57 lines
1.3 KiB
Bash
Executable File
57 lines
1.3 KiB
Bash
Executable File
#!/bin/bash
|
|
|
|
DOMAIN="vault"
|
|
CERT_DIR="/etc/ssl/vaultwarden"
|
|
NGINX_SITE="/etc/nginx/sites-available/vaultwarden"
|
|
NGINX_LINK="/etc/nginx/sites-enabled/vaultwarden"
|
|
|
|
echo "🔧 Création du certificat auto-signé..."
|
|
|
|
# Créer le dossier pour les certificats
|
|
sudo mkdir -p $CERT_DIR
|
|
|
|
# Générer la clé privée et le certificat auto-signé
|
|
sudo openssl req -x509 -nodes -days 365 \
|
|
-subj "/CN=$DOMAIN" \
|
|
-newkey rsa:2048 \
|
|
-keyout $CERT_DIR/vaultwarden.key \
|
|
-out $CERT_DIR/vaultwarden.crt
|
|
|
|
echo "✅ Certificat généré dans $CERT_DIR"
|
|
|
|
echo "🧾 Configuration NGINX pour $DOMAIN..."
|
|
|
|
# Créer la config nginx
|
|
sudo tee $NGINX_SITE > /dev/null <<EOF
|
|
server {
|
|
listen 443 ssl;
|
|
server_name $DOMAIN;
|
|
|
|
ssl_certificate $CERT_DIR/vaultwarden.crt;
|
|
ssl_certificate_key $CERT_DIR/vaultwarden.key;
|
|
|
|
location / {
|
|
proxy_pass http://localhost:8080;
|
|
proxy_set_header Host \$host;
|
|
proxy_set_header X-Real-IP \$remote_addr;
|
|
proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto \$scheme;
|
|
}
|
|
}
|
|
|
|
server {
|
|
listen 80;
|
|
server_name $DOMAIN;
|
|
return 301 https://\$host\$request_uri;
|
|
}
|
|
EOF
|
|
|
|
# Activer le site
|
|
sudo ln -sf $NGINX_SITE $NGINX_LINK
|
|
|
|
# Redémarrer nginx
|
|
sudo nginx -t && sudo systemctl reload nginx
|
|
|
|
echo "✅ NGINX configuré avec HTTPS pour https://$DOMAIN"
|
|
|