ssl=true
extra_settings=
port=443
-temp=$(getopt -l help e:i:f:p:r:h "$@") || usage 1
+temp=$(getopt -l help e:if:p:r:h "$@") || usage 1
eval set -- "$temp"
while true; do
case $1 in
esac
done
+# t = type, h = host
if (( ${#@} == 3 )); then
read -r extra_settings t h <<<"${@}"
else
if $ssl; then
f=$cert_dir/fullchain.pem
if [[ ! -e $f ]] || openssl x509 -checkend 86400 -noout -in $f; then
+ # cerbot needs an existing virtualhost.
$0 -p 80 $t $h
# when generating an example config, add all relevant security options:
# --hsts --staple-ocsp --uir
a2enmod proxy proxy_http
# fyi: trailing slash is important
# reference: https://httpd.apache.org/docs/2.4/howto/reverse_proxy.html
+ # retry=0: https://stackoverflow.com/questions/683052/why-am-i-getting-an-apache-proxy-503-error
cat >>$vhost_file <<EOF
- ProxyPass "/" "http://$proxy/"
+ ProxyPass "/" "http://$proxy/" retry=0
ProxyPassReverse "/" "http://$proxy/"
EOF
fi
-
if $ssl; then
+ a2enmod headers
https_arg=" https"
common_ssl_conf=/etc/apache2/common-ssl.conf
cat >>$vhost_file <<EOF
Header always set Content-Security-Policy upgrade-insecure-requests
EOF
- cat >/etc/apache2/conf-enabled/local-custom.conf <<'EOF'
-# vhost_combined with %D (request time in microseconds)
-# this file is just a convenient place to drop it.
-LogFormat "%v:%p %h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\" %D" vhost_time_combined
-SSLStaplingCache shmcb:/var/run/apache2/stapling_cache(128000)
-EOF
-
echo "$0: creating $redir_file"
cat >$redir_file <<EOF
<VirtualHost *:80>
service nginx restart
fi ####### end if nginx
+
+cat >/etc/apache2/conf-enabled/local-custom.conf <<'EOF'
+# vhost_combined with %D (request time in microseconds)
+# this file is just a convenient place to drop it.
+LogFormat "%v:%p %h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\" %D" vhost_time_combined
+SSLStaplingCache shmcb:/var/run/apache2/stapling_cache(128000)
+EOF
iankelling.org / git / basic-https-conf / blobdiff