HSAdmin Backend Domains, E-Mail, Datenbanken
Peter Hormanns
2015-11-25 2c91cdc6369c53c24148e246f6c347a04c6e8497
SNI change pems structure
1 files added
2 files modified
35 ■■■■ changed files
hsarback/src/de/hsadmin/mods/dom/DomainProcessorFactory.java 17 ●●●● patch | view | raw | blame | history
hsarback/src/de/hsadmin/mods/dom/apache-vhost.vm 6 ●●●● patch | view | raw | blame | history
hsarback/src/de/hsadmin/mods/dom/openssl-sna.cnf 12 ●●●●● patch | view | raw | blame | history
hsarback/src/de/hsadmin/mods/dom/DomainProcessorFactory.java
@@ -269,11 +269,20 @@
        ifOption(templateVars, query, "multiviews", "+MultiViews", "-MultiViews");
        ifOption(templateVars, query, "htdocsfallback", Boolean.TRUE, Boolean.FALSE);
        final Processor domSetupProcessor = new CompoundProcessor(
            new ShellProcessor("export PEMS_DIR=/etc/apache2/pems-enabled/" + dom.getUser().getName() + " && "
                    + "mkdir -p $PEMS_DIR/ && "
            new CreateFileProcessor("/de/hsadmin/mods/dom/openssl-sna.cnf", templateVars, dom, "/tmp/openssl-sna.cnf", "root", "root", "644", true),
            new ShellProcessor("export PEMS_DIR=/etc/apache2/pems-generated && "
                    + "mkdir -p $PEMS_DIR && "
                    + "cd $PEMS_DIR && "
                    + "( ls " + domName + ".crt || ( echo \"\" > " + domName + ".chain && "
                    + "openssl req -x509 -newkey rsa:2048 -keyout " + domName + ".key -out " + domName + ".crt -days 1100 -nodes -sha256 -subj '/CN=" + domName + "' ) ) &&"
                    + "( ls " + domName + ".crt || ( echo \"\" > _." + domName + ".chain && "
                    + "openssl req -x509 -newkey rsa:2048 -keyout _." + domName + ".key -out _." + domName + ".crt -days 1100 -nodes -sha256 -config /tmp/openssl-sna.cnf ) ) &&"
                    + "chmod 400 _." + domName + "*"),
            new ShellProcessor("export PEMS_DIR=/etc/apache2/pems-enabled && "
                    + "mkdir -p $PEMS_DIR && "
                    + "cd $PEMS_DIR && "
                    + "( ls " + domName + ".crt ||"
                    + " ( ln -s ../pems-generated/_." + domName + ".key " + domName + ".key"
                            + " && ln -s ../pems-generated/_." + domName + ".crt " + domName + ".crt"
                            + " && ln -s ../pems-generated/_." + domName + ".chain " + domName + ".chain ) ) && "
                    + "chmod 400 " + domName + "*"),
            new CreateFileProcessor("/de/hsadmin/mods/dom/apache-vhost.vm", templateVars, dom, "/etc/apache2/sites-available/" + domName + ".tmp", "root", "root", "644", true),
            new ShellProcessor(
hsarback/src/de/hsadmin/mods/dom/apache-vhost.vm
@@ -90,9 +90,9 @@
#end    
    SSLEngine On
    SSLCertificateFile /etc/apache2/pems-enabled/${dom.user.name}/${dom.name}.crt
    SSLCertificateKeyFile /etc/apache2/pems-enabled/${dom.user.name}/${dom.name}.key
    SSLCertificateChainFile /etc/apache2/pems-enabled/${dom.user.name}/${dom.name}.chain
    SSLCertificateFile /etc/apache2/pems-enabled/${dom.name}.crt
    SSLCertificateKeyFile /etc/apache2/pems-enabled/${dom.name}.key
    SSLCertificateChainFile /etc/apache2/pems-enabled/${dom.name}.chain
       
    DocumentRoot /home/doms/${dom.name}/htdocs-ssl
hsarback/src/de/hsadmin/mods/dom/openssl-sna.cnf
New file
@@ -0,0 +1,12 @@
[req]
prompt = no
distinguished_name = req_dn
x509_extensions = v3_ca
[req_dn]
commonName = *.${dom.name}
[v3_ca]
basicConstraints = CA:FALSE
extendedKeyUsage=serverAuth
subjectAltName=DNS:*.${dom.name},DNS:${dom.name}