From d86f129bc005638214a307ed7247f471a8b8db59 Mon Sep 17 00:00:00 2001
From: =?utf8?q?Rapha=C3=ABl=20Gertz?= <git@rapsys.eu>
Date: Thu, 29 Sep 2016 14:48:22 +0200
Subject: [PATCH] Final bin files Add missing ignore Add configuration script

---
 .gitignore           |  2 +
 gencert => letscert  |  0
 letsconf             | 91 ++++++++++++++++++++++++++++++++++++++++++++
 www/acme.conf        | 22 +++++++++++
 www/example.com.conf | 20 ++++++++++
 5 files changed, 135 insertions(+)
 rename gencert => letscert (100%)
 create mode 100755 letsconf
 create mode 100644 www/acme.conf
 create mode 100644 www/example.com.conf

diff --git a/.gitignore b/.gitignore
index d5a36f6..9d90f66 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,3 +1,5 @@
 cert
 key
 pending
+.*~
+*~
diff --git a/gencert b/letscert
similarity index 100%
rename from gencert
rename to letscert
diff --git a/letsconf b/letsconf
new file mode 100755
index 0000000..9f3d9f1
--- /dev/null
+++ b/letsconf
@@ -0,0 +1,91 @@
+#! /usr/bin/php
+<?php
+
+# Verify filename
+if (count($argv) != 2) {
+	echo 'Usage: genconfig /etc/acmepl/config'."\n";
+	exit(1);
+}
+
+# Directory do not exists
+if (!is_dir(dirname($argv[1]))) {
+	echo 'Directory '.dirname($argv[1]).' do not exists'."\n";
+	exit(1);
+}
+
+# Directory do not exists
+if (file_exists($argv[1]) && !in_array(filetype($argv[1]), array('file','link'))) {
+	echo 'File '.$argv[1].' exists and is not a file'."\n";
+	exit(1);
+}
+
+# Symlink target do not exists
+if (is_link($argv[1]) && !file_exists($argv[1])) {
+	# Read final link
+	$target = $argv[1];
+	# Extract last link
+	do {
+		# Update to next link
+		$target = readlink($target);
+	} while (is_link($target));
+	echo 'Symlink '.$argv[1].' target '.$target.' do not exists'."\n";
+	exit(1);
+}
+
+# Not writable
+if (
+	(is_file($argv[1]) && !is_writable($argv[1])) ||
+	(!file_exists($argv[1]) && !is_writable(dirname($argv[1])))
+) {
+	echo 'Unable to open '.$argv[1].' for writing'."\n";
+	exit(1);
+}
+
+// Generate config
+$config = json_encode(
+	// Root array
+	array(
+		// Certificate object
+		array(
+			// Public cert
+			//XXX: required
+			'cert' => '/etc/pki/tls/certs/httpd.pem',
+			// Private key
+			//XXX: required
+			'key' => '/etc/pki/tls/private/httpd.pem',
+			// Mail address
+			//XXX: required
+			'mail' => 'example@example.com',
+			// Domain list
+			//XXX: required
+			'domains' => array(
+				'www.example.com',
+				'example.com'
+			),
+			// Production certificate
+			//XXX: optional
+			//XXX: set to 1 for production
+			'prod' => 0
+		),
+		// Other certificate
+		array(
+			'cert' => '/etc/ssl/certs/apache.crt',
+			'key' => '/etc/ssl/private/apache.key',
+			'mail' => 'example@example.com',
+			'domains' => array(
+				'other.example.com',
+				'example.com'
+			),
+			'prod' => 0
+		),
+		#...
+	)
+);
+
+# Send to stdout
+if ($argv[1] == '-') {
+	echo $config;
+# Save to file
+} else {
+	file_put_contents($argv[1], $config);
+}
diff --git a/www/acme.conf b/www/acme.conf
new file mode 100644
index 0000000..fbb7772
--- /dev/null
+++ b/www/acme.conf
@@ -0,0 +1,22 @@
+# Acme configuration
+<Directory /var/www/acme>
+	# Ignore htaccess
+	AllowOverride None
+
+	# Allow follow symlinks (required by php or rewrite)
+	Options FollowSymLinks
+
+	# Allow from all
+	Require all granted
+</Directory>
+
+<IfModule rewrite_module>
+	# Start rewrite engine
+	RewriteEngine on
+
+	# Only if https is disabled
+	RewriteCond %{HTTPS} off
+
+	# Rewrite acme uri on php script
+	RewriteRule /\.well\-known/acme\-challenge/([-_a-zA-Z0-9]+) /var/www/acme/acme-challenge.php?key=$1 [L]
+</IfModule>
diff --git a/www/example.com.conf b/www/example.com.conf
new file mode 100644
index 0000000..ce8747b
--- /dev/null
+++ b/www/example.com.conf
@@ -0,0 +1,20 @@
+# Virtual host configuration
+<VirtualHost *:80>
+	# Set server name
+	ServerName example.com
+
+	# If rewrite module is available (or <IfModule mod_rewrite.c>)
+	<IfModule rewrite_module>
+		# Start rewrite engine
+		RewriteEngine on
+
+		# Inherit acme.conf rules
+		RewriteOptions InheritBefore
+
+		# Force redirection on https version
+		## Only if https is disabled
+		##RewriteCond %{HTTPS} off
+		## Rewrite acme uri on php script
+		##RewriteRule (/.*) https://%{SERVER_NAME}$1 [R=301,L]
+	</IfModule>
+</VirtualHost>
-- 
2.41.0