PKG="apache2-cn"
VERSION="2.2-1"
CONFDIR="/etc/apache2"
-CONFDIROLD="/etc/apache"
CONF="$CONFDIR/apache2.conf"
-CONFOLD="$CONFDIROLD/httpd.conf"
A2MODEDIR="$CONFDIR/mods-enabled"
PORTCONF="$CONFDIR/ports.conf"
A2CNDIR=/usr/share/apache2-cn
TMPLDIR=$A2CNDIR/templates
CERTDIR=/etc/ssl/certs
-A2PHPINI="/etc/php4/apache2/php.ini"
+A2PHPINI="/etc/php5/apache2/php.ini"
HOST=$(hostname)
FQDN=$(hostname --fqdn)
$conf_file > $out
mv $out $conf_file
fi
+
+ # Be sure..
+ chmod 644 $conf_file
fi
}
# Check if port 443 is configured in ports.conf file.
#
listen_ssl() {
-
- if ! egrep -iq "^[[:space:]]*Listen[[:space:]]*.*443$" "$PORTCONF"; then
+
+ if [ ! -f "$PORTCONF" ] || ! egrep -iq "^[[:space:]]*Listen[[:space:]]*.*443$" "$PORTCONF"; then
cp_echo "CN: Enabling SSL port (443) for Apache2 web server."
out=$(mktemp ${PORTCONF}.XXXXXX)
- cp $PORTCONF $out
+
+ if [ -f "$PORTCONF" ]; then
+ cp $PORTCONF $out
+ fi
+
echo "Listen 443" >> $out
cp_mv $out $PORTCONF
+ chmod 644 $PORTCONF
need_restart=1
temp_files="${temp_files} ${out}"
# Make sure that monit conf for Apache is disabled.
+#
if [ -f "/etc/monit.d/apache1.conf" ]; then
mv /etc/monit.d/apache1.conf /etc/monit.d/apache1.conf.disabled
pkill -9 -f /usr/sbin/monit || true
fi
-# First of all - stop Apache web server, make sure Apache is NOT running.
+# Make sure Apache is NOT running.
#
-if [ -x /usr/sbin/invoke-rc.d ]; then
- [ -x /usr/sbin/apache ] && invoke-rc.d apache stop || true
- pkill -9 -f /usr/sbin/apache || true
-else
- [ -x /etc/init.d/apache ] && /etc/init.d/apache stop || true
+if [ -x /etc/init.d/apache ]; then
+ if [ -x /usr/sbin/invoke-rc.d ]; then
+ invoke-rc.d apache stop || true
+ else
+ /etc/init.d/apache stop || true
+ fi
+
+ pkill -9 -f '/usr/sbin/apache$' || true
fi
fi
-# Enable Apache2 web server modules (cgi, rewrite, userdir, suexec, php4, ssl).
+# Enable Apache2 web server modules (cgi, rewrite, userdir, suexec, php5, ssl).
#
if [ -e "$CONF" ]; then
need_restart=1
fi
+ if [ ! -e "$A2MODEDIR/php5.load" ] || [ ! -e "$A2MODEDIR/php5.conf" ]; then
+ if [ -e "/usr/lib/apache2/modules/libphp5.so" ]; then
+ cp_echo "CN: Enabling PHP5 module for Apache2 web server."
+ a2enmod php5 >/dev/null || true
+ need_restart=1
+ fi
+ fi
+
if [ ! -e "$A2MODEDIR/php4.load" ] || [ ! -e "$A2MODEDIR/php4.conf" ]; then
+ if [ -e "/usr/lib/apache2/modules/libphp4.so" ]; then
cp_echo "CN: Enabling PHP4 module for Apache2 web server."
a2enmod php4 >/dev/null || true
need_restart=1
+ fi
fi
if [ ! -e "$A2MODEDIR/ssl.load" ] || [ ! -e "$A2MODEDIR/ssl.conf" ]; then
# Add VirtualHosts.
+# - on fresh install
#
-db_get apache2-cn/wwwhost || true
-if [ "$RET" = "true" ]; then
+if [ -z "$2" ]; then
+
+ db_get apache2-cn/wwwhost || true
+ if [ "$RET" = "true" ]; then
# Add WWW VirtualHost.
if [ -f "$CONFDIR/sites-available/$FQDN" ]; then
fi
chk_conf_tag "$CONFDIR/sites-available/$FQDN"
- if [ ! -f "$CONFDIR/sites-available/$FQDN" ] || [ $RET -eq 0 -a -f "$CONFOLD" ]; then
+ if [ ! -f "$CONFDIR/sites-available/$FQDN" ] || [ $RET -eq 0 ]; then
install_vhost -nvh -d -r www.$DOMAIN default $FQDN 000-$FQDN
need_restart=1
fi
chk_conf_tag "$CONFDIR/sites-available/www.$DOMAIN"
- if [ ! -f "$CONFDIR/sites-available/www.$DOMAIN" ] || [ $RET -eq 0 -a -f "$CONFOLD" ]; then
+ if [ ! -f "$CONFDIR/sites-available/www.$DOMAIN" ] || [ $RET -eq 0 ]; then
install_vhost default www.$DOMAIN www.$DOMAIN
need_restart=1
fi
-else
+ else
# No WWW VirtualHost.
if [ -f "$CONFDIR/sites-available/$FQDN" ]; then
fi
chk_conf_tag "$CONFDIR/sites-available/$FQDN"
- if [ ! -f "$CONFDIR/sites-available/$FQDN" ] || [ $RET -eq 0 -a -f "$CONFOLD" ]; then
+ if [ ! -f "$CONFDIR/sites-available/$FQDN" ] || [ $RET -eq 0 ]; then
install_vhost -nvh -d -r $FQDN default $FQDN 000-$FQDN
need_restart=1
fi
+ fi
fi
# No active SSL VirtualHosts found - add new one.
chk_conf_tag "$CONFDIR/sites-available/ssl"
- if [ ! -f "$CONFDIR/sites-available/ssl" ] || [ $RET -eq 0 -a -f "$CONFOLD" ]; then
+ if [ ! -f "$CONFDIR/sites-available/ssl" ] || [ $RET -eq 0 ]; then
install_vhost -r $FQDN -n $HOST ssl ssl 001-ssl
need_restart=1
fi
if [ $RET -eq 0 ] && [ -n "$apache2_sslcf" ]; then
SSLTMP=$(mktemp ${CONFDIR}/ssltmp.XXXXXX)
- temp_files="${temp_files} ${SSLTMP}"
+ temp_files="${temp_files} ${SSLTMP} ${SSLTMP}.cn-old"
cp ${CONFDIR}/sites-available/ssl $SSLTMP
# SSLCertificateFile
# SSLCertificateChainFile
if [ -n "$apache2_sslccf" ]; then
- cp_check_and_sed "^# SSLCertificateChainFile \/etc\/ssl\/certs/sureserverEDU\.pem" \
- "s#\# SSLCertificateChainFile /etc/ssl/certs/sureserverEDU.pem#SSLCertificateChainFile $apache2_sslccf #g" \
- $SSLTMP || true
+ cp_check_and_sed "^# SSLCertificateChainFile \/etc\/ssl\/certs/sureserverEDU\.pem" \
+ "s#\# SSLCertificateChainFile /etc/ssl/certs/sureserverEDU.pem#SSLCertificateChainFile $apache2_sslccf #g" \
+ $SSLTMP || true
fi
cp_mv $SSLTMP ${CONFDIR}/sites-available/ssl
need_restart=1
# Just to be sure.
- if [ -e "$SSLTMP" ]; then
- rm -f $SSLTMP
- fi
+ [ -e "${SSLTMP}" ] && rm -f ${SSLTMP}
+ [ -e "${SSLTMP}.cn-old" ] && rm -f ${SSLTMP}.cn-old
fi
fi
+# Check file access permissions for SSL certificates.
+#
+cp_echo "CN: Checking file access permissions for Apache2 SSL certificates."
+sslkey=/etc/ssl/private
+sslcerts="${sslkey}/ca.key ${sslkey}/apache2-ca.key ${sslkey}/apache2.key"
+for certf in $sslcerts; do
+ if [ -f "$certf" ]; then
+ chmod 600 $certf
+ fi
+done
+
+
# Check for CustomLog, ErrorLog and TransferLog in Apache2 configuration.
#
cp_echo "CN: Checking Apache2 CustomLog, ErrorLog and TransferLog directives."
# (re)generate monit.d files if monit-cn is installed.
#
if [ -x "/usr/sbin/update-monit.d" ]; then
+ cp_echo "CN: Updating monit configuration..."
update-monit.d || true
fi