├── README.md
├── nginx-default-sites
├── 0-default-ssl.conf
└── 0-default.conf
├── nginx-logrotate-templates
└── default
│ └── logrotate-nginx.conf
├── nginx-templates
└── default
│ ├── plantilla-nginx-ssl.conf
│ └── plantilla-nginx.conf
├── useful-scripts
├── change-apache-ports-to-non-standard-ports.sh
├── change-virtualmin-ports-to-non-standard-ports.sh
├── fix-ssl-combined.sh
├── generate-alldomains-nginx-cert.sh
└── generate-nginx-conf-for-all-domains.sh
└── virtualmin-nginx-hook
/README.md:
--------------------------------------------------------------------------------
1 | # Nginx Config Generator
2 | Virtualmin hook to set Nginx config when creating/editing/deleting a virtualserver.
3 |
4 | ## Requirements
5 | It only work with virtualservers created after installed a version of webmin-virtual-server >= 6.01.gpl-3.
6 |
7 | ## Install instructions
8 | As root run:
9 | ```
10 | cp virtualmin-nginx-hook /usr/local/bin/virtualmin-nginx-hook
11 | mkdir /usr/local/etc/nginx-templates
12 | cp -r nginx-templates/* /usr/local/etc/nginx-templates/
13 | mkdir /usr/local/etc/nginx-logrotate-templates
14 | cp -r nginx-logrotate-templates/* /usr/local/etc/nginx-logrotate-templates/
15 | ```
16 |
17 | Verify that `NGINX_SITES_AVAILABLE_DIRECTORY` and `NGINX_SITES_ENABLED_DIRECTORY` directories exists.
18 |
19 | Verify also that `NGINX_LOGS_FOLDER` exists.
20 |
21 | Now login to virtualmin with a user with root privileges and:
22 |
23 | 1. Go to System Settings -> Virtualmin Configuration.
24 | 2. Select the Actions upon server and user creation category.
25 | 3. In the Command to run after making changes to a server field, enter `/usr/local/bin/virtualmin-nginx-hook`.
26 | 4. Click Save.
27 |
28 | ## Specify custom nginx and nginx-logrotate templates
29 | You can specify a custom nginx and nginx-logrotate template for a virtualserver.
30 |
31 | You only have to set the description of the virtualserver using this patterns:
32 | ```
33 | [nginx-template custom-template-name] [nginx-logrotate-template custom-logrotate-template]
34 | ```
35 |
36 | With previous example (if default script config is not modified), the following files must exists:
37 | ```
38 | /usr/local/etc/nginx-templates/custom-template-name/plantilla-nginx-ssl.conf
39 | /usr/local/etc/nginx-templates/custom-template-name/plantilla-nginx.conf
40 | /usr/local/etc/nginx-logrotate-templates/custom-logrotate-template/logrotate-nginx.conf
41 | ```
42 |
43 | If custom template is not found, default template will be used instead.
44 |
--------------------------------------------------------------------------------
/nginx-default-sites/0-default-ssl.conf:
--------------------------------------------------------------------------------
1 | server {
2 | server_name _;
3 | listen 443 default_server;
4 |
5 | client_max_body_size 0;
6 |
7 | ssl on;
8 | ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
9 | ssl_prefer_server_ciphers on;
10 | ssl_ciphers !SSLv2:!MD5:HIGH;
11 | ssl_ecdh_curve prime256v1;
12 | ssl_certificate /etc/ssl/certs/alldomains-nginx.crt;
13 | ssl_certificate_key /etc/ssl/private/alldomains-nginx.key;
14 | ssl_verify_client off;
15 |
16 | access_log off;
17 |
18 | # Forward to Apache
19 | location / {
20 | proxy_set_header X-Real-IP $remote_addr;
21 | proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
22 | proxy_set_header Host $host;
23 | proxy_pass http://127.0.0.1:8080;
24 | }
25 | }
26 |
--------------------------------------------------------------------------------
/nginx-default-sites/0-default.conf:
--------------------------------------------------------------------------------
1 | server {
2 | server_name _;
3 | listen 80 default_server;
4 |
5 | client_max_body_size 0;
6 |
7 | access_log off;
8 |
9 | # Forward to Apache
10 | location / {
11 | proxy_set_header X-Real-IP $remote_addr;
12 | proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
13 | proxy_set_header Host $host;
14 | proxy_pass http://127.0.0.1:8080;
15 | }
16 | }
17 |
--------------------------------------------------------------------------------
/nginx-logrotate-templates/default/logrotate-nginx.conf:
--------------------------------------------------------------------------------
1 | @ACCESS_LOG_FILE@ @ERROR_LOG_FILE@ {
2 | rotate 5
3 | weekly
4 | compress
5 | postrotate
6 | [ ! -f /var/run/nginx.pid ] || kill -USR1 `cat /var/run/nginx.pid`
7 | endscript
8 | sharedscripts
9 | }
10 |
--------------------------------------------------------------------------------
/nginx-templates/default/plantilla-nginx-ssl.conf:
--------------------------------------------------------------------------------
1 | server {
2 | server_name @SERVER_NAME@;
3 | listen @PUBLIC_SSL_IP@:@PUBLIC_SSL_PORT@;
4 | root @WEB_ROOT_PATH@;
5 |
6 | client_max_body_size 0;
7 |
8 | ssl on;
9 | ssl_protocols @SSL_PROTOCOLS@;
10 | ssl_prefer_server_ciphers on;
11 | ssl_ciphers @SSL_CIPHERS@;
12 | ssl_ecdh_curve prime256v1;
13 | ssl_certificate @SSL_CERTIFICATE@;
14 | ssl_certificate_key @SSL_CERTIFICATE_KEY@;
15 | ssl_verify_client off;
16 |
17 |
18 | access_log @ACCESS_LOG_FILE@;
19 | error_log @ERROR_LOG_FILE@;
20 |
21 | # Static contents
22 | location ~* ^.+.(jpg|jpeg|gif|png|ico|css|zip|tgz|gz|rar|bz2|doc|xls|exe|pdf|ppt|txt|tar|mid|midi|wav|bmp|rtf|js)$ {
23 | expires max;
24 | }
25 |
26 | # Dynamic content, forward to Apache
27 | location / {
28 | proxy_set_header X-Real-IP $remote_addr;
29 | proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
30 | proxy_set_header Host $host;
31 | proxy_pass https://@APACHE_SSL_IP@:@APACHE_SSL_PORT@;
32 | }
33 | }
34 |
--------------------------------------------------------------------------------
/nginx-templates/default/plantilla-nginx.conf:
--------------------------------------------------------------------------------
1 | server {
2 | server_name @SERVER_NAME@;
3 | listen @PUBLIC_NON_SSL_IP@:@PUBLIC_NON_SSL_PORT@;
4 | root @WEB_ROOT_PATH@;
5 |
6 | client_max_body_size 0;
7 |
8 | access_log @ACCESS_LOG_FILE@;
9 | error_log @ERROR_LOG_FILE@;
10 |
11 | # Static contents
12 | location ~* ^.+.(jpg|jpeg|gif|png|ico|css|zip|tgz|gz|rar|bz2|doc|xls|exe|pdf|ppt|txt|tar|mid|midi|wav|bmp|rtf|js)$ {
13 | expires max;
14 | }
15 |
16 | # Dynamic content, forward to Apache
17 | location / {
18 | proxy_set_header X-Real-IP $remote_addr;
19 | proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
20 | proxy_set_header Host $host;
21 | proxy_pass http://@APACHE_NON_SSL_IP@:@APACHE_NON_SSL_PORT@;
22 | }
23 | }
24 |
--------------------------------------------------------------------------------
/useful-scripts/change-apache-ports-to-non-standard-ports.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 |
3 | VIRTUALMIN_CONF_DIR="/etc/apache2/sites-available"
4 |
5 | OLD_PWD="$PWD"
6 |
7 |
8 | for nconf in ${VIRTUALMIN_CONF_DIR}/* ; do
9 |
10 | sed -i -e 's/'':80>''/'':8080>''/g' \
11 | -e 's/'':443''/'':8443''/g' \
12 | "${nconf}"
13 |
14 |
15 | done
16 |
17 |
18 |
19 |
20 |
21 | # Go back to original pwd
22 | cd "${OLD_PWD}"
23 |
24 |
25 |
--------------------------------------------------------------------------------
/useful-scripts/change-virtualmin-ports-to-non-standard-ports.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 |
3 | VIRTUALMIN_CONF_DIR="/etc/webmin/virtual-server/domains"
4 |
5 | OLD_PWD="$PWD"
6 |
7 |
8 | for nconf in ${VIRTUALMIN_CONF_DIR}/* ; do
9 |
10 | sed -i -e 's/''^web_port=.*''/''web_port=8080''/g' \
11 | -e 's/''^web_sslport=.*''/''web_sslport=8443''/g' \
12 | "${nconf}"
13 |
14 |
15 | done
16 |
17 |
18 |
19 |
20 |
21 | # Go back to original pwd
22 | cd "${OLD_PWD}"
23 |
24 |
25 |
--------------------------------------------------------------------------------
/useful-scripts/fix-ssl-combined.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 |
3 | #######################################################################
4 | # Nginx Config Generator is a virtualmin hook to set Nginx config
5 | # when creating/editing/deleting a virtualserver.
6 |
7 | # Copyright (C) 2017 Marc Sanchez Fauste
8 | # Copyright (C) 2017 Adrian Gibanel
9 | # Copyright (C) 2017 BTACTIC, SCCL
10 |
11 | # This program is free software: you can redistribute it and/or modify
12 | # it under the terms of the GNU General Public License as published by
13 | # the Free Software Foundation, either version 3 of the License, or
14 | # (at your option) any later version.
15 |
16 | # This program is distributed in the hope that it will be useful,
17 | # but WITHOUT ANY WARRANTY; without even the implied warranty of
18 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 | # GNU General Public License for more details.
20 |
21 | # You should have received a copy of the GNU General Public License
22 | # along with this program. If not, see .
23 | #######################################################################
24 |
25 | # This script verifies if the variable 'ssl_combined' is present in the
26 | # configuration of the webmin domains and if it's not present, declares it.
27 |
28 | # This is useful because if this variable is not declared the virtualmin
29 | # hook used to create the nginx configuration will not work correctly with
30 | # virtual servers that have SSL enabled.
31 |
32 | WEBMIN_DOMAINS_CONF_DIR="/etc/webmin/virtual-server/domains"
33 |
34 | for conf_file in ${WEBMIN_DOMAINS_CONF_DIR}/*; do
35 | if grep "ssl=1" ${conf_file} > /dev/null; then
36 | if ! grep "ssl_combined" ${conf_file} > /dev/null; then
37 | ssl_key=$(awk -F '=' '$1 == "ssl_key" {print $2}' ${conf_file})
38 | if [ -z "${ssl_key}" ]; then
39 | echo "ERROR: el fichero '${conf_file}' no tiene especificado el valor 'ssl_key'!"
40 | else
41 | ssl_combined="$(dirname ${ssl_key})/ssl.combined"
42 | if [ ! -f "${ssl_combined}" ]; then
43 | echo "ERROR: el fichero '${ssl_combined} no existe!'"
44 | else
45 | echo "Adding ssl_combined to '${conf_file}'"
46 | echo -e -n "\nssl_combined=${ssl_combined}\n" >> ${conf_file}
47 | fi
48 | fi
49 | fi
50 | fi
51 | done
52 |
--------------------------------------------------------------------------------
/useful-scripts/generate-alldomains-nginx-cert.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 |
3 | #######################################################################
4 | # Nginx Config Generator is a virtualmin hook to set Nginx config
5 | # when creating/editing/deleting a virtualserver.
6 |
7 | # Copyright (C) 2017 Adrian Gibanel
8 | # Copyright (C) 2017 BTACTIC, SCCL
9 | # Copyright (C) 2017 Marc Sanchez Fauste
10 |
11 | # This program is free software: you can redistribute it and/or modify
12 | # it under the terms of the GNU General Public License as published by
13 | # the Free Software Foundation, either version 3 of the License, or
14 | # (at your option) any later version.
15 |
16 | # This program is distributed in the hope that it will be useful,
17 | # but WITHOUT ANY WARRANTY; without even the implied warranty of
18 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 | # GNU General Public License for more details.
20 |
21 | # You should have received a copy of the GNU General Public License
22 | # along with this program. If not, see .
23 | #######################################################################
24 |
25 | SSL_CERT_PRIVATE_KEY_FILE="/etc/ssl/private/alldomains-nginx.key"
26 | SSL_CERT_PRIVATE_CRT_FILE="/etc/ssl/certs/alldomains-nginx.crt"
27 | KEY_BITS=2048
28 | VALID_DAYS=3650
29 | CN="*"
30 |
31 | # Certificate details
32 | subj="/CN=${CN}"
33 |
34 | # Generate a Self-Signed Certificate
35 | openssl req \
36 | -newkey rsa:${KEY_BITS} -nodes -keyout ${SSL_CERT_PRIVATE_KEY_FILE} \
37 | -x509 -days ${VALID_DAYS} -out ${SSL_CERT_PRIVATE_CRT_FILE} \
38 | -batch -subj ${subj}
39 |
40 |
--------------------------------------------------------------------------------
/useful-scripts/generate-nginx-conf-for-all-domains.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 |
3 | #######################################################################
4 | # Nginx Config Generator is a virtualmin hook to set Nginx config
5 | # when creating/editing/deleting a virtualserver.
6 |
7 | # Copyright (C) 2017 Marc Sanchez Fauste
8 | # Copyright (C) 2017 Adrian Gibanel
9 | # Copyright (C) 2017 BTACTIC, SCCL
10 |
11 | # This program is free software: you can redistribute it and/or modify
12 | # it under the terms of the GNU General Public License as published by
13 | # the Free Software Foundation, either version 3 of the License, or
14 | # (at your option) any later version.
15 |
16 | # This program is distributed in the hope that it will be useful,
17 | # but WITHOUT ANY WARRANTY; without even the implied warranty of
18 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 | # GNU General Public License for more details.
20 |
21 | # You should have received a copy of the GNU General Public License
22 | # along with this program. If not, see .
23 | #######################################################################
24 |
25 | # This script forces the modification of all domains in order to generate
26 | # nginx configuration for each one of them.
27 |
28 | for ndomain in $(virtualmin list-domains --name-only); do
29 | virtualmin modify-domain --domain $ndomain
30 | done
31 |
--------------------------------------------------------------------------------
/virtualmin-nginx-hook:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 |
3 | #######################################################################
4 | # Nginx Config Generator is a virtualmin hook to set Nginx config
5 | # when creating/editing/deleting a virtualserver.
6 |
7 | # Copyright (C) 2017 Marc Sanchez Fauste
8 | # Copyright (C) 2017 Adrian Gibanel
9 | # Copyright (C) 2017 BTACTIC, SCCL
10 |
11 | # This program is free software: you can redistribute it and/or modify
12 | # it under the terms of the GNU General Public License as published by
13 | # the Free Software Foundation, either version 3 of the License, or
14 | # (at your option) any later version.
15 |
16 | # This program is distributed in the hope that it will be useful,
17 | # but WITHOUT ANY WARRANTY; without even the implied warranty of
18 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 | # GNU General Public License for more details.
20 |
21 | # You should have received a copy of the GNU General Public License
22 | # along with this program. If not, see .
23 | #######################################################################
24 |
25 | #set -x
26 | #set -v
27 |
28 | NGINX_CONF_TEMPLATE_DIR="/usr/local/etc/nginx-templates"
29 | NGINX_CONF_TEMPLATE="default"
30 | NGINX_SSL_CONF_TEMPLATE_FILE="plantilla-nginx-ssl.conf"
31 | NGINX_NON_SSL_CONF_TEMPLATE_FILE="plantilla-nginx.conf"
32 |
33 | # Nginx logrotate
34 | NGINX_LOGS_FOLDER="/var/log/virtualmin/nginx"
35 | NGINX_LOGROTATE_CONFIG_FOLDER="/etc/logrotate.d"
36 |
37 | NGINX_LOGROTATE_TEMPLATE_DIR="/usr/local/etc/nginx-logrotate-templates"
38 | NGINX_LOGROTATE_TEMPLATE="default"
39 | NGINX_LOGROTATE_TEMPLATE_FILE_NAME="logrotate-nginx.conf"
40 |
41 | # Check if nginx logrotate template is specified on virtualserver description
42 | LOGROTATE_TEMPLATE=$(echo "$VIRTUALSERVER_OWNER" \
43 | | grep -Po "(?<=\[nginx-logrotate-template )(\w|-)+(?=\])")
44 | if [ ! -z "${LOGROTATE_TEMPLATE}" ]; then
45 | if [ -d ${NGINX_LOGROTATE_TEMPLATE_DIR}/${LOGROTATE_TEMPLATE} ]; then
46 | NGINX_LOGROTATE_TEMPLATE=${LOGROTATE_TEMPLATE}
47 | fi
48 | fi
49 | NGINX_LOGROTATE_TEMPLATE_FILE="${NGINX_LOGROTATE_TEMPLATE_DIR}\
50 | /${NGINX_LOGROTATE_TEMPLATE}\
51 | /${NGINX_LOGROTATE_TEMPLATE_FILE_NAME}"
52 |
53 | NGINX_LOGROTATE_CONFIG_FILE_NON_SSL="${NGINX_LOGROTATE_CONFIG_FOLDER}\
54 | /${VIRTUALSERVER_DOM}.nginx.conf"
55 | NGINX_LOGROTATE_CONFIG_FILE_SSL="${NGINX_LOGROTATE_CONFIG_FOLDER}\
56 | /${VIRTUALSERVER_DOM}.ssl.nginx.conf"
57 |
58 | ### NGINX CONF DEFAULT VARIABLES - BEGIN
59 |
60 | REPL_SSL_PROTOCOLS="TLSv1 TLSv1.1 TLSv1.2"
61 | REPL_SSL_CIPHERS="!SSLv2:!MD5:HIGH"
62 |
63 | ### NGINX CONF DEFAULT VARIABLES - END
64 |
65 | NGINX_SITES_AVAILABLE_DIRECTORY="/etc/nginx/sites-available"
66 | NGINX_SITES_ENABLED_DIRECTORY="/etc/nginx/sites-enabled"
67 |
68 | # Check if nginx template is specified on virtualserver description
69 | TEMPLATE=$(echo "$VIRTUALSERVER_OWNER" | grep -Po "(?<=\[nginx-template )(\w|-)+(?=\])")
70 | if [ ! -z "${TEMPLATE}" ]; then
71 | if [ -d ${NGINX_CONF_TEMPLATE_DIR}/${TEMPLATE} ]; then
72 | NGINX_CONF_TEMPLATE=${TEMPLATE}
73 | fi
74 | fi
75 |
76 | NGINX_SSL_CONF_TEMPLATE="${NGINX_CONF_TEMPLATE_DIR}/${NGINX_CONF_TEMPLATE}/${NGINX_SSL_CONF_TEMPLATE_FILE}"
77 | NGINX_NON_SSL_CONF_TEMPLATE="${NGINX_CONF_TEMPLATE_DIR}/${NGINX_CONF_TEMPLATE}/${NGINX_NON_SSL_CONF_TEMPLATE_FILE}"
78 |
79 | # Check if virtual server is an alias
80 | if [ ! -z "${VIRTUALSERVER_PARENT}" ] && [ ${VIRTUALSERVER_ALIAS_MODE} -eq 1 ]; then
81 | IS_ALIAS="YES"
82 | else
83 | IS_ALIAS="NO"
84 | fi
85 |
86 | ### NGINX CONF THIS MACHINE VARIABLES - BEGIN
87 |
88 | REPL_PUBLIC_NON_SSL_PORT="80"
89 | REPL_PUBLIC_SSL_PORT="443"
90 |
91 | if [ "$IS_ALIAS" = "YES" ]; then
92 | REPL_PUBLIC_NON_SSL_IP="${PARENT_VIRTUALSERVER_IP}"
93 | REPL_APACHE_NON_SSL_IP="${PARENT_VIRTUALSERVER_IP}"
94 | REPL_APACHE_NON_SSL_PORT="${PARENT_VIRTUALSERVER_WEB_PORT}"
95 |
96 | REPL_PUBLIC_SSL_IP="${PARENT_VIRTUALSERVER_IP}"
97 | REPL_APACHE_SSL_IP="${PARENT_VIRTUALSERVER_IP}"
98 | REPL_APACHE_SSL_PORT="${PARENT_VIRTUALSERVER_WEB_SSLPORT}"
99 | else
100 | REPL_PUBLIC_NON_SSL_IP="${VIRTUALSERVER_IP}"
101 | REPL_APACHE_NON_SSL_IP="${VIRTUALSERVER_IP}"
102 | REPL_APACHE_NON_SSL_PORT="${VIRTUALSERVER_WEB_PORT}"
103 |
104 | REPL_PUBLIC_SSL_IP="${VIRTUALSERVER_IP}"
105 | REPL_APACHE_SSL_IP="${VIRTUALSERVER_IP}"
106 | REPL_APACHE_SSL_PORT="${VIRTUALSERVER_WEB_SSLPORT}"
107 | fi
108 |
109 | ### NGINX CONF THIS MACHINE VARIABLES - END
110 |
111 | # Check if SSL is enabled
112 | if [ "$IS_ALIAS" = "YES" ]; then
113 | if [ $PARENT_VIRTUALSERVER_SSL -eq 1 ]; then
114 | IS_SSL="YES"
115 | else
116 | IS_SSL="NO"
117 | fi
118 | else
119 | if [ $VIRTUALSERVER_SSL -eq 1 ]; then
120 | IS_SSL="YES"
121 | else
122 | IS_SSL="NO"
123 | fi
124 | fi
125 |
126 | # Configure nginx logs
127 | NGINX_ACCESS_LOG_FILE_NON_SSL="${NGINX_LOGS_FOLDER}/${VIRTUALSERVER_DOM}_access_log"
128 | NGINX_ERROR_LOG_FILE_NON_SSL="${NGINX_LOGS_FOLDER}/${VIRTUALSERVER_DOM}_error_log"
129 |
130 | #
131 | # Create the nginx conf entry upon creating or modifying a domain
132 | #
133 | if [ "$VIRTUALSERVER_ACTION" = "CREATE_DOMAIN" ] || [ "$VIRTUALSERVER_ACTION" = "MODIFY_DOMAIN" ]; then
134 |
135 | ndomain_alias_string="${VIRTUALSERVER_DOM} www.${VIRTUALSERVER_DOM}"
136 |
137 | # Virtual server is an alias? Then use PARENT variables
138 | if [ "$IS_ALIAS" = "YES" ]; then
139 | ndomain_web_root_path=${PARENT_VIRTUALSERVER_PUBLIC_HTML_PATH};
140 | else
141 | # Otherwise it is a parent server or a sub-server
142 | ndomain_web_root_path=${VIRTUALSERVER_PUBLIC_HTML_PATH};
143 | fi
144 |
145 | sed -e 's/''@SERVER_NAME@''/'"${ndomain_alias_string}"'/g' \
146 | -e 's/''@PUBLIC_NON_SSL_IP@''/'"${REPL_PUBLIC_NON_SSL_IP}"'/g' \
147 | -e 's/''@PUBLIC_NON_SSL_PORT@''/'"${REPL_PUBLIC_NON_SSL_PORT}"'/g' \
148 | -e 's~''@WEB_ROOT_PATH@''~'"${ndomain_web_root_path}"'~g' \
149 | -e 's/''@APACHE_NON_SSL_IP@''/'"${REPL_APACHE_NON_SSL_IP}"'/g' \
150 | -e 's/''@APACHE_NON_SSL_PORT@''/'"${REPL_APACHE_NON_SSL_PORT}"'/g' \
151 | -e 's~''@ACCESS_LOG_FILE@''~'"${NGINX_ACCESS_LOG_FILE_NON_SSL}"'~g' \
152 | -e 's~''@ERROR_LOG_FILE@''~'"${NGINX_ERROR_LOG_FILE_NON_SSL}"'~g' \
153 | \
154 | "${NGINX_NON_SSL_CONF_TEMPLATE}" \
155 | > "${NGINX_SITES_AVAILABLE_DIRECTORY}/${VIRTUALSERVER_DOM}.conf"
156 |
157 | sed -e 's~''@ACCESS_LOG_FILE@''~'"${NGINX_ACCESS_LOG_FILE_NON_SSL}"'~g' \
158 | -e 's~''@ERROR_LOG_FILE@''~'"${NGINX_ERROR_LOG_FILE_NON_SSL}"'~g' \
159 | \
160 | "${NGINX_LOGROTATE_TEMPLATE_FILE}" \
161 | > "${NGINX_LOGROTATE_CONFIG_FILE_NON_SSL}"
162 |
163 | # If SSL in enabled, add the SSL directive too
164 | if [ "$IS_SSL" = "YES" ]; then
165 |
166 | # Virtual server is an alias? Then use PARENT certs
167 | if [ "$IS_ALIAS" = "YES" ]; then
168 | ndomain_ssl_key=${PARENT_VIRTUALSERVER_SSL_KEY};
169 | ndomain_nginx_chained_ssl_crt=${PARENT_VIRTUALSERVER_SSL_COMBINED};
170 | else
171 | # Otherwise it is a parent server or a sub-server
172 | ndomain_ssl_key=${VIRTUALSERVER_SSL_KEY};
173 | ndomain_nginx_chained_ssl_crt=${VIRTUALSERVER_SSL_COMBINED};
174 | fi
175 |
176 | # Configure nginx logs
177 | NGINX_ACCESS_LOG_FILE_SSL="${NGINX_LOGS_FOLDER}/${VIRTUALSERVER_DOM}.ssl_access_log"
178 | NGINX_ERROR_LOG_FILE_SSL="${NGINX_LOGS_FOLDER}/${VIRTUALSERVER_DOM}.ssl_error_log"
179 |
180 | sed -e 's/''@SERVER_NAME@''/'"${ndomain_alias_string}"'/g' \
181 | -e 's/''@PUBLIC_SSL_IP@''/'"${REPL_PUBLIC_SSL_IP}"'/g' \
182 | -e 's/''@PUBLIC_SSL_PORT@''/'"${REPL_PUBLIC_SSL_PORT}"'/g' \
183 | -e 's~''@WEB_ROOT_PATH@''~'"${ndomain_web_root_path}"'~g' \
184 | -e 's/''@SSL_PROTOCOLS@''/'"${REPL_SSL_PROTOCOLS}"'/g' \
185 | -e 's/''@SSL_CIPHERS@''/'"${REPL_SSL_CIPHERS}"'/g' \
186 | -e 's~''@SSL_CERTIFICATE@''~'"${ndomain_nginx_chained_ssl_crt}"'~g' \
187 | -e 's~''@SSL_CERTIFICATE_KEY@''~'"${ndomain_ssl_key}"'~g' \
188 | -e 's/''@APACHE_SSL_IP@''/'"${REPL_APACHE_SSL_IP}"'/g' \
189 | -e 's/''@APACHE_SSL_PORT@''/'"${REPL_APACHE_SSL_PORT}"'/g' \
190 | -e 's~''@ACCESS_LOG_FILE@''~'"${NGINX_ACCESS_LOG_FILE_SSL}"'~g' \
191 | -e 's~''@ERROR_LOG_FILE@''~'"${NGINX_ERROR_LOG_FILE_SSL}"'~g' \
192 | \
193 | "${NGINX_SSL_CONF_TEMPLATE}" \
194 | > "${NGINX_SITES_AVAILABLE_DIRECTORY}/${VIRTUALSERVER_DOM}.ssl.conf"
195 |
196 | sed -e 's~''@ACCESS_LOG_FILE@''~'"${NGINX_ACCESS_LOG_FILE_SSL}"'~g' \
197 | -e 's~''@ERROR_LOG_FILE@''~'"${NGINX_ERROR_LOG_FILE_SSL}"'~g' \
198 | \
199 | "${NGINX_LOGROTATE_TEMPLATE_FILE}" \
200 | > "${NGINX_LOGROTATE_CONFIG_FILE_SSL}"
201 |
202 | fi
203 |
204 |
205 | # Make sure symlinks are always created in case of non-ssl
206 | if [ ! -e ${NGINX_SITES_ENABLED_DIRECTORY}/${VIRTUALSERVER_DOM}.conf ]; then
207 | ln -s ${NGINX_SITES_AVAILABLE_DIRECTORY}/${VIRTUALSERVER_DOM}.conf ${NGINX_SITES_ENABLED_DIRECTORY}/${VIRTUALSERVER_DOM}.conf
208 | fi
209 |
210 | # Make sure symlinks are created when enabling ssl or deleted when it is disabled
211 | if [ "$IS_SSL" = "YES" ]; then
212 | if [ ! -e ${NGINX_SITES_ENABLED_DIRECTORY}/${VIRTUALSERVER_DOM}.ssl.conf ]; then
213 | ln -s ${NGINX_SITES_AVAILABLE_DIRECTORY}/${VIRTUALSERVER_DOM}.ssl.conf ${NGINX_SITES_ENABLED_DIRECTORY}/${VIRTUALSERVER_DOM}.ssl.conf
214 | fi
215 | else
216 | if [ -e ${NGINX_SITES_ENABLED_DIRECTORY}/${VIRTUALSERVER_DOM}.ssl.conf ]; then
217 | rm ${NGINX_SITES_ENABLED_DIRECTORY}/${VIRTUALSERVER_DOM}.ssl.conf
218 | fi
219 | if [ -e ${NGINX_LOGROTATE_CONFIG_FILE_SSL} ]; then
220 | rm ${NGINX_LOGROTATE_CONFIG_FILE_SSL}
221 | fi
222 | fi
223 |
224 | fi
225 |
226 | #
227 | # Delete the config file and the symlink if the entry is being deleted
228 | #
229 | if [ "$VIRTUALSERVER_ACTION" = "DELETE_DOMAIN" ]; then
230 |
231 | rm -f ${NGINX_SITES_ENABLED_DIRECTORY}/${VIRTUALSERVER_DOM}.conf ${NGINX_SITES_AVAILABLE_DIRECTORY}/${VIRTUALSERVER_DOM}.conf
232 | if [ -e ${NGINX_LOGROTATE_CONFIG_FILE_NON_SSL} ]; then
233 | rm ${NGINX_LOGROTATE_CONFIG_FILE_NON_SSL}
234 | fi
235 |
236 | if [ "$IS_SSL" = "YES" ]; then
237 | rm -f ${NGINX_SITES_ENABLED_DIRECTORY}/${VIRTUALSERVER_DOM}.ssl.conf ${NGINX_SITES_AVAILABLE_DIRECTORY}/${VIRTUALSERVER_DOM}.ssl.conf
238 | if [ -e ${NGINX_LOGROTATE_CONFIG_FILE_SSL} ]; then
239 | rm ${NGINX_LOGROTATE_CONFIG_FILE_SSL}
240 | fi
241 | fi
242 |
243 | fi
244 |
245 | # Reload nginx
246 | # /etc/init.d/nginx reload
247 | service nginx reload && service nginx restart
248 |
--------------------------------------------------------------------------------