ditatompel/nginx-kickstart

Fork 0

A bash script that helped me install Nginx + GeoIP module from official repository and optionally compile VTS module on FRESH Debian or Ubuntu system.

kickstart nginx nginx-configuration nginx-vts

Shell 50.1%
Nginx 49.9%

Find a file

ditatompel fe73351341 Add WARNING that downtime can't be avoided when upgrading Nginx Also add action runner badge to the README.		2024-06-07 23:00:49 +07:00
.github/workflows	Change the test name	2024-06-07 23:00:19 +07:00
etc/nginx	Adding information about dhparam.pem cert	2024-05-14 20:19:30 +07:00
.gitattributes	Make Nginx config detectable	2024-04-26 17:11:34 +07:00
.gitignore	Adding the install script	2024-04-23 14:06:23 +00:00
kickstart.sh	Not forcing upgrade	2024-06-07 22:10:05 +07:00
LICENSE	Adding license key: GPL20-LGPL2-AGPL3-GLWTS-WTFPL	2024-04-23 14:30:14 +00:00
README.md	Add WARNING that downtime can't be avoided when upgrading Nginx	2024-06-07 23:00:49 +07:00

README.md

Nginx Kickstart

A bash script that helped me install Nginx + GeoIP module (and optionally compile VTS module, with example config) on FRESH Debian or Ubuntu system.

NOTE: Only tested on Debian 12 and Ubuntu 22.04.

WARNING: DO NOT run this script if you:

Already have Nginx installed using distribution-provided package.

Have process that use port 80 and 443.

WARNING: Using a dynamic module with Nginx will prevent it from starting if there is an update (for example, from 1.26.0 to 1.26.1). In this case, downtime can't be avoided and you need to recompile the dynamic module again. To recompile the module, you can re-execute sudo ./kickstart.sh -V again.

What does this script do?

When you run the kickstart.sh script with -I option:

Update your system packages and install required packages.
Import official Nginx signing key to /usr/share/keyrings/nginx-archive-keyring.gpg.
Add Nginx apt repository to /etc/apt/sources.list.d/nginx.list.
Prioritize Nginx official packages over distribution-provided ones.
Install nginx and nginx-module-geoip.
Create "boilerplate" directory (/etc/nginx/{certs,sites-enabled,snippets}).
Generate self-signed certificate and DH Params key exchange.

When you run the kickstart.sh scipt with -V option:

Install required packages to compile Nginx VTS module (git, build-essential, libpcre3-dev, zlib1g-dev, and libssl-dev).
Download your current running Nginx version archive from https://nginx.org/download and place it to ./compile directory.
Clone vozlt/nginx-module-vts and compile the dynamic module.
Copy compiled VTS module to /etc/nginx/modules/ngx_http_vhost_traffic_status_module.so.
Restart nginx service

Usage

# Clone this repository
git clone https://github.com/ditatompel/nginx-kickstart.git && cd nginx-kickstart
# To install Nginx with GeoIP module
sudo ./kickstart.sh -I
# To compile Nginx VTS module
sudo ./kickstart.sh -V

If this is your first time running the script and don't have any existing Nginx configuration that you already set, you can simply copy files and directory under ./etc/nginx to your /etc/nginx directory by issuing this command:

sudo cp -rT ./etc/nginx /etc/nginx && \
    sudo /etc/nginx/cloudflare-ips.sh

By default, Nginx VTS module is not loaded, search for vhost_traffic_status keywords in ./etc/nginx/nginx.conf, ./etc/nginx/conf.d/default.conf, and ./etc/nginx/sites-available/example.local.conf and uncomment that configuration example.

If you following usage instruction above, your /etc/nginx directory structure should similar like this:

.
|-- cloudflare-ips.sh
|-- conf.d
|   `-- default.conf
|-- fastcgi_params
|-- mime.types
|-- modules -> /usr/lib/nginx/modules
|-- nginx.conf
|-- scgi_params
|-- sites-available
|   `-- example.local.conf
|-- sites-enabled
|-- snippets
|   |-- cloudflare_geoip_proxy.conf
|   |-- cloudflare_real_ips.conf
|   |-- cloudflare_whitelist.conf
|   `-- ssl-params.conf
|-- certs
|   |-- dhparam.pem
|   |-- fullchain.pem
|   `-- privkey.pem
`-- uwsgi_params

Attributions and Resources

nginx.org.
vozlt/nginx-module-vts: Nginx virtual host traffic status module.
itsjfx/cloudflare-nginx-ips.