Skip to content

Commit

Permalink
use letsencrypt-auto instead acme.sh (bug?); use '--webroot' for lets…
Browse files Browse the repository at this point in the history 
…encrypt; add http/2 feature for apache; add merge and symlink info to log for letsencrypt; mod pure-ftpd.init; install acme.sh and letsencrypt-auto together
  • Loading branch information
@mustafaramadhan
mustafaramadhan committed May 21, 2016
1 parent b26260e commit 8f282da
Show file tree
Hide file tree
Showing 8 changed files with 230 additions and 31 deletions.
2 changes: 1 addition & 1 deletion kloxo/bin/kloxoversion
View file
@@ -1 +1 @@
7.0.0.b-2016052101
7.0.0.b-2016052102
7 changes: 4 additions & 3 deletions kloxo/file/acme.sh/tpl/acme.sh.tpl
View file
Expand Up @@ -40,8 +40,7 @@ else
action="--issue"
fi

## MR -- change '--webroot /var/run/letsencrypt' to '--standalone'
/usr/bin/acme.sh ${action} --standalone \
/usr/bin/acme.sh ${action} --webroot /var/run/letsencrypt \
<?php echo $dom; ?>
<?php echo $req; ?> >> ${logdir}/acme.sh.log \
&> ${logdir}/acme.sh_temp.log
Expand All @@ -58,7 +57,9 @@ fi
if [ -f ${rootpath}/${maindom}/ca.cer ] ; then
cd ${rootpath}/${maindom}

cat ${maindom}.key ${maindom}.cer ca.cer > ${maindom}.pem
merge="cat ${maindom}.key ${maindom}.cer ca.cer > ${maindom}.pem"
echo "[$(date)] ${merge}" >> ${logdir}/acme.sh.log
${merge}

for i in .ca .crt .key .pem ; do
if [ "${i}" == ".ca" ] ; then
Expand Down
17 changes: 14 additions & 3 deletions kloxo/file/apache/tpl/defaults.conf.tpl
View file
Expand Up @@ -293,7 +293,9 @@ foreach ($certnamelist as $ip => $certname) {
if ($count !== 0) {
?>
Include <?php echo $globalspath; ?>/<?php echo $header_base; ?>.conf
<IfModule mod_http2.c>
Protocols h2 http/1.1
</IfModule>
<IfModule mod_ssl.c>
SSLEngine On
Expand All @@ -304,13 +306,22 @@ foreach ($certnamelist as $ip => $certname) {
SSLCertificateFile <?php echo $certname; ?>.pem
SSLCertificateKeyFile <?php echo $certname; ?>.key
<?php
if (file_exists("{$certname}.ca")) {
if (file_exists("{$certname}.ca")) {
?>
SSLCACertificatefile <?php echo $certname; ?>.ca
Include <?php echo $globalspath; ?>/<?php echo $header_base; ?>.conf
<?php
}
?>
</IfModule>
<?php
}
} else {
?>
<IfModule mod_http2.c>
Protocols h2c http/1.1
</IfModule>
<?php
}
Expand Down
147 changes: 145 additions & 2 deletions kloxo/file/apache/tpl/domains.conf.tpl
View file
Expand Up @@ -200,6 +200,10 @@ foreach ($certnamelist as $ip => $certname) {
if ($count !== 0) {
?>
<IfModule mod_http2.c>
Protocols h2 http/1.1
</IfModule>
<IfModule mod_ssl.c>
SSLEngine On
SSLProtocol ALL -SSLv2 -SSLv3
Expand All @@ -218,6 +222,13 @@ foreach ($certnamelist as $ip => $certname) {
}
?>
</IfModule>
<?php
} else {
?>
<IfModule mod_http2.c>
Protocols h2c http/1.1
</IfModule>
<?php
}
?>
Expand Down Expand Up @@ -333,6 +344,10 @@ foreach ($certnamelist as $ip => $certname) {
if ($count !== 0) {
?>
<IfModule mod_http2.c>
Protocols h2 http/1.1
</IfModule>
<IfModule mod_ssl.c>
SSLEngine on
SSLProtocol ALL -SSLv2 -SSLv3
Expand All @@ -342,14 +357,21 @@ foreach ($certnamelist as $ip => $certname) {
SSLCertificateFile <?php echo $certname; ?>.pem
SSLCertificateKeyFile <?php echo $certname; ?>.key
<?php
if (file_exists("{$certname}.ca")) {
if (file_exists("{$certname}.ca")) {
?>
SSLCACertificatefile <?php echo $certname; ?>.ca
Include <?php echo $globalspath; ?>/<?php echo $header_base; ?>.conf
<?php
}
}
?>
</IfModule>
<?php
} else {
?>
<IfModule mod_http2.c>
Protocols h2c http/1.1
</IfModule>
<?php
}
Expand Down Expand Up @@ -466,6 +488,10 @@ foreach ($certnamelist as $ip => $certname) {
if ($count !== 0) {
?>
<IfModule mod_http2.c>
Protocols h2 http/1.1
</IfModule>
<IfModule mod_ssl.c>
SSLEngine On
SSLProtocol ALL -SSLv2 -SSLv3
Expand All @@ -484,6 +510,13 @@ foreach ($certnamelist as $ip => $certname) {
}
?>
</IfModule>
<?php
} else {
?>
<IfModule mod_http2.c>
Protocols h2c http/1.1
</IfModule>
<?php
}
?>
Expand Down Expand Up @@ -512,6 +545,10 @@ foreach ($certnamelist as $ip => $certname) {
if ($count !== 0) {
?>
<IfModule mod_http2.c>
Protocols h2 http/1.1
</IfModule>
<IfModule mod_ssl.c>
SSLEngine On
SSLProtocol ALL -SSLv2 -SSLv3
Expand All @@ -530,6 +567,13 @@ foreach ($certnamelist as $ip => $certname) {
}
?>
</IfModule>
<?php
} else {
?>
<IfModule mod_http2.c>
Protocols h2c http/1.1
</IfModule>
<?php
}
?>
Expand Down Expand Up @@ -658,6 +702,10 @@ foreach ($certnamelist as $ip => $certname) {
if ($enablessl) {
?>
<IfModule mod_http2.c>
Protocols h2 http/1.1
</IfModule>
<IfModule mod_ssl.c>
SSLEngine On
SSLProtocol ALL -SSLv2 -SSLv3
Expand All @@ -676,6 +724,13 @@ foreach ($certnamelist as $ip => $certname) {
}
?>
</IfModule>
<?php
} else {
?>
<IfModule mod_http2.c>
Protocols h2c http/1.1
</IfModule>
<?php
}
}
Expand Down Expand Up @@ -1017,6 +1072,10 @@ foreach ($certnamelist as $ip => $certname) {
if ($enablessl) {
?>
<IfModule mod_http2.c>
Protocols h2 http/1.1
</IfModule>
<IfModule mod_ssl.c>
SSLEngine On
SSLProtocol ALL -SSLv2 -SSLv3
Expand All @@ -1035,6 +1094,13 @@ foreach ($certnamelist as $ip => $certname) {
}
?>
</IfModule>
<?php
} else {
?>
<IfModule mod_http2.c>
Protocols h2c http/1.1
</IfModule>
<?php
}
}
Expand Down Expand Up @@ -1173,6 +1239,10 @@ foreach ($certnamelist as $ip => $certname) {
if ($enablessl) {
?>
<IfModule mod_http2.c>
Protocols h2 http/1.1
</IfModule>
<IfModule mod_ssl.c>
SSLEngine On
SSLProtocol ALL -SSLv2 -SSLv3
Expand All @@ -1191,6 +1261,13 @@ foreach ($certnamelist as $ip => $certname) {
}
?>
</IfModule>
<?php
} else {
?>
<IfModule mod_http2.c>
Protocols h2c http/1.1
</IfModule>
<?php
}
}
Expand Down Expand Up @@ -1229,6 +1306,10 @@ foreach ($certnamelist as $ip => $certname) {
if ($count !== 0) {
?>
<IfModule mod_http2.c>
Protocols h2 http/1.1
</IfModule>
<IfModule mod_ssl.c>
SSLEngine On
SSLProtocol ALL -SSLv2 -SSLv3
Expand All @@ -1247,6 +1328,13 @@ foreach ($certnamelist as $ip => $certname) {
}
?>
</IfModule>
<?php
} else {
?>
<IfModule mod_http2.c>
Protocols h2c http/1.1
</IfModule>
<?php
}
?>
Expand Down Expand Up @@ -1362,6 +1450,10 @@ foreach ($certnamelist as $ip => $certname) {
if ($count !== 0) {
?>
<IfModule mod_http2.c>
Protocols h2 http/1.1
</IfModule>
<IfModule mod_ssl.c>
SSLEngine On
SSLProtocol ALL -SSLv2 -SSLv3
Expand All @@ -1380,6 +1472,13 @@ foreach ($certnamelist as $ip => $certname) {
}
?>
</IfModule>
<?php
} else {
?>
<IfModule mod_http2.c>
Protocols h2c http/1.1
</IfModule>
<?php
}
?>
Expand Down Expand Up @@ -1408,6 +1507,10 @@ foreach ($certnamelist as $ip => $certname) {
if ($count !== 0) {
?>
<IfModule mod_http2.c>
Protocols h2 http/1.1
</IfModule>
<IfModule mod_ssl.c>
SSLEngine On
SSLProtocol ALL -SSLv2 -SSLv3
Expand All @@ -1426,6 +1529,13 @@ foreach ($certnamelist as $ip => $certname) {
}
?>
</IfModule>
<?php
} else {
?>
<IfModule mod_http2.c>
Protocols h2c http/1.1
</IfModule>
<?php
}
?>
Expand Down Expand Up @@ -1557,6 +1667,10 @@ foreach ($certnamelist as $ip => $certname) {
if ($count !== 0) {
?>
<IfModule mod_http2.c>
Protocols h2 http/1.1
</IfModule>
<IfModule mod_ssl.c>
SSLEngine On
SSLProtocol ALL -SSLv2 -SSLv3
Expand All @@ -1575,6 +1689,13 @@ foreach ($certnamelist as $ip => $certname) {
}
?>
</IfModule>
<?php
} else {
?>
<IfModule mod_http2.c>
Protocols h2c http/1.1
</IfModule>
<?php
}
?>
Expand Down Expand Up @@ -1690,6 +1811,10 @@ foreach ($certnamelist as $ip => $certname) {
if ($count !== 0) {
?>
<IfModule mod_http2.c>
Protocols h2 http/1.1
</IfModule>
<IfModule mod_ssl.c>
SSLEngine On
SSLProtocol ALL -SSLv2 -SSLv3
Expand All @@ -1708,6 +1833,13 @@ foreach ($certnamelist as $ip => $certname) {
}
?>
</IfModule>
<?php
} else {
?>
<IfModule mod_http2.c>
Protocols h2c http/1.1
</IfModule>
<?php
}
?>
Expand Down Expand Up @@ -1736,6 +1868,10 @@ foreach ($certnamelist as $ip => $certname) {
if ($count !== 0) {
?>
<IfModule mod_http2.c>
Protocols h2 http/1.1
</IfModule>
<IfModule mod_ssl.c>
SSLEngine On
SSLProtocol ALL -SSLv2 -SSLv3
Expand All @@ -1754,6 +1890,13 @@ foreach ($certnamelist as $ip => $certname) {
}
?>
</IfModule>
<?php
} else {
?>
<IfModule mod_http2.c>
Protocols h2c http/1.1
</IfModule>
<?php
}
?>
Expand Down

0 comments on commit 8f282da

Please sign in to comment.