vars 5.8 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176
  1. #!/bin/bash
  2. #set -x
  3. if ! ${EXEC}; then exit; fi
  4. chmod_dir_web="0705" # chmod folder web
  5. chmod_file_web="0600" # chmod files web
  6. D1=$(bc <<< "60 * 60 * 24") # DO NOT TOUCH!
  7. D7=$(bc <<< "$D1 * 7") # DO NOT TOUCH!
  8. D30=$(bc <<< "$D1 * 30") # DO NOT TOUCH!
  9. dir_admin="${pwd}" # DO NOT TOUCH!
  10. dir_challenge=".well-known/acme-challenge"
  11. dir_dhparam="/srv/nginx/dhparam" # "jail" directory for dhparam key: change ONLY if you're sure!
  12. dir_htaccess=".ht" # just directory name where put file htpasswd
  13. dir_fpm_pool="/etc/php5/fpm/pool.d"
  14. dir_fpm_sock="/var/run/fpm" # directory for php-fpm socks
  15. dir_log_nginx="/var/log/nginx/error.log"
  16. dir_log_php="/var/log/php5-fpm.log"
  17. dir_logs_rotate="/etc/logrotate.d/"
  18. dir_nginx_cfg="/etc/nginx/cfg" # directory where put file config for domains
  19. dir_php_sessions="/var/lib/php/session"
  20. dir_samples="${pwd}/samples" # DO NOT TOUCH!
  21. dir_sites_available="/etc/nginx/sites-available"
  22. dir_sites_enabled="/etc/nginx/sites-enabled"
  23. dir_ssl_certs="/etc/ssl/certs" # directory to save SSL certificates
  24. dir_ssl_key="/etc/ssl/private" # directory to save SSL private keys
  25. dir_ssl_ticket="/srv/nginx/ssl" # "jail" directory for ssl_session_ticket: change ONLY if you're sure!
  26. dirs_to_domain=("config" "etc" "www" "logs" "stats" "tmp") # DO NOT TOUCH!
  27. dirs_to_phpfpm=("usr/share" "var/lib/php/session" "var/run/fpm") # DO NOT TOUCH!
  28. domain=""
  29. declare -a domains_actived
  30. email="" # ABSOLUTLY, set: email for configure SSL
  31. file_cfg_site="cfg.ini" # change ONLY if you're sure!
  32. file_help="Aide" # just filename Help: DO NOT TOUCH!
  33. file_htpasswd="" # just filename htpasswd: DO NOT TOUCH!
  34. file_logs_rotate_name="manage_domains_logs" ## DO NOT TOUCH!
  35. fpm_status_path="status" # just PHP FPM Status name
  36. group_web="www-data" # default group web
  37. home="/srv/www" # root for server web
  38. declare -a letsencrypt_names # DO NOT TOUCH!
  39. letsencrypt_names=('letsencrypt' 'Lukas' 'Neilpang') # diafigy
  40. declare -a letsencrypt_cmds # DO NOT TOUCH!
  41. declare -A letsencrypt_descriptions # DO NOT TOUCH!
  42. letsencrypt_descriptions["diafygi"]="Daniel Roesler::Acme-Tiny python"
  43. letsencrypt_descriptions["letsencrypt"]="Officiel Let's Encrypt"
  44. letsencrypt_descriptions["Lukas"]="Lukas::Acme Bash"
  45. letsencrypt_descriptions["Neilpang"]="Neilpang::Acme Bash"
  46. # key length: ec: ECDSA; others: RSA
  47. declare -a letsencrypt_lengths
  48. letsencrypt_lengths=("ec-384" "ec-256" '8192' '4096' '3072' '2048')
  49. declare -A letsencrypt_scripts # DO NOT TOUCH!
  50. letsencrypt_scripts["diafygi"]="acme_tiny.py"
  51. letsencrypt_scripts["letsencrypt"]="letsencrypt-auto"
  52. letsencrypt_scripts["Lukas"]="letsencrypt.sh"
  53. letsencrypt_scripts["Neilpang"]="acme.sh"
  54. declare -A letsencrypt_urls # DO NOT TOUCH!
  55. letsencrypt_urls["diafygi"]="https://github.com/diafygi/acme-tiny.git" # Daniel Roesler Acme Tiny python
  56. letsencrypt_urls["letsencrypt"]="https://github.com/letsencrypt/letsencrypt" # officiel client
  57. letsencrypt_urls["Lukas"]="https://github.com/lukas2511/letsencrypt.sh" # acme bash
  58. letsencrypt_urls["Neilpang"]="git clone https://github.com/Neilpang/acme.sh.git" # acme bash client, possible nosudo (oldier le client)
  59. letsencrypt_client="" # DO NOT TOUCH!
  60. letsencrypt_cmd="" # DO NOT TOUCH!
  61. letsencrypt_domains="" # DO NOT TOUCH!
  62. letsencrypt_email="" # DO NOT TOUCH!
  63. letsencrypt_exists=0 # DO NOT TOUCH!
  64. letsencrypt_url="" # DO NOT TOUCH!
  65. log_access="access.log"
  66. log_error="error.log"
  67. log_fpm_access="${domain}.access.log"
  68. log_fpm_slow="${domain}.slow.log"
  69. MENU_ARG=""
  70. MENU_CHOICE=""
  71. MENU_OPTION=""
  72. MENU_OTHER=""
  73. declare -A MENU_MAIN
  74. MENU_MAIN['create']='Création'
  75. MENU_MAIN['delete']='Suppression'
  76. MENU_MAIN['help']='Aide'
  77. MENU_MAIN['restart']='Redémarrage'
  78. MENU_MAIN['ssl']='Gestion SSL'
  79. MENU_MAIN['test']='Test Config'
  80. MENU_MAIN['view']='Vision Config'
  81. MENU_DESC=""
  82. declare -a menu_sellers # DO NOT TOUCH!
  83. menu_sellers=("Gandi" "StartSSL") # "CAcert" "Comodo" "Geotrust" "Symantec" "Thawte"
  84. declare -i nb_rand=255 # nb to use for randomize strings: 255 max!
  85. declare -i pm_max_children=7 # value default for pm.max_children
  86. declare -a script_dirs='("config" "samples" "scripts")'
  87. seller=""
  88. server_php="php5-fpm"
  89. server_web="nginx"
  90. server_web_http2=0 # DO NOT TOUCH!
  91. server_web_version="" # DO NOT TOUCH!
  92. server_web_maj=0 # DO NOT TOUCH: get maj version
  93. server_web_min=0 # DO NOT TOUCH: get min version
  94. ssl_algo="bf-cfb"
  95. ssl_condense="sha512"
  96. ssl_resolvers="173.246.98.1 213.167.229.1 127.0.0.1" # dns a, b, c
  97. declare -A ssl_algos_ecdsa
  98. ssl_algos_ecdsa['ec-256']='prime256v1'
  99. ssl_algos_ecdsa['ec-384']='secp384r1'
  100. ssl_algos_ecdsa['ec-512']='secp512p1'
  101. declare -i ssl_days=365 # SSL certificates days
  102. declare -i ssl_dh_length=4096 # SSL DHParam Length
  103. declare ssl_key_length=4096 # SSL key during (old: ssl_long_key)
  104. declare -i ssl_key_unprotected=0 # DO NOT MODIFIED !
  105. declare -i ssl_seconds=$(bc <<< "${ssl_days} * 24 * 60 * 60") # (old: ssl_long_seconds)
  106. declare -A SSLH_INFOS # DO NOT TOUCH!
  107. ssh_group=""
  108. ssh_shell="/usr/bin/mysecureshell" # DO NOT TOUCH!
  109. user=""
  110. user_log="adm" # default user admin log
  111. user_web="www-data" # default user web
  112. ###
  113. # binaries needed
  114. ###
  115. ll=$(which ls -al --color=auto)
  116. htpasswd=$(which htpasswd)
  117. nginx=$(which nginx)
  118. ossl=$(which openssl)
  119. ###
  120. # DO NOT TOUCH !!!
  121. ###
  122. NB_PARAMS=$#
  123. PARAMS=("$@");
  124. if [ -z "${PARAMS[0]}" ]; then MENU_CHOICE="create"
  125. else
  126. case "${PARAMS[0]}" in
  127. -c|create|-n|new) MENU_CHOICE="create" ;;
  128. -d|del) MENU_CHOICE="delete" ;;
  129. -h|-H|-\?) MENU_CHOICE="help" ;;
  130. -r) MENU_CHOICE="restart" ;;
  131. -s) MENU_CHOICE="ssl" ;;
  132. -t) MENU_CHOICE="test" ;;
  133. -v) MENU_CHOICE="view" ;;
  134. esac
  135. [ -n "${PARAMS[1]}" ] && MENU_OPTION="${PARAMS[1]}"
  136. [ -n "${PARAMS[2]}" ] && MENU_ARG="${PARAMS[2]}"
  137. [ -n "${PARAMS[3]}" ] && MENU_OTHER="${PARAMS[3]}"
  138. fi
  139. unset PARAMS
  140. [ "${MENU_CHOICE}" ] && MENU_DESC="${MENU_MAIN[${MENU_CHOICE}]}"