certificate files, new file names for CA (carnet-generate-ssl).
Problems in debian/postrm - not removing all DocumentRoot
directories, $CONFDIR was not defined.
Script debian/postinst - check for both PHP5 and PHP4 modules.
Changed dependencies in debian/control.
Changes in debian/prerm script.
Added dh_installdebconf in debian/rules.
# Generate CA
#
-if [ ! -f ${sslkey}/ca.key ]; then
+if [ ! -f ${sslkey}/apache2-ca.key ]; then
- openssl genrsa -out ${sslkey}/ca.key 1024
+ openssl genrsa -out ${sslkey}/apache2-ca.key 1024
KEYS="${KEYS}
- - ${sslkey}/ca.key"
+ - ${sslkey}/apache2-ca.key"
fi
-if [ ! -f ${sslkey}/ca.csr ] || [ -n "$KEYS" ]; then
+if [ ! -f ${sslkey}/apache2-ca.csr ] || [ -n "$KEYS" ]; then
cat <<EOF > $TMPFILE
[ req ]
default_bits = 1024
-default_keyfile = ca.pem
+default_keyfile = apache2-ca.pem
distinguished_name = req_distinguished_name
attributes = req_attributes
prompt = no
EOF
- openssl req -config $TMPFILE -new -key ${sslkey}/ca.key -out ${sslkey}/ca.csr
+ openssl req -config $TMPFILE -new -key ${sslkey}/apache2-ca.key -out ${sslkey}/apache2-ca.csr
fi
-if [ ! -f ${sslcrt}/ca.pem ] || [ -n "$KEYS" ]; then
+if [ ! -f ${sslcrt}/apache2-ca.pem ] || [ -n "$KEYS" ]; then
cat >$TMPFILE <<EOT
extensions = x509v3
nsCertType = sslCA
EOT
- openssl x509 -extfile $TMPFILE -days 3651 -signkey ${sslkey}/ca.key \
- -in ${sslkey}/ca.csr -req -out ${sslcrt}/ca.pem
+ openssl x509 -extfile $TMPFILE -days 3651 -signkey ${sslkey}/apache2-ca.key \
+ -in ${sslkey}/apache2-ca.csr -req -out ${sslcrt}/apache2-ca.pem
KEYS="${KEYS}
- - ${sslcrt}/ca.pem"
+ - ${sslcrt}/apache2-ca.pem"
fi
-mod1=`openssl x509 -noout -modulus -in ${sslcrt}/ca.pem`
-mod2=`openssl rsa -noout -modulus -in ${sslkey}/ca.key`
+mod1=`openssl x509 -noout -modulus -in ${sslcrt}/apache2-ca.pem`
+mod2=`openssl rsa -noout -modulus -in ${sslkey}/apache2-ca.key`
if [ "$mod1" != "$mod2" ]; then
echo "Moduli for CA keys don't match."
fi
cd ${sslcrt}
-ln -sf ca.pem $(openssl x509 -hash -noout -in ca.pem)
+ln -sf apache2-ca.pem $(openssl x509 -hash -noout -in apache2-ca.pem)
# Generate server certificate
openssl req -config "$TMPFILE" -new -nodes \
-key ${sslkey}/apache2.key -out ${sslkey}/apache2.csr
openssl x509 -extfile "$TMPFILE" -days 3650 \
- -CAserial "$TMPFILE2" -CA ${sslcrt}/ca.pem -CAkey ${sslkey}/ca.key \
+ -CAserial "$TMPFILE2" -CA ${sslcrt}/apache2-ca.pem -CAkey ${sslkey}/apache2-ca.key \
-in ${sslkey}/apache2.csr -req -out ${sslcrt}/apache2.pem
mod1=`openssl x509 -noout -modulus -in ${sslcrt}/apache2.pem`
ln -sf apache2.pem $(openssl x509 -hash -noout -in apache2.pem)
+# Fix file access permissions and group ownership.
+#
+chgrp www-data ${sslkey}/apache2-ca.key ${sslkey}/apache2-ca.csr ${sslkey}/apache2.key ${sslkey}/apache2.csr
+chmod 640 ${sslkey}/apache2-ca.key ${sslkey}/apache2-ca.csr ${sslkey}/apache2.key ${sslkey}/apache2.csr
+
+
# Cleanup
#
rm -f $TMPFILE $TMPFILE2
Apache2 moduli koji su automatski ukljuceni:
- * PHP5
+ * PHP5/PHP4
* SSL
* rewrite
* userdir
Package: apache2-cn
Architecture: all
-Pre-Depends: findutils
-Depends: apache2-mpm-prefork (>= 2.2), apache2 (>= 2.2), apache2 (<< 2.3), php5-cn | php4-cn, carnet-tools-cn (>= 2.0), ${perl:Depends}, ssl-cert, procps, mail-transport-agent
+Depends: apache2-mpm-prefork (>= 2.2), apache2 (>= 2.2), apache2 (<< 2.3), php5-cn | php4-cn, carnet-tools-cn (>= 2.0), ${perl:Depends}, ssl-cert, procps, debconf (>= 0.5) | debconf-2.0, postfix | mail-transport-agent
Suggests: apache2-doc, ca-certificates, monit-cn
Conflicts: apache-cn (<< 2:1.3.33-6), apache-ssl, squirrelmail-cn (<< 2:1.4.2-6)
Description: Apache web server with mod_ssl enabled
fi
if [ ! -e "$A2MODEDIR/php5.load" ] || [ ! -e "$A2MODEDIR/php5.conf" ]; then
+ if [ -e "/usr/lib/apache2/modules/libphp5.so" ]; then
cp_echo "CN: Enabling PHP5 module for Apache2 web server."
a2enmod php5 >/dev/null || true
need_restart=1
+ fi
+ fi
+
+ if [ ! -e "$A2MODEDIR/php4.load" ] || [ ! -e "$A2MODEDIR/php4.conf" ]; then
+ if [ -e "/usr/lib/apache2/modules/libphp4.so" ]; then
+ cp_echo "CN: Enabling PHP4 module for Apache2 web server."
+ a2enmod php4 >/dev/null || true
+ need_restart=1
+ fi
fi
if [ ! -e "$A2MODEDIR/ssl.load" ] || [ ! -e "$A2MODEDIR/ssl.conf" ]; then
# Include CARNet functions.
. /usr/share/carnet-tools/functions.sh
-
+CONFDIR="/etc/apache2"
+sitesdir=${CONFDIR}/sites-available
HOST=$(hostname -f)
DOMAIN=$(hostname -d)
-sitefiles="000-$HOST www.$DOMAIN 001-ssl"
-sitesdir=/etc/apache2/sites-available
+sitefiles=
case "$1" in
# Get CARNet config files in /etc/apache2/sites-available directory.
if [ -d "${sitesdir}" ] && [ -n "$(ls ${sitesdir}/)" ]; then
- sitefiles=""
for file in ${sitesdir}/*; do
if [ -f "$file" ]; then
if egrep -q "^## Begin - Generated by CARNet package apache2-cn$" $file; then
fi
# Remove our vhosts.
- for site in $sitefiles; do
+ if [ -n "$sitefiles" ]; then
+ for site in $sitefiles; do
- if [ -e "$sitesdir/$site" ]; then
+ if [ -e "$sitesdir/$site" ]; then
- cp_echo "CN: Removing $site site configuration file."
- rm -f $sitesdir/$site
- fi
- done
+ cp_echo "CN: Removing $site site configuration file."
+ rm -f $sitesdir/$site
+ fi
+ done
+ fi
# Remove default DocumentRoot if there's only a one line index.html there
- docroots="/var/www/$HOST.$DOMAIN /var/www/www.$DOMAIN"
+ docroots="/var/www/$HOST /var/www/www.$DOMAIN"
if [ -d "/var/www" ]; then
fi
# Remove CARNet specific configuration.
- if [ -d "$CONFDIR/conf.d" ] && [ -n "$(ls ${CONFDIR}/conf.d/)" ]; then
+ if [ -d "${CONFDIR}/conf.d" ] && [ -n "$(ls ${CONFDIR}/conf.d/)" ]; then
cp_echo "CN: Disabling CARNet specific configuration."
- for file in /etc/apache2/conf.d/*; do
- if egrep -q "^## Begin - Generated by CARNet package apache2-cn$" $file; then
- rm -f $file
+ for file in ${CONFDIR}/conf.d/*; do
+ if [ -f "$file" ]; then
+ if egrep -q "^## Begin - Generated by CARNet package apache2-cn$" $file; then
+ rm -f $file
+ fi
fi
done
fi
# Include CARNet functions.
. /usr/share/carnet-tools/functions.sh
-
-HOST=$(hostname -f)
-DOMAIN=$(hostname -d)
-sites="000-$HOST 001-ssl www.$DOMAIN"
-sitesendir=/etc/apache2/sites-enabled
+CONFDIR="/etc/apache2"
+sitesendir=${CONFDIR}/sites-enabled
+sites=
case "$1" in
# Get CARNet config files in /etc/apache2/sites-enabled directory.
if [ -d "${sitesendir}" ] && [ -n "$(ls ${sitesendir}/)" ]; then
- sites=""
for file in ${sitesendir}/*; do
if [ -f "$file" ]; then
if egrep -q "^## Begin - Generated by CARNet package apache2-cn$" $file; then
fi
# Deconfigure our web sites, do nothing else
- for site in $sites; do
+ if [ -n "$sites" ]; then
+ for site in $sites; do
- if [ -e "$sitesendir/$site" ]; then
+ if [ -e "$sitesendir/$site" ]; then
- cp_echo "CN: Disabling $site site configuration."
- a2dissite $site >/dev/null || true
- fi
- done
+ cp_echo "CN: Disabling $site site configuration."
+ a2dissite $site >/dev/null || true
+ fi
+ done
+ fi
- cp_echo "CN: Enabling default site configuration for Apache2 web server."
- a2ensite default >/dev/null || true
+ if [ -f "${CONFDIR}/sites-available/default" ]; then
+ cp_echo "CN: Enabling default site configuration for Apache2 web server."
+ a2ensite default >/dev/null || true
+ fi
# Restart Apache2 web server.
if apache2ctl configtest 2>/dev/null; then
dh_installexamples
dh_install -X.svn
# dh_installmenu
-# dh_installdebconf
+ dh_installdebconf
# dh_installlogrotate
# dh_installemacsen
# dh_installpam
projects / apache2-cn.git / commitdiff