Skip to content
Snippets Groups Projects
Commit 462bd962 authored by Bob Mottram's avatar Bob Mottram
Browse files

Include web configuration in deploy script

parent e753d82f
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Showing
with 189 additions and 0 deletions
website/deploy.sh
+ 189
0
View file @ 462bd962
......@@ -3,6 +3,193 @@
lang=$1
dest_dir=$2
site_domain=freedombone.net
site_onion_port=8149
{ echo 'server {';
echo ' listen 80;';
echo ' listen [::]:80;';
echo " server_name ${site_domain};";
echo " root /var/www/${site_domain}/htdocs;";
echo ' access_log /dev/null;';
echo ' error_log /dev/null;';
echo ' client_max_body_size 20m;';
echo ' client_body_buffer_size 128k;';
echo '';
echo ' limit_conn conn_limit_per_ip 10;';
echo ' limit_req zone=req_limit_per_ip burst=10 nodelay;';
echo '';
echo ' index index.php;';
echo " rewrite ^ https://\$server_name\$request_uri? permanent;";
echo '}';
echo '';
echo 'server {';
echo ' listen 443 ssl;';
echo " server_name ${site_domain};";
echo '';
echo ' gzip on;';
echo ' gzip_min_length 1000;';
echo ' gzip_proxied expired no-cache no-store private auth;';
echo ' gzip_types text/plain application/xml;';
echo '';
echo ' ssl_stapling off;';
echo ' ssl_stapling_verify off;';
echo ' ssl on;';
echo " ssl_certificate /etc/letsencrypt/live/${site_domain}/fullchain.pem;";
echo " ssl_certificate_key /etc/letsencrypt/live/${site_domain}/privkey.pem;";
echo " ssl_dhparam /etc/ssl/certs/${site_domain}.dhparam;";
echo '';
echo ' ssl_session_cache builtin:1000 shared:SSL:10m;'
echo ' ssl_session_timeout 60m;';
echo ' ssl_prefer_server_ciphers on;';
echo ' ssl_protocols TLSv1 TLSv1.1 TLSv1.2;';
echo " ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS';";
echo " add_header Content-Security-Policy \"default-src https:; script-src https: 'unsafe-inline'; style-src https: 'unsafe-inline'\";";
echo ' add_header X-XSS-Protection "1; mode=block";';
echo ' add_header X-Robots-Tag none;';
echo ' add_header X-Download-Options noopen;';
echo ' add_header X-Permitted-Cross-Domain-Policies none;';
echo ' add_header X-Frame-Options DENY;';
echo ' add_header X-Content-Type-Options nosniff;';
echo '';
echo ' add_header Strict-Transport-Security max-age=15768000;';
echo '';
echo ' access_log /dev/null;';
echo ' error_log /dev/null;';
echo '';
echo " root /var/www/${site_domain}/htdocs;";
echo '';
echo ' index index.html;';
echo '';
echo ' location / {';
echo ' client_max_body_size 15m;';
echo ' client_body_buffer_size 1m;';
echo '';
echo ' limit_conn conn_limit_per_ip 10;';
echo ' limit_req zone=req_limit_per_ip burst=10 nodelay;';
echo ' }';
echo '';
echo ' location /downloads {';
echo ' client_max_body_size 2G;';
echo ' client_body_buffer_size 128k;';
echo '';
echo ' limit_conn conn_limit_per_ip 10;';
echo ' limit_req zone=req_limit_per_ip burst=10 nodelay;';
echo ' autoindex on;';
echo ' }';
echo '';
echo ' location ^~ /.well-known/ {';
echo ' allow all;';
echo ' }';
echo '}';
echo '';
echo 'server {';
echo " listen 127.0.0.1:${site_onion_port} default_server;";
echo " server_name ${site_domain};";
echo '';
echo ' add_header X-Frame-Options DENY;';
echo ' add_header X-Content-Type-Options nosniff;';
echo '';
echo ' access_log /dev/null;';
echo ' error_log /dev/null;';
echo '';
echo " root /var/www/${site_domain}/htdocs;";
echo '';
echo ' index index.html;';
echo '';
echo ' location / {';
echo ' #proxy_pass http://127.0.0.1:8099;';
echo ' client_max_body_size 15m;';
echo ' client_body_buffer_size 1m;';
echo '';
echo ' limit_conn conn_limit_per_ip 10;';
echo ' limit_req zone=req_limit_per_ip burst=10 nodelay;';
echo ' }';
echo '';
echo ' location ^~ /downloads/ {';
echo ' client_max_body_size 1m;';
echo ' client_body_buffer_size 128k;';
echo '';
echo ' limit_conn conn_limit_per_ip 10;';
echo ' limit_req zone=req_limit_per_ip burst=10 nodelay;';
echo ' autoindex on;';
echo ' }';
echo '';
echo ' location ^~ /.well-known/ {';
echo ' allow all;';
echo ' }';
echo '}';
echo '';
echo '# TURN Server';
echo 'server {';
echo ' listen 3407 ssl;';
echo ' listen [::]:3407 ssl;';
echo " server_name ${site_domain};";
echo '';
echo ' ssl_stapling off;';
echo ' ssl_stapling_verify off;';
echo ' ssl on;';
echo " ssl_certificate /etc/letsencrypt/live/${site_domain}/fullchain.pem;";
echo " ssl_certificate_key /etc/letsencrypt/live/${site_domain}/privkey.pem;";
echo " ssl_dhparam /etc/ssl/certs/${site_domain}.dhparam;";
echo '';
echo ' ssl_session_cache builtin:1000 shared:SSL:10m;';
echo ' ssl_session_timeout 60m;';
echo ' ssl_prefer_server_ciphers on;';
echo ' ssl_protocols TLSv1 TLSv1.1 TLSv1.2;';
echo " ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS';";
echo " add_header Content-Security-Policy \"default-src https:; script-src https: 'unsafe-inline'; style-src https: 'unsafe-inline'\";";
echo ' add_header X-XSS-Protection "1; mode=block";';
echo ' add_header X-Robots-Tag none;';
echo ' add_header X-Download-Options noopen;';
echo ' add_header X-Permitted-Cross-Domain-Policies none;';
echo ' add_header X-Frame-Options DENY;';
echo ' add_header X-Content-Type-Options nosniff;';
echo '';
echo ' add_header Strict-Transport-Security max-age=15768000;';
echo '';
echo ' access_log /dev/null;';
echo ' error_log /dev/null;';
echo '';
echo ' index index.html;';
echo '';
echo ' location / {';
echo ' client_max_body_size 15m;';
echo ' client_body_buffer_size 128k;';
echo '';
echo ' limit_conn conn_limit_per_ip 10;';
echo ' limit_req zone=req_limit_per_ip burst=10 nodelay;';
echo '';
echo ' proxy_pass http://localhost:3478;';
echo " proxy_set_header X-Forwarded-For \$remote_addr;";
echo ' }';
echo '}';
echo '';
echo 'server {';
echo ' listen 127.0.0.1:8110 default_server;';
echo " server_name ${site_domain};";
echo '';
echo ' add_header X-Frame-Options DENY;';
echo ' add_header X-Content-Type-Options nosniff;';
echo '';
echo ' access_log /dev/null;';
echo ' error_log /dev/null;';
echo '';
echo ' location / {';
echo ' client_max_body_size 15m;';
echo ' client_body_buffer_size 128k;';
echo '';
echo ' limit_conn conn_limit_per_ip 10;';
echo ' limit_req zone=req_limit_per_ip burst=10 nodelay;';
echo '';
echo ' proxy_pass http://localhost:3478;';
echo " proxy_set_header X-Forwarded-For \$remote_addr;";
echo ' }';
echo '}';
echo '# End of TURN Server'; } > /etc/nginx/sites-available/${site_domain}
nginx_ensite ${site_domain}
if [ ! "$lang" ]; then
lang='EN'
fi
......@@ -28,4 +215,6 @@ fi
cp "$lang/images.txt" "$dest_dir/downloads"
chown -R www-data:www-data "$dest_dir"
systemctl restart nginx
echo "Website deployed to $dest_dir"
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment