公司业务的一项是给企业制作海外网站,而我的任务是加证书和添加个nginx虚拟主机的配置,虽然很简单但是老重复做这个活儿挺麻烦的,就写了个脚本减轻工作量。
功能点:
1、将证书放在cert目录下
2、将虚拟主机配置文件编辑好放在vhost目录下
#!/bin/bash
#This shell used to xinrong haiwai project
#Bailu 2021/5/14 first realease
echo -e "\033[33m 请输入域名\033[0m"
read -p"->" -a domain
cert() {
cert_dir=/application/nginx-1.6.3/conf/cert/${domain[0]}
if [ ! -d ${cert_dir} ];then
mkdir /application/nginx-1.6.3/conf/cert/${domain[0]}
echo -e "\033[34m 目录 ${cert_dir} 建立完成\033[0m"
mv ${domain[0]}.crt ${domain[0]}.key /application/nginx-1.6.3/conf/cert/${domain[0]}/
echo -e "\033[34m --- ${domain[0]} --- 证书传输完毕\033[0m"
else
echo -e "\033[35m 目录$cert_dir已存在,建议维护原配置文件\033[0m"
exit
fi
}
vhost() {
vhost_conf=/application/nginx/conf/vhost/${domain[0]}.conf
if [ -f ${vhost_conf} ];then
echo -e "\033[35m 配置文件$vhost_conf已存在,建议维护原配置文件\033[0m"
exit
fi
cp xxx.com.conf $vhost_conf
sed -i "3s/xxx.com/`echo ${
domain[@]}`/g" $vhost_conf
sed -i "45s/xxx.com/`echo ${
domain[@]}`/g" $vhost_conf
sed -i "s/xxx.com/${domain[0]}/g" $vhost_conf
echo -e "\033[34m 域名${domain[0]}虚拟主机 建立完成\033[0m"
}
cert;vhost;nginx -s reload
echo -e "\033[33m 域名${domain[0]} 部署完毕,可以访问测试页了\033[0m"
怎么操作呢?很简单,把虚拟主机的模板文件和证书都放在一个目录里,执行一下脚本就搞定了。下边是模板文件,我起的名是xxx.com.conf,根据自己的需求改就,证书就不放了,一个crt一个key。
server {
listen 80;
server_name xxx.com;
rewrite ^/(.*) https://xxx.com/$1 permanent; # 重定向 http 到 https
##### 生成证书使用的配置
location ~ ^/.well-known/.*$ {
root /tmp/tmp.well-known/;
index index.html;
}
location / {
root /opt/wwwroot/xxx.com;
index index.html;
}
### 在线客服投放配置 #######
location ^~ /interface_api {
proxy_pass http://127.0.0.1:8081;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Real-IP $remote_addr;
}
location ^~ /TongJiCenter {
proxy_pass http://127.0.0.1:8082;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Real-IP $remote_addr;
}
#对后端服务器抛出的错误404进行页面重定向
error_page 500 502 503 504 404 /404.html;
location = /404.html {
root 404;
}
}
server {
listen 443 ssl;
server_name xxx.com;
ssl_certificate cert/xxx.com/xxx.com.crt;
ssl_certificate_key cert/xxx.com/xxx.com.key;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4:!DH:!DHE;
ssl_protocols TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
add_header Strict-Transport-Security "max-age=31536000; includeSubdomains";
location / {
root /opt/wwwroot/xxx.com;
index index.html index.htm;
}
location ~ ^/.well-known/.*$ {
root /tmp/tmp.well-known/;
index index.html;
}
location ^~ /interface_api {
proxy_pass http://127.0.0.1:8081;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Real-IP $remote_addr;
}
location ^~ /TongJiCenter {
proxy_pass http://127.0.0.1:8082;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Real-IP $remote_addr;
}
#对后端服务器抛出的错误404进行页面重定向
error_page 500 502 503 504 404 /404.html;
location = /404.html {
root 404;
}
}