add/improve proxy/port args

[basic-https-conf] / apache-site

diff --git a/apache-site b/apache-site
index cf0aa4afc6daa5065fdb11db996db3c119845a2a..2405713b8f6257a374ce3b2c6975a9bbf1f42671 100755 (executable)
--- a/apache-site
+++ b/apache-site
@@ -28,8 +28,9 @@ location for storing certs.
 EXTRA_SETTINGS_FILE can be - for stdin
 -c CERT_DIR       In priority: this arg, $ACME_TINY_WRAPPER_CERT_DIR,
                   $HOME/webservercerts, if the other options aren't set.
+-f [ADDR:]PORT    Enable proxy to [ADDR:]PORT. ADDR default is 127.0.0.1
 -i                Insecure, no ssl
--p ADDR_PORT      Main address and port to listen on, default *:443
+-p PORT           Main port to listen on, default 443
 -r                DocumentRoot
 -h|--help         Print help and exit
 
@@ -46,14 +47,15 @@ if [[ ! $cert_dir ]]; then
 fi
 ssl=true
 extra_settings=
-addr_port="*:443"
-temp=$(getopt -l help ic:p:r:h "$@") || usage 1
+port=443
+temp=$(getopt -l help ic:f:p:r:h "$@") || usage 1
 eval set -- "$temp"
 while true; do
     case $1 in
-        -i) ssl=false; shift ;;
         -c) cert_dir="$2"; shift 2 ;;
-        -p) addr_port="$2"; shift 2 ;;
+        -f) proxy="$2"; shift 2 ;;
+        -i) ssl=false; shift ;;
+        -p) port="$2"; shift 2 ;;
         -r) root="$2"; shift 2 ;;
         --) shift; break ;;
         -h|--help) usage ;;
@@ -76,7 +78,9 @@ if [[ ! $root ]]; then
     root=/var/www/$h/html
 fi
 
-port=${addr_port##*:}
+if [[ $proxy ]]; then
+    [[ $proxy == *:* ]] || proxy=127.0.0.1:$proxy
+fi
 
 
 ##### end command line parsing ########
@@ -100,21 +104,20 @@ vhost_file=/etc/apache2/sites-enabled/$h.conf
 redir_file=/etc/apache2/sites-enabled/httpsredir.conf
 
 # note, we exepct ServerRoot of /etc/apache2
-cd /etc/apache2
-conf_files=(apache2.conf)
-
 # apache requires exactly 1 listen directive per port (when no ip is also given),
 # so we have to parse the config to do it programatically.
 listen_80=false
 listen_port=false
-while (( i=0; i < ${#conf_files[@]}; i++ )); do
+cd /etc/apache2
+conf_files=(apache2.conf)
+for (( i=0; i < ${#conf_files[@]}; i++ )); do
     f="${conf_files[i]}"
     # note: globs are expanded here:
     conf_files+=( $(sed -rn "s,^\s*Include(Optional)?\s+(\S+).*,\2,p" "$f") )
     case $(readlink -f "$f") in
         $vhost_file|$redir_file) continue ;;
     esac
-    for p in $(sed -rn "s,^\s*Listen\s+(\S+).*,\1,p" "$f"); do
+    for p in $(sed -rn "s,^\s*listen\s+(\S+).*,\1,Ip" "$f"); do
         case $p in
             80) listen_80=true ;;
             $port) listen_port=true ;;
@@ -129,7 +132,7 @@ fi
 
 echo "$0: creating $vhost_file"
 cat >$vhost_file <<EOF
-<VirtualHost $addr_port>
+<VirtualHost *:$port>
         ServerName $h
         ServerAlias www.$h
         DocumentRoot $root
@@ -148,6 +151,16 @@ if [[ -e /etc/apache2/mods-available/http2.load ]]; then
 EOF
 fi
 
+if [[ $proxy ]]; then
+    a2enmod proxy proxy_http
+    # fyi: trailing slash is important
+    # reference: https://httpd.apache.org/docs/2.4/howto/reverse_proxy.html
+    cat >>$vhost_file <<EOF
+        ProxyPass "/"  "http://$proxy/"
+        ProxyPassReverse "/"  "http://$proxy/"
+EOF
+fi
+
 if $ssl; then
     certbot_ssl_conf=/etc/letsencrypt/options-ssl-apache.conf
     cat >>$vhost_file <<EOF