Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/usr/bin/env bash
- echo -e "\n*****\n* Generating Diffie-Hellman parameters for better security.\n*****\n"
- # Add Diffie-Hellman parameters.
- # Create secure Diffie-Hellman parameters.
- sudo openssl dhparam -out /etc/ssl/certs/dhparam.pem 2048
- NGINX_CONF="/etc/nginx/sites-available/default"
- # Get last occurrence of parentheses that closes the code block.
- LAST_OCCURANCE=$(grep --line-number } "$NGINX_CONF" | cut --delimiter=: --fields=1 | tail --lines=2 | head --lines=1)
- # Add new parameters to server block
- SECURE_DH_PEM="ssl_dhparam /etc/ssl/certs/dhparam.pem;"
- sudo sed --in-place "$LAST_OCCURANCE s%\(}\)%\1\n $SECURE_DH_PEM%" "$NGINX_CONF"
- # Restart Nginx
- sudo systemctl reload nginx
- # Ask for valid email.
- # -e - Input coming from terminal.
- # -p - Prompt for input.
- read -ep "Enter valid email for account retrieval: " EMAIL
- HOST_NAME=$(hostname)
- # Install Certbot Let's Encrypt client for certificates on Nginx.
- sudo add-apt-repository -y ppa:certbot/certbot
- sudo apt-get update
- sudo apt-get -y install python-certbot-nginx
- # Auto configure: Authenticate and install certificate.
- sudo certbot --nginx \
- --domain ${HOST_NAME}.eastus.cloudapp.azure.com \
- --email ${EMAIL} \
- --agree-tos \
- --no-eff-email \
- --non-interactive \
- --redirect \
- --test-cert
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement