bash-nginx-auto-proxypass

#!/bin/bash

# Author Simon Cirstoiu

# Ask for user input for domain, IP, website location, location, and certificate validity years
read -p "Enter domain: " domain
read -p "Enter IP: " ip
read -p "Enter website location: " website_location
read -p "Enter certificate validity years: " validity_years

# Use strong security ciphers and TLS
security_options="ssl_protocols TLSv1.2 TLSv1.3; ssl_ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256; ssl_prefer_server_ciphers on; ssl_session_timeout 1d; ssl_session_cache shared:SSL:50m; ssl_session_tickets off;"

# Create self-signed certificate and save it to /etc/ssl/$domain
openssl req -x509 -newkey rsa:4096 -sha256 -nodes -keyout /etc/ssl/$domain-privkey.pem -out /etc/ssl/$domain-cert.pem -days $validity_years -subj "/CN=$domain"

# Create nginx config and save it to /etc/nginx/sites-enabled/$domain.conf
cat > /etc/nginx/sites-enabled/$domain.conf <<EOF
server {
    listen 80;
    server_name $domain;
    return 301 https://\$server_name\$request_uri;
}

server {
    listen 443 ssl http2;
    server_name $domain;

    root $website_location;
    index index.html index.htm;

    $security_options
    ssl_certificate /etc/ssl/$domain-cert.pem;
    ssl_certificate_key /etc/ssl/$domain-privkey.pem;

    location $website_location {
        proxy_pass http://$ip;
        proxy_set_header Host \$host;
        proxy_set_header X-Real-IP \$remote_addr;
        proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto \$scheme;
    }
}
EOF

# Check if nginx config is valid before restarting the service
if nginx -t; then
  service nginx restart
else
  echo "Error: nginx config is not valid"
fi