proxy

#!/bin/bash

domain=$1
url=$2

# Check if args passed
if [ -z "$1" ]
then
#  Ask for domain name
  echo "Domain name:"
    read domain

fi

if [ -z "$2" ]
then
#  Ask for domain name
  echo "URL:"
    read url

fi

# Install nginx
sudo apt update
sudo apt install nginx -y

# Setup NGINX config
printf "server {
  listen 80;
  listen [::]:80;
  server_name $domain *.$domain;
  proxy_ssl_server_name on;
  location / {
    proxy_set_header X-Real-IP \$remote_addr;
    proxy_pass $url;
    }

    listen 443 ssl;
    ssl_certificate /etc/ssl/$domain.crt;
    ssl_certificate_key /etc/ssl/$domain.key;
}" > /etc/nginx/sites-available/$domain
sudo ln -s /etc/nginx/sites-available/$domain /etc/nginx/sites-enabled/$domain

#generate ssl certificate
openssl req -x509 -newkey rsa:4096 -sha256 -days 365 -nodes \
  -keyout cert.key -out cert.crt -extensions ext  -config \
  <(echo "[req]";
    echo distinguished_name=req;
    echo "[ext]";
    echo "keyUsage=critical,digitalSignature,keyEncipherment";
    echo "extendedKeyUsage=serverAuth";
    echo "basicConstraints=critical,CA:FALSE";
    echo "subjectAltName=DNS:$domain,DNS:*.$domain";
    ) -subj "/CN=*.$domain"

# Print TLSA record and store in file in case of lost output
echo "Add this TLSA Record to your DNS:"
echo -n "3 1 1 " && openssl x509 -in cert.crt -pubkey -noout | openssl pkey -pubin -outform der | openssl dgst -sha256 -binary | xxd  -p -u -c 32

sudo mv cert.key /etc/ssl/$domain.key
sudo mv cert.crt /etc/ssl/$domain.crt

# Restart to apply config file
sudo systemctl restart nginx