X-Git-Url: https://iankelling.org/git/?p=basic-https-conf;a=blobdiff_plain;f=apache-site;h=a4f295ac68f0bd9de1e0981085e6e667c890eaff;hp=90a98372dbf2c3a48052f239613b579b98161e68;hb=75fa1938d9e9bd00dfab294deac75b3a749e4929;hpb=2fab2d0cee66545f1572a3127e0842ba629d41a5

diff --git a/apache-site b/apache-site
index 90a9837..a4f295a 100755
--- a/apache-site
+++ b/apache-site
@@ -13,7 +13,6 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-# run as root.
 [[ $EUID == 0 ]] || exec sudo -E "$BASH_SOURCE" "$@"
 
 set -eE -o pipefail
@@ -28,41 +27,44 @@ location for storing certs.
 
 EXTRA_SETTINGS_FILE can be - for stdin
 -p PORT
--i          Insecure, no ssl
--c CERT_DIR Default is /p/c/machine_specific/\$HOSTNAME/webservercerts
--h|--help   Print help and exit
--r          DocumentRoot
---          Subsequent arguments are never treated as options
+-i                Insecure, no ssl
+-c CERT_DIR       In priority: this arg, $ACME_TINY_WRAPPER_CERT_DIR,
+                  $HOME/webservercerts, if the other options aren't set.
+-r                DocumentRoot
+-h|--help         Print help and exit
 
-Note: options and non-options can be in any order.
+Note: Uses GNU getopt options parsing style
 EOF
     exit $1
 }
 
 ##### begin command line parsing ########
 
-cert_dir=/p/c/machine_specific/$HOSTNAME/webservercerts
+cert_dir="$ACME_TINY_WRAPPER_CERT_DIR"
+if [[ ! $cert_dir ]]; then
+    cert_dir=$HOME/webservercerts
+fi
 ssl=true
 extra_settings=
-args=()
 port="*:443"
-while [[ $1 ]]; do
+temp=$(getopt -l help ic:p:r:h "$@") || usage 1
+eval set -- "$temp"
+while true; do
     case $1 in
-        -i) ssl=false; shift ;; # i for insecure
+        -i) ssl=false; shift ;;
         -c) cert_dir="$2"; shift 2 ;;
         -p) port="$2"; shift 2 ;;
         -r) root="$2"; shift 2 ;;
         --) shift; break ;;
-        -?*|-h|--help) usage ;;
-        *) args+=("$1"); shift ;;
+        -h|--help) usage ;;
+        *) echo "$0: Internal error!" ; exit 1 ;;
     esac
 done
-args+=("$@")
 
-if (( ${#args[@]} == 2 )); then
-    read extra_settings h <<<"${args[@]}"
+if (( ${#@} == 2 )); then
+    read extra_settings h <<<"${@}"
 else
-    read h <<<"${args[@]}"
+    read h <<<"${@}"
 fi
 
 if [[ ! $h ]]; then
@@ -103,6 +105,15 @@ if [[ $extra_settings ]]; then
     cat -- $extra_settings | tee -a /etc/apache2/sites-enabled/$h.conf
 fi
 
+# go faster!
+if [[ -e /etc/apache2/mods-available/http2.load ]]; then
+    # https://httpd.apache.org/docs/2.4/mod/mod_http2.html
+    a2enmod http2
+tee -a /etc/apache2/sites-enabled/$h.conf <<EOF
+        Protocols h2 http/1.1
+EOF
+fi
+
 if $ssl; then
     tee -a /etc/apache2/sites-enabled/$h.conf <<EOF
         SSLCertificateFile $cert_dir/$h-chained.pem