X-Git-Url: https://iankelling.org/git/?p=basic-https-conf;a=blobdiff_plain;f=web-conf;h=fddb5375b45a53fe0301444234bf79ba764cd772;hp=074fddd45c6279b62a9919a1544441caaf38ac60;hb=ebb14a4931cb65b505add2e56c9f1c9e5c90ec4d;hpb=06cb6315863aab25ba94359e0fc397c2f44677c5
diff --git a/web-conf b/web-conf
index 074fddd..fddb537 100755
--- a/web-conf
+++ b/web-conf
@@ -40,6 +40,7 @@ EXTRA_SETTINGS_FILE can be - for stdin
-i Insecure, no ssl.
-p PORT Main port to listen on, default 443. 80 implies -i.
-r DIR DocumentRoot
+-s Allow symlinks from the doucmentroot
-h|--help Print help and exit
Note: Uses GNU getopt options parsing style
@@ -49,10 +50,11 @@ EOF
##### begin command line parsing ########
+symlinkarg=-
ssl=true
extra_settings=
port=443
-temp=$(getopt -l help e:if:p:r:h "$@") || usage 1
+temp=$(getopt -l help e:if:p:r:sh "$@") || usage 1
eval set -- "$temp"
while true; do
case $1 in
@@ -61,6 +63,7 @@ while true; do
-i) ssl=false; shift ;;
-p) port="$2"; shift 2 ;;
-r) root="$2"; shift 2 ;;
+ -s) symlinkarg=+; shift ;;
--) shift; break ;;
-h|--help) usage ;;
*) echo "$0: Internal error!" ; exit 1 ;;
@@ -116,7 +119,7 @@ fi
if $ssl; then
f=$cert_dir/fullchain.pem
threedays=259200 # in seconds
- if [[ ! -e $f ]] || openssl x509 -checkend $threedays -noout -in $f; then
+ if [[ ! -e $f ]] || ! openssl x509 -checkend $threedays -noout -in $f >/dev/null; then
# cerbot needs an existing virtualhost.
$0 -p 80 $t $h
# when generating an example config, add all relevant security options:
@@ -146,7 +149,6 @@ if [[ $t == apache2 ]]; then
case $(readlink -f "$f") in
$vhost_file|$redir_file) continue ;;
esac
- echo "$f"
for p in $(sed -rn "s,^\s*listen\s+(\S+).*,\1,Ip" "$f"); do
case $p in
80) listen_80=true ;;&
@@ -162,7 +164,7 @@ ServerName $h
ServerAlias www.$h
DocumentRoot $root
- Options -Indexes -FollowSymlinks
+ Options -Indexes ${symlinkarg}FollowSymlinks
EOF
@@ -173,14 +175,14 @@ EOF
# go faster!
if [[ -e /etc/apache2/mods-available/http2.load ]]; then
# https://httpd.apache.org/docs/2.4/mod/mod_http2.html
- a2enmod http2
+ a2enmod -q http2
cat >>$vhost_file <>$vhost_file <s %b \"%{Referer}i\" \"%{User-agent}i\"" vhost_combined
LogFormat "%v %h %l %u %t \"%r\" %>s %b" vhost_common
+
+#CustomLog /var/log/apache2/access.log vhost_combined
+#LogLevel warn
+#ErrorLog /var/log/apache2/error.log
+
+# Always ensure Cookies have "Secure" set (JAH 2012/1)
+#Header edit Set-Cookie (?i)^(.*)(;\s*secure)??((\s*;)?(.*)) "$1; Secure$3$4"
EOF
upstream=https://raw.githubusercontent.com/certbot/certbot/master/certbot-apache/certbot_apache/options-ssl-apache.conf
@@ -283,7 +291,7 @@ EOF
fi
- a2enmod ssl rewrite # rewrite needed for httpredir
+ a2enmod -q ssl rewrite # rewrite needed for httpredir
service apache2 restart
# I rarely look at how much traffic I get, so let's keep that info