Webserver Setup
From Sea of Fate
Introduction
Some scripts to help with the deployment of webservers.
Add site to Nginx
This will take two parameters the first is the website name and the second is the IP address there is no need to add seaoffate.local or .net. this script will create four configs.
- sitename.seaoffate.local as http
- sitename.seaoffate.local as https
- sitename.seaoffate.net as http
- sitename.seaoffate.net as https
It should enable both of the http: versions (.local & .net) but it will not enable the https: so we have some time to get the certs done before ssl is deployed. note that the .local is sharing the same certificate amongst all of the .local websites that are being deployed here. The script is on Raisin on the root of nigel. if it is lost it can be deployed again from this:
#!/bin/bash
# Script to configure Nginx as a reverse proxy
# Get website name, IP address from command line WEBSITE_NAME="$1" FORWARD_IP="$2"
# Check if parameters are provided if [ -z "$WEBSITE_NAME" ] || [ -z "$FORWARD_IP" ]; then echo "Usage: sudo $0 <website_name> <forward_ip>" exit 1 fi
# Define domain names
DOMAIN_LOCAL="$WEBSITE_NAME.seaoffate.local"
DOMAIN_NET="$WEBSITE_NAME.seaoffate.net"
# Create Nginx configuration file for .local
echo "server {" | sudo tee /etc/nginx/sites-available/$DOMAIN_LOCAL
echo " listen 80;" | sudo tee -a /etc/nginx/sites-available/$DOMAIN_LOCAL
echo " server_name $DOMAIN_LOCAL;" | sudo tee -a /etc/nginx/sites-available/$DOMAIN_LOCAL
echo " location / {" | sudo tee -a /etc/nginx/sites-available/$DOMAIN_LOCAL
echo " proxy_pass http://$FORWARD_IP/;" | sudo tee -a /etc/nginx/sites-available/$DOMAIN_LOCAL
echo " proxy_set_header Host \$host;" | sudo tee -a /etc/nginx/sites-available/$DOMAIN_LOCAL
echo " proxy_set_header X-Real-IP \$remote_addr;" | sudo tee -a /etc/nginx/sites-available/$DOMAIN_LOCAL
echo " proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;" | sudo tee -a /etc/nginx/sites-available/$DOMAIN_LOCAL
echo " proxy_set_header X-Forwarded-Proto \$scheme;" | sudo tee -a /etc/nginx/sites-available/$DOMAIN_LOCAL
echo " }" | sudo tee -a /etc/nginx/sites-available/$DOMAIN_LOCAL
echo "}" | sudo tee -a /etc/nginx/sites-available/$DOMAIN_LOCAL
# Create Nginx configuration file for .local (HTTPS, but not enabled)
echo "server {" | sudo tee /etc/nginx/sites-available/$DOMAIN_LOCAL-ssl
echo " listen 443 ssl;" | sudo tee -a /etc/nginx/sites-available/$DOMAIN_LOCAL-ssl
echo " server_name $DOMAIN_LOCAL;" | sudo tee -a /etc/nginx/sites-available/$DOMAIN_LOCAL-ssl
echo " ssl_certificate /etc/ssl/certs/raisin.seaoffate.local.crt;" | sudo tee -a /etc/nginx/sites-available/$DOMAIN_LOCAL-ssl
echo " ssl_certificate_key /etc/ssl/private/raisin.seaoffate.local.key;" | sudo tee -a /etc/nginx/sites-available/$DOMAIN_LOCAL-ssl
echo " location / {" | sudo tee -a /etc/nginx/sites-available/$DOMAIN_LOCAL-ssl
echo " proxy_pass http://$FORWARD_IP/;" | sudo tee -a /etc/nginx/sites-available/$DOMAIN_LOCAL-ssl
echo " proxy_set_header Host \$host;" | sudo tee -a /etc/nginx/sites-available/$DOMAIN_LOCAL-ssl
echo " proxy_set_header X-Real-IP \$remote_addr;" | sudo tee -a /etc/nginx/sites-available/$DOMAIN_LOCAL-ssl
echo " proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;" | sudo tee -a /etc/nginx/sites-available/$DOMAIN_LOCAL-ssl
echo " proxy_set_header X-Forwarded-Proto \$scheme;" | sudo tee -a /etc/nginx/sites-available/$DOMAIN_LOCAL-ssl
echo " }" | sudo tee -a /etc/nginx/sites-available/$DOMAIN_LOCAL-ssl
echo "}" | sudo tee -a /etc/nginx/sites-available/$DOMAIN_LOCAL-ssl
# Create Nginx configuration file for .net
echo "server {" | sudo tee /etc/nginx/sites-available/$DOMAIN_NET
echo " listen 80;" | sudo tee -a /etc/nginx/sites-available/$DOMAIN_NET
echo " server_name $DOMAIN_NET;" | sudo tee -a /etc/nginx/sites-available/$DOMAIN_NET
echo " location / {" | sudo tee -a /etc/nginx/sites-available/$DOMAIN_NET
echo " proxy_pass http://$FORWARD_IP/;" | sudo tee -a /etc/nginx/sites-available/$DOMAIN_NET
echo " proxy_set_header Host \$host;" | sudo tee -a /etc/nginx/sites-available/$DOMAIN_NET
echo " proxy_set_header X-Real-IP \$remote_addr;" | sudo tee -a /etc/nginx/sites-available/$DOMAIN_NET
echo " proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;" | sudo tee -a /etc/nginx/sites-available/$DOMAIN_NET
echo " proxy_set_header X-Forwarded-Proto \$scheme;" | sudo tee -a /etc/nginx/sites-available/$DOMAIN_NET
echo " }" | sudo tee -a /etc/nginx/sites-available/$DOMAIN_NET
echo "}" | sudo tee -a /etc/nginx/sites-available/$DOMAIN_NET
# Create Nginx configuration file for .net (HTTPS, but not enabled)
echo "server {" | sudo tee /etc/nginx/sites-available/$DOMAIN_NET-ssl
echo " listen 443 ssl;" | sudo tee -a /etc/nginx/sites-available/$DOMAIN_NET-ssl
echo " server_name $DOMAIN_NET;" | sudo tee -a /etc/nginx/sites-available/$DOMAIN_NET-ssl
echo " ssl_certificate /etc/nginx/ssl/$DOMAIN_NET.crt;" | sudo tee -a /etc/nginx/sites-available/$DOMAIN_NET-ssl
echo " ssl_certificate_key /etc/nginx/ssl/$DOMAIN_NET.key;" | sudo tee -a /etc/nginx/sites-available/$DOMAIN_NET-ssl
echo " location / {" | sudo tee -a /etc/nginx/sites-available/$DOMAIN_NET-ssl
echo " proxy_pass http://$FORWARD_IP/;" | sudo tee -a /etc/nginx/sites-available/$DOMAIN_NET-ssl
echo " proxy_set_header Host \$host;" | sudo tee -a /etc/nginx/sites-available/$DOMAIN_NET-ssl
echo " proxy_set_header X-Real-IP \$remote_addr;" | sudo tee -a /etc/nginx/sites-available/$DOMAIN_NET-ssl
echo " proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;" | sudo tee -a /etc/nginx/sites-available/$DOMAIN_NET-ssl
echo " proxy_set_header X-Forwarded-Proto \$scheme;" | sudo tee -a /etc/nginx/sites-available/$DOMAIN_NET-ssl
echo " }" | sudo tee -a /etc/nginx/sites-available/$DOMAIN_NET-ssl
echo "}" | sudo tee -a /etc/nginx/sites-available/$DOMAIN_NET-ssl
# Create SSL directories (only for .net) sudo mkdir -p /etc/nginx/ssl/ sudo chmod 700 /etc/nginx/ssl/
# Enable HTTP sites sudo ln -s /etc/nginx/sites-available/$DOMAIN_LOCAL /etc/nginx/sites-enabled/ sudo ln -s /etc/nginx/sites-available/$DOMAIN_NET /etc/nginx/sites-enabled/
# Restart Nginx sudo systemctl restart nginx echo "Nginx configuration complete." echo "HTTP sites enabled. SSL directories created." echo "Add your Cloudflare SSL certificates to /etc/nginx/ssl/ for .net and enable HTTPS sites." echo "Using existing certs for .seaoffate.local."
Revove Website from Proxy (Raisin)
We all make mistakes and we have to recover. This script will remove mistakes created by the website_fwd_config.sh above call it with
./remove_nginx_website.sh sitename
sitename is the site that needs to be removed, only the host potion needs to be supplied do not put in the .seaoffate.let or .seaoffate.local because it will remove all four configs(.local & .net and http ang https). All four website configs created above will be removed from /etc/nginx/sites-available & sites.enabled.
#!/bin/bash
# Script to remove an Nginx reverse proxy website configuration
# Get website name from command line WEBSITE_NAME="$1"
# Check if website name is provided if [ -z "$WEBSITE_NAME" ]; then echo "Usage: sudo $0 <website_name>" exit 1 fi
# Define domain names DOMAIN_LOCAL="$WEBSITE_NAME.seaoffate.local" DOMAIN_NET="$WEBSITE_NAME.seaoffate.net"
# Define configuration file paths CONFIG_LOCAL="/etc/nginx/sites-available/$DOMAIN_LOCAL" CONFIG_LOCAL_SSL="/etc/nginx/sites-available/$DOMAIN_LOCAL-ssl" CONFIG_NET="/etc/nginx/sites-available/$DOMAIN_NET" CONFIG_NET_SSL="/etc/nginx/sites-available/$DOMAIN_NET-ssl" SYMLINK_LOCAL="/etc/nginx/sites-enabled/$DOMAIN_LOCAL" SYMLINK_NET="/etc/nginx/sites-enabled/$DOMAIN_NET"
# Remove configuration files sudo rm -f "$CONFIG_LOCAL" "$CONFIG_LOCAL_SSL" "$CONFIG_NET" "$CONFIG_NET_SSL"
# Remove symbolic links (disable sites) sudo rm -f "$SYMLINK_LOCAL" "$SYMLINK_NET"
# Restart Nginx sudo systemctl restart nginx
echo "Nginx website configuration removed." echo "Website: $WEBSITE_NAME" echo "Domains: $DOMAIN_LOCAL and $DOMAIN_NET"
# List sites-available directory echo "\nContents of /etc/nginx/sites-available/: " ls -l /etc/nginx/sites-available/
