Skip to content

Instantly share code, notes, and snippets.

@Rafaeltheraven

Rafaeltheraven/makesite.sh

Created June 7, 2025 09:39
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save Rafaeltheraven/e82f7372764a6ac053f4837dce96d82f to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save Rafaeltheraven/e82f7372764a6ac053f4837dce96d82f to your computer and use it in GitHub Desktop.
Download ZIP
A script to quickly create an nginx config file
Raw
makesite.sh
#!/bin/bash -e
#check for root
if [ "$EUID" -ne 0 ]
then
echo "Please run as root"
exit 1
fi
#formatting and echoing
echo "Welcome to the NGINX site creation script"
echo ""
echo "What would you like your site to be called?"
echo "Note that this is used for both the domain name ({INPUT}.example.tld), the directory file, and the name of the config file itself"
echo "if you want any of these to be different, you can always edit the appropriate file later"
echo ""
echo "Please type your desired sitename below"
read sitename
file="/etc/nginx/sites-available/$sitename"
dir="/var/www/$sitename"
fqdn="$sitename.example.tld"
#check if file or directory already exist
if [ -e "$file" ];
then
echo "$file already exists!"
exit 1
fi
#ask if they want some php with that
echo "Would you like php or to pass to an internal port?"
select php in no php port socket
do
case $php in
no|php|port|socket)
break
;;
*)
echo "Invalid option; please type 1, 2, 3 or 4."
;;
esac
done
#make the directory
if [ ! -d "$dir" ]; then
mkdir $dir
chown www-data:www-data $dir
fi
#make the template file
cp /etc/nginx/sites-available/template $file
sed -i "s#@dir#$dir#" $file
sed -i "s/@fqdn/$fqdn/" $file
if [ "$php" == "no" ];
then
sed -i "s/@phpindex//" $file
sed -i "s/#@ptry//" $file
fi
if [ "$php" == "php" ];
then
sed -i "s/@phpindex/index.php/" $file
sed -i "s/#@php//" $file
fi
if [ "$php" == "port" ];
then
read -p "What port should we pass to?: " port
sed -i "s/@phpindex//" $file
sed -i "s/#@ppass//" $file
sed -i "s#@ppurl#http://localhost:$port#" $file
fi
if [ "$php" == "socket" ];
then
read -p "What socket should we pass to?: " socket
sed -i "s/@phpindex//" $file
sed -i "s/#@ppass//" $file
sed -i "s#@ppurl#http://unix:$socket#" $file
fi
echo "Would you like basic auth by DAS?"
select auth in "Yes" "No"
do
case $auth in
Yes|No)
break
;;
*)
echo "Invalid option; please type 1 or 2."
;;
esac
done
if [ "$auth" == "yes" ]
then
sed -i "s/@auth//" $file
echo "Added forward auth! Do not forget to also add a forward auth client for $sitename in https://auth.example.tld !"
fi
echo "Created the site $sitename"
echo "Configuration placed in $file"
echo "Directory in $dir"
echo "Would you like to enable this website?"
select yn in "Yes" "No";
do
case $yn in
Yes ) ln -s $file /etc/nginx/sites-enabled/$sitename; service nginx reload; break;;
No ) echo "Alright, you can always symlink the config file to sites-enabled yourself"; exit;;
esac
done
Raw
template
##
# This is the standard web server config file.
# Replace the defaults with want you need it to be.
# Uncomment the php lines if you need php.
##
# Default server configuration
#
server {
# Uncomment these lines if you need to be reachable on http without being redirected
# listen 80;
# listen [::]:80;
listen 443 ssl;
listen [::]:443 ssl;
root @dir; #Change this line
server_name @fqdn; #Change this line
#add index.php to this list if you need php
index index.html @phpindex;
#This snippet enables DAS forward auth
#@authinclude snippets/das_authrequest.conf;
#@authinclude snippets/das_location.conf;
location / {
#@authinclude snippets/das_proxy_params.conf;
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
#@ppassproxy_set_header Host $host;
#@ppassproxy_set_header X-Real-IP $remote_addr;
#@ppassproxy_set_header X-Forwarded-Proto $scheme;
#@ppassproxy_set_header X-Forwarded-Port $server_port;
#@ppassproxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
#Websockets
#@ppassproxy_http_version 1.1;
#@ppassproxy_set_header Upgrade $http_upgrade;
#@ppassproxy_set_header Connection $http_connection;
#@ppassproxy_pass @ppurl;
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
#@ptrytry_files $uri $uri/ =404;
}
# uncomment these lines if you need php
#
#@phplocation ~ \.php$ {
#@php include snippets/fastcgi-php.conf;
#@php
#@php # With php-fpm (or other unix sockets):
#@php #This is the development socket, which displays errors
#@php fastcgi_pass unix:/var/run/php/php-fpm.sock;
#@php}
ssl_certificate /etc/letsencrypt/live/example.tld/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/example.tld/privkey.pem; # managed by Certbot
#ssl_session_cache shared:le_nginx_SSL:1m; # managed by Certbot
ssl_session_timeout 1440m; # managed by Certbot
ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on; # managed by Certbot
ssl_ciphers "ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-ECDSA-AES128-SHA ECDHE-ECDSA-AES256-SHA ECDHE-ECDSA-AES128-SHA256 ECDHE-ECDSA-AES256-SHA384 ECDHE-RSA-AES128-GCM-SHA256 ECDHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-AES128-SHA ECDHE-RSA-AES128-SHA256 ECDHE-RSA-AES256-SHA384 DHE-RSA-AES128-GCM-SHA256 DHE-RSA-AES256-GCM-SHA384 DHE-RSA-AES128-SHA DHE-RSA-AES256-SHA DHE-RSA-AES128-SHA256 DHE-RSA-AES256-SHA256 EDH-RSA-DES-CBC3-SHA"; # managed by Certbot
}
@Rafaeltheraven
Copy link
Author

Rafaeltheraven commented Jun 7, 2025

This is a simple script I have running on some servers. To use it, simply copy the template to /etc/nginx/sites-available/template and modify the domain names to fit your server.

The script also assumes authentication that is managed by DAS if you don't use DAS simply modify/delete that bit of the script/template

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment