-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathscript.sh
executable file
·200 lines (167 loc) · 5.24 KB
/
script.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
#!/bin/bash
#
# ___ _ _____ _____ _
# / _ \ | | / ___/ ___| |
# / /_\ \_ _| |_ ___ \ `--.\ `--.| | __ __
# | _ | | | | __/ _ \ `--. \`--. \ | \ \/ /
# | | | | |_| | || (_) /\__/ /\__/ / |____ > <
# \_| |_/\__,_|\__\___/\____/\____/\_____/ /_/\_\
#
# Description:
# A script to automate the setup of NGINX reverse proxy and SSL certificate (Certbot)
# for a service running on a local port.
#
#
# Usage: ./script.sh <email> <domain> <service_port>
# Example: ./script.sh johndoe@example.com sub.example.com 3000
#
#
# ----
# CONSTANTS
# ----
# The path to the nginx server block
nginx_dir="/etc/nginx/conf.d/default.conf"
# Color codes for the output
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[0;33m'
NC='\033[0m' # No Color
# ----
# MAIN FLOW
# ----
# Condition:
# Checking if all the required arguments are provided
# If not, the script will output help and then exit.
if [ $# -ne 3 ]; then
echo "Arguments Usage:"
echo -e "\t <email> <domain> <service_port>"
echo -e "\n<email> \t\t Your email address for the SSL certificate (required)"
echo -e "<domain> \t\t Your domain name for the SSL certificate (required)"
echo -e "<service_port> \t The port on which your service is running (required)"
exit 1
fi
email=$1
domain=$2
service_port=$3
echo -e "\nChosen email: $email"
echo "Chosen domain for SSL and mapping service: $domain"
echo "Your service is running on local port localhost:$service_port"
echo -e "\n${YELLOW}Do you want to continue? (y/n) ${NC}"
read answer
# Condition:
# Exits the script if the user does not want to continue
# by checking the first character of the answer
if [ "$answer" == "${answer#[Yy]}" ] ; then
echo -e "${RED}Exiting ...${NC}"
exit 1
fi
# Updating the system
echo -e "\nUpdating the system ..."
dnf update -y
echo -e "\n${GREEN}System updated.${NC}"
# Cleaning up previous residual files
# and removing the existing nginx installation
echo -e "\nCleaning up previous residual files ..."
rm -rf "$nginx_dir"
dnf remove nginx -y
# Installing nginx
echo -e "\nInstalling NGINX ..."
dnf install nginx -y
# Condition:
# Checking if nginx is installed correctly
if dnf list installed nginx > /dev/null 2>&1; then
echo -e "${GREEN}NGINX installed."
else
echo -e "${RED}Err: NGINX not installed."
echo "Try re-running the script."
exit 1
fi
echo -e "${NC}"
# Starting nginx service
systemctl start nginx
# Condition:
# Checking if nginx is running
if systemctl is-active --quiet nginx; then
echo -e "${GREEN}NGINX is running."
else
echo -e "${RED}Err: Could not start NGINX, the process is not running."
exit 1
fi
echo -e "${NC}"
# Enabling nginx to start on boot
systemctl enable nginx
# ----
# SERVER BLOCK CONFIGURATION
# ----
# Writing the input args to server-block
server_block="server {
listen 80;
# your domain name
server_name $domain;
location / {
# The local port your application listens/running on
proxy_pass http://127.0.0.1:$service_port;
# Default HTTP headers
proxy_set_header Host \$host;
proxy_set_header X-Real-IP \$remote_addr;
proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto \$scheme;
# Add custom headers here to forward to your service
# ---
}
}"
# Write the server block
# to /etc/nginx/conf.d/default.conf
printf "%s" "$server_block" > "$nginx_dir"
echo -e "${GREEN}Local server block setup and moved to $nginx_dir ${NC}"
# Restarting nginx
systemctl restart nginx
echo "Restarted NGINX."
# Condition:
# Check if nginx is running
if systemctl is-active --quiet nginx; then
echo "NGINX is running."
else
echo -e "${RED}Err: Could not start NGINX, the process is not running.${NC}"
exit 1
fi
# Installing python3 and augeas-libs with dnf
# for later installing certbot with pip
# Multiple packages to install
packages=("python3" "augeas-libs")
for package in "${packages[@]}"; do
dnf install "$package" -y
# Condition:
# Checking if the package is installed
if dnf list installed "$package" > /dev/null 2>&1; then
echo -e "${GREEN}$package is installed."
else
echo -e "${RED}Err: $package is not installed."
exit 1
fi
echo -e "${NC}"
done
# Removing existing certbot installation
dnf remove certbot -y
# Installing certbot with a virtual environment
python3 -m venv /opt/certbot/
/opt/certbot/bin/pip install --upgrade pip
# Multiple packages to install with pip
packages=("certbot" "certbot-nginx")
for package in "${packages[@]}"; do
/opt/certbot/bin/pip install "$package"
# Condition:
# Checking if the package is installed
if /opt/certbot/bin/pip show "$package" > /dev/null 2>&1; then
echo -e "${GREEN}$package is installed."
else
echo -e "${RED}$package is not installed."
fi
echo -e "${NC}"
done
# Creating a symbolic link to the certbot binary
# to make it accessible globally (in PATH)
ln -s /opt/certbot/bin/certbot /usr/bin/certbot
# Running certbot to get the certificate
echo -e "${YELLOW}Running certbot to get the certificate ...${NC}"
certbot --nginx --non-interactive --agree-tos --email $email -d $domain