server_setup.sh - dotfiles - Settings and scripts

server_setup.sh (2386B)
      1 #!/usr/bin/env sh
      2 
      3 set -e
      4 
      5 rcctl disable httpd
      6 rcctl stop httpd
      7 
      8 cat > /etc/acme-client.conf << "END"
      9 authority letsencrypt {
     10 	api url "https://acme-v02.api.letsencrypt.org/directory"
     11 	account key "/etc/acme/letsencrypt-privkey.pem"
     12 }
     13 
     14 authority letsencrypt-staging {
     15 	api url "https://acme-staging-v02.api.letsencrypt.org/directory"
     16 	account key "/etc/acme/letsencrypt-staging-privkey.pem"
     17 }
     18 
     19 authority buypass {
     20 	api url "https://api.buypass.com/acme/directory"
     21 	account key "/etc/acme/buypass-privkey.pem"
     22 	contact "mailto:me@konyahin.xyz"
     23 }
     24 
     25 authority buypass-test {
     26 	api url "https://api.test4.buypass.no/acme/directory"
     27 	account key "/etc/acme/buypass-test-privkey.pem"
     28 	contact "mailto:me@konyahin.xyz"
     29 }
     30 
     31 domain konyahin.xyz {
     32 	alternative names { www.konyahin.xyz git.konyahin.xyz vpn.konyahin.xyz }
     33 	domain key "/etc/ssl/private/konyahin.xyz.key"
     34 	domain full chain certificate "/etc/ssl/konyahin.xyz.fullchain.pem"
     35 	sign with letsencrypt
     36 }
     37 END
     38 
     39 mkdir -p -m 700 /etc/acme
     40 mkdir -p -m 700 /etc/ssl/acme/private
     41 mkdir -p -m 755 /var/www/acme
     42 
     43 cat > /etc/httpd.conf << "END"
     44 server "konyahin.xyz" {
     45   listen on * port 80
     46   root "/htdocs/konyahin.xyz"
     47   location "/.well-known/acme-challenge/*" {
     48     root "/acme"
     49     request strip 2
     50   }
     51 }
     52 
     53 server "www.konyahin.xyz" {
     54   listen on * port 80
     55   block return 301 "http://konyahin.xyz$REQUEST_URI"
     56 }
     57 END
     58 
     59 httpd -n
     60 rcctl enable httpd
     61 rcctl start httpd
     62 acme-client -v konyahin.xyz
     63 
     64 cat > /etc/httpd.conf << "END"
     65 server "konyahin.xyz" {
     66   listen on * tls port 443
     67   root "/htdocs/konyahin.xyz"
     68   tls {
     69     certificate "/etc/ssl/konyahin.xyz.fullchain.pem"
     70     key "/etc/ssl/private/konyahin.xyz.key"
     71   }
     72 
     73   location "./well-known/acme-challenge/*" {
     74     root "/acme"
     75     request strip 2
     76   }
     77 }
     78 
     79 server "www.konyahin.xyz" {
     80   listen on * tls port 443
     81   tls {
     82     certificate "/etc/ssl/konyahin.xyz.fullchain.pem"
     83     key "/etc/ssl/private/konyahin.xyz.key"
     84   }
     85   block return 301 "https://konyahin.xyz$REQUEST_URI"
     86 }
     87 
     88 server "konyahin.xyz" {
     89   listen on * port 80
     90   alias "www.konyahin.xyz"
     91   block return 301 "https://konyahin.xyz$REQUEST_URI"
     92 }
     93 END
     94 
     95 mkdir -p /var/www/htdocs/konyahin.xyz
     96 cat > /var/www/htdocs/konyahin.xyz/index.html << "END"
     97 <html>
     98     <body>
     99         Test test
    100     </body>
    101 </html>
    102 END
    103 
    104 httpd -n
    105 rcctl restart httpd
    106 
    107 (crontab -l 2>/dev/null; echo "05 3 * * * acme-client example.com && rcctl reload httpd") | crontab -
	dotfiles Settings and scripts
	git clone git://git.konyahin.xyz/dotfiles
	Log \| Files \| Refs \| Submodules \| LICENSE