virtubox
/
ubuntu-nginx-web-server
mirror of https://github.com/VirtuBox/ubuntu-nginx-web-server
1
0
Fork 0
Code Issues Releases Wiki Activity

ufw and few improvements

This commit is contained in:
VirtuBox 2018-10-19 16:04:15 +02:00
parent 59622e765d
commit 355af98664
1 changed files with 179 additions and 193 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

372
init.sh
View File

@ -13,7 +13,7 @@ CGREEN="${CSI}1;32m"
##################################
EXTPLORER_VER="2.1.10"
REPO_PATH=/tmp/ubuntu-nginx-web-server
REPO_PATH=$HOME/ubuntu-nginx-web-server
##################################
# Check if user is root
@ -33,31 +33,22 @@ clear
##################################
echo ""
echo "Welcome to ubuntu-nginx-web-server install script."
echo "Welcome to ubuntu-nginx-web-server setup script."
echo ""
if [ -d /etc/ee ] && [ -d /etc/mysql ] && [ -d /etc/nginx ]; then
echo "Previous EasyEngine install detected"
fi
##################################
# Menu
##################################
echo "#####################################"
echo "Security"
echo " Warning "
echo "#####################################"
echo "This script will only allow ssh connection with ssh-keys"
echo "Make sure you have properly installed your public key in $HOME/.ssh/authorized_keys"
echo "#####################################"
echo ""
echo "Do you currently use default SSH port 22 ? (y/n)"
while [[ $ssh_port_default != "y" && $ssh_port_default != "n" ]]; do
read -p "Select an option [y/n]: " ssh_port_default
done
echo ""
if [ $ssh_port_default = "y" ]; then
echo "What custom SSH port do you want to use instead of 22 ?"
read -p "Select a port between 1024 & 65536 : " ssh_port_select
echo ""
else
echo "What custom SSH port are you using ?"
read -p "Select your custom SSH port : " ssh_port_select
echo ""
fi
sleep 1
if [ ! -d /etc/mysql ]; then
echo "#####################################"
@ -95,46 +86,50 @@ if [ ! -d /etc/mysql ]; then
fi
sleep 1
fi
echo ""
echo "#####################################"
echo "Nginx"
echo "#####################################"
echo ""
echo "Do you want to compile the latest Nginx Mainline [1] or Stable [2] Release ?"
while [[ $NGINX_RELEASE != "1" && $NGINX_RELEASE != "2" ]]; do
read -p "Select an option [1-2]: " NGINX_RELEASE
done
echo ""
echo "Do you want Ngx_Pagespeed ? (y/n)"
while [[ $PAGESPEED != "y" && $PAGESPEED != "n" ]]; do
read -p "Select an option [y/n]: " PAGESPEED
done
echo ""
echo "Do you want NAXSI WAF (still experimental)? (y/n)"
while [[ $NAXSI != "y" && $NAXSI != "n" ]]; do
read -p "Select an option [y/n]: " NAXSI
export $NAXSI
done
echo ""
echo "Do you want RTMP streaming module ?"
while [[ $RTMP != "y" && $RTMP != "n" ]]; do
read -p "Select an option [y/n]: " RTMP
export $RTMP
done
if [ ! -d /etc/nginx ]; then
echo ""
echo "#####################################"
echo "Nginx"
echo "#####################################"
echo ""
echo "Do you want to compile the latest Nginx Mainline [1] or Stable [2] Release ?"
while [[ $NGINX_RELEASE != "1" && $NGINX_RELEASE != "2" ]]; do
read -p "Select an option [1-2]: " NGINX_RELEASE
done
echo ""
echo "Do you want Ngx_Pagespeed ? (y/n)"
while [[ $PAGESPEED != "y" && $PAGESPEED != "n" ]]; do
read -p "Select an option [y/n]: " PAGESPEED
done
echo ""
echo "Do you want NAXSI WAF (still experimental)? (y/n)"
while [[ $NAXSI != "y" && $NAXSI != "n" ]]; do
read -p "Select an option [y/n]: " NAXSI
done
echo ""
echo "Do you want RTMP streaming module ?"
while [[ $RTMP != "y" && $RTMP != "n" ]]; do
read -p "Select an option [y/n]: " RTMP
done
fi
sleep 1
echo ""
echo "#####################################"
echo "PHP"
echo "#####################################"
echo "Do you want php7.1-fpm ? (y/n)"
while [[ $phpfpm71_install != "y" && $phpfpm71_install != "n" ]]; do
read -p "Select an option [y/n]: " phpfpm71_install
done
echo ""
echo "Do you want php7.2-fpm ? (y/n)"
while [[ $phpfpm72_install != "y" && $phpfpm72_install != "n" ]]; do
read -p "Select an option [y/n]: " phpfpm72_install
done
if [ ! -f /etc/php/7.1/fpm/php.ini ]; then
echo "Do you want php7.1-fpm ? (y/n)"
while [[ $phpfpm71_install != "y" && $phpfpm71_install != "n" ]]; do
read -p "Select an option [y/n]: " phpfpm71_install
done
echo ""
fi
if [ ! -f /etc/php/7.2/fpm/php.ini ]; then
echo "Do you want php7.2-fpm ? (y/n)"
while [[ $phpfpm72_install != "y" && $phpfpm72_install != "n" ]]; do
read -p "Select an option [y/n]: " phpfpm72_install
done
fi
if [ ! -d /etc/proftpd ]; then
echo ""
echo "#####################################"
@ -160,75 +155,10 @@ echo "##########################################"
echo " Updating Packages"
echo "##########################################"
apt-get update
apt-get upgrade -y
apt-get autoremove -y --purge
apt-get autoclean -y
##################################
# Secure SSH server
##################################
# download secure sshd_config
wget -O /etc/ssh/sshd_config https://virtubox.github.io/ubuntu-nginx-web-server/files/etc/ssh/sshd_config
# change ssh default port
sudo sed -i "s/Port 22/Port $ssh_port_select/" /etc/ssh/sshd_config
# restart ssh service
service ssh restart
##################################
# UFW
##################################
echo "##########################################"
echo " Configuring UFW"
echo "##########################################"
if [ ! -d /etc/ufw ]; then
apt-get install ufw -y
fi
# define firewall rules
ufw logging low
ufw default allow outgoing
ufw default deny incoming
# allow required ports
ufw allow 22
ufw allow $ssh_port_select
ufw allow 53
ufw allow http
ufw allow https
ufw allow 123
# dhcp client
ufw allow 68
# dhcp ipv6 client
ufw allow 546
# rsync
ufw allow 873
# easyengine backend
ufw allow 22222
# optional for monitoring
# SNMP UDP port
#ufw allow 161
# Netdata web interface
#ufw allow 1999
# Librenms linux agent
#ufw allow 6556
# Zabbix-agent
#ufw allow 10050
sudo apt-get update
sudo apt-get upgrade -y
sudo apt-get autoremove -y --purge
sudo apt-get autoclean -y
##################################
# Useful packages
@ -238,27 +168,99 @@ echo "##########################################"
echo " Installing useful packages"
echo "##########################################"
apt-get install haveged curl git unzip zip fail2ban htop nload nmon ntp gnupg gnupg2 wget pigz tree ccze -y
sudo apt-get install haveged curl git unzip zip fail2ban htop nload nmon ntp gnupg gnupg2 wget pigz tree ccze -y
# ntp time
systemctl enable ntp
sudo systemctl enable ntp
# increase history size
export HISTSIZE=10000
##################################
# clone repository
##################################
echo "##########################################"
echo "###########################################"
echo " Cloning Ubuntu-nginx-web-server repository"
echo "###########################################"
if [ ! -d $HOME/ubuntu-nginx-web-server ]; then
git clone https://github.com/VirtuBox/ubuntu-nginx-web-server.git $HOME/ubuntu-nginx-web-server
fi
##################################
# Secure SSH server
##################################
# get current ssh port
CURRENT_SSH_PORT=$(grep "Port" /etc/ssh/sshd_config | awk -F " " '{print $2}')
# download secure sshd_config
sudo cp -f $HOME/ubuntu-nginx-web-server/etc/ssh/sshd_config /etc/ssh/sshd_config
# change ssh default port
sudo sed -i "s/Port 22/Port $CURRENT_SSH_PORT/" /etc/ssh/sshd_config
# restart ssh service
sudo service ssh restart
##################################
# ufw
##################################
echo "##########################################"
echo " Configuring ufw"
echo "##########################################"
cd /tmp || exit
rm -rf /tmp/ubuntu-nginx-web-server
git clone https://github.com/VirtuBox/ubuntu-nginx-web-server.git
if [ ! -d /etc/ufw ]; then
sudo apt-get install ufw -y
fi
# define firewall rules
sudo ufw logging low
sudo ufw default allow outgoing
sudo ufw default deny incoming
# allow required ports
if [ "$CURRENT_SSH_PORT" = "22" ]; then
sudo ufw allow 22
else
sudo ufw allow $CURRENT_SSH_PORT
fi
# dns
sudo ufw allow 53
# nginx
sudo ufw allow http
sudo ufw allow https
# ntp
sudo ufw allow 123
# dhcp client
sudo ufw allow 68
# dhcp ipv6 client
sudo ufw allow 546
# rsync
sudo ufw allow 873
# easyengine backend
sudo ufw allow 22222
# optional for monitoring
# SNMP UDP port
#sudo ufw allow 161
# Netdata web interface
#sudo ufw allow 1999
# Librenms linux agent
#sudo ufw allow 6556
# Zabbix-agent
#sudo ufw allow 10050
##################################
# Sysctl tweaks + open_files limits
@ -267,10 +269,9 @@ echo "##########################################"
echo " Applying Linux Kernel tweaks"
echo "##########################################"
sudo modprobe tcp_htcp
cp -f $REPO_PATH/etc/sysctl.d/60-ubuntu-nginx-web-server.conf /etc/sysctl.d/60-ubuntu-nginx-web-server.conf
sysctl -e -p /etc/sysctl.d/60-ubuntu-nginx-web-server.conf
cp -f $REPO_PATH/etc/security/limits.conf /etc/security/limits.conf
sudo cp -f $REPO_PATH/etc/sysctl.d/60-ubuntu-nginx-web-server.conf /etc/sysctl.d/60-ubuntu-nginx-web-server.conf
sudo sysctl -e -p /etc/sysctl.d/60-ubuntu-nginx-web-server.conf
sudo cp -f $REPO_PATH/etc/security/limits.conf /etc/security/limits.conf
# Redis transparent_hugepage
echo never >/sys/kernel/mm/transparent_hugepage/enabled
@ -278,32 +279,30 @@ echo never >/sys/kernel/mm/transparent_hugepage/enabled
# disable ip forwarding if docker is not installed
if [ ! -x /usr/bin/docker ]; then
echo "" >> /etc/sysctl.d/60-ubuntu-nginx-web-server.conf
echo "# Disables packet forwarding" >> /etc/sysctl.d/60-ubuntu-nginx-web-server.conf
echo "net.ipv4.ip_forward = 0" >> /etc/sysctl.d/60-ubuntu-nginx-web-server.conf
echo "net.ipv4.conf.all.forwarding = 0" >> /etc/sysctl.d/60-ubuntu-nginx-web-server.conf
echo "net.ipv4.conf.default.forwarding = 0" >> /etc/sysctl.d/60-ubuntu-nginx-web-server.conf
echo "net.ipv6.conf.all.forwarding = 0" >> /etc/sysctl.d/60-ubuntu-nginx-web-server.conf
echo "net.ipv6.conf.default.forwarding = 0" >> /etc/sysctl.d/60-ubuntu-nginx-web-server.conf
echo "" >>/etc/sysctl.d/60-ubuntu-nginx-web-server.conf
echo "# Disables packet forwarding" >>/etc/sysctl.d/60-ubuntu-nginx-web-server.conf
echo "net.ipv4.ip_forward = 0" >>/etc/sysctl.d/60-ubuntu-nginx-web-server.conf
echo "net.ipv4.conf.all.forwarding = 0" >>/etc/sysctl.d/60-ubuntu-nginx-web-server.conf
echo "net.ipv4.conf.default.forwarding = 0" >>/etc/sysctl.d/60-ubuntu-nginx-web-server.conf
echo "net.ipv6.conf.all.forwarding = 0" >>/etc/sysctl.d/60-ubuntu-nginx-web-server.conf
echo "net.ipv6.conf.default.forwarding = 0" >>/etc/sysctl.d/60-ubuntu-nginx-web-server.conf
fi
# additional systcl configuration with network interface name
# get network interface names like eth0, ens18 or eno1
# for each interface found, add the following configuration to sysctl
NET_INTERFACES_LIST=$( ls /sys/class/net | grep -E "/(?:veth(.*))|eth(.*)|ens(.*)|eno(.*)/")
NET_INTERFACES_LIST=$(ls /sys/class/net | grep -E "/(?:veth(.*))|eth(.*)|ens(.*)|eno(.*)/")
for NET_INTERFACE in $NET_INTERFACES_LIST; do
echo "" >> /etc/sysctl.d/60-ubuntu-nginx-web-server.conf
echo "# do not autoconfigure IPv6 on $NET_INTERFACE" >> /etc/sysctl.d/60-ubuntu-nginx-web-server.conf
echo "net.ipv6.conf.$NET_INTERFACE.autoconf = 0" >> /etc/sysctl.d/60-ubuntu-nginx-web-server.conf
echo "net.ipv6.conf.$NET_INTERFACE.accept_ra = 0" >> /etc/sysctl.d/60-ubuntu-nginx-web-server.conf
echo "net.ipv6.conf.$NET_INTERFACE.accept_ra = 0" >> /etc/sysctl.d/60-ubuntu-nginx-web-server.conf
echo "net.ipv6.conf.$NET_INTERFACE.autoconf = 0" >> /etc/sysctl.d/60-ubuntu-nginx-web-server.conf
echo "net.ipv6.conf.$NET_INTERFACE.accept_ra_defrtr = 0" >> /etc/sysctl.d/60-ubuntu-nginx-web-server.conf
echo "" >>/etc/sysctl.d/60-ubuntu-nginx-web-server.conf
echo "# do not autoconfigure IPv6 on $NET_INTERFACE" >>/etc/sysctl.d/60-ubuntu-nginx-web-server.conf
echo "net.ipv6.conf.$NET_INTERFACE.autoconf = 0" >>/etc/sysctl.d/60-ubuntu-nginx-web-server.conf
echo "net.ipv6.conf.$NET_INTERFACE.accept_ra = 0" >>/etc/sysctl.d/60-ubuntu-nginx-web-server.conf
echo "net.ipv6.conf.$NET_INTERFACE.accept_ra = 0" >>/etc/sysctl.d/60-ubuntu-nginx-web-server.conf
echo "net.ipv6.conf.$NET_INTERFACE.autoconf = 0" >>/etc/sysctl.d/60-ubuntu-nginx-web-server.conf
echo "net.ipv6.conf.$NET_INTERFACE.accept_ra_defrtr = 0" >>/etc/sysctl.d/60-ubuntu-nginx-web-server.conf
done
##################################
# Add MariaDB 10.3 repository
##################################
@ -315,11 +314,14 @@ if [[ "$mariadb_server_install" == "y" || "$mariadb_client_install" == "y" ]]; t
echo " Adding MariaDB $mariadb_version_install repository"
echo "##########################################"
bash <(wget -qO - https://downloads.mariadb.com/MariaDB/mariadb_repo_setup) --mariadb-server-version=$mariadb_version_install --skip-maxscale -y
apt-get update
wget -qO mariadb_repo_setup https://downloads.mariadb.com/MariaDB/mariadb_repo_setup
chmod +x mariadb_repo_setup
./mariadb_repo_setup --mariadb-server-version=$mariadb_version_install --skip-maxscale -y
rm mariadb_repo_setup
sudo apt-get update
fi
fi
##################################
@ -336,15 +338,15 @@ if [ "$mariadb_server_install" = "y" ]; then
# generate random password
MYSQL_ROOT_PASS=$(date +%s | sha256sum | base64 | head -c 32)
export DEBIAN_FRONTEND=noninteractive # to avoid prompt during installation
sudo debconf-set-selections <<<"mariadb-server-$mariadb_version_install mysql-server/root_password password $MYSQL_ROOT_PASS"
sudo debconf-set-selections <<<"mariadb-server-$mariadb_version_install mysql-server/root_password_again password $MYSQL_ROOT_PASS"
# install mariadb server
DEBIAN_FRONTEND=noninteractive apt-get install -qq mariadb-server # -qq implies -y --force-yes
export DEBIAN_FRONTEND=noninteractive # to avoid prompt during installation
sudo debconf-set-selections <<<"mariadb-server-${mariadb_version_install} mysql-server/root_password password ${MYSQL_ROOT_PASS}"
sudo debconf-set-selections <<<"mariadb-server-${mariadb_version_install} mysql-server/root_password_again password ${MYSQL_ROOT_PASS}"
# install mariadb server
DEBIAN_FRONTEND=noninteractive apt-get install -qq mariadb-server # -qq implies -y --force-yes
# save credentials in .my.cnf and copy it in /etc/mysql/conf.d for easyengine
sudo bash -c 'echo -e "[client]\nuser = root" > $HOME/.my.cnf'
echo "password = $MYSQL_ROOT_PASS" >>$HOME/.my.cnf
cp $HOME/.my.cnf /etc/mysql/conf.d/my.cnf
cp -f $HOME/.my.cnf /etc/mysql/conf.d/my.cnf
## mysql_secure_installation non-interactive way
mysql -e "GRANT ALL PRIVILEGES on *.* to 'root'@'localhost' IDENTIFIED BY '$MYSQL_ROOT_PASS' WITH GRANT OPTION;"
@ -373,7 +375,6 @@ if [ "$mariadb_server_install" = "y" ]; then
# LOG_FILE_SIZE=$(( $AVAILABLE_MEMORY / 16000 ))
# LOG_BUFFER_SIZE=$(( $AVAILABLE_MEMORY / 8000 ))
# sudo sed -i "s/innodb_buffer_pool_size = 2G/innodb_buffer_pool_size = $BUFFER_POOL_SIZE\\M/" /etc/mysql/my.cnf
# sudo sed -i "s/innodb_log_file_size = 256M/innodb_log_file_size = $LOG_FILE_SIZE\\M/" /etc/mysql/my.cnf
# sudo sed -i "s/innodb_log_buffer_size = 512M/innodb_log_buffer_size = $LOG_BUFFER_SIZE\\M/" /etc/mysql/my.cnf
@ -431,7 +432,6 @@ if [ ! -x /usr/local/bin/ee ]; then
fi
##################################
# EasyEngine stacks install
##################################
@ -450,7 +450,6 @@ ee stack install
# install php7, redis, easyengine backend & phpredisadmin
ee stack install --php7 --redis --admin --phpredisadmin
##################################
# Fix phpmyadmin install
##################################
@ -480,17 +479,16 @@ usermod -s /bin/bash www-data
if [ ! -f /etc/bash_completion.d/wp-completion.bash ]; then
# download wp-cli bash-completion
wget -qO /etc/bash_completion.d/wp-completion.bash https://raw.githubusercontent.com/wp-cli/wp-cli/master/utils/wp-completion.bash
sudo wget -qO /etc/bash_completion.d/wp-completion.bash https://raw.githubusercontent.com/wp-cli/wp-cli/master/utils/wp-completion.bash
fi
if [ ! -f /var/www/.profile ] && [ ! -f /var/www/.bashrc ]; then
# create .profile & .bashrc for www-data user
cp -f $REPO_PATH/var/www/.profile /var/www/.profile
cp -f $REPO_PATH/var/www/.bashrc /var/www/.bashrc
# set www-data as owner
chown www-data:www-data /var/www/.profile
chown www-data:www-data /var/www/.bashrc
sudo chown www-data:www-data /var/www/.profile
sudo chown www-data:www-data /var/www/.bashrc
fi
# install nanorc for www-data
@ -506,14 +504,13 @@ if [ "$phpfpm71_install" = "y" ]; then
echo " Installing php7.1-fpm"
echo "##########################################"
apt-get install php7.1-fpm php7.1-cli php7.1-zip php7.1-opcache php7.1-mysql php7.1-mcrypt php7.1-mbstring php7.1-json php7.1-intl \
php7.1-gd php7.1-curl php7.1-bz2 php7.1-xml php7.1-tidy php7.1-soap php7.1-bcmath -y php7.1-xsl -y
sudo apt-get install php7.1-fpm php7.1-cli php7.1-zip php7.1-opcache php7.1-mysql php7.1-mcrypt php7.1-mbstring php7.1-json php7.1-intl \
php7.1-gd php7.1-curl php7.1-bz2 php7.1-xml php7.1-tidy php7.1-soap php7.1-bcmath -y php7.1-xsl -y
# copy php7.1 config files
sudo cp -rf $REPO_PATH/etc/php/7.1/* /etc/php/7.1/
sudo service php7.1-fpm restart
fi
##################################
@ -525,12 +522,12 @@ if [ "$phpfpm72_install" = "y" ]; then
echo " Installing php7.2-fpm"
echo "##########################################"
apt-get install php7.2-fpm php7.2-xml php7.2-bz2 php7.2-zip php7.2-mysql php7.2-intl php7.2-gd \
php7.2-curl php7.2-soap php7.2-mbstring php7.2-xsl php7.2-bcmath -y
sudo apt-get install php7.2-fpm php7.2-xml php7.2-bz2 php7.2-zip php7.2-mysql php7.2-intl php7.2-gd \
php7.2-curl php7.2-soap php7.2-mbstring php7.2-xsl php7.2-bcmath -y
# copy php7.2 config files
cp -rf $REPO_PATH/etc/php/7.2/* /etc/php/7.2/
service php7.2-fpm restart
sudo cp -rf $REPO_PATH/etc/php/7.2/* /etc/php/7.2/
sudo service php7.2-fpm restart
fi
@ -541,15 +538,12 @@ echo "##########################################"
echo " Configuring php7.0-fpm"
echo "##########################################"
if [ -d /etc/php/7.0 ]; then
cp -rf $REPO_PATH/etc/php/7.0/* /etc/php/7.0/
fi
##################################
# Compile latest nginx release from source
##################################
@ -589,7 +583,6 @@ chmod +x nginx-build.sh
./nginx-build.sh $NGINX_BUILD_VER $BUILD_PAGESPEED $BUILD_NAXSI $BUILD_RTMP
##################################
# Add nginx additional conf
##################################
@ -597,7 +590,6 @@ echo "##########################################"
echo " Configuring Nginx"
echo "##########################################"
# php7.1 & 7.2 common configurations
cp -rf $REPO_PATH/etc/nginx/common/* /etc/nginx/common/
@ -608,8 +600,6 @@ cp -rf $REPO_PATH/etc/nginx/conf.d/* /etc/nginx/conf.d/
cp -f $REPO_PATH/etc/nginx/proxy_params /etc/nginx/proxy_params
cp -f $REPO_PATH/etc/nginx/mime.types /etc/nginx/mime.types
# optimized nginx.config
cp -f $REPO_PATH/etc/nginx/nginx.conf /etc/nginx/nginx.conf
@ -648,7 +638,6 @@ else
echo "##########################################"
fi
##################################
# Add fail2ban configurations
##################################
@ -656,7 +645,6 @@ echo "##########################################"
echo " Configuring Fail2Ban"
echo "##########################################"
cp -rf $REPO_PATH/etc/fail2ban/filter.d/* /etc/fail2ban/filter.d/
cp -rf $REPO_PATH/etc/fail2ban/jail.d/* /etc/fail2ban/jail.d/
@ -727,9 +715,9 @@ if [ "$proftpd_install" = "y" ]; then
if [ -d /etc/ufw ]; then
# ftp active port
ufw allow 21
sudo ufw allow 21
# ftp passive ports
ufw allow 49000:50000/tcp
sudo ufw allow 49000:50000/tcp
fi
fi
@ -746,7 +734,7 @@ if [ ! -d /etc/netdata ]; then
## install nedata
wget -qO kickstart.sh https://my-netdata.io/kickstart.sh
chmod +x kickstart.sh
./kickstart.sh all --dont-wait >> /tmp/ubuntu-nginx-web-server.log 2>&1
./kickstart.sh all --dont-wait >>/tmp/ubuntu-nginx-web-server.log 2>&1
## optimize netdata resources usage
echo 1 >/sys/kernel/mm/ksm/run
@ -783,7 +771,6 @@ git clone https://github.com/VirtuBox/easyengine-dashboard.git
cp -rf /tmp/easyengine-dashboard/* /var/www/22222/htdocs/
chown -R www-data:www-data /var/www/22222/htdocs
##################################
# Install Acme.sh
##################################
@ -791,7 +778,6 @@ echo "##########################################"
echo " Installing Acme.sh"
echo "##########################################"
# install acme.sh if needed
echo ""
echo "checking if acme.sh is already installed"
@ -835,10 +821,10 @@ if [[ "$MY_IP" == "$MY_HOSTNAME_IP" ]]; then
# install the cert and reload nginx
if [ -f $HOME/.acme.sh/${MY_HOSTNAME}_ecc/fullchain.cer ]; then
$HOME/.acme.sh/acme.sh --install-cert -d ${MY_HOSTNAME} --ecc \
--cert-file /etc/letsencrypt/live/${MY_HOSTNAME}/cert.pem \
--key-file /etc/letsencrypt/live/${MY_HOSTNAME}/key.pem \
--fullchain-file /etc/letsencrypt/live/${MY_HOSTNAME}/fullchain.pem \
--reloadcmd "systemctl reload nginx.service"
--cert-file /etc/letsencrypt/live/${MY_HOSTNAME}/cert.pem \
--key-file /etc/letsencrypt/live/${MY_HOSTNAME}/key.pem \
--fullchain-file /etc/letsencrypt/live/${MY_HOSTNAME}/fullchain.pem \
--reloadcmd "systemctl reload nginx.service"
fi
if [ -f /etc/letsencrypt/live/${MY_HOSTNAME}/fullchain.pem ] && [ -f /etc/letsencrypt/live/${MY_HOSTNAME}/key.pem ]; then