From 52499c225e20b14d73c3e1a60e3ff9d6651811bf Mon Sep 17 00:00:00 2001 From: Christian Heller Date: Sat, 7 Mar 2020 22:25:01 +0100 Subject: [PATCH] First attempt at static website setup. --- .../etc/nginx/sites-available/static.nginx | 8 ++++++ buster/setup_scripts/setup_web_static.sh | 27 +++++++++++++++++++ 2 files changed, 35 insertions(+) create mode 100644 buster/etc_files/web_static/etc/nginx/sites-available/static.nginx create mode 100644 buster/setup_scripts/setup_web_static.sh diff --git a/buster/etc_files/web_static/etc/nginx/sites-available/static.nginx b/buster/etc_files/web_static/etc/nginx/sites-available/static.nginx new file mode 100644 index 0000000..a1e57d0 --- /dev/null +++ b/buster/etc_files/web_static/etc/nginx/sites-available/static.nginx @@ -0,0 +1,8 @@ +server { + listen 443 ssl; + server_name REPLACE_fqdn_ECALPER; + ssl_certificate /etc/letsencrypt/live/REPLACE_fqdn_ECALPER/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/REPLACE_fqdn_ECALPER/privkey.pem; + root /var/www/html/; + index index.html index.htm index.nginx-debian.html; +} diff --git a/buster/setup_scripts/setup_web_static.sh b/buster/setup_scripts/setup_web_static.sh new file mode 100644 index 0000000..b841507 --- /dev/null +++ b/buster/setup_scripts/setup_web_static.sh @@ -0,0 +1,27 @@ +#!/bin/sh +set -e +set -x +# Heavily inspired by + +if [ "$#" -ne 1 ]; then + echo 'Need domain name as argument.' + false +fi +domain="$1" + +# Install configs, set up firewall. +config_tree_prefix="${HOME}/config/buster" +./install_for_target.sh web +./copy_dirtree.sh "${config_tree_prefix}/etc_files" "" web +nft -f /etc/nftables.conf + +# Set up letsencrypt certificate. TODO: Is it auto-renewed? +ln -sf /etc/nginx/sites-available/default /etc/nginx/sites-enabled/default +certbot --nginx --agree-tos --redirect --no-eff-email -m "${mail}" -d "${domain}" +rm /etc/nginx/sites-enabled/default + +# Prepare NGINX config for Pleroma. +sed -i "s/example\.tld/${domain}/g" /etc/nginx/sites-available/static.nginx +ln -s /etc/nginx/sites-available/static.nginx /etc/nginx/sites-enabled/static.nginx + +service nginx restart -- 2.30.2