README.md

   1 ## Provisioning PHP deployment
   2 1. `cp config.php.example config.php` && `vim config.php`
   3 1. `vim base.ovpn` and adjust to tastes
   4 1. Copy `ta.key` from OpenVPN server into root folder.
   5 1. `cd easy-rsa`
   6 1. `cp vars.example vars` && `vim vars`
   7    Set KEY_COUNTRY, KEY_PROVINCE, KEY_CITY, KEY_ORG, KEY_EMAIL to sane values
   8 1. `mkdir keys && sudo chown <php username> keys`
   9 1. Access /init.php to create the necessary files.
  10    (This script is idempotent and won't re-do anything, so you can leave it in place afterwards)
  11 1. `sudo -u <php username> ./build-key <name>` to test
  12 1. `sudo -u <php username> ./build-key-server <name>` to create server keys
  13    There is also `./revoke-full <name>` if you should need to revoke a key.
  14
  15 To start fresh: `rm -rf easy-rsa/keys`
  16
  17 Note: the instance of PHP which is running this tool,
  18 should be running under a dedicated user account.
  19 This ensures the security of the keys.
  20
  21 Production instances should be used like an Apache Alias, i.e. `Alias /vpn-prov/ /var/www/vpn-prov/www/`
  22
  23 ## GPO Deployment
  24 Edit install-openvpn.bat to adjust URLs to suit, create scheduled task in GPO to run it from a share.
  25 Optionally create services in GPO to ensure the service is started even if user disabled it.