damms005/create-secure-site.sh

## create-secure-site.sh
#!/bin/bash

# Run like:
# sudo create-secure-site.sh site-url
sample_run="sudo create-secure-site.sh <website name e.g. sample-website.local>"
site=$1
site_name=$(echo $site | sed  -E "s/\..*//")
apache_doc_dir=/opt/lampp/htdocs/hidden-laravel-backends/${site_name}/public
#We should make user specify deo as argument to this script. The user must be in the same group with the
#username, so that we can do stuff like `chown deo:deo...`
non_priviledged_owner=deo
old_cwp=$(pwd)

if [ "$USER" != "root" ]
then
  echo 'Script must not be run as root (or with sudo)'
  exit
fi

if [ -z "$site" ]
then
  	echo "You must include a site name. e.g. $sample_run";
	exit
fi

######################################################################
############################# STAGE 1 ################################
######################################################################
#Make SSL certificate
echo -e "Adding/editing ${site}...\nGenerating SSL certificates..."
mkcert_path=/opt/lampp/htdocs/git-collaborations/mkcert
cd $mkcert_path
#When certificate is generated as sudo user, Chrome won't validate it. So we switch to me normal folk.
sudo -u $non_priviledged_owner ./mkcert $site
#Copy the generated certs
find $mkcert_path -iname "$site*" -exec mv -v '{}' /etc/apache2/ssl \;

######################################################################
############################# STAGE 2 ################################
######################################################################
normal_template=$(echo "
<VirtualHost *:80>
        ServerName $site
        ServerAlias www.$site
        ServerAdmin webmaster@localhost
		DocumentRoot ${apache_doc_dir}
        <Directory ${apache_doc_dir}>
                Options Indexes FollowSymLinks MultiViews
                AllowOverride All
                Order allow,deny
                allow from all
        </Directory>
        ErrorLog \${APACHE_LOG_DIR}/error.log
        # Possible values include: debug, info, notice, warn, error, crit,
        # alert, emerg.
        LogLevel warn
        CustomLog \${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
");

ssl_template=$(echo "
<VirtualHost *:443>
		ServerName $site
		DocumentRoot ${apache_doc_dir}
		<Directory ${apache_doc_dir}>
			Options Indexes FollowSymLinks
			AllowOverride All
			Require all granted
			Order allow,deny
			allow from all
		</Directory>

		ErrorLog \${APACHE_LOG_DIR}/error.log
		CustomLog \${APACHE_LOG_DIR}/access.log combined

		SSLEngine on
		SSLCertificateKeyFile	/etc/apache2/ssl/${site}-key.pem
		SSLCertificateFile	/etc/apache2/ssl/${site}.pem

		<FilesMatch \"\.(cgi|shtml|phtml|php)$\">
			SSLOptions +StdEnvVars
		</FilesMatch>
		<Directory /usr/lib/cgi-bin>
			SSLOptions +StdEnvVars
		</Directory>
</VirtualHost>
");

#Add to /etc/apache2/sites-enabled/default-ssl.conf if not there
secure_site_path=/etc/apache2/sites-enabled/default-ssl.conf
if grep -q "$site" "$secure_site_path"
then
	echo "$site already exists in $secure_site_path"
else
	echo "$site does not exist in $secure_site_path. Adding it now..."
	OLD_IFS=$IFS
	IFS=
	echo $ssl_template >> $secure_site_path
	IFS=$OLD_IFS
fi

#Add to /etc/apache2/sites-available/000-default.conf if not there
non_secure_site_path=/etc/apache2/sites-available/000-default.conf
if grep -q "$site" "$non_secure_site_path"
then
	echo "$site already exists in $non_secure_site_path"
else
	echo "$site does not exist in $non_secure_site_path. Adding it now..."
	OLD_IFS=$IFS
	IFS=
	echo $normal_template >> $non_secure_site_path
	IFS=$OLD_IFS
fi

######################################################################
############################# STAGE 3 ################################
######################################################################
#Add to /etc/hosts
host_file_path=/etc/hosts
if grep -q "$site" "$host_file_path"
then
	echo "$site is already listed in ${host_file_path}..."
else
	echo "$site is not listed in ${host_file_path}. Now adding it."
	echo -e "127.0.0.1\t$site" >> $host_file_path
fi

######################################################################
############################# STAGE 4 ################################
######################################################################
if [ -d "$apache_doc_dir" ]
then
	echo The document directory \($apache_doc_dir\) already exists. No need to create it again.
else
	sudo -u $non_priviledged_owner mkdir -vp "$apache_doc_dir"
	chmod -vR 0777 "$apache_doc_dir"
	chown ${non_priviledged_owner}:${non_priviledged_owner} -vR "$apache_doc_dir"
fi


######################################################################
############################# STAGE 5 ################################
######################################################################
cd ${apache_doc_dir}/..
if [ -d .git ]
then
	echo No need to initialize git repo
else
	sudo -u $non_priviledged_owner git init
	sudo -u $non_priviledged_owner git add .
	sudo -u $non_priviledged_owner git commit -m 'First commit'
fi

echo  Returning to $old_cwp
cd $old_cwp
echo "Restating apache..."
service apache2 restart

echo "Done. $site is ready, both on HTTP and HTTPS!"
	#!/bin/bash

	# Run like:
	# sudo create-secure-site.sh site-url
	sample_run="sudo create-secure-site.sh <website name e.g. sample-website.local>"
	site=$1
	site_name=$(echo $site \| sed -E "s/\..*//")
	apache_doc_dir=/opt/lampp/htdocs/hidden-laravel-backends/${site_name}/public
	#We should make user specify deo as argument to this script. The user must be in the same group with the
	#username, so that we can do stuff like `chown deo:deo...`
	non_priviledged_owner=deo
	old_cwp=$(pwd)

	if [ "$USER" != "root" ]
	then
	echo 'Script must not be run as root (or with sudo)'
	exit
	fi

	if [ -z "$site" ]
	then
	echo "You must include a site name. e.g. $sample_run";
	exit
	fi

	######################################################################
	############################# STAGE 1 ################################
	######################################################################
	#Make SSL certificate
	echo -e "Adding/editing ${site}...\nGenerating SSL certificates..."
	mkcert_path=/opt/lampp/htdocs/git-collaborations/mkcert
	cd $mkcert_path
	#When certificate is generated as sudo user, Chrome won't validate it. So we switch to me normal folk.
	sudo -u $non_priviledged_owner ./mkcert $site
	#Copy the generated certs
	find $mkcert_path -iname "$site*" -exec mv -v '{}' /etc/apache2/ssl \;

	######################################################################
	############################# STAGE 2 ################################
	######################################################################
	normal_template=$(echo "
	<VirtualHost *:80>
	ServerName $site
	ServerAlias www.$site
	ServerAdmin webmaster@localhost
	DocumentRoot ${apache_doc_dir}
	<Directory ${apache_doc_dir}>
	Options Indexes FollowSymLinks MultiViews
	AllowOverride All
	Order allow,deny
	allow from all
	</Directory>
	ErrorLog \${APACHE_LOG_DIR}/error.log
	# Possible values include: debug, info, notice, warn, error, crit,
	# alert, emerg.
	LogLevel warn
	CustomLog \${APACHE_LOG_DIR}/access.log combined
	</VirtualHost>
	");

	ssl_template=$(echo "
	<VirtualHost *:443>
	ServerName $site
	DocumentRoot ${apache_doc_dir}
	<Directory ${apache_doc_dir}>
	Options Indexes FollowSymLinks
	AllowOverride All
	Require all granted
	Order allow,deny
	allow from all
	</Directory>

	ErrorLog \${APACHE_LOG_DIR}/error.log
	CustomLog \${APACHE_LOG_DIR}/access.log combined

	SSLEngine on
	SSLCertificateKeyFile /etc/apache2/ssl/${site}-key.pem
	SSLCertificateFile /etc/apache2/ssl/${site}.pem

	<FilesMatch \"\.(cgi\|shtml\|phtml\|php)$\">
	SSLOptions +StdEnvVars
	</FilesMatch>
	<Directory /usr/lib/cgi-bin>
	SSLOptions +StdEnvVars
	</Directory>
	</VirtualHost>
	");

	#Add to /etc/apache2/sites-enabled/default-ssl.conf if not there
	secure_site_path=/etc/apache2/sites-enabled/default-ssl.conf
	if grep -q "$site" "$secure_site_path"
	then
	echo "$site already exists in $secure_site_path"
	else
	echo "$site does not exist in $secure_site_path. Adding it now..."
	OLD_IFS=$IFS
	IFS=
	echo $ssl_template >> $secure_site_path
	IFS=$OLD_IFS
	fi

	#Add to /etc/apache2/sites-available/000-default.conf if not there
	non_secure_site_path=/etc/apache2/sites-available/000-default.conf
	if grep -q "$site" "$non_secure_site_path"
	then
	echo "$site already exists in $non_secure_site_path"
	else
	echo "$site does not exist in $non_secure_site_path. Adding it now..."
	OLD_IFS=$IFS
	IFS=
	echo $normal_template >> $non_secure_site_path
	IFS=$OLD_IFS
	fi

	######################################################################
	############################# STAGE 3 ################################
	######################################################################
	#Add to /etc/hosts
	host_file_path=/etc/hosts
	if grep -q "$site" "$host_file_path"
	then
	echo "$site is already listed in ${host_file_path}..."
	else
	echo "$site is not listed in ${host_file_path}. Now adding it."
	echo -e "127.0.0.1\t$site" >> $host_file_path
	fi

	######################################################################
	############################# STAGE 4 ################################
	######################################################################
	if [ -d "$apache_doc_dir" ]
	then
	echo The document directory \($apache_doc_dir\) already exists. No need to create it again.
	else
	sudo -u $non_priviledged_owner mkdir -vp "$apache_doc_dir"
	chmod -vR 0777 "$apache_doc_dir"
	chown ${non_priviledged_owner}:${non_priviledged_owner} -vR "$apache_doc_dir"
	fi


	######################################################################
	############################# STAGE 5 ################################
	######################################################################
	cd ${apache_doc_dir}/..
	if [ -d .git ]
	then
	echo No need to initialize git repo
	else
	sudo -u $non_priviledged_owner git init
	sudo -u $non_priviledged_owner git add .
	sudo -u $non_priviledged_owner git commit -m 'First commit'
	fi

	echo Returning to $old_cwp
	cd $old_cwp
	echo "Restating apache..."
	service apache2 restart

	echo "Done. $site is ready, both on HTTP and HTTPS!"