nginx反向代理IIS一键部署https

:: $Name: win-ssl.bat
:: $Version: v1.5
:: $Function: nginx反向代理IIS一键部署https
:: $Create Date: 2018-09-18
:: $Description: 1、nginx反向代理IIS一键部署https
:: 2、支持预装环境及纯净版使用iis web环境
:: 3、部署后nginx配置文件推荐放到d:/nginx/conf/vhost/目录下
:: 4、证书路径d:/nginx/ssl 以域名命名blog.mydns.vip.crt blog.mydns.vip.key
:: 5、部署后nginx站点配置文件名为blog.mydns.vip.conf
:: v1.2
:: 1、智能判断是否已部署
:: 2、智能判断放行443
::
:: v1.3
:: 1、修复特殊字符转义
:: 2、优化部署流程
::
:: v1.4
:: 1、优化代码
:: 2、升级nginx版本为1.40
::
:: v1.5
:: 1、优化提示
:: 2、新增自动更新程序
:: 3、加固安全，默认禁止IP直接访问
::
::v1.6
::1、优化代码，增加输入判断
::2、修复BUG
::
@echo off&setlocal enabledelayedexpansion
color 2f
set ver=1.6
set port=443
set suser=nginx
set sname=Nginxd
set sslpath=d:\ssl
set nginxpath=d:\nginx
title IIS+NGINX反向代理环境部署程序v%ver%
set vhostpath=d:\nginx\conf\vhost
set nginxconf=d:\nginx\conf\nginx.conf
set vhosttemppath=d:\nginx\conf\temp.conf
set winrarfile="C:\Program Files\WinRAR\winrar.exe"
set appcmdfile=c:\Windows\System32\inetsrv\appcmd.exe
set updateurl=https://blog.mydns.vip/download
set baseurl=https://blog.mydns.vip/download
set downdir=C:\Users\Administrator\Downloads
set wgetfile=C:\Users\Administrator\Downloads\wget.exe
set sedfile=C:\Users\Administrator\Downloads\sed.rar
set sedexe=C:\Users\Administrator\Downloads\sed\sed.exe

if not exist %wgetfile% (
echo.
echo 缺少wget.exe程序
explorer.exe %baseurl%/wget.exe
echo 正在下载wget.exe必要程序，请直接点击保存
echo 下载完成后按任意键继续
pause
)
if not exist %wgetfile% (
echo.
echo 自动下载失败请访问 %baseurl%/wget.exe 手动下载
echo 并保存到默认下载目录[%downdir%]
echo.
pause
exit
)

if not exist %winrarfile% (
echo.
echo 缺少WinRAR解压程序
echo 请检查安装解压程序后重新运行脚本
echo.
pause
exit
)

:update

%wgetfile% %baseurl%/version.txt -O version.txt >nul 2>nul
title IIS+NGINX反向代理环境部署程序v%ver%
set /p newver=<version.txt
::echo %newver%
::pause
if %newver% gtr %ver% (
%wgetfile% %baseurl%/updatelog.txt -O updatelog.txt >nul 2>nul
title IIS+NGINX反向代理环境部署程序v%ver%
echo.
echo 当前版本v%ver%，最新版本v%newver%
echo.
echo -- 更新日志 --
for /f "delims=" %%i in (updatelog.txt) do set "updatelog=%%i"&call :logecho !updatelog!
echo.
echo 请按任意键更新...
pause >nul
%wgetfile% %updateurl%/win-ssl.bat -O win-ssl_v%newver%.bat
title IIS+NGINX反向代理环境部署程序v%ver%
cls
del /f /q "version.txt"
attrib -h -s -r -a "v%newver%log.txt"
del /f /q "updatelog.txt"
attrib -h -s -r -a "%0"
start win-ssl_v%newver%.bat
del /f /q "%0"
)
if %newver% equ %ver% (
cls
del /f /q "version.txt"
echo 已是最新版本v%newver%
)

set tmp=0123456789abcdefghijklmnopqrstuvwxyz
for /l %%a in (1,1,8) do (
set /a "n=!random!%%36"
for %%z in (!n!) do set webpasswd=!passwd!!tmp:~%%z,1!
)

echo.
echo -- 温馨提示 --
echo.
echo 1、部署前请退出服务器内安装的杀毒软件
echo 安全狗、云锁、360、金山、等安全软件有可能导致SSL证书部署出错
echo 2、主要针对我司申请的SSL证书，如还没有SSL证书，请先申请
echo 其它公司申请的证书可能有所出入，
echo 若部署失败需要自行排查，或提交正确工单我司收费排查。
echo 3、部署之前请做好相关备份，若自行部署失败不承担相关风险和责任。
echo 4、部署前请检查IIS上是否有泛域名绑定，若有请临时取消。
echo 5、推荐将证书文件解压后上传到对应站点目录下，运行脚本自动搜索部署。
echo.
echo 请阅读以上温馨提示，5秒后按任意键继续。
choice /t 5 /d y /n >nul
pause

goto menu

:menu
echo __________________________________________________________
echo ^| ^|
echo ^| IIS+NGINX反向代理环境部署程序 v%ver% ^|
echo ^| ^|
echo ^| 1 - 安装 2 - 卸载 ^|
echo ^| 3 - 部署ssl 4 - 退出 ^|
echo ^| ^|
echo ^|__________________________________________________________^|
set /p choice=-^> 请选择:
if %choice% ==1 goto install
if %choice% ==2 goto uninstall
if %choice% ==3 goto forbiddenip
if %choice% ==4 goto exit
echo.
echo 不能输入除了1、2、3、4之外的其他字符！& choice /t 1 /d y /n >nul & cls & goto menu

:install
cls
if exist %nginxpath%\%sname%.exe (
echo.
echo 核实已安装Nginx环境，请检查服务是否启动，2s后返回主菜单。
choice /t 2 /d y /n >nul & cls & goto menu
)
if not exist %nginxpath% (
mkdir %nginxpath%
echo 创建目录:%nginxpath%成功
)
if not exist %sslpath% (
mkdir %sslpath%
echo 创建目录:%sslpath%成功
)
if not exist %vhostpath% (
mkdir %vhostpath%
echo 创建目录:%vhostpath%成功
)
if not exist %nginxpath%\%suser%.rar (
%wgetfile% %baseurl%/%suser%.rar -O %nginxpath%\%suser%.rar >nul 2>nul
title IIS+NGINX反向代理环境部署程序v%ver%
echo 下载文件:%nginxpath%\%suser%.rar成功
)
%winrarfile% x -inul -o+ %nginxpath%\%suser%.rar %nginxpath% -y >nul 2>nul
net user %suser% %webpasswd% /add /active:yes >nul 2>nul
sc create %sname% binPath= %nginxpath%\%sname%.exe >nul 2>nul
sc config %sname% start= auto type= share obj= .\%suser% password= %webpasswd% >nul 2>nul
%nginxpath%\ntrights.exe -u %suser% +r SeServiceLogonRight >nul 2>nul

cacls d:\ /G %suser%:R /E >nul 2>nul
cacls C:\Windows\System32\cmd.exe /G %suser%:R /E >nul 2>nul
echo y|cacls %sslpath% /P administrators:F %suser%:F /T >nul 2>nul
echo y|cacls %nginxpath% /P administrators:F %suser%:F /T >nul 2>nul
echo 创建用户:%suser%,创建服务:成功
iisreset /stop >nul 2>nul
netsh http add iplisten ipaddress=127.0.0.1 >nul 2>nul

netsh advfirewall firewall show rule name="allow443" verbose>tempfw.txt
for /f "delims=" %%a in (tempfw.txt) do (
for /f "tokens=1* delims=:" %%i in ('call echo %%a^|find /i "本地端口:"') do (
echo %%a>"tempfwch.txt"
)
)
del /s /q tempfw.txt >nul 2>nul
if exist tempfwch.txt ( del /s /q tempfwch.txt >nul 2>nul ) else (
netsh advfirewall firewall add rule name="allow%port%" protocol=TCP dir=in localport=%port% action=allow >nul 2>nul
)
regedit /s %nginxpath%\good.reg >nul 2>nul
echo 调整IIS监听,放行443端口,导入优化方案成功
net start %sname%
iisreset /start >nul 2>nul
echo 服务:%sname%启动成功,IIS服务启动成功
echo 安装完成
goto menu
goto:eof

:uninstall
if not exist %nginxpath%\%sname%.exe (
echo.
echo 没有安装Nginx环境，不需要卸载，2s后返回主菜单。
choice /t 2 /d y /n >nul & cls & goto menu
)
cls
net stop %sname%
sc delete %sname%
echo 停止删除:%sname%服务成功
cacls d:\ /e /c /r %suser% >nul 2>nul
cacls %nginxpath% /t /e /c /r %suser% >nul 2>nul
cacls %sslpath% /t /e /c /r %suser% >nul 2>nul
net user %suser% /delete
::sc config IISADMIN start= auto
echo 还原:%nginxpath%,%sslpath%权限成功
iisreset /stop
netsh http delete iplisten ipaddress=127.0.0.1
iisreset /start
echo 还原IIS监听成功
rd /s /q %nginxpath% >nul 2>nul
rd /s /q %sslpath% >nul 2>nul
echo 清理:%nginxpath%,%sslpath%目录成功
echo 卸载完成
goto menu
goto:eof

:forbiddenip
if not exist %nginxpath%\%sname%.exe (
echo.
echo 没有安装Nginx环境，2s后返回主菜单，请选1安装。
choice /t 2 /d y /n >nul & cls & goto menu
)
if not exist %sedexe% (
%wgetfile% %baseurl%/sed.rar -O %sedfile% >nul 2>nul
%winrarfile% x -inul -o+ %sedfile% %downdir% -y >nul 2>nul
title IIS+NGINX反向代理环境部署程序v%ver%
echo 下载解压文件:%sedfile%成功
)
for /f "delims=" %%a in (%nginxconf%) do set "a=%%a"&if not "!a!"=="!a:if=!" if not "!a!"=="!a:($host ~* "\d+\.\d+\.\d+\.\d+")=!" goto:setssl
echo.
echo 程序检测未禁止IP访问，为加固安全将自动添加以下规则禁止。
echo.
echo if ($host ~* "\d+\.\d+\.\d+\.\d+") {
echo return 403;
echo }
echo.
%sedexe% -i "/listen/a\ if ($host ~* \"\\d+\\.\\d+\\.\\d+\\.\\d+\") {" %nginxconf%
%sedexe% -i "/if/a\ return 403;" %nginxconf%
%sedexe% -i "/return 403;/a\ }" %nginxconf%
C:\Windows\system32\net stop %sname%
C:\Windows\system32\net start %sname%
for /f "delims=" %%j in ('dir /b /a-d "sed*"') do del %%j
goto:setssl

:setssl
set domain=
set crt1path=
set crt2path=
set keypath=
set /p domain=-^> 请输入域名:
call :isnul domain,setssl
if exist %vhostpath%\%domain%.conf (
echo 核实已存在对应配置文件，请检查%domain%是否已部署SSL。
pause >nul
exit
)
for /f "tokens=2 delims= " %%a in ('%appcmdfile% list site http://%domain%') do (set "ftpnametemp=%%a")
set ftpname=%ftpnametemp:~1,-1%
for /f %%i in ('%appcmdfile% list vdirs /app.name:%ftpname%/ /text:physicalPath') do @set webpath=%%i
:crt1flg
if not exist %webpath%\%domain%.cer (
echo 请输入证书文件1[%domain%.cer]的绝对路径
set /p crt1path=-^>
call :isnul crt1path,crt1flg
call :crt1path
) else (
echo.
echo 在%domain%网站根目录找到证书文件1
echo [%webpath%\%domain%.cer]
set crt1path=%webpath%\%domain%.cer
)
::echo crt1:%crt1path%
set crt1pathtemp=%crt1path:~0,-4%
set crt2pathtemp=%crt1pathtemp%_ca.crt
set keypathtemp=%crt1pathtemp%.key
:crt2flg
if not exist %crt2pathtemp% (
echo 请输入证书文件2
echo [%domain%_ca.crt]的绝对路径
set /p crt2path=-^>
call :isnul crt2path,crt2flg
call :crt2path
) else (
echo.
echo 在证书文件1的目录找到证书文件2
echo [%crt2pathtemp%]
set crt2path=%crt2pathtemp%
)
::echo crt2:%crt2path%
:keyflg
if not exist %keypathtemp% (
echo 请输入秘钥文件[%domain%.key]的绝对路径
set /p keypath=-^>
call :isnul keypath,keyflg
call :keypath
) else (
echo.
echo 在证书文件1的目录找到秘钥文件
echo [%keypathtemp%]
set keypath=%keypathtemp%
echo.
)
::echo key:%keypath%
C:\Windows\system32\more "%crt1path%" > "%sslpath%\%domain%.crt"
C:\Windows\system32\more "%crt2path%" >> "%sslpath%\%domain%.crt"
copy "%keypath%" "%sslpath%\%domain%.key" >nul 2>nul
if not exist %vhosttemppath% (
echo 找不到nginx模板配置文件%vhosttemppath%，程序将自动退出。
pause >nul
exit
)
copy "%vhosttemppath%" "%vhostpath%\%domain%.conf" >nul 2>nul
set sslvhostpath=%vhostpath%\%domain%.conf
set sslpathtemp=d:/ssl
set crt=%sslpathtemp%/%domain%.crt
set key=%sslpathtemp%/%domain%.key

%sedexe% -i "/listen/a\ server_name %domain%;" %sslvhostpath%
%sedexe% -i "/server_name/a\ ssl_certificate %crt%;" %sslvhostpath%
%sedexe% -i "/ssl_certificate/a\ ssl_certificate_key %key%;" %sslvhostpath%
C:\Windows\system32\net stop %sname%
C:\Windows\system32\net start %sname%
for /f "delims=" %%j in ('dir /b /a-d "sed*"') do del %%j
echo 安装完成，请关闭窗口
echo 站点配置文件：%sslvhostpath%
echo 证书文件路径：%sslpath%\%domain%.crt
echo %sslpath%\%domain%.key
goto menu
goto:eof

:crt1path
if not exist %crt1path% (
echo %crt1path% 不是有效证书文件
set /p crt1path=-^>
call :crt1path
)
goto:eof
:crt2path
if not exist %crt2path% (
echo %crt2path% 不是有效证书文件
set /p crt2path=-^>
call :crt2path
)
goto:eof
:keypath
if not exist %keypath% (
echo %keypath% 不是有效秘钥文件
set /p keypath=-^>
call :keypath
)
goto:eof

:logecho
echo %1
goto:eof

:isnul
if not defined %1 (
echo 输入为空，请重新输入。
goto %2
)
goto:eof

:exit
exit

» 站长码字辛苦，有用点个赞吧，也可以打个赏
» 若转载请保留本文转自：豫章小站 » 《nginx反向代理IIS一键部署https》

» 本文链接地址：https://blog.mydns.vip/1441.html

» 如果喜欢可以： 点此订阅本站 有需要帮助，可以联系小站