5 [ "$DEBIAN_SCRIPT_DEBUG" ] && set -vx
7 # Source debconf library.
8 . /usr/share/debconf/confmodule
15 abort-upgrade|abort-remove|abort-deconfigure)
20 echo "postinst called with unknown argument \`$1'" >&2
26 # Include CARNet functions.
27 . /usr/share/carnet-tools/functions.sh
31 CONFDIR="/etc/apache2"
32 CONF="$CONFDIR/apache2.conf"
33 A2MODEDIR="$CONFDIR/mods-enabled"
34 PORTCONF="$CONFDIR/ports.conf"
35 A2CNDIR=/usr/share/apache2-cn
36 TMPLDIR=$A2CNDIR/templates
37 CERTDIR=/etc/ssl/certs
38 A2PHPINI="/etc/php5/apache2/php.ini"
41 FQDN=$(hostname --fqdn)
42 WEBMASTER="webmaster@$FQDN"
44 BACKUPDIR="/var/backups/apache2-cn"
59 # Cleanup all temp files.
62 if [ -n "$temp_files" ]; then
63 for item in $temp_files; do
64 if [ -e "$item" ]; then
73 # Add CARNet package info lines to config's header.
79 if [ -e "$conf_file" ]; then
80 cat >> $conf_file <<EOF
81 ## Begin - Generated by CARNet package apache2-cn
83 # REMOVE this whole block if you DON'T WANT apache2-cn
84 # to edit your configuration file.
86 ## End - Generated by CARNet package apache2-cn
93 # Check if configuration file has CARNet package info lines.
94 # return: $RET => 0 - tagged
95 # 1 - not tagged or file does not exists
96 # 2 - file exists, but it is not tagged
103 if [ -f "$conf_file" ]; then
104 if egrep -q "^## Begin - Generated by CARNet package apache2-cn$" "$conf_file"; then
114 # Generate Apache2 web server SSL certificate.
117 generate_ssl_output=$($A2CNDIR/carnet-generate-ssl ignore "$FQDN" "$WEBMASTER" "$DOMAIN" 2> /dev/null)
118 cp_echo "$generate_ssl_output"
124 # Check if port 443 is configured in ports.conf file.
128 if [ ! -f "$PORTCONF" ] || ! egrep -iq "^[[:space:]]*Listen[[:space:]]+443$" "$PORTCONF"; then
130 cp_echo "CN: Enabling SSL port (443) for Apache2 web server."
132 out=$(mktemp ${PORTCONF}.XXXXXX)
133 temp_files="${temp_files} ${out}"
135 if [ -f "$PORTCONF" ]; then
139 echo "Listen 443" >> $out
149 # Install specified Apache2 configuration file.
152 conftmpl="$A2CNDIR/$1.conf"
153 conf="$CONFDIR/conf.d/$2.conf"
155 if [ ! -e "$conf" ]; then
157 cp_echo "CN: Enabling CARNet specific configuration."
158 cp "$conftmpl" "$conf"
162 cp_echo "CN: $conf already exists, left untouched." 1>&2
168 # Install specified VirtualHost for Apache2 web server.
172 # install_vhost [-nvh] [-d] [-s docroot_symlink_dest] template site site-enabled-symlink
174 # -nvh - add NameVirtualHost
175 # -d - mkdir DocumentRoot
176 # -r - set DocumentRoot
177 # -n - set ServerName
178 # -s X - symlink DocumentRoot to X (all in /var/www)
180 # site - name of file in sites-available, host part of ServerName unless -r or -n is used
181 # site-enabled-symlink - name of symlink in sites-enabled
190 while echo "x$1" | grep -q '^x-'; do
208 if ! echo "$docroot" | grep -q /; then
209 docroot="/var/www/$docroot"
221 vhosttmpl="$1.template"
224 [ -z "$vhostname" ] && vhostname=$(echo "$vhost"| awk -F. '{print $1}')
227 vhostdir=$CONFDIR/sites-available
228 venabledir=$CONFDIR/sites-enabled
230 if [ ! -e "$TMPLDIR/${vhosttmpl}" ]; then
231 echo "E: vhost template ${vhosttmpl} not found in $TMPLDIR!" 1>&2
235 [ -z "$docroot" ] && docroot="/var/www/$vhostname.$DOMAIN"
237 # if we were broken mid-installation, force
238 if [ ! -e "$docroot" -a \( -n "$mkdir_docroot" -o -n "$symlink_docroot" \) ]; then
242 # add vhost if either of these is true
243 # - adding is forced OR
246 if [ -n "$force_vhost" -o \( ! -e "$vhostdir/$vhost" -a ! -e "$venabledir/$venabled" \) ]; then
248 cp_echo "CN: Adding $vhost VirtualHost."
249 out=$(mktemp $vhostdir/$vhost.XXXXXX)
250 temp_files="${temp_files} ${out}"
255 if [ "$add_namevirthost" ]; then
256 nvh=$(awk -F'[ >]' '/^<VirtualHost/ {print $2}' $TMPLDIR/$vhosttmpl |\
257 sed "s/IPADDR/$MYIP/g")
258 echo "NameVirtualHost $nvh" >> $out
261 sed "s/HOST/$vhostname/g; s/DOMAIN/$DOMAIN/g;
262 s#DOCROOT#$docroot#g; s/IPADDR/$MYIP/g" < $TMPLDIR/$vhosttmpl >> $out
263 cp_mv $out $vhostdir/$vhost
264 chmod 644 $vhostdir/$vhost
265 ln -fs ../sites-available/$vhost $venabledir/$venabled
267 if [ -n "$mkdir_docroot" -a ! -d "$docroot" ]; then
269 echo '<html><body><h1>Radi!</h1></body></html>' > "$docroot/index.html"
270 elif [ -n "$symlink_docroot" ]; then
271 ln -fs "$symlink_docroot" "$docroot"
279 # Set trap for deleting all temp files.
281 trap cleanup 0 1 2 15
284 # Backup all configuration located in /etc/apache2/conf.d/ and
285 # /etc/apache2/sites-available/ directories.
287 if [ -e "$CONF" ]; then
288 cp_echo "CN: Doing backup for $CONF"
289 cp_backup_conffile -d $BACKUPDIR -p $CONF
292 if [ -d "$CONFDIR/conf.d" ] && [ -n "$(ls ${CONFDIR}/conf.d/)" ]; then
293 cp_echo "CN: Doing backup for all files in /etc/apache2/conf.d/"
294 for file in /etc/apache2/conf.d/*; do
295 if [ -z "$(echo $file | egrep '^/.*~')" ]; then
296 cp_backup_conffile -d $BACKUPDIR -p $file
301 if [ -d "$CONFDIR/sites-available" ] && [ -n "$(ls ${CONFDIR}/sites-available/)" ]; then
302 cp_echo "CN: Doing backup for all files in /etc/apache2/sites-available/"
303 for file in /etc/apache2/sites-available/*; do
304 if [ -z "$(echo $file | egrep '^/.*~')" ]; then
305 cp_backup_conffile -d $BACKUPDIR -p $file
310 if [ $backup_done -eq 1 ]; then
311 cp_echo "CN: Backup is located in directory: $BACKUPDIR/"
315 # Enable Apache2 web server modules (cgi, rewrite, userdir, suexec, php5, ssl).
317 if [ -e "$CONF" ]; then
319 if [ ! -e "$A2MODEDIR/cgi.load" ]; then
320 cp_echo "CN: Enabling CGI module for Apache2 web server."
321 a2enmod cgi >/dev/null || true
325 if [ ! -e "$A2MODEDIR/rewrite.load" ]; then
326 cp_echo "CN: Enabling rewrite module for Apache2 web server."
327 a2enmod rewrite >/dev/null || true
331 if [ ! -e "$A2MODEDIR/userdir.load" ] || [ ! -e "$A2MODEDIR/userdir.conf" ]; then
332 cp_echo "CN: Enabling userdir module for Apache2 web server."
333 a2enmod userdir >/dev/null || true
337 if [ ! -e "$A2MODEDIR/suexec.load" ]; then
338 cp_echo "CN: Enabling SUEXEC module for Apache2 web server."
339 a2enmod suexec >/dev/null || true
343 if [ ! -e "$A2MODEDIR/php5.load" ] || [ ! -e "$A2MODEDIR/php5.conf" ]; then
344 if [ -e "/usr/lib/apache2/modules/libphp5.so" ]; then
345 cp_echo "CN: Enabling PHP5 module for Apache2 web server."
346 a2enmod php5 >/dev/null || true
351 if [ ! -e "$A2MODEDIR/ssl.load" ] || [ ! -e "$A2MODEDIR/ssl.conf" ]; then
352 cp_echo "CN: Enabling SSL module for Apache2 web server."
353 a2enmod ssl >/dev/null || true
359 # Install CARNet specific configuration file.
361 install_conf carnet 000-carnet
363 # Enable SSL port (443).
367 # Disable default site configuration.
369 if [ -e "$CONF" ]; then
370 if [ -e "$CONFDIR/sites-enabled/000-default" ]; then
371 cp_echo "CN: Disabling 000-default site configuration."
372 a2dissite 000-default >/dev/null || true
379 # Apache2 SSL certificate.
381 if [ -d "$CONFDIR/conf.d" ] && [ -n "$(ls $CONFDIR/conf.d)" ]; then
382 listen_ssl_mask=$CONFDIR/conf.d/*
384 if [ -d "$CONFDIR/sites-enabled" ] && [ -n "$(ls $CONFDIR/sites-enabled)" ]; then
385 listen_ssl_mask=$listen_ssl_mask" "$CONFDIR/sites-enabled/*
388 for file in $CONF $listen_ssl_mask; do
389 if [ -f "$file" ]; then
390 if egrep -iq '^[[:space:]]*<VirtualHost .*443[[:space:]]*>' $file; then
397 if [ $has_listen_ssl -eq 0 ]; then
399 db_get apache2-cn/sslcf || true
402 if [ -n "$apache2_sslcf" ]; then
404 db_get apache2-cn/sslckf || true
405 apache2_sslckf="$RET"
407 db_get apache2-cn/sslccf || true
408 apache2_sslccf="$RET"
413 # Generate new SSL certificate files.
428 db_get apache2-cn/wwwhost || true
429 if [ "$RET" = "true" ]; then
431 # Add WWW VirtualHost.
432 if [ -f "$CONFDIR/sites-available/$FQDN" ]; then
433 cp_backup_conffile -d $BACKUPDIR -p $CONFDIR/sites-available/$FQDN
435 if [ -f "$CONFDIR/sites-available/www.$DOMAIN" ]; then
436 cp_backup_conffile -d $BACKUPDIR -p $CONFDIR/sites-available/www.$DOMAIN
439 chk_conf_tag "$CONFDIR/sites-available/$FQDN"
440 if [ ! -f "$CONFDIR/sites-available/$FQDN" ] || [ $RET -eq 0 ]; then
441 if egrep -qi "^[[:space:]]*NameVirtualHost[[:space:]]+\*:80$" "$PORTCONF"; then
442 install_vhost -d -r www.$DOMAIN default $FQDN 000-$FQDN
444 install_vhost -nvh -d -r www.$DOMAIN default $FQDN 000-$FQDN
449 chk_conf_tag "$CONFDIR/sites-available/www.$DOMAIN"
450 if [ ! -f "$CONFDIR/sites-available/www.$DOMAIN" ] || [ $RET -eq 0 ]; then
451 install_vhost default www.$DOMAIN www.$DOMAIN
456 # No WWW VirtualHost.
457 if [ -f "$CONFDIR/sites-available/$FQDN" ]; then
458 cp_backup_conffile -d $BACKUPDIR -p $CONFDIR/sites-available/$FQDN
461 chk_conf_tag "$CONFDIR/sites-available/$FQDN"
462 if [ ! -f "$CONFDIR/sites-available/$FQDN" ] || [ $RET -eq 0 ]; then
463 if egrep -qi "^[[:space:]]*NameVirtualHost[[:space:]]+\*:80$" "$PORTCONF"; then
464 install_vhost -d -r $FQDN default $FQDN 000-$FQDN
466 install_vhost -nvh -d -r $FQDN default $FQDN 000-$FQDN
474 # Add VirtualHost for SSL?
476 if [ $has_listen_ssl -eq 0 ]; then
478 if [ -f "$CONFDIR/sites-available/ssl" ]; then
479 cp_backup_conffile -d $BACKUPDIR -p $CONFDIR/sites-available/ssl
482 # No active SSL VirtualHosts found - add new one.
483 chk_conf_tag "$CONFDIR/sites-available/ssl"
484 if [ ! -f "$CONFDIR/sites-available/ssl" ] || [ $RET -eq 0 ]; then
486 db_get apache2-cn/wwwhost || true
487 if [ "$RET" = "true" ]; then
488 install_vhost -r www.$DOMAIN -n $HOST ssl ssl 001-ssl
490 install_vhost -r $FQDN -n $HOST ssl ssl 001-ssl
497 # Check SSL certificates location for VirtualHosts.
499 if [ $has_listen_ssl -eq 0 ]; then
501 chk_conf_tag "${CONFDIR}/sites-available/ssl"
502 if [ $RET -eq 0 ] && [ -n "$apache2_sslcf" ]; then
504 SSLTMP=$(mktemp ${CONFDIR}/ssltmp.XXXXXX)
505 temp_files="${temp_files} ${SSLTMP} ${SSLTMP}.cn-old"
506 cp ${CONFDIR}/sites-available/ssl $SSLTMP
509 cp_check_and_sed "^[[:space:]]*SSLCertificateFile \/etc\/ssl\/certs\/apache2\.pem" \
510 "s#SSLCertificateFile /etc/ssl/certs/apache2.pem#SSLCertificateFile $apache2_sslcf #g" \
513 # SSLCertificateKeyFile
514 cp_check_and_sed "^[[:space:]]*SSLCertificateKeyFile \/etc\/ssl\/private\/apache2\.key" \
515 "s#SSLCertificateKeyFile /etc/ssl/private/apache2.key#SSLCertificateKeyFile $apache2_sslckf #g" \
518 # SSLCertificateChainFile
519 if [ -n "$apache2_sslccf" ]; then
520 cp_check_and_sed "^[[:space:]]*# SSLCertificateChainFile \/etc\/ssl\/certs\/(sureserverEDU|cert-chain)\.pem" \
521 "s#\# SSLCertificateChainFile /etc/ssl/certs/\(sureserverEDU\|cert-chain\).pem#SSLCertificateChainFile $apache2_sslccf #g" \
525 cp_mv $SSLTMP ${CONFDIR}/sites-available/ssl
530 [ -e "${SSLTMP}" ] && rm -f ${SSLTMP}
531 [ -e "${SSLTMP}.cn-old" ] && rm -f ${SSLTMP}.cn-old
536 # Check file access permissions for SSL certificates.
538 cp_echo "CN: Checking file access permissions for Apache2 SSL certificates."
539 sslkey=/etc/ssl/private
540 sslcerts="${sslkey}/ca.key ${sslkey}/apache2-ca.key ${sslkey}/apache2.key"
541 for certf in $sslcerts; do
542 if [ -f "$certf" ]; then
548 # Check and remove obsolete "Include /etc/apache2/sites-enabled/[^.#]*" from
549 # /etc/apache2/apache2.conf.
551 if egrep -iq "^[[:space:]]*Include[[:space:]]+\/etc\/apache2\/sites-enabled\/\[\^\.\#\]\*$" "$CONF"; then
553 cp_echo "CN: Fixing obsolete Include line in $CONF."
554 CONFTMP=`mktemp $CONF.tmp.XXXXXX`
555 sed -r "/^[[:space:]]*Include[[:space:]]+\/etc\/apache2\/sites-enabled\/\[\^\.\#\]\*$/Id" \
558 if ! egrep -iq "^[[:space:]]*Include[[:space:]]+\/etc\/apache2\/sites-enabled\/$" "$CONFTMP"; then
559 echo "Include /etc/apache2/sites-enabled/" >> "$CONFTMP"
562 cp_mv "$CONFTMP" "$CONF"
570 # Remove old AOSI configuration for Apache: aosi-www.conf, aosi.conf.
572 if [ -e "$CONFDIR/conf.d/aosi-www.conf" ] || [ -e "$CONFDIR/conf.d/aosi.conf" ]; then
573 cp_echo "CN: Removing old AOSI configuration files for Apache2."
576 [ -e "$CONFDIR/conf.d/aosi-www.conf" ] && rm -f $CONFDIR/conf.d/aosi-www.conf
577 [ -e "$CONFDIR/conf.d/aosi.conf" ] && rm -f $CONFDIR/conf.d/aosi.conf
580 # Restart Apache2 web server if needed.
582 if [ $need_restart -eq 1 ]; then
584 # Check Apache2 web server configuration.
585 if apache2ctl configtest 2>/dev/null; then
587 # Restart Apache2 web server.
588 invoke-rc.d apache2 restart || true
591 # Something is broken.
592 cp_echo "CN: Your Apache2 configuration seem to be broken."
593 cp_echo "CN: Please, check the service after the installation finishes!"
603 # (re)generate monit.d files if monit-cn is installed.
605 if [ -x "/usr/sbin/update-monit.d" ]; then
606 cp_echo "CN: Updating monit configuration..."
607 update-monit.d || true