1 ## Provisioning PHP deployment
2 1.
`cp config.php.example config.php` &&
`vim config.php`
3 1.
`vim base.ovpn` and adjust to tastes
4 1. Copy
`ta.key` from OpenVPN server into root folder.
6 1.
`cp vars.example vars` &&
`vim vars`
7 Set KEY_COUNTRY, KEY_PROVINCE, KEY_CITY, KEY_ORG, KEY_EMAIL to sane values
8 1.
`mkdir keys && sudo chown <php username> keys`
9 1. Access /init.php to create the necessary files.
10 (This script is idempotent and won't re-do anything, so you can leave it in place afterwards)
11 1.
`sudo -u <php username> ./build-key <name>` to test
12 1.
`sudo -u <php username> ./build-key-server <name>` to create server keys
13 There is also
`./revoke-full <name>` if you should need to revoke a key.
15 To start fresh:
`rm -rf easy-rsa/keys`
17 Note: the instance of PHP which is running this tool,
18 should be running under a dedicated user account.
19 This ensures the security of the keys.
21 Production instances should be used like an Apache Alias, i.e.
`Alias /vpn-prov/ /var/www/vpn-prov/www/`
24 Edit install-openvpn.bat to adjust URLs to suit, create scheduled task in GPO to run it from a share.
25 Optionally create services in GPO to ensure the service is started even if user disabled it.