Created
May 5, 2020 15:55
-
-
Save DrizzlyOwl/58c08bc3c8ce1e93ae6c8934a3a24537 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#! /bin/bash | |
# | |
# A quick bash script to make it easier for non tech-savvy folks | |
# to set up TLS for a Virtual Host | |
# | |
# @author Ash Davies <a.davies@mixd.co.uk> | |
# @version 1.0.0 | |
# | |
asksure() { | |
echo -n "Are you sure (Y/N)? " | |
while read -r -n 1 -s answer; do | |
if [[ $answer = [YyNn] ]]; then | |
[[ $answer = [Yy] ]] && retval=0 | |
[[ $answer = [Nn] ]] && retval=1 | |
break | |
fi | |
done | |
echo # just a final linefeed, optics... | |
return $retval | |
} | |
# Set vars | |
ENABLED_CWD=/etc/apache2/sites-enabled/ | |
AVAILABLE_CWD=/etc/apache2/sites-available/ | |
KEY_DIR=/etc/apache2/private/ | |
CRT_DIR=/etc/apache2/certs/ | |
if [ $USER != 'your-chosen-user' ]; then | |
echo "This script can only be run by the 'your-chosen-user' user. Exiting" | |
exit 0 | |
else | |
echo | |
echo "This script will enable TLS support for an existing site!" | |
echo | |
echo "Before running this script, please make sure you have copied" | |
echo "the CA, CRT and KEY files into $HOME/ in the following format:" | |
echo "> \$domain.ca.txt" | |
echo "> \$domain.crt.txt" | |
echo "> \$domain.key.txt" | |
echo | |
echo "Note: This will only allow support for TLS1.2+" | |
echo | |
echo "Please enter the domain name of the site you wish to enable TLS for" | |
read domain | |
FILE="$HOME/$domain-ssl.conf" | |
echo | |
echo "You've chosen '$domain'." | |
echo | |
if asksure; then | |
echo | |
echo "Looking for existing vhost '$domain' now..." | |
# Test if there is a live site with a matching domain | |
ls $ENABLED_CWD | grep -w "$domain.conf" &> /dev/null; | |
if [ "$?" = "0" ]; then | |
echo | |
echo "Existing vhost found. Backing up config" | |
sudo cp $AVAILABLE_CWD$domain.conf $AVAILABLE_CWD$domain.conf.backup | |
# Basic test to see if there are some kind of valid TLS files present | |
KEY="$domain.key" | |
CA="$domain.ca" | |
CRT="$domain.crt" | |
numLines=$(ls $HOME | awk "/$KEY/ || /$CRT/ || /$CA/" | wc -l); | |
if [ "$numLines" = "3" ]; then | |
echo | |
echo "Creating TLS prose" | |
echo " | |
<VirtualHost *:443> | |
SSLEngine on | |
SSLCertificateFile \"$CRT_DIR$CRT.pem\" | |
SSLCertificateKeyFile \"$KEY_DIR$KEY.pem\" | |
SSLCertificateChainFile \"$CRT_DIR$CA.pem\" | |
Include $AVAILABLE_CWD$domain-include.conf | |
</VirtualHost>" > $FILE | |
echo | |
echo "Extracting existing vhost config" | |
sudo cp $AVAILABLE_CWD$domain.conf $HOME/$domain-include.conf | |
sed -i -- "s/<\/VirtualHost>//g" $HOME/$domain-include.conf | |
sed -i -- "s/^<VirtualHost[ ]\*:80>//g" $HOME/$domain-include.conf | |
echo " | |
<VirtualHost *:80> | |
Include $AVAILABLE_CWD$domain-include.conf | |
</VirtualHost>" > $HOME/$domain.conf | |
echo | |
echo "Copying TLS files to the right place" | |
sudo cp $HOME/$KEY.txt $KEY_DIR$KEY.pem | |
sudo cp $HOME/$CRT.txt $CRT_DIR$CRT.pem | |
sudo cp $HOME/$CA.txt $CRT_DIR$CA.pem | |
echo | |
echo "Setting permissions" | |
sudo chown root:root $KEY_DIR$KEY.pem $CRT_DIR$CRT.pem $CRT_DIR$CA.pem | |
sudo chmod 600 $KEY_DIR$KEY.pem | |
sudo chmod 644 $CRT_DIR$CRT.pem $CRT_DIR$CA.pem | |
echo | |
echo "Magically moving files into $AVAILABLE_CWD so you dont have to..." | |
sudo mv $FILE $AVAILABLE_CWD | |
sudo mv $HOME/$domain.conf $AVAILABLE_CWD | |
sudo mv $HOME/$domain-include.conf $AVAILABLE_CWD | |
echo | |
echo "Activating new config" | |
sudo a2ensite $domain-ssl.conf > /dev/null | |
ok=$(sudo apachectl configtest 2>&1); | |
if [ "$ok" = "Syntax OK" ]; then | |
echo | |
echo "Reloading apache" | |
sudo service apache2 reload | |
echo | |
exit 0 | |
else | |
echo | |
echo "Unexpected error with Apache syntax. Trashing changes. Please try again" | |
sudo rm $AVAILABLE_CWD$domain-ssl.conf | |
sudo rm $AVAILABLE_CWD$domain-include.conf | |
sudo mv $AVAILABLE_CWD$domain.conf.backup $AVAILABLE_CWD$domain.conf | |
echo | |
echo "Apache error:" | |
echo $ok | |
echo | |
exit 1 | |
fi | |
else | |
echo | |
echo "Can't find the following files, please make sure all 3 exist" | |
echo "> $KEY" | |
echo "> $CRT" | |
echo "> $CA" | |
echo | |
exit 1; | |
fi | |
else | |
echo | |
echo "Can't find existing vhost. Maybe a mispelling?" | |
echo | |
exit 1 | |
fi | |
exit 1 | |
else | |
exit 0 | |
fi | |
fi |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment