diff --git a/cert.renew b/cert.renew index e5907d4..9e04058 100755 --- a/cert.renew +++ b/cert.renew @@ -1,3 +1,3 @@ -#!/bin/bash +#!/bin/bash -e # https://habr.com/ru/articles/735712/ certbot certonly --manual --preferred-challenges http -d "kornerr.ru" diff --git a/cert.setup b/cert.setup index a2323f6..eecff6e 100755 --- a/cert.setup +++ b/cert.setup @@ -1,3 +1,3 @@ -#!/bin/bash +#!/bin/bash -e # https://habr.com/ru/articles/735712/ brew install certbot diff --git a/cert/vpsRenew b/cert/vpsRenew new file mode 100644 index 0000000..30139eb --- /dev/null +++ b/cert/vpsRenew @@ -0,0 +1,11 @@ +#!/bin/bash -e +SDIR=$(cd "$(dirname "$0")" ; pwd -P) +T=$SDIR/../step + +STEP=0 +source $T/ensureRootUser +source $T/copyNginxACMEConfig +source $T/restartNginx + +source $T/copyNginxProdConfig +source $T/restartNginx diff --git a/nginx.setup b/nginx.setup index 4fc31be..e69de29 100755 --- a/nginx.setup +++ b/nginx.setup @@ -1,5 +0,0 @@ -#!/bin/bash - -apt install nginx -cp nginx/cfg /etc/nginx/sites-enabled/default -systemctl restart nginx diff --git a/nginx/acme.cfg b/nginx/acme.cfg new file mode 100644 index 0000000..043ea19 --- /dev/null +++ b/nginx/acme.cfg @@ -0,0 +1,10 @@ +# Serve only through HTTP while updating the certificate +server { + listen 80; + server_name kornerr.ru; + root /var/www/html; + + location / { + try_files $uri $uri/ =404; + } +} diff --git a/nginx/cfg b/nginx/cfg index c065037..c2e7549 100644 --- a/nginx/cfg +++ b/nginx/cfg @@ -5,6 +5,7 @@ server { return 301 https://$server_name$request_uri; } +# Serve through HTTPS only server { listen 443 ssl; server_name kornerr.ru; diff --git a/nginx/setup b/nginx/setup new file mode 100644 index 0000000..b2d36bb --- /dev/null +++ b/nginx/setup @@ -0,0 +1,9 @@ +#!/bin/bash -e +SDIR=$(cd "$(dirname "$0")" ; pwd -P) +T=$SDIR/../step + +STEP=0 +source $T/ensureRootUser +source $T/installNginx +source $T/copyNginxProdConfig +source $T/restartNginx diff --git a/step/copyNginxACMEConfig b/step/copyNginxACMEConfig new file mode 100644 index 0000000..124a7d1 --- /dev/null +++ b/step/copyNginxACMEConfig @@ -0,0 +1,5 @@ +#!/bin/bash + +STEP=$((STEP+1)) +echo -e "\n> > > > Шаг №$STEP. Копируем настройки Nginx для ACME" +cp $SDIR/../nginx/acme.cfg /etc/nginx/sites-enabled/default diff --git a/step/copyNginxProdConfig b/step/copyNginxProdConfig new file mode 100644 index 0000000..01ef89f --- /dev/null +++ b/step/copyNginxProdConfig @@ -0,0 +1,5 @@ +#!/bin/bash + +STEP=$((STEP+1)) +echo -e "\n> > > > Шаг №$STEP. Копируем боевые настройки Nginx" +cp $SDIR/../nginx/prod.cfg /etc/nginx/sites-enabled/default diff --git a/step/ensureRootUser b/step/ensureRootUser new file mode 100644 index 0000000..c63ca65 --- /dev/null +++ b/step/ensureRootUser @@ -0,0 +1,9 @@ +#!/bin/bash +# https://askubuntu.com/a/15856 + +STEP=$((STEP+1)) +echo -e "\n> > > > Шаг №$STEP. Проверяем запуск из-под root" +if [[ $EUID -ne 0 ]]; then + echo "ОШИБКА: Перезапустите как root" + exit 1 +fi diff --git a/step/installNginx b/step/installNginx new file mode 100644 index 0000000..5b39d75 --- /dev/null +++ b/step/installNginx @@ -0,0 +1,5 @@ +#!/bin/bash + +STEP=$((STEP+1)) +echo -e "\n> > > > Шаг №$STEP. Устанавливаем Nginx" +apt install nginx diff --git a/step/restartNginx b/step/restartNginx new file mode 100644 index 0000000..328fa9a --- /dev/null +++ b/step/restartNginx @@ -0,0 +1,5 @@ +#!/bin/bash + +STEP=$((STEP+1)) +echo -e "\n> > > > Шаг №$STEP. Перезапускаем Nginx" +systemctl restart nginx