Skip to content
Snippets Groups Projects
Normal view Permalink
deploy.sh 8.53 KiB
Newer Older
Bob Mottram's avatar
Website deployment script
Bob Mottram committed
1 2 3 4 5 
#!/bin/bash

lang=$1
dest_dir=$2
Bob Mottram's avatar
Include web configuration in deploy script  
Bob Mottram committed
6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 
site_domain=freedombone.net
site_onion_port=8149

{ echo 'server {';
  echo '    listen 80;';
  echo '    listen [::]:80;';
  echo "    server_name ${site_domain};";
  echo "    root /var/www/${site_domain}/htdocs;";
  echo '    access_log /dev/null;';
  echo '    error_log /dev/null;';
  echo '    client_max_body_size 20m;';
  echo '    client_body_buffer_size 128k;';
  echo '';
  echo '    limit_conn conn_limit_per_ip 10;';
  echo '    limit_req zone=req_limit_per_ip burst=10 nodelay;';
  echo '';
  echo '    index index.php;';
  echo "    rewrite ^ https://\$server_name\$request_uri? permanent;";
  echo '}';
  echo '';
  echo 'server {';
  echo '  listen 443 ssl;';
  echo "  server_name ${site_domain};";
  echo '';
  echo '    gzip            on;';
  echo '    gzip_min_length 1000;';
  echo '    gzip_proxied    expired no-cache no-store private auth;';
  echo '    gzip_types      text/plain application/xml;';
  echo '';
  echo '    ssl_stapling off;';
  echo '    ssl_stapling_verify off;';
  echo '    ssl on;';
  echo "    ssl_certificate /etc/letsencrypt/live/${site_domain}/fullchain.pem;";
  echo "    ssl_certificate_key /etc/letsencrypt/live/${site_domain}/privkey.pem;";
  echo "    ssl_dhparam /etc/ssl/certs/${site_domain}.dhparam;";
  echo '';
  echo '    ssl_session_cache  builtin:1000  shared:SSL:10m;'
  echo '    ssl_session_timeout 60m;';
  echo '    ssl_prefer_server_ciphers on;';
  echo '    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;';
  echo "    ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS';";
  echo "    add_header Content-Security-Policy \"default-src https:; script-src https: 'unsafe-inline'; style-src https: 'unsafe-inline'\";";
  echo '    add_header X-XSS-Protection "1; mode=block";';
  echo '    add_header X-Robots-Tag none;';
  echo '    add_header X-Download-Options noopen;';
  echo '    add_header X-Permitted-Cross-Domain-Policies none;';
  echo '    add_header X-Frame-Options DENY;';
  echo '    add_header X-Content-Type-Options nosniff;';
  echo '';
  echo '  add_header Strict-Transport-Security max-age=15768000;';
  echo '';
  echo '  access_log /dev/null;';
  echo '  error_log /dev/null;';
  echo '';
  echo "  root /var/www/${site_domain}/htdocs;";
  echo '';
  echo '  index index.html;';
  echo '';
  echo '  location / {';
  echo '      client_max_body_size 15m;';
  echo '          client_body_buffer_size 1m;';
  echo '';
  echo '      limit_conn conn_limit_per_ip 10;';
  echo '          limit_req zone=req_limit_per_ip burst=10 nodelay;';
  echo '  }';
  echo '';
  echo '  location /downloads {';
  echo '      client_max_body_size 2G;';
  echo '      client_body_buffer_size 128k;';
  echo '';
  echo '      limit_conn conn_limit_per_ip 10;';
  echo '      limit_req zone=req_limit_per_ip burst=10 nodelay;';
  echo '      autoindex on;';
  echo '  }';
  echo '';
  echo '  location ^~ /.well-known/ {';
  echo '      allow all;';
  echo '  }';
  echo '}';
  echo '';
  echo 'server {';
  echo "    listen 127.0.0.1:${site_onion_port} default_server;";
  echo "    server_name ${site_domain};";
  echo '';
  echo '    add_header X-Frame-Options DENY;';
  echo '    add_header X-Content-Type-Options nosniff;';
  echo '';
  echo '    access_log /dev/null;';
  echo '    error_log /dev/null;';
  echo '';
  echo "    root /var/www/${site_domain}/htdocs;";
  echo '';
  echo '    index index.html;';
  echo '';
  echo '    location / {';
  echo '        #proxy_pass http://127.0.0.1:8099;';
  echo '            client_max_body_size 15m;';
  echo '            client_body_buffer_size 1m;';
  echo '';
  echo '        limit_conn conn_limit_per_ip 10;';
  echo '            limit_req zone=req_limit_per_ip burst=10 nodelay;';
  echo '        }';
  echo '';
  echo '    location ^~ /downloads/ {';
  echo '      client_max_body_size 1m;';
  echo '      client_body_buffer_size 128k;';
  echo '';
  echo '      limit_conn conn_limit_per_ip 10;';
  echo '      limit_req zone=req_limit_per_ip burst=10 nodelay;';
  echo '      autoindex on;';
  echo '        }';
  echo '';
  echo '        location ^~ /.well-known/ {';
  echo '            allow all;';
  echo '        }';
  echo '}';
  echo '';
  echo '# TURN Server';
  echo 'server {';
  echo '  listen 3407 ssl;';
  echo '  listen [::]:3407 ssl;';
  echo "  server_name ${site_domain};";
  echo '';
  echo '    ssl_stapling off;';
  echo '    ssl_stapling_verify off;';
  echo '    ssl on;';
  echo "    ssl_certificate /etc/letsencrypt/live/${site_domain}/fullchain.pem;";
  echo "    ssl_certificate_key /etc/letsencrypt/live/${site_domain}/privkey.pem;";
  echo "    ssl_dhparam /etc/ssl/certs/${site_domain}.dhparam;";
  echo '';
  echo '    ssl_session_cache  builtin:1000  shared:SSL:10m;';
  echo '    ssl_session_timeout 60m;';
  echo '    ssl_prefer_server_ciphers on;';
  echo '    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;';
  echo "    ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS';";
  echo "    add_header Content-Security-Policy \"default-src https:; script-src https: 'unsafe-inline'; style-src https: 'unsafe-inline'\";";
  echo '    add_header X-XSS-Protection "1; mode=block";';
  echo '    add_header X-Robots-Tag none;';
  echo '    add_header X-Download-Options noopen;';
  echo '    add_header X-Permitted-Cross-Domain-Policies none;';
  echo '    add_header X-Frame-Options DENY;';
  echo '    add_header X-Content-Type-Options nosniff;';
  echo '';
  echo '  add_header Strict-Transport-Security max-age=15768000;';
  echo '';
  echo '  access_log /dev/null;';
  echo '  error_log /dev/null;';
  echo '';
  echo '  index index.html;';
  echo '';
  echo '  location / {';
  echo '      client_max_body_size 15m;';
  echo '      client_body_buffer_size 128k;';
  echo '';
  echo '      limit_conn conn_limit_per_ip 10;';
  echo '      limit_req zone=req_limit_per_ip burst=10 nodelay;';
  echo '';
  echo '      proxy_pass http://localhost:3478;';
  echo "      proxy_set_header X-Forwarded-For \$remote_addr;";
  echo '  }';
  echo '}';
  echo '';
  echo 'server {';
  echo '    listen 127.0.0.1:8110 default_server;';
  echo "    server_name ${site_domain};";
  echo '';
  echo '    add_header X-Frame-Options DENY;';
  echo '    add_header X-Content-Type-Options nosniff;';
  echo '';
  echo '    access_log /dev/null;';
  echo '    error_log /dev/null;';
  echo '';
  echo '    location / {';
  echo '        client_max_body_size 15m;';
  echo '        client_body_buffer_size 128k;';
  echo '';
  echo '        limit_conn conn_limit_per_ip 10;';
  echo '        limit_req zone=req_limit_per_ip burst=10 nodelay;';
  echo '';
  echo '        proxy_pass http://localhost:3478;';
  echo "        proxy_set_header X-Forwarded-For \$remote_addr;";
  echo '    }';
  echo '}';
  echo '# End of TURN Server'; } > /etc/nginx/sites-available/${site_domain}

nginx_ensite ${site_domain}
Bob Mottram's avatar
tidying of deploy script  
Bob Mottram committed
193 
if [ ! "$lang" ]; then
Bob Mottram's avatar
No exit  
Bob Mottram committed
194 
    lang='EN'
Bob Mottram's avatar
Website deployment script
Bob Mottram committed
195 
fi
Bob Mottram's avatar
tidying of deploy script  
Bob Mottram committed
196 
if [ ! "$2" ]; then
Bob Mottram's avatar
No exit  
Bob Mottram committed
197 198 
    echo 'Specify language and destination directory'
    exit 1
Bob Mottram's avatar
Website deployment script
Bob Mottram committed
199 200 
fi
Bob Mottram's avatar
tidying of deploy script  
Bob Mottram committed
201 202 
if [ ! -d "$dest_dir" ]; then
    mkdir -p "$dest_dir"
Bob Mottram's avatar
Website deployment script
Bob Mottram committed
203 
fi
Bob Mottram's avatar
tidying of deploy script  
Bob Mottram committed
204 205 
if [ ! -d "$dest_dir/images" ]; then
    mkdir "$dest_dir/images"
Bob Mottram's avatar
Website deployment script
Bob Mottram committed
206 207 
fi
Bob Mottram's avatar
tidying of deploy script  
Bob Mottram committed
208 209 210 211 212 213 
cp -r "$lang"/* "$dest_dir"
cp *.css "$dest_dir"
cp -r ../img/* "$dest_dir/images"
cp -r ../webadmin/EN/help_*.html "$dest_dir"
if [ ! -d "$dest_dir/downloads" ]; then
    mkdir "$dest_dir/downloads"
Bob Mottram's avatar
Copy dat links file into downloads directory  
Bob Mottram committed
214 
fi
Bob Mottram's avatar
tidying of deploy script  
Bob Mottram committed
215 216 
cp "$lang/images.txt" "$dest_dir/downloads"
chown -R www-data:www-data "$dest_dir"
Bob Mottram's avatar
Website deployment script
Bob Mottram committed
217
Bob Mottram's avatar
Include web configuration in deploy script  
Bob Mottram committed
218 219 
systemctl restart nginx
Bob Mottram's avatar
Website deployment script
Bob Mottram committed
220 
echo "Website deployed to $dest_dir"