forked from cryptopool-builders/multipool_nomp
-
Notifications
You must be signed in to change notification settings - Fork 0
/
nginx_subdomain_ssl.sh
84 lines (66 loc) · 2.79 KB
/
nginx_subdomain_ssl.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
#!/usr/bin/env bash
#####################################################
# Created by cryptopool.builders for crypto use...
#####################################################
source /etc/functions.sh
source /etc/multipool.conf
source $STORAGE_ROOT/nomp/.nomp.conf
sudo mkdir -p /var/www/${Domain_Name}/html
echo -e " Generating Certbot Request for ${Domain_Name} ...$COL_RESET"
sudo mkdir -p /var/www/_letsencrypt
sudo chown www-data /var/www/_letsencrypt
hide_output sudo certbot certonly --webroot -d "${Domain_Name}" --register-unsafely-without-email -w /var/www/_letsencrypt -n --agree-tos --force-renewal
# Configure Certbot to reload NGINX after success renew:
sudo mkdir -p /etc/letsencrypt/renewal-hooks/post/
echo '#!/bin/bash\nnginx -t && systemctl reload nginx' | sudo -E tee /etc/letsencrypt/renewal-hooks/post/nginx-reload.sh >/dev/null 2>&1
sudo chmod a+x /etc/letsencrypt/renewal-hooks/post/nginx-reload.sh
# Remove the '"${DomainName}"'.conf that had the self signed SSL and replace with the new file.
sudo rm /etc/nginx/sites-available/${Domain_Name}.conf
# I am SSL Man!
echo '#####################################################
# Source Generated by nginxconfig.io
# Updated by cryptopool.builders for crypto use...
#####################################################
# NGINX Simple DDoS Defense
limit_conn_zone $binary_remote_addr zone=conn_limit_per_ip:10m;
limit_conn conn_limit_per_ip 80;
limit_req zone=req_limit_per_ip burst=80 nodelay;
limit_req_zone $binary_remote_addr zone=req_limit_per_ip:40m rate=5r/s;
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name '"${Domain_Name}"';
set $base "/var/www/'"${Domain_Name}"'/html";
root $base/web;
# SSL
ssl_certificate /etc/letsencrypt/live/'"${Domain_Name}"'/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/'"${Domain_Name}"'/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/'"${Domain_Name}"'/chain.pem;
# security
include cryptopool.builders/security.conf;
# logging
access_log '"${STORAGE_ROOT}"'/nomp/logs/'"${Domain_Name}"'.app.access.log;
error_log '"${STORAGE_ROOT}"'/nomp/logs/'"${Domain_Name}"'.app.error.log warn;
# reverse proxy
location / {
proxy_pass http://127.0.0.1:3000;
include cryptopool.builders/proxy.conf;
}
# additional config
include cryptopool.builders/general.conf;
}
# HTTP redirect
server {
listen 80;
listen [::]:80;
server_name .'"${Domain_Name}"';
include cryptopool.builders/letsencrypt.conf;
location / {
return 301 https://'"${Domain_Name}"'$request_uri;
}
}
' | sudo -E tee /etc/nginx/sites-available/${Domain_Name}.conf >/dev/null 2>&1
sudo ln -s /etc/nginx/sites-available/${Domain_Name}.conf /etc/nginx/sites-enabled/${Domain_Name}.conf
sudo ln -s $STORAGE_ROOT/nomp/site/web /var/www/${Domain_Name}/html
restart_service nginx
cd $HOME/multipool/nomp