Home Explore Help
Sign In
master
/
autocertbot
Watch 1
Star 0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

create 4 nginx 30.11.21:16.09

root 2 years ago
parent
43b3af8138
commit
6b54837aa2
15 changed files with 267 additions and 2 deletions
Split View Show Diff Stats
  1. 0 0
      certbot4haproxy/autocertbot.sh
  2. 0 0
      certbot4haproxy/certbot.conf
  3. 1 1
      certbot4mail/examples/nginx/sites-avalable/http_mail-mydomen
  4. 1 1
      certbot4mail/examples/nginx/templates/letsencrypt.conf
  5. 5 0
      certbot4nginx/auto4certbot.conf
  6. 77 0
      certbot4nginx/auto4certbot.sh
  7. 74 0
      certbot4nginx/examples/nginx.conf
  8. 16 0
      certbot4nginx/examples/nginx/sites-avalable/http_mail-mydomen
  9. 27 0
      certbot4nginx/examples/nginx/sites-avalable/https_mail-mydomen
  10. 5 0
      certbot4nginx/examples/nginx/ssl/ssl_mydomen-ru.conf
  11. 11 0
      certbot4nginx/examples/nginx/templates/content.conf
  12. 9 0
      certbot4nginx/examples/nginx/templates/index_php.conf
  13. 9 0
      certbot4nginx/examples/nginx/templates/letsencrypt.conf
  14. 19 0
      certbot4nginx/examples/nginx/templates/php7.x-fpm.conf
  15. 13 0
      certbot4nginx/examples/nginx/templates/proxy.conf

autocertbot.sh → certbot4haproxy/autocertbot.sh
View File


certbot.conf → certbot4haproxy/certbot.conf
View File


+ 1 - 1
certbot4mail/examples/nginx/sites-avalable/http_mail-mydomen
View File 

@@ -5,7 +5,7 @@ server {
5 5 
     if ($http_host !~ "^mail.mydomen.ru$"){
6 6 
         rewrite ^(.*)$ http://mail.mydomen.ru$1 redirect;
7 7 
     }
8 
-    root /home/wwwmails/mail-mydomen;
8 
+    root /home/www/letsencrypt;
9 9
10 10 
     error_log /var/log/nginx/err-mail_mydomen_ru.log;
11 11 
     access_log /var/log/nginx/access-mail_mydomen_ru.log;

+ 1 - 1
certbot4mail/examples/nginx/templates/letsencrypt.conf
View File 

@@ -1,7 +1,7 @@
1 1 
 location /.well-known {
2 2 
    allow all;
3 3 
    default_type "text/plain";
4 
-   alias /home/wwwmails/letsencrypt/.well-known;
4 
+   alias /home/www/letsencrypt/.well-known;
5 5 
  }
6 6
7 7 
  location = /.well-known {

+ 5 - 0
certbot4nginx/auto4certbot.conf
View File 

@@ -0,0 +1,5 @@
1 
+webcrt="/home/www/letsencrypt";
2 
+## domains & email
3 
+domains=(
4 
+ '"mydomen.ru" "admin@mydomen.ru"'
5 
+ );

+ 77 - 0
certbot4nginx/auto4certbot.sh
View File 

@@ -0,0 +1,77 @@
1 
+#!/bin/bash
2 
+#
3 
+# необходимы для работы: nginx,certbot
4 
+# create new cert
5 
+path_ssl="/etc/ssl";
6 
+path_cert="/etc/letsencrypt/live";
7 
+source "/etc/scripts/auto4certbot/auto4certbot.conf";
8 
+log="/var/log/syslog";
9 
+#
10 
+cmd=$1;
11 
+#
12 
+
13 
+function createCert() {
14 
+for ((dmn=0; dmn != ${#domains[@]}; dmn++))
15 
+    do
16 
+eval local dreg="(" $(echo -e ${domains[$dmn]}) ")";
17 
+certbot certonly --webroot -w $webcrt -d ${dreg[0]}
18 
+done
19 
+}
20 
+
21 
+function renew() {
22 
+certbot renew;
23 
+valtrue=0;
24 
+rdate=$(date +%Y-%m-%d);
25 
+rtime=$(date +%H:%M);
26 
+for ((dmn=0; dmn != ${#domains[@]}; dmn++))
27 
+    do
28 
+    eval local dreg="(" $(echo -e ${domains[$dmn]}) ")";
29 
+     keydate=$(ls -l --time-style=long-iso $path_cert/${dreg[0]}/cert.pem |awk {'print$6'});
30 
+     keytime=$(ls -l --time-style=long-iso $path_cert/${dreg[0]}/cert.pem |awk {'print$7'});
31 
+     if [ "$keydate" = "$rdate" ] && [ "$keytime" = "$rtime" ];
32 
+        then
33 
+         ((valtrue++));
34 
+        cat $path_cert/${dreg[0]}/cert.pem > $path_ssl/private/${dreg[0]}.pem;
35 
+        cat $path_cert/${dreg[0]}/chain.pem >> $path_ssl/private/${dreg[0]}.pem;
36 
+        cat $path_cert/${dreg[0]}/fullchain.pem >> $path_ssl/private/${dreg[0]}.pem;
37 
+        cat $path_cert/${dreg[0]}/privkey.pem >> $path_ssl/private/${dreg[0]}.pem;
38 
+#
39 
+	cp -f $path_ssl/private/${dreg[0]}.pem $path_ssl/certs/${dreg[0]}.pem
40 
+    	cd $path_ssl/certs
41 
+    	chmod 600 ${dreg[0]}.pem
42 
+	ln -sf ${dreg[0]}.pem `openssl x509 -noout -hash < ${dreg[0]}.pem`.0
43 
+        cd $path_ssl
44 
+        echo "$(date) - auto4certbot.sh: update cert for  ${domains[$dmn]}">> $log;
45 
+      fi
46 
+done
47 
+if [ $valtrue != 0 ];
48 
+   then
49 
+     :>/etc/ssl/crt-list.txt
50 
+        for ((icrt=0; icrt != ${#domains[@]}; icrt++))
51 
+         do
52 
+          echo "$path_ssl/${domains[$icrt]}.pem">>/etc/ssl/crt-list.txt
53 
+        done
54 
+fi
55 
+}
56 
+
57 
+
58 
+case "$cmd" in
59 
+
60 
+## create cert
61 
+"--create" | "--create" )
62 
+createCert;
63 
+;;
64 
+
65 
+## update cert
66 
+"--update" | "--update" )
67 
+renew;
68 
+;;
69 
+
70 
+## start defaults
71 
+
72 
+* )
73 
+echo "please input pameters: auto4certbot.sh --create | --update";
74 
+echo "auto4certbot.sh --create; create new certificate"
75 
+echo "auto4certbot.sh --update; update certificates;"
76 
+;;
77 
+esac

+ 74 - 0
certbot4nginx/examples/nginx.conf
View File 

@@ -0,0 +1,74 @@
1 
+user  www-data;
2 
+worker_processes  1;
3 
+
4 
+error_log  /var/log/nginx/error.log warn;
5 
+pid        /var/run/nginx.pid;
6 
+
7 
+
8 
+events {
9 
+    worker_connections  1024;
10 
+}
11 
+
12 
+
13 
+http {
14 
+    include       /etc/nginx/mime.types;
15 
+    default_type  application/octet-stream;
16 
+
17 
+    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
18 
+                      '$status $body_bytes_sent "$http_referer" '
19 
+                      '"$http_user_agent" "$http_x_forwarded_for"';
20 
+
21 
+    #access_log  /var/log/nginx/access.log  main;
22 
+    access_log off;
23 
+
24 
+    sendfile        on;
25 
+    tcp_nopush     on;
26 
+    server_tokens off;
27 
+    keepalive_timeout  65;
28 
+
29 
+    gzip  on;
30 
+###
31 
+    gzip_disable "msie6";
32 
+    gzip_comp_level 4;
33 
+    gzip_buffers 16 8k;
34 
+    gzip_http_version 1.1;
35 
+    gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;
36 
+
37 
+### include /etc/nginx/conf.d/*.conf;
38 
+    include /etc/nginx/conf.d/*.conf;
39 
+    include /etc/nginx/sites-enabled/*;
40 
+####
41 
+    tcp_nodelay on;
42 
+    types_hash_max_size 2048;
43 
+
44 
+### codepage
45 
+    charset        utf8;
46 
+    source_charset utf8;
47 
+
48 
+#### Tuning system....
49 
+    ## - Защита
50 
+    # Максимальный размер буфера для хранения тела запроса клиента
51 
+    ##client_body_buffer_size 1K;
52 
+    # Максимальный размер буфера для хранения заголовков запроса клиента
53 
+    ##client_header_buffer_size 1k;
54 
+    # Максимальный размер тела запроса клиента, прописанный в поле Content-Length заголовка. Если сервер должен поддерживать загрузку файлов, это значение необходимо увеличить
55 
+    ##client_max_body_size 1k;
56 
+    # для Rouncube
57 
+    client_max_body_size 40M;
58 
+    # Количество и размер буферов для чтения большого заголовка запроса клиента
59 
+    ##large_client_header_buffers 2 1k;
60 
+
61 
+
62 
+    ## - Увеличиваем скорость
63 
+    # Таймаут при чтении тела запроса клиента
64 
+    client_body_timeout   10;
65 
+    # Таймаут при чтении заголовка запроса клиента
66 
+    client_header_timeout 10;
67 
+    # Таймаут, по истечению которого keep-alive соединение с клиентом не будет закрыто со стороны сервера
68 
+    ##keepalive_timeout     5 5;
69 
+    # Таймаут при передаче ответа клиенту
70 
+    send_timeout          10;
71 
+    ## transparent ip
72 
+    set_real_ip_from 127.0.0.1;
73 
+    real_ip_header X-Real-IP;
74 
+}

+ 16 - 0
certbot4nginx/examples/nginx/sites-avalable/http_mail-mydomen
View File 

@@ -0,0 +1,16 @@
1 
+server {
2 
+    listen      192.4.1.6:80;
3 
+
4 
+    server_name mail.mydomen.ru;
5 
+    if ($http_host !~ "^mail.mydomen.ru$"){
6 
+        rewrite ^(.*)$ http://mail.mydomen.ru$1 redirect;
7 
+    }
8 
+    root /home/wwwmails/mail-mydomen;
9 
+
10 
+    error_log /var/log/nginx/err-mail_mydomen_ru.log;
11 
+    access_log /var/log/nginx/access-mail_mydomen_ru.log;
12 
+
13 
+    include /etc/nginx/templates/content.conf;
14 
+    include /etc/nginx/templates/letsencrypt.conf;
15 
+}
16 
+

+ 27 - 0
certbot4nginx/examples/nginx/sites-avalable/https_mail-mydomen
View File 

@@ -0,0 +1,27 @@
1 
+server {
2 
+    listen 194.4.1.6:443 ssl proxy_protocol;
3 
+    server_name mydomen.ru www.mydomen.ru;
4 
+    set_real_ip_from 91.193.62.251;
5 
+    real_ip_header proxy_protocol;
6 
+
7 
+    include     /etc/nginx/ssl/ssl_mydomen-ru.conf;
8 
+
9 
+    if ( $scheme = "http" ) {
10 
+          rewrite ^/(.*)$       https://$host/$1 permanent;
11 
+        }
12 
+    ssi on;
13 
+
14 
+
15 
+    server_name mydomen.ru;
16 
+    if ($http_host !~ "^mydomen.ru$"){
17 
+        rewrite ^(.*)$ http://mydomen.ru$1 redirect;
18 
+    }
19 
+    root /home/www/mydomen;
20 
+
21 
+    error_log /var/log/nginx/err-mydomen_ru.log;
22 
+    access_log /var/log/nginx/access-mydomen_ru.log;
23 
+
24 
+    include /etc/nginx/templates/content.conf;
25 
+    include /etc/nginx/templates/letsencrypt.conf;
26 
+}
27 
+

+ 5 - 0
certbot4nginx/examples/nginx/ssl/ssl_mydomen-ru.conf
View File 

@@ -0,0 +1,5 @@
1 
+ssl_certificate                 /etc/letsencrypt/live/mydomen.ru/cert.pem;
2 
+ssl_certificate_key             /etc/letsencrypt/live/mydomen.ru/privkey.pem;
3 
+ssl_trusted_certificate         /etc/letsencrypt/live/mydomen.ru/fullchain.pem;
4 
+
5 
+include /etc/letsencrypt/options-ssl-nginx.conf;

+ 11 - 0
certbot4nginx/examples/nginx/templates/content.conf
View File 

@@ -0,0 +1,11 @@
1 
+  error_page 404 /404.html;
2 
+   error_page 500 502 503 504 /50x.html;
3 
+
4 
+ location ~* \.(css|js|jpg|jpeg|gif|png|ico|txt|woff|otf|eot|svg|ttf|html|xml|css|js)$ {
5 
+   expires 30d;
6 
+   error_page 404 @notfound;
7 
+ }
8 
+
9 
+ location = /50x.html {
10 
+   root /usr/share/nginx/html;
11 
+ }

+ 9 - 0
certbot4nginx/examples/nginx/templates/index_php.conf
View File 

@@ -0,0 +1,9 @@
1 
+ location / {
2 
+   if ($http_host ~* "^www\.(.+)$"){
3 
+   rewrite ^(.*)$ http://%1/$1 redirect;
4 
+   }
5 
+   if (!-e $request_filename){
6 
+   rewrite ^(.*)$ /index.php;
7 
+   }
8 
+   index   index.htm index.html index.php;
9 
+ }

+ 9 - 0
certbot4nginx/examples/nginx/templates/letsencrypt.conf
View File 

@@ -0,0 +1,9 @@
1 
+location /.well-known {
2 
+   allow all;
3 
+   default_type "text/plain";
4 
+   alias /home/wwwmails/letsencrypt/.well-known;
5 
+ }
6 
+
7 
+ location = /.well-known {
8 
+   return 404;
9 
+ }

+ 19 - 0
certbot4nginx/examples/nginx/templates/php7.x-fpm.conf
View File 

@@ -0,0 +1,19 @@
1 
+location ~ ^/(README|INSTALL|LICENSE|CHANGELOG|UPGRADING)$ {
2 
+   deny all;
3 
+}
4 
+
5 
+location ~ ^/(bin|SQL)/ {
6 
+   deny all;
7 
+}
8 
+
9 
+location ~ \.php$ {
10 
+   try_files $uri $uri/ /index.php =404;
11 
+   fastcgi_pass  localhost:9000;
12 
+   fastcgi_index index.php;
13 
+   fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
14 
+   include fastcgi_params;
15 
+}
16 
+
17 
+location ~ /.ht {
18 
+    deny all;
19 
+}

+ 13 - 0
certbot4nginx/examples/nginx/templates/proxy.conf
View File 

@@ -0,0 +1,13 @@
1 
+proxy_redirect              off;
2 
+proxy_set_header            Host $host;
3 
+proxy_set_header            X-Real-IP $remote_addr;
4 
+proxy_set_header            X-Forwarded-For $proxy_add_x_forwarded_for;
5 
+client_max_body_size        10m;
6 
+client_body_buffer_size     128k;
7 
+proxy_connect_timeout       90;
8 
+proxy_send_timeout          90;
9 
+proxy_read_timeout          90;
10 
+proxy_buffer_size           4k;
11 
+proxy_buffers               4 32k;
12 
+proxy_busy_buffers_size     64k;
13 
+proxy_temp_file_write_size  64k;