brand-it/create_ssl.sh

## create_ssl.sh
#!/usr/bin/env ruby

require 'fileutils'
require 'tempfile'

# cn = '*.tb.local.vhost'
# server_name = 'dev.tb.local.vhost'
# admin_server_name = 'admin.tb.local.vhost'


# cn = '*.lareaus.com'
cnames = ['*.tb.local.vhost']
server_name = 'dev.tb.local.vhost'
admin_server_name = 'admin.tb.local.vhost'

unless Process.uid.zero?
  puts 'Please run this script with sudo:'
  exit 1
end

openssl = File.read('/System/Library/OpenSSL/openssl.cnf')
tempfile = Tempfile.new
tempfile.write(openssl)
tempfile.write("[SAN]\nsubjectAltName = @alt_names\n")

tempfile.write("[ alt_names ]\n")
cnames.each_with_index do |name, index|
  tempfile.write("DNS.#{index + 1} = #{name}\n")
end
tempfile.close

# Kernel.system('launchctl unload -w /System/Library/LaunchDaemons/org.apache.http')
# Kernel.system('/usr/sbin/apachectl stop')
if File.exist?('/usr/local/etc/httpd/ssl/localhost.key') && File.exist?('/usr/local/etc/httpd/ssl/localhost.crt')
  puts 'cert already present. Delete if you want to recreate /usr/local/etc/httpd/ssl/localhost.key'
else
  FileUtils.mkdir_p('/usr/local/etc/httpd/ssl')
  unless Kernel.system("cd /usr/local/etc/httpd/ssl; openssl req -newkey rsa:2048 -x509 -nodes -keyout localhost.key -new -out localhost.crt -subj /CN='#{cnames[0]}' -reqexts SAN -extensions SAN -config #{tempfile.path} -sha256 -days 3650")
    exit 1
  end
end
tempfile.unlink # delete tempfile

puts "Uncomment
LoadModule ssl_module lib/httpd/modules/mod_ssl.so
Include /usr/local/etc/httpd/extra/httpd-ssl.conf
LoadModule proxy_module lib/httpd/modules/mod_proxy.so
LoadModule proxy_http_module lib/httpd/modules/mod_proxy_http.so
LoadModule socache_shmcb_module lib/httpd/modules/mod_socache_shmcb.so

Replace
\"Listen 8080\" change to \"Listen 80\"
SSLCertificateKeyFile \"/usr/local/etc/httpd/ssl/localhost.key\"
SSLCertificateFile \"/usr/local/etc/httpd/ssl/localhost.crt\"
ServerName #{server_name} # line 223-ish
"
Kernel.system('vi /usr/local/bin/code /usr/local/etc/httpd/httpd.conf')
puts "Change the Listen port from 8080 and 8443 to 80 and 443
Listen 8443
Listen 443
"
Kernel.system('vi /usr/local/etc/httpd/extra/httpd-ssl.conf')

vhost = "
<VirtualHost *:80>
    ServerName #{server_name}
    ProxyRequests Off
    ProxyPreserveHost On
    ProxyTimeout 18000

    # Intercept /static/ to serve vendor.js/frontend.js from ember server
    ProxyPass /static/ https://localhost:4200/assets/
    ProxyPassReverse /static/ https://localhost:4200/assets/

    # Proxy other routes to `rails server`
    ProxyPass / http://localhost:3000/
    ProxyPassReverse / http://localhost:3000/

    # Ignore cert issues when proxying http to https
    SSLProxyEngine on
    SSLProxyVerify none
    SSLProxyCheckPeerCN off
    SSLProxyCheckPeerName off
    SSLProxyCheckPeerExpire off
</VirtualHost>

<VirtualHost *:443>
    ServerName #{server_name}

    # We add aliases for *.ngrok.io and anything else we need to access here
    ServerAlias #{cnames.join(' ')} #{server_name} #{admin_server_name} *.ngrok.io

    # Proxy local requests to `rails server`
    ProxyPass / http://localhost:3000/
    ProxyPassReverse / http://localhost:3000/
    ProxyPreserveHost On
    ProxyTimeout 18000·
    RequestHeader set X_FORWARDED_PROTO 'https'

    SSLProxyEngine on
    SSLEngine on
    SSLCertificateFile /usr/local/etc/httpd/ssl/localhost.crt
    SSLCertificateKeyFile /usr/local/etc/httpd/ssl/localhost.key
</VirtualHost>"
data = File.read('/usr/local/etc/httpd/httpd.conf')
if data.include?(vhost)
  puts 'Already have the vhost data'
else
  File.open('/usr/local/etc/httpd/httpd.conf', 'a') do |file|
    file.write vhost
  end
end
data = File.read('/etc/hosts')
host = "127.0.0.1 #{server_name} #{admin_server_name}"
if data.include?(host)
  puts 'already have host information'
else
  File.open('/etc/hosts', 'a') do |file|
    file.write vhost
  end
end

Kernel.system('apachectl configtest')
Kernel.system('apachectl restart')
Kernel.system('open /usr/local/etc/httpd/ssl/localhost.crt')
	#!/usr/bin/env ruby

	require 'fileutils'
	require 'tempfile'

	# cn = '*.tb.local.vhost'
	# server_name = 'dev.tb.local.vhost'
	# admin_server_name = 'admin.tb.local.vhost'


	# cn = '*.lareaus.com'
	cnames = ['*.tb.local.vhost']
	server_name = 'dev.tb.local.vhost'
	admin_server_name = 'admin.tb.local.vhost'

	unless Process.uid.zero?
	puts 'Please run this script with sudo:'
	exit 1
	end

	openssl = File.read('/System/Library/OpenSSL/openssl.cnf')
	tempfile = Tempfile.new
	tempfile.write(openssl)
	tempfile.write("[SAN]\nsubjectAltName = @alt_names\n")

	tempfile.write("[ alt_names ]\n")
	cnames.each_with_index do \|name, index\|
	tempfile.write("DNS.#{index + 1} = #{name}\n")
	end
	tempfile.close

	# Kernel.system('launchctl unload -w /System/Library/LaunchDaemons/org.apache.http')
	# Kernel.system('/usr/sbin/apachectl stop')
	if File.exist?('/usr/local/etc/httpd/ssl/localhost.key') && File.exist?('/usr/local/etc/httpd/ssl/localhost.crt')
	puts 'cert already present. Delete if you want to recreate /usr/local/etc/httpd/ssl/localhost.key'
	else
	FileUtils.mkdir_p('/usr/local/etc/httpd/ssl')
	unless Kernel.system("cd /usr/local/etc/httpd/ssl; openssl req -newkey rsa:2048 -x509 -nodes -keyout localhost.key -new -out localhost.crt -subj /CN='#{cnames[0]}' -reqexts SAN -extensions SAN -config #{tempfile.path} -sha256 -days 3650")
	exit 1
	end
	end
	tempfile.unlink # delete tempfile

	puts "Uncomment
	LoadModule ssl_module lib/httpd/modules/mod_ssl.so
	Include /usr/local/etc/httpd/extra/httpd-ssl.conf
	LoadModule proxy_module lib/httpd/modules/mod_proxy.so
	LoadModule proxy_http_module lib/httpd/modules/mod_proxy_http.so
	LoadModule socache_shmcb_module lib/httpd/modules/mod_socache_shmcb.so

	Replace
	\"Listen 8080\" change to \"Listen 80\"
	SSLCertificateKeyFile \"/usr/local/etc/httpd/ssl/localhost.key\"
	SSLCertificateFile \"/usr/local/etc/httpd/ssl/localhost.crt\"
	ServerName #{server_name} # line 223-ish
	"
	Kernel.system('vi /usr/local/bin/code /usr/local/etc/httpd/httpd.conf')
	puts "Change the Listen port from 8080 and 8443 to 80 and 443
	Listen 8443
	Listen 443
	"
	Kernel.system('vi /usr/local/etc/httpd/extra/httpd-ssl.conf')

	vhost = "
	<VirtualHost *:80>
	ServerName #{server_name}
	ProxyRequests Off
	ProxyPreserveHost On
	ProxyTimeout 18000

	# Intercept /static/ to serve vendor.js/frontend.js from ember server
	ProxyPass /static/ https://localhost:4200/assets/
	ProxyPassReverse /static/ https://localhost:4200/assets/

	# Proxy other routes to `rails server`
	ProxyPass / http://localhost:3000/
	ProxyPassReverse / http://localhost:3000/

	# Ignore cert issues when proxying http to https
	SSLProxyEngine on
	SSLProxyVerify none
	SSLProxyCheckPeerCN off
	SSLProxyCheckPeerName off
	SSLProxyCheckPeerExpire off
	</VirtualHost>

	<VirtualHost *:443>
	ServerName #{server_name}

	# We add aliases for *.ngrok.io and anything else we need to access here
	ServerAlias #{cnames.join(' ')} #{server_name} #{admin_server_name} *.ngrok.io

	# Proxy local requests to `rails server`
	ProxyPass / http://localhost:3000/
	ProxyPassReverse / http://localhost:3000/
	ProxyPreserveHost On
	ProxyTimeout 18000·
	RequestHeader set X_FORWARDED_PROTO 'https'

	SSLProxyEngine on
	SSLEngine on
	SSLCertificateFile /usr/local/etc/httpd/ssl/localhost.crt
	SSLCertificateKeyFile /usr/local/etc/httpd/ssl/localhost.key
	</VirtualHost>"
	data = File.read('/usr/local/etc/httpd/httpd.conf')
	if data.include?(vhost)
	puts 'Already have the vhost data'
	else
	File.open('/usr/local/etc/httpd/httpd.conf', 'a') do \|file\|
	file.write vhost
	end
	end
	data = File.read('/etc/hosts')
	host = "127.0.0.1 #{server_name} #{admin_server_name}"
	if data.include?(host)
	puts 'already have host information'
	else
	File.open('/etc/hosts', 'a') do \|file\|
	file.write vhost
	end
	end

	Kernel.system('apachectl configtest')
	Kernel.system('apachectl restart')
	Kernel.system('open /usr/local/etc/httpd/ssl/localhost.crt')