aboutsummaryrefslogtreecommitdiff
path: root/create_apache_conf.sh
blob: 28c7769e53012f8e34eda8f82317c5e6a5eeaf00 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96

usage () {
 echo "You must set a $1 !"
 echo "Usage:"
 echo "    create_apache_conf.sh <user>"
 exit 0
}

if [ -z $1 ]; then
 usage "USER"
fi


USER=$1

cat > /etc/apache2/sites-available/$USER.kresus.neodarz.net.conf << EOF
<VirtualHost *:80>
    ServerName  $USER.kresus.neodarz.net
    ServerAdmin me@example.net

    #Alias /.well-known/acme-challenge /tmp/.well-known/acme-challenge

    <Directory /tmp/.well-known/acme-challenge>
        Options None
        AllowOverride None

        Require all granted
        AddDefaultCharset off

        AuthType None
        Satisfy any
    </Directory>

    Redirect permanent / https://$USER.kresus.neodarz.net/

    ErrorLog  /home/website/kresus-gen/logs/error.log
    CustomLog /home/website/kresus-gen/logs/access.log combined
</VirtualHost>
EOF

cat > /etc/apache2/sites-available/$USER.kresus.neodarz.net-le-ssl.conf << EOF
<IfModule mod_ssl.c>
    <VirtualHost *:443>
        ServerName  $USER.kresus.neodarz.net
        ServerAdmin me@example.net

        ProxyPass        "/" "http://127.0.0.1:9876/"
        ProxyPassReverse "/" "http://127.0.0.1:9876/"

        Alias /.well-known/acme-challenge /tmp/.well-known/acme-challenge

        <Directory /tmp/.well-known/acme-challenge>
            Options None
            AllowOverride None

            Require all granted
            AddDefaultCharset off

            AuthType None
            Satisfy any
        </Directory>

        <Location />
            AuthUserFile  /home/website/kresus-gen/$USER.kresus.neodarz.net/.htpasswd
            AuthName      "Authentification"
            AuthType      Basic
            Require       valid-user
        </Location>

        SSLEngine on

        SSLCertificateKeyFile /etc/letsencrypt/live/$USER.kresus.neodarz.net/privkey.pem
        SSLCertificateFile    /etc/letsencrypt/live/$USER.kresus.neodarz.net/fullchain.pem

        Header always set Strict-Transport-Security "max-age=15768000"

        <FilesMatch "\.(cgi|shtml|phtml|php)$">
            SSLOptions +StdEnvVars
        </FilesMatch>
        <Directory /usr/lib/cgi-bin>
            SSLOptions +StdEnvVars
        </Directory>

        ErrorLog  /home/website/kresus-gen/logs/error.log
        CustomLog /home/website/kresus-gen/logs/access.log combined
    </VirtualHost>
</IfModule>

# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
EOF

certbot --apache -d $USER.kresus.neodarz.net

a2ensite $USER.kresus.neodarz.net
systemctl reload apache2
generated by cgit v1.2.1 (git 2.18.0) at 2024-05-02 11:55:53 +0000