--- /dev/null
+#!/bin/sh
+
+set -e
+
+[ "$DEBIAN_SCRIPT_DEBUG" ] && set -vx
+
+# Source debconf library.
+. /usr/share/debconf/confmodule
+
+case "$1" in
+ configure)
+ # continue below
+ ;;
+
+ abort-upgrade|abort-remove|abort-deconfigure)
+ exit 0
+ ;;
+
+ *)
+ echo "postinst called with unknown argument \`$1'" >&2
+ exit 0
+ ;;
+esac
+
+
+# Include CARNet functions.
+. /usr/share/carnet-tools/functions.sh
+
+PKG="apache2-cn"
+VERSION="2.2-1"
+CONFDIR="/etc/apache2"
+CONFDIROLD="/etc/apache"
+CONF="$CONFDIR/apache2.conf"
+CONFOLD="$CONFDIROLD/httpd.conf"
+A2MODEDIR="$CONFDIR/mods-enabled"
+PORTCONF="$CONFDIR/ports.conf"
+A2CNDIR=/usr/share/apache2-cn
+TMPLDIR=$A2CNDIR/templates
+CERTDIR=/etc/ssl/certs
+A2PHPINI="/etc/php4/apache2/php.ini"
+
+HOST=$(hostname)
+FQDN=$(hostname --fqdn)
+WEBMASTER="webmaster@$FQDN"
+DOMAIN=$(hostname -d)
+BACKUPDIR="/var/backups/apache2-cn"
+
+backup_done=0
+need_restart=0
+apache2_sslcert=0
+apache2_sslcf=
+apache2_sslckf=
+apache2_sslccf=
+has_vhosts=0
+temp_files=
+has_listen_ssl=0
+listen_ssl_mask=
+
+
+# cleanup()
+#
+# Cleanup all temp files.
+#
+cleanup () {
+
+ if [ -n "$temp_files" ]; then
+ for item in $temp_files; do
+ if [ -e "$item" ]; then
+ rm -f $item
+ fi
+ done
+ fi
+}
+
+# tag_conf()
+#
+# Add CARNet package info lines to config's header.
+#
+tag_conf () {
+
+ local conf_file
+ conf_file="$1"
+
+ if [ -e "$conf_file" ]; then
+
+ cat >> $conf_file <<EOF
+## Begin - Generated by CARNet package apache2-cn
+#
+# REMOVE this whole block if you DON'T WANT apache2-cn
+# to edit your configuration file.
+#
+## End - Generated by CARNet package apache2-cn
+EOF
+ fi
+}
+
+# chk_conf_tag ()
+#
+# Check if configuration file has CARNet package info lines.
+# return: $RET => 0 - tagged
+# 1 - not tagged or file does not exists
+# 2 - file exists, but it is not tagged
+#
+chk_conf_tag () {
+
+ local conf_file
+ conf_file="$1"
+ RET=1
+
+ if [ -f "$conf_file" ]; then
+ if egrep -q "^## Begin - Generated by CARNet package apache2-cn$" "$conf_file"; then
+ RET=0
+ else
+ RET=2
+ fi
+ fi
+}
+
+# conf_log_fix ()
+#
+# Check CustomLog, ErrorLog and TransferLog paths - /var/log/apache/ is replaced
+# with /var/log/apache2/.
+#
+conf_log_fix () {
+
+ local conf_file out
+ conf_file="$1"
+
+ if [ -f "$conf_file" ]; then
+
+ if egrep -iq '^[[:space:]]*(Error|Custom|Transfer)Log[[:space:]]*\/var\/log\/apache\/' "$conf_file"; then
+
+ out=$(mktemp ${conf_file}.XXXXXX)
+ temp_files="${temp_files} ${out}"
+
+ sed 's/\(^[[:space:]]*\(Error\|Custom\|Transfer\)Log[[:space:]]*\)\/var\/log\/apache\//\1\/var\/log\/apache2\//I' \
+ $conf_file > $out
+ mv $out $conf_file
+ fi
+ fi
+}
+
+# generate_ssl()
+#
+# Generate Apache2 web server SSL certificate.
+#
+generate_ssl () {
+
+ generate_ssl_output=$($A2CNDIR/carnet-generate-ssl ignore "$FQDN" "$WEBMASTER" "$DOMAIN" 2> /dev/null)
+ cp_echo "$generate_ssl_output"
+ need_restart=1
+}
+
+# listen_ssl()
+#
+# Check if port 443 is configured in ports.conf file.
+#
+listen_ssl() {
+
+ if ! egrep -iq "^[[:space:]]*Listen[[:space:]]*.*443$" "$PORTCONF"; then
+
+ cp_echo "CN: Enabling SSL port (443) for Apache2 web server."
+
+ out=$(mktemp ${PORTCONF}.XXXXXX)
+ cp $PORTCONF $out
+ echo "Listen 443" >> $out
+ cp_mv $out $PORTCONF
+
+ need_restart=1
+ temp_files="${temp_files} ${out}"
+ fi
+}
+
+# install_conf()
+#
+# Install specified Apache2 configuration file.
+#
+install_conf() {
+
+ conftmpl="$A2CNDIR/$1.conf"
+ conf="$CONFDIR/conf.d/$2.conf"
+
+ if [ ! -e "$conf" ]; then
+
+ cp_echo "CN: Enabling CARNet specific configuration."
+ cp "$conftmpl" "$conf"
+
+ need_restart=1
+ else
+ cp_echo "CN: $conf already exists, left untouched." 1>&2
+ fi
+}
+
+# install_vhost()
+#
+# Install specified VirtualHost for Apache2 web server.
+#
+# Invocation:
+#
+# install_vhost [-nvh] [-d] [-s docroot_symlink_dest] template site site-enabled-symlink
+#
+# -nvh - add NameVirtualHost
+# -d - mkdir DocumentRoot
+# -r - set DocumentRoot
+# -n - set ServerName
+# -s X - symlink DocumentRoot to X (all in /var/www)
+#
+# site - name of file in sites-available, host part of ServerName unless -r or -n is used
+# site-enabled-symlink - name of symlink in sites-enabled
+#
+install_vhost() {
+
+ add_namevirthost=
+ mkdir_docroot=
+ symlink_docroot=
+ docroot=
+ vhostname=
+
+ while echo "x$1" | grep -q '^x-'; do
+ case "$1" in
+ -nvh)
+ add_namevirthost=1
+ shift
+ ;;
+ -d)
+ mkdir_docroot=1
+ shift
+ ;;
+ -s)
+ shift
+ symlink_docroot="$1"
+ shift
+ ;;
+ -r)
+ shift
+ docroot="$1"
+ if ! echo "$docroot" | grep -q /; then
+ docroot="/var/www/$docroot"
+ fi
+ shift
+ ;;
+ -n)
+ shift
+ vhostname="$1"
+ shift
+ ;;
+ esac
+ done
+
+ vhosttmpl="$1.template"
+ vhost="$2"
+ venabled="$3"
+ [ -z "$vhostname" ] && vhostname=$(echo "$vhost"| awk -F. '{print $1}')
+ force_vhost=
+
+ vhostdir=$CONFDIR/sites-available
+ venabledir=$CONFDIR/sites-enabled
+
+ if [ ! -e "$TMPLDIR/${vhosttmpl}" ]; then
+ echo "E: vhost template ${vhosttmpl} not found in $TMPLDIR!" 1>&2
+ exit 2
+ fi
+
+ [ -z "$docroot" ] && docroot="/var/www/$vhostname.$DOMAIN"
+
+ # if we were broken mid-installation, force
+ if [ ! -e "$docroot" -a \( -n "$mkdir_docroot" -o -n "$symlink_docroot" \) ]; then
+ force_vhost=1
+ fi
+
+ # add vhost if either of these is true
+ # - adding is forced OR
+ # - it doesn't exist
+ #
+ if [ -n "$force_vhost" -o \( ! -e "$vhostdir/$vhost" -a ! -e "$venabledir/$venabled" \) ]; then
+
+ cp_echo "CN: Adding $vhost VirtualHost."
+ out=$(mktemp $vhostdir/$vhost.XXXXXX)
+ temp_files="${temp_files} ${out}"
+
+ # CARNet header.
+ tag_conf "$out"
+
+ if [ "$add_namevirthost" ]; then
+ nvh=$(awk -F'[ >]' '/^<VirtualHost/ {print $2}' $TMPLDIR/$vhosttmpl |\
+ sed "s/IPADDR/$MYIP/g")
+ echo "NameVirtualHost $nvh" >> $out
+ fi
+
+ sed "s/HOST/$vhostname/g; s/DOMAIN/$DOMAIN/g;
+ s#DOCROOT#$docroot#g; s/IPADDR/$MYIP/g" < $TMPLDIR/$vhosttmpl >> $out
+ cp_mv $out $vhostdir/$vhost
+ chmod 644 $vhostdir/$vhost
+ ln -fs ../sites-available/$vhost $venabledir/$venabled
+
+ if [ -n "$mkdir_docroot" -a ! -d "$docroot" ]; then
+ mkdir "$docroot"
+ echo '<html><body><h1>Radi!</h1></body></html>' > "$docroot/index.html"
+ elif [ -n "$symlink_docroot" ]; then
+ ln -fs "$symlink_docroot" "$docroot"
+ fi
+
+ need_restart=1
+ fi
+}
+
+
+# Set trap for deleting all temp files.
+#
+trap cleanup 0 1 2 15
+
+
+# Make sure that monit conf for Apache is disabled.
+if [ -f "/etc/monit.d/apache1.conf" ]; then
+ mv /etc/monit.d/apache1.conf /etc/monit.d/apache1.conf.disabled
+ pkill -9 -f /usr/sbin/monit || true
+fi
+
+
+# First of all - stop Apache web server, make sure Apache is NOT running.
+#
+if [ -x /usr/sbin/invoke-rc.d ]; then
+ [ -x /usr/sbin/apache ] && invoke-rc.d apache stop || true
+ pkill -9 -f /usr/sbin/apache || true
+else
+ [ -x /etc/init.d/apache ] && /etc/init.d/apache stop || true
+fi
+
+
+# Backup all configuration located in /etc/apache2/conf.d/ and
+# /etc/apache2/sites-available/ directories.
+#
+if [ -e "$CONF" ]; then
+ cp_echo "CN: Doing backup for $CONF"
+ cp_backup_conffile -d $BACKUPDIR -p $CONF
+ backup_done=1
+fi
+if [ -d "$CONFDIR/conf.d" ] && [ -n "$(ls ${CONFDIR}/conf.d/)" ]; then
+ cp_echo "CN: Doing backup for all files in /etc/apache2/conf.d/"
+ for file in /etc/apache2/conf.d/*; do
+ if [ -z "$(echo $file | egrep '^/.*~')" ]; then
+ cp_backup_conffile -d $BACKUPDIR -p $file
+ fi
+ done
+ backup_done=1
+fi
+if [ -d "$CONFDIR/sites-available" ] && [ -n "$(ls ${CONFDIR}/sites-available/)" ]; then
+ cp_echo "CN: Doing backup for all files in /etc/apache2/sites-available/"
+ for file in /etc/apache2/sites-available/*; do
+ if [ -z "$(echo $file | egrep '^/.*~')" ]; then
+ cp_backup_conffile -d $BACKUPDIR -p $file
+ fi
+ done
+ backup_done=1
+fi
+if [ $backup_done -eq 1 ]; then
+ cp_echo "CN: Backup is located in directory: $BACKUPDIR/"
+fi
+
+
+# Enable Apache2 web server modules (cgi, rewrite, userdir, suexec, php4, ssl).
+#
+if [ -e "$CONF" ]; then
+
+ if [ ! -e "$A2MODEDIR/cgi.load" ]; then
+ cp_echo "CN: Enabling CGI module for Apache2 web server."
+ a2enmod cgi >/dev/null || true
+ need_restart=1
+ fi
+
+ if [ ! -e "$A2MODEDIR/rewrite.load" ]; then
+ cp_echo "CN: Enabling rewrite module for Apache2 web server."
+ a2enmod rewrite >/dev/null || true
+ need_restart=1
+ fi
+
+ if [ ! -e "$A2MODEDIR/userdir.load" ] || [ ! -e "$A2MODEDIR/userdir.conf" ]; then
+ cp_echo "CN: Enabling userdir module for Apache2 web server."
+ a2enmod userdir >/dev/null || true
+ need_restart=1
+ fi
+
+ if [ ! -e "$A2MODEDIR/suexec.load" ]; then
+ cp_echo "CN: Enabling SUEXEC module for Apache2 web server."
+ a2enmod suexec >/dev/null || true
+ need_restart=1
+ fi
+
+ if [ ! -e "$A2MODEDIR/php4.load" ] || [ ! -e "$A2MODEDIR/php4.conf" ]; then
+ cp_echo "CN: Enabling PHP4 module for Apache2 web server."
+ a2enmod php4 >/dev/null || true
+ need_restart=1
+ fi
+
+ if [ ! -e "$A2MODEDIR/ssl.load" ] || [ ! -e "$A2MODEDIR/ssl.conf" ]; then
+ cp_echo "CN: Enabling SSL module for Apache2 web server."
+ a2enmod ssl >/dev/null || true
+ need_restart=1
+ fi
+fi
+
+
+# Install CARNet specific configuration file.
+#
+install_conf carnet 000-carnet
+
+# Enable SSL port (443).
+#
+listen_ssl
+
+# Disable default site configuration.
+#
+if [ -e "$CONF" ]; then
+ if [ -e "$CONFDIR/sites-enabled/000-default" ]; then
+ cp_echo "CN: Disabling 000-default site configuration."
+ a2dissite 000-default >/dev/null || true
+
+ need_restart=1
+ fi
+fi
+
+
+# Apache2 SSL certificate.
+#
+has_listen_ssl=0
+
+if [ -d "$CONFDIR/conf.d" ] && [ -n "$(ls $CONFDIR/conf.d)" ]; then
+ listen_ssl_mask=$CONFDIR/conf.d/*
+fi
+if [ -d "$CONFDIR/sites-enabled" ] && [ -n "$(ls $CONFDIR/sites-enabled)" ]; then
+ listen_ssl_mask=$listen_ssl_mask" "$CONFDIR/sites-enabled/*
+fi
+
+for file in $CONF $listen_ssl_mask; do
+ if [ -f "$file" ]; then
+ if egrep -iq '^[[:space:]]*<VirtualHost .*443[[:space:]]*>' $file; then
+ has_listen_ssl=1
+ apache2_sslcert=1
+ break
+ fi
+ fi
+done
+
+if [ $apache2_sslcert -eq 0 ]; then
+
+ db_get apache2-cn/sslcf || true
+ apache2_sslcf="$RET"
+
+ if [ -n "$apache2_sslcf" ]; then
+
+ db_get apache2-cn/sslckf || true
+ apache2_sslckf="$RET"
+
+ db_get apache2-cn/sslccf || true
+ apache2_sslccf="$RET"
+
+ need_restart=1
+ else
+
+ # Generate new SSL certificate files.
+ generate_ssl
+
+ apache2_sslcf=
+ apache2_sslckf=
+ apache2_sslccf=
+ fi
+fi
+
+
+# Add VirtualHosts.
+#
+db_get apache2-cn/wwwhost || true
+if [ "$RET" = "true" ]; then
+
+ # Add WWW VirtualHost.
+ if [ -f "$CONFDIR/sites-available/$FQDN" ]; then
+ cp_backup_conffile -d $BACKUPDIR -p $CONFDIR/sites-available/$FQDN
+ fi
+ if [ -f "$CONFDIR/sites-available/www.$DOMAIN" ]; then
+ cp_backup_conffile -d $BACKUPDIR -p $CONFDIR/sites-available/www.$DOMAIN
+ fi
+
+ chk_conf_tag "$CONFDIR/sites-available/$FQDN"
+ if [ ! -f "$CONFDIR/sites-available/$FQDN" ] || [ $RET -eq 0 -a -f "$CONFOLD" ]; then
+ install_vhost -nvh -d -r www.$DOMAIN default $FQDN 000-$FQDN
+ need_restart=1
+ fi
+
+ chk_conf_tag "$CONFDIR/sites-available/www.$DOMAIN"
+ if [ ! -f "$CONFDIR/sites-available/www.$DOMAIN" ] || [ $RET -eq 0 -a -f "$CONFOLD" ]; then
+ install_vhost default www.$DOMAIN www.$DOMAIN
+ need_restart=1
+ fi
+else
+
+ # No WWW VirtualHost.
+ if [ -f "$CONFDIR/sites-available/$FQDN" ]; then
+ cp_backup_conffile -d $BACKUPDIR -p $CONFDIR/sites-available/$FQDN
+ fi
+
+ chk_conf_tag "$CONFDIR/sites-available/$FQDN"
+ if [ ! -f "$CONFDIR/sites-available/$FQDN" ] || [ $RET -eq 0 -a -f "$CONFOLD" ]; then
+ install_vhost -nvh -d -r $FQDN default $FQDN 000-$FQDN
+ need_restart=1
+ fi
+fi
+
+
+# Add VirtualHost for SSL?
+#
+if [ $apache2_sslcert -eq 0 ]; then
+
+ if [ -f "$CONFDIR/sites-available/ssl" ]; then
+ cp_backup_conffile -d $BACKUPDIR -p $CONFDIR/sites-available/ssl
+ fi
+
+ # No active SSL VirtualHosts found - add new one.
+ chk_conf_tag "$CONFDIR/sites-available/ssl"
+ if [ ! -f "$CONFDIR/sites-available/ssl" ] || [ $RET -eq 0 -a -f "$CONFOLD" ]; then
+ install_vhost -r $FQDN -n $HOST ssl ssl 001-ssl
+ need_restart=1
+ fi
+fi
+
+
+# Check SSL certificates location for VirtualHosts.
+#
+if [ $apache2_sslcert -eq 0 ]; then
+
+ chk_conf_tag "${CONFDIR}/sites-available/ssl"
+ if [ $RET -eq 0 ] && [ -n "$apache2_sslcf" ]; then
+
+ SSLTMP=$(mktemp ${CONFDIR}/ssltmp.XXXXXX)
+ temp_files="${temp_files} ${SSLTMP}"
+ cp ${CONFDIR}/sites-available/ssl $SSLTMP
+
+ # SSLCertificateFile
+ cp_check_and_sed "^[[:space:]]*SSLCertificateFile \/etc\/ssl\/certs\/apache2\.pem" \
+ "s#SSLCertificateFile /etc/ssl/certs/apache2.pem#SSLCertificateFile $apache2_sslcf #g" \
+ $SSLTMP || true
+
+ # SSLCertificateKeyFile
+ cp_check_and_sed "^[[:space:]]*SSLCertificateKeyFile \/etc\/ssl\/private\/apache2\.key" \
+ "s#SSLCertificateKeyFile /etc/ssl/private/apache2.key#SSLCertificateKeyFile $apache2_sslckf #g" \
+ $SSLTMP || true
+
+ # SSLCertificateChainFile
+ if [ -n "$apache2_sslccf" ]; then
+ cp_check_and_sed "^# SSLCertificateChainFile \/etc\/ssl\/certs/sureserverEDU\.pem" \
+ "s#\# SSLCertificateChainFile /etc/ssl/certs/sureserverEDU.pem#SSLCertificateChainFile $apache2_sslccf #g" \
+ $SSLTMP || true
+ fi
+
+ cp_mv $SSLTMP ${CONFDIR}/sites-available/ssl
+
+ need_restart=1
+
+ # Just to be sure.
+ if [ -e "$SSLTMP" ]; then
+ rm -f $SSLTMP
+ fi
+ fi
+fi
+
+
+# Check for CustomLog, ErrorLog and TransferLog in Apache2 configuration.
+#
+cp_echo "CN: Checking Apache2 CustomLog, ErrorLog and TransferLog directives."
+if [ -d "$CONFDIR/conf.d" ] && [ -n "$(ls $CONFDIR/conf.d)" ]; then
+ log_mask=$CONFDIR/conf.d/*
+fi
+if [ -d "$CONFDIR/sites-available" ] && [ -n "$(ls $CONFDIR/sites-available)" ]; then
+ log_mask=$log_mask" "$CONFDIR/sites-available/*
+fi
+for file in $CONF $log_mask; do
+ chk_conf_tag "$file"
+ if [ $RET -eq 0 ]; then
+ conf_log_fix "$file"
+ fi
+done
+
+
+# Start Apache2 web server on boot?
+# This will enable Apache2 in /etc/default/apache2 file.
+#
+if egrep -q "^[[:space:]]*NO_START=1" /etc/default/apache2; then
+ cp_check_and_sed NO_START=1 s/NO_START=1/NO_START=0/ /etc/default/apache2 || true
+ need_restart=1
+fi
+
+
+db_stop || true
+
+
+# Remove old AOSI configuration for Apache: aosi-www.conf, aosi.conf.
+#
+if [ -e "$CONFDIR/conf.d/aosi-www.conf" ] || [ -e "$CONFDIR/conf.d/aosi.conf" ]; then
+ cp_echo "CN: Removing old AOSI configuration files for Apache2."
+ need_restart=1
+fi
+[ -e "$CONFDIR/conf.d/aosi-www.conf" ] && rm -f $CONFDIR/conf.d/aosi-www.conf
+[ -e "$CONFDIR/conf.d/aosi.conf" ] && rm -f $CONFDIR/conf.d/aosi.conf
+
+
+# Stop Apache web server and disable Apache automatic start on boot.
+#
+if [ -x "/etc/init.d/apache" ]; then
+
+ # Stop Apache.
+ if [ -x "`which invoke-rc.d 2>/dev/null`" ]; then
+ invoke-rc.d apache stop || true
+ else
+ /etc/init.d/apache stop || true
+ fi
+
+ # Disable automatic start on boot.
+ if [ -x "`which update-rc.d 2>/dev/null`" ]; then
+ update-rc.d -f apache remove > /dev/null 2>&1 || true
+ update-rc.d apache stop 90 6 . > /dev/null 2>&1 || true
+ fi
+fi
+
+# Also check for Apache-SSL web server.
+#
+if [ -x "/etc/init.d/apache-ssl" ]; then
+
+ # Stop Apache-SSL.
+ if [ -x "`which invoke-rc.d 2>/dev/null`" ]; then
+ invoke-rc.d apache-ssl stop || true
+ else
+ /etc/init.d/apache-ssl stop || true
+ fi
+
+ # Disable automatic start on boot.
+ if [ -x "`which update-rc.d 2>/dev/null`" ]; then
+ update-rc.d -f apache-ssl remove > /dev/null 2>&1 || true
+ update-rc.d apache-ssl stop 90 6 . > /dev/null 2>&1 || true
+ fi
+fi
+
+
+# Restart Apache2 web server if needed.
+#
+if [ $need_restart -eq 1 ]; then
+
+ # Check Apache2 web server configuration.
+ if apache2ctl configtest 2>/dev/null; then
+
+ # Restart Apache2 web server.
+ if [ -x "/etc/init.d/apache2" ]; then
+ if [ -x "`which invoke-rc.d 2>/dev/null`" ]; then
+ invoke-rc.d apache2 force-reload || true
+ else
+ /etc/init.d/apache2 force-reload || true
+ fi
+ fi
+ else
+
+ # Something is broken.
+ cp_echo "CN: Your Apache2 configuration seem to be broken."
+ cp_echo "CN: Please, check the service after the installation finishes!"
+ fi
+fi
+
+
+# Mail root
+#
+cp_mail "$PKG"
+
+
+# (re)generate monit.d files if monit-cn is installed.
+#
+if [ -x "/usr/sbin/update-monit.d" ]; then
+ update-monit.d || true
+fi
+
+
+exit 0
projects / apache2-cn.git / commitdiff