Final bin files
authorRaphaël Gertz <git@rapsys.eu>
Thu, 29 Sep 2016 12:48:22 +0000 (14:48 +0200)
committerRaphaël Gertz <git@rapsys.eu>
Thu, 29 Sep 2016 12:48:22 +0000 (14:48 +0200)
Add missing ignore
Add configuration script

.gitignore
letscert [moved from gencert with 100% similarity]
letsconf [new file with mode: 0755]
www/acme.conf [new file with mode: 0644]
www/example.com.conf [new file with mode: 0644]

index d5a36f6..9d90f66 100644 (file)
@@ -1,3 +1,5 @@
 cert
 key
 pending
+.*~
+*~
similarity index 100%
rename from gencert
rename to letscert
diff --git a/letsconf b/letsconf
new file mode 100755 (executable)
index 0000000..9f3d9f1
--- /dev/null
+++ b/letsconf
@@ -0,0 +1,91 @@
+#! /usr/bin/php
+<?php
+
+# Verify filename
+if (count($argv) != 2) {
+       echo 'Usage: genconfig /etc/acmepl/config'."\n";
+       exit(1);
+}
+
+# Directory do not exists
+if (!is_dir(dirname($argv[1]))) {
+       echo 'Directory '.dirname($argv[1]).' do not exists'."\n";
+       exit(1);
+}
+
+# Directory do not exists
+if (file_exists($argv[1]) && !in_array(filetype($argv[1]), array('file','link'))) {
+       echo 'File '.$argv[1].' exists and is not a file'."\n";
+       exit(1);
+}
+
+# Symlink target do not exists
+if (is_link($argv[1]) && !file_exists($argv[1])) {
+       # Read final link
+       $target = $argv[1];
+       # Extract last link
+       do {
+               # Update to next link
+               $target = readlink($target);
+       } while (is_link($target));
+       echo 'Symlink '.$argv[1].' target '.$target.' do not exists'."\n";
+       exit(1);
+}
+
+# Not writable
+if (
+       (is_file($argv[1]) && !is_writable($argv[1])) ||
+       (!file_exists($argv[1]) && !is_writable(dirname($argv[1])))
+) {
+       echo 'Unable to open '.$argv[1].' for writing'."\n";
+       exit(1);
+}
+
+// Generate config
+$config = json_encode(
+       // Root array
+       array(
+               // Certificate object
+               array(
+                       // Public cert
+                       //XXX: required
+                       'cert' => '/etc/pki/tls/certs/httpd.pem',
+                       // Private key
+                       //XXX: required
+                       'key' => '/etc/pki/tls/private/httpd.pem',
+                       // Mail address
+                       //XXX: required
+                       'mail' => 'example@example.com',
+                       // Domain list
+                       //XXX: required
+                       'domains' => array(
+                               'www.example.com',
+                               'example.com'
+                       ),
+                       // Production certificate
+                       //XXX: optional
+                       //XXX: set to 1 for production
+                       'prod' => 0
+               ),
+               // Other certificate
+               array(
+                       'cert' => '/etc/ssl/certs/apache.crt',
+                       'key' => '/etc/ssl/private/apache.key',
+                       'mail' => 'example@example.com',
+                       'domains' => array(
+                               'other.example.com',
+                               'example.com'
+                       ),
+                       'prod' => 0
+               ),
+               #...
+       )
+);
+
+# Send to stdout
+if ($argv[1] == '-') {
+       echo $config;
+# Save to file
+} else {
+       file_put_contents($argv[1], $config);
+}
diff --git a/www/acme.conf b/www/acme.conf
new file mode 100644 (file)
index 0000000..fbb7772
--- /dev/null
@@ -0,0 +1,22 @@
+# Acme configuration
+<Directory /var/www/acme>
+       # Ignore htaccess
+       AllowOverride None
+
+       # Allow follow symlinks (required by php or rewrite)
+       Options FollowSymLinks
+
+       # Allow from all
+       Require all granted
+</Directory>
+
+<IfModule rewrite_module>
+       # Start rewrite engine
+       RewriteEngine on
+
+       # Only if https is disabled
+       RewriteCond %{HTTPS} off
+
+       # Rewrite acme uri on php script
+       RewriteRule /\.well\-known/acme\-challenge/([-_a-zA-Z0-9]+) /var/www/acme/acme-challenge.php?key=$1 [L]
+</IfModule>
diff --git a/www/example.com.conf b/www/example.com.conf
new file mode 100644 (file)
index 0000000..ce8747b
--- /dev/null
@@ -0,0 +1,20 @@
+# Virtual host configuration
+<VirtualHost *:80>
+       # Set server name
+       ServerName example.com
+
+       # If rewrite module is available (or <IfModule mod_rewrite.c>)
+       <IfModule rewrite_module>
+               # Start rewrite engine
+               RewriteEngine on
+
+               # Inherit acme.conf rules
+               RewriteOptions InheritBefore
+
+               # Force redirection on https version
+               ## Only if https is disabled
+               ##RewriteCond %{HTTPS} off
+               ## Rewrite acme uri on php script
+               ##RewriteRule (/.*) https://%{SERVER_NAME}$1 [R=301,L]
+       </IfModule>
+</VirtualHost>