1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360 361 362 363 364 365 366 367 368 369 370 371 372
| SHELL_NAME="nginx-ssl.sh" SHELL_DIR="/root" SHELL_LOG="${SHELL_DIR}/${SHELL_NAME}.log" LOCK_FILE="/tmp/${SHELL_NAME}.lock" function myi18n(){ if [[ "$#" -ne 1 ]] then echo "demo" fi if [[ $LANG =~ [Uu][Tt][Ff] ]] then echo "$1" else echo "$1" iconv -f utf-8 -t gbk fi } #Write Log shell_log(){ LOG_INFO=$1 myi18n "$(date "+%Y-%m-%d") $(date "+%H-%M-%S") : ${SHELL_NAME} : ${LOG_INFO}" >> ${SHELL_LOG} } shell_lock(){ touch ${LOCK_FILE} } shell_unlock(){ rm -f ${LOCK_FILE} } end(){ shell_unlock exit } shell_log "信息:脚本开始运行" if [ -f "$LOCK_FILE" ];then shell_log "${SHELL_NAME} 脚本正在运行中,若不是请使用 rm -rf /tmp/nginx-ssl.sh.lock 命令清理锁文件" myi18n "${SHELL_NAME} 脚本正在运行中,若不是请使用 rm -rf /tmp/nginx-ssl.sh.lock 命令清理锁文件" && exit fi shell_lock homeconfpath=/home/nginx-ssl/conf if [ ! -d "$homeconfpath" ];then myi18n "请输入nginx安装路径,比如:/usr/local/nginx" myi18n "如果使用wdcp环境,请直接回车" read -p ": " confpath if [ -z "$confpath" ] ;then confpath=/www/wdlinux/nginx fi confpath1=${confpath}/conf while [ ! -d "$confpath1" ] do myi18n "您输入路径${confpath1}不存在,请重新输入" shell_log "错误:您输入路径${confpath1}不存在,请重新输入" read -p ": " confpath if [ -z "$confpath" ] ;then confpath=/www/wdlinux/nginx fi confpath1=${confpath}/conf done temp=`find $confpath1 -maxdepth 1 -name 'nginx.conf'` while ([ -z $temp ] [ ! -f "$temp" ]) do myi18n "nginx安装路径不对,请重新输入" shell_log "错误:${confpath1} 路径下没有找到nginx.conf,请检查" echo read -p ": " confpath if [ -z $confpath ] ;then confpath=/www/wdlinux/nginx wdcp=y fi confpath1=${confpath}/conf temp=`find $confpath1 -maxdepth 1 -name 'nginx.conf'` done shell_log "信息:nginx配置文件路径 ${confpath1}" myi18n "是否一键移动nginx配置文件到/home/nginx目录下并创建好软连接" read -p "[y/n]: " conf_move while [[ ! $conf_move =~ ^[y,n]$ ]] do echo "input error! Please only input 'y' or 'n'" echo read -p "[y/n]: " conf_move done if [ "$conf_move" == 'y' ] ;then if [ ! -d "$homeconfpath" ];then mkdir -p $homeconfpath cp -rf ${confpath}/conf/* $homeconfpath cd $confpath mv conf/ conf-bak/ ln -sf $homeconfpath conf if [ "$wdcp" == 'y' ] ;then chown wdcpu.wdcpg $homeconfpath -R fi fi else homeconfpath=${confpath}/conf fi else echo myi18n "自动搜索到:nginx配置文件路径为 ${homeconfpath}" shell_log "信息:自动搜索到:nginx配置文件路径为 ${homeconfpath}" echo fi if [ -d "/www/wdlinux/nginx" ] ;then wdcp=y myi18n "使用wdcp环境,nginx版本为" /www/wdlinux/nginx/sbin/nginx -v 2>&1awk -F '/' '{print $2}' shell_log "信息:当前使用wdcp环境" fi shell_log "信息:nginx的vhost文件路径 ${homeconfpath}" homesslpath=/home/ssl [ ! -d "$homesslpath" ] && mkdir -p $homesslpath shell_log "信息:ssl证书存放路径 ${homesslpath}" pushd ${homeconfpath}/vhost/
myi18n "请输入需要安装证书站点绑定的域名,比如:www.test.com" myi18n "如果二级域名有绑定到其他站点,请使用www.test.com,不要输入顶级域名" read -p ": " domain while [ -z $domain ] do myi18n "域名不能为空,请重新输入。" echo read -p ": " domain done files=`grep -l " ${domain}" *.confawk 'NR==1{print}'sed 's/\.conf//'` if [ ! -n "$files" ] ;then echo echo ${domain} myi18n "关联站点,没有找到!" shell_log "警告:没有找到域名 ${domain} 对应配置文件" echo end 1 fi files1=${homeconfpath}/vhost/${files}.conf shell_log "信息:要部署域名 ${domain} 的配置文件是 ${files1}" sslfile=${homeconfpath}/vhost/${files}_ssl.conf if [ -f "$sslfile" ];then crt=`grep -E 'ssl_certificate' ${sslfile}awk -F 'ssl_certificate ' '{print $2}'awk 'NR==1{print}'sed 's/\;//'` key=`grep -E 'ssl_certificate_key' ${sslfile}awk -F 'ssl_certificate_key ' '{print $2}'sed 's/\;//'` if [ -f "$crt" ] && [ -f "$key" ];then echo echo ${domain} myi18n "关联站点证书已安装!" shell_log "警告:域名 ${domain} 已成功部署" echo end 1 fi echo echo ${domain} myi18n "关联站点ssl配置文件已存在,是否需要删除?" read -p "[y/n]: " ssl_check while [[ ! $ssl_check =~ ^[y,n]$ ]] do echo "input error! Please only input 'y' or 'n'" echo read -p "[y/n]: " ssl_check done if [ "$ssl_check" == 'y' ];then rm -rf $sslfile else echo echo ${domain} myi18n "已存在ssl配置文件,请核实后重新运行程序。" shell_log "警告:要部署域名 ${domain} 已存在部署后配置文件 ${sslfile}" end 1 fi fi temp12=`grep -E 'https://' ${files1}` if [ -n "$temp12" ] ;then echo echo ${domain} myi18n "对应配置文件存在301转向(return 301),是否需要删除?" read -p "[y/n]: " s_check while [[ ! $s_check =~ ^[y,n]$ ]] do echo "input error! Please only input 'y' or 'n'" echo read -p "[y/n]: " s_check done if [ "$s_check" == 'y' ];then sed -i '/^.*return.*301 https/d' $files1 else echo echo ${domain} myi18n "域名 ${domain} 对应配置文件${files}存在301转向,请先删除对应行" shell_log "警告:域名 ${domain} 对应配置文件${files}存在301转向,请先删除对应行" end 1 fi fi crt1=${homesslpath}/${domain}.crt key1=${homesslpath}/${domain}.key if [ ! -f "$crt1" ];then myi18n "我司申请在nginx上部署需要先合并,请输入y或者n?" read -p "[y/n]: " crt_yn while [[ ! $crt_yn =~ ^[y,n]$ ]] do echo "input error! Please only input 'y' or 'n'" echo read -p "[y/n]: " crt_yn done if [ "$crt_yn" == 'y' ] ;then myi18n "请输入cer证书路径,比如 /root/test.com.cer" myi18n "/root/test.com.cer" read -p "Please reinput crtpath1 : " crtpath1 while ([ -z "$crtpath1" ] [ ! -f "$crtpath1" ]) do myi18n "需要合并证书1不能为空或路径错误,请重新输入。" shell_log "警告:需要合并证书1 ${crtpath1} 为空或路径错误" echo read -p ": " crtpath1 done pathtemp=`echo $crtpath1awk -F '.cer' '{print $1}'` crtpath2temp=${pathtemp}_ca.crt keypathtemp=${pathtemp}.key echo $crtpath2temp echo $keypathtemp if [ ! -f "$crtpath2temp" ];then myi18n "/root/test.com_ca.crt" read -p "Please reinput crtpath2 : " crtpath2 while ([ -z "$crtpath2" ] [ ! -f "$crtpath2" ]) do myi18n "需要合并证书2不能为空或路径错误,请重新输入。" shell_log "警告:需要合并证书2 ${crtpath2} 为空或路径错误" echo read -p ": " crtpath2 done else crtpath2=$crtpath2temp echo myi18n "自动搜索到:域名 ${domain} 证书cacrt文件路径为 ${crtpath2temp}" myi18n "系统会自动补全合并为~/${domain}.crt" shell_log "自动搜索到:域名 ${domain} 证书cacrt文件路径为 ${crtpath2temp}" echo fi shell_log "信息:域名 ${domain} 需要合并证书1 ${crtpath1}" shell_log "信息:域名 ${domain} 需要合并证书2 ${crtpath2}" cat $crtpath1 $crtpath2 >> ~/$domain.crt crtpath=~/${domain}.crt else myi18n "请输入需要安装证书路径:eg /root/test.com.crt" read -p "Please reinput crtpath : " crtpath while ([ -z "$crtpath" ] [ ! -f "$crtpath" ]) do myi18n "crt证书路径不能为空或路径错误,请重新输入。" shell_log "警告:crt证书路径 ${crtpath} 为空或路径错误" echo read -p ": " crtpath done fi cp ${crtpath} ${homesslpath}/${domain}.crt else echo myi18n "自动搜索到:域名 ${domain} 证书crt文件路径为 ${homesslpath}/${domain}.crt" shell_log "信息:自动搜索到:域名 ${domain} 证书crt文件路径为 ${homesslpath}/${domain}.crt" echo fi if [ ! -f "$key1" ] ;then if [ ! -f "$keypathtemp" ] ;then myi18n "请输入需要安装证书路径:eg /root/test.com.key" read -p "Please reinput keypath : " keypath while ([ -z "$keypath" ] [ ! -f "$keypath" ]) do myi18n "key证书路径不能为空或路径错误,请重新输入。" shell_log "警告:key证书路径 ${keypath} 为空或路径错误" echo read -p ": " keypath done else keypath=$keypathtemp echo myi18n "自动搜索到:域名 ${domain} 证书key文件路径为 ${keypathtemp}" shell_log "自动搜索到:域名 ${domain} 证书key文件路径为 ${keypathtemp}" echo fi cp ${keypath} ${homesslpath}/${domain}.key else echo myi18n "自动搜索到:域名 ${domain} 证书key文件路径为 ${homesslpath}/${domain}.key" shell_log "信息:自动搜索到:域名 ${domain} 证书key文件路径为 ${homesslpath}/${domain}.key" echo fi shell_log "信息:域名 ${domain} 证书crt文件路径为 ${homesslpath}/${domain}.crt" shell_log "信息:域名 ${domain} 证书key文件路径为 ${homesslpath}/${domain}.key" cp ${files}".conf" ${homeconfpath}/vhost/${files}"_ssl.conf" shell_log "信息:域名 ${domain} 部署后 ssl配置文件为 ${homeconfpath}/${files}_ssl.conf" if [ "$wdcp" == 'y' ] ;then chown wdcpu.wdcpg * -R shell_log "信息:核实为wdcp环境,设置${homeconfpath} 所有者及所属组为wdcpu.wdcpg" fi
sed -i "s/80/443 ssl/g" ${sslfile} sed -i "/root/a\ ssl_certificate $crt1;" ${sslfile} sed -i "/ssl_certificate/a\ ssl_certificate_key $key1;" ${sslfile} sed -i "/ssl_certificate_key/a\ ssl_protocols TLSv1 TLSv1.1 TLSv1.2;" ${sslfile} sed -i "/ssl_protocols/a\ ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;" ${sslfile} myi18n "是否需要一键设置301转向,请输入y或者n?" read -p "[y/n]: " zx_yn while [[ ! $zx_yn =~ ^[y,n]$ ]] do echo "input error! Please only input 'y' or 'n'" echo read -p "[y/n]: " zx_yn done if [ "$zx_yn" == 'y' ] ;then myi18n "请输入跳转后地址比如:" read -p "${domain}: " server_name1 if [ -z $server_name1 ] ;then server_name1='$server_name' fi request_uri1='$request_uri' sed -i "/server_name/a\ return 301 https://$server_name1$request_uri1;" ${files1} shell_log "信息:域名 ${domain} 已设置301跳转到https://${server_name1}${request_uri1} ${files1}" fi service nginxd restart iptables -L -n grep -w dpt:80 >/dev/null if [ $? -eq 0 ] ;then iptables -L -n grep -w dpt:443 >/dev/null if [ $? -ne 0 ] ;then echo myi18n "正在放行443端口" echo sed -i "/dport 80 -j ACCEPT/a\-A INPUT -p tcp -m tcp --dport 443 -j ACCEPT" /etc/sysconfig/iptables service iptables restart else myi18n "核实已放行443端口" fi else myi18n "iptables服务似乎没有运行" fi curl -I https://${domain} echo echo ${domain} myi18n "关联站点证书已安装完成!" myi18n "证书文件存放/home/ssl,以域名方式命名。" echo myi18n "域名 ${domain} 证书crt文件路径为 ${homesslpath}/${domain}.crt" myi18n "域名 ${domain} 证书key文件路径为 ${homesslpath}/${domain}.key" echo cp -rf ${homeconfpath}/vhost /home/nginx-vhost-bak myi18n "同时已备份当前nginx配置文件到/home/nginx-vhost-bak" if [ "$wdcp" == 'y' ] ;then myi18n "如果使用wdcp环境,请不要登录wdcp切换web引擎,否则配置文件将被覆盖!" fi shell_log "信息:${domain} 关联站点证书已安装完成" pushd /root/ if [ "$wdcp" == 'y' ] && [ ! -d /www/wdlinux/nginx-1.10.2 ] ;then myi18n "核实nginx和openssl版本较低,若要通过苹果ats认证,请升级" function homemove(){ confpath=/www/wdlinux/nginx if [ "${homeconfpath}" == "/www/wdlinux/nginx/conf" ] ;then echo $homeconfpath; myi18n "不需要移动配置文件" else cp -rf ${confpath}/conf/* $homeconfpath cd $confpath mv conf/ conf-bak/ ln -sf $homeconfpath conf chown wdcpu.wdcpg $homeconfpath -R fi } read -p "[y/n]: " update while [[ ! $update =~ ^[y,n]$ ]] do echo "input error! Please only input 'y' or 'n'" echo read -p "[y/n]: " update done if [ "$update" == 'y' ];then wget http://downinfo.myhostadmin.net/wdcp/nginx_up.sh sh nginx_up.sh homemove shell_log "信息:核实为wdcp环境,已选择升级nginx和OpenSSL" fi fi shell_log "信息:脚本正常退出" shell_unlock
|