iankelling.org
/
git
/
basic-https-conf
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
|
inline
| side by side (parent:
26e797e
)
add option, fix nginx
author
Ian Kelling
<iank@fsf.org>
Mon, 1 May 2023 02:29:01 +0000
(22:29 -0400)
committer
Ian Kelling
<iank@fsf.org>
Mon, 1 May 2023 02:29:01 +0000
(22:29 -0400)
web-conf
patch
|
blob
|
history
diff --git
a/web-conf
b/web-conf
index 977c8cfb38166ec6099e56999502594eb159c50d..38dce524cf0153ff47c5592b6d5246802a86b69b 100755
(executable)
--- a/
web-conf
+++ b/
web-conf
@@
-43,6
+43,7
@@
distro-setup, and log-quiet.
EXTRA_SETTINGS_FILE can be - for stdin
-a IPv4_ADDR IP address to listen on. Default all addresses.
ipv6 address support could be added to this script.
EXTRA_SETTINGS_FILE can be - for stdin
-a IPv4_ADDR IP address to listen on. Default all addresses.
ipv6 address support could be added to this script.
+-c CERT_FOLDER No letsencrypt. use fullchain.pem and privkey.pem in this folder.
-e EMAIL Contact address for let's encrypt. Default is
root@\$(hostname --fqdn')
which is root@$(hostname --fqdn) on this host.
-e EMAIL Contact address for let's encrypt. Default is
root@\$(hostname --fqdn')
which is root@$(hostname --fqdn) on this host.
@@
-64,7
+65,7
@@
symlinkarg=-
ssl=true
extra_settings=
port=443
ssl=true
extra_settings=
port=443
-temp=$(getopt -l help a:e:if:p:r:sh "$@") || usage 1
+temp=$(getopt -l help a:
c:
e:if:p:r:sh "$@") || usage 1
vhostip='*'
eval set -- "$temp"
while true; do
vhostip='*'
eval set -- "$temp"
while true; do
@@
-73,6
+74,7
@@
while true; do
listenip="$2:"
vhostip="$2"
shift 2 ;;
listenip="$2:"
vhostip="$2"
shift 2 ;;
+ -c) oob_cert_dir="$2"; shift 2 ;;
-e) email="$2"; shift 2 ;;
-f) proxy="$2"; shift 2 ;;
-i) ssl=false; shift ;;
-e) email="$2"; shift 2 ;;
-f) proxy="$2"; shift 2 ;;
-i) ssl=false; shift ;;
@@
-118,7
+120,11
@@
fi
##### end command line parsing ########
se=/etc/$t/sites-enabled
##### end command line parsing ########
se=/etc/$t/sites-enabled
-cert_dir=/etc/letsencrypt/live/$h
+if [[ $oob_cert_dir ]]; then
+ cert_dir="$oob_cert_dir"
+else
+ cert_dir=/etc/letsencrypt/live/$h
+fi
mkdir -p $root
case $port in
mkdir -p $root
case $port in
@@
-138,7
+144,7
@@
if [[ $port == 80 ]]; then
fi
fi
-if $ssl; then
+if
[[ ! $oob_cert_dir ]] &&
$ssl; then
$this_dir/certbot-setup $t
$this_dir/certbot-setup $t
@@
-415,7
+421,7
@@
server {
server_name $h www.$h;
listen 80 $http2_arg;
listen [::]:80 $http2_arg;
server_name $h www.$h;
listen 80 $http2_arg;
listen [::]:80 $http2_arg;
- return 301 https://
$server_name
$request_uri;
+ return 301 https://
\$server_name\
$request_uri;
}
EOF
fi
}
EOF
fi