-
Notifications
You must be signed in to change notification settings - Fork 2
Expand file tree
/
Copy patha2conf
More file actions
executable file
·230 lines (192 loc) · 5.11 KB
/
a2conf
File metadata and controls
executable file
·230 lines (192 loc) · 5.11 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
#!/bin/bash
# auto create virtual config for apache2 from domains in webroot
# to use:
# - # mkdir /var/www/foobar.com
# - # echo "Hello World" >/var/www/foobar.com/index.html
# - # a2conf
# - the virtual conf to support foobar.com is built and apache reloaded
# - Insure foobar.com A record points to IP of the server
# - Access foobar.com with web browser
# - ...
# - Profit
# Special triggers:
# /var/www/foobar.pass - htpasswd style htdigest authentication
# /var/www/foobar.allow - list of IP addresses one per line, bypass pw auth
# /var/www/foobar.options - add "indexes" to allow auto indexes, etc
# this really has to be run as root
[ `whoami` != 'root' ] && exec sudo env PATH=$PATH $0
APACHE="apache2"
CONFDIR="/etc/apache2/sites-available"
ENABDIR="/etc/apache2/sites-enabled"
NOBODY="www-data"
if [ -f /etc/redhat-release ]
then
echo "REDHAT not currently supported"
exit 1
fi
if [ ! -f /etc/apache2/mods-enabled/ssl.conf ]
then
echo "APACHE2: Enabling SSL"
a2enmod ssl
fi
WEBROOT="/var/www"
DEFAULT="/var/www/html"
install-packages $APACHE certbot python3-certbot-apache php
[ ! -d "$WEBROOT" ] && echo ERROR: $WEBROOT not found && exit
[ ! -d "$CONFDIR" ] && echo ERROR: $CONFDIR not found && exit
if [ ! -d "$DEFAULT" ]
then
a2ensite 000-default.conf
else
a2dissite 000-default.conf
fi
cd $WEBROOT
# purely convenience mechanism (/www/domain.com = www.domain.com)
[ ! -h /www ] && ln -s $WEBROOT /www
MYIP=$(curl -s api.ipify.org)
ls -1 |while read DOMAIN
do
expr index "$DOMAIN" "." >/dev/null || continue
[ ! -d "$DOMAIN" ] && continue
DIP=$(dig +short $DOMAIN|head -1)
if [ -z "$DIP" ]
then
echo "ERROR: $DOMAIN cannot be resolved"
exit 1
fi
echo "### $DOMAIN ($DIP)"
if [ "$DIP" != "$MYIP" ]
then
echo "WARNING: $DOMAIN resolves to $DIP not $MYIP"
fi
done
####################### OLD
exit 0
cat <<---- >$CONFDIR/virtual.conf
#
# Created by webconf (http://github.com/stgnet/bin)
# Do not edit
#
ExtendedStatus on
#
# Default ($DEFAULT) - requests not matching a virtual host will go here
#NameVirtualHost *:80
#NameVirtualHost *:443
<VirtualHost *:80 *:443>
ServerAdmin root@$HOSTNAME
DocumentRoot $DEFAULT
# ServerName *
<Location /server-status>
SetHandler server-status
Order deny,allow
Allow from all
</Location>
</VirtualHost>
---
ls -1 |while read DOMAIN
do
expr index "$DOMAIN" "." >/dev/null || continue
[ ! -d "$DOMAIN" ] && continue
USER=`ls -ld $DOMAIN |cut -d ' ' -f 3`
[ "$USER" == "root" ] && USER="$NOBODY"
VIRTUAL=""
if [ -f /etc/httpd/conf.d/suphp.conf ]
then
VIRTUAL="
suPHP_Engine off
AddHandler php5-script .php
"
if [ "$USER" != "$NOBODY" ]
then
VIRTUAL="
suPHP_Engine on
suPHP_UserGroup $USER $USER
AddHandler x-httpd-php .php
suPHP_AddHandler x-httpd-php
"
fi
fi
DOCROOT="$PWD/$DOMAIN"
[ -h "$DOCROOT" ] && DOCROOT="`readlink -f $DOCROOT`"
if [[ $DOCROOT != *$PWD* ]]
then
[ -f /selinux/enforce -a `cat /selinux/enforce` != 0 ] && echo "WARNING: $DOCROOT is not in $PWD and SELINUX is enabled!!!"
fi
[ ! -d "$DOCROOT" ] && continue
echo "Creating virtual config for $DOMAIN => $DOCROOT"
[ -f $WEBROOT/$DOMAIN.virtual ] && VIRTUAL="$VIRTUAL`cat $WEBROOT/$DOMAIN.virtual`
"
DIRECTORY=""
for ERRORFILE in $DOCROOT/error[45][0-9][0-9].*
do
if [ -f "$ERRORFILE" ]
then
ERRORDOC="${ERRORFILE##*/}"
ERRORCODE="${ERRORDOC#error}"
ERRORCODE="${ERRORCODE%.*}"
DIRECTORY="$DIRECTORY ErrorDocument $ERRORCODE /$ERRORDOC
"
fi
done
if [ -f "$WEBROOT/$DOMAIN.pass" ]
then
if [ -f "$WEBROOT/$DOMAIN.allow" ]
then
cat $WEBROOT/$DOMAIN.allow | while read ALLOW
do
DIRECTORY="$DIRECTORY Allow from $ALLOW
"
done
fi
DIRECTORY="$DIRECTORY AuthType Basic
AuthName \"Restricted Area\"
AuthUserFile $WEBROOT/$DOMAIN.pass
Require valid-user
Satisfy any
"
fi
[ -f $WEBROOT/$DOMAIN.options ] && DIRECTORY="$DIRECTORY Options `cat $WEBROOT/$DOMAIN.options`
"
[ -f $WEBROOT/$DOMAIN.directives ] && DIRECTORY="$DIRECTORY `cat $WEBROOT/$DOMAIN.directives`
"
SSL=""
if [ ! -d /etc/letsencrypt/live/$DOMAIN ]
then
certbot certonly -v -n --webroot -w $DOCROOT -d $DOMAIN,www.$DOMAIN --agree-tos --email 'scott@stg.net' || echo "certbot failed"
fi
if [ -d /etc/letsencrypt/live/$DOMAIN ]
then
SSL="$SSL SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/$DOMAIN/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/$DOMAIN/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/$DOMAIN/chain.pem
"
fi
cat <<---- >>$CONFDIR/virtual.conf
#
# $DOMAIN => $DOCROOT
#
<VirtualHost *:80 *:443>
ServerName ${DOMAIN%%.*}
Redirect 301 / http://$DOMAIN
</VirtualHost>
<VirtualHost *:80 *:443>
ServerAdmin webmaster@$HOSTNAME
DocumentRoot $DOCROOT
ServerName $DOMAIN
ServerAlias www.$DOMAIN
ServerAlias www.$DOMAIN
$SSL
$VIRTUAL
<Directory $DOCROOT>
Order deny,allow
Allow from all
$DIRECTORY
</Directory>
</VirtualHost>
---
done
# cat <$CONFDIR/virtual.conf
## special restart sequence to insure restart finishes if run FROM httpd
#bash -c 'sleep 3;trap echo SIGTERM;service $APACHE stop;sleep 1;service $APACHE start || service $APACHE status >/dev/tty' >/dev/null &
apache2ctl configtest && systemctl restart $APACHE