Initial commit

[apache2-cn.git] / debian / postinst

#!/bin/sh

set -e

[ "$DEBIAN_SCRIPT_DEBUG" ] && set -vx

# Source debconf library.
. /usr/share/debconf/confmodule

case "$1" in
        configure)
                # continue below
                ;;

        abort-upgrade|abort-remove|abort-deconfigure)
                exit 0
                ;;

        *)
                echo "postinst called with unknown argument \`$1'" >&2
                exit 0
                ;;
esac


# Include CARNet functions.
. /usr/share/carnet-tools/functions.sh

PKG="apache2-cn"
VERSION="2.2-1"
CONFDIR="/etc/apache2"
CONFDIROLD="/etc/apache"
CONF="$CONFDIR/apache2.conf"
CONFOLD="$CONFDIROLD/httpd.conf"
A2MODEDIR="$CONFDIR/mods-enabled"
PORTCONF="$CONFDIR/ports.conf"
A2CNDIR=/usr/share/apache2-cn
TMPLDIR=$A2CNDIR/templates
CERTDIR=/etc/ssl/certs
A2PHPINI="/etc/php4/apache2/php.ini"

HOST=$(hostname)
FQDN=$(hostname --fqdn)
WEBMASTER="webmaster@$FQDN"
DOMAIN=$(hostname -d)
BACKUPDIR="/var/backups/apache2-cn"

backup_done=0
need_restart=0
apache2_sslcert=0
apache2_sslcf=
apache2_sslckf=
apache2_sslccf=
has_vhosts=0
temp_files=
has_listen_ssl=0
listen_ssl_mask=


# cleanup()
#
#   Cleanup all temp files.
#
cleanup () {

        if [ -n "$temp_files" ]; then
                for item in $temp_files; do
                        if [ -e "$item" ]; then
                                rm -f $item
                        fi
                done
        fi
}

# tag_conf()
#
#   Add CARNet package info lines to config's header.
#
tag_conf () {
        
        local conf_file
        conf_file="$1"
        
        if [ -e "$conf_file" ]; then
        
                cat >> $conf_file <<EOF
## Begin - Generated by CARNet package apache2-cn
#
#  REMOVE this whole block if you DON'T WANT apache2-cn
#  to edit your configuration file.
#
## End - Generated by CARNet package apache2-cn
EOF
        fi
}

# chk_conf_tag ()
#
#   Check if configuration file has CARNet package info lines.
#   return:  $RET => 0 - tagged
#                    1 - not tagged or file does not exists
#                    2 - file exists, but it is not tagged
#
chk_conf_tag () {

        local conf_file
        conf_file="$1"
        RET=1
        
        if [ -f "$conf_file" ]; then
                if egrep -q "^## Begin - Generated by CARNet package apache2-cn$" "$conf_file"; then
                        RET=0
                else
                        RET=2
                fi
        fi
}

# conf_log_fix ()
#
#   Check CustomLog, ErrorLog and TransferLog paths - /var/log/apache/ is replaced
#   with /var/log/apache2/.
#
conf_log_fix () {

        local conf_file out
        conf_file="$1"

        if [ -f "$conf_file" ]; then
        
            if egrep -iq '^[[:space:]]*(Error|Custom|Transfer)Log[[:space:]]*\/var\/log\/apache\/' "$conf_file"; then
            
                out=$(mktemp ${conf_file}.XXXXXX)
                temp_files="${temp_files} ${out}"
            
                sed 's/\(^[[:space:]]*\(Error\|Custom\|Transfer\)Log[[:space:]]*\)\/var\/log\/apache\//\1\/var\/log\/apache2\//I' \
                    $conf_file > $out
                mv $out $conf_file
            fi
        fi
}

# generate_ssl()
#
#   Generate Apache2 web server SSL certificate.
#
generate_ssl () {

        generate_ssl_output=$($A2CNDIR/carnet-generate-ssl ignore "$FQDN" "$WEBMASTER" "$DOMAIN" 2> /dev/null)
        cp_echo "$generate_ssl_output"
        need_restart=1
}

# listen_ssl()
#
#   Check if port 443 is configured in ports.conf file.
#
listen_ssl() {
        
        if ! egrep -iq "^[[:space:]]*Listen[[:space:]]*.*443$" "$PORTCONF"; then
        
                cp_echo "CN: Enabling SSL port (443) for Apache2 web server."

                out=$(mktemp ${PORTCONF}.XXXXXX)
                cp $PORTCONF $out
                echo "Listen 443" >> $out
                cp_mv $out $PORTCONF
                
                need_restart=1
                temp_files="${temp_files} ${out}"
        fi
}

# install_conf()
#
#   Install specified Apache2 configuration file.
#
install_conf() {

        conftmpl="$A2CNDIR/$1.conf"
        conf="$CONFDIR/conf.d/$2.conf"

        if [ ! -e "$conf" ]; then
        
                cp_echo "CN: Enabling CARNet specific configuration."
                cp "$conftmpl" "$conf"
                
                need_restart=1
        else
                cp_echo "CN: $conf already exists, left untouched." 1>&2
        fi
}

# install_vhost()
#
#   Install specified VirtualHost for Apache2 web server.
#
#   Invocation:
#
#   install_vhost [-nvh] [-d] [-s docroot_symlink_dest] template site site-enabled-symlink
#
#     -nvh - add NameVirtualHost
#     -d   - mkdir DocumentRoot
#     -r   - set DocumentRoot
#     -n   - set ServerName
#     -s X - symlink DocumentRoot to X (all in /var/www)
#
#   site - name of file in sites-available, host part of ServerName unless -r or -n is used
#   site-enabled-symlink - name of symlink in sites-enabled
#
install_vhost() {

        add_namevirthost=
        mkdir_docroot=
        symlink_docroot=
        docroot=
        vhostname=
  
        while echo "x$1" | grep -q '^x-'; do
            case "$1" in
                -nvh)
                    add_namevirthost=1
                    shift
                    ;;
                -d)
                    mkdir_docroot=1
                    shift
                    ;;
                -s)
                    shift
                    symlink_docroot="$1"
                    shift
                    ;;
                -r)
                    shift
                    docroot="$1"
                    if ! echo "$docroot" | grep -q /; then
                            docroot="/var/www/$docroot"
                    fi
                    shift
                    ;;
                -n)
                    shift
                    vhostname="$1"
                    shift
                    ;;
            esac
        done

        vhosttmpl="$1.template"
        vhost="$2"
        venabled="$3"
        [ -z "$vhostname" ] && vhostname=$(echo "$vhost"| awk -F. '{print $1}')
        force_vhost=

        vhostdir=$CONFDIR/sites-available
        venabledir=$CONFDIR/sites-enabled

        if [ ! -e "$TMPLDIR/${vhosttmpl}" ]; then
                echo "E: vhost template ${vhosttmpl} not found in $TMPLDIR!" 1>&2
                exit 2
        fi

        [ -z "$docroot" ] && docroot="/var/www/$vhostname.$DOMAIN"
  
        # if we were broken mid-installation, force
        if [ ! -e "$docroot" -a \( -n "$mkdir_docroot" -o -n "$symlink_docroot" \) ]; then
                force_vhost=1
        fi
  
        # add vhost if either of these is true
        # - adding is forced OR
        # - it doesn't exist
        #
        if [ -n "$force_vhost" -o \( ! -e "$vhostdir/$vhost" -a ! -e "$venabledir/$venabled" \) ]; then
        
                cp_echo "CN: Adding $vhost VirtualHost."
                out=$(mktemp $vhostdir/$vhost.XXXXXX)
                temp_files="${temp_files} ${out}"
                
                # CARNet header.
                tag_conf "$out"

                if [ "$add_namevirthost" ]; then
                        nvh=$(awk -F'[ >]' '/^<VirtualHost/ {print $2}' $TMPLDIR/$vhosttmpl |\
                            sed "s/IPADDR/$MYIP/g")
                        echo "NameVirtualHost $nvh" >> $out
                fi
    
                sed "s/HOST/$vhostname/g; s/DOMAIN/$DOMAIN/g;
                     s#DOCROOT#$docroot#g; s/IPADDR/$MYIP/g" < $TMPLDIR/$vhosttmpl >> $out
                cp_mv $out $vhostdir/$vhost
                chmod 644 $vhostdir/$vhost
                ln -fs ../sites-available/$vhost $venabledir/$venabled    
    
                if [ -n "$mkdir_docroot" -a ! -d "$docroot" ]; then
                        mkdir "$docroot"
                        echo '<html><body><h1>Radi!</h1></body></html>' > "$docroot/index.html"
                elif [ -n "$symlink_docroot" ]; then
                        ln -fs "$symlink_docroot" "$docroot"
                fi

                need_restart=1
        fi
}


# Set trap for deleting all temp files.
#
trap cleanup 0 1 2 15


# Make sure that monit conf for Apache is disabled.
if [ -f "/etc/monit.d/apache1.conf" ]; then
        mv /etc/monit.d/apache1.conf /etc/monit.d/apache1.conf.disabled
        pkill -9 -f /usr/sbin/monit || true
fi


# First of all - stop Apache web server, make sure Apache is NOT running.
#
if [ -x /usr/sbin/invoke-rc.d ]; then
        [ -x /usr/sbin/apache ] && invoke-rc.d apache stop || true
        pkill -9 -f /usr/sbin/apache || true
else
        [ -x /etc/init.d/apache ] && /etc/init.d/apache stop || true
fi


# Backup all configuration located in /etc/apache2/conf.d/ and
# /etc/apache2/sites-available/ directories.
#
if [ -e "$CONF" ]; then
        cp_echo "CN: Doing backup for $CONF"
        cp_backup_conffile -d $BACKUPDIR -p $CONF
        backup_done=1
fi
if [ -d "$CONFDIR/conf.d" ] && [ -n "$(ls ${CONFDIR}/conf.d/)" ]; then
        cp_echo "CN: Doing backup for all files in /etc/apache2/conf.d/"
        for file in /etc/apache2/conf.d/*; do
            if [ -z "$(echo $file | egrep '^/.*~')" ]; then
                cp_backup_conffile -d $BACKUPDIR -p $file
            fi
        done
        backup_done=1
fi
if [ -d "$CONFDIR/sites-available" ] && [ -n "$(ls ${CONFDIR}/sites-available/)" ]; then
        cp_echo "CN: Doing backup for all files in /etc/apache2/sites-available/"
        for file in /etc/apache2/sites-available/*; do
            if [ -z "$(echo $file | egrep '^/.*~')" ]; then
                cp_backup_conffile -d $BACKUPDIR -p $file
            fi
        done
        backup_done=1
fi
if [ $backup_done -eq 1 ]; then
        cp_echo "CN: Backup is located in directory: $BACKUPDIR/"
fi


# Enable Apache2 web server modules (cgi, rewrite, userdir, suexec, php4, ssl).
#
if [ -e "$CONF" ]; then

        if [ ! -e "$A2MODEDIR/cgi.load" ]; then
                cp_echo "CN: Enabling CGI module for Apache2 web server."
                a2enmod cgi >/dev/null || true
                need_restart=1
        fi

        if [ ! -e "$A2MODEDIR/rewrite.load" ]; then
                cp_echo "CN: Enabling rewrite module for Apache2 web server."
                a2enmod rewrite >/dev/null || true
                need_restart=1
        fi

        if [ ! -e "$A2MODEDIR/userdir.load" ] || [ ! -e "$A2MODEDIR/userdir.conf" ]; then
                cp_echo "CN: Enabling userdir module for Apache2 web server."
                a2enmod userdir >/dev/null || true
                need_restart=1
        fi

        if [ ! -e "$A2MODEDIR/suexec.load" ]; then
                cp_echo "CN: Enabling SUEXEC module for Apache2 web server."
                a2enmod suexec >/dev/null || true
                need_restart=1
        fi

        if [ ! -e "$A2MODEDIR/php4.load" ] || [ ! -e "$A2MODEDIR/php4.conf" ]; then
                cp_echo "CN: Enabling PHP4 module for Apache2 web server."
                a2enmod php4 >/dev/null || true
                need_restart=1
        fi

        if [ ! -e "$A2MODEDIR/ssl.load" ] || [ ! -e "$A2MODEDIR/ssl.conf" ]; then
                cp_echo "CN: Enabling SSL module for Apache2 web server."
                a2enmod ssl >/dev/null || true
                need_restart=1
        fi
fi


# Install CARNet specific configuration file.
#
install_conf carnet 000-carnet

# Enable SSL port (443).
#
listen_ssl

# Disable default site configuration.
#
if [ -e "$CONF" ]; then
        if [ -e "$CONFDIR/sites-enabled/000-default" ]; then
                cp_echo "CN: Disabling 000-default site configuration."
                a2dissite 000-default >/dev/null || true

                need_restart=1
        fi
fi


# Apache2 SSL certificate.
#
has_listen_ssl=0

if [ -d "$CONFDIR/conf.d" ] && [ -n "$(ls $CONFDIR/conf.d)" ]; then
        listen_ssl_mask=$CONFDIR/conf.d/*
fi
if [ -d "$CONFDIR/sites-enabled" ] && [ -n "$(ls $CONFDIR/sites-enabled)" ]; then
        listen_ssl_mask=$listen_ssl_mask" "$CONFDIR/sites-enabled/*
fi

for file in $CONF $listen_ssl_mask; do
        if [ -f "$file" ]; then
                if egrep -iq '^[[:space:]]*<VirtualHost .*443[[:space:]]*>' $file; then
                        has_listen_ssl=1
                        apache2_sslcert=1
                        break
                fi
        fi
done

if [ $apache2_sslcert -eq 0 ]; then

        db_get apache2-cn/sslcf || true
        apache2_sslcf="$RET"

        if [ -n "$apache2_sslcf" ]; then

                db_get apache2-cn/sslckf || true
                apache2_sslckf="$RET"

                db_get apache2-cn/sslccf || true
                apache2_sslccf="$RET"
        
                need_restart=1
        else

                # Generate new SSL certificate files.
                generate_ssl
        
                apache2_sslcf=
                apache2_sslckf=
                apache2_sslccf=
        fi
fi


# Add VirtualHosts.
#
db_get apache2-cn/wwwhost || true
if [ "$RET" = "true" ]; then

        # Add WWW VirtualHost.
        if [ -f "$CONFDIR/sites-available/$FQDN" ]; then
                cp_backup_conffile -d $BACKUPDIR -p $CONFDIR/sites-available/$FQDN
        fi
        if [ -f "$CONFDIR/sites-available/www.$DOMAIN" ]; then
                cp_backup_conffile -d $BACKUPDIR -p $CONFDIR/sites-available/www.$DOMAIN
        fi

        chk_conf_tag "$CONFDIR/sites-available/$FQDN"
        if [ ! -f "$CONFDIR/sites-available/$FQDN" ] || [ $RET -eq 0 -a -f "$CONFOLD" ]; then
                install_vhost -nvh -d -r www.$DOMAIN default $FQDN 000-$FQDN
                need_restart=1
        fi

        chk_conf_tag "$CONFDIR/sites-available/www.$DOMAIN"
        if [ ! -f "$CONFDIR/sites-available/www.$DOMAIN" ] || [ $RET -eq 0 -a -f "$CONFOLD" ]; then
                install_vhost default www.$DOMAIN www.$DOMAIN
                need_restart=1
        fi
else

        # No WWW VirtualHost.
        if [ -f "$CONFDIR/sites-available/$FQDN" ]; then
                cp_backup_conffile -d $BACKUPDIR -p $CONFDIR/sites-available/$FQDN
        fi

        chk_conf_tag "$CONFDIR/sites-available/$FQDN"
        if [ ! -f "$CONFDIR/sites-available/$FQDN" ] || [ $RET -eq 0 -a -f "$CONFOLD" ]; then
                install_vhost -nvh -d -r $FQDN default $FQDN 000-$FQDN
                need_restart=1
        fi
fi


# Add VirtualHost for SSL?
#
if [ $apache2_sslcert -eq 0 ]; then

        if [ -f "$CONFDIR/sites-available/ssl" ]; then
                cp_backup_conffile -d $BACKUPDIR -p $CONFDIR/sites-available/ssl
        fi

        # No active SSL VirtualHosts found - add new one.
        chk_conf_tag "$CONFDIR/sites-available/ssl"
        if [ ! -f "$CONFDIR/sites-available/ssl" ] || [ $RET -eq 0 -a -f "$CONFOLD" ]; then
                install_vhost -r $FQDN -n $HOST ssl ssl 001-ssl
                need_restart=1
        fi
fi


# Check SSL certificates location for VirtualHosts.
#
if [ $apache2_sslcert -eq 0 ]; then

        chk_conf_tag "${CONFDIR}/sites-available/ssl"
        if [ $RET -eq 0 ] && [ -n "$apache2_sslcf" ]; then

                SSLTMP=$(mktemp ${CONFDIR}/ssltmp.XXXXXX)
                temp_files="${temp_files} ${SSLTMP}"
                cp ${CONFDIR}/sites-available/ssl $SSLTMP

                # SSLCertificateFile
                cp_check_and_sed "^[[:space:]]*SSLCertificateFile \/etc\/ssl\/certs\/apache2\.pem" \
                    "s#SSLCertificateFile /etc/ssl/certs/apache2.pem#SSLCertificateFile $apache2_sslcf #g" \
                    $SSLTMP || true

                # SSLCertificateKeyFile
                cp_check_and_sed "^[[:space:]]*SSLCertificateKeyFile \/etc\/ssl\/private\/apache2\.key" \
                    "s#SSLCertificateKeyFile /etc/ssl/private/apache2.key#SSLCertificateKeyFile $apache2_sslckf #g" \
                    $SSLTMP || true

                # SSLCertificateChainFile
                if [ -n "$apache2_sslccf" ]; then
                cp_check_and_sed "^# SSLCertificateChainFile \/etc\/ssl\/certs/sureserverEDU\.pem" \
                    "s#\# SSLCertificateChainFile /etc/ssl/certs/sureserverEDU.pem#SSLCertificateChainFile $apache2_sslccf #g" \
                    $SSLTMP || true
                fi

                cp_mv $SSLTMP ${CONFDIR}/sites-available/ssl

                need_restart=1

                # Just to be sure.
                if [ -e "$SSLTMP" ]; then
                        rm -f $SSLTMP
                fi
        fi
fi


# Check for CustomLog, ErrorLog and TransferLog in Apache2 configuration.
#
cp_echo "CN: Checking Apache2 CustomLog, ErrorLog and TransferLog directives."
if [ -d "$CONFDIR/conf.d" ] && [ -n "$(ls $CONFDIR/conf.d)" ]; then
        log_mask=$CONFDIR/conf.d/*
fi
if [ -d "$CONFDIR/sites-available" ] && [ -n "$(ls $CONFDIR/sites-available)" ]; then
        log_mask=$log_mask" "$CONFDIR/sites-available/*
fi
for file in $CONF $log_mask; do
        chk_conf_tag "$file"
        if [ $RET -eq 0 ]; then
                conf_log_fix "$file"
        fi
done


# Start Apache2 web server on boot?
# This will enable Apache2 in /etc/default/apache2 file.
#
if egrep -q "^[[:space:]]*NO_START=1" /etc/default/apache2; then
        cp_check_and_sed NO_START=1 s/NO_START=1/NO_START=0/ /etc/default/apache2 || true
        need_restart=1
fi


db_stop || true


# Remove old AOSI configuration for Apache: aosi-www.conf, aosi.conf.
#
if [ -e "$CONFDIR/conf.d/aosi-www.conf" ] || [ -e "$CONFDIR/conf.d/aosi.conf" ]; then
        cp_echo "CN: Removing old AOSI configuration files for Apache2."
        need_restart=1
fi
[ -e "$CONFDIR/conf.d/aosi-www.conf" ] && rm -f $CONFDIR/conf.d/aosi-www.conf
[ -e "$CONFDIR/conf.d/aosi.conf" ] && rm -f $CONFDIR/conf.d/aosi.conf


# Stop Apache web server and disable Apache automatic start on boot.
#
if [ -x "/etc/init.d/apache" ]; then

        # Stop Apache.
        if [ -x "`which invoke-rc.d 2>/dev/null`" ]; then
                invoke-rc.d apache stop || true
        else
                /etc/init.d/apache stop || true
        fi

        # Disable automatic start on boot.
        if [ -x "`which update-rc.d 2>/dev/null`" ]; then
                update-rc.d -f apache remove > /dev/null 2>&1 || true
                update-rc.d apache stop 90 6 . > /dev/null 2>&1 || true
        fi
fi

# Also check for Apache-SSL web server.
#
if [ -x "/etc/init.d/apache-ssl" ]; then

        # Stop Apache-SSL.
        if [ -x "`which invoke-rc.d 2>/dev/null`" ]; then
                invoke-rc.d apache-ssl stop || true
        else
                /etc/init.d/apache-ssl stop || true
        fi

        # Disable automatic start on boot.
        if [ -x "`which update-rc.d 2>/dev/null`" ]; then
                update-rc.d -f apache-ssl remove > /dev/null 2>&1 || true
                update-rc.d apache-ssl stop 90 6 . > /dev/null 2>&1 || true
        fi
fi


# Restart Apache2 web server if needed.
#
if [ $need_restart -eq 1 ]; then

        # Check Apache2 web server configuration.
        if apache2ctl configtest 2>/dev/null; then

                # Restart Apache2 web server.
                if [ -x "/etc/init.d/apache2" ]; then
                    if [ -x "`which invoke-rc.d 2>/dev/null`" ]; then
                        invoke-rc.d apache2 force-reload || true
                    else
                        /etc/init.d/apache2 force-reload || true
                    fi
                fi
        else

                # Something is broken.
                cp_echo "CN: Your Apache2 configuration seem to be broken."
                cp_echo "CN: Please, check the service after the installation finishes!"
        fi
fi


# Mail root
#
cp_mail "$PKG"


# (re)generate monit.d files if monit-cn is installed.
#
if [ -x "/usr/sbin/update-monit.d" ]; then
        update-monit.d || true
fi


exit 0