Nginx Virtual Host & SSL Auto Installer

1. #!/bin/bash
2. # Nginx Virtual Host & SSL Auto Installer
3. # Created by Teguh Aprianto
4. # https://bukancoder | https://teguh.co
5.  
6. IJO='\e[38;5;82m'
7. MAG='\e[35m'
8. RESET='\e[0m'
9.  
10. echo -e "$IJO                                                                                   $RESET"
11. echo -e "$IJO __________       __                    $MAG _________            .___             $RESET"
12. echo -e "$IJO \______   \__ __|  | _______    ____   $MAG \_   ___ \  ____   __| _/___________  $RESET"
13. echo -e "$IJO  |    |  _/  |  \  |/ /\__  \  /    \  $MAG /    \  \/ /  _ \ / __ |/ __ \_  __ \ $RESET"
14. echo -e "$IJO  |    |   \  |  /    <  / __ \|   |  \ $MAG \     \___(  <_> ) /_/ \  ___/|  | \/ $RESET"
15. echo -e "$IJO  |______  /____/|__|_ \(____  /___|  / $MAG  \______  /\____/\____ |\___  >__|    $RESET"
16. echo -e "$IJO        \/           \/     \/     \/   $MAG        \/            \/    \/         $RESET"
17. echo -e "$IJO ---------------------------------------------------------------------------       $RESET"
18. echo -e "$IJO |$MAG                Nginx Virtual Host & SSL Auto Installer                  $IJO| $RESET"
19. echo -e "$IJO ---------------------------------------------------------------------------       $RESET"
20. echo -e "$IJO |$IJO                               Created by                                $IJO| $RESET"
21. echo -e "$IJO |$MAG                             Teguh Aprianto                              $IJO| $RESET"
22. echo -e "$IJO ---------------------------------------------------------------------------       $RESET"
23. echo ""
24.  
25. echo -e "$MAG--=[ To create a vhost and install SSL for new domain, press any key to continue ]=--$RESET"
26. read answer
27.  
28. echo -e "$MAG--=[ Adding domain to the server ]=--$IJO"
29.     domain="yourdomain.com"
30.     read -p "Domain to add : " domain
31.     if [ "$domain" = "" ]; then
32.         domain="yourdomain.com"
33.     fi
34.     if [ ! -f "/etc/nginx/sites-available/$domain.conf" ]; then
35.     echo "---------------------------"
36.     echo "Domain : $domain"
37.     echo "---------------------------"
38.     else
39.     echo "---------------------------"
40.     echo "$domain is exist!"
41.     echo "---------------------------" 
42.     fi
43. echo
44. echo
45.  
46. echo -e "$MAG--=[ Create new user for the domain ]=--$IJO"
47. if [ $(id -u) -eq 0 ]; then
48.     read -p "Enter username : " username
49.     read -s -p "Enter password : " password
50.     egrep "^$username" /etc/passwd >/dev/null
51.     if [ $? -eq 0 ]; then
52.         echo "$username exists!"
53.         exit 1
54.     else
55.         pass=$(perl -e 'print crypt($ARGV[0], "password")' $password)
56.         useradd -m -p $pass $username
57.         [ $? -eq 0 ] && echo "User has been added to system!" || echo "Failed to add a user!"
58.     fi
59. else
60.     echo "Only root may add a user to the system"
61.     exit 2
62. fi
63.     echo "---------------------------"
64.     echo "Username : $username"
65.     echo "---------------------------"
66. echo
67. echo
68.  
69. echo -e "$MAG--=[Directory for the domain]=--$IJO "
70. vhostdir="/home/$username/www/$domain/public_html"
71.     read -p "Default directory: /home/$username/www/$domain/public_html : " vhostdir
72.     if [ "$vhostdir" = "" ]; then
73.         vhostdir="/home/$username/www/$domain/public_html"
74.     fi
75.     echo "------------------------------------------------------"
76.     echo Virtual Host Directory="$vhostdir"
77.     echo "------------------------------------------------------"
78. echo
79. echo
80. echo -e "$MAG--=[Adding new virtual host for the domain]=--$IJO"
81. echo -e "Press any key to start adding new virtual host $RESET"
82. read answer
83. echo
84. echo
85.  
86. if [ ! -d /etc/nginx/sites-available/ ]; then
87.     mkdir /etc/nginx/sites-available/
88. fi
89.  
90. if [ ! -d /etc/nginx/sites-enabled/ ]; then
91.     mkdir /etc/nginx/sites-enabled/
92. fi
93.  
94.  
95. echo -e "$MAG--=[ Creating domain directory ]=--$IJO"
96. mkdir -p $vhostdir
97. chmod 775 $vhostdir
98. chmod 755 /home/$username
99. chown $username:$username $vhostdir
100. chown $username:$username /home/$username
101. chown $username:$username /home/$username/www
102. chown $username:$username /home/$username/www/$domain
103. echo
104. echo
105. echo -e "$MAG--=[ Creating virtual host for domain $IJO $domain $MAG]=--$IJO"
106. fastcgi_script_name='$fastcgi_script_name'
107. server_name='$server_name'
108. request_uri='$request_uri'
109. scheme='$scheme'
110. cat >/etc/nginx/sites-available/$domain.conf<<eof
111. $alf
112. server {
113.         listen 443 http2 ssl;
114.         listen 80;
115.  
116.         server_name $domain;
117.        
118.         if ($scheme = http) {
119.         return 301 https://$server_name$request_uri;
120. }
121.  
122.         ssl_certificate /etc/letsencrypt/live/$domain/fullchain.pem;
123.         ssl_certificate_key /etc/letsencrypt/live/$domain/privkey.pem;
124.  
125.         ########################################################################
126.         # from https://cipherli.st/                                            #
127.         # and https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html #
128.         ########################################################################
129.  
130.         ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
131.         ssl_prefer_server_ciphers on;
132.         ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
133.         ssl_ecdh_curve secp384r1;
134.         ssl_session_cache shared:SSL:10m;
135.         ssl_session_tickets off;
136.         ssl_stapling on;
137.         ssl_stapling_verify on;
138.         resolver 8.8.8.8 8.8.4.4 valid=300s;
139.         resolver_timeout 5s;
140.         # Disable preloading HSTS for now.  You can use the commented out header line that includes
141.         # the "preload" directive if you understand the implications.
142.         #add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload";
143.         add_header Strict-Transport-Security "max-age=63072000; includeSubdomains";
144.         add_header X-Content-Type-Options nosniff;
145.  
146.         ##################################
147.         # END https://cipherli.st/ BLOCK #
148.         ##################################
149.  
150.         ssl_dhparam /etc/ssl/certs/dhparam.pem;
151.  
152.         location ~ /.well-known {
153.                 allow all;
154.         }
155.     error_log /home/$username/www/$domain/error.log;                      
156.     access_log /home/$username/www/$domain/access.log;                       # Server name (priv9.bukancoder.com)
157.     root   /home/$username/www/$domain/public_html;           # Document root
158.  
159.     location / {
160.             index index.php  index.html index.htm;
161.     }
162.     location ~ .php$ {
163.         include /etc/nginx/fastcgi_params;
164.         fastcgi_pass   127.0.0.1:9000;
165.         fastcgi_index  index.php;
166.         fastcgi_keep_conn on; # < solution
167.         proxy_buffering off;
168.         gzip off;
169.         fastcgi_param  SCRIPT_FILENAME  /home/$username/www/$domain/public_html$fastcgi_script_name;
170.         include        fastcgi_params;
171.     }
172. }
173.  
174.  
175. eof
176. echo
177. echo
178.  
179. echo -e "$MAG--=[ Creating symbolic link for the vhost ]=--$IJO"
180. ln -s /etc/nginx/sites-available/$domain.conf /etc/nginx/sites-enabled/$domain.conf
181. echo
182. echo
183.  
184. echo -e "$MAG--=[ Creating new Nginx Configuration ]=--$IJO"
185. rm -rf /etc/nginx/nginx.conf
186. cat >/etc/nginx/nginx.conf<<eof
187. $alf
188. user  nginx;
189. worker_processes  1;
190.  
191. error_log  /var/log/nginx/error.log warn;
192. pid        /var/run/nginx.pid;
193.  
194.  
195. events {
196.     worker_connections  1024;
197. }
198.  
199.  
200. http {
201.     include       /etc/nginx/mime.types;
202.     default_type  application/octet-stream;
203.  
204.     log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
205.                       '$status $body_bytes_sent "$http_referer" '
206.                       '"$http_user_agent" "$http_x_forwarded_for"';
207.  
208.     access_log  /var/log/nginx/access.log  main;
209.  
210.     sendfile        on;
211.     #tcp_nopush     on;
212.  
213.     keepalive_timeout  65;
214.     client_max_body_size 500M;
215.  
216.     #gzip  on;
217.  
218.     include /etc/nginx/conf.d/*.conf;
219.     include /etc/nginx/sites-enabled/*;
220. }
221.  
222. eof
223. echo
224. echo
225.  
226. echo -e "$MAG--=[ Test Nginx Configuration File ]=--$IJO"
227. nginx -t
228. echo
229. echo
230.  
231. echo -e "$MAG--=[ Creating PHP Info File ]=--$IJO"
232. cd /home/$username/www/$domain/public_html
233. cat > "info.php" <<EOF
234.  
235. <?php
236. phpinfo();
237. ?>
238.  
239. EOF
240. chmod 775 info.php
241. echo
242. echo
243.  
244. echo -e "$MAG--=[ Stopping Nginx ]=--$IJO"
245. service nginx stop
246. echo
247. echo
248.  
249. echo -e "$MAG--=[ Installing SSL Certificate for domain $IJO $domain $MAG ]=--$IJO"
250. yum -y install git
251. git clone https://github.com/letsencrypt/letsencrypt /opt/letsencrypt
252. cd /opt/letsencrypt
253. yum -y --enablerepo=epel install python-virtualenv python-pip
254. sudo -H ./letsencrypt-auto certonly --standalone  --no-bootstrap -d $domain
255. sudo openssl dhparam -out /etc/ssl/certs/dhparam.pem 2048
256.  
257. echo -e "$MAG--=[ Starting Nginx ]=--$IJO"
258. service nginx start
259. echo
260. echo
261.  
262. echo
263. echo -e "$MAG--=[Done! Domain and SSL for $IJO https://$domain $MAG has been added and installed on your server $MAG]=--$IJO"
264. echo -e "$MAG--=[PHP Info available on $IJO https://$domain/info.php $MAG]=--$RESET"