From 04064208fa113e871d952148df5f24bc7a672de2 Mon Sep 17 00:00:00 2001 From: Edi Septriyanto Date: Sun, 7 May 2023 09:09:40 +0700 Subject: [PATCH] Update Nginx default config --- etc/nginx/sites-available/default | 37 ++- etc/nginx/sites-available/default-ssl | 317 ++++++++++++++++++++++++++ lib/lemper-manage.sh | 14 +- scripts/install_nginx.sh | 134 +++++++---- 4 files changed, 435 insertions(+), 67 deletions(-) create mode 100644 etc/nginx/sites-available/default-ssl diff --git a/etc/nginx/sites-available/default b/etc/nginx/sites-available/default index e48fdcb..ae73cb9 100644 --- a/etc/nginx/sites-available/default +++ b/etc/nginx/sites-available/default @@ -37,10 +37,8 @@ server { # PHP-FPM status monitoring. location ~ ^/php-fpm_(status|ping)$ { include /etc/nginx/fastcgi_params; - - fastcgi_pass unix:/run/php/php8.0-fpm.sock; + fastcgi_pass unix:/run/php/php8.1-fpm.sock; fastcgi_param SCRIPT_FILENAME $fastcgi_script_name; - allow all; auth_basic "Denied"; auth_basic_user_file /srv/.htpasswd; @@ -48,7 +46,18 @@ server { log_not_found off; } - location ~ \.php81$ { + location ~ \.php82$ { + try_files $uri =404; + fastcgi_split_path_info ^(.+\.php)(/.+)$; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + include /etc/nginx/includes/fastcgi.conf; + # Uncomment to Enable PHP FastCGI cache. + #include /etc/nginx/includes/fastcgi_cache.conf; + fastcgi_pass unix:/run/php/php8.2-fpm.sock; + } + + location ~ \.(php|php81)$ { try_files $uri =404; fastcgi_split_path_info ^(.+\.php)(/.+)$; fastcgi_index index.php; @@ -59,7 +68,7 @@ server { fastcgi_pass unix:/run/php/php8.1-fpm.sock; } - location ~ \.(php|php80)$ { + location ~ \.php80$ { try_files $uri =404; fastcgi_split_path_info ^(.+\.php)(/.+)$; fastcgi_index index.php; @@ -174,11 +183,21 @@ server { # Uncomment to Enable PHP FastCGI cache. #include /etc/nginx/includes/fastcgi_cache.conf; - fastcgi_pass unix:/run/php/php8.0-fpm.sock; + fastcgi_pass unix:/run/php/php8.1-fpm.sock; } } - location ~ \.php81$ { + location ~ \.php82$ { + try_files $uri =404; + fastcgi_split_path_info ^(.+\.php)(/.+)$; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + include /etc/nginx/includes/fastcgi.conf; + #include /etc/nginx/includes/fastcgi_cache.conf; + fastcgi_pass unix:/run/php/php8.2-fpm.sock; + } + + location ~ \.(php|php81)$ { try_files $uri =404; fastcgi_split_path_info ^(.+\.php)(/.+)$; fastcgi_index index.php; @@ -188,7 +207,7 @@ server { fastcgi_pass unix:/run/php/php8.1-fpm.sock; } - location ~ \.(php|php80)$ { + location ~ \.php80$ { try_files $uri =404; fastcgi_split_path_info ^(.+\.php)(/.+)$; fastcgi_index index.php; @@ -261,5 +280,3 @@ server { #include /etc/nginx/includes/error_pages.conf; #include /etc/nginx/includes/fcgiwrap.conf; } - -## SSL redirection here. diff --git a/etc/nginx/sites-available/default-ssl b/etc/nginx/sites-available/default-ssl new file mode 100644 index 0000000..83cdbef --- /dev/null +++ b/etc/nginx/sites-available/default-ssl @@ -0,0 +1,317 @@ +# Generated by LEMPer.sh + +server { + listen 443 ssl http2 default_server; + listen [::]:443 ssl http2 default_server; + + server_name localhost.localdomain; + + ## SSL configuration. + ssl_certificate HOSTNAME_CERT_PATH/fullchain.pem; + ssl_certificate_key HOSTNAME_CERT_PATH/privkey.pem; + ssl_trusted_certificate HOSTNAME_CERT_PATH/fullchain.pem; + include /etc/nginx/includes/ssl.conf; + + access_log /var/log/nginx/localhost.access.log combined buffer=32k; + error_log /var/log/nginx/localhost.error.log error; + + root /usr/share/nginx/html; + index index.php index.html index.htm; + + include /etc/nginx/includes/rules_security.conf; + include /etc/nginx/includes/rules_staticfiles.conf; + include /etc/nginx/includes/rules_restriction.conf; + #include /etc/nginx/includes/rules_fastcgi_cache.conf; + + include /etc/nginx/vhost/site_default.conf; + + # Nginx basic status monitoring. + location = /nginx_status { + stub_status; + allow all; + auth_basic "Denied"; + auth_basic_user_file /srv/.htpasswd; + access_log off; + log_not_found off; + } + + # PHP-FPM status monitoring. + location ~ ^/php-fpm_(status|ping)$ { + include /etc/nginx/fastcgi_params; + fastcgi_pass unix:/run/php/php8.1-fpm.sock; + fastcgi_param SCRIPT_FILENAME $fastcgi_script_name; + allow all; + auth_basic "Denied"; + auth_basic_user_file /srv/.htpasswd; + access_log off; + log_not_found off; + } + + location ~ \.php82$ { + try_files $uri =404; + fastcgi_split_path_info ^(.+\.php)(/.+)$; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + include /etc/nginx/includes/fastcgi.conf; + # Uncomment to Enable PHP FastCGI cache. + #include /etc/nginx/includes/fastcgi_cache.conf; + fastcgi_pass unix:/run/php/php8.2-fpm.sock; + } + + location ~ \.(php|php81)$ { + try_files $uri =404; + fastcgi_split_path_info ^(.+\.php)(/.+)$; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + include /etc/nginx/includes/fastcgi.conf; + # Uncomment to Enable PHP FastCGI cache. + #include /etc/nginx/includes/fastcgi_cache.conf; + fastcgi_pass unix:/run/php/php8.1-fpm.sock; + } + + location ~ \.php80$ { + try_files $uri =404; + fastcgi_split_path_info ^(.+\.php)(/.+)$; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + include /etc/nginx/includes/fastcgi.conf; + #include /etc/nginx/includes/fastcgi_cache.conf; + fastcgi_pass unix:/run/php/php8.0-fpm.sock; + } + + location ~ \.php74$ { + try_files $uri =404; + fastcgi_split_path_info ^(.+\.php)(/.+)$; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + include /etc/nginx/includes/fastcgi.conf; + # Uncomment to Enable PHP FastCGI cache. + #include /etc/nginx/includes/fastcgi_cache.conf; + fastcgi_pass unix:/run/php/php7.4-fpm.sock; + } + + location ~ \.php73$ { + try_files $uri =404; + fastcgi_split_path_info ^(.+\.php)(/.+)$; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + include /etc/nginx/includes/fastcgi.conf; + #include /etc/nginx/includes/fastcgi_cache.conf; + fastcgi_pass unix:/run/php/php7.3-fpm.sock; + } + + location ~ \.php72$ { + try_files $uri =404; + fastcgi_split_path_info ^(.+\.php)(/.+)$; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + include /etc/nginx/includes/fastcgi.conf; + #include /etc/nginx/includes/fastcgi_cache.conf; + fastcgi_pass unix:/run/php/php7.2-fpm.sock; + } + + location ~ \.php71$ { + try_files $uri =404; + fastcgi_split_path_info ^(.+\.php)(/.+)$; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + include /etc/nginx/includes/fastcgi.conf; + #include /etc/nginx/includes/fastcgi_cache.conf; + fastcgi_pass unix:/run/php/php7.1-fpm.sock; + } + + location ~ \.php70$ { + try_files $uri =404; + fastcgi_split_path_info ^(.+\.php)(/.+)$; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + include /etc/nginx/includes/fastcgi.conf; + #include /etc/nginx/includes/fastcgi_cache.conf; + fastcgi_pass unix:/run/php/php7.0-fpm.sock; + } + + location ~ \.php56$ { + try_files $uri =404; + fastcgi_split_path_info ^(.+\.php)(/.+)$; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + include /etc/nginx/includes/fastcgi.conf; + #include /etc/nginx/includes/fastcgi_cache.conf; + fastcgi_pass unix:/run/php/php5.6-fpm.sock; + } + + #include /etc/nginx/includes/error_pages.conf; + #include /etc/nginx/includes/fcgiwrap.conf; +} + +## LEMPer Web-based Administration +server { + listen 8083 ssl http2; + listen [::]:8083 ssl http2; + + server_name localhost.localdomain; + + ## SSL configuration. + ssl_certificate HOSTNAME_CERT_PATH/fullchain.pem; + ssl_certificate_key HOSTNAME_CERT_PATH/privkey.pem; + ssl_trusted_certificate HOSTNAME_CERT_PATH/fullchain.pem; + include /etc/nginx/includes/ssl.conf; + + root /usr/share/nginx/html; + index index.php index.html index.htm; + + # Log Settings. + access_log /var/log/nginx/localhost.access.log combined buffer=32k; + error_log /var/log/nginx/localhost.error.log error; + + location /lcp { + try_files $uri $uri/ /index.php?$args; + + # Uncomment to enable naxsi on this location + #include /etc/nginx/naxsi.rules; + + # Uncomment to enable auto index + #autoindex on; + + # Set basic auth. + allow all; + auth_basic "Denied"; + auth_basic_user_file /srv/.htpasswd; + + location ~ \.php$ { + try_files $uri =404; + + fastcgi_split_path_info ^(.+\.php)(/.+)$; + fastcgi_index index.php; + + include /etc/nginx/fastcgi_params; + include /etc/nginx/includes/fastcgi.conf; + + # Uncomment to Enable PHP FastCGI cache. + #include /etc/nginx/includes/fastcgi_cache.conf; + + fastcgi_pass unix:/run/php/php8.1-fpm.sock; + } + } + + location ~ \.php82$ { + try_files $uri =404; + fastcgi_split_path_info ^(.+\.php)(/.+)$; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + include /etc/nginx/includes/fastcgi.conf; + #include /etc/nginx/includes/fastcgi_cache.conf; + fastcgi_pass unix:/run/php/php8.2-fpm.sock; + } + + location ~ \.(php|php81)$ { + try_files $uri =404; + fastcgi_split_path_info ^(.+\.php)(/.+)$; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + include /etc/nginx/includes/fastcgi.conf; + #include /etc/nginx/includes/fastcgi_cache.conf; + fastcgi_pass unix:/run/php/php8.1-fpm.sock; + } + + location ~ \.php80$ { + try_files $uri =404; + fastcgi_split_path_info ^(.+\.php)(/.+)$; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + include /etc/nginx/includes/fastcgi.conf; + #include /etc/nginx/includes/fastcgi_cache.conf; + fastcgi_pass unix:/run/php/php8.0-fpm.sock; + } + + location ~ \.php74$ { + try_files $uri =404; + fastcgi_split_path_info ^(.+\.php)(/.+)$; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + include /etc/nginx/includes/fastcgi.conf; + #include /etc/nginx/includes/fastcgi_cache.conf; + fastcgi_pass unix:/run/php/php7.4-fpm.sock; + } + + location ~ \.php73$ { + try_files $uri =404; + fastcgi_split_path_info ^(.+\.php)(/.+)$; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + include /etc/nginx/includes/fastcgi.conf; + #include /etc/nginx/includes/fastcgi_cache.conf; + fastcgi_pass unix:/run/php/php7.3-fpm.sock; + } + + location ~ \.php72$ { + try_files $uri =404; + fastcgi_split_path_info ^(.+\.php)(/.+)$; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + include /etc/nginx/includes/fastcgi.conf; + #include /etc/nginx/includes/fastcgi_cache.conf; + fastcgi_pass unix:/run/php/php7.2-fpm.sock; + } + + location ~ \.php71$ { + try_files $uri =404; + fastcgi_split_path_info ^(.+\.php)(/.+)$; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + include /etc/nginx/includes/fastcgi.conf; + #include /etc/nginx/includes/fastcgi_cache.conf; + fastcgi_pass unix:/run/php/php7.1-fpm.sock; + } + + location ~ \.php70$ { + try_files $uri =404; + fastcgi_split_path_info ^(.+\.php)(/.+)$; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + include /etc/nginx/includes/fastcgi.conf; + #include /etc/nginx/includes/fastcgi_cache.conf; + fastcgi_pass unix:/run/php/php7.0-fpm.sock; + } + + location ~ \.php56$ { + try_files $uri =404; + fastcgi_split_path_info ^(.+\.php)(/.+)$; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + include /etc/nginx/includes/fastcgi.conf; + #include /etc/nginx/includes/fastcgi_cache.conf; + fastcgi_pass unix:/run/php/php5.6-fpm.sock; + } + + #include /etc/nginx/includes/error_pages.conf; + #include /etc/nginx/includes/fcgiwrap.conf; +} + + +## HTTP to HTTPS redirection. +server { + listen 80; + listen [::]:80; + + ## Make site accessible from world wide. + server_name localhost.localdomain; + + ## Automatically redirect site to HTTPS protocol. + location / { + return 301 https://$server_name:443$request_uri; + } +} + +server { + listen 8082; + listen [::]:8082; + + ## Make site accessible from world wide. + server_name localhost.localdomain; + + ## Automatically redirect site to HTTPS protocol. + location / { + return 301 https://$server_name:8083$request_uri; + } +} diff --git a/lib/lemper-manage.sh b/lib/lemper-manage.sh index 8a149f4..a368e88 100755 --- a/lib/lemper-manage.sh +++ b/lib/lemper-manage.sh @@ -268,8 +268,8 @@ enabled = true port = http,https filter = ${FRAMEWORK} action = iptables-multiport[name=webapps, port="http,https", protocol=tcp] -logpath = ${WEBROOT}/access_log -bantime = 30d +logpath = ${WEBROOT}/logs/nginx/access_log +bantime = 7d findtime = 5m maxretry = 3 EOL @@ -492,11 +492,11 @@ function enable_ssl() { # Change listening port to 443. if grep -qwE "^\ listen\ (\b[0-9]{1,3}\.){3}[0-9]{1,3}\b:80" "/etc/nginx/sites-available/${DOMAIN}.conf"; then - run sed -i "s/\:80/\:443 ssl http2/g" "/etc/nginx/sites-available/${DOMAIN}.conf" + run sed -i "s/\:80/\:443\ ssl\ http2/g" "/etc/nginx/sites-available/${DOMAIN}.conf" else run sed -i "s/listen\ 80/listen\ 443\ ssl\ http2/g" "/etc/nginx/sites-available/${DOMAIN}.conf" fi - + run sed -i "s/listen\ \[::\]:80/listen\ \[::\]:443\ ssl\ http2/g" "/etc/nginx/sites-available/${DOMAIN}.conf" # Enable SSL configs. @@ -519,12 +519,12 @@ function enable_ssl() { # Append redirection block. cat >> "/etc/nginx/sites-available/${DOMAIN}.conf" <> \ - "/etc/lemper/ssl/${DOMAIN}/chain.pem" + "/etc/lemper/ssl/${DOMAIN}/fullchain.pem" if [ -f "/etc/lemper/ssl/${DOMAIN}/cert.pem" ]; then success "Self-signed SSL certificate has been successfully generated." diff --git a/scripts/install_nginx.sh b/scripts/install_nginx.sh index 162e755..c44cadd 100755 --- a/scripts/install_nginx.sh +++ b/scripts/install_nginx.sh @@ -1559,29 +1559,6 @@ function init_nginx_install() { MOD_STREAM_ENABLED=true fi fi - - # Nginx init script. - if [ ! -f /etc/init.d/nginx ]; then - run cp etc/init.d/nginx /etc/init.d/ - run chmod ugo+x /etc/init.d/nginx - fi - - # Nginx systemd script. - [ ! -f /lib/systemd/system/nginx.service ] && \ - run cp etc/systemd/nginx.service /lib/systemd/system/ - - [ ! -f /etc/systemd/system/multi-user.target.wants/nginx.service ] && \ - run ln -s /lib/systemd/system/nginx.service \ - /etc/systemd/system/multi-user.target.wants/nginx.service - - # Try reloading daemon. - run systemctl daemon-reload - - # Enable in start up. - run systemctl enable nginx.service - - # Masked (?). - run systemctl unmask nginx.service ;; *) # Skip installation. @@ -1616,16 +1593,6 @@ function init_nginx_install() { [ ! -d /etc/nginx/sites-available ] && run mkdir -p /etc/nginx/sites-available [ ! -d /etc/nginx/sites-enabled ] && run mkdir -p /etc/nginx/sites-enabled - # Copy custom default vhost. - [ -f /etc/nginx/sites-available/default ] && \ - run mv /etc/nginx/sites-available/default /etc/nginx/sites-available/default~ - run cp -f etc/nginx/sites-available/default /etc/nginx/sites-available/ - - # Enable default vhost (mandatory). - [ -f /etc/nginx/sites-enabled/default ] && run unlink /etc/nginx/sites-enabled/default - [ -f /etc/nginx/sites-enabled/00-default ] && run unlink /etc/nginx/sites-enabled/00-default - run ln -s /etc/nginx/sites-available/default /etc/nginx/sites-enabled/00-default - # TODO: Add stream support. if [[ "${MOD_STREAM_ENABLED}" == true ]]; then @@ -1660,8 +1627,9 @@ EOL [ -d /var/cache/nginx ] && run chown -hR www-data:www-data /var/cache/nginx # Nginx Logrotate. - run cp -f etc/logrotate.d/nginx /etc/logrotate.d/ && \ - run chmod 0644 /etc/logrotate.d/nginx + #run cp -f etc/logrotate.d/nginx /etc/logrotate.d/ && \ + #run chmod 0644 /etc/logrotate.d/nginx + add_nginx_logrotate # Adjust nginx to meet hardware resources. echo "Customize Nginx configuration..." @@ -1726,8 +1694,47 @@ EOL # Generate default hostname SSL cert. generate_hostname_cert + # Nginx init script. + if [ ! -f /etc/init.d/nginx ]; then + run cp etc/init.d/nginx /etc/init.d/ + run chmod ugo+x /etc/init.d/nginx + fi + + # Nginx systemd script. + [ ! -f /lib/systemd/system/nginx.service ] && \ + run cp etc/systemd/nginx.service /lib/systemd/system/ + + [ ! -f /etc/systemd/system/multi-user.target.wants/nginx.service ] && \ + run ln -s /lib/systemd/system/nginx.service \ + /etc/systemd/system/multi-user.target.wants/nginx.service + + # Try reloading daemon. + run systemctl daemon-reload + + # Masked (?). + run systemctl unmask nginx.service + + # Enable in start up. + run systemctl enable nginx.service + # Final test. if [[ "${DRYRUN}" != true ]]; then + # Copy custom default vhost. + [ -f /etc/nginx/sites-available/default ] && \ + run mv /etc/nginx/sites-available/default /etc/nginx/sites-available/default~ + + if [[ -n "${HOSTNAME_CERT_PATH}" && -f "${HOSTNAME_CERT_PATH}/fullchain.pem" ]]; then + run cp -f etc/nginx/sites-available/default-ssl /etc/nginx/sites-available/default + run sed -i "s|HOSTNAME_CERT_PATH|${HOSTNAME_CERT_PATH}|g" "/etc/nginx/sites-available/default" + else + run cp -f etc/nginx/sites-available/default /etc/nginx/sites-available/default + fi + + # Enable default vhost (mandatory). + [ -f /etc/nginx/sites-enabled/default ] && run unlink /etc/nginx/sites-enabled/default + [ -f /etc/nginx/sites-enabled/00-default ] && run unlink /etc/nginx/sites-enabled/00-default + run ln -s /etc/nginx/sites-available/default /etc/nginx/sites-enabled/00-default + # Make default server accessible from hostname or IP address. if [[ $(dig "${HOSTNAME}" +short) == "${SERVER_IP}" ]]; then run sed -i "s/localhost.localdomain/${HOSTNAME}/g" /etc/nginx/sites-available/default @@ -1773,17 +1780,17 @@ EOL function generate_hostname_cert() { # Generate a new certificate for the hostname domain. - if [[ "${ENVIRONMENT}" == prod* ]]; then + if [[ "${ENVIRONMENT}" == prod* && $(dig "${HOSTNAME}" +short) == "${SERVER_IP}" ]]; then # Stop webserver first. run systemctl stop nginx.service - if [[ $(dig "${HOSTNAME}" +short) == "${SERVER_IP}" ]]; then - run certbot certonly --standalone --agree-tos --preferred-challenges http \ - --webroot-path=/usr/share/nginx/html -d "${HOSTNAME}" - export HOSTNAME_CERT_PATH && \ - HOSTNAME_CERT_PATH="/etc/letsencrypt/live/${HOSTNAME}" + if [[ ! -e "/etc/letsencrypt/live/${HOSTNAME}/fullchain.pem" ]]; then + run certbot certonly --standalone --agree-tos --preferred-challenges http \ + --webroot-path=/usr/share/nginx/html -d "${HOSTNAME}" fi + HOSTNAME_CERT_PATH="/etc/letsencrypt/live/${HOSTNAME}" + # Re-start webserver. run systemctl start nginx.service else @@ -1798,34 +1805,61 @@ function generate_hostname_cert() { # Create Certificate Authority (CA). run openssl req -x509 -sha256 -days 365000 -nodes -newkey "rsa:${KEY_HASH_LENGTH}" \ - -keyout /etc/lemper/ssl/lemperCA.key -out /etc/lemper/ssl/lemperCA.crt \ - -config /etc/lemper/ssl/ca.conf && \ + -keyout /etc/lemper/ssl/lemperCA.key -out /etc/lemper/ssl/lemperCA.crt \ + -config /etc/lemper/ssl/ca.conf && \ # Create Server Private Key. run openssl genrsa -out "/etc/lemper/ssl/${HOSTNAME}/privkey.pem" "${KEY_HASH_LENGTH}" && \ # Generate Certificate Signing Request (CSR) using Server Private Key. run openssl req -new -key "/etc/lemper/ssl/${HOSTNAME}/privkey.pem" \ - -out "/etc/lemper/ssl/${HOSTNAME}/csr.pem" -config /etc/lemper/ssl/csr.conf + -out "/etc/lemper/ssl/${HOSTNAME}/csr.pem" -config /etc/lemper/ssl/csr.conf # Generate SSL certificate With self signed CA. run openssl x509 -req -sha256 -days 365000 -CAcreateserial \ - -CA /etc/lemper/ssl/lemperCA.crt -CAkey /etc/lemper/ssl/lemperCA.key \ - -in "/etc/lemper/ssl/${HOSTNAME}/csr.pem" -out "/etc/lemper/ssl/${HOSTNAME}/cert.pem" \ - -extfile /etc/lemper/ssl/cert.conf + -CA /etc/lemper/ssl/lemperCA.crt -CAkey /etc/lemper/ssl/lemperCA.key \ + -in "/etc/lemper/ssl/${HOSTNAME}/csr.pem" -out "/etc/lemper/ssl/${HOSTNAME}/cert.pem" \ + -extfile /etc/lemper/ssl/cert.conf # Create chain file. run cat /etc/lemper/ssl/lemperCA.crt "/etc/lemper/ssl/${HOSTNAME}/cert.pem" > \ - "/etc/lemper/ssl/${HOSTNAME}/chain.pem" + "/etc/lemper/ssl/${HOSTNAME}/fullchain.pem" if [ -f "/etc/lemper/ssl/${HOSTNAME}/cert.pem" ]; then - success "Self-signed SSL certificate has been successfully generated." + HOSTNAME_CERT_PATH="/etc/lemper/ssl/${HOSTNAME}" + success "Self-signed SSL certificate has been successfully generated." else - fail "An error occurred when generating self-signed SSL certificate." + fail "An error occurred when generating self-signed SSL certificate." fi fi } +function add_nginx_logrotate() { + run touch "/etc/logrotate.d/nginx" + cat >> "/etc/logrotate.d/nginx" </dev/null 2>&1 + endscript +} +EOL + + run chmod 0644 "/etc/logrotate.d/nginx" +} + echo "[Nginx HTTP (Web) Server Installation]" # Start running things from a call at the end so if this script is executed