Need help making a bash file for a plugin

Jason84

Member
Jan 18, 2016
5
0
1
NY USA
cPanel Access Level
Website Owner
Hello,
I have a plugin so that my server can use a nginx server and the plugin does work for none SSL sites. I am trying to get the nginx server to also handle the SSL connections but i ran in to a problem that i have to manually add the SSL.conf files. All i want to do is make a bash script so if a domain installs SSL or the autoSSL that it gets the key, cert and cabundle files for that giving domain and it makes a SSL.conf file for that domain for the nginx server.

Here is a copy of the SSL.conf file
Code:
# /**
#  * @version    1.7.2
#  * @package    Engintron for cPanel/WHM
#  * @author     Fotis Evangelou
#  * @url        https://engintron.com
#  * @copyright  Copyright (c) 2010 - 2016 Nuevvo Webware P.C. All rights reserved.
#  * @license    GNU/GPL license: http://www.gnu.org/copyleft/gpl.html
#  */

server {
  listen 443 ssl http2;
  server_name CHANGEME.com www.CHANGEME.com;

  ssl_certificate      /var/cpanel/ssl/installed/certs/CHANGEMESSL.crt;
  ssl_certificate_key  /var/cpanel/ssl/installed/keys/CHANGEMESSL.key;
  ssl_trusted_certificate /var/cpanel/ssl/installed/cabundles/CHANGEMESSL.cabundle;

  ssl_session_cache      shared:SSL:10m;
  ssl_session_timeout    60m;
  ssl_protocols  TLSv1 TLSv1.1 TLSv1.2;

  http2_max_field_size 16k;
  http2_max_header_size 32k;
  # mozilla recommended
  ssl_ciphers EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA256:EECDH+ECDSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA+SHA384:EECDH+AES128:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!RC4:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA:!CAMELLIA;
  ssl_prefer_server_ciphers   on;

  ssl_buffer_size 1369;
  ssl_session_tickets on;

	# deny all; # DO NOT REMOVE OR CHANGE THIS LINE - Used when Engintron is disabled to block Nginx from becoming an open proxy
	set $CONNECTION_TYPE https;
   	set $PROXY_TO_PORT 444;
	set $PROXY_DOMAIN_OR_IP $host;

	# Set custom rules like domain/IP exclusions or redirects here
	include custom_rules;

	location / {
		try_files $uri $uri/ @backend;
	}

	location @backend {
		include proxy_params_common;
		# === MICRO CACHING ===
		# Comment the following line to disable 1 second micro-caching for dynamic HTML content
		include proxy_params_dynamic;
	}

	# Enable browser cache for static content files (TTL is 1 hour)
	location ~* \.(?:json|xml|rss|atom)$ {
		include proxy_params_common;
		include proxy_params_static;
		expires 1h;
		add_header Pragma "public";
		add_header Cache-Control "public";
		add_header Vary "Accept-Encoding";
		access_log off;
	}

	# Enable browser cache for CSS / JS (TTL is 30 days)
	location ~* \.(?:css|js)$ {
		include proxy_params_common;
		include proxy_params_static;
		expires 30d;
		add_header Pragma "public";
		add_header Cache-Control "public";
		add_header Vary "Accept-Encoding";
		access_log off;
	}

	# Enable browser cache for media & document files (TTL is 60 days)
	location ~* \.(?:ico|jpg|jpeg|gif|png|bmp|webp|tiff|mp3|flac|ogg|mid|midi|wav|wma|mp4|mov|3gp|webm|mkv|ogv|wmv|zip|7z|tgz|gz|rar|bz2|tar|exe|pdf|doc|docx|xls|xlsx|ppt|pptx|rtf|odt|ods|odp)$ {
		include proxy_params_common;
		include proxy_params_static;
		expires 60d;
		add_header Pragma "public";
		add_header Cache-Control "public";
		access_log off;
	}

	# Enable browser cache for fonts & fix @font-face cross-domain restriction (TTL is 60 days)
	location ~* \.(eot|ttf|otf|woff|woff2|svg|svgz)$ {
		include proxy_params_common;
		include proxy_params_static;
		expires 60d;
		add_header Pragma "public";
		add_header Cache-Control "public";
		add_header Vary "Accept-Encoding";
		add_header Access-Control-Allow-Origin *;
		access_log off;
	}

	# Prevent logging of favicon and robot request errors
	location = /favicon.ico {
		include proxy_params_common;
		include proxy_params_static;
		expires 60d;
		add_header Pragma "public";
		add_header Cache-Control "public";
		access_log off;
		log_not_found off;
	}

	location = /robots.txt  {
		include proxy_params_common;
		include proxy_params_static;
		expires 1d;
		add_header Pragma "public";
		add_header Cache-Control "public";
		access_log off;
		log_not_found off;
	}

	location = /nginx_status {
		stub_status;
		access_log off;
		log_not_found off;
		# Uncomment the following 2 lines to make the Nginx status page private.
		# If you do this and you have Munin installed, graphs for Nginx will stop working.
		#allow 127.0.0.1;
		#deny all;
	}

	location = /whm-server-status {
		proxy_pass http://127.0.0.1:8080;
		# Comment the following 2 lines to make the Apache status page public
		allow 127.0.0.1;
		deny all;
	}

	# Deny access to hidden files
	location ~ /\.ht {
		deny all;
	}
}
All i need it to do is make that file and change a few thing to the info need.
Code:
server_name CHANGEME.com www.CHANGEME.com;
replace CHANGEME.com and www.CHANGEME.com with the domain name
Code:
ssl_certificate      /var/cpanel/ssl/installed/certs/CHANGEMESSL.crt;
replace it with the SSL cert path and file name.
Code:
ssl_certificate_key  /var/cpanel/ssl/installed/keys/CHANGEMESSL.key;
replace it with the SSL key path and file name.
Code:
ssl_trusted_certificate /var/cpanel/ssl/installed/cabundles/CHANGEMESSL.cabundle;
replace it with the SSL cabundle path and file name.

Then it saves the new SSL.conf file but the name would be domain.ssl.conf the domain would be the domain name for that SSL and would save the file in the /etc/nginx/conf.d folder and then execute service nginx restart command.

Can any one help me with this please?
 

Jason84

Member
Jan 18, 2016
5
0
1
NY USA
cPanel Access Level
Website Owner
I changed the SSL.conf to only need this in it
Code:
# /**
#  * @version    1.7.2
#  * @package    Engintron for cPanel/WHM
#  * @author     Fotis Evangelou
#  * @url        https://engintron.com
#  * @copyright  Copyright (c) 2010 - 2016 Nuevvo Webware P.C. All rights reserved.
#  * @license    GNU/GPL license: http://www.gnu.org/copyleft/gpl.html
#  */

server {
   listen 443 ssl http2;
  server_name CHANGEME.com www.CHANGEME.com;

  ssl_certificate      /var/cpanel/ssl/installed/certs/CHANGEMESSL.crt;
  ssl_certificate_key  /var/cpanel/ssl/installed/keys/CHANGEMESSL.key;
  ssl_trusted_certificate /var/cpanel/ssl/installed/cabundles/CHANGEMESSL.cabundle;
 
  include ssl_proxy_params_common;
}
So that it can be small and easy to have the server make the SSL.conf file but i don't know how to get the server to automatically make the conf file when a new SSL is uploaded to a website or update a existing SSL.conf file with the new SSL stuff.

Can anyone help me make a bash script that looks in the httpd.conf for the vhost that have SSL installed for the servername, SSL key, cert and cabundle information and it makes a SSL.conf for my nginx server?
 
Last edited:

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,904
2,218
463
Hello,

I recommend browsing to the "Development" tab in "WHM >> Tweak Settings" and enabling the following option:

Debug mode is on. The system displays information about every stage for every hookable event, even if no hooks exist for that stage.

Then, perform the specific actions via cPanel or WHM that you'd like to monitor or hook into, and review /usr/local/cpanel/logs/error_log when doing so to get a better idea of which API functions you'd need to hook into. You can then review the following document for information on getting started with standardized hooks:

Guide to Standardized Hooks - Software Development Kit - cPanel Documentation

You can find a list of system administration services on the following URL if you'd like someone to develop the script for you:

System Administration Services | cPanel Forums

Thank you.
 

Jason84

Member
Jan 18, 2016
5
0
1
NY USA
cPanel Access Level
Website Owner
That was not helpful and was not what i was looking for all i needed was a small bash script to look for the domains SSL info.

I end up getting the script from someone off github that it will copy the key and cert info to it own folder to be used in my nginx server.

I know it still needs work to make the ssl.conf file for my nginx this is a good start and i just have to finish editing the script so it adds the conf file to the nginx server.
Code:
#!/bin/bash

CHAINPATH='/etc/nginx/ssl/chain.pem';
CERTSPATH='/var/cpanel/ssl/installed/certs';
KEYSPATH='/var/cpanel/ssl/installed/keys';
CUSTOMCERTSPATH='/etc/nginx/ssl/certs';
CUSTOMKEYPATH='/etc/nginx/ssl/keys';

for domain in  `ls $CERTSPATH/*.crt`
do
 name=${domain#$CERTSPATH/};
 fqdn=${name::-60};
 key=${name::-48};
 cp   $KEYSPATH/${key#$fqdn'_'}_*.key $CUSTOMKEYPATH/$fqdn.key;
 awk NF $domain $CHAINPATH >> $CUSTOMCERTSPATH/$fqdn.crt;
 echo "ssl_certificate $CUSTOMCERTSPATH/$fqdn.crt;";
 echo "ssl_certificate_key $CUSTOMKEYPATH/$fqdn.key;";
 echo "";
done
 

Jason84

Member
Jan 18, 2016
5
0
1
NY USA
cPanel Access Level
Website Owner
Can someone help me with my bash script please.

I been working on this script to build a SSL.conf file for my nginx and also store a copy of the SSL key, cert and caboundle to it own folder. I want to change the "for" to look in the httpd.conf file for the ServerName, SSLCertificateFile, SSLCertificateKeyFile, and SSLCACertificateFile for the info and setting them to use their own variables like SAVERNAME, SSL1, SSL2 and SSL3 so they can be used to fill in the data that is needed.

Right now the "for" only looks in the cPanel installed SSL folders to get the SSL stuff but i know there has to be a way where i can just read the httpd.conf file to pull the info i need to add it to my nginx ssl.conf file.

Here is what i have so far and you will see the domain is missing because the SSL installed folders don't use the correct domain name like domain-name.com and it use a _ as a replacement for - and .

So far everything is working on getting the SSL stuff and making a copy of the SSL files but i need the domain names.

Code:
#!/bin/bash

CHAINPATH='/etc/nginx/ssl/chain.pem';
CUSTOMCERTSPATH='/etc/nginx/ssl/certs';
CUSTOMKEYPATH='/etc/nginx/ssl/keys';

CERTSPATH='/var/cpanel/ssl/installed/certs';
KEYSPATH='/var/cpanel/ssl/installed/keys';

for domain in  `ls $CERTSPATH/*.crt`
do
        name=${domain#$CERTSPATH/};
        fqdn=${name::-60};
        key=${name::-48};
        cp   $KEYSPATH/${key#$fqdn'_'}_*.key $CUSTOMKEYPATH/$fqdn.key;
        awk NF $domain $CHAINPATH >> $CUSTOMCERTSPATH/$fqdn.crt;

        REMOVEWWW="${fqdn//www_/}";
        GETTLD="${REMOVEWWW##*_}"

FILEDATA=$"# /**
#  * @version    1.7.2
#  * @package    Engintron for cPanel/WHM
#  * @author     Fotis Evangelou
#  * @url        https://engintron.com
#  * @copyright  Copyright (c) 2010 - 2016 Nuevvo Webware P.C. All rights reserved.
#  * @license    GNU/GPL license: http://www.gnu.org/copyleft/gpl.html
#  */

server {
        listen 443 ssl http2;
        server_name .$GETTLD www..$GETTLD;

        ssl_certificate      $CUSTOMCERTSPATH/$fqdn.crt;
        ssl_certificate_key  $CUSTOMKEYPATH/$fqdn.key;

        ssl_stapling on;
        ssl_stapling_verify on;
        ssl_trusted_certificate /var/cpanel/ssl/installed/cabundles/COMODO_CA_Limited_dbe3e9376d3359020526b6bc3f725c0f_1865548799.cabundle;

        include ssl_proxy_params_common;
}";
echo "$FILEDATA" > /etc/nginx/test/$REMOVEWWW.conf;
done
Here what i get when i do echo "$FILEDATA";

Code:
# /**
                #  * @version    1.7.2
                #  * @package    Engintron for cPanel/WHM
                #  * @author     Fotis Evangelou
                #  * @url        https://engintron.com
                #  * @copyright  Copyright (c) 2010 - 2016 Nuevvo Webware P.C. All rights reserved.
                #  * @license    GNU/GPL license: http://www.gnu.org/copyleft/gpl.html
                #  */

                server {
                        listen 443 ssl http2;
                        server_name .com www..com;

                        ssl_certificate      /etc/nginx/ssl/certs/www_world_war_event_com.crt;
                        ssl_certificate_key  /etc/nginx/ssl/keys/www_world_war_event_com.key;

                        ssl_stapling on;
                        ssl_stapling_verify on;
                        ssl_trusted_certificate /var/cpanel/ssl/installed/cabundles/COMODO_CA_Limited_dbe3e9376d3359020526b6bc3f725c0f_1865548799.cabundle;

                        include ssl_proxy_params_common;
                }
I know i can use
Code:
awk '/<\/VirtualHost>|ServerName|SSLCertificateFile|SSLCertificateKeyFile|SSLCACertificateFile / ' /usr/local/apache/conf/httpd.conf|grep -v '</VirtualHost>';
but i am not good at coding and learning as a go but when i run that code and use echo "$1"; it prints everything i don't know how to use it with a "for" and set the variables to be used.

I hope someone can help me and can understand what i am trying to do.
 
Last edited:

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,904
2,218
463
Hello,

We're happy to help provide you with references to API functions that you can implement in your script, or information about where specific data is stored, but help with the programming language itself isn't something we generally offer. You're likely to receive more user-feedback on coding practices on a website such as StackOverflow.

You may also want to reach out to the plugin developer you are using for Nginx to see why it's not working for SSL. This thread may also help if you are interested in different Nginx plugins:

Easyapache 4 + nginx

Thank you.