From 83f5d36a00dbb60a1c8c3bd43a142c9ccf381608 Mon Sep 17 00:00:00 2001
From: fred <support@qo-op.com>
Date: Wed, 11 Aug 2021 21:20:05 +0200
Subject: [PATCH] tool creating nginx proxy with local port, then it could be
 ipfs p2p teleported

---
 .install/nvh/README.md             | 11 ++++
 .install/nvh/nvh.sh                | 99 ++++++++++++++++++++++++++++++
 .install/nvh/ssl-bloc-redirect.txt | 12 ++++
 .install/nvh/vhost.txt             | 23 +++++++
 4 files changed, 145 insertions(+)
 create mode 100644 .install/nvh/README.md
 create mode 100755 .install/nvh/nvh.sh
 create mode 100644 .install/nvh/ssl-bloc-redirect.txt
 create mode 100644 .install/nvh/vhost.txt

diff --git a/.install/nvh/README.md b/.install/nvh/README.md
new file mode 100644
index 0000000..8568e19
--- /dev/null
+++ b/.install/nvh/README.md
@@ -0,0 +1,11 @@
+# Create custom Nginx reverse proxy easily
+
+Create a reverse proxy for domain tata.toto.com go to port 80 of device 192.168.1.27, with auto-https and 443 redirection:
+`./nvh.sh tata.toto.com 192.168.1.27 80 ssl=1`
+
+Create a reverse proxy for my service on localhost on port 10010, no https:
+`./nvh.sh mylocalservice.fr 127.0.0.1 10010`
+
+TODO: Add option to configure a webserver, and option for php-fpm7.4 server
+
+enjoy
diff --git a/.install/nvh/nvh.sh b/.install/nvh/nvh.sh
new file mode 100755
index 0000000..00b98fd
--- /dev/null
+++ b/.install/nvh/nvh.sh
@@ -0,0 +1,99 @@
+#/bin/bash
+
+red=`tput setaf 1`
+green=`tput setaf 2`
+yellow=`tput setaf 3`
+bold=`tput bold`
+blue=`tput setaf 4`
+reset=`tput sgr0`
+
+MY_PATH="`dirname \"$0\"`"              # relative
+MY_PATH="`( cd \"$MY_PATH\" && pwd )`"  # absolutized and normalized
+
+sslRedir="$MY_PATH/ssl-bloc-redirect.txt"
+tplVHost="$MY_PATH/templates/vhost.txt"
+
+###
+# Get Arguments
+###
+	args="$@"
+	domain="$1"
+	ip="$2"
+	port="$3"
+
+parseArgs(){
+	i=0
+	for cmd in $args; do
+		arg[$i]=$cmd
+		[[ ${arg[$i]} =~ "domain=" ]] && domain=$(echo ${arg[$i]} | grep "\<domain=" | awk -F '=' '{ print $2 }')
+		[[ ${arg[$i]} =~ "ip=" ]] && ip=$(echo ${arg[$i]} | grep "\<ip=" | awk -F '=' '{ print $2 }')
+		[[ ${arg[$i]} =~ "port=" ]] && port=$(echo ${arg[$i]} | grep "\<port=" | awk -F '=' '{ print $2 }')
+		[[ ${arg[$i]} =~ "ssl=" ]] && ssl=$(echo ${arg[$i]} | grep "\<ssl=" | awk -F '=' '{ print $2 }')
+		((i++))
+	done
+}
+parseArgs
+
+newVHost="/etc/nginx/conf.d/$domain.conf"
+
+[[ $ip == "local" ]] && ip="127.0.0.1"
+
+addSSL(){
+	echo "${yellow}Création du certificat SSL pour $domain...${reset}"
+	sudo /usr/bin/certbot --nginx certonly -d $domain && echo "${green}Le certificat de $domain a bien été déployé${reset}" || echo "${red}Une erreur s'est produite lors de la création du certificat SSL${reset}"
+
+	sudo sed -i -e 's/listen 80;/listen 443 ssl;/' $newVHost
+	sudo sed -i -e '/includes\/errors.conf/i \\   listen [::]:443 ssl;\n   include includes/ssl.conf;' $newVHost
+	sudo sed -i -e '/error_log/i \\   ssl_certificate /etc/letsencrypt/live/$domain/fullchain.pem;\n   ssl_certificate_key /etc/letsencrypt/live/$domain/privkey.pem;\n' $newVHost
+	sudo cat $sslRedir | sudo tee -a $newVHost > /dev/null
+	sudo sed -i -e 's/$domain/'"$domain"'/g' $newVHost
+}
+
+if [[ -e $newVHost ]]; then
+	echo "${yellow}Le virtualhost existe déjà${reset}"
+	if [[ -z $(grep "ssl_certificate_key" $newVHost) ]]; then
+		echo "Certificat SSL non présent"
+		if [[ $ssl =~ ^(1|true|oui)$ ]]; then
+			echo "Installation du certificat SSL ..."
+			addSSL
+			sudo service nginx reload && echo "${green}Le domaine $domain à bien été créé et configuré =)${reset}" || echo "${red}Impossible de recharger nginx${reset}"
+			exit 0
+		else
+			echo "${yellow}Aucune action n'a été effectué${reset}"
+			exit 0
+		fi
+	else
+		echo "${yellow}Le SSL est déjà configuré sur le VHost${reset}"
+		exit 0
+	fi
+fi
+
+
+create_vhost(){
+	echo "${yellow}Génération du nouveau VirtualHost...${reset}"
+	sudo cp $tplVHost $newVHost
+	sudo sed -i -e 's/$_DOMAIN/'"$domain"'/g' $newVHost
+	sudo sed -i -e 's/$_IP/'"$ip"'/g' $newVHost
+	sudo sed -i -e 's/$_PORT/'"$port"'/g' $newVHost
+    if [[ $ssl =~ ^(1|true|oui)$ ]]; then
+        printf "${yellow}Configuration SSL du VHost...${reset}"
+        addSSL && echo "${green}OK${reset}" || echo "${red}KO${reset}"
+    else
+        echo "${yellow}Aucune configuration SSL ne sera effectué.${reset}"
+    fi
+	sudo service nginx reload && echo "${green}Le domaine $domain à bien été créé et configuré =)${reset}" || echo "${red}Impossible de recharger nginx${reset}"
+}
+
+echo "Nous allons créer le domaine ${blue}$domain ${reset}qui sera lié au port ${blue}$port ${reset}de l'IP ${blue}$ip.${reset}"
+if [[ $p2vmProvided != 1 ]]; then
+	read -p "${bold}Confirmez-vous cette action ?${reset} (${green}y${reset} ou ${red}n${reset}) : " yn
+	case $yn in
+		[Yy]* ) create_vhost break;;
+		[Nn]* ) echo "${red}Fermeture du script${reset}" && exit;;
+		* ) echo "Merci de sélectionner yes ou no";;
+	esac
+else
+	create_vhost
+fi
+
+exit 0
diff --git a/.install/nvh/ssl-bloc-redirect.txt b/.install/nvh/ssl-bloc-redirect.txt
new file mode 100644
index 0000000..3dc43fb
--- /dev/null
+++ b/.install/nvh/ssl-bloc-redirect.txt
@@ -0,0 +1,12 @@
+
+server {
+   listen 80;
+   server_name     $domain;
+   include includes/letsencrypt.conf;
+
+   if ($host = $domain) {
+       return 301 https://$host$request_uri;
+   }
+
+   return 404;
+}
diff --git a/.install/nvh/vhost.txt b/.install/nvh/vhost.txt
new file mode 100644
index 0000000..be0080d
--- /dev/null
+++ b/.install/nvh/vhost.txt
@@ -0,0 +1,23 @@
+upstream $domain {
+   server       192.168.9.$ipvm:$port;   #Production
+   #server      192.168.9.9;   #Redirection maintenance
+}
+
+server {
+   server_name    $domain;
+   listen 80;
+   include includes/errors.conf;
+
+   location / {
+      proxy_pass        http://$domain;
+      proxy_set_header  X-Real-IP  $remote_addr;
+      proxy_set_header  X-Forwarded-For $proxy_add_x_forwarded_for;
+      proxy_set_header  X-Forwarded-Proto https;
+      proxy_set_header  Host $http_host;
+      proxy_redirect    off;
+   }
+
+   error_log  /var/log/nginx/$domain_error.log;
+   access_log  /var/log/nginx/$domain_access.log;
+
+}