From 470df579cfa4c512b5e0844d682af9ee063f7b19 Mon Sep 17 00:00:00 2001
From: gyurix <gyorgy.berenyi@format.hu>
Date: Sun, 1 Jan 2012 00:43:59 +0000
Subject: [PATCH] Adding connfig create files

---
 scripts/nginx_config_create.sh | 111 +++++++++++++++++++++++++++++++++
 scripts/nginx_template.conf    |  15 +++++
 scripts/scheduler.sh           |   8 ++-
 3 files changed, 133 insertions(+), 1 deletion(-)
 create mode 100755 scripts/nginx_config_create.sh
 create mode 100644 scripts/nginx_template.conf

diff --git a/scripts/nginx_config_create.sh b/scripts/nginx_config_create.sh
new file mode 100755
index 0000000..5edc118
--- /dev/null
+++ b/scripts/nginx_config_create.sh
@@ -0,0 +1,111 @@
+#!/bin/sh
+
+JQ="jq -r"
+
+DOMAIN=$DOMAIN
+DOMAIN_SOURCE=/domains/$DOMAIN.json
+
+DOMAIN_NAME=$(jq -r .DOMAIN $DOMAIN_SOURCE)
+HTTP_PORT=$(jq -r .HTTP_PORT $DOMAIN_SOURCE)
+HTTPS_PORT=$(jq -r .HTTPS_PORT $DOMAIN_SOURCE)
+LOCAL_IP=$(jq -r .LOCAL_IP $DOMAIN_SOURCE)
+ALIASES_HTTP=$(jq -r .ALIASES_HTTP $DOMAIN_SOURCE)
+ALIASES_HTTPS=$(jq -r .ALIASES_HTTPS $DOMAIN_SOURCE)
+REDIRECT_HTTP=$(jq -r .REDIRECT_HTTP $DOMAIN_SOURCE)
+REDIRECT_HTTPS=$(jq -r .REDIRECT_HTTPS $DOMAIN_SOURCE)
+ERROR_PAGE=$(jq -r .ERROR_PAGE $DOMAIN_SOURCE)
+
+cd /proxy_config
+
+file="$DOMAIN.conf"
+
+cp -a nginx_template.conf $DOMAIN.conf
+
+{
+
+if [ $HTTP_PORT != "" ]; then
+	echo "server {
+listen $HTTP_PORT;
+server_name $DOMAIN_NAME;
+rewrite_log on"
+fi
+
+echo
+
+if [[ $REDIRECT_HTTP != "" ]]; then
+	echo "return 301 http://$REDIRECT_HTTP;
+ }"
+elif [[ $REDIRECT_HTTPS != "" ]]; then
+	echo "return 301 https://$REDIRECT_HTTPS;
+ }"
+	else
+		if [[ $ERROR_PAGE != "" ]]; then
+		echo "error_page 404 /$ERROR_PAGE;
+location = /$ERROR_PAGE {
+      root    html;
+      allow   all;
+      index   404.html
+      rewrite ^ "'$scheme'"http://$ERROR_PAGE"'$request_uri'" permanent;
+              }"
+		fi
+	echo "location / {
+ proxy_pass http://$LOCAL_IP:$HTTP_PORT;
+ proxy_redirect off;
+ proxy_buffering off;
+ proxy_set_header X-Forwarded-For "'$proxy_add_x_forwarded_for'";
+ proxy_set_header Upgrade "'$http_upgrade'";
+ proxy_set_header Connection "'$http_connection'";
+ proxy_cookie_path / /;
+ access_log off;
+ }"
+fi
+
+if [[ $HTTPS_PORT == "" ]] ; then
+	echo "}"
+fi
+
+if [ $HTTPS_PORT != "" ]; then
+	echo "server {
+listen $HTTPS_PORT ssl;
+server_name $DOMAIN_NAME;
+rewrite_log on
+proxy_ssl_server_name on; 
+ssl_dhparam /etc/ssl/keys/dhparams.pem;
+ ssl_certificate /etc/ssl/keys/fullchain.pem;
+ ssl_certificate_key /etc/ssl/keys/key.pem;
+ ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
+ ssl_prefer_server_ciphers on;
+ ssl_ciphers "'"EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS !RC4"'";
+
+ # Hardening as-per https://gist.github.com/plentz/6737338
+ssl_session_cache shared:SSL:50m;
+ssl_session_timeout 5m;
+ssl_stapling on;"
+fi
+
+echo
+
+if [[ $ERROR_PAGE != "" ]]; then
+	echo "error_page 404 /$ERROR_PAGE;
+location = /$ERROR_PAGE {
+      root    html;
+      allow   all;
+      index   404.html
+      rewrite ^ "'$scheme'" http://$ERROR_PAGE"'$request_uri'" permanent;
+              }"
+fi
+echo 
+
+echo "location / {
+ proxy_pass http://$LOCAL_IP:$HTTP_PORT;
+ proxy_redirect off;
+ proxy_buffering off;
+ proxy_set_header X-Forwarded-For "'$proxy_add_x_forwarded_for'";
+ proxy_set_header Upgrade "'$http_upgrade'";
+ proxy_set_header Connection "'$http_connection'";
+ proxy_cookie_path / /;
+ access_log off;
+ } 
+}"
+
+} >> "$file"
diff --git a/scripts/nginx_template.conf b/scripts/nginx_template.conf
new file mode 100644
index 0000000..cfb20db
--- /dev/null
+++ b/scripts/nginx_template.conf
@@ -0,0 +1,15 @@
+daemon off;                                                                   
+worker_processes  1;                                                            
+error_log stderr debug;                                                        
+events {                                                                        
+    worker_connections  1024;                                                   
+} 
+
+http {                                                                        
+    include       mime.types;                                                 
+    default_type  application/octet-stream;                                   
+                                                                              
+    access_log /dev/stdout;                                                   
+    sendfile        on;                                                         
+    keepalive_timeout  65;
+ 
diff --git a/scripts/scheduler.sh b/scripts/scheduler.sh
index af8e4ca..f1e2529 100755
--- a/scripts/scheduler.sh
+++ b/scripts/scheduler.sh
@@ -10,6 +10,7 @@ service_exec="docker run --rm -v /etc/user/config/services/:/services/:ro -v /va
 
 # Set env variables
 	
+	DOMAIN_DIR=$DOMAIN_DIR
 	CERT_DIR=$CERT_DIR
 	PROXY_SERVICE_FILE=$PROXY_SERVICE_FILE
 	PROXY_CONFIG_DIR=$PROXY_CONFIG_DIR
@@ -165,7 +166,7 @@ fi
 
 unset IFS
 
-inotifywait --exclude .sw -m -e CREATE,CLOSE_WRITE,CLOSE,DELETE -r $CERT_DIR $PROXY_CONFIG_DIR | \
+inotifywait --exclude .sw -m -e CREATE,CLOSE_WRITE,CLOSE,DELETE -r $DOMAIN_DIR $CERT_DIR $PROXY_CONFIG_DIR | \
 while read dir op file
 
 do 
@@ -182,6 +183,11 @@ do
       [[ "${parent}" == "${PROXY_CONFIG_DIR}" && "${op}" == "DELETE" ]] ; then
 		echo "proxy config created, changed or deleted";
 		check_proxy_state;
+ 
+ elif [[ "${parent}" == "${DOMAIN_DIR}" && "${op}" == "CLOSE_WRITE,CLOSE" ]] || \
+      [[ "${parent}" == "${DOMAIN_DIR}" && "${op}" == "DELETE" ]] ; then
+		echo "domain config created, changed or deleted";
+		./nginx_config_create.sh;
  fi
 
 done