Scripts hinzugefügt

install.sh

@@ -90,6 +90,13 @@ cd ..
 make
 make install
 
+rm -rf /usr/local/nginx/nginx.conf
+cp nginx.conf /usr/local/nginx/
+mkdir -p /usr/local/nginx/snippets
+cp ssl-params.conf /usr/local/nginx/snippets/
+cp ngensite /usr/local/bin
+chmod +x /usr/local/bin/ngensite
+
 wget https://dl.clocxhd.de/scripts/nginx/nginx.service
 mv nginx.service /etc/systemd/system/
 systemctl daemon-reload
@@ -98,10 +105,13 @@ systemctl enable nginx
 git clone https://github.com/h5bp/server-configs-nginx.git /tmp/server-configs-nginx
 mv /tmp/server-configs-nginx/h5bp /usr/local/nginx/
 rm -rf /tmp/server-configs-nginx
+openssl dhparam -out /etc/ssl/certs/dhparam.pem 2048
 cd /usr/local/nginx
-rm -rf nginx.conf
+mkdir sites-available
+mkdir sites-enabled
 
 echo ""
 echo "----------------"
 echo "Installation abgeschlossen!"
 echo "Du kannst Nginx jetzt mit systemctl start nginx starten!"
+echo "Deine vHosts kannst du im Verzeichnis /usr/local/nginx/sites-available ablegen, und dann mit dem Befehl ngensite datei aktivieren!"

ngensite

@@ -0,0 +1,9 @@
+clear
+ln -s /usr/local/nginx/sites-available/$1 /usr/local/nginx/sites-enabled/
+echo "Erfolgreich:"
+echo ""
+ls -lh /usr/local/nginx/sites-enabled/ | grep $1
+echo ""
+ls /usr/local/nginx/sites-available/
+echo ""
+systemctl reload nginx

ssl-params.conf

@@ -0,0 +1,18 @@
+# from https://cipherli.st/
+# and https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html
+
+ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
+ssl_prefer_server_ciphers on;
+ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
+ssl_ecdh_curve secp384r1;
+ssl_session_cache shared:SSL:10m;
+ssl_session_tickets off;
+ssl_stapling on;
+ssl_stapling_verify on;
+resolver 208.67.222.222 8.8.4.4 valid=300s;
+resolver_timeout 5s;
+add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload";
+add_header X-Frame-Options DENY;
+add_header X-Content-Type-Options nosniff;
+
+ssl_dhparam /etc/ssl/certs/dhparam.pem;

test.sh

@@ -1,57 +0,0 @@
-lowercase(){
-    echo "$1" | sed "y/ABCDEFGHIJKLMNOPQRSTUVWXYZ/abcdefghijklmnopqrstuvwxyz/"
-}
-
-OS=`lowercase \`uname\``
-KERNEL=`uname -r`
-MACH=`uname -m`
-
-if [ "{$OS}" == "windowsnt" ]; then
-    OS=windows
-elif [ "{$OS}" == "darwin" ]; then
-    OS=mac
-else
-    OS=`uname`
-    if [ "${OS}" = "SunOS" ] ; then
-        OS=Solaris
-        ARCH=`uname -p`
-        OSSTR="${OS} ${REV}(${ARCH} `uname -v`)"
-    elif [ "${OS}" = "AIX" ] ; then
-        OSSTR="${OS} `oslevel` (`oslevel -r`)"
-    elif [ "${OS}" = "Linux" ] ; then
-        if [ -f /etc/redhat-release ] ; then
-            DistroBasedOn='RedHat'
-            DIST=`cat /etc/redhat-release |sed s/\ release.*//`
-            PSUEDONAME=`cat /etc/redhat-release | sed s/.*\(// | sed s/\)//`
-            REV=`cat /etc/redhat-release | sed s/.*release\ // | sed s/\ .*//`
-        elif [ -f /etc/SuSE-release ] ; then
-            DistroBasedOn='SuSe'
-            PSUEDONAME=`cat /etc/SuSE-release | tr "\n" ' '| sed s/VERSION.*//`
-            REV=`cat /etc/SuSE-release | tr "\n" ' ' | sed s/.*=\ //`
-        elif [ -f /etc/mandrake-release ] ; then
-            DistroBasedOn='Mandrake'
-            PSUEDONAME=`cat /etc/mandrake-release | sed s/.*\(// | sed s/\)//`
-            REV=`cat /etc/mandrake-release | sed s/.*release\ // | sed s/\ .*//`
-        elif [ -f /etc/debian_version ] ; then
-            DistroBasedOn='Debian'
-            DIST=`cat /etc/lsb-release | grep '^DISTRIB_ID' | awk -F=  '{ print $2 }'`
-            PSUEDONAME=`cat /etc/lsb-release | grep '^DISTRIB_CODENAME' | awk -F=  '{ print $2 }'`
-            REV=`cat /etc/lsb-release | grep '^DISTRIB_RELEASE' | awk -F=  '{ print $2 }'`
-        fi
-        if [ -f /etc/UnitedLinux-release ] ; then
-            DIST="${DIST}[`cat /etc/UnitedLinux-release | tr "\n" ' ' | sed s/VERSION.*//`]"
-        fi
-        OS=`lowercase $OS`
-        DistroBasedOn=`lowercase $DistroBasedOn`
-        readonly OS
-        readonly DIST
-        readonly DistroBasedOn
-        readonly PSUEDONAME
-        readonly REV
-        readonly KERNEL
-        readonly MACH
-    fi
-
-fi
-
-echo ${DIST}