log
This commit is contained in:
6543
parent
d9d135f1a6
commit
f781c70852
|
|
@ -0,0 +1 @@
|
|||
mailto:tyler@tyzoid.com
|
||||
|
|
@ -0,0 +1,21 @@
|
|||
<tyzoid> I've got a wrapper script around that, and I configured my apache management scripts to reverse proxy the acme-verification uris to letsencrypt-nosudo
|
||||
<maddl> do you have a repo of that?
|
||||
<tyzoid> should be https://github.com/diafygi/acme-nosudo
|
||||
<tyzoid> I don't have a repo of my scripts, no
|
||||
<tyzoid> I can throw them up on my site, though
|
||||
<maddl> this setup is old ... it is from the begining of letsencrypt and i sould already structure it new
|
||||
<tyzoid> lol, letsencrypt-nosudo (apparently now acme-nosudo) is a bit old too
|
||||
<tyzoid> maddl: Here's the wrapper script I use. https://dl.tyzoid.com/security/sign.sh
|
||||
<tyzoid> It's quickly hacked together, so a lot of the paths are hardcoded
|
||||
<maddl> thanks
|
||||
<tyzoid> maddl: Here's my apache mksite script: https://dl.tyzoid.com/security/mksite.sh
|
||||
<tyzoid> Might need some adaptation, since you use nginx
|
||||
<tyzoid> but the workflow for me is `$ mksite <domain>`, `$ sign <domain>` `$ vim <domainconfig>`
|
||||
<maddl> your scripts are more for inspiration than to copy-paste it
|
||||
<tyzoid> :)
|
||||
<tyzoid> That last step is me just uncommenting all the commented out lines in the domain config
|
||||
<maddl> perhaps ill make a more general setup and publish it on github ...
|
||||
<tyzoid> Go for it!
|
||||
<maddl> we will se
|
||||
<tyzoid> If you do, just be sure to credit my stuff if you use it. I release pretty much all my stuff as MIT
|
||||
|
||||
|
|
@ -0,0 +1,67 @@
|
|||
#!/bin/bash
|
||||
set -e;
|
||||
domain=$1;
|
||||
echo "Creating local site $domain";
|
||||
|
||||
mkdir -p "/var/log/apache2/$domain";
|
||||
sudo mkdir -p "/var/www/$domain/web";
|
||||
|
||||
cat > /etc/apache2/sites-enabled/$domain.conf <<_EOF_
|
||||
<VirtualHost *:80>
|
||||
ServerAdmin webmaster@localhost
|
||||
ServerName $domain
|
||||
|
||||
ProxyPass /.well-known/acme-challenge/ http://127.0.0.1:8082/.well-known/acme-challenge/
|
||||
|
||||
# RewriteEngine On
|
||||
#
|
||||
# RewriteCond %{REQUEST_URI} !^/\.well-known/acme-challenge.*
|
||||
# RewriteRule ^(.*)$ https://%{HTTP_HOST} [R=301,L]
|
||||
|
||||
|
||||
DocumentRoot /var/www/$domain/web
|
||||
<Directory /var/www/$domain/web>
|
||||
Options Indexes FollowSymLinks MultiViews
|
||||
AllowOverride All
|
||||
Order allow,deny
|
||||
allow from all
|
||||
</Directory>
|
||||
|
||||
ErrorLog /var/log/apache2/$domain/error.log
|
||||
|
||||
# Possible values include: debug, info, notice, warn, error, crit,
|
||||
# alert, emerg.
|
||||
LogLevel warn
|
||||
|
||||
CustomLog /var/log/apache2/$domain/access.log combined
|
||||
</VirtualHost>
|
||||
#<VirtualHost *:443>
|
||||
# ServerAdmin webmaster@localhost
|
||||
# ServerName $domain
|
||||
#
|
||||
# DocumentRoot /var/www/$domain/web
|
||||
# <Directory /var/www/$domain/web>
|
||||
# Options Indexes FollowSymLinks MultiViews
|
||||
# AllowOverride All
|
||||
# Order allow,deny
|
||||
# allow from all
|
||||
# </Directory>
|
||||
#
|
||||
# ErrorLog /var/log/apache2/$domain/error.log
|
||||
#
|
||||
# # Possible values include: debug, info, notice, warn, error, crit,
|
||||
# # alert, emerg.
|
||||
# LogLevel warn
|
||||
#
|
||||
# Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains"
|
||||
#
|
||||
# CustomLog /var/log/apache2/$domain/access.log combined
|
||||
#
|
||||
# SSLEngine on
|
||||
# SSLCertificateFile /etc/apache2/ssl/$domain/$domain.crt
|
||||
# SSLCertificateKeyFile /etc/apache2/ssl/$domain/$domain.key
|
||||
# SSLCertificateChainFile /etc/apache2/ssl/$domain/lets-encrypt-x3-cross-signed.pem
|
||||
#</VirtualHost>
|
||||
_EOF_
|
||||
|
||||
echo "Site set up, just restart apache when you are ready to initialize";
|
||||
|
|
@ -0,0 +1,48 @@
|
|||
#!/bin/bash
|
||||
|
||||
if [ ! -d "$1" ]; then
|
||||
mkdir "$1";
|
||||
openssl genrsa -out "$1/$1".key 4096
|
||||
openssl req -new -sha256 -key "$1/$1".key -out "$1/$1".csr
|
||||
fi
|
||||
|
||||
rm -vf testfifo;
|
||||
mkfifo testfifo;
|
||||
nl=0;
|
||||
nsign=0;
|
||||
while read line; do
|
||||
echo "$((nl+=1)): $line" >&2;
|
||||
|
||||
if grep -o 'openssl dgst -sha256 -sign user.key -out' &>/dev/null <<< "$line"; then
|
||||
$line;
|
||||
nsign=$((nsign+1));
|
||||
if [ $nsign -gt 2 ]; then
|
||||
echo
|
||||
fi
|
||||
fi
|
||||
|
||||
if grep -o 'sudo python -c "import BaseHTTPServer;' &>/dev/null <<< "$line"; then
|
||||
#service apache2 stop >&2
|
||||
python -c "$(cut -f2 -d'"' <<< "$line" | sed "s/'0.0.0.0', 80/'127.0.0.1', 8082/")" &
|
||||
echo
|
||||
sleep 5;
|
||||
kill -9 $! &>/dev/null
|
||||
sleep 2
|
||||
#service apache2 start >&2
|
||||
fi
|
||||
done < testfifo| python letsencrypt-nosudo/sign_csr.py -e '<<YOUR EMAIL/LETSENCRYPT USER HERE>>' -p user.pub "$1/$1.csr" 2>testfifo >"$1/$1.crt"
|
||||
|
||||
rm -vf testfifo
|
||||
|
||||
sudo mkdir -p "/etc/apache2/ssl/$1/"
|
||||
|
||||
if [ -f "$1/$1.key" ]; then
|
||||
sudo mv "$1/$1.key" "/etc/apache2/ssl/$1/$1.key" -v
|
||||
sudo cp lets-encrypt-x3-cross-signed.pem "/etc/apache2/ssl/$1/" -v
|
||||
fi
|
||||
|
||||
if [ -s "$1/$1.crt" ]; then
|
||||
sudo mv "$1/$1.crt" "/etc/apache2/ssl/$1/$1.crt" -v
|
||||
else
|
||||
rm -v "$1/$1.crt";
|
||||
fi
|
||||
Loading…
Reference in New Issue