Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/bin/bash
- set -euo pipefail
- error_handler() {
- echo "Error on line ${BASH_LINENO[0]}: ${BASH_COMMAND}"
- }
- trap 'error_handler' ERR
- # Get the domain name
- if [[ -n "$1" ]]; then
- FULL_DOMAIN_NAME="$1"
- else
- read -p "Enter the full domain name (e.g., api.example.com): " FULL_DOMAIN_NAME
- fi
- DOMAIN_NAME="${FULL_DOMAIN_NAME#*.}"
- # Install https certificates
- sudo apt-get update
- sudo apt-get install -y nginx certbot python3-certbot-nginx
- sudo certbot --nginx -d $FULL_DOMAIN_NAME --non-interactive --agree-tos -m admin@$DOMAIN_NAME
- # Setup nginx.conf
- IP_ADDRESS=localhost
- sudo tee /etc/nginx/nginx.conf >/dev/null <<EOF
- user www-data;
- worker_processes auto;
- pid /run/nginx.pid;
- error_log /var/log/nginx/error.log;
- include /etc/nginx/modules-enabled/*.conf;
- events {
- worker_connections 1000;
- }
- http {
- client_max_body_size 100M;
- upstream backend {
- server $IP_ADDRESS:8000;
- }
- # Server block
- server {
- server_name $FULL_DOMAIN_NAME;
- location / {
- proxy_pass http://backend;
- proxy_set_header Host \$host;
- proxy_set_header X-Real-IP \$remote_addr;
- proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
- proxy_set_header X-Forwarded-Proto https;
- }
- # SSL settings (Certbot)
- listen [::]:443 ssl ipv6only=on default_server; # managed by Certbot
- listen 443 ssl default_server; # managed by Certbot
- ssl_certificate /etc/letsencrypt/live/$FULL_DOMAIN_NAME/fullchain.pem; # managed by Certbot
- ssl_certificate_key /etc/letsencrypt/live/$FULL_DOMAIN_NAME/privkey.pem; # managed by Certbot
- include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
- ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
- }
- # HTTP -> HTTPS redirect
- server {
- if (\$host = $FULL_DOMAIN_NAME) {
- return 301 https://\$host\$request_uri;
- }
- listen 80 default_server;
- listen [::]:80 default_server;
- server_name $FULL_DOMAIN_NAME;
- return 404;
- }
- }
- EOF
- # Reload nginx
- sudo nginx -t
- sudo nginx -s reload
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement