/ Scripts

Script - Nginx

Ce script permet de générer facilement un certificat SSL avec Let's Encrypt et de créer le virtualhost Nginx.

1 - Prérequis :

  • Nginx
  • Let's Encrypt
  • Un nom de domaine

2 - Installation des prérequis :

sudo apt update && sudo apt install -y nginx php-fpm php php-mysql && sudo ln -s /var/run/php/php*-fpm.sock /var/run/php/php-fpm.sock

sudo mkdir /etc/ssl/certs
cd /etc/ssl/certs
sudo openssl dhparam -out dhparam.pem 4096
cd /etc/nginx/
sudo rm nginx.conf
sudo wget https://get.nexart.fr/upload/BLOG/nginx.conf.txt
sudo mv nginx.conf.txt nginx.conf
sudo systemctl restart nginx
cd /opt
sudo git clone https://github.com/letsencrypt/letsencrypt
cd letsencrypt/
sudo ./letsencrypt-auto --help

3 - Création du script

sudo vi Nginx.sh

#! /bin/bash

case "$1" in

ajouter)

echo -e "Quel est l'adresse du site internet ? \c "
read name

echo -e "Quel est l'emplacement de votre site internet ? \c"
read path

sudo systemctl stop nginx
sudo /opt/letsencrypt/letsencrypt-auto --standalone certonly -d $name -d www.$name
sudo mkdir $path
echo "Le site $name arrive bientot, merci !" > $path/index.html

echo 'server {
        listen *:80;
        listen *:443 ssl http2;
        ssl_protocols TLSv1.2;
        ssl_dhparam /etc/ssl/certs/dhparam.pem;
        ssl_certificate /etc/letsencrypt/live/'"$name"'/fullchain.pem;
        ssl_trusted_certificate /etc/letsencrypt/live/'"$name"'/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/live/'"$name"'/privkey.pem;
        ssl_prefer_server_ciphers on;
        ssl_ciphers "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256";
        resolver 80.67.169.12 80.67.169.40 valid=300s;
        resolver_timeout 5s;

        ssl_session_timeout 5m;
        ssl_session_tickets off;
        add_header Strict-Transport-Security "max-age=31536000";
        add_header X-Frame-Options SAMEORIGIN;
        add_header X-Content-Type-Options nosniff;
        add_header X-XSS-Protection "1; mode=block";

        server_name '"$name"' www.'"$name"';
        root '$path';
        index index.php index.html index.htm;

        if ($scheme != "https") {
            rewrite ^ https://$http_host$request_uri? permanent;
        }

        location ~ .php$ {
            try_files $uri =404;
            fastcgi_split_path_info ^(.+.php)(/.+)$;
            fastcgi_pass unix:/var/run/php/php-fpm.sock;
            fastcgi_index index.php;
            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
            fastcgi_read_timeout 60;
            include fastcgi_params;
        }

        location ~ /\.well-known/acme-challenge {
            allow all;
        }

        location = /favicon.ico {
            log_not_found off;
            access_log off;
        }

        location = /robots.txt {
            deny all;
            log_not_found off;
            access_log off;
        }

}' > /etc/nginx/sites-enabled/$name.vhost

sudo systemctl reload nginx
echo "Le  site internet $name est désormais en ligne, son répertoire se trouve dans $path !"

;;

supprimer)

sudo systemctl stop nginx

echo -e "Quel est l'adresse du site internet qu'il faut supprimer ? \c"
read deletename

echo -e "Quel est l'emplacement de votre site internet ? \c"
read deletepath

sudo rm -rf /etc/letsencrypt/live/$deletename*
sudo rm -rf /etc/letsencrypt/archive/$deletename*
sudo rm -rf /etc/letsencrypt/renewal/$deletename*
sudo rm -rf /etc/nginx/sites-enabled/$deletename.vhost
sudo rm -rf $deletepath
sudo systemctl reload nginx

;;

*)

echo $"Nginx : $0 {ajouter|supprimer}"
exit 1
esac
exit 0

4 - Affectation des droits

sudo chmod +x Nginx.sh && sudo ./Nginx ajouter|supprimer

Voilà un script bien pratique !