2022-02-07 01:16:59 +01:00
|
|
|
#!/bin/bash
|
|
|
|
|
|
|
|
|
|
set -e
|
|
|
|
|
|
|
|
|
|
# Web dashboard
|
|
|
|
|
systemctl enable --now nginx
|
|
|
|
|
|
|
|
|
|
firewall-cmd --zone=public --add-service=http --permanent
|
|
|
|
|
firewall-cmd --zone=public --add-service=https --permanent
|
|
|
|
|
firewall-cmd --reload
|
|
|
|
|
|
|
|
|
|
# Request SSL certificate. This assumes DNS has been set up already
|
|
|
|
|
certbot -n --nginx -d ${DOMAINNAME} -d www.${DOMAINNAME} --agree-tos -m "${letsencryptemail}"
|
|
|
|
|
|
|
|
|
|
# Put the website files in place
|
2022-02-09 03:18:10 +01:00
|
|
|
cp -r "$(dirname "$0")"/../website/* /var/www/html
|
2022-02-15 01:13:57 +01:00
|
|
|
for file in /var/www/html/*\.html /var/www/html/js/*\.js; do
|
|
|
|
|
sed -i $file -e s/"DOMAINNAME"/"${DOMAINNAME}"/g
|
2022-02-07 01:16:59 +01:00
|
|
|
done
|
2022-02-15 01:13:57 +01:00
|
|
|
for file in /var/www/html/*\.html; do
|
|
|
|
|
sed -i $file -e s/"HOSTEDBYNAME"/"${HOSTEDBYNAME}"/g
|
2022-02-07 01:16:59 +01:00
|
|
|
done
|
|
|
|
|
|
|
|
|
|
# Patch the NGINX configuration for the web sockets
|
|
|
|
|
cp /etc/nginx/sites-available/default /etc/nginx/sites-available/default.bak
|
2022-02-09 13:25:02 +01:00
|
|
|
patch --ignore-whitespace /etc/nginx/sites-available/default <<EOF
|
|
|
|
|
--- default.bak 2022-02-09 12:00:07.665387879 +0000
|
|
|
|
|
+++ default 2022-02-09 12:02:41.083719671 +0000
|
2022-02-07 01:16:59 +01:00
|
|
|
@@ -16,6 +16,11 @@
|
|
|
|
|
# Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples.
|
|
|
|
|
##
|
|
|
|
|
|
|
|
|
|
+map \$http_upgrade \$connection_upgrade {
|
|
|
|
|
+ default upgrade;
|
|
|
|
|
+ '' close;
|
|
|
|
|
+}
|
|
|
|
|
+
|
|
|
|
|
# Default server configuration
|
|
|
|
|
#
|
|
|
|
|
server {
|
2022-02-13 02:28:23 +01:00
|
|
|
@@ -121,6 +126,39 @@
|
2022-02-07 01:16:59 +01:00
|
|
|
try_files \$uri \$uri/ =404;
|
|
|
|
|
}
|
|
|
|
|
|
2022-02-13 02:28:23 +01:00
|
|
|
+ location ^~ /admin {
|
2022-02-13 21:10:59 +01:00
|
|
|
+ auth_basic "Restricted";
|
2022-02-13 02:28:23 +01:00
|
|
|
+ auth_basic_user_file /etc/nginx/htpasswd;
|
|
|
|
|
+ }
|
|
|
|
|
+
|
2022-02-07 01:16:59 +01:00
|
|
|
+ location /mindustry {
|
|
|
|
|
+ proxy_pass http://localhost:62548/;
|
|
|
|
|
+ proxy_http_version 1.1;
|
|
|
|
|
+ proxy_set_header Upgrade \$http_upgrade;
|
|
|
|
|
+ proxy_set_header Connection "Upgrade";
|
|
|
|
|
+ proxy_set_header Host \$host;
|
|
|
|
|
+ }
|
|
|
|
|
+
|
|
|
|
|
+ location /unvanquished {
|
|
|
|
|
+ proxy_pass http://localhost:62549/;
|
|
|
|
|
+ proxy_http_version 1.1;
|
|
|
|
|
+ proxy_set_header Upgrade \$http_upgrade;
|
|
|
|
|
+ proxy_set_header Connection "Upgrade";
|
|
|
|
|
+ proxy_set_header Host \$host;
|
|
|
|
|
+ }
|
|
|
|
|
+
|
|
|
|
|
+ location /xonotic {
|
|
|
|
|
+ proxy_pass http://localhost:62550/;
|
|
|
|
|
+ proxy_http_version 1.1;
|
|
|
|
|
+ proxy_set_header Upgrade \$http_upgrade;
|
|
|
|
|
+ proxy_set_header Connection "Upgrade";
|
|
|
|
|
+ proxy_set_header Host \$host;
|
|
|
|
|
+ }
|
2022-02-07 02:34:02 +01:00
|
|
|
+
|
|
|
|
|
+ location /monitoring/ {
|
|
|
|
|
+ proxy_pass http://localhost:9000/;
|
|
|
|
|
+ }
|
2022-02-07 01:16:59 +01:00
|
|
|
+
|
|
|
|
|
# pass PHP scripts to FastCGI server
|
|
|
|
|
#
|
|
|
|
|
#location ~ \\.php\$ {
|
|
|
|
|
EOF
|
|
|
|
|
|
2022-02-13 02:28:23 +01:00
|
|
|
# Store password
|
|
|
|
|
echo -n "${systemuser}:" > /etc/nginx/htpasswd
|
2022-02-13 21:10:59 +01:00
|
|
|
echo -e "import bcrypt\nprint(bcrypt.hashpw('${systempassword}'.encode('utf8'),bcrypt.gensalt(rounds=10)).decode('utf8'))" | python3 >> /etc/nginx/htpasswd
|
2022-02-13 02:28:23 +01:00
|
|
|
|
2022-02-07 01:16:59 +01:00
|
|
|
systemctl restart nginx
|
