#!/usr/bin/env bash set -euo pipefail if [[ "$(id -u)" -ne 0 ]]; then echo "This script must be run as root." exit 1 fi # load env if [[ -n "${ENV_FILE:-}" && -f "${ENV_FILE}" ]]; then set -a; . "${ENV_FILE}"; set +a elif [[ -f "./env.sh" ]]; then set -a; . ./env.sh; set +a fi : "${HOSTNAME:?HOSTNAME not set}" : "${EMAIL:?EMAIL not set}" export DEBIAN_FRONTEND=noninteractive WEBROOT="/var/www/${HOSTNAME}" SITES_AVAIL="/etc/nginx/sites-available" SITES_EN="/etc/nginx/sites-enabled" HTTP_CONF="${SITES_AVAIL}/${HOSTNAME}" WSS_CONF="${SITES_AVAIL}/wss-config-nym" echo echo "* * * Starting nginx configuration for landing page, reverse proxy and WSS * * *" ############################################################################### # step 1: ensure landing page exists (local fetch -> github -> template) ############################################################################### mkdir -p "${WEBROOT}" SCRIPT_DIR="$(dirname "${ENV_FILE:-./env.sh}")" LOCAL_FETCHED_PAGE="${SCRIPT_DIR}/landing-page.html" if [[ -s "${LOCAL_FETCHED_PAGE}" ]]; then cp "${LOCAL_FETCHED_PAGE}" "${WEBROOT}/index.html" elif curl -fsSL \ https://raw.githubusercontent.com/nymtech/nym/develop/scripts/nym-node-setup/landing-page.html \ -o "${WEBROOT}/index.html"; then : else cat > "${WEBROOT}/index.html" < nym node

nym exit gateway

this is a nym exit gateway.

Operator contact: ${EMAIL}

EOF fi echo "Landing page at ${WEBROOT}/index.html" ############################################################################### # step 2: remove default site and old configs, restart nginx ############################################################################### echo "Cleaning existing nginx configuration" # remove default nginx site [[ -L "${SITES_EN}/default" ]] && unlink "${SITES_EN}/default" || true # optional: remove default available config if present rm -f /etc/nginx/sites-available/default || true # remove old vhosts for this domain rm -f "${SITES_EN}/${HOSTNAME}" || true rm -f "${SITES_EN}/${HOSTNAME}-ssl" || true rm -f "${SITES_EN}/wss-config-nym" || true rm -f "${HTTP_CONF}" || true rm -f "${WSS_CONF}" || true systemctl restart nginx || systemctl start nginx ############################################################################### # step 3: create basic HTTP config like manual flow (80 -> 8080) ############################################################################### cat > "${HTTP_CONF}" </dev/null 2>&1 || true apt-get install -y certbot python3-certbot-nginx >/dev/null 2>&1 || true echo "Requesting Let's Encrypt certificate for ${HOSTNAME}" certbot --nginx --non-interactive --agree-tos --redirect --reuse-key \ -m "${EMAIL}" -d "${HOSTNAME}" || true ############################################################################### # step 5: create WSS 9001 config using certbot-generated certs ############################################################################### if [[ -s "/etc/letsencrypt/live/${HOSTNAME}/fullchain.pem" ]]; then echo "Certificate detected, creating WSS config" cat > "${WSS_CONF}" <