make default certdir matchup with acme-tiny-wrapper

[basic-https-conf] / apache-site

diff --git a/apache-site b/apache-site
index 90a98372dbf2c3a48052f239613b579b98161e68..8a67722ada42f9487a7fa6408a0a9d29d7612784 100755 (executable)
--- a/apache-site
+++ b/apache-site
@@ -28,11 +28,12 @@ location for storing certs.
 
 EXTRA_SETTINGS_FILE can be - for stdin
 -p PORT
--i          Insecure, no ssl
--c CERT_DIR Default is /p/c/machine_specific/\$HOSTNAME/webservercerts
--h|--help   Print help and exit
--r          DocumentRoot
---          Subsequent arguments are never treated as options
+-i                 Insecure, no ssl
+-c CERT_DIR       In priority: this arg, $ACME_TINY_WRAPPER_CERT_DIR,
+                  $HOME/webservercerts, if the other options aren't set.
+-h|--help         Print help and exit
+-r                DocumentRoot
+--                Subsequent arguments are never treated as options
 
 Note: options and non-options can be in any order.
 EOF
@@ -41,7 +42,10 @@ EOF
 
 ##### begin command line parsing ########
 
-cert_dir=/p/c/machine_specific/$HOSTNAME/webservercerts
+cert_dir="$ACME_TINY_WRAPPER_CERT_DIR"
+if [[ ! $cert_dir ]]; then
+    cert_dir=$HOME/webservercerts
+fi
 ssl=true
 extra_settings=
 args=()
@@ -103,6 +107,15 @@ if [[ $extra_settings ]]; then
     cat -- $extra_settings | tee -a /etc/apache2/sites-enabled/$h.conf
 fi
 
+# go faster!
+if [[ -e /etc/apache2/mods-available/http2.load ]]; then
+    # https://httpd.apache.org/docs/2.4/mod/mod_http2.html
+    a2enmod http2
+tee -a /etc/apache2/sites-enabled/$h.conf <<EOF
+        Protocols h2 http/1.1
+EOF
+fi
+
 if $ssl; then
     tee -a /etc/apache2/sites-enabled/$h.conf <<EOF
         SSLCertificateFile $cert_dir/$h-chained.pem