[apache2-cn.git] / debian / postinst

#!/bin/sh

set -e

[ "$DEBIAN_SCRIPT_DEBUG" ] && set -vx

# Source debconf library.
. /usr/share/debconf/confmodule

case "$1" in
    configure)
        # continue below
        ;;

    abort-upgrade|abort-remove|abort-deconfigure)
        exit 0
        ;;

    *)
        echo "postinst called with unknown argument \`$1'" >&2
        exit 0
        ;;
esac


# Include CARNet functions.
. /usr/share/carnet-tools/functions.sh

PKG="apache2-cn"
VERSION="2.4.10+1"
CONFDIR="/etc/apache2"
CONF="$CONFDIR/apache2.conf"
PORTCONF="$CONFDIR/ports.conf"
A2CNDIR=/usr/share/apache2-cn
TMPLDIR=$A2CNDIR/templates
CERTDIR=/etc/ssl/certs

HOST=$(hostname)
FQDN=$(hostname --fqdn)
WEBMASTER="webmaster@$FQDN"
DOMAIN=$(hostname -d)
BACKUPDIR="/var/backups/apache2-cn"

need_restart=0
apache2_sslcf=
apache2_sslckf=
apache2_sslccf=
has_vhosts=0
temp_files=
has_listen_ssl=0
listen_ssl_mask=


# cleanup()
#
#   Cleanup all temp files.
#
cleanup () {
    if [ -n "$temp_files" ]; then
        for item in $temp_files; do
            if [ -e "$item" ]; then
                rm -f $item
            fi
        done
    fi
}

# tag_conf()
#
#   Add CARNet package info lines to config's header.
#
tag_conf () {
    local conf_file
    conf_file="$1"

    if [ -e "$conf_file" ]; then
        cat >> $conf_file <<EOF
## Begin - Generated by CARNet package apache2-cn
#
#  REMOVE this whole block if you DON'T WANT apache2-cn
#  to edit or undo your changes to this configuration file.
#
## End - Generated by CARNet package apache2-cn
EOF
    fi
}

# chk_conf_tag ()
#
#   Check if configuration file has CARNet package info lines.
#   return:  $RET => 0 - tagged
#                    1 - not tagged or file does not exists
#                    2 - file exists, but it is not tagged
#
chk_conf_tag () {
    local conf_file
    conf_file="$1"
    RET=1

    if [ -f "$conf_file" ]; then
        if egrep -q "^## Begin - Generated by CARNet package apache2-cn$" "$conf_file"; then
            RET=0
        else
            RET=2
        fi
    fi
}

# generate_ssl()
#
#   Generate Apache2 web server SSL certificate.
#
generate_ssl () {
    generate_ssl_output=$($A2CNDIR/carnet-generate-ssl ignore "$FQDN" "$WEBMASTER" "$DOMAIN" 2> /dev/null)
    cp_echo "$generate_ssl_output"
    need_restart=1
}

# listen_ssl()
#
#   Check if port 443 is configured in ports.conf file.
#
listen_ssl() {

    if [ ! -f "$PORTCONF" ] || ! egrep -iq "^[[:space:]]*Listen[[:space:]]+443$" "$PORTCONF"; then

        cp_echo "CN: Enabling SSL port (443) for Apache2 web server."

        out=$(mktemp ${PORTCONF}.XXXXXX)
        temp_files="${temp_files} ${out}"

        if [ -f "$PORTCONF" ]; then
            cp $PORTCONF $out
        fi

        echo "Listen 443" >> $out
        cp_mv $out $PORTCONF
        chmod 644 $PORTCONF

        need_restart=1
    fi
}

# install_conf()
#
#   Install specified Apache2 configuration file.
#
install_conf() {
    conftmpl="$A2CNDIR/$1.conf"
    conf="$CONFDIR/conf-available/$2.conf"

    if [ ! -e "$conf" ]; then
        cp_echo "CN: Generating CARNet specific configuration."
        cp "$conftmpl" "$conf"
    else
        cp_echo "CN: $conf already exists, left untouched." 1>&2
    fi

    cp_echo "CN: Enabling CARNet specific configuration."
    a2enconf -m -q "$2"
    need_restart=1
}

# install_vhost()
#
#   Install specified VirtualHost for Apache2 web server.
#
#   Invocation:
#
#   install_vhost [-nvh] [-d] [-s docroot_symlink_dest] template site site-enabled-symlink
#
#     -nvh - add NameVirtualHost
#     -d   - mkdir DocumentRoot
#     -r   - set DocumentRoot
#     -n   - set ServerName
#     -s X - symlink DocumentRoot to X (all in /var/www)
#
#   site - host part of ServerName unless -r or -n is used
#   site-enabled-symlink - name of file/symlink in sites-available/sites-enabled
#                          (without .conf suffix)
#
install_vhost() {
    add_namevirthost=
    mkdir_docroot=
    symlink_docroot=
    docroot=
    vhostname=

    while echo "x$1" | grep -q '^x-'; do
        case "$1" in
            -nvh)
                add_namevirthost=1
                shift
                ;;
            -d)
                mkdir_docroot=1
                shift
                ;;
            -s)
                shift
                symlink_docroot="$1"
                shift
                ;;
            -r)
                shift
                docroot="$1"
                if ! echo "$docroot" | grep -q /; then
                    docroot="/var/www/$docroot"
                fi
                shift
                ;;
            -n)
                shift
                vhostname="$1"
                shift
                ;;
        esac
    done

    vhosttmpl="$1.template"
    vhost="$2"
    vsite="$3"
    venabled="$3.conf"
    [ -z "$vhostname" ] && vhostname=$(echo "$vhost"| awk -F. '{print $1}')
    force_vhost=

    vhostdir=$CONFDIR/sites-available
    venabledir=$CONFDIR/sites-enabled

    if [ ! -e "$TMPLDIR/${vhosttmpl}" ]; then
        echo "E: vhost template ${vhosttmpl} not found in $TMPLDIR!" 1>&2
        exit 2
    fi

    [ -z "$docroot" ] && docroot="/var/www/$vhostname.$DOMAIN"

    # if we were broken mid-installation, force
    if [ ! -e "$docroot" -a \( -n "$mkdir_docroot" -o -n "$symlink_docroot" \) ]; then
        force_vhost=1
    fi

    # add vhost if either of these is true
    # - adding is forced OR
    # - it doesn't exist
    #
    if [ -n "$force_vhost" -o \( ! -e "$vhostdir/$venabled" -a ! -e "$venabledir/$venabled" \) ]; then

        cp_echo "CN: Adding $vhost VirtualHost."
        out=$(mktemp $vhostdir/$venabled.XXXXXX)
        temp_files="${temp_files} ${out}"

        # CARNet header.
        tag_conf "$out"

        if [ "$add_namevirthost" ]; then
            nvh=$(awk -F'[ >]' '/^<VirtualHost/ {print $2}' $TMPLDIR/$vhosttmpl |\
                sed "s/IPADDR/$MYIP/g")
            echo "NameVirtualHost $nvh" >> $out
        fi

        sed "s/HOST/$vhostname/g; s/DOMAIN/$DOMAIN/g;
            s#DOCROOT#$docroot#g; s/IPADDR/$MYIP/g" < $TMPLDIR/$vhosttmpl >> $out
        cp_mv $out $vhostdir/$venabled
        chmod 644 $vhostdir/$venabled
        a2ensite -m -q "$vsite"

        if [ -n "$mkdir_docroot" -a ! -d "$docroot" ]; then
            mkdir "$docroot"
            echo '<html><body><h1>Radi!</h1></body></html>' > "$docroot/index.html"
        elif [ -n "$symlink_docroot" ]; then
            ln -fs "$symlink_docroot" "$docroot"
        fi

        need_restart=1
    fi
}

# backup_conf()
#
#   Backup configuration files located in specified directory.
#
backup_conf () {
    local dir file backup_dir

    dir="$1"

    if [ -d "${dir}" ] && [ -n "$(ls -A ${dir}/)" ]; then
        cp_echo "CN: Doing backup for all files in $dir"
        for file in ${dir}/*; do
            if [ -f "$file" ]; then
                if [ -z "$(echo "$file" | egrep '^/.*(~|(\.(old|staro|bkp|bak|swp|tmp|dpkg-.+|cn-.+)))$')" ]; then
                    backup_dir="$BACKUPDIR/$(basename $(dirname "$file"))"
                    cp_backup_conffile -d "$backup_dir" -p "$file"
                fi
            fi
        done
    fi
}

# move_conf()
#
#   Move configuration files from one directory to another. The .conf suffix
#   will be added. Will try to enable the configuration if -e is specified.
#
move_conf () {
    local toenable ctype dir newdir file newfile

    if [ "$1" = "-e" ]; then
        toenable="$1"
        shift
    fi

    ctype="$1"
    dir="$2"
    newdir="$3"

    case "$ctype" in
        site|conf)
            # continue below
            ;;
        *)
            return 1
            ;;
    esac

    if [ -z "$newdir" ]; then
        newdir="$dir"
    fi

    if [ -d "${dir}" ] && [ -n "$(ls -A ${dir}/)" ]; then
        mkdir -p "$newdir"
        for file in ${dir}/*; do
            [ -z "$(echo "$file" | egrep '^/.*(~|(\.(old|staro|bkp|bak|swp|tmp|dpkg-.+|cn-.+)))$')" ] || continue
            newfile="${newdir}/$(basename "$file" .conf).conf"
            if [ ! -e "$newfile" ]; then
                cp_echo "CN: Preserving changes to $newfile (renamed from $file)."
                cp_mv "$file" "$newfile"
                if [ -n "$toenable" ]; then
                    cp_echo "CN: Enabling configuration $newfile"
                    a2en$ctype -m -q "$(basename "$newfile" .conf)" || true
                fi
                need_restart=1
            fi
        done
    fi
}

# rename_conf()
#
#   Append the .conf suffix to all configuration files located in specified
#   available and enabled directories. Updated symlinks if necessary.
#
#
rename_conf () {
    local ctype adir edir afile efile newfile

    ctype="$1"
    adir="$2"
    edir="$3"

    case "$ctype" in
        site|conf)
            # continue below
            ;;
        *)
            return 1
            ;;
    esac

    if [ -d "${edir}" ] && [ -n "$(ls -A ${edir}/)" ]; then
        mkdir -p "$adir"
        for efile in ${edir}/*; do
            [ -z "$(echo "$efile" | egrep '^/.*(~|(\.(old|staro|bkp|bak|swp|tmp|dpkg-.+|cn-.+)))$')" ] || continue

            [ ! -e "${edir}/$(basename "$efile" .conf).conf" ] || continue

            afile="$(readlink -q -m "$efile")"

            [ "$(dirname "$afile")" = "$adir" ] || continue
            [ "$(basename "$afile" .conf)" = "$(basename "$efile" .conf)" ] || continue

            newfile="${adir}/$(basename "$afile" .conf).conf"
            [ ! -e "$newfile" ] || continue

            cp_echo "CN: Preserving changes to $newfile (renamed from $afile)."
            cp_mv "$afile" "$newfile"

            cp_echo "CN: Removing obsolete symlink $efile"
            rm -f "$efile"

            cp_echo "CN: Enabling configuration $newfile"
            a2en$ctype -m -q "$(basename "$newfile" .conf)" || true
            need_restart=1
        done
    fi
}

# listconffiles()
#
#   Recursively walks /etc/apache2/apache2.conf for Include and
#   IncludeOptional directives.
#   Prints all configfiles so defined.
#
listconffiles () {
    local i incs
    local base_dir="`dirname $1`"

    incs=`awk 'tolower($1) ~ /include(optional)?/ { sub("/$","/*",$2); print $2; }' $1`
    incs=`echo "$incs" | sed -r "s#^([^/])#${base_dir}/\1#"`
    if [ -n "$incs" ]; then
        for i in $incs; do
            if [ -e "$i" ]; then echo "`readlink -m -q $i`"; listconffiles "$i"; fi
        done
    fi
}


# Set trap for deleting all temp files.
#
trap cleanup 0 1 2 15


# Backup all configuration located in /etc/apache2/conf.d/,
# /etc/apache2/conf-available/ and /etc/apache2/sites-available/
# directories.
#
if [ -e "$CONF" ]; then
    cp_echo "CN: Doing backup for $CONF"
    cp_backup_conffile -d $BACKUPDIR -p $CONF
fi

backup_conf $CONFDIR/conf.d
backup_conf $CONFDIR/conf-available
backup_conf $CONFDIR/sites-available

cp_echo "CN: Backup is located in directory: $BACKUPDIR/"


# Enable Apache2 web server modules (mpm_prefork, cgi, rewrite, userdir, suexec, php7.0, ssl).
#
if [ -e "$CONF" ]; then
    cp_echo "CN: Enabling the prefork Apache2 MPM."
    if [ "$(a2query -M || true)" != "prefork" ]; then
        a2dismod -m -q "mpm_$(a2query -M || true)"
        a2enmod -m -q mpm_prefork
    fi

    cp_echo "CN: Enabling required Apache2 web server modules."
    a2enmod -m -q access_compat
    a2enmod -m -q cgi
    a2enmod -m -q rewrite
    a2enmod -m -q userdir
    a2enmod -m -q suexec
    a2enmod -m -q php7.0
    a2enmod -m -q ssl
fi


# Make sure configuration files have the .conf suffix. Move them
# to appropriate locations.
#
if [ -d "$CONFDIR/conf.d" ]; then
    cp_echo "CN: Obsolete configuration directory $CONFDIR/conf.d/ found."
    move_conf -e conf $CONFDIR/conf.d $CONFDIR/conf-available
fi

rename_conf site $CONFDIR/sites-available $CONFDIR/sites-enabled


# Check and add IncludeOptional lines to /etc/apache2/apache2.conf:
#
#   IncludeOptional conf-enabled/*.conf
#   IncludeOptional sites-enabled/*.conf
#
if [ -e "$CONF" ]; then

    cp_echo "CN: Checking IncludeOptional lines in $CONF"

    CONFTMP=`mktemp $CONF.tmp.XXXXXX`
    temp_files="${temp_files} ${CONFTMP}"
    cp "$CONF" "$CONFTMP"

    sed -r -i 's#^[[:space:]]*Include(Optional)?[[:space:]]+(/etc/apache2/)?conf\.d(/)?$#IncludeOptional conf-enabled/\*\.conf#I' \
        "$CONFTMP"
    sed -r -i 's#^[[:space:]]*Include(Optional)?[[:space:]]+(/etc/apache2/)?sites-enabled(/)?$#IncludeOptional sites-enabled/\*\.conf#I' \
        "$CONFTMP"

    if ! egrep -iq "^[[:space:]]*IncludeOptional[[:space:]]+conf-enabled/\*\.conf$" "$CONFTMP"; then
        echo 'IncludeOptional conf-enabled/*.conf' >> "$CONFTMP"
    fi
    if ! egrep -iq "^[[:space:]]*IncludeOptional[[:space:]]+sites-enabled/\*\.conf$" "$CONFTMP"; then
        echo 'IncludeOptional sites-enabled/*.conf' >> "$CONFTMP"
    fi

    if ! cmp -s "$CONFTMP" "$CONF"; then
        cp_mv "$CONFTMP" "$CONF"
        need_restart=1
    fi
    rm -f "$CONFTMP"
fi

# Remove deprecated directives. Add default Mutex if not defined.
#
if [ -e "$CONF" ]; then

    ( listconffiles "$CONF"; echo "$CONF" ) | while read -r a2cfile; do

        a2cfiletmp=`mktemp $a2cfile.tmp.XXXXXX`
        temp_files="${temp_files} ${a2cfiletmp}"
        cp "$a2cfile" "$a2cfiletmp"

        if egrep -iq "^[[:space:]]*NameVirtualHost[[:space:]]+" "$a2cfiletmp"; then
            cp_echo "CN: Removing deprecated NameVirtualHost from $a2cfile"
            sed -r -i '/^[[:space:]]*NameVirtualHost[[:space:]]+/Id' \
                "$a2cfiletmp"
        fi

        if egrep -iq "^[[:space:]]*SSLMutex[[:space:]]+" "$a2cfiletmp"; then
            cp_echo "CN: Removing deprecated SSLMutex from $a2cfile"
            sed -r -i '/^[[:space:]]*SSLMutex[[:space:]]+/Id' \
                "$a2cfiletmp"
        fi

        if [ "$a2cfile" = "$CONF" ]; then
            if ! egrep -iq "^[[:space:]]*Mutex[[:space:]]+" "$a2cfiletmp"; then
                cp_echo "CN: Adding default Mutex to $a2cfile"
                echo 'Mutex file:${APACHE_LOCK_DIR} default' >> "$a2cfiletmp"
            fi
        fi

        if ! cmp -s "$a2cfiletmp" "$a2cfile"; then
            cp_mv "$a2cfiletmp" "$a2cfile"
            need_restart=1
        fi
        rm -f "$a2cfiletmp"
    done
fi


# Install CARNet specific configuration file.
#
install_conf carnet 000-carnet

# Enable SSL port (443).
#
listen_ssl

# Disable default site configuration.
#
if [ -e "$CONF" ]; then
    cp_echo "CN: Disabling default site configuration."
    a2dissite -m -f -q 000-default || true
    need_restart=1
fi


# Apache2 SSL certificate.
#
if [ -d "$CONFDIR/conf-enabled" ] && [ -n "$(ls -A $CONFDIR/conf-enabled/)" ]; then
    listen_ssl_mask=$CONFDIR/conf-enabled/*.conf
fi
if [ -d "$CONFDIR/sites-enabled" ] && [ -n "$(ls -A $CONFDIR/sites-enabled/)" ]; then
    listen_ssl_mask=$listen_ssl_mask" "$CONFDIR/sites-enabled/*.conf
fi

for file in $CONF $listen_ssl_mask; do
    if [ -f "$file" ]; then
        if egrep -iq '^[[:space:]]*<VirtualHost .*443[[:space:]]*>' $file; then
            has_listen_ssl=1
            break
        fi
    fi
done

if [ $has_listen_ssl -eq 0 ]; then

    db_get apache2-cn/sslcf || true
    apache2_sslcf="$RET"

    if [ -n "$apache2_sslcf" ]; then

        db_get apache2-cn/sslckf || true
        apache2_sslckf="$RET"

        db_get apache2-cn/sslccf || true
        apache2_sslccf="$RET"

        need_restart=1
    else

        # Generate new SSL certificate files.
        generate_ssl

        apache2_sslcf=
        apache2_sslckf=
        apache2_sslccf=
    fi
fi


# Add VirtualHosts.
# - on fresh install
#
if [ -z "$2" ]; then

    db_get apache2-cn/wwwhost || true
    if [ "$RET" = "true" ]; then

        # Add WWW VirtualHost.
        if [ -f "$CONFDIR/sites-available/000-$FQDN.conf" ]; then
            cp_backup_conffile -d $BACKUPDIR/sites-available -p $CONFDIR/sites-available/000-$FQDN.conf
        fi
        if [ -f "$CONFDIR/sites-available/www.$DOMAIN.conf" ]; then
            cp_backup_conffile -d $BACKUPDIR/sites-available -p $CONFDIR/sites-available/www.$DOMAIN.conf
        fi

        chk_conf_tag "$CONFDIR/sites-available/000-$FQDN.conf"
        if [ ! -f "$CONFDIR/sites-available/000-$FQDN.conf" ] || [ $RET -eq 0 ]; then
            if egrep -qi "^[[:space:]]*NameVirtualHost[[:space:]]+\*:80$" "$PORTCONF"; then
                install_vhost -d -r www.$DOMAIN default $FQDN 000-$FQDN
            else
                install_vhost -nvh -d -r www.$DOMAIN default $FQDN 000-$FQDN
            fi
            need_restart=1
        fi

        chk_conf_tag "$CONFDIR/sites-available/www.$DOMAIN.conf"
        if [ ! -f "$CONFDIR/sites-available/www.$DOMAIN.conf" ] || [ $RET -eq 0 ]; then
            install_vhost default www.$DOMAIN www.$DOMAIN
            need_restart=1
        fi
    else

        # No WWW VirtualHost.
        if [ -f "$CONFDIR/sites-available/000-$FQDN.conf" ]; then
            cp_backup_conffile -d $BACKUPDIR/sites-available -p $CONFDIR/sites-available/000-$FQDN.conf
        fi

        chk_conf_tag "$CONFDIR/sites-available/000-$FQDN.conf"
        if [ ! -f "$CONFDIR/sites-available/000-$FQDN.conf" ] || [ $RET -eq 0 ]; then
            if egrep -qi "^[[:space:]]*NameVirtualHost[[:space:]]+\*:80$" "$PORTCONF"; then
                install_vhost -d -r $FQDN default $FQDN 000-$FQDN
            else
                install_vhost -nvh -d -r $FQDN default $FQDN 000-$FQDN
            fi
            need_restart=1
        fi
    fi
fi


# Add VirtualHost for SSL?
#
if [ $has_listen_ssl -eq 0 ]; then

    if [ -f "$CONFDIR/sites-available/001-ssl.conf" ]; then
        cp_backup_conffile -d $BACKUPDIR/sites-available -p $CONFDIR/sites-available/001-ssl.conf
    fi

    # No active SSL VirtualHosts found - add new one.
    chk_conf_tag "$CONFDIR/sites-available/001-ssl.conf"
    if [ ! -f "$CONFDIR/sites-available/001-ssl.conf" ] || [ $RET -eq 0 ]; then

        db_get apache2-cn/wwwhost || true
        if [ "$RET" = "true" ]; then
            install_vhost -r www.$DOMAIN -n $HOST ssl ssl 001-ssl
        else
            install_vhost -r $FQDN -n $HOST ssl ssl 001-ssl
        fi
        need_restart=1
    fi
fi


# Check SSL certificates location for VirtualHosts.
#
if [ $has_listen_ssl -eq 0 ]; then

    chk_conf_tag "${CONFDIR}/sites-available/001-ssl.conf"
    if [ $RET -eq 0 ] && [ -n "$apache2_sslcf" ]; then

        SSLTMP=$(mktemp ${CONFDIR}/ssltmp.XXXXXX)
        temp_files="${temp_files} ${SSLTMP} ${SSLTMP}.cn-old"
        cp ${CONFDIR}/sites-available/001-ssl.conf $SSLTMP

        # SSLCertificateFile
        cp_check_and_sed "^[[:space:]]*SSLCertificateFile \/etc\/ssl\/certs\/apache2\.pem" \
            "s#SSLCertificateFile /etc/ssl/certs/apache2.pem#SSLCertificateFile $apache2_sslcf #g" \
        $SSLTMP || true

        # SSLCertificateKeyFile
        cp_check_and_sed "^[[:space:]]*SSLCertificateKeyFile \/etc\/ssl\/private\/apache2\.key" \
            "s#SSLCertificateKeyFile /etc/ssl/private/apache2.key#SSLCertificateKeyFile $apache2_sslckf #g" \
        $SSLTMP || true

        # SSLCertificateChainFile
        if [ -n "$apache2_sslccf" ]; then
            cp_check_and_sed "^[[:space:]]*# SSLCertificateChainFile \/etc\/ssl\/certs\/(sureserverEDU|cert-chain)\.pem" \
                "s#\# SSLCertificateChainFile /etc/ssl/certs/\(sureserverEDU\|cert-chain\).pem#SSLCertificateChainFile $apache2_sslccf #g" \
            $SSLTMP || true
        fi

        cp_mv $SSLTMP ${CONFDIR}/sites-available/001-ssl.conf

        need_restart=1

        # Just to be sure.
        [ -e "${SSLTMP}" ] && rm -f ${SSLTMP}
        [ -e "${SSLTMP}.cn-old" ] && rm -f ${SSLTMP}.cn-old
    fi
fi


# Check file access permissions for SSL certificates.
#
cp_echo "CN: Checking file access permissions for Apache2 SSL certificates."
sslkey=/etc/ssl/private
sslcerts="${sslkey}/ca.key ${sslkey}/apache2-ca.key ${sslkey}/apache2.key"
for certf in $sslcerts; do
    if [ -f "$certf" ]; then
        chmod 600 $certf
    fi
done


# Check and remove obsolete "Include /etc/apache2/sites-enabled/[^.#]*" from
# /etc/apache2/apache2.conf.
#
if egrep -iq "^[[:space:]]*Include[[:space:]]+\/etc\/apache2\/sites-enabled\/\[\^\.\#\]\*$" "$CONF"; then

    cp_echo "CN: Fixing obsolete Include line in $CONF."
    CONFTMP=`mktemp $CONF.tmp.XXXXXX`
    temp_files="${temp_files} ${CONFTMP}"

    sed -r "/^[[:space:]]*Include[[:space:]]+\/etc\/apache2\/sites-enabled\/\[\^\.\#\]\*$/Id" \
        "$CONF" > "$CONFTMP"

    if ! egrep -iq "^[[:space:]]*Include[[:space:]]+\/etc\/apache2\/sites-enabled\/$" "$CONFTMP"; then
        echo "Include /etc/apache2/sites-enabled/" >> "$CONFTMP"
    fi

    cp_mv "$CONFTMP" "$CONF"
    need_restart=1
fi


db_stop || true


# Remove old AOSI configuration for Apache: aosi-www.conf, aosi.conf.
#
if [ -e "$CONFDIR/conf.d/aosi-www.conf" ] || [ -e "$CONFDIR/conf.d/aosi.conf" ]; then
    cp_echo "CN: Removing old AOSI configuration files for Apache2."
    rm -f $CONFDIR/conf.d/aosi-www.conf
    rm -f $CONFDIR/conf.d/aosi.conf
    need_restart=1
fi


# Restart Apache2 web server if needed.
#
if [ $need_restart -eq 1 ]; then

    # Check Apache2 web server configuration.
    if apache2ctl configtest 2>/dev/null; then

        # Restart Apache2 web server.
        service apache2 reload || true
    else

        # Something is broken.
        cp_echo "CN: Your Apache2 configuration seems to be broken."
        cp_echo "CN: Please, check the service after the installation finishes!"
    fi
fi


# Mail root
#
cp_mail "$PKG"


# (re)generate monit.d files if monit-cn is installed.
#
if [ -x "/usr/sbin/update-monit.d" ]; then
    cp_echo "CN: Updating monit configuration..."
    update-monit.d || true
fi

#DEBHELPER#

exit 0