projects / apache2-cn.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Povecana velicina generiranog kljuca na 2048 bit, manje izmjene.
[apache2-cn.git] / debian / postinst
1 #!/bin/sh
2
3 set -e
4
5 [ "$DEBIAN_SCRIPT_DEBUG" ] && set -vx
6
7 # Source debconf library.
8 . /usr/share/debconf/confmodule
9
10 case "$1" in
11     configure)
12         # continue below
13         ;;
14
15     abort-upgrade|abort-remove|abort-deconfigure)
16         exit 0
17         ;;
18
19     *)
20         echo "postinst called with unknown argument \`$1'" >&2
21         exit 0
22         ;;
23 esac
24
25
26 # Include CARNet functions.
27 . /usr/share/carnet-tools/functions.sh
28
29 PKG="apache2-cn"
30 VERSION="2.2.22+1"
31 CONFDIR="/etc/apache2"
32 CONF="$CONFDIR/apache2.conf"
33 A2MODEDIR="$CONFDIR/mods-enabled"
34 PORTCONF="$CONFDIR/ports.conf"
35 A2CNDIR=/usr/share/apache2-cn
36 TMPLDIR=$A2CNDIR/templates
37 CERTDIR=/etc/ssl/certs
38 A2PHPINI="/etc/php5/apache2/php.ini"
39
40 HOST=$(hostname)
41 FQDN=$(hostname --fqdn)
42 WEBMASTER="webmaster@$FQDN"
43 DOMAIN=$(hostname -d)
44 BACKUPDIR="/var/backups/apache2-cn"
45
46 backup_done=0
47 need_restart=0
48 apache2_sslcert=0
49 apache2_sslcf=
50 apache2_sslckf=
51 apache2_sslccf=
52 has_vhosts=0
53 temp_files=
54 has_listen_ssl=0
55 listen_ssl_mask=
56
57
58 # cleanup()
59 #
60 #   Cleanup all temp files.
61 #
62 cleanup () {
63     if [ -n "$temp_files" ]; then
64         for item in $temp_files; do
65             if [ -e "$item" ]; then
66                 rm -f $item
67             fi
68         done
69     fi
70 }
71
72 # tag_conf()
73 #
74 #   Add CARNet package info lines to config's header.
75 #
76 tag_conf () {
77     local conf_file
78     conf_file="$1"
79
80     if [ -e "$conf_file" ]; then
81         cat >> $conf_file <<EOF
82 ## Begin - Generated by CARNet package apache2-cn
83 #
84 #  REMOVE this whole block if you DON'T WANT apache2-cn
85 #  to edit your configuration file.
86 #
87 ## End - Generated by CARNet package apache2-cn
88 EOF
89     fi
90 }
91
92 # chk_conf_tag ()
93 #
94 #   Check if configuration file has CARNet package info lines.
95 #   return:  $RET => 0 - tagged
96 #                    1 - not tagged or file does not exists
97 #                    2 - file exists, but it is not tagged
98 #
99 chk_conf_tag () {
100     local conf_file
101     conf_file="$1"
102     RET=1
103
104     if [ -f "$conf_file" ]; then
105         if egrep -q "^## Begin - Generated by CARNet package apache2-cn$" "$conf_file"; then
106             RET=0
107         else
108             RET=2
109         fi
110     fi
111 }
112
113 # generate_ssl()
114 #
115 #   Generate Apache2 web server SSL certificate.
116 #
117 generate_ssl () {
118     generate_ssl_output=$($A2CNDIR/carnet-generate-ssl ignore "$FQDN" "$WEBMASTER" "$DOMAIN" 2> /dev/null)
119     cp_echo "$generate_ssl_output"
120     need_restart=1
121 }
122
123 # listen_ssl()
124 #
125 #   Check if port 443 is configured in ports.conf file.
126 #
127 listen_ssl() {
128
129     if [ ! -f "$PORTCONF" ] || ! egrep -iq "^[[:space:]]*Listen[[:space:]]+443$" "$PORTCONF"; then
130
131         cp_echo "CN: Enabling SSL port (443) for Apache2 web server."
132
133         out=$(mktemp ${PORTCONF}.XXXXXX)
134
135         if [ -f "$PORTCONF" ]; then
136             cp $PORTCONF $out
137         fi
138
139         echo "Listen 443" >> $out
140         cp_mv $out $PORTCONF
141         chmod 644 $PORTCONF
142
143         need_restart=1
144         temp_files="${temp_files} ${out}"
145     fi
146 }
147
148 # install_conf()
149 #
150 #   Install specified Apache2 configuration file.
151 #
152 install_conf() {
153     conftmpl="$A2CNDIR/$1.conf"
154     conf="$CONFDIR/conf.d/$2.conf"
155
156     if [ ! -e "$conf" ]; then
157
158         cp_echo "CN: Enabling CARNet specific configuration."
159         cp "$conftmpl" "$conf"
160
161         need_restart=1
162     else
163         cp_echo "CN: $conf already exists, left untouched." 1>&2
164     fi
165 }
166
167 # install_vhost()
168 #
169 #   Install specified VirtualHost for Apache2 web server.
170 #
171 #   Invocation:
172 #
173 #   install_vhost [-nvh] [-d] [-s docroot_symlink_dest] template site site-enabled-symlink
174 #
175 #     -nvh - add NameVirtualHost
176 #     -d   - mkdir DocumentRoot
177 #     -r   - set DocumentRoot
178 #     -n   - set ServerName
179 #     -s X - symlink DocumentRoot to X (all in /var/www)
180 #
181 #   site - name of file in sites-available, host part of ServerName unless -r or -n is used
182 #   site-enabled-symlink - name of symlink in sites-enabled
183 #
184 install_vhost() {
185     add_namevirthost=
186     mkdir_docroot=
187     symlink_docroot=
188     docroot=
189     vhostname=
190
191     while echo "x$1" | grep -q '^x-'; do
192         case "$1" in
193             -nvh)
194                 add_namevirthost=1
195                 shift
196                 ;;
197             -d)
198                 mkdir_docroot=1
199                 shift
200                 ;;
201             -s)
202                 shift
203                 symlink_docroot="$1"
204                 shift
205                 ;;
206             -r)
207                 shift
208                 docroot="$1"
209                 if ! echo "$docroot" | grep -q /; then
210                     docroot="/var/www/$docroot"
211                 fi
212                 shift
213                 ;;
214             -n)
215                 shift
216                 vhostname="$1"
217                 shift
218                 ;;
219         esac
220     done
221
222     vhosttmpl="$1.template"
223     vhost="$2"
224     venabled="$3"
225     [ -z "$vhostname" ] && vhostname=$(echo "$vhost"| awk -F. '{print $1}')
226     force_vhost=
227
228     vhostdir=$CONFDIR/sites-available
229     venabledir=$CONFDIR/sites-enabled
230
231     if [ ! -e "$TMPLDIR/${vhosttmpl}" ]; then
232         echo "E: vhost template ${vhosttmpl} not found in $TMPLDIR!" 1>&2
233         exit 2
234     fi
235
236     [ -z "$docroot" ] && docroot="/var/www/$vhostname.$DOMAIN"
237
238     # if we were broken mid-installation, force
239     if [ ! -e "$docroot" -a \( -n "$mkdir_docroot" -o -n "$symlink_docroot" \) ]; then
240         force_vhost=1
241     fi
242
243     # add vhost if either of these is true
244     # - adding is forced OR
245     # - it doesn't exist
246     #
247     if [ -n "$force_vhost" -o \( ! -e "$vhostdir/$vhost" -a ! -e "$venabledir/$venabled" \) ]; then
248
249         cp_echo "CN: Adding $vhost VirtualHost."
250         out=$(mktemp $vhostdir/$vhost.XXXXXX)
251         temp_files="${temp_files} ${out}"
252
253         # CARNet header.
254         tag_conf "$out"
255
256         if [ "$add_namevirthost" ]; then
257             nvh=$(awk -F'[ >]' '/^<VirtualHost/ {print $2}' $TMPLDIR/$vhosttmpl |\
258                 sed "s/IPADDR/$MYIP/g")
259             echo "NameVirtualHost $nvh" >> $out
260         fi
261
262         sed "s/HOST/$vhostname/g; s/DOMAIN/$DOMAIN/g;
263             s#DOCROOT#$docroot#g; s/IPADDR/$MYIP/g" < $TMPLDIR/$vhosttmpl >> $out
264         cp_mv $out $vhostdir/$vhost
265         chmod 644 $vhostdir/$vhost
266         ln -fs ../sites-available/$vhost $venabledir/$venabled
267
268         if [ -n "$mkdir_docroot" -a ! -d "$docroot" ]; then
269             mkdir "$docroot"
270             echo '<html><body><h1>Radi!</h1></body></html>' > "$docroot/index.html"
271         elif [ -n "$symlink_docroot" ]; then
272             ln -fs "$symlink_docroot" "$docroot"
273         fi
274
275         need_restart=1
276     fi
277 }
278
279
280 # Set trap for deleting all temp files.
281 #
282 trap cleanup 0 1 2 15
283
284
285 # Backup all configuration located in /etc/apache2/conf.d/ and
286 # /etc/apache2/sites-available/ directories.
287 #
288 if [ -e "$CONF" ]; then
289     cp_echo "CN: Doing backup for $CONF"
290     cp_backup_conffile -d $BACKUPDIR -p $CONF
291     backup_done=1
292 fi
293 if [ -d "$CONFDIR/conf.d" ] && [ -n "$(ls ${CONFDIR}/conf.d/)" ]; then
294     cp_echo "CN: Doing backup for all files in /etc/apache2/conf.d/"
295     for file in /etc/apache2/conf.d/*; do
296         if [ -z "$(echo $file | egrep '^/.*~')" ]; then
297             cp_backup_conffile -d $BACKUPDIR -p $file
298         fi
299     done
300     backup_done=1
301 fi
302 if [ -d "$CONFDIR/sites-available" ] && [ -n "$(ls ${CONFDIR}/sites-available/)" ]; then
303     cp_echo "CN: Doing backup for all files in /etc/apache2/sites-available/"
304     for file in /etc/apache2/sites-available/*; do
305         if [ -z "$(echo $file | egrep '^/.*~')" ]; then
306             cp_backup_conffile -d $BACKUPDIR -p $file
307         fi
308     done
309     backup_done=1
310 fi
311 if [ $backup_done -eq 1 ]; then
312     cp_echo "CN: Backup is located in directory: $BACKUPDIR/"
313 fi
314
315
316 # Enable Apache2 web server modules (cgi, rewrite, userdir, suexec, php5, ssl).
317 #
318 if [ -e "$CONF" ]; then
319
320     if [ ! -e "$A2MODEDIR/cgi.load" ]; then
321         cp_echo "CN: Enabling CGI module for Apache2 web server."
322         a2enmod cgi >/dev/null || true
323         need_restart=1
324     fi
325
326     if [ ! -e "$A2MODEDIR/rewrite.load" ]; then
327         cp_echo "CN: Enabling rewrite module for Apache2 web server."
328         a2enmod rewrite >/dev/null || true
329         need_restart=1
330     fi
331
332     if [ ! -e "$A2MODEDIR/userdir.load" ] || [ ! -e "$A2MODEDIR/userdir.conf" ]; then
333         cp_echo "CN: Enabling userdir module for Apache2 web server."
334         a2enmod userdir >/dev/null || true
335         need_restart=1
336     fi
337
338     if [ ! -e "$A2MODEDIR/suexec.load" ]; then
339         cp_echo "CN: Enabling SUEXEC module for Apache2 web server."
340         a2enmod suexec >/dev/null || true
341         need_restart=1
342     fi
343
344     if [ ! -e "$A2MODEDIR/php5.load" ] || [ ! -e "$A2MODEDIR/php5.conf" ]; then
345         if [ -e "/usr/lib/apache2/modules/libphp5.so" ]; then
346             cp_echo "CN: Enabling PHP5 module for Apache2 web server."
347             a2enmod php5 >/dev/null || true
348             need_restart=1
349         fi
350     fi
351
352     if [ ! -e "$A2MODEDIR/ssl.load" ] || [ ! -e "$A2MODEDIR/ssl.conf" ]; then
353         cp_echo "CN: Enabling SSL module for Apache2 web server."
354         a2enmod ssl >/dev/null || true
355         need_restart=1
356     fi
357 fi
358
359
360 # Install CARNet specific configuration file.
361 #
362 install_conf carnet 000-carnet
363
364 # Enable SSL port (443).
365 #
366 listen_ssl
367
368 # Disable default site configuration.
369 #
370 if [ -e "$CONF" ]; then
371     if [ -e "$CONFDIR/sites-enabled/000-default" ]; then
372         cp_echo "CN: Disabling 000-default site configuration."
373         a2dissite 000-default >/dev/null || true
374
375         need_restart=1
376     fi
377 fi
378
379
380 # Apache2 SSL certificate.
381 #
382 has_listen_ssl=0
383
384 if [ -d "$CONFDIR/conf.d" ] && [ -n "$(ls $CONFDIR/conf.d)" ]; then
385     listen_ssl_mask=$CONFDIR/conf.d/*
386 fi
387 if [ -d "$CONFDIR/sites-enabled" ] && [ -n "$(ls $CONFDIR/sites-enabled)" ]; then
388     listen_ssl_mask=$listen_ssl_mask" "$CONFDIR/sites-enabled/*
389 fi
390
391 for file in $CONF $listen_ssl_mask; do
392     if [ -f "$file" ]; then
393         if egrep -iq '^[[:space:]]*<VirtualHost .*443[[:space:]]*>' $file; then
394             has_listen_ssl=1
395             apache2_sslcert=1
396             break
397         fi
398     fi
399 done
400
401 if [ $apache2_sslcert -eq 0 ]; then
402
403     db_get apache2-cn/sslcf || true
404     apache2_sslcf="$RET"
405
406     if [ -n "$apache2_sslcf" ]; then
407
408         db_get apache2-cn/sslckf || true
409         apache2_sslckf="$RET"
410
411         db_get apache2-cn/sslccf || true
412         apache2_sslccf="$RET"
413
414         need_restart=1
415     else
416
417         # Generate new SSL certificate files.
418         generate_ssl
419
420         apache2_sslcf=
421         apache2_sslckf=
422         apache2_sslccf=
423     fi
424 fi
425
426
427 # Add VirtualHosts.
428 # - on fresh install
429 #
430 if [ -z "$2" ]; then
431
432     db_get apache2-cn/wwwhost || true
433     if [ "$RET" = "true" ]; then
434
435         # Add WWW VirtualHost.
436         if [ -f "$CONFDIR/sites-available/$FQDN" ]; then
437             cp_backup_conffile -d $BACKUPDIR -p $CONFDIR/sites-available/$FQDN
438         fi
439         if [ -f "$CONFDIR/sites-available/www.$DOMAIN" ]; then
440             cp_backup_conffile -d $BACKUPDIR -p $CONFDIR/sites-available/www.$DOMAIN
441         fi
442
443         chk_conf_tag "$CONFDIR/sites-available/$FQDN"
444         if [ ! -f "$CONFDIR/sites-available/$FQDN" ] || [ $RET -eq 0 ]; then
445             if egrep -qi "^[[:space:]]*NameVirtualHost[[:space:]]+\*:80$" "$PORTCONF"; then
446                 install_vhost -d -r www.$DOMAIN default $FQDN 000-$FQDN
447             else
448                 install_vhost -nvh -d -r www.$DOMAIN default $FQDN 000-$FQDN
449             fi
450             need_restart=1
451         fi
452
453         chk_conf_tag "$CONFDIR/sites-available/www.$DOMAIN"
454         if [ ! -f "$CONFDIR/sites-available/www.$DOMAIN" ] || [ $RET -eq 0 ]; then
455             install_vhost default www.$DOMAIN www.$DOMAIN
456             need_restart=1
457         fi
458     else
459
460         # No WWW VirtualHost.
461         if [ -f "$CONFDIR/sites-available/$FQDN" ]; then
462             cp_backup_conffile -d $BACKUPDIR -p $CONFDIR/sites-available/$FQDN
463         fi
464
465         chk_conf_tag "$CONFDIR/sites-available/$FQDN"
466         if [ ! -f "$CONFDIR/sites-available/$FQDN" ] || [ $RET -eq 0 ]; then
467             if egrep -qi "^[[:space:]]*NameVirtualHost[[:space:]]+\*:80$" "$PORTCONF"; then
468                 install_vhost -d -r $FQDN default $FQDN 000-$FQDN
469             else
470                 install_vhost -nvh -d -r $FQDN default $FQDN 000-$FQDN
471             fi
472             need_restart=1
473         fi
474     fi
475 fi
476
477
478 # Add VirtualHost for SSL?
479 #
480 if [ $apache2_sslcert -eq 0 ]; then
481
482     if [ -f "$CONFDIR/sites-available/ssl" ]; then
483         cp_backup_conffile -d $BACKUPDIR -p $CONFDIR/sites-available/ssl
484     fi
485
486     # No active SSL VirtualHosts found - add new one.
487     chk_conf_tag "$CONFDIR/sites-available/ssl"
488     if [ ! -f "$CONFDIR/sites-available/ssl" ] || [ $RET -eq 0 ]; then
489
490         db_get apache2-cn/wwwhost || true
491         if [ "$RET" = "true" ]; then
492             install_vhost -r www.$DOMAIN -n $HOST ssl ssl 001-ssl
493         else
494             install_vhost -r $FQDN -n $HOST ssl ssl 001-ssl
495         fi
496         need_restart=1
497     fi
498 fi
499
500
501 # Check SSL certificates location for VirtualHosts.
502 #
503 if [ $apache2_sslcert -eq 0 ]; then
504
505     chk_conf_tag "${CONFDIR}/sites-available/ssl"
506     if [ $RET -eq 0 ] && [ -n "$apache2_sslcf" ]; then
507
508         SSLTMP=$(mktemp ${CONFDIR}/ssltmp.XXXXXX)
509         temp_files="${temp_files} ${SSLTMP} ${SSLTMP}.cn-old"
510         cp ${CONFDIR}/sites-available/ssl $SSLTMP
511
512         # SSLCertificateFile
513         cp_check_and_sed "^[[:space:]]*SSLCertificateFile \/etc\/ssl\/certs\/apache2\.pem" \
514             "s#SSLCertificateFile /etc/ssl/certs/apache2.pem#SSLCertificateFile $apache2_sslcf #g" \
515         $SSLTMP || true
516
517         # SSLCertificateKeyFile
518         cp_check_and_sed "^[[:space:]]*SSLCertificateKeyFile \/etc\/ssl\/private\/apache2\.key" \
519             "s#SSLCertificateKeyFile /etc/ssl/private/apache2.key#SSLCertificateKeyFile $apache2_sslckf #g" \
520         $SSLTMP || true
521
522         # SSLCertificateChainFile
523         if [ -n "$apache2_sslccf" ]; then
524             cp_check_and_sed "^# SSLCertificateChainFile \/etc\/ssl\/certs/sureserverEDU\.pem" \
525                 "s#\# SSLCertificateChainFile /etc/ssl/certs/sureserverEDU.pem#SSLCertificateChainFile $apache2_sslccf #g" \
526             $SSLTMP || true
527         fi
528
529         cp_mv $SSLTMP ${CONFDIR}/sites-available/ssl
530
531         need_restart=1
532
533         # Just to be sure.
534         [ -e "${SSLTMP}" ] && rm -f ${SSLTMP}
535         [ -e "${SSLTMP}.cn-old" ] && rm -f ${SSLTMP}.cn-old
536     fi
537 fi
538
539
540 # Check file access permissions for SSL certificates.
541 #
542 cp_echo "CN: Checking file access permissions for Apache2 SSL certificates."
543 sslkey=/etc/ssl/private
544 sslcerts="${sslkey}/ca.key ${sslkey}/apache2-ca.key ${sslkey}/apache2.key"
545 for certf in $sslcerts; do
546     if [ -f "$certf" ]; then
547         chmod 600 $certf
548     fi
549 done
550
551
552 # Check and remove obsolete "Include /etc/apache2/sites-enabled/[^.#]*" from
553 # /etc/apache2/apache2.conf.
554 #
555 if egrep -iq "^[[:space:]]*Include[[:space:]]+\/etc\/apache2\/sites-enabled\/\[\^\.\#\]\*$" "$CONF"; then
556
557     cp_echo "CN: Fixing obsolete Include line in $CONF."
558     CONFTMP=`mktemp $CONF.tmp.XXXXXX`
559     sed -r "/^[[:space:]]*Include[[:space:]]+\/etc\/apache2\/sites-enabled\/\[\^\.\#\]\*$/Id" \
560         "$CONF" > "$CONFTMP"
561
562     if ! egrep -iq "^[[:space:]]*Include[[:space:]]+\/etc\/apache2\/sites-enabled\/$" "$CONFTMP"; then
563         echo "Include /etc/apache2/sites-enabled/" >> "$CONFTMP"
564     fi
565
566     cp_mv "$CONFTMP" "$CONF"
567     need_restart=1
568 fi
569
570
571 db_stop || true
572
573
574 # Remove old AOSI configuration for Apache: aosi-www.conf, aosi.conf.
575 #
576 if [ -e "$CONFDIR/conf.d/aosi-www.conf" ] || [ -e "$CONFDIR/conf.d/aosi.conf" ]; then
577     cp_echo "CN: Removing old AOSI configuration files for Apache2."
578     need_restart=1
579 fi
580 [ -e "$CONFDIR/conf.d/aosi-www.conf" ] && rm -f $CONFDIR/conf.d/aosi-www.conf
581 [ -e "$CONFDIR/conf.d/aosi.conf" ] && rm -f $CONFDIR/conf.d/aosi.conf
582
583
584 # Restart Apache2 web server if needed.
585 #
586 if [ $need_restart -eq 1 ]; then
587
588     # Check Apache2 web server configuration.
589     if apache2ctl configtest 2>/dev/null; then
590
591         # Restart Apache2 web server.
592         invoke-rc.d apache2 restart || true
593     else
594
595         # Something is broken.
596         cp_echo "CN: Your Apache2 configuration seem to be broken."
597         cp_echo "CN: Please, check the service after the installation finishes!"
598     fi
599 fi
600
601
602 # Mail root
603 #
604 cp_mail "$PKG"
605
606
607 # (re)generate monit.d files if monit-cn is installed.
608 #
609 if [ -x "/usr/sbin/update-monit.d" ]; then
610     cp_echo "CN: Updating monit configuration..."
611     update-monit.d || true
612 fi
613
614 #DEBHELPER#
615
616 exit 0
apache2-cn