Am un VPS pe care țin tot felul de teste, iar cel mai enervant moment este cel în care trebuie să adaug un subdomeniu.
Și am făcut primul lucru care mi-a trecut prin cap: să automatizez
Am făcut un script care face următoarele:
- face un config pentru nginx ce pentru un subdomeniu;
- generează un certificat ssl (cu letsencrypt)
- face o bază de date nou (cu utilizator & co)
Avem nevoie de următoarele:
/etc/nginx/snippets/sample-conf
/etc/nginx/snippets/wp-generic.conf
create-site.sh
- certbot
Să le luăm pe rând:
/etc/nginx/snippets/sample-conf
server {
listen 80;
server_name site_name;
return 301 https://site_name$request_uri;
}
server {
listen 443 ssl http2;
server_name site_name;
ssl_certificate /etc/letsencrypt/live/site_name/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/site_name/privkey.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
ssl_prefer_server_ciphers on;
access_log /var/www/site_name/logs/access.log;
error_log /var/www/site_name/logs/error.log;
root /var/www/site_name/htdocs;
include /etc/nginx/snippets/wp-generic.conf;
index index.php;
}
/etc/nginx/snippets/wp-generic.conf
location / {
index index.html index.htm index.php;
try_files $uri $uri/ /index.php?$args;
}
location ~ \.php$ {
include fastcgi_params;
index index.php index.html index.htm;
try_files $uri $uri/ /index.php?$args;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
}
location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
expires max;
log_not_found off;
}
location ~* ^/wp-content/uploads/.*.php$ {
return 403;
}
create-site.sh
#!/bin/bash
mkdir -p /var/www/$1/htdocs
mkdir -p /var/www/$1/logs
touch /var/www/$1/logs/access.log
touch /var/www/$1/logs/error.log
chown -R www-data:www-data /var/www/$1
cp /etc/nginx/snippets/sample-conf /etc/nginx/sites-enabled/$1
sed -i s/site_name/$1/g /etc/nginx/sites-enabled/$1
sudo service nginx stop
certbot-auto certonly --standalone -d $1
sudo service nginx start
# create random password
PASSWDDB="$(openssl rand -base64 12)"
# replace "-" with "_" for database username
MAINDB=${USER_NAME//[^a-zA-Z0-9]/_}
# If /root/.my.cnf exists then it won't ask for root password
if [ -f /root/.my.cnf ]; then
mysql -e "CREATE DATABASE $2 /*\!40100 DEFAULT CHARACTER SET utf8 */;"
mysql -e "CREATE USER $2@localhost IDENTIFIED BY '${PASSWDDB}';"
mysql -e "GRANT ALL PRIVILEGES ON $2.* TO '$2'@'localhost';"
mysql -e "FLUSH PRIVILEGES;"
# If /root/.my.cnf doesn't exist then it'll ask for root password
else
echo "Please enter root user MySQL password!"
read rootpasswd
mysql -uroot -p${rootpasswd} -e "CREATE DATABASE $2 /*\!40100 DEFAULT CHARACTER SET utf8 */;"
mysql -uroot -p${rootpasswd} -e "CREATE USER $2@localhost IDENTIFIED BY '${PASSWDDB}';"
mysql -uroot -p${rootpasswd} -e "GRANT ALL PRIVILEGES ON $2.* TO '$2'@'localhost';"
mysql -uroot -p${rootpasswd} -e "FLUSH PRIVILEGES;"
fi
echo "Mysql user: $2"
echo "Mysql Password: ${PASSWDDB}"
Cum se folosește?
./create-site.sh nume.domeniu.com nume_db
Atenție!
Nu știu dacă toate aceste setări sunt potrivite unui server de producție; eu îl folosesc exclusiv în scopuri de test!