From 0cee4abcfe1ccb85dfe966bfc6ef9c05d56ee06c Mon Sep 17 00:00:00 2001
From: Michael Hierweck <michael@hierweck.de>
Date: Thu, 29 Jun 2017 09:51:24 +0200
Subject: [PATCH] New virtual host configuration for pacs. Fallback/Default
 should be HTTP 404.

---
 .../hsadmin/mods/pac/PacProcessorFactory.java | 20 +++----------
 .../src/de/hsadmin/mods/pac/httpd-virtual.vm  | 29 ++++++++++++++++---
 2 files changed, 29 insertions(+), 20 deletions(-)

diff --git a/hsarback/src/de/hsadmin/mods/pac/PacProcessorFactory.java b/hsarback/src/de/hsadmin/mods/pac/PacProcessorFactory.java
index 6709fe1..8625e1f 100644
--- a/hsarback/src/de/hsadmin/mods/pac/PacProcessorFactory.java
+++ b/hsarback/src/de/hsadmin/mods/pac/PacProcessorFactory.java
@@ -90,22 +90,10 @@ public class PacProcessorFactory implements EntityProcessorFactory {
 	private Processor createHttpdVirtualProc(Hive hive) throws ProcessorException {
 		Processor domSetupProcessor = new CompoundProcessor(
 				new CreateFileProcessor("/de/hsadmin/mods/pac/httpd-virtual.vm", hive,
-						"/etc/apache2/virtual.conf.tmp", "root", "root", "644", true),
-				new ShellProcessor("for PEM in $( cat /etc/apache2/virtual.conf.tmp | grep SSLCertificateFile | cut -c24- ); do " +
-						"ls $PEM >/dev/null 2>&1 || ( " +
-						" sed -i \"/SSLCertificateFile.*${PEM:18}/c \\\n" +
-						"\\ \\ \\ \\ SSLCertificateFile \\/etc\\/apache2\\/pems\\/default.pem\" /etc/apache2/virtual.conf.tmp && " +
-						" sed -i \"/SSLCertificateChainFile.*${PEM:18:5}.chain.pem/c \\\n" +
-						"\\ \\ \\ \\ SSLCertificateChainFile \\/etc\\/apache2\\/pems\\/default.chain.pem\" /etc/apache2/virtual.conf.tmp " +
-						"); " +
-						"done"),
-				new ShellProcessor("for PEM in $( cat /etc/apache2/virtual.conf.tmp | grep SSLCertificateChainFile | cut -c29- ); do " +
-						"ls $PEM >/dev/null 2>&1 || " +
-						" sed -i \"/SSLCertificateChainFile.*${PEM:18:5}.chain.pem/d \" /etc/apache2/virtual.conf.tmp ; " +
-						"done"),
-				new ShellProcessor("(diff -q /etc/apache2/virtual.conf.tmp /etc/apache2/virtual.conf"
-								+ " && rm /etc/apache2/virtual.conf.tmp )"
-								+ " || ( mv /etc/apache2/virtual.conf.tmp /etc/apache2/virtual.conf "
+						"/etc/apache2/conf.d/virtual.conf.tmp", "root", "root", "644", true),
+				new ShellProcessor("(diff -q /etc/apache2/conf.d/virtual.conf.tmp /etc/apache2/conf.d/virtual.conf"
+								+ " && rm /etc/apache2/conf.d/virtual.conf.tmp )"
+								+ " || ( mv /etc/apache2/conf.d/virtual.conf.tmp /etc/apache2/conf.d/virtual.conf "
 								+ " && invoke-rc.d apache2 reload >/dev/null 2>&1 ) "));
 		return domSetupProcessor;
 	}
diff --git a/hsarback/src/de/hsadmin/mods/pac/httpd-virtual.vm b/hsarback/src/de/hsadmin/mods/pac/httpd-virtual.vm
index c59691d..49a8d3d 100644
--- a/hsarback/src/de/hsadmin/mods/pac/httpd-virtual.vm
+++ b/hsarback/src/de/hsadmin/mods/pac/httpd-virtual.vm
@@ -4,8 +4,29 @@
 #
 
 #foreach( $pac in ${hive.pacs} )
+<VirtualHost ${pac.curINetAddr.inetAddr}:80>
+    ServerName _
+    ServerAdmin webmaster@${pac.getName}
 
-# ${pac.name}
-NameVirtualHost ${pac.curINetAddr.inetAddr}:80
-NameVirtualHost ${pac.curINetAddr.inetAddr}:443
-#end
+    <Directory />
+        Redirect 404 /
+    </Directory>
+
+</VirtualHost>
+
+<VirtualHost ${pac.curINetAddr.inetAddr}:443>
+    ServerName _
+    ServerAdmin webmaster@${pac.getName}
+
+    SSLEngine On
+    SSLCertificateFile /etc/apache2/pems/default.pem
+    SSLCertificateChainFile /etc/apache2/pems/default.chain.pem
+
+    <Directory />
+        SSLRequireSSL On
+        Redirect 404 /
+    </Directory>
+
+</VirtualHost>
+
+#end
\ No newline at end of file