DrizzlyOwl/tls-enable.sh

## tls-enable.sh
#! /bin/bash
#
# A quick bash script to make it easier for non tech-savvy folks
# to set up TLS for a Virtual Host
#
# @author  Ash Davies <a.davies@mixd.co.uk>
# @version 1.0.0
#

asksure() {
    echo -n "Are you sure (Y/N)? "

    while read -r -n 1 -s answer; do
    if [[ $answer = [YyNn] ]]; then
        [[ $answer = [Yy] ]] && retval=0
        [[ $answer = [Nn] ]] && retval=1
        break
    fi
    done
    echo # just a final linefeed, optics...

    return $retval
}

# Set vars
ENABLED_CWD=/etc/apache2/sites-enabled/
AVAILABLE_CWD=/etc/apache2/sites-available/
KEY_DIR=/etc/apache2/private/
CRT_DIR=/etc/apache2/certs/

if [ $USER != 'your-chosen-user' ]; then
     echo "This script can only be run by the 'your-chosen-user' user. Exiting"
     exit 0
else
    echo
    echo "This script will enable TLS support for an existing site!"
    echo
    echo "Before running this script, please make sure you have copied"
    echo "the CA, CRT and KEY files into $HOME/ in the following format:"
    echo "> \$domain.ca.txt"
    echo "> \$domain.crt.txt"
    echo "> \$domain.key.txt"
    echo
    echo "Note: This will only allow support for TLS1.2+"
    echo
    echo "Please enter the domain name of the site you wish to enable TLS for"
    read domain

    FILE="$HOME/$domain-ssl.conf"

    echo
    echo "You've chosen '$domain'."
    echo

    if asksure; then
        echo
        echo "Looking for existing vhost '$domain' now..."

        # Test if there is a live site with a matching domain
        ls $ENABLED_CWD | grep -w "$domain.conf" &> /dev/null;
        if [ "$?" = "0" ]; then
            echo
            echo "Existing vhost found. Backing up config"
            sudo cp $AVAILABLE_CWD$domain.conf $AVAILABLE_CWD$domain.conf.backup

            # Basic test to see if there are some kind of valid TLS files present
            KEY="$domain.key"
            CA="$domain.ca"
            CRT="$domain.crt"
            numLines=$(ls $HOME | awk "/$KEY/ || /$CRT/ || /$CA/" | wc -l);

            if [ "$numLines" = "3" ]; then
                echo
                echo "Creating TLS prose"
                echo "
                <VirtualHost *:443>
                    SSLEngine on
                    SSLCertificateFile \"$CRT_DIR$CRT.pem\"
                    SSLCertificateKeyFile \"$KEY_DIR$KEY.pem\"
                    SSLCertificateChainFile \"$CRT_DIR$CA.pem\"
                    Include $AVAILABLE_CWD$domain-include.conf
                </VirtualHost>" > $FILE

                echo
                echo "Extracting existing vhost config"
                sudo cp $AVAILABLE_CWD$domain.conf $HOME/$domain-include.conf
                sed -i -- "s/<\/VirtualHost>//g" $HOME/$domain-include.conf
                sed -i -- "s/^<VirtualHost[ ]\*:80>//g" $HOME/$domain-include.conf
                echo "
                <VirtualHost *:80>
                    Include $AVAILABLE_CWD$domain-include.conf
                </VirtualHost>" > $HOME/$domain.conf

                echo
                echo "Copying TLS files to the right place"
                sudo cp $HOME/$KEY.txt $KEY_DIR$KEY.pem
                sudo cp $HOME/$CRT.txt $CRT_DIR$CRT.pem
                sudo cp $HOME/$CA.txt $CRT_DIR$CA.pem

                echo
                echo "Setting permissions"
                sudo chown root:root $KEY_DIR$KEY.pem $CRT_DIR$CRT.pem $CRT_DIR$CA.pem
                sudo chmod 600 $KEY_DIR$KEY.pem
                sudo chmod 644 $CRT_DIR$CRT.pem $CRT_DIR$CA.pem

                echo
                echo "Magically moving files into $AVAILABLE_CWD so you dont have to..."
                sudo mv $FILE $AVAILABLE_CWD
                sudo mv $HOME/$domain.conf $AVAILABLE_CWD
                sudo mv $HOME/$domain-include.conf $AVAILABLE_CWD

                echo
                echo "Activating new config"
                sudo a2ensite $domain-ssl.conf > /dev/null

                ok=$(sudo apachectl configtest 2>&1);
                if [ "$ok" = "Syntax OK" ]; then
                    echo
                    echo "Reloading apache"
                    sudo service apache2 reload
                    echo
                    exit 0
                else
                    echo
                    echo "Unexpected error with Apache syntax. Trashing changes. Please try again"
                    sudo rm $AVAILABLE_CWD$domain-ssl.conf
                    sudo rm $AVAILABLE_CWD$domain-include.conf
                    sudo mv $AVAILABLE_CWD$domain.conf.backup $AVAILABLE_CWD$domain.conf
                    echo
                    echo "Apache error:"
                    echo $ok
                    echo
                    exit 1
                fi
            else
                echo
                echo "Can't find the following files, please make sure all 3 exist"
                echo "> $KEY"
                echo "> $CRT"
                echo "> $CA"
                echo
                exit 1;
            fi
        else
            echo
            echo "Can't find existing vhost. Maybe a mispelling?"
            echo
            exit 1
        fi

        exit 1
    else
        exit 0
    fi
fi
	#! /bin/bash
	#
	# A quick bash script to make it easier for non tech-savvy folks
	# to set up TLS for a Virtual Host
	#
	# @author Ash Davies <a.davies@mixd.co.uk>
	# @version 1.0.0
	#

	asksure() {
	echo -n "Are you sure (Y/N)? "

	while read -r -n 1 -s answer; do
	if [[ $answer = [YyNn] ]]; then
	[[ $answer = [Yy] ]] && retval=0
	[[ $answer = [Nn] ]] && retval=1
	break
	fi
	done
	echo # just a final linefeed, optics...

	return $retval
	}

	# Set vars
	ENABLED_CWD=/etc/apache2/sites-enabled/
	AVAILABLE_CWD=/etc/apache2/sites-available/
	KEY_DIR=/etc/apache2/private/
	CRT_DIR=/etc/apache2/certs/

	if [ $USER != 'your-chosen-user' ]; then
	echo "This script can only be run by the 'your-chosen-user' user. Exiting"
	exit 0
	else
	echo
	echo "This script will enable TLS support for an existing site!"
	echo
	echo "Before running this script, please make sure you have copied"
	echo "the CA, CRT and KEY files into $HOME/ in the following format:"
	echo "> \$domain.ca.txt"
	echo "> \$domain.crt.txt"
	echo "> \$domain.key.txt"
	echo
	echo "Note: This will only allow support for TLS1.2+"
	echo
	echo "Please enter the domain name of the site you wish to enable TLS for"
	read domain

	FILE="$HOME/$domain-ssl.conf"

	echo
	echo "You've chosen '$domain'."
	echo

	if asksure; then
	echo
	echo "Looking for existing vhost '$domain' now..."

	# Test if there is a live site with a matching domain
	ls $ENABLED_CWD \| grep -w "$domain.conf" &> /dev/null;
	if [ "$?" = "0" ]; then
	echo
	echo "Existing vhost found. Backing up config"
	sudo cp $AVAILABLE_CWD$domain.conf $AVAILABLE_CWD$domain.conf.backup

	# Basic test to see if there are some kind of valid TLS files present
	KEY="$domain.key"
	CA="$domain.ca"
	CRT="$domain.crt"
	numLines=$(ls $HOME \| awk "/$KEY/ \|\| /$CRT/ \|\| /$CA/" \| wc -l);

	if [ "$numLines" = "3" ]; then
	echo
	echo "Creating TLS prose"
	echo "
	<VirtualHost *:443>
	SSLEngine on
	SSLCertificateFile \"$CRT_DIR$CRT.pem\"
	SSLCertificateKeyFile \"$KEY_DIR$KEY.pem\"
	SSLCertificateChainFile \"$CRT_DIR$CA.pem\"
	Include $AVAILABLE_CWD$domain-include.conf
	</VirtualHost>" > $FILE

	echo
	echo "Extracting existing vhost config"
	sudo cp $AVAILABLE_CWD$domain.conf $HOME/$domain-include.conf
	sed -i -- "s/<\/VirtualHost>//g" $HOME/$domain-include.conf
	sed -i -- "s/^<VirtualHost[ ]\*:80>//g" $HOME/$domain-include.conf
	echo "
	<VirtualHost *:80>
	Include $AVAILABLE_CWD$domain-include.conf
	</VirtualHost>" > $HOME/$domain.conf

	echo
	echo "Copying TLS files to the right place"
	sudo cp $HOME/$KEY.txt $KEY_DIR$KEY.pem
	sudo cp $HOME/$CRT.txt $CRT_DIR$CRT.pem
	sudo cp $HOME/$CA.txt $CRT_DIR$CA.pem

	echo
	echo "Setting permissions"
	sudo chown root:root $KEY_DIR$KEY.pem $CRT_DIR$CRT.pem $CRT_DIR$CA.pem
	sudo chmod 600 $KEY_DIR$KEY.pem
	sudo chmod 644 $CRT_DIR$CRT.pem $CRT_DIR$CA.pem

	echo
	echo "Magically moving files into $AVAILABLE_CWD so you dont have to..."
	sudo mv $FILE $AVAILABLE_CWD
	sudo mv $HOME/$domain.conf $AVAILABLE_CWD
	sudo mv $HOME/$domain-include.conf $AVAILABLE_CWD

	echo
	echo "Activating new config"
	sudo a2ensite $domain-ssl.conf > /dev/null

	ok=$(sudo apachectl configtest 2>&1);
	if [ "$ok" = "Syntax OK" ]; then
	echo
	echo "Reloading apache"
	sudo service apache2 reload
	echo
	exit 0
	else
	echo
	echo "Unexpected error with Apache syntax. Trashing changes. Please try again"
	sudo rm $AVAILABLE_CWD$domain-ssl.conf
	sudo rm $AVAILABLE_CWD$domain-include.conf
	sudo mv $AVAILABLE_CWD$domain.conf.backup $AVAILABLE_CWD$domain.conf
	echo
	echo "Apache error:"
	echo $ok
	echo
	exit 1
	fi
	else
	echo
	echo "Can't find the following files, please make sure all 3 exist"
	echo "> $KEY"
	echo "> $CRT"
	echo "> $CA"
	echo
	exit 1;
	fi
	else
	echo
	echo "Can't find existing vhost. Maybe a mispelling?"
	echo
	exit 1
	fi

	exit 1
	else
	exit 0
	fi
	fi