Get the most out of your Centmin Mod LEMP stack
Become a Member

Beta Branch Add Nginx Vhost via SSH command line via nv.sh /usr/bin/nv

Discussion in 'Beta release code' started by eva2000, Jun 22, 2015.

Tags:
  1. eva2000

    eva2000 Administrator Staff Member

    29,051
    6,591
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +9,786
    Local Time:
    9:21 AM
    Nginx 1.13.x
    MariaDB 5.5
    To accompany the new nginx vhost centmin.sh menu option 2, starting to create a new standalone nginx vhost script, nv.sh which can take parameters on command line so it does exactly what centmin.sh menu option 2 does and create a nginx vhost with or without self-signed ssl and generate pure-ftpd username and auto generate password (if pure-ftpd service is detected if not no ftp user is generated).

    with pure-ftpd service enabled

    nv-sh-tool-00.png

    when pure-ftpd service is detected as disabled/stopped

    nv-sh-tool-01.png

    Code (Text):
    /root/tools/nv.sh -d sky5.newdomain.com -s y
    ---------------------------------------------------------------
    Nginx Vhost Setup...
    ---------------------------------------------------------------
    
    
    ---------------------------------------------------------------
    SSL Vhost Setup...
    ---------------------------------------------------------------
    
    ---------------------------------------------------------------
    Generating self signed SSL certificate...
    Generating a 2048 bit RSA private key
    .........................................+++
    .............................+++
    writing new private key to 'sky5.newdomain.com.key'
    -----
    Signature ok
    subject=/C=US/ST=California/L=Los Angeles/O=sky5.newdomain.com/CN=sky5.newdomain.com
    Getting Private key
    ---------------------------------------------------------------
    Generating dhparam.pem file - can take a few minutes...
    Generating DH parameters, 2048 bit long safe prime, generator 2
    This is going to take a long time
    .........................................................+................................................+..........................................................+..................+..........++*++*
    dhparam file generation time: 8.629665763
    
    -------------------------------------------------------------
    nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
    nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
    Stopping nginx:                                            [  OK  ]
    Starting nginx:                                            [  OK  ]
    
    -------------------------------------------------------------
    vhost for sky5.newdomain.com created successfully
    
    domain: http://sky5.newdomain.com
    vhost conf file for sky5.newdomain.com created: /usr/local/nginx/conf/conf.d/sky5.newdomain.com.conf
    
    vhost ssl for sky5.newdomain.com created successfully
    
    domain: https://sky5.newdomain.com
    vhost ssl conf file for sky5.newdomain.com created: /usr/local/nginx/conf/conf.d/sky5.newdomain.com.ssl.conf
    /usr/local/nginx/conf/ssl_include.conf created
    Self-signed SSL Certificate: /usr/local/nginx/conf/ssl/sky5.newdomain.com/sky5.newdomain.com.crt
    SSL Private Key: /usr/local/nginx/conf/ssl/sky5.newdomain.com/sky5.newdomain.com.key
    SSL CSR File: /usr/local/nginx/conf/ssl/sky5.newdomain.com/sky5.newdomain.com.csr
    
    upload files to /home/nginx/domains/sky5.newdomain.com/public
    vhost log files directory is /home/nginx/domains/sky5.newdomain.com/log
    
    -------------------------------------------------------------
    Current vhost listing at: /usr/local/nginx/conf/conf.d/
    
    Jun 21  20:23   845    ssl.conf
    Jun 21  20:23   1.1K   demodomain.com.conf
    Jun 21  20:23   1.6K   virtual.conf
    Jun 22  12:17   1.6K   sky1.newdomain.com.conf
    Jun 22  12:17   3.3K   sky1.newdomain.com.ssl.conf
    Jun 22  12:23   1.6K   sky2.newdomain.com.conf
    Jun 22  12:23   3.3K   sky2.newdomain.com.ssl.conf
    Jun 22  12:25   1.6K   sky3.newdomain.com.conf
    Jun 22  12:25   3.3K   sky3.newdomain.com.ssl.conf
    Jun 22  12:28   3.3K   sky4.newdomain.com.ssl.conf
    Jun 22  12:28   1.6K   sky4.newdomain.com.conf
    Jun 22  13:10   1.6K   sky5.newdomain.com.conf
    Jun 22  13:10   3.3K   sky5.newdomain.com.ssl.conf
    
    -------------------------------------------------------------
    Current vhost ssl files listing at: /usr/local/nginx/conf/ssl/sky5.newdomain.com
    
    Jun 22  13:10   1.7K   sky5.newdomain.com.key
    Jun 22  13:10   1017   sky5.newdomain.com.csr
    Jun 22  13:10   1.3K   sky5.newdomain.com.crt
    Jun 22  13:10   424    dhparam.pem
    
    -------------------------------------------------------------
    Commands to remove sky5.newdomain.com
    
    rm -rf /usr/local/nginx/conf/conf.d/sky5.newdomain.com.conf
    rm -rf /usr/local/nginx/conf/conf.d/sky5.newdomain.com.ssl.conf
    rm -rf /usr/local/nginx/conf/ssl/sky5.newdomain.com/sky5.newdomain.com.crt
    rm -rf /usr/local/nginx/conf/ssl/sky5.newdomain.com/sky5.newdomain.com.key
    rm -rf /usr/local/nginx/conf/ssl/sky5.newdomain.com/sky5.newdomain.com.csr
    rm -rf /home/nginx/domains/sky5.newdomain.com
    service nginx restart
    -------------------------------------------------------------
    

    so essentially you could combine the curl one line installer + the nv.sh script to install Centmin Mod .08 beta03 + and higher + create nginx vhost
    Code (Text):
    curl -O https://centminmod.com/betainstaller.sh && chmod 0700 betainstaller.sh && bash betainstaller.sh
    /usr/bin/nv -d sky5.newdomain.com -s y -u ftpusername

     
    Last edited: Jun 17, 2016
    • Like Like x 3
  2. jeffwidman

    jeffwidman Active Member

    152
    27
    28
    Dec 3, 2014
    Ratings:
    +51
    Local Time:
    4:21 PM
    Hmm, interesting. I already have two tests in my Ansible config to check if the vhost exists before running the domain-specific playbook, now I can just add the shell command to create it if it doesn't already exist. However, I probably won't though, because if for some reason those tests fail, I want to be notified immediately... they should never fail except for the onetime that I'm first adding a new domain.

    Long term, I'd love to move to a solution of a single Docker MySQL container & single docker memcached container plus separate Docker containers for each site, in which case this could come in really handy for creating the vhosts on each docker container. With that workflow, I can just ship a new container whenever I want to update site software. Adds a little overhead to the box though. Mostly I've been waiting until security is better in Docker... maybe they'll announce better isolation at DockerCon (happening this week). Right now Docker adds minimal isolation.
     
  3. eva2000

    eva2000 Administrator Staff Member

    29,051
    6,591
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +9,786
    Local Time:
    9:21 AM
    Nginx 1.13.x
    MariaDB 5.5
    yeah i was thinking about adding another command line parameter for -e for email address so can be sent the vhost created info after vhost is setup. Suppose could also do error notifications via the set -e your@domain.com address

    For Docker check out the Centmin Mod Docker Development forums too.. I have memcached and mysql docker containers I built. Was my first time building those so probably need revisiting sometime - reminds me I need to rebuild the MariaDB/Percona ones so they get latest versions :)
    see ya in Centmin Mod Docker Development forums :D
     
  4. eva2000

    eva2000 Administrator Staff Member

    29,051
    6,591
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +9,786
    Local Time:
    9:21 AM
    Nginx 1.13.x
    MariaDB 5.5
    Last edited: Jun 24, 2015
    • Like Like x 1
  5. eva2000

    eva2000 Administrator Staff Member

    29,051
    6,591
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +9,786
    Local Time:
    9:21 AM
    Nginx 1.13.x
    MariaDB 5.5
    Test updates to tools/nv.sh and setup auto update /usr/bin/nv function for 123.09beta01 to support HTTPS default vhost config with automatic HTTP to HTTPS 302 temp redirect

    command options where -s yd is flag for HTTPS default only
    Code (Text):
    nv
    
    Usage: /usr/bin/nv [-d yourdomain.com] [-s y|n|yd] [-u ftpusername]
    
      -d  yourdomain.com or subdomain.yourdomain.com
      -s  ssl self-signed create = y or n or https only vhost = yd
      -u  your FTP username
    
      example:
    
      /usr/bin/nv -d yourdomain.com -s y -u ftpusername
      /usr/bin/nv -d yourdomain.com -s n -u ftpusername
      /usr/bin/nv -d yourdomain.com -s yd -u ftpusername

    example HTTPS only domain1.com with vhost /usr/local/nginx/conf/conf.d/domain1.com.ssl.conf
    Code (Text):
    nv -d domain1.com -s yd -u ftpuser01                       
    ---------------------------------------------------------------
    Nginx Vhost Setup...
    ---------------------------------------------------------------
    
    
    FTP password auto generated: ***********
    
    Password:
    Enter it again:
    ---------------------------------------------------------------
    SSL Vhost Setup...
    ---------------------------------------------------------------
    
    ---------------------------------------------------------------
    Generating self signed SSL certificate...
    CSR file can also be used to be submitted for paid SSL certificates
    If using for paid SSL certificates be sure to keep both private key and CSR safe
    creating CSR File: domain1.com.csr
    creating private key: domain1.com.key
    creating self-signed SSL certificate: domain1.com.crt
    Generating a 2048 bit RSA private key
    ..........................................................................+++
    ................................................................+++
    writing new private key to 'domain1.com.key'
    -----
    No value provided for Subject Attribute C, skipped
    No value provided for Subject Attribute ST, skipped
    No value provided for Subject Attribute L, skipped
    Signature ok
    subject=/O=domain1.com/OU=domain1.com/CN=domain1.com
    Getting Private key
    
    ---------------------------------------------------------------
    Generating backup CSR and private key for HTTP Public Key Pinning...
    creating CSR File: domain1.com-backup.csr
    creating private key: domain1.com-backup.key
    Generating a 2048 bit RSA private key
    .........................................................................................+++
    ......................................+++
    writing new private key to 'domain1.com-backup.key'
    -----
    No value provided for Subject Attribute C, skipped
    No value provided for Subject Attribute ST, skipped
    No value provided for Subject Attribute L, skipped
    
    ---------------------------------------------------------------
    Extracting Base64 encoded information for primary and secondary
    private key's SPKI - Subject Public Key Information
    Primary private key - domain1.com.key
    Backup private key - domain1.com-backup.key
    For HPKP - HTTP Public Key Pinning hash generation...
    
    extracting SPKI Base64 encoded hash for primary private key = domain1.com.key ...
    writing RSA key
    EKyVaT5VBWrvPBPm4Hs0PsqGe3XJp+UCTq1xqzU9Tvg=
    
    extracting SPKI Base64 encoded hash for backup private key = domain1.com-backup.key ...
    writing RSA key
    okhCF7A4Y7eso4LJQrPNpSE0jehIvbZEMtS285/FL4E=
    
    HTTP Public Key Pinning Header for Nginx
    
    for 7 days max-age including subdomains
    
    add_header Public-Key-Pins 'pin-sha256="EKyVaT5VBWrvPBPm4Hs0PsqGe3XJp+UCTq1xqzU9Tvg="; pin-sha256="okhCF7A4Y7eso4LJQrPNpSE0jehIvbZEMtS285/FL4E="; max-age=86400; includeSubDomains';
    
    for 7 days max-age excluding subdomains
    
    add_header Public-Key-Pins 'pin-sha256="EKyVaT5VBWrvPBPm4Hs0PsqGe3XJp+UCTq1xqzU9Tvg="; pin-sha256="okhCF7A4Y7eso4LJQrPNpSE0jehIvbZEMtS285/FL4E="; max-age=86400';
    
    ---------------------------------------------------------------
    Generating dhparam.pem file - can take a few minutes...
    Generating DH parameters, 2048 bit long safe prime, generator 2
    This is going to take a long time
    .....+....................................................++*++*
    dhparam file generation time: 36.144771710
    
    -------------------------------------------------------------
    /usr/local/src/centminmod/tools/autoprotect.sh
    generated nginx include file: /usr/local/nginx/conf/autoprotect/demodomain.com/autoprotect-demodomain.com.conf
    generated nginx include file: /usr/local/nginx/conf/autoprotect/domain1.com/autoprotect-domain1.com.conf
    
    autoprotect.sh run completed...
    
    Restarting nginx (via systemctl):  [  OK  ]
    Restarting nginx (via systemctl):  [  OK  ]
    systemctl restart pure-ftpd.service
    
    -------------------------------------------------------------
    FTP hostname : ip
    FTP port : 21
    FTP mode : FTP (explicit SSL)
    FTP Passive (PASV) : ensure is checked/enabled
    FTP username created for domain1.com : ftpuser01
    FTP password created for domain1.com : *****************
    -------------------------------------------------------------
    vhost for domain1.com created successfully
    
    
    vhost ssl for domain1.com created successfully
    
    domain: https://domain1.com
    vhost ssl conf file for domain1.com created: /usr/local/nginx/conf/conf.d/domain1.com.ssl.conf
    /usr/local/nginx/conf/ssl_include.conf created
    Self-signed SSL Certificate: /usr/local/nginx/conf/ssl/domain1.com/domain1.com.crt
    SSL Private Key: /usr/local/nginx/conf/ssl/domain1.com/domain1.com.key
    SSL CSR File: /usr/local/nginx/conf/ssl/domain1.com/domain1.com.csr
    Backup SSL Private Key: /usr/local/nginx/conf/ssl/domain1.com/domain1.com-backup.key
    Backup SSL CSR File: /usr/local/nginx/conf/ssl/domain1.com/domain1.com-backup.csr
    
    upload files to /home/nginx/domains/domain1.com/public
    vhost log files directory is /home/nginx/domains/domain1.com/log
    
    -------------------------------------------------------------
    Current vhost listing at: /usr/local/nginx/conf/conf.d/
    
    Jun 1   13:44   1.1K   demodomain.com.conf
    Jun 1   13:44   845    ssl.conf
    Jun 1   13:54   1.6K   virtual.conf
    Jun 17  06:46   3.8K   domain1.com.ssl.conf
    
    -------------------------------------------------------------
    Current vhost ssl files listing at: /usr/local/nginx/conf/ssl/domain1.com
    
    Jun 17  06:45   1.7K   domain1.com.key
    Jun 17  06:45   952    domain1.com.csr
    Jun 17  06:45   1.1K   domain1.com.crt
    Jun 17  06:45   1.7K   domain1.com-backup.key
    Jun 17  06:45   952    domain1.com-backup.csr
    Jun 17  06:45   45     hpkp-info-primary-pin.txt
    Jun 17  06:45   45     hpkp-info-secondary-pin.txt
    Jun 17  06:46   424    dhparam.pem
    
    -------------------------------------------------------------
    Commands to remove domain1.com
    
    pure-pw userdel ftpuser01
    rm -rf /usr/local/nginx/conf/conf.d/domain1.com.ssl.conf
    rm -rf /usr/local/nginx/conf/ssl/domain1.com/domain1.com.crt
    rm -rf /usr/local/nginx/conf/ssl/domain1.com/domain1.com.key
    rm -rf /usr/local/nginx/conf/ssl/domain1.com/domain1.com.csr
    rm -rf /usr/local/nginx/conf/ssl/domain1.com
    rm -rf /home/nginx/domains/domain1.com
    service nginx restart
    -------------------------------------------------------------
    

    302 HTTP to HTTPS redirect
    Code (Text):
    curl -Ik http://domain1.com
    HTTP/1.1 302 Moved Temporarily
    Date: Fri, 17 Jun 2016 06:50:50 GMT
    Content-Type: text/html
    Content-Length: 154
    Connection: keep-alive
    Location: https://domain1.com/
    Server: nginx centminmod
    X-Powered-By: centminmod

    only the ssl nginx is created when -s yd flag used
    Code (Text):
    ls -lAhrt /usr/local/nginx/conf/conf.d/
    total 16K
    -rw-r--r-- 1 root root 1.1K Jun  1 13:44 demodomain.com.conf
    -rw-r--r-- 1 root root  845 Jun  1 13:44 ssl.conf
    -rw-r--r-- 1 root root 1.6K Jun  1 13:54 virtual.conf
    -rw-r--r-- 1 root root 3.8K Jun 17 06:46 domain1.com.ssl.conf
    

    contents of /usr/local/nginx/conf/conf.d/domain1.com.ssl.conf
    Code (Text):
    # Centmin Mod Getting Started Guide
    # must read http://centminmod.com/getstarted.html
    # For HTTP/2 SSL Setup
    # read http://centminmod.com/nginx_configure_https_ssl_spdy.html
    
    # redirect from www to non-www  forced SSL
    # uncomment, save file and restart Nginx to enable
    # if unsure use return 302 before using return 301
    server {
    
      server_name domain1.com www.domain1.com;
      return 302 https://$server_name$request_uri;
    }
    
    server {
    
      listen 443 ssl http2;
      server_name domain1.com www.domain1.com;
    
      ssl_dhparam /usr/local/nginx/conf/ssl/domain1.com/dhparam.pem;
      ssl_certificate      /usr/local/nginx/conf/ssl/domain1.com/domain1.com.crt;
      ssl_certificate_key  /usr/local/nginx/conf/ssl/domain1.com/domain1.com.key;
      include /usr/local/nginx/conf/ssl_include.conf;
    
      http2_max_field_size 16k;
      http2_max_header_size 32k;
      # mozilla recommended
      ssl_ciphers EECDH+CHACHA20:EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA256:EECDH+ECDSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA+SHA384:EECDH+AES128:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!RC4:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA:!CAMELLIA;
      ssl_prefer_server_ciphers   on;
      #add_header Alternate-Protocol  443:npn-spdy/3;
      # HTTP Public Key Pinning Header uncomment only one that applies include or exclude domains.
      # You'd want to include subdomains if you're using SSL wildcard certificates
      # include subdomain
      #add_header Public-Key-Pins 'pin-sha256="EKyVaT5VBWrvPBPm4Hs0PsqGe3XJp+UCTq1xqzU9Tvg="; pin-sha256="okhCF7A4Y7eso4LJQrPNpSE0jehIvbZEMtS285/FL4E="; max-age=86400; includeSubDomains';
      # exclude subdomains
      #add_header Public-Key-Pins 'pin-sha256="EKyVaT5VBWrvPBPm4Hs0PsqGe3XJp+UCTq1xqzU9Tvg="; pin-sha256="okhCF7A4Y7eso4LJQrPNpSE0jehIvbZEMtS285/FL4E="; max-age=86400';
      #add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;";
      #add_header X-Frame-Options SAMEORIGIN;
      #add_header X-Xss-Protection "1; mode=block" always;
      #add_header X-Content-Type-Options "nosniff" always;
      #spdy_headers_comp 5;
      ssl_buffer_size 1369;
      ssl_session_tickets on;
    
      # enable ocsp stapling
      #resolver 8.8.8.8 8.8.4.4 valid=10m;
      #resolver_timeout 10s;
      #ssl_stapling on;
      #ssl_stapling_verify on;
      #ssl_trusted_certificate /usr/local/nginx/conf/ssl/domain1.com/domain1.com-trusted.crt;
    
    # ngx_pagespeed & ngx_pagespeed handler
    #include /usr/local/nginx/conf/pagespeed.conf;
    #include /usr/local/nginx/conf/pagespeedhandler.conf;
    #include /usr/local/nginx/conf/pagespeedstatslog.conf;
    
      # limit_conn limit_per_ip 16;
      # ssi  on;
    
      access_log /home/nginx/domains/domain1.com/log/access.log combined buffer=256k flush=60m;
      error_log /home/nginx/domains/domain1.com/log/error.log;
    
      include /usr/local/nginx/conf/autoprotect/domain1.com/autoprotect-domain1.com.conf;
      root /home/nginx/domains/domain1.com/public;
      # uncomment cloudflare.conf include if using cloudflare for
      # server and/or vhost site
      #include /usr/local/nginx/conf/cloudflare.conf;
      include /usr/local/nginx/conf/503include-main.conf;
    
      location / {
      include /usr/local/nginx/conf/503include-only.conf;
    
    # block common exploits, sql injections etc
    #include /usr/local/nginx/conf/block.conf;
    
      # Enables directory listings when index file not found
      #autoindex  on;
    
      # Shows file listing times as local time
      #autoindex_localtime on;
    
      # Enable for vBulletin usage WITHOUT vbSEO installed
      # More example Nginx vhost configurations at
      # http://centminmod.com/nginx_configure.html
      #try_files    $uri $uri/ /index.php;
    
      }
    
      include /usr/local/nginx/conf/staticfiles.conf;
      include /usr/local/nginx/conf/php.conf;
      include /usr/local/nginx/conf/drop.conf;
      #include /usr/local/nginx/conf/errorpage.conf;
      include /usr/local/nginx/conf/vts_server.conf;
    }

    forgot the outputted vhost login/info etc ? check your nginx_addvhost_nv.log logs in /root/centminlogs/ :)
    Code (Text):
    ls -lAhrt /root/centminlogs/
    total 3.5M
    -rw-r--r-- 1 root root  17K Jun  1 13:37 centminmod_1.2.3-eva2000.09.001_010616-233602_yuminstall_centos7.log
    -rw-r--r-- 1 root root  93K Jun  1 13:40 centminmod_yumtimes_010616-233602.log
    -rw-r--r-- 1 root root   38 Jun  1 13:40 centminmod_profiletimes_010616-233602.log
    -rw-r--r-- 1 root root 292K Jun  1 13:41 centminmod_downloadtimes_010616-233602.log
    -rw-r--r-- 1 root root  275 Jun  1 13:41 securedtmp.log
    -rw-r--r-- 1 root root   44 Jun  1 13:42 centminmod_libresslinstalltime_010616-233602.log
    -rw-r--r-- 1 root root  842 Jun  1 13:43 gcc_native.log
    -rw-r--r-- 1 root root 595K Jun  1 13:44 centminmod_ngxinstalltime_010616-233602.log
    -rw-r--r-- 1 root root 9.2K Jun  1 13:48 setio_innodbstatus-before-010616-134811.log
    -rw-r--r-- 1 root root  751 Jun  1 13:48 centminmod_setio_010616-134811.log
    -rw-r--r-- 1 root root 9.2K Jun  1 13:48 setio_innodbstatus-after-010616-134811.log
    -rw-r--r-- 1 root root  910 Jun  1 13:49 gcc_php_native.log
    -rw-r--r-- 1 root root   58 Jun  1 13:54 centminmod_phpinstalltime_010616-233602.log
    -rw-r--r-- 1 root root  387 Jun  1 13:54 zendopcache_passfile.txt
    -rw-r--r-- 1 root root 8.9K Jun  1 13:57 centminmod_1.2.3-eva2000.09.001_010616-233602_yum-log.log
    -rw-r--r-- 1 root root  125 Jun  1 13:57 install.utc.time.log
    -rw-r--r-- 1 root root 2.4M Jun  1 13:57 centminmod_1.2.3-eva2000.09.001_010616-233602_install.log
    -rw-r--r-- 1 root root   47 Jun  1 13:57 firstyum_installtime_010616-233544.log
    -rw-r--r-- 1 root root  15K Jun 17 06:27 centminmod_170616-062557_nginx_addvhost_nv.log
    -rw-r--r-- 1 root root  11K Jun 17 06:36 centminmod_170616-063512_nginx_addvhost_nv.log
    -rw-r--r-- 1 root root  525 Jun 17 06:44 centminmod_170616-064456_nginx_addvhost_nv.log
    -rw-r--r-- 1 root root  11K Jun 17 06:46 centminmod_170616-064517_nginx_addvhost_nv.log
     
    Last edited: Jun 17, 2016
    • Like Like x 1