Add file 'README.nginx.exec-shell-script'.

2020-05-21 02:18:59 +02:00 · 2020-05-21 02:18:59 +02:00 · f386d7f60f
commit f386d7f60f
parent 3d83cfbb61
1 changed files with 149 additions and 0 deletions
--- a/README.nginx.exec-shell-script
+++ b/README.nginx.exec-shell-script
@ -0,0 +1,149 @@
+#!/usr/bin/bash
+
+#
+# Run script to enabel/disable recording using a webinterface
+# 
+# see: 
+#    https://stackoverflow.com/questions/22891148/nginx-how-to-run-a-shell-script-on-every-request
+
+WEBSITE_NAME="o30.oopen.de"
+DOCUMENT_ROOT="/var/www/$WEBSITE_NAME"
+
+# Install 'fcgiwrap'
+#
+apt-get install fcgiwrap
+
+# Create document root directory
+#
+if [[ ! -d "$DOCUMENT_ROOT" ]] ; then
+   mkdir "$DOCUMENT_ROOT"
+fi
+
+# Ceate script enable-recording.sh
+#
+cat <<EOF > ${DOCUMENT_ROOT}/enable-recording.sh
+#!/bin/sh
+# -*- coding: utf-8 -*-
+NAME=\`"Enable Recording"\`
+echo "Content-type:text/html\r\n"
+echo "<html><head>"
+echo "<title>\$NAME</title>"
+echo '<meta name="description" content="'\$NAME'">'
+echo '<meta name="keywords" content="'\$NAME'">'
+echo '<meta http-equiv="Content-type" content="text/html;charset=UTF-8">'
+echo '<meta name="ROBOTS" content="noindex">'
+echo "</head><body><pre>"
+sudo /usr/local/src/jitsi/jitsi_enable_recording.sh
+echo '&nbsp;<br />&nbsp;<br />
+   <form>
+      <input type="button" value="Go back!" onclick="history.back()">
+   </form>'
+echo "</pre></body></html>"
+EOF
+
+
+
+# Ceate script disable-recording.sh
+#
+cat <<EOF > ${DOCUMENT_ROOT}/disable-recording.sh
+#!/bin/sh
+# -*- coding: utf-8 -*-
+NAME=\`"Disable Recording"\`
+echo "Content-type:text/html\r\n"
+echo "<html><head>"
+echo "<title>\$NAME</title>"
+echo '<meta name="description" content="'\$NAME'">'
+echo '<meta name="keywords" content="'\$NAME'">'
+echo '<meta http-equiv="Content-type" content="text/html;charset=UTF-8">'
+echo '<meta name="ROBOTS" content="noindex">'
+echo "</head><body><pre>"
+sudo /usr/local/src/jitsi/jitsi_disable_recording.sh
+echo '&nbsp;<br />&nbsp;<br />
+   <form>
+      <input type="button" value="Go back!" onclick="history.back()">
+   </form>'
+echo "</pre></body></html>"
+EOF
+
+
+# Create NGINX configuration for site
+#
+cat <<EOF >> "/etc/nginx/sites-available/${WEBSITE_NAME}.conf"
+cat <<EOF >> "/root/${WEBSITE_NAME}.conf"
+# - ${WEBSITE_NAME}
+
+server {
+    listen 80;
+    listen [::]:80;
+    server_name ${WEBSITE_NAME};
+
+    return 301 https://\$host\$request_uri;
+}
+
+server {
+    listen 443 ssl http2;
+    listen [::]:443 ssl http2;
+    server_name ${WEBSITE_NAME};
+
+    # Include location directive for Let's Encrypt ACME Challenge
+    #
+    # Needed for (automated) updating certificate
+    #
+    include snippets/letsencrypt-acme-challenge.conf;
+
+    # Diffie-Hellman parameter for DHE ciphersuites, recommended 2048 bits
+    #
+    # To generate a dhparam.pem file, run in a terminal
+    #    openssl dhparam -dsaparam -out /etc/nginx/ssl/dhparam.pem 2048
+    #
+    ssl_dhparam /etc/nginx/ssl/dhparam.pem;
+
+    # Eable session resumption to improve https performance
+    ssl_session_cache shared:SSL:50m;
+    ssl_session_timeout 10m;
+    ssl_session_tickets off;
+
+    #ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; # omit SSLv3 because of POODLE
+    # omit SSLv3 because of POODLE
+    # omit  TLSv1 TLSv1.1
+    ssl_protocols TLSv1.2 TLSv1.3;
+
+    # ECDHE better than DHE (faster)  ECDHE & DHE GCM better than CBC (attacks on AES)
+    # Everything better than SHA1 (deprecated)
+    #
+    ssl_ciphers 'ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA';
+    ssl_prefer_server_ciphers on;
+
+    #ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
+    #ssl_prefer_server_ciphers on;
+    #ssl_ciphers "EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA256:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EDH+aRSA+AESGCM:EDH+aRSA+SHA256:EDH+aRSA:EECDH:!aNULL:!eNULL:!MEDIUM:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!RC4:!SEED";
+
+    add_header Strict-Transport-Security "max-age=31536000";
+
+    ssl_certificate /var/lib/dehydrated/certs/${WEBSITE_NAME}/fullchain.pem;
+    ssl_certificate_key /var/lib/dehydrated/certs/${WEBSITE_NAME}/privkey.pem;
+    ssl_trusted_certificate /var/lib/dehydrated/certs/${WEBSITE_NAME}/chain.pem;
+
+    root /var/www/o30.oopen.de;
+
+    # ssi on with javascript for multidomain variables in config.js
+    ssi on;
+    ssi_types application/x-javascript application/javascript;
+
+    index index.html index.htm;
+    error_page 404 /static/404.html;
+
+    autoindex on;
+
+   location ~ (\.sh)$ {
+      add_header Content-Type text/html;
+      gzip off;
+      root /var/www/\$server_name;
+      autoindex on;
+      fastcgi_pass unix:/var/run/fcgiwrap.socket;
+      include /etc/nginx/fastcgi_params;
+      fastcgi_param DOCUMENT_ROOT /var/www/\$server_name;
+      fastcgi_param SCRIPT_FILENAME /var/www/\$server_name\$fastcgi_script_name;
+   }
+}
+EOF