create-secure-site.sh

#!/bin/bash

# Run like:
# sudo create-secure-site.sh site-url
sample_run="sudo create-secure-site.sh <website name e.g. sample-website.local>"
site=$1
site_name=$(echo $site | sed  -E "s/\..*//")
apache_doc_dir=/opt/lampp/htdocs/hidden-laravel-backends/${site_name}/public
#We should make user specify deo as argument to this script. The user must be in the same group with the
#username, so that we can do stuff like `chown deo:deo...`
non_priviledged_owner=deo
old_cwp=$(pwd)

if [ "$USER" != "root" ]
then
  echo 'Script must not be run as root (or with sudo)'
  exit
fi

if [ -z "$site" ]
then
  	echo "You must include a site name. e.g. $sample_run";
	exit
fi

######################################################################
############################# STAGE 1 ################################
######################################################################
#Make SSL certificate
echo -e "Adding/editing ${site}...\nGenerating SSL certificates..."
mkcert_path=/opt/lampp/htdocs/git-collaborations/mkcert
cd $mkcert_path
#When certificate is generated as sudo user, Chrome won't validate it. So we switch to me normal folk.
sudo -u $non_priviledged_owner ./mkcert $site
#Copy the generated certs
find $mkcert_path -iname "$site*" -exec mv -v '{}' /etc/apache2/ssl \;

######################################################################
############################# STAGE 2 ################################
######################################################################
normal_template=$(echo "
<VirtualHost *:80>
        ServerName $site
        ServerAlias www.$site
        ServerAdmin webmaster@localhost
		DocumentRoot ${apache_doc_dir}
        <Directory ${apache_doc_dir}>
                Options Indexes FollowSymLinks MultiViews
                AllowOverride All
                Order allow,deny
                allow from all
        </Directory>
        ErrorLog \${APACHE_LOG_DIR}/error.log
        # Possible values include: debug, info, notice, warn, error, crit,
        # alert, emerg.
        LogLevel warn
        CustomLog \${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
");

ssl_template=$(echo "
<VirtualHost *:443>
		ServerName $site
		DocumentRoot ${apache_doc_dir}
		<Directory ${apache_doc_dir}>
			Options Indexes FollowSymLinks
			AllowOverride All
			Require all granted
			Order allow,deny
			allow from all
		</Directory>

		ErrorLog \${APACHE_LOG_DIR}/error.log
		CustomLog \${APACHE_LOG_DIR}/access.log combined

		SSLEngine on
		SSLCertificateKeyFile	/etc/apache2/ssl/${site}-key.pem
		SSLCertificateFile	/etc/apache2/ssl/${site}.pem

		<FilesMatch \"\.(cgi|shtml|phtml|php)$\">
			SSLOptions +StdEnvVars
		</FilesMatch>
		<Directory /usr/lib/cgi-bin>
			SSLOptions +StdEnvVars
		</Directory>
</VirtualHost>
");

#Add to /etc/apache2/sites-enabled/default-ssl.conf if not there
secure_site_path=/etc/apache2/sites-enabled/default-ssl.conf
if grep -q "$site" "$secure_site_path"
then
	echo "$site already exists in $secure_site_path"
else
	echo "$site does not exist in $secure_site_path. Adding it now..."
	OLD_IFS=$IFS
	IFS=
	echo $ssl_template >> $secure_site_path
	IFS=$OLD_IFS
fi

#Add to /etc/apache2/sites-available/000-default.conf if not there
non_secure_site_path=/etc/apache2/sites-available/000-default.conf
if grep -q "$site" "$non_secure_site_path"
then
	echo "$site already exists in $non_secure_site_path"
else
	echo "$site does not exist in $non_secure_site_path. Adding it now..."
	OLD_IFS=$IFS
	IFS=
	echo $normal_template >> $non_secure_site_path
	IFS=$OLD_IFS
fi

######################################################################
############################# STAGE 3 ################################
######################################################################
#Add to /etc/hosts
host_file_path=/etc/hosts
if grep -q "$site" "$host_file_path"
then
	echo "$site is already listed in ${host_file_path}..."
else
	echo "$site is not listed in ${host_file_path}. Now adding it."
	echo -e "127.0.0.1\t$site" >> $host_file_path
fi

######################################################################
############################# STAGE 4 ################################
######################################################################
if [ -d "$apache_doc_dir" ]
then
	echo The document directory \($apache_doc_dir\) already exists. No need to create it again.
else
	sudo -u $non_priviledged_owner mkdir -vp "$apache_doc_dir"
	chmod -vR 0777 "$apache_doc_dir"
	chown ${non_priviledged_owner}:${non_priviledged_owner} -vR "$apache_doc_dir"
fi


######################################################################
############################# STAGE 5 ################################
######################################################################
cd ${apache_doc_dir}/..
if [ -d .git ]
then
	echo No need to initialize git repo
else
	sudo -u $non_priviledged_owner git init
	sudo -u $non_priviledged_owner git add .
	sudo -u $non_priviledged_owner git commit -m 'First commit'
fi

echo  Returning to $old_cwp
cd $old_cwp
echo "Restating apache..."
service apache2 restart

echo "Done. $site is ready, both on HTTP and HTTPS!"