]>
Commit | Line | Data |
---|---|---|
ac397a39 JR |
1 | ## Provisioning PHP deployment |
2 | 1. `cp config.php.example config.php` && `vim config.php` | |
3 | 1. `vim base.ovpn` and adjust to tastes | |
4 | 1. Copy `ta.key` from OpenVPN server into root folder. | |
5 | 1. `cd easy-rsa` | |
6 | 1. `cp vars.example vars` && `vim vars` | |
7 | Set KEY_COUNTRY, KEY_PROVINCE, KEY_CITY, KEY_ORG, KEY_EMAIL to sane values | |
8 | 1. `mkdir keys && sudo chown <php username> keys` | |
9 | 1. Access /init.php to create the necessary files. | |
10 | (This script is idempotent and won't re-do anything, so you can leave it in place afterwards) | |
02449cb1 JR |
11 | 1. `sudo -u <php username> ./build-key <name>` to test |
12 | 1. `sudo -u <php username> ./build-key-server <name>` to create server keys | |
13 | There is also `./revoke-full <name>` if you should need to revoke a key. | |
ac397a39 JR |
14 | |
15 | To start fresh: `rm -rf easy-rsa/keys` | |
16 | ||
17 | Note: the instance of PHP which is running this tool, | |
18 | should be running under a dedicated user account. | |
19 | This ensures the security of the keys. | |
20 | ||
21 | Production instances should be used like an Apache Alias, i.e. `Alias /vpn-prov/ /var/www/vpn-prov/www/` | |
22 | ||
23 | ## GPO Deployment | |
24 | Edit install-openvpn.bat to adjust URLs to suit, create scheduled task in GPO to run it from a share. | |
25 | Optionally create services in GPO to ensure the service is started even if user disabled it. |