Leffler.Media-LLC/wpDeploy
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

added the start of certbot fun

Browse Source
This commit is contained in:
Nick Leffler 2020-01-22 23:32:14 -05:00
parent ca0063d8e2
commit 35f620ef31
1 changed files with 30 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

37
deploy.sh
View File

@ -6,25 +6,25 @@
# 20190930 v1 # 20190930 v1
##### EDIT HERE #### ##### EDIT HERE ####
#siteName="_" # acme.sh location
#siteTitle="TEST" acmebin="/root/.acme.sh/acme.sh"
#adminEmail="test@test.com"
#siteURL="test.url.com"
#siteProto="http://"
# httpd server user
wwwUser="nginx" wwwUser="nginx"
#### DON"T TOUCH BELOW HERE #### #### DON"T TOUCH BELOW HERE ####
get_info () { get_info () {
read -p "Enter Site Name: " siteName read -p "Enter Site Name: " siteName
read -p "Enter Site Title: " siteTitle read -p "Enter Site Title: " siteTitle
read -p "If SSL type ssl otherwise don't: " siteProtoIn read -p "SSL [Y/n]: " siteProtoIn
read -p "Certbot ready?: cbReady
read -p "Enter Site URL: " siteURL read -p "Enter Site URL: " siteURL
read -p "Enter WPAdmin email: " adminEmail read -p "Enter WPAdmin email: " adminEmail
if [[ $siteProtoIn == "ssl" ]]; then if [[ $siteProtoIn == "n" ]]; then
siteProto="https://" siteProto="http://"
ssl=1 ssl=0
fi fi
fullURL="${siteProto}${siteURL}" fullURL="${siteProto}${siteURL}"
@ -34,6 +34,16 @@ genSSL () {
mkdir -p "/etc/nginx/ssl/${siteURL}/" || exit mkdir -p "/etc/nginx/ssl/${siteURL}/" || exit
openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/ssl/${siteURL}/key -out /etc/nginx/ssl/${siteURL}/crt \ openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/ssl/${siteURL}/key -out /etc/nginx/ssl/${siteURL}/crt \
-subj "/C=TT/ST=TT/L=TT/O=TEMP/OU=TEMP/CN=$siteURL/emailAddress=TEMP" -subj "/C=TT/ST=TT/L=TT/O=TEMP/OU=TEMP/CN=$siteURL/emailAddress=TEMP"
sslCert="/etc/nginx/ssl/${siteURL}/crt"
sslKey="/etc/nginx/ssl/${siteURL}/key"
}
acmeSSL () {
"${acmebin}" --issue --dns dns_cf -d "${siteURL}" --reloadcmd "systemctl reload nginx" --force
sslCert="/root/.acme.sh/${siteURL}/fullchain.cer"
sslKey="/root/.acme.sh/${siteURL}/${siteURL}.key"
} }
create_wp_db () { create_wp_db () {
@ -158,8 +168,9 @@ server {
fastcgi_param SCRIPT_FILENAME \$document_root\$fastcgi_script_name; fastcgi_param SCRIPT_FILENAME \$document_root\$fastcgi_script_name;
fastcgi_param SCRIPT_NAME \$fastcgi_script_name; fastcgi_param SCRIPT_NAME \$fastcgi_script_name;
} }
ssl_certificate /etc/nginx/ssl/${siteURL}/crt;
ssl_certificate_key /etc/nginx/ssl/${siteURL}/key; ssl_certificate "${sslCert}";
ssl_certificate_key "${sslKey}";
ssl_ciphers "ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK"; ssl_ciphers "ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK";
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
@ -191,8 +202,8 @@ fi
######################################################################## ########################################################################
# set defaults # set defaults
siteProto="http://" siteProto="https://"
ssl=0 ssl=1
# get mdata # get mdata
get_info get_info