Browse Source

initial commit

master
mort 6 years ago
commit
2084030fba
9 changed files with 294 additions and 0 deletions
  1. 2
    0
      .gitignore
  2. 80
    0
      conf.example/nginx/basic.m4
  3. 5
    0
      conf.example/nginx/main.m4
  4. 4
    0
      conf.example/nginx/shared.m4
  5. 20
    0
      conf.example/ssl.conf
  6. 33
    0
      core/nginx.m4
  7. 27
    0
      core/nginx.sh
  8. 110
    0
      core/ssl.sh
  9. 13
    0
      ctl.sh

+ 2
- 0
.gitignore View File

@@ -0,0 +1,2 @@
conf
core/certbot

+ 80
- 0
conf.example/nginx/basic.m4 View File

@@ -0,0 +1,80 @@
## mort.coffee
server {
listen_ssl(mort.coffee, mort.coffee)
serve(mort.coffee, www)
}
server { https_redirect(mort.coffee) }
server { listen(www.mort.coffee) redirect(https://mort.coffee) }
server { listen_ssl(mort.coffee, www.mort.coffee) redirect(https://mort.coffee) }

## s.mort.coffee
server {
listen_ssl(mort.coffee, s.mort.coffee)
serve(mort.coffee, s)
}
server { https_redirect(s.mort.coffee) }

## bendik.mort.coffee
server {
listen_ssl(mort.coffee, bendik.mort.coffee)
autoindex on;
root /home/bendik/www;
}
server { https_redirect(bendik.mort.coffee) }

## pass.mort.coffee
server {
listen_ssl(mort.coffee, pass.mort.coffee)
proxy(http://localhost:8080)
}
server { https_redirect(pass.mort.coffee) }

## git.mort.coffee
server {
listen_ssl(mort.coffee, git.mort.coffee)
proxy(http://localhost:8082)
}
server { https_redirect(git.mort.coffee) }

## irc.mort.coffee
server {
listen_ssl(mort.coffee, irc.mort.coffee)
proxy(http://localhost:8087)
wsproxy(http://localhost:8087, socket.io/)
}
server { https_redirect(irc.mort.coffee) }

## tpb.mort.coffee
server {
listen_ssl(mort.coffee, tpb.mort.coffee)
proxy(http://localhost:8086)
}
server { https_redirect(tpb.mort.coffee) }

## shoplist.mort.coffee
server {
listen_ssl(mort.coffee, shoplist.mort.coffee)
proxy(http://localhost:8090)
}
server { https_redirect(shoplist.mort.coffee) }

## sonen.mort.coffee
server {
listen_ssl(mort.coffee, sonen.mort.coffee)
proxy(http://localhost:8089)
}
server { https_redirect(sonen.mort.coffee) }

## beer.mort.coffee
server {
listen_ssl(mort.coffee, beer.mort.coffee)
proxy(http://localhost:8091)
}
server { https_redirect(beer.mort.coffee) }

## colors.mort.coffee
server {
listen_ssl(mort.coffee, colors.mort.coffee)
proxy(http://localhost:8092)
}
server { https_redirect(colors.mort.coffee) }

+ 5
- 0
conf.example/nginx/main.m4 View File

@@ -0,0 +1,5 @@
# shared
m4_include(`shared.m4')

# basic
m4_include(`basic.m4')

+ 4
- 0
conf.example/nginx/shared.m4 View File

@@ -0,0 +1,4 @@
upstream php-handler {
server unix:/run/php/php7.0-fpm.sock;
}


+ 20
- 0
conf.example/ssl.conf View File

@@ -0,0 +1,20 @@

# A list of certificates, separated by semicolons.
# The domains in the certificate is separated by commas.
domains="
example.com:
example.com,
foo.example.com,
bar.example.com,
baz.example.com;
example.net:
example.net,
foo.example.net,
bar.example.com;"

email="example@example.com"
dryrun=0
testcert=0

precmd="systemctl stop nginx"
postcmd="systemctl start nginx"

+ 33
- 0
core/nginx.m4 View File

@@ -0,0 +1,33 @@
m4_define(`listen', ``
listen 80;
server_name $1;'')
m4_define(`listen_ssl', ``
listen 443 ssl;
server_name $2;
ssl_certificate /etc/letsencrypt/live/$1/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/$1/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/$1/fullchain.pem;'')
m4_define(`redirect', ``
return 302 $1;'')
m4_define(`redirect_perm', ``
return 301 $1;'')
m4_define(`https_redirect', `
listen($1)
redirect(https://$1$request_uri)')
m4_define(`wsproxy', ``
location /$2 {
proxy_pass $1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header X-Real-IP $remote_addr;
}'')
m4_define(`proxy', ``
location /$2 {
proxy_pass $1;
proxy_set_header X-Real-IP $remote_addr;
}'')
m4_define(`serve', ``
autoindex on;
root /var/www/$1/$2/public;'')

m4_include(`main.m4')

+ 27
- 0
core/nginx.sh View File

@@ -0,0 +1,27 @@
#!/bin/sh

set -e

out="/etc/nginx/sites-available/autogen"

if ! [ -w "$out" ]; then
echo "Must have write access to $out."
exit 1
fi

cp "$out" "$out.bak"
output="$(m4 -P -I ../conf/nginx nginx.m4)"
echo "$output" \
| sed '/^\s*$/d' \
| tee "$out" >/dev/null

if ! sudo nginx -t; then
echo "Reverting to backup file."
mv "$out.bak" "$out"
else
echo "Press enter to restart nginx."
read _

echo "Restarting..."
systemctl restart nginx
fi

+ 110
- 0
core/ssl.sh View File

@@ -0,0 +1,110 @@
#!/bin/bash

set -e

. ../conf/ssl.conf

user="$(stat -c %U "$0")"

asuser() {
echo "Running as $user: " "$@"
sudo -u "$user" "$@"
}

printcol() {
str="$1"
shift
for x in "$@"; do
tput $x
done
printf "%s%s\n" "$str" $(tput sgr0)
}

printed=0
printstatus() {
if [ "$printed" = 1 ]; then
echo
fi
printed=1
printcol "$1" bold
}

certbot="https://github.com/certbot/certbot.git"

validate() {
if [ -z "$email" ]; then
echo "Missing config 'email'."
elif [ -z "$domains" ]; then
echo "Missing config 'domains'."
elif [ -z "$testcert" ]; then
echo "Missing config 'testcert'."
elif [ -z "$dryrun" ]; then
echo "Missing config 'dryrun'."
elif [ -z "$precmd" ]; then
echo "Missing config 'precmd'."
elif [ -z "$postcmd" ]; then
echo "Missing config 'postcmd'."
else
return 0
fi
exit 1
}
validate

if ! [ -d certbot ]; then
asuser git clone "$certbot" certbot
fi

if [ "$dryrun" = 1 ]; then
printstatus "Running a dry run."
fi

cd certbot
printstatus "Updating certbot..."
# necessary because certbot sometime schanges itself
asuser git reset --hard
asuser git pull

printstatus "Running pre command..."
echo "$precmd"
sh -c "$precmd"

printstatus "Obtaining certificates..."
domains="$(echo "$domains" \
| tr '\n' ' ' \
| sed 's/\s*//g; s/\;/\n/g')"
while read line; do
if [ -z "$line" ]; then
continue
fi

cname=$(echo "$line" | sed 's/:.*//')
dom=$(echo "$line" | sed 's/.*://')

printstatus "Certificate $cname"
if ./certbot-auto certonly \
-n --standalone --agree-tos \
-m "$email" \
--cert-name "$cname" \
$([ "$testcert" = 1 ] && echo --test-cert) \
$([ "$dryrun" = 1 ] && echo "--dry-run") \
-d "$dom"
then
echo
printcol "Certbot succeeded." "setaf 2" "bold"
else
fail=1
echo
printcol "Certbot failed." "setaf 1" "bold"
fi
done <<< "$domains"

printstatus "Running post command..."
echo "$postcmd"
sh -c "$postcmd"

if [ "$fail" = 1 ]; then
exit 1
else
exit 0
fi

+ 13
- 0
ctl.sh View File

@@ -0,0 +1,13 @@
#!/bin/sh

cd "$(dirname "$0")"
cd core

if [ "$1" = ssl ]; then
./ssl.sh
elif [ "$1" = nginx ]; then
./nginx.sh
else
echo "Usage: $0 <ssl | nginx>"
exit 1
fi

Loading…
Cancel
Save