| 12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455 |
- #!/bin/bash
- CERT_DOMAIN="$1"
- # install the prerequisites
- apt install -y curl gnupg2 ca-certificates lsb-release debian-archive-keyring
- # import gpg key
- curl https://nginx.org/keys/nginx_signing.key | gpg --dearmor \
- | tee /usr/share/keyrings/nginx-archive-keyring.gpg >/dev/null
-
- # verify gpg key
- mkdir -m 700 ~/.gnupg
- gpg --dry-run --quiet --no-keyring --import --import-options import-show /usr/share/keyrings/nginx-archive-keyring.gpg
- echo "deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] \
- http://nginx.org/packages/debian `lsb_release -cs` nginx" \
- | tee /etc/apt/sources.list.d/nginx.list
- # install nginx
- apt update
- apt install -y nginx
- # start nginx
- systemctl start nginx
- systemctl enable nginx
- # generate self signed cert
- mkdir -p /etc/nginx/certs/self
- openssl genrsa -out /etc/nginx/certs/self/privkey.pem 2048
- openssl req -new -x509 -days 3650 -key /etc/nginx/certs/self/privkey.pem \
- -out /etc/nginx/certs/self/cert.pem \
- -subj "/C=CN/O=Self Hosted/OU=SRE/CN=$DOMAIN/CN=*.$DOMAIN"
- # default vhost
- rm -f /etc/nginx/conf.d/default.conf
- cat > /etc/nginx/conf.d/00-default.conf << EOF
- server {
- listen 80 default_server;
- listen [::]:80 default_server;
- server_name _;
- return 418;
- }
- server {
- listen 443 ssl default_server;
- listen [::]:443 ssl default_server;
- server_name _;
- ssl_certificate /etc/nginx/certs/self/cert.pem;
- ssl_certificate_key /etc/nginx/certs/self/privkey.pem;
- return 418;
- }
- EOF
- nginx -t
- systemctl force-reload nginx
|
