projects / apache2-cn.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Manje ciscenje debian/postinst.
[apache2-cn.git] / debian / postinst
1 #!/bin/sh
2
3 set -e
4
5 [ "$DEBIAN_SCRIPT_DEBUG" ] && set -vx
6
7 # Source debconf library.
8 . /usr/share/debconf/confmodule
9
10 case "$1" in
11     configure)
12         # continue below
13         ;;
14
15     abort-upgrade|abort-remove|abort-deconfigure)
16         exit 0
17         ;;
18
19     *)
20         echo "postinst called with unknown argument \`$1'" >&2
21         exit 0
22         ;;
23 esac
24
25
26 # Include CARNet functions.
27 . /usr/share/carnet-tools/functions.sh
28
29 PKG="apache2-cn"
30 VERSION="2.2.22+1"
31 CONFDIR="/etc/apache2"
32 CONF="$CONFDIR/apache2.conf"
33 A2MODEDIR="$CONFDIR/mods-enabled"
34 PORTCONF="$CONFDIR/ports.conf"
35 A2CNDIR=/usr/share/apache2-cn
36 TMPLDIR=$A2CNDIR/templates
37 CERTDIR=/etc/ssl/certs
38 A2PHPINI="/etc/php5/apache2/php.ini"
39
40 HOST=$(hostname)
41 FQDN=$(hostname --fqdn)
42 WEBMASTER="webmaster@$FQDN"
43 DOMAIN=$(hostname -d)
44 BACKUPDIR="/var/backups/apache2-cn"
45
46 backup_done=0
47 need_restart=0
48 apache2_sslcf=
49 apache2_sslckf=
50 apache2_sslccf=
51 has_vhosts=0
52 temp_files=
53 has_listen_ssl=0
54 listen_ssl_mask=
55
56
57 # cleanup()
58 #
59 #   Cleanup all temp files.
60 #
61 cleanup () {
62     if [ -n "$temp_files" ]; then
63         for item in $temp_files; do
64             if [ -e "$item" ]; then
65                 rm -f $item
66             fi
67         done
68     fi
69 }
70
71 # tag_conf()
72 #
73 #   Add CARNet package info lines to config's header.
74 #
75 tag_conf () {
76     local conf_file
77     conf_file="$1"
78
79     if [ -e "$conf_file" ]; then
80         cat >> $conf_file <<EOF
81 ## Begin - Generated by CARNet package apache2-cn
82 #
83 #  REMOVE this whole block if you DON'T WANT apache2-cn
84 #  to edit your configuration file.
85 #
86 ## End - Generated by CARNet package apache2-cn
87 EOF
88     fi
89 }
90
91 # chk_conf_tag ()
92 #
93 #   Check if configuration file has CARNet package info lines.
94 #   return:  $RET => 0 - tagged
95 #                    1 - not tagged or file does not exists
96 #                    2 - file exists, but it is not tagged
97 #
98 chk_conf_tag () {
99     local conf_file
100     conf_file="$1"
101     RET=1
102
103     if [ -f "$conf_file" ]; then
104         if egrep -q "^## Begin - Generated by CARNet package apache2-cn$" "$conf_file"; then
105             RET=0
106         else
107             RET=2
108         fi
109     fi
110 }
111
112 # generate_ssl()
113 #
114 #   Generate Apache2 web server SSL certificate.
115 #
116 generate_ssl () {
117     generate_ssl_output=$($A2CNDIR/carnet-generate-ssl ignore "$FQDN" "$WEBMASTER" "$DOMAIN" 2> /dev/null)
118     cp_echo "$generate_ssl_output"
119     need_restart=1
120 }
121
122 # listen_ssl()
123 #
124 #   Check if port 443 is configured in ports.conf file.
125 #
126 listen_ssl() {
127
128     if [ ! -f "$PORTCONF" ] || ! egrep -iq "^[[:space:]]*Listen[[:space:]]+443$" "$PORTCONF"; then
129
130         cp_echo "CN: Enabling SSL port (443) for Apache2 web server."
131
132         out=$(mktemp ${PORTCONF}.XXXXXX)
133         temp_files="${temp_files} ${out}"
134
135         if [ -f "$PORTCONF" ]; then
136             cp $PORTCONF $out
137         fi
138
139         echo "Listen 443" >> $out
140         cp_mv $out $PORTCONF
141         chmod 644 $PORTCONF
142
143         need_restart=1
144     fi
145 }
146
147 # install_conf()
148 #
149 #   Install specified Apache2 configuration file.
150 #
151 install_conf() {
152     conftmpl="$A2CNDIR/$1.conf"
153     conf="$CONFDIR/conf.d/$2.conf"
154
155     if [ ! -e "$conf" ]; then
156
157         cp_echo "CN: Enabling CARNet specific configuration."
158         cp "$conftmpl" "$conf"
159
160         need_restart=1
161     else
162         cp_echo "CN: $conf already exists, left untouched." 1>&2
163     fi
164 }
165
166 # install_vhost()
167 #
168 #   Install specified VirtualHost for Apache2 web server.
169 #
170 #   Invocation:
171 #
172 #   install_vhost [-nvh] [-d] [-s docroot_symlink_dest] template site site-enabled-symlink
173 #
174 #     -nvh - add NameVirtualHost
175 #     -d   - mkdir DocumentRoot
176 #     -r   - set DocumentRoot
177 #     -n   - set ServerName
178 #     -s X - symlink DocumentRoot to X (all in /var/www)
179 #
180 #   site - name of file in sites-available, host part of ServerName unless -r or -n is used
181 #   site-enabled-symlink - name of symlink in sites-enabled
182 #
183 install_vhost() {
184     add_namevirthost=
185     mkdir_docroot=
186     symlink_docroot=
187     docroot=
188     vhostname=
189
190     while echo "x$1" | grep -q '^x-'; do
191         case "$1" in
192             -nvh)
193                 add_namevirthost=1
194                 shift
195                 ;;
196             -d)
197                 mkdir_docroot=1
198                 shift
199                 ;;
200             -s)
201                 shift
202                 symlink_docroot="$1"
203                 shift
204                 ;;
205             -r)
206                 shift
207                 docroot="$1"
208                 if ! echo "$docroot" | grep -q /; then
209                     docroot="/var/www/$docroot"
210                 fi
211                 shift
212                 ;;
213             -n)
214                 shift
215                 vhostname="$1"
216                 shift
217                 ;;
218         esac
219     done
220
221     vhosttmpl="$1.template"
222     vhost="$2"
223     venabled="$3"
224     [ -z "$vhostname" ] && vhostname=$(echo "$vhost"| awk -F. '{print $1}')
225     force_vhost=
226
227     vhostdir=$CONFDIR/sites-available
228     venabledir=$CONFDIR/sites-enabled
229
230     if [ ! -e "$TMPLDIR/${vhosttmpl}" ]; then
231         echo "E: vhost template ${vhosttmpl} not found in $TMPLDIR!" 1>&2
232         exit 2
233     fi
234
235     [ -z "$docroot" ] && docroot="/var/www/$vhostname.$DOMAIN"
236
237     # if we were broken mid-installation, force
238     if [ ! -e "$docroot" -a \( -n "$mkdir_docroot" -o -n "$symlink_docroot" \) ]; then
239         force_vhost=1
240     fi
241
242     # add vhost if either of these is true
243     # - adding is forced OR
244     # - it doesn't exist
245     #
246     if [ -n "$force_vhost" -o \( ! -e "$vhostdir/$vhost" -a ! -e "$venabledir/$venabled" \) ]; then
247
248         cp_echo "CN: Adding $vhost VirtualHost."
249         out=$(mktemp $vhostdir/$vhost.XXXXXX)
250         temp_files="${temp_files} ${out}"
251
252         # CARNet header.
253         tag_conf "$out"
254
255         if [ "$add_namevirthost" ]; then
256             nvh=$(awk -F'[ >]' '/^<VirtualHost/ {print $2}' $TMPLDIR/$vhosttmpl |\
257                 sed "s/IPADDR/$MYIP/g")
258             echo "NameVirtualHost $nvh" >> $out
259         fi
260
261         sed "s/HOST/$vhostname/g; s/DOMAIN/$DOMAIN/g;
262             s#DOCROOT#$docroot#g; s/IPADDR/$MYIP/g" < $TMPLDIR/$vhosttmpl >> $out
263         cp_mv $out $vhostdir/$vhost
264         chmod 644 $vhostdir/$vhost
265         ln -fs ../sites-available/$vhost $venabledir/$venabled
266
267         if [ -n "$mkdir_docroot" -a ! -d "$docroot" ]; then
268             mkdir "$docroot"
269             echo '<html><body><h1>Radi!</h1></body></html>' > "$docroot/index.html"
270         elif [ -n "$symlink_docroot" ]; then
271             ln -fs "$symlink_docroot" "$docroot"
272         fi
273
274         need_restart=1
275     fi
276 }
277
278
279 # Set trap for deleting all temp files.
280 #
281 trap cleanup 0 1 2 15
282
283
284 # Backup all configuration located in /etc/apache2/conf.d/ and
285 # /etc/apache2/sites-available/ directories.
286 #
287 if [ -e "$CONF" ]; then
288     cp_echo "CN: Doing backup for $CONF"
289     cp_backup_conffile -d $BACKUPDIR -p $CONF
290     backup_done=1
291 fi
292 if [ -d "$CONFDIR/conf.d" ] && [ -n "$(ls ${CONFDIR}/conf.d/)" ]; then
293     cp_echo "CN: Doing backup for all files in /etc/apache2/conf.d/"
294     for file in /etc/apache2/conf.d/*; do
295         if [ -z "$(echo $file | egrep '^/.*~')" ]; then
296             cp_backup_conffile -d $BACKUPDIR -p $file
297         fi
298     done
299     backup_done=1
300 fi
301 if [ -d "$CONFDIR/sites-available" ] && [ -n "$(ls ${CONFDIR}/sites-available/)" ]; then
302     cp_echo "CN: Doing backup for all files in /etc/apache2/sites-available/"
303     for file in /etc/apache2/sites-available/*; do
304         if [ -z "$(echo $file | egrep '^/.*~')" ]; then
305             cp_backup_conffile -d $BACKUPDIR -p $file
306         fi
307     done
308     backup_done=1
309 fi
310 if [ $backup_done -eq 1 ]; then
311     cp_echo "CN: Backup is located in directory: $BACKUPDIR/"
312 fi
313
314
315 # Enable Apache2 web server modules (cgi, rewrite, userdir, suexec, php5, ssl).
316 #
317 if [ -e "$CONF" ]; then
318
319     if [ ! -e "$A2MODEDIR/cgi.load" ]; then
320         cp_echo "CN: Enabling CGI module for Apache2 web server."
321         a2enmod cgi >/dev/null || true
322         need_restart=1
323     fi
324
325     if [ ! -e "$A2MODEDIR/rewrite.load" ]; then
326         cp_echo "CN: Enabling rewrite module for Apache2 web server."
327         a2enmod rewrite >/dev/null || true
328         need_restart=1
329     fi
330
331     if [ ! -e "$A2MODEDIR/userdir.load" ] || [ ! -e "$A2MODEDIR/userdir.conf" ]; then
332         cp_echo "CN: Enabling userdir module for Apache2 web server."
333         a2enmod userdir >/dev/null || true
334         need_restart=1
335     fi
336
337     if [ ! -e "$A2MODEDIR/suexec.load" ]; then
338         cp_echo "CN: Enabling SUEXEC module for Apache2 web server."
339         a2enmod suexec >/dev/null || true
340         need_restart=1
341     fi
342
343     if [ ! -e "$A2MODEDIR/php5.load" ] || [ ! -e "$A2MODEDIR/php5.conf" ]; then
344         if [ -e "/usr/lib/apache2/modules/libphp5.so" ]; then
345             cp_echo "CN: Enabling PHP5 module for Apache2 web server."
346             a2enmod php5 >/dev/null || true
347             need_restart=1
348         fi
349     fi
350
351     if [ ! -e "$A2MODEDIR/ssl.load" ] || [ ! -e "$A2MODEDIR/ssl.conf" ]; then
352         cp_echo "CN: Enabling SSL module for Apache2 web server."
353         a2enmod ssl >/dev/null || true
354         need_restart=1
355     fi
356 fi
357
358
359 # Install CARNet specific configuration file.
360 #
361 install_conf carnet 000-carnet
362
363 # Enable SSL port (443).
364 #
365 listen_ssl
366
367 # Disable default site configuration.
368 #
369 if [ -e "$CONF" ]; then
370     if [ -e "$CONFDIR/sites-enabled/000-default" ]; then
371         cp_echo "CN: Disabling 000-default site configuration."
372         a2dissite 000-default >/dev/null || true
373
374         need_restart=1
375     fi
376 fi
377
378
379 # Apache2 SSL certificate.
380 #
381 if [ -d "$CONFDIR/conf.d" ] && [ -n "$(ls $CONFDIR/conf.d)" ]; then
382     listen_ssl_mask=$CONFDIR/conf.d/*
383 fi
384 if [ -d "$CONFDIR/sites-enabled" ] && [ -n "$(ls $CONFDIR/sites-enabled)" ]; then
385     listen_ssl_mask=$listen_ssl_mask" "$CONFDIR/sites-enabled/*
386 fi
387
388 for file in $CONF $listen_ssl_mask; do
389     if [ -f "$file" ]; then
390         if egrep -iq '^[[:space:]]*<VirtualHost .*443[[:space:]]*>' $file; then
391             has_listen_ssl=1
392             break
393         fi
394     fi
395 done
396
397 if [ $has_listen_ssl -eq 0 ]; then
398
399     db_get apache2-cn/sslcf || true
400     apache2_sslcf="$RET"
401
402     if [ -n "$apache2_sslcf" ]; then
403
404         db_get apache2-cn/sslckf || true
405         apache2_sslckf="$RET"
406
407         db_get apache2-cn/sslccf || true
408         apache2_sslccf="$RET"
409
410         need_restart=1
411     else
412
413         # Generate new SSL certificate files.
414         generate_ssl
415
416         apache2_sslcf=
417         apache2_sslckf=
418         apache2_sslccf=
419     fi
420 fi
421
422
423 # Add VirtualHosts.
424 # - on fresh install
425 #
426 if [ -z "$2" ]; then
427
428     db_get apache2-cn/wwwhost || true
429     if [ "$RET" = "true" ]; then
430
431         # Add WWW VirtualHost.
432         if [ -f "$CONFDIR/sites-available/$FQDN" ]; then
433             cp_backup_conffile -d $BACKUPDIR -p $CONFDIR/sites-available/$FQDN
434         fi
435         if [ -f "$CONFDIR/sites-available/www.$DOMAIN" ]; then
436             cp_backup_conffile -d $BACKUPDIR -p $CONFDIR/sites-available/www.$DOMAIN
437         fi
438
439         chk_conf_tag "$CONFDIR/sites-available/$FQDN"
440         if [ ! -f "$CONFDIR/sites-available/$FQDN" ] || [ $RET -eq 0 ]; then
441             if egrep -qi "^[[:space:]]*NameVirtualHost[[:space:]]+\*:80$" "$PORTCONF"; then
442                 install_vhost -d -r www.$DOMAIN default $FQDN 000-$FQDN
443             else
444                 install_vhost -nvh -d -r www.$DOMAIN default $FQDN 000-$FQDN
445             fi
446             need_restart=1
447         fi
448
449         chk_conf_tag "$CONFDIR/sites-available/www.$DOMAIN"
450         if [ ! -f "$CONFDIR/sites-available/www.$DOMAIN" ] || [ $RET -eq 0 ]; then
451             install_vhost default www.$DOMAIN www.$DOMAIN
452             need_restart=1
453         fi
454     else
455
456         # No WWW VirtualHost.
457         if [ -f "$CONFDIR/sites-available/$FQDN" ]; then
458             cp_backup_conffile -d $BACKUPDIR -p $CONFDIR/sites-available/$FQDN
459         fi
460
461         chk_conf_tag "$CONFDIR/sites-available/$FQDN"
462         if [ ! -f "$CONFDIR/sites-available/$FQDN" ] || [ $RET -eq 0 ]; then
463             if egrep -qi "^[[:space:]]*NameVirtualHost[[:space:]]+\*:80$" "$PORTCONF"; then
464                 install_vhost -d -r $FQDN default $FQDN 000-$FQDN
465             else
466                 install_vhost -nvh -d -r $FQDN default $FQDN 000-$FQDN
467             fi
468             need_restart=1
469         fi
470     fi
471 fi
472
473
474 # Add VirtualHost for SSL?
475 #
476 if [ $has_listen_ssl -eq 0 ]; then
477
478     if [ -f "$CONFDIR/sites-available/ssl" ]; then
479         cp_backup_conffile -d $BACKUPDIR -p $CONFDIR/sites-available/ssl
480     fi
481
482     # No active SSL VirtualHosts found - add new one.
483     chk_conf_tag "$CONFDIR/sites-available/ssl"
484     if [ ! -f "$CONFDIR/sites-available/ssl" ] || [ $RET -eq 0 ]; then
485
486         db_get apache2-cn/wwwhost || true
487         if [ "$RET" = "true" ]; then
488             install_vhost -r www.$DOMAIN -n $HOST ssl ssl 001-ssl
489         else
490             install_vhost -r $FQDN -n $HOST ssl ssl 001-ssl
491         fi
492         need_restart=1
493     fi
494 fi
495
496
497 # Check SSL certificates location for VirtualHosts.
498 #
499 if [ $has_listen_ssl -eq 0 ]; then
500
501     chk_conf_tag "${CONFDIR}/sites-available/ssl"
502     if [ $RET -eq 0 ] && [ -n "$apache2_sslcf" ]; then
503
504         SSLTMP=$(mktemp ${CONFDIR}/ssltmp.XXXXXX)
505         temp_files="${temp_files} ${SSLTMP} ${SSLTMP}.cn-old"
506         cp ${CONFDIR}/sites-available/ssl $SSLTMP
507
508         # SSLCertificateFile
509         cp_check_and_sed "^[[:space:]]*SSLCertificateFile \/etc\/ssl\/certs\/apache2\.pem" \
510             "s#SSLCertificateFile /etc/ssl/certs/apache2.pem#SSLCertificateFile $apache2_sslcf #g" \
511         $SSLTMP || true
512
513         # SSLCertificateKeyFile
514         cp_check_and_sed "^[[:space:]]*SSLCertificateKeyFile \/etc\/ssl\/private\/apache2\.key" \
515             "s#SSLCertificateKeyFile /etc/ssl/private/apache2.key#SSLCertificateKeyFile $apache2_sslckf #g" \
516         $SSLTMP || true
517
518         # SSLCertificateChainFile
519         if [ -n "$apache2_sslccf" ]; then
520             cp_check_and_sed "^[[:space:]]*# SSLCertificateChainFile \/etc\/ssl\/certs\/(sureserverEDU|cert-chain)\.pem" \
521                 "s#\# SSLCertificateChainFile /etc/ssl/certs/\(sureserverEDU\|cert-chain\).pem#SSLCertificateChainFile $apache2_sslccf #g" \
522             $SSLTMP || true
523         fi
524
525         cp_mv $SSLTMP ${CONFDIR}/sites-available/ssl
526
527         need_restart=1
528
529         # Just to be sure.
530         [ -e "${SSLTMP}" ] && rm -f ${SSLTMP}
531         [ -e "${SSLTMP}.cn-old" ] && rm -f ${SSLTMP}.cn-old
532     fi
533 fi
534
535
536 # Check file access permissions for SSL certificates.
537 #
538 cp_echo "CN: Checking file access permissions for Apache2 SSL certificates."
539 sslkey=/etc/ssl/private
540 sslcerts="${sslkey}/ca.key ${sslkey}/apache2-ca.key ${sslkey}/apache2.key"
541 for certf in $sslcerts; do
542     if [ -f "$certf" ]; then
543         chmod 600 $certf
544     fi
545 done
546
547
548 # Check and remove obsolete "Include /etc/apache2/sites-enabled/[^.#]*" from
549 # /etc/apache2/apache2.conf.
550 #
551 if egrep -iq "^[[:space:]]*Include[[:space:]]+\/etc\/apache2\/sites-enabled\/\[\^\.\#\]\*$" "$CONF"; then
552
553     cp_echo "CN: Fixing obsolete Include line in $CONF."
554     CONFTMP=`mktemp $CONF.tmp.XXXXXX`
555     sed -r "/^[[:space:]]*Include[[:space:]]+\/etc\/apache2\/sites-enabled\/\[\^\.\#\]\*$/Id" \
556         "$CONF" > "$CONFTMP"
557
558     if ! egrep -iq "^[[:space:]]*Include[[:space:]]+\/etc\/apache2\/sites-enabled\/$" "$CONFTMP"; then
559         echo "Include /etc/apache2/sites-enabled/" >> "$CONFTMP"
560     fi
561
562     cp_mv "$CONFTMP" "$CONF"
563     need_restart=1
564 fi
565
566
567 db_stop || true
568
569
570 # Remove old AOSI configuration for Apache: aosi-www.conf, aosi.conf.
571 #
572 if [ -e "$CONFDIR/conf.d/aosi-www.conf" ] || [ -e "$CONFDIR/conf.d/aosi.conf" ]; then
573     cp_echo "CN: Removing old AOSI configuration files for Apache2."
574     need_restart=1
575 fi
576 [ -e "$CONFDIR/conf.d/aosi-www.conf" ] && rm -f $CONFDIR/conf.d/aosi-www.conf
577 [ -e "$CONFDIR/conf.d/aosi.conf" ] && rm -f $CONFDIR/conf.d/aosi.conf
578
579
580 # Restart Apache2 web server if needed.
581 #
582 if [ $need_restart -eq 1 ]; then
583
584     # Check Apache2 web server configuration.
585     if apache2ctl configtest 2>/dev/null; then
586
587         # Restart Apache2 web server.
588         invoke-rc.d apache2 restart || true
589     else
590
591         # Something is broken.
592         cp_echo "CN: Your Apache2 configuration seem to be broken."
593         cp_echo "CN: Please, check the service after the installation finishes!"
594     fi
595 fi
596
597
598 # Mail root
599 #
600 cp_mail "$PKG"
601
602
603 # (re)generate monit.d files if monit-cn is installed.
604 #
605 if [ -x "/usr/sbin/update-monit.d" ]; then
606     cp_echo "CN: Updating monit configuration..."
607     update-monit.d || true
608 fi
609
610 #DEBHELPER#
611
612 exit 0
apache2-cn