diff --git a/etc/apache2/sites-available/001-default-ssl.conf b/etc/apache2/sites-available/001-default-ssl.conf new file mode 100644 index 0000000..8c3a5fe --- /dev/null +++ b/etc/apache2/sites-available/001-default-ssl.conf @@ -0,0 +1,17 @@ + + + ServerAdmin webmaster@localhost + DocumentRoot /srv/www/html + #LogLevel info ssl:warn + ErrorLog ${APACHE_LOG_DIR}/error.log + CustomLog ${APACHE_LOG_DIR}/access.log combined + SSLEngine on + SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem + + SSLOptions +StdEnvVars + + + SSLOptions +StdEnvVars + + + diff --git a/install.sh b/install.sh index 588ce92..925511d 100755 --- a/install.sh +++ b/install.sh @@ -79,8 +79,13 @@ DEBIAN_FRONTEND=noninteractive apt-get -y install apache2 libapache2-mod-authnz- ## http2 handled automatically now. ## http2 doesn't support logio, so look in to vhost log format - -# force https for phpMyAdmin ?? +fqdn=`hostname -f` +vhostdomain=`hostname -d` +cp etc/apache2/sites-available/* /etc/apache2/sites-available/ +sed -i "s|ssl-cert-snakeoil.pem|$fqdn.pem|g" /etc/apache2/sites-available/*.conf +chmod 644 /etc/apache2/sites-available/*.conf +chown root:root /etc/apache2/sites-available/*.conf +sed -i "s|webmaster@localhost|webmaster@$fqdn|g" /etc/apache2/sites-available/*.conf cp etc/apache2/conf-available/* /etc/apache2/conf-available/ chmod 644 /etc/apache2/conf-available/*.conf chown root:root /etc/apache2/conf-available/*.conf @@ -89,8 +94,7 @@ cp etc/apache2/mods-available/* /etc/apache2/mods-available/ chmod 644 /etc/apache2/mods-available/*.conf chown root:root /etc/apache2/mods-available/*.conf # set vhost subodmain to domain name of server, users may want to consider changing this to a custom domain. -vhostdomain=`hostname -d` -sed -i "s|.example.com|.$vhostdomain|g" /etc/apache2/mods-available/macro.conf +sed -i "s|example.com|$vhostdomain|g" /etc/apache2/mods-available/macro.conf # a2enmod proxy_fcgi rewrite headers expires ssl http2 remoteip macro a2enmod cgid proxy_fcgi proxy_http rewrite headers expires ssl http2 macro # # sed -i "s|CustomLog|#CustomLog|g" /etc/apache2/sites-available/000-default.conf @@ -268,3 +272,8 @@ else echo "NOTICE: firewalld not installed, not opening http ports in firewall." fi +echo +echo "To enable the default https host run:" +echo "letsencrypt-certonly.sh -d $fqdn" +echo "a2ensite 000-default-ssl.conf" +echo "systemctl reload apache2"