#!/bin/sh set -e [ "$DEBIAN_SCRIPT_DEBUG" ] && set -vx # Source debconf library. . /usr/share/debconf/confmodule case "$1" in configure) # continue below ;; abort-upgrade|abort-remove|abort-deconfigure) exit 0 ;; *) echo "postinst called with unknown argument \`$1'" >&2 exit 0 ;; esac # Include CARNet functions. . /usr/share/carnet-tools/functions.sh PKG="apache2-cn" VERSION="2.2-1" CONFDIR="/etc/apache2" CONFDIROLD="/etc/apache" CONF="$CONFDIR/apache2.conf" CONFOLD="$CONFDIROLD/httpd.conf" A2MODEDIR="$CONFDIR/mods-enabled" PORTCONF="$CONFDIR/ports.conf" A2CNDIR=/usr/share/apache2-cn TMPLDIR=$A2CNDIR/templates CERTDIR=/etc/ssl/certs A2PHPINI="/etc/php5/apache2/php.ini" HOST=$(hostname) FQDN=$(hostname --fqdn) WEBMASTER="webmaster@$FQDN" DOMAIN=$(hostname -d) BACKUPDIR="/var/backups/apache2-cn" backup_done=0 need_restart=0 apache2_sslcert=0 apache2_sslcf= apache2_sslckf= apache2_sslccf= has_vhosts=0 temp_files= has_listen_ssl=0 listen_ssl_mask= # cleanup() # # Cleanup all temp files. # cleanup () { if [ -n "$temp_files" ]; then for item in $temp_files; do if [ -e "$item" ]; then rm -f $item fi done fi } # tag_conf() # # Add CARNet package info lines to config's header. # tag_conf () { local conf_file conf_file="$1" if [ -e "$conf_file" ]; then cat >> $conf_file < 0 - tagged # 1 - not tagged or file does not exists # 2 - file exists, but it is not tagged # chk_conf_tag () { local conf_file conf_file="$1" RET=1 if [ -f "$conf_file" ]; then if egrep -q "^## Begin - Generated by CARNet package apache2-cn$" "$conf_file"; then RET=0 else RET=2 fi fi } # conf_log_fix () # # Check CustomLog, ErrorLog and TransferLog paths - /var/log/apache/ is replaced # with /var/log/apache2/. # conf_log_fix () { local conf_file out conf_file="$1" if [ -f "$conf_file" ]; then if egrep -iq '^[[:space:]]*(Error|Custom|Transfer)Log[[:space:]]*\/var\/log\/apache\/' "$conf_file"; then out=$(mktemp ${conf_file}.XXXXXX) temp_files="${temp_files} ${out}" sed 's/\(^[[:space:]]*\(Error\|Custom\|Transfer\)Log[[:space:]]*\)\/var\/log\/apache\//\1\/var\/log\/apache2\//I' \ $conf_file > $out mv $out $conf_file fi # Be sure.. chmod 644 $conf_file fi } # generate_ssl() # # Generate Apache2 web server SSL certificate. # generate_ssl () { generate_ssl_output=$($A2CNDIR/carnet-generate-ssl ignore "$FQDN" "$WEBMASTER" "$DOMAIN" 2> /dev/null) cp_echo "$generate_ssl_output" need_restart=1 } # listen_ssl() # # Check if port 443 is configured in ports.conf file. # listen_ssl() { if [ ! -f "$PORTCONF" ] || ! egrep -iq "^[[:space:]]*Listen[[:space:]]*.*443$" "$PORTCONF"; then cp_echo "CN: Enabling SSL port (443) for Apache2 web server." out=$(mktemp ${PORTCONF}.XXXXXX) if [ -f "$PORTCONF" ]; then cp $PORTCONF $out fi echo "Listen 443" >> $out cp_mv $out $PORTCONF chmod 644 $PORTCONF need_restart=1 temp_files="${temp_files} ${out}" fi } # install_conf() # # Install specified Apache2 configuration file. # install_conf() { conftmpl="$A2CNDIR/$1.conf" conf="$CONFDIR/conf.d/$2.conf" if [ ! -e "$conf" ]; then cp_echo "CN: Enabling CARNet specific configuration." cp "$conftmpl" "$conf" need_restart=1 else cp_echo "CN: $conf already exists, left untouched." 1>&2 fi } # install_vhost() # # Install specified VirtualHost for Apache2 web server. # # Invocation: # # install_vhost [-nvh] [-d] [-s docroot_symlink_dest] template site site-enabled-symlink # # -nvh - add NameVirtualHost # -d - mkdir DocumentRoot # -r - set DocumentRoot # -n - set ServerName # -s X - symlink DocumentRoot to X (all in /var/www) # # site - name of file in sites-available, host part of ServerName unless -r or -n is used # site-enabled-symlink - name of symlink in sites-enabled # install_vhost() { add_namevirthost= mkdir_docroot= symlink_docroot= docroot= vhostname= while echo "x$1" | grep -q '^x-'; do case "$1" in -nvh) add_namevirthost=1 shift ;; -d) mkdir_docroot=1 shift ;; -s) shift symlink_docroot="$1" shift ;; -r) shift docroot="$1" if ! echo "$docroot" | grep -q /; then docroot="/var/www/$docroot" fi shift ;; -n) shift vhostname="$1" shift ;; esac done vhosttmpl="$1.template" vhost="$2" venabled="$3" [ -z "$vhostname" ] && vhostname=$(echo "$vhost"| awk -F. '{print $1}') force_vhost= vhostdir=$CONFDIR/sites-available venabledir=$CONFDIR/sites-enabled if [ ! -e "$TMPLDIR/${vhosttmpl}" ]; then echo "E: vhost template ${vhosttmpl} not found in $TMPLDIR!" 1>&2 exit 2 fi [ -z "$docroot" ] && docroot="/var/www/$vhostname.$DOMAIN" # if we were broken mid-installation, force if [ ! -e "$docroot" -a \( -n "$mkdir_docroot" -o -n "$symlink_docroot" \) ]; then force_vhost=1 fi # add vhost if either of these is true # - adding is forced OR # - it doesn't exist # if [ -n "$force_vhost" -o \( ! -e "$vhostdir/$vhost" -a ! -e "$venabledir/$venabled" \) ]; then cp_echo "CN: Adding $vhost VirtualHost." out=$(mktemp $vhostdir/$vhost.XXXXXX) temp_files="${temp_files} ${out}" # CARNet header. tag_conf "$out" if [ "$add_namevirthost" ]; then nvh=$(awk -F'[ >]' '/^> $out fi sed "s/HOST/$vhostname/g; s/DOMAIN/$DOMAIN/g; s#DOCROOT#$docroot#g; s/IPADDR/$MYIP/g" < $TMPLDIR/$vhosttmpl >> $out cp_mv $out $vhostdir/$vhost chmod 644 $vhostdir/$vhost ln -fs ../sites-available/$vhost $venabledir/$venabled if [ -n "$mkdir_docroot" -a ! -d "$docroot" ]; then mkdir "$docroot" echo '

Radi!

' > "$docroot/index.html" elif [ -n "$symlink_docroot" ]; then ln -fs "$symlink_docroot" "$docroot" fi need_restart=1 fi } # Set trap for deleting all temp files. # trap cleanup 0 1 2 15 # Make sure that monit conf for Apache is disabled. # if [ -f "/etc/monit.d/apache1.conf" ]; then mv /etc/monit.d/apache1.conf /etc/monit.d/apache1.conf.disabled pkill -9 -f /usr/sbin/monit || true fi # Make sure Apache is NOT running. # if [ -x /usr/sbin/invoke-rc.d ]; then [ -x /usr/sbin/apache ] && invoke-rc.d apache stop || true pkill -9 -f /usr/sbin/apache || true else [ -x /etc/init.d/apache ] && /etc/init.d/apache stop || true fi # Backup all configuration located in /etc/apache2/conf.d/ and # /etc/apache2/sites-available/ directories. # if [ -e "$CONF" ]; then cp_echo "CN: Doing backup for $CONF" cp_backup_conffile -d $BACKUPDIR -p $CONF backup_done=1 fi if [ -d "$CONFDIR/conf.d" ] && [ -n "$(ls ${CONFDIR}/conf.d/)" ]; then cp_echo "CN: Doing backup for all files in /etc/apache2/conf.d/" for file in /etc/apache2/conf.d/*; do if [ -z "$(echo $file | egrep '^/.*~')" ]; then cp_backup_conffile -d $BACKUPDIR -p $file fi done backup_done=1 fi if [ -d "$CONFDIR/sites-available" ] && [ -n "$(ls ${CONFDIR}/sites-available/)" ]; then cp_echo "CN: Doing backup for all files in /etc/apache2/sites-available/" for file in /etc/apache2/sites-available/*; do if [ -z "$(echo $file | egrep '^/.*~')" ]; then cp_backup_conffile -d $BACKUPDIR -p $file fi done backup_done=1 fi if [ $backup_done -eq 1 ]; then cp_echo "CN: Backup is located in directory: $BACKUPDIR/" fi # Enable Apache2 web server modules (cgi, rewrite, userdir, suexec, php5, ssl). # if [ -e "$CONF" ]; then if [ ! -e "$A2MODEDIR/cgi.load" ]; then cp_echo "CN: Enabling CGI module for Apache2 web server." a2enmod cgi >/dev/null || true need_restart=1 fi if [ ! -e "$A2MODEDIR/rewrite.load" ]; then cp_echo "CN: Enabling rewrite module for Apache2 web server." a2enmod rewrite >/dev/null || true need_restart=1 fi if [ ! -e "$A2MODEDIR/userdir.load" ] || [ ! -e "$A2MODEDIR/userdir.conf" ]; then cp_echo "CN: Enabling userdir module for Apache2 web server." a2enmod userdir >/dev/null || true need_restart=1 fi if [ ! -e "$A2MODEDIR/suexec.load" ]; then cp_echo "CN: Enabling SUEXEC module for Apache2 web server." a2enmod suexec >/dev/null || true need_restart=1 fi if [ ! -e "$A2MODEDIR/php5.load" ] || [ ! -e "$A2MODEDIR/php5.conf" ]; then if [ -e "/usr/lib/apache2/modules/libphp5.so" ]; then cp_echo "CN: Enabling PHP5 module for Apache2 web server." a2enmod php5 >/dev/null || true need_restart=1 fi fi if [ ! -e "$A2MODEDIR/php4.load" ] || [ ! -e "$A2MODEDIR/php4.conf" ]; then if [ -e "/usr/lib/apache2/modules/libphp4.so" ]; then cp_echo "CN: Enabling PHP4 module for Apache2 web server." a2enmod php4 >/dev/null || true need_restart=1 fi fi if [ ! -e "$A2MODEDIR/ssl.load" ] || [ ! -e "$A2MODEDIR/ssl.conf" ]; then cp_echo "CN: Enabling SSL module for Apache2 web server." a2enmod ssl >/dev/null || true need_restart=1 fi fi # Install CARNet specific configuration file. # install_conf carnet 000-carnet # Enable SSL port (443). # listen_ssl # Disable default site configuration. # if [ -e "$CONF" ]; then if [ -e "$CONFDIR/sites-enabled/000-default" ]; then cp_echo "CN: Disabling 000-default site configuration." a2dissite 000-default >/dev/null || true need_restart=1 fi fi # Apache2 SSL certificate. # has_listen_ssl=0 if [ -d "$CONFDIR/conf.d" ] && [ -n "$(ls $CONFDIR/conf.d)" ]; then listen_ssl_mask=$CONFDIR/conf.d/* fi if [ -d "$CONFDIR/sites-enabled" ] && [ -n "$(ls $CONFDIR/sites-enabled)" ]; then listen_ssl_mask=$listen_ssl_mask" "$CONFDIR/sites-enabled/* fi for file in $CONF $listen_ssl_mask; do if [ -f "$file" ]; then if egrep -iq '^[[:space:]]*' $file; then has_listen_ssl=1 apache2_sslcert=1 break fi fi done if [ $apache2_sslcert -eq 0 ]; then db_get apache2-cn/sslcf || true apache2_sslcf="$RET" if [ -n "$apache2_sslcf" ]; then db_get apache2-cn/sslckf || true apache2_sslckf="$RET" db_get apache2-cn/sslccf || true apache2_sslccf="$RET" need_restart=1 else # Generate new SSL certificate files. generate_ssl apache2_sslcf= apache2_sslckf= apache2_sslccf= fi fi # Add VirtualHosts. # db_get apache2-cn/wwwhost || true if [ "$RET" = "true" ]; then # Add WWW VirtualHost. if [ -f "$CONFDIR/sites-available/$FQDN" ]; then cp_backup_conffile -d $BACKUPDIR -p $CONFDIR/sites-available/$FQDN fi if [ -f "$CONFDIR/sites-available/www.$DOMAIN" ]; then cp_backup_conffile -d $BACKUPDIR -p $CONFDIR/sites-available/www.$DOMAIN fi chk_conf_tag "$CONFDIR/sites-available/$FQDN" if [ ! -f "$CONFDIR/sites-available/$FQDN" ] || [ $RET -eq 0 ]; then install_vhost -nvh -d -r www.$DOMAIN default $FQDN 000-$FQDN need_restart=1 fi chk_conf_tag "$CONFDIR/sites-available/www.$DOMAIN" if [ ! -f "$CONFDIR/sites-available/www.$DOMAIN" ] || [ $RET -eq 0 ]; then install_vhost default www.$DOMAIN www.$DOMAIN need_restart=1 fi else # No WWW VirtualHost. if [ -f "$CONFDIR/sites-available/$FQDN" ]; then cp_backup_conffile -d $BACKUPDIR -p $CONFDIR/sites-available/$FQDN fi chk_conf_tag "$CONFDIR/sites-available/$FQDN" if [ ! -f "$CONFDIR/sites-available/$FQDN" ] || [ $RET -eq 0 ]; then install_vhost -nvh -d -r $FQDN default $FQDN 000-$FQDN need_restart=1 fi fi # Add VirtualHost for SSL? # if [ $apache2_sslcert -eq 0 ]; then if [ -f "$CONFDIR/sites-available/ssl" ]; then cp_backup_conffile -d $BACKUPDIR -p $CONFDIR/sites-available/ssl fi # No active SSL VirtualHosts found - add new one. chk_conf_tag "$CONFDIR/sites-available/ssl" if [ ! -f "$CONFDIR/sites-available/ssl" ] || [ $RET -eq 0 -a -f "$CONFOLD" ]; then install_vhost -r $FQDN -n $HOST ssl ssl 001-ssl need_restart=1 fi fi # Check SSL certificates location for VirtualHosts. # if [ $apache2_sslcert -eq 0 ]; then chk_conf_tag "${CONFDIR}/sites-available/ssl" if [ $RET -eq 0 ] && [ -n "$apache2_sslcf" ]; then SSLTMP=$(mktemp ${CONFDIR}/ssltmp.XXXXXX) temp_files="${temp_files} ${SSLTMP} ${SSLTMP}.cn-old" cp ${CONFDIR}/sites-available/ssl $SSLTMP # SSLCertificateFile cp_check_and_sed "^[[:space:]]*SSLCertificateFile \/etc\/ssl\/certs\/apache2\.pem" \ "s#SSLCertificateFile /etc/ssl/certs/apache2.pem#SSLCertificateFile $apache2_sslcf #g" \ $SSLTMP || true # SSLCertificateKeyFile cp_check_and_sed "^[[:space:]]*SSLCertificateKeyFile \/etc\/ssl\/private\/apache2\.key" \ "s#SSLCertificateKeyFile /etc/ssl/private/apache2.key#SSLCertificateKeyFile $apache2_sslckf #g" \ $SSLTMP || true # SSLCertificateChainFile if [ -n "$apache2_sslccf" ]; then cp_check_and_sed "^# SSLCertificateChainFile \/etc\/ssl\/certs/sureserverEDU\.pem" \ "s#\# SSLCertificateChainFile /etc/ssl/certs/sureserverEDU.pem#SSLCertificateChainFile $apache2_sslccf #g" \ $SSLTMP || true fi cp_mv $SSLTMP ${CONFDIR}/sites-available/ssl need_restart=1 # Just to be sure. [ -e "${SSLTMP}" ] && rm -f ${SSLTMP} [ -e "${SSLTMP}.cn-old" ] && rm -f ${SSLTMP}.cn-old fi fi # Check file access permissions and group ownership for SSL certificates. # cp_echo "CN: Checking file permissions and group ownership for Apache2 SSL certificates." sslkey=/etc/ssl/private sslcerts="${sslkey}/ca.key ${sslkey}/ca.csr ${sslkey}/apache2-ca.key ${sslkey}/apache2-ca.csr ${sslkey}/apache2.key ${sslkey}/apache2.csr" for certf in $sslcerts; do if [ -f "$certf" ]; then chgrp www-data $certf chmod 640 $certf fi done # Check for CustomLog, ErrorLog and TransferLog in Apache2 configuration. # cp_echo "CN: Checking Apache2 CustomLog, ErrorLog and TransferLog directives." if [ -d "$CONFDIR/conf.d" ] && [ -n "$(ls $CONFDIR/conf.d)" ]; then log_mask=$CONFDIR/conf.d/* fi if [ -d "$CONFDIR/sites-available" ] && [ -n "$(ls $CONFDIR/sites-available)" ]; then log_mask=$log_mask" "$CONFDIR/sites-available/* fi for file in $CONF $log_mask; do chk_conf_tag "$file" if [ $RET -eq 0 ]; then conf_log_fix "$file" fi done # Start Apache2 web server on boot? # This will enable Apache2 in /etc/default/apache2 file. # if egrep -q "^[[:space:]]*NO_START=1" /etc/default/apache2; then cp_check_and_sed NO_START=1 s/NO_START=1/NO_START=0/ /etc/default/apache2 || true need_restart=1 fi db_stop || true # Remove old AOSI configuration for Apache: aosi-www.conf, aosi.conf. # if [ -e "$CONFDIR/conf.d/aosi-www.conf" ] || [ -e "$CONFDIR/conf.d/aosi.conf" ]; then cp_echo "CN: Removing old AOSI configuration files for Apache2." need_restart=1 fi [ -e "$CONFDIR/conf.d/aosi-www.conf" ] && rm -f $CONFDIR/conf.d/aosi-www.conf [ -e "$CONFDIR/conf.d/aosi.conf" ] && rm -f $CONFDIR/conf.d/aosi.conf # Stop Apache web server and disable Apache automatic start on boot. # if [ -x "/etc/init.d/apache" ]; then # Stop Apache. if [ -x "`which invoke-rc.d 2>/dev/null`" ]; then invoke-rc.d apache stop || true else /etc/init.d/apache stop || true fi # Disable automatic start on boot. if [ -x "`which update-rc.d 2>/dev/null`" ]; then update-rc.d -f apache remove > /dev/null 2>&1 || true update-rc.d apache stop 90 6 . > /dev/null 2>&1 || true fi fi # Also check for Apache-SSL web server. # if [ -x "/etc/init.d/apache-ssl" ]; then # Stop Apache-SSL. if [ -x "`which invoke-rc.d 2>/dev/null`" ]; then invoke-rc.d apache-ssl stop || true else /etc/init.d/apache-ssl stop || true fi # Disable automatic start on boot. if [ -x "`which update-rc.d 2>/dev/null`" ]; then update-rc.d -f apache-ssl remove > /dev/null 2>&1 || true update-rc.d apache-ssl stop 90 6 . > /dev/null 2>&1 || true fi fi # Restart Apache2 web server if needed. # if [ $need_restart -eq 1 ]; then # Check Apache2 web server configuration. if apache2ctl configtest 2>/dev/null; then # Restart Apache2 web server. if [ -x "/etc/init.d/apache2" ]; then if [ -x "`which invoke-rc.d 2>/dev/null`" ]; then invoke-rc.d apache2 force-reload || true else /etc/init.d/apache2 force-reload || true fi fi else # Something is broken. cp_echo "CN: Your Apache2 configuration seem to be broken." cp_echo "CN: Please, check the service after the installation finishes!" fi fi # Mail root # cp_mail "$PKG" # (re)generate monit.d files if monit-cn is installed. # if [ -x "/usr/sbin/update-monit.d" ]; then cp_echo "CN: Updating monit configuration..." update-monit.d || true fi exit 0