recreate one sctipt for nginx and mail server 08.11.22:01.30

certbot4nginx/auto4certbot.sh

@@ -4,24 +4,40 @@
 # license: GPL 2.0
 # create 2022
 #
-version="0.2.4";
-sname="autocertbot";
-# необходимы для работы: nginx,certbot
-# create new cert
+version="0.3.0";
+sname="avto4certbot";
+# необходимы для работы: nginx,certbot (и если почтовый сервер то сервисы в restartMail)
+# create new cert or update
 path_ssl="/etc/ssl";
 path_cert="/etc/letsencrypt/live";
-source "/etc/scripts/certbot4nginx/auto4certbot.conf";
+source "/etc/scripts/avto4certbot/avto4certbot.conf";
+
 ## - nginx
 nginx_enable="/etc/nginx/sites-enabled";
 nginx_available="/etc/nginx/sites-available";
+## - mail services
+mailservice=(
+    "dbmail"
+    "postfix"
+    "stunnel4"
+    "rspamd"
+);
+
 ##
 www_root="/tmp/letsencrypt";
+
 ##
 path_tmp="/tmp/certbot";
+
 ##
 log="/var/log/syslog";
-#
+
+# - shared options
 cmd=$1;
+
+# - for mail server
+opt=$2;
+
 #-list enable sites
 scan_list=();
 #
@@ -56,17 +72,17 @@ for ((dmn=0; dmn != ${#domains[@]}; dmn++))
      if [ "$keydate" = "$rdate" ] && [ "$keytime" = "$rtime" ];
         then
          ((valtrue++));
-        cat $path_cert/${dreg[0]}/cert.pem > $path_ssl/private/${dreg[0]}.pem;
-        cat $path_cert/${dreg[0]}/chain.pem >> $path_ssl/private/${dreg[0]}.pem;
-        cat $path_cert/${dreg[0]}/fullchain.pem >> $path_ssl/private/${dreg[0]}.pem;
-        cat $path_cert/${dreg[0]}/privkey.pem >> $path_ssl/private/${dreg[0]}.pem;
+		cat $path_cert/${dreg[0]}/privkey.pem > $path_ssl/private/privkey_${dreg[0]}.pem;
+		cat $path_cert/${dreg[0]}/fullchain.pem > $path_ssl/private/fullchain_${dreg[0]}.pem;
+    		cat $path_cert/${dreg[0]}/fullchain.pem > $path_ssl/private/${dreg[0]}.pem;
+    		cat $path_cert/${dreg[0]}/privkey.pem >> $path_ssl/private/${dreg[0]}.pem;
 #
         cp -f $path_ssl/private/${dreg[0]}.pem $path_ssl/certs/${dreg[0]}.pem
         cd $path_ssl/certs
         chmod 600 ${dreg[0]}.pem
         ln -sf ${dreg[0]}.pem `openssl x509 -noout -hash < ${dreg[0]}.pem`.0
         cd $path_ssl
-        echo "$(date) - auto4certbot.sh: update cert for  ${domains[$dmn]}">> $log;
+        echo "$(date) - $sname: update cert for  ${domains[$dmn]}">> $log;
       fi
 done
 if [ $valtrue != 0 ];
@@ -87,17 +103,17 @@ if [ -d $path_cert ];
             do
                 eval local dreg="(" $(echo -e ${domains[$dmn]}) ")";
                 ((valtrue++));
-                cat $path_cert/${dreg[0]}/cert.pem > $path_ssl/private/${dreg[0]}.pem;
-                cat $path_cert/${dreg[0]}/chain.pem >> $path_ssl/private/${dreg[0]}.pem;
-                cat $path_cert/${dreg[0]}/fullchain.pem >> $path_ssl/private/${dreg[0]}.pem;
-                cat $path_cert/${dreg[0]}/privkey.pem >> $path_ssl/private/${dreg[0]}.pem;
+		cat $path_cert/${dreg[0]}/privkey.pem > $path_ssl/private/privkey_${dreg[0]}.pem;
+		cat $path_cert/${dreg[0]}/fullchain.pem > $path_ssl/private/fullchain_${dreg[0]}.pem;
+    		cat $path_cert/${dreg[0]}/fullchain.pem > $path_ssl/private/${dreg[0]}.pem;
+    		cat $path_cert/${dreg[0]}/privkey.pem >> $path_ssl/private/${dreg[0]}.pem;
 #
                 cp -f $path_ssl/private/${dreg[0]}.pem $path_ssl/certs/${dreg[0]}.pem
                 cd $path_ssl/certs
                 chmod 600 ${dreg[0]}.pem
                 ln -sf ${dreg[0]}.pem `openssl x509 -noout -hash < ${dreg[0]}.pem`.0
                 cd $path_ssl
-                echo "$(date) - auto4certbot.sh: update certlist for  ${domains[$dmn]}">> $log;
+                echo "$(date) - $sname: update certlist for  ${domains[$dmn]}">> $log;
         done
         if [ $valtrue != 0 ];
             then
@@ -110,6 +126,7 @@ if [ -d $path_cert ];
         fi
     else
         echo "Ошибка - отсутствует $path_cert!"
+	echo "$(date) - $sname: Ошибка - отсутствует $path_cert!">> $log;
 fi
 }
 
@@ -117,19 +134,12 @@ function downSite(){
 sudo systemctl stop nginx.service;
 
 eval list_www="(" $(find $nginx_enable/* -maxdepth 0 -type l -printf '%f\n') ")";
+if [ ${#list_www[@]} != 0 ]; then
 for ((dwx=0; dwx != ${#list_www[@]}; dwx++))
     do
       rm $nginx_enable/${list_www[dwx]};
 done
-
-for ((dnm=0; dnm != ${#domains[@]}; dnm++))
-    do
-eval local dcert="(" $(echo -e ${domains[$dnm]}) ")";
-    sitename="${dcert[0]}";
-    siteport="${dcert[2]}";
-    createConf;
-done
-sudo systemctl start nginx.service;
+fi
 }
 
 function upSite(){
@@ -139,10 +149,12 @@ for ((cr=0; cr != ${#cert_bot[@]}; cr++))
     do
       rm $nginx_enable/${cert_bot[cr]};
 done
-
-for ((dwx=0; dwx != ${#list_www[@]}; dwx++))
+for ((dnm=0; dnm != ${#domains[@]}; dnm++))
     do
-     ln -s $nginx_available/${list_www[dwx]} $nginx_enable/${list_www[dwx]};
+eval local dcert="(" $(echo -e ${domains[$dnm]}) ")";
+    sitename="${dcert[0]}";
+    siteport="${dcert[2]}";
+    createConf;
 done
 sudo systemctl start nginx.service;
 }
@@ -164,10 +176,6 @@ fi
     echo -e '\n' >>$path_tmp/$sitename.conf;
     echo -e 'server_name '"$sitename"';' >>$path_tmp/$sitename.conf;
     echo -e '\n' >>$path_tmp/$sitename.conf;
-    #echo -e 'if ($http_host != $server_name){' >> $path_tmp/$sitename.conf;
-    #echo -e '    rewrite ^(.*)$ http://$server_name$1 redirect;'>>$path_tmp/$sitename.conf;
-    #echo -e '}' >>$path_tmp/$sitename.conf;
-    #echo -e '\n' >>$path_tmp/$sitename.conf;
     echo -e 'location /.well-known/acme-challenge {' >>$path_tmp/$sitename.conf;
     echo -e '    allow all;' >>$path_tmp/$sitename.conf;
     echo -e '    autoindex off;' >>$path_tmp/$sitename.conf;
@@ -188,6 +196,13 @@ fi
 ln -s $path_tmp/$sitename.conf $nginx_enable/$sitename.conf
 }
 
+function restartMail(){
+for ((scn=0; scn != ${#mailservice[@]}; scn++))
+    do
+/etc/init.d/${mailservice[$scn]} restart;
+# systemctl restart ${mailservices[$scn]};
+done
+}
 
 
 case "$cmd" in
@@ -196,33 +211,49 @@ case "$cmd" in
 "--create" | "--create" )
 
 downSite;
-createCert;
 upSite;
+createCert;
 toSSL;
+downSite;
+if [ "$opt" == "mail" ]; then
+restartMail;
+fi
+
 ;;
 
 ## update cert
 "--update" | "--update" )
 
 downSite;
-renew;
 upSite;
+renew;
 toSSL;
+downSite;
+if [ "$opt" == "mail" ]; then
+restartMail;
+fi
+
+
 ;;
 
 ## update cert force
 "--flist" | "--flist" )
 toSSL;
+if [ "$opt" == "mail" ]; then
+restartMail;
+fi
+
+
 ;;
 
 ## start defaults
 
 * )
-echo "please input pameters: auto4certbot.sh --create | --update | --flist";
-echo "auto4certbot.sh --create; create new certificate"
-echo "auto4certbot.sh --update; update certificates;"
-echo "auto4certbot.sh --flist; update certificates from ssl;"
+echo "please input pameters: avto4certbot.sh --create | --update | --flist";
+echo "avto4certbot.sh --create; create new certificate or --create mail; create and restart mail services " 
+echo "avto4certbot.sh --update; update certificates or --update mail; update and restart mail services;"
+echo "avto4certbot.sh --flist; update certificates from ssl or --flist mail; update certs and restart mail services;"
 ;;
 esac
 
-exit
+exit

certbot4mail/certbot4mail.conf

@@ -1,4 +0,0 @@
-webcrt="/tmp/letsencrypt";
-domains=( 
- '"mail.mydomen.ru" "admin@mydomen.ru" "80"'
- );

certbot4mail/certbot4mail.sh

@@ -1,241 +0,0 @@
-#!/bin/bash
-#
-# author: Koshuba V.O.
-# license: GPL 2.0
-# create 2022
-#
-version="0.2.9";
-sname="certbot4mail";
-# необходимы для работы: nginx,certbot
-# create new cert
-path_ssl="/etc/ssl";
-path_cert="/etc/letsencrypt/live";
-source "/etc/scripts/certbot4mail/certbot4mail.conf";
-## - nginx
-nginx_enable="/etc/nginx/sites-enabled";
-nginx_available="/etc/nginx/sites-available";
-##
-www_root="/tmp/letsencrypt";
-##
-path_tmp="/tmp/certbot";
-##
-log="/var/log/syslog";
-#
-cmd=$1;
-#-list enable sites
-scan_list=();
-#
-
-function createCert() {
-#
-for ((dmn=0; dmn != ${#domains[@]}; dmn++))
-    do
-eval local dreg="(" $(echo -e ${domains[$dmn]}) ")";
-    if [ "$cmd" == "--create" ];
-        then
-            certbot -m "${dreg[1]}";
-        else
-            certbot --update-registration -m "${dreg[1]}" -d "${dreg[0]}" ;
-    fi
-##
-## example manual: certbot certonly --webroot --webroot-path /tmp/letsencrypt/ -d mydomen.ru
-certbot certonly --webroot --webroot-path $www_root/ -d ${dreg[0]}
-done
-}
-
-function renew() {
-certbot renew;
-valtrue=0;
-rdate=$(date +%Y-%m-%d);
-rtime=$(date +%H:%M);
-for ((dmn=0; dmn != ${#domains[@]}; dmn++))
-    do
-    eval local dreg="(" $(echo -e ${domains[$dmn]}) ")";
-     keydate=$(ls -l --time-style=long-iso $path_cert/${dreg[0]}/cert.pem |awk {'print$6'});
-     keytime=$(ls -l --time-style=long-iso $path_cert/${dreg[0]}/cert.pem |awk {'print$7'});
-     if [ "$keydate" = "$rdate" ] && [ "$keytime" = "$rtime" ];
-        then
-         ((valtrue++));
-        cat $path_cert/${dreg[0]}/cert.pem > $path_ssl/private/${dreg[0]}.pem;
-        cat $path_cert/${dreg[0]}/chain.pem >> $path_ssl/private/${dreg[0]}.pem;
-        cat $path_cert/${dreg[0]}/fullchain.pem >> $path_ssl/private/${dreg[0]}.pem;
-        cat $path_cert/${dreg[0]}/privkey.pem >> $path_ssl/private/${dreg[0]}.pem;
-#
-# to postfix
-	if [ ! -d $path_ssl/manual ]; then
-	    mkdir -p $path_ssl/manual;
-	fi
-        cat $path_cert/${dreg[0]}/fullchain.pem >> $path_ssl/manual/fullchain.pem;
-        cat $path_cert/${dreg[0]}/privkey.pem >> $path_ssl/manual/privkey.pem;
-#
-
-        cp -f $path_ssl/private/${dreg[0]}.pem $path_ssl/certs/${dreg[0]}.pem
-        cd $path_ssl/certs
-        chmod 600 ${dreg[0]}.pem
-        ln -sf ${dreg[0]}.pem `openssl x509 -noout -hash < ${dreg[0]}.pem`.0
-        cd $path_ssl
-        echo "$(date) - certbot4mail.sh: update cert for  ${domains[$dmn]}">> $log;
-      fi
-done
-if [ $valtrue != 0 ];
-   then
-     :>/etc/ssl/crt-list.txt
-        for ((icrt=0; icrt != ${#domains[@]}; icrt++))
-         do
-          echo "$path_ssl/${domains[$icrt]}.pem">>/etc/ssl/crt-list.txt
-        done
-fi
-}
-
-
-function toSSL() {
-if [ -d $path_cert ];
-    then
-        for ((dmn=0; dmn != ${#domains[@]}; dmn++))
-            do
-                eval local dreg="(" $(echo -e ${domains[$dmn]}) ")";
-                ((valtrue++));
-                cat $path_cert/${dreg[0]}/cert.pem > $path_ssl/private/${dreg[0]}.pem;
-                cat $path_cert/${dreg[0]}/chain.pem >> $path_ssl/private/${dreg[0]}.pem;
-                cat $path_cert/${dreg[0]}/fullchain.pem >> $path_ssl/private/${dreg[0]}.pem;
-                cat $path_cert/${dreg[0]}/privkey.pem >> $path_ssl/private/${dreg[0]}.pem;
-# to postfix
-		if [ ! -d $path_ssl/manual ]; then
-		    mkdir -p $path_ssl/manual;
-		fi
-    		cat $path_cert/${dreg[0]}/fullchain.pem >> $path_ssl/manual/fullchain.pem;
-    		cat $path_cert/${dreg[0]}/privkey.pem >> $path_ssl/manual/privkey.pem;
-#
-                cp -f $path_ssl/private/${dreg[0]}.pem $path_ssl/certs/${dreg[0]}.pem
-                cd $path_ssl/certs
-                chmod 600 ${dreg[0]}.pem
-                ln -sf ${dreg[0]}.pem `openssl x509 -noout -hash < ${dreg[0]}.pem`.0
-                cd $path_ssl
-                echo "$(date) - certbot4mail.sh: update certlist for  ${domains[$dmn]}">> $log;
-        done
-        if [ $valtrue != 0 ];
-            then
-                echo >/etc/ssl/crt-list.txt
-            for ((icrt=0; icrt != ${#domains[@]}; icrt++))
-                do
-                eval local dcrt="(" $(echo -e ${domains[$icrt]}) ")";
-                echo "$path_ssl/private/${dcrt[0]}.pem">>/etc/ssl/crt-list.txt
-            done
-        fi
-    else
-        echo "Ошибка - отсутствует $path_cert!"
-fi
-}
-
-function downSite(){
-sudo systemctl stop nginx.service;
-
-eval list_www="(" $(find $nginx_enable/* -maxdepth 0 -type l -printf '%f\n') ")";
-for ((dwx=0; dwx != ${#list_www[@]}; dwx++))
-    do
-      rm $nginx_enable/${list_www[dwx]};
-done
-}
-
-function upSite(){
-sudo systemctl stop nginx.service;
-eval cert_bot="(" $(find $nginx_enable/* -maxdepth 0 -type l -printf '%f\n') ")";
-for ((cr=0; cr != ${#cert_bot[@]}; cr++))
-    do
-      rm $nginx_enable/${cert_bot[cr]};
-done
-for ((dnm=0; dnm != ${#domains[@]}; dnm++))
-    do
-eval local dcert="(" $(echo -e ${domains[$dnm]}) ")";
-    sitename="${dcert[0]}";
-    siteport="${dcert[2]}";
-    createConf;
-done
-sudo systemctl start nginx.service;
-}
-
-
-function createConf(){
-if [ ! -d $path_tmp ];
-  then
-    mkdir -p $path_tmp;
-fi
-
-if [ ! -d $www_root ];
-  then
-    mkdir -p $www_root/.well-known/acme-challenge;
-chown -R www-data:www-data $www_root;
-fi
-    echo >$path_tmp/$sitename.conf;
-    echo -e 'server { listen      0.0.0.0:'"$siteport"';' >>$path_tmp/$sitename.conf;
-    echo -e '\n' >>$path_tmp/$sitename.conf;
-    echo -e 'server_name '"$sitename"';' >>$path_tmp/$sitename.conf;
-    echo -e '\n' >>$path_tmp/$sitename.conf;
-    echo -e 'location /.well-known/acme-challenge {' >>$path_tmp/$sitename.conf;
-    echo -e '    allow all;' >>$path_tmp/$sitename.conf;
-    echo -e '    autoindex off;' >>$path_tmp/$sitename.conf;
-    echo -e '    default_type "text/plain";' >>$path_tmp/$sitename.conf;
-    echo -e '    root '"$www_root"';' >>$path_tmp/$sitename.conf;
-    echo -e '}' >>$path_tmp/$sitename.conf;
-    echo -e '\n' >>$path_tmp/$sitename.conf;
-    echo -e 'location = /.well-known {' >>$path_tmp/$sitename.conf;
-    echo -e '    return 404;' >>$path_tmp/$sitename.conf;
-    echo -e '}' >>$path_tmp/$sitename.conf;
-    echo -e '\n' >>$path_tmp/$sitename.conf;
-    echo -e 'error_page 404 /404.html;' >>$path_tmp/$sitename.conf;
-    echo -e 'error_page 500 502 503 504 /50x.html;' >>$path_tmp/$sitename.conf;
-    echo -e '\n' >>$path_tmp/$sitename.conf;
-    echo -e 'error_log /var/log/nginx/err-certbot.log;' >>$path_tmp/$sitename.conf;
-    echo -e 'access_log /var/log/nginx/access-certbot.log;' >>$path_tmp/$sitename.conf;
-    echo -e '}' >>$path_tmp/$sitename.conf;
-ln -s $path_tmp/$sitename.conf $nginx_enable/$sitename.conf
-}
-
-function restartMail(){
-/etc/init.d/dbmail restart;
-/etc/init.d/stunnel4 restart;
-/etc/init.d/postfix restart;
-}
-
-
-case "$cmd" in
-
-## create cert
-"--create" | "--create" )
-
-downSite;
-createCert;
-upSite;
-toSSL;
-downSite;
-restartMail;
-;;
-
-## update cert
-"--update" | "--update" )
-
-downSite;
-renew;
-upSite;
-toSSL;
-downSite;
-restartMail;
-;;
-
-## update cert force
-"--flist" | "--flist" )
-toSSL;
-restartMail;
-;;
-
-## start defaults
-
-* )
-echo "please input pameters: certbot4mail.sh --create | --update | --flist";
-echo "certbot4mail.sh --create; create new certificate"
-echo "certbot4mail.sh --update; update certificates;"
-echo "certbot4mail.sh --flist; update certificates from ssl;"
-;;
-esac
-
-exit

certbot4mail/examples/nginx/sites-avalable/http_mail-mydomen

@@ -1,16 +0,0 @@
-server {
-    listen      192.4.1.6:80;
-
-    server_name mail.mydomen.ru;
-    if ($http_host !~ "^mail.mydomen.ru$"){
-        rewrite ^(.*)$ http://mail.mydomen.ru$1 redirect;
-    }
-    root /home/wwwmail/letsencrypt;
-
-    error_log /var/log/nginx/err-mail_mydomen_ru.log;
-    access_log /var/log/nginx/access-mail_mydomen_ru.log;
-
-    include /etc/nginx/templates/content.conf;
-    include /etc/nginx/templates/letsencrypt.conf;
-}
-

certbot4mail/examples/nginx/templates/letsencrypt.conf

@@ -1,9 +0,0 @@
-location /.well-known {
-   allow all;
-   default_type "text/plain";
-   alias /home/wwwmail/letsencrypt/.well-known;
- }
-
- location = /.well-known {
-   return 404;
- }

certbot4mail/examples/stunnel.conf

@@ -1,126 +0,0 @@
-; Sample stunnel configuration file for Unix by Michal Trojnara 2002-2015
-; Some options used here may be inadequate for your particular configuration
-; This sample file does *not* represent stunnel.conf defaults
-; Please consult the manual for detailed description of available options
-
-; **************************************************************************
-; * Global options                                                         *
-; **************************************************************************
-
-; It is recommended to drop root privileges if stunnel is started by root
-;setuid = stunnel4
-;setgid = stunnel4
-
-; PID file is created inside the chroot jail (if enabled)
-pid = /var/run/stunnel4/stunnel.pid
-
-; Debugging stuff (may be useful for troubleshooting)
-;foreground = yes
-;debug = info
-output = /var/log/stunnel4/stunnel.log
-
-; Enable FIPS 140-2 mode if needed for compliance
-;fips = yes
-fips = no
-; **************************************************************************
-; * Service defaults may also be specified in individual service sections  *
-; **************************************************************************
-
-; Enable support for the insecure SSLv3 protocol
-options = -NO_SSLv3
-sslVersion = TLSv1.2
-
-; These options provide additional security at some performance degradation
-;options = SINGLE_ECDH_USE
-;options = SINGLE_DH_USE
-
-; **************************************************************************
-; * Include all configuration file fragments from the specified folder     *
-; **************************************************************************
-
-;include = /etc/stunnel/conf.d
-
-; **************************************************************************
-; * Service definitions (remove all services for inetd mode)               *
-; **************************************************************************
-
-; ***************************************** Example TLS client mode services
-
-; The following examples use /etc/ssl/certs, which is the common location
-; of a hashed directory containing trusted CA certificates.  This is not
-; a hardcoded path of the stunnel package, as it is not related to the
-; stunnel configuration in /etc/stunnel/.
-
-;[mydomen-pop3]
-;client = yes
-;accept = 127.0.0.1:110
-;connect = pop3.mydomen.ru:995
-;verifyChain = yes
-;CApath = @sysconfdir/ssl/certs
-;checkHost = pop3s.mydomen.ru
-;OCSPaia = yes
-
-;[mydomen-imap]
-;client = yes
-;accept = 127.0.0.1:143
-;connect = imap.mydomen.ru:993
-;verifyChain = yes
-;CApath = @sysconfdir/ssl/certs
-;checkHost = imaps.mydomen.ru
-;OCSPaia = yes
-
-;[mydomen-smtp]
-;client = yes
-;accept = 127.0.0.1:25
-;connect = smtp.mydomen.ru:465
-;verifyChain = yes
-;CApath = @sysconfdir/ssl/certs
-;checkHost = smtps.mydomen.ru
-;OCSPaia = yes
-
-; ***************************************** Example TLS server mode services
-
-[pop3s]
-accept  = 10.2.2.8:995
-connect = 10.2.2.8:110
-cert=/etc/letsencrypt/live/mail.mydomen.ru/fullchain.pem
-key=/etc/letsencrypt/live/mail.mydomen.ru/privkey.pem
-
-[imaps]
-accept  = 10.2.2.8:993
-connect = 10.2.2.8:143
-cert=/etc/letsencrypt/live/mail.mydomen.ru/fullchain.pem
-key=/etc/letsencrypt/live/mail.mydomen.ru/privkey.pem
-
-[smtps]
-accept  = 10.2.2.8:465
-connect = 10.2.2.8:587
-cert=/etc/letsencrypt/live/mail.mydomen.ru/fullchain.pem
-key=/etc/letsencrypt/live/mail.mydomen.ru/privkey.pem
-
-; TLS front-end to a web server
-;[https]
-;accept  = 443
-;connect = 80
-;cert = /etc/stunnel/stunnel.pem
-; "TIMEOUTclose = 0" is a workaround for a design flaw in Microsoft SChannel
-; Microsoft implementations do not use TLS close-notify alert and thus they
-; are vulnerable to truncation attacks
-;TIMEOUTclose = 0
-
-; Remote shell protected with PSK-authenticated TLS
-; Create "/etc/stunnel/secrets.txt" containing IDENTITY:KEY pairs
-;[shell]
-;accept = 1337
-;exec = /bin/sh
-;execArgs = sh -i
-;ciphers = PSK
-;PSKsecrets = /etc/stunnel/secrets.txt
-
-; Non-standard MySQL-over-TLS encapsulation connecting the Unix socket
-;[mysql]
-;cert = /etc/stunnel/stunnel.pem
-;accept = 3307
-;connect = /run/mysqld/mysqld.sock
-
-; vim:ft=dosini

certbot4nginx/examples/nginx.conf

@@ -1,74 +0,0 @@
-user  www-data;
-worker_processes  1;
-
-error_log  /var/log/nginx/error.log warn;
-pid        /var/run/nginx.pid;
-
-
-events {
-    worker_connections  1024;
-}
-
-
-http {
-    include       /etc/nginx/mime.types;
-    default_type  application/octet-stream;
-
-    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
-                      '$status $body_bytes_sent "$http_referer" '
-                      '"$http_user_agent" "$http_x_forwarded_for"';
-
-    #access_log  /var/log/nginx/access.log  main;
-    access_log off;
-
-    sendfile        on;
-    tcp_nopush     on;
-    server_tokens off;
-    keepalive_timeout  65;
-
-    gzip  on;
-###
-    gzip_disable "msie6";
-    gzip_comp_level 4;
-    gzip_buffers 16 8k;
-    gzip_http_version 1.1;
-    gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;
-    
-### include /etc/nginx/conf.d/*.conf;
-    include /etc/nginx/conf.d/*.conf;
-    include /etc/nginx/sites-enabled/*;
-####
-    tcp_nodelay on;
-    types_hash_max_size 2048;
-    
-### codepage
-    charset        utf8;
-    source_charset utf8;
-    
-#### Tuning system....
-    ## - Защита
-    # Максимальный размер буфера для хранения тела запроса клиента
-    ##client_body_buffer_size 1K;
-    # Максимальный размер буфера для хранения заголовков запроса клиента
-    ##client_header_buffer_size 1k;
-    # Максимальный размер тела запроса клиента, прописанный в поле Content-Length заголовка. Если сервер должен поддерживать загрузку файлов, это значение необходимо увеличить
-    ##client_max_body_size 1k;
-    # для Rouncube
-    client_max_body_size 40M;
-    # Количество и размер буферов для чтения большого заголовка запроса клиента
-    ##large_client_header_buffers 2 1k;
-    
-    
-    ## - Увеличиваем скорость
-    # Таймаут при чтении тела запроса клиента
-    client_body_timeout   10;
-    # Таймаут при чтении заголовка запроса клиента
-    client_header_timeout 10;
-    # Таймаут, по истечению которого keep-alive соединение с клиентом не будет закрыто со стороны сервера
-    ##keepalive_timeout     5 5;
-    # Таймаут при передаче ответа клиенту
-    send_timeout          10;
-    ## transparent ip
-    set_real_ip_from 127.0.0.1;
-    real_ip_header X-Real-IP;
-}

certbot4nginx/examples/nginx/templates/content.conf

@@ -1,11 +0,0 @@
-  error_page 404 /404.html;
-   error_page 500 502 503 504 /50x.html;
-
- location ~* \.(css|js|jpg|jpeg|gif|png|ico|txt|woff|otf|eot|svg|ttf|html|xml|css|js)$ {
-   expires 30d;
-   error_page 404 @notfound;
- }
-
- location = /50x.html {
-   root /usr/share/nginx/html;
- }

certbot4nginx/examples/nginx/templates/index_php.conf

@@ -1,9 +0,0 @@
- location / {
-   if ($http_host ~* "^www\.(.+)$"){
-   rewrite ^(.*)$ http://%1/$1 redirect; 
-   } 
-   if (!-e $request_filename){ 
-   rewrite ^(.*)$ /index.php; 
-   }
-   index   index.htm index.html index.php;
- }

certbot4nginx/examples/nginx/templates/php7.x-fpm.conf

@@ -1,19 +0,0 @@
-location ~ ^/(README|INSTALL|LICENSE|CHANGELOG|UPGRADING)$ {
-   deny all;
-}
-
-location ~ ^/(bin|SQL)/ {
-   deny all;
-}
-
-location ~ \.php$ {
-   try_files $uri $uri/ /index.php =404;
-   fastcgi_pass  localhost:9000;
-   fastcgi_index index.php;
-   fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
-   include fastcgi_params;
-}
-
-location ~ /.ht {
-    deny all;
-}

certbot4nginx/examples/nginx/templates/proxy.conf

@@ -1,13 +0,0 @@
-proxy_redirect              off;
-proxy_set_header            Host $host;
-proxy_set_header            X-Real-IP $remote_addr;
-proxy_set_header            X-Forwarded-For $proxy_add_x_forwarded_for;
-client_max_body_size        10m;
-client_body_buffer_size     128k;
-proxy_connect_timeout       90;
-proxy_send_timeout          90;
-proxy_read_timeout          90;
-proxy_buffer_size           4k;
-proxy_buffers               4 32k;
-proxy_busy_buffers_size     64k;
-proxy_temp_file_write_size  64k;