5 [ "$DEBIAN_SCRIPT_DEBUG" ] && set -vx
7 # Source debconf library.
8 . /usr/share/debconf/confmodule
15 abort-upgrade|abort-remove|abort-deconfigure)
20 echo "postinst called with unknown argument \`$1'" >&2
26 # Include CARNet functions.
27 . /usr/share/carnet-tools/functions.sh
31 CONFDIR="/etc/apache2"
32 CONFDIROLD="/etc/apache"
33 CONF="$CONFDIR/apache2.conf"
34 CONFOLD="$CONFDIROLD/httpd.conf"
35 A2MODEDIR="$CONFDIR/mods-enabled"
36 PORTCONF="$CONFDIR/ports.conf"
37 A2CNDIR=/usr/share/apache2-cn
38 TMPLDIR=$A2CNDIR/templates
39 CERTDIR=/etc/ssl/certs
40 A2PHPINI="/etc/php5/apache2/php.ini"
43 FQDN=$(hostname --fqdn)
44 WEBMASTER="webmaster@$FQDN"
46 BACKUPDIR="/var/backups/apache2-cn"
62 # Cleanup all temp files.
66 if [ -n "$temp_files" ]; then
67 for item in $temp_files; do
68 if [ -e "$item" ]; then
77 # Add CARNet package info lines to config's header.
84 if [ -e "$conf_file" ]; then
86 cat >> $conf_file <<EOF
87 ## Begin - Generated by CARNet package apache2-cn
89 # REMOVE this whole block if you DON'T WANT apache2-cn
90 # to edit your configuration file.
92 ## End - Generated by CARNet package apache2-cn
99 # Check if configuration file has CARNet package info lines.
100 # return: $RET => 0 - tagged
101 # 1 - not tagged or file does not exists
102 # 2 - file exists, but it is not tagged
110 if [ -f "$conf_file" ]; then
111 if egrep -q "^## Begin - Generated by CARNet package apache2-cn$" "$conf_file"; then
121 # Check CustomLog, ErrorLog and TransferLog paths - /var/log/apache/ is replaced
122 # with /var/log/apache2/.
129 if [ -f "$conf_file" ]; then
131 if egrep -iq '^[[:space:]]*(Error|Custom|Transfer)Log[[:space:]]*\/var\/log\/apache\/' "$conf_file"; then
133 out=$(mktemp ${conf_file}.XXXXXX)
134 temp_files="${temp_files} ${out}"
136 sed 's/\(^[[:space:]]*\(Error\|Custom\|Transfer\)Log[[:space:]]*\)\/var\/log\/apache\//\1\/var\/log\/apache2\//I' \
148 # Generate Apache2 web server SSL certificate.
152 generate_ssl_output=$($A2CNDIR/carnet-generate-ssl ignore "$FQDN" "$WEBMASTER" "$DOMAIN" 2> /dev/null)
153 cp_echo "$generate_ssl_output"
159 # Check if port 443 is configured in ports.conf file.
163 if [ ! -f "$PORTCONF" ] || ! egrep -iq "^[[:space:]]*Listen[[:space:]]*.*443$" "$PORTCONF"; then
165 cp_echo "CN: Enabling SSL port (443) for Apache2 web server."
167 out=$(mktemp ${PORTCONF}.XXXXXX)
169 if [ -f "$PORTCONF" ]; then
173 echo "Listen 443" >> $out
178 temp_files="${temp_files} ${out}"
184 # Install specified Apache2 configuration file.
188 conftmpl="$A2CNDIR/$1.conf"
189 conf="$CONFDIR/conf.d/$2.conf"
191 if [ ! -e "$conf" ]; then
193 cp_echo "CN: Enabling CARNet specific configuration."
194 cp "$conftmpl" "$conf"
198 cp_echo "CN: $conf already exists, left untouched." 1>&2
204 # Install specified VirtualHost for Apache2 web server.
208 # install_vhost [-nvh] [-d] [-s docroot_symlink_dest] template site site-enabled-symlink
210 # -nvh - add NameVirtualHost
211 # -d - mkdir DocumentRoot
212 # -r - set DocumentRoot
213 # -n - set ServerName
214 # -s X - symlink DocumentRoot to X (all in /var/www)
216 # site - name of file in sites-available, host part of ServerName unless -r or -n is used
217 # site-enabled-symlink - name of symlink in sites-enabled
227 while echo "x$1" | grep -q '^x-'; do
245 if ! echo "$docroot" | grep -q /; then
246 docroot="/var/www/$docroot"
258 vhosttmpl="$1.template"
261 [ -z "$vhostname" ] && vhostname=$(echo "$vhost"| awk -F. '{print $1}')
264 vhostdir=$CONFDIR/sites-available
265 venabledir=$CONFDIR/sites-enabled
267 if [ ! -e "$TMPLDIR/${vhosttmpl}" ]; then
268 echo "E: vhost template ${vhosttmpl} not found in $TMPLDIR!" 1>&2
272 [ -z "$docroot" ] && docroot="/var/www/$vhostname.$DOMAIN"
274 # if we were broken mid-installation, force
275 if [ ! -e "$docroot" -a \( -n "$mkdir_docroot" -o -n "$symlink_docroot" \) ]; then
279 # add vhost if either of these is true
280 # - adding is forced OR
283 if [ -n "$force_vhost" -o \( ! -e "$vhostdir/$vhost" -a ! -e "$venabledir/$venabled" \) ]; then
285 cp_echo "CN: Adding $vhost VirtualHost."
286 out=$(mktemp $vhostdir/$vhost.XXXXXX)
287 temp_files="${temp_files} ${out}"
292 if [ "$add_namevirthost" ]; then
293 nvh=$(awk -F'[ >]' '/^<VirtualHost/ {print $2}' $TMPLDIR/$vhosttmpl |\
294 sed "s/IPADDR/$MYIP/g")
295 echo "NameVirtualHost $nvh" >> $out
298 sed "s/HOST/$vhostname/g; s/DOMAIN/$DOMAIN/g;
299 s#DOCROOT#$docroot#g; s/IPADDR/$MYIP/g" < $TMPLDIR/$vhosttmpl >> $out
300 cp_mv $out $vhostdir/$vhost
301 chmod 644 $vhostdir/$vhost
302 ln -fs ../sites-available/$vhost $venabledir/$venabled
304 if [ -n "$mkdir_docroot" -a ! -d "$docroot" ]; then
306 echo '<html><body><h1>Radi!</h1></body></html>' > "$docroot/index.html"
307 elif [ -n "$symlink_docroot" ]; then
308 ln -fs "$symlink_docroot" "$docroot"
316 # Set trap for deleting all temp files.
318 trap cleanup 0 1 2 15
321 # Make sure that monit conf for Apache is disabled.
323 if [ -f "/etc/monit.d/apache1.conf" ]; then
324 mv /etc/monit.d/apache1.conf /etc/monit.d/apache1.conf.disabled
325 pkill -9 -f /usr/sbin/monit || true
329 # Make sure Apache is NOT running.
331 if [ -x /usr/sbin/invoke-rc.d ]; then
332 [ -x /usr/sbin/apache ] && invoke-rc.d apache stop || true
333 pkill -9 -f /usr/sbin/apache || true
335 [ -x /etc/init.d/apache ] && /etc/init.d/apache stop || true
339 # Backup all configuration located in /etc/apache2/conf.d/ and
340 # /etc/apache2/sites-available/ directories.
342 if [ -e "$CONF" ]; then
343 cp_echo "CN: Doing backup for $CONF"
344 cp_backup_conffile -d $BACKUPDIR -p $CONF
347 if [ -d "$CONFDIR/conf.d" ] && [ -n "$(ls ${CONFDIR}/conf.d/)" ]; then
348 cp_echo "CN: Doing backup for all files in /etc/apache2/conf.d/"
349 for file in /etc/apache2/conf.d/*; do
350 if [ -z "$(echo $file | egrep '^/.*~')" ]; then
351 cp_backup_conffile -d $BACKUPDIR -p $file
356 if [ -d "$CONFDIR/sites-available" ] && [ -n "$(ls ${CONFDIR}/sites-available/)" ]; then
357 cp_echo "CN: Doing backup for all files in /etc/apache2/sites-available/"
358 for file in /etc/apache2/sites-available/*; do
359 if [ -z "$(echo $file | egrep '^/.*~')" ]; then
360 cp_backup_conffile -d $BACKUPDIR -p $file
365 if [ $backup_done -eq 1 ]; then
366 cp_echo "CN: Backup is located in directory: $BACKUPDIR/"
370 # Enable Apache2 web server modules (cgi, rewrite, userdir, suexec, php5, ssl).
372 if [ -e "$CONF" ]; then
374 if [ ! -e "$A2MODEDIR/cgi.load" ]; then
375 cp_echo "CN: Enabling CGI module for Apache2 web server."
376 a2enmod cgi >/dev/null || true
380 if [ ! -e "$A2MODEDIR/rewrite.load" ]; then
381 cp_echo "CN: Enabling rewrite module for Apache2 web server."
382 a2enmod rewrite >/dev/null || true
386 if [ ! -e "$A2MODEDIR/userdir.load" ] || [ ! -e "$A2MODEDIR/userdir.conf" ]; then
387 cp_echo "CN: Enabling userdir module for Apache2 web server."
388 a2enmod userdir >/dev/null || true
392 if [ ! -e "$A2MODEDIR/suexec.load" ]; then
393 cp_echo "CN: Enabling SUEXEC module for Apache2 web server."
394 a2enmod suexec >/dev/null || true
398 if [ ! -e "$A2MODEDIR/php5.load" ] || [ ! -e "$A2MODEDIR/php5.conf" ]; then
399 if [ -e "/usr/lib/apache2/modules/libphp5.so" ]; then
400 cp_echo "CN: Enabling PHP5 module for Apache2 web server."
401 a2enmod php5 >/dev/null || true
406 if [ ! -e "$A2MODEDIR/php4.load" ] || [ ! -e "$A2MODEDIR/php4.conf" ]; then
407 if [ -e "/usr/lib/apache2/modules/libphp4.so" ]; then
408 cp_echo "CN: Enabling PHP4 module for Apache2 web server."
409 a2enmod php4 >/dev/null || true
414 if [ ! -e "$A2MODEDIR/ssl.load" ] || [ ! -e "$A2MODEDIR/ssl.conf" ]; then
415 cp_echo "CN: Enabling SSL module for Apache2 web server."
416 a2enmod ssl >/dev/null || true
422 # Install CARNet specific configuration file.
424 install_conf carnet 000-carnet
426 # Enable SSL port (443).
430 # Disable default site configuration.
432 if [ -e "$CONF" ]; then
433 if [ -e "$CONFDIR/sites-enabled/000-default" ]; then
434 cp_echo "CN: Disabling 000-default site configuration."
435 a2dissite 000-default >/dev/null || true
442 # Apache2 SSL certificate.
446 if [ -d "$CONFDIR/conf.d" ] && [ -n "$(ls $CONFDIR/conf.d)" ]; then
447 listen_ssl_mask=$CONFDIR/conf.d/*
449 if [ -d "$CONFDIR/sites-enabled" ] && [ -n "$(ls $CONFDIR/sites-enabled)" ]; then
450 listen_ssl_mask=$listen_ssl_mask" "$CONFDIR/sites-enabled/*
453 for file in $CONF $listen_ssl_mask; do
454 if [ -f "$file" ]; then
455 if egrep -iq '^[[:space:]]*<VirtualHost .*443[[:space:]]*>' $file; then
463 if [ $apache2_sslcert -eq 0 ]; then
465 db_get apache2-cn/sslcf || true
468 if [ -n "$apache2_sslcf" ]; then
470 db_get apache2-cn/sslckf || true
471 apache2_sslckf="$RET"
473 db_get apache2-cn/sslccf || true
474 apache2_sslccf="$RET"
479 # Generate new SSL certificate files.
491 db_fget apache2-cn/wwwhost seen
492 if [ "$RET" != "true" ]; then
494 db_get apache2-cn/wwwhost || true
495 if [ "$RET" = "true" ]; then
497 # Add WWW VirtualHost.
498 if [ -f "$CONFDIR/sites-available/$FQDN" ]; then
499 cp_backup_conffile -d $BACKUPDIR -p $CONFDIR/sites-available/$FQDN
501 if [ -f "$CONFDIR/sites-available/www.$DOMAIN" ]; then
502 cp_backup_conffile -d $BACKUPDIR -p $CONFDIR/sites-available/www.$DOMAIN
505 chk_conf_tag "$CONFDIR/sites-available/$FQDN"
506 if [ ! -f "$CONFDIR/sites-available/$FQDN" ] || [ $RET -eq 0 -a -f "$CONFOLD" ]; then
507 install_vhost -nvh -d -r www.$DOMAIN default $FQDN 000-$FQDN
511 chk_conf_tag "$CONFDIR/sites-available/www.$DOMAIN"
512 if [ ! -f "$CONFDIR/sites-available/www.$DOMAIN" ] || [ $RET -eq 0 -a -f "$CONFOLD" ]; then
513 install_vhost default www.$DOMAIN www.$DOMAIN
518 # No WWW VirtualHost.
519 if [ -f "$CONFDIR/sites-available/$FQDN" ]; then
520 cp_backup_conffile -d $BACKUPDIR -p $CONFDIR/sites-available/$FQDN
523 chk_conf_tag "$CONFDIR/sites-available/$FQDN"
524 if [ ! -f "$CONFDIR/sites-available/$FQDN" ] || [ $RET -eq 0 -a -f "$CONFOLD" ]; then
525 install_vhost -nvh -d -r $FQDN default $FQDN 000-$FQDN
532 # Add VirtualHost for SSL?
534 if [ $apache2_sslcert -eq 0 ]; then
536 if [ -f "$CONFDIR/sites-available/ssl" ]; then
537 cp_backup_conffile -d $BACKUPDIR -p $CONFDIR/sites-available/ssl
540 # No active SSL VirtualHosts found - add new one.
541 chk_conf_tag "$CONFDIR/sites-available/ssl"
542 if [ ! -f "$CONFDIR/sites-available/ssl" ] || [ $RET -eq 0 -a -f "$CONFOLD" ]; then
543 install_vhost -r $FQDN -n $HOST ssl ssl 001-ssl
549 # Check SSL certificates location for VirtualHosts.
551 if [ $apache2_sslcert -eq 0 ]; then
553 chk_conf_tag "${CONFDIR}/sites-available/ssl"
554 if [ $RET -eq 0 ] && [ -n "$apache2_sslcf" ]; then
556 SSLTMP=$(mktemp ${CONFDIR}/ssltmp.XXXXXX)
557 temp_files="${temp_files} ${SSLTMP}"
558 cp ${CONFDIR}/sites-available/ssl $SSLTMP
561 cp_check_and_sed "^[[:space:]]*SSLCertificateFile \/etc\/ssl\/certs\/apache2\.pem" \
562 "s#SSLCertificateFile /etc/ssl/certs/apache2.pem#SSLCertificateFile $apache2_sslcf #g" \
565 # SSLCertificateKeyFile
566 cp_check_and_sed "^[[:space:]]*SSLCertificateKeyFile \/etc\/ssl\/private\/apache2\.key" \
567 "s#SSLCertificateKeyFile /etc/ssl/private/apache2.key#SSLCertificateKeyFile $apache2_sslckf #g" \
570 # SSLCertificateChainFile
571 if [ -n "$apache2_sslccf" ]; then
572 cp_check_and_sed "^# SSLCertificateChainFile \/etc\/ssl\/certs/sureserverEDU\.pem" \
573 "s#\# SSLCertificateChainFile /etc/ssl/certs/sureserverEDU.pem#SSLCertificateChainFile $apache2_sslccf #g" \
577 cp_mv $SSLTMP ${CONFDIR}/sites-available/ssl
582 if [ -e "$SSLTMP" ]; then
589 # Check for CustomLog, ErrorLog and TransferLog in Apache2 configuration.
591 cp_echo "CN: Checking Apache2 CustomLog, ErrorLog and TransferLog directives."
592 if [ -d "$CONFDIR/conf.d" ] && [ -n "$(ls $CONFDIR/conf.d)" ]; then
593 log_mask=$CONFDIR/conf.d/*
595 if [ -d "$CONFDIR/sites-available" ] && [ -n "$(ls $CONFDIR/sites-available)" ]; then
596 log_mask=$log_mask" "$CONFDIR/sites-available/*
598 for file in $CONF $log_mask; do
600 if [ $RET -eq 0 ]; then
606 # Start Apache2 web server on boot?
607 # This will enable Apache2 in /etc/default/apache2 file.
609 if egrep -q "^[[:space:]]*NO_START=1" /etc/default/apache2; then
610 cp_check_and_sed NO_START=1 s/NO_START=1/NO_START=0/ /etc/default/apache2 || true
618 # Remove old AOSI configuration for Apache: aosi-www.conf, aosi.conf.
620 if [ -e "$CONFDIR/conf.d/aosi-www.conf" ] || [ -e "$CONFDIR/conf.d/aosi.conf" ]; then
621 cp_echo "CN: Removing old AOSI configuration files for Apache2."
624 [ -e "$CONFDIR/conf.d/aosi-www.conf" ] && rm -f $CONFDIR/conf.d/aosi-www.conf
625 [ -e "$CONFDIR/conf.d/aosi.conf" ] && rm -f $CONFDIR/conf.d/aosi.conf
628 # Stop Apache web server and disable Apache automatic start on boot.
630 if [ -x "/etc/init.d/apache" ]; then
633 if [ -x "`which invoke-rc.d 2>/dev/null`" ]; then
634 invoke-rc.d apache stop || true
636 /etc/init.d/apache stop || true
639 # Disable automatic start on boot.
640 if [ -x "`which update-rc.d 2>/dev/null`" ]; then
641 update-rc.d -f apache remove > /dev/null 2>&1 || true
642 update-rc.d apache stop 90 6 . > /dev/null 2>&1 || true
646 # Also check for Apache-SSL web server.
648 if [ -x "/etc/init.d/apache-ssl" ]; then
651 if [ -x "`which invoke-rc.d 2>/dev/null`" ]; then
652 invoke-rc.d apache-ssl stop || true
654 /etc/init.d/apache-ssl stop || true
657 # Disable automatic start on boot.
658 if [ -x "`which update-rc.d 2>/dev/null`" ]; then
659 update-rc.d -f apache-ssl remove > /dev/null 2>&1 || true
660 update-rc.d apache-ssl stop 90 6 . > /dev/null 2>&1 || true
665 # Restart Apache2 web server if needed.
667 if [ $need_restart -eq 1 ]; then
669 # Check Apache2 web server configuration.
670 if apache2ctl configtest 2>/dev/null; then
672 # Restart Apache2 web server.
673 if [ -x "/etc/init.d/apache2" ]; then
674 if [ -x "`which invoke-rc.d 2>/dev/null`" ]; then
675 invoke-rc.d apache2 force-reload || true
677 /etc/init.d/apache2 force-reload || true
682 # Something is broken.
683 cp_echo "CN: Your Apache2 configuration seem to be broken."
684 cp_echo "CN: Please, check the service after the installation finishes!"
694 # (re)generate monit.d files if monit-cn is installed.
696 if [ -x "/usr/sbin/update-monit.d" ]; then
697 update-monit.d || true