-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathsecure-vhost
executable file
·280 lines (237 loc) · 9.26 KB
/
secure-vhost
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
#!/usr/bin/env bash
#title :secure-vhost
#description :Create a SSL-secure Apache VirtualHost in XAMPP using CLI
#usage :Basic usage is "$ secure-vhost -d yourdomain.local" but please RTFM
#author :jimmyadaro
#link :https://github.com/jimmyadaro/macos-apache-secure-vhost
#version :1.0
#license :Copyright 2018 Jimmy Adaro - MIT License
#notes :Please, do not use this certificates on production environments (and RTFM)
#Usage
usage() {
echo "USAGE: secure-vhost -d yourdomain.local [-f foldername] [-D 365] [-r] [-v]"
echo ""
echo " -d: Domain for your new VirtualHost"
echo " -f: Folder name inside of default XAMPP htdocs folder"
echo " -D: Days until certificate expires"
echo " -r: Restart XAMPP Apache after VirtualHost creation"
echo " -v: Display current variables"
echo ""
echo ""
echo ""
echo " More info: https://github.com/jimmyadaro/macos-apache-secure-vhost"
echo ""
echo ""
echo ""
exit 1;
}
#Options by default
domain="localhost"
folder=$domain
ssl_days=365
restartApache=0
#Edit this variables as you need
hosts_file="/private/etc/hosts"
xampp_path="/Applications/XAMPP"
htdocs_path="$xampp_path/xamppfiles/htdocs"
virtual_hosts_file="$xampp_path/xamppfiles/etc/extra/httpd-vhosts.conf"
secure_vhost_folder="$HOME/Secure-Vhost" #It would be great if you don't change this, but this is Open Source so... Whatever
cert_files_path="$secure_vhost_folder/$domain"
#Show current vars
vars() {
echo "> Current variables:"
echo "> Hosts file: $hosts_file"
echo "> XAMPP path: $xampp_path/"
echo "> htdocs path: $htdocs_path/"
echo "> VirtualHosts config file: $virtual_hosts_file"
echo "> Secure Vhost path: $secure_vhost_folder/"
echo "> Certificates files path: $secure_vhost_folder/yourdomain.local/ (example)" #cert_files_path is not used here because $domain is not defined yet
echo "> Certificates validation days: $ssl_days"
exit 1;
}
#If there is no arguments, show usage
if [[ -z "$1" ]]; then
usage
fi
#Check if the option is flag (starts with)
stop_if_arg_is_flag() {
declare OptionArg="$1" ScriptOption="$2" OptionName="$3"
if [[ "$OptionArg" = "-"* ]]; then
return_fatal_error "$OptionName ($ScriptOption) cannot be a flag (\"$OptionArg\")"
fi
}
#Function for OK situations
return_ok() {
declare ok_message="$1"
echo "OK: $ok_message"
}
#Function for informative situations
return_info() {
declare info_message="$1"
echo "INFO: $info_message"
}
#Function for fatal error situations
return_fatal_error() {
declare error_message="$1"
echo
echo "FATAL ERROR: $error_message"
echo "SHUTTING DOWN"
echo
exit 1
}
#Get the user options
#Default error output is disabled
while getopts ":hd:f:D:rv" OPTIONS; do
case "${OPTIONS}" in
#If there is no arguments, show usage
h)
usage
;;
#If -d has argument (d: means it expects argument)
d)
stop_if_arg_is_flag "$OPTARG" "-d" "Domain" #Returns: echo "FATAL ERROR: Domain (-d) cannot be a flag"
#If is not flag, override previous $domain
domain="$OPTARG"
cert_files_path="$secure_vhost_folder/$domain"
return_info "\"$domain\" has been set to be used as VirtualHost domain"
;;
#If -f has argument (f: means it expects argument)
f)
stop_if_arg_is_flag "$OPTARG" "-f" "Folder" #Returns: echo "FATAL ERROR: Folder (-f) cannot be a flag"
#If is not flag, override previous $folder
folder="$OPTARG"
return_info "\"htdocs/$folder\" has been set to be used as VirtualHost \"DocumentRoot\" and \"Directory\""
;;
#If -D has argument (D: means it expects argument)
D)
stop_if_arg_is_flag "$OPTARG" "-D" "Certificate expiration days" #Returns: echo "FATAL ERROR: Certificate expiration days (-D) cannot be a flag"
#If is not flag, override previous $folder
ssl_days="$OPTARG"
return_info "The certificate will expire in $ssl_days days"
;;
#If -r has argument (r: means it expects argument)
r)
stop_if_arg_is_flag "$OPTARG" "-r" "Restart Apache instruction" #Returns: echo "FATAL ERROR: Restart Apache instruction (-r) cannot be a flag"
#If is not flag, override previous $folder
restartApache=1
return_info "Apache will be automatically restarted after VirtualHost and certificate installation"
;;
#If some option with arguments is empty throw fatal error
:)
return_fatal_error "Option \"-$OPTARG\" requires an argument."
;;
\?)
#Anything that is not 👇 there
# "while getopts :hd:f:D:rv" OPTIONS (...)
#is an error, and its value will be passed to $OPTARG variable
#Example: "$ secure-vhost -c" Since "c" option does not exists, throw fatal error
return_fatal_error "\"-$OPTARG\" is not an available option"
;;
esac
done
#If argument 1 (-d from getopts) is empty throw fatal error
if [ ! "$1" = "-d" ]; then
return_fatal_error "Domain (\"-d\") is required."
fi
#HERE STARTS THE MAIN SECURE-VHOST SCRIPT
#Check if $domain exists in your virtual hosts file
if grep -Fq "$domain:443" $virtual_hosts_file
#If it does, stop everything
then
echo "IMPORTANT: Safe VirtualHost \"$domain:443\" already exists in your configuration file"
echo "> Nothing to do, goodbye! 👋"
exit
else
#Check if $domain exists in your hosts file
if grep -Fq "$domain" $hosts_file
then
echo "INFO: Host \"$domain:443\" exist in hosts file, not creating new entry"
else
echo "INFO: Host \"$domain:443\" does not exist hosts file, creating entry..."
echo "::1 $domain" | sudo tee -a /private/etc/hosts > /dev/null
echo "127.0.0.1 $domain" | sudo tee -a /private/etc/hosts > /dev/null
echo "> Host \"$domain:443\" added to hosts file"
fi
#Check if $folder exists in htdocs directory
if [ ! -d "$htdocs_path/$folder" ]; then
while true; do
read -p "IMPORTANT: "$folder" does not exist inside XAMPP htdocs, do you want to create it? [Y/n] " yn
case $yn in
#Yes, create the folder
[Yy]* )
sudo mkdir $htdocs_path/$folder/
sudo chown -R $USER:admin $htdocs_path/$folder/
echo "> OK! Folder created successfully";
break ;;
#No, do not create the folder
[Nn]* )
break;;
#Other than Yy or Nn
* )
echo "! Please answer yes or no";;
esac
done
fi
#Check if Secure-Vhost folder exists
if [ ! -d "$secure_vhost_folder" ]; then
sudo mkdir $secure_vhost_folder/
echo "INFO: Secure-Vhost folder created in: $secure_vhost_folder/"
fi
# Create directory for cert files
if [ ! -d "$cert_files_path/" ]; then
sudo mkdir $cert_files_path/
echo "INFO: Certificate files folder created in: $cert_files_path/"
else
sudo rm -r $cert_files_path/*
echo "INFO: Old certificates files removed, creating new files..."
fi
# Set current user as owner for certificates folder
sudo chown -R $USER:admin $cert_files_path
# Create cert extension for alt_names ("Common Name")
cert_file_v3_ext=$cert_files_path/v3.ext
touch $cert_file_v3_ext
echo "subjectAltName = @alt_names
[alt_names]
DNS.1 = $domain
DNS.2 = www.$domain" >> $cert_file_v3_ext
# Cert files variables
cert_file_key=$cert_files_path/cert.key
cert_file_csr=$cert_files_path/cert.csr
cert_file_crt=$cert_files_path/cert.crt
# Key
sudo openssl genrsa -out $cert_file_key 2048 &> /dev/null
# CSR
sudo openssl req -new -sha256 -key $cert_file_key -subj "/CN=$domain" -out $cert_file_csr &> /dev/null
# Cert
sudo openssl x509 -req -extfile $cert_file_v3_ext -days $ssl_days -in $cert_file_csr -signkey $cert_file_key -out $cert_file_crt &> /dev/null
return_ok "INFO: Certificate files created and stored in: $cert_files_path/"
# Add the VirtualHost configuration into VH config file
echo "
<VirtualHost $domain:443>
ServerName $domain:443
ServerAlias $domain
DocumentRoot \"$xampp_path/xamppfiles/htdocs/$folder/\"
<Directory \"$xampp_path/xamppfiles/htdocs/$folder/\">
Options All
AllowOverride All
Require all granted
</Directory>
ErrorLog \"logs/$domain-ssl-error.log\"
SSLEngine on
SSLCertificateFile \"$cert_file_crt\"
SSLCertificateKeyFile \"$cert_file_key\"
</VirtualHost>" >> $virtual_hosts_file
echo "> VirtualHost added into your configuration file"
# Add cert to System Keychain
sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain $cert_file_crt
return_ok "Self-signed certificate added to your System keychain"
# Check if Apache should be restarted
if [ $restartApache = 1 ]; then
# Restart Apache
return_ok "XAMPP's Apache is gonna be restarted, this may take a while..."
sudo $xampp_path/xamppfiles/xampp restartapache
return_ok "Done! ✅ You can access now: https://$domain"
else
return_ok "Done! ✅ You must restart XAMPP Apache manually. After it loaded you can access to: https://$domain"
fi
fi