From 3fa0234b75da4332b683f8a267732ef59f745b63 Mon Sep 17 00:00:00 2001
From: m8in <m8in@gmx.de>
Date: Thu, 27 Nov 2025 21:25:40 +0100
Subject: [PATCH] Scripts for setting up nginx

---
 .../nginx/restartIfConfigurationIsValid.sh    |  7 +++
 script/host/nginx/setup.sh                    | 54 +++++++++++++++++++
 2 files changed, 61 insertions(+)
 create mode 100755 script/host/nginx/restartIfConfigurationIsValid.sh
 create mode 100755 script/host/nginx/setup.sh

diff --git a/script/host/nginx/restartIfConfigurationIsValid.sh b/script/host/nginx/restartIfConfigurationIsValid.sh
new file mode 100755
index 0000000..2656572
--- /dev/null
+++ b/script/host/nginx/restartIfConfigurationIsValid.sh
@@ -0,0 +1,7 @@
+#!/bin/bash
+
+nginx -t &> /dev/null \
+    && systemctl restart nginx.service \
+    && exit 0
+
+exit 1
diff --git a/script/host/nginx/setup.sh b/script/host/nginx/setup.sh
new file mode 100755
index 0000000..51e39a5
--- /dev/null
+++ b/script/host/nginx/setup.sh
@@ -0,0 +1,54 @@
+#!/bin/bash
+
+function main() {
+    local _SCRIPTPATH _DH_PATH _SELF_SIGNED_PATH
+    _SCRIPTPATH="$(cd -- "$(dirname "$0")" > /dev/null 2>&1; pwd -P)"
+    _DH_PATH="/etc/ssl/private"
+    _SELF_SIGNED_PATH="/etc/ssl/private"
+    readonly _SCRIPTPATH _DH_PATH _SELF_SIGNED_PATH
+
+    ! dpkg -s nginx > /dev/null 2>&1 \
+        && apt-get --yes install nginx-full \
+        && echo "Nginx erfolgreich installiert." \
+        || echo "Nginx ist bereits installiert."
+
+    ! dpkg -s openssl > /dev/null 2>&1 \
+        && apt-get --yes install openssl \
+        && echo "OpenSSL erfolgreich installiert." \
+        || echo "OpenSSL ist bereits installiert."
+
+    ! [ -f "${_DH_PATH}/dhparam4096.pem" ] \
+        && mkdir -p "${_DH_PATH}" \
+        && chmod go-rwx "${_DH_PATH}" \
+        && openssl dhparam -out "${_DH_PATH}/dhparam4096.pem" 4096 \
+        && echo "Diffie-Hellman-Parameters erfolgreich erstellt." \
+        || echo "Diffie-Hellman-Parameters bereits vorhanden."
+
+    ! [ -f "${_SELF_SIGNED_PATH}/selfsigned-private.key" ] \
+        && mkdir -p "${_SELF_SIGNED_PATH}" \
+        && chmod go-rwx "${_SELF_SIGNED_PATH}" \
+        && openssl req -x509 -days 36524 -nodes -newkey rsa:4096 \
+             -keyout "${_SELF_SIGNED_PATH}/selfsigned-private.key" \
+             -out "${_SELF_SIGNED_PATH}/selfsigned-fullchain.crt" \
+        && echo "Selbstsignierte Standardschlüssel erfolgreich erstellt." \
+        || echo "Selbstsignierte Standardschlüssel bereits vorhanden."
+
+#TODO Links erstellen
+#    [ -d "/etc/nginx/" ] \
+#        && cp "${_SCRIPTPATH}/etc_nginx_conf.d/"* "/etc/nginx/conf.d/" \
+#        && mkdir -p /etc/nginx/ssl-trusted \
+#        && cp "${_SCRIPTPATH}/etc_nginx_ssl-trusted/"* "/etc/nginx/ssl-trusted/" \
+#        && mkdir -p /var/www/letsencrypt/.well-known/acme-challenge \
+#        && echo "Basis-Konfiguration erfolgreich erstellt." \
+#        || echo "Basis-Konfiguration bereits vorhanden."
+
+    echo \
+        && echo "Nginx neu starten:" \
+        && nginx -t \
+        && systemctl restart nginx.service \
+        && return 0
+
+    return 1
+}
+
+main "$@" && exit 0 || exit 1