\$NAME

#!/usr/bin/bash # # Run script to enabel/disable recording using a webinterface # # see: # https://stackoverflow.com/questions/22891148/nginx-how-to-run-a-shell-script-on-every-request WEBSITE_NAME="rec.video.faire-mobilitaet.de" DOCUMENT_ROOT="/var/www/$WEBSITE_NAME" # Install 'fcgiwrap' # apt-get install fcgiwrap # Create document root directory # if [[ ! -d "$DOCUMENT_ROOT" ]] ; then mkdir "$DOCUMENT_ROOT" fi # Ceate script enable-recording.sh # cat < ${DOCUMENT_ROOT}/enable-recording.sh #!/bin/sh # -*- coding: utf-8 -*- NAME=\`"Enable Recording"\` echo "Content-type:text/html\r\n" echo "" echo "\$NAME" echo '' echo '' echo '' echo '' echo "

"
sudo /usr/local/src/jitsi/jitsi_enable_recording.sh
echo ' 
 

   
      
   '
echo "

" EOF chmod 755 ${DOCUMENT_ROOT}/enable-recording.sh # Ceate script disable-recording.sh # cat < ${DOCUMENT_ROOT}/disable-recording.sh #!/bin/sh # -*- coding: utf-8 -*- NAME=\`"Disable Recording"\` echo "Content-type:text/html\r\n" echo "" echo "\$NAME" echo '' echo '' echo '' echo '' echo "

"
sudo /usr/local/src/jitsi/jitsi_disable_recording.sh
echo ' 
 

   
      
   '
echo "

" EOF chmod 755 ${DOCUMENT_ROOT}/disable-recording.sh # Create NGINX configuration for site # cat < "/etc/nginx/sites-available/${WEBSITE_NAME}.conf" # - ${WEBSITE_NAME} server { listen 80; listen [::]:80; server_name ${WEBSITE_NAME}; return 301 https://\$host\$request_uri; } server { listen 443 ssl http2; listen [::]:443 ssl http2; server_name ${WEBSITE_NAME}; root /var/www/${WEBSITE_NAME}; auth_basic "Video Admin Area"; auth_basic_user_file conf.d/.htpasswd-rec-video; # Include location directive for Let's Encrypt ACME Challenge # # Needed for (automated) updating certificate # include snippets/letsencrypt-acme-challenge.conf; # Diffie-Hellman parameter for DHE ciphersuites, recommended 2048 bits # # To generate a dhparam.pem file, run in a terminal # openssl dhparam -dsaparam -out /etc/nginx/ssl/dhparam.pem 2048 # ssl_dhparam /etc/nginx/ssl/dhparam.pem; # Eable session resumption to improve https performance ssl_session_cache shared:SSL:50m; ssl_session_timeout 10m; ssl_session_tickets off; #ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; # omit SSLv3 because of POODLE # omit SSLv3 because of POODLE # omit TLSv1 TLSv1.1 ssl_protocols TLSv1.2 TLSv1.3; # ECDHE better than DHE (faster) ECDHE & DHE GCM better than CBC (attacks on AES) # Everything better than SHA1 (deprecated) # ssl_ciphers 'ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-CCM8:ECDHE-ECDSA-AES128-CC:ECDHE-ECDSA-ARIA128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-CCM8:ECDHE-ECDSA-AES256-CCM:ECDHE-ECDSA-ARIA256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384'; ssl_prefer_server_ciphers off; add_header Strict-Transport-Security "max-age=31536000"; ssl_certificate /var/lib/dehydrated/certs/${WEBSITE_NAME}/fullchain.pem; ssl_certificate_key /var/lib/dehydrated/certs/${WEBSITE_NAME}/privkey.pem; ssl_trusted_certificate /var/lib/dehydrated/certs/${WEBSITE_NAME}/chain.pem; # ssi on with javascript for multidomain variables in config.js ssi on; ssi_types application/x-javascript application/javascript; index index.html index.htm; error_page 404 /static/404.html; autoindex on; location ~ (\.sh)$ { add_header Content-Type text/html; gzip off; root /var/www/\$server_name; autoindex on; fastcgi_pass unix:/var/run/fcgiwrap.socket; include /etc/nginx/fastcgi_params; fastcgi_param DOCUMENT_ROOT /var/www/\$server_name; fastcgi_param SCRIPT_FILENAME /var/www/\$server_name\$fastcgi_script_name; } } EOF ln -s ../sites-available/${WEBSITE_NAME}.conf /etc/nginx/sites-enabled/${WEBSITE_NAME}