Movi apache para a maquina openssl

2026-04-22 13:32:08 +01:00
parent 2fefeed0fe
commit d1ca71e53d
8 changed files with 88 additions and 29 deletions
--- a/VM_OPENSSL_APACHE.sh
+++ b/VM_OPENSSL_APACHE.sh
@@ -0,0 +1,40 @@
+#!/bin/bash
+
+# configuracao
+source VM_CONFIG.sh
+
+sudo yum install -y epel-release
+sudo yum install -y openssl httpd mod_ssl mod_authnz_pam google-authenticator
+
+if_dentro="enp0s8"
+ip_dentro="10.60.0.1"
+ifconfig $if_dentro $ip_dentro netmask 255.255.255.0
+
+cp conf/openssl.cnf /etc/pki/tls/
+
+# copiar ca para esta VM
+cp ca/index.txt $CA_DIR
+cp ca/ca.crt $CA_DIR
+cp ca/ca.key $CA_DIR
+cp ca/serial $CA_DIR
+cp ca/dh2048.pem $CA_DIR
+
+# correr oscp
+openssl ocsp -index $CA_DIR/index.txt -port 8888 -rsigner $CA_DIR/ca.crt -rkey $CA_DIR/ca.key -CA $CA_DIR/ca.crt -text &
+
+
+# apache
+mkdir -p /etc/httpd/ssl
+cp ca/ca.crt /etc/httpd/ssl/
+cp ca/apache.crt /etc/httpd/ssl/
+cp ca/apache.key /etc/httpd/ssl/
+cp conf/ssl.conf /etc/httpd/conf.d/ssl.conf
+cp conf/httpd-pam /etc/pam.d/httpd-totp
+
+# NOTA(vasco) é preciso desativar home protection outra vez
+mkdir -p /etc/systemd/system/httpd.service.d
+echo -e "[Service]\nProtectHome=false" > /etc/systemd/system/httpd.service.d/override.conf
+systemctl daemon-reload
+
+# serviço !!!
+systemctl enable --now httpd