HSAdmin Backend Domains, E-Mail, Datenbanken
Peter Hormanns
2015-08-07 5eef3088cbdc6c095719aa1bea7a1369b51514b5
Support SSL-Cert per Domain (SNI)
2 files modified
29 ■■■■ changed files
hsarback/src/de/hsadmin/mods/dom/DomainProcessorFactory.java 22 ●●●● patch | view | raw | blame | history
hsarback/src/de/hsadmin/mods/dom/apache-vhost.vm 7 ●●●●● patch | view | raw | blame | history
hsarback/src/de/hsadmin/mods/dom/DomainProcessorFactory.java
@@ -256,25 +256,25 @@
        return domDirsProcessor;
    }
    private Processor createApacheVHostSetupProcessor(EntityManager em, Domain dom)  throws ProcessorException {
        Map<String, Object> templateVars = new HashMap<String, Object>();
    private Processor createApacheVHostSetupProcessor(final EntityManager em, final Domain dom)  throws ProcessorException {
        final Map<String, Object> templateVars = new HashMap<String, Object>();
        templateVars.put("dynamicWeb", new Boolean(dom.isDynamic()));
        String domName = dom.getName();
        final String domName = dom.getName();
        int level = domName.split("\\.").length;
        String linkPrefix = Integer.toString(100 - level);
        String pac = dom.getUser().getPac().getName();
        Query query = em.createQuery("SELECT d FROM Domains d WHERE d.domainoptions.name = :option AND d.name = :domname");
        final String linkPrefix = Integer.toString(100 - level);
        final Query query = em.createQuery("SELECT d FROM Domains d WHERE d.domainoptions.name = :option AND d.name = :domname");
        query.setParameter("domname", dom.getName());
        ifOption(templateVars, query, "indexes", "+Indexes", "-Indexes");
        ifOption(templateVars, query, "includes", "+IncludesNoExec", "-Includes");
        ifOption(templateVars, query, "multiviews", "+MultiViews", "-MultiViews");
        ifOption(templateVars, query, "htdocsfallback", Boolean.TRUE, Boolean.FALSE);
        Processor domSetupProcessor = new CompoundProcessor(
        final Processor domSetupProcessor = new CompoundProcessor(
            new ShellProcessor("export PEMS_DIR=/etc/apache2/pems-enabled/" + dom.getUser().getName() + " && "
                    + "mkdir -p $PEMS_DIR/ && "
                    + "cd $PEMS_DIR && "
                    + "echo \"\" > " + domName + ".chain && "
                    + "openssl req -x509 -newkey rsa:2048 -keyout " + domName + ".key -out " + domName + ".crt -days 1100 -nodes -subj '/CN=" + domName + "'"),
            new CreateFileProcessor("/de/hsadmin/mods/dom/apache-vhost.vm", templateVars, dom, "/etc/apache2/sites-available/" + domName + ".tmp", "root", "root", "644", true),
            new ShellProcessor("ls /etc/apache2/pems/" + pac + ".pem >/dev/null 2>&1" +
                    " && sed -i '/SSLCertificate.*default/d' " + "/etc/apache2/sites-available/" + domName + ".tmp" +
                    " && (ls /etc/apache2/pems/" + pac + ".chain.pem >/dev/null 2>&1 || sed -i '/SSLCertificateChain.*" + pac + "/d' " + "/etc/apache2/sites-available/" + domName + ".tmp )" +
                    " || sed -i '/SSLCertificate.*" + pac + "/d' " + "/etc/apache2/sites-available/" + domName + ".tmp"),
            new ShellProcessor(
                    " (diff -q /etc/apache2/sites-available/" + domName + ".tmp /etc/apache2/sites-available/" + domName + " && rm /etc/apache2/sites-available/" + domName + ".tmp ) " +
                    " || (mv /etc/apache2/sites-available/" + domName + ".tmp /etc/apache2/sites-available/" + domName + 
hsarback/src/de/hsadmin/mods/dom/apache-vhost.vm
@@ -90,10 +90,9 @@
#end    
    SSLEngine On
    SSLCertificateFile /etc/apache2/pems/default.pem
    SSLCertificateChainFile /etc/apache2/pems/default.chain.pem
    SSLCertificateFile /etc/apache2/pems/${pac.name}.pem
    SSLCertificateChainFile /etc/apache2/pems/${pac.name}.chain.pem
    SSLCertificateFile /etc/apache2/pems-enabled/${dom.user.name}/${dom.name}.crt
    SSLCertificateKeyFile /etc/apache2/pems-enabled/${dom.user.name}/${dom.name}.key
    SSLCertificateChainFile /etc/apache2/pems-enabled/${dom.user.name}/${dom.name}.chain
       
    DocumentRoot /home/doms/${dom.name}/htdocs-ssl