Last active
January 20, 2021 02:10
-
-
Save frank-bg/fc7f4a746c55204ca113caf27d57c85e to your computer and use it in GitHub Desktop.
lamp installation based on homestead settler
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env bash | |
function isRoot() { | |
if [ "$EUID" -ne 0 ]; then | |
return 1 | |
fi | |
} | |
if ! isRoot; then | |
echo "Sorry, you need to run this as root" | |
exit 1 | |
fi | |
if [ "x$1" == "x" ] | |
then | |
echo "Error: missing required parameter." | |
echo "Usage: " | |
echo " $0 username " | |
exit 0 | |
fi | |
if ! id -u "$1" >/dev/null 2>&1; | |
then | |
echo "Error: user not exists in system." | |
exit 0 | |
fi | |
USERNAME=$1 | |
# Install Some PPAs | |
apt-get install -y software-properties-common curl | |
apt-add-repository ppa:nginx/development -y | |
apt-add-repository ppa:ondrej/php -y | |
apt-add-repository ppa:chris-lea/redis-server -y | |
# Install Some Basic Packages | |
apt-get install -y build-essential dos2unix gcc git libmcrypt4 libpcre3-dev libpng-dev chrony unzip make python2.7-dev \ | |
python-pip re2c supervisor unattended-upgrades whois vim libnotify-bin pv cifs-utils mcrypt bash-completion zsh \ | |
graphviz avahi-daemon tshark imagemagick | |
# Set My Timezone | |
ln -sf /usr/share/zoneinfo/UTC /etc/localtime | |
# Install Generic PHP packages | |
apt-get install -y --allow-change-held-packages \ | |
php-imagick php-memcached php-redis php-xdebug php-dev | |
# PHP 7.4 | |
apt-get install -y --allow-change-held-packages \ | |
php7.4 php7.4-bcmath php7.4-bz2 php7.4-cgi php7.4-cli php7.4-common php7.4-curl php7.4-dba php7.4-dev \ | |
php7.4-enchant php7.4-fpm php7.4-gd php7.4-gmp php7.4-imap php7.4-interbase php7.4-intl php7.4-json php7.4-ldap \ | |
php7.4-mbstring php7.4-mysql php7.4-odbc php7.4-opcache php7.4-pgsql php7.4-phpdbg php7.4-pspell php7.4-readline \ | |
php7.4-snmp php7.4-soap php7.4-sqlite3 php7.4-sybase php7.4-tidy php7.4-xml php7.4-xmlrpc php7.4-xsl php7.4-zip | |
# PHP 5.6 | |
apt-get install -y --allow-change-held-packages \ | |
php5.6-bcmath php5.6-bz2 php5.6-cgi php5.6-cli php5.6-common php5.6-curl php5.6-dba php5.6-dev php5.6-enchant \ | |
php5.6-fpm php5.6-gd php5.6-gmp php5.6-imap php5.6-interbase php5.6-intl php5.6-json php5.6-ldap php5.6-mbstring \ | |
php5.6-mcrypt php5.6-mysql php5.6-odbc php5.6-opcache php5.6-pgsql php5.6-phpdbg php5.6-pspell php5.6-readline \ | |
php5.6-recode php5.6-snmp php5.6-soap php5.6-sqlite3 php5.6-sybase php5.6-tidy php5.6-xml php5.6-xmlrpc php5.6-xsl \ | |
php5.6-zip | |
update-alternatives --set php /usr/bin/php7.4 | |
update-alternatives --set php-config /usr/bin/php-config7.4 | |
update-alternatives --set phpize /usr/bin/phpize7.4 | |
# Install Composer | |
curl -sS https://getcomposer.org/installer | php | |
mv composer.phar /usr/local/bin/composer | |
# Set Some PHP CLI Settings | |
sudo sed -i "s/error_reporting = .*/error_reporting = E_ALL/" /etc/php/7.4/cli/php.ini | |
sudo sed -i "s/display_errors = .*/display_errors = On/" /etc/php/7.4/cli/php.ini | |
sudo sed -i "s/memory_limit = .*/memory_limit = 512M/" /etc/php/7.4/cli/php.ini | |
sudo sed -i "s/;date.timezone.*/date.timezone = UTC/" /etc/php/7.4/cli/php.ini | |
sudo sed -i "s/error_reporting = .*/error_reporting = E_ALL/" /etc/php/5.6/cli/php.ini | |
sudo sed -i "s/display_errors = .*/display_errors = On/" /etc/php/5.6/cli/php.ini | |
sudo sed -i "s/memory_limit = .*/memory_limit = 512M/" /etc/php/5.6/cli/php.ini | |
sudo sed -i "s/;date.timezone.*/date.timezone = UTC/" /etc/php/5.6/cli/php.ini | |
# Setup Some PHP-FPM Options | |
echo "xdebug.remote_enable = 1" >> /etc/php/7.4/mods-available/xdebug.ini | |
echo "xdebug.remote_connect_back = 1" >> /etc/php/7.4/mods-available/xdebug.ini | |
echo "xdebug.remote_port = 9000" >> /etc/php/7.4/mods-available/xdebug.ini | |
echo "xdebug.max_nesting_level = 512" >> /etc/php/7.4/mods-available/xdebug.ini | |
echo "opcache.revalidate_freq = 0" >> /etc/php/7.4/mods-available/opcache.ini | |
echo "xdebug.remote_enable = 1" >> /etc/php/5.6/mods-available/xdebug.ini | |
echo "xdebug.remote_connect_back = 1" >> /etc/php/5.6/mods-available/xdebug.ini | |
echo "xdebug.remote_port = 9000" >> /etc/php/5.6/mods-available/xdebug.ini | |
echo "xdebug.max_nesting_level = 512" >> /etc/php/5.6/mods-available/xdebug.ini | |
echo "opcache.revalidate_freq = 0" >> /etc/php/5.6/mods-available/opcache.ini | |
sed -i "s/error_reporting = .*/error_reporting = E_ALL/" /etc/php/7.4/fpm/php.ini | |
sed -i "s/display_errors = .*/display_errors = On/" /etc/php/7.4/fpm/php.ini | |
sed -i "s/;cgi.fix_pathinfo=1/cgi.fix_pathinfo=0/" /etc/php/7.4/fpm/php.ini | |
sed -i "s/memory_limit = .*/memory_limit = 512M/" /etc/php/7.4/fpm/php.ini | |
sed -i "s/upload_max_filesize = .*/upload_max_filesize = 100M/" /etc/php/7.4/fpm/php.ini | |
sed -i "s/post_max_size = .*/post_max_size = 100M/" /etc/php/7.4/fpm/php.ini | |
sed -i "s/;date.timezone.*/date.timezone = UTC/" /etc/php/7.4/fpm/php.ini | |
printf "[openssl]\n" | tee -a /etc/php/7.4/fpm/php.ini | |
printf "openssl.cainfo = /etc/ssl/certs/ca-certificates.crt\n" | tee -a /etc/php/7.4/fpm/php.ini | |
printf "[curl]\n" | tee -a /etc/php/7.4/fpm/php.ini | |
printf "curl.cainfo = /etc/ssl/certs/ca-certificates.crt\n" | tee -a /etc/php/7.4/fpm/php.ini | |
sed -i "s/error_reporting = .*/error_reporting = E_ALL/" /etc/php/5.6/fpm/php.ini | |
sed -i "s/display_errors = .*/display_errors = On/" /etc/php/5.6/fpm/php.ini | |
sed -i "s/;cgi.fix_pathinfo=1/cgi.fix_pathinfo=0/" /etc/php/5.6/fpm/php.ini | |
sed -i "s/memory_limit = .*/memory_limit = 512M/" /etc/php/5.6/fpm/php.ini | |
sed -i "s/upload_max_filesize = .*/upload_max_filesize = 100M/" /etc/php/5.6/fpm/php.ini | |
sed -i "s/post_max_size = .*/post_max_size = 100M/" /etc/php/5.6/fpm/php.ini | |
sed -i "s/;date.timezone.*/date.timezone = UTC/" /etc/php/5.6/fpm/php.ini | |
printf "[openssl]\n" | tee -a /etc/php/5.6/fpm/php.ini | |
printf "openssl.cainfo = /etc/ssl/certs/ca-certificates.crt\n" | tee -a /etc/php/5.6/fpm/php.ini | |
printf "[curl]\n" | tee -a /etc/php/5.6/fpm/php.ini | |
printf "curl.cainfo = /etc/ssl/certs/ca-certificates.crt\n" | tee -a /etc/php/5.6/fpm/php.ini | |
# Disable XDebug On The CLI | |
sudo phpdismod -s cli xdebug | |
# Set The PHP-FPM User | |
sed -i "s/user = www-data/user = $USERNAME/" /etc/php/7.4/fpm/pool.d/www.conf | |
sed -i "s/group = www-data/group = $USERNAME/" /etc/php/7.4/fpm/pool.d/www.conf | |
sed -i "s/listen\.owner.*/listen.owner = $USERNAME/" /etc/php/7.4/fpm/pool.d/www.conf | |
sed -i "s/listen\.group.*/listen.group = $USERNAME/" /etc/php/7.4/fpm/pool.d/www.conf | |
sed -i "s/;listen\.mode.*/listen.mode = 0666/" /etc/php/7.4/fpm/pool.d/www.conf | |
sed -i "s/user = www-data/user = $USERNAME/" /etc/php/5.6/fpm/pool.d/www.conf | |
sed -i "s/group = www-data/group = $USERNAME/" /etc/php/5.6/fpm/pool.d/www.conf | |
sed -i "s/listen\.owner.*/listen.owner = $USERNAME/" /etc/php/5.6/fpm/pool.d/www.conf | |
sed -i "s/listen\.group.*/listen.group = $USERNAME/" /etc/php/5.6/fpm/pool.d/www.conf | |
sed -i "s/;listen\.mode.*/listen.mode = 0666/" /etc/php/5.6/fpm/pool.d/www.conf | |
service php7.4-fpm restart | |
service php5.6-fpm restart | |
usermod -a -G www-data $USERNAME | |
# Install & Configure MailHog | |
wget --quiet -O /usr/local/bin/mailhog https://github.com/mailhog/MailHog/releases/download/v0.2.1/MailHog_linux_amd64 | |
chmod +x /usr/local/bin/mailhog | |
sudo tee /etc/systemd/system/mailhog.service <<EOL | |
[Unit] | |
Description=Mailhog | |
After=network.target | |
[Service] | |
User=$USERNAME | |
ExecStart=/usr/bin/env /usr/local/bin/mailhog > /dev/null 2>&1 & | |
[Install] | |
WantedBy=multi-user.target | |
EOL | |
systemctl daemon-reload | |
systemctl enable mailhog | |
# Delete obsolete networking | |
apt-get -y purge ppp pppconfig pppoeconf | |
# Delete oddities | |
apt-get -y purge popularity-contest installation-report command-not-found command-not-found-data friendly-recovery \ | |
fonts-ubuntu-font-family-console laptop-detect | |
apt-get -y autoremove; | |
apt-get -y clean; | |
# Install Apache | |
export DEBIAN_FRONTEND=noninteractive | |
apt-get install -y apache2 php5.6-cgi php7.4-cgi libapache2-mod-fcgid | |
sed -i "s/www-data/$USERNAME/" /etc/apache2/envvars | |
# Enable FPM | |
sudo a2enconf php5.6-fpm | |
sudo a2enconf php7.4-fpm | |
# Assume user wants mode_rewrite support | |
sudo a2enmod rewrite | |
# Turn on HTTPS support | |
sudo a2enmod ssl | |
# Turn on proxy & fcgi | |
sudo a2enmod proxy proxy_fcgi | |
# Turn on headers support | |
sudo a2enmod headers actions alias | |
# Add Mutex to config to prevent auto restart issues | |
if [ -z "$(grep '^Mutex posixsem$' /etc/apache2/apache2.conf)" ] | |
then | |
echo 'Mutex posixsem' | sudo tee -a /etc/apache2/apache2.conf | |
fi | |
service apache2 restart | |
service php5.6-fpm restart | |
service php7.4-fpm restart | |
service apache2 reload | |
# Install MariaDB | |
# Disable Apparmor | |
# See https://github.com/laravel/homestead/issues/629#issue-247524528 | |
sudo service apparmor stop | |
sudo service apparmor teardown | |
sudo update-rc.d -f apparmor remove | |
# Remove MySQL | |
apt-get remove -y --purge mysql-server mysql-client mysql-common | |
apt-get autoremove -y | |
apt-get autoclean | |
rm -rf /var/lib/mysql | |
rm -rf /var/log/mysql | |
rm -rf /etc/mysql | |
# Add Maria PPA | |
sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 0xF1656F24C74CD1D8 | |
sudo add-apt-repository "deb [arch=amd64,ppc64el] http://ftp.osuosl.org/pub/mariadb/repo/10.3/ubuntu $(lsb_release -cs) main" | |
apt-get update | |
# Set The Automated Root Password | |
export DEBIAN_FRONTEND=noninteractive | |
debconf-set-selections <<< "mariadb-server mysql-server/data-dir select ''" | |
debconf-set-selections <<< "mariadb-server mysql-server/root_password password secret" | |
debconf-set-selections <<< "mariadb-server mysql-server/root_password_again password secret" | |
# Install MariaDB | |
apt-get install -y mariadb-server | |
# Configure Maria Remote Access and ignore db dirs | |
cat > /etc/mysql/conf.d/mysql.cnf << EOF | |
[mysqld] | |
bind-address = 0.0.0.0 | |
ignore-db-dir = lost+found | |
sql-mode="" | |
EOF | |
export MYSQL_PWD=secret | |
mysql --user="root" -e "GRANT ALL ON *.* TO root@'0.0.0.0' IDENTIFIED BY 'secret' WITH GRANT OPTION;" | |
service mysql restart | |
mysql --user="root" -e "CREATE USER IF NOT EXISTS 'homestead'@'0.0.0.0' IDENTIFIED BY 'secret';" | |
mysql --user="root" -e "GRANT ALL ON *.* TO 'homestead'@'0.0.0.0' IDENTIFIED BY 'secret' WITH GRANT OPTION;" | |
mysql --user="root" -e "GRANT ALL ON *.* TO 'homestead'@'%' IDENTIFIED BY 'secret' WITH GRANT OPTION;" | |
mysql --user="root" -e "FLUSH PRIVILEGES;" | |
service mysql restart | |
mysql_upgrade --user="root" --verbose --force | |
service mysql restart | |
unset MYSQL_PWD | |
# Remove any Homestead entries from /etc/hosts and prepare for adding new ones. | |
sudo sed -i '/#### HOMESTEAD-SITES-BEGIN/,/#### HOMESTEAD-SITES-END/d' /etc/hosts | |
printf "#### HOMESTEAD-SITES-BEGIN\n#### HOMESTEAD-SITES-END\n" | sudo tee -a /etc/hosts > /dev/null | |
# dir for SSL certs | |
mkdir -p /etc/nginx/ssl 2>/dev/null | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env bash | |
function isRoot() { | |
if [ "$EUID" -ne 0 ]; then | |
return 1 | |
fi | |
} | |
if ! isRoot; then | |
echo "Sorry, you need to run this as root" | |
exit 1 | |
fi | |
if [ "x$1" == "x" ] || [ "x$2" == "x" ] || [ "x$3" == "x" ] || [ "x$4" == "x" ] || [ "x$5" == "x" ] | |
then | |
echo "Error: missing required parameter." | |
echo "Usage: " | |
echo " $0 domain directory http_port https_port php_version " | |
exit 0 | |
fi | |
declare -A params=$6 # Create an associative array | |
declare -A headers=${9} # Create an associative array | |
paramsTXT="" | |
if [ -n "$6" ]; then | |
for element in "${!params[@]}" | |
do | |
paramsTXT="${paramsTXT} | |
SetEnv ${element} \"${params[$element]}\"" | |
done | |
fi | |
headersTXT="" | |
if [ -n "${9}" ]; then | |
for element in "${!headers[@]}" | |
do | |
headersTXT="${headersTXT} | |
Header always set ${element} \"${headers[$element]}\"" | |
done | |
fi | |
export DEBIAN_FRONTEND=noninteractive | |
block="<VirtualHost *:$3> | |
ServerAdmin webmaster@localhost | |
ServerName $1 | |
ServerAlias www.$1 | |
DocumentRoot "$2" | |
$paramsTXT | |
$headersTXT | |
<Directory "$2"> | |
AllowOverride All | |
Require all granted | |
</Directory> | |
<IfModule mod_fastcgi.c> | |
AddHandler php"$5"-fcgi .php | |
Action php"$5"-fcgi /php"$5"-fcgi | |
Alias /php"$5"-fcgi /usr/lib/cgi-bin/php"$5" | |
FastCgiExternalServer /usr/lib/cgi-bin/php"$5" -socket /var/run/php/php"$5"-fpm.sock -pass-header Authorization | |
</IfModule> | |
<IfModule !mod_fastcgi.c> | |
<IfModule mod_proxy_fcgi.c> | |
<FilesMatch \".+\.ph(ar|p|tml)$\"> | |
SetHandler \"proxy:unix:/var/run/php/php"$5"-fpm.sock|fcgi://localhost\" | |
</FilesMatch> | |
</IfModule> | |
</IfModule> | |
#LogLevel info ssl:warn | |
ErrorLog \${APACHE_LOG_DIR}/$1-error.log | |
CustomLog \${APACHE_LOG_DIR}/$1-access.log combined | |
#Include conf-available/serve-cgi-bin.conf | |
</VirtualHost> | |
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet | |
" | |
echo "$block" > "/etc/apache2/sites-available/$1.conf" | |
ln -fs "/etc/apache2/sites-available/$1.conf" "/etc/apache2/sites-enabled/$1.conf" | |
blockssl="<IfModule mod_ssl.c> | |
<VirtualHost *:$4> | |
ServerAdmin webmaster@localhost | |
ServerName $1 | |
ServerAlias www.$1 | |
DocumentRoot "$2" | |
$paramsTXT | |
<Directory "$2"> | |
AllowOverride All | |
Require all granted | |
</Directory> | |
#LogLevel info ssl:warn | |
ErrorLog \${APACHE_LOG_DIR}/$1-error.log | |
CustomLog \${APACHE_LOG_DIR}/$1-access.log combined | |
#Include conf-available/serve-cgi-bin.conf | |
# SSL Engine Switch: | |
# Enable/Disable SSL for this virtual host. | |
SSLEngine on | |
#SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem | |
#SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key | |
SSLCertificateFile /etc/nginx/ssl/$1.crt | |
SSLCertificateKeyFile /etc/nginx/ssl/$1.key | |
#SSLCertificateChainFile /etc/apache2/ssl.crt/server-ca.crt | |
#SSLCACertificatePath /etc/ssl/certs/ | |
#SSLCACertificateFile /etc/apache2/ssl.crt/ca-bundle.crt | |
#SSLCARevocationPath /etc/apache2/ssl.crl/ | |
#SSLCARevocationFile /etc/apache2/ssl.crl/ca-bundle.crl | |
#SSLVerifyClient require | |
#SSLVerifyDepth 10 | |
<FilesMatch \"\.(cgi|shtml|phtml|php)$\"> | |
SSLOptions +StdEnvVars | |
</FilesMatch> | |
<Directory /usr/lib/cgi-bin> | |
SSLOptions +StdEnvVars | |
</Directory> | |
<IfModule mod_fastcgi.c> | |
AddHandler php"$5"-fcgi .php | |
Action php"$5"-fcgi /php"$5"-fcgi | |
Alias /php"$5"-fcgi /usr/lib/cgi-bin/php"$5" | |
FastCgiExternalServer /usr/lib/cgi-bin/php"$5" -socket /var/run/php/php"$5"-fpm.sock -pass-header Authorization | |
</IfModule> | |
<IfModule !mod_fastcgi.c> | |
<IfModule mod_proxy_fcgi.c> | |
<FilesMatch \".+\.ph(ar|p|tml)$\"> | |
SetHandler \"proxy:unix:/var/run/php/php"$5"-fpm.sock|fcgi://localhost/\" | |
</FilesMatch> | |
</IfModule> | |
</IfModule> | |
BrowserMatch \"MSIE [2-6]\" \ | |
nokeepalive ssl-unclean-shutdown \ | |
downgrade-1.0 force-response-1.0 | |
# MSIE 7 and newer should be able to use keepalive | |
BrowserMatch \"MSIE [17-9]\" ssl-unclean-shutdown | |
</VirtualHost> | |
</IfModule> | |
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet | |
" | |
echo "$blockssl" > "/etc/apache2/sites-available/$1-ssl.conf" | |
ln -fs "/etc/apache2/sites-available/$1-ssl.conf" "/etc/apache2/sites-enabled/$1-ssl.conf" | |
# Generate cert | |
PATH_SSL="/etc/nginx/ssl" | |
# Path to the custom Homestead $(hostname) Root CA certificate. | |
PATH_ROOT_CNF="${PATH_SSL}/ca.homestead.$(hostname).cnf" | |
PATH_ROOT_CRT="${PATH_SSL}/ca.homestead.$(hostname).crt" | |
PATH_ROOT_KEY="${PATH_SSL}/ca.homestead.$(hostname).key" | |
# Path to the custom site certificate. | |
PATH_CNF="${PATH_SSL}/${1}.cnf" | |
PATH_CRT="${PATH_SSL}/${1}.crt" | |
PATH_CSR="${PATH_SSL}/${1}.csr" | |
PATH_KEY="${PATH_SSL}/${1}.key" | |
BASE_CNF=" | |
[ ca ] | |
default_ca = ca_homestead_$(hostname) | |
[ ca_homestead_$(hostname) ] | |
dir = $PATH_SSL | |
certs = $PATH_SSL | |
new_certs_dir = $PATH_SSL | |
private_key = $PATH_ROOT_KEY | |
certificate = $PATH_ROOT_CRT | |
default_md = sha256 | |
name_opt = ca_default | |
cert_opt = ca_default | |
default_days = 365 | |
preserve = no | |
policy = policy_loose | |
[ policy_loose ] | |
countryName = optional | |
stateOrProvinceName = optional | |
localityName = optional | |
organizationName = optional | |
organizationalUnitName = optional | |
commonName = supplied | |
emailAddress = optional | |
[ req ] | |
prompt = no | |
encrypt_key = no | |
default_bits = 2048 | |
distinguished_name = req_distinguished_name | |
string_mask = utf8only | |
default_md = sha256 | |
x509_extensions = v3_ca | |
[ v3_ca ] | |
authorityKeyIdentifier = keyid,issuer | |
basicConstraints = critical, CA:true, pathlen:0 | |
keyUsage = critical, digitalSignature, keyCertSign | |
subjectKeyIdentifier = hash | |
[ server_cert ] | |
authorityKeyIdentifier = keyid,issuer:always | |
basicConstraints = CA:FALSE | |
extendedKeyUsage = serverAuth | |
keyUsage = critical, digitalSignature, keyEncipherment | |
subjectAltName = @alternate_names | |
subjectKeyIdentifier = hash | |
" | |
# Only generate the root certificate when there isn't one already there. | |
if [ ! -f $PATH_ROOT_CNF ] || [ ! -f $PATH_ROOT_KEY ] || [ ! -f $PATH_ROOT_CRT ] | |
then | |
# Generate an OpenSSL configuration file specifically for this certificate. | |
cnf=" | |
${BASE_CNF} | |
[ req_distinguished_name ] | |
O = Vagrant | |
C = UN | |
CN = Homestead $(hostname) Root CA | |
" | |
echo "$cnf" > $PATH_ROOT_CNF | |
# Finally, generate the private key and certificate. | |
openssl genrsa -out "$PATH_ROOT_KEY" 4096 2>/dev/null | |
openssl req -config "$PATH_ROOT_CNF" \ | |
-key "$PATH_ROOT_KEY" \ | |
-x509 -new -extensions v3_ca -days 3650 -sha256 \ | |
-out "$PATH_ROOT_CRT" 2>/dev/null | |
# Symlink ca to local certificate storage and run update command | |
ln --force --symbolic $PATH_ROOT_CRT /usr/local/share/ca-certificates/ | |
update-ca-certificates | |
fi | |
# Only generate a certificate if there isn't one already there. | |
if [ ! -f $PATH_CNF ] || [ ! -f $PATH_KEY ] || [ ! -f $PATH_CRT ] | |
then | |
# Uncomment the global 'copy_extentions' OpenSSL option to ensure the SANs are copied into the certificate. | |
sed -i '/copy_extensions\ =\ copy/s/^#\ //g' /etc/ssl/openssl.cnf | |
# Generate an OpenSSL configuration file specifically for this certificate. | |
cnf=" | |
${BASE_CNF} | |
[ req_distinguished_name ] | |
O = Vagrant | |
C = UN | |
CN = $1 | |
[ alternate_names ] | |
DNS.1 = $1 | |
DNS.2 = *.$1 | |
" | |
echo "$cnf" > $PATH_CNF | |
# Finally, generate the private key and certificate signed with the Homestead $(hostname) Root CA. | |
openssl genrsa -out "$PATH_KEY" 2048 2>/dev/null | |
openssl req -config "$PATH_CNF" \ | |
-key "$PATH_KEY" \ | |
-new -sha256 -out "$PATH_CSR" 2>/dev/null | |
openssl x509 -req -extfile "$PATH_CNF" \ | |
-extensions server_cert -days 365 -sha256 \ | |
-in "$PATH_CSR" \ | |
-CA "$PATH_ROOT_CRT" -CAkey "$PATH_ROOT_KEY" -CAcreateserial \ | |
-out "$PATH_CRT" 2>/dev/null | |
fi | |
# Add new IP-host pair to /etc/hosts. | |
IP='127.0.0.1' | |
HOSTNAME=$1 | |
if [ -n "$(grep [^\.]$HOSTNAME /etc/hosts)" ] | |
then | |
echo "$HOSTNAME already exists:"; | |
echo $(grep [^\.]$HOSTNAME /etc/hosts); | |
else | |
sudo sed -i "/#### HOMESTEAD-SITES-BEGIN/c\#### HOMESTEAD-SITES-BEGIN\\n$IP\t$HOSTNAME" /etc/hosts | |
if ! [ -n "$(grep [^\.]$HOSTNAME /etc/hosts)" ] | |
then | |
echo "Failed to Add $HOSTNAME, Try again!"; | |
fi | |
fi | |
service apache2 restart | |
service php"$5"-fpm restart | |
service apache2 reload | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment