X-Git-Url: http://ftp.carnet.hr/carnet-debian/scm?a=blobdiff_plain;f=debian%2Fpostinst;h=8ae5cd17bd469d0674f9e89e43753dd163156f40;hb=0af202976ce472a92cf87a5ef1d09166d7e143ca;hp=e9923d78c9219196743c63d455127a9b7356f805;hpb=eb37ec66b33ffb28c3a28fae57326403db609a25;p=apache2-cn.git diff --git a/debian/postinst b/debian/postinst index e9923d7..8ae5cd1 100755 --- a/debian/postinst +++ b/debian/postinst @@ -8,18 +8,18 @@ set -e . /usr/share/debconf/confmodule case "$1" in - configure) - # continue below - ;; - - abort-upgrade|abort-remove|abort-deconfigure) - exit 0 - ;; - - *) - echo "postinst called with unknown argument \`$1'" >&2 - exit 0 - ;; + configure) + # continue below + ;; + + abort-upgrade|abort-remove|abort-deconfigure) + exit 0 + ;; + + *) + echo "postinst called with unknown argument \`$1'" >&2 + exit 0 + ;; esac @@ -27,17 +27,13 @@ esac . /usr/share/carnet-tools/functions.sh PKG="apache2-cn" -VERSION="2.2-1" +VERSION="2.4.10+1" CONFDIR="/etc/apache2" -CONFDIROLD="/etc/apache" CONF="$CONFDIR/apache2.conf" -CONFOLD="$CONFDIROLD/httpd.conf" -A2MODEDIR="$CONFDIR/mods-enabled" PORTCONF="$CONFDIR/ports.conf" A2CNDIR=/usr/share/apache2-cn TMPLDIR=$A2CNDIR/templates CERTDIR=/etc/ssl/certs -A2PHPINI="/etc/php4/apache2/php.ini" HOST=$(hostname) FQDN=$(hostname --fqdn) @@ -45,9 +41,7 @@ WEBMASTER="webmaster@$FQDN" DOMAIN=$(hostname -d) BACKUPDIR="/var/backups/apache2-cn" -backup_done=0 need_restart=0 -apache2_sslcert=0 apache2_sslcf= apache2_sslckf= apache2_sslccf= @@ -62,14 +56,13 @@ listen_ssl_mask= # Cleanup all temp files. # cleanup () { - - if [ -n "$temp_files" ]; then - for item in $temp_files; do - if [ -e "$item" ]; then - rm -f $item - fi - done - fi + if [ -n "$temp_files" ]; then + for item in $temp_files; do + if [ -e "$item" ]; then + rm -f $item + fi + done + fi } # tag_conf() @@ -77,21 +70,19 @@ cleanup () { # Add CARNet package info lines to config's header. # tag_conf () { - - local conf_file - conf_file="$1" - - if [ -e "$conf_file" ]; then - - cat >> $conf_file <> $conf_file < $out - mv $out $conf_file - fi - fi + local conf_file + conf_file="$1" + RET=1 + + if [ -f "$conf_file" ]; then + if egrep -q "^## Begin - Generated by CARNet package apache2-cn$" "$conf_file"; then + RET=0 + else + RET=2 + fi + fi } # generate_ssl() @@ -145,10 +111,9 @@ conf_log_fix () { # Generate Apache2 web server SSL certificate. # generate_ssl () { - - generate_ssl_output=$($A2CNDIR/carnet-generate-ssl ignore "$FQDN" "$WEBMASTER" "$DOMAIN" 2> /dev/null) - cp_echo "$generate_ssl_output" - need_restart=1 + generate_ssl_output=$($A2CNDIR/carnet-generate-ssl ignore "$FQDN" "$WEBMASTER" "$DOMAIN" 2> /dev/null) + cp_echo "$generate_ssl_output" + need_restart=1 } # listen_ssl() @@ -156,19 +121,24 @@ generate_ssl () { # Check if port 443 is configured in ports.conf file. # listen_ssl() { - - if ! egrep -iq "^[[:space:]]*Listen[[:space:]]*.*443$" "$PORTCONF"; then - - cp_echo "CN: Enabling SSL port (443) for Apache2 web server." - - out=$(mktemp ${PORTCONF}.XXXXXX) - cp $PORTCONF $out - echo "Listen 443" >> $out - cp_mv $out $PORTCONF - - need_restart=1 - temp_files="${temp_files} ${out}" - fi + + if [ ! -f "$PORTCONF" ] || ! egrep -iq "^[[:space:]]*Listen[[:space:]]+443$" "$PORTCONF"; then + + cp_echo "CN: Enabling SSL port (443) for Apache2 web server." + + out=$(mktemp ${PORTCONF}.XXXXXX) + temp_files="${temp_files} ${out}" + + if [ -f "$PORTCONF" ]; then + cp $PORTCONF $out + fi + + echo "Listen 443" >> $out + cp_mv $out $PORTCONF + chmod 644 $PORTCONF + + need_restart=1 + fi } # install_conf() @@ -176,19 +146,19 @@ listen_ssl() { # Install specified Apache2 configuration file. # install_conf() { - - conftmpl="$A2CNDIR/$1.conf" - conf="$CONFDIR/conf.d/$2.conf" - - if [ ! -e "$conf" ]; then - - cp_echo "CN: Enabling CARNet specific configuration." - cp "$conftmpl" "$conf" - - need_restart=1 - else - cp_echo "CN: $conf already exists, left untouched." 1>&2 - fi + conftmpl="$A2CNDIR/$1.conf" + conf="$CONFDIR/conf-available/$2.conf" + + if [ ! -e "$conf" ]; then + cp_echo "CN: Generating CARNet specific configuration." + cp "$conftmpl" "$conf" + else + cp_echo "CN: $conf already exists, left untouched." 1>&2 + fi + + cp_echo "CN: Enabling CARNet specific configuration." + a2enconf -m -q "$2" + need_restart=1 } # install_vhost() @@ -205,103 +175,243 @@ install_conf() { # -n - set ServerName # -s X - symlink DocumentRoot to X (all in /var/www) # -# site - name of file in sites-available, host part of ServerName unless -r or -n is used -# site-enabled-symlink - name of symlink in sites-enabled +# site - host part of ServerName unless -r or -n is used +# site-enabled-symlink - name of file/symlink in sites-available/sites-enabled +# (without .conf suffix) # install_vhost() { + add_namevirthost= + mkdir_docroot= + symlink_docroot= + docroot= + vhostname= + + while echo "x$1" | grep -q '^x-'; do + case "$1" in + -nvh) + add_namevirthost=1 + shift + ;; + -d) + mkdir_docroot=1 + shift + ;; + -s) + shift + symlink_docroot="$1" + shift + ;; + -r) + shift + docroot="$1" + if ! echo "$docroot" | grep -q /; then + docroot="/var/www/$docroot" + fi + shift + ;; + -n) + shift + vhostname="$1" + shift + ;; + esac + done + + vhosttmpl="$1.template" + vhost="$2" + vsite="$3" + venabled="$3.conf" + [ -z "$vhostname" ] && vhostname=$(echo "$vhost"| awk -F. '{print $1}') + force_vhost= + + vhostdir=$CONFDIR/sites-available + venabledir=$CONFDIR/sites-enabled + + if [ ! -e "$TMPLDIR/${vhosttmpl}" ]; then + echo "E: vhost template ${vhosttmpl} not found in $TMPLDIR!" 1>&2 + exit 2 + fi + + [ -z "$docroot" ] && docroot="/var/www/$vhostname.$DOMAIN" + + # if we were broken mid-installation, force + if [ ! -e "$docroot" -a $ -n "$mkdir_docroot" -o -n "$symlink_docroot" $ ]; then + force_vhost=1 + fi + + # add vhost if either of these is true + # - adding is forced OR + # - it doesn't exist + # + if [ -n "$force_vhost" -o $ ! -e "$vhostdir/$venabled" -a ! -e "$venabledir/$venabled" $ ]; then + + cp_echo "CN: Adding $vhost VirtualHost." + out=$(mktemp $vhostdir/$venabled.XXXXXX) + temp_files="${temp_files} ${out}" + + # CARNet header. + tag_conf "$out" + + if [ "$add_namevirthost" ]; then + nvh=$(awk -F'[ >]' '/^> $out + fi + + sed "s/HOST/$vhostname/g; s/DOMAIN/$DOMAIN/g; + s#DOCROOT#$docroot#g; s/IPADDR/$MYIP/g" < $TMPLDIR/$vhosttmpl >> $out + cp_mv $out $vhostdir/$venabled + chmod 644 $vhostdir/$venabled + a2ensite -m -q "$vsite" + + if [ -n "$mkdir_docroot" -a ! -d "$docroot" ]; then + mkdir "$docroot" + echo '

Radi!

' > "$docroot/index.html" + elif [ -n "$symlink_docroot" ]; then + ln -fs "$symlink_docroot" "$docroot" + fi - add_namevirthost= - mkdir_docroot= - symlink_docroot= - docroot= - vhostname= - - while echo "x$1" | grep -q '^x-'; do - case "$1" in - -nvh) - add_namevirthost=1 - shift - ;; - -d) - mkdir_docroot=1 - shift - ;; - -s) - shift - symlink_docroot="$1" - shift - ;; - -r) - shift - docroot="$1" - if ! echo "$docroot" | grep -q /; then - docroot="/var/www/$docroot" - fi - shift - ;; - -n) - shift - vhostname="$1" - shift - ;; - esac - done - - vhosttmpl="$1.template" - vhost="$2" - venabled="$3" - [ -z "$vhostname" ] && vhostname=$(echo "$vhost"| awk -F. '{print $1}') - force_vhost= - - vhostdir=$CONFDIR/sites-available - venabledir=$CONFDIR/sites-enabled - - if [ ! -e "$TMPLDIR/${vhosttmpl}" ]; then - echo "E: vhost template ${vhosttmpl} not found in $TMPLDIR!" 1>&2 - exit 2 - fi - - [ -z "$docroot" ] && docroot="/var/www/$vhostname.$DOMAIN" - - # if we were broken mid-installation, force - if [ ! -e "$docroot" -a $ -n "$mkdir_docroot" -o -n "$symlink_docroot" $ ]; then - force_vhost=1 - fi - - # add vhost if either of these is true - # - adding is forced OR - # - it doesn't exist - # - if [ -n "$force_vhost" -o $ ! -e "$vhostdir/$vhost" -a ! -e "$venabledir/$venabled" $ ]; then - - cp_echo "CN: Adding $vhost VirtualHost." - out=$(mktemp $vhostdir/$vhost.XXXXXX) - temp_files="${temp_files} ${out}" - - # CARNet header. - tag_conf "$out" - - if [ "$add_namevirthost" ]; then - nvh=$(awk -F'[ >]' '/^> $out - fi - - sed "s/HOST/$vhostname/g; s/DOMAIN/$DOMAIN/g; - s#DOCROOT#$docroot#g; s/IPADDR/$MYIP/g" < $TMPLDIR/$vhosttmpl >> $out - cp_mv $out $vhostdir/$vhost - chmod 644 $vhostdir/$vhost - ln -fs ../sites-available/$vhost $venabledir/$venabled - - if [ -n "$mkdir_docroot" -a ! -d "$docroot" ]; then - mkdir "$docroot" - echo '

Radi!

' > "$docroot/index.html" - elif [ -n "$symlink_docroot" ]; then - ln -fs "$symlink_docroot" "$docroot" - fi - - need_restart=1 - fi + need_restart=1 + fi +} + +# backup_conf() +# +# Backup configuration files located in specified directory. +# +backup_conf () { + local dir file backup_dir + + dir="$1" + + if [ -d "${dir}" ] && [ -n "$(ls -A ${dir}/)" ]; then + cp_echo "CN: Doing backup for all files in $dir" + for file in ${dir}/*; do + if [ -f "$file" ]; then + if [ -z "$(echo "$file" | egrep '^/.*(~|(\.(old|staro|bkp|bak|swp|tmp|dpkg-.+|cn-.+)))$')" ]; then + backup_dir="$BACKUPDIR/$(basename $(dirname "$file"))" + cp_backup_conffile -d "$backup_dir" -p "$file" + fi + fi + done + fi +} + +# move_conf() +# +# Move configuration files from one directory to another. The .conf suffix +# will be added. Will try to enable the configuration if -e is specified. +# +move_conf () { + local toenable ctype dir newdir file newfile + + if [ "$1" = "-e" ]; then + toenable="$1" + shift + fi + + ctype="$1" + dir="$2" + newdir="$3" + + case "$ctype" in + site|conf) + # continue below + ;; + *) + return 1 + ;; + esac + + if [ -z "$newdir" ]; then + newdir="$dir" + fi + + if [ -d "${dir}" ] && [ -n "$(ls -A ${dir}/)" ]; then + mkdir -p "$newdir" + for file in ${dir}/*; do + [ -z "$(echo "$file" | egrep '^/.*(~|(\.(old|staro|bkp|bak|swp|tmp|dpkg-.+|cn-.+)))$')" ] || continue + newfile="${newdir}/$(basename "$file" .conf).conf" + if [ ! -e "$newfile" ]; then + cp_echo "CN: Preserving changes to $newfile (renamed from $file)." + cp_mv "$file" "$newfile" + if [ -n "$toenable" ]; then + cp_echo "CN: Enabling configuration $newfile" + a2en$ctype -m -q "$(basename "$newfile" .conf)" || true + fi + need_restart=1 + fi + done + fi +} + +# rename_conf() +# +# Append the .conf suffix to all configuration files located in specified +# available and enabled directories. Updated symlinks if necessary. +# +# +rename_conf () { + local ctype adir edir afile efile newfile + + ctype="$1" + adir="$2" + edir="$3" + + case "$ctype" in + site|conf) + # continue below + ;; + *) + return 1 + ;; + esac + + if [ -d "${edir}" ] && [ -n "$(ls -A ${edir}/)" ]; then + mkdir -p "$adir" + for efile in ${edir}/*; do + [ -z "$(echo "$efile" | egrep '^/.*(~|(\.(old|staro|bkp|bak|swp|tmp|dpkg-.+|cn-.+)))$')" ] || continue + + [ ! -e "${edir}/$(basename "$efile" .conf).conf" ] || continue + + afile="$(readlink -q -m "$efile")" + + [ "$(dirname "$afile")" = "$adir" ] || continue + [ "$(basename "$afile" .conf)" = "$(basename "$efile" .conf)" ] || continue + + newfile="${adir}/$(basename "$afile" .conf).conf" + [ ! -e "$newfile" ] || continue + + cp_echo "CN: Preserving changes to $newfile (renamed from $afile)." + cp_mv "$afile" "$newfile" + + cp_echo "CN: Removing obsolete symlink $efile" + rm -f "$efile" + + cp_echo "CN: Enabling configuration $newfile" + a2en$ctype -m -q "$(basename "$newfile" .conf)" || true + need_restart=1 + done + fi +} + +# listconffiles() +# +# Recursively walks /etc/apache2/apache2.conf for Include and +# IncludeOptional directives. +# Prints all configfiles so defined. +# +listconffiles () { + local i incs + local base_dir="`dirname $1`" + + incs=`awk 'tolower($1) ~ /include(optional)?/ { sub("/$","/*",$2); print $2; }' $1` + incs=`echo "$incs" | sed -r "s#^([^/])#${base_dir}/\1#"` + if [ -n "$incs" ]; then + for i in $incs; do + if [ -e "$i" ]; then echo "`readlink -m -q $i`"; listconffiles "$i"; fi + done + fi } @@ -310,93 +420,120 @@ install_vhost() { trap cleanup 0 1 2 15 -# Make sure that monit conf for Apache is disabled. -if [ -f "/etc/monit.d/apache1.conf" ]; then - mv /etc/monit.d/apache1.conf /etc/monit.d/apache1.conf.disabled - pkill -9 -f /usr/sbin/monit || true +# Backup all configuration located in /etc/apache2/conf.d/, +# /etc/apache2/conf-available/ and /etc/apache2/sites-available/ +# directories. +# +if [ -e "$CONF" ]; then + cp_echo "CN: Doing backup for $CONF" + cp_backup_conffile -d $BACKUPDIR -p $CONF fi +backup_conf $CONFDIR/conf.d +backup_conf $CONFDIR/conf-available +backup_conf $CONFDIR/sites-available -# First of all - stop Apache web server, make sure Apache is NOT running. -# -if [ -x /usr/sbin/invoke-rc.d ]; then - [ -x /usr/sbin/apache ] && invoke-rc.d apache stop || true - pkill -9 -f /usr/sbin/apache || true -else - [ -x /etc/init.d/apache ] && /etc/init.d/apache stop || true -fi +cp_echo "CN: Backup is located in directory: $BACKUPDIR/" -# Backup all configuration located in /etc/apache2/conf.d/ and -# /etc/apache2/sites-available/ directories. +# Enable Apache2 web server modules (mpm_prefork, cgi, rewrite, userdir, suexec, php5, ssl). # if [ -e "$CONF" ]; then - cp_echo "CN: Doing backup for $CONF" - cp_backup_conffile -d $BACKUPDIR -p $CONF - backup_done=1 + cp_echo "CN: Enabling the prefork Apache2 MPM." + if [ "$(a2query -M || true)" != "prefork" ]; then + a2dismod -m -q "mpm_$(a2query -M || true)" + a2enmod -m -q mpm_prefork + fi + + cp_echo "CN: Enabling required Apache2 web server modules." + a2enmod -m -q access_compat + a2enmod -m -q cgi + a2enmod -m -q rewrite + a2enmod -m -q userdir + a2enmod -m -q suexec +# a2enmod -m -q php5 + a2enmod -m -q ssl fi -if [ -d "$CONFDIR/conf.d" ] && [ -n "$(ls ${CONFDIR}/conf.d/)" ]; then - cp_echo "CN: Doing backup for all files in /etc/apache2/conf.d/" - for file in /etc/apache2/conf.d/*; do - if [ -z "$(echo $file | egrep '^/.*~')" ]; then - cp_backup_conffile -d $BACKUPDIR -p $file - fi - done - backup_done=1 -fi -if [ -d "$CONFDIR/sites-available" ] && [ -n "$(ls ${CONFDIR}/sites-available/)" ]; then - cp_echo "CN: Doing backup for all files in /etc/apache2/sites-available/" - for file in /etc/apache2/sites-available/*; do - if [ -z "$(echo $file | egrep '^/.*~')" ]; then - cp_backup_conffile -d $BACKUPDIR -p $file - fi - done - backup_done=1 -fi -if [ $backup_done -eq 1 ]; then - cp_echo "CN: Backup is located in directory: $BACKUPDIR/" + + +# Make sure configuration files have the .conf suffix. Move them +# to appropriate locations. +# +if [ -d "$CONFDIR/conf.d" ]; then + cp_echo "CN: Obsolete configuration directory $CONFDIR/conf.d/ found." + move_conf -e conf $CONFDIR/conf.d $CONFDIR/conf-available fi +rename_conf site $CONFDIR/sites-available $CONFDIR/sites-enabled -# Enable Apache2 web server modules (cgi, rewrite, userdir, suexec, php4, ssl). + +# Check and add IncludeOptional lines to /etc/apache2/apache2.conf: +# +# IncludeOptional conf-enabled/*.conf +# IncludeOptional sites-enabled/*.conf # if [ -e "$CONF" ]; then - if [ ! -e "$A2MODEDIR/cgi.load" ]; then - cp_echo "CN: Enabling CGI module for Apache2 web server." - a2enmod cgi >/dev/null || true - need_restart=1 - fi - - if [ ! -e "$A2MODEDIR/rewrite.load" ]; then - cp_echo "CN: Enabling rewrite module for Apache2 web server." - a2enmod rewrite >/dev/null || true - need_restart=1 - fi - - if [ ! -e "$A2MODEDIR/userdir.load" ] || [ ! -e "$A2MODEDIR/userdir.conf" ]; then - cp_echo "CN: Enabling userdir module for Apache2 web server." - a2enmod userdir >/dev/null || true - need_restart=1 - fi - - if [ ! -e "$A2MODEDIR/suexec.load" ]; then - cp_echo "CN: Enabling SUEXEC module for Apache2 web server." - a2enmod suexec >/dev/null || true - need_restart=1 - fi - - if [ ! -e "$A2MODEDIR/php4.load" ] || [ ! -e "$A2MODEDIR/php4.conf" ]; then - cp_echo "CN: Enabling PHP4 module for Apache2 web server." - a2enmod php4 >/dev/null || true - need_restart=1 - fi - - if [ ! -e "$A2MODEDIR/ssl.load" ] || [ ! -e "$A2MODEDIR/ssl.conf" ]; then - cp_echo "CN: Enabling SSL module for Apache2 web server." - a2enmod ssl >/dev/null || true - need_restart=1 - fi + cp_echo "CN: Checking IncludeOptional lines in $CONF" + + CONFTMP=`mktemp $CONF.tmp.XXXXXX` + temp_files="${temp_files} ${CONFTMP}" + cp "$CONF" "$CONFTMP" + + sed -r -i 's#^[[:space:]]*Include(Optional)?[[:space:]]+(/etc/apache2/)?conf\.d(/)?$#IncludeOptional conf-enabled/\*\.conf#I' \ + "$CONFTMP" + sed -r -i 's#^[[:space:]]*Include(Optional)?[[:space:]]+(/etc/apache2/)?sites-enabled(/)?$#IncludeOptional sites-enabled/\*\.conf#I' \ + "$CONFTMP" + + if ! egrep -iq "^[[:space:]]*IncludeOptional[[:space:]]+conf-enabled/\*\.conf$" "$CONFTMP"; then + echo 'IncludeOptional conf-enabled/*.conf' >> "$CONFTMP" + fi + if ! egrep -iq "^[[:space:]]*IncludeOptional[[:space:]]+sites-enabled/\*\.conf$" "$CONFTMP"; then + echo 'IncludeOptional sites-enabled/*.conf' >> "$CONFTMP" + fi + + if ! cmp -s "$CONFTMP" "$CONF"; then + cp_mv "$CONFTMP" "$CONF" + need_restart=1 + fi + rm -f "$CONFTMP" +fi + +# Remove deprecated directives. Add default Mutex if not defined. +# +if [ -e "$CONF" ]; then + + ( listconffiles "$CONF"; echo "$CONF" ) | while read -r a2cfile; do + + a2cfiletmp=`mktemp $a2cfile.tmp.XXXXXX` + temp_files="${temp_files} ${a2cfiletmp}" + cp "$a2cfile" "$a2cfiletmp" + + if egrep -iq "^[[:space:]]*NameVirtualHost[[:space:]]+" "$a2cfiletmp"; then + cp_echo "CN: Removing deprecated NameVirtualHost from $a2cfile" + sed -r -i '/^[[:space:]]*NameVirtualHost[[:space:]]+/Id' \ + "$a2cfiletmp" + fi + + if egrep -iq "^[[:space:]]*SSLMutex[[:space:]]+" "$a2cfiletmp"; then + cp_echo "CN: Removing deprecated SSLMutex from $a2cfile" + sed -r -i '/^[[:space:]]*SSLMutex[[:space:]]+/Id' \ + "$a2cfiletmp" + fi + + if [ "$a2cfile" = "$CONF" ]; then + if ! egrep -iq "^[[:space:]]*Mutex[[:space:]]+" "$a2cfiletmp"; then + cp_echo "CN: Adding default Mutex to $a2cfile" + echo 'Mutex file:${APACHE_LOCK_DIR} default' >> "$a2cfiletmp" + fi + fi + + if ! cmp -s "$a2cfiletmp" "$a2cfile"; then + cp_mv "$a2cfiletmp" "$a2cfile" + need_restart=1 + fi + rm -f "$a2cfiletmp" + done fi @@ -411,231 +548,212 @@ listen_ssl # Disable default site configuration. # if [ -e "$CONF" ]; then - if [ -e "$CONFDIR/sites-enabled/000-default" ]; then - cp_echo "CN: Disabling 000-default site configuration." - a2dissite 000-default >/dev/null || true - - need_restart=1 - fi + cp_echo "CN: Disabling default site configuration." + a2dissite -m -f -q 000-default || true + need_restart=1 fi # Apache2 SSL certificate. # -has_listen_ssl=0 - -if [ -d "$CONFDIR/conf.d" ] && [ -n "$(ls $CONFDIR/conf.d)" ]; then - listen_ssl_mask=$CONFDIR/conf.d/* +if [ -d "$CONFDIR/conf-enabled" ] && [ -n "$(ls -A $CONFDIR/conf-enabled/)" ]; then + listen_ssl_mask=$CONFDIR/conf-enabled/*.conf fi -if [ -d "$CONFDIR/sites-enabled" ] && [ -n "$(ls $CONFDIR/sites-enabled)" ]; then - listen_ssl_mask=$listen_ssl_mask" "$CONFDIR/sites-enabled/* +if [ -d "$CONFDIR/sites-enabled" ] && [ -n "$(ls -A $CONFDIR/sites-enabled/)" ]; then + listen_ssl_mask=$listen_ssl_mask" "$CONFDIR/sites-enabled/*.conf fi for file in $CONF $listen_ssl_mask; do - if [ -f "$file" ]; then - if egrep -iq '^[[:space:]]*' $file; then - has_listen_ssl=1 - apache2_sslcert=1 - break - fi - fi + if [ -f "$file" ]; then + if egrep -iq '^[[:space:]]*' $file; then + has_listen_ssl=1 + break + fi + fi done -if [ $apache2_sslcert -eq 0 ]; then +if [ $has_listen_ssl -eq 0 ]; then - db_get apache2-cn/sslcf || true - apache2_sslcf="$RET" + db_get apache2-cn/sslcf || true + apache2_sslcf="$RET" - if [ -n "$apache2_sslcf" ]; then + if [ -n "$apache2_sslcf" ]; then - db_get apache2-cn/sslckf || true - apache2_sslckf="$RET" + db_get apache2-cn/sslckf || true + apache2_sslckf="$RET" - db_get apache2-cn/sslccf || true - apache2_sslccf="$RET" - - need_restart=1 - else + db_get apache2-cn/sslccf || true + apache2_sslccf="$RET" - # Generate new SSL certificate files. - generate_ssl - - apache2_sslcf= - apache2_sslckf= - apache2_sslccf= - fi + need_restart=1 + else + + # Generate new SSL certificate files. + generate_ssl + + apache2_sslcf= + apache2_sslckf= + apache2_sslccf= + fi fi # Add VirtualHosts. +# - on fresh install # -db_get apache2-cn/wwwhost || true -if [ "$RET" = "true" ]; then - - # Add WWW VirtualHost. - if [ -f "$CONFDIR/sites-available/$FQDN" ]; then - cp_backup_conffile -d $BACKUPDIR -p $CONFDIR/sites-available/$FQDN - fi - if [ -f "$CONFDIR/sites-available/www.$DOMAIN" ]; then - cp_backup_conffile -d $BACKUPDIR -p $CONFDIR/sites-available/www.$DOMAIN - fi - - chk_conf_tag "$CONFDIR/sites-available/$FQDN" - if [ ! -f "$CONFDIR/sites-available/$FQDN" ] || [ $RET -eq 0 -a -f "$CONFOLD" ]; then - install_vhost -nvh -d -r www.$DOMAIN default $FQDN 000-$FQDN - need_restart=1 - fi - - chk_conf_tag "$CONFDIR/sites-available/www.$DOMAIN" - if [ ! -f "$CONFDIR/sites-available/www.$DOMAIN" ] || [ $RET -eq 0 -a -f "$CONFOLD" ]; then - install_vhost default www.$DOMAIN www.$DOMAIN - need_restart=1 - fi -else - - # No WWW VirtualHost. - if [ -f "$CONFDIR/sites-available/$FQDN" ]; then - cp_backup_conffile -d $BACKUPDIR -p $CONFDIR/sites-available/$FQDN - fi - - chk_conf_tag "$CONFDIR/sites-available/$FQDN" - if [ ! -f "$CONFDIR/sites-available/$FQDN" ] || [ $RET -eq 0 -a -f "$CONFOLD" ]; then - install_vhost -nvh -d -r $FQDN default $FQDN 000-$FQDN - need_restart=1 - fi +if [ -z "$2" ]; then + + db_get apache2-cn/wwwhost || true + if [ "$RET" = "true" ]; then + + # Add WWW VirtualHost. + if [ -f "$CONFDIR/sites-available/000-$FQDN.conf" ]; then + cp_backup_conffile -d $BACKUPDIR/sites-available -p $CONFDIR/sites-available/000-$FQDN.conf + fi + if [ -f "$CONFDIR/sites-available/www.$DOMAIN.conf" ]; then + cp_backup_conffile -d $BACKUPDIR/sites-available -p $CONFDIR/sites-available/www.$DOMAIN.conf + fi + + chk_conf_tag "$CONFDIR/sites-available/000-$FQDN.conf" + if [ ! -f "$CONFDIR/sites-available/000-$FQDN.conf" ] || [ $RET -eq 0 ]; then + if egrep -qi "^[[:space:]]*NameVirtualHost[[:space:]]+\*:80$" "$PORTCONF"; then + install_vhost -d -r www.$DOMAIN default $FQDN 000-$FQDN + else + install_vhost -nvh -d -r www.$DOMAIN default $FQDN 000-$FQDN + fi + need_restart=1 + fi + + chk_conf_tag "$CONFDIR/sites-available/www.$DOMAIN.conf" + if [ ! -f "$CONFDIR/sites-available/www.$DOMAIN.conf" ] || [ $RET -eq 0 ]; then + install_vhost default www.$DOMAIN www.$DOMAIN + need_restart=1 + fi + else + + # No WWW VirtualHost. + if [ -f "$CONFDIR/sites-available/000-$FQDN.conf" ]; then + cp_backup_conffile -d $BACKUPDIR/sites-available -p $CONFDIR/sites-available/000-$FQDN.conf + fi + + chk_conf_tag "$CONFDIR/sites-available/000-$FQDN.conf" + if [ ! -f "$CONFDIR/sites-available/000-$FQDN.conf" ] || [ $RET -eq 0 ]; then + if egrep -qi "^[[:space:]]*NameVirtualHost[[:space:]]+\*:80$" "$PORTCONF"; then + install_vhost -d -r $FQDN default $FQDN 000-$FQDN + else + install_vhost -nvh -d -r $FQDN default $FQDN 000-$FQDN + fi + need_restart=1 + fi + fi fi # Add VirtualHost for SSL? # -if [ $apache2_sslcert -eq 0 ]; then +if [ $has_listen_ssl -eq 0 ]; then - if [ -f "$CONFDIR/sites-available/ssl" ]; then - cp_backup_conffile -d $BACKUPDIR -p $CONFDIR/sites-available/ssl - fi + if [ -f "$CONFDIR/sites-available/001-ssl.conf" ]; then + cp_backup_conffile -d $BACKUPDIR/sites-available -p $CONFDIR/sites-available/001-ssl.conf + fi + + # No active SSL VirtualHosts found - add new one. + chk_conf_tag "$CONFDIR/sites-available/001-ssl.conf" + if [ ! -f "$CONFDIR/sites-available/001-ssl.conf" ] || [ $RET -eq 0 ]; then - # No active SSL VirtualHosts found - add new one. - chk_conf_tag "$CONFDIR/sites-available/ssl" - if [ ! -f "$CONFDIR/sites-available/ssl" ] || [ $RET -eq 0 -a -f "$CONFOLD" ]; then - install_vhost -r $FQDN -n $HOST ssl ssl 001-ssl - need_restart=1 - fi + db_get apache2-cn/wwwhost || true + if [ "$RET" = "true" ]; then + install_vhost -r www.$DOMAIN -n $HOST ssl ssl 001-ssl + else + install_vhost -r $FQDN -n $HOST ssl ssl 001-ssl + fi + need_restart=1 + fi fi # Check SSL certificates location for VirtualHosts. # -if [ $apache2_sslcert -eq 0 ]; then +if [ $has_listen_ssl -eq 0 ]; then - chk_conf_tag "${CONFDIR}/sites-available/ssl" - if [ $RET -eq 0 ] && [ -n "$apache2_sslcf" ]; then + chk_conf_tag "${CONFDIR}/sites-available/001-ssl.conf" + if [ $RET -eq 0 ] && [ -n "$apache2_sslcf" ]; then - SSLTMP=$(mktemp ${CONFDIR}/ssltmp.XXXXXX) - temp_files="${temp_files} ${SSLTMP}" - cp ${CONFDIR}/sites-available/ssl $SSLTMP + SSLTMP=$(mktemp ${CONFDIR}/ssltmp.XXXXXX) + temp_files="${temp_files} ${SSLTMP} ${SSLTMP}.cn-old" + cp ${CONFDIR}/sites-available/001-ssl.conf $SSLTMP - # SSLCertificateFile - cp_check_and_sed "^[[:space:]]*SSLCertificateFile \/etc\/ssl\/certs\/apache2\.pem" \ - "s#SSLCertificateFile /etc/ssl/certs/apache2.pem#SSLCertificateFile $apache2_sslcf #g" \ - $SSLTMP || true + # SSLCertificateFile + cp_check_and_sed "^[[:space:]]*SSLCertificateFile \/etc\/ssl\/certs\/apache2\.pem" \ + "s#SSLCertificateFile /etc/ssl/certs/apache2.pem#SSLCertificateFile $apache2_sslcf #g" \ + $SSLTMP || true - # SSLCertificateKeyFile - cp_check_and_sed "^[[:space:]]*SSLCertificateKeyFile \/etc\/ssl\/private\/apache2\.key" \ - "s#SSLCertificateKeyFile /etc/ssl/private/apache2.key#SSLCertificateKeyFile $apache2_sslckf #g" \ - $SSLTMP || true + # SSLCertificateKeyFile + cp_check_and_sed "^[[:space:]]*SSLCertificateKeyFile \/etc\/ssl\/private\/apache2\.key" \ + "s#SSLCertificateKeyFile /etc/ssl/private/apache2.key#SSLCertificateKeyFile $apache2_sslckf #g" \ + $SSLTMP || true - # SSLCertificateChainFile - if [ -n "$apache2_sslccf" ]; then - cp_check_and_sed "^# SSLCertificateChainFile \/etc\/ssl\/certs/sureserverEDU\.pem" \ - "s#\# SSLCertificateChainFile /etc/ssl/certs/sureserverEDU.pem#SSLCertificateChainFile $apache2_sslccf #g" \ - $SSLTMP || true - fi + # SSLCertificateChainFile + if [ -n "$apache2_sslccf" ]; then + cp_check_and_sed "^[[:space:]]*# SSLCertificateChainFile \/etc\/ssl\/certs\/(sureserverEDU|cert-chain)\.pem" \ + "s#\# SSLCertificateChainFile /etc/ssl/certs/$sureserverEDU\|cert-chain$.pem#SSLCertificateChainFile $apache2_sslccf #g" \ + $SSLTMP || true + fi - cp_mv $SSLTMP ${CONFDIR}/sites-available/ssl + cp_mv $SSLTMP ${CONFDIR}/sites-available/001-ssl.conf - need_restart=1 + need_restart=1 - # Just to be sure. - if [ -e "$SSLTMP" ]; then - rm -f $SSLTMP - fi - fi + # Just to be sure. + [ -e "${SSLTMP}" ] && rm -f ${SSLTMP} + [ -e "${SSLTMP}.cn-old" ] && rm -f ${SSLTMP}.cn-old + fi fi -# Check for CustomLog, ErrorLog and TransferLog in Apache2 configuration. +# Check file access permissions for SSL certificates. # -cp_echo "CN: Checking Apache2 CustomLog, ErrorLog and TransferLog directives." -if [ -d "$CONFDIR/conf.d" ] && [ -n "$(ls $CONFDIR/conf.d)" ]; then - log_mask=$CONFDIR/conf.d/* -fi -if [ -d "$CONFDIR/sites-available" ] && [ -n "$(ls $CONFDIR/sites-available)" ]; then - log_mask=$log_mask" "$CONFDIR/sites-available/* -fi -for file in $CONF $log_mask; do - chk_conf_tag "$file" - if [ $RET -eq 0 ]; then - conf_log_fix "$file" - fi +cp_echo "CN: Checking file access permissions for Apache2 SSL certificates." +sslkey=/etc/ssl/private +sslcerts="${sslkey}/ca.key ${sslkey}/apache2-ca.key ${sslkey}/apache2.key" +for certf in $sslcerts; do + if [ -f "$certf" ]; then + chmod 600 $certf + fi done -# Start Apache2 web server on boot? -# This will enable Apache2 in /etc/default/apache2 file. +# Check and remove obsolete "Include /etc/apache2/sites-enabled/[^.#]*" from +# /etc/apache2/apache2.conf. # -if egrep -q "^[[:space:]]*NO_START=1" /etc/default/apache2; then - cp_check_and_sed NO_START=1 s/NO_START=1/NO_START=0/ /etc/default/apache2 || true - need_restart=1 -fi +if egrep -iq "^[[:space:]]*Include[[:space:]]+\/etc\/apache2\/sites-enabled\/\[\^\.\#\]\*$" "$CONF"; then + cp_echo "CN: Fixing obsolete Include line in $CONF." + CONFTMP=`mktemp $CONF.tmp.XXXXXX` + temp_files="${temp_files} ${CONFTMP}" -db_stop || true + sed -r "/^[[:space:]]*Include[[:space:]]+\/etc\/apache2\/sites-enabled\/\[\^\.\#\]\*$/Id" \ + "$CONF" > "$CONFTMP" + if ! egrep -iq "^[[:space:]]*Include[[:space:]]+\/etc\/apache2\/sites-enabled\/$" "$CONFTMP"; then + echo "Include /etc/apache2/sites-enabled/" >> "$CONFTMP" + fi -# Remove old AOSI configuration for Apache: aosi-www.conf, aosi.conf. -# -if [ -e "$CONFDIR/conf.d/aosi-www.conf" ] || [ -e "$CONFDIR/conf.d/aosi.conf" ]; then - cp_echo "CN: Removing old AOSI configuration files for Apache2." - need_restart=1 + cp_mv "$CONFTMP" "$CONF" + need_restart=1 fi -[ -e "$CONFDIR/conf.d/aosi-www.conf" ] && rm -f $CONFDIR/conf.d/aosi-www.conf -[ -e "$CONFDIR/conf.d/aosi.conf" ] && rm -f $CONFDIR/conf.d/aosi.conf -# Stop Apache web server and disable Apache automatic start on boot. -# -if [ -x "/etc/init.d/apache" ]; then - - # Stop Apache. - if [ -x "`which invoke-rc.d 2>/dev/null`" ]; then - invoke-rc.d apache stop || true - else - /etc/init.d/apache stop || true - fi +db_stop || true - # Disable automatic start on boot. - if [ -x "`which update-rc.d 2>/dev/null`" ]; then - update-rc.d -f apache remove > /dev/null 2>&1 || true - update-rc.d apache stop 90 6 . > /dev/null 2>&1 || true - fi -fi -# Also check for Apache-SSL web server. +# Remove old AOSI configuration for Apache: aosi-www.conf, aosi.conf. # -if [ -x "/etc/init.d/apache-ssl" ]; then - - # Stop Apache-SSL. - if [ -x "`which invoke-rc.d 2>/dev/null`" ]; then - invoke-rc.d apache-ssl stop || true - else - /etc/init.d/apache-ssl stop || true - fi - - # Disable automatic start on boot. - if [ -x "`which update-rc.d 2>/dev/null`" ]; then - update-rc.d -f apache-ssl remove > /dev/null 2>&1 || true - update-rc.d apache-ssl stop 90 6 . > /dev/null 2>&1 || true - fi +if [ -e "$CONFDIR/conf.d/aosi-www.conf" ] || [ -e "$CONFDIR/conf.d/aosi.conf" ]; then + cp_echo "CN: Removing old AOSI configuration files for Apache2." + rm -f $CONFDIR/conf.d/aosi-www.conf + rm -f $CONFDIR/conf.d/aosi.conf + need_restart=1 fi @@ -643,23 +761,17 @@ fi # if [ $need_restart -eq 1 ]; then - # Check Apache2 web server configuration. - if apache2ctl configtest 2>/dev/null; then - - # Restart Apache2 web server. - if [ -x "/etc/init.d/apache2" ]; then - if [ -x "`which invoke-rc.d 2>/dev/null`" ]; then - invoke-rc.d apache2 force-reload || true - else - /etc/init.d/apache2 force-reload || true - fi - fi - else - - # Something is broken. - cp_echo "CN: Your Apache2 configuration seem to be broken." - cp_echo "CN: Please, check the service after the installation finishes!" - fi + # Check Apache2 web server configuration. + if apache2ctl configtest 2>/dev/null; then + + # Restart Apache2 web server. + service apache2 reload || true + else + + # Something is broken. + cp_echo "CN: Your Apache2 configuration seems to be broken." + cp_echo "CN: Please, check the service after the installation finishes!" + fi fi @@ -671,8 +783,10 @@ cp_mail "$PKG" # (re)generate monit.d files if monit-cn is installed. # if [ -x "/usr/sbin/update-monit.d" ]; then - update-monit.d || true + cp_echo "CN: Updating monit configuration..." + update-monit.d || true fi +#DEBHELPER# exit 0