Last active
April 27, 2020 11:12
-
-
Save marcastel/2e0230f32505d3f69cdc2a646633231b to your computer and use it in GitHub Desktop.
Amazon Linux 2 / Apache automated install w/SSL (test certificates)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #! /bin/ksh | |
| # NAME | |
| # | |
| # `al2-setup-apache` -- install Apache httpd on Amazon Linux 2 with SSL enabled | |
| # | |
| # DESCRIPTION | |
| # | |
| # This snippet allows to quickly setup Apache httpd on Amazon Linux 2 with SSL enabled. It will automatically create a test | |
| # certificate and install `mod_ssl`. Obviously this is not for production systems. | |
| # | |
| # DEPENDENCIES | |
| # | |
| # This is a KornShell script, so you should make sure you have `ksh` installed as this is not the case by default on | |
| # Amazon Linux 2 -- KornShell is POSIX, but Linux isn't; spot the contradiction. | |
| # If things fail consider: | |
| # - systemctl status httpd.service | |
| # - journalctl -xe | |
| # - apachectl configtest | |
| # - apachectl status | |
| export LC_ALL=C | |
| typeset ansi=yes # If non-null outputs will colourised | |
| typeset progname=${0##*/} # This script's basename | |
| typeset ssl_conf='/etc/httpd/conf.d/ssl.conf' # The default file installed by `mod_ssl` | |
| typeset tls_root=/etc/pki/tls # | |
| typeset cert_key=$tls_root/private/localhost.key # | |
| typeset cert_crt=$tls_root/certs/localhost.crt # | |
| function fatal { | |
| print -u2 "${ansi:+\E[2m}$progname${ansi:+\E[0m} ${ansi:+\E[31m}fatal${ansi:+\E[0m} $@" | |
| exit 1 | |
| } | |
| function trace { | |
| print -u2 "${ansi:+\E[2m}$progname${ansi:+\E[0m} ${ansi:+\E[35m}trace${ansi:+\E[0m} $@" | |
| } | |
| # Make sure pre-requisite TLS certificates makefile is available | |
| [[ -f $tls_root/certs/Makefile ]] || | |
| fatal 'Missing TLS certification Makefile' | |
| # Best practice is to ensure your (base) packages are up to date | |
| sudo yum update -q -y | |
| # If Apache httpd is not installed, install it | |
| if yum list installed -q httpd > /dev/null; | |
| then trace 'Apache httpd package installed' | |
| else trace 'Installing package Apache httpd' | |
| sudo yum install -q -y httpd || | |
| fatal 'Failed to install Apache httpd package.'; fi | |
| # Confirm that Apache httpd is running | |
| if [[ $(sudo systemctl is-enabled httpd) == disabled ]] | |
| then sudo systemctl start httpd && sudo systemctl enable httpd || | |
| fatal 'Failed to start Apache httpd service.'; fi | |
| # Now make sure that we have the `mod_ssl` package installed | |
| if yum list installed -q mod_ssl > /dev/null | |
| then trace 'Apache httpd SSL module installed' | |
| else trace 'Installing Apache mod_ssl pacakge' | |
| sudo yum install -q -y mod_ssl || | |
| fatal 'Failed to install Apache mod_ssl package.'; fi | |
| # Make sure the `mod_ssl` installed the default configuration file | |
| [[ -f $ssl_conf ]] || | |
| fatal 'Failed to locate to default Apache httpd SSL configuration file: '$ssl_conf | |
| # Generate our dummy (i.e. for development purposes only) certificate | |
| (cd $tls_root/certs && make --quiet testcert) || | |
| fatal 'Failed to generate dummy certifcate' | |
| # Make sure the certificate has been created as expected | |
| typeset file; for file in $cert_key $cert_crt; do | |
| [[ -f $file ]] || fatal "Invalid certificate (failed to locate file: $file)" | |
| typeset keyword=SSLCertificateFile; [[ $file == *.key ]] && keyword=${keyword%File}KeyFile | |
| grep "^$keyword $file" $ssl_conf >/dev/null && continue | |
| fatal "Please ensure Apache SSL configuration file ${ssl_conf##*/} contains the following statement:\n\t$keyword $file" | |
| done | |
| # We're done | |
| sudo systemctl restart httpd | |
| trace 'Apache HTTPd installed with SSL enabled (development certificate)' | |
| # __END__ |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment