diff options
author | Sean Whitton <spwhitton@spwhitton.name> | 2021-06-25 09:21:06 -0700 |
---|---|---|
committer | Sean Whitton <spwhitton@spwhitton.name> | 2021-06-25 16:10:57 -0700 |
commit | 35d1b56ce8f26f0de78db47d5ff2e9b07fac5ebd (patch) | |
tree | 629024e7ee53d2f3a7fa978f33302452e9455890 /src/property/apache.lisp | |
parent | 4d7fd7511109d004a515af618867a151ec3be1f2 (diff) | |
download | consfigurator-35d1b56ce8f26f0de78db47d5ff2e9b07fac5ebd.tar.gz |
APACHE:HTTPS-VHOST: add application of NETWORK:ALIASES
Signed-off-by: Sean Whitton <spwhitton@spwhitton.name>
Diffstat (limited to 'src/property/apache.lisp')
-rw-r--r-- | src/property/apache.lisp | 97 |
1 files changed, 49 insertions, 48 deletions
diff --git a/src/property/apache.lisp b/src/property/apache.lisp index 187fd50..5cd2564 100644 --- a/src/property/apache.lisp +++ b/src/property/apache.lisp @@ -83,7 +83,7 @@ `(%site-enabled ,domain)) (reloaded)))) -(defproplist https-vhost :posix +(defpropspec https-vhost :posix (domain htdocs agree-tos &key aliases additional-config additional-config-https) "Configure an HTTPS Apache virtual host using a Let's Encrypt certificate. @@ -96,50 +96,51 @@ HTTPS virtual hosts; ADDITIONAL-CONFIG-HTTPS are additional lines to be added only to the HTTPS virtual host. Unapplying removes the Apache site config but leaves the certificate behind." - (with-unapply - (mod-enabled "ssl") - (conf-enabled "stapling" - '("SSLStaplingCache shmcb:/tmp/stapling_cache(128000)")) - (mod-enabled "rewrite") - (site-enabled - domain - (let ((initial `(,(strcat "DocumentRoot " htdocs) - "ErrorLog /var/log/apache2/error.log" - "LogLevel warn" - "CustomLog /var/log/apache2/access.log combined" - "ServerSignature on"))) - `(,(strcat "<IfFile " (unix-namestring - (lets-encrypt:certificate-for domain)) - ">") - "<VirtualHost *:443>" - ,(strcat "ServerName " domain ":443") - ,@(loop for alias in aliases collect (strcat "ServerAlias " alias)) - ,@initial - "SSLEngine on" - ,(strcat "SSLCertificateFile " - (unix-namestring (lets-encrypt:certificate-for domain))) - ,(strcat "SSLCertificateKeyFile " - (unix-namestring (lets-encrypt:privkey-for domain))) - ,(strcat "SSLCertificateChainFile " - (unix-namestring (lets-encrypt:chain-for domain))) - "SSLUseStapling on" - ,@additional-config - ,@additional-config-https - "</VirtualHost>" "</IfFile>" - ,@(loop for name in (cons domain aliases) append - `("" - "<VirtualHost *:80>" - ,(strcat "ServerName " name ":80") - ,@initial - "RewriteEngine On" - "RewriteRule ^/.well-known/(.*) - [L]" - ;; redirect everything else to https - ,(strcat "RewriteRule ^/(.*) https://" name "/$1 [L,R,NE]") - ,@additional-config - "</VirtualHost>"))))) - (on-change - (lets-encrypt:certificate-obtained agree-tos htdocs domain aliases) - (reloaded)) - :unapply - (unapply (site-enabled domain)) - (unapply (site-available domain "")))) + `(with-unapply + (network:aliases ,domain ,@aliases) + (mod-enabled "ssl") + (conf-enabled "stapling" + ("SSLStaplingCache shmcb:/tmp/stapling_cache(128000)")) + (mod-enabled "rewrite") + (site-enabled + ,domain + ,(let ((initial `(,(strcat "DocumentRoot " htdocs) + "ErrorLog /var/log/apache2/error.log" + "LogLevel warn" + "CustomLog /var/log/apache2/access.log combined" + "ServerSignature on"))) + `(,(strcat "<IfFile " (unix-namestring + (lets-encrypt:certificate-for domain)) + ">") + "<VirtualHost *:443>" + ,(strcat "ServerName " domain ":443") + ,@(loop for alias in aliases collect (strcat "ServerAlias " alias)) + ,@initial + "SSLEngine on" + ,(strcat "SSLCertificateFile " + (unix-namestring (lets-encrypt:certificate-for domain))) + ,(strcat "SSLCertificateKeyFile " + (unix-namestring (lets-encrypt:privkey-for domain))) + ,(strcat "SSLCertificateChainFile " + (unix-namestring (lets-encrypt:chain-for domain))) + "SSLUseStapling on" + ,@additional-config + ,@additional-config-https + "</VirtualHost>" "</IfFile>" + ,@(loop for name in (cons domain aliases) append + `("" + "<VirtualHost *:80>" + ,(strcat "ServerName " name ":80") + ,@initial + "RewriteEngine On" + "RewriteRule ^/.well-known/(.*) - [L]" + ;; redirect everything else to https + ,(strcat "RewriteRule ^/(.*) https://" name "/$1 [L,R,NE]") + ,@additional-config + "</VirtualHost>"))))) + (on-change (lets-encrypt:certificate-obtained + ,agree-tos ,htdocs ,domain ,@aliases) + (reloaded)) + :unapply + (unapply (site-enabled ,domain)) + (unapply (site-available ,domain "")))) |