iankelling.org
/
git
/
basic-https-conf
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
|
inline
| side by side (from parent 1:
3139f7f
)
be less verbose
author
Ian Kelling
<ian@iankelling.org>
Mon, 3 Apr 2017 00:50:18 +0000
(17:50 -0700)
committer
Ian Kelling
<ian@iankelling.org>
Mon, 3 Apr 2017 00:50:18 +0000
(17:50 -0700)
apache-site
patch
|
blob
|
history
nginx-site
patch
|
blob
|
history
diff --git
a/apache-site
b/apache-site
index 5e3f8c463d07d6c267e9d72a7b6e7754721a98be..cf0aa4afc6daa5065fdb11db996db3c119845a2a 100755
(executable)
--- a/
apache-site
+++ b/
apache-site
@@
-127,7
+127,8
@@
if $ssl; then
fi
fi
-tee $vhost_file <<EOF
+echo "$0: creating $vhost_file"
+cat >$vhost_file <<EOF
<VirtualHost $addr_port>
ServerName $h
ServerAlias www.$h
<VirtualHost $addr_port>
ServerName $h
ServerAlias www.$h
@@
-135,21
+136,21
@@
tee $vhost_file <<EOF
EOF
if [[ $extra_settings ]]; then
EOF
if [[ $extra_settings ]]; then
- cat -- $extra_settings
| tee -a
$vhost_file
+ cat -- $extra_settings
>>
$vhost_file
fi
# go faster!
if [[ -e /etc/apache2/mods-available/http2.load ]]; then
# https://httpd.apache.org/docs/2.4/mod/mod_http2.html
a2enmod http2
fi
# go faster!
if [[ -e /etc/apache2/mods-available/http2.load ]]; then
# https://httpd.apache.org/docs/2.4/mod/mod_http2.html
a2enmod http2
-
tee -a
$vhost_file <<EOF
+
cat >>
$vhost_file <<EOF
Protocols h2 http/1.1
EOF
fi
if $ssl; then
certbot_ssl_conf=/etc/letsencrypt/options-ssl-apache.conf
Protocols h2 http/1.1
EOF
fi
if $ssl; then
certbot_ssl_conf=/etc/letsencrypt/options-ssl-apache.conf
-
tee -a
$vhost_file <<EOF
+
cat >>
$vhost_file <<EOF
SSLCertificateFile $cert_dir/$h-chained.pem
SSLCertificateKeyFile $cert_dir/$h-domain.key
Include $certbot_ssl_conf
SSLCertificateFile $cert_dir/$h-chained.pem
SSLCertificateKeyFile $cert_dir/$h-domain.key
Include $certbot_ssl_conf
@@
-158,7
+159,8
@@
EOF
# if we are using a non-standard port, setup don't setup
# irrelevant 443 redirect.
if [[ $port == "443" ]]; then
# if we are using a non-standard port, setup don't setup
# irrelevant 443 redirect.
if [[ $port == "443" ]]; then
- tee $redir_file <<'EOF'
+ echo "$0: creating $redir_file"
+ cat >$redir_file <<'EOF'
# vhost_combined with %D (request time in microseconds)
# this file is just a convenient place to drop it.
LogFormat "%v:%p %h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\" %D" vhost_time_combined
# vhost_combined with %D (request time in microseconds)
# this file is just a convenient place to drop it.
LogFormat "%v:%p %h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\" %D" vhost_time_combined
@@
-176,7
+178,7
@@
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent]
</VirtualHost>
EOF
if ! $listen_80; then
</VirtualHost>
EOF
if ! $listen_80; then
-
tee -a
$redir_file <<'EOF'
+
cat >>
$redir_file <<'EOF'
Listen 80
EOF
fi
Listen 80
EOF
fi
@@
-185,6
+187,7
@@
EOF
mkdir -p /etc/letsencrypt
# this is from cerbot, see below.
mkdir -p /etc/letsencrypt
# this is from cerbot, see below.
+ echo "$0: creating $certbot_ssl_conf"
cat >$certbot_ssl_conf <<'EOF'
# Baseline setting to Include for SSL sites
cat >$certbot_ssl_conf <<'EOF'
# Baseline setting to Include for SSL sites
@@
-226,7
+229,7
@@
EOF
sleep 1
fi
fi
sleep 1
fi
fi
-
tee -a
$vhost_file <<EOF
+
cat >>
$vhost_file <<EOF
ErrorLog \${APACHE_LOG_DIR}/error.log
CustomLog \${APACHE_LOG_DIR}/access.log vhost_time_combined
</VirtualHost>
ErrorLog \${APACHE_LOG_DIR}/error.log
CustomLog \${APACHE_LOG_DIR}/access.log vhost_time_combined
</VirtualHost>
@@
-234,7
+237,7
@@
EOF
if ! $listen_port; then
# reference: https://httpd.apache.org/docs/2.4/mod/mpm_common.html#listen
if ! $listen_port; then
# reference: https://httpd.apache.org/docs/2.4/mod/mpm_common.html#listen
-
tee -a
$vhost_file <<EOF
+
cat >>
$vhost_file <<EOF
listen ${port}${https_arg}
EOF
fi
listen ${port}${https_arg}
EOF
fi
diff --git
a/nginx-site
b/nginx-site
index f66b40c86b40db48d0601a287abe2f7dcecbaaa8..937c71aa7693ce36f3f2254b1c5f3114927fa706 100755
(executable)
--- a/
nginx-site
+++ b/
nginx-site
@@
-84,13
+84,14
@@
fi
##### end command line parsing ########
##### end command line parsing ########
-
sudo
rm -f /etc/nginx/sites-enabled/default
+rm -f /etc/nginx/sites-enabled/default
if nginx -V |& grep -- '--with-http_v2_module\b' &>/dev/null; then
http2_arg=http2
fi
if nginx -V |& grep -- '--with-http_v2_module\b' &>/dev/null; then
http2_arg=http2
fi
-sudo dd of=/etc/nginx/sites-enabled/$h.conf <<EOF
+echo "$0: creating /etc/nginx/sites-enabled/$h.conf"
+cat >/etc/nginx/sites-enabled/$h.conf <<EOF
# ssecurty settings taken from
# https://mozilla.github.io/server-side-tls/ssl-config-generator/
# using modern config. last checked 2017/2/20
# ssecurty settings taken from
# https://mozilla.github.io/server-side-tls/ssl-config-generator/
# using modern config. last checked 2017/2/20
@@
-134,11
+135,11
@@
server {
#resolver <IP DNS resolver>;
EOF
if [[ $extra_settings ]]; then
#resolver <IP DNS resolver>;
EOF
if [[ $extra_settings ]]; then
- cat $extra_settings
| sudo tee -a
/etc/nginx/sites-enabled/$h.conf
+ cat $extra_settings
>>
/etc/nginx/sites-enabled/$h.conf
fi
if [[ $proxy_port ]]; then
fi
if [[ $proxy_port ]]; then
-
sudo tee -a
/etc/nginx/sites-enabled/$h.conf <<EOF
+
cat >>
/etc/nginx/sites-enabled/$h.conf <<EOF
location / {
proxy_set_header Host \$host;
proxy_set_header X-Real-IP \$remote_addr;
location / {
proxy_set_header Host \$host;
proxy_set_header X-Real-IP \$remote_addr;
@@
-151,9
+152,9
@@
EOF
fi
fi
-
sudo tee -a
/etc/nginx/sites-enabled/$h.conf <<EOF
+
cat >>
/etc/nginx/sites-enabled/$h.conf <<EOF
}
EOF
}
EOF
-
sudo
mkdir -p /var/www/$h/html
-
sudo
chown -R ian:ian /var/www/$h
-s
udo s
ervice nginx restart
+mkdir -p /var/www/$h/html
+chown -R ian:ian /var/www/$h
+service nginx restart