joby/webserver-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
webserver-config/add-site.sh
Joby Elliott 1df444fb00 execute permissions
2024-10-14 15:57:19 -06:00

136 lines
3.9 KiB
Bash
Executable file
Raw Blame History

#!/bin/bash
# Prompt for user input
read -p "Enter the desired username: " username
read -sp "Enter the password for $username: " password
echo
read -p "Enter the domain name (e.g., example.com): " domain
read -sp "Enter your Cloudflare API key: " cf_api_key
echo
# Create the user and add to www-data group
sudo useradd -m -s /bin/bash -G www-data $username
echo "$username:$password" | sudo chpasswd
# Set up directory structure
main_web_root="/var/www/$domain"
sudo mkdir -p $main_web_root/{_main/www,subdomains,logs}
# Set ownership and permissions for the main site directory
sudo chown -R $username:www-data $main_web_root
sudo find $main_web_root -type d -exec chmod 2750 {} +
sudo find $main_web_root -type f -exec chmod 640 {} +
# Set ownership and permissions for the logs directory
sudo chown root:www-data $main_web_root/logs
sudo chmod 755 $main_web_root/logs
# Ensure new log files get correct permissions
sudo bash -c "echo '
# Set proper permissions for new log files
umask 022
' >> /etc/nginx/nginx.conf"
# Create Cloudflare credentials file
cf_credentials="/root/.cloudflare/$domain.ini"
sudo mkdir -p /root/.cloudflare
sudo bash -c "cat > $cf_credentials << EOL
dns_cloudflare_api_token = $cf_api_key
EOL"
sudo chmod 600 $cf_credentials
# Request wildcard certificate using Cloudflare DNS challenge
sudo certbot certonly --dns-cloudflare \
--dns-cloudflare-credentials $cf_credentials \
-d $domain -d *.$domain \
--non-interactive
# Create Nginx configuration
nginx_config="/etc/nginx/sites-available/$domain"
sudo bash -c "cat > $nginx_config << EOL
server {
listen 80;
listen [::]:80;
server_name .$domain;
return 301 https://\$host\$request_uri;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name .$domain;
ssl_certificate /etc/letsencrypt/live/$domain/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/$domain/privkey.pem;
# Determine the subdomain and set the root accordingly
set \$subdomain '';
if (\$host ~* ^([^.]+)\.$domain$) {
set \$subdomain \$1;
}
# Default root for subdomains
root $main_web_root/subdomains/\$subdomain/www;
# For the main domain, use the _main/www directory
if (\$host = $domain) {
root $main_web_root/_main/www;
access_log $main_web_root/logs/main_access.log;
error_log $main_web_root/logs/main_error.log;
}
# For subdomains, use separate log files
if (\$subdomain != '') {
access_log $main_web_root/logs/\${subdomain}_access.log;
error_log $main_web_root/logs/\${subdomain}_error.log;
}
index index.html index.htm index.php;
location / {
try_files \$uri \$uri/ @router;
}
location @router {
if (!-f \$document_root/router.php) {
return 404;
}
fastcgi_pass unix:/var/run/php/php-fpm.sock;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME \$document_root/router.php;
}
location ~ \.php$ {
try_files \$uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php/php-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
}
location ~ /\.ht {
deny all;
}
}
EOL"
# Enable the site
sudo ln -s $nginx_config /etc/nginx/sites-enabled/
# Test Nginx configuration
sudo nginx -t
# If the test is successful, reload Nginx
if [ $? -eq 0 ]; then
sudo systemctl reload nginx
echo "Nginx configuration has been updated and reloaded."
else
echo "Nginx configuration test failed. Please check the configuration."
fi
echo "Setup complete for $domain"
echo "Main website files should be placed in: $main_web_root/_main/www"
echo "Subdomain files should be placed in: $main_web_root/subdomains/[subdomain]/www"
echo "Logs will be stored in: $main_web_root/logs"
echo "Cloudflare credentials for this domain are stored in: $cf_credentials"
echo "Remember to log out and log back in for group changes to take effect."
Reference in a new issue View git blame Copy permalink