webserver - split into seqs nginx and php and enhanced functionality
This commit is contained in:
160
seqs/nginx.sh
Executable file
160
seqs/nginx.sh
Executable file
@@ -0,0 +1,160 @@
|
||||
#!/bin/bash
|
||||
|
||||
toolName="nginx"
|
||||
sq_toolDeps="nginx"
|
||||
sq_repoUrl="https://nginx.org/packages/debian"
|
||||
sq_keyUrl="https://nginx.org/keys"
|
||||
sq_toolConfig="/etc/nginx/nginx.conf"
|
||||
|
||||
sq_aptOpt=
|
||||
|
||||
seq_config() {
|
||||
## Apt cmdline option to suppress user interaction
|
||||
interactive || sq_aptOpt="-y"
|
||||
|
||||
## Return of non zero value will abort the sequence
|
||||
return 0
|
||||
}
|
||||
|
||||
step_1_info() { echo "${toolName} status"; }
|
||||
step_1_alias() { echo "status"; }
|
||||
step_1() {
|
||||
if ! command -v nginx >/dev/null ; then
|
||||
exe apt-cache policy nginx
|
||||
return 1
|
||||
fi
|
||||
exe nginx --version
|
||||
exe systemctl status nginx
|
||||
}
|
||||
|
||||
step_10_info() {
|
||||
echo "Setup latest apt source list for ${toolName}:"
|
||||
echoinfo "$sq_repoUrl"
|
||||
}
|
||||
step_10_alias() { echo "setup"; }
|
||||
step_10() {
|
||||
local lArch=
|
||||
case $(uname -m) in
|
||||
aarch64)
|
||||
lArch=arm64;;
|
||||
esac
|
||||
if [[ -n ${lArch:-} ]] ; then
|
||||
info "Detected processor architecture: ${lArch}"
|
||||
lArch="[arch=${lArch}]"
|
||||
fi
|
||||
|
||||
info "Installing custom repository prerequisites:"
|
||||
exe apt update
|
||||
exe apt install apt-transport-https lsb-release ca-certificates curl ${sq_aptOpt}
|
||||
info "Setup php repository including gpg key"
|
||||
exep curl -fsSL ${sq_keyUrl:?}/nginx_signing.key "|" gpg --dearmor -o "/etc/apt/trusted.gpg.d/nginx-keyring.gpg"
|
||||
addConf -c "deb ${lArch:-} ${sq_repoUrl:?} $(lsb_release -sc) nginx" "/etc/apt/sources.list.d/nginx.list"
|
||||
addConf -s "Package: *\nPin: origin nginx.org\nPin: release o=nginx\nPin-Priority: 900\n" \
|
||||
/etc/apt/preferences.d/99nginx
|
||||
exe apt update
|
||||
}
|
||||
|
||||
step_11_info() {
|
||||
echo "Installation of ${toolName} packages:"
|
||||
echoinfo "${sq_toolDeps}"
|
||||
}
|
||||
step_11_alias() { echo "install"; }
|
||||
step_11() {
|
||||
exe apt update
|
||||
exe apt install ${sq_toolDeps} ${sq_aptOpt:-}
|
||||
endReturn -o $? "Failed to install ${toolName}"
|
||||
}
|
||||
|
||||
step_12_info() {
|
||||
echo "Adapt default ${toolName} configuration"
|
||||
echoinfo "Use Debian default web user \"www-data\" instead of \"nginx\"."
|
||||
}
|
||||
step_12() {
|
||||
if ! grep -E "user\s*nginx;" "${sq_toolConfig}" >>/dev/null ; then
|
||||
info "Nothing to do."
|
||||
return 0
|
||||
fi
|
||||
|
||||
exe systemctl stop nginx
|
||||
|
||||
info "Installation from nginx.org repository detected."
|
||||
info -a "Fixing nginx user..."
|
||||
exe sed -i "s|user\(\s*\)nginx;|user\1www-data;|g" "${sq_toolConfig}"
|
||||
|
||||
local lQuiet=
|
||||
interactive || lQuiet="-q"
|
||||
info "Removing user nginx"
|
||||
exe deluser ${lQuiet} nginx || true # allowed to fail if non existent
|
||||
|
||||
if [[ ! -e "/var/www" ]] ; then
|
||||
info "Create default web server directory."
|
||||
exe mkdir "/var/www"
|
||||
exe chown www-data: "/var/www"
|
||||
fi
|
||||
}
|
||||
|
||||
step_13_info() { echo "Basic nginx configuration for initial letsencrypt certificate creation"; }
|
||||
step_13_alias() { echo "initconf"; }
|
||||
step_13() {
|
||||
exe mkdir -p "$(dirname -- "$snippetLetsencryptLoc")"
|
||||
|
||||
# Writing acme-challenge code snipped for certbot web root authentication
|
||||
addConf -c "$snippetLetsencrypt" "$snippetLetsencryptLoc"
|
||||
|
||||
# Writing minimal default (see below)
|
||||
addConf -c "$siteDefaultIp4" "$siteDefaultLoc"
|
||||
|
||||
# try fix errors on first install attempt
|
||||
# (possible missing ipv6 support on system)
|
||||
if [ $ERNO -ne 0 ] ; then
|
||||
exe apt install ${sq_toolDeps} ${sq_aptOpt:-}
|
||||
fi
|
||||
|
||||
# create webroot
|
||||
exe mkdir -p "$siteLetsencryptWww"
|
||||
|
||||
info -n "Restarting Nginx..."
|
||||
if exe service nginx restart ; then
|
||||
info "ok"
|
||||
else
|
||||
info "failed"
|
||||
endReturn -o 1 "Failed to install ${toolName}"
|
||||
fi
|
||||
}
|
||||
snippetLetsencryptLoc="/etc/nginx/snippets/letsencrypt.conf"
|
||||
siteLetsencryptWww="/var/www/letsencrypt"
|
||||
snippetLetsencrypt="\
|
||||
location ^~ /.well-known/acme-challenge/ {
|
||||
default_type \"text/plain\";
|
||||
root ${siteLetsencryptWww};
|
||||
}"
|
||||
siteDefaultLoc="/etc/nginx/conf.d/default"
|
||||
siteDefaultIp4="server {
|
||||
listen 80 default_server;
|
||||
|
||||
include ${snippetLetsencryptLoc};
|
||||
}"
|
||||
|
||||
step_20_info() { echo "Installation notes"; }
|
||||
step_20_alias() { echo "notes"; }
|
||||
step_20() {
|
||||
color green
|
||||
cat <<NOTES_EOF
|
||||
# Set user to www-data on debian and tune performance a bit
|
||||
|
||||
[/etc/nginx/nginx.conf]
|
||||
user www-data;
|
||||
worker_processes 1;
|
||||
|
||||
events {
|
||||
worker_connections 1024;
|
||||
multi_accept on;
|
||||
use epoll;
|
||||
}
|
||||
NOTES_EOF
|
||||
}
|
||||
|
||||
# shellcheck disable=SC2034 # Appears unused
|
||||
readonly sqr_minVersion=16
|
||||
# shellcheck disable=SC1091 # Don't follow this source
|
||||
. /usr/local/bin/sequencer.sh
|
||||
Reference in New Issue
Block a user