diff --git a/nginx-docker/configs/sites-enabled/pi.hole.conf b/nginx-docker/configs/sites-enabled/pi.hole.conf deleted file mode 100644 index b5aa8fb..0000000 --- a/nginx-docker/configs/sites-enabled/pi.hole.conf +++ /dev/null @@ -1,29 +0,0 @@ -server { - listen 443 ssl; - listen [::]:443 ssl; - include snippets/cert_pi.hole.conf; - include snippets/ssl-params.conf; - - server_name pi.hole; - root /tmp/NOEXIST; - access_log /var/log/nginx/dns.access.log; - - location / { - include snippets/proxy_forward.conf; - proxy_pass http://pihole-frontend; - } - location /admin/ { - include snippets/proxy_forward.conf; - proxy_pass http://pihole-frontend; - } -} - - -server { - listen 80; - listen [::]:80; - - server_name pi.hole; - - return 301 https://$server_name$request_uri; -} \ No newline at end of file diff --git a/nginx-docker/configs/snippets/cert_pi.hole.conf b/nginx-docker/configs/snippets/cert_pi.hole.conf deleted file mode 100644 index 6025827..0000000 --- a/nginx-docker/configs/snippets/cert_pi.hole.conf +++ /dev/null @@ -1,2 +0,0 @@ -ssl_certificate /etc/ssl/certs/pi.hole.crt; -ssl_certificate_key /etc/ssl/private/pi.hole.key; \ No newline at end of file diff --git a/nginx-docker/templates/DOMAIN.conf.template b/nginx-docker/templates/DOMAIN.conf.template index f347081..d2453d0 100644 --- a/nginx-docker/templates/DOMAIN.conf.template +++ b/nginx-docker/templates/DOMAIN.conf.template @@ -1,6 +1,6 @@ server { - listen 443 ssl; - listen [::]:443 ssl; + listen 443 ssl default_server; + listen [::]:443 ssl default_server; include snippets/cert_DOMAIN.conf; include snippets/ssl-params.conf; @@ -22,14 +22,5 @@ server { include snippets/proxy_forward.conf; proxy_pass http://dns-backend/dns-query; } -} - -server { - listen 80; - listen [::]:80; - - server_name DOMAIN; - - return 301 https://$server_name$request_uri; } \ No newline at end of file diff --git a/nginx-docker/templates/HOST_IP.conf.template b/nginx-docker/templates/HOST_IP.conf.template deleted file mode 100644 index 4196788..0000000 --- a/nginx-docker/templates/HOST_IP.conf.template +++ /dev/null @@ -1,35 +0,0 @@ -server { - listen 443 ssl default_server; - listen [::]:443 ssl default_server; - include snippets/cert_HOST_IP.conf; - include snippets/ssl-params.conf; - - server_name HOST_IP; - root /tmp/NOEXIST; - access_log /var/log/nginx/dns.access.log; - - location / { - include snippets/proxy_forward.conf; - proxy_pass http://pihole-frontend; - } - - location /admin/ { - include snippets/proxy_forward.conf; - proxy_pass http://pihole-frontend; - } - - location /dns-query { - include snippets/proxy_forward.conf; - proxy_pass http://dns-backend/dns-query; - } -} - - -server { - listen 80 default_server; - listen [::]:80 default_server; - - server_name HOST_IP; - - return 301 https://$server_name$request_uri; -} \ No newline at end of file diff --git a/nginx-docker/templates/cert_HOST_IP.conf.template b/nginx-docker/templates/cert_HOST_IP.conf.template deleted file mode 100644 index ca21fe3..0000000 --- a/nginx-docker/templates/cert_HOST_IP.conf.template +++ /dev/null @@ -1,2 +0,0 @@ -ssl_certificate /etc/ssl/certs/HOST_IP.crt; -ssl_certificate_key /etc/ssl/private/HOST_IP.key; \ No newline at end of file diff --git a/nginx-docker/templates/dns-over-tls.conf.template b/nginx-docker/templates/dns-over-tls.conf.template index b8c4522..a5b92b3 100644 --- a/nginx-docker/templates/dns-over-tls.conf.template +++ b/nginx-docker/templates/dns-over-tls.conf.template @@ -1,7 +1,7 @@ server { listen 853 ssl; - include snippets/cert_HOST_IP.conf; + include snippets/cert_DOMAIN.conf; ssl_dhparam /etc/nginx/dhparam.pem; ssl_protocols TLSv1.2 TLSv1.3; diff --git a/nginx-docker/templates/http_redirect.conf.template b/nginx-docker/templates/http_redirect.conf.template new file mode 100644 index 0000000..56a95da --- /dev/null +++ b/nginx-docker/templates/http_redirect.conf.template @@ -0,0 +1,6 @@ +server { + listen 80 default_server; + listen [::]:80 default_server; + + return 301 https://DOMAIN$request_uri; +} \ No newline at end of file diff --git a/setup.sh b/setup.sh index 109f779..8acd530 100755 --- a/setup.sh +++ b/setup.sh @@ -258,35 +258,8 @@ fi # Auto create nginx conf files echo "INFO! Checking for nginx configuration files" -# Conf files based on HOST_IP -if ! [ -f nginx-docker/configs/sites-enabled/"${HOST_IP}".conf ] || echo "${FRESH}" | grep -q 'y'; then - if ! cp nginx-docker/templates/HOST_IP.conf.template nginx-docker/configs/sites-enabled/"${HOST_IP}".conf; then - echo "ERROR! 'HOST_IP.conf.template' could not be copied." - exit_err - fi - if ! sed -i s/HOST_IP/"${HOST_IP}"/g nginx-docker/configs/sites-enabled/"${HOST_IP}".conf; then - echo "ERROR! '${HOST_IP}.conf' copy could not be modified." - exit_err - fi - echo "SUCCESS! Created '${HOST_IP}.conf' file." -else - echo "SUCCESS! Found '${HOST_IP}.conf' file." -fi -if [ -f nginx-docker/configs/snippets/cert_"${HOST_IP}".conf ] || echo "${FRESH}" | grep -q 'y'; then - if ! cp nginx-docker/templates/cert_HOST_IP.conf.template nginx-docker/configs/snippets/cert_"${HOST_IP}".conf; then - echo "ERROR! 'cert_HOST_IP.conf.template' could not be copied." - exit_err - fi - if ! sed -i s/HOST_IP/"${HOST_IP}"/g nginx-docker/configs/snippets/cert_"${HOST_IP}".conf; then - echo "ERROR! 'cert_${HOST_IP}.conf' copy could not be modified." - exit_err - fi - echo "SUCCESS! Created 'cert_${HOST_IP}.conf' file." -else - echo "SUCCESS! Found 'cert_${HOST_IP}.conf' file." -fi #Conf files based on DOMAIN -if [ -f nginx-docker/configs/sites-enabled/"${DOMAIN}".conf ] || echo "${FRESH}" | grep -q 'y'; then +if ! [ -f nginx-docker/configs/sites-enabled/"${DOMAIN}".conf ] || echo "${FRESH}" | grep -q 'y'; then if ! cp nginx-docker/templates/DOMAIN.conf.template nginx-docker/configs/sites-enabled/"${DOMAIN}".conf; then echo "ERROR! 'DOMAIN.conf.template' could not be copied." exit_err @@ -299,7 +272,7 @@ if [ -f nginx-docker/configs/sites-enabled/"${DOMAIN}".conf ] || echo "${FRESH}" else echo "SUCCESS! Found '${DOMAIN}.conf' file." fi -if [ -f nginx-docker/configs/snippets/cert_"${DOMAIN}".conf ] || echo "${FRESH}" | grep -q 'y'; then +if ! [ -f nginx-docker/configs/snippets/cert_"${DOMAIN}".conf ] || echo "${FRESH}" | grep -q 'y'; then if ! cp nginx-docker/templates/cert_DOMAIN.conf.template nginx-docker/configs/snippets/cert_"${DOMAIN}".conf; then echo "ERROR! 'cert_DOMAIN.conf' could not be copied." exit_err @@ -312,13 +285,27 @@ if [ -f nginx-docker/configs/snippets/cert_"${DOMAIN}".conf ] || echo "${FRESH}" else echo "SUCCESS! Found 'cert_${DOMAIN}.conf' file." fi +# Conf file for HTTP redirect +if ! [ -f nginx-docker/configs/sites-enabled/http_redirect.conf ] || echo "${FRESH}" | grep -q 'y'; then + if ! cp nginx-docker/templates/http_redirect.conf.template nginx-docker/configs//sites-enabled/http_redirect.conf; then + echo "ERROR! 'http_redirect.conf.template' could not be copied." + exit_err + fi + if ! sed -i s/DOMAIN/"${DOMAIN}"/g nginx-docker/configs//sites-enabled/http_redirect.conf; then + echo "ERROR! 'http_redirect.conf' copy could not be modified." + exit_err + fi + echo "SUCCESS! Created 'http_redirect.conf' file." +else + echo "SUCCESS! Found 'http_redirect.conf' file." +fi # Conf file for DoT -if [ -f nginx-docker/configs/streams/dns-over-tls.conf ] || echo "${FRESH}" | grep -q 'y'; then +if ! [ -f nginx-docker/configs/streams/dns-over-tls.conf ] || echo "${FRESH}" | grep -q 'y'; then if ! cp nginx-docker/templates/dns-over-tls.conf.template nginx-docker/configs/streams/dns-over-tls.conf; then echo "ERROR! 'dns-over-tls.conf.template' could not be copied." exit_err fi - if ! sed -i s/HOST_IP/"${HOST_IP}"/g nginx-docker/configs/streams/dns-over-tls.conf; then + if ! sed -i s/DOMAIN/"${DOMAIN}"/g nginx-docker/configs/streams/dns-over-tls.conf; then echo "ERROR! 'dns-over-tls.conf' copy could not be modified." exit_err fi @@ -329,7 +316,6 @@ fi echo "SUCCESS! nginx configuration finished." -# TODO: verify the need for 3 crt/key # Check for certificates and keys echo "INFO! Checking for SSL certificates and keys" CERT_COUNT=0 @@ -348,14 +334,14 @@ do fi done -if (( CERT_COUNT < 3)) || (( KEY_COUNT < 3 )); then +if (( CERT_COUNT < 1)) || (( KEY_COUNT < 1 )); then echo "ERROR! Add at least one certificate to 'certificates/certs/' and the matching key to " \ - "'certificates/' for pi.hole, your HOSTNAME and the server's IP. Then restart the script." + "'certificates/' for your DOMAIN. Then restart the script." exit_err elif ! (( CERT_COUNT = KEY_COUNT )); then echo "WARNING! There is an uneven amount of certificates and keys." else - echo "SUCCESS! Found SSL certificates and keys" + echo "SUCCESS! Found SSL certificate and key." fi