#!/bin/bash
HOSTNAME=""
SHOST=""
REQCERT=0
JSJSHARE="/usr/share/jsjinstalltools"
. /usr/share/jsjinstalltools/GetVersion
while [ $1"_" != _ ]; do
  case $1 in
        "-h")   HOSTNAME=$2; shift; shift;;
        "-d")   PROXYDEST=$2; shift; shift;;
        "-c")	REQCERT=1; shift;;
        *)      echo "call: $0 -h <hostname.domain>";
                echo "         -d <proxydestination.domain>";
		echo "         -c (request cert)";
                exit 1;;
  esac
done
if [ -z $HOSTNAME ]; then
  echo call: $0 -h hostname
  exit 1
fi
DOMAINNAME=${HOSTNAME#*.}
HOSTNAME=${HOSTNAME%%.*}
echo Hostname         $HOSTNAME $DOMAINNAME
PROXYDESTDN=${PROXYDEST#*.}
PROXYDESTHN=${PROXYDEST%%.*}
echo Proxydestination $PROXYDESTHN $PROXYDESTDN

RET=0
if [ -f $JSJSHARE/vhost-ssl-proxy.conf ]; then
  if [ -f /etc/apache2/vhosts.d/$HOSTNAME.conf ]; then
    echo virtual host /etc/apache2/vhosts.d/$HOSTNAME.conf file already exists.
    exit 1
  fi
  mkdir -p /srv/www/$HOSTNAME/htdocs
  if [ $REQCERT = 1 ]; then
    echo temporary virtal host w/o SSL before acme.sh
    sed '/<\/VirtualHost>/q' < $JSJSHARE/vhost-ssl-proxy.conf | sed -e "s/HOSTNAME/$HOSTNAME/" -e "s/DOMAINNAME/$DOMAINNAME/" > /etc/apache2/vhosts.d/$HOSTNAME.conf
    if [ ${VERSION_ID/./} -ge 120 ]; then
      systemctl restart apache2.service
      systemctl enable apache2.service
    else
      rcapache2 restart
      insserv apache2
    fi
    echo request certificate
    /root/.acme.sh/acme.sh -k ec-384 --issue -w /srv/www/$HOSTNAME/htdocs -d $HOSTNAME.$DOMAINNAME \
                           --cert-file /etc/apache2/ssl.crt/$HOSTNAME.$DOMAINNAME.pem \
                           --key-file /etc/apache2/ssl.key/$HOSTNAME.$DOMAINNAME.key \
                           --fullchain-file /etc/apache2/ssl.crt/$HOSTNAME.$DOMAINNAME.fullchain.pem \
                           --reloadcmd "systemctl restart apache2" --log
    RET=$?
  fi
  if [ $RET != 0 ]; then
    echo certificate request failed, stopping.
    rm /etc/apache2/vhosts.d/$HOSTNAME.conf
    exit 1
  else
    echo create virtual host
    sed -e "s/HOSTNAME/$HOSTNAME/" -e "s/DOMAINNAME/$DOMAINNAME/" \
        -e "s/PROXYDESTHN/$PROXYDESTHN/" -e "s/PROXYDESTDN/$PROXYDESTDN/" < $JSJSHARE/vhost-ssl-proxy.conf > /etc/apache2/vhosts.d/$HOSTNAME.conf
    if [ ${VERSION_ID%%.*} -ge 13 ]; then
      sed -i -e '/^ *Order .*allow/ i\ \ \ \ \ \ \ \ Require all granted' \
             -e '/^ *Order .*allow/ d' \
             -e '/^ *\(Allow\|Deny\) from/ d' /etc/apache2/vhosts.d/$HOSTNAME.conf
    fi
    /usr/sbin/a2enmod proxy proxy_http
  fi
else
  echo no file vhost-ssl-proxy.conf
  exit 1
fi
if [ ${VERSION_ID/./} -ge 120 ]; then
  systemctl restart apache2.service
  systemctl enable apache2.service
else
  rcapache2 restart
  insserv apache2
fi

