From 18ff17af6a2396e6049265856d27a2ce8bd0297e Mon Sep 17 00:00:00 2001 From: gyurix Date: Mon, 21 Apr 2025 09:42:47 +0200 Subject: [PATCH] Enhance error handling in certificate generation and improve logging for better debugging --- scripts/nginx_config_create.sh | 518 +++++++++++++++++---------------- 1 file changed, 263 insertions(+), 255 deletions(-) diff --git a/scripts/nginx_config_create.sh b/scripts/nginx_config_create.sh index e4be2ce..d495b31 100755 --- a/scripts/nginx_config_create.sh +++ b/scripts/nginx_config_create.sh @@ -4,13 +4,13 @@ GENERATE_CERTIFICATE=$GENERATE_CERTIFICATE cd /proxy_config -FILENAME="$1"; +FILENAME="$1" DOMAIN_SOURCE=/domains/$FILENAME #DOMAIN_SOURCE=./domains/$FILENAME #TEMP DOMAIN_NAME=$(jq -r .DOMAIN $DOMAIN_SOURCE) HTTP_PORT=$(jq -r .HTTP_PORT $DOMAIN_SOURCE) -HTTPS_PORT=$(jq -r .HTTPS_PORT $DOMAIN_SOURCE); +HTTPS_PORT=$(jq -r .HTTPS_PORT $DOMAIN_SOURCE) ALIASES_HTTP=$(jq -r '.ALIASES_HTTP | select(.!="null") | join(" ")' $DOMAIN_SOURCE) ALIASES_HTTPS=$(jq -r '.ALIASES_HTTPS | select(.!="null") | join(" ")' $DOMAIN_SOURCE) REDIRECT_HTTP=$(jq -r .REDIRECT_HTTP $DOMAIN_SOURCE) @@ -20,85 +20,91 @@ MAX_BODY_SIZE=$(jq -r .MAX_BODY_SIZE $DOMAIN_SOURCE) DEBUG=$(jq -r .DEBUG $DOMAIN_SOURCE) ALLOWED_NETWORK=$(jq -r '.ALLOWED_NETWORK | select(.!="null") | join(" ")' $DOMAIN_SOURCE) OPERATION=$(jq -r '.OPERATION' $DOMAIN_SOURCE) +BASIC_AUTH=$(jq -r .BASIC_AUTH $DOMAIN_SOURCE) ALTERNATE_LOCATION_PATH=$(jq -r .ALTERNATE_LOCATION_PATH $DOMAIN_SOURCE) -LOCAL_NAME=$(jq -r .LOCAL_NAME $DOMAIN_SOURCE 2>/dev/null); +LOCAL_NAME=$(jq -r .LOCAL_NAME $DOMAIN_SOURCE 2>/dev/null) if [[ "$LOCAL_NAME" == "" || "$LOCAL_NAME" == "null" ]]; then - LOCAL_NAME=$(jq -r .LOCAL_IP $DOMAIN_SOURCE 2>/dev/null); + LOCAL_NAME=$(jq -r .LOCAL_IP $DOMAIN_SOURCE 2>/dev/null) fi -RELOAD_LOCATIONS=""; +RELOAD_LOCATIONS="" if [ -n "$2" ]; then - echo "$DOMAIN_NAME DELETED"; - rm $DOMAIN_NAME.conf; - exit; + echo "$DOMAIN_NAME DELETED" + rm $DOMAIN_NAME.conf + exit fi add_alternate_location() { - { - cat $DOMAIN_NAME.conf | head -n -1 - add_location; - echo "}" + { + cat $DOMAIN_NAME.conf | head -n -1 + add_location + echo "}" - } >> "$file" + } >>"$file" } add_location() { - if [[ "$ALTERNATE_LOCATION_PATH" != "" ]]; then + if [[ "$ALTERNATE_LOCATION_PATH" != "" ]]; then - ALP_IDX=$(jq -r '.ALTERNATE_LOCATION_PATH | length' $DOMAIN_SOURCE) - ALP_IDX=$(( $ALP_IDX - 1 )) + ALP_IDX=$(jq -r '.ALTERNATE_LOCATION_PATH | length' $DOMAIN_SOURCE) + ALP_IDX=$(($ALP_IDX - 1)) - for i in $(seq 0 $ALP_IDX) ; - do - ALP=$(jq -r .ALTERNATE_LOCATION_PATH[$i] $DOMAIN_SOURCE) + for i in $(seq 0 $ALP_IDX); do + ALP=$(jq -r .ALTERNATE_LOCATION_PATH[$i] $DOMAIN_SOURCE) - ALP_LOCAL_PATH=$(echo $ALP | jq -rc .LOCAL_PATH); - ALP_LOCAL_NAME=$(echo $ALP | jq -rc .LOCAL_NAME); - ALP_LOCAL_PORT=$(echo $ALP | jq -rc .LOCAL_PORT); - ALP_LOCAL_ALLOWED_NETWORK=$(echo $ALP | jq -rc '.LOCAL_ALLOWED_NETWORK | select(.!="null") | join(" ")'); + ALP_LOCAL_PATH=$(echo $ALP | jq -rc .LOCAL_PATH) + ALP_LOCAL_NAME=$(echo $ALP | jq -rc .LOCAL_NAME) + ALP_LOCAL_PORT=$(echo $ALP | jq -rc .LOCAL_PORT) + ALP_LOCAL_ALLOWED_NETWORK=$(echo $ALP | jq -rc '.LOCAL_ALLOWED_NETWORK | select(.!="null") | join(" ")') - # do not duplicate locations - EXISTS=$(grep -rn "location $ALP_LOCAL_PATH {" -m 1 $DOMAIN_NAME.conf); - if [ -n "$EXISTS" ]; then - ROW_NUMBER=$(echo $EXISTS | cut -d ':' -f1); - START=$(($ROW_NUMBER + 2)); - OFFSET=$(tail -n+$START $DOMAIN_NAME.conf | grep -n '}' -m 1 | cut -d ':' -f1); - OFFSET=$(($OFFSET - 2)); - ALP_ALLOWED=$(echo $(tail -n+$START $DOMAIN_NAME.conf | head -n $OFFSET | awk '{print $2}')); # echo removes space at the end - if [ "$ALP_LOCAL_ALLOWED_NETWORK" != "$ALP_ALLOWED" ]; then - RELOAD_LOCATIONS=$RELOAD_LOCATIONS$ALP_LOCAL_PATH" " - fi; - # skip if exists - continue; - fi; + # do not duplicate locations + EXISTS=$(grep -rn "location $ALP_LOCAL_PATH {" -m 1 $DOMAIN_NAME.conf) + if [ -n "$EXISTS" ]; then + ROW_NUMBER=$(echo $EXISTS | cut -d ':' -f1) + START=$(($ROW_NUMBER + 2)) + OFFSET=$(tail -n+$START $DOMAIN_NAME.conf | grep -n '}' -m 1 | cut -d ':' -f1) + OFFSET=$(($OFFSET - 2)) + ALP_ALLOWED=$(echo $(tail -n+$START $DOMAIN_NAME.conf | head -n $OFFSET | awk '{print $2}')) # echo removes space at the end + if [ "$ALP_LOCAL_ALLOWED_NETWORK" != "$ALP_ALLOWED" ]; then + RELOAD_LOCATIONS=$RELOAD_LOCATIONS$ALP_LOCAL_PATH" " + fi + # skip if exists + continue + fi - if [[ "$ALP_LOCAL_NAME" = "" ]]; then - ALP_LOCAL_NAME=$LOCAL_NAME - fi; + if [[ "$ALP_LOCAL_NAME" = "" ]]; then + ALP_LOCAL_NAME=$LOCAL_NAME + fi - if [[ "$ALP_LOCAL_PORT" = "" ]]; then - ALP_LOCAL_PORT=$HTTP_PORT - fi; + if [[ "$ALP_LOCAL_PORT" = "" ]]; then + ALP_LOCAL_PORT=$HTTP_PORT + fi - echo "location $ALP_LOCAL_PATH {" + echo "location $ALP_LOCAL_PATH {" - if [[ "$ALP_LOCAL_ALLOWED_NETWORK" != "" ]]; then - echo " limit_except GET HEAD {"; - for i in $(echo $ALP_LOCAL_ALLOWED_NETWORK) ; do - echo " allow $i"; - done; - echo " deny all;"; - echo " }"; - fi + if [ "$BASIC_AUTH" == "TRUE" ]; then + echo ' auth_basic "Administrator’s Area"; + auth_basic_user_file conf/htpasswd; + ' + fi - if [[ "$ALP_LOCAL_PORT" != "" ]]; then - echo " proxy_pass http://$ALP_LOCAL_NAME:$ALP_LOCAL_PORT/;" - else - echo " proxy_pass http://$ALP_LOCAL_NAME:80;" - fi - - echo " proxy_set_header Host "'$http_host'"; + if [[ "$ALP_LOCAL_ALLOWED_NETWORK" != "" ]]; then + echo " limit_except GET HEAD {" + for i in $(echo $ALP_LOCAL_ALLOWED_NETWORK); do + echo " allow $i" + done + echo " deny all;" + echo " }" + fi + + if [[ "$ALP_LOCAL_PORT" != "" ]]; then + echo " proxy_pass http://$ALP_LOCAL_NAME:$ALP_LOCAL_PORT/;" + else + echo " proxy_pass http://$ALP_LOCAL_NAME:80;" + fi + + echo " proxy_set_header Host "'$http_host'"; proxy_set_header X-Real-IP "'$remote_addr'"; proxy_set_header X-Forwarded-For "'$proxy_add_x_forwarded_for'"; proxy_set_header X-Forwarded-Proto "'$scheme'"; @@ -110,222 +116,225 @@ add_location() { proxy_read_timeout 300; proxy_next_upstream off;" - if [[ "$DEBUG" != "true" ]]; then - echo " access_log off;" - fi - echo " proxy_redirect off;" - echo " proxy_buffering off;" - echo "}" - echo "# location end" - done; - fi; + if [[ "$DEBUG" != "true" ]]; then + echo " access_log off;" + fi + echo " proxy_redirect off;" + echo " proxy_buffering off;" + echo "}" + echo "# location end" + done + fi } remove_alternate_location() { - if [[ "$ALTERNATE_LOCATION_PATH" != "" ]]; then + if [[ "$ALTERNATE_LOCATION_PATH" != "" ]]; then - ALP_IDX=$(jq -r '.ALTERNATE_LOCATION_PATH | length' $DOMAIN_SOURCE) - ALP_IDX=$(( $ALP_IDX - 1 )) + ALP_IDX=$(jq -r '.ALTERNATE_LOCATION_PATH | length' $DOMAIN_SOURCE) + ALP_IDX=$(($ALP_IDX - 1)) - for i in $(seq 0 $ALP_IDX) ; - do - ALP=$(jq -r .ALTERNATE_LOCATION_PATH[$i] $DOMAIN_SOURCE) - ALP_LOCAL_PATH=$(echo $ALP | jq -rc .LOCAL_PATH); - remove_location $ALP_LOCAL_PATH - done; - fi; + for i in $(seq 0 $ALP_IDX); do + ALP=$(jq -r .ALTERNATE_LOCATION_PATH[$i] $DOMAIN_SOURCE) + ALP_LOCAL_PATH=$(echo $ALP | jq -rc .LOCAL_PATH) + remove_location $ALP_LOCAL_PATH + done + fi } remove_location() { - local LOCATION=$1 + local LOCATION=$1 - LOCATION_ROW="location $LOCATION {"; - ROW_NUMBER=$(grep -rn "$LOCATION_ROW" $DOMAIN_NAME.conf | cut -d ':' -f1); - if [ -n "$ROW_NUMBER" ]; then - OFFSET=$(tail -n+$ROW_NUMBER $DOMAIN_NAME.conf | grep -n '# location end' -m 1 | cut -d ':' -f1); - START=$(($ROW_NUMBER - 1)); - END=$(($ROW_NUMBER + $OFFSET)); + LOCATION_ROW="location $LOCATION {" + ROW_NUMBER=$(grep -rn "$LOCATION_ROW" $DOMAIN_NAME.conf | cut -d ':' -f1) + if [ -n "$ROW_NUMBER" ]; then + OFFSET=$(tail -n+$ROW_NUMBER $DOMAIN_NAME.conf | grep -n '# location end' -m 1 | cut -d ':' -f1) + START=$(($ROW_NUMBER - 1)) + END=$(($ROW_NUMBER + $OFFSET)) - { - head -n$START $DOMAIN_NAME.conf - tail -n+$END $DOMAIN_NAME.conf - } >> $file + { + head -n$START $DOMAIN_NAME.conf + tail -n+$END $DOMAIN_NAME.conf + } >>$file - mv $file $DOMAIN_NAME.conf; - fi; + mv $file $DOMAIN_NAME.conf + fi } # create new nginx config create_new_config() { -{ + { -REGENERATE="$1" + REGENERATE="$1" -if [[ "$HTTP_PORT" != "80" ]]; then - echo "server { + if [[ "$HTTP_PORT" != "80" ]]; then + echo "server { listen 80 proxy_protocol;" - if [[ "$ALIASES_HTTP" != "" ]]; then - echo "server_name $DOMAIN_NAME $ALIASES_HTTP;" - else - echo "server_name $DOMAIN_NAME;" - fi -echo "set_real_ip_from 0.0.0.0/0; + if [[ "$ALIASES_HTTP" != "" ]]; then + echo "server_name $DOMAIN_NAME $ALIASES_HTTP;" + else + echo "server_name $DOMAIN_NAME;" + fi + echo "set_real_ip_from 0.0.0.0/0; real_ip_header proxy_protocol; rewrite_log on; return 301 https://$DOMAIN_NAME; }" -fi + fi -if [[ "$HTTP_PORT" != "" && "$HTTP_PORT" != "80" ]]; then - echo "server { + if [[ "$HTTP_PORT" != "" && "$HTTP_PORT" != "80" ]]; then + echo "server { listen $HTTP_PORT proxy_protocol; set_real_ip_from 0.0.0.0/0; real_ip_header proxy_protocol;" - - if [[ "$ALIASES_HTTP" != "" ]]; then - echo "server_name $DOMAIN_NAME $ALIASES_HTTP;" - else - echo "server_name $DOMAIN_NAME;" - fi - - if [[ "$MAX_BODY_SIZE" != "" ]]; then - echo "client_max_body_size "$MAX_BODY_SIZE";" - - else - - echo "client_max_body_size 0;" - fi - - echo "rewrite_log on;" - - - if [[ "$REDIRECT_HTTP" != "" ]] ; then - echo "return 301 $REDIRECT_HTTP;" - elif [[ "$HTTP_PORT" == "" ]]; then - echo "return 301 https://"$DOMAIN_NAME; - - else - echo "location / {" - - if [[ "$ALLOWED_NETWORK" != "" ]]; then - ALLOWED_NETWORK_IDX=$(jq -r '.ALLOWED_NETWORK | length' $DOMAIN_SOURCE) - ALLOWED_NETWORK_IDX=$(( $ALLOWED_NETWORK_IDX - 1 )) - - echo " limit_except GET HEAD {"; - for i in $(seq 0 $ALLOWED_NETWORK_IDX) ; do - AN=$(jq -r .ALLOWED_NETWORK[$i] $DOMAIN_SOURCE) - echo " allow "$AN";" - done - echo " deny all;" - echo " }"; - fi - - if [[ "$HTTP_PORT" != "" ]]; then - echo " proxy_pass http://$LOCAL_NAME:$HTTP_PORT;" - fi - - echo " proxy_set_header Host "'$http_host'"; + + if [[ "$ALIASES_HTTP" != "" ]]; then + echo "server_name $DOMAIN_NAME $ALIASES_HTTP;" + else + echo "server_name $DOMAIN_NAME;" + fi + + if [[ "$MAX_BODY_SIZE" != "" ]]; then + echo "client_max_body_size "$MAX_BODY_SIZE";" + + else + + echo "client_max_body_size 0;" + fi + + echo "rewrite_log on;" + + if [[ "$REDIRECT_HTTP" != "" ]]; then + echo "return 301 $REDIRECT_HTTP;" + elif [[ "$HTTP_PORT" == "" ]]; then + echo "return 301 https://"$DOMAIN_NAME + + else + echo "location / {" + + if [ "$BASIC_AUTH" == "TRUE" ]; then + echo ' auth_basic "Administrator’s Area"; + auth_basic_user_file conf/htpasswd; + ' + fi + + if [[ "$ALLOWED_NETWORK" != "" ]]; then + ALLOWED_NETWORK_IDX=$(jq -r '.ALLOWED_NETWORK | length' $DOMAIN_SOURCE) + ALLOWED_NETWORK_IDX=$(($ALLOWED_NETWORK_IDX - 1)) + + echo " limit_except GET HEAD {" + for i in $(seq 0 $ALLOWED_NETWORK_IDX); do + AN=$(jq -r .ALLOWED_NETWORK[$i] $DOMAIN_SOURCE) + echo " allow "$AN";" + done + echo " deny all;" + echo " }" + fi + + if [[ "$HTTP_PORT" != "" ]]; then + echo " proxy_pass http://$LOCAL_NAME:$HTTP_PORT;" + fi + + echo " proxy_set_header Host "'$http_host'"; proxy_set_header X-Real-IP "'$remote_addr'"; proxy_set_header X-Forwarded-For "'$proxy_add_x_forwarded_for'"; proxy_set_header X-Forwarded-Proto "'$scheme'"; proxy_set_header Upgrade "'$http_upgrade;'" proxy_cookie_path / /; proxy_set_header Connection "'$http_connection'" ;" - - if [[ "$DEBUG" != "true" ]]; then - echo " access_log off;" - fi - echo " proxy_redirect off;" - echo " proxy_buffering off;" - echo "}" - - if [[ "$ERROR_PAGE" != "" && "$HTTP_PORT" != "" ]]; then - echo "error_page 404 /$ERROR_PAGE; + + if [[ "$DEBUG" != "true" ]]; then + echo " access_log off;" + fi + echo " proxy_redirect off;" + echo " proxy_buffering off;" + echo "}" + + if [[ "$ERROR_PAGE" != "" && "$HTTP_PORT" != "" ]]; then + echo "error_page 404 /$ERROR_PAGE; location = /$ERROR_PAGE { root html; allow all; index 404.html; rewrite ^ "'$scheme'" http://$ERROR_PAGE"'$request_uri'" permanent; }" - fi - fi - echo "}" -fi + fi + fi + echo "}" + fi -if [[ "$HTTPS_PORT" != "" ]]; then - echo "server { + if [[ "$HTTPS_PORT" != "" ]]; then + echo "server { listen 443 ssl proxy_protocol; set_real_ip_from 0.0.0.0/0; real_ip_header proxy_protocol;" -if [[ "$ALIASES_HTTPS" != "" ]]; then - echo "server_name $DOMAIN_NAME $ALIASES_HTTPS;" -else - echo "server_name $DOMAIN_NAME;" -fi + if [[ "$ALIASES_HTTPS" != "" ]]; then + echo "server_name $DOMAIN_NAME $ALIASES_HTTPS;" + else + echo "server_name $DOMAIN_NAME;" + fi -if [[ "$MAX_BODY_SIZE" != "" ]]; then - echo "client_max_body_size "$MAX_BODY_SIZE";" -else - echo "client_max_body_size 0;" -fi + if [[ "$MAX_BODY_SIZE" != "" ]]; then + echo "client_max_body_size "$MAX_BODY_SIZE";" + else + echo "client_max_body_size 0;" + fi -echo "rewrite_log on; + echo "rewrite_log on; proxy_ssl_server_name on; ssl_dhparam /etc/ssl/keys/$DOMAIN_NAME/dhparam.pem;" -if [ "$GENERATE_CERTIFICATE" == "true" ]; then + if [ "$GENERATE_CERTIFICATE" == "true" ]; then -echo "ssl_certificate /etc/ssl/keys/$DOMAIN_NAME/fullchain.pem; + echo "ssl_certificate /etc/ssl/keys/$DOMAIN_NAME/fullchain.pem; ssl_certificate_key /etc/ssl/keys/$DOMAIN_NAME/key.pem;" -else - echo "ssl_certificate /etc/ssl/keys/fullchain.pem; + else + echo "ssl_certificate /etc/ssl/keys/fullchain.pem; ssl_certificate_key /etc/ssl/keys/key.pem;" -fi + fi -echo "ssl_protocols TLSv1 TLSv1.1 TLSv1.2; + echo "ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; ssl_ciphers "'"EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS !RC4 !kDHE"'"; ssl_session_cache shared:SSL:50m; ssl_session_timeout 5m; ssl_stapling on;" - - if [[ "$ERROR_PAGE" != "" && "$HTTPS_PORT" != "" ]]; then - echo "error_page 404 /$ERROR_PAGE; + if [[ "$ERROR_PAGE" != "" && "$HTTPS_PORT" != "" ]]; then + echo "error_page 404 /$ERROR_PAGE; location = /$ERROR_PAGE { root html; allow all; index 404.html; rewrite ^ "'$scheme' "http://$ERROR_PAGE"'$request_uri'" permanent; }" - fi + fi - if [[ "$REDIRECT_HTTPS" != "" ]]; then - echo "return 301 $REDIRECT_HTTPS;" - else - echo "location / {" + if [[ "$REDIRECT_HTTPS" != "" ]]; then + echo "return 301 $REDIRECT_HTTPS;" + else + echo "location / {" - if [[ "$ALLOWED_NETWORK" != "" ]]; then - ALLOWED_NETWORK_IDX=$(jq -r '.ALLOWED_NETWORK | length' $DOMAIN_SOURCE) - ALLOWED_NETWORK_IDX=$(( $ALLOWED_NETWORK_IDX - 1 )) - - echo " limit_except GET HEAD {"; - for i in $(seq 0 $ALLOWED_NETWORK_IDX) ; do - AN=$(jq -r .ALLOWED_NETWORK[$i] $DOMAIN_SOURCE) - echo " allow "$AN";" - done - echo " deny all;" - echo " }"; - fi -echo " proxy_pass http://$LOCAL_NAME:$HTTPS_PORT;" - - echo " proxy_set_header Host "'$http_host'"; + if [[ "$ALLOWED_NETWORK" != "" ]]; then + ALLOWED_NETWORK_IDX=$(jq -r '.ALLOWED_NETWORK | length' $DOMAIN_SOURCE) + ALLOWED_NETWORK_IDX=$(($ALLOWED_NETWORK_IDX - 1)) + + echo " limit_except GET HEAD {" + for i in $(seq 0 $ALLOWED_NETWORK_IDX); do + AN=$(jq -r .ALLOWED_NETWORK[$i] $DOMAIN_SOURCE) + echo " allow "$AN";" + done + echo " deny all;" + echo " }" + fi + echo " proxy_pass http://$LOCAL_NAME:$HTTPS_PORT;" + + echo " proxy_set_header Host "'$http_host'"; proxy_set_header X-Real-IP "'$remote_addr'"; proxy_set_header X-Forwarded-For "'$proxy_add_x_forwarded_for'"; proxy_set_header X-Forwarded-Proto "'$scheme'"; @@ -337,90 +346,89 @@ echo " proxy_pass http://$LOCAL_NAME:$HTTPS_PORT;" proxy_read_timeout 300; proxy_next_upstream off;" - if [[ "$DEBUG" != "true" ]]; then - echo " access_log off;" - fi - echo " proxy_redirect off;" - echo " proxy_buffering off;" - echo "}" + if [[ "$DEBUG" != "true" ]]; then + echo " access_log off;" + fi + echo " proxy_redirect off;" + echo " proxy_buffering off;" + echo "}" - echo "# first location end"; + echo "# first location end" - add_location; + add_location - fi + fi -if [ "$REGENERATE" == "" ]; then - echo "}" -fi; + if [ "$REGENERATE" == "" ]; then + echo "}" + fi -fi + fi -} >> "$file" + } >>"$file" } regenerate_config() { - mv $file $DOMAIN_NAME.conf; + mv $file $DOMAIN_NAME.conf - # regenerates nginx config into $file - create_new_config "regenerate"; + # regenerates nginx config into $file + create_new_config "regenerate" - # append existing alternate locations to new config file - OFFSET=$(cat $DOMAIN_NAME.conf | grep -n '# first location end' -m 1 | cut -d ':' -f1); - OFFSET=$(($OFFSET + 1)); - { - tail -n+$OFFSET $DOMAIN_NAME.conf - } >> $file + # append existing alternate locations to new config file + OFFSET=$(cat $DOMAIN_NAME.conf | grep -n '# first location end' -m 1 | cut -d ':' -f1) + OFFSET=$(($OFFSET + 1)) + { + tail -n+$OFFSET $DOMAIN_NAME.conf + } >>$file } file="/tmp/$DOMAIN_NAME.conf" # check whether certificates exist or not - -echo "created domain name: "$DOMAIN_NAME; +echo "created domain name: "$DOMAIN_NAME #cp -a /scripts/nginx_template.conf /tmp/$DOMAIN.conf # if domain already exists as a config file append alternate location there if [ -f $DOMAIN_NAME.conf ]; then - if [ "$OPERATION" = "DELETE" ]; then - remove_alternate_location; - elif [ "$OPERATION" = "MODIFY" ]; then - # must be before create_new_config - remove_alternate_location; - add_alternate_location; + if [ "$OPERATION" = "DELETE" ]; then + remove_alternate_location + elif [ "$OPERATION" = "MODIFY" ]; then + # must be before create_new_config + remove_alternate_location + add_alternate_location - regenerate_config; + regenerate_config - else - # default CREATE, append location - add_alternate_location; + else + # default CREATE, append location + add_alternate_location - regenerate_config; + regenerate_config - # reload alternate locations if allowed networks has changed - if [ -n "$RELOAD_LOCATIONS" ]; then - rm $file; - remove_alternate_location; - add_alternate_location; - fi; - fi; + # reload alternate locations if allowed networks has changed + if [ -n "$RELOAD_LOCATIONS" ]; then + rm $file + remove_alternate_location + add_alternate_location + fi + fi else - # rewrite operation if nginx config file doesn't exists - OPERATION="CREATE"; - create_new_config; + # rewrite operation if nginx config file doesn't exists + OPERATION="CREATE" + create_new_config -fi; # end of create new nginx config +fi # end of create new nginx config if [ "$OPERATION" != "DELETE" ]; then - mv $file $DOMAIN_NAME.conf; -fi; -echo "$DOMAIN" >> new_config + mv $file $DOMAIN_NAME.conf +fi +echo "$DOMAIN" >>new_config if [ "$HTTPS_PORT" != "" ]; then - /scripts/check_certificates.sh "$DOMAIN_NAME"; + /scripts/check_certificates.sh "$DOMAIN_NAME" fi