. /usr/share/carnet-tools/functions.sh
PKG="apache2-cn"
-VERSION="2.2-1"
+VERSION="2.2-5lenny1"
CONFDIR="/etc/apache2"
-CONFDIROLD="/etc/apache"
CONF="$CONFDIR/apache2.conf"
-CONFOLD="$CONFDIROLD/httpd.conf"
A2MODEDIR="$CONFDIR/mods-enabled"
PORTCONF="$CONFDIR/ports.conf"
A2CNDIR=/usr/share/apache2-cn
TMPLDIR=$A2CNDIR/templates
CERTDIR=/etc/ssl/certs
-A2PHPINI="/etc/php4/apache2/php.ini"
+A2PHPINI="/etc/php5/apache2/php.ini"
HOST=$(hostname)
FQDN=$(hostname --fqdn)
fi
}
-# conf_log_fix ()
-#
-# Check CustomLog, ErrorLog and TransferLog paths - /var/log/apache/ is replaced
-# with /var/log/apache2/.
-#
-conf_log_fix () {
-
- local conf_file out
- conf_file="$1"
-
- if [ -f "$conf_file" ]; then
-
- if egrep -iq '^[[:space:]]*(Error|Custom|Transfer)Log[[:space:]]*\/var\/log\/apache\/' "$conf_file"; then
-
- out=$(mktemp ${conf_file}.XXXXXX)
- temp_files="${temp_files} ${out}"
-
- sed 's/\(^[[:space:]]*\(Error\|Custom\|Transfer\)Log[[:space:]]*\)\/var\/log\/apache\//\1\/var\/log\/apache2\//I' \
- $conf_file > $out
- mv $out $conf_file
- fi
-
- # Be sure..
- chmod 644 $conf_file
- fi
-}
-
# generate_ssl()
#
# Generate Apache2 web server SSL certificate.
trap cleanup 0 1 2 15
-# Make sure that monit conf for Apache is disabled.
-#
-if [ -f "/etc/monit.d/apache1.conf" ]; then
- mv /etc/monit.d/apache1.conf /etc/monit.d/apache1.conf.disabled
- pkill -9 -f /usr/sbin/monit || true
-fi
-
-
-# Make sure Apache is NOT running.
-#
-if [ -x /usr/sbin/invoke-rc.d ]; then
- [ -x /usr/sbin/apache ] && invoke-rc.d apache stop || true
- pkill -9 -f /usr/sbin/apache || true
-else
- [ -x /etc/init.d/apache ] && /etc/init.d/apache stop || true
-fi
-
-
# Backup all configuration located in /etc/apache2/conf.d/ and
# /etc/apache2/sites-available/ directories.
#
fi
-# Enable Apache2 web server modules (cgi, rewrite, userdir, suexec, php4, ssl).
+# Enable Apache2 web server modules (cgi, rewrite, userdir, suexec, php5, ssl).
#
if [ -e "$CONF" ]; then
need_restart=1
fi
- if [ ! -e "$A2MODEDIR/php4.load" ] || [ ! -e "$A2MODEDIR/php4.conf" ]; then
- cp_echo "CN: Enabling PHP4 module for Apache2 web server."
- a2enmod php4 >/dev/null || true
+ if [ ! -e "$A2MODEDIR/php5.load" ] || [ ! -e "$A2MODEDIR/php5.conf" ]; then
+ if [ -e "/usr/lib/apache2/modules/libphp5.so" ]; then
+ cp_echo "CN: Enabling PHP5 module for Apache2 web server."
+ a2enmod php5 >/dev/null || true
need_restart=1
+ fi
fi
if [ ! -e "$A2MODEDIR/ssl.load" ] || [ ! -e "$A2MODEDIR/ssl.conf" ]; then
# Add VirtualHosts.
+# - on fresh install
#
-db_get apache2-cn/wwwhost || true
-if [ "$RET" = "true" ]; then
+if [ -z "$2" ]; then
+
+ db_get apache2-cn/wwwhost || true
+ if [ "$RET" = "true" ]; then
# Add WWW VirtualHost.
if [ -f "$CONFDIR/sites-available/$FQDN" ]; then
fi
chk_conf_tag "$CONFDIR/sites-available/$FQDN"
- if [ ! -f "$CONFDIR/sites-available/$FQDN" ] || [ $RET -eq 0 -a -f "$CONFOLD" ]; then
+ if [ ! -f "$CONFDIR/sites-available/$FQDN" ] || [ $RET -eq 0 ]; then
install_vhost -nvh -d -r www.$DOMAIN default $FQDN 000-$FQDN
need_restart=1
fi
chk_conf_tag "$CONFDIR/sites-available/www.$DOMAIN"
- if [ ! -f "$CONFDIR/sites-available/www.$DOMAIN" ] || [ $RET -eq 0 -a -f "$CONFOLD" ]; then
+ if [ ! -f "$CONFDIR/sites-available/www.$DOMAIN" ] || [ $RET -eq 0 ]; then
install_vhost default www.$DOMAIN www.$DOMAIN
need_restart=1
fi
-else
+ else
# No WWW VirtualHost.
if [ -f "$CONFDIR/sites-available/$FQDN" ]; then
fi
chk_conf_tag "$CONFDIR/sites-available/$FQDN"
- if [ ! -f "$CONFDIR/sites-available/$FQDN" ] || [ $RET -eq 0 -a -f "$CONFOLD" ]; then
+ if [ ! -f "$CONFDIR/sites-available/$FQDN" ] || [ $RET -eq 0 ]; then
install_vhost -nvh -d -r $FQDN default $FQDN 000-$FQDN
need_restart=1
fi
+ fi
fi
# No active SSL VirtualHosts found - add new one.
chk_conf_tag "$CONFDIR/sites-available/ssl"
- if [ ! -f "$CONFDIR/sites-available/ssl" ] || [ $RET -eq 0 -a -f "$CONFOLD" ]; then
+ if [ ! -f "$CONFDIR/sites-available/ssl" ] || [ $RET -eq 0 ]; then
install_vhost -r $FQDN -n $HOST ssl ssl 001-ssl
need_restart=1
fi
if [ $RET -eq 0 ] && [ -n "$apache2_sslcf" ]; then
SSLTMP=$(mktemp ${CONFDIR}/ssltmp.XXXXXX)
- temp_files="${temp_files} ${SSLTMP}"
+ temp_files="${temp_files} ${SSLTMP} ${SSLTMP}.cn-old"
cp ${CONFDIR}/sites-available/ssl $SSLTMP
# SSLCertificateFile
# SSLCertificateChainFile
if [ -n "$apache2_sslccf" ]; then
- cp_check_and_sed "^# SSLCertificateChainFile \/etc\/ssl\/certs/sureserverEDU\.pem" \
- "s#\# SSLCertificateChainFile /etc/ssl/certs/sureserverEDU.pem#SSLCertificateChainFile $apache2_sslccf #g" \
- $SSLTMP || true
+ cp_check_and_sed "^# SSLCertificateChainFile \/etc\/ssl\/certs/sureserverEDU\.pem" \
+ "s#\# SSLCertificateChainFile /etc/ssl/certs/sureserverEDU.pem#SSLCertificateChainFile $apache2_sslccf #g" \
+ $SSLTMP || true
fi
cp_mv $SSLTMP ${CONFDIR}/sites-available/ssl
need_restart=1
# Just to be sure.
- if [ -e "$SSLTMP" ]; then
- rm -f $SSLTMP
- fi
+ [ -e "${SSLTMP}" ] && rm -f ${SSLTMP}
+ [ -e "${SSLTMP}.cn-old" ] && rm -f ${SSLTMP}.cn-old
fi
fi
-# Check for CustomLog, ErrorLog and TransferLog in Apache2 configuration.
+# Check file access permissions for SSL certificates.
#
-cp_echo "CN: Checking Apache2 CustomLog, ErrorLog and TransferLog directives."
-if [ -d "$CONFDIR/conf.d" ] && [ -n "$(ls $CONFDIR/conf.d)" ]; then
- log_mask=$CONFDIR/conf.d/*
-fi
-if [ -d "$CONFDIR/sites-available" ] && [ -n "$(ls $CONFDIR/sites-available)" ]; then
- log_mask=$log_mask" "$CONFDIR/sites-available/*
-fi
-for file in $CONF $log_mask; do
- chk_conf_tag "$file"
- if [ $RET -eq 0 ]; then
- conf_log_fix "$file"
+cp_echo "CN: Checking file access permissions for Apache2 SSL certificates."
+sslkey=/etc/ssl/private
+sslcerts="${sslkey}/ca.key ${sslkey}/apache2-ca.key ${sslkey}/apache2.key"
+for certf in $sslcerts; do
+ if [ -f "$certf" ]; then
+ chmod 600 $certf
fi
done
-# Start Apache2 web server on boot?
-# This will enable Apache2 in /etc/default/apache2 file.
+# Check and remove obsolete "Include /etc/apache2/sites-enabled/[^.#]*" from
+# /etc/apache2/apache2.conf.
#
-if egrep -q "^[[:space:]]*NO_START=1" /etc/default/apache2; then
- cp_check_and_sed NO_START=1 s/NO_START=1/NO_START=0/ /etc/default/apache2 || true
+if egrep -iq "^[[:space:]]*Include[[:space:]]+\/etc\/apache2\/sites-enabled\/\[\^\.\#\]\*$" "$CONF"; then
+
+ cp_echo "CN: Fixing obsolete Include line in $CONF."
+ CONFTMP=`mktemp $CONF.tmp.XXXXXX`
+ sed -r "/^[[:space:]]*Include[[:space:]]+\/etc\/apache2\/sites-enabled\/\[\^\.\#\]\*$/Id" \
+ "$CONF" > "$CONFTMP"
+
+ if ! egrep -iq "^[[:space:]]*Include[[:space:]]+\/etc\/apache2\/sites-enabled\/$" "$CONFTMP"; then
+ echo "Include /etc/apache2/sites-enabled/" >> "$CONFTMP"
+ fi
+
+ cp_mv "$CONFTMP" "$CONF"
need_restart=1
fi
[ -e "$CONFDIR/conf.d/aosi.conf" ] && rm -f $CONFDIR/conf.d/aosi.conf
-# Stop Apache web server and disable Apache automatic start on boot.
-#
-if [ -x "/etc/init.d/apache" ]; then
-
- # Stop Apache.
- if [ -x "`which invoke-rc.d 2>/dev/null`" ]; then
- invoke-rc.d apache stop || true
- else
- /etc/init.d/apache stop || true
- fi
-
- # Disable automatic start on boot.
- if [ -x "`which update-rc.d 2>/dev/null`" ]; then
- update-rc.d -f apache remove > /dev/null 2>&1 || true
- update-rc.d apache stop 90 6 . > /dev/null 2>&1 || true
- fi
-fi
-
-# Also check for Apache-SSL web server.
-#
-if [ -x "/etc/init.d/apache-ssl" ]; then
-
- # Stop Apache-SSL.
- if [ -x "`which invoke-rc.d 2>/dev/null`" ]; then
- invoke-rc.d apache-ssl stop || true
- else
- /etc/init.d/apache-ssl stop || true
- fi
-
- # Disable automatic start on boot.
- if [ -x "`which update-rc.d 2>/dev/null`" ]; then
- update-rc.d -f apache-ssl remove > /dev/null 2>&1 || true
- update-rc.d apache-ssl stop 90 6 . > /dev/null 2>&1 || true
- fi
-fi
-
-
# Restart Apache2 web server if needed.
#
if [ $need_restart -eq 1 ]; then
# Restart Apache2 web server.
if [ -x "/etc/init.d/apache2" ]; then
if [ -x "`which invoke-rc.d 2>/dev/null`" ]; then
- invoke-rc.d apache2 force-reload || true
+ invoke-rc.d apache2 restart || true
else
- /etc/init.d/apache2 force-reload || true
+ /etc/init.d/apache2 restart || true
fi
fi
else
# (re)generate monit.d files if monit-cn is installed.
#
if [ -x "/usr/sbin/update-monit.d" ]; then
+ cp_echo "CN: Updating monit configuration..."
update-monit.d || true
fi