From: Ian Kelling Date: Thu, 30 Mar 2017 23:51:01 +0000 (-0700) Subject: make nginx script have roughly parity X-Git-Url: https://iankelling.org/git/?a=commitdiff_plain;h=17878ab5996f12d3f9d1ce602954bb2fbf357849;p=basic-https-conf make nginx script have roughly parity --- diff --git a/apache-site b/apache-site index f537369..9a22d2a 100755 --- a/apache-site +++ b/apache-site @@ -26,10 +26,10 @@ ssl config provided by let's encrypt and my standard location for storing certs. EXTRA_SETTINGS_FILE can be - for stdin --p PORT --i Insecure, no ssl -c CERT_DIR In priority: this arg, $ACME_TINY_WRAPPER_CERT_DIR, $HOME/webservercerts, if the other options aren't set. +-i Insecure, no ssl +-p PORT Main port to listen on, default 443 -r DocumentRoot -h|--help Print help and exit @@ -62,9 +62,9 @@ while true; do done if (( ${#@} == 2 )); then - read extra_settings h <<<"${@}" + read -r extra_settings h <<<"${@}" else - read h <<<"${@}" + read -r h <<<"${@}" fi if [[ ! $h ]]; then diff --git a/nginx-site b/nginx-site index e2c046f..5e555c7 100755 --- a/nginx-site +++ b/nginx-site @@ -1,4 +1,4 @@ -#!/bin/bash -l +#!/bin/bash # Copyright (C) 2016 Ian Kelling # Licensed under the Apache License, Version 2.0 (the "License"); @@ -13,6 +13,8 @@ # See the License for the specific language governing permissions and # limitations under the License. +[[ $EUID == 0 ]] || exec sudo -E "$BASH_SOURCE" "$@" + set -eE -o pipefail trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR @@ -27,33 +29,47 @@ ssl config provided by let's encrypt and my standard location for storing certs. EXTRA_SETTINGS_FILE can be - for stdin --p PORT Proxy to PORT --h|--help Print help and exit +-c CERT_DIR In priority: this arg, $ACME_TINY_WRAPPER_CERT_DIR, + $HOME/webservercerts, if the other options aren't set. +-p PORT Port to listen on, default 443 +-f PORT Enable proxy to PORT on localhost +-r DocumentRoot +-h|--help Print help and exit TODO: add https redir site. + +Note: Uses GNU getopt options parsing style EOF exit $1 } ##### begin command line parsing ######## +cert_dir="$ACME_TINY_WRAPPER_CERT_DIR" +if [[ ! $cert_dir ]]; then + cert_dir=$HOME/webservercerts +fi +port=443 proxy_port= extra_settings= -args=() -while [[ $1 ]]; do +temp=$(getopt -l help: c:f:p:r:h "$@") || usage 1 +eval set -- "$temp" +while true; do case $1 in - -p) proxy_port="$2"; shift 2 ;; + -c) cert_dir="$2"; shift 2 ;; + -p) port="$2"; shift 2 ;; + -f) proxy_port="$2"; shift 2 ;; + -r) root="$2"; shift 2 ;; --) shift; break ;; - -?*|-h|--help) usage ;; - *) args+=("$1"); shift ;; + -h|--help) usage ;; + *) echo "$0: Internal error!" ; exit 1 ;; esac done -args+=("$@") -if (( ${#args[@]} == 2 )); then - read extra_settings h <<<"${args[@]}" +if (( ${#@} == 2 )); then + read -r extra_settings h <<<"${@}" else - read h <<<"${args[@]}" + read -r h <<<"${@}" fi if [[ ! $h ]]; then @@ -61,29 +77,38 @@ if [[ ! $h ]]; then usage 1 fi +if [[ ! $root ]]; then + root=/var/www/$h/html +fi + ##### end command line parsing ######## sudo rm -f /etc/nginx/sites-enabled/default -cdir=/p/c/machine_specific/$HOSTNAME/webservercerts +if nginx -V |& grep -- '--with-http_v2_module\b' &>/dev/null; then + http2_arg=http2 +fi + sudo dd of=/etc/nginx/sites-enabled/$h.conf <; EOF if [[ $extra_settings ]]; then @@ -115,10 +144,11 @@ if [[ $proxy_port ]]; then proxy_set_header X-Real-IP \$remote_addr; proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Ssl on; - proxy_set_header X-Forwarded-Port 443; + proxy_set_header X-Forwarded-Port $port; proxy_pass http://127.0.0.1:$proxy_port; } EOF +fi sudo tee -a /etc/nginx/sites-enabled/$h.conf <