jeffbrl · May 31, 2023 18:18
diff --git a/user-data.sh b/user-data.sh
 #!/bin/bash

 domain=example.com
 commonname=example.com

 country=US
 state=Virginia
 locality=Leesburg
 organization=ExampleCo
 organizationalunit=IT
 [email protected]
 password=dummypassword

 apt-get -y update
 apt-get install -y apache2


 # workaround to prevent openssl error
 touch $HOME/.rnd

 echo "Generating key request for $domain"

 # This will generate error about RND file; ignore
 openssl req -x509 -nodes -days 365 -newkey rsa:2048 \
   -keyout /tmp/$domain.key \
   -out /etc/ssl/certs/$domain.crt \
   -subj "/C=$country/ST=$state/L=$locality/O=$organization/OU=$organizationalunit/CN=$commonname/emailAddress=$email"

 #Remove passphrase from the key
 echo "Removing passphrase from key"
 openssl rsa -in /tmp/$domain.key -passin pass:$password -out /etc/ssl/private/$domain.key

 cat << EOF > /etc/apache2/sites-available/default-ssl.conf
 <IfModule mod_ssl.c>
        <VirtualHost _default_:443>
                ServerAdmin webmaster@$domain
                ServerName $domain

                DocumentRoot /var/www/html

                ErrorLog ${APACHE_LOG_DIR}/error.log
                CustomLog ${APACHE_LOG_DIR}/access.log combined

                SSLEngine on

                SSLCertificateFile      /etc/ssl/certs/$domain.crt
                SSLCertificateKeyFile /etc/ssl/private/$domain.key

                <FilesMatch "\.(cgi|shtml|phtml|php)$">
                                SSLOptions +StdEnvVars
                </FilesMatch>
                <Directory /usr/lib/cgi-bin>
                                SSLOptions +StdEnvVars
                </Directory>
        </VirtualHost>
 </IfModule>
 EOF

 cat  << EOF > /etc/apache2/sites-available/000-default.conf
 <VirtualHost *:80>

        ServerName $domain
        ServerAdmin webmaster@$domain
        DocumentRoot /var/www/html
        Redirect permanent "/" "https://$domain/"
        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined

 </VirtualHost>

 EOF

 echo `hostname` > /var/www/html/index.html
 echo '<br><br>' >> /var/www/html/index.html
 # create ~ 12K of random text
 base64 /dev/urandom | head -c 1000 >> /var/www/html/index.html


 # apachectl configtest
 a2enmod ssl
 a2ensite default-ssl
 systemctl restart apache2.service
	#!/bin/bash

	domain=example.com
	commonname=example.com

	country=US
	state=Virginia
	locality=Leesburg
	organization=ExampleCo
	organizationalunit=IT
	[email protected]
	password=dummypassword

	apt-get -y update
	apt-get install -y apache2


	# workaround to prevent openssl error
	touch $HOME/.rnd

	echo "Generating key request for $domain"

	# This will generate error about RND file; ignore
	openssl req -x509 -nodes -days 365 -newkey rsa:2048 \
	-keyout /tmp/$domain.key \
	-out /etc/ssl/certs/$domain.crt \
	-subj "/C=$country/ST=$state/L=$locality/O=$organization/OU=$organizationalunit/CN=$commonname/emailAddress=$email"

	#Remove passphrase from the key
	echo "Removing passphrase from key"
	openssl rsa -in /tmp/$domain.key -passin pass:$password -out /etc/ssl/private/$domain.key

	cat << EOF > /etc/apache2/sites-available/default-ssl.conf
	<IfModule mod_ssl.c>
	<VirtualHost _default_:443>
	ServerAdmin webmaster@$domain
	ServerName $domain

	DocumentRoot /var/www/html

	ErrorLog ${APACHE_LOG_DIR}/error.log
	CustomLog ${APACHE_LOG_DIR}/access.log combined

	SSLEngine on

	SSLCertificateFile /etc/ssl/certs/$domain.crt
	SSLCertificateKeyFile /etc/ssl/private/$domain.key

	<FilesMatch "\.(cgi\|shtml\|phtml\|php)$">
	SSLOptions +StdEnvVars
	</FilesMatch>
	<Directory /usr/lib/cgi-bin>
	SSLOptions +StdEnvVars
	</Directory>
	</VirtualHost>
	</IfModule>
	EOF

	cat << EOF > /etc/apache2/sites-available/000-default.conf
	<VirtualHost *:80>

	ServerName $domain
	ServerAdmin webmaster@$domain
	DocumentRoot /var/www/html
	Redirect permanent "/" "https://$domain/"
	ErrorLog ${APACHE_LOG_DIR}/error.log
	CustomLog ${APACHE_LOG_DIR}/access.log combined

	</VirtualHost>

	EOF

	echo `hostname` > /var/www/html/index.html
	echo '<br><br>' >> /var/www/html/index.html
	# create ~ 12K of random text
	base64 /dev/urandom \| head -c 1000 >> /var/www/html/index.html


	# apachectl configtest
	a2enmod ssl
	a2ensite default-ssl
	systemctl restart apache2.service