Last active
December 20, 2015 16:18
-
-
Save arcaartem/6160282 to your computer and use it in GitHub Desktop.
Quick install script for Yubikey Validation Server
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env bash | |
| # Install dependencies | |
| sudo apt-get install git make apache2 php5 php5-curl php-pear postgresql php5-pgsql libapache2-mod-gnutls | |
| read -p "Press [Enter] to continue..." | |
| # Get the latest source code from GitHub | |
| git clone git://github.com/Yubico/yubikey-val.git | |
| cd yubikey-val | |
| git submodule update --init | |
| sudo make install | |
| read -p "Press [Enter] to continue..." | |
| # Initialize database | |
| sudo -u postgres createdb ykval | |
| sudo -u postgres psql ykval < /usr/share/doc/yubikey-val/ykval-db.sql | |
| # Create user for validation interface | |
| sudo -u postgres psql ykval -q -c "CREATE USER ykval_verifier PASSWORD 'ykval_verifierpass##';" | |
| sudo -u postgres psql ykval -q -c "GRANT SELECT,INSERT,UPDATE ON yubikeys TO ykval_verifier;" | |
| sudo -u postgres psql ykval -q -c "GRANT SELECT ON clients TO ykval_verifier;" | |
| sudo -u postgres psql ykval -q -c "GRANT SELECT, INSERT, UPDATE, DELETE ON queue TO ykval_verifier;" | |
| # Setup verify OTP interface | |
| sudo make symlink | |
| read -p "Press [Enter] to continue..." | |
| # Include path configuration | |
| sudo sh -c 'cat > /etc/default/ykval-queue' <<"EOL" | |
| DAEMON_ARGS="/etc/yubico/val:/usr/share/yubikey-val" | |
| EOL | |
| sudo sh -c 'cat > /etc/php5/conf.d/ykval.ini' <<"EOL" | |
| include_path = "/etc/yubico/val:/usr/share/yubikey-val" | |
| EOL | |
| sudo sh -c 'cat > /var/www/wsapi/2.0/.htaccess' <<"EOL" | |
| RewriteEngine on | |
| RewriteRule ^([^/\.\?]+)(\?.*)?$ $1.php$2 [L] | |
| <IfModule mod_php5.c> | |
| php_value include_path ".:/etc/yubico/val:/usr/share/yubikey-val" | |
| </IfModule> | |
| EOL | |
| sudo ln -s 2.0/.htaccess /var/www/wsapi/.htaccess | |
| # yk-val configuration | |
| sudo sh -c 'cat > /etc/yubico/val/config-db.php' << "EOL" | |
| <?php | |
| $dbuser='ykval_verifier'; | |
| $dbpass='ykval_verifierpass##'; | |
| $dbname='ykval'; | |
| $dbtype='pgsql'; | |
| ?> | |
| EOL | |
| sudo sh -c 'cat > /etc/php5/conf.d/ykval.ini' << "EOL" | |
| include_path = "/etc/yubico/val:/usr/share/ykval" | |
| EOL | |
| sudo sh -c 'cat > /etc/apache2/sites-available/ykval' <<"EOL" | |
| <VirtualHost *:80> | |
| ServerName localhost | |
| DocumentRoot /var/www/ | |
| <Directory /> | |
| Options FollowSymLinks | |
| AllowOverride None | |
| </Directory> | |
| <Directory /var/www/> | |
| Options FollowSymLinks | |
| AllowOverride All | |
| Order allow,deny | |
| allow from all | |
| </Directory> | |
| ErrorLog /var/log/apache2/ykval-error.log | |
| LogLevel warn | |
| CustomLog /var/log/apache2/ykval-access.log "%h %l %u %t 6714db4225aec5911774570b52bf39b2a29b8567quot;%r6714db4225aec5911774570b52bf39b2a29b8567quot; %>s %b %D 6714db4225aec5911774570b52bf39b2a29b8567quot;%{Referer}i6714db4225aec5911774570b52bf39b2a29b8567quot; 6714db4225aec5911774570b52bf39b2a29b8567quot;%{User-Agent}i6714db4225aec5911774570b52bf39b2a29b8567quot;" | |
| ServerSignature On | |
| </VirtualHost> | |
| EOL | |
| # HTTPS Support | |
| # You should have certificates at hand | |
| # sudo apt-get install gnutls-bin | |
| sudo a2enmod gnutls | |
| sudo sh -c 'cat > /etc/apache2/sites-available/ykval-ssl' <<"EOL" | |
| Listen 443 | |
| <VirtualHost *:443> | |
| ServerName localhost | |
| GnuTLSEnable on | |
| GnuTLSCertificateFile /etc/ssl/private/localhost-chain.pem | |
| GnuTLSKeyFile /etc/ssl/private/localhost-key.pem | |
| GnuTLSPriorities NORMAL | |
| DocumentRoot /var/www/ | |
| <Directory /> | |
| Options FollowSymLinks | |
| AllowOverride None | |
| </Directory> | |
| <Directory /var/www/> | |
| Options FollowSymLinks | |
| AllowOverride All | |
| Order allow,deny | |
| allow from all | |
| </Directory> | |
| ErrorLog /var/log/apache2/ykval-ssl-error.log | |
| LogLevel warn | |
| CustomLog /var/log/apache2/ykval-ssl-access.log "%h %l %u %t 5d189f9a32e7cb677c488aa7d630daef04ad16a4quot;%r5d189f9a32e7cb677c488aa7d630daef04ad16a4quot; %>s %b %D 5d189f9a32e7cb677c488aa7d630daef04ad16a4quot;%{Referer}i5d189f9a32e7cb677c488aa7d630daef04ad16a4quot; 5d189f9a32e7cb677c488aa7d630daef04ad16a4quot;%{User-Agent}i5d189f9a32e7cb677c488aa7d630daef04ad16a4quot;" | |
| ServerSignature On | |
| </VirtualHost> | |
| EOL | |
| sudo a2enmod rewrite | |
| sudo a2dissite default | |
| sudo a2ensite ykval ykval-ssl | |
| sudo /etc/init.d/apache2 restart | |
| # Logging | |
| sudo sh -c 'cat > /etc/rsyslog.d/ykval.conf' << "EOL" | |
| local0.* -/var/log/ykval.log | |
| EOL | |
| sudo /etc/init.d/rsyslog restart | |
| sudo sh -c 'cat > /etc/logrotate.d/ykval' << "EOL" | |
| /var/log/ykval.log { | |
| weekly | |
| dateext | |
| compress | |
| missingok | |
| rotate 9999 | |
| notifempty | |
| postrotate | |
| invoke-rc.d rsyslog reload > /dev/null | |
| endscript | |
| } | |
| EOL | |
| cd - |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment