Updated SSL settings and installation methode
This commit is contained in:
@@ -210,11 +210,17 @@ fi
|
||||
|
||||
if [ $sslenable = 1 ]; then
|
||||
msg " Setting up SSL"
|
||||
site_ext=ssl
|
||||
if [ $domainwww = 1 ]; then
|
||||
certbot --"$webserv" -n -d "$domain" -d "www.$domain" -m "$email" --hsts --redirect --no-eff-email --agree-tos
|
||||
elif [ $domainwww = 0 ]; then
|
||||
certbot --"$webserv" -n -d "$domain" -m "$email" --hsts --redirect --no-eff-email --agree-tos
|
||||
fi
|
||||
if curl --retry 2 --retry-delay 1 --output /dev/null --silent --head --fail "$repo"/raw/branch/"$branch"/CoreModules/"$webserv"/ssl-handler.sh; then
|
||||
source <(curl --retry 7 --retry-delay 5 -s "$repo"/raw/branch/"$branch"/CoreModules/"$webserv"/ssl-handler.sh)
|
||||
fi
|
||||
elif [ $sslenable = 0 ]; then
|
||||
site_ext=nossl
|
||||
fi
|
||||
|
||||
wget -q -t7 "$repo"/raw/branch/"$branch"/Scripts/EnableSSL.sh -O ~/activateSSL-$domain.sh
|
||||
|
||||
@@ -3,9 +3,9 @@
|
||||
#Configuring nginx
|
||||
wget -q -t7 "$repo"/raw/branch/"$branch"/CMS/nextcloud/Nginx-unconfigured -O /tmp/nginx-siteconf
|
||||
sed -i -e 's/PHPver/'$phpver'/g' -e 's/DOMAINname/'$domain'/' -e 's/SITEname/'$sitename'/' /tmp/nginx-siteconf
|
||||
sed -i -e "0,/^#ConfHere/s/\(^#Conf.*\)/#ConfHere1 /" -e '/#ConfHere1/ r /tmp/nginx-siteconf' -e '/#ConfHere/c\' /etc/nginx/sites-available/"$sitename"
|
||||
sed -i -e "0,/^#ConfHere/s/\(^#Conf.*\)/#ConfHere1 /" -e '/#ConfHere1/ r /tmp/nginx-siteconf' -e '/#ConfHere/c\' /etc/nginx/sites-available/"$sitename"_"$site_ext"
|
||||
if [ $sslenable = 0 ]; then
|
||||
sed -i -e '/fastcgi_param HTTPS/c\# fastcgi_param HTTPS' /etc/nginx/sites-available/"$sitename"
|
||||
sed -i -e '/fastcgi_param HTTPS/c\# fastcgi_param HTTPS' /etc/nginx/sites-available/"$sitename"_nossl
|
||||
fi
|
||||
mkdir -p /var/www/"$domain"/html/data
|
||||
systemctl reload nginx
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
wget -q -t7 "$repo"/raw/branch/"$branch"/CMS/none/Nginx-unconfigured -O /tmp/nginx-siteconf
|
||||
sed -i -e 's/PHPver/'$phpver'/g' -e 's/DOMAINname/'$domain'/' -e 's/SITEname/'$sitename'/' /tmp/nginx-siteconf
|
||||
sed -i -e "0,/^#ConfHere/s/\(^#Conf.*\)/#ConfHere1 /" -e '/#ConfHere1/ r /tmp/nginx-siteconf' -e '/#ConfHere/c\' /etc/nginx/sites-available/"$sitename"
|
||||
sed -i -e "0,/^#ConfHere/s/\(^#Conf.*\)/#ConfHere1 /" -e '/#ConfHere1/ r /tmp/nginx-siteconf' -e '/#ConfHere/c\' /etc/nginx/sites-available/"$sitename"_"$site_ext"
|
||||
mkdir -p /var/www/"$domain"/html
|
||||
|
||||
echo "<html><head></head><body>$webserv has been succsefully installed by the Wizard</body></html>" > /var/www/$domain/html/index.html
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
#Configuring nginx
|
||||
wget -q -t7 "$repo"/raw/branch/"$branch"/CMS/wordpress/Nginx-unconfigured -O /tmp/nginx-siteconf
|
||||
sed -i -e 's/PHPver/'$phpver'/g' -e 's/DOMAINname/'$domain'/' -e 's/SITEname/'$sitename'/' /tmp/nginx-siteconf
|
||||
sed -i -e "0,/^#ConfHere/s/\(^#Conf.*\)/#ConfHere1 /" -e '/#ConfHere1/ r /tmp/nginx-siteconf' -e '/#ConfHere/c\' /etc/nginx/sites-available/"$sitename"
|
||||
sed -i -e "0,/^#ConfHere/s/\(^#Conf.*\)/#ConfHere1 /" -e '/#ConfHere1/ r /tmp/nginx-siteconf' -e '/#ConfHere/c\' /etc/nginx/sites-available/"$sitename"_"$site_ext"
|
||||
|
||||
#Reloading Services
|
||||
systemctl reload nginx php$phpver-fpm
|
||||
@@ -2,8 +2,21 @@
|
||||
# Nginx #
|
||||
#############
|
||||
|
||||
wget -q -t7 "$repo"/raw/branch/"$branch"/CoreModules/nginx/config/nginx/site-unconfigured -O /etc/nginx/sites-available/"$sitename"
|
||||
sed -i -e 's/DOMAINname/'$domain'/' /etc/nginx/sites-available/"$sitename"
|
||||
ln -s /etc/nginx/sites-available/"$sitename" /etc/nginx/sites-enabled/
|
||||
if [ $domainwww = 1 ]; then
|
||||
#non-ssl
|
||||
wget -q -t7 -O - "$repo"/raw/branch/"$branch"/CoreModules/nginx/config/nginx/site-wwwredir >> /etc/nginx/sites-available/"$sitename"_nossl
|
||||
echo "" >> /etc/nginx/sites-available/"$sitename"_nossl
|
||||
#ssl
|
||||
wget -q -t7 -O - "$repo"/raw/branch/"$branch"/CoreModules/nginx/config/nginx/site_ssl-wwwredir >> /etc/nginx/sites-available/"$sitename"_ssl
|
||||
echo "" >> /etc/nginx/sites-available/"$sitename"_ssl
|
||||
fi
|
||||
|
||||
#non-ssl
|
||||
wget -q -t7 -O - "$repo"/raw/branch/"$branch"/CoreModules/nginx/config/nginx/site-unconfigured >> /etc/nginx/sites-available/"$sitename"_nossl
|
||||
sed -i -e 's/DOMAINname/'$domain'/' /etc/nginx/sites-available/"$sitename"_nossl
|
||||
ln -s /etc/nginx/sites-available/"$sitename"_nossl /etc/nginx/sites-enabled/"$sitename"
|
||||
#ssl
|
||||
wget -q -t7 -O - "$repo"/raw/branch/"$branch"/CoreModules/nginx/config/nginx/site_ssl-unconfigured >> /etc/nginx/sites-available/"$sitename"_ssl
|
||||
sed -i -e 's/DOMAINname/'$domain'/' /etc/nginx/sites-available/"$sitename"_ssl
|
||||
|
||||
systemctl reload nginx
|
||||
@@ -7,15 +7,24 @@ systemctl stop php${phpver}-fpm nginx
|
||||
mkdir -p /etc/nginx/sites-available /etc/nginx/sites-enabled /etc/nginx/snippets /etc/nginx/modules-available /etc/nginx/modules-enabled /etc/nginx/snippets/
|
||||
wget -q -t7 "$repo"/raw/branch/"$branch"/CoreModules/nginx/config/nginx/fastcgi.conf -O /etc/nginx/fastcgi.conf
|
||||
wget -q -t7 "$repo"/raw/branch/"$branch"/CoreModules/nginx/config/nginx/fastcgi-php.conf -O /etc/nginx/snippets/fastcgi-php.conf
|
||||
wget -q -t7 "$repo"/raw/branch/"$branch"/CoreModules/nginx/config/nginx/snippets-ssl.conf -O /etc/nginx/snippets/ngx-ssl.conf
|
||||
wget -q -t7 "$repo"/raw/branch/"$branch"/CoreModules/nginx/config/nginx/nginx-default.conf -O /etc/nginx/nginx.conf
|
||||
|
||||
if [ $domainwww = 1 ]; then
|
||||
wget -q -t7 -O - "$repo"/raw/branch/"$branch"/CoreModules/nginx/config/nginx/site-wwwredir >> /etc/nginx/sites-available/"$sitename"
|
||||
echo "" >> /etc/nginx/sites-available/"$sitename"
|
||||
#non-ssl
|
||||
wget -q -t7 -O - "$repo"/raw/branch/"$branch"/CoreModules/nginx/config/nginx/site-wwwredir >> /etc/nginx/sites-available/"$sitename"_nossl
|
||||
echo "" >> /etc/nginx/sites-available/"$sitename"_nossl
|
||||
#ssl
|
||||
wget -q -t7 -O - "$repo"/raw/branch/"$branch"/CoreModules/nginx/config/nginx/site_ssl-wwwredir >> /etc/nginx/sites-available/"$sitename"_ssl
|
||||
echo "" >> /etc/nginx/sites-available/"$sitename"_ssl
|
||||
fi
|
||||
wget -q -t7 -O - "$repo"/raw/branch/"$branch"/CoreModules/nginx/config/nginx/site-unconfigured >> /etc/nginx/sites-available/"$sitename"
|
||||
sed -i -e 's/DOMAINname/'$domain'/' /etc/nginx/sites-available/"$sitename"
|
||||
ln -s /etc/nginx/sites-available/"$sitename" /etc/nginx/sites-enabled/
|
||||
#non-ssl
|
||||
wget -q -t7 -O - "$repo"/raw/branch/"$branch"/CoreModules/nginx/config/nginx/site-unconfigured >> /etc/nginx/sites-available/"$sitename"_nossl
|
||||
sed -i -e 's/DOMAINname/'$domain'/' /etc/nginx/sites-available/"$sitename"_nossl
|
||||
ln -s /etc/nginx/sites-available/"$sitename"_nossl /etc/nginx/sites-enabled/"$sitename"
|
||||
#ssl
|
||||
wget -q -t7 -O - "$repo"/raw/branch/"$branch"/CoreModules/nginx/config/nginx/site_ssl-unconfigured >> /etc/nginx/sites-available/"$sitename"_ssl
|
||||
sed -i -e 's/DOMAINname/'$domain'/' /etc/nginx/sites-available/"$sitename"_ssl
|
||||
|
||||
wget -q -t7 "$repo"/raw/branch/"$branch"/CoreModules/nginx/config/nginx/site-unconfigured -O /etc/nginx/sites-available/Backend
|
||||
sed -i -e 's/DOMAINname/'$hostname'/' /etc/nginx/sites-available/Backend
|
||||
@@ -27,6 +36,8 @@ wget -q -t7 "$repo"/raw/branch/"$branch"/Scripts/toggles/toggle-PhpMyAdmin_NGINX
|
||||
|
||||
# custom Welcome page
|
||||
echo "<html><head></head><body>$webserv is functioning normally</body></html>" > /var/www/html/index.html
|
||||
|
||||
|
||||
###############
|
||||
# PHP-FPM #
|
||||
###############
|
||||
|
||||
@@ -28,17 +28,6 @@ http {
|
||||
include /etc/nginx/mime.types;
|
||||
default_type application/octet-stream;
|
||||
|
||||
ssl_protocols TLSv1.3 TLSv1.2;
|
||||
ssl_prefer_server_ciphers on;
|
||||
ssl_ciphers EECDH+AESGCM:EDH+AESGCM;
|
||||
ssl_session_cache shared:SSL:20m;
|
||||
ssl_session_timeout 180m;
|
||||
ssl_ecdh_curve secp384r1;
|
||||
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
|
||||
add_header X-Frame-Options sameorigin;
|
||||
add_header X-Content-Type-Options nosniff;
|
||||
add_header X-Xss-Protection "1; mode=block";
|
||||
|
||||
#access_log /var/log/nginx/access.log;
|
||||
access_log off;
|
||||
error_log /var/log/nginx/error.log;
|
||||
|
||||
24
CoreModules/nginx/config/nginx/site_ssl-unconfigured
Normal file
24
CoreModules/nginx/config/nginx/site_ssl-unconfigured
Normal file
@@ -0,0 +1,24 @@
|
||||
server {
|
||||
listen 80;
|
||||
listen [::]:80;
|
||||
server_name DOMAINname;
|
||||
|
||||
location / {
|
||||
return 301 https://$host$request_uri;
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
server {
|
||||
listen 443 ssl;
|
||||
listen [::]:443 ssl;
|
||||
server_name DOMAINname;
|
||||
ssl_certificate /etc/letsencrypt/live/DOMAINname/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/DOMAINname/privkey.pem;
|
||||
include ../snippets/ngx-ssl.conf;
|
||||
|
||||
|
||||
|
||||
#ConfHere
|
||||
|
||||
}
|
||||
18
CoreModules/nginx/config/nginx/site_ssl-wwwredir
Normal file
18
CoreModules/nginx/config/nginx/site_ssl-wwwredir
Normal file
@@ -0,0 +1,18 @@
|
||||
server {
|
||||
#www.domain > domain redirect
|
||||
listen 80;
|
||||
listen [::]:80;
|
||||
server_name www.DOMAINname;
|
||||
return 301 http://DOMAINname$request_uri;
|
||||
}
|
||||
|
||||
server {
|
||||
#SSL www.domain > domain redirect
|
||||
listen 443 ssl;
|
||||
listen [::]:443 ssl;
|
||||
server_name www.DOMAINname;
|
||||
ssl_certificate /etc/letsencrypt/live/DOMAINname/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/DOMAINname/privkey.pem;
|
||||
include ../snippets/ngx-ssl.conf;
|
||||
return 301 https://DOMAINname$request_uri;
|
||||
}
|
||||
10
CoreModules/nginx/config/nginx/snippets-ssl.conf
Normal file
10
CoreModules/nginx/config/nginx/snippets-ssl.conf
Normal file
@@ -0,0 +1,10 @@
|
||||
ssl_session_cache shared:le_nginx_SSL:1m;
|
||||
ssl_session_timeout 1440m;
|
||||
ssl_prefer_server_ciphers on;
|
||||
ssl_protocols TLSv1.2 TLSv1.3;
|
||||
ssl_ciphers "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384";
|
||||
add_header X-Frame-Options sameorigin;
|
||||
add_header X-Content-Type-Options nosniff;
|
||||
add_header X-Xss-Protection "1; mode=block";
|
||||
add_header Strict-Transport-Security "max-age=31536000" always;
|
||||
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
|
||||
3
CoreModules/nginx/ssl-handler.sh
Normal file
3
CoreModules/nginx/ssl-handler.sh
Normal file
@@ -0,0 +1,3 @@
|
||||
rm /etc/nginx/sites-enabled/"$sitename"
|
||||
ln -s /etc/nginx/sites-available/"$sitename"_ssl /etc/nginx/sites-enabled/"$sitename"
|
||||
systemctl reload nginx
|
||||
@@ -12,8 +12,8 @@ if [ $webservice = apache ]; then
|
||||
fi
|
||||
|
||||
#Backing-up and removing current config
|
||||
sed -n '/#beginConf/,/#endConf/p' /etc/"$webservice"/sites-enabled/"$confname" > /tmp/"$confname"-config
|
||||
sed -n -i '/#beginConf/{:a;N;/#endConf/!ba;N;s/.*\n/#ConfHere\n/};p' /etc/"$webservice"/sites-enabled/"$confname"
|
||||
sed -n '/#beginConf/,/#endConf/p' /etc/"$webservice"/sites-available/"$confname"_nossl > /tmp/"$confname"-config
|
||||
sed -n -i '/#beginConf/{:a;N;/#endConf/!ba;N;s/.*\n/#ConfHere\n/};p' /etc/"$webservice"/sites-available/"$confname"_nossl
|
||||
systemctl reload $webservice
|
||||
|
||||
#Enabling SSL
|
||||
@@ -24,6 +24,7 @@ elif [ $domainwww = 0 ]; then
|
||||
fi
|
||||
|
||||
#Restoring config
|
||||
sed -i -e "0,/^#ConfHere/s/\(^#Conf.*\)/#ConfHere1 /" -e "/#ConfHere1/ r /tmp/"$confname"-config" -e '/#ConfHere/c\' /etc/"$webservice"/sites-enabled/"$confname"
|
||||
|
||||
sed -i -e "0,/^#ConfHere/s/\(^#Conf.*\)/#ConfHere1 /" -e "/#ConfHere1/ r /tmp/"$confname"-config" -e '/#ConfHere/c\' /etc/"$webservice"/sites-available/"$confname"_ssl
|
||||
rm /etc/"$webservice"/sites-enabled/"$confname"
|
||||
ln -s /etc/"$webservice"/sites-available/"$sitename"_ssl /etc/nginx/sites-enabled/"$sitename"
|
||||
systemctl reload $webservice
|
||||
18
installer.sh
18
installer.sh
@@ -535,13 +535,19 @@ done
|
||||
|
||||
|
||||
if [ $sslenable = 1 ]; then
|
||||
msg " Setting up SSL" 8 78
|
||||
if [ $domainwww = 1 ]; then
|
||||
certbot --"$webserv" -n -d "$domain" -d "www.$domain" -m "$email" --hsts --redirect --no-eff-email --agree-tos
|
||||
elif [ $domainwww = 0 ]; then
|
||||
certbot --"$webserv" -n -d "$domain" -m "$email" --hsts --redirect --no-eff-email --agree-tos
|
||||
fi
|
||||
msg " Setting up SSL" 8 78
|
||||
site_ext=ssl
|
||||
if [ $domainwww = 1 ]; then
|
||||
certbot --"$webserv" -n -d "$domain" -d "www.$domain" -m "$email" --hsts --redirect --no-eff-email --agree-tos
|
||||
elif [ $domainwww = 0 ]; then
|
||||
certbot --"$webserv" -n -d "$domain" -m "$email" --hsts --redirect --no-eff-email --agree-tos
|
||||
fi
|
||||
certbot --"$webserv" -n -d "$hostname" -m "$email" --hsts --redirect --no-eff-email --agree-tos
|
||||
if curl --retry 2 --retry-delay 1 --output /dev/null --silent --head --fail "$repo"/raw/branch/"$branch"/CoreModules/"$webserv"/ssl-handler.sh; then
|
||||
source <(curl --retry 7 --retry-delay 5 -s "$repo"/raw/branch/"$branch"/CoreModules/"$webserv"/ssl-handler.sh)
|
||||
fi
|
||||
elif [ $sslenable = 0 ]; then
|
||||
site_ext=nossl
|
||||
fi
|
||||
|
||||
wget -q -t7 "$repo"/raw/branch/"$branch"/Scripts/EnableSSL.sh -O ~/activateSSL-$domain.sh
|
||||
|
||||
Reference in New Issue
Block a user