#---------------------------------------------------------------------------- # /var/install/include/eisfax-webaccess-lib - Webaccess library # # Creation : 2020-01-07 hbfl # Last update: $Id$ # # Copyright (c) 2020-@@YEAR@@ Holger Bruenjes, holgerbruenjes(at)gmx(dot)net # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. #---------------------------------------------------------------------------- # --------------------------------------------------------------------------- # only include this file once # --------------------------------------------------------------------------- if [ "${_EISFAX_WEBACCESS_LIB}" != "true" ] then _EISFAX_WEBACCESS_LIB=true # include passwdlib . /var/install/include/passwdlib package_folder="/srv/www/${package_name}" vhost_alias_path='/etc/apache2/vhost' vhost_include_path='/etc/apache2/mods-include' vhost_enabled_path='/etc/apache2/mods-enabled' pwgen_version='2.8.0' check_pwgen=1 apache_user='wwwrun' apache_group='nogroup' # -------------------------------------------------------------------------- # create vhosts # -------------------------------------------------------------------------- create_vhosts() { _vhost_action="${1}" eval _project_n='${'${project_name}'_N}' idx=1 while [ ${idx} -le ${_project_n:-0} ] do # check if project active eval active='${'${project_name}'_'${idx}'_ACTIVE}' if [ "${active}" != "yes" ] then idx=$((${idx} + 1)) continue fi web_name='' web_path='' eval web_name='${'${project_name}'_'${idx}'_NAME}' eval web_path='${'${project_name}'_'${idx}'_PATH}' # check if project in host installed eval proj_host='${'${project_name}'_'${idx}'_HOST}' if [ "${proj_host}" = "yes" ] then eval inst_servername='${'${project_name}'_'${idx}'_HOST_NAME}' eval inst_alias='${'${project_name}'_'${idx}'_HOST_ALIAS}' fi if [ "${_vhost_action}" = "remove" ] then rm -f ${vhost_alias_path}/host-${inst_servername}-${inst_alias} rm -f ${vhost_alias_path}/vhost-${inst_servername}-${inst_alias} _apache_conf=true else check_apache fi idx=$((${idx} + 1)) done } # -------------------------------------------------------------------------- # check apache # -------------------------------------------------------------------------- check_apache() { main_servername="${APACHE2_SERVER_NAME}" idy=1 while [ ${idy} -le ${APACHE2_VHOST_N:-0} ] do # check for active vhost eval active='${APACHE2_VHOST_'${idy}'_ACTIVE}' if [ "${active}" != "yes" ] then idy=$((${idy} + 1)) continue fi # list active apache server eval servername='${APACHE2_VHOST_'${idy}'_SERVER_NAME}' if [ -z "${server_name}" ] then server_name="${servername}" else server_name=$(echo "${server_name}"; echo "${servername}") fi idy=$((${idy} + 1)) done host_type='' # check if server vhost != host if [ -n "${server_name}" ] then if echo "${server_name}" | grep -q "${inst_servername}" then host_type='v' fi fi # added prefix to host if [ ${inst_servername} != ${main_servername} ] then host_type='v' fi # create dir ! if exist mkdir -m 0750 -p ${vhost_include_path} # write include statement echo "Include ${vhost_include_path}/${package_name}-${inst_alias}.conf" \ >${vhost_alias_path}/${host_type}host-${inst_servername}-${inst_alias} chmod 0440 ${vhost_alias_path}/${host_type}host-${inst_servername}-${inst_alias} _vhost_exist=true } # --------------------------------------------------------------------------- # create httpd project # --------------------------------------------------------------------------- create_httpd_project() { eval _project_n='${'${project_name}'_N}' idx=1 while [ ${idx} -le ${_project_n:-0} ] do # check if project active eval project_active='${'${project_name}'_'${idx}'_ACTIVE}' if [ "${project_active}" != "yes" ] then idx=$((${idx} + 1)) continue fi web_name='' web_path='' eval web_name='${'${project_name}'_'${idx}'_NAME}' eval web_path='${'${project_name}'_'${idx}'_PATH}' eval _ac_all='${'${project_name}'_'${idx}'_ACCESS_ALL}' _ac_auth='' _ac_host='' _ac_ip='' _ac_local='' if [ "${_ac_all}" != "yes" ] then eval _ac_auth='${'${project_name}'_'${idx}'_ACCESS_AUTH}' eval _ac_host='${'${project_name}'_'${idx}'_ACCESS_HOST}' eval _ac_ip='${'${project_name}'_'${idx}'_ACCESS_IP}' eval _ac_local='${'${project_name}'_'${idx}'_ACCESS_LOCAL}' if [ "${_ac_local:-no}" != "no" ] then _ac_auth='' _ac_host='' _ac_ip='' fi fi eval project_sub='${'${project_name}'_'${idx}'_SUBDOMAIN}' # project-name.my.lan if [ "${project_sub}" = "yes" ] then eval _sub_domain='${'${project_name}'_'${idx}'_SUBDOMAIN_NAME}' eval _sub_port='${'${project_name}'_'${idx}'_SUBDOMAIN_PORT}' eval _sub_admin='${'${project_name}'_'${idx}'_SUBDOMAIN_ADMIN}' eval sub_ssl='${'${project_name}'_'${idx}'_SUBDOMAIN_FORCE_SSL}' myecho "Write subdomain '${_sub_domain}' config ..." _host_active=false _sub_active=true _host_ssl=false _sub_ssl=false if [ "${sub_ssl}" = "yes" ] then _sub_ssl=true add_httpd_project 'virtual-http-short' eval _sub_port='${'${project_name}'_'${idx}'_SUBDOMAIN_SSL_PORT}' eval sub_cert='${'${project_name}'_'${idx}'_SUBDOMAIN_SSL_CERT}' add_httpd_project 'virtual-https' else add_httpd_project 'virtual-http' fi create_web_logrotate fi eval project_host='${'${project_name}'_'${idx}'_HOST}' # eis.my.lan/project-name if [ "${project_host}" = "yes" ] then eval servername='${'${project_name}'_'${idx}'_HOST_NAME}' eval alias='${'${project_name}'_'${idx}'_HOST_ALIAS}' eval host_ssl='${'${project_name}'_'${idx}'_HOST_FORCE_SSL}' myecho "Write domain '${servername}/${alias}' config ..." _host_active=true _sub_active=false _sub_ssl=false _host_ssl=false if [ "${host_ssl}" = "yes" ] then _host_ssl=true fi add_httpd_project 'http' fi idx=$((${idx} + 1)) done } # --------------------------------------------------------------------------- # add httpd project # --------------------------------------------------------------------------- add_httpd_project() { # load digest only once load_basic=1 load_digest=1 access_auth=1 check_pwgen=1 http=false virtual_http=false virtual_https=false virtual_http_short=false case "${1}" in http) # http{s}://eis.my.lan/project-name conf_file="${vhost_include_path}/${package_name}-${alias}.conf" http=true ;; virtual-http) # http://project-name.my.lan conf_file="${vhost_enabled_path}/virtualhost-${package_name}-${_sub_domain}.conf" virtual_http=true servername=${_sub_domain} alias='' ;; virtual-http-short) # http://project-name.my.lan conf_file="${vhost_enabled_path}/virtualhost-${package_name}-${_sub_domain}.conf" virtual_http_short=true servername=${_sub_domain} alias='' ;; virtual-https) # https://project-name.my.lan conf_file="${vhost_enabled_path}/virtualhost-${package_name}-${_sub_domain}.conf" virtual_https=true servername=${_sub_domain} alias='' log='ssl_' ;; esac if ${http:-false} || ${virtual_http:-false} || ${virtual_http_short:-false} then if [ -d /usr/lib/apache2/modules ] then modules_path='/usr/lib/apache2/modules' elif [ -d /usr/local/apache2/modules ] then modules_path='/usr/local/apache2/modules' fi # write httpd.conf addon file cat > ${conf_file} <> ${conf_file} <> ${conf_file} < EOF fi if ${_host_ssl:-false} || ${_sub_ssl:-false} then if ${http:-false} || ${virtual_http_short:-false} then cat >> ${conf_file} < LoadModule mod_rewrite_module ${modules_path}/mod_rewrite.so # Rewrite url for '${project_name}' with SSL RewriteEngine on RewriteCond %{HTTPS} off EOF if ${_host_ssl} then cat >> ${conf_file} <> ${conf_file} <> ${conf_file} < LoadModule auth_basic_module ${modules_path}/mod_auth_basic.so EOF load_basic=0 elif ${_sub_active:-false} && ! ${_sub_ssl:-false} && [ ${load_digest:-0} -eq 1 ] then cat >> ${conf_file} < LoadModule auth_digest_module ${modules_path}/mod_auth_digest.so EOF load_digest=0 fi if ${_host_active:-false} && ${_host_ssl:-false} && [ ${load_basic:-0} -eq 1 ] then cat >> ${conf_file} < LoadModule auth_basic_module ${modules_path}/mod_auth_basic.so EOF load_basic=0 elif ${_host_active:-false} && ! ${_host_ssl:-false} && [ ${load_digest:-0} -eq 1 ] then cat >> ${conf_file} < LoadModule auth_digest_module ${modules_path}/mod_auth_digest.so EOF load_digest=0 fi fi fi # servername cat >> ${conf_file} <> ${conf_file} < SSLOptions +StdEnvVars SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0 EOF fi if ${virtual_http:-false} || ${virtual_https:-false} || ${virtual_http_short:-false} then cat >> ${conf_file} < Options FollowSymLinks AllowOverride None Require all denied EOF fi if ! ${virtual_http_short:-false} then cat >> ${conf_file} < Options Indexes IndexIgnore .. EOF fi if ! ${virtual_http_short:-false} then if [ "${_ac_all}" = "yes" ] then cat >> ${conf_file} <> ${conf_file} <> ${conf_file} <> ${conf_file} <> ${conf_file} <> ${conf_file} <> ${conf_file} < EOF fi if ${virtual_http:-false} || ${virtual_https:-false} || ${virtual_http_short:-false} then cat >> ${conf_file} < EOF fi chmod 0600 ${conf_file} } # --------------------------------------------------------------------------- # apache start # --------------------------------------------------------------------------- apache_start() { # reload apache2 configuration if apache is running if [ -f /run/httpd.pid ] || [ -f /run/apache2.pid ] then /usr/sbin/service stop apache2 sleep 3 /usr/sbin/service start apache2 fi } # --------------------------------------------------------------------------- # create certifikate link # --------------------------------------------------------------------------- create_cert() { cert_path='/var/certs/ssl/certs' eval _project_n='${'${project_name}'_N}' idx=1 while [ ${idx} -le ${_project_n:-0} ] do # check if project active eval project_active='${'${project_name}'_'${idx}'_ACTIVE}' eval web_name='${'${project_name}'_'${idx}'_NAME}' cert_link="${package_name}-${web_name}.pem" # remove cert link always if [ -L ${cert_path}/${cert_link} ] then rm -f ${cert_path}/${cert_link} fi if [ "${project_active}" != "yes" ] then idx=$((${idx} + 1)) continue fi # get subdomain: yes/no eval sub='${'${project_name}'_'${idx}'_SUBDOMAIN}' sub_ssl='' sub_cert='' # eisfax.my.lan if [ "${sub:-no}" = "yes" ] then # get force ssl: yes/no eval sub_ssl='${'${project_name}'_'${idx}'_SUBDOMAIN_FORCE_SSL}' eval sub_cert='${'${project_name}'_'${idx}'_SUBDOMAIN_SSL_CERT}' if [ "${sub_ssl:-no}" = "yes" ] && [ -f ${cert_path}/${sub_cert} ] && [ "${sub_cert}" != "${cert_link}" ] then cd ${cert_path} ln -sf ${sub_cert} ${cert_link} fi fi idx=$((${idx} + 1)) done } # --------------------------------------------------------------------------- # create logrotate # --------------------------------------------------------------------------- create_web_logrotate() { cat > /etc/logrotate.d/${package_name}-web-${web_name} <