From 7e7f5b326e83a9613629935c8a11f81055f8e600 Mon Sep 17 00:00:00 2001 From: David Schroeder Date: Fri, 1 Feb 2019 17:52:00 -0600 Subject: [PATCH] Update nodemgmt-scripts.sh --- nodemgmt-scripts.sh | 112 ++++++++++++++++++++++++++++++++------------ 1 file changed, 83 insertions(+), 29 deletions(-) diff --git a/nodemgmt-scripts.sh b/nodemgmt-scripts.sh index 7a8c05a0..73e90267 100755 --- a/nodemgmt-scripts.sh +++ b/nodemgmt-scripts.sh @@ -28,7 +28,7 @@ case "$1" in do_with_root chmod -R 6775 /etc/letsencrypt echo -e "${idsCL[LightGreen]}Waiting for certifcate replication between the nodes...${idsCL[Default]}" sleep 20 - "$0" service nginx reload + ${FOLDER}/nodemgmt-scripts.sh service nginx reload exit 0 ;; @@ -39,7 +39,7 @@ case "$1" in do_with_root chmod -R 6775 /etc/letsencrypt 2>&1 | tee -a /opt/idssys/nodemgmt/cert-renewal.lastrun echo -e "${idsCL[LightGreen]}Waiting for certifcate replication between the nodes...${idsCL[Default]}" sleep 20 - "$0" service nginx reload 2>&1 | tee -a /opt/idssys/nodemgmt/cert-renewal.lastrun + ${FOLDER}/nodemgmt-scripts.sh service nginx reload 2>&1 | tee -a /opt/idssys/nodemgmt/cert-renewal.lastrun exit 0 ;; @@ -49,7 +49,7 @@ case "$1" in do_with_root chown -R root:letsencrypt /etc/letsencrypt &>> /opt/idssys/nodemgmt/cert-renewal.lastrun do_with_root chmod -R 6775 /etc/letsencrypt &>> /opt/idssys/nodemgmt/cert-renewal.lastrun sleep 20 - "$0" service nginx reload &>> /opt/idssys/nodemgmt/cert-renewal.lastrun + ${FOLDER}/nodemgmt-scripts.sh service nginx reload &>> /opt/idssys/nodemgmt/cert-renewal.lastrun exit 0 ;; @@ -64,7 +64,7 @@ case "$1" in rm -rf /etc/letsencrypt/live/${DEL_SITE} rm -f /etc/letsencrypt/renewal/${DEL_SITE}.conf sleep 20 - "$0" service nginx reload + ${FOLDER}/nodemgmt-scripts.sh service nginx reload echo -e "${idsCL[LightRed]}Site has been deleted.${idsCL[Default]}" ;; @@ -74,6 +74,9 @@ case "$1" in site) NEW_SITE=$OPTARG ;; type) SITE_TYPE=$OPTARG ;; ssl) CREATE_SSL=$OPTARG ;; + proxy_scheme) PROXYSCHEME=$OPTARG ;; + proxy_host) PROXYHOST=$OPTARG ;; + proxy_port) PROXYPORT=$OPTARG ;; :) echo "Invalid option: '${OPTARG}' requires an argument" 1>&2 echo "" @@ -81,12 +84,18 @@ case "$1" in ;; esac done - - if [ "${NEW_SITE}" != "" ] && [ "${SITE_TYPE}" != "" ]; then - echo -e "${idsCL[LightGreen]}Setting up new site for '${idsCL[Yellow]}${NEW_SITE}${idsCL[LightGreen]}'...${idsCL[Default]}" - echo "" - mkdir -p /var/www/${NEW_SITE}/{public_folder,nginx_logs} - echo -e "server { + if [ -z ${SITE_TYPE+x} ]; then SITE_TYPE=local; fi + if [ -z ${CREATE_SSL+x} ]; then CREATE_SSL=true; fi + if [ "${NEW_SITE}" != "" ]]; then + if [ "${SITE_TYPE}" = "proxy" ]; then + if [ ! -z ${PROXYSCHEME+x} ] && [ ! -z ${PROXYHOST+x} ] && [ ! -z ${PROXYPORT+x} ]; then GO=true; fi + else GO=true; fi + if [ "${GO}" = "true" ]; then + echo -e "${idsCL[LightGreen]}Setting up new site for '${idsCL[Yellow]}${NEW_SITE}${idsCL[LightGreen]}'...${idsCL[Default]}" + echo "" + mkdir -p /var/www/${NEW_SITE}/{public_folder,nginx_logs} + if [ "${SITE_TYPE}" = "local" ]; then + echo -e "server { listen 8443 ssl http2; listen 8080; @@ -96,37 +105,81 @@ case "$1" in root \$base/public_html; access_log /var/www/${NEW_SITE}/nginx_logs/access.log; - error_log /var/www/${NEW_SITE}/nginx_logs/error.log warn; + error_log /var/www/${NEW_SITE}/nginx_logs/error.log warn;" > /etc/nginx/sites-available/${NEW_SITE}.conf + if [ "${CREATE_SSL}" = "true"]; then + echo -e " ssl_certificate /etc/letsencrypt/live/${NEW_SITE}/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/${NEW_SITE}/privkey.pem; - include conf.d/include/ssl-ciphers.conf; - + include conf.d/include/ssl-ciphers.conf;" >> /etc/nginx/sites-available/${NEW_SITE}.conf + fi + echo -e " index index.php; location / { - try_files \$uri \$uri/ /index.php?\$query_string; - include conf.d/include/force-ssl.conf; - } + try_files \$uri \$uri/ /index.php?\$query_string;" + if [ "${CREATE_SSL}" = "true"]; then + echo -e " include conf.d/include/force-ssl.conf;" >> /etc/nginx/sites-available/${NEW_SITE}.conf + fi + echo -e " } location ~ \.php\$ { - fastcgi_pass unix:/var/run/php/php5.6-fpm.sock; + fastcgi_pass unix:/var/run/php/php7.2-fpm.sock; include conf.d/include/php_fastcgi.conf; } - include conf.d/include/general.conf; + include conf.d/include/general.conf;" >> /etc/nginx/sites-available/${NEW_SITE}.conf + if [ "${CREATE_SSL}" = "true"]; then + echo -e " include conf.d/include/letsencrypt-acme-challenge.conf;" >> /etc/nginx/sites-available/${NEW_SITE}.conf + fi + echo -e "}" >> /etc/nginx/sites-available/${NEW_SITE}.conf + else + echo -e "server { + set \$forward_scheme ${PROXY_SCHEME}; + set \$server \"${PROXY_HOST}\"; + set \$port ${PROXY_PORT}; + + listen 8080;" > /etc/nginx/sites-available/${NEW_SITE}.conf + if [ "${CREATE_SSL}" = "true"]; then + echo -e " listen 8443 ssl http2;" >> /etc/nginx/sites-available/${NEW_SITE}.conf + fi + echo -e " + server_name ${NEW_SITE}; +" >> /etc/nginx/sites-available/${NEW_SITE}.conf + if [ "${CREATE_SSL}" = "true"]; then + echo -e " include conf.d/include/letsencrypt-acme-challenge.conf; + include conf.d/include/ssl-ciphers.conf; + ssl_certificate /etc/letsencrypt/live/${NEW_SITE}/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/${NEW_SITE}/privkey.pem;" >> /etc/nginx/sites-available/${NEW_SITE}.conf + fi + echo -e " + access_log /var/www/!NGINX-Logs/proxy-${NEW_SITE}.log proxy; + + location / {" >> /etc/nginx/sites-available/${NEW_SITE}.conf + if [ "${CREATE_SSL}" = "true"]; then + echo -e " include conf.d/include/force-ssl.conf;" >> /etc/nginx/sites-available/${NEW_SITE}.conf + fi + echo -e " include conf.d/include/proxy.conf; + } } -" > /etc/nginx/sites-available/${NEW_SITE}.conf - ln -s /etc/nginx/sites-available/${NEW_SITE}.conf /etc/nginx/sites-enabled/${NEW_SITE}.conf - echo "Site folders have been created." - echo -e "${idsCL[LightGreen]}Waiting for folder replication between the nodes...${idsCL[Default]}" - sleep 20 - nodemgmt set-permissions ${NEW_SITE} - nodemgmt newcert ${NEW_SITE} - echo "" - echo -e "${idsCL[LightGreen]}The new site for '${idsCL[LightGreen]}${NEW_SITE}${idsCL[Default]}' has been created.${idsCL[Default]}" - echo "" +" >> /etc/nginx/sites-available/${NEW_SITE}.conf + fi + ln -s /etc/nginx/sites-available/${NEW_SITE}.conf /etc/nginx/sites-enabled/${NEW_SITE}.conf + echo "Site folders have been created." + echo -e "${idsCL[LightGreen]}Waiting for folder replication between the nodes...${idsCL[Default]}" + sleep 20 + nodemgmt set-permissions ${NEW_SITE} + if [ "${CREATE_SSL}" = "true" ]; then + ${FOLDER}/nodemgmt-scripts.sh newcert ${NEW_SITE} + fi + echo "" + echo -e "${idsCL[LightGreen]}The new site for '${idsCL[LightGreen]}${NEW_SITE}${idsCL[Default]}' has been created.${idsCL[Default]}" + echo "" + else + echo "missing proxy arguments" + exit 1 + fi else echo "Missing parameters" echo "" @@ -139,7 +192,8 @@ case "$1" in printf "%-${width}s: %s\n" " -proxy_host {IP or FQDN}" "(required if type set to proxy)" printf "%-${width}s: %s\n" " -proxy_port {host port}" "(required if type set to proxy)" echo "}" - fi + fi + exit 1 ;; update)