#!/bin/bash
sslInput(){
clear # 情况历史窗口记录
sslpem="/eisccn/ssl" ; echo "ssl https 证书存放路径: $sslpem "
mkdir -p $sslpem
# 说明:此脚本只适用于一个配置.conf文件单独一个网站模式。不支持一个配置文件多个网站情况
# 复制粘贴证书字符
echo "
#-------------- 写入 pem 后缀文件证书字符 ---------------------#
#----------------------------------------------------------------#
" > $sslpem/eisc.pem
echo "
#-------------- 写入 key 后缀密钥字符 ---------------------#
#----------------------------------------------------------------#
" > $sslpem/eisc.key
sed -i "/#/d" $sslpem/eisc.pem
sed -i "/#/d" $sslpem/eisc.key
# 删除#号行注释,保持原有字符
# 说明:pem存的是证书,key 存的是私钥(证书的密码)
}
sslInput
# ssl 字符写入
findNginxFile(){
nginxconf=`ps -aux | grep "nginx.conf" | grep master | awk -F"-c" '{print $2}'` ; echo "nginx配置文件为; $nginxconf"
nginxconfinc=$(cat $nginxconf | grep include | grep "*.conf" | awk -F" " '{print $2}'| sed "s/*.conf;//g" ); echo " 子站点目录为:$nginxconfinc"
nginxconfincfile=(`ls $nginxconfinc`) ; echo "nginx 子站点文件为: ${nginxconfincfile[*]}"
echo "#--------------------- 获取 nginx 子站点角标 --------------------#"
for((i=0;i<${#nginxconfincfile[*]};i++))
do
echo " ${nginxconfincfile[$i]} ------ 子站点对应角标 ---------> $i "
done
}
findNginxFile
# 查找nginx子站点
selectNginx(){
read -p "请输入子站点角标数字,进行指定子站点文件进行配置ssl证书: " jb ;
nginxwww="$nginxconfinc${nginxconfincfile[$jb]}"
echo "---------------------------- 选择的子站点 -------------------------------------
您输入角标 $jb ----> 选择了子站点: $nginxwww "
#--- 备份文件 ---#
file=""
if [ ! -e $nginxwww.bak ]; then # -e 判断文件存在;参考:Shell if 条件判断文件或目录
cp $nginxwww $nginxwww.bak
echo "已经备份 $nginxwww.bak "
else
echo "备份文件存在:$nginxwww.bak"
fi
}
selectNginx
# 选择nginx子站点,与备份
sslpz(){
pemhh=`cat -n $nginxwww| grep -w ssl_certificate` ; echo "证书内容: $pemhh"
NR=$(echo $pemhh | awk -F" " '{print $1}'); echo "证书内容行号:$NR"
if [ ${#pemhh} -lt 6 ]
then
sed -i "/listen/d" $nginxwww # 重新配置端口监听
echo " 该子站点没有配置过ssl证书 ,正在写入 ssl 框架 "
NR2=$( cat -n $nginxwww | grep -w server | awk -F" " '{print $1}' )
sed -i "$NR2 a \n \
#-------------- ssl 443 与监听linsten ------------#
listen 80; \n \
listen 443; \n \
ssl_certificate ; \n \
ssl_certificate_key ; \n \
#ssl on; \n \
ssl_session_timeout 5m; \n \
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4; \n \
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; \n \
ssl_prefer_server_ciphers on; \n \
#--------------------------------------# " $nginxwww
else
echo "往下配置"
fi
# 没有配置ssl证书情况下,重新获取信息
pemhh=`cat -n $nginxwww| grep -w ssl_certificate` ; echo "证书内容: $pemhh"
NR=$(echo $pemhh | awk -F" " '{print $1}'); echo "证书内容行号:$NR"
sed -i "$NR a ssl_certificate $sslpem/eisc.pem ; " $nginxwww
sed -i "$NR d" $nginxwww
pemhh=`cat -n $nginxwww| grep -w ssl_certificate_key` ; echo "证书内容: $pemhh"
NR=$(echo $pemhh | awk -F" " '{print $1}'); echo "证书内容行号:$NR"
sed -i "$NR a ssl_certificate_key $sslpem/eisc.key ; " $nginxwww
sed -i "$NR d" $nginxwww
}
sslpz
# 配置ssl 证书