From: Ian Kelling Date: Fri, 25 Mar 2022 06:22:26 +0000 (-0400) Subject: fixes and new options X-Git-Url: https://iankelling.org/git/?a=commitdiff_plain;h=25c6d2d6bcf37d708fec0e529a88f035588c8b7d;p=basic-https-conf fixes and new options --- diff --git a/web-conf b/web-conf index b27ec1a..6b18b2e 100755 --- a/web-conf +++ b/web-conf @@ -41,6 +41,8 @@ distro-setup, and log-quiet. EXTRA_SETTINGS_FILE can be - for stdin +-a IPv4_ADDR IP address to listen on. Default all addresses. + ipv6 address support could be added to this script. -e EMAIL Contact address for let's encrypt. Default is root@\$(hostname --fqdn') which is root@$(hostname --fqdn) on this host. @@ -62,10 +64,15 @@ symlinkarg=- ssl=true extra_settings= port=443 -temp=$(getopt -l help e:if:p:r:sh "$@") || usage 1 +temp=$(getopt -l help a:e:if:p:r:sh "$@") || usage 1 +vhostip='*' eval set -- "$temp" while true; do case $1 in + -a) + listenip="$2:" + vhostip="$2" + shift 2 ;; -e) email="$2"; shift 2 ;; -f) proxy="$2"; shift 2 ;; -i) ssl=false; shift ;; @@ -114,7 +121,14 @@ se=/etc/$t/sites-enabled cert_dir=/etc/letsencrypt/live/$h mkdir -p $root -vhost_file=$se/$h.conf +case $port in + 80|443) + vhost_file=$se/$h.conf + ;; + *) + vhost_file=$se/$h-$port.conf + ;; +esac redir_file=$se/$h-redir.conf if [[ $port == 80 ]]; then @@ -137,10 +151,9 @@ if $ssl; then # --hsts --staple-ocsp --uir --must-staple certbot certonly -n --email $email --no-self-upgrade \ --agree-tos --${t%2} -d $h - rm $vhost_file + # cleanup the call to ourselves a short bit ago + rm $se/$h.conf fi - - fi @@ -170,9 +183,9 @@ if [[ $t == apache2 ]]; then done done - + echo "$0: creating $vhost_file" cat >$vhost_file < + ServerName $h ServerAlias www.$h DocumentRoot $root @@ -221,8 +234,9 @@ SSLUseStapling on Header always set Content-Security-Policy upgrade-insecure-requests EOF - echo "$0: creating $redir_file" - cat >$redir_file <$redir_file < ServerName $h ServerAdmin webmaster@localhost @@ -236,10 +250,11 @@ RewriteCond %{SERVER_NAME} =$h RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent] EOF - if ! $listen_80; then - cat >>$redir_file <<'EOF' + if ! $listen_80; then + cat >>$redir_file <<'EOF' Listen 80 EOF + fi fi # this is a copy of a file certbot, see below. @@ -292,7 +307,7 @@ EOF if ! $listen_port; then # reference: https://httpd.apache.org/docs/2.4/mod/mpm_common.html#listen cat >>$vhost_file <>$vhost_file <>$vhost_file <$redir_file <$redir_file <