#!/bin/bash
function escape_str(){
    echo $1|sed -E 's/\\+//g' |sed -E 's/[\/\.\*]/\\\0/g'
}
ubuntu_ver="$(lsb_release -rs)"
sudo echo ""
org_pwd="$(pwd)"
cpu_cores="$(nproc --all)"
openssl_ver="$(openssl version|xargs| awk '{print $2}')"
openssl_dir=""
openssl_source_dir=""
if [[ "$openssl_ver" < "1.1.1" ]]; then
    # Build openssl
    target_openssl_ver="1.1.1m"
    sudo bash -l -c "
        cd /root &&
        wget https://www.openssl.org/source/openssl-$target_openssl_ver.tar.gz --no-check-certificate &&
        tar xzvf openssl-$target_openssl_ver.tar.gz &&
        cd openssl-$target_openssl_ver &&
        ./config no-ssl2 no-ssl3 zlib-dynamic -fPIC shared --prefix=/opt/openssl &&
        make depend -j$cpu_cores && make install &&
        rm -f /usr/bin/openssl &&
        ln -s /opt/openssl/bin/* /usr/bin/. &&
        echo'/opt/openssl/lib' > /etc/ld.so.conf.d/openssl.conf &&
        ldconfig"
    openssl_ver="$target_openssl_ver"
    cd "$org_pwd"
    openssl_dir="/opt/openssl"
    openssl_source_dir="/root/openssl-$target_openssl_ver"
fi
if [ -z "$cpu_cores" ]; then
    cpu_cores="1";
fi
if [[ "$ubuntu_ver" < "16" ]]; then #Need update ca-certificates manual
    sudo bash -l -c "
        cd /root &&
        wget https://launchpad.net/ubuntu/+archive/primary/+sourcefiles/ca-certificates/20210119~20.04.2/ca-certificates_20210119~20.04.2.tar.xz --no-check-certificate &&
        tar -xJf ca-certificates_20210119~20.04.2.tar.xz &&
        cd ca-certificates-20210119~20.04.1 &&
        make -j$cpu_cores && make install &&
        dpkg-reconfigure -fnoninteractive ca-certificates &&
        update-ca-certificates --fresh --verbose &&
        /usr/bin/c_rehash /etc/ssl/certs"
    cd "$org_pwd"
else
    sudo apt-get update
    sudo apt-get install --reinstall ca-certificates -y
fi
nginx_configure=""
if [ -z $openssl_source_dir ]; then
    nginx_configure="./configure --prefix=/usr/share/nginx --conf-path=/etc/nginx/nginx.conf --http-log-path=/var/log/nginx/access.log --error-log-path=/var/log/nginx/error.log --lock-path=/var/lock/nginx.lock --pid-path=/run/nginx.pid --modules-path=/usr/lib/nginx/modules --http-client-body-temp-path=/var/lib/nginx/body --http-fastcgi-temp-path=/var/lib/nginx/fastcgi --http-proxy-temp-path=/var/lib/nginx/proxy --http-scgi-temp-path=/var/lib/nginx/scgi --http-uwsgi-temp-path=/var/lib/nginx/uwsgi --with-debug --with-compat --with-pcre-jit --with-http_ssl_module --with-http_stub_status_module --with-http_realip_module --with-http_auth_request_module --with-http_v2_module --with-http_dav_module --with-http_slice_module --with-threads --with-http_addition_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_image_filter_module=dynamic --with-http_sub_module --with-http_xslt_module=dynamic --with-stream=dynamic --with-stream_ssl_module --with-mail=dynamic --with-mail_ssl_module"
else
    nginx_configure="./configure --prefix=/usr/share/nginx --conf-path=/etc/nginx/nginx.conf --http-log-path=/var/log/nginx/access.log --error-log-path=/var/log/nginx/error.log --lock-path=/var/lock/nginx.lock --pid-path=/run/nginx.pid --modules-path=/usr/lib/nginx/modules --http-client-body-temp-path=/var/lib/nginx/body --http-fastcgi-temp-path=/var/lib/nginx/fastcgi --http-proxy-temp-path=/var/lib/nginx/proxy --http-scgi-temp-path=/var/lib/nginx/scgi --http-uwsgi-temp-path=/var/lib/nginx/uwsgi --with-debug --with-compat --with-pcre-jit --with-http_ssl_module --with-http_stub_status_module --with-http_realip_module --with-http_auth_request_module --with-http_v2_module --with-http_dav_module --with-http_slice_module --with-threads --with-http_addition_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_image_filter_module=dynamic --with-http_sub_module --with-http_xslt_module=dynamic --with-stream=dynamic --with-stream_ssl_module --with-mail=dynamic --with-mail_ssl_module --with-openssl=$openssl_source_dir"
fi
nginx_ver="$(nginx -v 2>&1|xargs|awk '{print $3}'|cut -d '/' -f 2)"

nginx_target_ver="1.23.1"
if [[ "$nginx_ver" < $nginx_target_ver ]] || [[ "$1" == '--force' ]]; then
    if [ -f "/etc/nginx/nginx.conf" ]; then
        nginx_conf_exist="1"
    else
        nginx_conf_exist="0"
    fi
    #Build nginx and install
    sudo bash -l -c "
        cd /root &&
        wget http://nginx.org/download/nginx-$nginx_target_ver.tar.gz &&
        tar -zxvf nginx-$nginx_target_ver.tar.gz &&
        cd nginx-$nginx_target_ver &&
        apt remove nginx --purge -y &&
        apt-get -y install libpcre3 libpcre3-dev libxml2 libxml2-dev libxslt-dev libgd-dev &&
        $nginx_configure &&
        make -j$cpu_cores && make install &&
        rm -f /usr/sbin/nginx &&
        ln -s /usr/share/nginx/sbin/nginx /usr/sbin/. &&
        service nginx restart
        "
    if [[ $nginx_conf_exist == "0" ]]; then
        nginx_conf_path="/etc/nginx/nginx.conf"
        server_block_start=`sudo grep  -E '^\s*server\s*{' $nginx_conf_path -n|cut -d : -f 1`
        http_block_start=`sudo grep  -E '^\s*http\s*{' $nginx_conf_path -n|cut -d : -f 1`
        http_block_end_offset=`cat $nginx_conf_path | awk '{if (NR>='$http_block_start') print}'|grep  -E '^}' -n|cut -d : -f 1|xargs|awk '{print $1}'`
        http_block_end=$((http_block_end_offset + http_block_start - 1))
        if [ -z "$server_block_start" ]; then
            if [[ ! -f /etc/nginx/sites-enabled/default ]]; then
                sudo mkdir -p /etc/nginx/sites-enabled
                sudo wget http://gitlab.tp.rulingcom.com/erictyl/install_r45_on_ubuntu_1804lts_doc/-/raw/master/sites-enabled-default -O /etc/nginx/sites-enabled/default
            fi
        else
            server_block_contents=`cat $nginx_conf_path | awk '{if (NR>='$server_block_start' && NR <'$http_block_end') print}'`
            blank_text=`echo "$server_block_contents"|grep -E '^\s*' -m 1|sed 's/\w.*//g'`
            server_block_contents=`echo "$server_block_contents"|sed "s/^$blank_text//g"`
            sudo mkdir -p /etc/nginx/sites-enabled
            echo "$server_block_contents"|sudo tee /etc/nginx/sites-enabled/default 1>/dev/null
            nginx_conf_contents=`cat $nginx_conf_path | awk '{if (NR<'$server_block_start' || NR >='$http_block_end') print}'`
            echo "$nginx_conf_contents"|sudo tee $nginx_conf_path 1>/dev/null
        fi
        http_block_end_offset=`cat $nginx_conf_path | awk '{if (NR>='$http_block_start') print}'|grep  -E '^}' -n|cut -d : -f 1|xargs|awk '{print $1}'`
        http_block_end=$((http_block_end_offset + http_block_start - 1))
        include_list='/etc/nginx/conf.d/\*.conf /etc/nginx/sites-enabled/\*'
        if [ -z "$(grep 'Virtual Host Configs' $nginx_conf_path)" ]; then
            virtual_host_configs_text=`echo '\n    ##\n    # Virtual Host Configs\n    ##'`
            sudo sed -i "$((http_block_end-1)),+0s/.*/\0\\n    $(echo "$virtual_host_configs_text")/g" $nginx_conf_path
            http_block_end_offset=`cat $nginx_conf_path | awk '{if (NR>='$http_block_start') print}'|grep  -E '^}' -n|cut -d : -f 1|xargs|awk '{print $1}'`
            http_block_end=$((http_block_end_offset + http_block_start - 1))
        fi
        for file_list in $include_list; do
            if [[ "$(cat $nginx_conf_path)" != *"$(echo $file_list|sed 's/\\//g')"* ]]; then
                sudo sed -i $((http_block_end-1)),+0's/.*/\0\n    include '$(escape_str $file_list)';/g' $nginx_conf_path
                http_block_end=$((http_block_end + 1))
            fi
        done
    fi
    cd "$org_pwd"
fi