#!/usr/bin/env bash

## Installation
## curl -o /usr/local/bin/serve-php.sh https://gist.githubusercontent.com/lesstif/82c107282241c7a52ad9/raw 
## chmod +x /usr/local/bin/serve-php.sh

SA="/etc/nginx/sites-available/"
SE="/etc/nginx/sites-enabled/"

test=0
if [ "$EUID" -ne 0 ];then 
    echo -e "Your are running $0 in the user mode.!\n nginx config file does not modifiying.\n\n";
    SA="./sites-available/"
    SE="./sites-enabled/"
    test=1
fi

if [ ! "$#" -eq 2 ]; then
    echo "Error: missing required parameters.";
    echo "Usage: ";
    echo "  serve domain path";
    exit 1;
fi

HOST=$1
ROOT=$2


PHP_VERSIONS="5.6 7.0 7.1 7.2 7.3 7.4 8.0"

function find_fpm() {
    d="/etc/init.d/"

    found=0;
    for v in ${PHP_VERSIONS};do
        FPM="php${v}-fpm";
        FULL_PATH=${d}"php${v}-fpm";
        if [ -f "${FULL_PATH}" ]; then
            echo "${FPM} script found  in the '${FULL_PATH}'";
            found=1;
            break;
        fi;
    done

    if [ ${found} == 0 ];then
        SYSTEMD_FPM_PATH="/usr/lib/systemd/system/php-fpm.service"
        if [ -f "${SYSTEMD_FPM_PATH}" ];then  ## RHEL 7
            FPM="php-fpm";
            echo "${FPM} script found  in the '${SYSTEMD_FPM_PATH}'";
        else
            echo "php-fpm not found. exiting...";
            exit 1;
        fi;
    fi;
}

FPMSOCK=""

function find_fpm_socket() {
    d="/var/run/php/"
    if [ ! -d "${d}" ];then
        d="/var/run/php-fpm/"
    fi

    ## FILE exists and is a socket
    found=0
    for v in ${PHP_VERSIONS}; do
        FSOCK="php${v}-fpm.sock";
        if [ -S "${d}/${FSOCK}" ]; then
            echo "FPM Socket found in the '${FSOCK}'";
            found=1;
            break;
        fi;
    done;

    if [ ${found} == 1 ];then
        PROTO="unix:"
        FPMSOCK="${FSOCK}"
        echo "php-fpm ${FPMSOCK}...";
    else
        if [ -S "/run/php-fpm/www.sock" ];then ## CentOS 8 - remi
            PROTO="unix:"
            FPMSOCK="/run/php-fpm/www.sock"
            echo "php-fpm ${FPMSOCK}...";
        else
            # fastcgi_pass 127.0.0.1:9000;
            ## assume local port on 9000
            PROTO=""
            FPMSOCK="127.0.0.1:9000"
            echo "php-fpm unix socket not found. using ${FPMSOCK}...";
        fi;
    fi;
}

## for RHEL derived distro
if [ ! -d "${SA}" ];then
    mkdir ${SA}
fi

if [ ! -d "${SE}" ];then
    mkdir ${SE}
fi

### generate self-signed certification for HTTPS
# mkdir /etc/nginx/ssl 2>/dev/null
# 
# PATH_SSL="/etc/nginx/ssl"
# PATH_KEY="${PATH_SSL}/${1}.key"
# PATH_CSR="${PATH_SSL}/${1}.csr"
# PATH_CRT="${PATH_SSL}/${1}.crt"
# 
# if [ ! -f $PATH_KEY ] || [ ! -f $PATH_CSR ] || [ ! -f $PATH_CRT ]
# then
#   openssl genrsa -out "$PATH_KEY" 2048 2>/dev/null
#   openssl req -new -key "$PATH_KEY" -out "$PATH_CSR" -subj "/CN=$1/O=Vagrant/C=UK" 2>/dev/null
#   openssl x509 -req -days 365 -in "$PATH_CSR" -signkey "$PATH_KEY" -out "$PATH_CRT" 2>/dev/null
# fi
### 

find_fpm
find_fpm_socket

block="##server {
##    listen 80;
##    server_name $1;

    ## force redirect to https
    
##  location / {
##      return 301 https://\$server_name\$request_uri;
##  }
##}

server {
    listen 80;
    listen 443 ssl;
    server_name $1;
    root \"$2\";
    
    server_tokens off;
    fastcgi_hide_header X-Powered-By;
     
    index index.php index.html index.htm;
    charset utf-8;
    location / {
        try_files \$uri \$uri/ /index.php?\$query_string;
    }
    location = /favicon.ico { access_log off; log_not_found off; }
    location = /robots.txt  { access_log off; log_not_found off; }
    ##access_log off;
    access_log /var/log/nginx/$1-access.log combined;
    error_log  /var/log/nginx/$1-error.log error;
    sendfile off;
    client_max_body_size 100m;
    
    # Default is HTTP/1, keepalive is only enabled in HTTP/1.1
    proxy_http_version 1.1;
    
    # Remove the Connection header if the client sends it,
    # it could be "close" to close a keepalive connection
    proxy_set_header Connection \"\";
  
    location ~ \.php$ {        
        # Mitigate https://httpoxy.org/ vulnerabilities
        fastcgi_param HTTP_PROXY \"\";
        
        fastcgi_split_path_info ^(.+\.php)(/.+)$;
        fastcgi_pass ${PROTO}${FPMSOCK};
        
        fastcgi_index index.php;
        include fastcgi_params;
        fastcgi_param SCRIPT_FILENAME \$document_root\$fastcgi_script_name;
        fastcgi_intercept_errors off;
        fastcgi_buffer_size 16k;
        fastcgi_buffers 4 16k;
        fastcgi_connect_timeout 300;
        fastcgi_send_timeout 300;
        fastcgi_read_timeout 300;
    }
    location ~ /\.ht {
        deny all;
    }
    
    ### ssl on was deprecated. use listen 443 ssl;
    ### ssl                  on;
    
    # ssl_certificate     /etc/nginx/ssl/$1.crt;
    # ssl_certificate_key /etc/nginx/ssl/$1.key;
    
    ### RHEL/CentOS derived distro.
    # ssl_certificate     /etc/pki/tls/certs/$1.crt;
    # ssl_certificate_key /etc/pki/tls/private/$1.key;
    
    ### Dropping SSLv3, ref: POODLE
    # ssl_protocols TLSv1.3 TLSv1.2 TLSv1.1; 
    # ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
    
    ### HSTS(HTTP Strict Transport Security)
    # add_header Strict-Transport-Security \"max-age=86400; includeSubdomains; preload\";
}"

echo "$block" > "${SA}/$1"
ln -fs "${SA}/$1" "${SE}/$1"

if [ $test -ne 1 ];then
    systemctl restart nginx
    systemctl restart ${FPM}
fi

## check include sites-enabled directive
RED='\033[0;31m'
NC='\033[0m' # No Color

DUMMY=$(grep sites-enabled /etc/nginx/nginx.conf)
is_include=$?

if [ ${is_include} != 0 ];then
    printf "\n\nyou need to append \"${RED}include /etc/nginx/sites-enabled/*;\"${NC}  into the nginx.conf http { } block. \n\n"
fi