projects / vpn-prov.git / blame
| Commit | Line | Data |
|---|---|---|
| ac397a39 JR |
1 | ## Provisioning PHP deployment |
| 2 | 1. `cp config.php.example config.php` && `vim config.php` | |
| 3 | 1. `vim base.ovpn` and adjust to tastes | |
| 4 | 1. Copy `ta.key` from OpenVPN server into root folder. | |
| 5 | 1. `cd easy-rsa` | |
| 6 | 1. `cp vars.example vars` && `vim vars` | |
| 7 | Set KEY_COUNTRY, KEY_PROVINCE, KEY_CITY, KEY_ORG, KEY_EMAIL to sane values | |
| 8 | 1. `mkdir keys && sudo chown <php username> keys` | |
| 9 | 1. Access /init.php to create the necessary files. | |
| 10 | (This script is idempotent and won't re-do anything, so you can leave it in place afterwards) | |
| 02449cb1 JR |
11 | 1. `sudo -u <php username> ./build-key <name>` to test |
| 12 | 1. `sudo -u <php username> ./build-key-server <name>` to create server keys | |
| 13 | There is also `./revoke-full <name>` if you should need to revoke a key. | |
| ac397a39 JR |
14 | |
| 15 | To start fresh: `rm -rf easy-rsa/keys` | |
| 16 | ||
| 17 | Note: the instance of PHP which is running this tool, | |
| 18 | should be running under a dedicated user account. | |
| 19 | This ensures the security of the keys. | |
| 20 | ||
| 21 | Production instances should be used like an Apache Alias, i.e. `Alias /vpn-prov/ /var/www/vpn-prov/www/` | |
| 22 | ||
| 23 | ## GPO Deployment | |
| 24 | Edit install-openvpn.bat to adjust URLs to suit, create scheduled task in GPO to run it from a share. | |
| 25 | Optionally create services in GPO to ensure the service is started even if user disabled it. |