iankelling.org
/
git
/
basic-https-conf
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
various fixes
[basic-https-conf]
/
apache-site
diff --git
a/apache-site
b/apache-site
index 32c9f82cca78dbb3866218000d456bf145217e16..d99bf9698c48169bd8ccefb58df238a7104719db 100755
(executable)
--- a/
apache-site
+++ b/
apache-site
@@
-1,4
+1,4
@@
-#!/bin/bash
-l
+#!/bin/bash
# Copyright (C) 2016 Ian Kelling
# Licensed under the Apache License, Version 2.0 (the "License");
# Copyright (C) 2016 Ian Kelling
# Licensed under the Apache License, Version 2.0 (the "License");
@@
-25,10
+25,11
@@
location for storing certs.
EXTRA_SETTINGS_FILE can be - for stdin
-p PORT
EXTRA_SETTINGS_FILE can be - for stdin
-p PORT
--i Insecure, no ssl
--h|--help Print help and exit
--r DocumentRoot
--- Subsequent arguments are never treated as options
+-i Insecure, no ssl
+-c CERT_DIR Default is /p/c/machine_specific/\$HOSTNAME/webservercerts
+-h|--help Print help and exit
+-r DocumentRoot
+-- Subsequent arguments are never treated as options
Note: options and non-options can be in any order.
EOF
Note: options and non-options can be in any order.
EOF
@@
-37,6
+38,7
@@
EOF
##### begin command line parsing ########
##### begin command line parsing ########
+cert_dir=/p/c/machine_specific/$HOSTNAME/webservercerts
ssl=true
extra_settings=
args=()
ssl=true
extra_settings=
args=()
@@
-44,6
+46,7
@@
port="*:443"
while [[ $1 ]]; do
case $1 in
-i) ssl=false; shift ;; # i for insecure
while [[ $1 ]]; do
case $1 in
-i) ssl=false; shift ;; # i for insecure
+ -c) cert_dir="$2"; shift 2 ;;
-p) port="$2"; shift 2 ;;
-r) root="$2"; shift 2 ;;
--) shift; break ;;
-p) port="$2"; shift 2 ;;
-r) root="$2"; shift 2 ;;
--) shift; break ;;
@@
-68,8
+71,8
@@
if [[ ! $root ]]; then
root=/var/www/$h/html
fi
root=/var/www/$h/html
fi
+
##### end command line parsing ########
##### end command line parsing ########
-cdir=/p/c/machine_specific/$HOSTNAME/webservercerts
# taken from the let's encrypt generated site, using
# ./certbot-auto --apache (should use the test mode to check if there are updates)
# taken from the let's encrypt generated site, using
# ./certbot-auto --apache (should use the test mode to check if there are updates)
@@
-85,6
+88,7
@@
cdir=/p/c/machine_specific/$HOSTNAME/webservercerts
sudo rm -f /etc/apache2/sites-enabled/000-default.conf
sudo rm -f /etc/apache2/sites-enabled/000-default.conf
+sudo mkdir -p $root
sudo dd of=/etc/apache2/sites-enabled/$h.conf <<EOF
<VirtualHost $port>
ServerName $h
sudo dd of=/etc/apache2/sites-enabled/$h.conf <<EOF
<VirtualHost $port>
ServerName $h
@@
-93,13
+97,13
@@
sudo dd of=/etc/apache2/sites-enabled/$h.conf <<EOF
EOF
if [[ $extra_settings ]]; then
EOF
if [[ $extra_settings ]]; then
- cat $extra_settings | sudo tee -a /etc/apache2/sites-enabled/$h.conf
+ cat
--
$extra_settings | sudo tee -a /etc/apache2/sites-enabled/$h.conf
fi
if $ssl; then
sudo tee -a /etc/apache2/sites-enabled/$h.conf <<EOF
fi
if $ssl; then
sudo tee -a /etc/apache2/sites-enabled/$h.conf <<EOF
- SSLCertificateFile $cdir/$h-chained.pem
- SSLCertificateKeyFile $cdir/$h-domain.key
+ SSLCertificateFile $c
ert_
dir/$h-chained.pem
+ SSLCertificateKeyFile $c
ert_
dir/$h-domain.key
Include /etc/letsencrypt/options-ssl-apache.conf
EOF
Include /etc/letsencrypt/options-ssl-apache.conf
EOF
@@
-154,5
+158,5
@@
sudo tee -a /etc/apache2/sites-enabled/$h.conf <<EOF
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
EOF
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
EOF
-s a2enmod ssl rewrite # rewrite needed for httpredir
-s
er restart apache2
+s
udo
a2enmod ssl rewrite # rewrite needed for httpredir
+s
udo service apache2 restart