Initial import
This commit is contained in:
commit
a6994e7b40
|
@ -0,0 +1,15 @@
|
||||||
|
#!/usr/bin/perl -w
|
||||||
|
|
||||||
|
use esmith::Build::CreateLinks qw(:all);
|
||||||
|
|
||||||
|
my $event = 'webapps-update';
|
||||||
|
templates2events("/etc/httpd/conf/httpd.conf", $event);
|
||||||
|
templates2events("/etc/php.ini", $event);
|
||||||
|
templates2events("/etc/my.cnf", $event);
|
||||||
|
templates2events("/etc/crontab", $event);
|
||||||
|
|
||||||
|
safe_symlink("start", "root/etc/e-smith/events/$event/services2adjust/mysql.init");
|
||||||
|
safe_symlink("sigusr1", "root/etc/e-smith/events/$event/services2adjust/httpd-e-smith");
|
||||||
|
|
||||||
|
event_link("webapps-update-crl", $event, "02");
|
||||||
|
event_link("webapps-update-certs", $event, "03");
|
|
@ -0,0 +1,35 @@
|
||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
#----------------------------------------------------------------------
|
||||||
|
# copyright (C) 2010 Firewall-Services
|
||||||
|
# daniel@firewall-services.com
|
||||||
|
#
|
||||||
|
# This program is free software; you can redistribute it and/or modify
|
||||||
|
# it under the terms of the GNU General Public License as published by
|
||||||
|
# the Free Software Foundation; either version 2 of the License, or
|
||||||
|
# (at your option) any later version.
|
||||||
|
#
|
||||||
|
# This program is distributed in the hope that it will be useful,
|
||||||
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
|
# GNU General Public License for more details.
|
||||||
|
#
|
||||||
|
# You should have received a copy of the GNU General Public License
|
||||||
|
# along with this program; if not, write to the Free Software
|
||||||
|
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
|
||||||
|
#
|
||||||
|
#----------------------------------------------------------------------
|
||||||
|
|
||||||
|
|
||||||
|
# This script provides basic integration with PHPki
|
||||||
|
|
||||||
|
SRCCRT='/opt/phpki/phpki-store/CA/certs/cacert.pem'
|
||||||
|
DSTCRT='/etc/pki/tls/certs/cacert.pem'
|
||||||
|
|
||||||
|
if [ -e $SRCCRT -a \! -e $DSTCRT ]; then
|
||||||
|
cp $SRCCRT $DSTCRT
|
||||||
|
chown root:root $DSTCRT
|
||||||
|
chmod 644 $DSTCRT
|
||||||
|
c_rehash /etc/pki/tls/certs/
|
||||||
|
fi
|
||||||
|
|
|
@ -0,0 +1,33 @@
|
||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
URL=$(/sbin/e-smith/db configuration getprop httpd-e-smith CrlUrl)
|
||||||
|
DOMAIN=$(/sbin/e-smith/db configuration get DomainName)
|
||||||
|
|
||||||
|
if [ "$URL" == "" ]; then
|
||||||
|
exit 0
|
||||||
|
fi
|
||||||
|
|
||||||
|
/usr/bin/wget $URL -O /tmp/httpcacrl.pem > /dev/null 2>&1
|
||||||
|
|
||||||
|
/usr/bin/openssl crl -inform PEM -in /tmp/httpcacrl.pem -text > /dev/null 2>&1
|
||||||
|
|
||||||
|
if [ "$?" -eq "0" ]; then
|
||||||
|
/bin/mv -f /tmp/httpcacrl.pem /etc/pki/tls/crl/cacrl.pem > /dev/null 2>&1
|
||||||
|
else
|
||||||
|
cat > /tmp/httpcrlmail <<END
|
||||||
|
|
||||||
|
An error occured while updating the CRL for httpd-e-smith
|
||||||
|
because openssl didn't recognize the file as a valid CRL.
|
||||||
|
Below is the copy of the latest CRL downloaded from
|
||||||
|
$URL
|
||||||
|
|
||||||
|
|
||||||
|
END
|
||||||
|
|
||||||
|
cat /tmp/httpcacrl.pem >> /tmp/crlmail
|
||||||
|
mail -s 'CRL update failed' admin@$DOMAIN < /tmp/httpcrlmail
|
||||||
|
fi
|
||||||
|
|
||||||
|
rm -f /tmp/httpcacrl.pem
|
||||||
|
rm -f /tmp/httpcrlmail
|
||||||
|
|
|
@ -0,0 +1,8 @@
|
||||||
|
{
|
||||||
|
my $url = ${'httpd-e-smith'}{'CrlUrl'} || '';
|
||||||
|
if ($url =~ /^http(s)?:\/\/.*$/){
|
||||||
|
$OUT .= "# Update httpd-e-smith's CRL\n";
|
||||||
|
$OUT .= "5 * * * * root /etc/e-smith/events/actions/webapps-update-crl 2>&1 /dev/null\n";
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
|
@ -0,0 +1,27 @@
|
||||||
|
{
|
||||||
|
|
||||||
|
# Load mod_authn_file if found
|
||||||
|
if ( -e '/usr/lib64/httpd/modules/mod_authn_file.so' ||
|
||||||
|
-e '/usr/lib/httpd/modules/mod_authn_file.so'){
|
||||||
|
$OUT .= "LoadModule authn_file_module modules/mod_authn_file.so\n";
|
||||||
|
}
|
||||||
|
|
||||||
|
# Load mod_auth_basic if found
|
||||||
|
if ( -e '/usr/lib64/httpd/modules/mod_auth_basic.so' ||
|
||||||
|
-e '/usr/lib/httpd/modules/mod_auth_basic.so'){
|
||||||
|
$OUT .= "LoadModule auth_basic_module modules/mod_auth_basic.so\n";
|
||||||
|
}
|
||||||
|
|
||||||
|
# Load module mod_ldap if found
|
||||||
|
if ( -e '/usr/lib64/httpd/modules/mod_ldap.so' ||
|
||||||
|
-e '/usr/lib/httpd/modules/mod_ldap.so'){
|
||||||
|
$OUT .= "LoadModule ldap_module modules/mod_ldap.so\n";
|
||||||
|
}
|
||||||
|
|
||||||
|
# Load module mod_authnz_ldap if found
|
||||||
|
if ( -e '/usr/lib64/httpd/modules/mod_authnz_ldap.so' ||
|
||||||
|
-e '/usr/lib/httpd/modules/mod_authnz_ldap.so'){
|
||||||
|
$OUT .= "LoadModule authnz_ldap_module modules/mod_authnz_ldap.so\n";
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
|
@ -0,0 +1,16 @@
|
||||||
|
{
|
||||||
|
if (-e '/etc/pki/tls/certs/cacert.pem'){
|
||||||
|
$OUT .= "# CA Certificate used for client authentication\n";
|
||||||
|
$OUT .= "SSLCACertificateFile /etc/pki/tls/certs/cacert.pem\n";
|
||||||
|
}
|
||||||
|
else{
|
||||||
|
$OUT .= '';
|
||||||
|
}
|
||||||
|
if (-e '/etc/pki/tls/crl/cacrl.pem'){
|
||||||
|
$OUT .= "# CA CRL to check revoked client certificates\n";
|
||||||
|
$OUT .= "SSLCARevocationFile /etc/pki/tls/crl/cacrl.pem\n";
|
||||||
|
}
|
||||||
|
else{
|
||||||
|
$OUT .= '';
|
||||||
|
}
|
||||||
|
}
|
|
@ -0,0 +1,9 @@
|
||||||
|
{
|
||||||
|
use esmith::DomainsDB;
|
||||||
|
# Convert the passed hash for the domain object back into an object.
|
||||||
|
$domain = bless \%domain, 'esmith::DB::db::Record';
|
||||||
|
|
||||||
|
# Make scalars from some of the properties of the domain
|
||||||
|
$virtualHost = $domain->key;
|
||||||
|
$OUT = "";
|
||||||
|
}
|
|
@ -0,0 +1 @@
|
||||||
|
ServerName {$virtualHost}
|
|
@ -0,0 +1,27 @@
|
||||||
|
{
|
||||||
|
my $ssl = $domain->prop('RequireSSL') || 'disabled';
|
||||||
|
my $lemon = $domain->prop('LemonLDAP') || 'disabled';
|
||||||
|
|
||||||
|
if (($modSSL{TCPPort} || "443") eq $port){
|
||||||
|
$OUT .= " SSLEngine on\n";
|
||||||
|
}
|
||||||
|
elsif (($ssl =~ m/^enabled|yes|on|1$/i) || ($lemon eq 'enabled')){
|
||||||
|
$OUT .=<<'EOF';
|
||||||
|
RewriteEngine on
|
||||||
|
RewriteRule ^/(.*|$) https://%{HTTP_HOST}/$1 [L,R]
|
||||||
|
|
||||||
|
EOF
|
||||||
|
}
|
||||||
|
elsif ($ssl =~ m#/#){
|
||||||
|
$OUT .= " RewriteEngine on\n";
|
||||||
|
foreach my $loc (split(/[;,]/, $ssl)){
|
||||||
|
$OUT .= " # Rewriting $loc to use SSL\n";
|
||||||
|
$loc =~ s#^/##;
|
||||||
|
$OUT .= " RewriteRule ^/$loc(/.*|\$) https://%\{HTTP_HOST\}/$loc\$1 \[L,R\]\n";
|
||||||
|
}
|
||||||
|
}
|
||||||
|
else{
|
||||||
|
$OUT .= '';
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
|
@ -0,0 +1,8 @@
|
||||||
|
{
|
||||||
|
$OUT =<<'HERE';
|
||||||
|
RewriteEngine on
|
||||||
|
RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
|
||||||
|
RewriteRule .* - [F]
|
||||||
|
HERE
|
||||||
|
}
|
||||||
|
|
|
@ -0,0 +1,13 @@
|
||||||
|
{
|
||||||
|
my $alias = $domain->prop('IconAlias') || 'enabled';
|
||||||
|
$OUT .= '';
|
||||||
|
|
||||||
|
unless ($alias =~ m/disabled|off|no|0/i){
|
||||||
|
$OUT .=<<'EOF';
|
||||||
|
|
||||||
|
# alias for Apache icons
|
||||||
|
Alias /icons/ /var/www/icons/
|
||||||
|
|
||||||
|
EOF
|
||||||
|
}
|
||||||
|
}
|
|
@ -0,0 +1,40 @@
|
||||||
|
{
|
||||||
|
|
||||||
|
my $target = $domain->prop('ProxyPassTarget') || '';
|
||||||
|
my $allow = $domain->prop('AllowHosts') || '';
|
||||||
|
my $preserve = $domain->prop('ProxyPreserveHost') || 'no';
|
||||||
|
my $keepalive = $domain->prop('ProxyNoKeepAlive') || 'no';
|
||||||
|
|
||||||
|
if ($target =~ m|https?://[\d\w\.\-/]*|){
|
||||||
|
$OUT .= " SetEnv proxy-nokeepalive 1\n" if ($keepalive eq 'yes');
|
||||||
|
$OUT .= " ProxyPass / $target\n";
|
||||||
|
$OUT .= " ProxyPassReverse / $target\n";
|
||||||
|
$OUT .= " ProxyPreserveHost on\n" if ($preserve eq 'yes');
|
||||||
|
}
|
||||||
|
else{
|
||||||
|
my $root = $domain->prop('DocumentRoot') ||
|
||||||
|
'/home/e-smith/files/ibays/Primary/html';
|
||||||
|
|
||||||
|
$OUT .= " DocumentRoot $root\n";
|
||||||
|
}
|
||||||
|
|
||||||
|
if ($allow ne ''){
|
||||||
|
if ($allow eq 'local'){
|
||||||
|
$allow = "$localAccess $externalSSLAccess";
|
||||||
|
}
|
||||||
|
else{
|
||||||
|
$allow =~ s/[,;]/ /;
|
||||||
|
}
|
||||||
|
$OUT .=<<"EOF"
|
||||||
|
|
||||||
|
<Location />
|
||||||
|
Order deny,allow
|
||||||
|
Deny from all
|
||||||
|
Allow from $allow
|
||||||
|
</Location>
|
||||||
|
|
||||||
|
EOF
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
||||||
|
|
|
@ -0,0 +1,2 @@
|
||||||
|
|
||||||
|
<VirtualHost {$ipAddress}:{$port}>
|
|
@ -0,0 +1,2 @@
|
||||||
|
</VirtualHost>
|
||||||
|
|
|
@ -0,0 +1,91 @@
|
||||||
|
# $Id: smeserver-webapps-common.spec,v 1.0 2009/09/30 16:20:28 slords Exp $
|
||||||
|
# Authority: VIP-ire
|
||||||
|
# Name: Daniel B.
|
||||||
|
|
||||||
|
Summary: Common WebApps Framework for SME Server
|
||||||
|
%define name smeserver-webapps-common
|
||||||
|
Name: %{name}
|
||||||
|
%define version 0.2.0
|
||||||
|
%define release 1.beta0
|
||||||
|
Version: %{version}
|
||||||
|
Release: %{release}%{?dist}
|
||||||
|
License: GPL
|
||||||
|
Group: SMEServer/addon
|
||||||
|
|
||||||
|
Source: %{name}-%{version}.tar.gz
|
||||||
|
|
||||||
|
URL: http://www.firewall-services.com/
|
||||||
|
BuildRoot: /var/tmp/%{name}-%{version}-%{release}-buildroot
|
||||||
|
BuildArchitectures: noarch
|
||||||
|
Requires: e-smith-base
|
||||||
|
Requires: httpd
|
||||||
|
Requires: mysql
|
||||||
|
Requires: php
|
||||||
|
Requires: openssl-perl
|
||||||
|
BuildRequires: e-smith-devtools
|
||||||
|
|
||||||
|
%description
|
||||||
|
This package provide common files and events for Web Applications integration
|
||||||
|
on SME Server
|
||||||
|
|
||||||
|
%changelog
|
||||||
|
* Tue Mar 13 2012 Daniel Berteaud <daniel@firewall-services.com> 0.2.0-1.sme
|
||||||
|
- Migrate to git
|
||||||
|
|
||||||
|
* Fri Jul 22 2011 Daniel Berteaud <daniel@firewall-services.com> 0.1-11.sme
|
||||||
|
- Add an prop to disable the default /icons alias
|
||||||
|
|
||||||
|
* Wed Jun 29 2011 Daniel Berteaud <daniel@firewall-services.com> 0.1-10.sme
|
||||||
|
- Allow values enabled, yes on or 1 for RequireSSL
|
||||||
|
- Implement access restriction with AllowHosts
|
||||||
|
|
||||||
|
* Tue Mar 8 2011 Daniel Berteaud <daniel@firewall-services.com> 0.1-9.sme
|
||||||
|
- Integration with PHPki
|
||||||
|
- Stop restarting mysqld service
|
||||||
|
|
||||||
|
* Mon Mar 7 2011 Daniel Berteaud <daniel@firewall-services.com> 0.1-8.sme
|
||||||
|
- Add SSLCACertificateFile directive
|
||||||
|
|
||||||
|
* Tue Jan 25 2011 Daniel Berteaud <daniel@firewall-services.com> 0.1-7.sme
|
||||||
|
- Fix httpd template syntax
|
||||||
|
|
||||||
|
* Tue Jan 25 2011 Daniel Berteaud <daniel@firewall-services.com> 0.1-6.sme
|
||||||
|
- Load some additional modules for apache if they are found
|
||||||
|
|
||||||
|
* Thu Dec 30 2010 Daniel Berteaud <daniel@firewall-services.com> 0.1-5.sme
|
||||||
|
- RequireSSL can take a list of location to rewrite
|
||||||
|
|
||||||
|
* Thu Dec 30 2010 Daniel Berteaud <daniel@firewall-services.com> 0.1-4.sme
|
||||||
|
- Only load authn_file if the module exists
|
||||||
|
|
||||||
|
* Sun Dec 25 2010 Daniel Berteaud <daniel@firewall-services.com> 0.1-3.sme
|
||||||
|
- Load mod_authn_file
|
||||||
|
|
||||||
|
* Thu Dec 16 2010 Daniel Berteaud <daniel@firewall-services.com> 0.1-2.sme
|
||||||
|
- Provide alternative WebAppVirtualHost templates
|
||||||
|
|
||||||
|
* Fri Dec 10 2010 Daniel Berteaud <daniel@firewall-services.com> 0.1-1.sme
|
||||||
|
- Add DocumentRoot prop for domains
|
||||||
|
|
||||||
|
* Wed Sep 30 2009 Daniel B. <daniel@firewall-services.com> 0.1-0
|
||||||
|
- Initial rpm
|
||||||
|
|
||||||
|
%prep
|
||||||
|
%setup
|
||||||
|
|
||||||
|
%build
|
||||||
|
perl createlinks
|
||||||
|
%{__mkdir_p} root/etc/pki/tls/crl
|
||||||
|
|
||||||
|
%install
|
||||||
|
/bin/rm -rf $RPM_BUILD_ROOT
|
||||||
|
(cd root ; /usr/bin/find . -depth -print | /bin/cpio -dump $RPM_BUILD_ROOT)
|
||||||
|
/bin/rm -f %{name}-%{version}-filelist
|
||||||
|
/sbin/e-smith/genfilelist $RPM_BUILD_ROOT > %{name}-%{version}-filelist
|
||||||
|
|
||||||
|
%files -f %{name}-%{version}-filelist
|
||||||
|
%defattr(-,root,root)
|
||||||
|
|
||||||
|
%clean
|
||||||
|
rm -rf $RPM_BUILD_ROOT
|
||||||
|
|
Loading…
Reference in New Issue