tools

- collection of tools for supernets sysadmins
git clone git://git.acid.vegas/tools.git
Log | Files | Refs | Archive

httpd (2781B)

      1 #!/bin/sh
      2 # SuperNETs tool for nginx deployment - Developed by acidvegas (https://git.acid.vegas/supertools)
      3 HUB="changeme"
      4 USERNAME=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1)
      5 PASSWORD=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1)
      6 PORT="changeme"
      7 
      8 setup_home() {
      9 	mkdir $HOME/www
     10 	wget -O $HOME/www/badwords.conf   https://raw.githubusercontent.com/supernets/unrealircd/master/doc/conf/badwords.conf
     11 	wget -O $HOME/www/except.conf     https://raw.githubusercontent.com/supernets/unrealircd/master/doc/conf/except.conf
     12 	wget -O $HOME/www/ircd.conf       https://raw.githubusercontent.com/supernets/unrealircd/master/doc/conf/unrealircd.remote.conf # edit this
     13 	wget -O $HOME/www/modules.conf    https://raw.githubusercontent.com/supernets/unrealircd/master/doc/conf/modules.conf
     14 	wget -O $HOME/www/opers.conf      https://raw.githubusercontent.com/supernets/unrealircd/master/doc/conf/opers.conf             # edit this
     15 	wget -O $HOME/www/spamfilter.conf https://raw.githubusercontent.com/supernets/unrealircd/master/doc/conf/spamfilter.conf
     16 	chown -R acidvegas:acidvegas $HOME/www && chmod -R 755 $HOME/www
     17 }
     18 
     19 setup_nginx() {
     20 	}
     21 		echo "http {"
     22 		echo "\taccess_log off;"
     23 		echo "\tsendfile on;"
     24 		echo "\tsendfile_max_chunk 1m;"
     25 		echo "\tserver_tokens off;"
     26 		echo "\tserver {"
     27 		echo "\t\tlisten [::]:$PORT ssl http2;"
     28 		echo "\t\tlisten $PORT ssl http2;"
     29 		echo "\t\troot /home/acidvegas/www;"
     30 		echo "\t\tserver_name $HUB;"
     31 		echo "\t\tcharset UTF-8;"
     32 		echo "\t\tsatisfy all;"
     33 		echo "\t\tallow 1.1.1.1; # link 1"
     34 		echo "\t\tallow 1.1.1.2; # link 2"
     35 		echo "\t\tallow 1.1.1.3; # link 3"
     36 		echo "\t\tdeny all;"
     37 		echo "\t\tauth_basic \"Restricted\";"
     38 		echo "\t\tauth_basic_user_file /etc/nginx/.htpasswd;"
     39 		echo "\t\tssl_certificate /etc/letsencrypt/live/$HUB/fullchain.pem;"
     40 		echo "\t\tssl_certificate_key /etc/letsencrypt/live/$HUB/privkey.pem;"
     41 		echo "\t\tssl_session_tickets off;"
     42 		echo "\t}"
     43 		echo "}"
     44 	} > /etc/nginx/nginx.conf
     45 	echo "$USERNAME:$(openssl passwd -apr1 $PASSWORD)\n" > /etc/nginx/.htpasswd
     46 	systemctl enable nginx && systemctl start nginx
     47 }
     48 
     49 setup_certbot() {
     50 	certbot certonly --standalone -d $HUB -m admin@supernets.org # fix this
     51 	echo -e "[Unit]\nDescription=cerbot renewal\n\n[Service]\nType=oneshot\nExecStart=/usr/bin/certbot renew -n --quiet --agree-tos --deploy-hook systemctl restart nginx" > /etc/systemd/system/certbot.service
     52 	echo -e "[Unit]\nDescription=cerbot renewal timer\n\n[Timer]\nOnCalendar=0/12:00:00\nRandomizedDelaySec=1h\nPersistent=true\n\n[Install]\nWantedBy=timers.target" > /etc/systemd/system/certbot.timer
     53 	systemctl enable certbot.timer && systemctl start certbot.timer
     54 }
     55 
     56 setup_home
     57 setup_nginx
     58 setup_certbot
     59 echo "Remote include: https://$USERNAME:$PASSWORD@$HUB:$PORT/"