Webserver Setup

From Sea of Fate
Revision as of 09:33, 14 March 2025 by 192.168.100.9 (talk) (Created page with "==Introduction== Some scripts to help with the deployment of webservers. ====Add site to Nginx==== This will take two parameters the first is the website name and the second is the IP address there is no need to add seaoffate.local or .net. this script will create four configs. * sitename.seaoffate.local as http * sitename.seaoffate.local as https * sitename.seaoffate.net as http * sitename.seaoffate.net as https It should enable both of the http: versions (.local &...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigationJump to search

Introduction

Some scripts to help with the deployment of webservers.


Add site to Nginx

This will take two parameters the first is the website name and the second is the IP address there is no need to add seaoffate.local or .net. this script will create four configs.

  • sitename.seaoffate.local as http
  • sitename.seaoffate.local as https
  • sitename.seaoffate.net as http
  • sitename.seaoffate.net as https

It should enable both of the http: versions (.local & .net) but it will not enable the https: so we have some time to get the certs done before ssl is deployed. note that the .local is sharing the same certificate amongst all of the .local websites that are being deployed here. The script is on Raisin on the root of nigel. if it is lost it can be deployed again from this: 

#!/bin/bash

# Script to configure Nginx as a reverse proxy

# Get website name, IP address from command line
WEBSITE_NAME="$1"
FORWARD_IP="$2"

# Check if parameters are provided
if [ -z "$WEBSITE_NAME" ] || [ -z "$FORWARD_IP" ]; then
  echo "Usage: sudo $0 <website_name> <forward_ip>"
  exit 1
fi

# Define domain names
DOMAIN_LOCAL="$WEBSITE_NAME.seaoffate.local"
DOMAIN_NET="$WEBSITE_NAME.seaoffate.net"

# Create Nginx configuration file for .local
echo "server {" | sudo tee /etc/nginx/sites-available/$DOMAIN_LOCAL
echo "    listen 80;" | sudo tee -a /etc/nginx/sites-available/$DOMAIN_LOCAL
echo "    server_name $DOMAIN_LOCAL;" | sudo tee -a /etc/nginx/sites-available/$DOMAIN_LOCAL
echo "    location / {" | sudo tee -a /etc/nginx/sites-available/$DOMAIN_LOCAL
echo "        proxy_pass http://$FORWARD_IP/;" | sudo tee -a /etc/nginx/sites-available/$DOMAIN_LOCAL
echo "        proxy_set_header Host \$host;" | sudo tee -a /etc/nginx/sites-available/$DOMAIN_LOCAL
echo "        proxy_set_header X-Real-IP \$remote_addr;" | sudo tee -a /etc/nginx/sites-available/$DOMAIN_LOCAL
echo "        proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;" | sudo tee -a /etc/nginx/sites-available/$DOMAIN_LOCAL
echo "        proxy_set_header X-Forwarded-Proto \$scheme;" | sudo tee -a /etc/nginx/sites-available/$DOMAIN_LOCAL
echo "    }" | sudo tee -a /etc/nginx/sites-available/$DOMAIN_LOCAL
echo "}" | sudo tee -a /etc/nginx/sites-available/$DOMAIN_LOCAL

# Create Nginx configuration file for .local (HTTPS, but not enabled)
echo "server {" | sudo tee /etc/nginx/sites-available/$DOMAIN_LOCAL-ssl
echo "    listen 443 ssl;" | sudo tee -a /etc/nginx/sites-available/$DOMAIN_LOCAL-ssl
echo "    server_name $DOMAIN_LOCAL;" | sudo tee -a /etc/nginx/sites-available/$DOMAIN_LOCAL-ssl
echo "    ssl_certificate /etc/ssl/certs/raisin.seaoffate.local.crt;" | sudo tee -a /etc/nginx/sites-available/$DOMAIN_LOCAL-ssl
echo "    ssl_certificate_key /etc/ssl/private/raisin.seaoffate.local.key;" | sudo tee -a /etc/nginx/sites-available/$DOMAIN_LOCAL-ssl
echo "    location / {" | sudo tee -a /etc/nginx/sites-available/$DOMAIN_LOCAL-ssl
echo "        proxy_pass http://$FORWARD_IP/;" | sudo tee -a /etc/nginx/sites-available/$DOMAIN_LOCAL-ssl
echo "        proxy_set_header Host \$host;" | sudo tee -a /etc/nginx/sites-available/$DOMAIN_LOCAL-ssl
echo "        proxy_set_header X-Real-IP \$remote_addr;" | sudo tee -a /etc/nginx/sites-available/$DOMAIN_LOCAL-ssl
echo "        proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;" | sudo tee -a /etc/nginx/sites-available/$DOMAIN_LOCAL-ssl
echo "        proxy_set_header X-Forwarded-Proto \$scheme;" | sudo tee -a /etc/nginx/sites-available/$DOMAIN_LOCAL-ssl
echo "    }" | sudo tee -a /etc/nginx/sites-available/$DOMAIN_LOCAL-ssl
echo "}" | sudo tee -a /etc/nginx/sites-available/$DOMAIN_LOCAL-ssl

# Create Nginx configuration file for .net
echo "server {" | sudo tee /etc/nginx/sites-available/$DOMAIN_NET
echo "    listen 80;" | sudo tee -a /etc/nginx/sites-available/$DOMAIN_NET
echo "    server_name $DOMAIN_NET;" | sudo tee -a /etc/nginx/sites-available/$DOMAIN_NET
echo "    location / {" | sudo tee -a /etc/nginx/sites-available/$DOMAIN_NET
echo "        proxy_pass http://$FORWARD_IP/;" | sudo tee -a /etc/nginx/sites-available/$DOMAIN_NET
echo "        proxy_set_header Host \$host;" | sudo tee -a /etc/nginx/sites-available/$DOMAIN_NET
echo "        proxy_set_header X-Real-IP \$remote_addr;" | sudo tee -a /etc/nginx/sites-available/$DOMAIN_NET
echo "        proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;" | sudo tee -a /etc/nginx/sites-available/$DOMAIN_NET
echo "        proxy_set_header X-Forwarded-Proto \$scheme;" | sudo tee -a /etc/nginx/sites-available/$DOMAIN_NET
echo "    }" | sudo tee -a /etc/nginx/sites-available/$DOMAIN_NET
echo "}" | sudo tee -a /etc/nginx/sites-available/$DOMAIN_NET

# Create Nginx configuration file for .net (HTTPS, but not enabled)
echo "server {" | sudo tee /etc/nginx/sites-available/$DOMAIN_NET-ssl
echo "    listen 443 ssl;" | sudo tee -a /etc/nginx/sites-available/$DOMAIN_NET-ssl
echo "    server_name $DOMAIN_NET;" | sudo tee -a /etc/nginx/sites-available/$DOMAIN_NET-ssl
echo "    ssl_certificate /etc/nginx/ssl/$DOMAIN_NET.crt;" | sudo tee -a /etc/nginx/sites-available/$DOMAIN_NET-ssl
echo "    ssl_certificate_key /etc/nginx/ssl/$DOMAIN_NET.key;" | sudo tee -a /etc/nginx/sites-available/$DOMAIN_NET-ssl
echo "    location / {" | sudo tee -a /etc/nginx/sites-available/$DOMAIN_NET-ssl
echo "        proxy_pass http://$FORWARD_IP/;" | sudo tee -a /etc/nginx/sites-available/$DOMAIN_NET-ssl
echo "        proxy_set_header Host \$host;" | sudo tee -a /etc/nginx/sites-available/$DOMAIN_NET-ssl
echo "        proxy_set_header X-Real-IP \$remote_addr;" | sudo tee -a /etc/nginx/sites-available/$DOMAIN_NET-ssl
echo "        proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;" | sudo tee -a /etc/nginx/sites-available/$DOMAIN_NET-ssl
echo "        proxy_set_header X-Forwarded-Proto \$scheme;" | sudo tee -a /etc/nginx/sites-available/$DOMAIN_NET-ssl
echo "    }" | sudo tee -a /etc/nginx/sites-available/$DOMAIN_NET-ssl
echo "}" | sudo tee -a /etc/nginx/sites-available/$DOMAIN_NET-ssl

# Create SSL directories (only for .net)
sudo mkdir -p /etc/nginx/ssl/
sudo chmod 700 /etc/nginx/ssl/

# Enable HTTP sites
sudo ln -s /etc/nginx/sites-available/$DOMAIN_LOCAL /etc/nginx/sites-enabled/
sudo ln -s /etc/nginx/sites-available/$DOMAIN_NET /etc/nginx/sites-enabled/

# Restart Nginx
sudo systemctl restart nginx

echo "Nginx configuration complete."
echo "HTTP sites enabled. SSL directories created."
echo "Add your Cloudflare SSL certificates to /etc/nginx/ssl/ for .net and enable HTTPS sites."
echo "Using existing certs for .seaoffate.local."
Retrieved from "https://wiki.seaoffate.net/index.php?title=Webserver_Setup&oldid=190"