--- /dev/null
+#! /usr/bin/php
+<?php
+
+# Verify filename
+if (count($argv) != 2) {
+ echo 'Usage: genconfig /etc/acmepl/config'."\n";
+ exit(1);
+}
+
+# Directory do not exists
+if (!is_dir(dirname($argv[1]))) {
+ echo 'Directory '.dirname($argv[1]).' do not exists'."\n";
+ exit(1);
+}
+
+# Directory do not exists
+if (file_exists($argv[1]) && !in_array(filetype($argv[1]), array('file','link'))) {
+ echo 'File '.$argv[1].' exists and is not a file'."\n";
+ exit(1);
+}
+
+# Symlink target do not exists
+if (is_link($argv[1]) && !file_exists($argv[1])) {
+ # Read final link
+ $target = $argv[1];
+ # Extract last link
+ do {
+ # Update to next link
+ $target = readlink($target);
+ } while (is_link($target));
+ echo 'Symlink '.$argv[1].' target '.$target.' do not exists'."\n";
+ exit(1);
+}
+
+# Not writable
+if (
+ (is_file($argv[1]) && !is_writable($argv[1])) ||
+ (!file_exists($argv[1]) && !is_writable(dirname($argv[1])))
+) {
+ echo 'Unable to open '.$argv[1].' for writing'."\n";
+ exit(1);
+}
+
+// Generate config
+$config = json_encode(
+ // Root array
+ array(
+ // Certificate object
+ array(
+ // Public cert
+ //XXX: required
+ 'cert' => '/etc/pki/tls/certs/httpd.pem',
+ // Private key
+ //XXX: required
+ 'key' => '/etc/pki/tls/private/httpd.pem',
+ // Mail address
+ //XXX: required
+ 'mail' => 'example@example.com',
+ // Domain list
+ //XXX: required
+ 'domains' => array(
+ 'www.example.com',
+ 'example.com'
+ ),
+ // Production certificate
+ //XXX: optional
+ //XXX: set to 1 for production
+ 'prod' => 0
+ ),
+ // Other certificate
+ array(
+ 'cert' => '/etc/ssl/certs/apache.crt',
+ 'key' => '/etc/ssl/private/apache.key',
+ 'mail' => 'example@example.com',
+ 'domains' => array(
+ 'other.example.com',
+ 'example.com'
+ ),
+ 'prod' => 0
+ ),
+ #...
+ )
+);
+
+# Send to stdout
+if ($argv[1] == '-') {
+ echo $config;
+# Save to file
+} else {
+ file_put_contents($argv[1], $config);
+}
--- /dev/null
+# Acme configuration
+<Directory /var/www/acme>
+ # Ignore htaccess
+ AllowOverride None
+
+ # Allow follow symlinks (required by php or rewrite)
+ Options FollowSymLinks
+
+ # Allow from all
+ Require all granted
+</Directory>
+
+<IfModule rewrite_module>
+ # Start rewrite engine
+ RewriteEngine on
+
+ # Only if https is disabled
+ RewriteCond %{HTTPS} off
+
+ # Rewrite acme uri on php script
+ RewriteRule /\.well\-known/acme\-challenge/([-_a-zA-Z0-9]+) /var/www/acme/acme-challenge.php?key=$1 [L]
+</IfModule>
--- /dev/null
+# Virtual host configuration
+<VirtualHost *:80>
+ # Set server name
+ ServerName example.com
+
+ # If rewrite module is available (or <IfModule mod_rewrite.c>)
+ <IfModule rewrite_module>
+ # Start rewrite engine
+ RewriteEngine on
+
+ # Inherit acme.conf rules
+ RewriteOptions InheritBefore
+
+ # Force redirection on https version
+ ## Only if https is disabled
+ ##RewriteCond %{HTTPS} off
+ ## Rewrite acme uri on php script
+ ##RewriteRule (/.*) https://%{SERVER_NAME}$1 [R=301,L]
+ </IfModule>
+</VirtualHost>
Rapsys Git / acme / commitdiff