-
Notifications
You must be signed in to change notification settings - Fork 1
/
hook
executable file
·83 lines (69 loc) · 3.08 KB
/
hook
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
#!/bin/bash
NGINX_CONF_DIR="/etc/nginx"
NGINX_PORT=80
NGINX_SSL_PORT=443
# First, create the required dirs to store the config files if not exist
mkdir -p ${NGINX_CONF_DIR}/sites-available
mkdir -p ${NGINX_CONF_DIR}/sites-enabled
#
# Create the nginx conf entry upon creating or modifying a domain
#
if [ "$VIRTUALSERVER_ACTION" = "CREATE_DOMAIN" ] || [ "$VIRTUALSERVER_ACTION" = "MODIFY_DOMAIN" ]; then
cd ${NGINX_CONF_DIR}/sites-available/
# Create the Nginx config directives into a sites-available entry
echo "server {
listen ${NGINX_PORT};
server_name ${VIRTUALSERVER_DOM};
location ~* ^.+\.(jpg|js|jpeg|png|ico|bmp|webp|svg|gif|txt|js|css|swf|zip|rar|avi|exe|mpg|mp3|wav|mpeg|asf|wmv|flv|ttf|otf|eot|woff)$ {
root ${VIRTUALSERVER_PUBLIC_HTML_PATH};
expires max;
access_log off;
add_header Cache-Control \"public\";
}
location / {
proxy_pass http://${VIRTUALSERVER_IP}:${VIRTUALSERVER_WEB_PORT};
}
}" > ${VIRTUALSERVER_DOM}.conf
# If SSL in enabled, add the SSL directive too
if [ $VIRTUALSERVER_SSL -eq 1 ]; then
echo "
server {
listen ${NGINX_SSL_PORT} ssl;
server_name ${VIRTUALSERVER_DOM};
ssl on;
# Replace the following variable with VIRTUALSERVER_SSL_CERT if needed
ssl_certificate ${VIRTUALSERVER_SSL_CHAIN};
ssl_certificate_key ${VIRTUALSERVER_SSL_KEY};
# The following block should be moved into the default http{} directive (nginx.conf) instead
# --- start SSL fine-tuned block --- #
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
ssl_prefer_server_ciphers on;
ssl_ciphers \"ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4\"
# --- end SSL fine-tuned block --- #
location ~* ^.+\.(jpg|js|jpeg|png|ico|bmp|webp|svg|gif|txt|js|css|swf|zip|rar|avi|exe|mpg|mp3|wav|mpeg|asf|wmv|flv|ttf|otf|eot|woff)$ {
root ${VIRTUALSERVER_PUBLIC_HTML_PATH};
expires max;
access_log off;
add_header Cache-Control \"public\";
}
location / {
proxy_pass https://${VIRTUALSERVER_IP}:${VIRTUALSERVER_WEB_SSLPORT};
}
}" >> ${VIRTUALSERVER_DOM}.conf
fi
# Create a symlink if this is a new entry
if [ "$VIRTUALSERVER_ACTION" = "CREATE_DOMAIN" ]; then
ln -s ${NGINX_CONF_DIR}/sites-available/${VIRTUALSERVER_DOM}.conf ${NGINX_CONF_DIR}/sites-enabled/${VIRTUALSERVER_DOM}.conf
fi
fi
#
# Delete the config file and the symlink if the entry is being deleted
#
if [ "$VIRTUALSERVER_ACTION" = "DELETE_DOMAIN" ]; then
rm -f ${NGINX_CONF_DIR}/sites-enabled/${VIRTUALSERVER_DOM}.conf ${NGINX_CONF_DIR}/sites-available/${VIRTUALSERVER_DOM}.conf
fi
# Reload nginx
# /etc/init.d/nginx reload
service nginx reload