usage() {
cat <<EOF
-Usage: ${0##*/} [EXTRA_SETTINGS_FILE] DOMAIN
+Usage: ${0##*/} [OPTIONS] [EXTRA_SETTINGS_FILE] DOMAIN
Note: this is less tested and mature than the apache site script.
Setup nginx config with https using
EXTRA_SETTINGS_FILE can be - for stdin
-c CERT_DIR In priority: this arg, $ACME_TINY_WRAPPER_CERT_DIR,
$HOME/webservercerts, if the other options aren't set.
+-f [ADDR:]PORT Enable proxy to [ADDR:]PORT. ADDR default is 127.0.0.1
-p PORT Port to listen on, default 443
--f PORT Enable proxy to PORT on localhost
--r DocumentRoot
+-r DIR DocumentRoot
-h|--help Print help and exit
TODO: add https redir site.
cert_dir=$HOME/webservercerts
fi
port=443
-proxy_port=
extra_settings=
temp=$(getopt -l help: c:f:p:r:h "$@") || usage 1
eval set -- "$temp"
while true; do
case $1 in
-c) cert_dir="$2"; shift 2 ;;
+ -f) proxy="$2"; shift 2 ;;
-p) port="$2"; shift 2 ;;
- -f) proxy_port="$2"; shift 2 ;;
-r) root="$2"; shift 2 ;;
--) shift; break ;;
-h|--help) usage ;;
root=/var/www/$h/html
fi
+if [[ $proxy ]]; then
+ [[ $proxy == *:* ]] || proxy=127.0.0.1:$proxy
+fi
+
##### end command line parsing ########
-sudo rm -f /etc/nginx/sites-enabled/default
+rm -f /etc/nginx/sites-enabled/default
if nginx -V |& grep -- '--with-http_v2_module\b' &>/dev/null; then
http2_arg=http2
fi
-sudo dd of=/etc/nginx/sites-enabled/$h.conf <<EOF
+echo "$0: creating /etc/nginx/sites-enabled/$h.conf"
+cat >/etc/nginx/sites-enabled/$h.conf <<EOF
# ssecurty settings taken from
# https://mozilla.github.io/server-side-tls/ssl-config-generator/
# using modern config. last checked 2017/2/20
#resolver <IP DNS resolver>;
EOF
if [[ $extra_settings ]]; then
- cat $extra_settings | sudo tee -a /etc/nginx/sites-enabled/$h.conf
+ cat $extra_settings >>/etc/nginx/sites-enabled/$h.conf
fi
-if [[ $proxy_port ]]; then
- sudo tee -a /etc/nginx/sites-enabled/$h.conf <<EOF
+if [[ $proxy ]]; then
+ cat >>/etc/nginx/sites-enabled/$h.conf <<EOF
location / {
proxy_set_header Host \$host;
proxy_set_header X-Real-IP \$remote_addr;
proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Ssl on;
proxy_set_header X-Forwarded-Port $port;
- proxy_pass http://127.0.0.1:$proxy_port;
+ proxy_pass http://$proxy;
}
EOF
fi
-sudo tee -a /etc/nginx/sites-enabled/$h.conf <<EOF
+cat >>/etc/nginx/sites-enabled/$h.conf <<EOF
}
EOF
-sudo mkdir -p /var/www/$h/html
-sudo chown -R ian:ian /var/www/$h
-sudo service nginx restart
+mkdir -p /var/www/$h/html
+chown -R ian:ian /var/www/$h
+service nginx restart