Created
February 11, 2026 04:02
-
-
Save jenish-jadav/d7382c6ca992efb5307f769ac93eee8c to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Script to install nginx, configure domain, and enable HTTPS with certbot | |
| # Usage: sudo ./setup-nginx-ssl.sh | |
| set -e # Exit on error | |
| # Color codes for output | |
| RED=’\033[0;31m’ | |
| GREEN=’\033[0;32m’ | |
| YELLOW=’\033[1;33m’ | |
| NC=’\033[0m’ # No Color | |
| # Function to print colored output | |
| print_status() { | |
| echo -e “${GREEN}[✓]${NC} $1” | |
| } | |
| print_error() { | |
| echo -e “${RED}[✗]${NC} $1” | |
| } | |
| print_warning() { | |
| echo -e “${YELLOW}[!]${NC} $1” | |
| } | |
| # Check if running as root | |
| if [[ $EUID -ne 0 ]]; then | |
| print_error “This script must be run as root (use sudo)” | |
| exit 1 | |
| fi | |
| # Prompt for domain name | |
| read -p “Enter your domain name (e.g., example.com): “ DOMAIN | |
| if [ -z “$DOMAIN” ]; then | |
| print_error “Domain name cannot be empty” | |
| exit 1 | |
| fi | |
| # Prompt for email for certbot | |
| read -p “Enter your email address for SSL certificate notifications: “ EMAIL | |
| if [ -z “$EMAIL” ]; then | |
| print_error “Email address cannot be empty” | |
| exit 1 | |
| fi | |
| print_status “Starting setup for domain: $DOMAIN” | |
| # Update system packages | |
| print_status “Updating system packages…” | |
| apt update | |
| apt upgrade -y | |
| # Install nginx | |
| print_status “Installing nginx…” | |
| apt install -y nginx | |
| # Start and enable nginx | |
| systemctl start nginx | |
| systemctl enable nginx | |
| print_status “Nginx installed and started” | |
| # Create nginx server block configuration | |
| print_status “Creating nginx configuration for $DOMAIN” | |
| WEB_ROOT=”/var/www/html” | |
| cat > /etc/nginx/sites-available/$DOMAIN <<EOF | |
| server { | |
| listen 80; | |
| listen [::]:80; | |
| ``` | |
| server_name $DOMAIN; | |
| root $WEB_ROOT; | |
| index index.html index.htm index.php; | |
| location / { | |
| try_files \$uri \$uri/ =404; | |
| } | |
| # Security headers | |
| add_header X-Frame-Options "SAMEORIGIN" always; | |
| add_header X-Content-Type-Options "nosniff" always; | |
| add_header X-XSS-Protection "1; mode=block" always; | |
| # Logs | |
| access_log /var/log/nginx/$DOMAIN.access.log; | |
| error_log /var/log/nginx/$DOMAIN.error.log; | |
| ``` | |
| } | |
| EOF | |
| # Enable the site by creating symbolic link | |
| print_status “Enabling site configuration…” | |
| ln -sf /etc/nginx/sites-available/$DOMAIN /etc/nginx/sites-enabled/ | |
| # Remove default nginx site if it exists | |
| if [ -f /etc/nginx/sites-enabled/default ]; then | |
| rm /etc/nginx/sites-enabled/default | |
| print_status “Removed default nginx site” | |
| fi | |
| # Test nginx configuration | |
| print_status “Testing nginx configuration…” | |
| nginx -t | |
| # Reload nginx | |
| systemctl reload nginx | |
| print_status “Nginx configuration reloaded” | |
| # Install certbot | |
| print_status “Installing certbot…” | |
| apt install -y certbot python3-certbot-nginx | |
| # Obtain SSL certificate | |
| print_status “Obtaining SSL certificate from Let’s Encrypt…” | |
| print_warning “Make sure your domain $DOMAIN points to this server’s IP address!” | |
| read -p “Press Enter to continue or Ctrl+C to cancel…” | |
| certbot –nginx -d $DOMAIN –non-interactive –agree-tos –email $EMAIL –redirect | |
| # Check certbot status | |
| if [ $? -eq 0 ]; then | |
| print_status “SSL certificate successfully obtained and configured!” | |
| else | |
| print_error “Failed to obtain SSL certificate” | |
| print_warning “Please check that your domain DNS is properly configured” | |
| exit 1 | |
| fi | |
| # Set up auto-renewal | |
| print_status “Setting up automatic certificate renewal…” | |
| systemctl enable certbot.timer | |
| systemctl start certbot.timer | |
| # Test auto-renewal | |
| print_status “Testing certificate auto-renewal…” | |
| certbot renew –dry-run | |
| # Display status | |
| echo “” | |
| echo “======================================” | |
| print_status “Setup completed successfully!” | |
| echo “======================================” | |
| echo “” | |
| echo “Domain: $DOMAIN” | |
| echo “Web Root: $WEB_ROOT” | |
| echo “Nginx Config: /etc/nginx/sites-available/$DOMAIN” | |
| echo “SSL Certificate: Enabled via Let’s Encrypt” | |
| echo “” | |
| echo “Your site should now be accessible at:” | |
| echo “ https://$DOMAIN” | |
| echo “” | |
| echo “Certificate will auto-renew via systemd timer” | |
| echo “Check renewal timer status: systemctl status certbot.timer” | |
| echo “” | |
| # Display nginx status | |
| systemctl status nginx –no-pager -l |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment