Daniel Berteaud
13 years ago
commit
a6994e7b40
15 changed files with 327 additions and 0 deletions
@ -0,0 +1,15 @@ |
||||
#!/usr/bin/perl -w |
||||
|
||||
use esmith::Build::CreateLinks qw(:all); |
||||
|
||||
my $event = 'webapps-update'; |
||||
templates2events("/etc/httpd/conf/httpd.conf", $event); |
||||
templates2events("/etc/php.ini", $event); |
||||
templates2events("/etc/my.cnf", $event); |
||||
templates2events("/etc/crontab", $event); |
||||
|
||||
safe_symlink("start", "root/etc/e-smith/events/$event/services2adjust/mysql.init"); |
||||
safe_symlink("sigusr1", "root/etc/e-smith/events/$event/services2adjust/httpd-e-smith"); |
||||
|
||||
event_link("webapps-update-crl", $event, "02"); |
||||
event_link("webapps-update-certs", $event, "03"); |
||||
@ -0,0 +1,35 @@ |
||||
#!/bin/bash |
||||
|
||||
#---------------------------------------------------------------------- |
||||
# copyright (C) 2010 Firewall-Services |
||||
# daniel@firewall-services.com |
||||
# |
||||
# This program is free software; you can redistribute it and/or modify |
||||
# it under the terms of the GNU General Public License as published by |
||||
# the Free Software Foundation; either version 2 of the License, or |
||||
# (at your option) any later version. |
||||
# |
||||
# This program is distributed in the hope that it will be useful, |
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of |
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
||||
# GNU General Public License for more details. |
||||
# |
||||
# You should have received a copy of the GNU General Public License |
||||
# along with this program; if not, write to the Free Software |
||||
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA |
||||
# |
||||
#---------------------------------------------------------------------- |
||||
|
||||
|
||||
# This script provides basic integration with PHPki |
||||
|
||||
SRCCRT='/opt/phpki/phpki-store/CA/certs/cacert.pem' |
||||
DSTCRT='/etc/pki/tls/certs/cacert.pem' |
||||
|
||||
if [ -e $SRCCRT -a \! -e $DSTCRT ]; then |
||||
cp $SRCCRT $DSTCRT |
||||
chown root:root $DSTCRT |
||||
chmod 644 $DSTCRT |
||||
c_rehash /etc/pki/tls/certs/ |
||||
fi |
||||
|
||||
@ -0,0 +1,33 @@ |
||||
#!/bin/bash |
||||
|
||||
URL=$(/sbin/e-smith/db configuration getprop httpd-e-smith CrlUrl) |
||||
DOMAIN=$(/sbin/e-smith/db configuration get DomainName) |
||||
|
||||
if [ "$URL" == "" ]; then |
||||
exit 0 |
||||
fi |
||||
|
||||
/usr/bin/wget $URL -O /tmp/httpcacrl.pem > /dev/null 2>&1 |
||||
|
||||
/usr/bin/openssl crl -inform PEM -in /tmp/httpcacrl.pem -text > /dev/null 2>&1 |
||||
|
||||
if [ "$?" -eq "0" ]; then |
||||
/bin/mv -f /tmp/httpcacrl.pem /etc/pki/tls/crl/cacrl.pem > /dev/null 2>&1 |
||||
else |
||||
cat > /tmp/httpcrlmail <<END |
||||
|
||||
An error occured while updating the CRL for httpd-e-smith |
||||
because openssl didn't recognize the file as a valid CRL. |
||||
Below is the copy of the latest CRL downloaded from |
||||
$URL |
||||
|
||||
|
||||
END |
||||
|
||||
cat /tmp/httpcacrl.pem >> /tmp/crlmail |
||||
mail -s 'CRL update failed' admin@$DOMAIN < /tmp/httpcrlmail |
||||
fi |
||||
|
||||
rm -f /tmp/httpcacrl.pem |
||||
rm -f /tmp/httpcrlmail |
||||
|
||||
@ -0,0 +1,8 @@ |
||||
{ |
||||
my $url = ${'httpd-e-smith'}{'CrlUrl'} || ''; |
||||
if ($url =~ /^http(s)?:\/\/.*$/){ |
||||
$OUT .= "# Update httpd-e-smith's CRL\n"; |
||||
$OUT .= "5 * * * * root /etc/e-smith/events/actions/webapps-update-crl 2>&1 /dev/null\n"; |
||||
} |
||||
} |
||||
|
||||
@ -0,0 +1,27 @@ |
||||
{ |
||||
|
||||
# Load mod_authn_file if found |
||||
if ( -e '/usr/lib64/httpd/modules/mod_authn_file.so' || |
||||
-e '/usr/lib/httpd/modules/mod_authn_file.so'){ |
||||
$OUT .= "LoadModule authn_file_module modules/mod_authn_file.so\n"; |
||||
} |
||||
|
||||
# Load mod_auth_basic if found |
||||
if ( -e '/usr/lib64/httpd/modules/mod_auth_basic.so' || |
||||
-e '/usr/lib/httpd/modules/mod_auth_basic.so'){ |
||||
$OUT .= "LoadModule auth_basic_module modules/mod_auth_basic.so\n"; |
||||
} |
||||
|
||||
# Load module mod_ldap if found |
||||
if ( -e '/usr/lib64/httpd/modules/mod_ldap.so' || |
||||
-e '/usr/lib/httpd/modules/mod_ldap.so'){ |
||||
$OUT .= "LoadModule ldap_module modules/mod_ldap.so\n"; |
||||
} |
||||
|
||||
# Load module mod_authnz_ldap if found |
||||
if ( -e '/usr/lib64/httpd/modules/mod_authnz_ldap.so' || |
||||
-e '/usr/lib/httpd/modules/mod_authnz_ldap.so'){ |
||||
$OUT .= "LoadModule authnz_ldap_module modules/mod_authnz_ldap.so\n"; |
||||
} |
||||
|
||||
} |
||||
@ -0,0 +1,16 @@ |
||||
{ |
||||
if (-e '/etc/pki/tls/certs/cacert.pem'){ |
||||
$OUT .= "# CA Certificate used for client authentication\n"; |
||||
$OUT .= "SSLCACertificateFile /etc/pki/tls/certs/cacert.pem\n"; |
||||
} |
||||
else{ |
||||
$OUT .= ''; |
||||
} |
||||
if (-e '/etc/pki/tls/crl/cacrl.pem'){ |
||||
$OUT .= "# CA CRL to check revoked client certificates\n"; |
||||
$OUT .= "SSLCARevocationFile /etc/pki/tls/crl/cacrl.pem\n"; |
||||
} |
||||
else{ |
||||
$OUT .= ''; |
||||
} |
||||
} |
||||
@ -0,0 +1,9 @@ |
||||
{ |
||||
use esmith::DomainsDB; |
||||
# Convert the passed hash for the domain object back into an object. |
||||
$domain = bless \%domain, 'esmith::DB::db::Record'; |
||||
|
||||
# Make scalars from some of the properties of the domain |
||||
$virtualHost = $domain->key; |
||||
$OUT = ""; |
||||
} |
||||
@ -0,0 +1 @@ |
||||
ServerName {$virtualHost} |
||||
@ -0,0 +1,27 @@ |
||||
{ |
||||
my $ssl = $domain->prop('RequireSSL') || 'disabled'; |
||||
my $lemon = $domain->prop('LemonLDAP') || 'disabled'; |
||||
|
||||
if (($modSSL{TCPPort} || "443") eq $port){ |
||||
$OUT .= " SSLEngine on\n"; |
||||
} |
||||
elsif (($ssl =~ m/^enabled|yes|on|1$/i) || ($lemon eq 'enabled')){ |
||||
$OUT .=<<'EOF'; |
||||
RewriteEngine on |
||||
RewriteRule ^/(.*|$) https://%{HTTP_HOST}/$1 [L,R] |
||||
|
||||
EOF |
||||
} |
||||
elsif ($ssl =~ m#/#){ |
||||
$OUT .= " RewriteEngine on\n"; |
||||
foreach my $loc (split(/[;,]/, $ssl)){ |
||||
$OUT .= " # Rewriting $loc to use SSL\n"; |
||||
$loc =~ s#^/##; |
||||
$OUT .= " RewriteRule ^/$loc(/.*|\$) https://%\{HTTP_HOST\}/$loc\$1 \[L,R\]\n"; |
||||
} |
||||
} |
||||
else{ |
||||
$OUT .= ''; |
||||
} |
||||
} |
||||
|
||||
@ -0,0 +1,8 @@ |
||||
{ |
||||
$OUT =<<'HERE'; |
||||
RewriteEngine on |
||||
RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK) |
||||
RewriteRule .* - [F] |
||||
HERE |
||||
} |
||||
|
||||
@ -0,0 +1,13 @@ |
||||
{ |
||||
my $alias = $domain->prop('IconAlias') || 'enabled'; |
||||
$OUT .= ''; |
||||
|
||||
unless ($alias =~ m/disabled|off|no|0/i){ |
||||
$OUT .=<<'EOF'; |
||||
|
||||
# alias for Apache icons |
||||
Alias /icons/ /var/www/icons/ |
||||
|
||||
EOF |
||||
} |
||||
} |
||||
@ -0,0 +1,40 @@ |
||||
{ |
||||
|
||||
my $target = $domain->prop('ProxyPassTarget') || ''; |
||||
my $allow = $domain->prop('AllowHosts') || ''; |
||||
my $preserve = $domain->prop('ProxyPreserveHost') || 'no'; |
||||
my $keepalive = $domain->prop('ProxyNoKeepAlive') || 'no'; |
||||
|
||||
if ($target =~ m|https?://[\d\w\.\-/]*|){ |
||||
$OUT .= " SetEnv proxy-nokeepalive 1\n" if ($keepalive eq 'yes'); |
||||
$OUT .= " ProxyPass / $target\n"; |
||||
$OUT .= " ProxyPassReverse / $target\n"; |
||||
$OUT .= " ProxyPreserveHost on\n" if ($preserve eq 'yes'); |
||||
} |
||||
else{ |
||||
my $root = $domain->prop('DocumentRoot') || |
||||
'/home/e-smith/files/ibays/Primary/html'; |
||||
|
||||
$OUT .= " DocumentRoot $root\n"; |
||||
} |
||||
|
||||
if ($allow ne ''){ |
||||
if ($allow eq 'local'){ |
||||
$allow = "$localAccess $externalSSLAccess"; |
||||
} |
||||
else{ |
||||
$allow =~ s/[,;]/ /; |
||||
} |
||||
$OUT .=<<"EOF" |
||||
|
||||
<Location /> |
||||
Order deny,allow |
||||
Deny from all |
||||
Allow from $allow |
||||
</Location> |
||||
|
||||
EOF |
||||
} |
||||
|
||||
} |
||||
|
||||
@ -0,0 +1,2 @@ |
||||
|
||||
<VirtualHost {$ipAddress}:{$port}> |
||||
@ -0,0 +1,2 @@ |
||||
</VirtualHost> |
||||
|
||||
@ -0,0 +1,91 @@ |
||||
# $Id: smeserver-webapps-common.spec,v 1.0 2009/09/30 16:20:28 slords Exp $ |
||||
# Authority: VIP-ire |
||||
# Name: Daniel B. |
||||
|
||||
Summary: Common WebApps Framework for SME Server |
||||
%define name smeserver-webapps-common |
||||
Name: %{name} |
||||
%define version 0.2.0 |
||||
%define release 1.beta0 |
||||
Version: %{version} |
||||
Release: %{release}%{?dist} |
||||
License: GPL |
||||
Group: SMEServer/addon |
||||
|
||||
Source: %{name}-%{version}.tar.gz |
||||
|
||||
URL: http://www.firewall-services.com/ |
||||
BuildRoot: /var/tmp/%{name}-%{version}-%{release}-buildroot |
||||
BuildArchitectures: noarch |
||||
Requires: e-smith-base |
||||
Requires: httpd |
||||
Requires: mysql |
||||
Requires: php |
||||
Requires: openssl-perl |
||||
BuildRequires: e-smith-devtools |
||||
|
||||
%description |
||||
This package provide common files and events for Web Applications integration |
||||
on SME Server |
||||
|
||||
%changelog |
||||
* Tue Mar 13 2012 Daniel Berteaud <daniel@firewall-services.com> 0.2.0-1.sme |
||||
- Migrate to git |
||||
|
||||
* Fri Jul 22 2011 Daniel Berteaud <daniel@firewall-services.com> 0.1-11.sme |
||||
- Add an prop to disable the default /icons alias |
||||
|
||||
* Wed Jun 29 2011 Daniel Berteaud <daniel@firewall-services.com> 0.1-10.sme |
||||
- Allow values enabled, yes on or 1 for RequireSSL |
||||
- Implement access restriction with AllowHosts |
||||
|
||||
* Tue Mar 8 2011 Daniel Berteaud <daniel@firewall-services.com> 0.1-9.sme |
||||
- Integration with PHPki |
||||
- Stop restarting mysqld service |
||||
|
||||
* Mon Mar 7 2011 Daniel Berteaud <daniel@firewall-services.com> 0.1-8.sme |
||||
- Add SSLCACertificateFile directive |
||||
|
||||
* Tue Jan 25 2011 Daniel Berteaud <daniel@firewall-services.com> 0.1-7.sme |
||||
- Fix httpd template syntax |
||||
|
||||
* Tue Jan 25 2011 Daniel Berteaud <daniel@firewall-services.com> 0.1-6.sme |
||||
- Load some additional modules for apache if they are found |
||||
|
||||
* Thu Dec 30 2010 Daniel Berteaud <daniel@firewall-services.com> 0.1-5.sme |
||||
- RequireSSL can take a list of location to rewrite |
||||
|
||||
* Thu Dec 30 2010 Daniel Berteaud <daniel@firewall-services.com> 0.1-4.sme |
||||
- Only load authn_file if the module exists |
||||
|
||||
* Sun Dec 25 2010 Daniel Berteaud <daniel@firewall-services.com> 0.1-3.sme |
||||
- Load mod_authn_file |
||||
|
||||
* Thu Dec 16 2010 Daniel Berteaud <daniel@firewall-services.com> 0.1-2.sme |
||||
- Provide alternative WebAppVirtualHost templates |
||||
|
||||
* Fri Dec 10 2010 Daniel Berteaud <daniel@firewall-services.com> 0.1-1.sme |
||||
- Add DocumentRoot prop for domains |
||||
|
||||
* Wed Sep 30 2009 Daniel B. <daniel@firewall-services.com> 0.1-0 |
||||
- Initial rpm |
||||
|
||||
%prep |
||||
%setup |
||||
|
||||
%build |
||||
perl createlinks |
||||
%{__mkdir_p} root/etc/pki/tls/crl |
||||
|
||||
%install |
||||
/bin/rm -rf $RPM_BUILD_ROOT |
||||
(cd root ; /usr/bin/find . -depth -print | /bin/cpio -dump $RPM_BUILD_ROOT) |
||||
/bin/rm -f %{name}-%{version}-filelist |
||||
/sbin/e-smith/genfilelist $RPM_BUILD_ROOT > %{name}-%{version}-filelist |
||||
|
||||
%files -f %{name}-%{version}-filelist |
||||
%defattr(-,root,root) |
||||
|
||||
%clean |
||||
rm -rf $RPM_BUILD_ROOT |
||||
|
||||
Loading…
Reference in new issue