FSI/VM_OPENSSL_APACHE.sh

#!/bin/bash

# configuracao
source VM_CONFIG.sh

sudo yum install -y epel-release
sudo yum install -y openssl httpd mod_ssl mod_authnz_pam google-authenticator

if_dentro="enp0s8"
ip_dentro="10.60.0.1"
ifconfig $if_dentro $ip_dentro netmask 255.255.255.0

cp conf/openssl.cnf /etc/pki/tls/

# copiar ca para esta VM
cp ca/index.txt $CA_DIR
cp ca/ca.crt $CA_DIR
cp ca/ca.key $CA_DIR
cp ca/serial $CA_DIR
cp ca/dh2048.pem $CA_DIR

# correr oscp
killall openssl 2>/dev/null
openssl ocsp -index $CA_DIR/index.txt -port 8888 -rsigner $CA_DIR/ca.crt -rkey $CA_DIR/ca.key -CA $CA_DIR/ca.crt -text &


# apache
mkdir -p /etc/httpd/ssl
cp ca/ca.crt /etc/httpd/ssl/
cp ca/apache.crt /etc/httpd/ssl/
cp ca/apache.key /etc/httpd/ssl/
cp conf/ssl.conf /etc/httpd/conf.d/ssl.conf
cp conf/httpd-totp /etc/pam.d/httpd-totp

# NOTA(vasco) é preciso desativar home protection outra vez
mkdir -p /etc/systemd/system/httpd.service.d
echo -e "[Service]\nProtectHome=false" > /etc/systemd/system/httpd.service.d/override.conf
systemctl daemon-reload

# serviço !!!
systemctl enable --now httpd