File update_httpd

Last commit: Sun Apr 21 10:09:18 2019 +0200	root	Keine SSL-Konfiguration, wenn kein Zertifikat verfügbar ist.


     1 #!/bin/bash
     2 
     3 # Erzeugt die Virtual-Host-Konfigurationen fuer den Apache-Webserver.
     4 #
     5 
     6 
     7 # Konfiguration:
     8 
     9 CONFIG=/etc/default/ispconfig
    10 
    11 if [ ! -f $CONFIG  ]; then
    12     echo "File $CONFIG not found"
    13     exit 4;
    14 fi
    15 
    16 source $CONFIG
    17 
    18 
    19 if [ ! -d $HTTPD_VHOST_DIR  ]; then
    20     echo "Directory $HTTPD_VHOST_DIR not found"
    21     exit 4;
    22 fi
    23 
    24 # Ggf. Mercurial-Repository anlegen.
    25 if [ ! -d $HTTPD_VHOST_DIR/.hg ]; then
    26     hg -R $HTTPD_VHOST_DIR init
    27 fi
    28 
    29 
    30 function sql {
    31     sql=$1
    32     mysql -u $MYSQL_USER -p$MYSQL_PASSWORD -se "$sql" $MYSQL_DATABASE
    33 }
    34 
    35 
    36 sql "SELECT domain,active,UNIX_TIMESTAMP(modified),x_ssl,x_db,x_php FROM domain"|while read domain active modified ssl db php; do
    37 
    38     CONFFILE=$HTTPD_VHOST_DIR/$domain
    39 
    40     if [ ! -f $CONFFILE ]; then
    41 	last_file_modified=0 # Datei existiert noch nicht.
    42     else
    43 	last_file_modified=`stat --format %Y $CONFFILE`
    44     fi
    45 
    46     if	[ "$modified" -gt "$last_file_modified" ]; then
    47 
    48         echo "Aktualisiere $domain"
    49 	cat > $CONFFILE <<EOF
    50 	
    51 # AUTO-GENERATED - DO NOT CHANGE!
    52 # Domain: $domain (active: $active, SSL: $ssl, Database: $db, PHP: $php)
    53 EOF
    54     if [ $active -eq 0 ]; then
    55 	cat >> $CONFFILE <<EOF
    56 # domain is inactive.
    57 <VirtualHost *:80>
    58     ServerName $domain
    59 
    60     RewriteEngine on
    61     RewriteRule (.*) - [L,R=410]
    62 </VirtualHost>
    63 <VirtualHost *:443>
    64     ServerName $domain
    65 
    66     RewriteEngine on
    67     RewriteRule (.*) - [L,R=410]
    68 </VirtualHost>
    69 EOF
    70 
    71     
    72     else
    73 	# Domain ist aktiv.
    74 	# Den Benutzer zur Domain zu finden. Es ist der (hoffentlich einzige) <Benutzername>@webmaster..., der für die Domain berechtigt ist.
    75 	user=`sql "SELECT substring_index(username,'@',1) as user FROM domain_admins where domain='$domain' and username like '%@webmaster%'"`
    76 	echo "User: $user  ==>  Domain: $domain"
    77     
    78     
    79 	# Gibt es einen Domain-Admin?
    80 	if [ ! "$user" ]; then
    81     
    82 	# Kein Domain-Admin vorhanden, die Domain hat keine regulaeren Inhalte.
    83     	if [ -f $HTTPD_EXTRA_CONFIG_DIR/$domain.conf ]; then
    84 		cat >> $CONFFILE <<EOF
    85 	
    86 <VirtualHost *:80>
    87     # No domain owner available
    88     ServerName $domain
    89     Include $HTTPD_EXTRA_CONFIG_DIR/$domain.conf
    90 </VirtualHost>
    91 EOF
    92 	else
    93 
    94 		cat >> $CONFFILE <<EOF
    95 	
    96 <VirtualHost *:80>
    97     # Domain owner: $user
    98     ServerName $domain
    99 
   100     RewriteEngine on
   101     RewriteRule (.*) - [L,R=410]
   102 </VirtualHost>
   103 EOF
   104 	fi
   105 	else
   106 	    cat >> $CONFFILE <<EOF
   107 # Domain administrator user account: $user
   108 EOF
   109 	    # Es gibt einen Domainverwalter.
   110 	    # Docroot:
   111 	    docroot=/home/$user/var/www/$domain
   112 	
   113 	    if [ ! -d $docroot ]; then
   114 		# Document-Root existiert noch nicht, also anlegen.
   115 		mkdir -v $docroot
   116 		chown -v $user $docroot
   117 	    fi
   118 	
   119 	
   120 
   121     	    log_dir=/home/$user/var/log/apache2/$domain
   122 	
   123 	    if [ ! -d $log_dir ]; then
   124 		mkdir -v $log_dir
   125 	    fi
   126 	
   127 	    #echo "Logdir: $log_dir"
   128 	
   129 	
   130 	
   131 	    # Zertifikatsdatei bestimmen
   132 	    key=/etc/ssl/local/server.key
   133 	    crt=/etc/ssl/local/cert/$domain.crt
   134 	
   135 	    if [ $ssl -eq 0 ] || [ ! -f $crt ]; then
   136 	      # no SSL or no SSL cert available
   137 		cat >> $CONFFILE <<EOF
   138 	
   139 #<VirtualHost *:443>
   140 #    # Deny SSL
   141 #    ServerName $domain
   142 #    SSLEngine off
   143 #    RewriteEngine on
   144 #    RewriteRule (.*) http://$domain\$1 [R,L]
   145 #</VirtualHost>
   146 
   147 <VirtualHost *:80>
   148 EOF
   149 	    else
   150 		
   151 		cat >> $CONFFILE <<EOF
   152 	
   153 <VirtualHost *:80>
   154     ServerName $domain
   155     # Force SSL
   156     RewriteEngine on
   157     RewriteCond %{REQUEST_URI} !^/\.well-known/acme-challenge/
   158     RewriteRule ^(.*)$ https://$domain\$1 [R=301,L]
   159 </VirtualHost>
   160 
   161 <VirtualHost *:443>
   162 
   163     SSLEngine on
   164     SSLCertificateFile    $crt
   165     SSLCertificateKeyFile $key
   166     
   167     SSLProtocol All -SSLv2 -SSLv3
   168     #SSLCipherSuite HIGH:MEDIUM
   169     
   170     SSLHonorCipherOrder On
   171     SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS
   172 EOF
   173 		fi
   174 		
   175 
   176 		cat >> $CONFFILE <<EOF
   177     ServerName $domain
   178     ServerAdmin webmaster@$domain
   179 
   180     DocumentRoot $docroot
   181 
   182 
   183     ErrorLog $log_dir/error.log
   184     CustomLog $log_dir/access.log combined
   185 EOF
   186 		if [ -f $HTTPD_EXTRA_CONFIG_DIR/$domain.conf ]; then
   187 		    cat >> $CONFFILE <<EOF
   188     Include $HTTPD_EXTRA_CONFIG_DIR/$domain.conf
   189 EOF
   190 		fi
   191 
   192 		# PHP aktiviert?
   193 		if [ $php -eq 1 ]; then
   194     		cat >> $CONFFILE <<EOF
   195     php_admin_flag engine on
   196     php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -r webmaster@$domain"
   197     php_admin_value open_basedir /home/$user/var/www/$domain:/home/$user/tmp
   198     php_admin_value upload_tmp_dir /home/$user/tmp
   199 EOF
   200 		else
   201     		    cat >> $CONFFILE <<EOF
   202     php_admin_flag engine off
   203 EOF
   204 		fi
   205 	
   206 		#if [ $php -eq 1 && $db -eq 1 ]; then
   207 		if [ $db -eq 1 ]; then
   208 		    if [ -f $HTTPD_MYSQL_PASSWD_DIR/$domain.passwd ]; then
   209 			source $HTTPD_MYSQL_PASSWD_DIR/$domain.passwd
   210 			echo "pass ist $mysql_password"
   211 			cat >> $CONFFILE <<EOF
   212     php_value mysql.default_host localhost
   213     php_value mysql.default_user $mysql_user
   214     php_value mysql.default_password $mysql_password
   215 
   216     php_value mysqli.default_host localhost
   217     php_value mysqli.default_user $mysql_user
   218     php_value mysqli.default_pw $mysql_password
   219 EOF
   220 
   221 		    fi
   222     		fi
   223 		cat >> $CONFFILE <<EOF
   224 </VirtualHost>
   225 EOF
   226 	    fi
   227 	    
   228         fi
   229 
   230     fi
   231     
   232 
   233 
   234 done
   235 
   236 
   237 # Apache-Webserver muss Konfiguration neu laden
   238 if [ `hg -R $HTTPD_VHOST_DIR status -m -a -u|wc -l` -gt 0 ]; then
   239 
   240     echo "Änderungen durchgeführt:"
   241     hg -R $HTTPD_VHOST_DIR diff
   242     hg -R $HTTPD_VHOST_DIR commit -A -u `whoami` -m "Updating HTTPD configuration"
   243 
   244 
   245     if [ ! `apache2ctl -t|grep "Syntax OK"|wc -l` -eq "0" ]; then
   246 	echo "Apache-Konfiguraton ist fehlerhaft! Kein Restart!"
   247 	apache2ctl -t
   248     else
   249 	echo "Apache-Konfiguration ist OK."
   250 	echo "Reloading Apache Webserver."
   251 	apache2ctl restart 
   252     fi
   253 fi
   254 



Download update_httpd


History
Sun, 21 Apr 2019 10:09:18 +0200	root	Keine SSL-Konfiguration, wenn kein Zertifikat verfügbar ist.
Sat, 13 Apr 2019 21:36:40 +0200	root	Datenbank enthält pro Domain Kennzeichen für SSL und PHP.
Wed, 16 Mar 2016 21:02:32 +0100	Jan	Pfad zum Fallback-Zertifikat korrigiert.
Wed, 24 Feb 2016 22:02:54 +0100	dankert	Document-Root anlegen, sofern notwendig.
Wed, 24 Feb 2016 21:30:16 +0100	dankert	Update in das SCM
Mon, 22 Feb 2016 22:32:54 +0100	dankert	Initiale Version seit der Umstellung auf Datenbank-gebriebene Konfiguration