ssl/$domain.crt
# Restart to apply config file
sudo chmod a+rx $location
sudo systemctl restart nginx