Nginx Configuration Script

This script automates the installation, configuration, and management of Nginx with SSL support. It includes functionalities to install Nginx, generate self-signed SSL certificates, configure Nginx settings, and verify the configuration.

Features

• Install Nginx using the appropriate package manager (apt or yum).
• Generate self-signed SSL certificates.
• Configure Nginx with dynamic options.
• Clear Nginx error logs.
• Start and verify Nginx service.
• Check if Nginx is listening on specified ports.
• Configure firewall settings and check for port conflicts.

Requirements

• Python 3.x
• argparse module
• subprocess module
• socket module
• os module

Usage

Command Line Arguments

• --http-port: HTTP listen port (default: 80)
• --https-port: HTTPS listen port (default: 443)
• --server-name: Server name (default: ssl-automation.com)
• --ssl-cert-dir: Directory to store SSL certificates (default: /etc/nginx/certs)
• --ssl-protocols: SSL protocols (default: TLSv1.1 TLSv1.2 TLSv1.3)
• --ssl-ciphers: SSL ciphers (default: ALL:COMPLEMENTOFALL)
• --ssl-session-cache: SSL session cache (default: shared:SSL:10m)
• --ssl-session-timeout: SSL session timeout (default: 5m)
• --ssl-session-tickets: SSL session tickets (default: on)
• --ssl-early-data: SSL early data (default: off)
• --ssl-ecdh-curve: SSL ECDH curve (default: auto)

Examples

Basic Example

python nginx_config.py --http-port 80 --https-port 443 --server-name example.com --ssl-cert-dir /etc/nginx/certs

This command configures Nginx to listen on port 80 for HTTP and port 443 for HTTPS, with the server name example.com and stores SSL certificates in /etc/nginx/certs.

Custom SSL Protocols and Ciphers

python nginx_config.py --http-port 8080 --https-port 8443 --server-name mysite.com --ssl-protocols "TLSv1.2 TLSv1.3" --ssl-ciphers "HIGH:!aNULL:!MD5"

This command configures Nginx to listen on port 8080 for HTTP and port 8443 for HTTPS, with the server name mysite.com, using only TLSv1.2 and TLSv1.3 protocols and a custom set of SSL ciphers.

Custom SSL Session Settings

python nginx_config.py --http-port 80 --https-port 443 --server-name secure.com --ssl-session-cache "shared:SSL:20m" --ssl-session-timeout "10m"

This command configures Nginx to listen on port 80 for HTTP and port 443 for HTTPS, with the server name secure.com, and custom SSL session cache and timeout settings.

Functions

run_command(command)

Execute a shell command and return its output, capturing errors.

install_nginx()

Install Nginx using the appropriate package manager.

generate_self_signed_cert(cert_dir, cert_name="nginx-selfsigned")

Generate a self-signed SSL certificate.

clear_nginx_error_log()

Clear the Nginx error log file.

configure_nginx(args, cert_path, key_path)

Create a full Nginx configuration file based on provided arguments.

start_nginx()

Start the Nginx service.

check_nginx_ports(http_port, https_port)

Check if Nginx is listening on specified ports.

configure_firewall_and_check_services(port)

Check firewall settings and if other services are using the port.

verify_nginx_configuration(args, cert_path, key_path)

Verify if the settings are applied in the Nginx configuration.

License

This project is licensed under the MIT License. See the LICENSE file for details.