Ubuntu/Debian一键安装Nginx脚本
Updated
•2 min read
受xiaoz的一键nginx安装脚本(https://raw.githubusercontent.com/helloxz/nginx-cdn/master/nginx.sh)影响,但是其不支持ubuntu/debian,所以在其脚本的基础上改写并增加两一些安全机制。这个脚本将包括安装 SSL 证书、设置访问控制、添加身份验证等安全机制。
#!/bin/bash
# Function to get the public IP of the server
get_public_ip() {
PIP=$(curl -s ifconfig.me)
if [[ -n "$PIP" ]]; then
echo "Public IP: $PIP"
else
echo "Failed to get the public IP."
fi
}
# Function to detect the operating system
detect_os() {
if [[ -e /etc/debian_version ]]; then
OS="Debian"
elif [[ -e /etc/redhat-release ]]; then
OS="Red Hat"
else
OS=$(uname -s)
fi
echo "Detected OS: $OS"
}
# Function to install dependencies
install_dependencies() {
if [[ $OS == "Debian" ]]; then
apt-get update
apt-get install -y build-essential libpcre3 libpcre3-dev zlib1g zlib1g-dev openssl libssl-dev curl
elif [[ $OS == "Red Hat" ]]; then
yum update
yum install -y gcc gcc-c++ make pcre-devel zlib-devel openssl-devel curl
else
echo "Unsupported OS."
exit 1
fi
}
# Function to compile and install Nginx
compile_nginx() {
mkdir ~/nginx
cd ~/nginx
curl -O http://nginx.org/download/nginx-1.18.0.tar.gz
tar xzf nginx-1.18.0.tar.gz
cd nginx-1.18.0
./configure \
--sbin-path=/usr/local/sbin/nginx \
--conf-path=/etc/nginx/nginx.conf \
--error-log-path=/var/log/nginx/error.log \
--http-log-path=/var/log/nginx/access.log \
--with-pcre \
--with-http_ssl_module \
--with-http_realip_module \
--with-stream \
--with-stream_ssl_module
make
make install
}
# Function to configure the virtual host
configure_vhost() {
mkdir /etc/nginx/sites-available
mkdir /etc/nginx/sites-enabled
touch /etc/nginx/sites-available/forward-proxy
echo "
server {
listen 80;
server_name _;
return 301 https://\$host\$request_uri;
}
server {
listen 443 ssl;
server_name _;
ssl_certificate /etc/nginx/ssl/server.pem;
ssl_certificate_key /etc/nginx/ssl/server.key;
location / {
proxy_pass http://\$http_host;
proxy_set_header Host \$http_host;
proxy_set_header X-Real-IP \$remote_addr;
proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
auth_basic \"Username and Password Required\";
auth_basic_user_file /etc/nginx/.htpasswd;
}
}" > /etc/nginx/sites-available/forward-proxy
ln -s /etc/nginx/sites-available/forward-proxy /etc/nginx/sites-enabled/
}
# Function to set appropriate access permissions
set_access_permissions() {
chown -R root:root /etc/nginx
chmod -R 600 /etc/nginx
chmod 700 /etc/nginx/sites-enabled
}
# Function to generate SSL certificates
generate_ssl() {
mkdir /etc/nginx/ssl
cd /etc/nginx/ssl
openssl req -new -newkey rsa:4096 -days 3650 -nodes -x509 -subj "/C=US/ST=California/L=San Francisco/O=My Company/CN=proxy.example.com" -keyout server.key -out server.pem
}
# Function to add authentication for the forward proxy
add_authentication() {
touch /etc/nginx/.htpasswd
read -p "Enter username for the proxy: " USERNAME
htpasswd -c /etc/nginx/.htpasswd ${USERNAME}
}
# Main script
get_public_ip
detect_os
install_dependencies
compile_nginx
configure_vhost
set_access_permissions
generate_ssl
add_authentication
# Restart the Nginx service
/usr/local/sbin/nginx -t && systemctl restart nginx
请注意,在此脚本中,我添加了以下函数:
set_access_permissions():设置适当的访问权限。generate_ssl():生成 SSL 证书。add_authentication():添加身份验证。
在执行脚本之前,您需要根据需要修改以下参数:
CN=proxy.example.com:将proxy.example.com修改为您的服务器名称或 IP 地址。USERNAME:将代理身份验证的用户名修改为您选择的值。
执行脚本后,您的 Nginx SSL 转发代理将具有最佳安全性设置,并且只有授权的用户才能访问它。
275 views
